From a2442fe824163de201fea7009e5b03f6cc20a7dc Mon Sep 17 00:00:00 2001
From: Daniele Lacamera <dan@danielinux.net>
Date: Mon, 20 May 2019 13:25:15 +0200
Subject: [PATCH] Updated submodule to latest wolfBoot master.

- Using new key tools
- update to wolfSSL 4.0.0
- update contiki repository submodule with wolfSSL 4.0.0
---
 contiki-nrf52/Makefile                        | 11 +++---
 contiki-nrf52/contiki                         |  2 +-
 .../contiki-nrf52-softdevice-wolfBoot.patch   | 14 ++++++-
 contiki-nrf52/dtls-ota/Makefile               |  1 +
 contiki-nrf52/dtls-ota/user_settings.h        |  1 +
 freeRTOS-Freescale-K64F-https-TLS1.3/Makefile | 38 ++++++++++++-------
 riotOS-samr21/wolfboot.mk                     |  6 +--
 wolfBoot                                      |  2 +-
 8 files changed, 50 insertions(+), 25 deletions(-)

diff --git a/contiki-nrf52/Makefile b/contiki-nrf52/Makefile
index 714184a..370a53b 100644
--- a/contiki-nrf52/Makefile
+++ b/contiki-nrf52/Makefile
@@ -3,10 +3,11 @@ CROSS_COMPILE:=arm-none-eabi-
 OBJCOPY:=$(CROSS_COMPILE)objcopy
 JLINK_OPTS = -Device NRF52 -if swd -speed 1000
 DTLS_OTA=$(PWD)/dtls-ota
-BOOT_IMG:=$(DTLS_OTA)/dtls-ota.bin
+BOOT_IMG:=$(DTLS_OTA)/dtls-ota
 BOOT_ELF:=$(DTLS_OTA)/dtls-ota.nrf52dk
 WOLFBOOT:=$(PWD)/../wolfBoot
 WOLFBOOT_BIN:=$(WOLFBOOT)/wolfboot.bin
+DEBUG?=0
 
 all: $(DTLS_OTA)/dtls-ota-signed.bin
 
@@ -21,7 +22,7 @@ $(BOOT_ELF): nrf5_iot_sdk_3288530.zip $(WOLFBOOT_BIN) .contiki_patched
 $(WOLFBOOT_BIN):
 	cp target.h $(WOLFBOOT)/include
 	cp nrf52.ld $(WOLFBOOT)/hal
-	make -C $(WOLFBOOT) BOOT0_OFFSET=0x10000 VTOR=0 TARGET=nrf52 DEBUG=0 wolfboot.bin 
+	make -C $(WOLFBOOT) BOOT0_OFFSET=0x10000 VTOR=0 TARGET=nrf52 DEBUG=$(DEBUG) wolfboot.bin 
 
 nrf5_iot_sdk_3288530.zip:
 	wget https://developer.nordicsemi.com/nRF5_IoT_SDK/nRF5_IoT_SDK_v0.9.x/nrf5_iot_sdk_3288530.zip
@@ -34,10 +35,10 @@ clean:
 	rm -f $(DTLS_OTA)/*.bin 
 	rm -f tags
 	
-$(BOOT_IMG).v1.signed: $(BOOT_ELF)
-	$(WOLFBOOT)/tools/ed25519/ed25519_sign $(BOOT_IMG) $(WOLFBOOT)/ed25519.der 1
+$(BOOT_IMG)_v1_signed.bin: $(BOOT_ELF)
+	python3 $(WOLFBOOT)/tools/keytools/sign.py $(BOOT_IMG).bin $(WOLFBOOT)/ed25519.der 1
 
-$(DTLS_OTA)/dtls-ota-signed.bin: $(BOOT_IMG).v1.signed
+$(DTLS_OTA)/dtls-ota-signed.bin: $(BOOT_IMG)_v1_signed.bin
 	mv $^ $@
 
 $(DTLS_OTA)/dtls-ota-force-update.bin: $(DTLS_OTA)/dtls-ota-signed.bin
diff --git a/contiki-nrf52/contiki b/contiki-nrf52/contiki
index 2b9689e..633b340 160000
--- a/contiki-nrf52/contiki
+++ b/contiki-nrf52/contiki
@@ -1 +1 @@
-Subproject commit 2b9689edae1322dc2cb34572a5804b51f7b8a1dd
+Subproject commit 633b3406f986d6b2b4039c55b7e53b8b58794779
diff --git a/contiki-nrf52/contiki-nrf52-softdevice-wolfBoot.patch b/contiki-nrf52/contiki-nrf52-softdevice-wolfBoot.patch
index f67e5d9..9161abf 100644
--- a/contiki-nrf52/contiki-nrf52-softdevice-wolfBoot.patch
+++ b/contiki-nrf52/contiki-nrf52-softdevice-wolfBoot.patch
@@ -1,5 +1,16 @@
+diff --git contiki/cpu/nrf52832/Makefile.nrf52832 contiki-nrf52-patched/cpu/nrf52832/Makefile.nrf52832
+--- contiki/cpu/nrf52832/Makefile.nrf52832
++++ contiki/cpu/nrf52832/Makefile.nrf52832
+@@ -163,7 +163,7 @@ CFLAGS += -DCONFIG_GPIO_AS_PINRESET
+ CFLAGS += -DBLE_STACK_SUPPORT_REQD
+ CFLAGS += -mcpu=cortex-m4
+ CFLAGS += -mthumb -mabi=aapcs --std=gnu99
+-CFLAGS += -Wall -Werror
++CFLAGS += -Wall
+ CFLAGS += -ggdb
+ CFLAGS += -mfloat-abi=hard -mfpu=fpv4-sp-d16
+ # keep every function in separate section. This will allow linker to dump unused functions
 diff --git contiki/cpu/nrf52832/ld/nrf52-pca10040-sd.ld contiki-nrf52-patched/cpu/nrf52832/ld/nrf52-pca10040-sd.ld
-index f30aad455..0df4bc7b5 100644
 --- contiki/cpu/nrf52832/ld/nrf52-pca10040-sd.ld
 +++ contiki-nrf52-patched/cpu/nrf52832/ld/nrf52-pca10040-sd.ld
 @@ -5,8 +5,8 @@ GROUP(-lgcc -lc -lnosys)
@@ -15,7 +26,6 @@ index f30aad455..0df4bc7b5 100644
 \ No newline at end of file
 +INCLUDE "nrf5x_common.ld"
 diff --git contiki/platform/nrf52dk/contiki-main.c contiki-nrf52-patched/platform/nrf52dk/contiki-main.c
-index d97e6c609..a10bbe3d7 100644
 --- contiki/platform/nrf52dk/contiki-main.c
 +++ contiki-nrf52dk-patched/platform/nrf52dk/contiki-main.c
 @@ -110,6 +110,7 @@ static void
diff --git a/contiki-nrf52/dtls-ota/Makefile b/contiki-nrf52/dtls-ota/Makefile
index c6e0d9c..802ab5b 100644
--- a/contiki-nrf52/dtls-ota/Makefile
+++ b/contiki-nrf52/dtls-ota/Makefile
@@ -4,6 +4,7 @@ CONTIKI_WITH_IPV6 = 1
 CONTIKI_WITH_RPL = 0
 CONTIKI_WITH_TCP = 0
 CONTIKI_WITH_WOLFSSL = 1
+WERROR=0
 DEBUG=0
 UIP_TCP=0
 SMALL=1
diff --git a/contiki-nrf52/dtls-ota/user_settings.h b/contiki-nrf52/dtls-ota/user_settings.h
index 178dd8a..d909944 100644
--- a/contiki-nrf52/dtls-ota/user_settings.h
+++ b/contiki-nrf52/dtls-ota/user_settings.h
@@ -68,3 +68,4 @@
 #include "contiki-net.h"
 #include "sys/cc.h"
 #include "wolfssl.h"
+#include "wolfssl/wolfcrypt/types.h"
diff --git a/freeRTOS-Freescale-K64F-https-TLS1.3/Makefile b/freeRTOS-Freescale-K64F-https-TLS1.3/Makefile
index f4ba3c6..a3288bc 100644
--- a/freeRTOS-Freescale-K64F-https-TLS1.3/Makefile
+++ b/freeRTOS-Freescale-K64F-https-TLS1.3/Makefile
@@ -14,16 +14,15 @@ WOLFSSL_ROOT:=../wolfBoot/lib/wolfssl
 WOLFSSL_BUILD:=./build/lib
 DEBUG?=0
 
-
 CFLAGS=-mcpu=cortex-m4 -mfloat-abi=hard -mfpu=fpv4-sp-d16 \
 	   -DFREERTOS \
-	   -DNVM_FLASH_WRITEONCE 
+	   -DNVM_FLASH_WRITEONCE
 CFLAGS+=-mthumb -Wall -Wextra -Wno-main -Wstack-usage=1024 -ffreestanding -Wno-unused \
 		-Isrc \
 	-Ilib/bootutil/include -Iinclude/ -Ilib/wolfssl -I$(FREERTOS_PORT) -nostartfiles \
 	-IfreeRTOS -IfreeRTOS/include -I build/include -I$(WOLFBOOT)/include -I$(WOLFBOOT) \
 	-DWOLFSSL_USER_SETTINGS -I$(WOLFSSL_ROOT)  -DPICO_PORT_CUSTOM \
-	-mthumb -mlittle-endian -mthumb-interwork -ffreestanding -fno-exceptions 
+	-mthumb -mlittle-endian -mthumb-interwork -ffreestanding -fno-exceptions
 
 ifneq ($(DEBUG),0)
   CFLAGS+=-O0 -ggdb3
@@ -103,7 +102,7 @@ WOLFSSL_OBJS += 	\
     $(WOLFSSL_BUILD)/tls13.o
 	
 OBJS_SPMATH:= $(WOLFSSL_BUILD)/wolfcrypt/sp_c32.o  \
- 		 		$(WOLFSSL_BUILD)/wolfcrypt/sp_int.o  
+ 		 		$(WOLFSSL_BUILD)/wolfcrypt/sp_int.o
 
 OBJS+=$(WOLFSSL_OBJS) $(OBJS_SPMATH)
 LIBS+=build/lib/libpicotcp.a
@@ -112,16 +111,29 @@ vpath %.c $(dir $(WOLFSSL_ROOT)/src)
 vpath %.c $(dir $(WOLFSSL_ROOT)/wolfcrypt/src)
 
 wolfboot:LSCRIPT:=k64f_wolfboot.ld
-wolfboot: image.bin
-	make -C ../wolfBoot TARGET=kinetis clean
-	cp -f src/target.h ../wolfBoot/include/
-	make -C ../wolfBoot TARGET=kinetis DEBUG=$(DEBUG) NVM_FLASH_WRITEONCE=1 wolfboot-align.bin
-	cp ../wolfBoot/wolfboot-align.bin .
-	../wolfBoot/tools/ed25519/ed25519_sign image.bin ../wolfBoot/ed25519.der 1
-	cat wolfboot-align.bin image.bin.v1.signed >factory.bin
+wolfboot: image.bin wolfboot-align.bin
+	python3 ../wolfBoot/tools/keytools/sign.py image.bin ../wolfBoot/ed25519.der 1
+	cat wolfboot-align.bin image_v1_signed.bin >factory.bin
 	sleep 1
 	touch image.bin
-	../wolfBoot/tools/ed25519/ed25519_sign image.bin ../wolfBoot/ed25519.der 2
+	python3 ../wolfBoot/tools/keytools/sign.py image.bin ../wolfBoot/ed25519.der 2
+
+wolfboot-align.bin:CFLAGS=-mthumb -Wall -Wextra -Wno-main -Wstack-usage=1024 -ffreestanding -Wno-unused \
+		-Isrc \
+	-Ilib/bootutil/include -Iinclude/ -Ilib/wolfssl -I$(FREERTOS_PORT) -nostartfiles \
+	-IfreeRTOS -IfreeRTOS/include -I build/include -I$(WOLFBOOT)/include -I$(WOLFBOOT) \
+	-DWOLFSSL_USER_SETTINGS -I$(WOLFSSL_ROOT)  -DPICO_PORT_CUSTOM \
+	-mthumb -mlittle-endian -mthumb-interwork -ffreestanding -fno-exceptions
+wolfboot-align.bin:CFLAGS+=-I$(KINETIS_DRIVERS)/drivers -I$(KINETIS_DRIVERS) -DCPU_MK64FN1M0VLL12 -I$(KINETIS_CMSIS)/Include -I$(PHY) -DDEBUG_CONSOLE_ASSERT_DISABLE=1 -mcpu=cortex-m3 -DNVM_FLASH_WRITEONCE=1
+wolfboot-align.bin:LDFLAGS=$(CFLAGS) -Wl,-gc-sections -ffreestanding -nostartfiles -lc -lnosys -specs=nano.specs -Wl,-Map=image.map
+wolfboot-align.bin:
+	make -C ../wolfBoot TARGET=kinetis NVM_FLASH_WRITEONCE=1 clean
+	cp -f src/target.h ../wolfBoot/include/
+	rm -f ../wolfBoot/hal/kinetis.o
+	rm -f ../wolfBoot/src/*.o
+	rm -f $(KINETIS_DRIVERS)/drivers/*.o
+	make -C ../wolfBoot TARGET=kinetis DEBUG=$(DEBUG) NVM_FLASH_WRITEONCE=1 wolfboot-align.bin
+	cp ../wolfBoot/wolfboot-align.bin .
 
 
 
@@ -166,7 +178,7 @@ image.elf: wolfboot_target $(WOLFSSL_BUILD)/wolfcrypt $(LIBS) $(OBJS) $(LSCRIPT)
 	$(LD) $(LDFLAGS) -Wl,--start-group $(OBJS) $(LIBS) -Wl,--end-group -o $@ -T $(LSCRIPT)
 
 clean:
-	rm -f *.bin *.elf $(OBJS) wolfboot.map *.bin  *.hex src/*.o freeRTOS/*.o $(FREERTOS_PORT)/*.o *.signed *.map tags
+	rm -f *.bin *.elf $(OBJS) wolfboot.map *.bin  *.hex src/*.o freeRTOS/*.o $(FREERTOS_PORT)/*.o *.map tags
 	make -C picotcp clean
 
 FORCE:
diff --git a/riotOS-samr21/wolfboot.mk b/riotOS-samr21/wolfboot.mk
index 677a83d..6bba0e2 100644
--- a/riotOS-samr21/wolfboot.mk
+++ b/riotOS-samr21/wolfboot.mk
@@ -3,11 +3,11 @@ ifdef WOLFBOOT_OFFSET
 WOLFBOOT:=$(abspath $(RIOTBASE)/../../wolfBoot/)
 CFLAGS += -I$(WOLFBOOT)/include
 
-SIGNTOOL ?= $(WOLFBOOT)/tools/ed25519/ed25519_sign
-KEYGENTOOL ?= $(WOLFBOOT)/tools/ed25519/ed25519_keygen
+SIGNTOOL ?= python3 $(WOLFBOOT)/tools/keytools/sign.py
+KEYGENTOOL ?= python3 $(WOLFBOOT)/tools/keytools/keygen.py
 
 BINFILE ?= $(BINDIR)/$(APPLICATION).bin
-SIGN_BINFILE = $(BINDIR)/$(APPLICATION).bin.v5.signed
+SIGN_BINFILE = $(BINDIR)/$(APPLICATION)_v5_signed.bin
 WOLFBOOT_KEYFILE ?= $(WOLFBOOT)/ed25519.der
 WOLFBOOT_BIN ?= $(WOLFBOOT)/wolfboot.bin
 
diff --git a/wolfBoot b/wolfBoot
index d3d938d..e6723ec 160000
--- a/wolfBoot
+++ b/wolfBoot
@@ -1 +1 @@
-Subproject commit d3d938d087f095f2827c51ed6328f8e04c352f49
+Subproject commit e6723ec831c1095bdbcf50a8cba636c72364e1c7