Test size increases. Improve user_settings.h ECC options.

2022-11-23 15:31:34 -08:00 · 2022-11-23 15:31:34 -08:00 · 6d45564112
parent 7cb8d3a66f
commit 6d45564112
5 changed files with 49 additions and 29 deletions
--- a/README.md
+++ b/README.md
@ -123,6 +123,12 @@ cd wolfcrypt-py
 USE_LOCAL_WOLFSSL=/usr/local pip3 install .
 ```
 2. Key algorithm mismatch:
 The error `Key algorithm mismatch. Remove old keys via 'make distclean'` indicates the current `.config` `SIGN` algorithm does not match what is in the generated `src/keystore.c` file.
 Use `make keysclean` or `make distclean` to delete keys and regenerate.
 ## Release Notes
 ### v1.0 (2018-12-04)
--- a/docs/Targets.md
+++ b/docs/Targets.md
@ -1096,6 +1096,15 @@ Flash Layout (with files):
 Or program the `factory.bin` to `0xE8080000`
 Example Boot Debug Output:
 ```
 wolfBoot Init
 Part: Active 0, Address E8080000
 Part: Size 1028
 Firmware Valid
 Loading 1028 bytes to RAM at 19000
 ```
 #### Flash Programming with Lauterbach
--- a/include/user_settings.h
+++ b/include/user_settings.h
@ -64,13 +64,13 @@
 #endif
 /* ECC and SHA256 */
-#if defined (WOLFBOOT_SIGN_ECC256) ||\
+#if defined(WOLFBOOT_SIGN_ECC256) ||\
-    defined (WOLFBOOT_SIGN_ECC384) ||\
+    defined(WOLFBOOT_SIGN_ECC384) ||\
-    defined (WOLFBOOT_SIGN_ECC521)
+    defined(WOLFBOOT_SIGN_ECC521)
 #   define HAVE_ECC
 #   define ECC_TIMING_RESISTANT
-
+#   define ECC_USER_CURVES /* enables only 256-bit by default */
 /* Kinetis LTC support */
 #   ifdef FREESCALE_USE_LTC
@ -102,25 +102,25 @@
 #   define NO_ECC_KEY_EXPORT
 /* Curve */
 #   define NO_ECC192
 #   define NO_ECC224
 #ifdef WOLFBOOT_SIGN_ECC256
 #   define HAVE_ECC256
 #   define FP_MAX_BITS (256 + 32)
-#   define NO_ECC384
+#elif defined(WOLFBOOT_SIGN_ECC384)
 #   define NO_ECC521
 #elif defined WOLFBOOT_SIGN_ECC384
 #   define HAVE_ECC384
-#   define FP_MAX_BITS (1024 + 32)
+#   define FP_MAX_BITS (384 * 2)
-#   define WOLFSSL_SP_384
+#   ifndef USE_FAST_MATH
-#   define WOLFSSL_SP_NO_256
+#       define WOLFSSL_SP_384
 #       define WOLFSSL_SP_NO_256
 #   endif
 #   define NO_ECC256
-#   define NO_ECC521
+#elif defined(WOLFBOOT_SIGN_ECC521)
 #elif defined WOLFBOOT_SIGN_ECC521
 #   define HAVE_ECC521
-#   define FP_MAX_BITS (544 + 32)
+#   define FP_MAX_BITS (528 * 2)
 #   ifndef USE_FAST_MATH
 #       define WOLFSSL_SP_521
 #       define WOLFSSL_SP_NO_256
 #   endif
 #   define NO_ECC256
 #   define NO_ECC384
 #endif
 #   define NO_RSA
--- a/options.mk
+++ b/options.mk
@ -9,7 +9,12 @@ endif
 ifeq ($(SIGN),NONE)
  SIGN_OPTIONS+=--no-sign
-  STACK_USAGE=1216
+  ifeq ($(HASH),SHA384)
    STACK_USAGE=3760
  else
    STACK_USAGE=1216
  endif
  CFLAGS+=-DWOLFBOOT_NO_SIGN
 endif
--- a/tools/test.mk
+++ b/tools/test.mk
@ -885,25 +885,25 @@ test-size-all:
 	make keysclean
 	make test-size SIGN=ED25519 LIMIT=11308
 	make keysclean
-	make test-size SIGN=ECC256  LIMIT=22158
+	make test-size SIGN=ECC256  LIMIT=22162
 	make keysclean
-	make test-size SIGN=ECC256 NO_ASM=1 LIMIT=13592
+	make test-size SIGN=ECC256 NO_ASM=1 LIMIT=13594
 	make keysclean
-	make test-size SIGN=RSA2048 LIMIT=11086
+	make test-size SIGN=RSA2048 LIMIT=11090
 	make keysclean
-	make test-size SIGN=RSA2048 NO_ASM=1 LIMIT=11058
+	make test-size SIGN=RSA2048 NO_ASM=1 LIMIT=11062
 	make keysclean
-	make test-size SIGN=RSA4096 LIMIT=11446
+	make test-size SIGN=RSA4096 LIMIT=11450
 	make keysclean
-	make test-size SIGN=RSA4096 NO_ASM=1 LIMIT=11366
+	make test-size SIGN=RSA4096 NO_ASM=1 LIMIT=11370
 	make keysclean
-	make test-size SIGN=ECC384 LIMIT=17492
+	make test-size SIGN=ECC384 LIMIT=17500
 	make keysclean
-	make test-size SIGN=ECC384 NO_ASM=1 LIMIT=15028
+	make test-size SIGN=ECC384 NO_ASM=1 LIMIT=15032
 	make keysclean
-	make test-size SIGN=ED448 LIMIT=13334
+	make test-size SIGN=ED448 LIMIT=13342
 	make keysclean
-	make test-size SIGN=RSA3072 LIMIT=11286
+	make test-size SIGN=RSA3072 LIMIT=11290
 	make keysclean
-	make test-size SIGN=RSA3072 NO_ASM=1 LIMIT=11158
+	make test-size SIGN=RSA3072 NO_ASM=1 LIMIT=11162
 	make keysclean