Merge branch 'master' into psoc6_hwcrypto

README.md

@@ -35,9 +35,6 @@ The bootloader consists of the following components:
    - The core bootloader
    - A small application library used by the application to interact with the bootloader [src/libwolfboot.c](src/libwolfboot.c)
 
-Only ARM Cortex-M boot mechanism is supported at this stage. Support for more architectures and
-microcontrollers will be added later. Relocating the interrupt vector can be disabled if needed.
-
 ## Integrating wolfBoot in an existing project
 
 ### Required steps

hal/stm32wb.c

@@ -98,6 +98,7 @@ PKA_HandleTypeDef hpka = { };
 
 #ifndef WOLFSSL_STM32_PKA
 #define FLASH_SR_BSY                          (1 << 16)
+#define FLASH_SR_CFGBSY                       (1 << 18)
 #define FLASH_SR_SIZERR                       (1 << 6)
 #define FLASH_SR_PGAERR                       (1 << 5)
 #define FLASH_SR_WRPERR                       (1 << 4)
@@ -109,11 +110,12 @@ PKA_HandleTypeDef hpka = { };
 
 #define FLASH_CR_PER                          (1 << 1)
 #define FLASH_CR_PG                           (1 << 0)
+#define FLASH_CR_FSTPG                        (1 << 18)
 
 #endif /* !WOLFSSL_STM32_PKA */
 
 #define FLASH_CR_PNB_SHIFT                     3
-#define FLASH_CR_PNB_MASK                      0x3f
+#define FLASH_CR_PNB_MASK                      0xFF
 
 #define FLASH_KEY1                            (0x45670123)
 #define FLASH_KEY2                            (0xCDEF89AB)
@@ -128,7 +130,7 @@ static void RAMFUNCTION flash_set_waitstates(unsigned int waitstates)
 
 static RAMFUNCTION void flash_wait_complete(void)
 {
-    while ((FLASH_SR & FLASH_SR_BSY) == FLASH_SR_BSY)
+    while ((FLASH_SR & (FLASH_SR_BSY | FLASH_SR_CFGBSY)) != 0)
         ;
 }
 
@@ -137,21 +139,50 @@ static void RAMFUNCTION flash_clear_errors(void)
     FLASH_SR |= ( FLASH_SR_SIZERR | FLASH_SR_PGAERR | FLASH_SR_WRPERR |  FLASH_SR_PROGERR);
 }
 
+
+
+void RAMFUNCTION hal_flash_unlock(void)
+{
+    flash_wait_complete();
+    if ((FLASH_CR & FLASH_CR_LOCK) != 0) {
+        FLASH_KEY = FLASH_KEY1;
+        DMB();
+        FLASH_KEY = FLASH_KEY2;
+        DMB();
+        while ((FLASH_CR & FLASH_CR_LOCK) != 0)
+            ;
+    }
+}
+
+void RAMFUNCTION hal_flash_lock(void)
+{
+    flash_wait_complete();
+    if ((FLASH_CR & FLASH_CR_LOCK) == 0)
+        FLASH_CR |= FLASH_CR_LOCK;
+}
+
 int RAMFUNCTION hal_flash_write(uint32_t address, const uint8_t *data, int len)
 {
     int i = 0;
     uint32_t *src, *dst;
+    uint32_t pdword[2] __attribute__((aligned(16)));
+    uint32_t reg;
+
     flash_clear_errors();
-    FLASH_CR |= FLASH_CR_PG;
+    reg = FLASH_CR & (~FLASH_CR_FSTPG);
+    FLASH_CR = reg | FLASH_CR_PG;
 
     while (i < len) {
         flash_clear_errors();
         if ((len - i > 3) && ((((address + i) & 0x07) == 0)  && ((((uint32_t)data) + i) & 0x07) == 0)) {
+            uint32_t idx = i >> 2;
             src = (uint32_t *)data;
-            dst = (uint32_t *)(address + FLASHMEM_ADDRESS_SPACE);
+            dst = (uint32_t *)(address);
+            pdword[0] = src[idx];
+            pdword[1] = src[idx + 1];
             flash_wait_complete();
-            dst[i >> 2] = src[i >> 2];
-            dst[(i >> 2) + 1] = src[(i >> 2) + 1];
+            dst[idx] = pdword[0];
+            dst[idx + 1] = pdword[1];
             flash_wait_complete();
             i+=8;
         } else {
@@ -176,42 +207,26 @@ int RAMFUNCTION hal_flash_write(uint32_t address, const uint8_t *data, int len)
     return 0;
 }
 
-void RAMFUNCTION hal_flash_unlock(void)
-{
-    flash_wait_complete();
-    if ((FLASH_CR & FLASH_CR_LOCK) != 0) {
-        FLASH_KEY = FLASH_KEY1;
-        DMB();
-        FLASH_KEY = FLASH_KEY2;
-        DMB();
-        while ((FLASH_CR & FLASH_CR_LOCK) != 0)
-            ;
-    }
-}
-
-void RAMFUNCTION hal_flash_lock(void)
-{
-    flash_wait_complete();
-    if ((FLASH_CR & FLASH_CR_LOCK) == 0)
-        FLASH_CR |= FLASH_CR_LOCK;
-}
-
 
 int RAMFUNCTION hal_flash_erase(uint32_t address, int len)
 {
-    int start = -1, end = -1;
     uint32_t end_address;
     uint32_t p;
     if (len == 0)
         return -1;
+    address -= FLASHMEM_ADDRESS_SPACE;
     end_address = address + len - 1;
+    flash_wait_complete();
     for (p = address; p < end_address; p += FLASH_PAGE_SIZE) {
-        uint32_t reg = FLASH_CR & (~(FLASH_CR_PNB_MASK << FLASH_CR_PNB_SHIFT));
-        FLASH_CR = reg | ((p >> 12) << FLASH_CR_PNB_SHIFT) | FLASH_CR_PER | FLASH_CR_PG;
+        uint32_t reg;
+        flash_clear_errors();
+        reg = FLASH_CR & ~((FLASH_CR_PNB_MASK << FLASH_CR_PNB_SHIFT) | FLASH_CR_FSTPG | FLASH_CR_PG);
+        FLASH_CR = reg | ((p >> 12) << FLASH_CR_PNB_SHIFT) | FLASH_CR_PER;
         DMB();
         FLASH_CR |= FLASH_CR_STRT;
+        DMB();
         flash_wait_complete();
-        FLASH_CR &= ~(FLASH_CR_PER | FLASH_CR_PG);
+        FLASH_CR &= ~(FLASH_CR_PER);
     }
     return 0;
 }
@@ -310,7 +325,6 @@ void hal_prepare_boot(void)
 #ifdef SPI_FLASH
     spi_release();
 #endif
-    hal_flash_lock();
     clock_pll_off();
 }
 

tools/keytools/keygen.c

@@ -301,7 +301,7 @@ int main(int argc, char** argv)
         fclose(f);
         printf("** Warning: key file already exist! Are you sure you want to  generate a new key and overwrite the existing key? [Type 'Yes, I am sure!']: ");
         fflush(stdout);
-        gets(reply);
+        scanf("%s", reply);
         printf("Reply is [%s]\n", reply);
         if (strcmp(reply, "Yes, I am sure!") != 0) {
             printf("Operation aborted by user.");

tools/keytools/sign.c

@@ -256,14 +256,34 @@ int main(int argc, char** argv)
     }
 
     /* key type "auto" selection */
-    if (key_buffer_sz == 64) {
-        if (sign == SIGN_ECC256) {
-            printf("Error: key size does not match the cipher selected\n");
+    if (key_buffer_sz == 32) {
+        if ((sign != SIGN_ED25519) && !manual_sign && !sha_only ) {
+            printf("Error: key too short for cipher\n");
             goto exit;
         }
+        if (sign == SIGN_AUTO && (manual_sign || sha_only)) {
+            printf("ed25519 public key autodetected\n");
+            sign = SIGN_ED25519;
+        }
+
+    }
+    else if (key_buffer_sz == 64) {
+        if (sign == SIGN_ECC256) {
+            if (!manual_sign && !sha_only) {
+                printf("Error: key size does not match the cipher selected\n");
+                goto exit;
+            } else {
+                printf("ECC256 public key detected\n");
+            }
+        }
         if (sign == SIGN_AUTO) {
+            if (!manual_sign && !sha_only) {
                 sign = SIGN_ED25519;
                 printf("ed25519 key autodetected\n");
+            } else {
+                sign = SIGN_ECC256;
+                printf("ecc256 public key autodetected\n");
+            }
         }
     }
     else if (key_buffer_sz == 96) {

tools/keytools/sign.py

@@ -135,11 +135,25 @@ else:
 kf = open(key_file, "rb")
 wolfboot_key_buffer = kf.read(4096)
 wolfboot_key_buffer_len = len(wolfboot_key_buffer)
-if wolfboot_key_buffer_len == 64:
+if wolfboot_key_buffer_len == 32:
+    if (sign != 'ed25519' and not manual_sign and not sha_only):
+        print("Error: key too short for cipher")
+        sys.exit(1)
+    elif sign == 'auto' and (manual_sign or sha_only):
+        sign = 'ed25519'
+        print("'ed25519' public key autodetected.")
+elif wolfboot_key_buffer_len == 64:
     if (sign == 'ecc256'):
+        if not manual_sign and not sha_only:
             print("Error: key size does not match the cipher selected")
             sys.exit(1)
+        else:
+            print("Ecc256 public key detected")
     if sign == 'auto':
+        if (manual_sign or sha_only):
+            sign = 'ecc256'
+            print("'ecc256' public key autodetected.")
+        else:
             sign = 'ed25519'
             print("'ed25519' key autodetected.")
 elif wolfboot_key_buffer_len == 96: