Merge pull request wolfSSL#414 from danielinux/ecc521

Added support for SIGN=ECC521

.github/workflows/test-renode-fastmath-smallstack.yml

@@ -31,6 +31,9 @@ jobs:
       - name: Renode Tests ECC384
         run: ./tools/renode/docker-test.sh "SIGN=ECC384 WOLFBOOT_SMALL_STACK=1 SPMATH=0"
 
+# ECC521 TEST
+      - name: Renode Tests ECC521
+        run: ./tools/renode/docker-test.sh "SIGN=ECC521 WOLFBOOT_SMALL_STACK=1 SPMATH=0"
 
 # RSA2048 TEST
       - name: Renode Tests RSA2048

.github/workflows/test-renode-fastmath.yml

@@ -30,6 +30,10 @@ jobs:
       - name: Renode Tests ECC384
         run: ./tools/renode/docker-test.sh "SIGN=ECC384 SPMATH=0"
 
+# ECC521 TEST
+      - name: Renode Tests ECC521
+        run: ./tools/renode/docker-test.sh "SIGN=ECC521 SPMATH=0"
+
 
 # RSA2048 TEST
       - name: Renode Tests RSA2048

.github/workflows/test-renode-noasm-smallstack.yml

@@ -31,6 +31,9 @@ jobs:
       - name: Renode Tests ECC384
         run: ./tools/renode/docker-test.sh "SIGN=ECC384 WOLFBOOT_SMALL_STACK=1 NO_ASM=1"
 
+# ECC521 TEST
+      - name: Renode Tests ECC521
+        run: ./tools/renode/docker-test.sh "SIGN=ECC521 WOLFBOOT_SMALL_STACK=1 NO_ASM=1"
 
 # RSA2048 TEST
       - name: Renode Tests RSA2048

.github/workflows/test-renode-noasm.yml

@@ -30,6 +30,9 @@ jobs:
       - name: Renode Tests ECC384
         run: ./tools/renode/docker-test.sh "SIGN=ECC384 NO_ASM=1"
 
+# ECC521 TEST
+      - name: Renode Tests ECC521
+        run: ./tools/renode/docker-test.sh "SIGN=ECC521 NO_ASM=1"
 
 # ED25519 TEST
       - name: Renode Tests ED25519

.github/workflows/test-renode-nrf52.yml

@@ -34,6 +34,10 @@ jobs:
       - name: Renode Tests ECC384
         run: ./tools/renode/docker-test.sh "SIGN=ECC384"
 
+# ECC521 TEST
+      - name: Renode Tests ECC521
+        run: ./tools/renode/docker-test.sh "SIGN=ECC521"
+
 # ED25519 TEST
       - name: Renode Tests ED25519
         run: ./tools/renode/docker-test.sh "SIGN=ED25519"

.github/workflows/test-renode-sha3.yml

@@ -34,6 +34,9 @@ jobs:
       - name: Renode Tests ECC384
         run: ./tools/renode/docker-test.sh "SIGN=ECC384 HASH=SHA3"
 
+# ECC521 TEST
+      - name: Renode Tests ECC521
+        run: ./tools/renode/docker-test.sh "SIGN=ECC521 HASH=SHA3"
 
 # ED25519 TEST
       - name: Renode Tests ED25519

.github/workflows/test-renode-sha384.yml

@@ -33,6 +33,9 @@ jobs:
       - name: Renode Tests ECC384
         run: ./tools/renode/docker-test.sh "SIGN=ECC384 HASH=SHA384"
 
+# ECC521 TEST
+      - name: Renode Tests ECC521
+        run: ./tools/renode/docker-test.sh "SIGN=ECC521 HASH=SHA384"
 
 # ED25519 TEST
       - name: Renode Tests ED25519

.github/workflows/test-renode-smallstack.yml

@@ -35,6 +35,10 @@ jobs:
       - name: Renode Tests ECC384
         run: ./tools/renode/docker-test.sh "SIGN=ECC384 WOLFBOOT_SMALL_STACK=1"
 
+# ECC521 TEST
+      - name: Renode Tests ECC521
+        run: ./tools/renode/docker-test.sh "SIGN=ECC521 WOLFBOOT_SMALL_STACK=1"
+
 
 # ED25519 TEST
       - name: Renode Tests ED25519

docs/Signing.md

@@ -92,6 +92,9 @@ file is in this format.
   * `--ecc384` Use ecc384 for signing the firmware. Assume that the given KEY.DER
 file is in this format.
 
+  * `--ecc521` Use ecc521 for signing the firmware. Assume that the given KEY.DER
+file is in this format.
+
   * `--rsa2048` Use rsa2048 for signing the firmware. Assume that the given KEY.DER
 file is in this format.
 

docs/compile.md

@@ -90,21 +90,17 @@ performance and activated features are affected by compile-time flags.
 By default, wolfBoot is compiled to use Ed25519 DSA. The implementation of ed25519 is smaller,
 while giving a good compromise in terms of boot-up time.
 
-Better performance can be achieved using ECDSA with curve p-256. To activate ECC256 support, use
+Better performance can be achieved using ECDSA with curve p-256.
+To activate ECC256, ECC384 or ECC521 support, use:
 
-`SIGN=ECC256`
+`SIGN=ECC256` or `SIGN=ECC384` or `SIGN=ECC521` respectively.
 
 when invoking `make`.
 
-RSA is also supported, with different key length. To activate RSA2048 or RSA4096, use:
+RSA is also supported, with different key length.
+To activate RSA2048, RSA3072 or RSA4096, use:
 
-`SIGN=RSA2048`
-
-or
-
-`SIGN=RSA4096`
-
-respectively.
+`SIGN=RSA2048` or `SIGN=RSA3072` or `SIGN=RSA4096` respectively.
 
 Ed448 is also supported via `SIGN=ED448`.
 
@@ -135,7 +131,7 @@ For more information and examples, see the [firmware update](firmware_update.md)
 
 ### Enable debug symbols
 
-To debug the bootloader, simply compile with `DEBUG=1`. The size of the bootloade will increase
+To debug the bootloader, simply compile with `DEBUG=1`. The size of the bootloader will increase
 consistently, so ensure that you have enough space at the beginning of the flash before
 `WOLFBOOT_PARTITION_BOOT_ADDRESS`.
 
@@ -168,7 +164,7 @@ Some combinations of authentication algorithms, key sizes and math configuration
 a large amount of memory to be allocated in the stack at runtime. By default, if your configuration
 falls in one of these cases, wolfBoot compilation will terminate with an explicit error.
 
-In some cases you might have enough memory available to allow large stack allocations. 
+In some cases you might have enough memory available to allow large stack allocations.
 To circumvent the compile-time checks on the maximum allowed stack size, use `WOLFBOOT_HUGE_STACK=1`.
 
 ### Disable Backup of current running firmware

include/wolfboot/wolfboot.h

@@ -203,8 +203,9 @@ extern "C" {
  #   endif
  #elif defined(WOLFBOOT_SIGN_ECC521)
  #   define HDR_IMG_TYPE_AUTH HDR_IMG_TYPE_AUTH_ECC521
- #   error "ECC521 curves not yet supported in this version of wolfBoot. " \
-           "Please select a valid SIGN= option."
+ #   ifndef WOLFBOOT_UNIVERSAL_KEYSTORE
+ #     define KEYSTORE_PUBKEY_SIZE KEYSTORE_PUBKEY_SIZE_ECC521
+ #   endif
  #elif defined(WOLFBOOT_SIGN_RSA2048)
  #   define HDR_IMG_TYPE_AUTH HDR_IMG_TYPE_AUTH_RSA2048
  #   ifndef WOLFBOOT_UNIVERSAL_KEYSTORE

options.mk

@@ -138,9 +138,9 @@ ifeq ($(SIGN),ECC521)
       STACK_USAGE=6680
     else
       ifneq ($(SPMATH),1)
-        STACK_USAGE=7352
+        STACK_USAGE=11256
       else
-        STACK_USAGE=3896
+        STACK_USAGE=8288
       endif
     endif
   endif

src/xmalloc.c

@@ -63,7 +63,7 @@ struct xmalloc_slot {
 #   error "No hash mechanism selected."
 #endif
 
-#if defined(WOLFBOOT_SIGN_ECC256) || defined(WOLFBOOT_SIGN_ECC384)
+#if defined(WOLFBOOT_SIGN_ECC256) || defined(WOLFBOOT_SIGN_ECC384) || defined(WOLFBOOT_SIGN_ECC521)
 
 #ifndef USE_FAST_MATH
     /* SP MATH */
@@ -98,6 +98,22 @@ struct xmalloc_slot {
             #define MP_MONTGOMERY_SIZE (sizeof(int64_t) * 2 * 12)
         #endif
     #endif /* WOLFBOOT_SIGN_ECC384 */
+    #ifdef WOLFBOOT_SIGN_ECC521
+        #define MP_SCHEME "SP ECC521"
+        #define MP_CURVE_SPECS_SIZE (148)
+        #ifdef WOLFSSL_SP_ARM_CORTEX_M_ASM
+            #define MP_POINT_SIZE (412)
+            #define MP_DIGITS_BUFFER_SIZE_0 (MP_DIGIT_SIZE * 18 * 17)
+            #define MP_DIGITS_BUFFER_SIZE_1 (MP_DIGIT_SIZE * 2 * 17 * 6)
+            #define MP_MONTGOMERY_SIZE (sizeof(int64_t) * 12)
+        #else
+            #define MP_POINT_SIZE (508)
+            #define MP_DIGITS_BUFFER_SIZE_0 (MP_DIGIT_SIZE * 18 * 21)
+            #define MP_DIGITS_BUFFER_SIZE_1 (MP_DIGIT_SIZE * (4 * 21 + 3))
+            #define MP_DIGITS_BUFFER_SIZE_2 (MP_DIGIT_SIZE * (2 * 21 * 6))
+            #define MP_MONTGOMERY_SIZE (sizeof(int64_t) * 2 * 12)
+        #endif
+    #endif /* WOLFBOOT_SIGN_ECC521 */
     #ifndef WC_NO_CACHE_RESISTANT
     static uint8_t mp_points_3[MP_POINT_SIZE];
     #endif
@@ -106,10 +122,10 @@ struct xmalloc_slot {
     static uint8_t mp_points_2[MP_POINT_SIZE * (16 + 1)];
     static uint8_t mp_digits_buffer_0[MP_DIGITS_BUFFER_SIZE_0];
     static uint8_t mp_digits_buffer_1[MP_DIGITS_BUFFER_SIZE_1];
-    #if !defined(WOLFSSL_SP_ARM_CORTEX_M_ASM) && (defined(WOLFBOOT_SIGN_ECC256) || defined(WOLFBOOT_SIGN_ECC384))
+    #if !defined(WOLFSSL_SP_ARM_CORTEX_M_ASM) && (defined(WOLFBOOT_SIGN_ECC256) || defined(WOLFBOOT_SIGN_ECC384) || defined(WOLFBOOT_SIGN_ECC521))
     static uint8_t mp_digits_buffer_2[MP_DIGITS_BUFFER_SIZE_2];
     static uint8_t mp_montgomery[MP_MONTGOMERY_SIZE];
-    #elif defined(WOLFBOOT_SIGN_ECC384)
+    #elif defined(WOLFBOOT_SIGN_ECC384) || defined (WOLFBOOT_SIGN_ECC521)
     static uint8_t mp_montgomery[MP_MONTGOMERY_SIZE];
     #endif
 #else
@@ -132,6 +148,15 @@ struct xmalloc_slot {
         #define MP_INT_BUFFER_SIZE_1 (MP_INT_TYPE_SIZE * 6)
         #define MP_DIGIT_BUFFER_MONT_SIZE (sizeof(fp_digit)*(FP_SIZE + 1))
     #endif
+    #ifdef WOLFBOOT_SIGN_ECC521
+        #define MP_SCHEME "TFM ECC521"
+        #define MP_CURVE_SPECS_SIZE (MP_INT_TYPE_SIZE)
+        #define MP_CURVE_FIELD_COUNT_SIZE (380)
+        #define ECC_POINT_SIZE (516)
+        #define MP_INT_BUFFER_SIZE (MP_INT_TYPE_SIZE * 5)
+        #define MP_INT_BUFFER_SIZE_1 (MP_INT_TYPE_SIZE * 6)
+        #define MP_DIGIT_BUFFER_MONT_SIZE (sizeof(fp_digit)*(FP_SIZE + 1))
+    #endif
 
     static uint8_t mp_curve_field_count[MP_CURVE_FIELD_COUNT_SIZE];
     static uint8_t mp_int_v[MP_INT_TYPE_SIZE];
@@ -170,7 +195,7 @@ static struct xmalloc_slot xmalloc_pool[] = {
     { (uint8_t *)mp_points_0, MP_POINT_SIZE * 2, 0 },
     #ifdef WOLFSSL_SP_ARM_CORTEX_M_ASM
     { (uint8_t *)mp_points_1, MP_POINT_SIZE * 2, 0 },
-        #ifdef WOLFBOOT_SIGN_ECC384
+        #if defined(WOLFBOOT_SIGN_ECC384) || defined(WOLFBOOT_SIGN_ECC521)
     { (uint8_t *)mp_montgomery, MP_MONTGOMERY_SIZE, 0 },
         #endif
     #else

tools/test-renode.mk

@@ -78,8 +78,6 @@ ifeq ($(SIGN),ECC384)
   SIGN_ARGS+= --ecc384
 endif
 
-# Already supported in sign tools, not yet in wolfBoot.
-# Currently, a compile-time error is produced if selected.
 ifeq ($(SIGN),ECC521)
   SIGN_ARGS+= --ecc521
 endif
@@ -255,6 +253,9 @@ renode-factory-ecc256: FORCE
 renode-factory-ecc384: FORCE
 	make renode-factory SIGN=ECC384
 
+renode-factory-ecc521: FORCE
+	make renode-factory SIGN=ECC521
+
 renode-factory-rsa2048: FORCE
 	make renode-factory SIGN=RSA2048
 
@@ -287,6 +288,8 @@ renode-factory-all: FORCE
 	${Q}make renode-factory-rsa4096 RENODE_PORT=55162
 	${Q}make keysclean
 	${Q}make renode-factory SIGN=NONE RENODE_PORT=55163
+	${Q}make keysclean
+	${Q}make renode-factory-ecc521 RENODE_PORT=55166
 	${Q}echo All tests in $@ OK!
 
 renode-update-ed25519: FORCE
@@ -301,6 +304,9 @@ renode-update-ecc256: FORCE
 renode-update-ecc384: FORCE
 	make renode-update SIGN=ECC384
 
+renode-update-ecc521: FORCE
+	make renode-update SIGN=ECC521
+
 renode-update-rsa2048: FORCE
 	make renode-update SIGN=RSA2048
 
@@ -328,6 +334,9 @@ renode-no-downgrade-ecc256: FORCE
 renode-no-downgrade-ecc384: FORCE
 	make renode-no-downgrade SIGN=ECC384
 
+renode-no-downgrade-ecc521: FORCE
+	make renode-no-downgrade SIGN=ECC521
+
 renode-no-downgrade-rsa2048: FORCE
 	make renode-no-downgrade SIGN=RSA2048
 
@@ -352,6 +361,9 @@ renode-corrupted-ecc256: FORCE
 renode-corrupted-ecc384: FORCE
 	make renode-corrupted SIGN=ECC384
 
+renode-corrupted-ecc521: FORCE
+	make renode-corrupted SIGN=ECC521
+
 renode-corrupted-rsa2048: FORCE
 	make renode-corrupted SIGN=RSA2048
 
@@ -388,6 +400,8 @@ renode-update-all: FORCE
 	${Q}make renode-update-lms RENODE_PORT=55164
 	${Q}make keysclean
 	${Q}make renode-update-xmss RENODE_PORT=55165
+	${Q}make keysclean
+	${Q}make renode-update-ecc521 RENODE_PORT=55166
 	${Q}echo All tests in $@ OK!
 
 renode-no-downgrade-all: FORCE
@@ -411,6 +425,8 @@ renode-no-downgrade-all: FORCE
 	${Q}make renode-no-downgrade-lms RENODE_PORT=55164
 	${Q}make keysclean
 	${Q}make renode-no-downgrade-xmss RENODE_PORT=55165
+	${Q}make keysclean
+	${Q}make renode-no-downgrade-ecc521 RENODE_PORT=55166
 	${Q}echo All tests in $@ OK!
 
 renode-corrupted-all: FORCE
@@ -434,6 +450,8 @@ renode-corrupted-all: FORCE
 	${Q}make renode-corrupted-lms RENODE_PORT=55164
 	${Q}make keysclean
 	${Q}make renode-corrupted-xmss RENODE_PORT=55165
+	${Q}make keysclean
+	${Q}make renode-corrupted-ecc521 RENODE_PORT=55166
 	${Q}echo All tests in $@ OK!
 
 renode-update-all-armored: FORCE