wolfSSL · miyazakh · Dec 6, 2022 · Dec 13, 2022 · Dec 15, 2022 · Dec 16, 2022
diff --git a/embedded/signature/Makefile b/embedded/signature/Makefile
@@ -0,0 +1,20 @@
+CC = gcc
+#CC = clang
+SRCROOT = .
+ECCSRCDIRS := $(shell ls -d $(SRCROOT)/ecc_*)
+RSASRCDIRS := $(shell ls -d $(SRCROOT)/rsa_*)
+
+all: ecc rsa
+
+ecc:
+	@for d in $(ECCSRCDIRS); do echo $$d ; $(MAKE) -C $$d CC=$(CC) ; done
+
+rsa:
+	@for d in $(RSASRCDIRS); do echo $$d ; $(MAKE) -C $$d CC=$(CC) ; done
+
+clean: FORCE
+	@for d in $(ECCSRCDIRS); do echo $$d ; $(MAKE) -C $$d clean; done
+	@for d in $(RSASRCDIRS); do echo $$d ; $(MAKE) -C $$d clean; done
+
+FORCE:
+.PHONY: FORCE
diff --git a/embedded/signature/README.md b/embedded/signature/README.md
@@ -0,0 +1,93 @@
+# Signature Examples for Embedded Systems
+
+This directory includes the following examples. Each subdirectory has a Makefile, source files, and a README to show how to build the example, along with expected example output.
+
+|Scheme|Directory|Description|
+|---|---|---|
+|RSA|rsa_sign_verify|sign/verify signature inline  |
+||rsa_vfy_only |verify signature|
+||rsa_vfy_only_nonblock|verify signature with non-blocking|
+|ECDSA|ecc_sign_verify|sign msg and verify signature|
+||ecc_vfy_only|verify Signature|
+||ecc_vfy_only_nonblock|verify signature with non-blocking|
+
+
+When building each example, you can specify arguments to control the build.  Specify a target function to run either a simple example, benchmark, or memory tracking example. Specify an "arch" option to build optimized code for MCU architectures such as Intel x86, ARM64 or a generic code by default.  And specify a "math" option to choose an underlying wolfCrypt math library to use, between Single Precision or TFM.
+
+
+```
+$ make <Function> math=<Mathlib> arch=<MCU>
+```
+
+## Functions
+
+|Function name|Description|
+|---|---|
+|Default|Simple Execution|
+|mem|Memory Track on heap and stack usage|
+|bench|Performance benchmark|
+
+## Math library
+|math|Description|
+|---|---|
+|Default|Generic architecture by pure C language source code|
+|sp| SP for generic or specified  architecture|
+|tfm|TFM for generic architecture|
+## MCU Architectures
+NOTE:  No architecture specification is required when using TFM.
+|arch|Description|
+|---|---|
+|Default|Generic architecture by pure C language source code|
+|c32| SP using 32-bit data type |
+|c64| SP using 64-bit data type   (default)   |
+|arm64|SP for ARM64 |
+|x64|SP for x86 64bit|
+
+
+Each Makefile is self-contained to statically link wolfCrypt source files (without using a shared libwolfssl.so). Put your wolfSSL source files in parallel with the wolfssl-examples directory. The location of the primary wolfSSL source directory is defined by WOLFROOT in each Makefile. Each build compiles only the needed files for the target. OBJ and OBJ_xxx macros in each Makefile define object files for the common and specific target.
+
+Example programs are hard coded to use a specific hash algorithm or signature scheme. Sha256 is used for the hash by default. PKCS#1 v1.5 or ECDSA is used for the signature scheme. You can refer to the following API tables for modifying the examples for other algorithms or schemes.
+
+## Table 1: Hash algorithms for PKCS#1 Signature
+|Algorithm|Src File|Macro SW<br>Enable|<br>Disable|Note|
+|---|---|---|---|---|
+|MD2|md2.c|WOLFSSL_MD2||Only for v1.5 Backward compatibility|
+|MD5|md5.c||NO_MD5|Only for v1.5 Backward compatibility|
+|SHA1|sha.c||NO_SHA|||SHA256|sha256.c||NO_SHA256|
+||SHA384|sha512.c|WOLFSSL_SHA384||Disabled by default|
+|SHA512|sha512.c|WOLFSSL_SHA512||Disabled by default|
+
+
+## Table 2: Hash Algorithm APIs
+|Algorithm|<br>Init|API<br>Update|<br>Final|
+|---|---|---|---|
+|MD2|wc_InitMd2|wc_Md2Update|wc_Md2Final|
+|MD5|wc_InitMd5|wc_Md5Update|wc_Md5Final|
+|SHA1|wc_InitSha|wc_ShaUpdate|wc_ShaFinal|
+|SHA256|wc_InitSha256|wc_Sha256Update|wc_Sha256Final|
+|SHA384|wc_initSha384|wc_Sha384Update|wc_Sha384Final|
+|SHA512|wc_InitSha512|wc_Sha512Update|wc_Sha512Final|
+
+
+## Table 3: RSA Signature APIs
+
+|Padding|API|Description|
+|---|---|---|
+|PKCS #1 v1.5|wc_RsaSSL_Verify|Decrypt input signature to verify|
+||wc_RsaSSL_VerifyInline|The output uses the same byte array as the input|
+|PSS|wc_RsaPSS_Verify|Decrypt input signature to verify with PSS|
+| |wc_RsaPSS_VerifyCheck|Verify the message signed|
+| |wc_RsaPSS_VerifyCheck_ex|with Salt length argument|
+| |wc_RsaPSS_VerifyInline|The output uses the same byte array as the input|
+| |wc_RsaPSS_VerifyCheckInline|Verify the message signed|
+| |wc_RsaPSS_VerifyCheckPadding|Checks the PSS data to ensure that the signature matches|
+| |wc_RsaPSS_VerifyCheckPadding_ex|with Salt length argument|
+
+
+## Table 4: ECC Signature APIs
+
+|Algorithm|API|Hash|
+|---|---|---|
+|ECDSA|wc_ecc_sign_hash|SHA512|
+|Ed25519|wc_ed25519_sign_hash|SHA512|
+|Ed488|wc_ed488_sign_hash|SHAKE256|
diff --git a/embedded/signature/ecc_sign_verify/Makefile b/embedded/signature/ecc_sign_verify/Makefile
@@ -0,0 +1,77 @@
+# The path to the wolfssl directory must be set correctly for your environment.
+WOLFROOT = ../../../../wolfssl
+
+CFLAGS = $(EX_CFLAGS) -DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT) -Os
+ASFLAGS = -DWOLFSSL_USER_SETTINGS -I. -I$(WOLFROOT)
+
+OBJ=\
+	$(WOLFROOT)/wolfcrypt/src/ecc.o\
+	$(WOLFROOT)/wolfcrypt/src/sha256.o\
+	$(WOLFROOT)/wolfcrypt/src/hash.o\
+	$(WOLFROOT)/wolfcrypt/src/random.o\
+	$(WOLFROOT)/wolfcrypt/src/asn.o\
+	$(WOLFROOT)/wolfcrypt/src/wc_port.o\
+	$(WOLFROOT)/wolfcrypt/src/coding.o\
+	$(WOLFROOT)/wolfcrypt/src/memory.o\
+	$(WOLFROOT)/wolfcrypt/src/wolfmath.o\
+	$(WOLFROOT)/wolfcrypt/src/wc_encrypt.o\
+
+OBJ_SP_C32 := \
+	$(WOLFROOT)/wolfcrypt/src/sp_int.o\
+	$(WOLFROOT)/wolfcrypt/src/sp_c32.o\
+
+OBJ_SP_C64 := \
+	$(WOLFROOT)/wolfcrypt/src/sp_int.o\
+	$(WOLFROOT)/wolfcrypt/src/sp_c64.o\
+
+OBJ_SP_ARM64 := \
+	$(WOLFROOT)/wolfcrypt/src/sp_int.o\
+	$(WOLFROOT)/wolfcrypt/src/sp_arm64.o\
+
+OBJ_SP_X86_64 := \
+	$(WOLFROOT)/wolfcrypt/src/sp_int.o\
+	$(WOLFROOT)/wolfcrypt/src/cpuid.o\
+	$(WOLFROOT)/wolfcrypt/src/sp_x86_64.o\
+	$(WOLFROOT)/wolfcrypt/src/sp_x86_64_asm.o\
+
+OBJ_TFM := \
+	$(WOLFROOT)/wolfcrypt/src/tfm.o\
+
+.PHONY: all clean mem size bench
+
+ifeq ($(math) $(arch),sp x64)
+ASFLAGS+= -DSP_X86_64_FLAG
+CFLAGS += -DSP_X86_64_FLAG
+OBJ += $(OBJ_SP_X86_64)
+else ifeq ($(math) $(arch),sp arm64)
+CFLAGS += -DSP_ARM64_FLAG
+OBJ += $(OBJ_SP_ARM64)
+else ifeq ($(math) $(arch),sp c64)
+CFLAGS += -DSP_C64_FLAG
+OBJ += $(OBJ_SP_C64)
+else ifeq ($(math) $(arch),sp c32)
+CFLAGS += -DSP_C32_FLAG
+OBJ += $(OBJ_SP_C32)
+else ifeq ($(math), tfm)
+CFLAGS += -DTFM_FLAG
+OBJ += $(OBJ_TFM)
+else
+CFLAGS += -DSP_C64_FLAG
+OBJ += $(OBJ_SP_C64)
+endif
+
+all : ecc_sign_verify bench mem
+
+ecc_sign_verify: clean $(OBJ)
+	$(CC) $(CFLAGS) -o ecc_sign_verify ecc_sign_verify.c $(OBJ)
+
+bench: clean $(OBJ)
+	$(CC) $(CFLAGS) -DBENCHMARK -o ecc_sign_verify_bench ecc_sign_verify.c $(OBJ) -lpthread
+
+mem: clean $(OBJ)
+	$(CC) $(CFLAGS) -DDEBUG_MEMORY -o ecc_sign_verify_mem ecc_sign_verify.c $(OBJ) -lpthread
+clean:
+	rm -f ecc_sign_verify ecc_sign_verify_bench ecc_sign_verify_mem $(WOLFROOT)/wolfcrypt/src/*.o
+
+size :
+	size $(OBJ) ecc_sign_verify
diff --git a/embedded/signature/ecc_sign_verify/README.md b/embedded/signature/ecc_sign_verify/README.md
@@ -0,0 +1,133 @@
+# Signature Test Example
+
+Demonstrates using a hash digest to sign and verify a signature using ECC
+
+First, set the path to wolfssl directory to variable WOLFROOT in the Makefile.
+## Building
+
+### Build example
+
+```
+make
+```
+
+## Usage
+
+```
+./ecc_sign_verify
+Key size is 112, byteField = 14, maxSigSz = 44
+Successfully verified signature w/ ecc key size 112!
+Key size is 128, byteField = 16, maxSigSz = 48
+Successfully verified signature w/ ecc key size 128!
+Key size is 160, byteField = 20, maxSigSz = 56
+Successfully verified signature w/ ecc key size 160!
+Key size is 192, byteField = 24, maxSigSz = 64
+Successfully verified signature w/ ecc key size 192!
+Key size is 224, byteField = 28, maxSigSz = 72
+Successfully verified signature w/ ecc key size 224!
+Key size is 239, byteField = 36, maxSigSz = 88
+Successfully verified signature w/ ecc key size 239!
+Key size is 256, byteField = 32, maxSigSz = 80
+Successfully verified signature w/ ecc key size 256!
+Key size is 320, byteField = 40, maxSigSz = 96
+Successfully verified signature w/ ecc key size 320!
+Key size is 384, byteField = 48, maxSigSz = 112
+Successfully verified signature w/ ecc key size 384!
+Key size is 512, byteField = 64, maxSigSz = 144
+Successfully verified signature w/ ecc key size 512!
+Key size is 521, byteField = 66, maxSigSz = 148
+Successfully verified signature w/ ecc key size 521!
+```
+
+NOTE: Also an option to dump out the signatures. For more verbose output
+      uncomment define in example "SHOW_SIGS_IN_EXAMPLE"
+
+
+
+# Signature verification Benchmark
+
+You can generate benchmark program to compare the speed of signature verification between TFM and SP
+### SP
+Faster math library
+
+If you build for x86_64 system:
+```
+make bench math=sp arch=x64
+```
+else if Aarch64 system: 
+```
+make bench math=sp arch=arm64
+``` 
+then a benchmark program is generated.
+### TFM
+
+```
+make bench math=tfm
+```
+NOTE: When using TFM, No Architecture specification is required.
+
+## Example Output
+- built with the option `math=sp arch=arm64`
+```
+./ecc_sign_verify_bench
+---------------------------------------------------------------
+Enabled WOLFSSL_SP_ARM64
+---------------------------------------------------------------
+Running ECC Sign Verify Benchmarks...
+ECC Key Size 112       1275.78 Cycles/sec
+ECC Key Size 128       1351.68 Cycles/sec
+ECC Key Size 160       1368.65 Cycles/sec
+ECC Key Size 192       1382.20 Cycles/sec
+ECC Key Size 224       1385.06 Cycles/sec
+ECC Key Size 239       1401.38 Cycles/sec
+ECC Key Size 256      12830.67 Cycles/sec
+ECC Key Size 320        626.52 Cycles/sec
+ECC Key Size 384        634.85 Cycles/sec
+ECC Key Size 512        279.71 Cycles/sec
+ECC Key Size 521        279.15 Cycles/sec
+```
+
+# Tracking memory
+To see a stack and heap memory usage.
+
+```
+make mem
+```
+## Example Output
+```
+./ecc_sign_verify_mem
+Key size is 112, byteField = 14
+Successfully verified signature w/ ecc key size 112!
+Key size is 128, byteField = 16
+Successfully verified signature w/ ecc key size 128!
+Key size is 160, byteField = 20
+Successfully verified signature w/ ecc key size 160!
+Key size is 192, byteField = 24
+Successfully verified signature w/ ecc key size 192!
+Key size is 224, byteField = 28
+Successfully verified signature w/ ecc key size 224!
+Key size is 239, byteField = 30
+Successfully verified signature w/ ecc key size 239!
+Key size is 256, byteField = 32
+Successfully verified signature w/ ecc key size 256!
+Key size is 320, byteField = 40
+Successfully verified signature w/ ecc key size 320!
+Key size is 384, byteField = 48
+Successfully verified signature w/ ecc key size 384!
+Key size is 512, byteField = 64
+Successfully verified signature w/ ecc key size 512!
+Key size is 521, byteField = 66
+Successfully verified signature w/ ecc key size 521!
+
+total   Allocs   =       422
+total   Deallocs =       422
+total   Bytes    =    195047
+peak    Bytes    =      5557
+current Bytes    =         0
+stack used = 14448
+```
+
+
+Best wishes in all your testing!
+
+- The wolfSSL Team