Portability fixes with include < vs ". Added NO_SWAP_EXT to allow support for onboard flash swap sector. Added WOLFSSL_NO_CT_OPS for ECDSA verify only. Added WC_NO_DEFAULT_DEVID to help with code size reduction.

Author: dgarske

include/encrypt.h

@@ -27,25 +27,19 @@
 #if defined(__WOLFBOOT) || defined(UNIT_TEST)
 
 #include <stdint.h>
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/sha256.h>
+#include "wolfssl/wolfcrypt/settings.h"
+#include "wolfssl/wolfcrypt/sha256.h"
 
 #include "target.h"
 #include "wolfboot/wolfboot.h"
 
 #ifdef ENCRYPT_WITH_CHACHA
-#include <wolfssl/wolfcrypt/chacha.h>
+    #include "wolfssl/wolfcrypt/chacha.h"
 #else
-#include <wolfssl/wolfcrypt/aes.h>
-#endif
-#ifdef WOLF_CRYPTO_CB
-#include <wolfssl/wolfcrypt/cryptocb.h>
-#endif
-#ifdef WOLFSSL_RENESAS_TSIP
-#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
+    #include "wolfssl/wolfcrypt/aes.h"
 #endif
 
-#include <wolfssl/wolfcrypt/pwdbased.h>
+#include "wolfssl/wolfcrypt/pwdbased.h"
 
 #ifdef ENCRYPT_WITH_CHACHA
 

include/user_settings.h

@@ -113,12 +113,12 @@ extern int tolower(int c);
 #      define FREESCALE_LTC_TFM
 #   endif
 
-
     /* Some ECC options are disabled to reduce size */
 #   if !defined(WOLFCRYPT_SECURE_MODE)
 #       if !defined(WOLFBOOT_TPM)
 #          define NO_ECC_SIGN
 #          define NO_ECC_DHE
+#          define WOLFSSL_NO_CT_OPS /* don't use constant time ops in misc.c */
 #          if !defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT)
 #              define NO_ECC_EXPORT
 #              define NO_ECC_KEY_EXPORT
@@ -502,6 +502,7 @@ extern int tolower(int c);
     #define WOLF_CRYPTO_CB_ONLY_RSA
     #define WOLFSSL_NO_SW_MATH
     #define MAX_CRYPTO_DEVID_CALLBACKS 2
+    #define WC_NO_DEFAULT_DEVID
     #define WOLFSSL_AES_SMALL_TABLES
 
     #ifdef WOLFBOOT_RENESAS_TSIP

include/wolfboot/wolfboot.h

@@ -162,12 +162,22 @@ extern "C" {
 
 #if defined(__WOLFBOOT) || defined(UNIT_TEST_AUTH)
 
+#include "wolfssl/wolfcrypt/settings.h"
+#include "wolfssl/wolfcrypt/visibility.h"
+#include "wolfssl/wolfcrypt/wc_port.h"
+#include "wolfssl/wolfcrypt/types.h"
+
+#ifdef WOLFBOOT_RENESAS_TSIP
+    /* Include these before any algorithm headers */
+    #include "mcu/all/r_bsp_common.h"
+    #include "r_bsp_config.h"
+    #include "r_tsip_rx_if.h"
+    #include "wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h"
+#endif
+
+
 /* Hashing configuration */
 #if defined(WOLFBOOT_HASH_SHA256)
-    #include "wolfssl/wolfcrypt/settings.h"
-    #include "wolfssl/wolfcrypt/visibility.h"
-    #include "wolfssl/wolfcrypt/wc_port.h"
-    #include "wolfssl/wolfcrypt/types.h"
     #include "wolfssl/wolfcrypt/sha256.h"
 #   ifndef WOLFBOOT_SHA_BLOCK_SIZE
 #     define WOLFBOOT_SHA_BLOCK_SIZE (256)
@@ -183,10 +193,6 @@ extern "C" {
     typedef wc_Sha256 wolfBoot_hash_t;
 #   define HDR_HASH HDR_SHA256
 #elif defined(WOLFBOOT_HASH_SHA384)
-    #include "wolfssl/wolfcrypt/settings.h"
-    #include "wolfssl/wolfcrypt/visibility.h"
-    #include "wolfssl/wolfcrypt/wc_port.h"
-    #include "wolfssl/wolfcrypt/types.h"
     #include "wolfssl/wolfcrypt/sha512.h"
 #   ifndef WOLFBOOT_SHA_BLOCK_SIZE
 #     define WOLFBOOT_SHA_BLOCK_SIZE (256)
@@ -202,10 +208,6 @@ extern "C" {
     typedef wc_Sha384 wolfBoot_hash_t;
 #   define HDR_HASH HDR_SHA384
 #elif defined(WOLFBOOT_HASH_SHA3_384)
-    #include "wolfssl/wolfcrypt/settings.h"
-    #include "wolfssl/wolfcrypt/visibility.h"
-    #include "wolfssl/wolfcrypt/wc_port.h"
-    #include "wolfssl/wolfcrypt/types.h"
     #include "wolfssl/wolfcrypt/sha3.h"
 #   ifndef WOLFBOOT_SHA_BLOCK_SIZE
 #     define WOLFBOOT_SHA_BLOCK_SIZE (256)
@@ -235,7 +237,8 @@ extern "C" {
 
 #endif
 
-#if defined(__WOLFBOOT) || defined (__FLASH_OTP_PRIMER) || defined (UNIT_TEST_AUTH) || defined(WOLFBOOT_TPM)
+#if defined(__WOLFBOOT) || defined (__FLASH_OTP_PRIMER) || \
+    defined (UNIT_TEST_AUTH) || defined(WOLFBOOT_TPM)
 
  /* Authentication configuration */
  #if defined(WOLFBOOT_NO_SIGN)

options.mk

@@ -549,7 +549,10 @@ ifeq ($(ENCRYPT),1)
 endif
 
 ifeq ($(EXT_FLASH),1)
-  CFLAGS+= -D"EXT_FLASH=1" -D"PART_UPDATE_EXT=1" -D"PART_SWAP_EXT=1"
+  CFLAGS+= -D"EXT_FLASH=1" -D"PART_UPDATE_EXT=1"
+  ifeq ($(NO_SWAP_EXT),)
+    CFLAGS+= -D"PART_SWAP_EXT=1"
+  endif
   ifeq ($(NO_XIP),1)
     CFLAGS+=-D"PART_BOOT_EXT=1"
   endif

src/libwolfboot.c

@@ -1555,6 +1555,8 @@ int RAMFUNCTION chacha_init(void)
 Aes aes_dec, aes_enc;
 
 #if defined(WOLFBOOT_RENESAS_TSIP)
+    #include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h"
+
     /* Provides wrap_enc_key_t structure generated using
      * Renesas Security Key Management Tool. See docs/Renesas.md */
     #include "enckey_data.h"