kopia lustrzana https://github.com/solokeys/solo1
POC: add ed25519 support based on libsodium (PC) or salty (solo).
For now: - libsodium(-dev) is expected to be preinstalled on build system for PC buildpull/478/head
rodzic
398943d6c8
commit
fe24b9edd1
2
Makefile
2
Makefile
|
@ -22,7 +22,7 @@ ifeq ($(shell uname -s),Darwin)
|
|||
else
|
||||
export LDFLAGS = -Wl,--gc-sections
|
||||
endif
|
||||
LDFLAGS += $(LIBSOLO) $(LIBCBOR)
|
||||
LDFLAGS += $(LIBSOLO) $(LIBCBOR) -lsodium
|
||||
|
||||
|
||||
CFLAGS = -O2 -fdata-sections -ffunction-sections -g
|
||||
|
|
|
@ -13,10 +13,14 @@
|
|||
#define COSE_KEY_LABEL_X -2
|
||||
#define COSE_KEY_LABEL_Y -3
|
||||
|
||||
#define COSE_KEY_KTY_OKP 1
|
||||
#define COSE_KEY_KTY_EC2 2
|
||||
|
||||
#define COSE_KEY_CRV_P256 1
|
||||
#define COSE_KEY_CRV_ED25519 6
|
||||
|
||||
#define COSE_ALG_ES256 -7
|
||||
#define COSE_ALG_EDDSA -8
|
||||
#define COSE_ALG_ECDH_ES_HKDF_256 -25
|
||||
|
||||
#endif
|
||||
|
|
|
@ -31,6 +31,11 @@
|
|||
#include APP_CONFIG
|
||||
#include "log.h"
|
||||
|
||||
#if defined(STM32L432xx)
|
||||
#include "salty.h"
|
||||
#else
|
||||
#include <sodium/crypto_sign_ed25519.h>
|
||||
#endif
|
||||
|
||||
typedef enum
|
||||
{
|
||||
|
@ -358,5 +363,65 @@ void crypto_aes256_encrypt(uint8_t * buf, int length)
|
|||
AES_CBC_encrypt_buffer(&aes_ctx, buf, length);
|
||||
}
|
||||
|
||||
void crypto_ed25519_derive_public_key(uint8_t * data, int len, uint8_t * x)
|
||||
{
|
||||
#if defined(STM32L432xx)
|
||||
|
||||
uint8_t seed[salty_SECRETKEY_SEED_LENGTH];
|
||||
|
||||
generate_private_key(data, len, NULL, 0, seed);
|
||||
salty_public_key(seed, x);
|
||||
|
||||
#else
|
||||
|
||||
uint8_t seed[crypto_sign_ed25519_SEEDBYTES];
|
||||
uint8_t sk[crypto_sign_ed25519_SECRETKEYBYTES];
|
||||
|
||||
generate_private_key(data, len, NULL, 0, seed);
|
||||
crypto_sign_ed25519_seed_keypair(x, sk, seed);
|
||||
|
||||
#endif
|
||||
}
|
||||
|
||||
void crypto_ed25519_load_key(uint8_t * data, int len)
|
||||
{
|
||||
#if defined(STM32L432xx)
|
||||
|
||||
static uint8_t seed[salty_SECRETKEY_SEED_LENGTH];
|
||||
|
||||
generate_private_key(data, len, NULL, 0, seed);
|
||||
|
||||
_signing_key = seed;
|
||||
_key_len = salty_SECRETKEY_SEED_LENGTH;
|
||||
|
||||
#else
|
||||
|
||||
uint8_t seed[crypto_sign_ed25519_SEEDBYTES];
|
||||
uint8_t pk[crypto_sign_ed25519_PUBLICKEYBYTES];
|
||||
static uint8_t sk[crypto_sign_ed25519_SECRETKEYBYTES];
|
||||
|
||||
generate_private_key(data, len, NULL, 0, seed);
|
||||
crypto_sign_ed25519_seed_keypair(pk, sk, seed);
|
||||
|
||||
_signing_key = sk;
|
||||
_key_len = crypto_sign_ed25519_SECRETKEYBYTES;
|
||||
|
||||
#endif
|
||||
}
|
||||
|
||||
void crypto_ed25519_sign(uint8_t * data, int len, uint8_t * sig)
|
||||
{
|
||||
#if defined(STM32L432xx)
|
||||
|
||||
// TODO: check that correct load_key() had been called?
|
||||
salty_sign(_signing_key, data, len, sig);
|
||||
|
||||
#else
|
||||
|
||||
// TODO: check that correct load_key() had been called?
|
||||
crypto_sign_ed25519_detached(sig, NULL, data, len, _signing_key);
|
||||
|
||||
#endif
|
||||
}
|
||||
|
||||
#endif
|
||||
|
|
|
@ -31,6 +31,9 @@ void crypto_load_external_key(uint8_t * key, int len);
|
|||
void crypto_ecc256_sign(uint8_t * data, int len, uint8_t * sig);
|
||||
void crypto_ecdsa_sign(uint8_t * data, int len, uint8_t * sig, int MBEDTLS_ECP_ID);
|
||||
|
||||
void crypto_ed25519_derive_public_key(uint8_t * data, int len, uint8_t * x);
|
||||
void crypto_ed25519_sign(uint8_t * data1, int len1, uint8_t * sig);
|
||||
void crypto_ed25519_load_key(uint8_t * data, int len);
|
||||
|
||||
void generate_private_key(uint8_t * data, int len, uint8_t * data2, int len2, uint8_t * privkey);
|
||||
void crypto_ecc256_make_key_pair(uint8_t * pubkey, uint8_t * privkey);
|
||||
|
|
81
fido2/ctap.c
81
fido2/ctap.c
|
@ -41,13 +41,13 @@ struct _getAssertionState getAssertionState;
|
|||
// Generate a mask to keep the confidentiality of the "metadata" field in the credential ID.
|
||||
// Mask = hmac(device-secret, 14-random-bytes-in-credential-id)
|
||||
// Masked_output = Mask ^ metadata
|
||||
static void add_masked_metadata_for_credential(CredentialId * credential, uint32_t cred_protect){
|
||||
static void add_masked_metadata_for_credential(CredentialId * credential, uint32_t metadata){
|
||||
uint8_t mask[32];
|
||||
crypto_sha256_hmac_init(CRYPTO_TRANSPORT_KEY, 0, mask);
|
||||
crypto_sha256_update(credential->entropy.nonce, CREDENTIAL_NONCE_SIZE - 4);
|
||||
crypto_sha256_hmac_final(CRYPTO_TRANSPORT_KEY,0, mask);
|
||||
|
||||
credential->entropy.metadata.value = *((uint32_t*)mask) ^ cred_protect;
|
||||
credential->entropy.metadata.value = *((uint32_t*)mask) ^ metadata;
|
||||
}
|
||||
|
||||
static uint32_t read_metadata_from_masked_credential(CredentialId * credential){
|
||||
|
@ -59,11 +59,29 @@ static uint32_t read_metadata_from_masked_credential(CredentialId * credential){
|
|||
return credential->entropy.metadata.value ^ *((uint32_t*)mask);
|
||||
}
|
||||
|
||||
|
||||
|
||||
uint8_t check_credential_metadata(CredentialId * credential, uint8_t is_verified, uint8_t is_from_credid_list)
|
||||
static uint32_t read_cred_protect_from_masked_credential(CredentialId * credential)
|
||||
{
|
||||
uint32_t cred_protect = read_metadata_from_masked_credential(credential);
|
||||
return read_metadata_from_masked_credential(credential) & 0xffffU;
|
||||
}
|
||||
|
||||
static int32_t read_cose_alg_from_masked_credential(CredentialId * credential)
|
||||
{
|
||||
uint8_t alg = (read_metadata_from_masked_credential(credential) >> 16) & 0xffU;
|
||||
|
||||
switch (alg)
|
||||
{
|
||||
default: // what else?
|
||||
case CREDID_ALG_ES256:
|
||||
return COSE_ALG_ES256;
|
||||
case CREDID_ALG_EDDSA:
|
||||
return COSE_ALG_EDDSA;
|
||||
}
|
||||
}
|
||||
|
||||
static uint8_t check_credential_metadata(CredentialId * credential, uint8_t is_verified, uint8_t is_from_credid_list)
|
||||
{
|
||||
uint32_t cred_protect = read_cred_protect_from_masked_credential(credential);
|
||||
|
||||
switch (cred_protect){
|
||||
case EXT_CRED_PROTECT_OPTIONAL_WITH_CREDID:
|
||||
if (!is_from_credid_list) {
|
||||
|
@ -80,6 +98,7 @@ uint8_t check_credential_metadata(CredentialId * credential, uint8_t is_verified
|
|||
}
|
||||
break;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -271,14 +290,14 @@ static int ctap_add_cose_key(CborEncoder * cose_key, uint8_t * x, uint8_t * y, u
|
|||
int ret;
|
||||
CborEncoder map;
|
||||
|
||||
ret = cbor_encoder_create_map(cose_key, &map, 5);
|
||||
ret = cbor_encoder_create_map(cose_key, &map, algtype != COSE_ALG_EDDSA? 5 : 4);
|
||||
check_ret(ret);
|
||||
|
||||
|
||||
{
|
||||
ret = cbor_encode_int(&map, COSE_KEY_LABEL_KTY);
|
||||
check_ret(ret);
|
||||
ret = cbor_encode_int(&map, COSE_KEY_KTY_EC2);
|
||||
ret = cbor_encode_int(&map, algtype != COSE_ALG_EDDSA? COSE_KEY_KTY_EC2 : COSE_KEY_KTY_OKP);
|
||||
check_ret(ret);
|
||||
}
|
||||
|
||||
|
@ -292,7 +311,7 @@ static int ctap_add_cose_key(CborEncoder * cose_key, uint8_t * x, uint8_t * y, u
|
|||
{
|
||||
ret = cbor_encode_int(&map, COSE_KEY_LABEL_CRV);
|
||||
check_ret(ret);
|
||||
ret = cbor_encode_int(&map, COSE_KEY_CRV_P256);
|
||||
ret = cbor_encode_int(&map, algtype != COSE_ALG_EDDSA? COSE_KEY_CRV_P256: COSE_KEY_CRV_ED25519);
|
||||
check_ret(ret);
|
||||
}
|
||||
|
||||
|
@ -304,6 +323,7 @@ static int ctap_add_cose_key(CborEncoder * cose_key, uint8_t * x, uint8_t * y, u
|
|||
check_ret(ret);
|
||||
}
|
||||
|
||||
if (algtype != COSE_ALG_EDDSA)
|
||||
{
|
||||
ret = cbor_encode_int(&map, COSE_KEY_LABEL_Y);
|
||||
check_ret(ret);
|
||||
|
@ -332,6 +352,11 @@ static int ctap_generate_cose_key(CborEncoder * cose_key, uint8_t * hmac_input,
|
|||
crypto_ecc256_derive_public_key(hmac_input, len, x, y);
|
||||
if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_IDLE);
|
||||
break;
|
||||
case COSE_ALG_EDDSA:
|
||||
if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_FAST);
|
||||
crypto_ed25519_derive_public_key(hmac_input, len, x);
|
||||
if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_IDLE);
|
||||
break;
|
||||
default:
|
||||
printf2(TAG_ERR,"Error, COSE alg %d not supported\n", algtype);
|
||||
return -1;
|
||||
|
@ -648,7 +673,9 @@ static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * au
|
|||
memset((uint8_t*)&authData->attest.id, 0, sizeof(CredentialId));
|
||||
|
||||
ctap_generate_rng(authData->attest.id.entropy.nonce, CREDENTIAL_NONCE_SIZE);
|
||||
add_masked_metadata_for_credential(&authData->attest.id, extensions->cred_protect);
|
||||
|
||||
uint8_t alg = credInfo->COSEAlgorithmIdentifier == COSE_ALG_EDDSA? CREDID_ALG_EDDSA : CREDID_ALG_ES256;
|
||||
add_masked_metadata_for_credential(&authData->attest.id, extensions->cred_protect | (alg << 16));
|
||||
|
||||
authData->attest.id.count = count;
|
||||
|
||||
|
@ -755,15 +782,24 @@ int ctap_encode_der_sig(const uint8_t * const in_sigbuf, uint8_t * const out_sig
|
|||
}
|
||||
|
||||
// require load_key prior to this
|
||||
// @data data to hash before signature
|
||||
// @data data to hash before signature, MUST have room to append clientDataHash for ED25519
|
||||
// @clientDataHash for signature
|
||||
// @tmp buffer for hash. (can be same as data if data >= 32 bytes)
|
||||
// @sigbuf OUT location to deposit signature (must be 64 bytes)
|
||||
// @sigder OUT location to deposit der signature (must be 72 bytes)
|
||||
// @return length of der signature
|
||||
int ctap_calculate_signature(uint8_t * data, int datalen, uint8_t * clientDataHash, uint8_t * hashbuf, uint8_t * sigbuf, uint8_t * sigder)
|
||||
int ctap_calculate_signature(uint8_t * data, int datalen, uint8_t * clientDataHash, uint8_t * hashbuf, uint8_t * sigbuf, uint8_t * sigder, int32_t alg)
|
||||
{
|
||||
// calculate attestation sig
|
||||
if (alg == COSE_ALG_EDDSA)
|
||||
{
|
||||
// ED25519 signing needs message in one chunk
|
||||
memmove(data + datalen, clientDataHash, CLIENT_DATA_HASH_SIZE);
|
||||
crypto_ed25519_sign(data, datalen + CLIENT_DATA_HASH_SIZE, sigder); // not DER, just plain binary!
|
||||
return 64;
|
||||
}
|
||||
else
|
||||
{
|
||||
crypto_sha256_init();
|
||||
crypto_sha256_update(data, datalen);
|
||||
crypto_sha256_update(clientDataHash, CLIENT_DATA_HASH_SIZE);
|
||||
|
@ -771,6 +807,7 @@ int ctap_calculate_signature(uint8_t * data, int datalen, uint8_t * clientDataHa
|
|||
|
||||
crypto_ecc256_sign(hashbuf, 32, sigbuf);
|
||||
return ctap_encode_der_sig(sigbuf,sigder);
|
||||
}
|
||||
}
|
||||
|
||||
uint8_t ctap_add_attest_statement(CborEncoder * map, uint8_t * sigder, int len)
|
||||
|
@ -866,7 +903,7 @@ uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int lengt
|
|||
CTAP_makeCredential MC;
|
||||
int ret;
|
||||
unsigned int i;
|
||||
uint8_t auth_data_buf[310];
|
||||
uint8_t auth_data_buf[310 + CLIENT_DATA_HASH_SIZE];
|
||||
CTAP_credentialDescriptor * excl_cred = (CTAP_credentialDescriptor *) auth_data_buf;
|
||||
uint8_t * sigbuf = auth_data_buf + 32;
|
||||
uint8_t * sigder = auth_data_buf + 32 + 64;
|
||||
|
@ -975,7 +1012,7 @@ uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int lengt
|
|||
}
|
||||
|
||||
crypto_ecc256_load_attestation_key();
|
||||
int sigder_sz = ctap_calculate_signature(auth_data_buf, auth_data_sz, MC.clientDataHash, auth_data_buf, sigbuf, sigder);
|
||||
int sigder_sz = ctap_calculate_signature(auth_data_buf, auth_data_sz, MC.clientDataHash, auth_data_buf, sigbuf, sigder, COSE_ALG_ES256);
|
||||
printf1(TAG_MC,"der sig [%d]: ", sigder_sz); dump_hex1(TAG_MC, sigder, sigder_sz);
|
||||
|
||||
ret = ctap_add_attest_statement(&map, sigder, sigder_sz);
|
||||
|
@ -1258,7 +1295,15 @@ uint8_t ctap_end_get_assertion(CborEncoder * map, CTAP_credentialDescriptor * cr
|
|||
}
|
||||
|
||||
unsigned int cred_size = get_credential_id_size(cred->type);
|
||||
int32_t cose_alg = read_cose_alg_from_masked_credential(&cred->credential.id);
|
||||
if (cose_alg == COSE_ALG_EDDSA)
|
||||
{
|
||||
crypto_ed25519_load_key((uint8_t*)&cred->credential.id, cred_size);
|
||||
}
|
||||
else
|
||||
{
|
||||
crypto_ecc256_load_key((uint8_t*)&cred->credential.id, cred_size, NULL, 0);
|
||||
}
|
||||
|
||||
#ifdef ENABLE_U2F_EXTENSIONS
|
||||
if ( extend_fido2(&cred->credential.id, sigder) )
|
||||
|
@ -1268,9 +1313,11 @@ uint8_t ctap_end_get_assertion(CborEncoder * map, CTAP_credentialDescriptor * cr
|
|||
else
|
||||
#endif
|
||||
{
|
||||
sigder_sz = ctap_calculate_signature(auth_data_buf, auth_data_buf_sz, clientDataHash, auth_data_buf, sigbuf, sigder);
|
||||
sigder_sz = ctap_calculate_signature(auth_data_buf, auth_data_buf_sz, clientDataHash, auth_data_buf, sigbuf, sigder, cose_alg);
|
||||
}
|
||||
|
||||
printf1(TAG_GREEN, "sigder_sz = %d\n", sigder_sz);
|
||||
|
||||
{
|
||||
ret = cbor_encode_int(map, RESP_signature); // 3
|
||||
check_ret(ret);
|
||||
|
@ -1434,6 +1481,8 @@ uint8_t ctap_cred_rk(CborEncoder * encoder, int rk_ind, int rk_count)
|
|||
cred_protect = EXT_CRED_PROTECT_OPTIONAL;
|
||||
}
|
||||
|
||||
int32_t cose_alg = read_cose_alg_from_masked_credential(&rk.id);
|
||||
|
||||
CborEncoder map;
|
||||
size_t map_size = rk_count > 0 ? 5 : 4;
|
||||
int ret = cbor_encoder_create_map(encoder, &map, map_size);
|
||||
|
@ -1456,7 +1505,7 @@ uint8_t ctap_cred_rk(CborEncoder * encoder, int rk_ind, int rk_count)
|
|||
ret = cbor_encode_int(&map, 8);
|
||||
check_ret(ret);
|
||||
{
|
||||
ctap_generate_cose_key(&map, (uint8_t*)&rk.id, sizeof(CredentialId), PUB_KEY_CRED_PUB_KEY, COSE_ALG_ES256);
|
||||
ctap_generate_cose_key(&map, (uint8_t*)&rk.id, sizeof(CredentialId), PUB_KEY_CRED_PUB_KEY, cose_alg);
|
||||
}
|
||||
|
||||
if (rk_count > 0)
|
||||
|
|
|
@ -78,6 +78,9 @@
|
|||
#define EXT_CRED_PROTECT_OPTIONAL_WITH_CREDID 0x02
|
||||
#define EXT_CRED_PROTECT_REQUIRED 0x03
|
||||
|
||||
#define CREDID_ALG_ES256 0x0
|
||||
#define CREDID_ALG_EDDSA 0x1
|
||||
|
||||
#define RESP_versions 0x1
|
||||
#define RESP_extensions 0x2
|
||||
#define RESP_aaguid 0x3
|
||||
|
@ -357,10 +360,10 @@ typedef struct
|
|||
|
||||
|
||||
struct _getAssertionState {
|
||||
// Room for both authData struct and extensions
|
||||
// Room for both authData struct and extensions + clientDataHash for efficient ED25519 signature generation
|
||||
struct {
|
||||
CTAP_authDataHeader authData;
|
||||
uint8_t extensions[80];
|
||||
uint8_t extensions[80 + CLIENT_DATA_HASH_SIZE];
|
||||
} __attribute__((packed)) buf;
|
||||
CTAP_extensions extensions;
|
||||
uint8_t clientDataHash[CLIENT_DATA_HASH_SIZE];
|
||||
|
|
|
@ -256,7 +256,7 @@ static int pub_key_cred_param_supported(uint8_t cred, int32_t alg)
|
|||
{
|
||||
if (cred == PUB_KEY_CRED_PUB_KEY)
|
||||
{
|
||||
if (alg == COSE_ALG_ES256)
|
||||
if (alg == COSE_ALG_ES256 || alg == COSE_ALG_EDDSA)
|
||||
{
|
||||
return CREDENTIAL_IS_SUPPORTED;
|
||||
}
|
||||
|
|
|
@ -2,11 +2,13 @@
|
|||
version=$1
|
||||
|
||||
export PREFIX=/opt/gcc-arm-none-eabi-8-2019-q3-update/bin/
|
||||
source ${CARGO_HOME}/env
|
||||
|
||||
cd /solo/targets/stm32l432
|
||||
ls
|
||||
|
||||
make cbor
|
||||
make salty
|
||||
|
||||
out_dir="/builds"
|
||||
|
||||
|
|
|
@ -8,7 +8,7 @@ BOOTMAKE=build/bootloader.mk VERSION_FULL=${VERSION_FULL}
|
|||
|
||||
merge_hex=solo mergehex
|
||||
|
||||
.PHONY: all all-hacker all-locked debugboot-app debugboot-boot boot-sig-checking boot-no-sig build-release-locked build-release build-release build-hacker build-debugboot clean clean2 flash flash_dfu flashboot detach cbor test
|
||||
.PHONY: all all-hacker all-locked debugboot-app debugboot-boot boot-sig-checking boot-no-sig build-release-locked build-release build-release build-hacker build-debugboot clean clean2 flash flash_dfu flashboot detach cbor salty test
|
||||
|
||||
|
||||
# The following are the main targets for reproducible builds.
|
||||
|
@ -55,13 +55,13 @@ boot-sig-checking:
|
|||
boot-no-sig:
|
||||
$(MAKE) -f $(BOOTMAKE) -j8 bootloader.hex PREFIX=$(PREFIX) EXTRA_DEFINES='-DSOLO_HACKER' DEBUG=0
|
||||
|
||||
build-release-locked: cbor clean2 boot-sig-checking clean all-locked
|
||||
build-release-locked: salty cbor clean2 boot-sig-checking clean all-locked
|
||||
$(VENV) $(merge_hex) solo.hex bootloader.hex all.hex
|
||||
|
||||
build-release: cbor clean2 boot-sig-checking clean all
|
||||
build-release: salty cbor clean2 boot-sig-checking clean all
|
||||
$(VENV) $(merge_hex) solo.hex bootloader.hex all.hex
|
||||
|
||||
build-hacker: cbor clean2 boot-no-sig clean all-hacker
|
||||
build-hacker: salty cbor clean2 boot-no-sig clean all-hacker
|
||||
$(VENV) $(merge_hex) solo.hex bootloader.hex all.hex
|
||||
|
||||
build-debugboot: clean2 debugboot-boot clean debugboot-app
|
||||
|
@ -107,6 +107,9 @@ solo.hex:
|
|||
cbor:
|
||||
$(MAKE) -f $(APPMAKE) -j8 cbor
|
||||
|
||||
salty:
|
||||
$(MAKE) -f $(APPMAKE) -j8 salty
|
||||
|
||||
test:
|
||||
$(MAKE) build-release-locked
|
||||
$(MAKE) build-release
|
||||
|
|
|
@ -24,12 +24,13 @@ OBJ=$(OBJ1:.s=.o)
|
|||
|
||||
INC = -Isrc/ -Isrc/cmsis/ -Ilib/ -Ilib/usbd/
|
||||
|
||||
INC+= -I../../fido2/ -I../../fido2/extensions
|
||||
INC += -I../../fido2/ -I../../fido2/extensions
|
||||
INC += -I../../tinycbor/src -I../../crypto/sha256 -I../../crypto/micro-ecc
|
||||
INC += -I../../crypto/tiny-AES-c
|
||||
INC += -I../../crypto/cifra/src -I../../crypto/cifra/src/ext
|
||||
INC += -I../../crypto/salty/c-api
|
||||
|
||||
SEARCH=-L../../tinycbor/lib
|
||||
SEARCH=-L../../tinycbor/lib -L../../crypto/salty/c-api
|
||||
|
||||
ifndef LDSCRIPT
|
||||
LDSCRIPT=linker/stm32l4xx.ld
|
||||
|
@ -52,7 +53,7 @@ DEFINES = -DDEBUG_LEVEL=$(DEBUG) -D$(CHIP) -DAES256=1 -DUSE_FULL_LL_DRIVER -DAP
|
|||
CFLAGS=$(INC) -c $(DEFINES) -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -fdata-sections -ffunction-sections \
|
||||
-fomit-frame-pointer $(HW) -g $(VERSION_FLAGS)
|
||||
LDFLAGS_LIB=$(HW) $(SEARCH) -specs=nano.specs -specs=nosys.specs -Wl,--gc-sections -lnosys
|
||||
LDFLAGS=$(HW) $(LDFLAGS_LIB) -T$(LDSCRIPT) -Wl,-Map=$(TARGET).map,--cref -Wl,-Bstatic -ltinycbor
|
||||
LDFLAGS=$(HW) $(LDFLAGS_LIB) -T$(LDSCRIPT) -Wl,-Map=$(TARGET).map,--cref -Wl,-Bstatic -ltinycbor -lsalty
|
||||
|
||||
ECC_CFLAGS = $(CFLAGS) -DuECC_PLATFORM=5 -DuECC_OPTIMIZATION_LEVEL=4 -DuECC_SQUARE_FUNC=1 -DuECC_SUPPORT_COMPRESSED_POINT=0
|
||||
|
||||
|
|
|
@ -25,6 +25,7 @@ INC = -Ibootloader/ -Isrc/ -Isrc/cmsis/ -Ilib/ -Ilib/usbd/ -I../../fido2/ -I../.
|
|||
INC += -I../../tinycbor/src -I../../crypto/sha256 -I../../crypto/micro-ecc
|
||||
INC += -I../../crypto/tiny-AES-c
|
||||
INC += -I../../crypto/cifra/src -I../../crypto/cifra/src/ext
|
||||
INC += -I../../crypto/salty/c-api
|
||||
|
||||
ifndef LDSCRIPT
|
||||
LDSCRIPT=linker/bootloader_stm32l4xx.ld
|
||||
|
|
Ładowanie…
Reference in New Issue