feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fix for STM32 PKA with coefSign for non 256-bit curves. Don't check point for STM PKA. ZD14928

Browse Source
This commit is contained in:
David Garske
2022-10-20 11:41:47 -07:00
parent 2d19f00dd5
commit 0c79ca1de1
4 changed files with 43 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
IDE/STM32Cube/default_conf.ftl
View File

@ -197,16 +197,18 @@ extern ${variable.value} ${variable.name};
* 6=Single Precision C all small * 6=Single Precision C all small
* 7=Single Precision C all big * 7=Single Precision C all big
*/ */
#if defined(WOLF_CONF_MATH) && WOLF_CONF_MATH != 2 #if defined(WOLF_CONF_MATH) && WOLF_CONF_MATH == 1
/* fast (stack) math */ /* fast (stack) math - tfm.c */
#define USE_FAST_MATH #define USE_FAST_MATH
#define TFM_TIMING_RESISTANT #define TFM_TIMING_RESISTANT
/* Optimizations (TFM_ARM, TFM_ASM or none) */ /* Optimizations (TFM_ARM, TFM_ASM or none) */
//#define TFM_NO_ASM //#define TFM_NO_ASM
//#define TFM_ASM //#define TFM_ASM
#endif #elif defined(WOLF_CONF_MATH) && WOLF_CONF_MATH == 2
#if defined(WOLF_CONF_MATH) && (WOLF_CONF_MATH >= 3) /* heap math - integer.c */
#define USE_INTEGER_HEAP_MATH
#elif defined(WOLF_CONF_MATH) && (WOLF_CONF_MATH >= 3)
/* single precision only */ /* single precision only */
#define WOLFSSL_SP #define WOLFSSL_SP
#if WOLF_CONF_MATH != 7 #if WOLF_CONF_MATH != 7
@ -405,7 +407,7 @@ extern ${variable.value} ${variable.name};
#define HAVE_AES_DECRYPT #define HAVE_AES_DECRYPT
#endif #endif
/* Other possible AES modes */ /* Other possible AES modes */
//#define WOLFSSL_AES_COUNTER //#define WOLFSSL_AES_COUNTER
//#define HAVE_AESCCM //#define HAVE_AESCCM
//#define WOLFSSL_AES_XTS //#define WOLFSSL_AES_XTS

2
wolfcrypt/src/aes.c
View File

@ -8080,7 +8080,7 @@ static WARN_UNUSED_RESULT int wc_AesGcmDecrypt_STM32(
XMEMSET(partialBlock, 0, sizeof(partialBlock)); XMEMSET(partialBlock, 0, sizeof(partialBlock));
XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial); XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial);
status = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)partialBlock, partial, status = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)partialBlock, partial,
( uint32_t*)partialBlock, STM32_HAL_TIMEOUT); (uint32_t*)partialBlock, STM32_HAL_TIMEOUT);
XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial); XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial);
} }
#endif #endif

9
wolfcrypt/src/ecc.c
View File

@ -1266,7 +1266,8 @@ static int wc_ecc_export_x963_compressed(ecc_key* key, byte* out, word32* outLen
#if !defined(WOLFSSL_SP_MATH) && \ #if !defined(WOLFSSL_SP_MATH) && \
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \ !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
!defined(WOLFSSL_SE050) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) !defined(WOLFSSL_SE050) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \
!defined(WOLFSSL_STM32_PKA)
static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a, static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a,
mp_int* prime, mp_int* order); mp_int* prime, mp_int* order);
#endif #endif
@ -9107,7 +9108,7 @@ int wc_ecc_export_x963_ex(ecc_key* key, byte* out, word32* outLen,
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050) && \ !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC) !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WOLFSSL_STM32_PKA)
/* is ecc point on curve described by dp ? */ /* is ecc point on curve described by dp ? */
int wc_ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime) int wc_ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime)
@ -9592,7 +9593,7 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv)
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \ !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
!defined(WOLFSSL_SE050) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \ !defined(WOLFSSL_SE050) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC) !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WOLFSSL_STM32_PKA)
mp_int* b = NULL; mp_int* b = NULL;
#ifdef USE_ECC_B_PARAM #ifdef USE_ECC_B_PARAM
DECLARE_CURVE_SPECS(4); DECLARE_CURVE_SPECS(4);
@ -9642,7 +9643,7 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv)
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \ #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_CRYPTOCELL) || defined(WOLFSSL_SILABS_SE_ACCEL) || \ defined(WOLFSSL_CRYPTOCELL) || defined(WOLFSSL_SILABS_SE_ACCEL) || \
defined(WOLFSSL_SE050) || defined(WOLF_CRYPTO_CB_ONLY_ECC) || \ defined(WOLFSSL_SE050) || defined(WOLF_CRYPTO_CB_ONLY_ECC) || \
defined(WOLFSSL_XILINX_CRYPT_VERSAL) defined(WOLFSSL_XILINX_CRYPT_VERSAL) || defined(WOLFSSL_STM32_PKA)
/* consider key check success on HW crypto /* consider key check success on HW crypto
* ex: ATECC508/608A, CryptoCell and Silabs * ex: ATECC508/608A, CryptoCell and Silabs

54
wolfcrypt/src/port/st/stm32.c
View File

@ -732,46 +732,48 @@ static int stm32_get_ecc_specs(const uint8_t **prime, const uint8_t **coef,
const uint8_t **GenPointX, const uint8_t **GenPointY, const uint8_t **order, const uint8_t **GenPointX, const uint8_t **GenPointY, const uint8_t **order,
int size) int size)
{ {
switch(size) { switch (size) {
#ifdef ECC256
case 32: case 32:
*prime = stm32_ecc256_prime; if (prime) *prime = stm32_ecc256_prime;
*coef = stm32_ecc256_coef; if (coef) *coef = stm32_ecc256_coef;
if (coefB) *coefB = stm32_ecc256_coefB; if (coefB) *coefB = stm32_ecc256_coefB;
*GenPointX = stm32_ecc256_pointX; if (GenPointX) *GenPointX = stm32_ecc256_pointX;
*GenPointY = stm32_ecc256_pointY; if (GenPointY) *GenPointY = stm32_ecc256_pointY;
*coef_sign = &stm32_ecc256_coef_sign; if (coef_sign) *coef_sign = &stm32_ecc256_coef_sign;
if (order) *order = stm32_ecc256_order; if (order) *order = stm32_ecc256_order;
break; break;
#endif
#ifdef ECC224 #ifdef ECC224
case 28: case 28:
*prime = stm32_ecc224_prime; if (prime) *prime = stm32_ecc224_prime;
*coef = stm32_ecc224_coef; if (coef) *coef = stm32_ecc224_coef;
if (coefB) *coefB = stm32_ecc224_coefB; if (coefB) *coefB = stm32_ecc224_coefB;
*GenPointX = stm32_ecc224_pointX; if (GenPointX) *GenPointX = stm32_ecc224_pointX;
*GenPointY = stm32_ecc224_pointY; if (GenPointY) *GenPointY = stm32_ecc224_pointY;
*coef_sign = &stm32_ecc224_coef; if (coef_sign) *coef_sign = &stm32_ecc224_coef_sign;
if (order) *order = stm32_ecc224_order; if (order) *order = stm32_ecc224_order;
break; break;
#endif #endif
#ifdef ECC192 #ifdef ECC192
case 24: case 24:
*prime = stm32_ecc192_prime; if (prime) *prime = stm32_ecc192_prime;
*coef = stm32_ecc192_coef; if (coef) *coef = stm32_ecc192_coef;
if (coefB) *coefB = stm32_ecc192_coefB; if (coefB) *coefB = stm32_ecc192_coefB;
*GenPointX = stm32_ecc192_pointX; if (GenPointX) *GenPointX = stm32_ecc192_pointX;
*GenPointY = stm32_ecc192_pointY; if (GenPointY) *GenPointY = stm32_ecc192_pointY;
*coef_sign = &stm32_ecc192_coef; if (coef_sign) *coef_sign = &stm32_ecc192_coef_sign;
if (order) *order = stm32_ecc192_order; if (order) *order = stm32_ecc192_order;
break; break;
#endif #endif
#ifdef ECC384 #ifdef ECC384
case 48: case 48:
*prime = stm32_ecc384_prime; if (prime) *prime = stm32_ecc384_prime;
*coef = stm32_ecc384_coef; if (coef) *coef = stm32_ecc384_coef;
if (coefB) *coefB = stm32_ecc384_coefB; if (coefB) *coefB = stm32_ecc384_coefB;
*GenPointX = stm32_ecc384_pointX; if (GenPointX) *GenPointX = stm32_ecc384_pointX;
*GenPointY = stm32_ecc384_pointY; if (GenPointY) *GenPointY = stm32_ecc384_pointY;
*coef_sign = &stm32_ecc384_coef; if (coef_sign) *coef_sign = &stm32_ecc384_coef_sign;
if (order) *order = stm32_ecc384_order; if (order) *order = stm32_ecc384_order;
break; break;
#endif #endif
@ -809,8 +811,7 @@ int wc_ecc_mulmod_ex(const mp_int *k, ecc_point *G, ecc_point *R, mp_int* a,
uint8_t PtYbin[STM32_MAX_ECC_SIZE]; uint8_t PtYbin[STM32_MAX_ECC_SIZE];
const uint8_t *prime, *coef, *coefB, *gen_x, *gen_y, *order; const uint8_t *prime, *coef, *coefB, *gen_x, *gen_y, *order;
const uint32_t *coef_sign; const uint32_t *coef_sign;
(void)a;
(void)heap;
XMEMSET(&pka_mul, 0x00, sizeof(PKA_ECCMulInTypeDef)); XMEMSET(&pka_mul, 0x00, sizeof(PKA_ECCMulInTypeDef));
XMEMSET(&pka_mul_res, 0x00, sizeof(PKA_ECCMulOutTypeDef)); XMEMSET(&pka_mul_res, 0x00, sizeof(PKA_ECCMulOutTypeDef));
pka_mul_res.ptX = PtXbin; pka_mul_res.ptX = PtXbin;
@ -845,7 +846,7 @@ int wc_ecc_mulmod_ex(const mp_int *k, ecc_point *G, ecc_point *R, mp_int* a,
pka_mul.modulus = prime; pka_mul.modulus = prime;
pka_mul.pointX = Gxbin; pka_mul.pointX = Gxbin;
pka_mul.pointY = Gybin; pka_mul.pointY = Gybin;
pka_mul.scalarMulSize = size; pka_mul.scalarMulSize = szkbin;
pka_mul.scalarMul = kbin; pka_mul.scalarMul = kbin;
#ifdef WOLFSSL_STM32_PKA_V2 #ifdef WOLFSSL_STM32_PKA_V2
pka_mul.coefB = coefB; pka_mul.coefB = coefB;
@ -857,6 +858,7 @@ int wc_ecc_mulmod_ex(const mp_int *k, ecc_point *G, ecc_point *R, mp_int* a,
status = HAL_PKA_ECCMul(&hpka, &pka_mul, HAL_MAX_DELAY); status = HAL_PKA_ECCMul(&hpka, &pka_mul, HAL_MAX_DELAY);
if (status != HAL_OK) { if (status != HAL_OK) {
HAL_PKA_RAMReset(&hpka);
return WC_HW_E; return WC_HW_E;
} }
pka_mul_res.ptX = Gxbin; pka_mul_res.ptX = Gxbin;
@ -875,6 +877,10 @@ int wc_ecc_mulmod_ex(const mp_int *k, ecc_point *G, ecc_point *R, mp_int* a,
if (res == MP_OKAY) if (res == MP_OKAY)
res = mp_set(R->z, 1); res = mp_set(R->z, 1);
HAL_PKA_RAMReset(&hpka); HAL_PKA_RAMReset(&hpka);
(void)heap;
(void)a; /* uses computed (absolute value, |a| < p) */
return res; return res;
} }