feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #5722 from dgarske/stm32

Browse Source
This commit is contained in:
Hayden Roche
2022-11-04 13:32:11 -07:00
committed by GitHub
parent 7cc2336af7 f610df59a9
commit 1ce5951f0d
7 changed files with 248 additions and 185 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
IDE/STM32Cube/README.md
View File

@ -111,35 +111,32 @@ To enable the latest Cube HAL support please define `STM32_HAL_V2`.
If you'd like to use the older Standard Peripheral library undefine `WOLFSSL_STM32_CUBEMX`. If you'd like to use the older Standard Peripheral library undefine `WOLFSSL_STM32_CUBEMX`.
With STM32 Cube HAL v2 some AES GCM hardware has a limitation for the AAD header, which must be a multiple of 4 bytes. With STM32 Cube HAL v2 some AES GCM hardware has a limitation for the AAD header, which must be a multiple of 4 bytes. If your HAL does not support `CRYP_HEADERWIDTHUNIT_BYTE` then consider adding `STM32_AESGCM_PARTIAL` if you are getting AES GCM authentication failures. This bug existed in v1.16.0 or later.
If using `STM32_AESGCM_PARTIAL` with the following patch it will enable use for all AAD header sizes. The `STM32Cube_FW_F7_V1.16.0` patch is: The STM32F7 v1.17.0 pack has a bug in the AES GCM code for handling of additional authentication data when not a multiple of 4 bytes. To patch see `stm32f7xx_hal_cryp.c` -> `CRYP_GCMCCM_SetHeaderPhase`:
```diff ```diff
diff --git a/Drivers/STM32F7xx_HAL_Driver/Inc/stm32f7xx_hal_cryp.h b/Drivers/STM32F7xx_HAL_Driver/Inc/stm32f7xx_hal_cryp.h diff --git a/stm32f7xx_hal_cryp.c b/stm32f7xx_hal_cryp.c
--- a/Drivers/STM32F7xx_HAL_Driver/Inc/stm32f7xx_hal_cryp.h index 2ae42d0..9666f26 100644
+++ b/Drivers/STM32F7xx_HAL_Driver/Inc/stm32f7xx_hal_cryp.h --- a/stm32f7xx_hal_cryp.c
@@ -63,6 +63,7 @@ typedef struct +++ b/stm32f7xx_hal_cryp.c
GCM : also known as Additional Authentication Data @@ -5600,7 +5600,6 @@ static HAL_StatusTypeDef CRYP_GCMCCM_SetHeaderPhase(CRYP_HandleTypeDef *hcryp, u
CCM : named B1 composed of the associated data length and Associated Data. */ uint32_t size_in_bytes;
uint32_t HeaderSize; /*!< The size of header buffer in word */ uint32_t tmp;
+ uint32_t HeaderPadSize; /*!< <PATCH> The size of padding in bytes added to actual header data to pad it to a multiple of 32 bits </PATCH> */ uint32_t mask[12] = {0x0U, 0xFF000000U, 0xFFFF0000U, 0xFFFFFF00U, /* 32-bit data type */
uint32_t *B0; /*!< B0 is first authentication block used only in AES CCM mode */ - 0x0U, 0x0000FF00U, 0x0000FFFFU, 0xFF00FFFFU, /* 16-bit data type */
uint32_t DataWidthUnit; /*!< Data With Unit, this parameter can be value of @ref CRYP_Data_Width_Unit*/ 0x0U, 0x000000FFU, 0x0000FFFFU, 0x00FFFFFFU}; /* 8-bit data type */
uint32_t KeyIVConfigSkip; /*!< CRYP peripheral Key and IV configuration skip, to config Key and Initialization
diff --git a/Drivers/STM32F7xx_HAL_Driver/Src/stm32f7xx_hal_cryp_ex.c b/Drivers/STM32F7xx_HAL_Driver/Src/stm32f7xx_hal_cryp_ex.c /***************************** Header phase for GCM/GMAC or CCM *********************************/
--- a/Drivers/STM32F7xx_HAL_Driver/Src/stm32f7xx_hal_cryp_ex.c @@ -5842,7 +5841,7 @@ static HAL_StatusTypeDef CRYP_GCMCCM_SetHeaderPhase(CRYP_HandleTypeDef *hcryp, u
+++ b/Drivers/STM32F7xx_HAL_Driver/Src/stm32f7xx_hal_cryp_ex.c {
@@ -132,6 +132,8 @@ HAL_StatusTypeDef HAL_CRYPEx_AESGCM_GenerateAuthTAG(CRYP_HandleTypeDef *hcryp, u /* Enter last bytes, padded with zeroes */
uint64_t inputlength = (uint64_t)hcryp->SizesSum * 8U; /* input length in bits */ tmp = *(uint32_t *)(hcryp->Init.Header + hcryp->CrypHeaderCount);
uint32_t tagaddr = (uint32_t)AuthTag; - tmp &= mask[(hcryp->Init.DataType * 2U) + (size_in_bytes % 4U)];
+ tmp &= mask[(hcryp->Init.HeaderWidthUnit * 4U) + (size_in_bytes % 4U)];
+ headerlength -= ((uint64_t)(hcryp->Init.HeaderPadSize) * 8U); /* <PATCH> Decrement the header size removing the pad size </PATCH> */ hcryp->Instance->DINR = tmp;
+ loopcounter++;
if (hcryp->State == HAL_CRYP_STATE_READY) /* Pad the data with zeros to have a complete block */
{
/* Process locked */
``` ```
If you are using FreeRTOS make sure your `FreeRTOSConfig.h` has its `configTOTAL_HEAP_SIZE` increased. If you are using FreeRTOS make sure your `FreeRTOSConfig.h` has its `configTOTAL_HEAP_SIZE` increased.
@ -155,10 +152,30 @@ The TLS client/server benchmark example requires about 76 KB for allocated tasks
.b. WolfCrypt Benchmark .b. WolfCrypt Benchmark
.l. WolfSSL TLS Bench .l. WolfSSL TLS Bench
.e. Show Cipher List .e. Show Cipher List
.s. Run TLS 1.3 Server over UART
.c. Run TLS 1.3 Client over UART
Please select one of the above options: Please select one of the above options:
``` ```
### Example for TLS v1.3 over UART
A tutorial for setting this up can be found here: https://www.youtube.com/watch?v=OK6MKXYiVBY
The TLS v1.3 client/server examples over UART are paired with these host-side applications:
* https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/client-tls-uart.c
* https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/server-tls-uart.c
To use this example you will need to use the STM32Cube interface to enable an additional USART and enable DMA for the RX with defaults. Enabling DMA for the USART requires adding the USART RX DMA in the STM32Cube tool. Under Connectivity click on your TLS USART# and goto DMA Settings and "Add" one for USART#_RX with default options.
Then set the TLS_UART macro to the correct `huart#` instance. This USART will be used as a TLS transport.
```c
#define TLS_UART huart2
```
To disable the TLS UART example you can define `NO_TLS_UART_TEST`.
## Benchmarks ## Benchmarks
See [STM32_Benchmarks.md](STM32_Benchmarks.md). See [STM32_Benchmarks.md](STM32_Benchmarks.md).

35
IDE/STM32Cube/default_conf.ftl
View File

@ -29,8 +29,8 @@
[/#list] [/#list]
[/#if] [/#if]
[#-- SWIPdatas is a list of SWIPconfigModel --] [#-- SWIPdatas is a list of SWIPconfigModel --]
[#list SWIPdatas as SWIP] [#list SWIPdatas as SWIP]
[#-- Global variables --] [#-- Global variables --]
[#if SWIP.variables??] [#if SWIP.variables??]
[#list SWIP.variables as variable] [#list SWIP.variables as variable]
@ -40,9 +40,9 @@ extern ${variable.value} ${variable.name};
[#-- Global variables --] [#-- Global variables --]
[#assign instName = SWIP.ipName] [#assign instName = SWIP.ipName]
[#assign fileName = SWIP.fileName] [#assign fileName = SWIP.fileName]
[#assign version = SWIP.version] [#assign version = SWIP.version]
/** /**
MiddleWare name : ${instName} MiddleWare name : ${instName}
@ -50,9 +50,9 @@ extern ${variable.value} ${variable.name};
MiddleWare version : ${version} MiddleWare version : ${version}
*/ */
[#if SWIP.defines??] [#if SWIP.defines??]
[#list SWIP.defines as definition] [#list SWIP.defines as definition]
/*---------- [#if definition.comments??]${definition.comments}[/#if] -----------*/ /*---------- [#if definition.comments??]${definition.comments}[/#if] -----------*/
#define ${definition.name} #t#t ${definition.value} #define ${definition.name} #t#t ${definition.value}
[#if definition.description??]${definition.description} [/#if] [#if definition.description??]${definition.description} [/#if]
[/#list] [/#list]
[/#if] [/#if]
@ -87,7 +87,12 @@ extern ${variable.value} ${variable.name};
#undef NO_STM32_CRYPTO #undef NO_STM32_CRYPTO
#define STM32_HAL_V2 #define STM32_HAL_V2
#define HAL_CONSOLE_UART huart2 #define HAL_CONSOLE_UART huart2
#define STM32_AESGCM_PARTIAL /* allow partial blocks and add auth info (header) */ #elif defined(STM32F756xx)
#define WOLFSSL_STM32F7
#undef NO_STM32_HASH
#undef NO_STM32_CRYPTO
#define STM32_HAL_V2
#define HAL_CONSOLE_UART huart3
#elif defined(STM32H753xx) #elif defined(STM32H753xx)
#define WOLFSSL_STM32H7 #define WOLFSSL_STM32H7
#undef NO_STM32_HASH #undef NO_STM32_HASH
@ -144,7 +149,7 @@ extern ${variable.value} ${variable.name};
#warning Please define a hardware platform! #warning Please define a hardware platform!
/* This means there is not a pre-defined platform for your board/CPU */ /* This means there is not a pre-defined platform for your board/CPU */
/* You need to define a CPU type, HW crypto and debug UART */ /* You need to define a CPU type, HW crypto and debug UART */
/* CPU Type: WOLFSSL_STM32F1, WOLFSSL_STM32F2, WOLFSSL_STM32F4, /* CPU Type: WOLFSSL_STM32F1, WOLFSSL_STM32F2, WOLFSSL_STM32F4,
WOLFSSL_STM32F7, WOLFSSL_STM32H7, WOLFSSL_STM32L4, WOLFSSL_STM32L5, WOLFSSL_STM32F7, WOLFSSL_STM32H7, WOLFSSL_STM32L4, WOLFSSL_STM32L5,
WOLFSSL_STM32G0, WOLFSSL_STM32WB and WOLFSSL_STM32U5 */ WOLFSSL_STM32G0, WOLFSSL_STM32WB and WOLFSSL_STM32U5 */
#define WOLFSSL_STM32F4 #define WOLFSSL_STM32F4
@ -197,16 +202,18 @@ extern ${variable.value} ${variable.name};
* 6=Single Precision C all small * 6=Single Precision C all small
* 7=Single Precision C all big * 7=Single Precision C all big
*/ */
#if defined(WOLF_CONF_MATH) && WOLF_CONF_MATH != 2 #if defined(WOLF_CONF_MATH) && WOLF_CONF_MATH == 1
/* fast (stack) math */ /* fast (stack) math - tfm.c */
#define USE_FAST_MATH #define USE_FAST_MATH
#define TFM_TIMING_RESISTANT #define TFM_TIMING_RESISTANT
/* Optimizations (TFM_ARM, TFM_ASM or none) */ /* Optimizations (TFM_ARM, TFM_ASM or none) */
//#define TFM_NO_ASM //#define TFM_NO_ASM
//#define TFM_ASM //#define TFM_ASM
#endif #elif defined(WOLF_CONF_MATH) && WOLF_CONF_MATH == 2
#if defined(WOLF_CONF_MATH) && (WOLF_CONF_MATH >= 3) /* heap math - integer.c */
#define USE_INTEGER_HEAP_MATH
#elif defined(WOLF_CONF_MATH) && (WOLF_CONF_MATH >= 3)
/* single precision only */ /* single precision only */
#define WOLFSSL_SP #define WOLFSSL_SP
#if WOLF_CONF_MATH != 7 #if WOLF_CONF_MATH != 7
@ -405,7 +412,7 @@ extern ${variable.value} ${variable.name};
#define HAVE_AES_DECRYPT #define HAVE_AES_DECRYPT
#endif #endif
/* Other possible AES modes */ /* Other possible AES modes */
//#define WOLFSSL_AES_COUNTER //#define WOLFSSL_AES_COUNTER
//#define HAVE_AESCCM //#define HAVE_AESCCM
//#define WOLFSSL_AES_XTS //#define WOLFSSL_AES_XTS

253
IDE/STM32Cube/wolfssl_example.c
View File

@ -46,6 +46,16 @@
* Configuration * Configuration
****************************************************************************/ ****************************************************************************/
#if (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
!defined(WOLFCRYPT_ONLY) && !defined(SINGLE_THREADED)
#define ENABLE_TLS_BENCH
#endif
#if !defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_TLS13) && !defined(NO_TLS_UART_TEST)
#define ENABLE_TLS_UART
#endif
/* Defaults for configuration parameters */ /* Defaults for configuration parameters */
#define BENCH_DEFAULT_HOST "localhost" #define BENCH_DEFAULT_HOST "localhost"
#define BENCH_DEFAULT_PORT 11112 #define BENCH_DEFAULT_PORT 11112
@ -61,8 +71,8 @@
#define MEM_BUFFER_SZ (TEST_PACKET_SIZE + 38 + WC_MAX_DIGEST_SIZE) #define MEM_BUFFER_SZ (TEST_PACKET_SIZE + 38 + WC_MAX_DIGEST_SIZE)
/* make sure memory buffer size is large enough */ /* make sure memory buffer size is large enough */
#if MEM_BUFFER_SZ < 2048 #if MEM_BUFFER_SZ < 2048
#undef MEM_BUFFER_SZ #undef MEM_BUFFER_SZ
#define MEM_BUFFER_SZ 2048 #define MEM_BUFFER_SZ 2048
#endif #endif
#define SHOW_VERBOSE 0 /* 0=tab del (minimal), 1=info, 2=debug, 3=debug w/wolf logs */ #define SHOW_VERBOSE 0 /* 0=tab del (minimal), 1=info, 2=debug, 3=debug w/wolf logs */
#ifndef WOLFSSL_CIPHER_LIST_MAX_SIZE #ifndef WOLFSSL_CIPHER_LIST_MAX_SIZE
@ -116,25 +126,29 @@ extern UART_HandleTypeDef HAL_CONSOLE_UART;
* Public types/enumerations/variables * Public types/enumerations/variables
****************************************************************************/ ****************************************************************************/
typedef struct func_args { typedef struct func_args {
int argc; int argc;
char** argv; char** argv;
int return_code; int return_code;
} func_args; } func_args;
const char menu1[] = "\n" const char menu1[] = "\n"
"\tt. wolfCrypt Test\n" "\tt. wolfCrypt Test\n"
"\tb. wolfCrypt Benchmark\n" "\tb. wolfCrypt Benchmark\n"
#ifdef ENABLE_TLS_BENCH
"\tl. wolfSSL TLS Bench\n" "\tl. wolfSSL TLS Bench\n"
#endif
"\te. Show Cipher List\n" "\te. Show Cipher List\n"
#ifdef ENABLE_TLS_UART
"\ts. Run TLS 1.3 Server over UART\n" "\ts. Run TLS 1.3 Server over UART\n"
"\tc. Run TLS 1.3 Client over UART\n"; "\tc. Run TLS 1.3 Client over UART\n"
#endif
;
static void PrintMemStats(void); static void PrintMemStats(void);
double current_time(void); double current_time(void);
#if (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \ #ifdef ENABLE_TLS_BENCH
!defined(WOLFCRYPT_ONLY) && !defined(SINGLE_THREADED)
static const char* kShutdown = "shutdown"; static const char* kShutdown = "shutdown";
@ -350,8 +364,10 @@ static void PrintTlsStats(stats_t* wcStat, const char* desc, const char* cipher,
wcStat->connTime * 1000, wcStat->connTime * 1000,
wcStat->connTime * 1000 / wcStat->connCount); wcStat->connTime * 1000 / wcStat->connCount);
} }
#endif /* ENABLE_TLS_BENCH */
#if defined(ENABLE_TLS_BENCH) || defined(ENABLE_TLS_UART)
#if defined(KEEP_PEER_CERT) || defined(KEEP_OUR_CERT) #if defined(KEEP_PEER_CERT) || defined(KEEP_OUR_CERT)
static const char* client_showx509_msg[] = { static const char* client_showx509_msg[] = {
"issuer", "issuer",
@ -426,7 +442,7 @@ static void ShowX509(WOLFSSL_X509* x509, const char* hdr)
} }
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
} }
#endif #endif /* KEEP_PEER_CERT || KEEP_OUR_CERT */
static const char* client_showpeer_msg[] = { static const char* client_showpeer_msg[] = {
@ -484,14 +500,15 @@ static void ShowPeer(WOLFSSL* ssl)
(void)ssl; (void)ssl;
} }
#endif /* ENABLE_TLS_BENCH || ENABLE_TLS_UART */
#ifdef ENABLE_TLS_BENCH
/* server send callback */ /* server send callback */
static int ServerMemSend(info_t* info, char* buf, int sz) static int ServerMemSend(info_t* info, char* buf, int sz)
{ {
#ifdef CMSIS_OS2_H_ #ifdef CMSIS_OS2_H_
osSemaphoreAcquire(info->client.mutex, osWaitForever); osSemaphoreAcquire(info->client.mutex, osWaitForever);
#else #else
osSemaphoreWait(info->client.mutex, osWaitForever); osSemaphoreWait(info->client.mutex, osWaitForever);
#endif #endif
@ -543,13 +560,13 @@ static int ServerMemRecv(info_t* info, char* buf, int sz)
osSemaphoreRelease(info->server.mutex); osSemaphoreRelease(info->server.mutex);
#ifdef CMSIS_OS2_H_ #ifdef CMSIS_OS2_H_
if (osThreadFlagsWait(1, osFlagsWaitAny, RECV_WAIT_TIMEOUT) == osFlagsErrorTimeout) { if (osThreadFlagsWait(1, osFlagsWaitAny, RECV_WAIT_TIMEOUT) == osFlagsErrorTimeout) {
printf("Server Recv: Timeout!\n"); printf("Server Recv: Timeout!\n");
return WOLFSSL_CBIO_ERR_TIMEOUT; return WOLFSSL_CBIO_ERR_TIMEOUT;
} }
osSemaphoreAcquire(info->server.mutex, osWaitForever); osSemaphoreAcquire(info->server.mutex, osWaitForever);
#else #else
if (osSignalWait(1, RECV_WAIT_TIMEOUT).status == osEventTimeout) { if (osSignalWait(1, RECV_WAIT_TIMEOUT).status == osEventTimeout) {
printf("Server Recv: Timeout!\n"); printf("Server Recv: Timeout!\n");
return WOLFSSL_CBIO_ERR_TIMEOUT; return WOLFSSL_CBIO_ERR_TIMEOUT;
} }
osSemaphoreWait(info->server.mutex, osWaitForever); osSemaphoreWait(info->server.mutex, osWaitForever);
@ -639,14 +656,14 @@ static int ClientMemRecv(info_t* info, char* buf, int sz)
osSemaphoreRelease(info->client.mutex); osSemaphoreRelease(info->client.mutex);
#ifdef CMSIS_OS2_H_ #ifdef CMSIS_OS2_H_
if (osThreadFlagsWait(1, osFlagsWaitAny, RECV_WAIT_TIMEOUT) == osFlagsErrorTimeout) { if (osThreadFlagsWait(1, osFlagsWaitAny, RECV_WAIT_TIMEOUT) == osFlagsErrorTimeout) {
printf("Client Recv: Timeout!\n"); printf("Client Recv: Timeout!\n");
return WOLFSSL_CBIO_ERR_TIMEOUT; return WOLFSSL_CBIO_ERR_TIMEOUT;
} }
osSemaphoreAcquire(info->client.mutex, osWaitForever); osSemaphoreAcquire(info->client.mutex, osWaitForever);
#else #else
if (osSignalWait(1, RECV_WAIT_TIMEOUT).status == osEventTimeout) { if (osSignalWait(1, RECV_WAIT_TIMEOUT).status == osEventTimeout) {
printf("Client Recv: Timeout!\n"); printf("Client Recv: Timeout!\n");
return WOLFSSL_CBIO_ERR_TIMEOUT; return WOLFSSL_CBIO_ERR_TIMEOUT;
} }
osSemaphoreWait(info->client.mutex, osWaitForever); osSemaphoreWait(info->client.mutex, osWaitForever);
#endif #endif
@ -721,29 +738,29 @@ static int bench_tls_client(info_t* info)
/* set up client */ /* set up client */
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
if (tls13) { if (tls13) {
#ifdef WOLFSSL_STATIC_MEMORY #ifdef WOLFSSL_STATIC_MEMORY
ret = wolfSSL_CTX_load_static_memory(&cli_ctx, wolfTLSv1_3_client_method_ex, ret = wolfSSL_CTX_load_static_memory(&cli_ctx, wolfTLSv1_3_client_method_ex,
gWolfCTXCli, sizeof(gWolfCTXCli), WOLFMEM_GENERAL , 10); gWolfCTXCli, sizeof(gWolfCTXCli), WOLFMEM_GENERAL , 10);
#else #else
cli_ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); cli_ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
#endif #endif
} }
#endif #endif
if (!tls13) { if (!tls13) {
#if !defined(WOLFSSL_TLS13) #if !defined(WOLFSSL_TLS13)
#ifdef WOLFSSL_STATIC_MEMORY #ifdef WOLFSSL_STATIC_MEMORY
ret = wolfSSL_CTX_load_static_memory(&cli_ctx, wolfSSLv23_client_method_ex, ret = wolfSSL_CTX_load_static_memory(&cli_ctx, wolfSSLv23_client_method_ex,
gWolfCTXCli, sizeof(gWolfCTXCli), WOLFMEM_GENERAL , 10); gWolfCTXCli, sizeof(gWolfCTXCli), WOLFMEM_GENERAL , 10);
#else #else
cli_ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); cli_ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
#endif #endif
#elif !defined(WOLFSSL_NO_TLS12) #elif !defined(WOLFSSL_NO_TLS12)
#ifdef WOLFSSL_STATIC_MEMORY #ifdef WOLFSSL_STATIC_MEMORY
ret = wolfSSL_CTX_load_static_memory(&cli_ctx, wolfTLSv1_2_client_method_ex, ret = wolfSSL_CTX_load_static_memory(&cli_ctx, wolfTLSv1_2_client_method_ex,
gWolfCTXCli, sizeof(gWolfCTXCli), WOLFMEM_GENERAL , 10); gWolfCTXCli, sizeof(gWolfCTXCli), WOLFMEM_GENERAL , 10);
#else #else
cli_ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); cli_ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
#endif #endif
#endif #endif
} }
@ -753,7 +770,7 @@ static int bench_tls_client(info_t* info)
} }
#ifdef WOLFSSL_STATIC_MEMORY #ifdef WOLFSSL_STATIC_MEMORY
ret = wolfSSL_CTX_load_static_memory(&cli_ctx, 0, gWolfIOCli, sizeof(gWolfIOCli), ret = wolfSSL_CTX_load_static_memory(&cli_ctx, 0, gWolfIOCli, sizeof(gWolfIOCli),
WOLFMEM_IO_POOL, 10 ); WOLFMEM_IO_POOL, 10 );
#endif #endif
@ -932,7 +949,7 @@ static int bench_tls_client(info_t* info)
exit: exit:
if (ret != 0 && ret != WOLFSSL_SUCCESS) { if (ret != 0 && ret != WOLFSSL_SUCCESS) {
info->doShutdown = 1; info->doShutdown = 1;
printf("Client Error: %d (%s)\n", ret, printf("Client Error: %d (%s)\n", ret,
wolfSSL_ERR_reason_error_string(ret)); wolfSSL_ERR_reason_error_string(ret));
} }
@ -969,7 +986,7 @@ static void client_thread(const void* args)
#ifdef CMSIS_OS2_H_ #ifdef CMSIS_OS2_H_
osThreadFlagsSet(info->server.threadId, 1); osThreadFlagsSet(info->server.threadId, 1);
#else #else
osSignalSet(info->server.threadId, 1); osSignalSet(info->server.threadId, 1);
#endif #endif
} }
info->client.ret = ret; info->client.ret = ret;
@ -997,29 +1014,29 @@ static int bench_tls_server(info_t* info)
/* set up server */ /* set up server */
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
if (tls13) { if (tls13) {
#ifdef WOLFSSL_STATIC_MEMORY #ifdef WOLFSSL_STATIC_MEMORY
ret = wolfSSL_CTX_load_static_memory(&srv_ctx, wolfTLSv1_3_server_method_ex, ret = wolfSSL_CTX_load_static_memory(&srv_ctx, wolfTLSv1_3_server_method_ex,
gWolfCTXSrv, sizeof(gWolfCTXSrv), WOLFMEM_GENERAL , 10); gWolfCTXSrv, sizeof(gWolfCTXSrv), WOLFMEM_GENERAL , 10);
#else #else
srv_ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()); srv_ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method());
#endif #endif
} }
#endif #endif
if (!tls13) { if (!tls13) {
#if !defined(WOLFSSL_TLS13) #if !defined(WOLFSSL_TLS13)
#ifdef WOLFSSL_STATIC_MEMORY #ifdef WOLFSSL_STATIC_MEMORY
ret = wolfSSL_CTX_load_static_memory(&srv_ctx, wolfSSLv23_server_method_ex, ret = wolfSSL_CTX_load_static_memory(&srv_ctx, wolfSSLv23_server_method_ex,
gWolfCTXSrv, sizeof(gWolfCTXSrv), WOLFMEM_GENERAL , 10); gWolfCTXSrv, sizeof(gWolfCTXSrv), WOLFMEM_GENERAL , 10);
#else #else
srv_ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); srv_ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
#endif #endif
#elif !defined(WOLFSSL_NO_TLS12) #elif !defined(WOLFSSL_NO_TLS12)
#ifdef WOLFSSL_STATIC_MEMORY #ifdef WOLFSSL_STATIC_MEMORY
ret = wolfSSL_CTX_load_static_memory(&srv_ctx, wolfTLSv1_2_server_method_ex, ret = wolfSSL_CTX_load_static_memory(&srv_ctx, wolfTLSv1_2_server_method_ex,
gWolfCTXSrv, sizeof(gWolfCTXSrv), WOLFMEM_GENERAL , 10); gWolfCTXSrv, sizeof(gWolfCTXSrv), WOLFMEM_GENERAL , 10);
#else #else
srv_ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()); srv_ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
#endif #endif
#endif #endif
} }
@ -1029,7 +1046,7 @@ static int bench_tls_server(info_t* info)
} }
#ifdef WOLFSSL_STATIC_MEMORY #ifdef WOLFSSL_STATIC_MEMORY
ret = wolfSSL_CTX_load_static_memory(&srv_ctx, 0, gWolfIOSrv, sizeof(gWolfIOSrv), ret = wolfSSL_CTX_load_static_memory(&srv_ctx, 0, gWolfIOSrv, sizeof(gWolfIOSrv),
WOLFMEM_IO_POOL, 10 ); WOLFMEM_IO_POOL, 10 );
#endif #endif
@ -1208,7 +1225,7 @@ static int bench_tls_server(info_t* info)
exit: exit:
if (ret != 0 && ret != WOLFSSL_SUCCESS) { if (ret != 0 && ret != WOLFSSL_SUCCESS) {
info->doShutdown = 1; info->doShutdown = 1;
printf("Server Error: %d (%s)\n", ret, printf("Server Error: %d (%s)\n", ret,
wolfSSL_ERR_reason_error_string(ret)); wolfSSL_ERR_reason_error_string(ret));
} }
@ -1242,7 +1259,7 @@ static void server_thread(const void* args)
/* signal client */ /* signal client */
if (!info->client.done && info->client.threadId != 0) { if (!info->client.done && info->client.threadId != 0) {
#ifdef CMSIS_OS2_H_ #ifdef CMSIS_OS2_H_
osThreadFlagsSet(info->client.threadId, 1); osThreadFlagsSet(info->client.threadId, 1);
#else #else
osSignalSet(info->client.threadId, 1); osSignalSet(info->client.threadId, 1);
#endif #endif
@ -1444,7 +1461,8 @@ exit:
return ret; return ret;
} }
#endif /* (!NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER) && !WOLFCRYPT_ONLY && !SINGLE_THREADED */ #endif /* ENABLE_TLS_BENCH */
#ifndef WOLFCRYPT_ONLY #ifndef WOLFCRYPT_ONLY
static void ShowCiphers(void) static void ShowCiphers(void)
@ -1471,7 +1489,9 @@ static void PrintMemStats(void)
#endif #endif
} }
#if !defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_TLS13) && !defined(NO_TLS_UART_TEST)
#ifdef ENABLE_TLS_UART
/* UART DMA IO Routines */ /* UART DMA IO Routines */
#ifndef B115200 #ifndef B115200
#define B115200 115200 #define B115200 115200
@ -1493,6 +1513,8 @@ typedef struct {
#ifndef TLS_UART #ifndef TLS_UART
#define TLS_UART huart2 #define TLS_UART huart2
#endif #endif
/* If you get an undefined error here you can optionally disable the TLS
* over UART test using NO_TLS_UART_TEST */
extern UART_HandleTypeDef TLS_UART; extern UART_HandleTypeDef TLS_UART;
static int msg_length = 0; static int msg_length = 0;
@ -1524,11 +1546,15 @@ static int uartIORx(WOLFSSL *ssl, char *buf, int sz, void *ctx)
msg_length = 0; msg_length = 0;
XMEMSET(tb, 0, sizeof(*tb)); XMEMSET(tb, 0, sizeof(*tb));
/* Now setup the DMA RX. */ /* Now setup the DMA RX */
/* This requires enabling the UART RX DMA in the STM32Cube tool
* Under Connectivity click on your TLS UART (USART2) and goto DMA Settings
* and Add one for USART2_RX with default options */
status = HAL_UARTEx_ReceiveToIdle_DMA(&TLS_UART, (uint8_t *)tb->buf, MAX_RECORD_SIZE); status = HAL_UARTEx_ReceiveToIdle_DMA(&TLS_UART, (uint8_t *)tb->buf, MAX_RECORD_SIZE);
if (status != HAL_OK) { if (status != HAL_OK) {
return WOLFSSL_CBIO_ERR_WANT_READ; return WOLFSSL_CBIO_ERR_WANT_READ;
} else { }
else {
/* We now go into an infinite loop waiting for msg_length to be set to a /* We now go into an infinite loop waiting for msg_length to be set to a
* value other than 0. This will be done when the other side writes to * value other than 0. This will be done when the other side writes to
* UART and then idles. That will trigger HAL_UARTEx_RxEventCallback() * UART and then idles. That will trigger HAL_UARTEx_RxEventCallback()
@ -1536,7 +1562,7 @@ static int uartIORx(WOLFSSL *ssl, char *buf, int sz, void *ctx)
* *
* If you mistakenly get stuck here, please simply reset the board. * If you mistakenly get stuck here, please simply reset the board.
*/ */
while(msg_length == 0) { while (msg_length == 0) {
HAL_Delay(10); HAL_Delay(10);
} }
#ifdef DEBUG_UART_IO #ifdef DEBUG_UART_IO
@ -1578,6 +1604,11 @@ static int uartIOTx(WOLFSSL *ssl, char *buf, int sz, void *ctx)
return ret; return ret;
} }
static void uartReset(void)
{
HAL_UART_Abort_IT(&TLS_UART);
}
/* UART TLS 1.3 client and server */ /* UART TLS 1.3 client and server */
#ifndef NO_WOLFSSL_SERVER #ifndef NO_WOLFSSL_SERVER
static int tls13_uart_server(void) static int tls13_uart_server(void)
@ -1587,8 +1618,8 @@ static int tls13_uart_server(void)
WOLFSSL* ssl = NULL; WOLFSSL* ssl = NULL;
byte echoBuffer[100]; byte echoBuffer[100];
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
tls13_buf *tbuf = (tls13_buf *) XMALLOC(sizeof(*tbuf), NULL, tls13_buf* tbuf = (tls13_buf*)XMALLOC(sizeof(*tbuf), NULL,
DYNAMIC_TYPE_TMP_BUFFER); DYNAMIC_TYPE_TMP_BUFFER);
if (tbuf == NULL) { if (tbuf == NULL) {
printf("Memory allocation error\n"); printf("Memory allocation error\n");
goto done; goto done;
@ -1597,7 +1628,7 @@ static int tls13_uart_server(void)
tls13_buf tbuf[1]; tls13_buf tbuf[1];
#endif #endif
XMEMSET(tbuf, 0, sizeof(*tbuf)); XMEMSET(tbuf, 0, sizeof(tls13_buf));
ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()); ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method());
if (ctx == NULL) { if (ctx == NULL) {
@ -1606,6 +1637,7 @@ static int tls13_uart_server(void)
} }
/* Register wolfSSL send/recv callbacks */ /* Register wolfSSL send/recv callbacks */
uartReset();
wolfSSL_CTX_SetIOSend(ctx, uartIOTx); wolfSSL_CTX_SetIOSend(ctx, uartIOTx);
wolfSSL_CTX_SetIORecv(ctx, uartIORx); wolfSSL_CTX_SetIORecv(ctx, uartIORx);
@ -1677,7 +1709,7 @@ done:
} }
#endif #endif
#ifndef NO_WOLFSSL_CLIENT #ifdef ENABLE_TLS_UART
static int tls13_uart_client(void) static int tls13_uart_client(void)
{ {
int ret = -1, err; int ret = -1, err;
@ -1686,7 +1718,7 @@ static int tls13_uart_client(void)
const char testStr[] = "Testing 1, 2 and 3\r\n"; const char testStr[] = "Testing 1, 2 and 3\r\n";
byte readBuf[100]; byte readBuf[100];
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
tls13_buf *tbuf = (tls13_buf *) XMALLOC(sizeof(*tbuf), NULL, tls13_buf* tbuf = (tls13_buf*)XMALLOC(sizeof(*tbuf), NULL,
DYNAMIC_TYPE_TMP_BUFFER); DYNAMIC_TYPE_TMP_BUFFER);
if (tbuf == NULL) { if (tbuf == NULL) {
printf("Memory allocation error\n"); printf("Memory allocation error\n");
@ -1696,7 +1728,7 @@ static int tls13_uart_client(void)
tls13_buf tbuf[1]; tls13_buf tbuf[1];
#endif #endif
XMEMSET(tbuf, 0, sizeof(*tbuf)); XMEMSET(tbuf, 0, sizeof(tls13_buf));
ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
if (ctx == NULL) { if (ctx == NULL) {
@ -1705,6 +1737,7 @@ static int tls13_uart_client(void)
} }
/* Register wolfSSL send/recv callbacks */ /* Register wolfSSL send/recv callbacks */
uartReset();
wolfSSL_CTX_SetIOSend(ctx, uartIOTx); wolfSSL_CTX_SetIOSend(ctx, uartIOTx);
wolfSSL_CTX_SetIORecv(ctx, uartIORx); wolfSSL_CTX_SetIORecv(ctx, uartIORx);
@ -1734,6 +1767,8 @@ static int tls13_uart_client(void)
goto done; goto done;
} }
ShowPeer(ssl);
printf("TLS Connect handshake done\n"); printf("TLS Connect handshake done\n");
printf("Sending test string\n"); printf("Sending test string\n");
do { do {
@ -1768,7 +1803,9 @@ done:
return ret; return ret;
} }
#endif #endif
#endif /* !WOLFCRYPT_ONLY && WOLFSSL_TLS13 && !NO_TLS_UART_TEST */ #endif /* ENABLE_TLS_UART */
/***************************************************************************** /*****************************************************************************
* Public functions * Public functions
****************************************************************************/ ****************************************************************************/
@ -1776,23 +1813,23 @@ done:
extern RTC_HandleTypeDef hrtc; extern RTC_HandleTypeDef hrtc;
double current_time(void) double current_time(void)
{ {
RTC_TimeTypeDef time; RTC_TimeTypeDef time;
RTC_DateTypeDef date; RTC_DateTypeDef date;
uint32_t subsec = 0; uint32_t subsec = 0;
/* must get time and date here due to STM32 HW bug */ /* must get time and date here due to STM32 HW bug */
HAL_RTC_GetTime(&hrtc, &time, FORMAT_BIN); HAL_RTC_GetTime(&hrtc, &time, FORMAT_BIN);
HAL_RTC_GetDate(&hrtc, &date, FORMAT_BIN); HAL_RTC_GetDate(&hrtc, &date, FORMAT_BIN);
/* Not all STM32 RTCs have subseconds in the struct */ /* Not all STM32 RTCs have subseconds in the struct */
#ifdef RTC_ALARMSUBSECONDMASK_ALL #ifdef RTC_ALARMSUBSECONDMASK_ALL
subsec = (255 - time.SubSeconds) * 1000 / 255; subsec = (255 - time.SubSeconds) * 1000 / 255;
#endif #endif
(void) date; (void) date;
/* return seconds.milliseconds */ /* return seconds.milliseconds */
return ((double) time.Hours * 24) + ((double) time.Minutes * 60) return ((double) time.Hours * 24) + ((double) time.Minutes * 60)
+ (double) time.Seconds + ((double) subsec / 1000); + (double) time.Seconds + ((double) subsec / 1000);
} }
#endif /* HAL_RTC_MODULE_ENABLED */ #endif /* HAL_RTC_MODULE_ENABLED */
@ -1803,10 +1840,10 @@ void wolfCryptDemo(const void* argument)
#endif #endif
{ {
HAL_StatusTypeDef halRet; HAL_StatusTypeDef halRet;
uint8_t buffer[2]; uint8_t buffer[2];
func_args args; func_args args;
#ifdef DEBUG_WOLFSSL #if 0
wolfSSL_Debugging_ON(); wolfSSL_Debugging_ON();
#endif #endif
@ -1818,52 +1855,52 @@ void wolfCryptDemo(const void* argument)
#endif #endif
#ifdef WOLFSSL_STATIC_MEMORY #ifdef WOLFSSL_STATIC_MEMORY
if (wc_LoadStaticMemory(&HEAP_HINT, gWolfMem, sizeof(gWolfMem), if (wc_LoadStaticMemory(&HEAP_HINT, gWolfMem, sizeof(gWolfMem),
WOLFMEM_GENERAL, 10) != 0) { WOLFMEM_GENERAL, 10) != 0) {
printf("unable to load static memory"); printf("unable to load static memory");
} }
#endif #endif
//wolfSSL_SetAllocators(wolfMallocCb, wolfFreeCb, wolfReallocCb); //wolfSSL_SetAllocators(wolfMallocCb, wolfFreeCb, wolfReallocCb);
while (1) { while (1) {
memset(&args, 0, sizeof(args)); memset(&args, 0, sizeof(args));
args.return_code = NOT_COMPILED_IN; /* default */ args.return_code = NOT_COMPILED_IN; /* default */
printf("\n\t\t\t\tMENU\n"); printf("\n\t\t\t\tMENU\n");
printf(menu1); printf(menu1);
printf("Please select one of the above options:\n"); printf("Please select one of the above options:\n");
do { do {
halRet = HAL_UART_Receive(&HAL_CONSOLE_UART, buffer, sizeof(buffer), 100); halRet = HAL_UART_Receive(&HAL_CONSOLE_UART, buffer, sizeof(buffer), 100);
} while (halRet != HAL_OK || buffer[0] == '\n' || buffer[0] == '\r'); } while (halRet != HAL_OK || buffer[0] == '\n' || buffer[0] == '\r');
switch (buffer[0]) { switch (buffer[0]) {
case 't': case 't':
printf("Running wolfCrypt Tests...\n"); printf("Running wolfCrypt Tests...\n");
#ifndef NO_CRYPT_TEST #ifndef NO_CRYPT_TEST
args.return_code = 0; args.return_code = 0;
wolfcrypt_test(&args); wolfcrypt_test(&args);
#else #else
args.return_code = NOT_COMPILED_IN; args.return_code = NOT_COMPILED_IN;
#endif #endif
printf("Crypt Test: Return code %d\n", args.return_code); printf("Crypt Test: Return code %d\n", args.return_code);
break; break;
case 'b': case 'b':
printf("Running wolfCrypt Benchmarks...\n"); printf("Running wolfCrypt Benchmarks...\n");
#ifndef NO_CRYPT_BENCHMARK #ifndef NO_CRYPT_BENCHMARK
args.return_code = 0; args.return_code = 0;
benchmark_test(&args); benchmark_test(&args);
#else #else
args.return_code = NOT_COMPILED_IN; args.return_code = NOT_COMPILED_IN;
#endif #endif
printf("Benchmark Test: Return code %d\n", args.return_code); printf("Benchmark Test: Return code %d\n", args.return_code);
break; break;
case 'l': case 'l':
printf("Running TLS Benchmarks...\n"); printf("Running TLS Benchmarks...\n");
#if (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && !defined(WOLFCRYPT_ONLY) && !defined(SINGLE_THREADED) #ifdef ENABLE_TLS_BENCH
bench_tls(&args); bench_tls(&args);
#else #else
args.return_code = NOT_COMPILED_IN; args.return_code = NOT_COMPILED_IN;
@ -1878,9 +1915,9 @@ void wolfCryptDemo(const void* argument)
printf("Not compiled in\n"); printf("Not compiled in\n");
#endif #endif
break; break;
#if !defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_TLS13) && !defined(NO_TLS_UART_TEST) #ifdef ENABLE_TLS_UART
case 's': case 's':
#if !defined(NO_WOLFSSL_SERVER) #ifndef NO_WOLFSSL_SERVER
printf("Running TLS 1.3 server...\n"); printf("Running TLS 1.3 server...\n");
args.return_code = tls13_uart_server(); args.return_code = tls13_uart_server();
#else #else
@ -1890,7 +1927,7 @@ void wolfCryptDemo(const void* argument)
break; break;
case 'c': case 'c':
#if !defined(NO_WOLFSSL_CLIENT) #ifndef NO_WOLFSSL_CLIENT
printf("Running TLS 1.3 client...\n"); printf("Running TLS 1.3 client...\n");
args.return_code = tls13_uart_client(); args.return_code = tls13_uart_client();
#else #else
@ -1898,15 +1935,15 @@ void wolfCryptDemo(const void* argument)
#endif #endif
printf("TLS 1.3 Client: Return code %d\n", args.return_code); printf("TLS 1.3 Client: Return code %d\n", args.return_code);
break; break;
#endif #endif /* ENABLE_TLS_UART */
// All other cases go here /* All other cases go here */
default: default:
printf("\nSelection out of range\n"); printf("\nSelection out of range\n");
break; break;
} }
PrintMemStats(); PrintMemStats();
} }
#ifdef WOLFCRYPT_ONLY #ifdef WOLFCRYPT_ONLY
wolfCrypt_Cleanup(); wolfCrypt_Cleanup();

13
wolfcrypt/src/aes.c
View File

@ -7419,9 +7419,8 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
#ifdef STM32_CRYPTO_AES_GCM #ifdef STM32_CRYPTO_AES_GCM
/* this function supports inline encrypt */ /* this function supports inline encrypt */
/* define STM32_AESGCM_PARTIAL for newer STM Cube HAL's with workaround /* define STM32_AESGCM_PARTIAL for STM HW that does not support authentication
for handling partial packets to improve auth tag calculation performance by * on byte multiples (see CRYP_HEADERWIDTHUNIT_BYTE) */
using hardware */
static WARN_UNUSED_RESULT int wc_AesGcmEncrypt_STM32( static WARN_UNUSED_RESULT int wc_AesGcmEncrypt_STM32(
Aes* aes, byte* out, const byte* in, word32 sz, Aes* aes, byte* out, const byte* in, word32 sz,
const byte* iv, word32 ivSz, const byte* iv, word32 ivSz,
@ -7528,9 +7527,6 @@ static WARN_UNUSED_RESULT int wc_AesGcmEncrypt_STM32(
#else #else
hcryp.Init.HeaderSize = authPadSz/sizeof(word32); hcryp.Init.HeaderSize = authPadSz/sizeof(word32);
#endif #endif
#ifdef STM32_AESGCM_PARTIAL
hcryp.Init.HeaderPadSize = authPadSz - authInSz;
#endif
#ifdef CRYP_KEYIVCONFIG_ONCE #ifdef CRYP_KEYIVCONFIG_ONCE
/* allows repeated calls to HAL_CRYP_Encrypt */ /* allows repeated calls to HAL_CRYP_Encrypt */
hcryp.Init.KeyIVConfigSkip = CRYP_KEYIVCONFIG_ONCE; hcryp.Init.KeyIVConfigSkip = CRYP_KEYIVCONFIG_ONCE;
@ -8055,9 +8051,6 @@ static WARN_UNUSED_RESULT int wc_AesGcmDecrypt_STM32(
#else #else
hcryp.Init.HeaderSize = authPadSz/sizeof(word32); hcryp.Init.HeaderSize = authPadSz/sizeof(word32);
#endif #endif
#ifdef STM32_AESGCM_PARTIAL
hcryp.Init.HeaderPadSize = authPadSz - authInSz;
#endif
#ifdef CRYP_KEYIVCONFIG_ONCE #ifdef CRYP_KEYIVCONFIG_ONCE
/* allows repeated calls to HAL_CRYP_Decrypt */ /* allows repeated calls to HAL_CRYP_Decrypt */
hcryp.Init.KeyIVConfigSkip = CRYP_KEYIVCONFIG_ONCE; hcryp.Init.KeyIVConfigSkip = CRYP_KEYIVCONFIG_ONCE;
@ -8080,7 +8073,7 @@ static WARN_UNUSED_RESULT int wc_AesGcmDecrypt_STM32(
XMEMSET(partialBlock, 0, sizeof(partialBlock)); XMEMSET(partialBlock, 0, sizeof(partialBlock));
XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial); XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial);
status = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)partialBlock, partial, status = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)partialBlock, partial,
( uint32_t*)partialBlock, STM32_HAL_TIMEOUT); (uint32_t*)partialBlock, STM32_HAL_TIMEOUT);
XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial); XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial);
} }
#endif #endif

9
wolfcrypt/src/ecc.c
View File

@ -1266,7 +1266,8 @@ static int wc_ecc_export_x963_compressed(ecc_key* key, byte* out, word32* outLen
#if !defined(WOLFSSL_SP_MATH) && \ #if !defined(WOLFSSL_SP_MATH) && \
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \ !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
!defined(WOLFSSL_SE050) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) !defined(WOLFSSL_SE050) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \
!defined(WOLFSSL_STM32_PKA)
static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a, static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a,
mp_int* prime, mp_int* order); mp_int* prime, mp_int* order);
#endif #endif
@ -9128,7 +9129,7 @@ int wc_ecc_export_x963_ex(ecc_key* key, byte* out, word32* outLen,
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050) && \ !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC) !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WOLFSSL_STM32_PKA)
/* is ecc point on curve described by dp ? */ /* is ecc point on curve described by dp ? */
int wc_ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime) int wc_ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime)
@ -9613,7 +9614,7 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv)
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \ !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
!defined(WOLFSSL_SE050) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \ !defined(WOLFSSL_SE050) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC) !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WOLFSSL_STM32_PKA)
mp_int* b = NULL; mp_int* b = NULL;
#ifdef USE_ECC_B_PARAM #ifdef USE_ECC_B_PARAM
DECLARE_CURVE_SPECS(4); DECLARE_CURVE_SPECS(4);
@ -9663,7 +9664,7 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv)
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \ #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_CRYPTOCELL) || defined(WOLFSSL_SILABS_SE_ACCEL) || \ defined(WOLFSSL_CRYPTOCELL) || defined(WOLFSSL_SILABS_SE_ACCEL) || \
defined(WOLFSSL_SE050) || defined(WOLF_CRYPTO_CB_ONLY_ECC) || \ defined(WOLFSSL_SE050) || defined(WOLF_CRYPTO_CB_ONLY_ECC) || \
defined(WOLFSSL_XILINX_CRYPT_VERSAL) defined(WOLFSSL_XILINX_CRYPT_VERSAL) || defined(WOLFSSL_STM32_PKA)
/* consider key check success on HW crypto /* consider key check success on HW crypto
* ex: ATECC508/608A, CryptoCell and Silabs * ex: ATECC508/608A, CryptoCell and Silabs

54
wolfcrypt/src/port/st/stm32.c
View File

@ -732,46 +732,48 @@ static int stm32_get_ecc_specs(const uint8_t **prime, const uint8_t **coef,
const uint8_t **GenPointX, const uint8_t **GenPointY, const uint8_t **order, const uint8_t **GenPointX, const uint8_t **GenPointY, const uint8_t **order,
int size) int size)
{ {
switch(size) { switch (size) {
#ifdef ECC256
case 32: case 32:
*prime = stm32_ecc256_prime; if (prime) *prime = stm32_ecc256_prime;
*coef = stm32_ecc256_coef; if (coef) *coef = stm32_ecc256_coef;
if (coefB) *coefB = stm32_ecc256_coefB; if (coefB) *coefB = stm32_ecc256_coefB;
*GenPointX = stm32_ecc256_pointX; if (GenPointX) *GenPointX = stm32_ecc256_pointX;
*GenPointY = stm32_ecc256_pointY; if (GenPointY) *GenPointY = stm32_ecc256_pointY;
*coef_sign = &stm32_ecc256_coef_sign; if (coef_sign) *coef_sign = &stm32_ecc256_coef_sign;
if (order) *order = stm32_ecc256_order; if (order) *order = stm32_ecc256_order;
break; break;
#endif
#ifdef ECC224 #ifdef ECC224
case 28: case 28:
*prime = stm32_ecc224_prime; if (prime) *prime = stm32_ecc224_prime;
*coef = stm32_ecc224_coef; if (coef) *coef = stm32_ecc224_coef;
if (coefB) *coefB = stm32_ecc224_coefB; if (coefB) *coefB = stm32_ecc224_coefB;
*GenPointX = stm32_ecc224_pointX; if (GenPointX) *GenPointX = stm32_ecc224_pointX;
*GenPointY = stm32_ecc224_pointY; if (GenPointY) *GenPointY = stm32_ecc224_pointY;
*coef_sign = &stm32_ecc224_coef; if (coef_sign) *coef_sign = &stm32_ecc224_coef_sign;
if (order) *order = stm32_ecc224_order; if (order) *order = stm32_ecc224_order;
break; break;
#endif #endif
#ifdef ECC192 #ifdef ECC192
case 24: case 24:
*prime = stm32_ecc192_prime; if (prime) *prime = stm32_ecc192_prime;
*coef = stm32_ecc192_coef; if (coef) *coef = stm32_ecc192_coef;
if (coefB) *coefB = stm32_ecc192_coefB; if (coefB) *coefB = stm32_ecc192_coefB;
*GenPointX = stm32_ecc192_pointX; if (GenPointX) *GenPointX = stm32_ecc192_pointX;
*GenPointY = stm32_ecc192_pointY; if (GenPointY) *GenPointY = stm32_ecc192_pointY;
*coef_sign = &stm32_ecc192_coef; if (coef_sign) *coef_sign = &stm32_ecc192_coef_sign;
if (order) *order = stm32_ecc192_order; if (order) *order = stm32_ecc192_order;
break; break;
#endif #endif
#ifdef ECC384 #ifdef ECC384
case 48: case 48:
*prime = stm32_ecc384_prime; if (prime) *prime = stm32_ecc384_prime;
*coef = stm32_ecc384_coef; if (coef) *coef = stm32_ecc384_coef;
if (coefB) *coefB = stm32_ecc384_coefB; if (coefB) *coefB = stm32_ecc384_coefB;
*GenPointX = stm32_ecc384_pointX; if (GenPointX) *GenPointX = stm32_ecc384_pointX;
*GenPointY = stm32_ecc384_pointY; if (GenPointY) *GenPointY = stm32_ecc384_pointY;
*coef_sign = &stm32_ecc384_coef; if (coef_sign) *coef_sign = &stm32_ecc384_coef_sign;
if (order) *order = stm32_ecc384_order; if (order) *order = stm32_ecc384_order;
break; break;
#endif #endif
@ -809,8 +811,7 @@ int wc_ecc_mulmod_ex(const mp_int *k, ecc_point *G, ecc_point *R, mp_int* a,
uint8_t PtYbin[STM32_MAX_ECC_SIZE]; uint8_t PtYbin[STM32_MAX_ECC_SIZE];
const uint8_t *prime, *coef, *coefB, *gen_x, *gen_y, *order; const uint8_t *prime, *coef, *coefB, *gen_x, *gen_y, *order;
const uint32_t *coef_sign; const uint32_t *coef_sign;
(void)a;
(void)heap;
XMEMSET(&pka_mul, 0x00, sizeof(PKA_ECCMulInTypeDef)); XMEMSET(&pka_mul, 0x00, sizeof(PKA_ECCMulInTypeDef));
XMEMSET(&pka_mul_res, 0x00, sizeof(PKA_ECCMulOutTypeDef)); XMEMSET(&pka_mul_res, 0x00, sizeof(PKA_ECCMulOutTypeDef));
pka_mul_res.ptX = PtXbin; pka_mul_res.ptX = PtXbin;
@ -845,7 +846,7 @@ int wc_ecc_mulmod_ex(const mp_int *k, ecc_point *G, ecc_point *R, mp_int* a,
pka_mul.modulus = prime; pka_mul.modulus = prime;
pka_mul.pointX = Gxbin; pka_mul.pointX = Gxbin;
pka_mul.pointY = Gybin; pka_mul.pointY = Gybin;
pka_mul.scalarMulSize = size; pka_mul.scalarMulSize = szkbin;
pka_mul.scalarMul = kbin; pka_mul.scalarMul = kbin;
#ifdef WOLFSSL_STM32_PKA_V2 #ifdef WOLFSSL_STM32_PKA_V2
pka_mul.coefB = coefB; pka_mul.coefB = coefB;
@ -857,6 +858,7 @@ int wc_ecc_mulmod_ex(const mp_int *k, ecc_point *G, ecc_point *R, mp_int* a,
status = HAL_PKA_ECCMul(&hpka, &pka_mul, HAL_MAX_DELAY); status = HAL_PKA_ECCMul(&hpka, &pka_mul, HAL_MAX_DELAY);
if (status != HAL_OK) { if (status != HAL_OK) {
HAL_PKA_RAMReset(&hpka);
return WC_HW_E; return WC_HW_E;
} }
pka_mul_res.ptX = Gxbin; pka_mul_res.ptX = Gxbin;
@ -875,6 +877,10 @@ int wc_ecc_mulmod_ex(const mp_int *k, ecc_point *G, ecc_point *R, mp_int* a,
if (res == MP_OKAY) if (res == MP_OKAY)
res = mp_set(R->z, 1); res = mp_set(R->z, 1);
HAL_PKA_RAMReset(&hpka); HAL_PKA_RAMReset(&hpka);
(void)heap;
(void)a; /* uses computed (absolute value, |a| < p) */
return res; return res;
} }

2
wolfcrypt/test/test.c
View File

@ -10797,7 +10797,9 @@ WOLFSSL_TEST_SUBROUTINE int aesgcm_test(void)
int result = 0; int result = 0;
int ret; int ret;
#ifdef WOLFSSL_AES_256 #ifdef WOLFSSL_AES_256
#if !(defined(WOLF_CRYPTO_CB) && defined(HAVE_INTEL_QA_SYNC))
int alen; int alen;
#endif
#if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT)
int plen; int plen;
#endif #endif