feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #3320 from dgarske/stmcube

Browse Source 
STM32 Cube Pack and AES GCM improvements
This commit is contained in:
toddouska
2020-09-23 14:39:53 -07:00
committed by GitHub
parent b7fb202ad3 41ebc9161a
commit 2bb8427ab2
8 changed files with 632 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
IDE/STM32Cube/README.md
View File

@@ -14,8 +14,13 @@ These examples use the Cube HAL for STM32.
## Configuration
The settings for the wolfSTM32 project are located in `<wolfssl-root>/IDE/STM32Cube/wolfSSL.wolfSSL_conf.h`. The section for "Hardware platform" may need to be adjusted depending on your processor and board:
The settings for the wolfSSL CubeMX pack are in the generated `wolfSSL.wolfSSL_conf.h` file. An example of this is located in `IDE/STM32Cube/wolfSSL_conf.h` (renamed to avoid possible conflicts with generated file).
The template used for generation is `IDE/STM32Cube/default_conf.ftl` which can be updated at `STM32Cube/Repository/Packs/wolfSSL/wolfSSL/[Version]/CubeMX/templates/default_conf.ftl`.
The section for "Hardware platform" may need to be adjusted depending on your processor and board:
* To enable STM32F1 support define `WOLFSSL_STM32F1`.
* To enable STM32F2 support define `WOLFSSL_STM32F2`.
* To enable STM32F4 support define `WOLFSSL_STM32F4`.
* To enable STM32F7 support define `WOLFSSL_STM32F7`.
@@ -39,7 +44,7 @@ If you'd like to use the older Standard Peripheral library undefine `WOLFSSL_STM
If you are using FreeRTOS make sure your `FreeRTOSConfig.h` has its `configTOTAL_HEAP_SIZE` increased.
The TLS client/server benchmark example requires about 76 KB for allocated tasks (with stack) and peak heap.
The TLS client/server benchmark example requires about 76 KB for allocated tasks (with stack) and peak heap. This uses both a TLS client and server to test a TLS connection locally for each enabled TLS cipher suite.
## STM32 Cube Pack
@@ -49,6 +54,7 @@ The TLS client/server benchmark example requires about 76 KB for allocated tasks
2. Run the “STM32CubeMX” tool.
3. Under “Manage software installations” click “INSTALL/REMOVE” button.
4. From Local and choose “I-CUBE-WOLFSSL-WOLFSSL.pack”.
5. Accept the GPLv2 license. Contact wolfSSL at sales@wolfssl.com for a commercial license and support/maintenance.
### STM32 Cube Pack Usage
@@ -56,9 +62,10 @@ The TLS client/server benchmark example requires about 76 KB for allocated tasks
2. Under “Software Packs” choose “Select Components”.
3. Find and check all components for the wolfSSL.wolfSSL packs (wolfSSL / Core, wolfCrypt / Core and wolfCrypt / Test). Close
4. Under the “Software Packs” section click on “wolfSSL.wolfSSL” and configure the parameters.
5. For Cortex-M recommend “Math Configuration” -> “Single Precision Cortex-M Math”
5. For Cortex-M recommend “Math Configuration” -> “Single Precision Cortex-M Math” for the fastest option.
6. Generate Code
7. The Benchmark example uses float. To enable go to "Project Properties" -> "C/C++ Build" -> "Settings" -> "Tool Settings" -> "MCU Settings" -> Check "Use float with printf".
8. To enable printf make the `main.c` changes below in the [STM32 Printf](#stm32-printf) section.
### STM32 Cube Pack Examples
@@ -87,6 +94,49 @@ Please select one of the above options:
See [STM32_Benchmarks.md](STM32_Benchmarks.md).
Note: The Benchmark example uses float. To enable go to "Project Properties" -> "C/C++ Build" -> "Settings" -> "Tool Settings" -> "MCU Settings" -> Check "Use float with printf".
## STM32 Printf
In main.c make the following changes:
```
/* Retargets the C library printf function to the USART. */
#include <stdio.h>
#include <wolfssl/wolfcrypt/settings.h>
#ifdef __GNUC__
int __io_putchar(int ch)
#else
int fputc(int ch, FILE *f)
#endif
{
HAL_UART_Transmit(&HAL_CONSOLE_UART, (uint8_t *)&ch, 1, 0xFFFF);
return ch;
}
#ifdef __GNUC__
int _write(int file,char *ptr, int len)
{
int DataIdx;
for (DataIdx= 0; DataIdx< len; DataIdx++) {
__io_putchar(*ptr++);
}
return len;
}
#endif
int main(void)
{
/* Reset of all peripherals, Initializes the Flash interface and the Systick. */
HAL_Init();
/* Turn off buffers, so I/O occurs immediately */
setvbuf(stdin, NULL, _IONBF, 0);
setvbuf(stdout, NULL, _IONBF, 0);
setvbuf(stderr, NULL, _IONBF, 0);
```
## Support
For questions please email [support@wolfssl.com](mailto:support@wolfssl.com)

521
IDE/STM32Cube/default_conf.ftl Normal file
View File

@@ -0,0 +1,521 @@
[#ftl]
/**
******************************************************************************
* File Name : ${name}
* Description : This file provides code for the configuration
* of the ${name} instances.
******************************************************************************
[@common.optinclude name=mxTmpFolder+"/license.tmp"/][#--include License text --]
******************************************************************************
*/
[#assign s = name]
[#assign toto = s?replace(".","_")]
[#assign toto = toto?replace("/","")]
[#assign inclusion_protection = toto?upper_case]
/* Define to prevent recursive inclusion -------------------------------------*/
#ifndef __${inclusion_protection}__
#define __${inclusion_protection}__
#ifdef __cplusplus
extern "C" {
#endif
/* Includes ------------------------------------------------------------------*/
[#if includes??]
[#list includes as include]
#include "${include}"
[/#list]
[/#if]
[#-- SWIPdatas is a list of SWIPconfigModel --]
[#list SWIPdatas as SWIP]
[#-- Global variables --]
[#if SWIP.variables??]
[#list SWIP.variables as variable]
extern ${variable.value} ${variable.name};
[/#list]
[/#if]
[#-- Global variables --]
[#assign instName = SWIP.ipName]
[#assign fileName = SWIP.fileName]
[#assign version = SWIP.version]
/**
MiddleWare name : ${instName}
MiddleWare fileName : ${fileName}
MiddleWare version : ${version}
*/
[#if SWIP.defines??]
[#list SWIP.defines as definition]
/*---------- [#if definition.comments??]${definition.comments}[/#if] -----------*/
#define ${definition.name} #t#t ${definition.value}
[#if definition.description??]${definition.description} [/#if]
[/#list]
[/#if]
[/#list]
/* ------------------------------------------------------------------------- */
/* Hardware platform */
/* ------------------------------------------------------------------------- */
#define NO_STM32_HASH
#define NO_STM32_CRYPTO
#if defined(STM32WB55xx)
#define WOLFSSL_STM32WB
#define WOLFSSL_STM32_PKA
#undef NO_STM32_CRYPTO
#define HAL_CONSOLE_UART huart1
#elif defined(STM32F407xx)
#define WOLFSSL_STM32F4
#define HAL_CONSOLE_UART huart2
#elif defined(STM32F437xx)
#define WOLFSSL_STM32F4
#undef NO_STM32_HASH
#undef NO_STM32_CRYPTO
#define STM32_HAL_V2
#define HAL_CONSOLE_UART huart4
#elif defined(STM32F777xx)
#define WOLFSSL_STM32F7
#undef NO_STM32_HASH
#undef NO_STM32_CRYPTO
#define STM32_HAL_V2
#define HAL_CONSOLE_UART huart2
#elif defined(STM32H753xx)
#define WOLFSSL_STM32H7
#undef NO_STM32_HASH
#undef NO_STM32_CRYPTO
#define HAL_CONSOLE_UART huart3
#elif defined(STM32L4A6xx)
#define WOLFSSL_STM32L4
#undef NO_STM32_HASH
#undef NO_STM32_CRYPTO
#define HAL_CONSOLE_UART hlpuart1
#elif defined(STM32L475xx)
#define WOLFSSL_STM32L4
#define HAL_CONSOLE_UART huart1
#elif defined(STM32L562xx)
#define WOLFSSL_STM32L5
#define WOLFSSL_STM32_PKA
#undef NO_STM32_HASH
#undef NO_STM32_CRYPTO
#define HAL_CONSOLE_UART huart1
#elif defined(STM32L552xx)
#define WOLFSSL_STM32L5
#undef NO_STM32_HASH
#define HAL_CONSOLE_UART hlpuart1
#elif defined(STM32F207xx)
#define WOLFSSL_STM32F2
#define HAL_CONSOLE_UART huart3
#elif defined(STM32F107xC)
#define WOLFSSL_STM32F1
#define HAL_CONSOLE_UART huart4
#define NO_STM32_RNG
#elif defined(STM32F401xE)
#define WOLFSSL_STM32F4
#define HAL_CONSOLE_UART huart2
#define NO_STM32_RNG
#define WOLFSSL_GENSEED_FORTEST
#else
#warning Please define a hardware platform!
#define WOLFSSL_STM32F4 /* default */
#define HAL_CONSOLE_UART huart4
#endif
/* ------------------------------------------------------------------------- */
/* Platform */
/* ------------------------------------------------------------------------- */
#define SIZEOF_LONG_LONG 8
#define WOLFSSL_GENERAL_ALIGNMENT 4
#define WOLFSSL_STM32_CUBEMX
#define WOLFSSL_SMALL_STACK
#define WOLFSSL_USER_IO
#define WOLFSSL_NO_SOCK
#define WOLFSSL_IGNORE_FILE_WARN
/* ------------------------------------------------------------------------- */
/* Operating System */
/* ------------------------------------------------------------------------- */
#if defined(WOLF_CONF_RTOS) && WOLF_CONF_RTOS == 2
#define FREERTOS
#else
#define SINGLE_THREADED
#endif
/* ------------------------------------------------------------------------- */
/* Math Configuration */
/* ------------------------------------------------------------------------- */
/* 1=Fast, 2=Normal, 3=SP C, 4=SP Cortex-M */
#if defined(WOLF_CONF_MATH) && WOLF_CONF_MATH != 2
/* fast (stack) math */
#define USE_FAST_MATH
#define TFM_TIMING_RESISTANT
/* Optimizations (TFM_ARM, TFM_ASM or none) */
//#define TFM_NO_ASM
//#define TFM_ASM
#endif
#if defined(WOLF_CONF_MATH) && (WOLF_CONF_MATH == 3 || WOLF_CONF_MATH == 4)
/* single precision only */
#define WOLFSSL_SP
#define WOLFSSL_SP_SMALL /* use smaller version of code */
#define WOLFSSL_HAVE_SP_RSA
#define WOLFSSL_HAVE_SP_DH
#define WOLFSSL_HAVE_SP_ECC
#define WOLFSSL_SP_MATH
#define SP_WORD_SIZE 32
//#define WOLFSSL_SP_NO_MALLOC
//#define WOLFSSL_SP_CACHE_RESISTANT
/* single precision Cortex-M only */
#if WOLF_CONF_MATH == 4
#define WOLFSSL_SP_ASM /* required if using the ASM versions */
#define WOLFSSL_SP_ARM_CORTEX_M_ASM
#endif
#endif
/* ------------------------------------------------------------------------- */
/* Enable Features */
/* ------------------------------------------------------------------------- */
/* Required for TLS */
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#define HAVE_ENCRYPT_THEN_MAC
#define HAVE_EXTENDED_MASTER
#if defined(WOLF_CONF_TLS13) && WOLF_CONF_TLS13 == 1
#define WOLFSSL_TLS13
#define HAVE_HKDF
#endif
#if defined(WOLF_CONF_DTLS) && WOLF_CONF_DTLS == 1
#define WOLFSSL_DTLS
#endif
#if defined(WOLF_CONF_PSK) && WOLF_CONF_PSK == 0
#define NO_PSK
#endif
#if defined(WOLF_CONF_PWDBASED) && WOLF_CONF_PWDBASED == 0
#define NO_PWDBASED
#endif
#if defined(WOLF_CONF_KEEP_PEER_CERT) && WOLF_CONF_KEEP_PEER_CERT == 1
#define KEEP_PEER_CERT
#endif
#if defined(WOLF_CONF_BASE64_ENCODE) && WOLF_CONF_BASE64_ENCODE == 1
#define WOLFSSL_BASE64_ENCODE
#endif
#if defined(WOLF_CONF_OPENSSL_EXTRA) && WOLF_CONF_OPENSSL_EXTRA == 1
#define OPENSSL_EXTRA
#endif
/* TLS Session Cache */
#if 0
#define SMALL_SESSION_CACHE
#else
#define NO_SESSION_CACHE
#endif
/* ------------------------------------------------------------------------- */
/* Crypto */
/* ------------------------------------------------------------------------- */
/* RSA */
#undef NO_RSA
#if defined(WOLF_CONF_RSA) && WOLF_CONF_RSA == 1
#ifdef USE_FAST_MATH
/* Maximum math bits (Max RSA key bits * 2) */
#undef FP_MAX_BITS
#define FP_MAX_BITS 4096
#endif
/* half as much memory but twice as slow */
#undef RSA_LOW_MEM
//#define RSA_LOW_MEM
/* Enables blinding mode, to prevent timing attacks */
#undef WC_RSA_BLINDING
#define WC_RSA_BLINDING
/* RSA PSS Support (required for TLS v1.3) */
#ifdef WOLFSSL_TLS13
#define WC_RSA_PSS
#endif
#else
#define NO_RSA
#endif
/* ECC */
#undef HAVE_ECC
#if defined(WOLF_CONF_ECC) && WOLF_CONF_ECC == 1
#define HAVE_ECC
/* Manually define enabled curves */
#define ECC_USER_CURVES
//#define HAVE_ECC192
//#define HAVE_ECC224
#undef NO_ECC256
//#define HAVE_ECC384
//#define HAVE_ECC521
/* Fixed point cache (speeds repeated operations against same private key) */
#undef FP_ECC
//#define FP_ECC
#ifdef FP_ECC
/* Bits / Entries */
#undef FP_ENTRIES
#define FP_ENTRIES 2
#undef FP_LUT
#define FP_LUT 4
#endif
/* Optional ECC calculation method */
/* Note: doubles heap usage, but slightly faster */
#undef ECC_SHAMIR
#define ECC_SHAMIR
/* Reduces heap usage, but slower */
#define ECC_TIMING_RESISTANT
/* Compressed ECC key support */
//#define HAVE_COMP_KEY
#ifdef USE_FAST_MATH
#ifdef NO_RSA
/* Custom fastmath size if not using RSA */
/* MAX = ROUND32(ECC BITS) * 2 */
#define FP_MAX_BITS (256 * 2)
#else
#define ALT_ECC_SIZE
#endif
/* Enable TFM optimizations for ECC */
//#define TFM_ECC192
//#define TFM_ECC224
//#define TFM_ECC256
//#define TFM_ECC384
//#define TFM_ECC521
#endif
#endif
/* DH */
#undef NO_DH
#if defined(WOLF_CONF_DH) && WOLF_CONF_DH == 1
#define HAVE_DH /* freeRTOS settings.h requires this */
#define HAVE_FFDHE_2048
#define HAVE_DH_DEFAULT_PARAMS
#else
#define NO_DH
#endif
/* AES */
#if defined(WOLF_CONF_AESGCM) && WOLF_CONF_AESGCM == 1
#define HAVE_AESGCM
/* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */
/* GCM_TABLE is about 4K larger and 3x faster */
#define GCM_SMALL
#define HAVE_AES_DECRYPT
#endif
#if defined(WOLF_CONF_AESCBC) && WOLF_CONF_AESCBC == 1
#define HAVE_AES_CBC
#define HAVE_AES_DECRYPT
#endif
/* Other possible AES modes */
//#define WOLFSSL_AES_COUNTER
//#define HAVE_AESCCM
//#define WOLFSSL_AES_XTS
//#define WOLFSSL_AES_DIRECT
//#define HAVE_AES_ECB
//#define HAVE_AES_KEYWRAP
//#define AES_MAX_KEY_SIZE 256
/* ChaCha20 / Poly1305 */
#undef HAVE_CHACHA
#undef HAVE_POLY1305
#if defined(WOLF_CONF_CHAPOLY) && WOLF_CONF_CHAPOLY == 1
#define HAVE_CHACHA
#define HAVE_POLY1305
/* Needed for Poly1305 */
#undef HAVE_ONE_TIME_AUTH
#define HAVE_ONE_TIME_AUTH
#endif
/* Ed25519 / Curve25519 */
#undef HAVE_CURVE25519
#undef HAVE_ED25519
#if defined(WOLF_CONF_EDCURVE25519) && WOLF_CONF_EDCURVE25519 == 1
#define HAVE_CURVE25519
#define HAVE_ED25519
/* Optionally use small math (less flash usage, but much slower) */
#define CURVED25519_SMALL
#endif
/* ------------------------------------------------------------------------- */
/* Hashing */
/* ------------------------------------------------------------------------- */
/* Sha1 */
#undef NO_SHA
#if defined(WOLF_CONF_SHA1) && WOLF_CONF_SHA1 == 1
/* 1k smaller, but 25% slower */
//#define USE_SLOW_SHA
#else
#define NO_SHA
#endif
/* Sha2-256 */
#undef NO_SHA256
#if defined(WOLF_CONF_SHA2_256) && WOLF_CONF_SHA2_256 == 1
/* not unrolled - ~2k smaller and ~25% slower */
//#define USE_SLOW_SHA256
//#define WOLFSSL_SHAKE256
/* Sha2-224 */
#if defined(WOLF_CONF_SHA2_224) && WOLF_CONF_SHA2_224 == 1
#define WOLFSSL_SHA224
#endif
#else
#define NO_SHA256
#endif
/* Sha2-512 */
#undef WOLFSSL_SHA512
#if defined(WOLF_CONF_SHA2_512) && WOLF_CONF_SHA2_512 == 1
/* over twice as small, but 50% slower */
//#define USE_SLOW_SHA512
#define WOLFSSL_SHA512
#define HAVE_SHA512 /* freeRTOS settings.h requires this */
#endif
/* Sha2-384 */
#undef WOLFSSL_SHA384
#if defined(WOLF_CONF_SHA2_384) && WOLF_CONF_SHA2_384 == 1
#define WOLFSSL_SHA384
#endif
/* Sha3 */
#undef WOLFSSL_SHA3
#if defined(WOLF_CONF_SHA3) && WOLF_CONF_SHA3 == 1
#define WOLFSSL_SHA3
#endif
/* MD5 */
#if defined(WOLF_CONF_MD5) && WOLF_CONF_MD5 == 1
/* enabled */
#else
#define NO_MD5
#endif
/* ------------------------------------------------------------------------- */
/* Benchmark / Test */
/* ------------------------------------------------------------------------- */
/* Use reduced benchmark / test sizes */
#define BENCH_EMBEDDED
#define USE_CERT_BUFFERS_2048
#define USE_CERT_BUFFERS_256
/* ------------------------------------------------------------------------- */
/* Debugging */
/* ------------------------------------------------------------------------- */
#if defined(WOLF_CONF_DEBUG) && WOLF_CONF_DEBUG == 1
#define DEBUG_WOLFSSL
/* Use this to measure / print heap usage */
#if 0
#define USE_WOLFSSL_MEMORY
#define WOLFSSL_TRACK_MEMORY
#define WOLFSSL_DEBUG_MEMORY
#define WOLFSSL_DEBUG_MEMORY_PRINT
#endif
#else
//#define NO_WOLFSSL_MEMORY
//#define NO_ERROR_STRINGS
#endif
/* ------------------------------------------------------------------------- */
/* Port */
/* ------------------------------------------------------------------------- */
/* Override Current Time */
/* Allows custom "custom_time()" function to be used for benchmark */
#define WOLFSSL_USER_CURRTIME
/* ------------------------------------------------------------------------- */
/* RNG */
/* ------------------------------------------------------------------------- */
#define NO_OLD_RNGNAME /* conflicts with STM RNG macro */
#define HAVE_HASHDRBG
/* ------------------------------------------------------------------------- */
/* Disable Features */
/* ------------------------------------------------------------------------- */
#if defined(WOLF_CONF_TLS12) && WOLF_CONF_TLS12 == 0
#define WOLFSSL_NO_TLS12
#endif
#if defined(WOLF_CONF_WOLFCRYPT_ONLY) && WOLF_CONF_WOLFCRYPT_ONLY == 1
#define WOLFCRYPT_ONLY
#endif
//#define NO_WOLFSSL_SERVER
//#define NO_WOLFSSL_CLIENT
#if defined(WOLF_CONF_TEST) && WOLF_CONF_TEST == 0
#define NO_CRYPT_TEST
#define NO_CRYPT_BENCHMARK
#endif
#define NO_FILESYSTEM
#define NO_WRITEV
#define NO_MAIN_DRIVER
#define NO_DEV_RANDOM
#define NO_OLD_TLS
#define WOLFSSL_NO_CLIENT_AUTH /* disable client auth for Ed25519/Ed448 */
#define NO_DSA
#define NO_RC4
#define NO_HC128
#define NO_RABBIT
#define NO_MD4
#define NO_DES3
/* In-lining of misc.c functions */
/* If defined, must include wolfcrypt/src/misc.c in build */
/* Slower, but about 1k smaller */
//#define NO_INLINE
/* Base16 / Base64 encoding */
//#define NO_CODING
/* bypass certificate date checking, due to lack of properly configured RTC source */
#ifndef HAL_RTC_MODULE_ENABLED
#define NO_ASN_TIME
#endif
#ifdef __cplusplus
}
#endif
#endif /*__ ${inclusion_protection}_H */
/**
* @}
*/
/*****END OF FILE****/

3
IDE/STM32Cube/include.am
View File

@@ -5,6 +5,7 @@
EXTRA_DIST+= IDE/STM32Cube/README.md
EXTRA_DIST+= IDE/STM32Cube/main.c
EXTRA_DIST+= IDE/STM32Cube/wolfssl_example.c
EXTRA_DIST+= IDE/STM32Cube/wolfSSL.wolfSSL_conf.h
EXTRA_DIST+= IDE/STM32Cube/wolfSSL_conf.h
EXTRA_DIST+= IDE/STM32Cube/wolfssl_example.h
EXTRA_DIST+= IDE/STM32Cube/STM32_Benchmarks.md
EXTRA_DIST+= IDE/STM32Cube/default_conf.ftl

3
IDE/STM32Cube/main.c
View File

@@ -25,6 +25,7 @@
/* Includes ------------------------------------------------------------------*/
#include "wolfssl_example.h"
#include "wolfssl/wolfcrypt/settings.h"
/* Private variables ---------------------------------------------------------*/
CRYP_HandleTypeDef hcryp;
@@ -66,7 +67,7 @@ int __io_putchar(int ch)
int fputc(int ch, FILE *f)
#endif
{
HAL_UART_Transmit(&huart4, (uint8_t *)&ch, 1, 0xFFFF);
HAL_UART_Transmit(&HAL_CONSOLE_UART, (uint8_t *)&ch, 1, 0xFFFF);
return ch;
}

11
IDE/STM32Cube/wolfSSL.wolfSSL_conf.h → IDE/STM32Cube/wolfSSL_conf.h
View File

@@ -1,4 +1,4 @@
/* wolfSSL.wolfSSL_conf.h
/* wolfSSL_conf.h (example of generated wolfSSL.wolfSSL_conf.h)
*
* Copyright (C) 2006-2020 wolfSSL Inc.
*
@@ -19,7 +19,9 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* STM32 Cube Configuration File
/* STM32 Cube Sample Configuration File
* Generated automatically using `default_conf.ftl` template
*
* Included automatically when USE_HAL_DRIVER is defined
* (and not WOLFSSL_USER_SETTINGS or HAVE_CONF_H).
*/
@@ -169,6 +171,11 @@ extern "C" {
#define WOLFSSL_STM32F1
#define HAL_CONSOLE_UART huart4
#define NO_STM32_RNG
#elif defined(STM32F401xE)
#define WOLFSSL_STM32F4
#define HAL_CONSOLE_UART huart2
#define NO_STM32_RNG
#define WOLFSSL_GENSEED_FORTEST
#else
#warning Please define a hardware platform!
#define WOLFSSL_STM32F4 /* default */

19
IDE/STM32Cube/wolfssl_example.c
View File

@@ -64,7 +64,7 @@
#undef MEM_BUFFER_SZ
#define MEM_BUFFER_SZ 2048
#endif
#define SHOW_VERBOSE 0 /* Default output is tab delimited format */
#define SHOW_VERBOSE 0 /* 0=tab del (minimal), 1=info, 2=debug, 3=debug w/wolf logs */
#ifndef WOLFSSL_CIPHER_LIST_MAX_SIZE
#define WOLFSSL_CIPHER_LIST_MAX_SIZE 2048
#endif
@@ -77,7 +77,7 @@
#define BENCH_USE_NONBLOCK
#endif
#ifndef RECV_WAIT_TIMEOUT
#define RECV_WAIT_TIMEOUT 4000
#define RECV_WAIT_TIMEOUT 10000
#endif
/*****************************************************************************
@@ -510,6 +510,8 @@ static int ServerMemSend(info_t* info, char* buf, int sz)
sz = MEM_BUFFER_SZ - info->to_client.write_idx;
#endif
if (info->showVerbose >= 2)
printf("Server Send: %d\n", sz);
XMEMCPY(&info->to_client.buf[info->to_client.write_idx], buf, sz);
info->to_client.write_idx += sz;
info->to_client.write_bytes += sz;
@@ -543,11 +545,13 @@ static int ServerMemRecv(info_t* info, char* buf, int sz)
osSemaphoreRelease(info->server.mutex);
#ifdef CMSIS_OS2_H_
if (osThreadFlagsWait(1, osFlagsWaitAny, RECV_WAIT_TIMEOUT) == osFlagsErrorTimeout) {
printf("Server Recv: Timeout!\n");
return WOLFSSL_CBIO_ERR_TIMEOUT;
}
osSemaphoreAcquire(info->server.mutex, osWaitForever);
#else
if (osSignalWait(1, RECV_WAIT_TIMEOUT) == osEventTimeout) {
printf("Server Recv: Timeout!\n");
return WOLFSSL_CBIO_ERR_TIMEOUT;
}
osSemaphoreWait(info->server.mutex, osWaitForever);
@@ -567,9 +571,12 @@ static int ServerMemRecv(info_t* info, char* buf, int sz)
info->to_server.read_bytes = info->to_server.read_idx = 0;
info->to_server.write_bytes = info->to_server.write_idx = 0;
}
if (info->showVerbose >= 2)
printf("Server Recv: %d\n", sz);
osSemaphoreRelease(info->server.mutex);
#ifdef BENCH_USE_NONBLOCK
if (sz == 0)
return WOLFSSL_CBIO_ERR_WANT_READ;
@@ -599,6 +606,8 @@ static int ClientMemSend(info_t* info, char* buf, int sz)
sz = MEM_BUFFER_SZ - info->to_server.write_idx;
#endif
if (info->showVerbose >= 2)
printf("Client Send: %d\n", sz);
XMEMCPY(&info->to_server.buf[info->to_server.write_idx], buf, sz);
info->to_server.write_idx += sz;
info->to_server.write_bytes += sz;
@@ -632,11 +641,13 @@ static int ClientMemRecv(info_t* info, char* buf, int sz)
osSemaphoreRelease(info->client.mutex);
#ifdef CMSIS_OS2_H_
if (osThreadFlagsWait(1, osFlagsWaitAny, RECV_WAIT_TIMEOUT) == osFlagsErrorTimeout) {
printf("Client Recv: Timeout!\n");
return WOLFSSL_CBIO_ERR_TIMEOUT;
}
osSemaphoreAcquire(info->client.mutex, osWaitForever);
#else
if (osSignalWait(1, RECV_WAIT_TIMEOUT) == osEventTimeout) {
printf("Client Recv: Timeout!\n");
return WOLFSSL_CBIO_ERR_TIMEOUT;
}
osSemaphoreWait(info->client.mutex, osWaitForever);
@@ -656,6 +667,8 @@ static int ClientMemRecv(info_t* info, char* buf, int sz)
info->to_client.read_bytes = info->to_client.read_idx = 0;
info->to_client.write_bytes = info->to_client.write_idx = 0;
}
if (info->showVerbose >= 2)
printf("Client Recv: %d\n", sz);
osSemaphoreRelease(info->client.mutex);
@@ -1277,7 +1290,7 @@ int bench_tls(void* args)
int argShowPeerInfo = BENCH_SHOW_PEER_INFO;
#ifdef DEBUG_WOLFSSL
if (argShowVerbose) {
if (argShowVerbose >= 3) {
wolfSSL_Debugging_ON();
}
else {

38
wolfcrypt/src/aes.c
View File

@@ -6347,12 +6347,12 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out,
word32 keySize;
word32 partial = sz % AES_BLOCK_SIZE;
word32 tag[AES_BLOCK_SIZE/sizeof(word32)];
word32 tagExpected[AES_BLOCK_SIZE/sizeof(word32)];
word32 partialBlock[AES_BLOCK_SIZE/sizeof(word32)];
word32 ctr[AES_BLOCK_SIZE/sizeof(word32)];
word32 ctrInit[AES_BLOCK_SIZE/sizeof(word32)];
word32 authhdr[AES_BLOCK_SIZE/sizeof(word32)];
byte* authInPadded = NULL;
int authPadSz, wasAlloc = 0;
int authPadSz, wasAlloc = 0, tagComputed = 0;
ret = wc_AesGetKeySize(aes, &keySize);
if (ret != 0)
@@ -6373,7 +6373,19 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out,
else {
GHASH(aes, NULL, 0, iv, ivSz, (byte*)ctr, AES_BLOCK_SIZE);
}
XMEMCPY(ctrInit, ctr, sizeof(ctr)); /* save off initial counter for GMAC */
/* Make copy of expected authTag, which could get corrupted in some
* Cube HAL versions without proper partial block support.
* For TLS blocks the authTag is after the output buffer, so save it */
XMEMCPY(tagExpected, authTag, authTagSz);
/* for cases where hardware cannot be used for authTag calculate it */
if (sz == 0 || partial != 0 || ivSz != GCM_NONCE_MID_SZ) {
GHASH(aes, authIn, authInSz, in, sz, (byte*)tag, sizeof(tag));
wc_AesEncrypt(aes, (byte*)ctr, (byte*)partialBlock);
xorbuf(tag, partialBlock, sizeof(tag));
tagComputed = 1;
}
/* Authentication buffer - must be 4-byte multiple zero padded */
authPadSz = authInSz % sizeof(word32);
@@ -6419,7 +6431,7 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out,
/* GCM payload phase - can handle partial blocks */
status = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in,
(blocks * AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT);
if (status == HAL_OK) {
if (status == HAL_OK && tagComputed == 0) {
/* Compute the authTag */
status = HAL_CRYPEx_AESGCM_GenerateAuthTAG(&hcryp, (uint32_t*)tag,
STM32_HAL_TIMEOUT);
@@ -6457,7 +6469,7 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out,
(byte*)partialBlock, STM32_HAL_TIMEOUT);
XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial);
}
if (status == HAL_OK) {
if (status == HAL_OK && tagComputed == 0) {
/* GCM final phase */
hcryp.Init.GCMCMACPhase = CRYP_FINAL_PHASE;
status = HAL_CRYPEx_AES_Auth(&hcryp, NULL, sz, (byte*)tag, STM32_HAL_TIMEOUT);
@@ -6478,7 +6490,7 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out,
(byte*)partialBlock, STM32_HAL_TIMEOUT);
XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial);
}
if (status == HAL_OK) {
if (status == HAL_OK && tagComputed == 0) {
/* Compute the authTag */
status = HAL_CRYPEx_AESGCM_Finish(&hcryp, sz, (byte*)tag, STM32_HAL_TIMEOUT);
}
@@ -6495,25 +6507,21 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out,
/* Input size and auth size need to be the actual sizes, even though
* they are not block aligned, because this length (in bits) is used
* in the final GHASH. */
XMEMSET(partialBlock, 0, sizeof(partialBlock)); /* use this to get tag */
status = CRYP_AES_GCM(MODE_DECRYPT, (uint8_t*)ctr,
(uint8_t*)keyCopy, keySize * 8,
(uint8_t*)in, sz,
(uint8_t*)authInPadded, authInSz,
(uint8_t*)out, (uint8_t*)tag);
(uint8_t*)out, (uint8_t*)partialBlock);
if (status != SUCCESS)
ret = AES_GCM_AUTH_E;
if (tagComputed == 0)
XMEMCPY(tag, partialBlock, authTagSz);
#endif /* WOLFSSL_STM32_CUBEMX */
wolfSSL_CryptHwMutexUnLock();
/* For STM32 GCM fallback to software if partial AES block or IV != 12 */
if (sz == 0 || partial != 0 || ivSz != GCM_NONCE_MID_SZ) {
GHASH(aes, authIn, authInSz, in, sz, (byte*)tag, sizeof(tag));
wc_AesEncrypt(aes, (byte*)ctrInit, (byte*)partialBlock);
xorbuf(tag, partialBlock, sizeof(tag));
}
/* Check authentication tag */
if (ConstantCompare(authTag, (byte*)tag, authTagSz) != 0) {
if (ConstantCompare((const byte*)tagExpected, (byte*)tag, authTagSz) != 0) {
ret = AES_GCM_AUTH_E;
}

12
wolfssl/wolfcrypt/settings.h
View File

@@ -1259,11 +1259,11 @@ extern void uITRON4_free(void *p) ;
#endif
#define NO_OLD_RNGNAME
#ifdef WOLFSSL_STM32_CUBEMX
#if defined(WOLFSSL_STM32F1)
#include "stm32f1xx_hal.h"
#if defined(WOLFSSL_STM32F1)
#include "stm32f1xx_hal.h"
#elif defined(WOLFSSL_STM32F2)
#include "stm32f2xx_hal.h"
#elif defined(WOLFSSL_STM32L5)
#elif defined(WOLFSSL_STM32L5)
#include "stm32l5xx_hal.h"
#elif defined(WOLFSSL_STM32L4)
#include "stm32l4xx_hal.h"
@@ -1302,7 +1302,7 @@ extern void uITRON4_free(void *p) ;
#ifdef STM32_HASH
#include "stm32f4xx_hash.h"
#endif
#elif defined(WOLFSSL_STM32L5)
#elif defined(WOLFSSL_STM32L5)
#include "stm32l5xx.h"
#ifdef STM32_CRYPTO
#include "stm32l5xx_cryp.h"
@@ -1310,7 +1310,7 @@ extern void uITRON4_free(void *p) ;
#ifdef STM32_HASH
#include "stm32l5xx_hash.h"
#endif
#elif defined(WOLFSSL_STM32L4)
#elif defined(WOLFSSL_STM32L4)
#include "stm32l4xx.h"
#ifdef STM32_CRYPTO
#include "stm32l4xx_cryp.h"
@@ -1327,7 +1327,7 @@ extern void uITRON4_free(void *p) ;
#endif
#endif /* WOLFSSL_STM32_CUBEMX */
#endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32L4 ||
WOLFSSL_STM32L5 || WOLFSSL_STM32F7 || WOLFSSL_STMWB || WOLFSSL_STM32H7 */
WOLFSSL_STM32L5 || WOLFSSL_STM32F7 || WOLFSSL_STMWB || WOLFSSL_STM32H7 */
#ifdef WOLFSSL_DEOS
#include <deos.h>
#include <timeout.h>