diff --git a/IDE/STM32Cube/README.md b/IDE/STM32Cube/README.md index 28ac87aeb..fffa166b6 100644 --- a/IDE/STM32Cube/README.md +++ b/IDE/STM32Cube/README.md @@ -14,8 +14,13 @@ These examples use the Cube HAL for STM32. ## Configuration -The settings for the wolfSTM32 project are located in `/IDE/STM32Cube/wolfSSL.wolfSSL_conf.h`. The section for "Hardware platform" may need to be adjusted depending on your processor and board: +The settings for the wolfSSL CubeMX pack are in the generated `wolfSSL.wolfSSL_conf.h` file. An example of this is located in `IDE/STM32Cube/wolfSSL_conf.h` (renamed to avoid possible conflicts with generated file). +The template used for generation is `IDE/STM32Cube/default_conf.ftl` which can be updated at `STM32Cube/Repository/Packs/wolfSSL/wolfSSL/[Version]/CubeMX/templates/default_conf.ftl`. + +The section for "Hardware platform" may need to be adjusted depending on your processor and board: + +* To enable STM32F1 support define `WOLFSSL_STM32F1`. * To enable STM32F2 support define `WOLFSSL_STM32F2`. * To enable STM32F4 support define `WOLFSSL_STM32F4`. * To enable STM32F7 support define `WOLFSSL_STM32F7`. @@ -39,7 +44,7 @@ If you'd like to use the older Standard Peripheral library undefine `WOLFSSL_STM If you are using FreeRTOS make sure your `FreeRTOSConfig.h` has its `configTOTAL_HEAP_SIZE` increased. -The TLS client/server benchmark example requires about 76 KB for allocated tasks (with stack) and peak heap. +The TLS client/server benchmark example requires about 76 KB for allocated tasks (with stack) and peak heap. This uses both a TLS client and server to test a TLS connection locally for each enabled TLS cipher suite. ## STM32 Cube Pack @@ -49,6 +54,7 @@ The TLS client/server benchmark example requires about 76 KB for allocated tasks 2. Run the “STM32CubeMX” tool. 3. Under “Manage software installations” click “INSTALL/REMOVE” button. 4. From Local and choose “I-CUBE-WOLFSSL-WOLFSSL.pack”. +5. Accept the GPLv2 license. Contact wolfSSL at sales@wolfssl.com for a commercial license and support/maintenance. ### STM32 Cube Pack Usage @@ -56,9 +62,10 @@ The TLS client/server benchmark example requires about 76 KB for allocated tasks 2. Under “Software Packs” choose “Select Components”. 3. Find and check all components for the wolfSSL.wolfSSL packs (wolfSSL / Core, wolfCrypt / Core and wolfCrypt / Test). Close 4. Under the “Software Packs” section click on “wolfSSL.wolfSSL” and configure the parameters. -5. For Cortex-M recommend “Math Configuration” -> “Single Precision Cortex-M Math” +5. For Cortex-M recommend “Math Configuration” -> “Single Precision Cortex-M Math” for the fastest option. 6. Generate Code 7. The Benchmark example uses float. To enable go to "Project Properties" -> "C/C++ Build" -> "Settings" -> "Tool Settings" -> "MCU Settings" -> Check "Use float with printf". +8. To enable printf make the `main.c` changes below in the [STM32 Printf](#stm32-printf) section. ### STM32 Cube Pack Examples @@ -87,6 +94,49 @@ Please select one of the above options: See [STM32_Benchmarks.md](STM32_Benchmarks.md). +Note: The Benchmark example uses float. To enable go to "Project Properties" -> "C/C++ Build" -> "Settings" -> "Tool Settings" -> "MCU Settings" -> Check "Use float with printf". + +## STM32 Printf + +In main.c make the following changes: + +``` +/* Retargets the C library printf function to the USART. */ +#include +#include +#ifdef __GNUC__ +int __io_putchar(int ch) +#else +int fputc(int ch, FILE *f) +#endif +{ + HAL_UART_Transmit(&HAL_CONSOLE_UART, (uint8_t *)&ch, 1, 0xFFFF); + + return ch; +} +#ifdef __GNUC__ +int _write(int file,char *ptr, int len) +{ + int DataIdx; + for (DataIdx= 0; DataIdx< len; DataIdx++) { + __io_putchar(*ptr++); + } + return len; +} +#endif + +int main(void) +{ + /* Reset of all peripherals, Initializes the Flash interface and the Systick. */ + HAL_Init(); + + /* Turn off buffers, so I/O occurs immediately */ + setvbuf(stdin, NULL, _IONBF, 0); + setvbuf(stdout, NULL, _IONBF, 0); + setvbuf(stderr, NULL, _IONBF, 0); + +``` + ## Support For questions please email [support@wolfssl.com](mailto:support@wolfssl.com) diff --git a/IDE/STM32Cube/default_conf.ftl b/IDE/STM32Cube/default_conf.ftl new file mode 100644 index 000000000..bb7d3ace4 --- /dev/null +++ b/IDE/STM32Cube/default_conf.ftl @@ -0,0 +1,521 @@ +[#ftl] +/** + ****************************************************************************** + * File Name : ${name} + * Description : This file provides code for the configuration + * of the ${name} instances. + ****************************************************************************** +[@common.optinclude name=mxTmpFolder+"/license.tmp"/][#--include License text --] + ****************************************************************************** + */ +[#assign s = name] +[#assign toto = s?replace(".","_")] +[#assign toto = toto?replace("/","")] +[#assign inclusion_protection = toto?upper_case] +/* Define to prevent recursive inclusion -------------------------------------*/ +#ifndef __${inclusion_protection}__ +#define __${inclusion_protection}__ + +#ifdef __cplusplus + extern "C" { +#endif + +/* Includes ------------------------------------------------------------------*/ +[#if includes??] +[#list includes as include] +#include "${include}" +[/#list] +[/#if] + +[#-- SWIPdatas is a list of SWIPconfigModel --] +[#list SWIPdatas as SWIP] +[#-- Global variables --] +[#if SWIP.variables??] + [#list SWIP.variables as variable] +extern ${variable.value} ${variable.name}; + [/#list] +[/#if] + +[#-- Global variables --] + +[#assign instName = SWIP.ipName] +[#assign fileName = SWIP.fileName] +[#assign version = SWIP.version] + +/** + MiddleWare name : ${instName} + MiddleWare fileName : ${fileName} + MiddleWare version : ${version} +*/ +[#if SWIP.defines??] + [#list SWIP.defines as definition] +/*---------- [#if definition.comments??]${definition.comments}[/#if] -----------*/ +#define ${definition.name} #t#t ${definition.value} +[#if definition.description??]${definition.description} [/#if] + [/#list] +[/#if] + + + +[/#list] + +/* ------------------------------------------------------------------------- */ +/* Hardware platform */ +/* ------------------------------------------------------------------------- */ +#define NO_STM32_HASH +#define NO_STM32_CRYPTO + +#if defined(STM32WB55xx) + #define WOLFSSL_STM32WB + #define WOLFSSL_STM32_PKA + #undef NO_STM32_CRYPTO + #define HAL_CONSOLE_UART huart1 +#elif defined(STM32F407xx) + #define WOLFSSL_STM32F4 + #define HAL_CONSOLE_UART huart2 +#elif defined(STM32F437xx) + #define WOLFSSL_STM32F4 + #undef NO_STM32_HASH + #undef NO_STM32_CRYPTO + #define STM32_HAL_V2 + #define HAL_CONSOLE_UART huart4 +#elif defined(STM32F777xx) + #define WOLFSSL_STM32F7 + #undef NO_STM32_HASH + #undef NO_STM32_CRYPTO + #define STM32_HAL_V2 + #define HAL_CONSOLE_UART huart2 +#elif defined(STM32H753xx) + #define WOLFSSL_STM32H7 + #undef NO_STM32_HASH + #undef NO_STM32_CRYPTO + #define HAL_CONSOLE_UART huart3 +#elif defined(STM32L4A6xx) + #define WOLFSSL_STM32L4 + #undef NO_STM32_HASH + #undef NO_STM32_CRYPTO + #define HAL_CONSOLE_UART hlpuart1 +#elif defined(STM32L475xx) + #define WOLFSSL_STM32L4 + #define HAL_CONSOLE_UART huart1 +#elif defined(STM32L562xx) + #define WOLFSSL_STM32L5 + #define WOLFSSL_STM32_PKA + #undef NO_STM32_HASH + #undef NO_STM32_CRYPTO + #define HAL_CONSOLE_UART huart1 +#elif defined(STM32L552xx) + #define WOLFSSL_STM32L5 + #undef NO_STM32_HASH + #define HAL_CONSOLE_UART hlpuart1 +#elif defined(STM32F207xx) + #define WOLFSSL_STM32F2 + #define HAL_CONSOLE_UART huart3 +#elif defined(STM32F107xC) + #define WOLFSSL_STM32F1 + #define HAL_CONSOLE_UART huart4 + #define NO_STM32_RNG +#elif defined(STM32F401xE) + #define WOLFSSL_STM32F4 + #define HAL_CONSOLE_UART huart2 + #define NO_STM32_RNG + #define WOLFSSL_GENSEED_FORTEST +#else + #warning Please define a hardware platform! + #define WOLFSSL_STM32F4 /* default */ + #define HAL_CONSOLE_UART huart4 +#endif + + +/* ------------------------------------------------------------------------- */ +/* Platform */ +/* ------------------------------------------------------------------------- */ +#define SIZEOF_LONG_LONG 8 +#define WOLFSSL_GENERAL_ALIGNMENT 4 +#define WOLFSSL_STM32_CUBEMX +#define WOLFSSL_SMALL_STACK +#define WOLFSSL_USER_IO +#define WOLFSSL_NO_SOCK +#define WOLFSSL_IGNORE_FILE_WARN + + +/* ------------------------------------------------------------------------- */ +/* Operating System */ +/* ------------------------------------------------------------------------- */ +#if defined(WOLF_CONF_RTOS) && WOLF_CONF_RTOS == 2 + #define FREERTOS +#else + #define SINGLE_THREADED +#endif + + +/* ------------------------------------------------------------------------- */ +/* Math Configuration */ +/* ------------------------------------------------------------------------- */ +/* 1=Fast, 2=Normal, 3=SP C, 4=SP Cortex-M */ +#if defined(WOLF_CONF_MATH) && WOLF_CONF_MATH != 2 + /* fast (stack) math */ + #define USE_FAST_MATH + #define TFM_TIMING_RESISTANT + + /* Optimizations (TFM_ARM, TFM_ASM or none) */ + //#define TFM_NO_ASM + //#define TFM_ASM +#endif +#if defined(WOLF_CONF_MATH) && (WOLF_CONF_MATH == 3 || WOLF_CONF_MATH == 4) + /* single precision only */ + #define WOLFSSL_SP + #define WOLFSSL_SP_SMALL /* use smaller version of code */ + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_HAVE_SP_DH + #define WOLFSSL_HAVE_SP_ECC + #define WOLFSSL_SP_MATH + #define SP_WORD_SIZE 32 + + //#define WOLFSSL_SP_NO_MALLOC + //#define WOLFSSL_SP_CACHE_RESISTANT + + /* single precision Cortex-M only */ + #if WOLF_CONF_MATH == 4 + #define WOLFSSL_SP_ASM /* required if using the ASM versions */ + #define WOLFSSL_SP_ARM_CORTEX_M_ASM + #endif +#endif + + +/* ------------------------------------------------------------------------- */ +/* Enable Features */ +/* ------------------------------------------------------------------------- */ +/* Required for TLS */ +#define HAVE_TLS_EXTENSIONS +#define HAVE_SUPPORTED_CURVES +#define HAVE_ENCRYPT_THEN_MAC +#define HAVE_EXTENDED_MASTER + +#if defined(WOLF_CONF_TLS13) && WOLF_CONF_TLS13 == 1 + #define WOLFSSL_TLS13 + #define HAVE_HKDF +#endif +#if defined(WOLF_CONF_DTLS) && WOLF_CONF_DTLS == 1 + #define WOLFSSL_DTLS +#endif +#if defined(WOLF_CONF_PSK) && WOLF_CONF_PSK == 0 + #define NO_PSK +#endif +#if defined(WOLF_CONF_PWDBASED) && WOLF_CONF_PWDBASED == 0 + #define NO_PWDBASED +#endif +#if defined(WOLF_CONF_KEEP_PEER_CERT) && WOLF_CONF_KEEP_PEER_CERT == 1 + #define KEEP_PEER_CERT +#endif +#if defined(WOLF_CONF_BASE64_ENCODE) && WOLF_CONF_BASE64_ENCODE == 1 + #define WOLFSSL_BASE64_ENCODE +#endif +#if defined(WOLF_CONF_OPENSSL_EXTRA) && WOLF_CONF_OPENSSL_EXTRA == 1 + #define OPENSSL_EXTRA +#endif + +/* TLS Session Cache */ +#if 0 + #define SMALL_SESSION_CACHE +#else + #define NO_SESSION_CACHE +#endif + + +/* ------------------------------------------------------------------------- */ +/* Crypto */ +/* ------------------------------------------------------------------------- */ +/* RSA */ +#undef NO_RSA +#if defined(WOLF_CONF_RSA) && WOLF_CONF_RSA == 1 + #ifdef USE_FAST_MATH + /* Maximum math bits (Max RSA key bits * 2) */ + #undef FP_MAX_BITS + #define FP_MAX_BITS 4096 + #endif + + /* half as much memory but twice as slow */ + #undef RSA_LOW_MEM + //#define RSA_LOW_MEM + + /* Enables blinding mode, to prevent timing attacks */ + #undef WC_RSA_BLINDING + #define WC_RSA_BLINDING + + /* RSA PSS Support (required for TLS v1.3) */ + #ifdef WOLFSSL_TLS13 + #define WC_RSA_PSS + #endif +#else + #define NO_RSA +#endif + +/* ECC */ +#undef HAVE_ECC +#if defined(WOLF_CONF_ECC) && WOLF_CONF_ECC == 1 + #define HAVE_ECC + + /* Manually define enabled curves */ + #define ECC_USER_CURVES + + //#define HAVE_ECC192 + //#define HAVE_ECC224 + #undef NO_ECC256 + //#define HAVE_ECC384 + //#define HAVE_ECC521 + + /* Fixed point cache (speeds repeated operations against same private key) */ + #undef FP_ECC + //#define FP_ECC + #ifdef FP_ECC + /* Bits / Entries */ + #undef FP_ENTRIES + #define FP_ENTRIES 2 + #undef FP_LUT + #define FP_LUT 4 + #endif + + /* Optional ECC calculation method */ + /* Note: doubles heap usage, but slightly faster */ + #undef ECC_SHAMIR + #define ECC_SHAMIR + + /* Reduces heap usage, but slower */ + #define ECC_TIMING_RESISTANT + + /* Compressed ECC key support */ + //#define HAVE_COMP_KEY + + #ifdef USE_FAST_MATH + #ifdef NO_RSA + /* Custom fastmath size if not using RSA */ + /* MAX = ROUND32(ECC BITS) * 2 */ + #define FP_MAX_BITS (256 * 2) + #else + #define ALT_ECC_SIZE + #endif + + /* Enable TFM optimizations for ECC */ + //#define TFM_ECC192 + //#define TFM_ECC224 + //#define TFM_ECC256 + //#define TFM_ECC384 + //#define TFM_ECC521 + #endif +#endif + +/* DH */ +#undef NO_DH +#if defined(WOLF_CONF_DH) && WOLF_CONF_DH == 1 + #define HAVE_DH /* freeRTOS settings.h requires this */ + #define HAVE_FFDHE_2048 + #define HAVE_DH_DEFAULT_PARAMS +#else + #define NO_DH +#endif + +/* AES */ +#if defined(WOLF_CONF_AESGCM) && WOLF_CONF_AESGCM == 1 + #define HAVE_AESGCM + /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */ + /* GCM_TABLE is about 4K larger and 3x faster */ + #define GCM_SMALL + #define HAVE_AES_DECRYPT +#endif + +#if defined(WOLF_CONF_AESCBC) && WOLF_CONF_AESCBC == 1 + #define HAVE_AES_CBC + #define HAVE_AES_DECRYPT +#endif + +/* Other possible AES modes */ +//#define WOLFSSL_AES_COUNTER +//#define HAVE_AESCCM +//#define WOLFSSL_AES_XTS +//#define WOLFSSL_AES_DIRECT +//#define HAVE_AES_ECB +//#define HAVE_AES_KEYWRAP +//#define AES_MAX_KEY_SIZE 256 + +/* ChaCha20 / Poly1305 */ +#undef HAVE_CHACHA +#undef HAVE_POLY1305 +#if defined(WOLF_CONF_CHAPOLY) && WOLF_CONF_CHAPOLY == 1 + #define HAVE_CHACHA + #define HAVE_POLY1305 + + /* Needed for Poly1305 */ + #undef HAVE_ONE_TIME_AUTH + #define HAVE_ONE_TIME_AUTH +#endif + +/* Ed25519 / Curve25519 */ +#undef HAVE_CURVE25519 +#undef HAVE_ED25519 +#if defined(WOLF_CONF_EDCURVE25519) && WOLF_CONF_EDCURVE25519 == 1 + #define HAVE_CURVE25519 + #define HAVE_ED25519 + + /* Optionally use small math (less flash usage, but much slower) */ + #define CURVED25519_SMALL +#endif + + +/* ------------------------------------------------------------------------- */ +/* Hashing */ +/* ------------------------------------------------------------------------- */ +/* Sha1 */ +#undef NO_SHA +#if defined(WOLF_CONF_SHA1) && WOLF_CONF_SHA1 == 1 + /* 1k smaller, but 25% slower */ + //#define USE_SLOW_SHA +#else + #define NO_SHA +#endif + +/* Sha2-256 */ +#undef NO_SHA256 +#if defined(WOLF_CONF_SHA2_256) && WOLF_CONF_SHA2_256 == 1 + /* not unrolled - ~2k smaller and ~25% slower */ + //#define USE_SLOW_SHA256 + + //#define WOLFSSL_SHAKE256 + + /* Sha2-224 */ + #if defined(WOLF_CONF_SHA2_224) && WOLF_CONF_SHA2_224 == 1 + #define WOLFSSL_SHA224 + #endif +#else + #define NO_SHA256 +#endif + +/* Sha2-512 */ +#undef WOLFSSL_SHA512 +#if defined(WOLF_CONF_SHA2_512) && WOLF_CONF_SHA2_512 == 1 + /* over twice as small, but 50% slower */ + //#define USE_SLOW_SHA512 + + #define WOLFSSL_SHA512 + #define HAVE_SHA512 /* freeRTOS settings.h requires this */ +#endif + +/* Sha2-384 */ +#undef WOLFSSL_SHA384 +#if defined(WOLF_CONF_SHA2_384) && WOLF_CONF_SHA2_384 == 1 + #define WOLFSSL_SHA384 +#endif + +/* Sha3 */ +#undef WOLFSSL_SHA3 +#if defined(WOLF_CONF_SHA3) && WOLF_CONF_SHA3 == 1 + #define WOLFSSL_SHA3 +#endif + +/* MD5 */ +#if defined(WOLF_CONF_MD5) && WOLF_CONF_MD5 == 1 + /* enabled */ +#else + #define NO_MD5 +#endif + + +/* ------------------------------------------------------------------------- */ +/* Benchmark / Test */ +/* ------------------------------------------------------------------------- */ +/* Use reduced benchmark / test sizes */ +#define BENCH_EMBEDDED +#define USE_CERT_BUFFERS_2048 +#define USE_CERT_BUFFERS_256 + + +/* ------------------------------------------------------------------------- */ +/* Debugging */ +/* ------------------------------------------------------------------------- */ +#if defined(WOLF_CONF_DEBUG) && WOLF_CONF_DEBUG == 1 + #define DEBUG_WOLFSSL + + /* Use this to measure / print heap usage */ + #if 0 + #define USE_WOLFSSL_MEMORY + #define WOLFSSL_TRACK_MEMORY + #define WOLFSSL_DEBUG_MEMORY + #define WOLFSSL_DEBUG_MEMORY_PRINT + #endif +#else + //#define NO_WOLFSSL_MEMORY + //#define NO_ERROR_STRINGS +#endif + + +/* ------------------------------------------------------------------------- */ +/* Port */ +/* ------------------------------------------------------------------------- */ + +/* Override Current Time */ +/* Allows custom "custom_time()" function to be used for benchmark */ +#define WOLFSSL_USER_CURRTIME + + +/* ------------------------------------------------------------------------- */ +/* RNG */ +/* ------------------------------------------------------------------------- */ +#define NO_OLD_RNGNAME /* conflicts with STM RNG macro */ +#define HAVE_HASHDRBG + + +/* ------------------------------------------------------------------------- */ +/* Disable Features */ +/* ------------------------------------------------------------------------- */ +#if defined(WOLF_CONF_TLS12) && WOLF_CONF_TLS12 == 0 + #define WOLFSSL_NO_TLS12 +#endif +#if defined(WOLF_CONF_WOLFCRYPT_ONLY) && WOLF_CONF_WOLFCRYPT_ONLY == 1 + #define WOLFCRYPT_ONLY +#endif +//#define NO_WOLFSSL_SERVER +//#define NO_WOLFSSL_CLIENT + +#if defined(WOLF_CONF_TEST) && WOLF_CONF_TEST == 0 + #define NO_CRYPT_TEST + #define NO_CRYPT_BENCHMARK +#endif + +#define NO_FILESYSTEM +#define NO_WRITEV +#define NO_MAIN_DRIVER +#define NO_DEV_RANDOM +#define NO_OLD_TLS +#define WOLFSSL_NO_CLIENT_AUTH /* disable client auth for Ed25519/Ed448 */ + +#define NO_DSA +#define NO_RC4 +#define NO_HC128 +#define NO_RABBIT +#define NO_MD4 +#define NO_DES3 + +/* In-lining of misc.c functions */ +/* If defined, must include wolfcrypt/src/misc.c in build */ +/* Slower, but about 1k smaller */ +//#define NO_INLINE + +/* Base16 / Base64 encoding */ +//#define NO_CODING + +/* bypass certificate date checking, due to lack of properly configured RTC source */ +#ifndef HAL_RTC_MODULE_ENABLED + #define NO_ASN_TIME +#endif + + +#ifdef __cplusplus +} +#endif +#endif /*__ ${inclusion_protection}_H */ + +/** + * @} + */ + +/*****END OF FILE****/ diff --git a/IDE/STM32Cube/include.am b/IDE/STM32Cube/include.am index 8f6ceadc5..9cf2e6427 100644 --- a/IDE/STM32Cube/include.am +++ b/IDE/STM32Cube/include.am @@ -5,6 +5,7 @@ EXTRA_DIST+= IDE/STM32Cube/README.md EXTRA_DIST+= IDE/STM32Cube/main.c EXTRA_DIST+= IDE/STM32Cube/wolfssl_example.c -EXTRA_DIST+= IDE/STM32Cube/wolfSSL.wolfSSL_conf.h +EXTRA_DIST+= IDE/STM32Cube/wolfSSL_conf.h EXTRA_DIST+= IDE/STM32Cube/wolfssl_example.h EXTRA_DIST+= IDE/STM32Cube/STM32_Benchmarks.md +EXTRA_DIST+= IDE/STM32Cube/default_conf.ftl diff --git a/IDE/STM32Cube/main.c b/IDE/STM32Cube/main.c index 6c35e8f98..a2d8e0eb2 100644 --- a/IDE/STM32Cube/main.c +++ b/IDE/STM32Cube/main.c @@ -25,6 +25,7 @@ /* Includes ------------------------------------------------------------------*/ #include "wolfssl_example.h" +#include "wolfssl/wolfcrypt/settings.h" /* Private variables ---------------------------------------------------------*/ CRYP_HandleTypeDef hcryp; @@ -66,7 +67,7 @@ int __io_putchar(int ch) int fputc(int ch, FILE *f) #endif { - HAL_UART_Transmit(&huart4, (uint8_t *)&ch, 1, 0xFFFF); + HAL_UART_Transmit(&HAL_CONSOLE_UART, (uint8_t *)&ch, 1, 0xFFFF); return ch; } diff --git a/IDE/STM32Cube/wolfSSL.wolfSSL_conf.h b/IDE/STM32Cube/wolfSSL_conf.h similarity index 97% rename from IDE/STM32Cube/wolfSSL.wolfSSL_conf.h rename to IDE/STM32Cube/wolfSSL_conf.h index abc0cffd3..67e5c21e2 100644 --- a/IDE/STM32Cube/wolfSSL.wolfSSL_conf.h +++ b/IDE/STM32Cube/wolfSSL_conf.h @@ -1,4 +1,4 @@ -/* wolfSSL.wolfSSL_conf.h +/* wolfSSL_conf.h (example of generated wolfSSL.wolfSSL_conf.h) * * Copyright (C) 2006-2020 wolfSSL Inc. * @@ -19,7 +19,9 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -/* STM32 Cube Configuration File +/* STM32 Cube Sample Configuration File + * Generated automatically using `default_conf.ftl` template + * * Included automatically when USE_HAL_DRIVER is defined * (and not WOLFSSL_USER_SETTINGS or HAVE_CONF_H). */ @@ -169,6 +171,11 @@ extern "C" { #define WOLFSSL_STM32F1 #define HAL_CONSOLE_UART huart4 #define NO_STM32_RNG +#elif defined(STM32F401xE) + #define WOLFSSL_STM32F4 + #define HAL_CONSOLE_UART huart2 + #define NO_STM32_RNG + #define WOLFSSL_GENSEED_FORTEST #else #warning Please define a hardware platform! #define WOLFSSL_STM32F4 /* default */ diff --git a/IDE/STM32Cube/wolfssl_example.c b/IDE/STM32Cube/wolfssl_example.c index 168cc848c..f604c1788 100644 --- a/IDE/STM32Cube/wolfssl_example.c +++ b/IDE/STM32Cube/wolfssl_example.c @@ -64,7 +64,7 @@ #undef MEM_BUFFER_SZ #define MEM_BUFFER_SZ 2048 #endif -#define SHOW_VERBOSE 0 /* Default output is tab delimited format */ +#define SHOW_VERBOSE 0 /* 0=tab del (minimal), 1=info, 2=debug, 3=debug w/wolf logs */ #ifndef WOLFSSL_CIPHER_LIST_MAX_SIZE #define WOLFSSL_CIPHER_LIST_MAX_SIZE 2048 #endif @@ -77,7 +77,7 @@ #define BENCH_USE_NONBLOCK #endif #ifndef RECV_WAIT_TIMEOUT - #define RECV_WAIT_TIMEOUT 4000 + #define RECV_WAIT_TIMEOUT 10000 #endif /***************************************************************************** @@ -510,6 +510,8 @@ static int ServerMemSend(info_t* info, char* buf, int sz) sz = MEM_BUFFER_SZ - info->to_client.write_idx; #endif + if (info->showVerbose >= 2) + printf("Server Send: %d\n", sz); XMEMCPY(&info->to_client.buf[info->to_client.write_idx], buf, sz); info->to_client.write_idx += sz; info->to_client.write_bytes += sz; @@ -543,11 +545,13 @@ static int ServerMemRecv(info_t* info, char* buf, int sz) osSemaphoreRelease(info->server.mutex); #ifdef CMSIS_OS2_H_ if (osThreadFlagsWait(1, osFlagsWaitAny, RECV_WAIT_TIMEOUT) == osFlagsErrorTimeout) { + printf("Server Recv: Timeout!\n"); return WOLFSSL_CBIO_ERR_TIMEOUT; } osSemaphoreAcquire(info->server.mutex, osWaitForever); #else if (osSignalWait(1, RECV_WAIT_TIMEOUT) == osEventTimeout) { + printf("Server Recv: Timeout!\n"); return WOLFSSL_CBIO_ERR_TIMEOUT; } osSemaphoreWait(info->server.mutex, osWaitForever); @@ -567,9 +571,12 @@ static int ServerMemRecv(info_t* info, char* buf, int sz) info->to_server.read_bytes = info->to_server.read_idx = 0; info->to_server.write_bytes = info->to_server.write_idx = 0; } + if (info->showVerbose >= 2) + printf("Server Recv: %d\n", sz); osSemaphoreRelease(info->server.mutex); + #ifdef BENCH_USE_NONBLOCK if (sz == 0) return WOLFSSL_CBIO_ERR_WANT_READ; @@ -599,6 +606,8 @@ static int ClientMemSend(info_t* info, char* buf, int sz) sz = MEM_BUFFER_SZ - info->to_server.write_idx; #endif + if (info->showVerbose >= 2) + printf("Client Send: %d\n", sz); XMEMCPY(&info->to_server.buf[info->to_server.write_idx], buf, sz); info->to_server.write_idx += sz; info->to_server.write_bytes += sz; @@ -632,11 +641,13 @@ static int ClientMemRecv(info_t* info, char* buf, int sz) osSemaphoreRelease(info->client.mutex); #ifdef CMSIS_OS2_H_ if (osThreadFlagsWait(1, osFlagsWaitAny, RECV_WAIT_TIMEOUT) == osFlagsErrorTimeout) { + printf("Client Recv: Timeout!\n"); return WOLFSSL_CBIO_ERR_TIMEOUT; } osSemaphoreAcquire(info->client.mutex, osWaitForever); #else if (osSignalWait(1, RECV_WAIT_TIMEOUT) == osEventTimeout) { + printf("Client Recv: Timeout!\n"); return WOLFSSL_CBIO_ERR_TIMEOUT; } osSemaphoreWait(info->client.mutex, osWaitForever); @@ -656,6 +667,8 @@ static int ClientMemRecv(info_t* info, char* buf, int sz) info->to_client.read_bytes = info->to_client.read_idx = 0; info->to_client.write_bytes = info->to_client.write_idx = 0; } + if (info->showVerbose >= 2) + printf("Client Recv: %d\n", sz); osSemaphoreRelease(info->client.mutex); @@ -1277,7 +1290,7 @@ int bench_tls(void* args) int argShowPeerInfo = BENCH_SHOW_PEER_INFO; #ifdef DEBUG_WOLFSSL - if (argShowVerbose) { + if (argShowVerbose >= 3) { wolfSSL_Debugging_ON(); } else { diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 27b2130f8..5b0338f60 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -6347,12 +6347,12 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, word32 keySize; word32 partial = sz % AES_BLOCK_SIZE; word32 tag[AES_BLOCK_SIZE/sizeof(word32)]; + word32 tagExpected[AES_BLOCK_SIZE/sizeof(word32)]; word32 partialBlock[AES_BLOCK_SIZE/sizeof(word32)]; word32 ctr[AES_BLOCK_SIZE/sizeof(word32)]; - word32 ctrInit[AES_BLOCK_SIZE/sizeof(word32)]; word32 authhdr[AES_BLOCK_SIZE/sizeof(word32)]; byte* authInPadded = NULL; - int authPadSz, wasAlloc = 0; + int authPadSz, wasAlloc = 0, tagComputed = 0; ret = wc_AesGetKeySize(aes, &keySize); if (ret != 0) @@ -6373,7 +6373,19 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, else { GHASH(aes, NULL, 0, iv, ivSz, (byte*)ctr, AES_BLOCK_SIZE); } - XMEMCPY(ctrInit, ctr, sizeof(ctr)); /* save off initial counter for GMAC */ + + /* Make copy of expected authTag, which could get corrupted in some + * Cube HAL versions without proper partial block support. + * For TLS blocks the authTag is after the output buffer, so save it */ + XMEMCPY(tagExpected, authTag, authTagSz); + + /* for cases where hardware cannot be used for authTag calculate it */ + if (sz == 0 || partial != 0 || ivSz != GCM_NONCE_MID_SZ) { + GHASH(aes, authIn, authInSz, in, sz, (byte*)tag, sizeof(tag)); + wc_AesEncrypt(aes, (byte*)ctr, (byte*)partialBlock); + xorbuf(tag, partialBlock, sizeof(tag)); + tagComputed = 1; + } /* Authentication buffer - must be 4-byte multiple zero padded */ authPadSz = authInSz % sizeof(word32); @@ -6419,7 +6431,7 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, /* GCM payload phase - can handle partial blocks */ status = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in, (blocks * AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT); - if (status == HAL_OK) { + if (status == HAL_OK && tagComputed == 0) { /* Compute the authTag */ status = HAL_CRYPEx_AESGCM_GenerateAuthTAG(&hcryp, (uint32_t*)tag, STM32_HAL_TIMEOUT); @@ -6457,7 +6469,7 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, (byte*)partialBlock, STM32_HAL_TIMEOUT); XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial); } - if (status == HAL_OK) { + if (status == HAL_OK && tagComputed == 0) { /* GCM final phase */ hcryp.Init.GCMCMACPhase = CRYP_FINAL_PHASE; status = HAL_CRYPEx_AES_Auth(&hcryp, NULL, sz, (byte*)tag, STM32_HAL_TIMEOUT); @@ -6478,7 +6490,7 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, (byte*)partialBlock, STM32_HAL_TIMEOUT); XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial); } - if (status == HAL_OK) { + if (status == HAL_OK && tagComputed == 0) { /* Compute the authTag */ status = HAL_CRYPEx_AESGCM_Finish(&hcryp, sz, (byte*)tag, STM32_HAL_TIMEOUT); } @@ -6495,25 +6507,21 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, /* Input size and auth size need to be the actual sizes, even though * they are not block aligned, because this length (in bits) is used * in the final GHASH. */ + XMEMSET(partialBlock, 0, sizeof(partialBlock)); /* use this to get tag */ status = CRYP_AES_GCM(MODE_DECRYPT, (uint8_t*)ctr, (uint8_t*)keyCopy, keySize * 8, (uint8_t*)in, sz, (uint8_t*)authInPadded, authInSz, - (uint8_t*)out, (uint8_t*)tag); + (uint8_t*)out, (uint8_t*)partialBlock); if (status != SUCCESS) ret = AES_GCM_AUTH_E; + if (tagComputed == 0) + XMEMCPY(tag, partialBlock, authTagSz); #endif /* WOLFSSL_STM32_CUBEMX */ wolfSSL_CryptHwMutexUnLock(); - /* For STM32 GCM fallback to software if partial AES block or IV != 12 */ - if (sz == 0 || partial != 0 || ivSz != GCM_NONCE_MID_SZ) { - GHASH(aes, authIn, authInSz, in, sz, (byte*)tag, sizeof(tag)); - wc_AesEncrypt(aes, (byte*)ctrInit, (byte*)partialBlock); - xorbuf(tag, partialBlock, sizeof(tag)); - } - /* Check authentication tag */ - if (ConstantCompare(authTag, (byte*)tag, authTagSz) != 0) { + if (ConstantCompare((const byte*)tagExpected, (byte*)tag, authTagSz) != 0) { ret = AES_GCM_AUTH_E; } diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index b683e73b0..f92b8d558 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -1259,11 +1259,11 @@ extern void uITRON4_free(void *p) ; #endif #define NO_OLD_RNGNAME #ifdef WOLFSSL_STM32_CUBEMX - #if defined(WOLFSSL_STM32F1) - #include "stm32f1xx_hal.h" + #if defined(WOLFSSL_STM32F1) + #include "stm32f1xx_hal.h" #elif defined(WOLFSSL_STM32F2) #include "stm32f2xx_hal.h" - #elif defined(WOLFSSL_STM32L5) + #elif defined(WOLFSSL_STM32L5) #include "stm32l5xx_hal.h" #elif defined(WOLFSSL_STM32L4) #include "stm32l4xx_hal.h" @@ -1302,7 +1302,7 @@ extern void uITRON4_free(void *p) ; #ifdef STM32_HASH #include "stm32f4xx_hash.h" #endif - #elif defined(WOLFSSL_STM32L5) + #elif defined(WOLFSSL_STM32L5) #include "stm32l5xx.h" #ifdef STM32_CRYPTO #include "stm32l5xx_cryp.h" @@ -1310,7 +1310,7 @@ extern void uITRON4_free(void *p) ; #ifdef STM32_HASH #include "stm32l5xx_hash.h" #endif - #elif defined(WOLFSSL_STM32L4) + #elif defined(WOLFSSL_STM32L4) #include "stm32l4xx.h" #ifdef STM32_CRYPTO #include "stm32l4xx_cryp.h" @@ -1327,7 +1327,7 @@ extern void uITRON4_free(void *p) ; #endif #endif /* WOLFSSL_STM32_CUBEMX */ #endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32L4 || - WOLFSSL_STM32L5 || WOLFSSL_STM32F7 || WOLFSSL_STMWB || WOLFSSL_STM32H7 */ + WOLFSSL_STM32L5 || WOLFSSL_STM32F7 || WOLFSSL_STMWB || WOLFSSL_STM32H7 */ #ifdef WOLFSSL_DEOS #include #include