From 0f48ae77ef293c5e8109eda31e1011e984381cd6 Mon Sep 17 00:00:00 2001 From: David Garske Date: Mon, 21 Sep 2020 15:22:20 -0700 Subject: [PATCH 1/4] Added the wolfSSL configuration template that is used for the Cube pack. This will be the source for the template going forward. Added some useful debugging options and increased the timeout for the TLS example. --- IDE/STM32Cube/README.md | 41 +++ IDE/STM32Cube/default_conf.ftl | 521 +++++++++++++++++++++++++++ IDE/STM32Cube/include.am | 1 + IDE/STM32Cube/main.c | 3 +- IDE/STM32Cube/wolfSSL.wolfSSL_conf.h | 7 + IDE/STM32Cube/wolfssl_example.c | 18 +- 6 files changed, 587 insertions(+), 4 deletions(-) create mode 100644 IDE/STM32Cube/default_conf.ftl diff --git a/IDE/STM32Cube/README.md b/IDE/STM32Cube/README.md index 28ac87aeb..2710707b8 100644 --- a/IDE/STM32Cube/README.md +++ b/IDE/STM32Cube/README.md @@ -87,6 +87,47 @@ Please select one of the above options: See [STM32_Benchmarks.md](STM32_Benchmarks.md). +## STM32 Printf + +In main.c make the following changes: + +``` +/* Retargets the C library printf function to the USART. */ +#include +#include +#ifdef __GNUC__ +int __io_putchar(int ch) +#else +int fputc(int ch, FILE *f) +#endif +{ + HAL_UART_Transmit(&HAL_CONSOLE_UART, (uint8_t *)&ch, 1, 0xFFFF); + + return ch; +} +#ifdef __GNUC__ +int _write(int file,char *ptr, int len) +{ + int DataIdx; + for (DataIdx= 0; DataIdx< len; DataIdx++) { + __io_putchar(*ptr++); + } + return len; +} +#endif + +int main(void) +{ + /* Reset of all peripherals, Initializes the Flash interface and the Systick. */ + HAL_Init(); + + /* Turn off buffers, so I/O occurs immediately */ + setvbuf(stdin, NULL, _IONBF, 0); + setvbuf(stdout, NULL, _IONBF, 0); + setvbuf(stderr, NULL, _IONBF, 0); + +``` + ## Support For questions please email [support@wolfssl.com](mailto:support@wolfssl.com) diff --git a/IDE/STM32Cube/default_conf.ftl b/IDE/STM32Cube/default_conf.ftl new file mode 100644 index 000000000..bb7d3ace4 --- /dev/null +++ b/IDE/STM32Cube/default_conf.ftl @@ -0,0 +1,521 @@ +[#ftl] +/** + ****************************************************************************** + * File Name : ${name} + * Description : This file provides code for the configuration + * of the ${name} instances. + ****************************************************************************** +[@common.optinclude name=mxTmpFolder+"/license.tmp"/][#--include License text --] + ****************************************************************************** + */ +[#assign s = name] +[#assign toto = s?replace(".","_")] +[#assign toto = toto?replace("/","")] +[#assign inclusion_protection = toto?upper_case] +/* Define to prevent recursive inclusion -------------------------------------*/ +#ifndef __${inclusion_protection}__ +#define __${inclusion_protection}__ + +#ifdef __cplusplus + extern "C" { +#endif + +/* Includes ------------------------------------------------------------------*/ +[#if includes??] +[#list includes as include] +#include "${include}" +[/#list] +[/#if] + +[#-- SWIPdatas is a list of SWIPconfigModel --] +[#list SWIPdatas as SWIP] +[#-- Global variables --] +[#if SWIP.variables??] + [#list SWIP.variables as variable] +extern ${variable.value} ${variable.name}; + [/#list] +[/#if] + +[#-- Global variables --] + +[#assign instName = SWIP.ipName] +[#assign fileName = SWIP.fileName] +[#assign version = SWIP.version] + +/** + MiddleWare name : ${instName} + MiddleWare fileName : ${fileName} + MiddleWare version : ${version} +*/ +[#if SWIP.defines??] + [#list SWIP.defines as definition] +/*---------- [#if definition.comments??]${definition.comments}[/#if] -----------*/ +#define ${definition.name} #t#t ${definition.value} +[#if definition.description??]${definition.description} [/#if] + [/#list] +[/#if] + + + +[/#list] + +/* ------------------------------------------------------------------------- */ +/* Hardware platform */ +/* ------------------------------------------------------------------------- */ +#define NO_STM32_HASH +#define NO_STM32_CRYPTO + +#if defined(STM32WB55xx) + #define WOLFSSL_STM32WB + #define WOLFSSL_STM32_PKA + #undef NO_STM32_CRYPTO + #define HAL_CONSOLE_UART huart1 +#elif defined(STM32F407xx) + #define WOLFSSL_STM32F4 + #define HAL_CONSOLE_UART huart2 +#elif defined(STM32F437xx) + #define WOLFSSL_STM32F4 + #undef NO_STM32_HASH + #undef NO_STM32_CRYPTO + #define STM32_HAL_V2 + #define HAL_CONSOLE_UART huart4 +#elif defined(STM32F777xx) + #define WOLFSSL_STM32F7 + #undef NO_STM32_HASH + #undef NO_STM32_CRYPTO + #define STM32_HAL_V2 + #define HAL_CONSOLE_UART huart2 +#elif defined(STM32H753xx) + #define WOLFSSL_STM32H7 + #undef NO_STM32_HASH + #undef NO_STM32_CRYPTO + #define HAL_CONSOLE_UART huart3 +#elif defined(STM32L4A6xx) + #define WOLFSSL_STM32L4 + #undef NO_STM32_HASH + #undef NO_STM32_CRYPTO + #define HAL_CONSOLE_UART hlpuart1 +#elif defined(STM32L475xx) + #define WOLFSSL_STM32L4 + #define HAL_CONSOLE_UART huart1 +#elif defined(STM32L562xx) + #define WOLFSSL_STM32L5 + #define WOLFSSL_STM32_PKA + #undef NO_STM32_HASH + #undef NO_STM32_CRYPTO + #define HAL_CONSOLE_UART huart1 +#elif defined(STM32L552xx) + #define WOLFSSL_STM32L5 + #undef NO_STM32_HASH + #define HAL_CONSOLE_UART hlpuart1 +#elif defined(STM32F207xx) + #define WOLFSSL_STM32F2 + #define HAL_CONSOLE_UART huart3 +#elif defined(STM32F107xC) + #define WOLFSSL_STM32F1 + #define HAL_CONSOLE_UART huart4 + #define NO_STM32_RNG +#elif defined(STM32F401xE) + #define WOLFSSL_STM32F4 + #define HAL_CONSOLE_UART huart2 + #define NO_STM32_RNG + #define WOLFSSL_GENSEED_FORTEST +#else + #warning Please define a hardware platform! + #define WOLFSSL_STM32F4 /* default */ + #define HAL_CONSOLE_UART huart4 +#endif + + +/* ------------------------------------------------------------------------- */ +/* Platform */ +/* ------------------------------------------------------------------------- */ +#define SIZEOF_LONG_LONG 8 +#define WOLFSSL_GENERAL_ALIGNMENT 4 +#define WOLFSSL_STM32_CUBEMX +#define WOLFSSL_SMALL_STACK +#define WOLFSSL_USER_IO +#define WOLFSSL_NO_SOCK +#define WOLFSSL_IGNORE_FILE_WARN + + +/* ------------------------------------------------------------------------- */ +/* Operating System */ +/* ------------------------------------------------------------------------- */ +#if defined(WOLF_CONF_RTOS) && WOLF_CONF_RTOS == 2 + #define FREERTOS +#else + #define SINGLE_THREADED +#endif + + +/* ------------------------------------------------------------------------- */ +/* Math Configuration */ +/* ------------------------------------------------------------------------- */ +/* 1=Fast, 2=Normal, 3=SP C, 4=SP Cortex-M */ +#if defined(WOLF_CONF_MATH) && WOLF_CONF_MATH != 2 + /* fast (stack) math */ + #define USE_FAST_MATH + #define TFM_TIMING_RESISTANT + + /* Optimizations (TFM_ARM, TFM_ASM or none) */ + //#define TFM_NO_ASM + //#define TFM_ASM +#endif +#if defined(WOLF_CONF_MATH) && (WOLF_CONF_MATH == 3 || WOLF_CONF_MATH == 4) + /* single precision only */ + #define WOLFSSL_SP + #define WOLFSSL_SP_SMALL /* use smaller version of code */ + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_HAVE_SP_DH + #define WOLFSSL_HAVE_SP_ECC + #define WOLFSSL_SP_MATH + #define SP_WORD_SIZE 32 + + //#define WOLFSSL_SP_NO_MALLOC + //#define WOLFSSL_SP_CACHE_RESISTANT + + /* single precision Cortex-M only */ + #if WOLF_CONF_MATH == 4 + #define WOLFSSL_SP_ASM /* required if using the ASM versions */ + #define WOLFSSL_SP_ARM_CORTEX_M_ASM + #endif +#endif + + +/* ------------------------------------------------------------------------- */ +/* Enable Features */ +/* ------------------------------------------------------------------------- */ +/* Required for TLS */ +#define HAVE_TLS_EXTENSIONS +#define HAVE_SUPPORTED_CURVES +#define HAVE_ENCRYPT_THEN_MAC +#define HAVE_EXTENDED_MASTER + +#if defined(WOLF_CONF_TLS13) && WOLF_CONF_TLS13 == 1 + #define WOLFSSL_TLS13 + #define HAVE_HKDF +#endif +#if defined(WOLF_CONF_DTLS) && WOLF_CONF_DTLS == 1 + #define WOLFSSL_DTLS +#endif +#if defined(WOLF_CONF_PSK) && WOLF_CONF_PSK == 0 + #define NO_PSK +#endif +#if defined(WOLF_CONF_PWDBASED) && WOLF_CONF_PWDBASED == 0 + #define NO_PWDBASED +#endif +#if defined(WOLF_CONF_KEEP_PEER_CERT) && WOLF_CONF_KEEP_PEER_CERT == 1 + #define KEEP_PEER_CERT +#endif +#if defined(WOLF_CONF_BASE64_ENCODE) && WOLF_CONF_BASE64_ENCODE == 1 + #define WOLFSSL_BASE64_ENCODE +#endif +#if defined(WOLF_CONF_OPENSSL_EXTRA) && WOLF_CONF_OPENSSL_EXTRA == 1 + #define OPENSSL_EXTRA +#endif + +/* TLS Session Cache */ +#if 0 + #define SMALL_SESSION_CACHE +#else + #define NO_SESSION_CACHE +#endif + + +/* ------------------------------------------------------------------------- */ +/* Crypto */ +/* ------------------------------------------------------------------------- */ +/* RSA */ +#undef NO_RSA +#if defined(WOLF_CONF_RSA) && WOLF_CONF_RSA == 1 + #ifdef USE_FAST_MATH + /* Maximum math bits (Max RSA key bits * 2) */ + #undef FP_MAX_BITS + #define FP_MAX_BITS 4096 + #endif + + /* half as much memory but twice as slow */ + #undef RSA_LOW_MEM + //#define RSA_LOW_MEM + + /* Enables blinding mode, to prevent timing attacks */ + #undef WC_RSA_BLINDING + #define WC_RSA_BLINDING + + /* RSA PSS Support (required for TLS v1.3) */ + #ifdef WOLFSSL_TLS13 + #define WC_RSA_PSS + #endif +#else + #define NO_RSA +#endif + +/* ECC */ +#undef HAVE_ECC +#if defined(WOLF_CONF_ECC) && WOLF_CONF_ECC == 1 + #define HAVE_ECC + + /* Manually define enabled curves */ + #define ECC_USER_CURVES + + //#define HAVE_ECC192 + //#define HAVE_ECC224 + #undef NO_ECC256 + //#define HAVE_ECC384 + //#define HAVE_ECC521 + + /* Fixed point cache (speeds repeated operations against same private key) */ + #undef FP_ECC + //#define FP_ECC + #ifdef FP_ECC + /* Bits / Entries */ + #undef FP_ENTRIES + #define FP_ENTRIES 2 + #undef FP_LUT + #define FP_LUT 4 + #endif + + /* Optional ECC calculation method */ + /* Note: doubles heap usage, but slightly faster */ + #undef ECC_SHAMIR + #define ECC_SHAMIR + + /* Reduces heap usage, but slower */ + #define ECC_TIMING_RESISTANT + + /* Compressed ECC key support */ + //#define HAVE_COMP_KEY + + #ifdef USE_FAST_MATH + #ifdef NO_RSA + /* Custom fastmath size if not using RSA */ + /* MAX = ROUND32(ECC BITS) * 2 */ + #define FP_MAX_BITS (256 * 2) + #else + #define ALT_ECC_SIZE + #endif + + /* Enable TFM optimizations for ECC */ + //#define TFM_ECC192 + //#define TFM_ECC224 + //#define TFM_ECC256 + //#define TFM_ECC384 + //#define TFM_ECC521 + #endif +#endif + +/* DH */ +#undef NO_DH +#if defined(WOLF_CONF_DH) && WOLF_CONF_DH == 1 + #define HAVE_DH /* freeRTOS settings.h requires this */ + #define HAVE_FFDHE_2048 + #define HAVE_DH_DEFAULT_PARAMS +#else + #define NO_DH +#endif + +/* AES */ +#if defined(WOLF_CONF_AESGCM) && WOLF_CONF_AESGCM == 1 + #define HAVE_AESGCM + /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */ + /* GCM_TABLE is about 4K larger and 3x faster */ + #define GCM_SMALL + #define HAVE_AES_DECRYPT +#endif + +#if defined(WOLF_CONF_AESCBC) && WOLF_CONF_AESCBC == 1 + #define HAVE_AES_CBC + #define HAVE_AES_DECRYPT +#endif + +/* Other possible AES modes */ +//#define WOLFSSL_AES_COUNTER +//#define HAVE_AESCCM +//#define WOLFSSL_AES_XTS +//#define WOLFSSL_AES_DIRECT +//#define HAVE_AES_ECB +//#define HAVE_AES_KEYWRAP +//#define AES_MAX_KEY_SIZE 256 + +/* ChaCha20 / Poly1305 */ +#undef HAVE_CHACHA +#undef HAVE_POLY1305 +#if defined(WOLF_CONF_CHAPOLY) && WOLF_CONF_CHAPOLY == 1 + #define HAVE_CHACHA + #define HAVE_POLY1305 + + /* Needed for Poly1305 */ + #undef HAVE_ONE_TIME_AUTH + #define HAVE_ONE_TIME_AUTH +#endif + +/* Ed25519 / Curve25519 */ +#undef HAVE_CURVE25519 +#undef HAVE_ED25519 +#if defined(WOLF_CONF_EDCURVE25519) && WOLF_CONF_EDCURVE25519 == 1 + #define HAVE_CURVE25519 + #define HAVE_ED25519 + + /* Optionally use small math (less flash usage, but much slower) */ + #define CURVED25519_SMALL +#endif + + +/* ------------------------------------------------------------------------- */ +/* Hashing */ +/* ------------------------------------------------------------------------- */ +/* Sha1 */ +#undef NO_SHA +#if defined(WOLF_CONF_SHA1) && WOLF_CONF_SHA1 == 1 + /* 1k smaller, but 25% slower */ + //#define USE_SLOW_SHA +#else + #define NO_SHA +#endif + +/* Sha2-256 */ +#undef NO_SHA256 +#if defined(WOLF_CONF_SHA2_256) && WOLF_CONF_SHA2_256 == 1 + /* not unrolled - ~2k smaller and ~25% slower */ + //#define USE_SLOW_SHA256 + + //#define WOLFSSL_SHAKE256 + + /* Sha2-224 */ + #if defined(WOLF_CONF_SHA2_224) && WOLF_CONF_SHA2_224 == 1 + #define WOLFSSL_SHA224 + #endif +#else + #define NO_SHA256 +#endif + +/* Sha2-512 */ +#undef WOLFSSL_SHA512 +#if defined(WOLF_CONF_SHA2_512) && WOLF_CONF_SHA2_512 == 1 + /* over twice as small, but 50% slower */ + //#define USE_SLOW_SHA512 + + #define WOLFSSL_SHA512 + #define HAVE_SHA512 /* freeRTOS settings.h requires this */ +#endif + +/* Sha2-384 */ +#undef WOLFSSL_SHA384 +#if defined(WOLF_CONF_SHA2_384) && WOLF_CONF_SHA2_384 == 1 + #define WOLFSSL_SHA384 +#endif + +/* Sha3 */ +#undef WOLFSSL_SHA3 +#if defined(WOLF_CONF_SHA3) && WOLF_CONF_SHA3 == 1 + #define WOLFSSL_SHA3 +#endif + +/* MD5 */ +#if defined(WOLF_CONF_MD5) && WOLF_CONF_MD5 == 1 + /* enabled */ +#else + #define NO_MD5 +#endif + + +/* ------------------------------------------------------------------------- */ +/* Benchmark / Test */ +/* ------------------------------------------------------------------------- */ +/* Use reduced benchmark / test sizes */ +#define BENCH_EMBEDDED +#define USE_CERT_BUFFERS_2048 +#define USE_CERT_BUFFERS_256 + + +/* ------------------------------------------------------------------------- */ +/* Debugging */ +/* ------------------------------------------------------------------------- */ +#if defined(WOLF_CONF_DEBUG) && WOLF_CONF_DEBUG == 1 + #define DEBUG_WOLFSSL + + /* Use this to measure / print heap usage */ + #if 0 + #define USE_WOLFSSL_MEMORY + #define WOLFSSL_TRACK_MEMORY + #define WOLFSSL_DEBUG_MEMORY + #define WOLFSSL_DEBUG_MEMORY_PRINT + #endif +#else + //#define NO_WOLFSSL_MEMORY + //#define NO_ERROR_STRINGS +#endif + + +/* ------------------------------------------------------------------------- */ +/* Port */ +/* ------------------------------------------------------------------------- */ + +/* Override Current Time */ +/* Allows custom "custom_time()" function to be used for benchmark */ +#define WOLFSSL_USER_CURRTIME + + +/* ------------------------------------------------------------------------- */ +/* RNG */ +/* ------------------------------------------------------------------------- */ +#define NO_OLD_RNGNAME /* conflicts with STM RNG macro */ +#define HAVE_HASHDRBG + + +/* ------------------------------------------------------------------------- */ +/* Disable Features */ +/* ------------------------------------------------------------------------- */ +#if defined(WOLF_CONF_TLS12) && WOLF_CONF_TLS12 == 0 + #define WOLFSSL_NO_TLS12 +#endif +#if defined(WOLF_CONF_WOLFCRYPT_ONLY) && WOLF_CONF_WOLFCRYPT_ONLY == 1 + #define WOLFCRYPT_ONLY +#endif +//#define NO_WOLFSSL_SERVER +//#define NO_WOLFSSL_CLIENT + +#if defined(WOLF_CONF_TEST) && WOLF_CONF_TEST == 0 + #define NO_CRYPT_TEST + #define NO_CRYPT_BENCHMARK +#endif + +#define NO_FILESYSTEM +#define NO_WRITEV +#define NO_MAIN_DRIVER +#define NO_DEV_RANDOM +#define NO_OLD_TLS +#define WOLFSSL_NO_CLIENT_AUTH /* disable client auth for Ed25519/Ed448 */ + +#define NO_DSA +#define NO_RC4 +#define NO_HC128 +#define NO_RABBIT +#define NO_MD4 +#define NO_DES3 + +/* In-lining of misc.c functions */ +/* If defined, must include wolfcrypt/src/misc.c in build */ +/* Slower, but about 1k smaller */ +//#define NO_INLINE + +/* Base16 / Base64 encoding */ +//#define NO_CODING + +/* bypass certificate date checking, due to lack of properly configured RTC source */ +#ifndef HAL_RTC_MODULE_ENABLED + #define NO_ASN_TIME +#endif + + +#ifdef __cplusplus +} +#endif +#endif /*__ ${inclusion_protection}_H */ + +/** + * @} + */ + +/*****END OF FILE****/ diff --git a/IDE/STM32Cube/include.am b/IDE/STM32Cube/include.am index 8f6ceadc5..f803adb8a 100644 --- a/IDE/STM32Cube/include.am +++ b/IDE/STM32Cube/include.am @@ -8,3 +8,4 @@ EXTRA_DIST+= IDE/STM32Cube/wolfssl_example.c EXTRA_DIST+= IDE/STM32Cube/wolfSSL.wolfSSL_conf.h EXTRA_DIST+= IDE/STM32Cube/wolfssl_example.h EXTRA_DIST+= IDE/STM32Cube/STM32_Benchmarks.md +EXTRA_DIST+= IDE/STM32Cube/default_conf.ftl diff --git a/IDE/STM32Cube/main.c b/IDE/STM32Cube/main.c index 6c35e8f98..a2d8e0eb2 100644 --- a/IDE/STM32Cube/main.c +++ b/IDE/STM32Cube/main.c @@ -25,6 +25,7 @@ /* Includes ------------------------------------------------------------------*/ #include "wolfssl_example.h" +#include "wolfssl/wolfcrypt/settings.h" /* Private variables ---------------------------------------------------------*/ CRYP_HandleTypeDef hcryp; @@ -66,7 +67,7 @@ int __io_putchar(int ch) int fputc(int ch, FILE *f) #endif { - HAL_UART_Transmit(&huart4, (uint8_t *)&ch, 1, 0xFFFF); + HAL_UART_Transmit(&HAL_CONSOLE_UART, (uint8_t *)&ch, 1, 0xFFFF); return ch; } diff --git a/IDE/STM32Cube/wolfSSL.wolfSSL_conf.h b/IDE/STM32Cube/wolfSSL.wolfSSL_conf.h index abc0cffd3..73c80623f 100644 --- a/IDE/STM32Cube/wolfSSL.wolfSSL_conf.h +++ b/IDE/STM32Cube/wolfSSL.wolfSSL_conf.h @@ -22,6 +22,8 @@ /* STM32 Cube Configuration File * Included automatically when USE_HAL_DRIVER is defined * (and not WOLFSSL_USER_SETTINGS or HAVE_CONF_H). + * + * Generated automatically using `default_conf.ftl` template */ #ifndef __WOLFSSL_WOLFSSL_CONF_H__ @@ -169,6 +171,11 @@ extern "C" { #define WOLFSSL_STM32F1 #define HAL_CONSOLE_UART huart4 #define NO_STM32_RNG +#elif defined(STM32F401xE) + #define WOLFSSL_STM32F4 + #define HAL_CONSOLE_UART huart2 + #define NO_STM32_RNG + #define WOLFSSL_GENSEED_FORTEST #else #warning Please define a hardware platform! #define WOLFSSL_STM32F4 /* default */ diff --git a/IDE/STM32Cube/wolfssl_example.c b/IDE/STM32Cube/wolfssl_example.c index 168cc848c..7189977e4 100644 --- a/IDE/STM32Cube/wolfssl_example.c +++ b/IDE/STM32Cube/wolfssl_example.c @@ -64,7 +64,7 @@ #undef MEM_BUFFER_SZ #define MEM_BUFFER_SZ 2048 #endif -#define SHOW_VERBOSE 0 /* Default output is tab delimited format */ +#define SHOW_VERBOSE 0 /* 0=tab del (minimal), 1=info, 2=debug, 3=debug w/wolf logs */ #ifndef WOLFSSL_CIPHER_LIST_MAX_SIZE #define WOLFSSL_CIPHER_LIST_MAX_SIZE 2048 #endif @@ -77,7 +77,7 @@ #define BENCH_USE_NONBLOCK #endif #ifndef RECV_WAIT_TIMEOUT - #define RECV_WAIT_TIMEOUT 4000 + #define RECV_WAIT_TIMEOUT 10000 #endif /***************************************************************************** @@ -513,6 +513,8 @@ static int ServerMemSend(info_t* info, char* buf, int sz) XMEMCPY(&info->to_client.buf[info->to_client.write_idx], buf, sz); info->to_client.write_idx += sz; info->to_client.write_bytes += sz; + if (info->showVerbose >= 3) + printf("Server Send: %d\n", sz); #ifdef CMSIS_OS2_H_ osThreadFlagsSet(info->client.threadId, 1); @@ -543,11 +545,13 @@ static int ServerMemRecv(info_t* info, char* buf, int sz) osSemaphoreRelease(info->server.mutex); #ifdef CMSIS_OS2_H_ if (osThreadFlagsWait(1, osFlagsWaitAny, RECV_WAIT_TIMEOUT) == osFlagsErrorTimeout) { + printf("Server Recv: Timeout!\n"); return WOLFSSL_CBIO_ERR_TIMEOUT; } osSemaphoreAcquire(info->server.mutex, osWaitForever); #else if (osSignalWait(1, RECV_WAIT_TIMEOUT) == osEventTimeout) { + printf("Server Recv: Timeout!\n"); return WOLFSSL_CBIO_ERR_TIMEOUT; } osSemaphoreWait(info->server.mutex, osWaitForever); @@ -561,6 +565,8 @@ static int ServerMemRecv(info_t* info, char* buf, int sz) XMEMCPY(buf, &info->to_server.buf[info->to_server.read_idx], sz); info->to_server.read_idx += sz; info->to_server.read_bytes += sz; + if (info->showVerbose >= 2) + printf("Server Recv: %d\n", sz); /* if the rx has caught up with pending then reset buffer positions */ if (info->to_server.read_bytes == info->to_server.write_bytes) { @@ -599,6 +605,8 @@ static int ClientMemSend(info_t* info, char* buf, int sz) sz = MEM_BUFFER_SZ - info->to_server.write_idx; #endif + if (info->showVerbose >= 2) + printf("Client Send: %d\n", sz); XMEMCPY(&info->to_server.buf[info->to_server.write_idx], buf, sz); info->to_server.write_idx += sz; info->to_server.write_bytes += sz; @@ -632,11 +640,13 @@ static int ClientMemRecv(info_t* info, char* buf, int sz) osSemaphoreRelease(info->client.mutex); #ifdef CMSIS_OS2_H_ if (osThreadFlagsWait(1, osFlagsWaitAny, RECV_WAIT_TIMEOUT) == osFlagsErrorTimeout) { + printf("Client Recv: Timeout!\n"); return WOLFSSL_CBIO_ERR_TIMEOUT; } osSemaphoreAcquire(info->client.mutex, osWaitForever); #else if (osSignalWait(1, RECV_WAIT_TIMEOUT) == osEventTimeout) { + printf("Client Recv: Timeout!\n"); return WOLFSSL_CBIO_ERR_TIMEOUT; } osSemaphoreWait(info->client.mutex, osWaitForever); @@ -650,6 +660,8 @@ static int ClientMemRecv(info_t* info, char* buf, int sz) XMEMCPY(buf, &info->to_client.buf[info->to_client.read_idx], sz); info->to_client.read_idx += sz; info->to_client.read_bytes += sz; + if (info->showVerbose >= 2) + printf("Client Recv: %d\n", sz); /* if the rx has caught up with pending then reset buffer positions */ if (info->to_client.read_bytes == info->to_client.write_bytes) { @@ -1277,7 +1289,7 @@ int bench_tls(void* args) int argShowPeerInfo = BENCH_SHOW_PEER_INFO; #ifdef DEBUG_WOLFSSL - if (argShowVerbose) { + if (argShowVerbose >= 3) { wolfSSL_Debugging_ON(); } else { From 4922baee3075c9d799bd0d8742b0a4419f277bd4 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 22 Sep 2020 07:53:06 -0700 Subject: [PATCH 2/4] Updates to README.md. Fix tabs to spaces. --- IDE/STM32Cube/README.md | 15 ++++++++++++--- .../{wolfSSL.wolfSSL_conf.h => wolfSSL_conf.h} | 8 ++++---- IDE/STM32Cube/wolfssl_example.c | 13 +++++++------ wolfssl/wolfcrypt/settings.h | 12 ++++++------ 4 files changed, 29 insertions(+), 19 deletions(-) rename IDE/STM32Cube/{wolfSSL.wolfSSL_conf.h => wolfSSL_conf.h} (99%) diff --git a/IDE/STM32Cube/README.md b/IDE/STM32Cube/README.md index 2710707b8..fffa166b6 100644 --- a/IDE/STM32Cube/README.md +++ b/IDE/STM32Cube/README.md @@ -14,8 +14,13 @@ These examples use the Cube HAL for STM32. ## Configuration -The settings for the wolfSTM32 project are located in `/IDE/STM32Cube/wolfSSL.wolfSSL_conf.h`. The section for "Hardware platform" may need to be adjusted depending on your processor and board: +The settings for the wolfSSL CubeMX pack are in the generated `wolfSSL.wolfSSL_conf.h` file. An example of this is located in `IDE/STM32Cube/wolfSSL_conf.h` (renamed to avoid possible conflicts with generated file). +The template used for generation is `IDE/STM32Cube/default_conf.ftl` which can be updated at `STM32Cube/Repository/Packs/wolfSSL/wolfSSL/[Version]/CubeMX/templates/default_conf.ftl`. + +The section for "Hardware platform" may need to be adjusted depending on your processor and board: + +* To enable STM32F1 support define `WOLFSSL_STM32F1`. * To enable STM32F2 support define `WOLFSSL_STM32F2`. * To enable STM32F4 support define `WOLFSSL_STM32F4`. * To enable STM32F7 support define `WOLFSSL_STM32F7`. @@ -39,7 +44,7 @@ If you'd like to use the older Standard Peripheral library undefine `WOLFSSL_STM If you are using FreeRTOS make sure your `FreeRTOSConfig.h` has its `configTOTAL_HEAP_SIZE` increased. -The TLS client/server benchmark example requires about 76 KB for allocated tasks (with stack) and peak heap. +The TLS client/server benchmark example requires about 76 KB for allocated tasks (with stack) and peak heap. This uses both a TLS client and server to test a TLS connection locally for each enabled TLS cipher suite. ## STM32 Cube Pack @@ -49,6 +54,7 @@ The TLS client/server benchmark example requires about 76 KB for allocated tasks 2. Run the “STM32CubeMX” tool. 3. Under “Manage software installations” click “INSTALL/REMOVE” button. 4. From Local and choose “I-CUBE-WOLFSSL-WOLFSSL.pack”. +5. Accept the GPLv2 license. Contact wolfSSL at sales@wolfssl.com for a commercial license and support/maintenance. ### STM32 Cube Pack Usage @@ -56,9 +62,10 @@ The TLS client/server benchmark example requires about 76 KB for allocated tasks 2. Under “Software Packs” choose “Select Components”. 3. Find and check all components for the wolfSSL.wolfSSL packs (wolfSSL / Core, wolfCrypt / Core and wolfCrypt / Test). Close 4. Under the “Software Packs” section click on “wolfSSL.wolfSSL” and configure the parameters. -5. For Cortex-M recommend “Math Configuration” -> “Single Precision Cortex-M Math” +5. For Cortex-M recommend “Math Configuration” -> “Single Precision Cortex-M Math” for the fastest option. 6. Generate Code 7. The Benchmark example uses float. To enable go to "Project Properties" -> "C/C++ Build" -> "Settings" -> "Tool Settings" -> "MCU Settings" -> Check "Use float with printf". +8. To enable printf make the `main.c` changes below in the [STM32 Printf](#stm32-printf) section. ### STM32 Cube Pack Examples @@ -87,6 +94,8 @@ Please select one of the above options: See [STM32_Benchmarks.md](STM32_Benchmarks.md). +Note: The Benchmark example uses float. To enable go to "Project Properties" -> "C/C++ Build" -> "Settings" -> "Tool Settings" -> "MCU Settings" -> Check "Use float with printf". + ## STM32 Printf In main.c make the following changes: diff --git a/IDE/STM32Cube/wolfSSL.wolfSSL_conf.h b/IDE/STM32Cube/wolfSSL_conf.h similarity index 99% rename from IDE/STM32Cube/wolfSSL.wolfSSL_conf.h rename to IDE/STM32Cube/wolfSSL_conf.h index 73c80623f..67e5c21e2 100644 --- a/IDE/STM32Cube/wolfSSL.wolfSSL_conf.h +++ b/IDE/STM32Cube/wolfSSL_conf.h @@ -1,4 +1,4 @@ -/* wolfSSL.wolfSSL_conf.h +/* wolfSSL_conf.h (example of generated wolfSSL.wolfSSL_conf.h) * * Copyright (C) 2006-2020 wolfSSL Inc. * @@ -19,11 +19,11 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -/* STM32 Cube Configuration File +/* STM32 Cube Sample Configuration File + * Generated automatically using `default_conf.ftl` template + * * Included automatically when USE_HAL_DRIVER is defined * (and not WOLFSSL_USER_SETTINGS or HAVE_CONF_H). - * - * Generated automatically using `default_conf.ftl` template */ #ifndef __WOLFSSL_WOLFSSL_CONF_H__ diff --git a/IDE/STM32Cube/wolfssl_example.c b/IDE/STM32Cube/wolfssl_example.c index 7189977e4..f604c1788 100644 --- a/IDE/STM32Cube/wolfssl_example.c +++ b/IDE/STM32Cube/wolfssl_example.c @@ -510,11 +510,11 @@ static int ServerMemSend(info_t* info, char* buf, int sz) sz = MEM_BUFFER_SZ - info->to_client.write_idx; #endif + if (info->showVerbose >= 2) + printf("Server Send: %d\n", sz); XMEMCPY(&info->to_client.buf[info->to_client.write_idx], buf, sz); info->to_client.write_idx += sz; info->to_client.write_bytes += sz; - if (info->showVerbose >= 3) - printf("Server Send: %d\n", sz); #ifdef CMSIS_OS2_H_ osThreadFlagsSet(info->client.threadId, 1); @@ -565,17 +565,18 @@ static int ServerMemRecv(info_t* info, char* buf, int sz) XMEMCPY(buf, &info->to_server.buf[info->to_server.read_idx], sz); info->to_server.read_idx += sz; info->to_server.read_bytes += sz; - if (info->showVerbose >= 2) - printf("Server Recv: %d\n", sz); /* if the rx has caught up with pending then reset buffer positions */ if (info->to_server.read_bytes == info->to_server.write_bytes) { info->to_server.read_bytes = info->to_server.read_idx = 0; info->to_server.write_bytes = info->to_server.write_idx = 0; } + if (info->showVerbose >= 2) + printf("Server Recv: %d\n", sz); osSemaphoreRelease(info->server.mutex); + #ifdef BENCH_USE_NONBLOCK if (sz == 0) return WOLFSSL_CBIO_ERR_WANT_READ; @@ -660,14 +661,14 @@ static int ClientMemRecv(info_t* info, char* buf, int sz) XMEMCPY(buf, &info->to_client.buf[info->to_client.read_idx], sz); info->to_client.read_idx += sz; info->to_client.read_bytes += sz; - if (info->showVerbose >= 2) - printf("Client Recv: %d\n", sz); /* if the rx has caught up with pending then reset buffer positions */ if (info->to_client.read_bytes == info->to_client.write_bytes) { info->to_client.read_bytes = info->to_client.read_idx = 0; info->to_client.write_bytes = info->to_client.write_idx = 0; } + if (info->showVerbose >= 2) + printf("Client Recv: %d\n", sz); osSemaphoreRelease(info->client.mutex); diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index b683e73b0..f92b8d558 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -1259,11 +1259,11 @@ extern void uITRON4_free(void *p) ; #endif #define NO_OLD_RNGNAME #ifdef WOLFSSL_STM32_CUBEMX - #if defined(WOLFSSL_STM32F1) - #include "stm32f1xx_hal.h" + #if defined(WOLFSSL_STM32F1) + #include "stm32f1xx_hal.h" #elif defined(WOLFSSL_STM32F2) #include "stm32f2xx_hal.h" - #elif defined(WOLFSSL_STM32L5) + #elif defined(WOLFSSL_STM32L5) #include "stm32l5xx_hal.h" #elif defined(WOLFSSL_STM32L4) #include "stm32l4xx_hal.h" @@ -1302,7 +1302,7 @@ extern void uITRON4_free(void *p) ; #ifdef STM32_HASH #include "stm32f4xx_hash.h" #endif - #elif defined(WOLFSSL_STM32L5) + #elif defined(WOLFSSL_STM32L5) #include "stm32l5xx.h" #ifdef STM32_CRYPTO #include "stm32l5xx_cryp.h" @@ -1310,7 +1310,7 @@ extern void uITRON4_free(void *p) ; #ifdef STM32_HASH #include "stm32l5xx_hash.h" #endif - #elif defined(WOLFSSL_STM32L4) + #elif defined(WOLFSSL_STM32L4) #include "stm32l4xx.h" #ifdef STM32_CRYPTO #include "stm32l4xx_cryp.h" @@ -1327,7 +1327,7 @@ extern void uITRON4_free(void *p) ; #endif #endif /* WOLFSSL_STM32_CUBEMX */ #endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32L4 || - WOLFSSL_STM32L5 || WOLFSSL_STM32F7 || WOLFSSL_STMWB || WOLFSSL_STM32H7 */ + WOLFSSL_STM32L5 || WOLFSSL_STM32F7 || WOLFSSL_STMWB || WOLFSSL_STM32H7 */ #ifdef WOLFSSL_DEOS #include #include From 99d96246bdd0296503f1c5887cffd67b7c5ab658 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 22 Sep 2020 15:04:30 -0700 Subject: [PATCH 3/4] Fix for STM32 issue with some Cube HAL versions (such as F777) which could modify non-block aligned bytes in the output buffer during decrypt. For TLS these bytes are the authentication tag. Workaround is to save off the incoming expected authentication tag. ZD 10961. --- wolfcrypt/src/aes.c | 38 +++++++++++++++++++++++--------------- 1 file changed, 23 insertions(+), 15 deletions(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 27b2130f8..5b0338f60 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -6347,12 +6347,12 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, word32 keySize; word32 partial = sz % AES_BLOCK_SIZE; word32 tag[AES_BLOCK_SIZE/sizeof(word32)]; + word32 tagExpected[AES_BLOCK_SIZE/sizeof(word32)]; word32 partialBlock[AES_BLOCK_SIZE/sizeof(word32)]; word32 ctr[AES_BLOCK_SIZE/sizeof(word32)]; - word32 ctrInit[AES_BLOCK_SIZE/sizeof(word32)]; word32 authhdr[AES_BLOCK_SIZE/sizeof(word32)]; byte* authInPadded = NULL; - int authPadSz, wasAlloc = 0; + int authPadSz, wasAlloc = 0, tagComputed = 0; ret = wc_AesGetKeySize(aes, &keySize); if (ret != 0) @@ -6373,7 +6373,19 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, else { GHASH(aes, NULL, 0, iv, ivSz, (byte*)ctr, AES_BLOCK_SIZE); } - XMEMCPY(ctrInit, ctr, sizeof(ctr)); /* save off initial counter for GMAC */ + + /* Make copy of expected authTag, which could get corrupted in some + * Cube HAL versions without proper partial block support. + * For TLS blocks the authTag is after the output buffer, so save it */ + XMEMCPY(tagExpected, authTag, authTagSz); + + /* for cases where hardware cannot be used for authTag calculate it */ + if (sz == 0 || partial != 0 || ivSz != GCM_NONCE_MID_SZ) { + GHASH(aes, authIn, authInSz, in, sz, (byte*)tag, sizeof(tag)); + wc_AesEncrypt(aes, (byte*)ctr, (byte*)partialBlock); + xorbuf(tag, partialBlock, sizeof(tag)); + tagComputed = 1; + } /* Authentication buffer - must be 4-byte multiple zero padded */ authPadSz = authInSz % sizeof(word32); @@ -6419,7 +6431,7 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, /* GCM payload phase - can handle partial blocks */ status = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in, (blocks * AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT); - if (status == HAL_OK) { + if (status == HAL_OK && tagComputed == 0) { /* Compute the authTag */ status = HAL_CRYPEx_AESGCM_GenerateAuthTAG(&hcryp, (uint32_t*)tag, STM32_HAL_TIMEOUT); @@ -6457,7 +6469,7 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, (byte*)partialBlock, STM32_HAL_TIMEOUT); XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial); } - if (status == HAL_OK) { + if (status == HAL_OK && tagComputed == 0) { /* GCM final phase */ hcryp.Init.GCMCMACPhase = CRYP_FINAL_PHASE; status = HAL_CRYPEx_AES_Auth(&hcryp, NULL, sz, (byte*)tag, STM32_HAL_TIMEOUT); @@ -6478,7 +6490,7 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, (byte*)partialBlock, STM32_HAL_TIMEOUT); XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial); } - if (status == HAL_OK) { + if (status == HAL_OK && tagComputed == 0) { /* Compute the authTag */ status = HAL_CRYPEx_AESGCM_Finish(&hcryp, sz, (byte*)tag, STM32_HAL_TIMEOUT); } @@ -6495,25 +6507,21 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, /* Input size and auth size need to be the actual sizes, even though * they are not block aligned, because this length (in bits) is used * in the final GHASH. */ + XMEMSET(partialBlock, 0, sizeof(partialBlock)); /* use this to get tag */ status = CRYP_AES_GCM(MODE_DECRYPT, (uint8_t*)ctr, (uint8_t*)keyCopy, keySize * 8, (uint8_t*)in, sz, (uint8_t*)authInPadded, authInSz, - (uint8_t*)out, (uint8_t*)tag); + (uint8_t*)out, (uint8_t*)partialBlock); if (status != SUCCESS) ret = AES_GCM_AUTH_E; + if (tagComputed == 0) + XMEMCPY(tag, partialBlock, authTagSz); #endif /* WOLFSSL_STM32_CUBEMX */ wolfSSL_CryptHwMutexUnLock(); - /* For STM32 GCM fallback to software if partial AES block or IV != 12 */ - if (sz == 0 || partial != 0 || ivSz != GCM_NONCE_MID_SZ) { - GHASH(aes, authIn, authInSz, in, sz, (byte*)tag, sizeof(tag)); - wc_AesEncrypt(aes, (byte*)ctrInit, (byte*)partialBlock); - xorbuf(tag, partialBlock, sizeof(tag)); - } - /* Check authentication tag */ - if (ConstantCompare(authTag, (byte*)tag, authTagSz) != 0) { + if (ConstantCompare((const byte*)tagExpected, (byte*)tag, authTagSz) != 0) { ret = AES_GCM_AUTH_E; } From 41ebc9161ae3e32bac49cbada71209212aea8bd5 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 22 Sep 2020 15:18:11 -0700 Subject: [PATCH 4/4] Fix include.am for the renamed configuration example `wolfSSL_conf.h` --- IDE/STM32Cube/include.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/IDE/STM32Cube/include.am b/IDE/STM32Cube/include.am index f803adb8a..9cf2e6427 100644 --- a/IDE/STM32Cube/include.am +++ b/IDE/STM32Cube/include.am @@ -5,7 +5,7 @@ EXTRA_DIST+= IDE/STM32Cube/README.md EXTRA_DIST+= IDE/STM32Cube/main.c EXTRA_DIST+= IDE/STM32Cube/wolfssl_example.c -EXTRA_DIST+= IDE/STM32Cube/wolfSSL.wolfSSL_conf.h +EXTRA_DIST+= IDE/STM32Cube/wolfSSL_conf.h EXTRA_DIST+= IDE/STM32Cube/wolfssl_example.h EXTRA_DIST+= IDE/STM32Cube/STM32_Benchmarks.md EXTRA_DIST+= IDE/STM32Cube/default_conf.ftl