Merge pull request #3320 from dgarske/stmcube

STM32 Cube Pack and AES GCM improvements
2020-09-23 14:39:53 -07:00
parent b7fb202ad3 41ebc9161a
commit 2bb8427ab2
8 changed files with 632 additions and 31 deletions
--- a/IDE/STM32Cube/README.md
+++ b/IDE/STM32Cube/README.md
@@ -14,8 +14,13 @@ These examples use the Cube HAL for STM32.
 ## Configuration
-The settings for the wolfSTM32 project are located in `<wolfssl-root>/IDE/STM32Cube/wolfSSL.wolfSSL_conf.h`. The section for "Hardware platform" may need to be adjusted depending on your processor and board:
+The settings for the wolfSSL CubeMX pack are in the generated `wolfSSL.wolfSSL_conf.h` file. An example of this is located in `IDE/STM32Cube/wolfSSL_conf.h` (renamed to avoid possible conflicts with generated file).
 The template used for generation is `IDE/STM32Cube/default_conf.ftl` which can be updated at `STM32Cube/Repository/Packs/wolfSSL/wolfSSL/[Version]/CubeMX/templates/default_conf.ftl`.
 The section for "Hardware platform" may need to be adjusted depending on your processor and board:
 * To enable STM32F1 support define `WOLFSSL_STM32F1`.
 * To enable STM32F2 support define `WOLFSSL_STM32F2`.
 * To enable STM32F4 support define `WOLFSSL_STM32F4`.
 * To enable STM32F7 support define `WOLFSSL_STM32F7`.
@@ -39,7 +44,7 @@ If you'd like to use the older Standard Peripheral library undefine `WOLFSSL_STM
 If you are using FreeRTOS make sure your `FreeRTOSConfig.h` has its `configTOTAL_HEAP_SIZE` increased.
-The TLS client/server benchmark example requires about 76 KB for allocated tasks (with stack) and peak heap.
+The TLS client/server benchmark example requires about 76 KB for allocated tasks (with stack) and peak heap. This uses both a TLS client and server to test a TLS connection locally for each enabled TLS cipher suite.
 ## STM32 Cube Pack
@@ -49,6 +54,7 @@ The TLS client/server benchmark example requires about 76 KB for allocated tasks
 2. Run the “STM32CubeMX” tool.
 3. Under “Manage software installations” click “INSTALL/REMOVE” button.
 4. From Local and choose “I-CUBE-WOLFSSL-WOLFSSL.pack”.
 5. Accept the GPLv2 license. Contact wolfSSL at sales@wolfssl.com for a commercial license and support/maintenance.
 ### STM32 Cube Pack Usage
@@ -56,9 +62,10 @@ The TLS client/server benchmark example requires about 76 KB for allocated tasks
 2. Under “Software Packs” choose “Select Components”.
 3. Find and check all components for the wolfSSL.wolfSSL packs (wolfSSL / Core, wolfCrypt / Core and wolfCrypt / Test). Close
 4. Under the “Software Packs” section click on “wolfSSL.wolfSSL” and configure the parameters.
-5. For Cortex-M recommend “Math Configuration” -> “Single Precision Cortex-M Math”
+5. For Cortex-M recommend “Math Configuration” -> “Single Precision Cortex-M Math” for the fastest option.
 6. Generate Code
 7. The Benchmark example uses float. To enable go to "Project Properties" -> "C/C++ Build" -> "Settings" -> "Tool Settings" -> "MCU Settings" -> Check "Use float with printf".
 8. To enable printf make the `main.c` changes below in the [STM32 Printf](#stm32-printf) section.
 ### STM32 Cube Pack Examples
@@ -87,6 +94,49 @@ Please select one of the above options:
 See [STM32_Benchmarks.md](STM32_Benchmarks.md).
 Note: The Benchmark example uses float. To enable go to "Project Properties" -> "C/C++ Build" -> "Settings" -> "Tool Settings" -> "MCU Settings" -> Check "Use float with printf".
 ## STM32 Printf
 In main.c make the following changes:
 ```
 /* Retargets the C library printf function to the USART. */
 #include <stdio.h>
 #include <wolfssl/wolfcrypt/settings.h>
 #ifdef __GNUC__
 int __io_putchar(int ch)
 #else
 int fputc(int ch, FILE *f)
 #endif
 {
    HAL_UART_Transmit(&HAL_CONSOLE_UART, (uint8_t *)&ch, 1, 0xFFFF);
    return ch;
 }
 #ifdef __GNUC__
 int _write(int file,char *ptr, int len)
 {
    int DataIdx;
    for (DataIdx= 0; DataIdx< len; DataIdx++) {
        __io_putchar(*ptr++);
    }
    return len;
 }
 #endif
 int main(void)
 {
    /* Reset of all peripherals, Initializes the Flash interface and the Systick. */
    HAL_Init();
    /* Turn off buffers, so I/O occurs immediately */
    setvbuf(stdin, NULL, _IONBF, 0);
    setvbuf(stdout, NULL, _IONBF, 0);
    setvbuf(stderr, NULL, _IONBF, 0);
 ```
 ## Support
 For questions please email [support@wolfssl.com](mailto:support@wolfssl.com)
--- a/IDE/STM32Cube/default_conf.ftl
+++ b/IDE/STM32Cube/default_conf.ftl
@@ -0,0 +1,521 @@
 [#ftl]
 /**
  ******************************************************************************
  * File Name          : ${name}
  * Description        : This file provides code for the configuration
  *                      of the ${name} instances.
  ******************************************************************************
 [@common.optinclude name=mxTmpFolder+"/license.tmp"/][#--include License text --]
  ******************************************************************************
  */
 [#assign s = name]
 [#assign toto = s?replace(".","_")]
 [#assign toto = toto?replace("/","")]
 [#assign inclusion_protection = toto?upper_case]
 /* Define to prevent recursive inclusion -------------------------------------*/
 #ifndef __${inclusion_protection}__
 #define __${inclusion_protection}__
 #ifdef __cplusplus
 extern "C" {
 #endif
 /* Includes ------------------------------------------------------------------*/
 [#if includes??]
 [#list includes as include]
 #include "${include}"
 [/#list]
 [/#if]
 [#-- SWIPdatas is a list of SWIPconfigModel --]  
 [#list SWIPdatas as SWIP]  
 [#-- Global variables --]
 [#if SWIP.variables??]
 	[#list SWIP.variables as variable]
 extern ${variable.value} ${variable.name};
 	[/#list]
 [/#if]
 [#-- Global variables --]
 [#assign instName = SWIP.ipName]   
 [#assign fileName = SWIP.fileName]   
 [#assign version = SWIP.version]   
 /**
 	MiddleWare name : ${instName}
 	MiddleWare fileName : ${fileName}
 	MiddleWare version : ${version}
 */
 [#if SWIP.defines??]
 	[#list SWIP.defines as definition]	
 /*---------- [#if definition.comments??]${definition.comments}[/#if] -----------*/
 #define ${definition.name} #t#t ${definition.value} 
 [#if definition.description??]${definition.description} [/#if]
 	[/#list]
 [/#if]
 [/#list]
 /* ------------------------------------------------------------------------- */
 /* Hardware platform */
 /* ------------------------------------------------------------------------- */
 #define NO_STM32_HASH
 #define NO_STM32_CRYPTO
 #if defined(STM32WB55xx)
    #define WOLFSSL_STM32WB
    #define WOLFSSL_STM32_PKA
    #undef  NO_STM32_CRYPTO
    #define HAL_CONSOLE_UART huart1
 #elif defined(STM32F407xx)
    #define WOLFSSL_STM32F4
    #define HAL_CONSOLE_UART huart2
 #elif defined(STM32F437xx)
    #define WOLFSSL_STM32F4
    #undef  NO_STM32_HASH
    #undef  NO_STM32_CRYPTO
    #define STM32_HAL_V2
    #define HAL_CONSOLE_UART huart4
 #elif defined(STM32F777xx)
    #define WOLFSSL_STM32F7
    #undef  NO_STM32_HASH
    #undef  NO_STM32_CRYPTO
    #define STM32_HAL_V2
    #define HAL_CONSOLE_UART huart2
 #elif defined(STM32H753xx)
    #define WOLFSSL_STM32H7
    #undef  NO_STM32_HASH
    #undef  NO_STM32_CRYPTO
    #define HAL_CONSOLE_UART huart3
 #elif defined(STM32L4A6xx)
    #define WOLFSSL_STM32L4
    #undef  NO_STM32_HASH
    #undef  NO_STM32_CRYPTO
    #define HAL_CONSOLE_UART hlpuart1
 #elif defined(STM32L475xx)
    #define WOLFSSL_STM32L4
    #define HAL_CONSOLE_UART huart1
 #elif defined(STM32L562xx)
    #define WOLFSSL_STM32L5
    #define WOLFSSL_STM32_PKA
    #undef  NO_STM32_HASH
    #undef  NO_STM32_CRYPTO
    #define HAL_CONSOLE_UART huart1
 #elif defined(STM32L552xx)
    #define WOLFSSL_STM32L5
    #undef  NO_STM32_HASH
    #define HAL_CONSOLE_UART hlpuart1
 #elif defined(STM32F207xx)
    #define WOLFSSL_STM32F2
    #define HAL_CONSOLE_UART huart3
 #elif defined(STM32F107xC)
    #define WOLFSSL_STM32F1
    #define HAL_CONSOLE_UART huart4
    #define NO_STM32_RNG
 #elif defined(STM32F401xE)
    #define WOLFSSL_STM32F4
    #define HAL_CONSOLE_UART huart2
    #define NO_STM32_RNG
    #define WOLFSSL_GENSEED_FORTEST
 #else
 	#warning Please define a hardware platform!
    #define WOLFSSL_STM32F4 /* default */
    #define HAL_CONSOLE_UART huart4
 #endif
 /* ------------------------------------------------------------------------- */
 /* Platform */
 /* ------------------------------------------------------------------------- */
 #define SIZEOF_LONG_LONG 8
 #define WOLFSSL_GENERAL_ALIGNMENT 4
 #define WOLFSSL_STM32_CUBEMX
 #define WOLFSSL_SMALL_STACK
 #define WOLFSSL_USER_IO
 #define WOLFSSL_NO_SOCK
 #define WOLFSSL_IGNORE_FILE_WARN
 /* ------------------------------------------------------------------------- */
 /* Operating System */
 /* ------------------------------------------------------------------------- */
 #if defined(WOLF_CONF_RTOS) && WOLF_CONF_RTOS == 2
    #define FREERTOS
 #else
    #define SINGLE_THREADED
 #endif
 /* ------------------------------------------------------------------------- */
 /* Math Configuration */
 /* ------------------------------------------------------------------------- */
 /* 1=Fast, 2=Normal, 3=SP C, 4=SP Cortex-M */
 #if defined(WOLF_CONF_MATH) && WOLF_CONF_MATH != 2
    /* fast (stack) math */
    #define USE_FAST_MATH
    #define TFM_TIMING_RESISTANT
    /* Optimizations (TFM_ARM, TFM_ASM or none) */
    //#define TFM_NO_ASM
    //#define TFM_ASM
 #endif
 #if defined(WOLF_CONF_MATH) && (WOLF_CONF_MATH == 3 || WOLF_CONF_MATH == 4)
    /* single precision only */
    #define WOLFSSL_SP
    #define WOLFSSL_SP_SMALL      /* use smaller version of code */
    #define WOLFSSL_HAVE_SP_RSA
    #define WOLFSSL_HAVE_SP_DH
    #define WOLFSSL_HAVE_SP_ECC
    #define WOLFSSL_SP_MATH
    #define SP_WORD_SIZE 32
    //#define WOLFSSL_SP_NO_MALLOC
    //#define WOLFSSL_SP_CACHE_RESISTANT
    /* single precision Cortex-M only */
    #if WOLF_CONF_MATH == 4
        #define WOLFSSL_SP_ASM /* required if using the ASM versions */
        #define WOLFSSL_SP_ARM_CORTEX_M_ASM
    #endif
 #endif
 /* ------------------------------------------------------------------------- */
 /* Enable Features */
 /* ------------------------------------------------------------------------- */
 /* Required for TLS */
 #define HAVE_TLS_EXTENSIONS
 #define HAVE_SUPPORTED_CURVES
 #define HAVE_ENCRYPT_THEN_MAC
 #define HAVE_EXTENDED_MASTER
 #if defined(WOLF_CONF_TLS13) && WOLF_CONF_TLS13 == 1
    #define WOLFSSL_TLS13
    #define HAVE_HKDF
 #endif
 #if defined(WOLF_CONF_DTLS) && WOLF_CONF_DTLS == 1
    #define WOLFSSL_DTLS
 #endif
 #if defined(WOLF_CONF_PSK) && WOLF_CONF_PSK == 0
    #define NO_PSK
 #endif
 #if defined(WOLF_CONF_PWDBASED) && WOLF_CONF_PWDBASED == 0
    #define NO_PWDBASED
 #endif
 #if defined(WOLF_CONF_KEEP_PEER_CERT) && WOLF_CONF_KEEP_PEER_CERT == 1
    #define KEEP_PEER_CERT
 #endif
 #if defined(WOLF_CONF_BASE64_ENCODE) && WOLF_CONF_BASE64_ENCODE == 1
    #define WOLFSSL_BASE64_ENCODE
 #endif
 #if defined(WOLF_CONF_OPENSSL_EXTRA) && WOLF_CONF_OPENSSL_EXTRA == 1
    #define OPENSSL_EXTRA
 #endif
 /* TLS Session Cache */
 #if 0
    #define SMALL_SESSION_CACHE
 #else
    #define NO_SESSION_CACHE
 #endif
 /* ------------------------------------------------------------------------- */
 /* Crypto */
 /* ------------------------------------------------------------------------- */
 /* RSA */
 #undef NO_RSA
 #if defined(WOLF_CONF_RSA) && WOLF_CONF_RSA == 1
    #ifdef USE_FAST_MATH
        /* Maximum math bits (Max RSA key bits * 2) */
        #undef  FP_MAX_BITS
        #define FP_MAX_BITS     4096
    #endif
    /* half as much memory but twice as slow */
    #undef  RSA_LOW_MEM
    //#define RSA_LOW_MEM
    /* Enables blinding mode, to prevent timing attacks */
    #undef  WC_RSA_BLINDING
    #define WC_RSA_BLINDING
    /* RSA PSS Support (required for TLS v1.3) */
    #ifdef WOLFSSL_TLS13
        #define WC_RSA_PSS
    #endif
 #else
    #define NO_RSA
 #endif
 /* ECC */
 #undef HAVE_ECC
 #if defined(WOLF_CONF_ECC) && WOLF_CONF_ECC == 1
    #define HAVE_ECC
    /* Manually define enabled curves */
    #define ECC_USER_CURVES
    //#define HAVE_ECC192
    //#define HAVE_ECC224
    #undef NO_ECC256
    //#define HAVE_ECC384
    //#define HAVE_ECC521
    /* Fixed point cache (speeds repeated operations against same private key) */
    #undef  FP_ECC
    //#define FP_ECC
    #ifdef FP_ECC
        /* Bits / Entries */
        #undef  FP_ENTRIES
        #define FP_ENTRIES  2
        #undef  FP_LUT
        #define FP_LUT      4
    #endif
    /* Optional ECC calculation method */
    /* Note: doubles heap usage, but slightly faster */
    #undef  ECC_SHAMIR
    #define ECC_SHAMIR
    /* Reduces heap usage, but slower */
    #define ECC_TIMING_RESISTANT
    /* Compressed ECC key support */
    //#define HAVE_COMP_KEY
    #ifdef USE_FAST_MATH
        #ifdef NO_RSA
            /* Custom fastmath size if not using RSA */
            /* MAX = ROUND32(ECC BITS) * 2 */
            #define FP_MAX_BITS     (256 * 2)
        #else
            #define ALT_ECC_SIZE
        #endif
        /* Enable TFM optimizations for ECC */
        //#define TFM_ECC192
        //#define TFM_ECC224
        //#define TFM_ECC256
        //#define TFM_ECC384
        //#define TFM_ECC521
    #endif
 #endif
 /* DH */
 #undef NO_DH
 #if defined(WOLF_CONF_DH) && WOLF_CONF_DH == 1
    #define HAVE_DH /* freeRTOS settings.h requires this */
    #define HAVE_FFDHE_2048
    #define HAVE_DH_DEFAULT_PARAMS
 #else
    #define NO_DH
 #endif
 /* AES */
 #if defined(WOLF_CONF_AESGCM) && WOLF_CONF_AESGCM == 1
    #define HAVE_AESGCM
    /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */
    /* GCM_TABLE is about 4K larger and 3x faster */
    #define GCM_SMALL
    #define HAVE_AES_DECRYPT
 #endif
 #if defined(WOLF_CONF_AESCBC) && WOLF_CONF_AESCBC == 1
    #define HAVE_AES_CBC
    #define HAVE_AES_DECRYPT
 #endif
 /* Other possible AES modes */    
 //#define WOLFSSL_AES_COUNTER
 //#define HAVE_AESCCM
 //#define WOLFSSL_AES_XTS
 //#define WOLFSSL_AES_DIRECT
 //#define HAVE_AES_ECB
 //#define HAVE_AES_KEYWRAP
 //#define AES_MAX_KEY_SIZE 256
 /* ChaCha20 / Poly1305 */
 #undef HAVE_CHACHA
 #undef HAVE_POLY1305
 #if defined(WOLF_CONF_CHAPOLY) && WOLF_CONF_CHAPOLY == 1
    #define HAVE_CHACHA
    #define HAVE_POLY1305
    /* Needed for Poly1305 */
    #undef  HAVE_ONE_TIME_AUTH
    #define HAVE_ONE_TIME_AUTH
 #endif
 /* Ed25519 / Curve25519 */
 #undef HAVE_CURVE25519
 #undef HAVE_ED25519
 #if defined(WOLF_CONF_EDCURVE25519) && WOLF_CONF_EDCURVE25519 == 1
    #define HAVE_CURVE25519
    #define HAVE_ED25519
    /* Optionally use small math (less flash usage, but much slower) */
    #define CURVED25519_SMALL
 #endif
 /* ------------------------------------------------------------------------- */
 /* Hashing */
 /* ------------------------------------------------------------------------- */
 /* Sha1 */
 #undef NO_SHA
 #if defined(WOLF_CONF_SHA1) && WOLF_CONF_SHA1 == 1
    /* 1k smaller, but 25% slower */
    //#define USE_SLOW_SHA
 #else
    #define NO_SHA
 #endif
 /* Sha2-256 */
 #undef NO_SHA256
 #if defined(WOLF_CONF_SHA2_256) && WOLF_CONF_SHA2_256 == 1
    /* not unrolled - ~2k smaller and ~25% slower */
    //#define USE_SLOW_SHA256
    //#define WOLFSSL_SHAKE256
    /* Sha2-224 */
    #if defined(WOLF_CONF_SHA2_224) && WOLF_CONF_SHA2_224 == 1
        #define WOLFSSL_SHA224
    #endif
 #else
    #define NO_SHA256
 #endif
 /* Sha2-512 */
 #undef WOLFSSL_SHA512
 #if defined(WOLF_CONF_SHA2_512) && WOLF_CONF_SHA2_512 == 1
    /* over twice as small, but 50% slower */
    //#define USE_SLOW_SHA512
    #define WOLFSSL_SHA512
    #define HAVE_SHA512 /* freeRTOS settings.h requires this */
 #endif
 /* Sha2-384 */
 #undef WOLFSSL_SHA384
 #if defined(WOLF_CONF_SHA2_384) && WOLF_CONF_SHA2_384 == 1
    #define WOLFSSL_SHA384
 #endif
 /* Sha3 */
 #undef WOLFSSL_SHA3
 #if defined(WOLF_CONF_SHA3) && WOLF_CONF_SHA3 == 1
 	#define WOLFSSL_SHA3
 #endif
 /* MD5 */
 #if defined(WOLF_CONF_MD5) && WOLF_CONF_MD5 == 1
 	/* enabled */
 #else
    #define NO_MD5
 #endif
 /* ------------------------------------------------------------------------- */
 /* Benchmark / Test */
 /* ------------------------------------------------------------------------- */
 /* Use reduced benchmark / test sizes */
 #define BENCH_EMBEDDED
 #define USE_CERT_BUFFERS_2048
 #define USE_CERT_BUFFERS_256
 /* ------------------------------------------------------------------------- */
 /* Debugging */
 /* ------------------------------------------------------------------------- */
 #if defined(WOLF_CONF_DEBUG) && WOLF_CONF_DEBUG == 1
    #define DEBUG_WOLFSSL
    /* Use this to measure / print heap usage */
    #if 0
        #define USE_WOLFSSL_MEMORY
        #define WOLFSSL_TRACK_MEMORY
  		  #define WOLFSSL_DEBUG_MEMORY
 	  	  #define WOLFSSL_DEBUG_MEMORY_PRINT
    #endif
 #else
    //#define NO_WOLFSSL_MEMORY
    //#define NO_ERROR_STRINGS
 #endif
 /* ------------------------------------------------------------------------- */
 /* Port */
 /* ------------------------------------------------------------------------- */
 /* Override Current Time */
 /* Allows custom "custom_time()" function to be used for benchmark */
 #define WOLFSSL_USER_CURRTIME
 /* ------------------------------------------------------------------------- */
 /* RNG */
 /* ------------------------------------------------------------------------- */
 #define NO_OLD_RNGNAME /* conflicts with STM RNG macro */
 #define HAVE_HASHDRBG
 /* ------------------------------------------------------------------------- */
 /* Disable Features */
 /* ------------------------------------------------------------------------- */
 #if defined(WOLF_CONF_TLS12) && WOLF_CONF_TLS12 == 0
    #define WOLFSSL_NO_TLS12
 #endif
 #if defined(WOLF_CONF_WOLFCRYPT_ONLY) && WOLF_CONF_WOLFCRYPT_ONLY == 1
    #define WOLFCRYPT_ONLY
 #endif
 //#define NO_WOLFSSL_SERVER
 //#define NO_WOLFSSL_CLIENT
 #if defined(WOLF_CONF_TEST) && WOLF_CONF_TEST == 0
    #define NO_CRYPT_TEST
    #define NO_CRYPT_BENCHMARK
 #endif
 #define NO_FILESYSTEM
 #define NO_WRITEV
 #define NO_MAIN_DRIVER
 #define NO_DEV_RANDOM
 #define NO_OLD_TLS
 #define WOLFSSL_NO_CLIENT_AUTH /* disable client auth for Ed25519/Ed448 */
 #define NO_DSA
 #define NO_RC4
 #define NO_HC128
 #define NO_RABBIT
 #define NO_MD4
 #define NO_DES3
 /* In-lining of misc.c functions */
 /* If defined, must include wolfcrypt/src/misc.c in build */
 /* Slower, but about 1k smaller */
 //#define NO_INLINE
 /* Base16 / Base64 encoding */
 //#define NO_CODING
 /* bypass certificate date checking, due to lack of properly configured RTC source */
 #ifndef HAL_RTC_MODULE_ENABLED
    #define NO_ASN_TIME
 #endif
 #ifdef __cplusplus
 }
 #endif
 #endif /*__ ${inclusion_protection}_H */
 /**
  * @}
  */
 /*****END OF FILE****/
--- a/IDE/STM32Cube/include.am
+++ b/IDE/STM32Cube/include.am
@@ -5,6 +5,7 @@
 EXTRA_DIST+= IDE/STM32Cube/README.md
 EXTRA_DIST+= IDE/STM32Cube/main.c
 EXTRA_DIST+= IDE/STM32Cube/wolfssl_example.c
-EXTRA_DIST+= IDE/STM32Cube/wolfSSL.wolfSSL_conf.h
+EXTRA_DIST+= IDE/STM32Cube/wolfSSL_conf.h
 EXTRA_DIST+= IDE/STM32Cube/wolfssl_example.h
 EXTRA_DIST+= IDE/STM32Cube/STM32_Benchmarks.md
 EXTRA_DIST+= IDE/STM32Cube/default_conf.ftl
--- a/IDE/STM32Cube/main.c
+++ b/IDE/STM32Cube/main.c
@@ -25,6 +25,7 @@
 /* Includes ------------------------------------------------------------------*/
 #include "wolfssl_example.h"
 #include "wolfssl/wolfcrypt/settings.h"
 /* Private variables ---------------------------------------------------------*/
 CRYP_HandleTypeDef hcryp;
@@ -66,7 +67,7 @@ int __io_putchar(int ch)
 int fputc(int ch, FILE *f)
 #endif
 {
-    HAL_UART_Transmit(&huart4, (uint8_t *)&ch, 1, 0xFFFF);
+    HAL_UART_Transmit(&HAL_CONSOLE_UART, (uint8_t *)&ch, 1, 0xFFFF);
    return ch;
 }
--- a/IDE/STM32Cube/wolfSSL.wolfSSL_conf.h
+++ b/IDE/STM32Cube/wolfSSL.wolfSSL_conf.h
@@ -1,4 +1,4 @@
-/* wolfSSL.wolfSSL_conf.h
+/* wolfSSL_conf.h (example of generated wolfSSL.wolfSSL_conf.h)
 *
 * Copyright (C) 2006-2020 wolfSSL Inc.
 *
@@ -19,7 +19,9 @@
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 */
-/* STM32 Cube Configuration File 
+/* STM32 Cube Sample Configuration File 
 * Generated automatically using `default_conf.ftl` template
 *
 * Included automatically when USE_HAL_DRIVER is defined 
 * (and not WOLFSSL_USER_SETTINGS or HAVE_CONF_H).
 */
@@ -169,6 +171,11 @@ extern "C" {
    #define WOLFSSL_STM32F1
    #define HAL_CONSOLE_UART huart4
    #define NO_STM32_RNG
 #elif defined(STM32F401xE)
    #define WOLFSSL_STM32F4
    #define HAL_CONSOLE_UART huart2
    #define NO_STM32_RNG
    #define WOLFSSL_GENSEED_FORTEST
 #else
 	#warning Please define a hardware platform!
    #define WOLFSSL_STM32F4 /* default */
--- a/IDE/STM32Cube/wolfssl_example.c
+++ b/IDE/STM32Cube/wolfssl_example.c
@@ -64,7 +64,7 @@
 	#undef  MEM_BUFFER_SZ
 	#define MEM_BUFFER_SZ 2048
 #endif
-#define SHOW_VERBOSE         0 /* Default output is tab delimited format */
+#define SHOW_VERBOSE         0 /* 0=tab del (minimal), 1=info, 2=debug, 3=debug w/wolf logs */
 #ifndef WOLFSSL_CIPHER_LIST_MAX_SIZE
 #define WOLFSSL_CIPHER_LIST_MAX_SIZE 2048
 #endif
@@ -77,7 +77,7 @@
    #define BENCH_USE_NONBLOCK
 #endif
 #ifndef RECV_WAIT_TIMEOUT
-    #define RECV_WAIT_TIMEOUT 4000
+    #define RECV_WAIT_TIMEOUT 10000
 #endif
 /*****************************************************************************
@@ -510,6 +510,8 @@ static int ServerMemSend(info_t* info, char* buf, int sz)
        sz = MEM_BUFFER_SZ - info->to_client.write_idx;
 #endif
    if (info->showVerbose >= 2)
        printf("Server Send: %d\n", sz);
    XMEMCPY(&info->to_client.buf[info->to_client.write_idx], buf, sz);
    info->to_client.write_idx += sz;
    info->to_client.write_bytes += sz;
@@ -543,11 +545,13 @@ static int ServerMemRecv(info_t* info, char* buf, int sz)
        osSemaphoreRelease(info->server.mutex);
 #ifdef CMSIS_OS2_H_
        if (osThreadFlagsWait(1, osFlagsWaitAny, RECV_WAIT_TIMEOUT) == osFlagsErrorTimeout) {
        	printf("Server Recv: Timeout!\n");
        	return WOLFSSL_CBIO_ERR_TIMEOUT;
        }
        osSemaphoreAcquire(info->server.mutex, osWaitForever);
 #else
        if (osSignalWait(1, RECV_WAIT_TIMEOUT) == osEventTimeout) {
        	printf("Server Recv: Timeout!\n");
            return WOLFSSL_CBIO_ERR_TIMEOUT;
        }
        osSemaphoreWait(info->server.mutex, osWaitForever);
@@ -567,9 +571,12 @@ static int ServerMemRecv(info_t* info, char* buf, int sz)
        info->to_server.read_bytes = info->to_server.read_idx = 0;
        info->to_server.write_bytes = info->to_server.write_idx = 0;
    }
    if (info->showVerbose >= 2)
        printf("Server Recv: %d\n", sz);
    osSemaphoreRelease(info->server.mutex);
 #ifdef BENCH_USE_NONBLOCK
    if (sz == 0)
        return WOLFSSL_CBIO_ERR_WANT_READ;
@@ -599,6 +606,8 @@ static int ClientMemSend(info_t* info, char* buf, int sz)
        sz = MEM_BUFFER_SZ - info->to_server.write_idx;
 #endif
    if (info->showVerbose >= 2)
        printf("Client Send: %d\n", sz);
    XMEMCPY(&info->to_server.buf[info->to_server.write_idx], buf, sz);
    info->to_server.write_idx += sz;
    info->to_server.write_bytes += sz;
@@ -632,11 +641,13 @@ static int ClientMemRecv(info_t* info, char* buf, int sz)
        osSemaphoreRelease(info->client.mutex);
 #ifdef CMSIS_OS2_H_
        if (osThreadFlagsWait(1, osFlagsWaitAny, RECV_WAIT_TIMEOUT) == osFlagsErrorTimeout) {
        	printf("Client Recv: Timeout!\n");
        	return WOLFSSL_CBIO_ERR_TIMEOUT;
        }
        osSemaphoreAcquire(info->client.mutex, osWaitForever);
 #else
        if (osSignalWait(1, RECV_WAIT_TIMEOUT) == osEventTimeout) {
        	printf("Client Recv: Timeout!\n");
        	return WOLFSSL_CBIO_ERR_TIMEOUT;
        }
        osSemaphoreWait(info->client.mutex, osWaitForever);
@@ -656,6 +667,8 @@ static int ClientMemRecv(info_t* info, char* buf, int sz)
        info->to_client.read_bytes = info->to_client.read_idx = 0;
        info->to_client.write_bytes = info->to_client.write_idx = 0;
    }
    if (info->showVerbose >= 2)
        printf("Client Recv: %d\n", sz);
    osSemaphoreRelease(info->client.mutex);
@@ -1277,7 +1290,7 @@ int bench_tls(void* args)
    int argShowPeerInfo = BENCH_SHOW_PEER_INFO;
 #ifdef DEBUG_WOLFSSL
-    if (argShowVerbose) {
+    if (argShowVerbose >= 3) {
        wolfSSL_Debugging_ON();
    }
    else {
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@@ -6347,12 +6347,12 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out,
    word32 keySize;
    word32 partial = sz % AES_BLOCK_SIZE;
    word32 tag[AES_BLOCK_SIZE/sizeof(word32)];
    word32 tagExpected[AES_BLOCK_SIZE/sizeof(word32)];
    word32 partialBlock[AES_BLOCK_SIZE/sizeof(word32)];
    word32 ctr[AES_BLOCK_SIZE/sizeof(word32)];
    word32 ctrInit[AES_BLOCK_SIZE/sizeof(word32)];
    word32 authhdr[AES_BLOCK_SIZE/sizeof(word32)];
    byte* authInPadded = NULL;
-    int authPadSz, wasAlloc = 0;
+    int authPadSz, wasAlloc = 0, tagComputed = 0;
    ret = wc_AesGetKeySize(aes, &keySize);
    if (ret != 0)
@@ -6373,7 +6373,19 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out,
    else {
        GHASH(aes, NULL, 0, iv, ivSz, (byte*)ctr, AES_BLOCK_SIZE);
    }
-    XMEMCPY(ctrInit, ctr, sizeof(ctr)); /* save off initial counter for GMAC */
+
    /* Make copy of expected authTag, which could get corrupted in some 
     * Cube HAL versions without proper partial block support.
     * For TLS blocks the authTag is after the output buffer, so save it */
    XMEMCPY(tagExpected, authTag, authTagSz);
    /* for cases where hardware cannot be used for authTag calculate it */
    if (sz == 0 || partial != 0 || ivSz != GCM_NONCE_MID_SZ) {
 		GHASH(aes, authIn, authInSz, in, sz, (byte*)tag, sizeof(tag));
 		wc_AesEncrypt(aes, (byte*)ctr, (byte*)partialBlock);
 		xorbuf(tag, partialBlock, sizeof(tag));
 		tagComputed = 1;
    }
    /* Authentication buffer - must be 4-byte multiple zero padded */
    authPadSz = authInSz % sizeof(word32);
@@ -6419,7 +6431,7 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out,
    /* GCM payload phase - can handle partial blocks */
    status = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in,
        (blocks * AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT);
-    if (status == HAL_OK) {
+    if (status == HAL_OK && tagComputed == 0) {
        /* Compute the authTag */
        status = HAL_CRYPEx_AESGCM_GenerateAuthTAG(&hcryp, (uint32_t*)tag,
            STM32_HAL_TIMEOUT);
@@ -6457,7 +6469,7 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out,
            (byte*)partialBlock, STM32_HAL_TIMEOUT);
        XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial);
    }
-    if (status == HAL_OK) {
+    if (status == HAL_OK && tagComputed == 0) {
        /* GCM final phase */
        hcryp.Init.GCMCMACPhase = CRYP_FINAL_PHASE;
        status = HAL_CRYPEx_AES_Auth(&hcryp, NULL, sz, (byte*)tag, STM32_HAL_TIMEOUT);
@@ -6478,7 +6490,7 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out,
            (byte*)partialBlock, STM32_HAL_TIMEOUT);
        XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial);
    }
-    if (status == HAL_OK) {
+    if (status == HAL_OK && tagComputed == 0) {
        /* Compute the authTag */
        status = HAL_CRYPEx_AESGCM_Finish(&hcryp, sz, (byte*)tag, STM32_HAL_TIMEOUT);
    }
@@ -6495,25 +6507,21 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out,
    /* Input size and auth size need to be the actual sizes, even though
     * they are not block aligned, because this length (in bits) is used
     * in the final GHASH. */
    XMEMSET(partialBlock, 0, sizeof(partialBlock)); /* use this to get tag */
    status = CRYP_AES_GCM(MODE_DECRYPT, (uint8_t*)ctr,
                         (uint8_t*)keyCopy,      keySize * 8,
                         (uint8_t*)in,           sz,
                         (uint8_t*)authInPadded, authInSz,
-                         (uint8_t*)out,          (uint8_t*)tag);
+                         (uint8_t*)out,          (uint8_t*)partialBlock);
    if (status != SUCCESS)
        ret = AES_GCM_AUTH_E;
    if (tagComputed == 0)
    	XMEMCPY(tag, partialBlock, authTagSz);
 #endif /* WOLFSSL_STM32_CUBEMX */
    wolfSSL_CryptHwMutexUnLock();
    /* For STM32 GCM fallback to software if partial AES block or IV != 12 */
    if (sz == 0 || partial != 0 || ivSz != GCM_NONCE_MID_SZ) {
        GHASH(aes, authIn, authInSz, in, sz, (byte*)tag, sizeof(tag));
        wc_AesEncrypt(aes, (byte*)ctrInit, (byte*)partialBlock);
        xorbuf(tag, partialBlock, sizeof(tag));
    }
    /* Check authentication tag */
-    if (ConstantCompare(authTag, (byte*)tag, authTagSz) != 0) {
+    if (ConstantCompare((const byte*)tagExpected, (byte*)tag, authTagSz) != 0) {
        ret = AES_GCM_AUTH_E;
    }