diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index b583d03e9..365e4cf2b 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -311,12 +311,17 @@ hcryp.Init.OperatingMode = CRYP_ALGOMODE_ENCRYPT; hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_ECB; hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE; + #elif defined(STM32_HAL_V2) + hcryp.Init.Algorithm = CRYP_AES_ECB; #endif HAL_CRYP_Init(&hcryp); #ifdef STM32_CRYPTO_AES_ONLY ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, outBlock, STM32_HAL_TIMEOUT); + #elif defined(STM32_HAL_V2) + ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)inBlock, AES_BLOCK_SIZE, + (uint32_t*)outBlock, STM32_HAL_TIMEOUT); #else ret = HAL_CRYP_AESECB_Encrypt(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, outBlock, STM32_HAL_TIMEOUT); @@ -389,12 +394,17 @@ hcryp.Init.OperatingMode = CRYP_ALGOMODE_DECRYPT; hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_ECB; hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE; + #elif defined(STM32_HAL_V2) + hcryp.Init.Algorithm = CRYP_AES_ECB; #endif HAL_CRYP_Init(&hcryp); #ifdef STM32_CRYPTO_AES_ONLY ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, outBlock, STM32_HAL_TIMEOUT); + #elif defined(STM32_HAL_V2) + ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)inBlock, AES_BLOCK_SIZE, + (uint32_t*)outBlock, STM32_HAL_TIMEOUT); #else ret = HAL_CRYP_AESECB_Decrypt(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, outBlock, STM32_HAL_TIMEOUT); @@ -1806,7 +1816,7 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) aes->keylen = keylen; aes->rounds = keylen/4 + 6; XMEMCPY(rk, userKey, keylen); - #ifndef WOLFSSL_STM32_CUBEMX + #if !defined(WOLFSSL_STM32_CUBEMX) || defined(STM32_HAL_V2) ByteReverseWords(rk, rk, keylen); #endif #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) @@ -2466,14 +2476,20 @@ int wc_AesSetIV(Aes* aes, const byte* iv) hcryp.Init.OperatingMode = CRYP_ALGOMODE_ENCRYPT; hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_CBC; hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE; + #elif defined(STM32_HAL_V2) + hcryp.Init.Algorithm = CRYP_AES_CBC; + ByteReverseWords(aes->reg, aes->reg, AES_BLOCK_SIZE); #endif - hcryp.Init.pInitVect = (uint8_t*)aes->reg; + hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)aes->reg; HAL_CRYP_Init(&hcryp); while (blocks--) { #ifdef STM32_CRYPTO_AES_ONLY ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, AES_BLOCK_SIZE, out, STM32_HAL_TIMEOUT); + #elif defined(STM32_HAL_V2) + ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, AES_BLOCK_SIZE, + (uint32_t*)out, STM32_HAL_TIMEOUT); #else ret = HAL_CRYP_AESCBC_Encrypt(&hcryp, (uint8_t*)in, AES_BLOCK_SIZE, out, STM32_HAL_TIMEOUT); @@ -2513,15 +2529,21 @@ int wc_AesSetIV(Aes* aes, const byte* iv) hcryp.Init.OperatingMode = CRYP_ALGOMODE_KEYDERIVATION_DECRYPT; hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_CBC; hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE; + #elif defined(STM32_HAL_V2) + hcryp.Init.Algorithm = CRYP_AES_CBC; + ByteReverseWords(aes->reg, aes->reg, AES_BLOCK_SIZE); #endif - hcryp.Init.pInitVect = (uint8_t*)aes->reg; + hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)aes->reg; HAL_CRYP_Init(&hcryp); while (blocks--) { #ifdef STM32_CRYPTO_AES_ONLY ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, AES_BLOCK_SIZE, out, STM32_HAL_TIMEOUT); + #elif defined(STM32_HAL_V2) + ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in, AES_BLOCK_SIZE, + (uint32_t*)out, STM32_HAL_TIMEOUT); #else ret = HAL_CRYP_AESCBC_Decrypt(&hcryp, (uint8_t*)in, AES_BLOCK_SIZE, out, STM32_HAL_TIMEOUT); @@ -3196,6 +3218,9 @@ int wc_AesSetIV(Aes* aes, const byte* iv) int ret = 0; #ifdef WOLFSSL_STM32_CUBEMX CRYP_HandleTypeDef hcryp; + #ifdef STM32_HAL_V2 + word32 iv[AES_BLOCK_SIZE/sizeof(word32)]; + #endif #else word32 *iv; CRYP_InitTypeDef cryptInit; @@ -3212,13 +3237,20 @@ int wc_AesSetIV(Aes* aes, const byte* iv) hcryp.Init.OperatingMode = CRYP_ALGOMODE_ENCRYPT; hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_CTR; hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE; + hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)aes->reg; + #elif defined(STM32_HAL_V2) + hcryp.Init.Algorithm = CRYP_AES_CTR; + ByteReverseWords(iv, aes->reg, AES_BLOCK_SIZE); + hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)iv; #endif - hcryp.Init.pInitVect = (uint8_t*)aes->reg; HAL_CRYP_Init(&hcryp); #ifdef STM32_CRYPTO_AES_ONLY ret = HAL_CRYPEx_AES(&hcryp, (byte*)in, AES_BLOCK_SIZE, out, STM32_HAL_TIMEOUT); + #elif defined(STM32_HAL_V2) + ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, AES_BLOCK_SIZE, + (uint32_t*)out, STM32_HAL_TIMEOUT); #else ret = HAL_CRYP_AESCTR_Encrypt(&hcryp, (byte*)in, AES_BLOCK_SIZE, out, STM32_HAL_TIMEOUT); @@ -5381,8 +5413,8 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz } #ifdef WOLFSSL_STM32_CUBEMX - hcryp.Init.pInitVect = (uint8_t*)ctr; - hcryp.Init.Header = authInPadded; + hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)ctr; + hcryp.Init.Header = (STM_CRYPT_TYPE*)authInPadded; hcryp.Init.HeaderSize = authInSz; #ifdef STM32_CRYPTO_AES_ONLY @@ -5407,7 +5439,7 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz (blocks * AES_BLOCK_SIZE), out, STM32_HAL_TIMEOUT); } } - if (status == HAL_OK && partial != 0) { + if (status == HAL_OK && (partial != 0 || blocks == 0)) { /* GCM payload phase - partial remainder */ XMEMSET(partialBlock, 0, sizeof(partialBlock)); XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial); @@ -5420,6 +5452,20 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz hcryp.Init.GCMCMACPhase = CRYP_FINAL_PHASE; status = HAL_CRYPEx_AES_Auth(&hcryp, NULL, sz, tag, STM32_HAL_TIMEOUT); } +#elif defined(STM32_HAL_V2) + hcryp.Init.Algorithm = CRYP_AES_GCM; + ByteReverseWords((word32*)partialBlock, (word32*)ctr, AES_BLOCK_SIZE); + hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)partialBlock; + HAL_CRYP_Init(&hcryp); + + /* GCM payload phase - can handle partial blocks */ + status = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, + (blocks * AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT); + if (status == HAL_OK) { + /* Compute the authTag */ + status = HAL_CRYPEx_AESGCM_GenerateAuthTAG(&hcryp, (uint32_t*)tag, + STM32_HAL_TIMEOUT); + } #else HAL_CRYP_Init(&hcryp); if (blocks) { @@ -5427,7 +5473,7 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz status = HAL_CRYPEx_AESGCM_Encrypt(&hcryp, (byte*)in, (blocks * AES_BLOCK_SIZE), out, STM32_HAL_TIMEOUT); } - if (status == HAL_OK && partial != 0) { + if (status == HAL_OK && (partial != 0 || blocks == 0)) { /* GCM payload phase - partial remainder */ XMEMSET(partialBlock, 0, sizeof(partialBlock)); XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial); @@ -5461,7 +5507,7 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz if (authTag) { /* STM32 GCM won't compute Auth correctly for partial or when IV != 12, so use software here */ - if (partial != 0 || ivSz != GCM_NONCE_MID_SZ) { + if (sz == 0 || partial != 0 || ivSz != GCM_NONCE_MID_SZ) { DecrementGcmCounter(ctr); /* hardware requires +1, so subtract it */ GHASH(aes, authIn, authInSz, out, sz, authTag, authTagSz); wc_AesEncrypt(aes, ctr, tag); @@ -5780,8 +5826,8 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, } #ifdef WOLFSSL_STM32_CUBEMX - hcryp.Init.pInitVect = (uint8_t*)ctr; - hcryp.Init.Header = authInPadded; + hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)ctr; + hcryp.Init.Header = (STM_CRYPT_TYPE*)authInPadded; hcryp.Init.HeaderSize = authInSz; #ifdef STM32_CRYPTO_AES_ONLY @@ -5806,7 +5852,7 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, (blocks * AES_BLOCK_SIZE), out, STM32_HAL_TIMEOUT); } } - if (status == HAL_OK && partial != 0) { + if (status == HAL_OK && (partial != 0 || blocks == 0)) { /* GCM payload phase - partial remainder */ XMEMSET(partialBlock, 0, sizeof(partialBlock)); XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial); @@ -5819,6 +5865,20 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, hcryp.Init.GCMCMACPhase = CRYP_FINAL_PHASE; status = HAL_CRYPEx_AES_Auth(&hcryp, NULL, sz, tag, STM32_HAL_TIMEOUT); } +#elif defined(STM32_HAL_V2) + hcryp.Init.Algorithm = CRYP_AES_GCM; + ByteReverseWords((word32*)partialBlock, (word32*)ctr, AES_BLOCK_SIZE); + hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)partialBlock; + HAL_CRYP_Init(&hcryp); + + /* GCM payload phase - can handle partial blocks */ + status = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in, + (blocks * AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT); + if (status == HAL_OK) { + /* Compute the authTag */ + status = HAL_CRYPEx_AESGCM_GenerateAuthTAG(&hcryp, (uint32_t*)tag, + STM32_HAL_TIMEOUT); + } #else HAL_CRYP_Init(&hcryp); if (blocks) { @@ -5826,7 +5886,7 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, status = HAL_CRYPEx_AESGCM_Decrypt(&hcryp, (byte*)in, (blocks * AES_BLOCK_SIZE), out, STM32_HAL_TIMEOUT); } - if (status == HAL_OK && partial != 0) { + if (status == HAL_OK && (partial != 0 || blocks == 0)) { /* GCM payload phase - partial remainder */ XMEMSET(partialBlock, 0, sizeof(partialBlock)); XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial); @@ -5861,7 +5921,7 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, #endif /* WOLFSSL_STM32_CUBEMX */ /* STM32 GCM hardware only supports IV of 12 bytes, so use software for auth */ - if (ivSz != GCM_NONCE_MID_SZ) { + if (sz == 0 || partial != 0 || ivSz != GCM_NONCE_MID_SZ) { DecrementGcmCounter(ctr); /* hardware requires +1, so subtract it */ GHASH(aes, authIn, authInSz, in, sz, tag, sizeof(tag)); wc_AesEncrypt(aes, ctr, partialBlock); diff --git a/wolfcrypt/src/port/st/stm32.c b/wolfcrypt/src/port/st/stm32.c index d5adf257d..0c24799a7 100644 --- a/wolfcrypt/src/port/st/stm32.c +++ b/wolfcrypt/src/port/st/stm32.c @@ -292,7 +292,10 @@ int wc_Stm32_Aes_Init(Aes* aes, CRYP_HandleTypeDef* hcryp) } hcryp->Instance = CRYP; hcryp->Init.DataType = CRYP_DATATYPE_8B; - hcryp->Init.pKey = (uint8_t*)aes->key; + hcryp->Init.pKey = (STM_CRYPT_TYPE*)aes->key; +#ifdef STM32_HAL_V2 + hcryp->Init.DataWidthUnit = CRYP_DATAWIDTHUNIT_BYTE; +#endif return 0; } diff --git a/wolfssl/wolfcrypt/port/st/stm32.h b/wolfssl/wolfcrypt/port/st/stm32.h index 5ef2d8bf7..fe38663ff 100644 --- a/wolfssl/wolfcrypt/port/st/stm32.h +++ b/wolfssl/wolfcrypt/port/st/stm32.h @@ -98,6 +98,19 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo, #define CRYP AES #endif + /* Detect newer CubeMX crypto HAL (HAL_CRYP_Encrypt / HAL_CRYP_Decrypt) */ + #if !defined(STM32_HAL_V2) && \ + defined(WOLFSSL_STM32F7) && defined(CRYP_AES_GCM) + #define STM32_HAL_V2 + #endif + + /* Thee datatype for STM32 CubeMX HAL Crypt calls */ + #ifdef STM32_HAL_V2 + #define STM_CRYPT_TYPE uint32_t + #else + #define STM_CRYPT_TYPE uint8_t + #endif + /* CRYPT_AES_GCM starts the IV with 2 */ #define STM32_GCM_IV_START 2