From 839231c5082f376b29cd18c1f6bcbcdd141da120 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 25 May 2021 12:37:12 -0700 Subject: [PATCH 1/6] Fixes for STM32 PKA compiler warnings. --- wolfcrypt/src/ecc.c | 4 ++++ wolfcrypt/src/port/st/stm32.c | 1 - wolfcrypt/src/random.c | 4 ++-- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 5336d15f0..9c40912fc 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -6796,6 +6796,8 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, } #endif /* !NO_ASN */ +#if !defined(WOLFSSL_STM32_PKA) && !defined(WOLFSSL_PSOC6_CRYPTO) + static int wc_ecc_check_r_s_range(ecc_key* key, mp_int* r, mp_int* s) { int err; @@ -6822,6 +6824,8 @@ static int wc_ecc_check_r_s_range(ecc_key* key, mp_int* r, mp_int* s) FREE_CURVE_SPECS(); return err; } +#endif /* !WOLFSSL_STM32_PKA && !WOLFSSL_PSOC6_CRYPTO */ + /** Verify an ECC signature diff --git a/wolfcrypt/src/port/st/stm32.c b/wolfcrypt/src/port/st/stm32.c index 390fa23f4..c276a6f6f 100644 --- a/wolfcrypt/src/port/st/stm32.c +++ b/wolfcrypt/src/port/st/stm32.c @@ -538,7 +538,6 @@ static const uint8_t stm32_ecc256_order[ECC256_KEYSIZE] = { 0xbc, 0xe6, 0xfa, 0xad, 0xa7, 0x17, 0x9e, 0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc, 0x63, 0x25, 0x51 }; -static const uint32_t stm32_ecc256_cofactor = 1U; #endif /* ECC256 */ diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 0d00cee34..32af3022f 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -1964,7 +1964,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) ((wolfssl_word)&output[i] % sizeof(word32)) != 0 ) { /* Single byte at a time */ - word32 tmpRng = 0; + uint32_t tmpRng = 0; if (HAL_RNG_GenerateRandomNumber(&hrng, &tmpRng) != HAL_OK) { wolfSSL_CryptHwMutexUnLock(); return RAN_BLOCK_E; @@ -1973,7 +1973,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) } else { /* Use native 32 instruction */ - if (HAL_RNG_GenerateRandomNumber(&hrng, (word32*)&output[i]) != HAL_OK) { + if (HAL_RNG_GenerateRandomNumber(&hrng, (uint32_t*)&output[i]) != HAL_OK) { wolfSSL_CryptHwMutexUnLock(); return RAN_BLOCK_E; } From b0782cb8f8ad6505e73e3f1b63e763850a0cdfa2 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 25 May 2021 14:55:22 -0700 Subject: [PATCH 2/6] Fix for improperly initialized `PKA_ECDSASignOutTypeDef` on STM32 PKA sign. --- wolfcrypt/src/asn.c | 2 +- wolfcrypt/src/ecc.c | 1 - wolfcrypt/src/port/st/stm32.c | 2 +- 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 2c892fc99..29c9c1e79 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -7706,7 +7706,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx, } if ((ret = wc_DsaPublicKeyDecode(key, &idx, sigCtx->key.dsa, keySz)) != 0) { - WOLFSSL_MSG("ASN Key decode error RSA"); + WOLFSSL_MSG("ASN Key decode error DSA"); goto exit_cs; } if (sigSz != DSA_SIG_SIZE) { diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 9c40912fc..faad7d547 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -6797,7 +6797,6 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, #endif /* !NO_ASN */ #if !defined(WOLFSSL_STM32_PKA) && !defined(WOLFSSL_PSOC6_CRYPTO) - static int wc_ecc_check_r_s_range(ecc_key* key, mp_int* r, mp_int* s) { int err; diff --git a/wolfcrypt/src/port/st/stm32.c b/wolfcrypt/src/port/st/stm32.c index c276a6f6f..a080b6ed8 100644 --- a/wolfcrypt/src/port/st/stm32.c +++ b/wolfcrypt/src/port/st/stm32.c @@ -825,7 +825,7 @@ int stm32_ecc_sign_hash_ex(const byte* hash, word32 hashlen, WC_RNG* rng, const uint8_t *prime, *coef, *gen_x, *gen_y, *order; const uint32_t *coef_sign; XMEMSET(&pka_ecc, 0x00, sizeof(PKA_ECDSASignInTypeDef)); - XMEMSET(&pka_ecc, 0x00, sizeof(PKA_ECDSASignOutTypeDef)); + XMEMSET(&pka_ecc_out, 0x00, sizeof(PKA_ECDSASignOutTypeDef)); if (r == NULL || s == NULL || hash == NULL || key == NULL) { return ECC_BAD_ARG_E; From 7b6005d467f457c0beea847fbaa1fcf3e1d55b57 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 25 May 2021 15:09:19 -0700 Subject: [PATCH 3/6] Remove unused STM32 cofactor. --- wolfcrypt/src/port/st/stm32.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/wolfcrypt/src/port/st/stm32.c b/wolfcrypt/src/port/st/stm32.c index a080b6ed8..6ca9c5568 100644 --- a/wolfcrypt/src/port/st/stm32.c +++ b/wolfcrypt/src/port/st/stm32.c @@ -463,7 +463,6 @@ static const uint8_t stm32_ecc192_order[ECC192_KEYSIZE] = { 0xFF, 0xFF, 0xFF, 0xFF, 0x99, 0xDE, 0xF8, 0x36, 0x14, 0x6B, 0xC9, 0xB1, 0xB4, 0xD2, 0x28, 0x31 }; -static const uint32_t stm32_ecc192_cofactor = 1U; #endif /* ECC192 */ /* P-224 */ @@ -500,8 +499,6 @@ static const uint8_t stm32_ecc224_order[ECC224_KEYSIZE] = { 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45, 0x5C, 0x5C, 0x2A, 0x3D }; -static const uint32_t stm32_ecc224_cofactor = 1U; - #endif /* ECC224 */ /* P-256 */ @@ -538,7 +535,6 @@ static const uint8_t stm32_ecc256_order[ECC256_KEYSIZE] = { 0xbc, 0xe6, 0xfa, 0xad, 0xa7, 0x17, 0x9e, 0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc, 0x63, 0x25, 0x51 }; - #endif /* ECC256 */ /* P-384 */ @@ -585,7 +581,6 @@ static const uint8_t stm32_ecc384_order[ECC384_KEYSIZE] = { 0x58, 0x1A, 0x0D, 0xB2, 0x48, 0xB0, 0xA7, 0x7A, 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73 }; -static const uint32_t stm32_ecc384_cofactor = 1U; #endif /* ECC384 */ static int stm32_get_ecc_specs(const uint8_t **prime, const uint8_t **coef, From 98ab62ea749e1e28c5badbaccb1a9f1d78dd215c Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 25 May 2021 16:03:41 -0700 Subject: [PATCH 4/6] Fix for STM32 PKA ECC point mapping, which is handled in hardware. --- wolfcrypt/src/port/st/stm32.c | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/wolfcrypt/src/port/st/stm32.c b/wolfcrypt/src/port/st/stm32.c index 6ca9c5568..ecc7644ff 100644 --- a/wolfcrypt/src/port/st/stm32.c +++ b/wolfcrypt/src/port/st/stm32.c @@ -594,7 +594,7 @@ static int stm32_get_ecc_specs(const uint8_t **prime, const uint8_t **coef, *GenPointX = stm32_ecc256_pointX; *GenPointY = stm32_ecc256_pointY; *coef_sign = &stm32_ecc256_coef_sign; - *order = stm32_ecc256_order; + if (order) *order = stm32_ecc256_order; break; #ifdef ECC224 case 28: @@ -603,7 +603,7 @@ static int stm32_get_ecc_specs(const uint8_t **prime, const uint8_t **coef, *GenPointX = stm32_ecc224_pointX; *GenPointY = stm32_ecc224_pointY; *coef_sign = &stm32_ecc224_coef; - *order = stm32_ecc224_order; + if (order) *order = stm32_ecc224_order; break; #endif #ifdef ECC192 @@ -613,7 +613,7 @@ static int stm32_get_ecc_specs(const uint8_t **prime, const uint8_t **coef, *GenPointX = stm32_ecc192_pointX; *GenPointY = stm32_ecc192_pointY; *coef_sign = &stm32_ecc192_coef; - *order = stm32_ecc192_order; + if (order) *order = stm32_ecc192_order; break; #endif #ifdef ECC384 @@ -623,7 +623,7 @@ static int stm32_get_ecc_specs(const uint8_t **prime, const uint8_t **coef, *GenPointX = stm32_ecc384_pointX; *GenPointY = stm32_ecc384_pointY; *coef_sign = &stm32_ecc384_coef; - *order = stm32_ecc384_order; + if (order) *order = stm32_ecc384_order; break; #endif default: @@ -658,7 +658,7 @@ int wc_ecc_mulmod_ex(const mp_int *k, ecc_point *G, ecc_point *R, mp_int* a, uint8_t kbin[STM32_MAX_ECC_SIZE]; uint8_t PtXbin[STM32_MAX_ECC_SIZE]; uint8_t PtYbin[STM32_MAX_ECC_SIZE]; - const uint8_t *prime, *coef, *gen_x, *gen_y, *order; + const uint8_t *prime, *coef, *gen_x, *gen_y; const uint32_t *coef_sign; (void)a; (void)heap; @@ -685,10 +685,9 @@ int wc_ecc_mulmod_ex(const mp_int *k, ecc_point *G, ecc_point *R, mp_int* a, size = (uint8_t)szModulus; /* find STM32_PKA friendly parameters for the selected curve */ - if (0 != stm32_get_ecc_specs(&prime, &coef, &coef_sign, &gen_x, &gen_y, &order, size)) { + if (0 != stm32_get_ecc_specs(&prime, &coef, &coef_sign, &gen_x, &gen_y, NULL, size)) { return ECC_BAD_ARG_E; } - (void)order; pka_mul.modulusSize = szModulus; pka_mul.coefSign = *coef_sign; @@ -731,6 +730,16 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, return wc_ecc_mulmod_ex(k, G, R, a, modulus, map, heap); } +int ecc_map_ex(ecc_point* P, mp_int* modulus, mp_digit mp, int ct) +{ + /* this is handled in hardware, so no projective mapping needed */ + (void)P; + (void)modulus; + (void)mp; + (void)ct; + return MP_OKAY; +} + int stm32_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, word32 hashlen, int* res, ecc_key* key) { From 4d4b3c9e8ae1172870fa3867a20a25034338ecc5 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 26 May 2021 09:46:40 -0700 Subject: [PATCH 5/6] Fixes for return codes on STM PKA code. Fix for const warnings. --- wolfcrypt/src/port/st/stm32.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/wolfcrypt/src/port/st/stm32.c b/wolfcrypt/src/port/st/stm32.c index ecc7644ff..b0b60eb44 100644 --- a/wolfcrypt/src/port/st/stm32.c +++ b/wolfcrypt/src/port/st/stm32.c @@ -386,19 +386,19 @@ extern PKA_HandleTypeDef hpka; * and mp_int has only 31 bytes, we add leading zeros * so that result array has 32 bytes, same as modulus (sz). */ -static int stm32_get_from_mp_int(uint8_t *dst, mp_int *a, int sz) +static int stm32_get_from_mp_int(uint8_t *dst, const mp_int *a, int sz) { int res; int szbin; int offset; - if (!a || !dst || (sz < 0)) - return -1; + if (a == NULL || dst == NULL || sz < 0) + return BAD_FUNC_ARG; /* check how many bytes are in the mp_int */ - szbin = mp_unsigned_bin_size(a); - if ((szbin < 0) || (szbin > sz)) - return -1; + szbin = mp_unsigned_bin_size((mp_int*)a); + if (szbin < 0 || szbin > sz) + return BUFFER_E; /* compute offset from dst */ offset = sz - szbin; @@ -412,7 +412,7 @@ static int stm32_get_from_mp_int(uint8_t *dst, mp_int *a, int sz) XMEMSET(dst, 0, offset); /* convert mp_int to array of bytes */ - res = mp_to_unsigned_bin(a, dst + offset); + res = mp_to_unsigned_bin((mp_int*)a, dst + offset); return res; } @@ -627,7 +627,7 @@ static int stm32_get_ecc_specs(const uint8_t **prime, const uint8_t **coef, break; #endif default: - return -1; + return NOT_COMPILED_IN; } return 0; } @@ -672,7 +672,7 @@ int wc_ecc_mulmod_ex(const mp_int *k, ecc_point *G, ecc_point *R, mp_int* a, } szModulus = mp_unsigned_bin_size(modulus); - szkbin = mp_unsigned_bin_size(k); + szkbin = mp_unsigned_bin_size((mp_int*)k); res = stm32_get_from_mp_int(kbin, k, szkbin); if (res == MP_OKAY) From 2ffc0a83925688f8e8f9b6bc9c5ae6c46c855fe5 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 11 Jun 2021 08:42:06 -0700 Subject: [PATCH 6/6] Remove casts that are not needed. --- wolfcrypt/src/port/st/stm32.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/port/st/stm32.c b/wolfcrypt/src/port/st/stm32.c index b0b60eb44..3879ba177 100644 --- a/wolfcrypt/src/port/st/stm32.c +++ b/wolfcrypt/src/port/st/stm32.c @@ -396,7 +396,7 @@ static int stm32_get_from_mp_int(uint8_t *dst, const mp_int *a, int sz) return BAD_FUNC_ARG; /* check how many bytes are in the mp_int */ - szbin = mp_unsigned_bin_size((mp_int*)a); + szbin = mp_unsigned_bin_size(a); if (szbin < 0 || szbin > sz) return BUFFER_E; @@ -672,7 +672,7 @@ int wc_ecc_mulmod_ex(const mp_int *k, ecc_point *G, ecc_point *R, mp_int* a, } szModulus = mp_unsigned_bin_size(modulus); - szkbin = mp_unsigned_bin_size((mp_int*)k); + szkbin = mp_unsigned_bin_size(k); res = stm32_get_from_mp_int(kbin, k, szkbin); if (res == MP_OKAY)