diff --git a/IDE/OPENSTM32/Inc/user_settings.h b/IDE/OPENSTM32/Inc/user_settings.h index 7ff0e7e43..1c4282fb0 100644 --- a/IDE/OPENSTM32/Inc/user_settings.h +++ b/IDE/OPENSTM32/Inc/user_settings.h @@ -64,6 +64,7 @@ extern "C" { //#define NO_STM32_HASH //#define NO_STM32_RNG //#define NO_STM32_CRYPTO +//#define WOLFSSL_STM32_PKA /* WB55 and L5 only */ /* ------------------------------------------------------------------------- */ diff --git a/src/internal.c b/src/internal.c index 7906c4c77..6286fd3bd 100644 --- a/src/internal.c +++ b/src/internal.c @@ -13103,10 +13103,10 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, #ifdef HAVE_AEAD -#if !defined(NO_PUBLIC_GCM_SET_IV) && \ - (((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \ - (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))) || \ - (defined(HAVE_POLY1305) && defined(HAVE_CHACHA))) +#if (!defined(NO_PUBLIC_GCM_SET_IV) && \ + ((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)))) || \ + (defined(HAVE_POLY1305) && defined(HAVE_CHACHA)) static WC_INLINE void AeadIncrementExpIV(WOLFSSL* ssl) { int i; diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 22f7c0cb0..8afb4635f 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -307,21 +307,21 @@ if (ret != 0) return ret; - #ifdef STM32_CRYPTO_AES_ONLY + #if defined(STM32_HAL_V2) + hcryp.Init.Algorithm = CRYP_AES_ECB; + #elif defined(STM32_CRYPTO_AES_ONLY) hcryp.Init.OperatingMode = CRYP_ALGOMODE_ENCRYPT; hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_ECB; hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE; - #elif defined(STM32_HAL_V2) - hcryp.Init.Algorithm = CRYP_AES_ECB; #endif HAL_CRYP_Init(&hcryp); - #ifdef STM32_CRYPTO_AES_ONLY - ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, - outBlock, STM32_HAL_TIMEOUT); - #elif defined(STM32_HAL_V2) + #if defined(STM32_HAL_V2) ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)inBlock, AES_BLOCK_SIZE, (uint32_t*)outBlock, STM32_HAL_TIMEOUT); + #elif defined(STM32_CRYPTO_AES_ONLY) + ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, + outBlock, STM32_HAL_TIMEOUT); #else ret = HAL_CRYP_AESECB_Encrypt(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, outBlock, STM32_HAL_TIMEOUT); @@ -331,7 +331,7 @@ } HAL_CRYP_DeInit(&hcryp); - #else /* STD_PERI_LIB */ + #else /* Standard Peripheral Library */ ret = wc_Stm32_Aes_Init(aes, &cryptInit, &keyInit); if (ret != 0) return ret; @@ -391,21 +391,21 @@ if (ret != 0) return ret; - #ifdef STM32_CRYPTO_AES_ONLY + #if defined(STM32_HAL_V2) + hcryp.Init.Algorithm = CRYP_AES_ECB; + #elif defined(STM32_CRYPTO_AES_ONLY) hcryp.Init.OperatingMode = CRYP_ALGOMODE_KEYDERIVATION_DECRYPT; hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_ECB; hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE; - #elif defined(STM32_HAL_V2) - hcryp.Init.Algorithm = CRYP_AES_ECB; #endif HAL_CRYP_Init(&hcryp); - #ifdef STM32_CRYPTO_AES_ONLY - ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, - outBlock, STM32_HAL_TIMEOUT); - #elif defined(STM32_HAL_V2) + #if defined(STM32_HAL_V2) ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)inBlock, AES_BLOCK_SIZE, (uint32_t*)outBlock, STM32_HAL_TIMEOUT); + #elif defined(STM32_CRYPTO_AES_ONLY) + ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, + outBlock, STM32_HAL_TIMEOUT); #else ret = HAL_CRYP_AESECB_Decrypt(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, outBlock, STM32_HAL_TIMEOUT); @@ -415,7 +415,7 @@ } HAL_CRYP_DeInit(&hcryp); - #else /* STD_PERI_LIB */ + #else /* Standard Peripheral Library */ ret = wc_Stm32_Aes_Init(aes, &cryptInit, &keyInit); if (ret != 0) return ret; @@ -2963,41 +2963,34 @@ int wc_AesSetIV(Aes* aes, const byte* iv) return ret; } - #ifdef STM32_CRYPTO_AES_ONLY + #if defined(STM32_HAL_V2) + hcryp.Init.Algorithm = CRYP_AES_CBC; + ByteReverseWords(aes->reg, aes->reg, AES_BLOCK_SIZE); + #elif defined(STM32_CRYPTO_AES_ONLY) hcryp.Init.OperatingMode = CRYP_ALGOMODE_ENCRYPT; hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_CBC; hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE; - #elif defined(STM32_HAL_V2) - hcryp.Init.Algorithm = CRYP_AES_CBC; - ByteReverseWords(aes->reg, aes->reg, AES_BLOCK_SIZE); #endif hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)aes->reg; HAL_CRYP_Init(&hcryp); - while (blocks--) { - #ifdef STM32_CRYPTO_AES_ONLY - ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, AES_BLOCK_SIZE, - out, STM32_HAL_TIMEOUT); - #elif defined(STM32_HAL_V2) - ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, AES_BLOCK_SIZE, - (uint32_t*)out, STM32_HAL_TIMEOUT); - #else - ret = HAL_CRYP_AESCBC_Encrypt(&hcryp, (uint8_t*)in, AES_BLOCK_SIZE, - out, STM32_HAL_TIMEOUT); - #endif - if (ret != HAL_OK) { - ret = WC_TIMEOUT_E; - break; - } - - /* store iv for next call */ - XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); - - sz -= AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; + #if defined(STM32_HAL_V2) + ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, blocks * AES_BLOCK_SIZE, + (uint32_t*)out, STM32_HAL_TIMEOUT); + #elif defined(STM32_CRYPTO_AES_ONLY) + ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE, + out, STM32_HAL_TIMEOUT); + #else + ret = HAL_CRYP_AESCBC_Encrypt(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE, + out, STM32_HAL_TIMEOUT); + #endif + if (ret != HAL_OK) { + ret = WC_TIMEOUT_E; } + /* store iv for next call */ + XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + HAL_CRYP_DeInit(&hcryp); wolfSSL_CryptHwMutexUnLock(); @@ -3023,41 +3016,35 @@ int wc_AesSetIV(Aes* aes, const byte* iv) /* if input and output same will overwrite input iv */ XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); - #ifdef STM32_CRYPTO_AES_ONLY + #if defined(STM32_HAL_V2) + hcryp.Init.Algorithm = CRYP_AES_CBC; + ByteReverseWords(aes->reg, aes->reg, AES_BLOCK_SIZE); + #elif defined(STM32_CRYPTO_AES_ONLY) hcryp.Init.OperatingMode = CRYP_ALGOMODE_KEYDERIVATION_DECRYPT; hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_CBC; hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE; - #elif defined(STM32_HAL_V2) - hcryp.Init.Algorithm = CRYP_AES_CBC; - ByteReverseWords(aes->reg, aes->reg, AES_BLOCK_SIZE); #endif hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)aes->reg; HAL_CRYP_Init(&hcryp); - while (blocks--) { - #ifdef STM32_CRYPTO_AES_ONLY - ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, AES_BLOCK_SIZE, - out, STM32_HAL_TIMEOUT); - #elif defined(STM32_HAL_V2) - ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in, AES_BLOCK_SIZE, - (uint32_t*)out, STM32_HAL_TIMEOUT); - #else - ret = HAL_CRYP_AESCBC_Decrypt(&hcryp, (uint8_t*)in, AES_BLOCK_SIZE, - out, STM32_HAL_TIMEOUT); - #endif - if (ret != HAL_OK) { - ret = WC_TIMEOUT_E; - break; - } - - /* store iv for next call */ - XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE); - - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; + #if defined(STM32_HAL_V2) + ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in, blocks * AES_BLOCK_SIZE, + (uint32_t*)out, STM32_HAL_TIMEOUT); + #elif defined(STM32_CRYPTO_AES_ONLY) + ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE, + out, STM32_HAL_TIMEOUT); + #else + ret = HAL_CRYP_AESCBC_Decrypt(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE, + out, STM32_HAL_TIMEOUT); + #endif + if (ret != HAL_OK) { + ret = WC_TIMEOUT_E; } + /* store iv for next call */ + XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE); + HAL_CRYP_DeInit(&hcryp); wolfSSL_CryptHwMutexUnLock(); @@ -3065,7 +3052,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) } #endif /* HAVE_AES_DECRYPT */ -#else /* STD_PERI_LIB */ +#else /* Standard Peripheral Library */ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { int ret; @@ -3752,26 +3739,26 @@ int wc_AesSetIV(Aes* aes, const byte* iv) return ret; } - #ifdef STM32_CRYPTO_AES_ONLY + #if defined(STM32_HAL_V2) + hcryp.Init.Algorithm = CRYP_AES_CTR; + ByteReverseWords(iv, aes->reg, AES_BLOCK_SIZE); + hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)iv; + #elif defined(STM32_CRYPTO_AES_ONLY) hcryp.Init.OperatingMode = CRYP_ALGOMODE_ENCRYPT; hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_CTR; hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE; hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)aes->reg; - #elif defined(STM32_HAL_V2) - hcryp.Init.Algorithm = CRYP_AES_CTR; - ByteReverseWords(iv, aes->reg, AES_BLOCK_SIZE); - hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)iv; #else hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)aes->reg; #endif HAL_CRYP_Init(&hcryp); - #ifdef STM32_CRYPTO_AES_ONLY - ret = HAL_CRYPEx_AES(&hcryp, (byte*)in, AES_BLOCK_SIZE, - out, STM32_HAL_TIMEOUT); - #elif defined(STM32_HAL_V2) + #if defined(STM32_HAL_V2) ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, AES_BLOCK_SIZE, (uint32_t*)out, STM32_HAL_TIMEOUT); + #elif defined(STM32_CRYPTO_AES_ONLY) + ret = HAL_CRYPEx_AES(&hcryp, (byte*)in, AES_BLOCK_SIZE, + out, STM32_HAL_TIMEOUT); #else ret = HAL_CRYP_AESCTR_Encrypt(&hcryp, (byte*)in, AES_BLOCK_SIZE, out, STM32_HAL_TIMEOUT); @@ -3781,7 +3768,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) } HAL_CRYP_DeInit(&hcryp); - #else /* STD_PERI_LIB */ + #else /* Standard Peripheral Library */ ret = wc_Stm32_Aes_Init(aes, &cryptInit, &keyInit); if (ret != 0) { wolfSSL_CryptHwMutexUnLock(); @@ -5937,8 +5924,9 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz word32 partial = sz % AES_BLOCK_SIZE; word32 tag[AES_BLOCK_SIZE/sizeof(word32)]; word32 ctr[AES_BLOCK_SIZE/sizeof(word32)]; + word32 authhdr[AES_BLOCK_SIZE/sizeof(word32)]; byte* authInPadded = NULL; - int authPadSz; + int authPadSz, wasAlloc = 0; ret = wc_AesGetKeySize(aes, &keySize); if (ret != 0) @@ -5969,13 +5957,19 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz /* Authentication buffer - must be 4-byte multiple zero padded */ authPadSz = authInSz % sizeof(word32); - if (authInSz == 0 || authPadSz != 0) { + if (authPadSz != 0) { authPadSz = authInSz + sizeof(word32) - authPadSz; - authInPadded = (byte*)XMALLOC(authPadSz, aes->heap, - DYNAMIC_TYPE_TMP_BUFFER); - if (authInPadded == NULL) { - wolfSSL_CryptHwMutexUnLock(); - return MEMORY_E; + if (authPadSz <= sizeof(authhdr)) { + authInPadded = (byte*)authhdr; + } + else { + authInPadded = (byte*)XMALLOC(authPadSz, aes->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (authInPadded == NULL) { + wolfSSL_CryptHwMutexUnLock(); + return MEMORY_E; + } + wasAlloc = 1; } XMEMSET(authInPadded, 0, authPadSz); XMEMCPY(authInPadded, authIn, authInSz); @@ -5988,9 +5982,26 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)ctr; hcryp.Init.Header = (STM_CRYPT_TYPE*)authInPadded; -#ifdef STM32_CRYPTO_AES_ONLY +#if defined(STM32_HAL_V2) + hcryp.Init.Algorithm = CRYP_AES_GCM; + hcryp.Init.HeaderSize = authPadSz/sizeof(word32); + ByteReverseWords(partialBlock, ctr, AES_BLOCK_SIZE); + hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)partialBlock; + HAL_CRYP_Init(&hcryp); + + /* GCM payload phase - can handle partial blocks */ + status = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, + (blocks * AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT); + if (status == HAL_OK) { + /* Compute the authTag */ + status = HAL_CRYPEx_AESGCM_GenerateAuthTAG(&hcryp, (uint32_t*)tag, + STM32_HAL_TIMEOUT); + } +#elif defined(STM32_CRYPTO_AES_ONLY) /* Set the CRYP parameters */ hcryp.Init.HeaderSize = authPadSz; + if (authPadSz == 0) + hcryp.Init.Header = NULL; /* cannot pass pointer here when authIn == 0 */ hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_GCM_GMAC; hcryp.Init.OperatingMode = CRYP_ALGOMODE_ENCRYPT; hcryp.Init.GCMCMACPhase = CRYP_INIT_PHASE; @@ -6016,7 +6027,7 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz XMEMSET(partialBlock, 0, sizeof(partialBlock)); XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial); status = HAL_CRYPEx_AES_Auth(&hcryp, (uint8_t*)partialBlock, partial, - (uint8_t*)partialBlock, STM32_HAL_TIMEOUT); + (uint8_t*)partialBlock, STM32_HAL_TIMEOUT); XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial); } if (status == HAL_OK) { @@ -6024,21 +6035,6 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz hcryp.Init.GCMCMACPhase = CRYP_FINAL_PHASE; status = HAL_CRYPEx_AES_Auth(&hcryp, NULL, sz, (uint8_t*)tag, STM32_HAL_TIMEOUT); } -#elif defined(STM32_HAL_V2) - hcryp.Init.Algorithm = CRYP_AES_GCM; - hcryp.Init.HeaderSize = authPadSz/sizeof(word32); - ByteReverseWords(partialBlock, ctr, AES_BLOCK_SIZE); - hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)partialBlock; - HAL_CRYP_Init(&hcryp); - - /* GCM payload phase - can handle partial blocks */ - status = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, - (blocks * AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT); - if (status == HAL_OK) { - /* Compute the authTag */ - status = HAL_CRYPEx_AESGCM_GenerateAuthTAG(&hcryp, (uint32_t*)tag, - STM32_HAL_TIMEOUT); - } #else hcryp.Init.HeaderSize = authPadSz; HAL_CRYP_Init(&hcryp); @@ -6065,7 +6061,7 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz ret = AES_GCM_AUTH_E; HAL_CRYP_DeInit(&hcryp); -#else /* STD_PERI_LIB */ +#else /* Standard Peripheral Library */ ByteReverseWords(keyCopy, (word32*)aes->key, keySize); status = CRYP_AES_GCM(MODE_ENCRYPT, (uint8_t*)ctr, (uint8_t*)keyCopy, keySize * 8, @@ -6079,9 +6075,8 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz if (ret == 0) { /* return authTag */ if (authTag) { - /* For STM32 GCM fallback to software if partial AES block or - * IV != 12 or when auth data is not 4 byte aligned */ - if (sz == 0 || partial != 0 || ivSz != GCM_NONCE_MID_SZ || authInPadded != authIn) { + /* For STM32 GCM fallback to software if partial AES block or IV != 12 */ + if (sz == 0 || partial != 0 || ivSz != GCM_NONCE_MID_SZ) { DecrementGcmCounter((byte*)ctr); /* hardware requires +1, so subtract it */ GHASH(aes, authIn, authInSz, out, sz, authTag, authTagSz); wc_AesEncrypt(aes, (byte*)ctr, (byte*)tag); @@ -6093,8 +6088,8 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz } } - /* Free memory if not a multiple of AES_BLOCK_SZ */ - if (authInPadded != authIn) { + /* Free memory */ + if (wasAlloc) { XFREE(authInPadded, aes->heap, DYNAMIC_TYPE_TMP_BUFFER); } @@ -6277,15 +6272,9 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, #endif /* WOLFSSL_ASYNC_CRYPT */ #ifdef STM32_CRYPTO_AES_GCM - /* The STM standard peripheral library API's doesn't support partial blocks */ - #ifdef STD_PERI_LIB - if (partial == 0) - #endif - { - return wc_AesGcmEncrypt_STM32( - aes, out, in, sz, iv, ivSz, - authTag, authTagSz, authIn, authInSz); - } + return wc_AesGcmEncrypt_STM32( + aes, out, in, sz, iv, ivSz, + authTag, authTagSz, authIn, authInSz); #endif /* STM32_CRYPTO_AES_GCM */ #ifdef WOLFSSL_AESNI @@ -6378,8 +6367,9 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, word32 tag[AES_BLOCK_SIZE/sizeof(word32)]; word32 partialBlock[AES_BLOCK_SIZE/sizeof(word32)]; word32 ctr[AES_BLOCK_SIZE/sizeof(word32)]; + word32 authhdr[AES_BLOCK_SIZE/sizeof(word32)]; byte* authInPadded = NULL; - int authPadSz; + int authPadSz, wasAlloc = 0; ret = wc_AesGetKeySize(aes, &keySize); if (ret != 0) @@ -6410,13 +6400,19 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, /* Authentication buffer - must be 4-byte multiple zero padded */ authPadSz = authInSz % sizeof(word32); - if (authInSz == 0 || authPadSz != 0) { + if (authPadSz != 0) { authPadSz = authInSz + sizeof(word32) - authPadSz; - authInPadded = (byte*)XMALLOC(authPadSz, aes->heap, - DYNAMIC_TYPE_TMP_BUFFER); - if (authInPadded == NULL) { - wolfSSL_CryptHwMutexUnLock(); - return MEMORY_E; + if (authPadSz <= sizeof(authhdr)) { + authInPadded = (byte*)authhdr; + } + else { + authInPadded = (byte*)XMALLOC(authPadSz, aes->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (authInPadded == NULL) { + wolfSSL_CryptHwMutexUnLock(); + return MEMORY_E; + } + wasAlloc = 1; } XMEMSET(authInPadded, 0, authPadSz); XMEMCPY(authInPadded, authIn, authInSz); @@ -6429,9 +6425,26 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)ctr; hcryp.Init.Header = (STM_CRYPT_TYPE*)authInPadded; -#ifdef STM32_CRYPTO_AES_ONLY +#if defined(STM32_HAL_V2) + hcryp.Init.HeaderSize = authPadSz/sizeof(word32); + hcryp.Init.Algorithm = CRYP_AES_GCM; + ByteReverseWords(partialBlock, ctr, AES_BLOCK_SIZE); + hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)partialBlock; + HAL_CRYP_Init(&hcryp); + + /* GCM payload phase - can handle partial blocks */ + status = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in, + (blocks * AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT); + if (status == HAL_OK) { + /* Compute the authTag */ + status = HAL_CRYPEx_AESGCM_GenerateAuthTAG(&hcryp, (uint32_t*)tag, + STM32_HAL_TIMEOUT); + } +#elif defined(STM32_CRYPTO_AES_ONLY) /* Set the CRYP parameters */ hcryp.Init.HeaderSize = authPadSz; + if (authPadSz == 0) + hcryp.Init.Header = NULL; /* cannot pass pointer when authIn == 0 */ hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_GCM_GMAC; hcryp.Init.OperatingMode = CRYP_ALGOMODE_DECRYPT; hcryp.Init.GCMCMACPhase = CRYP_INIT_PHASE; @@ -6465,21 +6478,6 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, hcryp.Init.GCMCMACPhase = CRYP_FINAL_PHASE; status = HAL_CRYPEx_AES_Auth(&hcryp, NULL, sz, (byte*)tag, STM32_HAL_TIMEOUT); } -#elif defined(STM32_HAL_V2) - hcryp.Init.HeaderSize = authPadSz/sizeof(word32); - hcryp.Init.Algorithm = CRYP_AES_GCM; - ByteReverseWords(partialBlock, ctr, AES_BLOCK_SIZE); - hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)partialBlock; - HAL_CRYP_Init(&hcryp); - - /* GCM payload phase - can handle partial blocks */ - status = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in, - (blocks * AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT); - if (status == HAL_OK) { - /* Compute the authTag */ - status = HAL_CRYPEx_AESGCM_GenerateAuthTAG(&hcryp, (uint32_t*)tag, - STM32_HAL_TIMEOUT); - } #else hcryp.Init.HeaderSize = authPadSz; HAL_CRYP_Init(&hcryp); @@ -6507,7 +6505,7 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, HAL_CRYP_DeInit(&hcryp); -#else /* STD_PERI_LIB */ +#else /* Standard Peripheral Library */ ByteReverseWords(keyCopy, (word32*)aes->key, aes->keylen); /* Input size and auth size need to be the actual sizes, even though @@ -6522,9 +6520,8 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, ret = AES_GCM_AUTH_E; #endif /* WOLFSSL_STM32_CUBEMX */ - /* For STM32 GCM fallback to software if partial AES block or - * IV != 12 or when auth data is not 4 byte aligned */ - if (sz == 0 || partial != 0 || ivSz != GCM_NONCE_MID_SZ || authInPadded != authIn) { + /* For STM32 GCM fallback to software if partial AES block or IV != 12 */ + if (sz == 0 || partial != 0 || ivSz != GCM_NONCE_MID_SZ) { DecrementGcmCounter((byte*)ctr); /* hardware requires +1, so subtract it */ GHASH(aes, authIn, authInSz, in, sz, (byte*)tag, sizeof(tag)); wc_AesEncrypt(aes, (byte*)ctr, (byte*)partialBlock); @@ -6536,8 +6533,8 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, ret = AES_GCM_AUTH_E; } - /* Free memory if not a multiple of AES_BLOCK_SZ */ - if (authInPadded != authIn) { + /* Free memory */ + if (wasAlloc) { XFREE(authInPadded, aes->heap, DYNAMIC_TYPE_TMP_BUFFER); } @@ -6732,14 +6729,9 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, #ifdef STM32_CRYPTO_AES_GCM /* The STM standard peripheral library API's doesn't support partial blocks */ - #ifdef STD_PERI_LIB - if (partial == 0) - #endif - { - return wc_AesGcmDecrypt_STM32( - aes, out, in, sz, iv, ivSz, - authTag, authTagSz, authIn, authInSz); - } + return wc_AesGcmDecrypt_STM32( + aes, out, in, sz, iv, ivSz, + authTag, authTagSz, authIn, authInSz); #endif /* STM32_CRYPTO_AES_GCM */ #ifdef WOLFSSL_AESNI diff --git a/wolfcrypt/src/port/st/stm32.c b/wolfcrypt/src/port/st/stm32.c index b37dbd845..2c3aac27d 100644 --- a/wolfcrypt/src/port/st/stm32.c +++ b/wolfcrypt/src/port/st/stm32.c @@ -299,7 +299,7 @@ int wc_Stm32_Aes_Init(Aes* aes, CRYP_HandleTypeDef* hcryp) return 0; } -#else /* STD_PERI_LIB */ +#else /* Standard Peripheral Library */ int wc_Stm32_Aes_Init(Aes* aes, CRYP_InitTypeDef* cryptInit, CRYP_KeyInitTypeDef* keyInit) @@ -363,9 +363,14 @@ int wc_Stm32_Aes_Init(Aes* aes, CRYP_InitTypeDef* cryptInit, #ifdef WOLFSSL_STM32_PKA #include + +#if defined(WOLFSSL_STM32L5) +#include +#include +#else #include #include - +#endif extern PKA_HandleTypeDef hpka; /* Reverse array in memory (in place) */ diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index 4d0a00ce0..48b0ffe8a 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -499,6 +499,7 @@ static int InitSha256(wc_Sha256* sha256) (void)devId; (void)heap; + XMEMSET(sha256, 0, sizeof(wc_Sha256)); wc_Stm32_Hash_Init(&sha256->stmCtx); return 0; } diff --git a/wolfssl/wolfcrypt/port/st/stm32.h b/wolfssl/wolfcrypt/port/st/stm32.h index 4b461a113..06a49160f 100644 --- a/wolfssl/wolfcrypt/port/st/stm32.h +++ b/wolfssl/wolfcrypt/port/st/stm32.h @@ -28,11 +28,6 @@ #include #include -#if defined(WOLFSSL_STM32_PKA) && defined(HAVE_ECC) - #include - #include -#endif - #ifdef STM32_HASH #define WOLFSSL_NO_HASH_RAW @@ -54,6 +49,9 @@ #if !defined(HASH_DATATYPE_8B) && defined(HASH_DataType_8b) #define HASH_DATATYPE_8B HASH_DataType_8b #endif +#ifndef HASH_STR_NBW + #define HASH_STR_NBW HASH_STR_NBLW +#endif #ifndef STM32_HASH_TIMEOUT #define STM32_HASH_TIMEOUT 0xFFFF @@ -93,19 +91,30 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo, #ifndef NO_AES #if !defined(STM32_CRYPTO_AES_GCM) && (defined(WOLFSSL_STM32F4) || \ - defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32L4)) + defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32L4) || \ + defined(WOLFSSL_STM32L5)) /* Hardware supports AES GCM acceleration */ #define STM32_CRYPTO_AES_GCM #endif - #ifdef WOLFSSL_STM32L4 + #if defined(WOLFSSL_STM32WB) #define STM32_CRYPTO_AES_ONLY /* crypto engine only supports AES */ + #define CRYP AES1 + #define STM32_HAL_V2 + #endif + #if defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) + #ifdef WOLFSSL_STM32L4 + #define STM32_CRYPTO_AES_ONLY /* crypto engine only supports AES */ + #endif #define CRYP AES + #ifndef CRYP_AES_GCM + #define CRYP_AES_GCM CRYP_AES_GCM_GMAC + #endif #endif /* Detect newer CubeMX crypto HAL (HAL_CRYP_Encrypt / HAL_CRYP_Decrypt) */ #if !defined(STM32_HAL_V2) && \ - defined(WOLFSSL_STM32F7) && defined(CRYP_AES_GCM) + (defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32L5)) && defined(CRYP_AES_GCM) #define STM32_HAL_V2 #endif @@ -122,7 +131,7 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo, struct Aes; #ifdef WOLFSSL_STM32_CUBEMX int wc_Stm32_Aes_Init(struct Aes* aes, CRYP_HandleTypeDef* hcryp); - #else /* STD_PERI_LIB */ + #else /* Standard Peripheral Library */ int wc_Stm32_Aes_Init(struct Aes* aes, CRYP_InitTypeDef* cryptInit, CRYP_KeyInitTypeDef* keyInit); #endif /* WOLFSSL_STM32_CUBEMX */ @@ -131,12 +140,25 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo, #endif /* STM32_CRYPTO */ #if defined(WOLFSSL_STM32_PKA) && defined(HAVE_ECC) -int stm32_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, - word32 hashlen, int* res, ecc_key* key); - -int stm32_ecc_sign_hash_ex(const byte* hash, word32 hashlen, WC_RNG* rng, - ecc_key* key, mp_int *r, mp_int *s); +#ifdef WOLFSSL_SP_MATH + struct sp_int; + #define MATH_INT_T struct sp_int +#elif defined(USE_FAST_MATH) + struct fp_int; + #define MATH_INT_T struct fp_int +#else + struct mp_int; + #define MATH_INT_T struct mp_int #endif +struct ecc_key; +struct WC_RNG; + +int stm32_ecc_verify_hash_ex(MATH_INT_T *r, MATH_INT_T *s, const byte* hash, + word32 hashlen, int* res, struct ecc_key* key); + +int stm32_ecc_sign_hash_ex(const byte* hash, word32 hashlen, struct WC_RNG* rng, + struct ecc_key* key, MATH_INT_T *r, MATH_INT_T *s); +#endif /* WOLFSSL_STM32_PKA && HAVE_ECC */ #endif /* _WOLFPORT_STM32_H_ */ diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 32bf31eb3..b253519b5 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -1203,7 +1203,8 @@ extern void uITRON4_free(void *p) ; #if defined(WOLFSSL_STM32F2) || defined(WOLFSSL_STM32F4) || \ defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32F1) || \ - defined(WOLFSSL_STM32L4) + defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \ + defined(WOLFSSL_STM32WB) #define SIZEOF_LONG_LONG 8 #ifndef CHAR_BIT @@ -1224,7 +1225,8 @@ extern void uITRON4_free(void *p) ; #undef STM32_CRYPTO #define STM32_CRYPTO - #ifdef WOLFSSL_STM32L4 + #if defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \ + defined(WOLFSSL_STM32WB) #define NO_AES_192 /* hardware does not support 192-bit */ #endif #endif @@ -1239,6 +1241,8 @@ extern void uITRON4_free(void *p) ; #ifdef WOLFSSL_STM32_CUBEMX #if defined(WOLFSSL_STM32F2) #include "stm32f2xx_hal.h" + #elif defined(WOLFSSL_STM32L5) + #include "stm32l5xx_hal.h" #elif defined(WOLFSSL_STM32L4) #include "stm32l4xx_hal.h" #elif defined(WOLFSSL_STM32F4) @@ -1247,6 +1251,8 @@ extern void uITRON4_free(void *p) ; #include "stm32f7xx_hal.h" #elif defined(WOLFSSL_STM32F1) #include "stm32f1xx_hal.h" + #elif defined(WOLFSSL_STM32WB) + #include "stm32wbxx_hal.h" #endif #if defined(WOLFSSL_CUBEMX_USE_LL) && defined(WOLFSSL_STM32L4) #include "stm32l4xx_ll_rng.h" @@ -1272,7 +1278,15 @@ extern void uITRON4_free(void *p) ; #ifdef STM32_HASH #include "stm32f4xx_hash.h" #endif - #elif defined(WOLFSSL_STM32L4) + #elif defined(WOLFSSL_STM32L5) + #include "stm32l5xx.h" + #ifdef STM32_CRYPTO + #include "stm32l5xx_cryp.h" + #endif + #ifdef STM32_HASH + #include "stm32l5xx_hash.h" + #endif + #elif defined(WOLFSSL_STM32L4) #include "stm32l4xx.h" #ifdef STM32_CRYPTO #include "stm32l4xx_cryp.h" @@ -1286,7 +1300,8 @@ extern void uITRON4_free(void *p) ; #include "stm32f1xx.h" #endif #endif /* WOLFSSL_STM32_CUBEMX */ -#endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32L4 || WOLFSSL_STM32F7 */ +#endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32L4 || + WOLFSSL_STM32L5 || WOLFSSL_STM32F7 || WOLFSSL_STMWB */ #ifdef WOLFSSL_DEOS #include #include diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h index 77f5fb759..2948ac6ea 100644 --- a/wolfssl/wolfcrypt/sha256.h +++ b/wolfssl/wolfcrypt/sha256.h @@ -144,6 +144,7 @@ struct wc_Sha256 { word32 loLen; /* length in bytes */ word32 hiLen; /* length in bytes */ void* heap; +#endif #ifdef WOLFSSL_PIC32MZ_HASH hashUpdCache cache; /* cache for updates */ #endif @@ -152,7 +153,7 @@ struct wc_Sha256 { #endif /* WOLFSSL_ASYNC_CRYPT */ #ifdef WOLFSSL_SMALL_STACK_CACHE word32* W; -#endif +#endif /* !FREESCALE_LTC_SHA && !STM32_HASH_SHA2 */ #ifdef WOLFSSL_DEVCRYPTO_HASH WC_CRYPTODEV ctx; byte* msg; @@ -170,7 +171,6 @@ struct wc_Sha256 { int devId; void* devCtx; /* generic crypto callback context */ #endif -#endif #if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) word32 flags; /* enum wc_HashFlags in hash.h */ #endif diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index bfc514263..d3deb59db 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -245,7 +245,7 @@ /* Enable crypt HW mutex for Freescale MMCAU, PIC32MZ or STM32 */ #if defined(FREESCALE_MMCAU) || defined(WOLFSSL_MICROCHIP_PIC32MZ) || \ - defined(STM32_CRYPTO) + defined(STM32_CRYPTO) || defined(STM32_HASH) || defined(STM32_RNG) #ifndef WOLFSSL_CRYPT_HW_MUTEX #define WOLFSSL_CRYPT_HW_MUTEX 1 #endif