From 8791573dfebfad2446d4087a87318c75c771eba8 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 22 May 2020 08:24:57 -0700 Subject: [PATCH 1/9] Fix for building with `NO_PUBLIC_GCM_SET_IV` when ChaCha20/Poly1305 is enabled. Cleanup use of not used `STD_PERI_LIB`. --- src/internal.c | 8 +++---- wolfcrypt/src/aes.c | 35 +++++++++++-------------------- wolfcrypt/src/port/st/stm32.c | 2 +- wolfssl/wolfcrypt/port/st/stm32.h | 2 +- 4 files changed, 18 insertions(+), 29 deletions(-) diff --git a/src/internal.c b/src/internal.c index 7906c4c77..6286fd3bd 100644 --- a/src/internal.c +++ b/src/internal.c @@ -13103,10 +13103,10 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, #ifdef HAVE_AEAD -#if !defined(NO_PUBLIC_GCM_SET_IV) && \ - (((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \ - (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))) || \ - (defined(HAVE_POLY1305) && defined(HAVE_CHACHA))) +#if (!defined(NO_PUBLIC_GCM_SET_IV) && \ + ((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)))) || \ + (defined(HAVE_POLY1305) && defined(HAVE_CHACHA)) static WC_INLINE void AeadIncrementExpIV(WOLFSSL* ssl) { int i; diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 516884670..504aa6559 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -331,7 +331,7 @@ } HAL_CRYP_DeInit(&hcryp); - #else /* STD_PERI_LIB */ + #else /* Standard Peripheral Library */ ret = wc_Stm32_Aes_Init(aes, &cryptInit, &keyInit); if (ret != 0) return ret; @@ -415,7 +415,7 @@ } HAL_CRYP_DeInit(&hcryp); - #else /* STD_PERI_LIB */ + #else /* Standard Peripheral Library */ ret = wc_Stm32_Aes_Init(aes, &cryptInit, &keyInit); if (ret != 0) return ret; @@ -3065,7 +3065,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) } #endif /* HAVE_AES_DECRYPT */ -#else /* STD_PERI_LIB */ +#else /* Standard Peripheral Library */ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { int ret; @@ -3781,7 +3781,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) } HAL_CRYP_DeInit(&hcryp); - #else /* STD_PERI_LIB */ + #else /* Standard Peripheral Library */ ret = wc_Stm32_Aes_Init(aes, &cryptInit, &keyInit); if (ret != 0) { wolfSSL_CryptHwMutexUnLock(); @@ -6065,7 +6065,7 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz ret = AES_GCM_AUTH_E; HAL_CRYP_DeInit(&hcryp); -#else /* STD_PERI_LIB */ +#else /* Standard Peripheral Library */ ByteReverseWords(keyCopy, (word32*)aes->key, keySize); status = CRYP_AES_GCM(MODE_ENCRYPT, (uint8_t*)ctr, (uint8_t*)keyCopy, keySize * 8, @@ -6277,15 +6277,9 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, #endif /* WOLFSSL_ASYNC_CRYPT */ #ifdef STM32_CRYPTO_AES_GCM - /* The STM standard peripheral library API's doesn't support partial blocks */ - #ifdef STD_PERI_LIB - if (partial == 0) - #endif - { - return wc_AesGcmEncrypt_STM32( - aes, out, in, sz, iv, ivSz, - authTag, authTagSz, authIn, authInSz); - } + return wc_AesGcmEncrypt_STM32( + aes, out, in, sz, iv, ivSz, + authTag, authTagSz, authIn, authInSz); #endif /* STM32_CRYPTO_AES_GCM */ #ifdef WOLFSSL_AESNI @@ -6507,7 +6501,7 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, HAL_CRYP_DeInit(&hcryp); -#else /* STD_PERI_LIB */ +#else /* Standard Peripheral Library */ ByteReverseWords(keyCopy, (word32*)aes->key, aes->keylen); /* Input size and auth size need to be the actual sizes, even though @@ -6732,14 +6726,9 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, #ifdef STM32_CRYPTO_AES_GCM /* The STM standard peripheral library API's doesn't support partial blocks */ - #ifdef STD_PERI_LIB - if (partial == 0) - #endif - { - return wc_AesGcmDecrypt_STM32( - aes, out, in, sz, iv, ivSz, - authTag, authTagSz, authIn, authInSz); - } + return wc_AesGcmDecrypt_STM32( + aes, out, in, sz, iv, ivSz, + authTag, authTagSz, authIn, authInSz); #endif /* STM32_CRYPTO_AES_GCM */ #ifdef WOLFSSL_AESNI diff --git a/wolfcrypt/src/port/st/stm32.c b/wolfcrypt/src/port/st/stm32.c index b37dbd845..bb20a14d7 100644 --- a/wolfcrypt/src/port/st/stm32.c +++ b/wolfcrypt/src/port/st/stm32.c @@ -299,7 +299,7 @@ int wc_Stm32_Aes_Init(Aes* aes, CRYP_HandleTypeDef* hcryp) return 0; } -#else /* STD_PERI_LIB */ +#else /* Standard Peripheral Library */ int wc_Stm32_Aes_Init(Aes* aes, CRYP_InitTypeDef* cryptInit, CRYP_KeyInitTypeDef* keyInit) diff --git a/wolfssl/wolfcrypt/port/st/stm32.h b/wolfssl/wolfcrypt/port/st/stm32.h index 4b461a113..0e9010756 100644 --- a/wolfssl/wolfcrypt/port/st/stm32.h +++ b/wolfssl/wolfcrypt/port/st/stm32.h @@ -122,7 +122,7 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo, struct Aes; #ifdef WOLFSSL_STM32_CUBEMX int wc_Stm32_Aes_Init(struct Aes* aes, CRYP_HandleTypeDef* hcryp); - #else /* STD_PERI_LIB */ + #else /* Standard Peripheral Library */ int wc_Stm32_Aes_Init(struct Aes* aes, CRYP_InitTypeDef* cryptInit, CRYP_KeyInitTypeDef* keyInit); #endif /* WOLFSSL_STM32_CUBEMX */ From 42ee313286fdc42f486a91c19702761ae7045d77 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 22 May 2020 09:45:58 -0700 Subject: [PATCH 2/9] Fix for using `WOLFSSL_SMALL_STACK_CACHE` with STM32 SHA256 hardware acceleration. --- wolfssl/wolfcrypt/sha256.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h index 798f309d1..7dda9add4 100644 --- a/wolfssl/wolfcrypt/sha256.h +++ b/wolfssl/wolfcrypt/sha256.h @@ -142,6 +142,7 @@ struct wc_Sha256 { word32 loLen; /* length in bytes */ word32 hiLen; /* length in bytes */ void* heap; +#endif #ifdef WOLFSSL_PIC32MZ_HASH hashUpdCache cache; /* cache for updates */ #endif @@ -150,7 +151,7 @@ struct wc_Sha256 { #endif /* WOLFSSL_ASYNC_CRYPT */ #ifdef WOLFSSL_SMALL_STACK_CACHE word32* W; -#endif +#endif /* !FREESCALE_LTC_SHA && !STM32_HASH_SHA2 */ #ifdef WOLFSSL_DEVCRYPTO_HASH WC_CRYPTODEV ctx; byte* msg; @@ -168,7 +169,6 @@ struct wc_Sha256 { int devId; void* devCtx; /* generic crypto callback context */ #endif -#endif #if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) word32 flags; /* enum wc_HashFlags in hash.h */ #endif From dff7c0fcfa430662caed15ed32f66e57a2c81f71 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 22 May 2020 10:04:58 -0700 Subject: [PATCH 3/9] Fix for hardware mutex protection in case where STM32 hardware acceleration is used for RNG or HASH only. --- wolfssl/wolfcrypt/wc_port.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index bfc514263..d3deb59db 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -245,7 +245,7 @@ /* Enable crypt HW mutex for Freescale MMCAU, PIC32MZ or STM32 */ #if defined(FREESCALE_MMCAU) || defined(WOLFSSL_MICROCHIP_PIC32MZ) || \ - defined(STM32_CRYPTO) + defined(STM32_CRYPTO) || defined(STM32_HASH) || defined(STM32_RNG) #ifndef WOLFSSL_CRYPT_HW_MUTEX #define WOLFSSL_CRYPT_HW_MUTEX 1 #endif From efe9da0994eb843c7d06055d4dd79b8624b0dff8 Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 28 May 2020 07:57:56 -0700 Subject: [PATCH 4/9] Fix for STM32 crypto hash with `WOLFSSL_SMALL_STACK_CACHE` possible free of invalid pointer. --- wolfcrypt/src/sha256.c | 1 + 1 file changed, 1 insertion(+) diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index eb0911b01..9ff35a90e 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -494,6 +494,7 @@ static int InitSha256(wc_Sha256* sha256) (void)devId; (void)heap; + XMEMSET(sha256, 0, sizeof(wc_Sha256)); wc_Stm32_Hash_Init(&sha256->stmCtx); return 0; } From 6f82f15d1be66cce19d1aadf3601e66d077f3baa Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 2 Jun 2020 10:44:17 -0700 Subject: [PATCH 5/9] Performance improvements for STM32 AES CBC and GCM crypto hardware. * AES CBC: - Do all blocks, not just one at a time. * AES GCM: - Use local stack for authentication header if < block size. - Use hardware GHASH for all authentication header sizes. Tested with STM32F437II (old/new Cube HAL/StdPeriLib), STM32F777ZI (CubeMX) and STM32L4A6ZG (CubeMX). --- wolfcrypt/src/aes.c | 139 ++++++++++++++++++++++---------------------- 1 file changed, 71 insertions(+), 68 deletions(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 504aa6559..58d382ee8 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -2974,29 +2974,22 @@ int wc_AesSetIV(Aes* aes, const byte* iv) hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)aes->reg; HAL_CRYP_Init(&hcryp); - while (blocks--) { - #ifdef STM32_CRYPTO_AES_ONLY - ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, AES_BLOCK_SIZE, - out, STM32_HAL_TIMEOUT); - #elif defined(STM32_HAL_V2) - ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, AES_BLOCK_SIZE, - (uint32_t*)out, STM32_HAL_TIMEOUT); - #else - ret = HAL_CRYP_AESCBC_Encrypt(&hcryp, (uint8_t*)in, AES_BLOCK_SIZE, - out, STM32_HAL_TIMEOUT); - #endif - if (ret != HAL_OK) { - ret = WC_TIMEOUT_E; - break; - } + #ifdef STM32_CRYPTO_AES_ONLY + ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE, + out, STM32_HAL_TIMEOUT); + #elif defined(STM32_HAL_V2) + ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, blocks * AES_BLOCK_SIZE, + (uint32_t*)out, STM32_HAL_TIMEOUT); + #else + ret = HAL_CRYP_AESCBC_Encrypt(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE, + out, STM32_HAL_TIMEOUT); + #endif + if (ret != HAL_OK) { + ret = WC_TIMEOUT_E; + } - /* store iv for next call */ - XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); - - sz -= AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } + /* store iv for next call */ + XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); HAL_CRYP_DeInit(&hcryp); @@ -3035,28 +3028,22 @@ int wc_AesSetIV(Aes* aes, const byte* iv) hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)aes->reg; HAL_CRYP_Init(&hcryp); - while (blocks--) { - #ifdef STM32_CRYPTO_AES_ONLY - ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, AES_BLOCK_SIZE, - out, STM32_HAL_TIMEOUT); - #elif defined(STM32_HAL_V2) - ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in, AES_BLOCK_SIZE, - (uint32_t*)out, STM32_HAL_TIMEOUT); - #else - ret = HAL_CRYP_AESCBC_Decrypt(&hcryp, (uint8_t*)in, AES_BLOCK_SIZE, - out, STM32_HAL_TIMEOUT); - #endif - if (ret != HAL_OK) { - ret = WC_TIMEOUT_E; - break; - } + #ifdef STM32_CRYPTO_AES_ONLY + ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE, + out, STM32_HAL_TIMEOUT); + #elif defined(STM32_HAL_V2) + ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in, blocks * AES_BLOCK_SIZE, + (uint32_t*)out, STM32_HAL_TIMEOUT); + #else + ret = HAL_CRYP_AESCBC_Decrypt(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE, + out, STM32_HAL_TIMEOUT); + #endif + if (ret != HAL_OK) { + ret = WC_TIMEOUT_E; + } - /* store iv for next call */ - XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE); - - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } + /* store iv for next call */ + XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE); HAL_CRYP_DeInit(&hcryp); wolfSSL_CryptHwMutexUnLock(); @@ -5937,8 +5924,9 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz word32 partial = sz % AES_BLOCK_SIZE; word32 tag[AES_BLOCK_SIZE/sizeof(word32)]; word32 ctr[AES_BLOCK_SIZE/sizeof(word32)]; + word32 authhdr[AES_BLOCK_SIZE/sizeof(word32)]; byte* authInPadded = NULL; - int authPadSz; + int authPadSz, wasAlloc = 0; ret = wc_AesGetKeySize(aes, &keySize); if (ret != 0) @@ -5969,13 +5957,19 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz /* Authentication buffer - must be 4-byte multiple zero padded */ authPadSz = authInSz % sizeof(word32); - if (authInSz == 0 || authPadSz != 0) { + if (authPadSz != 0) { authPadSz = authInSz + sizeof(word32) - authPadSz; - authInPadded = (byte*)XMALLOC(authPadSz, aes->heap, - DYNAMIC_TYPE_TMP_BUFFER); - if (authInPadded == NULL) { - wolfSSL_CryptHwMutexUnLock(); - return MEMORY_E; + if (authPadSz <= sizeof(authhdr)) { + authInPadded = (byte*)authhdr; + } + else { + authInPadded = (byte*)XMALLOC(authPadSz, aes->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (authInPadded == NULL) { + wolfSSL_CryptHwMutexUnLock(); + return MEMORY_E; + } + wasAlloc = 1; } XMEMSET(authInPadded, 0, authPadSz); XMEMCPY(authInPadded, authIn, authInSz); @@ -5991,6 +5985,8 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz #ifdef STM32_CRYPTO_AES_ONLY /* Set the CRYP parameters */ hcryp.Init.HeaderSize = authPadSz; + if (authPadSz == 0) + hcryp.Init.Header = NULL; /* cannot pass pointer here when authIn == 0 */ hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_GCM_GMAC; hcryp.Init.OperatingMode = CRYP_ALGOMODE_ENCRYPT; hcryp.Init.GCMCMACPhase = CRYP_INIT_PHASE; @@ -6079,9 +6075,8 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz if (ret == 0) { /* return authTag */ if (authTag) { - /* For STM32 GCM fallback to software if partial AES block or - * IV != 12 or when auth data is not 4 byte aligned */ - if (sz == 0 || partial != 0 || ivSz != GCM_NONCE_MID_SZ || authInPadded != authIn) { + /* For STM32 GCM fallback to software if partial AES block or IV != 12 */ + if (sz == 0 || partial != 0 || ivSz != GCM_NONCE_MID_SZ) { DecrementGcmCounter((byte*)ctr); /* hardware requires +1, so subtract it */ GHASH(aes, authIn, authInSz, out, sz, authTag, authTagSz); wc_AesEncrypt(aes, (byte*)ctr, (byte*)tag); @@ -6093,8 +6088,8 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz } } - /* Free memory if not a multiple of AES_BLOCK_SZ */ - if (authInPadded != authIn) { + /* Free memory */ + if (wasAlloc) { XFREE(authInPadded, aes->heap, DYNAMIC_TYPE_TMP_BUFFER); } @@ -6372,8 +6367,9 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, word32 tag[AES_BLOCK_SIZE/sizeof(word32)]; word32 partialBlock[AES_BLOCK_SIZE/sizeof(word32)]; word32 ctr[AES_BLOCK_SIZE/sizeof(word32)]; + word32 authhdr[AES_BLOCK_SIZE/sizeof(word32)]; byte* authInPadded = NULL; - int authPadSz; + int authPadSz, wasAlloc = 0; ret = wc_AesGetKeySize(aes, &keySize); if (ret != 0) @@ -6404,14 +6400,20 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, /* Authentication buffer - must be 4-byte multiple zero padded */ authPadSz = authInSz % sizeof(word32); - if (authInSz == 0 || authPadSz != 0) { + if (authPadSz != 0) { authPadSz = authInSz + sizeof(word32) - authPadSz; - authInPadded = (byte*)XMALLOC(authPadSz, aes->heap, - DYNAMIC_TYPE_TMP_BUFFER); - if (authInPadded == NULL) { - wolfSSL_CryptHwMutexUnLock(); - return MEMORY_E; - } + if (authPadSz <= sizeof(authhdr)) { + authInPadded = (byte*)authhdr; + } + else { + authInPadded = (byte*)XMALLOC(authPadSz, aes->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (authInPadded == NULL) { + wolfSSL_CryptHwMutexUnLock(); + return MEMORY_E; + } + wasAlloc = 1; + } XMEMSET(authInPadded, 0, authPadSz); XMEMCPY(authInPadded, authIn, authInSz); } else { @@ -6426,6 +6428,8 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, #ifdef STM32_CRYPTO_AES_ONLY /* Set the CRYP parameters */ hcryp.Init.HeaderSize = authPadSz; + if (authPadSz == 0) + hcryp.Init.Header = NULL; /* cannot pass pointer when authIn == 0 */ hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_GCM_GMAC; hcryp.Init.OperatingMode = CRYP_ALGOMODE_DECRYPT; hcryp.Init.GCMCMACPhase = CRYP_INIT_PHASE; @@ -6516,9 +6520,8 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, ret = AES_GCM_AUTH_E; #endif /* WOLFSSL_STM32_CUBEMX */ - /* For STM32 GCM fallback to software if partial AES block or - * IV != 12 or when auth data is not 4 byte aligned */ - if (sz == 0 || partial != 0 || ivSz != GCM_NONCE_MID_SZ || authInPadded != authIn) { + /* For STM32 GCM fallback to software if partial AES block or IV != 12 */ + if (sz == 0 || partial != 0 || ivSz != GCM_NONCE_MID_SZ) { DecrementGcmCounter((byte*)ctr); /* hardware requires +1, so subtract it */ GHASH(aes, authIn, authInSz, in, sz, (byte*)tag, sizeof(tag)); wc_AesEncrypt(aes, (byte*)ctr, (byte*)partialBlock); @@ -6530,8 +6533,8 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, ret = AES_GCM_AUTH_E; } - /* Free memory if not a multiple of AES_BLOCK_SZ */ - if (authInPadded != authIn) { + /* Free memory */ + if (wasAlloc) { XFREE(authInPadded, aes->heap, DYNAMIC_TYPE_TMP_BUFFER); } From 21a34bde8c857896542eb76788fc05d6d8d6f8a4 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 2 Jun 2020 11:44:01 -0700 Subject: [PATCH 6/9] Fix whitespace. --- wolfcrypt/src/aes.c | 98 ++++++++++++++++++++++----------------------- 1 file changed, 49 insertions(+), 49 deletions(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 58d382ee8..88413eaa1 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -2974,22 +2974,22 @@ int wc_AesSetIV(Aes* aes, const byte* iv) hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)aes->reg; HAL_CRYP_Init(&hcryp); - #ifdef STM32_CRYPTO_AES_ONLY - ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE, - out, STM32_HAL_TIMEOUT); - #elif defined(STM32_HAL_V2) - ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, blocks * AES_BLOCK_SIZE, - (uint32_t*)out, STM32_HAL_TIMEOUT); - #else - ret = HAL_CRYP_AESCBC_Encrypt(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE, - out, STM32_HAL_TIMEOUT); - #endif - if (ret != HAL_OK) { - ret = WC_TIMEOUT_E; - } + #ifdef STM32_CRYPTO_AES_ONLY + ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE, + out, STM32_HAL_TIMEOUT); + #elif defined(STM32_HAL_V2) + ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, blocks * AES_BLOCK_SIZE, + (uint32_t*)out, STM32_HAL_TIMEOUT); + #else + ret = HAL_CRYP_AESCBC_Encrypt(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE, + out, STM32_HAL_TIMEOUT); + #endif + if (ret != HAL_OK) { + ret = WC_TIMEOUT_E; + } - /* store iv for next call */ - XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + /* store iv for next call */ + XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); HAL_CRYP_DeInit(&hcryp); @@ -3028,19 +3028,19 @@ int wc_AesSetIV(Aes* aes, const byte* iv) hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)aes->reg; HAL_CRYP_Init(&hcryp); - #ifdef STM32_CRYPTO_AES_ONLY - ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE, - out, STM32_HAL_TIMEOUT); - #elif defined(STM32_HAL_V2) - ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in, blocks * AES_BLOCK_SIZE, - (uint32_t*)out, STM32_HAL_TIMEOUT); - #else - ret = HAL_CRYP_AESCBC_Decrypt(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE, - out, STM32_HAL_TIMEOUT); - #endif - if (ret != HAL_OK) { - ret = WC_TIMEOUT_E; - } + #ifdef STM32_CRYPTO_AES_ONLY + ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE, + out, STM32_HAL_TIMEOUT); + #elif defined(STM32_HAL_V2) + ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in, blocks * AES_BLOCK_SIZE, + (uint32_t*)out, STM32_HAL_TIMEOUT); + #else + ret = HAL_CRYP_AESCBC_Decrypt(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE, + out, STM32_HAL_TIMEOUT); + #endif + if (ret != HAL_OK) { + ret = WC_TIMEOUT_E; + } /* store iv for next call */ XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE); @@ -5960,16 +5960,16 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz if (authPadSz != 0) { authPadSz = authInSz + sizeof(word32) - authPadSz; if (authPadSz <= sizeof(authhdr)) { - authInPadded = (byte*)authhdr; + authInPadded = (byte*)authhdr; } else { - authInPadded = (byte*)XMALLOC(authPadSz, aes->heap, - DYNAMIC_TYPE_TMP_BUFFER); - if (authInPadded == NULL) { - wolfSSL_CryptHwMutexUnLock(); - return MEMORY_E; - } - wasAlloc = 1; + authInPadded = (byte*)XMALLOC(authPadSz, aes->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (authInPadded == NULL) { + wolfSSL_CryptHwMutexUnLock(); + return MEMORY_E; + } + wasAlloc = 1; } XMEMSET(authInPadded, 0, authPadSz); XMEMCPY(authInPadded, authIn, authInSz); @@ -6012,7 +6012,7 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz XMEMSET(partialBlock, 0, sizeof(partialBlock)); XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial); status = HAL_CRYPEx_AES_Auth(&hcryp, (uint8_t*)partialBlock, partial, - (uint8_t*)partialBlock, STM32_HAL_TIMEOUT); + (uint8_t*)partialBlock, STM32_HAL_TIMEOUT); XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial); } if (status == HAL_OK) { @@ -6403,17 +6403,17 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, if (authPadSz != 0) { authPadSz = authInSz + sizeof(word32) - authPadSz; if (authPadSz <= sizeof(authhdr)) { - authInPadded = (byte*)authhdr; - } - else { - authInPadded = (byte*)XMALLOC(authPadSz, aes->heap, - DYNAMIC_TYPE_TMP_BUFFER); - if (authInPadded == NULL) { - wolfSSL_CryptHwMutexUnLock(); - return MEMORY_E; - } - wasAlloc = 1; - } + authInPadded = (byte*)authhdr; + } + else { + authInPadded = (byte*)XMALLOC(authPadSz, aes->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (authInPadded == NULL) { + wolfSSL_CryptHwMutexUnLock(); + return MEMORY_E; + } + wasAlloc = 1; + } XMEMSET(authInPadded, 0, authPadSz); XMEMCPY(authInPadded, authIn, authInSz); } else { @@ -6429,7 +6429,7 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, /* Set the CRYP parameters */ hcryp.Init.HeaderSize = authPadSz; if (authPadSz == 0) - hcryp.Init.Header = NULL; /* cannot pass pointer when authIn == 0 */ + hcryp.Init.Header = NULL; /* cannot pass pointer when authIn == 0 */ hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_GCM_GMAC; hcryp.Init.OperatingMode = CRYP_ALGOMODE_DECRYPT; hcryp.Init.GCMCMACPhase = CRYP_INIT_PHASE; From 16c0160e63a9b96ee85d5b7d91280b33fee94d64 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 3 Jun 2020 10:41:59 -0700 Subject: [PATCH 7/9] Added support for STM32L5. --- wolfssl/wolfcrypt/port/st/stm32.h | 16 ++++++++++++---- wolfssl/wolfcrypt/settings.h | 18 ++++++++++++++---- 2 files changed, 26 insertions(+), 8 deletions(-) diff --git a/wolfssl/wolfcrypt/port/st/stm32.h b/wolfssl/wolfcrypt/port/st/stm32.h index 0e9010756..25e59e1da 100644 --- a/wolfssl/wolfcrypt/port/st/stm32.h +++ b/wolfssl/wolfcrypt/port/st/stm32.h @@ -54,6 +54,9 @@ #if !defined(HASH_DATATYPE_8B) && defined(HASH_DataType_8b) #define HASH_DATATYPE_8B HASH_DataType_8b #endif +#ifndef HASH_STR_NBW + #define HASH_STR_NBW HASH_STR_NBLW +#endif #ifndef STM32_HASH_TIMEOUT #define STM32_HASH_TIMEOUT 0xFFFF @@ -93,19 +96,24 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo, #ifndef NO_AES #if !defined(STM32_CRYPTO_AES_GCM) && (defined(WOLFSSL_STM32F4) || \ - defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32L4)) + defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5)) /* Hardware supports AES GCM acceleration */ #define STM32_CRYPTO_AES_GCM #endif - #ifdef WOLFSSL_STM32L4 - #define STM32_CRYPTO_AES_ONLY /* crypto engine only supports AES */ + #if defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) + #ifdef WOLFSSL_STM32L4 + #define STM32_CRYPTO_AES_ONLY /* crypto engine only supports AES */ + #endif #define CRYP AES + #ifndef CRYP_AES_GCM + #define CRYP_AES_GCM CRYP_AES_GCM_GMAC + #endif #endif /* Detect newer CubeMX crypto HAL (HAL_CRYP_Encrypt / HAL_CRYP_Decrypt) */ #if !defined(STM32_HAL_V2) && \ - defined(WOLFSSL_STM32F7) && defined(CRYP_AES_GCM) + (defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32L5)) && defined(CRYP_AES_GCM) #define STM32_HAL_V2 #endif diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 32bf31eb3..fb4879c03 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -1203,7 +1203,7 @@ extern void uITRON4_free(void *p) ; #if defined(WOLFSSL_STM32F2) || defined(WOLFSSL_STM32F4) || \ defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32F1) || \ - defined(WOLFSSL_STM32L4) + defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) #define SIZEOF_LONG_LONG 8 #ifndef CHAR_BIT @@ -1224,7 +1224,7 @@ extern void uITRON4_free(void *p) ; #undef STM32_CRYPTO #define STM32_CRYPTO - #ifdef WOLFSSL_STM32L4 + #if defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) #define NO_AES_192 /* hardware does not support 192-bit */ #endif #endif @@ -1239,6 +1239,8 @@ extern void uITRON4_free(void *p) ; #ifdef WOLFSSL_STM32_CUBEMX #if defined(WOLFSSL_STM32F2) #include "stm32f2xx_hal.h" + #elif defined(WOLFSSL_STM32L5) + #include "stm32l5xx_hal.h" #elif defined(WOLFSSL_STM32L4) #include "stm32l4xx_hal.h" #elif defined(WOLFSSL_STM32F4) @@ -1272,7 +1274,15 @@ extern void uITRON4_free(void *p) ; #ifdef STM32_HASH #include "stm32f4xx_hash.h" #endif - #elif defined(WOLFSSL_STM32L4) + #elif defined(WOLFSSL_STM32L5) + #include "stm32l5xx.h" + #ifdef STM32_CRYPTO + #include "stm32l5xx_cryp.h" + #endif + #ifdef STM32_HASH + #include "stm32l5xx_hash.h" + #endif + #elif defined(WOLFSSL_STM32L4) #include "stm32l4xx.h" #ifdef STM32_CRYPTO #include "stm32l4xx_cryp.h" @@ -1286,7 +1296,7 @@ extern void uITRON4_free(void *p) ; #include "stm32f1xx.h" #endif #endif /* WOLFSSL_STM32_CUBEMX */ -#endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32L4 || WOLFSSL_STM32F7 */ +#endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32L4 || WOLFSSL_STM32L5 || WOLFSSL_STM32F7 */ #ifdef WOLFSSL_DEOS #include #include From 5837c70e99c9992ccf73c7a5f520c4a9be03fb9f Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 3 Jun 2020 11:38:56 -0700 Subject: [PATCH 8/9] Support for STM32L5 PKA ECC sign/verify acceleration. --- IDE/OPENSTM32/Inc/user_settings.h | 1 + wolfcrypt/src/port/st/stm32.c | 7 ++++++- wolfssl/wolfcrypt/port/st/stm32.h | 28 ++++++++++++++++++---------- 3 files changed, 25 insertions(+), 11 deletions(-) diff --git a/IDE/OPENSTM32/Inc/user_settings.h b/IDE/OPENSTM32/Inc/user_settings.h index 7ff0e7e43..1c4282fb0 100644 --- a/IDE/OPENSTM32/Inc/user_settings.h +++ b/IDE/OPENSTM32/Inc/user_settings.h @@ -64,6 +64,7 @@ extern "C" { //#define NO_STM32_HASH //#define NO_STM32_RNG //#define NO_STM32_CRYPTO +//#define WOLFSSL_STM32_PKA /* WB55 and L5 only */ /* ------------------------------------------------------------------------- */ diff --git a/wolfcrypt/src/port/st/stm32.c b/wolfcrypt/src/port/st/stm32.c index bb20a14d7..2c3aac27d 100644 --- a/wolfcrypt/src/port/st/stm32.c +++ b/wolfcrypt/src/port/st/stm32.c @@ -363,9 +363,14 @@ int wc_Stm32_Aes_Init(Aes* aes, CRYP_InitTypeDef* cryptInit, #ifdef WOLFSSL_STM32_PKA #include + +#if defined(WOLFSSL_STM32L5) +#include +#include +#else #include #include - +#endif extern PKA_HandleTypeDef hpka; /* Reverse array in memory (in place) */ diff --git a/wolfssl/wolfcrypt/port/st/stm32.h b/wolfssl/wolfcrypt/port/st/stm32.h index 25e59e1da..24de1c183 100644 --- a/wolfssl/wolfcrypt/port/st/stm32.h +++ b/wolfssl/wolfcrypt/port/st/stm32.h @@ -28,11 +28,6 @@ #include #include -#if defined(WOLFSSL_STM32_PKA) && defined(HAVE_ECC) - #include - #include -#endif - #ifdef STM32_HASH #define WOLFSSL_NO_HASH_RAW @@ -139,12 +134,25 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo, #endif /* STM32_CRYPTO */ #if defined(WOLFSSL_STM32_PKA) && defined(HAVE_ECC) -int stm32_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, - word32 hashlen, int* res, ecc_key* key); - -int stm32_ecc_sign_hash_ex(const byte* hash, word32 hashlen, WC_RNG* rng, - ecc_key* key, mp_int *r, mp_int *s); +#ifdef WOLFSSL_SP_MATH + struct sp_int; + #define MATH_INT_T struct sp_int +#elif defined(USE_FAST_MATH) + struct fp_int; + #define MATH_INT_T struct fp_int +#else + struct mp_int; + #define MATH_INT_T struct mp_int #endif +struct ecc_key; +struct WC_RNG; + +int stm32_ecc_verify_hash_ex(MATH_INT_T *r, MATH_INT_T *s, const byte* hash, + word32 hashlen, int* res, struct ecc_key* key); + +int stm32_ecc_sign_hash_ex(const byte* hash, word32 hashlen, struct WC_RNG* rng, + struct ecc_key* key, MATH_INT_T *r, MATH_INT_T *s); +#endif /* WOLFSSL_STM32_PKA && HAVE_ECC */ #endif /* _WOLFPORT_STM32_H_ */ From 8b6b54603f5858fcf827d21bc1fd7e5b9fcc2fb6 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 3 Jun 2020 16:23:55 -0700 Subject: [PATCH 9/9] Add STM32WB55 crypto hardware support for AES. --- wolfcrypt/src/aes.c | 142 +++++++++++++++--------------- wolfssl/wolfcrypt/port/st/stm32.h | 8 +- wolfssl/wolfcrypt/settings.h | 11 ++- 3 files changed, 86 insertions(+), 75 deletions(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 88413eaa1..32645c98c 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -307,21 +307,21 @@ if (ret != 0) return ret; - #ifdef STM32_CRYPTO_AES_ONLY + #if defined(STM32_HAL_V2) + hcryp.Init.Algorithm = CRYP_AES_ECB; + #elif defined(STM32_CRYPTO_AES_ONLY) hcryp.Init.OperatingMode = CRYP_ALGOMODE_ENCRYPT; hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_ECB; hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE; - #elif defined(STM32_HAL_V2) - hcryp.Init.Algorithm = CRYP_AES_ECB; #endif HAL_CRYP_Init(&hcryp); - #ifdef STM32_CRYPTO_AES_ONLY - ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, - outBlock, STM32_HAL_TIMEOUT); - #elif defined(STM32_HAL_V2) + #if defined(STM32_HAL_V2) ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)inBlock, AES_BLOCK_SIZE, (uint32_t*)outBlock, STM32_HAL_TIMEOUT); + #elif defined(STM32_CRYPTO_AES_ONLY) + ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, + outBlock, STM32_HAL_TIMEOUT); #else ret = HAL_CRYP_AESECB_Encrypt(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, outBlock, STM32_HAL_TIMEOUT); @@ -391,21 +391,21 @@ if (ret != 0) return ret; - #ifdef STM32_CRYPTO_AES_ONLY + #if defined(STM32_HAL_V2) + hcryp.Init.Algorithm = CRYP_AES_ECB; + #elif defined(STM32_CRYPTO_AES_ONLY) hcryp.Init.OperatingMode = CRYP_ALGOMODE_KEYDERIVATION_DECRYPT; hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_ECB; hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE; - #elif defined(STM32_HAL_V2) - hcryp.Init.Algorithm = CRYP_AES_ECB; #endif HAL_CRYP_Init(&hcryp); - #ifdef STM32_CRYPTO_AES_ONLY - ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, - outBlock, STM32_HAL_TIMEOUT); - #elif defined(STM32_HAL_V2) + #if defined(STM32_HAL_V2) ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)inBlock, AES_BLOCK_SIZE, (uint32_t*)outBlock, STM32_HAL_TIMEOUT); + #elif defined(STM32_CRYPTO_AES_ONLY) + ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, + outBlock, STM32_HAL_TIMEOUT); #else ret = HAL_CRYP_AESECB_Decrypt(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, outBlock, STM32_HAL_TIMEOUT); @@ -2963,23 +2963,23 @@ int wc_AesSetIV(Aes* aes, const byte* iv) return ret; } - #ifdef STM32_CRYPTO_AES_ONLY + #if defined(STM32_HAL_V2) + hcryp.Init.Algorithm = CRYP_AES_CBC; + ByteReverseWords(aes->reg, aes->reg, AES_BLOCK_SIZE); + #elif defined(STM32_CRYPTO_AES_ONLY) hcryp.Init.OperatingMode = CRYP_ALGOMODE_ENCRYPT; hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_CBC; hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE; - #elif defined(STM32_HAL_V2) - hcryp.Init.Algorithm = CRYP_AES_CBC; - ByteReverseWords(aes->reg, aes->reg, AES_BLOCK_SIZE); #endif hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)aes->reg; HAL_CRYP_Init(&hcryp); - #ifdef STM32_CRYPTO_AES_ONLY - ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE, - out, STM32_HAL_TIMEOUT); - #elif defined(STM32_HAL_V2) + #if defined(STM32_HAL_V2) ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, blocks * AES_BLOCK_SIZE, (uint32_t*)out, STM32_HAL_TIMEOUT); + #elif defined(STM32_CRYPTO_AES_ONLY) + ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE, + out, STM32_HAL_TIMEOUT); #else ret = HAL_CRYP_AESCBC_Encrypt(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE, out, STM32_HAL_TIMEOUT); @@ -3016,24 +3016,24 @@ int wc_AesSetIV(Aes* aes, const byte* iv) /* if input and output same will overwrite input iv */ XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); - #ifdef STM32_CRYPTO_AES_ONLY + #if defined(STM32_HAL_V2) + hcryp.Init.Algorithm = CRYP_AES_CBC; + ByteReverseWords(aes->reg, aes->reg, AES_BLOCK_SIZE); + #elif defined(STM32_CRYPTO_AES_ONLY) hcryp.Init.OperatingMode = CRYP_ALGOMODE_KEYDERIVATION_DECRYPT; hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_CBC; hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE; - #elif defined(STM32_HAL_V2) - hcryp.Init.Algorithm = CRYP_AES_CBC; - ByteReverseWords(aes->reg, aes->reg, AES_BLOCK_SIZE); #endif hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)aes->reg; HAL_CRYP_Init(&hcryp); - #ifdef STM32_CRYPTO_AES_ONLY - ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE, - out, STM32_HAL_TIMEOUT); - #elif defined(STM32_HAL_V2) + #if defined(STM32_HAL_V2) ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in, blocks * AES_BLOCK_SIZE, (uint32_t*)out, STM32_HAL_TIMEOUT); + #elif defined(STM32_CRYPTO_AES_ONLY) + ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE, + out, STM32_HAL_TIMEOUT); #else ret = HAL_CRYP_AESCBC_Decrypt(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE, out, STM32_HAL_TIMEOUT); @@ -3739,26 +3739,26 @@ int wc_AesSetIV(Aes* aes, const byte* iv) return ret; } - #ifdef STM32_CRYPTO_AES_ONLY + #if defined(STM32_HAL_V2) + hcryp.Init.Algorithm = CRYP_AES_CTR; + ByteReverseWords(iv, aes->reg, AES_BLOCK_SIZE); + hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)iv; + #elif defined(STM32_CRYPTO_AES_ONLY) hcryp.Init.OperatingMode = CRYP_ALGOMODE_ENCRYPT; hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_CTR; hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE; hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)aes->reg; - #elif defined(STM32_HAL_V2) - hcryp.Init.Algorithm = CRYP_AES_CTR; - ByteReverseWords(iv, aes->reg, AES_BLOCK_SIZE); - hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)iv; #else hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)aes->reg; #endif HAL_CRYP_Init(&hcryp); - #ifdef STM32_CRYPTO_AES_ONLY - ret = HAL_CRYPEx_AES(&hcryp, (byte*)in, AES_BLOCK_SIZE, - out, STM32_HAL_TIMEOUT); - #elif defined(STM32_HAL_V2) + #if defined(STM32_HAL_V2) ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, AES_BLOCK_SIZE, (uint32_t*)out, STM32_HAL_TIMEOUT); + #elif defined(STM32_CRYPTO_AES_ONLY) + ret = HAL_CRYPEx_AES(&hcryp, (byte*)in, AES_BLOCK_SIZE, + out, STM32_HAL_TIMEOUT); #else ret = HAL_CRYP_AESCTR_Encrypt(&hcryp, (byte*)in, AES_BLOCK_SIZE, out, STM32_HAL_TIMEOUT); @@ -5982,7 +5982,22 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)ctr; hcryp.Init.Header = (STM_CRYPT_TYPE*)authInPadded; -#ifdef STM32_CRYPTO_AES_ONLY +#if defined(STM32_HAL_V2) + hcryp.Init.Algorithm = CRYP_AES_GCM; + hcryp.Init.HeaderSize = authPadSz/sizeof(word32); + ByteReverseWords(partialBlock, ctr, AES_BLOCK_SIZE); + hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)partialBlock; + HAL_CRYP_Init(&hcryp); + + /* GCM payload phase - can handle partial blocks */ + status = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, + (blocks * AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT); + if (status == HAL_OK) { + /* Compute the authTag */ + status = HAL_CRYPEx_AESGCM_GenerateAuthTAG(&hcryp, (uint32_t*)tag, + STM32_HAL_TIMEOUT); + } +#elif defined(STM32_CRYPTO_AES_ONLY) /* Set the CRYP parameters */ hcryp.Init.HeaderSize = authPadSz; if (authPadSz == 0) @@ -6020,21 +6035,6 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz hcryp.Init.GCMCMACPhase = CRYP_FINAL_PHASE; status = HAL_CRYPEx_AES_Auth(&hcryp, NULL, sz, (uint8_t*)tag, STM32_HAL_TIMEOUT); } -#elif defined(STM32_HAL_V2) - hcryp.Init.Algorithm = CRYP_AES_GCM; - hcryp.Init.HeaderSize = authPadSz/sizeof(word32); - ByteReverseWords(partialBlock, ctr, AES_BLOCK_SIZE); - hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)partialBlock; - HAL_CRYP_Init(&hcryp); - - /* GCM payload phase - can handle partial blocks */ - status = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, - (blocks * AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT); - if (status == HAL_OK) { - /* Compute the authTag */ - status = HAL_CRYPEx_AESGCM_GenerateAuthTAG(&hcryp, (uint32_t*)tag, - STM32_HAL_TIMEOUT); - } #else hcryp.Init.HeaderSize = authPadSz; HAL_CRYP_Init(&hcryp); @@ -6425,7 +6425,22 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)ctr; hcryp.Init.Header = (STM_CRYPT_TYPE*)authInPadded; -#ifdef STM32_CRYPTO_AES_ONLY +#if defined(STM32_HAL_V2) + hcryp.Init.HeaderSize = authPadSz/sizeof(word32); + hcryp.Init.Algorithm = CRYP_AES_GCM; + ByteReverseWords(partialBlock, ctr, AES_BLOCK_SIZE); + hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)partialBlock; + HAL_CRYP_Init(&hcryp); + + /* GCM payload phase - can handle partial blocks */ + status = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in, + (blocks * AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT); + if (status == HAL_OK) { + /* Compute the authTag */ + status = HAL_CRYPEx_AESGCM_GenerateAuthTAG(&hcryp, (uint32_t*)tag, + STM32_HAL_TIMEOUT); + } +#elif defined(STM32_CRYPTO_AES_ONLY) /* Set the CRYP parameters */ hcryp.Init.HeaderSize = authPadSz; if (authPadSz == 0) @@ -6463,21 +6478,6 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, hcryp.Init.GCMCMACPhase = CRYP_FINAL_PHASE; status = HAL_CRYPEx_AES_Auth(&hcryp, NULL, sz, (byte*)tag, STM32_HAL_TIMEOUT); } -#elif defined(STM32_HAL_V2) - hcryp.Init.HeaderSize = authPadSz/sizeof(word32); - hcryp.Init.Algorithm = CRYP_AES_GCM; - ByteReverseWords(partialBlock, ctr, AES_BLOCK_SIZE); - hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)partialBlock; - HAL_CRYP_Init(&hcryp); - - /* GCM payload phase - can handle partial blocks */ - status = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in, - (blocks * AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT); - if (status == HAL_OK) { - /* Compute the authTag */ - status = HAL_CRYPEx_AESGCM_GenerateAuthTAG(&hcryp, (uint32_t*)tag, - STM32_HAL_TIMEOUT); - } #else hcryp.Init.HeaderSize = authPadSz; HAL_CRYP_Init(&hcryp); diff --git a/wolfssl/wolfcrypt/port/st/stm32.h b/wolfssl/wolfcrypt/port/st/stm32.h index 24de1c183..06a49160f 100644 --- a/wolfssl/wolfcrypt/port/st/stm32.h +++ b/wolfssl/wolfcrypt/port/st/stm32.h @@ -91,11 +91,17 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo, #ifndef NO_AES #if !defined(STM32_CRYPTO_AES_GCM) && (defined(WOLFSSL_STM32F4) || \ - defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5)) + defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32L4) || \ + defined(WOLFSSL_STM32L5)) /* Hardware supports AES GCM acceleration */ #define STM32_CRYPTO_AES_GCM #endif + #if defined(WOLFSSL_STM32WB) + #define STM32_CRYPTO_AES_ONLY /* crypto engine only supports AES */ + #define CRYP AES1 + #define STM32_HAL_V2 + #endif #if defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) #ifdef WOLFSSL_STM32L4 #define STM32_CRYPTO_AES_ONLY /* crypto engine only supports AES */ diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index fb4879c03..b253519b5 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -1203,7 +1203,8 @@ extern void uITRON4_free(void *p) ; #if defined(WOLFSSL_STM32F2) || defined(WOLFSSL_STM32F4) || \ defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32F1) || \ - defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) + defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \ + defined(WOLFSSL_STM32WB) #define SIZEOF_LONG_LONG 8 #ifndef CHAR_BIT @@ -1224,7 +1225,8 @@ extern void uITRON4_free(void *p) ; #undef STM32_CRYPTO #define STM32_CRYPTO - #if defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) + #if defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \ + defined(WOLFSSL_STM32WB) #define NO_AES_192 /* hardware does not support 192-bit */ #endif #endif @@ -1249,6 +1251,8 @@ extern void uITRON4_free(void *p) ; #include "stm32f7xx_hal.h" #elif defined(WOLFSSL_STM32F1) #include "stm32f1xx_hal.h" + #elif defined(WOLFSSL_STM32WB) + #include "stm32wbxx_hal.h" #endif #if defined(WOLFSSL_CUBEMX_USE_LL) && defined(WOLFSSL_STM32L4) #include "stm32l4xx_ll_rng.h" @@ -1296,7 +1300,8 @@ extern void uITRON4_free(void *p) ; #include "stm32f1xx.h" #endif #endif /* WOLFSSL_STM32_CUBEMX */ -#endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32L4 || WOLFSSL_STM32L5 || WOLFSSL_STM32F7 */ +#endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32L4 || + WOLFSSL_STM32L5 || WOLFSSL_STM32F7 || WOLFSSL_STMWB */ #ifdef WOLFSSL_DEOS #include #include