From f5c1c33dbace8d5bdb2c2062682f20a4bff57ec9 Mon Sep 17 00:00:00 2001 From: David Garske Date: Mon, 29 Jul 2019 08:12:43 -0700 Subject: [PATCH 1/5] Fixes for newer STM CubeMX HAL for STM32F7. --- wolfcrypt/src/aes.c | 79 ++++++++++++++++++++++++++++--- wolfcrypt/src/port/st/stm32.c | 2 +- wolfssl/wolfcrypt/port/st/stm32.h | 13 +++++ 3 files changed, 86 insertions(+), 8 deletions(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index adbe1b1b0..051bdafa6 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -311,12 +311,17 @@ hcryp.Init.OperatingMode = CRYP_ALGOMODE_ENCRYPT; hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_ECB; hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE; + #elif defined(STM32_HAL_V2) + hcryp.Init.Algorithm = CRYP_AES_ECB; #endif HAL_CRYP_Init(&hcryp); #ifdef STM32_CRYPTO_AES_ONLY ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, outBlock, STM32_HAL_TIMEOUT); + #elif defined(STM32_HAL_V2) + ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)inBlock, AES_BLOCK_SIZE, + (uint32_t*)outBlock, STM32_HAL_TIMEOUT); #else ret = HAL_CRYP_AESECB_Encrypt(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, outBlock, STM32_HAL_TIMEOUT); @@ -389,12 +394,17 @@ hcryp.Init.OperatingMode = CRYP_ALGOMODE_DECRYPT; hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_ECB; hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE; + #elif defined(STM32_HAL_V2) + hcryp.Init.Algorithm = CRYP_AES_ECB; #endif HAL_CRYP_Init(&hcryp); #ifdef STM32_CRYPTO_AES_ONLY ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, outBlock, STM32_HAL_TIMEOUT); + #elif defined(STM32_HAL_V2) + ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)inBlock, AES_BLOCK_SIZE, + (uint32_t*)outBlock, STM32_HAL_TIMEOUT); #else ret = HAL_CRYP_AESECB_Decrypt(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, outBlock, STM32_HAL_TIMEOUT); @@ -2455,14 +2465,19 @@ int wc_AesSetIV(Aes* aes, const byte* iv) hcryp.Init.OperatingMode = CRYP_ALGOMODE_ENCRYPT; hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_CBC; hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE; + #elif defined(STM32_HAL_V2) + hcryp.Init.Algorithm = CRYP_AES_CBC; #endif - hcryp.Init.pInitVect = (uint8_t*)aes->reg; + hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)aes->reg; HAL_CRYP_Init(&hcryp); while (blocks--) { #ifdef STM32_CRYPTO_AES_ONLY ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, AES_BLOCK_SIZE, out, STM32_HAL_TIMEOUT); + #elif defined(STM32_HAL_V2) + ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, AES_BLOCK_SIZE, + (uint32_t*)out, STM32_HAL_TIMEOUT); #else ret = HAL_CRYP_AESCBC_Encrypt(&hcryp, (uint8_t*)in, AES_BLOCK_SIZE, out, STM32_HAL_TIMEOUT); @@ -2502,15 +2517,20 @@ int wc_AesSetIV(Aes* aes, const byte* iv) hcryp.Init.OperatingMode = CRYP_ALGOMODE_KEYDERIVATION_DECRYPT; hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_CBC; hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE; + #elif defined(STM32_HAL_V2) + hcryp.Init.Algorithm = CRYP_AES_CBC; #endif - hcryp.Init.pInitVect = (uint8_t*)aes->reg; + hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)aes->reg; HAL_CRYP_Init(&hcryp); while (blocks--) { #ifdef STM32_CRYPTO_AES_ONLY ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, AES_BLOCK_SIZE, out, STM32_HAL_TIMEOUT); + #elif defined(STM32_HAL_V2) + ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in, AES_BLOCK_SIZE, + (uint32_t*)out, STM32_HAL_TIMEOUT); #else ret = HAL_CRYP_AESCBC_Decrypt(&hcryp, (uint8_t*)in, AES_BLOCK_SIZE, out, STM32_HAL_TIMEOUT); @@ -3201,13 +3221,18 @@ int wc_AesSetIV(Aes* aes, const byte* iv) hcryp.Init.OperatingMode = CRYP_ALGOMODE_ENCRYPT; hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_CTR; hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE; + #elif defined(STM32_HAL_V2) + hcryp.Init.Algorithm = CRYP_AES_CTR; #endif - hcryp.Init.pInitVect = (uint8_t*)aes->reg; + hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)aes->reg; HAL_CRYP_Init(&hcryp); #ifdef STM32_CRYPTO_AES_ONLY ret = HAL_CRYPEx_AES(&hcryp, (byte*)in, AES_BLOCK_SIZE, out, STM32_HAL_TIMEOUT); + #elif defined(STM32_HAL_V2) + ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, AES_BLOCK_SIZE, + (uint32_t*)out, STM32_HAL_TIMEOUT); #else ret = HAL_CRYP_AESCTR_Encrypt(&hcryp, (byte*)in, AES_BLOCK_SIZE, out, STM32_HAL_TIMEOUT); @@ -5370,8 +5395,8 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz } #ifdef WOLFSSL_STM32_CUBEMX - hcryp.Init.pInitVect = (uint8_t*)ctr; - hcryp.Init.Header = authInPadded; + hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)ctr; + hcryp.Init.Header = (STM_CRYPT_TYPE*)authInPadded; hcryp.Init.HeaderSize = authInSz; #ifdef STM32_CRYPTO_AES_ONLY @@ -5409,6 +5434,26 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz hcryp.Init.GCMCMACPhase = CRYP_FINAL_PHASE; status = HAL_CRYPEx_AES_Auth(&hcryp, NULL, sz, tag, STM32_HAL_TIMEOUT); } +#elif defined(STM32_HAL_V2) + hcryp.Init.Algorithm = CRYP_AES_GCM; + HAL_CRYP_Init(&hcryp); + if (blocks) { + /* GCM payload phase - blocks */ + status = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, (blocks * AES_BLOCK_SIZE), + (uint32_t*)out, STM32_HAL_TIMEOUT); + } + if (status == HAL_OK && partial != 0) { + /* GCM payload phase - partial remainder */ + XMEMSET(partialBlock, 0, sizeof(partialBlock)); + XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial); + status = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)partialBlock, partial, (uint32_t*)partialBlock, + STM32_HAL_TIMEOUT); + XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial); + } + if (status == HAL_OK) { + /* Compute the authTag */ + status = HAL_CRYPEx_AESGCM_GenerateAuthTAG(&hcryp, (uint32_t*)tag, STM32_HAL_TIMEOUT); + } #else HAL_CRYP_Init(&hcryp); if (blocks) { @@ -5769,8 +5814,8 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, } #ifdef WOLFSSL_STM32_CUBEMX - hcryp.Init.pInitVect = (uint8_t*)ctr; - hcryp.Init.Header = authInPadded; + hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)ctr; + hcryp.Init.Header = (STM_CRYPT_TYPE*)authInPadded; hcryp.Init.HeaderSize = authInSz; #ifdef STM32_CRYPTO_AES_ONLY @@ -5808,6 +5853,26 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, hcryp.Init.GCMCMACPhase = CRYP_FINAL_PHASE; status = HAL_CRYPEx_AES_Auth(&hcryp, NULL, sz, tag, STM32_HAL_TIMEOUT); } +#elif defined(STM32_HAL_V2) + hcryp.Init.Algorithm = CRYP_AES_GCM; + HAL_CRYP_Init(&hcryp); + if (blocks) { + /* GCM payload phase - blocks */ + status = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, (blocks * AES_BLOCK_SIZE), + (uint32_t*)out, STM32_HAL_TIMEOUT); + } + if (status == HAL_OK && partial != 0) { + /* GCM payload phase - partial remainder */ + XMEMSET(partialBlock, 0, sizeof(partialBlock)); + XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial); + status = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)partialBlock, partial, (uint32_t*)partialBlock, + STM32_HAL_TIMEOUT); + XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial); + } + if (status == HAL_OK) { + /* Compute the authTag */ + status = HAL_CRYPEx_AESGCM_GenerateAuthTAG(&hcryp, (uint32_t*)tag, STM32_HAL_TIMEOUT); + } #else HAL_CRYP_Init(&hcryp); if (blocks) { diff --git a/wolfcrypt/src/port/st/stm32.c b/wolfcrypt/src/port/st/stm32.c index d5adf257d..d0d54b026 100644 --- a/wolfcrypt/src/port/st/stm32.c +++ b/wolfcrypt/src/port/st/stm32.c @@ -292,7 +292,7 @@ int wc_Stm32_Aes_Init(Aes* aes, CRYP_HandleTypeDef* hcryp) } hcryp->Instance = CRYP; hcryp->Init.DataType = CRYP_DATATYPE_8B; - hcryp->Init.pKey = (uint8_t*)aes->key; + hcryp->Init.pKey = (STM_CRYPT_TYPE*)aes->key; return 0; } diff --git a/wolfssl/wolfcrypt/port/st/stm32.h b/wolfssl/wolfcrypt/port/st/stm32.h index 5ef2d8bf7..fe38663ff 100644 --- a/wolfssl/wolfcrypt/port/st/stm32.h +++ b/wolfssl/wolfcrypt/port/st/stm32.h @@ -98,6 +98,19 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo, #define CRYP AES #endif + /* Detect newer CubeMX crypto HAL (HAL_CRYP_Encrypt / HAL_CRYP_Decrypt) */ + #if !defined(STM32_HAL_V2) && \ + defined(WOLFSSL_STM32F7) && defined(CRYP_AES_GCM) + #define STM32_HAL_V2 + #endif + + /* Thee datatype for STM32 CubeMX HAL Crypt calls */ + #ifdef STM32_HAL_V2 + #define STM_CRYPT_TYPE uint32_t + #else + #define STM_CRYPT_TYPE uint8_t + #endif + /* CRYPT_AES_GCM starts the IV with 2 */ #define STM32_GCM_IV_START 2 From 8e83fb2e676cee9cd4dafb1d38aae8eab83f3b66 Mon Sep 17 00:00:00 2001 From: David Garske Date: Mon, 5 Aug 2019 14:03:02 -0700 Subject: [PATCH 2/5] Fix to resolve AES GCM auth calucation for GMAC where no in/out data is used. --- wolfcrypt/src/aes.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 051bdafa6..dcab06a81 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -5421,7 +5421,7 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz (blocks * AES_BLOCK_SIZE), out, STM32_HAL_TIMEOUT); } } - if (status == HAL_OK && partial != 0) { + if (status == HAL_OK && (partial != 0 || blocks == 0)) { /* GCM payload phase - partial remainder */ XMEMSET(partialBlock, 0, sizeof(partialBlock)); XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial); @@ -5442,7 +5442,7 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz status = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, (blocks * AES_BLOCK_SIZE), (uint32_t*)out, STM32_HAL_TIMEOUT); } - if (status == HAL_OK && partial != 0) { + if (status == HAL_OK && (partial != 0 || blocks == 0)) { /* GCM payload phase - partial remainder */ XMEMSET(partialBlock, 0, sizeof(partialBlock)); XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial); @@ -5461,7 +5461,7 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz status = HAL_CRYPEx_AESGCM_Encrypt(&hcryp, (byte*)in, (blocks * AES_BLOCK_SIZE), out, STM32_HAL_TIMEOUT); } - if (status == HAL_OK && partial != 0) { + if (status == HAL_OK && (partial != 0 || blocks == 0)) { /* GCM payload phase - partial remainder */ XMEMSET(partialBlock, 0, sizeof(partialBlock)); XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial); @@ -5840,7 +5840,7 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, (blocks * AES_BLOCK_SIZE), out, STM32_HAL_TIMEOUT); } } - if (status == HAL_OK && partial != 0) { + if (status == HAL_OK && (partial != 0 || blocks == 0)) { /* GCM payload phase - partial remainder */ XMEMSET(partialBlock, 0, sizeof(partialBlock)); XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial); @@ -5861,7 +5861,7 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, status = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, (blocks * AES_BLOCK_SIZE), (uint32_t*)out, STM32_HAL_TIMEOUT); } - if (status == HAL_OK && partial != 0) { + if (status == HAL_OK && (partial != 0 || blocks == 0)) { /* GCM payload phase - partial remainder */ XMEMSET(partialBlock, 0, sizeof(partialBlock)); XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial); @@ -5880,7 +5880,7 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, status = HAL_CRYPEx_AESGCM_Decrypt(&hcryp, (byte*)in, (blocks * AES_BLOCK_SIZE), out, STM32_HAL_TIMEOUT); } - if (status == HAL_OK && partial != 0) { + if (status == HAL_OK && (partial != 0 || blocks == 0)) { /* GCM payload phase - partial remainder */ XMEMSET(partialBlock, 0, sizeof(partialBlock)); XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial); From e7c6fc221de49c230bce08174be43a0b2905f16b Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 9 Aug 2019 15:40:26 -0700 Subject: [PATCH 3/5] Fixes to handle byte swapping on Key and IV for STM32F7 with latest CubeMX. --- wolfcrypt/src/aes.c | 21 +++++++++++++++++++-- wolfcrypt/src/port/st/stm32.c | 3 +++ 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index dcab06a81..260d70fc1 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -1807,7 +1807,7 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) aes->keylen = keylen; aes->rounds = keylen/4 + 6; XMEMCPY(rk, userKey, keylen); - #ifndef WOLFSSL_STM32_CUBEMX + #if !defined(WOLFSSL_STM32_CUBEMX) || defined(STM32_HAL_V2) ByteReverseWords(rk, rk, keylen); #endif #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) @@ -2467,6 +2467,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE; #elif defined(STM32_HAL_V2) hcryp.Init.Algorithm = CRYP_AES_CBC; + ByteReverseWords(aes->reg, aes->reg, AES_BLOCK_SIZE); #endif hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)aes->reg; HAL_CRYP_Init(&hcryp); @@ -2519,6 +2520,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE; #elif defined(STM32_HAL_V2) hcryp.Init.Algorithm = CRYP_AES_CBC; + ByteReverseWords(aes->reg, aes->reg, AES_BLOCK_SIZE); #endif hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)aes->reg; @@ -3205,6 +3207,9 @@ int wc_AesSetIV(Aes* aes, const byte* iv) int ret = 0; #ifdef WOLFSSL_STM32_CUBEMX CRYP_HandleTypeDef hcryp; + #ifdef STM32_HAL_V2 + word32 iv[AES_BLOCK_SIZE/sizeof(word32)]; + #endif #else word32 *iv; CRYP_InitTypeDef cryptInit; @@ -3221,10 +3226,12 @@ int wc_AesSetIV(Aes* aes, const byte* iv) hcryp.Init.OperatingMode = CRYP_ALGOMODE_ENCRYPT; hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_CTR; hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE; + hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)aes->reg; #elif defined(STM32_HAL_V2) hcryp.Init.Algorithm = CRYP_AES_CTR; + ByteReverseWords(iv, aes->reg, AES_BLOCK_SIZE); + hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)iv; #endif - hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)aes->reg; HAL_CRYP_Init(&hcryp); #ifdef STM32_CRYPTO_AES_ONLY @@ -5345,6 +5352,9 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz int ret; #ifdef WOLFSSL_STM32_CUBEMX CRYP_HandleTypeDef hcryp; + #ifdef STM32_HAL_V2 + word32 ivWord[AES_BLOCK_SIZE/sizeof(word32)]; + #endif #else word32 keyCopy[AES_256_KEY_SIZE/sizeof(word32)]; #endif @@ -5436,6 +5446,8 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz } #elif defined(STM32_HAL_V2) hcryp.Init.Algorithm = CRYP_AES_GCM; + ByteReverseWords(ivWord, (word32*)ctr, AES_BLOCK_SIZE); + hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)ivWord; HAL_CRYP_Init(&hcryp); if (blocks) { /* GCM payload phase - blocks */ @@ -5764,6 +5776,9 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, int ret; #ifdef WOLFSSL_STM32_CUBEMX CRYP_HandleTypeDef hcryp; + #ifdef STM32_HAL_V2 + word32 ivWord[AES_BLOCK_SIZE/sizeof(word32)]; + #endif #else word32 keyCopy[AES_256_KEY_SIZE/sizeof(word32)]; #endif @@ -5855,6 +5870,8 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, } #elif defined(STM32_HAL_V2) hcryp.Init.Algorithm = CRYP_AES_GCM; + ByteReverseWords(ivWord, (word32*)ctr, AES_BLOCK_SIZE); + hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)ivWord; HAL_CRYP_Init(&hcryp); if (blocks) { /* GCM payload phase - blocks */ diff --git a/wolfcrypt/src/port/st/stm32.c b/wolfcrypt/src/port/st/stm32.c index d0d54b026..0c24799a7 100644 --- a/wolfcrypt/src/port/st/stm32.c +++ b/wolfcrypt/src/port/st/stm32.c @@ -293,6 +293,9 @@ int wc_Stm32_Aes_Init(Aes* aes, CRYP_HandleTypeDef* hcryp) hcryp->Instance = CRYP; hcryp->Init.DataType = CRYP_DATATYPE_8B; hcryp->Init.pKey = (STM_CRYPT_TYPE*)aes->key; +#ifdef STM32_HAL_V2 + hcryp->Init.DataWidthUnit = CRYP_DATAWIDTHUNIT_BYTE; +#endif return 0; } From aee766e11b8929220d354b91321242866d6310d6 Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 15 Aug 2019 16:57:38 -0700 Subject: [PATCH 4/5] Minor fixes for AES GCM with GMAC and STM32 HALv2. --- wolfcrypt/src/aes.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 260d70fc1..6634d5d80 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -5507,7 +5507,7 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz if (authTag) { /* STM32 GCM won't compute Auth correctly for partial or when IV != 12, so use software here */ - if (partial != 0 || ivSz != GCM_NONCE_MID_SZ) { + if (sz == 0 || partial != 0 || ivSz != GCM_NONCE_MID_SZ) { DecrementGcmCounter(ctr); /* hardware requires +1, so subtract it */ GHASH(aes, authIn, authInSz, out, sz, authTag, authTagSz); wc_AesEncrypt(aes, ctr, tag); @@ -5889,6 +5889,7 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, if (status == HAL_OK) { /* Compute the authTag */ status = HAL_CRYPEx_AESGCM_GenerateAuthTAG(&hcryp, (uint32_t*)tag, STM32_HAL_TIMEOUT); + ByteReverseWords((word32*)tag, (word32*)tag, authTagSz); } #else HAL_CRYP_Init(&hcryp); @@ -5932,7 +5933,7 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, #endif /* WOLFSSL_STM32_CUBEMX */ /* STM32 GCM hardware only supports IV of 12 bytes, so use software for auth */ - if (ivSz != GCM_NONCE_MID_SZ) { + if (sz == 0 || ivSz != GCM_NONCE_MID_SZ) { DecrementGcmCounter(ctr); /* hardware requires +1, so subtract it */ GHASH(aes, authIn, authInSz, in, sz, tag, sizeof(tag)); wc_AesEncrypt(aes, ctr, partialBlock); From 3f992ce39d61a90605bcc33f3d1ff4f80901fe8b Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 16 Aug 2019 12:31:28 -0700 Subject: [PATCH 5/5] Additional STM32F7 fixes with HALv2. --- wolfcrypt/src/aes.c | 57 ++++++++++++++------------------------------- 1 file changed, 17 insertions(+), 40 deletions(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 6634d5d80..3a138ea00 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -5352,9 +5352,6 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz int ret; #ifdef WOLFSSL_STM32_CUBEMX CRYP_HandleTypeDef hcryp; - #ifdef STM32_HAL_V2 - word32 ivWord[AES_BLOCK_SIZE/sizeof(word32)]; - #endif #else word32 keyCopy[AES_256_KEY_SIZE/sizeof(word32)]; #endif @@ -5446,25 +5443,17 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz } #elif defined(STM32_HAL_V2) hcryp.Init.Algorithm = CRYP_AES_GCM; - ByteReverseWords(ivWord, (word32*)ctr, AES_BLOCK_SIZE); - hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)ivWord; + ByteReverseWords((word32*)partialBlock, (word32*)ctr, AES_BLOCK_SIZE); + hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)partialBlock; HAL_CRYP_Init(&hcryp); - if (blocks) { - /* GCM payload phase - blocks */ - status = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, (blocks * AES_BLOCK_SIZE), - (uint32_t*)out, STM32_HAL_TIMEOUT); - } - if (status == HAL_OK && (partial != 0 || blocks == 0)) { - /* GCM payload phase - partial remainder */ - XMEMSET(partialBlock, 0, sizeof(partialBlock)); - XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial); - status = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)partialBlock, partial, (uint32_t*)partialBlock, - STM32_HAL_TIMEOUT); - XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial); - } + + /* GCM payload phase - can handle partial blocks */ + status = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, + (blocks * AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT); if (status == HAL_OK) { /* Compute the authTag */ - status = HAL_CRYPEx_AESGCM_GenerateAuthTAG(&hcryp, (uint32_t*)tag, STM32_HAL_TIMEOUT); + status = HAL_CRYPEx_AESGCM_GenerateAuthTAG(&hcryp, (uint32_t*)tag, + STM32_HAL_TIMEOUT); } #else HAL_CRYP_Init(&hcryp); @@ -5776,9 +5765,6 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, int ret; #ifdef WOLFSSL_STM32_CUBEMX CRYP_HandleTypeDef hcryp; - #ifdef STM32_HAL_V2 - word32 ivWord[AES_BLOCK_SIZE/sizeof(word32)]; - #endif #else word32 keyCopy[AES_256_KEY_SIZE/sizeof(word32)]; #endif @@ -5870,26 +5856,17 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, } #elif defined(STM32_HAL_V2) hcryp.Init.Algorithm = CRYP_AES_GCM; - ByteReverseWords(ivWord, (word32*)ctr, AES_BLOCK_SIZE); - hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)ivWord; + ByteReverseWords((word32*)partialBlock, (word32*)ctr, AES_BLOCK_SIZE); + hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)partialBlock; HAL_CRYP_Init(&hcryp); - if (blocks) { - /* GCM payload phase - blocks */ - status = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, (blocks * AES_BLOCK_SIZE), - (uint32_t*)out, STM32_HAL_TIMEOUT); - } - if (status == HAL_OK && (partial != 0 || blocks == 0)) { - /* GCM payload phase - partial remainder */ - XMEMSET(partialBlock, 0, sizeof(partialBlock)); - XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial); - status = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)partialBlock, partial, (uint32_t*)partialBlock, - STM32_HAL_TIMEOUT); - XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial); - } + + /* GCM payload phase - can handle partial blocks */ + status = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in, + (blocks * AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT); if (status == HAL_OK) { /* Compute the authTag */ - status = HAL_CRYPEx_AESGCM_GenerateAuthTAG(&hcryp, (uint32_t*)tag, STM32_HAL_TIMEOUT); - ByteReverseWords((word32*)tag, (word32*)tag, authTagSz); + status = HAL_CRYPEx_AESGCM_GenerateAuthTAG(&hcryp, (uint32_t*)tag, + STM32_HAL_TIMEOUT); } #else HAL_CRYP_Init(&hcryp); @@ -5933,7 +5910,7 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, #endif /* WOLFSSL_STM32_CUBEMX */ /* STM32 GCM hardware only supports IV of 12 bytes, so use software for auth */ - if (sz == 0 || ivSz != GCM_NONCE_MID_SZ) { + if (sz == 0 || partial != 0 || ivSz != GCM_NONCE_MID_SZ) { DecrementGcmCounter(ctr); /* hardware requires +1, so subtract it */ GHASH(aes, authIn, authInSz, in, sz, tag, sizeof(tag)); wc_AesEncrypt(aes, ctr, partialBlock);