From 13e6462ea721be3959f0c7399a5139f42b5f518c Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 19 May 2020 07:47:12 -0700 Subject: [PATCH 1/4] Fixes for build with STM32 Standard Periperal Library (StdPeriLib). --- wolfcrypt/src/aes.c | 15 ++++++++++----- wolfcrypt/src/des3.c | 9 ++++----- wolfcrypt/src/ecc.c | 2 +- 3 files changed, 15 insertions(+), 11 deletions(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 341b1c053..4494fadc7 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -5927,11 +5927,15 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz word32 keyCopy[AES_256_KEY_SIZE/sizeof(word32)]; #endif word32 keySize; +#ifdef WOLFSSL_STM32_CUBEMX int status = HAL_OK; word32 blocks = sz / AES_BLOCK_SIZE; + word32 partialBlock[AES_BLOCK_SIZE/sizeof(word32)]; +#else + int status = SUCCESS; +#endif word32 partial = sz % AES_BLOCK_SIZE; word32 tag[AES_BLOCK_SIZE/sizeof(word32)]; - word32 partialBlock[AES_BLOCK_SIZE/sizeof(word32)]; word32 ctr[AES_BLOCK_SIZE/sizeof(word32)]; byte* authInPadded = NULL; int authPadSz; @@ -6065,7 +6069,7 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz (uint8_t*)keyCopy, keySize * 8, (uint8_t*)in, sz, (uint8_t*)authInPadded, authInSz, - (uint8_t*)out, tag); + (uint8_t*)out, (uint8_t*)tag); if (status != SUCCESS) ret = AES_GCM_AUTH_E; #endif /* WOLFSSL_STM32_CUBEMX */ @@ -6360,13 +6364,14 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, { int ret; #ifdef WOLFSSL_STM32_CUBEMX + int status = HAL_OK; CRYP_HandleTypeDef hcryp; + word32 blocks = sz / AES_BLOCK_SIZE; #else + int status = SUCCESS; word32 keyCopy[AES_256_KEY_SIZE/sizeof(word32)]; #endif word32 keySize; - int status = HAL_OK; - word32 blocks = sz / AES_BLOCK_SIZE; word32 partial = sz % AES_BLOCK_SIZE; word32 tag[AES_BLOCK_SIZE/sizeof(word32)]; word32 partialBlock[AES_BLOCK_SIZE/sizeof(word32)]; @@ -6508,7 +6513,7 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, (uint8_t*)keyCopy, keySize * 8, (uint8_t*)in, sz, (uint8_t*)authInPadded, authInSz, - (uint8_t*)out, tag); + (uint8_t*)out, (uint8_t*)tag); if (status != SUCCESS) ret = AES_GCM_AUTH_E; #endif /* WOLFSSL_STM32_CUBEMX */ diff --git a/wolfcrypt/src/des3.c b/wolfcrypt/src/des3.c index b4b0187cd..9daa195eb 100644 --- a/wolfcrypt/src/des3.c +++ b/wolfcrypt/src/des3.c @@ -345,7 +345,7 @@ return 0; } - static void Des3Crypt(Des3* des, byte* out, const byte* in, word32 sz, + static int Des3Crypt(Des3* des, byte* out, const byte* in, word32 sz, int dir) { if (des == NULL || out == NULL || in == NULL) @@ -460,18 +460,17 @@ CRYP_Cmd(DISABLE); } #endif /* WOLFSSL_STM32_CUBEMX */ + return 0; } int wc_Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz) { - Des3Crypt(des, out, in, sz, DES_ENCRYPTION); - return 0; + return Des3Crypt(des, out, in, sz, DES_ENCRYPTION); } int wc_Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz) { - Des3Crypt(des, out, in, sz, DES_DECRYPTION); - return 0; + return Des3Crypt(des, out, in, sz, DES_DECRYPTION); } #elif defined(HAVE_COLDFIRE_SEC) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 9de60c4e3..e527645d2 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -987,7 +987,7 @@ const ecc_set_type ecc_sets[] = { "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551", /* order */ "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296", /* Gx */ "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5", /* Gy */ - ecc_oid_secp256r1, /* oid/oidSz */ + ecc_oid_secp256r1, /* oid/oidSz */ ecc_oid_secp256r1_sz, ECC_SECP256R1_OID, /* oid sum */ 1, /* cofactor */ From 2033be9aed24e9cc8d996429038dd15a79a4d3a3 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 19 May 2020 17:41:56 -0700 Subject: [PATCH 2/4] Fixes for building against older STM32 CubeMX HAL. --- wolfcrypt/src/aes.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 4494fadc7..327290a71 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -6049,13 +6049,13 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz /* GCM payload phase - partial remainder */ XMEMSET(partialBlock, 0, sizeof(partialBlock)); XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial); - status = HAL_CRYPEx_AESGCM_Encrypt(&hcryp, partialBlock, partial, - partialBlock, STM32_HAL_TIMEOUT); + status = HAL_CRYPEx_AESGCM_Encrypt(&hcryp, (uint8_t*)partialBlock, partial, + (uint8_t*)partialBlock, STM32_HAL_TIMEOUT); XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial); } if (status == HAL_OK) { /* Compute the authTag */ - status = HAL_CRYPEx_AESGCM_Finish(&hcryp, sz, tag, STM32_HAL_TIMEOUT); + status = HAL_CRYPEx_AESGCM_Finish(&hcryp, sz, (uint8_t*)tag, STM32_HAL_TIMEOUT); } #endif From de4d2e643690ced6a8368473bbb939717805ecff Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 20 May 2020 10:49:26 -0700 Subject: [PATCH 3/4] Fix for CubeMX HAL `headerSize` (older CubeMX HAL uses actual bytes, not multiple of 32-bit). Fix for GMAC case in `STM32_CRYPTO_AES_ONLY`. --- wolfcrypt/src/aes.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 327290a71..9037583d0 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -5987,10 +5987,10 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz #ifdef WOLFSSL_STM32_CUBEMX hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)ctr; hcryp.Init.Header = (STM_CRYPT_TYPE*)authInPadded; - hcryp.Init.HeaderSize = authPadSz/sizeof(word32); #ifdef STM32_CRYPTO_AES_ONLY /* Set the CRYP parameters */ + hcryp.Init.HeaderSize = authPadSz; hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_GCM_GMAC; hcryp.Init.OperatingMode = CRYP_ALGOMODE_ENCRYPT; hcryp.Init.GCMCMACPhase = CRYP_INIT_PHASE; @@ -6011,21 +6011,22 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz (blocks * AES_BLOCK_SIZE), out, STM32_HAL_TIMEOUT); } } - if (status == HAL_OK && (partial != 0 || blocks == 0)) { + if (status == HAL_OK && (partial != 0 || (sz > 0 && blocks == 0))) { /* GCM payload phase - partial remainder */ XMEMSET(partialBlock, 0, sizeof(partialBlock)); XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial); - status = HAL_CRYPEx_AES_Auth(&hcryp, partialBlock, partial, - partialBlock, STM32_HAL_TIMEOUT); + status = HAL_CRYPEx_AES_Auth(&hcryp, (uint8_t*)partialBlock, partial, + (uint8_t*)partialBlock, STM32_HAL_TIMEOUT); XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial); } if (status == HAL_OK) { /* GCM final phase */ hcryp.Init.GCMCMACPhase = CRYP_FINAL_PHASE; - status = HAL_CRYPEx_AES_Auth(&hcryp, NULL, sz, tag, STM32_HAL_TIMEOUT); + status = HAL_CRYPEx_AES_Auth(&hcryp, NULL, sz, (uint8_t*)tag, STM32_HAL_TIMEOUT); } #elif defined(STM32_HAL_V2) hcryp.Init.Algorithm = CRYP_AES_GCM; + hcryp.Init.HeaderSize = authPadSz/sizeof(word32); ByteReverseWords(partialBlock, ctr, AES_BLOCK_SIZE); hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)partialBlock; HAL_CRYP_Init(&hcryp); @@ -6039,6 +6040,7 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz STM32_HAL_TIMEOUT); } #else + hcryp.Init.HeaderSize = authPadSz; HAL_CRYP_Init(&hcryp); if (blocks) { /* GCM payload phase - blocks */ @@ -6426,10 +6428,10 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, #ifdef WOLFSSL_STM32_CUBEMX hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)ctr; hcryp.Init.Header = (STM_CRYPT_TYPE*)authInPadded; - hcryp.Init.HeaderSize = authPadSz/sizeof(word32); #ifdef STM32_CRYPTO_AES_ONLY /* Set the CRYP parameters */ + hcryp.Init.HeaderSize = authPadSz; hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_GCM_GMAC; hcryp.Init.OperatingMode = CRYP_ALGOMODE_DECRYPT; hcryp.Init.GCMCMACPhase = CRYP_INIT_PHASE; @@ -6450,7 +6452,7 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, (blocks * AES_BLOCK_SIZE), out, STM32_HAL_TIMEOUT); } } - if (status == HAL_OK && (partial != 0 || blocks == 0)) { + if (status == HAL_OK && (partial != 0 || (sz > 0 && blocks == 0))) { /* GCM payload phase - partial remainder */ XMEMSET(partialBlock, 0, sizeof(partialBlock)); XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial); @@ -6464,6 +6466,7 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, status = HAL_CRYPEx_AES_Auth(&hcryp, NULL, sz, (byte*)tag, STM32_HAL_TIMEOUT); } #elif defined(STM32_HAL_V2) + hcryp.Init.HeaderSize = authPadSz/sizeof(word32); hcryp.Init.Algorithm = CRYP_AES_GCM; ByteReverseWords(partialBlock, ctr, AES_BLOCK_SIZE); hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)partialBlock; @@ -6478,6 +6481,7 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, STM32_HAL_TIMEOUT); } #else + hcryp.Init.HeaderSize = authPadSz; HAL_CRYP_Init(&hcryp); if (blocks) { /* GCM payload phase - blocks */ From 363b9528af3a4f930cbd33402eb74b87b5f5fdcc Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 20 May 2020 11:23:14 -0700 Subject: [PATCH 4/4] Fix for STM32 AES only (L4) AES Decrypt Direct (ECB). --- wolfcrypt/src/aes.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 9037583d0..516884670 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -392,7 +392,7 @@ return ret; #ifdef STM32_CRYPTO_AES_ONLY - hcryp.Init.OperatingMode = CRYP_ALGOMODE_DECRYPT; + hcryp.Init.OperatingMode = CRYP_ALGOMODE_KEYDERIVATION_DECRYPT; hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_ECB; hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE; #elif defined(STM32_HAL_V2)