diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 2b1070fa0..02df4cf37 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -279,106 +279,59 @@ /* Define AES implementation includes and functions */ #if defined(STM32_CRYPTO) - /* STM32F2/F4 hardware AES support for CBC, CTR modes */ - - #ifdef WOLFSSL_STM32L4 - #define CRYP AES - #endif - - /* CRYPT_AES_GCM starts the IV with 2 */ - #define STM32_GCM_IV_START 2 + /* STM32F2/F4/F7/L4 hardware AES support for ECB, CBC, CTR and GCM modes */ #if defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AESGCM) || defined(HAVE_AESCCM) + static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock) { int ret = 0; #ifdef WOLFSSL_STM32_CUBEMX CRYP_HandleTypeDef hcryp; + #else + CRYP_InitTypeDef cryptInit; + CRYP_KeyInitTypeDef keyInit; + #endif - XMEMSET(&hcryp, 0, sizeof(CRYP_HandleTypeDef)); - switch(aes->rounds) { - case 10: /* 128-bit key */ - hcryp.Init.KeySize = CRYP_KEYSIZE_128B; - break; - #ifdef CRYP_KEYSIZE_192B - case 12: /* 192-bit key */ - hcryp.Init.KeySize = CRYP_KEYSIZE_192B; - break; - #endif - case 14: /* 256-bit key */ - hcryp.Init.KeySize = CRYP_KEYSIZE_256B; - break; - default: - break; - } - hcryp.Instance = CRYP; - hcryp.Init.DataType = CRYP_DATATYPE_8B; - hcryp.Init.pKey = (uint8_t*)aes->key; + #ifdef WOLFSSL_STM32_CUBEMX + ret = wc_Stm32_Aes_Init(aes, &hcryp); + if (ret != 0) + return ret; + #ifdef STM32_CRYPTO_AES_ONLY + hcryp.Init.OperatingMode = CRYP_ALGOMODE_ENCRYPT; + hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_ECB; + hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE; + #endif HAL_CRYP_Init(&hcryp); - if (HAL_CRYP_AESECB_Encrypt(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, - outBlock, STM32_HAL_TIMEOUT) != HAL_OK) { + #ifdef STM32_CRYPTO_AES_ONLY + ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, + outBlock, STM32_HAL_TIMEOUT); + #else + ret = HAL_CRYP_AESECB_Encrypt(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, + outBlock, STM32_HAL_TIMEOUT); + #endif + if (ret != HAL_OK) { ret = WC_TIMEOUT_E; } - HAL_CRYP_DeInit(&hcryp); - #else - word32 *enc_key; - CRYP_InitTypeDef AES_CRYP_InitStructure; - CRYP_KeyInitTypeDef AES_CRYP_KeyInitStructure; - enc_key = aes->key; - - /* crypto structure initialization */ - CRYP_KeyStructInit(&AES_CRYP_KeyInitStructure); - CRYP_StructInit(&AES_CRYP_InitStructure); + #else /* STD_PERI_LIB */ + ret = wc_Stm32_Aes_Init(aes, &cryptInit, &keyInit); + if (ret != 0) + return ret; /* reset registers to their default values */ CRYP_DeInit(); - /* load key into correct registers */ - switch (aes->rounds) { - case 10: /* 128-bit key */ - AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_128b; - AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[0]; - AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[1]; - AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[2]; - AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[3]; - break; + /* setup key */ + CRYP_KeyInit(&keyInit); - case 12: /* 192-bit key */ - AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_192b; - AES_CRYP_KeyInitStructure.CRYP_Key1Left = enc_key[0]; - AES_CRYP_KeyInitStructure.CRYP_Key1Right = enc_key[1]; - AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[2]; - AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[3]; - AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[4]; - AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[5]; - break; - - case 14: /* 256-bit key */ - AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_256b; - AES_CRYP_KeyInitStructure.CRYP_Key0Left = enc_key[0]; - AES_CRYP_KeyInitStructure.CRYP_Key0Right = enc_key[1]; - AES_CRYP_KeyInitStructure.CRYP_Key1Left = enc_key[2]; - AES_CRYP_KeyInitStructure.CRYP_Key1Right = enc_key[3]; - AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[4]; - AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[5]; - AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[6]; - AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[7]; - break; - - default: - break; - } - CRYP_KeyInit(&AES_CRYP_KeyInitStructure); - - /* set direction, mode, and datatype */ - AES_CRYP_InitStructure.CRYP_AlgoDir = CRYP_AlgoDir_Encrypt; - AES_CRYP_InitStructure.CRYP_AlgoMode = CRYP_AlgoMode_AES_ECB; - AES_CRYP_InitStructure.CRYP_DataType = CRYP_DataType_8b; - CRYP_Init(&AES_CRYP_InitStructure); + /* set direction and mode */ + cryptInit.CRYP_AlgoDir = CRYP_AlgoDir_Encrypt; + cryptInit.CRYP_AlgoMode = CRYP_AlgoMode_AES_ECB; + CRYP_Init(&cryptInit); /* enable crypto processor */ CRYP_Cmd(ENABLE); @@ -413,91 +366,48 @@ int ret = 0; #ifdef WOLFSSL_STM32_CUBEMX CRYP_HandleTypeDef hcryp; + #else + CRYP_InitTypeDef cryptInit; + CRYP_KeyInitTypeDef keyInit; + #endif - XMEMSET(&hcryp, 0, sizeof(CRYP_HandleTypeDef)); - switch(aes->rounds) { - case 10: /* 128-bit key */ - hcryp.Init.KeySize = CRYP_KEYSIZE_128B; - break; - #ifdef CRYP_KEYSIZE_192B - case 12: /* 192-bit key */ - hcryp.Init.KeySize = CRYP_KEYSIZE_192B; - break; - #endif - case 14: /* 256-bit key */ - hcryp.Init.KeySize = CRYP_KEYSIZE_256B; - break; - default: - break; - } - hcryp.Instance = CRYP; - hcryp.Init.DataType = CRYP_DATATYPE_8B; - hcryp.Init.pKey = (uint8_t*)aes->key; + #ifdef WOLFSSL_STM32_CUBEMX + ret = wc_Stm32_Aes_Init(aes, &hcryp); + if (ret != 0) + return ret; + #ifdef STM32_CRYPTO_AES_ONLY + hcryp.Init.OperatingMode = CRYP_ALGOMODE_DECRYPT; + hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_ECB; + hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE; + #endif HAL_CRYP_Init(&hcryp); - if (HAL_CRYP_AESECB_Decrypt(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, - outBlock, STM32_HAL_TIMEOUT) != HAL_OK) { + #ifdef STM32_CRYPTO_AES_ONLY + ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, + outBlock, STM32_HAL_TIMEOUT); + #else + ret = HAL_CRYP_AESECB_Decrypt(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, + outBlock, STM32_HAL_TIMEOUT) + #endif + if (ret != HAL_OK) { ret = WC_TIMEOUT_E; } - HAL_CRYP_DeInit(&hcryp); - #else - word32 *enc_key; - CRYP_InitTypeDef AES_CRYP_InitStructure; - CRYP_KeyInitTypeDef AES_CRYP_KeyInitStructure; - enc_key = aes->key; - - /* crypto structure initialization */ - CRYP_KeyStructInit(&AES_CRYP_KeyInitStructure); - CRYP_StructInit(&AES_CRYP_InitStructure); + #else /* STD_PERI_LIB */ + ret = wc_Stm32_Aes_Init(aes, &cryptInit, &keyInit); + if (ret != 0) + return ret; /* reset registers to their default values */ CRYP_DeInit(); - /* load key into correct registers */ - switch (aes->rounds) { - case 10: /* 128-bit key */ - AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_128b; - AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[0]; - AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[1]; - AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[2]; - AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[3]; - break; - - case 12: /* 192-bit key */ - AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_192b; - AES_CRYP_KeyInitStructure.CRYP_Key1Left = enc_key[0]; - AES_CRYP_KeyInitStructure.CRYP_Key1Right = enc_key[1]; - AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[2]; - AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[3]; - AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[4]; - AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[5]; - break; - - case 14: /* 256-bit key */ - AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_256b; - AES_CRYP_KeyInitStructure.CRYP_Key0Left = enc_key[0]; - AES_CRYP_KeyInitStructure.CRYP_Key0Right = enc_key[1]; - AES_CRYP_KeyInitStructure.CRYP_Key1Left = enc_key[2]; - AES_CRYP_KeyInitStructure.CRYP_Key1Right = enc_key[3]; - AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[4]; - AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[5]; - AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[6]; - AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[7]; - break; - - default: - break; - } - CRYP_KeyInit(&AES_CRYP_KeyInitStructure); - - /* set direction, key, and datatype */ - AES_CRYP_InitStructure.CRYP_AlgoDir = CRYP_AlgoDir_Decrypt; - AES_CRYP_InitStructure.CRYP_AlgoMode = CRYP_AlgoMode_AES_Key; - AES_CRYP_InitStructure.CRYP_DataType = CRYP_DataType_8b; - CRYP_Init(&AES_CRYP_InitStructure); + /* set direction and key */ + CRYP_KeyInit(&keyInit); + cryptInit.CRYP_AlgoDir = CRYP_AlgoDir_Decrypt; + cryptInit.CRYP_AlgoMode = CRYP_AlgoMode_AES_Key; + CRYP_Init(&cryptInit); /* enable crypto processor */ CRYP_Cmd(ENABLE); @@ -505,11 +415,10 @@ /* wait until decrypt key has been intialized */ while (CRYP_GetFlagStatus(CRYP_FLAG_BUSY) != RESET) {} - /* set direction, mode, and datatype */ - AES_CRYP_InitStructure.CRYP_AlgoDir = CRYP_AlgoDir_Decrypt; - AES_CRYP_InitStructure.CRYP_AlgoMode = CRYP_AlgoMode_AES_ECB; - AES_CRYP_InitStructure.CRYP_DataType = CRYP_DataType_8b; - CRYP_Init(&AES_CRYP_InitStructure); + /* set direction and mode */ + cryptInit.CRYP_AlgoDir = CRYP_AlgoDir_Decrypt; + cryptInit.CRYP_AlgoMode = CRYP_AlgoMode_AES_ECB; + CRYP_Init(&cryptInit); /* enable crypto processor */ CRYP_Cmd(ENABLE); @@ -1838,8 +1747,13 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) (void)dir; - if (!((keylen == 16) || (keylen == 24) || (keylen == 32))) + if (keylen != 16 && + #ifdef WOLFSSL_AES_192 + keylen != 24 && + #endif + keylen != 32) { return BAD_FUNC_ARG; + } aes->keylen = keylen; aes->rounds = keylen/4 + 6; @@ -2367,32 +2281,27 @@ int wc_AesSetIV(Aes* aes, const byte* iv) word32 blocks = (sz / AES_BLOCK_SIZE); CRYP_HandleTypeDef hcryp; - XMEMSET(&hcryp, 0, sizeof(CRYP_HandleTypeDef)); - switch (aes->rounds) { - case 10: /* 128-bit key */ - hcryp.Init.KeySize = CRYP_KEYSIZE_128B; - break; - #ifdef CRYP_KEYSIZE_192B - case 12: /* 192-bit key */ - hcryp.Init.KeySize = CRYP_KEYSIZE_192B; - break; - #endif - case 14: /* 256-bit key */ - hcryp.Init.KeySize = CRYP_KEYSIZE_256B; - break; - default: - break; - } - hcryp.Instance = CRYP; - hcryp.Init.DataType = CRYP_DATATYPE_8B; - hcryp.Init.pKey = (uint8_t*)aes->key; - hcryp.Init.pInitVect = (uint8_t*)aes->reg; + ret = wc_Stm32_Aes_Init(aes, &hcryp); + if (ret != 0) + return ret; + #ifdef STM32_CRYPTO_AES_ONLY + hcryp.Init.OperatingMode = CRYP_ALGOMODE_ENCRYPT; + hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_CBC; + hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE; + #endif + hcryp.Init.pInitVect = (uint8_t*)aes->reg; HAL_CRYP_Init(&hcryp); while (blocks--) { - if (HAL_CRYP_AESCBC_Encrypt(&hcryp, (uint8_t*)in, AES_BLOCK_SIZE, - out, STM32_HAL_TIMEOUT) != HAL_OK) { + #ifdef STM32_CRYPTO_AES_ONLY + ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, AES_BLOCK_SIZE, + out, STM32_HAL_TIMEOUT); + #else + ret = HAL_CRYP_AESCBC_Encrypt(&hcryp, (uint8_t*)in, AES_BLOCK_SIZE, + out, STM32_HAL_TIMEOUT); + #endif + if (ret != HAL_OK) { ret = WC_TIMEOUT_E; break; } @@ -2416,33 +2325,33 @@ int wc_AesSetIV(Aes* aes, const byte* iv) word32 blocks = (sz / AES_BLOCK_SIZE); CRYP_HandleTypeDef hcryp; - XMEMSET(&hcryp, 0, sizeof(CRYP_HandleTypeDef)); - switch (aes->rounds) { - case 10: /* 128-bit key */ - hcryp.Init.KeySize = CRYP_KEYSIZE_128B; - break; - #ifdef CRYP_KEYSIZE_192B - case 12: /* 192-bit key */ - hcryp.Init.KeySize = CRYP_KEYSIZE_192B; - break; - #endif - case 14: /* 256-bit key */ - hcryp.Init.KeySize = CRYP_KEYSIZE_256B; - break; - default: - break; - } - hcryp.Instance = CRYP; - hcryp.Init.DataType = CRYP_DATATYPE_8B; - hcryp.Init.pKey = (uint8_t*)aes->key; - hcryp.Init.pInitVect = (uint8_t*)aes->reg; + ret = wc_Stm32_Aes_Init(aes, &hcryp); + if (ret != 0) + return ret; + /* if input and output same will overwrite input iv */ + XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + + #ifdef STM32_CRYPTO_AES_ONLY + hcryp.Init.OperatingMode = CRYP_ALGOMODE_KEYDERIVATION_DECRYPT; + hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_CBC; + hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE; + #endif + + hcryp.Init.pInitVect = (uint8_t*)aes->reg; HAL_CRYP_Init(&hcryp); while (blocks--) { - if (HAL_CRYP_AESCBC_Decrypt(&hcryp, (uint8_t*)in, AES_BLOCK_SIZE, - out, STM32_HAL_TIMEOUT) != HAL_OK) { + #ifdef STM32_CRYPTO_AES_ONLY + ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, AES_BLOCK_SIZE, + out, STM32_HAL_TIMEOUT); + #else + ret = HAL_CRYP_AESCBC_Decrypt(&hcryp, (uint8_t*)in, AES_BLOCK_SIZE, + out, STM32_HAL_TIMEOUT); + #endif + if (ret != HAL_OK) { ret = WC_TIMEOUT_E; + break; } /* store iv for next call */ @@ -2457,76 +2366,40 @@ int wc_AesSetIV(Aes* aes, const byte* iv) return ret; } #endif /* HAVE_AES_DECRYPT */ -#else + +#else /* STD_PERI_LIB */ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { - word32 *enc_key, *iv; + word32 *iv; word32 blocks = (sz / AES_BLOCK_SIZE); - CRYP_InitTypeDef AES_CRYP_InitStructure; - CRYP_KeyInitTypeDef AES_CRYP_KeyInitStructure; - CRYP_IVInitTypeDef AES_CRYP_IVInitStructure; + CRYP_InitTypeDef cryptInit; + CRYP_KeyInitTypeDef keyInit; + CRYP_IVInitTypeDef ivInit; - enc_key = aes->key; - iv = aes->reg; - - /* crypto structure initialization */ - CRYP_KeyStructInit(&AES_CRYP_KeyInitStructure); - CRYP_StructInit(&AES_CRYP_InitStructure); - CRYP_IVStructInit(&AES_CRYP_IVInitStructure); + ret = wc_Stm32_Aes_Init(aes, &cryptInit, &keyInit); + if (ret != 0) + return ret; /* reset registers to their default values */ CRYP_DeInit(); - /* load key into correct registers */ - switch (aes->rounds) { - case 10: /* 128-bit key */ - AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_128b; - AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[0]; - AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[1]; - AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[2]; - AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[3]; - break; - - case 12: /* 192-bit key */ - AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_192b; - AES_CRYP_KeyInitStructure.CRYP_Key1Left = enc_key[0]; - AES_CRYP_KeyInitStructure.CRYP_Key1Right = enc_key[1]; - AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[2]; - AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[3]; - AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[4]; - AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[5]; - break; - - case 14: /* 256-bit key */ - AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_256b; - AES_CRYP_KeyInitStructure.CRYP_Key0Left = enc_key[0]; - AES_CRYP_KeyInitStructure.CRYP_Key0Right = enc_key[1]; - AES_CRYP_KeyInitStructure.CRYP_Key1Left = enc_key[2]; - AES_CRYP_KeyInitStructure.CRYP_Key1Right = enc_key[3]; - AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[4]; - AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[5]; - AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[6]; - AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[7]; - break; - - default: - break; - } - CRYP_KeyInit(&AES_CRYP_KeyInitStructure); + /* set key */ + CRYP_KeyInit(&keyInit); /* set iv */ + iv = aes->reg; + CRYP_IVStructInit(&ivInit); ByteReverseWords(iv, iv, AES_BLOCK_SIZE); - AES_CRYP_IVInitStructure.CRYP_IV0Left = iv[0]; - AES_CRYP_IVInitStructure.CRYP_IV0Right = iv[1]; - AES_CRYP_IVInitStructure.CRYP_IV1Left = iv[2]; - AES_CRYP_IVInitStructure.CRYP_IV1Right = iv[3]; - CRYP_IVInit(&AES_CRYP_IVInitStructure); + ivInit.CRYP_IV0Left = iv[0]; + ivInit.CRYP_IV0Right = iv[1]; + ivInit.CRYP_IV1Left = iv[2]; + ivInit.CRYP_IV1Right = iv[3]; + CRYP_IVInit(&ivInit); - /* set direction, mode, and datatype */ - AES_CRYP_InitStructure.CRYP_AlgoDir = CRYP_AlgoDir_Encrypt; - AES_CRYP_InitStructure.CRYP_AlgoMode = CRYP_AlgoMode_AES_CBC; - AES_CRYP_InitStructure.CRYP_DataType = CRYP_DataType_8b; - CRYP_Init(&AES_CRYP_InitStructure); + /* set direction and mode */ + cryptInit.CRYP_AlgoDir = CRYP_AlgoDir_Encrypt; + cryptInit.CRYP_AlgoMode = CRYP_AlgoMode_AES_CBC; + CRYP_Init(&cryptInit); /* enable crypto processor */ CRYP_Cmd(ENABLE); @@ -2565,19 +2438,15 @@ int wc_AesSetIV(Aes* aes, const byte* iv) #ifdef HAVE_AES_DECRYPT int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) { - word32 *dec_key, *iv; + word32 *iv; word32 blocks = (sz / AES_BLOCK_SIZE); - CRYP_InitTypeDef AES_CRYP_InitStructure; - CRYP_KeyInitTypeDef AES_CRYP_KeyInitStructure; - CRYP_IVInitTypeDef AES_CRYP_IVInitStructure; + CRYP_InitTypeDef cryptInit; + CRYP_KeyInitTypeDef keyInit; + CRYP_IVInitTypeDef ivInit; - dec_key = aes->key; - iv = aes->reg; - - /* crypto structure initialization */ - CRYP_KeyStructInit(&AES_CRYP_KeyInitStructure); - CRYP_StructInit(&AES_CRYP_InitStructure); - CRYP_IVStructInit(&AES_CRYP_IVInitStructure); + ret = wc_Stm32_Aes_Init(aes, &cryptInit, &keyInit); + if (ret != 0) + return ret; /* if input and output same will overwrite input iv */ XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); @@ -2585,48 +2454,11 @@ int wc_AesSetIV(Aes* aes, const byte* iv) /* reset registers to their default values */ CRYP_DeInit(); - /* load key into correct registers */ - switch (aes->rounds) { - case 10: /* 128-bit key */ - AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_128b; - AES_CRYP_KeyInitStructure.CRYP_Key2Left = dec_key[0]; - AES_CRYP_KeyInitStructure.CRYP_Key2Right = dec_key[1]; - AES_CRYP_KeyInitStructure.CRYP_Key3Left = dec_key[2]; - AES_CRYP_KeyInitStructure.CRYP_Key3Right = dec_key[3]; - break; - - case 12: /* 192-bit key */ - AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_192b; - AES_CRYP_KeyInitStructure.CRYP_Key1Left = dec_key[0]; - AES_CRYP_KeyInitStructure.CRYP_Key1Right = dec_key[1]; - AES_CRYP_KeyInitStructure.CRYP_Key2Left = dec_key[2]; - AES_CRYP_KeyInitStructure.CRYP_Key2Right = dec_key[3]; - AES_CRYP_KeyInitStructure.CRYP_Key3Left = dec_key[4]; - AES_CRYP_KeyInitStructure.CRYP_Key3Right = dec_key[5]; - break; - - case 14: /* 256-bit key */ - AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_256b; - AES_CRYP_KeyInitStructure.CRYP_Key0Left = dec_key[0]; - AES_CRYP_KeyInitStructure.CRYP_Key0Right = dec_key[1]; - AES_CRYP_KeyInitStructure.CRYP_Key1Left = dec_key[2]; - AES_CRYP_KeyInitStructure.CRYP_Key1Right = dec_key[3]; - AES_CRYP_KeyInitStructure.CRYP_Key2Left = dec_key[4]; - AES_CRYP_KeyInitStructure.CRYP_Key2Right = dec_key[5]; - AES_CRYP_KeyInitStructure.CRYP_Key3Left = dec_key[6]; - AES_CRYP_KeyInitStructure.CRYP_Key3Right = dec_key[7]; - break; - - default: - break; - } - - /* set direction, mode, and datatype for key preparation */ - AES_CRYP_InitStructure.CRYP_AlgoDir = CRYP_AlgoDir_Decrypt; - AES_CRYP_InitStructure.CRYP_AlgoMode = CRYP_AlgoMode_AES_Key; - AES_CRYP_InitStructure.CRYP_DataType = CRYP_DataType_32b; - CRYP_Init(&AES_CRYP_InitStructure); - CRYP_KeyInit(&AES_CRYP_KeyInitStructure); + /* set direction and key */ + CRYP_KeyInit(&keyInit); + cryptInit.CRYP_AlgoDir = CRYP_AlgoDir_Decrypt; + cryptInit.CRYP_AlgoMode = CRYP_AlgoMode_AES_Key; + CRYP_Init(&cryptInit); /* enable crypto processor */ CRYP_Cmd(ENABLE); @@ -2634,20 +2466,20 @@ int wc_AesSetIV(Aes* aes, const byte* iv) /* wait until key has been prepared */ while (CRYP_GetFlagStatus(CRYP_FLAG_BUSY) != RESET) {} - /* set direction, mode, and datatype for decryption */ - AES_CRYP_InitStructure.CRYP_AlgoDir = CRYP_AlgoDir_Decrypt; - AES_CRYP_InitStructure.CRYP_AlgoMode = CRYP_AlgoMode_AES_CBC; - AES_CRYP_InitStructure.CRYP_DataType = CRYP_DataType_8b; - CRYP_Init(&AES_CRYP_InitStructure); + /* set direction and mode */ + cryptInit.CRYP_AlgoDir = CRYP_AlgoDir_Decrypt; + cryptInit.CRYP_AlgoMode = CRYP_AlgoMode_AES_CBC; + CRYP_Init(&cryptInit); /* set iv */ + iv = aes->reg; + CRYP_IVStructInit(&ivInit); ByteReverseWords(iv, iv, AES_BLOCK_SIZE); - - AES_CRYP_IVInitStructure.CRYP_IV0Left = iv[0]; - AES_CRYP_IVInitStructure.CRYP_IV0Right = iv[1]; - AES_CRYP_IVInitStructure.CRYP_IV1Left = iv[2]; - AES_CRYP_IVInitStructure.CRYP_IV1Right = iv[3]; - CRYP_IVInit(&AES_CRYP_IVInitStructure); + ivInit.CRYP_IV0Left = iv[0]; + ivInit.CRYP_IV0Right = iv[1]; + ivInit.CRYP_IV1Left = iv[2]; + ivInit.CRYP_IV1Right = iv[3]; + CRYP_IVInit(&ivInit); /* enable crypto processor */ CRYP_Cmd(ENABLE); @@ -3126,101 +2958,62 @@ int wc_AesSetIV(Aes* aes, const byte* iv) int ret = 0; #ifdef WOLFSSL_STM32_CUBEMX CRYP_HandleTypeDef hcryp; + #else + word32 *iv; + CRYP_InitTypeDef cryptInit; + CRYP_KeyInitTypeDef keyInit; + CRYP_IVInitTypeDef ivInit; + #endif - XMEMSET(&hcryp, 0, sizeof(CRYP_HandleTypeDef)); - switch (aes->rounds) { - case 10: /* 128-bit key */ - hcryp.Init.KeySize = CRYP_KEYSIZE_128B; - break; - #ifdef CRYP_KEYSIZE_192B - case 12: /* 192-bit key */ - hcryp.Init.KeySize = CRYP_KEYSIZE_192B; - break; - #endif - case 14: /* 256-bit key */ - hcryp.Init.KeySize = CRYP_KEYSIZE_256B; - break; - default: - break; - } - hcryp.Instance = CRYP; - hcryp.Init.DataType = CRYP_DATATYPE_8B; - hcryp.Init.pKey = (byte*)aes->key; + #ifdef WOLFSSL_STM32_CUBEMX + ret = wc_Stm32_Aes_Init(aes, &hcryp); + if (ret != 0) + return ret; + + #ifdef STM32_CRYPTO_AES_ONLY + hcryp.Init.OperatingMode = CRYP_ALGOMODE_ENCRYPT; + hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_CTR; + hcryp.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE; + #endif hcryp.Init.pInitVect = (byte*)aes->reg; - HAL_CRYP_Init(&hcryp); - if (HAL_CRYP_AESCTR_Encrypt(&hcryp, (byte*)in, AES_BLOCK_SIZE, out, - STM32_HAL_TIMEOUT) != HAL_OK) { - /* failed */ + #ifdef STM32_CRYPTO_AES_ONLY + ret = HAL_CRYPEx_AES(&hcryp, (byte*)in, AES_BLOCK_SIZE, + out, STM32_HAL_TIMEOUT); + #else + ret = HAL_CRYP_AESCTR_Encrypt(&hcryp, (byte*)in, AES_BLOCK_SIZE, + out, STM32_HAL_TIMEOUT); + #endif + if (ret != HAL_OK) { ret = WC_TIMEOUT_E; } - HAL_CRYP_DeInit(&hcryp); #else /* STD_PERI_LIB */ - word32 *enc_key, *iv; - CRYP_InitTypeDef AES_CRYP_InitStructure; - CRYP_KeyInitTypeDef AES_CRYP_KeyInitStructure; - CRYP_IVInitTypeDef AES_CRYP_IVInitStructure; - - enc_key = aes->key; - iv = aes->reg; - - /* crypto structure initialization */ - CRYP_KeyStructInit(&AES_CRYP_KeyInitStructure); - CRYP_StructInit(&AES_CRYP_InitStructure); - CRYP_IVStructInit(&AES_CRYP_IVInitStructure); + ret = wc_Stm32_Aes_Init(aes, &cryptInit, &keyInit); + if (ret != 0) + return ret; /* reset registers to their default values */ CRYP_DeInit(); - /* load key into correct registers */ - switch (aes->rounds) { - case 10: /* 128-bit key */ - AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_128b; - AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[0]; - AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[1]; - AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[2]; - AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[3]; - break; - case 12: /* 192-bit key */ - AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_192b; - AES_CRYP_KeyInitStructure.CRYP_Key1Left = enc_key[0]; - AES_CRYP_KeyInitStructure.CRYP_Key1Right = enc_key[1]; - AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[2]; - AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[3]; - AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[4]; - AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[5]; - break; - case 14: /* 256-bit key */ - AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_256b; - AES_CRYP_KeyInitStructure.CRYP_Key0Left = enc_key[0]; - AES_CRYP_KeyInitStructure.CRYP_Key0Right = enc_key[1]; - AES_CRYP_KeyInitStructure.CRYP_Key1Left = enc_key[2]; - AES_CRYP_KeyInitStructure.CRYP_Key1Right = enc_key[3]; - AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[4]; - AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[5]; - AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[6]; - AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[7]; - break; - default: - break; - } - CRYP_KeyInit(&AES_CRYP_KeyInitStructure); + /* set key */ + CRYP_KeyInit(&keyInit); /* set iv */ - AES_CRYP_IVInitStructure.CRYP_IV0Left = ByteReverseWord32(iv[0]); - AES_CRYP_IVInitStructure.CRYP_IV0Right = ByteReverseWord32(iv[1]); - AES_CRYP_IVInitStructure.CRYP_IV1Left = ByteReverseWord32(iv[2]); - AES_CRYP_IVInitStructure.CRYP_IV1Right = ByteReverseWord32(iv[3]); - CRYP_IVInit(&AES_CRYP_IVInitStructure); + iv = aes->reg; + CRYP_IVStructInit(&ivInit); + ivInit.CRYP_IV0Left = ByteReverseWord32(iv[0]); + ivInit.CRYP_IV0Right = ByteReverseWord32(iv[1]); + ivInit.CRYP_IV1Left = ByteReverseWord32(iv[2]); + ivInit.CRYP_IV1Right = ByteReverseWord32(iv[3]); + CRYP_IVInit(&ivInit); - /* set direction, mode, and datatype */ - AES_CRYP_InitStructure.CRYP_AlgoDir = CRYP_AlgoDir_Encrypt; - AES_CRYP_InitStructure.CRYP_AlgoMode = CRYP_AlgoMode_AES_CTR; - AES_CRYP_InitStructure.CRYP_DataType = CRYP_DataType_8b; - CRYP_Init(&AES_CRYP_InitStructure); + /* set direction and mode */ + cryptInit.CRYP_AlgoDir = CRYP_AlgoDir_Encrypt; + cryptInit.CRYP_AlgoMode = CRYP_AlgoMode_AES_CTR; + CRYP_Init(&cryptInit); /* enable crypto processor */ CRYP_Cmd(ENABLE); @@ -8311,11 +8104,11 @@ static WC_INLINE int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, int ret; word32 keySize; byte initialCounter[AES_BLOCK_SIZE]; - #ifdef WOLFSSL_STM32_CUBEMX - CRYP_HandleTypeDef hcryp; - #else - byte keyCopy[AES_BLOCK_SIZE * 2]; - #endif /* WOLFSSL_STM32_CUBEMX */ +#ifdef WOLFSSL_STM32_CUBEMX + CRYP_HandleTypeDef hcryp; +#else + byte keyCopy[AES_BLOCK_SIZE * 2]; +#endif int status = 0; byte* authInPadded = NULL; byte tag[AES_BLOCK_SIZE]; @@ -8346,30 +8139,15 @@ static WC_INLINE int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, #ifdef WOLFSSL_STM32_CUBEMX - XMEMSET(&hcryp, 0, sizeof(CRYP_HandleTypeDef)); - switch (keySize) { - case 16: /* 128-bit key */ - hcryp.Init.KeySize = CRYP_KEYSIZE_128B; - break; -#ifdef CRYP_KEYSIZE_192B - case 24: /* 192-bit key */ - hcryp.Init.KeySize = CRYP_KEYSIZE_192B; - break; -#endif - case 32: /* 256-bit key */ - hcryp.Init.KeySize = CRYP_KEYSIZE_256B; - break; - default: - break; - } - hcryp.Instance = CRYP; - hcryp.Init.DataType = CRYP_DATATYPE_8B; - hcryp.Init.pKey = (byte*)aes->key; + ret = wc_Stm32_Aes_Init(aes, &hcryp); + if (ret != 0) + return ret; + hcryp.Init.pInitVect = initialCounter; hcryp.Init.Header = authInPadded; hcryp.Init.HeaderSize = authInSz; -#ifdef WOLFSSL_STM32L4 +#ifdef STM32_CRYPTO_AES_ONLY /* Set the CRYP parameters */ hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_GCM_GMAC; hcryp.Init.OperatingMode = CRYP_ALGOMODE_ENCRYPT; @@ -8407,7 +8185,8 @@ static WC_INLINE int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, if (status != HAL_OK) ret = AES_GCM_AUTH_E; HAL_CRYP_DeInit(&hcryp); -#else + +#else /* STD_PERI_LIB */ ByteReverseWords((word32*)keyCopy, (word32*)aes->key, keySize); status = CRYP_AES_GCM(MODE_ENCRYPT, (uint8_t*)initialCounter, (uint8_t*)keyCopy, keySize * 8, @@ -8645,8 +8424,11 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, status_t status; /* argument checks */ - if (aes == NULL || out == NULL || in == NULL || iv == NULL || - authTag == NULL || authTagSz > AES_BLOCK_SIZE) { + /* If the sz is non-zero, both in and out must be set. If sz is 0, + * in and out are don't cares, as this is is the GMAC case. */ + if (aes == NULL || iv == NULL || (sz != 0 && (in == NULL || out == NULL)) || + authTag == NULL || authTagSz > AES_BLOCK_SIZE || authTagSz == 0) { + return BAD_FUNC_ARG; } @@ -8660,21 +8442,24 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, return (status == kStatus_Success) ? 0 : AES_GCM_AUTH_E; } -#elif defined(STM32_CRYPTO) && (defined(WOLFSSL_STM32F4) || \ - defined(WOLFSSL_STM32F7) || \ - defined(WOLFSSL_STM32L4)) -int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, - const byte* iv, word32 ivSz, - const byte* authTag, word32 authTagSz, - const byte* authIn, word32 authInSz) + +#else + +#if defined(STM32_CRYPTO) && (defined(WOLFSSL_STM32F4) || \ + defined(WOLFSSL_STM32F7) || \ + defined(WOLFSSL_STM32L4)) +static WC_INLINE int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, + const byte* in, word32 sz, + const byte* iv, word32 ivSz, + const byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz) { int ret; - word32 keySize; - #ifdef WOLFSSL_STM32_CUBEMX - CRYP_HandleTypeDef hcryp; - #else - byte keyCopy[AES_BLOCK_SIZE * 2]; - #endif /* WOLFSSL_STM32_CUBEMX */ +#ifdef WOLFSSL_STM32_CUBEMX + CRYP_HandleTypeDef hcryp; +#else + byte keyCopy[AES_BLOCK_SIZE * 2]; +#endif int status; int inPadSz, authPadSz; byte tag[AES_BLOCK_SIZE]; @@ -8682,22 +8467,6 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, byte *authInPadded = NULL; byte initialCounter[AES_BLOCK_SIZE]; - /* argument checks */ - if (aes == NULL || out == NULL || in == NULL || iv == NULL || - authTag == NULL || authTagSz > AES_BLOCK_SIZE) { - return BAD_FUNC_ARG; - } - - ret = wc_AesGetKeySize(aes, &keySize); - if (ret != 0) { - return ret; - } - - /* additional argument checks - STM32 HW only supports 12 byte IV */ - if (ivSz != GCM_NONCE_MID_SZ) { - return BAD_FUNC_ARG; - } - XMEMSET(initialCounter, 0, AES_BLOCK_SIZE); XMEMCPY(initialCounter, iv, ivSz); initialCounter[AES_BLOCK_SIZE - 1] = STM32_GCM_IV_START; @@ -8736,30 +8505,15 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, } #ifdef WOLFSSL_STM32_CUBEMX - XMEMSET(&hcryp, 0, sizeof(CRYP_HandleTypeDef)); - switch(keySize) { - case 16: /* 128-bit key */ - hcryp.Init.KeySize = CRYP_KEYSIZE_128B; - break; -#ifdef CRYP_KEYSIZE_192B - case 24: /* 192-bit key */ - hcryp.Init.KeySize = CRYP_KEYSIZE_192B; - break; -#endif - case 32: /* 256-bit key */ - hcryp.Init.KeySize = CRYP_KEYSIZE_256B; - break; - default: - break; - } - hcryp.Instance = CRYP; - hcryp.Init.DataType = CRYP_DATATYPE_8B; - hcryp.Init.pKey = (byte*)aes->key; + ret = wc_Stm32_Aes_Init(aes, &hcryp); + if (ret != 0) + return ret; + hcryp.Init.pInitVect = initialCounter; hcryp.Init.Header = authInPadded; hcryp.Init.HeaderSize = authInSz; -#ifdef WOLFSSL_STM32L4 +#ifdef STM32_CRYPTO_AES_ONLY /* Set the CRYP parameters */ hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_GCM_GMAC; hcryp.Init.OperatingMode = CRYP_ALGOMODE_DECRYPT; @@ -8801,8 +8555,9 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, ret = AES_GCM_AUTH_E; HAL_CRYP_DeInit(&hcryp); -#else - ByteReverseWords((word32*)keyCopy, (word32*)aes->key, keySize); + +#else /* STD_PERI_LIB */ + ByteReverseWords((word32*)keyCopy, (word32*)aes->key, aes->keylen); /* Input size and auth size need to be the actual sizes, even though * they are not block aligned, because this length (in bits) is used @@ -8817,10 +8572,12 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, ret = AES_GCM_AUTH_E; #endif /* WOLFSSL_STM32_CUBEMX */ - if (ret == 0 && ConstantCompare(authTag, tag, authTagSz) == 0) { - /* Only keep the decrypted data if authTag success. */ + if (ConstantCompare(authTag, tag, authTagSz) != 0) { + ret = AES_GCM_AUTH_E; + } + if (ret == 0) { + /* Only return the decrypted data if authTag success. */ XMEMCPY(out, inPadded, sz); - ret = 0; /* success */ } /* only allocate padding buffers if the inputs are not a multiple of block sz */ @@ -8831,7 +8588,8 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, return ret; } -#else +#endif /* STM32 */ + #ifdef WOLFSSL_AESNI int AES_GCM_decrypt_C(Aes* aes, byte* out, const byte* in, word32 sz, const byte* iv, word32 ivSz, @@ -8949,6 +8707,30 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, return BAD_FUNC_ARG; } +#if defined(STM32_CRYPTO) && (defined(WOLFSSL_STM32F4) || \ + defined(WOLFSSL_STM32F7) || \ + defined(WOLFSSL_STM32L4)) + + /* additional argument checks - STM32 HW only supports 12 byte IV */ + if (ivSz != GCM_NONCE_MID_SZ) { + return BAD_FUNC_ARG; + } + + /* STM32 HW AES-GCM requires / assumes inputs are a multiple of block size. + * We can avoid this by zero padding (authIn) AAD, but zero-padded plaintext + * will be encrypted and output incorrectly, causing a bad authTag. + * We will use HW accelerated AES-GCM if plain%AES_BLOCK_SZ==0. + * Otherwise, we will use accelerated AES_CTR for encrypt, and then + * perform GHASH in software. + * See NIST SP 800-38D */ + + /* Plain text is a multiple of block size, so use HW-Accelerated AES_GCM */ + if (sz % AES_BLOCK_SIZE == 0) { + return wc_AesGcmDecrypt_STM32(aes, out, in, sz, iv, ivSz, + authTag, authTagSz, authIn, authInSz); + } +#endif + #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES) /* if async and byte count above threshold */ /* only 12-byte IV is supported in HW */ @@ -9024,7 +8806,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, } #endif #endif /* HAVE_AES_DECRYPT || HAVE_AESGCM_DECRYPT */ -#endif /* (WOLFSSL_XILINX_CRYPT) */ +#endif /* WOLFSSL_XILINX_CRYPT */ #endif /* end of block for AESGCM implementation selection */ @@ -9632,21 +9414,21 @@ int wc_AesGetKeySize(Aes* aes, word32* keySize) } switch (aes->rounds) { - #ifdef WOLFSSL_AES_128 +#ifdef WOLFSSL_AES_128 case 10: *keySize = 16; break; - #endif - #ifdef WOLFSSL_AES_192 +#endif +#ifdef WOLFSSL_AES_192 case 12: *keySize = 24; break; - #endif - #ifdef WOLFSSL_AES_256 +#endif +#ifdef WOLFSSL_AES_256 case 14: *keySize = 32; break; - #endif +#endif default: *keySize = 0; ret = BAD_FUNC_ARG; diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index dbd686475..46120961a 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -3915,7 +3915,7 @@ int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id) } #endif } -#endif /* WOLFSSL_ASYNC_CRYPT */ +#endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_ECC */ #ifdef WOLFSSL_ATECC508A key->type = ECC_PRIVATEKEY; @@ -3942,11 +3942,12 @@ int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id) } else #endif -#endif +#endif /* WOLFSSL_HAVE_SP_ECC */ + + { /* software key gen */ #ifdef WOLFSSL_SP_MATH err = WC_KEY_SIZE_E; #else - { ALLOC_CURVE_SPECS(ECC_CURVE_FIELD_COUNT); /* setup the key variables */ @@ -3978,8 +3979,8 @@ int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id) #ifndef WOLFSSL_ATECC508A FREE_CURVE_SPECS(); #endif +#endif /* WOLFSSL_SP_MATH */ } -#endif #endif /* WOLFSSL_ATECC508A */ @@ -5168,6 +5169,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, word32 hashlen, int* res, ecc_key* key) { int err; + word32 keySz; #ifdef WOLFSSL_ATECC508A byte sigRS[ATECC_KEY_SIZE*2]; #elif !defined(WOLFSSL_SP_MATH) @@ -5205,6 +5207,8 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, return ECC_BAD_ARG_E; } + keySz = key->dp->size; + #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) && \ defined(WOLFSSL_ASYNC_CRYPT_TEST) if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) { @@ -5227,7 +5231,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, if (err != MP_OKAY) { return err; } - err = mp_to_unsigned_bin(s, &sigRS[ATECC_KEY_SIZE]); + err = mp_to_unsigned_bin(s, &sigRS[keySz]); if (err != MP_OKAY) { return err; } @@ -5330,8 +5334,6 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, if (NitroxEccIsCurveSupported(key)) #endif { - word32 keySz = key->dp->size; - err = wc_mp_to_bigint_sz(e, &e->raw, keySz); if (err == MP_OKAY) err = wc_mp_to_bigint_sz(key->pubkey.x, &key->pubkey.x->raw, keySz); @@ -5438,7 +5440,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, #else #ifndef ECC_SHAMIR { - mp_digit mp = 0; + mp_digit mp = 0; /* compute u1*mG + u2*mQ = mG */ if (err == MP_OKAY) { @@ -5464,7 +5466,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, err = ecc_map(mG, curve->prime, mp); } #else - /* use Shamir's trick to compute u1*mG + u2*mQ using half the doubles */ + /* use Shamir's trick to compute u1*mG + u2*mQ using half the doubles */ if (err == MP_OKAY) { err = ecc_mul2add(mG, u1, mQ, u2, mG, curve->Af, curve->prime, key->heap); @@ -5508,6 +5510,9 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, #endif /* WOLFSSL_SP_MATH */ #endif /* WOLFSSL_ATECC508A */ + (void)keySz; + (void)hashlen; + return err; } #endif /* HAVE_ECC_VERIFY */ diff --git a/wolfcrypt/src/include.am b/wolfcrypt/src/include.am index cf181f82f..c10257c36 100644 --- a/wolfcrypt/src/include.am +++ b/wolfcrypt/src/include.am @@ -61,7 +61,8 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \ wolfcrypt/src/port/caam/caam_init.c \ wolfcrypt/src/port/caam/caam_sha.c \ wolfcrypt/src/port/caam/caam_doc.pdf \ - wolfcrypt/src/port/st/stm32.c + wolfcrypt/src/port/st/stm32.c \ + wolfcrypt/src/port/st/stsafe.c if BUILD_CRYPTODEV src_libwolfssl_la_SOURCES += wolfcrypt/src/cryptodev.c diff --git a/wolfcrypt/src/port/st/stm32.c b/wolfcrypt/src/port/st/stm32.c index f66d5aa52..7393e2a88 100644 --- a/wolfcrypt/src/port/st/stm32.c +++ b/wolfcrypt/src/port/st/stm32.c @@ -1,6 +1,6 @@ /* stm32.c * - * Copyright (C) 2006-2017 wolfSSL Inc. + * Copyright (C) 2006-2018 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -39,6 +39,11 @@ #include #endif +#ifndef NO_AES + #include +#endif + + #ifdef STM32_HASH #ifdef WOLFSSL_STM32L4 @@ -253,3 +258,105 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo, } #endif /* STM32_HASH */ + + +#ifdef STM32_CRYPTO + +#ifndef NO_AES +#if defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AESGCM) || defined(HAVE_AESCCM) +#ifdef WOLFSSL_STM32_CUBEMX +int wc_Stm32_Aes_Init(Aes* aes, CRYP_HandleTypeDef* hcryp) +{ + int ret; + word32 keySize; + + ret = wc_AesGetKeySize(aes, &keySize); + if (ret != 0) + return ret; + + XMEMSET(hcryp, 0, sizeof(CRYP_HandleTypeDef)); + switch (keySize) { + case 16: /* 128-bit key */ + hcryp->Init.KeySize = CRYP_KEYSIZE_128B; + break; + #ifdef CRYP_KEYSIZE_192B + case 24: /* 192-bit key */ + hcryp->Init.KeySize = CRYP_KEYSIZE_192B; + break; + #endif + case 32: /* 256-bit key */ + hcryp->Init.KeySize = CRYP_KEYSIZE_256B; + break; + default: + break; + } + hcryp->Instance = CRYP; + hcryp->Init.DataType = CRYP_DATATYPE_8B; + hcryp->Init.pKey = (uint8_t*)aes->key; + + return 0; +} + +#else /* STD_PERI_LIB */ + +int wc_Stm32_Aes_Init(Aes* aes, CRYP_InitTypeDef* cryptInit, + CRYP_KeyInitTypeDef* keyInit) +{ + int ret; + word32 keySize; + word32* aes_key; + + ret = wc_AesGetKeySize(aes, &keySize); + if (ret != 0) + return ret; + + aes_key = aes->key; + + /* crypto structure initialization */ + CRYP_KeyStructInit(keyInit); + CRYP_StructInit(cryptInit); + + /* load key into correct registers */ + switch (keySize) { + case 16: /* 128-bit key */ + cryptInit->CRYP_KeySize = CRYP_KeySize_128b; + keyInit->CRYP_Key2Left = aes_key[0]; + keyInit->CRYP_Key2Right = aes_key[1]; + keyInit->CRYP_Key3Left = aes_key[2]; + keyInit->CRYP_Key3Right = aes_key[3]; + break; + + case 24: /* 192-bit key */ + cryptInit->CRYP_KeySize = CRYP_KeySize_192b; + keyInit->CRYP_Key1Left = aes_key[0]; + keyInit->CRYP_Key1Right = aes_key[1]; + keyInit->CRYP_Key2Left = aes_key[2]; + keyInit->CRYP_Key2Right = aes_key[3]; + keyInit->CRYP_Key3Left = aes_key[4]; + keyInit->CRYP_Key3Right = aes_key[5]; + break; + + case 32: /* 256-bit key */ + cryptInit->CRYP_KeySize = CRYP_KeySize_256b; + keyInit->CRYP_Key0Left = aes_key[0]; + keyInit->CRYP_Key0Right = aes_key[1]; + keyInit->CRYP_Key1Left = aes_key[2]; + keyInit->CRYP_Key1Right = aes_key[3]; + keyInit->CRYP_Key2Left = aes_key[4]; + keyInit->CRYP_Key2Right = aes_key[5]; + keyInit->CRYP_Key3Left = aes_key[6]; + keyInit->CRYP_Key3Right = aes_key[7]; + break; + + default: + break; + } + cryptInit->CRYP_DataType = CRYP_DataType_8b; + + return 0; +} +#endif /* WOLFSSL_STM32_CUBEMX */ +#endif /* WOLFSSL_AES_DIRECT || HAVE_AESGCM || HAVE_AESCCM */ +#endif /* !NO_AES */ + +#endif /* STM32_CRYPTO */ diff --git a/wolfcrypt/src/port/st/stsafe.c b/wolfcrypt/src/port/st/stsafe.c new file mode 100644 index 000000000..97378fba3 --- /dev/null +++ b/wolfcrypt/src/port/st/stsafe.c @@ -0,0 +1,272 @@ +/* stsafe.c + * + * Copyright (C) 2006-2018 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include +#include + +#ifdef WOLFSSL_STSAFEA100 + +int SSL_STSAFE_LoadDeviceCertificate(byte** pRawCertificate, + word32* pRawCertificateLen) +{ + int err; + + if (pRawCertificate == NULL || pRawCertificateLen == NULL) { + return BAD_FUNC_ARG; + } + +#ifdef USE_STSAFE_VERBOSE + WOLFSSL_MSG("SSL_STSAFE_LoadDeviceCertificate"); +#endif + + /* Try reading device certificate from ST-SAFE Zone 0 */ + err = stsafe_interface_read_device_certificate_raw( + pRawCertificate, pRawCertificateLen); + if (err == 0) { + #if 0 + /* example for loading into WOLFSSL_CTX */ + err = wolfSSL_CTX_use_certificate_buffer(ctx, + *pRawCertificate, *pRawCertificateLen, SSL_FILETYPE_ASN1); + if (err != WOLFSSL_SUCCESS) { + /* failed */ + } + /* can free now */ + XFREE(*pRawCertificate, NULL, DYNAMIC_TEMP_BUFFER); + *pRawCertificate = NULL; + #endif + } + + return err; +} + +#ifdef HAVE_PK_CALLBACKS +/** + * \brief Verify Peer Cert Callback. + */ +int SSL_STSAFE_VerifyPeerCertCb(WOLFSSL* ssl, + const unsigned char* sig, unsigned int sigSz, + const unsigned char* hash, unsigned int hashSz, + const unsigned char* keyDer, unsigned int keySz, + int* result, void* ctx) +{ + int err; + byte sigRS[STSAFE_MAX_SIG_LEN]; + byte *r, *s; + word32 r_len = STSAFE_MAX_SIG_LEN/2, s_len = STSAFE_MAX_SIG_LEN/2; + byte pubKeyX[STSAFE_MAX_PUBKEY_RAW_LEN/2]; + byte pubKeyY[STSAFE_MAX_PUBKEY_RAW_LEN/2]; + word32 pubKeyX_len = sizeof(pubKeyX); + word32 pubKeyY_len = sizeof(pubKeyY); + ecc_key key; + word32 inOutIdx = 0; + StSafeA_CurveId curve_id; + int ecc_curve; + + (void)ssl; + (void)ctx; + +#ifdef USE_STSAFE_VERBOSE + WOLFSSL_MSG("VerifyPeerCertCB: STSAFE"); +#endif + + err = wc_ecc_init(&key); + if (err != 0) { + return err; + } + + /* Decode the public key */ + err = wc_EccPublicKeyDecode(keyDer, &inOutIdx, &key, keySz); + if (err == 0) { + /* Extract Raw X and Y coordinates of the public key */ + err = wc_ecc_export_public_raw(&key, pubKeyX, &pubKeyX_len, + pubKeyY, &pubKeyY_len); + } + if (err == 0) { + int key_sz; + + /* determine curve */ + ecc_curve = key.dp->id; + curve_id = stsafe_get_ecc_curve_id(ecc_curve); + key_sz = stsafe_get_key_size(curve_id); + + /* Extract R and S from signature */ + XMEMSET(sigRS, 0, sizeof(sigRS)); + r = &sigRS[0]; + s = &sigRS[key_sz]; + err = wc_ecc_sig_to_rs(sig, sigSz, r, &r_len, s, &s_len); + (void)r_len; + (void)s_len; + } + + if (err == 0) { + /* Verify signature */ + err = stsafe_interface_verify(curve_id, (uint8_t*)hash, sigRS, + pubKeyX, pubKeyY, result); + } + + wc_ecc_free(&key); + return err; +} + +/** + * \brief Sign Certificate Callback. + */ +int SSL_STSAFE_SignCertificateCb(WOLFSSL* ssl, const byte* in, + word32 inSz, byte* out, word32* outSz, + const byte* key, word32 keySz, void* ctx) +{ + int err; + byte digest[STSAFE_MAX_KEY_LEN]; + byte sigRS[STSAFE_MAX_SIG_LEN]; + byte *r, *s; + StSafeA_CurveId curve_id; + int key_sz; + + (void)ssl; + (void)ctx; + +#ifdef USE_STSAFE_VERBOSE + WOLFSSL_MSG("SignCertificateCb: STSAFE"); +#endif + + curve_id = stsafe_get_curve_mode(); + key_sz = stsafe_get_key_size(curve_id); + + /* Build input digest */ + if (inSz > key_sz) + inSz = key_sz; + XMEMSET(&digest[0], 0, sizeof(digest)); + XMEMCPY(&digest[key_sz - inSz], in, inSz); + + /* Sign using slot 0: Result is R then S */ + /* Sign will always use the curve type in slot 0 (the TLS curve needs to match) */ + XMEMSET(sigRS, 0, sizeof(sigRS)); + err = stsafe_interface_sign(STSAFE_A_SLOT_0, curve_id, digest, sigRS); + if (err != 0) { + return err; + } + + /* Convert R and S to signature */ + r = &sigRS[0]; + s = &sigRS[key_sz]; + err = wc_ecc_rs_raw_to_sig((const byte*)r, key_sz, (const byte*)s, key_sz, + out, outSz); + if (err !=0) { + #ifdef USE_STSAFE_VERBOSE + WOLFSSL_MSG("Error converting RS to Signature"); + #endif + } + + return err; +} + + +/** + * \brief Create pre master secret using peer's public key and self private key. + */ +int SSL_STSAFE_SharedSecretCb(WOLFSSL* ssl, ecc_key* otherKey, + unsigned char* pubKeyDer, unsigned int* pubKeySz, + unsigned char* out, unsigned int* outlen, + int side, void* ctx) +{ + int err; + byte otherKeyX[STSAFE_MAX_KEY_LEN]; + byte otherKeyY[STSAFE_MAX_KEY_LEN]; + word32 otherKeyX_len = sizeof(otherKeyX); + word32 otherKeyY_len = sizeof(otherKeyY); + byte pubKeyRaw[STSAFE_MAX_PUBKEY_RAW_LEN]; + StSafeA_KeySlotNumber slot; + StSafeA_CurveId curve_id; + ecc_key tmpKey; + int ecc_curve; + int key_sz; + + (void)ssl; + (void)ctx; + +#ifdef USE_STSAFE_VERBOSE + WOLFSSL_MSG("SharedSecretCb: STSAFE"); +#endif + + err = wc_ecc_init(&tmpKey); + if (err != 0) { + return err; + } + + /* set curve */ + ecc_curve = otherKey->dp->id; + curve_id = stsafe_get_ecc_curve_id(ecc_curve); + key_sz = stsafe_get_key_size(curve_id); + + /* for client: create and export public key */ + if (side == WOLFSSL_CLIENT_END) { + /* Export otherKey raw X and Y */ + err = wc_ecc_export_public_raw(otherKey, + &otherKeyX[0], (word32*)&otherKeyX_len, + &otherKeyY[0], (word32*)&otherKeyY_len); + if (err != 0) { + return err; + } + + err = stsafe_interface_create_key(&slot, curve_id, (uint8_t*)&pubKeyRaw[0]); + if (err != 0) { + return err; + } + + /* convert raw unsigned public key to X.963 format for TLS */ + err = wc_ecc_init(&tmpKey); + if (err == 0) { + err = wc_ecc_import_unsigned(&tmpKey, &pubKeyRaw[0], &pubKeyRaw[key_sz], + NULL, ecc_curve); + if (err == 0) { + err = wc_ecc_export_x963(&tmpKey, pubKeyDer, pubKeySz); + } + wc_ecc_free(&tmpKey); + } + } + /* for server: import public key */ + else if (side == WOLFSSL_SERVER_END) { + /* import peer's key and export as raw unsigned for hardware */ + err = wc_ecc_import_x963_ex(pubKeyDer, *pubKeySz, &tmpKey, ecc_curve); + if (err == 0) { + err = wc_ecc_export_public_raw(&tmpKey, otherKeyX, &otherKeyX_len, + otherKeyY, &otherKeyY_len); + } + } + else { + err = BAD_FUNC_ARG; + } + + wc_ecc_free(&tmpKey); + + if (err != 0) { + return err; + } + + /* Compute shared secret */ + err = stsafe_interface_shared_secret(curve_id, &otherKeyX[0], &otherKeyY[0], + out, (int32_t*)outlen); + + return err; +} +#endif /* HAVE_PK_CALLBACKS */ + +#endif /* WOLFSSL_STSAFEA100 */ diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 90641bf96..b31f1c1a7 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -50,6 +50,10 @@ #include #endif +#if defined(WOLFSSL_STSAFEA100) + #include +#endif + #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) #include #endif @@ -141,6 +145,10 @@ int wolfCrypt_Init(void) atmel_init(); #endif + #if defined(WOLFSSL_STSAFEA100) + stsafe_interface_init(); + #endif + #ifdef WOLFSSL_ARMASM WOLFSSL_MSG("Using ARM hardware acceleration"); #endif diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index b911dad6c..941bec873 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -434,7 +434,8 @@ int wolfcrypt_test(void* args) { int ret; - ((func_args*)args)->return_code = -1; /* error state */ + if (args) + ((func_args*)args)->return_code = -1; /* error state */ #ifdef WOLFSSL_STATIC_MEMORY if (wc_LoadStaticMemory(&HEAP_HINT, gTestMemory, sizeof(gTestMemory), @@ -1003,7 +1004,8 @@ initDefaultName(); wc_ecc_fp_free(); #endif - ((func_args*)args)->return_code = ret; + if (args) + ((func_args*)args)->return_code = ret; EXIT_TEST(ret); } @@ -6801,7 +6803,7 @@ int aesgcm_test(void) } #endif - /* Variable authenticed data length test */ + /* Variable authenticated data length test */ for (alen=0; alen<(int)sizeof(p); alen++) { /* AES-GCM encrypt and decrypt both use AES encrypt internally */ result = wc_AesGcmEncrypt(&enc, resultC, p, sizeof(p), iv1, @@ -16623,8 +16625,12 @@ int ecc_test_buffers(void) { int verify = 0; word32 x; - XMEMSET(&cliKey, 0, sizeof(ecc_key)); - XMEMSET(&servKey, 0, sizeof(ecc_key)); + ret = wc_ecc_init_ex(&cliKey, HEAP_HINT, devId); + if (ret != 0) + return -8721; + ret = wc_ecc_init_ex(&servKey, HEAP_HINT, devId); + if (ret != 0) + return -8722; bytes = (size_t)sizeof_ecc_clikey_der_256; /* place client key into ecc_key struct cliKey */ diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index 2d78aa53e..35b30d57b 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -48,6 +48,12 @@ #endif #endif +#ifndef WC_NO_RNG + #include +#endif +#ifdef STM32_CRYPTO + #include +#endif #ifdef WOLFSSL_AESNI diff --git a/wolfssl/wolfcrypt/include.am b/wolfssl/wolfcrypt/include.am index a912e2e4b..f8210801f 100644 --- a/wolfssl/wolfcrypt/include.am +++ b/wolfssl/wolfcrypt/include.am @@ -76,7 +76,8 @@ noinst_HEADERS+= \ wolfssl/wolfcrypt/port/caam/caam_driver.h \ wolfssl/wolfcrypt/port/caam/wolfcaam.h \ wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h \ - wolfssl/wolfcrypt/port/st/stm32.h + wolfssl/wolfcrypt/port/st/stm32.h \ + wolfssl/wolfcrypt/port/st/stsafe.h if BUILD_ASYNCCRYPT nobase_include_HEADERS+= wolfssl/wolfcrypt/async.h diff --git a/wolfssl/wolfcrypt/port/st/stm32.h b/wolfssl/wolfcrypt/port/st/stm32.h index 40629aaf6..a35ef2590 100644 --- a/wolfssl/wolfcrypt/port/st/stm32.h +++ b/wolfssl/wolfcrypt/port/st/stm32.h @@ -1,6 +1,6 @@ /* stm32.h * - * Copyright (C) 2006-2017 wolfSSL Inc. + * Copyright (C) 2006-2018 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -22,15 +22,16 @@ #ifndef _WOLFPORT_STM32_H_ #define _WOLFPORT_STM32_H_ -#ifdef STM32_HASH - -#define WOLFSSL_NO_HASH_RAW - -/* Generic STM32 Hashing Function */ +/* Generic STM32 Hashing and Crypto Functions */ /* Supports CubeMX HAL or Standard Peripheral Library */ #include + +#ifdef STM32_HASH + +#define WOLFSSL_NO_HASH_RAW + #ifdef HASH_DIGEST /* The HASH_DIGEST register indicates SHA224/SHA256 support */ #define STM32_HASH_SHA2 @@ -82,4 +83,30 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo, #endif /* STM32_HASH */ + +#ifdef STM32_CRYPTO + +#ifndef NO_AES + #ifdef WOLFSSL_STM32L4 + #define STM32_CRYPTO_AES_ONLY /* crypto engine only supports AES */ + #define CRYP AES + #endif + + /* CRYPT_AES_GCM starts the IV with 2 */ + #define STM32_GCM_IV_START 2 + + #if defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AESGCM) || defined(HAVE_AESCCM) + struct Aes; + #ifdef WOLFSSL_STM32_CUBEMX + int wc_Stm32_Aes_Init(struct Aes* aes, CRYP_HandleTypeDef* hcryp); + #else /* STD_PERI_LIB */ + int wc_Stm32_Aes_Init(struct Aes* aes, CRYP_InitTypeDef* cryptInit, + CRYP_KeyInitTypeDef* keyInit); + #endif /* WOLFSSL_STM32_CUBEMX */ + #endif /* WOLFSSL_AES_DIRECT || HAVE_AESGCM || HAVE_AESCCM */ +#endif /* !NO_AES */ + +#endif /* STM32_CRYPTO */ + + #endif /* _WOLFPORT_STM32_H_ */ diff --git a/wolfssl/wolfcrypt/port/st/stsafe.h b/wolfssl/wolfcrypt/port/st/stsafe.h new file mode 100644 index 000000000..152f864ab --- /dev/null +++ b/wolfssl/wolfcrypt/port/st/stsafe.h @@ -0,0 +1,66 @@ +/* stsafe.h + * + * Copyright (C) 2006-2018 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef _WOLFPORT_STSAFE_H_ +#define _WOLFPORT_STSAFE_H_ + +#include +#include +#include +#include + +#ifdef WOLFSSL_STSAFEA100 + +#include "stsafe_interface.h" + +#ifndef STSAFE_MAX_KEY_LEN + #define STSAFE_MAX_KEY_LEN ((uint32_t)48) /* for up to 384-bit keys */ +#endif +#ifndef STSAFE_MAX_PUBKEY_RAW_LEN + #define STSAFE_MAX_PUBKEY_RAW_LEN ((uint32_t)STSAFE_MAX_KEY_LEN * 2) /* x/y */ +#endif +#ifndef STSAFE_MAX_SIG_LEN + #define STSAFE_MAX_SIG_LEN ((uint32_t)STSAFE_MAX_KEY_LEN * 2) /* r/s */ +#endif + +WOLFSSL_API int SSL_STSAFE_LoadDeviceCertificate(byte** pRawCertificate, + word32* pRawCertificateLen); + +#ifdef HAVE_PK_CALLBACKS +WOLFSSL_API int SSL_STSAFE_VerifyPeerCertCb(WOLFSSL* ssl, + const unsigned char* sig, unsigned int sigSz, + const unsigned char* hash, unsigned int hashSz, + const unsigned char* keyDer, unsigned int keySz, + int* result, void* ctx); +WOLFSSL_API int SSL_STSAFE_SignCertificateCb(WOLFSSL* ssl, + const byte* in, word32 inSz, + byte* out, word32* outSz, + const byte* key, word32 keySz, void* ctx); +WOLFSSL_API int SSL_STSAFE_SharedSecretCb(WOLFSSL* ssl, + ecc_key* otherKey, + unsigned char* pubKeyDer, unsigned int* pubKeySz, + unsigned char* out, unsigned int* outlen, + int side, void* ctx); +#endif + +#endif /* WOLFSSL_STSAFEA100 */ + +#endif /* _WOLFPORT_STSAFE_H_ */ diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 9a6733ca7..cc8f6316f 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -98,6 +98,9 @@ /* Uncomment next line if using STM32F4 */ /* #define WOLFSSL_STM32F4 */ +/* Uncomment next line if using STM32FL */ +/* #define WOLFSSL_STM32FL */ + /* Uncomment next line if using STM32F7 */ /* #define WOLFSSL_STM32F7 */ @@ -1053,6 +1056,10 @@ extern void uITRON4_free(void *p) ; #ifndef NO_STM32_CRYPTO #undef STM32_CRYPTO #define STM32_CRYPTO + + #ifdef WOLFSSL_STM32L4 + #define NO_AES_192 /* hardware does not support 192-bit */ + #endif #endif #ifndef NO_STM32_HASH #undef STM32_HASH @@ -1109,7 +1116,7 @@ extern void uITRON4_free(void *p) ; #include "stm32f1xx.h" #endif #endif /* WOLFSSL_STM32_CUBEMX */ -#endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32F7 */ +#endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32L4 || WOLFSSL_STM32F7 */ #ifdef MICRIUM #include