Cyclic0007/wolfssl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SAES does not have GCM support, added IV option for CBC wrapping of key

Browse Source
This commit is contained in:
JacobBarthelmeh
2025-08-21 09:26:40 -06:00
parent 658c3d69fb
commit 42c5324962
4 changed files with 44 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
wolfcrypt/src/aes.c
View File

@@ -160,7 +160,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
CRYP_ConfigTypeDef Config = {0};
ret = wc_Stm32_Aes_UnWrap(aes, &hcryp, (const byte*)aes->key,
aes->keylen, NULL);
aes->keylen, aes->dhukIV, aes->dhukIVLen);
if (ret != HAL_OK) {
WOLFSSL_MSG("Error with DHUK key unwrap");
ret = BAD_FUNC_ARG;
@@ -175,7 +175,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
HAL_CRYP_SetConfig(&hcryp, &Config);
}
else {
ret = wc_Stm32_Aes_Init(aes, &hcryp);
ret = wc_Stm32_Aes_Init(aes, &hcryp, 1);
if (ret == 0) {
hcryp.Init.Algorithm = CRYP_AES_ECB;
ret = HAL_CRYP_Init(&hcryp);
@@ -194,7 +194,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
}
HAL_CRYP_DeInit(&hcryp);
#elif defined(WOLFSSL_STM32_CUBEMX)
ret = wc_Stm32_Aes_Init(aes, &hcryp);
ret = wc_Stm32_Aes_Init(aes, &hcryp, 0);
if (ret != 0)
return ret;
@@ -309,7 +309,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
XMEMSET(&Config, 0, sizeof(Config));
ret = wc_Stm32_Aes_UnWrap(aes, &hcryp, (const byte*)aes->key,
aes->keylen, NULL);
aes->keylen, aes->dhukIV, aes->dhukIVLen);
if (ret != HAL_OK) {
WOLFSSL_MSG("Error with DHUK unwrap");
ret = BAD_FUNC_ARG;
@@ -324,7 +324,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
HAL_CRYP_SetConfig(&hcryp, &Config);
}
else {
ret = wc_Stm32_Aes_Init(aes, &hcryp);
ret = wc_Stm32_Aes_Init(aes, &hcryp, 1);
if (ret == 0) {
hcryp.Init.Algorithm = CRYP_AES_ECB;
ret = HAL_CRYP_Init(&hcryp);
@@ -343,7 +343,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
}
HAL_CRYP_DeInit(&hcryp);
#elif defined(WOLFSSL_STM32_CUBEMX)
ret = wc_Stm32_Aes_Init(aes, &hcryp);
ret = wc_Stm32_Aes_Init(aes, &hcryp, 0);
if (ret != 0)
return ret;
@@ -5078,7 +5078,8 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
CRYP_ConfigTypeDef Config;
XMEMSET(&Config, 0, sizeof(Config));
ret = wc_Stm32_Aes_UnWrap(aes, &hcryp, (const byte*)aes->key, aes->keylen, NULL);
ret = wc_Stm32_Aes_UnWrap(aes, &hcryp, (const byte*)aes->key, aes->keylen,
(const byte*)aes->dhukIV, aes->dhukIVLen);
/* reconfigure for using unwrapped key now */
HAL_CRYP_GetConfig(&hcryp, &Config);
@@ -5090,7 +5091,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
HAL_CRYP_SetConfig(&hcryp, &Config);
}
else {
ret = wc_Stm32_Aes_Init(aes, &hcryp);
ret = wc_Stm32_Aes_Init(aes, &hcryp, 1);
if (ret != 0) {
wolfSSL_CryptHwMutexUnLock();
return ret;
@@ -5143,7 +5144,8 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
CRYP_ConfigTypeDef Config;
XMEMSET(&Config, 0, sizeof(Config));
ret = wc_Stm32_Aes_UnWrap(aes, &hcryp, (const byte*)aes->key, aes->keylen, NULL);
ret = wc_Stm32_Aes_UnWrap(aes, &hcryp, (const byte*)aes->key, aes->keylen,
aes->dhukIV, aes->dhukIVLen);
/* reconfigure for using unwrapped key now */
HAL_CRYP_GetConfig(&hcryp, &Config);
@@ -5155,7 +5157,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
HAL_CRYP_SetConfig(&hcryp, &Config);
}
else {
ret = wc_Stm32_Aes_Init(aes, &hcryp);
ret = wc_Stm32_Aes_Init(aes, &hcryp, 1);
if (ret != 0) {
wolfSSL_CryptHwMutexUnLock();
return ret;
@@ -5202,7 +5204,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
if (blocks == 0)
return 0;
ret = wc_Stm32_Aes_Init(aes, &hcryp);
ret = wc_Stm32_Aes_Init(aes, &hcryp, 0);
if (ret != 0)
return ret;
@@ -5264,7 +5266,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
if (blocks == 0)
return 0;
ret = wc_Stm32_Aes_Init(aes, &hcryp);
ret = wc_Stm32_Aes_Init(aes, &hcryp, 0);
if (ret != 0)
return ret;
@@ -6365,7 +6367,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
#endif
#ifdef WOLFSSL_STM32_CUBEMX
ret = wc_Stm32_Aes_Init(aes, &hcryp);
ret = wc_Stm32_Aes_Init(aes, &hcryp, 0);
if (ret != 0) {
return ret;
}
@@ -8557,7 +8559,7 @@ static WARN_UNUSED_RESULT int wc_AesGcmEncrypt_STM32(
return ret;
#ifdef WOLFSSL_STM32_CUBEMX
ret = wc_Stm32_Aes_Init(aes, &hcryp);
ret = wc_Stm32_Aes_Init(aes, &hcryp, 0);
if (ret != 0)
return ret;
#endif
@@ -9095,7 +9097,7 @@ static WARN_UNUSED_RESULT int wc_AesGcmDecrypt_STM32(
return ret;
#ifdef WOLFSSL_STM32_CUBEMX
ret = wc_Stm32_Aes_Init(aes, &hcryp);
ret = wc_Stm32_Aes_Init(aes, &hcryp, 0);
if (ret != 0)
return ret;
#endif

24
wolfcrypt/src/port/st/stm32.c
View File

@@ -450,10 +450,22 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo,
#ifdef WOLFSSL_STM32_CUBEMX
#if defined(WOLFSSL_STM32U5_DHUK)
/* Set the DHUK IV to be used when unwrapping an AES key
* return 0 on success */
int wc_Stm32_Aes_SetDHUK_IV(struct Aes* aes, const byte* iv, int ivSz)
{
if (ivSz != sizeof(aes->dhukIV)) {
return BAD_FUNC_ARG;
}
XMEMCPY(aes->dhukIV, iv, ivSz);
aes->dhukIVLen = ivSz;
return 0;
}
/* Wrap an AES key using the DHUK */
int wc_Stm32_Aes_Wrap(struct Aes* aes, const byte* in, word32 inSz, byte* out,
word32* outSz, const byte* iv)
word32* outSz, const byte* iv, int ivSz)
{
CRYP_HandleTypeDef hcryp;
int ret = 0;
@@ -494,7 +506,7 @@ int wc_Stm32_Aes_Wrap(struct Aes* aes, const byte* in, word32 inSz, byte* out,
int wc_Stm32_Aes_UnWrap(struct Aes* aes, CRYP_HandleTypeDef* hcryp,
const byte* in, word32 inSz, const byte* iv)
const byte* in, word32 inSz, const byte* iv, int ivSz)
{
int ret = 0;
@@ -508,7 +520,7 @@ int wc_Stm32_Aes_UnWrap(struct Aes* aes, CRYP_HandleTypeDef* hcryp,
hcryp->Init.DataType = CRYP_DATATYPE_8B;
hcryp->Init.KeySize = CRYP_KEYSIZE_256B;
hcryp->Init.DataWidthUnit = CRYP_DATAWIDTHUNIT_BYTE;
if (iv != NULL) {
if (ivSz > 0 && iv != NULL) {
hcryp->Init.pInitVect = (uint32_t *)iv;
hcryp->Init.Algorithm = CRYP_AES_CBC;
}
@@ -529,7 +541,7 @@ int wc_Stm32_Aes_UnWrap(struct Aes* aes, CRYP_HandleTypeDef* hcryp,
#endif
int wc_Stm32_Aes_Init(Aes* aes, CRYP_HandleTypeDef* hcryp)
int wc_Stm32_Aes_Init(Aes* aes, CRYP_HandleTypeDef* hcryp, int useSaes)
{
int ret;
word32 keySize;
@@ -561,8 +573,8 @@ int wc_Stm32_Aes_Init(Aes* aes, CRYP_HandleTypeDef* hcryp)
#ifdef WOLFSSL_STM32U5_DHUK
/* Use hardware key */
if (aes->devId == WOLFSSL_STM32U5_DHUK_DEVID ||
aes->devId == WOLFSSL_STM32U5_SAES_DEVID) {
if (useSaes && (aes->devId == WOLFSSL_STM32U5_DHUK_DEVID ||
aes->devId == WOLFSSL_STM32U5_SAES_DEVID)) {
/* SAES requires use of the RNG -- HAL_RNG_DeInit() calls from
random.c turn off the RNG clock -- re-enable the clock here */

5
wolfssl/wolfcrypt/aes.h
View File

@@ -286,7 +286,10 @@ struct Aes {
#endif
#ifdef HAVE_AESGCM
Gcm gcm;
#ifdef WOLFSSL_STM32U5_DHUK
byte dhukIV[16]; /* Used when unwrapping an encrypted key */
int dhukIVLen;
#endif
#ifdef WOLFSSL_SE050
sss_symmetric_t aes_ctx; /* used as the function context */
int ctxInitDone;

8
wolfssl/wolfcrypt/port/st/stm32.h
View File

@@ -205,7 +205,8 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo,
struct Aes;
#ifdef WOLFSSL_STM32_CUBEMX
int wc_Stm32_Aes_Init(struct Aes* aes, CRYP_HandleTypeDef* hcryp);
int wc_Stm32_Aes_Init(struct Aes* aes, CRYP_HandleTypeDef* hcryp,
int useSAES);
void wc_Stm32_Aes_Cleanup(void);
#else /* Standard Peripheral Library */
int wc_Stm32_Aes_Init(struct Aes* aes, CRYP_InitTypeDef* cryptInit,
@@ -221,9 +222,10 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo,
#define WOLFSSL_STM32U5_SAES_DEVID 807
#define WOLFSSL_STM32U5_DHUK_WRAPPED_DEVID 809
int wc_Stm32_Aes_Wrap(struct Aes* aes, const byte* in, word32 inSz, byte* out,
word32* outSz, const byte* iv);
word32* outSz, const byte* iv, int ivSz);
int wc_Stm32_Aes_UnWrap(struct Aes* aes, CRYP_HandleTypeDef* hcryp, const byte* in,
word32 inSz, const byte* iv);
word32 inSz, const byte* iv, int ivSz);
int wc_Stm32_Aes_SetDHUK_IV(struct Aes* aes, const byte* iv, int ivSz);
#endif
#if defined(WOLFSSL_STM32_PKA) && defined(HAVE_ECC)