Skip to content

Commit 54db326

Browse files
committed
STM32: fix check-source-text (wrap overlong lines, update macro list)
- Wrap source lines >80 cols added by the STM32 bare/DHUK/CCB port: reformat the P-256 CCB curve constants to 8 bytes/line, break long SAES/PKA register writes and pka_read_be calls, and rewrap doxygen and in-code comments (port/st/stm32.c + stm32.h, aes.c, ecc.c, random.c, doc/dox_comments/header_files/stm32.h). - .wolfssl_known_macro_extras: add AES_CR_CPHASE, RCC_AHB2ENR_CCBEN, and WOLFSSL_STM32_RNG_LEGACY_FAILFAST; drop the now-recognized WOLFSSL_STM32_CCB.
1 parent f5842a0 commit 54db326

7 files changed

Lines changed: 129 additions & 79 deletions

File tree

.wolfssl_known_macro_extras

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
AES
22
AES1
33
AES_CR_CCFC
4+
AES_CR_CPHASE
45
AES_GCM_GMULT_NCT
56
AES_ICR_CCF
67
AES_ISR_CCF
@@ -525,6 +526,7 @@ RCC_AHB2ENR1_HASHEN
525526
RCC_AHB2ENR1_PKAEN
526527
RCC_AHB2ENR1_SAESEN
527528
RCC_AHB2ENR_AESEN
529+
RCC_AHB2ENR_CCBEN
528530
RCC_AHB2ENR_HASHEN
529531
RCC_AHB2ENR_PKAEN
530532
RCC_AHB2ENR_SAESEN
@@ -987,8 +989,8 @@ WOLFSSL_STM32C5
987989
WOLFSSL_STM32F3
988990
WOLFSSL_STM32F427_RNG
989991
WOLFSSL_STM32U0
990-
WOLFSSL_STM32_CCB
991992
WOLFSSL_STM32_DHUK_UNWRAP
993+
WOLFSSL_STM32_RNG_LEGACY_FAILFAST
992994
WOLFSSL_STM32_USE_SAES
993995
WOLFSSL_STRONGEST_HASH_SIG
994996
WOLFSSL_STSAFE_TAKES_SLOT

doc/dox_comments/header_files/stm32.h

Lines changed: 16 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -5,10 +5,11 @@
55
crypto-callback device. After registering at WC_DHUK_DEVID, bind an object
66
to the device by setting its devId at init (wc_AesInit / wc_ecc_init_ex) and
77
supply the per-key 256-bit seed as the key (wc_AesGcmSetKey) or via
8-
wc_ecc_import_wrapped_private; normal wolfCrypt AES / GMAC / ECDSA calls then
9-
run transparently with the working key derived inside the SAES. Available on
10-
STM32 builds with WOLFSSL_DHUK, WOLF_CRYPTO_CB, and a DHUK-capable SAES
11-
(WC_STM32_HAS_DHUK); on the CubeMX path it is also provided for CCB ECDSA.
8+
wc_ecc_import_wrapped_private; normal wolfCrypt AES / GMAC / ECDSA calls
9+
then run transparently with the working key derived inside the SAES.
10+
Available on STM32 builds with WOLFSSL_DHUK, WOLF_CRYPTO_CB, and a
11+
DHUK-capable SAES (WC_STM32_HAS_DHUK); on the CubeMX path it is also
12+
provided for CCB ECDSA.
1213
1314
\return 0 Returned on success.
1415
\return <0 A negative error code is returned if device registration fails.
@@ -35,8 +36,8 @@ int wc_Stm32_DhukRegister(int devId);
3536
\ingroup STM32
3637
3738
\brief This function unregisters the STM32 DHUK crypto-callback device that
38-
was registered with wc_Stm32_DhukRegister. Call it once transparent DHUK / CCB
39-
operations are complete.
39+
was registered with wc_Stm32_DhukRegister. Call it once transparent
40+
DHUK / CCB operations are complete.
4041
4142
\return none No return value.
4243
@@ -62,9 +63,9 @@ void wc_Stm32_DhukUnRegister(int devId);
6263
builds with WOLFSSL_DHUK and a DHUK-capable SAES.
6364
6465
\return 0 Returned on success.
65-
\return BAD_FUNC_ARG Returned if a required pointer is NULL, if inSz is not a
66-
supported block size, if the iv is non-NULL with ivSz != 16, or (software-key
67-
path) if the wrapping key length is not 16 or 32.
66+
\return BAD_FUNC_ARG Returned if a required pointer is NULL, if inSz is
67+
not a supported block size, if the iv is non-NULL with ivSz != 16, or
68+
(software-key path) if the wrapping key length is not 16 or 32.
6869
\return <0 A negative error code may be returned on a hardware error.
6970
7071
\param aes pointer to an initialized Aes; aes->devId selects the wrap key.
@@ -86,10 +87,10 @@ int wc_Stm32_Aes_Wrap(struct Aes* aes, const byte* in, word32 inSz, byte* out,
8687
\brief This function brings up the STM32 CCB (Coupling and Chaining Bridge)
8788
peripheral and reports whether it is usable: it enables the CCB / PKA / SAES
8889
/ RNG clocks, pulse-resets the engines, waits for BUSY to clear, and checks
89-
for an operation error. Bare-metal only (WOLFSSL_STM32_BARE). The transparent
90-
CCB sign path calls this internally, so most callers do not invoke it
91-
directly. Available on STM32 builds with WOLFSSL_STM32_CCB on CCB silicon
92-
(STM32U3 or STM32C5).
90+
for an operation error. Bare-metal only (WOLFSSL_STM32_BARE). The
91+
transparent CCB sign path calls this internally, so most callers do not
92+
invoke it directly. Available on STM32 builds with WOLFSSL_STM32_CCB on
93+
CCB silicon (STM32U3 or STM32C5).
9394
9495
\return 0 Returned when the CCB is up and usable.
9596
\return WC_TIMEOUT_E Returned if BUSY does not clear within the timeout.
@@ -115,7 +116,8 @@ int wc_Stm32_CcbInit(void);
115116
116117
\return 0 Returned on success.
117118
\return NOT_COMPILED_IN Returned if curveId is an unsupported curve.
118-
\return BAD_FUNC_ARG Returned if a required pointer is NULL or dLen is wrong.
119+
\return BAD_FUNC_ARG Returned if a required pointer is NULL or dLen is
120+
wrong.
119121
\return WC_TIMEOUT_E Returned if a hardware step times out.
120122
121123
\param curveId the ECC curve id; currently ECC_SECP256R1.

wolfcrypt/src/aes.c

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4167,8 +4167,9 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(Aes* aes, const byte* inBlock,
41674167
#ifdef WOLF_CRYPTO_CB
41684168
/* Keep a raw (non-reversed) copy for crypto-callback offload, e.g. the
41694169
* DHUK device reads the seed from devKey. Mirrors the generic
4170-
* wc_AesSetKey cryptocb path: only for a cryptocb-bound key, and reject
4171-
* an oversized key (matches the other devKey copy sites in this file). */
4170+
* wc_AesSetKey cryptocb path: only for a cryptocb-bound key, and
4171+
* reject an oversized key (matches the other devKey copy sites in
4172+
* this file). */
41724173
if (aes->devId != INVALID_DEVID) {
41734174
if (keylen > sizeof(aes->devKey)) {
41744175
return BAD_FUNC_ARG;
@@ -5747,7 +5748,8 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
57475748
* callback). CBC has no crypto-callback entry on the BARE path, so a
57485749
* DHUK key -- devId == WC_DHUK_DEVID, where wc_AesSetKey stored the
57495750
* derivation seed in aes->key -- would run with the seed as the AES
5750-
* key. Reject rather than silently produce a non-device-bound result. */
5751+
* key. Reject rather than silently produce a non-device-bound
5752+
* result. */
57515753
if (aes->devId == WC_DHUK_DEVID) {
57525754
return NOT_COMPILED_IN;
57535755
}

wolfcrypt/src/ecc.c

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -288,9 +288,9 @@ ECC Curve Sizes:
288288
* verify (mode 0x26) correctly, so use the SW verify helper rather than the
289289
* HW-accelerator sigRS path. Note the helper's scalar multiplications still
290290
* run on the HW PKA generic-mul (stm32.c provides wc_ecc_mulmod_ex under
291-
* !WC_STM32_PKA_VERIFY_ONLY) -- the C5 issue is specifically the verify-mode
292-
* wrapper, not the point math, which is exercised and correct (the lead for
293-
* a future real HW verify). */
291+
* !WC_STM32_PKA_VERIFY_ONLY) -- the C5 issue is specifically the
292+
* verify-mode wrapper, not the point math, which is exercised and correct
293+
* (the lead for a future real HW verify). */
294294
#undef HAVE_ECC_VERIFY_HELPER
295295
#define HAVE_ECC_VERIFY_HELPER
296296
#endif
@@ -8264,8 +8264,8 @@ int wc_ecc_dev_make_key(WC_RNG* rng, int keysize, ecc_key* key, int curve_id)
82648264
}
82658265
}
82668266
if (ret == 0) {
8267-
ret = wc_ecc_import_wrapped_private_ex(key, curve_id, wrapped, wrappedSz,
8268-
iv, (word32)sizeof(iv), tag,
8267+
ret = wc_ecc_import_wrapped_private_ex(key, curve_id, wrapped,
8268+
wrappedSz, iv, (word32)sizeof(iv), tag,
82698269
(word32)sizeof(tag), pub,
82708270
(word32)(2 * modSz));
82718271
}

0 commit comments

Comments
 (0)