This example includes:
These examples use the Cube HAL for STM32.
You need both the STM32 IDE and the STM32 initialization code generator (STM32CubeMX) tools. The STM32CubeMX tool is used to setup a project which is used by the IDE to make any required code level changes and program / debug the STM32.
main.c
changes below in the STM32 Printf section.In the I-CUBE-wolfSSL.pack
pack there are pre-assembled example projects available.
After installing the pack you can find these example projects in STM32Cube/Repository/Packs/wolfSSL/wolfSSL/[Version]/Projects
.
To use an example:
STM32Cube/Repository/Packs/wolfSSL/wolfSSL/[Version]/Projects
and click finish.If none of the examples fit your STM32 type then you can create your own in STM32CubeMX by doing the following:
When you get to the IDE make sure you edit wolfSSL.I-CUBE-wolfSSL_conf.h
to set the HAL_CONSOLE_UART
to the correct one for your configuration.
The settings for the wolfSSL CubeMX pack are in the generated wolfSSL.I-CUBE-wolfSSL_conf.h
file. An example of a generated file can be found at examples/configs/user_settings_stm32.h
.
The template used for generation is IDE/STM32Cube/default_conf.ftl
, which is stored in the pack here: STM32Cube/Repository/Packs/wolfSSL/wolfSSL/[Version]/CubeMX/templates/default_conf.ftl
.
If the default settings for the Cube GUI are insufficient you can customize the build using one of these methods to prevent the changes from being overwritten when generating the code:
wolfSSL.I-CUBE-wolfSSL_conf.h
to Core/Inc
and rename to user_settings.h
. Then add the preprocessor macro WOLFSSL_USER_SETTINGS
to your project. This will use the user_settings.h
instead of the generated configuration.OR
STM32Cube/Repository/Packs/wolfSSL/wolfSSL/[Version]/CubeMX/templates/default_conf.ftl
.The section for "Hardware platform" may need to be adjusted depending on your processor and board:
WOLFSSL_STM32F1
.WOLFSSL_STM32F2
.WOLFSSL_STM32F4
.WOLFSSL_STM32F7
.WOLFSSL_STM32L4
.WOLFSSL_STM32L5
.WOLFSSL_STM32H7
.WOLFSSL_STM32WB
.To use the STM32 Cube HAL support make sure WOLFSSL_STM32_CUBEMX
is defined.
The L5 and WB55 support ECC PKA acceleration, which is enabled with WOLFSSL_STM32_PKA
.
To disable hardware crypto acceleration you can define:
NO_STM32_HASH
NO_STM32_CRYPTO
To enable the latest Cube HAL support please define STM32_HAL_V2
.
If you'd like to use the older Standard Peripheral library undefine WOLFSSL_STM32_CUBEMX
.
With STM32 Cube HAL v2 some AES GCM hardware has a limitation for the AAD header, which must be a multiple of 4 bytes.
If using STM32_AESGCM_PARTIAL
with the following patch it will enable use for all AAD header sizes. The STM32Cube_FW_F7_V1.16.0
patch is:
diff --git a/Drivers/STM32F7xx_HAL_Driver/Inc/stm32f7xx_hal_cryp.h b/Drivers/STM32F7xx_HAL_Driver/Inc/stm32f7xx_hal_cryp.h
--- a/Drivers/STM32F7xx_HAL_Driver/Inc/stm32f7xx_hal_cryp.h
+++ b/Drivers/STM32F7xx_HAL_Driver/Inc/stm32f7xx_hal_cryp.h
@@ -63,6 +63,7 @@ typedef struct
GCM : also known as Additional Authentication Data
CCM : named B1 composed of the associated data length and Associated Data. */
uint32_t HeaderSize; /*!< The size of header buffer in word */
+ uint32_t HeaderPadSize; /*!< <PATCH> The size of padding in bytes added to actual header data to pad it to a multiple of 32 bits </PATCH> */
uint32_t *B0; /*!< B0 is first authentication block used only in AES CCM mode */
uint32_t DataWidthUnit; /*!< Data With Unit, this parameter can be value of @ref CRYP_Data_Width_Unit*/
uint32_t KeyIVConfigSkip; /*!< CRYP peripheral Key and IV configuration skip, to config Key and Initialization
diff --git a/Drivers/STM32F7xx_HAL_Driver/Src/stm32f7xx_hal_cryp_ex.c b/Drivers/STM32F7xx_HAL_Driver/Src/stm32f7xx_hal_cryp_ex.c
--- a/Drivers/STM32F7xx_HAL_Driver/Src/stm32f7xx_hal_cryp_ex.c
+++ b/Drivers/STM32F7xx_HAL_Driver/Src/stm32f7xx_hal_cryp_ex.c
@@ -132,6 +132,8 @@ HAL_StatusTypeDef HAL_CRYPEx_AESGCM_GenerateAuthTAG(CRYP_HandleTypeDef *hcryp, u
uint64_t inputlength = (uint64_t)hcryp->SizesSum * 8U; /* input length in bits */
uint32_t tagaddr = (uint32_t)AuthTag;
+ headerlength -= ((uint64_t)(hcryp->Init.HeaderPadSize) * 8U); /* <PATCH> Decrement the header size removing the pad size </PATCH> */
+
if (hcryp->State == HAL_CRYP_STATE_READY)
{
/* Process locked */
If you are using FreeRTOS make sure your FreeRTOSConfig.h
has its configTOTAL_HEAP_SIZE
increased.
The TLS client/server benchmark example requires about 76 KB for allocated tasks (with stack) and peak heap. This uses both a TLS client and server to test a TLS connection locally for each enabled TLS cipher suite.
....MENU
.t. WolfCrypt Test
.b. WolfCrypt Benchmark
.l. WolfSSL TLS Bench
.e. Show Cipher List
Please select one of the above options:
See STM32_Benchmarks.md.
Note: The Benchmark example uses float. To enable go to "Project Properties" -> "C/C++ Build" -> "Settings" -> "Tool Settings" -> "MCU Settings" -> Check "Use float with printf".
In main.c make the following changes:
This section needs to go below the UART_HandleTypeDef
line, otherwise wolfssl/wolfcrypt/settings.h
will error.
/* Retargets the C library printf function to the USART. */
#include <stdio.h>
#include <wolfssl/wolfcrypt/settings.h>
#ifdef __GNUC__
int __io_putchar(int ch)
#else
int fputc(int ch, FILE *f)
#endif
{
HAL_UART_Transmit(&HAL_CONSOLE_UART, (uint8_t *)&ch, 1, 0xFFFF);
return ch;
}
#ifdef __GNUC__
int _write(int file,char *ptr, int len)
{
int DataIdx;
for (DataIdx= 0; DataIdx< len; DataIdx++) {
__io_putchar(*ptr++);
}
return len;
}
#endif
In the main()
function make the follow setvbuf()
additions after HAL_Init()
.
int main(void)
{
/* Reset of all peripherals, Initializes the Flash interface and the Systick. */
HAL_Init();
/* Turn off buffers, so I/O occurs immediately */
setvbuf(stdin, NULL, _IONBF, 0);
setvbuf(stdout, NULL, _IONBF, 0);
setvbuf(stderr, NULL, _IONBF, 0);
For questions please email support@wolfssl.com