STM32H5: fixed TRNG and LEDs, added PKCS11 to app

Author: danielinux

config/examples/stm32h5-wolfcrypt-tz.config

@@ -18,11 +18,11 @@ V?=0
 SPMATH?=1
 RAM_CODE?=0
 DUALBANK_SWAP?=0
-WOLFBOOT_PARTITION_SIZE?=0x1F800
+WOLFBOOT_PARTITION_SIZE?=0xC0000
 WOLFBOOT_SECTOR_SIZE?=0x2000
 WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x08040000
-WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x805F800
-WOLFBOOT_PARTITION_SWAP_ADDRESS?=0x0807F000
+WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x8140000
+WOLFBOOT_PARTITION_SWAP_ADDRESS?=0x08010000
 FLAGS_HOME=0
 DISABLE_BACKUP=0
 WOLFCRYPT_TZ=1

hal/stm32_tz.c

@@ -271,8 +271,7 @@ static void hsi48_on(void)
     RCC_CRRCR |= RCC_CRRCR_HSI48ON;
     while ((RCC_CRRCR & RCC_CRRCR_HSI48RDY) == 0)
         ;
-#endif
-#ifdef PLATFORM_stm32u5
+#else /* U5 and H5 */
     RCC_CR |= RCC_CR_HSI48ON;
     while ((RCC_CR & RCC_CR_HSI48RDY) == 0)
         ;
@@ -290,9 +289,9 @@ void hal_trng_init(void)
     reg_val &= ~(0x7 << TRNG_CR_CLKDIV_SHIFT);
     reg_val &= ~(0x3 << TRNG_CR_CONFIG2_SHIFT);
     reg_val &= ~(0x7 << TRNG_CR_CONFIG3_SHIFT);
-
     reg_val |= 0x0F << TRNG_CR_CONFIG1_SHIFT;
     reg_val |= 0x0D << TRNG_CR_CONFIG3_SHIFT;
+
 #ifdef PLATFORM_stm32u5 /* RM0456 40.6.2 */
     reg_val |= 0x06 << TRNG_CR_CLKDIV_SHIFT;
 #endif

hal/stm32h5.h

@@ -344,6 +344,7 @@
 #define GPIOB_AHB2_CLOCK_ER (1 << 1)
 #define GPIOC_AHB2_CLOCK_ER (1 << 2)
 #define GPIOD_AHB2_CLOCK_ER (1 << 3)
+#define GPIOF_AHB2_CLOCK_ER (1 << 5)
 #define GPIOG_AHB2_CLOCK_ER (1 << 6)
 #define TRNG_AHB2_CLOCK_ER  (1 << 18)
 #define PKA_AHB2_CLOCK_ER   (1 << 19)
@@ -358,16 +359,12 @@
 
 #define GPIO_SECCFGR(base) (*(volatile uint32_t *)(base + 0x30))
 
-#ifdef STM32_DISCOVERY
-    #define LED_AHB2_ENABLE (GPIOD_AHB2_CLOCK_ER | GPIOG_AHB2_CLOCK_ER)
-    #define LED_BOOT_PIN (12)  /* PG12 - Discovery - Green Led */
-    #define LED_USR_PIN (3) /* PD3  - Discovery  - Red Led */
-#else
-    #define LED_AHB2_ENABLE (GPIOA_AHB2_CLOCK_ER | GPIOB_AHB2_CLOCK_ER | \
-            GPIOC_AHB2_CLOCK_ER)
-    #define LED_BOOT_PIN (9)  /* PA9 - Nucleo board - Red Led */
-    #define LED_USR_PIN (7)   /* PC7  - Nucleo board  - Green Led */
-    #define LED_EXTRA_PIN (7) /* PB7 - Nucleo board - Blue Led */
-#endif
+
+
+#define LED_AHB2_ENABLE (GPIOG_AHB2_CLOCK_ER | GPIOB_AHB2_CLOCK_ER | \
+        GPIOF_AHB2_CLOCK_ER)
+#define LED_BOOT_PIN (4)  /* PG4 - Nucleo board - Orange Led */
+#define LED_USR_PIN (0)   /* PB0  - Nucleo board  - Green Led */
+#define LED_EXTRA_PIN (4) /* PF4 - Nucleo board - Blue Led */
 
 #endif /* STM32H5_DEF_INCLUDED */

test-app/app_stm32h5.c

@@ -29,9 +29,18 @@
 #include "hal.h"
 #include "wolfboot/wolfboot.h"
 
+#ifdef SECURE_PKCS11
+#include "wcs/user_settings.h"
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/wc_pkcs11.h>
+#include <wolfssl/wolfcrypt/random.h>
+extern const char pkcs11_library_name[];
+extern const CK_FUNCTION_LIST wolfpkcs11nsFunctionList;
+#endif
+
 #define LED_BOOT_PIN (4) /* PG4 - Nucleo - Red Led */
 #define LED_USR_PIN  (0) /* PB0 - Nucleo - Green Led */
-#define LED_USR2_PIN  (4) /* PF4 - Nucleo - Orange Led */
+#define LED_EXTRA_PIN  (4) /* PF4 - Nucleo - Orange Led */
 
 /*Non-Secure */
 #define RCC_BASE            (0x44020C00)   /* RM0481 - Table 3 */
@@ -97,10 +106,10 @@ void usr_led_off(void)
     GPIOB_BSRR |= (1 << (LED_USR_PIN + 16));
 }
 
-void usr2_led_on(void)
+void extra_led_on(void)
 {
     uint32_t reg;
-    uint32_t pin = LED_USR2_PIN;
+    uint32_t pin = LED_EXTRA_PIN;
 
     RCC_AHB2ENR1_CLOCK_ER|= GPIOF_AHB2ENR1_CLOCK_ER;
     /* Delay after an RCC peripheral clock enabling */
@@ -112,18 +121,94 @@ void usr2_led_on(void)
     GPIOF_BSRR |= (1 << (pin));
 }
 
-void usr2_led_off(void)
+void extra_led_off(void)
 {
-    GPIOF_BSRR |= (1 << (LED_USR2_PIN + 16));
+    GPIOF_BSRR |= (1 << (LED_EXTRA_PIN + 16));
 }
 
+static char CaBuf[2048];
+static uint8_t my_pubkey[200];
+
+extern int ecdsa_sign_verify(int devId);
+
+
 void main(void)
 {
+    int ret;
+    uint32_t rand;
+    uint32_t i;
+    uint32_t klen = 200;
+    int otherkey_slot;
+    unsigned int devId = 0;
+
+#ifdef SECURE_PKCS11
+    WC_RNG rng;
+    Pkcs11Token token;
+    Pkcs11Dev PKCS11_d;
+    unsigned long session;
+    char TokenPin[] = "0123456789ABCDEF";
+    char UserPin[] = "ABCDEF0123456789";
+    char SoPinName[] = "SO-PIN";
+
     boot_led_on();
-    usr_led_on();
-    boot_led_off();
-    if (wolfBoot_current_firmware_version() > 1)
-        usr2_led_on();
+
+    wolfCrypt_Init();
+
+    PKCS11_d.heap = NULL,
+    PKCS11_d.func = (CK_FUNCTION_LIST *)&wolfpkcs11nsFunctionList;
+
+    ret = wc_Pkcs11Token_Init(&token, &PKCS11_d, 1, "EccKey",
+            (const byte*)TokenPin, strlen(TokenPin));
+
+    if (ret == 0) {
+        ret = wolfpkcs11nsFunctionList.C_OpenSession(1,
+                CKF_SERIAL_SESSION | CKF_RW_SESSION,
+                NULL, NULL, &session);
+    }
+    if (ret == 0) {
+        ret = wolfpkcs11nsFunctionList.C_InitToken(1,
+                (byte *)TokenPin, strlen(TokenPin), (byte *)SoPinName);
+    }
+
+    if (ret == 0) {
+        extra_led_on();
+        ret = wolfpkcs11nsFunctionList.C_Login(session, CKU_SO,
+                (byte *)TokenPin,
+                strlen(TokenPin));
+    }
+    if (ret == 0) {
+        ret = wolfpkcs11nsFunctionList.C_InitPIN(session,
+                (byte *)TokenPin,
+                strlen(TokenPin));
+    }
+    if (ret == 0) {
+        ret = wolfpkcs11nsFunctionList.C_Logout(session);
+    }
+    if (ret != 0) {
+        while(1)
+            ;
+    }
+    if (ret == 0) {
+        ret = wc_CryptoDev_RegisterDevice(devId, wc_Pkcs11_CryptoDevCb,
+                &token);
+        if (ret != 0) {
+            while(1)
+                ;
+        }
+        if (ret == 0) {
+#ifdef HAVE_ECC
+            ret = ecdsa_sign_verify(devId);
+            if (ret != 0)
+                ret = 1;
+            else
+                usr_led_on();
+#endif
+        }
+        wc_Pkcs11Token_Final(&token);
+    }
+#endif
     while(1)
         ;
+
+    /* Never reached */
 }