Topic: STM32U5A5 HASH seems to not works as expected

Hi there!

i'm a newbee regarding Crypto/SSL/etc world..

I use a STM32U5A5 MCU.

I implemented the WolfSSL library successfuly.

BUT, if it try to use STM32 hardware HASH acceleration, i have failure to communicate with TLS1.2 and/or TLS1.3.

so i tryed the provided unit tests and i get same results..
if STM32 HASH is enabled, most tests fail.. starting with:
RANDOM   test failed!

if i disable HASH HW acceleration,
all tests succeed...

is someone have any clue about this problem ?

Share

Re: STM32U5A5 HASH seems to not works as expected

Hi Rickou,

This issue was fixed in PR https://github.com/wolfSSL/wolfssl/pull/7787 on July 29, 2024.

Please confirm you are using the latest master or patch your code with this PR.

If you continue to have any issues please let us know.

Thanks,
David Garske, wolfSSL

Share

Re: STM32U5A5 HASH seems to not works as expected

Hi dgarske,

thank for the info. i'm currently using v5.7.2-stable

ok i will try to patch it

thank you !

Share

Re: STM32U5A5 HASH seems to not works as expected

ok, i just tested on nucleo U545 board (my own board doesn't have UART on board)
the HASH  test passed..
but i get GMAC error
GMAC     test failed!
error L=15541
[fiducial line numbers: 8773 27740 43402 55860]
Crypt Test: Return code -1

when undefining NO_STM32_CRYPTO
if i'm right this MCU also have crypto module as well as my U5A5..

if i do not undefined NO_STM32_CRYPTO all tests passed..

Share

Re: STM32U5A5 HASH seems to not works as expected

Hi Rickou,

GMAC is the integrity portion of AES GCM and can be used like a hashing function. I suspect you won't need GMAC, but I will investigate the root cause with AES GCM HW crypto.

Can you share me your build settings to try and reproduce? With the CubeMX generated code the settings are usually in a wolfSSL/wolfSSL.I-CUBE-wolfSSL_conf.h.

Thanks,
David Garske, wolfSSL

Share

6 (edited by Rickou 2024-09-23 23:09:36)

Re: STM32U5A5 HASH seems to not works as expected

yes sure, found it attached.
I have just modified it for handling U545 MCU

I generated a blank project
I just configured the project using cubeIDE to enable RNG, EAES, PKA, HASH & RTC modules.
then i added this config file and linked the library from a v5.7.2 git clone patched with the STM32 HW fix

run on NUCLEO U545-REQ board.

i will try on my own U5A5 board (but it's a little bit harder because of lack of USART)

Post's attachments

wolfSSL.I-CUBE-wolfSSL_conf.h 19.38 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

Share

7 (edited by Rickou 2024-09-24 00:05:06)

Re: STM32U5A5 HASH seems to not works as expected

i just made a test on my board with U5A5 (same config file, same lib version, same patch)

i just works as expected without errors .. hum...

So it's OK for me, but i'm currious why it works on 1 target and not on another one..

Tested again on U545 using the lib provided main.c example..
same error during GMAC test.

I haven't seen any differences between the 2 MCU crypto... but as i said i'm a newbee in Crypto world..

Share

Re: STM32U5A5 HASH seems to not works as expected

Hi Rickou,

That's odd. Is it the same version of the CubeMX HAL for AES? Are you using the same AES GHASH build options, example: GCM_SMALL or GCM_TABLE_4BIT? The actual AES GCM test happens later. If it also fails then you might check to make sure the clock for the AES peripheral is enabled (__HAL_RCC_AES_CLK_ENABLE();).

Thanks,
David Garske, wolfSSL

Share

Re: STM32U5A5 HASH seems to not works as expected

dgarske wrote:

Is it the same version of the CubeMX HAL for AES?

Hum, yes, both projects generated in same way..

dgarske wrote:

Are you using the same AES GHASH build options, example: GCM_SMALL or GCM_TABLE_4BIT? The actual AES GCM test happens later. If it also fails then you might check to make sure the clock for the AES peripheral is enabled (__HAL_RCC_AES_CLK_ENABLE();).

I will check this, but i'm pretty sure clock is enabled

Share

Re: STM32U5A5 HASH seems to not works as expected

OK, i found it !
it was a mistake during copying the project files.
The main expect to use/init the CRYP module instance (linked to AES) but the HAL_MSP source expect SAES...
so you're right, the module was not clocked !

Now all is fine
Thank you for the help !

Share

Re: STM32U5A5 HASH seems to not works as expected

Hi Rickou,

Congratulations! I am happy to hear you got it working. Let us know if anything else comes up.

Thanks,
David Garske, wolfSSL

Share