diff --git a/pq/stm32/README.md b/pq/stm32/README.md index 9f98b9d6..04105038 100644 --- a/pq/stm32/README.md +++ b/pq/stm32/README.md @@ -29,17 +29,36 @@ $ make ## Configuring the STM32CubeIDE Project -Please see the following video for highlights on how the project was configured -and how to configure wolfSSL to enable our PQM4 integration. +Please see the following video for highlights on how to configure wolfSSL to +enable our PQM4 integration. https://www.youtube.com/watch?v=OK6MKXYiVBY -To setup the required PQM4 source files, please run the `setup_kyber.sh` script -in this directory. It will clone releveant git repos from github and generate -the directories and files you need. +Detailed instructions on how to build a project with wolfssl can be found at: + +https://github.com/wolfSSL/wolfssl/tree/master/IDE/STM32Cube + +1. Follow instructions at the link above and make sure you can perform "Example + for TLS v1.3 over UART". +2. Run the `setup_kyber.sh` script in this directory. It will clone relevant + git repos from github and generate the directories and files you need. +3. Drag and drop the include files into `Inc` and the `pqm4_kyber512` directory + into `Core`. +4. Turn on the PQM4 integration. + - Open the .ioc file + - Click "Software Packs" + - Click on the wolfSSL.I-CUBE-wolfSSL. that appears. + - In the Configuration box that appears, set "PQM4 Post-Quantum Integration + Support" to "True" + - Close the .ioc file and generate code. + - Build your project. + +For your reference, `wolfssl_stm32_pq` is a minimal starting project that has +many things already configured. If you have a NUCLEO-F446ZE evaluation board +Then you can skip step 1 and 4 and just use that. Once you have successfully built and flashed the project, the STM32 terminal -should should display the following menu: +should should display the following menu: ``` MENU @@ -92,7 +111,7 @@ ECDSA [ SECP256R1] 256 sign 78 ops took 1.019 sec, avg 13.064 m ECDSA [ SECP256R1] 256 verify 38 ops took 1.012 sec, avg 26.632 ms, 37.549 ops/sec kyber_level1-kg 62 ops took 1.004 sec, avg 16.194 ms, 61.753 ops/sec kyber_level1-ed 28 ops took 1.043 sec, avg 37.250 ms, 26.846 ops/sec -Benchmark complete +Benchmark complete ``` ## Quantum safe TLS 1.3 Connection Over UART (Linux server, STM32 client) diff --git a/pq/stm32/setup_kyber.patch b/pq/stm32/setup_kyber.patch index 5a6f5fdc..7e1ec96a 100644 --- a/pq/stm32/setup_kyber.patch +++ b/pq/stm32/setup_kyber.patch @@ -10,15 +10,15 @@ diff -u pqm4_kyber512.old/kem.c pqm4_kyber512/kem.c diff -u pqm4_kyber512.old/randombytes.c pqm4_kyber512/randombytes.c --- pqm4_kyber512.old/randombytes.c 2022-03-28 16:36:40.037940919 -0400 +++ pqm4_kyber512/randombytes.c 2022-03-11 14:38:18.192717915 -0500 -@@ -320,6 +320,10 @@ - /* Use windows API */ - return randombytes_win32_randombytes(buf, n); +@@ -357,6 +357,10 @@ + /* Use WASI */ + return randombytes_wasi_randombytes(buf, n); #else --#error "randombytes(...) is not supported on this platform" +-# error "randombytes(...) is not supported on this platform" + #warning randombytes() is not supported on this platform! + for (size_t i = 0; i < n; i++) { -+ buf[i] = (uint8_t)i; -+ } ++ output[i] = (uint8_t)i; ++ } + return 0; #endif } diff --git a/pq/stm32/setup_kyber.sh b/pq/stm32/setup_kyber.sh index d98f4c6a..09aecffc 100755 --- a/pq/stm32/setup_kyber.sh +++ b/pq/stm32/setup_kyber.sh @@ -14,15 +14,15 @@ tmp_dir=$PWD git clone https://github.com/mupq/pqm4.git $tmp_dir/pqm4 cd $tmp_dir/pqm4 -git checkout 3bfbbfd30401bd1dce3c497feb2a152713f2e735 +git checkout 1eeb74e4106a80e26a9452e4793acd6f191fe413 git clone https://github.com/mupq/mupq.git $tmp_dir/mupq cd $tmp_dir/mupq -git checkout 0235e325b60dcbd41bc82cdee55b5e3940e70b3e +git checkout 3b48fa5aff6f5921df5b3444450281daca6d21d1 git clone https://github.com/pqclean/pqclean.git $tmp_dir/pqclean cd $tmp_dir/pqclean -git checkout 964469d5506f3068c5afb504e3406f3291f6c336 +git checkout 2cc6e744e63c9aa7703ba3ae3304215e83bba167 # Populate include directory cp $tmp_dir/pqm4/crypto_kem/kyber512/m4fspeed/params.h $inc_dir @@ -52,12 +52,12 @@ cp $tmp_dir/pqm4/crypto_kem/kyber512/m4fspeed/macros.i $code_dir cp $tmp_dir/pqm4/crypto_kem/kyber512/m4fspeed/matacc.c $code_dir cp $tmp_dir/pqm4/crypto_kem/kyber512/m4fspeed/matacc.h $code_dir cp $tmp_dir/pqm4/crypto_kem/kyber512/m4fspeed/matacc.i $code_dir -cp $tmp_dir/pqm4/crypto_kem/kyber512/m4fspeed/matacc.S $code_dir +cp $tmp_dir/pqm4/crypto_kem/kyber512/m4fspeed/matacc_asm.S $code_dir cp $tmp_dir/pqm4/crypto_kem/kyber512/m4fspeed/ntt.c $code_dir cp $tmp_dir/pqm4/crypto_kem/kyber512/m4fspeed/ntt.h $code_dir cp $tmp_dir/pqm4/crypto_kem/kyber512/m4fspeed/poly.c $code_dir cp $tmp_dir/pqm4/crypto_kem/kyber512/m4fspeed/poly.h $code_dir -cp $tmp_dir/pqm4/crypto_kem/kyber512/m4fspeed/poly.S $code_dir +cp $tmp_dir/pqm4/crypto_kem/kyber512/m4fspeed/poly_asm.S $code_dir cp $tmp_dir/pqm4/crypto_kem/kyber512/m4fspeed/polyvec.c $code_dir cp $tmp_dir/pqm4/crypto_kem/kyber512/m4fspeed/polyvec.h $code_dir cp $tmp_dir/pqm4/crypto_kem/kyber512/m4fspeed/reduce.S $code_dir @@ -68,16 +68,14 @@ cp $tmp_dir/pqm4/crypto_kem/kyber512/m4fspeed/verify.h $code_dir # Rename some files mv $inc_dir/api.h $inc_dir/api_kyber.h -mv $code_dir/matacc.S $code_dir/matacc_renamed.S -mv $code_dir/poly.S $code_dir/poly_renamed.S # Patch in some small fixups. cd $cur_dir patch -p0 < setup_kyber.patch # give the user some instructions -echo "Created $code_dir . Plese add it to your project's Core directory." -echo "Created $inc_dir . Plese add the files it contains to you project's Core/Inc directory." +echo "Created $code_dir . Please add it to your project's Core directory." +echo "Created $inc_dir . Please add the files it contains to you project's Core/Inc directory." # Cleanup rm -rf $tmp_dir diff --git a/pq/stm32/wolfssl_stm32_pq/wolfssl_stm32_pq.ioc b/pq/stm32/wolfssl_stm32_pq/wolfssl_stm32_pq.ioc index 485119e4..97f81883 100644 --- a/pq/stm32/wolfssl_stm32_pq/wolfssl_stm32_pq.ioc +++ b/pq/stm32/wolfssl_stm32_pq/wolfssl_stm32_pq.ioc @@ -13,6 +13,7 @@ Dma.USART2_RX.0.Priority=DMA_PRIORITY_LOW Dma.USART2_RX.0.RequestParameters=Instance,Direction,PeriphInc,MemInc,PeriphDataAlignment,MemDataAlignment,Mode,Priority,FIFOMode File.Version=6 KeepUserPlacement=false +Mcu.CPN=STM32F446ZET6 Mcu.Family=STM32F4 Mcu.IP0=DMA Mcu.IP1=NVIC @@ -41,6 +42,7 @@ Mcu.Pin2=PC15-OSC32_OUT Mcu.Pin20=PB7 Mcu.Pin21=VP_RTC_VS_RTC_Activate Mcu.Pin22=VP_SYS_VS_Systick +Mcu.Pin23=VP_wolfSSL.I-CUBE-wolfSSL_VS_wolfSSLJjwolfSSL_5.5.3_5.5.3 Mcu.Pin3=PH0-OSC_IN Mcu.Pin4=PH1-OSC_OUT Mcu.Pin5=PB0 @@ -48,25 +50,26 @@ Mcu.Pin6=PB14 Mcu.Pin7=PD8 Mcu.Pin8=PD9 Mcu.Pin9=PG6 -Mcu.PinsNb=23 -Mcu.ThirdPartyNb=0 +Mcu.PinsNb=24 +Mcu.ThirdParty0=wolfSSL.I-CUBE-wolfSSL.5.5.3 +Mcu.ThirdPartyNb=1 Mcu.UserConstants= Mcu.UserName=STM32F446ZETx MxCube.Version=6.3.0 MxDb.Version=DB.6.0.30 -NVIC.BusFault_IRQn=true\:0\:0\:false\:false\:true\:true\:false -NVIC.DMA1_Stream5_IRQn=true\:0\:0\:false\:false\:true\:false\:true -NVIC.DebugMonitor_IRQn=true\:0\:0\:false\:false\:true\:true\:false +NVIC.BusFault_IRQn=true\:0\:0\:false\:false\:true\:true\:false\:false +NVIC.DMA1_Stream5_IRQn=true\:0\:0\:false\:false\:true\:false\:true\:true +NVIC.DebugMonitor_IRQn=true\:0\:0\:false\:false\:true\:true\:false\:false NVIC.ForceEnableDMAVector=true -NVIC.HardFault_IRQn=true\:0\:0\:false\:false\:true\:true\:false -NVIC.MemoryManagement_IRQn=true\:0\:0\:false\:false\:true\:true\:false -NVIC.NonMaskableInt_IRQn=true\:0\:0\:false\:false\:true\:true\:false -NVIC.PendSV_IRQn=true\:0\:0\:false\:false\:true\:true\:false +NVIC.HardFault_IRQn=true\:0\:0\:false\:false\:true\:true\:false\:false +NVIC.MemoryManagement_IRQn=true\:0\:0\:false\:false\:true\:true\:false\:false +NVIC.NonMaskableInt_IRQn=true\:0\:0\:false\:false\:true\:true\:false\:false +NVIC.PendSV_IRQn=true\:0\:0\:false\:false\:true\:true\:false\:false NVIC.PriorityGroup=NVIC_PRIORITYGROUP_4 -NVIC.SVCall_IRQn=true\:0\:0\:false\:false\:true\:true\:false -NVIC.SysTick_IRQn=true\:0\:0\:false\:false\:true\:true\:true -NVIC.USART2_IRQn=true\:0\:0\:false\:false\:true\:true\:true -NVIC.UsageFault_IRQn=true\:0\:0\:false\:false\:true\:true\:false +NVIC.SVCall_IRQn=true\:0\:0\:false\:false\:true\:true\:false\:false +NVIC.SysTick_IRQn=true\:0\:0\:false\:false\:true\:true\:true\:false +NVIC.USART2_IRQn=true\:0\:0\:false\:false\:true\:true\:true\:true +NVIC.UsageFault_IRQn=true\:0\:0\:false\:false\:true\:true\:false\:false PA10.GPIOParameters=GPIO_Label PA10.GPIO_Label=USB_ID PA10.Locked=true @@ -281,6 +284,17 @@ VP_RTC_VS_RTC_Activate.Mode=RTC_Enabled VP_RTC_VS_RTC_Activate.Signal=RTC_VS_RTC_Activate VP_SYS_VS_Systick.Mode=SysTick VP_SYS_VS_Systick.Signal=SYS_VS_Systick +VP_wolfSSL.I-CUBE-wolfSSL_VS_wolfSSLJjwolfSSL_5.5.3_5.5.3.Mode=wolfSSLJjwolfSSL +VP_wolfSSL.I-CUBE-wolfSSL_VS_wolfSSLJjwolfSSL_5.5.3_5.5.3.Signal=wolfSSL.I-CUBE-wolfSSL_VS_wolfSSLJjwolfSSL_5.5.3_5.5.3 board=NUCLEO-F446ZE boardIOC=true +wolfSSL.I-CUBE-wolfSSL.5.5.3.IPParameters=WOLF_CONF_PQM4,WOLF_CONF_DEBUG,WOLF_CONF_RNG,wolfSSLCcwolfSSLJjwolfSSLJjCore,wolfSSLCcwolfSSLJjwolfCryptJjCore,wolfSSLCcwolfSSLJjwolfCryptJjTest +wolfSSL.I-CUBE-wolfSSL.5.5.3.WOLF_CONF_DEBUG=1 +wolfSSL.I-CUBE-wolfSSL.5.5.3.WOLF_CONF_PQM4=1 +wolfSSL.I-CUBE-wolfSSL.5.5.3.WOLF_CONF_RNG=1 +wolfSSL.I-CUBE-wolfSSL.5.5.3.wolfSSLCcwolfSSLJjwolfCryptJjCore=true +wolfSSL.I-CUBE-wolfSSL.5.5.3.wolfSSLCcwolfSSLJjwolfCryptJjTest=true +wolfSSL.I-CUBE-wolfSSL.5.5.3.wolfSSLCcwolfSSLJjwolfSSLJjCore=true +wolfSSL.I-CUBE-wolfSSL.5.5.3.wolfSSLJjwolfSSL_Checked=true +wolfSSL.I-CUBE-wolfSSL.5.5.3_SwParameter=wolfSSLCcwolfSSLJjwolfCryptJjCore\:true;wolfSSLCcwolfSSLJjwolfCryptJjTest\:true;wolfSSLCcwolfSSLJjwolfSSLJjCore\:true; isbadioc=false