Merge pull request #347 from anhu/pqm4_update

Update PQM4 kyber setup script.
2022-11-28 08:35:18 -08:00 · 2022-11-28 08:35:18 -08:00 · 25f7f83732
parent fe060a7db7 43882bdf69
commit 25f7f83732
4 changed files with 66 additions and 35 deletions
--- a/pq/stm32/README.md
+++ b/pq/stm32/README.md
@ -29,17 +29,36 @@ $ make

 ## Configuring the STM32CubeIDE Project

-Please see the following video for highlights on how the project was configured
-and how to configure wolfSSL to enable our PQM4 integration.
+Please see the following video for highlights on how to configure wolfSSL to
+enable our PQM4 integration.

 https://www.youtube.com/watch?v=OK6MKXYiVBY

-To setup the required PQM4 source files, please run the `setup_kyber.sh` script
-in this directory. It will clone releveant git repos from github and generate
-the directories and files you need.
+Detailed instructions on how to build a project with wolfssl can be found at:
+
+https://github.com/wolfSSL/wolfssl/tree/master/IDE/STM32Cube
+
+1. Follow instructions at the link above and make sure you can perform "Example
+   for TLS v1.3 over UART".
+2. Run the `setup_kyber.sh` script in this directory. It will clone relevant
+   git repos from github and generate the directories and files you need.
+3. Drag and drop the include files into `Inc` and the `pqm4_kyber512` directory
+   into `Core`.
+4. Turn on the PQM4 integration.
+   - Open the .ioc file
+   - Click "Software Packs"
+   - Click on the wolfSSL.I-CUBE-wolfSSL.<version> that appears.
+   - In the Configuration box that appears, set "PQM4 Post-Quantum Integration
+     Support" to "True"
+   - Close the .ioc file and generate code.
+   - Build your project.
+
+For your reference, `wolfssl_stm32_pq` is a minimal starting project that has
+many things already configured. If you have a NUCLEO-F446ZE evaluation board
+Then you can skip step 1 and 4 and just use that.

 Once you have successfully built and flashed the project, the STM32 terminal
-should should display the following menu: 
+should should display the following menu:

 ```
                                MENU
@ -92,7 +111,7 @@ ECDSA [      SECP256R1]   256 sign           78 ops took 1.019 sec, avg 13.064 m
 ECDSA [      SECP256R1]   256 verify         38 ops took 1.012 sec, avg 26.632 ms, 37.549 ops/sec
 kyber_level1-kg         62 ops took 1.004 sec, avg 16.194 ms, 61.753 ops/sec
 kyber_level1-ed         28 ops took 1.043 sec, avg 37.250 ms, 26.846 ops/sec
-Benchmark complete 
+Benchmark complete
 ```

 ## Quantum safe TLS 1.3 Connection Over UART (Linux server, STM32 client)
--- a/pq/stm32/setup_kyber.patch
+++ b/pq/stm32/setup_kyber.patch
@ -10,15 +10,15 @@ diff -u pqm4_kyber512.old/kem.c pqm4_kyber512/kem.c
 diff -u pqm4_kyber512.old/randombytes.c pqm4_kyber512/randombytes.c
 --- pqm4_kyber512.old/randombytes.c	2022-03-28 16:36:40.037940919 -0400
 +++ pqm4_kyber512/randombytes.c		2022-03-11 14:38:18.192717915 -0500
-@@ -320,6 +320,10 @@
-     /* Use windows API */
-     return randombytes_win32_randombytes(buf, n);
+@@ -357,6 +357,10 @@
+     /* Use WASI */
+     return randombytes_wasi_randombytes(buf, n);
     #else
-#error "randombytes(...) is not supported on this platform"
+-# error "randombytes(...) is not supported on this platform"
 +    #warning randombytes() is not supported on this platform!
 +    for (size_t i = 0; i < n; i++) {
-+         buf[i] = (uint8_t)i;
-+    } 
+         output[i] = (uint8_t)i;
+    }
 +    return 0;
     #endif
 }
--- a/pq/stm32/setup_kyber.sh
+++ b/pq/stm32/setup_kyber.sh
@ -14,15 +14,15 @@ tmp_dir=$PWD

 git clone https://github.com/mupq/pqm4.git $tmp_dir/pqm4
 cd $tmp_dir/pqm4
-git checkout 3bfbbfd30401bd1dce3c497feb2a152713f2e735
+git checkout 1eeb74e4106a80e26a9452e4793acd6f191fe413

 git clone https://github.com/mupq/mupq.git $tmp_dir/mupq
 cd $tmp_dir/mupq
-git checkout 0235e325b60dcbd41bc82cdee55b5e3940e70b3e
+git checkout 3b48fa5aff6f5921df5b3444450281daca6d21d1

 git clone  https://github.com/pqclean/pqclean.git $tmp_dir/pqclean
 cd $tmp_dir/pqclean
-git checkout 964469d5506f3068c5afb504e3406f3291f6c336
+git checkout 2cc6e744e63c9aa7703ba3ae3304215e83bba167

 # Populate include directory
 cp $tmp_dir/pqm4/crypto_kem/kyber512/m4fspeed/params.h $inc_dir
@ -52,12 +52,12 @@ cp $tmp_dir/pqm4/crypto_kem/kyber512/m4fspeed/macros.i $code_dir
 cp $tmp_dir/pqm4/crypto_kem/kyber512/m4fspeed/matacc.c $code_dir
 cp $tmp_dir/pqm4/crypto_kem/kyber512/m4fspeed/matacc.h $code_dir
 cp $tmp_dir/pqm4/crypto_kem/kyber512/m4fspeed/matacc.i $code_dir
-cp $tmp_dir/pqm4/crypto_kem/kyber512/m4fspeed/matacc.S $code_dir
+cp $tmp_dir/pqm4/crypto_kem/kyber512/m4fspeed/matacc_asm.S $code_dir
 cp $tmp_dir/pqm4/crypto_kem/kyber512/m4fspeed/ntt.c $code_dir
 cp $tmp_dir/pqm4/crypto_kem/kyber512/m4fspeed/ntt.h $code_dir
 cp $tmp_dir/pqm4/crypto_kem/kyber512/m4fspeed/poly.c $code_dir
 cp $tmp_dir/pqm4/crypto_kem/kyber512/m4fspeed/poly.h $code_dir
-cp $tmp_dir/pqm4/crypto_kem/kyber512/m4fspeed/poly.S $code_dir
+cp $tmp_dir/pqm4/crypto_kem/kyber512/m4fspeed/poly_asm.S $code_dir
 cp $tmp_dir/pqm4/crypto_kem/kyber512/m4fspeed/polyvec.c $code_dir
 cp $tmp_dir/pqm4/crypto_kem/kyber512/m4fspeed/polyvec.h $code_dir
 cp $tmp_dir/pqm4/crypto_kem/kyber512/m4fspeed/reduce.S $code_dir
@ -68,16 +68,14 @@ cp $tmp_dir/pqm4/crypto_kem/kyber512/m4fspeed/verify.h $code_dir

 # Rename some files
 mv $inc_dir/api.h $inc_dir/api_kyber.h
-mv $code_dir/matacc.S $code_dir/matacc_renamed.S
-mv $code_dir/poly.S $code_dir/poly_renamed.S

 # Patch in some small fixups.
 cd $cur_dir
 patch -p0 < setup_kyber.patch

 # give the user some instructions
-echo "Created $code_dir . Plese add it to your project's Core directory."
-echo "Created $inc_dir . Plese add the files it contains to you project's Core/Inc directory."
+echo "Created $code_dir . Please add it to your project's Core directory."
+echo "Created $inc_dir . Please add the files it contains to you project's Core/Inc directory."

 # Cleanup
 rm -rf $tmp_dir
--- a/pq/stm32/wolfssl_stm32_pq/wolfssl_stm32_pq.ioc
+++ b/pq/stm32/wolfssl_stm32_pq/wolfssl_stm32_pq.ioc
@ -13,6 +13,7 @@ Dma.USART2_RX.0.Priority=DMA_PRIORITY_LOW
 Dma.USART2_RX.0.RequestParameters=Instance,Direction,PeriphInc,MemInc,PeriphDataAlignment,MemDataAlignment,Mode,Priority,FIFOMode
 File.Version=6
 KeepUserPlacement=false
+Mcu.CPN=STM32F446ZET6
 Mcu.Family=STM32F4
 Mcu.IP0=DMA
 Mcu.IP1=NVIC
@ -41,6 +42,7 @@ Mcu.Pin2=PC15-OSC32_OUT
 Mcu.Pin20=PB7
 Mcu.Pin21=VP_RTC_VS_RTC_Activate
 Mcu.Pin22=VP_SYS_VS_Systick
+Mcu.Pin23=VP_wolfSSL.I-CUBE-wolfSSL_VS_wolfSSLJjwolfSSL_5.5.3_5.5.3
 Mcu.Pin3=PH0-OSC_IN
 Mcu.Pin4=PH1-OSC_OUT
 Mcu.Pin5=PB0
@ -48,25 +50,26 @@ Mcu.Pin6=PB14
 Mcu.Pin7=PD8
 Mcu.Pin8=PD9
 Mcu.Pin9=PG6
-Mcu.PinsNb=23
-Mcu.ThirdPartyNb=0
+Mcu.PinsNb=24
+Mcu.ThirdParty0=wolfSSL.I-CUBE-wolfSSL.5.5.3
+Mcu.ThirdPartyNb=1
 Mcu.UserConstants=
 Mcu.UserName=STM32F446ZETx
 MxCube.Version=6.3.0
 MxDb.Version=DB.6.0.30
-NVIC.BusFault_IRQn=true\:0\:0\:false\:false\:true\:true\:false
-NVIC.DMA1_Stream5_IRQn=true\:0\:0\:false\:false\:true\:false\:true
-NVIC.DebugMonitor_IRQn=true\:0\:0\:false\:false\:true\:true\:false
+NVIC.BusFault_IRQn=true\:0\:0\:false\:false\:true\:true\:false\:false
+NVIC.DMA1_Stream5_IRQn=true\:0\:0\:false\:false\:true\:false\:true\:true
+NVIC.DebugMonitor_IRQn=true\:0\:0\:false\:false\:true\:true\:false\:false
 NVIC.ForceEnableDMAVector=true
-NVIC.HardFault_IRQn=true\:0\:0\:false\:false\:true\:true\:false
-NVIC.MemoryManagement_IRQn=true\:0\:0\:false\:false\:true\:true\:false
-NVIC.NonMaskableInt_IRQn=true\:0\:0\:false\:false\:true\:true\:false
-NVIC.PendSV_IRQn=true\:0\:0\:false\:false\:true\:true\:false
+NVIC.HardFault_IRQn=true\:0\:0\:false\:false\:true\:true\:false\:false
+NVIC.MemoryManagement_IRQn=true\:0\:0\:false\:false\:true\:true\:false\:false
+NVIC.NonMaskableInt_IRQn=true\:0\:0\:false\:false\:true\:true\:false\:false
+NVIC.PendSV_IRQn=true\:0\:0\:false\:false\:true\:true\:false\:false
 NVIC.PriorityGroup=NVIC_PRIORITYGROUP_4
-NVIC.SVCall_IRQn=true\:0\:0\:false\:false\:true\:true\:false
-NVIC.SysTick_IRQn=true\:0\:0\:false\:false\:true\:true\:true
-NVIC.USART2_IRQn=true\:0\:0\:false\:false\:true\:true\:true
-NVIC.UsageFault_IRQn=true\:0\:0\:false\:false\:true\:true\:false
+NVIC.SVCall_IRQn=true\:0\:0\:false\:false\:true\:true\:false\:false
+NVIC.SysTick_IRQn=true\:0\:0\:false\:false\:true\:true\:true\:false
+NVIC.USART2_IRQn=true\:0\:0\:false\:false\:true\:true\:true\:true
+NVIC.UsageFault_IRQn=true\:0\:0\:false\:false\:true\:true\:false\:false
 PA10.GPIOParameters=GPIO_Label
 PA10.GPIO_Label=USB_ID
 PA10.Locked=true
@ -281,6 +284,17 @@ VP_RTC_VS_RTC_Activate.Mode=RTC_Enabled
 VP_RTC_VS_RTC_Activate.Signal=RTC_VS_RTC_Activate
 VP_SYS_VS_Systick.Mode=SysTick
 VP_SYS_VS_Systick.Signal=SYS_VS_Systick
+VP_wolfSSL.I-CUBE-wolfSSL_VS_wolfSSLJjwolfSSL_5.5.3_5.5.3.Mode=wolfSSLJjwolfSSL
+VP_wolfSSL.I-CUBE-wolfSSL_VS_wolfSSLJjwolfSSL_5.5.3_5.5.3.Signal=wolfSSL.I-CUBE-wolfSSL_VS_wolfSSLJjwolfSSL_5.5.3_5.5.3
 board=NUCLEO-F446ZE
 boardIOC=true
+wolfSSL.I-CUBE-wolfSSL.5.5.3.IPParameters=WOLF_CONF_PQM4,WOLF_CONF_DEBUG,WOLF_CONF_RNG,wolfSSLCcwolfSSLJjwolfSSLJjCore,wolfSSLCcwolfSSLJjwolfCryptJjCore,wolfSSLCcwolfSSLJjwolfCryptJjTest
+wolfSSL.I-CUBE-wolfSSL.5.5.3.WOLF_CONF_DEBUG=1
+wolfSSL.I-CUBE-wolfSSL.5.5.3.WOLF_CONF_PQM4=1
+wolfSSL.I-CUBE-wolfSSL.5.5.3.WOLF_CONF_RNG=1
+wolfSSL.I-CUBE-wolfSSL.5.5.3.wolfSSLCcwolfSSLJjwolfCryptJjCore=true
+wolfSSL.I-CUBE-wolfSSL.5.5.3.wolfSSLCcwolfSSLJjwolfCryptJjTest=true
+wolfSSL.I-CUBE-wolfSSL.5.5.3.wolfSSLCcwolfSSLJjwolfSSLJjCore=true
+wolfSSL.I-CUBE-wolfSSL.5.5.3.wolfSSLJjwolfSSL_Checked=true
+wolfSSL.I-CUBE-wolfSSL.5.5.3_SwParameter=wolfSSLCcwolfSSLJjwolfCryptJjCore\:true;wolfSSLCcwolfSSLJjwolfCryptJjTest\:true;wolfSSLCcwolfSSLJjwolfSSLJjCore\:true;
 isbadioc=false