STM32C5A3ZG: bare-metal wolfIP port + TLS 1.3 mutual auth with a HUK-protected identity key#142
Open
dgarske wants to merge 2 commits into
Open
STM32C5A3ZG: bare-metal wolfIP port + TLS 1.3 mutual auth with a HUK-protected identity key#142dgarske wants to merge 2 commits into
dgarske wants to merge 2 commits into
Conversation
…K HUK-protected identity key
9f824fd to
6f034bb
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 25 out of 26 changed files in this pull request and generated 3 comments.
Comments suppressed due to low confidence (5)
src/port/tls_client.c:159
- debug_print_kv() negates val to print it, but
-valis undefined/overflows for INT_MIN. That can produce incorrect output or UB in error paths. Use a safe absolute-value conversion for signed ints.
src/port/tls_client.c:311 - TLS client currently disables all server certificate verification (WOLFSSL_VERIFY_NONE). That makes TLS susceptible to MITM even when mutual-auth is enabled. Since tls_certs.h already embeds a CA certificate, consider adding a build-time option to verify the peer and load the CA when enabled.
src/port/tls_client.c:306 - In ENABLE_DHUK_KEY builds, tls_client_init still loads
client_key_dervia wolfSSL_CTX_use_PrivateKey_buffer(). That key is the raw identity scalar per tls_certs.h comments, so it will be parsed/held by wolfSSL in software memory, undermining the goal of keeping the identity key HUK/DHUK-protected. This likely needs a DHUK-only path that does not embed or load the raw private key (e.g., load only the cert and rely on the PK callback / a non-sensitive placeholder key).
src/port/tls_client.c:60 - dhuk_provision_key() uses wc_ForceZero() style wiping elsewhere in this repo, but tls_client.c doesn't include the header that declares it. Add <wolfssl/wolfcrypt/memory.h> before using wc_ForceZero to avoid implicit declarations / build breaks on stricter compilers.
src/port/tls_client.c:243 - dhuk_provision_key() leaves the wrapped scalar in a stack buffer (
wrapped) and returns early on errors without wiping it. Even though the demo scalar is public, production provisioning would make this sensitive; wipewrappedon both success and error paths once it has been populated.
…d self-test, docs, cppcheck fix
6f034bb to
7eeb89b
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
New wolfIP port for the NUCLEO-C5A3ZG (Cortex-M33F, no TrustZone), reusing the shared STM32 DWC GMAC driver (one
STM32C5alias insrc/port/stm32/stm32_eth.c). All milestones validated on hardware.What works (HW-validated)
openssl s_server -Verify 1,TLS_AES_128_GCM_SHA256; peer verifies the device client cert.verify return:1is the proof.Build
make(network only) /make ENABLE_CB_SELFTEST=1/make ENABLE_TLS_CLIENT=1/make ENABLE_TLS_CLIENT=1 ENABLE_DHUK_KEY=1.WOLFSSL_ROOT, default../wolfssl-c5tls).mode=UR). Flash 3.0% -> 21.9% across the variants.Notable fixes in this port
_sbrknow uses the linker.heapregion (was overlapping the Ethernet DMA buffers -> packet DMA corrupted malloc'd TLS objects).WC_STM32_RNG_CED_DISABLE/CR.CED; false-trips on the 48 MHz CK48).WOLFSSL_SMALL_STACK.Scope
Config A: identity key on the callback, ephemeral ECDHE in software. Config B (route ECDHE through the callback to strip software ECC) is a follow-on. Demo identity key is a public NIST CAVP vector; production provisions the wrapped blob off-device.