Add STM32MP13 HAL support for more SHA types

This adds STM32 HAL support for: * SHA384 * SHA512 (with -224 and -256) * SHA3 (all variants apart from SHAKE) The partial FIFO block calculations have been adjusted based in the STM32 code to support the larger hash sizes. This should work with other chips such as the STM32U5xx, but is not enabled for that yet.
wolfSSL · Nov 27, 2024 · f15dbb9 · f15dbb9
1 parent e9a4f7d
commit f15dbb9
Show file tree

Hide file tree

Showing 6 changed files with 375 additions and 16 deletions.
diff --git a/wolfcrypt/src/port/st/stm32.c b/wolfcrypt/src/port/st/stm32.c
@@ -137,6 +137,9 @@ static void wc_Stm32_Hash_SaveContext(STM32_HASH_Context* ctx)
     ctx->HASH_IMR = HASH->IMR;
     ctx->HASH_STR = HASH->STR;
     ctx->HASH_CR  = HASH->CR;
+#ifdef STM32_HASH_SHA3
+    ctx->SHA3CFGR  = HASH->SHA3CFGR;
+#endif
     for (i=0; i<HASH_CR_SIZE; i++) {
         ctx->HASH_CSR[i] = HASH->CSR[i];
     }
@@ -184,6 +187,9 @@ static void wc_Stm32_Hash_RestoreContext(STM32_HASH_Context* ctx, int algo)
         HASH->IMR = ctx->HASH_IMR;
         HASH->STR = ctx->HASH_STR;
         HASH->CR = ctx->HASH_CR;
+#ifdef STM32_HASH_SHA3
+        HASH->SHA3CFGR = ctx->SHA3CFGR;
+#endif
 
         /* Initialize the hash processor */
         HASH->CR |= HASH_CR_INIT;
@@ -329,11 +335,11 @@ int wc_Stm32_Hash_Update(STM32_HASH_Context* stmCtx, word32 algo,
     while (len) {
         word32 add;
 
-        /* fill the FIFO plus one additional to flush the block */
-        chunkSz = ((STM32_HASH_FIFO_SIZE + 1) * STM32_HASH_REG_SIZE);
-        /* account for extra bytes in the FIFO (use mask 0x3F to get remain) */
-        chunkSz -= (stmCtx->fifoBytes &
-            ((STM32_HASH_FIFO_SIZE * STM32_HASH_REG_SIZE)-1));
+        chunkSz = blockSize;
+        /* fill the FIFO plus one additional to flush the first block */
+        if (!stmCtx->fifoBytes) {
+            chunkSz += STM32_HASH_REG_SIZE;
+        }
 
         add = min(len, chunkSz - stmCtx->buffLen);
         XMEMCPY(&local[stmCtx->buffLen], data, add);

diff --git a/wolfcrypt/src/sha3.c b/wolfcrypt/src/sha3.c
@@ -299,7 +299,7 @@ void BlockSha3(word64* s)
  */
 #define ROTL64(a, n)    (((a)<<(n))|((a)>>(64-(n))))
 
-
+#if !defined(STM32_HASH_SHA3)
 /* An array of values to XOR for block operation. */
 static const word64 hash_keccak_r[24] =
 {
@@ -316,6 +316,7 @@ static const word64 hash_keccak_r[24] =
     W64LIT(0x8000000080008081), W64LIT(0x8000000000008080),
     W64LIT(0x0000000080000001), W64LIT(0x8000000080008008)
 };
+#endif
 
 /* Indices used in swap and rotate operation. */
 #define KI_0     6
@@ -533,6 +534,7 @@ do {                                                      \
 while (0)
 #endif /* SHA3_BY_SPEC */
 
+#if !defined(STM32_HASH_SHA3)
 /* The block operation performed on the state.
  *
  * s  The state.
@@ -562,8 +564,10 @@ void BlockSha3(word64* s)
     }
 }
 #endif /* WOLFSSL_SHA3_SMALL */
+#endif /* STM32_HASH_SHA3 */
 #endif /* !WOLFSSL_ARMASM && !WOLFSSL_RISCV_ASM */
 
+#if !defined(STM32_HASH_SHA3)
 static WC_INLINE word64 Load64Unaligned(const unsigned char *a)
 {
     return ((word64)a[0] <<  0) |
@@ -617,6 +621,7 @@ static word64 Load64BitBigEndian(const byte* a)
  * sha3   wc_Sha3 object holding state.
  * returns 0 on success.
  */
+
 static int InitSha3(wc_Sha3* sha3)
 {
     int i;
@@ -797,6 +802,84 @@ static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, word32 l)
 
     return 0;
 }
+#endif
+#if defined(STM32_HASH_SHA3)
+
+    /* Supports CubeMX HAL or Standard Peripheral Library */
+
+    static int wc_InitSha3(wc_Sha3* sha3, void* heap, int devId)
+    {
+        if (sha3 == NULL)
+            return BAD_FUNC_ARG;
+
+        (void)devId;
+        (void)heap;
+
+        XMEMSET(sha3, 0, sizeof(wc_Sha3));
+        wc_Stm32_Hash_Init(&sha3->stmCtx);
+        return 0;
+    }
+
+    static int Stm32GetAlgo(byte p)
+    {
+        switch(p) {
+            case WC_SHA3_224_COUNT:
+                return HASH_ALGOSELECTION_SHA3_224;
+            case WC_SHA3_256_COUNT:
+                return HASH_ALGOSELECTION_SHA3_256;
+            case WC_SHA3_384_COUNT:
+                return HASH_ALGOSELECTION_SHA3_384;
+            case WC_SHA3_512_COUNT:
+                return HASH_ALGOSELECTION_SHA3_512;
+        }
+        /* Should never get here */
+        return WC_SHA3_224_COUNT;
+    }
+
+    static int wc_Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p)
+    {
+        int ret = 0;
+
+        if (sha3 == NULL) {
+            return BAD_FUNC_ARG;
+        }
+        if (data == NULL && len == 0) {
+            /* valid, but do nothing */
+            return 0;
+        }
+        if (data == NULL) {
+            return BAD_FUNC_ARG;
+        }
+
+        ret = wolfSSL_CryptHwMutexLock();
+        if (ret == 0) {
+            ret = wc_Stm32_Hash_Update(&sha3->stmCtx,
+                Stm32GetAlgo(p), data, len, p * 8);
+            wolfSSL_CryptHwMutexUnLock();
+        }
+        return ret;
+    }
+
+    static int wc_Sha3Final(wc_Sha3* sha3, byte* hash, byte p, byte len)
+    {
+        int ret = 0;
+
+        if (sha3 == NULL || hash == NULL) {
+            return BAD_FUNC_ARG;
+        }
+
+        ret = wolfSSL_CryptHwMutexLock();
+        if (ret == 0) {
+            ret = wc_Stm32_Hash_Final(&sha3->stmCtx,
+                Stm32GetAlgo(p), hash, len);
+            wolfSSL_CryptHwMutexUnLock();
+        }
+
+        (void)wc_InitSha3(sha3, NULL, 0); /* reset state */
+
+        return ret;
+    }
+#else
 
 /* Initialize the state for a SHA-3 hash operation.
  *
@@ -944,7 +1027,7 @@ static int wc_Sha3Final(wc_Sha3* sha3, byte* hash, byte p, byte len)
 
     return InitSha3(sha3);  /* reset state */
 }
-
+#endif
 /* Dispose of any dynamically allocated data from the SHA3-384 operation.
  * (Required for async ops.)
  *