wolfSSL
diff --git a/‎.wolfssl_known_macro_extras‎
Lines changed: 1 addition & 0 deletions b/‎.wolfssl_known_macro_extras‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎IDE/STM32Cube/README.md‎
Lines changed: 19 additions & 10 deletions b/‎IDE/STM32Cube/README.md‎
Lines changed: 19 additions & 10 deletions
diff --git a/‎IDE/STM32Cube/STM32_Benchmarks.md‎
Lines changed: 143 additions & 7 deletions b/‎IDE/STM32Cube/STM32_Benchmarks.md‎
Lines changed: 143 additions & 7 deletions
diff --git a/‎IDE/STM32Cube/default_conf.ftl‎
Lines changed: 25 additions & 14 deletions b/‎IDE/STM32Cube/default_conf.ftl‎
Lines changed: 25 additions & 14 deletions
@@ -460,6 +460,7 @@ STM32H723xx
 STM32H725xx
 STM32H743xx
 STM32H753xx
+STM32H7S3xx
 STM32L475xx
 STM32L4A6xx
 STM32L552xx
 
@@ -15,30 +15,34 @@ You need both the STM32 IDE and the STM32 initialization code generator (STM32Cu
 * STM32CubeIDE: Integrated Development Environment for STM32 [https://www.st.com/en/development-tools/stm32cubeide.html](https://www.st.com/en/development-tools/stm32cubeide.html)
 * STM32CubeMX: STM32Cube initialization code generator [https://www.st.com/en/development-tools/stm32cubemx.html](https://www.st.com/en/development-tools/stm32cubemx.html)
 
-## STM32 Cube Pack
+## STM32 Cube Pack Install
 
-### STM32 Cube Pack Installation
+The STM32 Cube packs are integrated into the STM32CubeIDE and STM32CubeMX tools. You will find packs for wolfSSL, wolfSSH, wolfTPM and wolfMQTT.
+
+If you need to manually install a Cube Pack you can do the following:
 
 1. Download [wolfSSL Cube Pack](https://www.wolfssl.com/files/ide/I-CUBE-wolfSSL.pack)
-2. Run the “STM32CubeMX” tool.
-3. Under “Manage software installations” pane on the right, click “INSTALL/REMOVE” button. This can be also found by clicking "Help" -> "Managed embedded software packages"
-4. From Local and choose “I-CUBE-wolfSSL.pack”.
+2. Run the "STM32CubeMX" tool.
+3. Under "Manage software installations" pane on the right, click "INSTALL/REMOVE" button. This can be also found by clicking "Help" -> "Managed embedded software packages"
+4. From Local and choose "I-CUBE-wolfSSL.pack".
 5. Accept the GPLv2 license. Contact wolfSSL at sales@wolfssl.com for a commercial license and support/maintenance.
 
 ### STM32 Cube Pack Usage
 
 1. Create or open a Cube Project based on your hardware. See the sections below for creating a project and finding the example projects.
-2. Under “Software Packs” choose “Select Components”.
+2. Under "Software Packs" choose "Select Components".
 3. Find and check all components for the wolfSSL.wolfSSL packs (wolfSSL / Core, wolfCrypt / Core and wolfCrypt / Test). Close
-4. Under the “Software Packs” section click on “wolfSSL.wolfSSL” and configure the parameters.
-5. For Cortex-M recommend “Math Configuration” -> “Single Precision Cortex-M Math” for the fastest option. If seeing `error: r7 cannot be used in 'asm` add `-fomit-frame-pointer` to the CFLAGS. This only happens in debug builds, because r7 is used for debug.
+4. Under the "Software Packs" section click on "wolfSSL.wolfSSL" and configure the parameters.
+5. For Cortex-M recommend "Math Configuration" -> "Single Precision Cortex-M Math" for the fastest option.
+  - If seeing `error: r7 cannot be used in 'asm` add `-fomit-frame-pointer` to the CFLAGS. This only happens in debug builds, because `r7` is used for debug.
 6. Hit the "Generate Code" button
 7. Open the project in STM32CubeIDE
 8. The Benchmark example uses float. To enable go to "Project Properties" -> "C/C++ Build" -> "Settings" -> "Tool Settings" -> "MCU Settings" -> Check "Use float with printf".
 9. To enable printf make the `main.c` changes below in the [STM32 Printf](#stm32-printf) section.
 
-
-**Note:** The STM32MP13 will likely require you to use DDR RAM, as well as enabling MMU and caches for optimum performance. Please see the `STM32MP13.md` file in `wolfcrypt/src/port/st` for more information on how to do this.
+**Notes:**
+* The STM32MP13 will likely require you to use DDR RAM, as well as enabling MMU and caches for optimum performance. Please see the `STM32MP13.md` file in `wolfcrypt/src/port/st` for more information on how to do this.
+* The STM32H7S only has 64KB of onboard flash. Customers typically use an external SPI NOR flash with XIP. The `Template_XIP_Boot` project is flashed to onboard and it starts up the SPI Flash with XIP and loads the application. To use this you need to make sure the option byte `XSPI2_HSLB` is set to enable XSPIM_P2 high speed support, otherwise the MX_EXTMEM_MANAGER_Init() will timeout and fail.
 
 ### Creating your own STM32CubeMX configuration
 
@@ -89,6 +93,7 @@ The section for "Hardware platform" may need to be adjusted depending on your pr
 * To enable STM32L4 support define `WOLFSSL_STM32L4`.
 * To enable STM32L5 support define `WOLFSSL_STM32L5`.
 * To enable STM32H7 support define `WOLFSSL_STM32H7`.
+* To enable STM32H7S support define `WOLFSSL_STM32H7S`.
 * To enable STM32WB support define `WOLFSSL_STM32WB`.
 * To enable STM32WL support define `WOLFSSL_STM32WL`.
 * To enable STM32U5 support define `WOLFSSL_STM32U5`.
@@ -110,6 +115,10 @@ To enable the latest Cube HAL support please define `STM32_HAL_V2`.
 
 If you'd like to use the older Standard Peripheral library undefine `WOLFSSL_STM32_CUBEMX`.
 
+## Workarounds
+
+### STM32F7 AES GCM with pack v1.17.0 or older
+
 With STM32 Cube HAL v2 some AES GCM hardware has a limitation for the AAD header, which must be a multiple of 4 bytes. If your HAL does not support `CRYP_HEADERWIDTHUNIT_BYTE` then consider adding `STM32_AESGCM_PARTIAL` if you are getting AES GCM authentication failures. This bug existed in v1.16.0 or later.
 
 The STM32F7 v1.17.0 pack has a bug in the AES GCM code for handling of additional authentication data when not a multiple of 4 bytes. To patch see `stm32f7xx_hal_cryp.c` -> `CRYP_GCMCCM_SetHeaderPhase`:
 
@@ -1,16 +1,16 @@
 # STM Benchmarks
 
-* [STM32H753ZI](#stm32h753zi)
-* [STM32WB55](#stm32wb55)
-* [STM32WL55](#stm32wl55)
 * [STM32F437](#stm32f437)
+* [STM32F777](#stm32f777)
+* [STM32G071RB](#stm32g071rb)
+* [STM32H563ZI](#stm32h563zi)
+* [STM32H753ZI](#stm32h753zi)
+* [STM32H7S3](#stm32h7s3)
 * [STM32L4A6Z](#stm32l4a6z)
 * [STM32L562E](#stm32l562e)
-* [STM32F777](#stm32f777)
 * [STM32U585](#stm32u585)
-* [STM32H563ZI](#stm32h563zi)
-* [STM32G071RB](#stm32g071rb)
-
+* [STM32WB55](#stm32wb55)
+* [STM32WL55](#stm32wl55)
 
 ## STM32H753ZI
 
@@ -172,6 +172,142 @@ Benchmark Test: Return code 0
 ```
 
 
+## STM32H7S3
+
+Supports RNG, PKA ECC P-256, AES-GCM/CCM/CTR/CBC and SHA-1/2 acceleration.
+
+Board: NUCLEO-H7S3L8
+CPU: Cortex-M7 at 600 MHz
+IDE: STM32CubeIDE
+RTOS: Bare-metal
+
+### STM32H7S3 (-Os, HW Crypto (AES/HASH/PKA), WOLF_CONF_MATH=3 (sp_c32.c))
+
+```
+------------------------------------------------------------------------------
+ wolfSSL version 5.7.6
+------------------------------------------------------------------------------
+wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
+RNG                          2 MiB took 1.004 seconds,    1.897 MiB/s
+AES-128-CBC-enc             16 MiB took 1.000 seconds,   15.747 MiB/s
+AES-128-CBC-dec             16 MiB took 1.000 seconds,   15.527 MiB/s
+AES-192-CBC-enc             16 MiB took 1.000 seconds,   15.723 MiB/s
+AES-192-CBC-dec             16 MiB took 1.000 seconds,   15.527 MiB/s
+AES-256-CBC-enc             16 MiB took 1.000 seconds,   15.698 MiB/s
+AES-256-CBC-dec             16 MiB took 1.000 seconds,   15.527 MiB/s
+AES-128-GCM-enc              1 MiB took 1.012 seconds,    1.037 MiB/s
+AES-128-GCM-dec              1 MiB took 1.012 seconds,    1.037 MiB/s
+AES-192-GCM-enc              1 MiB took 1.008 seconds,    1.041 MiB/s
+AES-192-GCM-dec              1 MiB took 1.012 seconds,    1.037 MiB/s
+AES-256-GCM-enc              1 MiB took 1.016 seconds,    1.033 MiB/s
+AES-256-GCM-dec              1 MiB took 1.016 seconds,    1.033 MiB/s
+AES-128-GCM-enc-no_AAD       1 MiB took 1.004 seconds,    1.046 MiB/s
+AES-128-GCM-dec-no_AAD       1 MiB took 1.000 seconds,    1.050 MiB/s
+AES-192-GCM-enc-no_AAD       1 MiB took 1.000 seconds,    1.050 MiB/s
+AES-192-GCM-dec-no_AAD       1 MiB took 1.019 seconds,    1.054 MiB/s
+AES-256-GCM-enc-no_AAD       1 MiB took 1.004 seconds,    1.046 MiB/s
+AES-256-GCM-dec-no_AAD       1 MiB took 1.008 seconds,    1.041 MiB/s
+GMAC Table 4-bit             2 MiB took 1.000 seconds,    1.716 MiB/s
+CHACHA                      32 MiB took 1.000 seconds,   31.714 MiB/s
+CHA-POLY                    15 MiB took 1.000 seconds,   15.308 MiB/s
+POLY1305                    58 MiB took 1.000 seconds,   57.861 MiB/s
+SHA-256                     88 MiB took 1.000 seconds,   88.062 MiB/s
+HMAC-SHA256                 83 MiB took 1.000 seconds,   83.032 MiB/s
+RSA     2048   public       352 ops took 1.000 sec, avg 2.841 ms, 352.000 ops/sec
+RSA     2048  private         6 ops took 1.004 sec, avg 167.333 ms, 5.976 ops/sec
+DH      2048  key gen        15 ops took 1.027 sec, avg 68.467 ms, 14.606 ops/sec
+DH      2048    agree        16 ops took 1.113 sec, avg 69.563 ms, 14.376 ops/sec
+ECC   [      SECP256R1]   256  key gen        60 ops took 1.012 sec, avg 16.867 ms, 59.289 ops/sec
+ECDHE [      SECP256R1]   256    agree        60 ops took 1.008 sec, avg 16.800 ms, 59.524 ops/sec
+ECDSA [      SECP256R1]   256     sign       106 ops took 1.008 sec, avg 9.509 ms, 105.159 ops/sec
+ECDSA [      SECP256R1]   256   verify       100 ops took 1.011 sec, avg 10.110 ms, 98.912 ops/sec
+```
+
+### STM32H7S3 (-Os, No HW Crypto, WOLF_CONF_ARMASM=1, WOLF_CONF_MATH=6 (sp_int.c))
+
+```
+------------------------------------------------------------------------------
+ wolfSSL version 5.7.6
+------------------------------------------------------------------------------
+wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
+RNG                          4 MiB took 1.000 seconds,    3.516 MiB/s
+AES-128-CBC-enc            425 KiB took 1.027 seconds,  413.827 KiB/s
+AES-128-CBC-dec            425 KiB took 1.016 seconds,  418.307 KiB/s
+AES-192-CBC-enc            350 KiB took 1.015 seconds,  344.828 KiB/s
+AES-192-CBC-dec            350 KiB took 1.020 seconds,  343.137 KiB/s
+AES-256-CBC-enc            300 KiB took 1.015 seconds,  295.567 KiB/s
+AES-256-CBC-dec            300 KiB took 1.004 seconds,  298.805 KiB/s
+AES-128-GCM-enc            375 KiB took 1.067 seconds,  351.453 KiB/s
+AES-128-GCM-dec            375 KiB took 1.062 seconds,  353.107 KiB/s
+AES-192-GCM-enc            300 KiB took 1.004 seconds,  298.805 KiB/s
+AES-192-GCM-dec            300 KiB took 1.004 seconds,  298.805 KiB/s
+AES-256-GCM-enc            275 KiB took 1.047 seconds,  262.655 KiB/s
+AES-256-GCM-dec            275 KiB took 1.051 seconds,  261.656 KiB/s
+AES-128-GCM-enc-no_AAD     375 KiB took 1.067 seconds,  351.453 KiB/s
+AES-128-GCM-dec-no_AAD     375 KiB took 1.062 seconds,  353.107 KiB/s
+AES-192-GCM-enc-no_AAD     300 KiB took 1.004 seconds,  298.805 KiB/s
+AES-192-GCM-dec-no_AAD     300 KiB took 1.004 seconds,  298.805 KiB/s
+AES-256-GCM-enc-no_AAD     275 KiB took 1.051 seconds,  261.656 KiB/s
+AES-256-GCM-dec-no_AAD     275 KiB took 1.051 seconds,  261.656 KiB/s
+GMAC Table 4-bit             8 MiB took 1.000 seconds,    8.456 MiB/s
+CHACHA                      51 MiB took 1.000 seconds,   50.879 MiB/s
+CHA-POLY                    27 MiB took 1.000 seconds,   27.100 MiB/s
+POLY1305                   165 MiB took 1.000 seconds,  164.990 MiB/s
+SHA-256                     16 MiB took 1.000 seconds,   16.382 MiB/s
+HMAC-SHA256                 16 MiB took 1.000 seconds,   16.187 MiB/s
+RSA     2048   public       358 ops took 1.004 sec, avg 2.804 ms, 356.574 ops/sec
+RSA     2048  private         6 ops took 1.004 sec, avg 167.333 ms, 5.976 ops/sec
+DH      2048  key gen        15 ops took 1.027 sec, avg 68.467 ms, 14.606 ops/sec
+DH      2048    agree        16 ops took 1.094 sec, avg 68.375 ms, 14.625 ops/sec
+ECC   [      SECP256R1]   256  key gen        60 ops took 1.015 sec, avg 16.917 ms, 59.113 ops/sec
+ECDHE [      SECP256R1]   256    agree        60 ops took 1.012 sec, avg 16.867 ms, 59.289 ops/sec
+ECDSA [      SECP256R1]   256     sign        48 ops took 1.008 sec, avg 21.000 ms, 47.619 ops/sec
+ECDSA [      SECP256R1]   256   verify        28 ops took 1.019 sec, avg 36.393 ms, 27.478 ops/sec
+```
+
+### STM32H7S3 (-Os, No HW Crypto, WOLF_CONF_ARMASM=1, WOLF_CONF_MATH=3 (sp_c32.c))
+
+```
+------------------------------------------------------------------------------
+ wolfSSL version 5.7.6
+------------------------------------------------------------------------------
+wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
+RNG                          4 MiB took 1.004 seconds,    3.939 MiB/s
+AES-128-CBC-enc            425 KiB took 1.028 seconds,  413.424 KiB/s
+AES-128-CBC-dec            425 KiB took 1.019 seconds,  417.076 KiB/s
+AES-192-CBC-enc            350 KiB took 1.016 seconds,  344.488 KiB/s
+AES-192-CBC-dec            350 KiB took 1.016 seconds,  344.488 KiB/s
+AES-256-CBC-enc            300 KiB took 1.012 seconds,  296.443 KiB/s
+AES-256-CBC-dec            300 KiB took 1.012 seconds,  296.443 KiB/s
+AES-128-GCM-enc            375 KiB took 1.066 seconds,  351.782 KiB/s
+AES-128-GCM-dec            375 KiB took 1.067 seconds,  351.453 KiB/s
+AES-192-GCM-enc            300 KiB took 1.004 seconds,  298.805 KiB/s
+AES-192-GCM-dec            300 KiB took 1.003 seconds,  299.103 KiB/s
+AES-256-GCM-enc            275 KiB took 1.051 seconds,  261.656 KiB/s
+AES-256-GCM-dec            275 KiB took 1.051 seconds,  261.656 KiB/s
+AES-128-GCM-enc-no_AAD     375 KiB took 1.067 seconds,  351.453 KiB/s
+AES-128-GCM-dec-no_AAD     375 KiB took 1.066 seconds,  351.782 KiB/s
+AES-192-GCM-enc-no_AAD     300 KiB took 1.000 seconds,  300.000 KiB/s
+AES-192-GCM-dec-no_AAD     300 KiB took 1.004 seconds,  298.805 KiB/s
+AES-256-GCM-enc-no_AAD     275 KiB took 1.047 seconds,  262.655 KiB/s
+AES-256-GCM-dec-no_AAD     275 KiB took 1.051 seconds,  261.656 KiB/s
+GMAC Table 4-bit             8 MiB took 1.000 seconds,    8.439 MiB/s
+CHACHA                      51 MiB took 1.000 seconds,   51.147 MiB/s
+CHA-POLY                    28 MiB took 1.000 seconds,   27.588 MiB/s
+POLY1305                   168 MiB took 1.000 seconds,  168.140 MiB/s
+SHA-256                     16 MiB took 1.000 seconds,   16.333 MiB/s
+HMAC-SHA256                 16 MiB took 1.000 seconds,   16.016 MiB/s
+RSA     2048   public       360 ops took 1.004 sec, avg 2.789 ms, 358.566 ops/sec
+RSA     2048  private         6 ops took 1.008 sec, avg 168.000 ms, 5.952 ops/sec
+DH      2048  key gen        15 ops took 1.050 sec, avg 70.000 ms, 14.286 ops/sec
+DH      2048    agree        16 ops took 1.098 sec, avg 68.625 ms, 14.572 ops/sec
+ECC   [      SECP256R1]   256  key gen        60 ops took 1.016 sec, avg 16.933 ms, 59.055 ops/sec
+ECDHE [      SECP256R1]   256    agree        60 ops took 1.012 sec, avg 16.867 ms, 59.289 ops/sec
+ECDSA [      SECP256R1]   256     sign        48 ops took 1.012 sec, avg 21.083 ms, 47.431 ops/sec
+ECDSA [      SECP256R1]   256   verify        28 ops took 1.020 sec, avg 36.429 ms, 27.451 ops/sec
+```
+
+
 ## STM32WB55
 
 Supports RNG, ECC P-256, AES-CBC and SHA-256 acceleration.
 
@@ -102,6 +102,12 @@ extern ${variable.value} ${variable.name};
     #undef  NO_STM32_CRYPTO
     #define STM32_HAL_V2
     #define HAL_CONSOLE_UART huart3
+#elif defined(STM32H7S3xx)
+    #define WOLFSSL_STM32H7S
+    #undef  NO_STM32_HASH
+    #undef  NO_STM32_CRYPTO
+    #define WOLFSSL_STM32_PKA
+    #define HAL_CONSOLE_UART huart3
 #elif defined(STM32H753xx)
     #define WOLFSSL_STM32H7
     #undef  NO_STM32_HASH
@@ -326,6 +332,10 @@ extern ${variable.value} ${variable.name};
 #if defined(WOLF_CONF_DTLS) && WOLF_CONF_DTLS == 1
     #define WOLFSSL_DTLS
 #endif
+#if defined(WOLF_CONF_DTLS13) && WOLF_CONF_DTLS13 == 1
+    #define WOLFSSL_DTLS13
+    #define WOLFSSL_SEND_HRR_COOKIE
+#endif
 #if defined(WOLF_CONF_PSK) && WOLF_CONF_PSK == 0
     #define NO_PSK
 #endif
@@ -575,25 +585,25 @@ extern ${variable.value} ${variable.name};
 /* NOTE: this is after the hashing section to override the potential SHA3 undef
  * above. */
 #if defined(WOLF_CONF_KYBER) && WOLF_CONF_KYBER == 1
-#undef  WOLFSSL_EXPERIMENTAL_SETTINGS
-#define WOLFSSL_EXPERIMENTAL_SETTINGS
+    #undef  WOLFSSL_EXPERIMENTAL_SETTINGS
+    #define WOLFSSL_EXPERIMENTAL_SETTINGS
 
-#undef  WOLFSSL_HAVE_KYBER
-#define WOLFSSL_HAVE_KYBER
+    #undef  WOLFSSL_HAVE_KYBER
+    #define WOLFSSL_HAVE_KYBER
 
-#undef  WOLFSSL_WC_KYBER
-#define WOLFSSL_WC_KYBER
+    #undef  WOLFSSL_WC_KYBER
+    #define WOLFSSL_WC_KYBER
 
-#undef  WOLFSSL_NO_SHAKE128
-#undef  WOLFSSL_SHAKE128
-#define WOLFSSL_SHAKE128
+    #undef  WOLFSSL_NO_SHAKE128
+    #undef  WOLFSSL_SHAKE128
+    #define WOLFSSL_SHAKE128
 
-#undef  WOLFSSL_NO_SHAKE256
-#undef  WOLFSSL_SHAKE256
-#define WOLFSSL_SHAKE256
+    #undef  WOLFSSL_NO_SHAKE256
+    #undef  WOLFSSL_SHAKE256
+    #define WOLFSSL_SHAKE256
 
-#undef  WOLFSSL_SHA3
-#define WOLFSSL_SHA3
+    #undef  WOLFSSL_SHA3
+    #define WOLFSSL_SHA3
 #endif /* WOLF_CONF_KYBER */
 
 /* ------------------------------------------------------------------------- */
@@ -608,6 +618,7 @@ extern ${variable.value} ${variable.name};
     #define WOLFSSL_ARMASM_INLINE
     #define WOLFSSL_ARMASM_NO_HW_CRYPTO
     #define WOLFSSL_ARMASM_NO_NEON
+    #define WOLFSSL_ARMASM_THUMB2
     #define WOLFSSL_ARM_ARCH 7
     /* Disable H/W offloading if accelerating S/W crypto */
     #undef  NO_STM32_HASH