Support for STM32 HMAC hardware

Author: dgarske

wolfcrypt/src/hmac.c

@@ -533,6 +533,54 @@ int wc_HmacSetKey_ex(Hmac* hmac, int type, const byte* key, word32 length,
     return 0;
 #else
 
+#if defined(STM32_HASH) && defined(STM32_HMAC)
+    {
+        word32 stmAlgo, stmBlockSize, stmDigestSize;
+        /* Check if this hash type is supported by STM32 HMAC hardware */
+        if (wc_Stm32_Hmac_GetAlgoInfo(type, &stmAlgo, &stmBlockSize,
+                                       &stmDigestSize) == 0) {
+            /* Store raw key - pre-hash if longer than hash block size */
+            if (length <= stmBlockSize) {
+                if (key != NULL) {
+                    XMEMCPY(hmac->stmKey, key, length);
+                }
+                hmac->stmKeyLen = length;
+            }
+            else {
+                /* Pre-hash long key using STM32 HASH hardware */
+                STM32_HASH_Context tmpCtx;
+                wc_Stm32_Hash_Init(&tmpCtx);
+                ret = wolfSSL_CryptHwMutexLock();
+                if (ret == 0) {
+                    ret = wc_Stm32_Hash_Update(&tmpCtx, stmAlgo,
+                        key, length, stmBlockSize);
+                    if (ret == 0) {
+                        ret = wc_Stm32_Hash_Final(&tmpCtx, stmAlgo,
+                            hmac->stmKey, stmDigestSize);
+                    }
+                    wolfSSL_CryptHwMutexUnLock();
+                }
+                if (ret != 0)
+                    return ret;
+                hmac->stmKeyLen = stmDigestSize;
+            }
+
+            /* HW HMAC Phase 1: feed key */
+            ret = wolfSSL_CryptHwMutexLock();
+            if (ret == 0) {
+                ret = wc_Stm32_Hmac_SetKey(&hmac->stmCtx, type,
+                    hmac->stmKey, hmac->stmKeyLen);
+                wolfSSL_CryptHwMutexUnLock();
+            }
+            if (ret == 0) {
+                hmac->innerHashKeyed = WC_HMAC_INNER_HASH_KEYED_DEV;
+            }
+            return ret;
+        }
+        /* Unsupported algo falls through to software */
+    }
+#endif /* STM32_HASH && STM32_HMAC */
+
     ip = (byte*)hmac->ipad;
     op = (byte*)hmac->opad;
 
@@ -853,6 +901,18 @@ int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
     }
 #endif /* WOLFSSL_ASYNC_CRYPT */
 
+#if defined(STM32_HASH) && defined(STM32_HMAC)
+    if (hmac->innerHashKeyed == WC_HMAC_INNER_HASH_KEYED_DEV) {
+        ret = wolfSSL_CryptHwMutexLock();
+        if (ret == 0) {
+            ret = wc_Stm32_Hmac_Update(&hmac->stmCtx, hmac->macType,
+                msg, length);
+            wolfSSL_CryptHwMutexUnLock();
+        }
+        return ret;
+    }
+#endif /* STM32_HASH && STM32_HMAC */
+
     if (!hmac->innerHashKeyed) {
 #ifndef WOLFSSL_HMAC_COPY_HASH
         ret = HmacKeyHashUpdate(hmac->macType, &hmac->hash, (byte*)hmac->ipad);
@@ -970,6 +1030,21 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
     }
 #endif /* WOLFSSL_ASYNC_CRYPT */
 
+#if defined(STM32_HASH) && defined(STM32_HMAC)
+    if (hmac->innerHashKeyed == WC_HMAC_INNER_HASH_KEYED_DEV) {
+        ret = wolfSSL_CryptHwMutexLock();
+        if (ret == 0) {
+            ret = wc_Stm32_Hmac_Final(&hmac->stmCtx, hmac->macType,
+                hmac->stmKey, hmac->stmKeyLen, hash);
+            wolfSSL_CryptHwMutexUnLock();
+        }
+        if (ret == 0) {
+            hmac->innerHashKeyed = 0;
+        }
+        return ret;
+    }
+#endif /* STM32_HASH && STM32_HMAC */
+
     if (!hmac->innerHashKeyed) {
 #ifndef WOLFSSL_HMAC_COPY_HASH
         ret = HmacKeyHashUpdate(hmac->macType, &hmac->hash, (byte*)hmac->ipad);

wolfcrypt/src/port/st/stm32.c

@@ -444,6 +444,297 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo,
     return ret;
 }
 
+#if defined(STM32_HMAC) && !defined(NO_HMAC)
+
+/* STM32 Port HMAC Functions */
+#include <wolfssl/wolfcrypt/hmac.h>
+
+int wc_Stm32_Hmac_GetAlgoInfo(int macType, word32* algo, word32* blockSize,
+    word32* digestSize)
+{
+    int ret = 0;
+
+    switch (macType) {
+    #if !defined(NO_MD5) && !defined(STM32_NOMD5)
+        case WC_MD5:
+            if (algo)       *algo = HASH_AlgoSelection_MD5;
+            if (blockSize)  *blockSize = WC_MD5_BLOCK_SIZE;
+            if (digestSize) *digestSize = WC_MD5_DIGEST_SIZE;
+            break;
+    #endif
+    #ifndef NO_SHA
+        case WC_SHA:
+            if (algo)       *algo = HASH_AlgoSelection_SHA1;
+            if (blockSize)  *blockSize = WC_SHA_BLOCK_SIZE;
+            if (digestSize) *digestSize = WC_SHA_DIGEST_SIZE;
+            break;
+    #endif
+    #ifdef WOLFSSL_SHA224
+        case WC_SHA224:
+            if (algo)       *algo = HASH_AlgoSelection_SHA224;
+            if (blockSize)  *blockSize = WC_SHA224_BLOCK_SIZE;
+            if (digestSize) *digestSize = WC_SHA224_DIGEST_SIZE;
+            break;
+    #endif
+    #ifndef NO_SHA256
+        case WC_SHA256:
+            if (algo)       *algo = HASH_AlgoSelection_SHA256;
+            if (blockSize)  *blockSize = WC_SHA256_BLOCK_SIZE;
+            if (digestSize) *digestSize = WC_SHA256_DIGEST_SIZE;
+            break;
+    #endif
+    #ifdef STM32_HASH_SHA384
+        case WC_SHA384:
+            if (algo)       *algo = HASH_ALGOSELECTION_SHA384;
+            if (blockSize)  *blockSize = WC_SHA384_BLOCK_SIZE;
+            if (digestSize) *digestSize = WC_SHA384_DIGEST_SIZE;
+            break;
+    #endif
+    #ifdef STM32_HASH_SHA512
+        case WC_SHA512:
+            if (algo)       *algo = HASH_ALGOSELECTION_SHA512;
+            if (blockSize)  *blockSize = WC_SHA512_BLOCK_SIZE;
+            if (digestSize) *digestSize = WC_SHA512_DIGEST_SIZE;
+            break;
+    #endif
+        default:
+            ret = BAD_FUNC_ARG;
+            break;
+    }
+
+    return ret;
+}
+
+static void wc_Stm32_Hmac_RestoreContext(STM32_HASH_Context* ctx,
+    word32 algo, word32 keyLen, word32 blockSize)
+{
+    int i;
+
+    if (ctx->HASH_CR == 0) {
+        /* first-time init */
+
+    #if defined(HASH_IMR_DINIE) && defined(HASH_IMR_DCIE)
+        /* Disable IRQ's */
+        HASH->IMR &= ~(HASH_IMR_DINIE | HASH_IMR_DCIE);
+    #endif
+
+        /* reset the control register */
+        HASH->CR &= ~(HASH_CR_ALGO | HASH_CR_MODE | HASH_CR_DATATYPE
+        #ifdef HASH_CR_LKEY
+            | HASH_CR_LKEY
+        #endif
+        );
+
+        /* configure algorithm, HMAC mode and data type */
+        HASH->CR |= (algo | HASH_ALGOMODE_HMAC | HASH_DATATYPE_8B);
+
+    #ifdef HASH_CR_LKEY
+        /* set LKEY bit if key is longer than block size */
+        if (keyLen > blockSize) {
+            HASH->CR |= HASH_CR_LKEY;
+        }
+    #endif
+
+        /* reset HASH processor */
+        HASH->CR |= HASH_CR_INIT;
+
+        /* by default mark all bits valid */
+        wc_Stm32_Hash_NumValidBits(0);
+
+    #ifdef DEBUG_STM32_HASH
+        printf("STM HMAC Init algo %x, keyLen %d\n", (unsigned int)algo,
+            (int)keyLen);
+    #endif
+    }
+    else {
+        /* restore context registers */
+        HASH->IMR = ctx->HASH_IMR;
+        HASH->STR = ctx->HASH_STR;
+        HASH->CR  = ctx->HASH_CR;
+    #ifdef STM32_HASH_SHA3
+        HASH->SHA3CFGR = ctx->SHA3CFGR;
+    #endif
+
+        /* Initialize the hash processor */
+        HASH->CR |= HASH_CR_INIT;
+
+        /* continue restoring context registers */
+        for (i = 0; i < HASH_CR_SIZE; i++) {
+            HASH->CSR[i] = ctx->HASH_CSR[i];
+        }
+
+    #ifdef DEBUG_STM32_HASH
+        printf("STM HMAC Restore CR %lx, IMR %lx, STR %lx\n",
+            HASH->CR, HASH->IMR, HASH->STR);
+    #endif
+    }
+
+    (void)keyLen;
+    (void)blockSize;
+}
+
+static void wc_Stm32_Hmac_FeedKey(const byte* key, word32 keySz)
+{
+    word32 i, blocks;
+    word32 tmp;
+
+    /* feed key words into HASH->DIN */
+    blocks = keySz / STM32_HASH_REG_SIZE;
+    for (i = 0; i < blocks; i++) {
+        XMEMCPY(&tmp, key + (i * STM32_HASH_REG_SIZE), STM32_HASH_REG_SIZE);
+        HASH->DIN = tmp;
+    }
+    /* handle remaining bytes in last partial word */
+    if (keySz % STM32_HASH_REG_SIZE) {
+        tmp = 0;
+        XMEMCPY(&tmp, key + (blocks * STM32_HASH_REG_SIZE),
+            keySz % STM32_HASH_REG_SIZE);
+        HASH->DIN = tmp;
+    }
+
+#ifdef DEBUG_STM32_HASH
+    printf("STM HMAC FeedKey %d bytes\n", (int)keySz);
+#endif
+}
+
+
+/* STM32 HMAC Exposed Functions */
+
+int wc_Stm32_Hmac_SetKey(STM32_HASH_Context* stmCtx, int macType,
+    const byte* key, word32 keySz)
+{
+    int ret;
+    word32 algo, blockSize, digestSize;
+
+    if (stmCtx == NULL || key == NULL)
+        return BAD_FUNC_ARG;
+
+    ret = wc_Stm32_Hmac_GetAlgoInfo(macType, &algo, &blockSize, &digestSize);
+    if (ret != 0)
+        return ret;
+
+#ifdef DEBUG_STM32_HASH
+    printf("STM HMAC SetKey: macType %d, keySz %d\n", macType, (int)keySz);
+#endif
+
+    /* clear context for fresh HMAC */
+    wc_Stm32_Hash_Init(stmCtx);
+
+    /* turn on hash clock */
+    STM32_HASH_CLOCK_ENABLE(stmCtx);
+
+    /* initialize hardware for HMAC mode */
+    wc_Stm32_Hmac_RestoreContext(stmCtx, algo, keySz, blockSize);
+
+    /* Phase 1: Feed key into HASH->DIN */
+    wc_Stm32_Hmac_FeedKey(key, keySz);
+
+    /* set number of valid bits in last word and trigger DCAL */
+    wc_Stm32_Hash_NumValidBits(keySz);
+    HASH->STR |= HASH_STR_DCAL;
+
+    /* wait for data input ready (phase 1 complete) */
+    ret = wc_Stm32_Hash_WaitDataReady(stmCtx);
+
+    if (ret == 0) {
+        /* save context for context switching */
+        wc_Stm32_Hash_SaveContext(stmCtx);
+    }
+
+    /* turn off hash clock */
+    STM32_HASH_CLOCK_DISABLE(stmCtx);
+
+    return ret;
+}
+
+int wc_Stm32_Hmac_Update(STM32_HASH_Context* stmCtx, int macType,
+    const byte* data, word32 len)
+{
+    int ret;
+    word32 algo, blockSize, digestSize;
+
+    if (stmCtx == NULL || (data == NULL && len > 0))
+        return BAD_FUNC_ARG;
+    if (len == 0)
+        return 0;
+
+    ret = wc_Stm32_Hmac_GetAlgoInfo(macType, &algo, &blockSize, &digestSize);
+    if (ret != 0)
+        return ret;
+
+#ifdef DEBUG_STM32_HASH
+    printf("STM HMAC Update: macType %d, len %d\n", macType, (int)len);
+#endif
+
+    /* Reuse Hash_Update - the saved context CR already contains
+     * HASH_ALGOMODE_HMAC, so RestoreContext will preserve HMAC mode */
+    ret = wc_Stm32_Hash_Update(stmCtx, algo, data, len, blockSize);
+
+    return ret;
+}
+
+int wc_Stm32_Hmac_Final(STM32_HASH_Context* stmCtx, int macType,
+    const byte* key, word32 keySz, byte* hash)
+{
+    int ret;
+    word32 algo, blockSize, digestSize;
+
+    if (stmCtx == NULL || key == NULL || hash == NULL)
+        return BAD_FUNC_ARG;
+
+    ret = wc_Stm32_Hmac_GetAlgoInfo(macType, &algo, &blockSize, &digestSize);
+    if (ret != 0)
+        return ret;
+
+#ifdef DEBUG_STM32_HASH
+    printf("STM HMAC Final: macType %d, keySz %d, buffLen %d, fifoBytes %d\n",
+        macType, (int)keySz, (int)stmCtx->buffLen, (int)stmCtx->fifoBytes);
+#endif
+
+    /* turn on hash clock */
+    STM32_HASH_CLOCK_ENABLE(stmCtx);
+
+    /* restore HMAC context */
+    wc_Stm32_Hash_RestoreContext(stmCtx, algo);
+
+    /* finish reading any trailing bytes into FIFO */
+    if (stmCtx->buffLen > 0) {
+        wc_Stm32_Hash_Data(stmCtx, stmCtx->buffLen);
+    }
+
+    /* Phase 2 complete: set valid bits and trigger DCAL */
+    wc_Stm32_Hash_NumValidBits(stmCtx->loLen + stmCtx->buffLen);
+    HASH->STR |= HASH_STR_DCAL;
+
+    /* wait for data input ready (phase 2 complete, ready for phase 3) */
+    ret = wc_Stm32_Hash_WaitDataReady(stmCtx);
+    if (ret != 0) {
+        STM32_HASH_CLOCK_DISABLE(stmCtx);
+        return ret;
+    }
+
+    /* Phase 3: Feed key again into HASH->DIN */
+    wc_Stm32_Hmac_FeedKey(key, keySz);
+
+    /* set valid bits for key and trigger DCAL */
+    wc_Stm32_Hash_NumValidBits(keySz);
+    HASH->STR |= HASH_STR_DCAL;
+
+    /* wait for hash done (digest computation complete) */
+    ret = wc_Stm32_Hash_WaitCalcComp(stmCtx);
+    if (ret == 0) {
+        /* read message digest */
+        wc_Stm32_Hash_GetDigest(hash, digestSize);
+    }
+
+    /* turn off hash clock */
+    STM32_HASH_CLOCK_DISABLE(stmCtx);
+
+    return ret;
+}
+
+#endif /* STM32_HMAC && !NO_HMAC */
+
 #endif /* STM32_HASH */