diff --git a/IDE/STM32Cube/README.md b/IDE/STM32Cube/README.md index 7268d81f8..7a7125cd6 100644 --- a/IDE/STM32Cube/README.md +++ b/IDE/STM32Cube/README.md @@ -37,6 +37,9 @@ You need both the STM32 IDE and the STM32 initialization code generator (STM32Cu 8. The Benchmark example uses float. To enable go to "Project Properties" -> "C/C++ Build" -> "Settings" -> "Tool Settings" -> "MCU Settings" -> Check "Use float with printf". 9. To enable printf make the `main.c` changes below in the [STM32 Printf](#stm32-printf) section. + +**Note:** The STM32MP13 will likely require you to use DDR RAM, as well as enabling MMU and caches for optimum performance. Please see the `STM32MP13.md` file in `wolfcrypt/src/port/st` for more information on how to do this. + ### Creating your own STM32CubeMX configuration If none of the examples fit your STM32 type then you can create your own in STM32CubeMX by doing the following: @@ -90,10 +93,11 @@ The section for "Hardware platform" may need to be adjusted depending on your pr * To enable STM32WL support define `WOLFSSL_STM32WL`. * To enable STM32U5 support define `WOLFSSL_STM32U5`. * To enable STM32H5 support define `WOLFSSL_STM32H5`. +* To enable STM32MP13 support define `WOLFSSL_STM32MP13`. To use the STM32 Cube HAL support make sure `WOLFSSL_STM32_CUBEMX` is defined. -The PKA acceleration for ECC is available on some U5, L5 and WB55 chips. +The PKA acceleration for ECC is available on some U5, L5, WB55 and MP13 chips. This is enabled with `WOLFSSL_STM32_PKA`. You can see some of the benchmarks [here](STM32_Benchmarks.md). To disable hardware crypto acceleration you can define: diff --git a/IDE/STM32Cube/default_conf.ftl b/IDE/STM32Cube/default_conf.ftl index 3c77d687d..73ddbd2dd 100644 --- a/IDE/STM32Cube/default_conf.ftl +++ b/IDE/STM32Cube/default_conf.ftl @@ -165,14 +165,22 @@ extern ${variable.value} ${variable.name}; #define HAL_CONSOLE_UART huart3 #define STM32_HAL_V2 #undef NO_STM32_HASH - +#elif defined(STM32MP135Fxx) + #define WOLFSSL_STM32MP13 + #define HAL_CONSOLE_UART huart4 + #define STM32_HAL_V2 + #undef NO_STM32_HASH + #undef NO_STM32_CRYPTO + #define WOLFSSL_STM32_PKA + #define WOLFSSL_STM32_PKA_V2 #else #warning Please define a hardware platform! /* This means there is not a pre-defined platform for your board/CPU */ /* You need to define a CPU type, HW crypto and debug UART */ /* CPU Type: WOLFSSL_STM32F1, WOLFSSL_STM32F2, WOLFSSL_STM32F4, WOLFSSL_STM32F7, WOLFSSL_STM32H7, WOLFSSL_STM32L4, WOLFSSL_STM32L5, - WOLFSSL_STM32G0, WOLFSSL_STM32G4, WOLFSSL_STM32WB and WOLFSSL_STM32U5 */ + WOLFSSL_STM32G0, WOLFSSL_STM32G4, WOLFSSL_STM32WB, WOLFSSL_STM32U5 and + WOLFSSL_STM32MP13 */ #define WOLFSSL_STM32F4 /* Debug UART used for printf */ diff --git a/IDE/STM32Cube/wolfssl_example.c b/IDE/STM32Cube/wolfssl_example.c index be6195a60..b6d76b3a7 100644 --- a/IDE/STM32Cube/wolfssl_example.c +++ b/IDE/STM32Cube/wolfssl_example.c @@ -1759,6 +1759,7 @@ static int tls13_uart_client(void) if (wolfSSL_UseKeyShare(ssl, WOLFSSL_KYBER_LEVEL1) != WOLFSSL_SUCCESS) { printf("wolfSSL_UseKeyShare Error!!"); } +#endif #endif do { diff --git a/configure.ac b/configure.ac index ff9b61de2..218b1659b 100644 --- a/configure.ac +++ b/configure.ac @@ -8261,10 +8261,12 @@ if test "$ENABLED_SP_RSA" = "yes" || test "$ENABLED_SP_DH" = "yes"; then case $host_cpu in *x86_64* | *aarch64* | *amd64*) - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_LARGE_CODE" - ;; + if test "$ENABLED_SP_SMALL" = "no"; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_LARGE_CODE" + fi + ;; *) - ;; + ;; esac fi if test "$ENABLED_ECC" != "no" && test "$ENABLED_SP_ECC" = "yes"; then diff --git a/wolfcrypt/src/port/st/stm32.c b/wolfcrypt/src/port/st/stm32.c index 4f8d651ed..aedef554c 100644 --- a/wolfcrypt/src/port/st/stm32.c +++ b/wolfcrypt/src/port/st/stm32.c @@ -137,6 +137,9 @@ static void wc_Stm32_Hash_SaveContext(STM32_HASH_Context* ctx) ctx->HASH_IMR = HASH->IMR; ctx->HASH_STR = HASH->STR; ctx->HASH_CR = HASH->CR; +#ifdef STM32_HASH_SHA3 + ctx->SHA3CFGR = HASH->SHA3CFGR; +#endif for (i=0; iHASH_CSR[i] = HASH->CSR[i]; } @@ -184,6 +187,9 @@ static void wc_Stm32_Hash_RestoreContext(STM32_HASH_Context* ctx, int algo) HASH->IMR = ctx->HASH_IMR; HASH->STR = ctx->HASH_STR; HASH->CR = ctx->HASH_CR; +#ifdef STM32_HASH_SHA3 + HASH->SHA3CFGR = ctx->SHA3CFGR; +#endif /* Initialize the hash processor */ HASH->CR |= HASH_CR_INIT; @@ -329,11 +335,11 @@ int wc_Stm32_Hash_Update(STM32_HASH_Context* stmCtx, word32 algo, while (len) { word32 add; - /* fill the FIFO plus one additional to flush the block */ - chunkSz = ((STM32_HASH_FIFO_SIZE + 1) * STM32_HASH_REG_SIZE); - /* account for extra bytes in the FIFO (use mask 0x3F to get remain) */ - chunkSz -= (stmCtx->fifoBytes & - ((STM32_HASH_FIFO_SIZE * STM32_HASH_REG_SIZE)-1)); + chunkSz = blockSize; + /* fill the FIFO plus one additional to flush the first block */ + if (!stmCtx->fifoBytes) { + chunkSz += STM32_HASH_REG_SIZE; + } add = min(len, chunkSz - stmCtx->buffLen); XMEMCPY(&local[stmCtx->buffLen], data, add); diff --git a/wolfcrypt/src/sha3.c b/wolfcrypt/src/sha3.c index c40afbd90..f6b8c2f03 100644 --- a/wolfcrypt/src/sha3.c +++ b/wolfcrypt/src/sha3.c @@ -299,7 +299,7 @@ void BlockSha3(word64* s) */ #define ROTL64(a, n) (((a)<<(n))|((a)>>(64-(n)))) - +#if !defined(STM32_HASH_SHA3) /* An array of values to XOR for block operation. */ static const word64 hash_keccak_r[24] = { @@ -316,6 +316,7 @@ static const word64 hash_keccak_r[24] = W64LIT(0x8000000080008081), W64LIT(0x8000000000008080), W64LIT(0x0000000080000001), W64LIT(0x8000000080008008) }; +#endif /* Indices used in swap and rotate operation. */ #define KI_0 6 @@ -533,6 +534,7 @@ do { \ while (0) #endif /* SHA3_BY_SPEC */ +#if !defined(STM32_HASH_SHA3) /* The block operation performed on the state. * * s The state. @@ -562,8 +564,10 @@ void BlockSha3(word64* s) } } #endif /* WOLFSSL_SHA3_SMALL */ +#endif /* STM32_HASH_SHA3 */ #endif /* !WOLFSSL_ARMASM && !WOLFSSL_RISCV_ASM */ +#if !defined(STM32_HASH_SHA3) static WC_INLINE word64 Load64Unaligned(const unsigned char *a) { return ((word64)a[0] << 0) | @@ -617,6 +621,7 @@ static word64 Load64BitBigEndian(const byte* a) * sha3 wc_Sha3 object holding state. * returns 0 on success. */ + static int InitSha3(wc_Sha3* sha3) { int i; @@ -797,6 +802,84 @@ static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, word32 l) return 0; } +#endif +#if defined(STM32_HASH_SHA3) + + /* Supports CubeMX HAL or Standard Peripheral Library */ + + static int wc_InitSha3(wc_Sha3* sha3, void* heap, int devId) + { + if (sha3 == NULL) + return BAD_FUNC_ARG; + + (void)devId; + (void)heap; + + XMEMSET(sha3, 0, sizeof(wc_Sha3)); + wc_Stm32_Hash_Init(&sha3->stmCtx); + return 0; + } + + static int Stm32GetAlgo(byte p) + { + switch(p) { + case WC_SHA3_224_COUNT: + return HASH_ALGOSELECTION_SHA3_224; + case WC_SHA3_256_COUNT: + return HASH_ALGOSELECTION_SHA3_256; + case WC_SHA3_384_COUNT: + return HASH_ALGOSELECTION_SHA3_384; + case WC_SHA3_512_COUNT: + return HASH_ALGOSELECTION_SHA3_512; + } + /* Should never get here */ + return WC_SHA3_224_COUNT; + } + + static int wc_Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p) + { + int ret = 0; + + if (sha3 == NULL) { + return BAD_FUNC_ARG; + } + if (data == NULL && len == 0) { + /* valid, but do nothing */ + return 0; + } + if (data == NULL) { + return BAD_FUNC_ARG; + } + + ret = wolfSSL_CryptHwMutexLock(); + if (ret == 0) { + ret = wc_Stm32_Hash_Update(&sha3->stmCtx, + Stm32GetAlgo(p), data, len, p * 8); + wolfSSL_CryptHwMutexUnLock(); + } + return ret; + } + + static int wc_Sha3Final(wc_Sha3* sha3, byte* hash, byte p, byte len) + { + int ret = 0; + + if (sha3 == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + + ret = wolfSSL_CryptHwMutexLock(); + if (ret == 0) { + ret = wc_Stm32_Hash_Final(&sha3->stmCtx, + Stm32GetAlgo(p), hash, len); + wolfSSL_CryptHwMutexUnLock(); + } + + (void)wc_InitSha3(sha3, NULL, 0); /* reset state */ + + return ret; + } +#else /* Initialize the state for a SHA-3 hash operation. * @@ -944,7 +1027,7 @@ static int wc_Sha3Final(wc_Sha3* sha3, byte* hash, byte p, byte len) return InitSha3(sha3); /* reset state */ } - +#endif /* Dispose of any dynamically allocated data from the SHA3-384 operation. * (Required for async ops.) * diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c index 7f3e745c6..16c3c0f20 100644 --- a/wolfcrypt/src/sha512.c +++ b/wolfcrypt/src/sha512.c @@ -219,6 +219,66 @@ { se050_hash_free(&sha512->se050Ctx); } +#elif defined(STM32_HASH_SHA512) + + /* Supports CubeMX HAL or Standard Peripheral Library */ + + int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId) + { + if (sha512 == NULL) + return BAD_FUNC_ARG; + + (void)devId; + (void)heap; + + XMEMSET(sha512, 0, sizeof(wc_Sha512)); + wc_Stm32_Hash_Init(&sha512->stmCtx); + return 0; + } + + int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len) + { + int ret = 0; + + if (sha512 == NULL) { + return BAD_FUNC_ARG; + } + if (data == NULL && len == 0) { + /* valid, but do nothing */ + return 0; + } + if (data == NULL) { + return BAD_FUNC_ARG; + } + + ret = wolfSSL_CryptHwMutexLock(); + if (ret == 0) { + ret = wc_Stm32_Hash_Update(&sha512->stmCtx, + HASH_ALGOSELECTION_SHA512, data, len, WC_SHA512_BLOCK_SIZE); + wolfSSL_CryptHwMutexUnLock(); + } + return ret; + } + + int wc_Sha512Final(wc_Sha512* sha512, byte* hash) + { + int ret = 0; + + if (sha512 == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + + ret = wolfSSL_CryptHwMutexLock(); + if (ret == 0) { + ret = wc_Stm32_Hash_Final(&sha512->stmCtx, + HASH_ALGOSELECTION_SHA512, hash, WC_SHA512_DIGEST_SIZE); + wolfSSL_CryptHwMutexUnLock(); + } + + (void)wc_InitSha512(sha512); /* reset state */ + + return ret; + } #else @@ -1174,7 +1234,7 @@ int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len) #elif defined(MAX3266X_SHA) /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */ - +#elif defined(STM32_HASH_SHA512) #else static WC_INLINE int Sha512Final(wc_Sha512* sha512) @@ -1337,7 +1397,7 @@ static WC_INLINE int Sha512Final(wc_Sha512* sha512) #elif defined(MAX3266X_SHA) /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */ - +#elif defined(STM32_HASH_SHA512) #else static int Sha512FinalRaw(wc_Sha512* sha512, byte* hash, size_t digestSz) @@ -1407,10 +1467,12 @@ static int Sha512_Family_Final(wc_Sha512* sha512, byte* hash, size_t digestSz, return initfp(sha512); } +#ifndef STM32_HASH_SHA512 int wc_Sha512Final(wc_Sha512* sha512, byte* hash) { return Sha512_Family_Final(sha512, hash, WC_SHA512_DIGEST_SIZE, InitSha512); } +#endif #endif /* WOLFSSL_KCAPI_HASH */ @@ -1592,6 +1654,64 @@ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data) #elif defined(MAX3266X_SHA) /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */ +#elif defined(STM32_HASH_SHA384) + + int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId) + { + if (sha384 == NULL) + return BAD_FUNC_ARG; + + (void)devId; + (void)heap; + + XMEMSET(sha384, 0, sizeof(wc_Sha384)); + wc_Stm32_Hash_Init(&sha384->stmCtx); + return 0; + } + + int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len) + { + int ret = 0; + + if (sha384 == NULL) { + return BAD_FUNC_ARG; + } + if (data == NULL && len == 0) { + /* valid, but do nothing */ + return 0; + } + if (data == NULL) { + return BAD_FUNC_ARG; + } + + ret = wolfSSL_CryptHwMutexLock(); + if (ret == 0) { + ret = wc_Stm32_Hash_Update(&sha384->stmCtx, + HASH_ALGOSELECTION_SHA384, data, len, WC_SHA384_BLOCK_SIZE); + wolfSSL_CryptHwMutexUnLock(); + } + return ret; + } + + int wc_Sha384Final(wc_Sha384* sha384, byte* hash) + { + int ret = 0; + + if (sha384 == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + + ret = wolfSSL_CryptHwMutexLock(); + if (ret == 0) { + ret = wc_Stm32_Hash_Final(&sha384->stmCtx, + HASH_ALGOSELECTION_SHA384, hash, WC_SHA384_DIGEST_SIZE); + wolfSSL_CryptHwMutexUnLock(); + } + + (void)wc_InitSha384(sha384); /* reset state */ + + return ret; + } #else @@ -2011,17 +2131,75 @@ int wc_Sha512GetFlags(wc_Sha512* sha512, word32* flags) #if !defined(WOLFSSL_NOSHA512_224) && \ (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) +#if defined(STM32_HASH_SHA512_224) +int wc_InitSha512_224_ex(wc_Sha512* sha512, void* heap, int devId) +{ + if (sha512 == NULL) + return BAD_FUNC_ARG; + + (void)devId; + (void)heap; + + XMEMSET(sha512, 0, sizeof(wc_Sha512)); + wc_Stm32_Hash_Init(&sha512->stmCtx); + return 0; +} + +int wc_Sha512_224Update(wc_Sha512* sha512, const byte* data, word32 len) +{ + int ret = 0; + + if (sha512 == NULL) { + return BAD_FUNC_ARG; + } + if (data == NULL && len == 0) { + /* valid, but do nothing */ + return 0; + } + if (data == NULL) { + return BAD_FUNC_ARG; + } + + ret = wolfSSL_CryptHwMutexLock(); + if (ret == 0) { + ret = wc_Stm32_Hash_Update(&sha512->stmCtx, + HASH_ALGOSELECTION_SHA512_224, data, len, WC_SHA512_224_BLOCK_SIZE); + wolfSSL_CryptHwMutexUnLock(); + } + return ret; +} + +int wc_Sha512_224Final(wc_Sha512* sha512, byte* hash) +{ + int ret = 0; + + if (sha512 == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + + ret = wolfSSL_CryptHwMutexLock(); + if (ret == 0) { + ret = wc_Stm32_Hash_Final(&sha512->stmCtx, + HASH_ALGOSELECTION_SHA512_224, hash, WC_SHA512_224_DIGEST_SIZE); + wolfSSL_CryptHwMutexUnLock(); + } + + (void)wc_InitSha512_224(sha512); /* reset state */ + + return ret; +} +#endif int wc_InitSha512_224(wc_Sha512* sha) { return wc_InitSha512_224_ex(sha, NULL, INVALID_DEVID); } - +#if !defined(STM32_HASH_SHA512_224) int wc_Sha512_224Update(wc_Sha512* sha, const byte* data, word32 len) { return wc_Sha512Update(sha, data, len); } - +#endif #if defined(WOLFSSL_KCAPI_HASH) /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */ #elif defined(WOLFSSL_RENESAS_RSIP) && \ @@ -2029,6 +2207,7 @@ int wc_Sha512_224Update(wc_Sha512* sha, const byte* data, word32 len) /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */ #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) +#elif defined(STM32_HASH_SHA512_224) #else int wc_Sha512_224FinalRaw(wc_Sha512* sha, byte* hash) @@ -2091,16 +2270,75 @@ int wc_Sha512_224Transform(wc_Sha512* sha, const unsigned char* data) #if !defined(WOLFSSL_NOSHA512_256) && \ (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) +#if defined(STM32_HASH_SHA512_256) + int wc_InitSha512_256_ex(wc_Sha512* sha512, void* heap, int devId) + { + if (sha512 == NULL) + return BAD_FUNC_ARG; + + (void)devId; + (void)heap; + + XMEMSET(sha512, 0, sizeof(wc_Sha512)); + wc_Stm32_Hash_Init(&sha512->stmCtx); + return 0; + } + + int wc_Sha512_256Update(wc_Sha512* sha512, const byte* data, word32 len) + { + int ret = 0; + + if (sha512 == NULL) { + return BAD_FUNC_ARG; + } + if (data == NULL && len == 0) { + /* valid, but do nothing */ + return 0; + } + if (data == NULL) { + return BAD_FUNC_ARG; + } + + ret = wolfSSL_CryptHwMutexLock(); + if (ret == 0) { + ret = wc_Stm32_Hash_Update(&sha512->stmCtx, + HASH_ALGOSELECTION_SHA512_256, data, len, WC_SHA512_256_BLOCK_SIZE); + wolfSSL_CryptHwMutexUnLock(); + } + return ret; + } + + int wc_Sha512_256Final(wc_Sha512* sha512, byte* hash) + { + int ret = 0; + + if (sha512 == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + + ret = wolfSSL_CryptHwMutexLock(); + if (ret == 0) { + ret = wc_Stm32_Hash_Final(&sha512->stmCtx, + HASH_ALGOSELECTION_SHA512_256, hash, WC_SHA512_256_DIGEST_SIZE); + wolfSSL_CryptHwMutexUnLock(); + } + + (void)wc_InitSha512_256(sha512); /* reset state */ + + return ret; + } +#endif int wc_InitSha512_256(wc_Sha512* sha) { return wc_InitSha512_256_ex(sha, NULL, INVALID_DEVID); } - +#if !defined(STM32_HASH_SHA512_256) int wc_Sha512_256Update(wc_Sha512* sha, const byte* data, word32 len) { return wc_Sha512Update(sha, data, len); } +#endif #if defined(WOLFSSL_KCAPI_HASH) /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */ #elif defined(WOLFSSL_RENESAS_RSIP) && \ @@ -2108,7 +2346,7 @@ int wc_Sha512_256Update(wc_Sha512* sha, const byte* data, word32 len) /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */ #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) - +#elif defined(STM32_HASH_SHA512_256) #else int wc_Sha512_256FinalRaw(wc_Sha512* sha, byte* hash) { @@ -2176,6 +2414,7 @@ int wc_Sha512_256Transform(wc_Sha512* sha, const unsigned char* data) /* functions defined in wolfcrypt/src/port/renesas/renesas_fspsm_sha.c */ #elif defined(MAX3266X_SHA) /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */ + #else int wc_Sha384GetHash(wc_Sha384* sha384, byte* hash) diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c index 59d2694ff..529e540dd 100644 --- a/wolfcrypt/src/sp_int.c +++ b/wolfcrypt/src/sp_int.c @@ -5087,52 +5087,6 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct); static void _sp_mont_setup(const sp_int* m, sp_int_digit* rho); #endif -/* Determine when mp_add_d is required. */ -#if !defined(NO_PWDBASED) || defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || \ - !defined(NO_DSA) || defined(HAVE_ECC) || \ - (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ - defined(OPENSSL_EXTRA) -#define WOLFSSL_SP_ADD_D -#endif -/* Determine when mp_sub_d is required. */ -#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ - !defined(NO_DH) || defined(HAVE_ECC) || !defined(NO_DSA) -#define WOLFSSL_SP_SUB_D -#endif -/* Determine when mp_read_radix with a radix of 10 is required. */ -#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \ - !defined(WOLFSSL_RSA_VERIFY_ONLY)) || defined(HAVE_ECC) || \ - !defined(NO_DSA) || defined(OPENSSL_EXTRA) -#define WOLFSSL_SP_READ_RADIX_16 -#endif -/* Determine when mp_read_radix with a radix of 10 is required. */ -#if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \ - !defined(WOLFSSL_RSA_VERIFY_ONLY) -#define WOLFSSL_SP_READ_RADIX_10 -#endif -/* Determine when mp_invmod is required. */ -#if defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA) || \ - (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ - !defined(WOLFSSL_RSA_PUBLIC_ONLY)) -#define WOLFSSL_SP_INVMOD -#endif -/* Determine when mp_invmod_mont_ct is required. */ -#if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC) -#define WOLFSSL_SP_INVMOD_MONT_CT -#endif - -/* Determine when mp_prime_gen is required. */ -#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ - !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH) || \ - (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)) -#define WOLFSSL_SP_PRIME_GEN -#endif - -#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ - (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || defined(OPENSSL_EXTRA) -/* Determine when mp_mul_d is required */ -#define WOLFSSL_SP_MUL_D -#endif /* Set the multi-precision number to zero. * @@ -14058,7 +14012,8 @@ int sp_exptmod_ex(const sp_int* b, const sp_int* e, int digits, const sp_int* m, if ((!done) && (err == MP_OKAY)) { /* Use code optimized for specific sizes if possible */ #if (defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \ - (defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH)) + ((defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \ + defined(WOLFSSL_HAVE_SP_DH)) #ifndef WOLFSSL_SP_NO_2048 if ((mBits == 1024) && sp_isodd(m) && (bBits <= 1024) && (eBits <= 1024)) { diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index cfc618afa..b137df6b8 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -13753,11 +13753,12 @@ static wc_test_ret_t aes_direct_test(Aes* enc, Aes* dec, byte* cipher, byte* pla ERROR_OUT(WC_TEST_RET_ENC_NC, out); #endif /* HAVE_AES_DECRYPT */ } - (void)dec; - (void)plain; -#endif /* WOLFSSL_AES_256 */ - out: +#endif /* WOLFSSL_AES_256 */ + (void)enc; + (void)dec; + (void)cipher; + (void)plain; return ret; } #endif /* WOLFSSL_AES_DIRECT */ @@ -24986,7 +24987,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void) #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2) /* Expect failure with MD5 + HMAC when using FIPS 140-3. */ - if (HMAC(EVP_md5(), "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen, + if (wolfSSL_HMAC(wolfSSL_EVP_md5(), "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen, hash, 0) != NULL) #else if (wolfSSL_HMAC(wolfSSL_EVP_md5(), "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen, @@ -54765,7 +54766,7 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng) mp_digit rho; int size; #endif -#if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) +#ifdef WOLFSSL_SP_PRIME_GEN int result; #endif #if (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || \ @@ -55463,7 +55464,7 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng) return WC_TEST_RET_ENC_EC(ret); #endif -#if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) +#ifdef WOLFSSL_SP_PRIME_GEN ret = mp_prime_is_prime(NULL, 1, NULL); if (ret != WC_NO_ERR_TRACE(MP_VAL)) return WC_TEST_RET_ENC_EC(ret); diff --git a/wolfssl/openssl/x509.h b/wolfssl/openssl/x509.h index 1ba7d4ae2..f2bfb1b56 100644 --- a/wolfssl/openssl/x509.h +++ b/wolfssl/openssl/x509.h @@ -109,126 +109,109 @@ #define XN_FLAG_MULTILINE WOLFSSL_XN_FLAG_MULTILINE #define XN_FLAG_ONELINE WOLFSSL_XN_FLAG_ONELINE +#define X509_V_ERR_UNABLE_TO_GET_CRL WOLFSSL_X509_V_ERR_UNABLE_TO_GET_CRL +#define X509_V_ERR_CRL_HAS_EXPIRED WOLFSSL_X509_V_ERR_CRL_HAS_EXPIRED + /* - * All of these aren't actually used in wolfSSL. Some are included to - * satisfy OpenSSL compatibility consumers to prevent compilation errors. - * The list was taken from - * https://github.com/openssl/openssl/blob/master/include/openssl/x509_vfy.h.in - * One requirement for HAProxy is that the values should be literal constants. + * Not all of these X509_V_ERR values are used in wolfSSL. Some are included to + * satisfy OpenSSL compatibility compilation errors. + * For HAProxy the values should be literal constants. */ -#define X509_V_OK 0 -#define X509_V_ERR_UNSPECIFIED 1 -#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 -#define X509_V_ERR_UNABLE_TO_GET_CRL WOLFSSL_X509_V_ERR_UNABLE_TO_GET_CRL -#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 -#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5 -#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 -#define X509_V_ERR_CERT_SIGNATURE_FAILURE 7 -#define X509_V_ERR_CRL_SIGNATURE_FAILURE 8 -#define X509_V_ERR_CERT_NOT_YET_VALID 9 -#define X509_V_ERR_CERT_HAS_EXPIRED 10 -#define X509_V_ERR_CRL_NOT_YET_VALID 11 -#define X509_V_ERR_CRL_HAS_EXPIRED WOLFSSL_X509_V_ERR_CRL_HAS_EXPIRED -#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13 -#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14 -#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15 -#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16 -#define X509_V_ERR_OUT_OF_MEM 17 -#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18 -#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19 -#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20 -#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 -#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 -#define X509_V_ERR_CERT_REVOKED 23 -#define X509_V_ERR_NO_ISSUER_PUBLIC_KEY 24 -#define X509_V_ERR_PATH_LENGTH_EXCEEDED 25 -#define X509_V_ERR_INVALID_PURPOSE 26 -#define X509_V_ERR_CERT_UNTRUSTED 27 -#define X509_V_ERR_CERT_REJECTED 28 - -/* These are 'informational' when looking for issuer cert */ -#define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29 -#define X509_V_ERR_AKID_SKID_MISMATCH 30 -#define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 -#define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 -#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 -#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 -#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 -#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 -#define X509_V_ERR_INVALID_NON_CA 37 -#define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 -#define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 -#define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 -#define X509_V_ERR_INVALID_EXTENSION 41 -#define X509_V_ERR_INVALID_POLICY_EXTENSION 42 -#define X509_V_ERR_NO_EXPLICIT_POLICY 43 -#define X509_V_ERR_DIFFERENT_CRL_SCOPE 44 -#define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45 -#define X509_V_ERR_UNNESTED_RESOURCE 46 -#define X509_V_ERR_PERMITTED_VIOLATION 47 -#define X509_V_ERR_EXCLUDED_VIOLATION 48 -#define X509_V_ERR_SUBTREE_MINMAX 49 -/* The application is not happy */ -#define X509_V_ERR_APPLICATION_VERIFICATION 50 -#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51 -#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 -#define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 -#define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54 -/* Another issuer check debug option */ -#define X509_V_ERR_PATH_LOOP 55 -/* Suite B mode algorithm violation */ -#define X509_V_ERR_SUITE_B_INVALID_VERSION 56 -#define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57 -#define X509_V_ERR_SUITE_B_INVALID_CURVE 58 -#define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59 -#define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60 +#define X509_V_OK 0 +#define X509_V_ERR_UNSPECIFIED 1 +#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 +#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 +#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5 +#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 +#define X509_V_ERR_CERT_SIGNATURE_FAILURE 7 +#define X509_V_ERR_CRL_SIGNATURE_FAILURE 8 +#define X509_V_ERR_CERT_NOT_YET_VALID 9 +#define X509_V_ERR_CERT_HAS_EXPIRED 10 +#define X509_V_ERR_CRL_NOT_YET_VALID 11 +#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13 +#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14 +#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15 +#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16 +#define X509_V_ERR_OUT_OF_MEM 17 +#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18 +#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19 +#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20 +#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 +#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 +#define X509_V_ERR_CERT_REVOKED 23 +#define X509_V_ERR_NO_ISSUER_PUBLIC_KEY 24 +#define X509_V_ERR_PATH_LENGTH_EXCEEDED 25 +#define X509_V_ERR_INVALID_PURPOSE 26 +#define X509_V_ERR_CERT_UNTRUSTED 27 +#define X509_V_ERR_CERT_REJECTED 28 +#define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29 +#define X509_V_ERR_AKID_SKID_MISMATCH 30 +#define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 +#define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 +#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 +#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 +#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 +#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 +#define X509_V_ERR_INVALID_NON_CA 37 +#define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 +#define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 +#define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 +#define X509_V_ERR_INVALID_EXTENSION 41 +#define X509_V_ERR_INVALID_POLICY_EXTENSION 42 +#define X509_V_ERR_NO_EXPLICIT_POLICY 43 +#define X509_V_ERR_DIFFERENT_CRL_SCOPE 44 +#define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45 +#define X509_V_ERR_UNNESTED_RESOURCE 46 +#define X509_V_ERR_PERMITTED_VIOLATION 47 +#define X509_V_ERR_EXCLUDED_VIOLATION 48 +#define X509_V_ERR_SUBTREE_MINMAX 49 +#define X509_V_ERR_APPLICATION_VERIFICATION 50 +#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51 +#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 +#define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 +#define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54 +#define X509_V_ERR_PATH_LOOP 55 +#define X509_V_ERR_SUITE_B_INVALID_VERSION 56 +#define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57 +#define X509_V_ERR_SUITE_B_INVALID_CURVE 58 +#define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59 +#define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60 #define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61 -/* Host, email and IP check errors */ -#define X509_V_ERR_HOSTNAME_MISMATCH 62 -#define X509_V_ERR_EMAIL_MISMATCH 63 -#define X509_V_ERR_IP_ADDRESS_MISMATCH 64 -/* DANE TLSA errors */ -#define X509_V_ERR_DANE_NO_MATCH 65 -/* security level errors */ -#define X509_V_ERR_EE_KEY_TOO_SMALL 66 -#define X509_V_ERR_CA_KEY_TOO_SMALL 67 -#define X509_V_ERR_CA_MD_TOO_WEAK 68 -/* Caller error */ -#define X509_V_ERR_INVALID_CALL 69 -/* Issuer lookup error */ -#define X509_V_ERR_STORE_LOOKUP 70 -/* Certificate transparency */ -#define X509_V_ERR_NO_VALID_SCTS 71 - -#define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 72 -/* OCSP status errors */ -#define X509_V_ERR_OCSP_VERIFY_NEEDED 73 -#define X509_V_ERR_OCSP_VERIFY_FAILED 74 -#define X509_V_ERR_OCSP_CERT_UNKNOWN 75 - -#define X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM 76 -#define X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH 77 - -/* Errors in case a check in X509_V_FLAG_X509_STRICT mode fails */ -#define X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY 78 -#define X509_V_ERR_INVALID_CA 79 -#define X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA 80 -#define X509_V_ERR_PATHLEN_WITHOUT_KU_KEY_CERT_SIGN 81 -#define X509_V_ERR_KU_KEY_CERT_SIGN_INVALID_FOR_NON_CA 82 -#define X509_V_ERR_ISSUER_NAME_EMPTY 83 -#define X509_V_ERR_SUBJECT_NAME_EMPTY 84 -#define X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIER 85 -#define X509_V_ERR_MISSING_SUBJECT_KEY_IDENTIFIER 86 -#define X509_V_ERR_EMPTY_SUBJECT_ALT_NAME 87 -#define X509_V_ERR_EMPTY_SUBJECT_SAN_NOT_CRITICAL 88 -#define X509_V_ERR_CA_BCONS_NOT_CRITICAL 89 -#define X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL 90 -#define X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL 91 -#define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE 92 -#define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3 93 -#define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS 94 -#define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 +#define X509_V_ERR_HOSTNAME_MISMATCH 62 +#define X509_V_ERR_EMAIL_MISMATCH 63 +#define X509_V_ERR_IP_ADDRESS_MISMATCH 64 +#define X509_V_ERR_DANE_NO_MATCH 65 +#define X509_V_ERR_EE_KEY_TOO_SMALL 66 +#define X509_V_ERR_CA_KEY_TOO_SMALL 67 +#define X509_V_ERR_CA_MD_TOO_WEAK 68 +#define X509_V_ERR_INVALID_CALL 69 +#define X509_V_ERR_STORE_LOOKUP 70 +#define X509_V_ERR_NO_VALID_SCTS 71 +#define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 72 +#define X509_V_ERR_OCSP_VERIFY_NEEDED 73 +#define X509_V_ERR_OCSP_VERIFY_FAILED 74 +#define X509_V_ERR_OCSP_CERT_UNKNOWN 75 +#define X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM 76 +#define X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH 77 +#define X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY 78 +#define X509_V_ERR_INVALID_CA 79 +#define X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA 80 +#define X509_V_ERR_PATHLEN_WITHOUT_KU_KEY_CERT_SIGN 81 +#define X509_V_ERR_KU_KEY_CERT_SIGN_INVALID_FOR_NON_CA 82 +#define X509_V_ERR_ISSUER_NAME_EMPTY 83 +#define X509_V_ERR_SUBJECT_NAME_EMPTY 84 +#define X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIER 85 +#define X509_V_ERR_MISSING_SUBJECT_KEY_IDENTIFIER 86 +#define X509_V_ERR_EMPTY_SUBJECT_ALT_NAME 87 +#define X509_V_ERR_EMPTY_SUBJECT_SAN_NOT_CRITICAL 88 +#define X509_V_ERR_CA_BCONS_NOT_CRITICAL 89 +#define X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL 90 +#define X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL 91 +#define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE 92 +#define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3 93 +#define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS 94 +#define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 #define X509_EXTENSION_set_critical wolfSSL_X509_EXTENSION_set_critical #define X509_EXTENSION_set_object wolfSSL_X509_EXTENSION_set_object diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 22bb89f75..8989f5204 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -117,6 +117,9 @@ #include #include #include + + #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ + FIPS_VERSION3_GE(5,2,0)) #include #include #include @@ -163,6 +166,10 @@ #include #include #include + #if defined(HAVE_FIPS_VERSION) && FIPS_VERSION3_LT(7,0,0) + /* clear conflicting name */ + #undef RSA_PKCS1_PADDING_SIZE + #endif #include #include #include @@ -173,6 +180,8 @@ #include #include #include + #endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION3_GE(5,2,0)) */ + #endif #elif (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) diff --git a/wolfssl/wolfcrypt/port/st/stm32.h b/wolfssl/wolfcrypt/port/st/stm32.h index 6b8d76186..0ff65fa7f 100644 --- a/wolfssl/wolfcrypt/port/st/stm32.h +++ b/wolfssl/wolfcrypt/port/st/stm32.h @@ -35,13 +35,20 @@ #ifdef HASH_DIGEST /* The HASH_DIGEST register indicates SHA224/SHA256 support */ #define STM32_HASH_SHA2 - #if defined(WOLFSSL_STM32H5) + #if defined(WOLFSSL_STM32H5) || defined(WOLFSSL_STM32MP13) #define HASH_CR_SIZE 103 #define HASH_MAX_DIGEST 64 /* Up to SHA512 */ #else #define HASH_CR_SIZE 54 #define HASH_MAX_DIGEST 32 #endif + #if defined(WOLFSSL_STM32MP13) + #define STM32_HASH_SHA512 + #define STM32_HASH_SHA512_224 + #define STM32_HASH_SHA512_256 + #define STM32_HASH_SHA384 + #define STM32_HASH_SHA3 + #endif #else #define HASH_CR_SIZE 50 #define HASH_MAX_DIGEST 20 @@ -69,7 +76,15 @@ /* STM32 register size in bytes */ #define STM32_HASH_REG_SIZE 4 -#define STM32_HASH_FIFO_SIZE 16 /* FIFO is 16 deep 32-bits wide */ +/* Maximum FIFO buffer is 64 bits for SHA256, 128 bits for SHA512 and 144 bits + * for SHA3 */ +#if defined(STM32_HASH_SHA3) + #define STM32_HASH_FIFO_SIZE 36 +#elif defined(STM32_HASH_SHA512) || defined(STM32_HASH_SHA384) + #define STM32_HASH_FIFO_SIZE 32 +#else + #define STM32_HASH_FIFO_SIZE 16 +#endif /* STM32 Hash Context */ typedef struct { @@ -78,6 +93,9 @@ typedef struct { uint32_t HASH_STR; uint32_t HASH_CR; uint32_t HASH_CSR[HASH_CR_SIZE]; +#ifdef STM32_HASH_SHA3 + uint32_t SHA3CFGR; +#endif /* Hash state / buffers */ word32 buffer[STM32_HASH_FIFO_SIZE+1]; /* partial word buffer */ @@ -112,7 +130,6 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo, #define HASH_AlgoSelection_MD5 HASH_ALGOSELECTION_MD5 #define HASH_AlgoSelection_SHA1 HASH_ALGOSELECTION_SHA1 #define HASH_AlgoSelection_SHA224 HASH_ALGOSELECTION_SHA224 - #define HASH_AlgoSelection_SHA256 HASH_ALGOSELECTION_SHA256 #define STM32_NOMD5 /* The HASH HAL has no MD5 implementation */ diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 1a7cf1b8b..d5459ae3b 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2835,6 +2835,58 @@ extern void uITRON4_free(void *p) ; #endif /*----------------------------------------------------------------------------*/ +/* SP Math specific options */ +/* Determine when mp_add_d is required. */ +#if !defined(NO_PWDBASED) || defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || \ + !defined(NO_DSA) || defined(HAVE_ECC) || \ + (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + defined(OPENSSL_EXTRA) + #define WOLFSSL_SP_ADD_D +#endif + +/* Determine when mp_sub_d is required. */ +#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + !defined(NO_DH) || defined(HAVE_ECC) || !defined(NO_DSA) + #define WOLFSSL_SP_SUB_D +#endif + +/* Determine when mp_read_radix with a radix of 10 is required. */ +#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \ + !defined(WOLFSSL_RSA_VERIFY_ONLY)) || defined(HAVE_ECC) || \ + !defined(NO_DSA) || defined(OPENSSL_EXTRA) + #define WOLFSSL_SP_READ_RADIX_16 +#endif + +/* Determine when mp_read_radix with a radix of 10 is required. */ +#if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \ + !defined(WOLFSSL_RSA_VERIFY_ONLY) + #define WOLFSSL_SP_READ_RADIX_10 +#endif + +/* Determine when mp_invmod is required. */ +#if defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA) || \ + (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ + !defined(WOLFSSL_RSA_PUBLIC_ONLY)) + #define WOLFSSL_SP_INVMOD +#endif + +/* Determine when mp_invmod_mont_ct is required. */ +#if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC) + #define WOLFSSL_SP_INVMOD_MONT_CT +#endif + +/* Determine when mp_prime_gen is required. */ +#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ + !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH) || \ + (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)) + #define WOLFSSL_SP_PRIME_GEN +#endif + +#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || defined(OPENSSL_EXTRA) + /* Determine when mp_mul_d is required */ + #define WOLFSSL_SP_MUL_D +#endif /* user can specify what curves they want with ECC_USER_CURVES otherwise @@ -3660,6 +3712,11 @@ extern void uITRON4_free(void *p) ; #ifndef NO_OLD_WC_NAMES #define NO_OLD_WC_NAMES #endif + #if defined(HAVE_SELFTEST) || \ + (defined(HAVE_FIPS) && FIPS_VERSION3_LT(5,0,0)) + /* old FIPS needs this remapping. */ + #define Sha3 wc_Sha3 + #endif #endif #if defined(NO_OLD_WC_NAMES) || defined(OPENSSL_EXTRA) diff --git a/wolfssl/wolfcrypt/sha3.h b/wolfssl/wolfcrypt/sha3.h index f65c41d32..5e733a10e 100644 --- a/wolfssl/wolfcrypt/sha3.h +++ b/wolfssl/wolfcrypt/sha3.h @@ -45,6 +45,10 @@ #include #endif +#ifdef STM32_HASH + #include +#endif + /* in bytes */ enum { /* SHAKE-128 */ @@ -140,6 +144,9 @@ struct wc_Sha3 { #ifdef WOLFSSL_HASH_FLAGS word32 flags; /* enum wc_HashFlags in hash.h */ #endif +#if defined(STM32_HASH_SHA3) + STM32_HASH_Context stmCtx; +#endif }; #ifndef WC_SHA3_TYPE_DEFINED diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h index e971a8df1..cfc357ff1 100644 --- a/wolfssl/wolfcrypt/sha512.h +++ b/wolfssl/wolfcrypt/sha512.h @@ -73,6 +73,10 @@ #include "fsl_caam.h" #endif +#ifdef STM32_HASH + #include +#endif + #if defined(_MSC_VER) #define SHA512_NOINLINE __declspec(noinline) #elif defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) @@ -202,6 +206,9 @@ struct wc_Sha512 { #ifdef HAVE_ARIA MC_HSESSION hSession; #endif +#if defined(STM32_HASH_SHA512) + STM32_HASH_Context stmCtx; +#endif #endif /* WOLFSSL_PSOC6_CRYPTO */ };