wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 12:42:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9185 from Pushyanth-Infineon/psoc6_sha1_sha2_sha3_support

Browse Source 
Enable hardware acceleration for SHA1, SHA384 and SHA3 algorithms on PSoC6
This commit is contained in:
David Garske
2025-10-13 13:29:52 -07:00
committed by GitHub
parent f3428295f6 b2c5eb51d8
commit e877fa747d
14 changed files with 1564 additions and 164 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
wolfcrypt/src/ecc.c
View File

@@ -232,7 +232,8 @@ ECC Curve Sizes:
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
!defined(WOLFSSL_KCAPI_ECC) && !defined(WOLFSSL_SE050) && \
!defined(WOLFSSL_XILINX_CRYPT_VERSAL) && !defined(WOLFSSL_STM32_PKA)
!defined(WOLFSSL_XILINX_CRYPT_VERSAL) && !defined(WOLFSSL_STM32_PKA) && \
!defined(WOLFSSL_PSOC6_CRYPTO)
#undef HAVE_ECC_VERIFY_HELPER
#define HAVE_ECC_VERIFY_HELPER
#endif

1
wolfcrypt/src/include.am
View File

@@ -149,6 +149,7 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \
wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c \
wolfcrypt/src/port/Renesas/renesas_rx64_hw_util.c \
wolfcrypt/src/port/Renesas/README.md \
wolfcrypt/src/port/cypress/README.md \
wolfcrypt/src/port/cypress/psoc6_crypto.c \
wolfcrypt/src/port/liboqs/liboqs.c \
wolfcrypt/src/port/maxim/max3266x.c \

89
wolfcrypt/src/port/cypress/README.md Normal file
View File

@@ -0,0 +1,89 @@
# PSoC6 Hardware Crypto Port for wolfSSL
This directory provides a hardware-accelerated cryptography port for Cypress PSoC6 devices, integrating the PSoC6 hardware crypto block with the wolfSSL cryptography library. The implementation leverages the PSoC6 hardware to accelerate various cryptographic hash and ECC operations, improving performance and reducing CPU load.
## Implemented Features
### 1. Hardware-Accelerated Hash Functions
The following hash algorithms are implemented using the PSoC6 hardware crypto block:
- **SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256**
- All handled by the function `wc_Psoc6_Sha1_Sha2_Init`, which initializes the hardware for the selected hash mode.
- The macros `PSOC6_HASH_SHA1` and `PSOC6_HASH_SHA2` (defined in `psoc6_crypto.h`) control which SHA-1 and SHA-2 family algorithms are available for hardware acceleration.
- The corresponding wolfSSL macros (e.g., `WOLFSSL_SHA224`, `WOLFSSL_SHA384`, `WOLFSSL_SHA512`) must also be defined to enable the algorithm in the library.
- **SHA-3 Family**
- Supported if `PSOC6_HASH_SHA3` (defined in `psoc6_crypto.h`) and `WOLFSSL_SHA3` are both defined.
- Functions: `wc_Psoc6_Sha3_Init`, `wc_Psoc6_Sha3_Update`, `wc_Psoc6_Sha3_Final`
- SHAKE support: `wc_Psoc6_Shake_SqueezeBlocks`
- To enable SHAKE support (and use wc_Psoc6_Shake_SqueezeBlocks), you must define either `WOLFSSL_SHAKE128` or `WOLFSSL_SHAKE256` in addition to `WOLFSSL_SHA3` and hardware acceleration macros.
All hash operations are offloaded to the PSoC6 hardware, with mutex protection for thread safety.
### 2. Hardware-Accelerated ECDSA Verification
- **ECDSA Signature Verification**
- Function: `psoc6_ecc_verify_hash_ex`
- Uses PSoC6 hardware to verify ECDSA signatures for supported curves (up to secp521r1).
- Enabled when `HAVE_ECC` is defined.
### 3. Crypto Block Initialization and Resource Management
- **Initialization**
- Function: `psoc6_crypto_port_init`
- Enables the PSoC6 crypto hardware block.
- **Resource Cleanup**
- Function: `wc_Psoc6_Sha_Free`
- Clears and synchronizes the hardware register buffer.
## Enable Hardware Acceleration
To enable PSoC6 hardware crypto acceleration for hash and ECC algorithms, ensure the following macros are defined:
- `WOLFSSL_PSOC6_CRYPTO` — Enables the PSoC6 hardware crypto port.
- The following are defined in `psoc6_crypto.h` and control which hardware hash accelerations are available:
- `PSOC6_HASH_SHA1` — Enables SHA-1 hardware acceleration.
- `PSOC6_HASH_SHA2` — Enables SHA-2 family (SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256) hardware acceleration.
- `PSOC6_HASH_SHA3` — Enables SHA-3 family hardware acceleration.
- To enable the corresponding algorithms in wolfSSL, define the following macros as needed (typically in your `wolfssl/wolfcrypt/settings.h` or build system):
- `WOLFSSL_SHA224` — Enable SHA-224 support.
- `WOLFSSL_SHA384` — Enable SHA-384 support.
- `WOLFSSL_SHA512` — Enable SHA-512, SHA-512/224, SHA-512/256 support.
- `WOLFSSL_SHA3` — Enable SHA-3 support.
- `WOLFSSL_SHAKE128`, `WOLFSSL_SHAKE256` — Enable SHAKE support.
- `HAVE_ECC` — Enable ECC and ECDSA support.
**Example: Enabling SHA-1, SHA-2, and SHA-3 Hardware Acceleration**
In your build configuration or `wolfssl/wolfcrypt/settings.h`:
```c
#define WOLFSSL_PSOC6_CRYPTO
#define WOLFSSL_SHA224
#define WOLFSSL_SHA384
#define WOLFSSL_SHA512
#define WOLFSSL_SHA3
#define WOLFSSL_SHAKE128
#define WOLFSSL_SHAKE256
#define HAVE_ECC
```
- No need to define `PSOC6_HASH_SHA1`, `PSOC6_HASH_SHA2`, or `PSOC6_HASH_SHA3` yourself; they are defined in `psoc6_crypto.h`.
## File Overview
- `psoc6_crypto.h`
Header file declaring the hardware crypto interface and configuration macros.
- `psoc6_crypto.c`
Implementation of the hardware-accelerated hash and ECC functions for PSoC6.
## Integration Notes
- The port expects the PSoC6 PDL (Peripheral Driver Library) to be available and included in your project.
- The hardware crypto block is initialized on first use; no manual initialization is required unless you wish to call `psoc6_crypto_port_init` directly.
- Hash operations are mutex-protected for thread safety.
- ECC hardware operations are not mutex-protected; if you use ECC functions from multiple threads, you must provide your own synchronization.
- The implementation is designed to be compatible with the wolfSSL API, so existing code using wolfSSL hash/ECC functions will automatically benefit from hardware acceleration when enabled.
---
For further details, refer to the comments in [`psoc6_crypto.h`](wolfssl/wolfssl-master/wolfcrypt/port/cypress/psoc6_crypto.h) and [`psoc6_crypto.c`](wolfssl/wolfssl-master/wolfcrypt/src/port/cypress/psoc6_crypto.c)

1164
wolfcrypt/src/port/cypress/psoc6_crypto.c
View File

File diff suppressed because it is too large Load Diff

14
wolfcrypt/src/sha.c
View File

@@ -50,6 +50,10 @@
#include <wolfssl/wolfcrypt/port/caam/wolfcaam_fsl_nxp.h>
#endif
#if defined(WOLFSSL_PSOC6_CRYPTO)
#include <wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h>
#endif
/* Assume no hash HW available until supporting HW found. */
#undef WOLFSSL_USE_ESP32_CRYPT_HASH_HW
@@ -388,6 +392,8 @@
#elif defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_HASH)
/* implemented in wolfcrypt/src/port/psa/psa_hash.c */
#elif defined(PSOC6_HASH_SHA1)
/* Implemented in wolfcrypt/src/port/cypress/psoc6_crypto.c */
#else
/* Software implementation */
#define USE_SHA_SOFTWARE_IMPL
@@ -1074,6 +1080,10 @@ void wc_ShaFree(wc_Sha* sha)
#ifdef WOLFSSL_IMXRT_DCP
DCPShaFree(sha);
#endif
#if defined(PSOC6_HASH_SHA1)
wc_Psoc6_Sha_Free();
#endif
}
#endif /* !MAX3266X_SHA */
@@ -1164,6 +1174,10 @@ int wc_ShaCopy(wc_Sha* src, wc_Sha* dst)
}
#endif
#if defined(PSOC6_HASH_SHA1)
wc_Psoc6_Sha1_Sha2_Init(dst, WC_PSOC6_SHA1, 0);
#endif
#ifdef WOLFSSL_HASH_FLAGS
dst->flags |= WC_HASH_FLAG_ISCOPY;
#endif

22
wolfcrypt/src/sha256.c
View File

@@ -114,7 +114,6 @@ on the specific device platform.
#elif defined(WOLFSSL_CRYPTOCELL)
/* wc_port.c includes wolfcrypt/src/port/arm/cryptoCellHash.c */
#elif defined(WOLFSSL_PSOC6_CRYPTO)
#elif defined(MAX3266X_SHA)
/* Already brought in by sha256.h */
@@ -221,7 +220,7 @@ on the specific device platform.
((!defined(WOLFSSL_RENESAS_TSIP_TLS) && \
!defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) || \
defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)) && \
!defined(WOLFSSL_PSOC6_CRYPTO) && !defined(WOLFSSL_IMXRT_DCP) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
!defined(PSOC6_HASH_SHA2) && !defined(WOLFSSL_IMXRT_DCP) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
!defined(WOLFSSL_KCAPI_HASH) && !defined(WOLFSSL_SE050_HASH) && \
((!defined(WOLFSSL_RENESAS_SCEPROTECT) && \
!defined(WOLFSSL_RENESAS_RSIP)) \
@@ -1048,8 +1047,7 @@ static int InitSha256(wc_Sha256* sha256)
/* implemented in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */
#elif defined(WOLFSSL_PSOC6_CRYPTO)
#elif defined(PSOC6_HASH_SHA2)
/* implemented in wolfcrypt/src/port/cypress/psoc6_crypto.c */
#elif defined(WOLFSSL_IMXRT_DCP)
@@ -2004,6 +2002,8 @@ static int Transform_Sha256(wc_Sha256* sha256, const byte* data)
!defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
/* implemented in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */
#elif defined(PSOC6_HASH_SHA2)
/* Implemented in wolfcrypt/src/port/cypress/psoc6_crypto.c */
#else
@@ -2258,6 +2258,9 @@ static int Transform_Sha256(wc_Sha256* sha256, const byte* data)
XFREE(sha224->msg, sha224->heap, DYNAMIC_TYPE_TMP_BUFFER);
sha224->msg = NULL;
}
#endif
#if defined(PSOC6_HASH_SHA2)
wc_Psoc6_Sha_Free();
#endif
ForceZero(sha224, sizeof(*sha224));
}
@@ -2376,6 +2379,11 @@ void wc_Sha256Free(wc_Sha256* sha256)
ESP_LOGV(TAG, "Hardware unlock not needed in wc_Sha256Free.");
}
#endif
#if defined(PSOC6_HASH_SHA2)
wc_Psoc6_Sha_Free();
#endif
ForceZero(sha256, sizeof(*sha256));
} /* wc_Sha256Free */
@@ -2498,6 +2506,9 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz)
}
#endif
#if defined(PSOC6_HASH_SHA2)
wc_Psoc6_Sha1_Sha2_Init(dst, WC_PSOC6_SHA224, 0);
#endif
return ret;
}
@@ -2539,9 +2550,6 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz)
&& !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
/* implemented in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */
#elif defined(WOLFSSL_PSOC6_CRYPTO)
/* implemented in wolfcrypt/src/port/cypress/psoc6_crypto.c */
#elif defined(WOLFSSL_IMXRT_DCP)
/* implemented in wolfcrypt/src/port/nxp/dcp_port.c */
#elif defined(WOLFSSL_KCAPI_HASH)

287
wolfcrypt/src/sha3.c
View File

@@ -27,6 +27,10 @@
#undef WOLFSSL_RISCV_ASM
#endif
#if defined(WOLFSSL_PSOC6_CRYPTO)
#include <wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h>
#endif
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_XILINX_CRYPT) && \
!defined(WOLFSSL_AFALG_XILINX_SHA3)
@@ -297,7 +301,7 @@ void BlockSha3(word64* s)
*/
#define ROTL64(a, n) (((a)<<(n))|((a)>>(64-(n))))
#if !defined(STM32_HASH_SHA3)
#if !defined(STM32_HASH_SHA3) && !defined(PSOC6_HASH_SHA3)
/* An array of values to XOR for block operation. */
static const word64 hash_keccak_r[24] =
{
@@ -532,7 +536,7 @@ do { \
while (0)
#endif /* SHA3_BY_SPEC */
#if !defined(STM32_HASH_SHA3)
#if !defined(STM32_HASH_SHA3) && !defined(PSOC6_HASH_SHA3)
/* The block operation performed on the state.
*
* s The state.
@@ -562,7 +566,7 @@ void BlockSha3(word64* s)
#endif /* STM32_HASH_SHA3 */
#endif /* !WOLFSSL_ARMASM && !WOLFSSL_RISCV_ASM */
#if !defined(STM32_HASH_SHA3)
#if !defined(STM32_HASH_SHA3) && !defined(PSOC6_HASH_SHA3)
#if defined(BIG_ENDIAN_ORDER)
static WC_INLINE word64 Load64Unaligned(const unsigned char *a)
{
@@ -913,6 +917,78 @@ static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, word32 l)
return ret;
}
#elif defined(PSOC6_HASH_SHA3)
static int wc_InitSha3(wc_Sha3* sha3, void* heap, int devId)
{
int ret;
if (sha3 == NULL) {
return BAD_FUNC_ARG;
}
(void)devId;
(void)heap;
/* Lock the mutex to perform crypto operations */
ret = wolfSSL_CryptHwMutexLock();
if (ret == 0) {
/* Initialize hash state for SHA-3 operation */
ret = wc_Psoc6_Sha3_Init(sha3);
/* Release the lock */
wolfSSL_CryptHwMutexUnLock();
}
return ret;
}
static int wc_Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p)
{
int ret;
if (sha3 == NULL || (data == NULL && len > 0)) {
return BAD_FUNC_ARG;
}
if (data == NULL && len == 0) {
/* valid, but do nothing */
return 0;
}
/* Lock the mutex to perform crypto operations */
ret = wolfSSL_CryptHwMutexLock();
if (ret == 0) {
/* Perform SHA3 on the input data and update the hash state */
ret = wc_Psoc6_Sha3_Update(sha3, data, len, p);
/* Release the lock */
wolfSSL_CryptHwMutexUnLock();
}
return ret;
}
static int wc_Sha3Final(wc_Sha3* sha3, byte* hash, byte p, byte len)
{
int ret;
if (sha3 == NULL || hash == NULL) {
return BAD_FUNC_ARG;
}
/* Lock the mutex to perform crypto operations */
ret = wolfSSL_CryptHwMutexLock();
if (ret == 0) {
/* Finalize SHA3 operations and produce digest */
ret = wc_Psoc6_Sha3_Final(sha3, 0x06, hash, p, len);
if (ret == 0) {
/* Initialize hash state for SHA-3 operation */
ret = wc_Psoc6_Sha3_Init(sha3);
}
/* Release the lock */
wolfSSL_CryptHwMutexUnLock();
}
return ret;
}
#else
/* Initialize the state for a SHA-3 hash operation.
@@ -1062,6 +1138,7 @@ static int wc_Sha3Final(wc_Sha3* sha3, byte* hash, byte p, byte len)
return InitSha3(sha3); /* reset state */
}
#endif
/* Dispose of any dynamically allocated data from the SHA3-384 operation.
* (Required for async ops.)
*
@@ -1078,8 +1155,11 @@ static void wc_Sha3Free(wc_Sha3* sha3)
wolfAsync_DevCtxFree(&sha3->asyncDev, WOLFSSL_ASYNC_MARKER_SHA3);
#endif /* WOLFSSL_ASYNC_CRYPT */
}
#if defined(PSOC6_HASH_SHA3)
wc_Psoc6_Sha_Free();
#endif
}
/* Copy the state of the SHA3 operation.
*
@@ -1099,6 +1179,12 @@ static int wc_Sha3Copy(wc_Sha3* src, wc_Sha3* dst)
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA3)
ret = wolfAsync_DevCopy(&src->asyncDev, &dst->asyncDev);
#endif
#if defined(PSOC6_HASH_SHA3)
/* Re-initialize internal pointers in hash_state that point inside sha_buffers */
dst->hash_state.hash = (uint8_t*)((cy_stc_crypto_v2_sha3_buffers_t *)&dst->sha_buffers)->hash;
#endif
#ifdef WOLFSSL_HASH_FLAGS
dst->flags |= WC_HASH_FLAG_ISCOPY;
#endif
@@ -1131,7 +1217,6 @@ static int wc_Sha3GetHash(wc_Sha3* sha3, byte* hash, byte p, byte len)
return ret;
}
/* Initialize the state for a SHA3-224 hash operation.
*
* sha3 wc_Sha3 object holding state.
@@ -1449,6 +1534,101 @@ int wc_InitShake128(wc_Shake* shake, void* heap, int devId)
return wc_InitSha3(shake, heap, devId);
}
#if defined(PSOC6_HASH_SHA3)
int wc_Shake128_Update(wc_Shake* shake, const byte* data, word32 len)
{
int ret;
if (shake == NULL || (data == NULL && len > 0)) {
return BAD_FUNC_ARG;
}
if (data == NULL && len == 0) {
/* valid, but do nothing */
return 0;
}
/* Lock the mutex to perform crypto operations */
ret = wolfSSL_CryptHwMutexLock();
if (ret == 0) {
/* Perform SHA3 on the input data and update the hash state */
ret = wc_Psoc6_Sha3_Update(shake, data, len, WC_SHA3_128_COUNT);
/* Release the lock */
wolfSSL_CryptHwMutexUnLock();
}
return ret;
}
int wc_Shake128_Final(wc_Shake* shake, byte* hash, word32 hashLen)
{
int ret;
if (shake == NULL || hash == NULL) {
return BAD_FUNC_ARG;
}
/* Lock the mutex to perform crypto operations */
ret = wolfSSL_CryptHwMutexLock();
if (ret == 0) {
/* Finalize SHA3 operations and produce digest */
ret = wc_Psoc6_Sha3_Final(shake, 0x1f, hash, WC_SHA3_128_COUNT, hashLen);
if (ret == 0) {
/* Initialize hash state for SHA-3 operation */
ret = wc_Psoc6_Sha3_Init(shake);
}
/* Release the lock */
wolfSSL_CryptHwMutexUnLock();
}
return ret;
}
int wc_Shake128_Absorb(wc_Shake* shake, const byte* data, word32 len)
{
int ret;
if ((shake == NULL) || (data == NULL && len != 0)) {
return BAD_FUNC_ARG;
}
/* Lock the mutex to perform crypto operations */
ret = wolfSSL_CryptHwMutexLock();
if (ret == 0) {
/* Perform SHA3 on the input data and update the hash state */
ret = wc_Psoc6_Sha3_Update(shake, data, len, WC_SHA3_128_COUNT);
if (ret == 0) {
/* Finalize SHA3 operations and produce digest */
ret = wc_Psoc6_Sha3_Final(shake, 0x1f, NULL, WC_SHA3_128_COUNT, 0);
}
/* Release the lock */
wolfSSL_CryptHwMutexUnLock();
}
return ret;
}
int wc_Shake128_SqueezeBlocks(wc_Shake* shake, byte* out, word32 blockCnt)
{
int ret;
if ((shake == NULL) || (out == NULL && blockCnt != 0)) {
return BAD_FUNC_ARG;
}
/* Lock the mutex to perform crypto operations */
ret = wolfSSL_CryptHwMutexLock();
if (ret == 0) {
/* Squeeze output blocks from current hash state */
ret = wc_Psoc6_Shake_SqueezeBlocks(shake, out, blockCnt);
/* Release the lock */
wolfSSL_CryptHwMutexUnLock();
}
return ret;
}
#else
/* Update the SHAKE128 hash state with message data.
*
* shake wc_Shake object holding state.
@@ -1563,6 +1743,8 @@ int wc_Shake128_SqueezeBlocks(wc_Shake* shake, byte* out, word32 blockCnt)
return 0;
}
#endif
/* Dispose of any dynamically allocated data from the SHAKE128 operation.
* (Required for async ops.)
@@ -1600,6 +1782,100 @@ int wc_InitShake256(wc_Shake* shake, void* heap, int devId)
return wc_InitSha3(shake, heap, devId);
}
#ifdef PSOC6_HASH_SHA3
int wc_Shake256_Update(wc_Shake* shake, const byte* data, word32 len)
{
int ret;
if (shake == NULL || (data == NULL && len > 0)) {
return BAD_FUNC_ARG;
}
if (data == NULL && len == 0) {
/* valid, but do nothing */
return 0;
}
/* Lock the mutex to perform crypto operations */
ret = wolfSSL_CryptHwMutexLock();
if (ret == 0) {
/* Perform SHA3 on the input data and update the hash state */
ret = wc_Psoc6_Sha3_Update(shake, data, len, WC_SHA3_256_COUNT);
/* Release the lock */
wolfSSL_CryptHwMutexUnLock();
}
return ret;
}
int wc_Shake256_Final(wc_Shake* shake, byte* hash, word32 hashLen)
{
int ret;
if (shake == NULL || hash == NULL) {
return BAD_FUNC_ARG;
}
/* Lock the mutex to perform crypto operations */
ret = wolfSSL_CryptHwMutexLock();
if (ret == 0) {
/* Finalize SHA3 operations and produce digest */
ret = wc_Psoc6_Sha3_Final(shake, 0x1f, hash, WC_SHA3_256_COUNT, hashLen);
if (ret == 0) {
/* Initialize hash state for SHA-3 operation */
ret = wc_Psoc6_Sha3_Init(shake);
}
/* Release the lock */
wolfSSL_CryptHwMutexUnLock();
}
return ret;
}
int wc_Shake256_Absorb(wc_Shake* shake, const byte* data, word32 len)
{
int ret;
if ((shake == NULL) || (data == NULL && len != 0)) {
return BAD_FUNC_ARG;
}
/* Lock the mutex to perform crypto operations */
ret = wolfSSL_CryptHwMutexLock();
if (ret == 0) {
/* Perform SHA3 on the input data and update the hash state */
ret = wc_Psoc6_Sha3_Update(shake, data, len, WC_SHA3_256_COUNT);
if (ret == 0) {
/* Finalize SHA3 operations and produce digest */
ret = wc_Psoc6_Sha3_Final(shake, 0x1f, NULL, WC_SHA3_256_COUNT, 0);
}
/* Release the lock */
wolfSSL_CryptHwMutexUnLock();
}
return ret;
}
int wc_Shake256_SqueezeBlocks(wc_Shake* shake, byte* out, word32 blockCnt)
{
int ret;
if ((shake == NULL) || (out == NULL && blockCnt != 0)) {
return BAD_FUNC_ARG;
}
/* Lock the mutex to perform crypto operations */
ret = wolfSSL_CryptHwMutexLock();
if (ret == 0) {
/* Squeeze output blocks from current hash state */
ret = wc_Psoc6_Shake_SqueezeBlocks(shake, out, blockCnt);
/* Release the lock */
wolfSSL_CryptHwMutexUnLock();
}
return ret;
}
#else
/* Update the SHAKE256 hash state with message data.
*
* shake wc_Shake object holding state.
@@ -1708,6 +1984,7 @@ int wc_Shake256_SqueezeBlocks(wc_Shake* shake, byte* out, word32 blockCnt)
return 0;
}
#endif
/* Dispose of any dynamically allocated data from the SHAKE256 operation.
* (Required for async ops.)

37
wolfcrypt/src/sha512.c
View File

@@ -23,7 +23,7 @@
#if (defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)) && \
(!defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_ARMASM_NO_NEON)) && \
!defined(WOLFSSL_PSOC6_CRYPTO) && !defined(WOLFSSL_RISCV_ASM)
!defined(WOLFSSL_RISCV_ASM)
/* determine if we are using Espressif SHA hardware acceleration */
#undef WOLFSSL_USE_ESP32_CRYPT_HASH_HW
@@ -93,6 +93,10 @@
/* #include <wolfssl/wolfcrypt/port/maxim/max3266x.h> */
#endif
#if defined(WOLFSSL_PSOC6_CRYPTO)
#include <wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h>
#endif
#if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP)
#if defined(__GNUC__) && ((__GNUC__ < 4) || \
(__GNUC__ == 4 && __GNUC_MINOR__ <= 8))
@@ -260,6 +264,8 @@
return ret;
}
#elif defined(PSOC6_HASH_SHA2)
/* Functions defined in wolfcrypt/src/port/cypress/psoc6_crypto.c */
#else
@@ -1224,6 +1230,7 @@ int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len)
#elif defined(MAX3266X_SHA)
/* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */
#elif defined(STM32_HASH_SHA512)
#elif defined(PSOC6_HASH_SHA2)
#else
static WC_INLINE int Sha512Final(wc_Sha512* sha512)
@@ -1387,6 +1394,7 @@ static WC_INLINE int Sha512Final(wc_Sha512* sha512)
#elif defined(MAX3266X_SHA)
/* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */
#elif defined(STM32_HASH_SHA512)
#elif defined(PSOC6_HASH_SHA2)
#elif defined(WOLFSSL_SILABS_SHA512)
#else
@@ -1519,6 +1527,10 @@ void wc_Sha512Free(wc_Sha512* sha512)
wolfAsync_DevCtxFree(&sha512->asyncDev, WOLFSSL_ASYNC_MARKER_SHA512);
#endif /* WOLFSSL_ASYNC_CRYPT */
#if defined(PSOC6_HASH_SHA2)
wc_Psoc6_Sha_Free();
#endif
ForceZero(sha512, sizeof(*sha512));
}
#endif
@@ -1702,6 +1714,9 @@ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data)
return ret;
}
#elif defined(PSOC6_HASH_SHA2)
/* implemented in wolfcrypt/src/port/cypress/psoc6_crypto.c */
#else
static int InitSha384(wc_Sha384* sha384)
@@ -2090,6 +2105,10 @@ int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst)
}
#endif
#if defined(PSOC6_HASH_SHA2)
wc_Psoc6_Sha1_Sha2_Init(dst, WC_PSOC6_SHA512, 0);
#endif
return ret;
}
@@ -2173,12 +2192,14 @@ int wc_Sha512_224Final(wc_Sha512* sha512, byte* hash)
return ret;
}
#elif defined(PSOC6_HASH_SHA2)
/* functions defined in wolfcrypt/src/port/cypress/psoc6_crypto.c */
#endif
int wc_InitSha512_224(wc_Sha512* sha)
{
return wc_InitSha512_224_ex(sha, NULL, INVALID_DEVID);
}
#if !defined(STM32_HASH_SHA512_224)
#if !defined(STM32_HASH_SHA512_224) && !defined(PSOC6_HASH_SHA2)
int wc_Sha512_224Update(wc_Sha512* sha, const byte* data, word32 len)
{
return wc_Sha512Update(sha, data, len);
@@ -2192,6 +2213,8 @@ int wc_Sha512_224Update(wc_Sha512* sha, const byte* data, word32 len)
#elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
#elif defined(STM32_HASH_SHA512_224)
#elif defined(PSOC6_HASH_SHA2)
/* functions defined in wolfcrypt/src/port/cypress/psoc6_crypto.c */
#else
int wc_Sha512_224FinalRaw(wc_Sha512* sha, byte* hash)
@@ -2312,12 +2335,14 @@ int wc_Sha512_224Transform(wc_Sha512* sha, const unsigned char* data)
return ret;
}
#elif defined(PSOC6_HASH_SHA2)
/* functions defined in wolfcrypt/src/port/cypress/psoc6_crypto.c */
#endif
int wc_InitSha512_256(wc_Sha512* sha)
{
return wc_InitSha512_256_ex(sha, NULL, INVALID_DEVID);
}
#if !defined(STM32_HASH_SHA512_256)
#if !defined(STM32_HASH_SHA512_256) && !defined(PSOC6_HASH_SHA2)
int wc_Sha512_256Update(wc_Sha512* sha, const byte* data, word32 len)
{
return wc_Sha512Update(sha, data, len);
@@ -2331,6 +2356,8 @@ int wc_Sha512_256Update(wc_Sha512* sha, const byte* data, word32 len)
#elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
#elif defined(STM32_HASH_SHA512_256)
#elif defined(PSOC6_HASH_SHA2)
/* functions defined in wolfcrypt/src/port/cypress/psoc6_crypto.c */
#else
int wc_Sha512_256FinalRaw(wc_Sha512* sha, byte* hash)
{
@@ -2505,6 +2532,10 @@ int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
}
#endif
#if defined(PSOC6_HASH_SHA2)
wc_Psoc6_Sha1_Sha2_Init(dst, WC_PSOC6_SHA384, 0);
#endif
return ret;
}

2
wolfcrypt/src/wc_mlkem_poly.c
View File

@@ -3000,7 +3000,7 @@ int mlkem_hash512(wc_Sha3* hash, const byte* data1, word32 data1Len,
*/
void mlkem_prf_init(wc_Shake* prf)
{
XMEMSET(prf->s, 0, sizeof(prf->s));
wc_InitShake256(prf, NULL, 0);
}
/* New/Initialize SHAKE-256 object.

62
wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h
View File

@@ -24,32 +24,64 @@
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/types.h> /* for MATH_INT_T */
#include "cy_crypto_core_sha.h"
#include "cy_device_headers.h"
#include "psoc6_02_config.h"
#include "cy_crypto_common.h"
#include "cy_crypto_core.h"
#include <wolfssl/wolfcrypt/wc_port.h>
#if defined(WOLFSSL_PSOC6_CRYPTO)
#ifdef WOLFSSL_SHA512
#include <wolfssl/wolfcrypt/sha512.h>
#include "cy_pdl.h"
/* SHA1, SHA2 and SHA3 are supported for PSOC6 */
#define PSOC6_HASH_SHA1
#define PSOC6_HASH_SHA2
#define PSOC6_HASH_SHA3
typedef enum {
WC_PSOC6_SHA1 = 0,
WC_PSOC6_SHA224 = 1,
WC_PSOC6_SHA256 = 2,
WC_PSOC6_SHA384 = 3,
WC_PSOC6_SHA512 = 4,
WC_PSOC6_SHA512_224 = 5,
WC_PSOC6_SHA512_256 = 6
} wc_psoc6_hash_sha1_sha2_t;
#if defined(PSOC6_HASH_SHA1) || defined(PSOC6_HASH_SHA2)
int wc_Psoc6_Sha1_Sha2_Init(void* sha, wc_psoc6_hash_sha1_sha2_t hash_mode,
int init_hash);
#endif
#ifndef NO_SHA256
#include <wolfssl/wolfcrypt/sha.h>
#include <wolfssl/wolfcrypt/sha256.h>
#endif /* !def NO_SHA256 */
#if defined(PSOC6_HASH_SHA1) || defined(PSOC6_HASH_SHA2) || \
defined(PSOC6_HASH_SHA3)
void wc_Psoc6_Sha_Free(void);
#endif
#if defined(WOLFSSL_SHA3) && defined(PSOC6_HASH_SHA3)
int wc_Psoc6_Sha3_Init(void* sha3);
int wc_Psoc6_Sha3_Update(void* sha3, const byte* data, word32 len, byte p);
int wc_Psoc6_Sha3_Final(void* sha3, byte padChar, byte* hash, byte p, word32 l);
int wc_Psoc6_Shake_SqueezeBlocks(void* shake, byte* out, word32 blockCnt);
#endif /* WOLFSSL_SHA3 && PSOC6_HASH_SHA3 */
#ifdef HAVE_ECC
#include <wolfssl/wolfcrypt/ecc.h>
int psoc6_ecc_verify_hash_ex(MATH_INT_T *r, MATH_INT_T *s, const byte* hash,
word32 hashlen, int* verif_res, ecc_key* key);
/* Forward declaration of ecc_key structure.
* Only pointers to struct ecc_key are used in this header,
* so the forward declaration is sufficient.
* The full definition is in wolfssl/wolfcrypt/ecc.h.
*/
struct ecc_key;
int psoc6_ecc_verify_hash_ex(MATH_INT_T* r, MATH_INT_T* s, const byte* hash,
word32 hashlen, int* verif_res,
struct ecc_key* key);
#endif /* HAVE_ECC */
#define PSOC6_CRYPTO_BASE ((CRYPTO_Type*) CRYPTO_BASE)
#define PSOC6_CRYPTO_BASE ((CRYPTO_Type*)CRYPTO_BASE)
/* Crypto HW engine initialization */
int psoc6_crypto_port_init(void);
#endif /* WOLFSSL_PSOC6_CRYPTO */
#endif /* _PSOC6_CRYPTO_PORT_H_ */

12
wolfssl/wolfcrypt/sha.h
View File

@@ -48,6 +48,15 @@
#include "fsl_dcp.h"
#endif
#if defined(WOLFSSL_PSOC6_CRYPTO)
#include <wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h>
#include "cy_crypto_core_sha.h"
#include "cy_device_headers.h"
#include "cy_crypto_common.h"
#include "cy_crypto_core.h"
#endif
#ifdef __cplusplus
extern "C" {
#endif
@@ -141,6 +150,9 @@ struct wc_Sha {
dcp_hash_ctx_t ctx;
#elif defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_HASH)
psa_hash_operation_t psa_ctx;
#elif defined(PSOC6_HASH_SHA1)
cy_stc_crypto_sha_state_t hash_state;
cy_stc_crypto_v2_sha1_buffers_t sha_buffers;
#else
word32 buffLen; /* in bytes */
word32 loLen; /* length in bytes */

14
wolfssl/wolfcrypt/sha256.h
View File

@@ -50,10 +50,12 @@
#endif
#if defined(WOLFSSL_PSOC6_CRYPTO)
#include "cy_crypto_core_sha.h"
#include "cy_device_headers.h"
#include "cy_crypto_common.h"
#include "cy_crypto_core.h"
#include <wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h>
#include "cy_crypto_core_sha.h"
#include "cy_device_headers.h"
#include "cy_crypto_common.h"
#include "cy_crypto_core.h"
#endif
#ifdef __cplusplus
@@ -163,6 +165,7 @@ enum {
#include "mcapi_error.h"
#endif
/* wc_Sha256 digest */
struct wc_Sha256 {
#ifdef FREESCALE_LTC_SHA
@@ -176,9 +179,8 @@ struct wc_Sha256 {
#elif defined(WOLFSSL_IMXRT_DCP)
dcp_handle_t handle;
dcp_hash_ctx_t ctx;
#elif defined(WOLFSSL_PSOC6_CRYPTO)
#elif defined(PSOC6_HASH_SHA2)
cy_stc_crypto_sha_state_t hash_state;
cy_en_crypto_sha_mode_t sha_mode;
cy_stc_crypto_v2_sha256_buffers_t sha_buffers;
#elif defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_HASH)
psa_hash_operation_t psa_ctx;

15
wolfssl/wolfcrypt/sha3.h
View File

@@ -117,8 +117,22 @@ enum {
#include <wolfssl/wolfcrypt/port/af_alg/afalg_hash.h>
#else
#if defined(WOLFSSL_PSOC6_CRYPTO)
#include <wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h>
#include "cy_crypto_core_sha.h"
#include "cy_device_headers.h"
#include "cy_crypto_common.h"
#include "cy_crypto_core.h"
#endif
/* Sha3 digest */
struct wc_Sha3 {
#if defined(PSOC6_HASH_SHA3)
cy_stc_crypto_sha_state_t hash_state;
cy_stc_crypto_v2_sha3_buffers_t sha_buffers;
bool init_done;
#else
/* State data that is processed for each block. */
word64 s[25];
/* Unprocessed message data. */
@@ -147,6 +161,7 @@ struct wc_Sha3 {
#if defined(STM32_HASH_SHA3)
STM32_HASH_Context stmCtx;
#endif
#endif
};
#ifndef WC_SHA3_TYPE_DEFINED

6
wolfssl/wolfcrypt/sha512.h
View File

@@ -59,11 +59,14 @@
#include <wolfssl/wolfcrypt/port/silabs/silabs_hash.h>
#endif
#if defined(WOLFSSL_PSOC6_CRYPTO)
#include <wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h>
#include "cy_crypto_core_sha.h"
#include "cy_device_headers.h"
#include "cy_crypto_common.h"
#include "cy_crypto_core.h"
#endif
#if defined(WOLFSSL_KCAPI_HASH)
#include <wolfssl/wolfcrypt/port/kcapi/kcapi_hash.h>
#endif
@@ -144,9 +147,8 @@ enum {
#endif
/* wc_Sha512 digest */
struct wc_Sha512 {
#ifdef WOLFSSL_PSOC6_CRYPTO
#if defined(PSOC6_HASH_SHA2)
cy_stc_crypto_sha_state_t hash_state;
cy_en_crypto_sha_mode_t sha_mode;
cy_stc_crypto_v2_sha512_buffers_t sha_buffers;
void* heap;
#else