wolfSSL
diff --git a/‎src/wh_client_crypto.c‎
Lines changed: 211 additions & 0 deletions b/‎src/wh_client_crypto.c‎
Lines changed: 211 additions & 0 deletions
diff --git a/‎src/wh_client_cryptocb.c‎
Lines changed: 13 additions & 0 deletions b/‎src/wh_client_cryptocb.c‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎src/wh_message_crypto.c‎
Lines changed: 33 additions & 0 deletions b/‎src/wh_message_crypto.c‎
Lines changed: 33 additions & 0 deletions
@@ -170,6 +170,35 @@ static int _getCryptoResponse(uint8_t* respBuf, uint16_t type,
     return header->rc;
 }
 
+#if !defined(NO_HMAC)
+#define WH_CLIENT_HMAC_PACK_IDS(_keyId, _stateId)                             \
+    ((uintptr_t)((((uintptr_t)(_stateId) & 0xFFFFu) << 16) |                  \
+                 ((uintptr_t)(_keyId) & 0xFFFFu)))
+
+static uint16_t _wh_Client_HmacGetKeyId(const Hmac* hmac)
+{
+    return (uint16_t)(((uintptr_t)hmac->devCtx) & 0xFFFFu);
+}
+
+static uint16_t _wh_Client_HmacGetStateId(const Hmac* hmac)
+{
+    return (uint16_t)((((uintptr_t)hmac->devCtx) >> 16) & 0xFFFFu);
+}
+
+static void _wh_Client_HmacSetIds(Hmac* hmac, uint16_t keyId, uint16_t stateId)
+{
+    hmac->devCtx = (void*)WH_CLIENT_HMAC_PACK_IDS(keyId, stateId);
+}
+
+static int _wh_Client_HmacSend(whClientContext* ctx,
+                               whMessageCrypto_hmacOperation op, int hashType,
+                               uint16_t keyId, uint16_t stateId,
+                               const uint8_t* key, uint32_t keyLen,
+                               const uint8_t* in, uint32_t inLen,
+                               uint8_t* out, uint32_t outCapacity,
+                               uint16_t* outStateId, uint32_t* outSz);
+#endif /* !NO_HMAC */
+
 /** Implementations */
 int wh_Client_RngGenerate(whClientContext* ctx, uint8_t* out, uint32_t size)
 {
@@ -2758,6 +2787,188 @@ int wh_Client_AesGetKeyId(Aes* key, whNvmId* outId)
 }
 #endif
 
+#if !defined(NO_HMAC)
+int wh_Client_HmacSetKeyId(Hmac* hmac, whKeyId keyId)
+{
+    if ((hmac == NULL) || WH_KEYID_ISERASED(keyId)) {
+        return WH_ERROR_BADARGS;
+    }
+
+    _wh_Client_HmacSetIds(hmac, keyId, 0);
+    return WH_ERROR_OK;
+}
+
+static int _wh_Client_HmacSend(whClientContext* ctx,
+                               whMessageCrypto_hmacOperation op, int hashType,
+                               uint16_t keyId, uint16_t stateId,
+                               const uint8_t* key, uint32_t keyLen,
+                               const uint8_t* in, uint32_t inLen,
+                               uint8_t* out, uint32_t outCapacity,
+                               uint16_t* outStateId, uint32_t* outSz)
+{
+    if (ctx == NULL || (keyLen > 0 && key == NULL) ||
+        (inLen > 0 && in == NULL)) {
+        return WH_ERROR_BADARGS;
+    }
+
+    uint8_t* dataPtr = (uint8_t*)wh_CommClient_GetDataPtr(ctx->comm);
+    if (dataPtr == NULL) {
+        return WH_ERROR_BADARGS;
+    }
+
+    uint32_t payloadLen =
+        sizeof(whMessageCrypto_GenericRequestHeader) +
+        sizeof(whMessageCrypto_HmacRequest) + keyLen + inLen;
+    if (payloadLen > WOLFHSM_CFG_COMM_DATA_LEN) {
+        return WH_ERROR_BADARGS;
+    }
+
+    whMessageCrypto_HmacRequest* req =
+        (whMessageCrypto_HmacRequest*)_createCryptoRequest(
+            dataPtr, WC_ALGO_TYPE_HMAC);
+
+    req->hashType = (uint32_t)hashType;
+    req->keySz    = keyLen;
+    req->inSz     = inLen;
+    req->keyId    = keyId;
+    req->stateId  = stateId;
+    req->hmacOp   = (uint16_t)op;
+    req->flags    = 0;
+
+    uint8_t* idx = (uint8_t*)(req + 1);
+    if (keyLen > 0U) {
+        if (key == NULL) {
+            return WH_ERROR_BADARGS;
+        }
+        memcpy(idx, key, keyLen);
+        idx += keyLen;
+    }
+    if (inLen > 0U) {
+        if (in == NULL) {
+            return WH_ERROR_BADARGS;
+        }
+        memcpy(idx, in, inLen);
+        idx += inLen;
+    }
+
+    int ret = wh_Client_SendRequest(ctx, WH_MESSAGE_GROUP_CRYPTO,
+                                    WC_ALGO_TYPE_HMAC, (uint16_t)payloadLen,
+                                    dataPtr);
+    if (ret != WH_ERROR_OK) {
+        return ret;
+    }
+
+    uint16_t respGroup;
+    uint16_t respAction;
+    uint16_t respSize;
+    do {
+        ret = wh_Client_RecvResponse(ctx, &respGroup, &respAction, &respSize,
+                                     dataPtr);
+    } while (ret == WH_ERROR_NOTREADY);
+    if (ret != WH_ERROR_OK) {
+        return ret;
+    }
+    if ((respGroup != WH_MESSAGE_GROUP_CRYPTO) ||
+        (respAction != WC_ALGO_TYPE_HMAC)) {
+        return WH_ERROR_ABORTED;
+    }
+
+    whMessageCrypto_HmacResponse* resp = NULL;
+    ret = _getCryptoResponse(dataPtr, WC_ALGO_TYPE_HMAC, (uint8_t**)&resp);
+    if (ret < 0) {
+        return ret;
+    }
+
+    if (outStateId != NULL) {
+        *outStateId = resp->stateId;
+    }
+    if (outSz != NULL) {
+        *outSz = resp->outSz;
+    }
+
+    if (resp->outSz > 0U) {
+        uint8_t* respData = (uint8_t*)(resp + 1);
+        if ((out == NULL) || (resp->outSz > outCapacity)) {
+            return WH_ERROR_NOSPACE;
+        }
+        memcpy(out, respData, resp->outSz);
+    }
+
+    return ret;
+}
+
+int wh_Client_Hmac(whClientContext* ctx, Hmac* hmac, int macType,
+                   const uint8_t* in, uint32_t inLen, uint8_t* digest)
+{
+    if ((ctx == NULL) || (hmac == NULL) || (in == NULL && inLen > 0)) {
+        return WH_ERROR_BADARGS;
+    }
+
+    uint16_t keyId   = _wh_Client_HmacGetKeyId(hmac);
+    uint16_t stateId = _wh_Client_HmacGetStateId(hmac);
+    uint32_t digestSz;
+    const uint8_t* keyBuf =  NULL;
+    uint32_t       keyLen = 0;
+    int            ret    = WH_ERROR_OK;
+
+    /* send inline key only on on first use */
+    if (stateId == 0U && keyId == WH_KEYID_ERASED) {
+        if (hmac->keyLen == 0U || hmac->keyRaw == NULL) {
+            return WH_ERROR_BADARGS;
+        }
+        keyBuf = hmac->keyRaw;
+        keyLen = hmac->keyLen;
+    }
+
+    /* get digest size */
+    if (digest != NULL) {
+        ret = wc_HmacSizeByType(macType);
+        if (ret < 0) {
+            return ret;
+        }
+        digestSz = ret;
+    }
+
+    /* one shot operation */
+    if (digest != NULL && stateId == 0) {
+        /* stateId must be 0 for one shot */
+        if (stateId != 0U) {
+            return WH_ERROR_BADARGS;
+        }
+
+        ret = _wh_Client_HmacSend(ctx, WH_MESSAGE_CRYPTO_HMAC_OP_ONESHOT,
+                                  macType, keyId, stateId, keyBuf, keyLen, in,
+                                  inLen, digest, digestSz, NULL,
+                                  &digestSz);
+        if (ret < 0) {
+            return ret;
+        }
+    }
+    /* update only operation */
+    else if (digest == NULL) {
+        ret = _wh_Client_HmacSend(ctx, WH_MESSAGE_CRYPTO_HMAC_OP_UPDATE,
+                                  macType, keyId, stateId, keyBuf, keyLen, in,
+                                  inLen, NULL, 0, &stateId, NULL);
+        if (ret < 0) {
+            return ret;
+        }
+        _wh_Client_HmacSetIds(hmac, keyId, stateId);
+    }
+    /* final only operation */
+    else {
+        ret = _wh_Client_HmacSend(ctx, WH_MESSAGE_CRYPTO_HMAC_OP_FINAL,
+                                  macType, keyId, stateId, keyBuf, keyLen, NULL, 0,
+                                  digest, digestSz, NULL, &digestSz);
+        if (ret < 0) {
+            return ret;
+        }
+        _wh_Client_HmacSetIds(hmac, keyId, 0);
+    }
+
+    return ret;
+}
+#endif /* !NO_HMAC */
+
 #ifdef WOLFSSL_CMAC
 int wh_Client_CmacSetKeyId(Cmac* key, whNvmId keyId)
 {
 
@@ -423,6 +423,19 @@ int wh_Client_CryptoCb(int devId, wc_CryptoInfo* info, void* inCtx)
 
 #endif /* WOLFSSL_CMAC */
 
+#if !defined(NO_HMAC)
+    case WC_ALGO_TYPE_HMAC:
+    {
+        const uint8_t* in     = info->hmac.in;
+        uint32_t       in_len = info->hmac.inSz;
+        uint8_t*       out    = info->hmac.digest;
+        Hmac*          hmac   = info->hmac.hmac;
+        int            type   = info->hmac.macType;
+
+        ret = wh_Client_Hmac(ctx, hmac, type, in, in_len, out);
+    } break;
+#endif /* !NO_HMAC */
+
     case WC_ALGO_TYPE_HASH: {
         switch (info->hash.type) {
 #ifndef NO_SHA256
 
@@ -604,6 +604,39 @@ int wh_MessageCrypto_TranslateCmacResponse(
     return 0;
 }
 
+#if !defined(NO_HMAC)
+int wh_MessageCrypto_TranslateHmacRequest(
+    uint16_t magic, const whMessageCrypto_HmacRequest* src,
+    whMessageCrypto_HmacRequest* dest)
+{
+    if ((src == NULL) || (dest == NULL)) {
+        return WH_ERROR_BADARGS;
+    }
+    WH_T32(magic, dest, src, hashType);
+    WH_T32(magic, dest, src, keySz);
+    WH_T32(magic, dest, src, inSz);
+    WH_T16(magic, dest, src, keyId);
+    WH_T16(magic, dest, src, stateId);
+    WH_T16(magic, dest, src, hmacOp);
+    WH_T16(magic, dest, src, flags);
+
+    return 0;
+}
+
+int wh_MessageCrypto_TranslateHmacResponse(
+    uint16_t magic, const whMessageCrypto_HmacResponse* src,
+    whMessageCrypto_HmacResponse* dest)
+{
+    if ((src == NULL) || (dest == NULL)) {
+        return WH_ERROR_BADARGS;
+    }
+    WH_T16(magic, dest, src, stateId);
+    WH_T16(magic, dest, src, flags);
+    WH_T16(magic, dest, src, outSz);
+    return 0;
+}
+#endif /* !NO_HMAC */
+
 /* ML-DSA Key Generation Request translation */
 int wh_MessageCrypto_TranslateMlDsaKeyGenRequest(
     uint16_t magic, const whMessageCrypto_MlDsaKeyGenRequest* src,