wolfSSL
diff --git a/‎.wolfssl_known_macro_extras‎
Lines changed: 51 additions & 2 deletions b/‎.wolfssl_known_macro_extras‎
Lines changed: 51 additions & 2 deletions
diff --git a/‎wolfcrypt/src/aes.c‎
Lines changed: 78 additions & 8 deletions b/‎wolfcrypt/src/aes.c‎
Lines changed: 78 additions & 8 deletions
diff --git a/‎wolfcrypt/src/ecc.c‎
Lines changed: 11 additions & 3 deletions b/‎wolfcrypt/src/ecc.c‎
Lines changed: 11 additions & 3 deletions
@@ -1,4 +1,10 @@
+AES
+AES1
+AES_CR_CCFC
 AES_GCM_GMULT_NCT
+AES_ICR_CCF
+AES_ISR_CCF
+AES_SR_CCF
 AFX_RESOURCE_DLL
 AFX_TARG_ENU
 ALLOW_BINARY_MISMATCH_INTROSPECTION
@@ -269,7 +275,11 @@ HARDWARE_CACHE_COHERENCY
 HASH_AlgoMode_HASH
 HASH_AlgoMode_HMAC
 HASH_BYTE_SWAP
+HASH_CR_ALGO_1
+HASH_CR_DATATYPE_0
+HASH_CR_DATATYPE_1
 HASH_CR_LKEY
+HASH_CR_MODE
 HASH_DIGEST
 HASH_DataType_8b
 HASH_IMR_DCIE
@@ -491,14 +501,35 @@ OTHER_BOARD
 O_CLOEXEC
 PEER_INFO
 PERF_FLAG_FD_CLOEXEC
+PKA_CLRFR_OPERRFC
+PKA_CR_OPERRIE
 PKA_ECC_SCALAR_MUL_IN_B_COEFF
+PKA_SR_OPERRF
 PLATFORMIO
 PLUTON_CRYPTO_ECC
 PRINT_SESSION_STATS
 PTHREAD_STACK_MIN
 QAT_ENABLE_HASH
 QAT_ENABLE_RNG
 QAT_USE_POLLING_CHECK
+RCC_AHB1ENR_PKAEN
+RCC_AHB2ENR1_AESEN
+RCC_AHB2ENR1_HASHEN
+RCC_AHB2ENR1_PKAEN
+RCC_AHB2ENR1_SAESEN
+RCC_AHB2ENR_AESEN
+RCC_AHB2ENR_HASHEN
+RCC_AHB2ENR_PKAEN
+RCC_AHB2ENR_SAESEN
+RCC_AHB3ENR_AESEN
+RCC_AHB3ENR_CRYPEN
+RCC_AHB3ENR_HASHEN
+RCC_AHB3ENR_PKAEN
+RCC_AHB3ENR_RNGEN
+RCC_AHB3ENR_SAESEN
+RCC_MP_AHB5ENSETR_CRYP1EN
+RCC_MP_AHB5ENSETR_HASH1EN
+RCC_MP_AHB5ENSETR_RNG1EN
 RC_NO_RNG
 REDIRECTION_IN3_KEYELMID
 REDIRECTION_IN3_KEYID
@@ -509,11 +540,18 @@ REDIRECTION_OUT2_KEYID
 RENESAS_T4_USE
 RHEL_MAJOR
 RHEL_RELEASE_CODE
+RNG_CAND_NIST_CR_VALUE
+RNG_CAND_NIST_HTCR_VALUE
+RNG_CAND_NIST_NSCR_VALUE
+RNG_CR_CONDRST
+RNG_SR_BUSY
 RTC_ALARMSUBSECONDMASK_ALL
 RTE_CMSIS_RTOS_RTX
 RTOS_MODULE_NET_AVAIL
 RTPLATFORM
 SAL_IOMMU_CODE
+SAES
+SAES_CR_EN
 SA_INTERRUPT
 SCEKEY_INSTALLED
 SHA256_MANY_REGISTERS
@@ -575,6 +613,7 @@ STM32WB55xx
 STM32WBA52xx
 STM32WL55xx
 STM32_AESGCM_PARTIAL
+STM32_AES_CLEAR_INST
 STM32_HW_CLOCK_AUTO
 STM32_NUTTX_RNG
 STSAFE_HOST_KEY_CIPHER
@@ -679,6 +718,12 @@ WC_SLHDSA_NO_ASM
 WC_SLHDSA_VERBOSE_DEBUG
 WC_SSIZE_TYPE
 WC_STRICT_SIG
+WC_STM32_HASH_INSTANCE_HRA
+WC_STM32_PKA_DIAG
+WC_STM32_RNG_CED_DISABLE
+WC_STM32_RNG_DIAG
+WC_STM32_RNG_NO_NIST_INIT
+WC_STM32_SAES_DIAG
 WC_USE_PIE_FENCEPOSTS_FOR_FIPS
 WC_WANT_FLAG_DONT_USE_VECTOR_OPS
 WIFIESPAT
@@ -918,9 +963,13 @@ WOLFSSL_SP_ARM32_UDIV
 WOLFSSL_SP_FAST_NCT_EXPTMOD
 WOLFSSL_SP_INT_SQR_VOLATILE
 WOLFSSL_STACK_CHECK
+WOLFSSL_STM32C5
+WOLFSSL_STM32F3
 WOLFSSL_STM32F427_RNG
-WOLFSSL_STM32U5_DHUK
-WOLFSSL_STM32_RNG_NOLIB
+WOLFSSL_STM32U0
+WOLFSSL_STM32_BARE
+WOLFSSL_STM32_DHUK_UNWRAP
+WOLFSSL_STM32_USE_SAES
 WOLFSSL_STRONGEST_HASH_SIG
 WOLFSSL_STSAFE_TAKES_SLOT
 WOLFSSL_TELIT_M2MB
 
@@ -233,6 +233,16 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
     static WARN_UNUSED_RESULT int wc_AesEncrypt(
         Aes* aes, const byte* inBlock, byte* outBlock)
     {
+    #ifdef WOLFSSL_STM32_BARE
+        /* Bare-metal driver handles mutex, clock and key/IV internally. */
+    #ifdef WOLFSSL_DHUK
+        if (aes->devId == WOLFSSL_DHUK_WRAPPED_DEVID) {
+            return wc_Stm32_Aes_DhukOp(aes, outBlock, inBlock,
+                                       WC_AES_BLOCK_SIZE, 1 /* encrypt */);
+        }
+    #endif
+        return wc_Stm32_Aes_Ecb(aes, outBlock, inBlock, WC_AES_BLOCK_SIZE, 1);
+    #else
         int ret = 0;
     #ifdef WOLFSSL_STM32_CUBEMX
         CRYP_HandleTypeDef hcryp;
@@ -247,13 +257,13 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
             return ret;
 #endif
 
-    #ifdef WOLFSSL_STM32U5_DHUK
+    #ifdef WOLFSSL_DHUK
         ret = wolfSSL_CryptHwMutexLock();
         if (ret != 0)
             return ret;
 
         /* Handle making use of wrapped key */
-        if (aes->devId == WOLFSSL_STM32U5_DHUK_WRAPPED_DEVID) {
+        if (aes->devId == WOLFSSL_DHUK_WRAPPED_DEVID) {
             CRYP_ConfigTypeDef Config = {0};
 
             ret = wc_Stm32_Aes_UnWrap(aes, &hcryp, (const byte*)aes->key,
@@ -373,6 +383,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
         wc_Stm32_Aes_Cleanup();
 
         return ret;
+    #endif /* !WOLFSSL_STM32_BARE */
     }
 #endif /* WOLFSSL_AES_DIRECT || HAVE_AESGCM || HAVE_AESCCM */
 
@@ -381,6 +392,15 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
     static WARN_UNUSED_RESULT int wc_AesDecrypt(
         Aes* aes, const byte* inBlock, byte* outBlock)
     {
+    #ifdef WOLFSSL_STM32_BARE
+    #ifdef WOLFSSL_DHUK
+        if (aes->devId == WOLFSSL_DHUK_WRAPPED_DEVID) {
+            return wc_Stm32_Aes_DhukOp(aes, outBlock, inBlock,
+                                       WC_AES_BLOCK_SIZE, 0 /* decrypt */);
+        }
+    #endif
+        return wc_Stm32_Aes_Ecb(aes, outBlock, inBlock, WC_AES_BLOCK_SIZE, 0);
+    #else
         int ret = 0;
     #ifdef WOLFSSL_STM32_CUBEMX
         CRYP_HandleTypeDef hcryp;
@@ -395,13 +415,13 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
             return ret;
 #endif
 
-    #ifdef WOLFSSL_STM32U5_DHUK
+    #ifdef WOLFSSL_DHUK
         ret = wolfSSL_CryptHwMutexLock();
         if (ret != 0)
             return ret;
 
         /* Handle making use of wrapped key */
-        if (aes->devId == WOLFSSL_STM32U5_DHUK_WRAPPED_DEVID) {
+        if (aes->devId == WOLFSSL_DHUK_WRAPPED_DEVID) {
             CRYP_ConfigTypeDef Config;
 
             XMEMSET(&Config, 0, sizeof(Config));
@@ -527,6 +547,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
         wc_Stm32_Aes_Cleanup();
 
         return ret;
+    #endif /* !WOLFSSL_STM32_BARE */
     }
     #endif /* WOLFSSL_AES_DIRECT */
 #endif /* HAVE_AES_DECRYPT */
@@ -5594,7 +5615,34 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
 #ifdef HAVE_AES_CBC
 #if defined(STM32_CRYPTO)
 
-#ifdef WOLFSSL_STM32U5_DHUK
+#ifdef WOLFSSL_STM32_BARE
+    int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+    {
+    #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+        if (sz % WC_AES_BLOCK_SIZE) {
+            return BAD_LENGTH_E;
+        }
+    #endif
+        if (sz == 0) {
+            return 0;
+        }
+        return wc_Stm32_Aes_Cbc(aes, out, in, sz, 1);
+    }
+    #ifdef HAVE_AES_DECRYPT
+    int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+    {
+    #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+        if (sz % WC_AES_BLOCK_SIZE) {
+            return BAD_LENGTH_E;
+        }
+    #endif
+        if (sz == 0) {
+            return 0;
+        }
+        return wc_Stm32_Aes_Cbc(aes, out, in, sz, 0);
+    }
+    #endif /* HAVE_AES_DECRYPT */
+#elif defined(WOLFSSL_DHUK)
     int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     {
         int ret = 0;
@@ -5614,7 +5662,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
             return ret;
         }
 
-        if (aes->devId == WOLFSSL_STM32U5_DHUK_WRAPPED_DEVID) {
+        if (aes->devId == WOLFSSL_DHUK_WRAPPED_DEVID) {
             CRYP_ConfigTypeDef Config;
 
             XMEMSET(&Config, 0, sizeof(Config));
@@ -5680,7 +5728,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
             return ret;
         }
 
-        if (aes->devId == WOLFSSL_STM32U5_DHUK_WRAPPED_DEVID) {
+        if (aes->devId == WOLFSSL_DHUK_WRAPPED_DEVID) {
             CRYP_ConfigTypeDef Config;
 
             XMEMSET(&Config, 0, sizeof(Config));
@@ -6977,6 +7025,11 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 
         int wc_AesCtrEncryptBlock(Aes* aes, byte* out, const byte* in)
         {
+        #ifdef WOLFSSL_STM32_BARE
+            /* CTR per-block transform: ECB-encrypt the counter (passed in
+             * 'in'); aes.c handles counter increment and XOR with plaintext. */
+            return wc_Stm32_Aes_Ecb(aes, out, in, WC_AES_BLOCK_SIZE, 1);
+        #else
             int ret = 0;
         #ifdef WOLFSSL_STM32_CUBEMX
             CRYP_HandleTypeDef hcryp;
@@ -7087,6 +7140,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
             wolfSSL_CryptHwMutexUnLock();
             wc_Stm32_Aes_Cleanup();
             return ret;
+        #endif /* !WOLFSSL_STM32_BARE */
         }
 
 
@@ -10166,6 +10220,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         authTag, authTagSz,
         authIn, authInSz);
 #endif
+
 #if defined(WOLFSSL_MICROCHIP_TA100) && defined(WOLFSSL_MICROCHIP_AESGCM)
 #ifndef TA_AES_GCM_MAX_DATA_SIZE
     #define TA_AES_GCM_MAX_DATA_SIZE 996u
@@ -10183,6 +10238,17 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
             authIn, authInSz);
     }
 #endif
+
+#if defined(WOLFSSL_STM32_BARE) && defined(STM32_CRYPTO)
+    ret = wc_Stm32_Aes_Gcm(aes, out, in, sz, iv, ivSz,
+                           authTag, authTagSz,
+                           authIn, authInSz, 1 /* enc */);
+    if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+        return ret;
+    /* fall through to SW GCM (still uses HW AES via wc_AesEncrypt) */
+#endif /* WOLFSSL_STM32_BARE && STM32_CRYPTO */
+
+
 #ifdef STM32_CRYPTO_AES_GCM
     return wc_AesGcmEncrypt_STM32(
         aes, out, in, sz, iv, ivSz,
@@ -10927,6 +10993,10 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     }
 #endif
 
+    /* BARE: GCM decrypt always uses SW path (with HW AES blocks via
+     * wc_AesEncrypt). Encrypt is HW-accelerated above; decrypt + tag
+     * verification stays in well-tested SW for now. */
+
 #ifdef STM32_CRYPTO_AES_GCM
     /* The STM standard peripheral library API's doesn't support partial blocks */
     return wc_AesGcmDecrypt_STM32(
@@ -13751,7 +13821,7 @@ int wc_AesInit(Aes* aes, void* heap, int devId)
 
     aes->heap = heap;
 
-#if defined(WOLF_CRYPTO_CB) || defined(WOLFSSL_STM32U5_DHUK)
+#if defined(WOLF_CRYPTO_CB) || defined(WOLFSSL_DHUK)
     aes->devId = devId;
     aes->devCtx = NULL;
 #else
 
@@ -287,8 +287,9 @@ ECC Curve Sizes:
     !defined(WOLFSSL_MICROCHIP_TA100) && \
     !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
     !defined(WOLFSSL_KCAPI_ECC) && !defined(WOLFSSL_SE050) && \
-    !defined(WOLFSSL_STM32_PKA) && !defined(WOLFSSL_PSOC6_CRYPTO) && \
-    !defined(WOLFSSL_XILINX_CRYPT_VERSAL)
+    !defined(WOLFSSL_XILINX_CRYPT_VERSAL) && \
+    !defined(WOLFSSL_STM32_PKA) && \
+    !defined(WOLFSSL_PSOC6_CRYPTO)
     #undef  HAVE_ECC_VERIFY_HELPER
     #define HAVE_ECC_VERIFY_HELPER
 #endif
@@ -7018,6 +7019,10 @@ static int deterministic_sign_helper(const byte* in, word32 inlen, ecc_key* key)
 #endif /* WOLFSSL_ECDSA_DETERMINISTIC_K ||
           WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT */
 
+/* WOLFSSL_STM32_PKA routes HW ECDSA sign/verify through the STM32 PKA
+ * (HAL_PKA_ECDSASign / Verify). Works under both the CubeMX-HAL path
+ * and the bare-metal direct-register path (WOLFSSL_STM32_BARE) -- the
+ * bare-metal driver implements the same HAL_PKA_ECDSA* surface. */
 #if defined(WOLFSSL_STM32_PKA)
 int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
                      ecc_key* key, mp_int *r, mp_int *s)
@@ -8836,7 +8841,8 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
 
 #ifndef WOLF_CRYPTO_CB_ONLY_ECC
 
-#if !defined(WOLFSSL_STM32_PKA) && !defined(WOLFSSL_PSOC6_CRYPTO) && \
+#if !defined(WOLFSSL_STM32_PKA) && \
+    !defined(WOLFSSL_PSOC6_CRYPTO) && \
     !defined(WOLF_CRYPTO_CB_ONLY_ECC)
 static int wc_ecc_check_r_s_range(ecc_key* key, mp_int* r, mp_int* s)
 {
@@ -9354,6 +9360,8 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
                     word32 hashlen, int* res, ecc_key* key)
 {
 #if defined(WOLFSSL_STM32_PKA)
+    /* HW ECDSA verify via STM32 PKA. Works under both the CubeMX-HAL
+     * and the bare-metal direct-register paths. */
     return stm32_ecc_verify_hash_ex(r, s, hash, hashlen, res, key);
 #elif defined(WOLFSSL_PSOC6_CRYPTO)
     return psoc6_ecc_verify_hash_ex(r, s, hash, hashlen, res, key);