Adds new STM32 Bare support for Hash, SAES/AES and PKA

Author: dgarske

.wolfssl_known_macro_extras

@@ -1,4 +1,10 @@
+AES
+AES1
+AES_CR_CCFC
 AES_GCM_GMULT_NCT
+AES_ICR_CCF
+AES_ISR_CCF
+AES_SR_CCF
 AFX_RESOURCE_DLL
 AFX_TARG_ENU
 ALLOW_BINARY_MISMATCH_INTROSPECTION
@@ -269,7 +275,11 @@ HARDWARE_CACHE_COHERENCY
 HASH_AlgoMode_HASH
 HASH_AlgoMode_HMAC
 HASH_BYTE_SWAP
+HASH_CR_ALGO_1
+HASH_CR_DATATYPE_0
+HASH_CR_DATATYPE_1
 HASH_CR_LKEY
+HASH_CR_MODE
 HASH_DIGEST
 HASH_DataType_8b
 HASH_IMR_DCIE
@@ -491,14 +501,36 @@ OTHER_BOARD
 O_CLOEXEC
 PEER_INFO
 PERF_FLAG_FD_CLOEXEC
+PKA_CLRFR_OPERRFC
+PKA_CR_OPERRIE
 PKA_ECC_SCALAR_MUL_IN_B_COEFF
+PKA_SR_INITOK
+PKA_SR_OPERRF
 PLATFORMIO
 PLUTON_CRYPTO_ECC
 PRINT_SESSION_STATS
 PTHREAD_STACK_MIN
 QAT_ENABLE_HASH
 QAT_ENABLE_RNG
 QAT_USE_POLLING_CHECK
+RCC_AHB1ENR_PKAEN
+RCC_AHB2ENR1_AESEN
+RCC_AHB2ENR1_HASHEN
+RCC_AHB2ENR1_PKAEN
+RCC_AHB2ENR1_SAESEN
+RCC_AHB2ENR_AESEN
+RCC_AHB2ENR_HASHEN
+RCC_AHB2ENR_PKAEN
+RCC_AHB2ENR_SAESEN
+RCC_AHB3ENR_AESEN
+RCC_AHB3ENR_CRYPEN
+RCC_AHB3ENR_HASHEN
+RCC_AHB3ENR_PKAEN
+RCC_AHB3ENR_RNGEN
+RCC_AHB3ENR_SAESEN
+RCC_MP_AHB5ENSETR_CRYP1EN
+RCC_MP_AHB5ENSETR_HASH1EN
+RCC_MP_AHB5ENSETR_RNG1EN
 RC_NO_RNG
 REDIRECTION_IN3_KEYELMID
 REDIRECTION_IN3_KEYID
@@ -509,11 +541,18 @@ REDIRECTION_OUT2_KEYID
 RENESAS_T4_USE
 RHEL_MAJOR
 RHEL_RELEASE_CODE
+RNG_CAND_NIST_CR_VALUE
+RNG_CAND_NIST_HTCR_VALUE
+RNG_CAND_NIST_NSCR_VALUE
+RNG_CR_CONDRST
+RNG_SR_BUSY
 RTC_ALARMSUBSECONDMASK_ALL
 RTE_CMSIS_RTOS_RTX
 RTOS_MODULE_NET_AVAIL
 RTPLATFORM
 SAL_IOMMU_CODE
+SAES
+SAES_CR_EN
 SA_INTERRUPT
 SCEKEY_INSTALLED
 SHA256_MANY_REGISTERS
@@ -575,6 +614,7 @@ STM32WB55xx
 STM32WBA52xx
 STM32WL55xx
 STM32_AESGCM_PARTIAL
+STM32_AES_CLEAR_INST
 STM32_HW_CLOCK_AUTO
 STM32_NUTTX_RNG
 STSAFE_HOST_KEY_CIPHER
@@ -679,6 +719,11 @@ WC_SLHDSA_NO_ASM
 WC_SLHDSA_VERBOSE_DEBUG
 WC_SSIZE_TYPE
 WC_STRICT_SIG
+WC_STM32_PKA_DIAG
+WC_STM32_RNG_CED_DISABLE
+WC_STM32_RNG_DIAG
+WC_STM32_RNG_NO_NIST_INIT
+WC_STM32_SAES_DIAG
 WC_USE_PIE_FENCEPOSTS_FOR_FIPS
 WC_WANT_FLAG_DONT_USE_VECTOR_OPS
 WIFIESPAT
@@ -918,9 +963,14 @@ WOLFSSL_SP_ARM32_UDIV
 WOLFSSL_SP_FAST_NCT_EXPTMOD
 WOLFSSL_SP_INT_SQR_VOLATILE
 WOLFSSL_STACK_CHECK
+WOLFSSL_STM32C5
+WOLFSSL_STM32F3
 WOLFSSL_STM32F427_RNG
-WOLFSSL_STM32U5_DHUK
-WOLFSSL_STM32_RNG_NOLIB
+WOLFSSL_STM32U0
+WOLFSSL_STM32_AES_TYPEDEF_ALIAS
+WOLFSSL_STM32_BARE
+WOLFSSL_STM32_DHUK_UNWRAP
+WOLFSSL_STM32_USE_SAES
 WOLFSSL_STRONGEST_HASH_SIG
 WOLFSSL_STSAFE_TAKES_SLOT
 WOLFSSL_TELIT_M2MB

wolfcrypt/src/aes.c

@@ -233,6 +233,16 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
     static WARN_UNUSED_RESULT int wc_AesEncrypt(
         Aes* aes, const byte* inBlock, byte* outBlock)
     {
+    #ifdef WOLFSSL_STM32_BARE
+        /* Bare-metal driver handles mutex, clock and key/IV internally. */
+    #ifdef WOLFSSL_DHUK
+        if (aes->devId == WOLFSSL_DHUK_WRAPPED_DEVID) {
+            return wc_Stm32_Aes_DhukOp(aes, outBlock, inBlock,
+                                       WC_AES_BLOCK_SIZE, 1 /* encrypt */);
+        }
+    #endif
+        return wc_Stm32_Aes_Ecb(aes, outBlock, inBlock, WC_AES_BLOCK_SIZE, 1);
+    #else
         int ret = 0;
     #ifdef WOLFSSL_STM32_CUBEMX
         CRYP_HandleTypeDef hcryp;
@@ -247,13 +257,13 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
             return ret;
 #endif
 
-    #ifdef WOLFSSL_STM32U5_DHUK
+    #ifdef WOLFSSL_DHUK
         ret = wolfSSL_CryptHwMutexLock();
         if (ret != 0)
             return ret;
 
         /* Handle making use of wrapped key */
-        if (aes->devId == WOLFSSL_STM32U5_DHUK_WRAPPED_DEVID) {
+        if (aes->devId == WOLFSSL_DHUK_WRAPPED_DEVID) {
             CRYP_ConfigTypeDef Config = {0};
 
             ret = wc_Stm32_Aes_UnWrap(aes, &hcryp, (const byte*)aes->key,
@@ -373,6 +383,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
         wc_Stm32_Aes_Cleanup();
 
         return ret;
+    #endif /* !WOLFSSL_STM32_BARE */
     }
 #endif /* WOLFSSL_AES_DIRECT || HAVE_AESGCM || HAVE_AESCCM */
 
@@ -381,6 +392,15 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
     static WARN_UNUSED_RESULT int wc_AesDecrypt(
         Aes* aes, const byte* inBlock, byte* outBlock)
     {
+    #ifdef WOLFSSL_STM32_BARE
+    #ifdef WOLFSSL_DHUK
+        if (aes->devId == WOLFSSL_DHUK_WRAPPED_DEVID) {
+            return wc_Stm32_Aes_DhukOp(aes, outBlock, inBlock,
+                                       WC_AES_BLOCK_SIZE, 0 /* decrypt */);
+        }
+    #endif
+        return wc_Stm32_Aes_Ecb(aes, outBlock, inBlock, WC_AES_BLOCK_SIZE, 0);
+    #else
         int ret = 0;
     #ifdef WOLFSSL_STM32_CUBEMX
         CRYP_HandleTypeDef hcryp;
@@ -395,13 +415,13 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
             return ret;
 #endif
 
-    #ifdef WOLFSSL_STM32U5_DHUK
+    #ifdef WOLFSSL_DHUK
         ret = wolfSSL_CryptHwMutexLock();
         if (ret != 0)
             return ret;
 
         /* Handle making use of wrapped key */
-        if (aes->devId == WOLFSSL_STM32U5_DHUK_WRAPPED_DEVID) {
+        if (aes->devId == WOLFSSL_DHUK_WRAPPED_DEVID) {
             CRYP_ConfigTypeDef Config;
 
             XMEMSET(&Config, 0, sizeof(Config));
@@ -527,6 +547,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
         wc_Stm32_Aes_Cleanup();
 
         return ret;
+    #endif /* !WOLFSSL_STM32_BARE */
     }
     #endif /* WOLFSSL_AES_DIRECT */
 #endif /* HAVE_AES_DECRYPT */
@@ -5663,7 +5684,34 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
 #ifdef HAVE_AES_CBC
 #if defined(STM32_CRYPTO)
 
-#ifdef WOLFSSL_STM32U5_DHUK
+#ifdef WOLFSSL_STM32_BARE
+    int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+    {
+    #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+        if (sz % WC_AES_BLOCK_SIZE) {
+            return BAD_LENGTH_E;
+        }
+    #endif
+        if (sz == 0) {
+            return 0;
+        }
+        return wc_Stm32_Aes_Cbc(aes, out, in, sz, 1);
+    }
+    #ifdef HAVE_AES_DECRYPT
+    int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+    {
+    #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+        if (sz % WC_AES_BLOCK_SIZE) {
+            return BAD_LENGTH_E;
+        }
+    #endif
+        if (sz == 0) {
+            return 0;
+        }
+        return wc_Stm32_Aes_Cbc(aes, out, in, sz, 0);
+    }
+    #endif /* HAVE_AES_DECRYPT */
+#elif defined(WOLFSSL_DHUK)
     int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     {
         int ret = 0;
@@ -5683,7 +5731,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
             return ret;
         }
 
-        if (aes->devId == WOLFSSL_STM32U5_DHUK_WRAPPED_DEVID) {
+        if (aes->devId == WOLFSSL_DHUK_WRAPPED_DEVID) {
             CRYP_ConfigTypeDef Config;
 
             XMEMSET(&Config, 0, sizeof(Config));
@@ -5749,7 +5797,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
             return ret;
         }
 
-        if (aes->devId == WOLFSSL_STM32U5_DHUK_WRAPPED_DEVID) {
+        if (aes->devId == WOLFSSL_DHUK_WRAPPED_DEVID) {
             CRYP_ConfigTypeDef Config;
 
             XMEMSET(&Config, 0, sizeof(Config));
@@ -7046,6 +7094,11 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 
         int wc_AesCtrEncryptBlock(Aes* aes, byte* out, const byte* in)
         {
+        #ifdef WOLFSSL_STM32_BARE
+            /* CTR per-block transform: ECB-encrypt the counter (passed in
+             * 'in'); aes.c handles counter increment and XOR with plaintext. */
+            return wc_Stm32_Aes_Ecb(aes, out, in, WC_AES_BLOCK_SIZE, 1);
+        #else
             int ret = 0;
         #ifdef WOLFSSL_STM32_CUBEMX
             CRYP_HandleTypeDef hcryp;
@@ -7156,6 +7209,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
             wolfSSL_CryptHwMutexUnLock();
             wc_Stm32_Aes_Cleanup();
             return ret;
+        #endif /* !WOLFSSL_STM32_BARE */
         }
 
 
@@ -10246,6 +10300,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         authTag, authTagSz,
         authIn, authInSz);
 #endif
+
 #if defined(WOLFSSL_MICROCHIP_TA100) && defined(WOLFSSL_MICROCHIP_AESGCM)
 #ifndef TA_AES_GCM_MAX_DATA_SIZE
     #define TA_AES_GCM_MAX_DATA_SIZE 996u
@@ -10263,6 +10318,17 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
             authIn, authInSz);
     }
 #endif
+
+#if defined(WOLFSSL_STM32_BARE) && defined(STM32_CRYPTO)
+    ret = wc_Stm32_Aes_Gcm(aes, out, in, sz, iv, ivSz,
+                           authTag, authTagSz,
+                           authIn, authInSz, 1 /* enc */);
+    if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+        return ret;
+    /* fall through to SW GCM (still uses HW AES via wc_AesEncrypt) */
+#endif /* WOLFSSL_STM32_BARE && STM32_CRYPTO */
+
+
 #ifdef STM32_CRYPTO_AES_GCM
     return wc_AesGcmEncrypt_STM32(
         aes, out, in, sz, iv, ivSz,
@@ -11007,6 +11073,10 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     }
 #endif
 
+    /* BARE: GCM decrypt always uses SW path (with HW AES blocks via
+     * wc_AesEncrypt). Encrypt is HW-accelerated above; decrypt + tag
+     * verification stays in well-tested SW for now. */
+
 #ifdef STM32_CRYPTO_AES_GCM
     /* The STM standard peripheral library API's doesn't support partial blocks */
     return wc_AesGcmDecrypt_STM32(
@@ -13831,7 +13901,7 @@ int wc_AesInit(Aes* aes, void* heap, int devId)
 
     aes->heap = heap;
 
-#if defined(WOLF_CRYPTO_CB) || defined(WOLFSSL_STM32U5_DHUK)
+#if defined(WOLF_CRYPTO_CB) || defined(WOLFSSL_DHUK)
     aes->devId = devId;
     aes->devCtx = NULL;
 #else