STM32 bare-metal crypto port (HASH / AES / PKA / RNG, DHUK, CCB)

.wolfssl_known_macro_extras

@@ -1,4 +1,10 @@
+AES
+AES1
+AES_CR_CCFC
 AES_GCM_GMULT_NCT
+AES_ICR_CCF
+AES_ISR_CCF
+AES_SR_CCF
 AFX_RESOURCE_DLL
 AFX_TARG_ENU
 ALLOW_BINARY_MISMATCH_INTROSPECTION
@@ -271,7 +277,11 @@ HARDWARE_CACHE_COHERENCY
 HASH_AlgoMode_HASH
 HASH_AlgoMode_HMAC
 HASH_BYTE_SWAP
+HASH_CR_ALGO_1
+HASH_CR_DATATYPE_0
+HASH_CR_DATATYPE_1
 HASH_CR_LKEY
+HASH_CR_MODE
 HASH_DIGEST
 HASH_DataType_8b
 HASH_IMR_DCIE
@@ -496,14 +506,40 @@ OTHER_BOARD
 O_CLOEXEC
 PEER_INFO
 PERF_FLAG_FD_CLOEXEC
+PKA_CLRFR_OPERRFC
+PKA_CR_OPERRIE
 PKA_ECC_SCALAR_MUL_IN_B_COEFF
+PKA_SR_INITOK
+PKA_SR_OPERRF
 PLATFORMIO
 PLUTON_CRYPTO_ECC
 PRINT_SESSION_STATS
 PTHREAD_STACK_MIN
 QAT_ENABLE_HASH
 QAT_ENABLE_RNG
 QAT_USE_POLLING_CHECK
+RCC_AHB1ENR_PKAEN
+RCC_AHB2ENR1_AESEN
+RCC_AHB2ENR1_CCBEN
+RCC_AHB2ENR1_HASHEN
+RCC_AHB2ENR1_PKAEN
+RCC_AHB2ENR1_SAESEN
+RCC_AHB2ENR_AESEN
+RCC_AHB2ENR_HASHEN
+RCC_AHB2ENR_PKAEN
+RCC_AHB2ENR_SAESEN
+RCC_AHB2RSTR1_CCBRST
+RCC_AHB2RSTR_PKARST
+RCC_AHB3ENR_AESEN
+RCC_AHB3ENR_CRYPEN
+RCC_AHB3ENR_HASHEN
+RCC_AHB3ENR_PKAEN
+RCC_AHB3ENR_RNGEN
+RCC_AHB3ENR_SAESEN
+RCC_CR_SHSION
+RCC_MP_AHB5ENSETR_CRYP1EN
+RCC_MP_AHB5ENSETR_HASH1EN
+RCC_MP_AHB5ENSETR_RNG1EN
 RC_NO_RNG
 REDIRECTION_IN3_KEYELMID
 REDIRECTION_IN3_KEYID
@@ -514,10 +550,18 @@ REDIRECTION_OUT2_KEYID
 RENESAS_T4_USE
 RHEL_MAJOR
 RHEL_RELEASE_CODE
+RNG_CAND_NIST_CR_VALUE
+RNG_CAND_NIST_HTCR_VALUE
+RNG_CAND_NIST_NSCR_VALUE
+RNG_CR_CONDRST
+RNG_SR_BUSY
 RTC_ALARMSUBSECONDMASK_ALL
 RTE_CMSIS_RTOS_RTX
 RTOS_MODULE_NET_AVAIL
 RTPLATFORM
+SAES
+SAES_CR_EN
+SAES_S
 SAL_IOMMU_CODE
 SA_INTERRUPT
 SCEKEY_INSTALLED
@@ -561,6 +605,7 @@ STM32F777xx
 STM32G071xx
 STM32G491xx
 STM32H563xx
+STM32H573xx
 STM32H723xx
 STM32H725xx
 STM32H743xx
@@ -580,6 +625,7 @@ STM32WB55xx
 STM32WBA52xx
 STM32WL55xx
 STM32_AESGCM_PARTIAL
+STM32_AES_CLEAR_INST
 STM32_HW_CLOCK_AUTO
 STM32_NUTTX_RNG
 STSAFE_HOST_KEY_CIPHER
@@ -687,6 +733,11 @@ WC_SLHDSA_KERNEL_ASM
 WC_SLHDSA_NO_ASM
 WC_SLHDSA_VERBOSE_DEBUG
 WC_SSIZE_TYPE
+WC_STM32_PKA_DIAG
+WC_STM32_RNG_CED_DISABLE
+WC_STM32_RNG_DIAG
+WC_STM32_RNG_NO_NIST_INIT
+WC_STM32_SAES_DIAG
 WC_STRICT_SIG
 WC_USE_PIE_FENCEPOSTS_FOR_FIPS
 WC_WANT_FLAG_DONT_USE_VECTOR_OPS
@@ -932,9 +983,13 @@ WOLFSSL_SP_ARM32_UDIV
 WOLFSSL_SP_FAST_NCT_EXPTMOD
 WOLFSSL_SP_INT_SQR_VOLATILE
 WOLFSSL_STACK_CHECK
+WOLFSSL_STM32C5
+WOLFSSL_STM32F3
 WOLFSSL_STM32F427_RNG
-WOLFSSL_STM32U5_DHUK
-WOLFSSL_STM32_RNG_NOLIB
+WOLFSSL_STM32U0
+WOLFSSL_STM32_CCB
+WOLFSSL_STM32_DHUK_UNWRAP
+WOLFSSL_STM32_USE_SAES
 WOLFSSL_STRONGEST_HASH_SIG
 WOLFSSL_STSAFE_TAKES_SLOT
 WOLFSSL_TELIT_M2MB

doc/dox_comments/header_files/doxygen_groups.h

@@ -308,4 +308,5 @@
     \defgroup Setup wolfSSL Context and Session Set Up
     \defgroup IO wolfSSL Connection, Session, and I/O
     \defgroup Debug wolfSSL Error Handling and Reporting
+    \defgroup STM32 STM32 Hardware Crypto Port
 */

doc/dox_comments/header_files/ecc.h

@@ -1283,6 +1283,105 @@ int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key);
 int wc_ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub,
                            word32 pubSz, ecc_key* key);
 
+/*!
+    \ingroup ECC
+
+    \brief This function imports an STM32 DHUK-protected private key onto an
+    ecc_key for transparent hardware signing. The private scalar is supplied as
+    a chip-bound wrapped blob together with the 256-bit derivation seed; the
+    plaintext scalar is never imported. The key must be bound to the STM32 DHUK
+    crypto-callback device (init with wc_ecc_init_ex(&key, heap, WC_DHUK_DEVID)
+    after registering the device with wc_Stm32_DhukRegister). Available only on
+    STM32 builds with WOLFSSL_DHUK and a DHUK-capable SAES (WC_STM32_HAS_DHUK).
+
+    \return 0 Returned on success.
+    \return BAD_FUNC_ARG Returned if key, seed, or wrapped is NULL; if seedSz is
+    not 32; if wrappedLen is zero or not a multiple of the AES block size; if
+    wrappedLen exceeds the on-key blob buffer; if plainLen is zero or larger
+    than wrappedLen; or if wrappedLen is larger than plainLen padded to a full
+    AES block.
+
+    \param key pointer to the ecc_key (bound to WC_DHUK_DEVID) to import into.
+    \param seed pointer to the 256-bit (32-byte) per-key DHUK derivation seed.
+    \param seedSz length of seed in bytes; must be 32.
+    \param wrapped pointer to the DHUK-wrapped private scalar blob.
+    \param wrappedLen length of the wrapped blob; a non-zero multiple of the AES
+    block size, no larger than the on-key buffer.
+    \param plainLen length in bytes of the plaintext scalar inside the blob.
+
+    _Example_
+    \code
+    ecc_key key;
+    wc_Stm32_DhukRegister(WC_DHUK_DEVID);
+    wc_ecc_init_ex(&key, NULL, WC_DHUK_DEVID);
+    if (wc_ecc_import_wrapped_private(&key, seed, 32, wrapped, wrappedLen,
+            plainLen) == 0) {
+        wc_ecc_sign_hash(hash, hashLen, sig, &sigLen, &rng, &key);
+    }
+    wc_ecc_free(&key);
+    \endcode
+
+    \sa wc_ecc_import_wrapped_private_ex
+    \sa wc_ecc_sign_hash
+    \sa wc_ecc_init_ex
+*/
+int wc_ecc_import_wrapped_private(ecc_key* key, const byte* seed, word32 seedSz,
+                                  const byte* wrapped, word32 wrappedLen,
+                                  word32 plainLen);
+
+/*!
+    \ingroup ECC
+
+    \brief This function restores a previously provisioned STM32 CCB-protected
+    ECDSA key onto an ecc_key. The device-bound key is supplied as the wrapped
+    scalar blob plus its AES-GCM iv/tag and the in-clear public key; signing is
+    performed transparently with the scalar unwrapped SAES->PKA in hardware. The
+    key must be bound to the STM32 DHUK/CCB crypto-callback device (init with
+    wc_ecc_init_ex(&key, heap, WC_DHUK_DEVID)). Available only on STM32 builds
+    with WOLFSSL_DHUK and WOLFSSL_STM32_CCB.
+
+    \return 0 Returned on success.
+    \return BAD_FUNC_ARG Returned if key, wrapped, iv, tag, or pub is NULL; if
+    ivLen or tagLen is not 16; if curve_id is not a supported curve; if
+    wrappedLen is zero or exceeds the on-key blob buffer; or if pubLen is not
+    twice the curve modulus size.
+    \return <0 A negative error code may be returned if importing the public key
+    fails.
+
+    \param key pointer to the ecc_key (bound to WC_DHUK_DEVID) to import into.
+    \param curve_id the ECC curve id of the wrapped key (e.g. ECC_SECP256R1).
+    \param wrapped pointer to the CCB wrapped private scalar blob.
+    \param wrappedLen length of the wrapped blob, no larger than the on-key
+    buffer.
+    \param iv pointer to the 16-byte AES-GCM iv of the blob.
+    \param ivLen length of iv in bytes; must be 16.
+    \param tag pointer to the 16-byte AES-GCM authentication tag of the blob.
+    \param tagLen length of tag in bytes; must be 16.
+    \param pub pointer to the public key in uncompressed qx||qy form.
+    \param pubLen length of pub in bytes; must be twice the curve modulus size.
+
+    _Example_
+    \code
+    ecc_key key;
+    wc_Stm32_DhukRegister(WC_DHUK_DEVID);
+    wc_ecc_init_ex(&key, NULL, WC_DHUK_DEVID);
+    if (wc_ecc_import_wrapped_private_ex(&key, ECC_SECP256R1, wrapped,
+            wrappedLen, iv, 16, tag, 16, pub, pubLen) == 0) {
+        wc_ecc_sign_hash(hash, hashLen, sig, &sigLen, &rng, &key);
+    }
+    wc_ecc_free(&key);
+    \endcode
+
+    \sa wc_ecc_import_wrapped_private
+    \sa wc_ecc_make_key_ex
+    \sa wc_ecc_sign_hash
+*/
+int wc_ecc_import_wrapped_private_ex(ecc_key* key, int curve_id,
+                           const byte* wrapped, word32 wrappedLen,
+                           const byte* iv, word32 ivLen,
+                           const byte* tag, word32 tagLen,
+                           const byte* pub, word32 pubLen);
+
 /*!
     \ingroup ECC