diff --git a/embassy-stm32/src/hash/mod.rs b/embassy-stm32/src/hash/mod.rs index f0c2c839a..b47814f8b 100644 --- a/embassy-stm32/src/hash/mod.rs +++ b/embassy-stm32/src/hash/mod.rs @@ -100,8 +100,9 @@ pub enum DataType { /// Stores the state of the HASH peripheral for suspending/resuming /// digest calculation. -pub struct Context { +pub struct Context<'c> { first_word_sent: bool, + key_sent: bool, buffer: [u8; HASH_BUFFER_LEN], buflen: usize, algo: Algorithm, @@ -110,8 +111,11 @@ pub struct Context { str: u32, cr: u32, csr: [u32; NUM_CONTEXT_REGS], + key: HmacKey<'c>, } +type HmacKey<'k> = Option<&'k [u8]>; + /// HASH driver. pub struct Hash<'d, T: Instance, D = NoDma> { _peripheral: PeripheralRef<'d, T>, @@ -140,10 +144,11 @@ impl<'d, T: Instance, D> Hash<'d, T, D> { } /// Starts computation of a new hash and returns the saved peripheral state. - pub fn start(&mut self, algorithm: Algorithm, format: DataType) -> Context { + pub fn start<'c>(&mut self, algorithm: Algorithm, format: DataType, key: HmacKey<'c>) -> Context<'c> { // Define a context for this new computation. let mut ctx = Context { first_word_sent: false, + key_sent: false, buffer: [0; HASH_BUFFER_LEN], buflen: 0, algo: algorithm, @@ -152,6 +157,7 @@ impl<'d, T: Instance, D> Hash<'d, T, D> { str: 0, cr: 0, csr: [0; NUM_CONTEXT_REGS], + key, }; // Set the data type in the peripheral. @@ -181,6 +187,14 @@ impl<'d, T: Instance, D> Hash<'d, T, D> { #[cfg(any(hash_v3, hash_v4))] T::regs().cr().modify(|w| w.set_algo(ctx.algo as u8)); + // Configure HMAC mode if a key is provided. + if let Some(key) = ctx.key { + T::regs().cr().modify(|w| w.set_mode(true)); + if key.len() > 64 { + T::regs().cr().modify(|w| w.set_lkey(true)); + } + } + T::regs().cr().modify(|w| w.set_init(true)); // Store and return the state of the peripheral. @@ -191,18 +205,30 @@ impl<'d, T: Instance, D> Hash<'d, T, D> { /// Restores the peripheral state using the given context, /// then updates the state with the provided data. /// Peripheral state is saved upon return. - pub fn update_blocking(&mut self, ctx: &mut Context, input: &[u8]) { + pub fn update_blocking<'c>(&mut self, ctx: &mut Context<'c>, input: &[u8]) { + // Restore the peripheral state. + self.load_context(&ctx); + + // Load the HMAC key if provided. + if !ctx.key_sent { + if let Some(key) = ctx.key { + self.accumulate_blocking(key); + T::regs().str().write(|w| w.set_dcal(true)); + // Block waiting for digest. + while !T::regs().sr().read().dinis() {} + } + ctx.key_sent = true; + } + let mut data_waiting = input.len() + ctx.buflen; if data_waiting < DIGEST_BLOCK_SIZE || (data_waiting < ctx.buffer.len() && !ctx.first_word_sent) { // There isn't enough data to digest a block, so append it to the buffer. ctx.buffer[ctx.buflen..ctx.buflen + input.len()].copy_from_slice(input); ctx.buflen += input.len(); + self.store_context(ctx); return; } - // Restore the peripheral state. - self.load_context(&ctx); - let mut ilen_remaining = input.len(); let mut input_start = 0; @@ -261,21 +287,30 @@ impl<'d, T: Instance, D> Hash<'d, T, D> { /// then updates the state with the provided data. /// Peripheral state is saved upon return. #[cfg(hash_v2)] - pub async fn update(&mut self, ctx: &mut Context, input: &[u8]) + pub async fn update<'c>(&mut self, ctx: &mut Context<'c>, input: &[u8]) where D: crate::hash::Dma, { + // Restore the peripheral state. + self.load_context(&ctx); + + // Load the HMAC key if provided. + if !ctx.key_sent { + if let Some(key) = ctx.key { + self.accumulate(key).await; + } + ctx.key_sent = true; + } + let data_waiting = input.len() + ctx.buflen; if data_waiting < DIGEST_BLOCK_SIZE { // There isn't enough data to digest a block, so append it to the buffer. ctx.buffer[ctx.buflen..ctx.buflen + input.len()].copy_from_slice(input); ctx.buflen += input.len(); + self.store_context(ctx); return; } - // Restore the peripheral state. - self.load_context(&ctx); - // Enable multiple DMA transfers. T::regs().cr().modify(|w| w.set_mdmat(true)); @@ -319,7 +354,7 @@ impl<'d, T: Instance, D> Hash<'d, T, D> { /// The digest buffer must be large enough to accomodate a digest for the selected algorithm. /// The largest returned digest size is 128 bytes for SHA-512. /// Panics if the supplied digest buffer is too short. - pub fn finish_blocking(&mut self, mut ctx: Context, digest: &mut [u8]) -> usize { + pub fn finish_blocking<'c>(&mut self, mut ctx: Context<'c>, digest: &mut [u8]) -> usize { // Restore the peripheral state. self.load_context(&ctx); @@ -330,7 +365,14 @@ impl<'d, T: Instance, D> Hash<'d, T, D> { //Start the digest calculation. T::regs().str().write(|w| w.set_dcal(true)); - // Block waiting for digest. + // Load the HMAC key if provided. + if let Some(key) = ctx.key { + while !T::regs().sr().read().dinis() {} + self.accumulate_blocking(key); + T::regs().str().write(|w| w.set_dcal(true)); + } + + // Block until digest computation is complete. while !T::regs().sr().read().dcis() {} // Return the digest. @@ -370,7 +412,7 @@ impl<'d, T: Instance, D> Hash<'d, T, D> { /// The largest returned digest size is 128 bytes for SHA-512. /// Panics if the supplied digest buffer is too short. #[cfg(hash_v2)] - pub async fn finish(&mut self, mut ctx: Context, digest: &mut [u8]) -> usize + pub async fn finish<'c>(&mut self, mut ctx: Context<'c>, digest: &mut [u8]) -> usize where D: crate::hash::Dma, { @@ -384,6 +426,11 @@ impl<'d, T: Instance, D> Hash<'d, T, D> { self.accumulate(&ctx.buffer[0..ctx.buflen]).await; ctx.buflen = 0; + // Load the HMAC key if provided. + if let Some(key) = ctx.key { + self.accumulate(key).await; + } + // Wait for completion. poll_fn(|cx| { // Check if already done. @@ -484,7 +531,7 @@ impl<'d, T: Instance, D> Hash<'d, T, D> { } /// Save the peripheral state to a context. - fn store_context(&mut self, ctx: &mut Context) { + fn store_context<'c>(&mut self, ctx: &mut Context<'c>) { // Block waiting for data in ready. while !T::regs().sr().read().dinis() {} diff --git a/examples/stm32f7/Cargo.toml b/examples/stm32f7/Cargo.toml index a612c2554..736e81723 100644 --- a/examples/stm32f7/Cargo.toml +++ b/examples/stm32f7/Cargo.toml @@ -29,6 +29,7 @@ critical-section = "1.1" embedded-storage = "0.3.1" static_cell = "2" sha2 = { version = "0.10.8", default-features = false } +hmac = "0.12.1" [profile.release] debug = 2 diff --git a/examples/stm32f7/src/bin/hash.rs b/examples/stm32f7/src/bin/hash.rs index 96e50f84b..c2d1a7158 100644 --- a/examples/stm32f7/src/bin/hash.rs +++ b/examples/stm32f7/src/bin/hash.rs @@ -6,9 +6,12 @@ use embassy_executor::Spawner; use embassy_stm32::hash::*; use embassy_stm32::{bind_interrupts, hash, peripherals, Config}; use embassy_time::Instant; +use hmac::{Hmac, Mac}; use sha2::{Digest, Sha256}; use {defmt_rtt as _, panic_probe as _}; +type HmacSha256 = Hmac; + bind_interrupts!(struct Irqs { HASH_RNG => hash::InterruptHandler; }); @@ -26,7 +29,7 @@ async fn main(_spawner: Spawner) -> ! { let hw_start_time = Instant::now(); // Compute a digest in hardware. - let mut context = hw_hasher.start(Algorithm::SHA256, DataType::Width8); + let mut context = hw_hasher.start(Algorithm::SHA256, DataType::Width8, None); hw_hasher.update(&mut context, test_1).await; hw_hasher.update(&mut context, test_2).await; let mut hw_digest: [u8; 32] = [0; 32]; @@ -52,5 +55,24 @@ async fn main(_spawner: Spawner) -> ! { info!("Software Execution Time: {:?}", sw_execution_time); assert_eq!(hw_digest, sw_digest[..]); + let hmac_key: [u8; 64] = [0x55; 64]; + + // Compute HMAC in hardware. + let mut sha256hmac_context = hw_hasher.start(Algorithm::SHA256, DataType::Width8, Some(&hmac_key)); + hw_hasher.update(&mut sha256hmac_context, test_1).await; + hw_hasher.update(&mut sha256hmac_context, test_2).await; + let mut hw_hmac: [u8; 32] = [0; 32]; + hw_hasher.finish(sha256hmac_context, &mut hw_hmac).await; + + // Compute HMAC in software. + let mut sw_mac = HmacSha256::new_from_slice(&hmac_key).unwrap(); + sw_mac.update(test_1); + sw_mac.update(test_2); + let sw_hmac = sw_mac.finalize().into_bytes(); + + info!("Hardware HMAC: {:?}", hw_hmac); + info!("Software HMAC: {:?}", sw_hmac[..]); + assert_eq!(hw_hmac, sw_hmac[..]); + loop {} } diff --git a/tests/stm32/Cargo.toml b/tests/stm32/Cargo.toml index fc4420687..d94045737 100644 --- a/tests/stm32/Cargo.toml +++ b/tests/stm32/Cargo.toml @@ -76,6 +76,7 @@ portable-atomic = { version = "1.5", features = [] } chrono = { version = "^0.4", default-features = false, optional = true} sha2 = { version = "0.10.8", default-features = false } +hmac = "0.12.1" # BEGIN TESTS # Generated by gen_test.py. DO NOT EDIT. diff --git a/tests/stm32/src/bin/hash.rs b/tests/stm32/src/bin/hash.rs index cfcf3d976..d1cfac5ce 100644 --- a/tests/stm32/src/bin/hash.rs +++ b/tests/stm32/src/bin/hash.rs @@ -9,9 +9,12 @@ use embassy_executor::Spawner; use embassy_stm32::dma::NoDma; use embassy_stm32::hash::*; use embassy_stm32::{bind_interrupts, hash, peripherals}; +use hmac::{Hmac, Mac}; use sha2::{Digest, Sha224, Sha256}; use {defmt_rtt as _, panic_probe as _}; +type HmacSha256 = Hmac; + #[cfg(any(feature = "stm32l4a6zg", feature = "stm32h755zi", feature = "stm32h753zi"))] bind_interrupts!(struct Irqs { HASH_RNG => hash::InterruptHandler; @@ -38,11 +41,11 @@ async fn main(_spawner: Spawner) { let test_3: &[u8] = b"a.ewtkluGWEBR.KAJRBTA,RMNRBG,FDMGB.kger.tkasjrbt.akrjtba.krjtba.ktmyna,nmbvtyliasd;gdrtba,sfvs.kgjzshd.gkbsr.tksejb.SDkfBSE.gkfgb>ESkfbSE>gkJSBESE>kbSE>fk"; // Start an SHA-256 digest. - let mut sha256context = hw_hasher.start(Algorithm::SHA256, DataType::Width8); + let mut sha256context = hw_hasher.start(Algorithm::SHA256, DataType::Width8, None); hw_hasher.update_blocking(&mut sha256context, test_1); // Interrupt the SHA-256 digest to compute an SHA-224 digest. - let mut sha224context = hw_hasher.start(Algorithm::SHA224, DataType::Width8); + let mut sha224context = hw_hasher.start(Algorithm::SHA224, DataType::Width8, None); hw_hasher.update_blocking(&mut sha224context, test_3); let mut sha224_digest_buffer: [u8; 28] = [0; 28]; let _ = hw_hasher.finish_blocking(sha224context, &mut sha224_digest_buffer); @@ -73,6 +76,25 @@ async fn main(_spawner: Spawner) { info!("Software SHA-256 Digest: {:?}", sw_sha224_digest[..]); defmt::assert!(sha224_digest_buffer == sw_sha224_digest[..]); + let hmac_key: [u8; 64] = [0x55; 64]; + + // Compute HMAC in hardware. + let mut sha256hmac_context = hw_hasher.start(Algorithm::SHA256, DataType::Width8, Some(&hmac_key)); + hw_hasher.update_blocking(&mut sha256hmac_context, test_1); + hw_hasher.update_blocking(&mut sha256hmac_context, test_2); + let mut hw_hmac: [u8; 32] = [0; 32]; + hw_hasher.finish_blocking(sha256hmac_context, &mut hw_hmac); + + // Compute HMAC in software. + let mut sw_mac = HmacSha256::new_from_slice(&hmac_key).unwrap(); + sw_mac.update(test_1); + sw_mac.update(test_2); + let sw_hmac = sw_mac.finalize().into_bytes(); + + info!("Hardware HMAC: {:?}", hw_hmac); + info!("Software HMAC: {:?}", sw_hmac[..]); + defmt::assert!(hw_hmac == sw_hmac[..]); + info!("Test OK"); cortex_m::asm::bkpt(); }