Merge pull request embassy-rs#2565 from caleb-garrett/hmac

STM32 HMAC

Author: Dirbaio

embassy-stm32/src/hash/mod.rs

@@ -100,8 +100,9 @@ pub enum DataType {
 
 /// Stores the state of the HASH peripheral for suspending/resuming
 /// digest calculation.
-pub struct Context {
+pub struct Context<'c> {
     first_word_sent: bool,
+    key_sent: bool,
     buffer: [u8; HASH_BUFFER_LEN],
     buflen: usize,
     algo: Algorithm,
@@ -110,8 +111,11 @@ pub struct Context {
     str: u32,
     cr: u32,
     csr: [u32; NUM_CONTEXT_REGS],
+    key: HmacKey<'c>,
 }
 
+type HmacKey<'k> = Option<&'k [u8]>;
+
 /// HASH driver.
 pub struct Hash<'d, T: Instance, D = NoDma> {
     _peripheral: PeripheralRef<'d, T>,
@@ -140,10 +144,11 @@ impl<'d, T: Instance, D> Hash<'d, T, D> {
     }
 
     /// Starts computation of a new hash and returns the saved peripheral state.
-    pub fn start(&mut self, algorithm: Algorithm, format: DataType) -> Context {
+    pub fn start<'c>(&mut self, algorithm: Algorithm, format: DataType, key: HmacKey<'c>) -> Context<'c> {
         // Define a context for this new computation.
         let mut ctx = Context {
             first_word_sent: false,
+            key_sent: false,
             buffer: [0; HASH_BUFFER_LEN],
             buflen: 0,
             algo: algorithm,
@@ -152,6 +157,7 @@ impl<'d, T: Instance, D> Hash<'d, T, D> {
             str: 0,
             cr: 0,
             csr: [0; NUM_CONTEXT_REGS],
+            key,
         };
 
         // Set the data type in the peripheral.
@@ -181,6 +187,14 @@ impl<'d, T: Instance, D> Hash<'d, T, D> {
         #[cfg(any(hash_v3, hash_v4))]
         T::regs().cr().modify(|w| w.set_algo(ctx.algo as u8));
 
+        // Configure HMAC mode if a key is provided.
+        if let Some(key) = ctx.key {
+            T::regs().cr().modify(|w| w.set_mode(true));
+            if key.len() > 64 {
+                T::regs().cr().modify(|w| w.set_lkey(true));
+            }
+        }
+
         T::regs().cr().modify(|w| w.set_init(true));
 
         // Store and return the state of the peripheral.
@@ -191,18 +205,30 @@ impl<'d, T: Instance, D> Hash<'d, T, D> {
     /// Restores the peripheral state using the given context,
     /// then updates the state with the provided data.
     /// Peripheral state is saved upon return.
-    pub fn update_blocking(&mut self, ctx: &mut Context, input: &[u8]) {
+    pub fn update_blocking<'c>(&mut self, ctx: &mut Context<'c>, input: &[u8]) {
+        // Restore the peripheral state.
+        self.load_context(&ctx);
+
+        // Load the HMAC key if provided.
+        if !ctx.key_sent {
+            if let Some(key) = ctx.key {
+                self.accumulate_blocking(key);
+                T::regs().str().write(|w| w.set_dcal(true));
+                // Block waiting for digest.
+                while !T::regs().sr().read().dinis() {}
+            }
+            ctx.key_sent = true;
+        }
+
         let mut data_waiting = input.len() + ctx.buflen;
         if data_waiting < DIGEST_BLOCK_SIZE || (data_waiting < ctx.buffer.len() && !ctx.first_word_sent) {
             // There isn't enough data to digest a block, so append it to the buffer.
             ctx.buffer[ctx.buflen..ctx.buflen + input.len()].copy_from_slice(input);
             ctx.buflen += input.len();
+            self.store_context(ctx);
             return;
         }
 
-        // Restore the peripheral state.
-        self.load_context(&ctx);
-
         let mut ilen_remaining = input.len();
         let mut input_start = 0;
 
@@ -261,21 +287,30 @@ impl<'d, T: Instance, D> Hash<'d, T, D> {
     /// then updates the state with the provided data.
     /// Peripheral state is saved upon return.
     #[cfg(hash_v2)]
-    pub async fn update(&mut self, ctx: &mut Context, input: &[u8])
+    pub async fn update<'c>(&mut self, ctx: &mut Context<'c>, input: &[u8])
     where
         D: crate::hash::Dma<T>,
     {
+        // Restore the peripheral state.
+        self.load_context(&ctx);
+
+        // Load the HMAC key if provided.
+        if !ctx.key_sent {
+            if let Some(key) = ctx.key {
+                self.accumulate(key).await;
+            }
+            ctx.key_sent = true;
+        }
+
         let data_waiting = input.len() + ctx.buflen;
         if data_waiting < DIGEST_BLOCK_SIZE {
             // There isn't enough data to digest a block, so append it to the buffer.
             ctx.buffer[ctx.buflen..ctx.buflen + input.len()].copy_from_slice(input);
             ctx.buflen += input.len();
+            self.store_context(ctx);
             return;
         }
 
-        // Restore the peripheral state.
-        self.load_context(&ctx);
-
         // Enable multiple DMA transfers.
         T::regs().cr().modify(|w| w.set_mdmat(true));
 
@@ -319,7 +354,7 @@ impl<'d, T: Instance, D> Hash<'d, T, D> {
     /// The digest buffer must be large enough to accomodate a digest for the selected algorithm.
     /// The largest returned digest size is 128 bytes for SHA-512.
     /// Panics if the supplied digest buffer is too short.
-    pub fn finish_blocking(&mut self, mut ctx: Context, digest: &mut [u8]) -> usize {
+    pub fn finish_blocking<'c>(&mut self, mut ctx: Context<'c>, digest: &mut [u8]) -> usize {
         // Restore the peripheral state.
         self.load_context(&ctx);
 
@@ -330,7 +365,14 @@ impl<'d, T: Instance, D> Hash<'d, T, D> {
         //Start the digest calculation.
         T::regs().str().write(|w| w.set_dcal(true));
 
-        // Block waiting for digest.
+        // Load the HMAC key if provided.
+        if let Some(key) = ctx.key {
+            while !T::regs().sr().read().dinis() {}
+            self.accumulate_blocking(key);
+            T::regs().str().write(|w| w.set_dcal(true));
+        }
+
+        // Block until digest computation is complete.
         while !T::regs().sr().read().dcis() {}
 
         // Return the digest.
@@ -370,7 +412,7 @@ impl<'d, T: Instance, D> Hash<'d, T, D> {
     /// The largest returned digest size is 128 bytes for SHA-512.
     /// Panics if the supplied digest buffer is too short.
     #[cfg(hash_v2)]
-    pub async fn finish(&mut self, mut ctx: Context, digest: &mut [u8]) -> usize
+    pub async fn finish<'c>(&mut self, mut ctx: Context<'c>, digest: &mut [u8]) -> usize
     where
         D: crate::hash::Dma<T>,
     {
@@ -384,6 +426,11 @@ impl<'d, T: Instance, D> Hash<'d, T, D> {
         self.accumulate(&ctx.buffer[0..ctx.buflen]).await;
         ctx.buflen = 0;
 
+        // Load the HMAC key if provided.
+        if let Some(key) = ctx.key {
+            self.accumulate(key).await;
+        }
+
         // Wait for completion.
         poll_fn(|cx| {
             // Check if already done.
@@ -484,7 +531,7 @@ impl<'d, T: Instance, D> Hash<'d, T, D> {
     }
 
     /// Save the peripheral state to a context.
-    fn store_context(&mut self, ctx: &mut Context) {
+    fn store_context<'c>(&mut self, ctx: &mut Context<'c>) {
         // Block waiting for data in ready.
         while !T::regs().sr().read().dinis() {}
 

examples/stm32f7/Cargo.toml

@@ -29,6 +29,7 @@ critical-section = "1.1"
 embedded-storage = "0.3.1"
 static_cell = "2"
 sha2 = { version = "0.10.8", default-features = false }
+hmac = "0.12.1"
 
 [profile.release]
 debug = 2

examples/stm32f7/src/bin/hash.rs

@@ -6,9 +6,12 @@ use embassy_executor::Spawner;
 use embassy_stm32::hash::*;
 use embassy_stm32::{bind_interrupts, hash, peripherals, Config};
 use embassy_time::Instant;
+use hmac::{Hmac, Mac};
 use sha2::{Digest, Sha256};
 use {defmt_rtt as _, panic_probe as _};
 
+type HmacSha256 = Hmac<Sha256>;
+
 bind_interrupts!(struct Irqs {
     HASH_RNG => hash::InterruptHandler<peripherals::HASH>;
 });
@@ -26,7 +29,7 @@ async fn main(_spawner: Spawner) -> ! {
     let hw_start_time = Instant::now();
 
     // Compute a digest in hardware.
-    let mut context = hw_hasher.start(Algorithm::SHA256, DataType::Width8);
+    let mut context = hw_hasher.start(Algorithm::SHA256, DataType::Width8, None);
     hw_hasher.update(&mut context, test_1).await;
     hw_hasher.update(&mut context, test_2).await;
     let mut hw_digest: [u8; 32] = [0; 32];
@@ -52,5 +55,24 @@ async fn main(_spawner: Spawner) -> ! {
     info!("Software Execution Time: {:?}", sw_execution_time);
     assert_eq!(hw_digest, sw_digest[..]);
 
+    let hmac_key: [u8; 64] = [0x55; 64];
+
+    // Compute HMAC in hardware.
+    let mut sha256hmac_context = hw_hasher.start(Algorithm::SHA256, DataType::Width8, Some(&hmac_key));
+    hw_hasher.update(&mut sha256hmac_context, test_1).await;
+    hw_hasher.update(&mut sha256hmac_context, test_2).await;
+    let mut hw_hmac: [u8; 32] = [0; 32];
+    hw_hasher.finish(sha256hmac_context, &mut hw_hmac).await;
+
+    // Compute HMAC in software.
+    let mut sw_mac = HmacSha256::new_from_slice(&hmac_key).unwrap();
+    sw_mac.update(test_1);
+    sw_mac.update(test_2);
+    let sw_hmac = sw_mac.finalize().into_bytes();
+
+    info!("Hardware HMAC: {:?}", hw_hmac);
+    info!("Software HMAC: {:?}", sw_hmac[..]);
+    assert_eq!(hw_hmac, sw_hmac[..]);
+
     loop {}
 }

tests/stm32/Cargo.toml

@@ -76,6 +76,7 @@ portable-atomic = { version = "1.5", features = [] }
 
 chrono = { version = "^0.4", default-features = false, optional = true}
 sha2 = { version = "0.10.8", default-features = false }
+hmac = "0.12.1"
 
 # BEGIN TESTS
 # Generated by gen_test.py. DO NOT EDIT.

tests/stm32/src/bin/hash.rs

@@ -9,9 +9,12 @@ use embassy_executor::Spawner;
 use embassy_stm32::dma::NoDma;
 use embassy_stm32::hash::*;
 use embassy_stm32::{bind_interrupts, hash, peripherals};
+use hmac::{Hmac, Mac};
 use sha2::{Digest, Sha224, Sha256};
 use {defmt_rtt as _, panic_probe as _};
 
+type HmacSha256 = Hmac<Sha256>;
+
 #[cfg(any(feature = "stm32l4a6zg", feature = "stm32h755zi", feature = "stm32h753zi"))]
 bind_interrupts!(struct Irqs {
    HASH_RNG => hash::InterruptHandler<peripherals::HASH>;
@@ -38,11 +41,11 @@ async fn main(_spawner: Spawner) {
     let test_3: &[u8] = b"a.ewtkluGWEBR.KAJRBTA,RMNRBG,FDMGB.kger.tkasjrbt.akrjtba.krjtba.ktmyna,nmbvtyliasd;gdrtba,sfvs.kgjzshd.gkbsr.tksejb.SDkfBSE.gkfgb>ESkfbSE>gkJSBESE>kbSE>fk";
 
     // Start an SHA-256 digest.
-    let mut sha256context = hw_hasher.start(Algorithm::SHA256, DataType::Width8);
+    let mut sha256context = hw_hasher.start(Algorithm::SHA256, DataType::Width8, None);
     hw_hasher.update_blocking(&mut sha256context, test_1);
 
     // Interrupt the SHA-256 digest to compute an SHA-224 digest.
-    let mut sha224context = hw_hasher.start(Algorithm::SHA224, DataType::Width8);
+    let mut sha224context = hw_hasher.start(Algorithm::SHA224, DataType::Width8, None);
     hw_hasher.update_blocking(&mut sha224context, test_3);
     let mut sha224_digest_buffer: [u8; 28] = [0; 28];
     let _ = hw_hasher.finish_blocking(sha224context, &mut sha224_digest_buffer);
@@ -73,6 +76,25 @@ async fn main(_spawner: Spawner) {
     info!("Software SHA-256 Digest: {:?}", sw_sha224_digest[..]);
     defmt::assert!(sha224_digest_buffer == sw_sha224_digest[..]);
 
+    let hmac_key: [u8; 64] = [0x55; 64];
+
+    // Compute HMAC in hardware.
+    let mut sha256hmac_context = hw_hasher.start(Algorithm::SHA256, DataType::Width8, Some(&hmac_key));
+    hw_hasher.update_blocking(&mut sha256hmac_context, test_1);
+    hw_hasher.update_blocking(&mut sha256hmac_context, test_2);
+    let mut hw_hmac: [u8; 32] = [0; 32];
+    hw_hasher.finish_blocking(sha256hmac_context, &mut hw_hmac);
+
+    // Compute HMAC in software.
+    let mut sw_mac = HmacSha256::new_from_slice(&hmac_key).unwrap();
+    sw_mac.update(test_1);
+    sw_mac.update(test_2);
+    let sw_hmac = sw_mac.finalize().into_bytes();
+
+    info!("Hardware HMAC: {:?}", hw_hmac);
+    info!("Software HMAC: {:?}", sw_hmac[..]);
+    defmt::assert!(hw_hmac == sw_hmac[..]);
+
     info!("Test OK");
     cortex_m::asm::bkpt();
 }