Enable hardware acceleration for SHA1, SHA384 and SHA3 algorithms on PSoC6 #9185
Conversation
|
🛟 Devin Lifeguard found 3 likely issues in this PR
@Pushyanth-Infineon |
|
Can one of the admins verify this patch? |
|
Hi @Pushyanth-Infineon , Thank you for this code contribution! The changes look great! I'll work on reviewing and testing this. In the mean-time please email support at wolfssl dot com to work on getting a signed contributor agreement setup. Thanks, |
|
Okay to test |
|
@Pushyanth-Infineon is an approved contributor. ZD 20518 |
|
retest this please |
|
what happened in PRB-master-job? |
|
Error from testing: trailing whitespace: |
|
It make sense to have |
|
C++-style comments: Please change C++ style comments. |
|
Replaced C++ style comments with C style comments. Removed WOLFSSL_PSOC6_CRYPTO macro from .wolfssl_known_macro_extras |
|
Jenkins retest this please |
|
Jenkins retest this please. |
dgarske
left a comment
dgarske
left a comment
There was a problem hiding this comment.
These changes look great! I will also build and test on the PSoC6 next.
There was a problem hiding this comment.
Pull Request Overview
This PR enables hardware acceleration for SHA1, SHA384, and SHA3 algorithms on PSoC6 platforms by extending the existing PSoC6 crypto port and refactoring the implementation structure. It also adds public key creation functionality to the ECC verification function and fixes an ML-KEM SHAKE256 initialization issue.
- Extends PSoC6 hardware acceleration support to SHA1, SHA384, and SHA3 algorithms
- Refactors existing SHA256/SHA512 code to use a unified implementation structure
- Adds public key creation capability to
psoc6_ecc_verify_hash_exwhen only private key is provided - Fixes ML-KEM SHAKE256 initialization to use proper API instead of manual memory clearing
Reviewed Changes
Copilot reviewed 13 out of 13 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| wolfssl/wolfcrypt/sha512.h | Updates conditional compilation for PSoC6 SHA2 support |
| wolfssl/wolfcrypt/sha3.h | Adds PSoC6 hardware acceleration structure for SHA3 |
| wolfssl/wolfcrypt/sha256.h | Refactors PSoC6 conditional compilation structure |
| wolfssl/wolfcrypt/sha.h | Adds PSoC6 hardware acceleration structure for SHA1 |
| wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h | Refactors header to support unified hash implementation |
| wolfcrypt/src/wc_mlkem_poly.c | Fixes SHAKE256 initialization to use proper API |
| wolfcrypt/src/sha512.c | Adds PSoC6 conditional compilation support |
| wolfcrypt/src/sha3.c | Implements PSoC6 hardware acceleration for SHA3 |
| wolfcrypt/src/sha256.c | Updates PSoC6 conditional compilation structure |
| wolfcrypt/src/sha.c | Implements PSoC6 hardware acceleration for SHA1 |
| wolfcrypt/src/port/cypress/psoc6_crypto.c | Major refactoring and extension of PSoC6 crypto implementation |
| wolfcrypt/src/port/cypress/README.md | Adds comprehensive documentation for PSoC6 crypto port |
| .wolfssl_known_macro_extras | Removes obsolete macro entry |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
|
Jenkins retest this please: "AgentOfflineException" |
dgarske
left a comment
dgarske
left a comment
There was a problem hiding this comment.
Hi @Pushyanth-Infineon these changes look good! I've been trying to figure out how to test them. Do you have an example project you can share or point me to? I've got all the ModusToolBox tools setup and I also have a PSoC 62S2 board with LWB5+ wifi module.
|
Hi @dgarske, I've used Setup: Let me know if you need further help in setting up for testing. |
|
@Pushyanth-Infineon thank you for the example, I'll try it tomorrow. We merged a PSoC fix for SHA512/SHA384 that conflicts. Can you rebase and resolve? Thank you |
|
Jenkins retest this please |
|
Hi @Pushyanth-Infineon , I'm getting an error trying to use your provided example. I tried on Ubuntu 24 and MacOS and get the same error. Both systems have previously had ModusToolbox working correctly. Please let me know if you have some ideas. |
|
Jenkins retest this please: Periodic issues with FIPSv2-regression due to failed apt install. |
|
The zip file is only the template file from which the project should be created using project creator. Also use the template file attached in this comment instead of the old one.
|
There was a problem hiding this comment.
Hi @Pushyanth-Infineon ,
Thank you! It all tests out and works! There are some unused functions in ecc.c with WOLFSSL_PSOC6_CRYPTO defined. Can you please apply this small patch?
$ git diff
diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index 29a208605..5b54bc641 100644
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -232,7 +232,8 @@ ECC Curve Sizes:
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
!defined(WOLFSSL_KCAPI_ECC) && !defined(WOLFSSL_SE050) && \
- !defined(WOLFSSL_XILINX_CRYPT_VERSAL) && !defined(WOLFSSL_STM32_PKA)
+ !defined(WOLFSSL_XILINX_CRYPT_VERSAL) && !defined(WOLFSSL_STM32_PKA) && \
+ !defined(WOLFSSL_PSOC6_CRYPTO)
#undef HAVE_ECC_VERIFY_HELPER
#define HAVE_ECC_VERIFY_HELPER
#endif
Compiling ext file ecc.c
../mtb_shared/wolfssl/wolfssl-psoc6/wolfcrypt/src/ecc.c:8882:12: warning: 'ecc_verify_hash' defined but not used [-Wunused-function]
8882 | static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash,
| ^~~~~~~~~~~~~~~
../mtb_shared/wolfssl/wolfssl-psoc6/wolfcrypt/src/ecc.c:8724:12: warning: 'ecc_verify_hash_sp' defined but not used [-Wunused-function]
8724 | static int ecc_verify_hash_sp(mp_int *r, mp_int *s, const byte* hash,
| ^~~~~~~~~~~~~~~~~~
Linking output file mtb-example-hal-hello-world.elf
|
Hi @Pushyanth-Infineon also can you please squash your changes on the next push? If you would like my help with that patch or squash let me know. |
Pushyanth-Infineon
force-pushed
the
psoc6_sha1_sha2_sha3_support
branch
from
ed5aeed to
5f6fefe
Compare
- Introduced conditional compilation for PSoC6 crypto support across SHA1, SHA2, SHA3 implementations. - Ensured proper mutex locking for concurrent access to hardware resources during hash operations. - Added public key creation functionality if only private key is provided in ECDSA verify function (psoc6_ecc_verify_hash_ex). - Updated ECC parameter size handling to fix incorrect endianness conversions in psoc6_ecc_verify_hash_ex(). - Added README for PSOC6 port.
Pushyanth-Infineon
force-pushed
the
psoc6_sha1_sha2_sha3_support
branch
from
8d7d33b to
b2c5eb5
Compare
|
Applied the patch and squashed the commits. |
|
Jenkins retest this please |
|
Jenkins retest this please: "PRB-single-flag.txt_25'" |
5 participants
Description
psoc6_ecc_verify_hash_ex: Added public key creation functionality if only private key is provided.wolfcrypt/src/wc_mlkem_poly.c:mlkem_prf_init(): Usewc_InitShake256to initialize SHAKE-256 instead of manually clearing the state. If PSoC6 acceleration is enabled for SHA3(PSOC6_HASH_SHA3), the wc_Shake will have different state structure andwc_InitShake256will handle it correctly.Testing
CY8CPROTO-062-4343Wboard on ModusToolbox™ IDE with tests present inwolfcrypt/test/test.c:wolfcrypt_test()Checklist