@@ -533,6 +533,59 @@ int wc_HmacSetKey_ex(Hmac* hmac, int type, const byte* key, word32 length,
533533 return 0 ;
534534#else
535535
536+ #if defined(STM32_HASH ) && defined(STM32_HMAC )
537+ {
538+ word32 stmAlgo , stmBlockSize , stmDigestSize ;
539+ /* Check if this hash type is supported by STM32 HMAC hardware */
540+ if (wc_Stm32_Hmac_GetAlgoInfo (type , & stmAlgo , & stmBlockSize ,
541+ & stmDigestSize ) == 0 ) {
542+ /* Cache algo info for Update/Final */
543+ hmac -> stmAlgo = stmAlgo ;
544+ hmac -> stmBlockSize = stmBlockSize ;
545+ hmac -> stmDigestSize = stmDigestSize ;
546+
547+ /* Store raw key in ipad (unused in HW HMAC mode).
548+ * Pre-hash if longer than hash block size. */
549+ if (length <= stmBlockSize ) {
550+ if (key != NULL ) {
551+ XMEMCPY (hmac -> ipad , key , length );
552+ }
553+ hmac -> stmKeyLen = length ;
554+ }
555+ else {
556+ /* Pre-hash long key using stmCtx (re-initialized below) */
557+ wc_Stm32_Hash_Init (& hmac -> stmCtx );
558+ ret = wolfSSL_CryptHwMutexLock ();
559+ if (ret == 0 ) {
560+ ret = wc_Stm32_Hash_Update (& hmac -> stmCtx , stmAlgo ,
561+ key , length , stmBlockSize );
562+ if (ret == 0 ) {
563+ ret = wc_Stm32_Hash_Final (& hmac -> stmCtx , stmAlgo ,
564+ (byte * )hmac -> ipad , stmDigestSize );
565+ }
566+ wolfSSL_CryptHwMutexUnLock ();
567+ }
568+ if (ret != 0 )
569+ return ret ;
570+ hmac -> stmKeyLen = stmDigestSize ;
571+ }
572+
573+ /* HW HMAC Phase 1: feed key */
574+ ret = wolfSSL_CryptHwMutexLock ();
575+ if (ret == 0 ) {
576+ ret = wc_Stm32_Hmac_SetKey (& hmac -> stmCtx , type ,
577+ (const byte * )hmac -> ipad , hmac -> stmKeyLen );
578+ wolfSSL_CryptHwMutexUnLock ();
579+ }
580+ if (ret == 0 ) {
581+ hmac -> innerHashKeyed = WC_HMAC_INNER_HASH_KEYED_DEV ;
582+ }
583+ return ret ;
584+ }
585+ /* Unsupported algo falls through to software */
586+ }
587+ #endif /* STM32_HASH && STM32_HMAC */
588+
536589 ip = (byte * )hmac -> ipad ;
537590 op = (byte * )hmac -> opad ;
538591
@@ -853,6 +906,18 @@ int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
853906 }
854907#endif /* WOLFSSL_ASYNC_CRYPT */
855908
909+ #if defined(STM32_HASH ) && defined(STM32_HMAC )
910+ if (hmac -> innerHashKeyed == WC_HMAC_INNER_HASH_KEYED_DEV ) {
911+ ret = wolfSSL_CryptHwMutexLock ();
912+ if (ret == 0 ) {
913+ ret = wc_Stm32_Hmac_Update (& hmac -> stmCtx , hmac -> stmAlgo ,
914+ msg , length , hmac -> stmBlockSize );
915+ wolfSSL_CryptHwMutexUnLock ();
916+ }
917+ return ret ;
918+ }
919+ #endif /* STM32_HASH && STM32_HMAC */
920+
856921 if (!hmac -> innerHashKeyed ) {
857922#ifndef WOLFSSL_HMAC_COPY_HASH
858923 ret = HmacKeyHashUpdate (hmac -> macType , & hmac -> hash , (byte * )hmac -> ipad );
@@ -970,6 +1035,25 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
9701035 }
9711036#endif /* WOLFSSL_ASYNC_CRYPT */
9721037
1038+ #if defined(STM32_HASH ) && defined(STM32_HMAC )
1039+ if (hmac -> innerHashKeyed == WC_HMAC_INNER_HASH_KEYED_DEV ) {
1040+ ret = wolfSSL_CryptHwMutexLock ();
1041+ if (ret == 0 ) {
1042+ ret = wc_Stm32_Hmac_Final (& hmac -> stmCtx , hmac -> stmAlgo ,
1043+ (const byte * )hmac -> ipad , hmac -> stmKeyLen , hash ,
1044+ hmac -> stmDigestSize );
1045+ /* Re-run Phase 1 so HMAC is ready for next Update/Final cycle
1046+ * (needed for PRF/HKDF loops that reuse the same key) */
1047+ if (ret == 0 ) {
1048+ ret = wc_Stm32_Hmac_SetKey (& hmac -> stmCtx , hmac -> macType ,
1049+ (const byte * )hmac -> ipad , hmac -> stmKeyLen );
1050+ }
1051+ wolfSSL_CryptHwMutexUnLock ();
1052+ }
1053+ return ret ;
1054+ }
1055+ #endif /* STM32_HASH && STM32_HMAC */
1056+
9731057 if (!hmac -> innerHashKeyed ) {
9741058#ifndef WOLFSSL_HMAC_COPY_HASH
9751059 ret = HmacKeyHashUpdate (hmac -> macType , & hmac -> hash , (byte * )hmac -> ipad );
0 commit comments