Merge pull request wolfSSL#10311 from dgarske/stm32_gmac

Fix for using STM32 AES hardware crypto with WOLFSSL_ARMASM set

Author: douzzer

.github/workflows/hostap-vm.yml

@@ -76,12 +76,21 @@ jobs:
         with:
           path: hostap
           key: hostap-repo
-          lookup-only: true
 
       - name: Checkout hostap
         if: steps.cache.outputs.cache-hit != 'true'
         run: git clone https://w1.fi/hostap.git hostap
 
+      - name: tar hostap
+        run: tar -zcf hostap.tgz hostap
+
+      - name: Upload hostap repo
+        uses: actions/upload-artifact@v4
+        with:
+          name: hostap-repo
+          path: hostap.tgz
+          retention-days: 1
+
   build_uml_linux:
     name: Build UML (UserMode Linux)
     if: github.repository_owner == 'wolfssl'
@@ -96,15 +105,16 @@ jobs:
         with:
           path: linux/linux
           key: hostap-linux-${{ env.LINUX_REF }}
-          lookup-only: true
 
-      - name: Checking if we have hostap in cache
+      - name: Download hostap repo
         if: steps.cache.outputs.cache-hit != 'true'
-        uses: actions/cache/restore@v4
+        uses: actions/download-artifact@v4
         with:
-          path: hostap
-          key: hostap-repo
-          fail-on-cache-miss: true
+          name: hostap-repo
+
+      - name: untar hostap
+        if: steps.cache.outputs.cache-hit != 'true'
+        run: tar -xf hostap.tgz
 
       - name: Checkout linux
         if: steps.cache.outputs.cache-hit != 'true'
@@ -122,6 +132,13 @@ jobs:
           cd linux
           yes "" | ARCH=um make -j $(nproc)
 
+      - name: Upload kernel binary
+        uses: actions/upload-artifact@v4
+        with:
+          name: uml-linux-kernel
+          path: linux/linux
+          retention-days: 1
+
   hostap_test:
     strategy:
       fail-fast: false
@@ -170,13 +187,11 @@ jobs:
     timeout-minutes: 45
     needs: [build_wolfssl, build_uml_linux, checkout_hostap]
     steps:
-      - name: Checking if we have kernel in cache
-        uses: actions/cache/restore@v4
-        id: cache
+      - name: Download kernel binary
+        uses: actions/download-artifact@v4
         with:
-          path: linux/linux
-          key: hostap-linux-${{ env.LINUX_REF }}
-          fail-on-cache-miss: true
+          name: uml-linux-kernel
+          path: linux
 
         # No way to view the full strategy in the browser (really weird)
       - name: Print strategy
@@ -215,12 +230,13 @@ jobs:
       - name: Install pip dependencies
         run: sudo pip install pycryptodome
 
-      - name: Checking if we have hostap in cache
-        uses: actions/cache/restore@v4
+      - name: Download hostap repo
+        uses: actions/download-artifact@v4
         with:
-          path: hostap
-          key: hostap-repo
-          fail-on-cache-miss: true
+          name: hostap-repo
+
+      - name: untar hostap
+        run: tar -xf hostap.tgz
 
       - name: Checkout correct ref
         working-directory: hostap

wolfcrypt/src/aes.c

@@ -7707,7 +7707,13 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
         return ret;
     #endif /* WOLFSSL_RENESAS_RSIP && WOLFSSL_RENESAS_FSPSM_CRYPTONLY*/
 
-#if defined(WOLFSSL_ARMASM)
+/* GCM setup needs one AES block encrypt of the all-zero IV to generate
+ * the hash subkey H. STM32_CRYPTO stores only the raw key (no expanded
+ * key schedule), so the ARMASM AES_ECB_encrypt helpers used here cannot
+ * be used. Excluding STM32_CRYPTO from this block falls back to the
+ * non-ARMASM wc_AesEncrypt implementation, which on STM32 routes to
+ * CRYP. */
+#if defined(WOLFSSL_ARMASM) && !defined(STM32_CRYPTO)
     if (ret == 0) {
 #ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO
     #if !defined(__aarch64__)