wolfSSL · bigbrett · May 26, 2026
diff --git a/src/wh_client_crypto.c b/src/wh_client_crypto.c
diff --git a/src/wh_client_cryptocb.c b/src/wh_client_cryptocb.c
@@ -534,6 +534,53 @@ int wh_Client_CryptoCb(int devId, wc_CryptoInfo* info, void* inCtx)
                 ret = wh_Client_Sha512(ctx, sha, in, inLen, out);
             } break;
 #endif /* WOLFSSL_SHA512 && WOLFSSL_SHA512_HASHTYPE */
+#if defined(WOLFSSL_SHA3)
+            case WC_HASH_TYPE_SHA3_224:
+            case WC_HASH_TYPE_SHA3_256:
+            case WC_HASH_TYPE_SHA3_384:
+            case WC_HASH_TYPE_SHA3_512: {
+                wc_Sha3* sha = info->hash.sha3;
+#ifdef WOLFSSL_HASH_FLAGS
+                /* Keccak-mode SHA3 (legacy 0x01-padding variant) is a software-
+                 * only mode; fall through to wolfCrypt's software path. */
+                if (sha != NULL &&
+                    (sha->flags & WC_HASH_SHA3_KECCAK256) != 0u) {
+                    ret = CRYPTOCB_UNAVAILABLE;
+                    break;
+                }
+#endif
+                switch (info->hash.type) {
+#ifndef WOLFSSL_NOSHA3_224
+                    case WC_HASH_TYPE_SHA3_224:
+                        ret = wh_Client_Sha3_224(ctx, sha, info->hash.in,
+                                                 info->hash.inSz,
+                                                 info->hash.digest);
+                        break;
+#endif
+#ifndef WOLFSSL_NOSHA3_256
+                    case WC_HASH_TYPE_SHA3_256:
+                        ret = wh_Client_Sha3_256(ctx, sha, info->hash.in,
+                                                 info->hash.inSz,
+                                                 info->hash.digest);
+                        break;
+#endif
+#ifndef WOLFSSL_NOSHA3_384
+                    case WC_HASH_TYPE_SHA3_384:
+                        ret = wh_Client_Sha3_384(ctx, sha, info->hash.in,
+                                                 info->hash.inSz,
+                                                 info->hash.digest);
+                        break;
+#endif
+#ifndef WOLFSSL_NOSHA3_512
+                    case WC_HASH_TYPE_SHA3_512:
+                        ret = wh_Client_Sha3_512(ctx, sha, info->hash.in,
+                                                 info->hash.inSz,
+                                                 info->hash.digest);
+                        break;
+#endif
+                }
+            } break;
+#endif /* WOLFSSL_SHA3 */
             default:
                 ret = CRYPTOCB_UNAVAILABLE;
                 break;
@@ -862,6 +909,51 @@ int wh_Client_CryptoCbDma(int devId, wc_CryptoInfo* info, void* inCtx)
                 ret = wh_Client_Sha512Dma(ctx, sha, in, inLen, out);
             } break;
 #endif /* WOLFSSL_SHA512 && defined(WOLFSSL_SHA512_HASHTYPE) */
+#if defined(WOLFSSL_SHA3)
+            case WC_HASH_TYPE_SHA3_224:
+            case WC_HASH_TYPE_SHA3_256:
+            case WC_HASH_TYPE_SHA3_384:
+            case WC_HASH_TYPE_SHA3_512: {
+                wc_Sha3* sha = info->hash.sha3;
+#ifdef WOLFSSL_HASH_FLAGS
+                if (sha != NULL &&
+                    (sha->flags & WC_HASH_SHA3_KECCAK256) != 0u) {
+                    ret = CRYPTOCB_UNAVAILABLE;
+                    break;
+                }
+#endif
+                switch (info->hash.type) {
+#ifndef WOLFSSL_NOSHA3_224
+                    case WC_HASH_TYPE_SHA3_224:
+                        ret = wh_Client_Sha3_224Dma(ctx, sha, info->hash.in,
+                                                    info->hash.inSz,
+                                                    info->hash.digest);
+                        break;
+#endif
+#ifndef WOLFSSL_NOSHA3_256
+                    case WC_HASH_TYPE_SHA3_256:
+                        ret = wh_Client_Sha3_256Dma(ctx, sha, info->hash.in,
+                                                    info->hash.inSz,
+                                                    info->hash.digest);
+                        break;
+#endif
+#ifndef WOLFSSL_NOSHA3_384
+                    case WC_HASH_TYPE_SHA3_384:
+                        ret = wh_Client_Sha3_384Dma(ctx, sha, info->hash.in,
+                                                    info->hash.inSz,
+                                                    info->hash.digest);
+                        break;
+#endif
+#ifndef WOLFSSL_NOSHA3_512
+                    case WC_HASH_TYPE_SHA3_512:
+                        ret = wh_Client_Sha3_512Dma(ctx, sha, info->hash.in,
+                                                    info->hash.inSz,
+                                                    info->hash.digest);
+                        break;
+#endif
+                }
+            } break;
+#endif /* WOLFSSL_SHA3 */
             default:
                 ret = CRYPTOCB_UNAVAILABLE;
                 break;

diff --git a/src/wh_message_crypto.c b/src/wh_message_crypto.c
@@ -692,6 +692,60 @@ int wh_MessageCrypto_TranslateSha2Response(
     return 0;
 }
 
+/* SHA3 state translation - shared across all SHA3 variants and across the
+ * non-DMA and DMA wire formats. */
+int wh_MessageCrypto_TranslateSha3State(uint16_t                         magic,
+                                        const whMessageCrypto_Sha3State* src,
+                                        whMessageCrypto_Sha3State*       dest)
+{
+    int k;
+
+    if ((src == NULL) || (dest == NULL)) {
+        return WH_ERROR_BADARGS;
+    }
+    WH_T32(magic, dest, src, i);
+    for (k = 0; k < 25; k++) {
+        WH_T64(magic, dest, src, s[k]);
+    }
+    return 0;
+}
+
+/* SHA3 Request translation. Trailing input bytes are raw and need no
+ * translation. */
+int wh_MessageCrypto_TranslateSha3Request(
+    uint16_t magic, const whMessageCrypto_Sha3Request* src,
+    whMessageCrypto_Sha3Request* dest)
+{
+    if ((src == NULL) || (dest == NULL)) {
+        return WH_ERROR_BADARGS;
+    }
+    WH_T32(magic, dest, src, isLastBlock);
+    WH_T32(magic, dest, src, inSz);
+    return wh_MessageCrypto_TranslateSha3State(magic, &src->resumeState,
+                                               &dest->resumeState);
+}
+
+/* SHA3 Response translation */
+int wh_MessageCrypto_TranslateSha3Response(
+    uint16_t magic, const whMessageCrypto_Sha3Response* src,
+    whMessageCrypto_Sha3Response* dest)
+{
+    int ret;
+
+    if ((src == NULL) || (dest == NULL)) {
+        return WH_ERROR_BADARGS;
+    }
+    ret = wh_MessageCrypto_TranslateSha3State(magic, &src->resumeState,
+                                              &dest->resumeState);
+    if (ret != 0) {
+        return ret;
+    }
+    if (src != dest) {
+        memcpy(dest->hash, src->hash, sizeof(src->hash));
+    }
+    return 0;
+}
+
 
 /* CMAC-AES State translation */
 int wh_MessageCrypto_TranslateCmacAesState(
@@ -940,6 +994,48 @@ int wh_MessageCrypto_TranslateSha2DmaResponse(
                                                    &dest->dmaAddrStatus);
 }
 
+/* SHA3 DMA Request translation */
+int wh_MessageCrypto_TranslateSha3DmaRequest(
+    uint16_t magic, const whMessageCrypto_Sha3DmaRequest* src,
+    whMessageCrypto_Sha3DmaRequest* dest)
+{
+    int ret;
+
+    if ((src == NULL) || (dest == NULL)) {
+        return WH_ERROR_BADARGS;
+    }
+    ret = wh_MessageCrypto_TranslateDmaBuffer(magic, &src->input, &dest->input);
+    if (ret != 0) {
+        return ret;
+    }
+    WH_T32(magic, dest, src, isLastBlock);
+    WH_T32(magic, dest, src, inSz);
+    return wh_MessageCrypto_TranslateSha3State(magic, &src->resumeState,
+                                               &dest->resumeState);
+}
+
+/* SHA3 DMA Response translation */
+int wh_MessageCrypto_TranslateSha3DmaResponse(
+    uint16_t magic, const whMessageCrypto_Sha3DmaResponse* src,
+    whMessageCrypto_Sha3DmaResponse* dest)
+{
+    int ret;
+
+    if ((src == NULL) || (dest == NULL)) {
+        return WH_ERROR_BADARGS;
+    }
+    ret = wh_MessageCrypto_TranslateSha3State(magic, &src->resumeState,
+                                              &dest->resumeState);
+    if (ret != 0) {
+        return ret;
+    }
+    if (src != dest) {
+        memcpy(dest->hash, src->hash, sizeof(src->hash));
+    }
+    return wh_MessageCrypto_TranslateDmaAddrStatus(magic, &src->dmaAddrStatus,
+                                                   &dest->dmaAddrStatus);
+}
+
 /* CMAC-AES DMA Request translation */
 int wh_MessageCrypto_TranslateCmacAesDmaRequest(
     uint16_t magic, const whMessageCrypto_CmacAesDmaRequest* src,