diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index 99e5990666b..62474dfa9f6 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -857,6 +857,15 @@ WOLFSSL_NO_TICKET_EXPIRE WOLFSSL_NO_TRUSTED_CERTS_VERIFY WOLFSSL_NO_WORD64_OPS WOLFSSL_NO_XOR_OPS +WOLFSSL_NXP_LPC55S6X +WOLFSSL_NXP_CASPER +WOLFSSL_NXP_CASPER_ECC_MULMOD +WOLFSSL_NXP_CASPER_ECC_MUL2ADD +WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD +WOLFSSL_NXP_HASHCRYPT +WOLFSSL_NXP_HASHCRYPT_AES +WOLFSSL_NXP_HASHCRYPT_SHA +WOLFSSL_NXP_RNG_1 WOLFSSL_NRF51_AES WOLFSSL_OLDTLS_AEAD_CIPHERSUITES WOLFSSL_OLD_SET_CURVES_LIST diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index c2c982203fe..d1aed393151 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -140,6 +140,10 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits #include #endif +#ifdef WOLFSSL_NXP_HASHCRYPT_AES + #include +#endif + #ifdef WOLFSSL_SECO_CAAM #include #endif @@ -5102,7 +5106,8 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir) #if defined(WOLF_CRYPTO_CB) || (defined(WOLFSSL_DEVCRYPTO) && \ (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC))) || \ - (defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES)) + (defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES)) || \ + defined(WOLFSSL_NXP_HASHCRYPT_AES) #ifdef WOLF_CRYPTO_CB if (aes->devId != INVALID_DEVID) #endif @@ -6476,6 +6481,9 @@ int wc_AesSetIV(Aes* aes, const byte* iv) #elif defined(WOLFSSL_DEVCRYPTO_CBC) /* implemented in wolfcrypt/src/port/devcrypt/devcrypto_aes.c */ +#elif defined(WOLFSSL_NXP_HASHCRYPT_AES) + /* implemented in wolfcrypt/src/port/nxp/hashcrypt_port.c */ + #elif defined(WOLFSSL_SILABS_SE_ACCEL) /* implemented in wolfcrypt/src/port/silabs/silabs_aes.c */ @@ -7143,7 +7151,11 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) #define NEED_AES_CTR_SOFT #elif defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_AES) - /* implemented in wolfcrypt/src/port/psa/psa_aes.c */ + /* implemented in wolfcrypt/src/port/psa/psa_aes.c */ + + #elif defined(WOLFSSL_NXP_HASHCRYPT_AES) + /* implemented in wolfcrypt/src/port/nxp/hashcrypt_port.c */ + #else /* Use software based AES counter */ @@ -13938,6 +13950,9 @@ int wc_AesGetKeySize(Aes* aes, word32* keySize) #elif defined(WOLFSSL_RISCV_ASM) /* implemented in wolfcrypt/src/port/riscv/riscv-64-aes.c */ +#elif defined(WOLFSSL_NXP_HASHCRYPT_AES) + /* implemented in wolfcrypt/src/port/nxp/hashcrypt_port.c */ + #elif defined(WOLFSSL_SILABS_SE_ACCEL) /* implemented in wolfcrypt/src/port/silabs/silabs_aes.c */ @@ -14233,7 +14248,10 @@ int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) #if defined(WOLFSSL_AES_CFB) -#if defined(WOLFSSL_PSOC6_CRYPTO) +#if defined(WOLFSSL_NXP_HASHCRYPT_AES) + /* implemented in wolfcrypt/src/port/nxp/hashcrypt_port.c */ + +#elif defined(WOLFSSL_PSOC6_CRYPTO) int wc_AesCfbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { @@ -14682,6 +14700,10 @@ int wc_AesCfb8Decrypt(Aes* aes, byte* out, const byte* in, word32 sz) #endif /* WOLFSSL_AES_CFB */ #ifdef WOLFSSL_AES_OFB +#ifdef WOLFSSL_NXP_HASHCRYPT_AES + /* implemented in wolfcrypt/src/port/nxp/hashcrypt_port.c */ + +#else /* software */ /* OFB AES mode * * aes structure holding key to use for encryption @@ -14784,6 +14806,7 @@ int wc_AesOfbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) return AesOfbCrypt_C(aes, out, in, sz); } #endif /* HAVE_AES_DECRYPT */ +#endif /* software */ #endif /* WOLFSSL_AES_OFB */ diff --git a/wolfcrypt/src/include.am b/wolfcrypt/src/include.am index 0abb5cfa78d..135fbbcdd1b 100644 --- a/wolfcrypt/src/include.am +++ b/wolfcrypt/src/include.am @@ -71,6 +71,8 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \ wolfcrypt/src/port/nxp/dcp_port.c \ wolfcrypt/src/port/nxp/se050_port.c \ wolfcrypt/src/port/nxp/README.md \ + wolfcrypt/src/port/nxp/casper_port.c \ + wolfcrypt/src/port/nxp/hashcrypt_port.c \ wolfcrypt/src/port/atmel/README.md \ wolfcrypt/src/port/xilinx/xil-sha3.c \ wolfcrypt/src/port/xilinx/xil-aesgcm.c \ diff --git a/wolfcrypt/src/port/nxp/README.md b/wolfcrypt/src/port/nxp/README.md index a2820a4dc5c..55f7351a643 100644 --- a/wolfcrypt/src/port/nxp/README.md +++ b/wolfcrypt/src/port/nxp/README.md @@ -1,6 +1,47 @@ # wolfSSL NXP Hardware Acceleration Ports -wolfSSL supports hardware acceleration on NXP DCP, LTC (KSDK), and SE050. +wolfSSL supports hardware acceleration on NXP DCP, LTC (KSDK), LPC55S69, and SE050. + +## NXP LPC55S69 + +The LPC55S69 is a general purpose edge computing device, with dual ARM +Cortex-M33 cores running up to 150 MHz, 640/320 KB internal flash/ram, +TrustZone-M, a DSP accelerator, and extensive cryptographic acceleration. + +wolfSSL supports the following hardware acceleration on the LPC55S69: +- TRNG +- HashCrypt (Hash/AES Crypto Engine) + - AES (128, 192, 256) encrypt/decrypt + - AES-CBC, AES-ECB, AES-CTR, AES-OFB, AES-CFB + - SHA-1, SHA-256 +- CASPER (Asymmetric Crypto Accelerator) + - RSA verify/encrypt/decrypt (up to 4096-bit, public key only) + +### LPC55S69 Hardware Acceleration Caveats + +The following caveats should be noted about the LPC55S69 hardware acceleration: +- AES-CTR mode fails when the counter wraps from all FF's to 0. User should +ensure this never happens, by properly managing the iv/counter in use. +- AES-CFB and AES-OFB only support full 16-byte blocks and multiples thereof. +Encrypt/Decrypt requests of other sizes will fail. +- RSA acceleration is only supported for public keys. Private key operations +will use a fully software implementation. +- When the HashCrypt engine is in use for SHA-1 or SHA-256, it must not be +interrupted with another hash request or an AES request. The hash must be +completed before another operation is requested. + +### wolfSSL LPC55S69 Hardware Acceleration Enable + +To enable only the TRNG, define the following symbol: + +**`WOLFSSL_NXP_RNG_1`** + +To enable all LPC55S69 hardware acceleration, including the TRNG, +define the following symbol: + +**`WOLFSSL_NXP_LPC55S6X`** + +NOTE: Both can be defined with no problem. ## NXP SE050 @@ -10,3 +51,4 @@ see [README_SE050.md](./README_SE050.md). ## Support For questions please email support@wolfssl.com + diff --git a/wolfcrypt/src/port/nxp/casper_port.c b/wolfcrypt/src/port/nxp/casper_port.c new file mode 100644 index 00000000000..dd4f2f6552a --- /dev/null +++ b/wolfcrypt/src/port/nxp/casper_port.c @@ -0,0 +1,249 @@ +/* casper_port.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef WOLFSSL_NXP_CASPER + +#if defined(WOLFSSL_CRYPT_HW_MUTEX) && WOLFSSL_CRYPT_HW_MUTEX > 0 + #error WOLFSSL_CRYPT_HW_MUTEX=1 not supported yet +#endif + +#include +#include +#include "fsl_casper.h" + +int wc_casper_init(void) +{ + CASPER_Init(CASPER); + + return 0; +} + +#if !defined(NO_RSA) && defined(WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD) + +#define CASPER_MAX_BUF_SZ 512 +static uint8_t key_buf[CASPER_MAX_BUF_SZ]; +static uint8_t sig_buf[CASPER_MAX_BUF_SZ]; +static uint8_t out_buf[CASPER_MAX_BUF_SZ]; + +int casper_rsa_public_exptmod( + const byte* in, word32 inLen, byte* out, word32* outLen, RsaKey* key +) +{ + int res; + int sig_sz = inLen; + int key_sz = mp_unsigned_bin_size(&key->n); + word32 exp = 0; + + if (inLen > CASPER_MAX_BUF_SZ || *outLen > CASPER_MAX_BUF_SZ) + return BAD_FUNC_ARG; + + /* casper requires little endian format for inputs/outputs */ + XMEMCPY(sig_buf, in, sig_sz); + mp_reverse(sig_buf, sig_sz); + + if ((res = mp_to_unsigned_bin(&key->n, key_buf)) != MP_OKAY) + return res; + mp_reverse(key_buf, key_sz); + + if ((res = mp_to_unsigned_bin(&key->e, (uint8_t *)&exp)) != MP_OKAY) + return res; + + CASPER_ModExp(CASPER, (void *)sig_buf, (void *)key_buf, + key_sz / sizeof(uint32_t), exp, out_buf); + + mp_reverse(out_buf, sig_sz); + XMEMCPY(out, out_buf, sig_sz); + + *outLen = inLen; + + return 0; +} +#endif /* !NO_RSA && WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD */ + + +/* 32 for 256 bits, 48 for 384 bits and 72 for 521 bits... */ +#define CASPER_MAX_ECC_SIZE_BYTES (72) + +#if defined(HAVE_ECC) && defined(WOLFSSL_NXP_CASPER_ECC_MULMOD) +/* calculates R = m*P[X, Y] */ +int casper_ecc_mulmod( + const mp_int *m, ecc_point *P, ecc_point *R, int curve_id +) +{ + uint32_t M[CASPER_MAX_ECC_SIZE_BYTES / sizeof(uint32_t)] = { 0 }; + uint32_t X[CASPER_MAX_ECC_SIZE_BYTES / sizeof(uint32_t)] = { 0 }; + uint32_t Y[CASPER_MAX_ECC_SIZE_BYTES / sizeof(uint32_t)] = { 0 }; + int size; + + if (!m || !P || !R) + return BAD_FUNC_ARG; + + if (curve_id == ECC_SECP256R1) + { + size = 32; + CASPER_ecc_init(kCASPER_ECC_P256); + } + else if (curve_id == ECC_SECP384R1) + { + size = 48; + CASPER_ecc_init(kCASPER_ECC_P384); + } + else if (curve_id == ECC_SECP521R1) + { + size = 66; + CASPER_ecc_init(kCASPER_ECC_P521); + } + else + return BAD_FUNC_ARG; + + /* scalar */ + if (mp_to_unsigned_bin(m, (unsigned char *)&M[0]) != MP_OKAY) + return MP_TO_E; + mp_reverse((unsigned char *)&M[0], size); + + /* point */ + if (mp_to_unsigned_bin(P->x, (unsigned char *)&X[0]) != MP_OKAY) + return MP_TO_E; + mp_reverse((unsigned char *)&X[0], size); + if (mp_to_unsigned_bin(P->y, (unsigned char *)&Y[0]) != MP_OKAY) + return MP_TO_E; + mp_reverse((unsigned char *)&Y[0], size); + + if (curve_id == ECC_SECP256R1) + { + CASPER_ECC_SECP256R1_Mul(CASPER, X, Y, X, Y, (void *)M); + } + else if (curve_id == ECC_SECP384R1) + { + CASPER_ECC_SECP384R1_Mul(CASPER, X, Y, X, Y, (void *)M); + } + else if (curve_id == ECC_SECP521R1) + { + CASPER_ECC_SECP521R1_Mul(CASPER, X, Y, X, Y, (void *)M); + } + + /* result */ + mp_reverse((unsigned char *)&X[0], size); + if (mp_read_unsigned_bin(R->x, (unsigned char *)&X[0], size) != MP_OKAY) + return MP_READ_E; + mp_reverse((unsigned char *)&Y[0], size); + if (mp_read_unsigned_bin(R->y, (unsigned char *)&Y[0], size) != MP_OKAY) + return MP_READ_E; + mp_set(R->z, 1); + + return 0; +} +#endif /* HAVE_ECC && WOLFSSL_NXP_CASPER_ECC_MULMOD */ + +#if defined(HAVE_ECC) && defined(WOLFSSL_NXP_CASPER_ECC_MUL2ADD) +/* calculates R = m*P[X, Y] + n*Q[X, Y] */ +int casper_ecc_mul2add( + const mp_int *m, ecc_point *P, const mp_int *n, ecc_point *Q, + ecc_point *R, int curve_id +) +{ + uint32_t M[CASPER_MAX_ECC_SIZE_BYTES / sizeof(uint32_t)] = { 0 }; + uint32_t X1[CASPER_MAX_ECC_SIZE_BYTES / sizeof(uint32_t)] = { 0 }; + uint32_t Y1[CASPER_MAX_ECC_SIZE_BYTES / sizeof(uint32_t)] = { 0 }; + uint32_t N[CASPER_MAX_ECC_SIZE_BYTES / sizeof(uint32_t)] = { 0 }; + uint32_t X2[CASPER_MAX_ECC_SIZE_BYTES / sizeof(uint32_t)] = { 0 }; + uint32_t Y2[CASPER_MAX_ECC_SIZE_BYTES / sizeof(uint32_t)] = { 0 }; + int size; + + if (!m || !P || !n || !Q || !R) + return BAD_FUNC_ARG; + + if (curve_id == ECC_SECP256R1) + { + size = 32; + CASPER_ecc_init(kCASPER_ECC_P256); + } + else if (curve_id == ECC_SECP384R1) + { + size = 48; + CASPER_ecc_init(kCASPER_ECC_P384); + } + else if (curve_id == ECC_SECP521R1) + { + size = 66; + CASPER_ecc_init(kCASPER_ECC_P521); + } + else + return BAD_FUNC_ARG; + + /* first scalar */ + if (mp_to_unsigned_bin(m, (unsigned char *)&M[0]) != MP_OKAY) + return MP_TO_E; + mp_reverse((unsigned char *)&M[0], size); + + /* first point */ + if (mp_to_unsigned_bin(P->x, (unsigned char *)&X1[0]) != MP_OKAY) + return MP_TO_E; + mp_reverse((unsigned char *)&X1[0], size); + if (mp_to_unsigned_bin(P->y, (unsigned char *)&Y1[0]) != MP_OKAY) + return MP_TO_E; + mp_reverse((unsigned char *)&Y1[0], size); + + /* second scalar */ + if (mp_to_unsigned_bin(n, (unsigned char *)&N[0]) != MP_OKAY) + return MP_TO_E; + mp_reverse((unsigned char *)&N[0], size); + + /* second point */ + if (mp_to_unsigned_bin(Q->x, (unsigned char *)&X2[0]) != MP_OKAY) + return MP_TO_E; + mp_reverse((unsigned char *)&X2[0], size); + if (mp_to_unsigned_bin(Q->y, (unsigned char *)&Y2[0]) != MP_OKAY) + return MP_TO_E; + mp_reverse((unsigned char *)&Y2[0], size); + + if (curve_id == ECC_SECP256R1) + { + CASPER_ECC_SECP256R1_MulAdd(CASPER, &X1[0], &Y1[0], &X1[0], &Y1[0], + (void *)M, &X2[0], &Y2[0], (void *)N); + } + else if (curve_id == ECC_SECP384R1) + { + CASPER_ECC_SECP384R1_MulAdd(CASPER, &X1[0], &Y1[0], &X1[0], &Y1[0], + (void *)M, &X2[0], &Y2[0], (void *)N); + } + else if (curve_id == ECC_SECP521R1) + { + CASPER_ECC_SECP521R1_MulAdd(CASPER, &X1[0], &Y1[0], &X1[0], &Y1[0], + (void *)M, &X2[0], &Y2[0], (void *)N); + } + + /* result */ + mp_reverse((unsigned char *)&X1[0], size); + if (mp_read_unsigned_bin(R->x, (unsigned char *)&X1[0], size) != MP_OKAY) + return MP_READ_E; + mp_reverse((unsigned char *)&Y1[0], size); + if (mp_read_unsigned_bin(R->y, (unsigned char *)&Y1[0], size) != MP_OKAY) + return MP_READ_E; + mp_set(R->z, 1); + + return 0; +} +#endif /* HAVE_ECC && WOLFSSL_NXP_CASPER_ECC_MUL2ADD */ + +#endif /* WOLFSSL_NXP_CASPER */ diff --git a/wolfcrypt/src/port/nxp/hashcrypt_port.c b/wolfcrypt/src/port/nxp/hashcrypt_port.c new file mode 100644 index 00000000000..5f4d43c5786 --- /dev/null +++ b/wolfcrypt/src/port/nxp/hashcrypt_port.c @@ -0,0 +1,393 @@ +/* hashcrypt_port.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef WOLFSSL_NXP_HASHCRYPT + +#if defined(WOLFSSL_CRYPT_HW_MUTEX) && WOLFSSL_CRYPT_HW_MUTEX > 0 + #error WOLFSSL_CRYPT_HW_MUTEX=1 not supported yet +#endif + +#include +#include +#include +#include +#include "fsl_hashcrypt.h" + +#if (!defined(NO_SHA) || !defined(NO_SHA256)) && \ + defined(WOLFSSL_NXP_HASHCRYPT_SHA) +static hashcrypt_hash_ctx_t hash_ctx; +static int finish_called; +#endif + +#if !defined(NO_AES) && defined(WOLFSSL_NXP_HASHCRYPT_AES) +hashcrypt_handle_t aes_handle; +#endif + +int wc_hashcrypt_init(void) +{ +#if ((!defined(NO_SHA) || !defined(NO_SHA256)) && \ + defined(WOLFSSL_NXP_HASHCRYPT_SHA)) || \ + (!defined(NO_AES) && defined(WOLFSSL_NXP_HASHCRYPT_AES)) + HASHCRYPT_Init(HASHCRYPT); +#endif + return 0; +} + +#if !defined(NO_SHA256) && defined(WOLFSSL_NXP_HASHCRYPT_SHA) +int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId) +{ + (void)heap; + (void)devId; + + if (sha256 == NULL) + return BAD_FUNC_ARG; + + XMEMSET(sha256, 0, sizeof(wc_Sha256)); + if (HASHCRYPT_SHA_Init(HASHCRYPT, &hash_ctx, kHASHCRYPT_Sha256) + != kStatus_Success) + return WC_HW_E; + + finish_called = 0; + + return 0; +} + +int wc_Sha256Update(wc_Sha256* sha256, const byte* data, word32 len) +{ + if (sha256 == NULL || (data == NULL && len != 0)) + return BAD_FUNC_ARG; + + if (finish_called) + { + HASHCRYPT_SHA_Init(HASHCRYPT, &hash_ctx, kHASHCRYPT_Sha256); + finish_called = 0; + } + if (HASHCRYPT_SHA_Update(HASHCRYPT, &hash_ctx, data, len) + != kStatus_Success) + return WC_HW_E; + + return 0; +} + +int wc_Sha256Final(wc_Sha256* sha256, byte* hash) +{ + size_t outlen = WC_SHA256_DIGEST_SIZE; + static byte previous_sha256_hash[WC_SHA256_DIGEST_SIZE]; + + if (sha256 == NULL || hash == NULL) + return BAD_FUNC_ARG; + + if (finish_called) + { + memcpy(hash, previous_sha256_hash, WC_SHA256_DIGEST_SIZE); + return 0; + } + + if ( + HASHCRYPT_SHA_Finish(HASHCRYPT, &hash_ctx, hash, &outlen) + != kStatus_Success + || outlen != WC_SHA256_DIGEST_SIZE + ) + { + return WC_HW_E; + } + memcpy(previous_sha256_hash, hash, WC_SHA256_DIGEST_SIZE); + finish_called = 1; + + return 0; +} +#endif /* !defined(NO_SHA256) && defined(WOLFSSL_NXP_HASHCRYPT_SHA) */ + + +#if !defined(NO_SHA) && defined(WOLFSSL_NXP_HASHCRYPT_SHA) +int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId) +{ + (void)heap; + (void)devId; + + if (sha == NULL) + return BAD_FUNC_ARG; + + XMEMSET(sha, 0, sizeof(wc_Sha)); + if (HASHCRYPT_SHA_Init(HASHCRYPT, &hash_ctx, kHASHCRYPT_Sha1) + != kStatus_Success) + return WC_HW_E; + + finish_called = 0; + + return 0; +} + +int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len) +{ + if (sha == NULL || (data == NULL && len != 0)) + return BAD_FUNC_ARG; + + if (finish_called) + { + HASHCRYPT_SHA_Init(HASHCRYPT, &hash_ctx, kHASHCRYPT_Sha1); + finish_called = 0; + } + if (HASHCRYPT_SHA_Update(HASHCRYPT, &hash_ctx, data, len) + != kStatus_Success) + return WC_HW_E; + + return 0; +} + +int wc_ShaFinal(wc_Sha* sha, byte* hash) +{ + size_t outlen = WC_SHA_DIGEST_SIZE; + static byte previous_sha_hash[WC_SHA_DIGEST_SIZE]; + + if (sha == NULL || hash == NULL) + return BAD_FUNC_ARG; + + if (finish_called) + { + memcpy(hash, previous_sha_hash, WC_SHA_DIGEST_SIZE); + return 0; + } + + if ( + HASHCRYPT_SHA_Finish(HASHCRYPT, &hash_ctx, hash, &outlen) + != kStatus_Success + || outlen != WC_SHA_DIGEST_SIZE + ) + { + return WC_HW_E; + } + memcpy(previous_sha_hash, hash, WC_SHA_DIGEST_SIZE); + finish_called = 1; + + return 0; +} +#endif /* !defined(NO_SHA) && defined(WOLFSSL_NXP_HASHCRYPT_SHA) */ + + +#if !defined(NO_AES) && defined(WOLFSSL_NXP_HASHCRYPT_AES) +static int _hashcrypt_set_key(Aes* aes) +{ + aes_handle.keyType = kHASHCRYPT_UserKey; + + if (aes->keylen == 128/8) + aes_handle.keySize = kHASHCRYPT_Aes128; + else if (aes->keylen == 192/8) + aes_handle.keySize = kHASHCRYPT_Aes192; + else if (aes->keylen == 256/8) + aes_handle.keySize = kHASHCRYPT_Aes256; + else + return BAD_FUNC_ARG; + + if (HASHCRYPT_AES_SetKey( + HASHCRYPT, &aes_handle, (const uint8_t *)aes->devKey, aes->keylen + ) != kStatus_Success + ) + return WC_HW_E; + + return 0; +} + +#ifdef HAVE_AES_ECB +int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + int ret = _hashcrypt_set_key(aes); + + if (ret) + return ret; + + if (HASHCRYPT_AES_EncryptEcb(HASHCRYPT, &aes_handle, in, out, sz) + != kStatus_Success) + return WC_HW_E; + + return 0; +} + +#ifdef HAVE_AES_DECRYPT +int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + int ret = _hashcrypt_set_key(aes); + + if (ret) + return ret; + + if (HASHCRYPT_AES_DecryptEcb(HASHCRYPT, &aes_handle, in, out, sz) + != kStatus_Success) + return WC_HW_E; + + return 0; +} +#endif +#endif /* HAVE_AES_ECB */ + +#ifdef HAVE_AES_CBC +int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + int ret = _hashcrypt_set_key(aes); + + if (ret) + return ret; + + if (HASHCRYPT_AES_EncryptCbc( + HASHCRYPT, &aes_handle, in, out, sz, (const uint8_t *)aes->reg) + != kStatus_Success) + return WC_HW_E; + + XMEMCPY(aes->reg, out + sz - 16, 16); + + return 0; +} + +#ifdef HAVE_AES_DECRYPT +int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + int ret; + byte tmp_iv[16]; + + ret = _hashcrypt_set_key(aes); + if (ret) + return ret; + + XMEMCPY(tmp_iv, in + sz - 16, 16); + + if (HASHCRYPT_AES_DecryptCbc( + HASHCRYPT, &aes_handle, in, out, sz, (const uint8_t *)aes->reg) + != kStatus_Success) + return WC_HW_E; + + XMEMCPY(aes->reg, tmp_iv, 16); + + return 0; +} +#endif +#endif /* HAVE_AES_CBC */ + +#ifdef WOLFSSL_AES_OFB +int wc_AesOfbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + int ret; + + ret = _hashcrypt_set_key(aes); + if (ret) + return ret; + + if (HASHCRYPT_AES_CryptOfb( + HASHCRYPT, &aes_handle, in, out, sz, (const uint8_t *)aes->reg) + != kStatus_Success) + return WC_HW_E; + + return 0; +} + +#ifdef HAVE_AES_DECRYPT +int wc_AesOfbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + int ret; + + ret = _hashcrypt_set_key(aes); + if (ret) + return ret; + + if (HASHCRYPT_AES_CryptOfb( + HASHCRYPT, &aes_handle, in, out, sz, (const uint8_t *)aes->reg) + != kStatus_Success) + return WC_HW_E; + + return 0; +} +#endif +#endif /* WOLFSSL_AES_OFB */ + +#ifdef WOLFSSL_AES_CFB +int wc_AesCfbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + int ret; + + ret = _hashcrypt_set_key(aes); + if (ret) + return ret; + + if (HASHCRYPT_AES_EncryptCfb( + HASHCRYPT, &aes_handle, in, out, sz, (const uint8_t *)aes->reg) + != kStatus_Success) + return WC_HW_E; + + return 0; +} + +#ifdef HAVE_AES_DECRYPT +int wc_AesCfbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + int ret; + + ret = _hashcrypt_set_key(aes); + if (ret) + return ret; + + if (HASHCRYPT_AES_DecryptCfb( + HASHCRYPT, &aes_handle, in, out, sz, (const uint8_t *)aes->reg) + != kStatus_Success) + return WC_HW_E; + + return 0; +} +#endif +#endif /* WOLFSSL_AES_CFB */ + +#ifdef WOLFSSL_AES_COUNTER +int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + int ret; + byte* tmp; + + if (aes == NULL || out == NULL || in == NULL) { + return BAD_FUNC_ARG; + } + + /* consume any unused bytes left in aes->tmp */ + tmp = (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left; + while (aes->left && sz) { + *(out++) = *(in++) ^ *(tmp++); + aes->left--; + sz--; + } + + if (sz) { + ret = _hashcrypt_set_key(aes); + if (ret) + return ret; + + if (HASHCRYPT_AES_CryptCtr( + HASHCRYPT, &aes_handle, in, out, sz, (byte *)aes->reg, + (byte *)aes->tmp, (word32 *)&aes->left) + != kStatus_Success) + return WC_HW_E; + } + + return 0; +} +#endif /* WOLFSSL_AES_COUNTER */ + +#endif /* !defined(NO_AES) && defined(WOLFSSL_NXP_HASHCRYPT_AES) */ + +#endif /* WOLFSSL_NXP_HASHCRYPT */ diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index efc9eaf59a7..2aa7e372e96 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -5149,6 +5149,22 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) return ret; } +#elif defined(WOLFSSL_NXP_RNG_1) + #include "fsl_rng.h" + + int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) { + (void)os; + + if (output == NULL) { + return BUFFER_E; + } + + if (RNG_GetRandomData(RNG, output, sz) != kStatus_Success) + return RNG_FAILURE_E; + + return 0; + } + #elif defined(DOLPHIN_EMULATOR) || defined (WOLFSSL_NDS) int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index b3fbb83fe0f..edf1aba91e0 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -56,6 +56,9 @@ RSA keys can be used to encrypt, decrypt, sign and verify data. #ifdef WOLFSSL_HAVE_SP_RSA #include #endif +#if defined(WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD) +#include +#endif #if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && !defined(WOLFSSL_SP_ASM) /* force off unneeded vector register save/restore. */ @@ -2675,6 +2678,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out, return ret; } + #else #ifndef WOLF_CRYPTO_CB_ONLY_RSA #ifdef WOLFSSL_HAVE_SP_RSA @@ -3091,6 +3095,15 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out, return MP_VAL; } +#if defined(WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD) + if (type == RSA_PUBLIC_DECRYPT || type == RSA_PUBLIC_ENCRYPT) { + ret = casper_rsa_public_exptmod(in, inLen, out, outLen, key); + if (ret == 0) + return MP_OKAY; + /* else fall through for software fallback */ + } +#endif + #ifdef WOLFSSL_HAVE_SP_RSA ret = RsaFunction_SP(in, inLen, out, outLen, type, key, rng); if (ret != WC_NO_ERR_TRACE(WC_KEY_SIZE_E)) diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c index e636a2fca21..9e94e3f0088 100644 --- a/wolfcrypt/src/sha.c +++ b/wolfcrypt/src/sha.c @@ -368,6 +368,9 @@ #include /* implemented in wolfcrypt/src/port/nxp/dcp_port.c */ +#elif defined(WOLFSSL_NXP_HASHCRYPT_SHA) + /* implemented in wolfcrypt/src/port/nxp/hashcrypt_port.c */ + #elif defined(WOLFSSL_SILABS_SE_ACCEL) /* implemented in wolfcrypt/src/port/silabs/silabs_hash.c */ diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index 78240b21cfb..a7218de52bf 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -222,6 +222,7 @@ on the specific device platform. !defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) || \ defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)) && \ !defined(PSOC6_HASH_SHA2) && !defined(WOLFSSL_IMXRT_DCP) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \ + !defined(WOLFSSL_NXP_HASHCRYPT_SHA) && \ !defined(WOLFSSL_KCAPI_HASH) && !defined(WOLFSSL_SE050_HASH) && \ ((!defined(WOLFSSL_RENESAS_SCEPROTECT) && \ !defined(WOLFSSL_RENESAS_RSIP)) \ @@ -1068,6 +1069,9 @@ static int InitSha256(wc_Sha256* sha256) #include /* implemented in wolfcrypt/src/port/nxp/dcp_port.c */ +#elif defined(WOLFSSL_NXP_HASHCRYPT_SHA) + /* implemented in wolfcrypt/src/port/nxp/hashcrypt_port.c */ + #elif defined(WOLFSSL_SILABS_SE_ACCEL) /* implemented in wolfcrypt/src/port/silabs/silabs_hash.c */ diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index e84c385744e..f5981c50369 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -182,6 +182,13 @@ Threading/Mutex options: #include #endif +#ifdef WOLFSSL_NXP_CASPER + #include +#endif +#ifdef WOLFSSL_NXP_HASHCRYPT + #include +#endif + #ifdef WOLF_CRYPTO_CB #include #endif @@ -534,6 +541,17 @@ int wolfCrypt_Init(void) } #endif +#ifdef WOLFSSL_NXP_CASPER + if ((ret = wc_casper_init()) != 0) { + return ret; + } +#endif +#ifdef WOLFSSL_NXP_HASHCRYPT + if ((ret = wc_hashcrypt_init()) != 0) { + return ret; + } +#endif + #if defined(WOLFSSL_DSP) && !defined(WOLFSSL_DSP_BUILD) if ((ret = wolfSSL_InitHandle()) != 0) { return ret; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 361f16d6319..f86c5cd1ac5 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -2850,7 +2850,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ if ( (ret = aesofb_test()) != 0) TEST_FAIL("AES-OFB test failed!\n", ret); else - TEST_PASS("AES-OFB test passed!\n"); + TEST_PASS("AES-OFB test passed!\n"); #endif #ifdef HAVE_AESGCM @@ -4944,12 +4944,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha_test(void) ret = wc_InitSha_ex(&sha, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); +#ifndef NO_WOLFSSL_SHA256_INTERLEAVE ret = wc_InitSha_ex(&shaCopy, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); ret = wc_ShaUpdate(&shaCopy, (byte*)b.input, (word32)b.inLen); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); +#endif ret = wc_ShaUpdate(&sha, (byte*)a.input, (word32)a.inLen); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); @@ -5659,12 +5661,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha256_test(void) ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); +#ifndef NO_WOLFSSL_SHA256_INTERLEAVE ret = wc_InitSha256_ex(&shaCopy, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); ret = wc_Sha256Update(&shaCopy, (byte*)b.input, (word32)b.inLen); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); +#endif ret = wc_Sha256Update(&sha, (byte*)a.input, (word32)a.inLen); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); @@ -12091,9 +12095,11 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifndef WOLFSSL_NXP_HASHCRYPT_AES if (XMEMCMP(cipher + WC_AES_BLOCK_SIZE, cipher1 + WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); + #endif /* !WOLFSSL_NXP_HASHCRYPT_AES */ #ifdef HAVE_AES_DECRYPT ret = wc_AesOfbDecrypt(dec, plain, cipher1, WC_AES_BLOCK_SIZE); @@ -12108,9 +12114,11 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifndef WOLFSSL_NXP_HASHCRYPT_AES if (XMEMCMP(plain + WC_AES_BLOCK_SIZE, plain1 + WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); + #endif /* !WOLFSSL_NXP_HASHCRYPT_AES */ #endif /* HAVE_AES_DECRYPT */ /* multiple blocks at once */ @@ -12192,8 +12200,10 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifndef WOLFSSL_NXP_HASHCRYPT_AES if (XMEMCMP(cipher + 3, cipher1 + 3, WC_AES_BLOCK_SIZE)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); + #endif /* !WOLFSSL_NXP_HASHCRYPT_AES */ #ifdef HAVE_AES_DECRYPT ret = wc_AesOfbDecrypt(dec, plain, cipher1, 6); @@ -12207,8 +12217,10 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifndef WOLFSSL_NXP_HASHCRYPT_AES if (XMEMCMP(plain + 6, plain1 + 6, WC_AES_BLOCK_SIZE)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); + #endif /* !WOLFSSL_NXP_HASHCRYPT_AES */ #endif /* HAVE_AES_DECRYPT */ #endif /* WOLFSSL_AES_256 */ @@ -12410,6 +12422,7 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, ERROR_OUT(WC_TEST_RET_ENC_NC, out); /* test restarting encryption process */ + #ifndef WOLFSSL_NXP_HASHCRYPT_AES ret = wc_AesCfbEncrypt(enc, cipher + (WC_AES_BLOCK_SIZE * 2), msg1 + (WC_AES_BLOCK_SIZE * 2), WC_AES_BLOCK_SIZE); if (ret != 0) @@ -12427,6 +12440,7 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, if (XMEMCMP(plain, msg1, WC_AES_BLOCK_SIZE * 3)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); #endif /* HAVE_AES_DECRYPT */ + #endif /* !WOLFSSL_NXP_HASHCRYPT_AES */ #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 @@ -12488,6 +12502,7 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif + #ifndef WOLFSSL_NXP_HASHCRYPT_AES /* test with data left overs, magic lengths are checking near edges */ XMEMSET(cipher, 0, sizeof(cipher)); ret = wc_AesCfbEncrypt(enc, cipher, msg3, 4); @@ -12539,6 +12554,7 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, if (XMEMCMP(plain, msg3, WC_AES_BLOCK_SIZE * 4)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); #endif /* HAVE_AES_DECRYPT */ + #endif /* !WOLFSSL_NXP_HASHCRYPT_AES */ #endif /* WOLFSSL_AES_256 */ out: @@ -15996,11 +16012,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_ctr_test(void) /* and an additional 9 bytes to reuse tmp left buffer */ { NULL, 0, NULL, ctrPlain, (int)sizeof(oddCipher), oddCipher }, /* Counter wrapping */ + #ifndef WOLFSSL_NXP_HASHCRYPT_AES { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128, ctrPlain, (int)sizeof(ctr128Wrap128Cipher), ctr128Wrap128Cipher }, { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128, ctrPlain, (int)sizeof(ctr128Wrap128CipherLong), ctr128Wrap128CipherLong }, + #endif /* !WOLFSSL_NXP_HASHCRYPT_AES */ #if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128_2, ctrPlain, (int)sizeof(ctr128Wrap128_2CipherLong), @@ -16038,11 +16056,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_ctr_test(void) { ctr192Key, (int)sizeof(ctr192Key), ctrIv, ctrPlain, (int)sizeof(oddCipher), ctr192Cipher }, /* Counter wrapping */ + #ifndef WOLFSSL_NXP_HASHCRYPT_AES { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap128, ctrPlain, (int)sizeof(ctr192Wrap128Cipher), ctr192Wrap128Cipher }, { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap128, ctrPlain, (int)sizeof(ctr192Wrap128CipherLong), ctr192Wrap128CipherLong }, + #endif /* !WOLFSSL_NXP_HASHCRYPT_AES */ #if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap128_2, ctrPlain, (int)sizeof(ctr192Wrap128_2CipherLong), @@ -16080,11 +16100,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_ctr_test(void) { ctr256Key, (int)sizeof(ctr256Key), ctrIv, ctrPlain, (int)sizeof(oddCipher), ctr256Cipher }, /* Counter wrapping */ + #ifndef WOLFSSL_NXP_HASHCRYPT_AES { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128, ctrPlain, (int)sizeof(ctr256Wrap128Cipher), ctr256Wrap128Cipher }, { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128, ctrPlain, (int)sizeof(ctr256Wrap128CipherLong), ctr256Wrap128CipherLong }, + #endif /* !WOLFSSL_NXP_HASHCRYPT_AES */ #if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128_2, ctrPlain, (int)sizeof(ctr256Wrap128_2CipherLong), diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index b01aa3b473b..558aeefb0c3 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -386,7 +386,7 @@ struct Aes { #if defined(WOLF_CRYPTO_CB) || (defined(WOLFSSL_DEVCRYPTO) && \ (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC))) || \ (defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES)) || \ - defined(WOLFSSL_KCAPI_AES) + defined(WOLFSSL_KCAPI_AES) || defined(WOLFSSL_NXP_HASHCRYPT_AES) word32 devKey[AES_MAX_KEY_SIZE/WOLFSSL_BIT_SIZE/sizeof(word32)]; /* raw key */ #ifdef HAVE_CAVIUM_OCTEON_SYNC int keySet; diff --git a/wolfssl/wolfcrypt/include.am b/wolfssl/wolfcrypt/include.am index a4c703c4553..76cb6e90e77 100644 --- a/wolfssl/wolfcrypt/include.am +++ b/wolfssl/wolfcrypt/include.am @@ -95,6 +95,8 @@ noinst_HEADERS+= \ wolfssl/wolfcrypt/port/nrf51.h \ wolfssl/wolfcrypt/port/nxp/ksdk_port.h \ wolfssl/wolfcrypt/port/nxp/dcp_port.h \ + wolfssl/wolfcrypt/port/nxp/casper_port.h \ + wolfssl/wolfcrypt/port/nxp/hashcrypt_port.h \ wolfssl/wolfcrypt/port/xilinx/xil-sha3.h \ wolfssl/wolfcrypt/port/xilinx/xil-versal-glue.h \ wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h \ diff --git a/wolfssl/wolfcrypt/port/nxp/casper_port.h b/wolfssl/wolfcrypt/port/nxp/casper_port.h new file mode 100644 index 00000000000..f52921fa6fc --- /dev/null +++ b/wolfssl/wolfcrypt/port/nxp/casper_port.h @@ -0,0 +1,54 @@ +/* casper_port.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +#ifndef _CASPER_PORT_H_ +#define _CASPER_PORT_H_ + +#include + +int wc_casper_init(void); + +#if !defined(NO_RSA) && defined(WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD) +#include + +int casper_rsa_public_exptmod( + const byte* in, word32 inLen, byte* out, word32* outLen, RsaKey* key +); +#endif /* !NO_RSA && WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD */ + + +#if defined(HAVE_ECC) +#include + +#ifdef WOLFSSL_NXP_CASPER_ECC_MULMOD +int casper_ecc_mulmod( + const mp_int *m, ecc_point *P, ecc_point *R, int curve_id +); +#endif /* WOLFSSL_NXP_CASPER_ECC_MULMOD */ + +#ifdef WOLFSSL_NXP_CASPER_ECC_MUL2ADD +int casper_ecc_mul2add( + const mp_int *m, ecc_point *P, const mp_int *n, ecc_point *Q, + ecc_point *R, int curve_id +); +#endif /* WOLFSSL_NXP_CASPER_ECC_MUL2ADD */ +#endif /* HAVE_ECC */ + +#endif /* _CASPER_PORT_H_ */ diff --git a/wolfssl/wolfcrypt/port/nxp/hashcrypt_port.h b/wolfssl/wolfcrypt/port/nxp/hashcrypt_port.h new file mode 100644 index 00000000000..5930907e707 --- /dev/null +++ b/wolfssl/wolfcrypt/port/nxp/hashcrypt_port.h @@ -0,0 +1,26 @@ +/* hashcrypt_port.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +#ifndef _HASHCRYPT_PORT_H_ +#define _HASHCRYPT_PORT_H_ + +int wc_hashcrypt_init(void); + +#endif /* _HASHCRYPT_PORT_H_ */ diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index e02620e7a43..4bdb8aead85 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2132,6 +2132,17 @@ extern void uITRON4_free(void *p) ; #endif #endif /* FREESCALE_USE_LTC */ +#ifdef WOLFSSL_NXP_LPC55S6X + #undef WOLFSSL_NXP_RNG_1 + #define WOLFSSL_NXP_RNG_1 + #define WOLFSSL_NXP_HASHCRYPT + #define WOLFSSL_NXP_HASHCRYPT_AES + #define WOLFSSL_NXP_HASHCRYPT_SHA + #define WOLFSSL_NXP_CASPER + #define WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD + #define NO_WOLFSSL_SHA256_INTERLEAVE +#endif + #ifdef FREESCALE_LTC_TFM_RSA_4096_ENABLE #undef USE_CERT_BUFFERS_4096 #define USE_CERT_BUFFERS_4096