Merge pull request #10278 from twcook86/lpc55s69_crypto

Add wolfCrypt support for lpc55s69 hw crypto

Author: dgarske

.wolfssl_known_macro_extras

@@ -862,6 +862,15 @@ WOLFSSL_NO_TICKET_EXPIRE
 WOLFSSL_NO_TRUSTED_CERTS_VERIFY
 WOLFSSL_NO_WORD64_OPS
 WOLFSSL_NO_XOR_OPS
+WOLFSSL_NXP_LPC55S6X
+WOLFSSL_NXP_CASPER
+WOLFSSL_NXP_CASPER_ECC_MULMOD
+WOLFSSL_NXP_CASPER_ECC_MUL2ADD
+WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD
+WOLFSSL_NXP_HASHCRYPT
+WOLFSSL_NXP_HASHCRYPT_AES
+WOLFSSL_NXP_HASHCRYPT_SHA
+WOLFSSL_NXP_RNG_1
 WOLFSSL_NRF51_AES
 WOLFSSL_OLDTLS_AEAD_CIPHERSUITES
 WOLFSSL_OLD_SET_CURVES_LIST

wolfcrypt/src/aes.c

@@ -140,6 +140,10 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
     #include <wolfssl/wolfcrypt/cryptocb.h>
 #endif
 
+#ifdef WOLFSSL_NXP_HASHCRYPT_AES
+    #include <wolfssl/wolfcrypt/port/nxp/hashcrypt_port.h>
+#endif
+
 #ifdef WOLFSSL_SECO_CAAM
 #include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
 #endif
@@ -5103,7 +5107,8 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
 
     #if defined(WOLF_CRYPTO_CB) || (defined(WOLFSSL_DEVCRYPTO) && \
         (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC))) || \
-        (defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES))
+        (defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES)) || \
+        defined(WOLFSSL_NXP_HASHCRYPT_AES)
         #ifdef WOLF_CRYPTO_CB
         if (aes->devId != INVALID_DEVID)
         #endif
@@ -6477,6 +6482,9 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
 #elif defined(WOLFSSL_DEVCRYPTO_CBC)
     /* implemented in wolfcrypt/src/port/devcrypt/devcrypto_aes.c */
 
+#elif defined(WOLFSSL_NXP_HASHCRYPT_AES)
+    /* implemented in wolfcrypt/src/port/nxp/hashcrypt_port.c */
+
 #elif defined(WOLFSSL_SILABS_SE_ACCEL)
     /* implemented in wolfcrypt/src/port/silabs/silabs_aes.c */
 
@@ -7144,7 +7152,11 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         #define NEED_AES_CTR_SOFT
 
     #elif defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_AES)
-    /* implemented in wolfcrypt/src/port/psa/psa_aes.c */
+        /* implemented in wolfcrypt/src/port/psa/psa_aes.c */
+
+    #elif defined(WOLFSSL_NXP_HASHCRYPT_AES)
+        /* implemented in wolfcrypt/src/port/nxp/hashcrypt_port.c */
+
     #else
 
         /* Use software based AES counter */
@@ -13939,6 +13951,9 @@ int wc_AesGetKeySize(Aes* aes, word32* keySize)
 #elif defined(WOLFSSL_RISCV_ASM)
     /* implemented in wolfcrypt/src/port/riscv/riscv-64-aes.c */
 
+#elif defined(WOLFSSL_NXP_HASHCRYPT_AES)
+    /* implemented in wolfcrypt/src/port/nxp/hashcrypt_port.c */
+
 #elif defined(WOLFSSL_SILABS_SE_ACCEL)
     /* implemented in wolfcrypt/src/port/silabs/silabs_aes.c */
 
@@ -14234,7 +14249,10 @@ int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 
 #if defined(WOLFSSL_AES_CFB)
 
-#if defined(WOLFSSL_PSOC6_CRYPTO)
+#if defined(WOLFSSL_NXP_HASHCRYPT_AES)
+    /* implemented in wolfcrypt/src/port/nxp/hashcrypt_port.c */
+
+#elif defined(WOLFSSL_PSOC6_CRYPTO)
 
 int wc_AesCfbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 {
@@ -14683,6 +14701,10 @@ int wc_AesCfb8Decrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 #endif /* WOLFSSL_AES_CFB */
 
 #ifdef WOLFSSL_AES_OFB
+#ifdef WOLFSSL_NXP_HASHCRYPT_AES
+    /* implemented in wolfcrypt/src/port/nxp/hashcrypt_port.c */
+
+#else /* software */
 /* OFB AES mode
  *
  * aes structure holding key to use for encryption
@@ -14785,6 +14807,7 @@ int wc_AesOfbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     return AesOfbCrypt_C(aes, out, in, sz);
 }
 #endif /* HAVE_AES_DECRYPT */
+#endif /* software */
 #endif /* WOLFSSL_AES_OFB */
 
 

wolfcrypt/src/include.am

@@ -71,6 +71,8 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \
               wolfcrypt/src/port/nxp/dcp_port.c \
               wolfcrypt/src/port/nxp/se050_port.c \
               wolfcrypt/src/port/nxp/README.md \
+              wolfcrypt/src/port/nxp/casper_port.c \
+              wolfcrypt/src/port/nxp/hashcrypt_port.c \
               wolfcrypt/src/port/atmel/README.md \
               wolfcrypt/src/port/xilinx/xil-sha3.c \
               wolfcrypt/src/port/xilinx/xil-aesgcm.c \

wolfcrypt/src/port/nxp/README.md

@@ -1,6 +1,47 @@
 # wolfSSL NXP Hardware Acceleration Ports
 
-wolfSSL supports hardware acceleration on NXP DCP, LTC (KSDK), and SE050.
+wolfSSL supports hardware acceleration on NXP DCP, LTC (KSDK), LPC55S69, and SE050.
+
+## NXP LPC55S69
+
+The LPC55S69 is a general purpose edge computing device, with dual ARM
+Cortex-M33 cores running up to 150 MHz, 640/320 KB internal flash/ram,
+TrustZone-M, a DSP accelerator, and extensive cryptographic acceleration.
+
+wolfSSL supports the following hardware acceleration on the LPC55S69:
+- TRNG
+- HashCrypt (Hash/AES Crypto Engine)
+  - AES (128, 192, 256) encrypt/decrypt
+    - AES-CBC, AES-ECB, AES-CTR, AES-OFB, AES-CFB
+  - SHA-1, SHA-256
+- CASPER (Asymmetric Crypto Accelerator)
+  - RSA verify/encrypt/decrypt (up to 4096-bit, public key only)
+
+### LPC55S69 Hardware Acceleration Caveats
+
+The following caveats should be noted about the LPC55S69 hardware acceleration:
+- AES-CTR mode fails when the counter wraps from all FF's to 0.  User should
+ensure this never happens, by properly managing the iv/counter in use.
+- AES-CFB and AES-OFB only support full 16-byte blocks and multiples thereof.
+Encrypt/Decrypt requests of other sizes will fail.
+- RSA acceleration is only supported for public keys.  Private key operations
+will use a fully software implementation.
+- When the HashCrypt engine is in use for SHA-1 or SHA-256, it must not be
+interrupted with another hash request or an AES request.  The hash must be
+completed before another operation is requested.
+
+### wolfSSL LPC55S69 Hardware Acceleration Enable
+
+To enable only the TRNG, define the following symbol:
+
+**`WOLFSSL_NXP_RNG_1`**
+
+To enable all LPC55S69 hardware acceleration, including the TRNG,
+define the following symbol:
+
+**`WOLFSSL_NXP_LPC55S6X`**
+
+NOTE: Both can be defined with no problem.
 
 ## NXP SE050
 
@@ -10,3 +51,4 @@ see [README_SE050.md](./README_SE050.md).
 ## Support
 
 For questions please email support@wolfssl.com
+