Merge pull request #3323 from danielinux/nxp_imxrt_dcp

Added support for NXP DCP (i.MX-RT series)

wolfcrypt/src/aes.c

@@ -65,6 +65,10 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
     #include <wolfssl/wolfcrypt/cryptocb.h>
 #endif
 
+#ifdef WOLFSSL_IMXRT_DCP
+    #include <wolfssl/wolfcrypt/port/nxp/dcp_port.h>
+#endif
+
 
 /* fips wrapper calls, user can call direct */
 #if defined(HAVE_FIPS) && \
@@ -1739,6 +1743,13 @@ static void wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
     return;
 #endif
 
+#if defined(WOLFSSL_IMXRT_DCP)
+    if (aes->keylen == 16) {
+        DCPAesEcbEncrypt(aes, outBlock, inBlock, AES_BLOCK_SIZE);
+        return;
+    }
+#endif
+
     /*
      * map byte array block to cipher state
      * and add initial round key:
@@ -2023,6 +2034,12 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
 #if defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_AES)
     return AES_ECB_decrypt(aes, inBlock, outBlock, AES_BLOCK_SIZE);
 #endif
+#if defined(WOLFSSL_IMXRT_DCP)
+    if (aes->keylen == 16) {
+        DCPAesEcbDecrypt(aes, outBlock, inBlock, AES_BLOCK_SIZE);
+        return;
+    }
+#endif
 
     /*
      * map byte array block to cipher state
@@ -2266,7 +2283,6 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
         defined(WOLFSSL_AES_OFB)
         aes->left = 0;
     #endif
-
         return wc_AesSetIV(aes, iv);
     }
     #if defined(WOLFSSL_AES_DIRECT)
@@ -2683,6 +2699,15 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
         ByteReverseWords(rk, rk, keylen);
     #endif
 
+    #ifdef WOLFSSL_IMXRT_DCP
+        /* Implemented in wolfcrypt/src/port/nxp/dcp_port.c */
+        temp = 0;
+        if (keylen == 16)
+            temp = DCPAesSetKey(aes, userKey, keylen, iv, dir);
+        if (temp != 0)
+            return WC_HW_E;
+    #endif
+
 #ifdef NEED_AES_TABLES
         switch (keylen) {
     #if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 128 && \
@@ -2889,7 +2914,6 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
     else
         XMEMSET(aes->reg,  0, AES_BLOCK_SIZE);
-
     return 0;
 }
 
@@ -3518,6 +3542,11 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         if (sz == 0) {
             return 0;
         }
+    #ifdef WOLFSSL_IMXRT_DCP
+        /* Implemented in wolfcrypt/src/port/nxp/dcp_port.c */
+        if (aes->keylen == 16)
+            return DCPAesCbcEncrypt(aes, out, in, sz);
+    #endif
 
     #ifdef WOLF_CRYPTO_CB
         if (aes->devId != INVALID_DEVID) {
@@ -3625,6 +3654,11 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         if (sz == 0) {
             return 0;
         }
+    #ifdef WOLFSSL_IMXRT_DCP
+        /* Implemented in wolfcrypt/src/port/nxp/dcp_port.c */
+        if (aes->keylen == 16)
+            return DCPAesCbcDecrypt(aes, out, in, sz);
+    #endif
 
     #ifdef WOLF_CRYPTO_CB
         if (aes->devId != INVALID_DEVID) {
@@ -4161,7 +4195,6 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
 #ifdef WOLFSSL_IMX6_CAAM_BLOB
     ForceZero(local, sizeof(local));
 #endif
-
     return ret;
 }
 
@@ -6177,7 +6210,6 @@ int AES_GCM_encrypt_C(Aes* aes, byte* out, const byte* in, word32 sz,
     }
     else
 #endif /* HAVE_AES_ECB && !WOLFSSL_PIC32MZ_CRYPT */
-
     while (blocks--) {
         IncrementGcmCounter(ctr);
     #if !defined(WOLFSSL_PIC32MZ_CRYPT)
@@ -7543,6 +7575,11 @@ int wc_AesInit(Aes* aes, void* heap, int devId)
 #if defined(WOLFSSL_CRYPTOCELL) && defined(WOLFSSL_CRYPTOCELL_AES)
     XMEMSET(&aes->ctx, 0, sizeof(aes->ctx));
 #endif
+#if defined(WOLFSSL_IMXRT_DCP)
+    DCPAesInit(aes);
+#endif
+
+
 #ifdef HAVE_AESGCM
 #ifdef OPENSSL_EXTRA
     XMEMSET(aes->aadH, 0, sizeof(aes->aadH));
@@ -7599,6 +7636,9 @@ void wc_AesFree(Aes* aes)
     (defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES))
     ForceZero((byte*)aes->devKey, AES_MAX_KEY_SIZE/WOLFSSL_BIT_SIZE);
 #endif
+#if defined(WOLFSSL_IMXRT_DCP)
+    DCPAesFree(aes);
+#endif
 }
 
 
@@ -7678,6 +7718,10 @@ int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 
     if ((in == NULL) || (out == NULL) || (aes == NULL))
       return BAD_FUNC_ARG;
+#ifdef WOLFSSL_IMXRT_DCP
+    if (aes->keylen == 16)
+        return DCPAesEcbEncrypt(aes, out, in, sz);
+#endif
     while (blocks > 0) {
       wc_AesEncryptDirect(aes, out, in);
       out += AES_BLOCK_SIZE;
@@ -7695,6 +7739,10 @@ int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 
     if ((in == NULL) || (out == NULL) || (aes == NULL))
       return BAD_FUNC_ARG;
+#ifdef WOLFSSL_IMXRT_DCP
+    if (aes->keylen == 16)
+        return DCPAesEcbDecrypt(aes, out, in, sz);
+#endif
     while (blocks > 0) {
       wc_AesDecryptDirect(aes, out, in);
       out += AES_BLOCK_SIZE;

wolfcrypt/src/include.am

@@ -58,6 +58,7 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \
               wolfcrypt/src/port/arm/armv8-sha512-asm.c \
               wolfcrypt/src/port/arm/armv8-32-sha512-asm.c \
               wolfcrypt/src/port/nxp/ksdk_port.c \
+              wolfcrypt/src/port/nxp/dcp_port.c \
               wolfcrypt/src/port/atmel/README.md \
               wolfcrypt/src/port/xilinx/xil-sha3.c \
               wolfcrypt/src/port/xilinx/xil-aesgcm.c \

wolfcrypt/src/port/nxp/dcp_port.c

@@ -0,0 +1,537 @@
+/* dcp_port.c
+ *
+ * Copyright (C) 2006-2020 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/aes.h>
+#include <wolfssl/wolfcrypt/sha.h>
+#include <wolfssl/wolfcrypt/sha256.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#ifdef WOLFSSL_IMXRT_DCP
+#if defined(__DCACHE_PRESENT) && (__DCACHE_PRESENT == 1U) && defined(DCP_USE_DCACHE) && (DCP_USE_DCACHE == 1U)
+#error "DCACHE not supported by this driver. Please undefine DCP_USE_DCACHE."
+#endif
+
+#ifndef DCP_USE_OTP_KEY
+#define DCP_USE_OTP_KEY 0 /* Set to 1 to select OTP key for AES encryption/decryption. */
+#endif
+
+#include "fsl_device_registers.h"
+#include "fsl_debug_console.h"
+#include "fsl_dcp.h"
+
+#ifndef SINGLE_THREADED
+#define dcp_lock() wolfSSL_CryptHwMutexLock()
+#define dcp_unlock() wolfSSL_CryptHwMutexLock()
+#else
+#define dcp_lock() do{}while(0)
+#define dcp_unlock() do{}while(0)
+#endif
+
+#if DCP_USE_OTP_KEY
+typedef enum _dcp_otp_key_select
+{
+    kDCP_OTPMKKeyLow  = 1U, /* Use [127:0] from snvs key as dcp key */
+    kDCP_OTPMKKeyHigh = 2U, /* Use [255:128] from snvs key as dcp key */
+    kDCP_OCOTPKeyLow  = 3U, /* Use [127:0] from ocotp key as dcp key */
+    kDCP_OCOTPKeyHigh = 4U  /* Use [255:128] from ocotp key as dcp key */
+} dcp_otp_key_select;
+#endif
+
+#if DCP_USE_OTP_KEY
+static status_t DCP_OTPKeySelect(dcp_otp_key_select keySelect)
+{
+    status_t retval = kStatus_Success;
+    if (keySelect == kDCP_OTPMKKeyLow)
+    {
+        IOMUXC_GPR->GPR3 &= ~(1 << IOMUXC_GPR_GPR3_DCP_KEY_SEL_SHIFT);
+        IOMUXC_GPR->GPR10 &= ~(1 << IOMUXC_GPR_GPR10_DCPKEY_OCOTP_OR_KEYMUX_SHIFT);
+    }
+
+    else if (keySelect == kDCP_OTPMKKeyHigh)
+    {
+        IOMUXC_GPR->GPR3 |= (1 << IOMUXC_GPR_GPR3_DCP_KEY_SEL_SHIFT);
+        IOMUXC_GPR->GPR10 &= ~(1 << IOMUXC_GPR_GPR10_DCPKEY_OCOTP_OR_KEYMUX_SHIFT);
+    }
+
+    else if (keySelect == kDCP_OCOTPKeyLow)
+    {
+        IOMUXC_GPR->GPR3 &= ~(1 << IOMUXC_GPR_GPR3_DCP_KEY_SEL_SHIFT);
+        IOMUXC_GPR->GPR10 |= (1 << IOMUXC_GPR_GPR10_DCPKEY_OCOTP_OR_KEYMUX_SHIFT);
+    }
+
+    else if (keySelect == kDCP_OCOTPKeyHigh)
+    {
+        IOMUXC_GPR->GPR3 |= (1 << IOMUXC_GPR_GPR3_DCP_KEY_SEL_SHIFT);
+        IOMUXC_GPR->GPR10 |= (1 << IOMUXC_GPR_GPR10_DCPKEY_OCOTP_OR_KEYMUX_SHIFT);
+    }
+
+    else
+    {
+        retval = kStatus_InvalidArgument;
+    }
+    return retval;
+}
+#endif
+
+static const int dcp_channels[4] = {
+    kDCP_Channel0,
+    kDCP_Channel1,
+    kDCP_Channel2,
+    kDCP_Channel3
+};
+
+#ifndef SINGLE_THREADED
+static int dcp_status[4] = {0, 0, 0, 0};
+#endif
+
+static int dcp_get_channel(void)
+{
+#ifdef SINGLE_THREADED
+    return dcp_channels[0];
+#else
+    int i;
+    int ret = 0;
+    dcp_lock();
+    for (i = 0; i < 4; i++) {
+        if (dcp_status[i] == 0) {
+            dcp_status[i]++;
+            ret = dcp_channels[i];
+        }
+    }
+    dcp_unlock();
+    return ret;
+#endif
+}
+
+static int dcp_key_slot(int ch)
+{
+    int ret = -1;
+
+#if DCP_USE_OTP_KEY
+    return kDCP_OtpKey;
+#endif
+
+#ifndef SINGLE_THREADED
+    int i;
+    dcp_lock();
+    for (i = 0; i < 4; i++) {
+        if (ch == dcp_channels[i]) {
+            ret = i;
+            break;
+        }
+    }
+    dcp_unlock();
+#else
+    ret = 0;
+#endif
+    return ret;
+}
+
+
+int wc_dcp_init(void)
+{
+    dcp_config_t dcpConfig;
+    dcp_lock();
+    DCP_GetDefaultConfig(&dcpConfig);
+
+    /* Reset and initialize DCP */
+    DCP_Init(DCP, &dcpConfig);
+#if DCP_USE_OTP_KEY
+    /* Set OTP key type in IOMUX registers before initializing DCP. */
+    /* Software reset of DCP must be issued after changing the OTP key type. */
+    DCP_OTPKeySelect(kDCP_OTPMKKeyLow);
+#endif
+    /* Release mutex */
+    dcp_unlock();
+    return 0;
+}
+
+static void dcp_free(int ch)
+{
+#ifndef SINGLE_THREADED
+    int i;
+    dcp_lock();
+    for (i = 0; i < 4; i++) {
+        if (ch == dcp_channels[i]) {
+            dcp_status[i] = 0;
+            break;
+        }
+    }
+    dcp_unlock();
+#endif
+}
+
+
+#ifndef NO_AES
+int DCPAesInit(Aes *aes)
+{
+    int ch;
+    if (!aes)
+        return BAD_FUNC_ARG;
+    ch = dcp_get_channel();
+    if (ch == 0)
+        return WC_PENDING_E;
+    XMEMSET(&aes->handle, 0, sizeof(aes->handle));
+    aes->handle.channel = ch;
+    aes->handle.keySlot = dcp_key_slot(aes->handle.channel);
+    aes->handle.swapConfig = kDCP_NoSwap;
+    return 0;
+}
+
+void DCPAesFree(Aes *aes)
+{
+    dcp_free(aes->handle.channel);
+}
+
+int  DCPAesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv,
+                          int dir)
+{
+
+#if DCP_USE_OTP_KEY
+#warning Please update cipherAes128 variables to match expected AES ciphertext for your OTP key.
+#endif
+    status_t status;
+    if (!aes || !key)
+        return BAD_FUNC_ARG;
+
+    if (len != 16)
+        return BAD_FUNC_ARG;
+    if (aes->handle.channel == 0) {
+        return BAD_FUNC_ARG;
+    }
+    dcp_lock();
+    status = DCP_AES_SetKey(DCP, &aes->handle, key, 16);
+    if (status != kStatus_Success)
+        status = WC_HW_E;
+    else {
+        if (iv)
+            XMEMCPY(aes->reg, iv, 16);
+        else
+            XMEMSET(aes->reg, 0, 16);
+    }
+    dcp_unlock();
+    return status;
+}
+
+int  DCPAesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    int ret;
+    if (sz % 16)
+        return BAD_FUNC_ARG;
+    dcp_lock();
+    ret = DCP_AES_EncryptCbc(DCP, &aes->handle, in, out, sz, (const byte *)aes->reg);
+    if (ret)
+        ret = WC_HW_E;
+    else
+        XMEMCPY(aes->reg, out, AES_BLOCK_SIZE);
+    dcp_unlock();
+    return ret;
+}
+
+int  DCPAesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    int ret;
+    if (sz % 16)
+        return BAD_FUNC_ARG;
+    dcp_lock();
+    ret = DCP_AES_DecryptCbc(DCP, &aes->handle, in, out, sz, (const byte *)aes->reg);
+    if (ret)
+        ret = WC_HW_E;
+    else
+        XMEMCPY(aes->reg, in, AES_BLOCK_SIZE);
+    dcp_unlock();
+    return ret;
+}
+
+int  DCPAesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    int ret;
+    if (sz % 16)
+        return BAD_FUNC_ARG;
+    dcp_lock();
+    ret = DCP_AES_EncryptEcb(DCP, &aes->handle, in, out, sz);
+    if (ret)
+        ret = WC_HW_E;
+    dcp_unlock();
+    return ret;
+}
+
+int  DCPAesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    int ret;
+    if (sz % 16)
+        return BAD_FUNC_ARG;
+    dcp_lock();
+    ret = DCP_AES_DecryptEcb(DCP, &aes->handle, in, out, sz);
+    if (ret)
+        ret = WC_HW_E;
+    dcp_unlock();
+    return ret;
+}
+
+#endif
+
+#ifndef NO_SHA256
+int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId)
+{
+    int ret;
+    int ch;
+    int keyslot;
+    if (sha256 == NULL)
+        return BAD_FUNC_ARG;
+    ch = dcp_get_channel();
+    if (ch == 0)
+        return WC_PENDING_E;
+    keyslot = dcp_key_slot(ch);
+
+    dcp_lock();
+    (void)devId;
+    XMEMSET(sha256, 0, sizeof(wc_Sha256));
+    sha256->handle.channel    = ch;
+    sha256->handle.keySlot    = keyslot;
+    sha256->handle.swapConfig = kDCP_NoSwap;
+    ret = DCP_HASH_Init(DCP, &sha256->handle, &sha256->ctx, kDCP_Sha256);
+    if (ret != kStatus_Success)
+        ret = WC_HW_E;
+    dcp_unlock();
+
+    return ret;
+}
+
+int wc_InitSha256(wc_Sha256* sha256)
+{
+    return wc_InitSha256_ex(sha256, NULL, INVALID_DEVID);
+}
+
+void DCPSha256Free(wc_Sha256* sha256)
+{
+    if (sha256)
+        dcp_free(sha256->handle.channel);
+}
+
+int wc_Sha256Update(wc_Sha256* sha256, const byte* data, word32 len)
+{
+    int ret;
+    if (sha256 == NULL || (data == NULL && len != 0)) {
+        return BAD_FUNC_ARG;
+    }
+    dcp_lock();
+    ret = DCP_HASH_Update(DCP, &sha256->ctx, data, len);
+    if (ret != kStatus_Success)
+        ret = WC_HW_E;
+    dcp_unlock();
+    return ret;
+}
+
+int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash)
+{
+    int ret;
+    size_t outlen = WC_SHA256_DIGEST_SIZE;
+    dcp_hash_ctx_t saved_ctx;
+    if (sha256 == NULL || hash == NULL)
+        return BAD_FUNC_ARG;
+    dcp_lock();
+    XMEMCPY(&saved_ctx, &sha256->ctx, sizeof(dcp_hash_ctx_t));
+    XMEMSET(hash, 0, WC_SHA256_DIGEST_SIZE);
+    ret = DCP_HASH_Finish(DCP, &sha256->ctx, hash, &outlen);
+    if ((ret != kStatus_Success) || (outlen != SHA256_DIGEST_SIZE))
+        ret = WC_HW_E;
+    else
+        XMEMCPY(&sha256->ctx, &saved_ctx, sizeof(dcp_hash_ctx_t));
+    dcp_unlock();
+    return 0;
+}
+
+int wc_Sha256Final(wc_Sha256* sha256, byte* hash)
+{
+    int ret;
+    size_t outlen = WC_SHA256_DIGEST_SIZE;
+    dcp_lock();
+    ret = DCP_HASH_Finish(DCP, &sha256->ctx, hash, &outlen);
+    if ((ret != kStatus_Success) || (outlen != SHA256_DIGEST_SIZE))
+        ret = WC_HW_E;
+    else {
+        ret = DCP_HASH_Init(DCP, &sha256->handle, &sha256->ctx, kDCP_Sha256);
+        if (ret < 0)
+            ret = WC_HW_E;
+    }
+    dcp_unlock();
+    return ret;
+}
+
+#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
+int wc_Sha256SetFlags(wc_Sha256* sha256, word32 flags)
+{
+    if (sha256) {
+        sha256->flags = flags;
+    }
+    return 0;
+}
+int wc_Sha256GetFlags(wc_Sha256* sha256, word32* flags)
+{
+    if (sha256 && flags) {
+        *flags = sha256->flags;
+    }
+    return 0;
+}
+#endif /* WOLFSSL_HASH_FLAGS || WOLF_CRYPTO_CB */
+
+int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
+{
+    if (src == NULL || dst == NULL)
+        return BAD_FUNC_ARG;
+    dcp_lock();
+    XMEMCPY(&dst->ctx, &src->ctx, sizeof(dcp_hash_ctx_t));
+    dcp_unlock();
+    return 0;
+}
+#endif /* !NO_SHA256 */
+
+
+#ifndef NO_SHA
+
+int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId)
+{
+    int ret;
+    int ch;
+    int keyslot;
+    if (sha == NULL)
+        return BAD_FUNC_ARG;
+    ch = dcp_get_channel();
+    if (ch == 0)
+        return WC_PENDING_E;
+    keyslot = dcp_key_slot(ch);
+    dcp_lock();
+    (void)devId;
+    XMEMSET(sha, 0, sizeof(wc_Sha));
+    sha->handle.channel    = ch;
+    sha->handle.keySlot    = keyslot;
+    sha->handle.swapConfig = kDCP_NoSwap;
+    ret = DCP_HASH_Init(DCP, &sha->handle, &sha->ctx, kDCP_Sha1);
+    if (ret != kStatus_Success)
+        ret = WC_HW_E;
+    dcp_unlock();
+    return ret;
+}
+
+int wc_InitSha(wc_Sha* sha)
+{
+    return wc_InitSha_ex(sha, NULL, INVALID_DEVID);
+}
+
+void DCPShaFree(wc_Sha* sha)
+{
+    if (sha)
+        dcp_free(sha->handle.channel);
+}
+
+int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len)
+{
+    int ret;
+    if (sha == NULL || (data == NULL && len != 0)) {
+        return BAD_FUNC_ARG;
+    }
+    dcp_lock();
+    ret = DCP_HASH_Update(DCP, &sha->ctx, data, len);
+    if (ret != kStatus_Success)
+        ret = WC_HW_E;
+    dcp_unlock();
+    return ret;
+}
+
+
+int wc_ShaGetHash(wc_Sha* sha, byte* hash)
+{
+    int ret;
+    size_t outlen = WC_SHA_DIGEST_SIZE;
+    dcp_hash_ctx_t saved_ctx;
+    if (sha == NULL || hash == NULL)
+        return BAD_FUNC_ARG;
+    dcp_lock();
+    XMEMCPY(&saved_ctx, &sha->ctx, sizeof(dcp_hash_ctx_t));
+    XMEMSET(hash, 0, WC_SHA_DIGEST_SIZE);
+    ret = DCP_HASH_Finish(DCP, &sha->ctx, hash, &outlen);
+    if ((ret != kStatus_Success) || (outlen != WC_SHA_DIGEST_SIZE))
+        ret = WC_HW_E;
+    else
+        XMEMCPY(&sha->ctx, &saved_ctx, sizeof(dcp_hash_ctx_t));
+    dcp_unlock();
+    return 0;
+}
+
+int wc_ShaFinal(wc_Sha* sha, byte* hash)
+{
+    int ret;
+    size_t outlen = WC_SHA_DIGEST_SIZE;
+    dcp_lock();
+    ret = DCP_HASH_Finish(DCP, &sha->ctx, hash, &outlen);
+    if ((ret != kStatus_Success) || (outlen != SHA_DIGEST_SIZE)) {
+        ret = WC_HW_E;
+    } else {
+        ret = DCP_HASH_Init(DCP, &sha->handle, &sha->ctx, kDCP_Sha1);
+        if (ret < 0)
+            ret = WC_HW_E;
+    }
+    dcp_unlock();
+    return ret;
+}
+
+#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
+int wc_ShaSetFlags(wc_Sha* sha, word32 flags)
+{
+    if (sha) {
+        sha->flags = flags;
+    }
+    return 0;
+}
+int wc_ShaGetFlags(wc_Sha* sha, word32* flags)
+{
+    if (sha && flags) {
+        *flags = sha->flags;
+    }
+    return 0;
+}
+#endif /* WOLFSSL_HASH_FLAGS || WOLF_CRYPTO_CB */
+
+int wc_ShaCopy(wc_Sha* src, wc_Sha* dst)
+{
+    if (src == NULL || dst == NULL)
+        return BAD_FUNC_ARG;
+    dcp_lock();
+    XMEMCPY(&dst->ctx, &src->ctx, sizeof(dcp_hash_ctx_t));
+    dcp_unlock();
+    return 0;
+}
+#endif /* !NO_SHA */
+
+#endif /* WOLFSSL_IMXRT_DCP */

wolfcrypt/src/sha.c

@@ -328,6 +328,9 @@
 
     /* implemented in wolfcrypt/src/port/Renesas/renesas_tsip_sha.c */
 
+#elif defined(WOLFSSL_IMXRT_DCP)
+    /* implemented in wolfcrypt/src/port/nxp/dcp_port.c */
+
 #else
     /* Software implementation */
     #define USE_SHA_SOFTWARE_IMPL
@@ -794,6 +797,9 @@ void wc_ShaFree(wc_Sha* sha)
         sha->msg = NULL;
     }
 #endif
+#ifdef WOLFSSL_IMXRT_DCP
+    DCPShaFree(sha);
+#endif
 }
 
 #endif /* !WOLFSSL_TI_HASH */

wolfcrypt/src/sha256.c

@@ -179,7 +179,7 @@ where 0 <= L < 2^64.
     !defined(WOLFSSL_AFALG_HASH) && !defined(WOLFSSL_DEVCRYPTO_HASH) && \
     (!defined(WOLFSSL_ESP32WROOM32_CRYPT) || defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)) && \
     (!defined(WOLFSSL_RENESAS_TSIP_CRYPT) || defined(NO_WOLFSSL_RENESAS_TSIP_HASH)) && \
-    !defined(WOLFSSL_PSOC6_CRYPTO)
+    !defined(WOLFSSL_PSOC6_CRYPTO) && !defined(WOLFSSL_IMXRT_DCP)
 
 static int InitSha256(wc_Sha256* sha256)
 {
@@ -708,6 +708,10 @@ static int InitSha256(wc_Sha256* sha256)
 
     /* implemented in wolfcrypt/src/port/cypress/psoc6_crypto.c */
 
+#elif defined(WOLFSSL_IMXRT_DCP)
+    #include <wolfssl/wolfcrypt/port/nxp/dcp_port.h>
+    /* implemented in wolfcrypt/src/port/nxp/dcp_port.c */
+
 #else
     #define NEED_SOFT_SHA256
 
@@ -1529,6 +1533,9 @@ void wc_Sha256Free(wc_Sha256* sha256)
         sha256->msg = NULL;
     }
 #endif
+#ifdef WOLFSSL_IMXRT_DCP
+    DCPSha256Free(sha256);
+#endif
 }
 
 #endif /* !WOLFSSL_TI_HASH */
@@ -1605,6 +1612,8 @@ void wc_Sha256Free(wc_Sha256* sha256)
     /* implemented in wolfcrypt/src/port/Renesas/renesas_tsip_sha.c */
 #elif defined(WOLFSSL_PSOC6_CRYPTO)
     /* implemented in wolfcrypt/src/port/cypress/psoc6_crypto.c */
+#elif defined(WOLFSSL_IMXRT_DCP)
+    /* implemented in wolfcrypt/src/port/nxp/dcp_port.c */
 #else
 
 int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash)

wolfcrypt/src/wc_port.c

@@ -75,6 +75,10 @@
     #include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
 #endif
 
+#ifdef WOLFSSL_IMXRT_DCP
+    #include <wolfssl/wolfcrypt/port/nxp/dcp_port.h>
+#endif
+
 #ifdef WOLF_CRYPTO_CB
     #include <wolfssl/wolfcrypt/cryptocb.h>
 #endif
@@ -109,7 +113,6 @@ static volatile int initRefCount = 0;
 int wolfCrypt_Init(void)
 {
     int ret = 0;
-
     if (initRefCount == 0) {
         WOLFSSL_ENTER("wolfCrypt_Init");
 
@@ -264,6 +267,12 @@ int wolfCrypt_Init(void)
         }
 #endif
 
+#ifdef WOLFSSL_IMXRT_DCP
+        if ((ret = wc_dcp_init()) != 0) {
+            return ret;
+        }
+#endif
+
 #if defined(WOLFSSL_DSP) && !defined(WOLFSSL_DSP_BUILD)
 	if ((ret = wolfSSL_InitHandle()) != 0) {
             return ret;

wolfssl/wolfcrypt/aes.h

@@ -62,6 +62,9 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
     #include <wolfssl/wolfcrypt/port/st/stm32.h>
 #endif
 
+#ifdef WOLFSSL_IMXRT_DCP
+    #include "fsl_dcp.h"
+#endif
 
 #ifdef WOLFSSL_XILINX_CRYPT
 #include "xsecure_aes.h"
@@ -225,6 +228,9 @@ struct Aes {
 #if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
     defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT)
     TSIP_AES_CTX ctx;
+#endif
+#if defined(WOLFSSL_IMXRT_DCP)
+    dcp_handle_t handle;
 #endif
     void*  heap; /* memory hint to use */
 };

wolfssl/wolfcrypt/include.am

@@ -74,6 +74,7 @@ noinst_HEADERS+= \
                          wolfssl/wolfcrypt/port/ti/ti-ccm.h \
                          wolfssl/wolfcrypt/port/nrf51.h \
                          wolfssl/wolfcrypt/port/nxp/ksdk_port.h \
+                         wolfssl/wolfcrypt/port/nxp/dcp_port.h \
                          wolfssl/wolfcrypt/port/xilinx/xil-sha3.h \
                          wolfssl/wolfcrypt/port/caam/caam_driver.h \
                          wolfssl/wolfcrypt/port/caam/wolfcaam.h \

wolfssl/wolfcrypt/port/nxp/dcp_port.h

@@ -0,0 +1,75 @@
+/* dcp_port.h
+ *
+ * Copyright (C) 2006-2020 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+#ifndef _DCP_PORT_H_
+#define _DCP_PORT_H_
+
+#include <wolfssl/wolfcrypt/settings.h>
+#ifdef USE_FAST_MATH
+    #include <wolfssl/wolfcrypt/tfm.h>
+#elif defined WOLFSSL_SP_MATH
+    #include <wolfssl/wolfcrypt/sp_int.h>
+#else
+    #include <wolfssl/wolfcrypt/integer.h>
+#endif
+
+#include <wolfssl/wolfcrypt/aes.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#include "fsl_device_registers.h"
+#include "fsl_debug_console.h"
+#include "fsl_dcp.h"
+
+int wc_dcp_init(void);
+
+int  DCPAesInit(Aes* aes);
+void DCPAesFree(Aes *aes);
+
+int  DCPAesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv,
+                          int dir);
+int  DCPAesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz);
+int  DCPAesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz);
+
+#ifdef HAVE_AES_ECB
+int  DCPAesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz);
+int  DCPAesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz);
+#endif
+
+#ifndef NO_SHA256
+typedef struct wc_Sha256_DCP {
+    dcp_handle_t handle;
+    dcp_hash_ctx_t ctx;
+} wc_Sha256;
+#define WC_SHA256_TYPE_DEFINED
+
+void DCPSha256Free(wc_Sha256 *sha256);
+
+#endif
+
+#ifndef NO_SHA
+typedef struct wc_Sha_DCP {
+    dcp_handle_t handle;
+    dcp_hash_ctx_t ctx;
+} wc_Sha;
+#define WC_SHA_TYPE_DEFINED
+
+void DCPShaFree(wc_Sha *sha);
+#endif
+
+#endif

wolfssl/wolfcrypt/settings.h

@@ -1621,6 +1621,12 @@ extern void uITRON4_free(void *p) ;
 #endif
 #endif
 
+/* If DCP is used without SINGLE_THREADED, enforce WOLFSSL_CRYPT_HW_MUTEX */
+#if defined(WOLFSSL_IMXRT_DCP) && !defined(SINGLE_THREADED)
+    #undef WOLFSSL_CRYPT_HW_MUTEX
+    #define WOLFSSL_CRYPT_HW_MUTEX 1
+#endif
+
 #if !defined(XMALLOC_USER) && !defined(MICRIUM_MALLOC) && \
     !defined(WOLFSSL_LEANPSK) && !defined(NO_WOLFSSL_MEMORY) && \
     !defined(XMALLOC_OVERRIDE)

wolfssl/wolfcrypt/sha.h

@@ -72,6 +72,9 @@
 #ifdef WOLFSSL_ESP32WROOM32_CRYPT
     #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
 #endif
+#ifdef WOLFSSL_IMXRT_DCP
+    #include <wolfssl/wolfcrypt/port/nxp/dcp_port.h>
+#endif
 
 #if !defined(NO_OLD_SHA_NAMES)
     #define SHA             WC_SHA

wolfssl/wolfcrypt/sha256.h

@@ -128,6 +128,8 @@ enum {
     #include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h"
 #elif defined(WOLFSSL_PSOC6_CRYPTO)
     #include "wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h"
+#elif defined(WOLFSSL_IMXRT_DCP)
+    #include <wolfssl/wolfcrypt/port/nxp/dcp_port.h>
 #else
 
 /* wc_Sha256 digest */