From e5013460479b7aedfb1a48e650857fcce184af98 Mon Sep 17 00:00:00 2001
From: Elms <jeff@wolfssl.com>
Date: Tue, 17 Nov 2020 14:40:33 -0800
Subject: [PATCH] SiLabs: add AES-CCM hardware acceleration support

---
 wolfcrypt/src/aes.c                        | 27 +++++++++++++
 wolfcrypt/src/port/silabs/README.md        |  4 ++
 wolfcrypt/src/port/silabs/silabs_aes.c     | 47 ++++++++++++++++++++++
 wolfssl/wolfcrypt/port/silabs/silabs_aes.h | 15 ++++++-
 4 files changed, 92 insertions(+), 1 deletion(-)

diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
index 2a773a0ec..1be8b2a98 100644
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@@ -7079,6 +7079,33 @@ int wc_AesCcmCheckTagSize(int sz)
 #elif defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_AES)
     /* implemented in wolfcrypt/src/port/caam_aes.c */
 
+#elif defined(WOLFSSL_SILABS_SE_ACCEL)
+    /* implemented in wolfcrypt/src/port/silabs/silabs_hash.c */
+int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
+                   const byte* nonce, word32 nonceSz,
+                   byte* authTag, word32 authTagSz,
+                   const byte* authIn, word32 authInSz)
+{
+    return wc_AesCcmEncrypt_silabs(
+        aes, out, in, inSz,
+        nonce, nonceSz,
+        authTag, authTagSz,
+        authIn, authInSz);
+}
+
+#ifdef HAVE_AES_DECRYPT
+int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
+                   const byte* nonce, word32 nonceSz,
+                   const byte* authTag, word32 authTagSz,
+                   const byte* authIn, word32 authInSz)
+{
+    return wc_AesCcmDecrypt_silabs(
+        aes, out, in, inSz,
+        nonce, nonceSz,
+        authTag, authTagSz,
+        authIn, authInSz);
+}
+#endif
 #elif defined(FREESCALE_LTC)
 
 /* return 0 on success */
diff --git a/wolfcrypt/src/port/silabs/README.md b/wolfcrypt/src/port/silabs/README.md
index ddd5f7baf..1a628d7ed 100644
--- a/wolfcrypt/src/port/silabs/README.md
+++ b/wolfcrypt/src/port/silabs/README.md
@@ -27,6 +27,10 @@ recommend defining `WOLFSSL_USER_SETTINGS` and adding your own
 `user_settings.h` file. You can find a good reference for this in
 `IDE/GCC-ARM/Header/user_settings.h`.
 
+### Caveats
+
+ * AES GCM tags of some lengths do not pass tests.
+
 
 ### Benchmarks
 
diff --git a/wolfcrypt/src/port/silabs/silabs_aes.c b/wolfcrypt/src/port/silabs/silabs_aes.c
index bca443b59..2bcaf2258 100644
--- a/wolfcrypt/src/port/silabs/silabs_aes.c
+++ b/wolfcrypt/src/port/silabs/silabs_aes.c
@@ -161,4 +161,51 @@ int wc_AesGcmDecrypt_silabs (Aes* aes, byte* out, const byte* in, word32 sz,
 
 #endif /* HAVE_AESGCM */
 
+
+#ifdef HAVE_AESCCM
+int wc_AesCcmEncrypt_silabs (Aes* aes, byte* out, const byte* in, word32 sz,
+                             const byte* iv, word32 ivSz,
+                             byte* authTag, word32 authTagSz,
+                             const byte* authIn, word32 authInSz)
+{
+    sl_status_t status = sl_se_ccm_encrypt_and_tag(
+        &(aes->ctx.cmd_ctx),
+        &(aes->ctx.key),
+        sz,
+        iv,
+        ivSz,
+        authIn,
+        authInSz,
+        in,
+        out,
+        authTag,
+        authTagSz
+        );
+
+    return (status != SL_STATUS_OK) ? AES_GCM_AUTH_E : 0;
+}
+
+int wc_AesCcmDecrypt_silabs (Aes* aes, byte* out, const byte* in, word32 sz,
+                            const byte* iv, word32 ivSz,
+                            const byte* authTag, word32 authTagSz,
+                            const byte* authIn, word32 authInSz)
+{
+    sl_status_t status = sl_se_ccm_auth_decrypt(
+        &(aes->ctx.cmd_ctx),
+        &(aes->ctx.key),
+        sz,
+        iv,
+        ivSz,
+        authIn,
+        authInSz,
+        in,
+        out,
+        (byte*)authTag,
+        authTagSz);
+
+    return (status != SL_STATUS_OK) ? AES_GCM_AUTH_E : 0;
+}
+
+#endif /* HAVE_AESGCM */
+
 #endif /* WOLFSSL_SILABS_SE_ACCEL */
diff --git a/wolfssl/wolfcrypt/port/silabs/silabs_aes.h b/wolfssl/wolfcrypt/port/silabs/silabs_aes.h
index 6263264e2..3b9d4f140 100644
--- a/wolfssl/wolfcrypt/port/silabs/silabs_aes.h
+++ b/wolfssl/wolfcrypt/port/silabs/silabs_aes.h
@@ -36,8 +36,9 @@ typedef struct {
   sl_se_key_descriptor_t  key;
 } silabs_aes_t;
 
-#ifdef HAVE_AESGCM
 typedef struct Aes Aes;
+
+#ifdef HAVE_AESGCM
 int wc_AesGcmEncrypt_silabs (Aes* aes, byte* out, const byte* in, word32 sz,
                              const byte* iv, word32 ivSz,
                              byte* authTag, word32 authTagSz,
@@ -49,6 +50,18 @@ int wc_AesGcmDecrypt_silabs (Aes* aes, byte* out, const byte* in, word32 sz,
 
 #endif /* HAVE_AESGCM */
 
+#ifdef HAVE_AESCCM
+int wc_AesCcmEncrypt_silabs (Aes* aes, byte* out, const byte* in, word32 sz,
+                             const byte* iv, word32 ivSz,
+                             byte* authTag, word32 authTagSz,
+                             const byte* authIn, word32 authInSz);
+int wc_AesCcmDecrypt_silabs (Aes* aes, byte* out, const byte* in, word32 sz,
+                             const byte* iv, word32 ivSz,
+                             const byte* authTag, word32 authTagSz,
+                             const byte* authIn, word32 authInSz);
+
+#endif /* HAVE_AESCCM */
+
 #endif /* defined(WOLFSSL_SILABS_SE_ACCEL) */
 
 #endif /* _SILABS_AES_H_ */