diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 0b8b9b8c8..6d2bd3f93 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -2904,6 +2904,14 @@ int wc_AesSetIV(Aes* aes, const byte* iv) return BAD_FUNC_ARG; } + #ifdef WOLF_CRYPTO_DEV + if (aes->devId != INVALID_DEVID) { + int ret = wc_CryptoDev_AesCbcEncrypt(aes, out, in, sz); + if (ret != NOT_COMPILED_IN) + return ret; + ret = 0; /* reset error code and try using software */ + } + #endif #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES) /* if async and byte count above threshold */ if (aes->asyncDev.marker == WOLFSSL_ASYNC_MARKER_AES && @@ -2995,6 +3003,13 @@ int wc_AesSetIV(Aes* aes, const byte* iv) return BAD_FUNC_ARG; } + #ifdef WOLF_CRYPTO_DEV + if (aes->devId != INVALID_DEVID) { + int ret = wc_CryptoDev_AesCbcDecrypt(aes, out, in, sz); + if (ret != NOT_COMPILED_IN) + return ret; + } + #endif #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES) /* if async and byte count above threshold */ if (aes->asyncDev.marker == WOLFSSL_ASYNC_MARKER_AES && @@ -8495,7 +8510,6 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, authTag, authTagSz, authIn, authInSz); if (ret != NOT_COMPILED_IN) return ret; - ret = 0; /* reset error code and try using software */ } #endif diff --git a/wolfcrypt/src/cryptodev.c b/wolfcrypt/src/cryptodev.c index 55b7f00fa..6471e2089 100644 --- a/wolfcrypt/src/cryptodev.c +++ b/wolfcrypt/src/cryptodev.c @@ -256,7 +256,8 @@ int wc_CryptoDev_EccVerify(const byte* sig, word32 siglen, } #endif /* HAVE_ECC */ -#if !defined(NO_AES) && defined(HAVE_AESGCM) +#ifndef NO_AES +#ifdef HAVE_AESGCM int wc_CryptoDev_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, const byte* iv, word32 ivSz, @@ -328,15 +329,119 @@ int wc_CryptoDev_AesGcmDecrypt(Aes* aes, byte* out, return ret; } -#endif /* !NO_AES && HAVE_AESGCM */ +#endif /* HAVE_AESGCM */ -/* call to support callback for entire buffer hash */ -int wc_CryptoDev_Sha256Hash(const byte* data, word32 len, byte* hash) +#ifdef HAVE_AES_CBC +int wc_CryptoDev_AesCbcEncrypt(Aes* aes, byte* out, + const byte* in, word32 sz) { - (void)data; - (void)len; - (void)hash; - return NOT_COMPILED_IN; + int ret = NOT_COMPILED_IN; + CryptoDev* dev; + + /* locate registered callback */ + dev = wc_CryptoDev_FindDevice(aes->devId); + if (dev) { + if (dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_CIPHER; + cryptoInfo.cipher.type = WC_CIPHER_AES_CBC; + cryptoInfo.cipher.enc = 1; + cryptoInfo.cipher.aescbc_enc.aes = aes; + cryptoInfo.cipher.aescbc_enc.out = out; + cryptoInfo.cipher.aescbc_enc.in = in; + cryptoInfo.cipher.aescbc_enc.sz = sz; + + ret = dev->cb(aes->devId, &cryptoInfo, dev->ctx); + } + } + + return ret; } +int wc_CryptoDev_AesCbcDecrypt(Aes* aes, byte* out, + const byte* in, word32 sz) +{ + int ret = NOT_COMPILED_IN; + CryptoDev* dev; + + /* locate registered callback */ + dev = wc_CryptoDev_FindDevice(aes->devId); + if (dev) { + if (dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_CIPHER; + cryptoInfo.cipher.type = WC_CIPHER_AES_CBC; + cryptoInfo.cipher.enc = 0; + cryptoInfo.cipher.aescbc_dec.aes = aes; + cryptoInfo.cipher.aescbc_dec.out = out; + cryptoInfo.cipher.aescbc_dec.in = in; + cryptoInfo.cipher.aescbc_dec.sz = sz; + + ret = dev->cb(aes->devId, &cryptoInfo, dev->ctx); + } + } + + return ret; +} +#endif /* HAVE_AES_CBC */ +#endif /* !NO_AES */ + +#ifndef NO_SHA +int wc_CryptoDev_ShaHash(wc_Sha* sha, const byte* in, + word32 inSz, byte* digest) +{ + int ret = NOT_COMPILED_IN; + CryptoDev* dev; + + /* locate registered callback */ + dev = wc_CryptoDev_FindDevice(sha->devId); + if (dev) { + if (dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_HASH; + cryptoInfo.hash.type = WC_HASH_TYPE_SHA; + cryptoInfo.hash.sha1 = sha; + cryptoInfo.hash.in = in; + cryptoInfo.hash.inSz = inSz; + cryptoInfo.hash.digest = digest; + + ret = dev->cb(sha->devId, &cryptoInfo, dev->ctx); + } + } + + return ret; +} +#endif /* !NO_SHA */ + +#ifndef NO_SHA256 +int wc_CryptoDev_Sha256Hash(wc_Sha256* sha256, const byte* in, + word32 inSz, byte* digest) +{ + int ret = NOT_COMPILED_IN; + CryptoDev* dev; + + /* locate registered callback */ + dev = wc_CryptoDev_FindDevice(sha256->devId); + if (dev) { + if (dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_HASH; + cryptoInfo.hash.type = WC_HASH_TYPE_SHA256; + cryptoInfo.hash.sha256 = sha256; + cryptoInfo.hash.in = in; + cryptoInfo.hash.inSz = inSz; + cryptoInfo.hash.digest = digest; + + ret = dev->cb(sha256->devId, &cryptoInfo, dev->ctx); + } + } + + return ret; +} +#endif /* !NO_SHA256 */ + #endif /* WOLF_CRYPTO_DEV */ diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c index 49a3737f1..e84435371 100644 --- a/wolfcrypt/src/sha.c +++ b/wolfcrypt/src/sha.c @@ -43,6 +43,10 @@ #include #include +#ifdef WOLF_CRYPTO_DEV + #include +#endif + /* fips wrapper calls, user can call direct */ #if defined(HAVE_FIPS) && \ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) @@ -430,6 +434,10 @@ int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId) return BAD_FUNC_ARG; sha->heap = heap; +#ifdef WOLF_CRYPTO_DEV + sha->devId = devId; +#endif + #if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \ !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) sha->ctx.mode = ESP32_SHA_INIT; @@ -460,6 +468,13 @@ int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len) /* do block size increments */ local = (byte*)sha->buffer; +#ifdef WOLF_CRYPTO_DEV + if (sha->devId != INVALID_DEVID) { + int ret = wc_CryptoDev_ShaHash(sha, data, len, NULL); + if (ret != NOT_COMPILED_IN) + return ret; + } +#endif #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA) if (sha->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA) { #if defined(HAVE_INTEL_QA) @@ -535,6 +550,13 @@ int wc_ShaFinal(wc_Sha* sha, byte* hash) local = (byte*)sha->buffer; +#ifdef WOLF_CRYPTO_DEV + if (sha->devId != INVALID_DEVID) { + int ret = wc_CryptoDev_ShaHash(sha, NULL, 0, hash); + if (ret != NOT_COMPILED_IN) + return ret; + } +#endif #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA) if (sha->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA) { #if defined(HAVE_INTEL_QA) diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index 70922f90d..c65631adb 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -46,6 +46,10 @@ #include #include +#ifdef WOLF_CRYPTO_DEV + #include +#endif + /* fips wrapper calls, user can call direct */ #if defined(HAVE_FIPS) && \ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) @@ -308,6 +312,9 @@ static int InitSha256(wc_Sha256* sha256) return BAD_FUNC_ARG; sha256->heap = heap; + #ifdef WOLF_CRYPTO_DEV + sha256->devId = devId; + #endif ret = InitSha256(sha256); if (ret != 0) @@ -675,6 +682,14 @@ static int InitSha256(wc_Sha256* sha256) return 0; } + #ifdef WOLF_CRYPTO_DEV + if (sha256->devId != INVALID_DEVID) { + ret = wc_CryptoDev_Sha256Hash(sha256, data, len, NULL); + if (ret != NOT_COMPILED_IN) + return ret; + ret = 0; /* reset error code and try using software */ + } + #endif #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA256) if (sha256->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA256) { #if defined(HAVE_INTEL_QA) @@ -939,6 +954,15 @@ static int InitSha256(wc_Sha256* sha256) return BAD_FUNC_ARG; } + #ifdef WOLF_CRYPTO_DEV + if (sha256->devId != INVALID_DEVID) { + ret = wc_CryptoDev_Sha256Hash(sha256, NULL, 0, hash); + if (ret != NOT_COMPILED_IN) + return ret; + ret = 0; /* reset error code and try using software */ + } + #endif + #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA256) if (sha256->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA256) { #if defined(HAVE_INTEL_QA) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index b7151cf6d..4b33511c6 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -22918,9 +22918,9 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) #endif /* HAVE_ECC */ } else if (info->algo_type == WC_ALGO_TYPE_CIPHER) { - #if !defined(NO_AES) && defined(HAVE_AESGCM) +#ifndef NO_AES + #ifdef HAVE_AESGCM if (info->cipher.type == WC_CIPHER_AES_GCM) { - if (info->cipher.enc) { /* set devId to invalid, so software is used */ info->cipher.aesgcm_enc.aes->devId = INVALID_DEVID; @@ -22960,8 +22960,86 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) info->cipher.aesgcm_dec.aes->devId = devIdArg; } } - #endif /* !NO_AES && HAVE_AESGCM */ + #endif /* HAVE_AESGCM */ + #ifdef HAVE_AES_CBC + if (info->cipher.type == WC_CIPHER_AES_CBC) { + if (info->cipher.enc) { + /* set devId to invalid, so software is used */ + info->cipher.aescbc_enc.aes->devId = INVALID_DEVID; + + ret = wc_AesCbcEncrypt( + info->cipher.aescbc_enc.aes, + info->cipher.aescbc_enc.out, + info->cipher.aescbc_enc.in, + info->cipher.aescbc_enc.sz); + + /* reset devId */ + info->cipher.aescbc_enc.aes->devId = devIdArg; + } + else { + /* set devId to invalid, so software is used */ + info->cipher.aescbc_dec.aes->devId = INVALID_DEVID; + + ret = wc_AesCbcDecrypt( + info->cipher.aescbc_dec.aes, + info->cipher.aescbc_dec.out, + info->cipher.aescbc_dec.in, + info->cipher.aescbc_dec.sz); + + /* reset devId */ + info->cipher.aescbc_dec.aes->devId = devIdArg; + } + } + #endif /* HAVE_AES_CBC */ +#endif /* !NO_AES */ } +#if !defined(NO_SHA) || !defined(NO_SHA256) + else if (info->algo_type == WC_ALGO_TYPE_HASH) { + #if !defined(NO_SHA) + if (info->hash.type == WC_HASH_TYPE_SHA) { + /* set devId to invalid, so software is used */ + info->hash.sha1->devId = INVALID_DEVID; + + if (info->hash.in != NULL) { + ret = wc_ShaUpdate( + info->hash.sha1, + info->hash.in, + info->hash.inSz); + } + else if (info->hash.digest != NULL) { + ret = wc_ShaFinal( + info->hash.sha1, + info->hash.digest); + } + + /* reset devId */ + info->hash.sha1->devId = devIdArg; + } + else + #endif + #if !defined(NO_SHA256) + if (info->hash.type == WC_HASH_TYPE_SHA256) { + /* set devId to invalid, so software is used */ + info->hash.sha256->devId = INVALID_DEVID; + + if (info->hash.in != NULL) { + ret = wc_Sha256Update( + info->hash.sha256, + info->hash.in, + info->hash.inSz); + } + else if (info->hash.digest != NULL) { + ret = wc_Sha256Final( + info->hash.sha256, + info->hash.digest); + } + + /* reset devId */ + info->hash.sha256->devId = devIdArg; + } + #endif + } +#endif /* !NO_SHA || !NO_SHA256 */ (void)devIdArg; (void)myCtx; @@ -22989,9 +23067,25 @@ int cryptodev_test(void) if (ret == 0) ret = ecc_test(); #endif -#if !defined(NO_AES) && defined(HAVE_AESGCM) +#ifndef NO_AES + #ifdef HAVE_AESGCM if (ret == 0) ret = aesgcm_test(); + #endif + #ifdef HAVE_AES_CBC + if (ret == 0) + ret = aes_cbc_test(); + #endif +#endif /* !NO_AES */ +#if !defined(NO_SHA) || !defined(NO_SHA256) + #ifndef NO_SHA + if (ret == 0) + ret = sha_test(); + #endif + #ifndef NO_SHA256 + if (ret == 0) + ret = sha256_test(); + #endif #endif /* reset devId */ diff --git a/wolfssl/wolfcrypt/cryptodev.h b/wolfssl/wolfcrypt/cryptodev.h index 7f3035fe2..e6e01803b 100644 --- a/wolfssl/wolfcrypt/cryptodev.h +++ b/wolfssl/wolfcrypt/cryptodev.h @@ -38,6 +38,12 @@ #ifndef NO_AES #include #endif +#ifndef NO_SHA + #include +#endif +#ifndef NO_SHA256 + #include +#endif /* Crypto Information Structure for callbacks */ typedef struct wc_CryptoInfo { @@ -96,11 +102,12 @@ typedef struct wc_CryptoInfo { #endif }; } pk; +#ifndef NO_AES struct { int type; /* enum wc_CipherType */ int enc; union { - #if !defined(NO_AES) && defined(HAVE_AESGCM) + #ifdef HAVE_AESGCM struct { Aes* aes; byte* out; @@ -125,9 +132,40 @@ typedef struct wc_CryptoInfo { const byte* authIn; word32 authInSz; } aesgcm_dec; - #endif + #endif /* HAVE_AESGCM */ + #ifdef HAVE_AES_CBC + struct { + Aes* aes; + byte* out; + const byte* in; + word32 sz; + } aescbc_enc; + struct { + Aes* aes; + byte* out; + const byte* in; + word32 sz; + } aescbc_dec; + #endif /* HAVE_AES_CBC */ }; } cipher; +#endif +#if !defined(NO_SHA) || !defined(NO_SHA256) + struct { + int type; /* enum wc_HashType */ + const byte* in; + word32 inSz; + byte* digest; + union { + #ifndef NO_SHA + wc_Sha* sha1; + #endif + #ifndef NO_SHA256 + wc_Sha256* sha256; + #endif + }; + } hash; +#endif /* !NO_SHA || !NO_SHA256 */ } wc_CryptoInfo; typedef int (*CryptoDevCallbackFunc)(int devId, wc_CryptoInfo* info, void* ctx); @@ -162,8 +200,8 @@ WOLFSSL_LOCAL int wc_CryptoDev_EccVerify(const byte* sig, word32 siglen, const byte* hash, word32 hashlen, int* res, ecc_key* key); #endif /* HAVE_ECC */ -#if !defined(NO_AES) && defined(HAVE_AESGCM) - +#ifndef NO_AES +#ifdef HAVE_AESGCM WOLFSSL_LOCAL int wc_CryptoDev_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, const byte* iv, word32 ivSz, byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz); @@ -172,10 +210,24 @@ WOLFSSL_LOCAL int wc_CryptoDev_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, const byte* iv, word32 ivSz, const byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz); +#endif /* HAVE_AESGCM */ +#ifdef HAVE_AES_CBC +WOLFSSL_LOCAL int wc_CryptoDev_AesCbcEncrypt(Aes* aes, byte* out, + const byte* in, word32 sz); +WOLFSSL_LOCAL int wc_CryptoDev_AesCbcDecrypt(Aes* aes, byte* out, + const byte* in, word32 sz); +#endif /* HAVE_AES_CBC */ +#endif /* !NO_AES */ -#endif /* !NO_AES && HAVE_AESGCM */ +#ifndef NO_SHA +WOLFSSL_LOCAL int wc_CryptoDev_ShaHash(wc_Sha* sha, const byte* in, + word32 inSz, byte* digest); +#endif /* !NO_SHA */ -WOLFSSL_LOCAL int wc_CryptoDev_Sha256Hash(const byte* data, word32 len, byte* hash); +#ifndef NO_SHA256 +WOLFSSL_LOCAL int wc_CryptoDev_Sha256Hash(wc_Sha256* sha256, const byte* in, + word32 inSz, byte* digest); +#endif /* !NO_SHA256 */ #endif /* WOLF_CRYPTO_DEV */ diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h index 1985ecbbb..13b7f635c 100644 --- a/wolfssl/wolfcrypt/sha.h +++ b/wolfssl/wolfcrypt/sha.h @@ -123,6 +123,9 @@ typedef struct wc_Sha { #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; #endif /* WOLFSSL_ASYNC_CRYPT */ + #ifdef WOLF_CRYPTO_DEV + int devId; + #endif #endif #if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \ !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h index 5d9f8ed8c..4fed79d64 100644 --- a/wolfssl/wolfcrypt/sha256.h +++ b/wolfssl/wolfcrypt/sha256.h @@ -158,6 +158,9 @@ typedef struct wc_Sha256 { !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) WC_ESP32SHA ctx; #endif +#ifdef WOLF_CRYPTO_DEV + int devId; +#endif #endif } wc_Sha256;