diff --git a/wolfcrypt/src/port/nxp/README.md b/wolfcrypt/src/port/nxp/README.md index a2820a4dc5..c59db7d70d 100644 --- a/wolfcrypt/src/port/nxp/README.md +++ b/wolfcrypt/src/port/nxp/README.md @@ -1,6 +1,46 @@ # wolfSSL NXP Hardware Acceleration Ports -wolfSSL supports hardware acceleration on NXP DCP, LTC (KSDK), and SE050. +wolfSSL supports hardware acceleration on NXP DCP, LTC (KSDK), LPC55S69, and SE050. + +## NXP LPC55S69 + +The LPC55S69 is a general purpose edge computing device, with dual ARM +Cortex-M33 cores running up to 150 MHz, 640/320 KB internal flash/ram, +TrustZone-M, a DSP accelerator, and extensive cryptographic acceleration. + +wolfSSL supports the following hardware acceleration on the LPC55S69: +- TRNG +- HashCrypt (Hash/AES Crypto Engine) + - AES (128, 192, 256) encrypt/decrypt + - AES-CBC, AES-ECB, AES-CTR, AES-OFB, AES-CFB + - SHA-1, SHA-256 +- CASPER (Asymmetric Crypto Accelerator) + - RSA verify/encrypt/decrypt (up to 4096-bit, public key only) + +### LPC55S69 Hardware Acceleration Caveats + +The following caveats should be noted about the LPC55S69 hardware acceleration: +- AES-CTR mode fails when the counter wraps from all FF's to 0. User should +ensure this never happens, by properly managing the iv/counter in use. +- AES-CFB and AES-OFB only support full 16-byte blocks and multiples thereof. +Encrypt/Decrypt requests of other sizes will fail. +- RSA acceleration is only supported for public keys. Private key operations +will use a fully software implementation. +- When the HashCrypt engine is in use for SHA-1 or SHA-256, it must not be +interrupted with another hash request or an AES request. The hash must be +completed before another operation is requested. + +### wolfSSL LPC55S69 Hardware Acceleration Enable/Disable + +To enable LPC55S69 hardware acceleration, define the following symbol: + +**`WOLFSSL_NXP_LPC55S69_WITH_HWACCEL`** + +To disable LPC55S69 hardware acceleration, define the following symbol: + +**`WOLFSSL_NXP_LPC55S69_NO_HWACCEL`** + +NOTE: In either case, the TRNG is always enabled for use. ## NXP SE050 @@ -10,3 +50,4 @@ see [README_SE050.md](./README_SE050.md). ## Support For questions please email support@wolfssl.com + diff --git a/wolfcrypt/src/port/nxp/casper_port.c b/wolfcrypt/src/port/nxp/casper_port.c index 4a51419368..17687bf30d 100644 --- a/wolfcrypt/src/port/nxp/casper_port.c +++ b/wolfcrypt/src/port/nxp/casper_port.c @@ -82,7 +82,7 @@ int casper_rsa_public_exptmod( return 0; } -#endif +#endif /* !NO_RSA && WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD */ /* 32 for 256 bits, 48 for 384 bits and 72 for 521 bits... */ @@ -157,7 +157,7 @@ int casper_ecc_mulmod( return 0; } -#endif +#endif /* HAVE_ECC && WOLFSSL_NXP_CASPER_ECC_MULMOD */ #if defined(HAVE_ECC) && defined(WOLFSSL_NXP_CASPER_ECC_MUL2ADD) /* calculates R = m*P[X, Y] + n*Q[X, Y] */ @@ -248,6 +248,6 @@ int casper_ecc_mul2add( return 0; } -#endif +#endif /* HAVE_ECC && WOLFSSL_NXP_CASPER_ECC_MUL2ADD */ #endif /* WOLFSSL_NXP_CASPER */ diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index a1b598e93f..65b2abaec9 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -11699,7 +11699,7 @@ EVP_TEST_END: if (XMEMCMP(cipher + WC_AES_BLOCK_SIZE, cipher1 + WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); - #endif + #endif /* !WOLFSSL_NXP_HASHCRYPT_AES */ #ifdef HAVE_AES_DECRYPT ret = wc_AesOfbDecrypt(dec, plain, cipher1, WC_AES_BLOCK_SIZE); @@ -11718,7 +11718,7 @@ EVP_TEST_END: if (XMEMCMP(plain + WC_AES_BLOCK_SIZE, plain1 + WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); - #endif + #endif /* !WOLFSSL_NXP_HASHCRYPT_AES */ #endif /* HAVE_AES_DECRYPT */ /* multiple blocks at once */ @@ -11803,7 +11803,7 @@ EVP_TEST_END: #ifndef WOLFSSL_NXP_HASHCRYPT_AES if (XMEMCMP(cipher + 3, cipher1 + 3, WC_AES_BLOCK_SIZE)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); - #endif + #endif /* !WOLFSSL_NXP_HASHCRYPT_AES */ #ifdef HAVE_AES_DECRYPT ret = wc_AesOfbDecrypt(dec, plain, cipher1, 6); @@ -11820,7 +11820,7 @@ EVP_TEST_END: #ifndef WOLFSSL_NXP_HASHCRYPT_AES if (XMEMCMP(plain + 6, plain1 + 6, WC_AES_BLOCK_SIZE)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); - #endif + #endif /* !WOLFSSL_NXP_HASHCRYPT_AES */ #endif /* HAVE_AES_DECRYPT */ #endif /* WOLFSSL_AES_256 */ @@ -12040,7 +12040,7 @@ EVP_TEST_END: if (XMEMCMP(plain, msg1, WC_AES_BLOCK_SIZE * 3)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); #endif /* HAVE_AES_DECRYPT */ - #endif + #endif /* !WOLFSSL_NXP_HASHCRYPT_AES */ #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 @@ -12154,7 +12154,7 @@ EVP_TEST_END: if (XMEMCMP(plain, msg3, WC_AES_BLOCK_SIZE * 4)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); #endif /* HAVE_AES_DECRYPT */ - #endif + #endif /* !WOLFSSL_NXP_HASHCRYPT_AES */ #endif /* WOLFSSL_AES_256 */ out: @@ -15618,7 +15618,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_ctr_test(void) { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128, ctrPlain, (int)sizeof(ctr128Wrap128CipherLong), ctr128Wrap128CipherLong }, - #endif + #endif /* !WOLFSSL_NXP_HASHCRYPT_AES */ #if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128_2, ctrPlain, (int)sizeof(ctr128Wrap128_2CipherLong), @@ -15662,7 +15662,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_ctr_test(void) { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap128, ctrPlain, (int)sizeof(ctr192Wrap128CipherLong), ctr192Wrap128CipherLong }, - #endif + #endif /* !WOLFSSL_NXP_HASHCRYPT_AES */ #if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap128_2, ctrPlain, (int)sizeof(ctr192Wrap128_2CipherLong), @@ -15706,7 +15706,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_ctr_test(void) { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128, ctrPlain, (int)sizeof(ctr256Wrap128CipherLong), ctr256Wrap128CipherLong }, - #endif + #endif /* !WOLFSSL_NXP_HASHCRYPT_AES */ #if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128_2, ctrPlain, (int)sizeof(ctr256Wrap128_2CipherLong), diff --git a/wolfssl/wolfcrypt/port/nxp/casper_port.h b/wolfssl/wolfcrypt/port/nxp/casper_port.h index 3d5698eadc..f52921fa6f 100644 --- a/wolfssl/wolfcrypt/port/nxp/casper_port.h +++ b/wolfssl/wolfcrypt/port/nxp/casper_port.h @@ -26,13 +26,12 @@ int wc_casper_init(void); #if !defined(NO_RSA) && defined(WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD) - #include int casper_rsa_public_exptmod( const byte* in, word32 inLen, byte* out, word32* outLen, RsaKey* key ); -#endif +#endif /* !NO_RSA && WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD */ #if defined(HAVE_ECC) @@ -42,14 +41,14 @@ int casper_rsa_public_exptmod( int casper_ecc_mulmod( const mp_int *m, ecc_point *P, ecc_point *R, int curve_id ); -#endif +#endif /* WOLFSSL_NXP_CASPER_ECC_MULMOD */ #ifdef WOLFSSL_NXP_CASPER_ECC_MUL2ADD int casper_ecc_mul2add( const mp_int *m, ecc_point *P, const mp_int *n, ecc_point *Q, ecc_point *R, int curve_id ); -#endif -#endif +#endif /* WOLFSSL_NXP_CASPER_ECC_MUL2ADD */ +#endif /* HAVE_ECC */ -#endif +#endif /* _CASPER_PORT_H_ */ diff --git a/wolfssl/wolfcrypt/port/nxp/hashcrypt_port.h b/wolfssl/wolfcrypt/port/nxp/hashcrypt_port.h index 8001606705..1e12b629dd 100644 --- a/wolfssl/wolfcrypt/port/nxp/hashcrypt_port.h +++ b/wolfssl/wolfcrypt/port/nxp/hashcrypt_port.h @@ -25,4 +25,4 @@ int wc_hashcrypt_init(void); -#endif +#endif /* _HASHCRYPT_PORT_H_ */