From 82c106be80c63ba8b66fd845e91c077bb248dfd2 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Tue, 2 Nov 2021 09:53:55 -0700
Subject: [PATCH] Added crypto callback support for AES CCM.

---
 wolfcrypt/src/aes.c          | 20 +++++++++
 wolfcrypt/src/cryptocb.c     | 84 ++++++++++++++++++++++++++++++++++++
 wolfssl/wolfcrypt/cryptocb.h | 39 +++++++++++++++++
 wolfssl/wolfcrypt/types.h    |  3 +-
 4 files changed, 145 insertions(+), 1 deletion(-)

diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
index eb41c25d0..72e3b6887 100644
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@@ -9938,6 +9938,16 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
         return BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    if (aes->devId != INVALID_DEVID) {
+        int ret = wc_CryptoCb_AesCcmEncrypt(aes, out, in, inSz, nonce, nonceSz,
+            authTag, authTagSz, authIn, authInSz);
+        if (ret != CRYPTOCB_UNAVAILABLE)
+            return ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     XMEMSET(A, 0, sizeof(A));
     XMEMCPY(B+1, nonce, nonceSz);
     lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz;
@@ -10040,6 +10050,16 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
         return BAD_FUNC_ARG;
     }
 
+#ifdef WOLF_CRYPTO_CB
+    if (aes->devId != INVALID_DEVID) {
+        int ret = wc_CryptoCb_AesCcmDecrypt(aes, out, in, inSz, nonce, nonceSz,
+            authTag, authTagSz, authIn, authInSz);
+        if (ret != CRYPTOCB_UNAVAILABLE)
+            return ret;
+        /* fall-through when unavailable */
+    }
+#endif
+
     o = out;
     oSz = inSz;
     XMEMSET(A, 0, sizeof A);
diff --git a/wolfcrypt/src/cryptocb.c b/wolfcrypt/src/cryptocb.c
index ee330d1a1..13050bfb6 100644
--- a/wolfcrypt/src/cryptocb.c
+++ b/wolfcrypt/src/cryptocb.c
@@ -578,6 +578,90 @@ int wc_CryptoCb_AesGcmDecrypt(Aes* aes, byte* out,
 }
 #endif /* HAVE_AESGCM */
 
+#ifdef HAVE_AESCCM
+int wc_CryptoCb_AesCcmEncrypt(Aes* aes, byte* out,
+                               const byte* in, word32 sz,
+                               const byte* nonce, word32 nonceSz,
+                               byte* authTag, word32 authTagSz,
+                               const byte* authIn, word32 authInSz)
+{
+    int ret = CRYPTOCB_UNAVAILABLE;
+    CryptoCb* dev;
+
+    /* locate registered callback */
+    if (aes) {
+        dev = wc_CryptoCb_FindDevice(aes->devId);
+    }
+    else {
+        /* locate first callback and try using it */
+        dev = wc_CryptoCb_FindDeviceByIndex(0);
+    }
+
+    if (dev && dev->cb) {
+        wc_CryptoInfo cryptoInfo;
+        XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
+        cryptoInfo.algo_type = WC_ALGO_TYPE_CIPHER;
+        cryptoInfo.cipher.type = WC_CIPHER_AES_CCM;
+        cryptoInfo.cipher.enc = 1;
+        cryptoInfo.cipher.aesccm_enc.aes       = aes;
+        cryptoInfo.cipher.aesccm_enc.out       = out;
+        cryptoInfo.cipher.aesccm_enc.in        = in;
+        cryptoInfo.cipher.aesccm_enc.sz        = sz;
+        cryptoInfo.cipher.aesccm_enc.nonce     = nonce;
+        cryptoInfo.cipher.aesccm_enc.nonceSz   = nonceSz;
+        cryptoInfo.cipher.aesccm_enc.authTag   = authTag;
+        cryptoInfo.cipher.aesccm_enc.authTagSz = authTagSz;
+        cryptoInfo.cipher.aesccm_enc.authIn    = authIn;
+        cryptoInfo.cipher.aesccm_enc.authInSz  = authInSz;
+
+        ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx);
+    }
+
+    return wc_CryptoCb_TranslateErrorCode(ret);
+}
+
+int wc_CryptoCb_AesCcmDecrypt(Aes* aes, byte* out,
+                               const byte* in, word32 sz,
+                               const byte* nonce, word32 nonceSz,
+                               const byte* authTag, word32 authTagSz,
+                               const byte* authIn, word32 authInSz)
+{
+    int ret = CRYPTOCB_UNAVAILABLE;
+    CryptoCb* dev;
+
+    /* locate registered callback */
+    if (aes) {
+        dev = wc_CryptoCb_FindDevice(aes->devId);
+    }
+    else {
+        /* locate first callback and try using it */
+        dev = wc_CryptoCb_FindDeviceByIndex(0);
+    }
+
+    if (dev && dev->cb) {
+        wc_CryptoInfo cryptoInfo;
+        XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
+        cryptoInfo.algo_type = WC_ALGO_TYPE_CIPHER;
+        cryptoInfo.cipher.type = WC_CIPHER_AES_CCM;
+        cryptoInfo.cipher.enc = 0;
+        cryptoInfo.cipher.aesccm_dec.aes       = aes;
+        cryptoInfo.cipher.aesccm_dec.out       = out;
+        cryptoInfo.cipher.aesccm_dec.in        = in;
+        cryptoInfo.cipher.aesccm_dec.sz        = sz;
+        cryptoInfo.cipher.aesccm_enc.nonce     = nonce;
+        cryptoInfo.cipher.aesccm_enc.nonceSz   = nonceSz;
+        cryptoInfo.cipher.aesccm_dec.authTag   = authTag;
+        cryptoInfo.cipher.aesccm_dec.authTagSz = authTagSz;
+        cryptoInfo.cipher.aesccm_dec.authIn    = authIn;
+        cryptoInfo.cipher.aesccm_dec.authInSz  = authInSz;
+
+        ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx);
+    }
+
+    return wc_CryptoCb_TranslateErrorCode(ret);
+}
+#endif /* HAVE_AESCCM */
+
 #ifdef HAVE_AES_CBC
 int wc_CryptoCb_AesCbcEncrypt(Aes* aes, byte* out,
                                const byte* in, word32 sz)
diff --git a/wolfssl/wolfcrypt/cryptocb.h b/wolfssl/wolfcrypt/cryptocb.h
index f5a081f9a..f6b266461 100644
--- a/wolfssl/wolfcrypt/cryptocb.h
+++ b/wolfssl/wolfcrypt/cryptocb.h
@@ -225,6 +225,32 @@ typedef struct wc_CryptoInfo {
                 word32      authInSz;
             } aesgcm_dec;
         #endif /* HAVE_AESGCM */
+        #ifdef HAVE_AESCCM
+            struct {
+                Aes*        aes;
+                byte*       out;
+                const byte* in;
+                word32      sz;
+                const byte* nonce;
+                word32      nonceSz;
+                byte*       authTag;
+                word32      authTagSz;
+                const byte* authIn;
+                word32      authInSz;
+            } aesccm_enc;
+            struct {
+                Aes*        aes;
+                byte*       out;
+                const byte* in;
+                word32      sz;
+                const byte* nonce;
+                word32      nonceSz;
+                const byte* authTag;
+                word32      authTagSz;
+                const byte* authIn;
+                word32      authInSz;
+            } aesccm_dec;
+        #endif /* HAVE_AESCCM */
         #ifdef HAVE_AES_CBC
             struct {
                 Aes*        aes;
@@ -385,6 +411,19 @@ WOLFSSL_LOCAL int wc_CryptoCb_AesGcmDecrypt(Aes* aes, byte* out,
      const byte* authTag, word32 authTagSz,
      const byte* authIn, word32 authInSz);
 #endif /* HAVE_AESGCM */
+#ifdef HAVE_AESCCM
+WOLFSSL_LOCAL int wc_CryptoCb_AesCcmEncrypt(Aes* aes, byte* out,
+    const byte* in, word32 sz,
+    const byte* nonce, word32 nonceSz,
+    byte* authTag, word32 authTagSz,
+    const byte* authIn, word32 authInSz);
+
+WOLFSSL_LOCAL int wc_CryptoCb_AesCcmDecrypt(Aes* aes, byte* out,
+    const byte* in, word32 sz,
+    const byte* nonce, word32 nonceSz,
+    const byte* authTag, word32 authTagSz,
+    const byte* authIn, word32 authInSz);
+#endif /* HAVE_AESCCM */
 #ifdef HAVE_AES_CBC
 WOLFSSL_LOCAL int wc_CryptoCb_AesCbcEncrypt(Aes* aes, byte* out,
                                const byte* in, word32 sz);
diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h
index d6a5e9148..77f8a5365 100644
--- a/wolfssl/wolfcrypt/types.h
+++ b/wolfssl/wolfcrypt/types.h
@@ -954,13 +954,14 @@ decouple library dependencies with standard string, memory and so on.
         WC_CIPHER_AES_CTR = 4,
         WC_CIPHER_AES_XTS = 5,
         WC_CIPHER_AES_CFB = 6,
+        WC_CIPHER_AES_CCM = 12,
         WC_CIPHER_DES3 = 7,
         WC_CIPHER_DES = 8,
         WC_CIPHER_CHACHA = 9,
         WC_CIPHER_HC128 = 10,
         WC_CIPHER_IDEA = 11,
 
-        WC_CIPHER_MAX = WC_CIPHER_HC128
+        WC_CIPHER_MAX = WC_CIPHER_AES_CCM
     };
 
     /* PK=public key (asymmetric) based algorithms */