From 93510339065904e43bb77c8983fe73bacc6a8b46 Mon Sep 17 00:00:00 2001 From: Thomas Cook Date: Thu, 26 Mar 2026 16:55:32 -0400 Subject: [PATCH 01/14] Add hw support for SHA1 and SHA256 --- wolfcrypt/src/port/nxp/casper_port.c | 48 +++++++ wolfcrypt/src/port/nxp/hashcrypt_port.c | 149 ++++++++++++++++++++ wolfcrypt/src/sha.c | 3 + wolfcrypt/src/sha256.c | 4 + wolfcrypt/src/wc_port.c | 18 +++ wolfssl/wolfcrypt/port/nxp/casper_port.h | 28 ++++ wolfssl/wolfcrypt/port/nxp/hashcrypt_port.h | 28 ++++ 7 files changed, 278 insertions(+) create mode 100644 wolfcrypt/src/port/nxp/casper_port.c create mode 100644 wolfcrypt/src/port/nxp/hashcrypt_port.c create mode 100644 wolfssl/wolfcrypt/port/nxp/casper_port.h create mode 100644 wolfssl/wolfcrypt/port/nxp/hashcrypt_port.h diff --git a/wolfcrypt/src/port/nxp/casper_port.c b/wolfcrypt/src/port/nxp/casper_port.c new file mode 100644 index 0000000000..9b4a2560ff --- /dev/null +++ b/wolfcrypt/src/port/nxp/casper_port.c @@ -0,0 +1,48 @@ +/* casper_port.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include + +#ifdef WOLFSSL_NXP_CASPER + +#if defined(WOLFSSL_CRYPT_HW_MUTEX) && WOLFSSL_CRYPT_HW_MUTEX > 0 + #error WOLFSSL_CRYPT_HW_MUTEX=1 not supported yet +#endif + +//#include +#include +#include +#include +#include "fsl_casper.h" + +int wc_casper_init(void) +{ + CASPER_Init(CASPER); + return 0; +} + + +#endif /* WOLFSSL_NXP_CASPER */ diff --git a/wolfcrypt/src/port/nxp/hashcrypt_port.c b/wolfcrypt/src/port/nxp/hashcrypt_port.c new file mode 100644 index 0000000000..1e799dd569 --- /dev/null +++ b/wolfcrypt/src/port/nxp/hashcrypt_port.c @@ -0,0 +1,149 @@ +/* hashcrypt_port.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include + +#ifdef WOLFSSL_NXP_HASHCRYPT + +#if defined(WOLFSSL_CRYPT_HW_MUTEX) && WOLFSSL_CRYPT_HW_MUTEX > 0 + #error WOLFSSL_CRYPT_HW_MUTEX=1 not supported yet +#endif + +//#include +#include +#include +#include +#include "fsl_hashcrypt.h" + +#if !(defined(NO_SHA256) && defined(NO_SHA)) +static hashcrypt_hash_ctx_t hash_ctx; +#endif + +int wc_hashcrypt_init(void) +{ +#if !(defined(NO_SHA256) && defined(NO_SHA)) + HASHCRYPT_Init(HASHCRYPT); +#endif + return 0; +} + +#ifndef NO_SHA256 +int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId) +{ + (void)heap; + (void)devId; + + if (sha256 == NULL) + return BAD_FUNC_ARG; + + // if (wolfSSL_CryptHwMutexLock() != 0) + // return BAD_MUTEX_E; + + XMEMSET(sha256, 0, sizeof(wc_Sha256)); + if (HASHCRYPT_SHA_Init(HASHCRYPT, &hash_ctx, kHASHCRYPT_Sha256) != kStatus_Success) + return WC_HW_E; + + return 0; +} + +int wc_Sha256Update(wc_Sha256* sha256, const byte* data, word32 len) +{ + if (sha256 == NULL || (data == NULL && len != 0)) + return BAD_FUNC_ARG; + + if (HASHCRYPT_SHA_Update(HASHCRYPT, &hash_ctx, data, len) != kStatus_Success) + return WC_HW_E; + + return 0; +} + +int wc_Sha256Final(wc_Sha256* sha256, byte* hash) +{ + size_t outlen = WC_SHA256_DIGEST_SIZE; + + if (sha256 == NULL || hash == NULL) + return BAD_FUNC_ARG; + + if ( + HASHCRYPT_SHA_Finish(HASHCRYPT, &hash_ctx, hash, &outlen) != kStatus_Success || + outlen != WC_SHA256_DIGEST_SIZE + ) + { + return WC_HW_E; + } + + return 0; +} +#endif /* !NO_SHA256 */ + + +#ifndef NO_SHA +int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId) +{ + (void)heap; + (void)devId; + + if (sha == NULL) + return BAD_FUNC_ARG; + + XMEMSET(sha, 0, sizeof(wc_Sha)); + if (HASHCRYPT_SHA_Init(HASHCRYPT, &hash_ctx, kHASHCRYPT_Sha1) != kStatus_Success) + return WC_HW_E; + + return 0; +} + +int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len) +{ + if (sha == NULL || (data == NULL && len != 0)) + return BAD_FUNC_ARG; + + if (HASHCRYPT_SHA_Update(HASHCRYPT, &hash_ctx, data, len) != kStatus_Success) + return WC_HW_E; + + return 0; +} + +int wc_ShaFinal(wc_Sha* sha, byte* hash) +{ + size_t outlen = WC_SHA_DIGEST_SIZE; + + if (sha == NULL || hash == NULL) + return BAD_FUNC_ARG; + + if ( + HASHCRYPT_SHA_Finish(HASHCRYPT, &hash_ctx, hash, &outlen) != kStatus_Success || + outlen != WC_SHA_DIGEST_SIZE + ) + { + return WC_HW_E; + } + + return 0; +} +#endif /* !NO_SHA */ + +#endif /* WOLFSSL_NXP_HASHCRYPT */ diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c index 8b5fb5e1a8..efdf7fcefe 100644 --- a/wolfcrypt/src/sha.c +++ b/wolfcrypt/src/sha.c @@ -348,6 +348,9 @@ #include /* implemented in wolfcrypt/src/port/nxp/dcp_port.c */ +#elif defined(WOLFSSL_NXP_HASHCRYPT) + /* implemented in wolfcrypt/src/port/nxp/hashcrypt_port.c */ + #elif defined(WOLFSSL_SILABS_SE_ACCEL) /* implemented in wolfcrypt/src/port/silabs/silabs_hash.c */ diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index 9e44c59975..7acb3ef1a2 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -222,6 +222,7 @@ on the specific device platform. !defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) || \ defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)) && \ !defined(PSOC6_HASH_SHA2) && !defined(WOLFSSL_IMXRT_DCP) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \ + !defined(WOLFSSL_NXP_HASHCRYPT) && \ !defined(WOLFSSL_KCAPI_HASH) && !defined(WOLFSSL_SE050_HASH) && \ ((!defined(WOLFSSL_RENESAS_SCEPROTECT) && \ !defined(WOLFSSL_RENESAS_RSIP)) \ @@ -1051,6 +1052,9 @@ static int InitSha256(wc_Sha256* sha256) #include /* implemented in wolfcrypt/src/port/nxp/dcp_port.c */ +#elif defined(WOLFSSL_NXP_HASHCRYPT) + /* implemented in wolfcrypt/src/port/nxp/hashcrypt_port.c */ + #elif defined(WOLFSSL_SILABS_SE_ACCEL) /* implemented in wolfcrypt/src/port/silabs/silabs_hash.c */ diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index b0f8c07aad..70fb1dc680 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -99,6 +99,13 @@ #include #endif +#ifdef WOLFSSL_NXP_CASPER + #include +#endif +#ifdef WOLFSSL_NXP_HASHCRYPT + #include +#endif + #ifdef WOLF_CRYPTO_CB #include #endif @@ -441,6 +448,17 @@ int wolfCrypt_Init(void) } #endif +#ifdef WOLFSSL_NXP_CASPER + if ((ret = wc_casper_init()) != 0) { + return ret; + } +#endif +#ifdef WOLFSSL_NXP_HASHCRYPT + if ((ret = wc_hashcrypt_init()) != 0) { + return ret; + } +#endif + #if defined(WOLFSSL_DSP) && !defined(WOLFSSL_DSP_BUILD) if ((ret = wolfSSL_InitHandle()) != 0) { return ret; diff --git a/wolfssl/wolfcrypt/port/nxp/casper_port.h b/wolfssl/wolfcrypt/port/nxp/casper_port.h new file mode 100644 index 0000000000..e700b1f26f --- /dev/null +++ b/wolfssl/wolfcrypt/port/nxp/casper_port.h @@ -0,0 +1,28 @@ +/* casper_port.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +#ifndef _CASPER_PORT_H_ +#define _CASPER_PORT_H_ + +#include + +int wc_casper_init(void); + +#endif diff --git a/wolfssl/wolfcrypt/port/nxp/hashcrypt_port.h b/wolfssl/wolfcrypt/port/nxp/hashcrypt_port.h new file mode 100644 index 0000000000..8001606705 --- /dev/null +++ b/wolfssl/wolfcrypt/port/nxp/hashcrypt_port.h @@ -0,0 +1,28 @@ +/* hashcrypt_port.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +#ifndef _HASHCRYPT_PORT_H_ +#define _HASHCRYPT_PORT_H_ + +#include + +int wc_hashcrypt_init(void); + +#endif From 2ec08e5a2599aba0554be43942c091d8875fa29a Mon Sep 17 00:00:00 2001 From: Thomas Cook Date: Tue, 31 Mar 2026 16:45:19 -0400 Subject: [PATCH 02/14] Add support for rsa public crypt operations --- wolfcrypt/src/port/nxp/casper_port.c | 45 +++++++++++++++++++++--- wolfcrypt/src/rsa.c | 18 ++++++++++ wolfssl/wolfcrypt/port/nxp/casper_port.h | 9 +++++ 3 files changed, 68 insertions(+), 4 deletions(-) diff --git a/wolfcrypt/src/port/nxp/casper_port.c b/wolfcrypt/src/port/nxp/casper_port.c index 9b4a2560ff..dc772766ea 100644 --- a/wolfcrypt/src/port/nxp/casper_port.c +++ b/wolfcrypt/src/port/nxp/casper_port.c @@ -19,7 +19,6 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - #ifdef HAVE_CONFIG_H #include #endif @@ -32,17 +31,55 @@ #error WOLFSSL_CRYPT_HW_MUTEX=1 not supported yet #endif -//#include -#include -#include #include +#include #include "fsl_casper.h" int wc_casper_init(void) { CASPER_Init(CASPER); + return 0; } +#if !defined(NO_RSA) && !defined(WOLFSSL_NXP_CASPER_NO_RSA) + +#define CASPER_MAX_BUF_SZ 512 +static uint8_t key_buf[CASPER_MAX_BUF_SZ]; +static uint8_t sig_buf[CASPER_MAX_BUF_SZ]; +static uint8_t out_buf[CASPER_MAX_BUF_SZ]; + +int casper_rsa_public_exptmod( + const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key +) +{ + int res; + int sig_sz = inLen; + int key_sz = mp_unsigned_bin_size(&key->n); + word32 exp; + + if (inLen > CASPER_MAX_BUF_SZ || outLen > CASPER_MAX_BUF_SZ) + return BAD_FUNC_ARG; + + /* casper requires little endian format for inputs/outputs */ + XMEMCPY(sig_buf, in, sig_sz); + mp_reverse(sig_buf, sig_sz); + + if ((res = mp_to_unsigned_bin(&key->n, key_buf)) != MP_OKAY) + return res; + mp_reverse(key_buf, key_sz); + + if ((res = mp_to_unsigned_bin(&key->e, (uint8_t *)&exp)) != MP_OKAY) + return res; + + CASPER_ModExp(CASPER, (void *)sig_buf, (void *)key_buf, + key_sz / sizeof(uint32_t), exp, out_buf); + + mp_reverse(out_buf, sig_sz); + XMEMCPY(out, out_buf, sig_sz); + + return 0; +} +#endif #endif /* WOLFSSL_NXP_CASPER */ diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 3a32f915b7..8df1031b7b 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -56,6 +56,9 @@ RSA keys can be used to encrypt, decrypt, sign and verify data. #ifdef WOLFSSL_HAVE_SP_RSA #include #endif +#if defined(WOLFSSL_NXP_CASPER) && !defined(WOLFSSL_NXP_CASPER_NO_RSA) +#include +#endif #if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && !defined(WOLFSSL_SP_ASM) /* force off unneeded vector register save/restore. */ @@ -2411,6 +2414,21 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out, return ret; } + +#elif defined(WOLFSSL_NXP_CASPER) && !defined(WOLFSSL_NXP_CASPER_NO_RSA) +static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out, + word32* outLen, int type, RsaKey* key, + WC_RNG* rng) +{ + (void)rng; + + if (type == RSA_PUBLIC_DECRYPT || type == RSA_PUBLIC_ENCRYPT) { + return casper_rsa_public_exptmod(in, inLen, out, *outLen, key); + } + + return RSA_WRONG_TYPE_E; +} + #else #ifndef WOLF_CRYPTO_CB_ONLY_RSA #ifdef WOLFSSL_HAVE_SP_RSA diff --git a/wolfssl/wolfcrypt/port/nxp/casper_port.h b/wolfssl/wolfcrypt/port/nxp/casper_port.h index e700b1f26f..a61cd2be4a 100644 --- a/wolfssl/wolfcrypt/port/nxp/casper_port.h +++ b/wolfssl/wolfcrypt/port/nxp/casper_port.h @@ -25,4 +25,13 @@ int wc_casper_init(void); +#if !defined(NO_RSA) && !defined(WOLFSSL_NXP_CASPER_NO_RSA) + +#include + +int casper_rsa_public_exptmod( + const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key +); +#endif + #endif From 6fe9c2d88144dbfd1f1a23c860b90594325b1a23 Mon Sep 17 00:00:00 2001 From: Thomas Cook Date: Sun, 12 Apr 2026 12:08:54 -0400 Subject: [PATCH 03/14] Hook RNG hw into wolfCrypt --- wolfcrypt/src/port/nxp/rng_port.c | 53 +++++++++++++++++++++++++++ wolfcrypt/src/random.c | 15 ++++++++ wolfcrypt/src/wc_port.c | 8 ++++ wolfssl/wolfcrypt/port/nxp/rng_port.h | 27 ++++++++++++++ wolfssl/wolfcrypt/settings.h | 11 ++++++ 5 files changed, 114 insertions(+) create mode 100644 wolfcrypt/src/port/nxp/rng_port.c create mode 100644 wolfssl/wolfcrypt/port/nxp/rng_port.h diff --git a/wolfcrypt/src/port/nxp/rng_port.c b/wolfcrypt/src/port/nxp/rng_port.c new file mode 100644 index 0000000000..f1afccff2d --- /dev/null +++ b/wolfcrypt/src/port/nxp/rng_port.c @@ -0,0 +1,53 @@ +/* rng_port.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include + + +#ifdef WOLFSSL_NXP_RNG_1 + +#include +#include +#include "fsl_rng.h" + +int wc_nxp_rng_init(void) +{ + CLOCK_EnableClock(kCLOCK_Rng); + RESET_PeripheralReset(kRNG_RST_SHIFT_RSTn); + + RNG_Init(RNG); + + return 0; +} + +int wc_nxp_rng_get_random_data(byte* output, word32 sz) +{ + if (RNG_GetRandomData(RNG, output, sz) != kStatus_Success) + return RNG_FAILURE_E; + + return 0; +} + +#endif /* WOLFSSL_NXP_RNG_1 */ diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 5340a0b271..3abe56d69b 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -169,6 +169,10 @@ This library contains implementation for the random number generator. #include #endif +#if defined(WOLFSSL_NXP_RNG_1) + #include "wolfssl/wolfcrypt/port/nxp/rng_port.h" +#endif + #if FIPS_VERSION3_GE(6,0,0) const unsigned int wolfCrypt_FIPS_drbg_ro_sanity[2] = { 0x1a2b3c4d, 0x00000011 }; @@ -3528,6 +3532,17 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) return ret; } +#elif defined(WOLFSSL_NXP_RNG_1) + + int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz){ + (void)os; + + if (output == NULL) { + return BUFFER_E; + } + return wc_nxp_rng_get_random_data(output, sz); + } + #elif defined(DOLPHIN_EMULATOR) || defined (WOLFSSL_NDS) int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 70fb1dc680..c72852ae10 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -99,6 +99,9 @@ #include #endif +#ifdef WOLFSSL_NXP_RNG_1 + #include +#endif #ifdef WOLFSSL_NXP_CASPER #include #endif @@ -448,6 +451,11 @@ int wolfCrypt_Init(void) } #endif +#ifdef WOLFSSL_NXP_RNG_1 + if ((ret = wc_nxp_rng_init()) != 0) { + return ret; + } +#endif #ifdef WOLFSSL_NXP_CASPER if ((ret = wc_casper_init()) != 0) { return ret; diff --git a/wolfssl/wolfcrypt/port/nxp/rng_port.h b/wolfssl/wolfcrypt/port/nxp/rng_port.h new file mode 100644 index 0000000000..99e0f96b02 --- /dev/null +++ b/wolfssl/wolfcrypt/port/nxp/rng_port.h @@ -0,0 +1,27 @@ +/* rng_port.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +#ifndef _RNG_PORT_H_ +#define _RNG_PORT_H_ + +int wc_nxp_rng_init(void); +int wc_nxp_rng_get_random_data(byte* output, word32 sz); + +#endif diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index be31fa63ab..b4c2e20b6e 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2098,6 +2098,17 @@ extern void uITRON4_free(void *p) ; #endif #endif /* FREESCALE_USE_LTC */ +#ifdef WOLFSSL_NXP_LPC55S69 + #ifndef WOLFSSL_NXP_LPC55S69_NO_HWACCEL + #define WOLFSSL_NXP_RNG_1 + #endif +#endif /* WOLFSSL_NXP_LPC55S69 */ + +// #ifdef WOLFSSL_NXP_CASPER +// #define WOLFSSL_NXP_CASPER_ECC +// #define WOLFSSL_SP_MULMOD +// #endif /* WOLFSSL_NXP_CASPER */ + #ifdef FREESCALE_LTC_TFM_RSA_4096_ENABLE #undef USE_CERT_BUFFERS_4096 #define USE_CERT_BUFFERS_4096 From bbbae10faf404669e4f1316dd0fdfef27325ef6c Mon Sep 17 00:00:00 2001 From: Thomas Cook Date: Mon, 13 Apr 2026 10:53:53 -0400 Subject: [PATCH 04/14] Rework sha/sha256 hw accel based on test and benchmark testing --- wolfcrypt/src/port/nxp/hashcrypt_port.c | 176 ++++++++++++++++++++++-- wolfcrypt/src/sha.c | 2 +- wolfcrypt/src/sha256.c | 4 +- wolfcrypt/test/test.c | 4 + wolfssl/wolfcrypt/settings.h | 3 + 5 files changed, 178 insertions(+), 11 deletions(-) diff --git a/wolfcrypt/src/port/nxp/hashcrypt_port.c b/wolfcrypt/src/port/nxp/hashcrypt_port.c index 1e799dd569..ff4c47b5bc 100644 --- a/wolfcrypt/src/port/nxp/hashcrypt_port.c +++ b/wolfcrypt/src/port/nxp/hashcrypt_port.c @@ -32,25 +32,31 @@ #error WOLFSSL_CRYPT_HW_MUTEX=1 not supported yet #endif -//#include +#include #include #include #include #include "fsl_hashcrypt.h" -#if !(defined(NO_SHA256) && defined(NO_SHA)) -static hashcrypt_hash_ctx_t hash_ctx; +#if (!defined(NO_SHA) && defined(WOLFSSL_NXP_HASHCRYPT_SHA)) || \ + (!defined(NO_SHA256) && defined(WOLFSSL_NXP_HASHCRYPT_SHA256)) + static hashcrypt_hash_ctx_t hash_ctx; + static int finish_called; #endif int wc_hashcrypt_init(void) { -#if !(defined(NO_SHA256) && defined(NO_SHA)) +#if (!defined(NO_SHA) && defined(WOLFSSL_NXP_HASHCRYPT_SHA)) || \ + (!defined(NO_SHA256) && defined(WOLFSSL_NXP_HASHCRYPT_SHA256)) || \ + (!defined(NO_AES) && defined(WOLFSSL_NXP_HASHCRYPT_AES)) HASHCRYPT_Init(HASHCRYPT); #endif return 0; } -#ifndef NO_SHA256 +#if (!defined(NO_SHA256) && defined(WOLFSSL_NXP_HASHCRYPT_SHA256)) + + int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId) { (void)heap; @@ -66,6 +72,8 @@ int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId) if (HASHCRYPT_SHA_Init(HASHCRYPT, &hash_ctx, kHASHCRYPT_Sha256) != kStatus_Success) return WC_HW_E; + finish_called = 0; + return 0; } @@ -74,6 +82,11 @@ int wc_Sha256Update(wc_Sha256* sha256, const byte* data, word32 len) if (sha256 == NULL || (data == NULL && len != 0)) return BAD_FUNC_ARG; + if (finish_called) + { + HASHCRYPT_SHA_Init(HASHCRYPT, &hash_ctx, kHASHCRYPT_Sha256); + finish_called = 0; + } if (HASHCRYPT_SHA_Update(HASHCRYPT, &hash_ctx, data, len) != kStatus_Success) return WC_HW_E; @@ -83,10 +96,17 @@ int wc_Sha256Update(wc_Sha256* sha256, const byte* data, word32 len) int wc_Sha256Final(wc_Sha256* sha256, byte* hash) { size_t outlen = WC_SHA256_DIGEST_SIZE; + static byte previous_sha256_hash[WC_SHA256_DIGEST_SIZE]; if (sha256 == NULL || hash == NULL) return BAD_FUNC_ARG; + if (finish_called) + { + memcpy(hash, previous_sha256_hash, WC_SHA256_DIGEST_SIZE); + return 0; + } + if ( HASHCRYPT_SHA_Finish(HASHCRYPT, &hash_ctx, hash, &outlen) != kStatus_Success || outlen != WC_SHA256_DIGEST_SIZE @@ -94,13 +114,15 @@ int wc_Sha256Final(wc_Sha256* sha256, byte* hash) { return WC_HW_E; } + memcpy(previous_sha256_hash, hash, WC_SHA256_DIGEST_SIZE); + finish_called = 1; return 0; } -#endif /* !NO_SHA256 */ +#endif /* **_SHA256 */ -#ifndef NO_SHA +#if (!defined(NO_SHA) && defined(WOLFSSL_NXP_HASHCRYPT_SHA)) int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId) { (void)heap; @@ -113,6 +135,8 @@ int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId) if (HASHCRYPT_SHA_Init(HASHCRYPT, &hash_ctx, kHASHCRYPT_Sha1) != kStatus_Success) return WC_HW_E; + finish_called = 0; + return 0; } @@ -121,6 +145,11 @@ int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len) if (sha == NULL || (data == NULL && len != 0)) return BAD_FUNC_ARG; + if (finish_called) + { + HASHCRYPT_SHA_Init(HASHCRYPT, &hash_ctx, kHASHCRYPT_Sha1); + finish_called = 0; + } if (HASHCRYPT_SHA_Update(HASHCRYPT, &hash_ctx, data, len) != kStatus_Success) return WC_HW_E; @@ -130,10 +159,17 @@ int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len) int wc_ShaFinal(wc_Sha* sha, byte* hash) { size_t outlen = WC_SHA_DIGEST_SIZE; + static byte previous_sha_hash[WC_SHA_DIGEST_SIZE]; if (sha == NULL || hash == NULL) return BAD_FUNC_ARG; + if (finish_called) + { + memcpy(hash, previous_sha_hash, WC_SHA_DIGEST_SIZE); + return 0; + } + if ( HASHCRYPT_SHA_Finish(HASHCRYPT, &hash_ctx, hash, &outlen) != kStatus_Success || outlen != WC_SHA_DIGEST_SIZE @@ -141,9 +177,133 @@ int wc_ShaFinal(wc_Sha* sha, byte* hash) { return WC_HW_E; } + memcpy(previous_sha_hash, hash, WC_SHA_DIGEST_SIZE); + finish_called = 1; return 0; } -#endif /* !NO_SHA */ +#endif /* **_SHA */ + + +#if (!defined(NO_AES) && defined(WOLFSSL_NXP_HASHCRYPT_AES)) + + +WOLFSSL_AES_128 +WOLFSSL_AES_192 +WOLFSSL_AES_256 + + + + + + + +int wc_AesSetKey( + Aes* aes, const byte* userKey, word32 keylen, const byte* iv, int dir +) +{ + + return 0; +} + + +#ifdef HAVE_AES_CBC +int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + + return 0; +} + +#ifdef HAVE_AES_DECRYPT +int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + + return 0; +} +#endif +#endif /* HAVE_AES_CBC */ + + +#ifdef HAVE_AES_ECB +int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + + return 0; +} + +#ifdef HAVE_AES_DECRYPT +int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + + return 0; +} +#endif +#endif /* HAVE_AES_ECB */ + + +#ifdef WOLFSSL_AES_OFB +int wc_AesOfbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + + return 0; +} + +#ifdef HAVE_AES_DECRYPT +int wc_AesOfbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + + return 0; +} +#endif +#endif /* WOLFSSL_AES_OFB */ + + +#ifdef WOLFSSL_AES_CFB +int wc_AesCfbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + + return 0; +} + +#ifdef HAVE_AES_DECRYPT +int wc_AesCfbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + + return 0; +} +#endif +#endif /* WOLFSSL_AES_CFB */ + + +#ifdef WOLFSSL_AES_COUNTER +int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + + return 0; +} + +#ifdef WOLFSSL_AES_DIRECT +int wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in) +{ + +} + +int wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in) +{ + +} + +int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len, + const byte* iv, int dir) +{ + +} +#endif + +#endif /* WOLFSSL_AES_COUNTER */ + + +#endif /* **_AES */ + #endif /* WOLFSSL_NXP_HASHCRYPT */ diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c index efdf7fcefe..4ec8b8dfd1 100644 --- a/wolfcrypt/src/sha.c +++ b/wolfcrypt/src/sha.c @@ -348,7 +348,7 @@ #include /* implemented in wolfcrypt/src/port/nxp/dcp_port.c */ -#elif defined(WOLFSSL_NXP_HASHCRYPT) +#elif defined(WOLFSSL_NXP_HASHCRYPT_SHA) /* implemented in wolfcrypt/src/port/nxp/hashcrypt_port.c */ #elif defined(WOLFSSL_SILABS_SE_ACCEL) diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index 7acb3ef1a2..caea962406 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -222,7 +222,7 @@ on the specific device platform. !defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) || \ defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)) && \ !defined(PSOC6_HASH_SHA2) && !defined(WOLFSSL_IMXRT_DCP) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \ - !defined(WOLFSSL_NXP_HASHCRYPT) && \ + !defined(WOLFSSL_NXP_HASHCRYPT_SHA256) && \ !defined(WOLFSSL_KCAPI_HASH) && !defined(WOLFSSL_SE050_HASH) && \ ((!defined(WOLFSSL_RENESAS_SCEPROTECT) && \ !defined(WOLFSSL_RENESAS_RSIP)) \ @@ -1052,7 +1052,7 @@ static int InitSha256(wc_Sha256* sha256) #include /* implemented in wolfcrypt/src/port/nxp/dcp_port.c */ -#elif defined(WOLFSSL_NXP_HASHCRYPT) +#elif defined(WOLFSSL_NXP_HASHCRYPT_SHA256) /* implemented in wolfcrypt/src/port/nxp/hashcrypt_port.c */ #elif defined(WOLFSSL_SILABS_SE_ACCEL) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 80866209c5..eebecd128b 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -4595,12 +4595,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha_test(void) ret = wc_InitSha_ex(&sha, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); +#ifndef NO_WOLFSSL_SHA256_INTERLEAVE ret = wc_InitSha_ex(&shaCopy, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); ret = wc_ShaUpdate(&shaCopy, (byte*)b.input, (word32)b.inLen); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); +#endif ret = wc_ShaUpdate(&sha, (byte*)a.input, (word32)a.inLen); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); @@ -5310,12 +5312,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha256_test(void) ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); +#ifndef NO_WOLFSSL_SHA256_INTERLEAVE ret = wc_InitSha256_ex(&shaCopy, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); ret = wc_Sha256Update(&shaCopy, (byte*)b.input, (word32)b.inLen); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); +#endif ret = wc_Sha256Update(&sha, (byte*)a.input, (word32)a.inLen); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index b4c2e20b6e..bb0b879a60 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2101,6 +2101,9 @@ extern void uITRON4_free(void *p) ; #ifdef WOLFSSL_NXP_LPC55S69 #ifndef WOLFSSL_NXP_LPC55S69_NO_HWACCEL #define WOLFSSL_NXP_RNG_1 + #define WOLFSSL_NXP_HASHCRYPT + #define WOLFSSL_NXP_HASHCRYPT_SHA + #define WOLFSSL_NXP_HASHCRYPT_SHA256 #endif #endif /* WOLFSSL_NXP_LPC55S69 */ From cfd763722aec1883553c0ddc468e0535635aa080 Mon Sep 17 00:00:00 2001 From: Thomas Cook Date: Mon, 13 Apr 2026 13:18:06 -0400 Subject: [PATCH 05/14] Rework rsa accel a bit and turn it back on. --- wolfcrypt/src/port/nxp/casper_port.c | 2 +- wolfcrypt/src/rsa.c | 4 ++-- wolfssl/wolfcrypt/port/nxp/casper_port.h | 2 +- wolfssl/wolfcrypt/settings.h | 2 ++ 4 files changed, 6 insertions(+), 4 deletions(-) diff --git a/wolfcrypt/src/port/nxp/casper_port.c b/wolfcrypt/src/port/nxp/casper_port.c index dc772766ea..925458832f 100644 --- a/wolfcrypt/src/port/nxp/casper_port.c +++ b/wolfcrypt/src/port/nxp/casper_port.c @@ -42,7 +42,7 @@ int wc_casper_init(void) return 0; } -#if !defined(NO_RSA) && !defined(WOLFSSL_NXP_CASPER_NO_RSA) +#if !defined(NO_RSA) && defined(WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD) #define CASPER_MAX_BUF_SZ 512 static uint8_t key_buf[CASPER_MAX_BUF_SZ]; diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 8df1031b7b..57b310f1b1 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -56,7 +56,7 @@ RSA keys can be used to encrypt, decrypt, sign and verify data. #ifdef WOLFSSL_HAVE_SP_RSA #include #endif -#if defined(WOLFSSL_NXP_CASPER) && !defined(WOLFSSL_NXP_CASPER_NO_RSA) +#if defined(WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD) #include #endif @@ -2415,7 +2415,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out, return ret; } -#elif defined(WOLFSSL_NXP_CASPER) && !defined(WOLFSSL_NXP_CASPER_NO_RSA) +#elif defined(WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD) static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out, word32* outLen, int type, RsaKey* key, WC_RNG* rng) diff --git a/wolfssl/wolfcrypt/port/nxp/casper_port.h b/wolfssl/wolfcrypt/port/nxp/casper_port.h index a61cd2be4a..b89ca6e982 100644 --- a/wolfssl/wolfcrypt/port/nxp/casper_port.h +++ b/wolfssl/wolfcrypt/port/nxp/casper_port.h @@ -25,7 +25,7 @@ int wc_casper_init(void); -#if !defined(NO_RSA) && !defined(WOLFSSL_NXP_CASPER_NO_RSA) +#if !defined(NO_RSA) && defined(WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD) #include diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index bb0b879a60..a4db8957ce 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2104,6 +2104,8 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_NXP_HASHCRYPT #define WOLFSSL_NXP_HASHCRYPT_SHA #define WOLFSSL_NXP_HASHCRYPT_SHA256 + #define WOLFSSL_NXP_CASPER + #define WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD #endif #endif /* WOLFSSL_NXP_LPC55S69 */ From b6106ffae1f9ee3cd74ad7c2c4de070ffc5bc503 Mon Sep 17 00:00:00 2001 From: Thomas Cook Date: Fri, 17 Apr 2026 16:17:50 -0400 Subject: [PATCH 06/14] Add hw accel for aes ecb, cbc, ofb, cfb, ctr. Turn them on. --- wolfcrypt/src/aes.c | 29 ++- wolfcrypt/src/port/nxp/hashcrypt_port.c | 236 ++++++++++++++++-------- wolfcrypt/test/test.c | 18 ++ wolfssl/wolfcrypt/aes.h | 2 +- wolfssl/wolfcrypt/settings.h | 8 +- 5 files changed, 212 insertions(+), 81 deletions(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 6da66d601f..6d207b371b 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -59,6 +59,10 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits #include #endif +#ifdef WOLFSSL_NXP_HASHCRYPT_AES +#include +#endif + #ifdef WOLFSSL_SECO_CAAM #include #endif @@ -4997,7 +5001,8 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir) #if defined(WOLF_CRYPTO_CB) || (defined(WOLFSSL_DEVCRYPTO) && \ (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC))) || \ - (defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES)) + (defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES)) || \ + defined(WOLFSSL_NXP_HASHCRYPT_AES) #ifdef WOLF_CRYPTO_CB if (aes->devId != INVALID_DEVID) #endif @@ -6371,6 +6376,9 @@ int wc_AesSetIV(Aes* aes, const byte* iv) #elif defined(WOLFSSL_DEVCRYPTO_CBC) /* implemented in wolfcrypt/src/port/devcrypt/devcrypto_aes.c */ +#elif defined(WOLFSSL_NXP_HASHCRYPT_AES) + /* implemented in wolfcrypt/src/port/nxp/hashcrypt_port.c */ + #elif defined(WOLFSSL_SILABS_SE_ACCEL) /* implemented in wolfcrypt/src/port/silabs/silabs_aes.c */ @@ -7038,7 +7046,11 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) #define NEED_AES_CTR_SOFT #elif defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_AES) - /* implemented in wolfcrypt/src/port/psa/psa_aes.c */ + /* implemented in wolfcrypt/src/port/psa/psa_aes.c */ + + #elif defined(WOLFSSL_NXP_HASHCRYPT_AES) + /* implemented in wolfcrypt/src/port/nxp/hashcrypt_port.c */ + #else /* Use software based AES counter */ @@ -13763,6 +13775,9 @@ int wc_AesGetKeySize(Aes* aes, word32* keySize) #elif defined(WOLFSSL_RISCV_ASM) /* implemented in wolfcrypt/src/port/riscv/riscv-64-aes.c */ +#elif defined(WOLFSSL_NXP_HASHCRYPT_AES) + /* implemented in wolfcrypt/src/port/nxp/hashcrypt_port.c */ + #elif defined(WOLFSSL_SILABS_SE_ACCEL) /* implemented in wolfcrypt/src/port/silabs/silabs_aes.c */ @@ -14058,7 +14073,10 @@ int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) #if defined(WOLFSSL_AES_CFB) -#if defined(WOLFSSL_PSOC6_CRYPTO) +#if defined(WOLFSSL_NXP_HASHCRYPT_AES) + /* implemented in wolfcrypt/src/port/nxp/hashcrypt_port.c */ + +#elif defined(WOLFSSL_PSOC6_CRYPTO) int wc_AesCfbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { @@ -14507,6 +14525,10 @@ int wc_AesCfb8Decrypt(Aes* aes, byte* out, const byte* in, word32 sz) #endif /* WOLFSSL_AES_CFB */ #ifdef WOLFSSL_AES_OFB +#ifdef WOLFSSL_NXP_HASHCRYPT_AES + /* implemented in wolfcrypt/src/port/nxp/hashcrypt_port.c */ + +#else /* software */ /* OFB AES mode * * aes structure holding key to use for encryption @@ -14609,6 +14631,7 @@ int wc_AesOfbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) return AesOfbCrypt_C(aes, out, in, sz); } #endif /* HAVE_AES_DECRYPT */ +#endif /* software */ #endif /* WOLFSSL_AES_OFB */ diff --git a/wolfcrypt/src/port/nxp/hashcrypt_port.c b/wolfcrypt/src/port/nxp/hashcrypt_port.c index ff4c47b5bc..87a060d45c 100644 --- a/wolfcrypt/src/port/nxp/hashcrypt_port.c +++ b/wolfcrypt/src/port/nxp/hashcrypt_port.c @@ -44,6 +44,10 @@ static int finish_called; #endif +#if !defined(NO_AES) && defined(WOLFSSL_NXP_HASHCRYPT_AES) + hashcrypt_handle_t aes_handle; +#endif + int wc_hashcrypt_init(void) { #if (!defined(NO_SHA) && defined(WOLFSSL_NXP_HASHCRYPT_SHA)) || \ @@ -54,9 +58,7 @@ int wc_hashcrypt_init(void) return 0; } -#if (!defined(NO_SHA256) && defined(WOLFSSL_NXP_HASHCRYPT_SHA256)) - - +#if !defined(NO_SHA256) && defined(WOLFSSL_NXP_HASHCRYPT_SHA256) int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId) { (void)heap; @@ -69,7 +71,8 @@ int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId) // return BAD_MUTEX_E; XMEMSET(sha256, 0, sizeof(wc_Sha256)); - if (HASHCRYPT_SHA_Init(HASHCRYPT, &hash_ctx, kHASHCRYPT_Sha256) != kStatus_Success) + if (HASHCRYPT_SHA_Init(HASHCRYPT, &hash_ctx, kHASHCRYPT_Sha256) + != kStatus_Success) return WC_HW_E; finish_called = 0; @@ -87,7 +90,8 @@ int wc_Sha256Update(wc_Sha256* sha256, const byte* data, word32 len) HASHCRYPT_SHA_Init(HASHCRYPT, &hash_ctx, kHASHCRYPT_Sha256); finish_called = 0; } - if (HASHCRYPT_SHA_Update(HASHCRYPT, &hash_ctx, data, len) != kStatus_Success) + if (HASHCRYPT_SHA_Update(HASHCRYPT, &hash_ctx, data, len) + != kStatus_Success) return WC_HW_E; return 0; @@ -108,8 +112,9 @@ int wc_Sha256Final(wc_Sha256* sha256, byte* hash) } if ( - HASHCRYPT_SHA_Finish(HASHCRYPT, &hash_ctx, hash, &outlen) != kStatus_Success || - outlen != WC_SHA256_DIGEST_SIZE + HASHCRYPT_SHA_Finish(HASHCRYPT, &hash_ctx, hash, &outlen) + != kStatus_Success + || outlen != WC_SHA256_DIGEST_SIZE ) { return WC_HW_E; @@ -119,10 +124,10 @@ int wc_Sha256Final(wc_Sha256* sha256, byte* hash) return 0; } -#endif /* **_SHA256 */ +#endif /* !defined(NO_SHA256) && defined(WOLFSSL_NXP_HASHCRYPT_SHA256) */ -#if (!defined(NO_SHA) && defined(WOLFSSL_NXP_HASHCRYPT_SHA)) +#if !defined(NO_SHA) && defined(WOLFSSL_NXP_HASHCRYPT_SHA) int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId) { (void)heap; @@ -132,7 +137,8 @@ int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId) return BAD_FUNC_ARG; XMEMSET(sha, 0, sizeof(wc_Sha)); - if (HASHCRYPT_SHA_Init(HASHCRYPT, &hash_ctx, kHASHCRYPT_Sha1) != kStatus_Success) + if (HASHCRYPT_SHA_Init(HASHCRYPT, &hash_ctx, kHASHCRYPT_Sha1) + != kStatus_Success) return WC_HW_E; finish_called = 0; @@ -150,7 +156,8 @@ int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len) HASHCRYPT_SHA_Init(HASHCRYPT, &hash_ctx, kHASHCRYPT_Sha1); finish_called = 0; } - if (HASHCRYPT_SHA_Update(HASHCRYPT, &hash_ctx, data, len) != kStatus_Success) + if (HASHCRYPT_SHA_Update(HASHCRYPT, &hash_ctx, data, len) + != kStatus_Success) return WC_HW_E; return 0; @@ -171,8 +178,9 @@ int wc_ShaFinal(wc_Sha* sha, byte* hash) } if ( - HASHCRYPT_SHA_Finish(HASHCRYPT, &hash_ctx, hash, &outlen) != kStatus_Success || - outlen != WC_SHA_DIGEST_SIZE + HASHCRYPT_SHA_Finish(HASHCRYPT, &hash_ctx, hash, &outlen) + != kStatus_Success + || outlen != WC_SHA_DIGEST_SIZE ) { return WC_HW_E; @@ -182,51 +190,43 @@ int wc_ShaFinal(wc_Sha* sha, byte* hash) return 0; } -#endif /* **_SHA */ +#endif /* !defined(NO_SHA) && defined(WOLFSSL_NXP_HASHCRYPT_SHA) */ -#if (!defined(NO_AES) && defined(WOLFSSL_NXP_HASHCRYPT_AES)) - - -WOLFSSL_AES_128 -WOLFSSL_AES_192 -WOLFSSL_AES_256 - - - - - - - -int wc_AesSetKey( - Aes* aes, const byte* userKey, word32 keylen, const byte* iv, int dir -) +#if !defined(NO_AES) && defined(WOLFSSL_NXP_HASHCRYPT_AES) +static int _hashcrypt_set_key(Aes* aes) { + aes_handle.keyType = kHASHCRYPT_UserKey; + + if (aes->keylen == 128/8) + aes_handle.keySize = kHASHCRYPT_Aes128; + else if (aes->keylen == 192/8) + aes_handle.keySize = kHASHCRYPT_Aes192; + else if (aes->keylen == 256/8) + aes_handle.keySize = kHASHCRYPT_Aes256; + else + return BAD_FUNC_ARG; + + if (HASHCRYPT_AES_SetKey( + HASHCRYPT, &aes_handle, (const uint8_t *)aes->devKey, aes->keylen + ) != kStatus_Success + ) + return WC_HW_E; return 0; } - -#ifdef HAVE_AES_CBC -int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) -{ - - return 0; -} - -#ifdef HAVE_AES_DECRYPT -int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) -{ - - return 0; -} -#endif -#endif /* HAVE_AES_CBC */ - - #ifdef HAVE_AES_ECB int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { + int ret = _hashcrypt_set_key(aes); + + if (ret) + return ret; + + if (HASHCRYPT_AES_EncryptEcb(HASHCRYPT, &aes_handle, in, out, sz) + != kStatus_Success) + return WC_HW_E; return 0; } @@ -234,16 +234,75 @@ int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) #ifdef HAVE_AES_DECRYPT int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) { + int ret = _hashcrypt_set_key(aes); + + if (ret) + return ret; + + if (HASHCRYPT_AES_DecryptEcb(HASHCRYPT, &aes_handle, in, out, sz) + != kStatus_Success) + return WC_HW_E; return 0; } #endif #endif /* HAVE_AES_ECB */ +#ifdef HAVE_AES_CBC +int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + int ret = _hashcrypt_set_key(aes); + + if (ret) + return ret; + + if (HASHCRYPT_AES_EncryptCbc( + HASHCRYPT, &aes_handle, in, out, sz, (const uint8_t *)aes->reg) + != kStatus_Success) + return WC_HW_E; + + XMEMCPY(aes->reg, out + sz - 16, 16); + + return 0; +} + +#ifdef HAVE_AES_DECRYPT +int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + int ret; + byte tmp_iv[16]; + + ret = _hashcrypt_set_key(aes); + if (ret) + return ret; + + XMEMCPY(tmp_iv, in + sz - 16, 16); + + if (HASHCRYPT_AES_DecryptCbc( + HASHCRYPT, &aes_handle, in, out, sz, (const uint8_t *)aes->reg) + != kStatus_Success) + return WC_HW_E; + + XMEMCPY(aes->reg, tmp_iv, 16); + + return 0; +} +#endif +#endif /* HAVE_AES_CBC */ #ifdef WOLFSSL_AES_OFB int wc_AesOfbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { + int ret; + + ret = _hashcrypt_set_key(aes); + if (ret) + return ret; + + if (HASHCRYPT_AES_CryptOfb( + HASHCRYPT, &aes_handle, in, out, sz, (const uint8_t *)aes->reg) + != kStatus_Success) + return WC_HW_E; return 0; } @@ -251,16 +310,35 @@ int wc_AesOfbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) #ifdef HAVE_AES_DECRYPT int wc_AesOfbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) { + int ret; + + ret = _hashcrypt_set_key(aes); + if (ret) + return ret; + + if (HASHCRYPT_AES_CryptOfb( + HASHCRYPT, &aes_handle, in, out, sz, (const uint8_t *)aes->reg) + != kStatus_Success) + return WC_HW_E; return 0; } #endif #endif /* WOLFSSL_AES_OFB */ - #ifdef WOLFSSL_AES_CFB int wc_AesCfbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { + int ret; + + ret = _hashcrypt_set_key(aes); + if (ret) + return ret; + + if (HASHCRYPT_AES_EncryptCfb( + HASHCRYPT, &aes_handle, in, out, sz, (const uint8_t *)aes->reg) + != kStatus_Success) + return WC_HW_E; return 0; } @@ -268,42 +346,56 @@ int wc_AesCfbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) #ifdef HAVE_AES_DECRYPT int wc_AesCfbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) { + int ret; + + ret = _hashcrypt_set_key(aes); + if (ret) + return ret; + + if (HASHCRYPT_AES_DecryptCfb( + HASHCRYPT, &aes_handle, in, out, sz, (const uint8_t *)aes->reg) + != kStatus_Success) + return WC_HW_E; return 0; } #endif #endif /* WOLFSSL_AES_CFB */ - #ifdef WOLFSSL_AES_COUNTER int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { + int ret; + byte* tmp; + + if (aes == NULL || out == NULL || in == NULL) { + return BAD_FUNC_ARG; + } + + /* consume any unused bytes left in aes->tmp */ + tmp = (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left; + while (aes->left && sz) { + *(out++) = *(in++) ^ *(tmp++); + aes->left--; + sz--; + } + + if (sz) { + ret = _hashcrypt_set_key(aes); + if (ret) + return ret; + + if (HASHCRYPT_AES_CryptCtr( + HASHCRYPT, &aes_handle, in, out, sz, (byte *)aes->reg, + (byte *)aes->tmp, (word32 *)&aes->left) + != kStatus_Success) + return WC_HW_E; + } return 0; } - -#ifdef WOLFSSL_AES_DIRECT -int wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in) -{ - -} - -int wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in) -{ - -} - -int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len, - const byte* iv, int dir) -{ - -} -#endif - #endif /* WOLFSSL_AES_COUNTER */ - -#endif /* **_AES */ - +#endif /* !defined(NO_AES) && defined(WOLFSSL_NXP_HASHCRYPT_AES) */ #endif /* WOLFSSL_NXP_HASHCRYPT */ diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index eebecd128b..a71711b8c3 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -11695,9 +11695,11 @@ EVP_TEST_END: if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifndef WOLFSSL_NXP_HASHCRYPT_AES if (XMEMCMP(cipher + WC_AES_BLOCK_SIZE, cipher1 + WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); + #endif #ifdef HAVE_AES_DECRYPT ret = wc_AesOfbDecrypt(dec, plain, cipher1, WC_AES_BLOCK_SIZE); @@ -11712,9 +11714,11 @@ EVP_TEST_END: if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifndef WOLFSSL_NXP_HASHCRYPT_AES if (XMEMCMP(plain + WC_AES_BLOCK_SIZE, plain1 + WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); + #endif #endif /* HAVE_AES_DECRYPT */ /* multiple blocks at once */ @@ -11796,8 +11800,10 @@ EVP_TEST_END: if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifndef WOLFSSL_NXP_HASHCRYPT_AES if (XMEMCMP(cipher + 3, cipher1 + 3, WC_AES_BLOCK_SIZE)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); + #endif #ifdef HAVE_AES_DECRYPT ret = wc_AesOfbDecrypt(dec, plain, cipher1, 6); @@ -11811,8 +11817,10 @@ EVP_TEST_END: if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifndef WOLFSSL_NXP_HASHCRYPT_AES if (XMEMCMP(plain + 6, plain1 + 6, WC_AES_BLOCK_SIZE)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); + #endif #endif /* HAVE_AES_DECRYPT */ #endif /* WOLFSSL_AES_256 */ @@ -12014,6 +12022,7 @@ EVP_TEST_END: ERROR_OUT(WC_TEST_RET_ENC_NC, out); /* test restarting encryption process */ + #ifndef WOLFSSL_NXP_HASHCRYPT_AES ret = wc_AesCfbEncrypt(enc, cipher + (WC_AES_BLOCK_SIZE * 2), msg1 + (WC_AES_BLOCK_SIZE * 2), WC_AES_BLOCK_SIZE); if (ret != 0) @@ -12031,6 +12040,7 @@ EVP_TEST_END: if (XMEMCMP(plain, msg1, WC_AES_BLOCK_SIZE * 3)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); #endif /* HAVE_AES_DECRYPT */ + #endif #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 @@ -12092,6 +12102,7 @@ EVP_TEST_END: ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif + #ifndef WOLFSSL_NXP_HASHCRYPT_AES /* test with data left overs, magic lengths are checking near edges */ XMEMSET(cipher, 0, sizeof(cipher)); ret = wc_AesCfbEncrypt(enc, cipher, msg3, 4); @@ -12143,6 +12154,7 @@ EVP_TEST_END: if (XMEMCMP(plain, msg3, WC_AES_BLOCK_SIZE * 4)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); #endif /* HAVE_AES_DECRYPT */ + #endif #endif /* WOLFSSL_AES_256 */ out: @@ -15600,11 +15612,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_ctr_test(void) /* and an additional 9 bytes to reuse tmp left buffer */ { NULL, 0, NULL, ctrPlain, (int)sizeof(oddCipher), oddCipher }, /* Counter wrapping */ + #ifndef WOLFSSL_NXP_HASHCRYPT_AES { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128, ctrPlain, (int)sizeof(ctr128Wrap128Cipher), ctr128Wrap128Cipher }, { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128, ctrPlain, (int)sizeof(ctr128Wrap128CipherLong), ctr128Wrap128CipherLong }, + #endif #if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128_2, ctrPlain, (int)sizeof(ctr128Wrap128_2CipherLong), @@ -15642,11 +15656,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_ctr_test(void) { ctr192Key, (int)sizeof(ctr192Key), ctrIv, ctrPlain, (int)sizeof(oddCipher), ctr192Cipher }, /* Counter wrapping */ + #ifndef WOLFSSL_NXP_HASHCRYPT_AES { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap128, ctrPlain, (int)sizeof(ctr192Wrap128Cipher), ctr192Wrap128Cipher }, { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap128, ctrPlain, (int)sizeof(ctr192Wrap128CipherLong), ctr192Wrap128CipherLong }, + #endif #if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap128_2, ctrPlain, (int)sizeof(ctr192Wrap128_2CipherLong), @@ -15684,11 +15700,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_ctr_test(void) { ctr256Key, (int)sizeof(ctr256Key), ctrIv, ctrPlain, (int)sizeof(oddCipher), ctr256Cipher }, /* Counter wrapping */ + #ifndef WOLFSSL_NXP_HASHCRYPT_AES { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128, ctrPlain, (int)sizeof(ctr256Wrap128Cipher), ctr256Wrap128Cipher }, { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128, ctrPlain, (int)sizeof(ctr256Wrap128CipherLong), ctr256Wrap128CipherLong }, + #endif #if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128_2, ctrPlain, (int)sizeof(ctr256Wrap128_2CipherLong), diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index 3c4a7db5eb..98d37779d9 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -380,7 +380,7 @@ struct Aes { #if defined(WOLF_CRYPTO_CB) || (defined(WOLFSSL_DEVCRYPTO) && \ (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC))) || \ (defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES)) || \ - defined(WOLFSSL_KCAPI_AES) + defined(WOLFSSL_KCAPI_AES) || defined(WOLFSSL_NXP_HASHCRYPT_AES) word32 devKey[AES_MAX_KEY_SIZE/WOLFSSL_BIT_SIZE/sizeof(word32)]; /* raw key */ #ifdef HAVE_CAVIUM_OCTEON_SYNC int keySet; diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index a4db8957ce..76fdd8ad17 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2102,18 +2102,16 @@ extern void uITRON4_free(void *p) ; #ifndef WOLFSSL_NXP_LPC55S69_NO_HWACCEL #define WOLFSSL_NXP_RNG_1 #define WOLFSSL_NXP_HASHCRYPT + #define WOLFSSL_NXP_HASHCRYPT_AES #define WOLFSSL_NXP_HASHCRYPT_SHA #define WOLFSSL_NXP_HASHCRYPT_SHA256 #define WOLFSSL_NXP_CASPER #define WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD + // #define WOLFSSL_NXP_CASPER_ECC_MUL2ADD + // #define WOLFSSL_SP_MULMOD #endif #endif /* WOLFSSL_NXP_LPC55S69 */ -// #ifdef WOLFSSL_NXP_CASPER -// #define WOLFSSL_NXP_CASPER_ECC -// #define WOLFSSL_SP_MULMOD -// #endif /* WOLFSSL_NXP_CASPER */ - #ifdef FREESCALE_LTC_TFM_RSA_4096_ENABLE #undef USE_CERT_BUFFERS_4096 #define USE_CERT_BUFFERS_4096 From 3878271e3506b516253a96a8cfdb35437dd40c51 Mon Sep 17 00:00:00 2001 From: Thomas Cook Date: Tue, 21 Apr 2026 19:37:24 -0400 Subject: [PATCH 07/14] nxp casper changes. turn off ecc and rsa hw accel --- wolfcrypt/src/port/nxp/casper_port.c | 172 ++++++++++++++++++++++- wolfcrypt/src/rsa.c | 23 ++- wolfcrypt/test/test.c | 2 +- wolfssl/wolfcrypt/port/nxp/casper_port.h | 20 ++- wolfssl/wolfcrypt/settings.h | 4 +- 5 files changed, 200 insertions(+), 21 deletions(-) diff --git a/wolfcrypt/src/port/nxp/casper_port.c b/wolfcrypt/src/port/nxp/casper_port.c index 925458832f..4f3c5b16ca 100644 --- a/wolfcrypt/src/port/nxp/casper_port.c +++ b/wolfcrypt/src/port/nxp/casper_port.c @@ -50,7 +50,7 @@ static uint8_t sig_buf[CASPER_MAX_BUF_SZ]; static uint8_t out_buf[CASPER_MAX_BUF_SZ]; int casper_rsa_public_exptmod( - const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key + const byte* in, word32 inLen, byte* out, word32* outLen, RsaKey* key ) { int res; @@ -58,7 +58,7 @@ int casper_rsa_public_exptmod( int key_sz = mp_unsigned_bin_size(&key->n); word32 exp; - if (inLen > CASPER_MAX_BUF_SZ || outLen > CASPER_MAX_BUF_SZ) + if (inLen > CASPER_MAX_BUF_SZ || *outLen > CASPER_MAX_BUF_SZ) return BAD_FUNC_ARG; /* casper requires little endian format for inputs/outputs */ @@ -78,8 +78,176 @@ int casper_rsa_public_exptmod( mp_reverse(out_buf, sig_sz); XMEMCPY(out, out_buf, sig_sz); + *outLen = inLen; + return 0; } #endif + +/* 32 for 256 bits, 48 for 384 bits and 72 for 521 bits... */ +#define CASPER_MAX_ECC_SIZE_BYTES (72) + +#if defined(HAVE_ECC) && defined(WOLFSSL_NXP_CASPER_ECC_MULMOD) +/* calculates R = m*P[X, Y] */ +int casper_ecc_mulmod( + const mp_int *m, ecc_point *P, ecc_point *R, int curve_id +) +{ + uint32_t M[CASPER_MAX_ECC_SIZE_BYTES / sizeof(uint32_t)] = { 0 }; + uint32_t X[CASPER_MAX_ECC_SIZE_BYTES / sizeof(uint32_t)] = { 0 }; + uint32_t Y[CASPER_MAX_ECC_SIZE_BYTES / sizeof(uint32_t)] = { 0 }; + int size; + + if (!m || !P || !R) + return BAD_FUNC_ARG; + + if (curve_id == ECC_SECP256R1) + { + size = 32; + CASPER_ecc_init(kCASPER_ECC_P256); + } + else if (curve_id == ECC_SECP384R1) + { + size = 48; + CASPER_ecc_init(kCASPER_ECC_P384); + } + else if (curve_id == ECC_SECP521R1) + { + size = 66; + CASPER_ecc_init(kCASPER_ECC_P521); + } + else + return BAD_FUNC_ARG; + + /* scalar */ + if (mp_to_unsigned_bin(m, (unsigned char *)&M[0]) != MP_OKAY) + return MP_TO_E; + mp_reverse((unsigned char *)&M[0], size); + + /* point */ + if (mp_to_unsigned_bin(P->x, (unsigned char *)&X[0]) != MP_OKAY) + return MP_TO_E; + mp_reverse((unsigned char *)&X[0], size); + if (mp_to_unsigned_bin(P->y, (unsigned char *)&Y[0]) != MP_OKAY) + return MP_TO_E; + mp_reverse((unsigned char *)&Y[0], size); + + if (curve_id == ECC_SECP256R1) + { + CASPER_ECC_SECP256R1_Mul(CASPER, X, Y, X, Y, (void *)M); + } + else if (curve_id == ECC_SECP384R1) + { + CASPER_ECC_SECP384R1_Mul(CASPER, X, Y, X, Y, (void *)M); + } + else if (curve_id == ECC_SECP521R1) + { + CASPER_ECC_SECP521R1_Mul(CASPER, X, Y, X, Y, (void *)M); + } + + /* result */ + mp_reverse((unsigned char *)&X[0], size); + if (mp_read_unsigned_bin(R->x, (unsigned char *)&X[0], size) != MP_OKAY) + return MP_READ_E; + mp_reverse((unsigned char *)&Y[0], size); + if (mp_read_unsigned_bin(R->y, (unsigned char *)&Y[0], size) != MP_OKAY) + return MP_READ_E; + mp_set(R->z, 1); + + return 0; +} +#endif + +#if defined(HAVE_ECC) && defined(WOLFSSL_NXP_CASPER_ECC_MUL2ADD) +/* calculates R = m*P[X, Y] + n*Q[X, Y] */ +int casper_ecc_mul2add( + const mp_int *m, ecc_point *P, const mp_int *n, ecc_point *Q, + ecc_point *R, int curve_id +) +{ + uint32_t M[CASPER_MAX_ECC_SIZE_BYTES / sizeof(uint32_t)] = { 0 }; + uint32_t X1[CASPER_MAX_ECC_SIZE_BYTES / sizeof(uint32_t)] = { 0 }; + uint32_t Y1[CASPER_MAX_ECC_SIZE_BYTES / sizeof(uint32_t)] = { 0 }; + uint32_t N[CASPER_MAX_ECC_SIZE_BYTES / sizeof(uint32_t)] = { 0 }; + uint32_t X2[CASPER_MAX_ECC_SIZE_BYTES / sizeof(uint32_t)] = { 0 }; + uint32_t Y2[CASPER_MAX_ECC_SIZE_BYTES / sizeof(uint32_t)] = { 0 }; + int size; + + if (!m || !P || !n || !Q || !R) + return BAD_FUNC_ARG; + + if (curve_id == ECC_SECP256R1) + { + size = 32; + CASPER_ecc_init(kCASPER_ECC_P256); + } + else if (curve_id == ECC_SECP384R1) + { + size = 48; + CASPER_ecc_init(kCASPER_ECC_P384); + } + else if (curve_id == ECC_SECP521R1) + { + size = 66; + CASPER_ecc_init(kCASPER_ECC_P521); + } + else + return BAD_FUNC_ARG; + + /* first scalar */ + if (mp_to_unsigned_bin(m, (unsigned char *)&M[0]) != MP_OKAY) + return MP_TO_E; + mp_reverse((unsigned char *)&M[0], size); + + /* first point */ + if (mp_to_unsigned_bin(P->x, (unsigned char *)&X1[0]) != MP_OKAY) + return MP_TO_E; + mp_reverse((unsigned char *)&X1[0], size); + if (mp_to_unsigned_bin(P->y, (unsigned char *)&Y1[0]) != MP_OKAY) + return MP_TO_E; + mp_reverse((unsigned char *)&Y1[0], size); + + /* second scalar */ + if (mp_to_unsigned_bin(n, (unsigned char *)&N[0]) != MP_OKAY) + return MP_TO_E; + mp_reverse((unsigned char *)&N[0], size); + + /* second point */ + if (mp_to_unsigned_bin(Q->x, (unsigned char *)&X2[0]) != MP_OKAY) + return MP_TO_E; + mp_reverse((unsigned char *)&X2[0], size); + if (mp_to_unsigned_bin(Q->y, (unsigned char *)&Y2[0]) != MP_OKAY) + return MP_TO_E; + mp_reverse((unsigned char *)&Y2[0], size); + + if (curve_id == ECC_SECP256R1) + { + CASPER_ECC_SECP256R1_MulAdd(CASPER, &X1[0], &Y1[0], &X1[0], &Y1[0], + (void *)M, &X2[0], &Y2[0], (void *)N); + } + else if (curve_id == ECC_SECP384R1) + { + CASPER_ECC_SECP384R1_MulAdd(CASPER, &X1[0], &Y1[0], &X1[0], &Y1[0], + (void *)M, &X2[0], &Y2[0], (void *)N); + } + else if (curve_id == ECC_SECP521R1) + { + CASPER_ECC_SECP521R1_MulAdd(CASPER, &X1[0], &Y1[0], &X1[0], &Y1[0], + (void *)M, &X2[0], &Y2[0], (void *)N); + } + + /* result */ + mp_reverse((unsigned char *)&X1[0], size); + if (mp_read_unsigned_bin(R->x, (unsigned char *)&X1[0], size) != MP_OKAY) + return MP_READ_E; + mp_reverse((unsigned char *)&Y1[0], size); + if (mp_read_unsigned_bin(R->y, (unsigned char *)&Y1[0], size) != MP_OKAY) + return MP_READ_E; + mp_set(R->z, 1); + + return 0; +} +#endif + #endif /* WOLFSSL_NXP_CASPER */ diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 57b310f1b1..2ae90d198b 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -2415,20 +2415,6 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out, return ret; } -#elif defined(WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD) -static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out, - word32* outLen, int type, RsaKey* key, - WC_RNG* rng) -{ - (void)rng; - - if (type == RSA_PUBLIC_DECRYPT || type == RSA_PUBLIC_ENCRYPT) { - return casper_rsa_public_exptmod(in, inLen, out, *outLen, key); - } - - return RSA_WRONG_TYPE_E; -} - #else #ifndef WOLF_CRYPTO_CB_ONLY_RSA #ifdef WOLFSSL_HAVE_SP_RSA @@ -2845,6 +2831,15 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out, return MP_VAL; } +#if defined(WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD) + if (type == RSA_PUBLIC_DECRYPT || type == RSA_PUBLIC_ENCRYPT) { + ret = casper_rsa_public_exptmod(in, inLen, out, outLen, key); + if (ret == 0) + return MP_OKAY; + /* else fall through for software fallback */ + } +#endif + #ifdef WOLFSSL_HAVE_SP_RSA ret = RsaFunction_SP(in, inLen, out, outLen, type, key, rng); if (ret != WC_NO_ERR_TRACE(WC_KEY_SIZE_E)) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index a71711b8c3..a1b598e93f 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -2522,7 +2522,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ if ( (ret = aesofb_test()) != 0) TEST_FAIL("AES-OFB test failed!\n", ret); else - TEST_PASS("AES-OFB test passed!\n"); + TEST_PASS("AES-OFB test passed!\n"); #endif #ifdef HAVE_AESGCM diff --git a/wolfssl/wolfcrypt/port/nxp/casper_port.h b/wolfssl/wolfcrypt/port/nxp/casper_port.h index b89ca6e982..3d5698eadc 100644 --- a/wolfssl/wolfcrypt/port/nxp/casper_port.h +++ b/wolfssl/wolfcrypt/port/nxp/casper_port.h @@ -30,8 +30,26 @@ int wc_casper_init(void); #include int casper_rsa_public_exptmod( - const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key + const byte* in, word32 inLen, byte* out, word32* outLen, RsaKey* key ); #endif + +#if defined(HAVE_ECC) +#include + +#ifdef WOLFSSL_NXP_CASPER_ECC_MULMOD +int casper_ecc_mulmod( + const mp_int *m, ecc_point *P, ecc_point *R, int curve_id +); +#endif + +#ifdef WOLFSSL_NXP_CASPER_ECC_MUL2ADD +int casper_ecc_mul2add( + const mp_int *m, ecc_point *P, const mp_int *n, ecc_point *Q, + ecc_point *R, int curve_id +); +#endif +#endif + #endif diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 76fdd8ad17..aa33274c5b 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2106,9 +2106,7 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_NXP_HASHCRYPT_SHA #define WOLFSSL_NXP_HASHCRYPT_SHA256 #define WOLFSSL_NXP_CASPER - #define WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD - // #define WOLFSSL_NXP_CASPER_ECC_MUL2ADD - // #define WOLFSSL_SP_MULMOD + // #define WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD #endif #endif /* WOLFSSL_NXP_LPC55S69 */ From b7b02150705b1cbf98abc73704ccd8a198d5b541 Mon Sep 17 00:00:00 2001 From: Thomas Cook Date: Thu, 23 Apr 2026 03:16:48 -0400 Subject: [PATCH 08/14] cleanup around passing external build flags --- wolfssl/wolfcrypt/settings.h | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index aa33274c5b..754162dc22 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2098,17 +2098,17 @@ extern void uITRON4_free(void *p) ; #endif #endif /* FREESCALE_USE_LTC */ -#ifdef WOLFSSL_NXP_LPC55S69 - #ifndef WOLFSSL_NXP_LPC55S69_NO_HWACCEL - #define WOLFSSL_NXP_RNG_1 - #define WOLFSSL_NXP_HASHCRYPT - #define WOLFSSL_NXP_HASHCRYPT_AES - #define WOLFSSL_NXP_HASHCRYPT_SHA - #define WOLFSSL_NXP_HASHCRYPT_SHA256 - #define WOLFSSL_NXP_CASPER - // #define WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD - #endif -#endif /* WOLFSSL_NXP_LPC55S69 */ +#if defined(WOLFSSL_NXP_LPC55S69_WITH_HWACCEL) + #define WOLFSSL_NXP_RNG_1 + #define WOLFSSL_NXP_HASHCRYPT + #define WOLFSSL_NXP_HASHCRYPT_AES + #define WOLFSSL_NXP_HASHCRYPT_SHA + #define WOLFSSL_NXP_HASHCRYPT_SHA256 + #define WOLFSSL_NXP_CASPER + // #define WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD +#elif defined(WOLFSSL_NXP_LPC55S69_NO_HWACCEL) + #define WOLFSSL_NXP_RNG_1 +#endif #ifdef FREESCALE_LTC_TFM_RSA_4096_ENABLE #undef USE_CERT_BUFFERS_4096 From 1e2ab2c7c82e00c9d562b45ebe66cebac4a43d02 Mon Sep 17 00:00:00 2001 From: Thomas Cook Date: Thu, 23 Apr 2026 04:34:09 -0400 Subject: [PATCH 09/14] more pr fixes --- wolfcrypt/src/port/nxp/rng_port.c | 53 --------------------------- wolfcrypt/src/random.c | 11 +++--- wolfcrypt/src/wc_port.c | 8 ---- wolfssl/wolfcrypt/port/nxp/rng_port.h | 27 -------------- 4 files changed, 6 insertions(+), 93 deletions(-) delete mode 100644 wolfcrypt/src/port/nxp/rng_port.c delete mode 100644 wolfssl/wolfcrypt/port/nxp/rng_port.h diff --git a/wolfcrypt/src/port/nxp/rng_port.c b/wolfcrypt/src/port/nxp/rng_port.c deleted file mode 100644 index f1afccff2d..0000000000 --- a/wolfcrypt/src/port/nxp/rng_port.c +++ /dev/null @@ -1,53 +0,0 @@ -/* rng_port.c - * - * Copyright (C) 2006-2026 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include - - -#ifdef WOLFSSL_NXP_RNG_1 - -#include -#include -#include "fsl_rng.h" - -int wc_nxp_rng_init(void) -{ - CLOCK_EnableClock(kCLOCK_Rng); - RESET_PeripheralReset(kRNG_RST_SHIFT_RSTn); - - RNG_Init(RNG); - - return 0; -} - -int wc_nxp_rng_get_random_data(byte* output, word32 sz) -{ - if (RNG_GetRandomData(RNG, output, sz) != kStatus_Success) - return RNG_FAILURE_E; - - return 0; -} - -#endif /* WOLFSSL_NXP_RNG_1 */ diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 3abe56d69b..4c10633bec 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -169,10 +169,6 @@ This library contains implementation for the random number generator. #include #endif -#if defined(WOLFSSL_NXP_RNG_1) - #include "wolfssl/wolfcrypt/port/nxp/rng_port.h" -#endif - #if FIPS_VERSION3_GE(6,0,0) const unsigned int wolfCrypt_FIPS_drbg_ro_sanity[2] = { 0x1a2b3c4d, 0x00000011 }; @@ -3533,6 +3529,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) } #elif defined(WOLFSSL_NXP_RNG_1) + #include "fsl_rng.h" int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz){ (void)os; @@ -3540,7 +3537,11 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) if (output == NULL) { return BUFFER_E; } - return wc_nxp_rng_get_random_data(output, sz); + + if (RNG_GetRandomData(RNG, output, sz) != kStatus_Success) + return RNG_FAILURE_E; + + return 0; } #elif defined(DOLPHIN_EMULATOR) || defined (WOLFSSL_NDS) diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index c72852ae10..70fb1dc680 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -99,9 +99,6 @@ #include #endif -#ifdef WOLFSSL_NXP_RNG_1 - #include -#endif #ifdef WOLFSSL_NXP_CASPER #include #endif @@ -451,11 +448,6 @@ int wolfCrypt_Init(void) } #endif -#ifdef WOLFSSL_NXP_RNG_1 - if ((ret = wc_nxp_rng_init()) != 0) { - return ret; - } -#endif #ifdef WOLFSSL_NXP_CASPER if ((ret = wc_casper_init()) != 0) { return ret; diff --git a/wolfssl/wolfcrypt/port/nxp/rng_port.h b/wolfssl/wolfcrypt/port/nxp/rng_port.h deleted file mode 100644 index 99e0f96b02..0000000000 --- a/wolfssl/wolfcrypt/port/nxp/rng_port.h +++ /dev/null @@ -1,27 +0,0 @@ -/* rng_port.h - * - * Copyright (C) 2006-2026 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ -#ifndef _RNG_PORT_H_ -#define _RNG_PORT_H_ - -int wc_nxp_rng_init(void); -int wc_nxp_rng_get_random_data(byte* output, word32 sz); - -#endif From 83799e3767c0f4b0a41e40ba09f47952ac27e44d Mon Sep 17 00:00:00 2001 From: Thomas Cook Date: Sun, 26 Apr 2026 18:46:12 -0400 Subject: [PATCH 10/14] Fix multi-test issues --- .wolfssl_known_macro_extras | 11 +++++++++++ wolfcrypt/src/port/nxp/casper_port.c | 6 +++--- wolfcrypt/src/port/nxp/hashcrypt_port.c | 9 +++------ wolfssl/wolfcrypt/settings.h | 1 - 4 files changed, 17 insertions(+), 10 deletions(-) diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index e147b902c6..80b854f714 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -845,6 +845,17 @@ WOLFSSL_NO_TICKET_EXPIRE WOLFSSL_NO_TRUSTED_CERTS_VERIFY WOLFSSL_NO_WORD64_OPS WOLFSSL_NO_XOR_OPS +WOLFSSL_NXP_LPC55S69_WITH_HWACCEL +WOLFSSL_NXP_LPC55S69_NO_HWACCEL +WOLFSSL_NXP_CASPER +WOLFSSL_NXP_CASPER_ECC_MULMOD +WOLFSSL_NXP_CASPER_ECC_MUL2ADD +WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD +WOLFSSL_NXP_HASHCRYPT +WOLFSSL_NXP_HASHCRYPT_AES +WOLFSSL_NXP_HASHCRYPT_SHA +WOLFSSL_NXP_HASHCRYPT_SHA256 +WOLFSSL_NXP_RNG_1 WOLFSSL_NRF51_AES WOLFSSL_OLDTLS_AEAD_CIPHERSUITES WOLFSSL_OLD_SET_CURVES_LIST diff --git a/wolfcrypt/src/port/nxp/casper_port.c b/wolfcrypt/src/port/nxp/casper_port.c index 4f3c5b16ca..8766eba8e5 100644 --- a/wolfcrypt/src/port/nxp/casper_port.c +++ b/wolfcrypt/src/port/nxp/casper_port.c @@ -86,7 +86,7 @@ int casper_rsa_public_exptmod( /* 32 for 256 bits, 48 for 384 bits and 72 for 521 bits... */ -#define CASPER_MAX_ECC_SIZE_BYTES (72) +#define CASPER_MAX_ECC_SIZE_BYTES (72) #if defined(HAVE_ECC) && defined(WOLFSSL_NXP_CASPER_ECC_MULMOD) /* calculates R = m*P[X, Y] */ @@ -156,7 +156,7 @@ int casper_ecc_mulmod( mp_set(R->z, 1); return 0; -} +} #endif #if defined(HAVE_ECC) && defined(WOLFSSL_NXP_CASPER_ECC_MUL2ADD) @@ -247,7 +247,7 @@ int casper_ecc_mul2add( mp_set(R->z, 1); return 0; -} +} #endif #endif /* WOLFSSL_NXP_CASPER */ diff --git a/wolfcrypt/src/port/nxp/hashcrypt_port.c b/wolfcrypt/src/port/nxp/hashcrypt_port.c index 87a060d45c..0a6604225d 100644 --- a/wolfcrypt/src/port/nxp/hashcrypt_port.c +++ b/wolfcrypt/src/port/nxp/hashcrypt_port.c @@ -67,9 +67,6 @@ int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId) if (sha256 == NULL) return BAD_FUNC_ARG; - // if (wolfSSL_CryptHwMutexLock() != 0) - // return BAD_MUTEX_E; - XMEMSET(sha256, 0, sizeof(wc_Sha256)); if (HASHCRYPT_SHA_Init(HASHCRYPT, &hash_ctx, kHASHCRYPT_Sha256) != kStatus_Success) @@ -199,13 +196,13 @@ static int _hashcrypt_set_key(Aes* aes) aes_handle.keyType = kHASHCRYPT_UserKey; if (aes->keylen == 128/8) - aes_handle.keySize = kHASHCRYPT_Aes128; + aes_handle.keySize = kHASHCRYPT_Aes128; else if (aes->keylen == 192/8) - aes_handle.keySize = kHASHCRYPT_Aes192; + aes_handle.keySize = kHASHCRYPT_Aes192; else if (aes->keylen == 256/8) aes_handle.keySize = kHASHCRYPT_Aes256; else - return BAD_FUNC_ARG; + return BAD_FUNC_ARG; if (HASHCRYPT_AES_SetKey( HASHCRYPT, &aes_handle, (const uint8_t *)aes->devKey, aes->keylen diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 754162dc22..a549920337 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2105,7 +2105,6 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_NXP_HASHCRYPT_SHA #define WOLFSSL_NXP_HASHCRYPT_SHA256 #define WOLFSSL_NXP_CASPER - // #define WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD #elif defined(WOLFSSL_NXP_LPC55S69_NO_HWACCEL) #define WOLFSSL_NXP_RNG_1 #endif From 9605d96ccbfb19fd53354c9ff2dd781d8658f2ba Mon Sep 17 00:00:00 2001 From: Thomas Cook Date: Thu, 30 Apr 2026 13:32:29 -0400 Subject: [PATCH 11/14] Fix rsa acceleration exponent issue, turn back on. --- wolfcrypt/src/port/nxp/casper_port.c | 2 +- wolfssl/wolfcrypt/settings.h | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/port/nxp/casper_port.c b/wolfcrypt/src/port/nxp/casper_port.c index 8766eba8e5..4a51419368 100644 --- a/wolfcrypt/src/port/nxp/casper_port.c +++ b/wolfcrypt/src/port/nxp/casper_port.c @@ -56,7 +56,7 @@ int casper_rsa_public_exptmod( int res; int sig_sz = inLen; int key_sz = mp_unsigned_bin_size(&key->n); - word32 exp; + word32 exp = 0; if (inLen > CASPER_MAX_BUF_SZ || *outLen > CASPER_MAX_BUF_SZ) return BAD_FUNC_ARG; diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index a549920337..89468e096a 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2105,6 +2105,7 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_NXP_HASHCRYPT_SHA #define WOLFSSL_NXP_HASHCRYPT_SHA256 #define WOLFSSL_NXP_CASPER + #define WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD #elif defined(WOLFSSL_NXP_LPC55S69_NO_HWACCEL) #define WOLFSSL_NXP_RNG_1 #endif From 30fc5887ee4f1f9897bf37893844ba9f7bd471ab Mon Sep 17 00:00:00 2001 From: Thomas Cook Date: Fri, 1 May 2026 13:00:34 -0400 Subject: [PATCH 12/14] Address PR comments --- wolfcrypt/src/port/nxp/README.md | 43 ++++++++++++++++++++- wolfcrypt/src/port/nxp/casper_port.c | 6 +-- wolfcrypt/test/test.c | 18 ++++----- wolfssl/wolfcrypt/port/nxp/casper_port.h | 11 +++--- wolfssl/wolfcrypt/port/nxp/hashcrypt_port.h | 2 +- 5 files changed, 60 insertions(+), 20 deletions(-) diff --git a/wolfcrypt/src/port/nxp/README.md b/wolfcrypt/src/port/nxp/README.md index a2820a4dc5..c59db7d70d 100644 --- a/wolfcrypt/src/port/nxp/README.md +++ b/wolfcrypt/src/port/nxp/README.md @@ -1,6 +1,46 @@ # wolfSSL NXP Hardware Acceleration Ports -wolfSSL supports hardware acceleration on NXP DCP, LTC (KSDK), and SE050. +wolfSSL supports hardware acceleration on NXP DCP, LTC (KSDK), LPC55S69, and SE050. + +## NXP LPC55S69 + +The LPC55S69 is a general purpose edge computing device, with dual ARM +Cortex-M33 cores running up to 150 MHz, 640/320 KB internal flash/ram, +TrustZone-M, a DSP accelerator, and extensive cryptographic acceleration. + +wolfSSL supports the following hardware acceleration on the LPC55S69: +- TRNG +- HashCrypt (Hash/AES Crypto Engine) + - AES (128, 192, 256) encrypt/decrypt + - AES-CBC, AES-ECB, AES-CTR, AES-OFB, AES-CFB + - SHA-1, SHA-256 +- CASPER (Asymmetric Crypto Accelerator) + - RSA verify/encrypt/decrypt (up to 4096-bit, public key only) + +### LPC55S69 Hardware Acceleration Caveats + +The following caveats should be noted about the LPC55S69 hardware acceleration: +- AES-CTR mode fails when the counter wraps from all FF's to 0. User should +ensure this never happens, by properly managing the iv/counter in use. +- AES-CFB and AES-OFB only support full 16-byte blocks and multiples thereof. +Encrypt/Decrypt requests of other sizes will fail. +- RSA acceleration is only supported for public keys. Private key operations +will use a fully software implementation. +- When the HashCrypt engine is in use for SHA-1 or SHA-256, it must not be +interrupted with another hash request or an AES request. The hash must be +completed before another operation is requested. + +### wolfSSL LPC55S69 Hardware Acceleration Enable/Disable + +To enable LPC55S69 hardware acceleration, define the following symbol: + +**`WOLFSSL_NXP_LPC55S69_WITH_HWACCEL`** + +To disable LPC55S69 hardware acceleration, define the following symbol: + +**`WOLFSSL_NXP_LPC55S69_NO_HWACCEL`** + +NOTE: In either case, the TRNG is always enabled for use. ## NXP SE050 @@ -10,3 +50,4 @@ see [README_SE050.md](./README_SE050.md). ## Support For questions please email support@wolfssl.com + diff --git a/wolfcrypt/src/port/nxp/casper_port.c b/wolfcrypt/src/port/nxp/casper_port.c index 4a51419368..17687bf30d 100644 --- a/wolfcrypt/src/port/nxp/casper_port.c +++ b/wolfcrypt/src/port/nxp/casper_port.c @@ -82,7 +82,7 @@ int casper_rsa_public_exptmod( return 0; } -#endif +#endif /* !NO_RSA && WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD */ /* 32 for 256 bits, 48 for 384 bits and 72 for 521 bits... */ @@ -157,7 +157,7 @@ int casper_ecc_mulmod( return 0; } -#endif +#endif /* HAVE_ECC && WOLFSSL_NXP_CASPER_ECC_MULMOD */ #if defined(HAVE_ECC) && defined(WOLFSSL_NXP_CASPER_ECC_MUL2ADD) /* calculates R = m*P[X, Y] + n*Q[X, Y] */ @@ -248,6 +248,6 @@ int casper_ecc_mul2add( return 0; } -#endif +#endif /* HAVE_ECC && WOLFSSL_NXP_CASPER_ECC_MUL2ADD */ #endif /* WOLFSSL_NXP_CASPER */ diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index a1b598e93f..65b2abaec9 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -11699,7 +11699,7 @@ EVP_TEST_END: if (XMEMCMP(cipher + WC_AES_BLOCK_SIZE, cipher1 + WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); - #endif + #endif /* !WOLFSSL_NXP_HASHCRYPT_AES */ #ifdef HAVE_AES_DECRYPT ret = wc_AesOfbDecrypt(dec, plain, cipher1, WC_AES_BLOCK_SIZE); @@ -11718,7 +11718,7 @@ EVP_TEST_END: if (XMEMCMP(plain + WC_AES_BLOCK_SIZE, plain1 + WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); - #endif + #endif /* !WOLFSSL_NXP_HASHCRYPT_AES */ #endif /* HAVE_AES_DECRYPT */ /* multiple blocks at once */ @@ -11803,7 +11803,7 @@ EVP_TEST_END: #ifndef WOLFSSL_NXP_HASHCRYPT_AES if (XMEMCMP(cipher + 3, cipher1 + 3, WC_AES_BLOCK_SIZE)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); - #endif + #endif /* !WOLFSSL_NXP_HASHCRYPT_AES */ #ifdef HAVE_AES_DECRYPT ret = wc_AesOfbDecrypt(dec, plain, cipher1, 6); @@ -11820,7 +11820,7 @@ EVP_TEST_END: #ifndef WOLFSSL_NXP_HASHCRYPT_AES if (XMEMCMP(plain + 6, plain1 + 6, WC_AES_BLOCK_SIZE)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); - #endif + #endif /* !WOLFSSL_NXP_HASHCRYPT_AES */ #endif /* HAVE_AES_DECRYPT */ #endif /* WOLFSSL_AES_256 */ @@ -12040,7 +12040,7 @@ EVP_TEST_END: if (XMEMCMP(plain, msg1, WC_AES_BLOCK_SIZE * 3)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); #endif /* HAVE_AES_DECRYPT */ - #endif + #endif /* !WOLFSSL_NXP_HASHCRYPT_AES */ #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 @@ -12154,7 +12154,7 @@ EVP_TEST_END: if (XMEMCMP(plain, msg3, WC_AES_BLOCK_SIZE * 4)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); #endif /* HAVE_AES_DECRYPT */ - #endif + #endif /* !WOLFSSL_NXP_HASHCRYPT_AES */ #endif /* WOLFSSL_AES_256 */ out: @@ -15618,7 +15618,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_ctr_test(void) { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128, ctrPlain, (int)sizeof(ctr128Wrap128CipherLong), ctr128Wrap128CipherLong }, - #endif + #endif /* !WOLFSSL_NXP_HASHCRYPT_AES */ #if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128_2, ctrPlain, (int)sizeof(ctr128Wrap128_2CipherLong), @@ -15662,7 +15662,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_ctr_test(void) { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap128, ctrPlain, (int)sizeof(ctr192Wrap128CipherLong), ctr192Wrap128CipherLong }, - #endif + #endif /* !WOLFSSL_NXP_HASHCRYPT_AES */ #if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap128_2, ctrPlain, (int)sizeof(ctr192Wrap128_2CipherLong), @@ -15706,7 +15706,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_ctr_test(void) { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128, ctrPlain, (int)sizeof(ctr256Wrap128CipherLong), ctr256Wrap128CipherLong }, - #endif + #endif /* !WOLFSSL_NXP_HASHCRYPT_AES */ #if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128_2, ctrPlain, (int)sizeof(ctr256Wrap128_2CipherLong), diff --git a/wolfssl/wolfcrypt/port/nxp/casper_port.h b/wolfssl/wolfcrypt/port/nxp/casper_port.h index 3d5698eadc..f52921fa6f 100644 --- a/wolfssl/wolfcrypt/port/nxp/casper_port.h +++ b/wolfssl/wolfcrypt/port/nxp/casper_port.h @@ -26,13 +26,12 @@ int wc_casper_init(void); #if !defined(NO_RSA) && defined(WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD) - #include int casper_rsa_public_exptmod( const byte* in, word32 inLen, byte* out, word32* outLen, RsaKey* key ); -#endif +#endif /* !NO_RSA && WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD */ #if defined(HAVE_ECC) @@ -42,14 +41,14 @@ int casper_rsa_public_exptmod( int casper_ecc_mulmod( const mp_int *m, ecc_point *P, ecc_point *R, int curve_id ); -#endif +#endif /* WOLFSSL_NXP_CASPER_ECC_MULMOD */ #ifdef WOLFSSL_NXP_CASPER_ECC_MUL2ADD int casper_ecc_mul2add( const mp_int *m, ecc_point *P, const mp_int *n, ecc_point *Q, ecc_point *R, int curve_id ); -#endif -#endif +#endif /* WOLFSSL_NXP_CASPER_ECC_MUL2ADD */ +#endif /* HAVE_ECC */ -#endif +#endif /* _CASPER_PORT_H_ */ diff --git a/wolfssl/wolfcrypt/port/nxp/hashcrypt_port.h b/wolfssl/wolfcrypt/port/nxp/hashcrypt_port.h index 8001606705..1e12b629dd 100644 --- a/wolfssl/wolfcrypt/port/nxp/hashcrypt_port.h +++ b/wolfssl/wolfcrypt/port/nxp/hashcrypt_port.h @@ -25,4 +25,4 @@ int wc_hashcrypt_init(void); -#endif +#endif /* _HASHCRYPT_PORT_H_ */ From 0b9540603725c1b198cc56309ff85c029490aa72 Mon Sep 17 00:00:00 2001 From: Thomas Cook Date: Fri, 1 May 2026 17:53:53 -0400 Subject: [PATCH 13/14] Set NO_WOLFSSL_SHA256_INTERLEAVE when lpc55s69 hw accel is enabled --- wolfssl/wolfcrypt/settings.h | 1 + 1 file changed, 1 insertion(+) diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 89468e096a..842ccab3cf 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2106,6 +2106,7 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_NXP_HASHCRYPT_SHA256 #define WOLFSSL_NXP_CASPER #define WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD + #define NO_WOLFSSL_SHA256_INTERLEAVE #elif defined(WOLFSSL_NXP_LPC55S69_NO_HWACCEL) #define WOLFSSL_NXP_RNG_1 #endif From b4a19b50b7e1b8b742a3697f026353ac70e44245 Mon Sep 17 00:00:00 2001 From: Thomas Cook Date: Thu, 7 May 2026 17:00:12 -0400 Subject: [PATCH 14/14] Address pr comments --- .wolfssl_known_macro_extras | 4 +--- wolfcrypt/src/aes.c | 2 +- wolfcrypt/src/include.am | 2 ++ wolfcrypt/src/port/nxp/README.md | 13 ++++++----- wolfcrypt/src/port/nxp/casper_port.c | 6 +---- wolfcrypt/src/port/nxp/hashcrypt_port.c | 25 +++++++++------------ wolfcrypt/src/random.c | 2 +- wolfcrypt/src/sha256.c | 4 ++-- wolfssl/wolfcrypt/include.am | 2 ++ wolfssl/wolfcrypt/port/nxp/hashcrypt_port.h | 2 -- wolfssl/wolfcrypt/settings.h | 6 ++--- 11 files changed, 29 insertions(+), 39 deletions(-) diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index d25b217ddd..62474dfa9f 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -857,8 +857,7 @@ WOLFSSL_NO_TICKET_EXPIRE WOLFSSL_NO_TRUSTED_CERTS_VERIFY WOLFSSL_NO_WORD64_OPS WOLFSSL_NO_XOR_OPS -WOLFSSL_NXP_LPC55S69_WITH_HWACCEL -WOLFSSL_NXP_LPC55S69_NO_HWACCEL +WOLFSSL_NXP_LPC55S6X WOLFSSL_NXP_CASPER WOLFSSL_NXP_CASPER_ECC_MULMOD WOLFSSL_NXP_CASPER_ECC_MUL2ADD @@ -866,7 +865,6 @@ WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD WOLFSSL_NXP_HASHCRYPT WOLFSSL_NXP_HASHCRYPT_AES WOLFSSL_NXP_HASHCRYPT_SHA -WOLFSSL_NXP_HASHCRYPT_SHA256 WOLFSSL_NXP_RNG_1 WOLFSSL_NRF51_AES WOLFSSL_OLDTLS_AEAD_CIPHERSUITES diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 47b3f94adb..d1aed39315 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -141,7 +141,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits #endif #ifdef WOLFSSL_NXP_HASHCRYPT_AES -#include + #include #endif #ifdef WOLFSSL_SECO_CAAM diff --git a/wolfcrypt/src/include.am b/wolfcrypt/src/include.am index 0abb5cfa78..135fbbcdd1 100644 --- a/wolfcrypt/src/include.am +++ b/wolfcrypt/src/include.am @@ -71,6 +71,8 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \ wolfcrypt/src/port/nxp/dcp_port.c \ wolfcrypt/src/port/nxp/se050_port.c \ wolfcrypt/src/port/nxp/README.md \ + wolfcrypt/src/port/nxp/casper_port.c \ + wolfcrypt/src/port/nxp/hashcrypt_port.c \ wolfcrypt/src/port/atmel/README.md \ wolfcrypt/src/port/xilinx/xil-sha3.c \ wolfcrypt/src/port/xilinx/xil-aesgcm.c \ diff --git a/wolfcrypt/src/port/nxp/README.md b/wolfcrypt/src/port/nxp/README.md index c59db7d70d..55f7351a64 100644 --- a/wolfcrypt/src/port/nxp/README.md +++ b/wolfcrypt/src/port/nxp/README.md @@ -30,17 +30,18 @@ will use a fully software implementation. interrupted with another hash request or an AES request. The hash must be completed before another operation is requested. -### wolfSSL LPC55S69 Hardware Acceleration Enable/Disable +### wolfSSL LPC55S69 Hardware Acceleration Enable -To enable LPC55S69 hardware acceleration, define the following symbol: +To enable only the TRNG, define the following symbol: -**`WOLFSSL_NXP_LPC55S69_WITH_HWACCEL`** +**`WOLFSSL_NXP_RNG_1`** -To disable LPC55S69 hardware acceleration, define the following symbol: +To enable all LPC55S69 hardware acceleration, including the TRNG, +define the following symbol: -**`WOLFSSL_NXP_LPC55S69_NO_HWACCEL`** +**`WOLFSSL_NXP_LPC55S6X`** -NOTE: In either case, the TRNG is always enabled for use. +NOTE: Both can be defined with no problem. ## NXP SE050 diff --git a/wolfcrypt/src/port/nxp/casper_port.c b/wolfcrypt/src/port/nxp/casper_port.c index 17687bf30d..dd4f2f6552 100644 --- a/wolfcrypt/src/port/nxp/casper_port.c +++ b/wolfcrypt/src/port/nxp/casper_port.c @@ -19,11 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifdef WOLFSSL_NXP_CASPER diff --git a/wolfcrypt/src/port/nxp/hashcrypt_port.c b/wolfcrypt/src/port/nxp/hashcrypt_port.c index 0a6604225d..5f4d43c578 100644 --- a/wolfcrypt/src/port/nxp/hashcrypt_port.c +++ b/wolfcrypt/src/port/nxp/hashcrypt_port.c @@ -19,12 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifdef WOLFSSL_NXP_HASHCRYPT @@ -38,27 +33,27 @@ #include #include "fsl_hashcrypt.h" -#if (!defined(NO_SHA) && defined(WOLFSSL_NXP_HASHCRYPT_SHA)) || \ - (!defined(NO_SHA256) && defined(WOLFSSL_NXP_HASHCRYPT_SHA256)) - static hashcrypt_hash_ctx_t hash_ctx; - static int finish_called; +#if (!defined(NO_SHA) || !defined(NO_SHA256)) && \ + defined(WOLFSSL_NXP_HASHCRYPT_SHA) +static hashcrypt_hash_ctx_t hash_ctx; +static int finish_called; #endif #if !defined(NO_AES) && defined(WOLFSSL_NXP_HASHCRYPT_AES) - hashcrypt_handle_t aes_handle; +hashcrypt_handle_t aes_handle; #endif int wc_hashcrypt_init(void) { -#if (!defined(NO_SHA) && defined(WOLFSSL_NXP_HASHCRYPT_SHA)) || \ - (!defined(NO_SHA256) && defined(WOLFSSL_NXP_HASHCRYPT_SHA256)) || \ +#if ((!defined(NO_SHA) || !defined(NO_SHA256)) && \ + defined(WOLFSSL_NXP_HASHCRYPT_SHA)) || \ (!defined(NO_AES) && defined(WOLFSSL_NXP_HASHCRYPT_AES)) HASHCRYPT_Init(HASHCRYPT); #endif return 0; } -#if !defined(NO_SHA256) && defined(WOLFSSL_NXP_HASHCRYPT_SHA256) +#if !defined(NO_SHA256) && defined(WOLFSSL_NXP_HASHCRYPT_SHA) int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId) { (void)heap; @@ -121,7 +116,7 @@ int wc_Sha256Final(wc_Sha256* sha256, byte* hash) return 0; } -#endif /* !defined(NO_SHA256) && defined(WOLFSSL_NXP_HASHCRYPT_SHA256) */ +#endif /* !defined(NO_SHA256) && defined(WOLFSSL_NXP_HASHCRYPT_SHA) */ #if !defined(NO_SHA) && defined(WOLFSSL_NXP_HASHCRYPT_SHA) diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 1dc86ce89a..2aa7e372e9 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -5152,7 +5152,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) #elif defined(WOLFSSL_NXP_RNG_1) #include "fsl_rng.h" - int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz){ + int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) { (void)os; if (output == NULL) { diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index a4acfaa3b1..a7218de52b 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -222,7 +222,7 @@ on the specific device platform. !defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) || \ defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)) && \ !defined(PSOC6_HASH_SHA2) && !defined(WOLFSSL_IMXRT_DCP) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \ - !defined(WOLFSSL_NXP_HASHCRYPT_SHA256) && \ + !defined(WOLFSSL_NXP_HASHCRYPT_SHA) && \ !defined(WOLFSSL_KCAPI_HASH) && !defined(WOLFSSL_SE050_HASH) && \ ((!defined(WOLFSSL_RENESAS_SCEPROTECT) && \ !defined(WOLFSSL_RENESAS_RSIP)) \ @@ -1069,7 +1069,7 @@ static int InitSha256(wc_Sha256* sha256) #include /* implemented in wolfcrypt/src/port/nxp/dcp_port.c */ -#elif defined(WOLFSSL_NXP_HASHCRYPT_SHA256) +#elif defined(WOLFSSL_NXP_HASHCRYPT_SHA) /* implemented in wolfcrypt/src/port/nxp/hashcrypt_port.c */ #elif defined(WOLFSSL_SILABS_SE_ACCEL) diff --git a/wolfssl/wolfcrypt/include.am b/wolfssl/wolfcrypt/include.am index a4c703c455..76cb6e90e7 100644 --- a/wolfssl/wolfcrypt/include.am +++ b/wolfssl/wolfcrypt/include.am @@ -95,6 +95,8 @@ noinst_HEADERS+= \ wolfssl/wolfcrypt/port/nrf51.h \ wolfssl/wolfcrypt/port/nxp/ksdk_port.h \ wolfssl/wolfcrypt/port/nxp/dcp_port.h \ + wolfssl/wolfcrypt/port/nxp/casper_port.h \ + wolfssl/wolfcrypt/port/nxp/hashcrypt_port.h \ wolfssl/wolfcrypt/port/xilinx/xil-sha3.h \ wolfssl/wolfcrypt/port/xilinx/xil-versal-glue.h \ wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h \ diff --git a/wolfssl/wolfcrypt/port/nxp/hashcrypt_port.h b/wolfssl/wolfcrypt/port/nxp/hashcrypt_port.h index 1e12b629dd..5930907e70 100644 --- a/wolfssl/wolfcrypt/port/nxp/hashcrypt_port.h +++ b/wolfssl/wolfcrypt/port/nxp/hashcrypt_port.h @@ -21,8 +21,6 @@ #ifndef _HASHCRYPT_PORT_H_ #define _HASHCRYPT_PORT_H_ -#include - int wc_hashcrypt_init(void); #endif /* _HASHCRYPT_PORT_H_ */ diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index e14a6eba9d..4bdb8aead8 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2132,17 +2132,15 @@ extern void uITRON4_free(void *p) ; #endif #endif /* FREESCALE_USE_LTC */ -#if defined(WOLFSSL_NXP_LPC55S69_WITH_HWACCEL) +#ifdef WOLFSSL_NXP_LPC55S6X + #undef WOLFSSL_NXP_RNG_1 #define WOLFSSL_NXP_RNG_1 #define WOLFSSL_NXP_HASHCRYPT #define WOLFSSL_NXP_HASHCRYPT_AES #define WOLFSSL_NXP_HASHCRYPT_SHA - #define WOLFSSL_NXP_HASHCRYPT_SHA256 #define WOLFSSL_NXP_CASPER #define WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD #define NO_WOLFSSL_SHA256_INTERLEAVE -#elif defined(WOLFSSL_NXP_LPC55S69_NO_HWACCEL) - #define WOLFSSL_NXP_RNG_1 #endif #ifdef FREESCALE_LTC_TFM_RSA_4096_ENABLE