From bbbae10faf404669e4f1316dd0fdfef27325ef6c Mon Sep 17 00:00:00 2001 From: Thomas Cook Date: Mon, 13 Apr 2026 10:53:53 -0400 Subject: [PATCH] Rework sha/sha256 hw accel based on test and benchmark testing --- wolfcrypt/src/port/nxp/hashcrypt_port.c | 176 ++++++++++++++++++++++-- wolfcrypt/src/sha.c | 2 +- wolfcrypt/src/sha256.c | 4 +- wolfcrypt/test/test.c | 4 + wolfssl/wolfcrypt/settings.h | 3 + 5 files changed, 178 insertions(+), 11 deletions(-) diff --git a/wolfcrypt/src/port/nxp/hashcrypt_port.c b/wolfcrypt/src/port/nxp/hashcrypt_port.c index 1e799dd569..ff4c47b5bc 100644 --- a/wolfcrypt/src/port/nxp/hashcrypt_port.c +++ b/wolfcrypt/src/port/nxp/hashcrypt_port.c @@ -32,25 +32,31 @@ #error WOLFSSL_CRYPT_HW_MUTEX=1 not supported yet #endif -//#include +#include #include #include #include #include "fsl_hashcrypt.h" -#if !(defined(NO_SHA256) && defined(NO_SHA)) -static hashcrypt_hash_ctx_t hash_ctx; +#if (!defined(NO_SHA) && defined(WOLFSSL_NXP_HASHCRYPT_SHA)) || \ + (!defined(NO_SHA256) && defined(WOLFSSL_NXP_HASHCRYPT_SHA256)) + static hashcrypt_hash_ctx_t hash_ctx; + static int finish_called; #endif int wc_hashcrypt_init(void) { -#if !(defined(NO_SHA256) && defined(NO_SHA)) +#if (!defined(NO_SHA) && defined(WOLFSSL_NXP_HASHCRYPT_SHA)) || \ + (!defined(NO_SHA256) && defined(WOLFSSL_NXP_HASHCRYPT_SHA256)) || \ + (!defined(NO_AES) && defined(WOLFSSL_NXP_HASHCRYPT_AES)) HASHCRYPT_Init(HASHCRYPT); #endif return 0; } -#ifndef NO_SHA256 +#if (!defined(NO_SHA256) && defined(WOLFSSL_NXP_HASHCRYPT_SHA256)) + + int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId) { (void)heap; @@ -66,6 +72,8 @@ int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId) if (HASHCRYPT_SHA_Init(HASHCRYPT, &hash_ctx, kHASHCRYPT_Sha256) != kStatus_Success) return WC_HW_E; + finish_called = 0; + return 0; } @@ -74,6 +82,11 @@ int wc_Sha256Update(wc_Sha256* sha256, const byte* data, word32 len) if (sha256 == NULL || (data == NULL && len != 0)) return BAD_FUNC_ARG; + if (finish_called) + { + HASHCRYPT_SHA_Init(HASHCRYPT, &hash_ctx, kHASHCRYPT_Sha256); + finish_called = 0; + } if (HASHCRYPT_SHA_Update(HASHCRYPT, &hash_ctx, data, len) != kStatus_Success) return WC_HW_E; @@ -83,10 +96,17 @@ int wc_Sha256Update(wc_Sha256* sha256, const byte* data, word32 len) int wc_Sha256Final(wc_Sha256* sha256, byte* hash) { size_t outlen = WC_SHA256_DIGEST_SIZE; + static byte previous_sha256_hash[WC_SHA256_DIGEST_SIZE]; if (sha256 == NULL || hash == NULL) return BAD_FUNC_ARG; + if (finish_called) + { + memcpy(hash, previous_sha256_hash, WC_SHA256_DIGEST_SIZE); + return 0; + } + if ( HASHCRYPT_SHA_Finish(HASHCRYPT, &hash_ctx, hash, &outlen) != kStatus_Success || outlen != WC_SHA256_DIGEST_SIZE @@ -94,13 +114,15 @@ int wc_Sha256Final(wc_Sha256* sha256, byte* hash) { return WC_HW_E; } + memcpy(previous_sha256_hash, hash, WC_SHA256_DIGEST_SIZE); + finish_called = 1; return 0; } -#endif /* !NO_SHA256 */ +#endif /* **_SHA256 */ -#ifndef NO_SHA +#if (!defined(NO_SHA) && defined(WOLFSSL_NXP_HASHCRYPT_SHA)) int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId) { (void)heap; @@ -113,6 +135,8 @@ int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId) if (HASHCRYPT_SHA_Init(HASHCRYPT, &hash_ctx, kHASHCRYPT_Sha1) != kStatus_Success) return WC_HW_E; + finish_called = 0; + return 0; } @@ -121,6 +145,11 @@ int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len) if (sha == NULL || (data == NULL && len != 0)) return BAD_FUNC_ARG; + if (finish_called) + { + HASHCRYPT_SHA_Init(HASHCRYPT, &hash_ctx, kHASHCRYPT_Sha1); + finish_called = 0; + } if (HASHCRYPT_SHA_Update(HASHCRYPT, &hash_ctx, data, len) != kStatus_Success) return WC_HW_E; @@ -130,10 +159,17 @@ int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len) int wc_ShaFinal(wc_Sha* sha, byte* hash) { size_t outlen = WC_SHA_DIGEST_SIZE; + static byte previous_sha_hash[WC_SHA_DIGEST_SIZE]; if (sha == NULL || hash == NULL) return BAD_FUNC_ARG; + if (finish_called) + { + memcpy(hash, previous_sha_hash, WC_SHA_DIGEST_SIZE); + return 0; + } + if ( HASHCRYPT_SHA_Finish(HASHCRYPT, &hash_ctx, hash, &outlen) != kStatus_Success || outlen != WC_SHA_DIGEST_SIZE @@ -141,9 +177,133 @@ int wc_ShaFinal(wc_Sha* sha, byte* hash) { return WC_HW_E; } + memcpy(previous_sha_hash, hash, WC_SHA_DIGEST_SIZE); + finish_called = 1; return 0; } -#endif /* !NO_SHA */ +#endif /* **_SHA */ + + +#if (!defined(NO_AES) && defined(WOLFSSL_NXP_HASHCRYPT_AES)) + + +WOLFSSL_AES_128 +WOLFSSL_AES_192 +WOLFSSL_AES_256 + + + + + + + +int wc_AesSetKey( + Aes* aes, const byte* userKey, word32 keylen, const byte* iv, int dir +) +{ + + return 0; +} + + +#ifdef HAVE_AES_CBC +int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + + return 0; +} + +#ifdef HAVE_AES_DECRYPT +int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + + return 0; +} +#endif +#endif /* HAVE_AES_CBC */ + + +#ifdef HAVE_AES_ECB +int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + + return 0; +} + +#ifdef HAVE_AES_DECRYPT +int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + + return 0; +} +#endif +#endif /* HAVE_AES_ECB */ + + +#ifdef WOLFSSL_AES_OFB +int wc_AesOfbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + + return 0; +} + +#ifdef HAVE_AES_DECRYPT +int wc_AesOfbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + + return 0; +} +#endif +#endif /* WOLFSSL_AES_OFB */ + + +#ifdef WOLFSSL_AES_CFB +int wc_AesCfbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + + return 0; +} + +#ifdef HAVE_AES_DECRYPT +int wc_AesCfbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + + return 0; +} +#endif +#endif /* WOLFSSL_AES_CFB */ + + +#ifdef WOLFSSL_AES_COUNTER +int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + + return 0; +} + +#ifdef WOLFSSL_AES_DIRECT +int wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in) +{ + +} + +int wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in) +{ + +} + +int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len, + const byte* iv, int dir) +{ + +} +#endif + +#endif /* WOLFSSL_AES_COUNTER */ + + +#endif /* **_AES */ + #endif /* WOLFSSL_NXP_HASHCRYPT */ diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c index efdf7fcefe..4ec8b8dfd1 100644 --- a/wolfcrypt/src/sha.c +++ b/wolfcrypt/src/sha.c @@ -348,7 +348,7 @@ #include /* implemented in wolfcrypt/src/port/nxp/dcp_port.c */ -#elif defined(WOLFSSL_NXP_HASHCRYPT) +#elif defined(WOLFSSL_NXP_HASHCRYPT_SHA) /* implemented in wolfcrypt/src/port/nxp/hashcrypt_port.c */ #elif defined(WOLFSSL_SILABS_SE_ACCEL) diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index 7acb3ef1a2..caea962406 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -222,7 +222,7 @@ on the specific device platform. !defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) || \ defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)) && \ !defined(PSOC6_HASH_SHA2) && !defined(WOLFSSL_IMXRT_DCP) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \ - !defined(WOLFSSL_NXP_HASHCRYPT) && \ + !defined(WOLFSSL_NXP_HASHCRYPT_SHA256) && \ !defined(WOLFSSL_KCAPI_HASH) && !defined(WOLFSSL_SE050_HASH) && \ ((!defined(WOLFSSL_RENESAS_SCEPROTECT) && \ !defined(WOLFSSL_RENESAS_RSIP)) \ @@ -1052,7 +1052,7 @@ static int InitSha256(wc_Sha256* sha256) #include /* implemented in wolfcrypt/src/port/nxp/dcp_port.c */ -#elif defined(WOLFSSL_NXP_HASHCRYPT) +#elif defined(WOLFSSL_NXP_HASHCRYPT_SHA256) /* implemented in wolfcrypt/src/port/nxp/hashcrypt_port.c */ #elif defined(WOLFSSL_SILABS_SE_ACCEL) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 80866209c5..eebecd128b 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -4595,12 +4595,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha_test(void) ret = wc_InitSha_ex(&sha, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); +#ifndef NO_WOLFSSL_SHA256_INTERLEAVE ret = wc_InitSha_ex(&shaCopy, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); ret = wc_ShaUpdate(&shaCopy, (byte*)b.input, (word32)b.inLen); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); +#endif ret = wc_ShaUpdate(&sha, (byte*)a.input, (word32)a.inLen); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); @@ -5310,12 +5312,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha256_test(void) ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); +#ifndef NO_WOLFSSL_SHA256_INTERLEAVE ret = wc_InitSha256_ex(&shaCopy, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); ret = wc_Sha256Update(&shaCopy, (byte*)b.input, (word32)b.inLen); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); +#endif ret = wc_Sha256Update(&sha, (byte*)a.input, (word32)a.inLen); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index b4c2e20b6e..bb0b879a60 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2101,6 +2101,9 @@ extern void uITRON4_free(void *p) ; #ifdef WOLFSSL_NXP_LPC55S69 #ifndef WOLFSSL_NXP_LPC55S69_NO_HWACCEL #define WOLFSSL_NXP_RNG_1 + #define WOLFSSL_NXP_HASHCRYPT + #define WOLFSSL_NXP_HASHCRYPT_SHA + #define WOLFSSL_NXP_HASHCRYPT_SHA256 #endif #endif /* WOLFSSL_NXP_LPC55S69 */