mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 15:00:49 +02:00
425dc1372d
Add CryptoCB-based AES key import support to enable Secure Element offload without exposing raw AES key material to wolfCrypt. When WOLF_CRYPTO_CB_AES_SETKEY is defined, wolfCrypt invokes a CryptoCB callback during AES key setup. Behavior is determined by the callback return value: - If callback returns 0: Key is imported to the device (aes->devCtx). Key is NOT copied to wolfCrypt RAM; GCM H/M tables are NOT generated. Full hardware offload is assumed. - If callback returns CRYPTOCB_UNAVAILABLE: Device does not support SetKey. Normal software path is used; key is copied to devKey for optional encrypt/decrypt acceleration. - Any other error: Propagated to the caller. Key points: - Add wc_CryptoCb_AesSetKey() callback for AES key import - Update AES SetKey paths to call CryptoCB and branch on return value - Skip GCM H/M table generation when callback succeeded (devCtx set) - Preserve existing behavior when devId is INVALID_DEVID or WOLF_CRYPTO_CB_AES_SETKEY is not defined Testing: - Add unit test for CryptoCB AES SetKey (verifies key isolation when callback succeeds) - Add end-to-end AES-GCM offload test (SetKey, Encrypt, Decrypt, Free via CryptoCB) - Tests use a mock SE with software AES to validate routing Enable with: CPPFLAGS="-DWOLF_CRYPTO_CB_AES_SETKEY -DWOLF_CRYPTO_CB_FREE" Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com>
106 lines
4.5 KiB
C
106 lines
4.5 KiB
C
/* test_aes.h
|
|
*
|
|
* Copyright (C) 2006-2025 wolfSSL Inc.
|
|
*
|
|
* This file is part of wolfSSL.
|
|
*
|
|
* wolfSSL is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* wolfSSL is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
|
*/
|
|
|
|
#ifndef WOLFCRYPT_TEST_AES_H
|
|
#define WOLFCRYPT_TEST_AES_H
|
|
|
|
#include <tests/api/api_decl.h>
|
|
|
|
int test_wc_AesSetKey(void);
|
|
int test_wc_AesSetIV(void);
|
|
int test_wc_AesEncryptDecryptDirect(void);
|
|
int test_wc_AesEcbEncryptDecrypt(void);
|
|
int test_wc_AesCbcEncryptDecrypt(void);
|
|
int test_wc_AesCfbEncryptDecrypt(void);
|
|
int test_wc_AesOfbEncryptDecrypt(void);
|
|
int test_wc_AesCtsEncryptDecrypt(void);
|
|
int test_wc_AesCtrSetKey(void);
|
|
int test_wc_AesCtrEncryptDecrypt(void);
|
|
int test_wc_AesGcmSetKey(void);
|
|
int test_wc_AesGcmEncryptDecrypt_Sizes(void);
|
|
int test_wc_AesGcmEncryptDecrypt(void);
|
|
int test_wc_AesGcmMixedEncDecLongIV(void);
|
|
int test_wc_AesGcmStream(void);
|
|
int test_wc_AesCcmSetKey(void);
|
|
int test_wc_AesCcmEncryptDecrypt(void);
|
|
int test_wc_AesXtsSetKey(void);
|
|
int test_wc_AesXtsEncryptDecrypt_Sizes(void);
|
|
int test_wc_AesXtsEncryptDecrypt(void);
|
|
#if defined(WOLFSSL_AES_EAX) && defined(WOLFSSL_AES_256) && \
|
|
(!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
|
|
int test_wc_AesEaxVectors(void);
|
|
int test_wc_AesEaxEncryptAuth(void);
|
|
int test_wc_AesEaxDecryptAuth(void);
|
|
#endif /* WOLFSSL_AES_EAX && WOLFSSL_AES_256*/
|
|
|
|
int test_wc_GmacSetKey(void);
|
|
int test_wc_GmacUpdate(void);
|
|
#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_AES_SETKEY) && \
|
|
!defined(NO_AES) && defined(HAVE_AESGCM)
|
|
int test_wc_CryptoCb_AesSetKey(void);
|
|
int test_wc_CryptoCb_AesGcm_EncryptDecrypt(void);
|
|
#endif
|
|
|
|
#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_AES_SETKEY) && \
|
|
!defined(NO_AES) && defined(HAVE_AESGCM)
|
|
#define TEST_CRYPTOCB_AES_SETKEY_DECL , TEST_DECL_GROUP("aes", test_wc_CryptoCb_AesSetKey), \
|
|
TEST_DECL_GROUP("aes", test_wc_CryptoCb_AesGcm_EncryptDecrypt)
|
|
#else
|
|
#define TEST_CRYPTOCB_AES_SETKEY_DECL
|
|
#endif
|
|
|
|
#define TEST_AES_DECLS \
|
|
TEST_DECL_GROUP("aes", test_wc_AesSetKey), \
|
|
TEST_DECL_GROUP("aes", test_wc_AesSetIV), \
|
|
TEST_DECL_GROUP("aes", test_wc_AesEncryptDecryptDirect), \
|
|
TEST_DECL_GROUP("aes", test_wc_AesEcbEncryptDecrypt), \
|
|
TEST_DECL_GROUP("aes", test_wc_AesCbcEncryptDecrypt), \
|
|
TEST_DECL_GROUP("aes", test_wc_AesCfbEncryptDecrypt), \
|
|
TEST_DECL_GROUP("aes", test_wc_AesOfbEncryptDecrypt), \
|
|
TEST_DECL_GROUP("aes", test_wc_AesCtsEncryptDecrypt), \
|
|
TEST_DECL_GROUP("aes", test_wc_AesCtrSetKey), \
|
|
TEST_DECL_GROUP("aes", test_wc_AesCtrEncryptDecrypt), \
|
|
TEST_DECL_GROUP("aes", test_wc_AesGcmSetKey), \
|
|
TEST_DECL_GROUP("aes", test_wc_AesGcmEncryptDecrypt_Sizes), \
|
|
TEST_DECL_GROUP("aes", test_wc_AesGcmEncryptDecrypt), \
|
|
TEST_DECL_GROUP("aes", test_wc_AesGcmMixedEncDecLongIV), \
|
|
TEST_DECL_GROUP("aes", test_wc_AesGcmStream), \
|
|
TEST_DECL_GROUP("aes", test_wc_AesCcmSetKey), \
|
|
TEST_DECL_GROUP("aes", test_wc_AesCcmEncryptDecrypt), \
|
|
TEST_DECL_GROUP("aes", test_wc_AesXtsSetKey), \
|
|
TEST_DECL_GROUP("aes", test_wc_AesXtsEncryptDecrypt_Sizes), \
|
|
TEST_DECL_GROUP("aes", test_wc_AesXtsEncryptDecrypt) \
|
|
TEST_CRYPTOCB_AES_SETKEY_DECL
|
|
|
|
#if defined(WOLFSSL_AES_EAX) && defined(WOLFSSL_AES_256) && \
|
|
(!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
|
|
#define TEST_AES_EAX_DECLS \
|
|
TEST_DECL_GROUP("aes-eax", test_wc_AesEaxVectors), \
|
|
TEST_DECL_GROUP("aes-eax", test_wc_AesEaxEncryptAuth), \
|
|
TEST_DECL_GROUP("aes-eax", test_wc_AesEaxDecryptAuth)
|
|
#endif /* WOLFSSL_AES_EAX */
|
|
|
|
#define TEST_GMAC_DECLS \
|
|
TEST_DECL_GROUP("gmac", test_wc_GmacSetKey), \
|
|
TEST_DECL_GROUP("gmac", test_wc_GmacUpdate)
|
|
|
|
#endif /* WOLFCRYPT_TEST_AES_H */
|