mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 11:20:55 +02:00
425dc1372d
Add CryptoCB-based AES key import support to enable Secure Element offload without exposing raw AES key material to wolfCrypt. When WOLF_CRYPTO_CB_AES_SETKEY is defined, wolfCrypt invokes a CryptoCB callback during AES key setup. Behavior is determined by the callback return value: - If callback returns 0: Key is imported to the device (aes->devCtx). Key is NOT copied to wolfCrypt RAM; GCM H/M tables are NOT generated. Full hardware offload is assumed. - If callback returns CRYPTOCB_UNAVAILABLE: Device does not support SetKey. Normal software path is used; key is copied to devKey for optional encrypt/decrypt acceleration. - Any other error: Propagated to the caller. Key points: - Add wc_CryptoCb_AesSetKey() callback for AES key import - Update AES SetKey paths to call CryptoCB and branch on return value - Skip GCM H/M table generation when callback succeeded (devCtx set) - Preserve existing behavior when devId is INVALID_DEVID or WOLF_CRYPTO_CB_AES_SETKEY is not defined Testing: - Add unit test for CryptoCB AES SetKey (verifies key isolation when callback succeeds) - Add end-to-end AES-GCM offload test (SetKey, Encrypt, Decrypt, Free via CryptoCB) - Tests use a mock SE with software AES to validate routing Enable with: CPPFLAGS="-DWOLF_CRYPTO_CB_AES_SETKEY -DWOLF_CRYPTO_CB_FREE" Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com>