Merge pull request #9343 from dgarske/silabs_aesdirect

JacobBarthelmeh · web-flow · commit a1d000cede61 · 2025-10-27T13:04:12.000-06:00
Fixed issue with SiLibs AES Direct (required by DTLS v1.3)
diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c
@@ -15752,6 +15752,7 @@ void bench_sphincsKeySign(byte level, byte optim)
     double current_time(int reset)
     {
         portTickType tickCount = xTaskGetTickCount();
+        (void)reset;
         /* if configTICK_RATE_HZ is available use if (default is 1000) */
     #ifdef configTICK_RATE_HZ
         return (double)tickCount / configTICK_RATE_HZ;
diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
@@ -646,17 +646,19 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
     #define WOLFSSL_AES_DIRECT
 
     /* Encrypt: If we choose to never have a fallback to SW: */
-    #if !defined(NEED_AES_HW_FALLBACK) && (defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT))
-    static WARN_UNUSED_RESULT int wc_AesEncrypt( /* calling this one when NO_AES_192 is defined */
+    #if !defined(NEED_AES_HW_FALLBACK) && \
+        (defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT))
+    /* calling this one when NO_AES_192 is defined */
+    static WARN_UNUSED_RESULT int wc_AesEncrypt(
         Aes* aes, const byte* inBlock, byte* outBlock)
     {
         int ret;
 
-#ifdef WC_DEBUG_CIPHER_LIFECYCLE
+    #ifdef WC_DEBUG_CIPHER_LIFECYCLE
         ret = wc_debug_CipherLifecycleCheck(aes->CipherLifecycleTag, 0);
         if (ret < 0)
             return ret;
-#endif
+    #endif
 
         /* Thread mutex protection handled in esp_aes_hw_InUse */
     #ifdef NEED_AES_HW_FALLBACK
@@ -671,7 +673,8 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
     #endif
 
     /* Decrypt: If we choose to never have a fallback to SW: */
-    #if !defined(NEED_AES_HW_FALLBACK) && (defined(HAVE_AES_DECRYPT) && defined(WOLFSSL_AES_DIRECT))
+    #if !defined(NEED_AES_HW_FALLBACK) && \
+        (defined(HAVE_AES_DECRYPT) && defined(WOLFSSL_AES_DIRECT))
     static WARN_UNUSED_RESULT int wc_AesDecrypt(
         Aes* aes, const byte* inBlock, byte* outBlock)
     {
@@ -1112,6 +1115,9 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(Aes* aes, const byte* inBlock,
 #elif defined(WOLFSSL_RISCV_ASM)
 /* implemented in wolfcrypt/src/port/risc-v/riscv-64-aes.c */
 
+#elif defined(WOLFSSL_SILABS_SE_ACCEL)
+/* implemented in wolfcrypt/src/port/silabs/silabs_aes.c */
+
 #else
 
     /* using wolfCrypt software implementation */
@@ -1128,17 +1134,17 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(Aes* aes, const byte* inBlock,
 
 #ifndef WC_AES_BITSLICED
 #if defined(__aarch64__) || !defined(WOLFSSL_ARMASM)
-#if !defined(WOLFSSL_SILABS_SE_ACCEL) ||  \
-     defined(NO_ESP32_CRYPT) || defined(NO_WOLFSSL_ESP32_CRYPT_AES) || \
-     defined(NEED_AES_HW_FALLBACK)
+#if !defined(WOLFSSL_ESP32_CRYPT) || \
+    (defined(NO_ESP32_CRYPT) || defined(NO_WOLFSSL_ESP32_CRYPT_AES) || \
+     defined(NEED_AES_HW_FALLBACK))
 static const FLASH_QUALIFIER word32 rcon[] = {
     0x01000000, 0x02000000, 0x04000000, 0x08000000,
     0x10000000, 0x20000000, 0x40000000, 0x80000000,
     0x1B000000, 0x36000000,
     /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
 };
-#endif
-#endif
+#endif /* ESP32 */
+#endif /* __aarch64__ || !WOLFSSL_ARMASM */
 
 #if defined(__aarch64__) || !defined(WOLFSSL_ARMASM) || \
       defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) || defined(WOLFSSL_AES_DIRECT) || \
@@ -1411,7 +1417,7 @@ static const FLASH_QUALIFIER word32 Te[4][256] = {
 }
 };
 
-#if defined(HAVE_AES_DECRYPT) && !defined(WOLFSSL_SILABS_SE_ACCEL)
+#ifdef HAVE_AES_DECRYPT
 #if defined(__aarch64__) || !defined(WOLFSSL_ARMASM)
 static const FLASH_QUALIFIER word32 Td[4][256] = {
 {
@@ -1680,14 +1686,13 @@ static const FLASH_QUALIFIER word32 Td[4][256] = {
     0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
 }
 };
-#endif
+#endif /* __aarch64__ || !WOLFSSL_ARMASM */
 #endif /* HAVE_AES_DECRYPT */
 #endif /* WOLFSSL_AES_SMALL_TABLES */
 
 #ifdef HAVE_AES_DECRYPT
-#if (defined(HAVE_AES_CBC) && !defined(WOLFSSL_DEVCRYPTO_CBC) && \
-                              !defined(WOLFSSL_SILABS_SE_ACCEL)) || \
-    defined(HAVE_AES_ECB) || defined(WOLFSSL_AES_DIRECT)
+#if (defined(HAVE_AES_CBC) && !defined(WOLFSSL_DEVCRYPTO_CBC)) || \
+     defined(HAVE_AES_ECB) || defined(WOLFSSL_AES_DIRECT)
 #if defined(__aarch64__) || !defined(WOLFSSL_ARMASM)
 static const FLASH_QUALIFIER byte Td4[256] =
 {
@@ -3092,8 +3097,7 @@ static WARN_UNUSED_RESULT int wc_AesEncrypt(
 #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT || HAVE_AESGCM */
 
 #if defined(HAVE_AES_DECRYPT)
-#if ((defined(HAVE_AES_CBC) && !defined(WOLFSSL_DEVCRYPTO_CBC) && \
-                              !defined(WOLFSSL_SILABS_SE_ACCEL)) || \
+#if ((defined(HAVE_AES_CBC) && !defined(WOLFSSL_DEVCRYPTO_CBC)) || \
      defined(HAVE_AES_ECB) || defined(WOLFSSL_AES_DIRECT)) && \
     (defined(__aarch64__) || !defined(WOLFSSL_ARMASM))
 
@@ -3732,8 +3736,7 @@ static void AesDecryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz)
 #endif /* !WC_AES_BITSLICED */
 #endif
 
-#if (defined(HAVE_AES_CBC) && !defined(WOLFSSL_DEVCRYPTO_CBC) && \
-                              !defined(WOLFSSL_SILABS_SE_ACCEL)) || \
+#if (defined(HAVE_AES_CBC) && !defined(WOLFSSL_DEVCRYPTO_CBC)) || \
     defined(WOLFSSL_AES_DIRECT)
 #if defined(__aarch64__) || !defined(WOLFSSL_ARMASM)
 #if !defined(WC_AES_BITSLICED) || defined(WOLFSSL_AES_DIRECT)
diff --git a/wolfcrypt/src/port/silabs/silabs_aes.c b/wolfcrypt/src/port/silabs/silabs_aes.c
@@ -89,6 +89,32 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
     return ret;
 }
 
+#ifdef WOLFSSL_AES_DIRECT
+int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
+{
+    sl_status_t status = sl_se_aes_crypt_ecb(
+        &(aes->ctx.cmd_ctx),
+        &(aes->ctx.key),
+        SL_SE_ENCRYPT,
+        WC_AES_BLOCK_SIZE,
+        inBlock,
+        outBlock);
+    return (status != SL_STATUS_OK) ? WC_HW_E : 0;
+}
+
+int wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
+{
+    sl_status_t status = sl_se_aes_crypt_ecb(
+        &(aes->ctx.cmd_ctx),
+        &(aes->ctx.key),
+        SL_SE_DECRYPT,
+        WC_AES_BLOCK_SIZE,
+        inBlock,
+        outBlock);
+    return (status != SL_STATUS_OK) ? WC_HW_E : 0;
+}
+#endif /* WOLFSSL_AES_DIRECT */
+
 int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 {
     sl_status_t status = sl_se_aes_crypt_cbc(
diff --git a/wolfssl/wolfcrypt/port/silabs/silabs_aes.h b/wolfssl/wolfcrypt/port/silabs/silabs_aes.h
@@ -38,6 +38,11 @@ typedef struct {
 
 typedef struct Aes Aes;
 
+#ifdef WOLFSSL_AES_DIRECT
+int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock);
+int wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock);
+#endif
+
 #ifdef HAVE_AESGCM
 int wc_AesGcmEncrypt_silabs (Aes* aes, byte* out, const byte* in, word32 sz,
                              const byte* iv, word32 ivSz,

Original file line number	Diff line number	Diff line change
`@@ -15752,6 +15752,7 @@ void bench_sphincsKeySign(byte level, byte optim)`
`15752`	`15752`	`double current_time(int reset)`
`15753`	`15753`	`{`
`15754`	`15754`	`portTickType tickCount = xTaskGetTickCount();`
	`15755`	`+ (void)reset;`
`15755`	`15756`	`/* if configTICK_RATE_HZ is available use if (default is 1000) */`
`15756`	`15757`	`#ifdef configTICK_RATE_HZ`
`15757`	`15758`	`return (double)tickCount / configTICK_RATE_HZ;`