Skip to content

Fixed issue with SiLibs AES Direct (required by DTLS v1.3) #9343

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Oct 27, 2025
+54 −19
Merged

Fixed issue with SiLibs AES Direct (required by DTLS v1.3) #9343

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d62b106
Fixed issue with SiLibs AES Direct (required by DTLS v1.3). ZD 20695
dgarske Oct 24, 2025
76abc43
Put unused fix in correct location.
dgarske Oct 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions wolfcrypt/benchmark/benchmark.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15752,6 +15752,7 @@ void bench_sphincsKeySign(byte level, byte optim)
double current_time(int reset)
{
portTickType tickCount = xTaskGetTickCount();
(void)reset;
/* if configTICK_RATE_HZ is available use if (default is 1000) */
#ifdef configTICK_RATE_HZ
return (double)tickCount / configTICK_RATE_HZ;
Expand Down
41 changes: 22 additions & 19 deletions wolfcrypt/src/aes.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -645,17 +645,19 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
#define WOLFSSL_AES_DIRECT

/* Encrypt: If we choose to never have a fallback to SW: */
#if !defined(NEED_AES_HW_FALLBACK) && (defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT))
static WARN_UNUSED_RESULT int wc_AesEncrypt( /* calling this one when NO_AES_192 is defined */
#if !defined(NEED_AES_HW_FALLBACK) && \
(defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT))
/* calling this one when NO_AES_192 is defined */
static WARN_UNUSED_RESULT int wc_AesEncrypt(
Aes* aes, const byte* inBlock, byte* outBlock)
{
int ret;

#ifdef WC_DEBUG_CIPHER_LIFECYCLE
#ifdef WC_DEBUG_CIPHER_LIFECYCLE
ret = wc_debug_CipherLifecycleCheck(aes->CipherLifecycleTag, 0);
if (ret < 0)
return ret;
#endif
#endif

/* Thread mutex protection handled in esp_aes_hw_InUse */
#ifdef NEED_AES_HW_FALLBACK
Expand All @@ -670,7 +672,8 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
#endif

/* Decrypt: If we choose to never have a fallback to SW: */
#if !defined(NEED_AES_HW_FALLBACK) && (defined(HAVE_AES_DECRYPT) && defined(WOLFSSL_AES_DIRECT))
#if !defined(NEED_AES_HW_FALLBACK) && \
(defined(HAVE_AES_DECRYPT) && defined(WOLFSSL_AES_DIRECT))
static WARN_UNUSED_RESULT int wc_AesDecrypt(
Aes* aes, const byte* inBlock, byte* outBlock)
{
Expand Down Expand Up @@ -1111,6 +1114,9 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(Aes* aes, const byte* inBlock,
#elif defined(WOLFSSL_RISCV_ASM)
/* implemented in wolfcrypt/src/port/risc-v/riscv-64-aes.c */

#elif defined(WOLFSSL_SILABS_SE_ACCEL)
/* implemented in wolfcrypt/src/port/silabs/silabs_aes.c */

#else

/* using wolfCrypt software implementation */
Expand All @@ -1127,17 +1133,17 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(Aes* aes, const byte* inBlock,

#ifndef WC_AES_BITSLICED
#if defined(__aarch64__) || !defined(WOLFSSL_ARMASM)
#if !defined(WOLFSSL_SILABS_SE_ACCEL) || \
defined(NO_ESP32_CRYPT) || defined(NO_WOLFSSL_ESP32_CRYPT_AES) || \
defined(NEED_AES_HW_FALLBACK)
#if !defined(WOLFSSL_ESP32_CRYPT) || \
(defined(NO_ESP32_CRYPT) || defined(NO_WOLFSSL_ESP32_CRYPT_AES) || \
defined(NEED_AES_HW_FALLBACK))
static const FLASH_QUALIFIER word32 rcon[] = {
0x01000000, 0x02000000, 0x04000000, 0x08000000,
0x10000000, 0x20000000, 0x40000000, 0x80000000,
0x1B000000, 0x36000000,
/* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
};
#endif
#endif
#endif /* ESP32 */
#endif /* __aarch64__ || !WOLFSSL_ARMASM */

#if defined(__aarch64__) || !defined(WOLFSSL_ARMASM) || \
defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) || defined(WOLFSSL_AES_DIRECT) || \
Expand Down Expand Up @@ -1410,7 +1416,7 @@ static const FLASH_QUALIFIER word32 Te[4][256] = {
}
};

#if defined(HAVE_AES_DECRYPT) && !defined(WOLFSSL_SILABS_SE_ACCEL)
#ifdef HAVE_AES_DECRYPT
#if defined(__aarch64__) || !defined(WOLFSSL_ARMASM)
static const FLASH_QUALIFIER word32 Td[4][256] = {
{
Expand Down Expand Up @@ -1679,14 +1685,13 @@ static const FLASH_QUALIFIER word32 Td[4][256] = {
0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
}
};
#endif
#endif /* __aarch64__ || !WOLFSSL_ARMASM */
#endif /* HAVE_AES_DECRYPT */
#endif /* WOLFSSL_AES_SMALL_TABLES */

#ifdef HAVE_AES_DECRYPT
#if (defined(HAVE_AES_CBC) && !defined(WOLFSSL_DEVCRYPTO_CBC) && \
!defined(WOLFSSL_SILABS_SE_ACCEL)) || \
defined(HAVE_AES_ECB) || defined(WOLFSSL_AES_DIRECT)
#if (defined(HAVE_AES_CBC) && !defined(WOLFSSL_DEVCRYPTO_CBC)) || \
defined(HAVE_AES_ECB) || defined(WOLFSSL_AES_DIRECT)
#if defined(__aarch64__) || !defined(WOLFSSL_ARMASM)
static const FLASH_QUALIFIER byte Td4[256] =
{
Expand Down Expand Up @@ -3091,8 +3096,7 @@ static WARN_UNUSED_RESULT int wc_AesEncrypt(
#endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT || HAVE_AESGCM */

#if defined(HAVE_AES_DECRYPT)
#if ((defined(HAVE_AES_CBC) && !defined(WOLFSSL_DEVCRYPTO_CBC) && \
!defined(WOLFSSL_SILABS_SE_ACCEL)) || \
#if ((defined(HAVE_AES_CBC) && !defined(WOLFSSL_DEVCRYPTO_CBC)) || \
defined(HAVE_AES_ECB) || defined(WOLFSSL_AES_DIRECT)) && \
(defined(__aarch64__) || !defined(WOLFSSL_ARMASM))

Expand Down Expand Up @@ -3731,8 +3735,7 @@ static void AesDecryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz)
#endif /* !WC_AES_BITSLICED */
#endif

#if (defined(HAVE_AES_CBC) && !defined(WOLFSSL_DEVCRYPTO_CBC) && \
!defined(WOLFSSL_SILABS_SE_ACCEL)) || \
#if (defined(HAVE_AES_CBC) && !defined(WOLFSSL_DEVCRYPTO_CBC)) || \
defined(WOLFSSL_AES_DIRECT)
#if defined(__aarch64__) || !defined(WOLFSSL_ARMASM)
#if !defined(WC_AES_BITSLICED) || defined(WOLFSSL_AES_DIRECT)
Expand Down
26 changes: 26 additions & 0 deletions wolfcrypt/src/port/silabs/silabs_aes.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,32 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
return ret;
}

#ifdef WOLFSSL_AES_DIRECT
int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
{
sl_status_t status = sl_se_aes_crypt_ecb(
&(aes->ctx.cmd_ctx),
&(aes->ctx.key),
SL_SE_ENCRYPT,
WC_AES_BLOCK_SIZE,
inBlock,
outBlock);
return (status != SL_STATUS_OK) ? WC_HW_E : 0;
}

int wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
{
sl_status_t status = sl_se_aes_crypt_ecb(
&(aes->ctx.cmd_ctx),
&(aes->ctx.key),
SL_SE_DECRYPT,
WC_AES_BLOCK_SIZE,
inBlock,
outBlock);
return (status != SL_STATUS_OK) ? WC_HW_E : 0;
}
#endif /* WOLFSSL_AES_DIRECT */

int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
{
sl_status_t status = sl_se_aes_crypt_cbc(
Expand Down
5 changes: 5 additions & 0 deletions wolfssl/wolfcrypt/port/silabs/silabs_aes.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,11 @@ typedef struct {

typedef struct Aes Aes;

#ifdef WOLFSSL_AES_DIRECT
int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock);
int wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock);
#endif

#ifdef HAVE_AESGCM
int wc_AesGcmEncrypt_silabs (Aes* aes, byte* out, const byte* in, word32 sz,
const byte* iv, word32 ivSz,
Expand Down