nxp casper changes. turn off ecc and rsa hw accel

twcook86 · twcook86 · commit 3878271e3506 · 2026-04-21T19:37:24.000-04:00
diff --git a/wolfcrypt/src/port/nxp/casper_port.c b/wolfcrypt/src/port/nxp/casper_port.c
@@ -50,15 +50,15 @@ static uint8_t sig_buf[CASPER_MAX_BUF_SZ];
 static uint8_t out_buf[CASPER_MAX_BUF_SZ];
 
 int casper_rsa_public_exptmod(
-    const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key
+    const byte* in, word32 inLen, byte* out, word32* outLen, RsaKey* key
 )
 {
     int res;
     int sig_sz = inLen;
     int key_sz = mp_unsigned_bin_size(&key->n);
     word32 exp;
 
-    if (inLen > CASPER_MAX_BUF_SZ || outLen > CASPER_MAX_BUF_SZ)
+    if (inLen > CASPER_MAX_BUF_SZ || *outLen > CASPER_MAX_BUF_SZ)
         return BAD_FUNC_ARG;
 
     /* casper requires little endian format for inputs/outputs */
@@ -78,8 +78,176 @@ int casper_rsa_public_exptmod(
     mp_reverse(out_buf, sig_sz);
     XMEMCPY(out, out_buf, sig_sz);
 
+    *outLen = inLen;
+
     return 0;
 }
 #endif
 
+
+/* 32 for 256 bits, 48 for 384 bits and 72 for 521 bits... */
+#define CASPER_MAX_ECC_SIZE_BYTES (72) 
+
+#if defined(HAVE_ECC) && defined(WOLFSSL_NXP_CASPER_ECC_MULMOD)
+/* calculates R = m*P[X, Y] */
+int casper_ecc_mulmod(
+    const mp_int *m, ecc_point *P, ecc_point *R, int curve_id
+)
+{
+    uint32_t M[CASPER_MAX_ECC_SIZE_BYTES / sizeof(uint32_t)] = { 0 };
+    uint32_t X[CASPER_MAX_ECC_SIZE_BYTES / sizeof(uint32_t)] = { 0 };
+    uint32_t Y[CASPER_MAX_ECC_SIZE_BYTES / sizeof(uint32_t)] = { 0 };
+    int size;
+
+    if (!m || !P || !R)
+        return BAD_FUNC_ARG;
+
+    if (curve_id == ECC_SECP256R1)
+    {
+        size = 32;
+        CASPER_ecc_init(kCASPER_ECC_P256);
+    }
+    else if (curve_id == ECC_SECP384R1)
+    {
+        size = 48;
+        CASPER_ecc_init(kCASPER_ECC_P384);
+    }
+    else if (curve_id == ECC_SECP521R1)
+    {
+        size = 66;
+        CASPER_ecc_init(kCASPER_ECC_P521);
+    }
+    else
+        return BAD_FUNC_ARG;
+
+    /* scalar */
+    if (mp_to_unsigned_bin(m, (unsigned char *)&M[0]) != MP_OKAY)
+        return MP_TO_E;
+    mp_reverse((unsigned char *)&M[0], size);
+
+    /* point */
+    if (mp_to_unsigned_bin(P->x, (unsigned char *)&X[0]) != MP_OKAY)
+        return MP_TO_E;
+    mp_reverse((unsigned char *)&X[0], size);
+    if (mp_to_unsigned_bin(P->y, (unsigned char *)&Y[0]) != MP_OKAY)
+        return MP_TO_E;
+    mp_reverse((unsigned char *)&Y[0], size);
+
+    if (curve_id == ECC_SECP256R1)
+    {
+        CASPER_ECC_SECP256R1_Mul(CASPER, X, Y, X, Y, (void *)M);
+    }
+    else if (curve_id == ECC_SECP384R1)
+    {
+        CASPER_ECC_SECP384R1_Mul(CASPER, X, Y, X, Y, (void *)M);
+    }
+    else if (curve_id == ECC_SECP521R1)
+    {
+        CASPER_ECC_SECP521R1_Mul(CASPER, X, Y, X, Y, (void *)M);
+    }
+
+    /* result */
+    mp_reverse((unsigned char *)&X[0], size);
+    if (mp_read_unsigned_bin(R->x, (unsigned char *)&X[0], size) != MP_OKAY)
+        return MP_READ_E;
+    mp_reverse((unsigned char *)&Y[0], size);
+    if (mp_read_unsigned_bin(R->y, (unsigned char *)&Y[0], size) != MP_OKAY)
+        return MP_READ_E;
+    mp_set(R->z, 1);
+
+    return 0;
+}    
+#endif
+
+#if defined(HAVE_ECC) && defined(WOLFSSL_NXP_CASPER_ECC_MUL2ADD)
+/* calculates R = m*P[X, Y] + n*Q[X, Y] */
+int casper_ecc_mul2add(
+    const mp_int *m, ecc_point *P, const mp_int *n, ecc_point *Q,
+    ecc_point *R, int curve_id
+)
+{
+    uint32_t M[CASPER_MAX_ECC_SIZE_BYTES / sizeof(uint32_t)]  = { 0 };
+    uint32_t X1[CASPER_MAX_ECC_SIZE_BYTES / sizeof(uint32_t)] = { 0 };
+    uint32_t Y1[CASPER_MAX_ECC_SIZE_BYTES / sizeof(uint32_t)] = { 0 };
+    uint32_t N[CASPER_MAX_ECC_SIZE_BYTES / sizeof(uint32_t)]  = { 0 };
+    uint32_t X2[CASPER_MAX_ECC_SIZE_BYTES / sizeof(uint32_t)] = { 0 };
+    uint32_t Y2[CASPER_MAX_ECC_SIZE_BYTES / sizeof(uint32_t)] = { 0 };
+    int size;
+
+    if (!m || !P || !n || !Q || !R)
+        return BAD_FUNC_ARG;
+
+    if (curve_id == ECC_SECP256R1)
+    {
+        size = 32;
+        CASPER_ecc_init(kCASPER_ECC_P256);
+    }
+    else if (curve_id == ECC_SECP384R1)
+    {
+        size = 48;
+        CASPER_ecc_init(kCASPER_ECC_P384);
+    }
+    else if (curve_id == ECC_SECP521R1)
+    {
+        size = 66;
+        CASPER_ecc_init(kCASPER_ECC_P521);
+    }
+    else
+        return BAD_FUNC_ARG;
+
+    /* first scalar */
+    if (mp_to_unsigned_bin(m, (unsigned char *)&M[0]) != MP_OKAY)
+        return MP_TO_E;
+    mp_reverse((unsigned char *)&M[0], size);
+
+    /* first point */
+    if (mp_to_unsigned_bin(P->x, (unsigned char *)&X1[0]) != MP_OKAY)
+        return MP_TO_E;
+    mp_reverse((unsigned char *)&X1[0], size);
+    if (mp_to_unsigned_bin(P->y, (unsigned char *)&Y1[0]) != MP_OKAY)
+        return MP_TO_E;
+    mp_reverse((unsigned char *)&Y1[0], size);
+
+    /* second scalar */
+    if (mp_to_unsigned_bin(n, (unsigned char *)&N[0]) != MP_OKAY)
+        return MP_TO_E;
+    mp_reverse((unsigned char *)&N[0], size);
+
+    /* second point */
+    if (mp_to_unsigned_bin(Q->x, (unsigned char *)&X2[0]) != MP_OKAY)
+        return MP_TO_E;
+    mp_reverse((unsigned char *)&X2[0], size);
+    if (mp_to_unsigned_bin(Q->y, (unsigned char *)&Y2[0]) != MP_OKAY)
+        return MP_TO_E;
+    mp_reverse((unsigned char *)&Y2[0], size);
+
+    if (curve_id == ECC_SECP256R1)
+    {
+        CASPER_ECC_SECP256R1_MulAdd(CASPER, &X1[0], &Y1[0], &X1[0], &Y1[0],
+            (void *)M, &X2[0], &Y2[0], (void *)N);
+    }
+    else if (curve_id == ECC_SECP384R1)
+    {
+        CASPER_ECC_SECP384R1_MulAdd(CASPER, &X1[0], &Y1[0], &X1[0], &Y1[0],
+            (void *)M, &X2[0], &Y2[0], (void *)N);
+    }
+    else if (curve_id == ECC_SECP521R1)
+    {
+        CASPER_ECC_SECP521R1_MulAdd(CASPER, &X1[0], &Y1[0], &X1[0], &Y1[0],
+            (void *)M, &X2[0], &Y2[0], (void *)N);
+    }
+
+    /* result */
+    mp_reverse((unsigned char *)&X1[0], size);
+    if (mp_read_unsigned_bin(R->x, (unsigned char *)&X1[0], size) != MP_OKAY)
+        return MP_READ_E;
+    mp_reverse((unsigned char *)&Y1[0], size);
+    if (mp_read_unsigned_bin(R->y, (unsigned char *)&Y1[0], size) != MP_OKAY)
+        return MP_READ_E;
+    mp_set(R->z, 1);
+
+    return 0;
+}    
+#endif
+
 #endif /* WOLFSSL_NXP_CASPER */
diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c
@@ -2415,20 +2415,6 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
     return ret;
 }
 
-#elif defined(WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD)
-static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
-                              word32* outLen, int type, RsaKey* key,
-                              WC_RNG* rng)
-{
-    (void)rng;
-
-    if (type == RSA_PUBLIC_DECRYPT || type == RSA_PUBLIC_ENCRYPT) {
-        return casper_rsa_public_exptmod(in, inLen, out, *outLen, key);
-    }
-
-    return RSA_WRONG_TYPE_E;
-}
-
 #else
 #ifndef WOLF_CRYPTO_CB_ONLY_RSA
 #ifdef WOLFSSL_HAVE_SP_RSA
@@ -2845,6 +2831,15 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
         return MP_VAL;
     }
 
+#if defined(WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD)
+    if (type == RSA_PUBLIC_DECRYPT || type == RSA_PUBLIC_ENCRYPT) {
+        ret = casper_rsa_public_exptmod(in, inLen, out, outLen, key);
+        if (ret == 0)
+            return MP_OKAY;
+        /* else fall through for software fallback */
+    }
+#endif
+
 #ifdef WOLFSSL_HAVE_SP_RSA
     ret = RsaFunction_SP(in, inLen, out, outLen, type, key, rng);
     if (ret != WC_NO_ERR_TRACE(WC_KEY_SIZE_E))
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
@@ -2522,7 +2522,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
     if ( (ret = aesofb_test()) != 0)
         TEST_FAIL("AES-OFB  test failed!\n", ret);
     else
-        TEST_PASS("AES-OFB   test passed!\n");
+        TEST_PASS("AES-OFB  test passed!\n");
 #endif
 
 #ifdef HAVE_AESGCM
diff --git a/wolfssl/wolfcrypt/port/nxp/casper_port.h b/wolfssl/wolfcrypt/port/nxp/casper_port.h
@@ -30,8 +30,26 @@ int wc_casper_init(void);
 #include <wolfssl/wolfcrypt/rsa.h>
 
 int casper_rsa_public_exptmod(
-    const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key
+    const byte* in, word32 inLen, byte* out, word32* outLen, RsaKey* key
 );
 #endif
 
+
+#if defined(HAVE_ECC)
+#include <wolfssl/wolfcrypt/ecc.h>
+
+#ifdef WOLFSSL_NXP_CASPER_ECC_MULMOD
+int casper_ecc_mulmod(
+    const mp_int *m, ecc_point *P, ecc_point *R, int curve_id
+);
+#endif
+
+#ifdef WOLFSSL_NXP_CASPER_ECC_MUL2ADD
+int casper_ecc_mul2add(
+    const mp_int *m, ecc_point *P, const mp_int *n, ecc_point *Q,
+    ecc_point *R, int curve_id
+);
+#endif
+#endif
+
 #endif
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
@@ -2106,9 +2106,7 @@ extern void uITRON4_free(void *p) ;
         #define WOLFSSL_NXP_HASHCRYPT_SHA
         #define WOLFSSL_NXP_HASHCRYPT_SHA256
         #define WOLFSSL_NXP_CASPER
-        #define WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD
-        // #define WOLFSSL_NXP_CASPER_ECC_MUL2ADD
-        // #define WOLFSSL_SP_MULMOD
+        // #define WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD
     #endif
 #endif /* WOLFSSL_NXP_LPC55S69 */
 
