PIC32MZ

ctaocrypt/benchmark/benchmark.c

@@ -85,6 +85,7 @@ void bench_rabbit(void);
 void bench_aes(int);
 void bench_aesgcm(void);
 void bench_aesccm(void);
+void bench_aesctr(void);
 void bench_camellia(void);
 
 void bench_md5(void);
@@ -155,6 +156,11 @@ int benchmark_test(void *args)
 #ifdef HAVE_AESGCM
     bench_aesgcm();
 #endif
+
+#ifdef CYASSL_AES_COUNTER
+    bench_aesctr();
+#endif
+
 #ifdef HAVE_AESCCM
     bench_aesccm();
 #endif
@@ -224,12 +230,15 @@ static const char blockType[] = "kB";  /* used in printf output */
 static const int ntimes      = 1;        /* public key iterations */
 static const int genTimes   = 5;
 static const int agreeTimes = 5;
+const int ntimes      = 1;        /* public key iterations */
+const int genTimes   = 5;
+const int agreeTimes = 5;
 #else
 static const int numBlocks = 5;
 static const char blockType[] = "megs";
-static const int ntimes      = 100;
+const int ntimes      = 100;
-static const int genTimes   = 100;
+const int genTimes   = 100;
-static const int agreeTimes = 100;
+const int agreeTimes = 100;
 #endif
 
 static const byte key[] = 
@@ -285,7 +294,7 @@ void bench_aes(int show)
 #endif
 
     if (show)
-        printf("AES      %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks,
+        printf("AES      %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks,
                                                   blockType, total, persec);
 #ifdef HAVE_CAVIUM
     AesFreeCavium(&enc);
@@ -322,13 +331,40 @@ void bench_aesgcm(void)
     persec = persec / 1024;
 #endif
 
-    printf("AES-GCM  %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks,
+    printf("AES-GCM  %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks,
+                                              blockType, total, persec);
+}
+#endif
+
+#ifdef CYASSL_AES_COUNTER
+void bench_aesctr(void)
+{
+    Aes    enc;
+    double start, total, persec;
+    int    i;
+
+    AesSetKeyDirect(&enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
+    start = current_time(1);
+
+    for(i = 0; i < numBlocks; i++)
+        AesCtrEncrypt(&enc, plain, cipher, sizeof(plain));
+
+    total = current_time(0) - start;
+
+    persec = 1 / total * numBlocks;
+#ifdef BENCH_EMBEDDED
+    /* since using kB, convert to MB/s */
+    persec = persec / 1024;
+#endif
+
+    printf("AES-CTR  %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks,
                                               blockType, total, persec);
 }
 #endif
 
 
-#ifdef HAVE_AESCCM
+
+#ifdef CYASSL_AESCCM
 void bench_aesccm(void)
 {
     Aes    enc;
@@ -350,7 +386,7 @@ void bench_aesccm(void)
     persec = persec / 1024;
 #endif
 
-    printf("AES-CCM  %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks,
+    printf("AES-CCM  %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks,
                                               blockType, total, persec);
 }
 #endif
@@ -377,7 +413,7 @@ void bench_camellia(void)
     persec = persec / 1024;
 #endif
 
-    printf("Camellia %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks,
+    printf("Camellia %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks,
                                               blockType, total, persec);
 }
 #endif
@@ -408,7 +444,7 @@ void bench_des(void)
     persec = persec / 1024;
 #endif
 
-    printf("3DES     %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks,
+    printf("3DES     %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks,
                                               blockType, total, persec);
 #ifdef HAVE_CAVIUM
     Des3_FreeCavium(&enc);
@@ -442,7 +478,7 @@ void bench_arc4(void)
     persec = persec / 1024;
 #endif
 
-    printf("ARC4     %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks,
+    printf("ARC4     %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks,
                                               blockType, total, persec);
 #ifdef HAVE_CAVIUM
     Arc4FreeCavium(&enc);
@@ -471,7 +507,7 @@ void bench_hc128(void)
     persec = persec / 1024;
 #endif
 
-    printf("HC128    %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks,
+    printf("HC128    %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks,
                                               blockType, total, persec);
 }
 #endif /* HAVE_HC128 */
@@ -497,7 +533,7 @@ void bench_rabbit(void)
     persec = persec / 1024;
 #endif
 
-    printf("RABBIT   %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks,
+    printf("RABBIT   %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks,
                                               blockType, total, persec);
 }
 #endif /* NO_RABBIT */
@@ -526,7 +562,7 @@ void bench_md5(void)
     persec = persec / 1024;
 #endif
 
-    printf("MD5      %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks,
+    printf("MD5      %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks,
                                               blockType, total, persec);
 }
 #endif /* NO_MD5 */
@@ -555,7 +591,7 @@ void bench_sha(void)
     persec = persec / 1024;
 #endif
 
-    printf("SHA      %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks,
+    printf("SHA      %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks,
                                               blockType, total, persec);
 }
 #endif /* NO_SHA */
@@ -584,7 +620,7 @@ void bench_sha256(void)
     persec = persec / 1024;
 #endif
 
-    printf("SHA-256  %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks,
+    printf("SHA-256  %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks,
                                               blockType, total, persec);
 }
 #endif
@@ -612,7 +648,7 @@ void bench_sha512(void)
     persec = persec / 1024;
 #endif
 
-    printf("SHA-512  %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks,
+    printf("SHA-512  %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks,
                                               blockType, total, persec);
 }
 #endif
@@ -640,7 +676,7 @@ void bench_ripemd(void)
     persec = persec / 1024;
 #endif
 
-    printf("RIPEMD   %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks,
+    printf("RIPEMD   %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks,
                                               blockType, total, persec);
 }
 #endif
@@ -669,7 +705,7 @@ void bench_blake2(void)
     persec = persec / 1024;
 #endif
 
-    printf("BLAKE2b  %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks,
+    printf("BLAKE2b  %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks,
                                               blockType, total, persec);
 }
 #endif
@@ -751,7 +787,7 @@ void bench_rsa(void)
     each  = total / ntimes;   /* per second   */
     milliEach = each * 1000; /* milliseconds */
 
-    printf("RSA %d encryption took %6.2f milliseconds, avg over %d" 
+    printf("RSA %d encryption took %6.3f milliseconds, avg over %d"
            " iterations\n", rsaKeySz, milliEach, ntimes);
 
     if (ret < 0) {
@@ -770,7 +806,7 @@ void bench_rsa(void)
     each  = total / ntimes;   /* per second   */
     milliEach = each * 1000; /* milliseconds */
 
-    printf("RSA %d decryption took %6.2f milliseconds, avg over %d" 
+    printf("RSA %d decryption took %6.3f milliseconds, avg over %d"
            " iterations\n", rsaKeySz, milliEach, ntimes);
 
     FreeRsaKey(&rsaKey);
@@ -856,7 +892,7 @@ void bench_dh(void)
     each  = total / ntimes;   /* per second   */
     milliEach = each * 1000; /* milliseconds */
 
-    printf("DH  %d key generation  %6.2f milliseconds, avg over %d" 
+    printf("DH  %d key generation  %6.3f milliseconds, avg over %d"
            " iterations\n", dhKeySz, milliEach, ntimes);
 
     DhGenerateKeyPair(&dhKey, &rng, priv2, &privSz2, pub2, &pubSz2);
@@ -869,7 +905,7 @@ void bench_dh(void)
     each  = total / ntimes;   /* per second   */
     milliEach = each * 1000; /* milliseconds */
 
-    printf("DH  %d key agreement   %6.2f milliseconds, avg over %d" 
+    printf("DH  %d key agreement   %6.3f milliseconds, avg over %d"
            " iterations\n", dhKeySz, milliEach, ntimes);
 
 #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
@@ -899,7 +935,7 @@ void bench_rsaKeyGen(void)
     each  = total / genTimes;  /* per second  */
     milliEach = each * 1000;   /* millisconds */
     printf("\n");
-    printf("RSA 1024 key generation  %6.2f milliseconds, avg over %d" 
+    printf("RSA 1024 key generation  %6.3f milliseconds, avg over %d"
            " iterations\n", milliEach, genTimes);
 
     /* 2048 bit */
@@ -914,7 +950,7 @@ void bench_rsaKeyGen(void)
     total = current_time(0) - start;
     each  = total / genTimes;  /* per second  */
     milliEach = each * 1000;   /* millisconds */
-    printf("RSA 2048 key generation  %6.2f milliseconds, avg over %d" 
+    printf("RSA 2048 key generation  %6.3f milliseconds, avg over %d"
            " iterations\n", milliEach, genTimes);
 }
 #endif /* CYASSL_KEY_GEN */
@@ -943,7 +979,7 @@ void bench_eccKeyGen(void)
     each  = total / genTimes;  /* per second  */
     milliEach = each * 1000;   /* millisconds */
     printf("\n");
-    printf("ECC  256 key generation  %6.2f milliseconds, avg over %d" 
+    printf("ECC  256 key generation  %6.3f milliseconds, avg over %d"
            " iterations\n", milliEach, genTimes);
 }
 
@@ -993,7 +1029,7 @@ void bench_eccKeyAgree(void)
     total = current_time(0) - start;
     each  = total / agreeTimes;  /* per second  */
     milliEach = each * 1000;   /* millisconds */
-    printf("EC-DHE   key agreement   %6.2f milliseconds, avg over %d" 
+    printf("EC-DHE   key agreement   %6.3f milliseconds, avg over %d"
            " iterations\n", milliEach, agreeTimes);
 
     /* make dummy digest */
@@ -1015,7 +1051,7 @@ void bench_eccKeyAgree(void)
     total = current_time(0) - start;
     each  = total / agreeTimes;  /* per second  */
     milliEach = each * 1000;   /* millisconds */
-    printf("EC-DSA   sign   time     %6.2f milliseconds, avg over %d" 
+    printf("EC-DSA   sign   time     %6.3f milliseconds, avg over %d"
            " iterations\n", milliEach, agreeTimes);
 
     start = current_time(1);
@@ -1032,7 +1068,7 @@ void bench_eccKeyAgree(void)
     total = current_time(0) - start;
     each  = total / agreeTimes;  /* per second  */
     milliEach = each * 1000;     /* millisconds */
-    printf("EC-DSA   verify time     %6.2f milliseconds, avg over %d" 
+    printf("EC-DSA   verify time     %6.3f milliseconds, avg over %d"
            " iterations\n", milliEach, agreeTimes);
 
     ecc_free(&genKey2);

ctaocrypt/src/aes.c

@@ -55,6 +55,184 @@
                                     word32 length);
 #endif
 
+#if defined(CYASSL_PIC32MZ_CRYPT)
+
+#include "../../cyassl/ctaocrypt/port/pic32/pic32mz-crypt.h"
+#define DEBUG_CYASSL
+
+    /* core hardware crypt engine driver */
+    static void AesCrypt(Aes *aes, byte* out, const byte* in, word32 sz,
+                                            int dir, int algo, int cryptoalgo)
+    {
+        securityAssociation *sa_p ;
+        bufferDescriptor *bd_p ;
+
+        volatile securityAssociation sa __attribute__((aligned (8)));
+        volatile bufferDescriptor bd __attribute__((aligned (8)));
+        volatile int k ;
+
+        /* get uncached address */
+        sa_p = KVA0_TO_KVA1(&sa) ;
+        bd_p = KVA0_TO_KVA1(&bd) ;
+
+        /* Sync cache and physical memory */
+        if(PIC32MZ_IF_RAM(in)) {
+            XMEMCPY((void *)KVA0_TO_KVA1(in), (void *)in, sz);
+        }
+        XMEMSET((void *)KVA0_TO_KVA1(out), 0, sz);
+        /* Set up the Security Association */
+        XMEMSET((byte *)KVA0_TO_KVA1(&sa), 0, sizeof(sa));
+        sa_p->SA_CTRL.ALGO = algo ; /* AES */
+        sa_p->SA_CTRL.LNC = 1;
+        sa_p->SA_CTRL.LOADIV = 1;
+        sa_p->SA_CTRL.FB = 1;
+        sa_p->SA_CTRL.ENCTYPE = dir ; /* Encryption/Decryption */
+        sa_p->SA_CTRL.CRYPTOALGO = cryptoalgo;
+
+        if(cryptoalgo == PIC32_CRYPTOALGO_AES_GCM){
+            switch(aes->keylen) {
+            case 32:
+                sa_p->SA_CTRL.KEYSIZE = PIC32_AES_KEYSIZE_256 ;
+                break ;
+            case 24:
+                sa_p->SA_CTRL.KEYSIZE = PIC32_AES_KEYSIZE_192 ;
+                break ;
+            case 16:
+                sa_p->SA_CTRL.KEYSIZE = PIC32_AES_KEYSIZE_128 ;
+                break ;
+            }
+        } else
+            sa_p->SA_CTRL.KEYSIZE = PIC32_AES_KEYSIZE_128 ;
+
+        ByteReverseWords(
+        (word32 *)KVA0_TO_KVA1(sa.SA_ENCKEY + 8 - aes->keylen/sizeof(word32)),
+                         (word32 *)aes->key_ce, aes->keylen);
+        ByteReverseWords(
+        (word32*)KVA0_TO_KVA1(sa.SA_ENCIV), (word32 *)aes->iv_ce, 16);
+
+        XMEMSET((byte *)KVA0_TO_KVA1(&bd), 0, sizeof(bd));
+        /* Set up the Buffer Descriptor */
+        bd_p->BD_CTRL.BUFLEN = sz;
+        if(cryptoalgo == PIC32_CRYPTOALGO_AES_GCM) {
+            if(sz % 0x10)
+                bd_p->BD_CTRL.BUFLEN = (sz/0x10 + 1) * 0x10 ;
+        }
+        bd_p->BD_CTRL.LIFM = 1;
+        bd_p->BD_CTRL.SA_FETCH_EN = 1;
+        bd_p->BD_CTRL.LAST_BD = 1;
+        bd_p->BD_CTRL.DESC_EN = 1;
+
+        bd_p->SA_ADDR = (unsigned int)KVA_TO_PA(&sa) ; 
+        bd_p->SRCADDR = (unsigned int)KVA_TO_PA(in) ; 
+        bd_p->DSTADDR = (unsigned int)KVA_TO_PA(out); 
+        bd_p->MSGLEN = sz ;
+
+        CECON = 1 << 6;
+        while (CECON);
+
+        /* Run the engine */
+        CEBDPADDR = (unsigned int)KVA_TO_PA(&bd) ;
+        CEINTEN = 0x07;
+        CECON = 0x27;
+
+        WAIT_ENGINE ;
+
+        if((cryptoalgo == PIC32_CRYPTOALGO_CBC) ||
+           (cryptoalgo == PIC32_CRYPTOALGO_TCBC)||
+           (cryptoalgo == PIC32_CRYPTOALGO_RCBC)) {
+            /* set iv for the next call */
+            if(dir == PIC32_ENCRYPTION) {
+	        XMEMCPY((void *)aes->iv_ce,
+                        (void*)KVA0_TO_KVA1(out + sz - AES_BLOCK_SIZE),
+                        AES_BLOCK_SIZE) ;
+	    } else {
+                ByteReverseWords((word32*)aes->iv_ce,
+                        (word32 *)KVA0_TO_KVA1(in + sz - AES_BLOCK_SIZE),
+                        AES_BLOCK_SIZE);
+	    }
+        }
+        XMEMCPY((byte *)out, (byte *)KVA0_TO_KVA1(out), sz) ;
+        ByteReverseWords((word32*)out, (word32 *)out, sz);
+    }
+
+    int AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+    {
+        AesCrypt(aes, out, in, sz, PIC32_ENCRYPTION, PIC32_ALGO_AES,
+                                                      PIC32_CRYPTOALGO_RCBC );
+    }
+
+    int AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+    {
+        AesCrypt(aes, out, in, sz, PIC32_DECRYPTION, PIC32_ALGO_AES,
+                                                      PIC32_CRYPTOALGO_RCBC);
+    }
+
+    #if defined(CYASSL_AES_COUNTER)
+    void AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+    {
+        int i ;
+        char out_block[AES_BLOCK_SIZE] ;
+        int odd ;
+        int even ;
+        char *tmp ; /* (char *)aes->tmp, for short */
+
+        tmp = (char *)aes->tmp ;
+        if(aes->left) {
+            if((aes->left + sz) >= AES_BLOCK_SIZE){
+                odd = AES_BLOCK_SIZE - aes->left ;
+            } else {
+                odd = sz ;
+            }
+            XMEMCPY(tmp+aes->left, in, odd) ;
+            if((odd+aes->left) == AES_BLOCK_SIZE){
+                AesCrypt(aes, out_block, tmp, AES_BLOCK_SIZE,
+                    PIC32_ENCRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_RCTR);
+                XMEMCPY(out, out_block+aes->left, odd) ;
+                aes->left = 0 ;
+                XMEMSET(tmp, 0x0, AES_BLOCK_SIZE) ;
+                /* Increment IV */
+                for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
+                    if (++((byte *)aes->iv_ce)[i])
+                        break ;
+                }
+            }
+            in += odd ;
+            out+= odd ;
+            sz -= odd ;
+        }
+        odd = sz % AES_BLOCK_SIZE ;  /* if there is tail flagment */
+        if(sz / AES_BLOCK_SIZE) {
+            even = (sz/AES_BLOCK_SIZE)*AES_BLOCK_SIZE ;
+            AesCrypt(aes, out, in, even, PIC32_ENCRYPTION, PIC32_ALGO_AES,
+                                                    PIC32_CRYPTOALGO_RCTR);
+            out += even ;
+            in  += even ;
+            do {  /* Increment IV */
+                for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
+                    if (++((byte *)aes->iv_ce)[i])
+                        break ;
+                }
+                even -= AES_BLOCK_SIZE ;
+            } while((int)even > 0) ;
+        }
+        if(odd) {
+            XMEMSET(tmp+aes->left, 0x0, AES_BLOCK_SIZE - aes->left) ;
+            XMEMCPY(tmp+aes->left, in, odd) ;
+            AesCrypt(aes, out_block, tmp, AES_BLOCK_SIZE,
+                    PIC32_ENCRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_RCTR);
+            XMEMCPY(out, out_block+aes->left,odd) ;
+            aes->left += odd ;
+        }
+    }
+    #endif /* CYASSL_AES_COUNTER */
+
+    #ifdef HAVE_AESGCM
+    #define HAVE_AES_ENGINE
+    /* Hardware AESGCM borows most of the software AESGCM, GMAC */
+    #endif
+
+#endif /* CYASSL_PIC32MZ_CRYPT */
+
 #ifdef STM32F2_CRYPTO
     /*
      * STM32F2 hardware AES support through the STM32F2 standard peripheral
@@ -439,13 +617,11 @@ extern volatile unsigned char __MBAR[];
 
 int AesCbcEncrypt(Aes* aes, byte* po, const byte* pi, word32 sz)
 {
-	//printf("AesCbcEncrypt(%x, %x, %x, %d)\n", aes, po, pi, sz) ;
 	return(AesCbcCrypt(aes, po, pi, sz, SEC_DESC_AES_CBC_ENCRYPT)) ;
 }
 
 int AesCbcDecrypt(Aes* aes, byte* po, const byte* pi, word32 sz)
 {
-	//printf("AesCbcDecrypt(%x, %x, %x, %d)\n", aes, po, pi, sz) ;
 	return(AesCbcCrypt(aes, po, pi, sz, SEC_DESC_AES_CBC_DECRYPT)) ;
 }
 	
@@ -1322,7 +1498,6 @@ static const word32 Td[5][256] = {
 };
 
 
-
 #define GETBYTE(x, y) (word32)((byte)((x) >> (8 * (y))))
 
 
@@ -1487,6 +1662,19 @@ static int AesSetKeyLocal(Aes* aes, const byte* userKey, word32 keylen,
         ByteReverseWords(rk, rk, keylen);
     #endif
 
+#ifdef CYASSL_PIC32MZ_CRYPT
+    {
+        word32 *akey1 = aes->key_ce;
+        word32 *areg = aes->iv_ce ;
+        aes->keylen = keylen ;
+        XMEMCPY(akey1, userKey, keylen);
+        if (iv)
+            XMEMCPY(areg, iv, AES_BLOCK_SIZE);
+        else
+            XMEMSET(areg,  0, AES_BLOCK_SIZE);
+    }
+#endif
+
     switch(keylen)
     {
     case 16:
@@ -1976,7 +2164,7 @@ static void AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
     XMEMCPY(outBlock + 3 * sizeof(s0), &s3, sizeof(s3));
 }
 
-
+#ifndef HAVE_AES_ENGINE
 int AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 {
     word32 blocks = sz / AES_BLOCK_SIZE;
@@ -2083,7 +2271,7 @@ int AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 
     return 0;
 }
-
+#endif
 
 #ifdef CYASSL_AES_DIRECT
 
@@ -2116,7 +2304,7 @@ int AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen,
 #endif /* CYASSL_AES_DIRECT || CYASSL_AES_COUNTER */
 
 
-#ifdef CYASSL_AES_COUNTER
+#if defined(CYASSL_AES_COUNTER) && !defined(HAVE_AES_ENGINE)
 
 /* Increment AES counter */
 static INLINE void IncrementAesCounter(byte* inOutCtr)
@@ -2806,34 +2994,51 @@ void AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     word32 partial = sz % AES_BLOCK_SIZE;
     const byte* p = in;
     byte* c = out;
-    byte ctr[AES_BLOCK_SIZE];
+    byte counter[AES_BLOCK_SIZE];
+    byte *ctr ;
     byte scratch[AES_BLOCK_SIZE];
 
     CYASSL_ENTER("AesGcmEncrypt");
 
+#ifdef CYASSL_PIC32MZ_CRYPT
+    ctr = (char *)aes->iv_ce ;
+#else
+    ctr = counter ;
+#endif
+
     XMEMSET(ctr, 0, AES_BLOCK_SIZE);
     XMEMCPY(ctr, iv, ivSz);
     InitGcmCounter(ctr);
 
+#ifdef CYASSL_PIC32MZ_CRYPT
+    if(blocks)
+        AesCrypt(aes, out, in, blocks*AES_BLOCK_SIZE,
+             PIC32_ENCRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_AES_GCM );
+#endif
     while (blocks--) {
         IncrementGcmCounter(ctr);
+        #ifndef CYASSL_PIC32MZ_CRYPT
         AesEncrypt(aes, ctr, scratch);
         xorbuf(scratch, p, AES_BLOCK_SIZE);
         XMEMCPY(c, scratch, AES_BLOCK_SIZE);
-
+        #endif
         p += AES_BLOCK_SIZE;
         c += AES_BLOCK_SIZE;
     }
+
     if (partial != 0) {
         IncrementGcmCounter(ctr);
         AesEncrypt(aes, ctr, scratch);
         xorbuf(scratch, p, partial);
         XMEMCPY(c, scratch, partial);
+
     }
+
     GHASH(aes, authIn, authInSz, out, sz, authTag, authTagSz);
     InitGcmCounter(ctr);
     AesEncrypt(aes, ctr, scratch);
     xorbuf(authTag, scratch, authTagSz);
+
 }
 
 
@@ -2846,11 +3051,18 @@ int  AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     word32 partial = sz % AES_BLOCK_SIZE;
     const byte* c = in;
     byte* p = out;
-    byte ctr[AES_BLOCK_SIZE];
+    byte counter[AES_BLOCK_SIZE];
+    byte *ctr ;
     byte scratch[AES_BLOCK_SIZE];
 
     CYASSL_ENTER("AesGcmDecrypt");
 
+#ifdef CYASSL_PIC32MZ_CRYPT
+    ctr = (char *)aes->iv_ce ;
+#else
+    ctr = counter ;
+#endif
+
     XMEMSET(ctr, 0, AES_BLOCK_SIZE);
     XMEMCPY(ctr, iv, ivSz);
     InitGcmCounter(ctr);
@@ -2864,17 +3076,25 @@ int  AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         GHASH(aes, authIn, authInSz, in, sz, Tprime, sizeof(Tprime));
         AesEncrypt(aes, ctr, EKY0);
         xorbuf(Tprime, EKY0, sizeof(Tprime));
+
         if (XMEMCMP(authTag, Tprime, authTagSz) != 0) {
             return AES_GCM_AUTH_E;
         }
     }
+ 
+#ifdef CYASSL_PIC32MZ_CRYPT
+    if(blocks)
+        AesCrypt(aes, out, in, blocks*AES_BLOCK_SIZE,
+             PIC32_DECRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_AES_GCM );
+#endif
 
     while (blocks--) {
         IncrementGcmCounter(ctr);
+        #ifndef CYASSL_PIC32MZ_CRYPT
         AesEncrypt(aes, ctr, scratch);
         xorbuf(scratch, c, AES_BLOCK_SIZE);
         XMEMCPY(p, scratch, AES_BLOCK_SIZE);
-
+        #endif
         p += AES_BLOCK_SIZE;
         c += AES_BLOCK_SIZE;
     }
@@ -2884,11 +3104,11 @@ int  AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         xorbuf(scratch, c, partial);
         XMEMCPY(p, scratch, partial);
     }
-
     return 0;
 }
 
 
+
 CYASSL_API void GmacSetKey(Gmac* gmac, const byte* key, word32 len)
 {
     AesGcmSetKey(&gmac->aes, key, len);

ctaocrypt/src/des3.c

@@ -594,6 +594,138 @@ void Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir)
         return;
     }
 
+
+#elif defined(CYASSL_PIC32MZ_CRYPT)
+
+    #include "../../cyassl/ctaocrypt/port/pic32/pic32mz-crypt.h"
+
+void Des_SetIV(Des* des, const byte* iv);
+void Des3_SetIV(Des3* des, const byte* iv);
+
+    void Des_SetKey(Des* des, const byte* key, const byte* iv, int dir)
+    {
+        word32 *dkey = des->key ;
+        word32 *dreg = des->reg ;
+
+        XMEMCPY((byte *)dkey, (byte *)key, 8);
+        ByteReverseWords(dkey, dkey, 8);
+        XMEMCPY((byte *)dreg, (byte *)iv, 8);
+        ByteReverseWords(dreg, dreg, 8);
+    }
+
+    void Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir)
+    {
+        word32 *dkey1 = des->key[0];
+        word32 *dreg = des->reg ;
+
+        XMEMCPY(dkey1, key, 24);
+        ByteReverseWords(dkey1, dkey1, 24);
+        XMEMCPY(dreg, iv, 8);
+        ByteReverseWords(dreg, dreg, 8) ;
+
+    }
+
+    void DesCrypt(word32 *key, word32 *iv, byte* out, const byte* in, word32 sz,
+                  int dir, int algo, int cryptoalgo)
+    {
+        securityAssociation *sa_p ;
+        bufferDescriptor *bd_p ;
+        const byte *in_p, *in_l ;
+        byte *out_p, *out_l ;
+        volatile securityAssociation sa __attribute__((aligned (8)));
+        volatile bufferDescriptor bd __attribute__((aligned (8)));
+        volatile int k ;
+        
+        /* get uncached address */
+
+        in_l = in;
+        out_l = out ;
+        sa_p = KVA0_TO_KVA1(&sa) ; 
+        bd_p = KVA0_TO_KVA1(&bd) ;
+        in_p = KVA0_TO_KVA1(in_l) ;
+        out_p= KVA0_TO_KVA1(out_l);
+        
+        if(PIC32MZ_IF_RAM(in_p))
+            XMEMCPY((void *)in_p, (void *)in, sz);
+        XMEMSET((void *)out_p, 0, sz);
+
+        /* Set up the Security Association */
+        XMEMSET((byte *)KVA0_TO_KVA1(&sa), 0, sizeof(sa));
+        sa_p->SA_CTRL.ALGO = algo ; 
+        sa_p->SA_CTRL.LNC = 1;
+        sa_p->SA_CTRL.LOADIV = 1;
+        sa_p->SA_CTRL.FB = 1;
+        sa_p->SA_CTRL.ENCTYPE = dir ; /* Encryption/Decryption */
+        sa_p->SA_CTRL.CRYPTOALGO = cryptoalgo;
+        sa_p->SA_CTRL.KEYSIZE = 1 ; /* KEY is 192 bits */
+        XMEMCPY((byte *)KVA0_TO_KVA1(&sa.SA_ENCKEY[algo==PIC32_ALGO_TDES ? 2 : 6]),
+                (byte *)key, algo==PIC32_ALGO_TDES ? 24 : 8);
+        XMEMCPY((byte *)KVA0_TO_KVA1(&sa.SA_ENCIV[2]), (byte *)iv, 8);
+
+        XMEMSET((byte *)KVA0_TO_KVA1(&bd), 0, sizeof(bd));
+        /* Set up the Buffer Descriptor */
+        bd_p->BD_CTRL.BUFLEN = sz;
+        bd_p->BD_CTRL.LIFM = 1;
+        bd_p->BD_CTRL.SA_FETCH_EN = 1;
+        bd_p->BD_CTRL.LAST_BD = 1;
+        bd_p->BD_CTRL.DESC_EN = 1;
+    
+        bd_p->SA_ADDR = (unsigned int)KVA_TO_PA(&sa) ; // (unsigned int)sa_p  ;
+        bd_p->SRCADDR = (unsigned int)KVA_TO_PA(in) ; // (unsigned int)in_p  ;
+        bd_p->DSTADDR = (unsigned int)KVA_TO_PA(out); // (unsigned int)out_p  ;
+        bd_p->NXTPTR = (unsigned int)KVA_TO_PA(&bd);
+        bd_p->MSGLEN = sz ;
+        
+        /* Fire in the hole! */
+        CECON = 1 << 6;
+        while (CECON);
+        
+        /* Run the engine */
+        CEBDPADDR = (unsigned int)KVA_TO_PA(&bd) ; // (unsigned int)bd_p ;
+        CEINTEN = 0x07;
+        CECON = 0x27;
+
+        WAIT_ENGINE ;
+
+        if((cryptoalgo == PIC32_CRYPTOALGO_CBC) ||
+           (cryptoalgo == PIC32_CRYPTOALGO_TCBC)||
+           (cryptoalgo == PIC32_CRYPTOALGO_RCBC)) {
+            /* set iv for the next call */
+            if(dir == PIC32_ENCRYPTION) {
+	        XMEMCPY((void *)iv, (void*)&(out_p[sz-DES_IVLEN]), DES_IVLEN) ;
+	        } else {
+                ByteReverseWords((word32*)iv, (word32 *)&(in_p[sz-DES_IVLEN]), DES_IVLEN);
+	        }
+
+        }
+
+        ByteReverseWords((word32*)out, (word32 *)KVA0_TO_KVA1(out), sz);
+    }
+
+    void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
+    {
+        DesCrypt(des->key, des->reg, out, in, sz, 
+                PIC32_ENCRYPTION, PIC32_ALGO_DES, PIC32_CRYPTOALGO_CBC );
+    }
+
+    void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
+    {
+        DesCrypt(des->key, des->reg, out, in, sz, 
+                PIC32_DECRYPTION, PIC32_ALGO_DES, PIC32_CRYPTOALGO_CBC);
+    }
+
+    void Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
+    {
+        DesCrypt(des->key[0], des->reg, out, in, sz, 
+                PIC32_ENCRYPTION, PIC32_ALGO_TDES, PIC32_CRYPTOALGO_TCBC);
+    }
+
+    void Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
+    {
+        DesCrypt(des->key[0], des->reg, out, in, sz, 
+                PIC32_DECRYPTION, PIC32_ALGO_TDES, PIC32_CRYPTOALGO_TCBC);
+    }
+
 #else /* CTaoCrypt software implementation */
 
 /* permuted choice table (key) */

ctaocrypt/src/hmac.c

@@ -27,6 +27,22 @@
 
 #ifndef NO_HMAC
 
+#ifdef CYASSL_PIC32MZ_HASH
+
+#define InitMd5   InitMd5_sw
+#define Md5Update Md5Update_sw
+#define Md5Final  Md5Final_sw
+
+#define InitSha   InitSha_sw
+#define ShaUpdate ShaUpdate_sw
+#define ShaFinal  ShaFinal_sw
+
+#define InitSha256   InitSha256_sw
+#define Sha256Update Sha256Update_sw
+#define Sha256Final  Sha256Final_sw
+
+#endif
+
 #include <cyassl/ctaocrypt/hmac.h>
 #include <cyassl/ctaocrypt/error.h>
 

ctaocrypt/src/md5.c

@@ -26,7 +26,13 @@
 
 #include <cyassl/ctaocrypt/settings.h>
 
-#ifndef NO_MD5
+#if !defined(NO_MD5)
+
+#ifdef CYASSL_PIC32MZ_HASH
+#define InitMd5   InitMd5_sw
+#define Md5Update Md5Update_sw
+#define Md5Final  Md5Final_sw
+#endif
 
 #include <cyassl/ctaocrypt/md5.h>
 

ctaocrypt/src/port/pic32/pic32mz-hash.c

@@ -0,0 +1,243 @@
+/* pic32mz-hash.c
+ *
+ * Copyright (C) 2006-2013 wolfSSL Inc.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <cyassl/ctaocrypt/settings.h>
+
+#ifdef CYASSL_PIC32MZ_HASH
+
+#include <cyassl/ctaocrypt/logging.h>
+#include <cyassl/ctaocrypt/md5.h>
+#include <cyassl/ctaocrypt/sha.h>
+#include <cyassl/ctaocrypt/sha256.h>
+
+#include <cyassl/ctaocrypt/port/pic32/pic32mz-crypt.h>
+
+#if !defined(NO_MD5) && !defined(NO_SHA) && !defined(NO_SHA256)
+
+static void reset_engine(pic32mz_desc *desc_l, int algo)
+{
+    pic32mz_desc *desc ;
+    desc = KVA0_TO_KVA1(desc_l) ;
+
+    CECON = 1 << 6;
+    while (CECON);
+
+    /* Make sure everything is clear first before we make settings. */
+    XMEMSET((void *)KVA0_TO_KVA1(&desc->sa), 0, sizeof(desc->sa));
+    XMEMSET((void *)KVA0_TO_KVA1(&desc->bd[0]), 0, sizeof(desc->bd[0]));
+    XMEMSET((void *)KVA0_TO_KVA1(&desc->bd[1]), 0, sizeof(desc->bd[1]));
+
+    /* Set up the security association */
+    desc->sa.SA_CTRL.ALGO = algo ;
+    desc->sa.SA_CTRL.LNC = 1;
+    desc->sa.SA_CTRL.FB = 1;
+    desc->sa.SA_CTRL.ENCTYPE = 1;
+    desc->sa.SA_CTRL.LOADIV = 1;
+
+    /* Set up the buffer descriptor */
+    desc->err = 0 ;
+    desc->bd[0].BD_CTRL.LAST_BD = 1;
+    desc->bd[0].BD_CTRL.LIFM = 1;
+    desc->bd[0].SA_ADDR = KVA_TO_PA(&desc->sa);
+    desc->bd[1].BD_CTRL.LAST_BD = 1;
+    desc->bd[1].BD_CTRL.LIFM = 1;
+    desc->bd[1].SA_ADDR = KVA_TO_PA(&desc->sa);
+    desc_l->bdCount = 0 ;
+    CEBDPADDR = KVA_TO_PA(&(desc->bd[0]));
+
+    CECON = 0x27;
+}
+
+#define PIC32MZ_IF_RAM(addr) (KVA_TO_PA(addr) < 0x80000)
+
+static void update_engine(pic32mz_desc *desc_l, const char *input, word32 len,
+                    word32 *hash)
+{
+    pic32mz_desc *desc ;
+    int i ;
+    int total ;
+    desc = KVA0_TO_KVA1(desc_l) ;
+
+    i = desc_l->bdCount ;
+    if(i >= PIC32MZ_MAX_BD) {
+        desc_l->err = 1 ;
+        return ;
+    }
+
+    if(PIC32MZ_IF_RAM(input))
+        XMEMCPY(KVA0_TO_KVA1(input), input, len) ; /* Sync phys with cache */
+    desc->bd[i].SRCADDR = KVA_TO_PA(input);
+    /* Finally, turn on the buffer descriptor */
+    if (len % 4)
+         desc->bd[i].BD_CTRL.BUFLEN = (len + 4) - (len % 4);
+    else desc->bd[i].BD_CTRL.BUFLEN =  len ;
+
+    if(i == 0) {
+        desc->bd[i].MSGLEN =  len ;
+        desc->bd[i].BD_CTRL.SA_FETCH_EN = 1;
+    } else {
+        desc->bd[i-1].NXTPTR  = KVA_TO_PA(&(desc->bd[i])) ;
+        desc->bd[i].BD_CTRL.DESC_EN = 1;
+        desc->bd[i-1].BD_CTRL.LAST_BD = 0 ;
+        desc->bd[i-1].BD_CTRL.LIFM    = 0 ;
+        total = desc->bd[i-1].MSGLEN + len ;
+        desc->bd[i].MSGLEN = total ;
+        desc->bd[i-1].MSGLEN = total ;
+    }
+    desc->bd[i].UPDPTR = KVA_TO_PA(hash);
+    desc_l->bdCount ++ ;
+
+    #ifdef DEBUG_CYASSL
+    printf("Input[bd=%d, len=%d]:%x->\"%s\"\n", desc_l->bdCount, len, input, input) ;
+    print_mem(input, len+4) ;
+    #endif
+}
+
+static void start_engine(pic32mz_desc *desc) {
+    bufferDescriptor *hash_bd[2] ;
+    hash_bd[0] = (bufferDescriptor *)KVA0_TO_KVA1(&(desc->bd[0])) ;
+    hash_bd[0]->BD_CTRL.DESC_EN = 1;
+}
+
+void wait_engine(pic32mz_desc *desc, char *hash, int hash_sz) {
+    unsigned int i;
+    unsigned int *intptr;
+#undef DEBUG_CYASSL
+    #ifdef DEBUG_CYASSL
+    printf("desc(%x)[bd:%d * 2, sz:%d]\n", desc, sizeof(desc->bd[0]),
+                                                 sizeof(desc->sa) );
+    print_mem(KVA0_TO_KVA1(&(desc->bd[0])), sizeof(desc->bd[0])) ;
+    print_mem(KVA0_TO_KVA1(&(desc->bd[1])), sizeof(desc->bd[0])) ;
+    #endif
+
+    WAIT_ENGINE ;
+    
+    XMEMCPY(hash, KVA0_TO_KVA1(hash), hash_sz) ;
+
+    #ifdef DEBUG_CYASSL
+    print_mem(KVA0_TO_KVA1(hash), hash_sz) ;
+    print_mem(             hash , hash_sz) ;
+    #endif
+    for (i = 0, intptr = (unsigned int *)hash; i < hash_sz/sizeof(unsigned int);
+                                                                  i++, intptr++)
+    {
+        *intptr = ntohl(*intptr);
+    }
+}
+
+static int fillBuff(char *buff, int *bufflen, const char *data, int len, int blocksz)
+{
+    int room, copysz ;
+
+    room = blocksz - *bufflen ;
+    copysz = (len <= room) ? len : room ;
+    XMEMCPY(buff, data, copysz) ;
+    *bufflen += copysz ;
+    return (*bufflen == blocksz) ? 1 : 0 ;
+}
+
+#endif
+
+#ifndef NO_MD5
+void InitMd5(Md5* md5)
+{
+    CYASSL_ENTER("InitMd5\n") ;
+    XMEMSET((void *)md5, 0xcc, sizeof(Md5)) ;
+    XMEMSET((void *)KVA0_TO_KVA1(md5), 0xcc, sizeof(Md5)) ;
+    reset_engine(&(md5->desc), PIC32_ALGO_MD5) ;
+
+}
+
+void Md5Update(Md5* md5, const byte* data, word32 len)
+{
+     CYASSL_ENTER("Md5Update\n") ;
+     update_engine(&(md5->desc), data, len, md5->digest) ;
+}
+
+void Md5Final(Md5* md5, byte* hash)
+{
+     CYASSL_ENTER("Md5Final\n") ;
+    start_engine(&(md5->desc)) ;
+    wait_engine(&(md5->desc), (char *)md5->digest, MD5_HASH_SIZE) ;
+    XMEMCPY(hash, md5->digest, MD5_HASH_SIZE) ;
+    InitMd5(md5);  /* reset state */
+}
+#endif
+
+#ifndef NO_SHA
+void InitSha(Sha* sha)
+{
+    CYASSL_ENTER("InitSha\n") ;
+    XMEMSET((void *)sha, 0xcc, sizeof(Sha)) ;
+    XMEMSET((void *)KVA0_TO_KVA1(sha), 0xcc, sizeof(Sha)) ;
+    reset_engine(&(sha->desc), PIC32_ALGO_SHA1) ;
+}
+
+void ShaUpdate(Sha* sha, const byte* data, word32 len)
+{
+    CYASSL_ENTER("ShaUpdate\n") ;
+    update_engine(&(sha->desc), data, len, sha->digest) ;
+}
+
+void ShaFinal(Sha* sha, byte* hash)
+{
+    CYASSL_ENTER("ShaFinal\n") ;
+    start_engine(&(sha->desc)) ;
+    wait_engine(&(sha->desc), (char *)sha->digest, SHA1_HASH_SIZE) ;
+    XMEMCPY(hash, sha->digest, SHA1_HASH_SIZE) ;
+
+    InitSha(sha);  /* reset state */
+}
+#endif /* NO_SHA */
+
+#ifndef NO_SHA256
+void InitSha256(Sha256* sha256)
+{
+    CYASSL_ENTER("InitSha256\n") ;
+    XMEMSET((void *)sha256, 0xcc, sizeof(Sha256)) ;
+    XMEMSET((void *)KVA0_TO_KVA1(sha256), 0xcc, sizeof(Sha256)) ;
+    reset_engine(&(sha256->desc), PIC32_ALGO_SHA256) ;
+}
+
+void Sha256Update(Sha256* sha256, const byte* data, word32 len)
+{
+    CYASSL_ENTER("Sha256Update\n") ;
+    update_engine(&(sha256->desc), data, len, sha256->digest) ;
+}
+
+void Sha256Final(Sha256* sha256, byte* hash)
+{
+    CYASSL_ENTER("Sha256Final\n") ;
+    start_engine(&(sha256->desc)) ;
+    wait_engine(&(sha256->desc), (char *)sha256->digest, SHA256_HASH_SIZE) ;
+    XMEMCPY(hash, sha256->digest, SHA256_HASH_SIZE) ;
+    InitSha256(sha256);  /* reset state */
+}
+#endif /* NO_SHA256 */
+
+#endif
+
+
+

ctaocrypt/src/pwdbased.c

@@ -27,6 +27,22 @@
 
 #ifndef NO_PWDBASED
 
+#ifdef CYASSL_PIC32MZ_HASH
+
+#define InitMd5   InitMd5_sw
+#define Md5Update Md5Update_sw
+#define Md5Final  Md5Final_sw
+
+#define InitSha   InitSha_sw
+#define ShaUpdate ShaUpdate_sw
+#define ShaFinal  ShaFinal_sw
+
+#define InitSha256   InitSha256_sw
+#define Sha256Update Sha256Update_sw
+#define Sha256Final  Sha256Final_sw
+
+#endif
+
 #include <cyassl/ctaocrypt/pwdbased.h>
 #include <cyassl/ctaocrypt/hmac.h>
 #include <cyassl/ctaocrypt/integer.h>

ctaocrypt/src/random.c

@@ -51,7 +51,8 @@
     #include <windows.h>
     #include <wincrypt.h>
 #else
-    #if !defined(NO_DEV_RANDOM) && !defined(CYASSL_MDK_ARM) 
+    #if !defined(NO_DEV_RANDOM) && !defined(CYASSL_MDK_ARM) \
+                                && !defined(CYASSL_IAR_ARM)
             #include <fcntl.h>
         #ifndef EBSNET
             #include <unistd.h>
@@ -468,7 +469,44 @@ int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
     #endif
     #define PIC32_SEED_COUNT ReadCoreTimer
 #endif
+    #ifdef CYASSL_MIC32MZ_RNG
+        #include "xc.h"
+        int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
+        {
+            int i ;
+            byte rnd[8] ;
+            word32 *rnd32 = (word32 *)rnd ;
+            word32 size = sz ;
+            byte* op = output ;
 
+            /* This part has to be replaced with better random seed */
+            RNGNUMGEN1 = ReadCoreTimer();
+            RNGPOLY1 = ReadCoreTimer();
+            RNGPOLY2 = ReadCoreTimer();
+            RNGNUMGEN2 = ReadCoreTimer();
+#ifdef DEBUG_CYASSL
+            printf("GenerateSeed::Seed=%08x, %08x\n", RNGNUMGEN1, RNGNUMGEN2) ;
+#endif
+            RNGCONbits.PLEN = 0x40;
+            RNGCONbits.PRNGEN = 1;
+            for(i=0; i<5; i++) { /* wait for RNGNUMGEN ready */
+                volatile int x ;
+                x = RNGNUMGEN1 ;
+                x = RNGNUMGEN2 ;
+            }
+            do {
+                rnd32[0] = RNGNUMGEN1;
+                rnd32[1] = RNGNUMGEN2;
+
+                for(i=0; i<8; i++, op++) {
+                    *op = rnd[i] ;
+                    size -- ;
+                    if(size==0)break ;
+                }
+            } while(size) ;
+            return 0;
+        }
+#else  /* CYASSL_MIC32MZ_RNG */
 /* uses the core timer, in nanoseconds to seed srand */
 int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
 {
@@ -483,8 +521,9 @@ int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
 
     return 0;
 }
-
+#endif /* CYASSL_MIC32MZ_RNG */
-#elif defined(CYASSL_SAFERTOS) || defined(CYASSL_LEANPSK)
+#elif defined(CYASSL_SAFERTOS) || defined(CYASSL_LEANPSK) \
+   || defined(CYASSL_IAR_ARM)                               
 
 #warning "write a real random seed!!!!, just for testing now"
 

ctaocrypt/src/sha.c

@@ -26,7 +26,13 @@
 
 #include <cyassl/ctaocrypt/settings.h>
 
-#ifndef NO_SHA
+#if !defined(NO_SHA)
+
+#ifdef CYASSL_PIC32MZ_HASH
+#define InitSha   InitSha_sw
+#define ShaUpdate ShaUpdate_sw
+#define ShaFinal  ShaFinal_sw
+#endif
 
 #include <cyassl/ctaocrypt/sha.h>
 #ifdef NO_INLINE
@@ -357,11 +363,11 @@ void ShaFinal(Sha* sha, byte* hash)
 
     #ifdef FREESCALE_MMCAU
         /* Kinetis requires only these bytes reversed */
-        ByteReverseWords(&sha->buffer[SHA_PAD_SIZE/sizeof(word32)],
+        ByteReverseBytes(&local[SHA_PAD_SIZE], &local[SHA_PAD_SIZE],
-                         &sha->buffer[SHA_PAD_SIZE/sizeof(word32)],
+                2 * sizeof(word32));
-                         2 * sizeof(word32));
     #endif
 
+    XTRANSFORM(sha, local);
     XTRANSFORM(sha, local);
     #ifdef LITTLE_ENDIAN_ORDER
         ByteReverseWords(sha->digest, sha->digest, SHA_DIGEST_SIZE);

ctaocrypt/src/sha256.c

@@ -28,7 +28,13 @@
 
 #include <cyassl/ctaocrypt/settings.h>
 
-#ifndef NO_SHA256
+#if !defined(NO_SHA256)
+
+#ifdef CYASSL_PIC32MZ_HASH
+#define InitSha256   InitSha256_sw
+#define Sha256Update Sha256Update_sw
+#define Sha256Final  Sha256Final_sw
+#endif
 
 #include <cyassl/ctaocrypt/sha256.h>
 #ifdef NO_INLINE
@@ -215,11 +221,11 @@ void Sha256Final(Sha256* sha256, byte* hash)
 
     #ifdef FREESCALE_MMCAU
         /* Kinetis requires only these bytes reversed */
-        ByteReverseWords(&sha256->buffer[SHA256_PAD_SIZE/sizeof(word32)],
+        ByteReverseBytes(&local[SHA256_PAD_SIZE], &local[SHA256_PAD_SIZE],
-                         &sha256->buffer[SHA256_PAD_SIZE/sizeof(word32)],
+                2 * sizeof(word32));
-                         2 * sizeof(word32));
     #endif
 
+    XTRANSFORM(sha256, local);
     XTRANSFORM(sha256, local);
     #ifdef LITTLE_ENDIAN_ORDER
         ByteReverseWords(sha256->digest, sha256->digest, SHA256_DIGEST_SIZE);

cyassl/ctaocrypt/aes.h

@@ -94,7 +94,12 @@ typedef struct Aes {
 #endif
 #ifdef CYASSL_AES_COUNTER
     word32  left;            /* unsued bytes left from last call */
-#endif 
+#endif
+#ifdef CYASSL_PIC32MZ_CRYPT
+    word32 key_ce[AES_BLOCK_SIZE*2/sizeof(word32)] ;
+    word32 iv_ce [AES_BLOCK_SIZE  /sizeof(word32)] ;
+    int    keylen ;
+#endif
 } Aes;
 
 

cyassl/ctaocrypt/md5.h

@@ -42,22 +42,28 @@ enum {
     MD5_PAD_SIZE    = 56
 };
 
+#ifdef CYASSL_PIC32MZ_HASH
+#include "port/pic32/pic32mz-crypt.h"
+#endif
 
 /* MD5 digest */
 typedef struct Md5 {
     word32  buffLen;   /* in bytes          */
     word32  loLen;     /* length in bytes   */
     word32  hiLen;     /* length in bytes   */
-    word32  digest[MD5_DIGEST_SIZE / sizeof(word32)];
     word32  buffer[MD5_BLOCK_SIZE  / sizeof(word32)];
+    #ifndef CYASSL_PIC32MZ_HASH
+    word32  digest[MD5_DIGEST_SIZE / sizeof(word32)];
+    #else
+    word32  digest[PIC32_HASH_SIZE / sizeof(word32)];
+    pic32mz_desc desc ; /* Crypt Engine descripter */
+    #endif
 } Md5;
 
-
 CYASSL_API void InitMd5(Md5*);
 CYASSL_API void Md5Update(Md5*, const byte*, word32);
 CYASSL_API void Md5Final(Md5*, byte*);
 
-
 #ifdef __cplusplus
     } /* extern "C" */
 #endif

cyassl/ctaocrypt/port/pic32/pic32mz-crypt.h

@@ -0,0 +1,88 @@
+/* pic32mz-crypt.h
+ *
+ * Copyright (C) 2006-2013 wolfSSL Inc.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#ifndef PIC32MZ_CRYPT_H
+#define PIC32MZ_CRYPT_H
+
+#ifdef  CYASSL_PIC32MZ_CRYPT
+
+#define MICROCHIP_PIC32
+#include <xc.h>
+#include <sys/endian.h>
+#include <sys/kmem.h>
+#include "../../../../mplabx/crypto.h"
+
+
+#define PIC32_ENCRYPTION      0b1
+#define PIC32_DECRYPTION      0b0
+
+#define PIC32_ALGO_HMAC1     0b01000000
+#define PIC32_ALGO_SHA256    0b00100000
+#define PIC32_ALGO_SHA1      0b00010000
+#define PIC32_ALGO_MD5       0b00001000
+#define PIC32_ALGO_AES       0b00000100
+#define PIC32_ALGO_TDES      0b00000010
+#define PIC32_ALGO_DES       0b00000001
+
+#define PIC32_CRYPTOALGO_AES_GCM 0b1110
+#define PIC32_CRYPTOALGO_RCTR    0b1101
+#define PIC32_CRYPTOALGO_RCBC    0b1001
+#define PIC32_CRYPTOALGO_REBC    0b1000
+#define PIC32_CRYPTOALGO_TCBC    0b0101
+#define PIC32_CRYPTOALGO_CBC     0b0001
+
+#define PIC32_AES_KEYSIZE_256     0b10
+#define PIC32_AES_KEYSIZE_192     0b01
+#define PIC32_AES_KEYSIZE_128     0b00
+
+#define PIC32_AES_BLOCK_SIZE 16
+#define MD5_HASH_SIZE 16
+#define SHA1_HASH_SIZE 20
+#define SHA256_HASH_SIZE 32
+#define PIC32_HASH_SIZE 32
+
+#define PIC32MZ_MAX_BD   2
+typedef struct {      /* Crypt Engine descripter */
+    int bdCount ;
+    int err   ;
+    volatile bufferDescriptor 
+        bd[PIC32MZ_MAX_BD] __attribute__((aligned (8), coherent));
+    securityAssociation 
+        sa                 __attribute__((aligned (8), coherent));
+} pic32mz_desc ;
+
+#define PIC32MZ_IF_RAM(addr) (KVA_TO_PA(addr) < 0x80000)
+
+#define WAIT_ENGINE \
+    { volatile int v ; while (CESTATbits.ACTIVE) ; for(v=0; v<100; v++) ; }
+
+#ifdef DEBUG_CYASSL
+static void print_mem(const unsigned char *p, int size) {
+    for(; size>0; size--, p++) {
+        if(size%4 == 0)printf(" ") ;
+            printf("%02x", (int)*p) ;
+    }
+    puts("") ;
+}
+#endif
+
+#endif
+#endif /* PIC32MZ_CRYPT_H */

cyassl/ctaocrypt/settings.h

@@ -51,6 +51,9 @@
 /* Uncomment next line if using Microchip TCP/IP stack, version 6 or later */
 /* #define MICROCHIP_TCPIP */
 
+/* Uncomment next line if using PIC32MZ Crypto Engine */
+/* #define CYASSL_MICROCHIP_PIC32MZ */
+        
 /* Uncomment next line if using FreeRTOS */
 /* #define FREERTOS */
 
@@ -81,6 +84,8 @@
 /* Uncomment next line if using QL SEP settings */
 /* #define CYASSL_QL */
 
+/* Uncomment next line if using LwIP native TCP socket settings */
+/* #define HAVE_LWIP_NATIVE */
 
 #include <cyassl/ctaocrypt/visibility.h>
 
@@ -114,7 +119,16 @@
     #include "nx_api.h"
 #endif
 
+#if defined(HAVE_LWIP_NATIVE) /* using LwIP native TCP socket */
+    #define CYASSL_LWIP
+    #define NO_WRITEV
+    #define SINGLE_THREADED
+    #define CYASSL_USER_IO
+    #define NO_FILESYSTEM
+#endif 
+
 #ifdef MICROCHIP_PIC32
+    /* #define CYASSL_MICROCHIP_PIC32MZ */
     #define SIZEOF_LONG_LONG 8
     #define SINGLE_THREADED
     #define CYASSL_USER_IO
@@ -125,6 +139,18 @@
     #define TFM_TIMING_RESISTANT
 #endif
 
+#ifdef CYASSL_MICROCHIP_PIC32MZ
+    #define CYASSL_PIC32MZ_CE
+    #define CYASSL_PIC32MZ_CRYPT
+    #define HAVE_AES_ENGINE
+    #define CYASSL_PIC32MZ_RNG
+    /* #define CYASSL_PIC32MZ_HASH */
+    #define CYASSL_AES_COUNTER
+    #define HAVE_AESGCM
+    #define NO_BIG_INT
+
+#endif
+
 #ifdef MICROCHIP_TCPIP_V5
     /* include timer functions */
     #include "TCPIP Stack/TCPIP.h"
@@ -132,10 +158,10 @@
 
 #ifdef MICROCHIP_TCPIP
     /* include timer, NTP functions */
-    #include "system/system_services.h"
     #ifdef MICROCHIP_MPLAB_HARMONY
         #include "tcpip/tcpip.h"
     #else
+        #include "system/system_services.h"
         #include "tcpip/sntp.h"
     #endif
 #endif
@@ -157,21 +183,21 @@
     #define NO_FILESYSTEM
     #define CYASSL_USER_IO
     #define NO_DEV_RANDOM
-    #define HAVE_HKDF
-    #define NO_MAIN_DRIVER
-    #define CYASSL_LWIP
-
-    /* ECC and optimizations */
-    #define FREESCALE_MMCAU 1
     #define HAVE_ECC
     #define HAVE_ECC_ENCRYPT
+    #define ECC_SHAMIR
+    #define HAVE_HKDF
     #define USE_FAST_MATH
     #define TFM_TIMING_RESISTANT
-    #define TFM_ECC256
+    #define FP_MAX_BITS 512
-    #define TFM_ARM
+    #define NO_OLD_TLS
-    #define ECC_SHAMIR
+    #define NO_MD4
-    #define FP_ECC
+    #define NO_RABBIT
-    #define FP_ENTRIES 2
+    #define NO_HC128
+    #define NO_RSA
+    #define NO_DSA
+    #define NO_PWDBASED
+    #define NO_PSK
     #define FP_LUT 4
     #define FP_MAX_BITS 512
 

cyassl/ctaocrypt/sha.h

@@ -43,14 +43,22 @@ enum {
     SHA_PAD_SIZE     = 56
 };
 
+#ifdef CYASSL_PIC32MZ_HASH
+#include "port/pic32/pic32mz-crypt.h"
+#endif
 
 /* Sha digest */
 typedef struct Sha {
     word32  buffLen;   /* in bytes          */
     word32  loLen;     /* length in bytes   */
     word32  hiLen;     /* length in bytes   */
-    word32  digest[SHA_DIGEST_SIZE / sizeof(word32)];
     word32  buffer[SHA_BLOCK_SIZE  / sizeof(word32)];
+    #ifndef CYASSL_PIC32MZ_HASH
+    word32  digest[SHA_DIGEST_SIZE / sizeof(word32)];
+    #else
+    word32  digest[PIC32_HASH_SIZE / sizeof(word32)];
+    pic32mz_desc desc ; /* Crypt Engine descripter */
+    #endif
 } Sha;
 
 

cyassl/ctaocrypt/sha256.h

@@ -34,6 +34,10 @@
     extern "C" {
 #endif
 
+#ifdef CYASSL_PIC32MZ_HASH
+#include "port/pic32/pic32mz-crypt.h"
+#endif
+
 
 /* in bytes */
 enum {
@@ -51,6 +55,9 @@ typedef struct Sha256 {
     word32  hiLen;     /* length in bytes   */
     word32  digest[SHA256_DIGEST_SIZE / sizeof(word32)];
     word32  buffer[SHA256_BLOCK_SIZE  / sizeof(word32)];
+    #ifdef CYASSL_PIC32MZ_HASH
+        pic32mz_desc desc ; /* Crypt Engine descripter */
+    #endif
 } Sha256;
 
 

cyassl/test.h

@@ -81,7 +81,7 @@
 
 /* HPUX doesn't use socklent_t for third parameter to accept, unless
    _XOPEN_SOURCE_EXTENDED is defined */
-#if !defined(__hpux__) && !defined(CYASSL_MDK_ARM)
+#if !defined(__hpux__) && !defined(CYASSL_MDK_ARM) && !defined(CYASSL_IAR_ARM)
     typedef socklen_t* ACCEPT_THIRD_T;
 #else
     #if defined _XOPEN_SOURCE_EXTENDED

mplabx/benchmark_main.c

@@ -18,6 +18,15 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
  */
+#if defined(CYASSL_MICROCHIP_PIC32MZ)
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <cyassl/ctaocrypt/settings.h>
+    #define SYSTEMConfigPerformance /* void out SYSTEMConfigPerformance(); */
+#else
+
 #if defined(CYASSL_MICROCHIP_PIC32MZ)
     #define MICROCHIP_PIC32
     #include <xc.h>

mplabx/crypto.h

@@ -0,0 +1,82 @@
+/*
+ * File:   crypto.h
+ * Author: C15009
+ *
+ * Created on July 23, 2013, 12:26 PM
+ */
+
+#ifndef CRYPTO_H
+#define	CRYPTO_H
+
+#ifdef	__cplusplus
+extern "C" {
+#endif
+
+    typedef struct saCtrl {
+        unsigned int CRYPTOALGO : 4;
+        unsigned int MULTITASK : 3;
+        unsigned int KEYSIZE : 2;
+        unsigned int ENCTYPE : 1;
+        unsigned int ALGO : 7;
+        unsigned int : 3;
+        unsigned int FLAGS : 1;
+        unsigned int FB : 1;
+        unsigned int LOADIV : 1;
+        unsigned int LNC : 1;
+        unsigned int IRFLAG : 1;
+        unsigned int ICVONLY : 1;
+        unsigned int OR_EN : 1;
+        unsigned int NO_RX : 1;
+        unsigned int : 1;
+        unsigned int VERIFY : 1;
+        unsigned int : 2;
+    } saCtrl;
+
+    typedef struct securityAssociation {
+        saCtrl SA_CTRL;
+        unsigned int SA_AUTHKEY[8];
+        unsigned int SA_ENCKEY[8];
+        unsigned int SA_AUTHIV[8];
+        unsigned int SA_ENCIV[4];
+    } securityAssociation;
+
+    typedef struct bdCtrl {
+        unsigned int BUFLEN : 16;
+        unsigned int CBD_INT_EN : 1;
+        unsigned int PKT_INT_EN : 1;
+        unsigned int LIFM : 1;
+        unsigned int LAST_BD: 1;
+        unsigned int : 2;
+        unsigned int SA_FETCH_EN : 1;
+        unsigned int : 4;
+        unsigned int CRY_MODE: 3;
+        unsigned int : 1;
+        unsigned int DESC_EN : 1;
+        /* Naveen did this
+        unsigned int CRDMA_EN: 1;
+        unsigned int UPD_RES : 1;
+        unsigned int SA_FETCH_EN : 1;
+        unsigned int SEC_CODE : 1;
+        unsigned int : 7;
+        unsigned int DESC_EN : 1; */
+    } bdCtrl;
+
+    typedef struct bufferDescriptor {
+        bdCtrl BD_CTRL;
+//        unsigned int BD_CTRL;
+        unsigned int SA_ADDR;
+        unsigned int SRCADDR;
+        unsigned int DSTADDR;
+        unsigned int NXTPTR;
+        unsigned int UPDPTR;
+        unsigned int MSGLEN;
+        unsigned int ENCOFF;
+    } bufferDescriptor;
+
+
+#ifdef	__cplusplus
+}
+#endif
+
+#endif	/* CRYPTO_H */
+

mplabx/ssl-dummy.c

@@ -0,0 +1,52 @@
+/* ssl-dummy.c
+ *
+ * Copyright (C) 2006-2013 wolfSSL Inc.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <cyassl/ssl.h>
+#include <cyassl/internal.h>
+
+Signer* GetCA(void* vp, byte* hash) 
+{ 
+    return NULL  ;
+}
+
+int CyaSSL_dtls(CYASSL* ssl)
+{
+    return NULL ;
+}
+
+int CyaSSL_get_using_nonblock(CYASSL* ssl)
+{
+    return NULL ;
+}
+
+Signer* GetCAByName(void* vp, byte* hash)
+{
+    return NULL ;
+}
+
+int CyaSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz) 
+{
+        return NULL ;
+}

mplabx/test_main.c

@@ -19,6 +19,17 @@
  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <cyassl/ctaocrypt/settings.h>
+    #include <stdio.h>
+    #include <stdlib.h>
+    #include "PIC32MZ-serial.h"
+    #define  SYSTEMConfigPerformance /* void out SYSTEMConfigPerformance(); */
+#else
+
 #if defined(CYASSL_MICROCHIP_PIC32MZ)
     #define MICROCHIP_PIC32
     #include <xc.h>

src/ssl.c

@@ -2252,6 +2252,12 @@ int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm, const byte* buff,
 
 #ifndef NO_FILESYSTEM
 
+    #if defined(CYASSL_MDK_ARM)
+        extern FILE * CyaSSL_fopen(const char *name, const char *mode) ;
+        #define XFOPEN     CyaSSL_fopen
+    #else
+        #define XFOPEN     fopen
+    #endif
 
 /* process a file with name fname into ctx of format and type
    userChain specifies a user certificate chain to pass during handshake */