wolfSSL · billphipps · Aug 18, 2025 · Aug 11, 2025 · Aug 5, 2025 · Aug 13, 2025
diff --git a/src/wh_client_cryptocb.c b/src/wh_client_cryptocb.c
@@ -670,7 +670,7 @@ int wh_Client_CryptoCbDma(int devId, wc_CryptoInfo* info, void* inCtx)
         }
     } break; /* case WC_ALGO_TYPE_PK */
 
-#ifdef WOLFSSL_CMAC
+#if defined(WOLFSSL_CMAC) && !defined(WOLFHSM_CFG_NO_CMAC_DMA)
     case WC_ALGO_TYPE_CMAC: {
         Cmac*          cmac      = info->cmac.cmac;
         CmacType       type      = info->cmac.type;
@@ -684,7 +684,7 @@ int wh_Client_CryptoCbDma(int devId, wc_CryptoInfo* info, void* inCtx)
         ret = wh_Client_CmacDma(ctx, cmac, type, key, keyLen, in, inLen, outMac,
                                 outMacLen);
     } break;
-#endif
+#endif /* WOLFSSL_CMAC && !WOLFHSM_CFG_NO_CMAC_DMA */
 
     case WC_ALGO_TYPE_NONE:
     default:

diff --git a/src/wh_server_crypto.c b/src/wh_server_crypto.c
@@ -3223,9 +3223,11 @@ int wh_Server_HandleCryptoDmaRequest(whServerContext* ctx, uint16_t magic,
             break; /* WC_ALGO_TYPE_PK */
 
         case WC_ALGO_TYPE_CMAC:
+#if defined(WOLFSSL_CMAC) && !defined(WOLFHSM_CFG_NO_CMAC_DMA)
             ret = _HandleCmacDma(ctx, magic, seq, cryptoDataIn, cryptoInSize,
                                  cryptoDataOut, &cryptoOutSize);
             break;
+#endif /* WOLFSSL_CMAC && !WOLFHSM_CFG_NO_CMAC_DMA */
 
         case WC_ALGO_TYPE_NONE:
         default:

diff --git a/src/wh_server_dma.c b/src/wh_server_dma.c
@@ -131,6 +131,22 @@ int wh_Server_DmaRegisterCb(whServerContext* server, whServerDmaClientMemCb cb)
     return WH_ERROR_OK;
 }
 
+#ifdef WOLFHSM_CFG_DMA_CUSTOM_CLIENT_COPY
+int wh_Server_DmaRegisterMemCopyCb(whServerContext* server,
+                                   whServerDmaMemCopyCb cb)
+{
+    /* No NULL check for cb, since it is optional and always NULL checked before
+     * it is called */
+    if (NULL == server) {
+        return WH_ERROR_BADARGS;
+    }
+
+    server->dma.memCopyCb = cb;
+
+    return WH_ERROR_OK;
+}
+#endif /* WOLFHSM_CFG_DMA_CUSTOM_CLIENT_COPY */
+
 int wh_Server_DmaRegisterAllowList(whServerContext*                server,
                                    const whServerDmaAddrAllowList* allowlist)
 {
@@ -199,8 +215,22 @@ int whServerDma_CopyFromClient(struct whServerContext_t* server,
     }
 
     /* Perform the actual copy */
-    /* TODO: should we add a flag to force client word-sized reads? */
-    memcpy(serverPtr, transformedAddr, len);
+#ifdef WOLFHSM_CFG_DMA_CUSTOM_CLIENT_COPY
+    if (server->dma.memCopyCb != NULL) {
+        rc = server->dma.memCopyCb(server, (uintptr_t)transformedAddr,
+                                   (uintptr_t)serverPtr, len,
+                                   WH_DMA_OPER_CLIENT_READ, flags);
+        if (rc != WH_ERROR_OK) {
+            return rc;
+        }
+    }
+    else 
+#endif /* WOLFHSM_CFG_DMA_CUSTOM_CLIENT_COPY */
+    {
+
+        /* TODO: should we add a flag to force client word-sized reads? */
+        memcpy(serverPtr, transformedAddr, len);
+    }
 
     /* process the client address post-read */
     rc = wh_Server_DmaProcessClientAddress(
@@ -238,8 +268,21 @@ int whServerDma_CopyToClient(struct whServerContext_t* server,
     }
 
     /* Perform the actual copy */
-    /* TODO: should we add a flag to force client word-sized reads? */
-    memcpy(transformedAddr, serverPtr, len);
+#ifdef WOLFHSM_CFG_DMA_CUSTOM_CLIENT_COPY
+    if (server->dma.memCopyCb != NULL) {
+        rc = server->dma.memCopyCb(server, clientAddr, (uintptr_t)serverPtr,
+                                   len, WH_DMA_OPER_CLIENT_WRITE, flags);
+        if (rc != WH_ERROR_OK) {
+            return rc;
+        }
+    }
+    else
+#endif /* WOLFHSM_CFG_DMA_CUSTOM_CLIENT_COPY */
+    {
+
+        /* TODO: should we add a flag to force client word-sized reads? */
+        memcpy(transformedAddr, serverPtr, len);
+    }
 
     /* Process the client address post-write */
     rc = wh_Server_DmaProcessClientAddress(server, clientAddr, &transformedAddr,

diff --git a/test/wh_test_crypto.c b/test/wh_test_crypto.c
@@ -1099,7 +1099,7 @@ static int whTest_KeyCache(whClientContext* ctx, int devId, WC_RNG* rng)
         }
     }
 
-#ifdef WOLFHSM_CFG_DMA
+#if defined(WOLFHSM_CFG_DMA) && !defined(WOLFHSM_CFG_NO_KEY_DMA)
     /* test cache/export using DMA */
     if (ret == 0) {
         keyId = WH_KEYID_ERASED;
@@ -1298,7 +1298,7 @@ static int whTest_KeyCache(whClientContext* ctx, int devId, WC_RNG* rng)
             printf("KEY CROSS-CACHE EVICTION AND REPLACEMENT DMA SUCCESS\n");
         }
     }
-#endif /* WOLFHSM_CFG_DMA */
+#endif /* WOLFHSM_CFG_DMA && !WOLFHSM_CFG_NO_KEY_DMA */
 
     return ret;
 }

diff --git a/wolfhsm/wh_server.h b/wolfhsm/wh_server.h
@@ -129,6 +129,13 @@ typedef enum {
     WH_DMA_OPER_CLIENT_WRITE_POST = 3,
 } whServerDmaOper;
 
+#ifdef WOLFHSM_CFG_DMA_CUSTOM_CLIENT_COPY
+typedef enum {
+    WH_DMA_OPER_CLIENT_READ = 0,
+    WH_DMA_OPER_CLIENT_WRITE = 1,
+} whServerDmaCopyOper;
+#endif /* WOLFHSM_CFG_DMA_CUSTOM_CLIENT_COPY */
+
 /* Flags embedded in request/response structs provided by client */
 typedef struct {
     uint8_t cacheForceInvalidate : 1;
@@ -142,6 +149,14 @@ typedef int (*whServerDmaClientMemCb)(struct whServerContext_t* server,
                                       size_t len, whServerDmaOper oper,
                                       whServerDmaFlags flags);
 
+#ifdef WOLFHSM_CFG_DMA_CUSTOM_CLIENT_COPY
+/* DMA callback invoked to copy from the client */
+typedef int (*whServerDmaMemCopyCb)(struct whServerContext_t* server,
+                                      uintptr_t clientAddr, uintptr_t serverPtr,
+                                      size_t len, whServerDmaCopyOper oper,
+                                      whServerDmaFlags flags);
+#endif /* WOLFHSM_CFG_DMA_CUSTOM_CLIENT_COPY */
+
 /* DMA address entry within the allowed tables. */
 /* Note: These are translated addresses from the Server's perspective*/
 typedef struct {
@@ -160,11 +175,17 @@ typedef struct {
 /* Server DMA configuration struct for initializing a server */
 typedef struct {
     whServerDmaClientMemCb          cb;               /* DMA callback */
+#ifdef WOLFHSM_CFG_DMA_CUSTOM_CLIENT_COPY
+    whServerDmaMemCopyCb            memCopyCb;       /* DMA memory copy callback */
+#endif /* WOLFHSM_CFG_DMA_CUSTOM_CLIENT_COPY */
     const whServerDmaAddrAllowList* dmaAddrAllowList; /* allowed addresses */
 } whServerDmaConfig;
 
 typedef struct {
     whServerDmaClientMemCb          cb;               /* DMA callback */
+#ifdef WOLFHSM_CFG_DMA_CUSTOM_CLIENT_COPY
+    whServerDmaMemCopyCb            memCopyCb;       /* DMA memory copy callback */
+#endif /* WOLFHSM_CFG_DMA_CUSTOM_CLIENT_COPY */
     const whServerDmaAddrAllowList* dmaAddrAllowList; /* allowed addresses */
 } whServerDmaContext;
 
@@ -384,6 +405,23 @@ int wh_Server_HandleCustomCbRequest(whServerContext* server, uint16_t magic,
 int wh_Server_DmaRegisterCb(struct whServerContext_t* server,
                             whServerDmaClientMemCb    cb);
 
+
+#ifdef WOLFHSM_CFG_DMA_CUSTOM_CLIENT_COPY
+/**
+ * @brief Registers a custom memory copy callback for DMA operations.
+ * This function allows the server to register a callback that will be invoked
+ * during DMA memory copy operations. The callback can be used to
+ * perform custom memory copy operations, such as remapping addresses
+ * or handling special cases.
+ * @param[in] server Pointer to the server context.
+ * @param[in] cb The custom memory copy callback handler to register.
+ * @return int Returns WH_ERROR_OK on success, or WH_ERROR_BADARGS if the
+ * arguments are invalid.
+ */
+int wh_Server_DmaRegisterMemCopyCb(whServerContext*     server,
+                                   whServerDmaMemCopyCb cb);
+#endif /* WOLFHSM_CFG_DMA_CUSTOM_CLIENT_COPY */
+
 /**
  * @brief Registers the allowable client read/write addresses for DMA.
  *

diff --git a/wolfhsm/wh_settings.h b/wolfhsm/wh_settings.h
@@ -67,6 +67,16 @@
  *  WOLFHSM_CFG_SERVER_IMG_MGR_MAX_SIG_SIZE - Maximum signature size for image
  * verification Default: 512 bytes (RSA4096)
  *
+ *  WOLFHSM_CFG_DMA_CUSTOM_CLIENT_COPY - if defined, allows to setup a custom
+ * callback to handle client to server and/or server to client memory copy
+ * operation in DMA requests.
+ *     Default: Not defined
+ *
+ *  WOLFHSM_CFG_NO_CMAC_DMA - if defined, disables the use of CMAC for DMA
+ *     Default: Not defined
+ *
+ *  WOLFHSM_CFG_NO_KEY_DMA  - if defined, disables the use of DMA for keys
+ *     Default: Not defined
  *
  *  Overridable porting functions:
  *