This is an automated email from the ASF dual-hosted git repository.
acassis pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nuttx.git
The following commit(s) were added to refs/heads/master by this push:
new 8a10e35c0bd arch/xtensa/esp32: Fix support for hardware accelerated AES
8a10e35c0bd is described below
commit 8a10e35c0bd74f6fb27edc8d328294ccdfb0fe41
Author: Vlad Pruteanu <[email protected]>
AuthorDate: Mon Oct 20 22:32:49 2025 +0300
arch/xtensa/esp32: Fix support for hardware accelerated AES
Curently, the driver code for HW accelerated AES is not usable
since it's not registered within esp32_crypto. This commit fixes
it as well as a few bugs.
Signed-off-by: Vlad Pruteanu <[email protected]>
---
arch/xtensa/src/esp32/esp32_aes.c | 6 +----
arch/xtensa/src/esp32/esp32_crypto.c | 31 ++++++++++++++++++++++
.../esp32/esp32-devkitc/configs/crypto/defconfig | 2 ++
3 files changed, 34 insertions(+), 5 deletions(-)
diff --git a/arch/xtensa/src/esp32/esp32_aes.c
b/arch/xtensa/src/esp32/esp32_aes.c
index 6b0c1153516..3940991aca6 100644
--- a/arch/xtensa/src/esp32/esp32_aes.c
+++ b/arch/xtensa/src/esp32/esp32_aes.c
@@ -595,11 +595,6 @@ int aes_cypher(void *out, const void *in, size_t size,
return -EINVAL;
}
- if (keysize != 16)
- {
- return -EINVAL;
- }
-
if ((mode != AES_MODE_ECB) &&
(mode != AES_MODE_CBC) &&
(mode != AES_MODE_CTR))
@@ -633,6 +628,7 @@ int aes_cypher(void *out, const void *in, size_t size,
memcpy(iv_buf, iv, AES_BLK_SIZE);
ret = esp32_aes_ctr_cypher(&aes, &nc_off, iv_buf, cache_buf,
in, out, size);
+ break;
default:
ret = -EINVAL;
break;
diff --git a/arch/xtensa/src/esp32/esp32_crypto.c
b/arch/xtensa/src/esp32/esp32_crypto.c
index 6ec2f4e6057..1bb6365d9c9 100644
--- a/arch/xtensa/src/esp32/esp32_crypto.c
+++ b/arch/xtensa/src/esp32/esp32_crypto.c
@@ -32,6 +32,7 @@
#include <nuttx/crypto/crypto.h>
#include "esp32_sha.h"
+#include "esp32_aes.h"
#include <stdio.h>
/****************************************************************************
@@ -368,6 +369,10 @@ static int esp32_newsession(uint32_t *sid, struct
cryptoini *cri)
switch (cri->cri_alg)
{
+ case CRYPTO_AES_CBC:
+ break;
+ case CRYPTO_AES_CTR:
+ break;
case CRYPTO_SHA1:
axf = &g_auth_hash_sha1_esp32;
goto common;
@@ -519,6 +524,30 @@ static int esp32_process(struct cryptop *crp)
switch (data->alg)
{
+ case CRYPTO_AES_CBC:
+ err = aes_cypher(crp->crp_dst, crp->crp_buf, crd->crd_len,
+ crp->crp_iv, crd->crd_key, 16, AES_MODE_CBC,
+ crd->crd_flags & CRD_F_ENCRYPT);
+ if (err < 0)
+ {
+ return err;
+ }
+
+ break;
+ case CRYPTO_AES_CTR:
+ memset(iv, 0, sizeof(iv));
+ memcpy(iv, crd->crd_key + crd->crd_klen / 8 - 4, 4);
+ memcpy(iv + 4, crp->crp_iv, 8);
+ iv[15] = 0x1;
+ err = aes_cypher(crp->crp_dst, crp->crp_buf, crd->crd_len, iv,
+ crd->crd_key, crd->crd_klen / 8 - 4,
+ AES_MODE_CTR, crd->crd_flags & CRD_F_ENCRYPT);
+ if (err < 0)
+ {
+ return err;
+ }
+
+ break;
case CRYPTO_SHA1:
case CRYPTO_SHA2_256:
case CRYPTO_SHA2_384:
@@ -556,6 +585,8 @@ void hwcr_init(void)
memset(algs, 0, sizeof(algs));
+ algs[CRYPTO_AES_CBC] = CRYPTO_ALG_FLAG_SUPPORTED;
+ algs[CRYPTO_AES_CTR] = CRYPTO_ALG_FLAG_SUPPORTED;
algs[CRYPTO_SHA1] = CRYPTO_ALG_FLAG_SUPPORTED;
algs[CRYPTO_SHA2_256] = CRYPTO_ALG_FLAG_SUPPORTED;
algs[CRYPTO_SHA2_384] = CRYPTO_ALG_FLAG_SUPPORTED;
diff --git a/boards/xtensa/esp32/esp32-devkitc/configs/crypto/defconfig
b/boards/xtensa/esp32/esp32-devkitc/configs/crypto/defconfig
index 600c1ac3e60..ccbda9a762d 100644
--- a/boards/xtensa/esp32/esp32-devkitc/configs/crypto/defconfig
+++ b/boards/xtensa/esp32/esp32-devkitc/configs/crypto/defconfig
@@ -21,10 +21,12 @@ CONFIG_ARCH_XTENSA=y
CONFIG_BOARD_LOOPSPERMSEC=16717
CONFIG_BUILTIN=y
CONFIG_CRYPTO=y
+CONFIG_CRYPTO_AES=y
CONFIG_CRYPTO_CRYPTODEV=y
CONFIG_CRYPTO_CRYPTODEV_HARDWARE=y
CONFIG_CRYPTO_RANDOM_POOL=y
CONFIG_DEFAULT_TASK_STACKSIZE=8192
+CONFIG_ESP32_AES_ACCELERATOR=y
CONFIG_ESP32_SHA_ACCELERATOR=y
CONFIG_ESP32_UART0=y
CONFIG_FS_PROCFS=y
