This is an automated email from the ASF dual-hosted git repository. acassis pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nuttx.git
commit 76f69c7a8c56c68c5a0d4086a5ee7d8b58e4b443 Author: Eren Terzioglu <[email protected]> AuthorDate: Mon Jan 19 10:53:11 2026 +0100 arch/risc-v/espressif: Add AES accelerator support Add AES accelerator support for esp32[-c3|-c6|-h2|-p4] Signed-off-by: Eren Terzioglu <[email protected]> --- arch/risc-v/src/common/espressif/Kconfig | 6 + arch/risc-v/src/common/espressif/Make.defs | 4 + arch/risc-v/src/common/espressif/esp_aes.c | 627 ++++++++++++++++++++++++++ arch/risc-v/src/common/espressif/esp_aes.h | 217 +++++++++ arch/risc-v/src/common/espressif/esp_crypto.c | 52 +++ arch/risc-v/src/esp32c3/hal_esp32c3.mk | 1 + arch/risc-v/src/esp32c6/hal_esp32c6.mk | 1 + arch/risc-v/src/esp32h2/hal_esp32h2.mk | 1 + arch/risc-v/src/esp32p4/hal_esp32p4.mk | 1 + 9 files changed, 910 insertions(+) diff --git a/arch/risc-v/src/common/espressif/Kconfig b/arch/risc-v/src/common/espressif/Kconfig index dd181656eb4..41ceae53cd5 100644 --- a/arch/risc-v/src/common/espressif/Kconfig +++ b/arch/risc-v/src/common/espressif/Kconfig @@ -1023,6 +1023,12 @@ config ESPRESSIF_SHA_ACCELERATOR ---help--- Enable SHA accelerator support. +config ESPRESSIF_AES_ACCELERATOR + bool "AES Accelerator" + default n + ---help--- + Enable AES accelerator support. + config ESPRESSIF_ADC bool "Analog-to-digital converter (ADC)" default n diff --git a/arch/risc-v/src/common/espressif/Make.defs b/arch/risc-v/src/common/espressif/Make.defs index 2a7bdb6647c..b21143f0b11 100644 --- a/arch/risc-v/src/common/espressif/Make.defs +++ b/arch/risc-v/src/common/espressif/Make.defs @@ -171,6 +171,10 @@ ifeq ($(CONFIG_ESPRESSIF_SHA_ACCELERATOR),y) CHIP_CSRCS += esp_sha.c endif +ifeq ($(CONFIG_ESPRESSIF_AES_ACCELERATOR),y) + CHIP_CSRCS += esp_aes.c +endif + ifeq ($(CONFIG_CRYPTO_CRYPTODEV_HARDWARE),y) CHIP_CSRCS += esp_crypto.c endif diff --git a/arch/risc-v/src/common/espressif/esp_aes.c b/arch/risc-v/src/common/espressif/esp_aes.c new file mode 100644 index 00000000000..5e8eeadabd0 --- /dev/null +++ b/arch/risc-v/src/common/espressif/esp_aes.c @@ -0,0 +1,627 @@ +/**************************************************************************** + * arch/risc-v/src/common/espressif/esp_aes.c + * + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. The + * ASF licenses this file to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the + * License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + * + ****************************************************************************/ + +/**************************************************************************** + * Included Files + ****************************************************************************/ + +#include <stdint.h> +#include <stdio.h> +#include <string.h> +#include <assert.h> +#include <debug.h> +#include <semaphore.h> + +#include <nuttx/mutex.h> +#include <nuttx/crypto/crypto.h> + +#include "riscv_internal.h" +#include "esp_aes.h" + +#include "esp_private/periph_ctrl.h" +#include "esp_private/esp_crypto_lock_internal.h" +#include "soc/periph_defs.h" +#include "hal/aes_hal.h" +#include "hal/aes_ll.h" +#include "soc/soc_caps.h" +#include "rom/cache.h" + +/**************************************************************************** + * Pre-processor Definitions + ****************************************************************************/ + +#define AES_BLK_SIZE (16) + +/**************************************************************************** + * Private Data + ****************************************************************************/ + +static bool g_aes_inited; +static mutex_t g_aes_lock = NXMUTEX_INITIALIZER; + +/**************************************************************************** + * Private Functions + ****************************************************************************/ + +/**************************************************************************** + * Name: aes_hw_setkey + * + * Description: + * Set AES hardware key and encryption/decryption mode + * + * Input Parameters: + * aes - AES object data pointer + * encrypt - True: encryption mode; False: decryption mode + * + * Returned Value: + * None + * + ****************************************************************************/ + +static void aes_hw_setkey(struct esp_aes_s *aes, bool encrypt) +{ + aes_hal_setkey((uint8_t *)aes->key, aes->keybits / 8, encrypt); +} + +/**************************************************************************** + * Name: aes_hw_cypher + * + * Description: + * Process AES hardware encryption/decryption. + * + * Input Parameters: + * s - Input data pointer + * d - Output buffer pointer + * + * Returned Value: + * None. + * + ****************************************************************************/ + +static void aes_hw_cypher(const uint8_t *s, uint8_t *d) +{ + aes_hal_transform_block(s, d); +} + +/**************************************************************************** + * Name: gf128mul_x_ble + * + * Description: + * GF(2^128) multiplication function. + * + * Input Parameters: + * d - Result buffer + * s - Input data buffer + * + * Returned Value: + * None. + * + ****************************************************************************/ + +static void gf128mul_x_ble(uint8_t *d, const uint8_t *s) +{ + uint64_t a, b, ra, rb; + + memcpy(&a, s, 8); + memcpy(&b, s + 8, 8); + + ra = (a << 1) ^ (0x0087 >> (8 - ((b >> 63) << 3))); + rb = (a >> 63) | (b << 1); + + memcpy(d, &ra, 8); + memcpy(d + 8, &rb, 8); +} + +/**************************************************************************** + * Public Functions + ****************************************************************************/ + +/**************************************************************************** + * Name: esp_aes_ecb_cypher + * + * Description: + * Process AES ECB encryption/decryption. + * + * Input Parameters: + * aes - AES object data pointer + * encrypt - True: encryption mode; False: decryption mode + * input - Input data pointer + * output - Output buffer pointer + * size - Data size in bytes + * + * Returned Value: + * OK is returned on success. Otherwise, a negated errno value is returned. + * + ****************************************************************************/ + +int esp_aes_ecb_cypher(struct esp_aes_s *aes, bool encrypt, + const void *input, void *output, uint32_t size) +{ + int ret; + uint32_t i; + const uint8_t *s = (const uint8_t *)input; + uint8_t *d = (uint8_t *)output; + + DEBUGASSERT(aes && input && output); + DEBUGASSERT(size && ((size % AES_BLK_SIZE) == 0)); + + ret = nxmutex_lock(&g_aes_lock); + if (ret < 0) + { + return ret; + } + + aes_hw_setkey(aes, encrypt); + + for (i = 0; i < size; i += AES_BLK_SIZE) + { + aes_hw_cypher(s, d); + + s += AES_BLK_SIZE; + d += AES_BLK_SIZE; + } + + ret = nxmutex_unlock(&g_aes_lock); + if (ret < 0) + { + return ret; + } + + return OK; +} + +/**************************************************************************** + * Name: esp_aes_cbc_cypher + * + * Description: + * Process AES CBC encryption/decryption. + * + * Input Parameters: + * aes - AES object data pointer + * encrypt - True: encryption mode; False: decryption mode + * ivptr - Initialization vector pointer + * input - Input data pointer + * output - Output buffer pointer + * size - Data size in bytes + * + * Returned Value: + * OK is returned on success. Otherwise, a negated errno value is returned. + * + ****************************************************************************/ + +int esp_aes_cbc_cypher(struct esp_aes_s *aes, bool encrypt, + void *ivptr, const void *input, void *output, + uint32_t size) +{ + int ret; + uint32_t i; + uint32_t j; + const uint8_t *s = (const uint8_t *)input; + uint8_t *d = (uint8_t *)output; + uint8_t *iv = (uint8_t *)ivptr; + + DEBUGASSERT(aes && input && output && ivptr); + DEBUGASSERT(size && ((size % AES_BLK_SIZE) == 0)); + + ret = nxmutex_lock(&g_aes_lock); + if (ret < 0) + { + return ret; + } + + aes_hw_setkey(aes, encrypt); + + for (i = 0; i < size; i += AES_BLK_SIZE) + { + if (encrypt) + { + for (j = 0; j < AES_BLK_SIZE; j++) + { + d[j] = s[j] ^ iv[j]; + } + + aes_hw_cypher(d, d); + + memcpy(iv, d, AES_BLK_SIZE); + } + else + { + aes_hw_cypher(s, d); + + for (j = 0; j < AES_BLK_SIZE; j++) + { + d[j] = d[j] ^ iv[j]; + } + + memcpy(iv, s, AES_BLK_SIZE); + } + + s += AES_BLK_SIZE; + d += AES_BLK_SIZE; + } + + ret = nxmutex_unlock(&g_aes_lock); + if (ret < 0) + { + return ret; + } + + return OK; +} + +/**************************************************************************** + * Name: esp_aes_ctr_cypher + * + * Description: + * Process AES CTR encryption/decryption. + * + * Input Parameters: + * aes - AES object data pointer + * offptr - Offset buffer pointer + * cntptr - Counter buffer pointer + * cacheptr - Counter calculation buffer pointer + * input - Input data pointer + * output - Output buffer pointer + * size - Data size in bytes + * + * Returned Value: + * OK is returned on success. Otherwise, a negated errno value is returned. + * + ****************************************************************************/ + +int esp_aes_ctr_cypher(struct esp_aes_s *aes, uint32_t *offptr, + void *cntptr, void *cacheptr, const void *input, + void *output, uint32_t size) +{ + int ret; + uint32_t i; + uint32_t j; + uint32_t n; + uint8_t *cnt = (uint8_t *)cntptr; + uint8_t *cache = (uint8_t *)cacheptr; + const uint8_t *s = (const uint8_t *)input; + uint8_t *d = (uint8_t *)output; + + DEBUGASSERT(aes && offptr && cntptr && cacheptr && input && output); + DEBUGASSERT(size); + + ret = nxmutex_lock(&g_aes_lock); + if (ret < 0) + { + return ret; + } + + aes_hw_setkey(aes, true); + + n = *offptr; + for (i = 0; i < size; i++) + { + if (n == 0) + { + aes_hw_cypher(cnt, cache); + for (j = AES_BLK_SIZE - 1; j > 0; j--) + { + cnt[j]++; + if (cnt[j] != 0) + { + break; + } + } + } + + d[i] = s[i] ^ cache[n]; + + n = (n + 1) & (AES_BLK_SIZE - 1); + } + + *offptr = n; + + ret = nxmutex_unlock(&g_aes_lock); + if (ret < 0) + { + return ret; + } + + return OK; +} + +/**************************************************************************** + * Name: esp_aes_xts_cypher + * + * Description: + * Process AES XTS encryption/decryption. + * + * Input Parameters: + * aes - AES object data pointer + * encrypt - True: encryption mode; False: decryption mode + * unitptr - Unit data buffer pointer + * input - Input data pointer + * output - Output buffer pointer + * size - Data size in bytes + * + * Returned Value: + * OK is returned on success. Otherwise, a negated errno value is returned. + * + ****************************************************************************/ + +int esp_aes_xts_cypher(struct esp_aes_xts_s *aes, bool encrypt, + void *unitptr, const void *input, void *output, + uint32_t size) +{ + int ret; + uint32_t i; + uint32_t j; + uint32_t blks; + uint32_t rst; + uint8_t *t; + uint8_t *prev_output; + uint8_t tweak[AES_BLK_SIZE]; + uint8_t prev_tweak[AES_BLK_SIZE]; + uint8_t tmp[AES_BLK_SIZE]; + uint8_t *unit = (uint8_t *)unitptr; + const uint8_t *s = (const uint8_t *)input; + uint8_t *d = (uint8_t *)output; + + DEBUGASSERT(aes && unitptr && input && output); + + /* NIST SP 80-38E disallows data units larger than 2**20 blocks. */ + + DEBUGASSERT((size >= AES_BLK_SIZE) && + (size <= ((1 << 20) * AES_BLK_SIZE))); + + ret = nxmutex_lock(&g_aes_lock); + if (ret < 0) + { + return ret; + } + + blks = size / AES_BLK_SIZE; + rst = size % AES_BLK_SIZE; + + aes_hw_setkey(&aes->tweak, true); + aes_hw_cypher(unit, tweak); + + for (i = 0; i < blks; i++) + { + if (rst && (encrypt == false) && (blks == 1)) + { + memcpy(prev_tweak, tweak, AES_BLK_SIZE); + gf128mul_x_ble(tweak, tweak); + } + + for (j = 0; j < AES_BLK_SIZE; j++) + { + tmp[j] = s[j] ^ tweak[j]; + } + + aes_hw_setkey(&aes->crypt, encrypt); + aes_hw_cypher(tmp, tmp); + + for (j = 0; j < AES_BLK_SIZE; j++) + { + d[j] = tmp[j] ^ tweak[j]; + } + + gf128mul_x_ble(tweak, tweak); + + s += AES_BLK_SIZE; + d += AES_BLK_SIZE; + } + + if (rst) + { + t = encrypt ? tweak : prev_tweak; + prev_output = d - AES_BLK_SIZE; + + for (i = 0; i < rst; i++) + { + d[i] = prev_output[i]; + tmp[i] = s[i] ^ t[i]; + } + + for (; i < AES_BLK_SIZE; i++) + { + tmp[i] = prev_output[i] ^ t[i]; + } + + aes_hw_setkey(&aes->crypt, encrypt); + aes_hw_cypher(tmp, tmp); + + for (i = 0; i < AES_BLK_SIZE; i++) + { + prev_output[i] = tmp[i] ^ t[i]; + } + } + + ret = nxmutex_unlock(&g_aes_lock); + if (ret < 0) + { + return ret; + } + + return OK; +} + +/**************************************************************************** + * Name: esp_aes_setkey + * + * Description: + * Configure AES key. + * + * Input Parameters: + * aes - AES object data pointer + * keyptr - Key data pointer + * keybits - Key data bits + * + * Returned Value: + * OK is returned on success. Otherwise, a negated errno value is returned. + * + ****************************************************************************/ + +int esp_aes_setkey(struct esp_aes_s *aes, const void *keyptr, + uint16_t keybits) +{ + DEBUGASSERT(aes && keyptr); + + if ((keybits != 128) && (keybits != 256)) + { + return -EINVAL; + } + + aes->keybits = keybits; + memcpy(aes->key, keyptr, keybits / 8); + + return OK; +} + +/**************************************************************************** + * Name: esp_aes_xts_setkey + * + * Description: + * Configure AES XTS key. + * + * Input Parameters: + * aes - AES object data pointer + * keyptr - Key data pointer + * keybits - Key data bits + * + * Returned Value: + * OK is returned on success. Otherwise, a negated errno value is returned. + * + ****************************************************************************/ + +int esp_aes_xts_setkey(struct esp_aes_xts_s *aes, const void *keyptr, + uint16_t keybits) +{ + const uint8_t *key = (const uint8_t *)keyptr; + uint16_t half_keybits = keybits / 2; + + DEBUGASSERT(aes && keyptr); + + if ((keybits != 256) && (keybits != 512)) + { + return -EINVAL; + } + + aes->crypt.keybits = half_keybits; + memcpy(aes->crypt.key, key, half_keybits / 8); + + aes->tweak.keybits = half_keybits; + memcpy(aes->tweak.key, key + half_keybits / 8, half_keybits / 8); + + return OK; +} + +/**************************************************************************** + * Name: esp_aes_init + * + * Description: + * Initialize ESP device AES hardware. + * + * Input Parameters: + * None + * + * Returned Value: + * OK is returned on success. Otherwise, a negated errno value is returned. + * + ****************************************************************************/ + +int esp_aes_init(void) +{ + if (!g_aes_inited) + { + AES_RCC_ATOMIC() + { + aes_ll_enable_bus_clock(true); + aes_ll_reset_register(); + } + + g_aes_inited = true; + } + + return OK; +} + +#ifdef CONFIG_CRYPTO_AES + +int aes_cypher(void *out, const void *in, size_t size, + const void *iv, const void *key, size_t keysize, + int mode, int encrypt) +{ + int ret; + uint8_t iv_buf[AES_BLK_SIZE]; + uint8_t cache_buf[AES_BLK_SIZE]; + uint32_t nc_off; + struct esp_aes_s aes; + + if ((size & (AES_BLK_SIZE - 1)) != 0) + { + return -EINVAL; + } + + if (keysize != 16 && keysize != 32) + { + return -EINVAL; + } + + if ((mode != AES_MODE_ECB) && + (mode != AES_MODE_CBC) && + (mode != AES_MODE_CTR)) + { + return -EINVAL; + } + + ret = esp_aes_init(); + if (ret < 0) + { + return ret; + } + + ret = esp_aes_setkey(&aes, key, keysize * 8); + if (ret < 0) + { + return ret; + } + + switch (mode) + { + case AES_MODE_ECB: + ret = esp_aes_ecb_cypher(&aes, encrypt, in, out, size); + break; + case AES_MODE_CBC: + memcpy(iv_buf, iv, AES_BLK_SIZE); + ret = esp_aes_cbc_cypher(&aes, encrypt, iv_buf, in, out, size); + break; + case AES_MODE_CTR: + nc_off = 0; + memcpy(iv_buf, iv, AES_BLK_SIZE); + ret = esp_aes_ctr_cypher(&aes, &nc_off, iv_buf, cache_buf, + in, out, size); + break; + default: + ret = -EINVAL; + break; + } + + return ret; +} +#endif /* CONFIG_CRYPTO_AES */ diff --git a/arch/risc-v/src/common/espressif/esp_aes.h b/arch/risc-v/src/common/espressif/esp_aes.h new file mode 100644 index 00000000000..d70675a0f6e --- /dev/null +++ b/arch/risc-v/src/common/espressif/esp_aes.h @@ -0,0 +1,217 @@ +/**************************************************************************** + * arch/risc-v/src/common/espressif/esp_aes.h + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. The + * ASF licenses this file to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the + * License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + * + ****************************************************************************/ + +/**************************************************************************** + * Included Files + ****************************************************************************/ + +#ifndef __ARCH_RISCV_SRC_COMMON_ESPRESSIF_ESP_AES_H +#define __ARCH_RISCV_SRC_COMMON_ESPRESSIF_ESP_AES_H + +#include <nuttx/config.h> +#include <stdint.h> + +#ifndef __ASSEMBLY__ + +#undef EXTERN +#if defined(__cplusplus) +#define EXTERN extern "C" +extern "C" +{ +#else +#define EXTERN extern +#endif + +/**************************************************************************** + * Public Types + ****************************************************************************/ + +/* AES private description */ + +struct esp_aes_s +{ + uint32_t key[8]; /* Key data value */ + uint16_t keybits; /* Key data bits */ +}; + +/* AES XTS private description */ + +struct esp_aes_xts_s +{ + struct esp_aes_s crypt; /* AES block encryption/decryption */ + struct esp_aes_s tweak; /* AES tweak encryption/decryption */ +}; + +/**************************************************************************** + * Public Function Prototypes + ****************************************************************************/ + +/**************************************************************************** + * Name: esp_aes_ecb_cypher + * + * Description: + * Process AES ECB encryption/decryption. + * + * Input Parameters: + * aes - AES object data pointer + * encrypt - True: encryption mode; False: decryption mode + * input - Input data pointer + * output - Output buffer pointer + * size - Data size in bytes + * + * Returned Value: + * OK is returned on success. Otherwise, a negated errno value is returned. + * + ****************************************************************************/ + +int esp_aes_ecb_cypher(struct esp_aes_s *aes, bool encrypt, + const void *input, void *output, uint32_t size); + +/**************************************************************************** + * Name: esp_aes_cbc_cypher + * + * Description: + * Process AES CBC encryption/decryption. + * + * Input Parameters: + * aes - AES object data pointer + * encrypt - True: encryption mode; False: decryption mode + * ivptr - Initialization vector pointer + * input - Input data pointer + * output - Output buffer pointer + * size - Data size in bytes + * + * Returned Value: + * OK is returned on success. Otherwise, a negated errno value is returned. + * + ****************************************************************************/ + +int esp_aes_cbc_cypher(struct esp_aes_s *aes, bool encrypt, + void *ivptr, const void *input, void *output, + uint32_t size); + +/**************************************************************************** + * Name: esp_aes_ctr_cypher + * + * Description: + * Process AES CTR encryption/decryption. + * + * Input Parameters: + * aes - AES object data pointer + * offptr - Offset buffer pointer + * cntptr - Counter buffer pointer + * cacheptr - Counter calculation buffer pointer + * input - Input data pointer + * output - Output buffer pointer + * size - Data size in bytes + * + * Returned Value: + * OK is returned on success. Otherwise, a negated errno value is returned. + * + ****************************************************************************/ + +int esp_aes_ctr_cypher(struct esp_aes_s *aes, uint32_t *offptr, + void *cntptr, void *cacheptr, const void *input, + void *output, uint32_t size); + +/**************************************************************************** + * Name: esp_aes_xts_cypher + * + * Description: + * Process AES XTS encryption/decryption. + * + * Input Parameters: + * aes - AES object data pointer + * encrypt - True: encryption mode; False: decryption mode + * unitptr - Unit data buffer pointer + * input - Input data pointer + * output - Output buffer pointer + * size - Data size in bytes + * + * Returned Value: + * OK is returned on success. Otherwise, a negated errno value is returned. + * + ****************************************************************************/ + +int esp_aes_xts_cypher(struct esp_aes_xts_s *aes, bool encrypt, + void *unitptr, const void *input, void *output, + uint32_t size); + +/**************************************************************************** + * Name: esp_aes_setkey + * + * Description: + * Configure AES key. + * + * Input Parameters: + * aes - AES object data pointer + * keyptr - Key data pointer + * keybits - Key data bits + * + * Returned Value: + * OK is returned on success. Otherwise, a negated errno value is returned. + * + ****************************************************************************/ + +int esp_aes_setkey(struct esp_aes_s *aes, const void *keyptr, + uint16_t keybits); + +/**************************************************************************** + * Name: esp_aes_xts_setkey + * + * Description: + * Configure AES XTS key. + * + * Input Parameters: + * aes - AES object data pointer + * keyptr - Key data pointer + * keybits - Key data bits + * + * Returned Value: + * OK is returned on success. Otherwise, a negated errno value is returned. + * + ****************************************************************************/ + +int esp_aes_xts_setkey(struct esp_aes_xts_s *aes, const void *keyptr, + uint16_t keybits); + +/**************************************************************************** + * Name: esp_aes_init + * + * Description: + * Initialize AES hardware driver. + * + * Input Parameters: + * None + * + * Returned Value: + * OK is returned on success. Otherwise, a negated errno value is returned. + * + ****************************************************************************/ + +int esp_aes_init(void); + +#ifdef __cplusplus +} +#endif +#undef EXTERN + +#endif /* __ASSEMBLY__ */ +#endif /* __ARCH_RISCV_SRC_COMMON_ESPRESSIF_ESP_AES_H */ diff --git a/arch/risc-v/src/common/espressif/esp_crypto.c b/arch/risc-v/src/common/espressif/esp_crypto.c index 976de492af7..6dec8339af6 100644 --- a/arch/risc-v/src/common/espressif/esp_crypto.c +++ b/arch/risc-v/src/common/espressif/esp_crypto.c @@ -34,6 +34,7 @@ #include <nuttx/crypto/crypto.h> #include "esp_sha.h" +#include "esp_aes.h" /**************************************************************************** * Private Functions Prototypes @@ -440,6 +441,23 @@ static int esp_newsession(uint32_t *sid, struct cryptoini *cri) switch (cri->cri_alg) { +#ifdef CONFIG_CRYPTO_AES + case CRYPTO_AES_CBC: + break; + + case CRYPTO_AES_CTR: + if ((cri->cri_klen / 8 - 4) != 16 && + (cri->cri_klen / 8 -4) != 32) + { + /* esp aes-ctr key bits just support 128 & 256 */ + + esp_freesession(i); + kmm_free(data); + return -EINVAL; + } + + break; +#endif case CRYPTO_SHA1: axf = &g_auth_hash_sha1_esp; goto sha_common; @@ -619,6 +637,7 @@ static int esp_process(struct cryptop *crp) struct cryptodesc *crd; struct esp_crypto_list *session; struct esp_crypto_data *data; + uint8_t iv[AESCTR_BLOCKSIZE]; uint32_t lid; int err = 0; @@ -645,6 +664,35 @@ static int esp_process(struct cryptop *crp) switch (data->alg) { +#ifdef CONFIG_CRYPTO_AES + case CRYPTO_AES_CBC: + err = aes_cypher(crp->crp_dst, crp->crp_buf, crd->crd_len, + crp->crp_iv, crd->crd_key, crd->crd_klen / 8, + AES_MODE_CBC, crd->crd_flags & CRD_F_ENCRYPT); + + if (err < 0) + { + return err; + } + break; + case CRYPTO_AES_CTR: + memcpy(iv, crd->crd_key + crd->crd_klen / 8 - AESCTR_NONCESIZE, + AESCTR_NONCESIZE); + memcpy(iv + AESCTR_NONCESIZE, crp->crp_iv, AESCTR_IVSIZE); + memcpy(iv + AESCTR_NONCESIZE + AESCTR_IVSIZE, + (uint8_t *)crp->crp_iv + AESCTR_IVSIZE, 4); + err = aes_cypher(crp->crp_dst, crp->crp_buf, crd->crd_len, iv, + crd->crd_key, + crd->crd_klen / 8 - AESCTR_NONCESIZE, + AES_MODE_CTR, crd->crd_flags & CRD_F_ENCRYPT); + + if (err < 0) + { + return err; + } + + break; +#endif case CRYPTO_SHA1: case CRYPTO_SHA2_256: if ((crp->crp_etype = hash(crp, crd, data, @@ -698,6 +746,10 @@ void hwcr_init(void) algs[CRYPTO_SHA2_256] = CRYPTO_ALG_FLAG_SUPPORTED; algs[CRYPTO_SHA1_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED; algs[CRYPTO_SHA2_256_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED; +#ifdef CONFIG_CRYPTO_AES + algs[CRYPTO_AES_CBC] = CRYPTO_ALG_FLAG_SUPPORTED; + algs[CRYPTO_AES_CTR] = CRYPTO_ALG_FLAG_SUPPORTED; +#endif esp_sha_init(); crypto_register(hwcr_id, algs, esp_newsession, diff --git a/arch/risc-v/src/esp32c3/hal_esp32c3.mk b/arch/risc-v/src/esp32c3/hal_esp32c3.mk index bf1a8d4555d..a5dd89601f5 100644 --- a/arch/risc-v/src/esp32c3/hal_esp32c3.mk +++ b/arch/risc-v/src/esp32c3/hal_esp32c3.mk @@ -244,6 +244,7 @@ CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_ CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_hal_ana_conv$(DELIM)adc_oneshot_hal.c CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_hal_pmu$(DELIM)brownout_hal.c CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_hal_pmu$(DELIM)$(CHIP_SERIES)$(DELIM)rtc_cntl_hal.c +CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_hal_security$(DELIM)aes_hal.c CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_hal_security$(DELIM)hmac_hal.c CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)hal$(DELIM)cache_hal.c CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)hal$(DELIM)efuse_hal.c diff --git a/arch/risc-v/src/esp32c6/hal_esp32c6.mk b/arch/risc-v/src/esp32c6/hal_esp32c6.mk index e7835860f51..fe0a60cbc5b 100644 --- a/arch/risc-v/src/esp32c6/hal_esp32c6.mk +++ b/arch/risc-v/src/esp32c6/hal_esp32c6.mk @@ -268,6 +268,7 @@ CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_ CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_system$(DELIM)port$(DELIM)soc$(DELIM)$(CHIP_SERIES)$(DELIM)system_internal.c CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_hal_ana_conv$(DELIM)adc_hal_common.c CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_hal_ana_conv$(DELIM)adc_oneshot_hal.c +CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_hal_security$(DELIM)aes_hal.c CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_hal_security$(DELIM)apm_hal.c CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_hal_security$(DELIM)hmac_hal.c CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_hal_pmu$(DELIM)brownout_hal.c diff --git a/arch/risc-v/src/esp32h2/hal_esp32h2.mk b/arch/risc-v/src/esp32h2/hal_esp32h2.mk index ab23be666c1..d7763da5a9a 100644 --- a/arch/risc-v/src/esp32h2/hal_esp32h2.mk +++ b/arch/risc-v/src/esp32h2/hal_esp32h2.mk @@ -251,6 +251,7 @@ CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_ CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_hal_ana_conv$(DELIM)adc_oneshot_hal.c CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_hal_security$(DELIM)apm_hal.c CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_hal_pmu$(DELIM)brownout_hal.c +CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_hal_security$(DELIM)aes_hal.c CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_hal_security$(DELIM)hmac_hal.c CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)hal$(DELIM)cache_hal.c CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)hal$(DELIM)efuse_hal.c diff --git a/arch/risc-v/src/esp32p4/hal_esp32p4.mk b/arch/risc-v/src/esp32p4/hal_esp32p4.mk index 3a8bbc5e4a0..eeed9682622 100644 --- a/arch/risc-v/src/esp32p4/hal_esp32p4.mk +++ b/arch/risc-v/src/esp32p4/hal_esp32p4.mk @@ -189,6 +189,7 @@ CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_ CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_hal_ana_conv$(DELIM)$(CHIP_SERIES)$(DELIM)temperature_sensor_periph.c CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_hal_ana_conv$(DELIM)adc_hal_common.c CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_hal_ana_conv$(DELIM)adc_oneshot_hal.c +CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_hal_security$(DELIM)aes_hal.c CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_hal_clock$(DELIM)$(CHIP_SERIES)$(DELIM)clk_tree_hal.c CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_hal_dma$(DELIM)$(CHIP_SERIES)$(DELIM)gdma_periph.c CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_hal_dma$(DELIM)gdma_hal_ahb_v2.c
