This is an automated email from the ASF dual-hosted git repository.
xiaoxiang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nuttx.git
The following commit(s) were added to refs/heads/master by this push:
new 70455f1890b xtensa/esp32: Add support for hardware accelerated HMAC-SHA
70455f1890b is described below
commit 70455f1890b719402bd88872d310f31d47255fa0
Author: Vlad Pruteanu <[email protected]>
AuthorDate: Tue Nov 25 23:34:58 2025 +0200
xtensa/esp32: Add support for hardware accelerated HMAC-SHA
This add support for using the cryptographic accelerator
within the ESP32 for HMAC-SHA operations. The supported
algorithms are: SHA1 and SHA512.
Signed-off-by: Vlad Pruteanu <[email protected]>
---
arch/xtensa/src/esp32/esp32_crypto.c | 129 +++++++++++++++++++++++++++++++++++
1 file changed, 129 insertions(+)
diff --git a/arch/xtensa/src/esp32/esp32_crypto.c
b/arch/xtensa/src/esp32/esp32_crypto.c
index 1bb6365d9c9..4859df6dfe0 100644
--- a/arch/xtensa/src/esp32/esp32_crypto.c
+++ b/arch/xtensa/src/esp32/esp32_crypto.c
@@ -95,6 +95,26 @@ const struct auth_hash g_auth_hash_sha2_512_esp32 =
sha_final
};
+const struct auth_hash g_auth_hash_hmac_sha1_esp32 =
+{
+ CRYPTO_SHA1_HMAC, "HMAC-SHA1",
+ 20, 20, 12, sizeof(struct esp32_sha_context_s),
+ HMAC_SHA1_BLOCK_LEN,
+ sha1_init, NULL, NULL,
+ sha_update,
+ sha_final
+};
+
+const struct auth_hash g_auth_hash_hmac_sha256_esp32 =
+{
+ CRYPTO_SHA2_256_HMAC, "HMAC-SHA2-256",
+ 32, 32, 16, sizeof(struct esp32_sha_context_s),
+ HMAC_SHA2_256_BLOCK_LEN,
+ sha256_init, NULL, NULL,
+ sha_update,
+ sha_final
+};
+
struct esp32_crypto_data
{
int alg; /* Algorithm */
@@ -287,6 +307,63 @@ static int hash(struct cryptop *crp,
return 0;
}
+/****************************************************************************
+ * Name: authcompute
+ *
+ * Description:
+ * Calculate the hash.
+ *
+ ****************************************************************************/
+
+static int authcompute(struct cryptop *crp, struct cryptodesc *crd,
+ struct esp32_crypto_data *data,
+ caddr_t buf)
+{
+ unsigned char aalg[AALG_MAX_RESULT_LEN];
+ const struct auth_hash *axf;
+ int err = 0;
+
+ axf = data->hw_axf;
+ err = axf->update(data->hw_ictx, (uint8_t *)buf, crd->crd_len);
+ if (err)
+ {
+ return err;
+ }
+
+ switch (data->alg)
+ {
+ case CRYPTO_SHA1_HMAC:
+ case CRYPTO_SHA2_256_HMAC:
+ if (data->hw_octx == NULL)
+ {
+ return -EINVAL;
+ }
+
+ axf->final(aalg, data->hw_ictx);
+
+ for (int k = 0; k < crd->crd_klen / 8; k++)
+ {
+ crd->crd_key[k] ^= HMAC_OPAD_VAL;
+ }
+
+ axf->update(data->hw_octx, (uint8_t *)crd->crd_key,
+ crd->crd_klen / 8);
+
+ axf->update(data->hw_octx, hmac_opad_buffer,
+ axf->blocksize - (crd->crd_klen / 8));
+
+ axf->update(data->hw_octx, aalg, axf->hashsize);
+ axf->final(aalg, data->hw_octx);
+
+ break;
+ }
+
+ /* Inject the authentication data */
+
+ bcopy(aalg, crp->crp_mac, axf->hashsize);
+ return 0;
+}
+
/****************************************************************************
* Name: esp32_newsession
*
@@ -396,6 +473,48 @@ static int esp32_newsession(uint32_t *sid, struct
cryptoini *cri)
axf->init(data->hw_ictx);
data->hw_axf = axf;
break;
+ case CRYPTO_SHA1_HMAC:
+ axf = &g_auth_hash_hmac_sha1_esp32;
+ goto common__hmac;
+ case CRYPTO_SHA2_256_HMAC:
+ axf = &g_auth_hash_hmac_sha256_esp32;
+ goto common__hmac;
+ common__hmac:
+ data->hw_ictx = kmm_malloc(axf->ctxsize);
+ if (data->hw_ictx == NULL)
+ {
+ kmm_free(data);
+ return -ENOBUFS;
+ }
+
+ data->hw_octx = kmm_malloc(axf->ctxsize);
+ if (data->hw_octx == NULL)
+ {
+ kmm_free(data->hw_ictx);
+ kmm_free(data);
+ return -ENOBUFS;
+ }
+
+ for (k = 0; k < cri->cri_klen / 8; k++)
+ {
+ cri->cri_key[k] ^= HMAC_IPAD_VAL;
+ }
+
+ axf->init(data->hw_ictx);
+ axf->update(data->hw_ictx, (uint8_t *)cri->cri_key,
+ cri->cri_klen / 8);
+ axf->update(data->hw_ictx, hmac_ipad_buffer,
+ axf->blocksize - (cri->cri_klen / 8));
+
+ axf->init(data->hw_octx);
+
+ for (k = 0; k < cri->cri_klen / 8; k++)
+ {
+ cri->cri_key[k] ^= HMAC_IPAD_VAL;
+ }
+
+ data->hw_axf = axf;
+ break;
default:
esp32_freesession(i);
@@ -559,6 +678,14 @@ static int esp32_process(struct cryptop *crp)
}
break;
+ case CRYPTO_SHA1_HMAC:
+ case CRYPTO_SHA2_256_HMAC:
+ if ((crp->crp_etype = authcompute(crp, crd, data,
+ crp->crp_buf)) != 0)
+ {
+ return crp->crp_etype;
+ }
+ break;
default:
return -EINVAL;
}
@@ -591,6 +718,8 @@ void hwcr_init(void)
algs[CRYPTO_SHA2_256] = CRYPTO_ALG_FLAG_SUPPORTED;
algs[CRYPTO_SHA2_384] = CRYPTO_ALG_FLAG_SUPPORTED;
algs[CRYPTO_SHA2_512] = CRYPTO_ALG_FLAG_SUPPORTED;
+ algs[CRYPTO_SHA1_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED;
+ algs[CRYPTO_SHA2_256_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED;
esp32_sha_init();
crypto_register(hwcr_id, algs, esp32_newsession,
