eren-terzioglu opened a new pull request, #18544: URL: https://github.com/apache/nuttx/pull/18544
## Summary <!-- This field should contain a summary of the changes. It will be pre-filled with the commit's message and descriptions. Adjust it accordingly --> * Docs/platforms/espressif: Add AES support docs Add AES support docs for esp32s2 * boards/xtensa/espressif: Add AES accelerator board support Add AES accelerator board support for esp32[-s2|-s3] * arch/xtensa/espressif: Add AES accelerator support Add AES accelerator support for esp32[-s2|-s3] * Docs/platforms/espressif: Add AES support docs Add AES support docs for esp32[-c3|-c6|-h2] * boards/risc-v/espressif: Add AES accelerator board support Add AES accelerator board support for esp32[-c3|-c6|-h2] * arch/risc-v/espressif: Add AES accelerator support Add AES accelerator support for esp32[-c3|-c6|-h2] ## Impact <!-- Please fill the following sections with YES/NO and provide a brief explanation --> Impact on user: No <!-- Does it impact user's applications? How? --> Impact on build: No <!-- Does it impact on building NuttX? How? (please describe the required changes on the build system) --> Impact on hardware: Yes, AES accelerator support added <!-- Does it impact a specific hardware supported by NuttX? --> Impact on documentation: Yes, related docs added <!-- Does it impact the existing documentation? Please provide additional documentation to reflect that --> Impact on security: No <!-- Does it impact NuttX's security? --> Impact on compatibility: No <!-- Does it impact compatibility between previous and current versions? Is this a breaking change? --> ## Testing <!-- Please provide all the testing procedure. Consider that upstream reviewers should be able to reproduce the same testing performed internally --> `crypto` defconfig used with following options ``` CONFIG_ESPRESSIF_AES_ACCELERATOR=y CONFIG_CRYPTO_AES=y CONFIG_CRYPTO_AES192_DISABLE=y CONFIG_CRYPTO_ALGTEST=y CONFIG_DEBUG_CRYPTO=y CONFIG_DEBUG_CRYPTO_ERROR=y CONFIG_DEBUG_CRYPTO_INFO=y CONFIG_DEBUG_CRYPTO_WARN=y CONFIG_TESTING_CRYPTO_AES_CBC=y CONFIG_TESTING_CRYPTO_AES_CTR=y CONFIG_DEBUG_FEATURES=y ``` ### Building <!-- Provide how to build the test for each SoC being tested --> Here is command for build ``` make -j distclean && ./tools/configure.sh esp32c6-devkitc:crypto && kconfig-tweak -e ESPRESSIF_AES_ACCELERATOR && kconfig-tweak -e DEBUG_FEATURES && kconfig-tweak -e CRYPTO_AES && kconfig-tweak -e CRYPTO_AES192_DISABLE && kconfig-tweak -e TESTING_CRYPTO_AES_CBC && kconfig-tweak -e TESTING_CRYPTO_AES_CTR && kconfig-tweak -e CRYPTO_ALGTEST && kconfig-tweak -e DEBUG_CRYPTO && kconfig-tweak -e DEBUG_CRYPTO_ERROR && kconfig-tweak -e DEBUG_CRYPTO_INFO && kconfig-tweak -e DEBUG_CRYPTO_WARN && make olddefconfig && make -j ``` ### Running <!-- Provide how to run the test for each SoC being tested --> A few methods used to test: - Test during system init (which enabled with `CONFIG_CRYPTO_ALGTEST`) - `aescbc` and `aesctr` commands - Custom app Here is the code of custom app (same code can be found on [esp32s3_aes.c](https://github.com/apache/nuttx/blob/master/arch/xtensa/src/esp32s3/esp32s3_aes.c#L1065-L1080) [file](https://github.com/apache/nuttx/blob/master/arch/xtensa/src/esp32s3/esp32s3_aes.c#L161-L562)): ``` static void esp_aes_ecb_test(void) { int ret; int i; int keybits; uint8_t encrypt_buf[16]; uint8_t decrypt_buf[16]; struct esp_aes_s aes; const int size = 16; const uint32_t input[8] = { 0x740fdb34, 0x002defca, 0xb042437b, 0xc2f42cf9, 0xc64444be, 0x32365bc1, 0xb613cfa2, 0x15ce0d23 }; const uint32_t key[16] = { 0x8ffdc2c5, 0x14d6c69d, 0x9cb7608f, 0x899b2472, 0xbf9e4372, 0x855290d0, 0xc62753da, 0xdeedeab7 }; const uint32_t result[2][4] = { /* keybits = 128 */ { 0xc810df2a, 0x8ae67e6e, 0x50c5e32c, 0xd535f3e4 }, /* keybits = 256 */ { 0xa0714c2b, 0x356adb1f, 0xe905c243, 0x35195a7c } }; for (i = 0; i < 2; i++) { keybits = i * 128 + 128; ret = esp_aes_setkey(&aes, key, keybits); DEBUGASSERT(ret == 0); ret = esp_aes_ecb_cypher(&aes, 1, input, encrypt_buf, size); DEBUGASSERT(ret == 0); if (memcmp(encrypt_buf, result[i], size)) { DEBUGASSERT(0); } ret = esp_aes_ecb_cypher(&aes, 0, encrypt_buf, decrypt_buf, size); DEBUGASSERT(ret == 0); if (memcmp(decrypt_buf, input, size)) { DEBUGASSERT(0); } syslog(LOG_INFO, "AES ECB key=%d bits test: PASS\n", keybits); } } static void esp_aes_cbc_test(void) { int ret; int i; int keybits; uint8_t encrypt_buf[32]; uint8_t decrypt_buf[32]; uint8_t iv_buf[16]; struct esp_aes_s aes; const int size = 32; const uint32_t input[8] = { 0x740fdb34, 0x002defca, 0xb042437b, 0xc2f42cf9, 0xc64444be, 0x32365bc1, 0xb613cfa2, 0x15ce0d23 }; const uint32_t key[16] = { 0x8ffdc2c5, 0x14d6c69d, 0x9cb7608f, 0x899b2472, 0xbf9e4372, 0x855290d0, 0xc62753da, 0xdeedeab7 }; const uint32_t iv[4] = { 0xf53a50f2, 0x8aaf711d, 0x953bbbfa, 0x228d53cb }; const uint32_t result[2][8] = { /* keybits = 128 */ { 0x04e27d12, 0x1a91e508, 0x01092431, 0x9d572184, 0xa39979e1, 0x5543e1bc, 0x7173b71d, 0x4e3be064 }, /* keybits = 256 */ { 0x6f36b8fe, 0x33bc1f37, 0x24fe659c, 0x0370def0, 0xb9a852f8, 0x64a79ae2, 0xd59f5045, 0x648a0f44 } }; for (i = 0; i < 2; i++) { keybits = i * 128 + 128; ret = esp_aes_setkey(&aes, key, keybits); DEBUGASSERT(ret == 0); memcpy(iv_buf, iv, 16); ret = esp_aes_cbc_cypher(&aes, 1, iv_buf, input, encrypt_buf, size); DEBUGASSERT(ret == 0); if (memcmp(encrypt_buf, result[i], size)) { DEBUGASSERT(0); } memcpy(iv_buf, iv, 16); ret = esp_aes_cbc_cypher(&aes, 0, iv_buf, encrypt_buf, decrypt_buf, size); DEBUGASSERT(ret == 0); if (memcmp(decrypt_buf, input, size)) { DEBUGASSERT(0); } syslog(LOG_INFO, "AES CBC key=%d bits test: PASS\n", keybits); } } static void esp_aes_ctr_test(void) { int ret; int i; int keybits; uint8_t encrypt_buf[32]; uint8_t decrypt_buf[32]; uint8_t cnt_buf[16]; uint8_t cache_buf[16]; uint32_t nc_off; struct esp_aes_s aes; const int size = 32; const uint32_t input[8] = { 0x740fdb34, 0x002defca, 0xb042437b, 0xc2f42cf9, 0xc64444be, 0x32365bc1, 0xb613cfa2, 0x15ce0d23 }; const uint32_t key[16] = { 0x8ffdc2c5, 0x14d6c69d, 0x9cb7608f, 0x899b2472, 0xbf9e4372, 0x855290d0, 0xc62753da, 0xdeedeab7 }; const uint32_t cnt[4] = { 0xf53a50f2, 0x8aaf711d, 0x953bbbfa, 0x228d53cb }; const uint32_t result[2][8] = { /* keybits = 128 */ { 0x5f922338, 0x5aff403d, 0x45fede3f, 0x616568c6, 0x3cd0ffc7, 0xa26cb704, 0x0aaa8b6a, 0x1d0b5e1c }, /* keybits = 256 */ { 0x70af4473, 0x597d2126, 0xd598ed09, 0x3fea540c, 0xfb5c743c, 0x0c1a39ca, 0xcbcf2d17, 0x341a7a0c } }; for (i = 0; i < 2; i++) { keybits = i * 128 + 128; ret = esp_aes_setkey(&aes, key, keybits); DEBUGASSERT(ret == 0); nc_off = 0; memcpy(cnt_buf, cnt, 16); ret = esp_aes_ctr_cypher(&aes, &nc_off, cnt_buf, cache_buf, input, encrypt_buf, size); DEBUGASSERT(ret == 0); if (memcmp(encrypt_buf, result[i], size)) { DEBUGASSERT(0); } nc_off = 0; memcpy(cnt_buf, cnt, 16); ret = esp_aes_ctr_cypher(&aes, &nc_off, cnt_buf, cache_buf, encrypt_buf, decrypt_buf, size); DEBUGASSERT(ret == 0); if (memcmp(decrypt_buf, input, size)) { DEBUGASSERT(0); } syslog(LOG_INFO, "AES CTR key=%d bits test: PASS\n", keybits); } } void esp_aes_test(void) { syslog(LOG_INFO, "\nAES hardware accelerate test.\n"); esp_aes_ecb_test(); esp_aes_cbc_test(); esp_aes_ctr_test(); syslog(LOG_INFO, "\nAES hardware accelerate test done.\n"); } ``` ### Results <!-- Provide tests' results and runtime logs --> Output looked like this: ``` ... up_cryptoinitialize: crypto test OK NuttShell (NSH) NuttX-10.4.0 nsh> aescbc aescbc test ok nsh> aesctr OK test vector 0 OK test vector 1 OK test vector 2 ... OK test vector 6 OK test vector 7 OK test vector 8 # Custom app report AES hardware accelerate test. AES ECB key=128 bits test: PASS AES ECB key=256 bits test: PASS AES CBC key=128 bits test: PASS AES CBC key=256 bits test: PASS AES CTR key=128 bits test: PASS AES CTR key=256 bits test: PASS AES hardware accelerate test done. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
