diff --git a/components/mbedtls/CMakeLists.txt b/components/mbedtls/CMakeLists.txt index 881c34b5ab..bb1c11f8df 100644 --- a/components/mbedtls/CMakeLists.txt +++ b/components/mbedtls/CMakeLists.txt @@ -219,7 +219,7 @@ if(CONFIG_MBEDTLS_HARDWARE_SHA) ) endif() -if(CONFIG_MBEDTLS_HARDWARE_GCM) +if(CONFIG_MBEDTLS_HARDWARE_GCM OR (NOT CONFIG_SOC_AES_SUPPORT_GCM AND CONFIG_MBEDTLS_HARDWARE_AES)) target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/aes/esp_aes_gcm.c") endif() diff --git a/components/mbedtls/port/aes/esp_aes_gcm.c b/components/mbedtls/port/aes/esp_aes_gcm.c index fea793ada1..6a5627b7c3 100644 --- a/components/mbedtls/port/aes/esp_aes_gcm.c +++ b/components/mbedtls/port/aes/esp_aes_gcm.c @@ -16,7 +16,6 @@ */ #include "soc/soc_caps.h" -#if SOC_AES_SUPPORT_GCM #include "aes/esp_aes.h" #include "aes/esp_aes_gcm.h" @@ -362,6 +361,7 @@ int esp_aes_gcm_starts( esp_gcm_context *ctx, /* H and the lookup table are only generated once per ctx */ if (ctx->gcm_state == ESP_AES_GCM_STATE_INIT) { /* Lock the AES engine to calculate ghash key H in hardware */ +#if SOC_AES_SUPPORT_GCM esp_aes_acquire_hardware(); ctx->aes_ctx.key_in_hardware = aes_hal_setkey(ctx->aes_ctx.key, ctx->aes_ctx.key_bytes, mode); aes_hal_mode_init(ESP_AES_BLOCK_MODE_GCM); @@ -369,7 +369,10 @@ int esp_aes_gcm_starts( esp_gcm_context *ctx, aes_hal_gcm_calc_hash(ctx->H); esp_aes_release_hardware(); - +#else + memset(ctx->H, 0, sizeof(ctx->H)); + esp_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ctx->H, ctx->H); +#endif gcm_gen_table(ctx); } @@ -512,6 +515,7 @@ int esp_aes_gcm_finish( esp_gcm_context *ctx, return 0; } +#if SOC_AES_SUPPORT_GCM /* Due to restrictions in the hardware (e.g. need to do the whole conversion in one go), some combinations of inputs are not supported */ static bool esp_aes_gcm_input_support_hw_accel(size_t length, const unsigned char *aad, size_t aad_len, @@ -541,6 +545,7 @@ static bool esp_aes_gcm_input_support_hw_accel(size_t length, const unsigned cha return support_hw_accel; } +#endif static int esp_aes_gcm_crypt_and_tag_partial_hw( esp_gcm_context *ctx, int mode, @@ -588,6 +593,7 @@ int esp_aes_gcm_crypt_and_tag( esp_gcm_context *ctx, size_t tag_len, unsigned char *tag ) { +#if SOC_AES_SUPPORT_GCM int ret; lldesc_t aad_desc[2] = {}; lldesc_t *aad_head_desc = NULL; @@ -686,6 +692,9 @@ int esp_aes_gcm_crypt_and_tag( esp_gcm_context *ctx, esp_aes_release_hardware(); return ( ret ); +#else + return esp_aes_gcm_crypt_and_tag_partial_hw(ctx, mode, length, iv, iv_len, aad, aad_len, input, output, tag_len, tag); +#endif } @@ -723,5 +732,3 @@ int esp_aes_gcm_auth_decrypt( esp_gcm_context *ctx, return ( 0 ); } - -#endif //SOC_AES_SUPPORT_GCM diff --git a/components/mbedtls/port/include/gcm_alt.h b/components/mbedtls/port/include/gcm_alt.h index c4aa7c9925..f76970944b 100644 --- a/components/mbedtls/port/include/gcm_alt.h +++ b/components/mbedtls/port/include/gcm_alt.h @@ -18,7 +18,7 @@ extern "C" { #if defined(MBEDTLS_GCM_ALT) -#if SOC_AES_SUPPORT_GCM + #include "aes/esp_aes_gcm.h" @@ -34,8 +34,6 @@ typedef esp_gcm_context mbedtls_gcm_context; #define mbedtls_gcm_auth_decrypt esp_aes_gcm_auth_decrypt #define mbedtls_gcm_crypt_and_tag esp_aes_gcm_crypt_and_tag -#endif // SOC_AES_SUPPORT_GCM - #endif /* MBEDTLS_GCM_ALT */ #ifdef __cplusplus diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h index 4a8387ba8b..a04c62bb43 100644 --- a/components/mbedtls/port/include/mbedtls/esp_config.h +++ b/components/mbedtls/port/include/mbedtls/esp_config.h @@ -137,10 +137,8 @@ #undef MBEDTLS_AES_ALT #endif -#ifdef CONFIG_MBEDTLS_HARDWARE_GCM +#ifdef CONFIG_MBEDTLS_HARDWARE_AES #define MBEDTLS_GCM_ALT -#else -#undef MBEDTLS_GCM_ALT #endif /* MBEDTLS_SHAxx_ALT to enable hardware SHA support diff --git a/components/mbedtls/test_apps/main/test_aes_gcm.c b/components/mbedtls/test_apps/main/test_aes_gcm.c index 48658eb3ae..3d181fd8bb 100644 --- a/components/mbedtls/test_apps/main/test_aes_gcm.c +++ b/components/mbedtls/test_apps/main/test_aes_gcm.c @@ -17,7 +17,7 @@ #include "ccomp_timer.h" #include "sys/param.h" -#if CONFIG_MBEDTLS_HARDWARE_GCM +#if CONFIG_MBEDTLS_HARDWARE_AES /* Python example code for generating test vectors @@ -830,4 +830,4 @@ TEST_CASE("mbedtls AES GCM - Combine different IV/Key/Plaintext/AAD lengths", "[ } } -#endif //CONFIG_MBEDTLS_HARDWARE_GCM +#endif //CONFIG_MBEDTLS_HARDWARE_AES