mbedtls: GCM implementation is replaced with CTR-based calculation

- GCM operation in mbedtls used ECB, which calculated only 16 bytes of data each time.
	- Therefore, when processing a large amount of data, it is necessary to frequently set hardware acceleration calculations,
	- which could not make good use of the AES DMA function to improve efficiency.
	- Hence, GCM implementation is replaced with CTR-based calculation which utilizes AES DMA to improve efficiency.

components/mbedtls/CMakeLists.txt

@@ -219,7 +219,7 @@ if(CONFIG_MBEDTLS_HARDWARE_SHA)
     )
 endif()
 
-if(CONFIG_MBEDTLS_HARDWARE_GCM)
+if(CONFIG_MBEDTLS_HARDWARE_GCM OR (NOT CONFIG_SOC_AES_SUPPORT_GCM AND CONFIG_MBEDTLS_HARDWARE_AES))
     target_sources(mbedcrypto PRIVATE  "${COMPONENT_DIR}/port/aes/esp_aes_gcm.c")
 endif()
 

components/mbedtls/port/aes/esp_aes_gcm.c

@@ -16,7 +16,6 @@
  */
 #include "soc/soc_caps.h"
 
-#if SOC_AES_SUPPORT_GCM
 
 #include "aes/esp_aes.h"
 #include "aes/esp_aes_gcm.h"
@@ -362,6 +361,7 @@ int esp_aes_gcm_starts( esp_gcm_context *ctx,
     /* H and the lookup table are only generated once per ctx */
     if (ctx->gcm_state == ESP_AES_GCM_STATE_INIT) {
         /* Lock the AES engine to calculate ghash key H in hardware */
+#if SOC_AES_SUPPORT_GCM
         esp_aes_acquire_hardware();
         ctx->aes_ctx.key_in_hardware = aes_hal_setkey(ctx->aes_ctx.key, ctx->aes_ctx.key_bytes, mode);
         aes_hal_mode_init(ESP_AES_BLOCK_MODE_GCM);
@@ -369,7 +369,10 @@ int esp_aes_gcm_starts( esp_gcm_context *ctx,
         aes_hal_gcm_calc_hash(ctx->H);
 
         esp_aes_release_hardware();
-
+#else
+        memset(ctx->H, 0, sizeof(ctx->H));
+        esp_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ctx->H, ctx->H);
+#endif
         gcm_gen_table(ctx);
     }
 
@@ -512,6 +515,7 @@ int esp_aes_gcm_finish( esp_gcm_context *ctx,
     return 0;
 }
 
+#if SOC_AES_SUPPORT_GCM
 /* Due to restrictions in the hardware (e.g. need to do the whole conversion in one go),
    some combinations of inputs are not supported */
 static bool esp_aes_gcm_input_support_hw_accel(size_t length, const unsigned char *aad, size_t aad_len,
@@ -541,6 +545,7 @@ static bool esp_aes_gcm_input_support_hw_accel(size_t length, const unsigned cha
 
     return support_hw_accel;
 }
+#endif
 
 static int esp_aes_gcm_crypt_and_tag_partial_hw( esp_gcm_context *ctx,
         int mode,
@@ -588,6 +593,7 @@ int esp_aes_gcm_crypt_and_tag( esp_gcm_context *ctx,
                                size_t tag_len,
                                unsigned char *tag )
 {
+#if SOC_AES_SUPPORT_GCM
     int ret;
     lldesc_t aad_desc[2] = {};
     lldesc_t *aad_head_desc = NULL;
@@ -686,6 +692,9 @@ int esp_aes_gcm_crypt_and_tag( esp_gcm_context *ctx,
     esp_aes_release_hardware();
 
     return ( ret );
+#else
+    return esp_aes_gcm_crypt_and_tag_partial_hw(ctx, mode, length, iv, iv_len, aad, aad_len, input, output, tag_len, tag);
+#endif
 }
 
 
@@ -723,5 +732,3 @@ int esp_aes_gcm_auth_decrypt( esp_gcm_context *ctx,
 
     return ( 0 );
 }
-
-#endif //SOC_AES_SUPPORT_GCM

components/mbedtls/port/include/gcm_alt.h

@@ -18,7 +18,7 @@ extern "C" {
 
 #if defined(MBEDTLS_GCM_ALT)
 
-#if SOC_AES_SUPPORT_GCM
+
 #include "aes/esp_aes_gcm.h"
 
 
@@ -34,8 +34,6 @@ typedef esp_gcm_context mbedtls_gcm_context;
 #define mbedtls_gcm_auth_decrypt    esp_aes_gcm_auth_decrypt
 #define mbedtls_gcm_crypt_and_tag   esp_aes_gcm_crypt_and_tag
 
-#endif // SOC_AES_SUPPORT_GCM
-
 #endif /* MBEDTLS_GCM_ALT */
 
 #ifdef __cplusplus

components/mbedtls/port/include/mbedtls/esp_config.h

@@ -137,10 +137,8 @@
 #undef MBEDTLS_AES_ALT
 #endif
 
-#ifdef CONFIG_MBEDTLS_HARDWARE_GCM
+#ifdef CONFIG_MBEDTLS_HARDWARE_AES
 #define MBEDTLS_GCM_ALT
-#else
-#undef MBEDTLS_GCM_ALT
 #endif
 
 /* MBEDTLS_SHAxx_ALT to enable hardware SHA support

components/mbedtls/test_apps/main/test_aes_gcm.c

@@ -17,7 +17,7 @@
 #include "ccomp_timer.h"
 #include "sys/param.h"
 
-#if CONFIG_MBEDTLS_HARDWARE_GCM
+#if CONFIG_MBEDTLS_HARDWARE_AES
 
 /*
     Python example code for generating test vectors
@@ -830,4 +830,4 @@ TEST_CASE("mbedtls AES GCM - Combine different IV/Key/Plaintext/AAD lengths", "[
     }
 }
 
-#endif //CONFIG_MBEDTLS_HARDWARE_GCM
+#endif //CONFIG_MBEDTLS_HARDWARE_AES