feat(mbedtls/aes): add AES peripheral support for esp32p4

components/hal/esp32p4/include/hal/aes_ll.h

@@ -0,0 +1,225 @@
+/*
+ * SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#pragma once
+
+#include <stdbool.h>
+#include <string.h>
+#include "soc/hwcrypto_reg.h"
+#include "hal/aes_types.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @brief State of AES accelerator, busy, idle or done
+ *
+ */
+typedef enum {
+    ESP_AES_STATE_IDLE = 0, /* AES accelerator is idle */
+    ESP_AES_STATE_BUSY,     /* Transform in progress */
+    ESP_AES_STATE_DONE,     /* Transform completed */
+} esp_aes_state_t;
+
+
+/**
+ * @brief Write the encryption/decryption key to hardware
+ *
+ * @param key Key to be written to the AES hardware
+ * @param key_word_len Number of words in the key
+ *
+ * @return Number of bytes written to hardware, used for fault injection check
+ */
+static inline uint8_t aes_ll_write_key(const uint8_t *key, size_t key_word_len)
+{
+    /* This variable is used for fault injection checks, so marked volatile to avoid optimisation */
+    volatile uint8_t key_in_hardware = 0;
+    /* Memcpy to avoid potential unaligned access */
+    uint32_t key_word;
+    for (int i = 0; i < key_word_len; i++) {
+        memcpy(&key_word, key + 4 * i, 4);
+        REG_WRITE(AES_KEY_0_REG + i * 4,  key_word);
+        key_in_hardware += 4;
+    }
+    return key_in_hardware;
+}
+
+/**
+ * @brief Sets the mode
+ *
+ * @param mode ESP_AES_ENCRYPT = 1, or ESP_AES_DECRYPT = 0
+ * @param key_bytes Number of bytes in the key
+ */
+static inline void aes_ll_set_mode(int mode, uint8_t key_bytes)
+{
+    const uint32_t MODE_DECRYPT_BIT = 4;
+    unsigned mode_reg_base = (mode == ESP_AES_ENCRYPT) ? 0 : MODE_DECRYPT_BIT;
+
+    /* See TRM for the mapping between keylength and mode bit */
+    REG_WRITE(AES_MODE_REG, mode_reg_base + ((key_bytes / 8) - 2));
+}
+
+/**
+ * @brief Writes message block to AES hardware
+ *
+ * @param input Block to be written
+ */
+static inline void aes_ll_write_block(const void *input)
+{
+    uint32_t input_word;
+
+    for (int i = 0; i < AES_BLOCK_WORDS; i++) {
+        memcpy(&input_word, (uint8_t*)input + 4 * i, 4);
+        REG_WRITE(AES_TEXT_IN_0_REG + i * 4, input_word);
+    }
+}
+
+/**
+ * @brief Read the AES block
+ *
+ * @param output the output of the transform, length = AES_BLOCK_BYTES
+ */
+static inline void aes_ll_read_block(void *output)
+{
+    uint32_t output_word;
+    const size_t REG_WIDTH = sizeof(uint32_t);
+
+    for (size_t i = 0; i < AES_BLOCK_WORDS; i++) {
+        output_word = REG_READ(AES_TEXT_OUT_0_REG + (i * REG_WIDTH));
+        /* Memcpy to avoid potential unaligned access */
+        memcpy( (uint8_t*)output + i * 4, &output_word, sizeof(output_word));
+    }
+}
+
+/**
+ * @brief Starts block transform
+ *
+ */
+static inline void aes_ll_start_transform(void)
+{
+    REG_WRITE(AES_TRIGGER_REG, 1);
+}
+
+
+/**
+ * @brief Read state of AES accelerator
+ *
+ * @return esp_aes_state_t
+ */
+static inline esp_aes_state_t aes_ll_get_state(void)
+{
+    return (esp_aes_state_t)REG_READ(AES_STATE_REG);
+}
+
+
+/**
+ * @brief Set mode of operation
+ *
+ * @note Only used for DMA transforms
+ *
+ * @param mode
+ */
+static inline void aes_ll_set_block_mode(esp_aes_mode_t mode)
+{
+    REG_WRITE(AES_BLOCK_MODE_REG, mode);
+}
+
+/**
+ * @brief Set AES-CTR counter to INC32
+ *
+ * @note Only affects AES-CTR mode
+ *
+ */
+static inline void aes_ll_set_inc(void)
+{
+    REG_WRITE(AES_INC_SEL_REG, 0);
+}
+
+/**
+ * @brief Release the DMA
+ *
+ */
+static inline void aes_ll_dma_exit(void)
+{
+    REG_WRITE(AES_DMA_EXIT_REG, 0);
+}
+
+/**
+ * @brief Sets the number of blocks to be transformed
+ *
+ * @note Only used for DMA transforms
+ *
+ * @param num_blocks Number of blocks to transform
+ */
+static inline void aes_ll_set_num_blocks(size_t num_blocks)
+{
+    REG_WRITE(AES_BLOCK_NUM_REG, num_blocks);
+}
+
+/*
+ * Write IV to hardware iv registers
+ */
+static inline void aes_ll_set_iv(const uint8_t *iv)
+{
+    uint32_t *reg_addr_buf = (uint32_t *)(AES_IV_MEM);
+    uint32_t iv_word;
+
+    for (int i = 0; i < IV_WORDS; i++ ) {
+        /* Memcpy to avoid potential unaligned access */
+        memcpy(&iv_word, iv + 4 * i, sizeof(iv_word));
+        REG_WRITE(&reg_addr_buf[i], iv_word);
+    }
+}
+
+/*
+ * Read IV from hardware iv registers
+ */
+static inline void aes_ll_read_iv(uint8_t *iv)
+{
+    uint32_t iv_word;
+    const size_t REG_WIDTH = sizeof(uint32_t);
+
+    for (size_t i = 0; i < IV_WORDS; i++) {
+        iv_word = REG_READ(AES_IV_MEM + (i * REG_WIDTH));
+        /* Memcpy to avoid potential unaligned access */
+        memcpy(iv + i * 4, &iv_word, sizeof(iv_word));
+    }
+}
+
+/**
+ * @brief Enable or disable DMA mode
+ *
+ * @param enable true to enable, false to disable.
+ */
+static inline void aes_ll_dma_enable(bool enable)
+{
+    REG_WRITE(AES_DMA_ENABLE_REG, enable);
+}
+
+/**
+ * @brief Enable or disable transform completed interrupt
+ *
+ * @param enable true to enable, false to disable.
+ */
+static inline void aes_ll_interrupt_enable(bool enable)
+{
+    REG_WRITE(AES_INT_ENA_REG, enable);
+}
+
+/**
+ * @brief Clears the interrupt
+ *
+ */
+static inline void aes_ll_interrupt_clear(void)
+{
+    REG_WRITE(AES_INT_CLEAR_REG, 1);
+}
+
+
+#ifdef __cplusplus
+}
+#endif

components/mbedtls/port/aes/dma/esp_aes.c

@@ -49,6 +49,8 @@
 #include "esp32s2/rom/cache.h"
 #elif CONFIG_IDF_TARGET_ESP32S3
 #include "esp32s3/rom/cache.h"
+#elif CONFIG_IDF_TARGET_ESP32P4
+#include "esp32p4/rom/cache.h"
 #endif
 
 #include "freertos/FreeRTOS.h"
@@ -103,10 +105,10 @@ static bool s_check_dma_capable(const void *p);
  *  * Must be in DMA capable memory, so stack is not a safe place to put them
  *  * To avoid having to malloc/free them for every DMA operation
  */
-static DRAM_ATTR crypto_dma_desc_t s_stream_in_desc;
-static DRAM_ATTR crypto_dma_desc_t s_stream_out_desc;
-static DRAM_ATTR uint8_t s_stream_in[AES_BLOCK_BYTES];
-static DRAM_ATTR uint8_t s_stream_out[AES_BLOCK_BYTES];
+DMA_DESC_ALIGN_ATTR static DRAM_ATTR crypto_dma_desc_t s_stream_in_desc;
+DMA_DESC_ALIGN_ATTR static DRAM_ATTR crypto_dma_desc_t s_stream_out_desc;
+DMA_DESC_ALIGN_ATTR static DRAM_ATTR uint8_t s_stream_in[AES_BLOCK_BYTES];
+DMA_DESC_ALIGN_ATTR static DRAM_ATTR uint8_t s_stream_out[AES_BLOCK_BYTES];
 
 /** Append a descriptor to the chain, set head if chain empty
  *
@@ -265,7 +267,7 @@ static esp_err_t esp_aes_isr_initialise( void )
 #endif // CONFIG_MBEDTLS_AES_USE_INTERRUPT
 
 /* Wait for AES hardware block operation to complete */
-static int esp_aes_dma_wait_complete(bool use_intr, crypto_dma_desc_t *output_desc)
+static int esp_aes_dma_wait_complete(bool use_intr, crypto_dma_desc_t *output_desc_head, crypto_dma_desc_t *output_desc_tail)
 {
 #if defined (CONFIG_MBEDTLS_AES_USE_INTERRUPT)
     if (use_intr) {
@@ -285,7 +287,16 @@ static int esp_aes_dma_wait_complete(bool use_intr, crypto_dma_desc_t *output_de
     */
     aes_hal_wait_done();
 
-    esp_aes_wait_dma_done(output_desc);
+#if SOC_CACHE_INTERNAL_MEM_VIA_L1CACHE
+    const crypto_dma_desc_t *it = output_desc_head;
+    while(it != NULL) {
+        Cache_Invalidate_Addr(CACHE_MAP_L1_DCACHE | CACHE_MAP_L2_CACHE, (uint32_t)it->buffer, it->dw0.length);
+        Cache_Invalidate_Addr(CACHE_MAP_L1_DCACHE | CACHE_MAP_L2_CACHE, (uint32_t)it, sizeof(crypto_dma_desc_t));
+        it = (const crypto_dma_desc_t*) it->next;
+    };
+#endif /* SOC_CACHE_INTERNAL_MEM_VIA_L1CACHE */
+
+    esp_aes_wait_dma_done(output_desc_tail);
     return 0;
 }
 
@@ -435,7 +446,7 @@ static int esp_aes_process_dma(esp_aes_context *ctx, const unsigned char *input,
         crypto_dma_desc_num = dma_desc_get_required_num(block_bytes, DMA_DESCRIPTOR_BUFFER_MAX_SIZE_16B_ALIGNED);
 
         /* Allocate both in and out descriptors to save a malloc/free per function call */
-        block_desc = heap_caps_calloc(crypto_dma_desc_num * 2, sizeof(crypto_dma_desc_t), MALLOC_CAP_DMA);
+        block_desc = heap_caps_aligned_calloc(DMA_DESC_MEM_ALIGN_SIZE, crypto_dma_desc_num * 2, sizeof(crypto_dma_desc_t), MALLOC_CAP_DMA);
         if (block_desc == NULL) {
             mbedtls_platform_zeroize(output, len);
             ESP_LOGE(TAG, "Failed to allocate memory");
@@ -501,7 +512,7 @@ static int esp_aes_process_dma(esp_aes_context *ctx, const unsigned char *input,
 
     aes_hal_transform_dma_start(blocks);
 
-    if (esp_aes_dma_wait_complete(use_intr, out_desc_tail) < 0) {
+    if (esp_aes_dma_wait_complete(use_intr, out_desc_head, out_desc_tail) < 0) {
         ESP_LOGE(TAG, "esp_aes_dma_wait_complete failed");
         ret = -1;
         goto cleanup;
@@ -645,7 +656,7 @@ int esp_aes_process_dma_gcm(esp_aes_context *ctx, const unsigned char *input, un
 
     aes_hal_transform_dma_gcm_start(blocks);
 
-    if (esp_aes_dma_wait_complete(use_intr, out_desc_tail) < 0) {
+    if (esp_aes_dma_wait_complete(use_intr, out_desc_head, out_desc_tail) < 0) {
         ESP_LOGE(TAG, "esp_aes_dma_wait_complete failed");
         ret = -1;
         goto cleanup;

components/soc/esp32p4/include/soc/Kconfig.soc_caps.in

@@ -131,6 +131,10 @@ config SOC_SYSTIMER_SUPPORTED
     bool
     default y
 
+config SOC_AES_SUPPORTED
+    bool
+    default y
+
 config SOC_MPI_SUPPORTED
     bool
     default y

components/soc/esp32p4/include/soc/soc_caps.h

@@ -55,7 +55,7 @@
 #define SOC_LEDC_SUPPORTED              1
 #define SOC_I2C_SUPPORTED               1
 #define SOC_SYSTIMER_SUPPORTED          1
-// #define SOC_AES_SUPPORTED               1  //TODO: IDF-6519
+#define SOC_AES_SUPPORTED               1
 #define SOC_MPI_SUPPORTED               1
 // #define SOC_SHA_SUPPORTED               1  //TODO: IDF-7541
 #define SOC_HMAC_SUPPORTED              1