From a6012c9e5ae60c55216efdc9fcc4ac77454b1ddd Mon Sep 17 00:00:00 2001 From: "harshal.patil" Date: Mon, 30 Oct 2023 17:03:02 +0530 Subject: [PATCH] feat(mbedtls/aes): add AES peripheral support for esp32p4 --- components/hal/esp32p4/include/hal/aes_ll.h | 225 ++++++++++++++++++ components/mbedtls/port/aes/dma/esp_aes.c | 29 ++- .../esp32p4/include/soc/Kconfig.soc_caps.in | 4 + components/soc/esp32p4/include/soc/soc_caps.h | 2 +- 4 files changed, 250 insertions(+), 10 deletions(-) create mode 100644 components/hal/esp32p4/include/hal/aes_ll.h diff --git a/components/hal/esp32p4/include/hal/aes_ll.h b/components/hal/esp32p4/include/hal/aes_ll.h new file mode 100644 index 0000000000..031baf2055 --- /dev/null +++ b/components/hal/esp32p4/include/hal/aes_ll.h @@ -0,0 +1,225 @@ +/* + * SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ + +#pragma once + +#include +#include +#include "soc/hwcrypto_reg.h" +#include "hal/aes_types.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief State of AES accelerator, busy, idle or done + * + */ +typedef enum { + ESP_AES_STATE_IDLE = 0, /* AES accelerator is idle */ + ESP_AES_STATE_BUSY, /* Transform in progress */ + ESP_AES_STATE_DONE, /* Transform completed */ +} esp_aes_state_t; + + +/** + * @brief Write the encryption/decryption key to hardware + * + * @param key Key to be written to the AES hardware + * @param key_word_len Number of words in the key + * + * @return Number of bytes written to hardware, used for fault injection check + */ +static inline uint8_t aes_ll_write_key(const uint8_t *key, size_t key_word_len) +{ + /* This variable is used for fault injection checks, so marked volatile to avoid optimisation */ + volatile uint8_t key_in_hardware = 0; + /* Memcpy to avoid potential unaligned access */ + uint32_t key_word; + for (int i = 0; i < key_word_len; i++) { + memcpy(&key_word, key + 4 * i, 4); + REG_WRITE(AES_KEY_0_REG + i * 4, key_word); + key_in_hardware += 4; + } + return key_in_hardware; +} + +/** + * @brief Sets the mode + * + * @param mode ESP_AES_ENCRYPT = 1, or ESP_AES_DECRYPT = 0 + * @param key_bytes Number of bytes in the key + */ +static inline void aes_ll_set_mode(int mode, uint8_t key_bytes) +{ + const uint32_t MODE_DECRYPT_BIT = 4; + unsigned mode_reg_base = (mode == ESP_AES_ENCRYPT) ? 0 : MODE_DECRYPT_BIT; + + /* See TRM for the mapping between keylength and mode bit */ + REG_WRITE(AES_MODE_REG, mode_reg_base + ((key_bytes / 8) - 2)); +} + +/** + * @brief Writes message block to AES hardware + * + * @param input Block to be written + */ +static inline void aes_ll_write_block(const void *input) +{ + uint32_t input_word; + + for (int i = 0; i < AES_BLOCK_WORDS; i++) { + memcpy(&input_word, (uint8_t*)input + 4 * i, 4); + REG_WRITE(AES_TEXT_IN_0_REG + i * 4, input_word); + } +} + +/** + * @brief Read the AES block + * + * @param output the output of the transform, length = AES_BLOCK_BYTES + */ +static inline void aes_ll_read_block(void *output) +{ + uint32_t output_word; + const size_t REG_WIDTH = sizeof(uint32_t); + + for (size_t i = 0; i < AES_BLOCK_WORDS; i++) { + output_word = REG_READ(AES_TEXT_OUT_0_REG + (i * REG_WIDTH)); + /* Memcpy to avoid potential unaligned access */ + memcpy( (uint8_t*)output + i * 4, &output_word, sizeof(output_word)); + } +} + +/** + * @brief Starts block transform + * + */ +static inline void aes_ll_start_transform(void) +{ + REG_WRITE(AES_TRIGGER_REG, 1); +} + + +/** + * @brief Read state of AES accelerator + * + * @return esp_aes_state_t + */ +static inline esp_aes_state_t aes_ll_get_state(void) +{ + return (esp_aes_state_t)REG_READ(AES_STATE_REG); +} + + +/** + * @brief Set mode of operation + * + * @note Only used for DMA transforms + * + * @param mode + */ +static inline void aes_ll_set_block_mode(esp_aes_mode_t mode) +{ + REG_WRITE(AES_BLOCK_MODE_REG, mode); +} + +/** + * @brief Set AES-CTR counter to INC32 + * + * @note Only affects AES-CTR mode + * + */ +static inline void aes_ll_set_inc(void) +{ + REG_WRITE(AES_INC_SEL_REG, 0); +} + +/** + * @brief Release the DMA + * + */ +static inline void aes_ll_dma_exit(void) +{ + REG_WRITE(AES_DMA_EXIT_REG, 0); +} + +/** + * @brief Sets the number of blocks to be transformed + * + * @note Only used for DMA transforms + * + * @param num_blocks Number of blocks to transform + */ +static inline void aes_ll_set_num_blocks(size_t num_blocks) +{ + REG_WRITE(AES_BLOCK_NUM_REG, num_blocks); +} + +/* + * Write IV to hardware iv registers + */ +static inline void aes_ll_set_iv(const uint8_t *iv) +{ + uint32_t *reg_addr_buf = (uint32_t *)(AES_IV_MEM); + uint32_t iv_word; + + for (int i = 0; i < IV_WORDS; i++ ) { + /* Memcpy to avoid potential unaligned access */ + memcpy(&iv_word, iv + 4 * i, sizeof(iv_word)); + REG_WRITE(®_addr_buf[i], iv_word); + } +} + +/* + * Read IV from hardware iv registers + */ +static inline void aes_ll_read_iv(uint8_t *iv) +{ + uint32_t iv_word; + const size_t REG_WIDTH = sizeof(uint32_t); + + for (size_t i = 0; i < IV_WORDS; i++) { + iv_word = REG_READ(AES_IV_MEM + (i * REG_WIDTH)); + /* Memcpy to avoid potential unaligned access */ + memcpy(iv + i * 4, &iv_word, sizeof(iv_word)); + } +} + +/** + * @brief Enable or disable DMA mode + * + * @param enable true to enable, false to disable. + */ +static inline void aes_ll_dma_enable(bool enable) +{ + REG_WRITE(AES_DMA_ENABLE_REG, enable); +} + +/** + * @brief Enable or disable transform completed interrupt + * + * @param enable true to enable, false to disable. + */ +static inline void aes_ll_interrupt_enable(bool enable) +{ + REG_WRITE(AES_INT_ENA_REG, enable); +} + +/** + * @brief Clears the interrupt + * + */ +static inline void aes_ll_interrupt_clear(void) +{ + REG_WRITE(AES_INT_CLEAR_REG, 1); +} + + +#ifdef __cplusplus +} +#endif diff --git a/components/mbedtls/port/aes/dma/esp_aes.c b/components/mbedtls/port/aes/dma/esp_aes.c index 9aaa327ff9..42875deaeb 100644 --- a/components/mbedtls/port/aes/dma/esp_aes.c +++ b/components/mbedtls/port/aes/dma/esp_aes.c @@ -49,6 +49,8 @@ #include "esp32s2/rom/cache.h" #elif CONFIG_IDF_TARGET_ESP32S3 #include "esp32s3/rom/cache.h" +#elif CONFIG_IDF_TARGET_ESP32P4 +#include "esp32p4/rom/cache.h" #endif #include "freertos/FreeRTOS.h" @@ -103,10 +105,10 @@ static bool s_check_dma_capable(const void *p); * * Must be in DMA capable memory, so stack is not a safe place to put them * * To avoid having to malloc/free them for every DMA operation */ -static DRAM_ATTR crypto_dma_desc_t s_stream_in_desc; -static DRAM_ATTR crypto_dma_desc_t s_stream_out_desc; -static DRAM_ATTR uint8_t s_stream_in[AES_BLOCK_BYTES]; -static DRAM_ATTR uint8_t s_stream_out[AES_BLOCK_BYTES]; +DMA_DESC_ALIGN_ATTR static DRAM_ATTR crypto_dma_desc_t s_stream_in_desc; +DMA_DESC_ALIGN_ATTR static DRAM_ATTR crypto_dma_desc_t s_stream_out_desc; +DMA_DESC_ALIGN_ATTR static DRAM_ATTR uint8_t s_stream_in[AES_BLOCK_BYTES]; +DMA_DESC_ALIGN_ATTR static DRAM_ATTR uint8_t s_stream_out[AES_BLOCK_BYTES]; /** Append a descriptor to the chain, set head if chain empty * @@ -265,7 +267,7 @@ static esp_err_t esp_aes_isr_initialise( void ) #endif // CONFIG_MBEDTLS_AES_USE_INTERRUPT /* Wait for AES hardware block operation to complete */ -static int esp_aes_dma_wait_complete(bool use_intr, crypto_dma_desc_t *output_desc) +static int esp_aes_dma_wait_complete(bool use_intr, crypto_dma_desc_t *output_desc_head, crypto_dma_desc_t *output_desc_tail) { #if defined (CONFIG_MBEDTLS_AES_USE_INTERRUPT) if (use_intr) { @@ -285,7 +287,16 @@ static int esp_aes_dma_wait_complete(bool use_intr, crypto_dma_desc_t *output_de */ aes_hal_wait_done(); - esp_aes_wait_dma_done(output_desc); +#if SOC_CACHE_INTERNAL_MEM_VIA_L1CACHE + const crypto_dma_desc_t *it = output_desc_head; + while(it != NULL) { + Cache_Invalidate_Addr(CACHE_MAP_L1_DCACHE | CACHE_MAP_L2_CACHE, (uint32_t)it->buffer, it->dw0.length); + Cache_Invalidate_Addr(CACHE_MAP_L1_DCACHE | CACHE_MAP_L2_CACHE, (uint32_t)it, sizeof(crypto_dma_desc_t)); + it = (const crypto_dma_desc_t*) it->next; + }; +#endif /* SOC_CACHE_INTERNAL_MEM_VIA_L1CACHE */ + + esp_aes_wait_dma_done(output_desc_tail); return 0; } @@ -435,7 +446,7 @@ static int esp_aes_process_dma(esp_aes_context *ctx, const unsigned char *input, crypto_dma_desc_num = dma_desc_get_required_num(block_bytes, DMA_DESCRIPTOR_BUFFER_MAX_SIZE_16B_ALIGNED); /* Allocate both in and out descriptors to save a malloc/free per function call */ - block_desc = heap_caps_calloc(crypto_dma_desc_num * 2, sizeof(crypto_dma_desc_t), MALLOC_CAP_DMA); + block_desc = heap_caps_aligned_calloc(DMA_DESC_MEM_ALIGN_SIZE, crypto_dma_desc_num * 2, sizeof(crypto_dma_desc_t), MALLOC_CAP_DMA); if (block_desc == NULL) { mbedtls_platform_zeroize(output, len); ESP_LOGE(TAG, "Failed to allocate memory"); @@ -501,7 +512,7 @@ static int esp_aes_process_dma(esp_aes_context *ctx, const unsigned char *input, aes_hal_transform_dma_start(blocks); - if (esp_aes_dma_wait_complete(use_intr, out_desc_tail) < 0) { + if (esp_aes_dma_wait_complete(use_intr, out_desc_head, out_desc_tail) < 0) { ESP_LOGE(TAG, "esp_aes_dma_wait_complete failed"); ret = -1; goto cleanup; @@ -645,7 +656,7 @@ int esp_aes_process_dma_gcm(esp_aes_context *ctx, const unsigned char *input, un aes_hal_transform_dma_gcm_start(blocks); - if (esp_aes_dma_wait_complete(use_intr, out_desc_tail) < 0) { + if (esp_aes_dma_wait_complete(use_intr, out_desc_head, out_desc_tail) < 0) { ESP_LOGE(TAG, "esp_aes_dma_wait_complete failed"); ret = -1; goto cleanup; diff --git a/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in b/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in index 5460a2551c..b36f3ed040 100644 --- a/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in @@ -131,6 +131,10 @@ config SOC_SYSTIMER_SUPPORTED bool default y +config SOC_AES_SUPPORTED + bool + default y + config SOC_MPI_SUPPORTED bool default y diff --git a/components/soc/esp32p4/include/soc/soc_caps.h b/components/soc/esp32p4/include/soc/soc_caps.h index 9fd1a1855b..cf7f454936 100644 --- a/components/soc/esp32p4/include/soc/soc_caps.h +++ b/components/soc/esp32p4/include/soc/soc_caps.h @@ -55,7 +55,7 @@ #define SOC_LEDC_SUPPORTED 1 #define SOC_I2C_SUPPORTED 1 #define SOC_SYSTIMER_SUPPORTED 1 -// #define SOC_AES_SUPPORTED 1 //TODO: IDF-6519 +#define SOC_AES_SUPPORTED 1 #define SOC_MPI_SUPPORTED 1 // #define SOC_SHA_SUPPORTED 1 //TODO: IDF-7541 #define SOC_HMAC_SUPPORTED 1