From 38f13b15d3e4f7499c689814d0f96357984b38e2 Mon Sep 17 00:00:00 2001 From: "harshal.patil" Date: Wed, 27 Dec 2023 12:19:36 +0530 Subject: [PATCH 1/2] fix(mbedtls/gcm): Fix build failure when config MBEDTLS_HARDWARE_GCM is disabled --- components/mbedtls/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/mbedtls/CMakeLists.txt b/components/mbedtls/CMakeLists.txt index 0726b0da97..fbe75b4d30 100644 --- a/components/mbedtls/CMakeLists.txt +++ b/components/mbedtls/CMakeLists.txt @@ -234,7 +234,7 @@ if(CONFIG_MBEDTLS_HARDWARE_SHA) ) endif() -if(CONFIG_MBEDTLS_HARDWARE_GCM OR (NOT CONFIG_SOC_AES_SUPPORT_GCM AND CONFIG_MBEDTLS_HARDWARE_AES)) +if(CONFIG_MBEDTLS_HARDWARE_GCM OR CONFIG_MBEDTLS_HARDWARE_AES) target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/aes/esp_aes_gcm.c") endif() From 5862b981ed852edcb26e9ea2a602e1c37f1590cb Mon Sep 17 00:00:00 2001 From: "harshal.patil" Date: Wed, 27 Dec 2023 12:54:05 +0530 Subject: [PATCH 2/2] fix(mbedtls/gcm): Avoid using GCM hardware when config MBEDTLS_HARDWARE_GCM is disabled --- components/mbedtls/port/aes/dma/esp_aes.c | 8 ++------ components/mbedtls/port/aes/esp_aes_gcm.c | 6 +++--- 2 files changed, 5 insertions(+), 9 deletions(-) diff --git a/components/mbedtls/port/aes/dma/esp_aes.c b/components/mbedtls/port/aes/dma/esp_aes.c index 693586813b..c2e4d33e10 100644 --- a/components/mbedtls/port/aes/dma/esp_aes.c +++ b/components/mbedtls/port/aes/dma/esp_aes.c @@ -53,10 +53,6 @@ #include "freertos/FreeRTOS.h" #include "freertos/semphr.h" -#if SOC_AES_SUPPORT_GCM -#include "aes/esp_aes_gcm.h" -#endif - #if SOC_AES_GDMA #define AES_LOCK() esp_crypto_sha_aes_lock_acquire() #define AES_RELEASE() esp_crypto_sha_aes_lock_release() @@ -488,7 +484,7 @@ cleanup: } -#if SOC_AES_SUPPORT_GCM +#if CONFIG_MBEDTLS_HARDWARE_GCM /* Encrypt/decrypt with AES-GCM the input using DMA * The function esp_aes_process_dma_gcm zeroises the output buffer in the case of following conditions: @@ -623,7 +619,7 @@ cleanup: return ret; } -#endif //SOC_AES_SUPPORT_GCM +#endif //CONFIG_MBEDTLS_HARDWARE_GCM static int esp_aes_validate_input(esp_aes_context *ctx, const unsigned char *input, unsigned char *output ) diff --git a/components/mbedtls/port/aes/esp_aes_gcm.c b/components/mbedtls/port/aes/esp_aes_gcm.c index c91b4fdce1..0ed37cb276 100644 --- a/components/mbedtls/port/aes/esp_aes_gcm.c +++ b/components/mbedtls/port/aes/esp_aes_gcm.c @@ -371,7 +371,7 @@ int esp_aes_gcm_starts( esp_gcm_context *ctx, /* H and the lookup table are only generated once per ctx */ if (ctx->gcm_state == ESP_AES_GCM_STATE_INIT) { /* Lock the AES engine to calculate ghash key H in hardware */ -#if SOC_AES_SUPPORT_GCM +#if CONFIG_MBEDTLS_HARDWARE_GCM esp_aes_acquire_hardware(); ctx->aes_ctx.key_in_hardware = aes_hal_setkey(ctx->aes_ctx.key, ctx->aes_ctx.key_bytes, mode); aes_hal_mode_init(ESP_AES_BLOCK_MODE_GCM); @@ -529,7 +529,7 @@ int esp_aes_gcm_finish( esp_gcm_context *ctx, return esp_aes_crypt_ctr(&ctx->aes_ctx, tag_len, &nc_off, ctx->ori_j0, stream, ctx->ghash, tag); } -#if SOC_AES_SUPPORT_GCM +#if CONFIG_MBEDTLS_HARDWARE_GCM /* Due to restrictions in the hardware (e.g. need to do the whole conversion in one go), some combinations of inputs are not supported */ static bool esp_aes_gcm_input_support_hw_accel(size_t length, const unsigned char *aad, size_t aad_len, @@ -607,7 +607,7 @@ int esp_aes_gcm_crypt_and_tag( esp_gcm_context *ctx, size_t tag_len, unsigned char *tag ) { -#if SOC_AES_SUPPORT_GCM +#if CONFIG_MBEDTLS_HARDWARE_GCM int ret; lldesc_t aad_desc[2] = {}; lldesc_t *aad_head_desc = NULL;