esp32 hwcrypto: Use AES registers directly
This commit is contained in:
Angus Gratton
Angus Gratton
parent
e256fb6d96
commit
2624e10055
|
|
@ -3,7 +3,7 @@
|
|||
* Based on mbedTLS FIPS-197 compliant version.
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE Ltd
|
||||
* Additions Copyright (C) 2016-2017, Espressif Systems (Shanghai) PTE Ltd
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
|
|
@ -26,9 +26,10 @@
|
|||
* http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
|
||||
*/
|
||||
#include <string.h>
|
||||
#include "mbedtls/aes.h"
|
||||
#include "hwcrypto/aes.h"
|
||||
#include "rom/aes.h"
|
||||
#include "soc/dport_reg.h"
|
||||
#include "soc/hwcrypto_reg.h"
|
||||
#include <sys/lock.h>
|
||||
|
||||
static _lock_t aes_lock;
|
||||
|
|
@ -81,55 +82,18 @@ void esp_aes_free( esp_aes_context *ctx )
|
|||
bzero( ctx, sizeof( esp_aes_context ) );
|
||||
}
|
||||
|
||||
/* Translate number of bits to an AES_BITS enum */
|
||||
static int keybits_to_aesbits(unsigned int keybits)
|
||||
{
|
||||
switch (keybits) {
|
||||
case 128:
|
||||
return AES128;
|
||||
case 192:
|
||||
return AES192;
|
||||
break;
|
||||
case 256:
|
||||
return AES256;
|
||||
default:
|
||||
return ( ERR_ESP_AES_INVALID_KEY_LENGTH );
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* AES key schedule (encryption)
|
||||
* AES key schedule (same for encryption or decryption, as hardware handles schedule)
|
||||
*
|
||||
*/
|
||||
int esp_aes_setkey_enc( esp_aes_context *ctx, const unsigned char *key,
|
||||
unsigned int keybits )
|
||||
int esp_aes_setkey( esp_aes_context *ctx, const unsigned char *key,
|
||||
unsigned int keybits )
|
||||
{
|
||||
uint16_t keybytes = keybits / 8;
|
||||
int aesbits = keybits_to_aesbits(keybits);
|
||||
if (aesbits < 0) {
|
||||
return aesbits;
|
||||
if (keybits != 128 && keybits != 192 && keybits != 256) {
|
||||
return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
|
||||
}
|
||||
ctx->enc.aesbits = aesbits;
|
||||
bzero(ctx->enc.key, sizeof(ctx->enc.key));
|
||||
memcpy(ctx->enc.key, key, keybytes);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* AES key schedule (decryption)
|
||||
*
|
||||
*/
|
||||
int esp_aes_setkey_dec( esp_aes_context *ctx, const unsigned char *key,
|
||||
unsigned int keybits )
|
||||
{
|
||||
uint16_t keybytes = keybits / 8;
|
||||
int aesbits = keybits_to_aesbits(keybits);
|
||||
if (aesbits < 0) {
|
||||
return aesbits;
|
||||
}
|
||||
ctx->dec.aesbits = aesbits;
|
||||
bzero(ctx->dec.key, sizeof(ctx->dec.key));
|
||||
memcpy(ctx->dec.key, key, keybytes);
|
||||
ctx->key_bytes = keybits / 8;
|
||||
memcpy(ctx->key, key, ctx->key_bytes);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
@ -137,27 +101,41 @@ int esp_aes_setkey_dec( esp_aes_context *ctx, const unsigned char *key,
|
|||
* Helper function to copy key from esp_aes_context buffer
|
||||
* to hardware key registers.
|
||||
*
|
||||
* Only call when protected by esp_aes_acquire_hardware().
|
||||
* Call only while holding esp_aes_acquire_hardware().
|
||||
*/
|
||||
static inline int esp_aes_setkey_hardware( esp_aes_context *ctx, int mode)
|
||||
static inline void esp_aes_setkey_hardware( esp_aes_context *ctx, int mode)
|
||||
{
|
||||
DPORT_ACCESS_BLOCK() {
|
||||
// ROM AES functions access DPORT, so need to be protected as such
|
||||
if ( mode == ESP_AES_ENCRYPT ) {
|
||||
ets_aes_setkey_enc(ctx->enc.key, ctx->enc.aesbits);
|
||||
} else {
|
||||
ets_aes_setkey_dec(ctx->dec.key, ctx->dec.aesbits);
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
const uint32_t MODE_DECRYPT_BIT = 4;
|
||||
unsigned mode_reg_base = (mode == ESP_AES_ENCRYPT) ? 0 : MODE_DECRYPT_BIT;
|
||||
|
||||
memcpy((uint32_t *)AES_KEY_BASE, ctx->key, ctx->key_bytes);
|
||||
DPORT_REG_WRITE(AES_MODE_REG, mode_reg_base + ((ctx->key_bytes / 8) - 2));
|
||||
}
|
||||
|
||||
static inline void esp_aes_block(const uint8_t input[16], uint8_t output[16])
|
||||
/* Run a single 16 byte block of AES, using the hardware engine.
|
||||
*
|
||||
* Call only while holding esp_aes_acquire_hardware().
|
||||
*/
|
||||
static inline void esp_aes_block(const void *input, void *output)
|
||||
{
|
||||
DPORT_ACCESS_BLOCK() {
|
||||
// ROM AES functions access DPORT, so need to be protected as such
|
||||
ets_aes_crypt(input, output);
|
||||
const uint32_t *input_words = (const uint32_t *)input;
|
||||
uint32_t *output_words = (uint32_t *)output;
|
||||
uint32_t *mem_block = (uint32_t *)AES_TEXT_BASE;
|
||||
|
||||
for(int i = 0; i < 4; i++) {
|
||||
mem_block[i] = input_words[i];
|
||||
}
|
||||
|
||||
DPORT_REG_WRITE(AES_START_REG, 1);
|
||||
|
||||
DPORT_STALL_OTHER_CPU_START();
|
||||
{
|
||||
while (_DPORT_REG_READ(AES_IDLE_REG) != 1) { }
|
||||
for (int i = 0; i < 4; i++) {
|
||||
output_words[i] = mem_block[i];
|
||||
}
|
||||
}
|
||||
DPORT_STALL_OTHER_CPU_END();
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -215,6 +193,9 @@ int esp_aes_crypt_cbc( esp_aes_context *ctx,
|
|||
unsigned char *output )
|
||||
{
|
||||
int i;
|
||||
uint32_t *output_words = (uint32_t *)output;
|
||||
const uint32_t *input_words = (const uint32_t *)input;
|
||||
uint32_t *iv_words = (uint32_t *)iv;
|
||||
unsigned char temp[16];
|
||||
|
||||
if ( length % 16 ) {
|
||||
|
|
@ -222,34 +203,36 @@ int esp_aes_crypt_cbc( esp_aes_context *ctx,
|
|||
}
|
||||
|
||||
esp_aes_acquire_hardware();
|
||||
|
||||
esp_aes_setkey_hardware(ctx, mode);
|
||||
|
||||
if ( mode == ESP_AES_DECRYPT ) {
|
||||
while ( length > 0 ) {
|
||||
memcpy( temp, input, 16 );
|
||||
esp_aes_block(input, output);
|
||||
memcpy(temp, input_words, 16);
|
||||
esp_aes_block(input_words, output_words);
|
||||
|
||||
for ( i = 0; i < 16; i++ ) {
|
||||
output[i] = (unsigned char)( output[i] ^ iv[i] );
|
||||
for ( i = 0; i < 4; i++ ) {
|
||||
output_words[i] = output_words[i] ^ iv_words[i];
|
||||
}
|
||||
|
||||
memcpy( iv, temp, 16 );
|
||||
memcpy( iv_words, temp, 16 );
|
||||
|
||||
input += 16;
|
||||
output += 16;
|
||||
input_words += 4;
|
||||
output_words += 4;
|
||||
length -= 16;
|
||||
}
|
||||
} else { // ESP_AES_ENCRYPT
|
||||
while ( length > 0 ) {
|
||||
for ( i = 0; i < 16; i++ ) {
|
||||
output[i] = (unsigned char)( input[i] ^ iv[i] );
|
||||
|
||||
for ( i = 0; i < 4; i++ ) {
|
||||
output_words[i] = input_words[i] ^ iv_words[i];
|
||||
}
|
||||
|
||||
esp_aes_block(output, output);
|
||||
memcpy( iv, output, 16 );
|
||||
esp_aes_block(output_words, output_words);
|
||||
memcpy( iv_words, output_words, 16 );
|
||||
|
||||
input += 16;
|
||||
output += 16;
|
||||
input_words += 4;
|
||||
output_words += 4;
|
||||
length -= 16;
|
||||
}
|
||||
}
|
||||
|
|
@ -274,6 +257,7 @@ int esp_aes_crypt_cfb128( esp_aes_context *ctx,
|
|||
size_t n = *iv_off;
|
||||
|
||||
esp_aes_acquire_hardware();
|
||||
|
||||
esp_aes_setkey_hardware(ctx, ESP_AES_ENCRYPT);
|
||||
|
||||
if ( mode == ESP_AES_DECRYPT ) {
|
||||
|
|
@ -321,6 +305,7 @@ int esp_aes_crypt_cfb8( esp_aes_context *ctx,
|
|||
unsigned char ov[17];
|
||||
|
||||
esp_aes_acquire_hardware();
|
||||
|
||||
esp_aes_setkey_hardware(ctx, ESP_AES_ENCRYPT);
|
||||
|
||||
while ( length-- ) {
|
||||
|
|
@ -360,6 +345,7 @@ int esp_aes_crypt_ctr( esp_aes_context *ctx,
|
|||
size_t n = *nc_off;
|
||||
|
||||
esp_aes_acquire_hardware();
|
||||
|
||||
esp_aes_setkey_hardware(ctx, ESP_AES_ENCRYPT);
|
||||
|
||||
while ( length-- ) {
|
||||
|
|
|
|||
|
|
@ -38,11 +38,6 @@ extern "C" {
|
|||
#define ERR_ESP_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */
|
||||
#define ERR_ESP_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */
|
||||
|
||||
typedef struct {
|
||||
enum AES_BITS aesbits;
|
||||
uint8_t key[32];
|
||||
} key_context, KEY_CTX;
|
||||
|
||||
/**
|
||||
* \brief AES context structure
|
||||
*
|
||||
|
|
@ -52,10 +47,8 @@ typedef struct {
|
|||
* generating an extra round key
|
||||
*/
|
||||
typedef struct {
|
||||
int nr; /*!< number of rounds */
|
||||
uint32_t *rk; /*!< AES round keys */
|
||||
KEY_CTX enc;
|
||||
KEY_CTX dec;
|
||||
uint8_t key_bytes;
|
||||
uint8_t key[32];
|
||||
} esp_aes_context;
|
||||
|
||||
/**
|
||||
|
|
@ -94,7 +87,7 @@ void esp_aes_init( esp_aes_context *ctx );
|
|||
void esp_aes_free( esp_aes_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief AES key schedule (encryption)
|
||||
* \brief AES set key schedule (encryption or decryption)
|
||||
*
|
||||
* \param ctx AES context to be initialized
|
||||
* \param key encryption key
|
||||
|
|
@ -102,18 +95,7 @@ void esp_aes_free( esp_aes_context *ctx );
|
|||
*
|
||||
* \return 0 if successful, or ERR_AES_INVALID_KEY_LENGTH
|
||||
*/
|
||||
int esp_aes_setkey_enc( esp_aes_context *ctx, const unsigned char *key, unsigned int keybits );
|
||||
|
||||
/**
|
||||
* \brief AES key schedule (decryption)
|
||||
*
|
||||
* \param ctx AES context to be initialized
|
||||
* \param key decryption key
|
||||
* \param keybits must be 128, 192 or 256
|
||||
*
|
||||
* \return 0 if successful, or ERR_AES_INVALID_KEY_LENGTH
|
||||
*/
|
||||
int esp_aes_setkey_dec( esp_aes_context *ctx, const unsigned char *key, unsigned int keybits );
|
||||
int esp_aes_setkey( esp_aes_context *ctx, const unsigned char *key, unsigned int keybits );
|
||||
|
||||
/**
|
||||
* \brief AES-ECB block encryption/decryption
|
||||
|
|
|
|||
|
|
@ -34,8 +34,8 @@ typedef esp_aes_context mbedtls_aes_context;
|
|||
|
||||
#define mbedtls_aes_init esp_aes_init
|
||||
#define mbedtls_aes_free esp_aes_free
|
||||
#define mbedtls_aes_setkey_enc esp_aes_setkey_enc
|
||||
#define mbedtls_aes_setkey_dec esp_aes_setkey_dec
|
||||
#define mbedtls_aes_setkey_enc esp_aes_setkey
|
||||
#define mbedtls_aes_setkey_dec esp_aes_setkey
|
||||
#define mbedtls_aes_crypt_ecb esp_aes_crypt_ecb
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
#define mbedtls_aes_crypt_cbc esp_aes_crypt_cbc
|
||||
|
|
|
|||
|
|
@ -57,4 +57,12 @@
|
|||
#define SHA_512_LOAD_REG ((DR_REG_SHA_BASE) + 0xb8)
|
||||
#define SHA_512_BUSY_REG ((DR_REG_SHA_BASE) + 0xbc)
|
||||
|
||||
/* AES acceleration registers */
|
||||
#define AES_START_REG ((DR_REG_AES_BASE) + 0x00)
|
||||
#define AES_IDLE_REG ((DR_REG_AES_BASE) + 0x04)
|
||||
#define AES_MODE_REG ((DR_REG_AES_BASE) + 0x08)
|
||||
#define AES_KEY_BASE ((DR_REG_AES_BASE) + 0x10)
|
||||
#define AES_TEXT_BASE ((DR_REG_AES_BASE) + 0x30)
|
||||
#define AES_ENDIAN ((DR_REG_AES_BASE) + 0x40)
|
||||
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -69,6 +69,7 @@
|
|||
#define SOC_RTC_DATA_HIGH 0x50002000
|
||||
|
||||
#define DR_REG_DPORT_BASE 0x3ff00000
|
||||
#define DR_REG_AES_BASE 0x3ff01000
|
||||
#define DR_REG_RSA_BASE 0x3ff02000
|
||||
#define DR_REG_SHA_BASE 0x3ff03000
|
||||
#define DR_REG_DPORT_END 0x3ff03FFC
|
||||
|
|
|
|||
Loading…
Reference in a new issue