diff --git a/components/hal/test_apps/crypto/main/CMakeLists.txt b/components/hal/test_apps/crypto/main/CMakeLists.txt index d2e4647dfd..460bf3b120 100644 --- a/components/hal/test_apps/crypto/main/CMakeLists.txt +++ b/components/hal/test_apps/crypto/main/CMakeLists.txt @@ -25,7 +25,8 @@ if(CONFIG_SOC_AES_SUPPORTED) list(APPEND srcs "aes/test_aes.c" "$ENV{IDF_PATH}/components/mbedtls/port/aes/esp_aes_common.c" "aes/aes_block.c") - list(APPEND priv_include_dirs "$ENV{IDF_PATH}/components/mbedtls/port/include") + list(APPEND priv_include_dirs "$ENV{IDF_PATH}/components/mbedtls/port/include" + "$ENV{IDF_PATH}/components/mbedtls/port/aes/include") if(CONFIG_SOC_AES_SUPPORT_DMA) list(APPEND priv_include_dirs "$ENV{IDF_PATH}/components/mbedtls/port/aes/dma/include") diff --git a/components/hal/test_apps/crypto/main/aes/test_aes.c b/components/hal/test_apps/crypto/main/aes/test_aes.c index 7b7d185c0f..518669b5bd 100644 --- a/components/hal/test_apps/crypto/main/aes/test_aes.c +++ b/components/hal/test_apps/crypto/main/aes/test_aes.c @@ -266,7 +266,8 @@ static void test_cfb128_aes(size_t buffer_size, const uint8_t expected_cipher_en heap_caps_free(decryptedtext); } -#if SOC_AES_SUPPORT_GCM +#define CIPHER_ID_AES 2 + static void test_gcm_aes(size_t length, const uint8_t expected_last_block[16], const uint8_t expected_tag[16]) { uint8_t iv[16]; @@ -295,10 +296,10 @@ static void test_gcm_aes(size_t length, const uint8_t expected_last_block[16], c memcpy(iv_buf, iv, iv_length); esp_aes_gcm_init(&ctx); - esp_aes_gcm_setkey(&ctx, 0, key, 8 * sizeof(key)); + TEST_ASSERT(esp_aes_gcm_setkey(&ctx, CIPHER_ID_AES, key, 8 * sizeof(key)) == 0); /* Encrypt and authenticate */ - esp_aes_gcm_crypt_and_tag(&ctx, ESP_AES_ENCRYPT, length, iv_buf, iv_length, add, add_length, plaintext, ciphertext, tag_len, tag_buf_encrypt); + TEST_ASSERT(esp_aes_gcm_crypt_and_tag(&ctx, ESP_AES_ENCRYPT, length, iv_buf, iv_length, add, add_length, plaintext, ciphertext, tag_len, tag_buf_encrypt) == 0); size_t offset = length > 16 ? length - 16 : 0; /* Sanity check: make sure the last ciphertext block matches what we expect to see. */ TEST_ASSERT_EQUAL_HEX8_ARRAY(expected_last_block, ciphertext + offset, MIN(16, length)); @@ -314,7 +315,6 @@ static void test_gcm_aes(size_t length, const uint8_t expected_last_block[16], c heap_caps_free(ciphertext); heap_caps_free(decryptedtext); } -#endif /* SOC_AES_SUPPORT_GCM */ #endif /* SOC_AES_SUPPORT_DMA */ TEST(aes, cbc_aes_256_block_test) @@ -457,8 +457,6 @@ TEST(aes, cfb128_aes_256_long_dma_test) #endif -#if SOC_AES_SUPPORT_GCM - TEST(aes, gcm_aes_dma_test) { size_t length = 16; @@ -489,7 +487,6 @@ TEST(aes, gcm_aes_long_dma_test) test_gcm_aes(length, expected_last_block, expected_tag); } #endif /* CONFIG_CRYPTO_TESTAPP_USE_AES_INTERRUPT */ -#endif /* SOC_AES_SUPPORT_GCM */ #endif /* SOC_AES_SUPPORT_DMA */ TEST_GROUP_RUNNER(aes) @@ -509,12 +506,10 @@ TEST_GROUP_RUNNER(aes) RUN_TEST_CASE(aes, cfb8_aes_256_long_dma_test); RUN_TEST_CASE(aes, cfb128_aes_256_long_dma_test); #endif /* CONFIG_CRYPTO_TESTAPP_USE_AES_INTERRUPT */ -#if SOC_AES_SUPPORT_GCM RUN_TEST_CASE(aes, gcm_aes_dma_test); #if CONFIG_CRYPTO_TESTAPP_USE_AES_INTERRUPT RUN_TEST_CASE(aes, gcm_aes_long_dma_test); #endif /* CONFIG_CRYPTO_TESTAPP_USE_AES_INTERRUPT */ -#endif /* SOC_AES_SUPPORT_GCM */ #endif /* SOC_AES_SUPPORT_DMA */ } diff --git a/components/mbedtls/CMakeLists.txt b/components/mbedtls/CMakeLists.txt index 28428f25d8..57b832fd99 100644 --- a/components/mbedtls/CMakeLists.txt +++ b/components/mbedtls/CMakeLists.txt @@ -206,6 +206,7 @@ target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/esp_mem.c" ) if(CONFIG_SOC_AES_SUPPORTED) + target_include_directories(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/aes/include") target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/aes/esp_aes_xts.c" "${COMPONENT_DIR}/port/aes/esp_aes_common.c" "${COMPONENT_DIR}/port/aes/${AES_PERIPHERAL_TYPE}/esp_aes.c" diff --git a/components/mbedtls/port/aes/block/esp_aes.c b/components/mbedtls/port/aes/block/esp_aes.c index fcf4e2a67b..a83a89f8e9 100644 --- a/components/mbedtls/port/aes/block/esp_aes.c +++ b/components/mbedtls/port/aes/block/esp_aes.c @@ -33,7 +33,7 @@ #include "soc/hwcrypto_periph.h" #include #include "hal/aes_hal.h" -#include "aes/esp_aes_internal.h" +#include "esp_aes_internal.h" #include diff --git a/components/mbedtls/port/aes/dma/esp_aes.c b/components/mbedtls/port/aes/dma/esp_aes.c index 8f0e33c953..8fe7b4d522 100644 --- a/components/mbedtls/port/aes/dma/esp_aes.c +++ b/components/mbedtls/port/aes/dma/esp_aes.c @@ -42,7 +42,7 @@ #endif #include "esp_crypto_lock.h" #include "hal/aes_hal.h" -#include "aes/esp_aes_internal.h" +#include "esp_aes_internal.h" #include "esp_aes_dma_priv.h" #if CONFIG_IDF_TARGET_ESP32S2 diff --git a/components/mbedtls/port/aes/esp_aes_common.c b/components/mbedtls/port/aes/esp_aes_common.c index 4bc8b25cee..bffd568c3a 100644 --- a/components/mbedtls/port/aes/esp_aes_common.c +++ b/components/mbedtls/port/aes/esp_aes_common.c @@ -15,7 +15,7 @@ * http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf */ #include "sdkconfig.h" -#include "aes/esp_aes_internal.h" +#include "esp_aes_internal.h" #include "mbedtls/aes.h" #include "hal/aes_hal.h" #include "hal/aes_types.h" diff --git a/components/mbedtls/port/aes/esp_aes_gcm.c b/components/mbedtls/port/aes/esp_aes_gcm.c index 9798fe475c..76d68544d7 100644 --- a/components/mbedtls/port/aes/esp_aes_gcm.c +++ b/components/mbedtls/port/aes/esp_aes_gcm.c @@ -18,7 +18,7 @@ #include "aes/esp_aes.h" #include "aes/esp_aes_gcm.h" -#include "aes/esp_aes_internal.h" +#include "esp_aes_internal.h" #include "hal/aes_hal.h" #include "mbedtls/aes.h" diff --git a/components/mbedtls/port/aes/include/esp_aes_internal.h b/components/mbedtls/port/aes/include/esp_aes_internal.h new file mode 100644 index 0000000000..889888e83f --- /dev/null +++ b/components/mbedtls/port/aes/include/esp_aes_internal.h @@ -0,0 +1,37 @@ +/* + * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ + +#pragma once + +#include "aes/esp_aes.h" +#include "aes/esp_aes_gcm.h" +#include "soc/soc_caps.h" +#include + +#ifdef __cplusplus +extern "C" { +#endif + +bool valid_key_length(const esp_aes_context *ctx); + +#if SOC_AES_SUPPORT_GCM +/** + * @brief Run a AES-GCM conversion using DMA + * + * @param ctx Aes context + * @param input Pointer to input data + * @param output Pointer to output data + * @param len Length of the input data + * @param aad_desc GCM additional data DMA descriptor + * @param aad_len GCM additional data length + * @return int -1 on error + */ +int esp_aes_process_dma_gcm(esp_aes_context *ctx, const unsigned char *input, unsigned char *output, size_t len, lldesc_t *aad_desc, size_t aad_len); +#endif + +#ifdef __cplusplus +} +#endif diff --git a/components/mbedtls/port/include/aes/esp_aes_internal.h b/components/mbedtls/port/include/aes/esp_aes_internal.h deleted file mode 100644 index 35a7d3935a..0000000000 --- a/components/mbedtls/port/include/aes/esp_aes_internal.h +++ /dev/null @@ -1,54 +0,0 @@ -/** - * \brief AES block cipher, ESP-IDF hardware accelerated version - * Based on mbedTLS FIPS-197 compliant version. - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE Ltd - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * Internal API - */ - -#pragma once - - -#include "aes/esp_aes.h" -#include "aes/esp_aes_gcm.h" -#include - -#ifdef __cplusplus -extern "C" { -#endif - -bool valid_key_length(const esp_aes_context *ctx); - - -/** - * @brief Run a AES-GCM conversion using DMA - * - * @param ctx Aes context - * @param input Pointer to input data - * @param output Pointer to output data - * @param len Length of the input data - * @param aad_desc GCM additional data DMA descriptor - * @param aad_len GCM additional data length - * @return int -1 on error - */ -int esp_aes_process_dma_gcm(esp_aes_context *ctx, const unsigned char *input, unsigned char *output, size_t len, lldesc_t *aad_desc, size_t aad_len); - - -#ifdef __cplusplus -} -#endif diff --git a/tools/ci/check_copyright_ignore.txt b/tools/ci/check_copyright_ignore.txt index d98620c6e3..c1fbfb935a 100644 --- a/tools/ci/check_copyright_ignore.txt +++ b/tools/ci/check_copyright_ignore.txt @@ -507,7 +507,6 @@ components/mbedtls/port/aes/dma/esp_aes.c components/mbedtls/port/aes/dma/esp_aes_crypto_dma_impl.c components/mbedtls/port/aes/esp_aes_xts.c components/mbedtls/port/include/aes/esp_aes.h -components/mbedtls/port/include/aes/esp_aes_internal.h components/mbedtls/port/include/aes_alt.h components/mbedtls/port/include/bignum_impl.h components/mbedtls/port/include/esp32/aes.h