Merge branch 'bugfix/aes_dma_completion_v4.3' into 'release/v4.3'

mbedtls: Fix AES dma completion race condition (v4.3) See merge request espressif/esp-idf!12903
2025-08-03 12:44:33 +02:00 · 2021-04-01 02:15:30 +00:00
parent e5437afa7f 9c4c377f2d
commit 7e75d7f748
2 changed files with 18 additions and 5 deletions
--- a/components/mbedtls/port/aes/dma/esp_aes.c
+++ b/components/mbedtls/port/aes/dma/esp_aes.c
@@ -291,7 +291,8 @@ static int esp_aes_process_dma(esp_aes_context *ctx, const unsigned char *input,
 {
    lldesc_t stream_in_desc, stream_out_desc;
    lldesc_t *in_desc_head = NULL, *out_desc_head = NULL;
-    lldesc_t *block_desc = NULL, *block_in_desc, *block_out_desc;
+    lldesc_t *out_desc_tail = NULL; /* pointer to the final output descriptor */
+    lldesc_t *block_desc = NULL, *block_in_desc = NULL, *block_out_desc = NULL;
    size_t lldesc_num;
    uint8_t stream_in[16] = {};
    unsigned stream_bytes = len % AES_BLOCK_BYTES; // bytes which aren't in a full block
@@ -357,8 +358,10 @@ static int esp_aes_process_dma(esp_aes_context *ctx, const unsigned char *input,
        block_in_desc = block_desc;
        block_out_desc = block_desc + lldesc_num;

-        lldesc_setup_link(block_desc, input, block_bytes, 0);
-        lldesc_setup_link(block_desc + lldesc_num, output, block_bytes, 0);
+        lldesc_setup_link(block_in_desc, input, block_bytes, 0);
+        lldesc_setup_link(block_out_desc, output, block_bytes, 0);
+
+        out_desc_tail = &block_out_desc[lldesc_num - 1];
    }

    /* Any leftover bytes which are appended as an additional DMA list */
@@ -373,6 +376,8 @@ static int esp_aes_process_dma(esp_aes_context *ctx, const unsigned char *input,
            block_in_desc[lldesc_num - 1].empty = (uint32_t)&stream_in_desc;
            block_out_desc[lldesc_num - 1].empty = (uint32_t)&stream_out_desc;
        }
+
+        out_desc_tail = &stream_out_desc;
    }

    // block buffers are sent to DMA first, unless there aren't any
@@ -401,7 +406,7 @@ static int esp_aes_process_dma(esp_aes_context *ctx, const unsigned char *input,
    }

    aes_hal_transform_dma_start(blocks);
-    esp_aes_dma_wait_complete(use_intr, out_desc_head);
+    esp_aes_dma_wait_complete(use_intr, out_desc_tail);

 #if (CONFIG_SPIRAM_USE_CAPS_ALLOC || CONFIG_SPIRAM_USE_MALLOC)
    if (block_bytes > 0) {
--- a/components/mbedtls/test/test_aes.c
+++ b/components/mbedtls/test/test_aes.c
@@ -8,6 +8,7 @@
 #include "mbedtls/gcm.h"
 #include "unity.h"
 #include "sdkconfig.h"
+#include "esp_log.h"
 #include "esp_timer.h"
 #include "esp_heap_caps.h"
 #include "test_utils.h"
@@ -356,7 +357,7 @@ TEST_CASE("mbedtls CTR stream test", "[aes]")
        no matter how many bytes we encrypt each call
        */
    for (int bytes_to_process = 1; bytes_to_process < SZ; bytes_to_process++) {
-
+        ESP_LOGD("test", "bytes_to_process %d", bytes_to_process);
        memset(nonce, 0xEE, 16);
        memset(chipertext, 0x0, SZ);
        memset(decryptedtext, 0x0, SZ);
@@ -370,10 +371,14 @@ TEST_CASE("mbedtls CTR stream test", "[aes]")
            mbedtls_aes_crypt_ctr(&ctx, length, &offset, nonce,
                                  stream_block, plaintext + idx, chipertext + idx );
        }
+        ESP_LOG_BUFFER_HEXDUMP("expected", expected_cipher, SZ, ESP_LOG_DEBUG);
+        ESP_LOG_BUFFER_HEXDUMP("actual  ", chipertext, SZ, ESP_LOG_DEBUG);
+
        TEST_ASSERT_EQUAL_HEX8_ARRAY(expected_cipher, chipertext, SZ);

        // Decrypt
        memset(nonce, 0xEE, 16);
+        memset(decryptedtext, 0x22, SZ);
        offset = 0;
        for (int idx = 0; idx < SZ; idx = idx + bytes_to_process) {
            // Limit length of last call to avoid exceeding buffer size
@@ -381,6 +386,7 @@ TEST_CASE("mbedtls CTR stream test", "[aes]")
            mbedtls_aes_crypt_ctr(&ctx, length, &offset, nonce,
                                  stream_block, chipertext + idx, decryptedtext + idx );
        }
+        ESP_LOG_BUFFER_HEXDUMP("decrypted", decryptedtext, SZ, ESP_LOG_DEBUG);
        TEST_ASSERT_EQUAL_HEX8_ARRAY(plaintext, decryptedtext, SZ);
    }

@@ -451,6 +457,7 @@ TEST_CASE("mbedtls OFB stream test", "[aes]")
        */

    for (int bytes_to_process = 1; bytes_to_process < SZ; bytes_to_process++) {
+        ESP_LOGD("test", "bytes_to_process %d", bytes_to_process);
        // Encrypt
        memset(iv, 0xEE, 16);
        size_t offset = 0;
@@ -464,6 +471,7 @@ TEST_CASE("mbedtls OFB stream test", "[aes]")

        // Decrypt
        memset(iv, 0xEE, 16);
+        memset(decryptedtext, 0x22, SZ);
        offset = 0;
        for (int idx = 0; idx < SZ; idx = idx + bytes_to_process) {
            // Limit length of last call to avoid exceeding buffer size