refactor(esp_tee): Use the AES-GCM port layer for operations in the TEE

This commit is contained in:
Laukik Hase
2025-03-04 16:17:35 +05:30
parent 6e5513b8ad
commit 98e16412a7
3 changed files with 24 additions and 16 deletions

View File

@@ -13,20 +13,22 @@ list(APPEND include_dirs "${heap_dir}/include")
set(srcs "${COMPONENT_DIR}/esp_tee/esp_tee_crypto_shared_gdma.c") set(srcs "${COMPONENT_DIR}/esp_tee/esp_tee_crypto_shared_gdma.c")
# AES-SHA implementation # AES-SHA implementation
list(APPEND include_dirs "${COMPONENT_DIR}/port/aes/include" list(APPEND srcs "${COMPONENT_DIR}/port/aes/dma/esp_aes.c"
"${COMPONENT_DIR}/port/aes/dma/include" "${COMPONENT_DIR}/port/aes/dma/esp_aes_dma_core.c")
"${COMPONENT_DIR}/port/sha/core/include")
list(APPEND srcs "${COMPONENT_DIR}/port/aes/esp_aes_common.c" list(APPEND srcs "${COMPONENT_DIR}/port/aes/esp_aes_common.c"
"${COMPONENT_DIR}/port/aes/dma/esp_aes.c" "${COMPONENT_DIR}/port/aes/esp_aes_gcm.c")
"${COMPONENT_DIR}/port/aes/dma/esp_aes_dma_core.c")
list(APPEND srcs "${COMPONENT_DIR}/port/sha/core/sha.c" list(APPEND srcs "${COMPONENT_DIR}/port/sha/core/sha.c"
"${COMPONENT_DIR}/port/sha/esp_sha.c") "${COMPONENT_DIR}/port/sha/esp_sha.c")
idf_component_register(INCLUDE_DIRS "${include_dirs}" list(APPEND include_dirs "${COMPONENT_DIR}/port/aes/include"
PRIV_REQUIRES "${priv_requires}" "${COMPONENT_DIR}/port/aes/dma/include"
SRCS "${srcs}") "${COMPONENT_DIR}/port/sha/core/include")
idf_component_register(SRCS "${srcs}"
INCLUDE_DIRS "${include_dirs}"
PRIV_REQUIRES "${priv_requires}")
# Only build mbedtls libraries # Only build mbedtls libraries
set(ENABLE_TESTING CACHE BOOL OFF) set(ENABLE_TESTING CACHE BOOL OFF)
@@ -50,9 +52,6 @@ endforeach()
target_link_libraries(${COMPONENT_LIB} INTERFACE ${mbedtls_targets}) target_link_libraries(${COMPONENT_LIB} INTERFACE ${mbedtls_targets})
if(CONFIG_MBEDTLS_HARDWARE_SHA) target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/sha/core/esp_sha1.c"
target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/sha/core/esp_sha1.c" "${COMPONENT_DIR}/port/sha/core/esp_sha256.c"
"${COMPONENT_DIR}/port/sha/core/esp_sha256.c" "${COMPONENT_DIR}/port/sha/core/esp_sha512.c")
"${COMPONENT_DIR}/port/sha/core/esp_sha512.c"
)
endif()

View File

@@ -34,6 +34,7 @@
#define MBEDTLS_CIPHER_C #define MBEDTLS_CIPHER_C
#define MBEDTLS_AES_C #define MBEDTLS_AES_C
#define MBEDTLS_GCM_C #define MBEDTLS_GCM_C
#define MBEDTLS_GCM_ALT
#define MBEDTLS_ASN1_WRITE_C #define MBEDTLS_ASN1_WRITE_C
#define MBEDTLS_ASN1_PARSE_C #define MBEDTLS_ASN1_PARSE_C

View File

@@ -1,5 +1,5 @@
/* /*
* SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD * SPDX-FileCopyrightText: 2024-2025 Espressif Systems (Shanghai) CO LTD
* *
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
*/ */
@@ -100,9 +100,11 @@ static IRAM_ATTR void esp_aes_complete_isr(void *arg)
portYIELD_FROM_ISR(); portYIELD_FROM_ISR();
} }
} }
#endif
void esp_aes_intr_alloc(void) void esp_aes_intr_alloc(void)
{ {
#if !ESP_TEE_BUILD
if (op_complete_sem == NULL) { if (op_complete_sem == NULL) {
const int isr_flags = esp_intr_level_to_flags(CONFIG_MBEDTLS_AES_INTERRUPT_LEVEL); const int isr_flags = esp_intr_level_to_flags(CONFIG_MBEDTLS_AES_INTERRUPT_LEVEL);
@@ -120,8 +122,14 @@ void esp_aes_intr_alloc(void)
// Static semaphore creation is unlikely to fail but still basic sanity // Static semaphore creation is unlikely to fail but still basic sanity
assert(op_complete_sem != NULL); assert(op_complete_sem != NULL);
} }
} #else
// NOTE: Need to extern since the mbedtls component does not depend on
// the esp_tee (main) component
extern void esp_tee_aes_intr_alloc(void);
esp_tee_aes_intr_alloc();
#endif #endif
}
static esp_err_t esp_aes_isr_initialise( void ) static esp_err_t esp_aes_isr_initialise( void )
{ {