diff --git a/boards/espressif/esp32_devkitc/esp32_devkitc_procpu.yaml b/boards/espressif/esp32_devkitc/esp32_devkitc_procpu.yaml index 7a1a124e7d7ba..cee4ef8e7b725 100644 --- a/boards/espressif/esp32_devkitc/esp32_devkitc_procpu.yaml +++ b/boards/espressif/esp32_devkitc/esp32_devkitc_procpu.yaml @@ -19,4 +19,5 @@ supported: - counter - entropy - input + - crypto vendor: espressif diff --git a/boards/espressif/esp32_ethernet_kit/esp32_ethernet_kit_procpu.yaml b/boards/espressif/esp32_ethernet_kit/esp32_ethernet_kit_procpu.yaml index f6fd5a5f410ca..63959384fe687 100644 --- a/boards/espressif/esp32_ethernet_kit/esp32_ethernet_kit_procpu.yaml +++ b/boards/espressif/esp32_ethernet_kit/esp32_ethernet_kit_procpu.yaml @@ -11,4 +11,5 @@ supported: - nvs - pwm - i2s + - crypto vendor: espressif diff --git a/boards/espressif/esp32c3_devkitc/esp32c3_devkitc.yaml b/boards/espressif/esp32c3_devkitc/esp32c3_devkitc.yaml index 20cef2fc49289..c905d3db52f0f 100644 --- a/boards/espressif/esp32c3_devkitc/esp32c3_devkitc.yaml +++ b/boards/espressif/esp32c3_devkitc/esp32c3_devkitc.yaml @@ -16,4 +16,5 @@ supported: - spi - counter - entropy + - crypto vendor: espressif diff --git a/boards/espressif/esp32c3_devkitm/esp32c3_devkitm.yaml b/boards/espressif/esp32c3_devkitm/esp32c3_devkitm.yaml index 38153891381d8..5854eefa5e61b 100644 --- a/boards/espressif/esp32c3_devkitm/esp32c3_devkitm.yaml +++ b/boards/espressif/esp32c3_devkitm/esp32c3_devkitm.yaml @@ -16,4 +16,5 @@ supported: - spi - counter - entropy + - crypto vendor: espressif diff --git a/boards/espressif/esp32c3_rust/esp32c3_rust.yaml b/boards/espressif/esp32c3_rust/esp32c3_rust.yaml index a82552337b42a..228ce41936972 100644 --- a/boards/espressif/esp32c3_rust/esp32c3_rust.yaml +++ b/boards/espressif/esp32c3_rust/esp32c3_rust.yaml @@ -18,4 +18,5 @@ supported: - spi - counter - entropy + - crypto vendor: espressif diff --git a/boards/espressif/esp32c6_devkitc/esp32c6_devkitc_hpcore.yaml b/boards/espressif/esp32c6_devkitc/esp32c6_devkitc_hpcore.yaml index 895ef8060057b..3167b543fee52 100644 --- a/boards/espressif/esp32c6_devkitc/esp32c6_devkitc_hpcore.yaml +++ b/boards/espressif/esp32c6_devkitc/esp32c6_devkitc_hpcore.yaml @@ -18,7 +18,7 @@ supported: - i2c - i2s - netif:openthread - + - crypto testing: ignore_tags: - bluetooth diff --git a/boards/espressif/esp32h2_devkitm/esp32h2_devkitm.yaml b/boards/espressif/esp32h2_devkitm/esp32h2_devkitm.yaml index a232d69192997..e5d9ba390b1e2 100644 --- a/boards/espressif/esp32h2_devkitm/esp32h2_devkitm.yaml +++ b/boards/espressif/esp32h2_devkitm/esp32h2_devkitm.yaml @@ -18,3 +18,4 @@ supported: - i2c - i2s - netif:openthread + - crypto diff --git a/boards/espressif/esp32s2_devkitc/esp32s2_devkitc.yaml b/boards/espressif/esp32s2_devkitc/esp32s2_devkitc.yaml index b3598a28d9c04..4db53139b5c5d 100644 --- a/boards/espressif/esp32s2_devkitc/esp32s2_devkitc.yaml +++ b/boards/espressif/esp32s2_devkitc/esp32s2_devkitc.yaml @@ -20,6 +20,7 @@ supported: - input - can - dma + - crypto testing: ignore_tags: - bluetooth diff --git a/boards/espressif/esp32s2_saola/esp32s2_saola.yaml b/boards/espressif/esp32s2_saola/esp32s2_saola.yaml index e8a37ffd2edca..2fc990a15cae3 100644 --- a/boards/espressif/esp32s2_saola/esp32s2_saola.yaml +++ b/boards/espressif/esp32s2_saola/esp32s2_saola.yaml @@ -18,6 +18,7 @@ supported: - counter - entropy - input + - crypto testing: ignore_tags: - bluetooth diff --git a/boards/espressif/esp32s3_devkitc/esp32s3_devkitc_procpu.yaml b/boards/espressif/esp32s3_devkitc/esp32s3_devkitc_procpu.yaml index ae1de5034e7e4..425402b36e65b 100644 --- a/boards/espressif/esp32s3_devkitc/esp32s3_devkitc_procpu.yaml +++ b/boards/espressif/esp32s3_devkitc/esp32s3_devkitc_procpu.yaml @@ -17,4 +17,5 @@ supported: - pwm - dma - input + - crypto vendor: espressif diff --git a/boards/espressif/esp32s3_devkitm/esp32s3_devkitm_procpu.yaml b/boards/espressif/esp32s3_devkitm/esp32s3_devkitm_procpu.yaml index e153c2e9f8178..29b7b697f4da3 100644 --- a/boards/espressif/esp32s3_devkitm/esp32s3_devkitm_procpu.yaml +++ b/boards/espressif/esp32s3_devkitm/esp32s3_devkitm_procpu.yaml @@ -18,4 +18,5 @@ supported: - dma - input - video + - crypto vendor: espressif diff --git a/boards/espressif/esp32s3_eye/esp32s3_eye_procpu.yaml b/boards/espressif/esp32s3_eye/esp32s3_eye_procpu.yaml index 0f1ec31c71f5a..481fc04e140bc 100644 --- a/boards/espressif/esp32s3_eye/esp32s3_eye_procpu.yaml +++ b/boards/espressif/esp32s3_eye/esp32s3_eye_procpu.yaml @@ -18,4 +18,5 @@ supported: - dma - input - video + - crypto vendor: espressif diff --git a/boards/espressif/esp_wrover_kit/esp_wrover_kit_procpu.yaml b/boards/espressif/esp_wrover_kit/esp_wrover_kit_procpu.yaml index 88bcdc3289b18..c0ddc4c80b60a 100644 --- a/boards/espressif/esp_wrover_kit/esp_wrover_kit_procpu.yaml +++ b/boards/espressif/esp_wrover_kit/esp_wrover_kit_procpu.yaml @@ -17,4 +17,5 @@ supported: - spi - counter - entropy + - crypto vendor: espressif diff --git a/drivers/crypto/CMakeLists.txt b/drivers/crypto/CMakeLists.txt index f325c7f34a9aa..f6dfd465ef533 100644 --- a/drivers/crypto/CMakeLists.txt +++ b/drivers/crypto/CMakeLists.txt @@ -17,4 +17,6 @@ zephyr_library_sources_ifdef(CONFIG_CRYPTO_MCUX_DCP crypto_mcux_dcp.c) zephyr_library_sources_ifdef(CONFIG_CRYPTO_SI32 crypto_si32.c) zephyr_library_sources_ifdef(CONFIG_CRYPTO_CC23X0 crypto_cc23x0.c) zephyr_library_sources_ifdef(CONFIG_CRYPTO_RTS5912_SHA crypto_rts5912_sha.c) +zephyr_library_sources_ifdef(CONFIG_CRYPTO_ESP32_SHA crypto_esp32_sha.c) +zephyr_library_sources_ifdef(CONFIG_CRYPTO_ESP32_AES crypto_esp32_aes.c) zephyr_library_link_libraries_ifdef(CONFIG_MBEDTLS mbedTLS) diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig index 5f3c74ee77f14..4c5c268fcebba 100644 --- a/drivers/crypto/Kconfig +++ b/drivers/crypto/Kconfig @@ -60,5 +60,6 @@ source "drivers/crypto/Kconfig.si32" source "drivers/crypto/Kconfig.smartbond" source "drivers/crypto/Kconfig.cc23x0" source "drivers/crypto/Kconfig.rts5912" +source "drivers/crypto/Kconfig.esp32" endif # CRYPTO diff --git a/drivers/crypto/Kconfig.esp32 b/drivers/crypto/Kconfig.esp32 new file mode 100644 index 0000000000000..feb93eaa2ed07 --- /dev/null +++ b/drivers/crypto/Kconfig.esp32 @@ -0,0 +1,52 @@ +# Copyright (c) 2025 Espressif Systems +# SPDX-License-Identifier: Apache-2.0 + +config CRYPTO_ESP32 + bool "Espressif Crypto driver" + depends on DT_HAS_ESPRESSIF_ESP32_AES_ENABLED || DT_HAS_ESPRESSIF_ESP32_SHA_ENABLED + default y + help + Enable the Espressif hardware crypto drivers for AES and SHA + accelerators. + +if CRYPTO_ESP32 + +config CRYPTO_ESP32_AES + bool "ESP32 AES Hardware Accelerator" + depends on DT_HAS_ESPRESSIF_ESP32_AES_ENABLED + default y + help + Enable support for the Espressif AES hardware accelerator. + This driver implements AES-ECB, AES-CBC, and AES-CTR modes + using the hardware AES engine through the HAL. + +config CRYPTO_ESP32_SHA + bool "ESP32 SHA Hardware Accelerator" + depends on DT_HAS_ESPRESSIF_ESP32_SHA_ENABLED + default y + help + Enable support for the Espressif SHA hardware accelerator. + This driver implements SHA-224, SHA-256, SHA-384, and SHA-512 + using the Espressif HAL SHA engine. + +config CRYPTO_ESP32_SHA_SESSIONS_MAX + int "Max ESP32 SHA sessions" + depends on CRYPTO_ESP32_SHA + range 1 32 + default 2 + help + Maximum number of concurrent SHA hash sessions. + Each session uses approximately 300-400 bytes of RAM + (more for SHA-384/512 due to larger state). + +config ESP32_CRYPTO_AES_SESSIONS_MAX + int "Max ESP32 AES sessions" + depends on CRYPTO_ESP32_AES + range 1 32 + default 4 + help + Maximum number of concurrent AES sessions. + Each session uses approximately 300-400 bytes of RAM + (more for AES-256 due to larger state). + +endif # CRYPTO_ESP32 diff --git a/drivers/crypto/crypto_esp32_aes.c b/drivers/crypto/crypto_esp32_aes.c new file mode 100644 index 0000000000000..5312e028573d6 --- /dev/null +++ b/drivers/crypto/crypto_esp32_aes.c @@ -0,0 +1,476 @@ +/* + * Copyright (c) 2025 Espressif Systems (Shanghai) Co., Ltd. + * + * SPDX-License-Identifier: Apache-2.0 + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "hal/aes_hal.h" +#include "hal/aes_ll.h" + +LOG_MODULE_REGISTER(esp32_aes, CONFIG_CRYPTO_LOG_LEVEL); + +#define DT_DRV_COMPAT espressif_esp32_aes + +#ifndef ESP_AES_ENCRYPT +#define ESP_AES_ENCRYPT 0 +#endif +#ifndef ESP_AES_DECRYPT +#define ESP_AES_DECRYPT 1 +#endif + +struct esp_aes_config { + const struct device *clock_dev; + const clock_control_subsys_t clock_subsys; +}; + +struct esp_aes_dev_data { + struct k_mutex aes_lock; +}; + +struct esp_aes_ctx { + bool in_use; + uint8_t key[32]; + size_t key_len; + int dir; + enum cipher_mode mode; +}; + +static K_MUTEX_DEFINE(aes_pool_lock); + +static struct esp_aes_ctx aes_pool[CONFIG_ESP32_CRYPTO_AES_SESSIONS_MAX]; + +static inline int aes_setkey_dir(const uint8_t *key, size_t keylen, int dir) +{ + uint8_t written = aes_hal_setkey(key, keylen, dir); + + if (written != keylen) { + LOG_ERR("HAL setkey failed: wrote %u/%zu bytes", written, keylen); + return -EIO; + } + + return 0; +} + +static inline void aes_ecb_block(const uint8_t in[16], uint8_t out[16]) +{ + aes_hal_transform_block(in, out); +} + +static int aes_query_hw_caps(const struct device *dev) +{ + ARG_UNUSED(dev); + + return (CAP_RAW_KEY | CAP_INPLACE_OPS | CAP_SEPARATE_IO_BUFS | CAP_SYNC_OPS | + CAP_NO_IV_PREFIX); +} + +static struct esp_aes_ctx *aes_pool_alloc(void) +{ + struct esp_aes_ctx *ret = NULL; + + k_mutex_lock(&aes_pool_lock, K_FOREVER); + + for (size_t i = 0; i < ARRAY_SIZE(aes_pool); i++) { + if (!aes_pool[i].in_use) { + memset(&aes_pool[i], 0, sizeof(aes_pool[i])); + aes_pool[i].in_use = true; + ret = &aes_pool[i]; + break; + } + } + + k_mutex_unlock(&aes_pool_lock); + + if (!ret) { + LOG_WRN("Session pool exhausted (max: %d)", CONFIG_ESP32_CRYPTO_AES_SESSIONS_MAX); + } + + return ret; +} + +static void aes_pool_free(struct esp_aes_ctx *s) +{ + if (!s) { + return; + } + + k_mutex_lock(&aes_pool_lock, K_FOREVER); + memset(s, 0, sizeof(*s)); + k_mutex_unlock(&aes_pool_lock); +} + +static int aes_begin_session(const struct device *dev, struct cipher_ctx *zctx, + enum cipher_algo algo, enum cipher_mode mode, enum cipher_op op_type) +{ + struct esp_aes_ctx *ctx; + int rc; + + ARG_UNUSED(dev); + + if (algo != CRYPTO_CIPHER_ALGO_AES) { + LOG_ERR("Unsupported algorithm: %d", algo); + return -ENOTSUP; + } + + if (!(mode == CRYPTO_CIPHER_MODE_ECB || mode == CRYPTO_CIPHER_MODE_CBC || + mode == CRYPTO_CIPHER_MODE_CTR)) { + LOG_ERR("Unsupported mode: %d", mode); + return -ENOTSUP; + } + + if (!(zctx->keylen == 16 || zctx->keylen == 24 || zctx->keylen == 32)) { + LOG_ERR("Invalid key length: %zu", zctx->keylen); + return -EINVAL; + } + + ctx = aes_pool_alloc(); + + if (!ctx) { + return -ENOMEM; + } + + ctx->mode = mode; + ctx->dir = (op_type == CRYPTO_CIPHER_OP_ENCRYPT) ? ESP_AES_ENCRYPT : ESP_AES_DECRYPT; + ctx->key_len = zctx->keylen; + memcpy(ctx->key, zctx->key.bit_stream, zctx->keylen); + + rc = aes_setkey_dir(ctx->key, ctx->key_len, ctx->dir); + + if (rc) { + aes_pool_free(ctx); + return rc; + } + + zctx->drv_sessn_state = ctx; + + LOG_DBG("Session started: mode=%d, dir=%d, keylen=%zu", mode, ctx->dir, ctx->key_len); + + return 0; +} + +static int aes_free_session(const struct device *dev, struct cipher_ctx *zctx) +{ + struct esp_aes_ctx *ctx; + + ARG_UNUSED(dev); + + if (!zctx || !zctx->drv_sessn_state) { + return 0; + } + + ctx = zctx->drv_sessn_state; + + aes_pool_free(ctx); + + zctx->drv_sessn_state = NULL; + + LOG_DBG("Session freed"); + + return 0; +} + +static int aes_ecb_op(struct cipher_ctx *zctx, struct cipher_pkt *pkt) +{ + struct esp_aes_ctx *ctx = zctx->drv_sessn_state; + struct esp_aes_dev_data *data = zctx->device->data; + const uint8_t *in; + uint8_t *out; + size_t blocks; + + if (!ctx || (pkt->in_len % 16U) != 0U) { + LOG_ERR("Invalid ECB op: ctx=%p, in_len=%zu", ctx, ctx ? pkt->in_len : 0); + return -EINVAL; + } + + k_mutex_lock(&data->aes_lock, K_FOREVER); + + in = pkt->in_buf; + out = pkt->out_buf; + blocks = pkt->in_len / 16U; + + for (size_t i = 0; i < blocks; i++) { + aes_ecb_block(in, out); + in += 16; + out += 16; + } + + k_mutex_unlock(&data->aes_lock); + + pkt->out_len = pkt->in_len; + + return 0; +} + +static void cbc_xor_block(const uint8_t *a, const uint8_t *b, uint8_t *out) +{ + for (int i = 0; i < 16; i++) { + out[i] = a[i] ^ b[i]; + } +} + +static void cbc_encrypt_blocks(const uint8_t *in, uint8_t *out, size_t blocks, uint8_t *chain) +{ + uint8_t x[16]; + + for (size_t i = 0; i < blocks; i++) { + cbc_xor_block(in, chain, x); + aes_ecb_block(x, out); + memcpy(chain, out, 16); + in += 16; + out += 16; + } +} + +static void cbc_decrypt_blocks(const uint8_t *in, uint8_t *out, size_t blocks, uint8_t *chain) +{ + uint8_t y[16]; + uint8_t next_chain[16]; + + for (size_t i = 0; i < blocks; i++) { + memcpy(next_chain, in, 16); + aes_ecb_block(in, y); + cbc_xor_block(y, chain, out); + memcpy(chain, next_chain, 16); + in += 16; + out += 16; + } +} + +static int aes_cbc_encrypt(struct cipher_ctx *zctx, struct cipher_pkt *pkt, uint8_t *iv, + uint8_t *chain) +{ + const uint8_t *in = pkt->in_buf; + uint8_t *out = pkt->out_buf; + size_t blocks = pkt->in_len / 16U; + bool prefix_iv = (zctx->flags & CAP_NO_IV_PREFIX) == 0U; + + memcpy(chain, iv, 16); + + if (prefix_iv) { + memcpy(out, iv, 16); + out += 16; + } + + cbc_encrypt_blocks(in, out, blocks, chain); + pkt->out_len = pkt->in_len + (prefix_iv ? 16U : 0U); + + return 0; +} + +static int aes_cbc_decrypt(struct cipher_ctx *zctx, struct cipher_pkt *pkt, uint8_t *iv, + uint8_t *chain) +{ + const uint8_t *in = pkt->in_buf; + uint8_t *out = pkt->out_buf; + size_t blocks; + bool prefix_iv = (zctx->flags & CAP_NO_IV_PREFIX) == 0U; + + if (prefix_iv) { + memcpy(chain, in, 16); + in += 16; + blocks = (pkt->in_len - 16U) / 16U; + pkt->out_len = pkt->in_len - 16U; + } else { + memcpy(chain, iv, 16); + blocks = pkt->in_len / 16U; + pkt->out_len = pkt->in_len; + } + + cbc_decrypt_blocks(in, out, blocks, chain); + + return 0; +} + +static int aes_cbc_op(struct cipher_ctx *zctx, struct cipher_pkt *pkt, uint8_t *iv) +{ + struct esp_aes_ctx *ctx = zctx->drv_sessn_state; + struct esp_aes_dev_data *data = zctx->device->data; + uint8_t chain[16]; + int ret; + + if (!ctx || (pkt->in_len % 16U) != 0U) { + LOG_ERR("Invalid CBC op: ctx=%p, in_len=%zu", ctx, ctx ? pkt->in_len : 0); + return -EINVAL; + } + + k_mutex_lock(&data->aes_lock, K_FOREVER); + + if (ctx->dir == ESP_AES_ENCRYPT) { + ret = aes_cbc_encrypt(zctx, pkt, iv, chain); + } else { + ret = aes_cbc_decrypt(zctx, pkt, iv, chain); + } + + k_mutex_unlock(&data->aes_lock); + + return ret; +} + +static int aes_ctr_op(struct cipher_ctx *zctx, struct cipher_pkt *pkt, uint8_t *iv) +{ + struct esp_aes_ctx *ctx = zctx->drv_sessn_state; + struct esp_aes_dev_data *data = zctx->device->data; + uint32_t ctr_len_bits; + size_t ctr_bytes; + size_t iv_bytes; + uint8_t counter_blk[16]; + int restore_dir; + const uint8_t *in; + uint8_t *out; + size_t len; + + if (!ctx) { + return -EINVAL; + } + + if ((pkt->in_len > 0 && pkt->in_buf == NULL) || pkt->out_buf == NULL) { + return -EINVAL; + } + + ctr_len_bits = zctx->mode_params.ctr_info.ctr_len; + + if (ctr_len_bits == 0 || (ctr_len_bits % 8) != 0 || ctr_len_bits > 128) { + LOG_ERR("Invalid CTR counter length: %u bits", ctr_len_bits); + return -EINVAL; + } + + ctr_bytes = ctr_len_bits / 8U; + iv_bytes = 16U - ctr_bytes; + + memset(counter_blk, 0, sizeof(counter_blk)); + memcpy(counter_blk, iv, iv_bytes); + + k_mutex_lock(&data->aes_lock, K_FOREVER); + + restore_dir = 0; + + if (ctx->dir != ESP_AES_ENCRYPT) { + aes_setkey_dir(ctx->key, ctx->key_len, ESP_AES_ENCRYPT); + restore_dir = 1; + } + + in = pkt->in_buf; + out = pkt->out_buf; + len = pkt->in_len; + + while (len > 0) { + uint8_t ks[16]; + size_t chunk = (len < 16U) ? len : 16U; + + aes_ecb_block(counter_blk, ks); + + for (size_t i = 0; i < chunk; i++) { + out[i] = in[i] ^ ks[i]; + } + + for (int i = 15; i >= (int)iv_bytes; i--) { + if (++counter_blk[i] != 0) { + break; + } + } + + in += chunk; + out += chunk; + len -= chunk; + } + + if (restore_dir) { + aes_setkey_dir(ctx->key, ctx->key_len, ctx->dir); + } + + k_mutex_unlock(&data->aes_lock); + + pkt->out_len = pkt->in_len; + + return 0; +} + +static int aes_cipher_begin_session(const struct device *dev, struct cipher_ctx *ctx, + enum cipher_algo algo, enum cipher_mode mode, + enum cipher_op optype) +{ + int rc = aes_begin_session(dev, ctx, algo, mode, optype); + + if (rc) { + return rc; + } + + switch (mode) { + case CRYPTO_CIPHER_MODE_ECB: + ctx->ops.block_crypt_hndlr = aes_ecb_op; + break; + case CRYPTO_CIPHER_MODE_CBC: + ctx->ops.cbc_crypt_hndlr = aes_cbc_op; + break; + case CRYPTO_CIPHER_MODE_CTR: + ctx->ops.ctr_crypt_hndlr = aes_ctr_op; + break; + default: + break; + } + + return 0; +} + +static int aes_cipher_free_session(const struct device *dev, struct cipher_ctx *ctx) +{ + return aes_free_session(dev, ctx); +} + +static int aes_cipher_async_cb_set(const struct device *dev, cipher_completion_cb cb) +{ + ARG_UNUSED(dev); + ARG_UNUSED(cb); + + return -ENOTSUP; +} + +static int aes_init(const struct device *dev) +{ + struct esp_aes_dev_data *data = dev->data; + const struct esp_aes_config *cfg = dev->config; + + if (!device_is_ready(cfg->clock_dev)) { + LOG_ERR("Clock device not ready"); + return -ENODEV; + } + + if (clock_control_on(cfg->clock_dev, cfg->clock_subsys) != 0) { + LOG_ERR("Failed to enable AES peripheral clock"); + return -EIO; + } + + k_mutex_init(&data->aes_lock); + + LOG_INF("ESP32 AES hardware accelerator initialized"); + + return 0; +} + +static const struct crypto_driver_api aes_crypto_api = { + .query_hw_caps = aes_query_hw_caps, + .cipher_begin_session = aes_cipher_begin_session, + .cipher_free_session = aes_cipher_free_session, + .cipher_async_callback_set = aes_cipher_async_cb_set, +}; + +#define ESP_AES_DEVICE_INIT(inst) \ + static struct esp_aes_dev_data aes_data_##inst; \ + static const struct esp_aes_config aes_cfg_##inst = { \ + .clock_dev = DEVICE_DT_GET(DT_INST_CLOCKS_CTLR(inst)), \ + .clock_subsys = (clock_control_subsys_t)DT_INST_CLOCKS_CELL(inst, offset)}; \ + DEVICE_DT_INST_DEFINE(inst, aes_init, NULL, &aes_data_##inst, &aes_cfg_##inst, \ + POST_KERNEL, CONFIG_CRYPTO_INIT_PRIORITY, &aes_crypto_api); + +DT_INST_FOREACH_STATUS_OKAY(ESP_AES_DEVICE_INIT) diff --git a/drivers/crypto/crypto_esp32_sha.c b/drivers/crypto/crypto_esp32_sha.c new file mode 100644 index 0000000000000..b6b8d2103891f --- /dev/null +++ b/drivers/crypto/crypto_esp32_sha.c @@ -0,0 +1,556 @@ +/* + * Copyright (c) 2025 Espressif Systems (Shanghai) Co., Ltd. + * + * SPDX-License-Identifier: Apache-2.0 + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "hal/sha_hal.h" +#include "hal/sha_ll.h" +#include "hal/sha_types.h" +#include "soc/soc_caps.h" + +#if !SOC_SHA_SUPPORT_RESUME +#include "soc/hwcrypto_reg.h" +#endif + +LOG_MODULE_REGISTER(esp32_sha, CONFIG_CRYPTO_LOG_LEVEL); + +#define DT_DRV_COMPAT espressif_esp32_sha + +/* SHA-224 uses SHA-256 algorithm with different initial values (IV). + * Hardware only supports SHA-256 mode, so we manually load the SHA-224 IV + * before processing. Output is then truncated to 28 bytes. + * These are the official SHA-224 initial hash values from FIPS 180-4. + */ +static const uint32_t sha224_init_state[8] = {0xd89e05c1U, 0x07d57c36U, 0x17dd7030U, 0x39590ef7U, + 0x310bc0ffU, 0x11155868U, 0xa78ff964U, 0xa44ffabeU}; + +struct sha_params { + esp_sha_type hal_mode; + uint16_t block_bytes; + uint16_t state_words; + uint16_t out_bytes; + uint16_t len_field_bytes; +}; + +struct esp_sha_config { + const struct device *clock_dev; + const clock_control_subsys_t clock_subsys; +}; + +struct esp_sha_dev_data { + struct k_mutex sha_lock; +}; + +struct esp_sha_ctx { + struct sha_params params; + enum hash_algo algo; + + bool in_use; + bool first_block; + + uint64_t total_len; + size_t buf_len; + + uint32_t buf_w[32]; /* Max block size is 128 bytes = 32 words */ + uint32_t H[16]; /* Max state size for SHA-512 */ +}; + +static K_MUTEX_DEFINE(sha_pool_lock); +static struct esp_sha_ctx sha_pool[CONFIG_CRYPTO_ESP32_SHA_SESSIONS_MAX]; + +static bool sha_algo_supported(enum hash_algo algo) +{ + switch (algo) { + case CRYPTO_HASH_ALGO_SHA224: +#if SOC_SHA_SUPPORT_RESUME + return true; +#else + /* SHA-224 requires resume support for custom IV loading */ + /* Original ESP32 cannot properly load SHA-224 IV */ + return false; +#endif + + case CRYPTO_HASH_ALGO_SHA256: + return true; + + case CRYPTO_HASH_ALGO_SHA384: +#if SOC_SHA_SUPPORT_SHA384 + return true; +#else + return false; +#endif + + case CRYPTO_HASH_ALGO_SHA512: +#if SOC_SHA_SUPPORT_SHA512 + return true; +#else + return false; +#endif + + default: + return false; + } +} + +static int sha_get_params(enum hash_algo algo, struct sha_params *params) +{ + if (!params) { + return -EINVAL; + } + + if (!sha_algo_supported(algo)) { + LOG_ERR("Algorithm %d not supported by hardware", algo); + return -ENOTSUP; + } + + switch (algo) { + case CRYPTO_HASH_ALGO_SHA224: + params->hal_mode = SHA2_256; + params->block_bytes = 64; + params->state_words = 8; + params->out_bytes = 28; + params->len_field_bytes = 8; + break; + + case CRYPTO_HASH_ALGO_SHA256: + params->hal_mode = SHA2_256; + params->block_bytes = 64; + params->state_words = 8; + params->out_bytes = 32; + params->len_field_bytes = 8; + break; + +#if SOC_SHA_SUPPORT_SHA384 + case CRYPTO_HASH_ALGO_SHA384: + params->hal_mode = SHA2_384; + params->block_bytes = 128; + params->state_words = 12; + params->out_bytes = 48; + params->len_field_bytes = 16; + break; +#endif + +#if SOC_SHA_SUPPORT_SHA512 + case CRYPTO_HASH_ALGO_SHA512: + params->hal_mode = SHA2_512; + params->block_bytes = 128; + params->state_words = 16; + params->out_bytes = 64; + params->len_field_bytes = 16; + break; +#endif + + default: + return -ENOTSUP; + } + + return 0; +} + +static void sha_ctx_init_params(struct esp_sha_ctx *s, enum hash_algo algo) +{ + bool was_in_use = s->in_use; + + memset(s, 0, sizeof(*s)); + s->in_use = was_in_use; + s->first_block = true; + s->algo = algo; + + if (sha_get_params(algo, &s->params) != 0) { + LOG_ERR("Failed to get parameters for algorithm %d", algo); + return; + } + + if (algo == CRYPTO_HASH_ALGO_SHA224) { + memcpy(s->H, sha224_init_state, sizeof(sha224_init_state)); + } +} + +static struct esp_sha_ctx *sha_pool_alloc(enum hash_algo algo) +{ + struct esp_sha_ctx *ret = NULL; + + k_mutex_lock(&sha_pool_lock, K_FOREVER); + + for (size_t i = 0; i < ARRAY_SIZE(sha_pool); i++) { + if (!sha_pool[i].in_use) { + sha_pool[i].in_use = true; + sha_ctx_init_params(&sha_pool[i], algo); + ret = &sha_pool[i]; + break; + } + } + + k_mutex_unlock(&sha_pool_lock); + + if (!ret) { + LOG_WRN("No available SHA context in pool"); + } + + return ret; +} + +static void sha_pool_free(struct esp_sha_ctx *s) +{ + if (!s) { + return; + } + + k_mutex_lock(&sha_pool_lock, K_FOREVER); + memset(s, 0, sizeof(*s)); + k_mutex_unlock(&sha_pool_lock); +} + +#if SOC_SHA_SUPPORT_RESUME +static inline void sha_hw_restore(struct esp_sha_ctx *s) +{ + if (s->first_block && s->algo != CRYPTO_HASH_ALGO_SHA224) { + return; + } + + sha_hal_write_digest(s->params.hal_mode, s->H); +} + +#else /* !SOC_SHA_SUPPORT_RESUME */ + +static inline void sha_ll_write_digest_esp32(esp_sha_type sha_type, void *digest_state, + size_t state_len) +{ + uint32_t *digest_state_words = (uint32_t *)digest_state; + uint32_t *reg_addr_buf = (uint32_t *)(SHA_TEXT_BASE); + + if (sha_type == SHA2_384 || sha_type == SHA2_512) { + for (size_t i = 0; i < state_len; i += 2) { + reg_addr_buf[i] = digest_state_words[i + 1]; + reg_addr_buf[i + 1] = digest_state_words[i]; + } + } else { + for (size_t i = 0; i < state_len; i++) { + reg_addr_buf[i] = digest_state_words[i]; + } + } + + sha_ll_load(sha_type); +} + +static inline void sha_hw_restore_esp32(struct esp_sha_ctx *s) +{ + if (s->first_block && s->algo != CRYPTO_HASH_ALGO_SHA224) { + return; + } + + sha_ll_write_digest_esp32(s->params.hal_mode, s->H, s->params.state_words); +} +#endif /* SOC_SHA_SUPPORT_RESUME */ + +static size_t sha_make_padding(const struct esp_sha_ctx *s, const uint8_t *tail, size_t tail_len, + uint8_t last[128], uint8_t last2[128]) +{ + const size_t B = s->params.block_bytes; + const size_t L = s->params.len_field_bytes; + const uint64_t bit_len = s->total_len * 8ULL; + + if (tail_len >= B) { + LOG_ERR("Invalid tail length: %zu", tail_len); + return 0; + } + + memset(last, 0, B); + if (tail_len > 0) { + memcpy(last, tail, tail_len); + } + last[tail_len] = 0x80; + + if (tail_len + 1 + L <= B) { + if (L == 16) { + memset(&last[B - 16], 0, 8); + } + + for (int i = 0; i < 8; i++) { + last[B - 8 + i] = (uint8_t)(bit_len >> (56 - 8 * i)); + } + return 1; + } + + memset(last2, 0, B); + if (L == 16) { + memset(&last2[B - 16], 0, 8); + } + for (int i = 0; i < 8; i++) { + last2[B - 8 + i] = (uint8_t)(bit_len >> (56 - 8 * i)); + } + + return 2; +} + +static inline void sha_compress_block(const struct esp_sha_ctx *s, const uint8_t *block, bool first) +{ + const int words = s->params.block_bytes / 4; + uint32_t w[32]; + + for (int i = 0; i < words; i++) { + w[i] = sys_get_le32(&block[i * 4]); + } + + bool first_param = (s->algo == CRYPTO_HASH_ALGO_SHA224) ? false : first; + + sha_hal_hash_block(s->params.hal_mode, w, words, first_param); + sha_hal_wait_idle(); +} + +static int sha_update_stream(struct esp_sha_ctx *s, const uint8_t *in, size_t len) +{ + if (len == 0) { + return 0; + } + + if (!in) { + return -EINVAL; + } + + s->total_len += len; + uint8_t *buf = (uint8_t *)s->buf_w; + + if (s->buf_len > 0) { + size_t take = MIN(len, s->params.block_bytes - s->buf_len); + + memcpy(&buf[s->buf_len], in, take); + s->buf_len += take; + in += take; + len -= take; + + if (s->buf_len == s->params.block_bytes) { + sha_compress_block(s, buf, s->first_block); + s->first_block = false; + s->buf_len = 0; + } + } + + while (len >= s->params.block_bytes) { + sha_compress_block(s, in, s->first_block); + s->first_block = false; + in += s->params.block_bytes; + len -= s->params.block_bytes; + } + + if (len > 0) { + memcpy(buf, in, len); + s->buf_len = len; + } + + return 0; +} + +static int sha_query_hw_caps(const struct device *dev) +{ + ARG_UNUSED(dev); + + return (CAP_SEPARATE_IO_BUFS | CAP_SYNC_OPS); +} + +static int sha_handler(struct hash_ctx *hctx, struct hash_pkt *pkt, bool fin) +{ + struct esp_sha_ctx *s = hctx->drv_sessn_state; + struct esp_sha_dev_data *data = hctx->device->data; + int ret = 0; + + if (!s) { + LOG_ERR("Invalid session state"); + return -EINVAL; + } + + if ((pkt->in_len > 0 && !pkt->in_buf) || (fin && !pkt->out_buf)) { + LOG_ERR("Invalid buffer pointers"); + return -EINVAL; + } + +#if !SOC_SHA_SUPPORT_RESUME + if (!s->first_block) { + LOG_ERR("Multi-part hash not supported on this chip (no resume support)"); + return -ENOTSUP; + } + + if (!fin) { + LOG_ERR("Non-final operations not supported on original ESP32"); + return -ENOTSUP; + } +#endif + + k_mutex_lock(&data->sha_lock, K_FOREVER); + + sha_hal_wait_idle(); + +#if SOC_SHA_SUPPORT_RESUME + sha_hw_restore(s); +#else + sha_hw_restore_esp32(s); +#endif + + if (pkt->in_len > 0) { + ret = sha_update_stream(s, pkt->in_buf, pkt->in_len); + if (ret != 0) { + LOG_ERR("Failed to update stream: %d", ret); + goto unlock; + } + } + + if (!fin) { +#if SOC_SHA_SUPPORT_RESUME + sha_hal_wait_idle(); + sha_hal_read_digest(s->params.hal_mode, s->H); +#endif + goto unlock; + } + + uint8_t last[128], last2[128]; + uint8_t *tail = (uint8_t *)s->buf_w; + size_t nfinal = sha_make_padding(s, tail, s->buf_len, last, last2); + + if (nfinal == 0) { + LOG_ERR("Failed to create padding"); + ret = -EINVAL; + goto unlock; + } + + sha_compress_block(s, last, s->first_block); + if (nfinal == 2) { + sha_compress_block(s, last2, false); + } + + sha_hal_wait_idle(); + sha_hal_read_digest(s->params.hal_mode, s->H); + + int words = s->params.out_bytes / 4; + +#if SOC_SHA_SUPPORT_RESUME + /* ESP32-S3 and newer: Use little-endian output, no word swapping */ + for (int j = 0; j < words; j++) { + sys_put_le32(s->H[j], &pkt->out_buf[j * 4]); + } +#else + /* ESP32: Use big-endian output with word swapping for SHA-384/512 */ + if (s->algo == CRYPTO_HASH_ALGO_SHA384 || s->algo == CRYPTO_HASH_ALGO_SHA512) { + for (int j = 0; j < words; j += 2) { + sys_put_be32(s->H[j + 1], &pkt->out_buf[j * 4]); + sys_put_be32(s->H[j], &pkt->out_buf[(j + 1) * 4]); + } + } else { + for (int j = 0; j < words; j++) { + sys_put_be32(s->H[j], &pkt->out_buf[j * 4]); + } + } +#endif + + ret = 0; + + sha_ctx_init_params(s, s->algo); + +unlock: + k_mutex_unlock(&data->sha_lock); + + return ret; +} + +static int sha_begin_session(const struct device *dev, struct hash_ctx *hctx, enum hash_algo algo) +{ + if (!dev || !hctx) { + return -EINVAL; + } + + if (!sha_algo_supported(algo)) { + return -ENOTSUP; + } + + struct esp_sha_ctx *s = sha_pool_alloc(algo); + + if (!s) { + LOG_ERR("No available SHA sessions"); + return -ENOMEM; + } + + hctx->device = dev; + hctx->drv_sessn_state = s; + hctx->hash_hndlr = sha_handler; + hctx->started = false; + + return 0; +} + +static int sha_free_session(const struct device *dev, struct hash_ctx *hctx) +{ + ARG_UNUSED(dev); + + if (!hctx) { + return -EINVAL; + } + + if (hctx->drv_sessn_state) { + struct esp_sha_ctx *s = hctx->drv_sessn_state; + + sha_pool_free(s); + hctx->drv_sessn_state = NULL; + } + + return 0; +} + +static int sha_hash_async_cb_set(const struct device *dev, hash_completion_cb cb) +{ + ARG_UNUSED(dev); + ARG_UNUSED(cb); + return -ENOTSUP; +} + +static int sha_init(const struct device *dev) +{ + struct esp_sha_dev_data *data = dev->data; + const struct esp_sha_config *cfg = dev->config; + + if (!cfg->clock_dev) { + LOG_ERR("Clock device is NULL"); + return -EINVAL; + } + + if (!device_is_ready(cfg->clock_dev)) { + LOG_ERR("Clock device not ready"); + return -ENODEV; + } + + if (clock_control_on(cfg->clock_dev, cfg->clock_subsys) != 0) { + LOG_ERR("Failed to enable clock"); + return -EIO; + } + + k_mutex_init(&data->sha_lock); + + return 0; +} + +static const struct crypto_driver_api sha_crypto_api = { + .query_hw_caps = sha_query_hw_caps, + .hash_begin_session = sha_begin_session, + .hash_free_session = sha_free_session, + .hash_async_callback_set = sha_hash_async_cb_set, +}; + +#define ESP_SHA_DEVICE_INIT(inst) \ + static struct esp_sha_dev_data sha_data_##inst; \ + static const struct esp_sha_config sha_cfg_##inst = { \ + .clock_dev = DEVICE_DT_GET(DT_INST_CLOCKS_CTLR(inst)), \ + .clock_subsys = (clock_control_subsys_t)DT_INST_CLOCKS_CELL(inst, offset)}; \ + DEVICE_DT_INST_DEFINE(inst, sha_init, NULL, &sha_data_##inst, &sha_cfg_##inst, \ + POST_KERNEL, CONFIG_CRYPTO_INIT_PRIORITY, &sha_crypto_api); + +DT_INST_FOREACH_STATUS_OKAY(ESP_SHA_DEVICE_INIT) diff --git a/dts/bindings/crypto/espressif,esp32-aes.yaml b/dts/bindings/crypto/espressif,esp32-aes.yaml new file mode 100644 index 0000000000000..cc959cdaf31e4 --- /dev/null +++ b/dts/bindings/crypto/espressif,esp32-aes.yaml @@ -0,0 +1,15 @@ +# Copyright (c) 2025 Espressif Systems (Shanghai) Co., Ltd. +# SPDX-License-Identifier: Apache-2.0 + +description: | + Espressif ESP32 family AES Hardware Accelerator + + The AES peripheral provides hardware acceleration for AES encryption + and decryption operations. It supports: + - ECB, CBC, CTR modes (SoC dependent) + - 128, 192, 256-bit key lengths + - XTS mode on selected SoCs (S2, S3, C3, C6, H2) + +compatible: "espressif,esp32-aes" + +include: base.yaml diff --git a/dts/bindings/crypto/espressif,esp32-sha.yaml b/dts/bindings/crypto/espressif,esp32-sha.yaml new file mode 100644 index 0000000000000..dea2128725eca --- /dev/null +++ b/dts/bindings/crypto/espressif,esp32-sha.yaml @@ -0,0 +1,8 @@ +# Copyright (c) 2025 Espressif Systems (Shanghai) Co., Ltd. +# SPDX-License-Identifier: Apache-2.0 + +description: Espressif ESP32 SHA Hardware Accelerator + +compatible: "espressif,esp32-sha" + +include: base.yaml diff --git a/dts/riscv/espressif/esp32c3/esp32c3_common.dtsi b/dts/riscv/espressif/esp32c3/esp32c3_common.dtsi index ecd8b807a2d00..d2d1f4a27f56a 100644 --- a/dts/riscv/espressif/esp32c3/esp32c3_common.dtsi +++ b/dts/riscv/espressif/esp32c3/esp32c3_common.dtsi @@ -333,5 +333,19 @@ dma-buf-addr-alignment = <4>; status = "disabled"; }; + + sha: sha@6003b000 { + compatible = "espressif,esp32-sha"; + reg = <0x6003b000 0x100>; + clocks = <&clock ESP32_SHA_MODULE>; + status = "okay"; + }; + + aes: aes@6003a000 { + compatible = "espressif,esp32-aes"; + reg = <0x6003a000 0x1000>; + clocks = <&clock ESP32_AES_MODULE>; + status = "okay"; + }; }; }; diff --git a/dts/riscv/espressif/esp32c6/esp32c6_common.dtsi b/dts/riscv/espressif/esp32c6/esp32c6_common.dtsi index 482a81aca9a9f..773c82f8cf27c 100644 --- a/dts/riscv/espressif/esp32c6/esp32c6_common.dtsi +++ b/dts/riscv/espressif/esp32c6/esp32c6_common.dtsi @@ -380,5 +380,19 @@ clocks = <&clock ESP32_PCNT_MODULE>; status = "disabled"; }; + + sha: sha@60089000 { + compatible = "espressif,esp32-sha"; + reg = <0x60089000 0x100>; + clocks = <&clock ESP32_SHA_MODULE>; + status = "okay"; + }; + + aes: aes@60088000 { + compatible = "espressif,esp32-aes"; + reg = <0x60088000 0x1000>; + clocks = <&clock ESP32_AES_MODULE>; + status = "okay"; + }; }; }; diff --git a/dts/riscv/espressif/esp32h2/esp32h2_common.dtsi b/dts/riscv/espressif/esp32h2/esp32h2_common.dtsi index bef5cc99177a4..21c72237fa99f 100644 --- a/dts/riscv/espressif/esp32h2/esp32h2_common.dtsi +++ b/dts/riscv/espressif/esp32h2/esp32h2_common.dtsi @@ -356,5 +356,19 @@ clocks = <&clock ESP32_PCNT_MODULE>; status = "disabled"; }; + + sha: sha@6003b000 { + compatible = "espressif,esp32-sha"; + reg = <0x6003b000 0x100>; + clocks = <&clock ESP32_SHA_MODULE>; + status = "okay"; + }; + + aes: aes@6003a000 { + compatible = "espressif,esp32-aes"; + reg = <0x6003a000 0x1000>; + clocks = <&clock ESP32_AES_MODULE>; + status = "okay"; + }; }; }; diff --git a/dts/xtensa/espressif/esp32/esp32_common.dtsi b/dts/xtensa/espressif/esp32/esp32_common.dtsi index 0b035bcdcdd49..5f428252e9909 100644 --- a/dts/xtensa/espressif/esp32/esp32_common.dtsi +++ b/dts/xtensa/espressif/esp32/esp32_common.dtsi @@ -554,5 +554,19 @@ status = "disabled"; }; }; + + sha: sha@3ff03000 { + compatible = "espressif,esp32-sha"; + reg = <0x3ff03000 0x100>; + clocks = <&clock ESP32_SHA_MODULE>; + status = "okay"; + }; + + aes: aes@3ff01000 { + compatible = "espressif,esp32-aes"; + reg = <0x3ff01000 0x1000>; + clocks = <&clock ESP32_AES_MODULE>; + status = "okay"; + }; }; }; diff --git a/dts/xtensa/espressif/esp32s2/esp32s2_common.dtsi b/dts/xtensa/espressif/esp32s2/esp32s2_common.dtsi index 416acd5ce4a98..36f064e5afdef 100644 --- a/dts/xtensa/espressif/esp32s2/esp32s2_common.dtsi +++ b/dts/xtensa/espressif/esp32s2/esp32s2_common.dtsi @@ -425,5 +425,19 @@ clocks = <&clock ESP32_TWAI_MODULE>; status = "disabled"; }; + + sha: sha@6003b000 { + compatible = "espressif,esp32-sha"; + reg = <0x6003b000 0x100>; + clocks = <&clock ESP32_SHA_MODULE>; + status = "okay"; + }; + + aes: aes@6003a000 { + compatible = "espressif,esp32-aes"; + reg = <0x6003a000 0x1000>; + clocks = <&clock ESP32_AES_MODULE>; + status = "okay"; + }; }; }; diff --git a/dts/xtensa/espressif/esp32s3/esp32s3_common.dtsi b/dts/xtensa/espressif/esp32s3/esp32s3_common.dtsi index bd70801e63b0a..4a38170ac4a87 100644 --- a/dts/xtensa/espressif/esp32s3/esp32s3_common.dtsi +++ b/dts/xtensa/espressif/esp32s3/esp32s3_common.dtsi @@ -589,5 +589,19 @@ status = "disabled"; }; }; + + sha: sha@6003b000 { + compatible = "espressif,esp32-sha"; + reg = <0x6003b000 0x100>; + clocks = <&clock ESP32_SHA_MODULE>; + status = "okay"; + }; + + aes: aes@6003a000 { + compatible = "espressif,esp32-aes"; + reg = <0x6003a000 0x1000>; + clocks = <&clock ESP32_AES_MODULE>; + status = "okay"; + }; }; }; diff --git a/samples/drivers/crypto/sample.yaml b/samples/drivers/crypto/sample.yaml index 31e63e321b159..54fadd37651e5 100644 --- a/samples/drivers/crypto/sample.yaml +++ b/samples/drivers/crypto/sample.yaml @@ -5,7 +5,6 @@ sample: common: tags: crypto min_ram: 20 - arch_exclude: xtensa tests: sample.drivers.crypto.mbedtls: min_flash: 34 @@ -82,3 +81,24 @@ tests: - ".*: CTR mode DECRYPT - Match" extra_configs: - CONFIG_CRYPTO_CC23X0_DMA=y + sample.drivers.crypto.esp32: + tags: crypto + filter: dt_compat_enabled("espressif,esp32-aes") + integration_platforms: + - esp32_devkitc/esp32/procpu + - esp32s2_devkitc + - esp32s3_devkitc/esp32s3/procpu + - esp32c3_devkitc + - esp32c6_devkitc/esp32c6/hpcore + - esp32h2_devkitm + harness: console + harness_config: + type: multi_line + regex: + - ".*: Cipher Sample" + - ".*: ECB mode ENCRYPT - Match" + - ".*: ECB mode DECRYPT - Match" + - ".*: CBC mode ENCRYPT - Match" + - ".*: CBC mode DECRYPT - Match" + - ".*: CTR mode ENCRYPT - Match" + - ".*: CTR mode DECRYPT - Match" diff --git a/samples/drivers/crypto/src/main.c b/samples/drivers/crypto/src/main.c index dbc280b4654fd..9cda5b1a58a3a 100644 --- a/samples/drivers/crypto/src/main.c +++ b/samples/drivers/crypto/src/main.c @@ -32,6 +32,8 @@ LOG_MODULE_REGISTER(main); #define CRYPTO_DEV_COMPAT ti_cc23x0_aes #elif CONFIG_CRYPTO_SI32 #define CRYPTO_DEV_COMPAT silabs_si32_aes +#elif CONFIG_CRYPTO_ESP32_AES +#define CRYPTO_DEV_COMPAT espressif_esp32_aes #else #error "You need to enable one crypto device" #endif diff --git a/tests/crypto/crypto_hash/src/main.c b/tests/crypto/crypto_hash/src/main.c index 3df053996fd75..a5863716654e5 100644 --- a/tests/crypto/crypto_hash/src/main.c +++ b/tests/crypto/crypto_hash/src/main.c @@ -15,6 +15,8 @@ #define CRYPTO_DEV_COMPAT renesas_smartbond_crypto #elif DT_HAS_COMPAT_STATUS_OKAY(st_stm32_hash) #define CRYPTO_DEV_COMPAT st_stm32_hash +#elif DT_HAS_COMPAT_STATUS_OKAY(espressif_esp32_sha) +#define CRYPTO_DEV_COMPAT espressif_esp32_sha #else #error "You need to enable one crypto device" #endif diff --git a/tests/crypto/crypto_hash/testcase.yaml b/tests/crypto/crypto_hash/testcase.yaml index 52989e174e670..99e56acfe250a 100644 --- a/tests/crypto/crypto_hash/testcase.yaml +++ b/tests/crypto/crypto_hash/testcase.yaml @@ -1,5 +1,5 @@ tests: - crypto.hash: + crypto.hash.mbedtls_shim: platform_allow: - native_sim - nucleo_u575zi_q @@ -8,3 +8,12 @@ tests: - nucleo_u575zi_q extra_args: EXTRA_CONF_FILE=prj_mtls_shim.conf tags: crypto + crypto.hash: + platform_allow: + - esp32_devkitc/esp32/procpu + - esp32s2_devkitc + - esp32s3_devkitc/esp32s3/procpu + - esp32c3_devkitc + - esp32c6_devkitc/esp32c6/hpcore + - esp32h2_devkitm + tags: crypto