driver: crypto: add Espressif HW AES and SHA #97991
Open
+1,428
−74
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sylvioalves
force-pushed
the
feature/espressif-crypto-driver
branch
from
7abb36a to
fa84648
Compare
|
The following west manifest projects have changed revision in this Pull Request:
Additional metadata changed:
⛔ DNM label due to: 1 project with metadata changes and 1 blob change Note: This message is automatically posted and updated by the Manifest GitHub Action. |
github-actions
bot
added
manifest
manifest-hal_espressif
DNM (manifest)
zephyrbot
added
area: Tests
zephyrbot
requested review from
LucasTambor,
ceolin,
edersondisouza,
fkokosinski,
katsuster,
kgugala,
marekmatej,
mgielda,
npitre,
raffarost,
tgorochowik,
uLipe,
valeriosetti,
wmrsouza and
ycsin
sylvioalves
force-pushed
the
feature/espressif-crypto-driver
branch
from
fa84648 to
9581d40
Compare
sylvioalves
force-pushed
the
feature/espressif-crypto-driver
branch
4 times, most recently
from
a38175e to
f6a1fc9
Compare
Add into device tree SHA and AES peripherals. Signed-off-by: Sylvio Alves <[email protected]>
Add hardware-accelerated SHA driver for Espressif SoCs supporting SHA-224, SHA-256, SHA-384, and SHA-512 algorithms. Supported SoCs: - ESP32: SHA-224/256/384/512 (single-shot operations) - ESP32-S2/S3: SHA-224/256/384/512 (with multi-part support) - ESP32-C2/C3/C6/H2: SHA-224/256 (with multi-part support) Tested with Zephyr crypto subsystem hash_compute() API. Signed-off-by: Sylvio Alves <[email protected]>
Add hardware-accelerated AES driver for Espressif SoCs supporting ECB, CBC, and CTR cipher modes with AES-128, AES-192, and AES-256 key lengths. Supported modes: - ECB (Electronic Codebook) - CBC (Cipher Block Chaining) - CTR (Counter) Supported SoCs: - ESP32: All modes, all key sizes - ESP32-S2/S3: All modes, AES-128/256 only - ESP32-C2/C3/C6/H2: All modes, all key sizes Signed-off-by: Sylvio Alves <[email protected]>
Allow ESP32 SoCs to run AES sample. Signed-off-by: Sylvio Alves <[email protected]>
Make sure all crypto driver returns proper error when feature is not supported. Signed-off-by: Sylvio Alves <[email protected]>
Select SHA24, SHA256 and SHA384 as part of the shim driver. Signed-off-by: Sylvio Alves <[email protected]>
Refactor hash tests to support SHA-224, SHA-256, SHA-384, and SHA-512 algorithms with a unified test vector framework. This improves test coverage and makes it easier to verify hardware crypto drivers that support multiple SHA variants. Signed-off-by: Sylvio Alves <[email protected]>
sylvioalves
force-pushed
the
feature/espressif-crypto-driver
branch
from
f6a1fc9 to
1a95dcc
Compare
|
sylvioalves
removed
the
DNM (manifest)
|
Binary blobs are due to #97804, which updated hal before this. |
LucasTambor
requested changes
Oct 22, 2025
| .cipher_async_callback_set = aes_cipher_async_cb_set, | ||
| }; | ||
|
|
||
| #define ESP_AES_DEVICE_INIT(inst) \ |
| .hash_async_callback_set = sha_hash_async_cb_set, | ||
| }; | ||
|
|
||
| #define ESP_SHA_DEVICE_INIT(inst) \ |
marekmatej
reviewed
Oct 22, 2025
| status = "disabled"; | ||
| }; | ||
|
|
||
| sha: sha@6003b000 { |
There was a problem hiding this comment.
set SHA address to 0x60089000 and AES to 0x60088000
|
|
||
| config CRYPTO_ESP32_SHA_SESSIONS_MAX | ||
| int "Max ESP32 SHA sessions" | ||
| default 2 |
There was a problem hiding this comment.
Can we make a valid range and default to 1 in order not to waste memory?
|
|
||
| #define DT_DRV_COMPAT espressif_esp32_sha | ||
|
|
||
| static const uint32_t sha224_init_state[8] = {0xd89e05c1U, 0x07d57c36U, 0x17dd7030U, 0x39590ef7U, |
There was a problem hiding this comment.
where are those magic numbers origin? Can you make them macros with basic explanation?
| case CRYPTO_HASH_ALGO_SHA256: | ||
| return true; | ||
|
|
||
| #if SOC_SHA_SUPPORT_SHA384 || SOC_SHA_SUPPORT_SHA512 |
There was a problem hiding this comment.
IMO this SHA384 || SHA512 condition is redundant and worsens the readability
| last2[B - 8 + i] = (uint8_t)(bit_len >> (56 - 8 * i)); | ||
| } | ||
|
|
||
| return 2; |
There was a problem hiding this comment.
single comment about default return value 2 would help here
| { | ||
| ARG_UNUSED(dev); | ||
|
|
||
| #if SOC_SHA_SUPPORT_RESUME |
There was a problem hiding this comment.
Isn't the ESP32 the only chip that lacks the multi-part support?
|
|
||
| config ESP32_CRYPTO_AES_SESSIONS_MAX | ||
| int "Max ESP32 AES sessions" | ||
| default 4 |
There was a problem hiding this comment.
again, I'd limit the default number of allowed session and maybe provide the range of maximum sessions
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add hardware-accelerated crypto drivers for Espressif SoCs, enabling
SHA hashing and AES encryption/decryption operations.
SHA Driver Support:
AES Driver Support:
Also expands crypto test suite to validate SHA-224/256/384/512
algorithms with unified test vector framework.