Skip to content

arch/risc-v/espressif: Add AES accelerator support#18544

Merged
acassis merged 6 commits intoapache:masterfrom
eren-terzioglu:feature/add_aes_support
Mar 17, 2026
Merged

arch/risc-v/espressif: Add AES accelerator support#18544
acassis merged 6 commits intoapache:masterfrom
eren-terzioglu:feature/add_aes_support

Conversation

@eren-terzioglu
Copy link
Contributor

@eren-terzioglu eren-terzioglu commented Mar 16, 2026
edited
Loading

Summary

  • Docs/platforms/espressif: Add AES support docs

Add AES support docs for esp32s2

  • boards/xtensa/espressif: Add AES accelerator board support

Add AES accelerator board support for esp32[-s2|-s3]

  • arch/xtensa/espressif: Add AES accelerator support

Add AES accelerator support for esp32[-s2|-s3]

  • Docs/platforms/espressif: Add AES support docs

Add AES support docs for esp32[-c3|-c6|-h2|-p4]

  • boards/risc-v/espressif: Add AES accelerator board support

Add AES accelerator board support for esp32[-c3|-c6|-h2|-p4]

  • arch/risc-v/espressif: Add AES accelerator support

Add AES accelerator support for esp32[-c3|-c6|-h2|-p4]

Impact

Impact on user: No

Impact on build: No

Impact on hardware: Yes, AES accelerator support added

Impact on documentation: Yes, related docs added

Impact on security: No

Impact on compatibility: No

Testing

crypto defconfig used with following options

CONFIG_ESPRESSIF_AES_ACCELERATOR=y
CONFIG_CRYPTO_AES=y
CONFIG_CRYPTO_AES192_DISABLE=y
CONFIG_CRYPTO_ALGTEST=y
CONFIG_DEBUG_CRYPTO=y
CONFIG_DEBUG_CRYPTO_ERROR=y
CONFIG_DEBUG_CRYPTO_INFO=y
CONFIG_DEBUG_CRYPTO_WARN=y
CONFIG_TESTING_CRYPTO_AES_CBC=y
CONFIG_TESTING_CRYPTO_AES_CTR=y
CONFIG_DEBUG_FEATURES=y

Building

Here is command for build

make -j distclean && ./tools/configure.sh esp32c6-devkitc:crypto && kconfig-tweak -e ESPRESSIF_AES_ACCELERATOR && kconfig-tweak -e DEBUG_FEATURES && kconfig-tweak -e CRYPTO_AES && kconfig-tweak -e CRYPTO_AES192_DISABLE && kconfig-tweak -e TESTING_CRYPTO_AES_CBC && kconfig-tweak -e TESTING_CRYPTO_AES_CTR && kconfig-tweak -e CRYPTO_ALGTEST && kconfig-tweak -e DEBUG_CRYPTO && kconfig-tweak -e DEBUG_CRYPTO_ERROR && kconfig-tweak -e DEBUG_CRYPTO_INFO && kconfig-tweak -e DEBUG_CRYPTO_WARN && make olddefconfig && make -j

Running

A few methods used to test:

  • Test during system init (which enabled with CONFIG_CRYPTO_ALGTEST)
  • aescbc and aesctr commands
  • Custom app

Here is the code of custom app (same code can be found on esp32s3_aes.c file):

static void esp_aes_ecb_test(void)
{
  int ret;
  int i;
  int keybits;
  uint8_t encrypt_buf[16];
  uint8_t decrypt_buf[16];
  struct esp_aes_s aes;
  const int size = 16;

  const uint32_t input[8] =
    {
      0x740fdb34, 0x002defca, 0xb042437b, 0xc2f42cf9,
      0xc64444be, 0x32365bc1, 0xb613cfa2, 0x15ce0d23
    };

  const uint32_t key[16] =
    {
      0x8ffdc2c5, 0x14d6c69d, 0x9cb7608f, 0x899b2472,
      0xbf9e4372, 0x855290d0, 0xc62753da, 0xdeedeab7
    };

  const uint32_t result[2][4] =
    {
      /* keybits = 128 */

      {
        0xc810df2a, 0x8ae67e6e, 0x50c5e32c, 0xd535f3e4
      },

      /* keybits = 256 */

      {
        0xa0714c2b, 0x356adb1f, 0xe905c243, 0x35195a7c
      }
    };

  for (i = 0; i < 2; i++)
    {
      keybits = i * 128 + 128;

      ret = esp_aes_setkey(&aes, key, keybits);
      DEBUGASSERT(ret == 0);

      ret = esp_aes_ecb_cypher(&aes, 1, input, encrypt_buf, size);
      DEBUGASSERT(ret == 0);

      if (memcmp(encrypt_buf, result[i], size))
        {
          DEBUGASSERT(0);
        }

      ret = esp_aes_ecb_cypher(&aes, 0, encrypt_buf, decrypt_buf, size);
      DEBUGASSERT(ret == 0);

      if (memcmp(decrypt_buf, input, size))
        {
          DEBUGASSERT(0);
        }

      syslog(LOG_INFO, "AES ECB key=%d bits test: PASS\n", keybits);
    }
}


static void esp_aes_cbc_test(void)
{
  int ret;
  int i;
  int keybits;
  uint8_t encrypt_buf[32];
  uint8_t decrypt_buf[32];
  uint8_t iv_buf[16];
  struct esp_aes_s aes;
  const int size = 32;

  const uint32_t input[8] =
    {
      0x740fdb34, 0x002defca, 0xb042437b, 0xc2f42cf9,
      0xc64444be, 0x32365bc1, 0xb613cfa2, 0x15ce0d23
    };

  const uint32_t key[16] =
    {
      0x8ffdc2c5, 0x14d6c69d, 0x9cb7608f, 0x899b2472,
      0xbf9e4372, 0x855290d0, 0xc62753da, 0xdeedeab7
    };

  const uint32_t iv[4] =
    {
      0xf53a50f2, 0x8aaf711d, 0x953bbbfa, 0x228d53cb
    };

  const uint32_t result[2][8] =
    {
      /* keybits = 128 */

      {
        0x04e27d12, 0x1a91e508, 0x01092431, 0x9d572184,
        0xa39979e1, 0x5543e1bc, 0x7173b71d, 0x4e3be064
      },

      /* keybits = 256 */

      {
        0x6f36b8fe, 0x33bc1f37, 0x24fe659c, 0x0370def0,
        0xb9a852f8, 0x64a79ae2, 0xd59f5045, 0x648a0f44
      }
    };

  for (i = 0; i < 2; i++)
    {
      keybits = i * 128 + 128;

      ret = esp_aes_setkey(&aes, key, keybits);
      DEBUGASSERT(ret == 0);

      memcpy(iv_buf, iv, 16);
      ret = esp_aes_cbc_cypher(&aes, 1, iv_buf, input,
                                   encrypt_buf, size);
      DEBUGASSERT(ret == 0);

      if (memcmp(encrypt_buf, result[i], size))
        {
          DEBUGASSERT(0);
        }

      memcpy(iv_buf, iv, 16);
      ret = esp_aes_cbc_cypher(&aes, 0, iv_buf, encrypt_buf,
                                   decrypt_buf, size);
      DEBUGASSERT(ret == 0);

      if (memcmp(decrypt_buf, input, size))
        {
          DEBUGASSERT(0);
        }

      syslog(LOG_INFO, "AES CBC key=%d bits test: PASS\n", keybits);
    }
}

static void esp_aes_ctr_test(void)
{
  int ret;
  int i;
  int keybits;
  uint8_t encrypt_buf[32];
  uint8_t decrypt_buf[32];
  uint8_t cnt_buf[16];
  uint8_t cache_buf[16];
  uint32_t nc_off;
  struct esp_aes_s aes;
  const int size = 32;

  const uint32_t input[8] =
    {
      0x740fdb34, 0x002defca, 0xb042437b, 0xc2f42cf9,
      0xc64444be, 0x32365bc1, 0xb613cfa2, 0x15ce0d23
    };

  const uint32_t key[16] =
    {
      0x8ffdc2c5, 0x14d6c69d, 0x9cb7608f, 0x899b2472,
      0xbf9e4372, 0x855290d0, 0xc62753da, 0xdeedeab7
    };

  const uint32_t cnt[4] =
    {
      0xf53a50f2, 0x8aaf711d, 0x953bbbfa, 0x228d53cb
    };

  const uint32_t result[2][8] =
    {
      /* keybits = 128 */

      {
        0x5f922338, 0x5aff403d, 0x45fede3f, 0x616568c6,
        0x3cd0ffc7, 0xa26cb704, 0x0aaa8b6a, 0x1d0b5e1c
      },

      /* keybits = 256 */

      {
        0x70af4473, 0x597d2126, 0xd598ed09, 0x3fea540c,
        0xfb5c743c, 0x0c1a39ca, 0xcbcf2d17, 0x341a7a0c
      }
    };

  for (i = 0; i < 2; i++)
    {
      keybits = i * 128 + 128;

      ret = esp_aes_setkey(&aes, key, keybits);
      DEBUGASSERT(ret == 0);

      nc_off = 0;
      memcpy(cnt_buf, cnt, 16);
      ret = esp_aes_ctr_cypher(&aes, &nc_off, cnt_buf, cache_buf,
                                   input, encrypt_buf, size);
      DEBUGASSERT(ret == 0);

      if (memcmp(encrypt_buf, result[i], size))
        {
          DEBUGASSERT(0);
        }

      nc_off = 0;
      memcpy(cnt_buf, cnt, 16);
      ret = esp_aes_ctr_cypher(&aes, &nc_off, cnt_buf, cache_buf,
                                   encrypt_buf, decrypt_buf, size);
      DEBUGASSERT(ret == 0);

      if (memcmp(decrypt_buf, input, size))
        {
          DEBUGASSERT(0);
        }

      syslog(LOG_INFO, "AES CTR key=%d bits test: PASS\n", keybits);
    }
}


void esp_aes_test(void)
{
  syslog(LOG_INFO, "\nAES hardware accelerate test.\n");

  esp_aes_ecb_test();
  esp_aes_cbc_test();
  esp_aes_ctr_test();
  syslog(LOG_INFO, "\nAES hardware accelerate test done.\n");
}

Results

Output looked like this:

...
up_cryptoinitialize: crypto test OK

NuttShell (NSH) NuttX-10.4.0
nsh> aescbc
aescbc test ok
nsh> aesctr
OK test vector 0
OK test vector 1
OK test vector 2
...
OK test vector 6
OK test vector 7
OK test vector 8

# Custom app report
AES hardware accelerate test.
AES ECB key=128 bits test: PASS
AES ECB key=256 bits test: PASS
AES CBC key=128 bits test: PASS
AES CBC key=256 bits test: PASS
AES CTR key=128 bits test: PASS
AES CTR key=256 bits test: PASS

AES hardware accelerate test done.

@eren-terzioglu eren-terzioglu changed the title Feature/add aes support arch/risc-v/espressif: Add AES accelerator support Mar 16, 2026
@github-actions github-actions bot added Area: Documentation Improvements or additions to documentation Arch: risc-v Issues related to the RISC-V (32-bit or 64-bit) architecture Arch: xtensa Issues related to the Xtensa architecture Size: XL The size of the change in this PR is very large. Consider breaking down the PR into smaller pieces. Board: risc-v Board: xtensa labels Mar 16, 2026
@simbit18
Copy link
Contributor

simbit18 commented Mar 16, 2026

Hi @eren-terzioglu, please fix

====================================================================================
Configuration/Tool: esp32p4-function-ev-board/crypto
2026-03-16 11:15:10
------------------------------------------------------------------------------------
  Cleaning...
  Configuring...
  Building NuttX...
common/espressif/esp_crypto.c: In function 'esp_process':
Error: common/espressif/esp_crypto.c:666:19: error: implicit declaration of function 'aes_cypher' [-Wimplicit-function-declaration]
  666 |             err = aes_cypher(crp->crp_dst, crp->crp_buf, crd->crd_len,
      |                   ^~~~~~~~~~
Error: common/espressif/esp_crypto.c:668:30: error: 'AES_MODE_CBC' undeclared (first use in this function)
  668 |                              AES_MODE_CBC, crd->crd_flags & CRD_F_ENCRYPT);
      |                              ^~~~~~~~~~~~
common/espressif/esp_crypto.c:668:30: note: each undeclared identifier is reported only once for each function it appears in
Error: common/espressif/esp_crypto.c:684:30: error: 'AES_MODE_CTR' undeclared (first use in this function)
  684 |                              AES_MODE_CTR, crd->crd_flags & CRD_F_ENCRYPT);
      |                              ^~~~~~~~~~~~
make[1]: *** [Makefile:144: esp_crypto.o] Error 1
make[1]: Target 'libarch.a' not remade because of errors.
make: *** [tools/LibTargets.mk:170: arch/risc-v/src/libarch.a] Error 2
make: Target 'all' not remade because of errors.
/github/workspace/sources/nuttx/tools/testbuild.sh: line 385: /github/workspace/sources/nuttx/../nuttx/nuttx.manifest: No such file or directory
  [1/1] Normalize esp32p4-function-ev-board/crypto
====================================================================================

acassis
acassis previously approved these changes Mar 16, 2026
View reviewed changes
@eren-terzioglu eren-terzioglu force-pushed the feature/add_aes_support branch from 3a5bdc3 to 0582333 Compare March 16, 2026 16:32
@eren-terzioglu
Copy link
Contributor Author

eren-terzioglu commented Mar 16, 2026

Hi @eren-terzioglu, please fix

====================================================================================
Configuration/Tool: esp32p4-function-ev-board/crypto
2026-03-16 11:15:10
------------------------------------------------------------------------------------
  Cleaning...
  Configuring...
  Building NuttX...
common/espressif/esp_crypto.c: In function 'esp_process':
Error: common/espressif/esp_crypto.c:666:19: error: implicit declaration of function 'aes_cypher' [-Wimplicit-function-declaration]
  666 |             err = aes_cypher(crp->crp_dst, crp->crp_buf, crd->crd_len,
      |                   ^~~~~~~~~~
Error: common/espressif/esp_crypto.c:668:30: error: 'AES_MODE_CBC' undeclared (first use in this function)
  668 |                              AES_MODE_CBC, crd->crd_flags & CRD_F_ENCRYPT);
      |                              ^~~~~~~~~~~~
common/espressif/esp_crypto.c:668:30: note: each undeclared identifier is reported only once for each function it appears in
Error: common/espressif/esp_crypto.c:684:30: error: 'AES_MODE_CTR' undeclared (first use in this function)
  684 |                              AES_MODE_CTR, crd->crd_flags & CRD_F_ENCRYPT);
      |                              ^~~~~~~~~~~~
make[1]: *** [Makefile:144: esp_crypto.o] Error 1
make[1]: Target 'libarch.a' not remade because of errors.
make: *** [tools/LibTargets.mk:170: arch/risc-v/src/libarch.a] Error 2
make: Target 'all' not remade because of errors.
/github/workspace/sources/nuttx/tools/testbuild.sh: line 385: /github/workspace/sources/nuttx/../nuttx/nuttx.manifest: No such file or directory
  [1/1] Normalize esp32p4-function-ev-board/crypto
====================================================================================

Thanks @simbit18, updated.

@simbit18
Copy link
Contributor

simbit18 commented Mar 16, 2026

@eren-terzioglu , please update the PR summary with esp32p4 and Doc as well

https://nuttx.apache.org/docs/latest/platforms/risc-v/esp32p4/index.html

@eren-terzioglu eren-terzioglu force-pushed the feature/add_aes_support branch from 0582333 to e4c0fab Compare March 17, 2026 08:50
@eren-terzioglu
Copy link
Contributor Author

eren-terzioglu commented Mar 17, 2026

@simbit18, updated. Thanks

@eren-terzioglu
arch/risc-v/espressif: Add AES accelerator support
9bdea48 
Add AES accelerator support for esp32[-c3|-c6|-h2|-p4]

Signed-off-by: Eren Terzioglu <eren.terzioglu@espressif.com>
@eren-terzioglu
boards/risc-v/espressif: Add AES accelerator board support
e047391 
Add AES accelerator board support for esp32[-c3|-c6|-h2|-p4]

Signed-off-by: Eren Terzioglu <eren.terzioglu@espressif.com>
@eren-terzioglu
Docs/platforms/espressif: Add AES support docs
d52985b 
Add AES support docs for esp32[-c3|-c6|-h2|-p4]

Signed-off-by: Eren Terzioglu <eren.terzioglu@espressif.com>
@eren-terzioglu
arch/xtensa/espressif: Add AES accelerator support
626d9cc 
Add AES accelerator support for esp32[-s2|-s3]

Signed-off-by: Eren Terzioglu <eren.terzioglu@espressif.com>
@eren-terzioglu
Docs/platforms/espressif: Add AES support docs
0d426fe 
Add AES support docs for esp32s2

Signed-off-by: Eren Terzioglu <eren.terzioglu@espressif.com>
simbit18
simbit18 previously approved these changes Mar 17, 2026
View reviewed changes
@eren-terzioglu
Copy link
Contributor Author

eren-terzioglu commented Mar 17, 2026

Seems error unrelated, fyi

@simbit18
Copy link
Contributor

simbit18 commented Mar 17, 2026

@eren-terzioglu I restarted the failed jobs

@simbit18
Copy link
Contributor

simbit18 commented Mar 17, 2026

HI @eren-terzioglu Now it's the lckfb-szpi-esp32s3 board's turn! :)

====================================================================================
Configuration/Tool: lckfb-szpi-esp32s3/qmi8658
2026-03-17 13:22:30
------------------------------------------------------------------------------------
  Cleaning...
  Configuring...
  Building NuttX...
board/esp32s3_bringup.c:471: error: unterminated #ifdef
  471 | #ifdef CONFIG_ESP32S3_AES_ACCELERATOR
ERROR: xtensa-esp32s3-elf-gcc failed: 1
       command: xtensa-esp32s3-elf-gcc -MT ./esp32s3_bringup.o  -M '-fno-common' '-Wall' '-Wstrict-prototypes' '-Wshadow' '-Wundef' '-Wno-attributes' '-Wno-unknown-pragmas' '-Wno-psabi' '-Os' '-fno-strict-aliasing' '-fomit-frame-pointer' '-ffunction-sections' '-fdata-sections' '-g' '-fno-strength-reduce' '-mlongcalls' '-isystem' '/github/workspace/sources/nuttx/include' '-D__NuttX__' '-DNDEBUG' '-D__KERNEL__' '-Wno-cpp' '-Werror' '-I' '/github/workspace/sources/nuttx/arch/xtensa/src/board/board' '-I' '/github/workspace/sources/nuttx/arch/xtensa/src/board/src' '-I' '/github/workspace/sources/nuttx/sched' '-I' '/github/workspace/sources/nuttx/arch/xtensa/src/chip' '-I' '/github/workspace/sources/nuttx/arch/xtensa/src/common' '-I' '/github/workspace/sources/nuttx/arch/xtensa/src/board/include' board/esp32s3_bringup.c
make[2]: *** [/github/workspace/sources/nuttx/boards/Board.mk:95: .depend] Error 1
make[2]: Target 'depend' not remade because of errors.
make[1]: *** [Makefile:216: .depend] Error 2
make[1]: Target 'depend' not remade because of errors.
make: *** [tools/Unix.mk:670: pass2dep] Error 2
make: Target 'all' not remade because of errors.
/github/workspace/sources/nuttx/tools/testbuild.sh: line 385: /github/workspace/sources/nuttx/../nuttx/nuttx.manifest: No such file or directory
  [1/1] Normalize lckfb-szpi-esp32s3/qmi8658
====================================================================================

@simbit18
Copy link
Contributor

simbit18 commented Mar 17, 2026
edited
Loading

@eren-terzioglu

#ifdef CONFIG_ESP32S3_AES_ACCELERATOR <<<<<<<<<<
  ret = esp32s3_aes_init();   <<<<<<<<<<<<
#ifdef CONFIG_ESPRESSIF_AES_ACCELERATOR
  ret = esp_aes_init();
  if (ret < 0)

I think it's necessary to remove -> #ifdef CONFIG_ESP32S3_AES_ACCELERATOR
ret = esp32s3_aes_init();

nuttx/boards/xtensa/esp32s3/lckfb-szpi-esp32s3/src/esp32s3_bringup.c

Line 472 in e4c0fab

ret = esp32s3_aes_init();

@eren-terzioglu eren-terzioglu force-pushed the feature/add_aes_support branch from e4c0fab to a343c45 Compare March 17, 2026 14:15
@eren-terzioglu
Copy link
Contributor Author

eren-terzioglu commented Mar 17, 2026

nuttx/boards/xtensa/esp32s3/lckfb-szpi-esp32s3/src/esp32s3_bringup.c

Thanks a lot for help. Seems rebase conflict caused this. Updated

@eren-terzioglu
boards/xtensa/espressif: Add AES accelerator board support
a343c45 
Add AES accelerator board support for esp32[-s2|-s3]

Signed-off-by: Eren Terzioglu <eren.terzioglu@espressif.com>
@acassis acassis merged commit f7614f6 into apache:master Mar 17, 2026
41 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@acassis acassis acassis approved these changes

@fdcavalcanti fdcavalcanti fdcavalcanti approved these changes

@simbit18 simbit18 simbit18 approved these changes

@xiaoxiang781216 xiaoxiang781216 xiaoxiang781216 left review comments

@tmedicci tmedicci Awaiting requested review from tmedicci tmedicci is a code owner

@jerpelea jerpelea Awaiting requested review from jerpelea jerpelea is a code owner

@linguini1 linguini1 Awaiting requested review from linguini1

Assignees

No one assigned

Labels

Arch: risc-v Issues related to the RISC-V (32-bit or 64-bit) architecture Arch: xtensa Issues related to the Xtensa architecture Area: Documentation Improvements or additions to documentation Board: risc-v Board: xtensa Size: XL The size of the change in this PR is very large. Consider breaking down the PR into smaller pieces.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@eren-terzioglu @simbit18 @acassis @xiaoxiang781216 @fdcavalcanti