Skip to content

arch/risc-v/espressif: Add AES accelerator support#18544

Open
eren-terzioglu wants to merge 6 commits intoapache:masterfrom
eren-terzioglu:feature/add_aes_support
Open

arch/risc-v/espressif: Add AES accelerator support#18544
eren-terzioglu wants to merge 6 commits intoapache:masterfrom
eren-terzioglu:feature/add_aes_support

Conversation

@eren-terzioglu
Copy link
Contributor

@eren-terzioglu eren-terzioglu commented Mar 16, 2026

Summary

  • Docs/platforms/espressif: Add AES support docs

Add AES support docs for esp32s2

  • boards/xtensa/espressif: Add AES accelerator board support

Add AES accelerator board support for esp32[-s2|-s3]

  • arch/xtensa/espressif: Add AES accelerator support

Add AES accelerator support for esp32[-s2|-s3]

  • Docs/platforms/espressif: Add AES support docs

Add AES support docs for esp32[-c3|-c6|-h2]

  • boards/risc-v/espressif: Add AES accelerator board support

Add AES accelerator board support for esp32[-c3|-c6|-h2]

  • arch/risc-v/espressif: Add AES accelerator support

Add AES accelerator support for esp32[-c3|-c6|-h2]

Impact

Impact on user: No

Impact on build: No

Impact on hardware: Yes, AES accelerator support added

Impact on documentation: Yes, related docs added

Impact on security: No

Impact on compatibility: No

Testing

crypto defconfig used with following options

CONFIG_ESPRESSIF_AES_ACCELERATOR=y
CONFIG_CRYPTO_AES=y
CONFIG_CRYPTO_AES192_DISABLE=y
CONFIG_CRYPTO_ALGTEST=y
CONFIG_DEBUG_CRYPTO=y
CONFIG_DEBUG_CRYPTO_ERROR=y
CONFIG_DEBUG_CRYPTO_INFO=y
CONFIG_DEBUG_CRYPTO_WARN=y
CONFIG_TESTING_CRYPTO_AES_CBC=y
CONFIG_TESTING_CRYPTO_AES_CTR=y
CONFIG_DEBUG_FEATURES=y

Building

Here is command for build

make -j distclean && ./tools/configure.sh esp32c6-devkitc:crypto && kconfig-tweak -e ESPRESSIF_AES_ACCELERATOR && kconfig-tweak -e DEBUG_FEATURES && kconfig-tweak -e CRYPTO_AES && kconfig-tweak -e CRYPTO_AES192_DISABLE && kconfig-tweak -e TESTING_CRYPTO_AES_CBC && kconfig-tweak -e TESTING_CRYPTO_AES_CTR && kconfig-tweak -e CRYPTO_ALGTEST && kconfig-tweak -e DEBUG_CRYPTO && kconfig-tweak -e DEBUG_CRYPTO_ERROR && kconfig-tweak -e DEBUG_CRYPTO_INFO && kconfig-tweak -e DEBUG_CRYPTO_WARN && make olddefconfig && make -j

Running

A few methods used to test:

  • Test during system init (which enabled with CONFIG_CRYPTO_ALGTEST)
  • aescbc and aesctr commands
  • Custom app

Here is the code of custom app (same code can be found on esp32s3_aes.c file):

static void esp_aes_ecb_test(void)
{
  int ret;
  int i;
  int keybits;
  uint8_t encrypt_buf[16];
  uint8_t decrypt_buf[16];
  struct esp_aes_s aes;
  const int size = 16;

  const uint32_t input[8] =
    {
      0x740fdb34, 0x002defca, 0xb042437b, 0xc2f42cf9,
      0xc64444be, 0x32365bc1, 0xb613cfa2, 0x15ce0d23
    };

  const uint32_t key[16] =
    {
      0x8ffdc2c5, 0x14d6c69d, 0x9cb7608f, 0x899b2472,
      0xbf9e4372, 0x855290d0, 0xc62753da, 0xdeedeab7
    };

  const uint32_t result[2][4] =
    {
      /* keybits = 128 */

      {
        0xc810df2a, 0x8ae67e6e, 0x50c5e32c, 0xd535f3e4
      },

      /* keybits = 256 */

      {
        0xa0714c2b, 0x356adb1f, 0xe905c243, 0x35195a7c
      }
    };

  for (i = 0; i < 2; i++)
    {
      keybits = i * 128 + 128;

      ret = esp_aes_setkey(&aes, key, keybits);
      DEBUGASSERT(ret == 0);

      ret = esp_aes_ecb_cypher(&aes, 1, input, encrypt_buf, size);
      DEBUGASSERT(ret == 0);

      if (memcmp(encrypt_buf, result[i], size))
        {
          DEBUGASSERT(0);
        }

      ret = esp_aes_ecb_cypher(&aes, 0, encrypt_buf, decrypt_buf, size);
      DEBUGASSERT(ret == 0);

      if (memcmp(decrypt_buf, input, size))
        {
          DEBUGASSERT(0);
        }

      syslog(LOG_INFO, "AES ECB key=%d bits test: PASS\n", keybits);
    }
}


static void esp_aes_cbc_test(void)
{
  int ret;
  int i;
  int keybits;
  uint8_t encrypt_buf[32];
  uint8_t decrypt_buf[32];
  uint8_t iv_buf[16];
  struct esp_aes_s aes;
  const int size = 32;

  const uint32_t input[8] =
    {
      0x740fdb34, 0x002defca, 0xb042437b, 0xc2f42cf9,
      0xc64444be, 0x32365bc1, 0xb613cfa2, 0x15ce0d23
    };

  const uint32_t key[16] =
    {
      0x8ffdc2c5, 0x14d6c69d, 0x9cb7608f, 0x899b2472,
      0xbf9e4372, 0x855290d0, 0xc62753da, 0xdeedeab7
    };

  const uint32_t iv[4] =
    {
      0xf53a50f2, 0x8aaf711d, 0x953bbbfa, 0x228d53cb
    };

  const uint32_t result[2][8] =
    {
      /* keybits = 128 */

      {
        0x04e27d12, 0x1a91e508, 0x01092431, 0x9d572184,
        0xa39979e1, 0x5543e1bc, 0x7173b71d, 0x4e3be064
      },

      /* keybits = 256 */

      {
        0x6f36b8fe, 0x33bc1f37, 0x24fe659c, 0x0370def0,
        0xb9a852f8, 0x64a79ae2, 0xd59f5045, 0x648a0f44
      }
    };

  for (i = 0; i < 2; i++)
    {
      keybits = i * 128 + 128;

      ret = esp_aes_setkey(&aes, key, keybits);
      DEBUGASSERT(ret == 0);

      memcpy(iv_buf, iv, 16);
      ret = esp_aes_cbc_cypher(&aes, 1, iv_buf, input,
                                   encrypt_buf, size);
      DEBUGASSERT(ret == 0);

      if (memcmp(encrypt_buf, result[i], size))
        {
          DEBUGASSERT(0);
        }

      memcpy(iv_buf, iv, 16);
      ret = esp_aes_cbc_cypher(&aes, 0, iv_buf, encrypt_buf,
                                   decrypt_buf, size);
      DEBUGASSERT(ret == 0);

      if (memcmp(decrypt_buf, input, size))
        {
          DEBUGASSERT(0);
        }

      syslog(LOG_INFO, "AES CBC key=%d bits test: PASS\n", keybits);
    }
}

static void esp_aes_ctr_test(void)
{
  int ret;
  int i;
  int keybits;
  uint8_t encrypt_buf[32];
  uint8_t decrypt_buf[32];
  uint8_t cnt_buf[16];
  uint8_t cache_buf[16];
  uint32_t nc_off;
  struct esp_aes_s aes;
  const int size = 32;

  const uint32_t input[8] =
    {
      0x740fdb34, 0x002defca, 0xb042437b, 0xc2f42cf9,
      0xc64444be, 0x32365bc1, 0xb613cfa2, 0x15ce0d23
    };

  const uint32_t key[16] =
    {
      0x8ffdc2c5, 0x14d6c69d, 0x9cb7608f, 0x899b2472,
      0xbf9e4372, 0x855290d0, 0xc62753da, 0xdeedeab7
    };

  const uint32_t cnt[4] =
    {
      0xf53a50f2, 0x8aaf711d, 0x953bbbfa, 0x228d53cb
    };

  const uint32_t result[2][8] =
    {
      /* keybits = 128 */

      {
        0x5f922338, 0x5aff403d, 0x45fede3f, 0x616568c6,
        0x3cd0ffc7, 0xa26cb704, 0x0aaa8b6a, 0x1d0b5e1c
      },

      /* keybits = 256 */

      {
        0x70af4473, 0x597d2126, 0xd598ed09, 0x3fea540c,
        0xfb5c743c, 0x0c1a39ca, 0xcbcf2d17, 0x341a7a0c
      }
    };

  for (i = 0; i < 2; i++)
    {
      keybits = i * 128 + 128;

      ret = esp_aes_setkey(&aes, key, keybits);
      DEBUGASSERT(ret == 0);

      nc_off = 0;
      memcpy(cnt_buf, cnt, 16);
      ret = esp_aes_ctr_cypher(&aes, &nc_off, cnt_buf, cache_buf,
                                   input, encrypt_buf, size);
      DEBUGASSERT(ret == 0);

      if (memcmp(encrypt_buf, result[i], size))
        {
          DEBUGASSERT(0);
        }

      nc_off = 0;
      memcpy(cnt_buf, cnt, 16);
      ret = esp_aes_ctr_cypher(&aes, &nc_off, cnt_buf, cache_buf,
                                   encrypt_buf, decrypt_buf, size);
      DEBUGASSERT(ret == 0);

      if (memcmp(decrypt_buf, input, size))
        {
          DEBUGASSERT(0);
        }

      syslog(LOG_INFO, "AES CTR key=%d bits test: PASS\n", keybits);
    }
}


void esp_aes_test(void)
{
  syslog(LOG_INFO, "\nAES hardware accelerate test.\n");

  esp_aes_ecb_test();
  esp_aes_cbc_test();
  esp_aes_ctr_test();
  syslog(LOG_INFO, "\nAES hardware accelerate test done.\n");
}

Results

Output looked like this:

...
up_cryptoinitialize: crypto test OK

NuttShell (NSH) NuttX-10.4.0
nsh> aescbc
aescbc test ok
nsh> aesctr
OK test vector 0
OK test vector 1
OK test vector 2
...
OK test vector 6
OK test vector 7
OK test vector 8

# Custom app report
AES hardware accelerate test.
AES ECB key=128 bits test: PASS
AES ECB key=256 bits test: PASS
AES CBC key=128 bits test: PASS
AES CBC key=256 bits test: PASS
AES CTR key=128 bits test: PASS
AES CTR key=256 bits test: PASS

AES hardware accelerate test done.

@eren-terzioglu eren-terzioglu changed the title Feature/add aes support arch/risc-v/espressif: Add AES accelerator support Mar 16, 2026
@github-actions github-actions bot added Area: Documentation Improvements or additions to documentation Arch: risc-v Issues related to the RISC-V (32-bit or 64-bit) architecture Arch: xtensa Issues related to the Xtensa architecture Size: XL The size of the change in this PR is very large. Consider breaking down the PR into smaller pieces. Board: risc-v Board: xtensa labels Mar 16, 2026
@simbit18
Copy link
Contributor

simbit18 commented Mar 16, 2026

Hi @eren-terzioglu, please fix

====================================================================================
Configuration/Tool: esp32p4-function-ev-board/crypto
2026-03-16 11:15:10
------------------------------------------------------------------------------------
  Cleaning...
  Configuring...
  Building NuttX...
common/espressif/esp_crypto.c: In function 'esp_process':
Error: common/espressif/esp_crypto.c:666:19: error: implicit declaration of function 'aes_cypher' [-Wimplicit-function-declaration]
  666 |             err = aes_cypher(crp->crp_dst, crp->crp_buf, crd->crd_len,
      |                   ^~~~~~~~~~
Error: common/espressif/esp_crypto.c:668:30: error: 'AES_MODE_CBC' undeclared (first use in this function)
  668 |                              AES_MODE_CBC, crd->crd_flags & CRD_F_ENCRYPT);
      |                              ^~~~~~~~~~~~
common/espressif/esp_crypto.c:668:30: note: each undeclared identifier is reported only once for each function it appears in
Error: common/espressif/esp_crypto.c:684:30: error: 'AES_MODE_CTR' undeclared (first use in this function)
  684 |                              AES_MODE_CTR, crd->crd_flags & CRD_F_ENCRYPT);
      |                              ^~~~~~~~~~~~
make[1]: *** [Makefile:144: esp_crypto.o] Error 1
make[1]: Target 'libarch.a' not remade because of errors.
make: *** [tools/LibTargets.mk:170: arch/risc-v/src/libarch.a] Error 2
make: Target 'all' not remade because of errors.
/github/workspace/sources/nuttx/tools/testbuild.sh: line 385: /github/workspace/sources/nuttx/../nuttx/nuttx.manifest: No such file or directory
  [1/1] Normalize esp32p4-function-ev-board/crypto
====================================================================================

acassis
acassis previously approved these changes Mar 16, 2026
View reviewed changes
@eren-terzioglu eren-terzioglu force-pushed the feature/add_aes_support branch from 3a5bdc3 to 0582333 Compare March 16, 2026 16:32
@eren-terzioglu
Copy link
Contributor Author

eren-terzioglu commented Mar 16, 2026

Hi @eren-terzioglu, please fix

====================================================================================
Configuration/Tool: esp32p4-function-ev-board/crypto
2026-03-16 11:15:10
------------------------------------------------------------------------------------
  Cleaning...
  Configuring...
  Building NuttX...
common/espressif/esp_crypto.c: In function 'esp_process':
Error: common/espressif/esp_crypto.c:666:19: error: implicit declaration of function 'aes_cypher' [-Wimplicit-function-declaration]
  666 |             err = aes_cypher(crp->crp_dst, crp->crp_buf, crd->crd_len,
      |                   ^~~~~~~~~~
Error: common/espressif/esp_crypto.c:668:30: error: 'AES_MODE_CBC' undeclared (first use in this function)
  668 |                              AES_MODE_CBC, crd->crd_flags & CRD_F_ENCRYPT);
      |                              ^~~~~~~~~~~~
common/espressif/esp_crypto.c:668:30: note: each undeclared identifier is reported only once for each function it appears in
Error: common/espressif/esp_crypto.c:684:30: error: 'AES_MODE_CTR' undeclared (first use in this function)
  684 |                              AES_MODE_CTR, crd->crd_flags & CRD_F_ENCRYPT);
      |                              ^~~~~~~~~~~~
make[1]: *** [Makefile:144: esp_crypto.o] Error 1
make[1]: Target 'libarch.a' not remade because of errors.
make: *** [tools/LibTargets.mk:170: arch/risc-v/src/libarch.a] Error 2
make: Target 'all' not remade because of errors.
/github/workspace/sources/nuttx/tools/testbuild.sh: line 385: /github/workspace/sources/nuttx/../nuttx/nuttx.manifest: No such file or directory
  [1/1] Normalize esp32p4-function-ev-board/crypto
====================================================================================

Thanks @simbit18, updated.

@eren-terzioglu
arch/risc-v/espressif: Add AES accelerator support
bd9ede3 
Add AES accelerator support for esp32[-c3|-c6|-h2]

Signed-off-by: Eren Terzioglu <eren.terzioglu@espressif.com>
@eren-terzioglu
boards/risc-v/espressif: Add AES accelerator board support
67b03d0 
Add AES accelerator board support for esp32[-c3|-c6|-h2]

Signed-off-by: Eren Terzioglu <eren.terzioglu@espressif.com>
@eren-terzioglu
Docs/platforms/espressif: Add AES support docs
dae4470 
Add AES support docs for esp32[-c3|-c6|-h2]

Signed-off-by: Eren Terzioglu <eren.terzioglu@espressif.com>
@eren-terzioglu
arch/xtensa/espressif: Add AES accelerator support
0330bd0 
Add AES accelerator support for esp32[-s2|-s3]

Signed-off-by: Eren Terzioglu <eren.terzioglu@espressif.com>
@eren-terzioglu
Docs/platforms/espressif: Add AES support docs
cdcd3f4 
Add AES support docs for esp32s2

Signed-off-by: Eren Terzioglu <eren.terzioglu@espressif.com>
@eren-terzioglu
boards/xtensa/espressif: Add AES accelerator board support
0582333 
Add AES accelerator board support for esp32[-s2|-s3]

Signed-off-by: Eren Terzioglu <eren.terzioglu@espressif.com>
@simbit18
Copy link
Contributor

simbit18 commented Mar 16, 2026

@eren-terzioglu , please update the PR summary with esp32p4 and Doc as well

https://nuttx.apache.org/docs/latest/platforms/risc-v/esp32p4/index.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@xiaoxiang781216 xiaoxiang781216 xiaoxiang781216 approved these changes

@acassis acassis acassis left review comments

@tmedicci tmedicci Awaiting requested review from tmedicci tmedicci is a code owner

@fdcavalcanti fdcavalcanti Awaiting requested review from fdcavalcanti fdcavalcanti is a code owner

@jerpelea jerpelea Awaiting requested review from jerpelea jerpelea is a code owner

@linguini1 linguini1 Awaiting requested review from linguini1

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

Arch: risc-v Issues related to the RISC-V (32-bit or 64-bit) architecture Arch: xtensa Issues related to the Xtensa architecture Area: Documentation Improvements or additions to documentation Board: risc-v Board: xtensa Size: XL The size of the change in this PR is very large. Consider breaking down the PR into smaller pieces.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@eren-terzioglu @simbit18 @acassis @xiaoxiang781216