crypto:add some hardware support

esp32c3: aes hmac-sha1 hmac-sha256 stm32f0l0g0 stm32l1 : aes sam34: aes lpc43: aes Signed-off-by: anjiahao <anjiahao@xiaomi.com>
2026-05-30 05:16:47 +08:00 · 2022-09-08 14:13:08 +08:00
parent 3d2f0c0e27
commit bc0fe0ea16
20 changed files with 1440 additions and 53 deletions
@@ -126,6 +126,10 @@ ifeq ($(CONFIG_CRYPTO_AES),y)
 CHIP_CSRCS += lpc43_aes.c
 endif

+ifeq ($(CONFIG_CRYPTO_CRYPTODEV_HARDWARE),y)
+CHIP_CSRCS += lpc43_crypto.c
+endif
+
 ifeq ($(CONFIG_LPC43_USB0),y)
 ifeq ($(CONFIG_USBDEV),y)
 CHIP_CSRCS += lpc43_usb0dev.c
@@ -37,7 +37,7 @@

 #include "arm_internal.h"
 #include "chip.h"
-#include <chip/lpc43_aes.h>
+#include <hardware/lpc43_aes.h>

 #define AES_BLOCK_SIZE 16

@@ -0,0 +1,130 @@
+/****************************************************************************
+ * arch/arm/src/lpc43xx/lpc43_crypto.c
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.  The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <errno.h>
+#include <stdint.h>
+
+#include <crypto/cryptodev.h>
+#include <crypto/xform.h>
+#include <nuttx/crypto/crypto.h>
+
+/****************************************************************************
+ * Private Data
+ ****************************************************************************/
+
+static uint32_t g_lpc43_sesnum;
+
+/****************************************************************************
+ * Private Functions
+ ****************************************************************************/
+
+/****************************************************************************
+ * Name: authcompute
+ *
+ * Description:
+ *   Calculate the hash.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Name: lpc43_newsession
+ *
+ * Description:
+ *   create new session for crypto.
+ *
+ ****************************************************************************/
+
+static int lpc43_newsession(uint32_t *sid, struct cryptoini *cri)
+{
+  if (sid == NULL || cri == NULL || cri->cri_alg != CRYPTO_AES_CBC)
+    {
+      return -EINVAL;
+    }
+
+  sid = g_lpc43_sesnum++;
+  return OK;
+}
+
+/****************************************************************************
+ * Name: lpc43_freesession
+ *
+ * Description:
+ *   free session.
+ *
+ ****************************************************************************/
+
+static int lpc43_freesession(uint64_t tid)
+{
+  return 0;
+}
+
+/****************************************************************************
+ * Name: lpc43_process
+ *
+ * Description:
+ *   process session to use hardware algorithm.
+ *
+ ****************************************************************************/
+
+static int lpc43_process(struct cryptop *crp)
+{
+  struct cryptodesc *crd;
+
+  for (crd = crp->crp_desc; crd; crd = crd->crd_next)
+    {
+      switch (crd->crd_alg)
+        {
+          case CRYPTO_AES_CBC:
+            return aes_cypher(crp->crp_dst, crp->crp_buf, crd->crd_len,
+                              crd->crd_iv, crd->crd_key, 16,
+                              AES_MODE_CBC, crd->crd_flags & CRD_F_ENCRYPT);
+          default:
+            return -EINVAL;
+        }
+    }
+}
+
+/****************************************************************************
+ * Name: hwcr_init
+ *
+ * Description:
+ *   register the hardware crypto driver.
+ *
+ ****************************************************************************/
+
+void hwcr_init(void)
+{
+  int hwcr_id;
+  int algs[CRYPTO_ALGORITHM_MAX + 1];
+
+  hwcr_id = crypto_get_driverid(0);
+  DEBUGASSERT(hwcr_id >= 0);
+
+  memset(algs, 0, sizeof(algs));
+
+  algs[CRYPTO_AES_CBC] = CRYPTO_ALG_FLAG_SUPPORTED;
+
+  crypto_register(hwcr_id, algs, lpc43_newsession,
+                  lpc43_freesession, lpc43_process);
+}
@@ -99,6 +99,10 @@ ifeq ($(CONFIG_SAM34_AES),y)
 CHIP_CSRCS += sam_aes.c
 endif

+ifeq ($(CONFIG_CRYPTO_CRYPTODEV_HARDWARE),y)
+CHIP_CSRCS += sam_crypto.c
+endif
+
 ifeq ($(CONFIG_SAM34_RTC),y)
 CHIP_CSRCS += sam_rtc.c
 endif
@@ -0,0 +1,160 @@
+/****************************************************************************
+ * arch/arm/src/sam34/sam_crypto.c
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.  The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <errno.h>
+#include <stdint.h>
+
+#include <crypto/cryptodev.h>
+#include <crypto/xform.h>
+#include <nuttx/crypto/crypto.h>
+
+/****************************************************************************
+ * Private Data
+ ****************************************************************************/
+
+FAR static uint32_t g_sam_sesnum = 0;
+
+/****************************************************************************
+ * Private Functions
+ ****************************************************************************/
+
+/****************************************************************************
+ * Name: authcompute
+ *
+ * Description:
+ *   Calculate the hash.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Name: sam_newsession
+ *
+ * Description:
+ *   create new session for crypto.
+ *
+ ****************************************************************************/
+
+static int sam_newsession(FAR uint32_t *sid, FAR struct cryptoini *cri)
+{
+  if (sid == NULL || cri == NULL)
+    {
+      return -EINVAL;
+    }
+
+  switch (cri->cri_alg)
+    {
+      case CRYPTO_AES_CBC:
+        *sid = g_sam_sesnum++;
+        break;
+      case CRYPTO_AES_CTR:
+        if ((cri->cri_klen / 8 - 4) != 16)
+          {
+            /* sam aes-ctr key bits just support 128 */
+
+            return -EINVAL;
+          }
+
+        *sid = g_sam_sesnum++;
+        break;
+      default :
+        return -EINVAL;
+    }
+
+  return OK;
+}
+
+/****************************************************************************
+ * Name: sam_freesession
+ *
+ * Description:
+ *   free session.
+ *
+ ****************************************************************************/
+
+static int sam_freesession(uint64_t tid)
+{
+  return 0;
+}
+
+/****************************************************************************
+ * Name: sam_process
+ *
+ * Description:
+ *   process session to use hardware algorithm.
+ *
+ ****************************************************************************/
+
+static int sam_process(struct cryptop *crp)
+{
+  struct cryptodesc *crd;
+  uint8_t iv[AESCTR_BLOCKSIZE];
+
+  for (crd = crp->crp_desc; crd; crd = crd->crd_next)
+    {
+      switch (crd->crd_alg)
+        {
+          case CRYPTO_AES_CBC:
+            return aes_cypher(crp->crp_dst, crp->crp_buf, crd->crd_len,
+                              crd->crd_iv, crd->crd_key, 16,
+                              AES_MODE_CBC, crd->crd_flags & CRD_F_ENCRYPT);
+          case CRYPTO_AES_CTR:
+
+            memcpy(iv, crd->crd_key + crd->crd_klen / 8 - AESCTR_NONCESIZE,
+                   AESCTR_NONCESIZE);
+            memcpy(iv + AESCTR_NONCESIZE, crd->crd_iv, AESCTR_IVSIZE);
+            memset(iv + AESCTR_NONCESIZE + AESCTR_IVSIZE , 0, 4);
+
+            return aes_cypher(crp->crp_dst, crp->crp_buf, crd->crd_len,
+                              iv, crd->crd_key, crd->crd_klen / 8 - 4,
+                              AES_MODE_CTR, crd->crd_flags & CRD_F_ENCRYPT);
+          default:
+            return -EINVAL;
+        }
+    }
+}
+
+/****************************************************************************
+ * Name: hwcr_init
+ *
+ * Description:
+ *   register the hardware crypto driver.
+ *
+ ****************************************************************************/
+
+void hwcr_init(void)
+{
+  int hwcr_id;
+  int algs[CRYPTO_ALGORITHM_MAX + 1];
+
+  hwcr_id = crypto_get_driverid(0);
+  DEBUGASSERT(hwcr_id >= 0);
+
+  memset(algs, 0, sizeof(algs));
+
+  algs[CRYPTO_AES_CBC] = CRYPTO_ALG_FLAG_SUPPORTED;
+  algs[CRYPTO_AES_CTR] = CRYPTO_ALG_FLAG_SUPPORTED;
+
+  crypto_register(hwcr_id, algs, sam_newsession,
+                  sam_freesession, sam_process);
+}
@@ -221,6 +221,10 @@ ifeq ($(CONFIG_STM32_AES),y)
 CHIP_CSRCS += stm32_aes.c
 endif

+ifeq ($(CONFIG_CRYPTO_CRYPTODEV_HARDWARE),y)
+CHIP_CSRCS += stm32_crypto.c
+endif
+
 ifeq ($(CONFIG_STM32_BBSRAM),y)
 CHIP_CSRCS += stm32_bbsram.c
 endif
@@ -0,0 +1,152 @@
+/****************************************************************************
+ * arch/arm/src/stm32/stm32_crypto.c
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.  The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <errno.h>
+#include <stdint.h>
+
+#include <crypto/cryptodev.h>
+#include <crypto/xform.h>
+#include <nuttx/crypto/crypto.h>
+
+/****************************************************************************
+ * Private Data
+ ****************************************************************************/
+
+static uint32_t g_stm32_sesnum = 0;
+
+/****************************************************************************
+ * Private Functions
+ ****************************************************************************/
+
+/****************************************************************************
+ * Name: stm32_newsession
+ *
+ * Description:
+ *   create new session for crypto.
+ *
+ ****************************************************************************/
+
+static int stm32_newsession(uint32_t *sid, struct cryptoini *cri)
+{
+  if (sid == NULL || cri == NULL)
+    {
+      return -EINVAL;
+    }
+
+  switch (cri->cri_alg)
+    {
+      case CRYPTO_AES_CBC:
+        *sid = g_stm32_sesnum++;
+        break;
+      case CRYPTO_AES_CTR:
+        if ((cri->cri_klen / 8 - 4) != 16)
+          {
+            /* stm32 aes-ctr key bits just support 128 */
+
+            return -EINVAL;
+          }
+
+        *sid = g_stm32_sesnum++;
+        break;
+      default :
+        return -EINVAL;
+    }
+
+  return OK;
+}
+
+/****************************************************************************
+ * Name: stm32_freesession
+ *
+ * Description:
+ *   free session.
+ *
+ ****************************************************************************/
+
+static int stm32_freesession(uint64_t tid)
+{
+  return 0;
+}
+
+/****************************************************************************
+ * Name: stm32_process
+ *
+ * Description:
+ *   process session to use hardware algorithm.
+ *
+ ****************************************************************************/
+
+static int stm32_process(struct cryptop *crp)
+{
+  struct cryptodesc *crd;
+  uint8_t iv[AESCTR_BLOCKSIZE];
+
+  for (crd = crp->crp_desc; crd; crd = crd->crd_next)
+    {
+      switch (crd->crd_alg)
+        {
+          case CRYPTO_AES_CBC:
+            return aes_cypher(crp->crp_dst, crp->crp_buf, crd->crd_len,
+                              crd->crd_iv, crd->crd_key, 16,
+                              AES_MODE_CBC, crd->crd_flags & CRD_F_ENCRYPT);
+          case CRYPTO_AES_CTR:
+
+            memcpy(iv, crd->crd_key + crd->crd_klen / 8 - AESCTR_NONCESIZE,
+                   AESCTR_NONCESIZE);
+            memcpy(iv + AESCTR_NONCESIZE, crd->crd_iv, AESCTR_IVSIZE);
+            memset(iv + AESCTR_NONCESIZE + AESCTR_IVSIZE , 0, 4);
+
+            return aes_cypher(crp->crp_dst, crp->crp_buf, crd->crd_len,
+                              iv, crd->crd_key, crd->crd_klen / 8 - 4,
+                              AES_MODE_CTR, crd->crd_flags & CRD_F_ENCRYPT);
+          default:
+            return -EINVAL;
+        }
+    }
+}
+
+/****************************************************************************
+ * Name: hwcr_init
+ *
+ * Description:
+ *   register the hardware crypto driver.
+ *
+ ****************************************************************************/
+
+void hwcr_init(void)
+{
+  int hwcr_id;
+  int algs[CRYPTO_ALGORITHM_MAX + 1];
+
+  hwcr_id = crypto_get_driverid(0);
+  DEBUGASSERT(hwcr_id >= 0);
+
+  memset(algs, 0, sizeof(algs));
+
+  algs[CRYPTO_AES_CBC] = CRYPTO_ALG_FLAG_SUPPORTED;
+  algs[CRYPTO_AES_CTR] = CRYPTO_ALG_FLAG_SUPPORTED;
+
+  crypto_register(hwcr_id, algs, stm32_newsession,
+                  stm32_freesession, stm32_process);
+}
@@ -0,0 +1,160 @@
+/****************************************************************************
+ * arch/arm/src/stm32f0l0g0/stm32_crypto.c
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.  The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <errno.h>
+#include <stdint.h>
+
+#include <crypto/cryptodev.h>
+#include <crypto/xform.h>
+#include <nuttx/crypto/crypto.h>
+
+/****************************************************************************
+ * Private Data
+ ****************************************************************************/
+
+static uint32_t g_stm32_sesnum = 0;
+
+/****************************************************************************
+ * Private Functions
+ ****************************************************************************/
+
+/****************************************************************************
+ * Name: authcompute
+ *
+ * Description:
+ *   Calculate the hash.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Name: stm32_newsession
+ *
+ * Description:
+ *   create new session for crypto.
+ *
+ ****************************************************************************/
+
+static int stm32_newsession(uint32_t *sid, struct cryptoini *cri)
+{
+  if (sid == NULL || cri == NULL)
+    {
+      return -EINVAL;
+    }
+
+  switch (cri->cri_alg)
+    {
+      case CRYPTO_AES_CBC:
+        *sid = g_stm32_sesnum++;
+        break;
+      case CRYPTO_AES_CTR:
+        if ((cri->cri_klen / 8 - 4) != 16)
+          {
+            /* stm32 aes-ctr key bits just support 128 */
+
+            return -EINVAL;
+          }
+
+        *sid = g_stm32_sesnum++;
+        break;
+      default :
+        return -EINVAL;
+    }
+
+  return OK;
+}
+
+/****************************************************************************
+ * Name: stm32_freesession
+ *
+ * Description:
+ *   free session.
+ *
+ ****************************************************************************/
+
+static int stm32_freesession(uint64_t tid)
+{
+  return 0;
+}
+
+/****************************************************************************
+ * Name: stm32_process
+ *
+ * Description:
+ *   process session to use hardware algorithm.
+ *
+ ****************************************************************************/
+
+static int stm32_process(struct cryptop *crp)
+{
+  struct cryptodesc *crd;
+  uint8_t iv[AESCTR_BLOCKSIZE];
+
+  for (crd = crp->crp_desc; crd; crd = crd->crd_next)
+    {
+      switch (crd->crd_alg)
+        {
+          case CRYPTO_AES_CBC:
+            return aes_cypher(crp->crp_dst, crp->crp_buf, crd->crd_len,
+                              crd->crd_iv, crd->crd_key, 16,
+                              AES_MODE_CBC, crd->crd_flags & CRD_F_ENCRYPT);
+          case CRYPTO_AES_CTR:
+
+            memcpy(iv, crd->crd_key + crd->crd_klen / 8 - AESCTR_NONCESIZE,
+                   AESCTR_NONCESIZE);
+            memcpy(iv + AESCTR_NONCESIZE, crd->crd_iv, AESCTR_IVSIZE);
+            memset(iv + AESCTR_NONCESIZE + AESCTR_IVSIZE , 0, 4);
+
+            return aes_cypher(crp->crp_dst, crp->crp_buf, crd->crd_len,
+                              iv, crd->crd_key, crd->crd_klen / 8 - 4,
+                              AES_MODE_CTR, crd->crd_flags & CRD_F_ENCRYPT);
+          default:
+            return -EINVAL;
+        }
+    }
+}
+
+/****************************************************************************
+ * Name: hwcr_init
+ *
+ * Description:
+ *   register the hardware crypto driver.
+ *
+ ****************************************************************************/
+
+void hwcr_init(void)
+{
+  int hwcr_id;
+  int algs[CRYPTO_ALGORITHM_MAX + 1];
+
+  hwcr_id = crypto_get_driverid(0);
+  DEBUGASSERT(hwcr_id >= 0);
+
+  memset(algs, 0, sizeof(algs));
+
+  algs[CRYPTO_AES_CBC] = CRYPTO_ALG_FLAG_SUPPORTED;
+  algs[CRYPTO_AES_CTR] = CRYPTO_ALG_FLAG_SUPPORTED;
+
+  crypto_register(hwcr_id, algs, stm32_newsession,
+                  stm32_freesession, stm32_process);
+}
@@ -148,6 +148,10 @@ ifeq ($(CONFIG_ESP32C3_ADC),y)
 CHIP_CSRCS += esp32c3_adc.c
 endif

+ifeq ($(CONFIG_CRYPTO_CRYPTODEV_HARDWARE),y)
+CHIP_CSRCS += esp32c3_crypto.c
+endif
+
 ifeq ($(CONFIG_ESP32C3_AES_ACCELERATOR),y)
 CHIP_CSRCS += esp32c3_aes.c
 endif
@@ -585,11 +585,9 @@ int esp32c3_aes_init(void)
 * Name: aes_cypher
 ****************************************************************************/

-#ifdef CONFIG_CRYPTO_AES
-
-int aes_cypher(void *out, const void *in, size_t size,
-               const void *iv, const void *key, size_t keysize,
-               int mode, int encrypt)
+int esp32c3_aes_cypher(void *out, const void *in, size_t size,
+                       const void *iv, const void *key, size_t keysize,
+                       int mode, int encrypt)
 {
  int ret;
  uint8_t iv_buf[AES_BLK_SIZE];
@@ -602,7 +600,12 @@ int aes_cypher(void *out, const void *in, size_t size,
      return -EINVAL;
    }

-  if (keysize != 16)
+  if (mode == AES_MODE_CTR)
+    {
+      keysize -= 4;
+    }
+
+  if (keysize != 16 && keysize != 32)
    {
      return -EINVAL;
    }
@@ -640,6 +643,7 @@ int aes_cypher(void *out, const void *in, size_t size,
        memcpy(iv_buf, iv, AES_BLK_SIZE);
        ret = esp32c3_aes_ctr_cypher(&aes, &nc_off, iv_buf, cache_buf,
                                   in, out, size);
+        break;
      default :
        ret = -EINVAL;
        break;
@@ -647,6 +651,3 @@ int aes_cypher(void *out, const void *in, size_t size,

  return ret;
 }
-
-#endif
-
@@ -208,6 +208,14 @@ int esp32c3_aes_xts_setkey(struct esp32c3_aes_xts_s *aes, const void *keyptr,

 int esp32c3_aes_init(void);

+/****************************************************************************
+ * Name: aes_cypher
+ ****************************************************************************/
+
+int esp32c3_aes_cypher(void *out, const void *in, size_t size,
+                       const void *iv, const void *key, size_t keysize,
+                       int mode, int encrypt);
+
 #ifdef __cplusplus
 }
 #endif
@@ -112,6 +112,154 @@ struct esp32c3_sha512_context_s

 int esp32c3_sha_init(void);

+/****************************************************************************
+ * Name: esp32c3_sha1_init
+ *
+ * Description:
+ *   Initializes a SHA-1 context.
+ *
+ * Input Parameters:
+ *   ctx      - The SHA-1 context to initialize
+ *
+ * Returned Value:
+ *   None.
+ *
+ ****************************************************************************/
+
+void esp32c3_sha1_init(struct esp32c3_sha1_context_s *ctx);
+
+/****************************************************************************
+ * Name: esp32c3_sha1_starts
+ *
+ * Description:
+ *   Starts a SHA-1 checksum calculation.
+ *
+ * Input Parameters:
+ *   ctx      - The SHA-1 context to initialize
+ *
+ * Returned Value:
+ *   OK is returned on success.
+ *
+ ****************************************************************************/
+
+int esp32c3_sha1_starts(struct esp32c3_sha1_context_s *ctx);
+
+/****************************************************************************
+ * Name: esp32c3_sha1_update
+ *
+ * Description:
+ *   Feeds an input buffer into an ongoing SHA-1 checksum calculation.
+ *
+ * Input Parameters:
+ *   ctx      - The SHA-1 context to use
+ *   input    - The buffer holding the input data
+ *   ilen     - The length of the input data in Bytes
+ *
+ * Returned Value:
+ *   OK is returned on success.
+ *   Otherwise, a negated errno value is returned.
+ *
+ ****************************************************************************/
+
+int esp32c3_sha1_update(struct esp32c3_sha1_context_s *ctx,
+                        const unsigned char *input,
+                        size_t ilen);
+
+/****************************************************************************
+ * Name: esp32c3_sha1_finish
+ *
+ * Description:
+ *   Finishes the SHA-1 operation,
+ *   and writes the result to the output buffer.
+ *
+ * Input Parameters:
+ *   ctx      - The SHA-1 context to use
+ *   output   - The SHA-1 checksum result
+ *
+ * Returned Value:
+ *   OK is returned on success.
+ *   Otherwise, a negated errno value is returned.
+ *
+ ****************************************************************************/
+
+int esp32c3_sha1_finish(struct esp32c3_sha1_context_s *ctx,
+                        unsigned char output[20]);
+
+/****************************************************************************
+ * Name: esp32c3_sha256_init
+ *
+ * Description:
+ *   Initializes a SHA-256 context.
+ *
+ * Input Parameters:
+ *   ctx      - The SHA-256 context to initialize
+ *
+ * Returned Value:
+ *   None.
+ *
+ ****************************************************************************/
+
+void esp32c3_sha256_init(struct esp32c3_sha256_context_s *ctx);
+
+/****************************************************************************
+ * Name: esp32c3_sha256_starts
+ *
+ * Description:
+ *   Starts a SHA-224 or SHA-256 checksum calculation.
+ *
+ * Input Parameters:
+ *   ctx      - The SHA-256 context to initialize
+ *   is224    - Determines which function to use
+ *
+ * Returned Value:
+ *   OK is returned on success.
+ *
+ ****************************************************************************/
+
+int esp32c3_sha256_starts(struct esp32c3_sha256_context_s *ctx, bool is224);
+
+/****************************************************************************
+ * Name: esp32c3_sha256_update
+ *
+ * Description:
+ *   Feeds an input buffer into an ongoing SHA-224 or SHA-256
+ *   checksum calculation.
+ *
+ * Input Parameters:
+ *   ctx      - The SHA-256 context to use
+ *   input    - The buffer holding the input data
+ *   ilen     - The length of the input data in Bytes
+ *
+ * Returned Value:
+ *   OK is returned on success.
+ *   Otherwise, a negated errno value is returned.
+ *
+ ****************************************************************************/
+
+int esp32c3_sha256_update(struct esp32c3_sha256_context_s *ctx,
+                          const unsigned char *input,
+                          size_t ilen);
+
+/****************************************************************************
+ * Name: esp32c3_sha256_finish
+ *
+ * Description:
+ *   Finishes the SHA-224 or SHA-256 operation, and writes the result to
+ *   the output buffer.
+ *
+ * Input Parameters:
+ *   ctx      - The SHA-256 context to use
+ *   output   - The SHA-256 checksum result
+ *
+ * Returned Value:
+ *   OK is returned on success.
+ *   Otherwise, a negated errno value is returned.
+ *
+ ****************************************************************************/
+
+int esp32c3_sha256_finish(struct esp32c3_sha256_context_s *ctx,
+                          unsigned char output[32]);
+
 #ifdef __cplusplus
 }
 #endif
@@ -0,0 +1,51 @@
+#
+# This file is autogenerated: PLEASE DO NOT EDIT IT.
+#
+# You can use "make menuconfig" to make any modifications to the installed .config file.
+# You can then do "make savedefconfig" to generate a new defconfig file that includes your
+# modifications.
+#
+# CONFIG_NSH_ARGCAT is not set
+# CONFIG_NSH_CMDOPT_HEXDUMP is not set
+# CONFIG_NSH_CMDPARMS is not set
+CONFIG_ALLOW_BSD_COMPONENTS=y
+CONFIG_ARCH="risc-v"
+CONFIG_ARCH_BOARD="esp32c3-devkit"
+CONFIG_ARCH_BOARD_ESP32C3_DEVKIT=y
+CONFIG_ARCH_CHIP="esp32c3"
+CONFIG_ARCH_CHIP_ESP32C3=y
+CONFIG_ARCH_CHIP_ESP32C3WROOM02=y
+CONFIG_ARCH_INTERRUPTSTACK=1536
+CONFIG_ARCH_RISCV=y
+CONFIG_ARCH_STACKDUMP=y
+CONFIG_BOARD_LOOPSPERMSEC=15000
+CONFIG_BUILTIN=y
+CONFIG_CRYPTO=y
+CONFIG_CRYPTO_AES=y
+CONFIG_CRYPTO_CRYPTODEV=y
+CONFIG_CRYPTO_CRYPTODEV_HARDWARE=y
+CONFIG_CRYPTO_RANDOM_POOL=y
+CONFIG_DEV_ZERO=y
+CONFIG_ESP32C3_AES_ACCELERATOR=y
+CONFIG_ESP32C3_SHA_ACCELERATOR=y
+CONFIG_FS_PROCFS=y
+CONFIG_IDLETHREAD_STACKSIZE=2048
+CONFIG_INIT_ENTRYPOINT="nsh_main"
+CONFIG_INTELHEX_BINARY=y
+CONFIG_LIBC_PERROR_STDOUT=y
+CONFIG_LIBC_STRERROR=y
+CONFIG_NFILE_DESCRIPTORS_PER_BLOCK=6
+CONFIG_NSH_ARCHINIT=y
+CONFIG_NSH_BUILTIN_APPS=y
+CONFIG_NSH_FILEIOSIZE=512
+CONFIG_NSH_READLINE=y
+CONFIG_NSH_STRERROR=y
+CONFIG_PREALLOC_TIMERS=0
+CONFIG_RR_INTERVAL=200
+CONFIG_SCHED_WAITPID=y
+CONFIG_START_DAY=29
+CONFIG_START_MONTH=11
+CONFIG_START_YEAR=2019
+CONFIG_SYSTEM_NSH=y
+CONFIG_TESTING_CRYPTO=y
+CONFIG_UART0_SERIAL_CONSOLE=y
@@ -40,6 +40,11 @@ config CRYPTO_CRYPTODEV
 	depends on ALLOW_BSD_COMPONENTS
 	default n

+config CRYPTO_CRYPTODEV_HARDWARE
+	bool "cryptodev hardware support"
+	depends on CRYPTO_CRYPTODEV
+	default n
+
 config CRYPTO_SW_AES
 	bool "Software AES library"
 	depends on ALLOW_BSD_COMPONENTS
@@ -51,6 +51,7 @@ ifeq ($(CONFIG_CRYPTO_CRYPTODEV),y)
  CRYPTO_CSRCS += idgen.c
  CRYPTO_CSRCS += key_wrap.c
  CRYPTO_CSRCS += siphash.c
+  CRYPTO_CSRCS += hmac_buff.c
 endif

 # BLAKE2s hash algorithm
@@ -47,46 +47,6 @@
 * Private Data
 ****************************************************************************/

-const uint8_t hmac_ipad_buffer[HMAC_MAX_BLOCK_LEN] =
-{
-  0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
-  0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
-  0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
-  0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
-  0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
-  0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
-  0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
-  0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
-  0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
-  0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
-  0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
-  0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
-  0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
-  0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
-  0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
-  0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36
-};
-
-const uint8_t hmac_opad_buffer[HMAC_MAX_BLOCK_LEN] =
-{
-  0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
-  0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
-  0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
-  0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
-  0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
-  0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
-  0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
-  0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
-  0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
-  0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
-  0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
-  0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
-  0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
-  0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
-  0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
-  0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c
-};
-
 FAR struct swcr_data **swcr_sessions = NULL;
 uint32_t swcr_sesnum = 0;
 int swcr_id = -1;
@@ -0,0 +1,70 @@
+/****************************************************************************
+ * crypto/hmac_buff.c
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.  The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <stdint.h>
+#include <crypto/cryptodev.h>
+
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+const uint8_t hmac_ipad_buffer[HMAC_MAX_BLOCK_LEN] =
+{
+  0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+  0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+  0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+  0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+  0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+  0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+  0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+  0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+  0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+  0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+  0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+  0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+  0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+  0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+  0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+  0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36
+};
+
+const uint8_t hmac_opad_buffer[HMAC_MAX_BLOCK_LEN] =
+{
+  0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+  0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+  0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+  0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+  0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+  0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+  0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+  0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+  0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+  0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+  0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+  0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+  0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+  0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+  0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+  0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c
+};
@@ -313,6 +313,11 @@ struct crypt_op
  caddr_t iv;
 };

+/* hamc buffer, software & hardware need it */
+
+extern const uint8_t hmac_ipad_buffer[HMAC_MAX_BLOCK_LEN];
+extern const uint8_t hmac_opad_buffer[HMAC_MAX_BLOCK_LEN];
+
 #define CRYPTO_MAX_MAC_LEN  20

 /* done against open of /dev/crypto, to get a cloned descriptor.
@@ -344,4 +349,9 @@ int crypto_getfeat(FAR int *);

 FAR struct cryptop *crypto_getreq(int);
 void crypto_freereq(FAR struct cryptop *);
+
+#ifdef CONFIG_CRYPTO_CRYPTODEV_HARDWARE
+void hwcr_init(void);
+#endif
+
 #endif /* __INCLUDE_CRYPTO_CRYPTODEV_H */
@@ -73,9 +73,6 @@ struct swcr_data
  struct swcr_data *sw_next;
 };

-extern const uint8_t hmac_ipad_buffer[HMAC_MAX_BLOCK_LEN];
-extern const uint8_t hmac_opad_buffer[HMAC_MAX_BLOCK_LEN];
-
 int swcr_encdec(FAR struct cryptop *, FAR struct cryptodesc *,
                FAR struct swcr_data *, caddr_t);
 int swcr_authcompute(FAR struct cryptop *, FAR struct cryptodesc *,