With Hardware AES enabled, mbedtls_aes_init is not available anymore

jumjum123
Posts: 197
Joined: Mon Oct 17, 2016 3:11 pm

With Hardware AES enabled, mbedtls_aes_init is not available anymore

Postby jumjum123 » Thu Mar 26, 2020 5:11 pm

In our application we use some mbedtls_aes-functions.
If Hardware AES is enabled, linker runs into undefined reference
With Hardware AES disabled, this does not happen.

Is this a bug ? Or what is the reason ?

ESP_Angus
Posts: 2104
Joined: Sun May 08, 2016 4:11 am

Re: With Hardware AES enabled, mbedtls_aes_init is not available anymore

Postby ESP_Angus » Thu Mar 26, 2020 10:41 pm

Hi jumjum,

When hardware AES is enabled in the project config, we enable the MBEDTLS_AES_ALT config option for the mbedtls build and use the header in components/mbedtls/port/include/aes_alt.h to redefine functions such as mbedtls_aes_init to esp_aes_init at compile time (all the mbedtls_aes_* functions are redefined in this way).

This means that if the project configuration setting for Hardware AES is changed, all source files need to be compiled to include the new mbedTLS config header. This should happen automatically if all the source files are built as part of the ESP-IDF build system. However if you have (for example) a prebuilt static library then you may need to rebuild this yourself against the new config.

If you think this is a bug in the ESP-IDF build system then please provide some more details (ESP-IDF version, what file(s) have the linker errors, how these files are built, etc) and we can help you debug.

Angus

jumjum123
Posts: 197
Joined: Mon Oct 17, 2016 3:11 pm

Re: With Hardware AES enabled, mbedtls_aes_init is not available anymore

Postby jumjum123 » Fri Mar 27, 2020 12:17 pm

Hello Angus,
thanks for feedback. Let me try to give some more information.
Somewhere in my mind is something about this problem already appeared in esp-idf V3.2 but I'm not sure on that
Anyway, I was able to drill it down to this, using esp-idf master some days old.
1. clone esp-idf-template to directory named app
2. run . ./export.sh
3. cd to directory app (which holds everything from esp-idf-template now)
4. idf.py menuconfig
5. in component config -> mbedtls, disable option Enable hardware AES acceleration
6. exit menuconfig with save
7. idf.py fullclean
8. idf.py build
9. cd app/build/esp-idf/mbedtls/mbedtls/library
10. nm libmbedcrypto.a >libmbedcryptoNoHW.lst

goto step 5 but this time Enable option Enable hardware AES acceleration
do step 6 to 9
do step 10 to libmbedcryptoHW.lst

In libmbedcryptoNoHW.lst is a long list of 00000000 T mbedtls_aes_XXXXX where XXXXX is init,free, etc.
In libmbedcryptoHW.lst is no entry for mbedtls_aes_....

Hope this information is helpful to help me.

Who is online

Users browsing this forum: biterror, josephhui, vonnieda and 13 guests