feat(hal/aes): Enable pseudo rounds function during AES operations

components/hal/aes_hal.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2020-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2020-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -39,8 +39,17 @@ void aes_hal_transform_block(const void *input_block, void *output_block)
     aes_ll_read_block(output_block);
 }
 
-#if SOC_AES_SUPPORT_DMA
 
+#ifdef SOC_AES_SUPPORT_PSEUDO_ROUND_FUNCTION
+void aes_hal_enable_pseudo_rounds(bool enable, uint8_t base, uint8_t increment, uint8_t key_rng_cnt)
+{
+    if (aes_ll_is_pseudo_rounds_function_supported()) {
+        aes_ll_enable_pseudo_rounds(enable, base, increment, key_rng_cnt);
+    }
+}
+#endif // SOC_AES_SUPPORT_PSEUDO_ROUND_FUNCTION
+
+#if SOC_AES_SUPPORT_DMA
 
 void aes_hal_transform_dma_start(size_t num_blocks)
 {
@@ -61,7 +70,7 @@ void aes_hal_transform_dma_finish(void)
 
 void aes_hal_mode_init(esp_aes_mode_t mode)
 {
-    /* Set the algorith mode CBC, CFB ... */
+    /* Set the algorithm mode CBC, CFB ... */
     aes_ll_set_block_mode(mode);
     /* Presently hard-coding the INC function to 32 bit */
     if (mode == ESP_AES_BLOCK_MODE_CTR) {
@@ -83,8 +92,6 @@ void aes_hal_wait_done()
 {
     while (aes_ll_get_state() != ESP_AES_STATE_DONE) {}
 }
-
-
 #endif //SOC_AES_SUPPORT_DMA
 
 #if SOC_AES_SUPPORT_GCM

components/hal/esp32h2/include/hal/aes_ll.h

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -12,6 +12,9 @@
 #include "soc/pcr_struct.h"
 #include "hal/aes_types.h"
 
+#include "hal/efuse_hal.h"
+#include "soc/chip_revision.h"
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -241,6 +244,38 @@ static inline void aes_ll_interrupt_clear(void)
     REG_WRITE(AES_INT_CLEAR_REG, 1);
 }
 
+/**
+ * @brief Enable the pseudo-round function during AES operations
+ *
+ * @param enable true to enable, false to disable
+ * @param base basic number of pseudo rounds, zero if disable
+ * @param increment increment number of pseudo rounds, zero if disable
+ * @param key_rng_cnt update frequency of the pseudo-key, zero if disable
+ */
+static inline void aes_ll_enable_pseudo_rounds(bool enable, uint8_t base, uint8_t increment, uint8_t key_rng_cnt)
+{
+    REG_SET_FIELD(AES_PSEUDO_REG, AES_PSEUDO_EN, enable);
+
+    if (enable) {
+        REG_SET_FIELD(AES_PSEUDO_REG, AES_PSEUDO_BASE, base);
+        REG_SET_FIELD(AES_PSEUDO_REG, AES_PSEUDO_INC, increment);
+        REG_SET_FIELD(AES_PSEUDO_REG, AES_PSEUDO_RNG_CNT, key_rng_cnt);
+    } else {
+        REG_SET_FIELD(AES_PSEUDO_REG, AES_PSEUDO_BASE, 0);
+        REG_SET_FIELD(AES_PSEUDO_REG, AES_PSEUDO_INC, 0);
+        REG_SET_FIELD(AES_PSEUDO_REG, AES_PSEUDO_RNG_CNT, 0);
+    }
+}
+
+/**
+ * @brief Check if the pseudo round function is supported
+ * The AES pseudo round function is only avliable in chip version
+ * above 1.2 in ESP32-H2
+ */
+static inline bool aes_ll_is_pseudo_rounds_function_supported(void)
+{
+    return ESP_CHIP_REV_ABOVE(efuse_hal_chip_revision(), 102);
+}
 
 #ifdef __cplusplus
 }

components/hal/include/hal/aes_hal.h

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2020-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2020-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -45,6 +45,18 @@ uint8_t aes_hal_setkey(const uint8_t *key, size_t key_bytes, int mode);
  */
 void aes_hal_transform_block(const void *input_block, void *output_block);
 
+#ifdef SOC_AES_SUPPORT_PSEUDO_ROUND_FUNCTION
+/**
+ * @brief Enable the pseudo-round function during AES operations
+ *
+ * @param enable true to enable, false to disable
+ * @param base basic number of pseudo rounds, zero if disable
+ * @param increment increment number of pseudo rounds, zero if disable
+ * @param key_rng_cnt update frequency of the pseudo-key, zero if disable
+ */
+void aes_hal_enable_pseudo_rounds(bool enable, uint8_t base, uint8_t increment, uint8_t key_rng_cnt);
+#endif /* SOC_AES_SUPPORT_PSEUDO_ROUND_FUNCTION */
+
 #if SOC_AES_SUPPORT_DMA
 /**
  * @brief Inits the AES mode of operation
@@ -102,6 +114,7 @@ void aes_hal_transform_dma_finish(void);
  */
 #define aes_hal_interrupt_clear() aes_ll_interrupt_clear()
 
+
 #if SOC_AES_SUPPORT_GCM
 /**
  * @brief Calculates the Hash sub-key H0 needed to start AES-GCM
@@ -114,7 +127,7 @@ void aes_hal_gcm_calc_hash(uint8_t *gcm_hash);
  * @brief Initializes the AES hardware for AES-GCM
  *
  * @param aad_num_blocks the number of Additional Authenticated Data (AAD) blocks
- * @param num_valid_bit the number of effective bits of incomplete blocks in plaintext/cipertext
+ * @param num_valid_bit the number of effective bits of incomplete blocks in plaintext/ciphertext
  */
 void aes_hal_gcm_init(size_t aad_num_blocks, size_t num_valid_bit);
 

components/mbedtls/Kconfig

@@ -416,6 +416,42 @@ menu "mbedTLS"
             priority level and any level from 1 to 3 can be selected (based on the availability).
             Note: Higher value indicates high interrupt priority.
 
+    config MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC
+        bool "Enable AES hardware's pseudo round function"
+        default n
+        depends on SOC_AES_SUPPORT_PSEUDO_ROUND_FUNCTION
+        help
+            Enables the pseudo round function of the AES peripheral.
+            Enabling this would impact the performance of the AES operations.
+            For more info regarding the performance impact, please checkout the pseudo round function section of the
+            security guide.
+
+    choice MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH
+        prompt "Strength of the pseudo rounds function"
+        depends on MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC
+        default MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH_LOW
+        help
+            The strength of the pseudo rounds functions can be configured to low, medium and high.
+            You can configure the strength of the pseudo rounds functions according to your use cases,
+            for example, increasing the strength would provide higher security but would slow down the
+            hardware AES encryption/decryption operations.
+
+        config MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH_LOW
+            bool "Low"
+
+        config MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH_MEDIUM
+            bool "Medium"
+
+        config MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH_HIGH
+            bool "High"
+    endchoice
+
+    config MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH
+        int
+        default 1 if MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH_LOW
+        default 2 if MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH_MEDIUM
+        default 3 if MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH_HIGH
+
     config MBEDTLS_HARDWARE_GCM
         bool "Enable partially hardware accelerated GCM"
         depends on SOC_AES_SUPPORT_GCM && MBEDTLS_HARDWARE_AES

components/mbedtls/port/aes/block/esp_aes.c

@@ -35,6 +35,7 @@
 #include "hal/aes_hal.h"
 #include "hal/aes_ll.h"
 #include "esp_aes_internal.h"
+#include "sdkconfig.h"
 
 #include <freertos/FreeRTOS.h>
 
@@ -105,6 +106,10 @@ static int esp_aes_block(esp_aes_context *ctx, const void *input, void *output)
     i2 = input_words[2];
     i3 = input_words[3];
 
+#ifdef CONFIG_MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC
+    esp_aes_enable_pseudo_rounds(CONFIG_MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH);
+#endif /* CONFIG_MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC */
+
     aes_hal_transform_block(input, output);
 
     /* Physical security check: Verify the AES accelerator actually ran, and wasn't

components/mbedtls/port/aes/dma/esp_aes_dma_core.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2024-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -595,6 +595,10 @@ int esp_aes_process_dma(esp_aes_context *ctx, const unsigned char *input, unsign
         aes_hal_interrupt_enable(false);
     }
 
+#ifdef CONFIG_MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC
+    esp_aes_enable_pseudo_rounds(CONFIG_MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH);
+#endif /* CONFIG_MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC */
+
     if (esp_aes_dma_start(input_desc, output_desc) != ESP_OK) {
         ESP_LOGE(TAG, "esp_aes_dma_start failed, no DMA channel available");
         ret = -1;
@@ -814,6 +818,10 @@ int esp_aes_process_dma_gcm(esp_aes_context *ctx, const unsigned char *input, un
         aes_hal_interrupt_enable(false);
     }
 
+#ifdef CONFIG_MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC
+    esp_aes_enable_pseudo_rounds(CONFIG_MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH);
+#endif /* CONFIG_MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC */
+
     /* Start AES operation */
     if (esp_aes_dma_start(in_desc_head, output_desc) != ESP_OK) {
         ESP_LOGE(TAG, "esp_aes_dma_start failed, no DMA channel available");
@@ -1069,6 +1077,10 @@ int esp_aes_process_dma(esp_aes_context *ctx, const unsigned char *input, unsign
         aes_hal_interrupt_enable(false);
     }
 
+#ifdef CONFIG_MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC
+    esp_aes_enable_pseudo_rounds(CONFIG_MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH);
+#endif /* CONFIG_MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC */
+
     if (esp_aes_dma_start(in_desc_head, out_desc_head) != ESP_OK) {
         ESP_LOGE(TAG, "esp_aes_dma_start failed, no DMA channel available");
         ret = -1;
@@ -1247,6 +1259,10 @@ int esp_aes_process_dma_gcm(esp_aes_context *ctx, const unsigned char *input, un
         aes_hal_interrupt_enable(false);
     }
 
+#ifdef CONFIG_MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC
+    esp_aes_enable_pseudo_rounds(CONFIG_MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH);
+#endif /* CONFIG_MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC */
+
     /* Start AES operation */
     if (esp_aes_dma_start(in_desc_head, out_desc_head) != ESP_OK) {
         ESP_LOGE(TAG, "esp_aes_dma_start failed, no DMA channel available");

components/mbedtls/port/aes/esp_aes_common.c

@@ -6,7 +6,7 @@
  *
  * SPDX-License-Identifier: Apache-2.0
  *
- * SPDX-FileContributor: 2016-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileContributor: 2016-2025 Espressif Systems (Shanghai) CO LTD
  */
 /*
  *  The AES block cipher was designed by Vincent Rijmen and Joan Daemen.
@@ -76,3 +76,30 @@ int esp_aes_setkey( esp_aes_context *ctx, const unsigned char *key,
     ctx->key_in_hardware = 0;
     return 0;
 }
+
+#ifdef CONFIG_MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC
+/* The total number of pseudo-rounds randomly inserted in an AES operation are controlled by
+ * configuring the AES_PSEUDO_BASE, AES_PSEUDO_INC parameters.
+ * Users can also set the frequency of random key updates by configuring the AES_PSEUDO_RNG_CNT.
+ * Here, we would be using some pre-decided values for these parameters corresponding to the security needed.
+ * For more information regarding these parameters please refer the TRM.
+ */
+#define AES_PSEUDO_ROUNDS_BASE_LOW      4
+#define AES_PSEUDO_ROUNDS_BASE_MEDIUM   7
+#define AES_PSEUDO_ROUNDS_BASE_HIGH     15
+#define AES_PSEUDO_ROUNDS_INC           3
+#define AES_PSEUDO_ROUNDS_RNG_CNT       7
+
+void esp_aes_enable_pseudo_rounds(esp_aes_psuedo_rounds_state_t state)
+{
+    if (state == ESP_AES_PSEUDO_ROUNDS_DISABLE) {
+        aes_hal_enable_pseudo_rounds(false, 0, 0, 0);
+    } else if (state == ESP_AES_PSEUDO_ROUNDS_LOW) {
+        aes_hal_enable_pseudo_rounds(true, AES_PSEUDO_ROUNDS_BASE_LOW, AES_PSEUDO_ROUNDS_INC, AES_PSEUDO_ROUNDS_RNG_CNT);
+    } else if (state == ESP_AES_PSEUDO_ROUNDS_MEDIUM) {
+        aes_hal_enable_pseudo_rounds(true, AES_PSEUDO_ROUNDS_BASE_MEDIUM, AES_PSEUDO_ROUNDS_INC, AES_PSEUDO_ROUNDS_RNG_CNT);
+    } else {
+        aes_hal_enable_pseudo_rounds(true, AES_PSEUDO_ROUNDS_BASE_HIGH, AES_PSEUDO_ROUNDS_INC, AES_PSEUDO_ROUNDS_RNG_CNT);
+    }
+}
+#endif /* CONFIG_MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC */

components/mbedtls/port/aes/include/esp_aes_internal.h

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -9,7 +9,9 @@
 #include <stdbool.h>
 #include "aes/esp_aes.h"
 #include "soc/soc_caps.h"
+#include "hal/aes_hal.h"
 #include "esp_crypto_dma.h"
+#include "sdkconfig.h"
 
 #ifdef __cplusplus
 extern "C" {
@@ -17,6 +19,20 @@ extern "C" {
 
 bool valid_key_length(const esp_aes_context *ctx);
 
+#ifdef CONFIG_MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC
+/**
+ * @brief Default pseudo rounds configs of the AES accelerator
+ */
+typedef enum {
+    ESP_AES_PSEUDO_ROUNDS_DISABLE = 0,
+    ESP_AES_PSEUDO_ROUNDS_LOW,
+    ESP_AES_PSEUDO_ROUNDS_MEDIUM,
+    ESP_AES_PSEUDO_ROUNDS_HIGH,
+} esp_aes_psuedo_rounds_state_t;
+
+void esp_aes_enable_pseudo_rounds(esp_aes_psuedo_rounds_state_t state);
+#endif /* CONFIG_MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC */
+
 #if SOC_AES_SUPPORT_DMA
 /**
  * @brief           Run a AES operation using DMA

components/soc/esp32h2/include/soc/Kconfig.soc_caps.in

@@ -255,6 +255,10 @@ config SOC_AES_SUPPORT_AES_256
     bool
     default y
 
+config SOC_AES_SUPPORT_PSEUDO_ROUND_FUNCTION
+    bool
+    default y
+
 config SOC_ADC_DIG_CTRL_SUPPORTED
     bool
     default y

components/soc/esp32h2/include/soc/soc_caps.h

@@ -104,6 +104,8 @@
 #define SOC_AES_SUPPORT_AES_128 (1)
 #define SOC_AES_SUPPORT_AES_256 (1)
 
+#define SOC_AES_SUPPORT_PSEUDO_ROUND_FUNCTION (1) /*!< Only avliable in chip version above 1.2*/
+
 /*-------------------------- ADC CAPS -------------------------------*/
 /*!< SAR ADC Module*/
 #define SOC_ADC_DIG_CTRL_SUPPORTED              1

components/soc/esp32h2/register/soc/aes_reg.h

@@ -1,5 +1,5 @@
 /**
- * SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD
  *
  *  SPDX-License-Identifier: Apache-2.0
  */
@@ -412,6 +412,63 @@ extern "C" {
 #define AES_DMA_EXIT_V  0x00000001U
 #define AES_DMA_EXIT_S  0
 
+/** AES_RX_RESET_REG register
+ *  AES-DMA reset rx-fifo register
+ */
+#define AES_RX_RESET_REG (DR_REG_AES_BASE + 0xc0)
+/** AES_RX_RESET : WT; bitpos: [0]; default: 0;
+ *  Set this bit to reset rx_fifo under dma_aes working mode.
+ */
+#define AES_RX_RESET    (BIT(0))
+#define AES_RX_RESET_M  (AES_RX_RESET_V << AES_RX_RESET_S)
+#define AES_RX_RESET_V  0x00000001U
+#define AES_RX_RESET_S  0
+
+/** AES_TX_RESET_REG register
+ *  AES-DMA reset tx-fifo register
+ */
+#define AES_TX_RESET_REG (DR_REG_AES_BASE + 0xc4)
+/** AES_TX_RESET : WT; bitpos: [0]; default: 0;
+ *  Set this bit to reset tx_fifo under dma_aes working mode.
+ */
+#define AES_TX_RESET    (BIT(0))
+#define AES_TX_RESET_M  (AES_TX_RESET_V << AES_TX_RESET_S)
+#define AES_TX_RESET_V  0x00000001U
+#define AES_TX_RESET_S  0
+
+/** AES_PSEUDO_REG register
+ *  AES PSEUDO function configure register
+ */
+#define AES_PSEUDO_REG (DR_REG_AES_BASE + 0xd0)
+/** AES_PSEUDO_EN : R/W; bitpos: [0]; default: 0;
+ *  This bit decides whether the pseudo round function is enable or not.
+ */
+#define AES_PSEUDO_EN    (BIT(0))
+#define AES_PSEUDO_EN_M  (AES_PSEUDO_EN_V << AES_PSEUDO_EN_S)
+#define AES_PSEUDO_EN_V  0x00000001U
+#define AES_PSEUDO_EN_S  0
+/** AES_PSEUDO_BASE : R/W; bitpos: [4:1]; default: 2;
+ *  Those bits decides the basic number of pseudo round number.
+ */
+#define AES_PSEUDO_BASE    0x0000000FU
+#define AES_PSEUDO_BASE_M  (AES_PSEUDO_BASE_V << AES_PSEUDO_BASE_S)
+#define AES_PSEUDO_BASE_V  0x0000000FU
+#define AES_PSEUDO_BASE_S  1
+/** AES_PSEUDO_INC : R/W; bitpos: [6:5]; default: 2;
+ *  Those bits decides the increment number of pseudo round number
+ */
+#define AES_PSEUDO_INC    0x00000003U
+#define AES_PSEUDO_INC_M  (AES_PSEUDO_INC_V << AES_PSEUDO_INC_S)
+#define AES_PSEUDO_INC_V  0x00000003U
+#define AES_PSEUDO_INC_S  5
+/** AES_PSEUDO_RNG_CNT : R/W; bitpos: [9:7]; default: 7;
+ *  Those bits decides the update frequency of the pseudo-key.
+ */
+#define AES_PSEUDO_RNG_CNT    0x00000007U
+#define AES_PSEUDO_RNG_CNT_M  (AES_PSEUDO_RNG_CNT_V << AES_PSEUDO_RNG_CNT_S)
+#define AES_PSEUDO_RNG_CNT_V  0x00000007U
+#define AES_PSEUDO_RNG_CNT_S  7
+
 #ifdef __cplusplus
 }
 #endif

components/soc/esp32h2/register/soc/aes_struct.h

@@ -1,5 +1,5 @@
 /**
- * SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD
  *
  *  SPDX-License-Identifier: Apache-2.0
  */
@@ -398,6 +398,61 @@ typedef union {
     uint32_t val;
 } aes_dma_exit_reg_t;
 
+/** Type of rx_reset register
+ *  AES-DMA reset rx-fifo register
+ */
+typedef union {
+    struct {
+        /** rx_reset : WT; bitpos: [0]; default: 0;
+         *  Set this bit to reset rx_fifo under dma_aes working mode.
+         */
+        uint32_t rx_reset:1;
+        uint32_t reserved_1:31;
+    };
+    uint32_t val;
+} aes_rx_reset_reg_t;
+
+/** Type of tx_reset register
+ *  AES-DMA reset tx-fifo register
+ */
+typedef union {
+    struct {
+        /** tx_reset : WT; bitpos: [0]; default: 0;
+         *  Set this bit to reset tx_fifo under dma_aes working mode.
+         */
+        uint32_t tx_reset:1;
+        uint32_t reserved_1:31;
+    };
+    uint32_t val;
+} aes_tx_reset_reg_t;
+
+
+/** Group: Configuration register */
+/** Type of pseudo register
+ *  AES PSEUDO function configure register
+ */
+typedef union {
+    struct {
+        /** pseudo_en : R/W; bitpos: [0]; default: 0;
+         *  This bit decides whether the pseudo round function is enable or not.
+         */
+        uint32_t pseudo_en:1;
+        /** pseudo_base : R/W; bitpos: [4:1]; default: 2;
+         *  Those bits decides the basic number of pseudo round number.
+         */
+        uint32_t pseudo_base:4;
+        /** pseudo_inc : R/W; bitpos: [6:5]; default: 2;
+         *  Those bits decides the increment number of pseudo round number
+         */
+        uint32_t pseudo_inc:2;
+        /** pseudo_rng_cnt : R/W; bitpos: [9:7]; default: 7;
+         *  Those bits decides the update frequency of the pseudo-key.
+         */
+        uint32_t pseudo_rng_cnt:3;
+        uint32_t reserved_10:22;
+    };
+    uint32_t val;
+} aes_pseudo_reg_t;
 
 /** Group: memory type */
 
@@ -483,12 +538,17 @@ typedef struct {
     volatile aes_int_ena_reg_t int_ena;
     volatile aes_date_reg_t date;
     volatile aes_dma_exit_reg_t dma_exit;
+    uint32_t reserved_0bc;
+    volatile aes_rx_reset_reg_t rx_reset;
+    volatile aes_tx_reset_reg_t tx_reset;
+    uint32_t reserved_0c8[2];
+    volatile aes_pseudo_reg_t pseudo;
 } aes_dev_t;
 
 extern aes_dev_t AES;
 
 #ifndef __cplusplus
-_Static_assert(sizeof(aes_dev_t) == 0xbc, "Invalid size of aes_dev_t structure");
+_Static_assert(sizeof(aes_dev_t) == 0xd4, "Invalid size of aes_dev_t structure");
 #endif
 
 #ifdef __cplusplus

docs/en/security/security.rst

@@ -114,18 +114,53 @@ Flash Encryption Best Practices
 
         This feature can help to prevent the possibility of remote code injection due to the existing vulnerabilities in the software.
 
-.. only:: SOC_CRYPTO_DPA_PROTECTION_SUPPORTED
+.. only:: SOC_CRYPTO_DPA_PROTECTION_SUPPORTED or SOC_AES_SUPPORT_PSEUDO_ROUND_FUNCTION
 
-    DPA (Differential Power Analysis) Protection
-    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+    Protection Against Side-Channel Attacks
+    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-    {IDF_TARGET_NAME} has support for protection mechanisms against the Differential Power Analysis related security attacks. DPA protection dynamically adjusts the clock frequency of the crypto peripherals, thereby blurring the power consumption trajectory during its operation. Based on the configured DPA security level, the clock variation range changes. Please refer to the TRM for more details on this topic.
+    .. only:: SOC_CRYPTO_DPA_PROTECTION_SUPPORTED
 
-    :ref:`CONFIG_ESP_CRYPTO_DPA_PROTECTION_LEVEL` can help to select the DPA level. Higher level means better security, but it can also have an associated performance impact. By default, the lowest DPA level is kept enabled but it can be modified based on the security requirement.
+        DPA (Differential Power Analysis) Protection
+        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-    .. note::
+        {IDF_TARGET_NAME} has support for protection mechanisms against the Differential Power Analysis related security attacks. DPA protection dynamically adjusts the clock frequency of the crypto peripherals, thereby blurring the power consumption trajectory during its operation. Based on the configured DPA security level, the clock variation range changes. Please refer to the TRM for more details on this topic.
+
+        :ref:`CONFIG_ESP_CRYPTO_DPA_PROTECTION_LEVEL` can help to select the DPA level. Higher level means better security, but it can also have an associated performance impact. By default, the lowest DPA level is kept enabled but it can be modified based on the security requirement.
+
+        .. note::
+
+            Please note that hardware :doc:`RNG <../api-reference/system/random>` must be enabled for DPA protection to work correctly.
+
+    .. only:: SOC_AES_SUPPORT_PSEUDO_ROUND_FUNCTION
+
+        AES peripheral's Pseudo-Round Function
+        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+        {IDF_TARGET_NAME} incorporates a pseudo-round function in the AES peripheral, thus enabling the peripheral to randomly insert pseudo-rounds before and after the original operation rounds and also generate a pseudo key to perform these dummy operations.
+        These operations do not alter the original result, but they increase the complexity to perform side channel analysis attacks by randomizing the power profile.
+
+        :ref:`CONFIG_MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH` can be used to select the strength of the pseudo-round function. Increasing the strength improves the security provided, but would slow down the encrryption/decryption operations.
+
+
+        .. list-table:: Performance impact on AES operations per strength level
+            :widths: 10 10
+            :header-rows: 1
+            :align: center
+
+            * - **Strength**
+              - **Performance Impact** [#]_
+            * - Low
+              - 20.9 %
+            * - Medium
+              - 47.6 %
+            * - High
+              - 72.4 %
+
+        .. [#] The above performance numbers have been calculated using the AES performance test of the mbedtls test application :component_file:`test_aes_perf.c <mbedtls/test_apps/main/test_aes_perf.c>`.
+
+        Considering the above performance impact, ESP-IDF by-default does not enable the pseudo-round function to avoid any performance-related degrade. But it is recommended to enable the pseudo-round function for better security.
 
-        Please note that hardware :doc:`RNG <../api-reference/system/random>` must be enabled for DPA protection to work correctly.
 
 Debug Interfaces
 ~~~~~~~~~~~~~~~~