From 2fddfd7f8f3750c131a5a98a3e74cead84df43b4 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 10 Jan 2023 16:32:03 +0800
Subject: [PATCH] Add AESCE confige options

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 include/mbedtls/check_config.h   | 10 ++++++++++
 include/mbedtls/mbedtls_config.h | 19 +++++++++++++++++++
 2 files changed, 29 insertions(+)

diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 1efabdc1f..055bfa7aa 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -70,6 +70,16 @@
 #error "MBEDTLS_AESNI_C defined, but not all prerequisites"
 #endif
 
+#if defined(MBEDTLS_AESCE_C) && !defined(MBEDTLS_HAVE_ASM)
+#error "MBEDTLS_AESCE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_AESCE_C) && \
+    (defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) || \
+      defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY))
+#error "MBEDTLS_AESCE_C defined, MBEDTLS_SHA512_USE_A64_CRYPTO_* MUST be disabled for known fail."
+#endif
+
 #if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C)
 #error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
 #endif
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 9ae51c964..6cea05011 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -2065,6 +2065,25 @@
  */
 #define MBEDTLS_AESNI_C
 
+/**
+ * \def MBEDTLS_AESCE_C
+ *
+ * Enable AES crypto engine support on Arm64.
+ *
+ * Module:  library/aesce.c
+ * Caller:  library/aes.c
+ *
+ * Requires: MBEDTLS_HAVE_ASM, MBEDTLS_AES_C
+ *
+ * \note The code uses Neon intrinsics, so \c CFLAGS must be set to a minimum
+ * of \c -march=armv8-a+crypto .
+ *
+ * \warning `MBEDTLS_SHA512_USE_A64_CRYPTO_*` should be disabled when enabled
+ *
+ * This modules adds support for the AES crypto instructions on Arm64
+ */
+#define MBEDTLS_AESCE_C
+
 /**
  * \def MBEDTLS_AES_C
  *