diff --git a/components/esp_tee/scripts/esp32c6/sec_srv_tbl_default.yml b/components/esp_tee/scripts/esp32c6/sec_srv_tbl_default.yml index 6d9ef94841..ec1bd6654c 100644 --- a/components/esp_tee/scripts/esp32c6/sec_srv_tbl_default.yml +++ b/components/esp_tee/scripts/esp32c6/sec_srv_tbl_default.yml @@ -240,6 +240,10 @@ secure_services: type: IDF function: esp_ecc_point_verify args: 1 + - id: 110 + type: IDF + function: esp_sha_set_mode + args: 1 # ID: 134-169 (36) - Reserved for future use - family: attestation entries: diff --git a/components/esp_tee/scripts/esp32h2/sec_srv_tbl_default.yml b/components/esp_tee/scripts/esp32h2/sec_srv_tbl_default.yml index f70e9b1434..dc8221367b 100644 --- a/components/esp_tee/scripts/esp32h2/sec_srv_tbl_default.yml +++ b/components/esp_tee/scripts/esp32h2/sec_srv_tbl_default.yml @@ -244,6 +244,10 @@ secure_services: type: IDF function: esp_crypto_ecc_enable_periph_clk args: 1 + - id: 111 + type: IDF + function: esp_sha_set_mode + args: 1 # ID: 134-169 (36) - Reserved for future use - family: attestation entries: diff --git a/components/esp_tee/src/esp_secure_service_wrapper.c b/components/esp_tee/src/esp_secure_service_wrapper.c index 89ae362d5f..a993f46765 100644 --- a/components/esp_tee/src/esp_secure_service_wrapper.c +++ b/components/esp_tee/src/esp_secure_service_wrapper.c @@ -202,6 +202,11 @@ int __wrap_esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_ return esp_tee_service_call(4, SS_ESP_SHA_BLOCK, sha_type, data_block, is_first_block); } +void __wrap_esp_sha_set_mode(esp_sha_type sha_type) +{ + esp_tee_service_call(2, SS_ESP_SHA_SET_MODE, sha_type); +} + void __wrap_esp_sha_read_digest_state(esp_sha_type sha_type, void *digest_state) { esp_tee_service_call(3, SS_ESP_SHA_READ_DIGEST_STATE, sha_type, digest_state); diff --git a/components/esp_tee/subproject/main/core/esp_secure_services.c b/components/esp_tee/subproject/main/core/esp_secure_services.c index 0595c3d318..1cd85be67a 100644 --- a/components/esp_tee/subproject/main/core/esp_secure_services.c +++ b/components/esp_tee/subproject/main/core/esp_secure_services.c @@ -193,6 +193,11 @@ void _ss_esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_fi esp_sha_block(sha_type, data_block, is_first_block); } +void _ss_esp_sha_set_mode(esp_sha_type sha_type) +{ + esp_sha_set_mode(sha_type); +} + void _ss_esp_crypto_sha_enable_periph_clk(bool enable) { esp_crypto_sha_enable_periph_clk(enable); diff --git a/components/hal/esp32/include/hal/sha_ll.h b/components/hal/esp32/include/hal/sha_ll.h index f321c2be09..0d80d27bbd 100644 --- a/components/hal/esp32/include/hal/sha_ll.h +++ b/components/hal/esp32/include/hal/sha_ll.h @@ -126,6 +126,16 @@ static inline void sha_ll_load(esp_sha_type sha_type) DPORT_REG_WRITE(SHA_LOAD_REG(sha_type), 1); } +/** + * @brief Load the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_set_mode(esp_sha_type sha_type) +{ + (void) sha_type; +} + /** * @brief Checks if the SHA engine is currently busy hashing a block * diff --git a/components/hal/esp32c2/include/hal/sha_ll.h b/components/hal/esp32c2/include/hal/sha_ll.h index 4877e4ba55..e7261275ec 100644 --- a/components/hal/esp32c2/include/hal/sha_ll.h +++ b/components/hal/esp32c2/include/hal/sha_ll.h @@ -42,6 +42,16 @@ static inline void sha_ll_reset_register(void) /// the critical section needs to declare the __DECLARE_RCC_ATOMIC_ENV variable in advance #define sha_ll_reset_register(...) (void)__DECLARE_RCC_ATOMIC_ENV; sha_ll_reset_register(__VA_ARGS__) +/** + * @brief Load the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_set_mode(esp_sha_type sha_type) +{ + REG_WRITE(SHA_MODE_REG, sha_type); +} + /** * @brief Start a new SHA block conversions (no initial hash in HW) * @@ -49,7 +59,7 @@ static inline void sha_ll_reset_register(void) */ static inline void sha_ll_start_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_START_REG, 1); } @@ -60,29 +70,23 @@ static inline void sha_ll_start_block(esp_sha_type sha_type) */ static inline void sha_ll_continue_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_CONTINUE_REG, 1); } /** * @brief Start a new SHA message conversion using DMA (no initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_start_dma(esp_sha_type sha_type) +static inline void sha_ll_start_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_START_REG, 1); } /** * @brief Continue a SHA message conversion using DMA (initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_continue_dma(esp_sha_type sha_type) +static inline void sha_ll_continue_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_CONTINUE_REG, 1); } diff --git a/components/hal/esp32c3/include/hal/sha_ll.h b/components/hal/esp32c3/include/hal/sha_ll.h index 4ad996b59f..da917c76ab 100644 --- a/components/hal/esp32c3/include/hal/sha_ll.h +++ b/components/hal/esp32c3/include/hal/sha_ll.h @@ -45,6 +45,16 @@ static inline void sha_ll_reset_register(void) /// the critical section needs to declare the __DECLARE_RCC_ATOMIC_ENV variable in advance #define sha_ll_reset_register(...) (void)__DECLARE_RCC_ATOMIC_ENV; sha_ll_reset_register(__VA_ARGS__) +/** + * @brief Load the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_set_mode(esp_sha_type sha_type) +{ + REG_WRITE(SHA_MODE_REG, sha_type); +} + /** * @brief Start a new SHA block conversions (no initial hash in HW) * @@ -52,7 +62,7 @@ static inline void sha_ll_reset_register(void) */ static inline void sha_ll_start_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_START_REG, 1); } @@ -63,29 +73,23 @@ static inline void sha_ll_start_block(esp_sha_type sha_type) */ static inline void sha_ll_continue_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_CONTINUE_REG, 1); } /** * @brief Start a new SHA message conversion using DMA (no initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_start_dma(esp_sha_type sha_type) +static inline void sha_ll_start_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_START_REG, 1); } /** * @brief Continue a SHA message conversion using DMA (initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_continue_dma(esp_sha_type sha_type) +static inline void sha_ll_continue_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_CONTINUE_REG, 1); } diff --git a/components/hal/esp32c5/include/hal/sha_ll.h b/components/hal/esp32c5/include/hal/sha_ll.h index 05c8ac445e..e1cb5f503c 100644 --- a/components/hal/esp32c5/include/hal/sha_ll.h +++ b/components/hal/esp32c5/include/hal/sha_ll.h @@ -39,6 +39,16 @@ static inline void sha_ll_reset_register(void) PCR.ecdsa_conf.ecdsa_rst_en = 0; } +/** + * @brief Load the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_set_mode(esp_sha_type sha_type) +{ + REG_WRITE(SHA_MODE_REG, sha_type); +} + /** * @brief Start a new SHA block conversions (no initial hash in HW) * @@ -46,7 +56,7 @@ static inline void sha_ll_reset_register(void) */ static inline void sha_ll_start_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_START_REG, 1); } @@ -57,29 +67,23 @@ static inline void sha_ll_start_block(esp_sha_type sha_type) */ static inline void sha_ll_continue_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_CONTINUE_REG, 1); } /** * @brief Start a new SHA message conversion using DMA (no initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_start_dma(esp_sha_type sha_type) +static inline void sha_ll_start_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_START_REG, 1); } /** * @brief Continue a SHA message conversion using DMA (initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_continue_dma(esp_sha_type sha_type) +static inline void sha_ll_continue_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_CONTINUE_REG, 1); } diff --git a/components/hal/esp32c6/include/hal/sha_ll.h b/components/hal/esp32c6/include/hal/sha_ll.h index ada6544337..7108e2d608 100644 --- a/components/hal/esp32c6/include/hal/sha_ll.h +++ b/components/hal/esp32c6/include/hal/sha_ll.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -37,6 +37,16 @@ static inline void sha_ll_reset_register(void) PCR.hmac_conf.hmac_rst_en = 0; } +/** + * @brief Load the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_set_mode(esp_sha_type sha_type) +{ + REG_WRITE(SHA_MODE_REG, sha_type); +} + /** * @brief Start a new SHA block conversions (no initial hash in HW) * @@ -44,7 +54,7 @@ static inline void sha_ll_reset_register(void) */ static inline void sha_ll_start_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_START_REG, 1); } @@ -55,29 +65,23 @@ static inline void sha_ll_start_block(esp_sha_type sha_type) */ static inline void sha_ll_continue_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_CONTINUE_REG, 1); } /** * @brief Start a new SHA message conversion using DMA (no initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_start_dma(esp_sha_type sha_type) +static inline void sha_ll_start_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_START_REG, 1); } /** * @brief Continue a SHA message conversion using DMA (initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_continue_dma(esp_sha_type sha_type) +static inline void sha_ll_continue_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_CONTINUE_REG, 1); } diff --git a/components/hal/esp32c61/include/hal/sha_ll.h b/components/hal/esp32c61/include/hal/sha_ll.h index 807391731e..7f9b945b47 100644 --- a/components/hal/esp32c61/include/hal/sha_ll.h +++ b/components/hal/esp32c61/include/hal/sha_ll.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2024-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -39,6 +39,16 @@ static inline void sha_ll_reset_register(void) PCR.ecdsa_conf.ecdsa_rst_en = 0; } +/** + * @brief Load the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_set_mode(esp_sha_type sha_type) +{ + REG_WRITE(SHA_MODE_REG, sha_type); +} + /** * @brief Start a new SHA block conversions (no initial hash in HW) * @@ -46,7 +56,7 @@ static inline void sha_ll_reset_register(void) */ static inline void sha_ll_start_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_START_REG, 1); } @@ -57,29 +67,23 @@ static inline void sha_ll_start_block(esp_sha_type sha_type) */ static inline void sha_ll_continue_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_CONTINUE_REG, 1); } /** * @brief Start a new SHA message conversion using DMA (no initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_start_dma(esp_sha_type sha_type) +static inline void sha_ll_start_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_START_REG, 1); } /** * @brief Continue a SHA message conversion using DMA (initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_continue_dma(esp_sha_type sha_type) +static inline void sha_ll_continue_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_CONTINUE_REG, 1); } diff --git a/components/hal/esp32h2/include/hal/sha_ll.h b/components/hal/esp32h2/include/hal/sha_ll.h index 0203449566..2363c768d1 100644 --- a/components/hal/esp32h2/include/hal/sha_ll.h +++ b/components/hal/esp32h2/include/hal/sha_ll.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -38,6 +38,16 @@ static inline void sha_ll_reset_register(void) PCR.ecdsa_conf.ecdsa_rst_en = 0; } +/** + * @brief Load the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_set_mode(esp_sha_type sha_type) +{ + REG_WRITE(SHA_MODE_REG, sha_type); +} + /** * @brief Start a new SHA block conversions (no initial hash in HW) * @@ -45,7 +55,7 @@ static inline void sha_ll_reset_register(void) */ static inline void sha_ll_start_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_START_REG, 1); } @@ -56,29 +66,23 @@ static inline void sha_ll_start_block(esp_sha_type sha_type) */ static inline void sha_ll_continue_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_CONTINUE_REG, 1); } /** * @brief Start a new SHA message conversion using DMA (no initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_start_dma(esp_sha_type sha_type) +static inline void sha_ll_start_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_START_REG, 1); } /** * @brief Continue a SHA message conversion using DMA (initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_continue_dma(esp_sha_type sha_type) +static inline void sha_ll_continue_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_CONTINUE_REG, 1); } diff --git a/components/hal/esp32h21/include/hal/sha_ll.h b/components/hal/esp32h21/include/hal/sha_ll.h index 29762922a1..177acc686e 100644 --- a/components/hal/esp32h21/include/hal/sha_ll.h +++ b/components/hal/esp32h21/include/hal/sha_ll.h @@ -38,6 +38,16 @@ static inline void sha_ll_reset_register(void) PCR.ecdsa_conf.ecdsa_rst_en = 0; } +/** + * @brief Load the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_set_mode(esp_sha_type sha_type) +{ + REG_WRITE(SHA_MODE_REG, sha_type); +} + /** * @brief Start a new SHA block conversions (no initial hash in HW) * @@ -45,7 +55,7 @@ static inline void sha_ll_reset_register(void) */ static inline void sha_ll_start_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_START_REG, 1); } @@ -56,29 +66,23 @@ static inline void sha_ll_start_block(esp_sha_type sha_type) */ static inline void sha_ll_continue_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_CONTINUE_REG, 1); } /** * @brief Start a new SHA message conversion using DMA (no initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_start_dma(esp_sha_type sha_type) +static inline void sha_ll_start_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_START_REG, 1); } /** * @brief Continue a SHA message conversion using DMA (initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_continue_dma(esp_sha_type sha_type) +static inline void sha_ll_continue_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_CONTINUE_REG, 1); } diff --git a/components/hal/esp32p4/include/hal/sha_ll.h b/components/hal/esp32p4/include/hal/sha_ll.h index bcf0f9fa6c..68f4c94429 100644 --- a/components/hal/esp32p4/include/hal/sha_ll.h +++ b/components/hal/esp32p4/include/hal/sha_ll.h @@ -47,6 +47,16 @@ static inline void sha_ll_reset_register(void) /// the critical section needs to declare the __DECLARE_RCC_ATOMIC_ENV variable in advance #define sha_ll_reset_register(...) (void)__DECLARE_RCC_ATOMIC_ENV; sha_ll_reset_register(__VA_ARGS__) +/** + * @brief Load the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_set_mode(esp_sha_type sha_type) +{ + REG_WRITE(SHA_MODE_REG, sha_type); +} + /** * @brief Start a new SHA block conversions (no initial hash in HW) * @@ -54,7 +64,7 @@ static inline void sha_ll_reset_register(void) */ static inline void sha_ll_start_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_START_REG, 1); } @@ -65,29 +75,23 @@ static inline void sha_ll_start_block(esp_sha_type sha_type) */ static inline void sha_ll_continue_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_CONTINUE_REG, 1); } /** * @brief Start a new SHA message conversion using DMA (no initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_start_dma(esp_sha_type sha_type) +static inline void sha_ll_start_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_START_REG, 1); } /** * @brief Continue a SHA message conversion using DMA (initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_continue_dma(esp_sha_type sha_type) +static inline void sha_ll_continue_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_CONTINUE_REG, 1); } diff --git a/components/hal/esp32s2/include/hal/sha_ll.h b/components/hal/esp32s2/include/hal/sha_ll.h index 36bfee8299..e97b6bdbfa 100644 --- a/components/hal/esp32s2/include/hal/sha_ll.h +++ b/components/hal/esp32s2/include/hal/sha_ll.h @@ -51,6 +51,16 @@ static inline void sha_ll_reset_register(void) /// the critical section needs to declare the __DECLARE_RCC_ATOMIC_ENV variable in advance #define sha_ll_reset_register(...) (void)__DECLARE_RCC_ATOMIC_ENV; sha_ll_reset_register(__VA_ARGS__) +/** + * @brief Load the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_set_mode(esp_sha_type sha_type) +{ + REG_WRITE(SHA_MODE_REG, sha_type); +} + /** * @brief Start a new SHA block conversions (no initial hash in HW) * @@ -58,7 +68,7 @@ static inline void sha_ll_reset_register(void) */ static inline void sha_ll_start_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_START_REG, 1); } @@ -69,29 +79,23 @@ static inline void sha_ll_start_block(esp_sha_type sha_type) */ static inline void sha_ll_continue_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_CONTINUE_REG, 1); } /** * @brief Start a new SHA message conversion using DMA (no initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_start_dma(esp_sha_type sha_type) +static inline void sha_ll_start_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_START_REG, 1); } /** * @brief Continue a SHA message conversion using DMA (initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_continue_dma(esp_sha_type sha_type) +static inline void sha_ll_continue_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_CONTINUE_REG, 1); } diff --git a/components/hal/esp32s3/include/hal/sha_ll.h b/components/hal/esp32s3/include/hal/sha_ll.h index 9a7b9ed8f3..3299a8f51d 100644 --- a/components/hal/esp32s3/include/hal/sha_ll.h +++ b/components/hal/esp32s3/include/hal/sha_ll.h @@ -46,6 +46,16 @@ static inline void sha_ll_reset_register(void) /// the critical section needs to declare the __DECLARE_RCC_ATOMIC_ENV variable in advance #define sha_ll_reset_register(...) (void)__DECLARE_RCC_ATOMIC_ENV; sha_ll_reset_register(__VA_ARGS__) +/** + * @brief Load the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_set_mode(esp_sha_type sha_type) +{ + REG_WRITE(SHA_MODE_REG, sha_type); +} + /** * @brief Start a new SHA block conversions (no initial hash in HW) * @@ -53,7 +63,7 @@ static inline void sha_ll_reset_register(void) */ static inline void sha_ll_start_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_START_REG, 1); } @@ -64,29 +74,23 @@ static inline void sha_ll_start_block(esp_sha_type sha_type) */ static inline void sha_ll_continue_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_CONTINUE_REG, 1); } /** * @brief Start a new SHA message conversion using DMA (no initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_start_dma(esp_sha_type sha_type) +static inline void sha_ll_start_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_START_REG, 1); } /** * @brief Continue a SHA message conversion using DMA (initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_continue_dma(esp_sha_type sha_type) +static inline void sha_ll_continue_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_CONTINUE_REG, 1); } diff --git a/components/hal/include/hal/sha_hal.h b/components/hal/include/hal/sha_hal.h index ef44f7834d..c6c11d6ceb 100644 --- a/components/hal/include/hal/sha_hal.h +++ b/components/hal/include/hal/sha_hal.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2015-2023 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -22,6 +22,13 @@ extern "C" { #endif +/** + * @brief Load the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +void sha_hal_set_mode(esp_sha_type sha_type); + /** * @brief Hashes a single message block * @@ -60,11 +67,10 @@ void sha_hal_write_digest(esp_sha_type sha_type, void *digest_state); /** * @brief Hashes a number of message blocks using DMA * - * @param sha_type SHA algorithm to hash with * @param num_blocks Number of blocks to hash * @param first_block Is this the first block in a message or a continuation? */ -void sha_hal_hash_dma(esp_sha_type sha_type, size_t num_blocks, bool first_block); +void sha_hal_hash_dma(size_t num_blocks, bool first_block); #endif #if SOC_SHA_SUPPORT_SHA512_T diff --git a/components/hal/sha_hal.c b/components/hal/sha_hal.c index 68c06b70dd..62f64fc6c3 100644 --- a/components/hal/sha_hal.c +++ b/components/hal/sha_hal.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2020-2023 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2020-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -66,12 +66,14 @@ inline static size_t state_length(esp_sha_type type) } #endif +void sha_hal_set_mode(esp_sha_type sha_type) +{ + sha_ll_set_mode(sha_type); +} /* Hash a single block */ void sha_hal_hash_block(esp_sha_type sha_type, const void *data_block, size_t block_word_len, bool first_block) { - sha_hal_wait_idle(); - sha_ll_fill_text_block(data_block, block_word_len); /* Start hashing */ @@ -85,17 +87,15 @@ void sha_hal_hash_block(esp_sha_type sha_type, const void *data_block, size_t bl #if SOC_SHA_SUPPORT_DMA /* Hashes a number of message blocks using DMA */ -void sha_hal_hash_dma(esp_sha_type sha_type, size_t num_blocks, bool first_block) +void sha_hal_hash_dma(size_t num_blocks, bool first_block) { - sha_hal_wait_idle(); - sha_ll_set_block_num(num_blocks); /* Start hashing */ if (first_block) { - sha_ll_start_dma(sha_type); + sha_ll_start_dma(); } else { - sha_ll_continue_dma(sha_type); + sha_ll_continue_dma(); } } diff --git a/components/hal/test_apps/crypto/main/sha/sha_block.c b/components/hal/test_apps/crypto/main/sha/sha_block.c index ed0ebb9d24..852e0efe33 100644 --- a/components/hal/test_apps/crypto/main/sha/sha_block.c +++ b/components/hal/test_apps/crypto/main/sha/sha_block.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: CC0-1.0 */ @@ -73,6 +73,9 @@ static void sha1_update_block(sha1_ctx* ctx, esp_sha_type sha_type, const unsign sha_ll_reset_register(); } + sha_hal_wait_idle(); + sha_hal_set_mode(sha_type); + if (ctx->first_block == 0) { /* Writes the message digest to the SHA engine */ sha_hal_write_digest(sha_type, ctx->state); @@ -174,6 +177,9 @@ static void sha256_update_block(sha256_ctx* ctx, esp_sha_type sha_type, const un sha_ll_reset_register(); } + sha_hal_wait_idle(); + sha_hal_set_mode(sha_type); + if (ctx->first_block == 0) { /* Writes the message digest to the SHA engine */ sha_hal_write_digest(sha_type, ctx->state); @@ -320,6 +326,9 @@ static void sha512_update_block(sha512_ctx* ctx, esp_sha_type sha_type, const un sha_ll_reset_register(); } + sha_hal_wait_idle(); + sha_hal_set_mode(sha_type); + if (ctx->first_block && sha_type == SHA2_512T){ sha_512_t_init_hash_block(ctx->t_val); ctx->first_block = 0; diff --git a/components/hal/test_apps/crypto/main/sha/sha_dma.c b/components/hal/test_apps/crypto/main/sha/sha_dma.c index 44dafe3f73..82db1f4063 100644 --- a/components/hal/test_apps/crypto/main/sha/sha_dma.c +++ b/components/hal/test_apps/crypto/main/sha/sha_dma.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: CC0-1.0 */ @@ -61,6 +61,8 @@ static void sha1_update_dma(sha1_ctx* ctx, esp_sha_type sha_type, const unsigned /* Enable peripheral module */ esp_sha_acquire_hardware(); + esp_sha_set_mode(sha_type); + esp_internal_sha1_update_state(ctx, sha_type); int ret = esp_sha_dma(sha_type, input, len, ctx->buffer, local_len, ctx->first_block); @@ -157,6 +159,8 @@ static void sha256_update_dma(sha256_ctx* ctx, esp_sha_type sha_type, const unsi /* Enable peripheral module */ esp_sha_acquire_hardware(); + esp_sha_set_mode(sha_type); + esp_internal_sha256_update_state(ctx); int ret = esp_sha_dma(ctx->mode, input, len, ctx->buffer, local_len, ctx->first_block); @@ -306,6 +310,8 @@ static void sha512_update_dma(sha512_ctx* ctx, esp_sha_type sha_type, const unsi /* Enable peripheral module */ esp_sha_acquire_hardware(); + esp_sha_set_mode(sha_type); + esp_internal_sha512_update_state(ctx); int ret = esp_sha_dma(ctx->mode, input, len, ctx->buffer, local_len, ctx->first_block); diff --git a/components/mbedtls/port/include/sha/sha_core.h b/components/mbedtls/port/include/sha/sha_core.h index 4032c41185..e22abd3246 100644 --- a/components/mbedtls/port/include/sha/sha_core.h +++ b/components/mbedtls/port/include/sha/sha_core.h @@ -50,12 +50,19 @@ extern "C" { */ void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output); +/** + * @brief Set the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +void esp_sha_set_mode(esp_sha_type sha_type); + /** @brief Execute SHA block operation * * @note This is a piece of a SHA algorithm, rather than an entire SHA * algorithm. * - * @note Call esp_sha_acquire_hardware() before calling this + * @note Call esp_sha_acquire_hardware() and esp_sha_set_mode() before calling this * function. * * @param sha_type SHA algorithm to use. @@ -78,7 +85,7 @@ void esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_first_ * @note This is a piece of a SHA algorithm, rather than an entire SHA * algorithm. * - * @note Call esp_sha_aquire_hardware() before calling this + * @note Call esp_sha_aquire_hardware() and esp_sha_set_mode() before calling this * function. * * @param sha_type SHA algorithm to use. @@ -145,7 +152,6 @@ void esp_sha_read_digest_state(esp_sha_type sha_type, void *digest_state); */ void esp_sha_write_digest_state(esp_sha_type sha_type, void *digest_state); - /** * @brief Enables the SHA and crypto DMA peripheral and takes the * locks for both of them. diff --git a/components/mbedtls/port/include/sha/sha_parallel_engine.h b/components/mbedtls/port/include/sha/sha_parallel_engine.h index cf6f0607da..aad6b322c3 100644 --- a/components/mbedtls/port/include/sha/sha_parallel_engine.h +++ b/components/mbedtls/port/include/sha/sha_parallel_engine.h @@ -1,16 +1,8 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #pragma once #include "hal/sha_types.h" @@ -69,6 +61,13 @@ extern "C" { */ void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output); +/** + * @brief Set the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +void esp_sha_set_mode(esp_sha_type sha_type); + /* @brief Begin to execute a single SHA block operation * * @note This is a piece of a SHA algorithm, rather than an entire SHA diff --git a/components/mbedtls/port/sha/core/esp_sha1.c b/components/mbedtls/port/sha/core/esp_sha1.c index 64b7ba98af..515bd1c838 100644 --- a/components/mbedtls/port/sha/core/esp_sha1.c +++ b/components/mbedtls/port/sha/core/esp_sha1.c @@ -113,6 +113,9 @@ static void esp_internal_sha1_block_process(mbedtls_sha1_context *ctx, const uin int mbedtls_internal_sha1_process(mbedtls_sha1_context *ctx, const unsigned char data[64]) { esp_sha_acquire_hardware(); + + esp_sha_set_mode(ctx->mode); + esp_internal_sha_update_state(ctx); #if SOC_SHA_SUPPORT_DMA @@ -166,6 +169,8 @@ int mbedtls_sha1_update(mbedtls_sha1_context *ctx, const unsigned char *input, s esp_sha_acquire_hardware(); + esp_sha_set_mode(ctx->mode); + esp_internal_sha_update_state(ctx); #if SOC_SHA_SUPPORT_DMA diff --git a/components/mbedtls/port/sha/core/esp_sha256.c b/components/mbedtls/port/sha/core/esp_sha256.c index cbd2f82d0b..cc717f8202 100644 --- a/components/mbedtls/port/sha/core/esp_sha256.c +++ b/components/mbedtls/port/sha/core/esp_sha256.c @@ -126,6 +126,9 @@ static void esp_internal_sha256_block_process(mbedtls_sha256_context *ctx, const int mbedtls_internal_sha256_process(mbedtls_sha256_context *ctx, const unsigned char data[64]) { esp_sha_acquire_hardware(); + + esp_sha_set_mode(ctx->mode); + esp_internal_sha_update_state(ctx); #if SOC_SHA_SUPPORT_DMA @@ -185,6 +188,8 @@ int mbedtls_sha256_update(mbedtls_sha256_context *ctx, const unsigned char *inpu esp_sha_acquire_hardware(); + esp_sha_set_mode(ctx->mode); + esp_internal_sha_update_state(ctx); #if SOC_SHA_SUPPORT_DMA diff --git a/components/mbedtls/port/sha/core/esp_sha512.c b/components/mbedtls/port/sha/core/esp_sha512.c index 049e51a2e6..1750095009 100644 --- a/components/mbedtls/port/sha/core/esp_sha512.c +++ b/components/mbedtls/port/sha/core/esp_sha512.c @@ -160,6 +160,8 @@ int mbedtls_internal_sha512_process(mbedtls_sha512_context *ctx, const unsigned esp_sha_acquire_hardware(); + esp_sha_set_mode(ctx->mode); + ret = esp_internal_sha_update_state(ctx); if (ret != 0) { esp_sha_release_hardware(); @@ -220,6 +222,8 @@ int mbedtls_sha512_update(mbedtls_sha512_context *ctx, const unsigned char *inpu esp_sha_acquire_hardware(); + esp_sha_set_mode(ctx->mode); + int ret = esp_internal_sha_update_state(ctx); if (ret != 0) { diff --git a/components/mbedtls/port/sha/core/sha.c b/components/mbedtls/port/sha/core/sha.c index a573a79d3a..8aa2f1e0e1 100644 --- a/components/mbedtls/port/sha/core/sha.c +++ b/components/mbedtls/port/sha/core/sha.c @@ -102,6 +102,12 @@ void esp_sha_release_hardware(void) esp_crypto_sha_aes_lock_release(); } +void esp_sha_set_mode(esp_sha_type sha_type) +{ + sha_hal_wait_idle(); + sha_hal_set_mode(sha_type); +} + void esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_first_block) { sha_hal_hash_block(sha_type, data_block, block_length(sha_type) / 4, is_first_block); @@ -284,7 +290,7 @@ static esp_err_t esp_sha_dma_process(esp_sha_type sha_type, const void *input, u return -1; } - sha_hal_hash_dma(sha_type, num_blks, is_first_block); + sha_hal_hash_dma(num_blks, is_first_block); sha_hal_wait_idle(); diff --git a/components/mbedtls/port/sha/parallel_engine/sha.c b/components/mbedtls/port/sha/parallel_engine/sha.c index 4828b9f87d..e2b4591910 100644 --- a/components/mbedtls/port/sha/parallel_engine/sha.c +++ b/components/mbedtls/port/sha/parallel_engine/sha.c @@ -50,7 +50,7 @@ static portMUX_TYPE memory_block_lock = portMUX_INITIALIZER_UNLOCKED; /* Binary semaphore managing the state of each concurrent SHA engine. - Available = noone is using this SHA engine + Available = no one is using this SHA engine Taken = a SHA session is running on this SHA engine Indexes: @@ -209,6 +209,11 @@ void esp_sha_read_digest_state(esp_sha_type sha_type, void *digest_state) esp_sha_unlock_memory_block(); } +void esp_sha_set_mode(esp_sha_type sha_type) +{ + sha_hal_set_mode(sha_type); +} + void esp_sha_block(esp_sha_type sha_type, const void *data_block, bool first_block) { #ifndef NDEBUG diff --git a/components/wpa_supplicant/esp_supplicant/src/crypto/fastpsk.c b/components/wpa_supplicant/esp_supplicant/src/crypto/fastpsk.c index 72bfeb43b0..3ec8a6a9cc 100644 --- a/components/wpa_supplicant/esp_supplicant/src/crypto/fastpsk.c +++ b/components/wpa_supplicant/esp_supplicant/src/crypto/fastpsk.c @@ -160,6 +160,7 @@ static inline void write32_be(uint32_t n, uint8_t out[4]) void sha1_op(uint32_t blocks[FAST_PSK_SHA1_BLOCKS_BUF_WORDS], uint32_t output[SHA1_OUTPUT_SZ_WORDS]) { + esp_sha_set_mode(SHA1); /* First block */ esp_sha_block(SHA1, blocks, true); /* Second block */ diff --git a/docs/en/migration-guides/release-5.x/5.5/index.rst b/docs/en/migration-guides/release-5.x/5.5/index.rst index dedee8fed4..0672e640b5 100644 --- a/docs/en/migration-guides/release-5.x/5.5/index.rst +++ b/docs/en/migration-guides/release-5.x/5.5/index.rst @@ -6,6 +6,7 @@ Migration from 5.4 to 5.5 .. toctree:: :maxdepth: 1 + security system peripherals protocols diff --git a/docs/en/migration-guides/release-5.x/5.5/security.rst b/docs/en/migration-guides/release-5.x/5.5/security.rst new file mode 100644 index 0000000000..ec5a774b27 --- /dev/null +++ b/docs/en/migration-guides/release-5.x/5.5/security.rst @@ -0,0 +1,19 @@ +Security +======== + +:link_to_translation:`zh_CN:[中文]` + +.. only:: SOC_SHA_SUPPORTED + + Mbed TLS + -------- + + Starting from **ESP-IDF v5.5**, there is a change in how the SHA sub-function APIs, :cpp:func:`esp_sha_block` and :cpp:func:`esp_sha_dma`, are used. + + Previously, these APIs used to set the SHA mode internally, however, in the updated version, you must explicitly set the SHA mode before invoking them. + + For instance, if you intend to use the **SHA-256** algorithm, you must first call :cpp:func:`esp_sha_set_mode` with the argument ``SHA2_256``: + + .. code-block:: c + + esp_sha_set_mode(SHA2_256); diff --git a/docs/zh_CN/migration-guides/release-5.x/5.5/index.rst b/docs/zh_CN/migration-guides/release-5.x/5.5/index.rst index 695fb35269..150b053e43 100644 --- a/docs/zh_CN/migration-guides/release-5.x/5.5/index.rst +++ b/docs/zh_CN/migration-guides/release-5.x/5.5/index.rst @@ -6,6 +6,7 @@ .. toctree:: :maxdepth: 1 + security system peripherals protocols diff --git a/docs/zh_CN/migration-guides/release-5.x/5.5/security.rst b/docs/zh_CN/migration-guides/release-5.x/5.5/security.rst new file mode 100644 index 0000000000..87004c5383 --- /dev/null +++ b/docs/zh_CN/migration-guides/release-5.x/5.5/security.rst @@ -0,0 +1,4 @@ +安全性 +======= + +:link_to_translation:`en:[English]` diff --git a/tools/ci/check_copyright_ignore.txt b/tools/ci/check_copyright_ignore.txt index 636c7a7f81..4cb53b9eba 100644 --- a/tools/ci/check_copyright_ignore.txt +++ b/tools/ci/check_copyright_ignore.txt @@ -480,7 +480,6 @@ components/mbedtls/port/include/esp32/sha.h components/mbedtls/port/include/esp32s2/aes.h components/mbedtls/port/include/esp32s2/gcm.h components/mbedtls/port/include/mbedtls/esp_debug.h -components/mbedtls/port/include/sha/sha_parallel_engine.h components/mbedtls/port/include/sha1_alt.h components/mbedtls/port/include/sha256_alt.h components/mbedtls/port/include/sha512_alt.h