Merge branch 'refactor/esp_security_clk_cfg' into 'master'

refactor(esp_security): Introduce dedicated APIs for crypto clock configuration

See merge request espressif/esp-idf!37448

components/esp_hw_support/include/esp_private/esp_crypto_lock_internal.h

@@ -13,7 +13,9 @@
 extern "C" {
 #endif
 
-#if SOC_RCC_IS_INDEPENDENT
+// NOTE: [ESP-TEE] Since the clock configuration APIs are part
+// of the TEE, the XYZ_RCC_ATOMIC macros need to be defined as void.
+#if SOC_RCC_IS_INDEPENDENT || ESP_TEE_BUILD
 #define MPI_RCC_ATOMIC()
 #define ECC_RCC_ATOMIC()
 #define HMAC_RCC_ATOMIC()
@@ -21,6 +23,7 @@ extern "C" {
 #define ECDSA_RCC_ATOMIC()
 #define AES_RCC_ATOMIC()
 #define SHA_RCC_ATOMIC()
+#define KEY_MANAGER_RCC_ATOMIC()
 #else /* !SOC_RCC_IS_INDEPENDENT */
 #define MPI_RCC_ATOMIC() PERIPH_RCC_ATOMIC()
 #define ECC_RCC_ATOMIC() PERIPH_RCC_ATOMIC()
@@ -29,6 +32,7 @@ extern "C" {
 #define ECDSA_RCC_ATOMIC() PERIPH_RCC_ATOMIC()
 #define AES_RCC_ATOMIC() PERIPH_RCC_ATOMIC()
 #define SHA_RCC_ATOMIC() PERIPH_RCC_ATOMIC()
+#define KEY_MANAGER_RCC_ATOMIC() PERIPH_RCC_ATOMIC()
 #endif /* SOC_RCC_IS_INDEPENDENT */
 
 #ifdef __cplusplus

components/esp_security/CMakeLists.txt

@@ -29,8 +29,12 @@ if(NOT non_os_build)
         list(APPEND srcs "src/esp_dpa_protection.c")
     endif()
 
-    list(APPEND srcs "src/esp_crypto_lock.c")
+    list(APPEND srcs "src/esp_crypto_lock.c" "src/esp_crypto_periph_clk.c")
     list(APPEND priv_requires efuse esp_hw_support esp_system esp_timer)
+elseif(esp_tee_build)
+    list(APPEND srcs "src/esp_crypto_periph_clk.c")
+    list(APPEND includes "src/${IDF_TARGET}")
+    list(APPEND priv_requires esp_hw_support)
 endif()
 
 idf_component_register(SRCS ${srcs}

components/esp_security/include/esp_crypto_periph_clk.h

@@ -0,0 +1,72 @@
+/*
+ * SPDX-FileCopyrightText: 2025 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+#pragma once
+
+#include <stdbool.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @brief Enable or disable the AES peripheral clock
+ *
+ * @param enable true: enable; false: disable
+ */
+void esp_crypto_aes_enable_periph_clk(bool enable);
+
+/**
+ * @brief Enable or disable the SHA peripheral clock
+ *
+ * @param enable true: enable; false: disable
+ */
+void esp_crypto_sha_enable_periph_clk(bool enable);
+
+/**
+ * @brief Enable or disable the MPI peripheral clock
+ *
+ * @param enable true: enable; false: disable
+ */
+void esp_crypto_mpi_enable_periph_clk(bool enable);
+
+/**
+ * @brief Enable or disable the ECC peripheral clock
+ *
+ * @param enable true: enable; false: disable
+ */
+void esp_crypto_ecc_enable_periph_clk(bool enable);
+
+/**
+ * @brief Enable or disable the HMAC peripheral clock
+ *
+ * @param enable true: enable; false: disable
+ */
+void esp_crypto_hmac_enable_periph_clk(bool enable);
+
+/**
+ * @brief Enable or disable the DS peripheral clock
+ *
+ * @param enable true: enable; false: disable
+ */
+void esp_crypto_ds_enable_periph_clk(bool enable);
+
+/**
+ * @brief Enable or disable the ECDSA peripheral clock
+ *
+ * @param enable true: enable; false: disable
+ */
+void esp_crypto_ecdsa_enable_periph_clk(bool enable);
+
+/**
+ * @brief Enable or disable the Key Manager peripheral clock
+ *
+ * @param enable true: enable; false: disable
+ */
+void esp_crypto_key_mgr_enable_periph_clk(bool enable);
+
+#ifdef __cplusplus
+}
+#endif

components/esp_security/src/esp_crypto_periph_clk.c

@@ -0,0 +1,149 @@
+/*
+ * SPDX-FileCopyrightText: 2025 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#include "soc/soc_caps.h"
+#include "esp_private/esp_crypto_lock_internal.h"
+#include "sdkconfig.h"
+
+#if SOC_AES_SUPPORTED
+#include "hal/aes_ll.h"
+#endif
+#if SOC_SHA_SUPPORTED
+#include "hal/sha_ll.h"
+#endif
+#if SOC_MPI_SUPPORTED
+#include "hal/mpi_ll.h"
+#endif
+#if SOC_ECC_SUPPORTED
+#include "hal/ecc_ll.h"
+#endif
+/* NOTE: For ESP32-S2, the HMAC and DS are implemented in the ROM */
+#if SOC_HMAC_SUPPORTED && !CONFIG_IDF_TARGET_ESP32S2
+#include "hal/hmac_ll.h"
+#endif
+#if SOC_DIG_SIGN_SUPPORTED && !CONFIG_IDF_TARGET_ESP32S2
+#include "hal/ds_ll.h"
+#endif
+#if SOC_ECDSA_SUPPORTED
+#include "hal/ecdsa_ll.h"
+#endif
+#if SOC_KEY_MANAGER_SUPPORTED
+#include "hal/key_mgr_ll.h"
+#endif
+/* Crypto DMA, shared between AES and SHA */
+#if SOC_AES_CRYPTO_DMA && SOC_SHA_CRYPTO_DMA
+#include "hal/crypto_dma_ll.h"
+#endif
+
+#if SOC_AES_SUPPORTED
+void esp_crypto_aes_enable_periph_clk(bool enable)
+{
+    AES_RCC_ATOMIC() {
+        aes_ll_enable_bus_clock(enable);
+        if (enable) {
+            aes_ll_reset_register();
+        }
+#if SOC_AES_CRYPTO_DMA
+        crypto_dma_ll_enable_bus_clock(enable);
+        if (enable) {
+            crypto_dma_ll_reset_register();
+        }
+#endif
+    }
+}
+#endif
+
+#if SOC_SHA_SUPPORTED
+void esp_crypto_sha_enable_periph_clk(bool enable)
+{
+    SHA_RCC_ATOMIC() {
+        sha_ll_enable_bus_clock(enable);
+        if (enable) {
+            sha_ll_reset_register();
+        }
+#if SOC_SHA_CRYPTO_DMA
+        crypto_dma_ll_enable_bus_clock(enable);
+        if (enable) {
+            crypto_dma_ll_reset_register();
+        }
+#endif
+    }
+}
+#endif
+
+#if SOC_MPI_SUPPORTED
+void esp_crypto_mpi_enable_periph_clk(bool enable)
+{
+    MPI_RCC_ATOMIC() {
+        mpi_ll_enable_bus_clock(enable);
+        if (enable) {
+            mpi_ll_reset_register();
+        }
+    }
+}
+#endif
+
+#if SOC_ECC_SUPPORTED
+void esp_crypto_ecc_enable_periph_clk(bool enable)
+{
+    ECC_RCC_ATOMIC() {
+        ecc_ll_enable_bus_clock(enable);
+        if (enable) {
+            ecc_ll_power_up();
+            ecc_ll_reset_register();
+        } else {
+            ecc_ll_power_down();
+        }
+    }
+}
+#endif
+
+#if SOC_HMAC_SUPPORTED && !CONFIG_IDF_TARGET_ESP32S2
+void esp_crypto_hmac_enable_periph_clk(bool enable)
+{
+    HMAC_RCC_ATOMIC() {
+        hmac_ll_enable_bus_clock(enable);
+        if (enable) {
+            hmac_ll_reset_register();
+        }
+    }
+}
+#endif
+
+#if SOC_DIG_SIGN_SUPPORTED && !CONFIG_IDF_TARGET_ESP32S2
+void esp_crypto_ds_enable_periph_clk(bool enable)
+{
+    DS_RCC_ATOMIC() {
+        ds_ll_enable_bus_clock(enable);
+        if (enable) {
+            ds_ll_reset_register();
+        }
+    }
+}
+#endif
+
+#if SOC_ECDSA_SUPPORTED
+void esp_crypto_ecdsa_enable_periph_clk(bool enable)
+{
+    ECDSA_RCC_ATOMIC() {
+        ecdsa_ll_enable_bus_clock(enable);
+        if (enable) {
+            ecdsa_ll_reset_register();
+        }
+    }
+}
+#endif
+
+#if SOC_KEY_MANAGER_SUPPORTED
+void esp_crypto_key_mgr_enable_periph_clk(bool enable)
+{
+    KEY_MANAGER_RCC_ATOMIC() {
+        key_mgr_ll_enable_bus_clock(enable);
+        key_mgr_ll_enable_peripheral_clock(enable);
+        key_mgr_ll_reset_register();
+    }
+}
+#endif

components/esp_security/src/esp_ds.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2020-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2020-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -14,7 +14,7 @@
 #include "esp_timer.h"
 #include "esp_ds.h"
 #include "esp_crypto_lock.h"
-#include "esp_private/esp_crypto_lock_internal.h"
+#include "esp_crypto_periph_clk.h"
 #include "esp_hmac.h"
 #include "esp_memory_utils.h"
 #if CONFIG_IDF_TARGET_ESP32S2
@@ -268,20 +268,11 @@ static void ds_acquire_enable(void)
     esp_crypto_ds_lock_acquire();
 
     // We also enable SHA and HMAC here. SHA is used by HMAC, HMAC is used by DS.
-    HMAC_RCC_ATOMIC() {
+    esp_crypto_hmac_enable_periph_clk(true);
-        hmac_ll_enable_bus_clock(true);
-        hmac_ll_reset_register();
-    }
 
-    SHA_RCC_ATOMIC() {
+    esp_crypto_sha_enable_periph_clk(true);
-        sha_ll_enable_bus_clock(true);
-        sha_ll_reset_register();
-    }
 
-    DS_RCC_ATOMIC() {
+    esp_crypto_ds_enable_periph_clk(true);
-        ds_ll_enable_bus_clock(true);
-        ds_ll_reset_register();
-    }
 
     hmac_hal_start();
 }
@@ -290,17 +281,11 @@ static void ds_disable_release(void)
 {
     ds_hal_finish();
 
-    DS_RCC_ATOMIC() {
+    esp_crypto_ds_enable_periph_clk(false);
-        ds_ll_enable_bus_clock(false);
-    }
 
-    SHA_RCC_ATOMIC() {
+    esp_crypto_sha_enable_periph_clk(false);
-        sha_ll_enable_bus_clock(false);
-    }
 
-    HMAC_RCC_ATOMIC() {
+    esp_crypto_hmac_enable_periph_clk(false);
-        hmac_ll_enable_bus_clock(false);
-    }
 
     esp_crypto_ds_lock_release();
 }
@@ -445,15 +430,9 @@ esp_err_t esp_ds_encrypt_params(esp_ds_data_t *data,
     // would be enough rather than acquiring a lock for the Digital Signature peripheral.
     esp_crypto_sha_aes_lock_acquire();
 
-    AES_RCC_ATOMIC() {
+    esp_crypto_aes_enable_periph_clk(true);
-        aes_ll_enable_bus_clock(true);
-        aes_ll_reset_register();
-    }
 
-    SHA_RCC_ATOMIC() {
+    esp_crypto_sha_enable_periph_clk(true);
-        sha_ll_enable_bus_clock(true);
-        sha_ll_reset_register();
-    }
 
     ets_ds_data_t *ds_data = (ets_ds_data_t *) data;
     const ets_ds_p_data_t *ds_plain_data = (const ets_ds_p_data_t *) p_data;
@@ -464,13 +443,9 @@ esp_err_t esp_ds_encrypt_params(esp_ds_data_t *data,
         result = ESP_ERR_INVALID_ARG;
     }
 
-    SHA_RCC_ATOMIC() {
+    esp_crypto_sha_enable_periph_clk(false);
-        sha_ll_enable_bus_clock(false);
-    }
 
-    AES_RCC_ATOMIC() {
+    esp_crypto_aes_enable_periph_clk(false);
-        aes_ll_enable_bus_clock(false);
-    }
 
     esp_crypto_sha_aes_lock_release();
 

components/esp_security/src/esp_hmac.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2015-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -13,7 +13,7 @@
 #include "esp_hmac.h"
 #include "esp_log.h"
 #include "esp_crypto_lock.h"
-#include "esp_private/esp_crypto_lock_internal.h"
+#include "esp_crypto_periph_clk.h"
 #include "soc/hwcrypto_reg.h"
 #include "soc/system_reg.h"
 
@@ -71,20 +71,11 @@ esp_err_t esp_hmac_calculate(hmac_key_id_t key_id,
     esp_crypto_hmac_lock_acquire();
 
     // We also enable SHA and DS here. SHA is used by HMAC, DS will otherwise hold SHA in reset state.
-    HMAC_RCC_ATOMIC() {
+    esp_crypto_hmac_enable_periph_clk(true);
-        hmac_ll_enable_bus_clock(true);
-        hmac_ll_reset_register();
-    }
 
-    SHA_RCC_ATOMIC() {
+    esp_crypto_sha_enable_periph_clk(true);
-        sha_ll_enable_bus_clock(true);
-        sha_ll_reset_register();
-    }
 
-    DS_RCC_ATOMIC() {
+    esp_crypto_ds_enable_periph_clk(true);
-        ds_ll_enable_bus_clock(true);
-        ds_ll_reset_register();
-    }
 
     hmac_hal_start();
 
@@ -146,17 +137,11 @@ esp_err_t esp_hmac_calculate(hmac_key_id_t key_id,
     // Read back result (bit swapped)
     hmac_hal_read_result_256(hmac);
 
-    DS_RCC_ATOMIC() {
+    esp_crypto_ds_enable_periph_clk(false);
-        ds_ll_enable_bus_clock(false);
-    }
 
-    SHA_RCC_ATOMIC() {
+    esp_crypto_sha_enable_periph_clk(false);
-        sha_ll_enable_bus_clock(false);
-    }
 
-    HMAC_RCC_ATOMIC() {
+    esp_crypto_hmac_enable_periph_clk(false);
-        hmac_ll_enable_bus_clock(false);
-    }
 
     esp_crypto_hmac_lock_release();
 
@@ -195,9 +180,7 @@ esp_err_t esp_hmac_jtag_enable(hmac_key_id_t key_id, const uint8_t *token)
 
     ESP_LOGD(TAG, "HMAC computation in downstream mode is completed.");
 
-    HMAC_RCC_ATOMIC() {
+    esp_crypto_hmac_enable_periph_clk(false);
-        hmac_ll_enable_bus_clock(false);
-    }
 
     esp_crypto_hmac_lock_release();
 
@@ -208,15 +191,11 @@ esp_err_t esp_hmac_jtag_disable()
 {
     esp_crypto_hmac_lock_acquire();
 
-    HMAC_RCC_ATOMIC() {
+    esp_crypto_hmac_enable_periph_clk(true);
-        hmac_ll_enable_bus_clock(true);
-    }
 
     REG_WRITE(HMAC_SET_INVALIDATE_JTAG_REG, 1);
 
-    HMAC_RCC_ATOMIC() {
+    esp_crypto_hmac_enable_periph_clk(false);
-        hmac_ll_enable_bus_clock(false);
-    }
 
     esp_crypto_hmac_lock_release();
 

components/esp_security/src/esp_key_mgr.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -8,7 +8,7 @@
 #include <sys/lock.h>
 #include "assert.h"
 #include "esp_key_mgr.h"
-#include "esp_private/periph_ctrl.h"
+#include "esp_crypto_periph_clk.h"
 #include "esp_crypto_lock.h"
 #include "esp_log.h"
 #include "esp_err.h"
@@ -32,8 +32,6 @@
 
 static const char *TAG = "esp_key_mgr";
 
-#define KEY_MANAGER_RCC_ATOMIC() PERIPH_RCC_ATOMIC()
-
 static _lock_t s_key_mgr_ecdsa_key_lock;
 static _lock_t s_key_mgr_xts_aes_key_lock;
 
@@ -80,11 +78,7 @@ static void esp_key_mgr_acquire_hardware(bool deployment_mode)
         esp_crypto_key_manager_lock_acquire();
     }
     // Reset the Key Manager Clock
-    KEY_MANAGER_RCC_ATOMIC() {
+    esp_crypto_key_mgr_enable_periph_clk(true);
-        key_mgr_ll_enable_bus_clock(true);
-        key_mgr_ll_enable_peripheral_clock(true);
-        key_mgr_ll_reset_register();
-    }
 }
 
 static void esp_key_mgr_release_hardware(bool deployment_mode)
@@ -96,11 +90,7 @@ static void esp_key_mgr_release_hardware(bool deployment_mode)
     }
 
     // Reset the Key Manager Clock
-    KEY_MANAGER_RCC_ATOMIC() {
+    esp_crypto_key_mgr_enable_periph_clk(false);
-        key_mgr_ll_enable_peripheral_clock(false);
-        key_mgr_ll_enable_bus_clock(false);
-        key_mgr_ll_reset_register();
-    }
 }
 
 static void key_mgr_wait_for_state(esp_key_mgr_state_t state)

components/esp_tee/scripts/esp32c6/sec_srv_tbl_default.yml

@@ -208,9 +208,9 @@ secure_services:
         type: IDF
         function: esp_sha_write_digest_state
         args: 2
-      - id: 132
+      - id: 98
         type: IDF
-        function: esp_sha_enable_periph_clk
+        function: esp_crypto_sha_enable_periph_clk
         args: 1
   # ID: 134-149 (16) - eFuse
   - family: efuse

components/esp_tee/src/esp_secure_service_wrapper.c

@@ -228,9 +228,9 @@ void __wrap_esp_sha_write_digest_state(esp_sha_type sha_type, void *digest_state
     esp_tee_service_call(3, SS_ESP_SHA_WRITE_DIGEST_STATE, sha_type, digest_state);
 }
 
-void __wrap_esp_sha_enable_periph_clk(bool enable)
+void __wrap_esp_crypto_sha_enable_periph_clk(bool enable)
 {
-    esp_tee_service_call(2, SS_ESP_SHA_ENABLE_PERIPH_CLK, enable);
+    esp_tee_service_call(2, SS_ESP_CRYPTO_SHA_ENABLE_PERIPH_CLK, enable);
 }
 
 /* ---------------------------------------------- MMU HAL ------------------------------------------------- */

components/esp_tee/subproject/main/core/esp_secure_services.c

@@ -26,7 +26,7 @@
 #include "soc/soc_caps.h"
 #include "aes/esp_aes.h"
 #include "sha/sha_core.h"
-#include "esp_sha_internal.h"
+#include "esp_crypto_periph_clk.h"
 
 #include "esp_tee.h"
 #include "esp_tee_memory_utils.h"
@@ -326,9 +326,9 @@ void _ss_esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_fi
     esp_sha_block(sha_type, data_block, is_first_block);
 }
 
-void _ss_esp_sha_enable_periph_clk(bool enable)
+void _ss_esp_crypto_sha_enable_periph_clk(bool enable)
 {
-    esp_sha_enable_periph_clk(enable);
+    esp_crypto_sha_enable_periph_clk(enable);
 }
 
 /* ---------------------------------------------- OTA ------------------------------------------------- */

components/mbedtls/esp_tee/esp_tee_mbedtls.cmake

@@ -40,6 +40,8 @@ endforeach()
 
 target_link_libraries(${COMPONENT_LIB} INTERFACE ${mbedtls_targets})
 
+target_link_libraries(mbedcrypto PRIVATE idf::esp_security)
+
 target_include_directories(mbedcrypto PRIVATE ${crypto_port_inc_dirs})
 
 # Shared GDMA layer for TEE

components/mbedtls/port/aes/dma/esp_aes.c

@@ -31,16 +31,14 @@
 #include "esp_log.h"
 #include "esp_crypto_lock.h"
 #include "hal/aes_hal.h"
-#include "hal/aes_ll.h"
 #include "esp_aes_internal.h"
-#include "esp_private/esp_crypto_lock_internal.h"
+#include "esp_crypto_periph_clk.h"
 
 #if SOC_AES_GDMA
 #if !ESP_TEE_BUILD
 #define AES_LOCK() esp_crypto_sha_aes_lock_acquire()
 #define AES_RELEASE() esp_crypto_sha_aes_lock_release()
 #else
-#define AES_RCC_ATOMIC()
 #define AES_LOCK()
 #define AES_RELEASE()
 #endif
@@ -56,29 +54,13 @@ void esp_aes_acquire_hardware( void )
 {
     /* Released by esp_aes_release_hardware()*/
     AES_LOCK();
-
+    esp_crypto_aes_enable_periph_clk(true);
-    AES_RCC_ATOMIC() {
-        aes_ll_enable_bus_clock(true);
-#if SOC_AES_CRYPTO_DMA
-        crypto_dma_ll_enable_bus_clock(true);
-#endif
-        aes_ll_reset_register();
-#if SOC_AES_CRYPTO_DMA
-        crypto_dma_ll_reset_register();
-#endif
-    }
 }
 
 /* Function to disable AES and Crypto DMA clocks and release locks */
 void esp_aes_release_hardware( void )
 {
-    AES_RCC_ATOMIC() {
+    esp_crypto_aes_enable_periph_clk(false);
-        aes_ll_enable_bus_clock(false);
-#if SOC_AES_CRYPTO_DMA
-        crypto_dma_ll_enable_bus_clock(false);
-#endif
-    }
-
     AES_RELEASE();
 }
 

components/mbedtls/port/bignum/bignum_alt.c

@@ -1,25 +1,22 @@
 /*
- * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
+#include <assert.h>
 #include "esp_crypto_lock.h"
 #include "bignum_impl.h"
 #include "mbedtls/bignum.h"
-#include "esp_private/esp_crypto_lock_internal.h"
+#include "esp_crypto_periph_clk.h"
 
 #include "hal/mpi_hal.h"
-#include "hal/mpi_ll.h"
 
 void esp_mpi_enable_hardware_hw_op( void )
 {
     esp_crypto_mpi_lock_acquire();
 
     /* Enable RSA hardware */
-    MPI_RCC_ATOMIC() {
+    esp_crypto_mpi_enable_periph_clk(true);
-        mpi_ll_enable_bus_clock(true);
-        mpi_ll_reset_register();
-    }
 
     mpi_hal_enable_hardware_hw_op();
 }
@@ -30,9 +27,7 @@ void esp_mpi_disable_hardware_hw_op( void )
     mpi_hal_disable_hardware_hw_op();
 
     /* Disable RSA hardware */
-    MPI_RCC_ATOMIC() {
+    esp_crypto_mpi_enable_periph_clk(false);
-        mpi_ll_enable_bus_clock(false);
-    }
 
     esp_crypto_mpi_lock_release();
 }

components/mbedtls/port/ecc/esp_ecc.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2021-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2021-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -8,29 +8,21 @@
 #include <stdio.h>
 
 #include "esp_crypto_lock.h"
-#include "esp_private/esp_crypto_lock_internal.h"
+#include "esp_crypto_periph_clk.h"
 #include "ecc_impl.h"
 #include "hal/ecc_hal.h"
-#include "hal/ecc_ll.h"
 #include "soc/soc_caps.h"
 
 static void esp_ecc_acquire_hardware(void)
 {
     esp_crypto_ecc_lock_acquire();
 
-    ECC_RCC_ATOMIC() {
+    esp_crypto_ecc_enable_periph_clk(true);
-        ecc_ll_enable_bus_clock(true);
-        ecc_ll_power_up();
-        ecc_ll_reset_register();
-    }
 }
 
 static void esp_ecc_release_hardware(void)
 {
-    ECC_RCC_ATOMIC() {
+    esp_crypto_ecc_enable_periph_clk(false);
-        ecc_ll_enable_bus_clock(false);
-        ecc_ll_power_down();
-    }
 
     esp_crypto_ecc_lock_release();
 }

components/mbedtls/port/ecdsa/ecdsa_alt.c

@@ -13,8 +13,7 @@
 #include "soc/soc_caps.h"
 
 #include "esp_crypto_lock.h"
-#include "esp_private/esp_crypto_lock_internal.h"
+#include "esp_crypto_periph_clk.h"
-
 #include "mbedtls/error.h"
 #include "mbedtls/ecdsa.h"
 #include "mbedtls/asn1.h"
@@ -69,43 +68,26 @@ static void esp_ecdsa_acquire_hardware(void)
 {
     esp_crypto_ecdsa_lock_acquire();
 
-    ECDSA_RCC_ATOMIC() {
+    esp_crypto_ecdsa_enable_periph_clk(true);
-        ecdsa_ll_enable_bus_clock(true);
-        ecdsa_ll_reset_register();
-    }
 
-    ECC_RCC_ATOMIC() {
+    esp_crypto_ecc_enable_periph_clk(true);
-        ecc_ll_enable_bus_clock(true);
-        ecc_ll_power_up();
-        ecc_ll_reset_register();
-    }
 
 #if SOC_ECDSA_USES_MPI
     /* We need to reset the MPI peripheral because ECDSA peripheral
      * of some targets use the MPI peripheral as well.
      */
-    MPI_RCC_ATOMIC() {
+    esp_crypto_mpi_enable_periph_clk(true);
-        mpi_ll_enable_bus_clock(true);
-        mpi_ll_reset_register();
-    }
 #endif /* SOC_ECDSA_USES_MPI */
 }
 
 static void esp_ecdsa_release_hardware(void)
 {
-    ECDSA_RCC_ATOMIC() {
+    esp_crypto_ecdsa_enable_periph_clk(false);
-        ecdsa_ll_enable_bus_clock(false);
-    }
 
-    ECC_RCC_ATOMIC() {
+    esp_crypto_ecc_enable_periph_clk(false);
-        ecc_ll_enable_bus_clock(false);
-        ecc_ll_power_down();
-    }
 
 #if SOC_ECDSA_USES_MPI
-    MPI_RCC_ATOMIC() {
+    esp_crypto_mpi_enable_periph_clk(false);
-        mpi_ll_enable_bus_clock(false);
-    }
 #endif /* SOC_ECDSA_USES_MPI */
 
     esp_crypto_ecdsa_lock_release();

components/mbedtls/port/sha/core/include/esp_sha_internal.h

@@ -56,13 +56,6 @@ static inline esp_sha_mode sha_operation_mode(size_t length)
     return SHA_BLOCK_MODE;
 }
 
-/**
- * @brief Enable or disable the SHA peripheral clock
- *
- * @param enable true to enable, false to disable
- */
-void esp_sha_enable_periph_clk(bool enable);
-
 #ifdef __cplusplus
 }
 #endif

components/mbedtls/port/sha/core/sha.c

@@ -13,7 +13,7 @@
 #include <stdio.h>
 
 #include "esp_crypto_lock.h"
-#include "esp_private/esp_crypto_lock_internal.h"
+#include "esp_crypto_periph_clk.h"
 #include "esp_log.h"
 #include "sha/sha_core.h"
 #include "esp_sha_internal.h"
@@ -56,7 +56,6 @@
 #define SHA_LOCK()    esp_crypto_sha_aes_lock_acquire()
 #define SHA_RELEASE() esp_crypto_sha_aes_lock_release()
 #else
-#define SHA_RCC_ATOMIC()
 #define SHA_LOCK()
 #define SHA_RELEASE()
 #endif
@@ -101,13 +100,13 @@ void esp_sha_acquire_hardware(void)
 {
     /* Released when releasing hw with esp_sha_release_hardware() */
     SHA_LOCK();
-    esp_sha_enable_periph_clk(true);
+    esp_crypto_sha_enable_periph_clk(true);
 }
 
 /* Disable SHA peripheral block and then release it */
 void esp_sha_release_hardware(void)
 {
-    esp_sha_enable_periph_clk(false);
+    esp_crypto_sha_enable_periph_clk(false);
     SHA_RELEASE();
 }
 

components/mbedtls/port/sha/esp_sha.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2018-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2018-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -7,7 +7,6 @@
 #include <string.h>
 #include <stdio.h>
 #include <assert.h>
-#include "hal/sha_ll.h"
 #include "hal/sha_hal.h"
 #include "hal/sha_types.h"
 #include "soc/soc_caps.h"
@@ -21,33 +20,10 @@
 #include "sha/sha_parallel_engine.h"
 #else
 #include "sha/sha_core.h"
-#include "esp_sha_internal.h"
-#include "esp_private/esp_crypto_lock_internal.h"
-#if SOC_SHA_CRYPTO_DMA
-#include "hal/crypto_dma_ll.h"
-#endif
 #endif
 
 static const char *TAG = "esp_sha";
 
-#if !SOC_SHA_SUPPORT_PARALLEL_ENG
-void esp_sha_enable_periph_clk(bool enable)
-{
-    SHA_RCC_ATOMIC() {
-        sha_ll_enable_bus_clock(enable);
-        if (enable) {
-            sha_ll_reset_register();
-        }
-#if SOC_SHA_CRYPTO_DMA
-        crypto_dma_ll_enable_bus_clock(enable);
-        if (enable) {
-            crypto_dma_ll_reset_register();
-        }
-#endif
-    }
-}
-#endif
-
 void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output)
 {
     union {