From afdf1a31c8ec7e1478d297f3316ba22882489077 Mon Sep 17 00:00:00 2001 From: "harshal.patil" Date: Tue, 29 Apr 2025 15:04:51 +0530 Subject: [PATCH 1/3] feat(soc): Update ESP32-C5 ECO2 to support SHA512 --- .../esp_rom/esp32c5/include/esp32c5/rom/sha.h | 7 ++++++- components/hal/esp32c5/include/hal/sha_ll.h | 21 ++++++++++++++++++- .../esp32c5/include/soc/Kconfig.soc_caps.in | 20 ++++++++++++++++++ components/soc/esp32c5/include/soc/soc_caps.h | 5 +++++ 4 files changed, 51 insertions(+), 2 deletions(-) diff --git a/components/esp_rom/esp32c5/include/esp32c5/rom/sha.h b/components/esp_rom/esp32c5/include/esp32c5/rom/sha.h index d96cac8448..be03f8ab10 100644 --- a/components/esp_rom/esp32c5/include/esp32c5/rom/sha.h +++ b/components/esp_rom/esp32c5/include/esp32c5/rom/sha.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2022-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -18,6 +18,11 @@ typedef enum { SHA1 = 0, SHA2_224, SHA2_256, + SHA2_384, + SHA2_512, + SHA2_512224, + SHA2_512256, + SHA2_512T, SHA_TYPE_MAX } SHA_TYPE; diff --git a/components/hal/esp32c5/include/hal/sha_ll.h b/components/hal/esp32c5/include/hal/sha_ll.h index 807391731e..05c8ac445e 100644 --- a/components/hal/esp32c5/include/hal/sha_ll.h +++ b/components/hal/esp32c5/include/hal/sha_ll.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2024-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -168,6 +168,25 @@ static inline void sha_ll_write_digest(esp_sha_type sha_type, void *digest_state } } +/** + * @brief Sets SHA512_t T_string parameter + * + * @param t_string T_string parameter + */ +static inline void sha_ll_t_string_set(uint32_t t_string) +{ + REG_WRITE(SHA_T_STRING_REG, t_string); +} + +/** + * @brief Sets SHA512_t T_string parameter's length + * + * @param t_len T_string parameter length + */ +static inline void sha_ll_t_len_set(uint8_t t_len) +{ + REG_WRITE(SHA_T_LENGTH_REG, t_len); +} #ifdef __cplusplus } diff --git a/components/soc/esp32c5/include/soc/Kconfig.soc_caps.in b/components/soc/esp32c5/include/soc/Kconfig.soc_caps.in index 8d4f1df11e..fe1d7c472a 100644 --- a/components/soc/esp32c5/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32c5/include/soc/Kconfig.soc_caps.in @@ -1071,6 +1071,26 @@ config SOC_SHA_SUPPORT_SHA256 bool default y +config SOC_SHA_SUPPORT_SHA384 + bool + default y + +config SOC_SHA_SUPPORT_SHA512 + bool + default y + +config SOC_SHA_SUPPORT_SHA512_224 + bool + default y + +config SOC_SHA_SUPPORT_SHA512_256 + bool + default y + +config SOC_SHA_SUPPORT_SHA512_T + bool + default y + config SOC_ECC_CONSTANT_TIME_POINT_MUL bool default y diff --git a/components/soc/esp32c5/include/soc/soc_caps.h b/components/soc/esp32c5/include/soc/soc_caps.h index e10357be40..b8249a287a 100644 --- a/components/soc/esp32c5/include/soc/soc_caps.h +++ b/components/soc/esp32c5/include/soc/soc_caps.h @@ -422,6 +422,11 @@ #define SOC_SHA_SUPPORT_SHA1 (1) #define SOC_SHA_SUPPORT_SHA224 (1) #define SOC_SHA_SUPPORT_SHA256 (1) +#define SOC_SHA_SUPPORT_SHA384 (1) +#define SOC_SHA_SUPPORT_SHA512 (1) +#define SOC_SHA_SUPPORT_SHA512_224 (1) +#define SOC_SHA_SUPPORT_SHA512_256 (1) +#define SOC_SHA_SUPPORT_SHA512_T (1) /*--------------------------- ECC CAPS ---------------------------------------*/ #define SOC_ECC_CONSTANT_TIME_POINT_MUL 1 From fe78370ec980e30849cfd2444ad0f4ea7e040c4a Mon Sep 17 00:00:00 2001 From: "harshal.patil" Date: Mon, 26 May 2025 14:27:12 +0530 Subject: [PATCH 2/3] feat(mbedtls/sha): New API for setting SHA mode --- .../scripts/esp32c6/sec_srv_tbl_default.yml | 4 +++ .../scripts/esp32h2/sec_srv_tbl_default.yml | 4 +++ .../esp_tee/src/esp_secure_service_wrapper.c | 5 ++++ .../main/core/esp_secure_services.c | 5 ++++ components/hal/esp32/include/hal/sha_ll.h | 10 +++++++ components/hal/esp32c2/include/hal/sha_ll.h | 24 ++++++++++------- components/hal/esp32c3/include/hal/sha_ll.h | 24 ++++++++++------- components/hal/esp32c5/include/hal/sha_ll.h | 24 ++++++++++------- components/hal/esp32c6/include/hal/sha_ll.h | 26 +++++++++++-------- components/hal/esp32c61/include/hal/sha_ll.h | 26 +++++++++++-------- components/hal/esp32h2/include/hal/sha_ll.h | 26 +++++++++++-------- components/hal/esp32h21/include/hal/sha_ll.h | 24 ++++++++++------- components/hal/esp32p4/include/hal/sha_ll.h | 24 ++++++++++------- components/hal/esp32s2/include/hal/sha_ll.h | 24 ++++++++++------- components/hal/esp32s3/include/hal/sha_ll.h | 24 ++++++++++------- components/hal/include/hal/sha_hal.h | 12 ++++++--- components/hal/sha_hal.c | 16 ++++++------ .../hal/test_apps/crypto/main/sha/sha_block.c | 11 +++++++- .../hal/test_apps/crypto/main/sha/sha_dma.c | 8 +++++- .../mbedtls/port/include/sha/sha_core.h | 12 ++++++--- .../port/include/sha/sha_parallel_engine.h | 25 +++++++++--------- components/mbedtls/port/sha/core/esp_sha1.c | 5 ++++ components/mbedtls/port/sha/core/esp_sha256.c | 5 ++++ components/mbedtls/port/sha/core/esp_sha512.c | 4 +++ components/mbedtls/port/sha/core/sha.c | 8 +++++- .../mbedtls/port/sha/parallel_engine/sha.c | 7 ++++- .../esp_supplicant/src/crypto/fastpsk.c | 1 + .../release-5.x/5.5/index.rst | 1 + .../release-5.x/5.5/security.rst | 19 ++++++++++++++ .../release-5.x/5.5/index.rst | 1 + .../release-5.x/5.5/security.rst | 4 +++ tools/ci/check_copyright_ignore.txt | 1 - 32 files changed, 279 insertions(+), 135 deletions(-) create mode 100644 docs/en/migration-guides/release-5.x/5.5/security.rst create mode 100644 docs/zh_CN/migration-guides/release-5.x/5.5/security.rst diff --git a/components/esp_tee/scripts/esp32c6/sec_srv_tbl_default.yml b/components/esp_tee/scripts/esp32c6/sec_srv_tbl_default.yml index 6d9ef94841..ec1bd6654c 100644 --- a/components/esp_tee/scripts/esp32c6/sec_srv_tbl_default.yml +++ b/components/esp_tee/scripts/esp32c6/sec_srv_tbl_default.yml @@ -240,6 +240,10 @@ secure_services: type: IDF function: esp_ecc_point_verify args: 1 + - id: 110 + type: IDF + function: esp_sha_set_mode + args: 1 # ID: 134-169 (36) - Reserved for future use - family: attestation entries: diff --git a/components/esp_tee/scripts/esp32h2/sec_srv_tbl_default.yml b/components/esp_tee/scripts/esp32h2/sec_srv_tbl_default.yml index f70e9b1434..dc8221367b 100644 --- a/components/esp_tee/scripts/esp32h2/sec_srv_tbl_default.yml +++ b/components/esp_tee/scripts/esp32h2/sec_srv_tbl_default.yml @@ -244,6 +244,10 @@ secure_services: type: IDF function: esp_crypto_ecc_enable_periph_clk args: 1 + - id: 111 + type: IDF + function: esp_sha_set_mode + args: 1 # ID: 134-169 (36) - Reserved for future use - family: attestation entries: diff --git a/components/esp_tee/src/esp_secure_service_wrapper.c b/components/esp_tee/src/esp_secure_service_wrapper.c index 89ae362d5f..a993f46765 100644 --- a/components/esp_tee/src/esp_secure_service_wrapper.c +++ b/components/esp_tee/src/esp_secure_service_wrapper.c @@ -202,6 +202,11 @@ int __wrap_esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_ return esp_tee_service_call(4, SS_ESP_SHA_BLOCK, sha_type, data_block, is_first_block); } +void __wrap_esp_sha_set_mode(esp_sha_type sha_type) +{ + esp_tee_service_call(2, SS_ESP_SHA_SET_MODE, sha_type); +} + void __wrap_esp_sha_read_digest_state(esp_sha_type sha_type, void *digest_state) { esp_tee_service_call(3, SS_ESP_SHA_READ_DIGEST_STATE, sha_type, digest_state); diff --git a/components/esp_tee/subproject/main/core/esp_secure_services.c b/components/esp_tee/subproject/main/core/esp_secure_services.c index 0595c3d318..1cd85be67a 100644 --- a/components/esp_tee/subproject/main/core/esp_secure_services.c +++ b/components/esp_tee/subproject/main/core/esp_secure_services.c @@ -193,6 +193,11 @@ void _ss_esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_fi esp_sha_block(sha_type, data_block, is_first_block); } +void _ss_esp_sha_set_mode(esp_sha_type sha_type) +{ + esp_sha_set_mode(sha_type); +} + void _ss_esp_crypto_sha_enable_periph_clk(bool enable) { esp_crypto_sha_enable_periph_clk(enable); diff --git a/components/hal/esp32/include/hal/sha_ll.h b/components/hal/esp32/include/hal/sha_ll.h index 600baa1c63..18b4e775e4 100644 --- a/components/hal/esp32/include/hal/sha_ll.h +++ b/components/hal/esp32/include/hal/sha_ll.h @@ -132,6 +132,16 @@ static inline void sha_ll_load(esp_sha_type sha_type) DPORT_REG_WRITE(SHA_LOAD_REG(sha_type), 1); } +/** + * @brief Load the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_set_mode(esp_sha_type sha_type) +{ + (void) sha_type; +} + /** * @brief Checks if the SHA engine is currently busy hashing a block * diff --git a/components/hal/esp32c2/include/hal/sha_ll.h b/components/hal/esp32c2/include/hal/sha_ll.h index 37d8ed0c77..29f37f3bb7 100644 --- a/components/hal/esp32c2/include/hal/sha_ll.h +++ b/components/hal/esp32c2/include/hal/sha_ll.h @@ -48,6 +48,16 @@ static inline void sha_ll_reset_register(void) sha_ll_reset_register(__VA_ARGS__); \ } while(0) +/** + * @brief Load the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_set_mode(esp_sha_type sha_type) +{ + REG_WRITE(SHA_MODE_REG, sha_type); +} + /** * @brief Start a new SHA block conversions (no initial hash in HW) * @@ -55,7 +65,7 @@ static inline void sha_ll_reset_register(void) */ static inline void sha_ll_start_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_START_REG, 1); } @@ -66,29 +76,23 @@ static inline void sha_ll_start_block(esp_sha_type sha_type) */ static inline void sha_ll_continue_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_CONTINUE_REG, 1); } /** * @brief Start a new SHA message conversion using DMA (no initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_start_dma(esp_sha_type sha_type) +static inline void sha_ll_start_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_START_REG, 1); } /** * @brief Continue a SHA message conversion using DMA (initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_continue_dma(esp_sha_type sha_type) +static inline void sha_ll_continue_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_CONTINUE_REG, 1); } diff --git a/components/hal/esp32c3/include/hal/sha_ll.h b/components/hal/esp32c3/include/hal/sha_ll.h index c83d74bd1c..76849cfb4f 100644 --- a/components/hal/esp32c3/include/hal/sha_ll.h +++ b/components/hal/esp32c3/include/hal/sha_ll.h @@ -51,6 +51,16 @@ static inline void sha_ll_reset_register(void) sha_ll_reset_register(__VA_ARGS__); \ } while(0) +/** + * @brief Load the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_set_mode(esp_sha_type sha_type) +{ + REG_WRITE(SHA_MODE_REG, sha_type); +} + /** * @brief Start a new SHA block conversions (no initial hash in HW) * @@ -58,7 +68,7 @@ static inline void sha_ll_reset_register(void) */ static inline void sha_ll_start_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_START_REG, 1); } @@ -69,29 +79,23 @@ static inline void sha_ll_start_block(esp_sha_type sha_type) */ static inline void sha_ll_continue_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_CONTINUE_REG, 1); } /** * @brief Start a new SHA message conversion using DMA (no initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_start_dma(esp_sha_type sha_type) +static inline void sha_ll_start_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_START_REG, 1); } /** * @brief Continue a SHA message conversion using DMA (initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_continue_dma(esp_sha_type sha_type) +static inline void sha_ll_continue_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_CONTINUE_REG, 1); } diff --git a/components/hal/esp32c5/include/hal/sha_ll.h b/components/hal/esp32c5/include/hal/sha_ll.h index 05c8ac445e..e1cb5f503c 100644 --- a/components/hal/esp32c5/include/hal/sha_ll.h +++ b/components/hal/esp32c5/include/hal/sha_ll.h @@ -39,6 +39,16 @@ static inline void sha_ll_reset_register(void) PCR.ecdsa_conf.ecdsa_rst_en = 0; } +/** + * @brief Load the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_set_mode(esp_sha_type sha_type) +{ + REG_WRITE(SHA_MODE_REG, sha_type); +} + /** * @brief Start a new SHA block conversions (no initial hash in HW) * @@ -46,7 +56,7 @@ static inline void sha_ll_reset_register(void) */ static inline void sha_ll_start_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_START_REG, 1); } @@ -57,29 +67,23 @@ static inline void sha_ll_start_block(esp_sha_type sha_type) */ static inline void sha_ll_continue_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_CONTINUE_REG, 1); } /** * @brief Start a new SHA message conversion using DMA (no initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_start_dma(esp_sha_type sha_type) +static inline void sha_ll_start_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_START_REG, 1); } /** * @brief Continue a SHA message conversion using DMA (initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_continue_dma(esp_sha_type sha_type) +static inline void sha_ll_continue_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_CONTINUE_REG, 1); } diff --git a/components/hal/esp32c6/include/hal/sha_ll.h b/components/hal/esp32c6/include/hal/sha_ll.h index ada6544337..7108e2d608 100644 --- a/components/hal/esp32c6/include/hal/sha_ll.h +++ b/components/hal/esp32c6/include/hal/sha_ll.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -37,6 +37,16 @@ static inline void sha_ll_reset_register(void) PCR.hmac_conf.hmac_rst_en = 0; } +/** + * @brief Load the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_set_mode(esp_sha_type sha_type) +{ + REG_WRITE(SHA_MODE_REG, sha_type); +} + /** * @brief Start a new SHA block conversions (no initial hash in HW) * @@ -44,7 +54,7 @@ static inline void sha_ll_reset_register(void) */ static inline void sha_ll_start_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_START_REG, 1); } @@ -55,29 +65,23 @@ static inline void sha_ll_start_block(esp_sha_type sha_type) */ static inline void sha_ll_continue_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_CONTINUE_REG, 1); } /** * @brief Start a new SHA message conversion using DMA (no initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_start_dma(esp_sha_type sha_type) +static inline void sha_ll_start_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_START_REG, 1); } /** * @brief Continue a SHA message conversion using DMA (initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_continue_dma(esp_sha_type sha_type) +static inline void sha_ll_continue_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_CONTINUE_REG, 1); } diff --git a/components/hal/esp32c61/include/hal/sha_ll.h b/components/hal/esp32c61/include/hal/sha_ll.h index 807391731e..7f9b945b47 100644 --- a/components/hal/esp32c61/include/hal/sha_ll.h +++ b/components/hal/esp32c61/include/hal/sha_ll.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2024-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -39,6 +39,16 @@ static inline void sha_ll_reset_register(void) PCR.ecdsa_conf.ecdsa_rst_en = 0; } +/** + * @brief Load the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_set_mode(esp_sha_type sha_type) +{ + REG_WRITE(SHA_MODE_REG, sha_type); +} + /** * @brief Start a new SHA block conversions (no initial hash in HW) * @@ -46,7 +56,7 @@ static inline void sha_ll_reset_register(void) */ static inline void sha_ll_start_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_START_REG, 1); } @@ -57,29 +67,23 @@ static inline void sha_ll_start_block(esp_sha_type sha_type) */ static inline void sha_ll_continue_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_CONTINUE_REG, 1); } /** * @brief Start a new SHA message conversion using DMA (no initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_start_dma(esp_sha_type sha_type) +static inline void sha_ll_start_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_START_REG, 1); } /** * @brief Continue a SHA message conversion using DMA (initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_continue_dma(esp_sha_type sha_type) +static inline void sha_ll_continue_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_CONTINUE_REG, 1); } diff --git a/components/hal/esp32h2/include/hal/sha_ll.h b/components/hal/esp32h2/include/hal/sha_ll.h index 0203449566..2363c768d1 100644 --- a/components/hal/esp32h2/include/hal/sha_ll.h +++ b/components/hal/esp32h2/include/hal/sha_ll.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -38,6 +38,16 @@ static inline void sha_ll_reset_register(void) PCR.ecdsa_conf.ecdsa_rst_en = 0; } +/** + * @brief Load the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_set_mode(esp_sha_type sha_type) +{ + REG_WRITE(SHA_MODE_REG, sha_type); +} + /** * @brief Start a new SHA block conversions (no initial hash in HW) * @@ -45,7 +55,7 @@ static inline void sha_ll_reset_register(void) */ static inline void sha_ll_start_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_START_REG, 1); } @@ -56,29 +66,23 @@ static inline void sha_ll_start_block(esp_sha_type sha_type) */ static inline void sha_ll_continue_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_CONTINUE_REG, 1); } /** * @brief Start a new SHA message conversion using DMA (no initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_start_dma(esp_sha_type sha_type) +static inline void sha_ll_start_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_START_REG, 1); } /** * @brief Continue a SHA message conversion using DMA (initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_continue_dma(esp_sha_type sha_type) +static inline void sha_ll_continue_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_CONTINUE_REG, 1); } diff --git a/components/hal/esp32h21/include/hal/sha_ll.h b/components/hal/esp32h21/include/hal/sha_ll.h index 29762922a1..177acc686e 100644 --- a/components/hal/esp32h21/include/hal/sha_ll.h +++ b/components/hal/esp32h21/include/hal/sha_ll.h @@ -38,6 +38,16 @@ static inline void sha_ll_reset_register(void) PCR.ecdsa_conf.ecdsa_rst_en = 0; } +/** + * @brief Load the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_set_mode(esp_sha_type sha_type) +{ + REG_WRITE(SHA_MODE_REG, sha_type); +} + /** * @brief Start a new SHA block conversions (no initial hash in HW) * @@ -45,7 +55,7 @@ static inline void sha_ll_reset_register(void) */ static inline void sha_ll_start_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_START_REG, 1); } @@ -56,29 +66,23 @@ static inline void sha_ll_start_block(esp_sha_type sha_type) */ static inline void sha_ll_continue_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_CONTINUE_REG, 1); } /** * @brief Start a new SHA message conversion using DMA (no initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_start_dma(esp_sha_type sha_type) +static inline void sha_ll_start_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_START_REG, 1); } /** * @brief Continue a SHA message conversion using DMA (initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_continue_dma(esp_sha_type sha_type) +static inline void sha_ll_continue_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_CONTINUE_REG, 1); } diff --git a/components/hal/esp32p4/include/hal/sha_ll.h b/components/hal/esp32p4/include/hal/sha_ll.h index 05cc64b058..49ec3f7287 100644 --- a/components/hal/esp32p4/include/hal/sha_ll.h +++ b/components/hal/esp32p4/include/hal/sha_ll.h @@ -53,6 +53,16 @@ static inline void sha_ll_reset_register(void) sha_ll_reset_register(__VA_ARGS__); \ } while(0) +/** + * @brief Load the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_set_mode(esp_sha_type sha_type) +{ + REG_WRITE(SHA_MODE_REG, sha_type); +} + /** * @brief Start a new SHA block conversions (no initial hash in HW) * @@ -60,7 +70,7 @@ static inline void sha_ll_reset_register(void) */ static inline void sha_ll_start_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_START_REG, 1); } @@ -71,29 +81,23 @@ static inline void sha_ll_start_block(esp_sha_type sha_type) */ static inline void sha_ll_continue_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_CONTINUE_REG, 1); } /** * @brief Start a new SHA message conversion using DMA (no initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_start_dma(esp_sha_type sha_type) +static inline void sha_ll_start_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_START_REG, 1); } /** * @brief Continue a SHA message conversion using DMA (initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_continue_dma(esp_sha_type sha_type) +static inline void sha_ll_continue_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_CONTINUE_REG, 1); } diff --git a/components/hal/esp32s2/include/hal/sha_ll.h b/components/hal/esp32s2/include/hal/sha_ll.h index 3f516e3dc2..1f13e1d01b 100644 --- a/components/hal/esp32s2/include/hal/sha_ll.h +++ b/components/hal/esp32s2/include/hal/sha_ll.h @@ -57,6 +57,16 @@ static inline void sha_ll_reset_register(void) sha_ll_reset_register(__VA_ARGS__); \ } while(0) +/** + * @brief Load the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_set_mode(esp_sha_type sha_type) +{ + REG_WRITE(SHA_MODE_REG, sha_type); +} + /** * @brief Start a new SHA block conversions (no initial hash in HW) * @@ -64,7 +74,7 @@ static inline void sha_ll_reset_register(void) */ static inline void sha_ll_start_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_START_REG, 1); } @@ -75,29 +85,23 @@ static inline void sha_ll_start_block(esp_sha_type sha_type) */ static inline void sha_ll_continue_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_CONTINUE_REG, 1); } /** * @brief Start a new SHA message conversion using DMA (no initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_start_dma(esp_sha_type sha_type) +static inline void sha_ll_start_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_START_REG, 1); } /** * @brief Continue a SHA message conversion using DMA (initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_continue_dma(esp_sha_type sha_type) +static inline void sha_ll_continue_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_CONTINUE_REG, 1); } diff --git a/components/hal/esp32s3/include/hal/sha_ll.h b/components/hal/esp32s3/include/hal/sha_ll.h index 3b799db984..357ff5980e 100644 --- a/components/hal/esp32s3/include/hal/sha_ll.h +++ b/components/hal/esp32s3/include/hal/sha_ll.h @@ -52,6 +52,16 @@ static inline void sha_ll_reset_register(void) sha_ll_reset_register(__VA_ARGS__); \ } while(0) +/** + * @brief Load the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_set_mode(esp_sha_type sha_type) +{ + REG_WRITE(SHA_MODE_REG, sha_type); +} + /** * @brief Start a new SHA block conversions (no initial hash in HW) * @@ -59,7 +69,7 @@ static inline void sha_ll_reset_register(void) */ static inline void sha_ll_start_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_START_REG, 1); } @@ -70,29 +80,23 @@ static inline void sha_ll_start_block(esp_sha_type sha_type) */ static inline void sha_ll_continue_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_CONTINUE_REG, 1); } /** * @brief Start a new SHA message conversion using DMA (no initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_start_dma(esp_sha_type sha_type) +static inline void sha_ll_start_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_START_REG, 1); } /** * @brief Continue a SHA message conversion using DMA (initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_continue_dma(esp_sha_type sha_type) +static inline void sha_ll_continue_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_CONTINUE_REG, 1); } diff --git a/components/hal/include/hal/sha_hal.h b/components/hal/include/hal/sha_hal.h index ef44f7834d..c6c11d6ceb 100644 --- a/components/hal/include/hal/sha_hal.h +++ b/components/hal/include/hal/sha_hal.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2015-2023 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -22,6 +22,13 @@ extern "C" { #endif +/** + * @brief Load the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +void sha_hal_set_mode(esp_sha_type sha_type); + /** * @brief Hashes a single message block * @@ -60,11 +67,10 @@ void sha_hal_write_digest(esp_sha_type sha_type, void *digest_state); /** * @brief Hashes a number of message blocks using DMA * - * @param sha_type SHA algorithm to hash with * @param num_blocks Number of blocks to hash * @param first_block Is this the first block in a message or a continuation? */ -void sha_hal_hash_dma(esp_sha_type sha_type, size_t num_blocks, bool first_block); +void sha_hal_hash_dma(size_t num_blocks, bool first_block); #endif #if SOC_SHA_SUPPORT_SHA512_T diff --git a/components/hal/sha_hal.c b/components/hal/sha_hal.c index 68c06b70dd..62f64fc6c3 100644 --- a/components/hal/sha_hal.c +++ b/components/hal/sha_hal.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2020-2023 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2020-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -66,12 +66,14 @@ inline static size_t state_length(esp_sha_type type) } #endif +void sha_hal_set_mode(esp_sha_type sha_type) +{ + sha_ll_set_mode(sha_type); +} /* Hash a single block */ void sha_hal_hash_block(esp_sha_type sha_type, const void *data_block, size_t block_word_len, bool first_block) { - sha_hal_wait_idle(); - sha_ll_fill_text_block(data_block, block_word_len); /* Start hashing */ @@ -85,17 +87,15 @@ void sha_hal_hash_block(esp_sha_type sha_type, const void *data_block, size_t bl #if SOC_SHA_SUPPORT_DMA /* Hashes a number of message blocks using DMA */ -void sha_hal_hash_dma(esp_sha_type sha_type, size_t num_blocks, bool first_block) +void sha_hal_hash_dma(size_t num_blocks, bool first_block) { - sha_hal_wait_idle(); - sha_ll_set_block_num(num_blocks); /* Start hashing */ if (first_block) { - sha_ll_start_dma(sha_type); + sha_ll_start_dma(); } else { - sha_ll_continue_dma(sha_type); + sha_ll_continue_dma(); } } diff --git a/components/hal/test_apps/crypto/main/sha/sha_block.c b/components/hal/test_apps/crypto/main/sha/sha_block.c index ed0ebb9d24..852e0efe33 100644 --- a/components/hal/test_apps/crypto/main/sha/sha_block.c +++ b/components/hal/test_apps/crypto/main/sha/sha_block.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: CC0-1.0 */ @@ -73,6 +73,9 @@ static void sha1_update_block(sha1_ctx* ctx, esp_sha_type sha_type, const unsign sha_ll_reset_register(); } + sha_hal_wait_idle(); + sha_hal_set_mode(sha_type); + if (ctx->first_block == 0) { /* Writes the message digest to the SHA engine */ sha_hal_write_digest(sha_type, ctx->state); @@ -174,6 +177,9 @@ static void sha256_update_block(sha256_ctx* ctx, esp_sha_type sha_type, const un sha_ll_reset_register(); } + sha_hal_wait_idle(); + sha_hal_set_mode(sha_type); + if (ctx->first_block == 0) { /* Writes the message digest to the SHA engine */ sha_hal_write_digest(sha_type, ctx->state); @@ -320,6 +326,9 @@ static void sha512_update_block(sha512_ctx* ctx, esp_sha_type sha_type, const un sha_ll_reset_register(); } + sha_hal_wait_idle(); + sha_hal_set_mode(sha_type); + if (ctx->first_block && sha_type == SHA2_512T){ sha_512_t_init_hash_block(ctx->t_val); ctx->first_block = 0; diff --git a/components/hal/test_apps/crypto/main/sha/sha_dma.c b/components/hal/test_apps/crypto/main/sha/sha_dma.c index 44dafe3f73..82db1f4063 100644 --- a/components/hal/test_apps/crypto/main/sha/sha_dma.c +++ b/components/hal/test_apps/crypto/main/sha/sha_dma.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: CC0-1.0 */ @@ -61,6 +61,8 @@ static void sha1_update_dma(sha1_ctx* ctx, esp_sha_type sha_type, const unsigned /* Enable peripheral module */ esp_sha_acquire_hardware(); + esp_sha_set_mode(sha_type); + esp_internal_sha1_update_state(ctx, sha_type); int ret = esp_sha_dma(sha_type, input, len, ctx->buffer, local_len, ctx->first_block); @@ -157,6 +159,8 @@ static void sha256_update_dma(sha256_ctx* ctx, esp_sha_type sha_type, const unsi /* Enable peripheral module */ esp_sha_acquire_hardware(); + esp_sha_set_mode(sha_type); + esp_internal_sha256_update_state(ctx); int ret = esp_sha_dma(ctx->mode, input, len, ctx->buffer, local_len, ctx->first_block); @@ -306,6 +310,8 @@ static void sha512_update_dma(sha512_ctx* ctx, esp_sha_type sha_type, const unsi /* Enable peripheral module */ esp_sha_acquire_hardware(); + esp_sha_set_mode(sha_type); + esp_internal_sha512_update_state(ctx); int ret = esp_sha_dma(ctx->mode, input, len, ctx->buffer, local_len, ctx->first_block); diff --git a/components/mbedtls/port/include/sha/sha_core.h b/components/mbedtls/port/include/sha/sha_core.h index 4032c41185..e22abd3246 100644 --- a/components/mbedtls/port/include/sha/sha_core.h +++ b/components/mbedtls/port/include/sha/sha_core.h @@ -50,12 +50,19 @@ extern "C" { */ void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output); +/** + * @brief Set the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +void esp_sha_set_mode(esp_sha_type sha_type); + /** @brief Execute SHA block operation * * @note This is a piece of a SHA algorithm, rather than an entire SHA * algorithm. * - * @note Call esp_sha_acquire_hardware() before calling this + * @note Call esp_sha_acquire_hardware() and esp_sha_set_mode() before calling this * function. * * @param sha_type SHA algorithm to use. @@ -78,7 +85,7 @@ void esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_first_ * @note This is a piece of a SHA algorithm, rather than an entire SHA * algorithm. * - * @note Call esp_sha_aquire_hardware() before calling this + * @note Call esp_sha_aquire_hardware() and esp_sha_set_mode() before calling this * function. * * @param sha_type SHA algorithm to use. @@ -145,7 +152,6 @@ void esp_sha_read_digest_state(esp_sha_type sha_type, void *digest_state); */ void esp_sha_write_digest_state(esp_sha_type sha_type, void *digest_state); - /** * @brief Enables the SHA and crypto DMA peripheral and takes the * locks for both of them. diff --git a/components/mbedtls/port/include/sha/sha_parallel_engine.h b/components/mbedtls/port/include/sha/sha_parallel_engine.h index cf6f0607da..aad6b322c3 100644 --- a/components/mbedtls/port/include/sha/sha_parallel_engine.h +++ b/components/mbedtls/port/include/sha/sha_parallel_engine.h @@ -1,16 +1,8 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #pragma once #include "hal/sha_types.h" @@ -69,6 +61,13 @@ extern "C" { */ void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output); +/** + * @brief Set the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +void esp_sha_set_mode(esp_sha_type sha_type); + /* @brief Begin to execute a single SHA block operation * * @note This is a piece of a SHA algorithm, rather than an entire SHA diff --git a/components/mbedtls/port/sha/core/esp_sha1.c b/components/mbedtls/port/sha/core/esp_sha1.c index 64b7ba98af..515bd1c838 100644 --- a/components/mbedtls/port/sha/core/esp_sha1.c +++ b/components/mbedtls/port/sha/core/esp_sha1.c @@ -113,6 +113,9 @@ static void esp_internal_sha1_block_process(mbedtls_sha1_context *ctx, const uin int mbedtls_internal_sha1_process(mbedtls_sha1_context *ctx, const unsigned char data[64]) { esp_sha_acquire_hardware(); + + esp_sha_set_mode(ctx->mode); + esp_internal_sha_update_state(ctx); #if SOC_SHA_SUPPORT_DMA @@ -166,6 +169,8 @@ int mbedtls_sha1_update(mbedtls_sha1_context *ctx, const unsigned char *input, s esp_sha_acquire_hardware(); + esp_sha_set_mode(ctx->mode); + esp_internal_sha_update_state(ctx); #if SOC_SHA_SUPPORT_DMA diff --git a/components/mbedtls/port/sha/core/esp_sha256.c b/components/mbedtls/port/sha/core/esp_sha256.c index cbd2f82d0b..cc717f8202 100644 --- a/components/mbedtls/port/sha/core/esp_sha256.c +++ b/components/mbedtls/port/sha/core/esp_sha256.c @@ -126,6 +126,9 @@ static void esp_internal_sha256_block_process(mbedtls_sha256_context *ctx, const int mbedtls_internal_sha256_process(mbedtls_sha256_context *ctx, const unsigned char data[64]) { esp_sha_acquire_hardware(); + + esp_sha_set_mode(ctx->mode); + esp_internal_sha_update_state(ctx); #if SOC_SHA_SUPPORT_DMA @@ -185,6 +188,8 @@ int mbedtls_sha256_update(mbedtls_sha256_context *ctx, const unsigned char *inpu esp_sha_acquire_hardware(); + esp_sha_set_mode(ctx->mode); + esp_internal_sha_update_state(ctx); #if SOC_SHA_SUPPORT_DMA diff --git a/components/mbedtls/port/sha/core/esp_sha512.c b/components/mbedtls/port/sha/core/esp_sha512.c index 049e51a2e6..1750095009 100644 --- a/components/mbedtls/port/sha/core/esp_sha512.c +++ b/components/mbedtls/port/sha/core/esp_sha512.c @@ -160,6 +160,8 @@ int mbedtls_internal_sha512_process(mbedtls_sha512_context *ctx, const unsigned esp_sha_acquire_hardware(); + esp_sha_set_mode(ctx->mode); + ret = esp_internal_sha_update_state(ctx); if (ret != 0) { esp_sha_release_hardware(); @@ -220,6 +222,8 @@ int mbedtls_sha512_update(mbedtls_sha512_context *ctx, const unsigned char *inpu esp_sha_acquire_hardware(); + esp_sha_set_mode(ctx->mode); + int ret = esp_internal_sha_update_state(ctx); if (ret != 0) { diff --git a/components/mbedtls/port/sha/core/sha.c b/components/mbedtls/port/sha/core/sha.c index a573a79d3a..8aa2f1e0e1 100644 --- a/components/mbedtls/port/sha/core/sha.c +++ b/components/mbedtls/port/sha/core/sha.c @@ -102,6 +102,12 @@ void esp_sha_release_hardware(void) esp_crypto_sha_aes_lock_release(); } +void esp_sha_set_mode(esp_sha_type sha_type) +{ + sha_hal_wait_idle(); + sha_hal_set_mode(sha_type); +} + void esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_first_block) { sha_hal_hash_block(sha_type, data_block, block_length(sha_type) / 4, is_first_block); @@ -284,7 +290,7 @@ static esp_err_t esp_sha_dma_process(esp_sha_type sha_type, const void *input, u return -1; } - sha_hal_hash_dma(sha_type, num_blks, is_first_block); + sha_hal_hash_dma(num_blks, is_first_block); sha_hal_wait_idle(); diff --git a/components/mbedtls/port/sha/parallel_engine/sha.c b/components/mbedtls/port/sha/parallel_engine/sha.c index 4828b9f87d..e2b4591910 100644 --- a/components/mbedtls/port/sha/parallel_engine/sha.c +++ b/components/mbedtls/port/sha/parallel_engine/sha.c @@ -50,7 +50,7 @@ static portMUX_TYPE memory_block_lock = portMUX_INITIALIZER_UNLOCKED; /* Binary semaphore managing the state of each concurrent SHA engine. - Available = noone is using this SHA engine + Available = no one is using this SHA engine Taken = a SHA session is running on this SHA engine Indexes: @@ -209,6 +209,11 @@ void esp_sha_read_digest_state(esp_sha_type sha_type, void *digest_state) esp_sha_unlock_memory_block(); } +void esp_sha_set_mode(esp_sha_type sha_type) +{ + sha_hal_set_mode(sha_type); +} + void esp_sha_block(esp_sha_type sha_type, const void *data_block, bool first_block) { #ifndef NDEBUG diff --git a/components/wpa_supplicant/esp_supplicant/src/crypto/fastpsk.c b/components/wpa_supplicant/esp_supplicant/src/crypto/fastpsk.c index 72bfeb43b0..3ec8a6a9cc 100644 --- a/components/wpa_supplicant/esp_supplicant/src/crypto/fastpsk.c +++ b/components/wpa_supplicant/esp_supplicant/src/crypto/fastpsk.c @@ -160,6 +160,7 @@ static inline void write32_be(uint32_t n, uint8_t out[4]) void sha1_op(uint32_t blocks[FAST_PSK_SHA1_BLOCKS_BUF_WORDS], uint32_t output[SHA1_OUTPUT_SZ_WORDS]) { + esp_sha_set_mode(SHA1); /* First block */ esp_sha_block(SHA1, blocks, true); /* Second block */ diff --git a/docs/en/migration-guides/release-5.x/5.5/index.rst b/docs/en/migration-guides/release-5.x/5.5/index.rst index dedee8fed4..0672e640b5 100644 --- a/docs/en/migration-guides/release-5.x/5.5/index.rst +++ b/docs/en/migration-guides/release-5.x/5.5/index.rst @@ -6,6 +6,7 @@ Migration from 5.4 to 5.5 .. toctree:: :maxdepth: 1 + security system peripherals protocols diff --git a/docs/en/migration-guides/release-5.x/5.5/security.rst b/docs/en/migration-guides/release-5.x/5.5/security.rst new file mode 100644 index 0000000000..ec5a774b27 --- /dev/null +++ b/docs/en/migration-guides/release-5.x/5.5/security.rst @@ -0,0 +1,19 @@ +Security +======== + +:link_to_translation:`zh_CN:[中文]` + +.. only:: SOC_SHA_SUPPORTED + + Mbed TLS + -------- + + Starting from **ESP-IDF v5.5**, there is a change in how the SHA sub-function APIs, :cpp:func:`esp_sha_block` and :cpp:func:`esp_sha_dma`, are used. + + Previously, these APIs used to set the SHA mode internally, however, in the updated version, you must explicitly set the SHA mode before invoking them. + + For instance, if you intend to use the **SHA-256** algorithm, you must first call :cpp:func:`esp_sha_set_mode` with the argument ``SHA2_256``: + + .. code-block:: c + + esp_sha_set_mode(SHA2_256); diff --git a/docs/zh_CN/migration-guides/release-5.x/5.5/index.rst b/docs/zh_CN/migration-guides/release-5.x/5.5/index.rst index 695fb35269..150b053e43 100644 --- a/docs/zh_CN/migration-guides/release-5.x/5.5/index.rst +++ b/docs/zh_CN/migration-guides/release-5.x/5.5/index.rst @@ -6,6 +6,7 @@ .. toctree:: :maxdepth: 1 + security system peripherals protocols diff --git a/docs/zh_CN/migration-guides/release-5.x/5.5/security.rst b/docs/zh_CN/migration-guides/release-5.x/5.5/security.rst new file mode 100644 index 0000000000..87004c5383 --- /dev/null +++ b/docs/zh_CN/migration-guides/release-5.x/5.5/security.rst @@ -0,0 +1,4 @@ +安全性 +======= + +:link_to_translation:`en:[English]` diff --git a/tools/ci/check_copyright_ignore.txt b/tools/ci/check_copyright_ignore.txt index a51992005b..e38100cfc6 100644 --- a/tools/ci/check_copyright_ignore.txt +++ b/tools/ci/check_copyright_ignore.txt @@ -480,7 +480,6 @@ components/mbedtls/port/include/esp32/sha.h components/mbedtls/port/include/esp32s2/aes.h components/mbedtls/port/include/esp32s2/gcm.h components/mbedtls/port/include/mbedtls/esp_debug.h -components/mbedtls/port/include/sha/sha_parallel_engine.h components/mbedtls/port/include/sha1_alt.h components/mbedtls/port/include/sha256_alt.h components/mbedtls/port/include/sha512_alt.h From 85ec4df4dbbf70a423c0608c24a81884172e39c2 Mon Sep 17 00:00:00 2001 From: "harshal.patil" Date: Wed, 28 May 2025 12:10:07 +0530 Subject: [PATCH 3/3] change(mbedlts/port): Remove deprecated header files --- components/mbedtls/port/include/esp32/aes.h | 31 ----------------- components/mbedtls/port/include/esp32/sha.h | 20 ----------- components/mbedtls/port/include/esp32s2/aes.h | 33 ------------------- components/mbedtls/port/include/esp32s2/gcm.h | 27 --------------- components/mbedtls/port/include/esp32s2/sha.h | 11 ------- .../mbedtls/port/include/sha/sha_block.h | 9 ----- components/mbedtls/port/include/sha/sha_dma.h | 9 ----- .../release-6.x/6.0/index.rst | 1 + .../release-6.x/6.0/security.rst | 13 ++++++++ .../release-6.x/6.0/index.rst | 1 + .../release-6.x/6.0/security.rst | 4 +++ tools/ci/check_copyright_ignore.txt | 4 --- 12 files changed, 19 insertions(+), 144 deletions(-) delete mode 100644 components/mbedtls/port/include/esp32/aes.h delete mode 100644 components/mbedtls/port/include/esp32/sha.h delete mode 100644 components/mbedtls/port/include/esp32s2/aes.h delete mode 100644 components/mbedtls/port/include/esp32s2/gcm.h delete mode 100644 components/mbedtls/port/include/esp32s2/sha.h delete mode 100644 components/mbedtls/port/include/sha/sha_block.h delete mode 100644 components/mbedtls/port/include/sha/sha_dma.h create mode 100644 docs/en/migration-guides/release-6.x/6.0/security.rst create mode 100644 docs/zh_CN/migration-guides/release-6.x/6.0/security.rst diff --git a/components/mbedtls/port/include/esp32/aes.h b/components/mbedtls/port/include/esp32/aes.h deleted file mode 100644 index 3eb87a78c8..0000000000 --- a/components/mbedtls/port/include/esp32/aes.h +++ /dev/null @@ -1,31 +0,0 @@ -/** - * \brief AES block cipher, ESP32 hardware accelerated version - * Based on mbedTLS FIPS-197 compliant version. - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE Ltd - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * - */ - -#ifndef ESP_AES_H -#define ESP_AES_H - -#warning "esp32/aes.h is deprecated, please use aes/esp_aes.h instead" - -#include "aes/esp_aes.h" - -#endif /* aes.h */ diff --git a/components/mbedtls/port/include/esp32/sha.h b/components/mbedtls/port/include/esp32/sha.h deleted file mode 100644 index 14d39b3d62..0000000000 --- a/components/mbedtls/port/include/esp32/sha.h +++ /dev/null @@ -1,20 +0,0 @@ -// Copyright 2019-2020 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#pragma once - - -#include "sha/sha_parallel_engine.h" - -#warning esp32/sha.h is deprecated, please use sha_parallel_engine.h instead diff --git a/components/mbedtls/port/include/esp32s2/aes.h b/components/mbedtls/port/include/esp32s2/aes.h deleted file mode 100644 index 09a3b3d59b..0000000000 --- a/components/mbedtls/port/include/esp32s2/aes.h +++ /dev/null @@ -1,33 +0,0 @@ -/** - * \brief AES block cipher, ESP32 hardware accelerated version - * Based on mbedTLS FIPS-197 compliant version. - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2016-20, Espressif Systems (Shanghai) PTE Ltd - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * - */ - -#ifndef ESP_AES_H -#define ESP_AES_H - - -//#warning "esp32s2/aes.h is deprecated, please use aes/esp_aes.h instead" - -#include "aes/esp_aes.h" - - -#endif /* aes.h */ diff --git a/components/mbedtls/port/include/esp32s2/gcm.h b/components/mbedtls/port/include/esp32s2/gcm.h deleted file mode 100644 index 726783e8cc..0000000000 --- a/components/mbedtls/port/include/esp32s2/gcm.h +++ /dev/null @@ -1,27 +0,0 @@ -/** - * \brief AES block cipher, ESP32C hardware accelerated version - * Based on mbedTLS FIPS-197 compliant version. - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2019-2020, Espressif Systems (Shanghai) PTE Ltd - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * - */ -#pragma once - -#warning "esp32s2/gcm.h is deprecated, please use aes/esp_aes_gcm.h instead" - -#include "aes/esp_aes_gcm.h" diff --git a/components/mbedtls/port/include/esp32s2/sha.h b/components/mbedtls/port/include/esp32s2/sha.h deleted file mode 100644 index 366f7b6b79..0000000000 --- a/components/mbedtls/port/include/esp32s2/sha.h +++ /dev/null @@ -1,11 +0,0 @@ -/* - * SPDX-FileCopyrightText: 2019-2025 Espressif Systems (Shanghai) CO LTD - * - * SPDX-License-Identifier: Apache-2.0 - */ - -#pragma once - -#include "sha/sha_core.h" - -#warning esp32s2/sha.h is deprecated, please use sha/sha_core.h instead diff --git a/components/mbedtls/port/include/sha/sha_block.h b/components/mbedtls/port/include/sha/sha_block.h deleted file mode 100644 index a05e87bdd6..0000000000 --- a/components/mbedtls/port/include/sha/sha_block.h +++ /dev/null @@ -1,9 +0,0 @@ -/* - * SPDX-FileCopyrightText: 2022-2024 Espressif Systems (Shanghai) CO LTD - * - * SPDX-License-Identifier: Apache-2.0 - */ - -#pragma once - -#include "sha/sha_core.h" diff --git a/components/mbedtls/port/include/sha/sha_dma.h b/components/mbedtls/port/include/sha/sha_dma.h deleted file mode 100644 index 8274858884..0000000000 --- a/components/mbedtls/port/include/sha/sha_dma.h +++ /dev/null @@ -1,9 +0,0 @@ -/* - * SPDX-FileCopyrightText: 2019-2024 Espressif Systems (Shanghai) CO LTD - * - * SPDX-License-Identifier: Apache-2.0 - */ - -#pragma once - -#include "sha/sha_core.h" diff --git a/docs/en/migration-guides/release-6.x/6.0/index.rst b/docs/en/migration-guides/release-6.x/6.0/index.rst index 5a20fe8189..0c383b402b 100644 --- a/docs/en/migration-guides/release-6.x/6.0/index.rst +++ b/docs/en/migration-guides/release-6.x/6.0/index.rst @@ -7,4 +7,5 @@ Migration from 5.5 to 6.0 :maxdepth: 1 peripherals + security tools diff --git a/docs/en/migration-guides/release-6.x/6.0/security.rst b/docs/en/migration-guides/release-6.x/6.0/security.rst new file mode 100644 index 0000000000..3bcb3cdfef --- /dev/null +++ b/docs/en/migration-guides/release-6.x/6.0/security.rst @@ -0,0 +1,13 @@ +Security +======== + +:link_to_translation:`zh_CN:[中文]` + +Mbed TLS +-------- + + Starting from **ESP-IDF v6.0**, some already deprecated mbedtls header files like ``esp32/aes.h``, ``esp32/sha.h``, ``esp32s2/aes.h``, ``esp32s2/sha.h`` and ``esp32s2/gcm.h`` have been removed, instead, you should include ``aes/esp_aes.h``, ``sha/sha_core.h`` and ``aes/esp_aes_gcm.h`` respectively. + + .. only:: SOC_SHA_SUPPORTED + + The SHA module headers ``sha/sha_dma.h`` and ``sha/sha_block.h`` are also deprecated and removed. You should include ``sha/sha_core.h`` instead. diff --git a/docs/zh_CN/migration-guides/release-6.x/6.0/index.rst b/docs/zh_CN/migration-guides/release-6.x/6.0/index.rst index 2720a3b054..4d848eb47a 100644 --- a/docs/zh_CN/migration-guides/release-6.x/6.0/index.rst +++ b/docs/zh_CN/migration-guides/release-6.x/6.0/index.rst @@ -6,5 +6,6 @@ .. toctree:: :maxdepth: 1 + security peripherals tools diff --git a/docs/zh_CN/migration-guides/release-6.x/6.0/security.rst b/docs/zh_CN/migration-guides/release-6.x/6.0/security.rst new file mode 100644 index 0000000000..87004c5383 --- /dev/null +++ b/docs/zh_CN/migration-guides/release-6.x/6.0/security.rst @@ -0,0 +1,4 @@ +安全性 +======= + +:link_to_translation:`en:[English]` diff --git a/tools/ci/check_copyright_ignore.txt b/tools/ci/check_copyright_ignore.txt index e38100cfc6..53b6d93498 100644 --- a/tools/ci/check_copyright_ignore.txt +++ b/tools/ci/check_copyright_ignore.txt @@ -475,10 +475,6 @@ components/mbedtls/port/aes/esp_aes_xts.c components/mbedtls/port/include/aes/esp_aes.h components/mbedtls/port/include/aes_alt.h components/mbedtls/port/include/bignum_impl.h -components/mbedtls/port/include/esp32/aes.h -components/mbedtls/port/include/esp32/sha.h -components/mbedtls/port/include/esp32s2/aes.h -components/mbedtls/port/include/esp32s2/gcm.h components/mbedtls/port/include/mbedtls/esp_debug.h components/mbedtls/port/include/sha1_alt.h components/mbedtls/port/include/sha256_alt.h