From bcc4883c2564e99d539c3792165c2a740bd8f175 Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Thu, 17 Mar 2022 15:02:14 +0530 Subject: [PATCH 1/8] soc: add capability macros for crypto peripherals Closes IDF-4790 --- .../soc/esp32/include/soc/Kconfig.soc_caps.in | 12 +++++++ components/soc/esp32/include/soc/soc_caps.h | 3 ++ .../esp32c2/include/soc/Kconfig.soc_caps.in | 12 ++++--- components/soc/esp32c2/include/soc/soc_caps.h | 3 +- .../esp32c3/include/soc/Kconfig.soc_caps.in | 28 +++++++++++----- components/soc/esp32c3/include/soc/soc_caps.h | 7 ++-- .../esp32h2/include/soc/Kconfig.soc_caps.in | 32 ++++++++++++++----- components/soc/esp32h2/include/soc/soc_caps.h | 11 ++++--- .../esp32s2/include/soc/Kconfig.soc_caps.in | 28 +++++++++++----- components/soc/esp32s2/include/soc/soc_caps.h | 7 ++-- .../esp32s3/include/soc/Kconfig.soc_caps.in | 28 +++++++++++----- components/soc/esp32s3/include/soc/soc_caps.h | 8 +++-- 12 files changed, 132 insertions(+), 47 deletions(-) diff --git a/components/soc/esp32/include/soc/Kconfig.soc_caps.in b/components/soc/esp32/include/soc/Kconfig.soc_caps.in index 7b43804fcf..5ea0b18ce6 100644 --- a/components/soc/esp32/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32/include/soc/Kconfig.soc_caps.in @@ -103,6 +103,18 @@ config SOC_SUPPORT_COEXISTENCE bool default y +config SOC_AES_SUPPORTED + bool + default y + +config SOC_MPI_SUPPORTED + bool + default y + +config SOC_SHA_SUPPORTED + bool + default y + config SOC_ADC_RTC_CTRL_SUPPORTED bool default y diff --git a/components/soc/esp32/include/soc/soc_caps.h b/components/soc/esp32/include/soc/soc_caps.h index d4ccb27e9f..93770e060a 100644 --- a/components/soc/esp32/include/soc/soc_caps.h +++ b/components/soc/esp32/include/soc/soc_caps.h @@ -85,6 +85,9 @@ #define SOC_RMT_SUPPORTED 1 #define SOC_SIGMADELTA_SUPPORTED 1 #define SOC_SUPPORT_COEXISTENCE 1 +#define SOC_AES_SUPPORTED 1 +#define SOC_MPI_SUPPORTED 1 +#define SOC_SHA_SUPPORTED 1 /*-------------------------- ADC CAPS ----------------------------------------*/ diff --git a/components/soc/esp32c2/include/soc/Kconfig.soc_caps.in b/components/soc/esp32c2/include/soc/Kconfig.soc_caps.in index 162f1be705..a9e9af69ba 100644 --- a/components/soc/esp32c2/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32c2/include/soc/Kconfig.soc_caps.in @@ -31,10 +31,6 @@ config SOC_ASYNC_MEMCPY_SUPPORTED bool default y -config SOC_ECC_SUPPORTED - bool - default y - config SOC_SUPPORTS_SECURE_DL_MODE bool default y @@ -71,6 +67,14 @@ config SOC_FLASH_ENCRYPTION_XTS_AES bool default y +config SOC_SHA_SUPPORTED + bool + default y + +config SOC_ECC_SUPPORTED + bool + default y + config SOC_AES_SUPPORT_DMA bool default y diff --git a/components/soc/esp32c2/include/soc/soc_caps.h b/components/soc/esp32c2/include/soc/soc_caps.h index ce0e77bd99..129a0f1501 100644 --- a/components/soc/esp32c2/include/soc/soc_caps.h +++ b/components/soc/esp32c2/include/soc/soc_caps.h @@ -32,7 +32,6 @@ #define SOC_BT_SUPPORTED 0 // Enable during bringup, IDF-4357 #define SOC_WIFI_SUPPORTED 0 // Enable during bringup, IDF-3905 #define SOC_ASYNC_MEMCPY_SUPPORTED 1 -#define SOC_ECC_SUPPORTED 1 #define SOC_SUPPORTS_SECURE_DL_MODE 1 #define SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS 1 #define SOC_EFUSE_REVOKE_BOOT_KEY_DIGESTS 0 @@ -42,6 +41,8 @@ #define SOC_RTC_SLOW_MEM_SUPPORTED 0 #define SOC_SUPPORT_SECURE_BOOT_REVOKE_KEY 0 #define SOC_FLASH_ENCRYPTION_XTS_AES 1 +#define SOC_SHA_SUPPORTED 1 +#define SOC_ECC_SUPPORTED 1 /*-------------------------- AES CAPS -----------------------------------------*/ #define SOC_AES_SUPPORT_DMA (1) diff --git a/components/soc/esp32c3/include/soc/Kconfig.soc_caps.in b/components/soc/esp32c3/include/soc/Kconfig.soc_caps.in index 777f0638e1..73abdc7548 100644 --- a/components/soc/esp32c3/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32c3/include/soc/Kconfig.soc_caps.in @@ -31,14 +31,6 @@ config SOC_BLUEDROID_SUPPORTED bool default y -config SOC_DIG_SIGN_SUPPORTED - bool - default y - -config SOC_HMAC_SUPPORTED - bool - default y - config SOC_ASYNC_MEMCPY_SUPPORTED bool default y @@ -107,6 +99,26 @@ config SOC_SUPPORT_COEXISTENCE bool default y +config SOC_AES_SUPPORTED + bool + default y + +config SOC_MPI_SUPPORTED + bool + default y + +config SOC_SHA_SUPPORTED + bool + default y + +config SOC_HMAC_SUPPORTED + bool + default y + +config SOC_DIG_SIGN_SUPPORTED + bool + default y + config SOC_AES_SUPPORT_DMA bool default y diff --git a/components/soc/esp32c3/include/soc/soc_caps.h b/components/soc/esp32c3/include/soc/soc_caps.h index 492e25779d..0a65a6be78 100644 --- a/components/soc/esp32c3/include/soc/soc_caps.h +++ b/components/soc/esp32c3/include/soc/soc_caps.h @@ -32,8 +32,6 @@ #define SOC_TWAI_SUPPORTED 1 #define SOC_BT_SUPPORTED 1 #define SOC_BLUEDROID_SUPPORTED 1 -#define SOC_DIG_SIGN_SUPPORTED 1 -#define SOC_HMAC_SUPPORTED 1 #define SOC_ASYNC_MEMCPY_SUPPORTED 1 #define SOC_USB_SERIAL_JTAG_SUPPORTED 1 #define SOC_TEMP_SENSOR_SUPPORTED 1 @@ -51,6 +49,11 @@ #define SOC_RMT_SUPPORTED 1 #define SOC_SIGMADELTA_SUPPORTED 1 #define SOC_SUPPORT_COEXISTENCE 1 +#define SOC_AES_SUPPORTED 1 +#define SOC_MPI_SUPPORTED 1 +#define SOC_SHA_SUPPORTED 1 +#define SOC_HMAC_SUPPORTED 1 +#define SOC_DIG_SIGN_SUPPORTED 1 /*-------------------------- AES CAPS -----------------------------------------*/ #define SOC_AES_SUPPORT_DMA (1) diff --git a/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in b/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in index ba9a92a607..ef8392098a 100644 --- a/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in @@ -35,14 +35,6 @@ config SOC_ESP_NIMBLE_CONTROLLER bool default y -config SOC_DIG_SIGN_SUPPORTED - bool - default y - -config SOC_HMAC_SUPPORTED - bool - default y - config SOC_ASYNC_MEMCPY_SUPPORTED bool default y @@ -91,6 +83,30 @@ config SOC_SIGMADELTA_SUPPORTED bool default y +config SOC_AES_SUPPORTED + bool + default y + +config SOC_MPI_SUPPORTED + bool + default y + +config SOC_SHA_SUPPORTED + bool + default y + +config SOC_HMAC_SUPPORTED + bool + default y + +config SOC_DIG_SIGN_SUPPORTED + bool + default y + +config SOC_ECC_SUPPORTED + bool + default n + config SOC_AES_SUPPORT_DMA bool default y diff --git a/components/soc/esp32h2/include/soc/soc_caps.h b/components/soc/esp32h2/include/soc/soc_caps.h index 3295748d54..f4d1b861a0 100644 --- a/components/soc/esp32h2/include/soc/soc_caps.h +++ b/components/soc/esp32h2/include/soc/soc_caps.h @@ -39,10 +39,8 @@ #define SOC_GDMA_SUPPORTED 1 #define SOC_TWAI_SUPPORTED 1 #define SOC_BT_SUPPORTED 1 -#define SOC_BLUEDROID_SUPPORTED 0 +#define SOC_BLUEDROID_SUPPORTED 0 #define SOC_ESP_NIMBLE_CONTROLLER 1 -#define SOC_DIG_SIGN_SUPPORTED 1 -#define SOC_HMAC_SUPPORTED 1 #define SOC_ASYNC_MEMCPY_SUPPORTED 1 #define SOC_USB_SERIAL_JTAG_SUPPORTED 1 #define SOC_SUPPORTS_SECURE_DL_MODE 1 @@ -55,7 +53,12 @@ #define SOC_I2S_SUPPORTED 1 #define SOC_RMT_SUPPORTED 1 #define SOC_SIGMADELTA_SUPPORTED 1 - +#define SOC_AES_SUPPORTED 1 +#define SOC_MPI_SUPPORTED 1 +#define SOC_SHA_SUPPORTED 1 +#define SOC_HMAC_SUPPORTED 1 +#define SOC_DIG_SIGN_SUPPORTED 1 +#define SOC_ECC_SUPPORTED 0 // This will be enabled with IDF-3397 /*-------------------------- AES CAPS -----------------------------------------*/ #define SOC_AES_SUPPORT_DMA (1) diff --git a/components/soc/esp32s2/include/soc/Kconfig.soc_caps.in b/components/soc/esp32s2/include/soc/Kconfig.soc_caps.in index 95c4e03538..3a9f0648bf 100644 --- a/components/soc/esp32s2/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32s2/include/soc/Kconfig.soc_caps.in @@ -55,14 +55,6 @@ config SOC_CCOMP_TIMER_SUPPORTED bool default y -config SOC_DIG_SIGN_SUPPORTED - bool - default y - -config SOC_HMAC_SUPPORTED - bool - default y - config SOC_ASYNC_MEMCPY_SUPPORTED bool default y @@ -131,6 +123,26 @@ config SOC_SUPPORT_COEXISTENCE bool default n +config SOC_AES_SUPPORTED + bool + default y + +config SOC_MPI_SUPPORTED + bool + default y + +config SOC_SHA_SUPPORTED + bool + default y + +config SOC_HMAC_SUPPORTED + bool + default y + +config SOC_DIG_SIGN_SUPPORTED + bool + default y + config SOC_ADC_RTC_CTRL_SUPPORTED bool default y diff --git a/components/soc/esp32s2/include/soc/soc_caps.h b/components/soc/esp32s2/include/soc/soc_caps.h index e62053c214..5549bcbb4e 100644 --- a/components/soc/esp32s2/include/soc/soc_caps.h +++ b/components/soc/esp32s2/include/soc/soc_caps.h @@ -52,8 +52,6 @@ #define SOC_WIFI_SUPPORTED 1 #define SOC_ULP_SUPPORTED 1 #define SOC_CCOMP_TIMER_SUPPORTED 1 -#define SOC_DIG_SIGN_SUPPORTED 1 -#define SOC_HMAC_SUPPORTED 1 #define SOC_ASYNC_MEMCPY_SUPPORTED 1 #define SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS 3 #define SOC_EFUSE_REVOKE_BOOT_KEY_DIGESTS 1 @@ -71,6 +69,11 @@ #define SOC_RMT_SUPPORTED 1 #define SOC_SIGMADELTA_SUPPORTED 1 #define SOC_SUPPORT_COEXISTENCE 0 +#define SOC_AES_SUPPORTED 1 +#define SOC_MPI_SUPPORTED 1 +#define SOC_SHA_SUPPORTED 1 +#define SOC_HMAC_SUPPORTED 1 +#define SOC_DIG_SIGN_SUPPORTED 1 /*-------------------------- ADC CAPS ----------------------------------------*/ diff --git a/components/soc/esp32s3/include/soc/Kconfig.soc_caps.in b/components/soc/esp32s3/include/soc/Kconfig.soc_caps.in index c87dc02cb6..9ba9005a03 100644 --- a/components/soc/esp32s3/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32s3/include/soc/Kconfig.soc_caps.in @@ -127,14 +127,6 @@ config SOC_CCOMP_TIMER_SUPPORTED bool default y -config SOC_DIG_SIGN_SUPPORTED - bool - default y - -config SOC_HMAC_SUPPORTED - bool - default y - config SOC_ASYNC_MEMCPY_SUPPORTED bool default y @@ -207,6 +199,26 @@ config SOC_TEMP_SENSOR_SUPPORTED bool default y +config SOC_AES_SUPPORTED + bool + default y + +config SOC_MPI_SUPPORTED + bool + default y + +config SOC_SHA_SUPPORTED + bool + default y + +config SOC_HMAC_SUPPORTED + bool + default y + +config SOC_DIG_SIGN_SUPPORTED + bool + default y + config SOC_APPCPU_HAS_CLOCK_GATING_BUG bool default y diff --git a/components/soc/esp32s3/include/soc/soc_caps.h b/components/soc/esp32s3/include/soc/soc_caps.h index f55ef21de8..a00c26b8ed 100644 --- a/components/soc/esp32s3/include/soc/soc_caps.h +++ b/components/soc/esp32s3/include/soc/soc_caps.h @@ -42,8 +42,6 @@ #define SOC_USB_OTG_SUPPORTED 1 #define SOC_USB_SERIAL_JTAG_SUPPORTED 1 #define SOC_CCOMP_TIMER_SUPPORTED 1 -#define SOC_DIG_SIGN_SUPPORTED 1 -#define SOC_HMAC_SUPPORTED 1 #define SOC_ASYNC_MEMCPY_SUPPORTED 1 #define SOC_SUPPORTS_SECURE_DL_MODE 1 #define SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS 3 @@ -62,6 +60,12 @@ #define SOC_SIGMADELTA_SUPPORTED 1 #define SOC_SUPPORT_COEXISTENCE 1 #define SOC_TEMP_SENSOR_SUPPORTED 1 +#define SOC_AES_SUPPORTED 1 +#define SOC_MPI_SUPPORTED 1 +#define SOC_SHA_SUPPORTED 1 +#define SOC_HMAC_SUPPORTED 1 +#define SOC_DIG_SIGN_SUPPORTED 1 + /*-------------------------- SOC CAPS ----------------------------------------*/ #define SOC_APPCPU_HAS_CLOCK_GATING_BUG (1) From 36377b9cc35931302f73f413058d177a627f70bc Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Thu, 17 Mar 2022 15:11:52 +0530 Subject: [PATCH 2/8] mbedtls: use SOC capability macros instead of target names --- components/mbedtls/Kconfig | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig index d52e63329a..c060d45d72 100644 --- a/components/mbedtls/Kconfig +++ b/components/mbedtls/Kconfig @@ -347,7 +347,7 @@ menu "mbedTLS" config MBEDTLS_HARDWARE_AES bool "Enable hardware AES acceleration" default y - depends on !SPIRAM_CACHE_WORKAROUND_STRATEGY_DUPLDST && !IDF_TARGET_ESP32C2 + depends on !SPIRAM_CACHE_WORKAROUND_STRATEGY_DUPLDST && SOC_AES_SUPPORTED help Enable hardware accelerated AES encryption & decryption. @@ -366,7 +366,7 @@ menu "mbedTLS" config MBEDTLS_HARDWARE_GCM bool "Enable partially hardware accelerated GCM" - depends on IDF_TARGET_ESP32S2 && MBEDTLS_HARDWARE_AES + depends on SOC_AES_SUPPORT_GCM && MBEDTLS_HARDWARE_AES default y help Enable partially hardware accelerated GCM. GHASH calculation is still done @@ -379,7 +379,7 @@ menu "mbedTLS" config MBEDTLS_HARDWARE_MPI bool "Enable hardware MPI (bignum) acceleration" default y - depends on !SPIRAM_CACHE_WORKAROUND_STRATEGY_DUPLDST && !IDF_TARGET_ESP32C2 + depends on !SPIRAM_CACHE_WORKAROUND_STRATEGY_DUPLDST && SOC_MPI_SUPPORTED help Enable hardware accelerated multiple precision integer operations. @@ -1001,7 +1001,7 @@ menu "mbedTLS" config MBEDTLS_LARGE_KEY_SOFTWARE_MPI bool "Fallback to software implementation for larger MPI values" depends on MBEDTLS_HARDWARE_MPI - default y if IDF_TARGET_ESP32C3 || IDF_TARGET_ESP32H2 || IDF_TARGET_ESP32C2 # HW max 3072 bits + default y if SOC_RSA_MAX_BIT_LEN <= 3072 # HW max 3072 bits default n help Fallback to software implementation for RSA key lengths From 102f8e961f1b1e61ee687b896f5609a2b7027ff6 Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Thu, 17 Mar 2022 15:12:28 +0530 Subject: [PATCH 3/8] esp-tls: use SOC capability macros instead of target names --- components/esp-tls/Kconfig | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/components/esp-tls/Kconfig b/components/esp-tls/Kconfig index 1c6911c69d..03db196e88 100644 --- a/components/esp-tls/Kconfig +++ b/components/esp-tls/Kconfig @@ -26,8 +26,7 @@ menu "ESP-TLS" config ESP_TLS_USE_DS_PERIPHERAL bool "Use Digital Signature (DS) Peripheral with ESP-TLS" - depends on (IDF_TARGET_ESP32C3 || IDF_TARGET_ESP32S2 || IDF_TARGET_ESP32H2 || IDF_TARGET_ESP32S3) - depends on ESP_TLS_USING_MBEDTLS + depends on ESP_TLS_USING_MBEDTLS && SOC_DIG_SIGN_SUPPORTED default y help Enable use of the Digital Signature Peripheral for ESP-TLS.The DS peripheral From 169430faf3b9a9bf387da8aa245f8bdca2d1eab8 Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Thu, 17 Mar 2022 15:12:57 +0530 Subject: [PATCH 4/8] docs/protocols: use SOC capability macros, instead of target names --- docs/en/api-reference/protocols/mbedtls.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/en/api-reference/protocols/mbedtls.rst b/docs/en/api-reference/protocols/mbedtls.rst index 563affe076..c704e98f7c 100644 --- a/docs/en/api-reference/protocols/mbedtls.rst +++ b/docs/en/api-reference/protocols/mbedtls.rst @@ -56,9 +56,9 @@ Following is a brief list of important config options accessible at ``Component - :ref:`CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS`: Support for TLS Session Resumption: Client session tickets - :ref:`CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS`: Support for TLS Session Resumption: Server session tickets - :ref:`CONFIG_MBEDTLS_HARDWARE_SHA`: Support for hardware SHA acceleration - :SOC_AES_SUPPORT_AES_128: - :ref:`CONFIG_MBEDTLS_HARDWARE_AES`: Support for hardware AES acceleration - :not esp32c2: - :ref:`CONFIG_MBEDTLS_HARDWARE_MPI`: Support for hardware MPI (bignum) acceleration - :esp32c2: - :ref:`CONFIG_MBEDTLS_HARDWARE_ECC`: Support for hardware ECC acceleration + :SOC_AES_SUPPORTED: - :ref:`CONFIG_MBEDTLS_HARDWARE_AES`: Support for hardware AES acceleration + :SOC_MPI_SUPPORTED: - :ref:`CONFIG_MBEDTLS_HARDWARE_MPI`: Support for hardware MPI (bignum) acceleration + :SOC_ECC_SUPPORTED: - :ref:`CONFIG_MBEDTLS_HARDWARE_ECC`: Support for hardware ECC acceleration .. note:: Mbed TLS v3.0.0 and later support only TLS 1.2 and TLS 1.3 (SSL 3.0, TLS 1.0, TLS 1.1 and DTLS 1.0 are not supported). The support for TLS 1.3 is experimental and only supports the client-side. More information about this can be found out `here `__. From 75eb97fc947422880247e4146914b59d75b8d8ee Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Fri, 18 Mar 2022 19:04:46 +0530 Subject: [PATCH 5/8] esp32c2: remove AES related configs, hardware AES not supported on this chip --- components/soc/esp32c2/include/soc/Kconfig.soc_caps.in | 8 -------- components/soc/esp32c2/include/soc/gdma_channel.h | 1 - components/soc/esp32c2/include/soc/soc_caps.h | 6 ------ 3 files changed, 15 deletions(-) diff --git a/components/soc/esp32c2/include/soc/Kconfig.soc_caps.in b/components/soc/esp32c2/include/soc/Kconfig.soc_caps.in index a9e9af69ba..8e6d8e6c56 100644 --- a/components/soc/esp32c2/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32c2/include/soc/Kconfig.soc_caps.in @@ -75,14 +75,6 @@ config SOC_ECC_SUPPORTED bool default y -config SOC_AES_SUPPORT_DMA - bool - default y - -config SOC_AES_GDMA - bool - default y - config SOC_ADC_DIG_CTRL_SUPPORTED bool default y diff --git a/components/soc/esp32c2/include/soc/gdma_channel.h b/components/soc/esp32c2/include/soc/gdma_channel.h index 1fc4dde9a0..1c84a35249 100644 --- a/components/soc/esp32c2/include/soc/gdma_channel.h +++ b/components/soc/esp32c2/include/soc/gdma_channel.h @@ -10,6 +10,5 @@ #define SOC_GDMA_TRIG_PERIPH_M2M0 (-1) #define SOC_GDMA_TRIG_PERIPH_SPI2 (0) #define SOC_GDMA_TRIG_PERIPH_UART0 (2) -#define SOC_GDMA_TRIG_PERIPH_AES0 (6) #define SOC_GDMA_TRIG_PERIPH_SHA0 (7) #define SOC_GDMA_TRIG_PERIPH_ADC0 (8) diff --git a/components/soc/esp32c2/include/soc/soc_caps.h b/components/soc/esp32c2/include/soc/soc_caps.h index 129a0f1501..aac652dadd 100644 --- a/components/soc/esp32c2/include/soc/soc_caps.h +++ b/components/soc/esp32c2/include/soc/soc_caps.h @@ -44,12 +44,6 @@ #define SOC_SHA_SUPPORTED 1 #define SOC_ECC_SUPPORTED 1 -/*-------------------------- AES CAPS -----------------------------------------*/ -#define SOC_AES_SUPPORT_DMA (1) - -/* Has a centralized DMA, which is shared with all peripherals */ -#define SOC_AES_GDMA (1) - /*-------------------------- ADC CAPS -------------------------------*/ /*!< SAR ADC Module*/ #define SOC_ADC_DIG_CTRL_SUPPORTED 1 From 0621a6f513477a6b4b288c560c59cbaef816c387 Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Fri, 18 Mar 2022 19:05:28 +0530 Subject: [PATCH 6/8] mbedtls: use soc capability macros in build CMakeLists --- components/mbedtls/CMakeLists.txt | 39 ++++++++++++++++++++++--------- 1 file changed, 28 insertions(+), 11 deletions(-) diff --git a/components/mbedtls/CMakeLists.txt b/components/mbedtls/CMakeLists.txt index 8df6680385..b2c79d46c2 100644 --- a/components/mbedtls/CMakeLists.txt +++ b/components/mbedtls/CMakeLists.txt @@ -110,18 +110,27 @@ endif() target_sources(mbedtls PRIVATE ${mbedtls_target_sources}) # Choose perihperal type -if(CONFIG_IDF_TARGET_ESP32) - set(SHA_PERIPHERAL_TYPE "parallel_engine") - set(AES_PERIPHERAL_TYPE "block") -else() - set(SHA_PERIPHERAL_TYPE "dma") - set(AES_PERIPHERAL_TYPE "dma") + +if(CONFIG_SOC_SHA_SUPPORTED) + if(CONFIG_SOC_SHA_SUPPORT_DMA) + set(SHA_PERIPHERAL_TYPE "dma") + else() + set(SHA_PERIPHERAL_TYPE "parallel_engine") + endif() +endif() + +if(CONFIG_SOC_AES_SUPPORTED) + if(CONFIG_SOC_AES_SUPPORT_DMA) + set(AES_PERIPHERAL_TYPE "dma") + else() + set(AES_PERIPHERAL_TYPE "block") + endif() endif() if(SHA_PERIPHERAL_TYPE STREQUAL "dma") target_include_directories(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/sha/dma/include") - if(CONFIG_IDF_TARGET_ESP32S2) + if(NOT CONFIG_SOC_SHA_GDMA) set(SHA_DMA_SRCS "${COMPONENT_DIR}/port/sha/dma/esp_sha_crypto_dma_impl.c") else() set(SHA_DMA_SRCS "${COMPONENT_DIR}/port/sha/dma/esp_sha_gdma_impl.c" @@ -132,7 +141,7 @@ endif() if(AES_PERIPHERAL_TYPE STREQUAL "dma") - if(CONFIG_IDF_TARGET_ESP32S2) + if(NOT CONFIG_SOC_AES_GDMA) set(AES_DMA_SRCS "${COMPONENT_DIR}/port/aes/dma/esp_aes_crypto_dma_impl.c") else() set(AES_DMA_SRCS "${COMPONENT_DIR}/port/aes/dma/esp_aes_gdma_impl.c") @@ -145,12 +154,20 @@ endif() target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/esp_hardware.c" "${COMPONENT_DIR}/port/esp_mem.c" "${COMPONENT_DIR}/port/esp_timing.c" - "${COMPONENT_DIR}/port/sha/esp_sha.c" - "${COMPONENT_DIR}/port/aes/esp_aes_xts.c" +) + +if(CONFIG_SOC_AES_SUPPORTED) + target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/aes/esp_aes_xts.c" "${COMPONENT_DIR}/port/aes/esp_aes_common.c" "${COMPONENT_DIR}/port/aes/${AES_PERIPHERAL_TYPE}/esp_aes.c" + ) +endif() + +if(CONFIG_SOC_SHA_SUPPORTED) + target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/sha/esp_sha.c" "${COMPONENT_DIR}/port/sha/${SHA_PERIPHERAL_TYPE}/sha.c" -) + ) +endif() # CONFIG_ESP_TLS_USE_DS_PERIPHERAL can be enabled only for the supported targets. if(CONFIG_ESP_TLS_USE_DS_PERIPHERAL) From f7fc3e2d88f938f9f79c3754b2499667116d4e3a Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Mon, 21 Mar 2022 10:42:40 +0530 Subject: [PATCH 7/8] esp_hw_support: cleanup crypto lock APIs for ESP32-C2 --- .../include/soc/esp32c2/esp_crypto_lock.h | 55 +------------- .../port/esp32c2/CMakeLists.txt | 1 - .../port/esp32c2/esp_crypto_lock.c | 71 ------------------- .../mbedtls/port/esp_ds/esp_rsa_sign_alt.c | 2 - 4 files changed, 3 insertions(+), 126 deletions(-) delete mode 100644 components/esp_hw_support/port/esp32c2/esp_crypto_lock.c diff --git a/components/esp_hw_support/include/soc/esp32c2/esp_crypto_lock.h b/components/esp_hw_support/include/soc/esp32c2/esp_crypto_lock.h index 1109610f37..0b39af1654 100644 --- a/components/esp_hw_support/include/soc/esp32c2/esp_crypto_lock.h +++ b/components/esp_hw_support/include/soc/esp32c2/esp_crypto_lock.h @@ -10,58 +10,9 @@ extern "C" { #endif -/** - * @brief Acquire lock for HMAC cryptography peripheral - * - * Internally also locks the SHA peripheral, as the HMAC depends on the SHA peripheral - */ -void esp_crypto_hmac_lock_acquire(void); - -/** - * @brief Release lock for HMAC cryptography peripheral - * - * Internally also releases the SHA peripheral, as the HMAC depends on the SHA peripheral - */ -void esp_crypto_hmac_lock_release(void); - -/** - * @brief Acquire lock for DS cryptography peripheral - * - * Internally also locks the HMAC (which locks SHA), AES and MPI peripheral, as the DS depends on these peripherals - */ -void esp_crypto_ds_lock_acquire(void); - -/** - * @brief Release lock for DS cryptography peripheral - * - * Internally also releases the HMAC (which locks SHA), AES and MPI peripheral, as the DS depends on these peripherals - */ -void esp_crypto_ds_lock_release(void); - -/** - * @brief Acquire lock for the SHA and AES cryptography peripheral. - * - */ -void esp_crypto_sha_aes_lock_acquire(void); - -/** - * @brief Release lock for the SHA and AES cryptography peripheral. - * - */ -void esp_crypto_sha_aes_lock_release(void); - - -/** - * @brief Acquire lock for the mpi cryptography peripheral. - * - */ -void esp_crypto_mpi_lock_acquire(void); - -/** - * @brief Release lock for the mpi/rsa cryptography peripheral. - * - */ -void esp_crypto_mpi_lock_release(void); +// Place-holder lock APIs as hardware AES is not supported in ESP32-C2 +static inline void esp_crypto_sha_aes_lock_acquire(void) {} +static inline void esp_crypto_sha_aes_lock_release(void) {} #ifdef __cplusplus } diff --git a/components/esp_hw_support/port/esp32c2/CMakeLists.txt b/components/esp_hw_support/port/esp32c2/CMakeLists.txt index 6e60b18e0b..f12789ce36 100644 --- a/components/esp_hw_support/port/esp32c2/CMakeLists.txt +++ b/components/esp_hw_support/port/esp32c2/CMakeLists.txt @@ -10,7 +10,6 @@ set(srcs "cpu_util_esp32c2.c" if(NOT BOOTLOADER_BUILD) list(APPEND srcs "../async_memcpy_impl_gdma.c" - "esp_crypto_lock.c" "dport_access.c") endif() diff --git a/components/esp_hw_support/port/esp32c2/esp_crypto_lock.c b/components/esp_hw_support/port/esp32c2/esp_crypto_lock.c deleted file mode 100644 index 33a9e33618..0000000000 --- a/components/esp_hw_support/port/esp32c2/esp_crypto_lock.c +++ /dev/null @@ -1,71 +0,0 @@ -/* - * SPDX-FileCopyrightText: 2015-2022 Espressif Systems (Shanghai) CO LTD - * - * SPDX-License-Identifier: Apache-2.0 - */ - -#include -#include -#include "esp_crypto_lock.h" - -/* Lock overview: -SHA: peripheral independent, but DMA is shared with AES -AES: peripheral independent, but DMA is shared with SHA -MPI/RSA: independent -HMAC: needs SHA -DS: needs HMAC (which needs SHA), AES and MPI -*/ - -#if 0 // TODO: IDF-4229 -/* Lock for DS peripheral */ -static _lock_t s_crypto_ds_lock; - -/* Lock for HMAC peripheral */ -static _lock_t s_crypto_hmac_lock; - -/* Lock for the MPI/RSA peripheral, also used by the DS peripheral */ -static _lock_t s_crypto_mpi_lock; - -/* Single lock for SHA and AES, sharing a reserved GDMA channel */ -static _lock_t s_crypto_sha_aes_lock; -#endif - -void esp_crypto_hmac_lock_acquire(void) -{ - abort(); // TODO: IDF-4229 -} - -void esp_crypto_hmac_lock_release(void) -{ - abort(); // TODO: IDF-4229 -} - -void esp_crypto_ds_lock_acquire(void) -{ - abort(); // TODO: IDF-4229 -} - -void esp_crypto_ds_lock_release(void) -{ - abort(); // TODO: IDF-4229 -} - -void esp_crypto_sha_aes_lock_acquire(void) -{ - abort(); // TODO: IDF-4229 -} - -void esp_crypto_sha_aes_lock_release(void) -{ - abort(); // TODO: IDF-4229 -} - -void esp_crypto_mpi_lock_acquire(void) -{ - abort(); // TODO: IDF-4229 -} - -void esp_crypto_mpi_lock_release(void) -{ - abort(); // TODO: IDF-4229 -} diff --git a/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c b/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c index 0bf520fe7c..a6f9f0cde1 100644 --- a/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c +++ b/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c @@ -15,8 +15,6 @@ #include "esp32h2/rom/digital_signature.h" #elif CONFIG_IDF_TARGET_ESP32S3 #include "esp32s3/rom/digital_signature.h" -#elif CONFIG_IDF_TARGET_ESP32C2 -#include "esp32c2/rom/digital_signature.h" #else #error "Selected target does not support esp_rsa_sign_alt (for DS)" #endif From 3af2d152161fbf28497f69fbd016dcd667126d39 Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Mon, 21 Mar 2022 15:15:14 +0530 Subject: [PATCH 8/8] mbedtls: Fix build failures for ESP32-C2 with hardware SHA Clean support for SHA peripheral will appear with IDF-3830 --- components/mbedtls/CMakeLists.txt | 12 ++++++------ components/mbedtls/Kconfig | 2 +- .../soc/esp32c2/include/soc/Kconfig.soc_caps.in | 2 +- components/soc/esp32c2/include/soc/soc_caps.h | 2 +- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/components/mbedtls/CMakeLists.txt b/components/mbedtls/CMakeLists.txt index b2c79d46c2..59dd98879a 100644 --- a/components/mbedtls/CMakeLists.txt +++ b/components/mbedtls/CMakeLists.txt @@ -133,8 +133,8 @@ if(SHA_PERIPHERAL_TYPE STREQUAL "dma") if(NOT CONFIG_SOC_SHA_GDMA) set(SHA_DMA_SRCS "${COMPONENT_DIR}/port/sha/dma/esp_sha_crypto_dma_impl.c") else() - set(SHA_DMA_SRCS "${COMPONENT_DIR}/port/sha/dma/esp_sha_gdma_impl.c" - "${COMPONENT_DIR}/port/crypto_shared_gdma/esp_crypto_shared_gdma.c") + set(SHA_DMA_SRCS "${COMPONENT_DIR}/port/sha/dma/esp_sha_gdma_impl.c") + endif() target_sources(mbedcrypto PRIVATE "${SHA_DMA_SRCS}") endif() @@ -144,7 +144,8 @@ if(AES_PERIPHERAL_TYPE STREQUAL "dma") if(NOT CONFIG_SOC_AES_GDMA) set(AES_DMA_SRCS "${COMPONENT_DIR}/port/aes/dma/esp_aes_crypto_dma_impl.c") else() - set(AES_DMA_SRCS "${COMPONENT_DIR}/port/aes/dma/esp_aes_gdma_impl.c") + set(AES_DMA_SRCS "${COMPONENT_DIR}/port/aes/dma/esp_aes_gdma_impl.c" + "${COMPONENT_DIR}/port/crypto_shared_gdma/esp_crypto_shared_gdma.c") endif() target_include_directories(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/aes/dma/include") @@ -154,6 +155,7 @@ endif() target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/esp_hardware.c" "${COMPONENT_DIR}/port/esp_mem.c" "${COMPONENT_DIR}/port/esp_timing.c" + "${COMPONENT_DIR}/port/sha/esp_sha.c" ) if(CONFIG_SOC_AES_SUPPORTED) @@ -164,9 +166,7 @@ if(CONFIG_SOC_AES_SUPPORTED) endif() if(CONFIG_SOC_SHA_SUPPORTED) - target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/sha/esp_sha.c" - "${COMPONENT_DIR}/port/sha/${SHA_PERIPHERAL_TYPE}/sha.c" - ) + target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/sha/${SHA_PERIPHERAL_TYPE}/sha.c") endif() # CONFIG_ESP_TLS_USE_DS_PERIPHERAL can be enabled only for the supported targets. diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig index c060d45d72..4800211f43 100644 --- a/components/mbedtls/Kconfig +++ b/components/mbedtls/Kconfig @@ -401,7 +401,7 @@ menu "mbedTLS" config MBEDTLS_HARDWARE_SHA bool "Enable hardware SHA acceleration" default y - depends on !SPIRAM_CACHE_WORKAROUND_STRATEGY_DUPLDST + depends on !SPIRAM_CACHE_WORKAROUND_STRATEGY_DUPLDST && SOC_SHA_SUPPORTED help Enable hardware accelerated SHA1, SHA256, SHA384 & SHA512 in mbedTLS. diff --git a/components/soc/esp32c2/include/soc/Kconfig.soc_caps.in b/components/soc/esp32c2/include/soc/Kconfig.soc_caps.in index 8e6d8e6c56..0343113898 100644 --- a/components/soc/esp32c2/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32c2/include/soc/Kconfig.soc_caps.in @@ -69,7 +69,7 @@ config SOC_FLASH_ENCRYPTION_XTS_AES config SOC_SHA_SUPPORTED bool - default y + default n config SOC_ECC_SUPPORTED bool diff --git a/components/soc/esp32c2/include/soc/soc_caps.h b/components/soc/esp32c2/include/soc/soc_caps.h index aac652dadd..f59ed617f0 100644 --- a/components/soc/esp32c2/include/soc/soc_caps.h +++ b/components/soc/esp32c2/include/soc/soc_caps.h @@ -41,7 +41,7 @@ #define SOC_RTC_SLOW_MEM_SUPPORTED 0 #define SOC_SUPPORT_SECURE_BOOT_REVOKE_KEY 0 #define SOC_FLASH_ENCRYPTION_XTS_AES 1 -#define SOC_SHA_SUPPORTED 1 +#define SOC_SHA_SUPPORTED 0 // This will be enabled with IDF-3830 #define SOC_ECC_SUPPORTED 1 /*-------------------------- ADC CAPS -------------------------------*/