Merge branch 'feature/crypto_peripherals_caps' into 'master'

soc: add capability macros for crypto peripherals

Closes IDF-4790 and IDF-4229

See merge request espressif/esp-idf!17516

components/esp-tls/Kconfig

@@ -26,8 +26,7 @@ menu "ESP-TLS"
 
     config ESP_TLS_USE_DS_PERIPHERAL
         bool "Use Digital Signature (DS) Peripheral with ESP-TLS"
-        depends on (IDF_TARGET_ESP32C3 || IDF_TARGET_ESP32S2 || IDF_TARGET_ESP32H2 || IDF_TARGET_ESP32S3)
+        depends on ESP_TLS_USING_MBEDTLS && SOC_DIG_SIGN_SUPPORTED
-        depends on ESP_TLS_USING_MBEDTLS
         default y
         help
             Enable use of the Digital Signature Peripheral for ESP-TLS.The DS peripheral

components/esp_hw_support/include/soc/esp32c2/esp_crypto_lock.h

@@ -10,58 +10,9 @@
 extern "C" {
 #endif
 
-/**
+// Place-holder lock APIs as hardware AES is not supported in ESP32-C2
- * @brief Acquire lock for HMAC cryptography peripheral
+static inline void esp_crypto_sha_aes_lock_acquire(void) {}
- *
+static inline void esp_crypto_sha_aes_lock_release(void) {}
- * Internally also locks the SHA peripheral, as the HMAC depends on the SHA peripheral
- */
-void esp_crypto_hmac_lock_acquire(void);
-
-/**
- * @brief Release lock for HMAC cryptography peripheral
- *
- * Internally also releases the SHA peripheral, as the HMAC depends on the SHA peripheral
- */
-void esp_crypto_hmac_lock_release(void);
-
-/**
- * @brief Acquire lock for DS cryptography peripheral
- *
- * Internally also locks the HMAC (which locks SHA), AES and MPI  peripheral, as the DS depends on these peripherals
- */
-void esp_crypto_ds_lock_acquire(void);
-
-/**
- * @brief Release lock for DS cryptography peripheral
- *
- * Internally also releases the HMAC (which locks SHA), AES and MPI  peripheral, as the DS depends on these peripherals
- */
-void esp_crypto_ds_lock_release(void);
-
-/**
- * @brief Acquire lock for the SHA and AES cryptography peripheral.
- *
- */
-void esp_crypto_sha_aes_lock_acquire(void);
-
-/**
- * @brief Release lock for the SHA and AES cryptography peripheral.
- *
- */
-void esp_crypto_sha_aes_lock_release(void);
-
-
-/**
- * @brief Acquire lock for the mpi cryptography peripheral.
- *
- */
-void esp_crypto_mpi_lock_acquire(void);
-
-/**
- * @brief Release lock for the mpi/rsa cryptography peripheral.
- *
- */
-void esp_crypto_mpi_lock_release(void);
 
 #ifdef __cplusplus
 }

components/esp_hw_support/port/esp32c2/CMakeLists.txt

@@ -10,7 +10,6 @@ set(srcs "cpu_util_esp32c2.c"
 
 if(NOT BOOTLOADER_BUILD)
     list(APPEND srcs "../async_memcpy_impl_gdma.c"
-                     "esp_crypto_lock.c"
                      "dport_access.c")
 endif()
 

components/esp_hw_support/port/esp32c2/esp_crypto_lock.c

@@ -1,71 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2015-2022 Espressif Systems (Shanghai) CO LTD
- *
- * SPDX-License-Identifier: Apache-2.0
- */
-
-#include <sys/lock.h>
-#include <stdlib.h>
-#include "esp_crypto_lock.h"
-
-/* Lock overview:
-SHA: peripheral independent, but DMA is shared with AES
-AES: peripheral independent, but DMA is shared with SHA
-MPI/RSA: independent
-HMAC: needs SHA
-DS: needs HMAC (which needs SHA), AES and MPI
-*/
-
-#if 0 // TODO: IDF-4229
-/* Lock for DS peripheral */
-static _lock_t s_crypto_ds_lock;
-
-/* Lock for HMAC peripheral */
-static _lock_t s_crypto_hmac_lock;
-
-/* Lock for the MPI/RSA peripheral, also used by the DS peripheral */
-static _lock_t s_crypto_mpi_lock;
-
-/* Single lock for SHA and AES, sharing a reserved GDMA channel */
-static _lock_t s_crypto_sha_aes_lock;
-#endif
-
-void esp_crypto_hmac_lock_acquire(void)
-{
-    abort(); // TODO: IDF-4229
-}
-
-void esp_crypto_hmac_lock_release(void)
-{
-    abort(); // TODO: IDF-4229
-}
-
-void esp_crypto_ds_lock_acquire(void)
-{
-    abort(); // TODO: IDF-4229
-}
-
-void esp_crypto_ds_lock_release(void)
-{
-    abort(); // TODO: IDF-4229
-}
-
-void esp_crypto_sha_aes_lock_acquire(void)
-{
-    abort(); // TODO: IDF-4229
-}
-
-void esp_crypto_sha_aes_lock_release(void)
-{
-    abort(); // TODO: IDF-4229
-}
-
-void esp_crypto_mpi_lock_acquire(void)
-{
-    abort(); // TODO: IDF-4229
-}
-
-void esp_crypto_mpi_lock_release(void)
-{
-    abort(); // TODO: IDF-4229
-}

components/mbedtls/CMakeLists.txt

@@ -110,32 +110,42 @@ endif()
 target_sources(mbedtls PRIVATE ${mbedtls_target_sources})
 
 # Choose perihperal type
-if(CONFIG_IDF_TARGET_ESP32)
+
-    set(SHA_PERIPHERAL_TYPE "parallel_engine")
+if(CONFIG_SOC_SHA_SUPPORTED)
-    set(AES_PERIPHERAL_TYPE "block")
+    if(CONFIG_SOC_SHA_SUPPORT_DMA)
-else()
         set(SHA_PERIPHERAL_TYPE "dma")
+    else()
+        set(SHA_PERIPHERAL_TYPE "parallel_engine")
+    endif()
+endif()
+
+if(CONFIG_SOC_AES_SUPPORTED)
+    if(CONFIG_SOC_AES_SUPPORT_DMA)
         set(AES_PERIPHERAL_TYPE "dma")
+    else()
+        set(AES_PERIPHERAL_TYPE "block")
+    endif()
 endif()
 
 if(SHA_PERIPHERAL_TYPE STREQUAL "dma")
     target_include_directories(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/sha/dma/include")
 
-    if(CONFIG_IDF_TARGET_ESP32S2)
+    if(NOT CONFIG_SOC_SHA_GDMA)
         set(SHA_DMA_SRCS "${COMPONENT_DIR}/port/sha/dma/esp_sha_crypto_dma_impl.c")
     else()
-        set(SHA_DMA_SRCS "${COMPONENT_DIR}/port/sha/dma/esp_sha_gdma_impl.c"
+        set(SHA_DMA_SRCS "${COMPONENT_DIR}/port/sha/dma/esp_sha_gdma_impl.c")
-                         "${COMPONENT_DIR}/port/crypto_shared_gdma/esp_crypto_shared_gdma.c")
+
     endif()
     target_sources(mbedcrypto PRIVATE  "${SHA_DMA_SRCS}")
 endif()
 
 if(AES_PERIPHERAL_TYPE STREQUAL "dma")
 
-    if(CONFIG_IDF_TARGET_ESP32S2)
+    if(NOT CONFIG_SOC_AES_GDMA)
         set(AES_DMA_SRCS "${COMPONENT_DIR}/port/aes/dma/esp_aes_crypto_dma_impl.c")
     else()
-        set(AES_DMA_SRCS "${COMPONENT_DIR}/port/aes/dma/esp_aes_gdma_impl.c")
+        set(AES_DMA_SRCS "${COMPONENT_DIR}/port/aes/dma/esp_aes_gdma_impl.c"
+                         "${COMPONENT_DIR}/port/crypto_shared_gdma/esp_crypto_shared_gdma.c")
     endif()
 
     target_include_directories(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/aes/dma/include")
@@ -146,11 +156,18 @@ target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/esp_hardware.c"
                                   "${COMPONENT_DIR}/port/esp_mem.c"
                                   "${COMPONENT_DIR}/port/esp_timing.c"
                                   "${COMPONENT_DIR}/port/sha/esp_sha.c"
-                                  "${COMPONENT_DIR}/port/aes/esp_aes_xts.c"
+)
+
+if(CONFIG_SOC_AES_SUPPORTED)
+    target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/aes/esp_aes_xts.c"
                                   "${COMPONENT_DIR}/port/aes/esp_aes_common.c"
                                   "${COMPONENT_DIR}/port/aes/${AES_PERIPHERAL_TYPE}/esp_aes.c"
-                                  "${COMPONENT_DIR}/port/sha/${SHA_PERIPHERAL_TYPE}/sha.c"
     )
+endif()
+
+if(CONFIG_SOC_SHA_SUPPORTED)
+    target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/sha/${SHA_PERIPHERAL_TYPE}/sha.c")
+endif()
 
 # CONFIG_ESP_TLS_USE_DS_PERIPHERAL can be enabled only for the supported targets.
 if(CONFIG_ESP_TLS_USE_DS_PERIPHERAL)

components/mbedtls/Kconfig

@@ -347,7 +347,7 @@ menu "mbedTLS"
     config MBEDTLS_HARDWARE_AES
         bool "Enable hardware AES acceleration"
         default y
-        depends on !SPIRAM_CACHE_WORKAROUND_STRATEGY_DUPLDST && !IDF_TARGET_ESP32C2
+        depends on !SPIRAM_CACHE_WORKAROUND_STRATEGY_DUPLDST && SOC_AES_SUPPORTED
         help
             Enable hardware accelerated AES encryption & decryption.
 
@@ -366,7 +366,7 @@ menu "mbedTLS"
 
     config MBEDTLS_HARDWARE_GCM
         bool "Enable partially hardware accelerated GCM"
-        depends on IDF_TARGET_ESP32S2 && MBEDTLS_HARDWARE_AES
+        depends on SOC_AES_SUPPORT_GCM && MBEDTLS_HARDWARE_AES
         default y
         help
             Enable partially hardware accelerated GCM. GHASH calculation is still done
@@ -379,7 +379,7 @@ menu "mbedTLS"
     config MBEDTLS_HARDWARE_MPI
         bool "Enable hardware MPI (bignum) acceleration"
         default y
-        depends on !SPIRAM_CACHE_WORKAROUND_STRATEGY_DUPLDST && !IDF_TARGET_ESP32C2
+        depends on !SPIRAM_CACHE_WORKAROUND_STRATEGY_DUPLDST && SOC_MPI_SUPPORTED
         help
             Enable hardware accelerated multiple precision integer operations.
 
@@ -401,7 +401,7 @@ menu "mbedTLS"
     config MBEDTLS_HARDWARE_SHA
         bool "Enable hardware SHA acceleration"
         default y
-        depends on !SPIRAM_CACHE_WORKAROUND_STRATEGY_DUPLDST
+        depends on !SPIRAM_CACHE_WORKAROUND_STRATEGY_DUPLDST && SOC_SHA_SUPPORTED
         help
             Enable hardware accelerated SHA1, SHA256, SHA384 & SHA512 in mbedTLS.
 
@@ -1001,7 +1001,7 @@ menu "mbedTLS"
     config MBEDTLS_LARGE_KEY_SOFTWARE_MPI
         bool "Fallback to software implementation for larger MPI values"
         depends on MBEDTLS_HARDWARE_MPI
-        default y if IDF_TARGET_ESP32C3 || IDF_TARGET_ESP32H2 || IDF_TARGET_ESP32C2  # HW max 3072 bits
+        default y if SOC_RSA_MAX_BIT_LEN <= 3072 # HW max 3072 bits
         default n
         help
             Fallback to software implementation for RSA key lengths

components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c

@@ -15,8 +15,6 @@
 #include "esp32h2/rom/digital_signature.h"
 #elif CONFIG_IDF_TARGET_ESP32S3
 #include "esp32s3/rom/digital_signature.h"
-#elif CONFIG_IDF_TARGET_ESP32C2
-#include "esp32c2/rom/digital_signature.h"
 #else
 #error   "Selected target does not support esp_rsa_sign_alt (for DS)"
 #endif

components/soc/esp32/include/soc/Kconfig.soc_caps.in

@@ -103,6 +103,18 @@ config SOC_SUPPORT_COEXISTENCE
     bool
     default y
 
+config SOC_AES_SUPPORTED
+    bool
+    default y
+
+config SOC_MPI_SUPPORTED
+    bool
+    default y
+
+config SOC_SHA_SUPPORTED
+    bool
+    default y
+
 config SOC_ADC_RTC_CTRL_SUPPORTED
     bool
     default y

components/soc/esp32/include/soc/soc_caps.h

@@ -85,6 +85,9 @@
 #define SOC_RMT_SUPPORTED           1
 #define SOC_SIGMADELTA_SUPPORTED    1
 #define SOC_SUPPORT_COEXISTENCE     1
+#define SOC_AES_SUPPORTED           1
+#define SOC_MPI_SUPPORTED           1
+#define SOC_SHA_SUPPORTED           1
 
 
 /*-------------------------- ADC CAPS ----------------------------------------*/

components/soc/esp32c2/include/soc/Kconfig.soc_caps.in

@@ -31,10 +31,6 @@ config SOC_ASYNC_MEMCPY_SUPPORTED
     bool
     default y
 
-config SOC_ECC_SUPPORTED
-    bool
-    default y
-
 config SOC_SUPPORTS_SECURE_DL_MODE
     bool
     default y
@@ -71,11 +67,11 @@ config SOC_FLASH_ENCRYPTION_XTS_AES
     bool
     default y
 
-config SOC_AES_SUPPORT_DMA
+config SOC_SHA_SUPPORTED
     bool
-    default y
+    default n
 
-config SOC_AES_GDMA
+config SOC_ECC_SUPPORTED
     bool
     default y
 

components/soc/esp32c2/include/soc/gdma_channel.h

@@ -10,6 +10,5 @@
 #define SOC_GDMA_TRIG_PERIPH_M2M0    (-1)
 #define SOC_GDMA_TRIG_PERIPH_SPI2    (0)
 #define SOC_GDMA_TRIG_PERIPH_UART0   (2)
-#define SOC_GDMA_TRIG_PERIPH_AES0    (6)
 #define SOC_GDMA_TRIG_PERIPH_SHA0    (7)
 #define SOC_GDMA_TRIG_PERIPH_ADC0    (8)

components/soc/esp32c2/include/soc/soc_caps.h

@@ -32,7 +32,6 @@
 #define SOC_BT_SUPPORTED                0 // Enable during bringup, IDF-4357
 #define SOC_WIFI_SUPPORTED              0 // Enable during bringup, IDF-3905
 #define SOC_ASYNC_MEMCPY_SUPPORTED      1
-#define SOC_ECC_SUPPORTED               1
 #define SOC_SUPPORTS_SECURE_DL_MODE     1
 #define SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS 1
 #define SOC_EFUSE_REVOKE_BOOT_KEY_DIGESTS 0
@@ -42,12 +41,8 @@
 #define SOC_RTC_SLOW_MEM_SUPPORTED      0
 #define SOC_SUPPORT_SECURE_BOOT_REVOKE_KEY             0
 #define SOC_FLASH_ENCRYPTION_XTS_AES    1
-
+#define SOC_SHA_SUPPORTED               0 // This will be enabled with IDF-3830
-/*-------------------------- AES CAPS -----------------------------------------*/
+#define SOC_ECC_SUPPORTED               1
-#define SOC_AES_SUPPORT_DMA     (1)
-
-/* Has a centralized DMA, which is shared with all peripherals */
-#define SOC_AES_GDMA            (1)
 
 /*-------------------------- ADC CAPS -------------------------------*/
 /*!< SAR ADC Module*/

components/soc/esp32c3/include/soc/Kconfig.soc_caps.in

@@ -31,14 +31,6 @@ config SOC_BLUEDROID_SUPPORTED
     bool
     default y
 
-config SOC_DIG_SIGN_SUPPORTED
-    bool
-    default y
-
-config SOC_HMAC_SUPPORTED
-    bool
-    default y
-
 config SOC_ASYNC_MEMCPY_SUPPORTED
     bool
     default y
@@ -107,6 +99,26 @@ config SOC_SUPPORT_COEXISTENCE
     bool
     default y
 
+config SOC_AES_SUPPORTED
+    bool
+    default y
+
+config SOC_MPI_SUPPORTED
+    bool
+    default y
+
+config SOC_SHA_SUPPORTED
+    bool
+    default y
+
+config SOC_HMAC_SUPPORTED
+    bool
+    default y
+
+config SOC_DIG_SIGN_SUPPORTED
+    bool
+    default y
+
 config SOC_AES_SUPPORT_DMA
     bool
     default y

components/soc/esp32c3/include/soc/soc_caps.h

@@ -32,8 +32,6 @@
 #define SOC_TWAI_SUPPORTED              1
 #define SOC_BT_SUPPORTED                1
 #define SOC_BLUEDROID_SUPPORTED		1
-#define SOC_DIG_SIGN_SUPPORTED          1
-#define SOC_HMAC_SUPPORTED              1
 #define SOC_ASYNC_MEMCPY_SUPPORTED      1
 #define SOC_USB_SERIAL_JTAG_SUPPORTED   1
 #define SOC_TEMP_SENSOR_SUPPORTED       1
@@ -51,6 +49,11 @@
 #define SOC_RMT_SUPPORTED               1
 #define SOC_SIGMADELTA_SUPPORTED        1
 #define SOC_SUPPORT_COEXISTENCE         1
+#define SOC_AES_SUPPORTED               1
+#define SOC_MPI_SUPPORTED               1
+#define SOC_SHA_SUPPORTED               1
+#define SOC_HMAC_SUPPORTED              1
+#define SOC_DIG_SIGN_SUPPORTED          1
 
 /*-------------------------- AES CAPS -----------------------------------------*/
 #define SOC_AES_SUPPORT_DMA     (1)

components/soc/esp32h2/include/soc/Kconfig.soc_caps.in

@@ -35,14 +35,6 @@ config SOC_ESP_NIMBLE_CONTROLLER
     bool
     default y
 
-config SOC_DIG_SIGN_SUPPORTED
-    bool
-    default y
-
-config SOC_HMAC_SUPPORTED
-    bool
-    default y
-
 config SOC_ASYNC_MEMCPY_SUPPORTED
     bool
     default y
@@ -91,6 +83,30 @@ config SOC_SIGMADELTA_SUPPORTED
     bool
     default y
 
+config SOC_AES_SUPPORTED
+    bool
+    default y
+
+config SOC_MPI_SUPPORTED
+    bool
+    default y
+
+config SOC_SHA_SUPPORTED
+    bool
+    default y
+
+config SOC_HMAC_SUPPORTED
+    bool
+    default y
+
+config SOC_DIG_SIGN_SUPPORTED
+    bool
+    default y
+
+config SOC_ECC_SUPPORTED
+    bool
+    default n
+
 config SOC_AES_SUPPORT_DMA
     bool
     default y

components/soc/esp32h2/include/soc/soc_caps.h

@@ -41,8 +41,6 @@
 #define SOC_BT_SUPPORTED                1
 #define SOC_BLUEDROID_SUPPORTED                0
 #define SOC_ESP_NIMBLE_CONTROLLER	1
-#define SOC_DIG_SIGN_SUPPORTED          1
-#define SOC_HMAC_SUPPORTED              1
 #define SOC_ASYNC_MEMCPY_SUPPORTED      1
 #define SOC_USB_SERIAL_JTAG_SUPPORTED   1
 #define SOC_SUPPORTS_SECURE_DL_MODE         1
@@ -55,7 +53,12 @@
 #define SOC_I2S_SUPPORTED               1
 #define SOC_RMT_SUPPORTED               1
 #define SOC_SIGMADELTA_SUPPORTED        1
-
+#define SOC_AES_SUPPORTED               1
+#define SOC_MPI_SUPPORTED               1
+#define SOC_SHA_SUPPORTED               1
+#define SOC_HMAC_SUPPORTED              1
+#define SOC_DIG_SIGN_SUPPORTED          1
+#define SOC_ECC_SUPPORTED               0 // This will be enabled with IDF-3397
 
 /*-------------------------- AES CAPS -----------------------------------------*/
 #define SOC_AES_SUPPORT_DMA     (1)

components/soc/esp32s2/include/soc/Kconfig.soc_caps.in

@@ -55,14 +55,6 @@ config SOC_CCOMP_TIMER_SUPPORTED
     bool
     default y
 
-config SOC_DIG_SIGN_SUPPORTED
-    bool
-    default y
-
-config SOC_HMAC_SUPPORTED
-    bool
-    default y
-
 config SOC_ASYNC_MEMCPY_SUPPORTED
     bool
     default y
@@ -131,6 +123,26 @@ config SOC_SUPPORT_COEXISTENCE
     bool
     default n
 
+config SOC_AES_SUPPORTED
+    bool
+    default y
+
+config SOC_MPI_SUPPORTED
+    bool
+    default y
+
+config SOC_SHA_SUPPORTED
+    bool
+    default y
+
+config SOC_HMAC_SUPPORTED
+    bool
+    default y
+
+config SOC_DIG_SIGN_SUPPORTED
+    bool
+    default y
+
 config SOC_ADC_RTC_CTRL_SUPPORTED
     bool
     default y

components/soc/esp32s2/include/soc/soc_caps.h

@@ -52,8 +52,6 @@
 #define SOC_WIFI_SUPPORTED              1
 #define SOC_ULP_SUPPORTED               1
 #define SOC_CCOMP_TIMER_SUPPORTED       1
-#define SOC_DIG_SIGN_SUPPORTED          1
-#define SOC_HMAC_SUPPORTED              1
 #define SOC_ASYNC_MEMCPY_SUPPORTED      1
 #define SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS   3
 #define SOC_EFUSE_REVOKE_BOOT_KEY_DIGESTS   1
@@ -71,6 +69,11 @@
 #define SOC_RMT_SUPPORTED               1
 #define SOC_SIGMADELTA_SUPPORTED        1
 #define SOC_SUPPORT_COEXISTENCE         0
+#define SOC_AES_SUPPORTED               1
+#define SOC_MPI_SUPPORTED               1
+#define SOC_SHA_SUPPORTED               1
+#define SOC_HMAC_SUPPORTED              1
+#define SOC_DIG_SIGN_SUPPORTED          1
 
 
 /*-------------------------- ADC CAPS ----------------------------------------*/

components/soc/esp32s3/include/soc/Kconfig.soc_caps.in

@@ -127,14 +127,6 @@ config SOC_CCOMP_TIMER_SUPPORTED
     bool
     default y
 
-config SOC_DIG_SIGN_SUPPORTED
-    bool
-    default y
-
-config SOC_HMAC_SUPPORTED
-    bool
-    default y
-
 config SOC_ASYNC_MEMCPY_SUPPORTED
     bool
     default y
@@ -207,6 +199,26 @@ config SOC_TEMP_SENSOR_SUPPORTED
     bool
     default y
 
+config SOC_AES_SUPPORTED
+    bool
+    default y
+
+config SOC_MPI_SUPPORTED
+    bool
+    default y
+
+config SOC_SHA_SUPPORTED
+    bool
+    default y
+
+config SOC_HMAC_SUPPORTED
+    bool
+    default y
+
+config SOC_DIG_SIGN_SUPPORTED
+    bool
+    default y
+
 config SOC_APPCPU_HAS_CLOCK_GATING_BUG
     bool
     default y

components/soc/esp32s3/include/soc/soc_caps.h

@@ -42,8 +42,6 @@
 #define SOC_USB_OTG_SUPPORTED           1
 #define SOC_USB_SERIAL_JTAG_SUPPORTED   1
 #define SOC_CCOMP_TIMER_SUPPORTED       1
-#define SOC_DIG_SIGN_SUPPORTED          1
-#define SOC_HMAC_SUPPORTED              1
 #define SOC_ASYNC_MEMCPY_SUPPORTED      1
 #define SOC_SUPPORTS_SECURE_DL_MODE     1
 #define SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS 3
@@ -62,6 +60,12 @@
 #define SOC_SIGMADELTA_SUPPORTED        1
 #define SOC_SUPPORT_COEXISTENCE         1
 #define SOC_TEMP_SENSOR_SUPPORTED           1
+#define SOC_AES_SUPPORTED               1
+#define SOC_MPI_SUPPORTED               1
+#define SOC_SHA_SUPPORTED               1
+#define SOC_HMAC_SUPPORTED              1
+#define SOC_DIG_SIGN_SUPPORTED          1
+
 
 /*-------------------------- SOC CAPS ----------------------------------------*/
 #define SOC_APPCPU_HAS_CLOCK_GATING_BUG (1)

docs/en/api-reference/protocols/mbedtls.rst

@@ -56,9 +56,9 @@ Following is a brief list of important config options accessible at ``Component
     - :ref:`CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS`: Support for TLS Session Resumption: Client session tickets
     - :ref:`CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS`: Support for TLS Session Resumption: Server session tickets
     - :ref:`CONFIG_MBEDTLS_HARDWARE_SHA`: Support for hardware SHA acceleration
-    :SOC_AES_SUPPORT_AES_128: - :ref:`CONFIG_MBEDTLS_HARDWARE_AES`: Support for hardware AES acceleration
+    :SOC_AES_SUPPORTED: - :ref:`CONFIG_MBEDTLS_HARDWARE_AES`: Support for hardware AES acceleration
-    :not esp32c2: - :ref:`CONFIG_MBEDTLS_HARDWARE_MPI`: Support for hardware MPI (bignum) acceleration
+    :SOC_MPI_SUPPORTED: - :ref:`CONFIG_MBEDTLS_HARDWARE_MPI`: Support for hardware MPI (bignum) acceleration
-    :esp32c2: - :ref:`CONFIG_MBEDTLS_HARDWARE_ECC`: Support for hardware ECC acceleration
+    :SOC_ECC_SUPPORTED: - :ref:`CONFIG_MBEDTLS_HARDWARE_ECC`: Support for hardware ECC acceleration
 
 .. note:: Mbed TLS v3.0.0 and later support only TLS 1.2 and TLS 1.3 (SSL 3.0, TLS 1.0, TLS 1.1 and DTLS 1.0 are not supported). The support for TLS 1.3 is experimental and only supports the client-side. More information about this can be found out `here <https://github.com/espressif/mbedtls/blob/9bb5effc3298265f829878825d9bd38478e67514/docs/architecture/tls13-support.md>`__.