From e7a76ff71e3143ca28144a5b853b2fc517c7b45e Mon Sep 17 00:00:00 2001 From: "harshal.patil" Date: Tue, 29 Apr 2025 15:04:51 +0530 Subject: [PATCH 1/2] feat(soc): Update ESP32-C5 ECO2 to support SHA512 --- .../esp_rom/esp32c5/include/esp32c5/rom/sha.h | 7 ++++++- components/hal/esp32c5/include/hal/sha_ll.h | 21 ++++++++++++++++++- .../esp32c5/include/soc/Kconfig.soc_caps.in | 20 ++++++++++++++++++ components/soc/esp32c5/include/soc/soc_caps.h | 5 +++++ 4 files changed, 51 insertions(+), 2 deletions(-) diff --git a/components/esp_rom/esp32c5/include/esp32c5/rom/sha.h b/components/esp_rom/esp32c5/include/esp32c5/rom/sha.h index d96cac8448..be03f8ab10 100644 --- a/components/esp_rom/esp32c5/include/esp32c5/rom/sha.h +++ b/components/esp_rom/esp32c5/include/esp32c5/rom/sha.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2022-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -18,6 +18,11 @@ typedef enum { SHA1 = 0, SHA2_224, SHA2_256, + SHA2_384, + SHA2_512, + SHA2_512224, + SHA2_512256, + SHA2_512T, SHA_TYPE_MAX } SHA_TYPE; diff --git a/components/hal/esp32c5/include/hal/sha_ll.h b/components/hal/esp32c5/include/hal/sha_ll.h index 807391731e..05c8ac445e 100644 --- a/components/hal/esp32c5/include/hal/sha_ll.h +++ b/components/hal/esp32c5/include/hal/sha_ll.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2024-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -168,6 +168,25 @@ static inline void sha_ll_write_digest(esp_sha_type sha_type, void *digest_state } } +/** + * @brief Sets SHA512_t T_string parameter + * + * @param t_string T_string parameter + */ +static inline void sha_ll_t_string_set(uint32_t t_string) +{ + REG_WRITE(SHA_T_STRING_REG, t_string); +} + +/** + * @brief Sets SHA512_t T_string parameter's length + * + * @param t_len T_string parameter length + */ +static inline void sha_ll_t_len_set(uint8_t t_len) +{ + REG_WRITE(SHA_T_LENGTH_REG, t_len); +} #ifdef __cplusplus } diff --git a/components/soc/esp32c5/include/soc/Kconfig.soc_caps.in b/components/soc/esp32c5/include/soc/Kconfig.soc_caps.in index 429cb4be1c..03b766da04 100644 --- a/components/soc/esp32c5/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32c5/include/soc/Kconfig.soc_caps.in @@ -1063,6 +1063,26 @@ config SOC_SHA_SUPPORT_SHA256 bool default y +config SOC_SHA_SUPPORT_SHA384 + bool + default y + +config SOC_SHA_SUPPORT_SHA512 + bool + default y + +config SOC_SHA_SUPPORT_SHA512_224 + bool + default y + +config SOC_SHA_SUPPORT_SHA512_256 + bool + default y + +config SOC_SHA_SUPPORT_SHA512_T + bool + default y + config SOC_ECC_CONSTANT_TIME_POINT_MUL bool default y diff --git a/components/soc/esp32c5/include/soc/soc_caps.h b/components/soc/esp32c5/include/soc/soc_caps.h index 4243c755e2..4e469989dd 100644 --- a/components/soc/esp32c5/include/soc/soc_caps.h +++ b/components/soc/esp32c5/include/soc/soc_caps.h @@ -420,6 +420,11 @@ #define SOC_SHA_SUPPORT_SHA1 (1) #define SOC_SHA_SUPPORT_SHA224 (1) #define SOC_SHA_SUPPORT_SHA256 (1) +#define SOC_SHA_SUPPORT_SHA384 (1) +#define SOC_SHA_SUPPORT_SHA512 (1) +#define SOC_SHA_SUPPORT_SHA512_224 (1) +#define SOC_SHA_SUPPORT_SHA512_256 (1) +#define SOC_SHA_SUPPORT_SHA512_T (1) /*--------------------------- ECC CAPS ---------------------------------------*/ #define SOC_ECC_CONSTANT_TIME_POINT_MUL 1 From 5210e576d54b069c25c5440e2fd50a14b30e7d8c Mon Sep 17 00:00:00 2001 From: "harshal.patil" Date: Mon, 26 May 2025 14:27:12 +0530 Subject: [PATCH 2/2] feat(mbedtls/sha): New API for setting SHA mode --- .../scripts/esp32c6/sec_srv_tbl_default.yml | 4 +++ .../scripts/esp32h2/sec_srv_tbl_default.yml | 4 +++ .../esp_tee/src/esp_secure_service_wrapper.c | 5 ++++ .../main/core/esp_secure_services.c | 5 ++++ components/hal/esp32/include/hal/sha_ll.h | 10 +++++++ components/hal/esp32c2/include/hal/sha_ll.h | 24 ++++++++++------- components/hal/esp32c3/include/hal/sha_ll.h | 24 ++++++++++------- components/hal/esp32c5/include/hal/sha_ll.h | 24 ++++++++++------- components/hal/esp32c6/include/hal/sha_ll.h | 26 +++++++++++-------- components/hal/esp32c61/include/hal/sha_ll.h | 26 +++++++++++-------- components/hal/esp32h2/include/hal/sha_ll.h | 26 +++++++++++-------- components/hal/esp32h21/include/hal/sha_ll.h | 24 ++++++++++------- components/hal/esp32p4/include/hal/sha_ll.h | 24 ++++++++++------- components/hal/esp32s2/include/hal/sha_ll.h | 24 ++++++++++------- components/hal/esp32s3/include/hal/sha_ll.h | 24 ++++++++++------- components/hal/include/hal/sha_hal.h | 12 ++++++--- components/hal/sha_hal.c | 16 ++++++------ .../hal/test_apps/crypto/main/sha/sha_block.c | 11 +++++++- .../hal/test_apps/crypto/main/sha/sha_dma.c | 8 +++++- .../mbedtls/port/include/sha/sha_core.h | 12 ++++++--- .../port/include/sha/sha_parallel_engine.h | 25 +++++++++--------- components/mbedtls/port/sha/core/esp_sha1.c | 5 ++++ components/mbedtls/port/sha/core/esp_sha256.c | 5 ++++ components/mbedtls/port/sha/core/esp_sha512.c | 4 +++ components/mbedtls/port/sha/core/sha.c | 8 +++++- .../mbedtls/port/sha/parallel_engine/sha.c | 7 ++++- .../esp_supplicant/src/crypto/fastpsk.c | 1 + .../release-5.x/5.5/index.rst | 1 + .../release-5.x/5.5/security.rst | 19 ++++++++++++++ .../release-5.x/5.5/index.rst | 1 + .../release-5.x/5.5/security.rst | 4 +++ tools/ci/check_copyright_ignore.txt | 1 - 32 files changed, 279 insertions(+), 135 deletions(-) create mode 100644 docs/en/migration-guides/release-5.x/5.5/security.rst create mode 100644 docs/zh_CN/migration-guides/release-5.x/5.5/security.rst diff --git a/components/esp_tee/scripts/esp32c6/sec_srv_tbl_default.yml b/components/esp_tee/scripts/esp32c6/sec_srv_tbl_default.yml index 6d9ef94841..ec1bd6654c 100644 --- a/components/esp_tee/scripts/esp32c6/sec_srv_tbl_default.yml +++ b/components/esp_tee/scripts/esp32c6/sec_srv_tbl_default.yml @@ -240,6 +240,10 @@ secure_services: type: IDF function: esp_ecc_point_verify args: 1 + - id: 110 + type: IDF + function: esp_sha_set_mode + args: 1 # ID: 134-169 (36) - Reserved for future use - family: attestation entries: diff --git a/components/esp_tee/scripts/esp32h2/sec_srv_tbl_default.yml b/components/esp_tee/scripts/esp32h2/sec_srv_tbl_default.yml index f70e9b1434..dc8221367b 100644 --- a/components/esp_tee/scripts/esp32h2/sec_srv_tbl_default.yml +++ b/components/esp_tee/scripts/esp32h2/sec_srv_tbl_default.yml @@ -244,6 +244,10 @@ secure_services: type: IDF function: esp_crypto_ecc_enable_periph_clk args: 1 + - id: 111 + type: IDF + function: esp_sha_set_mode + args: 1 # ID: 134-169 (36) - Reserved for future use - family: attestation entries: diff --git a/components/esp_tee/src/esp_secure_service_wrapper.c b/components/esp_tee/src/esp_secure_service_wrapper.c index 89ae362d5f..a993f46765 100644 --- a/components/esp_tee/src/esp_secure_service_wrapper.c +++ b/components/esp_tee/src/esp_secure_service_wrapper.c @@ -202,6 +202,11 @@ int __wrap_esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_ return esp_tee_service_call(4, SS_ESP_SHA_BLOCK, sha_type, data_block, is_first_block); } +void __wrap_esp_sha_set_mode(esp_sha_type sha_type) +{ + esp_tee_service_call(2, SS_ESP_SHA_SET_MODE, sha_type); +} + void __wrap_esp_sha_read_digest_state(esp_sha_type sha_type, void *digest_state) { esp_tee_service_call(3, SS_ESP_SHA_READ_DIGEST_STATE, sha_type, digest_state); diff --git a/components/esp_tee/subproject/main/core/esp_secure_services.c b/components/esp_tee/subproject/main/core/esp_secure_services.c index 0595c3d318..1cd85be67a 100644 --- a/components/esp_tee/subproject/main/core/esp_secure_services.c +++ b/components/esp_tee/subproject/main/core/esp_secure_services.c @@ -193,6 +193,11 @@ void _ss_esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_fi esp_sha_block(sha_type, data_block, is_first_block); } +void _ss_esp_sha_set_mode(esp_sha_type sha_type) +{ + esp_sha_set_mode(sha_type); +} + void _ss_esp_crypto_sha_enable_periph_clk(bool enable) { esp_crypto_sha_enable_periph_clk(enable); diff --git a/components/hal/esp32/include/hal/sha_ll.h b/components/hal/esp32/include/hal/sha_ll.h index f321c2be09..0d80d27bbd 100644 --- a/components/hal/esp32/include/hal/sha_ll.h +++ b/components/hal/esp32/include/hal/sha_ll.h @@ -126,6 +126,16 @@ static inline void sha_ll_load(esp_sha_type sha_type) DPORT_REG_WRITE(SHA_LOAD_REG(sha_type), 1); } +/** + * @brief Load the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_set_mode(esp_sha_type sha_type) +{ + (void) sha_type; +} + /** * @brief Checks if the SHA engine is currently busy hashing a block * diff --git a/components/hal/esp32c2/include/hal/sha_ll.h b/components/hal/esp32c2/include/hal/sha_ll.h index 4877e4ba55..e7261275ec 100644 --- a/components/hal/esp32c2/include/hal/sha_ll.h +++ b/components/hal/esp32c2/include/hal/sha_ll.h @@ -42,6 +42,16 @@ static inline void sha_ll_reset_register(void) /// the critical section needs to declare the __DECLARE_RCC_ATOMIC_ENV variable in advance #define sha_ll_reset_register(...) (void)__DECLARE_RCC_ATOMIC_ENV; sha_ll_reset_register(__VA_ARGS__) +/** + * @brief Load the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_set_mode(esp_sha_type sha_type) +{ + REG_WRITE(SHA_MODE_REG, sha_type); +} + /** * @brief Start a new SHA block conversions (no initial hash in HW) * @@ -49,7 +59,7 @@ static inline void sha_ll_reset_register(void) */ static inline void sha_ll_start_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_START_REG, 1); } @@ -60,29 +70,23 @@ static inline void sha_ll_start_block(esp_sha_type sha_type) */ static inline void sha_ll_continue_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_CONTINUE_REG, 1); } /** * @brief Start a new SHA message conversion using DMA (no initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_start_dma(esp_sha_type sha_type) +static inline void sha_ll_start_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_START_REG, 1); } /** * @brief Continue a SHA message conversion using DMA (initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_continue_dma(esp_sha_type sha_type) +static inline void sha_ll_continue_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_CONTINUE_REG, 1); } diff --git a/components/hal/esp32c3/include/hal/sha_ll.h b/components/hal/esp32c3/include/hal/sha_ll.h index 4ad996b59f..da917c76ab 100644 --- a/components/hal/esp32c3/include/hal/sha_ll.h +++ b/components/hal/esp32c3/include/hal/sha_ll.h @@ -45,6 +45,16 @@ static inline void sha_ll_reset_register(void) /// the critical section needs to declare the __DECLARE_RCC_ATOMIC_ENV variable in advance #define sha_ll_reset_register(...) (void)__DECLARE_RCC_ATOMIC_ENV; sha_ll_reset_register(__VA_ARGS__) +/** + * @brief Load the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_set_mode(esp_sha_type sha_type) +{ + REG_WRITE(SHA_MODE_REG, sha_type); +} + /** * @brief Start a new SHA block conversions (no initial hash in HW) * @@ -52,7 +62,7 @@ static inline void sha_ll_reset_register(void) */ static inline void sha_ll_start_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_START_REG, 1); } @@ -63,29 +73,23 @@ static inline void sha_ll_start_block(esp_sha_type sha_type) */ static inline void sha_ll_continue_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_CONTINUE_REG, 1); } /** * @brief Start a new SHA message conversion using DMA (no initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_start_dma(esp_sha_type sha_type) +static inline void sha_ll_start_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_START_REG, 1); } /** * @brief Continue a SHA message conversion using DMA (initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_continue_dma(esp_sha_type sha_type) +static inline void sha_ll_continue_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_CONTINUE_REG, 1); } diff --git a/components/hal/esp32c5/include/hal/sha_ll.h b/components/hal/esp32c5/include/hal/sha_ll.h index 05c8ac445e..e1cb5f503c 100644 --- a/components/hal/esp32c5/include/hal/sha_ll.h +++ b/components/hal/esp32c5/include/hal/sha_ll.h @@ -39,6 +39,16 @@ static inline void sha_ll_reset_register(void) PCR.ecdsa_conf.ecdsa_rst_en = 0; } +/** + * @brief Load the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_set_mode(esp_sha_type sha_type) +{ + REG_WRITE(SHA_MODE_REG, sha_type); +} + /** * @brief Start a new SHA block conversions (no initial hash in HW) * @@ -46,7 +56,7 @@ static inline void sha_ll_reset_register(void) */ static inline void sha_ll_start_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_START_REG, 1); } @@ -57,29 +67,23 @@ static inline void sha_ll_start_block(esp_sha_type sha_type) */ static inline void sha_ll_continue_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_CONTINUE_REG, 1); } /** * @brief Start a new SHA message conversion using DMA (no initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_start_dma(esp_sha_type sha_type) +static inline void sha_ll_start_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_START_REG, 1); } /** * @brief Continue a SHA message conversion using DMA (initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_continue_dma(esp_sha_type sha_type) +static inline void sha_ll_continue_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_CONTINUE_REG, 1); } diff --git a/components/hal/esp32c6/include/hal/sha_ll.h b/components/hal/esp32c6/include/hal/sha_ll.h index ada6544337..7108e2d608 100644 --- a/components/hal/esp32c6/include/hal/sha_ll.h +++ b/components/hal/esp32c6/include/hal/sha_ll.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -37,6 +37,16 @@ static inline void sha_ll_reset_register(void) PCR.hmac_conf.hmac_rst_en = 0; } +/** + * @brief Load the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_set_mode(esp_sha_type sha_type) +{ + REG_WRITE(SHA_MODE_REG, sha_type); +} + /** * @brief Start a new SHA block conversions (no initial hash in HW) * @@ -44,7 +54,7 @@ static inline void sha_ll_reset_register(void) */ static inline void sha_ll_start_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_START_REG, 1); } @@ -55,29 +65,23 @@ static inline void sha_ll_start_block(esp_sha_type sha_type) */ static inline void sha_ll_continue_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_CONTINUE_REG, 1); } /** * @brief Start a new SHA message conversion using DMA (no initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_start_dma(esp_sha_type sha_type) +static inline void sha_ll_start_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_START_REG, 1); } /** * @brief Continue a SHA message conversion using DMA (initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_continue_dma(esp_sha_type sha_type) +static inline void sha_ll_continue_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_CONTINUE_REG, 1); } diff --git a/components/hal/esp32c61/include/hal/sha_ll.h b/components/hal/esp32c61/include/hal/sha_ll.h index 807391731e..7f9b945b47 100644 --- a/components/hal/esp32c61/include/hal/sha_ll.h +++ b/components/hal/esp32c61/include/hal/sha_ll.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2024-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -39,6 +39,16 @@ static inline void sha_ll_reset_register(void) PCR.ecdsa_conf.ecdsa_rst_en = 0; } +/** + * @brief Load the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_set_mode(esp_sha_type sha_type) +{ + REG_WRITE(SHA_MODE_REG, sha_type); +} + /** * @brief Start a new SHA block conversions (no initial hash in HW) * @@ -46,7 +56,7 @@ static inline void sha_ll_reset_register(void) */ static inline void sha_ll_start_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_START_REG, 1); } @@ -57,29 +67,23 @@ static inline void sha_ll_start_block(esp_sha_type sha_type) */ static inline void sha_ll_continue_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_CONTINUE_REG, 1); } /** * @brief Start a new SHA message conversion using DMA (no initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_start_dma(esp_sha_type sha_type) +static inline void sha_ll_start_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_START_REG, 1); } /** * @brief Continue a SHA message conversion using DMA (initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_continue_dma(esp_sha_type sha_type) +static inline void sha_ll_continue_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_CONTINUE_REG, 1); } diff --git a/components/hal/esp32h2/include/hal/sha_ll.h b/components/hal/esp32h2/include/hal/sha_ll.h index 0203449566..2363c768d1 100644 --- a/components/hal/esp32h2/include/hal/sha_ll.h +++ b/components/hal/esp32h2/include/hal/sha_ll.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -38,6 +38,16 @@ static inline void sha_ll_reset_register(void) PCR.ecdsa_conf.ecdsa_rst_en = 0; } +/** + * @brief Load the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_set_mode(esp_sha_type sha_type) +{ + REG_WRITE(SHA_MODE_REG, sha_type); +} + /** * @brief Start a new SHA block conversions (no initial hash in HW) * @@ -45,7 +55,7 @@ static inline void sha_ll_reset_register(void) */ static inline void sha_ll_start_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_START_REG, 1); } @@ -56,29 +66,23 @@ static inline void sha_ll_start_block(esp_sha_type sha_type) */ static inline void sha_ll_continue_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_CONTINUE_REG, 1); } /** * @brief Start a new SHA message conversion using DMA (no initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_start_dma(esp_sha_type sha_type) +static inline void sha_ll_start_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_START_REG, 1); } /** * @brief Continue a SHA message conversion using DMA (initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_continue_dma(esp_sha_type sha_type) +static inline void sha_ll_continue_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_CONTINUE_REG, 1); } diff --git a/components/hal/esp32h21/include/hal/sha_ll.h b/components/hal/esp32h21/include/hal/sha_ll.h index 29762922a1..177acc686e 100644 --- a/components/hal/esp32h21/include/hal/sha_ll.h +++ b/components/hal/esp32h21/include/hal/sha_ll.h @@ -38,6 +38,16 @@ static inline void sha_ll_reset_register(void) PCR.ecdsa_conf.ecdsa_rst_en = 0; } +/** + * @brief Load the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_set_mode(esp_sha_type sha_type) +{ + REG_WRITE(SHA_MODE_REG, sha_type); +} + /** * @brief Start a new SHA block conversions (no initial hash in HW) * @@ -45,7 +55,7 @@ static inline void sha_ll_reset_register(void) */ static inline void sha_ll_start_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_START_REG, 1); } @@ -56,29 +66,23 @@ static inline void sha_ll_start_block(esp_sha_type sha_type) */ static inline void sha_ll_continue_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_CONTINUE_REG, 1); } /** * @brief Start a new SHA message conversion using DMA (no initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_start_dma(esp_sha_type sha_type) +static inline void sha_ll_start_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_START_REG, 1); } /** * @brief Continue a SHA message conversion using DMA (initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_continue_dma(esp_sha_type sha_type) +static inline void sha_ll_continue_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_CONTINUE_REG, 1); } diff --git a/components/hal/esp32p4/include/hal/sha_ll.h b/components/hal/esp32p4/include/hal/sha_ll.h index bcf0f9fa6c..68f4c94429 100644 --- a/components/hal/esp32p4/include/hal/sha_ll.h +++ b/components/hal/esp32p4/include/hal/sha_ll.h @@ -47,6 +47,16 @@ static inline void sha_ll_reset_register(void) /// the critical section needs to declare the __DECLARE_RCC_ATOMIC_ENV variable in advance #define sha_ll_reset_register(...) (void)__DECLARE_RCC_ATOMIC_ENV; sha_ll_reset_register(__VA_ARGS__) +/** + * @brief Load the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_set_mode(esp_sha_type sha_type) +{ + REG_WRITE(SHA_MODE_REG, sha_type); +} + /** * @brief Start a new SHA block conversions (no initial hash in HW) * @@ -54,7 +64,7 @@ static inline void sha_ll_reset_register(void) */ static inline void sha_ll_start_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_START_REG, 1); } @@ -65,29 +75,23 @@ static inline void sha_ll_start_block(esp_sha_type sha_type) */ static inline void sha_ll_continue_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_CONTINUE_REG, 1); } /** * @brief Start a new SHA message conversion using DMA (no initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_start_dma(esp_sha_type sha_type) +static inline void sha_ll_start_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_START_REG, 1); } /** * @brief Continue a SHA message conversion using DMA (initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_continue_dma(esp_sha_type sha_type) +static inline void sha_ll_continue_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_CONTINUE_REG, 1); } diff --git a/components/hal/esp32s2/include/hal/sha_ll.h b/components/hal/esp32s2/include/hal/sha_ll.h index 36bfee8299..e97b6bdbfa 100644 --- a/components/hal/esp32s2/include/hal/sha_ll.h +++ b/components/hal/esp32s2/include/hal/sha_ll.h @@ -51,6 +51,16 @@ static inline void sha_ll_reset_register(void) /// the critical section needs to declare the __DECLARE_RCC_ATOMIC_ENV variable in advance #define sha_ll_reset_register(...) (void)__DECLARE_RCC_ATOMIC_ENV; sha_ll_reset_register(__VA_ARGS__) +/** + * @brief Load the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_set_mode(esp_sha_type sha_type) +{ + REG_WRITE(SHA_MODE_REG, sha_type); +} + /** * @brief Start a new SHA block conversions (no initial hash in HW) * @@ -58,7 +68,7 @@ static inline void sha_ll_reset_register(void) */ static inline void sha_ll_start_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_START_REG, 1); } @@ -69,29 +79,23 @@ static inline void sha_ll_start_block(esp_sha_type sha_type) */ static inline void sha_ll_continue_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_CONTINUE_REG, 1); } /** * @brief Start a new SHA message conversion using DMA (no initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_start_dma(esp_sha_type sha_type) +static inline void sha_ll_start_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_START_REG, 1); } /** * @brief Continue a SHA message conversion using DMA (initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_continue_dma(esp_sha_type sha_type) +static inline void sha_ll_continue_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_CONTINUE_REG, 1); } diff --git a/components/hal/esp32s3/include/hal/sha_ll.h b/components/hal/esp32s3/include/hal/sha_ll.h index 9a7b9ed8f3..3299a8f51d 100644 --- a/components/hal/esp32s3/include/hal/sha_ll.h +++ b/components/hal/esp32s3/include/hal/sha_ll.h @@ -46,6 +46,16 @@ static inline void sha_ll_reset_register(void) /// the critical section needs to declare the __DECLARE_RCC_ATOMIC_ENV variable in advance #define sha_ll_reset_register(...) (void)__DECLARE_RCC_ATOMIC_ENV; sha_ll_reset_register(__VA_ARGS__) +/** + * @brief Load the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_set_mode(esp_sha_type sha_type) +{ + REG_WRITE(SHA_MODE_REG, sha_type); +} + /** * @brief Start a new SHA block conversions (no initial hash in HW) * @@ -53,7 +63,7 @@ static inline void sha_ll_reset_register(void) */ static inline void sha_ll_start_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_START_REG, 1); } @@ -64,29 +74,23 @@ static inline void sha_ll_start_block(esp_sha_type sha_type) */ static inline void sha_ll_continue_block(esp_sha_type sha_type) { - REG_WRITE(SHA_MODE_REG, sha_type); + (void) sha_type; REG_WRITE(SHA_CONTINUE_REG, 1); } /** * @brief Start a new SHA message conversion using DMA (no initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_start_dma(esp_sha_type sha_type) +static inline void sha_ll_start_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_START_REG, 1); } /** * @brief Continue a SHA message conversion using DMA (initial hash in HW) - * - * @param sha_type The SHA algorithm type */ -static inline void sha_ll_continue_dma(esp_sha_type sha_type) +static inline void sha_ll_continue_dma(void) { - REG_WRITE(SHA_MODE_REG, sha_type); REG_WRITE(SHA_DMA_CONTINUE_REG, 1); } diff --git a/components/hal/include/hal/sha_hal.h b/components/hal/include/hal/sha_hal.h index ef44f7834d..c6c11d6ceb 100644 --- a/components/hal/include/hal/sha_hal.h +++ b/components/hal/include/hal/sha_hal.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2015-2023 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -22,6 +22,13 @@ extern "C" { #endif +/** + * @brief Load the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +void sha_hal_set_mode(esp_sha_type sha_type); + /** * @brief Hashes a single message block * @@ -60,11 +67,10 @@ void sha_hal_write_digest(esp_sha_type sha_type, void *digest_state); /** * @brief Hashes a number of message blocks using DMA * - * @param sha_type SHA algorithm to hash with * @param num_blocks Number of blocks to hash * @param first_block Is this the first block in a message or a continuation? */ -void sha_hal_hash_dma(esp_sha_type sha_type, size_t num_blocks, bool first_block); +void sha_hal_hash_dma(size_t num_blocks, bool first_block); #endif #if SOC_SHA_SUPPORT_SHA512_T diff --git a/components/hal/sha_hal.c b/components/hal/sha_hal.c index 68c06b70dd..62f64fc6c3 100644 --- a/components/hal/sha_hal.c +++ b/components/hal/sha_hal.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2020-2023 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2020-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -66,12 +66,14 @@ inline static size_t state_length(esp_sha_type type) } #endif +void sha_hal_set_mode(esp_sha_type sha_type) +{ + sha_ll_set_mode(sha_type); +} /* Hash a single block */ void sha_hal_hash_block(esp_sha_type sha_type, const void *data_block, size_t block_word_len, bool first_block) { - sha_hal_wait_idle(); - sha_ll_fill_text_block(data_block, block_word_len); /* Start hashing */ @@ -85,17 +87,15 @@ void sha_hal_hash_block(esp_sha_type sha_type, const void *data_block, size_t bl #if SOC_SHA_SUPPORT_DMA /* Hashes a number of message blocks using DMA */ -void sha_hal_hash_dma(esp_sha_type sha_type, size_t num_blocks, bool first_block) +void sha_hal_hash_dma(size_t num_blocks, bool first_block) { - sha_hal_wait_idle(); - sha_ll_set_block_num(num_blocks); /* Start hashing */ if (first_block) { - sha_ll_start_dma(sha_type); + sha_ll_start_dma(); } else { - sha_ll_continue_dma(sha_type); + sha_ll_continue_dma(); } } diff --git a/components/hal/test_apps/crypto/main/sha/sha_block.c b/components/hal/test_apps/crypto/main/sha/sha_block.c index ed0ebb9d24..852e0efe33 100644 --- a/components/hal/test_apps/crypto/main/sha/sha_block.c +++ b/components/hal/test_apps/crypto/main/sha/sha_block.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: CC0-1.0 */ @@ -73,6 +73,9 @@ static void sha1_update_block(sha1_ctx* ctx, esp_sha_type sha_type, const unsign sha_ll_reset_register(); } + sha_hal_wait_idle(); + sha_hal_set_mode(sha_type); + if (ctx->first_block == 0) { /* Writes the message digest to the SHA engine */ sha_hal_write_digest(sha_type, ctx->state); @@ -174,6 +177,9 @@ static void sha256_update_block(sha256_ctx* ctx, esp_sha_type sha_type, const un sha_ll_reset_register(); } + sha_hal_wait_idle(); + sha_hal_set_mode(sha_type); + if (ctx->first_block == 0) { /* Writes the message digest to the SHA engine */ sha_hal_write_digest(sha_type, ctx->state); @@ -320,6 +326,9 @@ static void sha512_update_block(sha512_ctx* ctx, esp_sha_type sha_type, const un sha_ll_reset_register(); } + sha_hal_wait_idle(); + sha_hal_set_mode(sha_type); + if (ctx->first_block && sha_type == SHA2_512T){ sha_512_t_init_hash_block(ctx->t_val); ctx->first_block = 0; diff --git a/components/hal/test_apps/crypto/main/sha/sha_dma.c b/components/hal/test_apps/crypto/main/sha/sha_dma.c index 44dafe3f73..82db1f4063 100644 --- a/components/hal/test_apps/crypto/main/sha/sha_dma.c +++ b/components/hal/test_apps/crypto/main/sha/sha_dma.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: CC0-1.0 */ @@ -61,6 +61,8 @@ static void sha1_update_dma(sha1_ctx* ctx, esp_sha_type sha_type, const unsigned /* Enable peripheral module */ esp_sha_acquire_hardware(); + esp_sha_set_mode(sha_type); + esp_internal_sha1_update_state(ctx, sha_type); int ret = esp_sha_dma(sha_type, input, len, ctx->buffer, local_len, ctx->first_block); @@ -157,6 +159,8 @@ static void sha256_update_dma(sha256_ctx* ctx, esp_sha_type sha_type, const unsi /* Enable peripheral module */ esp_sha_acquire_hardware(); + esp_sha_set_mode(sha_type); + esp_internal_sha256_update_state(ctx); int ret = esp_sha_dma(ctx->mode, input, len, ctx->buffer, local_len, ctx->first_block); @@ -306,6 +310,8 @@ static void sha512_update_dma(sha512_ctx* ctx, esp_sha_type sha_type, const unsi /* Enable peripheral module */ esp_sha_acquire_hardware(); + esp_sha_set_mode(sha_type); + esp_internal_sha512_update_state(ctx); int ret = esp_sha_dma(ctx->mode, input, len, ctx->buffer, local_len, ctx->first_block); diff --git a/components/mbedtls/port/include/sha/sha_core.h b/components/mbedtls/port/include/sha/sha_core.h index 4032c41185..e22abd3246 100644 --- a/components/mbedtls/port/include/sha/sha_core.h +++ b/components/mbedtls/port/include/sha/sha_core.h @@ -50,12 +50,19 @@ extern "C" { */ void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output); +/** + * @brief Set the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +void esp_sha_set_mode(esp_sha_type sha_type); + /** @brief Execute SHA block operation * * @note This is a piece of a SHA algorithm, rather than an entire SHA * algorithm. * - * @note Call esp_sha_acquire_hardware() before calling this + * @note Call esp_sha_acquire_hardware() and esp_sha_set_mode() before calling this * function. * * @param sha_type SHA algorithm to use. @@ -78,7 +85,7 @@ void esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_first_ * @note This is a piece of a SHA algorithm, rather than an entire SHA * algorithm. * - * @note Call esp_sha_aquire_hardware() before calling this + * @note Call esp_sha_aquire_hardware() and esp_sha_set_mode() before calling this * function. * * @param sha_type SHA algorithm to use. @@ -145,7 +152,6 @@ void esp_sha_read_digest_state(esp_sha_type sha_type, void *digest_state); */ void esp_sha_write_digest_state(esp_sha_type sha_type, void *digest_state); - /** * @brief Enables the SHA and crypto DMA peripheral and takes the * locks for both of them. diff --git a/components/mbedtls/port/include/sha/sha_parallel_engine.h b/components/mbedtls/port/include/sha/sha_parallel_engine.h index cf6f0607da..aad6b322c3 100644 --- a/components/mbedtls/port/include/sha/sha_parallel_engine.h +++ b/components/mbedtls/port/include/sha/sha_parallel_engine.h @@ -1,16 +1,8 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #pragma once #include "hal/sha_types.h" @@ -69,6 +61,13 @@ extern "C" { */ void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output); +/** + * @brief Set the mode for the SHA engine + * + * @param sha_type The SHA algorithm type + */ +void esp_sha_set_mode(esp_sha_type sha_type); + /* @brief Begin to execute a single SHA block operation * * @note This is a piece of a SHA algorithm, rather than an entire SHA diff --git a/components/mbedtls/port/sha/core/esp_sha1.c b/components/mbedtls/port/sha/core/esp_sha1.c index 64b7ba98af..515bd1c838 100644 --- a/components/mbedtls/port/sha/core/esp_sha1.c +++ b/components/mbedtls/port/sha/core/esp_sha1.c @@ -113,6 +113,9 @@ static void esp_internal_sha1_block_process(mbedtls_sha1_context *ctx, const uin int mbedtls_internal_sha1_process(mbedtls_sha1_context *ctx, const unsigned char data[64]) { esp_sha_acquire_hardware(); + + esp_sha_set_mode(ctx->mode); + esp_internal_sha_update_state(ctx); #if SOC_SHA_SUPPORT_DMA @@ -166,6 +169,8 @@ int mbedtls_sha1_update(mbedtls_sha1_context *ctx, const unsigned char *input, s esp_sha_acquire_hardware(); + esp_sha_set_mode(ctx->mode); + esp_internal_sha_update_state(ctx); #if SOC_SHA_SUPPORT_DMA diff --git a/components/mbedtls/port/sha/core/esp_sha256.c b/components/mbedtls/port/sha/core/esp_sha256.c index cbd2f82d0b..cc717f8202 100644 --- a/components/mbedtls/port/sha/core/esp_sha256.c +++ b/components/mbedtls/port/sha/core/esp_sha256.c @@ -126,6 +126,9 @@ static void esp_internal_sha256_block_process(mbedtls_sha256_context *ctx, const int mbedtls_internal_sha256_process(mbedtls_sha256_context *ctx, const unsigned char data[64]) { esp_sha_acquire_hardware(); + + esp_sha_set_mode(ctx->mode); + esp_internal_sha_update_state(ctx); #if SOC_SHA_SUPPORT_DMA @@ -185,6 +188,8 @@ int mbedtls_sha256_update(mbedtls_sha256_context *ctx, const unsigned char *inpu esp_sha_acquire_hardware(); + esp_sha_set_mode(ctx->mode); + esp_internal_sha_update_state(ctx); #if SOC_SHA_SUPPORT_DMA diff --git a/components/mbedtls/port/sha/core/esp_sha512.c b/components/mbedtls/port/sha/core/esp_sha512.c index 049e51a2e6..1750095009 100644 --- a/components/mbedtls/port/sha/core/esp_sha512.c +++ b/components/mbedtls/port/sha/core/esp_sha512.c @@ -160,6 +160,8 @@ int mbedtls_internal_sha512_process(mbedtls_sha512_context *ctx, const unsigned esp_sha_acquire_hardware(); + esp_sha_set_mode(ctx->mode); + ret = esp_internal_sha_update_state(ctx); if (ret != 0) { esp_sha_release_hardware(); @@ -220,6 +222,8 @@ int mbedtls_sha512_update(mbedtls_sha512_context *ctx, const unsigned char *inpu esp_sha_acquire_hardware(); + esp_sha_set_mode(ctx->mode); + int ret = esp_internal_sha_update_state(ctx); if (ret != 0) { diff --git a/components/mbedtls/port/sha/core/sha.c b/components/mbedtls/port/sha/core/sha.c index a573a79d3a..8aa2f1e0e1 100644 --- a/components/mbedtls/port/sha/core/sha.c +++ b/components/mbedtls/port/sha/core/sha.c @@ -102,6 +102,12 @@ void esp_sha_release_hardware(void) esp_crypto_sha_aes_lock_release(); } +void esp_sha_set_mode(esp_sha_type sha_type) +{ + sha_hal_wait_idle(); + sha_hal_set_mode(sha_type); +} + void esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_first_block) { sha_hal_hash_block(sha_type, data_block, block_length(sha_type) / 4, is_first_block); @@ -284,7 +290,7 @@ static esp_err_t esp_sha_dma_process(esp_sha_type sha_type, const void *input, u return -1; } - sha_hal_hash_dma(sha_type, num_blks, is_first_block); + sha_hal_hash_dma(num_blks, is_first_block); sha_hal_wait_idle(); diff --git a/components/mbedtls/port/sha/parallel_engine/sha.c b/components/mbedtls/port/sha/parallel_engine/sha.c index 4828b9f87d..e2b4591910 100644 --- a/components/mbedtls/port/sha/parallel_engine/sha.c +++ b/components/mbedtls/port/sha/parallel_engine/sha.c @@ -50,7 +50,7 @@ static portMUX_TYPE memory_block_lock = portMUX_INITIALIZER_UNLOCKED; /* Binary semaphore managing the state of each concurrent SHA engine. - Available = noone is using this SHA engine + Available = no one is using this SHA engine Taken = a SHA session is running on this SHA engine Indexes: @@ -209,6 +209,11 @@ void esp_sha_read_digest_state(esp_sha_type sha_type, void *digest_state) esp_sha_unlock_memory_block(); } +void esp_sha_set_mode(esp_sha_type sha_type) +{ + sha_hal_set_mode(sha_type); +} + void esp_sha_block(esp_sha_type sha_type, const void *data_block, bool first_block) { #ifndef NDEBUG diff --git a/components/wpa_supplicant/esp_supplicant/src/crypto/fastpsk.c b/components/wpa_supplicant/esp_supplicant/src/crypto/fastpsk.c index 72bfeb43b0..3ec8a6a9cc 100644 --- a/components/wpa_supplicant/esp_supplicant/src/crypto/fastpsk.c +++ b/components/wpa_supplicant/esp_supplicant/src/crypto/fastpsk.c @@ -160,6 +160,7 @@ static inline void write32_be(uint32_t n, uint8_t out[4]) void sha1_op(uint32_t blocks[FAST_PSK_SHA1_BLOCKS_BUF_WORDS], uint32_t output[SHA1_OUTPUT_SZ_WORDS]) { + esp_sha_set_mode(SHA1); /* First block */ esp_sha_block(SHA1, blocks, true); /* Second block */ diff --git a/docs/en/migration-guides/release-5.x/5.5/index.rst b/docs/en/migration-guides/release-5.x/5.5/index.rst index dedee8fed4..0672e640b5 100644 --- a/docs/en/migration-guides/release-5.x/5.5/index.rst +++ b/docs/en/migration-guides/release-5.x/5.5/index.rst @@ -6,6 +6,7 @@ Migration from 5.4 to 5.5 .. toctree:: :maxdepth: 1 + security system peripherals protocols diff --git a/docs/en/migration-guides/release-5.x/5.5/security.rst b/docs/en/migration-guides/release-5.x/5.5/security.rst new file mode 100644 index 0000000000..ec5a774b27 --- /dev/null +++ b/docs/en/migration-guides/release-5.x/5.5/security.rst @@ -0,0 +1,19 @@ +Security +======== + +:link_to_translation:`zh_CN:[中文]` + +.. only:: SOC_SHA_SUPPORTED + + Mbed TLS + -------- + + Starting from **ESP-IDF v5.5**, there is a change in how the SHA sub-function APIs, :cpp:func:`esp_sha_block` and :cpp:func:`esp_sha_dma`, are used. + + Previously, these APIs used to set the SHA mode internally, however, in the updated version, you must explicitly set the SHA mode before invoking them. + + For instance, if you intend to use the **SHA-256** algorithm, you must first call :cpp:func:`esp_sha_set_mode` with the argument ``SHA2_256``: + + .. code-block:: c + + esp_sha_set_mode(SHA2_256); diff --git a/docs/zh_CN/migration-guides/release-5.x/5.5/index.rst b/docs/zh_CN/migration-guides/release-5.x/5.5/index.rst index 695fb35269..150b053e43 100644 --- a/docs/zh_CN/migration-guides/release-5.x/5.5/index.rst +++ b/docs/zh_CN/migration-guides/release-5.x/5.5/index.rst @@ -6,6 +6,7 @@ .. toctree:: :maxdepth: 1 + security system peripherals protocols diff --git a/docs/zh_CN/migration-guides/release-5.x/5.5/security.rst b/docs/zh_CN/migration-guides/release-5.x/5.5/security.rst new file mode 100644 index 0000000000..87004c5383 --- /dev/null +++ b/docs/zh_CN/migration-guides/release-5.x/5.5/security.rst @@ -0,0 +1,4 @@ +安全性 +======= + +:link_to_translation:`en:[English]` diff --git a/tools/ci/check_copyright_ignore.txt b/tools/ci/check_copyright_ignore.txt index 636c7a7f81..4cb53b9eba 100644 --- a/tools/ci/check_copyright_ignore.txt +++ b/tools/ci/check_copyright_ignore.txt @@ -480,7 +480,6 @@ components/mbedtls/port/include/esp32/sha.h components/mbedtls/port/include/esp32s2/aes.h components/mbedtls/port/include/esp32s2/gcm.h components/mbedtls/port/include/mbedtls/esp_debug.h -components/mbedtls/port/include/sha/sha_parallel_engine.h components/mbedtls/port/include/sha1_alt.h components/mbedtls/port/include/sha256_alt.h components/mbedtls/port/include/sha512_alt.h