From 6b1f4fe46c67b711128b34e6628013bb6ef00dc7 Mon Sep 17 00:00:00 2001
From: Laukik Hase <laukik.hase@espressif.com>
Date: Thu, 20 Mar 2025 17:16:55 +0530
Subject: [PATCH] fix(esp_tee): Utilize the SHA H/W for hashing operations in
 the TEE

---
 .../esp_tee/esp_tee_crypto_shared_gdma.c      |  8 +++-
 .../mbedtls/esp_tee/esp_tee_mbedtls.cmake     | 40 ++++++++++---------
 .../mbedtls/esp_tee/esp_tee_mbedtls_config.h  |  5 ++-
 3 files changed, 31 insertions(+), 22 deletions(-)

diff --git a/components/mbedtls/esp_tee/esp_tee_crypto_shared_gdma.c b/components/mbedtls/esp_tee/esp_tee_crypto_shared_gdma.c
index 6c0c47b4f7..78e71c24ac 100644
--- a/components/mbedtls/esp_tee/esp_tee_crypto_shared_gdma.c
+++ b/components/mbedtls/esp_tee/esp_tee_crypto_shared_gdma.c
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -21,6 +21,10 @@
 #include "soc/gdma_struct.h"
 #include "soc/soc_caps.h"
 
+#include "esp_tee_crypto_shared_gdma.h"
+#include "esp_aes_dma_priv.h"
+#include "esp_sha_dma_priv.h"
+
 #define TEE_CRYPTO_GDMA_CH  (0)
 
 /*
@@ -115,7 +119,7 @@ esp_err_t esp_aes_dma_start(const crypto_dma_desc_t *input, const crypto_dma_des
     return esp_tee_crypto_shared_gdma_start(input, output, GDMA_TRIG_PERIPH_AES);
 }
 
-bool esp_aes_dma_done(crypto_dma_desc_t *output)
+bool esp_aes_dma_done(const crypto_dma_desc_t *output)
 {
     return (output->dw0.owner == 0);
 }
diff --git a/components/mbedtls/esp_tee/esp_tee_mbedtls.cmake b/components/mbedtls/esp_tee/esp_tee_mbedtls.cmake
index 9072a91c6c..be6d1b4597 100644
--- a/components/mbedtls/esp_tee/esp_tee_mbedtls.cmake
+++ b/components/mbedtls/esp_tee/esp_tee_mbedtls.cmake
@@ -6,28 +6,16 @@ set(include_dirs "${COMPONENT_DIR}/port/include"
                  "${COMPONENT_DIR}/mbedtls/include"
                  "${COMPONENT_DIR}/mbedtls/library")
 
-# Supporting headers
-list(APPEND include_dirs "${heap_dir}/include")
-
-# Shared GDMA layer for TEE
-set(srcs "${COMPONENT_DIR}/esp_tee/esp_tee_crypto_shared_gdma.c")
-
-# AES-SHA implementation
-list(APPEND srcs "${COMPONENT_DIR}/port/aes/dma/esp_aes.c"
-                 "${COMPONENT_DIR}/port/aes/dma/esp_aes_dma_core.c")
-
-list(APPEND srcs "${COMPONENT_DIR}/port/aes/esp_aes_common.c"
-                 "${COMPONENT_DIR}/port/aes/esp_aes_gcm.c")
-
-list(APPEND srcs "${COMPONENT_DIR}/port/sha/core/sha.c"
-                 "${COMPONENT_DIR}/port/sha/esp_sha.c")
-
-list(APPEND include_dirs "${COMPONENT_DIR}/port/aes/include"
+# Crypto port headers
+set(crypto_port_inc_dirs "${COMPONENT_DIR}/port/aes/include"
                          "${COMPONENT_DIR}/port/aes/dma/include"
                          "${COMPONENT_DIR}/port/sha/core/include")
 
+# Supporting headers
+list(APPEND crypto_port_inc_dirs "${heap_dir}/include")
+
 idf_component_register(SRCS "${srcs}"
-                       INCLUDE_DIRS "${include_dirs}"
+                       INCLUDE_DIRS "${include_dirs}" "${crypto_port_inc_dirs}"
                        PRIV_REQUIRES "${priv_requires}")
 
 # Only build mbedtls libraries
@@ -52,6 +40,22 @@ endforeach()
 
 target_link_libraries(${COMPONENT_LIB} INTERFACE ${mbedtls_targets})
 
+target_include_directories(mbedcrypto PRIVATE ${crypto_port_inc_dirs})
+
+# Shared GDMA layer for TEE
+target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/esp_tee/esp_tee_crypto_shared_gdma.c")
+
+# AES implementation
+target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/aes/dma/esp_aes.c"
+                                  "${COMPONENT_DIR}/port/aes/dma/esp_aes_dma_core.c")
+
+target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/aes/esp_aes_common.c"
+                                  "${COMPONENT_DIR}/port/aes/esp_aes_gcm.c")
+
+# SHA implementation
 target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/sha/core/esp_sha1.c"
                                   "${COMPONENT_DIR}/port/sha/core/esp_sha256.c"
                                   "${COMPONENT_DIR}/port/sha/core/esp_sha512.c")
+
+target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/sha/core/sha.c"
+                                  "${COMPONENT_DIR}/port/sha/esp_sha.c")
diff --git a/components/mbedtls/esp_tee/esp_tee_mbedtls_config.h b/components/mbedtls/esp_tee/esp_tee_mbedtls_config.h
index a676cd20a9..72ea061315 100644
--- a/components/mbedtls/esp_tee/esp_tee_mbedtls_config.h
+++ b/components/mbedtls/esp_tee/esp_tee_mbedtls_config.h
@@ -22,6 +22,8 @@
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
  */
+#include "sdkconfig.h"
+
 #ifndef ESP_TEE_MBEDTLS_CONFIG_H
 #define ESP_TEE_MBEDTLS_CONFIG_H
 
@@ -47,9 +49,8 @@
 #define MBEDTLS_SHA224_C
 #define MBEDTLS_SHA256_C
 
-#ifdef CONFIG_MBEDTLS_HARDWARE_SHA
+#if CONFIG_MBEDTLS_HARDWARE_SHA
 #define MBEDTLS_SHA1_ALT
-#define MBEDTLS_SHA224_ALT
 #define MBEDTLS_SHA256_ALT
 #endif