Merge branch 'fix/esp_tee_sha_op' into 'master'

fix(esp_tee): Utilize the SHA H/W for hashing operations in the TEE

See merge request espressif/esp-idf!37929

components/mbedtls/esp_tee/esp_tee_crypto_shared_gdma.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -21,6 +21,10 @@
 #include "soc/gdma_struct.h"
 #include "soc/soc_caps.h"
 
+#include "esp_tee_crypto_shared_gdma.h"
+#include "esp_aes_dma_priv.h"
+#include "esp_sha_dma_priv.h"
+
 #define TEE_CRYPTO_GDMA_CH  (0)
 
 /*
@@ -115,7 +119,7 @@ esp_err_t esp_aes_dma_start(const crypto_dma_desc_t *input, const crypto_dma_des
     return esp_tee_crypto_shared_gdma_start(input, output, GDMA_TRIG_PERIPH_AES);
 }
 
-bool esp_aes_dma_done(crypto_dma_desc_t *output)
+bool esp_aes_dma_done(const crypto_dma_desc_t *output)
 {
     return (output->dw0.owner == 0);
 }

components/mbedtls/esp_tee/esp_tee_mbedtls.cmake

@@ -6,28 +6,16 @@ set(include_dirs "${COMPONENT_DIR}/port/include"
                  "${COMPONENT_DIR}/mbedtls/include"
                  "${COMPONENT_DIR}/mbedtls/library")
 
-# Supporting headers
+# Crypto port headers
-list(APPEND include_dirs "${heap_dir}/include")
+set(crypto_port_inc_dirs "${COMPONENT_DIR}/port/aes/include"
-
-# Shared GDMA layer for TEE
-set(srcs "${COMPONENT_DIR}/esp_tee/esp_tee_crypto_shared_gdma.c")
-
-# AES-SHA implementation
-list(APPEND srcs "${COMPONENT_DIR}/port/aes/dma/esp_aes.c"
-                 "${COMPONENT_DIR}/port/aes/dma/esp_aes_dma_core.c")
-
-list(APPEND srcs "${COMPONENT_DIR}/port/aes/esp_aes_common.c"
-                 "${COMPONENT_DIR}/port/aes/esp_aes_gcm.c")
-
-list(APPEND srcs "${COMPONENT_DIR}/port/sha/core/sha.c"
-                 "${COMPONENT_DIR}/port/sha/esp_sha.c")
-
-list(APPEND include_dirs "${COMPONENT_DIR}/port/aes/include"
                          "${COMPONENT_DIR}/port/aes/dma/include"
                          "${COMPONENT_DIR}/port/sha/core/include")
 
+# Supporting headers
+list(APPEND crypto_port_inc_dirs "${heap_dir}/include")
+
 idf_component_register(SRCS "${srcs}"
-                       INCLUDE_DIRS "${include_dirs}"
+                       INCLUDE_DIRS "${include_dirs}" "${crypto_port_inc_dirs}"
                        PRIV_REQUIRES "${priv_requires}")
 
 # Only build mbedtls libraries
@@ -52,6 +40,22 @@ endforeach()
 
 target_link_libraries(${COMPONENT_LIB} INTERFACE ${mbedtls_targets})
 
+target_include_directories(mbedcrypto PRIVATE ${crypto_port_inc_dirs})
+
+# Shared GDMA layer for TEE
+target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/esp_tee/esp_tee_crypto_shared_gdma.c")
+
+# AES implementation
+target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/aes/dma/esp_aes.c"
+                                  "${COMPONENT_DIR}/port/aes/dma/esp_aes_dma_core.c")
+
+target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/aes/esp_aes_common.c"
+                                  "${COMPONENT_DIR}/port/aes/esp_aes_gcm.c")
+
+# SHA implementation
 target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/sha/core/esp_sha1.c"
                                   "${COMPONENT_DIR}/port/sha/core/esp_sha256.c"
                                   "${COMPONENT_DIR}/port/sha/core/esp_sha512.c")
+
+target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/sha/core/sha.c"
+                                  "${COMPONENT_DIR}/port/sha/esp_sha.c")

components/mbedtls/esp_tee/esp_tee_mbedtls_config.h

@@ -22,6 +22,8 @@
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
  */
+#include "sdkconfig.h"
+
 #ifndef ESP_TEE_MBEDTLS_CONFIG_H
 #define ESP_TEE_MBEDTLS_CONFIG_H
 
@@ -47,9 +49,8 @@
 #define MBEDTLS_SHA224_C
 #define MBEDTLS_SHA256_C
 
-#ifdef CONFIG_MBEDTLS_HARDWARE_SHA
+#if CONFIG_MBEDTLS_HARDWARE_SHA
 #define MBEDTLS_SHA1_ALT
-#define MBEDTLS_SHA224_ALT
 #define MBEDTLS_SHA256_ALT
 #endif