From 7d8211bf8706a854a0ea5592c4bcd5e846bfe277 Mon Sep 17 00:00:00 2001 From: "harshal.patil" Date: Fri, 24 Jan 2025 16:26:47 +0530 Subject: [PATCH] feat(mbedtls): Support both SHA block and DMA modes during runtime Dynamically switch the SHA operation modes based on the buffer operating length --- components/esp-tls/test_apps/main/app_main.c | 4 +- .../scripts/esp32c6/secure_service.tbl | 1 + .../esp_tee/src/esp_secure_service_wrapper.c | 7 +- .../esp_tee/subproject/main/CMakeLists.txt | 2 +- .../main/core/esp_secure_services.c | 7 +- .../hal/test_apps/crypto/main/CMakeLists.txt | 8 +- .../hal/test_apps/crypto/main/sha/sha_dma.c | 2 +- components/mbedtls/CMakeLists.txt | 22 +- .../mbedtls/esp_tee/esp_tee_mbedtls.cmake | 10 +- components/mbedtls/port/include/esp32s2/sha.h | 22 +- .../mbedtls/port/include/sha/sha_block.h | 122 +------- .../mbedtls/port/include/sha/sha_core.h | 178 +++++++++++ components/mbedtls/port/include/sha/sha_dma.h | 145 +-------- components/mbedtls/port/sha/block/esp_sha1.c | 220 ------------- .../mbedtls/port/sha/block/esp_sha512.c | 289 ------------------ components/mbedtls/port/sha/block/sha.c | 82 ----- .../mbedtls/port/sha/{dma => core}/esp_sha1.c | 63 ++-- .../port/sha/{block => core}/esp_sha256.c | 60 ++-- .../port/sha/{dma => core}/esp_sha512.c | 67 ++-- .../{dma => core}/esp_sha_crypto_dma_impl.c | 5 +- .../sha/{dma => core}/esp_sha_gdma_impl.c | 0 .../{dma => core}/include/esp_sha_dma_priv.h | 3 +- .../port/sha/core/include/esp_sha_internal.h | 59 ++++ .../mbedtls/port/sha/{dma => core}/sha.c | 107 +++---- components/mbedtls/port/sha/dma/esp_sha256.c | 234 -------------- components/mbedtls/port/sha/esp_sha.c | 4 +- .../test_apps/main/test_wpa_supplicant_main.c | 4 +- tools/ci/check_copyright_ignore.txt | 2 - 28 files changed, 458 insertions(+), 1271 deletions(-) create mode 100644 components/mbedtls/port/include/sha/sha_core.h delete mode 100644 components/mbedtls/port/sha/block/esp_sha1.c delete mode 100644 components/mbedtls/port/sha/block/esp_sha512.c delete mode 100644 components/mbedtls/port/sha/block/sha.c rename components/mbedtls/port/sha/{dma => core}/esp_sha1.c (77%) rename components/mbedtls/port/sha/{block => core}/esp_sha256.c (79%) rename components/mbedtls/port/sha/{dma => core}/esp_sha512.c (81%) rename components/mbedtls/port/sha/{dma => core}/esp_sha_crypto_dma_impl.c (99%) rename components/mbedtls/port/sha/{dma => core}/esp_sha_gdma_impl.c (100%) rename components/mbedtls/port/sha/{dma => core}/include/esp_sha_dma_priv.h (90%) create mode 100644 components/mbedtls/port/sha/core/include/esp_sha_internal.h rename components/mbedtls/port/sha/{dma => core}/sha.c (83%) delete mode 100644 components/mbedtls/port/sha/dma/esp_sha256.c diff --git a/components/esp-tls/test_apps/main/app_main.c b/components/esp-tls/test_apps/main/app_main.c index 813d724f04..2c1a5935ab 100644 --- a/components/esp-tls/test_apps/main/app_main.c +++ b/components/esp-tls/test_apps/main/app_main.c @@ -12,10 +12,8 @@ #include "soc/soc_caps.h" #if SOC_SHA_SUPPORT_PARALLEL_ENG #include "sha/sha_parallel_engine.h" -#elif SOC_SHA_SUPPORT_DMA -#include "sha/sha_dma.h" #else -#include "sha/sha_block.h" +#include "sha/sha_core.h" #endif #include "esp_newlib.h" diff --git a/components/esp_tee/scripts/esp32c6/secure_service.tbl b/components/esp_tee/scripts/esp32c6/secure_service.tbl index aac502d32f..51cd652035 100644 --- a/components/esp_tee/scripts/esp32c6/secure_service.tbl +++ b/components/esp_tee/scripts/esp32c6/secure_service.tbl @@ -35,6 +35,7 @@ 128 IDF esp_sha_dma 6 129 IDF esp_sha_read_digest_state 2 130 IDF esp_sha_write_digest_state 2 +131 IDF esp_sha_block 3 # ID: 168-183 (16) - eFuse 168 IDF esp_efuse_check_secure_version 1 169 IDF esp_efuse_read_field_blob 3 diff --git a/components/esp_tee/src/esp_secure_service_wrapper.c b/components/esp_tee/src/esp_secure_service_wrapper.c index a0f2935431..21abec2ba5 100644 --- a/components/esp_tee/src/esp_secure_service_wrapper.c +++ b/components/esp_tee/src/esp_secure_service_wrapper.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2024-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -211,6 +211,11 @@ int __wrap_esp_sha_dma(esp_sha_type sha_type, const void *input, uint32_t ilen, return esp_tee_service_call(7, SS_ESP_SHA_DMA, sha_type, input, ilen, buf, buf_len, is_first_block); } +int __wrap_esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_first_block) +{ + return esp_tee_service_call(4, SS_ESP_SHA_BLOCK, sha_type, data_block, is_first_block); +} + void __wrap_esp_sha_read_digest_state(esp_sha_type sha_type, void *digest_state) { esp_tee_service_call(3, SS_ESP_SHA_READ_DIGEST_STATE, sha_type, digest_state); diff --git a/components/esp_tee/subproject/main/CMakeLists.txt b/components/esp_tee/subproject/main/CMakeLists.txt index 8eb3d1c693..752e4ecec8 100644 --- a/components/esp_tee/subproject/main/CMakeLists.txt +++ b/components/esp_tee/subproject/main/CMakeLists.txt @@ -66,7 +66,7 @@ list(APPEND include "${mbedtls_dir}/port/include" "${mbedtls_dir}/port/aes/include" "${mbedtls_dir}/port/aes/dma/include") # SHA -list(APPEND include "${mbedtls_dir}/port/sha/dma/include") +list(APPEND include "${mbedtls_dir}/port/sha/core/include") # esp_app_desc_t configuration structure for TEE list(APPEND srcs "common/esp_app_desc_tee.c") diff --git a/components/esp_tee/subproject/main/core/esp_secure_services.c b/components/esp_tee/subproject/main/core/esp_secure_services.c index d91192f691..87c5275f4d 100644 --- a/components/esp_tee/subproject/main/core/esp_secure_services.c +++ b/components/esp_tee/subproject/main/core/esp_secure_services.c @@ -21,7 +21,7 @@ #include "soc/soc_caps.h" #include "aes/esp_aes.h" -#include "sha/sha_dma.h" +#include "sha/sha_core.h" #include "esp_tee.h" #include "esp_tee_memory_utils.h" @@ -314,6 +314,11 @@ void _ss_esp_sha_write_digest_state(esp_sha_type sha_type, void *digest_state) sha_hal_write_digest(sha_type, digest_state); } +void _ss_esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_first_block) +{ + esp_sha_block(sha_type, data_block, is_first_block); +} + /* ---------------------------------------------- OTA ------------------------------------------------- */ int _ss_esp_tee_ota_begin(void) diff --git a/components/hal/test_apps/crypto/main/CMakeLists.txt b/components/hal/test_apps/crypto/main/CMakeLists.txt index de293541d3..3dd261a0ce 100644 --- a/components/hal/test_apps/crypto/main/CMakeLists.txt +++ b/components/hal/test_apps/crypto/main/CMakeLists.txt @@ -60,13 +60,13 @@ if(CONFIG_SOC_SHA_SUPPORTED) if(CONFIG_SOC_SHA_SUPPORT_DMA) list(APPEND srcs "sha/sha_dma.c" - "$ENV{IDF_PATH}/components/mbedtls/port/sha/dma/sha.c") - list(APPEND priv_include_dirs "$ENV{IDF_PATH}/components/mbedtls/port/sha/dma/include") + "$ENV{IDF_PATH}/components/mbedtls/port/sha/core/sha.c") + list(APPEND priv_include_dirs "$ENV{IDF_PATH}/components/mbedtls/port/sha/core/include") if(NOT CONFIG_SOC_SHA_GDMA) - list(APPEND srcs "$ENV{IDF_PATH}/components/mbedtls/port/sha/dma/esp_sha_crypto_dma_impl.c") + list(APPEND srcs "$ENV{IDF_PATH}/components/mbedtls/port/sha/core/esp_sha_crypto_dma_impl.c") else() - list(APPEND srcs "$ENV{IDF_PATH}/components/mbedtls/port/sha/dma/esp_sha_gdma_impl.c" + list(APPEND srcs "$ENV{IDF_PATH}/components/mbedtls/port/sha/core/esp_sha_gdma_impl.c" "$ENV{IDF_PATH}/components/mbedtls/port/crypto_shared_gdma/esp_crypto_shared_gdma.c") endif() endif() diff --git a/components/hal/test_apps/crypto/main/sha/sha_dma.c b/components/hal/test_apps/crypto/main/sha/sha_dma.c index f0a335a7ff..44dafe3f73 100644 --- a/components/hal/test_apps/crypto/main/sha/sha_dma.c +++ b/components/hal/test_apps/crypto/main/sha/sha_dma.c @@ -17,7 +17,7 @@ #if SOC_SHA_SUPPORTED #if SOC_SHA_SUPPORT_DMA -#include "sha/sha_dma.h" +#include "sha/sha_core.h" #include "sha_dma.h" #if defined(SOC_SHA_SUPPORT_SHA1) diff --git a/components/mbedtls/CMakeLists.txt b/components/mbedtls/CMakeLists.txt index 8662869c89..a0bb4df88f 100644 --- a/components/mbedtls/CMakeLists.txt +++ b/components/mbedtls/CMakeLists.txt @@ -191,12 +191,10 @@ endif() # Choose peripheral type if(CONFIG_SOC_SHA_SUPPORTED) - if(CONFIG_SOC_SHA_SUPPORT_DMA) - set(SHA_PERIPHERAL_TYPE "dma") - elseif(CONFIG_SOC_SHA_SUPPORT_PARALLEL_ENG) + if(CONFIG_SOC_SHA_SUPPORT_PARALLEL_ENG) set(SHA_PERIPHERAL_TYPE "parallel_engine") else() - set(SHA_PERIPHERAL_TYPE "block") + set(SHA_PERIPHERAL_TYPE "core") endif() endif() @@ -208,15 +206,15 @@ if(CONFIG_SOC_AES_SUPPORTED) endif() endif() -if(SHA_PERIPHERAL_TYPE STREQUAL "dma") - target_include_directories(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/sha/dma/include") +if(SHA_PERIPHERAL_TYPE STREQUAL "core") + target_include_directories(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/sha/core/include") - if(NOT CONFIG_SOC_SHA_GDMA) - set(SHA_DMA_SRCS "${COMPONENT_DIR}/port/sha/dma/esp_sha_crypto_dma_impl.c") - else() - set(SHA_DMA_SRCS "${COMPONENT_DIR}/port/sha/dma/esp_sha_gdma_impl.c") + if(CONFIG_SOC_SHA_GDMA) + set(SHA_CORE_SRCS "${COMPONENT_DIR}/port/sha/core/esp_sha_gdma_impl.c") + elseif(CONFIG_SOC_SHA_CRYPTO_DMA) + set(SHA_CORE_SRCS "${COMPONENT_DIR}/port/sha/core/esp_sha_crypto_dma_impl.c") endif() - target_sources(mbedcrypto PRIVATE "${SHA_DMA_SRCS}") + target_sources(mbedcrypto PRIVATE "${SHA_CORE_SRCS}") endif() if(AES_PERIPHERAL_TYPE STREQUAL "dma") @@ -232,7 +230,7 @@ if(AES_PERIPHERAL_TYPE STREQUAL "dma") target_sources(mbedcrypto PRIVATE "${AES_DMA_SRCS}") endif() -if(SHA_PERIPHERAL_TYPE STREQUAL "dma" OR AES_PERIPHERAL_TYPE STREQUAL "dma") +if((SHA_PERIPHERAL_TYPE STREQUAL "core" AND CONFIG_SOC_SHA_SUPPORT_DMA) OR AES_PERIPHERAL_TYPE STREQUAL "dma") target_link_libraries(mbedcrypto PRIVATE idf::esp_mm) if(CONFIG_SOC_SHA_GDMA OR CONFIG_SOC_AES_GDMA) if(CONFIG_SOC_AXI_DMA_EXT_MEM_ENC_ALIGNMENT) diff --git a/components/mbedtls/esp_tee/esp_tee_mbedtls.cmake b/components/mbedtls/esp_tee/esp_tee_mbedtls.cmake index 7a08feba3d..7d33abf0a2 100644 --- a/components/mbedtls/esp_tee/esp_tee_mbedtls.cmake +++ b/components/mbedtls/esp_tee/esp_tee_mbedtls.cmake @@ -15,13 +15,13 @@ list(APPEND srcs "${hal_dir}/aes_hal.c" list(APPEND include_dirs "${COMPONENT_DIR}/port/aes/include" "${COMPONENT_DIR}/port/aes/dma/include" - "${COMPONENT_DIR}/port/sha/dma/include") + "${COMPONENT_DIR}/port/sha/core/include") list(APPEND srcs "${COMPONENT_DIR}/port/aes/esp_aes_common.c" "${COMPONENT_DIR}/port/aes/dma/esp_aes.c" "${COMPONENT_DIR}/port/aes/dma/esp_aes_dma_core.c") -list(APPEND srcs "${COMPONENT_DIR}/port/sha/dma/sha.c" +list(APPEND srcs "${COMPONENT_DIR}/port/sha/core/sha.c" "${COMPONENT_DIR}/port/sha/esp_sha.c") # Supporting headers @@ -54,8 +54,8 @@ endforeach() target_link_libraries(${COMPONENT_LIB} INTERFACE ${mbedtls_targets}) if(CONFIG_MBEDTLS_HARDWARE_SHA) - target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/sha/dma/esp_sha1.c" - "${COMPONENT_DIR}/port/sha/dma/esp_sha256.c" - "${COMPONENT_DIR}/port/sha/dma/esp_sha512.c" + target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/sha/core/esp_sha1.c" + "${COMPONENT_DIR}/port/sha/core/esp_sha256.c" + "${COMPONENT_DIR}/port/sha/core/esp_sha512.c" ) endif() diff --git a/components/mbedtls/port/include/esp32s2/sha.h b/components/mbedtls/port/include/esp32s2/sha.h index 1e9e3f3622..366f7b6b79 100644 --- a/components/mbedtls/port/include/esp32s2/sha.h +++ b/components/mbedtls/port/include/esp32s2/sha.h @@ -1,19 +1,11 @@ -// Copyright 2019-2020 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * SPDX-FileCopyrightText: 2019-2025 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #pragma once -#include "sha/sha_dma.h" +#include "sha/sha_core.h" -#warning esp32s2/sha.h is deprecated, please use sha/sha_dma.h instead +#warning esp32s2/sha.h is deprecated, please use sha/sha_core.h instead diff --git a/components/mbedtls/port/include/sha/sha_block.h b/components/mbedtls/port/include/sha/sha_block.h index 105c706842..a05e87bdd6 100644 --- a/components/mbedtls/port/include/sha/sha_block.h +++ b/components/mbedtls/port/include/sha/sha_block.h @@ -6,124 +6,4 @@ #pragma once -#include - -#include "hal/sha_types.h" - -/** @brief Low-level support functions for the hardware SHA engine - * - * @note If you're looking for a SHA API to use, try mbedtls component - * mbedtls/shaXX.h. That API supports hardware acceleration. - * - * The API in this header provides some building blocks for implementing a - * full SHA API such as the one in mbedtls, and also a basic SHA function esp_sha(). - * - */ - -#ifdef __cplusplus -extern "C" { -#endif - - -/** @brief Calculate SHA1 or SHA2 sum of some data, using hardware SHA engine - * - * @note For more versatile SHA calculations, where data doesn't need - * to be passed all at once, try the mbedTLS mbedtls/shaX.h APIs. - * - * @note It is not necessary to lock any SHA hardware before calling - * this function, thread safety is managed internally. - * - * @param sha_type SHA algorithm to use. - * - * @param input Input data buffer. - * - * @param ilen Length of input data in bytes. - * - * @param output Buffer for output SHA digest. Output is 20 bytes for - * sha_type SHA1, 28 bytes for sha_type SHA2_224, 32 bytes for - * sha_type SHA2_256, 48 bytes for sha_type SHA2_384, 64 bytes for - * sha_type SHA2_512. - */ -void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output); - -/** @brief Execute SHA block operation - * - * @note This is a piece of a SHA algorithm, rather than an entire SHA - * algorithm. - * - * @note Call esp_sha_acquire_hardware() before calling this - * function. - * - * @param sha_type SHA algorithm to use. - * - * @param data_block Pointer to the input data. Block size is - * determined by algorithm (SHA1/SHA2_256 = 64 bytes, - * SHA2_384/SHA2_512 = 128 bytes) - * - * @param is_first_block If this parameter is true, the SHA state will - * be initialised (with the initial state of the given SHA algorithm) - * before the block is calculated. If false, the existing state of the - * SHA engine will be used. - * - */ -void esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_first_block); - -/** - * @brief Read out the current state of the SHA digest - * - * @note This is a piece of a SHA algorithm, rather than an entire SHA algorithm. - * - * @note Call esp_sha_aquire_hardware() before calling this - * function. - * - * If the SHA suffix padding block has been executed already, the - * value that is read is the SHA digest. - * Otherwise, the value that is read is an interim SHA state. - * - * @param sha_type SHA algorithm in use. - * @param digest_state Pointer to a memory buffer to hold the SHA state. Size - * is 20 bytes (SHA1), 32 bytes (SHA2_256), or 64 bytes (SHA2_384, SHA2_512). - */ -void esp_sha_read_digest_state(esp_sha_type sha_type, void *digest_state); - -/** - * @brief Set the current state of the SHA digest - * - * @note Call esp_sha_aquire_hardware() before calling this - * function. - * - * @param sha_type SHA algorithm in use. - * @param digest_state Digest state to write to hardware - */ -void esp_sha_write_digest_state(esp_sha_type sha_type, void *digest_state); - - -/** - * @brief Enables the SHA peripheral and takes the lock. - */ -void esp_sha_acquire_hardware(void); - -/** - * @brief Disables the SHA peripheral and releases the lock. - */ -void esp_sha_release_hardware(void); - - -/** - * @brief Sets the initial hash value for SHA512/t. - * - * @note Is generated according to the algorithm described in the TRM, - * chapter SHA-Accelerator - * - * @note The engine must be locked until the value is used for an operation - * or read out. Else you risk another operation overwriting it. - * - * @param t - * - * @return 0 if successful - */ -int esp_sha_512_t_init_hash(uint16_t t); - -#ifdef __cplusplus -} -#endif +#include "sha/sha_core.h" diff --git a/components/mbedtls/port/include/sha/sha_core.h b/components/mbedtls/port/include/sha/sha_core.h new file mode 100644 index 0000000000..4032c41185 --- /dev/null +++ b/components/mbedtls/port/include/sha/sha_core.h @@ -0,0 +1,178 @@ +/* + * SPDX-FileCopyrightText: 2025 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ + +#pragma once + +#include +#include "hal/sha_types.h" +#include "soc/soc_caps.h" + +/** @brief Low-level support functions for the hardware SHA engine using DMA + * + * @note If you're looking for a SHA API to use, try mbedtls component + * mbedtls/shaXX.h. That API supports hardware acceleration. + * + * The API in this header provides some building blocks for implementing a + * full SHA API such as the one in mbedtls, and also a basic SHA function esp_sha(). + * + * Some technical details about the hardware SHA engine: + * + * - The crypto DMA is shared between the SHA and AES engine, it is not + * possible for them to run calcalutions in parallel. + * + */ + +#ifdef __cplusplus +extern "C" { +#endif + +/** @brief Calculate SHA1 or SHA2 sum of some data, using hardware SHA engine + * + * @note For more versatile SHA calculations, where data doesn't need + * to be passed all at once, try the mbedTLS mbedtls/shaX.h APIs. + * + * @note It is not necessary to lock any SHA hardware before calling + * this function, thread safety is managed internally. + * + * @param sha_type SHA algorithm to use. + * + * @param input Input data buffer. + * + * @param ilen Length of input data in bytes. + * + * @param output Buffer for output SHA digest. Output is 20 bytes for + * sha_type SHA1, 28 bytes for sha_type SHA2_224, 32 bytes for + * sha_type SHA2_256, 48 bytes for sha_type SHA2_384, 64 bytes for + * sha_type SHA2_512. + */ +void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output); + +/** @brief Execute SHA block operation + * + * @note This is a piece of a SHA algorithm, rather than an entire SHA + * algorithm. + * + * @note Call esp_sha_acquire_hardware() before calling this + * function. + * + * @param sha_type SHA algorithm to use. + * + * @param data_block Pointer to the input data. Block size is + * determined by algorithm (SHA1/SHA2_256 = 64 bytes, + * SHA2_384/SHA2_512 = 128 bytes) + * + * @param is_first_block If this parameter is true, the SHA state will + * be initialised (with the initial state of the given SHA algorithm) + * before the block is calculated. If false, the existing state of the + * SHA engine will be used. + * + */ +void esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_first_block); + +#if SOC_SHA_SUPPORT_DMA +/** @brief Execute SHA block operation using DMA + * + * @note This is a piece of a SHA algorithm, rather than an entire SHA + * algorithm. + * + * @note Call esp_sha_aquire_hardware() before calling this + * function. + * + * @param sha_type SHA algorithm to use. + * + * @param input Pointer to the input data. Block size is + * determined by algorithm (SHA1/SHA2_256 = 64 bytes, + * SHA2_384/SHA2_512 = 128 bytes) + * + * @param ilen length of input data should be multiple of block length. + * + * @param buf Pointer to blocks of data that will be prepended + * to data_block before hashing. Useful when there is two sources of + * data that need to be efficiently calculated in a single SHA DMA + * operation. + * + * @param buf_len length of buf data should be multiple of block length. + * Should not be longer than the maximum amount of bytes in a single block + * (128 bytes) + * + * @param is_first_block If this parameter is true, the SHA state will + * be initialised (with the initial state of the given SHA algorithm) + * before the block is calculated. If false, the existing state of the + * SHA engine will be used. + * + * @param t The number of bits for the SHA512/t hash function, with + * output truncated to t bits. Used for calculating the initial hash. + * t is any positive integer between 1 and 512, except 384. + * + * @return 0 if successful + */ +int esp_sha_dma(esp_sha_type sha_type, const void *input, uint32_t ilen, + const void *buf, uint32_t buf_len, bool is_first_block); + +#endif /* SOC_SHA_SUPPORT_DMA */ + +/** + * @brief Read out the current state of the SHA digest + * + * @note This is a piece of a SHA algorithm, rather than an entire SHA algorithm. + * + * @note Call esp_sha_aquire_hardware() before calling this + * function. + * + * If the SHA suffix padding block has been executed already, the + * value that is read is the SHA digest. + * Otherwise, the value that is read is an interim SHA state. + * + * @param sha_type SHA algorithm in use. + * @param digest_state Pointer to a memory buffer to hold the SHA state. Size + * is 20 bytes (SHA1), 32 bytes (SHA2_256), or 64 bytes (SHA2_384, SHA2_512). + */ +void esp_sha_read_digest_state(esp_sha_type sha_type, void *digest_state); + +/** + * @brief Set the current state of the SHA digest + * + * @note Call esp_sha_aquire_hardware() before calling this + * function. + * + * When resuming a + * + * @param sha_type SHA algorithm in use. + * @param digest_state + */ +void esp_sha_write_digest_state(esp_sha_type sha_type, void *digest_state); + + +/** + * @brief Enables the SHA and crypto DMA peripheral and takes the + * locks for both of them. + */ +void esp_sha_acquire_hardware(void); + +/** + * @brief Disables the SHA and crypto DMA peripheral and releases the + * locks. + */ +void esp_sha_release_hardware(void); + +/** + * @brief Sets the initial hash value for SHA512/t. + * + * @note Is generated according to the algorithm described in the TRM, + * chapter SHA-Accelerator + * + * @note The engine must be locked until the value is used for an operation + * or read out. Else you risk another operation overwriting it. + * + * @param t + * + * @return 0 if successful + */ +int esp_sha_512_t_init_hash(uint16_t t); + +#ifdef __cplusplus +} +#endif diff --git a/components/mbedtls/port/include/sha/sha_dma.h b/components/mbedtls/port/include/sha/sha_dma.h index a92ec7e6ca..8274858884 100644 --- a/components/mbedtls/port/include/sha/sha_dma.h +++ b/components/mbedtls/port/include/sha/sha_dma.h @@ -6,147 +6,4 @@ #pragma once -#include "hal/sha_types.h" - -/** @brief Low-level support functions for the hardware SHA engine using DMA - * - * @note If you're looking for a SHA API to use, try mbedtls component - * mbedtls/shaXX.h. That API supports hardware acceleration. - * - * The API in this header provides some building blocks for implementing a - * full SHA API such as the one in mbedtls, and also a basic SHA function esp_sha(). - * - * Some technical details about the hardware SHA engine: - * - * - The crypto DMA is shared between the SHA and AES engine, it is not - * possible for them to run calcalutions in parallel. - * - */ - -#ifdef __cplusplus -extern "C" { -#endif - - -/** @brief Calculate SHA1 or SHA2 sum of some data, using hardware SHA engine - * - * @note For more versatile SHA calculations, where data doesn't need - * to be passed all at once, try the mbedTLS mbedtls/shaX.h APIs. - * - * @note It is not necessary to lock any SHA hardware before calling - * this function, thread safety is managed internally. - * - * @param sha_type SHA algorithm to use. - * - * @param input Input data buffer. - * - * @param ilen Length of input data in bytes. - * - * @param output Buffer for output SHA digest. Output is 20 bytes for - * sha_type SHA1, 28 bytes for sha_type SHA2_224, 32 bytes for - * sha_type SHA2_256, 48 bytes for sha_type SHA2_384, 64 bytes for - * sha_type SHA2_512. - */ -void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output); - -/** @brief Execute SHA block operation using DMA - * - * @note This is a piece of a SHA algorithm, rather than an entire SHA - * algorithm. - * - * @note Call esp_sha_aquire_hardware() before calling this - * function. - * - * @param sha_type SHA algorithm to use. - * - * @param input Pointer to the input data. Block size is - * determined by algorithm (SHA1/SHA2_256 = 64 bytes, - * SHA2_384/SHA2_512 = 128 bytes) - * - * @param ilen length of input data should be multiple of block length. - * - * @param buf Pointer to blocks of data that will be prepended - * to data_block before hashing. Useful when there is two sources of - * data that need to be efficiently calculated in a single SHA DMA - * operation. - * - * @param buf_len length of buf data should be multiple of block length. - * Should not be longer than the maximum amount of bytes in a single block - * (128 bytes) - * - * @param is_first_block If this parameter is true, the SHA state will - * be initialised (with the initial state of the given SHA algorithm) - * before the block is calculated. If false, the existing state of the - * SHA engine will be used. - * - * @param t The number of bits for the SHA512/t hash function, with - * output truncated to t bits. Used for calculating the initial hash. - * t is any positive integer between 1 and 512, except 384. - * - * @return 0 if successful - */ -int esp_sha_dma(esp_sha_type sha_type, const void *input, uint32_t ilen, - const void *buf, uint32_t buf_len, bool is_first_block); - -/** - * @brief Read out the current state of the SHA digest - * - * @note This is a piece of a SHA algorithm, rather than an entire SHA algorithm. - * - * @note Call esp_sha_aquire_hardware() before calling this - * function. - * - * If the SHA suffix padding block has been executed already, the - * value that is read is the SHA digest. - * Otherwise, the value that is read is an interim SHA state. - * - * @param sha_type SHA algorithm in use. - * @param digest_state Pointer to a memory buffer to hold the SHA state. Size - * is 20 bytes (SHA1), 32 bytes (SHA2_256), or 64 bytes (SHA2_384, SHA2_512). - */ -void esp_sha_read_digest_state(esp_sha_type sha_type, void *digest_state); - -/** - * @brief Set the current state of the SHA digest - * - * @note Call esp_sha_aquire_hardware() before calling this - * function. - * - * When resuming a - * - * @param sha_type SHA algorithm in use. - * @param digest_state - */ -void esp_sha_write_digest_state(esp_sha_type sha_type, void *digest_state); - - -/** - * @brief Enables the SHA and crypto DMA peripheral and takes the - * locks for both of them. - */ -void esp_sha_acquire_hardware(void); - -/** - * @brief Disables the SHA and crypto DMA peripheral and releases the - * locks. - */ -void esp_sha_release_hardware(void); - -/** - * @brief Sets the initial hash value for SHA512/t. - * - * @note Is generated according to the algorithm described in the TRM, - * chapter SHA-Accelerator - * - * @note The engine must be locked until the value is used for an operation - * or read out. Else you risk another operation overwriting it. - * - * @param t - * - * @return 0 if successful - */ -int esp_sha_512_t_init_hash(uint16_t t); - -#ifdef __cplusplus -} -#endif +#include "sha/sha_core.h" diff --git a/components/mbedtls/port/sha/block/esp_sha1.c b/components/mbedtls/port/sha/block/esp_sha1.c deleted file mode 100644 index 1e73fe5d92..0000000000 --- a/components/mbedtls/port/sha/block/esp_sha1.c +++ /dev/null @@ -1,220 +0,0 @@ -/* - * SHA-1 implementation with hardware ESP support added. - * - * SPDX-FileCopyrightText: The Mbed TLS Contributors - * - * SPDX-License-Identifier: Apache-2.0 - * - * SPDX-FileContributor: 2016-2023 Espressif Systems (Shanghai) CO LTD - */ -/* - * The SHA-1 standard was published by NIST in 1993. - * - * http://www.itl.nist.gov/fipspubs/fip180-1.htm - */ - -#include - -#if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_SHA1_ALT) - -#include "mbedtls/sha1.h" - -#include -#include - -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ - -#include "sha/sha_block.h" - -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) -{ - volatile unsigned char *p = (unsigned char *)v; - while ( n-- ) { - *p++ = 0; - } -} - -/* - * 32-bit integer manipulation macros (big endian) - */ - -#ifndef PUT_UINT32_BE -#define PUT_UINT32_BE(n,b,i) \ -{ \ - (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ - (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ - (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ - (b)[(i) + 3] = (unsigned char) ( (n) ); \ -} -#endif - -void mbedtls_sha1_init( mbedtls_sha1_context *ctx ) -{ - assert(ctx != NULL); - - memset( ctx, 0, sizeof( mbedtls_sha1_context ) ); -} - -void mbedtls_sha1_free( mbedtls_sha1_context *ctx ) -{ - if ( ctx == NULL ) { - return; - } - mbedtls_zeroize( ctx, sizeof( mbedtls_sha1_context ) ); -} - -void mbedtls_sha1_clone( mbedtls_sha1_context *dst, - const mbedtls_sha1_context *src ) -{ - memcpy(dst, src, sizeof(mbedtls_sha1_context)); -} - -/* - * SHA-1 context setup - */ -int mbedtls_sha1_starts( mbedtls_sha1_context *ctx ) -{ - ctx->total[0] = 0; - ctx->total[1] = 0; - memset( ctx, 0, sizeof( mbedtls_sha1_context ) ); - ctx->mode = SHA1; - - return 0; -} - -static void esp_internal_sha_update_state(mbedtls_sha1_context *ctx) -{ - if (ctx->sha_state == ESP_SHA1_STATE_INIT) { - ctx->first_block = true; - ctx->sha_state = ESP_SHA1_STATE_IN_PROCESS; - } else if (ctx->sha_state == ESP_SHA1_STATE_IN_PROCESS) { - ctx->first_block = false; - esp_sha_write_digest_state(ctx->mode, ctx->state); - } -} - -static void esp_internal_sha1_block_process(mbedtls_sha1_context *ctx, const uint8_t *data) -{ - esp_sha_block(SHA1, data, ctx->first_block); - - if (ctx->first_block) { - ctx->first_block = false; - } -} - -int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] ) -{ - esp_sha_acquire_hardware(); - esp_internal_sha_update_state(ctx); - esp_sha_block(ctx->mode, data, ctx->first_block); - esp_sha_read_digest_state(ctx->mode, ctx->state); - esp_sha_release_hardware(); - return 0; -} - -int mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen ) -{ - size_t fill; - uint32_t left, local_len = 0; - - if ( !ilen || (input == NULL)) { - return 0; - } - - left = ctx->total[0] & 0x3F; - fill = 64 - left; - - ctx->total[0] += (uint32_t) ilen; - ctx->total[0] &= 0xFFFFFFFF; - - if ( ctx->total[0] < (uint32_t) ilen ) { - ctx->total[1]++; - } - - if ( left && ilen >= fill ) { - memcpy( (void *) (ctx->buffer + left), input, fill ); - input += fill; - ilen -= fill; - left = 0; - local_len = 64; - } - - if ( (ilen >= 64) || local_len) { - - esp_sha_acquire_hardware(); - - esp_internal_sha_update_state(ctx); - - /* First process buffered block, if any */ - if ( local_len ) { - esp_internal_sha1_block_process(ctx, ctx->buffer); - } - - while ( ilen >= 64 ) { - esp_internal_sha1_block_process(ctx, input); - - input += 64; - ilen -= 64; - } - - esp_sha_read_digest_state(SHA1, ctx->state); - - esp_sha_release_hardware(); - - } - - if ( ilen > 0 ) { - memcpy( (void *) (ctx->buffer + left), input, ilen); - } - return 0; -} - -static const unsigned char sha1_padding[64] = { - 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; - -/* -* SHA-1 final digest - */ -int mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] ) -{ - int ret = -1; - uint32_t last, padn; - uint32_t high, low; - unsigned char msglen[8]; - - high = ( ctx->total[0] >> 29 ) - | ( ctx->total[1] << 3 ); - low = ( ctx->total[0] << 3 ); - - PUT_UINT32_BE( high, msglen, 0 ); - PUT_UINT32_BE( low, msglen, 4 ); - - last = ctx->total[0] & 0x3F; - padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - - - if ( ( ret = mbedtls_sha1_update( ctx, sha1_padding, padn ) ) != 0 ) { - return ret; - } - if ( ( ret = mbedtls_sha1_update( ctx, msglen, 8 ) ) != 0 ) { - return ret; - } - - memcpy(output, ctx->state, 20); - - return ret; -} - -#endif /* MBEDTLS_SHA1_C && MBEDTLS_SHA1_ALT */ diff --git a/components/mbedtls/port/sha/block/esp_sha512.c b/components/mbedtls/port/sha/block/esp_sha512.c deleted file mode 100644 index ebb1037577..0000000000 --- a/components/mbedtls/port/sha/block/esp_sha512.c +++ /dev/null @@ -1,289 +0,0 @@ -/* - * SHA-512 implementation with hardware ESP support added. - * - * SPDX-FileCopyrightText: The Mbed TLS Contributors - * - * SPDX-License-Identifier: Apache-2.0 - * - * SPDX-FileContributor: 2016-2023 Espressif Systems (Shanghai) CO LTD - */ -/* - * The SHA-512 Secure Hash Standard was published by NIST in 2002. - * - * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf - */ - -#include - -#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_SHA512_ALT) - -#include "mbedtls/sha512.h" - -#if defined(_MSC_VER) || defined(__WATCOMC__) -#define UL64(x) x##ui64 -#else -#define UL64(x) x##ULL -#endif - -#include -#include - -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ - -#include "sha/sha_block.h" - -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) -{ - volatile unsigned char *p = v; - while ( n-- ) { - *p++ = 0; - } -} - -/* - * 64-bit integer manipulation macros (big endian) - */ -#ifndef PUT_UINT64_BE -#define PUT_UINT64_BE(n,b,i) \ -{ \ - (b)[(i) ] = (unsigned char) ( (n) >> 56 ); \ - (b)[(i) + 1] = (unsigned char) ( (n) >> 48 ); \ - (b)[(i) + 2] = (unsigned char) ( (n) >> 40 ); \ - (b)[(i) + 3] = (unsigned char) ( (n) >> 32 ); \ - (b)[(i) + 4] = (unsigned char) ( (n) >> 24 ); \ - (b)[(i) + 5] = (unsigned char) ( (n) >> 16 ); \ - (b)[(i) + 6] = (unsigned char) ( (n) >> 8 ); \ - (b)[(i) + 7] = (unsigned char) ( (n) ); \ -} -#endif /* PUT_UINT64_BE */ - -void esp_sha512_set_mode(mbedtls_sha512_context *ctx, esp_sha_type type) -{ - switch (type) { - case SHA2_384: - case SHA2_512224: - case SHA2_512256: - case SHA2_512T: - ctx->mode = type; - break; - default: - ctx->mode = SHA2_512; - break; - } -} - - -/* For SHA512/t mode the intial hash value will depend on t */ -void esp_sha512_set_t( mbedtls_sha512_context *ctx, uint16_t t_val) -{ - ctx->t_val = t_val; -} - -void mbedtls_sha512_init( mbedtls_sha512_context *ctx ) -{ - assert(ctx != NULL); - - memset( ctx, 0, sizeof( mbedtls_sha512_context ) ); -} - -void mbedtls_sha512_free( mbedtls_sha512_context *ctx ) -{ - if ( ctx == NULL ) { - return; - } - - mbedtls_zeroize( ctx, sizeof( mbedtls_sha512_context ) ); -} - -void mbedtls_sha512_clone( mbedtls_sha512_context *dst, - const mbedtls_sha512_context *src ) -{ - memcpy(dst, src, sizeof(mbedtls_sha512_context)); -} - -/* - * SHA-512 context setup - */ -int mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 ) -{ - mbedtls_zeroize( ctx, sizeof( mbedtls_sha512_context ) ); - - if ( is384 ) { - ctx->mode = SHA2_384; - } else { - ctx->mode = SHA2_512; - } - - return 0; -} - -static int esp_internal_sha_update_state(mbedtls_sha512_context *ctx) -{ - if (ctx->sha_state == ESP_SHA512_STATE_INIT) { - if (ctx->mode == SHA2_512T) { - int ret = -1; - if ((ret = esp_sha_512_t_init_hash(ctx->t_val)) != 0) { - return ret; - } - ctx->first_block = false; - } else { - ctx->first_block = true; - } - ctx->sha_state = ESP_SHA512_STATE_IN_PROCESS; - - } else if (ctx->sha_state == ESP_SHA512_STATE_IN_PROCESS) { - ctx->first_block = false; - esp_sha_write_digest_state(ctx->mode, ctx->state); - } - return 0; -} - -static void esp_internal_sha512_block_process(mbedtls_sha512_context *ctx, const uint8_t *data) -{ - esp_sha_block(ctx->mode, data, ctx->first_block); - - if (ctx->first_block) { - ctx->first_block = false; - } -} - -int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, const unsigned char data[128] ) -{ - int ret = -1; - esp_sha_acquire_hardware(); - - ret = esp_internal_sha_update_state(ctx); - if (ret != 0) { - esp_sha_release_hardware(); - return ret; - } - - esp_sha_block(ctx->mode, data, ctx->first_block); - esp_sha_read_digest_state(ctx->mode, ctx->state); - esp_sha_release_hardware(); - return ret; -} - -/* - * SHA-512 process buffer - */ -int mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *input, - size_t ilen ) -{ - size_t fill; - unsigned int left, local_len = 0; - - if ( ilen == 0 ) { - return 0; - } - - left = (unsigned int) (ctx->total[0] & 0x7F); - fill = 128 - left; - - ctx->total[0] += (uint64_t) ilen; - - if ( ctx->total[0] < (uint64_t) ilen ) { - ctx->total[1]++; - } - - if ( left && ilen >= fill ) { - memcpy( (void *) (ctx->buffer + left), input, fill ); - - input += fill; - ilen -= fill; - left = 0; - local_len = 128; - } - - - if ( (ilen >= 128) || local_len) { - - esp_sha_acquire_hardware(); - - int ret = esp_internal_sha_update_state(ctx); - - if (ret != 0) { - esp_sha_release_hardware(); - return ret; - } - - /* First process buffered block, if any */ - if ( local_len ) { - esp_internal_sha512_block_process(ctx, ctx->buffer); - } - - while ( ilen >= 128 ) { - esp_internal_sha512_block_process(ctx, input); - - input += 128; - ilen -= 128; - } - esp_sha_read_digest_state(ctx->mode, ctx->state); - - esp_sha_release_hardware(); - } - - if ( ilen > 0 ) { - memcpy( (void *) (ctx->buffer + left), input, ilen); - } - - return 0; -} - -static const unsigned char sha512_padding[128] = { - 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; - -/* - * SHA-512 final digest - */ -int mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char *output ) -{ - int ret = -1; - size_t last, padn; - uint64_t high, low; - unsigned char msglen[16]; - - high = ( ctx->total[0] >> 61 ) - | ( ctx->total[1] << 3 ); - low = ( ctx->total[0] << 3 ); - - PUT_UINT64_BE( high, msglen, 0 ); - PUT_UINT64_BE( low, msglen, 8 ); - - last = (size_t)( ctx->total[0] & 0x7F ); - padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last ); - - if ( ( ret = mbedtls_sha512_update( ctx, sha512_padding, padn ) ) != 0 ) { - return ret; - } - - if ( ( ret = mbedtls_sha512_update( ctx, msglen, 16 ) ) != 0 ) { - return ret; - } - - if (ctx->mode == SHA2_384) { - memcpy(output, ctx->state, 48); - } else { - memcpy(output, ctx->state, 64); - } - - return ret; -} - -#endif /* MBEDTLS_SHA512_C && MBEDTLS_SHA512_ALT */ diff --git a/components/mbedtls/port/sha/block/sha.c b/components/mbedtls/port/sha/block/sha.c deleted file mode 100644 index 1ba617190f..0000000000 --- a/components/mbedtls/port/sha/block/sha.c +++ /dev/null @@ -1,82 +0,0 @@ -/* - * SPDX-FileCopyrightText: 2022-2024 Espressif Systems (Shanghai) CO LTD - * - * SPDX-License-Identifier: Apache-2.0 - */ -#include -#include - -#include "soc/soc_caps.h" -#include "soc/periph_defs.h" -#include "esp_private/esp_crypto_lock_internal.h" -#include "esp_private/periph_ctrl.h" - -#include "sha/sha_block.h" -#include "hal/sha_hal.h" -#include "hal/sha_ll.h" - - -static _lock_t s_sha_lock; - -void esp_sha_write_digest_state(esp_sha_type sha_type, void *digest_state) -{ - sha_hal_write_digest(sha_type, digest_state); -} - -void esp_sha_read_digest_state(esp_sha_type sha_type, void *digest_state) -{ - sha_hal_read_digest(sha_type, digest_state); -} - -/* Return block size (in bytes) for a given SHA type */ -inline static size_t block_length(esp_sha_type type) -{ - switch (type) { - case SHA1: - case SHA2_224: - case SHA2_256: - return 64; -#if SOC_SHA_SUPPORT_SHA384 - case SHA2_384: -#endif -#if SOC_SHA_SUPPORT_SHA512 - case SHA2_512: -#endif -#if SOC_SHA_SUPPORT_SHA512_T - case SHA2_512224: - case SHA2_512256: - case SHA2_512T: -#endif - return 128; - default: - return 0; - } -} - - -/* Lock the SHA peripheral and then enable it */ -void esp_sha_acquire_hardware() -{ - _lock_acquire(&s_sha_lock); /* Released when releasing hw with esp_sha_release_hardware() */ - - SHA_RCC_ATOMIC() { - sha_ll_enable_bus_clock(true); - sha_ll_reset_register(); - } -} - -/* Disable SHA peripheral block and then release it */ -void esp_sha_release_hardware() -{ - SHA_RCC_ATOMIC() { - sha_ll_enable_bus_clock(false); - } - - _lock_release(&s_sha_lock); -} - - -void esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_first_block) -{ - sha_hal_hash_block(sha_type, data_block, block_length(sha_type) / 4, is_first_block); -} diff --git a/components/mbedtls/port/sha/dma/esp_sha1.c b/components/mbedtls/port/sha/core/esp_sha1.c similarity index 77% rename from components/mbedtls/port/sha/dma/esp_sha1.c rename to components/mbedtls/port/sha/core/esp_sha1.c index 409a1d1d51..c54b9039b5 100644 --- a/components/mbedtls/port/sha/dma/esp_sha1.c +++ b/components/mbedtls/port/sha/core/esp_sha1.c @@ -5,7 +5,7 @@ * * SPDX-License-Identifier: Apache-2.0 * - * SPDX-FileContributor: 2016-2023 Espressif Systems (Shanghai) CO LTD + * SPDX-FileContributor: 2016-2025 Espressif Systems (Shanghai) CO LTD */ /* * The SHA-1 standard was published by NIST in 1993. @@ -20,6 +20,8 @@ #include "mbedtls/sha1.h" #include +#include +#include #if defined(MBEDTLS_SELF_TEST) #if defined(MBEDTLS_PLATFORM_C) @@ -30,7 +32,8 @@ #endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_SELF_TEST */ -#include "sha/sha_dma.h" +#include "esp_sha_internal.h" +#include "sha/sha_core.h" /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) @@ -81,7 +84,6 @@ int mbedtls_sha1_starts( mbedtls_sha1_context *ctx ) { ctx->total[0] = 0; ctx->total[1] = 0; - memset( ctx, 0, sizeof( mbedtls_sha1_context ) ); ctx->mode = SHA1; @@ -99,28 +101,36 @@ static void esp_internal_sha_update_state(mbedtls_sha1_context *ctx) } } -static int esp_internal_sha1_dma_process(mbedtls_sha1_context *ctx, - const uint8_t *data, size_t len, - uint8_t *buf, size_t buf_len) +static void esp_internal_sha1_block_process(mbedtls_sha1_context *ctx, const uint8_t *data) { - return esp_sha_dma(SHA1, data, len, buf, buf_len, ctx->first_block); + esp_sha_block(SHA1, data, ctx->first_block); + + if (ctx->first_block) { + ctx->first_block = false; + } } int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] ) { - int ret = -1; esp_sha_acquire_hardware(); esp_internal_sha_update_state(ctx); - ret = esp_sha_dma(ctx->mode, data, 64, 0, 0, ctx->first_block); - if (ret != 0) { - esp_sha_release_hardware(); - return ret; +#if SOC_SHA_SUPPORT_DMA + if (sha_operation_mode(64) == SHA_DMA_MODE) { + int ret = esp_sha_dma(SHA1, data, 64, NULL, 0, ctx->first_block); + if (ret != 0) { + esp_sha_release_hardware(); + return ret; + } + } else +#endif /* SOC_SHA_SUPPORT_DMA */ + { + esp_sha_block(ctx->mode, data, ctx->first_block); } esp_sha_read_digest_state(ctx->mode, ctx->state); esp_sha_release_hardware(); - return ret; + return 0; } int mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen ) @@ -144,7 +154,6 @@ int mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, if ( left && ilen >= fill ) { memcpy( (void *) (ctx->buffer + left), input, fill ); - input += fill; ilen -= fill; left = 0; @@ -152,16 +161,33 @@ int mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, } len = (ilen / 64) * 64; + if ( len || local_len) { esp_sha_acquire_hardware(); esp_internal_sha_update_state(ctx); - int ret = esp_internal_sha1_dma_process(ctx, input, len, ctx->buffer, local_len); - if (ret != 0) { - esp_sha_release_hardware(); - return ret; +#if SOC_SHA_SUPPORT_DMA + if (sha_operation_mode(len) == SHA_DMA_MODE) { + int ret = esp_sha_dma(SHA1, input, len, ctx->buffer, local_len, ctx->first_block); + if (ret != 0) { + esp_sha_release_hardware(); + return ret; + } + } else +#endif /* SOC_SHA_SUPPORT_DMA */ + { + /* First process buffered block, if any */ + if ( local_len ) { + esp_internal_sha1_block_process(ctx, ctx->buffer); + } + + uint32_t length_processed = 0; + while ( len - length_processed > 0 ) { + esp_internal_sha1_block_process(ctx, input + length_processed); + length_processed += 64; + } } esp_sha_read_digest_state(SHA1, ctx->state); @@ -173,7 +199,6 @@ int mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, if ( ilen > 0 ) { memcpy( (void *) (ctx->buffer + left), input + len, ilen - len ); } - return 0; } diff --git a/components/mbedtls/port/sha/block/esp_sha256.c b/components/mbedtls/port/sha/core/esp_sha256.c similarity index 79% rename from components/mbedtls/port/sha/block/esp_sha256.c rename to components/mbedtls/port/sha/core/esp_sha256.c index fabd3c240a..206ff5ad9c 100644 --- a/components/mbedtls/port/sha/block/esp_sha256.c +++ b/components/mbedtls/port/sha/core/esp_sha256.c @@ -5,7 +5,7 @@ * * SPDX-License-Identifier: Apache-2.0 * - * SPDX-FileContributor: 2016-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileContributor: 2016-2025 Espressif Systems (Shanghai) CO LTD */ /* * The SHA-256 Secure Hash Standard was published by NIST in 2002. @@ -20,6 +20,7 @@ #include "mbedtls/sha256.h" #include +#include #include #if defined(MBEDTLS_SELF_TEST) @@ -31,7 +32,8 @@ #endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_SELF_TEST */ -#include "sha/sha_block.h" +#include "esp_sha_internal.h" +#include "sha/sha_core.h" /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) @@ -67,8 +69,6 @@ do { \ void mbedtls_sha256_init( mbedtls_sha256_context *ctx ) { - assert(ctx != NULL); - memset( ctx, 0, sizeof( mbedtls_sha256_context ) ); } @@ -127,7 +127,20 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, const unsigned { esp_sha_acquire_hardware(); esp_internal_sha_update_state(ctx); - esp_sha_block(ctx->mode, data, ctx->first_block); + +#if SOC_SHA_SUPPORT_DMA + if (sha_operation_mode(64) == SHA_DMA_MODE) { + int ret = esp_sha_dma(ctx->mode, data, 64, NULL, 0, ctx->first_block); + if (ret != 0) { + esp_sha_release_hardware(); + return ret; + } + } else +#endif /* SOC_SHA_SUPPORT_DMA */ + { + esp_sha_block(ctx->mode, data, ctx->first_block); + } + esp_sha_read_digest_state(ctx->mode, ctx->state); esp_sha_release_hardware(); return 0; @@ -140,7 +153,7 @@ int mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *inp size_t ilen ) { size_t fill; - uint32_t left, local_len = 0; + uint32_t left, len, local_len = 0; if ( ilen == 0 ) { return 0; @@ -166,31 +179,42 @@ int mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *inp local_len = 64; } - if ( (ilen >= 64) || local_len) { + len = (ilen / 64) * 64; + if ( len || local_len) { esp_sha_acquire_hardware(); esp_internal_sha_update_state(ctx); - /* First process buffered block, if any */ - if ( local_len ) { - esp_internal_sha256_block_process(ctx, ctx->buffer); +#if SOC_SHA_SUPPORT_DMA + if (sha_operation_mode(len) == SHA_DMA_MODE) { + int ret = esp_sha_dma(ctx->mode, input, len, ctx->buffer, local_len, ctx->first_block); + if (ret != 0) { + esp_sha_release_hardware(); + return ret; + } + } else +#endif /* SOC_SHA_SUPPORT_DMA */ + { + /* First process buffered block, if any */ + if ( local_len ) { + esp_internal_sha256_block_process(ctx, ctx->buffer); + } + + uint32_t length_processed = 0; + while ( len - length_processed > 0 ) { + esp_internal_sha256_block_process(ctx, input + length_processed); + length_processed += 64; + } } - while ( ilen >= 64 ) { - esp_internal_sha256_block_process(ctx, input); - - input += 64; - ilen -= 64; - } esp_sha_read_digest_state(ctx->mode, ctx->state); esp_sha_release_hardware(); - } if ( ilen > 0 ) { - memcpy( (void *) (ctx->buffer + left), input, ilen); + memcpy( (void *) (ctx->buffer + left), input + len, ilen - len ); } return 0; diff --git a/components/mbedtls/port/sha/dma/esp_sha512.c b/components/mbedtls/port/sha/core/esp_sha512.c similarity index 81% rename from components/mbedtls/port/sha/dma/esp_sha512.c rename to components/mbedtls/port/sha/core/esp_sha512.c index 4e5bfa0038..63f35e3025 100644 --- a/components/mbedtls/port/sha/dma/esp_sha512.c +++ b/components/mbedtls/port/sha/core/esp_sha512.c @@ -5,7 +5,7 @@ * * SPDX-License-Identifier: Apache-2.0 * - * SPDX-FileContributor: 2016-2023 Espressif Systems (Shanghai) CO LTD + * SPDX-FileContributor: 2016-2025 Espressif Systems (Shanghai) CO LTD */ /* * The SHA-512 Secure Hash Standard was published by NIST in 2002. @@ -26,6 +26,8 @@ #endif #include +#include +#include #if defined(MBEDTLS_SELF_TEST) #if defined(MBEDTLS_PLATFORM_C) @@ -36,7 +38,8 @@ #endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_SELF_TEST */ -#include "sha/sha_dma.h" +#include "esp_sha_internal.h" +#include "sha/sha_core.h" /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) @@ -79,8 +82,7 @@ void esp_sha512_set_mode(mbedtls_sha512_context *ctx, esp_sha_type type) } } - -/* For SHA512/t mode the intial hash value will depend on t */ +/* For SHA512/t mode the initial hash value will depend on t */ void esp_sha512_set_t( mbedtls_sha512_context *ctx, uint16_t t_val) { ctx->t_val = t_val; @@ -135,6 +137,7 @@ static int esp_internal_sha_update_state(mbedtls_sha512_context *ctx) ctx->first_block = true; } ctx->sha_state = ESP_SHA512_STATE_IN_PROCESS; + } else if (ctx->sha_state == ESP_SHA512_STATE_IN_PROCESS) { ctx->first_block = false; esp_sha_write_digest_state(ctx->mode, ctx->state); @@ -142,20 +145,19 @@ static int esp_internal_sha_update_state(mbedtls_sha512_context *ctx) return 0; } -static int esp_internal_sha512_dma_process(mbedtls_sha512_context *ctx, - const uint8_t *data, size_t len, - uint8_t *buf, size_t buf_len) +static void esp_internal_sha512_block_process(mbedtls_sha512_context *ctx, const uint8_t *data) { + esp_sha_block(ctx->mode, data, ctx->first_block); - - return esp_sha_dma(ctx->mode, data, len, buf, buf_len, ctx->first_block); - - + if (ctx->first_block) { + ctx->first_block = false; + } } int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, const unsigned char data[128] ) { int ret = -1; + esp_sha_acquire_hardware(); ret = esp_internal_sha_update_state(ctx); @@ -164,17 +166,22 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, const unsigned return ret; } - ret = esp_internal_sha512_dma_process(ctx, data, 128, 0, 0); - if (ret != 0) { - esp_sha_release_hardware(); - return ret; +#if SOC_SHA_SUPPORT_DMA + if (sha_operation_mode(128) == SHA_DMA_MODE) { + ret = esp_sha_dma(ctx->mode, data, 128, NULL, 0, ctx->first_block); + if (ret != 0) { + esp_sha_release_hardware(); + return ret; + } + } else +#endif /* SOC_SHA_SUPPORT_DMA */ + { + esp_sha_block(ctx->mode, data, ctx->first_block); } esp_sha_read_digest_state(ctx->mode, ctx->state); esp_sha_release_hardware(); - return ret; - } /* @@ -209,7 +216,6 @@ int mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *inp } len = (ilen / 128) * 128; - if ( len || local_len) { esp_sha_acquire_hardware(); @@ -221,20 +227,33 @@ int mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *inp return ret; } - ret = esp_internal_sha512_dma_process(ctx, input, len, ctx->buffer, local_len); +#if SOC_SHA_SUPPORT_DMA + if (sha_operation_mode(len) == SHA_DMA_MODE) { + ret = esp_sha_dma(ctx->mode, input, len, ctx->buffer, local_len, ctx->first_block); + if (ret != 0) { + esp_sha_release_hardware(); + return ret; + } + } else +#endif /* SOC_SHA_SUPPORT_DMA */ + { + /* First process buffered block, if any */ + if ( local_len ) { + esp_internal_sha512_block_process(ctx, ctx->buffer); + } - if (ret != 0) { - esp_sha_release_hardware(); - return ret; + uint32_t length_processed = 0; + while ( len - length_processed > 0 ) { + esp_internal_sha512_block_process(ctx, input + length_processed); + length_processed += 128; + } } esp_sha_read_digest_state(ctx->mode, ctx->state); esp_sha_release_hardware(); - } - if ( ilen > 0 ) { memcpy( (void *) (ctx->buffer + left), input + len, ilen - len ); } diff --git a/components/mbedtls/port/sha/dma/esp_sha_crypto_dma_impl.c b/components/mbedtls/port/sha/core/esp_sha_crypto_dma_impl.c similarity index 99% rename from components/mbedtls/port/sha/dma/esp_sha_crypto_dma_impl.c rename to components/mbedtls/port/sha/core/esp_sha_crypto_dma_impl.c index c1554d45a8..775e32d530 100644 --- a/components/mbedtls/port/sha/dma/esp_sha_crypto_dma_impl.c +++ b/components/mbedtls/port/sha/core/esp_sha_crypto_dma_impl.c @@ -3,15 +3,12 @@ * * SPDX-License-Identifier: Apache-2.0 */ - +#include "soc/soc_caps.h" #include "esp_sha_dma_priv.h" - -#include "soc/soc_caps.h" #include "soc/crypto_dma_reg.h" #include "hal/crypto_dma_ll.h" - esp_err_t esp_sha_dma_start(const crypto_dma_desc_t *input) { crypto_dma_ll_set_mode(CRYPTO_DMA_SHA); diff --git a/components/mbedtls/port/sha/dma/esp_sha_gdma_impl.c b/components/mbedtls/port/sha/core/esp_sha_gdma_impl.c similarity index 100% rename from components/mbedtls/port/sha/dma/esp_sha_gdma_impl.c rename to components/mbedtls/port/sha/core/esp_sha_gdma_impl.c diff --git a/components/mbedtls/port/sha/dma/include/esp_sha_dma_priv.h b/components/mbedtls/port/sha/core/include/esp_sha_dma_priv.h similarity index 90% rename from components/mbedtls/port/sha/dma/include/esp_sha_dma_priv.h rename to components/mbedtls/port/sha/core/include/esp_sha_dma_priv.h index be1e4aec1b..17247754a1 100644 --- a/components/mbedtls/port/sha/dma/include/esp_sha_dma_priv.h +++ b/components/mbedtls/port/sha/core/include/esp_sha_dma_priv.h @@ -14,6 +14,7 @@ extern "C" { #endif +#if SOC_SHA_SUPPORT_DMA /** * @brief Start the DMA engine * @@ -23,7 +24,7 @@ extern "C" { * - ESP_ERR_INVALID_STATE: No DMA channel available */ esp_err_t esp_sha_dma_start(const crypto_dma_desc_t *input); - +#endif /* SOC_SHA_SUPPORT_DMA */ #ifdef __cplusplus } diff --git a/components/mbedtls/port/sha/core/include/esp_sha_internal.h b/components/mbedtls/port/sha/core/include/esp_sha_internal.h new file mode 100644 index 0000000000..34374d5b1f --- /dev/null +++ b/components/mbedtls/port/sha/core/include/esp_sha_internal.h @@ -0,0 +1,59 @@ +/* + * SPDX-FileCopyrightText: 2025 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ + +#pragma once + +#include +#include +#include "soc/soc_caps.h" +#include "sdkconfig.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#if SOC_SHA_SUPPORT_DMA +/* + * SHA operations for input data length below the threshold would use the block mode of the SHA peripheral. + * The SHA peripheral's block mode is faster for smaller lengths of input data as compared to the DMA mode + * because, the DMA mode involves various overheads like setting up the DMA descriptors. + * + * The below threshold numbers vary for some SoCs due to some properties that these SoCs hold, + * like the cache type involved and its configurations, multi-core systems, DMA architectures, etc. + * + * For future SoCs with different and newer properties, this threshold value may require fine-tuning. + * These values are calculated by performing a SHA operation in purely DMA mode versus purely block + * mode for various lengths of the input data. + */ +#if CONFIG_IDF_TARGET_ESP32P4 +#define SHA_DMA_MODE_THRESHOLD 512 +#elif CONFIG_IDF_TARGET_ESP32S3 +#define SHA_DMA_MODE_THRESHOLD 256 +#else +#define SHA_DMA_MODE_THRESHOLD 128 +#endif +#endif /* SOC_SHA_SUPPORT_DMA */ + +typedef enum { + SHA_BLOCK_MODE, +#if SOC_SHA_SUPPORT_DMA + SHA_DMA_MODE, +#endif /* SOC_SHA_SUPPORT_DMA */ +} esp_sha_mode; + +static inline esp_sha_mode sha_operation_mode(size_t length) +{ +#if SOC_SHA_SUPPORT_DMA + if (length > SHA_DMA_MODE_THRESHOLD) { + return SHA_DMA_MODE; + } else +#endif /* SOC_SHA_SUPPORT_DMA */ + return SHA_BLOCK_MODE; +} + +#ifdef __cplusplus +} +#endif diff --git a/components/mbedtls/port/sha/dma/sha.c b/components/mbedtls/port/sha/core/sha.c similarity index 83% rename from components/mbedtls/port/sha/dma/sha.c rename to components/mbedtls/port/sha/core/sha.c index 31f89d7d7f..84e11396af 100644 --- a/components/mbedtls/port/sha/dma/sha.c +++ b/components/mbedtls/port/sha/core/sha.c @@ -1,39 +1,27 @@ /* - * ESP hardware accelerated SHA1/256/512 implementation - * based on mbedTLS FIPS-197 compliant version. + * SPDX-FileCopyrightText: 2025 Espressif Systems (Shanghai) CO LTD * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2016-2020, Espressif Systems (Shanghai) PTE Ltd - * SPDX-License-Identifier: Apache-2.0 + * SPDX-License-Identifier: Apache-2.0 * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at + * ESP hardware accelerated SHA1/256/512 implementation + * based on mbedTLS FIPS-197 compliant version. * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -/* - * The SHA-1 standard was published by NIST in 1993. - * - * http://www.itl.nist.gov/fipspubs/fip180-1.htm */ #include +#include #include -#include -#include "esp_private/esp_crypto_lock_internal.h" - -#include "esp_log.h" -#include "esp_memory_utils.h" #include "esp_crypto_lock.h" +#include "esp_private/esp_crypto_lock_internal.h" +#include "esp_log.h" +#include "sha/sha_core.h" +#include "hal/sha_hal.h" +#include "hal/sha_ll.h" +#include "soc/soc_caps.h" + +#if SOC_SHA_SUPPORT_DMA +#include "esp_memory_utils.h" #include "esp_attr.h" #include "esp_crypto_dma.h" #include "esp_heap_caps.h" @@ -51,10 +39,6 @@ #include "esp_private/periph_ctrl.h" #include "sys/param.h" -#include "sha/sha_dma.h" -#include "hal/sha_hal.h" -#include "hal/sha_ll.h" -#include "soc/soc_caps.h" #include "esp_sha_dma_priv.h" #include "sdkconfig.h" @@ -62,22 +46,10 @@ #include "esp_flash_encrypt.h" #endif /* SOC_AXI_DMA_EXT_MEM_ENC_ALIGNMENT */ -#if SOC_SHA_GDMA -#if !ESP_TEE_BUILD -#define SHA_LOCK() esp_crypto_sha_aes_lock_acquire() -#define SHA_RELEASE() esp_crypto_sha_aes_lock_release() -#else -#define SHA_RCC_ATOMIC() -#define SHA_LOCK() -#define SHA_RELEASE() -#endif -#elif SOC_SHA_CRYPTO_DMA -#define SHA_LOCK() esp_crypto_dma_lock_acquire() -#define SHA_RELEASE() esp_crypto_dma_lock_release() +#if SOC_SHA_CRYPTO_DMA #include "hal/crypto_dma_ll.h" #endif - -const static char *TAG = "esp-sha"; +#endif /* SOC_SHA_SUPPORT_DMA */ void esp_sha_write_digest_state(esp_sha_type sha_type, void *digest_state) { @@ -114,26 +86,26 @@ inline static size_t block_length(esp_sha_type type) } } - /* Enable SHA peripheral and then lock it */ -void esp_sha_acquire_hardware() +void esp_sha_acquire_hardware(void) { - SHA_LOCK(); /* Released when releasing hw with esp_sha_release_hardware() */ +#if !ESP_TEE_BUILD + /* Released when releasing hw with esp_sha_release_hardware() */ + esp_crypto_sha_aes_lock_acquire(); +#endif SHA_RCC_ATOMIC() { sha_ll_enable_bus_clock(true); -#if SOC_AES_CRYPTO_DMA - crypto_dma_ll_enable_bus_clock(true); -#endif sha_ll_reset_register(); #if SOC_AES_CRYPTO_DMA + crypto_dma_ll_enable_bus_clock(true); crypto_dma_ll_reset_register(); #endif } } /* Disable SHA peripheral block and then release it */ -void esp_sha_release_hardware() +void esp_sha_release_hardware(void) { SHA_RCC_ATOMIC() { sha_ll_enable_bus_clock(false); @@ -142,9 +114,20 @@ void esp_sha_release_hardware() #endif } - SHA_RELEASE(); +#if !ESP_TEE_BUILD + esp_crypto_sha_aes_lock_release(); +#endif } +void esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_first_block) +{ + sha_hal_hash_block(sha_type, data_block, block_length(sha_type) / 4, is_first_block); +} + +#if SOC_SHA_SUPPORT_DMA + +const static char *TAG = "esp-sha"; + static bool s_check_dma_capable(const void *p) { bool is_capable = false; @@ -157,26 +140,21 @@ static bool s_check_dma_capable(const void *p) } /* Hash the input block by block, using non-DMA mode */ -static void esp_sha_block_mode(esp_sha_type sha_type, const uint8_t *input, uint32_t ilen, - const uint8_t *buf, uint32_t buf_len, bool is_first_block) +static void esp_sha_block_mode_fallback(esp_sha_type sha_type, const uint8_t *input, uint32_t ilen, + const uint8_t *buf, uint32_t buf_len, bool is_first_block) { - size_t blk_len = 0; - size_t blk_word_len = 0; - int num_block = 0; - - blk_len = block_length(sha_type); + size_t blk_len = block_length(sha_type); assert(blk_len != 0); - blk_word_len = blk_len / 4; - num_block = ilen / blk_len; + int num_block = ilen / blk_len; if (buf_len != 0) { - sha_hal_hash_block(sha_type, buf, blk_word_len, is_first_block); + esp_sha_block(sha_type, buf, is_first_block); is_first_block = false; } for (int i = 0; i < num_block; i++) { - sha_hal_hash_block(sha_type, input + blk_len * i, blk_word_len, is_first_block); + esp_sha_block(sha_type, input + blk_len * i, is_first_block); is_first_block = false; } } @@ -346,7 +324,7 @@ int esp_sha_dma(esp_sha_type sha_type, const void *input, uint32_t ilen, /* DMA cannot access memory in flash, hash block by block instead of using DMA */ if (!s_check_dma_capable(input) && (ilen != 0)) { - esp_sha_block_mode(sha_type, input, ilen, buf, buf_len, is_first_block); + esp_sha_block_mode_fallback(sha_type, input, ilen, buf, buf_len, is_first_block); return 0; } @@ -407,3 +385,4 @@ cleanup: free(dma_cap_buf); return ret; } +#endif /* SOC_SHA_SUPPORT_DMA */ diff --git a/components/mbedtls/port/sha/dma/esp_sha256.c b/components/mbedtls/port/sha/dma/esp_sha256.c deleted file mode 100644 index b7aaf2ddfd..0000000000 --- a/components/mbedtls/port/sha/dma/esp_sha256.c +++ /dev/null @@ -1,234 +0,0 @@ -/* - * SHA-256 implementation with hardware ESP support added. - * - * SPDX-FileCopyrightText: The Mbed TLS Contributors - * - * SPDX-License-Identifier: Apache-2.0 - * - * SPDX-FileContributor: 2016-2024 Espressif Systems (Shanghai) CO LTD - */ -/* - * The SHA-256 Secure Hash Standard was published by NIST in 2002. - * - * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf - */ - -#include - -#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_SHA256_ALT) - -#include "mbedtls/sha256.h" - -#include - -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ - -#include "sha/sha_dma.h" - -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) -{ - volatile unsigned char *p = v; - while ( n-- ) { - *p++ = 0; - } -} - -/* - * 32-bit integer manipulation macros (big endian) - */ -#ifndef GET_UINT32_BE -#define GET_UINT32_BE(n,b,i) \ -do { \ - (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ - | ( (uint32_t) (b)[(i) + 1] << 16 ) \ - | ( (uint32_t) (b)[(i) + 2] << 8 ) \ - | ( (uint32_t) (b)[(i) + 3] ); \ -} while( 0 ) -#endif - -#ifndef PUT_UINT32_BE -#define PUT_UINT32_BE(n,b,i) \ -do { \ - (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ - (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ - (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ - (b)[(i) + 3] = (unsigned char) ( (n) ); \ -} while( 0 ) -#endif - -void mbedtls_sha256_init( mbedtls_sha256_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_sha256_context ) ); -} - -void mbedtls_sha256_free( mbedtls_sha256_context *ctx ) -{ - if ( ctx == NULL ) { - return; - } - - mbedtls_zeroize( ctx, sizeof( mbedtls_sha256_context ) ); -} - -void mbedtls_sha256_clone( mbedtls_sha256_context *dst, - const mbedtls_sha256_context *src ) -{ - *dst = *src; -} - -/* - * SHA-256 context setup - */ -int mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 ) -{ - memset( ctx, 0, sizeof( mbedtls_sha256_context ) ); - - if ( is224 ) { - ctx->mode = SHA2_224; - } else { - ctx->mode = SHA2_256; - } - - return 0; -} - -static void esp_internal_sha_update_state(mbedtls_sha256_context *ctx) -{ - if (ctx->sha_state == ESP_SHA256_STATE_INIT) { - ctx->first_block = true; - ctx->sha_state = ESP_SHA256_STATE_IN_PROCESS; - } else if (ctx->sha_state == ESP_SHA256_STATE_IN_PROCESS) { - ctx->first_block = false; - esp_sha_write_digest_state(ctx->mode, ctx->state); - } -} - -int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] ) -{ - int ret = -1; - esp_sha_acquire_hardware(); - esp_internal_sha_update_state(ctx); - - ret = esp_sha_dma(ctx->mode, data, 64, 0, 0, ctx->first_block); - if (ret != 0) { - esp_sha_release_hardware(); - return ret; - } - - esp_sha_read_digest_state(ctx->mode, ctx->state); - esp_sha_release_hardware(); - - return ret; -} - -/* - * SHA-256 process buffer - */ -int mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input, - size_t ilen ) -{ - size_t fill; - uint32_t left, len, local_len = 0; - - if ( ilen == 0 ) { - return 0; - } - - left = ctx->total[0] & 0x3F; - fill = 64 - left; - - ctx->total[0] += (uint32_t) ilen; - ctx->total[0] &= 0xFFFFFFFF; - - if ( ctx->total[0] < (uint32_t) ilen ) { - ctx->total[1]++; - } - - /* Check if any data pending from previous call to this API */ - if ( left && ilen >= fill ) { - memcpy( (void *) (ctx->buffer + left), input, fill ); - - input += fill; - ilen -= fill; - left = 0; - local_len = 64; - } - - len = (ilen / 64) * 64; - - if ( len || local_len) { - esp_sha_acquire_hardware(); - esp_internal_sha_update_state(ctx); - - int ret = esp_sha_dma(ctx->mode, input, len, ctx->buffer, local_len, ctx->first_block); - - if (ret != 0) { - esp_sha_release_hardware(); - return ret; - } - - esp_sha_read_digest_state(ctx->mode, ctx->state); - - esp_sha_release_hardware(); - } - - if ( ilen > 0 ) { - memcpy( (void *) (ctx->buffer + left), input + len, ilen - len ); - } - - return 0; -} - -static const unsigned char sha256_padding[64] = { - 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; - -/* - * SHA-256 final digest - */ -int mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char *output ) -{ - int ret = -1; - uint32_t last, padn; - uint32_t high, low; - unsigned char msglen[8]; - - high = ( ctx->total[0] >> 29 ) - | ( ctx->total[1] << 3 ); - low = ( ctx->total[0] << 3 ); - - PUT_UINT32_BE( high, msglen, 0 ); - PUT_UINT32_BE( low, msglen, 4 ); - - last = ctx->total[0] & 0x3F; - padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - - if ( ( ret = mbedtls_sha256_update( ctx, sha256_padding, padn ) ) != 0 ) { - return ret; - } - - if ( ( ret = mbedtls_sha256_update( ctx, msglen, 8 ) ) != 0 ) { - return ret; - } - - if (ctx->mode == SHA2_224) { - memcpy(output, ctx->state, 28); - } else { - memcpy(output, ctx->state, 32); - } - - return ret; -} - -#endif /* MBEDTLS_SHA256_C && MBEDTLS_SHA256_ALT */ diff --git a/components/mbedtls/port/sha/esp_sha.c b/components/mbedtls/port/sha/esp_sha.c index 048697425e..e0882987d5 100644 --- a/components/mbedtls/port/sha/esp_sha.c +++ b/components/mbedtls/port/sha/esp_sha.c @@ -18,10 +18,8 @@ #if SOC_SHA_SUPPORT_PARALLEL_ENG #include "sha/sha_parallel_engine.h" -#elif SOC_SHA_SUPPORT_DMA -#include "sha/sha_dma.h" #else -#include "sha/sha_block.h" +#include "sha/sha_core.h" #endif static const char *TAG = "esp_sha"; diff --git a/components/wpa_supplicant/test_apps/main/test_wpa_supplicant_main.c b/components/wpa_supplicant/test_apps/main/test_wpa_supplicant_main.c index ea7a63123f..c206b4bf1d 100644 --- a/components/wpa_supplicant/test_apps/main/test_wpa_supplicant_main.c +++ b/components/wpa_supplicant/test_apps/main/test_wpa_supplicant_main.c @@ -12,10 +12,8 @@ #include "soc/soc_caps.h" #if SOC_SHA_SUPPORT_PARALLEL_ENG #include "sha/sha_parallel_engine.h" -#elif SOC_SHA_SUPPORT_DMA -#include "sha/sha_dma.h" #else -#include "sha/sha_block.h" +#include "sha/sha_core.h" #endif #define TEST_MEMORY_LEAK_THRESHOLD_DEFAULT 0 diff --git a/tools/ci/check_copyright_ignore.txt b/tools/ci/check_copyright_ignore.txt index f79a265d7a..a61148eccd 100644 --- a/tools/ci/check_copyright_ignore.txt +++ b/tools/ci/check_copyright_ignore.txt @@ -479,13 +479,11 @@ components/mbedtls/port/include/esp32/aes.h components/mbedtls/port/include/esp32/sha.h components/mbedtls/port/include/esp32s2/aes.h components/mbedtls/port/include/esp32s2/gcm.h -components/mbedtls/port/include/esp32s2/sha.h components/mbedtls/port/include/mbedtls/esp_debug.h components/mbedtls/port/include/sha/sha_parallel_engine.h components/mbedtls/port/include/sha1_alt.h components/mbedtls/port/include/sha256_alt.h components/mbedtls/port/include/sha512_alt.h -components/mbedtls/port/sha/dma/sha.c components/mbedtls/port/sha/parallel_engine/sha.c components/nvs_flash/include/nvs_handle.hpp components/nvs_flash/src/nvs_cxx_api.cpp