alex/esp-idf
alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2024-10-05 20:47:46 -04:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

esp32 hwcrypto: Rework hardware crypto locking

Browse Source 
Should protect against concurrent use of hardware crypto primitives,
with good performance.

Not necessary to call esp_aes_acquire_hardware(),
esp_sha_acquire_hardware(), etc when using these APIs. These are
provided for external users calling the hardware crypto hardware
directly, to coexist with this implementation.
This commit is contained in:
Angus Gratton 2016-09-02 18:36:26 +10:00 committed by Wu Jian Gang
parent 4167b68eef
commit 0647d1e922
8 changed files with 235 additions and 340 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

209
components/esp32/hwcrypto/aes.c
View File

@ -1,8 +1,10 @@
/*
* FIPS-197 compliant AES implementation
* ESP32 hardware accelerated AES implementation
* based on mbedTLS FIPS-197 compliant version.
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE Ltd
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
@ -25,22 +27,30 @@
* http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
*/
#include <string.h>
#include "aes.h"
#include "esp_crypto.h"
#include "hwcrypto/aes.h"
#include "rom/aes.h"
#include <sys/lock.h>
/* Implementation that should never be optimized out by the compiler */
//static void bzero( void *v, size_t n ) {
// volatile unsigned char *p = v; while( n-- ) *p++ = 0;
//}
static _lock_t aes_lock;
void esp_aes_acquire_hardware( void )
{
/* newlib locks lazy initialize on ESP-IDF */
_lock_acquire(&aes_lock);
ets_aes_enable();
}
void esp_aes_release_hardware( void )
{
uint8_t zero[256/8] = { 0 };
ets_aes_setkey_enc(zero, AES256);
ets_aes_disable();
_lock_release(&aes_lock);
}
void esp_aes_init( AES_CTX *ctx )
{
memset( ctx, 0, sizeof( AES_CTX ) );
AES_LOCK();
AES_TAKE();
ets_aes_enable();
AES_UNLOCK();
bzero( ctx, sizeof( AES_CTX ) );
}
void esp_aes_free( AES_CTX *ctx )
@ -50,117 +60,94 @@ void esp_aes_free( AES_CTX *ctx )
}
bzero( ctx, sizeof( AES_CTX ) );
}
AES_LOCK();
AES_GIVE();
if (false == AES_IS_USED()) {
ets_aes_disable();
/* Translate number of bits to an AES_BITS enum */
static int keybits_to_aesbits(unsigned int keybits)
{
switch (keybits) {
case 128:
return AES128;
case 192:
return AES192;
break;
case 256:
return AES256;
default:
return ( ERR_AES_INVALID_KEY_LENGTH );
}
AES_UNLOCK();
}
/*
* AES key schedule (encryption)
*
*/
int esp_aes_setkey_enc( AES_CTX *ctx, const unsigned char *key,
unsigned int keybits )
{
enum AES_BITS keybit;
uint16_t keybyte = keybits / 8;
switch (keybits) {
case 128:
keybit = AES128;
break;
case 192:
keybit = AES192;
break;
case 256:
keybit = AES256;
break;
default:
return ( ERR_AES_INVALID_KEY_LENGTH );
uint16_t keybytes = keybits / 8;
int aesbits = keybits_to_aesbits(keybits);
if (aesbits < 0) {
return aesbits;
}
if (ctx->enc.keyflag == false) {
ctx->enc.keyflag = true;
ctx->enc.keybits = keybits;
memset(ctx->enc.key, 0, sizeof(ctx->enc.key));
memcpy(ctx->enc.key, key, keybyte);
} else {
ets_aes_setkey_enc(key, keybit);
}
ctx->enc.aesbits = aesbits;
bzero(ctx->enc.key, sizeof(ctx->enc.key));
memcpy(ctx->enc.key, key, keybytes);
return 0;
}
/*
* AES key schedule (decryption)
*
*/
int esp_aes_setkey_dec( AES_CTX *ctx, const unsigned char *key,
unsigned int keybits )
{
enum AES_BITS keybit;
uint16_t keybyte = keybits / 8;
switch (keybits) {
case 128:
keybit = AES128;
break;
case 192:
keybit = AES192;
break;
case 256:
keybit = AES256;
break;
default:
return ( ERR_AES_INVALID_KEY_LENGTH );
uint16_t keybytes = keybits / 8;
int aesbits = keybits_to_aesbits(keybits);
if (aesbits < 0) {
return aesbits;
}
if (ctx->dec.keyflag == false) {
ctx->dec.keyflag = true;
ctx->dec.keybits = keybits;
memset(ctx->dec.key, 0, sizeof(ctx->dec.key));
memcpy(ctx->dec.key, key, keybyte);
} else {
ets_aes_setkey_dec(key, keybit);
}
ctx->dec.aesbits = aesbits;
bzero(ctx->dec.key, sizeof(ctx->dec.key));
memcpy(ctx->dec.key, key, keybytes);
return 0;
}
static void esp_aes_process_enable(AES_CTX *ctx, int mode)
/*
* Inner AES-ECB function. Call only when protected by esp_aes_acquire_hardware().
*
* Optimisation to prevent overhead of locking each time when
* encrypting many blocks in sequence.
*/
static int esp_aes_crypt_ecb_inner( AES_CTX *ctx,
int mode,
const unsigned char input[16],
unsigned char output[16] )
{
if ( mode == AES_ENCRYPT ) {
esp_aes_setkey_enc(ctx, ctx->enc.key, ctx->enc.keybits);
ets_aes_setkey_enc(ctx->enc.key, ctx->enc.aesbits);
ets_aes_crypt(input, output);
} else {
esp_aes_setkey_dec(ctx, ctx->dec.key, ctx->dec.keybits);
ets_aes_setkey_dec(ctx->enc.key, ctx->enc.aesbits);
/* TODO: previous commit esp_aes_decrypt function calls this but this is not correct! */
ets_aes_crypt(input, output);
}
return;
}
static void esp_aes_process_disable(AES_CTX *ctx, int mode)
{
return 0;
}
/*
* AES-ECB block encryption
*/
void esp_aes_encrypt( AES_CTX *ctx,
const unsigned char input[16],
unsigned char output[16] )
{
ets_aes_crypt(input, output);
return ;
esp_aes_acquire_hardware();
esp_aes_crypt_ecb_inner(ctx, AES_ENCRYPT, input, output);
esp_aes_release_hardware();
}
/*
* AES-ECB block decryption
*/
@ -169,9 +156,9 @@ void esp_aes_decrypt( AES_CTX *ctx,
const unsigned char input[16],
unsigned char output[16] )
{
ets_aes_crypt(input, output);
return ;
esp_aes_acquire_hardware();
esp_aes_crypt_ecb_inner(ctx, AES_DECRYPT, input, output);
esp_aes_release_hardware();
}
@ -183,20 +170,9 @@ int esp_aes_crypt_ecb( AES_CTX *ctx,
const unsigned char input[16],
unsigned char output[16] )
{
AES_LOCK();
esp_aes_process_enable(ctx, mode);
if ( mode == AES_ENCRYPT ) {
esp_aes_encrypt( ctx, input, output );
} else {
esp_aes_decrypt( ctx, input, output );
}
esp_aes_process_disable(ctx, mode);
AES_UNLOCK();
esp_aes_acquire_hardware();
esp_aes_crypt_ecb_inner(ctx, mode, input, output);
esp_aes_release_hardware();
return 0;
}
@ -218,10 +194,12 @@ int esp_aes_crypt_cbc( AES_CTX *ctx,
return ( ERR_AES_INVALID_INPUT_LENGTH );
}
esp_aes_acquire_hardware();
if ( mode == AES_DECRYPT ) {
while ( length > 0 ) {
memcpy( temp, input, 16 );
esp_aes_crypt_ecb( ctx, mode, input, output );
esp_aes_crypt_ecb_inner( ctx, mode, input, output );
for ( i = 0; i < 16; i++ ) {
output[i] = (unsigned char)( output[i] ^ iv[i] );
@ -239,7 +217,7 @@ int esp_aes_crypt_cbc( AES_CTX *ctx,
output[i] = (unsigned char)( input[i] ^ iv[i] );
}
esp_aes_crypt_ecb( ctx, mode, output, output );
esp_aes_crypt_ecb_inner( ctx, mode, output, output );
memcpy( iv, output, 16 );
input += 16;
@ -248,6 +226,8 @@ int esp_aes_crypt_cbc( AES_CTX *ctx,
}
}
esp_aes_release_hardware();
return 0;
}
@ -265,10 +245,12 @@ int esp_aes_crypt_cfb128( AES_CTX *ctx,
int c;
size_t n = *iv_off;
esp_aes_acquire_hardware();
if ( mode == AES_DECRYPT ) {
while ( length-- ) {
if ( n == 0 ) {
esp_aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv );
esp_aes_crypt_ecb_inner( ctx, AES_ENCRYPT, iv, iv );
}
c = *input++;
@ -280,7 +262,7 @@ int esp_aes_crypt_cfb128( AES_CTX *ctx,
} else {
while ( length-- ) {
if ( n == 0 ) {
esp_aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv );
esp_aes_crypt_ecb_inner( ctx, AES_ENCRYPT, iv, iv );
}
iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
@ -291,6 +273,8 @@ int esp_aes_crypt_cfb128( AES_CTX *ctx,
*iv_off = n;
esp_aes_release_hardware();
return 0;
}
@ -307,9 +291,11 @@ int esp_aes_crypt_cfb8( AES_CTX *ctx,
unsigned char c;
unsigned char ov[17];
esp_aes_acquire_hardware();
while ( length-- ) {
memcpy( ov, iv, 16 );
esp_aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv );
esp_aes_crypt_ecb_inner( ctx, AES_ENCRYPT, iv, iv );
if ( mode == AES_DECRYPT ) {
ov[16] = *input;
@ -324,6 +310,8 @@ int esp_aes_crypt_cfb8( AES_CTX *ctx,
memcpy( iv, ov + 1, 16 );
}
esp_aes_release_hardware();
return 0;
}
@ -341,9 +329,11 @@ int esp_aes_crypt_ctr( AES_CTX *ctx,
int c, i;
size_t n = *nc_off;
esp_aes_acquire_hardware();
while ( length-- ) {
if ( n == 0 ) {
esp_aes_crypt_ecb( ctx, AES_ENCRYPT, nonce_counter, stream_block );
esp_aes_crypt_ecb_inner( ctx, AES_ENCRYPT, nonce_counter, stream_block );
for ( i = 16; i > 0; i-- )
if ( ++nonce_counter[i - 1] != 0 ) {
@ -358,6 +348,7 @@ int esp_aes_crypt_ctr( AES_CTX *ctx,
*nc_off = n;
esp_aes_release_hardware();
return 0;
}

43
components/esp32/hwcrypto/bignum.c
View File

@ -1,7 +1,9 @@
/*
* Multi-precision integer library
* ESP32 hardware accelerated multi-precision integer functions
* based on mbedTLS implementation
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE Ltd
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
@ -36,8 +38,10 @@
#include <string.h>
#include <stdlib.h>
#include "bignum.h"
#include "esp_crypto.h"
#include <sys/lock.h>
#include "hwcrypto/bignum.h"
#include "rom/ets_sys.h"
#include "rom/bigint.h"
/* Implementation that should never be optimized out by the compiler */
//static void bzero( void *v, size_t n ) {
@ -57,6 +61,22 @@
#define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) )
#define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) )
static _lock_t mpi_lock;
void esp_mpi_acquire_hardware( void )
{
/* newlib locks lazy initialize on ESP-IDF */
_lock_acquire(&mpi_lock);
ets_bigint_enable();
}
void esp_mpi_release_hardware( void )
{
ets_bigint_disable();
_lock_release(&mpi_lock);
}
/*
* Initialize one MPI
*/
@ -68,10 +88,6 @@ void esp_mpi_init( mpi *X )
X->s = 1;
X->n = 0;
X->p = NULL;
BIGNUM_LOCK();
BIGNUM_TAKE();
ets_bigint_enable();
BIGNUM_UNLOCK();
}
/*
@ -91,11 +107,6 @@ void esp_mpi_free( mpi *X )
X->s = 1;
X->n = 0;
X->p = NULL;
BIGNUM_LOCK();
BIGNUM_GIVE();
if (false == BIGNUM_IS_USED())
ets_bigint_disable();
BIGNUM_UNLOCK();
}
/*
@ -1107,7 +1118,7 @@ int esp_mpi_mul_mpi( mpi *X, const mpi *A, const mpi *B )
goto cleanup;
}
BIGNUM_LOCK();
esp_mpi_acquire_hardware();
if (ets_bigint_mult_prepare((uint32_t *)s1, (uint32_t *)s2, bites)){
ets_bigint_wait_finish();
if (ets_bigint_mult_getz((uint32_t *)dest, bites) == true) {
@ -1119,7 +1130,7 @@ int esp_mpi_mul_mpi( mpi *X, const mpi *A, const mpi *B )
} else{
esp_mpi_printf("Baseline multiplication failed\n");
}
BIGNUM_UNLOCK();
esp_mpi_release_hardware();
X->s = A->s * B->s;
@ -1487,7 +1498,7 @@ static void esp_mpi_montmul( mpi *A, const mpi *B, const mpi *N, esp_mpi_uint mm
n = N->n;
m = ( B->n < n ) ? B->n : n;
BIGNUM_LOCK();
esp_mpi_acquire_hardware();
if (ets_bigint_montgomery_mult_prepare(N->p, B->p, d, m, n, false)) {
ets_bigint_wait_finish();
@ -1495,7 +1506,7 @@ static void esp_mpi_montmul( mpi *A, const mpi *B, const mpi *N, esp_mpi_uint mm
} else{
esp_mpi_printf("Montgomery multiplication failed\n");
}
BIGNUM_UNLOCK();
esp_mpi_release_hardware();
}

66
components/esp32/hwcrypto/esp_crypto.c
View File

@ -1,66 +0,0 @@
#include "esp_crypto.h"
#include "freertos/FreeRTOS.h"
#include "freertos/semphr.h"
static SemaphoreHandle_t esp_crypto_mutex[MUTEX_MAX_NUM];
static int esp_crypto_sig[MUTEX_MAX_NUM];
#if 0
#define ESP_DEBUG ets_printf
#else
#define ESP_DEBUG(...)
#endif
int esp_crypto_init(void)
{
int i;
for (i = 0; i < MUTEX_MAX_NUM; i++) {
esp_crypto_mutex[i] = xSemaphoreCreateMutex();
ESP_DEBUG("init num %d mutex %p\n", i, esp_crypto_mutex[i]);
if (!esp_crypto_mutex[i]) {
goto failed1;
}
esp_crypto_sig[i] = 0;
}
return 0;
failed1:
ESP_DEBUG("esp_crypto_init failed\n");
for (i--; i >= 0; i--) {
vQueueDelete(esp_crypto_mutex[i]);
}
return -1;
}
void esp_crypto_lock(unsigned int num)
{
ESP_DEBUG("1num %d, mutex %p\n", num, esp_crypto_mutex[num]);
xSemaphoreTake(esp_crypto_mutex[num], portMAX_DELAY);
}
void esp_crypto_unlock(unsigned int num)
{
ESP_DEBUG("2num %d, mutex %p\n", num, esp_crypto_mutex[num]);
xSemaphoreGive(esp_crypto_mutex[num]);
}
void esp_crypto_take(unsigned int num)
{
esp_crypto_sig[num]++;
}
void esp_crypto_give(unsigned int num)
{
if (esp_crypto_sig[num]) {
esp_crypto_sig[num]--;
}
}
bool esp_crypto_is_used(unsigned int num)
{
return (esp_crypto_sig[num] != 0) ? true : false;
}

109
components/esp32/hwcrypto/sha.c
View File

@ -1,7 +1,9 @@
/*
* FIPS-180-1 compliant SHA-1 implementation
* ESP32 hardware accelerated SHA1/256/512 implementation
* based on mbedTLS FIPS-197 compliant version.
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE Ltd
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
@ -24,22 +26,33 @@
*/
#include <string.h>
#include "sha.h"
#include "esp_crypto.h"
#include <sys/lock.h>
#include "hwcrypto/sha.h"
#include "rom/ets_sys.h"
/* Implementation that should never be optimized out by the compiler */
//static void bzero( void *v, size_t n ) {
// volatile unsigned char *p = v; while( n-- ) *p++ = 0;
//}
static _lock_t sha_lock;
void esp_sha_acquire_hardware( void )
{
/* newlib locks lazy initialize on ESP-IDF */
_lock_acquire(&sha_lock);
ets_sha_enable();
}
void esp_sha_release_hardware( void )
{
/* Want to empty internal SHA buffers where possible,
need to check if this is sufficient for this. */
SHA_CTX zero = { 0 };
ets_sha_init(&zero);
ets_sha_disable();
_lock_release(&sha_lock);
}
void esp_sha1_init( SHA1_CTX *ctx )
{
memset( ctx, 0, sizeof( SHA1_CTX ) );
SHA_LOCK();
SHA_TAKE();
ets_sha_enable();
SHA_UNLOCK();
bzero( ctx, sizeof( SHA1_CTX ) );
}
void esp_sha1_free( SHA1_CTX *ctx )
@ -49,15 +62,6 @@ void esp_sha1_free( SHA1_CTX *ctx )
}
bzero( ctx, sizeof( SHA1_CTX ) );
SHA_LOCK();
SHA_GIVE();
if (false == SHA_IS_USED()) {
ets_sha_disable();
}
SHA_UNLOCK();
}
void esp_sha1_clone( SHA1_CTX *dst, const SHA1_CTX *src )
@ -65,19 +69,12 @@ void esp_sha1_clone( SHA1_CTX *dst, const SHA1_CTX *src )
*dst = *src;
}
void esp_sha1_process(SHA1_CTX *ctx, const unsigned char data[64])
{
}
/*
* SHA-1 context setup
*/
void esp_sha1_start( SHA1_CTX *ctx )
{
SHA_LOCK();
ets_sha_init(&ctx->context);
esp_sha_acquire_hardware();
ctx->context_type = SHA1;
}
@ -95,7 +92,7 @@ void esp_sha1_update( SHA1_CTX *ctx, const unsigned char *input, size_t ilen )
void esp_sha1_finish( SHA1_CTX *ctx, unsigned char output[20] )
{
ets_sha_finish(&ctx->context, ctx->context_type, output);
SHA_UNLOCK();
esp_sha_release_hardware();
}
/*
@ -112,21 +109,9 @@ void esp_sha1_output( const unsigned char *input, size_t ilen, unsigned char out
esp_sha1_free( &ctx );
}
/////
/* Implementation that should never be optimized out by the compiler */
void esp_sha256_init( SHA256_CTX *ctx )
{
memset( ctx, 0, sizeof( SHA256_CTX ) );
SHA_LOCK();
SHA_TAKE();
ets_sha_enable();
SHA_UNLOCK();
}
void esp_sha256_process(SHA256_CTX *ctx, const unsigned char data[64])
{
bzero( ctx, sizeof( SHA256_CTX ) );
}
void esp_sha256_free( SHA256_CTX *ctx )
@ -136,15 +121,6 @@ void esp_sha256_free( SHA256_CTX *ctx )
}
bzero( ctx, sizeof( SHA256_CTX ) );
SHA_LOCK();
SHA_GIVE();
if (false == SHA_IS_USED()) {
ets_sha_disable();
}
SHA_UNLOCK();
}
void esp_sha256_clone( SHA256_CTX *dst, const SHA256_CTX *src )
@ -157,7 +133,7 @@ void esp_sha256_clone( SHA256_CTX *dst, const SHA256_CTX *src )
*/
void esp_sha256_start( SHA256_CTX *ctx, int is224 )
{
SHA_LOCK();
esp_sha_acquire_hardware();
ets_sha_init(&ctx->context);
if ( is224 == 0 ) {
@ -183,7 +159,7 @@ void esp_sha256_update( SHA256_CTX *ctx, const unsigned char *input, size_t ilen
void esp_sha256_finish( SHA256_CTX *ctx, unsigned char output[32] )
{
ets_sha_finish(&ctx->context, ctx->context_type, output);
SHA_UNLOCK();
esp_sha_release_hardware();
}
/*
@ -205,16 +181,6 @@ void esp_sha256_output( const unsigned char *input, size_t ilen, unsigned char o
void esp_sha512_init( SHA512_CTX *ctx )
{
memset( ctx, 0, sizeof( SHA512_CTX ) );
SHA_LOCK();
SHA_TAKE();
ets_sha_enable();
SHA_UNLOCK();
}
void esp_sha512_process( SHA512_CTX *ctx, const unsigned char data[128] )
{
}
void esp_sha512_free( SHA512_CTX *ctx )
@ -224,15 +190,6 @@ void esp_sha512_free( SHA512_CTX *ctx )
}
bzero( ctx, sizeof( SHA512_CTX ) );
SHA_LOCK();
SHA_GIVE();
if (false == SHA_IS_USED()) {
ets_sha_disable();
}
SHA_UNLOCK();
}
void esp_sha512_clone( SHA512_CTX *dst, const SHA512_CTX *src )
@ -245,7 +202,7 @@ void esp_sha512_clone( SHA512_CTX *dst, const SHA512_CTX *src )
*/
void esp_sha512_start( SHA512_CTX *ctx, int is384 )
{
SHA_LOCK();
esp_sha_acquire_hardware();
ets_sha_init(&ctx->context);
if ( is384 == 0 ) {
@ -271,7 +228,7 @@ void esp_sha512_update( SHA512_CTX *ctx, const unsigned char *input, size_t ilen
void esp_sha512_finish( SHA512_CTX *ctx, unsigned char output[64] )
{
ets_sha_finish(&ctx->context, ctx->context_type, output);
SHA_UNLOCK();
esp_sha_release_hardware();
}
/*

29
components/esp32/include/hwcrypto/aes.h
View File

@ -1,9 +1,11 @@
/**
* \file esp_aes.h
*
* \brief AES block cipher
* \brief AES block cipher, ESP32 hardware accelerated version
* Based on mbedTLS version.
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE Ltd
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
@ -25,7 +27,6 @@
#define ESP_AES_H
#include "esp_types.h"
#include "rom/ets_sys.h"
#include "rom/aes.h"
#ifdef __cplusplus
@ -40,8 +41,7 @@ extern "C" {
#define ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */
typedef struct {
bool keyflag;
uint16_t keybits;
enum AES_BITS aesbits;
uint8_t key[32];
} key_context, KEY_CTX;
@ -60,6 +60,27 @@ typedef struct {
KEY_CTX dec;
} aes_context, AES_CTX;
/**
* \brief Lock access to AES hardware unit
*
* AES hardware unit can only be used by one
* consumer at a time.
*
* esp_aes_xxx API calls automatically manage locking & unlocking of
* hardware, this function is only needed if you want to call
* ets_aes_xxx functions directly.
*/
void esp_aes_acquire_hardware( void );
/**
* \brief Unlock access to AES hardware unit
*
* esp_aes_xxx API calls automatically manage locking & unlocking of
* hardware, this function is only needed if you want to call
* ets_aes_xxx functions directly.
*/
void esp_aes_release_hardware( void );
/**
* \brief Initialize AES context
*

29
components/esp32/include/hwcrypto/bignum.h
View File

@ -1,9 +1,11 @@
/**
* \file bignum_alt.h
*
* \brief Multi-precision integer library
* \brief Multi-precision integer library, ESP32 hardware accelerated version
* Based on mbedTLS version.
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE Ltd
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
@ -19,13 +21,11 @@
* limitations under the License.
*
*/
#ifndef _ESP_BIGNUM_H
#define _ESP_BIGNUM_H
#include "esp_types.h"
#include "rom/ets_sys.h"
#include "rom/bigint.h"
#define MPI_DEBUG_ALT
@ -147,6 +147,27 @@ typedef struct
esp_mpi_uint *p; /*!< pointer to limbs */
}mpi, MPI_CTX;
/**
* \brief Lock access to MPI hardware unit
*
* MPI hardware unit can only be used by one
* consumer at a time.
*
* esp_mpi_xxx API calls automatically manage locking & unlocking of
* hardware, this function is only needed if you want to call
* ets_bigint_xxx functions directly.
*/
void esp_mpi_acquire_hardware( void );
/**
* \brief Unlock access to MPI hardware unit
*
* esp_mpi_xxx API calls automatically manage locking & unlocking of
* hardware, this function is only needed if you want to call
* ets_bigint_xxx functions directly.
*/
void esp_mpi_release_hardware( void );
/**
* \brief Initialize one MPI (make internal references valid)
* This just makes it ready to be set or freed,

56
components/esp32/include/hwcrypto/esp_crypto.h
View File

@ -1,56 +0,0 @@
#ifndef _MULTI_CRYPTO_H_
#define _MULTI_CRYPTO_H_
#include "esp_types.h"
#include "rom/ets_sys.h"
#ifdef __cplusplus
extern "C" {
#endif
enum {
AES_MUTEX = 0,
BIGNUM_MUTEX,
SHA_MUTEX,
MUTEX_MAX_NUM,
};
int esp_crypto_init(void);
void esp_crypto_lock(unsigned int num);
void esp_crypto_unlock(unsigned int num);
void esp_crypto_take(unsigned int num);
void esp_crypto_give(unsigned int num);
bool esp_crypto_is_used(unsigned int num);
#define MUTEX_LOCK(num) esp_crypto_lock(num)
#define MUTEX_UNLOCK(num) esp_crypto_unlock(num)
#define SIG_TAKE(num) esp_crypto_take(num)
#define SIG_GIVE(num) esp_crypto_give(num)
#define SIG_IS_USED(num) esp_crypto_is_used(num)
#define AES_LOCK() MUTEX_LOCK(AES_MUTEX)
#define AES_UNLOCK() MUTEX_UNLOCK(AES_MUTEX)
#define BIGNUM_LOCK() MUTEX_LOCK(BIGNUM_MUTEX)
#define BIGNUM_UNLOCK() MUTEX_UNLOCK(BIGNUM_MUTEX)
#define SHA_LOCK() MUTEX_LOCK(SHA_MUTEX)
#define SHA_UNLOCK() MUTEX_UNLOCK(SHA_MUTEX)
#define AES_TAKE() SIG_TAKE(AES_MUTEX)
#define AES_GIVE() SIG_GIVE(AES_MUTEX)
#define AES_IS_USED() SIG_IS_USED(AES_MUTEX)
#define BIGNUM_TAKE() SIG_TAKE(BIGNUM_MUTEX)
#define BIGNUM_GIVE() SIG_GIVE(BIGNUM_MUTEX)
#define BIGNUM_IS_USED() SIG_IS_USED(BIGNUM_MUTEX)
#define SHA_TAKE() SIG_TAKE(SHA_MUTEX)
#define SHA_GIVE() SIG_GIVE(SHA_MUTEX)
#define SHA_IS_USED() SIG_IS_USED(SHA_MUTEX)
#ifdef __cplusplus
}
#endif
#endif /* esp_crypto.h */

34
components/esp32/include/hwcrypto/sha.h
View File

@ -15,10 +15,10 @@
#ifndef _ESP_SHA_H_
#define _ESP_SHA_H_
#include "esp_types.h"
#include "rom/ets_sys.h"
#include "rom/sha.h"
#include "esp_types.h"
#ifdef __cplusplus
extern "C" {
#endif
@ -28,11 +28,32 @@ extern "C" {
*/
typedef struct {
SHA_CTX context;
int context_type;
enum SHA_TYPE context_type; /* defined in rom/sha.h */
} sha_context;
typedef sha_context SHA1_CTX;
/**
* \brief Lock access to SHA hardware unit
*
* SHA hardware unit can only be used by one
* consumer at a time.
*
* esp_sha_xxx API calls automatically manage locking & unlocking of
* hardware, this function is only needed if you want to call
* ets_sha_xxx functions directly.
*/
void esp_sha_acquire_hardware( void );
/**
* \brief Unlock access to SHA hardware unit
*
* esp_sha_xxx API calls automatically manage locking & unlocking of
* hardware, this function is only needed if you want to call
* ets_sha_xxx functions directly.
*/
void esp_sha_release_hardware( void );
/**
* \brief Initialize SHA-1 context
*
@ -55,8 +76,6 @@ void esp_sha1_free( SHA1_CTX *ctx );
*/
void esp_sha1_clone( SHA1_CTX *dst, const SHA1_CTX *src );
void esp_sha1_process(SHA1_CTX *ctx, const unsigned char data[64]);
/**
* \brief SHA-1 context setup
*
@ -92,7 +111,7 @@ void esp_sha1_output( const unsigned char *input, size_t ilen, unsigned char out
///
#define SHA256 SHA2_256
#define SHA224 4
#define SHA224 4 /* TODO: check this */
/**
* \brief SHA-256 context structure
@ -113,7 +132,6 @@ void esp_sha256_init( SHA256_CTX *ctx );
* \param ctx SHA-256 context to be cleared
*/
void esp_sha256_free( SHA256_CTX *ctx );
void esp_sha256_process(SHA256_CTX *ctx, const unsigned char data[64]);
/**
* \brief Clone (the state of) a SHA-256 context
@ -173,8 +191,6 @@ typedef sha_context SHA512_CTX;
*/
void esp_sha512_init( SHA512_CTX *ctx );
void esp_sha512_process( SHA512_CTX *ctx, const unsigned char data[128] );
/**
* \brief Clear SHA-512 context
*