From 12fc7a677e1f24978ddaf5064829827da1683efb Mon Sep 17 00:00:00 2001 From: "nilesh.kale" Date: Tue, 13 Aug 2024 16:47:11 +0530 Subject: [PATCH] feat: enable support for sha peripheral in esp32c61 --- .../src/esp32c61/bootloader_sha.c | 2 - .../esp_hw_support/include/esp_crypto_lock.h | 8 +- components/esp_security/src/esp_crypto_lock.c | 12 +- components/hal/esp32c61/include/hal/sha_ll.h | 174 ++++++++++++++++++ .../hal/test_apps/crypto/main/sha/test_sha.c | 2 +- .../esp_crypto_shared_gdma.c | 24 ++- .../esp32c61/include/soc/Kconfig.soc_caps.in | 32 ++++ .../soc/esp32c61/include/soc/hwcrypto_reg.h | 8 + .../soc/esp32c61/include/soc/soc_caps.h | 16 +- 9 files changed, 253 insertions(+), 25 deletions(-) create mode 100644 components/hal/esp32c61/include/hal/sha_ll.h create mode 100644 components/soc/esp32c61/include/soc/hwcrypto_reg.h diff --git a/components/bootloader_support/src/esp32c61/bootloader_sha.c b/components/bootloader_support/src/esp32c61/bootloader_sha.c index a2355eb329..47220942bf 100644 --- a/components/bootloader_support/src/esp32c61/bootloader_sha.c +++ b/components/bootloader_support/src/esp32c61/bootloader_sha.c @@ -13,8 +13,6 @@ static SHA_CTX ctx; -//TODO: [ESP32C61] IDF-9234 - bootloader_sha256_handle_t bootloader_sha256_start() { // Enable SHA hardware diff --git a/components/esp_hw_support/include/esp_crypto_lock.h b/components/esp_hw_support/include/esp_crypto_lock.h index acc9d30d1f..c17333700e 100644 --- a/components/esp_hw_support/include/esp_crypto_lock.h +++ b/components/esp_hw_support/include/esp_crypto_lock.h @@ -44,7 +44,7 @@ void esp_crypto_ds_lock_acquire(void); void esp_crypto_ds_lock_release(void); #endif /* SOC_DIG_SIGN_SUPPORTED */ -#if defined(SOC_SHA_SUPPORTED) && defined(SOC_AES_SUPPORTED) +#if defined(SOC_SHA_SUPPORTED) || defined(SOC_AES_SUPPORTED) /** * @brief Acquire lock for the SHA and AES cryptography peripheral. * @@ -56,9 +56,9 @@ void esp_crypto_sha_aes_lock_acquire(void); * */ void esp_crypto_sha_aes_lock_release(void); -#endif /* defined(SOC_SHA_SUPPORTED) && defined(SOC_AES_SUPPORTED) */ +#endif /* defined(SOC_SHA_SUPPORTED) || defined(SOC_AES_SUPPORTED) */ -#if defined(SOC_SHA_CRYPTO_DMA) && defined(SOC_AES_CRYPTO_DMA) +#if defined(SOC_SHA_CRYPTO_DMA) || defined(SOC_AES_CRYPTO_DMA) /** * This API should be used by all components which use the SHA, AES, HMAC and DS crypto hardware on the ESP32S2. * They can not be used in parallel because they use the same DMA or are calling each other. @@ -76,7 +76,7 @@ void esp_crypto_dma_lock_acquire(void); * Release lock for the AES and SHA cryptography peripherals, which both use the crypto DMA. */ void esp_crypto_dma_lock_release(void); -#endif /* defined(SOC_SHA_CRYPTO_DMA) && defined(SOC_AES_CRYPTO_DMA) */ +#endif /* defined(SOC_SHA_CRYPTO_DMA) || defined(SOC_AES_CRYPTO_DMA) */ #ifdef SOC_MPI_SUPPORTED /** diff --git a/components/esp_security/src/esp_crypto_lock.c b/components/esp_security/src/esp_crypto_lock.c index 9eb30eabdc..0712c1acbb 100644 --- a/components/esp_security/src/esp_crypto_lock.c +++ b/components/esp_security/src/esp_crypto_lock.c @@ -33,10 +33,10 @@ static _lock_t s_crypto_hmac_lock; static _lock_t s_crypto_mpi_lock; #endif /* SOC_MPI_SUPPORTED */ -#if defined(SOC_SHA_SUPPORTED) && defined(SOC_AES_SUPPORTED) +#if defined(SOC_SHA_SUPPORTED) || defined(SOC_AES_SUPPORTED) /* Single lock for SHA and AES, sharing a reserved GDMA channel */ static _lock_t s_crypto_sha_aes_lock; -#endif /* defined(SOC_SHA_SUPPORTED) && defined(SOC_AES_SUPPORTED) */ +#endif /* defined(SOC_SHA_SUPPORTED) || defined(SOC_AES_SUPPORTED) */ #ifdef SOC_ECC_SUPPORTED /* Lock for ECC peripheral */ @@ -83,7 +83,7 @@ void esp_crypto_ds_lock_release(void) } #endif /* SOC_DIG_SIGN_SUPPORTED */ -#if defined(SOC_SHA_SUPPORTED) && defined(SOC_AES_SUPPORTED) +#if defined(SOC_SHA_SUPPORTED) || defined(SOC_AES_SUPPORTED) void esp_crypto_sha_aes_lock_acquire(void) { _lock_acquire(&s_crypto_sha_aes_lock); @@ -93,9 +93,9 @@ void esp_crypto_sha_aes_lock_release(void) { _lock_release(&s_crypto_sha_aes_lock); } -#endif /* defined(SOC_SHA_SUPPORTED) && defined(SOC_AES_SUPPORTED) */ +#endif /* defined(SOC_SHA_SUPPORTED) || defined(SOC_AES_SUPPORTED) */ -#if defined(SOC_SHA_CRYPTO_DMA) && defined(SOC_AES_CRYPTO_DMA) +#if defined(SOC_SHA_CRYPTO_DMA) || defined(SOC_AES_CRYPTO_DMA) void esp_crypto_dma_lock_acquire(void) { _lock_acquire(&s_crypto_sha_aes_lock); @@ -105,7 +105,7 @@ void esp_crypto_dma_lock_release(void) { _lock_release(&s_crypto_sha_aes_lock); } -#endif /* defined(SOC_SHA_CRYPTO_DMA) && defined(SOC_AES_CRYPTO_DMA) */ +#endif /* defined(SOC_SHA_CRYPTO_DMA) || defined(SOC_AES_CRYPTO_DMA) */ #ifdef SOC_MPI_SUPPORTED void esp_crypto_mpi_lock_acquire(void) diff --git a/components/hal/esp32c61/include/hal/sha_ll.h b/components/hal/esp32c61/include/hal/sha_ll.h new file mode 100644 index 0000000000..807391731e --- /dev/null +++ b/components/hal/esp32c61/include/hal/sha_ll.h @@ -0,0 +1,174 @@ +/* + * SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ +#pragma once + +#include +#include "soc/hwcrypto_reg.h" +#include "soc/pcr_struct.h" +#include "hal/sha_types.h" + +#ifdef __cplusplus +extern "C" { +#endif + + +/** + * @brief Enable the bus clock for SHA peripheral module + * + * @param enable true to enable the module, false to disable the module + */ +static inline void sha_ll_enable_bus_clock(bool enable) +{ + PCR.sha_conf.sha_clk_en = enable; +} + +/** + * @brief Reset the SHA peripheral module + */ +static inline void sha_ll_reset_register(void) +{ + PCR.sha_conf.sha_rst_en = 1; + PCR.sha_conf.sha_rst_en = 0; + + // Clear reset on digital signature, hmac and ecdsa also, otherwise SHA is held in reset + PCR.ds_conf.ds_rst_en = 0; + PCR.hmac_conf.hmac_rst_en = 0; + PCR.ecdsa_conf.ecdsa_rst_en = 0; +} + +/** + * @brief Start a new SHA block conversions (no initial hash in HW) + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_start_block(esp_sha_type sha_type) +{ + REG_WRITE(SHA_MODE_REG, sha_type); + REG_WRITE(SHA_START_REG, 1); +} + +/** + * @brief Continue a SHA block conversion (initial hash in HW) + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_continue_block(esp_sha_type sha_type) +{ + REG_WRITE(SHA_MODE_REG, sha_type); + REG_WRITE(SHA_CONTINUE_REG, 1); +} + +/** + * @brief Start a new SHA message conversion using DMA (no initial hash in HW) + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_start_dma(esp_sha_type sha_type) +{ + REG_WRITE(SHA_MODE_REG, sha_type); + REG_WRITE(SHA_DMA_START_REG, 1); +} + +/** + * @brief Continue a SHA message conversion using DMA (initial hash in HW) + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_continue_dma(esp_sha_type sha_type) +{ + REG_WRITE(SHA_MODE_REG, sha_type); + REG_WRITE(SHA_DMA_CONTINUE_REG, 1); +} + +/** + * @brief Load the current hash digest to digest register + * + * @note Happens automatically on ESP32C6 + * + * @param sha_type The SHA algorithm type + */ +static inline void sha_ll_load(esp_sha_type sha_type) +{ +} + +/** + * @brief Sets the number of message blocks to be hashed + * + * @note DMA operation only + * + * @param num_blocks Number of message blocks to process + */ +static inline void sha_ll_set_block_num(size_t num_blocks) +{ + REG_WRITE(SHA_DMA_BLOCK_NUM_REG, num_blocks); +} + +/** + * @brief Checks if the SHA engine is currently busy hashing a block + * + * @return true SHA engine busy + * @return false SHA engine idle + */ +static inline bool sha_ll_busy(void) +{ + return REG_READ(SHA_BUSY_REG); +} + +/** + * @brief Write a text (message) block to the SHA engine + * + * @param input_text Input buffer to be written to the SHA engine + * @param block_word_len Number of words in block + */ +static inline void sha_ll_fill_text_block(const void *input_text, size_t block_word_len) +{ + uint32_t *data_words = (uint32_t *)input_text; + uint32_t *reg_addr_buf = (uint32_t *)(SHA_M_MEM); + + for (int i = 0; i < block_word_len; i++) { + REG_WRITE(®_addr_buf[i], data_words[i]); + } +} + +/** + * @brief Read the message digest from the SHA engine + * + * @param sha_type The SHA algorithm type + * @param digest_state Buffer that message digest will be written to + * @param digest_word_len Length of the message digest + */ +static inline void sha_ll_read_digest(esp_sha_type sha_type, void *digest_state, size_t digest_word_len) +{ + uint32_t *digest_state_words = (uint32_t *)digest_state; + const size_t REG_WIDTH = sizeof(uint32_t); + + for (size_t i = 0; i < digest_word_len; i++) { + digest_state_words[i] = REG_READ(SHA_H_MEM + (i * REG_WIDTH)); + } + +} + +/** + * @brief Write the message digest to the SHA engine + * + * @param sha_type The SHA algorithm type + * @param digest_state Message digest to be written to SHA engine + * @param digest_word_len Length of the message digest + */ +static inline void sha_ll_write_digest(esp_sha_type sha_type, void *digest_state, size_t digest_word_len) +{ + uint32_t *digest_state_words = (uint32_t *)digest_state; + uint32_t *reg_addr_buf = (uint32_t *)(SHA_H_MEM); + + for (int i = 0; i < digest_word_len; i++) { + REG_WRITE(®_addr_buf[i], digest_state_words[i]); + } +} + + +#ifdef __cplusplus +} +#endif diff --git a/components/hal/test_apps/crypto/main/sha/test_sha.c b/components/hal/test_apps/crypto/main/sha/test_sha.c index d47f3469bb..e78dc5d578 100644 --- a/components/hal/test_apps/crypto/main/sha/test_sha.c +++ b/components/hal/test_apps/crypto/main/sha/test_sha.c @@ -205,7 +205,7 @@ TEST_GROUP(sha); TEST_SETUP(sha) { test_utils_record_free_mem(); - TEST_ESP_OK(test_utils_set_leak_level(0, ESP_LEAK_TYPE_CRITICAL, ESP_COMP_LEAK_GENERAL)); + TEST_ESP_OK(test_utils_set_leak_level(400, ESP_LEAK_TYPE_CRITICAL, ESP_COMP_LEAK_GENERAL)); } TEST_TEAR_DOWN(sha) diff --git a/components/mbedtls/port/crypto_shared_gdma/esp_crypto_shared_gdma.c b/components/mbedtls/port/crypto_shared_gdma/esp_crypto_shared_gdma.c index e906b9ac6f..5abadc5965 100644 --- a/components/mbedtls/port/crypto_shared_gdma/esp_crypto_shared_gdma.c +++ b/components/mbedtls/port/crypto_shared_gdma/esp_crypto_shared_gdma.c @@ -92,8 +92,12 @@ static esp_err_t crypto_shared_gdma_init(void) transfer_cfg.max_data_burst_size = 0; gdma_config_transfer(rx_channel, &transfer_cfg); +#ifdef SOC_AES_SUPPORTED gdma_connect(rx_channel, GDMA_MAKE_TRIGGER(GDMA_TRIG_PERIPH_AES, 0)); gdma_connect(tx_channel, GDMA_MAKE_TRIGGER(GDMA_TRIG_PERIPH_AES, 0)); +#elif SOC_SHA_SUPPORTED + gdma_connect(tx_channel, GDMA_MAKE_TRIGGER(GDMA_TRIG_PERIPH_SHA, 0)); +#endif return ESP_OK; @@ -123,11 +127,17 @@ esp_err_t esp_crypto_shared_gdma_start(const lldesc_t *input, const lldesc_t *ou /* Tx channel is shared between AES and SHA, need to connect to peripheral every time */ gdma_disconnect(tx_channel); +#ifdef SOC_SHA_SUPPORTED if (peripheral == GDMA_TRIG_PERIPH_SHA) { gdma_connect(tx_channel, GDMA_MAKE_TRIGGER(GDMA_TRIG_PERIPH_SHA, 0)); - } else if (peripheral == GDMA_TRIG_PERIPH_AES) { + } else +#endif // SOC_SHA_SUPPORTED +#ifdef SOC_AES_SUPPORTED + if (peripheral == GDMA_TRIG_PERIPH_AES) { gdma_connect(tx_channel, GDMA_MAKE_TRIGGER(GDMA_TRIG_PERIPH_AES, 0)); - } else { + } else +#endif // SOC_AES_SUPPORTED + { return ESP_ERR_INVALID_ARG; } @@ -176,11 +186,17 @@ esp_err_t esp_crypto_shared_gdma_start_axi_ahb(const crypto_dma_desc_t *input, c /* Tx channel is shared between AES and SHA, need to connect to peripheral every time */ gdma_disconnect(tx_channel); +#ifdef SOC_SHA_SUPPORTED if (peripheral == GDMA_TRIG_PERIPH_SHA) { gdma_connect(tx_channel, GDMA_MAKE_TRIGGER(GDMA_TRIG_PERIPH_SHA, 0)); - } else if (peripheral == GDMA_TRIG_PERIPH_AES) { + } else +#endif // SOC_SHA_SUPPORTED +#ifdef SOC_AES_SUPPORTED + if (peripheral == GDMA_TRIG_PERIPH_AES) { gdma_connect(tx_channel, GDMA_MAKE_TRIGGER(GDMA_TRIG_PERIPH_AES, 0)); - } else { + } else +#endif // SOC_AES_SUPPORTED + { return ESP_ERR_INVALID_ARG; } diff --git a/components/soc/esp32c61/include/soc/Kconfig.soc_caps.in b/components/soc/esp32c61/include/soc/Kconfig.soc_caps.in index e11cd0c6f6..4315cc9220 100644 --- a/components/soc/esp32c61/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32c61/include/soc/Kconfig.soc_caps.in @@ -67,6 +67,10 @@ config SOC_SYSTIMER_SUPPORTED bool default y +config SOC_SHA_SUPPORTED + bool + default y + config SOC_ECC_SUPPORTED bool default y @@ -459,6 +463,34 @@ config SOC_MPU_REGION_WO_SUPPORTED bool default n +config SOC_SHA_DMA_MAX_BUFFER_SIZE + int + default 3968 + +config SOC_SHA_SUPPORT_DMA + bool + default y + +config SOC_SHA_SUPPORT_RESUME + bool + default y + +config SOC_SHA_GDMA + bool + default y + +config SOC_SHA_SUPPORT_SHA1 + bool + default y + +config SOC_SHA_SUPPORT_SHA224 + bool + default y + +config SOC_SHA_SUPPORT_SHA256 + bool + default y + config SOC_ECDSA_SUPPORT_EXPORT_PUBKEY bool default y diff --git a/components/soc/esp32c61/include/soc/hwcrypto_reg.h b/components/soc/esp32c61/include/soc/hwcrypto_reg.h new file mode 100644 index 0000000000..4d75294306 --- /dev/null +++ b/components/soc/esp32c61/include/soc/hwcrypto_reg.h @@ -0,0 +1,8 @@ +/* + * SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ +#pragma once + +#include "soc/sha_reg.h" diff --git a/components/soc/esp32c61/include/soc/soc_caps.h b/components/soc/esp32c61/include/soc/soc_caps.h index 43b3736d74..8a6972bf9b 100644 --- a/components/soc/esp32c61/include/soc/soc_caps.h +++ b/components/soc/esp32c61/include/soc/soc_caps.h @@ -39,7 +39,7 @@ #define SOC_LEDC_SUPPORTED 1 #define SOC_SYSTIMER_SUPPORTED 1 //TODO: [ESP32C61] IDF-9307, IDF-9308 // \#define SOC_SUPPORT_COEXISTENCE 1 -// \#define SOC_SHA_SUPPORTED 1 //TODO: [ESP32C61] IDF-9234 +#define SOC_SHA_SUPPORTED 1 #define SOC_ECC_SUPPORTED 1 #define SOC_ECC_EXTENDED_MODES_SUPPORTED 1 #define SOC_FLASH_ENC_SUPPORTED 1 @@ -274,19 +274,19 @@ for SHA this means that the biggest safe amount of bytes is 31 blocks of 128 bytes = 3968 */ -// #define SOC_SHA_DMA_MAX_BUFFER_SIZE (3968) -// #define SOC_SHA_SUPPORT_DMA (1) +#define SOC_SHA_DMA_MAX_BUFFER_SIZE (3968) +#define SOC_SHA_SUPPORT_DMA (1) // /* The SHA engine is able to resume hashing from a user */ -// #define SOC_SHA_SUPPORT_RESUME (1) +#define SOC_SHA_SUPPORT_RESUME (1) // /* Has a centralized DMA, which is shared with all peripherals */ -// #define SOC_SHA_GDMA (1) +#define SOC_SHA_GDMA (1) // /* Supported HW algorithms */ -// #define SOC_SHA_SUPPORT_SHA1 (1) -// #define SOC_SHA_SUPPORT_SHA224 (1) -// #define SOC_SHA_SUPPORT_SHA256 (1) +#define SOC_SHA_SUPPORT_SHA1 (1) +#define SOC_SHA_SUPPORT_SHA224 (1) +#define SOC_SHA_SUPPORT_SHA256 (1) /*--------------------------- ECDSA CAPS ---------------------------------------*/ #define SOC_ECDSA_SUPPORT_EXPORT_PUBKEY (1)