Commit Graph

34 Commits

Author SHA1 Message Date
Angus Gratton
3991084777 sha: Add fault injection checks reading hash digest state
Vulnerability reported by LimitedResults under Espressif Bug Bounty Program.
2019-08-11 13:18:23 +10:00
Angus Gratton
088439c634 aes: Add fault injection checks when writing key to hardware
Vulnerability reported by LimitedResults under Espressif Bug Bounty Program.
2019-08-11 13:18:23 +10:00
Angus Gratton
7c5dd19c83 hwcrypto: Add AES fault injection check
Hardware AES-CBC performance changes:

Release config 11.0MB/sec -> 10.8MB/sec
Debug config 9.4MB/sec -> 9.8MB/sec

(Unrolling the loop to optimize the check improves
performance at -Og, even with the fault check.)
2019-08-07 16:04:59 +10:00
Konstantin Kondrashov
a2f00b0adf esp32/sha: Remove second enabling in esp_sha_lock_engine_common 2019-04-10 20:49:27 +08:00
Angus Gratton
0176f912b6 esp32: Chunk input blocks for esp_sha() function performance, add perf test 2019-03-15 17:34:06 +11:00
Angus Gratton
fe516fb7c2 esp32 hwcrypto: Prevent esp_sha() from disabling interrupts for extended period
* Closes https://github.com/espressif/esp-idf/issues/3127
* Closes IDFGH-681

Also reported at https://esp32.com/viewtopic.php?f=13&t=9506
2019-03-15 17:34:06 +11:00
Angus Gratton
f141b29328 hwcrypto sha: Use spinlocks instead of semaphores for small state changes
Significant performance improvement and smaller RAM footprint.
2019-01-23 04:59:44 +00:00
Angus Gratton
f3277cf2dc hwcrypto sha: Allow SHA contexts to be shared between tasks
Previously, hardware SHA engine "locks" were mutex semaphores. This meant that the task which
started a particular SHA session (in hardware) needed to finalise that session, or an invalid
FreeRTOS state was created.

Replace with binary semaphore which can be shared between tasks.

Includes a unit test, but unit test doesn't crash even without this fix
(some other unknown condition is required).
2019-01-23 04:59:44 +00:00
Ivan Grokhotkov
761d44bd36 Merge branch 'bugfix/xts_compile_err' into 'master'
mbedtls: Fix compilation errors when CONFIG_MBEDTLS_HARDWARE_AES is disabled

See merge request idf/esp-idf!3506
2018-11-05 16:58:38 +08:00
Konstantin Kondrashov
8bba348528 aes/sha/mpi: Bugfix a use of shared registers.
This commit resolves a blocking in esp_aes_block function.

Introduce:
The problem was in the fact that AES is switched off at the moment when he should give out the processed data. But because of the disabled, the operation can not be completed successfully, there is an infinite hang. The reason for this behavior is that the registers for controlling the inclusion of AES, SHA, MPI have shared registers and they were not protected from sharing.

Fix some related issue with shared using of AES SHA RSA accelerators.

Closes: https://github.com/espressif/esp-idf/issues/2295#issuecomment-432898137
2018-11-05 04:22:47 +00:00
Sagar Bijwe
fbcc160675 mbedtls: Fix compilation errors when CONFIG_MBEDTLS_HARDWARE_AES is disabled 2018-11-01 12:08:45 +05:30
Sagar Bijwe
48fccbf5dd nvs_flash: Add support for nvs encryption 2018-09-24 11:25:21 +05:30
Konstantin Kondrashov
8f80cc733d soc: Change DPORT access
When two CPUs read the area of the DPORT and the area of the APB, the result is corrupted for the CPU that read the APB area.
And another CPU has valid data.

The method of eliminating this error.
Before reading the registers of the DPORT, make a preliminary reading of the APB register.
In this case, the joint access of the two CPUs to the registers of the APB and the DPORT is successful.
2018-05-14 17:54:57 +05:00
Ivan Grokhotkov
dbc919eff5 mbedtls: update usage of mbedtls_aes_encrypt/decrypt 2018-05-09 23:15:28 +08:00
Angus Gratton
703d143619 hwcrypto: Fix bug with concurrent SHA access
If two different types of SHA hashes were active in the hardware
concurrently, a race condition meant the SHA unit could be incorrectly
reset leading to all-zero results.
2017-08-25 16:08:03 +10:00
Angus Gratton
50e0a54630 esp32 hwcrypto: Use spinlock instead of lock to protect AES
More than doubles performance of mbedTLS AES self-tests.
2017-08-25 16:08:03 +10:00
Angus Gratton
2624e10055 esp32 hwcrypto: Use AES registers directly 2017-08-25 16:08:03 +10:00
Angus Gratton
e256fb6d96 hwcrypto: Use DPORT-safe accesses with AES 2017-08-25 16:08:03 +10:00
Angus Gratton
d0c300c52d hwcrypto: SHA acceleration using safe DPORT reads 2017-08-25 16:08:03 +10:00
Tian Hao
26a3cb93c7 component/soc : move dport access header files to soc
1. move dport access header files to soc
2. reduce dport register write protection. Only protect read operation
2017-05-09 18:06:00 +08:00
Tian Hao
f7e8856520 component/esp32 : fix dualcore bug
1. When dual core cpu run access DPORT register, must do protection.
2. If access DPORT register, must use DPORT_REG_READ/DPORT_REG_WRITE and DPORT_XXX register operation macro.
2017-05-08 21:53:43 +08:00
Angus Gratton
88b264cfce mbedTLS SHA: Fix cloning of SHA-384 digests
Hardware unit only reads 384 bits of state for SHA-384 LOAD,
which is enough for final digest but not enough if you plan to
resume digest in software.
2016-11-25 19:26:30 +11:00
Angus Gratton
dfcb241850 mbedTLS SHA Acceleration: Add missing esp_sha_lock_engine() function 2016-11-22 20:57:01 +11:00
Angus Gratton
2561b68af8 hwcrypto: Fixes for disabling one hardware unit causing reset of a different unit
ROM functions reset related units, but this can have problems in a
multithreaded environment.
2016-11-22 20:42:38 +11:00
Angus Gratton
c48612e516 mbedTLS SHA acceleration: Allow concurrent digest calculation, works with TLS
SHA hardware allows each of SHA1, SHA256, SHA384&SHA512 to calculate digests
concurrently.

Currently incompatible with AES acceleration due to a hardware reset problem.

Ref TW7111.
2016-11-22 20:42:38 +11:00
Angus Gratton
46a9754b8e hwcrypto sha: Fix initialisation of SHA hardware in esp_shaX_start functions
Problem exposed by previous commit.
2016-09-09 14:27:53 +10:00
Wu Jian Gang
95defc7d32 mbedtls: Use hardware accelerated AES, SHA, bignum 2016-09-08 17:41:43 +08:00
Angus Gratton
2211759cc0 hwcrypto aes: Fix bugs w/ ECB decrypt, CFB modes 2016-09-08 17:02:52 +08:00
Angus Gratton
d951ab2661 hwcrypto aes: Performance tweak, only write key to hardware once
Shaves ~10% off time to compute AES-CBC
2016-09-08 16:47:37 +08:00
Angus Gratton
a32e954f67 hwcrypto sha: Feed one block at a time to hardware SHA implementation
Fixes a bug where some longer block sizes produced incorrect results.
2016-09-08 16:47:34 +08:00
Angus Gratton
0a970e3a25 hwcrypto: Match API completely to mbedTLS naming conventions 2016-09-08 16:47:31 +08:00
Angus Gratton
2580c07ae6 esp32 hwcrypto: Make SHA-224 an obvious no-op for now
This is not the long term solution...
2016-09-08 16:47:28 +08:00
Angus Gratton
0647d1e922 esp32 hwcrypto: Rework hardware crypto locking
Should protect against concurrent use of hardware crypto primitives,
with good performance.

Not necessary to call esp_aes_acquire_hardware(),
esp_sha_acquire_hardware(), etc when using these APIs. These are
provided for external users calling the hardware crypto hardware
directly, to coexist with this implementation.
2016-09-08 16:47:13 +08:00
Angus Gratton
4167b68eef esp32: Move hardware crypto implementation/headers to hwcrypto directories 2016-09-08 16:46:28 +08:00