Commit Graph

22 Commits

Author SHA1 Message Date
Angus Gratton
3991084777 sha: Add fault injection checks reading hash digest state
Vulnerability reported by LimitedResults under Espressif Bug Bounty Program.
2019-08-11 13:18:23 +10:00
Konstantin Kondrashov
a2f00b0adf esp32/sha: Remove second enabling in esp_sha_lock_engine_common 2019-04-10 20:49:27 +08:00
Angus Gratton
0176f912b6 esp32: Chunk input blocks for esp_sha() function performance, add perf test 2019-03-15 17:34:06 +11:00
Angus Gratton
fe516fb7c2 esp32 hwcrypto: Prevent esp_sha() from disabling interrupts for extended period
* Closes https://github.com/espressif/esp-idf/issues/3127
* Closes IDFGH-681

Also reported at https://esp32.com/viewtopic.php?f=13&t=9506
2019-03-15 17:34:06 +11:00
Angus Gratton
f141b29328 hwcrypto sha: Use spinlocks instead of semaphores for small state changes
Significant performance improvement and smaller RAM footprint.
2019-01-23 04:59:44 +00:00
Angus Gratton
f3277cf2dc hwcrypto sha: Allow SHA contexts to be shared between tasks
Previously, hardware SHA engine "locks" were mutex semaphores. This meant that the task which
started a particular SHA session (in hardware) needed to finalise that session, or an invalid
FreeRTOS state was created.

Replace with binary semaphore which can be shared between tasks.

Includes a unit test, but unit test doesn't crash even without this fix
(some other unknown condition is required).
2019-01-23 04:59:44 +00:00
Konstantin Kondrashov
8bba348528 aes/sha/mpi: Bugfix a use of shared registers.
This commit resolves a blocking in esp_aes_block function.

Introduce:
The problem was in the fact that AES is switched off at the moment when he should give out the processed data. But because of the disabled, the operation can not be completed successfully, there is an infinite hang. The reason for this behavior is that the registers for controlling the inclusion of AES, SHA, MPI have shared registers and they were not protected from sharing.

Fix some related issue with shared using of AES SHA RSA accelerators.

Closes: https://github.com/espressif/esp-idf/issues/2295#issuecomment-432898137
2018-11-05 04:22:47 +00:00
Konstantin Kondrashov
8f80cc733d soc: Change DPORT access
When two CPUs read the area of the DPORT and the area of the APB, the result is corrupted for the CPU that read the APB area.
And another CPU has valid data.

The method of eliminating this error.
Before reading the registers of the DPORT, make a preliminary reading of the APB register.
In this case, the joint access of the two CPUs to the registers of the APB and the DPORT is successful.
2018-05-14 17:54:57 +05:00
Angus Gratton
703d143619 hwcrypto: Fix bug with concurrent SHA access
If two different types of SHA hashes were active in the hardware
concurrently, a race condition meant the SHA unit could be incorrectly
reset leading to all-zero results.
2017-08-25 16:08:03 +10:00
Angus Gratton
d0c300c52d hwcrypto: SHA acceleration using safe DPORT reads 2017-08-25 16:08:03 +10:00
Tian Hao
26a3cb93c7 component/soc : move dport access header files to soc
1. move dport access header files to soc
2. reduce dport register write protection. Only protect read operation
2017-05-09 18:06:00 +08:00
Tian Hao
f7e8856520 component/esp32 : fix dualcore bug
1. When dual core cpu run access DPORT register, must do protection.
2. If access DPORT register, must use DPORT_REG_READ/DPORT_REG_WRITE and DPORT_XXX register operation macro.
2017-05-08 21:53:43 +08:00
Angus Gratton
88b264cfce mbedTLS SHA: Fix cloning of SHA-384 digests
Hardware unit only reads 384 bits of state for SHA-384 LOAD,
which is enough for final digest but not enough if you plan to
resume digest in software.
2016-11-25 19:26:30 +11:00
Angus Gratton
dfcb241850 mbedTLS SHA Acceleration: Add missing esp_sha_lock_engine() function 2016-11-22 20:57:01 +11:00
Angus Gratton
2561b68af8 hwcrypto: Fixes for disabling one hardware unit causing reset of a different unit
ROM functions reset related units, but this can have problems in a
multithreaded environment.
2016-11-22 20:42:38 +11:00
Angus Gratton
c48612e516 mbedTLS SHA acceleration: Allow concurrent digest calculation, works with TLS
SHA hardware allows each of SHA1, SHA256, SHA384&SHA512 to calculate digests
concurrently.

Currently incompatible with AES acceleration due to a hardware reset problem.

Ref TW7111.
2016-11-22 20:42:38 +11:00
Angus Gratton
46a9754b8e hwcrypto sha: Fix initialisation of SHA hardware in esp_shaX_start functions
Problem exposed by previous commit.
2016-09-09 14:27:53 +10:00
Angus Gratton
a32e954f67 hwcrypto sha: Feed one block at a time to hardware SHA implementation
Fixes a bug where some longer block sizes produced incorrect results.
2016-09-08 16:47:34 +08:00
Angus Gratton
0a970e3a25 hwcrypto: Match API completely to mbedTLS naming conventions 2016-09-08 16:47:31 +08:00
Angus Gratton
2580c07ae6 esp32 hwcrypto: Make SHA-224 an obvious no-op for now
This is not the long term solution...
2016-09-08 16:47:28 +08:00
Angus Gratton
0647d1e922 esp32 hwcrypto: Rework hardware crypto locking
Should protect against concurrent use of hardware crypto primitives,
with good performance.

Not necessary to call esp_aes_acquire_hardware(),
esp_sha_acquire_hardware(), etc when using these APIs. These are
provided for external users calling the hardware crypto hardware
directly, to coexist with this implementation.
2016-09-08 16:47:13 +08:00
Angus Gratton
4167b68eef esp32: Move hardware crypto implementation/headers to hwcrypto directories 2016-09-08 16:46:28 +08:00