diff --git a/components/bootloader_support/include_bootloader/bootloader_sha.h b/components/bootloader_support/include_bootloader/bootloader_sha.h index 079a457917..89c2efad11 100644 --- a/components/bootloader_support/include_bootloader/bootloader_sha.h +++ b/components/bootloader_support/include_bootloader/bootloader_sha.h @@ -17,7 +17,7 @@ that can be used from bootloader or app code. This header is available to source code in the bootloader & bootloader_support components only. - Use mbedTLS APIs or include hwcrypto/sha.h to calculate SHA256 in IDF apps. + Use mbedTLS APIs or include esp32/sha.h to calculate SHA256 in IDF apps. */ #include diff --git a/components/esp32/CMakeLists.txt b/components/esp32/CMakeLists.txt index c8783c06ef..97f73dcacd 100644 --- a/components/esp32/CMakeLists.txt +++ b/components/esp32/CMakeLists.txt @@ -40,9 +40,7 @@ else() "spiram_psram.c" "system_api.c" "task_wdt.c" - "wifi_init.c" - "hwcrypto/aes.c" - "hwcrypto/sha.c") + "wifi_init.c") set(COMPONENT_ADD_INCLUDEDIRS "include") set(COMPONENT_REQUIRES driver esp_event efuse) diff --git a/components/esp32/component.mk b/components/esp32/component.mk index 6a656736f6..abba9bbaf7 100644 --- a/components/esp32/component.mk +++ b/components/esp32/component.mk @@ -2,7 +2,7 @@ # Component Makefile # -COMPONENT_SRCDIRS := . hwcrypto +COMPONENT_SRCDIRS := . LIBS ?= ifndef CONFIG_NO_BLOBS LIBS += core rtc net80211 pp wpa smartconfig coexist wps wpa2 espnow phy mesh diff --git a/components/esp32/test/test_aes_sha_rsa.c b/components/esp32/test/test_aes_sha_rsa.c index 70383dd839..93210b8779 100644 --- a/components/esp32/test/test_aes_sha_rsa.c +++ b/components/esp32/test/test_aes_sha_rsa.c @@ -18,8 +18,8 @@ #include "soc/rtc.h" #include "esp_log.h" #include "mbedtls/sha256.h" -#include "hwcrypto/sha.h" -#include "hwcrypto/aes.h" +#include "esp32/sha.h" +#include "esp32/aes.h" #include "mbedtls/rsa.h" static const char *TAG = "test"; diff --git a/components/esp32/test/test_sha.c b/components/esp32/test/test_sha.c index db9754b531..641dbab69f 100644 --- a/components/esp32/test/test_sha.c +++ b/components/esp32/test/test_sha.c @@ -13,7 +13,7 @@ #include "mbedtls/sha1.h" #include "mbedtls/sha256.h" #include "mbedtls/sha512.h" -#include "hwcrypto/sha.h" +#include "esp32/sha.h" /* Note: Most of the SHA functions are called as part of mbedTLS, so are tested as part of mbedTLS tests. Only esp_sha() is different. diff --git a/components/esp_rom/include/esp32/rom/aes.h b/components/esp_rom/include/esp32/rom/aes.h index 80eca973fc..bbe13d22e4 100644 --- a/components/esp_rom/include/esp32/rom/aes.h +++ b/components/esp_rom/include/esp32/rom/aes.h @@ -2,7 +2,7 @@ ROM functions for hardware AES support. It is not recommended to use these functions directly, - use the wrapper functions in hwcrypto/aes.h instead. + use the wrapper functions in esp32/aes.h instead. */ // Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD diff --git a/components/esp_rom/include/esp32/rom/sha.h b/components/esp_rom/include/esp32/rom/sha.h index 5dd9c9981f..888c32c3c8 100644 --- a/components/esp_rom/include/esp32/rom/sha.h +++ b/components/esp_rom/include/esp32/rom/sha.h @@ -3,7 +3,7 @@ It is not recommended to use these functions directly. If using them from esp-idf then use the esp_sha_lock_engine() and - esp_sha_lock_memory_block() functions in hwcrypto/sha.h to ensure + esp_sha_lock_memory_block() functions in esp32/sha.h to ensure exclusive access. */ // Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD diff --git a/components/mbedtls/CMakeLists.txt b/components/mbedtls/CMakeLists.txt index 67f6f75522..03d51eac38 100644 --- a/components/mbedtls/CMakeLists.txt +++ b/components/mbedtls/CMakeLists.txt @@ -83,7 +83,9 @@ target_sources(mbedtls PRIVATE "${COMPONENT_PATH}/port/esp_bignum.c" "${COMPONENT_PATH}/port/esp_sha256.c" "${COMPONENT_PATH}/port/esp_sha512.c" "${COMPONENT_PATH}/port/mbedtls_debug.c" - "${COMPONENT_PATH}/port/net_sockets.c") + "${COMPONENT_PATH}/port/net_sockets.c" + "${COMPONENT_PATH}/port/esp32/aes.c" + "${COMPONENT_PATH}/port/esp32/sha.c") foreach(target ${mbedtls_targets}) # Propagate compile options to mbedtls library targets diff --git a/components/mbedtls/component.mk b/components/mbedtls/component.mk index 9db378c1be..09ce80c96c 100644 --- a/components/mbedtls/component.mk +++ b/components/mbedtls/component.mk @@ -4,7 +4,7 @@ COMPONENT_ADD_INCLUDEDIRS := port/include mbedtls/include -COMPONENT_SRCDIRS := mbedtls/library port +COMPONENT_SRCDIRS := mbedtls/library port port/esp32 COMPONENT_OBJEXCLUDE := mbedtls/library/net_sockets.o diff --git a/components/esp32/hwcrypto/aes.c b/components/mbedtls/port/esp32/aes.c similarity index 99% rename from components/esp32/hwcrypto/aes.c rename to components/mbedtls/port/esp32/aes.c index e51e1aefc4..a4bec8cb52 100644 --- a/components/esp32/hwcrypto/aes.c +++ b/components/mbedtls/port/esp32/aes.c @@ -27,7 +27,7 @@ */ #include #include "mbedtls/aes.h" -#include "hwcrypto/aes.h" +#include "esp32/aes.h" #include "soc/dport_reg.h" #include "soc/hwcrypto_reg.h" #include diff --git a/components/esp32/hwcrypto/sha.c b/components/mbedtls/port/esp32/sha.c similarity index 95% rename from components/esp32/hwcrypto/sha.c rename to components/mbedtls/port/esp32/sha.c index b60c7280dd..4cff99575f 100644 --- a/components/esp32/hwcrypto/sha.c +++ b/components/mbedtls/port/esp32/sha.c @@ -27,13 +27,13 @@ #include #include -#include +#include #include #include "freertos/FreeRTOS.h" #include "freertos/semphr.h" -#include "hwcrypto/sha.h" +#include "esp32/sha.h" #include "esp32/rom/ets_sys.h" #include "soc/dport_reg.h" #include "soc/hwcrypto_reg.h" @@ -135,6 +135,7 @@ static SemaphoreHandle_t sha_get_engine_state(esp_sha_type sha_type) unsigned idx = sha_engine_index(sha_type); volatile SemaphoreHandle_t *engine = &engine_states[idx]; SemaphoreHandle_t result = *engine; + uint32_t set_engine = 0; if (result == NULL) { // Create a new semaphore for 'in use' flag @@ -143,7 +144,7 @@ static SemaphoreHandle_t sha_get_engine_state(esp_sha_type sha_type) xSemaphoreGive(new_engine); // start available // try to atomically set the previously NULL *engine to new_engine - uint32_t set_engine = (uint32_t)new_engine; + set_engine = (uint32_t)new_engine; uxPortCompareSet((volatile uint32_t *)engine, 0, &set_engine); if (set_engine != 0) { // we lost a race setting *engine @@ -229,6 +230,8 @@ void esp_sha_wait_idle(void) void esp_sha_read_digest_state(esp_sha_type sha_type, void *digest_state) { + uint32_t *digest_state_words = NULL; + uint32_t *reg_addr_buf = NULL; #ifndef NDEBUG { SemaphoreHandle_t *engine_state = sha_get_engine_state(sha_type); @@ -246,8 +249,8 @@ void esp_sha_read_digest_state(esp_sha_type sha_type, void *digest_state) DPORT_REG_WRITE(SHA_LOAD_REG(sha_type), 1); while(DPORT_REG_READ(SHA_BUSY_REG(sha_type)) == 1) { } - uint32_t *digest_state_words = (uint32_t *)digest_state; - uint32_t *reg_addr_buf = (uint32_t *)(SHA_TEXT_BASE); + digest_state_words = (uint32_t *)digest_state; + reg_addr_buf = (uint32_t *)(SHA_TEXT_BASE); if(sha_type == SHA2_384 || sha_type == SHA2_512) { /* for these ciphers using 64-bit states, swap each pair of words */ DPORT_INTERRUPT_DISABLE(); // Disable interrupt only on current CPU. @@ -264,6 +267,8 @@ void esp_sha_read_digest_state(esp_sha_type sha_type, void *digest_state) void esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_first_block) { + uint32_t *reg_addr_buf = NULL; + uint32_t *data_words = NULL; #ifndef NDEBUG { SemaphoreHandle_t *engine_state = sha_get_engine_state(sha_type); @@ -280,10 +285,10 @@ void esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_first_ esp_sha_wait_idle(); /* Fill the data block */ - uint32_t *reg_addr_buf = (uint32_t *)(SHA_TEXT_BASE); - uint32_t *data_words = (uint32_t *)data_block; + reg_addr_buf = (uint32_t *)(SHA_TEXT_BASE); + data_words = (uint32_t *)data_block; for (int i = 0; i < block_length(sha_type) / 4; i++) { - reg_addr_buf[i] = __bswap_32(data_words[i]); + reg_addr_buf[i] = __builtin_bswap32(data_words[i]); } asm volatile ("memw"); @@ -311,9 +316,10 @@ void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, uns const size_t BLOCKS_PER_CHUNK = 100; const size_t MAX_CHUNK_LEN = BLOCKS_PER_CHUNK * block_len; + SHA_CTX ctx; + esp_sha_lock_engine(sha_type); - SHA_CTX ctx; ets_sha_init(&ctx); while (ilen > 0) { diff --git a/components/mbedtls/port/esp_sha1.c b/components/mbedtls/port/esp_sha1.c index fddc32dd5d..ba5231b9ce 100644 --- a/components/mbedtls/port/esp_sha1.c +++ b/components/mbedtls/port/esp_sha1.c @@ -47,7 +47,7 @@ #endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_SELF_TEST */ -#include "hwcrypto/sha.h" +#include "esp32/sha.h" /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { diff --git a/components/mbedtls/port/esp_sha256.c b/components/mbedtls/port/esp_sha256.c index 4eb37c077d..7a1e2a1475 100644 --- a/components/mbedtls/port/esp_sha256.c +++ b/components/mbedtls/port/esp_sha256.c @@ -48,7 +48,7 @@ #endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_SELF_TEST */ -#include "hwcrypto/sha.h" +#include "esp32/sha.h" /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { diff --git a/components/mbedtls/port/esp_sha512.c b/components/mbedtls/port/esp_sha512.c index a61f5f5c2e..58cd79097f 100644 --- a/components/mbedtls/port/esp_sha512.c +++ b/components/mbedtls/port/esp_sha512.c @@ -54,7 +54,7 @@ #endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_SELF_TEST */ -#include "hwcrypto/sha.h" +#include "esp32/sha.h" inline static esp_sha_type sha_type(const mbedtls_sha512_context *ctx) { diff --git a/components/mbedtls/port/include/aes_alt.h b/components/mbedtls/port/include/aes_alt.h index cf87ea5c15..2f6813729d 100644 --- a/components/mbedtls/port/include/aes_alt.h +++ b/components/mbedtls/port/include/aes_alt.h @@ -28,7 +28,7 @@ extern "C" { #endif #if defined(MBEDTLS_AES_ALT) -#include "hwcrypto/aes.h" +#include "esp32/aes.h" typedef esp_aes_context mbedtls_aes_context; diff --git a/components/esp32/include/hwcrypto/aes.h b/components/mbedtls/port/include/esp32/aes.h similarity index 98% rename from components/esp32/include/hwcrypto/aes.h rename to components/mbedtls/port/include/esp32/aes.h index 424713f98c..6f5c1ff54e 100644 --- a/components/esp32/include/hwcrypto/aes.h +++ b/components/mbedtls/port/include/esp32/aes.h @@ -328,6 +328,9 @@ int esp_internal_aes_decrypt( esp_aes_context *ctx, const unsigned char input[16 /** Deprecated, see esp_aes_internal_decrypt */ void esp_aes_decrypt( esp_aes_context *ctx, const unsigned char input[16], unsigned char output[16] ) __attribute__((deprecated)); +/** AES-XTS buffer encryption/decryption */ +int esp_aes_crypt_xts( esp_aes_xts_context *ctx, int mode, size_t length, const unsigned char data_unit[16], const unsigned char *input, unsigned char *output ); + #ifdef __cplusplus } #endif diff --git a/components/esp32/include/hwcrypto/sha.h b/components/mbedtls/port/include/esp32/sha.h similarity index 100% rename from components/esp32/include/hwcrypto/sha.h rename to components/mbedtls/port/include/esp32/sha.h