2019-05-10 03:34:06 +00:00
|
|
|
/*
|
|
|
|
* ESP32 hardware accelerated SHA1/256/512 implementation
|
|
|
|
* based on mbedTLS FIPS-197 compliant version.
|
|
|
|
*
|
|
|
|
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
|
|
|
* Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE Ltd
|
|
|
|
* SPDX-License-Identifier: Apache-2.0
|
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
|
|
* not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
|
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
/*
|
|
|
|
* The SHA-1 standard was published by NIST in 1993.
|
|
|
|
*
|
|
|
|
* http://www.itl.nist.gov/fipspubs/fip180-1.htm
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <string.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <sys/lock.h>
|
|
|
|
#include <assert.h>
|
2019-12-26 07:25:24 +00:00
|
|
|
#include "soc/soc.h"
|
2020-01-17 03:47:08 +00:00
|
|
|
#include "esp32s2/crypto_dma.h"
|
|
|
|
#include "esp32s2/sha.h"
|
2019-12-26 07:25:24 +00:00
|
|
|
#include "soc/crypto_dma_reg.h"
|
2020-01-17 03:47:08 +00:00
|
|
|
#include "esp32s2/rom/ets_sys.h"
|
2019-05-10 03:34:06 +00:00
|
|
|
#include "soc/dport_reg.h"
|
|
|
|
#include "soc/hwcrypto_reg.h"
|
2020-01-17 03:47:08 +00:00
|
|
|
#include "esp32s2/rom/lldesc.h"
|
|
|
|
#include "esp32s2/rom/cache.h"
|
2019-12-26 07:25:24 +00:00
|
|
|
#include "esp_intr_alloc.h"
|
|
|
|
#include "esp_log.h"
|
|
|
|
#include "soc/periph_defs.h"
|
|
|
|
|
|
|
|
#include "freertos/FreeRTOS.h"
|
|
|
|
#include "freertos/task.h"
|
|
|
|
#include "freertos/semphr.h"
|
2019-05-10 03:34:06 +00:00
|
|
|
|
|
|
|
/* Single lock for SHA engine
|
|
|
|
*/
|
|
|
|
static _lock_t s_sha_lock;
|
|
|
|
|
2019-12-26 07:25:24 +00:00
|
|
|
/* Enable if want to use SHA interrupt */
|
|
|
|
//#define CONFIG_MBEDTLS_SHA_USE_INTERRUPT
|
|
|
|
|
|
|
|
#if defined(CONFIG_MBEDTLS_SHA_USE_INTERRUPT)
|
|
|
|
static SemaphoreHandle_t op_complete_sem;
|
|
|
|
#endif
|
2019-05-10 03:34:06 +00:00
|
|
|
|
|
|
|
/* Return block size (in bytes) for a given SHA type */
|
2019-12-26 07:25:24 +00:00
|
|
|
inline static size_t block_length(esp_sha_type type)
|
|
|
|
{
|
|
|
|
switch (type) {
|
2019-05-10 03:34:06 +00:00
|
|
|
case SHA1:
|
|
|
|
case SHA2_224:
|
|
|
|
case SHA2_256:
|
|
|
|
return 64;
|
|
|
|
case SHA2_384:
|
|
|
|
case SHA2_512:
|
2019-12-26 07:25:24 +00:00
|
|
|
case SHA2_512224:
|
|
|
|
case SHA2_512256:
|
|
|
|
case SHA2_512T:
|
2019-05-10 03:34:06 +00:00
|
|
|
return 128;
|
|
|
|
default:
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Return state size (in bytes) for a given SHA type */
|
2019-12-26 07:25:24 +00:00
|
|
|
inline static size_t state_length(esp_sha_type type)
|
|
|
|
{
|
|
|
|
switch (type) {
|
2019-05-10 03:34:06 +00:00
|
|
|
case SHA1:
|
2019-12-26 07:25:24 +00:00
|
|
|
return 160 / 8;
|
2019-05-10 03:34:06 +00:00
|
|
|
case SHA2_224:
|
|
|
|
case SHA2_256:
|
2019-12-26 07:25:24 +00:00
|
|
|
return 256 / 8;
|
2019-05-10 03:34:06 +00:00
|
|
|
case SHA2_384:
|
|
|
|
case SHA2_512:
|
2019-12-26 07:25:24 +00:00
|
|
|
case SHA2_512224:
|
|
|
|
case SHA2_512256:
|
|
|
|
case SHA2_512T:
|
|
|
|
return 512 / 8;
|
2019-05-10 03:34:06 +00:00
|
|
|
default:
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-12-26 07:25:24 +00:00
|
|
|
/* This API was designed for ESP32, which has seperate
|
|
|
|
engines for SHA1,256,512. ESP32C has a single engine.
|
|
|
|
*/
|
2019-05-10 03:34:06 +00:00
|
|
|
static void esp_sha_lock_engine_inner(void);
|
|
|
|
|
|
|
|
bool esp_sha_try_lock_engine(esp_sha_type sha_type)
|
|
|
|
{
|
2019-12-26 07:25:24 +00:00
|
|
|
if (_lock_try_acquire(&s_sha_lock) != 0) {
|
2019-05-10 03:34:06 +00:00
|
|
|
/* SHA engine is already in use */
|
|
|
|
return false;
|
|
|
|
} else {
|
|
|
|
esp_sha_lock_engine_inner();
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void esp_sha_lock_engine(esp_sha_type sha_type)
|
|
|
|
{
|
|
|
|
_lock_acquire(&s_sha_lock);
|
|
|
|
esp_sha_lock_engine_inner();
|
|
|
|
}
|
|
|
|
|
2019-12-26 07:25:24 +00:00
|
|
|
/* Enable SHA block and then lock it */
|
2019-05-10 03:34:06 +00:00
|
|
|
static void esp_sha_lock_engine_inner(void)
|
|
|
|
{
|
2019-12-26 07:25:24 +00:00
|
|
|
/* Need to lock DMA since it is shared with AES block */
|
|
|
|
portENTER_CRITICAL(&crypto_dma_spinlock);
|
|
|
|
|
|
|
|
REG_SET_BIT(DPORT_PERIP_CLK_EN1_REG, DPORT_CRYPTO_SHA_CLK_EN | DPORT_CRYPTO_DMA_CLK_EN);
|
|
|
|
REG_CLR_BIT(DPORT_PERIP_RST_EN1_REG, DPORT_CRYPTO_SHA_RST | DPORT_CRYPTO_HMAC_RST |
|
|
|
|
DPORT_CRYPTO_DMA_RST | DPORT_CRYPTO_DS_RST);
|
|
|
|
|
|
|
|
/* DMA for SHA */
|
|
|
|
REG_WRITE(CRYPTO_DMA_AES_SHA_SELECT_REG, 1);
|
2019-05-10 03:34:06 +00:00
|
|
|
}
|
|
|
|
|
2019-12-26 07:25:24 +00:00
|
|
|
/* Disable SHA block and then unlock it */
|
2019-05-10 03:34:06 +00:00
|
|
|
void esp_sha_unlock_engine(esp_sha_type sha_type)
|
|
|
|
{
|
2019-12-26 07:25:24 +00:00
|
|
|
REG_WRITE(CRYPTO_DMA_AES_SHA_SELECT_REG, 0);
|
|
|
|
|
|
|
|
REG_SET_BIT(DPORT_PERIP_RST_EN1_REG, DPORT_CRYPTO_SHA_RST | DPORT_CRYPTO_DMA_RST |
|
|
|
|
DPORT_CRYPTO_DS_RST);
|
|
|
|
REG_CLR_BIT(DPORT_PERIP_CLK_EN1_REG, DPORT_CRYPTO_SHA_CLK_EN | DPORT_CRYPTO_DMA_CLK_EN);
|
|
|
|
|
|
|
|
portEXIT_CRITICAL(&crypto_dma_spinlock);
|
|
|
|
|
2019-05-10 03:34:06 +00:00
|
|
|
_lock_release(&s_sha_lock);
|
|
|
|
}
|
|
|
|
|
2019-12-26 07:25:24 +00:00
|
|
|
#if defined (CONFIG_MBEDTLS_SHA_USE_INTERRUPT)
|
|
|
|
static IRAM_ATTR void esp_sha_dma_isr(void *arg)
|
|
|
|
{
|
|
|
|
BaseType_t higher_woken;
|
|
|
|
REG_WRITE(SHA_CLEAR_IRQ_REG, 1);
|
|
|
|
xSemaphoreGiveFromISR(op_complete_sem, &higher_woken);
|
|
|
|
if (higher_woken) {
|
|
|
|
portYIELD_FROM_ISR();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
/* Check if SHA operation completed */
|
|
|
|
static int esp_sha_dma_complete(void)
|
|
|
|
{
|
|
|
|
#if defined (CONFIG_MBEDTLS_SHA_USE_INTERRUPT)
|
|
|
|
if (!xSemaphoreTake(op_complete_sem, 2000 / portTICK_PERIOD_MS)) {
|
|
|
|
ESP_LOGE("SHA", "Timed out waiting for completion of SHA Interrupt");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
#else
|
|
|
|
esp_sha_wait_idle();
|
|
|
|
#endif
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Wait until SHA is busy */
|
2019-05-10 03:34:06 +00:00
|
|
|
void esp_sha_wait_idle(void)
|
|
|
|
{
|
2019-12-26 07:25:24 +00:00
|
|
|
while (DPORT_REG_READ(SHA_BUSY_REG) != 0) { }
|
2019-05-10 03:34:06 +00:00
|
|
|
}
|
|
|
|
|
2019-12-26 07:25:24 +00:00
|
|
|
/* Read the SHA digest from hardware */
|
2019-05-10 03:34:06 +00:00
|
|
|
void esp_sha_read_digest_state(esp_sha_type sha_type, void *digest_state)
|
|
|
|
{
|
|
|
|
esp_sha_wait_idle();
|
2019-12-26 07:25:24 +00:00
|
|
|
memcpy(digest_state, (void *)SHA_H_BASE, state_length(sha_type));
|
2019-05-10 03:34:06 +00:00
|
|
|
}
|
|
|
|
|
2019-12-26 07:25:24 +00:00
|
|
|
/* Internally calls DMA API for single block */
|
2019-05-10 03:34:06 +00:00
|
|
|
void esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_first_block)
|
|
|
|
{
|
2019-12-26 07:25:24 +00:00
|
|
|
esp_sha_dma(sha_type, data_block, block_length(sha_type), is_first_block);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Performs SHA on multiple blocks at a time */
|
|
|
|
int esp_sha_dma(esp_sha_type sha_type, const void *data_block, uint32_t ilen, bool is_first_block)
|
|
|
|
{
|
|
|
|
size_t blk_len = 0;
|
|
|
|
const uint8_t *local_buf = data_block;
|
|
|
|
int ret = 0;
|
|
|
|
volatile lldesc_t dma_descr;
|
|
|
|
|
|
|
|
if (ilen == 0) {
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
blk_len = block_length(sha_type);
|
2019-05-10 03:34:06 +00:00
|
|
|
|
|
|
|
REG_WRITE(SHA_MODE_REG, sha_type);
|
2019-12-26 07:25:24 +00:00
|
|
|
if ((sha_type == SHA2_512T) && (is_first_block == true)) {
|
|
|
|
REG_WRITE(SHA_START_REG, 1);
|
|
|
|
}
|
2019-05-10 03:34:06 +00:00
|
|
|
|
2019-12-26 07:25:24 +00:00
|
|
|
REG_WRITE(SHA_BLOCK_NUM_REG, (ilen / blk_len));
|
|
|
|
|
|
|
|
if ((sha_type == SHA2_512T) && (is_first_block == true)) {
|
|
|
|
esp_sha_wait_idle();
|
|
|
|
is_first_block = false;
|
|
|
|
}
|
|
|
|
|
|
|
|
bzero( (void *)&dma_descr, sizeof( dma_descr ) );
|
|
|
|
|
|
|
|
/* DMA descriptor for Memory to DMA-AES transfer */
|
|
|
|
dma_descr.length = ilen;
|
|
|
|
dma_descr.size = ilen;
|
|
|
|
dma_descr.owner = 1;
|
|
|
|
dma_descr.eof = 1;
|
|
|
|
dma_descr.buf = local_buf;
|
|
|
|
dma_descr.sosf = 0;
|
|
|
|
dma_descr.empty = 0;
|
|
|
|
|
|
|
|
#if (CONFIG_SPIRAM_USE_CAPS_ALLOC || CONFIG_SPIRAM_USE_MALLOC)
|
|
|
|
if ((unsigned int)data_block >= SOC_EXTRAM_DATA_LOW && (unsigned int)data_block <= SOC_EXTRAM_DATA_HIGH) {
|
|
|
|
Cache_WriteBack_All();
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
/* Reset DMA */
|
|
|
|
SET_PERI_REG_MASK(CRYPTO_DMA_CONF0_REG, CONF0_REG_AHBM_RST | CONF0_REG_OUT_RST | CONF0_REG_AHBM_FIFO_RST);
|
|
|
|
CLEAR_PERI_REG_MASK(CRYPTO_DMA_CONF0_REG, CONF0_REG_AHBM_RST | CONF0_REG_OUT_RST | CONF0_REG_AHBM_FIFO_RST);
|
|
|
|
|
|
|
|
/* Set descriptors */
|
|
|
|
CLEAR_PERI_REG_MASK(CRYPTO_DMA_OUT_LINK_REG, OUT_LINK_REG_OUTLINK_ADDR);
|
|
|
|
SET_PERI_REG_MASK(CRYPTO_DMA_OUT_LINK_REG, ((uint32_t)(&dma_descr))&OUT_LINK_REG_OUTLINK_ADDR);
|
|
|
|
/* Start transfer */
|
|
|
|
SET_PERI_REG_MASK(CRYPTO_DMA_OUT_LINK_REG, OUT_LINK_REG_OUTLINK_START);
|
|
|
|
|
|
|
|
#if defined (CONFIG_MBEDTLS_SHA_USE_INTERRUPT)
|
|
|
|
REG_WRITE(SHA_CLEAR_IRQ_REG, 1);
|
|
|
|
if (op_complete_sem == NULL) {
|
|
|
|
op_complete_sem = xSemaphoreCreateBinary();
|
|
|
|
esp_intr_alloc(ETS_SHA_INTR_SOURCE, 0, esp_sha_dma_isr, 0, 0);
|
|
|
|
}
|
|
|
|
REG_WRITE(SHA_INT_ENA_REG, 1);
|
|
|
|
#endif
|
2019-05-10 03:34:06 +00:00
|
|
|
|
|
|
|
if (is_first_block) {
|
2019-12-26 07:25:24 +00:00
|
|
|
REG_WRITE(SHA_DMA_START_REG, 1);
|
2019-05-10 03:34:06 +00:00
|
|
|
} else {
|
2019-12-26 07:25:24 +00:00
|
|
|
REG_WRITE(SHA_DMA_CONTINUE_REG, 1);
|
|
|
|
}
|
|
|
|
|
|
|
|
ret = esp_sha_dma_complete();
|
|
|
|
|
|
|
|
#if (CONFIG_SPIRAM_USE_CAPS_ALLOC || CONFIG_SPIRAM_USE_MALLOC)
|
|
|
|
if ((unsigned int)data_block >= SOC_EXTRAM_DATA_LOW && (unsigned int)data_block <= SOC_EXTRAM_DATA_HIGH) {
|
|
|
|
Cache_Invalidate_DCache_All();
|
2019-05-10 03:34:06 +00:00
|
|
|
}
|
2019-12-26 07:25:24 +00:00
|
|
|
#endif
|
2019-05-10 03:34:06 +00:00
|
|
|
|
2019-12-26 07:25:24 +00:00
|
|
|
return ret;
|
2019-05-10 03:34:06 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output)
|
|
|
|
{
|
|
|
|
SHA_CTX ctx;
|
|
|
|
|
|
|
|
esp_sha_lock_engine(sha_type);
|
|
|
|
|
|
|
|
ets_sha_init(&ctx, sha_type);
|
|
|
|
ets_sha_starts(&ctx, 0);
|
|
|
|
ets_sha_update(&ctx, input, ilen, false);
|
|
|
|
ets_sha_finish(&ctx, output);
|
|
|
|
|
|
|
|
esp_sha_unlock_engine(sha_type);
|
|
|
|
}
|