move hwcrypto from esp32 to mbedtls

2019-03-25 14:15:14 +08:00 · 2019-03-25 14:15:14 +08:00 · 709a320f33
parent 9f3b550ff4
commit 709a320f33
17 changed files with 35 additions and 26 deletions
--- a/components/bootloader_support/include_bootloader/bootloader_sha.h
+++ b/components/bootloader_support/include_bootloader/bootloader_sha.h
@ -17,7 +17,7 @@
   that can be used from bootloader or app code.

   This header is available to source code in the bootloader & bootloader_support components only.
-   Use mbedTLS APIs or include hwcrypto/sha.h to calculate SHA256 in IDF apps.
+   Use mbedTLS APIs or include esp32/sha.h to calculate SHA256 in IDF apps.
 */

 #include <stdint.h>
--- a/components/esp32/CMakeLists.txt
+++ b/components/esp32/CMakeLists.txt
@ -40,9 +40,7 @@ else()
                   "spiram_psram.c"
                   "system_api.c"
                   "task_wdt.c"
-                   "wifi_init.c"
-                   "hwcrypto/aes.c"
-                   "hwcrypto/sha.c")
+                   "wifi_init.c")
    set(COMPONENT_ADD_INCLUDEDIRS "include")

    set(COMPONENT_REQUIRES driver esp_event efuse)
--- a/components/esp32/component.mk
+++ b/components/esp32/component.mk
@ -2,7 +2,7 @@
 # Component Makefile
 #

-COMPONENT_SRCDIRS := . hwcrypto
+COMPONENT_SRCDIRS := .
 LIBS ?=
 ifndef CONFIG_NO_BLOBS
 LIBS += core rtc net80211 pp wpa smartconfig coexist wps wpa2 espnow phy mesh
--- a/components/esp32/test/test_aes_sha_rsa.c
+++ b/components/esp32/test/test_aes_sha_rsa.c
@ -18,8 +18,8 @@
 #include "soc/rtc.h"
 #include "esp_log.h"
 #include "mbedtls/sha256.h"
-#include "hwcrypto/sha.h"
-#include "hwcrypto/aes.h"
+#include "esp32/sha.h"
+#include "esp32/aes.h"
 #include "mbedtls/rsa.h"

 static const char *TAG = "test";
--- a/components/esp32/test/test_sha.c
+++ b/components/esp32/test/test_sha.c
@ -13,7 +13,7 @@
 #include "mbedtls/sha1.h"
 #include "mbedtls/sha256.h"
 #include "mbedtls/sha512.h"
-#include "hwcrypto/sha.h"
+#include "esp32/sha.h"

 /* Note: Most of the SHA functions are called as part of mbedTLS, so
 are tested as part of mbedTLS tests. Only esp_sha() is different.
--- a/components/esp_rom/include/esp32/rom/aes.h
+++ b/components/esp_rom/include/esp32/rom/aes.h
@ -2,7 +2,7 @@
  ROM functions for hardware AES support.

  It is not recommended to use these functions directly,
-  use the wrapper functions in hwcrypto/aes.h instead.
+  use the wrapper functions in esp32/aes.h instead.

 */
 // Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
--- a/components/esp_rom/include/esp32/rom/sha.h
+++ b/components/esp_rom/include/esp32/rom/sha.h
@ -3,7 +3,7 @@

  It is not recommended to use these functions directly.  If using
  them from esp-idf then use the esp_sha_lock_engine() and
-  esp_sha_lock_memory_block() functions in hwcrypto/sha.h to ensure
+  esp_sha_lock_memory_block() functions in esp32/sha.h to ensure
  exclusive access.
 */
 // Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
--- a/components/mbedtls/CMakeLists.txt
+++ b/components/mbedtls/CMakeLists.txt
@ -83,7 +83,9 @@ target_sources(mbedtls PRIVATE "${COMPONENT_PATH}/port/esp_bignum.c"
                                "${COMPONENT_PATH}/port/esp_sha256.c"
                                "${COMPONENT_PATH}/port/esp_sha512.c"
                                "${COMPONENT_PATH}/port/mbedtls_debug.c"
-                                "${COMPONENT_PATH}/port/net_sockets.c")
+                                "${COMPONENT_PATH}/port/net_sockets.c"
+                                "${COMPONENT_PATH}/port/esp32/aes.c"
+                                "${COMPONENT_PATH}/port/esp32/sha.c")

 foreach(target ${mbedtls_targets})
    # Propagate compile options to mbedtls library targets
--- a/components/mbedtls/component.mk
+++ b/components/mbedtls/component.mk
@ -4,7 +4,7 @@

 COMPONENT_ADD_INCLUDEDIRS := port/include mbedtls/include

-COMPONENT_SRCDIRS := mbedtls/library port
+COMPONENT_SRCDIRS := mbedtls/library port port/esp32

 COMPONENT_OBJEXCLUDE := mbedtls/library/net_sockets.o

--- a/components/mbedtls/port/esp32/aes.c
+++ b/components/mbedtls/port/esp32/aes.c
@ -27,7 +27,7 @@
 */
 #include <string.h>
 #include "mbedtls/aes.h"
-#include "hwcrypto/aes.h"
+#include "esp32/aes.h"
 #include "soc/dport_reg.h"
 #include "soc/hwcrypto_reg.h"
 #include <sys/lock.h>
--- a/components/mbedtls/port/esp32/sha.c
+++ b/components/mbedtls/port/esp32/sha.c
@ -27,13 +27,13 @@

 #include <string.h>
 #include <stdio.h>
-#include <byteswap.h>
+#include <machine/endian.h>
 #include <assert.h>

 #include "freertos/FreeRTOS.h"
 #include "freertos/semphr.h"

-#include "hwcrypto/sha.h"
+#include "esp32/sha.h"
 #include "esp32/rom/ets_sys.h"
 #include "soc/dport_reg.h"
 #include "soc/hwcrypto_reg.h"
@ -135,6 +135,7 @@ static SemaphoreHandle_t sha_get_engine_state(esp_sha_type sha_type)
    unsigned idx = sha_engine_index(sha_type);
    volatile SemaphoreHandle_t *engine = &engine_states[idx];
    SemaphoreHandle_t result = *engine;
+    uint32_t set_engine = 0;

    if (result == NULL) {
        // Create a new semaphore for 'in use' flag
@ -143,7 +144,7 @@ static SemaphoreHandle_t sha_get_engine_state(esp_sha_type sha_type)
        xSemaphoreGive(new_engine); // start available

        // try to atomically set the previously NULL *engine to new_engine
-        uint32_t set_engine = (uint32_t)new_engine;
+        set_engine = (uint32_t)new_engine;
        uxPortCompareSet((volatile uint32_t *)engine, 0, &set_engine);

        if (set_engine != 0) { // we lost a race setting *engine
@ -229,6 +230,8 @@ void esp_sha_wait_idle(void)

 void esp_sha_read_digest_state(esp_sha_type sha_type, void *digest_state)
 {
+    uint32_t *digest_state_words = NULL;
+    uint32_t *reg_addr_buf = NULL;
 #ifndef NDEBUG
    {
        SemaphoreHandle_t *engine_state = sha_get_engine_state(sha_type);
@ -246,8 +249,8 @@ void esp_sha_read_digest_state(esp_sha_type sha_type, void *digest_state)

    DPORT_REG_WRITE(SHA_LOAD_REG(sha_type), 1);
    while(DPORT_REG_READ(SHA_BUSY_REG(sha_type)) == 1) { }
-    uint32_t *digest_state_words = (uint32_t *)digest_state;
-    uint32_t *reg_addr_buf = (uint32_t *)(SHA_TEXT_BASE);
+    digest_state_words = (uint32_t *)digest_state;
+    reg_addr_buf = (uint32_t *)(SHA_TEXT_BASE);
    if(sha_type == SHA2_384 || sha_type == SHA2_512) {
        /* for these ciphers using 64-bit states, swap each pair of words */
        DPORT_INTERRUPT_DISABLE(); // Disable interrupt only on current CPU.
@ -264,6 +267,8 @@ void esp_sha_read_digest_state(esp_sha_type sha_type, void *digest_state)

 void esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_first_block)
 {
+    uint32_t *reg_addr_buf = NULL;
+    uint32_t *data_words = NULL;
 #ifndef NDEBUG
    {
        SemaphoreHandle_t *engine_state = sha_get_engine_state(sha_type);
@ -280,10 +285,10 @@ void esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_first_
    esp_sha_wait_idle();

    /* Fill the data block */
-    uint32_t *reg_addr_buf = (uint32_t *)(SHA_TEXT_BASE);
-    uint32_t *data_words = (uint32_t *)data_block;
+    reg_addr_buf = (uint32_t *)(SHA_TEXT_BASE);
+    data_words = (uint32_t *)data_block;
    for (int i = 0; i < block_length(sha_type) / 4; i++) {
-        reg_addr_buf[i] = __bswap_32(data_words[i]);
+        reg_addr_buf[i] = __builtin_bswap32(data_words[i]);
    }
    asm volatile ("memw");

@ -311,9 +316,10 @@ void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, uns
    const size_t BLOCKS_PER_CHUNK = 100;
    const size_t MAX_CHUNK_LEN = BLOCKS_PER_CHUNK * block_len;

+    SHA_CTX ctx;
+
    esp_sha_lock_engine(sha_type);

-    SHA_CTX ctx;
    ets_sha_init(&ctx);

    while (ilen > 0) {
--- a/components/mbedtls/port/esp_sha1.c
+++ b/components/mbedtls/port/esp_sha1.c
@ -47,7 +47,7 @@
 #endif /* MBEDTLS_PLATFORM_C */
 #endif /* MBEDTLS_SELF_TEST */

-#include "hwcrypto/sha.h"
+#include "esp32/sha.h"

 /* Implementation that should never be optimized out by the compiler */
 static void mbedtls_zeroize( void *v, size_t n ) {
--- a/components/mbedtls/port/esp_sha256.c
+++ b/components/mbedtls/port/esp_sha256.c
@ -48,7 +48,7 @@
 #endif /* MBEDTLS_PLATFORM_C */
 #endif /* MBEDTLS_SELF_TEST */

-#include "hwcrypto/sha.h"
+#include "esp32/sha.h"

 /* Implementation that should never be optimized out by the compiler */
 static void mbedtls_zeroize( void *v, size_t n ) {
--- a/components/mbedtls/port/esp_sha512.c
+++ b/components/mbedtls/port/esp_sha512.c
@ -54,7 +54,7 @@
 #endif /* MBEDTLS_PLATFORM_C */
 #endif /* MBEDTLS_SELF_TEST */

-#include "hwcrypto/sha.h"
+#include "esp32/sha.h"

 inline static esp_sha_type sha_type(const mbedtls_sha512_context *ctx)
 {
--- a/components/mbedtls/port/include/aes_alt.h
+++ b/components/mbedtls/port/include/aes_alt.h
@ -28,7 +28,7 @@ extern "C" {
 #endif

 #if defined(MBEDTLS_AES_ALT)
-#include "hwcrypto/aes.h"
+#include "esp32/aes.h"

 typedef esp_aes_context mbedtls_aes_context;

--- a/components/mbedtls/port/include/esp32/aes.h
+++ b/components/mbedtls/port/include/esp32/aes.h
@ -328,6 +328,9 @@ int esp_internal_aes_decrypt( esp_aes_context *ctx, const unsigned char input[16
 /** Deprecated, see esp_aes_internal_decrypt */
 void esp_aes_decrypt( esp_aes_context *ctx, const unsigned char input[16], unsigned char output[16] ) __attribute__((deprecated));

+/** AES-XTS buffer encryption/decryption */
+int esp_aes_crypt_xts( esp_aes_xts_context *ctx, int mode, size_t length, const unsigned char data_unit[16], const unsigned char *input, unsigned char *output );
+
 #ifdef __cplusplus
 }
 #endif
--- a/components/mbedtls/port/include/esp32/sha.h
+++ b/components/mbedtls/port/include/esp32/sha.h