Merge branch 'feat/support_both_aes_and_sha_block_and_dma_modes_during_runtime' into 'master'

feat(mbedtls): Support both SHA block and DMA modes during runtime

Closes IDF-11848

See merge request espressif/esp-idf!36589

Author: Harshal5

components/esp-tls/test_apps/main/app_main.c

@@ -12,10 +12,8 @@
 #include "soc/soc_caps.h"
 #if SOC_SHA_SUPPORT_PARALLEL_ENG
 #include "sha/sha_parallel_engine.h"
-#elif SOC_SHA_SUPPORT_DMA
-#include "sha/sha_dma.h"
 #else
-#include "sha/sha_block.h"
+#include "sha/sha_core.h"
 #endif
 #include "esp_newlib.h"
 

components/esp_tee/scripts/esp32c6/secure_service.tbl

@@ -35,6 +35,7 @@
 128         IDF         esp_sha_dma                                   6
 129         IDF         esp_sha_read_digest_state                     2
 130         IDF         esp_sha_write_digest_state                    2
+131         IDF         esp_sha_block                                 3
 # ID: 168-183 (16) - eFuse
 168         IDF         esp_efuse_check_secure_version                1
 169         IDF         esp_efuse_read_field_blob                     3

components/esp_tee/src/esp_secure_service_wrapper.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2024-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -211,6 +211,11 @@ int __wrap_esp_sha_dma(esp_sha_type sha_type, const void *input, uint32_t ilen,
     return esp_tee_service_call(7, SS_ESP_SHA_DMA, sha_type, input, ilen, buf, buf_len, is_first_block);
 }
 
+int __wrap_esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_first_block)
+{
+    return esp_tee_service_call(4, SS_ESP_SHA_BLOCK, sha_type, data_block, is_first_block);
+}
+
 void __wrap_esp_sha_read_digest_state(esp_sha_type sha_type, void *digest_state)
 {
     esp_tee_service_call(3, SS_ESP_SHA_READ_DIGEST_STATE, sha_type, digest_state);

components/esp_tee/subproject/main/CMakeLists.txt

@@ -66,7 +66,7 @@ list(APPEND include "${mbedtls_dir}/port/include"
                     "${mbedtls_dir}/port/aes/include"
                     "${mbedtls_dir}/port/aes/dma/include")
 # SHA
-list(APPEND include "${mbedtls_dir}/port/sha/dma/include")
+list(APPEND include "${mbedtls_dir}/port/sha/core/include")
 
 # esp_app_desc_t configuration structure for TEE
 list(APPEND srcs "common/esp_app_desc_tee.c")

components/esp_tee/subproject/main/core/esp_secure_services.c

@@ -21,7 +21,7 @@
 
 #include "soc/soc_caps.h"
 #include "aes/esp_aes.h"
-#include "sha/sha_dma.h"
+#include "sha/sha_core.h"
 
 #include "esp_tee.h"
 #include "esp_tee_memory_utils.h"
@@ -314,6 +314,11 @@ void _ss_esp_sha_write_digest_state(esp_sha_type sha_type, void *digest_state)
     sha_hal_write_digest(sha_type, digest_state);
 }
 
+void _ss_esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_first_block)
+{
+    esp_sha_block(sha_type, data_block, is_first_block);
+}
+
 /* ---------------------------------------------- OTA ------------------------------------------------- */
 
 int _ss_esp_tee_ota_begin(void)

components/hal/test_apps/crypto/main/CMakeLists.txt

@@ -60,13 +60,13 @@ if(CONFIG_SOC_SHA_SUPPORTED)
 
       if(CONFIG_SOC_SHA_SUPPORT_DMA)
          list(APPEND srcs "sha/sha_dma.c"
-                           "$ENV{IDF_PATH}/components/mbedtls/port/sha/dma/sha.c")
-         list(APPEND priv_include_dirs "$ENV{IDF_PATH}/components/mbedtls/port/sha/dma/include")
+                           "$ENV{IDF_PATH}/components/mbedtls/port/sha/core/sha.c")
+         list(APPEND priv_include_dirs "$ENV{IDF_PATH}/components/mbedtls/port/sha/core/include")
 
          if(NOT CONFIG_SOC_SHA_GDMA)
-            list(APPEND srcs "$ENV{IDF_PATH}/components/mbedtls/port/sha/dma/esp_sha_crypto_dma_impl.c")
+            list(APPEND srcs "$ENV{IDF_PATH}/components/mbedtls/port/sha/core/esp_sha_crypto_dma_impl.c")
          else()
-            list(APPEND srcs "$ENV{IDF_PATH}/components/mbedtls/port/sha/dma/esp_sha_gdma_impl.c"
+            list(APPEND srcs "$ENV{IDF_PATH}/components/mbedtls/port/sha/core/esp_sha_gdma_impl.c"
                               "$ENV{IDF_PATH}/components/mbedtls/port/crypto_shared_gdma/esp_crypto_shared_gdma.c")
          endif()
       endif()

components/hal/test_apps/crypto/main/sha/sha_dma.c

@@ -17,7 +17,7 @@
 #if SOC_SHA_SUPPORTED
 #if SOC_SHA_SUPPORT_DMA
 
-#include "sha/sha_dma.h"
+#include "sha/sha_core.h"
 #include "sha_dma.h"
 
 #if defined(SOC_SHA_SUPPORT_SHA1)

components/mbedtls/CMakeLists.txt

@@ -191,12 +191,10 @@ endif()
 # Choose peripheral type
 
 if(CONFIG_SOC_SHA_SUPPORTED)
-    if(CONFIG_SOC_SHA_SUPPORT_DMA)
-        set(SHA_PERIPHERAL_TYPE "dma")
-    elseif(CONFIG_SOC_SHA_SUPPORT_PARALLEL_ENG)
+    if(CONFIG_SOC_SHA_SUPPORT_PARALLEL_ENG)
         set(SHA_PERIPHERAL_TYPE "parallel_engine")
     else()
-        set(SHA_PERIPHERAL_TYPE "block")
+        set(SHA_PERIPHERAL_TYPE "core")
     endif()
 endif()
 
@@ -208,15 +206,15 @@ if(CONFIG_SOC_AES_SUPPORTED)
     endif()
 endif()
 
-if(SHA_PERIPHERAL_TYPE STREQUAL "dma")
-    target_include_directories(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/sha/dma/include")
+if(SHA_PERIPHERAL_TYPE STREQUAL "core")
+    target_include_directories(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/sha/core/include")
 
-    if(NOT CONFIG_SOC_SHA_GDMA)
-        set(SHA_DMA_SRCS "${COMPONENT_DIR}/port/sha/dma/esp_sha_crypto_dma_impl.c")
-    else()
-        set(SHA_DMA_SRCS "${COMPONENT_DIR}/port/sha/dma/esp_sha_gdma_impl.c")
+    if(CONFIG_SOC_SHA_GDMA)
+        set(SHA_CORE_SRCS "${COMPONENT_DIR}/port/sha/core/esp_sha_gdma_impl.c")
+    elseif(CONFIG_SOC_SHA_CRYPTO_DMA)
+        set(SHA_CORE_SRCS "${COMPONENT_DIR}/port/sha/core/esp_sha_crypto_dma_impl.c")
     endif()
-    target_sources(mbedcrypto PRIVATE  "${SHA_DMA_SRCS}")
+    target_sources(mbedcrypto PRIVATE  "${SHA_CORE_SRCS}")
 endif()
 
 if(AES_PERIPHERAL_TYPE STREQUAL "dma")
@@ -232,7 +230,7 @@ if(AES_PERIPHERAL_TYPE STREQUAL "dma")
     target_sources(mbedcrypto PRIVATE  "${AES_DMA_SRCS}")
 endif()
 
-if(SHA_PERIPHERAL_TYPE STREQUAL "dma" OR AES_PERIPHERAL_TYPE STREQUAL "dma")
+if((SHA_PERIPHERAL_TYPE STREQUAL "core" AND CONFIG_SOC_SHA_SUPPORT_DMA) OR AES_PERIPHERAL_TYPE STREQUAL "dma")
     target_link_libraries(mbedcrypto PRIVATE idf::esp_mm)
     if(CONFIG_SOC_SHA_GDMA OR CONFIG_SOC_AES_GDMA)
         if(CONFIG_SOC_AXI_DMA_EXT_MEM_ENC_ALIGNMENT)

components/mbedtls/esp_tee/esp_tee_mbedtls.cmake

@@ -15,13 +15,13 @@ list(APPEND srcs "${hal_dir}/aes_hal.c"
 
 list(APPEND include_dirs "${COMPONENT_DIR}/port/aes/include"
                          "${COMPONENT_DIR}/port/aes/dma/include"
-                         "${COMPONENT_DIR}/port/sha/dma/include")
+                         "${COMPONENT_DIR}/port/sha/core/include")
 
 list(APPEND srcs "${COMPONENT_DIR}/port/aes/esp_aes_common.c"
                  "${COMPONENT_DIR}/port/aes/dma/esp_aes.c"
                  "${COMPONENT_DIR}/port/aes/dma/esp_aes_dma_core.c")
 
-list(APPEND srcs "${COMPONENT_DIR}/port/sha/dma/sha.c"
+list(APPEND srcs "${COMPONENT_DIR}/port/sha/core/sha.c"
                  "${COMPONENT_DIR}/port/sha/esp_sha.c")
 
 # Supporting headers
@@ -54,8 +54,8 @@ endforeach()
 target_link_libraries(${COMPONENT_LIB} INTERFACE ${mbedtls_targets})
 
 if(CONFIG_MBEDTLS_HARDWARE_SHA)
-    target_sources(mbedcrypto PRIVATE  "${COMPONENT_DIR}/port/sha/dma/esp_sha1.c"
-                                       "${COMPONENT_DIR}/port/sha/dma/esp_sha256.c"
-                                       "${COMPONENT_DIR}/port/sha/dma/esp_sha512.c"
+    target_sources(mbedcrypto PRIVATE  "${COMPONENT_DIR}/port/sha/core/esp_sha1.c"
+                                       "${COMPONENT_DIR}/port/sha/core/esp_sha256.c"
+                                       "${COMPONENT_DIR}/port/sha/core/esp_sha512.c"
     )
 endif()

components/mbedtls/port/include/esp32s2/sha.h

@@ -1,19 +1,11 @@
-// Copyright 2019-2020 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+/*
+ * SPDX-FileCopyrightText: 2019-2025 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
 
 #pragma once
 
-#include "sha/sha_dma.h"
+#include "sha/sha_core.h"
 
-#warning esp32s2/sha.h is deprecated, please use sha/sha_dma.h instead
+#warning esp32s2/sha.h is deprecated, please use sha/sha_core.h instead