Merge branch 'feature/enable_sha_support_for_esp32c61' into 'master'

feat: enable support for sha peripheral in esp32c61

Closes IDF-9234

See merge request espressif/esp-idf!32830

Author: mahavirj

components/bootloader_support/src/esp32c61/bootloader_sha.c

@@ -13,8 +13,6 @@
 
 static SHA_CTX ctx;
 
-//TODO: [ESP32C61] IDF-9234
-
 bootloader_sha256_handle_t bootloader_sha256_start()
 {
     // Enable SHA hardware

components/esp_hw_support/include/esp_crypto_lock.h

@@ -44,7 +44,7 @@ void esp_crypto_ds_lock_acquire(void);
 void esp_crypto_ds_lock_release(void);
 #endif /* SOC_DIG_SIGN_SUPPORTED */
 
-#if defined(SOC_SHA_SUPPORTED) && defined(SOC_AES_SUPPORTED)
+#if defined(SOC_SHA_SUPPORTED) || defined(SOC_AES_SUPPORTED)
 /**
  * @brief Acquire lock for the SHA and AES cryptography peripheral.
  *
@@ -56,9 +56,9 @@ void esp_crypto_sha_aes_lock_acquire(void);
  *
  */
 void esp_crypto_sha_aes_lock_release(void);
-#endif /* defined(SOC_SHA_SUPPORTED) && defined(SOC_AES_SUPPORTED) */
+#endif /* defined(SOC_SHA_SUPPORTED) || defined(SOC_AES_SUPPORTED) */
 
-#if defined(SOC_SHA_CRYPTO_DMA) && defined(SOC_AES_CRYPTO_DMA)
+#if defined(SOC_SHA_CRYPTO_DMA) || defined(SOC_AES_CRYPTO_DMA)
 /**
  * This API should be used by all components which use the SHA, AES, HMAC and DS crypto hardware on the ESP32S2.
  * They can not be used in parallel because they use the same DMA or are calling each other.
@@ -76,7 +76,7 @@ void esp_crypto_dma_lock_acquire(void);
  * Release lock for the AES and SHA cryptography peripherals, which both use the crypto DMA.
  */
 void esp_crypto_dma_lock_release(void);
-#endif /* defined(SOC_SHA_CRYPTO_DMA) && defined(SOC_AES_CRYPTO_DMA) */
+#endif /* defined(SOC_SHA_CRYPTO_DMA) || defined(SOC_AES_CRYPTO_DMA) */
 
 #ifdef SOC_MPI_SUPPORTED
 /**

components/esp_security/src/esp_crypto_lock.c

@@ -33,10 +33,10 @@ static _lock_t s_crypto_hmac_lock;
 static _lock_t s_crypto_mpi_lock;
 #endif /* SOC_MPI_SUPPORTED */
 
-#if defined(SOC_SHA_SUPPORTED) && defined(SOC_AES_SUPPORTED)
+#if defined(SOC_SHA_SUPPORTED) || defined(SOC_AES_SUPPORTED)
 /* Single lock for SHA and AES, sharing a reserved GDMA channel */
 static _lock_t s_crypto_sha_aes_lock;
-#endif /* defined(SOC_SHA_SUPPORTED) && defined(SOC_AES_SUPPORTED) */
+#endif /* defined(SOC_SHA_SUPPORTED) || defined(SOC_AES_SUPPORTED) */
 
 #ifdef SOC_ECC_SUPPORTED
 /* Lock for ECC peripheral */
@@ -83,7 +83,7 @@ void esp_crypto_ds_lock_release(void)
 }
 #endif /* SOC_DIG_SIGN_SUPPORTED */
 
-#if defined(SOC_SHA_SUPPORTED) && defined(SOC_AES_SUPPORTED)
+#if defined(SOC_SHA_SUPPORTED) || defined(SOC_AES_SUPPORTED)
 void esp_crypto_sha_aes_lock_acquire(void)
 {
     _lock_acquire(&s_crypto_sha_aes_lock);
@@ -93,9 +93,9 @@ void esp_crypto_sha_aes_lock_release(void)
 {
     _lock_release(&s_crypto_sha_aes_lock);
 }
-#endif /* defined(SOC_SHA_SUPPORTED) && defined(SOC_AES_SUPPORTED) */
+#endif /* defined(SOC_SHA_SUPPORTED) || defined(SOC_AES_SUPPORTED) */
 
-#if defined(SOC_SHA_CRYPTO_DMA) && defined(SOC_AES_CRYPTO_DMA)
+#if defined(SOC_SHA_CRYPTO_DMA) || defined(SOC_AES_CRYPTO_DMA)
 void esp_crypto_dma_lock_acquire(void)
 {
     _lock_acquire(&s_crypto_sha_aes_lock);
@@ -105,7 +105,7 @@ void esp_crypto_dma_lock_release(void)
 {
     _lock_release(&s_crypto_sha_aes_lock);
 }
-#endif /* defined(SOC_SHA_CRYPTO_DMA) && defined(SOC_AES_CRYPTO_DMA) */
+#endif /* defined(SOC_SHA_CRYPTO_DMA) || defined(SOC_AES_CRYPTO_DMA) */
 
 #ifdef SOC_MPI_SUPPORTED
 void esp_crypto_mpi_lock_acquire(void)

components/hal/esp32c61/include/hal/sha_ll.h

@@ -0,0 +1,174 @@
+/*
+ * SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+#pragma once
+
+#include <stdbool.h>
+#include "soc/hwcrypto_reg.h"
+#include "soc/pcr_struct.h"
+#include "hal/sha_types.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+/**
+ * @brief Enable the bus clock for SHA peripheral module
+ *
+ * @param enable true to enable the module, false to disable the module
+ */
+static inline void sha_ll_enable_bus_clock(bool enable)
+{
+    PCR.sha_conf.sha_clk_en = enable;
+}
+
+/**
+ * @brief Reset the SHA peripheral module
+ */
+static inline void sha_ll_reset_register(void)
+{
+    PCR.sha_conf.sha_rst_en = 1;
+    PCR.sha_conf.sha_rst_en = 0;
+
+    // Clear reset on digital signature, hmac and ecdsa also, otherwise SHA is held in reset
+    PCR.ds_conf.ds_rst_en = 0;
+    PCR.hmac_conf.hmac_rst_en = 0;
+    PCR.ecdsa_conf.ecdsa_rst_en = 0;
+}
+
+/**
+ * @brief Start a new SHA block conversions (no initial hash in HW)
+ *
+ * @param sha_type The SHA algorithm type
+ */
+static inline void sha_ll_start_block(esp_sha_type sha_type)
+{
+    REG_WRITE(SHA_MODE_REG, sha_type);
+    REG_WRITE(SHA_START_REG, 1);
+}
+
+/**
+ * @brief Continue a SHA block conversion (initial hash in HW)
+ *
+ * @param sha_type The SHA algorithm type
+ */
+static inline void sha_ll_continue_block(esp_sha_type sha_type)
+{
+    REG_WRITE(SHA_MODE_REG, sha_type);
+    REG_WRITE(SHA_CONTINUE_REG, 1);
+}
+
+/**
+ * @brief Start a new SHA message conversion using DMA (no initial hash in HW)
+ *
+ * @param sha_type The SHA algorithm type
+ */
+static inline void sha_ll_start_dma(esp_sha_type sha_type)
+{
+    REG_WRITE(SHA_MODE_REG, sha_type);
+    REG_WRITE(SHA_DMA_START_REG, 1);
+}
+
+/**
+ * @brief Continue a SHA message conversion using DMA (initial hash in HW)
+ *
+ * @param sha_type The SHA algorithm type
+ */
+static inline void sha_ll_continue_dma(esp_sha_type sha_type)
+{
+    REG_WRITE(SHA_MODE_REG, sha_type);
+    REG_WRITE(SHA_DMA_CONTINUE_REG, 1);
+}
+
+/**
+ * @brief Load the current hash digest to digest register
+ *
+ * @note Happens automatically on ESP32C6
+ *
+ * @param sha_type The SHA algorithm type
+ */
+static inline void sha_ll_load(esp_sha_type sha_type)
+{
+}
+
+/**
+ * @brief Sets the number of message blocks to be hashed
+ *
+ * @note DMA operation only
+ *
+ * @param num_blocks Number of message blocks to process
+ */
+static inline void sha_ll_set_block_num(size_t num_blocks)
+{
+    REG_WRITE(SHA_DMA_BLOCK_NUM_REG, num_blocks);
+}
+
+/**
+ * @brief Checks if the SHA engine is currently busy hashing a block
+ *
+ * @return true SHA engine busy
+ * @return false SHA engine idle
+ */
+static inline bool sha_ll_busy(void)
+{
+    return REG_READ(SHA_BUSY_REG);
+}
+
+/**
+ * @brief Write a text (message) block to the SHA engine
+ *
+ * @param input_text Input buffer to be written to the SHA engine
+ * @param block_word_len Number of words in block
+ */
+static inline void sha_ll_fill_text_block(const void *input_text, size_t block_word_len)
+{
+    uint32_t *data_words = (uint32_t *)input_text;
+    uint32_t *reg_addr_buf = (uint32_t *)(SHA_M_MEM);
+
+    for (int i = 0; i < block_word_len; i++) {
+        REG_WRITE(&reg_addr_buf[i], data_words[i]);
+    }
+}
+
+/**
+ * @brief Read the message digest from the SHA engine
+ *
+ * @param sha_type The SHA algorithm type
+ * @param digest_state Buffer that message digest will be written to
+ * @param digest_word_len Length of the message digest
+ */
+static inline void sha_ll_read_digest(esp_sha_type sha_type, void *digest_state, size_t digest_word_len)
+{
+    uint32_t *digest_state_words = (uint32_t *)digest_state;
+    const size_t REG_WIDTH = sizeof(uint32_t);
+
+    for (size_t i = 0; i < digest_word_len; i++) {
+        digest_state_words[i] = REG_READ(SHA_H_MEM + (i * REG_WIDTH));
+    }
+
+}
+
+/**
+ * @brief Write the message digest to the SHA engine
+ *
+ * @param sha_type The SHA algorithm type
+ * @param digest_state Message digest to be written to SHA engine
+ * @param digest_word_len Length of the message digest
+ */
+static inline void sha_ll_write_digest(esp_sha_type sha_type, void *digest_state, size_t digest_word_len)
+{
+    uint32_t *digest_state_words = (uint32_t *)digest_state;
+    uint32_t *reg_addr_buf = (uint32_t *)(SHA_H_MEM);
+
+    for (int i = 0; i < digest_word_len; i++) {
+        REG_WRITE(&reg_addr_buf[i], digest_state_words[i]);
+    }
+}
+
+
+#ifdef __cplusplus
+}
+#endif

components/hal/test_apps/crypto/main/sha/test_sha.c

@@ -205,7 +205,7 @@ TEST_GROUP(sha);
 TEST_SETUP(sha)
 {
     test_utils_record_free_mem();
-    TEST_ESP_OK(test_utils_set_leak_level(0, ESP_LEAK_TYPE_CRITICAL, ESP_COMP_LEAK_GENERAL));
+    TEST_ESP_OK(test_utils_set_leak_level(400, ESP_LEAK_TYPE_CRITICAL, ESP_COMP_LEAK_GENERAL));
 }
 
 TEST_TEAR_DOWN(sha)

components/mbedtls/port/crypto_shared_gdma/esp_crypto_shared_gdma.c

@@ -92,8 +92,12 @@ static esp_err_t crypto_shared_gdma_init(void)
     transfer_cfg.max_data_burst_size = 0;
     gdma_config_transfer(rx_channel, &transfer_cfg);
 
+#ifdef SOC_AES_SUPPORTED
     gdma_connect(rx_channel, GDMA_MAKE_TRIGGER(GDMA_TRIG_PERIPH_AES, 0));
     gdma_connect(tx_channel, GDMA_MAKE_TRIGGER(GDMA_TRIG_PERIPH_AES, 0));
+#elif SOC_SHA_SUPPORTED
+    gdma_connect(tx_channel, GDMA_MAKE_TRIGGER(GDMA_TRIG_PERIPH_SHA, 0));
+#endif
 
     return ESP_OK;
 
@@ -123,11 +127,17 @@ esp_err_t esp_crypto_shared_gdma_start(const lldesc_t *input, const lldesc_t *ou
     /* Tx channel is shared between AES and SHA, need to connect to peripheral every time */
     gdma_disconnect(tx_channel);
 
+#ifdef SOC_SHA_SUPPORTED
     if (peripheral == GDMA_TRIG_PERIPH_SHA) {
         gdma_connect(tx_channel, GDMA_MAKE_TRIGGER(GDMA_TRIG_PERIPH_SHA, 0));
-    } else if (peripheral == GDMA_TRIG_PERIPH_AES) {
+    } else
+#endif // SOC_SHA_SUPPORTED
+#ifdef SOC_AES_SUPPORTED
+    if (peripheral == GDMA_TRIG_PERIPH_AES) {
         gdma_connect(tx_channel, GDMA_MAKE_TRIGGER(GDMA_TRIG_PERIPH_AES, 0));
-    } else {
+    } else
+#endif // SOC_AES_SUPPORTED
+    {
         return ESP_ERR_INVALID_ARG;
     }
 
@@ -176,11 +186,17 @@ esp_err_t esp_crypto_shared_gdma_start_axi_ahb(const crypto_dma_desc_t *input, c
     /* Tx channel is shared between AES and SHA, need to connect to peripheral every time */
     gdma_disconnect(tx_channel);
 
+#ifdef SOC_SHA_SUPPORTED
     if (peripheral == GDMA_TRIG_PERIPH_SHA) {
         gdma_connect(tx_channel, GDMA_MAKE_TRIGGER(GDMA_TRIG_PERIPH_SHA, 0));
-    } else if (peripheral == GDMA_TRIG_PERIPH_AES) {
+    } else
+#endif // SOC_SHA_SUPPORTED
+#ifdef SOC_AES_SUPPORTED
+    if (peripheral == GDMA_TRIG_PERIPH_AES) {
         gdma_connect(tx_channel, GDMA_MAKE_TRIGGER(GDMA_TRIG_PERIPH_AES, 0));
-    } else {
+    } else
+#endif // SOC_AES_SUPPORTED
+    {
         return ESP_ERR_INVALID_ARG;
     }
 

components/soc/esp32c61/include/soc/Kconfig.soc_caps.in

@@ -71,6 +71,10 @@ config SOC_SYSTIMER_SUPPORTED
     bool
     default y
 
+config SOC_SHA_SUPPORTED
+    bool
+    default y
+
 config SOC_ECC_SUPPORTED
     bool
     default y
@@ -471,6 +475,34 @@ config SOC_MPU_REGION_WO_SUPPORTED
     bool
     default n
 
+config SOC_SHA_DMA_MAX_BUFFER_SIZE
+    int
+    default 3968
+
+config SOC_SHA_SUPPORT_DMA
+    bool
+    default y
+
+config SOC_SHA_SUPPORT_RESUME
+    bool
+    default y
+
+config SOC_SHA_GDMA
+    bool
+    default y
+
+config SOC_SHA_SUPPORT_SHA1
+    bool
+    default y
+
+config SOC_SHA_SUPPORT_SHA224
+    bool
+    default y
+
+config SOC_SHA_SUPPORT_SHA256
+    bool
+    default y
+
 config SOC_ECDSA_SUPPORT_EXPORT_PUBKEY
     bool
     default y

components/soc/esp32c61/include/soc/hwcrypto_reg.h

@@ -0,0 +1,8 @@
+/*
+ * SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+#pragma once
+
+#include "soc/sha_reg.h"