diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 55f8e6c4d2..262433fb92 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -309,7 +309,7 @@ defined(CONFIG_IDF_TARGET_ESP32S3) #include #else - #error "CONFIG_IDF_TARGET not implemented" + /* Other platform */ #endif #include #endif /* WOLFSSL_ESPIDF */ @@ -1259,12 +1259,16 @@ static const char* bench_result_words3[][5] = { /* reminder: unsigned long long max = 18,446,744,073,709,551,615 */ /* the currently observed clock counter value */ - #if defined(CONFIG_IDF_TARGET_ESP32C3) || defined(CONFIG_IDF_TARGET_ESP32C6) uint64_t thisVal = 0; + #if defined(CONFIG_IDF_TARGET_ESP32C3) || defined(CONFIG_IDF_TARGET_ESP32C6) ESP_ERROR_CHECK(gptimer_get_raw_count(esp_gptimer, &thisVal)); #else /* reminder unsupported CONFIG_IDF_TARGET captured above */ - uint64_t thisVal = xthal_get_ccount(); + #ifndef __XTENSA__ + thisVal = esp_cpu_get_cycle_count(); + #else + thisVal = xthal_get_ccount(); /* or esp_cpu_get_cycle_count(); */ + #endif #endif /* if the current value is less than the previous value, ** we likely overflowed at least once. @@ -1296,7 +1300,11 @@ static const char* bench_result_words3[][5] = { ESP_ERROR_CHECK(gptimer_get_raw_count(esp_gptimer, &_xthal_get_ccount_last)); #else - _xthal_get_ccount_last = xthal_get_ccount(); + #ifndef __XTENSA__ + thisVal = esp_cpu_get_cycle_count(); + #else + thisVal = xthal_get_ccount(); /* or esp_cpu_get_cycle_count(); */ + #endif #endif return _xthal_get_ccount_ex; } diff --git a/wolfcrypt/src/port/Espressif/esp32_mp.c b/wolfcrypt/src/port/Espressif/esp32_mp.c index 1b699dfddf..20fb4ee9ee 100644 --- a/wolfcrypt/src/port/Espressif/esp32_mp.c +++ b/wolfcrypt/src/port/Espressif/esp32_mp.c @@ -90,7 +90,7 @@ #endif #ifndef ESP_RSA_EXPT_YBITS - #define ESP_RSA_EXPT_YBITS 8 + #define ESP_RSA_EXPT_YBITS 8 #endif #define ESP_TIMEOUT(cnt) (cnt >= ESP_RSA_TIMEOUT_CNT) @@ -140,12 +140,14 @@ static portMUX_TYPE wc_rsa_reg_lock = portMUX_INITIALIZER_UNLOCKED; /* usage metrics can be turned on independently of debugging */ #ifdef WOLFSSL_HW_METRICS - static unsigned long esp_mp_max_used = 0; + static unsigned long esp_mp_max_used = 0; static unsigned long esp_mp_mulmod_small_x_ct = 0; static unsigned long esp_mp_mulmod_small_y_ct = 0; -#ifndef NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL + static unsigned long esp_mp_max_timeout = 0; + + #ifndef NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL static unsigned long esp_mp_mul_usage_ct = 0; static unsigned long esp_mp_mul_error_ct = 0; #endif /* !NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ @@ -236,6 +238,13 @@ static int esp_mp_hw_wait_clean(void) /* no HW timeout if we don't know the platform. assumes no HW */ #endif + #if defined(WOLFSSL_HW_METRICS) + { + esp_mp_max_timeout = (timeout > esp_mp_max_timeout) ? timeout : + esp_mp_max_timeout; + } + #endif + if (ESP_TIMEOUT(timeout)) { ESP_LOGE(TAG, "esp_mp_hw_wait_clean waiting HW ready timed out."); ret = WC_HW_WAIT_E; /* hardware is busy, MP_HW_BUSY; */ @@ -1016,7 +1025,7 @@ int esp_mp_montgomery_init(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, } if ((X == NULL) || (Y == NULL) || (M == NULL) ) { /* if a bad operand passed, we cannot use HW */ - ESP_LOGE(TAG, "ERROR: Bad montgomery operand, falling back to SW"); + ESP_LOGE(TAG, "ERROR: Bad Montgomery operand, falling back to SW"); return MP_HW_FALLBACK; } XMEMSET(mph, 0, sizeof(struct esp_mp_helper)); @@ -1298,7 +1307,7 @@ int esp_mp_mul(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* Z) resultWords_sz = bits2words(Xs + Ys); /* sanity check */ - if((hwWords_sz << 5) > ESP_HW_MULTI_RSAMAX_BITS) { + if ( (hwWords_sz << 5) > ESP_HW_MULTI_RSAMAX_BITS) { ESP_LOGW(TAG, "exceeds max bit length(2048) (a)"); ret = MP_HW_FALLBACK; /* Error: value is not able to be used. */ } @@ -3060,6 +3069,8 @@ int esp_hw_show_mp_metrics(void) #endif /* EXPTMOD not disabled !NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ ESP_LOGI(TAG, "Max N->used: esp_mp_max_used = %lu", esp_mp_max_used); + ESP_LOGI(TAG, "Max timeout: esp_mp_max_timeout = %lu", esp_mp_max_timeout); + #else /* no HW math, no HW math metrics */ ret = ESP_OK; diff --git a/wolfcrypt/src/port/Espressif/esp32_sha.c b/wolfcrypt/src/port/Espressif/esp32_sha.c index 12607d3e79..30ba0e7bba 100644 --- a/wolfcrypt/src/port/Espressif/esp32_sha.c +++ b/wolfcrypt/src/port/Espressif/esp32_sha.c @@ -50,7 +50,10 @@ #if defined(WOLFSSL_ESP32_CRYPT) && \ !defined(NO_WOLFSSL_ESP32_CRYPT_HASH) -#if defined(CONFIG_IDF_TARGET_ESP32C3) || defined(CONFIG_IDF_TARGET_ESP32C6) +#if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP32C3) || \ + defined(CONFIG_IDF_TARGET_ESP32C6) #include #include @@ -72,13 +75,16 @@ #include #endif -#if defined(CONFIG_IDF_TARGET_ESP32C3) || defined(CONFIG_IDF_TARGET_ESP32C6) +static const char* TAG = "wolf_hw_sha"; + +#if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP32C3) || \ + defined(CONFIG_IDF_TARGET_ESP32C6) /* keep track of the currently active SHA hash object for interleaving */ const static word32 ** _active_digest_address = 0; #endif -static const char* TAG = "wolf_hw_sha"; - #ifdef NO_SHA #define WC_SHA_DIGEST_SIZE 20 #endif @@ -158,11 +164,16 @@ static const char* TAG = "wolf_hw_sha"; /* ** The wolfCrypt functions for LITTLE_ENDIAN_ORDER typically ** reverse the byte order. Except when the hardware doesn't expect it. +** +** Returns 0 (FALSE) or 1 (TRUE); see wolfSSL types.h */ int esp_sha_need_byte_reversal(WC_ESP32SHA* ctx) { - int ret = 1; /* assume we'll need reversal, look for exceptions */ -#if defined(CONFIG_IDF_TARGET_ESP32C3) || defined(CONFIG_IDF_TARGET_ESP32C6) + int ret = TRUE; /* assume we'll need reversal, look for exceptions */ +#if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP32C3) || \ + defined(CONFIG_IDF_TARGET_ESP32C6) if (ctx == NULL) { ESP_LOGE(TAG, " ctx is null"); /* return true for bad params */ @@ -175,10 +186,10 @@ int esp_sha_need_byte_reversal(WC_ESP32SHA* ctx) #endif if (ctx->mode == ESP32_SHA_HW) { ESP_LOGV(TAG, " No reversal, ESP32_SHA_HW"); - ret = 0; + ret = FALSE; } else { - ret = 1; + ret = TRUE; ESP_LOGV(TAG, " Need byte reversal, %d", ctx->mode); /* return true for SW; only HW C3 skips reversal at this time. */ #ifdef WOLFSSL_HW_METRICS @@ -276,7 +287,10 @@ int esp_sha_init(WC_ESP32SHA* ctx, enum wc_HashType hash_type) ESP_LOGW(TAG, "Unexpected hash_type in esp_sha_init"); break; } -#elif defined(CONFIG_IDF_TARGET_ESP32C3) || defined(CONFIG_IDF_TARGET_ESP32C6) +#elif defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP32C3) || \ + defined(CONFIG_IDF_TARGET_ESP32C6) switch (hash_type) { /* check each wolfSSL hash type WC_[n] */ #ifndef NO_SHA case WC_HASH_TYPE_SHA: @@ -312,7 +326,9 @@ int esp_sha_init(WC_ESP32SHA* ctx, enum wc_HashType hash_type) /* other chipsets will be implemented here */ ESP_LOGW(TAG, "SW Fallback; CONFIG_IDF_TARGET = %s", CONFIG_IDF_TARGET); ctx->mode = ESP32_SHA_SW; -#endif /* CONFIG_IDF_TARGET_ESP32 || x_ESP32S2 || x_ESP32S3 */ +#endif /* CONFIG_IDF_TARGET_ESP32 || + * CONFIG_IDF_TARGET_ESP32S2 || + * CONFIG_IDF_TARGET_ESP32S3 */ return ret; } @@ -541,9 +557,12 @@ int esp_sha_ctx_copy(struct wc_Sha* src, struct wc_Sha* dst) } if (dst->ctx.mode == ESP32_SHA_SW) { - #if defined(CONFIG_IDF_TARGET_ESP32C3) || \ + #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP32C3) || \ defined(CONFIG_IDF_TARGET_ESP32C6) - /* Reverse digest for C3 when HW enabled but fallback to SW. */ + /* Reverse digest for C2/C3/C6 RISC-V platform + * only when HW enabled but fallback to SW. */ ByteReverseWords(dst->digest, dst->digest, WC_SHA_DIGEST_SIZE); #ifdef WOLFSSL_HW_METRICS esp_sha_reverse_words_ct++; @@ -613,7 +632,7 @@ int esp_sha256_ctx_copy(struct wc_Sha256* src, struct wc_Sha256* dst) ESP_LOGI(TAG, "esp_sha256_ctx_copy esp_sha512_digest_process"); } #endif - ret = esp_sha256_digest_process(dst, 0); + ret = esp_sha256_digest_process(dst, 0); /* TODO Use FALSE*/ if (ret == 0) { /* provide init hint to possibly SW revert */ @@ -624,7 +643,9 @@ int esp_sha256_ctx_copy(struct wc_Sha256* src, struct wc_Sha256* dst) } if (dst->ctx.mode == ESP32_SHA_SW) { - #if defined(CONFIG_IDF_TARGET_ESP32C3) || \ + #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP32C3) || \ defined(CONFIG_IDF_TARGET_ESP32C6) { /* Reverse digest byte order for C3 fallback to SW. */ @@ -665,9 +686,16 @@ int esp_sha256_ctx_copy(struct wc_Sha256* src, struct wc_Sha256* dst) int esp_sha384_ctx_copy(struct wc_Sha512* src, struct wc_Sha512* dst) { int ret = 0; -#if defined(CONFIG_IDF_TARGET_ESP32C3) || defined(CONFIG_IDF_TARGET_ESP32C6) - ESP_LOGW(TAG, "Warning: esp_sha384_ctx_copy() called for ESP32-C3!"); - ESP_LOGW(TAG, "There's no SHA384 HW for the ESP32-C3"); +#if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP32C3) || \ + defined(CONFIG_IDF_TARGET_ESP32C6) + { + /* We should ever be calling the HW sHA384 copy for this target. */ + ESP_LOGW(TAG, "Warning: esp_sha384_ctx_copy() called for %s!", + CONFIG_IDF_TARGET); + ESP_LOGW(TAG, "There's no SHA384 HW for this CONFIG_IDF_TARGET"); + } #else if (src->ctx.mode == ESP32_SHA_HW) { /* Get a copy of the HW digest, but don't process it. */ @@ -723,8 +751,16 @@ int esp_sha384_ctx_copy(struct wc_Sha512* src, struct wc_Sha512* dst) */ int esp_sha512_ctx_copy(struct wc_Sha512* src, struct wc_Sha512* dst) { - int ret = 0; -#if !defined(CONFIG_IDF_TARGET_ESP32C3) && !defined(CONFIG_IDF_TARGET_ESP32C6) + int ret = ESP_OK; /* Assume success (zero) */ + +#if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP32C3) || \ + defined(CONFIG_IDF_TARGET_ESP32C6) + /* there's no SHA512 HW on the RISC-V SoC so there's nothing to do. */ +#elif defined(CONFIG_IDF_TARGET_ESP32) || \ + defined(CONFIG_IDF_TARGET_ESP32S2) || \ + defined(CONFIG_IDF_TARGET_ESP32S3) if (src->ctx.mode == ESP32_SHA_HW) { /* Get a copy of the HW digest, but don't process it. */ ESP_LOGI(TAG, "esp_sha512_ctx_copy esp_sha512_digest_process"); @@ -752,7 +788,9 @@ int esp_sha512_ctx_copy(struct wc_Sha512* src, struct wc_Sha512* dst) /* reminder this happened in XMEMCOPY, above: dst->ctx = src->ctx; ** No special HW init needed when not in active HW mode. ** but we need to set our initializer breadcrumb: */ - #if !defined(CONFIG_IDF_TARGET_ESP32C3) && \ + /* TODO: instead of what is NOT supported, gate on what IS known to be supported */ + #if !defined(CONFIG_IDF_TARGET_ESP32C2) && \ + !defined(CONFIG_IDF_TARGET_ESP32C3) && \ !defined(CONFIG_IDF_TARGET_ESP32C6) dst->ctx.initializer = &dst->ctx; /*breadcrumb is this ctx address */ #endif @@ -764,6 +802,7 @@ int esp_sha512_ctx_copy(struct wc_Sha512* src, struct wc_Sha512* dst) #endif } #endif + return ret; } /* esp_sha512_ctx_copy */ #endif @@ -821,7 +860,7 @@ static word32 wc_esp_sha_digest_size(WC_ESP_SHA_TYPE type) break; } #else - /* Xtnsa */ + /* Xtensa */ switch (type) { #ifndef NO_SHA case SHA1: /* typically 20 bytes */ @@ -871,7 +910,10 @@ static int wc_esp_wait_until_idle(void) int ret = 0; /* assume success */ int loop_ct = 10000; -#if defined(CONFIG_IDF_TARGET_ESP32C3) || defined(CONFIG_IDF_TARGET_ESP32C6) +#if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP32C3) || \ + defined(CONFIG_IDF_TARGET_ESP32C6) /* ESP32-C3 and ESP32-C6 RISC-V */ while ((sha_ll_busy() == true) && (loop_ct > 0)) { loop_ct--; @@ -925,16 +967,20 @@ int esp_unroll_sha_module_enable(WC_ESP32SHA* ctx) return BAD_FUNC_ARG; } -#if defined(CONFIG_IDF_TARGET_ESP32C3) || defined(CONFIG_IDF_TARGET_ESP32C6) - /* RISC-V Architecture */ +#if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP32C3) || \ + defined(CONFIG_IDF_TARGET_ESP32C6) + /************* RISC-V Architecture *************/ (void)max_unroll_count; (void)_active_digest_address; ets_sha_disable(); + /* We don't check for unroll as done below, for Xtensa*/ #else - /* Xtensa Architecture */ + /************* Xtensa Architecture *************/ - /* unwind prior calls to THIS ctx. decrement ref_counts[periph] */ - /* only when ref_counts[periph] == 0 does something actually happen */ + /* unwind prior calls to THIS ctx. decrement ref_counts[periph] + ** only when ref_counts[periph] == 0 does something actually happen. */ /* once the value we read is a 0 in the DPORT_PERI_CLK_EN_REG bit * then we have fully unrolled the enables via ref_counts[periph]==0 */ @@ -1243,8 +1289,8 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx) #ifdef WOLFSSL_DEBUG_MUTEX if (esp_sha_call_count() == 8 && WOLFSSL_TEST_STRAY) { - /* once we've locked 10 times here, - * we'll force a fallback to SW until other thread unlocks */ + /* Once we've locked 10 times here, + * we'll force a fallback to SW until other thread unlocks. */ taskENTER_CRITICAL(&sha_crit_sect); { (void)stray_ctx; @@ -1329,10 +1375,15 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx) } #endif /* not defined(SINGLE_THREADED) */ -#if defined(CONFIG_IDF_TARGET_ESP32C3) || defined(CONFIG_IDF_TARGET_ESP32C6) +#if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP32C3) || \ + defined(CONFIG_IDF_TARGET_ESP32C6) + { ESP_LOGV(TAG, "ets_sha_enable for RISC-V"); ets_sha_enable(); ctx->mode = ESP32_SHA_HW; + } #else if (ret == 0) { ctx->lockDepth++; /* depth for THIS ctx (there could be others!) */ @@ -1361,14 +1412,15 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx) */ int esp_sha_hw_unlock(WC_ESP32SHA* ctx) { - int ret; + int ret = ESP_OK; /* assume success (zero) */ #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG ESP_LOGV(TAG, "enter esp_sha_hw_unlock"); #endif - ret = 0; -#if defined(CONFIG_IDF_TARGET_ESP32C3) || defined(CONFIG_IDF_TARGET_ESP32C6) - /* ESP32-C3 and ESP32-C6 RISC-V */ +#if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP32C3) || \ + defined(CONFIG_IDF_TARGET_ESP32C6) ets_sha_disable(); /* disable also resets active, ongoing hash */ ESP_LOGV(TAG, "ets_sha_disable in esp_sha_hw_unlock()"); #else @@ -1431,9 +1483,10 @@ int esp_sha_hw_unlock(WC_ESP32SHA* ctx) ESP_LOGE(TAG, "ERROR unlock lockDepth not zero"); ret = ESP_FAIL; } -#ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG + #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG ESP_LOGI(TAG, "leave esp_sha_hw_unlock, %x", (int)ctx->initializer); -#endif + #endif + return ret; } /* esp_sha_hw_unlock */ @@ -1442,8 +1495,13 @@ int esp_sha_hw_unlock(WC_ESP32SHA* ctx) * Assumes register already loaded. * Returns a negative value error code upon failure. */ -#if !defined(CONFIG_IDF_TARGET_ESP32C3) && !defined(CONFIG_IDF_TARGET_ESP32C6) -/* the ESP32-C3 HAL has built-in process start, everything else uses: */ +#if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP32C3) || \ + defined(CONFIG_IDF_TARGET_ESP32C6) + /* ESP32-C3 HAL has built-in process start, nothing to declare here. */ +#else + /* Everything else uses esp_sha_start_process() */ static int esp_sha_start_process(WC_ESP32SHA* sha) { int ret = 0; @@ -1457,7 +1515,10 @@ static int esp_sha_start_process(WC_ESP32SHA* sha) ESP_LOGV(TAG, " enter esp_sha_start_process"); -#if defined(CONFIG_IDF_TARGET_ESP32C3) || defined(CONFIG_IDF_TARGET_ESP32C6) +#if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP32C3) || \ + defined(CONFIG_IDF_TARGET_ESP32C6) ESP_LOGV(TAG, "SHA1 SHA_START_REG"); if (sha->isfirstblock) { sha_ll_start_block(SHA2_256); @@ -1477,7 +1538,9 @@ static int esp_sha_start_process(WC_ESP32SHA* sha) ESP_LOGV(TAG, " continue block #%d", this_block_num); #endif } /* not first block */ - /***** END CONFIG_IDF_TARGET_ESP32C3 or CONFIG_IDF_TARGET_ESP32C6 *****/ + /***** END CONFIG_IDF_TARGET_ESP32C2 aka ESP8684 or + * CONFIG_IDF_TARGET_ESP32C3 or + * CONFIG_IDF_TARGET_ESP32C6 *****/ #elif defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32S3) /* Translate from Wolf SHA type to hardware algorithm. */ @@ -1667,8 +1730,13 @@ static int wc_esp_process_block(WC_ESP32SHA* ctx, /* see ctx->sha_type */ ret = esp_sha_start_process(ctx); /***** END CONFIG_IDF_TARGET_ESP32 */ -#elif defined(CONFIG_IDF_TARGET_ESP32C3) || defined(CONFIG_IDF_TARGET_ESP32C6) - /* SHA_M_1_REG is not a macro: +#elif defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP32C3) || \ + defined(CONFIG_IDF_TARGET_ESP32C6) + /************* RISC-V Architecture ************* + * + * SHA_M_1_REG is not a macro: * DPORT_REG_WRITE(SHA_M_1_REG + (i*sizeof(word32)), *(data + i)); * * but we have this HAL: sha_ll_fill_text_block @@ -1710,7 +1778,10 @@ static int wc_esp_process_block(WC_ESP32SHA* ctx, /* see ctx->sha_type */ ctx->isfirstblock); ctx->isfirstblock = 0; /* once we hash a block, * we're no longer at the first */ - /***** END CONFIG_IDF_TARGET_ESP32C3 or CONFIG_IDF_TARGET_ESP32C6 */ + /***** END CONFIG_IDF_TARGET_ESP32C2 or + * CONFIG_IDF_TARGET_ESP8684 or + * CONFIG_IDF_TARGET_ESP32C3 or + * CONFIG_IDF_TARGET_ESP32C6 */ #elif defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32S3) MessageSource = (word32*)data; @@ -1785,7 +1856,9 @@ int wc_esp_digest_state(WC_ESP32SHA* ctx, byte* hash) /* sanity check */ #if defined(CONFIG_IDF_TARGET_ESP32) if (ctx->sha_type == SHA_INVALID) { -#elif defined(CONFIG_IDF_TARGET_ESP32C3) || \ +#elif defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP32C3) || \ defined(CONFIG_IDF_TARGET_ESP32S2) || \ defined(CONFIG_IDF_TARGET_ESP32S3) || \ defined(CONFIG_IDF_TARGET_ESP32C6) @@ -1805,6 +1878,7 @@ int wc_esp_digest_state(WC_ESP32SHA* ctx, byte* hash) ESP_LOGE(TAG, "unexpected error. sha_type is invalid."); return ESP_FAIL; } + #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32S3) if (ctx->isfirstblock == true) { /* no hardware use yet. Nothing to do yet */ @@ -1837,20 +1911,34 @@ int wc_esp_digest_state(WC_ESP32SHA* ctx, byte* hash) } /* not (ctx->sha_type == SHA2_512) */ /* end if CONFIG_IDF_TARGET_ESP32S3 */ -#elif defined(CONFIG_IDF_TARGET_ESP32C3) || defined(CONFIG_IDF_TARGET_ESP32C6) - sha_ll_read_digest(ctx->sha_type, - (void *)hash, - wc_esp_sha_digest_size(ctx->sha_type) / sizeof(word32)); +#elif defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) + wc_esp_wait_until_idle(); + sha_ll_read_digest( + ctx->sha_type, + (void *)hash, + wc_esp_sha_digest_size(ctx->sha_type) / sizeof(word32) + ); +#elif defined(CONFIG_IDF_TARGET_ESP32C3) || \ + defined(CONFIG_IDF_TARGET_ESP32C6) + wc_esp_wait_until_idle(); + sha_ll_read_digest( + ctx->sha_type, + (void *)hash, + wc_esp_sha_digest_size(ctx->sha_type) / sizeof(word32) + ); #else /* not CONFIG_IDF_TARGET_ESP32S3 */ /* wait until idle */ wc_esp_wait_until_idle(); /* each sha_type register is at a different location */ -#if defined(CONFIG_IDF_TARGET_ESP32C3) || defined(CONFIG_IDF_TARGET_ESP32C6) - +#if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP32C3) || \ + defined(CONFIG_IDF_TARGET_ESP32C6) #elif defined(CONFIG_IDF_TARGET_ESP32S2) - + /* nothing here for S2 */ #else switch (ctx->sha_type) { case SHA1: @@ -2051,7 +2139,13 @@ int esp_sha512_block(struct wc_Sha512* sha, const word32* data, byte isfinal) int ret = 0; /* assume success */ ESP_LOGV(TAG, "enter esp_sha512_block"); /* start register offset */ -#if !defined(CONFIG_IDF_TARGET_ESP32C3) && !defined(CONFIG_IDF_TARGET_ESP32C6) + +#if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP32C3) || \ + defined(CONFIG_IDF_TARGET_ESP32C6) + /* No SHA-512 HW on RISC-V SoC, so nothing to do. */ +#else /* note that in SW mode, wolfSSL uses 64 bit words */ if (sha->ctx.mode == ESP32_SHA_SW) { ByteReverseWords64(sha->buffer, @@ -2107,8 +2201,14 @@ int esp_sha512_digest_process(struct wc_Sha512* sha, byte blockproc) { int ret = 0; ESP_LOGV(TAG, "enter esp_sha512_digest_process"); -#if defined(CONFIG_IDF_TARGET_ESP32C3) || defined(CONFIG_IDF_TARGET_ESP32C6) - ESP_LOGW(TAG, "Warning: no SHA512 HW to digest on ESP32-C3"); +#if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP32C3) || \ + defined(CONFIG_IDF_TARGET_ESP32C6) + { + ESP_LOGW(TAG, "Warning: no SHA512 HW to digest on %s", + CONFIG_IDF_TARGET); + } #else if (blockproc) { word32* data = (word32*)sha->buffer; @@ -2171,6 +2271,6 @@ int esp_hw_show_sha_metrics(void) return ret; } -#endif /* WOLFSSL_HW_METRICS */ +#endif /* WOLFSSL_ESP32_CRYPT and WOLFSSL_HW_METRICS */ -#endif /* WOLFSSL_ESPIDF */ +#endif /* WOLFSSL_ESPIDF (exclude entire contents for non-Espressif projects */ diff --git a/wolfcrypt/src/port/Espressif/esp32_util.c b/wolfcrypt/src/port/Espressif/esp32_util.c index c247125ab5..9dee0e11a6 100644 --- a/wolfcrypt/src/port/Espressif/esp32_util.c +++ b/wolfcrypt/src/port/Espressif/esp32_util.c @@ -200,7 +200,11 @@ static int ShowExtendedSystemInfo_platform_espressif(void) WOLFSSL_VERSION_PRINTF("Xthal_have_ccount = %u", Xthal_have_ccount); #elif CONFIG_IDF_TARGET_ESP32C6 - /* not supported at this time */ + /* TODO find Xthal for C6 */ +#elif CONFIG_IDF_TARGET_ESP32C2 + /* TODO find Xthal for C6 */ +#elif defined(CONFIG_IDF_TARGET_ESP8684) + /* TODO find Xthal for C6 */ #elif CONFIG_IDF_TARGET_ESP32C3 /* not supported at this time */ #elif CONFIG_IDF_TARGET_ESP32S3 @@ -227,6 +231,9 @@ static int ShowExtendedSystemInfo_platform_espressif(void) WOLFSSL_VERSION_PRINTF("ESP32_CRYPT is enabled for ESP32-S2."); #elif defined(CONFIG_IDF_TARGET_ESP32S3) WOLFSSL_VERSION_PRINTF("ESP32_CRYPT is enabled for ESP32-S3."); + #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) + WOLFSSL_VERSION_PRINTF("ESP32_CRYPT is enabled for ESP32-C2."); #elif defined(CONFIG_IDF_TARGET_ESP32C3) WOLFSSL_VERSION_PRINTF("ESP32_CRYPT is enabled for ESP32-C3."); #elif defined(CONFIG_IDF_TARGET_ESP32C6) @@ -234,7 +241,7 @@ static int ShowExtendedSystemInfo_platform_espressif(void) #elif defined(CONFIG_IDF_TARGET_ESP32H2) WOLFSSL_VERSION_PRINTF("ESP32_CRYPT is enabled for ESP32-H2."); #else - /* this should have been detected & disabled in user_settins.h */ + /* This should have been detected & disabled in user_settins.h */ #error "ESP32_CRYPT not yet supported on this IDF TARGET" #endif @@ -245,12 +252,12 @@ static int ShowExtendedSystemInfo_platform_espressif(void) #endif #if defined(NO_WOLFSSL_ESP32_CRYPT_AES) - WOLFSSL_VERSION_PRINTF("NO_WOLFSSL_ESP32_CRYPT_AES is defined!" + WOLFSSL_VERSION_PRINTF("NO_WOLFSSL_ESP32_CRYPT_AES is defined! " "(disabled HW AES)."); #endif #if defined(NO_WOLFSSL_ESP32_CRYPT_RSA_PRI) - WOLFSSL_VERSION_PRINTF("NO_WOLFSSL_ESP32_CRYPT_RSA_PRI defined!" + WOLFSSL_VERSION_PRINTF("NO_WOLFSSL_ESP32_CRYPT_RSA_PRI defined! " "(disabled HW RSA)"); #endif #endif @@ -375,7 +382,7 @@ int esp_current_boot_count(void) } /* See macro helpers above; not_defined is macro name when *not* defined */ -static int esp_ShowMacroStatus(char* s, char* not_defined) +static int show_macro(char* s, char* not_defined) { char hd1[] = "Macro Name Defined Not Defined"; char hd2[] = "------------------------- --------- -------------"; @@ -396,9 +403,11 @@ static int esp_ShowMacroStatus(char* s, char* not_defined) /* Depending on if defined, put an "x" in the appropriate column */ if (not_defined == NULL || not_defined[0] == '\0') { msg[ESP_SMS_ENA_POS] = 'X'; + msg[ESP_SMS_ENA_POS+1] = 0; /* end of line to eliminate space pad */ } else { msg[ESP_SMS_DIS_POS] = 'X'; + msg[ESP_SMS_DIS_POS+1] = 0; /* end of line to eliminate space pad */ } /* do we need a header? */ @@ -414,35 +423,78 @@ static int esp_ShowMacroStatus(char* s, char* not_defined) } /* Show some interesting settings */ -int esp_ShowHardwareAcclerationSettings(void) +int ShowExtendedSystemInfo_config(void) { esp_ShowMacroStatus_need_header = 1; - esp_ShowMacroStatus("HW_MATH_ENABLED", STR_IFNDEF(HW_MATH_ENABLED)); - esp_ShowMacroStatus("RSA_LOW_MEM", STR_IFNDEF(RSA_LOW_MEM)); - esp_ShowMacroStatus("WOLFSSL_SHA224", STR_IFNDEF(WOLFSSL_SHA224)); - esp_ShowMacroStatus("WOLFSSL_SHA384", STR_IFNDEF(WOLFSSL_SHA384)); - esp_ShowMacroStatus("WOLFSSL_SHA512", STR_IFNDEF(WOLFSSL_SHA512)); - esp_ShowMacroStatus("WOLFSSL_SHA3", STR_IFNDEF(WOLFSSL_SHA3)); - esp_ShowMacroStatus("HAVE_ED25519", STR_IFNDEF(HAVE_ED25519)); - esp_ShowMacroStatus("USE_FAST_MATH", STR_IFNDEF(USE_FAST_MATH)); - esp_ShowMacroStatus("WOLFSSL_SP_MATH_ALL", STR_IFNDEF(WOLFSSL_SP_MATH_ALL)); - esp_ShowMacroStatus("WOLFSSL_SP_RISCV32", STR_IFNDEF(WOLFSSL_SP_RISCV32)); - esp_ShowMacroStatus("SP_MATH", STR_IFNDEF(SP_MATH)); - esp_ShowMacroStatus("WOLFSSL_HW_METRICS", STR_IFNDEF(WOLFSSL_HW_METRICS)); - - #ifdef USE_FAST_MATH - ESP_LOGI(TAG, "USE_FAST_MATH"); - #endif /* USE_FAST_MATH */ - - #ifdef WOLFSSL_SP_MATH_ALL - #ifdef WOLFSSL_SP_RISCV32 - ESP_LOGI(TAG, "WOLFSSL_SP_MATH_ALL + WOLFSSL_SP_RISCV32"); - #else - ESP_LOGI(TAG, "WOLFSSL_SP_MATH_ALL"); - #endif - #endif /* WOLFSSL_SP_MATH_ALL */ + + show_macro("NO_ESPIDF_DEFAULT", STR_IFNDEF(NO_ESPIDF_DEFAULT)); + + show_macro("HW_MATH_ENABLED", STR_IFNDEF(HW_MATH_ENABLED)); + + /* Features */ + show_macro("WOLFSSL_SHA224", STR_IFNDEF(WOLFSSL_SHA224)); + show_macro("WOLFSSL_SHA384", STR_IFNDEF(WOLFSSL_SHA384)); + show_macro("WOLFSSL_SHA512", STR_IFNDEF(WOLFSSL_SHA512)); + show_macro("WOLFSSL_SHA3", STR_IFNDEF(WOLFSSL_SHA3)); + show_macro("HAVE_ED25519", STR_IFNDEF(HAVE_ED25519)); + show_macro("HAVE_AES_ECB", STR_IFNDEF(HAVE_AES_ECB)); + show_macro("HAVE_AES_DIRECT", STR_IFNDEF(HAVE_AES_DIRECT)); + + /* Math Library Selection */ + show_macro("USE_FAST_MATH", STR_IFNDEF(USE_FAST_MATH)); + show_macro("WOLFSSL_SP_MATH_ALL", STR_IFNDEF(WOLFSSL_SP_MATH_ALL)); +#ifdef WOLFSSL_SP_RISCV32 + show_macro("WOLFSSL_SP_RISCV32", STR_IFNDEF(WOLFSSL_SP_RISCV32)); +#endif + show_macro("SP_MATH", STR_IFNDEF(SP_MATH)); + + /* Diagnostics */ + show_macro("WOLFSSL_HW_METRICS", STR_IFNDEF(WOLFSSL_HW_METRICS)); + + /* Optimizations */ + show_macro("RSA_LOW_MEM", STR_IFNDEF(RSA_LOW_MEM)); + + /* Security Hardening */ + show_macro("WC_NO_HARDEN", STR_IFNDEF(WC_NO_HARDEN)); + show_macro("TFM_TIMING_RESISTANT", STR_IFNDEF(TFM_TIMING_RESISTANT)); + show_macro("ECC_TIMING_RESISTANT", STR_IFNDEF(ECC_TIMING_RESISTANT)); + + /* WC_NO_CACHE_RESISTANT is only important if another process can be + * run on the device. With embedded it is less likely to be exploitable. + * Timing attacks are usually by probe. So typically turn this on: */ + show_macro("WC_NO_CACHE_RESISTANT", STR_IFNDEF(WC_NO_CACHE_RESISTANT)); + + /* Side channel bit slicing */ + show_macro("WC_AES_BITSLICED", STR_IFNDEF(WC_AES_BITSLICED)); + + /* Unrolling will normally improve performance, + * so make sure WOLFSSL_AES_NO_UNROLL isn't defined unless you want it. */ + show_macro("WOLFSSL_AES_NO_UNROLL", STR_IFNDEF(WOLFSSL_AES_NO_UNROLL)); + show_macro("TFM_TIMING_RESISTANT", STR_IFNDEF(TFM_TIMING_RESISTANT)); + show_macro("ECC_TIMING_RESISTANT", STR_IFNDEF(ECC_TIMING_RESISTANT)); + show_macro("WC_RSA_BLINDING", STR_IFNDEF(WC_RSA_BLINDING)); + show_macro("NO_WRITEV", STR_IFNDEF(NO_WRITEV)); + + /* Environment */ + show_macro("FREERTOS", STR_IFNDEF(FREERTOS)); + show_macro("NO_WOLFSSL_DIR", STR_IFNDEF(NO_WOLFSSL_DIR)); + show_macro("WOLFSSL_NO_CURRDIR", STR_IFNDEF(WOLFSSL_NO_CURRDIR)); + show_macro("WOLFSSL_LWIP", STR_IFNDEF(WOLFSSL_LWIP)); ESP_LOGI(TAG, ""); +#if defined(CONFIG_COMPILER_OPTIMIZATION_DEFAULT) + ESP_LOGI(TAG, "Compiler Optimization: Default"); +#elif defined(CONFIG_COMPILER_OPTIMIZATION_SIZE) + ESP_LOGI(TAG, "Compiler Optimization: Size"); +#elif defined(CONFIG_COMPILER_OPTIMIZATION_PERF) + ESP_LOGI(TAG, "Compiler Optimization: Performance"); +#elif defined(CONFIG_COMPILER_OPTIMIZATION_NONE) + ESP_LOGI(TAG, "Compiler Optimization: None"); +#else + ESP_LOGI(TAG, "Compiler Optimization: Unknown"); +#endif + ESP_LOGI(TAG, ""); + return ESP_OK; } /* @@ -530,7 +582,7 @@ int ShowExtendedSystemInfo(void) ESP_LOGW(TAG, "Warning: ESP_RSA_MULM_BITS not defined for ESP32"); #endif -#elif defined(CONFIG_IDF_TARGET_ESP32C2) +#elif defined(CONFIG_IDF_TARGET_ESP32C2) || defined(CONFIG_IDF_TARGET_ESP8684) ESP_LOGI(TAG, "CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ = %u MHz", CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ ); @@ -572,7 +624,7 @@ int ShowExtendedSystemInfo(void) #endif ESP_LOGI(TAG, ""); - esp_ShowHardwareAcclerationSettings(); + ShowExtendedSystemInfo_config(); ShowExtendedSystemInfo_git(); ShowExtendedSystemInfo_platform(); ShowExtendedSystemInfo_thread(); @@ -726,18 +778,19 @@ int esp_hw_show_metrics(void) #if defined(WOLFSSL_ESP32_CRYPT) esp_hw_show_sha_metrics(); #else - ESP_LOGI(TAG, "WOLFSSL_ESP32_CRYPT"); + ESP_LOGI(TAG, "WOLFSSL_ESP32_CRYPT not defined, " + "HW SHA hash not enabled"); #endif #if defined(WOLFSSL_ESP32_CRYPT_RSA_PRI) esp_hw_show_mp_metrics(); #else - ESP_LOGI(TAG, "WOLFSSL_ESP32_CRYPT_RSA_PRI not defined," + ESP_LOGI(TAG, "WOLFSSL_ESP32_CRYPT_RSA_PRI not defined, " "HW math not enabled"); #endif #if defined(NO_WOLFSSL_ESP32_CRYPT_AES) - ESP_LOGI(TAG, "NO_WOLFSSL_ESP32_CRYPT_AES is defined," + ESP_LOGI(TAG, "NO_WOLFSSL_ESP32_CRYPT_AES is defined, " "HW AES not enabled"); #else esp_hw_show_aes_metrics(); diff --git a/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h b/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h index b459d9b2b2..f8d88ef8c3 100644 --- a/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h +++ b/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h @@ -22,9 +22,17 @@ #define __ESP32_CRYPT_H__ +/* WOLFSSL_USER_SETTINGS must be defined, typically in the CMakeLists.txt: + * + * set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") */ #include /* references user_settings.h */ #if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */ + +#ifndef WOLFSSL_USER_SETTINGS + #error "WOLFSSL_USER_SETTINGS must be defined for Espressif targts" +#endif + #include "sdkconfig.h" /* ensure ESP-IDF settings are available everywhere */ /* wolfSSL */ @@ -72,6 +80,12 @@ enum { ** ** Primary Settings: ** +** WC_NO_HARDEN +** Disables some timing resistance / side-channel attack prevention. +** +** NO_ESPIDF_DEFAULT +** When defined, disables some default definitions. See wolfcrypt/settings.h +** ** NO_ESP32_CRYPT ** When defined, disables all hardware acceleration on the ESP32 ** @@ -143,11 +157,15 @@ enum { ** WOLFSSL_HW_METRICS ** Enables metric counters for calls to HW, success, fall back, oddities. ** +** WOLFSSL_HAS_METRICS +** Indicates that we actually have metrics to show. Useful for old wolfSSL +** libraries tested with newer examples, or when all HW turned off. +** ** DEBUG_WOLFSSL ** Turns on development testing. Validates HW accelerated results to software ** - Automatically turns on WOLFSSL_HW_METRICS ** -** WOLFSSL_DEBUG_MUTEX +** DEBUG_WOLFSSL_SHA_MUTEX ** Turns on diagnostic messages for SHA mutex. Note that given verbosity, ** there may be TLS timing issues encountered. Use with caution. ** @@ -203,10 +221,12 @@ enum { ** ** CONFIG_IDF_TARGET_[SoC] ** CONFIG_IDF_TARGET_ESP32 -** CONFIG_IDF_TARGET_ESP32S2 -** CONFIG_IDF_TARGET_ESP32S3 +** CONFIG_IDF_TARGET_ESP32C2 ** CONFIG_IDF_TARGET_ESP32C3 ** CONFIG_IDF_TARGET_ESP32C6 +** CONFIG_IDF_TARGET_ESP32S2 +** CONFIG_IDF_TARGET_ESP32S3 +** CONFIG_IDF_TARGET_ESP32H2 ** ]******************************************************************************* ** Informative settings. Not meant to be edited: @@ -254,6 +274,60 @@ enum { #define ESP_PROHIBIT_SMALL_X FALSE /***** END CONFIG_IDF_TARGET_ESP32 *****/ +#elif defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) + /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a + * single QFN 4x4 mm package. Out of released documentation, Technical + * Reference Manual as well as ESP-IDF Programming Guide is applicable + * to both ESP32-C2 and ESP8684. + * + * Note there is not currently an expected CONFIG_IDF_TARGET_ESP8684. + * The ESP8684 is detected with CONFIG_IDF_TARGET_ESP32C2. + * The macro is included for clarity, and possible future rename. */ + + /* #define NO_ESP32_CRYPT */ + /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ + #define NO_WOLFSSL_ESP32_CRYPT_AES /* No AES HW */ + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI /* No RSA HW*/ + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL /* No RSA, so no mp_mul */ + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD /* No RSA, so no mp_mulmod */ + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD /* No RSA, no mp_exptmod */ + + #include + #include + + #if ESP_IDF_VERSION_MAJOR < 5 + #include + #endif + + #if defined(ESP_IDF_VERSION_MAJOR) && ESP_IDF_VERSION_MAJOR >= 5 + #include + #else + #include + #endif + + #if ESP_IDF_VERSION_MAJOR >= 4 + /* #include */ + #else + #include + #endif + +/* If for some reason there's a desire to disable specific HW on the C2: */ +/* #undef NO_WOLFSSL_ESP32_CRYPT_HASH_SHA */ +/* #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA there is SHA HW on C2 */ +/* #undef NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224 */ +/* #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224 there is SHA224 HW on C2 */ +/* #undef NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256 */ +/* #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256 there is SHA256 HW on C2 */ + + /* Code will fall back to SW with warning if these are removed: + * Note there is no SHA384/SHA512 HW on ESP32-C3 */ + #undef NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384 + #undef NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 + #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512 + /***** END CONFIG_IDF_TARGET_ESP32C2 aka CONFIG_IDF_TARGET_ESP8684 *****/ + #elif defined(CONFIG_IDF_TARGET_ESP32C3) #include #include @@ -499,7 +573,8 @@ extern "C" #if defined(CONFIG_IDF_TARGET_ESP32) #include "esp32/rom/sha.h" #define WC_ESP_SHA_TYPE enum SHA_TYPE - #elif defined(CONFIG_IDF_TARGET_ESP32C2) + #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) #include "esp32c2/rom/sha.h" #define WC_ESP_SHA_TYPE SHA_TYPE #elif defined(CONFIG_IDF_TARGET_ESP32C3) @@ -686,6 +761,8 @@ extern "C" ******************************************************************************* */ #ifdef WOLFSSL_HW_METRICS + #define WOLFSSL_HAS_METRICS + /* Allow sha256 code to keep track of SW fallback during active HW */ WOLFSSL_LOCAL int esp_sw_sha256_count_add(); @@ -780,6 +857,6 @@ extern "C" } #endif -#endif /* WOLFSSL_ESPIDF */ +#endif /* WOLFSSL_ESPIDF (entire contents excluded when not Espressif ESP-IDF) */ #endif /* __ESP32_CRYPT_H__ */ diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index a3536e596f..37bbcdb3c5 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -378,16 +378,19 @@ #endif #if defined(WOLFSSL_ESPIDF) - #define FREERTOS - #define WOLFSSL_LWIP - #define NO_WRITEV #define SIZEOF_LONG_LONG 8 - #define NO_WOLFSSL_DIR - #define WOLFSSL_NO_CURRDIR + #ifndef NO_ESPIDF_DEFAULT + #define FREERTOS + #define WOLFSSL_LWIP + #define NO_WRITEV + #define NO_WOLFSSL_DIR + #define WOLFSSL_NO_CURRDIR - #define TFM_TIMING_RESISTANT - #define ECC_TIMING_RESISTANT - #define WC_RSA_BLINDING + #define TFM_TIMING_RESISTANT + #define ECC_TIMING_RESISTANT + #define WC_RSA_BLINDING + #define WC_NO_CACHE_RESISTANT + #endif /* !WOLFSSL_ESPIDF_NO_DEFAULT */ #if defined(WOLFSSL_ESPWROOM32) /* WOLFSSL_ESPWROOM32 is a legacy macro gate. @@ -396,6 +399,32 @@ #define WOLFSSL_ESP32 #endif +#if defined(NO_ESP32WROOM32_CRYPT) + #undef NO_ESP32WROOM32_CRYPT + #define NO_ESP32_CRYPT + #error "Please use NO_ESP32_CRYPT not NO_ESP32WROOM32_CRYPT" +#endif + +#if defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) + #undef NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #error "Please use NO_WOLFSSL_ESP32_CRYPT_HASH not NO_ESP32WROOM32_CRYPT" +#endif + +#if defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_AES) + #undef NO_WOLFSSL_ESP32WROOM32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_AES + #error "Please use NO_WOLFSSL_ESP32_CRYPT_AES" \ + " not " "NO_WOLFSSL_ESP32WROOM32_CRYPT_AES" +#endif + +#if defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI) + #undef NO_WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + #error "Please use NO_WOLFSSL_ESP32_CRYPT_RSA_PRI" \ + " not " "NO_WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI" +#endif + #if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) #ifndef NO_ESP32_CRYPT #define WOLFSSL_ESP32_CRYPT @@ -407,9 +436,9 @@ #endif #if defined(WOLFSSL_SP_RISCV32) - #if defined(CONFIG_IDF_TARGET_ESP32C2) \ - || defined(CONFIG_IDF_TARGET_ESP32C3) \ - || defined(CONFIG_IDF_TARGET_ESP32C6) + #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP32C3) || \ + defined(CONFIG_IDF_TARGET_ESP32C6) /* ok, only the known C2, C3, C6 chips allowed */ #else #error "WOLFSSL_SP_RISCV32 can only be used on RISC-V architecture"