esp32 hwcrypto: Rework hardware crypto locking

Should protect against concurrent use of hardware crypto primitives,
with good performance.

Not necessary to call esp_aes_acquire_hardware(),
esp_sha_acquire_hardware(), etc when using these APIs. These are
provided for external users calling the hardware crypto hardware
directly, to coexist with this implementation.

components/esp32/include/hwcrypto/aes.h

@@ -1,9 +1,11 @@
 /**
  * \file esp_aes.h
  *
- * \brief AES block cipher
+ * \brief AES block cipher, ESP32 hardware accelerated version
+ * Based on mbedTLS version.
  *
  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE Ltd
  *  SPDX-License-Identifier: Apache-2.0
  *
  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -25,7 +27,6 @@
 #define ESP_AES_H
 
 #include "esp_types.h"
-#include "rom/ets_sys.h"
 #include "rom/aes.h"
 
 #ifdef __cplusplus
@@ -40,8 +41,7 @@ extern "C" {
 #define ERR_AES_INVALID_INPUT_LENGTH              -0x0022  /**< Invalid data input length. */
 
 typedef struct {
-    bool  keyflag;
-    uint16_t keybits;
+    enum AES_BITS aesbits;
     uint8_t key[32];
 } key_context, KEY_CTX;
 
@@ -60,6 +60,27 @@ typedef struct {
     KEY_CTX dec;
 } aes_context, AES_CTX;
 
+/**
+ * \brief Lock access to AES hardware unit
+ *
+ * AES hardware unit can only be used by one
+ * consumer at a time.
+ *
+ * esp_aes_xxx API calls automatically manage locking & unlocking of
+ * hardware, this function is only needed if you want to call
+ * ets_aes_xxx functions directly.
+ */
+void esp_aes_acquire_hardware( void );
+
+/**
+ * \brief Unlock access to AES hardware unit
+ *
+ * esp_aes_xxx API calls automatically manage locking & unlocking of
+ * hardware, this function is only needed if you want to call
+ * ets_aes_xxx functions directly.
+ */
+void esp_aes_release_hardware( void );
+
 /**
  * \brief          Initialize AES context
  *

components/esp32/include/hwcrypto/bignum.h

@@ -1,9 +1,11 @@
 /**
  * \file bignum_alt.h
  *
- * \brief  Multi-precision integer library
+ * \brief  Multi-precision integer library, ESP32 hardware accelerated version
+ * Based on mbedTLS version.
  *
  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE Ltd
  *  SPDX-License-Identifier: Apache-2.0
  *
  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -19,13 +21,11 @@
  *  limitations under the License.
  *
  */
- 
+
 #ifndef _ESP_BIGNUM_H
 #define _ESP_BIGNUM_H
 
 #include "esp_types.h"
-#include "rom/ets_sys.h"
-#include "rom/bigint.h"
 
 
 #define MPI_DEBUG_ALT
@@ -147,6 +147,27 @@ typedef struct
     esp_mpi_uint *p;          /*!<  pointer to limbs  */
 }mpi, MPI_CTX;
 
+/**
+ * \brief Lock access to MPI hardware unit
+ *
+ * MPI hardware unit can only be used by one
+ * consumer at a time.
+ *
+ * esp_mpi_xxx API calls automatically manage locking & unlocking of
+ * hardware, this function is only needed if you want to call
+ * ets_bigint_xxx functions directly.
+ */
+void esp_mpi_acquire_hardware( void );
+
+/**
+ * \brief Unlock access to MPI hardware unit
+ *
+ * esp_mpi_xxx API calls automatically manage locking & unlocking of
+ * hardware, this function is only needed if you want to call
+ * ets_bigint_xxx functions directly.
+ */
+void esp_mpi_release_hardware( void );
+
 /**
  * \brief           Initialize one MPI (make internal references valid)
  *                  This just makes it ready to be set or freed,

components/esp32/include/hwcrypto/esp_crypto.h

@@ -1,56 +0,0 @@
-#ifndef _MULTI_CRYPTO_H_
-#define _MULTI_CRYPTO_H_
-
-#include "esp_types.h"
-#include "rom/ets_sys.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-enum {
-    AES_MUTEX = 0,
-    BIGNUM_MUTEX,
-    SHA_MUTEX,
-
-    MUTEX_MAX_NUM,
-};
-
-int esp_crypto_init(void);
-
-void esp_crypto_lock(unsigned int num);
-void esp_crypto_unlock(unsigned int num);
-
-void esp_crypto_take(unsigned int num);
-void esp_crypto_give(unsigned int num);
-bool esp_crypto_is_used(unsigned int num);
-
-#define MUTEX_LOCK(num)     esp_crypto_lock(num)
-#define MUTEX_UNLOCK(num)   esp_crypto_unlock(num)
-
-#define SIG_TAKE(num)       esp_crypto_take(num)
-#define SIG_GIVE(num)       esp_crypto_give(num)
-#define SIG_IS_USED(num)    esp_crypto_is_used(num)
-
-#define AES_LOCK()          MUTEX_LOCK(AES_MUTEX)
-#define AES_UNLOCK()        MUTEX_UNLOCK(AES_MUTEX)
-#define BIGNUM_LOCK()       MUTEX_LOCK(BIGNUM_MUTEX)
-#define BIGNUM_UNLOCK()     MUTEX_UNLOCK(BIGNUM_MUTEX)
-#define SHA_LOCK()          MUTEX_LOCK(SHA_MUTEX)
-#define SHA_UNLOCK()        MUTEX_UNLOCK(SHA_MUTEX)
-
-#define AES_TAKE()          SIG_TAKE(AES_MUTEX)
-#define AES_GIVE()          SIG_GIVE(AES_MUTEX)
-#define AES_IS_USED()       SIG_IS_USED(AES_MUTEX)
-#define BIGNUM_TAKE()       SIG_TAKE(BIGNUM_MUTEX)
-#define BIGNUM_GIVE()       SIG_GIVE(BIGNUM_MUTEX)
-#define BIGNUM_IS_USED()    SIG_IS_USED(BIGNUM_MUTEX)
-#define SHA_TAKE()          SIG_TAKE(SHA_MUTEX)
-#define SHA_GIVE()          SIG_GIVE(SHA_MUTEX)
-#define SHA_IS_USED()       SIG_IS_USED(SHA_MUTEX)
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* esp_crypto.h */

components/esp32/include/hwcrypto/sha.h

@@ -15,10 +15,10 @@
 #ifndef _ESP_SHA_H_
 #define _ESP_SHA_H_
 
-#include "esp_types.h"
-#include "rom/ets_sys.h"
 #include "rom/sha.h"
 
+#include "esp_types.h"
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -28,11 +28,32 @@ extern "C" {
  */
 typedef struct {
     SHA_CTX context;
-    int context_type;
+    enum SHA_TYPE context_type; /* defined in rom/sha.h */
 } sha_context;
 
 typedef sha_context SHA1_CTX;
 
+/**
+ * \brief Lock access to SHA hardware unit
+ *
+ * SHA hardware unit can only be used by one
+ * consumer at a time.
+ *
+ * esp_sha_xxx API calls automatically manage locking & unlocking of
+ * hardware, this function is only needed if you want to call
+ * ets_sha_xxx functions directly.
+ */
+void esp_sha_acquire_hardware( void );
+
+/**
+ * \brief Unlock access to SHA hardware unit
+ *
+ * esp_sha_xxx API calls automatically manage locking & unlocking of
+ * hardware, this function is only needed if you want to call
+ * ets_sha_xxx functions directly.
+ */
+void esp_sha_release_hardware( void );
+
 /**
  * \brief          Initialize SHA-1 context
  *
@@ -55,8 +76,6 @@ void esp_sha1_free( SHA1_CTX *ctx );
  */
 void esp_sha1_clone( SHA1_CTX *dst, const SHA1_CTX *src );
 
-void esp_sha1_process(SHA1_CTX *ctx, const unsigned char data[64]);
-
 /**
  * \brief          SHA-1 context setup
  *
@@ -92,7 +111,7 @@ void esp_sha1_output( const unsigned char *input, size_t ilen, unsigned char out
 
 ///
 #define SHA256  SHA2_256
-#define SHA224  4
+#define SHA224  4 /* TODO: check this */
 
 /**
  * \brief          SHA-256 context structure
@@ -113,7 +132,6 @@ void esp_sha256_init( SHA256_CTX *ctx );
  * \param ctx      SHA-256 context to be cleared
  */
 void esp_sha256_free( SHA256_CTX *ctx );
-void esp_sha256_process(SHA256_CTX *ctx, const unsigned char data[64]);
 
 /**
  * \brief          Clone (the state of) a SHA-256 context
@@ -173,8 +191,6 @@ typedef sha_context SHA512_CTX;
  */
 void esp_sha512_init( SHA512_CTX *ctx );
 
-void esp_sha512_process( SHA512_CTX *ctx, const unsigned char data[128] );
-
 /**
  * \brief          Clear SHA-512 context
  *