refactor(esp_security): Introduce dedicated APIs for crypto clock configuration

components/mbedtls/port/aes/dma/esp_aes.c

@@ -31,16 +31,14 @@
 #include "esp_log.h"
 #include "esp_crypto_lock.h"
 #include "hal/aes_hal.h"
-#include "hal/aes_ll.h"
 #include "esp_aes_internal.h"
-#include "esp_private/esp_crypto_lock_internal.h"
+#include "esp_crypto_periph_clk.h"
 
 #if SOC_AES_GDMA
 #if !ESP_TEE_BUILD
 #define AES_LOCK() esp_crypto_sha_aes_lock_acquire()
 #define AES_RELEASE() esp_crypto_sha_aes_lock_release()
 #else
-#define AES_RCC_ATOMIC()
 #define AES_LOCK()
 #define AES_RELEASE()
 #endif
@@ -56,29 +54,13 @@ void esp_aes_acquire_hardware( void )
 {
     /* Released by esp_aes_release_hardware()*/
     AES_LOCK();
-
-    AES_RCC_ATOMIC() {
-        aes_ll_enable_bus_clock(true);
-#if SOC_AES_CRYPTO_DMA
-        crypto_dma_ll_enable_bus_clock(true);
-#endif
-        aes_ll_reset_register();
-#if SOC_AES_CRYPTO_DMA
-        crypto_dma_ll_reset_register();
-#endif
-    }
+    esp_crypto_aes_enable_periph_clk(true);
 }
 
 /* Function to disable AES and Crypto DMA clocks and release locks */
 void esp_aes_release_hardware( void )
 {
-    AES_RCC_ATOMIC() {
-        aes_ll_enable_bus_clock(false);
-#if SOC_AES_CRYPTO_DMA
-        crypto_dma_ll_enable_bus_clock(false);
-#endif
-    }
-
+    esp_crypto_aes_enable_periph_clk(false);
     AES_RELEASE();
 }
 

components/mbedtls/port/bignum/bignum_alt.c

@@ -1,25 +1,22 @@
 /*
- * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
+#include <assert.h>
 #include "esp_crypto_lock.h"
 #include "bignum_impl.h"
 #include "mbedtls/bignum.h"
-#include "esp_private/esp_crypto_lock_internal.h"
+#include "esp_crypto_periph_clk.h"
 
 #include "hal/mpi_hal.h"
-#include "hal/mpi_ll.h"
 
 void esp_mpi_enable_hardware_hw_op( void )
 {
     esp_crypto_mpi_lock_acquire();
 
     /* Enable RSA hardware */
-    MPI_RCC_ATOMIC() {
-        mpi_ll_enable_bus_clock(true);
-        mpi_ll_reset_register();
-    }
+    esp_crypto_mpi_enable_periph_clk(true);
 
     mpi_hal_enable_hardware_hw_op();
 }
@@ -30,9 +27,7 @@ void esp_mpi_disable_hardware_hw_op( void )
     mpi_hal_disable_hardware_hw_op();
 
     /* Disable RSA hardware */
-    MPI_RCC_ATOMIC() {
-        mpi_ll_enable_bus_clock(false);
-    }
+    esp_crypto_mpi_enable_periph_clk(false);
 
     esp_crypto_mpi_lock_release();
 }

components/mbedtls/port/ecc/esp_ecc.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2021-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2021-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -8,29 +8,21 @@
 #include <stdio.h>
 
 #include "esp_crypto_lock.h"
-#include "esp_private/esp_crypto_lock_internal.h"
+#include "esp_crypto_periph_clk.h"
 #include "ecc_impl.h"
 #include "hal/ecc_hal.h"
-#include "hal/ecc_ll.h"
 #include "soc/soc_caps.h"
 
 static void esp_ecc_acquire_hardware(void)
 {
     esp_crypto_ecc_lock_acquire();
 
-    ECC_RCC_ATOMIC() {
-        ecc_ll_enable_bus_clock(true);
-        ecc_ll_power_up();
-        ecc_ll_reset_register();
-    }
+    esp_crypto_ecc_enable_periph_clk(true);
 }
 
 static void esp_ecc_release_hardware(void)
 {
-    ECC_RCC_ATOMIC() {
-        ecc_ll_enable_bus_clock(false);
-        ecc_ll_power_down();
-    }
+    esp_crypto_ecc_enable_periph_clk(false);
 
     esp_crypto_ecc_lock_release();
 }

components/mbedtls/port/ecdsa/ecdsa_alt.c

@@ -13,8 +13,7 @@
 #include "soc/soc_caps.h"
 
 #include "esp_crypto_lock.h"
-#include "esp_private/esp_crypto_lock_internal.h"
-
+#include "esp_crypto_periph_clk.h"
 #include "mbedtls/error.h"
 #include "mbedtls/ecdsa.h"
 #include "mbedtls/asn1.h"
@@ -69,43 +68,26 @@ static void esp_ecdsa_acquire_hardware(void)
 {
     esp_crypto_ecdsa_lock_acquire();
 
-    ECDSA_RCC_ATOMIC() {
-        ecdsa_ll_enable_bus_clock(true);
-        ecdsa_ll_reset_register();
-    }
+    esp_crypto_ecdsa_enable_periph_clk(true);
 
-    ECC_RCC_ATOMIC() {
-        ecc_ll_enable_bus_clock(true);
-        ecc_ll_power_up();
-        ecc_ll_reset_register();
-    }
+    esp_crypto_ecc_enable_periph_clk(true);
 
 #if SOC_ECDSA_USES_MPI
     /* We need to reset the MPI peripheral because ECDSA peripheral
      * of some targets use the MPI peripheral as well.
      */
-    MPI_RCC_ATOMIC() {
-        mpi_ll_enable_bus_clock(true);
-        mpi_ll_reset_register();
-    }
+    esp_crypto_mpi_enable_periph_clk(true);
 #endif /* SOC_ECDSA_USES_MPI */
 }
 
 static void esp_ecdsa_release_hardware(void)
 {
-    ECDSA_RCC_ATOMIC() {
-        ecdsa_ll_enable_bus_clock(false);
-    }
+    esp_crypto_ecdsa_enable_periph_clk(false);
 
-    ECC_RCC_ATOMIC() {
-        ecc_ll_enable_bus_clock(false);
-        ecc_ll_power_down();
-    }
+    esp_crypto_ecc_enable_periph_clk(false);
 
 #if SOC_ECDSA_USES_MPI
-    MPI_RCC_ATOMIC() {
-        mpi_ll_enable_bus_clock(false);
-    }
+    esp_crypto_mpi_enable_periph_clk(false);
 #endif /* SOC_ECDSA_USES_MPI */
 
     esp_crypto_ecdsa_lock_release();

components/mbedtls/port/sha/core/include/esp_sha_internal.h

@@ -56,13 +56,6 @@ static inline esp_sha_mode sha_operation_mode(size_t length)
     return SHA_BLOCK_MODE;
 }
 
-/**
- * @brief Enable or disable the SHA peripheral clock
- *
- * @param enable true to enable, false to disable
- */
-void esp_sha_enable_periph_clk(bool enable);
-
 #ifdef __cplusplus
 }
 #endif

components/mbedtls/port/sha/core/sha.c

@@ -13,7 +13,7 @@
 #include <stdio.h>
 
 #include "esp_crypto_lock.h"
-#include "esp_private/esp_crypto_lock_internal.h"
+#include "esp_crypto_periph_clk.h"
 #include "esp_log.h"
 #include "sha/sha_core.h"
 #include "esp_sha_internal.h"
@@ -56,7 +56,6 @@
 #define SHA_LOCK()    esp_crypto_sha_aes_lock_acquire()
 #define SHA_RELEASE() esp_crypto_sha_aes_lock_release()
 #else
-#define SHA_RCC_ATOMIC()
 #define SHA_LOCK()
 #define SHA_RELEASE()
 #endif
@@ -101,13 +100,13 @@ void esp_sha_acquire_hardware(void)
 {
     /* Released when releasing hw with esp_sha_release_hardware() */
     SHA_LOCK();
-    esp_sha_enable_periph_clk(true);
+    esp_crypto_sha_enable_periph_clk(true);
 }
 
 /* Disable SHA peripheral block and then release it */
 void esp_sha_release_hardware(void)
 {
-    esp_sha_enable_periph_clk(false);
+    esp_crypto_sha_enable_periph_clk(false);
     SHA_RELEASE();
 }
 

components/mbedtls/port/sha/esp_sha.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2018-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2018-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -7,7 +7,6 @@
 #include <string.h>
 #include <stdio.h>
 #include <assert.h>
-#include "hal/sha_ll.h"
 #include "hal/sha_hal.h"
 #include "hal/sha_types.h"
 #include "soc/soc_caps.h"
@@ -21,33 +20,10 @@
 #include "sha/sha_parallel_engine.h"
 #else
 #include "sha/sha_core.h"
-#include "esp_sha_internal.h"
-#include "esp_private/esp_crypto_lock_internal.h"
-#if SOC_SHA_CRYPTO_DMA
-#include "hal/crypto_dma_ll.h"
-#endif
 #endif
 
 static const char *TAG = "esp_sha";
 
-#if !SOC_SHA_SUPPORT_PARALLEL_ENG
-void esp_sha_enable_periph_clk(bool enable)
-{
-    SHA_RCC_ATOMIC() {
-        sha_ll_enable_bus_clock(enable);
-        if (enable) {
-            sha_ll_reset_register();
-        }
-#if SOC_SHA_CRYPTO_DMA
-        crypto_dma_ll_enable_bus_clock(enable);
-        if (enable) {
-            crypto_dma_ll_reset_register();
-        }
-#endif
-    }
-}
-#endif
-
 void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output)
 {
     union {