crypto: DS uses RSA peripheral, added shared lock

2025-09-30 19:19:21 +00:00 · 2020-04-07 12:30:00 +08:00
parent a521921788
commit a2a204c2b9
11 changed files with 75 additions and 58 deletions
--- a/components/esp32s2/esp_crypto_lock.c
+++ b/components/esp32s2/esp_crypto_lock.c
@@ -16,17 +16,29 @@

 #include "esp_crypto_lock.h"

-/* Single lock for SHA engine
-*/
-static _lock_t s_crypto_lock;
+/* Single lock for SHA and AES engine which both use the crypto DMA */

-void esp_crypto_lock_acquire(void)
+static _lock_t s_crypto_dma_lock;
+
+/* Lock for the MPI/RSA peripheral, also used by the DS peripheral */
+static _lock_t s_crypto_mpi_lock;
+
+void esp_crypto_dma_lock_acquire(void)
 {
-    _lock_acquire(&s_crypto_lock);
+    _lock_acquire(&s_crypto_dma_lock);
 }

-void esp_crypto_lock_release(void)
+void esp_crypto_dma_lock_release(void)
 {
-    _lock_release(&s_crypto_lock);
+    _lock_release(&s_crypto_dma_lock);
 }

+void esp_crypto_mpi_lock_acquire(void)
+{
+    _lock_acquire(&s_crypto_mpi_lock);
+}
+
+void esp_crypto_mpi_lock_release(void)
+{
+    _lock_release(&s_crypto_mpi_lock);
+}
--- a/components/esp32s2/esp_ds.c
+++ b/components/esp32s2/esp_ds.c
@@ -55,7 +55,9 @@ _Static_assert(sizeof(esp_digital_signature_length_t) == sizeof(unsigned),
        "The size of esp_digital_signature_length_t and unsigned has to be the same");

 static void ds_acquire_enable(void) {
-    esp_crypto_lock_acquire();
+    /* Lock AES, SHA and RSA peripheral */
+    esp_crypto_dma_lock_acquire();
+    esp_crypto_mpi_lock_acquire();
    ets_hmac_enable();
    ets_ds_enable();
 }
@@ -63,7 +65,8 @@ static void ds_acquire_enable(void) {
 static void ds_disable_release(void) {
    ets_ds_disable();
    ets_hmac_disable();
-    esp_crypto_lock_release();
+    esp_crypto_mpi_lock_release();
+    esp_crypto_dma_lock_release();
 }

 esp_err_t esp_ds_sign(const void *message,
@@ -177,7 +180,7 @@ esp_err_t esp_ds_encrypt_params(esp_ds_data_t *data,

    esp_err_t result = ESP_OK;

-    esp_crypto_lock_acquire();
+    esp_crypto_dma_lock_acquire();
    ets_aes_enable();
    ets_sha_enable();

@@ -190,7 +193,7 @@ esp_err_t esp_ds_encrypt_params(esp_ds_data_t *data,

    ets_sha_disable();
    ets_aes_disable();
-    esp_crypto_lock_release();
+    esp_crypto_dma_lock_release();

    return result;
 }
--- a/components/esp32s2/esp_hmac.c
+++ b/components/esp32s2/esp_hmac.c
@@ -30,13 +30,13 @@ esp_err_t esp_hmac_calculate(hmac_key_id_t key_id,
    if (!message || !hmac) return ESP_ERR_INVALID_ARG;
    if (key_id >= HMAC_KEY_MAX) return ESP_ERR_INVALID_ARG;

-    esp_crypto_lock_acquire();
+    esp_crypto_dma_lock_acquire();

    ets_hmac_enable();
    hmac_ret = ets_hmac_calculate_message(convert_key_type(key_id), message, message_len, hmac);
    ets_hmac_disable();

-    esp_crypto_lock_release();
+    esp_crypto_dma_lock_release();

    if (hmac_ret != ETS_OK) {
        return ESP_FAIL;
--- a/components/esp32s2/include/esp_crypto_lock.h
+++ b/components/esp32s2/include/esp_crypto_lock.h
@@ -27,14 +27,24 @@ extern "C" {
 */

 /**
- * Acquire lock for the ESP cryptography peripheral.
+ * Acquire lock for the AES and SHA cryptography peripherals, which both use the crypto DMA.
 */
-void esp_crypto_lock_acquire(void);
+void esp_crypto_dma_lock_acquire(void);

 /**
- * Release the lock for the ESP cryptography peripheral.
+ * Release lock for the AES and SHA cryptography peripherals, which both use the crypto DMA.
 */
-void esp_crypto_lock_release(void);
+void esp_crypto_dma_lock_release(void);
+
+/**
+ * Acquire lock for the MPI/RSA cryptography peripheral
+ */
+void esp_crypto_mpi_lock_acquire(void);
+
+/**
+ * Release lock for the MPI/RSA cryptography peripheral
+ */
+void esp_crypto_mpi_lock_release(void);

 #ifdef __cplusplus
 }
--- a/components/esp32s2/include/esp_ds.h
+++ b/components/esp32s2/include/esp_ds.h
@@ -97,7 +97,7 @@ typedef struct {
 * in parallel.
 * It blocks until the signing is finished and then returns the signature.
 *
- * @note This function locks the HMAC, SHA and AES components during its entire execution time.
+ * @note This function locks the HMAC, SHA, AES and RSA components during its entire execution time.
 *
 * @param message the message to be signed; its length is determined by data->rsa_length
 * @param data the encrypted signing key data (AES encrypted RSA key + IV)
@@ -126,7 +126,7 @@ esp_err_t esp_ds_sign(const void *message,
 * This function yields a context object which needs to be passed to \c esp_ds_finish_sign() to finish the signing
 * process.
 *
- * @note This function locks the HMAC, SHA and AES components, so the user has to ensure to call
+ * @note This function locks the HMAC, SHA, AES and RSA components, so the user has to ensure to call
 *       \c esp_ds_finish_sign() in a timely manner.
 *
 * @param message the message to be signed; its length is determined by data->rsa_length