luna - wolfssl/wolfcrypt/src/port/Espressif/esp32

   1/* esp32_sha.c
   2 *
   3 * Copyright (C) 2006-2026 wolfSSL Inc.
   4 *
   5 * This file is part of wolfSSL.
   6 *
   7 * wolfSSL is free software; you can redistribute it and/or modify
   8 * it under the terms of the GNU General Public License as published by
   9 * the Free Software Foundation; either version 3 of the License, or
  10 * (at your option) any later version.
  11 *
  12 * wolfSSL is distributed in the hope that it will be useful,
  13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15 * GNU General Public License for more details.
  16 *
  17 * You should have received a copy of the GNU General Public License
  18 * along with this program; if not, write to the Free Software
  19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  20 */
  21
  22/*
  23 * ESP32-C3: esp32-c3_technical_reference_manual_en.pdf
  24 *  see page 335: no SHA-512
  25 *
  26 */
  27#ifdef HAVE_CONFIG_H
  28    #include <config.h>
  29#endif
  30
  31/* Reminder: user_settings.h is needed and included from settings.h
  32 * Be sure to define WOLFSSL_USER_SETTINGS, typically in CMakeLists.txt */
  33#include <wolfssl/wolfcrypt/settings.h>
  34
  35#if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */
  36#include "sdkconfig.h" /* programmatically generated from sdkconfig */
  37#include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
  38
  39/*****************************************************************************/
  40/* this entire file content is excluded when NO_SHA, NO_SHA256
  41 * or when using WC_SHA384 or WC_SHA512
  42 */
  43#if !defined(NO_SHA) || !defined(NO_SHA256) || defined(WC_SHA384) || \
  44     defined(WC_SHA512)
  45
  46/* this entire file content is excluded if not using HW hash acceleration */
  47#if defined(WOLFSSL_ESP32_CRYPT) && \
  48   !defined(NO_WOLFSSL_ESP32_CRYPT_HASH)
  49
  50#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
  51    defined(CONFIG_IDF_TARGET_ESP8684) || \
  52    defined(CONFIG_IDF_TARGET_ESP32C3) || \
  53    defined(CONFIG_IDF_TARGET_ESP32C6)
  54    #include <hal/sha_hal.h>
  55
  56    #include <hal/sha_ll.h>
  57    #include <hal/clk_gate_ll.h>
  58    #if ESP_IDF_VERSION_MAJOR >= 6
  59        #include "sha/sha_core.h"
  60    #endif
  61#elif defined(CONFIG_IDF_TARGET_ESP32)   || \
  62      defined(CONFIG_IDF_TARGET_ESP32S2) || \
  63      defined(CONFIG_IDF_TARGET_ESP32S3)
  64    #include <hal/clk_gate_ll.h>
  65#else
  66    #include <hal/clk_gate_ll.h> /* ESP32-WROOM */
  67#endif
  68
  69/* wolfSSL */
  70#include <wolfssl/wolfcrypt/logging.h>
  71#include <wolfssl/wolfcrypt/sha.h>
  72#include <wolfssl/wolfcrypt/sha256.h>
  73#include <wolfssl/wolfcrypt/sha512.h>
  74
  75#include "wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h"
  76#include "wolfssl/wolfcrypt/error-crypt.h"
  77
  78#ifdef NO_INLINE
  79    #include <wolfssl/wolfcrypt/misc.h>
  80#else
  81    #define WOLFSSL_MISC_INCLUDED
  82    #include <wolfcrypt/src/misc.c>
  83#endif
  84
  85/* A value for an initialized, but not-yet-known SHA: */
  86#define WC_UNKNOWN_SHA (-1)
  87
  88#define WC_ESP_MAX_IDLE_WAIT 10000
  89
  90static const char* TAG = "wolf_hw_sha";
  91
  92#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
  93    defined(CONFIG_IDF_TARGET_ESP8684) || \
  94    defined(CONFIG_IDF_TARGET_ESP32C3) || \
  95    defined(CONFIG_IDF_TARGET_ESP32C6)
  96    /* Keep track of the currently active SHA hash object for interleaving. */
  97    const static word32 ** _active_digest_address = 0;
  98#endif
  99
 100#ifdef NO_SHA
 101    #define WC_SHA_DIGEST_SIZE 20
 102#endif
 103
 104#if defined(DEBUG_WOLFSSL)
 105    /* Only when debugging, we'll keep tracking of SHA block numbers. */
 106    static int this_block_num = 0;
 107#endif
 108
 109/* RTOS mutex or just InUse variable  */
 110#if defined(SINGLE_THREADED)
 111    static int InUse = 0;
 112#else
 113    static wolfSSL_Mutex sha_mutex = NULL;
 114#endif
 115
 116#ifdef WOLFSSL_DEBUG_MUTEX
 117    #ifdef WOLFSSL_TEST_STRAY
 118        #define WOLFSSL_TEST_STRAY_INJECT (esp_sha_call_count() == 10)
 119    #else
 120        /* unless turned on, we won't be testing for strays */
 121        #define WOLFSSL_TEST_STRAY 0
 122        #define WOLFSSL_TEST_STRAY_INJECT 0
 123    #endif
 124#endif
 125
 126/* usage metrics can be turned on independently of debugging */
 127#ifdef WOLFSSL_HW_METRICS
 128    static unsigned long esp_sha_hw_copy_ct = 0;
 129    static unsigned long esp_sha1_hw_usage_ct = 0;
 130    static unsigned long esp_sha1_sw_fallback_usage_ct = 0;
 131    static unsigned long esp_sha_reverse_words_ct = 0;
 132    static unsigned long esp_sha1_hw_hash_usage_ct = 0;
 133    static unsigned long esp_sha2_224_hw_hash_usage_ct = 0;
 134    static unsigned long esp_sha2_256_hw_hash_usage_ct = 0;
 135    static unsigned long esp_sha256_sw_fallback_usage_ct = 0;
 136    static unsigned long esp_byte_reversal_checks_ct = 0;
 137    static unsigned long esp_byte_reversal_needed_ct = 0;
 138#endif
 139
 140    static uintptr_t mutex_ctx_owner = NULLPTR;
 141
 142#if (defined(ESP_MONITOR_HW_TASK_LOCK) && !defined(SINGLE_THREADED)) \
 143    || defined(WOLFSSL_DEBUG_MUTEX)
 144    static portMUX_TYPE sha_crit_sect = portMUX_INITIALIZER_UNLOCKED;
 145#endif
 146
 147#if defined(ESP_MONITOR_HW_TASK_LOCK) || !defined(SINGLE_THREADED)
 148    #ifdef SINGLE_THREADED
 149        uintptr_t esp_sha_mutex_ctx_owner(void)
 150        {
 151            return mutex_ctx_owner;
 152        }
 153
 154        uintptr_t esp_sha_mutex_ctx_owner_set(uintptr_t new_mutex_ctx_owner) {
 155            mutex_ctx_owner = new_mutex_ctx_owner;
 156            return new_mutex_ctx_owner;
 157        }
 158
 159        uintptr_t esp_sha_mutex_ctx_owner_clear(void) {
 160            return esp_sha_mutex_ctx_owner_set(NULLPTR);
 161        }
 162    #else
 163        #if defined(ESP_MONITOR_HW_TASK_LOCK) && !defined(SINGLE_THREADED)
 164
 165            static TaskHandle_t mutex_ctx_task = NULL;
 166        #endif
 167
 168        uintptr_t esp_sha_mutex_ctx_owner(void)
 169        {
 170            uintptr_t ret = 0;
 171            taskENTER_CRITICAL(&sha_crit_sect);
 172            {
 173                ret = mutex_ctx_owner;
 174            }
 175            taskEXIT_CRITICAL(&sha_crit_sect);
 176            return ret;
 177        };
 178
 179        uintptr_t esp_sha_mutex_ctx_owner_set(uintptr_t new_mutex_ctx_owner)
 180        {
 181            taskENTER_CRITICAL(&sha_crit_sect);
 182            {
 183                mutex_ctx_owner = new_mutex_ctx_owner;
 184            }
 185            taskEXIT_CRITICAL(&sha_crit_sect);
 186            return new_mutex_ctx_owner;
 187        };
 188
 189        uintptr_t esp_sha_mutex_ctx_owner_clear(void) {
 190            return esp_sha_mutex_ctx_owner_set(NULLPTR);
 191        }
 192    #endif /* ! SINGLE_THREADED */
 193
 194
 195    #ifdef WOLFSSL_DEBUG_MUTEX
 196        WC_ESP32SHA* stray_ctx;
 197        /* each ctx keeps track of the initializer for HW. when debugging
 198         * we'll have a global variable to indicate which has the lock. */
 199        static int _sha_lock_count = 0;
 200        static int _sha_call_count = 0;
 201
 202        int esp_sha_call_count(void)
 203        {
 204            return _sha_call_count;
 205        }
 206
 207        int esp_sha_lock_count(void)
 208        {
 209            return _sha_lock_count;
 210        }
 211
 212    #endif
 213#endif
 214
 215/* esp_set_hw - set hardware lock, but only if there's no other known
 216 * current mutex owner. */
 217int esp_set_hw(WC_ESP32SHA* ctx)
 218{
 219    int ret = ESP_FAIL;
 220    if ((uintptr_t)ctx == mutex_ctx_owner || mutex_ctx_owner == NULLPTR) {
 221        ESP_LOGV(TAG, "Initializing current mutext owner!");
 222        if (esp_sha_hw_islocked(ctx)) {
 223             ESP_LOGV(TAG, "esp_set_hw already locked: 0x%x", (intptr_t)ctx);
 224        }
 225        ctx->mode = ESP32_SHA_HW;
 226#if defined(ESP_MONITOR_HW_TASK_LOCK) || !defined(SINGLE_THREADED)
 227        mutex_ctx_owner = esp_sha_mutex_ctx_owner_set((uintptr_t)ctx);
 228#else
 229        mutex_ctx_owner = (uintptr_t)ctx;
 230#endif
 231        ret = ESP_OK;
 232    }
 233    else {
 234        ESP_LOGV(TAG, "esp_sha_init_ctx HW for non-owner 0x%x", (intptr_t)ctx);
 235    }
 236    return ret;
 237}
 238
 239/*
 240** The wolfCrypt functions for LITTLE_ENDIAN_ORDER typically
 241** reverse the byte order. Except when the hardware doesn't expect it.
 242**
 243** For SoC devices with no HW (Hardware Acceleration) support:
 244**    ctx->sha_type will be SHA_INVALID
 245**    ctx->mode     will be ESP32_SHA_SW
 246**
 247** Returns 0 (FALSE) or 1 (TRUE); see wolfSSL types.h
 248*/
 249int esp_sha_need_byte_reversal(WC_ESP32SHA* ctx)
 250{
 251    int ret = 1; /* Assume we'll need reversal, look for exceptions. */
 252    CTX_STACK_CHECK(ctx);
 253#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
 254    defined(CONFIG_IDF_TARGET_ESP8684) || \
 255    defined(CONFIG_IDF_TARGET_ESP32C3) || \
 256    defined(CONFIG_IDF_TARGET_ESP32C6)
 257    if (ctx == NULL) {
 258        ESP_LOGE(TAG, " ctx is null");
 259        /* Return true for bad params */
 260    }
 261    else {
 262        #ifdef WOLFSSL_HW_METRICS
 263        {
 264            esp_byte_reversal_checks_ct++;
 265        }
 266        #endif
 267        if (ctx->mode == ESP32_SHA_HW) {
 268            ESP_LOGV(TAG, " No reversal, ESP32_SHA_HW");
 269            ret = 0;
 270        }
 271        else {
 272            ret = 1;
 273            ESP_LOGV(TAG, " Need byte reversal, %d", ctx->mode);
 274            /* Return true for SW; only HW C3 skips reversal at this time. */
 275            #ifdef WOLFSSL_HW_METRICS
 276            {
 277                esp_byte_reversal_needed_ct++;
 278            }
 279            #endif
 280            if (ctx->mode == ESP32_SHA_INIT) {
 281                ESP_LOGW(TAG, "esp_sha_need_byte_reversal during init?");
 282                ESP_LOGW(TAG, "forgot to try HW lock first?");
 283            }
 284        }
 285    }
 286#else
 287    /* Other platforms always return true. */
 288#endif
 289    CTX_STACK_CHECK(ctx);
 290
 291    return ret;
 292}
 293
 294/* esp_sha_init
 295**
 296**   ctx: any wolfSSL ctx from any hash algo
 297**   hash_type: the specific wolfSSL enum for hash type
 298**
 299** Initializes ctx based on chipset capabilities and current state.
 300** Active HW states, such as from during a copy operation, are demoted to SW.
 301** For hash_type not available in HW, set SW mode.
 302**
 303** For ctx, mode will be
 304**     ESP32_SHA_INIT  - For initialized, hardware-ready
 305**     ESP32_SHA_SW    - Software only
 306**
 307** See esp_sha_init_ctx(ctx) for common initialization of ctx.
 308*/
 309int esp_sha_init(WC_ESP32SHA* ctx, enum wc_HashType hash_type)
 310{
 311    int ret = ESP_OK;
 312
 313#ifdef DEBUG_WOLFSSL_SHA_MUTEX
 314    ESP_LOGV(TAG, "\n\nesp_sha_init for ctx %p\n\n", ctx);
 315#endif
 316
 317    if (ctx == NULL) {
 318        return ESP_FAIL;
 319    }
 320
 321#if defined(WOLFSSL_STACK_CHECK)
 322    ctx->first_word = 0;
 323    ctx->last_word = 0;
 324#endif
 325    CTX_STACK_CHECK(ctx);
 326
 327    ret = esp_sha_init_ctx(ctx);
 328
 329#if defined(CONFIG_IDF_TARGET_ESP32)   || \
 330    defined(CONFIG_IDF_TARGET_ESP32S2) || \
 331    defined(CONFIG_IDF_TARGET_ESP32S3)
 332
 333    /* ESP32 Xtensa Architecture SoC. Each has different features: */
 334    switch (hash_type) { /* check each wolfSSL hash type WC_[n] */
 335
 336        #ifndef NO_SHA
 337        case WC_HASH_TYPE_SHA:
 338            ctx->sha_type = SHA1; /* assign Espressif SHA HW type */
 339            break;
 340        #endif
 341
 342        case WC_HASH_TYPE_SHA224:
 343        #if defined(CONFIG_IDF_TARGET_ESP32S2) || \
 344            defined(CONFIG_IDF_TARGET_ESP32S3)
 345            ctx->sha_type = SHA2_224; /* assign Espressif SHA HW type */
 346        #else
 347            /* Don't call init, always SW as there's no HW. */
 348            ctx->mode = ESP32_SHA_SW;
 349        #endif
 350            break;
 351
 352        case WC_HASH_TYPE_SHA256:
 353            ctx->sha_type = SHA2_256; /* assign Espressif SHA HW type */
 354            break;
 355
 356    #if defined(CONFIG_IDF_TARGET_ESP32S2) || \
 357        defined(CONFIG_IDF_TARGET_ESP32S3)
 358        case  WC_HASH_TYPE_SHA384:
 359            ctx->mode = ESP32_SHA_SW;
 360            break;
 361    #else
 362        case  WC_HASH_TYPE_SHA384:
 363            ctx->sha_type = SHA2_384; /* assign Espressif SHA HW type */
 364            break;
 365    #endif
 366
 367        case WC_HASH_TYPE_SHA512:
 368            ctx->sha_type = SHA2_512; /* assign Espressif SHA HW type */
 369            break;
 370
 371    #ifndef WOLFSSL_NOSHA512_224
 372        case WC_HASH_TYPE_SHA512_224:
 373            /* Don't call init, always SW as there's no HW. */
 374            ctx->mode = ESP32_SHA_SW;
 375            break;
 376    #endif
 377
 378    #ifndef WOLFSSL_NOSHA512_256
 379        case WC_HASH_TYPE_SHA512_256:
 380            /* Don't call init, always SW as there's no HW. */
 381            ctx->mode = ESP32_SHA_SW;
 382            break;
 383    #endif
 384
 385        default:
 386            ctx->mode = ESP32_SHA_SW;
 387            ESP_LOGW(TAG, "Unexpected hash_type in esp_sha_init");
 388            break;
 389    }
 390#elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
 391      defined(CONFIG_IDF_TARGET_ESP8684) || \
 392      defined(CONFIG_IDF_TARGET_ESP32C3) || \
 393      defined(CONFIG_IDF_TARGET_ESP32C6)
 394
 395    /* ESP32 RISC-V Architecture SoC. Each has different features: */
 396
 397    switch (hash_type) { /* check each wolfSSL hash type WC_[n] */
 398        #ifndef NO_SHA
 399        case WC_HASH_TYPE_SHA:
 400            ctx->sha_type = SHA1; /* assign Espressif SHA HW type */
 401            break;
 402        #endif
 403
 404        case WC_HASH_TYPE_SHA224:
 405            ctx->sha_type = SHA2_224; /* assign Espressif SHA HW type */
 406            break;
 407
 408        case WC_HASH_TYPE_SHA256:
 409            ctx->sha_type = SHA2_256; /* assign Espressif SHA HW type */
 410            break;
 411
 412        default:
 413            /* We fall through to SW when there's no enabled HW, above. */
 414            ctx->mode = ESP32_SHA_SW;
 415            ESP_LOGW(TAG, "Unsupported hash_type = %d in esp_sha_init, "
 416                          "falling back to SW", hash_type);
 417            break;
 418    }
 419
 420#else
 421    /* Other chipsets will be implemented here, fallback to SW for now: */
 422    ESP_LOGW(TAG, "SW Fallback; CONFIG_IDF_TARGET = %s", CONFIG_IDF_TARGET);
 423    ctx->mode = ESP32_SHA_SW;
 424#endif /* CONFIG_IDF_TARGET_[nnn] */
 425    CTX_STACK_CHECK(ctx);
 426
 427    return ret;
 428}
 429
 430/* we'll call a common init for non-chip-specific settings */
 431int esp_sha_init_ctx(WC_ESP32SHA* ctx)
 432{
 433    CTX_STACK_CHECK(ctx);
 434
 435    ctx->mode = ESP32_SHA_INIT;
 436
 437    /* This is a generic init; we don't yet know SHA type. */
 438    ctx->sha_type = WC_UNKNOWN_SHA;
 439
 440    /* Reminder: always start isfirstblock = 1 (true) when using HW engine. */
 441    /* We're always on the first block at init time. (not zero-based!) */
 442    ctx->isfirstblock = 1;
 443    ctx->lockDepth = 0; /* new objects will always start with lock depth = 0 */
 444
 445#if defined(MUTEX_DURING_INIT)
 446    if ((uintptr_t)ctx == mutex_ctx_owner || mutex_ctx_owner == NULLPTR) {
 447        ESP_LOGV(TAG, "Initializing current mutext owner!");
 448        if (esp_sha_hw_islocked(ctx)) {
 449            esp_sha_hw_unlock(ctx);
 450        }
 451        mutex_ctx_owner = esp_sha_mutex_ctx_owner_set((uintptr_t)ctx);
 452    }
 453    else {
 454        ESP_LOGI(TAG, "MUTEX_DURING_INIT esp_sha_init_ctx for non-owner: "
 455                      "0x%x", (intptr_t)ctx);
 456    }
 457#endif
 458
 459    CTX_STACK_CHECK(ctx);
 460    return ESP_OK; /* Always return success.
 461                    * We assume all issues handled, above. */
 462} /* esp_sha_init_ctx */
 463
 464#ifndef NO_SHA
 465/*
 466** internal SHA ctx copy for ESP HW
 467*/
 468int esp_sha_ctx_copy(struct wc_Sha* src, struct wc_Sha* dst)
 469{
 470    int ret;
 471    if (src->ctx.mode == ESP32_SHA_HW) {
 472        /* this is an interesting situation to copy HW digest to SW */
 473        ESP_LOGV(TAG, "esp_sha_ctx_copy esp_sha_digest_process");
 474        #ifdef WOLFSSL_HW_METRICS
 475        {
 476            esp_sha_hw_copy_ct++;
 477        }
 478        #endif
 479        /* Get a copy of the HW digest, but don't process it. */
 480        ret = esp_sha_digest_process(dst, 0);
 481        if (ret == 0) {
 482            /* initializer will be set during init */
 483            ret = esp_sha_init(&(dst->ctx), WC_HASH_TYPE_SHA);
 484            if (ret != 0) {
 485                ESP_LOGE(TAG, "Error during esp_sha_ctx_copy "
 486                              "in esp_sha_init.");
 487            }
 488            /* As src is HW, the copy will be SW. TODO: Future interleave. */
 489            dst->ctx.mode = ESP32_SHA_SW;
 490        }
 491        else {
 492            ESP_LOGE(TAG, "Error during esp_sha_ctx_copy "
 493                          "in esp_sha_digest_process.");
 494        }
 495
 496        if (dst->ctx.mode == ESP32_SHA_SW) {
 497        #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
 498            defined(CONFIG_IDF_TARGET_ESP8684) || \
 499            defined(CONFIG_IDF_TARGET_ESP32C3) || \
 500            defined(CONFIG_IDF_TARGET_ESP32C6)
 501            /* Reverse digest for C2/C3/C6 RISC-V platform
 502             * only when HW enabled but fallback to SW. */
 503            ByteReverseWords(dst->digest, dst->digest, WC_SHA_DIGEST_SIZE);
 504            #ifdef WOLFSSL_HW_METRICS
 505                esp_sha_reverse_words_ct++;
 506            #endif
 507        #endif
 508            /* The normal revert to SW in copy is expected */
 509            ESP_LOGV(TAG, "Confirmed SHA Copy set to SW");
 510        }
 511        else {
 512            /* However NOT reverting to SW is not right.
 513            ** This should never happen. */
 514            ESP_LOGW(TAG, "SHA Copy NOT set to SW from %d", dst->ctx.mode);
 515        }
 516    } /* (src->ctx.mode == ESP32_SHA_HW */
 517    else { /* src not in HW mode, ok to copy. */
 518        /*
 519        ** reminder XMEMCOPY, above: dst->ctx = src->ctx;
 520        ** No special HW init needed in SW mode.
 521        ** but we need to set our initializer breadcrumb: */
 522        dst->ctx.initializer = (uintptr_t)&(dst->ctx);
 523        #if defined(ESP_MONITOR_HW_TASK_LOCK) && !defined(SINGLE_THREADED)
 524        {
 525            /* not HW mode for copy, so we are not interested in task owner */
 526            dst->ctx.task_owner = 0;
 527        }
 528        #endif
 529
 530        ret = 0;
 531    }
 532
 533    return ret;
 534} /* esp_sha_ctx_copy */
 535#endif
 536
 537/*
 538** Internal sha224 ctx copy (no ESP HW)
 539*/
 540#ifndef NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224
 541int esp_sha224_ctx_copy(struct wc_Sha256* src, struct wc_Sha256* dst)
 542{
 543    /* There's no 224 hardware on ESP32.
 544     * Initializer for dst is this ctx address for use as a breadcrumb. */
 545    dst->ctx.initializer = (uintptr_t)&dst->ctx;
 546    #if defined(ESP_MONITOR_HW_TASK_LOCK) && !defined(SINGLE_THREADED)
 547    {
 548        /* Not HW mode for copy, so we are not interested in task owner: */
 549        dst->ctx.task_owner = 0;
 550    }
 551    #endif
 552
 553    dst->ctx.mode = ESP32_SHA_SW;
 554    return ESP_OK;
 555} /* esp_sha224_ctx_copy */
 556#endif
 557
 558#ifndef NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256
 559/*
 560** internal sha256 ctx copy for ESP HW
 561*/
 562int esp_sha256_ctx_copy(struct wc_Sha256* src, struct wc_Sha256* dst)
 563{
 564    int ret;
 565    if (src->ctx.mode == ESP32_SHA_HW) {
 566        /* Get a copy of the HW digest, but don't process it. */
 567        #ifdef WOLFSSL_DEBUG_MUTEX
 568        {
 569            ESP_LOGI(TAG, "esp_sha256_ctx_copy esp_sha512_digest_process");
 570        }
 571        #endif
 572        ret = esp_sha256_digest_process(dst, FALSE);
 573
 574        if (ret == ESP_OK) {
 575            /* initializer breadcrumb will be set during init */
 576            ret = esp_sha_init(&(dst->ctx), WC_HASH_TYPE_SHA256);
 577            /* As src is HW, the copy will be SW. TODO: Future interleave. */
 578            dst->ctx.mode = ESP32_SHA_SW;
 579        }
 580        else {
 581            ESP_LOGE(TAG, "Unexpected error during sha256 ctx copy: %d", ret);
 582        }
 583
 584        if (dst->ctx.mode == ESP32_SHA_SW) {
 585            #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
 586                defined(CONFIG_IDF_TARGET_ESP8684) || \
 587                defined(CONFIG_IDF_TARGET_ESP32C3) || \
 588                defined(CONFIG_IDF_TARGET_ESP32C6)
 589            {
 590                /* Reverse digest byte order for C3 fallback to SW. */
 591                ByteReverseWords(dst->digest,
 592                                 dst->digest,
 593                                 WC_SHA256_DIGEST_SIZE);
 594            }
 595            #endif
 596            ESP_LOGV(TAG, "Confirmed wc_Sha256 Copy set to SW");
 597        }
 598        else {
 599            ESP_LOGW(TAG, "wc_Sha256 Copy (mode = %d) set to SW",
 600                          dst->ctx.mode);
 601            dst->ctx.mode = ESP32_SHA_SW;
 602        }
 603    } /* (src->ctx.mode == ESP32_SHA_HW) */
 604    else {
 605        ret = ESP_OK;
 606        /*
 607        ** reminder this happened in XMEMCOPY: dst->ctx = src->ctx;
 608        ** No special HW init needed in SW mode.
 609        ** but we need to set our initializer (helpful in multi-task RTOS) */
 610        dst->ctx.initializer = (uintptr_t)&(dst->ctx);
 611        #if defined(ESP_MONITOR_HW_TASK_LOCK) && !defined(SINGLE_THREADED)
 612        {
 613            /* not HW mode, so we are not interested in task owner */
 614            dst->ctx.task_owner = 0;
 615        }
 616        #endif
 617    } /* not (src->ctx.mode == ESP32_SHA_HW) */
 618
 619    return ret;
 620} /* esp_sha256_ctx_copy */
 621#endif
 622
 623#if !(defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384) && \
 624      defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512)    \
 625     ) && \
 626    (defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512))
 627/*
 628** internal sha384 ctx copy for ESP HW
 629*/
 630int esp_sha384_ctx_copy(struct wc_Sha512* src, struct wc_Sha512* dst)
 631{
 632    int ret = 0;
 633#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
 634    defined(CONFIG_IDF_TARGET_ESP8684) || \
 635    defined(CONFIG_IDF_TARGET_ESP32C3) || \
 636    defined(CONFIG_IDF_TARGET_ESP32C6)
 637    {
 638        /* We should ever be calling the HW sHA384 copy for this target. */
 639        ESP_LOGW(TAG, "Warning: esp_sha384_ctx_copy() called for %s!",
 640                       CONFIG_IDF_TARGET);
 641        ESP_LOGW(TAG, "There's no SHA384 HW for this CONFIG_IDF_TARGET");
 642    }
 643#else
 644    if (src->ctx.mode == ESP32_SHA_HW) {
 645        /* Get a copy of the HW digest, but don't process it. */
 646        ESP_LOGV(TAG, "esp_sha384_ctx_copy esp_sha512_digest_process");
 647        ret = esp_sha512_digest_process(dst, 0);
 648        if (ret == 0) {
 649            /* provide init hint to SW revert */
 650            dst->ctx.mode = ESP32_SHA_HW_COPY;
 651
 652            /* initializer will be set during init */
 653            ret = esp_sha_init(&(dst->ctx), WC_HASH_TYPE_SHA384);
 654            if (ret != 0) {
 655                ESP_LOGE(TAG, "Error during esp_sha384_ctx_copy "
 656                              "in esp_sha_init.");
 657            }
 658        }
 659        else {
 660            ESP_LOGE(TAG, "Error during esp_sha384_ctx_copy "
 661                          "in esp_sha512_digest_process.");
 662        }
 663
 664        /* just some diagnostic runtime info */
 665        if (dst->ctx.mode == ESP32_SHA_SW) {
 666            ESP_LOGV(TAG, "Confirmed wc_Sha512 Copy set to SW");
 667        }
 668        else {
 669            ESP_LOGW(TAG, "wc_Sha512 Copy NOT set to SW");
 670        }
 671    } /* src->ctx.mode == ESP32_SHA_HW */
 672    else {
 673        ret = 0;
 674        /*
 675        ** Reminder this happened in XMEMCOPY, above: dst->ctx = src->ctx;
 676        ** No special HW init needed in SW mode.
 677        ** But we need to set our initializer in dst as a breadcrumb: */
 678        dst->ctx.initializer = (uintptr_t)&(dst->ctx);
 679        #if defined(ESP_MONITOR_HW_TASK_LOCK) && !defined(SINGLE_THREADED)
 680        {
 681            /* not HW mode for copy, so we are not interested in task owner */
 682            dst->ctx.task_owner = 0;
 683        }
 684        #endif
 685    } /* not (src->ctx.mode == ESP32_SHA_HW) */
 686#endif
 687    return ret;
 688} /* esp_sha384_ctx_copy */
 689#endif
 690
 691#if !(defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384) && \
 692      defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512)    \
 693     ) && \
 694    (defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512))
 695/*
 696** Internal sha512 ctx copy for ESP HW.
 697** If HW already active, fall back to SW for this ctx.
 698*/
 699int esp_sha512_ctx_copy(struct wc_Sha512* src, struct wc_Sha512* dst)
 700{
 701    int ret = ESP_OK; /* Assume success (zero) */
 702
 703#if defined(CONFIG_IDF_TARGET_ESP32C2)   || \
 704    defined(CONFIG_IDF_TARGET_ESP8684)   || \
 705    defined(CONFIG_IDF_TARGET_ESP32C3)   || \
 706    defined(CONFIG_IDF_TARGET_ESP32C6)
 707    /* There's no SHA512 HW on these RISC-V SoC so there's nothing to do.
 708     * (perhaps a future one will?) */
 709#elif defined(CONFIG_IDF_TARGET_ESP32)   || \
 710      defined(CONFIG_IDF_TARGET_ESP32S2) || \
 711      defined(CONFIG_IDF_TARGET_ESP32S3)
 712    if (src->ctx.mode == ESP32_SHA_HW) {
 713        /* Get a copy of the HW digest, but don't process it. */
 714        ESP_LOGV(TAG, "esp_sha512_ctx_copy esp_sha512_digest_process");
 715        ret = esp_sha512_digest_process(dst, FALSE);
 716
 717        if (ret == ESP_OK) {
 718            /* provide init hint to SW revert */
 719            dst->ctx.mode = ESP32_SHA_HW_COPY;
 720
 721            /* initializer will be set during init
 722            ** reminder we should never arrive here for
 723            ** ESP32 SHA512/224 or SHA512/224, as there's no HW */
 724            ret = esp_sha_init(&(dst->ctx), WC_HASH_TYPE_SHA512);
 725        }
 726
 727        if (dst->ctx.mode == ESP32_SHA_SW) {
 728            ESP_LOGV(TAG, "Confirmed wc_Sha512 Copy set to SW");
 729        }
 730        else {
 731            ESP_LOGW(TAG, "wc_Sha512 Copy set to SW");
 732            dst->ctx.mode = ESP32_SHA_SW;
 733        }
 734    } /* src->ctx.mode == ESP32_SHA_HW */
 735    else {
 736        ret = ESP_OK;
 737        /* reminder this happened in XMEMCOPY, above: dst->ctx = src->ctx;
 738        ** No special HW init needed when not in active HW mode.
 739        ** but we need to set our initializer breadcrumb: */
 740    #if !defined(CONFIG_IDF_TARGET_ESP32C2) && \
 741        !defined(CONFIG_IDF_TARGET_ESP32C3) && \
 742        !defined(CONFIG_IDF_TARGET_ESP32C6)
 743        dst->ctx.initializer = (uintptr_t)&(dst->ctx);
 744    #endif
 745    #if defined(ESP_MONITOR_HW_TASK_LOCK) && !defined(SINGLE_THREADED)
 746        {
 747            /* not HW mode for copy, so we are not interested in task owner */
 748            dst->ctx.task_owner = 0;
 749        }
 750    #endif
 751    } /* else src->ctx.mode != ESP32_SHA_HW */
 752#endif
 753
 754    return ret;
 755} /* esp_sha512_ctx_copy */
 756#endif
 757
 758/*
 759** Determine the digest size, depending on SHA type.
 760**
 761** See FIPS PUB 180-4, Instruction Section 1.
 762**
 763** See ESP32 sha.h for values:
 764**
 765**  enum SHA_TYPE {
 766**      SHA1 = 0,
 767**      SHA2_256,
 768**      SHA2_384,
 769**      SHA2_512,
 770**      SHA_TYPE_MAX = -1,
 771**  };
 772**
 773** given the SHA_TYPE (see Espressif sha.h) return WC digest size.
 774**
 775** Returns zero for bad digest size type request.
 776**
 777*/
 778static word32 wc_esp_sha_digest_size(WC_ESP_SHA_TYPE type)
 779{
 780    int ret = 0;
 781    ESP_LOGV(TAG, "  esp_sha_digest_size");
 782
 783#if CONFIG_IDF_TARGET_ARCH_RISCV
 784/*
 785 *   SHA1 = 0,
 786 *   SHA2_224,
 787 *   SHA2_256,
 788 */
 789    switch (type) {
 790    #ifndef NO_SHA
 791        case SHA1: /* typically 20 bytes */
 792            ret = WC_SHA_DIGEST_SIZE;
 793            break;
 794    #endif
 795    #ifdef WOLFSSL_SHA224
 796        case SHA2_224:
 797            ret = WC_SHA224_DIGEST_SIZE;
 798            break;
 799    #endif
 800    #ifndef NO_SHA256
 801        case SHA2_256: /* typically 32 bytes */
 802            ret = WC_SHA256_DIGEST_SIZE;
 803            break;
 804    #endif
 805        default:
 806            ESP_LOGE(TAG, "Bad SHA type in wc_esp_sha_digest_size");
 807            ret = 0;
 808            break;
 809    }
 810#else
 811    /* Xtensa */
 812    switch (type) {
 813    #ifndef NO_SHA
 814        case SHA1: /* typically 20 bytes */
 815            ret = WC_SHA_DIGEST_SIZE;
 816            break;
 817    #endif
 818
 819    #ifdef WOLFSSL_SHA224
 820        #if defined(CONFIG_IDF_TARGET_ESP32S2) || \
 821            defined(CONFIG_IDF_TARGET_ESP32S3)
 822        case SHA2_224:
 823            ret = WC_SHA224_DIGEST_SIZE;
 824            break;
 825        #endif
 826    #endif
 827
 828    #ifndef NO_SHA256
 829        case SHA2_256: /* typically 32 bytes */
 830            ret = WC_SHA256_DIGEST_SIZE;
 831            break;
 832    #endif
 833    #ifdef WOLFSSL_SHA384
 834        case SHA2_384:
 835            ret =  WC_SHA384_DIGEST_SIZE;
 836            break;
 837    #endif
 838    #ifdef WOLFSSL_SHA512
 839        case SHA2_512: /* typically 64 bytes */
 840            ret = WC_SHA512_DIGEST_SIZE;
 841            break;
 842    #endif
 843        default:
 844            ESP_LOGE(TAG, "Bad SHA type in wc_esp_sha_digest_size");
 845            ret = 0;
 846            break;
 847    }
 848#endif
 849
 850    return ret; /* Return value is a size, not an error code. */
 851} /* wc_esp_sha_digest_size */
 852
 853/*
 854** wait until all engines becomes idle
 855*/
 856static int wc_esp_wait_until_idle(void)
 857{
 858    int ret = 0; /* assume success */
 859    int loop_ct = WC_ESP_MAX_IDLE_WAIT;
 860
 861#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
 862    defined(CONFIG_IDF_TARGET_ESP8684) || \
 863    defined(CONFIG_IDF_TARGET_ESP32C3) || \
 864    defined(CONFIG_IDF_TARGET_ESP32C6)
 865    /* ESP32-C3 and ESP32-C6 RISC-V */
 866    while ((sha_ll_busy() == 1) && (loop_ct > 0)) {
 867        loop_ct--;
 868        /* do nothing while waiting. */
 869    }
 870#elif defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32S3)
 871    while (REG_READ(SHA_BUSY_REG)) {
 872      /* do nothing while waiting. */
 873    }
 874#else
 875    while ((DPORT_REG_READ(SHA_1_BUSY_REG)   != 0) ||
 876           (DPORT_REG_READ(SHA_256_BUSY_REG) != 0) ||
 877           (DPORT_REG_READ(SHA_384_BUSY_REG) != 0) ||
 878           (DPORT_REG_READ(SHA_512_BUSY_REG) != 0)) {
 879        /* do nothing while waiting. */
 880    }
 881#endif
 882    if (loop_ct <= 0)
 883    {
 884        ESP_LOGW(TAG, "Too long to exit wc_esp_wait_until_idle");
 885    }
 886    return ret;
 887} /* wc_esp_wait_until_idle */
 888
 889/*
 890** hack alert. there really should have been something implemented
 891** in Espressif periph_ctrl.c to detect ref_counts[periph] depth.
 892**
 893** since there is not at this time, we have this brute-force method.
 894**
 895** when trying to unwrap an arbitrary depth of peripheral-enable(s),
 896** we'll check the register upon *enable* to see if we actually did.
 897**
 898** Note that enable / disable only occurs when ref_counts[periph] == 0
 899**
 900*/
 901int esp_unroll_sha_module_enable(WC_ESP32SHA* ctx)
 902{
 903    /* if we end up here, there was a prior unexpected fail and
 904     * we need to unroll enables */
 905    int ret = 0; /* assume success unless proven otherwise */
 906    int actual_unroll_count = 0;
 907    int max_unroll_count = 1000; /* never get stuck in a hardware wait loop */
 908
 909#if defined(CONFIG_IDF_TARGET_ESP32)
 910    word32 this_sha_mask; /* this is the bit-mask for our SHA CLK_EN_REG */
 911#endif
 912    CTX_STACK_CHECK(ctx);
 913
 914    if (ctx == NULL) {
 915        ESP_LOGE(TAG, "esp_unroll_sha_module_enable called with null ctx.");
 916        return BAD_FUNC_ARG;
 917    }
 918
 919#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
 920    defined(CONFIG_IDF_TARGET_ESP8684) || \
 921    defined(CONFIG_IDF_TARGET_ESP32C3) || \
 922    defined(CONFIG_IDF_TARGET_ESP32C6)
 923    /*************  RISC-V Architecture *************/
 924    (void)max_unroll_count;
 925    (void)_active_digest_address;
 926    ets_sha_disable();
 927    /* We don't check for unroll as done below, for Xtensa*/
 928#else
 929    /************* Xtensa Architecture *************/
 930
 931    /* unwind prior calls to THIS ctx. decrement ref_counts[periph]
 932    ** only when ref_counts[periph] == 0 does something actually happen. */
 933
 934    /* once the value we read is a 0 in the DPORT_PERI_CLK_EN_REG bit
 935     * then we have fully unrolled the enables via ref_counts[periph]==0 */
 936#if  defined(CONFIG_IDF_TARGET_ESP32S2) ||defined(CONFIG_IDF_TARGET_ESP32S3)
 937    /* once the value we read is a 0 in the DPORT_PERI_CLK_EN_REG bit
 938     * then we have fully unrolled the enables via ref_counts[periph]==0 */
 939    while (periph_ll_periph_enabled(PERIPH_SHA_MODULE)) {
 940#else
 941    /* this is the bit-mask for our SHA CLK_EN_REG */
 942    this_sha_mask = periph_ll_get_clk_en_mask(PERIPH_SHA_MODULE);
 943    asm volatile("memw");
 944    while ((this_sha_mask & *(uint32_t*)DPORT_PERI_CLK_EN_REG) != 0) {
 945#endif /* CONFIG_IDF_TARGET_ESP32S3 */
 946        periph_module_disable(PERIPH_SHA_MODULE);
 947        asm volatile("memw");
 948        actual_unroll_count++;
 949        ESP_LOGW(TAG, "unroll not yet successful. try #%d",
 950                 actual_unroll_count);
 951
 952        /* we'll only try this some unreasonable number of times
 953         * before giving up */
 954        if (actual_unroll_count > max_unroll_count) {
 955            ret = ESP_FAIL; /* failed to unroll */
 956            break;
 957        }
 958    }
 959#endif /* else; not RISC-V */
 960    if (ret == 0) {
 961        if (ctx->lockDepth != actual_unroll_count) {
 962            /* this could be a warning of wonkiness in RTOS environment.
 963            ** we were successful, but not expected depth count.
 964            **
 965            ** This should never happen unless someone else called
 966            ** periph_module_disable() or threading not working properly.
 967            **/
 968            ESP_LOGW(TAG, "warning lockDepth mismatch: %d", ctx->lockDepth);
 969            if (actual_unroll_count == 0 && ctx->lockDepth > 2) {
 970                ESP_LOGW(TAG, "Large lockDepth discrepancy often indicates "
 971                              "stack overflow or memory corruption");
 972            }
 973        }
 974        ctx->lockDepth = 0;
 975        ctx->mode = ESP32_SHA_INIT;
 976    }
 977    else {
 978        /* This should never occur. Something must have gone seriously
 979        ** wrong. Check for non-wolfSSL outside calls that may have enabled HW.
 980        */
 981        ESP_LOGE(TAG, "Failed to unroll after %d attempts.",
 982                      actual_unroll_count);
 983        ESP_LOGI(TAG, "Setting ctx->mode = ESP32_SHA_SW");
 984        ctx->mode = ESP32_SHA_SW;
 985    }
 986    CTX_STACK_CHECK(ctx);
 987    return ret;
 988} /* esp_unroll_sha_module_enable */
 989
 990/* Set and return a stray ctx value stray_ctx. Useful for multi-task debugging.
 991 * Returns zero if not debugging. */
 992uintptr_t esp_sha_set_stray(WC_ESP32SHA* ctx)
 993{
 994    uintptr_t ret = 0;
 995    CTX_STACK_CHECK(ctx);
 996
 997#ifdef WOLFSSL_DEBUG_MUTEX
 998    stray_ctx = ctx;
 999    ret = (uintptr_t)stray_ctx;
1000#endif
1001    CTX_STACK_CHECK(ctx);
1002    return ret;
1003}
1004
1005/* Return 1 if the SHA HW is in use, 0 otherwise. */
1006int esp_sha_hw_in_use()
1007{
1008    int ret;
1009#ifdef SINGLE_THREADED
1010    ret = InUse;
1011#else
1012    ret = (mutex_ctx_owner != NULLPTR);
1013    ESP_LOGV(TAG, "mutex_ctx_owner is 0x%x", mutex_ctx_owner);
1014#endif
1015    ESP_LOGV(TAG, "esp_sha_hw_in_use is %d", ret);
1016    return ret;
1017}
1018
1019/*
1020** return HW lock owner, otherwise zero if not locked.
1021**
1022** When WOLFSSL_DEBUG_MUTEX is defined, additional
1023** debugging capabilities are available.
1024*/
1025uintptr_t esp_sha_hw_islocked(WC_ESP32SHA* ctx)
1026{
1027    uintptr_t ret = 0;
1028    #if !defined(WOLFSSL_DEBUG_MUTEX) && !defined(SINGLE_THREADED)
1029        TaskHandle_t mutexHolder;
1030    #endif
1031    CTX_STACK_CHECK(ctx);
1032
1033#ifdef WOLFSSL_DEBUG_MUTEX
1034    ret = esp_sha_mutex_ctx_owner();
1035    if (ctx == 0) {
1036        ESP_LOGV(TAG, "ctx == 0; Not checking if a given ctx has the lock");
1037    }
1038    else {
1039        if (ret == (uintptr_t)ctx->initializer) {
1040            ESP_LOGV(TAG, "confirmed this object is the owner");
1041        }
1042        else {
1043            ESP_LOGV(TAG, "this object is not the lock owner");
1044
1045        }
1046    } /* ctx != 0 */
1047
1048#else
1049    #ifdef SINGLE_THREADED
1050    {
1051        ret = InUse;
1052    }
1053    #else
1054    {
1055        if (sha_mutex == NULL) {
1056            mutexHolder = NULL;
1057        }
1058        else {
1059            mutexHolder = xSemaphoreGetMutexHolder(sha_mutex);
1060        }
1061
1062        if (mutexHolder == NULL) {
1063            /* Mutex is not in use */
1064            ESP_LOGV(TAG, "multi-threaded esp_mp_hw_islocked = false");
1065            ret = 0;
1066        }
1067        else {
1068            ESP_LOGV(TAG, "multi-threaded esp_mp_hw_islocked = true");
1069            ret = mutex_ctx_owner;
1070        }
1071
1072        /* Verbose debug diagnostics */
1073        if (NULLPTR == mutex_ctx_owner) {
1074            ESP_LOGV(TAG, "not esp_sha_hw_islocked, mutex_ctx_owner is Null");
1075        }
1076        else {
1077            ESP_LOGV(TAG, "esp_sha_hw_islocked for 0x%x", mutex_ctx_owner);
1078        }
1079    }
1080    #endif
1081    return ret;
1082#endif
1083
1084
1085#ifdef WOLFSSL_DEBUG_MUTEX
1086    if (ret == 0) {
1087        ESP_LOGV(TAG, ">> NOT LOCKED esp_sha_hw_islocked");
1088    }
1089    else {
1090        ESP_LOGV(TAG, ">> LOCKED esp_sha_hw_islocked for %x",
1091                      (int)esp_sha_mutex_ctx_owner());
1092    }
1093#endif
1094    CTX_STACK_CHECK(ctx);
1095    return ret;
1096}
1097
1098/*
1099 * The HW is typically unlocked when the SHA hash wc_Sha[nn]Final() is called.
1100 * However, in the case of TLS connections the in-progress hash may at times be
1101 * abandoned. Thus this function should be called at free time. See internal.c
1102 *
1103 * Returns the owner of the current lock, typically used for debugging.
1104 * Returns zero if there was no unfinished lock found to clean up.
1105 */
1106uintptr_t esp_sha_release_unfinished_lock(WC_ESP32SHA* ctx)
1107{
1108    uintptr_t ret = 0;
1109    CTX_STACK_CHECK(ctx);
1110
1111    ret = esp_sha_hw_islocked(ctx); /* get the owner of the current lock */
1112    if (ret == 0) {
1113        #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
1114            ESP_LOGV(TAG, "No unfinished lock to clean up for ctx %p.", ctx);
1115        #endif
1116    }
1117    else {
1118        #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
1119            ESP_LOGI(TAG, "Unfinished lock clean up: %p.", ctx);
1120        #endif
1121        if (ret == (uintptr_t)ctx) {
1122            /* found a match for this object */
1123            if (ret == ctx->initializer) {
1124                /* confirmed match*/
1125                ESP_LOGW(TAG, "New mutex_ctx_owner = NULL");
1126                #ifdef ESP_MONITOR_HW_TASK_LOCK
1127                {
1128                    esp_sha_mutex_ctx_owner_clear();
1129                }
1130                #endif
1131            }
1132            else {
1133        #if defined(WOLFSSL_DEBUG_MUTEX) || defined(WOLFSSL_ESP32_HW_LOCK_DEBUG)
1134                if (ctx->initializer == 0) {
1135                    /* A zero likely indicates prior cleanup for abandoned hash.
1136                     * Check the calling code to confirm this is the case. */
1137                    ESP_LOGW(TAG, "Release already finished lock for %x ?",
1138                                   ctx->initializer);
1139                    }
1140                else {
1141                    /* Mismatch expected may be in a multi-thread RTOS. */
1142                    ESP_LOGW(TAG, "ERROR: Release unfinished lock for %x but "
1143                                  "found %x", ret, ctx->initializer);
1144                }
1145        #endif
1146            }  /* ret != ctx->initializer */
1147        #ifdef WOLFSSL_DEBUG_MUTEX
1148            ESP_LOGW(TAG, "\n>>>> esp_sha_release_unfinished_lock %x\n", ret);
1149        #endif
1150
1151            /* unlock only if this ctx is the initializer of the lock */
1152        #ifdef SINGLE_THREADED
1153        {
1154            ret = esp_sha_hw_unlock(ctx);
1155        }
1156        #else
1157            #if defined(ESP_MONITOR_HW_TASK_LOCK)
1158            {
1159                if (ctx->task_owner == xTaskGetCurrentTaskHandle()) {
1160                    ESP_LOGV(TAG, "esp_sha_hw_unlock!");
1161                }
1162                else {
1163                    /* We cannot free a SHA object lock from a different task.
1164                     * So give the ctx a hint for other task to clean it up. */
1165                    ctx->mode = ESP32_SHA_FREED;
1166                    ESP_LOGV(TAG, "ESP32_SHA_FREED");
1167                }
1168            }
1169            #else
1170                /* Here we assume only 1 task, so no ESP32_SHA_FREED hint. */
1171                ret = esp_sha_hw_unlock(ctx);
1172            #endif /* ESP_MONITOR_HW_TASK_LOCK */
1173        #endif /* SINGLE_THREADED or not */
1174
1175        } /* ret == ctx */
1176    } /* else not locked */
1177
1178    CTX_STACK_CHECK(ctx);
1179    if (ctx->mode != ESP32_SHA_INIT) {
1180#if defined(WOLFSSL_ESP32_HW_LOCK_DEBUG)
1181        ESP_LOGW(TAG, "esp_sha_release_unfinished_lock mode = %d", ctx->mode);
1182#endif
1183        if (ctx->mode == ESP32_SHA_HW) {
1184#if defined(DEBUG_WOLFSSL_ESP32_UNFINISHED_HW)
1185            ESP_LOGW(TAG, "esp_sha_release_unfinished_lock HW!");
1186#endif
1187        }
1188    }
1189    return ret;
1190} /* esp_sha_release_unfinished_lock */
1191
1192/*
1193** lock HW engine.
1194** this should be called before using engine.
1195*/
1196int esp_sha_try_hw_lock(WC_ESP32SHA* ctx)
1197{
1198    int ret = 0;
1199
1200#if defined(SINGLE_THREADED)
1201    /* no mutex monitoring available in single thread mode */
1202#else
1203    /* thread safe get of global static mutex_ctx_owner: */
1204    uintptr_t this_mutex_owner;
1205
1206    /* mutex_ctx_owner could change in multiple threads, assign once here: */
1207    this_mutex_owner = esp_sha_mutex_ctx_owner();
1208#endif
1209
1210    CTX_STACK_CHECK(ctx);
1211
1212#ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
1213    ESP_LOGI(TAG, "enter esp_sha_hw_lock for %x, initializer %x",
1214                   (uintptr_t)ctx, (uintptr_t)ctx->initializer);
1215#endif
1216
1217    #ifdef WOLFSSL_DEBUG_MUTEX
1218        taskENTER_CRITICAL(&sha_crit_sect);
1219        {
1220            /* let's keep track of how many times we call this */
1221            _sha_call_count++;
1222        }
1223        taskEXIT_CRITICAL(&sha_crit_sect);
1224    #endif
1225
1226    if (ctx == NULL) {
1227        ESP_LOGE(TAG, " esp_sha_try_hw_lock called with NULL ctx");
1228        return BAD_FUNC_ARG;
1229    }
1230
1231    /* Init mutex
1232     *
1233     * Note that even single thread mode may calculate separate hashes
1234     * concurrently, so we still need to keep track of the engine being
1235     * busy or not.
1236     */
1237#if defined(SINGLE_THREADED)
1238    if (ctx->mode == ESP32_SHA_INIT) {
1239        if (InUse) {
1240            /* Revert to SW when HW is busy */
1241            ctx->mode = ESP32_SHA_SW;
1242        }
1243        else {
1244            /* Set single-threaded hardware mode. */
1245            ctx->mode = ESP32_SHA_HW;
1246            InUse = 1;
1247            #ifdef WOLFSSL_DEBUG_MUTEX
1248                ESP_LOGW(TAG, "\n\nHW in use\n\n");
1249            #endif
1250        }
1251        ret = ESP_OK;
1252    }
1253    else {
1254        /* this should not happen */
1255        ESP_LOGE(TAG, "unexpected error in esp_sha_try_hw_lock.");
1256        return ESP_FAIL;
1257    }
1258#else /* not SINGLE_THREADED */
1259    /*
1260    ** there's only one SHA engine for all the hash types
1261    ** so when any hash is in use, no others can use it.
1262    ** fall back to SW.
1263    **
1264    ** here is some sample code to test the unrolling of SHA enables:
1265    **
1266
1267    periph_module_enable(PERIPH_SHA_MODULE);
1268    ctx->lockDepth++;
1269    periph_module_enable(PERIPH_SHA_MODULE);
1270    ctx->lockDepth++;
1271    ctx->mode = ESP32_FAIL_NEED_INIT;
1272
1273    **
1274    */
1275
1276    if (sha_mutex == NULL) {
1277        ESP_LOGV(TAG, "Initializing sha_mutex");
1278
1279        /* created, but not yet locked */
1280        ret = esp_CryptHwMutexInit(&sha_mutex);
1281        if (ret == 0) {
1282            ESP_LOGV(TAG, "esp_CryptHwMutexInit sha_mutex init success.");
1283            esp_sha_mutex_ctx_owner_clear(); /* No one has the mutex yet. */
1284            #ifdef WOLFSSL_DEBUG_MUTEX
1285            {
1286                /* Take mutex for lock/unlock test drive to ensure it works: */
1287                ret = esp_CryptHwMutexLock(&sha_mutex, (TickType_t)0);
1288                if (ret == ESP_OK) {
1289                    ret = esp_CryptHwMutexUnLock(&sha_mutex);
1290                    if (ret != ESP_OK) {
1291                        ESP_LOGE(TAG, "esp_CryptHwMutexInit fail init lock.");
1292                    }
1293                }
1294                else {
1295                    ESP_LOGE(TAG, "esp_CryptHwMutexInit fail init unlock.");
1296                }
1297            }
1298            #endif
1299        } /* ret == 0 for esp_CryptHwMutexInit */
1300        else {
1301            ESP_LOGE(TAG, "esp_CryptHwMutexInit sha_mutex failed.");
1302            #ifdef WOLFSSL_DEBUG_MUTEX
1303            {
1304                ESP_LOGV(TAG, "Current mutext owner = %x", this_mutex_owner);
1305            }
1306            #endif
1307
1308            sha_mutex = NULL;
1309
1310            ESP_LOGV(TAG, "Revert to ctx->mode = ESP32_SHA_SW.");
1311
1312            ctx->mode = ESP32_SHA_SW;
1313            return ESP_OK; /* success, just not using HW */
1314        }
1315    }
1316
1317#if defined(ESP_MONITOR_HW_TASK_LOCK) || \
1318   (defined(WOLFSSL_DEBUG_MUTEX) && WOLFSSL_DEBUG_MUTEX)
1319    /* Nothing happening here other than messages based on mutex states */
1320    if (mutex_ctx_task == 0 || mutex_ctx_owner == 0) {
1321        /* no known stray mutex task owner */
1322    }
1323    else {
1324        if (mutex_ctx_task ==  xTaskGetCurrentTaskHandle()) {
1325            ESP_LOGV(TAG, "Found mutex_ctx_task");
1326            if (((WC_ESP32SHA*)mutex_ctx_owner)->mode == ESP32_SHA_FREED) {
1327                ESP_LOGW(TAG, "ESP32_SHA_FREED unlocking mutex_ctx_task = %x"
1328                              " for mutex_ctx_owner = %x",
1329                              (uintptr_t)mutex_ctx_task,
1330                              (uintptr_t)this_mutex_owner);
1331            }
1332            else {
1333                if (ctx->mode == ESP32_SHA_FREED) {
1334                    ESP_LOGW(TAG, "ESP32_SHA_FREED unlocking (disabled) "
1335                                  "ctx = %x for ctx.initializer = %x",
1336                                  (uintptr_t)ctx,
1337                                  (uintptr_t)ctx->initializer);
1338                }
1339                else {
1340                    /* Not very interesting during init. */
1341                    if (ctx->mode == ESP32_SHA_INIT) {
1342                        ESP_LOGV(TAG, "mutex_ctx_owner = 0x%x",
1343                                       this_mutex_owner);
1344                        ESP_LOGV(TAG, "This ctx = 0x%x is ESP32_SHA_INIT",
1345                                      (uintptr_t)ctx);
1346                    }
1347                    else {
1348                        ESP_LOGW(TAG, "Not Freed!");
1349                    }
1350                } /* ctx ESP32_SHA_FREED check */
1351            } /* mutex owner ESP32_SHA_FREED check */
1352        } /* mutex_ctx_task is current task */
1353        else {
1354#ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
1355            ESP_LOGW(TAG, "Warning: sha mutex unlock from unexpected task.");
1356            ESP_LOGW(TAG, "Locking task: 0x%x", (word32)mutex_ctx_task);
1357            ESP_LOGW(TAG, "This xTaskGetCurrentTaskHandle: 0x%x",
1358                          (word32)xTaskGetCurrentTaskHandle());
1359#endif
1360        }
1361    }
1362#endif /* ESP_MONITOR_HW_TASK_LOCK || WOLFSSL_DEBUG_MUTEX */
1363
1364    /* check if this SHA has been operated as SW or HW, or not yet init */
1365    if (ctx->mode == ESP32_SHA_INIT) {
1366        /* try to lock the HW engine */
1367#ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
1368        ESP_LOGI(TAG, "ESP32_SHA_INIT for %x, initializer %x\n",
1369                       (uintptr_t)ctx, (uintptr_t)ctx->initializer);
1370#endif
1371        ESP_LOGV(TAG, "Init; release unfinished ESP32_SHA_INIT lock "
1372                       "for ctx 0x%x", (uintptr_t)ctx);
1373        esp_sha_release_unfinished_lock(ctx);
1374
1375        /* lock hardware; there should be exactly one instance
1376         * of esp_CryptHwMutexLock(&sha_mutex ...) in code.
1377         *
1378         * we don't wait:
1379         * either the engine is free, or we fall back to SW.
1380         *
1381         * TODO: allow for SHA interleave on chips that support it.
1382         */
1383
1384        if ((mutex_ctx_owner == NULLPTR) &&
1385            esp_CryptHwMutexLock(&sha_mutex, (TickType_t)0) == ESP_OK) {
1386            /* we've successfully locked */
1387            this_mutex_owner = (uintptr_t)ctx;
1388            esp_sha_mutex_ctx_owner_set(this_mutex_owner);
1389            ESP_LOGV(TAG, "Assigned mutex_ctx_owner to 0x%x", this_mutex_owner);
1390        #ifdef ESP_MONITOR_HW_TASK_LOCK
1391            mutex_ctx_task = xTaskGetCurrentTaskHandle();
1392        #endif
1393
1394        #ifdef WOLFSSL_DEBUG_MUTEX
1395            if (WOLFSSL_TEST_STRAY_INJECT) {
1396                ESP_LOGW(TAG, "Introducing SHA stray for testing");
1397                /* Once we've locked [n] times here,
1398                 * we'll force a fallback to SW until other thread unlocks. */
1399                taskENTER_CRITICAL(&sha_crit_sect);
1400                {
1401                    (void)stray_ctx;
1402                    if (stray_ctx == NULL) {
1403                        /* no peek task */
1404                    }
1405                    else {
1406                        stray_ctx->initializer = (intptr_t)stray_ctx;
1407                        mutex_ctx_owner = (intptr_t)stray_ctx->initializer;
1408                        this_mutex_owner = mutex_ctx_owner;
1409                    }
1410                }
1411                taskEXIT_CRITICAL(&sha_crit_sect);
1412                if (stray_ctx == NULL) {
1413                    ESP_LOGW(TAG, "WOLFSSL_DEBUG_MUTEX on, but stray_ctx "
1414                                  "is NULL; are you running the peek task to "
1415                                  "set the stay test?");
1416                }
1417                else {
1418                    ESP_LOGI(TAG, "%x", (uintptr_t)stray_ctx->initializer);
1419                    ESP_LOGI(TAG, "%x", (uintptr_t)&stray_ctx);
1420                    ESP_LOGW(TAG,
1421                             "\n\nLocking with stray\n\n"
1422                             "WOLFSSL_DEBUG_MUTEX call count 8, "
1423                             "ctx->mode = ESP32_SHA_SW %x\n\n",
1424                             this_mutex_owner);
1425            #if defined(ESP_MONITOR_HW_TASK_LOCK) && !defined(SINGLE_THREADED)
1426                    /* ctx->task_owner is only available for multi-threaded */
1427                    ctx->task_owner = xTaskGetCurrentTaskHandle();
1428            #endif
1429                    ctx->mode = ESP32_SHA_SW;
1430                    return ESP_OK; /* success, but revert to SW */
1431                }
1432            }
1433        #endif
1434
1435            /* check to see if we had a prior fail and need to unroll enables */
1436        #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
1437            ESP_LOGW(TAG, "Locking for ctx %x, current mutex_ctx_owner = %x",
1438                           (uintptr_t)&ctx, this_mutex_owner);
1439            ESP_LOGI(TAG, "ctx->lockDepth = %d", ctx->lockDepth);
1440        #endif
1441            if (ctx->mode == ESP32_SHA_INIT) {
1442                /* Set non-single-threaded hardware mode */
1443                esp_set_hw(ctx);
1444            }
1445
1446        #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
1447            ESP_LOGI(TAG, "Hardware Mode Active, lock depth = %d, for %x",
1448                          ctx->lockDepth, (uintptr_t)ctx->initializer);
1449        #endif
1450        #ifdef WOLFSSL_DEBUG_MUTEX
1451            taskENTER_CRITICAL(&sha_crit_sect);
1452            {
1453                mutex_ctx_owner = (uintptr_t)ctx->initializer;
1454                /* let's keep track of how many times we lock this */
1455                _sha_lock_count++;
1456            }
1457            taskEXIT_CRITICAL(&sha_crit_sect);
1458        #endif
1459
1460            if (ctx->lockDepth > 0) {
1461                /* it is unlikely that this would ever occur,
1462                ** as the mutex should be gate keeping */
1463                ESP_LOGW(TAG, "WARNING: Hardware Mode "
1464                              "interesting lock depth = %d, for this %x",
1465                              ctx->lockDepth, (uintptr_t)ctx->initializer);
1466            }
1467        }
1468        else {
1469            /* When the lock is already in use: is it for this ctx? */
1470            if ((uintptr_t)ctx == this_mutex_owner) {
1471                ESP_LOGV(TAG, "I'm the owner! 0x%x", (uintptr_t)ctx);
1472                ctx->mode = ESP32_SHA_SW;
1473            }
1474            else {
1475            #ifdef WOLFSSL_DEBUG_MUTEX
1476                ESP_LOGW(TAG, "\nHardware in use by %x; "
1477                               "Mode REVERT to ESP32_SHA_SW for %x\n",
1478                               this_mutex_owner,
1479                               (uintptr_t)ctx->initializer);
1480                ESP_LOGI(TAG, "Software Mode, lock depth = %d, for this %x",
1481                               ctx->lockDepth, (uintptr_t)ctx->initializer);
1482                ESP_LOGI(TAG, "Current mutext owner = %x",
1483                               this_mutex_owner);
1484            #endif
1485                ESP_LOGV(TAG, "I'm not owner! 0x%x; owner = 0x%x",
1486                              (uintptr_t)ctx, mutex_ctx_owner);
1487                if (this_mutex_owner) {
1488                #ifdef WOLFSSL_DEBUG_MUTEX
1489                    ESP_LOGW(TAG, "revert to SW since mutex_ctx_owner = %x"
1490                                    " but we are currently ctx = %x",
1491                                    this_mutex_owner, (intptr_t)ctx);
1492                #endif
1493                }
1494                else {
1495                    /* No ctx mutex owner, so hardware must be free. */
1496                }
1497                ESP_LOGV(TAG, "Set update ctx->mode = SW (from %d) for 0x%x",
1498                              ctx->mode, (uintptr_t)ctx );
1499                ctx->mode = ESP32_SHA_SW;
1500            }
1501            return ESP_OK; /* success, but revert to SW */
1502        }
1503    } /* (ctx->mode == ESP32_SHA_INIT) */
1504    else {
1505        /* this should not happen: called during mode != ESP32_SHA_INIT  */
1506        ESP_LOGE(TAG, "unexpected error in esp_sha_try_hw_lock.");
1507        return ESP_FAIL;
1508    }
1509#endif /* not defined(SINGLE_THREADED) */
1510
1511    ESP_LOGV(TAG, "ctx->mode = %d", ctx->mode);
1512    if ((ret == ESP_OK) && (ctx->mode == ESP32_SHA_HW)) {
1513        ctx->lockDepth++; /* depth for THIS ctx (there could be others!) */
1514        #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
1515        {
1516            ESP_LOGI(TAG, "1) Lock depth @ %d = %d for WC_ESP32SHA @ %0x\n",
1517                          __LINE__, ctx->lockDepth, (unsigned)ctx);
1518        }
1519        #endif
1520        #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
1521            defined(CONFIG_IDF_TARGET_ESP8684) || \
1522            defined(CONFIG_IDF_TARGET_ESP32C3) || \
1523            defined(CONFIG_IDF_TARGET_ESP32C6)
1524        {
1525            ESP_LOGV(TAG, "ets_sha_enable for RISC-V");
1526            ets_sha_enable();
1527        }
1528        #else
1529            ESP_LOGV(TAG, "ets_sha_enable for Xtensa");
1530            periph_module_enable(PERIPH_SHA_MODULE);
1531        #endif
1532    }
1533    else {
1534        /* Set to SW */
1535        #ifdef WOLFSSL_ESP32_CRYPT_DEBUG
1536            if (ret == ESP_OK) {
1537                ESP_LOGW(TAG, "Normal SHA Software fallback mode.");
1538            }
1539            else {
1540                ESP_LOGW(TAG, "Warning: Unexpected Mode REVERT to ESP32_SHA_SW"
1541                              ", err = %d", ret);
1542            }
1543        #endif
1544        ctx->mode = ESP32_SHA_SW;
1545    }
1546
1547    ESP_LOGV(TAG, "leave esp_sha_hw_lock");
1548    CTX_STACK_CHECK(ctx);
1549
1550    return ret;
1551} /* esp_sha_try_hw_lock */
1552
1553/*
1554** Release HW engine. when we don't have it locked, SHA module is DISABLED.
1555** Note this is not the semaphore tracking who has the HW.
1556*/
1557int esp_sha_hw_unlock(WC_ESP32SHA* ctx)
1558{
1559    int ret = ESP_OK; /* assume success (zero) */
1560    CTX_STACK_CHECK(ctx);
1561#ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
1562    ESP_LOGV(TAG, "enter esp_sha_hw_unlock");
1563#endif
1564
1565    /* we'll keep track of our lock depth.
1566     * in case of unexpected results, all the periph_module_disable() calls
1567     * and periph_module_disable() need to be unwound.
1568     *
1569     * see ref_counts[periph] in file: periph_ctrl.c */
1570#ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
1571    ESP_LOGI(TAG, "2) esp_sha_hw_unlock Lock depth @ %d = %d "
1572                  "for WC_ESP32SHA ctx @ %p\n",
1573                  __LINE__, ctx->lockDepth, ctx);
1574#endif
1575
1576
1577    if (ctx->lockDepth > 0) {
1578    #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
1579        defined(CONFIG_IDF_TARGET_ESP8684) || \
1580        defined(CONFIG_IDF_TARGET_ESP32C3) || \
1581        defined(CONFIG_IDF_TARGET_ESP32C6)
1582        ets_sha_disable(); /* disable also resets active, ongoing hash */
1583        ESP_LOGV(TAG, "ets_sha_disable in esp_sha_hw_unlock()");
1584    #else
1585        periph_module_disable(PERIPH_SHA_MODULE);
1586    #endif
1587        ctx->lockDepth--;
1588    }
1589    else {
1590        ESP_LOGW(TAG, "lockDepth <= 0; Disable SHA module skipped for %x",
1591                      (uintptr_t)ctx->initializer);
1592        ctx->lockDepth = 0;
1593    }
1594
1595#if defined(ESP_MONITOR_HW_TASK_LOCK) && defined(WOLFSSL_ESP32_HW_LOCK_DEBUG)
1596   ESP_LOGI(TAG, "3) esp_sha_hw_unlock Lock depth @ %d = %d "
1597                 "for WC_ESP32SHA @ %0x\n",
1598                 __LINE__, ctx->lockDepth, (uintptr_t)ctx);
1599#endif
1600
1601    if (0 != ctx->lockDepth) {
1602        /* If the lockdepth is not zero, unlock success unknown. */
1603        ESP_LOGE(TAG, "ERROR Non-zero lockDepth. Stray code lock?");
1604        ret = ESP_FAIL;
1605    }
1606    else {
1607    #if defined(SINGLE_THREADED)
1608        #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
1609        {
1610            ESP_LOGW(TAG, "HW released, not in use.");
1611        }
1612        #endif
1613        InUse = 0;
1614    #else
1615        /* Hardware was unlocked above, now update semaphores. */
1616        #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
1617        {
1618            ESP_LOGW(TAG, "Unlocking for mutex_ctx_owner %x, from ctx 0x%x",
1619                           esp_sha_mutex_ctx_owner(),  (uintptr_t)ctx);
1620            ESP_LOGV(TAG, "&sha_mutex = %x", (intptr_t)&sha_mutex);
1621        }
1622        #endif /* WOLFSSL_ESP32_HW_LOCK_DEBUG */
1623
1624        /* There should be exactly 1 instance of SHA unlock, and it's here: */
1625        esp_CryptHwMutexUnLock(&sha_mutex);
1626        /* We don't set owner to zero here. The HW is not in use,
1627         * but there may be a WIP hash calc (e.g. sha update).
1628         * NO: mutex_ctx_owner = NULLPTR; */
1629
1630        #ifdef ESP_MONITOR_HW_TASK_LOCK
1631            mutex_ctx_task = 0;
1632        #endif
1633
1634    #endif
1635
1636    #ifdef WOLFSSL_DEBUG_MUTEX
1637        taskENTER_CRITICAL(&sha_crit_sect);
1638        {
1639            mutex_ctx_owner = 0;
1640        }
1641        taskEXIT_CRITICAL(&sha_crit_sect);
1642    #endif
1643    }
1644
1645    #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
1646        ESP_LOGI(TAG, "leave esp_sha_hw_unlock, %x",
1647                      (uintptr_t)ctx->initializer);
1648    #endif
1649    CTX_STACK_CHECK(ctx);
1650
1651    return ret;
1652} /* esp_sha_hw_unlock */
1653
1654/*
1655* Start SHA process by using HW engine.
1656* Assumes register already loaded.
1657* Returns a negative value error code upon failure.
1658*/
1659#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
1660    defined(CONFIG_IDF_TARGET_ESP8684) || \
1661    defined(CONFIG_IDF_TARGET_ESP32C3) || \
1662    defined(CONFIG_IDF_TARGET_ESP32C6)
1663    /* ESP32-C3 HAL has built-in process start, nothing to declare here. */
1664#else
1665    /* Everything else uses esp_sha_start_process() */
1666static int esp_sha_start_process(WC_ESP32SHA* sha)
1667{
1668    int ret = ESP_OK;
1669#if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32S3)
1670    uint8_t HardwareAlgorithm;
1671#endif
1672
1673    if (sha == NULL) {
1674        return BAD_FUNC_ARG;
1675    }
1676    CTX_STACK_CHECK(sha);
1677
1678    ESP_LOGV(TAG, "    enter esp_sha_start_process");
1679
1680#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
1681    defined(CONFIG_IDF_TARGET_ESP8684) || \
1682    defined(CONFIG_IDF_TARGET_ESP32C3) || \
1683    defined(CONFIG_IDF_TARGET_ESP32C6)
1684    ESP_LOGV(TAG, "SHA1 SHA_START_REG");
1685    if (sha->isfirstblock) {
1686        sha_ll_start_block(SHA2_256);
1687        sha->isfirstblock = 0;
1688
1689        ESP_LOGV(TAG, "      set sha->isfirstblock = 0");
1690
1691    #if defined(DEBUG_WOLFSSL)
1692        this_block_num = 1; /* one-based counter, just for debug info */
1693    #endif
1694    } /* first block */
1695    else {
1696        sha_ll_continue_block(SHA2_256);
1697
1698    #if defined(DEBUG_WOLFSSL)
1699        this_block_num++; /* one-based counter */
1700        ESP_LOGV(TAG, "      continue block #%d", this_block_num);
1701    #endif
1702    } /* not first block */
1703    /***** END CONFIG_IDF_TARGET_ESP32C2 aka ESP8684 or
1704     *         CONFIG_IDF_TARGET_ESP32C3 or
1705     *         CONFIG_IDF_TARGET_ESP32C6 *****/
1706
1707#elif defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32S3)
1708    /* Translate from Wolf SHA type to hardware algorithm. */
1709    HardwareAlgorithm = 0;
1710    switch (sha->sha_type) {
1711        case SHA1:
1712            HardwareAlgorithm = 0;
1713            break;
1714        case SHA2_224:
1715            HardwareAlgorithm = 1;
1716            break;
1717        case SHA2_256:
1718            HardwareAlgorithm = 2;
1719            break;
1720    #if defined(WOLFSSL_SHA384)
1721        case SHA2_384:
1722            HardwareAlgorithm = 3;
1723            break;
1724    #endif
1725    #if defined(WOLFSSL_SHA512)
1726        case SHA2_512:
1727            HardwareAlgorithm = 4;
1728            break;
1729    #endif
1730        default:
1731            /* Unsupported SHA mode. */
1732            sha->mode = ESP32_SHA_FAIL_NEED_UNROLL;
1733            return ESP_FAIL;
1734    }
1735
1736    REG_WRITE(SHA_MODE_REG, HardwareAlgorithm);
1737
1738    if (sha->isfirstblock) {
1739        REG_WRITE(SHA_START_REG, 1);
1740        sha->isfirstblock = 0;
1741
1742        ESP_LOGV(TAG, "      set sha->isfirstblock = 0");
1743
1744    #if defined(DEBUG_WOLFSSL)
1745        this_block_num = 1; /* one-based counter, just for debug info */
1746    #endif
1747    } /* first block */
1748    else {
1749        REG_WRITE(SHA_CONTINUE_REG, 1);
1750
1751    #if defined(DEBUG_WOLFSSL)
1752        this_block_num++; /* one-based counter */
1753        ESP_LOGV(TAG, "      continue block #%d", this_block_num);
1754    #endif
1755    } /* not first block */
1756
1757    /* end ESP32S3 */
1758
1759#elif defined(CONFIG_IDF_TARGET_ESP32)
1760    if (sha->isfirstblock) {
1761        /* start registers for first message block
1762         * we don't make any relational memory position assumptions.
1763         */
1764        switch (sha->sha_type) {
1765            case SHA1:
1766                DPORT_REG_WRITE(SHA_1_START_REG, 1);
1767                break;
1768
1769            case SHA2_256:
1770                DPORT_REG_WRITE(SHA_256_START_REG, 1);
1771                break;
1772
1773        #if defined(WOLFSSL_SHA384)
1774            case SHA2_384:
1775                DPORT_REG_WRITE(SHA_384_START_REG, 1);
1776                break;
1777        #endif
1778
1779        #if defined(WOLFSSL_SHA512)
1780            case SHA2_512:
1781                DPORT_REG_WRITE(SHA_512_START_REG, 1);
1782                break;
1783        #endif
1784
1785            default:
1786                sha->mode = ESP32_SHA_FAIL_NEED_UNROLL;
1787                ret = ESP_FAIL;
1788                break;
1789        }
1790
1791        sha->isfirstblock = 0;
1792        ESP_LOGV(TAG, "      set sha->isfirstblock = 0");
1793
1794    #if defined(DEBUG_WOLFSSL)
1795        this_block_num = 1; /* one-based counter, just for debug info */
1796    #endif
1797
1798    }
1799    else {
1800
1801        /* continue registers for next message block.
1802         * we don't make any relational memory position assumptions
1803         * for future chip architecture changes.
1804         */
1805        switch (sha->sha_type) {
1806            case SHA1:
1807                DPORT_REG_WRITE(SHA_1_CONTINUE_REG, 1);
1808                break;
1809
1810            case SHA2_256:
1811                DPORT_REG_WRITE(SHA_256_CONTINUE_REG, 1);
1812                break;
1813
1814        #if defined(WOLFSSL_SHA384)
1815            case SHA2_384:
1816                DPORT_REG_WRITE(SHA_384_CONTINUE_REG, 1);
1817                break;
1818        #endif
1819
1820        #if defined(WOLFSSL_SHA512)
1821            case SHA2_512:
1822                DPORT_REG_WRITE(SHA_512_CONTINUE_REG, 1);
1823                break;
1824        #endif
1825
1826            default:
1827                /* error for unsupported other values */
1828                sha->mode = ESP32_SHA_FAIL_NEED_UNROLL;
1829                ret = ESP_FAIL;
1830                break;
1831        }
1832    }
1833    /* end standard ESP32 */
1834    #else
1835        ESP_LOGE(TAG, "Unsupported hardware");
1836    #endif
1837
1838        #if defined(DEBUG_WOLFSSL)
1839            this_block_num++; /* one-based counter */
1840            ESP_LOGV(TAG, "      continue block #%d", this_block_num);
1841        #endif
1842
1843    ESP_LOGV(TAG, "    leave esp_sha_start_process");
1844    CTX_STACK_CHECK(sha);
1845
1846    return ret;
1847}
1848#endif /* esp_sha_start_process !CONFIG_IDF_TARGET_ESP32C3/C6  */
1849
1850/*
1851** process message block
1852*/
1853static int wc_esp_process_block(WC_ESP32SHA* ctx, /* see ctx->sha_type */
1854                                 const word32* data,
1855                                 word32 len)
1856{
1857    int ret = ESP_OK; /* assume success */
1858    word32 word32_to_save = (len) / (sizeof(word32));
1859#if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32S3)
1860    word32* MessageSource;
1861    word32* AcceleratorMessage;
1862    #define MAX_SHA_VALUE SHA_TYPE_MAX
1863#elif CONFIG_IDF_TARGET_ESP32
1864    int i;
1865    /* Only values 0 .. 3 are valid for ESP32; SHA_INVALID = -1 */
1866    #define MAX_SHA_VALUE 4
1867#else
1868    /* Newer SoC devices have a different value: SHA_TYPE_MAX */
1869    #define MAX_SHA_VALUE SHA_TYPE_MAX
1870#endif
1871    ESP_LOGV(TAG, "  enter esp_process_block");
1872
1873    if ((ctx->sha_type < 0) || (ctx->sha_type > MAX_SHA_VALUE)) {
1874        ESP_LOGE(TAG, "Unexpected sha_type: %d", ctx->sha_type);
1875    }
1876    CTX_STACK_CHECK(ctx);
1877
1878    if (word32_to_save > 0x31) {
1879        word32_to_save = 0x31;
1880        ESP_LOGE(TAG, "  ERROR esp_process_block length exceeds 0x31 words.");
1881    }
1882
1883    /* wait until the engine is available */
1884    ret = wc_esp_wait_until_idle();
1885
1886#if defined(CONFIG_IDF_TARGET_ESP32)
1887    /* load [len] words of message data into HW */
1888    for (i = 0; i < word32_to_save; i++) {
1889        /* By using DPORT_REG_WRITE, we avoid the need
1890         * to call __builtin_bswap32 to address endianness.
1891         *
1892         * A useful watch array cast to watch at runtime:
1893         *   ((word32[32])  (*(volatile word32 *)(SHA_TEXT_BASE)))
1894         *
1895         * Write value to DPORT register (does not require protecting)
1896         */
1897        DPORT_REG_WRITE(SHA_TEXT_BASE + (i*sizeof(word32)), *(data + i));
1898        /* memw confirmed auto inserted by compiler here */
1899    }
1900    /* Notify HW to start process
1901     * see ctx->sha_type
1902     * reg data does not change until we are ready to read */
1903    ret = esp_sha_start_process(ctx);
1904    /***** END CONFIG_IDF_TARGET_ESP32 */
1905
1906#elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
1907      defined(CONFIG_IDF_TARGET_ESP8684) || \
1908      defined(CONFIG_IDF_TARGET_ESP32C3) || \
1909      defined(CONFIG_IDF_TARGET_ESP32C6)
1910   /************* RISC-V Architecture *************
1911    *
1912    *  SHA_M_1_REG is not a macro:
1913    *  DPORT_REG_WRITE(SHA_M_1_REG + (i*sizeof(word32)), *(data + i));
1914    *
1915    * but we have this HAL: sha_ll_fill_text_block
1916    *
1917    * Note that unlike the plain ESP32 that has only 1 register, we can write
1918    * the entire block.
1919    * SHA_TEXT_BASE = 0x6003b080
1920    * SHA_H_BASE    = 0x6003b040
1921    * see hash: (word32[08])  (*(volatile uint32_t *)(SHA_H_BASE))
1922    *  message: (word32[16])  (*(volatile uint32_t *)(SHA_TEXT_BASE))
1923    *  ((word32[16])  (*(volatile uint32_t *)(SHA_TEXT_BASE)))
1924    */
1925    if (&data != _active_digest_address) {
1926        ESP_LOGV(TAG, "Moving alternate ctx->for_digest");
1927        /* move last known digest into HW reg during interleave */
1928        /* sha_ll_write_digest(ctx->sha_type, ctx->for_digest,
1929                               WC_SHA256_BLOCK_SIZE); */
1930        _active_digest_address = &data;
1931    }
1932    if (ctx->isfirstblock) {
1933        ets_sha_enable(); /* will clear initial digest     */
1934#if ESP_IDF_VERSION_MAJOR >= 6
1935        /* Beginning ESP-IDF v6, the mode needs to be explicitly set. */
1936        sha_hal_wait_idle();
1937        switch (ctx->sha_type) {
1938            case SHA1:
1939                sha_hal_set_mode(SHA1);
1940                break;
1941            case SHA2_224:
1942                esp_sha_set_mode(SHA2_224);
1943                break;
1944            case SHA2_256:
1945                esp_sha_set_mode(SHA2_256);
1946                break;
1947            default:
1948                /* Unsupported SHA mode. */
1949                ESP_LOGW(TAG, "Unexpected sha_type", ctx->sha_type);
1950        }
1951#endif
1952        #if defined(DEBUG_WOLFSSL)
1953        {
1954            this_block_num = 1; /* one-based counter, just for debug info */
1955        }
1956        #endif
1957    }
1958    else {
1959        #if defined(DEBUG_WOLFSSL)
1960        {
1961            this_block_num++;
1962        }
1963        #endif
1964    }
1965    /* call Espressif HAL for this hash*/
1966    sha_hal_hash_block(ctx->sha_type,
1967                       (void *)(data),
1968                       word32_to_save,
1969                       ctx->isfirstblock);
1970    ctx->isfirstblock = 0; /* once we hash a block,
1971                            * we're no longer at the first */
1972    /***** END CONFIG_IDF_TARGET_ESP32C2 or
1973     *         CONFIG_IDF_TARGET_ESP8684 or
1974     *         CONFIG_IDF_TARGET_ESP32C3 or
1975     *         CONFIG_IDF_TARGET_ESP32C6 */
1976
1977#elif defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32S3)
1978    MessageSource = (word32*)data;
1979    AcceleratorMessage = (word32*)(SHA_TEXT_BASE);
1980    while (word32_to_save--) {
1981      /* Must swap endianness of data loaded into hardware accelerator
1982       * to produce correct result. Using DPORT_REG_WRITE doesn't avoid this
1983       * for ESP32s3.
1984       * Note: data sheet claims we also need to swap endianness across
1985       * 64 byte words when doing SHA-512, but the SHA-512 result is not
1986       * correct if you do that. */
1987      DPORT_REG_WRITE(AcceleratorMessage, __builtin_bswap32(*MessageSource));
1988      ++AcceleratorMessage;
1989      ++MessageSource;
1990    } /*  (word32_to_save--) */
1991    /* notify HW to start process
1992     * see ctx->sha_type
1993     * reg data does not change until we are ready to read */
1994    ret = esp_sha_start_process(ctx);
1995    /***** END CONFIG_IDF_TARGET_ESP32S2 or CONFIG_IDF_TARGET_ESP32S3 */
1996
1997#else
1998    ret = ESP_FAIL;
1999    ESP_LOGE(TAG, "ERROR: (CONFIG_IDF_TARGET not supported");
2000#endif
2001
2002#ifdef WOLFSSL_HW_METRICS
2003    switch (ctx->sha_type) {
2004        case SHA1:
2005            esp_sha1_hw_hash_usage_ct++;
2006        break;
2007
2008    #ifndef NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224
2009        case SHA2_224:
2010            esp_sha2_224_hw_hash_usage_ct++;
2011        break;
2012    #endif
2013
2014        case SHA2_256:
2015            esp_sha2_256_hw_hash_usage_ct++;
2016        break;
2017
2018    default:
2019        break;
2020    }
2021#endif
2022
2023    CTX_STACK_CHECK(ctx);
2024    ESP_LOGV(TAG, "  leave esp_process_block");
2025    return ret;
2026} /* wc_esp_process_block */
2027
2028/*
2029** retrieve SHA digest from memory
2030*/
2031int wc_esp_digest_state(WC_ESP32SHA* ctx, byte* hash)
2032{
2033    word32 digestSz;
2034
2035#if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32S3)
2036    uint64_t* pHash64Buffer;
2037    uint32_t* pHashDestination;
2038    size_t szHashWords;
2039    size_t szHash64Words;
2040#endif
2041
2042    ESP_LOGV(TAG, "enter esp_digest_state");
2043    CTX_STACK_CHECK(ctx);
2044
2045    if (ctx == NULL) {
2046        return BAD_FUNC_ARG;
2047    }
2048
2049    /* sanity check */
2050#if defined(CONFIG_IDF_TARGET_ESP32)
2051    if (ctx->sha_type == SHA_INVALID) {
2052#elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
2053      defined(CONFIG_IDF_TARGET_ESP8684) || \
2054      defined(CONFIG_IDF_TARGET_ESP32C3) || \
2055      defined(CONFIG_IDF_TARGET_ESP32S2) || \
2056      defined(CONFIG_IDF_TARGET_ESP32S3) || \
2057      defined(CONFIG_IDF_TARGET_ESP32C6)
2058    if (ctx->sha_type >= SHA_TYPE_MAX) {
2059#else
2060    ESP_LOGE(TAG, "unexpected target for wc_esp_digest_state");
2061    {
2062#endif /* conditional sanity check on she_type */
2063        ctx->mode = ESP32_SHA_FAIL_NEED_UNROLL;
2064        ESP_LOGE(TAG, "error. sha_type %d is invalid.", ctx->sha_type);
2065        return ESP_FAIL;
2066    }
2067
2068    digestSz = wc_esp_sha_digest_size(ctx->sha_type);
2069    if (digestSz == 0) {
2070        ctx->mode = ESP32_SHA_FAIL_NEED_UNROLL;
2071        ESP_LOGE(TAG, "unexpected error. sha_type is invalid.");
2072        return ESP_FAIL;
2073    }
2074
2075#if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32S3)
2076    if (ctx->isfirstblock == 1) {
2077        /* no hardware use yet. Nothing to do yet */
2078        return ESP_OK;
2079    }
2080
2081    /* wait until idle */
2082    wc_esp_wait_until_idle();
2083
2084    /* read hash result into buffer & flip endianness */
2085    pHashDestination = (uint32_t*)hash;
2086    szHashWords = wc_esp_sha_digest_size(ctx->sha_type) / sizeof(word32);
2087    esp_dport_access_read_buffer(pHashDestination, SHA_H_BASE, szHashWords);
2088
2089    if (ctx->sha_type == SHA2_512) {
2090        /* Although we don't have to swap endianness on 64-bit words
2091        ** at the input, we do for the output. */
2092        szHash64Words = szHashWords / 2;
2093        pHash64Buffer = (uint64_t*)pHashDestination;
2094        while (szHash64Words--) {
2095            *pHash64Buffer = __builtin_bswap64(*pHash64Buffer);
2096            ++pHash64Buffer;
2097        }
2098    } /*  (ctx->sha_type == SHA2_512) */
2099    else {
2100        while (szHashWords--) {
2101            *pHashDestination = __builtin_bswap32(*pHashDestination);
2102            ++pHashDestination;
2103        }
2104    } /* not (ctx->sha_type == SHA2_512) */
2105
2106    /* end if CONFIG_IDF_TARGET_ESP32S3 */
2107#elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
2108      defined(CONFIG_IDF_TARGET_ESP8684)
2109    wc_esp_wait_until_idle();
2110    sha_ll_read_digest(
2111        ctx->sha_type,
2112        (void *)hash,
2113        wc_esp_sha_digest_size(ctx->sha_type) / sizeof(word32)
2114    );
2115#elif defined(CONFIG_IDF_TARGET_ESP32C3) || \
2116      defined(CONFIG_IDF_TARGET_ESP32C6)
2117    wc_esp_wait_until_idle();
2118    sha_ll_read_digest(
2119        ctx->sha_type,
2120        (void *)hash,
2121        wc_esp_sha_digest_size(ctx->sha_type) / sizeof(word32)
2122    );
2123#else
2124    /* Not CONFIG_IDF_TARGET_ESP32S3  */
2125    /* wait until idle */
2126    wc_esp_wait_until_idle();
2127
2128    /* each sha_type register is at a different location  */
2129#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
2130    defined(CONFIG_IDF_TARGET_ESP8684) || \
2131    defined(CONFIG_IDF_TARGET_ESP32C3) || \
2132    defined(CONFIG_IDF_TARGET_ESP32C6)
2133
2134#elif  defined(CONFIG_IDF_TARGET_ESP32S2)
2135
2136#else
2137
2138    switch (ctx->sha_type) {
2139        case SHA1:
2140            DPORT_REG_WRITE(SHA_1_LOAD_REG, 1);
2141            break;
2142
2143        case SHA2_256:
2144            DPORT_REG_WRITE(SHA_256_LOAD_REG, 1);
2145            break;
2146
2147    #if defined(WOLFSSL_SHA384)
2148        case SHA2_384:
2149            DPORT_REG_WRITE(SHA_384_LOAD_REG, 1);
2150            break;
2151    #endif
2152
2153    #if defined(WOLFSSL_SHA512)
2154        case SHA2_512:
2155            DPORT_REG_WRITE(SHA_512_LOAD_REG, 1);
2156            break;
2157    #endif
2158
2159        default:
2160            ctx->mode = ESP32_SHA_FAIL_NEED_UNROLL;
2161            return ESP_FAIL;
2162    }
2163
2164    if (ctx->isfirstblock == 1) {
2165        /* no hardware use yet. Nothing to do yet */
2166        return ESP_OK;
2167    }
2168
2169    /* LOAD final digest */
2170
2171    wc_esp_wait_until_idle();
2172
2173    /* MEMW instructions before volatile memory references to guarantee
2174     * sequential consistency. At least one MEMW should be executed in
2175     * between every load or store to a volatile variable
2176     */
2177    asm volatile("memw");
2178
2179    /* put result in hash variable.
2180     *
2181     * ALERT - hardware specific. See esp_hw_support\port\esp32\dport_access.c
2182     *
2183     * note we read 4-byte word32's here via DPORT_SEQUENCE_REG_READ
2184     *
2185     *  example:
2186     *    DPORT_SEQUENCE_REG_READ(address + i * 4);
2187     */
2188    #ifdef WOLFSSL_ESP32_CRYPT_DEBUG
2189        ESP_LOGW(TAG, "SHA HW read...");
2190    #endif
2191    esp_dport_access_read_buffer(
2192    #if ESP_IDF_VERSION_MAJOR >= 4
2193        (uint32_t*)(hash), /* the result will be found in hash upon exit */
2194    #else
2195        (word32*)(hash), /* the result will be found in hash upon exit */
2196    #endif
2197        SHA_TEXT_BASE,   /* there's a fixed reg addr for all SHA */
2198        digestSz / sizeof(word32) /* # 4-byte */
2199    );
2200#endif
2201
2202#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
2203    if (ctx->sha_type == SHA2_384 || ctx->sha_type == SHA2_512) {
2204        word32  i;
2205        word32* pwrd1 = (word32*)(hash);
2206        /* swap 32 bit words in 64 bit values */
2207        for (i = 0; i < WC_SHA512_DIGEST_SIZE / 4; i += 2) {
2208            pwrd1[i]     ^= pwrd1[i + 1];
2209            pwrd1[i + 1] ^= pwrd1[i];
2210            pwrd1[i]     ^= pwrd1[i + 1];
2211        }
2212    }
2213#endif /* SHA512 or SHA384*/
2214#endif /* not CONFIG_IDF_TARGET_ESP32S3, C3, else... */
2215    CTX_STACK_CHECK(ctx);
2216
2217    ESP_LOGV(TAG, "leave esp_digest_state");
2218    return ESP_OK;
2219} /* wc_esp_digest_state */
2220
2221#ifndef NO_SHA
2222/*
2223** sha1 process
2224*/
2225int esp_sha_process(struct wc_Sha* sha, const byte* data)
2226{
2227    int ret = 0;
2228
2229    ESP_LOGV(TAG, "enter esp_sha_process");
2230
2231    wc_esp_process_block(&sha->ctx, (const word32*)data, WC_SHA_BLOCK_SIZE);
2232
2233    ESP_LOGV(TAG, "leave esp_sha_process");
2234
2235    return ret;
2236} /* esp_sha_process */
2237
2238/*
2239** retrieve sha1 digest
2240*/
2241int esp_sha_digest_process(struct wc_Sha* sha, byte blockprocess)
2242{
2243    int ret = 0;
2244
2245    ESP_LOGV(TAG, "enter esp_sha_digest_process");
2246
2247    if (blockprocess) {
2248        wc_esp_process_block(&sha->ctx, sha->buffer, WC_SHA_BLOCK_SIZE);
2249    }
2250
2251    ret = wc_esp_digest_state(&sha->ctx, (byte*)sha->digest);
2252
2253    if (blockprocess) {
2254        ESP_LOGV(TAG, "esp_sha_digest_process NEW UNLOCK");
2255        esp_sha_hw_unlock(&sha->ctx); /* also unlocks mutex */
2256        ESP_LOGV(TAG, "sha blockprocess mutex_ctx_owner = NULLPTR");
2257        mutex_ctx_owner = NULLPTR;
2258    }
2259
2260    ESP_LOGV(TAG, "leave esp_sha_digest_process");
2261
2262    return ret;
2263} /* esp_sha_digest_process */
2264#endif /* NO_SHA */
2265
2266#if !defined(NO_SHA256) && !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256)
2267/*
2268** sha256 process
2269**
2270** repeatedly call this for [N] blocks of [WC_SHA256_BLOCK_SIZE] bytes of data
2271*/
2272int esp_sha256_process(struct wc_Sha256* sha, const byte* data)
2273{
2274    int ret = 0;
2275
2276    switch ((&sha->ctx)->sha_type) {
2277    case SHA2_256:
2278#if defined(DEBUG_WOLFSSL_VERBOSE)
2279        ESP_LOGV(TAG, "    confirmed SHA256 type call match");
2280#endif
2281        wc_esp_process_block(&sha->ctx,
2282                             (const word32*)data,
2283                             WC_SHA256_BLOCK_SIZE);
2284        break;
2285
2286#if defined(WOLFSSL_SHA224) && !defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224)
2287    case SHA2_224:
2288    #if defined(DEBUG_WOLFSSL_VERBOSE)
2289        ESP_LOGV(TAG, "    confirmed SHA224 type call match");
2290    #endif
2291        wc_esp_process_block(&sha->ctx,
2292                             (const word32*)data,
2293                             WC_SHA224_BLOCK_SIZE);
2294        break;
2295#endif
2296
2297    default:
2298        ret = ESP_FAIL;
2299        ESP_LOGE(TAG, "    ERROR SHA type call mismatch");
2300        break;
2301    }
2302
2303
2304    ESP_LOGV(TAG, "  leave esp_sha256_process");
2305
2306    return ret;
2307} /* esp_sha256_process */
2308
2309/*
2310** retrieve sha256 digest
2311**
2312** note that wc_Sha256Final() in sha256.c expects to need to reverse byte
2313** order, even though we could have returned them in the right order.
2314*/
2315int esp_sha256_digest_process(struct wc_Sha256* sha, byte blockprocess)
2316{
2317    int ret = ESP_OK;
2318
2319    ESP_LOGV(TAG, "enter esp_sha256_digest_process");
2320
2321#ifndef NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256
2322    if (blockprocess) {
2323        wc_esp_process_block(&sha->ctx, sha->buffer, WC_SHA256_BLOCK_SIZE);
2324    }
2325
2326    wc_esp_digest_state(&sha->ctx, (byte*)sha->digest);
2327
2328    if (blockprocess) {
2329        ESP_LOGV(TAG, "esp_sha256_digest_process blockprocess UNLOCK");
2330        esp_sha_hw_unlock(&sha->ctx); /* also unlocks mutex */
2331        ESP_LOGV(TAG, "blockprocess mutex_ctx_owner = NULLPTR");
2332        mutex_ctx_owner = NULLPTR;
2333    }
2334#else
2335    ESP_LOGE(TAG, "Call esp_sha256_digest_process with "
2336                  "NO_WOLFSSL_ESP32_CRYPT_HASH_SHA256 ");
2337#endif
2338    ESP_LOGV(TAG, "leave esp_sha256_digest_process");
2339    return ret;
2340} /* esp_sha256_digest_process */
2341
2342
2343#endif /* NO_SHA256 */
2344
2345#if !(defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384) && \
2346      defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512)    \
2347     ) && \
2348    (defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384))
2349/*
2350** sha512 process. this is used for sha384 too.
2351*/
2352int esp_sha512_block(struct wc_Sha512* sha, const word32* data, byte isfinal)
2353{
2354    int ret = 0; /* assume success */
2355    ESP_LOGV(TAG, "enter esp_sha512_block");
2356    /* start register offset */
2357
2358#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
2359    defined(CONFIG_IDF_TARGET_ESP8684) || \
2360    defined(CONFIG_IDF_TARGET_ESP32C3) || \
2361    defined(CONFIG_IDF_TARGET_ESP32C6)
2362    /* No SHA-512 HW on RISC-V SoC, so nothing to do. */
2363#else
2364    /* note that in SW mode, wolfSSL uses 64 bit words */
2365    if (sha->ctx.mode == ESP32_SHA_SW) {
2366        ByteReverseWords64(sha->buffer,
2367                           sha->buffer,
2368                           WC_SHA512_BLOCK_SIZE);
2369        if (isfinal) {
2370            sha->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 2] =
2371                                        sha->hiLen;
2372            sha->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 1] =
2373                                        sha->loLen;
2374        }
2375    }
2376    else {
2377        /* when we are in HW mode, Espressif uses 32 bit words */
2378        ByteReverseWords((word32*)sha->buffer,
2379                         (word32*)sha->buffer,
2380                         WC_SHA512_BLOCK_SIZE);
2381
2382        if (isfinal) {
2383            sha->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 2] =
2384                                        rotlFixed64(sha->hiLen, 32U);
2385            sha->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 1] =
2386                                        rotlFixed64(sha->loLen, 32U);
2387        }
2388
2389        ret = wc_esp_process_block(&sha->ctx, data, WC_SHA512_BLOCK_SIZE);
2390    }
2391    ESP_LOGV(TAG, "leave esp_sha512_block");
2392#endif
2393    return ret;
2394} /* esp_sha512_block */
2395
2396/*
2397** sha512 process. this is used for sha384 too.
2398*/
2399int esp_sha512_process(struct wc_Sha512* sha)
2400{
2401    int ret = ESP_OK; /* assume success */
2402    word32 *data = (word32*)sha->buffer;
2403
2404    ESP_LOGV(TAG, "enter esp_sha512_process");
2405
2406    esp_sha512_block(sha, data, 0);
2407
2408    ESP_LOGV(TAG, "leave esp_sha512_process");
2409    return ret;
2410}
2411
2412/*
2413** retrieve sha512 digest. this is used for sha384, sha512-224, sha512-256 too.
2414*/
2415int esp_sha512_digest_process(struct wc_Sha512* sha, byte blockproc)
2416{
2417    int ret = 0;
2418    ESP_LOGV(TAG, "enter esp_sha512_digest_process");
2419#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
2420    defined(CONFIG_IDF_TARGET_ESP8684) || \
2421    defined(CONFIG_IDF_TARGET_ESP32C3) || \
2422    defined(CONFIG_IDF_TARGET_ESP32C6)
2423    {
2424        ESP_LOGW(TAG, "Warning: no SHA512 HW to digest on %s",
2425                      CONFIG_IDF_TARGET);
2426    }
2427#else
2428    if (blockproc) {
2429        word32* data = (word32*)sha->buffer;
2430
2431        ret = esp_sha512_block(sha, data, 1);
2432    }
2433
2434    if (sha->ctx.mode == ESP32_SHA_HW) {
2435        ret = wc_esp_digest_state(&sha->ctx, (byte*)sha->digest);
2436    }
2437    else {
2438        ESP_LOGW(TAG, "Call esp_sha512_digest_process in non-HW mode?");
2439    }
2440
2441    if (blockproc) {
2442        ESP_LOGV(TAG, "esp_sha512_digest_process NEW UNLOCK");
2443        esp_sha_hw_unlock(&sha->ctx); /* also unlocks mutex */
2444        ESP_LOGV(TAG, "mutex_ctx_owner = NULLPTR");
2445        mutex_ctx_owner = NULLPTR;
2446    }
2447    ESP_LOGV(TAG, "leave esp_sha512_digest_process");
2448#endif
2449    return ret;
2450} /* esp_sha512_digest_process */
2451#endif /* WOLFSSL_SHA512 || WOLFSSL_SHA384 */
2452#endif /* WOLFSSL_ESP32_CRYPT */
2453#endif /* !defined(NO_SHA) ||... */
2454
2455#if defined(WOLFSSL_ESP32_CRYPT) && defined(WOLFSSL_HW_METRICS)
2456int esp_sw_sha256_count_add(void) {
2457    int ret = 0;
2458#if !defined(NO_WOLFSSL_ESP32_CRYPT_HASH)
2459    esp_sha256_sw_fallback_usage_ct++;
2460    ret = esp_sha256_sw_fallback_usage_ct;
2461#endif
2462    return ret;
2463}
2464
2465int esp_hw_show_sha_metrics(void)
2466{
2467    int ret = 0;
2468#if defined(WOLFSSL_ESP32_CRYPT) && !defined(NO_WOLFSSL_ESP32_CRYPT_HASH)
2469    ESP_LOGI(TAG, "--------------------------------------------------------");
2470    ESP_LOGI(TAG, "-------------  wolfSSL ESP HW SHA Metrics  -------------");
2471    ESP_LOGI(TAG, "--------------------------------------------------------");
2472
2473    ESP_LOGI(TAG, "esp_sha_hw_copy_ct            = %lu",
2474                   esp_sha_hw_copy_ct);
2475    ESP_LOGI(TAG, "esp_sha1_hw_usage_ct          = %lu",
2476                   esp_sha1_hw_usage_ct);
2477    ESP_LOGI(TAG, "esp_sha1_sw_fallback_usage_ct = %lu",
2478                   esp_sha1_sw_fallback_usage_ct);
2479    ESP_LOGI(TAG, "esp_sha_reverse_words_ct      = %lu",
2480                   esp_sha_reverse_words_ct);
2481    ESP_LOGI(TAG, "esp_sha1_hw_hash_usage_ct     = %lu",
2482                   esp_sha1_hw_hash_usage_ct);
2483    ESP_LOGI(TAG, "esp_sha2_224_hw_hash_usage_ct = %lu",
2484                   esp_sha2_224_hw_hash_usage_ct);
2485    ESP_LOGI(TAG, "esp_sha2_256_hw_hash_usage_ct = %lu",
2486                   esp_sha2_256_hw_hash_usage_ct);
2487    ESP_LOGI(TAG, "esp_byte_reversal_checks_ct   = %lu",
2488                   esp_byte_reversal_checks_ct);
2489    ESP_LOGI(TAG, "esp_byte_reversal_needed_ct   = %lu",
2490                   esp_byte_reversal_needed_ct);
2491
2492#else
2493    /* no HW math, no HW math metrics */
2494    ret = 0;
2495#endif /* HW_MATH_ENABLED */
2496
2497    return ret;
2498}
2499
2500#endif /* WOLFSSL_ESP32_CRYPT and WOLFSSL_HW_METRICS */
2501
2502#if defined(WOLFSSL_STACK_CHECK)
2503int esp_sha_stack_check(WC_ESP32SHA* sha) {
2504    int ret = ESP_OK;
2505
2506    if (sha == NULL) {
2507        ESP_LOGW(TAG, "esp_sha_stack_check; sha is NULL");
2508    }
2509    else {
2510        if (sha->first_word != 0 || sha->last_word != 0) {
2511            ESP_LOGE(TAG, "esp_sha_stack_check warning");
2512            ret = ESP_FAIL;
2513        }
2514    }
2515    return ret;
2516}
2517#endif /* WOLFSSL_STACK_CHECK */
2518
2519#endif /* WOLFSSL_ESPIDF (exclude entire contents for non-Espressif projects. */