diff --git a/components/esp_system/port/cpu_start.c b/components/esp_system/port/cpu_start.c index 81de518cc9..d6a9dbdf71 100644 --- a/components/esp_system/port/cpu_start.c +++ b/components/esp_system/port/cpu_start.c @@ -301,18 +301,6 @@ static void start_other_core(void) REG_CLR_BIT(HP_SYS_CLKRST_HP_RST_EN0_REG, HP_SYS_CLKRST_REG_RST_EN_CORE1_GLOBAL); } #endif - -#if CONFIG_ESP_CRYPTO_FORCE_ECC_CONSTANT_TIME_POINT_MUL - if (!esp_efuse_read_field_bit(ESP_EFUSE_ECC_FORCE_CONST_TIME)) { - ESP_EARLY_LOGD(TAG, "Forcefully enabling ECC constant time operations"); - esp_err_t err = esp_efuse_write_field_bit(ESP_EFUSE_ECC_FORCE_CONST_TIME); - if (err != ESP_OK) { - ESP_EARLY_LOGE(TAG, "Enabling ECC constant time operations forcefully failed."); - return err; - } - } -#endif - ets_set_appcpu_boot_addr((uint32_t)call_start_cpu1); bool cpus_up = false; diff --git a/components/esp_system/startup.c b/components/esp_system/startup.c index fef9b86cef..575d5315b1 100644 --- a/components/esp_system/startup.c +++ b/components/esp_system/startup.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2015-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -38,6 +38,12 @@ /***********************************************/ // Headers for other components init functions + +#if CONFIG_ESP_CRYPTO_FORCE_ECC_CONSTANT_TIME_POINT_MUL +#include "soc/chip_revision.h" +#include "hal/efuse_hal.h" +#endif + #if CONFIG_SW_COEXIST_ENABLE || CONFIG_EXTERNAL_COEX_ENABLE #include "private/esp_coexist_internal.h" #endif @@ -374,6 +380,20 @@ static void do_core_init(void) } #endif +#if CONFIG_ESP_CRYPTO_FORCE_ECC_CONSTANT_TIME_POINT_MUL + bool force_constant_time = true; +#if CONFIG_IDF_TARGET_ESP32H2 + if (!ESP_CHIP_REV_ABOVE(efuse_hal_chip_revision(), 102)) { + force_constant_time = false; + } +#endif + if (!esp_efuse_read_field_bit(ESP_EFUSE_ECC_FORCE_CONST_TIME) && force_constant_time) { + ESP_EARLY_LOGD(TAG, "Forcefully enabling ECC constant time operations"); + esp_err_t err = esp_efuse_write_field_bit(ESP_EFUSE_ECC_FORCE_CONST_TIME); + assert(err == ESP_OK && "Failed to enable ECC constant time operations"); + } +#endif + #if CONFIG_SECURE_DISABLE_ROM_DL_MODE err = esp_efuse_disable_rom_download_mode(); assert(err == ESP_OK && "Failed to disable ROM download mode"); diff --git a/components/hal/Kconfig b/components/hal/Kconfig index aac591bd36..dcd91df039 100644 --- a/components/hal/Kconfig +++ b/components/hal/Kconfig @@ -105,7 +105,7 @@ menu "Hardware Abstraction Layer (HAL) and Low Level (LL)" config HAL_ECDSA_GEN_SIG_CM bool "Enable countermeasure for ECDSA signature generation" - depends on IDF_TARGET_ESP32H2 && ESP32H2_REV_MIN_FULL < 102 + depends on IDF_TARGET_ESP32H2 default n help Enable this option to apply the countermeasure for ECDSA signature operation diff --git a/components/hal/ecdsa_hal.c b/components/hal/ecdsa_hal.c index d72c5dfd27..535e84f318 100644 --- a/components/hal/ecdsa_hal.c +++ b/components/hal/ecdsa_hal.c @@ -16,6 +16,7 @@ #if CONFIG_HAL_ECDSA_GEN_SIG_CM #include "esp_fault.h" #include "esp_random.h" +#include "soc/chip_revision.h" #endif #define ECDSA_HAL_P192_COMPONENT_LEN 24 @@ -121,7 +122,11 @@ void ecdsa_hal_gen_signature(ecdsa_hal_config_t *conf, const uint8_t *hash, configure_ecdsa_periph(conf); #if CONFIG_HAL_ECDSA_GEN_SIG_CM - ecdsa_hal_gen_signature_with_countermeasure(hash, r_out, s_out, len); + if (!ESP_CHIP_REV_ABOVE(efuse_hal_chip_revision(), 102)) { + ecdsa_hal_gen_signature_with_countermeasure(hash, r_out, s_out, len); + } else { + ecdsa_hal_gen_signature_inner(hash, r_out, s_out, len); + } #else /* CONFIG_HAL_ECDSA_GEN_SIG_CM */ ecdsa_hal_gen_signature_inner(hash, r_out, s_out, len); #endif /* !CONFIG_HAL_ECDSA_GEN_SIG_CM */ diff --git a/components/hal/test_apps/crypto/main/CMakeLists.txt b/components/hal/test_apps/crypto/main/CMakeLists.txt index add281587e..ca953121d6 100644 --- a/components/hal/test_apps/crypto/main/CMakeLists.txt +++ b/components/hal/test_apps/crypto/main/CMakeLists.txt @@ -33,5 +33,5 @@ if(CONFIG_SOC_SHA_SUPPORTED) endif() idf_component_register(SRCS ${srcs} - REQUIRES test_utils unity + REQUIRES test_utils unity ccomp_timer WHOLE_ARCHIVE) diff --git a/components/hal/test_apps/crypto/main/ecc/test_ecc.c b/components/hal/test_apps/crypto/main/ecc/test_ecc.c index 506fd5458a..3fe65dcb8f 100644 --- a/components/hal/test_apps/crypto/main/ecc/test_ecc.c +++ b/components/hal/test_apps/crypto/main/ecc/test_ecc.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: CC0-1.0 */ @@ -14,7 +14,8 @@ #include "soc/soc_caps.h" #include "hal/ecc_hal.h" #include "hal/ecc_ll.h" - +#include "ccomp_timer.h" +#include "sys/param.h" #include "memory_checks.h" #include "unity_fixture.h" @@ -197,7 +198,8 @@ static void test_ecc_point_mul_inner_constant_time(void) mean_elapsed_time = total_elapsed_time / loop_count; deviation = ((double)(max_time - mean_elapsed_time) / mean_elapsed_time); - TEST_ASSERT_LESS_THAN_DOUBLE(CONST_TIME_DEVIATION_PERCENT, deviation); + int is_constant_time = (deviation < CONST_TIME_DEVIATION_PERCENT); + TEST_ASSERT_EQUAL(is_constant_time, 1); /* P192 */ ecc_be_to_le(ecc_p192_scalar, scalar_le, 24); @@ -220,7 +222,8 @@ static void test_ecc_point_mul_inner_constant_time(void) mean_elapsed_time = total_elapsed_time / loop_count; deviation = ((double)(max_time - mean_elapsed_time) / mean_elapsed_time); - TEST_ASSERT_LESS_THAN_DOUBLE(CONST_TIME_DEVIATION_PERCENT, deviation); + is_constant_time = (deviation < CONST_TIME_DEVIATION_PERCENT); + TEST_ASSERT_EQUAL(is_constant_time, 1); } TEST(ecc, ecc_point_multiplication_const_time_check_on_SECP192R1_and_SECP256R1) diff --git a/components/hal/test_apps/crypto/main/idf_component.yml b/components/hal/test_apps/crypto/main/idf_component.yml new file mode 100644 index 0000000000..fd748c629c --- /dev/null +++ b/components/hal/test_apps/crypto/main/idf_component.yml @@ -0,0 +1,17 @@ +## IDF Component Manager Manifest File +dependencies: + ## Required IDF version + idf: + version: '>=4.1.0' + # # Put list of dependencies here + # # For components maintained by Espressif: + # component: "~1.0.0" + # # For 3rd party components: + # username/component: ">=1.0.0,<2.0.0" + # username2/component2: + # version: "~1.0.0" + # # For transient dependencies `public` flag can be set. + # # `public` flag doesn't have an effect dependencies of the `main` component. + # # All dependencies of `main` are public by default. + # public: true + espressif/ccomp_timer: '*' diff --git a/components/mbedtls/port/ecdsa/ecdsa_alt.c b/components/mbedtls/port/ecdsa/ecdsa_alt.c index 74c4a8692b..30af86d605 100644 --- a/components/mbedtls/port/ecdsa/ecdsa_alt.c +++ b/components/mbedtls/port/ecdsa/ecdsa_alt.c @@ -25,6 +25,8 @@ #if CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN_CONSTANT_TIME_CM #include "esp_timer.h" +#include "soc/chip_revision.h" +#include "hal/efuse_hal.h" #if CONFIG_ESP_CRYPTO_DPA_PROTECTION_LEVEL_HIGH /* @@ -316,9 +318,11 @@ static int esp_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi* r, mbedtls_mpi* s #endif ecdsa_hal_gen_signature(&conf, sha_le, r_le, s_le, len); #if CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN_CONSTANT_TIME_CM - sig_time = esp_timer_get_time() - sig_time; - if (sig_time < ECDSA_CM_FIXED_SIG_TIME) { - esp_rom_delay_us(ECDSA_CM_FIXED_SIG_TIME - sig_time); + if (!ESP_CHIP_REV_ABOVE(efuse_hal_chip_revision(), 102)) { + sig_time = esp_timer_get_time() - sig_time; + if (sig_time < ECDSA_CM_FIXED_SIG_TIME) { + esp_rom_delay_us(ECDSA_CM_FIXED_SIG_TIME - sig_time); + } } #endif process_again = !ecdsa_hal_get_operation_result()