espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-08-05 05:34:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: enable support for deterministic mode for esp32h2

Browse Source
This commit is contained in:
nilesh.kale
2025-05-13 17:36:57 +05:30
parent 19fcf0e073
commit 2a6e018ee8
7 changed files with 118 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
components/hal/ecdsa_hal.c
View File

@@ -55,11 +55,14 @@ static void configure_ecdsa_periph(ecdsa_hal_config_t *conf)
} }
#if SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE #if SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE
if (ecdsa_ll_is_deterministic_mode_supported()) {
ecdsa_ll_set_k_type(conf->sign_type); ecdsa_ll_set_k_type(conf->sign_type);
#if !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP
if (conf->sign_type == ECDSA_K_TYPE_DETERMINISITIC) { if (conf->sign_type == ECDSA_K_TYPE_DETERMINISITIC) {
ecdsa_ll_set_deterministic_loop(conf->loop_number); ecdsa_ll_set_deterministic_loop(conf->loop_number);
} }
#endif /* !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP */
}
#endif #endif
} }
@@ -232,11 +235,11 @@ void ecdsa_hal_export_pubkey(ecdsa_hal_config_t *conf, uint8_t *pub_x, uint8_t *
} }
#endif /* SOC_ECDSA_SUPPORT_EXPORT_PUBKEY */ #endif /* SOC_ECDSA_SUPPORT_EXPORT_PUBKEY */
#ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE #if SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE && !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP
bool ecdsa_hal_det_signature_k_check(void) bool ecdsa_hal_det_signature_k_check(void)
{ {
return (ecdsa_ll_check_k_value() == 0); return (ecdsa_ll_check_k_value() == 0);
} }
#endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */ #endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE && !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP */

30
components/hal/esp32h2/include/hal/ecdsa_ll.h
View File

@@ -211,6 +211,26 @@ static inline void ecdsa_ll_set_z_mode(ecdsa_ll_sha_mode_t mode)
} }
} }
/**
* @brief Set the signature generation type of ECDSA operation
*
* @param type Type of the ECDSA signature
*/
static inline void ecdsa_ll_set_k_type(ecdsa_sign_type_t type)
{
switch (type) {
case ECDSA_K_TYPE_TRNG:
REG_CLR_BIT(ECDSA_CONF_REG, ECDSA_DETERMINISTIC_K);
break;
case ECDSA_K_TYPE_DETERMINISITIC:
REG_SET_BIT(ECDSA_CONF_REG, ECDSA_DETERMINISTIC_K);
break;
default:
HAL_ASSERT(false && "Unsupported K type");
break;
}
}
/** /**
* @brief Set the stage of ECDSA operation * @brief Set the stage of ECDSA operation
* *
@@ -388,6 +408,16 @@ static inline bool ecdsa_ll_is_configurable_curve_supported(void)
return ESP_CHIP_REV_ABOVE(efuse_hal_chip_revision(), 102); return ESP_CHIP_REV_ABOVE(efuse_hal_chip_revision(), 102);
} }
/**
* @brief Check if the ECDSA deterministic mode is supported
* The ECDSA deterministic mode is only available in chip version
* above 1.2 in ESP32-H2
*/
static inline bool ecdsa_ll_is_deterministic_mode_supported(void)
{
return ESP_CHIP_REV_ABOVE(efuse_hal_chip_revision(), 102);
}
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif

24
components/hal/test_apps/crypto/main/ecdsa/test_ecdsa.c
View File

@@ -149,9 +149,9 @@ static void test_ecdsa_sign(bool is_p256, uint8_t* sha, uint8_t* r_le, uint8_t*
uint8_t zeroes[32] = {0}; uint8_t zeroes[32] = {0};
uint16_t len; uint16_t len;
#ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE #if !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP
uint16_t det_loop_number = 1; uint16_t det_loop_number = 1;
#endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */ #endif /* !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP */
ecdsa_hal_config_t conf = { ecdsa_hal_config_t conf = {
.mode = ECDSA_MODE_SIGN_GEN, .mode = ECDSA_MODE_SIGN_GEN,
@@ -182,11 +182,11 @@ static void test_ecdsa_sign(bool is_p256, uint8_t* sha, uint8_t* r_le, uint8_t*
bool process_again = false; bool process_again = false;
do { do {
#ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE #if !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP
if (k_type == ECDSA_K_TYPE_DETERMINISITIC) { if (ecdsa_ll_is_deterministic_mode_supported() && k_type == ECDSA_K_TYPE_DETERMINISITIC) {
conf.loop_number = det_loop_number++; conf.loop_number = det_loop_number++;
} }
#endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */ #endif /* !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP */
ecdsa_hal_gen_signature(&conf, sha_le, r_le, s_le, len); ecdsa_hal_gen_signature(&conf, sha_le, r_le, s_le, len);
@@ -194,8 +194,8 @@ static void test_ecdsa_sign(bool is_p256, uint8_t* sha, uint8_t* r_le, uint8_t*
|| !memcmp(r_le, zeroes, len) || !memcmp(r_le, zeroes, len)
|| !memcmp(s_le, zeroes, len); || !memcmp(s_le, zeroes, len);
#ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE #if SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE && !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP
if (k_type == ECDSA_K_TYPE_DETERMINISITIC) { if (ecdsa_ll_is_deterministic_mode_supported() && k_type == ECDSA_K_TYPE_DETERMINISITIC) {
process_again |= !ecdsa_hal_det_signature_k_check(); process_again |= !ecdsa_hal_det_signature_k_check();
} }
#endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */ #endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */
@@ -326,13 +326,23 @@ TEST(ecdsa, ecdsa_SECP256R1_corrupt_signature)
#ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE #ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE
TEST(ecdsa, ecdsa_SECP192R1_det_sign_and_verify) TEST(ecdsa, ecdsa_SECP192R1_det_sign_and_verify)
{ {
if (!ecdsa_ll_is_deterministic_mode_supported()) {
ESP_LOGI(TAG, "Skipping test because ECDSA deterministic mode is not supported.");
} else if (!esp_efuse_is_ecdsa_p192_curve_supported()) {
ESP_LOGI(TAG, "Skipping test because ECDSA 192-curve operations are disabled.");
} else {
test_ecdsa_sign_and_verify(0, sha, ecdsa192_pub_x, ecdsa192_pub_y, false, ECDSA_K_TYPE_DETERMINISITIC); test_ecdsa_sign_and_verify(0, sha, ecdsa192_pub_x, ecdsa192_pub_y, false, ECDSA_K_TYPE_DETERMINISITIC);
} }
}
TEST(ecdsa, ecdsa_SECP256R1_det_sign_and_verify) TEST(ecdsa, ecdsa_SECP256R1_det_sign_and_verify)
{ {
if (!ecdsa_ll_is_deterministic_mode_supported()) {
ESP_LOGI(TAG, "Skipping test because ECDSA deterministic mode is not supported.");
} else {
test_ecdsa_sign_and_verify(1, sha, ecdsa256_pub_x, ecdsa256_pub_y, false, ECDSA_K_TYPE_DETERMINISITIC); test_ecdsa_sign_and_verify(1, sha, ecdsa256_pub_x, ecdsa256_pub_y, false, ECDSA_K_TYPE_DETERMINISITIC);
} }
}
#endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */ #endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */
#ifdef SOC_ECDSA_SUPPORT_EXPORT_PUBKEY #ifdef SOC_ECDSA_SUPPORT_EXPORT_PUBKEY

47
components/mbedtls/port/ecdsa/ecdsa_alt.c
View File

@@ -1,5 +1,5 @@
/* /*
* SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
* *
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
*/ */
@@ -335,9 +335,9 @@ static int esp_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi* r, mbedtls_mpi* s
bool process_again = false; bool process_again = false;
#ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE #if !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP
uint16_t deterministic_loop_number = 1; uint16_t deterministic_loop_number __attribute__((unused)) = 1;
#endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */ #endif /* !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP */
do { do {
ecdsa_hal_config_t conf = { ecdsa_hal_config_t conf = {
@@ -345,10 +345,12 @@ static int esp_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi* r, mbedtls_mpi* s
.curve = curve, .curve = curve,
.sha_mode = ECDSA_Z_USER_PROVIDED, .sha_mode = ECDSA_Z_USER_PROVIDED,
.sign_type = k_type, .sign_type = k_type,
#ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE
.loop_number = deterministic_loop_number++,
#endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */
}; };
#if !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP
if (ecdsa_ll_is_deterministic_mode_supported()) {
conf.loop_number = deterministic_loop_number++;
}
#endif /* !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP */
if (use_km_key) { if (use_km_key) {
conf.use_km_key = 1; conf.use_km_key = 1;
@@ -373,8 +375,8 @@ static int esp_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi* r, mbedtls_mpi* s
|| !memcmp(r_le, zeroes, len) || !memcmp(r_le, zeroes, len)
|| !memcmp(s_le, zeroes, len); || !memcmp(s_le, zeroes, len);
#ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE #if SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE && !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP
if (k_type == ECDSA_K_TYPE_DETERMINISITIC) { if (ecdsa_ll_is_deterministic_mode_supported() && k_type == ECDSA_K_TYPE_DETERMINISITIC) {
process_again |= !ecdsa_hal_det_signature_k_check(); process_again |= !ecdsa_hal_det_signature_k_check();
} }
#endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */ #endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */
@@ -470,13 +472,19 @@ int __wrap_mbedtls_ecdsa_sign_det_ext(mbedtls_ecp_group *grp, mbedtls_mpi *r,
/* /*
* Check `d` whether it contains the hardware key * Check `d` whether it contains the hardware key
*/ */
#if CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN
if (d->MBEDTLS_PRIVATE(s) == ECDSA_KEY_MAGIC) { if (d->MBEDTLS_PRIVATE(s) == ECDSA_KEY_MAGIC) {
if (ecdsa_ll_is_deterministic_mode_supported()) {
// Use hardware ECDSA peripheral // Use hardware ECDSA peripheral
return esp_ecdsa_sign(grp, r, s, d, buf, blen, ECDSA_K_TYPE_DETERMINISITIC); return esp_ecdsa_sign(grp, r, s, d, buf, blen, ECDSA_K_TYPE_DETERMINISITIC);
} else { } else {
return __real_mbedtls_ecdsa_sign_det_ext(grp, r, s, d, buf, blen, md_alg, f_rng_blind, p_rng_blind); return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
} }
} }
#endif
// Fallback to software implementation
return __real_mbedtls_ecdsa_sign_det_ext(grp, r, s, d, buf, blen, md_alg, f_rng_blind, p_rng_blind);
}
extern int __real_mbedtls_ecdsa_sign_det_restartable(mbedtls_ecp_group *grp, extern int __real_mbedtls_ecdsa_sign_det_restartable(mbedtls_ecp_group *grp,
mbedtls_mpi *r, mbedtls_mpi *s, mbedtls_mpi *r, mbedtls_mpi *s,
@@ -505,13 +513,19 @@ int __wrap_mbedtls_ecdsa_sign_det_restartable(mbedtls_ecp_group *grp,
/* /*
* Check `d` whether it contains the hardware key * Check `d` whether it contains the hardware key
*/ */
#if CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN
if (d->MBEDTLS_PRIVATE(s) == ECDSA_KEY_MAGIC) { if (d->MBEDTLS_PRIVATE(s) == ECDSA_KEY_MAGIC) {
if (ecdsa_ll_is_deterministic_mode_supported()) {
// Use hardware ECDSA peripheral // Use hardware ECDSA peripheral
return esp_ecdsa_sign(grp, r, s, d, buf, blen, ECDSA_K_TYPE_DETERMINISITIC); return esp_ecdsa_sign(grp, r, s, d, buf, blen, ECDSA_K_TYPE_DETERMINISITIC);
} else { } else {
return __real_mbedtls_ecdsa_sign_det_restartable(grp, r, s, d, buf, blen, md_alg, f_rng_blind, p_rng_blind, NULL); return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
} }
} }
#endif
// Fallback to software implementation
return __real_mbedtls_ecdsa_sign_det_ext(grp, r, s, d, buf, blen, md_alg, f_rng_blind, p_rng_blind);
}
#endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */ #endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */
@@ -580,15 +594,22 @@ int __wrap_mbedtls_ecdsa_write_signature_restartable(mbedtls_ecdsa_context *ctx,
mbedtls_mpi_init(&r); mbedtls_mpi_init(&r);
mbedtls_mpi_init(&s); mbedtls_mpi_init(&s);
ecdsa_sign_type_t k_type = ECDSA_K_TYPE_TRNG;
#if defined(SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE) && defined(CONFIG_MBEDTLS_ECDSA_DETERMINISTIC)
if (ecdsa_ll_is_deterministic_mode_supported()) {
k_type = ECDSA_K_TYPE_DETERMINISITIC;
}
#endif
/* /*
* Check `d` whether it contains the hardware key * Check `d` whether it contains the hardware key
*/ */
if (ctx->MBEDTLS_PRIVATE(d).MBEDTLS_PRIVATE(s) == ECDSA_KEY_MAGIC) { if (ctx->MBEDTLS_PRIVATE(d).MBEDTLS_PRIVATE(s) == ECDSA_KEY_MAGIC) {
// Use hardware ECDSA peripheral // Use hardware ECDSA peripheral
#if defined(SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE) && defined(CONFIG_MBEDTLS_ECDSA_DETERMINISTIC) #if defined(SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE) && defined(CONFIG_MBEDTLS_ECDSA_DETERMINISTIC)
MBEDTLS_MPI_CHK(esp_ecdsa_sign(&ctx->MBEDTLS_PRIVATE(grp), &r, &s, &ctx->MBEDTLS_PRIVATE(d), hash, hlen, ECDSA_K_TYPE_DETERMINISITIC)); MBEDTLS_MPI_CHK(esp_ecdsa_sign(&ctx->MBEDTLS_PRIVATE(grp), &r, &s, &ctx->MBEDTLS_PRIVATE(d), hash, hlen, k_type));
#else #else
MBEDTLS_MPI_CHK(esp_ecdsa_sign(&ctx->MBEDTLS_PRIVATE(grp), &r, &s, &ctx->MBEDTLS_PRIVATE(d), hash, hlen, ECDSA_K_TYPE_TRNG)); MBEDTLS_MPI_CHK(esp_ecdsa_sign(&ctx->MBEDTLS_PRIVATE(grp), &r, &s, &ctx->MBEDTLS_PRIVATE(d), hash, hlen, k_type));
#endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */ #endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */
} }

8
components/mbedtls/test_apps/main/test_mbedtls_ecdsa.c
View File

@@ -274,13 +274,21 @@ TEST_CASE("mbedtls ECDSA signature generation on SECP256R1", "[mbedtls][efuse_ke
TEST_CASE("mbedtls ECDSA deterministic signature generation on SECP192R1", "[mbedtls][efuse_key]") TEST_CASE("mbedtls ECDSA deterministic signature generation on SECP192R1", "[mbedtls][efuse_key]")
{ {
if (!ecdsa_ll_is_deterministic_mode_supported()) {
ESP_LOGI(TAG, "Skipping test because ECDSA deterministic mode is not supported.");
} else {
test_ecdsa_sign(MBEDTLS_ECP_DP_SECP192R1, sha, ecdsa192_sign_pub_x, ecdsa192_sign_pub_y, true, SECP192R1_EFUSE_BLOCK); test_ecdsa_sign(MBEDTLS_ECP_DP_SECP192R1, sha, ecdsa192_sign_pub_x, ecdsa192_sign_pub_y, true, SECP192R1_EFUSE_BLOCK);
} }
}
TEST_CASE("mbedtls ECDSA deterministic signature generation on SECP256R1", "[mbedtls][efuse_key]") TEST_CASE("mbedtls ECDSA deterministic signature generation on SECP256R1", "[mbedtls][efuse_key]")
{ {
if (!ecdsa_ll_is_deterministic_mode_supported()) {
ESP_LOGI(TAG, "Skipping test because ECDSA deterministic mode is not supported.");
} else {
test_ecdsa_sign(MBEDTLS_ECP_DP_SECP256R1, sha, ecdsa256_sign_pub_x, ecdsa256_sign_pub_y, true, SECP256R1_EFUSE_BLOCK); test_ecdsa_sign(MBEDTLS_ECP_DP_SECP256R1, sha, ecdsa256_sign_pub_x, ecdsa256_sign_pub_y, true, SECP256R1_EFUSE_BLOCK);
} }
}
#endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */ #endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */

8
components/soc/esp32h2/include/soc/Kconfig.soc_caps.in
View File

@@ -1251,6 +1251,14 @@ config SOC_ECDSA_USES_MPI
bool bool
default y default y
config SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE
bool
default y
config SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP
bool
default y
config SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED config SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED
bool bool
default y default y

2
components/soc/esp32h2/include/soc/soc_caps.h
View File

@@ -508,6 +508,8 @@
/*------------------------- ECDSA CAPS -------------------------*/ /*------------------------- ECDSA CAPS -------------------------*/
#define SOC_ECDSA_USES_MPI (1) #define SOC_ECDSA_USES_MPI (1)
#define SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE (1)
#define SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP (1)
#define SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED (1) #define SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED (1)
/*-------------------------- UART CAPS ---------------------------------------*/ /*-------------------------- UART CAPS ---------------------------------------*/