diff --git a/components/esp_hw_support/port/esp32c6/CMakeLists.txt b/components/esp_hw_support/port/esp32c6/CMakeLists.txt index 7ffc812242..fed30227f3 100644 --- a/components/esp_hw_support/port/esp32c6/CMakeLists.txt +++ b/components/esp_hw_support/port/esp32c6/CMakeLists.txt @@ -7,8 +7,6 @@ set(srcs "rtc_clk_init.c" "chip_info.c") if(NOT BOOTLOADER_BUILD) - # list(APPEND srcs "esp_hmac.c" // TODO: IDF-5355 - # "esp_ds.c") // TODO: IDF-5360 list(APPEND srcs "sar_periph_ctrl.c" "esp_crypto_lock.c") diff --git a/components/esp_hw_support/test_apps/esp_hw_support_unity_tests/main/test_ds.c b/components/esp_hw_support/test_apps/esp_hw_support_unity_tests/main/test_ds.c index 23c94d45f3..d8d9e3574b 100644 --- a/components/esp_hw_support/test_apps/esp_hw_support_unity_tests/main/test_ds.c +++ b/components/esp_hw_support/test_apps/esp_hw_support_unity_tests/main/test_ds.c @@ -24,6 +24,11 @@ #include "esp32s3/rom/digital_signature.h" #include "esp32s3/rom/aes.h" #include "esp32s3/rom/sha.h" +#elif CONFIG_IDF_TARGET_ESP32C6 +#include "esp32c6/rom/efuse.h" +#include "esp32c6/rom/digital_signature.h" +#include "esp32c6/rom/aes.h" +#include "esp32c6/rom/sha.h" #endif #include "esp_ds.h" diff --git a/components/esp_hw_support/test_apps/security_support/esp_hw_support_unity_tests/main/gen_digital_signature_tests.py b/components/esp_hw_support/test_apps/security_support/esp_hw_support_unity_tests/main/gen_digital_signature_tests.py index 948f36ae62..9a2b19d487 100644 --- a/components/esp_hw_support/test_apps/security_support/esp_hw_support_unity_tests/main/gen_digital_signature_tests.py +++ b/components/esp_hw_support/test_apps/security_support/esp_hw_support_unity_tests/main/gen_digital_signature_tests.py @@ -16,10 +16,11 @@ from cryptography.hazmat.primitives.asymmetric.rsa import _modinv as modinv # t from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes from cryptography.utils import int_to_bytes -supported_targets = {'esp32s2', 'esp32c3', 'esp32s3'} +supported_targets = {'esp32s2', 'esp32c3', 'esp32s3', 'esp32c6'} supported_key_size = {'esp32s2':[4096, 3072, 2048, 1024], 'esp32c3':[3072, 2048, 1024], - 'esp32s3':[4096, 3072, 2048, 1024]} + 'esp32s3':[4096, 3072, 2048, 1024], + 'esp32c6':[3072, 2048, 1024]} NUM_HMAC_KEYS = 3 NUM_MESSAGES = 10 diff --git a/components/esp_hw_support/test_apps/security_support/esp_hw_support_unity_tests/main/test_ds.c b/components/esp_hw_support/test_apps/security_support/esp_hw_support_unity_tests/main/test_ds.c index 23c94d45f3..5ce8e53c53 100644 --- a/components/esp_hw_support/test_apps/security_support/esp_hw_support_unity_tests/main/test_ds.c +++ b/components/esp_hw_support/test_apps/security_support/esp_hw_support_unity_tests/main/test_ds.c @@ -24,6 +24,11 @@ #include "esp32s3/rom/digital_signature.h" #include "esp32s3/rom/aes.h" #include "esp32s3/rom/sha.h" +#elif CONFIG_IDF_TARGET_ESP32C6 +#include "esp32c6/rom/efuse.h" +#include "esp32c6/rom/digital_signature.h" +#include "esp32c6/rom/aes.h" +#include "esp32c6/rom/sha.h" #endif #include "esp_ds.h" @@ -32,7 +37,7 @@ #if CONFIG_IDF_TARGET_ESP32S2 || CONFIG_IDF_TARGET_ESP32S3 #define DS_MAX_BITS (4096) -#elif CONFIG_IDF_TARGET_ESP32C3 +#else #define DS_MAX_BITS (ETS_DS_MAX_BITS) #endif diff --git a/components/hal/CMakeLists.txt b/components/hal/CMakeLists.txt index 930fbd1e4b..095233343e 100644 --- a/components/hal/CMakeLists.txt +++ b/components/hal/CMakeLists.txt @@ -199,7 +199,8 @@ if(NOT BOOTLOADER_BUILD) list(APPEND srcs "spi_flash_hal_gpspi.c" "esp32c6/rtc_cntl_hal.c" - ) + "hmac_hal.c" + "ds_hal.c") endif() diff --git a/components/hal/esp32c6/include/hal/ds_ll.h b/components/hal/esp32c6/include/hal/ds_ll.h new file mode 100644 index 0000000000..49f0630c38 --- /dev/null +++ b/components/hal/esp32c6/include/hal/ds_ll.h @@ -0,0 +1,167 @@ +/* + * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ + +/******************************************************************************* + * NOTICE + * The hal is not public api, don't use it in application code. + ******************************************************************************/ + +#pragma once + +#include +#include +#include + +#include "soc/hwcrypto_reg.h" +#include "soc/soc_caps.h" + +#ifdef __cplusplus +extern "C" { +#endif + +static inline void ds_ll_start(void) +{ + REG_WRITE(DS_SET_START_REG, 1); +} + +/** + * @brief Wait until DS peripheral has finished any outstanding operation. + */ +static inline bool ds_ll_busy(void) +{ + return (REG_READ(DS_QUERY_BUSY_REG) > 0) ? true : false; +} + +/** + * @brief Busy wait until the hardware is ready. + */ +static inline void ds_ll_wait_busy(void) +{ + while (ds_ll_busy()); +} + +/** + * @brief In case of a key error, check what caused it. + */ +static inline ds_key_check_t ds_ll_key_error_source(void) +{ + uint32_t key_error = REG_READ(DS_QUERY_KEY_WRONG_REG); + if (key_error == 0) { + return DS_NO_KEY_INPUT; + } else { + return DS_OTHER_WRONG; + } +} + +/** + * @brief Write the initialization vector to the corresponding register field. + */ +static inline void ds_ll_configure_iv(const uint32_t *iv) +{ + for (size_t i = 0; i < (SOC_DS_KEY_PARAM_MD_IV_LENGTH / sizeof(uint32_t)); i++) { + REG_WRITE(DS_IV_MEM + (i * 4) , iv[i]); + } +} + +/** + * @brief Write the message which should be signed. + * + * @param msg Pointer to the message. + * @param size Length of msg in bytes. It is the RSA signature length in bytes. + */ +static inline void ds_ll_write_message(const uint8_t *msg, size_t size) +{ + memcpy((uint8_t*) DS_X_MEM, msg, size); + asm volatile ("fence"); +} + +/** + * @brief Write the encrypted private key parameters. + */ +static inline void ds_ll_write_private_key_params(const uint8_t *encrypted_key_params) +{ + /* Note: as the internal peripheral still has RSA 4096 structure, + but C is encrypted based on the actual max RSA length (ETS_DS_MAX_BITS), need to fragment it + when copying to hardware... + + (note if ETS_DS_MAX_BITS == 4096, this should be the same as copying data->c to hardware in one fragment) + */ + typedef struct { uint32_t addr; size_t len; } frag_t; + const frag_t frags[] = { + {DS_Y_MEM, SOC_DS_SIGNATURE_MAX_BIT_LEN / 8}, + {DS_M_MEM, SOC_DS_SIGNATURE_MAX_BIT_LEN / 8}, + {DS_RB_MEM, SOC_DS_SIGNATURE_MAX_BIT_LEN / 8}, + {DS_BOX_MEM, DS_IV_MEM - DS_BOX_MEM}, + }; + const size_t NUM_FRAGS = sizeof(frags)/sizeof(frag_t); + const uint8_t *from = encrypted_key_params; + + for (int i = 0; i < NUM_FRAGS; i++) { + memcpy((uint8_t *)frags[i].addr, from, frags[i].len); + asm volatile ("fence"); + from += frags[i].len; + } +} + +/** + * @brief Begin signing procedure. + */ +static inline void ds_ll_start_sign(void) +{ + REG_WRITE(DS_SET_CONTINUE_REG, 1); +} + +/** + * @brief check the calculated signature. + * + * @return + * - DS_SIGNATURE_OK if no issue is detected with the signature. + * - DS_SIGNATURE_PADDING_FAIL if the padding of the private key parameters is wrong. + * - DS_SIGNATURE_MD_FAIL if the message digest check failed. This means that the message digest calculated using + * the private key parameters fails, i.e., the integrity of the private key parameters is not protected. + * - DS_SIGNATURE_PADDING_AND_MD_FAIL if both padding and message digest check fail. + */ +static inline ds_signature_check_t ds_ll_check_signature(void) +{ + uint32_t result = REG_READ(DS_QUERY_CHECK_REG); + switch(result) { + case 0: + return DS_SIGNATURE_OK; + case 1: + return DS_SIGNATURE_MD_FAIL; + case 2: + return DS_SIGNATURE_PADDING_FAIL; + default: + return DS_SIGNATURE_PADDING_AND_MD_FAIL; + } +} + +/** + * @brief Read the signature from the hardware. + * + * @param result The signature result. + * @param size Length of signature result in bytes. It is the RSA signature length in bytes. + */ +static inline void ds_ll_read_result(uint8_t *result, size_t size) +{ + memcpy(result, (uint8_t*) DS_Z_MEM, size); + asm volatile ("fence"); +} + +/** + * @brief Exit the signature operation. + * + * @note This does not deactivate the module. Corresponding clock/reset bits have to be triggered for deactivation. + */ +static inline void ds_ll_finish(void) +{ + REG_WRITE(DS_SET_FINISH_REG, 1); + ds_ll_wait_busy(); +} + +#ifdef __cplusplus +} +#endif diff --git a/components/hal/esp32c6/include/hal/hmac_ll.h b/components/hal/esp32c6/include/hal/hmac_ll.h new file mode 100644 index 0000000000..f4f95bd836 --- /dev/null +++ b/components/hal/esp32c6/include/hal/hmac_ll.h @@ -0,0 +1,191 @@ +/* + * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ + +/******************************************************************************* + * NOTICE + * The hal is not public api, don't use it in application code. + * See readme.md in soc/include/hal/readme.md + ******************************************************************************/ + +#pragma once + +#include + +#include "soc/system_reg.h" +#include "soc/hwcrypto_reg.h" +#include "hal/hmac_hal.h" + +#define SHA256_BLOCK_SZ 64 +#define SHA256_DIGEST_SZ 32 + +#define EFUSE_KEY_PURPOSE_HMAC_DOWN_JTAG 6 +#define EFUSE_KEY_PURPOSE_HMAC_DOWN_DIGITAL_SIGNATURE 7 +#define EFUSE_KEY_PURPOSE_HMAC_UP 8 +#define EFUSE_KEY_PURPOSE_HMAC_DOWN_ALL 5 + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * Makes the peripheral ready for use, after enabling it. + */ +static inline void hmac_ll_start(void) +{ + REG_WRITE(HMAC_SET_START_REG, 1); +} + +/** + * @brief Determine where the HMAC output should go. + * + * The HMAC peripheral can be configured to deliver its output to the user directly, or to deliver + * the output directly to another peripheral instead, e.g. the Digital Signature peripheral. + */ +static inline void hmac_ll_config_output(hmac_hal_output_t config) +{ + switch(config) { + case HMAC_OUTPUT_USER: + REG_WRITE(HMAC_SET_PARA_PURPOSE_REG, EFUSE_KEY_PURPOSE_HMAC_UP); + break; + case HMAC_OUTPUT_DS: + REG_WRITE(HMAC_SET_PARA_PURPOSE_REG, EFUSE_KEY_PURPOSE_HMAC_DOWN_DIGITAL_SIGNATURE); + break; + case HMAC_OUTPUT_JTAG_ENABLE: + REG_WRITE(HMAC_SET_PARA_PURPOSE_REG, EFUSE_KEY_PURPOSE_HMAC_DOWN_JTAG); + break; + case HMAC_OUTPUT_ALL: + REG_WRITE(HMAC_SET_PARA_PURPOSE_REG, EFUSE_KEY_PURPOSE_HMAC_DOWN_ALL); + break; + default: + ; // do nothing, error will be indicated by hmac_hal_config_error() + } +} + +/** + * @brief Selects which hardware key should be used. + */ +static inline void hmac_ll_config_hw_key_id(uint32_t key_id) +{ + REG_WRITE(HMAC_SET_PARA_KEY_REG, key_id); +} + +/** + * @brief Apply and check configuration. + * + * Afterwards, the configuration can be checked for errors with hmac_hal_config_error(). + */ +static inline void hmac_ll_config_finish(void) +{ + REG_WRITE(HMAC_SET_PARA_FINISH_REG, 1); +} + +/** + * + * @brief Query HMAC error state after configuration actions. + * + * @return + * - 1 or greater on error + * - 0 on success + */ +static inline uint32_t hmac_ll_config_error(void) +{ + return REG_READ(HMAC_QUERY_ERROR_REG); +} + +/** + * Wait until the HAL is ready for the next interaction. + */ +static inline void hmac_ll_wait_idle(void) +{ + uint32_t query; + do { + query = REG_READ(HMAC_QUERY_BUSY_REG); + } while(query != 0); +} + +/** + * @brief Write a message block of 512 bits to the HMAC peripheral. + */ +static inline void hmac_ll_write_block_512(const uint32_t *block) +{ + const size_t REG_WIDTH = sizeof(uint32_t); + for (size_t i = 0; i < SHA256_BLOCK_SZ / REG_WIDTH; i++) { + REG_WRITE(HMAC_WR_MESSAGE_MEM + (i * REG_WIDTH), block[i]); + } + + REG_WRITE(HMAC_SET_MESSAGE_ONE_REG, 1); +} + +/** + * @brief Read the 256 bit HMAC. + */ +static inline void hmac_ll_read_result_256(uint32_t *result) +{ + const size_t REG_WIDTH = sizeof(uint32_t); + for (size_t i = 0; i < SHA256_DIGEST_SZ / REG_WIDTH; i++) { + result[i] = REG_READ(HMAC_RD_RESULT_MEM + (i * REG_WIDTH)); + } +} + +/** + * @brief Clean the HMAC result provided to other hardware. + */ +static inline void hmac_ll_clean(void) +{ + REG_WRITE(HMAC_SET_INVALIDATE_DS_REG, 1); + REG_WRITE(HMAC_SET_INVALIDATE_JTAG_REG, 1); +} + +/** + * @brief Signals that the following block will be the padded last block. + */ +static inline void hmac_ll_msg_padding(void) +{ + REG_WRITE(HMAC_SET_MESSAGE_PAD_REG, 1); +} + +/** + * @brief Signals that all blocks have been written and a padding block will automatically be applied by hardware. + * + * Only applies if the message length is a multiple of 512 bits. + * See the chip TRM HMAC chapter for more details. + */ +static inline void hmac_ll_msg_end(void) +{ + REG_WRITE(HMAC_SET_MESSAGE_END_REG, 1); +} + +/** + * @brief The message including padding fits into one block, so no further action needs to be taken. + * + * This is called after the one-block-message has been written. + */ +static inline void hmac_ll_msg_one_block(void) +{ + REG_WRITE(HMAC_ONE_BLOCK_REG, 1); +} + +/** + * @brief Indicate that more blocks will be written after the last block. + */ +static inline void hmac_ll_msg_continue(void) +{ + REG_WRITE(HMAC_SET_MESSAGE_ING_REG, 1); +} + +/** + * @brief Clear the HMAC result. + * + * Use this after reading the HMAC result or if aborting after any of the other steps above. + */ +static inline void hmac_ll_calc_finish(void) +{ + REG_WRITE(HMAC_SET_RESULT_FINISH_REG, 2); +} + +#ifdef __cplusplus +} +#endif diff --git a/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c b/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c index 539f21451a..c975a407d7 100644 --- a/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c +++ b/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c @@ -16,6 +16,8 @@ #include "esp32h4/rom/digital_signature.h" #elif CONFIG_IDF_TARGET_ESP32S3 #include "esp32s3/rom/digital_signature.h" +#elif CONFIG_IDF_TARGET_ESP32C6 +#include "esp32c6/rom/digital_signature.h" #else #error "Selected target does not support esp_rsa_sign_alt (for DS)" #endif