diff --git a/components/esp_system/port/soc/esp32c6/clk.c b/components/esp_system/port/soc/esp32c6/clk.c index 06f10b3782..90b250bc46 100644 --- a/components/esp_system/port/soc/esp32c6/clk.c +++ b/components/esp_system/port/soc/esp32c6/clk.c @@ -297,8 +297,8 @@ __attribute__((weak)) void esp_perip_clk_init(void) periph_ll_disable_clk_set_rst(PERIPH_SHA_MODULE); periph_ll_disable_clk_set_rst(PERIPH_HMAC_MODULE); periph_ll_disable_clk_set_rst(PERIPH_DS_MODULE); -#endif periph_ll_disable_clk_set_rst(PERIPH_ECC_MODULE); +#endif // TODO: Replace with hal implementation REG_CLR_BIT(PCR_CTRL_TICK_CONF_REG, PCR_TICK_ENABLE); diff --git a/components/esp_tee/scripts/esp32c6/sec_srv_tbl_default.yml b/components/esp_tee/scripts/esp32c6/sec_srv_tbl_default.yml index 90e0c8645a..b717c99c98 100644 --- a/components/esp_tee/scripts/esp32c6/sec_srv_tbl_default.yml +++ b/components/esp_tee/scripts/esp32c6/sec_srv_tbl_default.yml @@ -248,6 +248,14 @@ secure_services: type: IDF function: esp_crypto_mpi_enable_periph_clk args: 1 + - id: 108 + type: IDF + function: esp_ecc_point_multiply + args: 4 + - id: 109 + type: IDF + function: esp_ecc_point_verify + args: 1 # ID: 134-149 (16) - eFuse - family: efuse entries: diff --git a/components/esp_tee/src/esp_secure_service_wrapper.c b/components/esp_tee/src/esp_secure_service_wrapper.c index 59dbeca671..7fe69dc10a 100644 --- a/components/esp_tee/src/esp_secure_service_wrapper.c +++ b/components/esp_tee/src/esp_secure_service_wrapper.c @@ -342,6 +342,33 @@ void __wrap_esp_crypto_mpi_enable_periph_clk(bool enable) esp_tee_service_call(2, SS_ESP_CRYPTO_MPI_ENABLE_PERIPH_CLK, enable); } +/* ---------------------------------------------- ECC ------------------------------------------------- */ + +#define P256_LEN (256/8) +#define P192_LEN (192/8) + +typedef struct { + uint8_t x[P256_LEN]; /* Little endian order */ + uint8_t y[P256_LEN]; /* Little endian order */ + unsigned len; /* P192_LEN or P256_LEN */ +} ecc_point_t; + +int __wrap_esp_ecc_point_multiply(const ecc_point_t *point, const uint8_t *scalar, ecc_point_t *result, bool verify_first) +{ + esp_crypto_ecc_lock_acquire(); + esp_err_t err = esp_tee_service_call(5, SS_ESP_ECC_POINT_MULTIPLY, point, scalar, result, verify_first); + esp_crypto_ecc_lock_release(); + return err; +} + +int __wrap_esp_ecc_point_verify(const ecc_point_t *point) +{ + esp_crypto_ecc_lock_acquire(); + esp_err_t err = esp_tee_service_call(2, SS_ESP_ECC_POINT_VERIFY, point); + esp_crypto_ecc_lock_release(); + return err; +} + /* ---------------------------------------------- MMU HAL ------------------------------------------------- */ void IRAM_ATTR __wrap_mmu_hal_map_region(uint32_t mmu_id, mmu_target_t mem_type, uint32_t vaddr, uint32_t paddr, uint32_t len, uint32_t *out_len) diff --git a/components/esp_tee/subproject/main/core/esp_secure_services.c b/components/esp_tee/subproject/main/core/esp_secure_services.c index 3bd8f82f49..170fef6b70 100644 --- a/components/esp_tee/subproject/main/core/esp_secure_services.c +++ b/components/esp_tee/subproject/main/core/esp_secure_services.c @@ -29,6 +29,7 @@ #include "esp_hmac.h" #include "esp_ds.h" #include "esp_crypto_periph_clk.h" +#include "ecc_impl.h" #include "esp_tee.h" #include "esp_tee_memory_utils.h" @@ -444,6 +445,26 @@ void _ss_esp_crypto_mpi_enable_periph_clk(bool enable) esp_crypto_mpi_enable_periph_clk(enable); } +/* ---------------------------------------------- ECC ------------------------------------------------- */ + +int _ss_esp_ecc_point_multiply(const ecc_point_t *point, const uint8_t *scalar, ecc_point_t *result, bool verify_first) +{ + bool valid_addr = (esp_tee_ptr_in_ree((void *)result)) && + esp_tee_ptr_in_ree((void *)((char *)result + sizeof(ecc_point_t))); + + if (!valid_addr) { + return -1; + } + ESP_FAULT_ASSERT(valid_addr); + + return esp_ecc_point_multiply(point, scalar, result, verify_first); +} + +int _ss_esp_ecc_point_verify(const ecc_point_t *point) +{ + return esp_ecc_point_verify(point); +} + /* ---------------------------------------------- OTA ------------------------------------------------- */ int _ss_esp_tee_ota_begin(void) diff --git a/components/esp_tee/subproject/main/ld/esp32c6/esp_tee.ld.in b/components/esp_tee/subproject/main/ld/esp32c6/esp_tee.ld.in index 624f1be77b..d9efea5591 100644 --- a/components/esp_tee/subproject/main/ld/esp32c6/esp_tee.ld.in +++ b/components/esp_tee/subproject/main/ld/esp32c6/esp_tee.ld.in @@ -177,6 +177,7 @@ SECTIONS * | SHA | text | Flash | * | HMAC | text | Flash | * | DS | text | Flash | + * | ECC | text | Flash | * | BROWNOUT | text | Flash | * | EFUSE | text | Flash | * | LPTIMER | text | Flash | @@ -196,6 +197,7 @@ SECTIONS *libhal.a:sha_hal.c*(.literal .text .literal.* .text.*) *libhal.a:hmac_hal.c*(.literal .text .literal.* .text.*) *libhal.a:ds_hal.c*(.literal .text .literal.* .text.*) + *libhal.a:ecc_hal.c*(.literal .text .literal.* .text.*) *libhal.a:apm_hal.c*(.literal .text .literal.* .text.*) *libhal.a:brownout_hal.c*(.literal .text .literal.* .text.*) *libhal.a:spi_flash_hal.c*(.literal .text .literal.* .text.*) diff --git a/components/esp_tee/subproject/main/soc/esp32c6/esp_tee_apm_prot_cfg.c b/components/esp_tee/subproject/main/soc/esp32c6/esp_tee_apm_prot_cfg.c index f746d82188..c1a873bc03 100644 --- a/components/esp_tee/subproject/main/soc/esp32c6/esp_tee_apm_prot_cfg.c +++ b/components/esp_tee/subproject/main/soc/esp32c6/esp_tee_apm_prot_cfg.c @@ -107,7 +107,7 @@ apm_ctrl_region_config_data_t hp_apm_pms_data[] = { .filter_enable = 1, }, /* Region 6/7: Peripherals [H/W Lock - HMAC] (RW) */ - /* Protected: AES, SHA, DS, HMAC */ + /* Protected: AES, SHA, ECC, DS, HMAC */ { .regn_num = 6, .regn_start_addr = DR_REG_ATOMIC_BASE, @@ -118,12 +118,12 @@ apm_ctrl_region_config_data_t hp_apm_pms_data[] = { { .regn_num = 7, .regn_start_addr = DR_REG_RSA_BASE, - .regn_end_addr = (DR_REG_DS_BASE - 0x4), + .regn_end_addr = (DR_REG_ECC_MULT_BASE - 0x4), .regn_pms = 0x6, .filter_enable = 1, }, - /* Region 8/9/10: Peripherals [DS - TEE Controller & APM] (RW) */ - /* Protected: AES, SHA, DS, HMAC PCR, APM, TEE Controller */ + /* Region 8/9/10: Peripherals [IO_MUX - TEE Controller & APM] (RW) */ + /* Protected: AES, SHA, ECC, DS and HMAC PCRs, APM, TEE Controller */ { .regn_num = 8, .regn_start_addr = DR_REG_IO_MUX_BASE, @@ -134,7 +134,7 @@ apm_ctrl_region_config_data_t hp_apm_pms_data[] = { { .regn_num = 9, .regn_start_addr = PCR_RSA_CONF_REG, - .regn_end_addr = (PCR_DS_CONF_REG - 0x4), + .regn_end_addr = (PCR_ECC_CONF_REG - 0x4), .regn_pms = 0x6, .filter_enable = 1, }, diff --git a/components/esp_tee/subproject/main/soc/esp32c6/esp_tee_secure_sys_cfg.c b/components/esp_tee/subproject/main/soc/esp32c6/esp_tee_secure_sys_cfg.c index 3f54dc6520..a3efc665a2 100644 --- a/components/esp_tee/subproject/main/soc/esp32c6/esp_tee_secure_sys_cfg.c +++ b/components/esp_tee/subproject/main/soc/esp32c6/esp_tee_secure_sys_cfg.c @@ -16,6 +16,7 @@ #include "hal/sha_ll.h" #include "hal/hmac_ll.h" #include "hal/ds_ll.h" +#include "hal/ecc_ll.h" #include "esp_tee.h" #include "esp_tee_intr.h" @@ -95,12 +96,14 @@ void esp_tee_soc_secure_sys_init(void) esp_tee_protect_intr_src(ETS_EFUSE_INTR_SOURCE); // eFuse esp_tee_protect_intr_src(ETS_AES_INTR_SOURCE); // AES esp_tee_protect_intr_src(ETS_SHA_INTR_SOURCE); // SHA + esp_tee_protect_intr_src(ETS_ECC_INTR_SOURCE); // ECC /* Disable protected crypto peripheral clocks; they will be toggled as needed when the peripheral is in use */ aes_ll_enable_bus_clock(false); sha_ll_enable_bus_clock(false); hmac_ll_enable_bus_clock(false); ds_ll_enable_bus_clock(false); + ecc_ll_enable_bus_clock(false); } IRAM_ATTR inline void esp_tee_switch_to_ree(uint32_t ree_entry_addr) diff --git a/components/esp_tee/test_apps/tee_test_fw/main/CMakeLists.txt b/components/esp_tee/test_apps/tee_test_fw/main/CMakeLists.txt index 0b5c34e6cd..4c51d552f0 100644 --- a/components/esp_tee/test_apps/tee_test_fw/main/CMakeLists.txt +++ b/components/esp_tee/test_apps/tee_test_fw/main/CMakeLists.txt @@ -32,6 +32,10 @@ list(APPEND srcs "${mbedtls_test_srcs_dir}/test_mbedtls_sha.c" # Mixed list(APPEND srcs "${mbedtls_test_srcs_dir}/test_aes_sha_parallel.c") + +# ECC +list(APPEND srcs "${mbedtls_test_srcs_dir}/test_ecp.c") + # Utility list(APPEND srcs "${mbedtls_test_srcs_dir}/test_apb_dport_access.c" "${mbedtls_test_srcs_dir}/test_mbedtls_utils.c") diff --git a/components/esp_tee/test_apps/tee_test_fw/main/test_esp_tee_att.c b/components/esp_tee/test_apps/tee_test_fw/main/test_esp_tee_att.c index 864d199712..105403c3ba 100644 --- a/components/esp_tee/test_apps/tee_test_fw/main/test_esp_tee_att.c +++ b/components/esp_tee/test_apps/tee_test_fw/main/test_esp_tee_att.c @@ -256,7 +256,6 @@ TEST_CASE("Test TEE Attestation - Generate and verify the EAT", "[attestation]") uint8_t *token_buf = heap_caps_calloc(ESP_ATT_TK_BUF_SIZE, sizeof(uint8_t), MALLOC_CAP_8BIT | MALLOC_CAP_INTERNAL); TEST_ASSERT_NOT_NULL(token_buf); - ESP_LOGI(TAG, "Generating EAT for all active firmwares (Bootloader, TEE and non-secure app)..."); // Generating the attestation token uint32_t token_len = 0; TEST_ESP_OK(esp_tee_att_generate_token(0xA1B2C3D4, 0x0FACADE0, (const char *)ESP_ATT_TK_PSA_CERT_REF, @@ -275,7 +274,6 @@ TEST_CASE("Test TEE Attestation - Generate and verify the EAT", "[attestation]") esp_tee_sec_storage_sign_t sign_ctx = {}; fetch_signature((const char *)token_buf, &sign_ctx); - ESP_LOGI(TAG, "Verifying the generated EAT..."); // Verifying the generated token TEST_ASSERT_EQUAL(0, verify_ecdsa_sign(digest, sizeof(digest), &pubkey_ctx, &sign_ctx, false)); free(token_buf); diff --git a/components/esp_tee/test_apps/tee_test_fw/main/test_esp_tee_panic.c b/components/esp_tee/test_apps/tee_test_fw/main/test_esp_tee_panic.c index c3366d3b72..985a611ee9 100644 --- a/components/esp_tee/test_apps/tee_test_fw/main/test_esp_tee_panic.c +++ b/components/esp_tee/test_apps/tee_test_fw/main/test_esp_tee_panic.c @@ -63,7 +63,8 @@ TEST_CASE("Test APM violation interrupt: AES", "[apm_violation]") TEST_CASE("Test APM violation interrupt: HMAC", "[apm_violation]") { uint32_t val = UINT32_MAX; - REG_WRITE(HMAC_SET_PARA_KEY_REG, val); + val = REG_READ(HMAC_SET_PARA_KEY_REG); + TEST_ASSERT_EQUAL(0, val); TEST_FAIL_MESSAGE("APM violation interrupt should have been generated"); } @@ -77,16 +78,15 @@ TEST_CASE("Test APM violation interrupt: DS", "[apm_violation]") TEST_CASE("Test APM violation interrupt: SHA PCR", "[apm_violation]") { - uint32_t val = UINT32_MAX; - val = REG_READ(PCR_SHA_CONF_REG); - TEST_ASSERT_EQUAL(0, val); + uint32_t val = 0; + REG_WRITE(PCR_SHA_CONF_REG, val); TEST_FAIL_MESSAGE("APM violation interrupt should have been generated"); } -TEST_CASE("Test APM violation interrupt: DS PCR", "[apm_violation]") +TEST_CASE("Test APM violation interrupt: ECC PCR", "[apm_violation]") { - uint32_t val = UINT32_MAX; - REG_WRITE(PCR_DS_CONF_REG, val); + uint32_t val = 0; + REG_WRITE(PCR_ECC_CONF_REG, val); TEST_FAIL_MESSAGE("APM violation interrupt should have been generated"); } diff --git a/components/esp_tee/test_apps/tee_test_fw/main/test_esp_tee_sec_stg.c b/components/esp_tee/test_apps/tee_test_fw/main/test_esp_tee_sec_stg.c index f1f4d0375f..bfbb349dfc 100644 --- a/components/esp_tee/test_apps/tee_test_fw/main/test_esp_tee_sec_stg.c +++ b/components/esp_tee/test_apps/tee_test_fw/main/test_esp_tee_sec_stg.c @@ -88,7 +88,6 @@ TEST_CASE("Test TEE Secure Storage - Sign-verify (ecdsa_secp256r1) with all key- TEST_ESP_OK(esp_tee_sec_storage_init()); for (uint16_t slot_id = 0; slot_id <= MAX_SEC_STG_SLOT_ID; slot_id++) { - ESP_LOGI(TAG, "Slot ID: %u", slot_id); TEST_ESP_OK(esp_tee_sec_storage_clear_slot(slot_id)); TEST_ESP_OK(esp_tee_sec_storage_gen_key(slot_id, ESP_SEC_STG_KEY_ECDSA_SECP256R1)); @@ -98,7 +97,6 @@ TEST_CASE("Test TEE Secure Storage - Sign-verify (ecdsa_secp256r1) with all key- esp_tee_sec_storage_pubkey_t pubkey = {}; TEST_ESP_OK(esp_tee_sec_storage_get_pubkey(slot_id, ESP_SEC_STG_KEY_ECDSA_SECP256R1, &pubkey)); - ESP_LOGI(TAG, "Verifying generated signature..."); TEST_ESP_OK(verify_ecdsa_sign(msg_digest, sizeof(msg_digest), &pubkey, &sign, false)); TEST_ESP_OK(esp_tee_sec_storage_clear_slot(slot_id)); @@ -122,7 +120,6 @@ TEST_CASE("Test TEE Secure Storage - Sign-verify (ecdsa_secp192r1) with all key- TEST_ESP_OK(esp_tee_sec_storage_init()); for (uint16_t slot_id = 0; slot_id <= MAX_SEC_STG_SLOT_ID; slot_id++) { - ESP_LOGI(TAG, "Slot ID: %u", slot_id); TEST_ESP_OK(esp_tee_sec_storage_clear_slot(slot_id)); TEST_ESP_OK(esp_tee_sec_storage_gen_key(slot_id, ESP_SEC_STG_KEY_ECDSA_SECP192R1)); @@ -132,7 +129,6 @@ TEST_CASE("Test TEE Secure Storage - Sign-verify (ecdsa_secp192r1) with all key- esp_tee_sec_storage_pubkey_t pubkey = {}; TEST_ESP_OK(esp_tee_sec_storage_get_pubkey(slot_id, ESP_SEC_STG_KEY_ECDSA_SECP192R1, &pubkey)); - ESP_LOGI(TAG, "Verifying generated signature..."); TEST_ESP_OK(verify_ecdsa_sign(msg_digest, sizeof(msg_digest), &pubkey, &sign, true)); TEST_ESP_OK(esp_tee_sec_storage_clear_slot(slot_id)); @@ -161,7 +157,6 @@ TEST_CASE("Test TEE Secure Storage - Encrypt-decrypt (aes256_gcm) with all key-s TEST_ESP_OK(esp_tee_sec_storage_init()); for (uint16_t slot_id = 0; slot_id <= MAX_SEC_STG_SLOT_ID; slot_id++) { - ESP_LOGI(TAG, "Slot ID: %u", slot_id); TEST_ESP_OK(esp_tee_sec_storage_clear_slot(slot_id)); TEST_ESP_OK(esp_tee_sec_storage_gen_key(slot_id, ESP_SEC_STG_KEY_AES256)); @@ -380,7 +375,6 @@ static void test_ecdsa_sign(mbedtls_ecp_group_id gid, const uint8_t *hash, int s TEST_ASSERT_MBEDTLS_OK(mbedtls_mpi_write_binary(&r, sign.sign_r, key_len)); TEST_ASSERT_MBEDTLS_OK(mbedtls_mpi_write_binary(&s, sign.sign_s, key_len)); - ESP_LOGI(TAG, "Verifying generated signature..."); TEST_ESP_OK(verify_ecdsa_sign(sha, sizeof(sha), &pubkey, &sign, is_crv_p192)); mbedtls_pk_free(&key_ctx); diff --git a/components/esp_tee/test_apps/tee_test_fw/pytest_esp_tee_ut.py b/components/esp_tee/test_apps/tee_test_fw/pytest_esp_tee_ut.py index f9fd574216..5e931db9ef 100644 --- a/components/esp_tee/test_apps/tee_test_fw/pytest_esp_tee_ut.py +++ b/components/esp_tee/test_apps/tee_test_fw/pytest_esp_tee_ut.py @@ -39,7 +39,7 @@ REE_ISOLATION_TEST_EXC_RSN: Dict[str, Any] = { } } -TEE_APM_VIOLATION_EXC_CHK = ['eFuse', 'MMU', 'AES', 'HMAC', 'DS', 'SHA PCR', 'DS PCR'] +TEE_APM_VIOLATION_EXC_CHK = ['eFuse', 'MMU', 'AES', 'HMAC', 'DS', 'SHA PCR', 'ECC PCR'] # ---------------- TEE default tests ---------------- diff --git a/components/hal/CMakeLists.txt b/components/hal/CMakeLists.txt index 5f7678b13e..b057d1c74d 100644 --- a/components/hal/CMakeLists.txt +++ b/components/hal/CMakeLists.txt @@ -52,7 +52,8 @@ if(esp_tee_build) "aes_hal.c" "sha_hal.c" "hmac_hal.c" - "ds_hal.c") + "ds_hal.c" + "ecc_hal.c") if(CONFIG_SECURE_TEE_EXT_FLASH_MEMPROT_SPI1) list(APPEND srcs "spi_flash_hal.c") diff --git a/components/mbedtls/esp_tee/esp_tee_mbedtls.cmake b/components/mbedtls/esp_tee/esp_tee_mbedtls.cmake index 9a86363c09..1e3d0c91ec 100644 --- a/components/mbedtls/esp_tee/esp_tee_mbedtls.cmake +++ b/components/mbedtls/esp_tee/esp_tee_mbedtls.cmake @@ -61,3 +61,6 @@ target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/sha/core/esp_sha1.c" target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/sha/core/sha.c" "${COMPONENT_DIR}/port/sha/esp_sha.c") + +target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/ecc/esp_ecc.c" + "${COMPONENT_DIR}/port/ecc/ecc_alt.c") diff --git a/components/mbedtls/esp_tee/esp_tee_mbedtls_config.h b/components/mbedtls/esp_tee/esp_tee_mbedtls_config.h index 738d3b6586..cd4071249e 100644 --- a/components/mbedtls/esp_tee/esp_tee_mbedtls_config.h +++ b/components/mbedtls/esp_tee/esp_tee_mbedtls_config.h @@ -57,6 +57,11 @@ #define MBEDTLS_SHA256_ALT #endif +#ifdef CONFIG_MBEDTLS_HARDWARE_ECC +#define MBEDTLS_ECP_MUL_ALT +#define MBEDTLS_ECP_VERIFY_ALT +#endif + #define MBEDTLS_ENTROPY_C #endif /* ESP_TEE_MBEDTLS_CONFIG_H */ diff --git a/docs/en/security/tee/tee-advanced.rst b/docs/en/security/tee/tee-advanced.rst index 51346b14b6..5ba828552c 100644 --- a/docs/en/security/tee/tee-advanced.rst +++ b/docs/en/security/tee/tee-advanced.rst @@ -164,6 +164,7 @@ The following peripherals are protected using the APM module and accessible only - Access Permission Management (APM) peripheral - AES, SHA accelerators + - ECC accelerator - Hash-Based Message Authentication Code (HMAC) module - Digital Signature module - eFuse Controller @@ -176,7 +177,6 @@ The following peripherals are protected using the APM module and accessible only - The following peripherals will be secured in future releases - - MPI accelerator (RSA) - - ECC accelerator Firmware ^^^^^^^^