From 96170ea10b2d6456ad23bcb9c5593f3b63d8a1e1 Mon Sep 17 00:00:00 2001
From: Aditya Patwardhan <aditya.patwardhan@espressif.com>
Date: Sun, 20 Jul 2025 17:49:36 +0530
Subject: [PATCH] refactor(hal): Move CONFIG options used in ecdsa_hal.c under
 config.h

---
 components/hal/ecdsa_hal.c                    | 21 +++++++++----------
 components/hal/include/hal/ecdsa_hal.h        |  6 +++---
 .../hal/platform_port/include/hal/config.h    |  6 ++++++
 .../sg_rules/no_kconfig_in_hal_component.yml  |  3 ---
 4 files changed, 19 insertions(+), 17 deletions(-)

diff --git a/components/hal/ecdsa_hal.c b/components/hal/ecdsa_hal.c
index 097ac9e53b..2c7f607d7c 100644
--- a/components/hal/ecdsa_hal.c
+++ b/components/hal/ecdsa_hal.c
@@ -8,8 +8,9 @@
 #include "hal/ecdsa_ll.h"
 #include "hal/ecdsa_hal.h"
 #include "hal/efuse_hal.h"
+#include "soc/soc_caps.h"
 
-#if CONFIG_HAL_ECDSA_GEN_SIG_CM
+#if HAL_CONFIG_ECDSA_GEN_SIG_CM
 #include "esp_fault.h"
 #include "esp_random.h"
 #include "soc/chip_revision.h"
@@ -98,7 +99,7 @@ static void ecdsa_hal_gen_signature_inner(const uint8_t *hash, uint8_t *r_out,
     }
 }
 
-#if CONFIG_HAL_ECDSA_GEN_SIG_CM
+#if HAL_CONFIG_ECDSA_GEN_SIG_CM
 __attribute__((optimize("O0"))) static void ecdsa_hal_gen_signature_with_countermeasure(const uint8_t *hash, uint8_t *r_out,
                        uint8_t *s_out, uint16_t len)
 {
@@ -126,7 +127,7 @@ __attribute__((optimize("O0"))) static void ecdsa_hal_gen_signature_with_counter
     }
 
 }
-#endif /* CONFIG_HAL_ECDSA_GEN_SIG_CM */
+#endif /* HAL_CONFIG_ECDSA_GEN_SIG_CM */
 
 
 
@@ -147,19 +148,17 @@ void ecdsa_hal_gen_signature(ecdsa_hal_config_t *conf, const uint8_t *hash,
 
     configure_ecdsa_periph(conf);
 
-#if CONFIG_HAL_ECDSA_GEN_SIG_CM
-#if CONFIG_IDF_TARGET_ESP32H2
+#if HAL_CONFIG_ECDSA_GEN_SIG_CM
+#if SOC_IS(ESP32H2)
     if (!ESP_CHIP_REV_ABOVE(efuse_hal_chip_revision(), 102)) {
         ecdsa_hal_gen_signature_with_countermeasure(hash, r_out, s_out, len);
-    } else {
-        ecdsa_hal_gen_signature_inner(hash, r_out, s_out, len);
+        return;
     }
-#else
-    ecdsa_hal_gen_signature_with_countermeasure(hash, r_out, s_out, len);
 #endif
-#else /* CONFIG_HAL_ECDSA_GEN_SIG_CM */
+    ecdsa_hal_gen_signature_with_countermeasure(hash, r_out, s_out, len);
+#else /* HAL_CONFIG_ECDSA_GEN_SIG_CM */
     ecdsa_hal_gen_signature_inner(hash, r_out, s_out, len);
-#endif /* !CONFIG_HAL_ECDSA_GEN_SIG_CM */
+#endif /* !HAL_CONFIG_ECDSA_GEN_SIG_CM */
 
 }
 
diff --git a/components/hal/include/hal/ecdsa_hal.h b/components/hal/include/hal/ecdsa_hal.h
index 182ebbe80d..3053286a5b 100644
--- a/components/hal/include/hal/ecdsa_hal.h
+++ b/components/hal/include/hal/ecdsa_hal.h
@@ -16,13 +16,13 @@
 #include <stdint.h>
 #include "hal/ecdsa_types.h"
 #include "soc/soc_caps.h"
-#include "sdkconfig.h"
+#include "hal/config.h"
 
 #ifdef __cplusplus
 extern "C" {
 #endif
 
-#if CONFIG_HAL_ECDSA_GEN_SIG_CM
+#if HAL_CONFIG_ECDSA_GEN_SIG_CM
 
 #define ECDSA_SIGN_MAX_DUMMY_OP_COUNT 0x7
 
@@ -32,7 +32,7 @@ extern "C" {
    After the countermeasure is enabled, hardware ECDSA signature operation
    shall take time approximately equal to original time multiplied by this number.
    If you observe that the reduced performance is affecting your use-case then you may try reducing this time to the minimum. */
-#endif /* CONFIG_HAL_ECDSA_GEN_SIG_CM */
+#endif /* HAL_CONFIG_ECDSA_GEN_SIG_CM */
 /*
  * ECDSA peripheral config structure
  */
diff --git a/components/hal/platform_port/include/hal/config.h b/components/hal/platform_port/include/hal/config.h
index 4c972ced8a..f7790b8191 100644
--- a/components/hal/platform_port/include/hal/config.h
+++ b/components/hal/platform_port/include/hal/config.h
@@ -33,6 +33,12 @@ extern "C" {
  */
 #define HAL_CONFIG_SPI_FLASH_USE_ROM_API CONFIG_SPI_FLASH_ROM_IMPL
 
+/**
+ * @brief Enable this to use constant-time ECDSA signature generation.
+ *        This provides enhanced security against timing attacks.
+ */
+#define HAL_CONFIG_ECDSA_GEN_SIG_CM CONFIG_HAL_ECDSA_GEN_SIG_CM
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/tools/ci/sg_rules/no_kconfig_in_hal_component.yml b/tools/ci/sg_rules/no_kconfig_in_hal_component.yml
index affb2cca3d..9471497ad5 100644
--- a/tools/ci/sg_rules/no_kconfig_in_hal_component.yml
+++ b/tools/ci/sg_rules/no_kconfig_in_hal_component.yml
@@ -13,14 +13,12 @@ ignores:
   # the following files should be refactored to remove Kconfig macros
   - "components/hal/adc_oneshot_hal.c"
   - "components/hal/cache_hal.c"
-  - "components/hal/ecdsa_hal.c"
   - "components/hal/mmu_hal.c"
   - "components/hal/spi_flash_hal.c"
   - "components/hal/twai_hal_sja1000.c"
   - "components/hal/esp32/gpio_hal_workaround.c"
   - "components/hal/esp32/include/hal/twai_ll.h"
   - "components/hal/esp32/include/hal/uart_ll.h"
-  - "components/hal/include/hal/ecdsa_hal.h"
   - "components/hal/include/hal/gpio_hal.h"
   - "components/hal/include/hal/twai_types_deprecated.h"
 rule:
@@ -57,7 +55,6 @@ ignores:
   - "components/hal/cache_hal.c"
   - "components/hal/mmu_hal.c"
   - "components/hal/twai_hal_sja1000.c"
-  - "components/hal/include/hal/ecdsa_hal.h"
   - "components/hal/include/hal/twai_types_deprecated.h"
 rule:
   kind: preproc_include