From b0cdc82996ed8af6d092cbfdd2f74bc175aa5c40 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 16 Sep 2025 10:54:21 +0530 Subject: [PATCH] fix(ecdsa): Fixed ECDSA efuse purpose check condition --- components/mbedtls/port/ecdsa/ecdsa_alt.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/components/mbedtls/port/ecdsa/ecdsa_alt.c b/components/mbedtls/port/ecdsa/ecdsa_alt.c index f65c687c88..01d6d9be44 100644 --- a/components/mbedtls/port/ecdsa/ecdsa_alt.c +++ b/components/mbedtls/port/ecdsa/ecdsa_alt.c @@ -182,15 +182,20 @@ static int esp_ecdsa_validate_efuse_block(mbedtls_ecp_group_id grp_id, int efuse expected_key_purpose_low = ESP_EFUSE_KEY_PURPOSE_ECDSA_KEY; #endif /* !SOC_ECDSA_SUPPORT_CURVE_SPECIFIC_KEY_PURPOSES */ - if (expected_key_purpose_low != esp_efuse_get_key_purpose((esp_efuse_block_t)low_blk) -#if SOC_ECDSA_SUPPORT_CURVE_SPECIFIC_KEY_PURPOSES && SOC_ECDSA_SUPPORT_CURVE_P384 - || expected_key_purpose_high != esp_efuse_get_key_purpose((esp_efuse_block_t)high_blk) -#endif - ) { + if (expected_key_purpose_low != esp_efuse_get_key_purpose((esp_efuse_block_t)low_blk)) { ESP_LOGE(TAG, "Key burned in efuse has incorrect purpose"); return MBEDTLS_ERR_ECP_INVALID_KEY; } +#if SOC_ECDSA_SUPPORT_CURVE_SPECIFIC_KEY_PURPOSES && SOC_ECDSA_SUPPORT_CURVE_P384 + // Only check high block purpose for P384 curves that actually use it + if (grp_id == MBEDTLS_ECP_DP_SECP384R1 && + expected_key_purpose_high != esp_efuse_get_key_purpose((esp_efuse_block_t)high_blk)) { + ESP_LOGE(TAG, "Key burned in efuse has incorrect purpose for high block"); + return MBEDTLS_ERR_ECP_INVALID_KEY; + } +#endif + return 0; } #endif /* SOC_ECDSA_SUPPORT_EXPORT_PUBKEY || CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN */