From 497fc7ed185197f61b7abbde7c89e0a8154e8d82 Mon Sep 17 00:00:00 2001 From: "nilesh.kale" Date: Tue, 13 May 2025 17:01:07 +0530 Subject: [PATCH 1/3] feat: enabled ECDSA-P192 support for ESP32H2 --- .../src/esp32h2/secure_boot_secure_features.c | 9 ++- .../bootloader_support/src/secure_boot.c | 21 ++++++ components/efuse/include/esp_efuse.h | 45 +++++++++++- components/efuse/src/esp_efuse_fields.c | 70 +++++++++++++++++++ components/esp_security/Kconfig | 8 +++ components/esp_security/src/init.c | 9 +++ components/hal/esp32h2/efuse_hal.c | 13 +++- components/hal/esp32h2/include/hal/ecdsa_ll.h | 10 +++ .../hal/esp32h2/include/hal/efuse_hal.h | 9 ++- components/hal/esp32h2/include/hal/efuse_ll.h | 7 +- .../test_apps/crypto/main/Kconfig.projbuild | 2 +- .../test_apps/crypto/main/ecdsa/test_ecdsa.c | 30 ++++++-- components/mbedtls/port/ecdsa/ecdsa_alt.c | 4 +- .../test_apps/main/test_mbedtls_ecdsa.c | 7 ++ .../esp32h2/include/soc/Kconfig.soc_caps.in | 4 ++ components/soc/esp32h2/include/soc/soc_caps.h | 2 + docs/en/api-reference/peripherals/ecdsa.rst | 12 ++++ 17 files changed, 248 insertions(+), 14 deletions(-) diff --git a/components/bootloader_support/src/esp32h2/secure_boot_secure_features.c b/components/bootloader_support/src/esp32h2/secure_boot_secure_features.c index 9ea0f69e4b..da7f84df5c 100644 --- a/components/bootloader_support/src/esp32h2/secure_boot_secure_features.c +++ b/components/bootloader_support/src/esp32h2/secure_boot_secure_features.c @@ -1,10 +1,11 @@ /* - * SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ #include +#include "hal/ecdsa_ll.h" #include "esp_flash_encrypt.h" #include "esp_secure_boot.h" #include "esp_efuse.h" @@ -36,6 +37,12 @@ esp_err_t esp_secure_boot_enable_secure_features(void) ESP_LOGW(TAG, "UART ROM Download mode kept enabled - SECURITY COMPROMISED"); #endif +#ifdef SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED + if (ecdsa_ll_is_configurable_curve_supported()) { + esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_ECDSA_CURVE_MODE); + } +#endif + #ifndef CONFIG_SECURE_BOOT_ALLOW_JTAG ESP_LOGI(TAG, "Disable hardware & software JTAG..."); esp_efuse_write_field_bit(ESP_EFUSE_DIS_PAD_JTAG); diff --git a/components/bootloader_support/src/secure_boot.c b/components/bootloader_support/src/secure_boot.c index 9df2e6278c..6bf584e32b 100644 --- a/components/bootloader_support/src/secure_boot.c +++ b/components/bootloader_support/src/secure_boot.c @@ -12,6 +12,10 @@ #include "esp_secure_boot.h" #include "hal/efuse_hal.h" +#ifdef SOC_ECDSA_SUPPORTED +#include "hal/ecdsa_ll.h" +#endif + #ifndef BOOTLOADER_BUILD static __attribute__((unused)) const char *TAG = "secure_boot"; @@ -340,6 +344,23 @@ bool esp_secure_boot_cfg_verify_release_mode(void) #endif } +#ifdef SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED + if (ecdsa_ll_is_configurable_curve_supported()) { + secure = esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_ECDSA_CURVE_MODE); + if (!secure) { + uint8_t current_curve; + esp_err_t err = esp_efuse_read_field_blob(ESP_EFUSE_ECDSA_CURVE_MODE, ¤t_curve, ESP_EFUSE_ECDSA_CURVE_MODE[0]->bit_count); + if (err == ESP_OK) { + if (current_curve != ESP_EFUSE_ECDSA_CURVE_MODE_ALLOW_ONLY_P256_BIT_LOCKED) { + // If not P256 mode + result &= secure; + ESP_LOGW(TAG, "Not write disabled ECDSA curve mode (set WR_DIS_ECDSA_CURVE_MODE->1)"); + } + } + } + } +#endif + #ifdef CONFIG_SECURE_BOOT_ENABLE_AGGRESSIVE_KEY_REVOKE secure = esp_efuse_read_field_bit(ESP_EFUSE_SECURE_BOOT_AGGRESSIVE_REVOKE); result &= secure; diff --git a/components/efuse/include/esp_efuse.h b/components/efuse/include/esp_efuse.h index be3aca8e18..d18348fe47 100644 --- a/components/efuse/include/esp_efuse.h +++ b/components/efuse/include/esp_efuse.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2017-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2017-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -159,7 +159,7 @@ esp_err_t esp_efuse_write_field_cnt(const esp_efuse_desc_t* field[], size_t cnt) * * @return * - ESP_OK: The operation was successfully completed, or the bit was already set to value 1. - * - ESP_ERR_INVALID_ARG: Error in the passed arugments, including if the efuse field is not 1 bit wide. + * - ESP_ERR_INVALID_ARG: Error in the passed arguments, including if the efuse field is not 1 bit wide. */ esp_err_t esp_efuse_write_field_bit(const esp_efuse_desc_t* field[]); @@ -468,7 +468,7 @@ esp_err_t esp_efuse_batch_write_begin(void); * * @return * - ESP_OK: Successful. - * - ESP_ERR_INVALID_STATE: Tha batch mode was not set. + * - ESP_ERR_INVALID_STATE: The batch mode was not set. */ esp_err_t esp_efuse_batch_write_cancel(void); @@ -806,6 +806,45 @@ esp_err_t esp_efuse_check_errors(void); */ esp_err_t esp_efuse_destroy_block(esp_efuse_block_t block); +#if SOC_ECDSA_SUPPORTED +/** + * @brief Checks if 192-bit ECDSA curve operations are supported. + * + * This function checks if the current eFuse configuration supports 192-bit ECDSA curve operations. +*/ +bool esp_efuse_is_ecdsa_p192_curve_supported(void); + +/** + * @brief Checks if 256-bit ECDSA curve operations are supported. + * + * This function checks if the current eFuse configuration supports 256-bit ECDSA curve operations. +*/ +bool esp_efuse_is_ecdsa_p256_curve_supported(void); +#endif /* SOC_ECDSA_SUPPORTED*/ + +#if SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED +typedef enum { + ESP_EFUSE_ECDSA_CURVE_MODE_ALLOW_ONLY_P256_BIT = 0, + ESP_EFUSE_ECDSA_CURVE_MODE_ALLOW_ONLY_P192_BIT = 1, + ESP_EFUSE_ECDSA_CURVE_MODE_ALLOW_BOTH_P192_P256_BIT = 2, + ESP_EFUSE_ECDSA_CURVE_MODE_ALLOW_ONLY_P256_BIT_LOCKED = 3, +} esp_efuse_ecdsa_curve_mode_t; + +/** + * @brief Enables 192-bit ECDSA curve operations by setting the appropriate eFuse value. + * + * This function enables support for 192-bit ECDSA curve operations by configuring the + * ECDSA curve mode eFuse. It checks the current curve mode and attempts to set it to + * allow both P192 and P256 operations if not already set. + * + * @return + * - ESP_OK: Successfully enabled 192-bit ECDSA operations or already enabled + * - ESP_FAIL: Failed to enable operations due to write protection + * - Other error codes: Failed to read/write eFuse + */ +esp_err_t esp_efuse_enable_ecdsa_p192_curve_mode(void); +#endif + #ifdef __cplusplus } #endif diff --git a/components/efuse/src/esp_efuse_fields.c b/components/efuse/src/esp_efuse_fields.c index 7672c0716f..8758bcf073 100644 --- a/components/efuse/src/esp_efuse_fields.c +++ b/components/efuse/src/esp_efuse_fields.c @@ -16,6 +16,13 @@ #include "esp_log.h" #include "soc/efuse_periph.h" #include "sys/param.h" +#include "soc/soc_caps.h" +#include "hal/efuse_ll.h" +#include "hal/efuse_hal.h" + +#ifdef SOC_ECDSA_SUPPORTED +#include "hal/ecdsa_ll.h" +#endif /* SOC_ECDSA_SUPPORTED */ static __attribute__((unused)) const char *TAG = "efuse"; @@ -81,3 +88,66 @@ esp_err_t esp_efuse_update_secure_version(uint32_t secure_version) } return ESP_OK; } + +#if SOC_ECDSA_SUPPORTED +bool esp_efuse_is_ecdsa_p192_curve_supported(void) +{ +#if SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED + if (ecdsa_ll_is_configurable_curve_supported()) { + uint32_t current_curve = efuse_hal_get_ecdsa_curve_mode(); + return (current_curve == ESP_EFUSE_ECDSA_CURVE_MODE_ALLOW_BOTH_P192_P256_BIT || current_curve == ESP_EFUSE_ECDSA_CURVE_MODE_ALLOW_ONLY_P192_BIT); + } else { + return true; + } +#else + return true; +#endif /* SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED */ +} + +bool esp_efuse_is_ecdsa_p256_curve_supported(void) +{ +#if SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED + if (ecdsa_ll_is_configurable_curve_supported()) { + uint32_t current_curve = efuse_hal_get_ecdsa_curve_mode(); + return (current_curve != ESP_EFUSE_ECDSA_CURVE_MODE_ALLOW_ONLY_P192_BIT); + } else { + return true; + } +#else + return true; +#endif /* SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED */ +} +#endif /* SOC_ECDSA_SUPPORTED */ + +#if SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED +esp_err_t esp_efuse_enable_ecdsa_p192_curve_mode(void) +{ + + if (ecdsa_ll_is_configurable_curve_supported()) { + esp_err_t err; + uint8_t current_curve, next_curve; + + current_curve = efuse_hal_get_ecdsa_curve_mode(); + // Check if already in desired state + if (current_curve == ESP_EFUSE_ECDSA_CURVE_MODE_ALLOW_BOTH_P192_P256_BIT || current_curve == ESP_EFUSE_ECDSA_CURVE_MODE_ALLOW_ONLY_P192_BIT) { + ESP_EARLY_LOGD(TAG, "ECDSA P-192 curve mode is already enabled"); + return ESP_OK; + } + + // Check if write is disabled or already locked to P256 + if (esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_ECDSA_CURVE_MODE) || current_curve == ESP_EFUSE_ECDSA_CURVE_MODE_ALLOW_ONLY_P256_BIT_LOCKED) { + ESP_EARLY_LOGE(TAG, "ECDSA curve mode is locked, cannot enable P-192 curve"); + return ESP_FAIL; + } + + // Attempt to write new curve mode + next_curve = ESP_EFUSE_ECDSA_CURVE_MODE_ALLOW_BOTH_P192_P256_BIT; + err = esp_efuse_write_field_blob(ESP_EFUSE_ECDSA_CURVE_MODE, &next_curve, ESP_EFUSE_ECDSA_CURVE_MODE[0]->bit_count); + if (err != ESP_OK) { + ESP_EARLY_LOGE(TAG, "Failed to enable ECDSA P-192 curve %d", err); + return err; + } + } + return ESP_OK; +} +#endif /* SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED */ diff --git a/components/esp_security/Kconfig b/components/esp_security/Kconfig index 7a8c9ff631..908d02961b 100644 --- a/components/esp_security/Kconfig +++ b/components/esp_security/Kconfig @@ -50,4 +50,12 @@ menu "ESP Security Specific" the cases when trusted boot is not enabled and the attacker tries carrying out non-constant time point multiplication operations by changing the default ESP-IDF configurations. Performing constant time operations protect the ECC multiplication operations from timing attacks. + + config ESP_ECDSA_ENABLE_P192_CURVE + bool "Enable ECDSA 192-curve operations" + depends on SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED + default N + help + By default, only the 256-bit curve operations are allowed. If this configuration is enabled, + it will set the eFuse to allow ECDSA operations using both the 192-bit and 256-bit curves. endmenu diff --git a/components/esp_security/src/init.c b/components/esp_security/src/init.c index ab75144cda..11d01f89d9 100644 --- a/components/esp_security/src/init.c +++ b/components/esp_security/src/init.c @@ -58,6 +58,15 @@ ESP_SYSTEM_INIT_FN(esp_security_init, SECONDARY, BIT(0), 103) } } #endif + +#if CONFIG_ESP_ECDSA_ENABLE_P192_CURVE + esp_err_t err; + err = esp_efuse_enable_ecdsa_p192_curve_mode(); + if (err != ESP_OK) { + return err; + } +#endif + return ESP_OK; } diff --git a/components/hal/esp32h2/efuse_hal.c b/components/hal/esp32h2/efuse_hal.c index 94a1051713..f6d1c0f40a 100644 --- a/components/hal/esp32h2/efuse_hal.c +++ b/components/hal/esp32h2/efuse_hal.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -7,6 +7,7 @@ #include #include "sdkconfig.h" #include "soc/soc_caps.h" +#include "soc/chip_revision.h" #include "hal/assert.h" #include "hal/efuse_hal.h" #include "hal/efuse_ll.h" @@ -79,6 +80,16 @@ void efuse_hal_rs_calculate(const void *data, void *rs_values) ets_efuse_rs_calculate(data, rs_values); } +uint32_t efuse_hal_get_ecdsa_curve_mode(void) +{ + if (ESP_CHIP_REV_ABOVE(efuse_hal_chip_revision(), 102)) { + return efuse_ll_get_ecdsa_curve_mode(); + } else { + // Curve mode is not configurable for previous versions + return 0; + } +} + /******************* eFuse control functions *************************/ bool efuse_hal_is_coding_error_in_block(unsigned block) diff --git a/components/hal/esp32h2/include/hal/ecdsa_ll.h b/components/hal/esp32h2/include/hal/ecdsa_ll.h index bea4ef26ef..ff83a3709d 100644 --- a/components/hal/esp32h2/include/hal/ecdsa_ll.h +++ b/components/hal/esp32h2/include/hal/ecdsa_ll.h @@ -378,6 +378,16 @@ static inline int ecdsa_ll_get_operation_result(void) return REG_GET_BIT(ECDSA_RESULT_REG, ECDSA_OPERATION_RESULT); } +/** + * @brief Check if the ECDSA curves configuration is supported + * The ECDSA curves configuration is only avliable in chip version + * above 1.2 in ESP32-H2 + */ +static inline bool ecdsa_ll_is_configurable_curve_supported(void) +{ + return ESP_CHIP_REV_ABOVE(efuse_hal_chip_revision(), 102); +} + #ifdef __cplusplus } #endif diff --git a/components/hal/esp32h2/include/hal/efuse_hal.h b/components/hal/esp32h2/include/hal/efuse_hal.h index b6c83d6da6..37c4f72cd9 100644 --- a/components/hal/esp32h2/include/hal/efuse_hal.h +++ b/components/hal/esp32h2/include/hal/efuse_hal.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -54,6 +54,13 @@ void efuse_hal_program(uint32_t block); */ void efuse_hal_rs_calculate(const void *data, void *rs_values); +/** + * @brief Get ECDSA curve mode + * + * @return ECDSA curve mode + */ +uint32_t efuse_hal_get_ecdsa_curve_mode(void); + /** * @brief Checks coding error in a block * diff --git a/components/hal/esp32h2/include/hal/efuse_ll.h b/components/hal/esp32h2/include/hal/efuse_ll.h index 16226aa463..09055e2df5 100644 --- a/components/hal/esp32h2/include/hal/efuse_ll.h +++ b/components/hal/esp32h2/include/hal/efuse_ll.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -20,6 +20,11 @@ extern "C" { /******************* eFuse fields *************************/ +__attribute__((always_inline)) static inline uint32_t efuse_ll_get_ecdsa_curve_mode(void) +{ + return EFUSE.rd_repeat_data0.ecdsa_curve_mode; +} + __attribute__((always_inline)) static inline uint32_t efuse_ll_get_flash_crypt_cnt(void) { return EFUSE.rd_repeat_data1.spi_boot_crypt_cnt; diff --git a/components/hal/test_apps/crypto/main/Kconfig.projbuild b/components/hal/test_apps/crypto/main/Kconfig.projbuild index ee68e84f19..f51dbf67ca 100644 --- a/components/hal/test_apps/crypto/main/Kconfig.projbuild +++ b/components/hal/test_apps/crypto/main/Kconfig.projbuild @@ -22,7 +22,7 @@ menu "Test App Configuration" Enabling this option includes HMAC Peripheral related test cases in the build for supported targets. config CRYPTO_TEST_APP_ENABLE_ECDSA_TESTS - depends on !CRYPTO_TEST_APP_ENABLE_HMAC_TESTS + depends on SOC_ECDSA_SUPPORTED && !CRYPTO_TEST_APP_ENABLE_HMAC_TESTS bool "Enable ECDSA Peripheral test cases" default n help diff --git a/components/hal/test_apps/crypto/main/ecdsa/test_ecdsa.c b/components/hal/test_apps/crypto/main/ecdsa/test_ecdsa.c index 6d29b0fccf..5fa292c42f 100644 --- a/components/hal/test_apps/crypto/main/ecdsa/test_ecdsa.c +++ b/components/hal/test_apps/crypto/main/ecdsa/test_ecdsa.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: CC0-1.0 */ @@ -12,6 +12,8 @@ #include "esp_efuse_chip.h" #include "esp_private/esp_crypto_lock_internal.h" #include "esp_random.h" +#include "esp_log.h" +#include "esp_efuse.h" #include "hal/ecc_ll.h" #include "hal/ecdsa_hal.h" #include "hal/ecdsa_ll.h" @@ -27,6 +29,8 @@ #include "ecdsa_params.h" #include "hal_crypto_common.h" +__attribute__((unused)) static const char * TAG = "crypto_test"; + static void ecdsa_enable_and_reset(void) { ECDSA_RCC_ATOMIC() { @@ -282,17 +286,29 @@ TEST_TEAR_DOWN(ecdsa) TEST(ecdsa, ecdsa_SECP192R1_signature_verification) { - TEST_ASSERT_EQUAL(0, test_ecdsa_verify(0, sha, ecdsa192_r, ecdsa192_s, ecdsa192_pub_x, ecdsa192_pub_y)); + if (!esp_efuse_is_ecdsa_p192_curve_supported()) { + ESP_LOGI(TAG, "Skipping test because ECDSA 192-curve operations are disabled."); + } else { + TEST_ASSERT_EQUAL(0, test_ecdsa_verify(0, sha, ecdsa192_r, ecdsa192_s, ecdsa192_pub_x, ecdsa192_pub_y)); + } } TEST(ecdsa, ecdsa_SECP192R1_sign_and_verify) { - test_ecdsa_sign_and_verify(0, sha, ecdsa192_pub_x, ecdsa192_pub_y, false, ECDSA_K_TYPE_TRNG); + if (!esp_efuse_is_ecdsa_p192_curve_supported()) { + ESP_LOGI(TAG, "Skipping test because ECDSA 192-curve operations are disabled."); + } else { + test_ecdsa_sign_and_verify(0, sha, ecdsa192_pub_x, ecdsa192_pub_y, false, ECDSA_K_TYPE_TRNG); + } } TEST(ecdsa, ecdsa_SECP192R1_corrupt_signature) { - test_ecdsa_corrupt_data(0, sha, ecdsa192_r, ecdsa192_s, ecdsa192_pub_x, ecdsa192_pub_y); + if (!esp_efuse_is_ecdsa_p192_curve_supported()) { + ESP_LOGI(TAG, "Skipping test because ECDSA 192-curve operations are disabled."); + } else { + test_ecdsa_corrupt_data(0, sha, ecdsa192_r, ecdsa192_s, ecdsa192_pub_x, ecdsa192_pub_y); + } } TEST(ecdsa, ecdsa_SECP256R1_signature_verification) @@ -325,7 +341,11 @@ TEST(ecdsa, ecdsa_SECP256R1_det_sign_and_verify) #ifdef SOC_ECDSA_SUPPORT_EXPORT_PUBKEY TEST(ecdsa, ecdsa_SECP192R1_export_pubkey) { - test_ecdsa_export_pubkey(0, ecdsa192_pub_x, ecdsa192_pub_y, 0); + if (!esp_efuse_is_ecdsa_p192_curve_supported()) { + ESP_LOGI(TAG, "Skipping test because ECDSA 192-curve operations are disabled."); + } else { + test_ecdsa_export_pubkey(0, ecdsa192_pub_x, ecdsa192_pub_y, 0); + } } TEST(ecdsa, ecdsa_SECP256R1_export_pubkey) diff --git a/components/mbedtls/port/ecdsa/ecdsa_alt.c b/components/mbedtls/port/ecdsa/ecdsa_alt.c index 7dd3e6d01e..198ef085d6 100644 --- a/components/mbedtls/port/ecdsa/ecdsa_alt.c +++ b/components/mbedtls/port/ecdsa/ecdsa_alt.c @@ -712,7 +712,9 @@ int __wrap_mbedtls_ecdsa_verify_restartable(mbedtls_ecp_group *grp, const mbedtls_mpi *s, mbedtls_ecdsa_restart_ctx *rs_ctx) { - if ((grp->id == MBEDTLS_ECP_DP_SECP192R1 || grp->id == MBEDTLS_ECP_DP_SECP256R1) && blen == ECDSA_SHA_LEN) { + if (((grp->id == MBEDTLS_ECP_DP_SECP192R1 && esp_efuse_is_ecdsa_p192_curve_supported()) + || (grp->id == MBEDTLS_ECP_DP_SECP256R1 && esp_efuse_is_ecdsa_p256_curve_supported())) + && blen == ECDSA_SHA_LEN) { return esp_ecdsa_verify(grp, buf, blen, Q, r, s); } else { return __real_mbedtls_ecdsa_verify_restartable(grp, buf, blen, Q, r, s, rs_ctx); diff --git a/components/mbedtls/test_apps/main/test_mbedtls_ecdsa.c b/components/mbedtls/test_apps/main/test_mbedtls_ecdsa.c index 768516d35c..12eec80b23 100644 --- a/components/mbedtls/test_apps/main/test_mbedtls_ecdsa.c +++ b/components/mbedtls/test_apps/main/test_mbedtls_ecdsa.c @@ -26,6 +26,11 @@ #if SOC_KEY_MANAGER_SUPPORTED #include "esp_key_mgr.h" #endif + +#if SOC_ECDSA_SUPPORTED +#include "hal/ecdsa_ll.h" +#endif + #define TEST_ASSERT_MBEDTLS_OK(X) TEST_ASSERT_EQUAL_HEX32(0, -(X)) #if CONFIG_NEWLIB_NANO_FORMAT @@ -36,6 +41,8 @@ #define NEWLIB_NANO_COMPAT_CAST(int64_t_var) int64_t_var #endif +__attribute__((unused)) static const char * TAG = "mbedtls_test"; + /* * All the following values are in big endian format, as required by the mbedTLS APIs */ diff --git a/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in b/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in index 76acf2f0bd..73dc682277 100644 --- a/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in @@ -1303,6 +1303,10 @@ config SOC_ECDSA_USES_MPI bool default y +config SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED + bool + default y + config SOC_UART_NUM int default 2 diff --git a/components/soc/esp32h2/include/soc/soc_caps.h b/components/soc/esp32h2/include/soc/soc_caps.h index 4da526658f..f8ebaa02e2 100644 --- a/components/soc/esp32h2/include/soc/soc_caps.h +++ b/components/soc/esp32h2/include/soc/soc_caps.h @@ -523,6 +523,8 @@ /*------------------------- ECDSA CAPS -------------------------*/ #define SOC_ECDSA_USES_MPI (1) +#define SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED (1) + /*-------------------------- UART CAPS ---------------------------------------*/ // ESP32-H2 has 2 UARTs #define SOC_UART_NUM (2) diff --git a/docs/en/api-reference/peripherals/ecdsa.rst b/docs/en/api-reference/peripherals/ecdsa.rst index 06f8a8a505..74444ade75 100644 --- a/docs/en/api-reference/peripherals/ecdsa.rst +++ b/docs/en/api-reference/peripherals/ecdsa.rst @@ -61,6 +61,18 @@ Following code snippet uses :cpp:func:`esp_efuse_write_key` to set physical key // writing key failed, maybe written already } + +.. only:: SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED + + ECDSA Curve Configuration + ------------------------- + + The ECDSA peripheral of the {IDF_TARGET_NAME} supports both ECDSA-P192 and ECDSA-P256 operations. However, starting with {IDF_TARGET_NAME} revision 1.2, only ECDSA-P256 operations are enabled by default. You can enable ECDSA-P192 operations using the following configuration options: + + - :ref:`CONFIG_ESP_ECDSA_ENABLE_P192_CURVE` enables support for ECDSA-P192 curve operations, allowing the device to perform ECDSA operations with both 192-bit and 256-bit curves. However, if ECDSA-P192 operations have already been permanently disabled during eFuse write protection, enabling this option can not re-enable ECDSA-P192 curve operations. + + - :cpp:func:`esp_efuse_enable_ecdsa_p192_curve_mode()` enables ECDSA-P192 curve operations programmatically by writing the appropriate value to the eFuse, allowing both P-192 and P-256 curve operations. Note that this API will fail if the eFuse is already write-protected. + .. only:: SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE Deterministic Signature Generation From cebbedbac2b9c2562f62d960172a4010e859ed24 Mon Sep 17 00:00:00 2001 From: "nilesh.kale" Date: Tue, 13 May 2025 17:36:57 +0530 Subject: [PATCH 2/3] feat: enable support for deterministic mode for esp32h2 --- components/hal/ecdsa_hal.c | 15 +++-- components/hal/esp32c5/include/hal/ecdsa_ll.h | 13 +--- components/hal/esp32h2/include/hal/ecdsa_ll.h | 30 ++++++++++ components/hal/esp32p4/include/hal/ecdsa_ll.h | 10 +++- .../test_apps/crypto/main/ecdsa/test_ecdsa.c | 28 ++++++--- components/mbedtls/port/ecdsa/ecdsa_alt.c | 59 +++++++++++++------ .../test_apps/main/test_mbedtls_ecdsa.c | 12 +++- .../esp32h2/include/soc/Kconfig.soc_caps.in | 8 +++ components/soc/esp32h2/include/soc/soc_caps.h | 2 + 9 files changed, 128 insertions(+), 49 deletions(-) diff --git a/components/hal/ecdsa_hal.c b/components/hal/ecdsa_hal.c index 5c10802e2c..8f5d463a26 100644 --- a/components/hal/ecdsa_hal.c +++ b/components/hal/ecdsa_hal.c @@ -47,10 +47,13 @@ static void configure_ecdsa_periph(ecdsa_hal_config_t *conf) } #if SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE - ecdsa_ll_set_k_type(conf->sign_type); - - if (conf->sign_type == ECDSA_K_TYPE_DETERMINISITIC) { - ecdsa_ll_set_deterministic_loop(conf->loop_number); + if (ecdsa_ll_is_deterministic_mode_supported()) { + ecdsa_ll_set_k_type(conf->sign_type); +#if !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP + if (conf->sign_type == ECDSA_K_TYPE_DETERMINISITIC) { + ecdsa_ll_set_deterministic_loop(conf->loop_number); + } +#endif /* !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP */ } #endif } @@ -224,11 +227,11 @@ void ecdsa_hal_export_pubkey(ecdsa_hal_config_t *conf, uint8_t *pub_x, uint8_t * } #endif /* SOC_ECDSA_SUPPORT_EXPORT_PUBKEY */ -#ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE +#if SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE && !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP bool ecdsa_hal_det_signature_k_check(void) { return (ecdsa_ll_check_k_value() == 0); } -#endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */ +#endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE && !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP */ diff --git a/components/hal/esp32c5/include/hal/ecdsa_ll.h b/components/hal/esp32c5/include/hal/ecdsa_ll.h index 58bb389aeb..225a86d40a 100644 --- a/components/hal/esp32c5/include/hal/ecdsa_ll.h +++ b/components/hal/esp32c5/include/hal/ecdsa_ll.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -415,17 +415,6 @@ static inline int ecdsa_ll_get_operation_result(void) return REG_GET_BIT(ECDSA_RESULT_REG, ECDSA_OPERATION_RESULT); } -/** - * @brief Check if the k value is greater than the curve order. - * - * @return 0, k value is not greater than the curve order. In this case, the k value is the set k value. - * @return 1, k value is greater than than the curve order. In this case, the k value is the set (k mod n). - */ -static inline int ecdsa_ll_check_k_value(void) -{ - return REG_GET_BIT(ECDSA_RESULT_REG, ECDSA_K_VALUE_WARNING); -} - #ifdef __cplusplus } #endif diff --git a/components/hal/esp32h2/include/hal/ecdsa_ll.h b/components/hal/esp32h2/include/hal/ecdsa_ll.h index ff83a3709d..65299c1219 100644 --- a/components/hal/esp32h2/include/hal/ecdsa_ll.h +++ b/components/hal/esp32h2/include/hal/ecdsa_ll.h @@ -211,6 +211,26 @@ static inline void ecdsa_ll_set_z_mode(ecdsa_ll_sha_mode_t mode) } } +/** + * @brief Set the signature generation type of ECDSA operation + * + * @param type Type of the ECDSA signature + */ +static inline void ecdsa_ll_set_k_type(ecdsa_sign_type_t type) +{ + switch (type) { + case ECDSA_K_TYPE_TRNG: + REG_CLR_BIT(ECDSA_CONF_REG, ECDSA_DETERMINISTIC_K); + break; + case ECDSA_K_TYPE_DETERMINISITIC: + REG_SET_BIT(ECDSA_CONF_REG, ECDSA_DETERMINISTIC_K); + break; + default: + HAL_ASSERT(false && "Unsupported K type"); + break; + } +} + /** * @brief Set the stage of ECDSA operation * @@ -388,6 +408,16 @@ static inline bool ecdsa_ll_is_configurable_curve_supported(void) return ESP_CHIP_REV_ABOVE(efuse_hal_chip_revision(), 102); } +/** + * @brief Check if the ECDSA deterministic mode is supported + * The ECDSA deterministic mode is only available in chip version + * above 1.2 in ESP32-H2 + */ +static inline bool ecdsa_ll_is_deterministic_mode_supported(void) +{ + return ESP_CHIP_REV_ABOVE(efuse_hal_chip_revision(), 102); +} + #ifdef __cplusplus } #endif diff --git a/components/hal/esp32p4/include/hal/ecdsa_ll.h b/components/hal/esp32p4/include/hal/ecdsa_ll.h index f3429cf1b2..1e8a713f75 100644 --- a/components/hal/esp32p4/include/hal/ecdsa_ll.h +++ b/components/hal/esp32p4/include/hal/ecdsa_ll.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -432,6 +432,14 @@ static inline int ecdsa_ll_check_k_value(void) return REG_GET_BIT(ECDSA_RESULT_REG, ECDSA_K_VALUE_WARNING); } +/** + * @brief Check if the ECDSA deterministic mode is supported + */ +static inline bool ecdsa_ll_is_deterministic_mode_supported(void) +{ + return true; +} + #ifdef __cplusplus } #endif diff --git a/components/hal/test_apps/crypto/main/ecdsa/test_ecdsa.c b/components/hal/test_apps/crypto/main/ecdsa/test_ecdsa.c index 5fa292c42f..c7ddbeecd7 100644 --- a/components/hal/test_apps/crypto/main/ecdsa/test_ecdsa.c +++ b/components/hal/test_apps/crypto/main/ecdsa/test_ecdsa.c @@ -151,9 +151,9 @@ void test_ecdsa_sign(bool is_p256, uint8_t* sha, uint8_t* r_le, uint8_t* s_le, b uint8_t zeroes[32] = {0}; uint16_t len; -#ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE +#if !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP uint16_t det_loop_number = 1; -#endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */ +#endif /* !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP */ ecdsa_hal_config_t conf = { .mode = ECDSA_MODE_SIGN_GEN, @@ -184,11 +184,11 @@ void test_ecdsa_sign(bool is_p256, uint8_t* sha, uint8_t* r_le, uint8_t* s_le, b bool process_again = false; do { -#ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE - if (k_type == ECDSA_K_TYPE_DETERMINISITIC) { +#if !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP + if (ecdsa_ll_is_deterministic_mode_supported() && k_type == ECDSA_K_TYPE_DETERMINISITIC) { conf.loop_number = det_loop_number++; } -#endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */ +#endif /* !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP */ ecdsa_hal_gen_signature(&conf, sha_le, r_le, s_le, len); @@ -196,8 +196,8 @@ void test_ecdsa_sign(bool is_p256, uint8_t* sha, uint8_t* r_le, uint8_t* s_le, b || !memcmp(r_le, zeroes, len) || !memcmp(s_le, zeroes, len); -#ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE - if (k_type == ECDSA_K_TYPE_DETERMINISITIC) { +#if SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE && !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP + if (ecdsa_ll_is_deterministic_mode_supported() && k_type == ECDSA_K_TYPE_DETERMINISITIC) { process_again |= !ecdsa_hal_det_signature_k_check(); } #endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */ @@ -329,12 +329,22 @@ TEST(ecdsa, ecdsa_SECP256R1_corrupt_signature) #ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE TEST(ecdsa, ecdsa_SECP192R1_det_sign_and_verify) { - test_ecdsa_sign_and_verify(0, sha, ecdsa192_pub_x, ecdsa192_pub_y, false, ECDSA_K_TYPE_DETERMINISITIC); + if (!ecdsa_ll_is_deterministic_mode_supported()) { + ESP_LOGI(TAG, "Skipping test because ECDSA deterministic mode is not supported."); + } else if (!esp_efuse_is_ecdsa_p192_curve_supported()) { + ESP_LOGI(TAG, "Skipping test because ECDSA 192-curve operations are disabled."); + } else { + test_ecdsa_sign_and_verify(0, sha, ecdsa192_pub_x, ecdsa192_pub_y, false, ECDSA_K_TYPE_DETERMINISITIC); + } } TEST(ecdsa, ecdsa_SECP256R1_det_sign_and_verify) { - test_ecdsa_sign_and_verify(1, sha, ecdsa256_pub_x, ecdsa256_pub_y, false, ECDSA_K_TYPE_DETERMINISITIC); + if (!ecdsa_ll_is_deterministic_mode_supported()) { + ESP_LOGI(TAG, "Skipping test because ECDSA deterministic mode is not supported."); + } else { + test_ecdsa_sign_and_verify(1, sha, ecdsa256_pub_x, ecdsa256_pub_y, false, ECDSA_K_TYPE_DETERMINISITIC); + } } #endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */ diff --git a/components/mbedtls/port/ecdsa/ecdsa_alt.c b/components/mbedtls/port/ecdsa/ecdsa_alt.c index 198ef085d6..96a14e7930 100644 --- a/components/mbedtls/port/ecdsa/ecdsa_alt.c +++ b/components/mbedtls/port/ecdsa/ecdsa_alt.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -337,9 +337,9 @@ static int esp_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi* r, mbedtls_mpi* s bool process_again = false; -#ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE - uint16_t deterministic_loop_number = 1; -#endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */ +#if !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP + uint16_t deterministic_loop_number __attribute__((unused)) = 1; +#endif /* !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP */ do { ecdsa_hal_config_t conf = { @@ -347,10 +347,12 @@ static int esp_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi* r, mbedtls_mpi* s .curve = curve, .sha_mode = ECDSA_Z_USER_PROVIDED, .sign_type = k_type, -#ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE - .loop_number = deterministic_loop_number++, -#endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */ }; +#if !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP + if (ecdsa_ll_is_deterministic_mode_supported()) { + conf.loop_number = deterministic_loop_number++; + } +#endif /* !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP */ if (use_km_key) { conf.use_km_key = 1; @@ -375,8 +377,8 @@ static int esp_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi* r, mbedtls_mpi* s || !memcmp(r_le, zeroes, len) || !memcmp(s_le, zeroes, len); -#ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE - if (k_type == ECDSA_K_TYPE_DETERMINISITIC) { +#if SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE && !SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP + if (ecdsa_ll_is_deterministic_mode_supported() && k_type == ECDSA_K_TYPE_DETERMINISITIC) { process_again |= !ecdsa_hal_det_signature_k_check(); } #endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */ @@ -472,12 +474,18 @@ int __wrap_mbedtls_ecdsa_sign_det_ext(mbedtls_ecp_group *grp, mbedtls_mpi *r, /* * Check `d` whether it contains the hardware key */ +#if CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN if (d->MBEDTLS_PRIVATE(s) == ECDSA_KEY_MAGIC) { - // Use hardware ECDSA peripheral - return esp_ecdsa_sign(grp, r, s, d, buf, blen, ECDSA_K_TYPE_DETERMINISITIC); - } else { - return __real_mbedtls_ecdsa_sign_det_ext(grp, r, s, d, buf, blen, md_alg, f_rng_blind, p_rng_blind); + if (ecdsa_ll_is_deterministic_mode_supported()) { + // Use hardware ECDSA peripheral + return esp_ecdsa_sign(grp, r, s, d, buf, blen, ECDSA_K_TYPE_DETERMINISITIC); + } else { + return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; + } } +#endif + // Fallback to software implementation + return __real_mbedtls_ecdsa_sign_det_ext(grp, r, s, d, buf, blen, md_alg, f_rng_blind, p_rng_blind); } extern int __real_mbedtls_ecdsa_sign_det_restartable(mbedtls_ecp_group *grp, @@ -507,12 +515,18 @@ int __wrap_mbedtls_ecdsa_sign_det_restartable(mbedtls_ecp_group *grp, /* * Check `d` whether it contains the hardware key */ +#if CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN if (d->MBEDTLS_PRIVATE(s) == ECDSA_KEY_MAGIC) { - // Use hardware ECDSA peripheral - return esp_ecdsa_sign(grp, r, s, d, buf, blen, ECDSA_K_TYPE_DETERMINISITIC); - } else { - return __real_mbedtls_ecdsa_sign_det_restartable(grp, r, s, d, buf, blen, md_alg, f_rng_blind, p_rng_blind, NULL); + if (ecdsa_ll_is_deterministic_mode_supported()) { + // Use hardware ECDSA peripheral + return esp_ecdsa_sign(grp, r, s, d, buf, blen, ECDSA_K_TYPE_DETERMINISITIC); + } else { + return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; + } } +#endif + // Fallback to software implementation + return __real_mbedtls_ecdsa_sign_det_ext(grp, r, s, d, buf, blen, md_alg, f_rng_blind, p_rng_blind); } #endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */ @@ -582,15 +596,22 @@ int __wrap_mbedtls_ecdsa_write_signature_restartable(mbedtls_ecdsa_context *ctx, mbedtls_mpi_init(&r); mbedtls_mpi_init(&s); + ecdsa_sign_type_t k_type = ECDSA_K_TYPE_TRNG; +#if defined(SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE) && defined(CONFIG_MBEDTLS_ECDSA_DETERMINISTIC) + if (ecdsa_ll_is_deterministic_mode_supported()) { + k_type = ECDSA_K_TYPE_DETERMINISITIC; + } +#endif + /* * Check `d` whether it contains the hardware key */ if (ctx->MBEDTLS_PRIVATE(d).MBEDTLS_PRIVATE(s) == ECDSA_KEY_MAGIC) { // Use hardware ECDSA peripheral #if defined(SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE) && defined(CONFIG_MBEDTLS_ECDSA_DETERMINISTIC) - MBEDTLS_MPI_CHK(esp_ecdsa_sign(&ctx->MBEDTLS_PRIVATE(grp), &r, &s, &ctx->MBEDTLS_PRIVATE(d), hash, hlen, ECDSA_K_TYPE_DETERMINISITIC)); + MBEDTLS_MPI_CHK(esp_ecdsa_sign(&ctx->MBEDTLS_PRIVATE(grp), &r, &s, &ctx->MBEDTLS_PRIVATE(d), hash, hlen, k_type)); #else - MBEDTLS_MPI_CHK(esp_ecdsa_sign(&ctx->MBEDTLS_PRIVATE(grp), &r, &s, &ctx->MBEDTLS_PRIVATE(d), hash, hlen, ECDSA_K_TYPE_TRNG)); + MBEDTLS_MPI_CHK(esp_ecdsa_sign(&ctx->MBEDTLS_PRIVATE(grp), &r, &s, &ctx->MBEDTLS_PRIVATE(d), hash, hlen, k_type)); #endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */ } diff --git a/components/mbedtls/test_apps/main/test_mbedtls_ecdsa.c b/components/mbedtls/test_apps/main/test_mbedtls_ecdsa.c index 12eec80b23..2a4366b720 100644 --- a/components/mbedtls/test_apps/main/test_mbedtls_ecdsa.c +++ b/components/mbedtls/test_apps/main/test_mbedtls_ecdsa.c @@ -274,12 +274,20 @@ TEST_CASE("mbedtls ECDSA signature generation on SECP256R1", "[mbedtls][efuse_ke TEST_CASE("mbedtls ECDSA deterministic signature generation on SECP192R1", "[mbedtls][efuse_key]") { - test_ecdsa_sign(MBEDTLS_ECP_DP_SECP192R1, sha, ecdsa192_sign_pub_x, ecdsa192_sign_pub_y, true, SECP192R1_EFUSE_BLOCK); + if (!ecdsa_ll_is_deterministic_mode_supported()) { + ESP_LOGI(TAG, "Skipping test because ECDSA deterministic mode is not supported."); + } else { + test_ecdsa_sign(MBEDTLS_ECP_DP_SECP192R1, sha, ecdsa192_sign_pub_x, ecdsa192_sign_pub_y, true, SECP192R1_EFUSE_BLOCK); + } } TEST_CASE("mbedtls ECDSA deterministic signature generation on SECP256R1", "[mbedtls][efuse_key]") { - test_ecdsa_sign(MBEDTLS_ECP_DP_SECP256R1, sha, ecdsa256_sign_pub_x, ecdsa256_sign_pub_y, true, SECP256R1_EFUSE_BLOCK); + if (!ecdsa_ll_is_deterministic_mode_supported()) { + ESP_LOGI(TAG, "Skipping test because ECDSA deterministic mode is not supported."); + } else { + test_ecdsa_sign(MBEDTLS_ECP_DP_SECP256R1, sha, ecdsa256_sign_pub_x, ecdsa256_sign_pub_y, true, SECP256R1_EFUSE_BLOCK); + } } #endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */ diff --git a/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in b/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in index 73dc682277..5e8cb0e51f 100644 --- a/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in @@ -1303,6 +1303,14 @@ config SOC_ECDSA_USES_MPI bool default y +config SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE + bool + default y + +config SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP + bool + default y + config SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED bool default y diff --git a/components/soc/esp32h2/include/soc/soc_caps.h b/components/soc/esp32h2/include/soc/soc_caps.h index f8ebaa02e2..8148712fc2 100644 --- a/components/soc/esp32h2/include/soc/soc_caps.h +++ b/components/soc/esp32h2/include/soc/soc_caps.h @@ -523,6 +523,8 @@ /*------------------------- ECDSA CAPS -------------------------*/ #define SOC_ECDSA_USES_MPI (1) +#define SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE (1) +#define SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP (1) #define SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED (1) /*-------------------------- UART CAPS ---------------------------------------*/ From 80528d184d679170cbb18453baf7e792337e4e8b Mon Sep 17 00:00:00 2001 From: Zhang Shuxian Date: Tue, 20 May 2025 19:17:05 +0800 Subject: [PATCH 3/3] docs: Update CN translation for ecdsa.rst --- docs/zh_CN/api-reference/peripherals/ecdsa.rst | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/docs/zh_CN/api-reference/peripherals/ecdsa.rst b/docs/zh_CN/api-reference/peripherals/ecdsa.rst index c9e444bd24..8267c9dfa2 100644 --- a/docs/zh_CN/api-reference/peripherals/ecdsa.rst +++ b/docs/zh_CN/api-reference/peripherals/ecdsa.rst @@ -61,6 +61,18 @@ ECDSA 密钥可以通过 ``idf.py`` 脚本在外部编程。以下是关于编 // writing key failed, maybe written already } + +.. only:: SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED + + ECDSA 曲线配置 + ----------------- + + {IDF_TARGET_NAME} 的 ECDSA 外设支持 ECDSA-P192 和 ECDSA-P256 两种曲线操作。但从 {IDF_TARGET_NAME} 版本 1.2 开始,默认仅启用 ECDSA-P256 操作。可以通过以下配置项启用 ECDSA-P192 操作: + + - :ref:`CONFIG_ESP_ECDSA_ENABLE_P192_CURVE` 启用对 ECDSA-P192 曲线操作的支持,使设备可以同时执行 192 位和 256 位的 ECDSA 曲线操作。但请注意,如果 eFuse 写保护期间已永久禁用 ECDSA-P192 操作,则启用该配置项也无法重新启用该功能。 + + - :cpp:func:`esp_efuse_enable_ecdsa_p192_curve_mode()` 可用于以编程方式启用 ECDSA-P192 曲线操作。它会向 eFuse 写入相应值,从而使设备支持 P-192 和 P-256 曲线操作。但请注意,若对应的 eFuse 区域已被写保护,则此 API 将调用失败。 + .. only:: SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE 生成确定性签名