fix(hal): Make the ECDSA countermeasure dynamically applicable

This commit makes the ECDSA countermeasure dynamically applicable
    across different revisions of the ESP32H2 SoC.

components/esp_system/port/cpu_start.c

@@ -301,18 +301,6 @@ static void start_other_core(void)
         REG_CLR_BIT(HP_SYS_CLKRST_HP_RST_EN0_REG, HP_SYS_CLKRST_REG_RST_EN_CORE1_GLOBAL);
     }
 #endif
-
-#if CONFIG_ESP_CRYPTO_FORCE_ECC_CONSTANT_TIME_POINT_MUL
-    if (!esp_efuse_read_field_bit(ESP_EFUSE_ECC_FORCE_CONST_TIME)) {
-        ESP_EARLY_LOGD(TAG, "Forcefully enabling ECC constant time operations");
-        esp_err_t err = esp_efuse_write_field_bit(ESP_EFUSE_ECC_FORCE_CONST_TIME);
-        if (err != ESP_OK) {
-            ESP_EARLY_LOGE(TAG, "Enabling ECC constant time operations forcefully failed.");
-            return err;
-        }
-    }
-#endif
-
     ets_set_appcpu_boot_addr((uint32_t)call_start_cpu1);
 
     bool cpus_up = false;

components/esp_system/startup.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2015-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -38,6 +38,12 @@
 
 /***********************************************/
 // Headers for other components init functions
+
+#if CONFIG_ESP_CRYPTO_FORCE_ECC_CONSTANT_TIME_POINT_MUL
+#include "soc/chip_revision.h"
+#include "hal/efuse_hal.h"
+#endif
+
 #if CONFIG_SW_COEXIST_ENABLE || CONFIG_EXTERNAL_COEX_ENABLE
 #include "private/esp_coexist_internal.h"
 #endif
@@ -374,6 +380,20 @@ static void do_core_init(void)
     }
 #endif
 
+#if CONFIG_ESP_CRYPTO_FORCE_ECC_CONSTANT_TIME_POINT_MUL
+    bool force_constant_time = true;
+#if CONFIG_IDF_TARGET_ESP32H2
+    if (!ESP_CHIP_REV_ABOVE(efuse_hal_chip_revision(), 102)) {
+        force_constant_time = false;
+    }
+#endif
+    if (!esp_efuse_read_field_bit(ESP_EFUSE_ECC_FORCE_CONST_TIME) && force_constant_time) {
+        ESP_EARLY_LOGD(TAG, "Forcefully enabling ECC constant time operations");
+        esp_err_t err = esp_efuse_write_field_bit(ESP_EFUSE_ECC_FORCE_CONST_TIME);
+        assert(err == ESP_OK && "Failed to enable ECC constant time operations");
+    }
+#endif
+
 #if CONFIG_SECURE_DISABLE_ROM_DL_MODE
     err = esp_efuse_disable_rom_download_mode();
     assert(err == ESP_OK && "Failed to disable ROM download mode");

components/hal/Kconfig

@@ -105,7 +105,7 @@ menu "Hardware Abstraction Layer (HAL) and Low Level (LL)"
 
     config HAL_ECDSA_GEN_SIG_CM
         bool "Enable countermeasure for ECDSA signature generation"
-        depends on IDF_TARGET_ESP32H2 && ESP32H2_REV_MIN_FULL < 102
+        depends on IDF_TARGET_ESP32H2
         default n
         help
             Enable this option to apply the countermeasure for ECDSA signature operation

components/hal/ecdsa_hal.c

@@ -16,6 +16,7 @@
 #if CONFIG_HAL_ECDSA_GEN_SIG_CM
 #include "esp_fault.h"
 #include "esp_random.h"
+#include "soc/chip_revision.h"
 #endif
 
 #define ECDSA_HAL_P192_COMPONENT_LEN        24
@@ -121,7 +122,11 @@ void ecdsa_hal_gen_signature(ecdsa_hal_config_t *conf, const uint8_t *hash,
     configure_ecdsa_periph(conf);
 
 #if CONFIG_HAL_ECDSA_GEN_SIG_CM
+    if (!ESP_CHIP_REV_ABOVE(efuse_hal_chip_revision(), 102)) {
         ecdsa_hal_gen_signature_with_countermeasure(hash, r_out, s_out, len);
+    } else {
+        ecdsa_hal_gen_signature_inner(hash, r_out, s_out, len);
+    }
 #else /* CONFIG_HAL_ECDSA_GEN_SIG_CM */
     ecdsa_hal_gen_signature_inner(hash, r_out, s_out, len);
 #endif /* !CONFIG_HAL_ECDSA_GEN_SIG_CM */

components/hal/test_apps/crypto/main/CMakeLists.txt

@@ -33,5 +33,5 @@ if(CONFIG_SOC_SHA_SUPPORTED)
 endif()
 
 idf_component_register(SRCS ${srcs}
-                       REQUIRES test_utils unity
+                       REQUIRES test_utils unity ccomp_timer
                        WHOLE_ARCHIVE)

components/hal/test_apps/crypto/main/ecc/test_ecc.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: CC0-1.0
  */
@@ -14,7 +14,8 @@
 #include "soc/soc_caps.h"
 #include "hal/ecc_hal.h"
 #include "hal/ecc_ll.h"
-
+#include "ccomp_timer.h"
+#include "sys/param.h"
 #include "memory_checks.h"
 #include "unity_fixture.h"
 
@@ -197,7 +198,8 @@ static void test_ecc_point_mul_inner_constant_time(void)
     mean_elapsed_time = total_elapsed_time / loop_count;
     deviation = ((double)(max_time - mean_elapsed_time) / mean_elapsed_time);
 
-    TEST_ASSERT_LESS_THAN_DOUBLE(CONST_TIME_DEVIATION_PERCENT, deviation);
+    int is_constant_time = (deviation < CONST_TIME_DEVIATION_PERCENT);
+    TEST_ASSERT_EQUAL(is_constant_time, 1);
 
     /* P192 */
     ecc_be_to_le(ecc_p192_scalar, scalar_le, 24);
@@ -220,7 +222,8 @@ static void test_ecc_point_mul_inner_constant_time(void)
     mean_elapsed_time = total_elapsed_time / loop_count;
     deviation = ((double)(max_time - mean_elapsed_time) / mean_elapsed_time);
 
-    TEST_ASSERT_LESS_THAN_DOUBLE(CONST_TIME_DEVIATION_PERCENT, deviation);
+    is_constant_time = (deviation < CONST_TIME_DEVIATION_PERCENT);
+    TEST_ASSERT_EQUAL(is_constant_time, 1);
 }
 
 TEST(ecc, ecc_point_multiplication_const_time_check_on_SECP192R1_and_SECP256R1)

components/hal/test_apps/crypto/main/idf_component.yml

@@ -0,0 +1,17 @@
+## IDF Component Manager Manifest File
+dependencies:
+  ## Required IDF version
+  idf:
+    version: '>=4.1.0'
+  # # Put list of dependencies here
+  # # For components maintained by Espressif:
+  # component: "~1.0.0"
+  # # For 3rd party components:
+  # username/component: ">=1.0.0,<2.0.0"
+  # username2/component2:
+  #   version: "~1.0.0"
+  #   # For transient dependencies `public` flag can be set.
+  #   # `public` flag doesn't have an effect dependencies of the `main` component.
+  #   # All dependencies of `main` are public by default.
+  #   public: true
+  espressif/ccomp_timer: '*'

components/mbedtls/port/ecdsa/ecdsa_alt.c

@@ -25,6 +25,8 @@
 
 #if CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN_CONSTANT_TIME_CM
 #include "esp_timer.h"
+#include "soc/chip_revision.h"
+#include "hal/efuse_hal.h"
 
 #if CONFIG_ESP_CRYPTO_DPA_PROTECTION_LEVEL_HIGH
 /*
@@ -316,10 +318,12 @@ static int esp_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi* r, mbedtls_mpi* s
 #endif
         ecdsa_hal_gen_signature(&conf, sha_le, r_le, s_le, len);
 #if CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN_CONSTANT_TIME_CM
+        if (!ESP_CHIP_REV_ABOVE(efuse_hal_chip_revision(), 102)) {
             sig_time = esp_timer_get_time() - sig_time;
             if (sig_time < ECDSA_CM_FIXED_SIG_TIME) {
                 esp_rom_delay_us(ECDSA_CM_FIXED_SIG_TIME - sig_time);
             }
+        }
 #endif
         process_again = !ecdsa_hal_get_operation_result()
                         || !memcmp(r_le, zeroes, len)