diff --git a/components/efuse/esp32p4/include/esp_efuse_chip.h b/components/efuse/esp32p4/include/esp_efuse_chip.h index 3d76ef9894..0aa99a81cf 100644 --- a/components/efuse/esp32p4/include/esp_efuse_chip.h +++ b/components/efuse/esp32p4/include/esp_efuse_chip.h @@ -62,7 +62,7 @@ typedef enum { */ typedef enum { ESP_EFUSE_KEY_PURPOSE_USER = 0, /**< User purposes (software-only use) */ - ESP_EFUSE_KEY_PURPOSE_RESERVED = 1, /**< Reserved */ + ESP_EFUSE_KEY_PURPOSE_ECDSA_KEY = 1, /**< ECDSA private key (Expected in little endian order)*/ ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_1 = 2, /**< XTS_AES_256_KEY_1 (flash/PSRAM encryption) */ ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_2 = 3, /**< XTS_AES_256_KEY_2 (flash/PSRAM encryption) */ ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY = 4, /**< XTS_AES_128_KEY (flash/PSRAM encryption) */ diff --git a/components/hal/ecdsa_hal.c b/components/hal/ecdsa_hal.c index 3d8e8696e5..f0681dc830 100644 --- a/components/hal/ecdsa_hal.c +++ b/components/hal/ecdsa_hal.c @@ -9,17 +9,30 @@ #include "hal/ecdsa_hal.h" #include "hal/efuse_hal.h" +#ifdef SOC_KEY_MANAGER_SUPPORTED +#include "soc/keymng_reg.h" // TODO: IDF-7901 +#endif + #define ECDSA_HAL_P192_COMPONENT_LEN 24 #define ECDSA_HAL_P256_COMPONENT_LEN 32 static void configure_ecdsa_periph(ecdsa_hal_config_t *conf) { - efuse_hal_set_ecdsa_key(conf->efuse_key_blk); +#ifdef SOC_KEY_MANAGER_SUPPORTED + REG_SET_FIELD(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY, 1); // TODO: IDF-7901 +#endif + + if (conf->use_km_key == 0) { + efuse_hal_set_ecdsa_key(conf->efuse_key_blk); + } ecdsa_ll_set_mode(conf->mode); ecdsa_ll_set_curve(conf->curve); - ecdsa_ll_set_k_mode(conf->k_mode); - ecdsa_ll_set_z_mode(conf->sha_mode); + + if (conf->mode != ECDSA_MODE_EXPORT_PUBKEY) { + ecdsa_ll_set_k_mode(conf->k_mode); + ecdsa_ll_set_z_mode(conf->sha_mode); + } } void ecdsa_hal_gen_signature(ecdsa_hal_config_t *conf, const uint8_t *k, const uint8_t *hash, @@ -102,3 +115,39 @@ int ecdsa_hal_verify_signature(ecdsa_hal_config_t *conf, const uint8_t *hash, co return (res ? 0 : -1); } + +#ifdef SOC_ECDSA_SUPPORT_EXPORT_PUBKEY +void ecdsa_hal_export_pubkey(ecdsa_hal_config_t *conf, uint8_t *pub_x, uint8_t *pub_y, uint16_t len) +{ + if (len != ECDSA_HAL_P192_COMPONENT_LEN && len != ECDSA_HAL_P256_COMPONENT_LEN) { + HAL_ASSERT(false && "Incorrect length"); + } + + if (ecdsa_ll_get_state() != ECDSA_STATE_IDLE) { + HAL_ASSERT(false && "Incorrect ECDSA state"); + } + + configure_ecdsa_periph(conf); + + ecdsa_ll_set_stage(ECDSA_STAGE_START_CALC); + + while(ecdsa_ll_get_state() != ECDSA_STATE_LOAD) { + ; + } + + ecdsa_ll_set_stage(ECDSA_STAGE_LOAD_DONE); + + while (ecdsa_ll_get_state() != ECDSA_STATE_GET) { + ; + } + + ecdsa_ll_read_param(ECDSA_PARAM_QAX, pub_x, len); + ecdsa_ll_read_param(ECDSA_PARAM_QAY, pub_y, len); + + ecdsa_ll_set_stage(ECDSA_STAGE_GET_DONE); + + while (ecdsa_ll_get_state() != ECDSA_STATE_IDLE) { + ; + } +} +#endif /* SOC_ECDSA_SUPPORT_EXPORT_PUBKEY */ diff --git a/components/hal/esp32p4/include/hal/clk_gate_ll.h b/components/hal/esp32p4/include/hal/clk_gate_ll.h index 436cc7ba9d..7ac99b82c4 100644 --- a/components/hal/esp32p4/include/hal/clk_gate_ll.h +++ b/components/hal/esp32p4/include/hal/clk_gate_ll.h @@ -195,14 +195,18 @@ static inline uint32_t periph_ll_get_rst_en_mask(periph_module_t periph, bool en case PERIPH_DS_MODULE: return HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_DS; case PERIPH_ECC_MODULE: - return HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_ECC; + ret = HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_ECC; + if (enable == true) { + ret |= HP_SYS_CLKRST_REG_RST_EN_ECDSA; + } + return ret; case PERIPH_HMAC_MODULE: return HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_HMAC; case PERIPH_RSA_MODULE: ret = HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_RSA; if (enable == true) { - // Clear reset on digital signature, otherwise RSA is held in reset - ret |= HP_SYS_CLKRST_REG_RST_EN_DS; + // Clear reset on digital signature, and ECDSA, otherwise RSA is held in reset + ret |= HP_SYS_CLKRST_REG_RST_EN_DS | HP_SYS_CLKRST_REG_RST_EN_ECDSA; } return ret; case PERIPH_SEC_MODULE: diff --git a/components/hal/esp32p4/include/hal/ecdsa_ll.h b/components/hal/esp32p4/include/hal/ecdsa_ll.h new file mode 100644 index 0000000000..b49a66e432 --- /dev/null +++ b/components/hal/esp32p4/include/hal/ecdsa_ll.h @@ -0,0 +1,389 @@ +/* + * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ +#pragma once + +#include +#include +#include "hal/assert.h" +#include "soc/ecdsa_reg.h" +#include "hal/ecdsa_types.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Memory blocks of ECDSA parameters + */ +typedef enum { + ECDSA_PARAM_R, + ECDSA_PARAM_S, + ECDSA_PARAM_Z, + ECDSA_PARAM_K, + ECDSA_PARAM_QAX, + ECDSA_PARAM_QAY +} ecdsa_ll_param_t; + +/** + * @brief Interrupt types in ECDSA + */ +typedef enum { + ECDSA_INT_CALC_DONE, + ECDSA_INT_SHA_RELEASE, +} ecdsa_ll_intr_type_t; + +/** + * @brief Stages of ECDSA operation + */ +typedef enum { + ECDSA_STAGE_START_CALC, + ECDSA_STAGE_LOAD_DONE, + ECDSA_STAGE_GET_DONE +} ecdsa_ll_stage_t; + +/** + * @brief States of ECDSA peripheral + */ +typedef enum { + ECDSA_STATE_IDLE, + ECDSA_STATE_LOAD, + ECDSA_STATE_GET, + ECDSA_STATE_BUSY +} ecdsa_ll_state_t; + +/** + * @brief Types of SHA + */ +typedef enum { + ECDSA_SHA_224, + ECDSA_SHA_256 +} ecdsa_ll_sha_type_t; + +/** + * @brief Operation modes of SHA + */ +typedef enum { + ECDSA_MODE_SHA_START, + ECDSA_MODE_SHA_CONTINUE +} ecdsa_ll_sha_mode_t; + +/** + * @brief Enable interrupt of a given type + * + * @param type Interrupt type + */ +static inline void ecdsa_ll_enable_intr(ecdsa_ll_intr_type_t type) +{ + switch (type) { + case ECDSA_INT_CALC_DONE: + REG_SET_FIELD(ECDSA_INT_ENA_REG, ECDSA_CALC_DONE_INT_ENA, 1); + break; + case ECDSA_INT_SHA_RELEASE: + REG_SET_FIELD(ECDSA_INT_ENA_REG, ECDSA_SHA_RELEASE_INT_ENA, 1); + break; + default: + HAL_ASSERT(false && "Unsupported interrupt type"); + break; + } +} + +/** + * @brief Disable interrupt of a given type + * + * @param type Interrupt type + */ +static inline void ecdsa_ll_disable_intr(ecdsa_ll_intr_type_t type) +{ + switch (type) { + case ECDSA_INT_CALC_DONE: + REG_SET_FIELD(ECDSA_INT_ENA_REG, ECDSA_CALC_DONE_INT_ENA, 0); + break; + case ECDSA_INT_SHA_RELEASE: + REG_SET_FIELD(ECDSA_INT_ENA_REG, ECDSA_SHA_RELEASE_INT_ENA, 0); + break; + default: + HAL_ASSERT(false && "Unsupported interrupt type"); + break; + } +} + +/** + * @brief Clear interrupt of a given type + * + * @param type Interrupt type + */ +static inline void ecdsa_ll_clear_intr(ecdsa_ll_intr_type_t type) +{ + switch (type) { + case ECDSA_INT_CALC_DONE: + REG_SET_FIELD(ECDSA_INT_CLR_REG, ECDSA_CALC_DONE_INT_CLR, 1); + break; + case ECDSA_INT_SHA_RELEASE: + REG_SET_FIELD(ECDSA_INT_CLR_REG, ECDSA_SHA_RELEASE_INT_CLR, 1); + break; + default: + HAL_ASSERT(false && "Unsupported interrupt type"); + break; + } +} + +/** + * @brief Set working mode of ECDSA + * + * @param mode Mode of operation + */ +static inline void ecdsa_ll_set_mode(ecdsa_mode_t mode) +{ + switch (mode) { + case ECDSA_MODE_SIGN_VERIFY: + REG_SET_FIELD(ECDSA_CONF_REG, ECDSA_WORK_MODE, 0); + break; + case ECDSA_MODE_SIGN_GEN: + REG_SET_FIELD(ECDSA_CONF_REG, ECDSA_WORK_MODE, 1); + break; + case ECDSA_MODE_EXPORT_PUBKEY: + REG_SET_FIELD(ECDSA_CONF_REG, ECDSA_WORK_MODE, 2); + break; + default: + HAL_ASSERT(false && "Unsupported mode"); + break; + } +} + +/** + * @brief Set curve for ECDSA operation + * + * @param curve ECDSA curve + */ +static inline void ecdsa_ll_set_curve(ecdsa_curve_t curve) +{ + switch (curve) { + case ECDSA_CURVE_SECP256R1: + REG_SET_BIT(ECDSA_CONF_REG, ECDSA_ECC_CURVE); + break; + case ECDSA_CURVE_SECP192R1: + REG_CLR_BIT(ECDSA_CONF_REG, ECDSA_ECC_CURVE); + break; + default: + HAL_ASSERT(false && "Unsupported curve"); + return; + } +} + +/** + * @brief Set the source of `K` + * + * @param mode Mode of K generation + */ +static inline void ecdsa_ll_set_k_mode(ecdsa_k_mode_t mode) +{ + switch (mode) { + case ECDSA_K_USE_TRNG: + REG_CLR_BIT(ECDSA_CONF_REG, ECDSA_SOFTWARE_SET_K); + break; + case ECDSA_K_USER_PROVIDED: + REG_SET_BIT(ECDSA_CONF_REG, ECDSA_SOFTWARE_SET_K); + break; + default: + HAL_ASSERT(false && "Unsupported curve"); + break; + } +} + +/** + * @brief Set the source of `Z` (SHA message) + * + * @param mode Mode of SHA generation + */ +static inline void ecdsa_ll_set_z_mode(ecdsa_ll_sha_mode_t mode) +{ + switch (mode) { + case ECDSA_Z_USE_SHA_PERI: + REG_CLR_BIT(ECDSA_CONF_REG, ECDSA_SOFTWARE_SET_Z); + break; + case ECDSA_Z_USER_PROVIDED: + REG_SET_BIT(ECDSA_CONF_REG, ECDSA_SOFTWARE_SET_Z); + break; + default: + HAL_ASSERT(false && "Unsupported curve"); + break; + } +} + +/** + * @brief Set the stage of ECDSA operation + * + * @param stage Stage of operation + */ +static inline void ecdsa_ll_set_stage(ecdsa_ll_stage_t stage) +{ + switch (stage) { + case ECDSA_STAGE_START_CALC: + REG_SET_BIT(ECDSA_START_REG, ECDSA_START); + break; + case ECDSA_STAGE_LOAD_DONE: + REG_SET_BIT(ECDSA_START_REG, ECDSA_LOAD_DONE); + break; + case ECDSA_STAGE_GET_DONE: + REG_SET_BIT(ECDSA_START_REG, ECDSA_GET_DONE); + break; + default: + HAL_ASSERT(false && "Unsupported state"); + break; + } +} + +/** + * @brief Get the state of ECDSA peripheral + * + * @return State of ECDSA + */ +static inline uint32_t ecdsa_ll_get_state(void) +{ + return REG_GET_FIELD(ECDSA_STATE_REG, ECDSA_BUSY); +} + +/** + * @brief Set the SHA type + * + * @param type Type of SHA + */ +static inline void ecdsa_ll_sha_set_type(ecdsa_ll_sha_type_t type) +{ + switch (type) { + case ECDSA_SHA_224: + REG_SET_FIELD(ECDSA_SHA_MODE_REG, ECDSA_SHA_MODE, 1); + break; + case ECDSA_SHA_256: + REG_SET_FIELD(ECDSA_SHA_MODE_REG, ECDSA_SHA_MODE, 2); + break; + default: + HAL_ASSERT(false && "Unsupported type"); + break; + } +} + +/** + * @brief Set the SHA operation mode + * + * @param mode Mode of SHA operation + */ +static inline void ecdsa_ll_sha_set_mode(ecdsa_ll_sha_mode_t mode) +{ + switch (mode) { + case ECDSA_MODE_SHA_START: + REG_SET_BIT(ECDSA_SHA_START_REG, ECDSA_SHA_START); + break; + case ECDSA_MODE_SHA_CONTINUE: + REG_SET_BIT(ECDSA_SHA_CONTINUE_REG, ECDSA_SHA_CONTINUE); + break; + default: + HAL_ASSERT(false && "Unsupported type"); + break; + } +} + +/** + * @brief Check if SHA is busy + * + * @return - true, if SHA is busy + * - false, if SHA is IDLE + */ +static inline bool ecdsa_ll_sha_is_busy(void) +{ + return REG_GET_BIT(ECDSA_SHA_BUSY_REG, ECDSA_SHA_BUSY); +} + +/** + * @brief Write the ECDSA parameter + * + * @param param Parameter to be writen + * @param buf Buffer containing data + * @param len Length of buffer + */ +static inline void ecdsa_ll_write_param(ecdsa_ll_param_t param, const uint8_t *buf, uint16_t len) +{ + uint32_t reg; + uint32_t word; + switch (param) { + case ECDSA_PARAM_R: + reg = ECDSA_R_MEM; + break; + case ECDSA_PARAM_S: + reg = ECDSA_S_MEM; + break; + case ECDSA_PARAM_Z: + reg = ECDSA_Z_MEM; + break; + case ECDSA_PARAM_K: + case ECDSA_PARAM_QAX: + reg = ECDSA_QAX_MEM; + break; + case ECDSA_PARAM_QAY: + reg = ECDSA_QAY_MEM; + break; + default: + HAL_ASSERT(false && "Invalid parameter"); + return; + } + + for (int i = 0; i < len; i += 4) { + memcpy(&word, buf + i, 4); + REG_WRITE(reg + i, word); + } +} + +/** + * @brief Read the ECDSA parameter + * + * @param param Parameter to be read + * @param buf Buffer where the data will be written + * @param len Length of buffer + */ +static inline void ecdsa_ll_read_param(ecdsa_ll_param_t param, uint8_t *buf, uint16_t len) +{ + uint32_t reg; + switch (param) { + case ECDSA_PARAM_R: + reg = ECDSA_R_MEM; + break; + case ECDSA_PARAM_S: + reg = ECDSA_S_MEM; + break; + case ECDSA_PARAM_Z: + reg = ECDSA_Z_MEM; + break; + case ECDSA_PARAM_K: + case ECDSA_PARAM_QAX: + reg = ECDSA_QAX_MEM; + break; + case ECDSA_PARAM_QAY: + reg = ECDSA_QAY_MEM; + break; + default: + HAL_ASSERT(false && "Invalid parameter"); + return; + } + + memcpy(buf, (void *)reg, len); +} + +/** + * @brief Get result of ECDSA verification operation + * + * This is only valid for ECDSA verify mode + * + * @return - 1, if signature verification succeeds + * - 0, otherwise + */ +static inline int ecdsa_ll_get_verification_result(void) +{ + return REG_GET_BIT(ECDSA_RESULT_REG, ECDSA_OPERATION_RESULT); +} + +#ifdef __cplusplus +} +#endif diff --git a/components/hal/esp32p4/include/hal/efuse_ll.h b/components/hal/esp32p4/include/hal/efuse_ll.h index 1b92ce846b..246b4de1a3 100644 --- a/components/hal/esp32p4/include/hal/efuse_ll.h +++ b/components/hal/esp32p4/include/hal/efuse_ll.h @@ -85,6 +85,11 @@ __attribute__((always_inline)) static inline uint32_t efuse_ll_get_chip_ver_pkg( return 0; } +__attribute__((always_inline)) static inline void efuse_ll_set_ecdsa_key_blk(int efuse_blk) +{ + EFUSE.conf.cfg_ecdsa_blk = efuse_blk; +} + /******************* eFuse control functions *************************/ __attribute__((always_inline)) static inline bool efuse_ll_get_read_cmd(void) @@ -123,6 +128,11 @@ __attribute__((always_inline)) static inline void efuse_ll_set_pwr_off_num(uint1 EFUSE.wr_tim_conf2.pwr_off_num = value; } +__attribute__((always_inline)) static inline void efuse_ll_rs_bypass_update(void) +{ + EFUSE.wr_tim_conf0_rs_bypass.update = 1; +} + /******************* eFuse control functions *************************/ #ifdef __cplusplus diff --git a/components/hal/include/hal/ecdsa_hal.h b/components/hal/include/hal/ecdsa_hal.h index 02bad6092b..9ce048f9e3 100644 --- a/components/hal/include/hal/ecdsa_hal.h +++ b/components/hal/include/hal/ecdsa_hal.h @@ -12,8 +12,10 @@ #pragma once +#include #include #include "hal/ecdsa_types.h" +#include "soc/soc_caps.h" #ifdef __cplusplus extern "C" { @@ -28,6 +30,7 @@ typedef struct { ecdsa_k_mode_t k_mode; /* Source of K */ ecdsa_sha_mode_t sha_mode; /* Source of SHA that needs to be signed */ int efuse_key_blk; /* Efuse block to use as ECDSA key (The purpose of the efuse block must be ECDSA_KEY) */ + bool use_km_key; /* Use an ECDSA key from the Key Manager peripheral */ } ecdsa_hal_config_t; /** @@ -59,6 +62,19 @@ void ecdsa_hal_gen_signature(ecdsa_hal_config_t *conf, const uint8_t *k, const u */ int ecdsa_hal_verify_signature(ecdsa_hal_config_t *conf, const uint8_t *hash, const uint8_t *r, const uint8_t *s, const uint8_t *pub_x, const uint8_t *pub_y, uint16_t len); + +#ifdef SOC_ECDSA_SUPPORT_EXPORT_PUBKEY +/** + * @brief Export public key coordinates of an ECDSA private key + * + * @param conf Configuration for ECDSA operation, see ``ecdsa_hal_config_t`` + * @param pub_x X coordinate of public key + * @param pub_y Y coordinate of public key + * @param len Length of pub_x and pub_y buffers (32 bytes for SECP256R1, 24 for SECP192R1) + */ +void ecdsa_hal_export_pubkey(ecdsa_hal_config_t *conf, uint8_t *pub_x, uint8_t *pub_y, uint16_t len); +#endif /* SOC_ECDSA_SUPPORT_EXPORT_PUBKEY */ + #ifdef __cplusplus } #endif diff --git a/components/hal/include/hal/ecdsa_types.h b/components/hal/include/hal/ecdsa_types.h index fdb2f3d3cf..fa96fbdee7 100644 --- a/components/hal/include/hal/ecdsa_types.h +++ b/components/hal/include/hal/ecdsa_types.h @@ -15,6 +15,7 @@ extern "C" { typedef enum { ECDSA_MODE_SIGN_VERIFY, ECDSA_MODE_SIGN_GEN, + ECDSA_MODE_EXPORT_PUBKEY, } ecdsa_mode_t; /** diff --git a/components/hal/test_apps/crypto/main/ecdsa/test_ecdsa.c b/components/hal/test_apps/crypto/main/ecdsa/test_ecdsa.c index 120e96cf5d..a80aa039f8 100644 --- a/components/hal/test_apps/crypto/main/ecdsa/test_ecdsa.c +++ b/components/hal/test_apps/crypto/main/ecdsa/test_ecdsa.c @@ -106,7 +106,7 @@ static void test_ecdsa_corrupt_data(bool is_p256, uint8_t* sha, uint8_t* r_le, u } -static void test_ecdsa_sign(bool is_p256, uint8_t* sha, uint8_t* r_le, uint8_t* s_le) +static void test_ecdsa_sign(bool is_p256, uint8_t* sha, uint8_t* r_le, uint8_t* s_le, bool use_km_key) { uint8_t sha_le[32] = {0}; uint8_t zeroes[32] = {0}; @@ -116,15 +116,20 @@ static void test_ecdsa_sign(bool is_p256, uint8_t* sha, uint8_t* r_le, uint8_t* .mode = ECDSA_MODE_SIGN_GEN, .k_mode = ECDSA_K_USE_TRNG, .sha_mode = ECDSA_Z_USER_PROVIDED, + .use_km_key = use_km_key, }; if (is_p256) { conf.curve = ECDSA_CURVE_SECP256R1; - conf.efuse_key_blk = 6; + if (use_km_key == 0) { + conf.efuse_key_blk = 6; + } len = 32; } else { conf.curve = ECDSA_CURVE_SECP192R1; - conf.efuse_key_blk = 5; + if (use_km_key == 0) { + conf.efuse_key_blk = 5; + } len = 24; } @@ -140,16 +145,57 @@ static void test_ecdsa_sign(bool is_p256, uint8_t* sha, uint8_t* r_le, uint8_t* ecdsa_disable_and_reset(); } -static void test_ecdsa_sign_and_verify(bool is_p256, uint8_t* sha, uint8_t* pub_x, uint8_t* pub_y) +static void test_ecdsa_sign_and_verify(bool is_p256, uint8_t* sha, uint8_t* pub_x, uint8_t* pub_y, bool use_km_key) { uint8_t r_le[32] = {0}; uint8_t s_le[32] = {0}; - test_ecdsa_sign(is_p256, sha, r_le, s_le); - + test_ecdsa_sign(is_p256, sha, r_le, s_le, use_km_key); TEST_ASSERT_EQUAL(0, test_ecdsa_verify(is_p256, sha, r_le, s_le, pub_x, pub_y)); } +#ifdef SOC_ECDSA_SUPPORT_EXPORT_PUBKEY +static void test_ecdsa_export_pubkey(bool is_p256, bool use_km_key) +{ + uint8_t pub_x[32] = {0}; + uint8_t pub_y[32] = {0}; + uint16_t len; + + ecdsa_hal_config_t conf = { + .mode = ECDSA_MODE_EXPORT_PUBKEY, + .use_km_key = use_km_key, + }; + + if (is_p256) { + conf.curve = ECDSA_CURVE_SECP256R1; + if (use_km_key == 0) { + conf.efuse_key_blk = 6; + } + len = 32; + } else { + conf.curve = ECDSA_CURVE_SECP192R1; + if (use_km_key == 0) { + conf.efuse_key_blk = 5; + } + len = 24; + } + + ecdsa_enable_and_reset(); + ecdsa_hal_export_pubkey(&conf, pub_x, pub_y, len); + + if (is_p256) { + TEST_ASSERT_EQUAL_HEX8_ARRAY(ecdsa256_pub_x, pub_x, len); + TEST_ASSERT_EQUAL_HEX8_ARRAY(ecdsa256_pub_y, pub_y, len); + } else { + TEST_ASSERT_EQUAL_HEX8_ARRAY(ecdsa192_pub_x, pub_x, len); + TEST_ASSERT_EQUAL_HEX8_ARRAY(ecdsa192_pub_y, pub_y, len); + } + + ecdsa_disable_and_reset(); +} +#endif /* SOC_ECDSA_SUPPORT_EXPORT_PUBKEY */ + + TEST_GROUP(ecdsa); TEST_SETUP(ecdsa) @@ -172,7 +218,7 @@ TEST(ecdsa, ecdsa_SECP192R1_signature_verification) TEST(ecdsa, ecdsa_SECP192R1_sign_and_verify) { - test_ecdsa_sign_and_verify(0, sha, ecdsa192_pub_x, ecdsa192_pub_y); + test_ecdsa_sign_and_verify(0, sha, ecdsa192_pub_x, ecdsa192_pub_y, 0); } @@ -190,7 +236,7 @@ TEST(ecdsa, ecdsa_SECP256R1_signature_verification) TEST(ecdsa, ecdsa_SECP256R1_sign_and_verify) { - test_ecdsa_sign_and_verify(1, sha, ecdsa256_pub_x, ecdsa256_pub_y); + test_ecdsa_sign_and_verify(1, sha, ecdsa256_pub_x, ecdsa256_pub_y, 0); } @@ -199,6 +245,18 @@ TEST(ecdsa, ecdsa_SECP256R1_corrupt_signature) test_ecdsa_corrupt_data(1, sha, ecdsa256_r, ecdsa256_s, ecdsa256_pub_x, ecdsa256_pub_y); } +#ifdef SOC_ECDSA_SUPPORT_EXPORT_PUBKEY +TEST(ecdsa, ecdsa_SECP192R1_export_pubkey) +{ + test_ecdsa_export_pubkey(0, 0); +} + +TEST(ecdsa, ecdsa_SECP256R1_export_pubkey) +{ + test_ecdsa_export_pubkey(1, 0); +} +#endif /* SOC_ECDSA_SUPPORT_EXPORT_PUBKEY */ + TEST_GROUP_RUNNER(ecdsa) { RUN_TEST_CASE(ecdsa, ecdsa_SECP192R1_signature_verification) @@ -207,4 +265,8 @@ TEST_GROUP_RUNNER(ecdsa) RUN_TEST_CASE(ecdsa, ecdsa_SECP256R1_signature_verification) RUN_TEST_CASE(ecdsa, ecdsa_SECP256R1_sign_and_verify) RUN_TEST_CASE(ecdsa, ecdsa_SECP256R1_corrupt_signature) +#ifdef SOC_ECDSA_SUPPORT_EXPORT_PUBKEY + RUN_TEST_CASE(ecdsa, ecdsa_SECP192R1_export_pubkey) + RUN_TEST_CASE(ecdsa, ecdsa_SECP256R1_export_pubkey) +#endif /* SOC_ECDSA_SUPPORT_EXPORT_PUBKEY */ } diff --git a/components/mbedtls/port/ecdsa/ecdsa_alt.c b/components/mbedtls/port/ecdsa/ecdsa_alt.c index e098b5e9e3..ef5c9dc33e 100644 --- a/components/mbedtls/port/ecdsa/ecdsa_alt.c +++ b/components/mbedtls/port/ecdsa/ecdsa_alt.c @@ -6,7 +6,6 @@ #include #include "hal/ecdsa_hal.h" #include "esp_efuse.h" -#include "mbedtls/ecp.h" #include "mbedtls/ecdsa.h" #include "mbedtls/platform_util.h" #include "esp_private/periph_ctrl.h" @@ -44,6 +43,64 @@ static void ecdsa_be_to_le(const uint8_t* be_point, uint8_t *le_point, uint8_t l } } +#ifdef SOC_ECDSA_SUPPORT_EXPORT_PUBKEY +int esp_ecdsa_load_pubkey(mbedtls_ecp_keypair *keypair, int efuse_blk) +{ + int ret = -1; + + if (efuse_blk < EFUSE_BLK_KEY0 || efuse_blk >= EFUSE_BLK_KEY_MAX) { + ESP_LOGE(TAG, "Invalid efuse block selected"); + return ret; + } + + ecdsa_curve_t curve; + esp_efuse_block_t blk; + uint16_t len; + uint8_t zeroes[MAX_ECDSA_COMPONENT_LEN] = {0}; + uint8_t qx_le[MAX_ECDSA_COMPONENT_LEN]; + uint8_t qy_le[MAX_ECDSA_COMPONENT_LEN]; + + if (keypair->MBEDTLS_PRIVATE(grp).id == MBEDTLS_ECP_DP_SECP192R1) { + curve = ECDSA_CURVE_SECP192R1; + len = 24; + } else if (keypair->MBEDTLS_PRIVATE(grp).id == MBEDTLS_ECP_DP_SECP256R1) { + curve = ECDSA_CURVE_SECP256R1; + len = 32; + } else { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } + + if (!esp_efuse_find_purpose(ESP_EFUSE_KEY_PURPOSE_ECDSA_KEY, &blk)) { + ESP_LOGE(TAG, "No efuse block with purpose ECDSA_KEY found"); + return MBEDTLS_ERR_ECP_INVALID_KEY; + } + + ecdsa_hal_config_t conf = { + .mode = ECDSA_MODE_EXPORT_PUBKEY, + .curve = curve, + .use_km_key = 0, //TODO: IDF-7992 + .efuse_key_blk = efuse_blk, + }; + + esp_ecdsa_acquire_hardware(); + + do { + ecdsa_hal_export_pubkey(&conf, qx_le, qy_le, len); + } while (!memcmp(qx_le, zeroes, len) || !memcmp(qy_le, zeroes, len)); + + esp_ecdsa_release_hardware(); + + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary_le(&(keypair->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X)), qx_le, len)); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary_le(&(keypair->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y)), qy_le, len)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&(keypair->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z)), 1)); + + return 0; + +cleanup: + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; +} +#endif /* SOC_ECDSA_SUPPORT_EXPORT_PUBKEY */ + #ifdef CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN int esp_ecdsa_privkey_load_mpi(mbedtls_mpi *key, int efuse_blk) { @@ -96,6 +153,48 @@ int esp_ecdsa_privkey_load_pk_context(mbedtls_pk_context *key_ctx, int efuse_blk return esp_ecdsa_privkey_load_mpi(&(keypair->MBEDTLS_PRIVATE(d)), efuse_blk); } +int esp_ecdsa_set_pk_context(mbedtls_pk_context *key_ctx, esp_ecdsa_pk_conf_t *conf) +{ + int ret = -1; + + if (!key_ctx) { + ESP_LOGE(TAG, "mbedtls_pk_context cannot be NULL"); + return ret; + } + + if (!conf) { + ESP_LOGE(TAG, "esp_ecdsa_pk_conf_t cannot be NULL"); + return ret; + } + + if (conf->grp_id != MBEDTLS_ECP_DP_SECP192R1 && conf->grp_id != MBEDTLS_ECP_DP_SECP256R1) { + ESP_LOGE(TAG, "Invalid EC curve group id mentioned in esp_ecdsa_pk_conf_t"); + return ret; + } + + if ((ret = esp_ecdsa_privkey_load_pk_context(key_ctx, conf->efuse_block)) != 0) { + ESP_LOGE(TAG, "Loading private key context failed, esp_ecdsa_privkey_load_pk_context() returned %d", ret); + return ret; + } + + mbedtls_ecp_keypair *keypair = mbedtls_pk_ec(*key_ctx); + if ((ret = mbedtls_ecp_group_load(&(keypair->MBEDTLS_PRIVATE(grp)), conf->grp_id)) != 0) { + ESP_LOGE(TAG, "Loading ecp group failed, mbedtls_pk_ec() returned %d", ret); + return ret; + } + +#ifdef SOC_ECDSA_SUPPORT_EXPORT_PUBKEY + if (conf->load_pubkey) { + if ((ret = esp_ecdsa_load_pubkey(keypair, conf->efuse_block)) != 0) { + ESP_LOGE(TAG, "Loading public key context failed, esp_ecdsa_load_pubkey() returned %d", ret); + return ret; + } + } +#endif + return 0; +} + + static int esp_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi* r, mbedtls_mpi* s, const mbedtls_mpi *d, const unsigned char* msg, size_t msg_len) { @@ -141,6 +240,7 @@ static int esp_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi* r, mbedtls_mpi* s .k_mode = ECDSA_K_USE_TRNG, .sha_mode = ECDSA_Z_USER_PROVIDED, .efuse_key_blk = d->MBEDTLS_PRIVATE(n), + .use_km_key = 0, //TODO: IDF-7992 }; ecdsa_hal_gen_signature(&conf, NULL, sha_le, r_le, s_le, len); diff --git a/components/mbedtls/port/include/ecdsa/ecdsa_alt.h b/components/mbedtls/port/include/ecdsa/ecdsa_alt.h index 0326795f8d..3e27b21551 100644 --- a/components/mbedtls/port/include/ecdsa/ecdsa_alt.h +++ b/components/mbedtls/port/include/ecdsa/ecdsa_alt.h @@ -6,14 +6,47 @@ #pragma once +#include #include -#include "sdkconfig.h" +#include "mbedtls/ecp.h" #include "mbedtls/pk.h" +#include "sdkconfig.h" +#include "soc/soc_caps.h" #ifdef __cplusplus extern "C" { #endif +/** + * @brief ECDSA private key context initialization config structure + * @note Contains configuration information like the efuse key block that should be used as the private key, + * EC group ID of the private key and if the export public key operation is supported + * by the peripheral, a flag load_pubkey that is used specify if the public key has to be populated + */ +typedef struct { + mbedtls_ecp_group_id grp_id; + uint8_t efuse_block; +#ifdef SOC_ECDSA_SUPPORT_EXPORT_PUBKEY + bool load_pubkey; +#endif +} esp_ecdsa_pk_conf_t; //TODO: IDF-7925 (Add a config to select the ecdsa key from the key manager peripheral) + +#ifdef SOC_ECDSA_SUPPORT_EXPORT_PUBKEY + +/** + * @brief Populate the public key buffer of the mbedtls_ecp_keypair context. + * + * @param keypair The mbedtls ECP key-pair structure + * @param efuse_blk The efuse key block that should be used as the private key. + * The key purpose of this block must be ECDSA_KEY + * @return - 0 if successful + * - MBEDTLS_ERR_ECP_BAD_INPUT_DATA if invalid ecp group id specified + * - MBEDTLS_ERR_ECP_INVALID_KEY if efuse block with purpose ECDSA_KEY is not found + * - -1 if invalid efuse block is specified + */ +int esp_ecdsa_load_pubkey(mbedtls_ecp_keypair *keypair, int efuse_blk); +#endif + #ifdef CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN /** @@ -46,6 +79,24 @@ int esp_ecdsa_privkey_load_mpi(mbedtls_mpi *key, int efuse_blk); * - -1 otherwise */ int esp_ecdsa_privkey_load_pk_context(mbedtls_pk_context *key_ctx, int efuse_blk); + +/** + * @brief Initialize PK context and completely populate mbedtls_ecp_keypair context. + * We break the MPI struct used to represent the private key `d` in ECP keypair + * in order to differentiate between hardware key and software key. + * We also populate the ECP group field present in the mbedtls_ecp_keypair context. + * If the ECDSA peripheral of the chip supports exporting the public key, + * we can also populate the public key buffer of the mbedtls_ecp_keypair context + * if the load_pubkey flag is set in the esp_ecdsa_pk_conf_t config argument. + * + * @param key_ctx The context in which this functions stores the hardware context. + * This must be uninitialized + * @param conf ESP-ECDSA private key context initialization config structure + * + * @return - 0 if successful + * - -1 otherwise + */ +int esp_ecdsa_set_pk_context(mbedtls_pk_context *key_ctx, esp_ecdsa_pk_conf_t *conf); #endif #ifdef __cplusplus diff --git a/components/mbedtls/test_apps/main/test_mbedtls_ecdsa.c b/components/mbedtls/test_apps/main/test_mbedtls_ecdsa.c index aeb830f0b2..22340e9482 100644 --- a/components/mbedtls/test_apps/main/test_mbedtls_ecdsa.c +++ b/components/mbedtls/test_apps/main/test_mbedtls_ecdsa.c @@ -1,6 +1,6 @@ /* mbedTLS Elliptic Curve Digital Signature performance tests * - * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2021-2023 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -16,6 +16,7 @@ #include #include +#include "soc/soc_caps.h" #include "test_utils.h" #include "ccomp_timer.h" #include "unity.h" @@ -234,4 +235,53 @@ TEST_CASE("mbedtls ECDSA signature generation on SECP256R1", "[mbedtls][efuse_ke test_ecdsa_sign(MBEDTLS_ECP_DP_SECP256R1, sha, ecdsa256_sign_pub_x, ecdsa256_sign_pub_y); } +#ifdef SOC_ECDSA_SUPPORT_EXPORT_PUBKEY + +void test_ecdsa_export_pubkey(mbedtls_ecp_group_id id, const uint8_t *pub_x, const uint8_t *pub_y) +{ + uint8_t export_pub_x[32] = {0}; + uint8_t export_pub_y[32] = {0}; + int len = 0; + + esp_ecdsa_pk_conf_t pk_conf = { + .grp_id = id, + .load_pubkey = true, + }; + + if (id == MBEDTLS_ECP_DP_SECP192R1) { + pk_conf.efuse_block = SECP192R1_EFUSE_BLOCK; + len = 24; + } else if (id == MBEDTLS_ECP_DP_SECP256R1) { + pk_conf.efuse_block = SECP256R1_EFUSE_BLOCK; + len = 32; + } + + mbedtls_pk_context key_ctx; + + int ret = esp_ecdsa_set_pk_context(&key_ctx, &pk_conf); + TEST_ASSERT_EQUAL(0, ret); + + mbedtls_ecp_keypair *keypair = mbedtls_pk_ec(key_ctx); + mbedtls_mpi_write_binary(&(keypair->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X)), export_pub_x, len); + mbedtls_mpi_write_binary(&(keypair->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y)), export_pub_y, len); + + TEST_ASSERT_EQUAL_HEX8_ARRAY(pub_x, export_pub_x, len); + TEST_ASSERT_EQUAL_HEX8_ARRAY(pub_y, export_pub_y, len); + + mbedtls_ecdsa_free(keypair); +} + +TEST_CASE("mbedtls ECDSA export public key on SECP192R1", "[mbedtls][efuse_key]") +{ + test_ecdsa_export_pubkey(MBEDTLS_ECP_DP_SECP192R1, ecdsa192_sign_pub_x, ecdsa192_sign_pub_y); +} + +TEST_CASE("mbedtls ECDSA export public key on SECP256R1", "[mbedtls][efuse_key]") +{ + test_ecdsa_export_pubkey(MBEDTLS_ECP_DP_SECP256R1, ecdsa256_sign_pub_x, ecdsa256_sign_pub_y); +} + + +#endif /* SOC_ECDSA_SUPPORT_EXPORT_PUBKEY */ + #endif /* CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN */ diff --git a/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in b/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in index 4d72d25613..4577f87f85 100644 --- a/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in @@ -83,6 +83,10 @@ config SOC_ECC_EXTENDED_MODES_SUPPORTED bool default y +config SOC_ECDSA_SUPPORTED + bool + default y + config SOC_FLASH_ENC_SUPPORTED bool default y @@ -643,6 +647,10 @@ config SOC_SHA_SUPPORT_SHA256 bool default y +config SOC_ECDSA_SUPPORT_EXPORT_PUBKEY + bool + default y + config SOC_SDMMC_USE_IOMUX bool default y diff --git a/components/soc/esp32p4/include/soc/soc_caps.h b/components/soc/esp32p4/include/soc/soc_caps.h index 0c884595e9..b31d3f1ac6 100644 --- a/components/soc/esp32p4/include/soc/soc_caps.h +++ b/components/soc/esp32p4/include/soc/soc_caps.h @@ -62,6 +62,8 @@ #define SOC_DIG_SIGN_SUPPORTED 1 #define SOC_ECC_SUPPORTED 1 #define SOC_ECC_EXTENDED_MODES_SUPPORTED 1 +#define SOC_ECDSA_SUPPORTED 1 +// #define SOC_KEY_MANAGER_SUPPORTED 1 //TODO: IDF-7925 #define SOC_FLASH_ENC_SUPPORTED 1 // #define SOC_SECURE_BOOT_SUPPORTED 1 //TODO: IDF-7544 // #define SOC_BOD_SUPPORTED 1 //TODO: IDF-7519 @@ -337,6 +339,9 @@ #define SOC_SHA_SUPPORT_SHA224 (1) #define SOC_SHA_SUPPORT_SHA256 (1) +/*--------------------------- ECDSA CAPS ---------------------------------------*/ +#define SOC_ECDSA_SUPPORT_EXPORT_PUBKEY (1) + #ifdef SDMMC_DEFAULT_IOMUX #define SOC_SDMMC_USE_IOMUX 1 #else