From b8c208cdb3606610020dbf8c60b3815ab205d7aa Mon Sep 17 00:00:00 2001 From: "harshal.patil" Date: Wed, 2 Aug 2023 12:25:38 +0530 Subject: [PATCH] feat(ds): add Digital Signature peripheral support for esp32p4 --- components/esp_hw_support/esp_ds.c | 3 + .../esp_hw_support_unity_tests/main/test_ds.c | 9 +- .../main/gen_digital_signature_tests.py | 7 +- .../esp_hw_support_unity_tests/main/test_ds.c | 9 +- .../include/esp32p4/rom/digital_signature.h | 2 +- .../hal/esp32p4/include/hal/clk_gate_ll.h | 17 +- components/hal/esp32p4/include/hal/ds_ll.h | 169 ++++++++++++++++++ .../mbedtls/port/esp_ds/esp_rsa_sign_alt.c | 2 + .../esp32p4/include/soc/Kconfig.soc_caps.in | 6 +- components/soc/esp32p4/include/soc/soc_caps.h | 5 +- 10 files changed, 214 insertions(+), 15 deletions(-) create mode 100644 components/hal/esp32p4/include/hal/ds_ll.h diff --git a/components/esp_hw_support/esp_ds.c b/components/esp_hw_support/esp_ds.c index 3be5836549..2f3dc880d6 100644 --- a/components/esp_hw_support/esp_ds.c +++ b/components/esp_hw_support/esp_ds.c @@ -48,6 +48,9 @@ #include "esp32h2/rom/digital_signature.h" #endif +#if CONFIG_IDF_TARGET_ESP32P4 +#include "esp32p4/rom/digital_signature.h" +#endif struct esp_ds_context { const ets_ds_data_t *data; diff --git a/components/esp_hw_support/test_apps/esp_hw_support_unity_tests/main/test_ds.c b/components/esp_hw_support/test_apps/esp_hw_support_unity_tests/main/test_ds.c index 9cf96edb93..aa5272993c 100644 --- a/components/esp_hw_support/test_apps/esp_hw_support_unity_tests/main/test_ds.c +++ b/components/esp_hw_support/test_apps/esp_hw_support_unity_tests/main/test_ds.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2020-2021 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2020-2023 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -34,6 +34,11 @@ #include "esp32h2/rom/digital_signature.h" #include "esp32h2/rom/aes.h" #include "esp32h2/rom/sha.h" +#elif CONFIG_IDF_TARGET_ESP32P4 +#include "esp32p4/rom/efuse.h" +#include "esp32p4/rom/digital_signature.h" +#include "esp32p4/rom/aes.h" +#include "esp32p4/rom/sha.h" #endif #include "esp_ds.h" @@ -375,7 +380,7 @@ TEST_CASE("Digital Signature Blocking Operation (FPGA only)", "[hw_crypto] [ds]" ds_r = esp_ds_finish_sign(signature, esp_ds_ctx); TEST_ASSERT_EQUAL(ESP_OK, ds_r); -#elif CONFIG_IDF_TARGET_ESP32C3 +#else esp_err_t ds_r = esp_ds_sign(test_messages[0], &ds_data, t->hmac_key_idx + 1, diff --git a/components/esp_hw_support/test_apps/security_support/esp_hw_support_unity_tests/main/gen_digital_signature_tests.py b/components/esp_hw_support/test_apps/security_support/esp_hw_support_unity_tests/main/gen_digital_signature_tests.py index 4b4c90262b..2aa2b6f3ab 100644 --- a/components/esp_hw_support/test_apps/security_support/esp_hw_support_unity_tests/main/gen_digital_signature_tests.py +++ b/components/esp_hw_support/test_apps/security_support/esp_hw_support_unity_tests/main/gen_digital_signature_tests.py @@ -1,5 +1,5 @@ #!/usr/bin/env python3 -# SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD +# SPDX-FileCopyrightText: 2021-2023 Espressif Systems (Shanghai) CO LTD # SPDX-License-Identifier: Apache-2.0 import argparse @@ -16,12 +16,13 @@ from cryptography.hazmat.primitives.asymmetric.rsa import _modinv as modinv # t from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes from cryptography.utils import int_to_bytes -supported_targets = {'esp32s2', 'esp32c3', 'esp32s3', 'esp32c6', 'esp32h2'} +supported_targets = {'esp32s2', 'esp32c3', 'esp32s3', 'esp32c6', 'esp32h2', 'esp32p4'} supported_key_size = {'esp32s2':[4096, 3072, 2048, 1024], 'esp32c3':[3072, 2048, 1024], 'esp32s3':[4096, 3072, 2048, 1024], 'esp32c6':[3072, 2048, 1024], - 'esp32h2':[3072, 2048, 1024]} + 'esp32h2':[3072, 2048, 1024], + 'esp32p4':[4096, 3072, 2048, 1024]} NUM_HMAC_KEYS = 3 NUM_MESSAGES = 10 diff --git a/components/esp_hw_support/test_apps/security_support/esp_hw_support_unity_tests/main/test_ds.c b/components/esp_hw_support/test_apps/security_support/esp_hw_support_unity_tests/main/test_ds.c index 9cf96edb93..aa5272993c 100644 --- a/components/esp_hw_support/test_apps/security_support/esp_hw_support_unity_tests/main/test_ds.c +++ b/components/esp_hw_support/test_apps/security_support/esp_hw_support_unity_tests/main/test_ds.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2020-2021 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2020-2023 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -34,6 +34,11 @@ #include "esp32h2/rom/digital_signature.h" #include "esp32h2/rom/aes.h" #include "esp32h2/rom/sha.h" +#elif CONFIG_IDF_TARGET_ESP32P4 +#include "esp32p4/rom/efuse.h" +#include "esp32p4/rom/digital_signature.h" +#include "esp32p4/rom/aes.h" +#include "esp32p4/rom/sha.h" #endif #include "esp_ds.h" @@ -375,7 +380,7 @@ TEST_CASE("Digital Signature Blocking Operation (FPGA only)", "[hw_crypto] [ds]" ds_r = esp_ds_finish_sign(signature, esp_ds_ctx); TEST_ASSERT_EQUAL(ESP_OK, ds_r); -#elif CONFIG_IDF_TARGET_ESP32C3 +#else esp_err_t ds_r = esp_ds_sign(test_messages[0], &ds_data, t->hmac_key_idx + 1, diff --git a/components/esp_rom/include/esp32p4/rom/digital_signature.h b/components/esp_rom/include/esp32p4/rom/digital_signature.h index 364a38bd5f..7af06fab1c 100644 --- a/components/esp_rom/include/esp32p4/rom/digital_signature.h +++ b/components/esp_rom/include/esp32p4/rom/digital_signature.h @@ -13,7 +13,7 @@ extern "C" { #include #include -#define ETS_DS_MAX_BITS 3072 +#define ETS_DS_MAX_BITS 4096 #define ETS_DS_IV_LEN 16 diff --git a/components/hal/esp32p4/include/hal/clk_gate_ll.h b/components/hal/esp32p4/include/hal/clk_gate_ll.h index 74b9b731ba..81b706911b 100644 --- a/components/hal/esp32p4/include/hal/clk_gate_ll.h +++ b/components/hal/esp32p4/include/hal/clk_gate_ll.h @@ -196,7 +196,12 @@ static inline uint32_t periph_ll_get_rst_en_mask(periph_module_t periph, bool en case PERIPH_SARADC_MODULE: return HP_SYS_CLKRST_REG_RST_EN_ADC; case PERIPH_AES_MODULE: - return HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_AES; + ret = HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_AES; + if (enable == true) { + // Clear reset on digital signature, otherwise AES unit is held in reset + ret |= HP_SYS_CLKRST_REG_RST_EN_DS; + } + return ret; case PERIPH_DS_MODULE: return HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_DS; case PERIPH_ECC_MODULE: @@ -204,13 +209,19 @@ static inline uint32_t periph_ll_get_rst_en_mask(periph_module_t periph, bool en case PERIPH_HMAC_MODULE: return HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_HMAC; case PERIPH_RSA_MODULE: - return HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_RSA; + ret = HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_RSA; + if (enable == true) { + // Clear reset on digital signature, otherwise RSA is held in reset + ret |= HP_SYS_CLKRST_REG_RST_EN_DS; + } + return ret; case PERIPH_SEC_MODULE: return HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_SEC; case PERIPH_SHA_MODULE: ret = HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_SHA; if (enable == true) { - ret |= HP_SYS_CLKRST_REG_RST_EN_HMAC; + // Clear reset on digital signature, HMAC and ECDSA, otherwise SHA is held in reset + ret |= (HP_SYS_CLKRST_REG_RST_EN_HMAC | HP_SYS_CLKRST_REG_RST_EN_DS | HP_SYS_CLKRST_REG_RST_EN_ECDSA); } return ret; case PERIPH_ECDSA_MODULE: diff --git a/components/hal/esp32p4/include/hal/ds_ll.h b/components/hal/esp32p4/include/hal/ds_ll.h new file mode 100644 index 0000000000..2f56cfe9cd --- /dev/null +++ b/components/hal/esp32p4/include/hal/ds_ll.h @@ -0,0 +1,169 @@ +/* + * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ + +/******************************************************************************* + * NOTICE + * The hal is not public api, don't use it in application code. + ******************************************************************************/ + +#pragma once + +#include +#include +#include + +#include "soc/hwcrypto_reg.h" +#include "soc/soc_caps.h" +#include "hal/ds_types.h" + + +#ifdef __cplusplus +extern "C" { +#endif + +static inline void ds_ll_start(void) +{ + REG_WRITE(DS_SET_START_REG, 1); +} + +/** + * @brief Wait until DS peripheral has finished any outstanding operation. + */ +static inline bool ds_ll_busy(void) +{ + return (REG_READ(DS_QUERY_BUSY_REG) > 0) ? true : false; +} + +/** + * @brief Busy wait until the hardware is ready. + */ +static inline void ds_ll_wait_busy(void) +{ + while (ds_ll_busy()); +} + +/** + * @brief In case of a key error, check what caused it. + */ +static inline ds_key_check_t ds_ll_key_error_source(void) +{ + uint32_t key_error = REG_READ(DS_QUERY_KEY_WRONG_REG); + if (key_error == 0) { + return DS_NO_KEY_INPUT; + } else { + return DS_OTHER_WRONG; + } +} + +/** + * @brief Write the initialization vector to the corresponding register field. + */ +static inline void ds_ll_configure_iv(const uint32_t *iv) +{ + for (size_t i = 0; i < (SOC_DS_KEY_PARAM_MD_IV_LENGTH / sizeof(uint32_t)); i++) { + REG_WRITE(DS_IV_MEM + (i * 4) , iv[i]); + } +} + +/** + * @brief Write the message which should be signed. + * + * @param msg Pointer to the message. + * @param size Length of msg in bytes. It is the RSA signature length in bytes. + */ +static inline void ds_ll_write_message(const uint8_t *msg, size_t size) +{ + memcpy((uint8_t*) DS_X_MEM, msg, size); + asm volatile ("fence"); +} + +/** + * @brief Write the encrypted private key parameters. + */ +static inline void ds_ll_write_private_key_params(const uint8_t *encrypted_key_params) +{ + /* Note: as the internal peripheral still has RSA 4096 structure, + but C is encrypted based on the actual max RSA length (ETS_DS_MAX_BITS), need to fragment it + when copying to hardware... + + (note if ETS_DS_MAX_BITS == 4096, this should be the same as copying data->c to hardware in one fragment) + */ + typedef struct { uint32_t addr; size_t len; } frag_t; + const frag_t frags[] = { + {DS_Y_MEM, SOC_DS_SIGNATURE_MAX_BIT_LEN / 8}, + {DS_M_MEM, SOC_DS_SIGNATURE_MAX_BIT_LEN / 8}, + {DS_RB_MEM, SOC_DS_SIGNATURE_MAX_BIT_LEN / 8}, + {DS_BOX_MEM, DS_IV_MEM - DS_BOX_MEM}, + }; + const size_t NUM_FRAGS = sizeof(frags)/sizeof(frag_t); + const uint8_t *from = encrypted_key_params; + + for (int i = 0; i < NUM_FRAGS; i++) { + memcpy((uint8_t *)frags[i].addr, from, frags[i].len); + asm volatile ("fence"); + from += frags[i].len; + } +} + +/** + * @brief Begin signing procedure. + */ +static inline void ds_ll_start_sign(void) +{ + REG_WRITE(DS_SET_CONTINUE_REG, 1); +} + +/** + * @brief check the calculated signature. + * + * @return + * - DS_SIGNATURE_OK if no issue is detected with the signature. + * - DS_SIGNATURE_PADDING_FAIL if the padding of the private key parameters is wrong. + * - DS_SIGNATURE_MD_FAIL if the message digest check failed. This means that the message digest calculated using + * the private key parameters fails, i.e., the integrity of the private key parameters is not protected. + * - DS_SIGNATURE_PADDING_AND_MD_FAIL if both padding and message digest check fail. + */ +static inline ds_signature_check_t ds_ll_check_signature(void) +{ + uint32_t result = REG_READ(DS_QUERY_CHECK_REG); + switch(result) { + case 0: + return DS_SIGNATURE_OK; + case 1: + return DS_SIGNATURE_MD_FAIL; + case 2: + return DS_SIGNATURE_PADDING_FAIL; + default: + return DS_SIGNATURE_PADDING_AND_MD_FAIL; + } +} + +/** + * @brief Read the signature from the hardware. + * + * @param result The signature result. + * @param size Length of signature result in bytes. It is the RSA signature length in bytes. + */ +static inline void ds_ll_read_result(uint8_t *result, size_t size) +{ + memcpy(result, (uint8_t*) DS_Z_MEM, size); + asm volatile ("fence"); +} + +/** + * @brief Exit the signature operation. + * + * @note This does not deactivate the module. Corresponding clock/reset bits have to be triggered for deactivation. + */ +static inline void ds_ll_finish(void) +{ + REG_WRITE(DS_SET_FINISH_REG, 1); + ds_ll_wait_busy(); +} + +#ifdef __cplusplus +} +#endif diff --git a/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c b/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c index 023c336712..4e8c5277ef 100644 --- a/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c +++ b/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c @@ -18,6 +18,8 @@ #include "esp32c6/rom/digital_signature.h" #elif CONFIG_IDF_TARGET_ESP32H2 #include "esp32h2/rom/digital_signature.h" +#elif CONFIG_IDF_TARGET_ESP32P4 +#include "esp32p4/rom/digital_signature.h" #else #error "Selected target does not support esp_rsa_sign_alt (for DS)" #endif diff --git a/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in b/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in index b30f6f9b2d..57874247c7 100644 --- a/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in @@ -71,6 +71,10 @@ config SOC_HMAC_SUPPORTED bool default y +config SOC_DIG_SIGN_SUPPORTED + bool + default y + config SOC_ECC_SUPPORTED bool default y @@ -237,7 +241,7 @@ config SOC_CPU_IDRAM_SPLIT_USING_PMP config SOC_DS_SIGNATURE_MAX_BIT_LEN int - default 3072 + default 4096 config SOC_DS_KEY_PARAM_MD_IV_LENGTH int diff --git a/components/soc/esp32p4/include/soc/soc_caps.h b/components/soc/esp32p4/include/soc/soc_caps.h index 032c99ce87..5425c9bc8f 100644 --- a/components/soc/esp32p4/include/soc/soc_caps.h +++ b/components/soc/esp32p4/include/soc/soc_caps.h @@ -59,7 +59,7 @@ #define SOC_MPI_SUPPORTED 1 // #define SOC_SHA_SUPPORTED 1 //TODO: IDF-7541 #define SOC_HMAC_SUPPORTED 1 -// #define SOC_DIG_SIGN_SUPPORTED 1 //TODO: IDF-6518 +#define SOC_DIG_SIGN_SUPPORTED 1 #define SOC_ECC_SUPPORTED 1 #define SOC_ECC_EXTENDED_MODES_SUPPORTED 1 #define SOC_FLASH_ENC_SUPPORTED 1 @@ -146,10 +146,9 @@ #define SOC_CPU_HAS_PMA 1 #define SOC_CPU_IDRAM_SPLIT_USING_PMP 1 -// TODO: IDF-5360 (Copy from esp32c3, need check) /*-------------------------- DIGITAL SIGNATURE CAPS ----------------------------------------*/ /** The maximum length of a Digital Signature in bits. */ -#define SOC_DS_SIGNATURE_MAX_BIT_LEN (3072) +#define SOC_DS_SIGNATURE_MAX_BIT_LEN (4096) /** Initialization vector (IV) length for the RSA key parameter message digest (MD) in bytes. */ #define SOC_DS_KEY_PARAM_MD_IV_LENGTH (16)