diff --git a/components/esp_hw_support/esp_ds.c b/components/esp_hw_support/esp_ds.c index 3be5836549..2f3dc880d6 100644 --- a/components/esp_hw_support/esp_ds.c +++ b/components/esp_hw_support/esp_ds.c @@ -48,6 +48,9 @@ #include "esp32h2/rom/digital_signature.h" #endif +#if CONFIG_IDF_TARGET_ESP32P4 +#include "esp32p4/rom/digital_signature.h" +#endif struct esp_ds_context { const ets_ds_data_t *data; diff --git a/components/esp_hw_support/esp_hmac.c b/components/esp_hw_support/esp_hmac.c index 25e5c8bc8e..be47806dfb 100644 --- a/components/esp_hw_support/esp_hmac.c +++ b/components/esp_hw_support/esp_hmac.c @@ -27,7 +27,7 @@ #if defined(CONFIG_IDF_TARGET_ESP32S3) || defined(CONFIG_IDF_TARGET_ESP32S2) #define JTAG_STATUS_BIT ESP_EFUSE_HARD_DIS_JTAG #else -/* For ESP32C3, ESP32C6, ESP32H2 */ +/* For ESP32C3, ESP32C6, ESP32H2, ESP32P4 */ #define JTAG_STATUS_BIT ESP_EFUSE_DIS_PAD_JTAG #endif static const char *TAG = "esp_hmac"; diff --git a/components/esp_hw_support/test_apps/esp_hw_support_unity_tests/main/test_ds.c b/components/esp_hw_support/test_apps/esp_hw_support_unity_tests/main/test_ds.c index 9cf96edb93..aa5272993c 100644 --- a/components/esp_hw_support/test_apps/esp_hw_support_unity_tests/main/test_ds.c +++ b/components/esp_hw_support/test_apps/esp_hw_support_unity_tests/main/test_ds.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2020-2021 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2020-2023 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -34,6 +34,11 @@ #include "esp32h2/rom/digital_signature.h" #include "esp32h2/rom/aes.h" #include "esp32h2/rom/sha.h" +#elif CONFIG_IDF_TARGET_ESP32P4 +#include "esp32p4/rom/efuse.h" +#include "esp32p4/rom/digital_signature.h" +#include "esp32p4/rom/aes.h" +#include "esp32p4/rom/sha.h" #endif #include "esp_ds.h" @@ -375,7 +380,7 @@ TEST_CASE("Digital Signature Blocking Operation (FPGA only)", "[hw_crypto] [ds]" ds_r = esp_ds_finish_sign(signature, esp_ds_ctx); TEST_ASSERT_EQUAL(ESP_OK, ds_r); -#elif CONFIG_IDF_TARGET_ESP32C3 +#else esp_err_t ds_r = esp_ds_sign(test_messages[0], &ds_data, t->hmac_key_idx + 1, diff --git a/components/esp_hw_support/test_apps/security_support/esp_hw_support_unity_tests/main/gen_digital_signature_tests.py b/components/esp_hw_support/test_apps/security_support/esp_hw_support_unity_tests/main/gen_digital_signature_tests.py index 4b4c90262b..2aa2b6f3ab 100644 --- a/components/esp_hw_support/test_apps/security_support/esp_hw_support_unity_tests/main/gen_digital_signature_tests.py +++ b/components/esp_hw_support/test_apps/security_support/esp_hw_support_unity_tests/main/gen_digital_signature_tests.py @@ -1,5 +1,5 @@ #!/usr/bin/env python3 -# SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD +# SPDX-FileCopyrightText: 2021-2023 Espressif Systems (Shanghai) CO LTD # SPDX-License-Identifier: Apache-2.0 import argparse @@ -16,12 +16,13 @@ from cryptography.hazmat.primitives.asymmetric.rsa import _modinv as modinv # t from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes from cryptography.utils import int_to_bytes -supported_targets = {'esp32s2', 'esp32c3', 'esp32s3', 'esp32c6', 'esp32h2'} +supported_targets = {'esp32s2', 'esp32c3', 'esp32s3', 'esp32c6', 'esp32h2', 'esp32p4'} supported_key_size = {'esp32s2':[4096, 3072, 2048, 1024], 'esp32c3':[3072, 2048, 1024], 'esp32s3':[4096, 3072, 2048, 1024], 'esp32c6':[3072, 2048, 1024], - 'esp32h2':[3072, 2048, 1024]} + 'esp32h2':[3072, 2048, 1024], + 'esp32p4':[4096, 3072, 2048, 1024]} NUM_HMAC_KEYS = 3 NUM_MESSAGES = 10 diff --git a/components/esp_hw_support/test_apps/security_support/esp_hw_support_unity_tests/main/test_ds.c b/components/esp_hw_support/test_apps/security_support/esp_hw_support_unity_tests/main/test_ds.c index 9cf96edb93..aa5272993c 100644 --- a/components/esp_hw_support/test_apps/security_support/esp_hw_support_unity_tests/main/test_ds.c +++ b/components/esp_hw_support/test_apps/security_support/esp_hw_support_unity_tests/main/test_ds.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2020-2021 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2020-2023 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -34,6 +34,11 @@ #include "esp32h2/rom/digital_signature.h" #include "esp32h2/rom/aes.h" #include "esp32h2/rom/sha.h" +#elif CONFIG_IDF_TARGET_ESP32P4 +#include "esp32p4/rom/efuse.h" +#include "esp32p4/rom/digital_signature.h" +#include "esp32p4/rom/aes.h" +#include "esp32p4/rom/sha.h" #endif #include "esp_ds.h" @@ -375,7 +380,7 @@ TEST_CASE("Digital Signature Blocking Operation (FPGA only)", "[hw_crypto] [ds]" ds_r = esp_ds_finish_sign(signature, esp_ds_ctx); TEST_ASSERT_EQUAL(ESP_OK, ds_r); -#elif CONFIG_IDF_TARGET_ESP32C3 +#else esp_err_t ds_r = esp_ds_sign(test_messages[0], &ds_data, t->hmac_key_idx + 1, diff --git a/components/esp_rom/include/esp32p4/rom/digital_signature.h b/components/esp_rom/include/esp32p4/rom/digital_signature.h index 364a38bd5f..7af06fab1c 100644 --- a/components/esp_rom/include/esp32p4/rom/digital_signature.h +++ b/components/esp_rom/include/esp32p4/rom/digital_signature.h @@ -13,7 +13,7 @@ extern "C" { #include #include -#define ETS_DS_MAX_BITS 3072 +#define ETS_DS_MAX_BITS 4096 #define ETS_DS_IV_LEN 16 diff --git a/components/hal/esp32p4/include/hal/clk_gate_ll.h b/components/hal/esp32p4/include/hal/clk_gate_ll.h index 1003eb81a8..436cc7ba9d 100644 --- a/components/hal/esp32p4/include/hal/clk_gate_ll.h +++ b/components/hal/esp32p4/include/hal/clk_gate_ll.h @@ -113,6 +113,7 @@ static inline uint32_t periph_ll_get_clk_en_mask(periph_module_t periph) static inline uint32_t periph_ll_get_rst_en_mask(periph_module_t periph, bool enable) { + uint32_t ret; switch (periph) { case PERIPH_PVT_MODULE: return HP_SYS_CLKRST_REG_RST_EN_PVT_TOP; @@ -185,7 +186,12 @@ static inline uint32_t periph_ll_get_rst_en_mask(periph_module_t periph, bool en case PERIPH_SARADC_MODULE: return HP_SYS_CLKRST_REG_RST_EN_ADC; case PERIPH_AES_MODULE: - return HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_AES; + ret = HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_AES; + if (enable == true) { + // Clear reset on digital signature, otherwise AES unit is held in reset + ret |= HP_SYS_CLKRST_REG_RST_EN_DS; + } + return ret; case PERIPH_DS_MODULE: return HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_DS; case PERIPH_ECC_MODULE: @@ -193,11 +199,21 @@ static inline uint32_t periph_ll_get_rst_en_mask(periph_module_t periph, bool en case PERIPH_HMAC_MODULE: return HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_HMAC; case PERIPH_RSA_MODULE: - return HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_RSA; + ret = HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_RSA; + if (enable == true) { + // Clear reset on digital signature, otherwise RSA is held in reset + ret |= HP_SYS_CLKRST_REG_RST_EN_DS; + } + return ret; case PERIPH_SEC_MODULE: return HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_SEC; case PERIPH_SHA_MODULE: - return HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_SHA; + ret = HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_SHA; + if (enable == true) { + // Clear reset on digital signature, HMAC and ECDSA, otherwise SHA is held in reset + ret |= (HP_SYS_CLKRST_REG_RST_EN_HMAC | HP_SYS_CLKRST_REG_RST_EN_DS | HP_SYS_CLKRST_REG_RST_EN_ECDSA); + } + return ret; case PERIPH_ECDSA_MODULE: return HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_ECDSA; case PERIPH_SDMMC_MODULE: diff --git a/components/hal/esp32p4/include/hal/ds_ll.h b/components/hal/esp32p4/include/hal/ds_ll.h new file mode 100644 index 0000000000..2f56cfe9cd --- /dev/null +++ b/components/hal/esp32p4/include/hal/ds_ll.h @@ -0,0 +1,169 @@ +/* + * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ + +/******************************************************************************* + * NOTICE + * The hal is not public api, don't use it in application code. + ******************************************************************************/ + +#pragma once + +#include +#include +#include + +#include "soc/hwcrypto_reg.h" +#include "soc/soc_caps.h" +#include "hal/ds_types.h" + + +#ifdef __cplusplus +extern "C" { +#endif + +static inline void ds_ll_start(void) +{ + REG_WRITE(DS_SET_START_REG, 1); +} + +/** + * @brief Wait until DS peripheral has finished any outstanding operation. + */ +static inline bool ds_ll_busy(void) +{ + return (REG_READ(DS_QUERY_BUSY_REG) > 0) ? true : false; +} + +/** + * @brief Busy wait until the hardware is ready. + */ +static inline void ds_ll_wait_busy(void) +{ + while (ds_ll_busy()); +} + +/** + * @brief In case of a key error, check what caused it. + */ +static inline ds_key_check_t ds_ll_key_error_source(void) +{ + uint32_t key_error = REG_READ(DS_QUERY_KEY_WRONG_REG); + if (key_error == 0) { + return DS_NO_KEY_INPUT; + } else { + return DS_OTHER_WRONG; + } +} + +/** + * @brief Write the initialization vector to the corresponding register field. + */ +static inline void ds_ll_configure_iv(const uint32_t *iv) +{ + for (size_t i = 0; i < (SOC_DS_KEY_PARAM_MD_IV_LENGTH / sizeof(uint32_t)); i++) { + REG_WRITE(DS_IV_MEM + (i * 4) , iv[i]); + } +} + +/** + * @brief Write the message which should be signed. + * + * @param msg Pointer to the message. + * @param size Length of msg in bytes. It is the RSA signature length in bytes. + */ +static inline void ds_ll_write_message(const uint8_t *msg, size_t size) +{ + memcpy((uint8_t*) DS_X_MEM, msg, size); + asm volatile ("fence"); +} + +/** + * @brief Write the encrypted private key parameters. + */ +static inline void ds_ll_write_private_key_params(const uint8_t *encrypted_key_params) +{ + /* Note: as the internal peripheral still has RSA 4096 structure, + but C is encrypted based on the actual max RSA length (ETS_DS_MAX_BITS), need to fragment it + when copying to hardware... + + (note if ETS_DS_MAX_BITS == 4096, this should be the same as copying data->c to hardware in one fragment) + */ + typedef struct { uint32_t addr; size_t len; } frag_t; + const frag_t frags[] = { + {DS_Y_MEM, SOC_DS_SIGNATURE_MAX_BIT_LEN / 8}, + {DS_M_MEM, SOC_DS_SIGNATURE_MAX_BIT_LEN / 8}, + {DS_RB_MEM, SOC_DS_SIGNATURE_MAX_BIT_LEN / 8}, + {DS_BOX_MEM, DS_IV_MEM - DS_BOX_MEM}, + }; + const size_t NUM_FRAGS = sizeof(frags)/sizeof(frag_t); + const uint8_t *from = encrypted_key_params; + + for (int i = 0; i < NUM_FRAGS; i++) { + memcpy((uint8_t *)frags[i].addr, from, frags[i].len); + asm volatile ("fence"); + from += frags[i].len; + } +} + +/** + * @brief Begin signing procedure. + */ +static inline void ds_ll_start_sign(void) +{ + REG_WRITE(DS_SET_CONTINUE_REG, 1); +} + +/** + * @brief check the calculated signature. + * + * @return + * - DS_SIGNATURE_OK if no issue is detected with the signature. + * - DS_SIGNATURE_PADDING_FAIL if the padding of the private key parameters is wrong. + * - DS_SIGNATURE_MD_FAIL if the message digest check failed. This means that the message digest calculated using + * the private key parameters fails, i.e., the integrity of the private key parameters is not protected. + * - DS_SIGNATURE_PADDING_AND_MD_FAIL if both padding and message digest check fail. + */ +static inline ds_signature_check_t ds_ll_check_signature(void) +{ + uint32_t result = REG_READ(DS_QUERY_CHECK_REG); + switch(result) { + case 0: + return DS_SIGNATURE_OK; + case 1: + return DS_SIGNATURE_MD_FAIL; + case 2: + return DS_SIGNATURE_PADDING_FAIL; + default: + return DS_SIGNATURE_PADDING_AND_MD_FAIL; + } +} + +/** + * @brief Read the signature from the hardware. + * + * @param result The signature result. + * @param size Length of signature result in bytes. It is the RSA signature length in bytes. + */ +static inline void ds_ll_read_result(uint8_t *result, size_t size) +{ + memcpy(result, (uint8_t*) DS_Z_MEM, size); + asm volatile ("fence"); +} + +/** + * @brief Exit the signature operation. + * + * @note This does not deactivate the module. Corresponding clock/reset bits have to be triggered for deactivation. + */ +static inline void ds_ll_finish(void) +{ + REG_WRITE(DS_SET_FINISH_REG, 1); + ds_ll_wait_busy(); +} + +#ifdef __cplusplus +} +#endif diff --git a/components/hal/esp32p4/include/hal/hmac_ll.h b/components/hal/esp32p4/include/hal/hmac_ll.h new file mode 100644 index 0000000000..f4f95bd836 --- /dev/null +++ b/components/hal/esp32p4/include/hal/hmac_ll.h @@ -0,0 +1,191 @@ +/* + * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ + +/******************************************************************************* + * NOTICE + * The hal is not public api, don't use it in application code. + * See readme.md in soc/include/hal/readme.md + ******************************************************************************/ + +#pragma once + +#include + +#include "soc/system_reg.h" +#include "soc/hwcrypto_reg.h" +#include "hal/hmac_hal.h" + +#define SHA256_BLOCK_SZ 64 +#define SHA256_DIGEST_SZ 32 + +#define EFUSE_KEY_PURPOSE_HMAC_DOWN_JTAG 6 +#define EFUSE_KEY_PURPOSE_HMAC_DOWN_DIGITAL_SIGNATURE 7 +#define EFUSE_KEY_PURPOSE_HMAC_UP 8 +#define EFUSE_KEY_PURPOSE_HMAC_DOWN_ALL 5 + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * Makes the peripheral ready for use, after enabling it. + */ +static inline void hmac_ll_start(void) +{ + REG_WRITE(HMAC_SET_START_REG, 1); +} + +/** + * @brief Determine where the HMAC output should go. + * + * The HMAC peripheral can be configured to deliver its output to the user directly, or to deliver + * the output directly to another peripheral instead, e.g. the Digital Signature peripheral. + */ +static inline void hmac_ll_config_output(hmac_hal_output_t config) +{ + switch(config) { + case HMAC_OUTPUT_USER: + REG_WRITE(HMAC_SET_PARA_PURPOSE_REG, EFUSE_KEY_PURPOSE_HMAC_UP); + break; + case HMAC_OUTPUT_DS: + REG_WRITE(HMAC_SET_PARA_PURPOSE_REG, EFUSE_KEY_PURPOSE_HMAC_DOWN_DIGITAL_SIGNATURE); + break; + case HMAC_OUTPUT_JTAG_ENABLE: + REG_WRITE(HMAC_SET_PARA_PURPOSE_REG, EFUSE_KEY_PURPOSE_HMAC_DOWN_JTAG); + break; + case HMAC_OUTPUT_ALL: + REG_WRITE(HMAC_SET_PARA_PURPOSE_REG, EFUSE_KEY_PURPOSE_HMAC_DOWN_ALL); + break; + default: + ; // do nothing, error will be indicated by hmac_hal_config_error() + } +} + +/** + * @brief Selects which hardware key should be used. + */ +static inline void hmac_ll_config_hw_key_id(uint32_t key_id) +{ + REG_WRITE(HMAC_SET_PARA_KEY_REG, key_id); +} + +/** + * @brief Apply and check configuration. + * + * Afterwards, the configuration can be checked for errors with hmac_hal_config_error(). + */ +static inline void hmac_ll_config_finish(void) +{ + REG_WRITE(HMAC_SET_PARA_FINISH_REG, 1); +} + +/** + * + * @brief Query HMAC error state after configuration actions. + * + * @return + * - 1 or greater on error + * - 0 on success + */ +static inline uint32_t hmac_ll_config_error(void) +{ + return REG_READ(HMAC_QUERY_ERROR_REG); +} + +/** + * Wait until the HAL is ready for the next interaction. + */ +static inline void hmac_ll_wait_idle(void) +{ + uint32_t query; + do { + query = REG_READ(HMAC_QUERY_BUSY_REG); + } while(query != 0); +} + +/** + * @brief Write a message block of 512 bits to the HMAC peripheral. + */ +static inline void hmac_ll_write_block_512(const uint32_t *block) +{ + const size_t REG_WIDTH = sizeof(uint32_t); + for (size_t i = 0; i < SHA256_BLOCK_SZ / REG_WIDTH; i++) { + REG_WRITE(HMAC_WR_MESSAGE_MEM + (i * REG_WIDTH), block[i]); + } + + REG_WRITE(HMAC_SET_MESSAGE_ONE_REG, 1); +} + +/** + * @brief Read the 256 bit HMAC. + */ +static inline void hmac_ll_read_result_256(uint32_t *result) +{ + const size_t REG_WIDTH = sizeof(uint32_t); + for (size_t i = 0; i < SHA256_DIGEST_SZ / REG_WIDTH; i++) { + result[i] = REG_READ(HMAC_RD_RESULT_MEM + (i * REG_WIDTH)); + } +} + +/** + * @brief Clean the HMAC result provided to other hardware. + */ +static inline void hmac_ll_clean(void) +{ + REG_WRITE(HMAC_SET_INVALIDATE_DS_REG, 1); + REG_WRITE(HMAC_SET_INVALIDATE_JTAG_REG, 1); +} + +/** + * @brief Signals that the following block will be the padded last block. + */ +static inline void hmac_ll_msg_padding(void) +{ + REG_WRITE(HMAC_SET_MESSAGE_PAD_REG, 1); +} + +/** + * @brief Signals that all blocks have been written and a padding block will automatically be applied by hardware. + * + * Only applies if the message length is a multiple of 512 bits. + * See the chip TRM HMAC chapter for more details. + */ +static inline void hmac_ll_msg_end(void) +{ + REG_WRITE(HMAC_SET_MESSAGE_END_REG, 1); +} + +/** + * @brief The message including padding fits into one block, so no further action needs to be taken. + * + * This is called after the one-block-message has been written. + */ +static inline void hmac_ll_msg_one_block(void) +{ + REG_WRITE(HMAC_ONE_BLOCK_REG, 1); +} + +/** + * @brief Indicate that more blocks will be written after the last block. + */ +static inline void hmac_ll_msg_continue(void) +{ + REG_WRITE(HMAC_SET_MESSAGE_ING_REG, 1); +} + +/** + * @brief Clear the HMAC result. + * + * Use this after reading the HMAC result or if aborting after any of the other steps above. + */ +static inline void hmac_ll_calc_finish(void) +{ + REG_WRITE(HMAC_SET_RESULT_FINISH_REG, 2); +} + +#ifdef __cplusplus +} +#endif diff --git a/components/hal/test_apps/crypto/README.md b/components/hal/test_apps/crypto/README.md index 9168abb2ed..7f5b9e7248 100644 --- a/components/hal/test_apps/crypto/README.md +++ b/components/hal/test_apps/crypto/README.md @@ -62,12 +62,22 @@ espefuse.py -p $ESPPORT burn_key BLOCK_KEY4 main/hmac/hmac_key.bin HMAC_UP The tests needs some HMAC keys to be burned in the `BLOCK_KEY1`, `BLOCK_KEY2` and `BLOCK_KEY3` of the efuses. As this verification application is independent of the efuse component, the user needs to manually burn the keys and their key purposes using `espefuse.py`. +If SOC_DS_SIGNATURE_MAX_BIT_LEN == 3072: ```bash -espefuse.py -p $ESPPORT burn_key BLOCK_KEY1 main/ds/ds_key1.bin HMAC_DOWN_DIGITAL_SIGNATURE --do-not-confirm +espefuse.py -p $ESPPORT burn_key BLOCK_KEY1 main/ds/keys/3072/ds_key1.bin HMAC_DOWN_DIGITAL_SIGNATURE -espefuse.py -p $ESPPORT burn_key BLOCK_KEY2 main/ds/ds_key2.bin HMAC_DOWN_DIGITAL_SIGNATURE --do-not-confirm +espefuse.py -p $ESPPORT burn_key BLOCK_KEY2 main/ds/keys/3072/ds_key2.bin HMAC_DOWN_DIGITAL_SIGNATURE -espefuse.py -p $ESPPORT burn_key BLOCK_KEY3 main/ds/ds_key3.bin HMAC_DOWN_DIGITAL_SIGNATURE --do-not-confirm +espefuse.py -p $ESPPORT burn_key BLOCK_KEY3 main/ds/keys/3072/ds_key3.bin HMAC_DOWN_DIGITAL_SIGNATURE +``` + +If SOC_DS_SIGNATURE_MAX_BIT_LEN == 4096: +```bash +espefuse.py -p $ESPPORT burn_key BLOCK_KEY1 main/ds/keys/4096/ds_key1.bin HMAC_DOWN_DIGITAL_SIGNATURE + +espefuse.py -p $ESPPORT burn_key BLOCK_KEY2 main/ds/keys/4096/ds_key2.bin HMAC_DOWN_DIGITAL_SIGNATURE + +espefuse.py -p $ESPPORT burn_key BLOCK_KEY3 main/ds/keys/4096/ds_key3.bin HMAC_DOWN_DIGITAL_SIGNATURE ``` # Burning the ECDSA keys @@ -75,9 +85,9 @@ espefuse.py -p $ESPPORT burn_key BLOCK_KEY3 main/ds/ds_key3.bin HMAC_DOWN_DIGITA The ECDSA tests need some ECDSA keys to be burned in the `BLOCK_KEY1` and `BLOCK_KEY2` of the efuses. As this verification application is independent of the efuse component, the user needs to manually burn the keys and their key purposes using `espefuse.py`. ```bash -espefuse.py -p $ESPPORT burn_key BLOCK_KEY1 main/ecdsa/ecdsa192_priv_key.pem ECDSA_KEY --do-not-confirm +espefuse.py -p $ESPPORT burn_key BLOCK_KEY1 main/ecdsa/ecdsa192_priv_key.pem ECDSA_KEY -espefuse.py -p $ESPPORT burn_key BLOCK_KEY2 main/ecdsa/ecdsa256_priv_key.pem ECDSA_KEY --do-not-confirm +espefuse.py -p $ESPPORT burn_key BLOCK_KEY2 main/ecdsa/ecdsa256_priv_key.pem ECDSA_KEY ``` # Building diff --git a/components/hal/test_apps/crypto/main/ds/ds_key1.bin b/components/hal/test_apps/crypto/main/ds/keys/3072/ds_key1.bin similarity index 100% rename from components/hal/test_apps/crypto/main/ds/ds_key1.bin rename to components/hal/test_apps/crypto/main/ds/keys/3072/ds_key1.bin diff --git a/components/hal/test_apps/crypto/main/ds/ds_key2.bin b/components/hal/test_apps/crypto/main/ds/keys/3072/ds_key2.bin similarity index 100% rename from components/hal/test_apps/crypto/main/ds/ds_key2.bin rename to components/hal/test_apps/crypto/main/ds/keys/3072/ds_key2.bin diff --git a/components/hal/test_apps/crypto/main/ds/ds_key3.bin b/components/hal/test_apps/crypto/main/ds/keys/3072/ds_key3.bin similarity index 100% rename from components/hal/test_apps/crypto/main/ds/ds_key3.bin rename to components/hal/test_apps/crypto/main/ds/keys/3072/ds_key3.bin diff --git a/components/hal/test_apps/crypto/main/ds/keys/4096/ds_key1.bin b/components/hal/test_apps/crypto/main/ds/keys/4096/ds_key1.bin new file mode 100644 index 0000000000..f2b780f539 --- /dev/null +++ b/components/hal/test_apps/crypto/main/ds/keys/4096/ds_key1.bin @@ -0,0 +1 @@ +àüQ³¦?1ÊCµé{⇅AœB`RØŽEÃ|;‚à†\ No newline at end of file diff --git a/components/hal/test_apps/crypto/main/ds/keys/4096/ds_key2.bin b/components/hal/test_apps/crypto/main/ds/keys/4096/ds_key2.bin new file mode 100644 index 0000000000..7b759f1df4 --- /dev/null +++ b/components/hal/test_apps/crypto/main/ds/keys/4096/ds_key2.bin @@ -0,0 +1 @@ +=qÕÇàæ0fèî]á¡Ù}HÞ¼ºªô>Õ²¼F¼ \ No newline at end of file diff --git a/components/hal/test_apps/crypto/main/ds/keys/4096/ds_key3.bin b/components/hal/test_apps/crypto/main/ds/keys/4096/ds_key3.bin new file mode 100644 index 0000000000..ab7e781e0e Binary files /dev/null and b/components/hal/test_apps/crypto/main/ds/keys/4096/ds_key3.bin differ diff --git a/components/hal/test_apps/crypto/main/ds/test_ds.c b/components/hal/test_apps/crypto/main/ds/test_ds.c index 98addff6dd..4e8e4104a0 100644 --- a/components/hal/test_apps/crypto/main/ds/test_ds.c +++ b/components/hal/test_apps/crypto/main/ds/test_ds.c @@ -47,6 +47,11 @@ typedef enum { #include "esp32h2/rom/digital_signature.h" #include "esp32h2/rom/aes.h" #include "esp32h2/rom/sha.h" +#elif CONFIG_IDF_TARGET_ESP32P4 +#include "esp32p4/rom/efuse.h" +#include "esp32p4/rom/digital_signature.h" +#include "esp32p4/rom/aes.h" +#include "esp32p4/rom/sha.h" #endif #define ESP_ERR_HW_CRYPTO_DS_HMAC_FAIL (0x1) /*!< HMAC peripheral problem */ @@ -467,7 +472,7 @@ TEST(ds, digital_signature_blocking_operation) ds_r = esp_ds_finish_sign(signature, &ds_data); TEST_ASSERT_EQUAL(ESP_OK, ds_r); -#elif CONFIG_IDF_TARGET_ESP32C3 +#else esp_err_t ds_r = esp_ds_sign(test_messages[0], &ds_data, t->hmac_key_idx + 1, @@ -498,14 +503,11 @@ TEST(ds, digital_signature_invalid_data) esp_err_t ds_r = esp_ds_start_sign(test_messages[0], &ds_data, t->hmac_key_idx + 1); TEST_ASSERT_EQUAL(ESP_OK, ds_r); - ds_r = esp_ds_finish_sign(signature, &ds_data); -#if CONFIG_IDF_TARGET_ESP32S2 || CONFIG_IDF_TARGET_ESP32S3 - TEST_ASSERT_EQUAL(ESP_ERR_HW_CRYPTO_DS_INVALID_DIGEST, ds_r); -#elif CONFIG_IDF_TARGET_ESP32C3 - TEST_ASSERT_EQUAL(ESP_ERR_HW_CRYPTO_DS_INVALID_DIGEST, ds_r); -#endif - TEST_ASSERT_EQUAL_HEX8_ARRAY(zero, signature, DS_MAX_BITS / 8); + ds_r = esp_ds_finish_sign(signature, &ds_data); + TEST_ASSERT_EQUAL(ESP_ERR_HW_CRYPTO_DS_INVALID_DIGEST, ds_r); + + TEST_ASSERT_EQUAL_HEX8_ARRAY(zero, signature, DS_MAX_BITS / 8); ds_data.iv[bit / 8] ^= 1 << (bit % 8); } @@ -517,12 +519,10 @@ TEST(ds, digital_signature_invalid_data) esp_err_t ds_r = esp_ds_start_sign(test_messages[0], &ds_data, t->hmac_key_idx + 1); TEST_ASSERT_EQUAL(ESP_OK, ds_r); + ds_r = esp_ds_finish_sign(signature, &ds_data); -#if CONFIG_IDF_TARGET_ESP32S2 || CONFIG_IDF_TARGET_ESP32S3 TEST_ASSERT_EQUAL(ESP_ERR_HW_CRYPTO_DS_INVALID_DIGEST, ds_r); -#elif CONFIG_IDF_TARGET_ESP32C3 - TEST_ASSERT_EQUAL(ESP_ERR_HW_CRYPTO_DS_INVALID_DIGEST, ds_r); -#endif + TEST_ASSERT_EQUAL_HEX8_ARRAY(zero, signature, DS_MAX_BITS / 8); ds_data.c[bit / 8] ^= 1 << (bit % 8); diff --git a/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c b/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c index 023c336712..4e8c5277ef 100644 --- a/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c +++ b/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c @@ -18,6 +18,8 @@ #include "esp32c6/rom/digital_signature.h" #elif CONFIG_IDF_TARGET_ESP32H2 #include "esp32h2/rom/digital_signature.h" +#elif CONFIG_IDF_TARGET_ESP32P4 +#include "esp32p4/rom/digital_signature.h" #else #error "Selected target does not support esp_rsa_sign_alt (for DS)" #endif diff --git a/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in b/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in index eacf5f5603..4d72d25613 100644 --- a/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in @@ -67,6 +67,14 @@ config SOC_MPI_SUPPORTED bool default y +config SOC_HMAC_SUPPORTED + bool + default y + +config SOC_DIG_SIGN_SUPPORTED + bool + default y + config SOC_ECC_SUPPORTED bool default y @@ -237,7 +245,7 @@ config SOC_CPU_IDRAM_SPLIT_USING_PMP config SOC_DS_SIGNATURE_MAX_BIT_LEN int - default 3072 + default 4096 config SOC_DS_KEY_PARAM_MD_IV_LENGTH int diff --git a/components/soc/esp32p4/include/soc/soc_caps.h b/components/soc/esp32p4/include/soc/soc_caps.h index ee1978c11d..0c884595e9 100644 --- a/components/soc/esp32p4/include/soc/soc_caps.h +++ b/components/soc/esp32p4/include/soc/soc_caps.h @@ -58,8 +58,8 @@ // #define SOC_AES_SUPPORTED 1 //TODO: IDF-6519 #define SOC_MPI_SUPPORTED 1 // #define SOC_SHA_SUPPORTED 1 //TODO: IDF-7541 -// #define SOC_HMAC_SUPPORTED 1 //TODO: IDF-7543 -// #define SOC_DIG_SIGN_SUPPORTED 1 //TODO: IDF-6518 +#define SOC_HMAC_SUPPORTED 1 +#define SOC_DIG_SIGN_SUPPORTED 1 #define SOC_ECC_SUPPORTED 1 #define SOC_ECC_EXTENDED_MODES_SUPPORTED 1 #define SOC_FLASH_ENC_SUPPORTED 1 @@ -147,10 +147,9 @@ #define SOC_CPU_HAS_PMA 1 #define SOC_CPU_IDRAM_SPLIT_USING_PMP 1 -// TODO: IDF-5360 (Copy from esp32c3, need check) /*-------------------------- DIGITAL SIGNATURE CAPS ----------------------------------------*/ /** The maximum length of a Digital Signature in bits. */ -#define SOC_DS_SIGNATURE_MAX_BIT_LEN (3072) +#define SOC_DS_SIGNATURE_MAX_BIT_LEN (4096) /** Initialization vector (IV) length for the RSA key parameter message digest (MD) in bytes. */ #define SOC_DS_KEY_PARAM_MD_IV_LENGTH (16) diff --git a/examples/security/nvs_encryption_hmac/README.md b/examples/security/nvs_encryption_hmac/README.md index a4eefc59fb..2acfa54def 100644 --- a/examples/security/nvs_encryption_hmac/README.md +++ b/examples/security/nvs_encryption_hmac/README.md @@ -1,5 +1,5 @@ -| Supported Targets | ESP32-C3 | ESP32-C6 | ESP32-H2 | ESP32-S2 | ESP32-S3 | -| ----------------- | -------- | -------- | -------- | -------- | -------- | +| Supported Targets | ESP32-C3 | ESP32-C6 | ESP32-H2 | ESP32-P4 | ESP32-S2 | ESP32-S3 | +| ----------------- | -------- | -------- | -------- | -------- | -------- | -------- | # NVS Encryption with HMAC-based encryption key protection scheme