Merge branch 'esp32p4/add_hmac_ds_support' into 'master'

esp32p4/add hmac ds support

Closes IDF-7543 and IDF-6518

See merge request espressif/esp-idf!25148

components/esp_hw_support/esp_ds.c

@@ -48,6 +48,9 @@
 #include "esp32h2/rom/digital_signature.h"
 #endif
 
+#if CONFIG_IDF_TARGET_ESP32P4
+#include "esp32p4/rom/digital_signature.h"
+#endif
 
 struct esp_ds_context {
     const ets_ds_data_t *data;

components/esp_hw_support/esp_hmac.c

@@ -27,7 +27,7 @@
 #if defined(CONFIG_IDF_TARGET_ESP32S3) || defined(CONFIG_IDF_TARGET_ESP32S2)
 #define JTAG_STATUS_BIT ESP_EFUSE_HARD_DIS_JTAG
 #else
-/* For ESP32C3, ESP32C6, ESP32H2 */
+/* For ESP32C3, ESP32C6, ESP32H2, ESP32P4 */
 #define JTAG_STATUS_BIT ESP_EFUSE_DIS_PAD_JTAG
 #endif
 static const char *TAG = "esp_hmac";

components/esp_hw_support/test_apps/esp_hw_support_unity_tests/main/test_ds.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2020-2021 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2020-2023 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -34,6 +34,11 @@
 #include "esp32h2/rom/digital_signature.h"
 #include "esp32h2/rom/aes.h"
 #include "esp32h2/rom/sha.h"
+#elif CONFIG_IDF_TARGET_ESP32P4
+#include "esp32p4/rom/efuse.h"
+#include "esp32p4/rom/digital_signature.h"
+#include "esp32p4/rom/aes.h"
+#include "esp32p4/rom/sha.h"
 #endif
 
 #include "esp_ds.h"
@@ -375,7 +380,7 @@ TEST_CASE("Digital Signature Blocking Operation (FPGA only)", "[hw_crypto] [ds]"
 
         ds_r = esp_ds_finish_sign(signature, esp_ds_ctx);
         TEST_ASSERT_EQUAL(ESP_OK, ds_r);
-#elif CONFIG_IDF_TARGET_ESP32C3
+#else
         esp_err_t ds_r = esp_ds_sign(test_messages[0],
                                      &ds_data,
                                      t->hmac_key_idx + 1,

components/esp_hw_support/test_apps/security_support/esp_hw_support_unity_tests/main/gen_digital_signature_tests.py

@@ -1,5 +1,5 @@
 #!/usr/bin/env python3
-# SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
+# SPDX-FileCopyrightText: 2021-2023 Espressif Systems (Shanghai) CO LTD
 # SPDX-License-Identifier: Apache-2.0
 
 import argparse
@@ -16,12 +16,13 @@ from cryptography.hazmat.primitives.asymmetric.rsa import _modinv as modinv  # t
 from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
 from cryptography.utils import int_to_bytes
 
-supported_targets = {'esp32s2', 'esp32c3', 'esp32s3', 'esp32c6', 'esp32h2'}
+supported_targets = {'esp32s2', 'esp32c3', 'esp32s3', 'esp32c6', 'esp32h2', 'esp32p4'}
 supported_key_size = {'esp32s2':[4096, 3072, 2048, 1024],
                       'esp32c3':[3072, 2048, 1024],
                       'esp32s3':[4096, 3072, 2048, 1024],
                       'esp32c6':[3072, 2048, 1024],
-                      'esp32h2':[3072, 2048, 1024]}
+                      'esp32h2':[3072, 2048, 1024],
+                      'esp32p4':[4096, 3072, 2048, 1024]}
 
 NUM_HMAC_KEYS = 3
 NUM_MESSAGES = 10

components/esp_hw_support/test_apps/security_support/esp_hw_support_unity_tests/main/test_ds.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2020-2021 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2020-2023 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -34,6 +34,11 @@
 #include "esp32h2/rom/digital_signature.h"
 #include "esp32h2/rom/aes.h"
 #include "esp32h2/rom/sha.h"
+#elif CONFIG_IDF_TARGET_ESP32P4
+#include "esp32p4/rom/efuse.h"
+#include "esp32p4/rom/digital_signature.h"
+#include "esp32p4/rom/aes.h"
+#include "esp32p4/rom/sha.h"
 #endif
 
 #include "esp_ds.h"
@@ -375,7 +380,7 @@ TEST_CASE("Digital Signature Blocking Operation (FPGA only)", "[hw_crypto] [ds]"
 
         ds_r = esp_ds_finish_sign(signature, esp_ds_ctx);
         TEST_ASSERT_EQUAL(ESP_OK, ds_r);
-#elif CONFIG_IDF_TARGET_ESP32C3
+#else
         esp_err_t ds_r = esp_ds_sign(test_messages[0],
                                      &ds_data,
                                      t->hmac_key_idx + 1,

components/esp_rom/include/esp32p4/rom/digital_signature.h

@@ -13,7 +13,7 @@ extern "C" {
 #include <stdint.h>
 #include <stdbool.h>
 
-#define ETS_DS_MAX_BITS 3072
+#define ETS_DS_MAX_BITS 4096
 
 #define ETS_DS_IV_LEN 16
 

components/hal/esp32p4/include/hal/clk_gate_ll.h

@@ -113,6 +113,7 @@ static inline uint32_t periph_ll_get_clk_en_mask(periph_module_t periph)
 
 static inline uint32_t periph_ll_get_rst_en_mask(periph_module_t periph, bool enable)
 {
+    uint32_t ret;
     switch (periph) {
     case PERIPH_PVT_MODULE:
         return HP_SYS_CLKRST_REG_RST_EN_PVT_TOP;
@@ -185,7 +186,12 @@ static inline uint32_t periph_ll_get_rst_en_mask(periph_module_t periph, bool en
     case PERIPH_SARADC_MODULE:
         return HP_SYS_CLKRST_REG_RST_EN_ADC;
     case PERIPH_AES_MODULE:
-        return HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_AES;
+        ret = HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_AES;
+        if (enable == true) {
+            // Clear reset on digital signature, otherwise AES unit is held in reset
+            ret |= HP_SYS_CLKRST_REG_RST_EN_DS;
+        }
+        return ret;
     case PERIPH_DS_MODULE:
         return HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_DS;
     case PERIPH_ECC_MODULE:
@@ -193,11 +199,21 @@ static inline uint32_t periph_ll_get_rst_en_mask(periph_module_t periph, bool en
     case PERIPH_HMAC_MODULE:
         return HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_HMAC;
     case PERIPH_RSA_MODULE:
-        return HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_RSA;
+        ret = HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_RSA;
+        if (enable == true) {
+            // Clear reset on digital signature, otherwise RSA is held in reset
+            ret |= HP_SYS_CLKRST_REG_RST_EN_DS;
+        }
+        return ret;
     case PERIPH_SEC_MODULE:
         return HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_SEC;
     case PERIPH_SHA_MODULE:
-        return HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_SHA;
+        ret = HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_SHA;
+        if (enable == true) {
+            // Clear reset on digital signature, HMAC and ECDSA, otherwise SHA is held in reset
+            ret |= (HP_SYS_CLKRST_REG_RST_EN_HMAC | HP_SYS_CLKRST_REG_RST_EN_DS | HP_SYS_CLKRST_REG_RST_EN_ECDSA);
+        }
+        return ret;
     case PERIPH_ECDSA_MODULE:
         return HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_ECDSA;
     case PERIPH_SDMMC_MODULE:

components/hal/esp32p4/include/hal/ds_ll.h

@@ -0,0 +1,169 @@
+/*
+ * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+/*******************************************************************************
+ * NOTICE
+ * The hal is not public api, don't use it in application code.
+ ******************************************************************************/
+
+#pragma once
+
+#include <stdint.h>
+#include <stdbool.h>
+#include <string.h>
+
+#include "soc/hwcrypto_reg.h"
+#include "soc/soc_caps.h"
+#include "hal/ds_types.h"
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+static inline void ds_ll_start(void)
+{
+    REG_WRITE(DS_SET_START_REG, 1);
+}
+
+/**
+ * @brief Wait until DS peripheral has finished any outstanding operation.
+ */
+static inline bool ds_ll_busy(void)
+{
+    return (REG_READ(DS_QUERY_BUSY_REG) > 0) ? true : false;
+}
+
+/**
+ * @brief Busy wait until the hardware is ready.
+ */
+static inline void ds_ll_wait_busy(void)
+{
+    while (ds_ll_busy());
+}
+
+/**
+ * @brief In case of a key error, check what caused it.
+ */
+static inline ds_key_check_t ds_ll_key_error_source(void)
+{
+    uint32_t key_error = REG_READ(DS_QUERY_KEY_WRONG_REG);
+    if (key_error == 0) {
+        return DS_NO_KEY_INPUT;
+    } else {
+        return DS_OTHER_WRONG;
+    }
+}
+
+/**
+ * @brief Write the initialization vector to the corresponding register field.
+ */
+static inline void ds_ll_configure_iv(const uint32_t *iv)
+{
+    for (size_t i = 0; i < (SOC_DS_KEY_PARAM_MD_IV_LENGTH / sizeof(uint32_t)); i++) {
+        REG_WRITE(DS_IV_MEM + (i * 4) , iv[i]);
+    }
+}
+
+/**
+ * @brief Write the message which should be signed.
+ *
+ * @param msg Pointer to the message.
+ * @param size Length of msg in bytes. It is the RSA signature length in bytes.
+ */
+static inline void ds_ll_write_message(const uint8_t *msg, size_t size)
+{
+    memcpy((uint8_t*) DS_X_MEM, msg, size);
+    asm volatile ("fence");
+}
+
+/**
+ * @brief Write the encrypted private key parameters.
+ */
+static inline void ds_ll_write_private_key_params(const uint8_t *encrypted_key_params)
+{
+    /* Note: as the internal peripheral still has RSA 4096 structure,
+       but C is encrypted based on the actual max RSA length (ETS_DS_MAX_BITS), need to fragment it
+       when copying to hardware...
+
+       (note if ETS_DS_MAX_BITS == 4096, this should be the same as copying data->c to hardware in one fragment)
+    */
+    typedef struct { uint32_t addr; size_t len; } frag_t;
+    const frag_t frags[] = {
+                            {DS_Y_MEM,  SOC_DS_SIGNATURE_MAX_BIT_LEN / 8},
+                            {DS_M_MEM,  SOC_DS_SIGNATURE_MAX_BIT_LEN / 8},
+                            {DS_RB_MEM, SOC_DS_SIGNATURE_MAX_BIT_LEN / 8},
+                            {DS_BOX_MEM, DS_IV_MEM - DS_BOX_MEM},
+    };
+    const size_t NUM_FRAGS = sizeof(frags)/sizeof(frag_t);
+    const uint8_t *from = encrypted_key_params;
+
+    for (int i = 0; i < NUM_FRAGS; i++) {
+        memcpy((uint8_t *)frags[i].addr, from, frags[i].len);
+        asm volatile ("fence");
+        from += frags[i].len;
+    }
+}
+
+/**
+ * @brief Begin signing procedure.
+ */
+static inline void ds_ll_start_sign(void)
+{
+    REG_WRITE(DS_SET_CONTINUE_REG, 1);
+}
+
+/**
+ * @brief check the calculated signature.
+ *
+ * @return
+ * - DS_SIGNATURE_OK if no issue is detected with the signature.
+ * - DS_SIGNATURE_PADDING_FAIL if the padding of the private key parameters is wrong.
+ * - DS_SIGNATURE_MD_FAIL if the message digest check failed. This means that the message digest calculated using
+ *      the private key parameters fails, i.e., the integrity of the private key parameters is not protected.
+ * - DS_SIGNATURE_PADDING_AND_MD_FAIL if both padding and message digest check fail.
+ */
+static inline ds_signature_check_t ds_ll_check_signature(void)
+{
+    uint32_t result = REG_READ(DS_QUERY_CHECK_REG);
+    switch(result) {
+    case 0:
+        return DS_SIGNATURE_OK;
+    case 1:
+        return DS_SIGNATURE_MD_FAIL;
+    case 2:
+        return DS_SIGNATURE_PADDING_FAIL;
+    default:
+        return DS_SIGNATURE_PADDING_AND_MD_FAIL;
+    }
+}
+
+/**
+ * @brief Read the signature from the hardware.
+ *
+ * @param result The signature result.
+ * @param size Length of signature result in bytes. It is the RSA signature length in bytes.
+ */
+static inline void ds_ll_read_result(uint8_t *result, size_t size)
+{
+    memcpy(result, (uint8_t*) DS_Z_MEM, size);
+    asm volatile ("fence");
+}
+
+/**
+ * @brief Exit the signature operation.
+ *
+ * @note This does not deactivate the module. Corresponding clock/reset bits have to be triggered for deactivation.
+ */
+static inline void ds_ll_finish(void)
+{
+    REG_WRITE(DS_SET_FINISH_REG, 1);
+    ds_ll_wait_busy();
+}
+
+#ifdef __cplusplus
+}
+#endif

components/hal/esp32p4/include/hal/hmac_ll.h

@@ -0,0 +1,191 @@
+/*
+ * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+/*******************************************************************************
+ * NOTICE
+ * The hal is not public api, don't use it in application code.
+ * See readme.md in soc/include/hal/readme.md
+ ******************************************************************************/
+
+#pragma once
+
+#include <string.h>
+
+#include "soc/system_reg.h"
+#include "soc/hwcrypto_reg.h"
+#include "hal/hmac_hal.h"
+
+#define SHA256_BLOCK_SZ 64
+#define SHA256_DIGEST_SZ 32
+
+#define EFUSE_KEY_PURPOSE_HMAC_DOWN_JTAG 6
+#define EFUSE_KEY_PURPOSE_HMAC_DOWN_DIGITAL_SIGNATURE 7
+#define EFUSE_KEY_PURPOSE_HMAC_UP 8
+#define EFUSE_KEY_PURPOSE_HMAC_DOWN_ALL 5
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Makes the peripheral ready for use, after enabling it.
+ */
+static inline void hmac_ll_start(void)
+{
+    REG_WRITE(HMAC_SET_START_REG, 1);
+}
+
+/**
+ * @brief Determine where the HMAC output should go.
+ *
+ * The HMAC peripheral can be configured to deliver its output to the user directly, or to deliver
+ * the output directly to another peripheral instead, e.g. the Digital Signature peripheral.
+ */
+static inline void hmac_ll_config_output(hmac_hal_output_t config)
+{
+    switch(config) {
+    case HMAC_OUTPUT_USER:
+        REG_WRITE(HMAC_SET_PARA_PURPOSE_REG, EFUSE_KEY_PURPOSE_HMAC_UP);
+        break;
+    case HMAC_OUTPUT_DS:
+        REG_WRITE(HMAC_SET_PARA_PURPOSE_REG, EFUSE_KEY_PURPOSE_HMAC_DOWN_DIGITAL_SIGNATURE);
+        break;
+    case HMAC_OUTPUT_JTAG_ENABLE:
+        REG_WRITE(HMAC_SET_PARA_PURPOSE_REG, EFUSE_KEY_PURPOSE_HMAC_DOWN_JTAG);
+        break;
+    case HMAC_OUTPUT_ALL:
+        REG_WRITE(HMAC_SET_PARA_PURPOSE_REG, EFUSE_KEY_PURPOSE_HMAC_DOWN_ALL);
+        break;
+    default:
+        ; // do nothing, error will be indicated by hmac_hal_config_error()
+    }
+}
+
+/**
+ * @brief Selects which hardware key should be used.
+ */
+static inline void hmac_ll_config_hw_key_id(uint32_t key_id)
+{
+    REG_WRITE(HMAC_SET_PARA_KEY_REG, key_id);
+}
+
+/**
+ * @brief Apply and check configuration.
+ *
+ * Afterwards, the configuration can be checked for errors with hmac_hal_config_error().
+ */
+static inline void hmac_ll_config_finish(void)
+{
+    REG_WRITE(HMAC_SET_PARA_FINISH_REG, 1);
+}
+
+/**
+ *
+ * @brief Query HMAC error state after configuration actions.
+ *
+ * @return
+ *  - 1 or greater on error
+ *  - 0 on success
+ */
+static inline uint32_t hmac_ll_config_error(void)
+{
+    return REG_READ(HMAC_QUERY_ERROR_REG);
+}
+
+/**
+ * Wait until the HAL is ready for the next interaction.
+ */
+static inline void hmac_ll_wait_idle(void)
+{
+    uint32_t query;
+    do {
+        query = REG_READ(HMAC_QUERY_BUSY_REG);
+    } while(query != 0);
+}
+
+/**
+ * @brief Write a message block of 512 bits to the HMAC peripheral.
+ */
+static inline void hmac_ll_write_block_512(const uint32_t *block)
+{
+    const size_t REG_WIDTH = sizeof(uint32_t);
+    for (size_t i = 0; i < SHA256_BLOCK_SZ / REG_WIDTH; i++) {
+        REG_WRITE(HMAC_WR_MESSAGE_MEM + (i * REG_WIDTH), block[i]);
+    }
+
+    REG_WRITE(HMAC_SET_MESSAGE_ONE_REG, 1);
+}
+
+/**
+ * @brief Read the 256 bit HMAC.
+ */
+static inline void hmac_ll_read_result_256(uint32_t *result)
+{
+    const size_t REG_WIDTH = sizeof(uint32_t);
+    for (size_t i = 0; i < SHA256_DIGEST_SZ / REG_WIDTH; i++) {
+        result[i] = REG_READ(HMAC_RD_RESULT_MEM + (i * REG_WIDTH));
+    }
+}
+
+/**
+ * @brief Clean the HMAC result provided to other hardware.
+ */
+static inline void hmac_ll_clean(void)
+{
+    REG_WRITE(HMAC_SET_INVALIDATE_DS_REG, 1);
+    REG_WRITE(HMAC_SET_INVALIDATE_JTAG_REG, 1);
+}
+
+/**
+ * @brief Signals that the following block will be the padded last block.
+ */
+static inline void hmac_ll_msg_padding(void)
+{
+    REG_WRITE(HMAC_SET_MESSAGE_PAD_REG, 1);
+}
+
+/**
+ * @brief Signals that all blocks have been written and a padding block will automatically be applied by hardware.
+ *
+ * Only applies if the message length is a multiple of 512 bits.
+ * See the chip TRM HMAC chapter for more details.
+ */
+static inline void hmac_ll_msg_end(void)
+{
+    REG_WRITE(HMAC_SET_MESSAGE_END_REG, 1);
+}
+
+/**
+ * @brief The message including padding fits into one block, so no further action needs to be taken.
+ *
+ * This is called after the one-block-message has been written.
+ */
+static inline void hmac_ll_msg_one_block(void)
+{
+    REG_WRITE(HMAC_ONE_BLOCK_REG, 1);
+}
+
+/**
+ * @brief Indicate that more blocks will be written after the last block.
+ */
+static inline void hmac_ll_msg_continue(void)
+{
+    REG_WRITE(HMAC_SET_MESSAGE_ING_REG, 1);
+}
+
+/**
+ * @brief Clear the HMAC result.
+ *
+ * Use this after reading the HMAC result or if aborting after any of the other steps above.
+ */
+static inline void hmac_ll_calc_finish(void)
+{
+    REG_WRITE(HMAC_SET_RESULT_FINISH_REG, 2);
+}
+
+#ifdef __cplusplus
+}
+#endif

components/hal/test_apps/crypto/README.md

@@ -62,12 +62,22 @@ espefuse.py -p $ESPPORT burn_key BLOCK_KEY4 main/hmac/hmac_key.bin HMAC_UP
 
 The tests needs some HMAC keys to be burned in the `BLOCK_KEY1`, `BLOCK_KEY2` and `BLOCK_KEY3` of the efuses. As this verification application is independent of the efuse component, the user needs to manually burn the keys and their key purposes using `espefuse.py`.
 
+If SOC_DS_SIGNATURE_MAX_BIT_LEN == 3072:
 ```bash
-espefuse.py -p $ESPPORT burn_key BLOCK_KEY1 main/ds/ds_key1.bin HMAC_DOWN_DIGITAL_SIGNATURE --do-not-confirm
+espefuse.py -p $ESPPORT burn_key BLOCK_KEY1 main/ds/keys/3072/ds_key1.bin HMAC_DOWN_DIGITAL_SIGNATURE
 
-espefuse.py -p $ESPPORT burn_key BLOCK_KEY2 main/ds/ds_key2.bin HMAC_DOWN_DIGITAL_SIGNATURE --do-not-confirm
+espefuse.py -p $ESPPORT burn_key BLOCK_KEY2 main/ds/keys/3072/ds_key2.bin HMAC_DOWN_DIGITAL_SIGNATURE
 
-espefuse.py -p $ESPPORT burn_key BLOCK_KEY3 main/ds/ds_key3.bin HMAC_DOWN_DIGITAL_SIGNATURE --do-not-confirm
+espefuse.py -p $ESPPORT burn_key BLOCK_KEY3 main/ds/keys/3072/ds_key3.bin HMAC_DOWN_DIGITAL_SIGNATURE
+```
+
+If SOC_DS_SIGNATURE_MAX_BIT_LEN == 4096:
+```bash
+espefuse.py -p $ESPPORT burn_key BLOCK_KEY1 main/ds/keys/4096/ds_key1.bin HMAC_DOWN_DIGITAL_SIGNATURE
+
+espefuse.py -p $ESPPORT burn_key BLOCK_KEY2 main/ds/keys/4096/ds_key2.bin HMAC_DOWN_DIGITAL_SIGNATURE
+
+espefuse.py -p $ESPPORT burn_key BLOCK_KEY3 main/ds/keys/4096/ds_key3.bin HMAC_DOWN_DIGITAL_SIGNATURE
 ```
 
 # Burning the ECDSA keys
@@ -75,9 +85,9 @@ espefuse.py -p $ESPPORT burn_key BLOCK_KEY3 main/ds/ds_key3.bin HMAC_DOWN_DIGITA
 The ECDSA tests need some ECDSA keys to be burned in the `BLOCK_KEY1` and `BLOCK_KEY2` of the efuses. As this verification application is independent of the efuse component, the user needs to manually burn the keys and their key purposes using `espefuse.py`.
 
 ```bash
-espefuse.py -p $ESPPORT burn_key BLOCK_KEY1 main/ecdsa/ecdsa192_priv_key.pem ECDSA_KEY --do-not-confirm
+espefuse.py -p $ESPPORT burn_key BLOCK_KEY1 main/ecdsa/ecdsa192_priv_key.pem ECDSA_KEY
 
-espefuse.py -p $ESPPORT burn_key BLOCK_KEY2 main/ecdsa/ecdsa256_priv_key.pem ECDSA_KEY --do-not-confirm
+espefuse.py -p $ESPPORT burn_key BLOCK_KEY2 main/ecdsa/ecdsa256_priv_key.pem ECDSA_KEY
 ```
 
 # Building

components/hal/test_apps/crypto/main/ds/keys/4096/ds_key1.bin

@@ -0,0 +1 @@
+<EFBFBD><19>Q<EFBFBD><51>?1<>C<EFBFBD><17>{⇅A<E28785>B`R؎E<D88E>|;<3B><><EFBFBD><EFBFBD>

components/hal/test_apps/crypto/main/ds/keys/4096/ds_key2.bin

@@ -0,0 +1 @@
+=q<><71><EFBFBD><15>0f<30><66>]<1E><><03>}H޼<><DEBC><EFBFBD>>ղ<>F<EFBFBD>

components/hal/test_apps/crypto/main/ds/test_ds.c

@@ -47,6 +47,11 @@ typedef enum {
 #include "esp32h2/rom/digital_signature.h"
 #include "esp32h2/rom/aes.h"
 #include "esp32h2/rom/sha.h"
+#elif CONFIG_IDF_TARGET_ESP32P4
+#include "esp32p4/rom/efuse.h"
+#include "esp32p4/rom/digital_signature.h"
+#include "esp32p4/rom/aes.h"
+#include "esp32p4/rom/sha.h"
 #endif
 
 #define ESP_ERR_HW_CRYPTO_DS_HMAC_FAIL           (0x1) /*!< HMAC peripheral problem */
@@ -467,7 +472,7 @@ TEST(ds, digital_signature_blocking_operation)
 
         ds_r = esp_ds_finish_sign(signature, &ds_data);
         TEST_ASSERT_EQUAL(ESP_OK, ds_r);
-#elif CONFIG_IDF_TARGET_ESP32C3
+#else
         esp_err_t ds_r = esp_ds_sign(test_messages[0],
                                      &ds_data,
                                      t->hmac_key_idx + 1,
@@ -498,14 +503,11 @@ TEST(ds, digital_signature_invalid_data)
 
         esp_err_t ds_r = esp_ds_start_sign(test_messages[0], &ds_data, t->hmac_key_idx + 1);
         TEST_ASSERT_EQUAL(ESP_OK, ds_r);
-        ds_r = esp_ds_finish_sign(signature, &ds_data);
-#if CONFIG_IDF_TARGET_ESP32S2 || CONFIG_IDF_TARGET_ESP32S3
-        TEST_ASSERT_EQUAL(ESP_ERR_HW_CRYPTO_DS_INVALID_DIGEST, ds_r);
-#elif CONFIG_IDF_TARGET_ESP32C3
-        TEST_ASSERT_EQUAL(ESP_ERR_HW_CRYPTO_DS_INVALID_DIGEST, ds_r);
-#endif
-        TEST_ASSERT_EQUAL_HEX8_ARRAY(zero, signature, DS_MAX_BITS / 8);
 
+        ds_r = esp_ds_finish_sign(signature, &ds_data);
+        TEST_ASSERT_EQUAL(ESP_ERR_HW_CRYPTO_DS_INVALID_DIGEST, ds_r);
+
+        TEST_ASSERT_EQUAL_HEX8_ARRAY(zero, signature, DS_MAX_BITS / 8);
         ds_data.iv[bit / 8] ^= 1 << (bit % 8);
     }
 
@@ -517,12 +519,10 @@ TEST(ds, digital_signature_invalid_data)
 
         esp_err_t ds_r = esp_ds_start_sign(test_messages[0], &ds_data, t->hmac_key_idx + 1);
         TEST_ASSERT_EQUAL(ESP_OK, ds_r);
+
         ds_r = esp_ds_finish_sign(signature, &ds_data);
-#if CONFIG_IDF_TARGET_ESP32S2 || CONFIG_IDF_TARGET_ESP32S3
         TEST_ASSERT_EQUAL(ESP_ERR_HW_CRYPTO_DS_INVALID_DIGEST, ds_r);
-#elif CONFIG_IDF_TARGET_ESP32C3
+
-        TEST_ASSERT_EQUAL(ESP_ERR_HW_CRYPTO_DS_INVALID_DIGEST, ds_r);
-#endif
         TEST_ASSERT_EQUAL_HEX8_ARRAY(zero, signature, DS_MAX_BITS / 8);
 
         ds_data.c[bit / 8] ^= 1 << (bit % 8);

components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c

@@ -18,6 +18,8 @@
 #include "esp32c6/rom/digital_signature.h"
 #elif CONFIG_IDF_TARGET_ESP32H2
 #include "esp32h2/rom/digital_signature.h"
+#elif CONFIG_IDF_TARGET_ESP32P4
+#include "esp32p4/rom/digital_signature.h"
 #else
 #error   "Selected target does not support esp_rsa_sign_alt (for DS)"
 #endif

components/soc/esp32p4/include/soc/Kconfig.soc_caps.in

@@ -67,6 +67,14 @@ config SOC_MPI_SUPPORTED
     bool
     default y
 
+config SOC_HMAC_SUPPORTED
+    bool
+    default y
+
+config SOC_DIG_SIGN_SUPPORTED
+    bool
+    default y
+
 config SOC_ECC_SUPPORTED
     bool
     default y
@@ -237,7 +245,7 @@ config SOC_CPU_IDRAM_SPLIT_USING_PMP
 
 config SOC_DS_SIGNATURE_MAX_BIT_LEN
     int
-    default 3072
+    default 4096
 
 config SOC_DS_KEY_PARAM_MD_IV_LENGTH
     int

components/soc/esp32p4/include/soc/soc_caps.h

@@ -58,8 +58,8 @@
 // #define SOC_AES_SUPPORTED               1  //TODO: IDF-6519
 #define SOC_MPI_SUPPORTED               1
 // #define SOC_SHA_SUPPORTED               1  //TODO: IDF-7541
-// #define SOC_HMAC_SUPPORTED              1  //TODO: IDF-7543
+#define SOC_HMAC_SUPPORTED              1
-// #define SOC_DIG_SIGN_SUPPORTED          1  //TODO: IDF-6518
+#define SOC_DIG_SIGN_SUPPORTED          1
 #define SOC_ECC_SUPPORTED               1
 #define SOC_ECC_EXTENDED_MODES_SUPPORTED   1
 #define SOC_FLASH_ENC_SUPPORTED         1
@@ -147,10 +147,9 @@
 #define SOC_CPU_HAS_PMA                 1
 #define SOC_CPU_IDRAM_SPLIT_USING_PMP   1
 
-// TODO: IDF-5360 (Copy from esp32c3, need check)
 /*-------------------------- DIGITAL SIGNATURE CAPS ----------------------------------------*/
 /** The maximum length of a Digital Signature in bits. */
-#define SOC_DS_SIGNATURE_MAX_BIT_LEN (3072)
+#define SOC_DS_SIGNATURE_MAX_BIT_LEN (4096)
 
 /** Initialization vector (IV) length for the RSA key parameter message digest (MD) in bytes. */
 #define SOC_DS_KEY_PARAM_MD_IV_LENGTH (16)

examples/security/nvs_encryption_hmac/README.md

@@ -1,5 +1,5 @@
-| Supported Targets | ESP32-C3 | ESP32-C6 | ESP32-H2 | ESP32-S2 | ESP32-S3 |
+| Supported Targets | ESP32-C3 | ESP32-C6 | ESP32-H2 | ESP32-P4 | ESP32-S2 | ESP32-S3 |
-| ----------------- | -------- | -------- | -------- | -------- | -------- |
+| ----------------- | -------- | -------- | -------- | -------- | -------- | -------- |
 
 # NVS Encryption with HMAC-based encryption key protection scheme