Merge branch 'esp32p4/deterministic_ecdsa_support_v5.2' into 'release/v5.2'

Add operation successful check and reset dependent peripherals in ECDSA (v5.2)

See merge request espressif/esp-idf!30180

components/hal/ecdsa_hal.c

@@ -34,6 +34,11 @@ static void configure_ecdsa_periph(ecdsa_hal_config_t *conf)
     }
 }
 
+bool ecdsa_hal_get_operation_result(void)
+{
+    return ecdsa_ll_get_operation_result();
+}
+
 void ecdsa_hal_gen_signature(ecdsa_hal_config_t *conf, const uint8_t *hash,
                             uint8_t *r_out, uint8_t *s_out, uint16_t len)
 {
@@ -106,7 +111,7 @@ int ecdsa_hal_verify_signature(ecdsa_hal_config_t *conf, const uint8_t *hash, co
         ;
     }
 
-    int res = ecdsa_ll_get_verification_result();
+    bool res = ecdsa_hal_get_operation_result();
 
     return (res ? 0 : -1);
 }

components/hal/esp32h2/include/hal/ecdsa_ll.h

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -296,7 +296,7 @@ static inline bool ecdsa_ll_sha_is_busy(void)
 /**
  * @brief Write the ECDSA parameter
  *
- * @param param Parameter to be writen
+ * @param param Parameter to be written
  * @param buf   Buffer containing data
  * @param len   Length of buffer
  */
@@ -366,14 +366,12 @@ static inline void ecdsa_ll_read_param(ecdsa_ll_param_t param, uint8_t *buf, uin
 }
 
 /**
- * @brief Get result of ECDSA verification operation
+ * @brief Check if the ECDSA operation is successful
  *
- *        This is only valid for ECDSA verify mode
- *
- * @return - 1, if signature verification succeeds
+ * @return - 1, if ECDSA operation succeeds
  *         - 0, otherwise
  */
-static inline int ecdsa_ll_get_verification_result(void)
+static inline int ecdsa_ll_get_operation_result(void)
 {
     return REG_GET_BIT(ECDSA_RESULT_REG, ECDSA_OPERATION_RESULT);
 }

components/hal/esp32p4/include/hal/ecdsa_ll.h

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -375,14 +375,12 @@ static inline void ecdsa_ll_read_param(ecdsa_ll_param_t param, uint8_t *buf, uin
 }
 
 /**
- * @brief Get result of ECDSA verification operation
+ * @brief Check if the ECDSA operation is successful
  *
- *        This is only valid for ECDSA verify mode
- *
- * @return - 1, if signature verification succeeds
+ * @return - 1, if ECDSA operation succeeds
  *         - 0, otherwise
  */
-static inline int ecdsa_ll_get_verification_result(void)
+static inline int ecdsa_ll_get_operation_result(void)
 {
     return REG_GET_BIT(ECDSA_RESULT_REG, ECDSA_OPERATION_RESULT);
 }

components/hal/include/hal/ecdsa_hal.h

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -73,6 +73,14 @@ int ecdsa_hal_verify_signature(ecdsa_hal_config_t *conf, const uint8_t *hash, co
 void ecdsa_hal_export_pubkey(ecdsa_hal_config_t *conf, uint8_t *pub_x, uint8_t *pub_y, uint16_t len);
 #endif /* SOC_ECDSA_SUPPORT_EXPORT_PUBKEY */
 
+/**
+ * @brief Check if the ECDSA operation is successful
+ *
+ * @return - true, if the ECDSA operation is successful
+ *         - false, if the ECDSA operation fails
+ */
+bool ecdsa_hal_get_operation_result(void);
+
 #ifdef __cplusplus
 }
 #endif

components/hal/test_apps/crypto/main/ecdsa/test_ecdsa.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: CC0-1.0
  */
@@ -14,6 +14,9 @@
 #include "hal/ecdsa_hal.h"
 #include "hal/ecdsa_ll.h"
 #include "hal/ecdsa_types.h"
+#include "hal/ecc_ll.h"
+#include "hal/mpi_ll.h"
+#include "soc/soc_caps.h"
 
 #include "memory_checks.h"
 #include "unity_fixture.h"
@@ -26,10 +29,32 @@ static void ecdsa_enable_and_reset(void)
         ecdsa_ll_enable_bus_clock(true);
         ecdsa_ll_reset_register();
     }
+
+    ECC_RCC_ATOMIC() {
+        ecc_ll_enable_bus_clock(true);
+        ecc_ll_reset_register();
+    }
+
+#ifdef SOC_ECDSA_USES_MPI
+    MPI_RCC_ATOMIC() {
+        mpi_ll_enable_bus_clock(true);
+        mpi_ll_reset_register();
+    }
+#endif
 }
 
 static void ecdsa_disable(void)
 {
+#ifdef SOC_ECDSA_USES_MPI
+    MPI_RCC_ATOMIC() {
+        mpi_ll_enable_bus_clock(false);
+    }
+#endif
+
+    ECC_RCC_ATOMIC() {
+        ecc_ll_enable_bus_clock(false);
+    }
+
     ECDSA_RCC_ATOMIC() {
         ecdsa_ll_enable_bus_clock(false);
     }
@@ -80,7 +105,7 @@ static void test_ecdsa_corrupt_data(bool is_p256, uint8_t* sha, uint8_t* r_le, u
         len = 24;
     }
 
-    // Randomly select a bit and corrupt its correpsonding value
+    // Randomly select a bit and corrupt its corresponding value
     uint16_t r_bit = esp_random() % len * 8;
 
     printf("Corrupting SHA bit %d...\n", r_bit);
@@ -141,9 +166,16 @@ static void test_ecdsa_sign(bool is_p256, uint8_t* sha, uint8_t* r_le, uint8_t*
 
     ecdsa_enable_and_reset();
 
+    bool process_again = false;
+
     do {
         ecdsa_hal_gen_signature(&conf, sha_le, r_le, s_le, len);
-    } while(!memcmp(r_le, zeroes, len) || !memcmp(s_le, zeroes, len));
+
+        process_again = !ecdsa_hal_get_operation_result()
+                        || !memcmp(r_le, zeroes, len)
+                        || !memcmp(s_le, zeroes, len);
+
+    } while(process_again);
 
     ecdsa_disable();
 }
@@ -162,6 +194,7 @@ static void test_ecdsa_export_pubkey(bool is_p256, bool use_km_key)
 {
     uint8_t pub_x[32] = {0};
     uint8_t pub_y[32] = {0};
+    uint8_t zeroes[32] = {0};
     uint16_t len;
 
     ecdsa_hal_config_t conf = {
@@ -184,7 +217,17 @@ static void test_ecdsa_export_pubkey(bool is_p256, bool use_km_key)
     }
 
     ecdsa_enable_and_reset();
-    ecdsa_hal_export_pubkey(&conf, pub_x, pub_y, len);
+
+    bool process_again = false;
+
+    do {
+        ecdsa_hal_export_pubkey(&conf, pub_x, pub_y, len);
+
+        process_again = !ecdsa_hal_get_operation_result()
+                        || !memcmp(pub_x, zeroes, len)
+                        || !memcmp(pub_y, zeroes, len);
+
+    } while (process_again);
 
     if (is_p256) {
         TEST_ASSERT_EQUAL_HEX8_ARRAY(ecdsa256_pub_x, pub_x, len);

components/mbedtls/port/ecdsa/ecdsa_alt.c

@@ -1,11 +1,13 @@
 /*
- * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
 #include <string.h>
 #include "hal/ecdsa_ll.h"
 #include "hal/ecdsa_hal.h"
+#include "hal/ecc_ll.h"
+#include "hal/mpi_ll.h"
 #include "esp_crypto_lock.h"
 #include "esp_efuse.h"
 #include "esp_private/esp_crypto_lock_internal.h"
@@ -14,6 +16,7 @@
 #include "mbedtls/asn1write.h"
 #include "mbedtls/platform_util.h"
 #include "ecdsa/ecdsa_alt.h"
+#include "soc/soc_caps.h"
 
 #define ECDSA_KEY_MAGIC             (short) 0xECD5A
 #define ECDSA_SHA_LEN               32
@@ -29,6 +32,21 @@ static void esp_ecdsa_acquire_hardware(void)
         ecdsa_ll_enable_bus_clock(true);
         ecdsa_ll_reset_register();
     }
+
+    ECC_RCC_ATOMIC() {
+        ecc_ll_enable_bus_clock(true);
+        ecc_ll_reset_register();
+    }
+
+#ifdef SOC_ECDSA_USES_MPI
+    /* We need to reset the MPI peripheral because ECDSA peripheral
+     * of some targets use the MPI peripheral as well.
+     */
+    MPI_RCC_ATOMIC() {
+        mpi_ll_enable_bus_clock(true);
+        mpi_ll_reset_register();
+    }
+#endif /* SOC_ECDSA_USES_MPI */
 }
 
 static void esp_ecdsa_release_hardware(void)
@@ -37,6 +55,16 @@ static void esp_ecdsa_release_hardware(void)
         ecdsa_ll_enable_bus_clock(false);
     }
 
+    ECC_RCC_ATOMIC() {
+        ecc_ll_enable_bus_clock(false);
+    }
+
+#ifdef SOC_ECDSA_USES_MPI
+    MPI_RCC_ATOMIC() {
+        mpi_ll_enable_bus_clock(false);
+    }
+#endif /* SOC_ECDSA_USES_MPI */
+
     esp_crypto_ecdsa_lock_release();
 }
 
@@ -91,9 +119,16 @@ int esp_ecdsa_load_pubkey(mbedtls_ecp_keypair *keypair, int efuse_blk)
 
     esp_ecdsa_acquire_hardware();
 
+    bool process_again = false;
+
     do {
         ecdsa_hal_export_pubkey(&conf, qx_le, qy_le, len);
-    } while (!memcmp(qx_le, zeroes, len) || !memcmp(qy_le, zeroes, len));
+
+        process_again = !ecdsa_hal_get_operation_result()
+                        || !memcmp(qx_le, zeroes, len)
+                        || !memcmp(qy_le, zeroes, len);
+
+    } while (process_again);
 
     esp_ecdsa_release_hardware();
 
@@ -240,6 +275,8 @@ static int esp_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi* r, mbedtls_mpi* s
 
     esp_ecdsa_acquire_hardware();
 
+    bool process_again = false;
+
     do {
         ecdsa_hal_config_t conf = {
             .mode = ECDSA_MODE_SIGN_GEN,
@@ -250,7 +287,12 @@ static int esp_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi* r, mbedtls_mpi* s
         };
 
         ecdsa_hal_gen_signature(&conf, sha_le, r_le, s_le, len);
-    } while (!memcmp(r_le, zeroes, len) || !memcmp(s_le, zeroes, len));
+
+        process_again = !ecdsa_hal_get_operation_result()
+                        || !memcmp(r_le, zeroes, len)
+                        || !memcmp(s_le, zeroes, len);
+
+    } while (process_again);
 
     esp_ecdsa_release_hardware();
 

components/soc/esp32h2/include/soc/Kconfig.soc_caps.in

@@ -1135,6 +1135,10 @@ config SOC_CRYPTO_DPA_PROTECTION_SUPPORTED
     bool
     default y
 
+config SOC_ECDSA_USES_MPI
+    bool
+    default y
+
 config SOC_UART_NUM
     int
     default 2

components/soc/esp32h2/include/soc/soc_caps.h

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2022-2024 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -215,7 +215,7 @@
 // Support to hold a single digital I/O when the digital domain is powered off
 #define SOC_GPIO_SUPPORT_HOLD_SINGLE_IO_IN_DSLP  (1)
 
-// The Clock Out singnal is route to the pin by GPIO matrix
+// The Clock Out signal is route to the pin by GPIO matrix
 #define SOC_GPIO_CLOCKOUT_BY_GPIO_MATRIX    (1)
 
 /*-------------------------- RTCIO CAPS --------------------------------------*/
@@ -460,6 +460,9 @@
 /*------------------------ Anti DPA (Security) CAPS --------------------------*/
 #define SOC_CRYPTO_DPA_PROTECTION_SUPPORTED     1
 
+/*------------------------- ECDSA CAPS -------------------------*/
+#define SOC_ECDSA_USES_MPI                  (1)
+
 /*-------------------------- UART CAPS ---------------------------------------*/
 // ESP32-H2 has 2 UARTs
 #define SOC_UART_NUM                (2)
@@ -489,7 +492,7 @@
 /*-------------------------- Power Management CAPS ----------------------------*/
 #define SOC_PM_SUPPORT_BT_WAKEUP        (1)
 #define SOC_PM_SUPPORT_EXT1_WAKEUP      (1)
-#define SOC_PM_SUPPORT_EXT1_WAKEUP_MODE_PER_PIN   (1) /*!<Supports one bit per pin to configue the EXT1 trigger level */
+#define SOC_PM_SUPPORT_EXT1_WAKEUP_MODE_PER_PIN   (1) /*!<Supports one bit per pin to configure the EXT1 trigger level */
 #define SOC_PM_SUPPORT_CPU_PD           (1)
 #define SOC_PM_SUPPORT_MODEM_PD         (1) /*!<modem includes BLE and 15.4 */
 #define SOC_PM_SUPPORT_XTAL32K_PD       (1)

components/soc/esp32p4/include/soc/Kconfig.soc_caps.in

@@ -859,6 +859,10 @@ config SOC_ECDSA_SUPPORT_EXPORT_PUBKEY
     bool
     default y
 
+config SOC_ECDSA_USES_MPI
+    bool
+    default y
+
 config SOC_SDM_GROUPS
     int
     default 1

components/soc/esp32p4/include/soc/soc_caps.h

@@ -391,6 +391,7 @@
 
 /*--------------------------- ECDSA CAPS ---------------------------------------*/
 #define SOC_ECDSA_SUPPORT_EXPORT_PUBKEY     (1)
+#define SOC_ECDSA_USES_MPI                  (1)
 
 /*-------------------------- Sigma Delta Modulator CAPS -----------------*/
 #define SOC_SDM_GROUPS               1U