Merge branch 'feature/esp32c6_enable_hmac_and_ds_support' into 'master'

Feature/esp32c6 enable hmac and ds support

Closes IDF-5355 and IDF-5360

See merge request espressif/esp-idf!21761

components/esp_hw_support/port/esp32c6/CMakeLists.txt

@@ -7,8 +7,6 @@ set(srcs "rtc_clk_init.c"
          "chip_info.c")
 
 if(NOT BOOTLOADER_BUILD)
-    # list(APPEND srcs "esp_hmac.c" // TODO: IDF-5355
-    #                  "esp_ds.c") // TODO: IDF-5360
     list(APPEND srcs "sar_periph_ctrl.c"
                      "esp_crypto_lock.c")
 

components/esp_hw_support/test_apps/esp_hw_support_unity_tests/main/test_ds.c

@@ -24,6 +24,11 @@
 #include "esp32s3/rom/digital_signature.h"
 #include "esp32s3/rom/aes.h"
 #include "esp32s3/rom/sha.h"
+#elif CONFIG_IDF_TARGET_ESP32C6
+#include "esp32c6/rom/efuse.h"
+#include "esp32c6/rom/digital_signature.h"
+#include "esp32c6/rom/aes.h"
+#include "esp32c6/rom/sha.h"
 #endif
 
 #include "esp_ds.h"
@@ -32,7 +37,7 @@
 
 #if CONFIG_IDF_TARGET_ESP32S2 || CONFIG_IDF_TARGET_ESP32S3
 #define DS_MAX_BITS (4096)
-#elif CONFIG_IDF_TARGET_ESP32C3
+#else
 #define DS_MAX_BITS (ETS_DS_MAX_BITS)
 #endif
 

components/esp_hw_support/test_apps/security_support/esp_hw_support_unity_tests/main/gen_digital_signature_tests.py

@@ -16,10 +16,11 @@ from cryptography.hazmat.primitives.asymmetric.rsa import _modinv as modinv  # t
 from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
 from cryptography.utils import int_to_bytes
 
-supported_targets = {'esp32s2', 'esp32c3', 'esp32s3'}
+supported_targets = {'esp32s2', 'esp32c3', 'esp32s3', 'esp32c6'}
 supported_key_size = {'esp32s2':[4096, 3072, 2048, 1024],
                       'esp32c3':[3072, 2048, 1024],
-                      'esp32s3':[4096, 3072, 2048, 1024]}
+                      'esp32s3':[4096, 3072, 2048, 1024],
+                      'esp32c6':[3072, 2048, 1024]}
 
 NUM_HMAC_KEYS = 3
 NUM_MESSAGES = 10

components/esp_hw_support/test_apps/security_support/esp_hw_support_unity_tests/main/test_ds.c

@@ -24,6 +24,11 @@
 #include "esp32s3/rom/digital_signature.h"
 #include "esp32s3/rom/aes.h"
 #include "esp32s3/rom/sha.h"
+#elif CONFIG_IDF_TARGET_ESP32C6
+#include "esp32c6/rom/efuse.h"
+#include "esp32c6/rom/digital_signature.h"
+#include "esp32c6/rom/aes.h"
+#include "esp32c6/rom/sha.h"
 #endif
 
 #include "esp_ds.h"
@@ -32,7 +37,7 @@
 
 #if CONFIG_IDF_TARGET_ESP32S2 || CONFIG_IDF_TARGET_ESP32S3
 #define DS_MAX_BITS (4096)
-#elif CONFIG_IDF_TARGET_ESP32C3
+#else
 #define DS_MAX_BITS (ETS_DS_MAX_BITS)
 #endif
 

components/hal/CMakeLists.txt

@@ -199,7 +199,8 @@ if(NOT BOOTLOADER_BUILD)
         list(APPEND srcs
               "spi_flash_hal_gpspi.c"
               "esp32c6/rtc_cntl_hal.c"
-              )
+              "hmac_hal.c"
+              "ds_hal.c")
 
     endif()
 

components/hal/esp32c6/include/hal/ds_ll.h

@@ -0,0 +1,167 @@
+/*
+ * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+/*******************************************************************************
+ * NOTICE
+ * The hal is not public api, don't use it in application code.
+ ******************************************************************************/
+
+#pragma once
+
+#include <stdint.h>
+#include <stdbool.h>
+#include <string.h>
+
+#include "soc/hwcrypto_reg.h"
+#include "soc/soc_caps.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+static inline void ds_ll_start(void)
+{
+    REG_WRITE(DS_SET_START_REG, 1);
+}
+
+/**
+ * @brief Wait until DS peripheral has finished any outstanding operation.
+ */
+static inline bool ds_ll_busy(void)
+{
+    return (REG_READ(DS_QUERY_BUSY_REG) > 0) ? true : false;
+}
+
+/**
+ * @brief Busy wait until the hardware is ready.
+ */
+static inline void ds_ll_wait_busy(void)
+{
+    while (ds_ll_busy());
+}
+
+/**
+ * @brief In case of a key error, check what caused it.
+ */
+static inline ds_key_check_t ds_ll_key_error_source(void)
+{
+    uint32_t key_error = REG_READ(DS_QUERY_KEY_WRONG_REG);
+    if (key_error == 0) {
+        return DS_NO_KEY_INPUT;
+    } else {
+        return DS_OTHER_WRONG;
+    }
+}
+
+/**
+ * @brief Write the initialization vector to the corresponding register field.
+ */
+static inline void ds_ll_configure_iv(const uint32_t *iv)
+{
+    for (size_t i = 0; i < (SOC_DS_KEY_PARAM_MD_IV_LENGTH / sizeof(uint32_t)); i++) {
+        REG_WRITE(DS_IV_MEM + (i * 4) , iv[i]);
+    }
+}
+
+/**
+ * @brief Write the message which should be signed.
+ *
+ * @param msg Pointer to the message.
+ * @param size Length of msg in bytes. It is the RSA signature length in bytes.
+ */
+static inline void ds_ll_write_message(const uint8_t *msg, size_t size)
+{
+    memcpy((uint8_t*) DS_X_MEM, msg, size);
+    asm volatile ("fence");
+}
+
+/**
+ * @brief Write the encrypted private key parameters.
+ */
+static inline void ds_ll_write_private_key_params(const uint8_t *encrypted_key_params)
+{
+    /* Note: as the internal peripheral still has RSA 4096 structure,
+       but C is encrypted based on the actual max RSA length (ETS_DS_MAX_BITS), need to fragment it
+       when copying to hardware...
+
+       (note if ETS_DS_MAX_BITS == 4096, this should be the same as copying data->c to hardware in one fragment)
+    */
+    typedef struct { uint32_t addr; size_t len; } frag_t;
+    const frag_t frags[] = {
+                            {DS_Y_MEM,  SOC_DS_SIGNATURE_MAX_BIT_LEN / 8},
+                            {DS_M_MEM,  SOC_DS_SIGNATURE_MAX_BIT_LEN / 8},
+                            {DS_RB_MEM, SOC_DS_SIGNATURE_MAX_BIT_LEN / 8},
+                            {DS_BOX_MEM, DS_IV_MEM - DS_BOX_MEM},
+    };
+    const size_t NUM_FRAGS = sizeof(frags)/sizeof(frag_t);
+    const uint8_t *from = encrypted_key_params;
+
+    for (int i = 0; i < NUM_FRAGS; i++) {
+        memcpy((uint8_t *)frags[i].addr, from, frags[i].len);
+        asm volatile ("fence");
+        from += frags[i].len;
+    }
+}
+
+/**
+ * @brief Begin signing procedure.
+ */
+static inline void ds_ll_start_sign(void)
+{
+    REG_WRITE(DS_SET_CONTINUE_REG, 1);
+}
+
+/**
+ * @brief check the calculated signature.
+ *
+ * @return
+ * - DS_SIGNATURE_OK if no issue is detected with the signature.
+ * - DS_SIGNATURE_PADDING_FAIL if the padding of the private key parameters is wrong.
+ * - DS_SIGNATURE_MD_FAIL if the message digest check failed. This means that the message digest calculated using
+ *      the private key parameters fails, i.e., the integrity of the private key parameters is not protected.
+ * - DS_SIGNATURE_PADDING_AND_MD_FAIL if both padding and message digest check fail.
+ */
+static inline ds_signature_check_t ds_ll_check_signature(void)
+{
+    uint32_t result = REG_READ(DS_QUERY_CHECK_REG);
+    switch(result) {
+    case 0:
+        return DS_SIGNATURE_OK;
+    case 1:
+        return DS_SIGNATURE_MD_FAIL;
+    case 2:
+        return DS_SIGNATURE_PADDING_FAIL;
+    default:
+        return DS_SIGNATURE_PADDING_AND_MD_FAIL;
+    }
+}
+
+/**
+ * @brief Read the signature from the hardware.
+ *
+ * @param result The signature result.
+ * @param size Length of signature result in bytes. It is the RSA signature length in bytes.
+ */
+static inline void ds_ll_read_result(uint8_t *result, size_t size)
+{
+    memcpy(result, (uint8_t*) DS_Z_MEM, size);
+    asm volatile ("fence");
+}
+
+/**
+ * @brief Exit the signature operation.
+ *
+ * @note This does not deactivate the module. Corresponding clock/reset bits have to be triggered for deactivation.
+ */
+static inline void ds_ll_finish(void)
+{
+    REG_WRITE(DS_SET_FINISH_REG, 1);
+    ds_ll_wait_busy();
+}
+
+#ifdef __cplusplus
+}
+#endif

components/hal/esp32c6/include/hal/hmac_ll.h

@@ -0,0 +1,191 @@
+/*
+ * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+/*******************************************************************************
+ * NOTICE
+ * The hal is not public api, don't use it in application code.
+ * See readme.md in soc/include/hal/readme.md
+ ******************************************************************************/
+
+#pragma once
+
+#include <string.h>
+
+#include "soc/system_reg.h"
+#include "soc/hwcrypto_reg.h"
+#include "hal/hmac_hal.h"
+
+#define SHA256_BLOCK_SZ 64
+#define SHA256_DIGEST_SZ 32
+
+#define EFUSE_KEY_PURPOSE_HMAC_DOWN_JTAG 6
+#define EFUSE_KEY_PURPOSE_HMAC_DOWN_DIGITAL_SIGNATURE 7
+#define EFUSE_KEY_PURPOSE_HMAC_UP 8
+#define EFUSE_KEY_PURPOSE_HMAC_DOWN_ALL 5
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Makes the peripheral ready for use, after enabling it.
+ */
+static inline void hmac_ll_start(void)
+{
+    REG_WRITE(HMAC_SET_START_REG, 1);
+}
+
+/**
+ * @brief Determine where the HMAC output should go.
+ *
+ * The HMAC peripheral can be configured to deliver its output to the user directly, or to deliver
+ * the output directly to another peripheral instead, e.g. the Digital Signature peripheral.
+ */
+static inline void hmac_ll_config_output(hmac_hal_output_t config)
+{
+    switch(config) {
+    case HMAC_OUTPUT_USER:
+        REG_WRITE(HMAC_SET_PARA_PURPOSE_REG, EFUSE_KEY_PURPOSE_HMAC_UP);
+        break;
+    case HMAC_OUTPUT_DS:
+        REG_WRITE(HMAC_SET_PARA_PURPOSE_REG, EFUSE_KEY_PURPOSE_HMAC_DOWN_DIGITAL_SIGNATURE);
+        break;
+    case HMAC_OUTPUT_JTAG_ENABLE:
+        REG_WRITE(HMAC_SET_PARA_PURPOSE_REG, EFUSE_KEY_PURPOSE_HMAC_DOWN_JTAG);
+        break;
+    case HMAC_OUTPUT_ALL:
+        REG_WRITE(HMAC_SET_PARA_PURPOSE_REG, EFUSE_KEY_PURPOSE_HMAC_DOWN_ALL);
+        break;
+    default:
+        ; // do nothing, error will be indicated by hmac_hal_config_error()
+    }
+}
+
+/**
+ * @brief Selects which hardware key should be used.
+ */
+static inline void hmac_ll_config_hw_key_id(uint32_t key_id)
+{
+    REG_WRITE(HMAC_SET_PARA_KEY_REG, key_id);
+}
+
+/**
+ * @brief Apply and check configuration.
+ *
+ * Afterwards, the configuration can be checked for errors with hmac_hal_config_error().
+ */
+static inline void hmac_ll_config_finish(void)
+{
+    REG_WRITE(HMAC_SET_PARA_FINISH_REG, 1);
+}
+
+/**
+ *
+ * @brief Query HMAC error state after configuration actions.
+ *
+ * @return
+ *  - 1 or greater on error
+ *  - 0 on success
+ */
+static inline uint32_t hmac_ll_config_error(void)
+{
+    return REG_READ(HMAC_QUERY_ERROR_REG);
+}
+
+/**
+ * Wait until the HAL is ready for the next interaction.
+ */
+static inline void hmac_ll_wait_idle(void)
+{
+    uint32_t query;
+    do {
+        query = REG_READ(HMAC_QUERY_BUSY_REG);
+    } while(query != 0);
+}
+
+/**
+ * @brief Write a message block of 512 bits to the HMAC peripheral.
+ */
+static inline void hmac_ll_write_block_512(const uint32_t *block)
+{
+    const size_t REG_WIDTH = sizeof(uint32_t);
+    for (size_t i = 0; i < SHA256_BLOCK_SZ / REG_WIDTH; i++) {
+        REG_WRITE(HMAC_WR_MESSAGE_MEM + (i * REG_WIDTH), block[i]);
+    }
+
+    REG_WRITE(HMAC_SET_MESSAGE_ONE_REG, 1);
+}
+
+/**
+ * @brief Read the 256 bit HMAC.
+ */
+static inline void hmac_ll_read_result_256(uint32_t *result)
+{
+    const size_t REG_WIDTH = sizeof(uint32_t);
+    for (size_t i = 0; i < SHA256_DIGEST_SZ / REG_WIDTH; i++) {
+        result[i] = REG_READ(HMAC_RD_RESULT_MEM + (i * REG_WIDTH));
+    }
+}
+
+/**
+ * @brief Clean the HMAC result provided to other hardware.
+ */
+static inline void hmac_ll_clean(void)
+{
+    REG_WRITE(HMAC_SET_INVALIDATE_DS_REG, 1);
+    REG_WRITE(HMAC_SET_INVALIDATE_JTAG_REG, 1);
+}
+
+/**
+ * @brief Signals that the following block will be the padded last block.
+ */
+static inline void hmac_ll_msg_padding(void)
+{
+    REG_WRITE(HMAC_SET_MESSAGE_PAD_REG, 1);
+}
+
+/**
+ * @brief Signals that all blocks have been written and a padding block will automatically be applied by hardware.
+ *
+ * Only applies if the message length is a multiple of 512 bits.
+ * See the chip TRM HMAC chapter for more details.
+ */
+static inline void hmac_ll_msg_end(void)
+{
+    REG_WRITE(HMAC_SET_MESSAGE_END_REG, 1);
+}
+
+/**
+ * @brief The message including padding fits into one block, so no further action needs to be taken.
+ *
+ * This is called after the one-block-message has been written.
+ */
+static inline void hmac_ll_msg_one_block(void)
+{
+    REG_WRITE(HMAC_ONE_BLOCK_REG, 1);
+}
+
+/**
+ * @brief Indicate that more blocks will be written after the last block.
+ */
+static inline void hmac_ll_msg_continue(void)
+{
+    REG_WRITE(HMAC_SET_MESSAGE_ING_REG, 1);
+}
+
+/**
+ * @brief Clear the HMAC result.
+ *
+ * Use this after reading the HMAC result or if aborting after any of the other steps above.
+ */
+static inline void hmac_ll_calc_finish(void)
+{
+    REG_WRITE(HMAC_SET_RESULT_FINISH_REG, 2);
+}
+
+#ifdef __cplusplus
+}
+#endif

components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c

@@ -16,6 +16,8 @@
 #include "esp32h4/rom/digital_signature.h"
 #elif CONFIG_IDF_TARGET_ESP32S3
 #include "esp32s3/rom/digital_signature.h"
+#elif CONFIG_IDF_TARGET_ESP32C6
+#include "esp32c6/rom/digital_signature.h"
 #else
 #error   "Selected target does not support esp_rsa_sign_alt (for DS)"
 #endif

components/soc/esp32c6/include/soc/Kconfig.soc_caps.in

@@ -115,6 +115,14 @@ config SOC_SHA_SUPPORTED
     bool
     default y
 
+config SOC_HMAC_SUPPORTED
+    bool
+    default y
+
+config SOC_DIG_SIGN_SUPPORTED
+    bool
+    default y
+
 config SOC_ECC_SUPPORTED
     bool
     default y

components/soc/esp32c6/include/soc/soc_caps.h

@@ -55,8 +55,8 @@
 #define SOC_AES_SUPPORTED               1
 // #define SOC_MPI_SUPPORTED               1
 #define SOC_SHA_SUPPORTED               1
-// #define SOC_HMAC_SUPPORTED              1 // TODO: IDF-5355
-// #define SOC_DIG_SIGN_SUPPORTED          1 // TODO: IDF-5360
+#define SOC_HMAC_SUPPORTED              1
+#define SOC_DIG_SIGN_SUPPORTED          1
 #define SOC_ECC_SUPPORTED               1
 #define SOC_FLASH_ENC_SUPPORTED         1
 #define SOC_SECURE_BOOT_SUPPORTED       1

docs/docs_not_updated/esp32c6.txt

@@ -76,7 +76,6 @@ api-reference/storage/mass_mfg
 api-reference/storage/index
 api-reference/peripherals
 api-reference/peripherals/usb_host
-api-reference/peripherals/hmac
 api-reference/peripherals/usb_device
 api-reference/peripherals/dac
 api-reference/peripherals/touch_element
@@ -84,7 +83,6 @@ api-reference/peripherals/secure_element
 api-reference/peripherals/sdio_slave
 api-reference/peripherals/touch_pad
 api-reference/peripherals/adc_calibration
-api-reference/peripherals/ds
 api-reference/peripherals/index
 api-reference/peripherals/sdmmc_host
 api-reference/kconfig

docs/en/api-reference/peripherals/hmac.rst

@@ -102,7 +102,7 @@ Setup
 
     .. note:: The API *esp_efuse_write_field_bit(ESP_EFUSE_SOFT_DIS_JTAG)* can be used to burn "soft JTAG disable" bit on {IDF_TARGET_NAME}.
 
-.. only:: esp32s3 or esp32c3 or esp32h4
+.. only:: not esp32s2
 
     .. note:: The API *esp_efuse_write_field_cnt(ESP_EFUSE_SOFT_DIS_JTAG, ESP_EFUSE_SOFT_DIS_JTAG[0]->bit_count)* can be used to burn "soft JTAG disable" bits on {IDF_TARGET_NAME}.
 

examples/protocols/mqtt/ssl_ds/README.md

@@ -1,10 +1,10 @@
-| Supported Targets | ESP32-C3 | ESP32-S2 | ESP32-S3 |
-| ----------------- | -------- | -------- | -------- |
+| Supported Targets | ESP32-C3 | ESP32-C6 | ESP32-S2 | ESP32-S3 |
+| ----------------- | -------- | -------- | -------- | -------- |
 
 # ESP-MQTT SSL Mutual Authentication with Digital Signature
 (See the README.md file in the upper level 'examples' directory for more information about examples.)
 
-Espressif's ESP32-S2, ESP32-S3 and ESP32-C3 MCU have a built-in Digital Signature (DS) Peripheral, which provides hardware acceleration for RSA signature. More details can be found at [Digital Signature with ESP-TLS](https://docs.espressif.com/projects/esp-idf/en/latest/esp32s2/api-reference/protocols/esp_tls.html#digital-signature-with-esp-tls).
+Espressif's ESP32-S2, ESP32-S3, ESP32-C3 and ESP32-C6 MCU have a built-in Digital Signature (DS) Peripheral, which provides hardware acceleration for RSA signature. More details can be found at [Digital Signature with ESP-TLS](https://docs.espressif.com/projects/esp-idf/en/latest/esp32s2/api-reference/protocols/esp_tls.html#digital-signature-with-esp-tls).
 
 This example connects to the broker test.mosquitto.org using ssl transport with client certificate(RSA) and as a demonstration subscribes/unsubscribes and sends a message on certain topic.The RSA signature operation required in the ssl connection is performed with help of the Digital Signature (DS) peripheral.
 (Please note that the public broker is maintained by the community so may not be always available, for details please visit http://test.mosquitto.org)
@@ -14,12 +14,12 @@ It uses ESP-MQTT library which implements mqtt client to connect to mqtt broker.
 
 ### Hardware Required
 
-This example can be executed on any ESP32-S2, ESP32-S3, ESP32-C3 board (which has a built-in DS peripheral), the only required interface is WiFi and connection to internet.
+This example can be executed on any ESP32-S2, ESP32-S3, ESP32-C3 or ESP32-C6 board (which has a built-in DS peripheral), the only required interface is WiFi and connection to internet.
 
 ### Configure the project
 
 #### 1) Selecting the target
-As the project is to be built for the target ESP32-S2, ESP32-S3, ESP32-C3 it should be selected with the following command
+As the project is to be built for the target ESP32-S2, ESP32-S3, ESP32-C3 or ESP32-C6 it should be selected with the following command
 ```
 idf.py set-target /* target */
 ```