diff --git a/components/esp_hw_support/port/esp32h2/Kconfig.hw_support b/components/esp_hw_support/port/esp32h2/Kconfig.hw_support index e12d9e2a63..422dd81e66 100644 --- a/components/esp_hw_support/port/esp32h2/Kconfig.hw_support +++ b/components/esp_hw_support/port/esp32h2/Kconfig.hw_support @@ -15,6 +15,8 @@ choice ESP32H2_REV_MIN bool "Rev v0.1 (ECO1)" config ESP32H2_REV_MIN_2 bool "Rev v0.2 (ECO2)" + config ESP32H2_REV_MIN_102 + bool "Rev v1.2 (ECO5)" endchoice config ESP32H2_REV_MIN_FULL @@ -22,6 +24,7 @@ config ESP32H2_REV_MIN_FULL default 0 if ESP32H2_REV_MIN_0 default 1 if ESP32H2_REV_MIN_1 default 2 if ESP32H2_REV_MIN_2 + default 102 if ESP32H2_REV_MIN_102 config ESP_REV_MIN_FULL int @@ -31,7 +34,7 @@ config ESP_REV_MIN_FULL # MAX Revision # - comment "Maximum Supported ESP32-H2 Revision (Rev v0.99)" + comment "Maximum Supported ESP32-H2 Revision (Rev v1.99)" # Maximum revision that IDF supports. # It can not be changed by user. # Only Espressif can change it when a new version will be supported in IDF. diff --git a/components/esp_security/Kconfig b/components/esp_security/Kconfig index bedc822779..1f1090c3bb 100644 --- a/components/esp_security/Kconfig +++ b/components/esp_security/Kconfig @@ -38,8 +38,9 @@ menu "ESP Security Specific" endmenu config ESP_CRYPTO_FORCE_ECC_CONSTANT_TIME_POINT_MUL - bool "Forcfully enable ECC constant time point multiplication operations" + bool "Forcefully enable ECC constant time point multiplication operations" depends on SOC_ECC_CONSTANT_TIME_POINT_MUL + depends on !(IDF_TARGET_ESP32H2 && ESP32H2_REV_MIN_FULL < 102) default N help If enabled, the app startup code will burn the ECC_FORCE_CONST_TIME efuse bit to force the diff --git a/components/esp_security/src/init.c b/components/esp_security/src/init.c index d12e1fe326..511b8fcbf8 100644 --- a/components/esp_security/src/init.c +++ b/components/esp_security/src/init.c @@ -40,7 +40,7 @@ ESP_SYSTEM_INIT_FN(esp_security_init, SECONDARY, BIT(0), 103) esp_crypto_dpa_protection_startup(); #endif -#ifdef CONFIG_ESP_CRYPTO_FORCE_ECC_CONSTANT_TIME_POINT_MUL +#if CONFIG_ESP_CRYPTO_FORCE_ECC_CONSTANT_TIME_POINT_MUL if (!esp_efuse_read_field_bit(ESP_EFUSE_ECC_FORCE_CONST_TIME)) { ESP_EARLY_LOGD(TAG, "Forcefully enabling ECC constant time operations"); esp_err_t err = esp_efuse_write_field_bit(ESP_EFUSE_ECC_FORCE_CONST_TIME); diff --git a/components/hal/Kconfig b/components/hal/Kconfig index 264fbb6a96..aac591bd36 100644 --- a/components/hal/Kconfig +++ b/components/hal/Kconfig @@ -105,8 +105,8 @@ menu "Hardware Abstraction Layer (HAL) and Low Level (LL)" config HAL_ECDSA_GEN_SIG_CM bool "Enable countermeasure for ECDSA signature generation" + depends on IDF_TARGET_ESP32H2 && ESP32H2_REV_MIN_FULL < 102 default n - # ToDo - IDF-11051 help Enable this option to apply the countermeasure for ECDSA signature operation This countermeasure masks the real ECDSA sign operation diff --git a/components/hal/ecc_hal.c b/components/hal/ecc_hal.c index 3de372cdf5..79c28ce501 100644 --- a/components/hal/ecc_hal.c +++ b/components/hal/ecc_hal.c @@ -178,9 +178,7 @@ int ecc_hal_read_mod_op_result(uint8_t *r, uint16_t len) #endif /* SOC_ECC_EXTENDED_MODES_SUPPORTED */ -#ifdef SOC_ECC_CONSTANT_TIME_POINT_MUL void ecc_hal_enable_constant_time_point_mul(bool enable) { ecc_ll_enable_constant_time_point_mul(enable); } -#endif /* SOC_ECC_CONSTANT_TIME_POINT_MUL */ diff --git a/components/hal/esp32c2/include/hal/ecc_ll.h b/components/hal/esp32c2/include/hal/ecc_ll.h index 58ddd82dd0..ca84307425 100644 --- a/components/hal/esp32c2/include/hal/ecc_ll.h +++ b/components/hal/esp32c2/include/hal/ecc_ll.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2020-2023 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2020-2024 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -171,6 +171,12 @@ static inline void ecc_ll_read_param(ecc_ll_param_t param, uint8_t *buf, uint16_ memcpy(buf, (void *)reg, len); } +static inline void ecc_ll_enable_constant_time_point_mul(bool enable) +{ + // Not supported for ESP32-C2 + (void) enable; //unused +} + #ifdef __cplusplus } #endif diff --git a/components/hal/esp32c6/include/hal/ecc_ll.h b/components/hal/esp32c6/include/hal/ecc_ll.h index cb8b4ca2cd..d144dbff29 100644 --- a/components/hal/esp32c6/include/hal/ecc_ll.h +++ b/components/hal/esp32c6/include/hal/ecc_ll.h @@ -173,6 +173,12 @@ static inline void ecc_ll_read_param(ecc_ll_param_t param, uint8_t *buf, uint16_ memcpy(buf, (void *)reg, len); } +static inline void ecc_ll_enable_constant_time_point_mul(bool enable) +{ + // Not supported for ESP32-C6 + (void) enable; //unused +} + #ifdef __cplusplus } #endif diff --git a/components/hal/esp32h2/include/hal/ecc_ll.h b/components/hal/esp32h2/include/hal/ecc_ll.h index 46667692a7..7b0b98985d 100644 --- a/components/hal/esp32h2/include/hal/ecc_ll.h +++ b/components/hal/esp32h2/include/hal/ecc_ll.h @@ -12,6 +12,8 @@ #include "soc/ecc_mult_reg.h" #include "soc/pcr_struct.h" #include "soc/pcr_reg.h" +#include "soc/chip_revision.h" +#include "hal/efuse_ll.h" #ifdef __cplusplus extern "C" { @@ -211,6 +213,18 @@ static inline ecc_mod_base_t ecc_ll_get_mod_base(void) return (ecc_mod_base_t)(REG_GET_FIELD(ECC_MULT_CONF_REG, ECC_MULT_MOD_BASE)); } +static inline void ecc_ll_enable_constant_time_point_mul(bool enable) +{ + // ECC constant time point multiplication is supported only on rev 1.2 and above + if ((efuse_ll_get_chip_wafer_version_major() >= 1) && (efuse_ll_get_chip_wafer_version_minor() >= 2)) { + if (enable) { + REG_SET_BIT(ECC_MULT_CONF_REG, ECC_MULT_SECURITY_MODE); + } else { + REG_CLR_BIT(ECC_MULT_CONF_REG, ECC_MULT_SECURITY_MODE); + } + } +} + static inline void ecc_ll_read_param(ecc_ll_param_t param, uint8_t *buf, uint16_t len) { uint32_t reg; diff --git a/components/hal/esp32p4/include/hal/ecc_ll.h b/components/hal/esp32p4/include/hal/ecc_ll.h index 880df25246..05a7ed8fcd 100644 --- a/components/hal/esp32p4/include/hal/ecc_ll.h +++ b/components/hal/esp32p4/include/hal/ecc_ll.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -240,6 +240,12 @@ static inline void ecc_ll_read_param(ecc_ll_param_t param, uint8_t *buf, uint16_ memcpy(buf, (void *)reg, len); } +static inline void ecc_ll_enable_constant_time_point_mul(bool enable) +{ + // Not supported for ESP32-P4 + (void) enable; //unused +} + #ifdef __cplusplus } #endif diff --git a/components/hal/include/hal/ecc_hal.h b/components/hal/include/hal/ecc_hal.h index 4d9916e251..8f8b047903 100644 --- a/components/hal/include/hal/ecc_hal.h +++ b/components/hal/include/hal/ecc_hal.h @@ -195,14 +195,12 @@ int ecc_hal_read_mod_op_result(uint8_t *r, uint16_t len); #endif /* SOC_ECC_EXTENDED_MODES_SUPPORTED */ -#ifdef SOC_ECC_CONSTANT_TIME_POINT_MUL /** * @brief Enable constant time multiplication operations * * @param true: enable; false: disable */ void ecc_hal_enable_constant_time_point_mul(bool enable); -#endif /* SOC_ECC_CONSTANT_TIME_POINT_MUL */ #ifdef __cplusplus } diff --git a/components/hal/test_apps/crypto/main/ecc/test_ecc.c b/components/hal/test_apps/crypto/main/ecc/test_ecc.c index 6869315c88..1edf1f3ac8 100644 --- a/components/hal/test_apps/crypto/main/ecc/test_ecc.c +++ b/components/hal/test_apps/crypto/main/ecc/test_ecc.c @@ -87,9 +87,7 @@ static void ecc_point_mul(const uint8_t *k_le, const uint8_t *x_le, const uint8_ } else { ecc_hal_set_mode(ECC_MODE_POINT_MUL); } -#ifdef SOC_ECC_CONSTANT_TIME_POINT_MUL ecc_hal_enable_constant_time_point_mul(true); -#endif /* SOC_ECC_CONSTANT_TIME_POINT_MUL */ ecc_hal_start_calc(); while (!ecc_hal_is_calc_finished()) { @@ -161,7 +159,7 @@ TEST(ecc, ecc_point_multiplication_on_SECP192R1_and_SECP256R1) test_ecc_point_mul_inner(false); } -#if SOC_ECC_CONSTANT_TIME_POINT_MUL +#if SOC_ECC_CONSTANT_TIME_POINT_MUL || (CONFIG_IDF_TARGET_ESP32H2 && CONFIG_ESP32H2_REV_MIN_FULL >= 102) #define CONST_TIME_DEVIATION_PERCENT 0.002 @@ -561,7 +559,7 @@ TEST_GROUP_RUNNER(ecc) { #if SOC_ECC_SUPPORT_POINT_MULT RUN_TEST_CASE(ecc, ecc_point_multiplication_on_SECP192R1_and_SECP256R1); -#if SOC_ECC_CONSTANT_TIME_POINT_MUL +#if SOC_ECC_CONSTANT_TIME_POINT_MUL || (CONFIG_IDF_TARGET_ESP32H2 && CONFIG_ESP32H2_REV_MIN_FULL >= 102) RUN_TEST_CASE(ecc, ecc_point_multiplication_const_time_check_on_SECP192R1_and_SECP256R1); #endif #endif diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig index 77775423b4..718092b358 100644 --- a/components/mbedtls/Kconfig +++ b/components/mbedtls/Kconfig @@ -586,11 +586,10 @@ menu "mbedTLS" menu "Enable Software Countermeasure for ECDSA signing using on-chip ECDSA peripheral" depends on MBEDTLS_HARDWARE_ECDSA_SIGN - depends on IDF_TARGET_ESP32H2 + depends on IDF_TARGET_ESP32H2 && ESP32H2_REV_MIN_FULL < 102 config MBEDTLS_HARDWARE_ECDSA_SIGN_MASKING_CM bool "Mask original ECDSA sign operation under dummy sign operations" select HAL_ECDSA_GEN_SIG_CM - # ToDo: IDF-11051 default y help The ECDSA peripheral before ECO5 does not offer constant time ECDSA sign operation. diff --git a/components/mbedtls/port/ecc/esp_ecc.c b/components/mbedtls/port/ecc/esp_ecc.c index d6b0c6a632..436da6bb51 100644 --- a/components/mbedtls/port/ecc/esp_ecc.c +++ b/components/mbedtls/port/ecc/esp_ecc.c @@ -45,14 +45,13 @@ int esp_ecc_point_multiply(const ecc_point_t *point, const uint8_t *scalar, ecc_ ecc_hal_write_mul_param(scalar, point->x, point->y, len); ecc_hal_set_mode(work_mode); -#ifdef SOC_ECC_CONSTANT_TIME_POINT_MUL - /* Enable constant-time point multiplication operations for the ECC hardware accelerator - This protects the ECC multiplication operation from timing attacks. - This increases the time taken (by almost 50%) for some point multiplication - operations performed by the ECC hardware accelerator. - */ + /* + * Enable constant-time point multiplication operations for the ECC hardware accelerator, + * if supported for the given target. This protects the ECC multiplication operation from + * timing attacks. This increases the time taken (by almost 50%) for some point + * multiplication operations performed by the ECC hardware accelerator. + */ ecc_hal_enable_constant_time_point_mul(true); -#endif /* SOC_ECC_CONSTANT_TIME_POINT_MUL */ ecc_hal_start_calc(); memset(result, 0, sizeof(ecc_point_t)); diff --git a/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in b/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in index 20d2940fe0..3d3693cad9 100644 --- a/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in @@ -1291,6 +1291,10 @@ config SOC_CRYPTO_DPA_PROTECTION_SUPPORTED bool default y +config SOC_ECC_CONSTANT_TIME_POINT_MUL + bool + default y + config SOC_ECDSA_USES_MPI bool default y diff --git a/components/soc/esp32h2/include/soc/soc_caps.h b/components/soc/esp32h2/include/soc/soc_caps.h index d781180854..95c1e5130c 100644 --- a/components/soc/esp32h2/include/soc/soc_caps.h +++ b/components/soc/esp32h2/include/soc/soc_caps.h @@ -517,6 +517,9 @@ /*------------------------ Anti DPA (Security) CAPS --------------------------*/ #define SOC_CRYPTO_DPA_PROTECTION_SUPPORTED 1 +/*--------------------------- ECC CAPS ---------------------------------------*/ +#define SOC_ECC_CONSTANT_TIME_POINT_MUL 1 + /*------------------------- ECDSA CAPS -------------------------*/ #define SOC_ECDSA_USES_MPI (1)