kopia lustrzana https://github.com/espressif/esp-idf
feat(ds): add Digital Signature peripheral support for esp32p4
rodzic
095c2a3324
commit
b8c208cdb3
|
@ -48,6 +48,9 @@
|
|||
#include "esp32h2/rom/digital_signature.h"
|
||||
#endif
|
||||
|
||||
#if CONFIG_IDF_TARGET_ESP32P4
|
||||
#include "esp32p4/rom/digital_signature.h"
|
||||
#endif
|
||||
|
||||
struct esp_ds_context {
|
||||
const ets_ds_data_t *data;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* SPDX-FileCopyrightText: 2020-2021 Espressif Systems (Shanghai) CO LTD
|
||||
* SPDX-FileCopyrightText: 2020-2023 Espressif Systems (Shanghai) CO LTD
|
||||
*
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*/
|
||||
|
@ -34,6 +34,11 @@
|
|||
#include "esp32h2/rom/digital_signature.h"
|
||||
#include "esp32h2/rom/aes.h"
|
||||
#include "esp32h2/rom/sha.h"
|
||||
#elif CONFIG_IDF_TARGET_ESP32P4
|
||||
#include "esp32p4/rom/efuse.h"
|
||||
#include "esp32p4/rom/digital_signature.h"
|
||||
#include "esp32p4/rom/aes.h"
|
||||
#include "esp32p4/rom/sha.h"
|
||||
#endif
|
||||
|
||||
#include "esp_ds.h"
|
||||
|
@ -375,7 +380,7 @@ TEST_CASE("Digital Signature Blocking Operation (FPGA only)", "[hw_crypto] [ds]"
|
|||
|
||||
ds_r = esp_ds_finish_sign(signature, esp_ds_ctx);
|
||||
TEST_ASSERT_EQUAL(ESP_OK, ds_r);
|
||||
#elif CONFIG_IDF_TARGET_ESP32C3
|
||||
#else
|
||||
esp_err_t ds_r = esp_ds_sign(test_messages[0],
|
||||
&ds_data,
|
||||
t->hmac_key_idx + 1,
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#!/usr/bin/env python3
|
||||
# SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
|
||||
# SPDX-FileCopyrightText: 2021-2023 Espressif Systems (Shanghai) CO LTD
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
import argparse
|
||||
|
@ -16,12 +16,13 @@ from cryptography.hazmat.primitives.asymmetric.rsa import _modinv as modinv # t
|
|||
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
|
||||
from cryptography.utils import int_to_bytes
|
||||
|
||||
supported_targets = {'esp32s2', 'esp32c3', 'esp32s3', 'esp32c6', 'esp32h2'}
|
||||
supported_targets = {'esp32s2', 'esp32c3', 'esp32s3', 'esp32c6', 'esp32h2', 'esp32p4'}
|
||||
supported_key_size = {'esp32s2':[4096, 3072, 2048, 1024],
|
||||
'esp32c3':[3072, 2048, 1024],
|
||||
'esp32s3':[4096, 3072, 2048, 1024],
|
||||
'esp32c6':[3072, 2048, 1024],
|
||||
'esp32h2':[3072, 2048, 1024]}
|
||||
'esp32h2':[3072, 2048, 1024],
|
||||
'esp32p4':[4096, 3072, 2048, 1024]}
|
||||
|
||||
NUM_HMAC_KEYS = 3
|
||||
NUM_MESSAGES = 10
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* SPDX-FileCopyrightText: 2020-2021 Espressif Systems (Shanghai) CO LTD
|
||||
* SPDX-FileCopyrightText: 2020-2023 Espressif Systems (Shanghai) CO LTD
|
||||
*
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*/
|
||||
|
@ -34,6 +34,11 @@
|
|||
#include "esp32h2/rom/digital_signature.h"
|
||||
#include "esp32h2/rom/aes.h"
|
||||
#include "esp32h2/rom/sha.h"
|
||||
#elif CONFIG_IDF_TARGET_ESP32P4
|
||||
#include "esp32p4/rom/efuse.h"
|
||||
#include "esp32p4/rom/digital_signature.h"
|
||||
#include "esp32p4/rom/aes.h"
|
||||
#include "esp32p4/rom/sha.h"
|
||||
#endif
|
||||
|
||||
#include "esp_ds.h"
|
||||
|
@ -375,7 +380,7 @@ TEST_CASE("Digital Signature Blocking Operation (FPGA only)", "[hw_crypto] [ds]"
|
|||
|
||||
ds_r = esp_ds_finish_sign(signature, esp_ds_ctx);
|
||||
TEST_ASSERT_EQUAL(ESP_OK, ds_r);
|
||||
#elif CONFIG_IDF_TARGET_ESP32C3
|
||||
#else
|
||||
esp_err_t ds_r = esp_ds_sign(test_messages[0],
|
||||
&ds_data,
|
||||
t->hmac_key_idx + 1,
|
||||
|
|
|
@ -13,7 +13,7 @@ extern "C" {
|
|||
#include <stdint.h>
|
||||
#include <stdbool.h>
|
||||
|
||||
#define ETS_DS_MAX_BITS 3072
|
||||
#define ETS_DS_MAX_BITS 4096
|
||||
|
||||
#define ETS_DS_IV_LEN 16
|
||||
|
||||
|
|
|
@ -196,7 +196,12 @@ static inline uint32_t periph_ll_get_rst_en_mask(periph_module_t periph, bool en
|
|||
case PERIPH_SARADC_MODULE:
|
||||
return HP_SYS_CLKRST_REG_RST_EN_ADC;
|
||||
case PERIPH_AES_MODULE:
|
||||
return HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_AES;
|
||||
ret = HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_AES;
|
||||
if (enable == true) {
|
||||
// Clear reset on digital signature, otherwise AES unit is held in reset
|
||||
ret |= HP_SYS_CLKRST_REG_RST_EN_DS;
|
||||
}
|
||||
return ret;
|
||||
case PERIPH_DS_MODULE:
|
||||
return HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_DS;
|
||||
case PERIPH_ECC_MODULE:
|
||||
|
@ -204,13 +209,19 @@ static inline uint32_t periph_ll_get_rst_en_mask(periph_module_t periph, bool en
|
|||
case PERIPH_HMAC_MODULE:
|
||||
return HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_HMAC;
|
||||
case PERIPH_RSA_MODULE:
|
||||
return HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_RSA;
|
||||
ret = HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_RSA;
|
||||
if (enable == true) {
|
||||
// Clear reset on digital signature, otherwise RSA is held in reset
|
||||
ret |= HP_SYS_CLKRST_REG_RST_EN_DS;
|
||||
}
|
||||
return ret;
|
||||
case PERIPH_SEC_MODULE:
|
||||
return HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_SEC;
|
||||
case PERIPH_SHA_MODULE:
|
||||
ret = HP_SYS_CLKRST_REG_RST_EN_CRYPTO | HP_SYS_CLKRST_REG_RST_EN_SHA;
|
||||
if (enable == true) {
|
||||
ret |= HP_SYS_CLKRST_REG_RST_EN_HMAC;
|
||||
// Clear reset on digital signature, HMAC and ECDSA, otherwise SHA is held in reset
|
||||
ret |= (HP_SYS_CLKRST_REG_RST_EN_HMAC | HP_SYS_CLKRST_REG_RST_EN_DS | HP_SYS_CLKRST_REG_RST_EN_ECDSA);
|
||||
}
|
||||
return ret;
|
||||
case PERIPH_ECDSA_MODULE:
|
||||
|
|
|
@ -0,0 +1,169 @@
|
|||
/*
|
||||
* SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
|
||||
*
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*/
|
||||
|
||||
/*******************************************************************************
|
||||
* NOTICE
|
||||
* The hal is not public api, don't use it in application code.
|
||||
******************************************************************************/
|
||||
|
||||
#pragma once
|
||||
|
||||
#include <stdint.h>
|
||||
#include <stdbool.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "soc/hwcrypto_reg.h"
|
||||
#include "soc/soc_caps.h"
|
||||
#include "hal/ds_types.h"
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
static inline void ds_ll_start(void)
|
||||
{
|
||||
REG_WRITE(DS_SET_START_REG, 1);
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Wait until DS peripheral has finished any outstanding operation.
|
||||
*/
|
||||
static inline bool ds_ll_busy(void)
|
||||
{
|
||||
return (REG_READ(DS_QUERY_BUSY_REG) > 0) ? true : false;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Busy wait until the hardware is ready.
|
||||
*/
|
||||
static inline void ds_ll_wait_busy(void)
|
||||
{
|
||||
while (ds_ll_busy());
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief In case of a key error, check what caused it.
|
||||
*/
|
||||
static inline ds_key_check_t ds_ll_key_error_source(void)
|
||||
{
|
||||
uint32_t key_error = REG_READ(DS_QUERY_KEY_WRONG_REG);
|
||||
if (key_error == 0) {
|
||||
return DS_NO_KEY_INPUT;
|
||||
} else {
|
||||
return DS_OTHER_WRONG;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Write the initialization vector to the corresponding register field.
|
||||
*/
|
||||
static inline void ds_ll_configure_iv(const uint32_t *iv)
|
||||
{
|
||||
for (size_t i = 0; i < (SOC_DS_KEY_PARAM_MD_IV_LENGTH / sizeof(uint32_t)); i++) {
|
||||
REG_WRITE(DS_IV_MEM + (i * 4) , iv[i]);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Write the message which should be signed.
|
||||
*
|
||||
* @param msg Pointer to the message.
|
||||
* @param size Length of msg in bytes. It is the RSA signature length in bytes.
|
||||
*/
|
||||
static inline void ds_ll_write_message(const uint8_t *msg, size_t size)
|
||||
{
|
||||
memcpy((uint8_t*) DS_X_MEM, msg, size);
|
||||
asm volatile ("fence");
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Write the encrypted private key parameters.
|
||||
*/
|
||||
static inline void ds_ll_write_private_key_params(const uint8_t *encrypted_key_params)
|
||||
{
|
||||
/* Note: as the internal peripheral still has RSA 4096 structure,
|
||||
but C is encrypted based on the actual max RSA length (ETS_DS_MAX_BITS), need to fragment it
|
||||
when copying to hardware...
|
||||
|
||||
(note if ETS_DS_MAX_BITS == 4096, this should be the same as copying data->c to hardware in one fragment)
|
||||
*/
|
||||
typedef struct { uint32_t addr; size_t len; } frag_t;
|
||||
const frag_t frags[] = {
|
||||
{DS_Y_MEM, SOC_DS_SIGNATURE_MAX_BIT_LEN / 8},
|
||||
{DS_M_MEM, SOC_DS_SIGNATURE_MAX_BIT_LEN / 8},
|
||||
{DS_RB_MEM, SOC_DS_SIGNATURE_MAX_BIT_LEN / 8},
|
||||
{DS_BOX_MEM, DS_IV_MEM - DS_BOX_MEM},
|
||||
};
|
||||
const size_t NUM_FRAGS = sizeof(frags)/sizeof(frag_t);
|
||||
const uint8_t *from = encrypted_key_params;
|
||||
|
||||
for (int i = 0; i < NUM_FRAGS; i++) {
|
||||
memcpy((uint8_t *)frags[i].addr, from, frags[i].len);
|
||||
asm volatile ("fence");
|
||||
from += frags[i].len;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Begin signing procedure.
|
||||
*/
|
||||
static inline void ds_ll_start_sign(void)
|
||||
{
|
||||
REG_WRITE(DS_SET_CONTINUE_REG, 1);
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief check the calculated signature.
|
||||
*
|
||||
* @return
|
||||
* - DS_SIGNATURE_OK if no issue is detected with the signature.
|
||||
* - DS_SIGNATURE_PADDING_FAIL if the padding of the private key parameters is wrong.
|
||||
* - DS_SIGNATURE_MD_FAIL if the message digest check failed. This means that the message digest calculated using
|
||||
* the private key parameters fails, i.e., the integrity of the private key parameters is not protected.
|
||||
* - DS_SIGNATURE_PADDING_AND_MD_FAIL if both padding and message digest check fail.
|
||||
*/
|
||||
static inline ds_signature_check_t ds_ll_check_signature(void)
|
||||
{
|
||||
uint32_t result = REG_READ(DS_QUERY_CHECK_REG);
|
||||
switch(result) {
|
||||
case 0:
|
||||
return DS_SIGNATURE_OK;
|
||||
case 1:
|
||||
return DS_SIGNATURE_MD_FAIL;
|
||||
case 2:
|
||||
return DS_SIGNATURE_PADDING_FAIL;
|
||||
default:
|
||||
return DS_SIGNATURE_PADDING_AND_MD_FAIL;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Read the signature from the hardware.
|
||||
*
|
||||
* @param result The signature result.
|
||||
* @param size Length of signature result in bytes. It is the RSA signature length in bytes.
|
||||
*/
|
||||
static inline void ds_ll_read_result(uint8_t *result, size_t size)
|
||||
{
|
||||
memcpy(result, (uint8_t*) DS_Z_MEM, size);
|
||||
asm volatile ("fence");
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Exit the signature operation.
|
||||
*
|
||||
* @note This does not deactivate the module. Corresponding clock/reset bits have to be triggered for deactivation.
|
||||
*/
|
||||
static inline void ds_ll_finish(void)
|
||||
{
|
||||
REG_WRITE(DS_SET_FINISH_REG, 1);
|
||||
ds_ll_wait_busy();
|
||||
}
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
|
@ -18,6 +18,8 @@
|
|||
#include "esp32c6/rom/digital_signature.h"
|
||||
#elif CONFIG_IDF_TARGET_ESP32H2
|
||||
#include "esp32h2/rom/digital_signature.h"
|
||||
#elif CONFIG_IDF_TARGET_ESP32P4
|
||||
#include "esp32p4/rom/digital_signature.h"
|
||||
#else
|
||||
#error "Selected target does not support esp_rsa_sign_alt (for DS)"
|
||||
#endif
|
||||
|
|
|
@ -71,6 +71,10 @@ config SOC_HMAC_SUPPORTED
|
|||
bool
|
||||
default y
|
||||
|
||||
config SOC_DIG_SIGN_SUPPORTED
|
||||
bool
|
||||
default y
|
||||
|
||||
config SOC_ECC_SUPPORTED
|
||||
bool
|
||||
default y
|
||||
|
@ -237,7 +241,7 @@ config SOC_CPU_IDRAM_SPLIT_USING_PMP
|
|||
|
||||
config SOC_DS_SIGNATURE_MAX_BIT_LEN
|
||||
int
|
||||
default 3072
|
||||
default 4096
|
||||
|
||||
config SOC_DS_KEY_PARAM_MD_IV_LENGTH
|
||||
int
|
||||
|
|
|
@ -59,7 +59,7 @@
|
|||
#define SOC_MPI_SUPPORTED 1
|
||||
// #define SOC_SHA_SUPPORTED 1 //TODO: IDF-7541
|
||||
#define SOC_HMAC_SUPPORTED 1
|
||||
// #define SOC_DIG_SIGN_SUPPORTED 1 //TODO: IDF-6518
|
||||
#define SOC_DIG_SIGN_SUPPORTED 1
|
||||
#define SOC_ECC_SUPPORTED 1
|
||||
#define SOC_ECC_EXTENDED_MODES_SUPPORTED 1
|
||||
#define SOC_FLASH_ENC_SUPPORTED 1
|
||||
|
@ -146,10 +146,9 @@
|
|||
#define SOC_CPU_HAS_PMA 1
|
||||
#define SOC_CPU_IDRAM_SPLIT_USING_PMP 1
|
||||
|
||||
// TODO: IDF-5360 (Copy from esp32c3, need check)
|
||||
/*-------------------------- DIGITAL SIGNATURE CAPS ----------------------------------------*/
|
||||
/** The maximum length of a Digital Signature in bits. */
|
||||
#define SOC_DS_SIGNATURE_MAX_BIT_LEN (3072)
|
||||
#define SOC_DS_SIGNATURE_MAX_BIT_LEN (4096)
|
||||
|
||||
/** Initialization vector (IV) length for the RSA key parameter message digest (MD) in bytes. */
|
||||
#define SOC_DS_KEY_PARAM_MD_IV_LENGTH (16)
|
||||
|
|
Ładowanie…
Reference in New Issue