espressif/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2026-04-27 19:13:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(hal): Add countermeasure for ECDSA generate signature

Browse Source 
The ECDSA peripheral before ECO5 of esp32h2 does not perform the ECDSA
    sign operation in constant time. This allows an attacker to read the
    power signature of the ECDSA sign operation and then calculate the
    ECDSA key stored inside the eFuse. The commit adds a countermeasure
    for this attack. In this case the real ECDSA sign operation is
    masked under dummy ECDSA sign operations to hide its real power
    signature
This commit is contained in:
Aditya Patwardhan
2024-07-03 22:50:04 +08:00
committed by Mahavir Jain
parent 0690e53294
commit 11128b73f5
6 changed files with 152 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files
components/mbedtls/CMakeLists.txt
+5 -1
View File
@@ -358,7 +358,11 @@ function(mbedcrypto_optional_deps component_name)
endif()
endfunction()
# Link esp-cryptoauthlib to mbedcrypto
if(CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN_CONSTANT_TIME_CM)
mbedcrypto_optional_deps(esp_timer idf::esp_timer)
endif()
# Link esp-cryptoauthlib to mbedtls
if(CONFIG_ATCA_MBEDTLS_ECDSA)
mbedcrypto_optional_deps(espressif__esp-cryptoauthlib esp-cryptoauthlib)
endif()