From 361ab5d0c77b0407021e28ca2a9088924a67b8da Mon Sep 17 00:00:00 2001 From: "nilesh.kale" Date: Fri, 31 Oct 2025 14:19:22 +0530 Subject: [PATCH 1/3] fix(hal/test_apps): moved key manager tests under flash encryption check These two tests executed when FPGA setup is there and pass only when flash encryption is switched on. So, this tests been moved under FE check. --- .../crypto/main/key_manager/test_key_manager.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/components/hal/test_apps/crypto/main/key_manager/test_key_manager.c b/components/hal/test_apps/crypto/main/key_manager/test_key_manager.c index c063daad68..9d2f2ea085 100644 --- a/components/hal/test_apps/crypto/main/key_manager/test_key_manager.c +++ b/components/hal/test_apps/crypto/main/key_manager/test_key_manager.c @@ -536,7 +536,11 @@ TEST(key_manager, xts_key_128_ecdh0_deployment) #if CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS TEST(key_manager, xts_key_128_random_deployment) { - key_mgr_test_xts_aes_128_random_mode(); + if (efuse_hal_flash_encryption_enabled()) { + key_mgr_test_xts_aes_128_random_mode(); + } else { + ESP_LOGI("", "Flash encryption is not enabled, skipping test"); + } } #endif /* CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS */ #endif /* SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_128 */ @@ -555,7 +559,11 @@ TEST(key_manager, xts_key_256_ecdh0_deployment) #if CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS TEST(key_manager, xts_key_256_random_deployment) { - key_mgr_test_xts_aes_256_random_mode(); + if (efuse_hal_flash_encryption_enabled()) { + key_mgr_test_xts_aes_256_random_mode(); + } else { + ESP_LOGI("", "Flash encryption is not enabled, skipping test"); + } } #endif /* CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS */ #endif /* SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_256 */ From 2267558b154bd08d4cdfbd6cdc7e1557c9ea9391 Mon Sep 17 00:00:00 2001 From: "nilesh.kale" Date: Mon, 22 Sep 2025 16:43:16 +0530 Subject: [PATCH 2/3] feat: enabled ECDSA peripheral support for ESSP32-P4 --- .../bootloader_support/src/secure_boot.c | 3 + .../with_key_purposes/esp_efuse_api_key.c | 4 +- .../main/with_key_purposes/test_efuse_keys.c | 4 +- components/hal/ecdsa_hal.c | 7 +- components/hal/esp32c5/include/hal/ecdsa_ll.h | 10 + .../hal/esp32c61/include/hal/ecdsa_ll.h | 9 + components/hal/esp32h2/include/hal/ecdsa_ll.h | 9 + .../hal/esp32h21/include/hal/ecdsa_ll.h | 9 + components/hal/esp32h4/include/hal/ecdsa_ll.h | 8 + components/hal/esp32p4/include/hal/ecdsa_ll.h | 42 +- .../test_apps/crypto/main/ecdsa/test_ecdsa.c | 70 +++- components/mbedtls/port/ecdsa/ecdsa_alt.c | 33 +- .../test_apps/main/test_mbedtls_ecdsa.c | 64 ++++ .../esp32p4/include/soc/Kconfig.soc_caps.in | 24 +- components/soc/esp32p4/include/soc/soc_caps.h | 10 +- .../register/hw_ver3/soc/ecdsa_eco5_reg.h | 359 ------------------ .../esp32p4/register/hw_ver3/soc/ecdsa_reg.h | 197 ++++++---- 17 files changed, 389 insertions(+), 473 deletions(-) delete mode 100644 components/soc/esp32p4/register/hw_ver3/soc/ecdsa_eco5_reg.h diff --git a/components/bootloader_support/src/secure_boot.c b/components/bootloader_support/src/secure_boot.c index 05ab0694eb..b09c1309be 100644 --- a/components/bootloader_support/src/secure_boot.c +++ b/components/bootloader_support/src/secure_boot.c @@ -436,6 +436,8 @@ bool esp_secure_boot_cfg_verify_release_mode(void) ESP_LOGW(TAG, "Not enabled Secure Boot using SHA-384 mode (set SECURE_BOOT_SHA384_EN->1)"); } #else + // Note: Efuse bit ESP_EFUSE_WR_DIS_SECURE_BOOT_SHA384_EN is not present for ESP32P4 +#if !CONFIG_IDF_TARGET_ESP32P4 /* When using Secure Boot with SHA-384, the efuse bit representing Secure Boot with SHA-384 would already be programmed. * But in the case of the existing Secure Boot V2 schemes using SHA-256, the efuse bit representing * Secure Boot with SHA-384 needs to be write-protected, so that an attacker cannot perform a denial-of-service @@ -446,6 +448,7 @@ bool esp_secure_boot_cfg_verify_release_mode(void) if (!secure) { ESP_LOGW(TAG, "Not write-protected secure boot using SHA-384 mode (set WR_DIS_SECURE_BOOT_SHA384_EN->1)"); } +#endif /* !CONFIG_IDF_TARGET_ESP32P4 */ #endif #endif diff --git a/components/efuse/src/efuse_controller/keys/with_key_purposes/esp_efuse_api_key.c b/components/efuse/src/efuse_controller/keys/with_key_purposes/esp_efuse_api_key.c index 832f6dbc36..ccff466c59 100644 --- a/components/efuse/src/efuse_controller/keys/with_key_purposes/esp_efuse_api_key.c +++ b/components/efuse/src/efuse_controller/keys/with_key_purposes/esp_efuse_api_key.c @@ -312,10 +312,10 @@ esp_err_t esp_efuse_write_key(esp_efuse_block_t block, esp_efuse_purpose_t purpo #if SOC_EFUSE_ECDSA_KEY purpose == ESP_EFUSE_KEY_PURPOSE_ECDSA_KEY || #endif -#if SOC_EFUSE_ECDSA_KEY_P192 || EFUSE_LL_HAS_ECDSA_KEY_P192 +#if (!defined(CONFIG_IDF_TARGET_ESP32P4) && SOC_EFUSE_ECDSA_KEY_P192) || EFUSE_LL_HAS_ECDSA_KEY_P192 purpose == ESP_EFUSE_KEY_PURPOSE_ECDSA_KEY_P192 || #endif -#if SOC_EFUSE_ECDSA_KEY_P384 || EFUSE_LL_HAS_ECDSA_KEY_P384 +#if (!defined(CONFIG_IDF_TARGET_ESP32P4) && SOC_EFUSE_ECDSA_KEY_P384) || EFUSE_LL_HAS_ECDSA_KEY_P384 purpose == ESP_EFUSE_KEY_PURPOSE_ECDSA_KEY_P384_L || purpose == ESP_EFUSE_KEY_PURPOSE_ECDSA_KEY_P384_H || #endif diff --git a/components/efuse/test_apps/main/with_key_purposes/test_efuse_keys.c b/components/efuse/test_apps/main/with_key_purposes/test_efuse_keys.c index 1b8547adec..ae72d940b4 100644 --- a/components/efuse/test_apps/main/with_key_purposes/test_efuse_keys.c +++ b/components/efuse/test_apps/main/with_key_purposes/test_efuse_keys.c @@ -94,10 +94,10 @@ static esp_err_t s_check_key(esp_efuse_block_t num_key, void* wr_key) #if SOC_EFUSE_ECDSA_KEY purpose == ESP_EFUSE_KEY_PURPOSE_ECDSA_KEY || #endif -#if SOC_EFUSE_ECDSA_KEY_P192 || EFUSE_LL_HAS_ECDSA_KEY_P192 +#if (!defined(CONFIG_IDF_TARGET_ESP32P4) && SOC_EFUSE_ECDSA_KEY_P192) || EFUSE_LL_HAS_ECDSA_KEY_P192 purpose == ESP_EFUSE_KEY_PURPOSE_ECDSA_KEY_P192 || #endif -#if SOC_EFUSE_ECDSA_KEY_P384 || EFUSE_LL_HAS_ECDSA_KEY_P384 +#if (!defined(CONFIG_IDF_TARGET_ESP32P4) && SOC_EFUSE_ECDSA_KEY_P384) || EFUSE_LL_HAS_ECDSA_KEY_P384 purpose == ESP_EFUSE_KEY_PURPOSE_ECDSA_KEY_P384_L || purpose == ESP_EFUSE_KEY_PURPOSE_ECDSA_KEY_P384_H || #endif diff --git a/components/hal/ecdsa_hal.c b/components/hal/ecdsa_hal.c index 36480dfab2..5d7da7e663 100644 --- a/components/hal/ecdsa_hal.c +++ b/components/hal/ecdsa_hal.c @@ -45,9 +45,6 @@ static void configure_ecdsa_periph(ecdsa_hal_config_t *conf) ecdsa_hal_set_efuse_key(conf->curve, conf->efuse_key_blk); #if SOC_KEY_MANAGER_ECDSA_KEY_DEPLOY - if (!key_mgr_ll_is_supported()) { - HAL_ASSERT(false && "Key manager is not supported"); - } // Force Key Manager to use eFuse key for ECDSA operation key_mgr_hal_set_key_usage(ESP_KEY_MGR_ECDSA_KEY, ESP_KEY_MGR_USE_EFUSE_KEY); @@ -55,6 +52,10 @@ static void configure_ecdsa_periph(ecdsa_hal_config_t *conf) } #if SOC_KEY_MANAGER_SUPPORTED else { + if (!key_mgr_ll_is_supported()) { + HAL_ASSERT(false && "Key manager is not supported"); + } + key_mgr_hal_set_key_usage(ESP_KEY_MGR_ECDSA_KEY, ESP_KEY_MGR_USE_OWN_KEY); } #endif diff --git a/components/hal/esp32c5/include/hal/ecdsa_ll.h b/components/hal/esp32c5/include/hal/ecdsa_ll.h index 3959a3ad3c..1f2ce8189c 100644 --- a/components/hal/esp32c5/include/hal/ecdsa_ll.h +++ b/components/hal/esp32c5/include/hal/ecdsa_ll.h @@ -445,6 +445,16 @@ __attribute__((always_inline)) static inline void ecdsa_ll_set_ecdsa_key_blk(ecd } } +/** + * @brief Check if the ECDSA peripheral is supported on this chip revision + * For ESP32-C5, ECDSA is always supported + */ +static inline bool ecdsa_ll_is_supported(void) +{ + return true; +} + + #ifdef __cplusplus } #endif diff --git a/components/hal/esp32c61/include/hal/ecdsa_ll.h b/components/hal/esp32c61/include/hal/ecdsa_ll.h index ecba35f6ee..5754c81904 100644 --- a/components/hal/esp32c61/include/hal/ecdsa_ll.h +++ b/components/hal/esp32c61/include/hal/ecdsa_ll.h @@ -445,6 +445,15 @@ __attribute__((always_inline)) static inline void ecdsa_ll_set_ecdsa_key_blk(ecd EFUSE0.conf.cfg_ecdsa_blk = efuse_blk; } +/** + * @brief Check if the ECDSA peripheral is supported on this chip revision + * For ESP32-C61, ECDSA is always supported + */ +static inline bool ecdsa_ll_is_supported(void) +{ + return true; +} + #ifdef __cplusplus } #endif diff --git a/components/hal/esp32h2/include/hal/ecdsa_ll.h b/components/hal/esp32h2/include/hal/ecdsa_ll.h index 876485ce60..d8ed2f5a38 100644 --- a/components/hal/esp32h2/include/hal/ecdsa_ll.h +++ b/components/hal/esp32h2/include/hal/ecdsa_ll.h @@ -439,6 +439,15 @@ static inline bool ecdsa_ll_is_mpi_required(void) return !ESP_CHIP_REV_ABOVE(efuse_hal_chip_revision(), 102); } +/** + * @brief Check if the ECDSA peripheral is supported on this chip revision + * For ESP32-H2, ECDSA is always supported + */ +static inline bool ecdsa_ll_is_supported(void) +{ + return true; +} + #ifdef __cplusplus } #endif diff --git a/components/hal/esp32h21/include/hal/ecdsa_ll.h b/components/hal/esp32h21/include/hal/ecdsa_ll.h index c5523e6500..485f2e6e32 100644 --- a/components/hal/esp32h21/include/hal/ecdsa_ll.h +++ b/components/hal/esp32h21/include/hal/ecdsa_ll.h @@ -428,6 +428,15 @@ __attribute__((always_inline)) static inline void ecdsa_ll_set_ecdsa_key_blk(ecd (void) efuse_blk; } +/** + * @brief Check if the ECDSA peripheral is supported on this chip revision + * For ESP32-H21, ECDSA is always supported + */ +static inline bool ecdsa_ll_is_supported(void) +{ + return true; +} + #ifdef __cplusplus } #endif diff --git a/components/hal/esp32h4/include/hal/ecdsa_ll.h b/components/hal/esp32h4/include/hal/ecdsa_ll.h index cfd65a44d6..f49c2fd330 100644 --- a/components/hal/esp32h4/include/hal/ecdsa_ll.h +++ b/components/hal/esp32h4/include/hal/ecdsa_ll.h @@ -30,6 +30,14 @@ __attribute__((always_inline)) static inline void ecdsa_ll_set_ecdsa_key_blk(ecd (void)efuse_blk; } +/** + * @brief Check if the ECDSA peripheral is supported on this chip revision + * For ESP32-H4, ECDSA is always supported + */ +static inline bool ecdsa_ll_is_supported(void) +{ + return true; +} #ifdef __cplusplus } diff --git a/components/hal/esp32p4/include/hal/ecdsa_ll.h b/components/hal/esp32p4/include/hal/ecdsa_ll.h index 5e845c4850..b024e350d6 100644 --- a/components/hal/esp32p4/include/hal/ecdsa_ll.h +++ b/components/hal/esp32p4/include/hal/ecdsa_ll.h @@ -13,7 +13,10 @@ #include "soc/soc_caps.h" #include "soc/efuse_periph.h" #include "hal/ecdsa_types.h" - +#include "hal/efuse_hal.h" +#include "hal/config.h" +#include "soc/chip_revision.h" +#include "soc/soc.h" #ifdef __cplusplus extern "C" { #endif @@ -124,7 +127,11 @@ static inline void ecdsa_ll_enable_intr(ecdsa_ll_intr_type_t type) { switch (type) { case ECDSA_INT_CALC_DONE: +#if HAL_CONFIG(CHIP_SUPPORT_MIN_REV) >= 300 + REG_SET_FIELD(ECDSA_INT_ENA_REG, ECDSA_PREP_DONE_INT_ENA, 1); +#else REG_SET_FIELD(ECDSA_INT_ENA_REG, ECDSA_CALC_DONE_INT_ENA, 1); +#endif break; case ECDSA_INT_SHA_RELEASE: REG_SET_FIELD(ECDSA_INT_ENA_REG, ECDSA_SHA_RELEASE_INT_ENA, 1); @@ -144,7 +151,11 @@ static inline void ecdsa_ll_disable_intr(ecdsa_ll_intr_type_t type) { switch (type) { case ECDSA_INT_CALC_DONE: +#if HAL_CONFIG(CHIP_SUPPORT_MIN_REV) >= 300 + REG_SET_FIELD(ECDSA_INT_ENA_REG, ECDSA_PREP_DONE_INT_ENA, 0); +#else REG_SET_FIELD(ECDSA_INT_ENA_REG, ECDSA_CALC_DONE_INT_ENA, 0); +#endif break; case ECDSA_INT_SHA_RELEASE: REG_SET_FIELD(ECDSA_INT_ENA_REG, ECDSA_SHA_RELEASE_INT_ENA, 0); @@ -164,7 +175,11 @@ static inline void ecdsa_ll_clear_intr(ecdsa_ll_intr_type_t type) { switch (type) { case ECDSA_INT_CALC_DONE: +#if HAL_CONFIG(CHIP_SUPPORT_MIN_REV) >= 300 + REG_SET_FIELD(ECDSA_INT_ENA_REG, ECDSA_PREP_DONE_INT_CLR, 1); +#else REG_SET_FIELD(ECDSA_INT_CLR_REG, ECDSA_CALC_DONE_INT_CLR, 1); +#endif break; case ECDSA_INT_SHA_RELEASE: REG_SET_FIELD(ECDSA_INT_CLR_REG, ECDSA_SHA_RELEASE_INT_CLR, 1); @@ -206,11 +221,11 @@ static inline void ecdsa_ll_set_mode(ecdsa_mode_t mode) static inline void ecdsa_ll_set_curve(ecdsa_curve_t curve) { switch (curve) { - case ECDSA_CURVE_SECP256R1: - REG_SET_BIT(ECDSA_CONF_REG, ECDSA_ECC_CURVE); - break; case ECDSA_CURVE_SECP192R1: - REG_CLR_BIT(ECDSA_CONF_REG, ECDSA_ECC_CURVE); + case ECDSA_CURVE_SECP256R1: + case ECDSA_CURVE_SECP384R1: + case ECDSA_CURVE_SM2: + REG_SET_FIELD(ECDSA_CONF_REG, ECDSA_ECC_CURVE, curve); break; default: HAL_ASSERT(false && "Unsupported curve"); @@ -265,7 +280,9 @@ static inline void ecdsa_ll_set_k_type(ecdsa_sign_type_t type) */ static inline void ecdsa_ll_set_deterministic_loop(uint16_t loop_number) { +#if HAL_CONFIG(CHIP_SUPPORT_MIN_REV) < 300 REG_SET_FIELD(ECDSA_CONF_REG, ECDSA_DETERMINISTIC_LOOP, loop_number); +#endif } /** @@ -433,7 +450,11 @@ static inline int ecdsa_ll_get_operation_result(void) */ static inline int ecdsa_ll_check_k_value(void) { +#if HAL_CONFIG(CHIP_SUPPORT_MIN_REV) < 300 return REG_GET_BIT(ECDSA_RESULT_REG, ECDSA_K_VALUE_WARNING); +#else + return 0; +#endif } /** @@ -484,7 +505,16 @@ __attribute__((always_inline)) static inline void ecdsa_ll_set_ecdsa_key_blk(ecd */ static inline bool ecdsa_ll_is_mpi_required(void) { - return true; // TODO: IDF-13523 + return true; +} + +/** + * @brief Check if the ECDSA peripheral is supported on this chip revision + * For ESP32-P4, ECDSA is only supported on eco5+ (major 3, minor 0+) + */ +static inline bool ecdsa_ll_is_supported(void) +{ + return ESP_CHIP_REV_ABOVE(efuse_hal_chip_revision(), 300); } #ifdef __cplusplus diff --git a/components/hal/test_apps/crypto/main/ecdsa/test_ecdsa.c b/components/hal/test_apps/crypto/main/ecdsa/test_ecdsa.c index 5b91d3d4e9..1053fe354c 100644 --- a/components/hal/test_apps/crypto/main/ecdsa/test_ecdsa.c +++ b/components/hal/test_apps/crypto/main/ecdsa/test_ecdsa.c @@ -316,7 +316,9 @@ TEST(ecdsa, ecdsa_SECP192R1_signature_verification) TEST(ecdsa, ecdsa_SECP192R1_sign_and_verify) { - if (!esp_efuse_is_ecdsa_p192_curve_supported()) { + if (!ecdsa_ll_is_supported()) { + ESP_LOGI(TAG, "Skipping test because ECDSA is not supported."); + } else if (!esp_efuse_is_ecdsa_p192_curve_supported()) { ESP_LOGI(TAG, "Skipping test because ECDSA 192-curve operations are disabled."); } else { test_ecdsa_sign_and_verify(ECDSA_CURVE_SECP192R1, sha, ecdsa192_pub_x, ecdsa192_pub_y, false, ECDSA_K_TYPE_TRNG); @@ -325,7 +327,9 @@ TEST(ecdsa, ecdsa_SECP192R1_sign_and_verify) TEST(ecdsa, ecdsa_SECP192R1_corrupt_signature) { - if (!esp_efuse_is_ecdsa_p192_curve_supported()) { + if (!ecdsa_ll_is_supported()) { + ESP_LOGI(TAG, "Skipping test because ECDSA is not supported."); + } else if (!esp_efuse_is_ecdsa_p192_curve_supported()) { ESP_LOGI(TAG, "Skipping test because ECDSA 192-curve operations are disabled."); } else { test_ecdsa_corrupt_data(ECDSA_CURVE_SECP192R1, sha, ecdsa192_r, ecdsa192_s, ecdsa192_pub_x, ecdsa192_pub_y); @@ -339,18 +343,28 @@ TEST(ecdsa, ecdsa_SECP256R1_signature_verification) TEST(ecdsa, ecdsa_SECP256R1_sign_and_verify) { - test_ecdsa_sign_and_verify(ECDSA_CURVE_SECP256R1, sha, ecdsa256_pub_x, ecdsa256_pub_y, false, ECDSA_K_TYPE_TRNG); + if (!ecdsa_ll_is_supported()) { + ESP_LOGI(TAG, "Skipping test because ECDSA is not supported."); + } else { + test_ecdsa_sign_and_verify(ECDSA_CURVE_SECP256R1, sha, ecdsa256_pub_x, ecdsa256_pub_y, false, ECDSA_K_TYPE_TRNG); + } } TEST(ecdsa, ecdsa_SECP256R1_corrupt_signature) { - test_ecdsa_corrupt_data(ECDSA_CURVE_SECP256R1, sha, ecdsa256_r, ecdsa256_s, ecdsa256_pub_x, ecdsa256_pub_y); + if (!ecdsa_ll_is_supported()) { + ESP_LOGI(TAG, "Skipping test because ECDSA is not supported."); + } else { + test_ecdsa_corrupt_data(ECDSA_CURVE_SECP256R1, sha, ecdsa256_r, ecdsa256_s, ecdsa256_pub_x, ecdsa256_pub_y); + } } #ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE TEST(ecdsa, ecdsa_SECP192R1_det_sign_and_verify) { - if (!ecdsa_ll_is_deterministic_mode_supported()) { + if (!ecdsa_ll_is_supported()) { + ESP_LOGI(TAG, "Skipping test because ECDSA is not supported."); + } else if (!ecdsa_ll_is_deterministic_mode_supported()) { ESP_LOGI(TAG, "Skipping test because ECDSA deterministic mode is not supported."); } else if (!esp_efuse_is_ecdsa_p192_curve_supported()) { ESP_LOGI(TAG, "Skipping test because ECDSA 192-curve operations are disabled."); @@ -361,7 +375,9 @@ TEST(ecdsa, ecdsa_SECP192R1_det_sign_and_verify) TEST(ecdsa, ecdsa_SECP256R1_det_sign_and_verify) { - if (!ecdsa_ll_is_deterministic_mode_supported()) { + if (!ecdsa_ll_is_supported()) { + ESP_LOGI(TAG, "Skipping test because ECDSA is not supported."); + } else if (!ecdsa_ll_is_deterministic_mode_supported()) { ESP_LOGI(TAG, "Skipping test because ECDSA deterministic mode is not supported."); } else { test_ecdsa_sign_and_verify(ECDSA_CURVE_SECP256R1, sha, ecdsa256_pub_x, ecdsa256_pub_y, false, ECDSA_K_TYPE_DETERMINISITIC); @@ -372,7 +388,9 @@ TEST(ecdsa, ecdsa_SECP256R1_det_sign_and_verify) #ifdef SOC_ECDSA_SUPPORT_EXPORT_PUBKEY TEST(ecdsa, ecdsa_SECP192R1_export_pubkey) { - if (!esp_efuse_is_ecdsa_p192_curve_supported()) { + if (!ecdsa_ll_is_supported()) { + ESP_LOGI(TAG, "Skipping test because ECDSA is not supported."); + } else if (!esp_efuse_is_ecdsa_p192_curve_supported()) { ESP_LOGI(TAG, "Skipping test because ECDSA 192-curve operations are disabled."); } else { test_ecdsa_export_pubkey(ECDSA_CURVE_SECP192R1, ecdsa192_pub_x, ecdsa192_pub_y, 0); @@ -381,37 +399,63 @@ TEST(ecdsa, ecdsa_SECP192R1_export_pubkey) TEST(ecdsa, ecdsa_SECP256R1_export_pubkey) { - test_ecdsa_export_pubkey(ECDSA_CURVE_SECP256R1, ecdsa256_pub_x, ecdsa256_pub_y, 0); + if (!ecdsa_ll_is_supported()) { + ESP_LOGI(TAG, "Skipping test because ECDSA is not supported."); + } else { + test_ecdsa_export_pubkey(ECDSA_CURVE_SECP256R1, ecdsa256_pub_x, ecdsa256_pub_y, 0); + } } #endif /* SOC_ECDSA_SUPPORT_EXPORT_PUBKEY */ #ifdef SOC_ECDSA_SUPPORT_CURVE_P384 TEST(ecdsa, ecdsa_SECP384R1_signature_verification) { - TEST_ASSERT_EQUAL(0, test_ecdsa_verify(ECDSA_CURVE_SECP384R1, sha, ecdsa384_r, ecdsa384_s, ecdsa384_pub_x, ecdsa384_pub_y)); + if (!ecdsa_ll_is_supported()) { + ESP_LOGI(TAG, "Skipping test because ECDSA is not supported."); + } else { + TEST_ASSERT_EQUAL(0, test_ecdsa_verify(ECDSA_CURVE_SECP384R1, sha, ecdsa384_r, ecdsa384_s, ecdsa384_pub_x, ecdsa384_pub_y)); + } } TEST(ecdsa, ecdsa_SECP384R1_sign_and_verify) { - test_ecdsa_sign_and_verify(ECDSA_CURVE_SECP384R1, sha, ecdsa384_pub_x, ecdsa384_pub_y, false, ECDSA_K_TYPE_TRNG); + if (!ecdsa_ll_is_supported()) { + ESP_LOGI(TAG, "Skipping test because ECDSA is not supported."); + } else { + test_ecdsa_sign_and_verify(ECDSA_CURVE_SECP384R1, sha, ecdsa384_pub_x, ecdsa384_pub_y, false, ECDSA_K_TYPE_TRNG); + } } TEST(ecdsa, ecdsa_SECP384R1_corrupt_signature) { - test_ecdsa_corrupt_data(ECDSA_CURVE_SECP384R1, sha, ecdsa384_r, ecdsa384_s, ecdsa384_pub_x, ecdsa384_pub_y); + if (!ecdsa_ll_is_supported()) { + ESP_LOGI(TAG, "Skipping test because ECDSA is not supported."); + } else { + test_ecdsa_corrupt_data(ECDSA_CURVE_SECP384R1, sha, ecdsa384_r, ecdsa384_s, ecdsa384_pub_x, ecdsa384_pub_y); + } } #ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE TEST(ecdsa, ecdsa_SECP384R1_det_sign_and_verify) { - test_ecdsa_sign_and_verify(ECDSA_CURVE_SECP384R1, sha, ecdsa384_pub_x, ecdsa384_pub_y, false, ECDSA_K_TYPE_DETERMINISITIC); + if (!ecdsa_ll_is_supported()) { + ESP_LOGI(TAG, "Skipping test because ECDSA is not supported."); + } else if (!ecdsa_ll_is_deterministic_mode_supported()) { + ESP_LOGI(TAG, "Skipping test because ECDSA deterministic mode is not supported."); + } else { + test_ecdsa_sign_and_verify(ECDSA_CURVE_SECP384R1, sha, ecdsa384_pub_x, ecdsa384_pub_y, false, ECDSA_K_TYPE_DETERMINISITIC); + } } #endif /* SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE */ #ifdef SOC_ECDSA_SUPPORT_EXPORT_PUBKEY TEST(ecdsa, ecdsa_SECP384R1_export_pubkey) { - test_ecdsa_export_pubkey(ECDSA_CURVE_SECP384R1, ecdsa384_pub_x, ecdsa384_pub_y, 0); + if (!ecdsa_ll_is_supported()) { + ESP_LOGI(TAG, "Skipping test because ECDSA is not supported."); + } else { + test_ecdsa_export_pubkey(ECDSA_CURVE_SECP384R1, ecdsa384_pub_x, ecdsa384_pub_y, 0); + } } #endif /* SOC_ECDSA_SUPPORT_EXPORT_PUBKEY */ #endif /* SOC_ECDSA_SUPPORT_CURVE_P384 */ diff --git a/components/mbedtls/port/ecdsa/ecdsa_alt.c b/components/mbedtls/port/ecdsa/ecdsa_alt.c index c26da54995..3bf0740e41 100644 --- a/components/mbedtls/port/ecdsa/ecdsa_alt.c +++ b/components/mbedtls/port/ecdsa/ecdsa_alt.c @@ -154,7 +154,7 @@ static int esp_ecdsa_validate_efuse_block(mbedtls_ecp_group_id grp_id, int efuse { int low_blk = efuse_blk; esp_efuse_purpose_t expected_key_purpose_low; -#if SOC_ECDSA_SUPPORT_CURVE_SPECIFIC_KEY_PURPOSES +#if SOC_ECDSA_SUPPORT_CURVE_SPECIFIC_KEY_PURPOSES && ((!defined(CONFIG_IDF_TARGET_ESP32P4) && SOC_EFUSE_ECDSA_KEY_P192) || EFUSE_LL_HAS_ECDSA_KEY_P192) #if SOC_ECDSA_SUPPORT_CURVE_P384 int high_blk; HAL_ECDSA_EXTRACT_KEY_BLOCKS(efuse_blk, high_blk, low_blk); @@ -178,23 +178,25 @@ static int esp_ecdsa_validate_efuse_block(mbedtls_ecp_group_id grp_id, int efuse ESP_LOGE(TAG, "Unsupported ECDSA curve ID: %d", grp_id); return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } -#else /* SOC_ECDSA_SUPPORT_CURVE_SPECIFIC_KEY_PURPOSES */ +#else /* SOC_ECDSA_SUPPORT_CURVE_SPECIFIC_KEY_PURPOSES && ((!defined(CONFIG_IDF_TARGET_ESP32P4) && SOC_EFUSE_ECDSA_KEY_P192) || EFUSE_LL_HAS_ECDSA_KEY_P192) */ expected_key_purpose_low = ESP_EFUSE_KEY_PURPOSE_ECDSA_KEY; -#endif /* !SOC_ECDSA_SUPPORT_CURVE_SPECIFIC_KEY_PURPOSES */ +#endif /* !SOC_ECDSA_SUPPORT_CURVE_SPECIFIC_KEY_PURPOSES && ((!defined(CONFIG_IDF_TARGET_ESP32P4) && SOC_EFUSE_ECDSA_KEY_P192) || EFUSE_LL_HAS_ECDSA_KEY_P192) */ if (expected_key_purpose_low != esp_efuse_get_key_purpose((esp_efuse_block_t)low_blk)) { ESP_LOGE(TAG, "Key burned in efuse has incorrect purpose"); return MBEDTLS_ERR_ECP_INVALID_KEY; } -#if SOC_ECDSA_SUPPORT_CURVE_SPECIFIC_KEY_PURPOSES && SOC_ECDSA_SUPPORT_CURVE_P384 - // Only check high block purpose for P384 curves that actually use it +#if SOC_ECDSA_SUPPORT_CURVE_SPECIFIC_KEY_PURPOSES && ((!defined(CONFIG_IDF_TARGET_ESP32P4) && SOC_EFUSE_ECDSA_KEY_P192) || EFUSE_LL_HAS_ECDSA_KEY_P192) +#if SOC_ECDSA_SUPPORT_CURVE_P384 +// Only check high block purpose for P384 curves that actually use it if (grp_id == MBEDTLS_ECP_DP_SECP384R1 && expected_key_purpose_high != esp_efuse_get_key_purpose((esp_efuse_block_t)high_blk)) { ESP_LOGE(TAG, "Key burned in efuse has incorrect purpose for high block"); return MBEDTLS_ERR_ECP_INVALID_KEY; } -#endif +#endif // SOC_ECDSA_SUPPORT_CURVE_P384 +#endif // SOC_ECDSA_SUPPORT_CURVE_SPECIFIC_KEY_PURPOSES && ((!defined(CONFIG_IDF_TARGET_ESP32P4) && SOC_EFUSE_ECDSA_KEY_P192) || EFUSE_LL_HAS_ECDSA_KEY_P192) return 0; } @@ -215,6 +217,13 @@ int esp_ecdsa_load_pubkey(mbedtls_ecp_keypair *keypair, int efuse_blk) { int ret = -1; bool use_km_key = (efuse_blk == USE_ECDSA_KEY_FROM_KEY_MANAGER)? true: false; + + // Check if ECDSA peripheral is supported on this chip revision + if (!ecdsa_ll_is_supported()) { + ESP_LOGE(TAG, "ECDSA peripheral not supported on this chip revision"); + return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; + } + if (!use_km_key) { int high_blk, low_blk; HAL_ECDSA_EXTRACT_KEY_BLOCKS(efuse_blk, high_blk, low_blk); @@ -445,6 +454,12 @@ static int esp_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi* r, mbedtls_mpi* s return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } + // Check if ECDSA peripheral is supported on this chip revision + if (!ecdsa_ll_is_supported()) { + ESP_LOGE(TAG, "ECDSA peripheral not supported on this chip revision"); + return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; + } + if ((grp->id == MBEDTLS_ECP_DP_SECP192R1 && msg_len != ECDSA_SHA_LEN) || (grp->id == MBEDTLS_ECP_DP_SECP256R1 && msg_len != ECDSA_SHA_LEN) #if SOC_ECDSA_SUPPORT_CURVE_P384 @@ -1035,6 +1050,12 @@ static int esp_ecdsa_verify(mbedtls_ecp_group *grp, return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } + // Check if ECDSA peripheral is supported on this chip revision + if (!ecdsa_ll_is_supported()) { + ESP_LOGE(TAG, "ECDSA peripheral not supported on this chip revision"); + return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; + } + if ((grp->id == MBEDTLS_ECP_DP_SECP192R1 && blen != ECDSA_SHA_LEN) || (grp->id == MBEDTLS_ECP_DP_SECP256R1 && blen != ECDSA_SHA_LEN) #if SOC_ECDSA_SUPPORT_CURVE_P384 diff --git a/components/mbedtls/test_apps/main/test_mbedtls_ecdsa.c b/components/mbedtls/test_apps/main/test_mbedtls_ecdsa.c index 7007f3baad..f039220d21 100644 --- a/components/mbedtls/test_apps/main/test_mbedtls_ecdsa.c +++ b/components/mbedtls/test_apps/main/test_mbedtls_ecdsa.c @@ -225,12 +225,22 @@ void test_ecdsa_verify(mbedtls_ecp_group_id id, const uint8_t *hash, const uint8 TEST_CASE("mbedtls ECDSA signature verification performance on SECP192R1", "[mbedtls]") { +#if SOC_ECDSA_SUPPORTED + if (!ecdsa_ll_is_supported()) { + TEST_IGNORE_MESSAGE("ECDSA is not supported"); + } +#endif test_ecdsa_verify(MBEDTLS_ECP_DP_SECP192R1, sha, ecdsa192_r, ecdsa192_s, ecdsa192_pub_x, ecdsa192_pub_y); } TEST_CASE("mbedtls ECDSA signature verification performance on SECP256R1", "[mbedtls]") { +#if SOC_ECDSA_SUPPORTED + if (!ecdsa_ll_is_supported()) { + TEST_IGNORE_MESSAGE("ECDSA is not supported"); + } +#endif test_ecdsa_verify(MBEDTLS_ECP_DP_SECP256R1, sha, ecdsa256_r, ecdsa256_s, ecdsa256_pub_x, ecdsa256_pub_y); } @@ -238,6 +248,11 @@ TEST_CASE("mbedtls ECDSA signature verification performance on SECP256R1", "[mbe #ifdef SOC_ECDSA_SUPPORT_CURVE_P384 TEST_CASE("mbedtls ECDSA signature verification performance on SECP384R1", "[mbedtls]") { +#if SOC_ECDSA_SUPPORTED + if (!ecdsa_ll_is_supported()) { + TEST_IGNORE_MESSAGE("ECDSA is not supported"); + } +#endif test_ecdsa_verify(MBEDTLS_ECP_DP_SECP384R1, sha, ecdsa384_r, ecdsa384_s, ecdsa384_pub_x, ecdsa384_pub_y); } @@ -341,16 +356,25 @@ void test_ecdsa_sign(mbedtls_ecp_group_id id, const uint8_t *hash, const uint8_t TEST_CASE("mbedtls ECDSA signature generation on SECP192R1", "[mbedtls][efuse_key]") { + if (!ecdsa_ll_is_supported()) { + TEST_IGNORE_MESSAGE("ECDSA is not supported"); + } test_ecdsa_sign(MBEDTLS_ECP_DP_SECP192R1, sha, ecdsa192_pub_x, ecdsa192_pub_y, false, SECP192R1_EFUSE_BLOCK); } TEST_CASE("mbedtls ECDSA signature generation on SECP256R1", "[mbedtls][efuse_key]") { + if (!ecdsa_ll_is_supported()) { + TEST_IGNORE_MESSAGE("ECDSA is not supported"); + } test_ecdsa_sign(MBEDTLS_ECP_DP_SECP256R1, sha, ecdsa256_pub_x, ecdsa256_pub_y, false, SECP256R1_EFUSE_BLOCK); } #ifdef SOC_ECDSA_SUPPORT_CURVE_P384 TEST_CASE("mbedtls ECDSA signature generation on SECP384R1", "[mbedtls][efuse_key]") { + if (!ecdsa_ll_is_supported()) { + TEST_IGNORE_MESSAGE("ECDSA is not supported"); + } uint8_t efuse_key_block = HAL_ECDSA_COMBINE_KEY_BLOCKS(SECP384R1_EFUSE_BLOCK_HIGH, SECP384R1_EFUSE_BLOCK_LOW); test_ecdsa_sign(MBEDTLS_ECP_DP_SECP384R1, sha, ecdsa384_pub_x, ecdsa384_pub_y, false, efuse_key_block); } @@ -386,6 +410,9 @@ static void deploy_key_in_key_manager(const uint8_t *k1_encrypted, esp_key_mgr_k TEST_CASE("mbedtls ECDSA signature generation on SECP192R1", "[mbedtls][key_manager_key]") { + if (!ecdsa_ll_is_supported()) { + TEST_IGNORE_MESSAGE("ECDSA is not supported"); + } if (!key_mgr_ll_is_supported()) { TEST_IGNORE_MESSAGE("Key manager is not supported"); } @@ -397,6 +424,9 @@ TEST_CASE("mbedtls ECDSA signature generation on SECP192R1", "[mbedtls][key_mana TEST_CASE("mbedtls ECDSA signature generation on SECP256R1", "[mbedtls][key_manager_key]") { + if (!ecdsa_ll_is_supported()) { + TEST_IGNORE_MESSAGE("ECDSA is not supported"); + } if (!key_mgr_ll_is_supported()) { TEST_IGNORE_MESSAGE("Key manager is not supported"); } @@ -410,6 +440,9 @@ TEST_CASE("mbedtls ECDSA signature generation on SECP256R1", "[mbedtls][key_mana #ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE TEST_CASE("mbedtls ECDSA deterministic signature generation on SECP192R1", "[mbedtls][efuse_key]") { + if (!ecdsa_ll_is_supported()) { + TEST_IGNORE_MESSAGE("ECDSA is not supported"); + } if (!ecdsa_ll_is_deterministic_mode_supported()) { ESP_LOGI(TAG, "Skipping test because ECDSA deterministic mode is not supported."); } else { @@ -419,6 +452,9 @@ TEST_CASE("mbedtls ECDSA deterministic signature generation on SECP192R1", "[mbe TEST_CASE("mbedtls ECDSA deterministic signature generation on SECP256R1", "[mbedtls][efuse_key]") { + if (!ecdsa_ll_is_supported()) { + TEST_IGNORE_MESSAGE("ECDSA is not supported"); + } if (!ecdsa_ll_is_deterministic_mode_supported()) { ESP_LOGI(TAG, "Skipping test because ECDSA deterministic mode is not supported."); } else { @@ -429,6 +465,9 @@ TEST_CASE("mbedtls ECDSA deterministic signature generation on SECP256R1", "[mbe #ifdef SOC_ECDSA_SUPPORT_CURVE_P384 TEST_CASE("mbedtls ECDSA deterministic signature generation on SECP384R1", "[mbedtls][efuse_key]") { + if (!ecdsa_ll_is_supported()) { + TEST_IGNORE_MESSAGE("ECDSA is not supported"); + } uint8_t efuse_key_block = HAL_ECDSA_COMBINE_KEY_BLOCKS(SECP384R1_EFUSE_BLOCK_HIGH, SECP384R1_EFUSE_BLOCK_LOW); test_ecdsa_sign(MBEDTLS_ECP_DP_SECP384R1, sha, ecdsa384_pub_x, ecdsa384_pub_y, true, efuse_key_block); } @@ -437,6 +476,9 @@ TEST_CASE("mbedtls ECDSA deterministic signature generation on SECP384R1", "[mbe #if SOC_KEY_MANAGER_SUPPORTED TEST_CASE("mbedtls ECDSA deterministic signature generation on SECP192R1", "[mbedtls][key_manager_key]") { + if (!ecdsa_ll_is_supported()) { + TEST_IGNORE_MESSAGE("ECDSA is not supported"); + } if (!key_mgr_ll_is_supported()) { TEST_IGNORE_MESSAGE("Key manager is not supported"); } @@ -452,6 +494,13 @@ TEST_CASE("mbedtls ECDSA deterministic signature generation on SECP192R1", "[mbe TEST_CASE("mbedtls ECDSA deterministic signature generation on SECP256R1", "[mbedtls][key_manager_key]") { + if (!ecdsa_ll_is_supported()) { + TEST_IGNORE_MESSAGE("ECDSA is not supported"); + } + if (!key_mgr_ll_is_supported()) { + TEST_IGNORE_MESSAGE("Key manager is not supported"); + } + if (!ecdsa_ll_is_deterministic_mode_supported()) { ESP_LOGI(TAG, "Skipping test because ECDSA deterministic mode is not supported."); } else { @@ -510,17 +559,26 @@ void test_ecdsa_export_pubkey(mbedtls_ecp_group_id id, const uint8_t *pub_x, con TEST_CASE("mbedtls ECDSA export public key on SECP192R1", "[mbedtls][efuse_key]") { + if (!ecdsa_ll_is_supported()) { + TEST_IGNORE_MESSAGE("ECDSA is not supported"); + } test_ecdsa_export_pubkey(MBEDTLS_ECP_DP_SECP192R1, ecdsa192_pub_x, ecdsa192_pub_y, SECP192R1_EFUSE_BLOCK); } TEST_CASE("mbedtls ECDSA export public key on SECP256R1", "[mbedtls][efuse_key]") { + if (!ecdsa_ll_is_supported()) { + TEST_IGNORE_MESSAGE("ECDSA is not supported"); + } test_ecdsa_export_pubkey(MBEDTLS_ECP_DP_SECP256R1, ecdsa256_pub_x, ecdsa256_pub_y, SECP256R1_EFUSE_BLOCK); } #ifdef SOC_ECDSA_SUPPORT_CURVE_P384 TEST_CASE("mbedtls ECDSA export public key on SECP384R1", "[mbedtls][efuse_key]") { + if (!ecdsa_ll_is_supported()) { + TEST_IGNORE_MESSAGE("ECDSA is not supported"); + } uint8_t efuse_key_block = HAL_ECDSA_COMBINE_KEY_BLOCKS(SECP384R1_EFUSE_BLOCK_HIGH, SECP384R1_EFUSE_BLOCK_LOW); test_ecdsa_export_pubkey(MBEDTLS_ECP_DP_SECP384R1, ecdsa384_pub_x, ecdsa384_pub_y, efuse_key_block); } @@ -529,6 +587,9 @@ TEST_CASE("mbedtls ECDSA export public key on SECP384R1", "[mbedtls][efuse_key]" #if SOC_KEY_MANAGER_SUPPORTED TEST_CASE("mbedtls ECDSA export public key on SECP192R1", "[mbedtls][key_manager_key]") { + if (!ecdsa_ll_is_supported()) { + TEST_IGNORE_MESSAGE("ECDSA is not supported"); + } if (!key_mgr_ll_is_supported()) { TEST_IGNORE_MESSAGE("Key manager is not supported"); } @@ -540,6 +601,9 @@ TEST_CASE("mbedtls ECDSA export public key on SECP192R1", "[mbedtls][key_manager TEST_CASE("mbedtls ECDSA export public key on SECP256R1", "[mbedtls][key_manager_key]") { + if (!ecdsa_ll_is_supported()) { + TEST_IGNORE_MESSAGE("ECDSA is not supported"); + } if (!key_mgr_ll_is_supported()) { TEST_IGNORE_MESSAGE("Key manager is not supported"); } diff --git a/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in b/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in index f8a53d8d0a..5519f320ea 100644 --- a/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in @@ -213,7 +213,7 @@ config SOC_ECC_EXTENDED_MODES_SUPPORTED config SOC_ECDSA_SUPPORTED bool - default n + default y config SOC_KEY_MANAGER_SUPPORTED bool @@ -1331,10 +1331,22 @@ config SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE bool default y +config SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP + bool + default y + config SOC_ECDSA_USES_MPI bool default y +config SOC_ECDSA_SUPPORT_CURVE_P384 + bool + default y + +config SOC_ECDSA_SUPPORT_CURVE_SPECIFIC_KEY_PURPOSES + bool + default y + config SOC_SPI_PERIPH_NUM int default 3 @@ -1575,13 +1587,21 @@ config SOC_EFUSE_XTS_AES_KEY_256 bool default y +config SOC_EFUSE_ECDSA_KEY_P192 + bool + default y + +config SOC_EFUSE_ECDSA_KEY_P384 + bool + default y + config SOC_KEY_MANAGER_SUPPORT_KEY_DEPLOYMENT bool default y config SOC_KEY_MANAGER_ECDSA_KEY_DEPLOY bool - default n + default y config SOC_KEY_MANAGER_FE_KEY_DEPLOY bool diff --git a/components/soc/esp32p4/include/soc/soc_caps.h b/components/soc/esp32p4/include/soc/soc_caps.h index 8f59501a53..dee4c910bc 100644 --- a/components/soc/esp32p4/include/soc/soc_caps.h +++ b/components/soc/esp32p4/include/soc/soc_caps.h @@ -75,7 +75,7 @@ #define SOC_DIG_SIGN_SUPPORTED 1 #define SOC_ECC_SUPPORTED 1 #define SOC_ECC_EXTENDED_MODES_SUPPORTED 1 -#define SOC_ECDSA_SUPPORTED 0 // TODO: IDF-13523 +#define SOC_ECDSA_SUPPORTED 1 #define SOC_KEY_MANAGER_SUPPORTED 1 #define SOC_HUK_SUPPORTED 1 #define SOC_FLASH_ENC_SUPPORTED 1 @@ -512,7 +512,10 @@ /*--------------------------- ECDSA CAPS ---------------------------------------*/ #define SOC_ECDSA_SUPPORT_EXPORT_PUBKEY (1) #define SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE (1) +#define SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP (1) #define SOC_ECDSA_USES_MPI (1) +#define SOC_ECDSA_SUPPORT_CURVE_P384 (1) +#define SOC_ECDSA_SUPPORT_CURVE_SPECIFIC_KEY_PURPOSES (1) /*!< Support individual key purposes for different ECDSA curves (P192, P256, P384) */ /*-------------------------- SPI CAPS ----------------------------------------*/ #define SOC_SPI_PERIPH_NUM 3 @@ -600,13 +603,16 @@ #define SOC_EFUSE_SOFT_DIS_JTAG 1 /* Capability to disable the MSPI access in download mode */ #define SOC_EFUSE_DIS_DOWNLOAD_MSPI 1 +// ECDSA_P256_KEY #define SOC_EFUSE_ECDSA_KEY 1 #define SOC_EFUSE_XTS_AES_KEY_128 1 #define SOC_EFUSE_XTS_AES_KEY_256 1 +#define SOC_EFUSE_ECDSA_KEY_P192 1 +#define SOC_EFUSE_ECDSA_KEY_P384 1 /*-------------------------- Key Manager CAPS----------------------------*/ #define SOC_KEY_MANAGER_SUPPORT_KEY_DEPLOYMENT 1 /*!< Key manager supports key deployment */ -#define SOC_KEY_MANAGER_ECDSA_KEY_DEPLOY 0 /*!< Key manager responsible to deploy ECDSA key */ // TODO: IDF-13523 +#define SOC_KEY_MANAGER_ECDSA_KEY_DEPLOY 1 /*!< Key manager responsible to deploy ECDSA key */ #define SOC_KEY_MANAGER_FE_KEY_DEPLOY 1 /*!< Key manager responsible to deploy Flash Encryption key */ #define SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_128 1 /*!< Key manager responsible to deploy the XTS-AES-128 key */ #define SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_256 1 /*!< Key manager responsible to deploy the XTS-AES-256 key */ diff --git a/components/soc/esp32p4/register/hw_ver3/soc/ecdsa_eco5_reg.h b/components/soc/esp32p4/register/hw_ver3/soc/ecdsa_eco5_reg.h deleted file mode 100644 index 8407e4be62..0000000000 --- a/components/soc/esp32p4/register/hw_ver3/soc/ecdsa_eco5_reg.h +++ /dev/null @@ -1,359 +0,0 @@ -/** - * SPDX-FileCopyrightText: 2025 Espressif Systems (Shanghai) CO LTD - * - * SPDX-License-Identifier: Apache-2.0 OR MIT - */ -#pragma once - -#include -#include "soc/soc.h" -#ifdef __cplusplus -extern "C" { -#endif - -/** ECDSA_CONF_REG register - * ECDSA configure register - */ -#define ECDSA_CONF_REG (DR_REG_ECDSA_BASE + 0x4) -/** ECDSA_WORK_MODE : R/W; bitpos: [1:0]; default: 0; - * The work mode bits of ECDSA Accelerator. 0: Signature Verify Mode. 1: Signature - * Generate Mode. 2: Export Public Key Mode. 3: invalid. - */ -#define ECDSA_WORK_MODE 0x00000003U -#define ECDSA_WORK_MODE_M (ECDSA_WORK_MODE_V << ECDSA_WORK_MODE_S) -#define ECDSA_WORK_MODE_V 0x00000003U -#define ECDSA_WORK_MODE_S 0 -/** ECDSA_ECC_CURVE : R/W; bitpos: [3:2]; default: 0; - * The ecc curve select bit of ECDSA Accelerator. 0: P-192. 1: P-256. 2: P-384. - */ -#define ECDSA_ECC_CURVE 0x00000003U -#define ECDSA_ECC_CURVE_M (ECDSA_ECC_CURVE_V << ECDSA_ECC_CURVE_S) -#define ECDSA_ECC_CURVE_V 0x00000003U -#define ECDSA_ECC_CURVE_S 2 -/** ECDSA_SOFTWARE_SET_K : R/W; bitpos: [4]; default: 0; - * The source of k select bit. 0: k is automatically generated by hardware. 1: k is - * written by software. - */ -#define ECDSA_SOFTWARE_SET_K (BIT(4)) -#define ECDSA_SOFTWARE_SET_K_M (ECDSA_SOFTWARE_SET_K_V << ECDSA_SOFTWARE_SET_K_S) -#define ECDSA_SOFTWARE_SET_K_V 0x00000001U -#define ECDSA_SOFTWARE_SET_K_S 4 -/** ECDSA_SOFTWARE_SET_Z : R/W; bitpos: [5]; default: 0; - * The source of z select bit. 0: z is generated from SHA result. 1: z is written by - * software. - */ -#define ECDSA_SOFTWARE_SET_Z (BIT(5)) -#define ECDSA_SOFTWARE_SET_Z_M (ECDSA_SOFTWARE_SET_Z_V << ECDSA_SOFTWARE_SET_Z_S) -#define ECDSA_SOFTWARE_SET_Z_V 0x00000001U -#define ECDSA_SOFTWARE_SET_Z_S 5 -/** ECDSA_DETERMINISTIC_K : R/W; bitpos: [6]; default: 0; - * The source of hardware generated k. 0: k is generated by TRNG. 1: k is generated by - * deterministic derivation algorithm. - */ -#define ECDSA_DETERMINISTIC_K (BIT(6)) -#define ECDSA_DETERMINISTIC_K_M (ECDSA_DETERMINISTIC_K_V << ECDSA_DETERMINISTIC_K_S) -#define ECDSA_DETERMINISTIC_K_V 0x00000001U -#define ECDSA_DETERMINISTIC_K_S 6 - -/** ECDSA_CLK_REG register - * ECDSA clock gate register - */ -#define ECDSA_CLK_REG (DR_REG_ECDSA_BASE + 0x8) -/** ECDSA_CLK_GATE_FORCE_ON : R/W; bitpos: [0]; default: 0; - * Write 1 to force on register clock gate. - */ -#define ECDSA_CLK_GATE_FORCE_ON (BIT(0)) -#define ECDSA_CLK_GATE_FORCE_ON_M (ECDSA_CLK_GATE_FORCE_ON_V << ECDSA_CLK_GATE_FORCE_ON_S) -#define ECDSA_CLK_GATE_FORCE_ON_V 0x00000001U -#define ECDSA_CLK_GATE_FORCE_ON_S 0 - -/** ECDSA_INT_RAW_REG register - * ECDSA interrupt raw register, valid in level. - */ -#define ECDSA_INT_RAW_REG (DR_REG_ECDSA_BASE + 0xc) -/** ECDSA_PREP_DONE_INT_RAW : RO/WTC/SS; bitpos: [0]; default: 0; - * The raw interrupt status bit for the ecdsa_prep_done_int interrupt - */ -#define ECDSA_PREP_DONE_INT_RAW (BIT(0)) -#define ECDSA_PREP_DONE_INT_RAW_M (ECDSA_PREP_DONE_INT_RAW_V << ECDSA_PREP_DONE_INT_RAW_S) -#define ECDSA_PREP_DONE_INT_RAW_V 0x00000001U -#define ECDSA_PREP_DONE_INT_RAW_S 0 -/** ECDSA_PROC_DONE_INT_RAW : RO/WTC/SS; bitpos: [1]; default: 0; - * The raw interrupt status bit for the ecdsa_proc_done_int interrupt - */ -#define ECDSA_PROC_DONE_INT_RAW (BIT(1)) -#define ECDSA_PROC_DONE_INT_RAW_M (ECDSA_PROC_DONE_INT_RAW_V << ECDSA_PROC_DONE_INT_RAW_S) -#define ECDSA_PROC_DONE_INT_RAW_V 0x00000001U -#define ECDSA_PROC_DONE_INT_RAW_S 1 -/** ECDSA_POST_DONE_INT_RAW : RO/WTC/SS; bitpos: [2]; default: 0; - * The raw interrupt status bit for the ecdsa_post_done_int interrupt - */ -#define ECDSA_POST_DONE_INT_RAW (BIT(2)) -#define ECDSA_POST_DONE_INT_RAW_M (ECDSA_POST_DONE_INT_RAW_V << ECDSA_POST_DONE_INT_RAW_S) -#define ECDSA_POST_DONE_INT_RAW_V 0x00000001U -#define ECDSA_POST_DONE_INT_RAW_S 2 -/** ECDSA_SHA_RELEASE_INT_RAW : RO/WTC/SS; bitpos: [3]; default: 0; - * The raw interrupt status bit for the ecdsa_sha_release_int interrupt - */ -#define ECDSA_SHA_RELEASE_INT_RAW (BIT(3)) -#define ECDSA_SHA_RELEASE_INT_RAW_M (ECDSA_SHA_RELEASE_INT_RAW_V << ECDSA_SHA_RELEASE_INT_RAW_S) -#define ECDSA_SHA_RELEASE_INT_RAW_V 0x00000001U -#define ECDSA_SHA_RELEASE_INT_RAW_S 3 - -/** ECDSA_INT_ST_REG register - * ECDSA interrupt status register. - */ -#define ECDSA_INT_ST_REG (DR_REG_ECDSA_BASE + 0x10) -/** ECDSA_PREP_DONE_INT_ST : RO; bitpos: [0]; default: 0; - * The masked interrupt status bit for the ecdsa_prep_done_int interrupt - */ -#define ECDSA_PREP_DONE_INT_ST (BIT(0)) -#define ECDSA_PREP_DONE_INT_ST_M (ECDSA_PREP_DONE_INT_ST_V << ECDSA_PREP_DONE_INT_ST_S) -#define ECDSA_PREP_DONE_INT_ST_V 0x00000001U -#define ECDSA_PREP_DONE_INT_ST_S 0 -/** ECDSA_PROC_DONE_INT_ST : RO; bitpos: [1]; default: 0; - * The masked interrupt status bit for the ecdsa_proc_done_int interrupt - */ -#define ECDSA_PROC_DONE_INT_ST (BIT(1)) -#define ECDSA_PROC_DONE_INT_ST_M (ECDSA_PROC_DONE_INT_ST_V << ECDSA_PROC_DONE_INT_ST_S) -#define ECDSA_PROC_DONE_INT_ST_V 0x00000001U -#define ECDSA_PROC_DONE_INT_ST_S 1 -/** ECDSA_POST_DONE_INT_ST : RO; bitpos: [2]; default: 0; - * The masked interrupt status bit for the ecdsa_post_done_int interrupt - */ -#define ECDSA_POST_DONE_INT_ST (BIT(2)) -#define ECDSA_POST_DONE_INT_ST_M (ECDSA_POST_DONE_INT_ST_V << ECDSA_POST_DONE_INT_ST_S) -#define ECDSA_POST_DONE_INT_ST_V 0x00000001U -#define ECDSA_POST_DONE_INT_ST_S 2 -/** ECDSA_SHA_RELEASE_INT_ST : RO; bitpos: [3]; default: 0; - * The masked interrupt status bit for the ecdsa_sha_release_int interrupt - */ -#define ECDSA_SHA_RELEASE_INT_ST (BIT(3)) -#define ECDSA_SHA_RELEASE_INT_ST_M (ECDSA_SHA_RELEASE_INT_ST_V << ECDSA_SHA_RELEASE_INT_ST_S) -#define ECDSA_SHA_RELEASE_INT_ST_V 0x00000001U -#define ECDSA_SHA_RELEASE_INT_ST_S 3 - -/** ECDSA_INT_ENA_REG register - * ECDSA interrupt enable register. - */ -#define ECDSA_INT_ENA_REG (DR_REG_ECDSA_BASE + 0x14) -/** ECDSA_PREP_DONE_INT_ENA : R/W; bitpos: [0]; default: 0; - * The interrupt enable bit for the ecdsa_prep_done_int interrupt - */ -#define ECDSA_PREP_DONE_INT_ENA (BIT(0)) -#define ECDSA_PREP_DONE_INT_ENA_M (ECDSA_PREP_DONE_INT_ENA_V << ECDSA_PREP_DONE_INT_ENA_S) -#define ECDSA_PREP_DONE_INT_ENA_V 0x00000001U -#define ECDSA_PREP_DONE_INT_ENA_S 0 -/** ECDSA_PROC_DONE_INT_ENA : R/W; bitpos: [1]; default: 0; - * The interrupt enable bit for the ecdsa_proc_done_int interrupt - */ -#define ECDSA_PROC_DONE_INT_ENA (BIT(1)) -#define ECDSA_PROC_DONE_INT_ENA_M (ECDSA_PROC_DONE_INT_ENA_V << ECDSA_PROC_DONE_INT_ENA_S) -#define ECDSA_PROC_DONE_INT_ENA_V 0x00000001U -#define ECDSA_PROC_DONE_INT_ENA_S 1 -/** ECDSA_POST_DONE_INT_ENA : R/W; bitpos: [2]; default: 0; - * The interrupt enable bit for the ecdsa_post_done_int interrupt - */ -#define ECDSA_POST_DONE_INT_ENA (BIT(2)) -#define ECDSA_POST_DONE_INT_ENA_M (ECDSA_POST_DONE_INT_ENA_V << ECDSA_POST_DONE_INT_ENA_S) -#define ECDSA_POST_DONE_INT_ENA_V 0x00000001U -#define ECDSA_POST_DONE_INT_ENA_S 2 -/** ECDSA_SHA_RELEASE_INT_ENA : R/W; bitpos: [3]; default: 0; - * The interrupt enable bit for the ecdsa_sha_release_int interrupt - */ -#define ECDSA_SHA_RELEASE_INT_ENA (BIT(3)) -#define ECDSA_SHA_RELEASE_INT_ENA_M (ECDSA_SHA_RELEASE_INT_ENA_V << ECDSA_SHA_RELEASE_INT_ENA_S) -#define ECDSA_SHA_RELEASE_INT_ENA_V 0x00000001U -#define ECDSA_SHA_RELEASE_INT_ENA_S 3 - -/** ECDSA_INT_CLR_REG register - * ECDSA interrupt clear register. - */ -#define ECDSA_INT_CLR_REG (DR_REG_ECDSA_BASE + 0x18) -/** ECDSA_PREP_DONE_INT_CLR : WT; bitpos: [0]; default: 0; - * Set this bit to clear the ecdsa_prep_done_int interrupt - */ -#define ECDSA_PREP_DONE_INT_CLR (BIT(0)) -#define ECDSA_PREP_DONE_INT_CLR_M (ECDSA_PREP_DONE_INT_CLR_V << ECDSA_PREP_DONE_INT_CLR_S) -#define ECDSA_PREP_DONE_INT_CLR_V 0x00000001U -#define ECDSA_PREP_DONE_INT_CLR_S 0 -/** ECDSA_PROC_DONE_INT_CLR : WT; bitpos: [1]; default: 0; - * Set this bit to clear the ecdsa_proc_done_int interrupt - */ -#define ECDSA_PROC_DONE_INT_CLR (BIT(1)) -#define ECDSA_PROC_DONE_INT_CLR_M (ECDSA_PROC_DONE_INT_CLR_V << ECDSA_PROC_DONE_INT_CLR_S) -#define ECDSA_PROC_DONE_INT_CLR_V 0x00000001U -#define ECDSA_PROC_DONE_INT_CLR_S 1 -/** ECDSA_POST_DONE_INT_CLR : WT; bitpos: [2]; default: 0; - * Set this bit to clear the ecdsa_post_done_int interrupt - */ -#define ECDSA_POST_DONE_INT_CLR (BIT(2)) -#define ECDSA_POST_DONE_INT_CLR_M (ECDSA_POST_DONE_INT_CLR_V << ECDSA_POST_DONE_INT_CLR_S) -#define ECDSA_POST_DONE_INT_CLR_V 0x00000001U -#define ECDSA_POST_DONE_INT_CLR_S 2 -/** ECDSA_SHA_RELEASE_INT_CLR : WT; bitpos: [3]; default: 0; - * Set this bit to clear the ecdsa_sha_release_int interrupt - */ -#define ECDSA_SHA_RELEASE_INT_CLR (BIT(3)) -#define ECDSA_SHA_RELEASE_INT_CLR_M (ECDSA_SHA_RELEASE_INT_CLR_V << ECDSA_SHA_RELEASE_INT_CLR_S) -#define ECDSA_SHA_RELEASE_INT_CLR_V 0x00000001U -#define ECDSA_SHA_RELEASE_INT_CLR_S 3 - -/** ECDSA_START_REG register - * ECDSA start register - */ -#define ECDSA_START_REG (DR_REG_ECDSA_BASE + 0x1c) -/** ECDSA_START : WT; bitpos: [0]; default: 0; - * Write 1 to start calculation of ECDSA Accelerator. This bit will be self-cleared - * after configuration. - */ -#define ECDSA_START (BIT(0)) -#define ECDSA_START_M (ECDSA_START_V << ECDSA_START_S) -#define ECDSA_START_V 0x00000001U -#define ECDSA_START_S 0 -/** ECDSA_LOAD_DONE : WT; bitpos: [1]; default: 0; - * Write 1 to input load done signal of ECDSA Accelerator. This bit will be - * self-cleared after configuration. - */ -#define ECDSA_LOAD_DONE (BIT(1)) -#define ECDSA_LOAD_DONE_M (ECDSA_LOAD_DONE_V << ECDSA_LOAD_DONE_S) -#define ECDSA_LOAD_DONE_V 0x00000001U -#define ECDSA_LOAD_DONE_S 1 -/** ECDSA_GET_DONE : WT; bitpos: [2]; default: 0; - * Write 1 to input get done signal of ECDSA Accelerator. This bit will be - * self-cleared after configuration. - */ -#define ECDSA_GET_DONE (BIT(2)) -#define ECDSA_GET_DONE_M (ECDSA_GET_DONE_V << ECDSA_GET_DONE_S) -#define ECDSA_GET_DONE_V 0x00000001U -#define ECDSA_GET_DONE_S 2 - -/** ECDSA_STATE_REG register - * ECDSA status register - */ -#define ECDSA_STATE_REG (DR_REG_ECDSA_BASE + 0x20) -/** ECDSA_BUSY : RO; bitpos: [1:0]; default: 0; - * The status bits of ECDSA Accelerator. ECDSA is at 0: IDLE, 1: LOAD, 2: GET, 3: BUSY - * state. - */ -#define ECDSA_BUSY 0x00000003U -#define ECDSA_BUSY_M (ECDSA_BUSY_V << ECDSA_BUSY_S) -#define ECDSA_BUSY_V 0x00000003U -#define ECDSA_BUSY_S 0 - -/** ECDSA_RESULT_REG register - * ECDSA result register - */ -#define ECDSA_RESULT_REG (DR_REG_ECDSA_BASE + 0x24) -/** ECDSA_OPERATION_RESULT : RO/SS; bitpos: [0]; default: 0; - * The operation result bit of ECDSA Accelerator, only valid when ECDSA calculation is - * done. - */ -#define ECDSA_OPERATION_RESULT (BIT(0)) -#define ECDSA_OPERATION_RESULT_M (ECDSA_OPERATION_RESULT_V << ECDSA_OPERATION_RESULT_S) -#define ECDSA_OPERATION_RESULT_V 0x00000001U -#define ECDSA_OPERATION_RESULT_S 0 - -/** ECDSA_DATE_REG register - * Version control register - */ -#define ECDSA_DATE_REG (DR_REG_ECDSA_BASE + 0xfc) -/** ECDSA_DATE : R/W; bitpos: [27:0]; default: 37785984; - * ECDSA version control register - */ -#define ECDSA_DATE 0x0FFFFFFFU -#define ECDSA_DATE_M (ECDSA_DATE_V << ECDSA_DATE_S) -#define ECDSA_DATE_V 0x0FFFFFFFU -#define ECDSA_DATE_S 0 - -/** ECDSA_SHA_MODE_REG register - * ECDSA control SHA register - */ -#define ECDSA_SHA_MODE_REG (DR_REG_ECDSA_BASE + 0x200) -/** ECDSA_SHA_MODE : R/W; bitpos: [2:0]; default: 0; - * The work mode bits of SHA Calculator in ECDSA Accelerator. 0: SHA1. 1: SHA-224. 2: - * SHA-256. 3: SHA-384 4: SHA-512. 5: SHA-512224. 6: SHA-512256. 7: invalid. - */ -#define ECDSA_SHA_MODE 0x00000007U -#define ECDSA_SHA_MODE_M (ECDSA_SHA_MODE_V << ECDSA_SHA_MODE_S) -#define ECDSA_SHA_MODE_V 0x00000007U -#define ECDSA_SHA_MODE_S 0 - -/** ECDSA_SHA_START_REG register - * ECDSA control SHA register - */ -#define ECDSA_SHA_START_REG (DR_REG_ECDSA_BASE + 0x210) -/** ECDSA_SHA_START : WT; bitpos: [0]; default: 0; - * Write 1 to start the first calculation of SHA Calculator in ECDSA Accelerator. This - * bit will be self-cleared after configuration. - */ -#define ECDSA_SHA_START (BIT(0)) -#define ECDSA_SHA_START_M (ECDSA_SHA_START_V << ECDSA_SHA_START_S) -#define ECDSA_SHA_START_V 0x00000001U -#define ECDSA_SHA_START_S 0 - -/** ECDSA_SHA_CONTINUE_REG register - * ECDSA control SHA register - */ -#define ECDSA_SHA_CONTINUE_REG (DR_REG_ECDSA_BASE + 0x214) -/** ECDSA_SHA_CONTINUE : WT; bitpos: [0]; default: 0; - * Write 1 to start the latter calculation of SHA Calculator in ECDSA Accelerator. This - * bit will be self-cleared after configuration. - */ -#define ECDSA_SHA_CONTINUE (BIT(0)) -#define ECDSA_SHA_CONTINUE_M (ECDSA_SHA_CONTINUE_V << ECDSA_SHA_CONTINUE_S) -#define ECDSA_SHA_CONTINUE_V 0x00000001U -#define ECDSA_SHA_CONTINUE_S 0 - -/** ECDSA_SHA_BUSY_REG register - * ECDSA status register - */ -#define ECDSA_SHA_BUSY_REG (DR_REG_ECDSA_BASE + 0x218) -/** ECDSA_SHA_BUSY : RO; bitpos: [0]; default: 0; - * The busy status bit of SHA Calculator in ECDSA Accelerator. 1:SHA is in - * calculation. 0: SHA is idle. - */ -#define ECDSA_SHA_BUSY (BIT(0)) -#define ECDSA_SHA_BUSY_M (ECDSA_SHA_BUSY_V << ECDSA_SHA_BUSY_S) -#define ECDSA_SHA_BUSY_V 0x00000001U -#define ECDSA_SHA_BUSY_S 0 - -/** ECDSA_MESSAGE_MEM register - * The memory that stores message. - */ -#define ECDSA_MESSAGE_MEM (DR_REG_ECDSA_BASE + 0x280) -#define ECDSA_MESSAGE_MEM_SIZE_BYTES 64 - -/** ECDSA_R_MEM register - * The memory that stores r. - */ -#define ECDSA_R_MEM (DR_REG_ECDSA_BASE + 0x3e0) -#define ECDSA_R_MEM_SIZE_BYTES 48 - -/** ECDSA_S_MEM register - * The memory that stores s. - */ -#define ECDSA_S_MEM (DR_REG_ECDSA_BASE + 0x410) -#define ECDSA_S_MEM_SIZE_BYTES 48 - -/** ECDSA_Z_MEM register - * The memory that stores software written z. - */ -#define ECDSA_Z_MEM (DR_REG_ECDSA_BASE + 0x440) -#define ECDSA_Z_MEM_SIZE_BYTES 48 - -/** ECDSA_QAX_MEM register - * The memory that stores x coordinates of QA or software written k. - */ -#define ECDSA_QAX_MEM (DR_REG_ECDSA_BASE + 0x470) -#define ECDSA_QAX_MEM_SIZE_BYTES 48 - -/** ECDSA_QAY_MEM register - * The memory that stores y coordinates of QA. - */ -#define ECDSA_QAY_MEM (DR_REG_ECDSA_BASE + 0x4a0) -#define ECDSA_QAY_MEM_SIZE_BYTES 48 - -#ifdef __cplusplus -} -#endif diff --git a/components/soc/esp32p4/register/hw_ver3/soc/ecdsa_reg.h b/components/soc/esp32p4/register/hw_ver3/soc/ecdsa_reg.h index 2c104b9ef1..8407e4be62 100644 --- a/components/soc/esp32p4/register/hw_ver3/soc/ecdsa_reg.h +++ b/components/soc/esp32p4/register/hw_ver3/soc/ecdsa_reg.h @@ -23,44 +23,37 @@ extern "C" { #define ECDSA_WORK_MODE_M (ECDSA_WORK_MODE_V << ECDSA_WORK_MODE_S) #define ECDSA_WORK_MODE_V 0x00000003U #define ECDSA_WORK_MODE_S 0 -/** ECDSA_ECC_CURVE : R/W; bitpos: [2]; default: 0; - * The ecc curve select bit of ECDSA Accelerator. 0: P-192. 1: P-256. +/** ECDSA_ECC_CURVE : R/W; bitpos: [3:2]; default: 0; + * The ecc curve select bit of ECDSA Accelerator. 0: P-192. 1: P-256. 2: P-384. */ -#define ECDSA_ECC_CURVE (BIT(2)) +#define ECDSA_ECC_CURVE 0x00000003U #define ECDSA_ECC_CURVE_M (ECDSA_ECC_CURVE_V << ECDSA_ECC_CURVE_S) -#define ECDSA_ECC_CURVE_V 0x00000001U +#define ECDSA_ECC_CURVE_V 0x00000003U #define ECDSA_ECC_CURVE_S 2 -/** ECDSA_SOFTWARE_SET_K : R/W; bitpos: [3]; default: 0; +/** ECDSA_SOFTWARE_SET_K : R/W; bitpos: [4]; default: 0; * The source of k select bit. 0: k is automatically generated by hardware. 1: k is * written by software. */ -#define ECDSA_SOFTWARE_SET_K (BIT(3)) +#define ECDSA_SOFTWARE_SET_K (BIT(4)) #define ECDSA_SOFTWARE_SET_K_M (ECDSA_SOFTWARE_SET_K_V << ECDSA_SOFTWARE_SET_K_S) #define ECDSA_SOFTWARE_SET_K_V 0x00000001U -#define ECDSA_SOFTWARE_SET_K_S 3 -/** ECDSA_SOFTWARE_SET_Z : R/W; bitpos: [4]; default: 0; +#define ECDSA_SOFTWARE_SET_K_S 4 +/** ECDSA_SOFTWARE_SET_Z : R/W; bitpos: [5]; default: 0; * The source of z select bit. 0: z is generated from SHA result. 1: z is written by * software. */ -#define ECDSA_SOFTWARE_SET_Z (BIT(4)) +#define ECDSA_SOFTWARE_SET_Z (BIT(5)) #define ECDSA_SOFTWARE_SET_Z_M (ECDSA_SOFTWARE_SET_Z_V << ECDSA_SOFTWARE_SET_Z_S) #define ECDSA_SOFTWARE_SET_Z_V 0x00000001U -#define ECDSA_SOFTWARE_SET_Z_S 4 -/** ECDSA_DETERMINISTIC_K : R/W; bitpos: [5]; default: 0; +#define ECDSA_SOFTWARE_SET_Z_S 5 +/** ECDSA_DETERMINISTIC_K : R/W; bitpos: [6]; default: 0; * The source of hardware generated k. 0: k is generated by TRNG. 1: k is generated by * deterministic derivation algorithm. */ -#define ECDSA_DETERMINISTIC_K (BIT(5)) +#define ECDSA_DETERMINISTIC_K (BIT(6)) #define ECDSA_DETERMINISTIC_K_M (ECDSA_DETERMINISTIC_K_V << ECDSA_DETERMINISTIC_K_S) #define ECDSA_DETERMINISTIC_K_V 0x00000001U -#define ECDSA_DETERMINISTIC_K_S 5 -/** ECDSA_DETERMINISTIC_LOOP : R/W; bitpos: [21:6]; default: 0; - * The (loop number - 1) value in the deterministic derivation algorithm to derive k. - */ -#define ECDSA_DETERMINISTIC_LOOP 0x0000FFFFU -#define ECDSA_DETERMINISTIC_LOOP_M (ECDSA_DETERMINISTIC_LOOP_V << ECDSA_DETERMINISTIC_LOOP_S) -#define ECDSA_DETERMINISTIC_LOOP_V 0x0000FFFFU -#define ECDSA_DETERMINISTIC_LOOP_S 6 +#define ECDSA_DETERMINISTIC_K_S 6 /** ECDSA_CLK_REG register * ECDSA clock gate register @@ -78,77 +71,133 @@ extern "C" { * ECDSA interrupt raw register, valid in level. */ #define ECDSA_INT_RAW_REG (DR_REG_ECDSA_BASE + 0xc) -/** ECDSA_CALC_DONE_INT_RAW : RO/WTC/SS; bitpos: [0]; default: 0; - * The raw interrupt status bit for the ecdsa_calc_done_int interrupt +/** ECDSA_PREP_DONE_INT_RAW : RO/WTC/SS; bitpos: [0]; default: 0; + * The raw interrupt status bit for the ecdsa_prep_done_int interrupt */ -#define ECDSA_CALC_DONE_INT_RAW (BIT(0)) -#define ECDSA_CALC_DONE_INT_RAW_M (ECDSA_CALC_DONE_INT_RAW_V << ECDSA_CALC_DONE_INT_RAW_S) -#define ECDSA_CALC_DONE_INT_RAW_V 0x00000001U -#define ECDSA_CALC_DONE_INT_RAW_S 0 -/** ECDSA_SHA_RELEASE_INT_RAW : RO/WTC/SS; bitpos: [1]; default: 0; +#define ECDSA_PREP_DONE_INT_RAW (BIT(0)) +#define ECDSA_PREP_DONE_INT_RAW_M (ECDSA_PREP_DONE_INT_RAW_V << ECDSA_PREP_DONE_INT_RAW_S) +#define ECDSA_PREP_DONE_INT_RAW_V 0x00000001U +#define ECDSA_PREP_DONE_INT_RAW_S 0 +/** ECDSA_PROC_DONE_INT_RAW : RO/WTC/SS; bitpos: [1]; default: 0; + * The raw interrupt status bit for the ecdsa_proc_done_int interrupt + */ +#define ECDSA_PROC_DONE_INT_RAW (BIT(1)) +#define ECDSA_PROC_DONE_INT_RAW_M (ECDSA_PROC_DONE_INT_RAW_V << ECDSA_PROC_DONE_INT_RAW_S) +#define ECDSA_PROC_DONE_INT_RAW_V 0x00000001U +#define ECDSA_PROC_DONE_INT_RAW_S 1 +/** ECDSA_POST_DONE_INT_RAW : RO/WTC/SS; bitpos: [2]; default: 0; + * The raw interrupt status bit for the ecdsa_post_done_int interrupt + */ +#define ECDSA_POST_DONE_INT_RAW (BIT(2)) +#define ECDSA_POST_DONE_INT_RAW_M (ECDSA_POST_DONE_INT_RAW_V << ECDSA_POST_DONE_INT_RAW_S) +#define ECDSA_POST_DONE_INT_RAW_V 0x00000001U +#define ECDSA_POST_DONE_INT_RAW_S 2 +/** ECDSA_SHA_RELEASE_INT_RAW : RO/WTC/SS; bitpos: [3]; default: 0; * The raw interrupt status bit for the ecdsa_sha_release_int interrupt */ -#define ECDSA_SHA_RELEASE_INT_RAW (BIT(1)) +#define ECDSA_SHA_RELEASE_INT_RAW (BIT(3)) #define ECDSA_SHA_RELEASE_INT_RAW_M (ECDSA_SHA_RELEASE_INT_RAW_V << ECDSA_SHA_RELEASE_INT_RAW_S) #define ECDSA_SHA_RELEASE_INT_RAW_V 0x00000001U -#define ECDSA_SHA_RELEASE_INT_RAW_S 1 +#define ECDSA_SHA_RELEASE_INT_RAW_S 3 /** ECDSA_INT_ST_REG register * ECDSA interrupt status register. */ #define ECDSA_INT_ST_REG (DR_REG_ECDSA_BASE + 0x10) -/** ECDSA_CALC_DONE_INT_ST : RO; bitpos: [0]; default: 0; - * The masked interrupt status bit for the ecdsa_calc_done_int interrupt +/** ECDSA_PREP_DONE_INT_ST : RO; bitpos: [0]; default: 0; + * The masked interrupt status bit for the ecdsa_prep_done_int interrupt */ -#define ECDSA_CALC_DONE_INT_ST (BIT(0)) -#define ECDSA_CALC_DONE_INT_ST_M (ECDSA_CALC_DONE_INT_ST_V << ECDSA_CALC_DONE_INT_ST_S) -#define ECDSA_CALC_DONE_INT_ST_V 0x00000001U -#define ECDSA_CALC_DONE_INT_ST_S 0 -/** ECDSA_SHA_RELEASE_INT_ST : RO; bitpos: [1]; default: 0; +#define ECDSA_PREP_DONE_INT_ST (BIT(0)) +#define ECDSA_PREP_DONE_INT_ST_M (ECDSA_PREP_DONE_INT_ST_V << ECDSA_PREP_DONE_INT_ST_S) +#define ECDSA_PREP_DONE_INT_ST_V 0x00000001U +#define ECDSA_PREP_DONE_INT_ST_S 0 +/** ECDSA_PROC_DONE_INT_ST : RO; bitpos: [1]; default: 0; + * The masked interrupt status bit for the ecdsa_proc_done_int interrupt + */ +#define ECDSA_PROC_DONE_INT_ST (BIT(1)) +#define ECDSA_PROC_DONE_INT_ST_M (ECDSA_PROC_DONE_INT_ST_V << ECDSA_PROC_DONE_INT_ST_S) +#define ECDSA_PROC_DONE_INT_ST_V 0x00000001U +#define ECDSA_PROC_DONE_INT_ST_S 1 +/** ECDSA_POST_DONE_INT_ST : RO; bitpos: [2]; default: 0; + * The masked interrupt status bit for the ecdsa_post_done_int interrupt + */ +#define ECDSA_POST_DONE_INT_ST (BIT(2)) +#define ECDSA_POST_DONE_INT_ST_M (ECDSA_POST_DONE_INT_ST_V << ECDSA_POST_DONE_INT_ST_S) +#define ECDSA_POST_DONE_INT_ST_V 0x00000001U +#define ECDSA_POST_DONE_INT_ST_S 2 +/** ECDSA_SHA_RELEASE_INT_ST : RO; bitpos: [3]; default: 0; * The masked interrupt status bit for the ecdsa_sha_release_int interrupt */ -#define ECDSA_SHA_RELEASE_INT_ST (BIT(1)) +#define ECDSA_SHA_RELEASE_INT_ST (BIT(3)) #define ECDSA_SHA_RELEASE_INT_ST_M (ECDSA_SHA_RELEASE_INT_ST_V << ECDSA_SHA_RELEASE_INT_ST_S) #define ECDSA_SHA_RELEASE_INT_ST_V 0x00000001U -#define ECDSA_SHA_RELEASE_INT_ST_S 1 +#define ECDSA_SHA_RELEASE_INT_ST_S 3 /** ECDSA_INT_ENA_REG register * ECDSA interrupt enable register. */ #define ECDSA_INT_ENA_REG (DR_REG_ECDSA_BASE + 0x14) -/** ECDSA_CALC_DONE_INT_ENA : R/W; bitpos: [0]; default: 0; - * The interrupt enable bit for the ecdsa_calc_done_int interrupt +/** ECDSA_PREP_DONE_INT_ENA : R/W; bitpos: [0]; default: 0; + * The interrupt enable bit for the ecdsa_prep_done_int interrupt */ -#define ECDSA_CALC_DONE_INT_ENA (BIT(0)) -#define ECDSA_CALC_DONE_INT_ENA_M (ECDSA_CALC_DONE_INT_ENA_V << ECDSA_CALC_DONE_INT_ENA_S) -#define ECDSA_CALC_DONE_INT_ENA_V 0x00000001U -#define ECDSA_CALC_DONE_INT_ENA_S 0 -/** ECDSA_SHA_RELEASE_INT_ENA : R/W; bitpos: [1]; default: 0; +#define ECDSA_PREP_DONE_INT_ENA (BIT(0)) +#define ECDSA_PREP_DONE_INT_ENA_M (ECDSA_PREP_DONE_INT_ENA_V << ECDSA_PREP_DONE_INT_ENA_S) +#define ECDSA_PREP_DONE_INT_ENA_V 0x00000001U +#define ECDSA_PREP_DONE_INT_ENA_S 0 +/** ECDSA_PROC_DONE_INT_ENA : R/W; bitpos: [1]; default: 0; + * The interrupt enable bit for the ecdsa_proc_done_int interrupt + */ +#define ECDSA_PROC_DONE_INT_ENA (BIT(1)) +#define ECDSA_PROC_DONE_INT_ENA_M (ECDSA_PROC_DONE_INT_ENA_V << ECDSA_PROC_DONE_INT_ENA_S) +#define ECDSA_PROC_DONE_INT_ENA_V 0x00000001U +#define ECDSA_PROC_DONE_INT_ENA_S 1 +/** ECDSA_POST_DONE_INT_ENA : R/W; bitpos: [2]; default: 0; + * The interrupt enable bit for the ecdsa_post_done_int interrupt + */ +#define ECDSA_POST_DONE_INT_ENA (BIT(2)) +#define ECDSA_POST_DONE_INT_ENA_M (ECDSA_POST_DONE_INT_ENA_V << ECDSA_POST_DONE_INT_ENA_S) +#define ECDSA_POST_DONE_INT_ENA_V 0x00000001U +#define ECDSA_POST_DONE_INT_ENA_S 2 +/** ECDSA_SHA_RELEASE_INT_ENA : R/W; bitpos: [3]; default: 0; * The interrupt enable bit for the ecdsa_sha_release_int interrupt */ -#define ECDSA_SHA_RELEASE_INT_ENA (BIT(1)) +#define ECDSA_SHA_RELEASE_INT_ENA (BIT(3)) #define ECDSA_SHA_RELEASE_INT_ENA_M (ECDSA_SHA_RELEASE_INT_ENA_V << ECDSA_SHA_RELEASE_INT_ENA_S) #define ECDSA_SHA_RELEASE_INT_ENA_V 0x00000001U -#define ECDSA_SHA_RELEASE_INT_ENA_S 1 +#define ECDSA_SHA_RELEASE_INT_ENA_S 3 /** ECDSA_INT_CLR_REG register * ECDSA interrupt clear register. */ #define ECDSA_INT_CLR_REG (DR_REG_ECDSA_BASE + 0x18) -/** ECDSA_CALC_DONE_INT_CLR : WT; bitpos: [0]; default: 0; - * Set this bit to clear the ecdsa_calc_done_int interrupt +/** ECDSA_PREP_DONE_INT_CLR : WT; bitpos: [0]; default: 0; + * Set this bit to clear the ecdsa_prep_done_int interrupt */ -#define ECDSA_CALC_DONE_INT_CLR (BIT(0)) -#define ECDSA_CALC_DONE_INT_CLR_M (ECDSA_CALC_DONE_INT_CLR_V << ECDSA_CALC_DONE_INT_CLR_S) -#define ECDSA_CALC_DONE_INT_CLR_V 0x00000001U -#define ECDSA_CALC_DONE_INT_CLR_S 0 -/** ECDSA_SHA_RELEASE_INT_CLR : WT; bitpos: [1]; default: 0; +#define ECDSA_PREP_DONE_INT_CLR (BIT(0)) +#define ECDSA_PREP_DONE_INT_CLR_M (ECDSA_PREP_DONE_INT_CLR_V << ECDSA_PREP_DONE_INT_CLR_S) +#define ECDSA_PREP_DONE_INT_CLR_V 0x00000001U +#define ECDSA_PREP_DONE_INT_CLR_S 0 +/** ECDSA_PROC_DONE_INT_CLR : WT; bitpos: [1]; default: 0; + * Set this bit to clear the ecdsa_proc_done_int interrupt + */ +#define ECDSA_PROC_DONE_INT_CLR (BIT(1)) +#define ECDSA_PROC_DONE_INT_CLR_M (ECDSA_PROC_DONE_INT_CLR_V << ECDSA_PROC_DONE_INT_CLR_S) +#define ECDSA_PROC_DONE_INT_CLR_V 0x00000001U +#define ECDSA_PROC_DONE_INT_CLR_S 1 +/** ECDSA_POST_DONE_INT_CLR : WT; bitpos: [2]; default: 0; + * Set this bit to clear the ecdsa_post_done_int interrupt + */ +#define ECDSA_POST_DONE_INT_CLR (BIT(2)) +#define ECDSA_POST_DONE_INT_CLR_M (ECDSA_POST_DONE_INT_CLR_V << ECDSA_POST_DONE_INT_CLR_S) +#define ECDSA_POST_DONE_INT_CLR_V 0x00000001U +#define ECDSA_POST_DONE_INT_CLR_S 2 +/** ECDSA_SHA_RELEASE_INT_CLR : WT; bitpos: [3]; default: 0; * Set this bit to clear the ecdsa_sha_release_int interrupt */ -#define ECDSA_SHA_RELEASE_INT_CLR (BIT(1)) +#define ECDSA_SHA_RELEASE_INT_CLR (BIT(3)) #define ECDSA_SHA_RELEASE_INT_CLR_M (ECDSA_SHA_RELEASE_INT_CLR_V << ECDSA_SHA_RELEASE_INT_CLR_S) #define ECDSA_SHA_RELEASE_INT_CLR_V 0x00000001U -#define ECDSA_SHA_RELEASE_INT_CLR_S 1 +#define ECDSA_SHA_RELEASE_INT_CLR_S 3 /** ECDSA_START_REG register * ECDSA start register @@ -204,20 +253,12 @@ extern "C" { #define ECDSA_OPERATION_RESULT_M (ECDSA_OPERATION_RESULT_V << ECDSA_OPERATION_RESULT_S) #define ECDSA_OPERATION_RESULT_V 0x00000001U #define ECDSA_OPERATION_RESULT_S 0 -/** ECDSA_K_VALUE_WARNING : RO/SS; bitpos: [1]; default: 0; - * The k value warning bit of ECDSA Accelerator, valid when k value is bigger than the - * curve order, then actually taken k = k mod n. - */ -#define ECDSA_K_VALUE_WARNING (BIT(1)) -#define ECDSA_K_VALUE_WARNING_M (ECDSA_K_VALUE_WARNING_V << ECDSA_K_VALUE_WARNING_S) -#define ECDSA_K_VALUE_WARNING_V 0x00000001U -#define ECDSA_K_VALUE_WARNING_S 1 /** ECDSA_DATE_REG register * Version control register */ #define ECDSA_DATE_REG (DR_REG_ECDSA_BASE + 0xfc) -/** ECDSA_DATE : R/W; bitpos: [27:0]; default: 36716656; +/** ECDSA_DATE : R/W; bitpos: [27:0]; default: 37785984; * ECDSA version control register */ #define ECDSA_DATE 0x0FFFFFFFU @@ -230,8 +271,8 @@ extern "C" { */ #define ECDSA_SHA_MODE_REG (DR_REG_ECDSA_BASE + 0x200) /** ECDSA_SHA_MODE : R/W; bitpos: [2:0]; default: 0; - * The work mode bits of SHA Calculator in ECDSA Accelerator. 1: SHA-224. 2: SHA-256. - * Others: invalid. + * The work mode bits of SHA Calculator in ECDSA Accelerator. 0: SHA1. 1: SHA-224. 2: + * SHA-256. 3: SHA-384 4: SHA-512. 5: SHA-512224. 6: SHA-512256. 7: invalid. */ #define ECDSA_SHA_MODE 0x00000007U #define ECDSA_SHA_MODE_M (ECDSA_SHA_MODE_V << ECDSA_SHA_MODE_S) @@ -281,37 +322,37 @@ extern "C" { * The memory that stores message. */ #define ECDSA_MESSAGE_MEM (DR_REG_ECDSA_BASE + 0x280) -#define ECDSA_MESSAGE_MEM_SIZE_BYTES 32 +#define ECDSA_MESSAGE_MEM_SIZE_BYTES 64 /** ECDSA_R_MEM register * The memory that stores r. */ -#define ECDSA_R_MEM (DR_REG_ECDSA_BASE + 0xa00) -#define ECDSA_R_MEM_SIZE_BYTES 32 +#define ECDSA_R_MEM (DR_REG_ECDSA_BASE + 0x3e0) +#define ECDSA_R_MEM_SIZE_BYTES 48 /** ECDSA_S_MEM register * The memory that stores s. */ -#define ECDSA_S_MEM (DR_REG_ECDSA_BASE + 0xa20) -#define ECDSA_S_MEM_SIZE_BYTES 32 +#define ECDSA_S_MEM (DR_REG_ECDSA_BASE + 0x410) +#define ECDSA_S_MEM_SIZE_BYTES 48 /** ECDSA_Z_MEM register * The memory that stores software written z. */ -#define ECDSA_Z_MEM (DR_REG_ECDSA_BASE + 0xa40) -#define ECDSA_Z_MEM_SIZE_BYTES 32 +#define ECDSA_Z_MEM (DR_REG_ECDSA_BASE + 0x440) +#define ECDSA_Z_MEM_SIZE_BYTES 48 /** ECDSA_QAX_MEM register * The memory that stores x coordinates of QA or software written k. */ -#define ECDSA_QAX_MEM (DR_REG_ECDSA_BASE + 0xa60) -#define ECDSA_QAX_MEM_SIZE_BYTES 32 +#define ECDSA_QAX_MEM (DR_REG_ECDSA_BASE + 0x470) +#define ECDSA_QAX_MEM_SIZE_BYTES 48 /** ECDSA_QAY_MEM register * The memory that stores y coordinates of QA. */ -#define ECDSA_QAY_MEM (DR_REG_ECDSA_BASE + 0xa80) -#define ECDSA_QAY_MEM_SIZE_BYTES 32 +#define ECDSA_QAY_MEM (DR_REG_ECDSA_BASE + 0x4a0) +#define ECDSA_QAY_MEM_SIZE_BYTES 48 #ifdef __cplusplus } From ef05ff039e5925c00b612c79cc0781ac867881be Mon Sep 17 00:00:00 2001 From: "nilesh.kale" Date: Tue, 16 Dec 2025 11:43:00 +0530 Subject: [PATCH 3/3] fix(docs): alter the warning sequence for structs --- docs/sphinx-known-warnings.txt | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/sphinx-known-warnings.txt b/docs/sphinx-known-warnings.txt index 69b18c0248..1d198b855d 100644 --- a/docs/sphinx-known-warnings.txt +++ b/docs/sphinx-known-warnings.txt @@ -174,16 +174,6 @@ If declarator-id: union esp_ble_mesh_metadata_item_t ----------------------------------^ -ecdsa_alt.inc:line: WARNING: Error in declarator or parameters-and-qualifiers -If pointer to member declarator: - Invalid C++ declaration: Expected identifier in nested name. [error at 25] - union esp_ecdsa_pk_conf_t - -------------------------^ -If declarator-id: - Invalid C++ declaration: Expected identifier in nested name. [error at 25] - union esp_ecdsa_pk_conf_t - -------------------------^ - esp_cam_ctlr_csi.inc:line: WARNING: Error in declarator or parameters-and-qualifiers If pointer to member declarator: Invalid C++ declaration: Expected identifier in nested name. [error at 32] @@ -194,6 +184,16 @@ If declarator-id: struct esp_cam_ctlr_csi_config_t --------------------------------^ +ecdsa_alt.inc:line: WARNING: Error in declarator or parameters-and-qualifiers +If pointer to member declarator: + Invalid C++ declaration: Expected identifier in nested name. [error at 25] + union esp_ecdsa_pk_conf_t + -------------------------^ +If declarator-id: + Invalid C++ declaration: Expected identifier in nested name. [error at 25] + union esp_ecdsa_pk_conf_t + -------------------------^ + i2c_master.inc:line: WARNING: Duplicate C++ declaration, also defined at api-reference/peripherals/i2c:line. Declaration is '.. cpp:member:: uint8_t * data'. isp_types.inc:line: WARNING: Error in declarator or parameters-and-qualifiers