Merge branch 'feature/enable_ecc_const_time_support_for_esp32p4_eco5_v5.5' into 'release/v5.5'

feat(hal): add support for ECC constant time function in ESP32-P4 ECO5 (v5.5)

See merge request espressif/esp-idf!43016

Author: AdityaHPatwardhan

components/hal/ecc_hal.c

@@ -1,12 +1,20 @@
 /*
- * SPDX-FileCopyrightText: 2021-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2021-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
 #include "hal/ecc_hal.h"
 #include "hal/ecc_ll.h"
 #include "soc/soc_caps.h"
 
+/* ECC curve size constants in bytes */
+#define ECC_P192_SIZE_BYTES                 24
+#define ECC_P256_SIZE_BYTES                 32
+#define ECC_P384_SIZE_BYTES                 48
+
+/* Maximum ECC buffer size for all supported curves */
+#define ECC_MAX_BUFFER_SIZE                 48
+
 void ecc_hal_set_mode(ecc_mode_t mode)
 {
     ecc_ll_set_mode(mode);
@@ -30,7 +38,7 @@ int ecc_hal_is_calc_finished(void)
 
 static void clear_param_registers(void)
 {
-    uint8_t buf[32] = {0};
+    uint8_t buf[ECC_MAX_BUFFER_SIZE] = {0};
 
     ecc_ll_write_param(ECC_PARAM_PX, buf, sizeof(buf));
     ecc_ll_write_param(ECC_PARAM_PY, buf, sizeof(buf));
@@ -44,7 +52,7 @@ static void clear_param_registers(void)
 
 void ecc_hal_write_mul_param(const uint8_t *k, const uint8_t *px, const uint8_t *py, uint16_t len)
 {
-    ecc_curve_t curve = len == 32 ? ECC_CURVE_SECP256R1 : ECC_CURVE_SECP192R1;
+    ecc_curve_t curve = len == ECC_P384_SIZE_BYTES ? ECC_CURVE_SECP384R1 : (len == ECC_P256_SIZE_BYTES ? ECC_CURVE_SECP256R1 : ECC_CURVE_SECP192R1);
     ecc_ll_set_curve(curve);
 
     clear_param_registers();
@@ -56,7 +64,7 @@ void ecc_hal_write_mul_param(const uint8_t *k, const uint8_t *px, const uint8_t
 
 void ecc_hal_write_verify_param(const uint8_t *px, const uint8_t *py, uint16_t len)
 {
-    ecc_curve_t curve = len == 32 ? ECC_CURVE_SECP256R1 : ECC_CURVE_SECP192R1;
+    ecc_curve_t curve = len == ECC_P384_SIZE_BYTES ? ECC_CURVE_SECP384R1 : (len == ECC_P256_SIZE_BYTES ? ECC_CURVE_SECP256R1 : ECC_CURVE_SECP192R1);
     ecc_ll_set_curve(curve);
 
     clear_param_registers();
@@ -96,7 +104,7 @@ void ecc_hal_set_mod_base(ecc_mod_base_t base)
 
 void ecc_hal_write_jacob_verify_param(const uint8_t *qx, const uint8_t *qy, const uint8_t *qz, uint16_t len)
 {
-    ecc_curve_t curve = len == 32 ? ECC_CURVE_SECP256R1 : ECC_CURVE_SECP192R1;
+    ecc_curve_t curve = len == ECC_P384_SIZE_BYTES ? ECC_CURVE_SECP384R1 : (len == ECC_P256_SIZE_BYTES ? ECC_CURVE_SECP256R1 : ECC_CURVE_SECP192R1);
     ecc_ll_set_curve(curve);
 
     clear_param_registers();
@@ -127,7 +135,7 @@ int ecc_hal_read_jacob_mul_result(uint8_t *rx, uint8_t *ry, uint8_t *rz, uint16_
 
 void ecc_hal_write_point_add_param(const uint8_t *px, const uint8_t *py, const uint8_t *qx, const uint8_t *qy, const uint8_t *qz, uint16_t len)
 {
-    ecc_curve_t curve = len == 32 ? ECC_CURVE_SECP256R1 : ECC_CURVE_SECP192R1;
+    ecc_curve_t curve = len == ECC_P384_SIZE_BYTES ? ECC_CURVE_SECP384R1 : (len == ECC_P256_SIZE_BYTES ? ECC_CURVE_SECP256R1 : ECC_CURVE_SECP192R1);
     ecc_ll_set_curve(curve);
 
     clear_param_registers();
@@ -154,7 +162,7 @@ int ecc_hal_read_point_add_result(uint8_t *rx, uint8_t *ry, uint8_t *rz, uint16_
 
 void ecc_hal_write_mod_op_param(const uint8_t *a, const uint8_t *b, uint16_t len)
 {
-    ecc_curve_t curve = len == 32 ? ECC_CURVE_SECP256R1 : ECC_CURVE_SECP192R1;
+    ecc_curve_t curve = len == ECC_P384_SIZE_BYTES ? ECC_CURVE_SECP384R1 : (len == ECC_P256_SIZE_BYTES ? ECC_CURVE_SECP256R1 : ECC_CURVE_SECP192R1);
     ecc_ll_set_curve(curve);
 
     clear_param_registers();

components/hal/esp32c5/include/hal/ecc_ll.h

@@ -148,6 +148,11 @@ static inline void ecc_ll_set_mod_base(ecc_mod_base_t base)
     }
 }
 
+static inline bool ecc_ll_is_p384_curve_operations_supported(void)
+{
+    return true;
+}
+
 static inline void ecc_ll_enable_constant_time_point_mul(bool enable)
 {
     if (enable) {

components/hal/esp32p4/include/hal/ecc_ll.h

@@ -9,8 +9,11 @@
 #include <string.h>
 #include "hal/assert.h"
 #include "hal/ecc_types.h"
+#include "hal/efuse_hal.h"
 #include "soc/ecc_mult_reg.h"
 #include "soc/hp_sys_clkrst_struct.h"
+#include "soc/chip_revision.h"
+#include "hal/config.h"
 
 #ifdef __cplusplus
 extern "C" {
@@ -118,16 +121,15 @@ static inline void ecc_ll_set_mode(ecc_mode_t mode)
 
 static inline void ecc_ll_set_curve(ecc_curve_t curve)
 {
-    switch(curve) {
-        case ECC_CURVE_SECP256R1:
-            REG_SET_BIT(ECC_MULT_CONF_REG, ECC_MULT_KEY_LENGTH);
-            break;
+    switch (curve) {
         case ECC_CURVE_SECP192R1:
-            REG_CLR_BIT(ECC_MULT_CONF_REG, ECC_MULT_KEY_LENGTH);
+        case ECC_CURVE_SECP256R1:
+        case ECC_CURVE_SECP384R1:
+        case ECC_CURVE_SM2:
+            REG_SET_FIELD(ECC_MULT_CONF_REG, ECC_MULT_KEY_LENGTH, curve);
             break;
         default:
             HAL_ASSERT(false && "Unsupported curve");
-            return;
     }
 }
 
@@ -240,10 +242,22 @@ static inline void ecc_ll_read_param(ecc_ll_param_t param, uint8_t *buf, uint16_
     memcpy(buf, (void *)reg, len);
 }
 
+static inline bool ecc_ll_is_p384_curve_operations_supported(void)
+{
+#if HAL_CONFIG(CHIP_SUPPORT_MIN_REV) >= 300
+    return true;
+#else
+    return false;
+#endif
+}
+
 static inline void ecc_ll_enable_constant_time_point_mul(bool enable)
 {
-    // Not supported for ESP32-P4
-    (void) enable; //unused
+    if (enable) {
+        REG_SET_BIT(ECC_MULT_CONF_REG, ECC_MULT_SECURITY_MODE);
+    } else {
+        REG_CLR_BIT(ECC_MULT_CONF_REG, ECC_MULT_SECURITY_MODE);
+    }
 }
 
 #ifdef __cplusplus

components/hal/test_apps/crypto/main/ecc/ecc_params.h

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  *
@@ -220,3 +220,150 @@ static const uint8_t ecc192_mul_res[] = {
     0x8C, 0xFB, 0xA5, 0xCE, 0x1E, 0x7B, 0xE6, 0xF3,
     0x8F, 0x79, 0x71, 0xCF, 0xD6, 0xF3, 0x41, 0xE6
 };
+
+#if SOC_ECC_SUPPORT_CURVE_P384
+static const uint8_t ecc_p384_point_x[] = {
+    0xaa, 0x87, 0xca, 0x22, 0xbe, 0x8b, 0x05, 0x37,
+    0x8e, 0xb1, 0xc7, 0x1e, 0xf3, 0x20, 0xad, 0x74,
+    0x6e, 0x1d, 0x3b, 0x62, 0x8b, 0xa7, 0x9b, 0x98,
+    0x59, 0xf7, 0x41, 0xe0, 0x82, 0x54, 0x2a, 0x38,
+    0x55, 0x02, 0xf2, 0x5d, 0xbf, 0x55, 0x29, 0x6c,
+    0x3a, 0x54, 0x5e, 0x38, 0x72, 0x76, 0x0a, 0xb7
+};
+
+static const uint8_t ecc_p384_point_y[] = {
+    0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f,
+    0x5d, 0x9e, 0x98, 0xbf, 0x92, 0x92, 0xdc, 0x29,
+    0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c,
+    0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0,
+    0x0a, 0x60, 0xb1, 0xce, 0x1d, 0x7e, 0x81, 0x9d,
+    0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f
+};
+
+static const uint8_t ecc_p384_scalar[] = {
+    0x68, 0xd1, 0x09, 0xa7, 0xc7, 0x7e, 0xeb, 0xbd,
+    0x43, 0x18, 0x7e, 0xdd, 0x69, 0x23, 0x7e, 0x0a,
+    0xef, 0x07, 0xc2, 0x0e, 0xc5, 0x3d, 0xe7, 0xcb,
+    0xd4, 0x36, 0xad, 0x9b, 0xdc, 0xf8, 0x6c, 0x5c,
+    0x0c, 0x3d, 0xce, 0x45, 0xcd, 0x6f, 0x7f, 0x18,
+    0x40, 0xc5, 0x29, 0xf3, 0xcd, 0x12, 0x1d, 0xc2
+};
+
+static const uint8_t ecc_p384_mul_res_x[] = {
+    0x74, 0x1d, 0xc3, 0xba, 0xac, 0x60, 0x37, 0xfc,
+    0x57, 0x85, 0x90, 0x95, 0x64, 0xe6, 0xd1, 0xef,
+    0x86, 0xdf, 0x42, 0xe0, 0xaf, 0x11, 0x24, 0x1f,
+    0xe9, 0x97, 0x6e, 0x0c, 0xd9, 0xe5, 0xa0, 0x5d,
+    0xd9, 0x91, 0x96, 0x71, 0xef, 0x96, 0xe9, 0x7e,
+    0x90, 0xba, 0xa8, 0x33, 0xe2, 0x2e, 0xf0, 0x7b
+};
+
+static const uint8_t ecc_p384_mul_res_y[] = {
+    0xc3, 0xe0, 0x66, 0x50, 0xd9, 0x1e, 0xa9, 0x42,
+    0xcb, 0x0d, 0xec, 0xb6, 0x29, 0xe2, 0xae, 0x75,
+    0xc6, 0xa2, 0xb9, 0xa6, 0xcf, 0x2c, 0x97, 0x01,
+    0xcc, 0xff, 0x7c, 0x1c, 0xd1, 0x01, 0xde, 0xbc,
+    0x40, 0x56, 0x8c, 0x18, 0x21, 0x9d, 0xbd, 0xc0,
+    0x2d, 0x41, 0x5b, 0x92, 0x52, 0x5a, 0x40, 0x57
+};
+
+static const uint8_t ecc_p384_jacob_mul_res_x_le[] = {
+    0xE3, 0xFC, 0x92, 0x29, 0xCF, 0xCB, 0xF7, 0x90,
+    0x04, 0xAD, 0xD2, 0x7C, 0xFD, 0x4B, 0xFB, 0x18,
+    0xF1, 0x34, 0x93, 0x2C, 0xA3, 0x66, 0x02, 0xE8,
+    0x54, 0xD3, 0x8C, 0xB6, 0x69, 0x75, 0x4E, 0xD2,
+    0x80, 0xA3, 0x01, 0xC7, 0x78, 0x41, 0x9B, 0x2F,
+    0x11, 0xEF, 0x79, 0x45, 0x8F, 0x31, 0x2A, 0x96
+};
+
+static const uint8_t ecc_p384_jacob_mul_res_y_le[] = {
+    0x42, 0xC0, 0x3B, 0xF0, 0x81, 0x86, 0xA0, 0xC9,
+    0xA0, 0xC6, 0x59, 0x34, 0xF1, 0x2B, 0xDC, 0x02,
+    0xE8, 0x92, 0x10, 0x1C, 0xBF, 0xAC, 0x5E, 0x17,
+    0x5F, 0x53, 0xE2, 0x74, 0x3E, 0x46, 0xBA, 0xE9,
+    0x83, 0x7B, 0xF3, 0x67, 0xD4, 0xF7, 0xA3, 0x4F,
+    0x05, 0xB8, 0x62, 0xC0, 0x42, 0x1C, 0x0D, 0x77
+};
+
+static const uint8_t ecc_p384_jacob_mul_res_z_le[] = {
+    0xCB, 0x3B, 0xFB, 0x58, 0x85, 0x3A, 0xA5, 0x47,
+    0x22, 0x9C, 0xF8, 0x0B, 0xDB, 0x08, 0xDD, 0x0D,
+    0xA5, 0x7B, 0xE4, 0x2D, 0x1E, 0xEF, 0x8B, 0x88,
+    0xE2, 0x73, 0x24, 0xCC, 0x74, 0xCA, 0xBA, 0x0A,
+    0x69, 0x22, 0xEF, 0x7F, 0xCC, 0x92, 0x37, 0x24,
+    0x8D, 0xF3, 0xAC, 0xCF, 0x76, 0xD7, 0x16, 0x4D
+};
+
+static const uint8_t ecc384_x[] = {
+    0xaa, 0x87, 0xca, 0x22, 0xbe, 0x8b, 0x05, 0x37,
+    0x8e, 0xb1, 0xc7, 0x1e, 0xf3, 0x20, 0xad, 0x74,
+    0x6e, 0x1d, 0x3b, 0x62, 0x8b, 0xa7, 0x9b, 0x98,
+    0x59, 0xf7, 0x41, 0xe0, 0x82, 0x54, 0x2a, 0x38,
+    0x55, 0x02, 0xf2, 0x5d, 0xbf, 0x55, 0x29, 0x6c,
+    0x3a, 0x54, 0x5e, 0x38, 0x72, 0x76, 0x0a, 0xb7
+};
+
+static const uint8_t ecc384_y[] = {
+    0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f,
+    0x5d, 0x9e, 0x98, 0xbf, 0x92, 0x92, 0xdc, 0x29,
+    0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c,
+    0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0,
+    0x0a, 0x60, 0xb1, 0xce, 0x1d, 0x7e, 0x81, 0x9d,
+    0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f
+};
+
+static const uint8_t ecc384_add_res[] = {
+    0x6D, 0x75, 0xE3, 0xA0, 0xE9, 0x98, 0x45, 0xB9,
+    0x70, 0xA8, 0xAF, 0x95, 0xD3, 0xA5, 0x6F, 0x46,
+    0x87, 0xE4, 0x21, 0x2B, 0x32, 0xF4, 0x4C, 0x4D,
+    0x43, 0xD2, 0x73, 0xF3, 0x37, 0x45, 0xE3, 0xF8,
+    0x5F, 0x62, 0xA3, 0x2C, 0xDD, 0xD3, 0xAA, 0x09,
+    0xB5, 0x97, 0x7B, 0xB4, 0x02, 0x61, 0x19, 0x16
+};
+
+static const uint8_t ecc384_sub_res[] = {
+    0x74, 0x70, 0xEC, 0xD7, 0x27, 0x65, 0xD9, 0xC7,
+    0x30, 0x13, 0x2F, 0x5F, 0x60, 0x8E, 0xD0, 0x4A,
+    0x76, 0x28, 0x1D, 0xA5, 0x62, 0x0D, 0x87, 0x1C,
+    0x70, 0x1C, 0x10, 0xCD, 0xCD, 0x63, 0x71, 0x77,
+    0x4A, 0xA2, 0x40, 0x8F, 0xA1, 0xD7, 0xA7, 0xCE,
+    0xBF, 0x10, 0x41, 0xBC, 0xE1, 0x8B, 0xFB, 0x57
+};
+
+static const uint8_t ecc384_mul_res[] = {
+    0x63, 0x67, 0x7D, 0x8B, 0x32, 0x4C, 0x13, 0xE6,
+    0x49, 0xAB, 0xDE, 0x9F, 0xDB, 0x68, 0x57, 0x49,
+    0xDE, 0x88, 0x77, 0x56, 0x45, 0xB0, 0x7B, 0xD7,
+    0xAB, 0xFB, 0xF4, 0x55, 0xC0, 0xD3, 0xD0, 0x2D,
+    0x37, 0x14, 0x8F, 0x3A, 0x1E, 0x72, 0x7E, 0x49,
+    0x77, 0xA0, 0xB9, 0xC8, 0xD0, 0x44, 0xDD, 0x16
+};
+
+static const uint8_t ecc384_num[] = {
+    0x68, 0xd1, 0x09, 0xa7, 0xc7, 0x7e, 0xeb, 0xbd,
+    0x43, 0x18, 0x7e, 0xdd, 0x69, 0x23, 0x7e, 0x0a,
+    0xef, 0x07, 0xc2, 0x0e, 0xc5, 0x3d, 0xe7, 0xcb,
+    0xd4, 0x36, 0xad, 0x9b, 0xdc, 0xf8, 0x6c, 0x5c,
+    0x0c, 0x3d, 0xce, 0x45, 0xcd, 0x6f, 0x7f, 0x18,
+    0x40, 0xc5, 0x29, 0xf3, 0xcd, 0x12, 0x1d, 0xc2
+};
+
+static const uint8_t ecc384_den[] = {
+    0x68, 0xd1, 0x09, 0xa7, 0xc7, 0x7e, 0xeb, 0xbd,
+    0x43, 0x18, 0x7e, 0xdd, 0x69, 0x23, 0x7e, 0x0a,
+    0xef, 0x07, 0xc2, 0x0e, 0xc5, 0x3d, 0xe7, 0xcb,
+    0xd4, 0x36, 0xad, 0x9b, 0xdc, 0xf8, 0x6c, 0x5c,
+    0x0c, 0x3d, 0xce, 0x45, 0xcd, 0x6f, 0x7f, 0x18,
+    0x40, 0xc5, 0x8c, 0x56, 0x68, 0xb7, 0xb8, 0x67
+};
+
+static const uint8_t ecc384_inv_mul_res[] = {
+    0x05, 0x35, 0xe1, 0x77, 0xd0, 0xd0, 0x47, 0x38,
+    0x65, 0xe8, 0x4c, 0xeb, 0x31, 0x96, 0xd9, 0xfc,
+    0x18, 0x0a, 0xe2, 0xd9, 0x5d, 0x40, 0xf4, 0x89,
+    0x8a, 0xc6, 0xfc, 0x32, 0x5f, 0xd8, 0xc7, 0x74,
+    0x15, 0x44, 0xa5, 0xd6, 0xca, 0x72, 0xc1, 0x2f,
+    0xd7, 0xb3, 0x17, 0xda, 0x6f, 0x49, 0x17, 0xb7
+};
+
+#endif /* SOC_ECC_SUPPORT_CURVE_P384 */