alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2025-12-26 21:29:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'feature/enable_ecc_const_time_support_for_esp32p4_eco5' into 'master'

Browse Source 
feat(hal): add support for ECC constant time function in ESP32-P4 ECO5

Closes IDF-13523

See merge request espressif/esp-idf!42343
This commit is contained in:
Mahavir Jain
2025-10-31 09:23:47 +05:30
parent dc2b545a16 e1f7a5e1fc
commit 6f22bedf7c
9 changed files with 522 additions and 169 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
components/hal/ecc_hal.c
View File

@@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2021-2024 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2021-2025 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@@ -7,6 +7,14 @@
#include "hal/ecc_ll.h"
#include "soc/soc_caps.h"
/* ECC curve size constants in bytes */
#define ECC_P192_SIZE_BYTES 24
#define ECC_P256_SIZE_BYTES 32
#define ECC_P384_SIZE_BYTES 48
/* Maximum ECC buffer size for all supported curves */
#define ECC_MAX_BUFFER_SIZE 48
void ecc_hal_set_mode(ecc_mode_t mode)
{
ecc_ll_set_mode(mode);
@@ -30,7 +38,7 @@ int ecc_hal_is_calc_finished(void)
static void clear_param_registers(void)
{
uint8_t buf[32] = {0};
uint8_t buf[ECC_MAX_BUFFER_SIZE] = {0};
ecc_ll_write_param(ECC_PARAM_PX, buf, sizeof(buf));
ecc_ll_write_param(ECC_PARAM_PY, buf, sizeof(buf));
@@ -44,7 +52,7 @@ static void clear_param_registers(void)
void ecc_hal_write_mul_param(const uint8_t *k, const uint8_t *px, const uint8_t *py, uint16_t len)
{
ecc_curve_t curve = len == 32 ? ECC_CURVE_SECP256R1 : ECC_CURVE_SECP192R1;
ecc_curve_t curve = len == ECC_P384_SIZE_BYTES ? ECC_CURVE_SECP384R1 : (len == ECC_P256_SIZE_BYTES ? ECC_CURVE_SECP256R1 : ECC_CURVE_SECP192R1);
ecc_ll_set_curve(curve);
clear_param_registers();
@@ -56,7 +64,7 @@ void ecc_hal_write_mul_param(const uint8_t *k, const uint8_t *px, const uint8_t
void ecc_hal_write_verify_param(const uint8_t *px, const uint8_t *py, uint16_t len)
{
ecc_curve_t curve = len == 32 ? ECC_CURVE_SECP256R1 : ECC_CURVE_SECP192R1;
ecc_curve_t curve = len == ECC_P384_SIZE_BYTES ? ECC_CURVE_SECP384R1 : (len == ECC_P256_SIZE_BYTES ? ECC_CURVE_SECP256R1 : ECC_CURVE_SECP192R1);
ecc_ll_set_curve(curve);
clear_param_registers();
@@ -96,7 +104,7 @@ void ecc_hal_set_mod_base(ecc_mod_base_t base)
void ecc_hal_write_jacob_verify_param(const uint8_t *qx, const uint8_t *qy, const uint8_t *qz, uint16_t len)
{
ecc_curve_t curve = len == 32 ? ECC_CURVE_SECP256R1 : ECC_CURVE_SECP192R1;
ecc_curve_t curve = len == ECC_P384_SIZE_BYTES ? ECC_CURVE_SECP384R1 : (len == ECC_P256_SIZE_BYTES ? ECC_CURVE_SECP256R1 : ECC_CURVE_SECP192R1);
ecc_ll_set_curve(curve);
clear_param_registers();
@@ -127,7 +135,7 @@ int ecc_hal_read_jacob_mul_result(uint8_t *rx, uint8_t *ry, uint8_t *rz, uint16_
void ecc_hal_write_point_add_param(const uint8_t *px, const uint8_t *py, const uint8_t *qx, const uint8_t *qy, const uint8_t *qz, uint16_t len)
{
ecc_curve_t curve = len == 32 ? ECC_CURVE_SECP256R1 : ECC_CURVE_SECP192R1;
ecc_curve_t curve = len == ECC_P384_SIZE_BYTES ? ECC_CURVE_SECP384R1 : (len == ECC_P256_SIZE_BYTES ? ECC_CURVE_SECP256R1 : ECC_CURVE_SECP192R1);
ecc_ll_set_curve(curve);
clear_param_registers();
@@ -154,7 +162,7 @@ int ecc_hal_read_point_add_result(uint8_t *rx, uint8_t *ry, uint8_t *rz, uint16_
void ecc_hal_write_mod_op_param(const uint8_t *a, const uint8_t *b, uint16_t len)
{
ecc_curve_t curve = len == 32 ? ECC_CURVE_SECP256R1 : ECC_CURVE_SECP192R1;
ecc_curve_t curve = len == ECC_P384_SIZE_BYTES ? ECC_CURVE_SECP384R1 : (len == ECC_P256_SIZE_BYTES ? ECC_CURVE_SECP256R1 : ECC_CURVE_SECP192R1);
ecc_ll_set_curve(curve);
clear_param_registers();

5
components/hal/esp32c5/include/hal/ecc_ll.h
View File

@@ -148,6 +148,11 @@ static inline void ecc_ll_set_mod_base(ecc_mod_base_t base)
}
}
static inline bool ecc_ll_is_p384_curve_operations_supported(void)
{
return true;
}
static inline void ecc_ll_enable_constant_time_point_mul(bool enable)
{
if (enable) {

30
components/hal/esp32p4/include/hal/ecc_ll.h
View File

@@ -9,8 +9,11 @@
#include <string.h>
#include "hal/assert.h"
#include "hal/ecc_types.h"
#include "hal/efuse_hal.h"
#include "soc/ecc_mult_reg.h"
#include "soc/hp_sys_clkrst_struct.h"
#include "soc/chip_revision.h"
#include "hal/config.h"
#ifdef __cplusplus
extern "C" {
@@ -124,16 +127,15 @@ static inline void ecc_ll_set_mode(ecc_mode_t mode)
static inline void ecc_ll_set_curve(ecc_curve_t curve)
{
switch(curve) {
case ECC_CURVE_SECP256R1:
REG_SET_BIT(ECC_MULT_CONF_REG, ECC_MULT_KEY_LENGTH);
break;
switch (curve) {
case ECC_CURVE_SECP192R1:
REG_CLR_BIT(ECC_MULT_CONF_REG, ECC_MULT_KEY_LENGTH);
case ECC_CURVE_SECP256R1:
case ECC_CURVE_SECP384R1:
case ECC_CURVE_SM2:
REG_SET_FIELD(ECC_MULT_CONF_REG, ECC_MULT_KEY_LENGTH, curve);
break;
default:
HAL_ASSERT(false && "Unsupported curve");
return;
}
}
@@ -246,10 +248,22 @@ static inline void ecc_ll_read_param(ecc_ll_param_t param, uint8_t *buf, uint16_
memcpy(buf, (void *)reg, len);
}
static inline bool ecc_ll_is_p384_curve_operations_supported(void)
{
#if HAL_CONFIG(CHIP_SUPPORT_MIN_REV) >= 300
return true;
#else
return false;
#endif
}
static inline void ecc_ll_enable_constant_time_point_mul(bool enable)
{
// Not supported for ESP32-P4
(void) enable; //unused
if (enable) {
REG_SET_BIT(ECC_MULT_CONF_REG, ECC_MULT_SECURITY_MODE);
} else {
REG_CLR_BIT(ECC_MULT_CONF_REG, ECC_MULT_SECURITY_MODE);
}
}
#ifdef __cplusplus

149
components/hal/test_apps/crypto/main/ecc/ecc_params.h
View File

@@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*
@@ -220,3 +220,150 @@ static const uint8_t ecc192_mul_res[] = {
0x8C, 0xFB, 0xA5, 0xCE, 0x1E, 0x7B, 0xE6, 0xF3,
0x8F, 0x79, 0x71, 0xCF, 0xD6, 0xF3, 0x41, 0xE6
};
#if SOC_ECC_SUPPORT_CURVE_P384
static const uint8_t ecc_p384_point_x[] = {
0xaa, 0x87, 0xca, 0x22, 0xbe, 0x8b, 0x05, 0x37,
0x8e, 0xb1, 0xc7, 0x1e, 0xf3, 0x20, 0xad, 0x74,
0x6e, 0x1d, 0x3b, 0x62, 0x8b, 0xa7, 0x9b, 0x98,
0x59, 0xf7, 0x41, 0xe0, 0x82, 0x54, 0x2a, 0x38,
0x55, 0x02, 0xf2, 0x5d, 0xbf, 0x55, 0x29, 0x6c,
0x3a, 0x54, 0x5e, 0x38, 0x72, 0x76, 0x0a, 0xb7
};
static const uint8_t ecc_p384_point_y[] = {
0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f,
0x5d, 0x9e, 0x98, 0xbf, 0x92, 0x92, 0xdc, 0x29,
0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c,
0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0,
0x0a, 0x60, 0xb1, 0xce, 0x1d, 0x7e, 0x81, 0x9d,
0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f
};
static const uint8_t ecc_p384_scalar[] = {
0x68, 0xd1, 0x09, 0xa7, 0xc7, 0x7e, 0xeb, 0xbd,
0x43, 0x18, 0x7e, 0xdd, 0x69, 0x23, 0x7e, 0x0a,
0xef, 0x07, 0xc2, 0x0e, 0xc5, 0x3d, 0xe7, 0xcb,
0xd4, 0x36, 0xad, 0x9b, 0xdc, 0xf8, 0x6c, 0x5c,
0x0c, 0x3d, 0xce, 0x45, 0xcd, 0x6f, 0x7f, 0x18,
0x40, 0xc5, 0x29, 0xf3, 0xcd, 0x12, 0x1d, 0xc2
};
static const uint8_t ecc_p384_mul_res_x[] = {
0x74, 0x1d, 0xc3, 0xba, 0xac, 0x60, 0x37, 0xfc,
0x57, 0x85, 0x90, 0x95, 0x64, 0xe6, 0xd1, 0xef,
0x86, 0xdf, 0x42, 0xe0, 0xaf, 0x11, 0x24, 0x1f,
0xe9, 0x97, 0x6e, 0x0c, 0xd9, 0xe5, 0xa0, 0x5d,
0xd9, 0x91, 0x96, 0x71, 0xef, 0x96, 0xe9, 0x7e,
0x90, 0xba, 0xa8, 0x33, 0xe2, 0x2e, 0xf0, 0x7b
};
static const uint8_t ecc_p384_mul_res_y[] = {
0xc3, 0xe0, 0x66, 0x50, 0xd9, 0x1e, 0xa9, 0x42,
0xcb, 0x0d, 0xec, 0xb6, 0x29, 0xe2, 0xae, 0x75,
0xc6, 0xa2, 0xb9, 0xa6, 0xcf, 0x2c, 0x97, 0x01,
0xcc, 0xff, 0x7c, 0x1c, 0xd1, 0x01, 0xde, 0xbc,
0x40, 0x56, 0x8c, 0x18, 0x21, 0x9d, 0xbd, 0xc0,
0x2d, 0x41, 0x5b, 0x92, 0x52, 0x5a, 0x40, 0x57
};
static const uint8_t ecc_p384_jacob_mul_res_x_le[] = {
0xE3, 0xFC, 0x92, 0x29, 0xCF, 0xCB, 0xF7, 0x90,
0x04, 0xAD, 0xD2, 0x7C, 0xFD, 0x4B, 0xFB, 0x18,
0xF1, 0x34, 0x93, 0x2C, 0xA3, 0x66, 0x02, 0xE8,
0x54, 0xD3, 0x8C, 0xB6, 0x69, 0x75, 0x4E, 0xD2,
0x80, 0xA3, 0x01, 0xC7, 0x78, 0x41, 0x9B, 0x2F,
0x11, 0xEF, 0x79, 0x45, 0x8F, 0x31, 0x2A, 0x96
};
static const uint8_t ecc_p384_jacob_mul_res_y_le[] = {
0x42, 0xC0, 0x3B, 0xF0, 0x81, 0x86, 0xA0, 0xC9,
0xA0, 0xC6, 0x59, 0x34, 0xF1, 0x2B, 0xDC, 0x02,
0xE8, 0x92, 0x10, 0x1C, 0xBF, 0xAC, 0x5E, 0x17,
0x5F, 0x53, 0xE2, 0x74, 0x3E, 0x46, 0xBA, 0xE9,
0x83, 0x7B, 0xF3, 0x67, 0xD4, 0xF7, 0xA3, 0x4F,
0x05, 0xB8, 0x62, 0xC0, 0x42, 0x1C, 0x0D, 0x77
};
static const uint8_t ecc_p384_jacob_mul_res_z_le[] = {
0xCB, 0x3B, 0xFB, 0x58, 0x85, 0x3A, 0xA5, 0x47,
0x22, 0x9C, 0xF8, 0x0B, 0xDB, 0x08, 0xDD, 0x0D,
0xA5, 0x7B, 0xE4, 0x2D, 0x1E, 0xEF, 0x8B, 0x88,
0xE2, 0x73, 0x24, 0xCC, 0x74, 0xCA, 0xBA, 0x0A,
0x69, 0x22, 0xEF, 0x7F, 0xCC, 0x92, 0x37, 0x24,
0x8D, 0xF3, 0xAC, 0xCF, 0x76, 0xD7, 0x16, 0x4D
};
static const uint8_t ecc384_x[] = {
0xaa, 0x87, 0xca, 0x22, 0xbe, 0x8b, 0x05, 0x37,
0x8e, 0xb1, 0xc7, 0x1e, 0xf3, 0x20, 0xad, 0x74,
0x6e, 0x1d, 0x3b, 0x62, 0x8b, 0xa7, 0x9b, 0x98,
0x59, 0xf7, 0x41, 0xe0, 0x82, 0x54, 0x2a, 0x38,
0x55, 0x02, 0xf2, 0x5d, 0xbf, 0x55, 0x29, 0x6c,
0x3a, 0x54, 0x5e, 0x38, 0x72, 0x76, 0x0a, 0xb7
};
static const uint8_t ecc384_y[] = {
0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f,
0x5d, 0x9e, 0x98, 0xbf, 0x92, 0x92, 0xdc, 0x29,
0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c,
0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0,
0x0a, 0x60, 0xb1, 0xce, 0x1d, 0x7e, 0x81, 0x9d,
0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f
};
static const uint8_t ecc384_add_res[] = {
0x6D, 0x75, 0xE3, 0xA0, 0xE9, 0x98, 0x45, 0xB9,
0x70, 0xA8, 0xAF, 0x95, 0xD3, 0xA5, 0x6F, 0x46,
0x87, 0xE4, 0x21, 0x2B, 0x32, 0xF4, 0x4C, 0x4D,
0x43, 0xD2, 0x73, 0xF3, 0x37, 0x45, 0xE3, 0xF8,
0x5F, 0x62, 0xA3, 0x2C, 0xDD, 0xD3, 0xAA, 0x09,
0xB5, 0x97, 0x7B, 0xB4, 0x02, 0x61, 0x19, 0x16
};
static const uint8_t ecc384_sub_res[] = {
0x74, 0x70, 0xEC, 0xD7, 0x27, 0x65, 0xD9, 0xC7,
0x30, 0x13, 0x2F, 0x5F, 0x60, 0x8E, 0xD0, 0x4A,
0x76, 0x28, 0x1D, 0xA5, 0x62, 0x0D, 0x87, 0x1C,
0x70, 0x1C, 0x10, 0xCD, 0xCD, 0x63, 0x71, 0x77,
0x4A, 0xA2, 0x40, 0x8F, 0xA1, 0xD7, 0xA7, 0xCE,
0xBF, 0x10, 0x41, 0xBC, 0xE1, 0x8B, 0xFB, 0x57
};
static const uint8_t ecc384_mul_res[] = {
0x63, 0x67, 0x7D, 0x8B, 0x32, 0x4C, 0x13, 0xE6,
0x49, 0xAB, 0xDE, 0x9F, 0xDB, 0x68, 0x57, 0x49,
0xDE, 0x88, 0x77, 0x56, 0x45, 0xB0, 0x7B, 0xD7,
0xAB, 0xFB, 0xF4, 0x55, 0xC0, 0xD3, 0xD0, 0x2D,
0x37, 0x14, 0x8F, 0x3A, 0x1E, 0x72, 0x7E, 0x49,
0x77, 0xA0, 0xB9, 0xC8, 0xD0, 0x44, 0xDD, 0x16
};
static const uint8_t ecc384_num[] = {
0x68, 0xd1, 0x09, 0xa7, 0xc7, 0x7e, 0xeb, 0xbd,
0x43, 0x18, 0x7e, 0xdd, 0x69, 0x23, 0x7e, 0x0a,
0xef, 0x07, 0xc2, 0x0e, 0xc5, 0x3d, 0xe7, 0xcb,
0xd4, 0x36, 0xad, 0x9b, 0xdc, 0xf8, 0x6c, 0x5c,
0x0c, 0x3d, 0xce, 0x45, 0xcd, 0x6f, 0x7f, 0x18,
0x40, 0xc5, 0x29, 0xf3, 0xcd, 0x12, 0x1d, 0xc2
};
static const uint8_t ecc384_den[] = {
0x68, 0xd1, 0x09, 0xa7, 0xc7, 0x7e, 0xeb, 0xbd,
0x43, 0x18, 0x7e, 0xdd, 0x69, 0x23, 0x7e, 0x0a,
0xef, 0x07, 0xc2, 0x0e, 0xc5, 0x3d, 0xe7, 0xcb,
0xd4, 0x36, 0xad, 0x9b, 0xdc, 0xf8, 0x6c, 0x5c,
0x0c, 0x3d, 0xce, 0x45, 0xcd, 0x6f, 0x7f, 0x18,
0x40, 0xc5, 0x8c, 0x56, 0x68, 0xb7, 0xb8, 0x67
};
static const uint8_t ecc384_inv_mul_res[] = {
0x05, 0x35, 0xe1, 0x77, 0xd0, 0xd0, 0x47, 0x38,
0x65, 0xe8, 0x4c, 0xeb, 0x31, 0x96, 0xd9, 0xfc,
0x18, 0x0a, 0xe2, 0xd9, 0x5d, 0x40, 0xf4, 0x89,
0x8a, 0xc6, 0xfc, 0x32, 0x5f, 0xd8, 0xc7, 0x74,
0x15, 0x44, 0xa5, 0xd6, 0xca, 0x72, 0xc1, 0x2f,
0xd7, 0xb3, 0x17, 0xda, 0x6f, 0x49, 0x17, 0xb7
};
#endif /* SOC_ECC_SUPPORT_CURVE_P384 */

468
components/hal/test_apps/crypto/main/ecc/test_ecc.c
View File

@@ -20,6 +20,15 @@
#include "unity_fixture.h"
#include "ccomp_timer.h"
/* ECC curve size constants in bytes */
#define ECC_P192_SIZE_BYTES 24
#define ECC_P256_SIZE_BYTES 32
#define ECC_P384_SIZE_BYTES 48
/* Maximum ECC buffer size for all supported curves */
#define ECC_MAX_BUFFER_SIZE 48
/* ECC operation support flags */
#define SOC_ECC_SUPPORT_POINT_MULT 1
#define SOC_ECC_SUPPORT_POINT_VERIFY 1
@@ -36,7 +45,7 @@
static void ecc_be_to_le(const uint8_t* be_point, uint8_t *le_point, uint8_t len)
{
/* When the size is 24 bytes, it should be padded with 0 bytes*/
memset(le_point, 0x0, 32);
memset(le_point, 0x0, ECC_MAX_BUFFER_SIZE);
for (int i = 0; i < len; i++) {
le_point[i] = be_point[len - i - 1];
@@ -82,61 +91,89 @@ static void ecc_point_mul(const uint8_t *k_le, const uint8_t *x_le, const uint8_
static void test_ecc_point_mul_inner(bool verify_first)
{
uint8_t scalar_le[32];
uint8_t x_le[32];
uint8_t y_le[32];
uint8_t scalar_le[ECC_MAX_BUFFER_SIZE];
uint8_t x_le[ECC_MAX_BUFFER_SIZE];
uint8_t y_le[ECC_MAX_BUFFER_SIZE];
/* P256 */
ecc_be_to_le(ecc_p256_scalar, scalar_le, 32);
ecc_be_to_le(ecc_p256_point_x, x_le, 32);
ecc_be_to_le(ecc_p256_point_y, y_le, 32);
ecc_be_to_le(ecc_p256_scalar, scalar_le, ECC_P256_SIZE_BYTES);
ecc_be_to_le(ecc_p256_point_x, x_le, ECC_P256_SIZE_BYTES);
ecc_be_to_le(ecc_p256_point_y, y_le, ECC_P256_SIZE_BYTES);
uint8_t x_res_le[32];
uint8_t y_res_le[32];
uint8_t x_res_le[ECC_MAX_BUFFER_SIZE];
uint8_t y_res_le[ECC_MAX_BUFFER_SIZE];
ecc_point_mul(scalar_le, x_le, y_le, 32, verify_first, x_res_le, y_res_le);
ecc_point_mul(scalar_le, x_le, y_le, ECC_P256_SIZE_BYTES, verify_first, x_res_le, y_res_le);
uint8_t x_mul_le[32];
uint8_t y_mul_le[32];
uint8_t x_mul_le[ECC_MAX_BUFFER_SIZE];
uint8_t y_mul_le[ECC_MAX_BUFFER_SIZE];
ecc_be_to_le(ecc_p256_mul_res_x, x_mul_le, 32);
ecc_be_to_le(ecc_p256_mul_res_y, y_mul_le, 32);
ecc_be_to_le(ecc_p256_mul_res_x, x_mul_le, ECC_P256_SIZE_BYTES);
ecc_be_to_le(ecc_p256_mul_res_y, y_mul_le, ECC_P256_SIZE_BYTES);
ESP_LOG_BUFFER_HEXDUMP("Expected X:", x_mul_le, 32, ESP_LOG_DEBUG);
ESP_LOG_BUFFER_HEXDUMP("Got X:", x_res_le, 32, ESP_LOG_DEBUG);
ESP_LOG_BUFFER_HEXDUMP("Expected X:", x_mul_le, ECC_P256_SIZE_BYTES, ESP_LOG_DEBUG);
ESP_LOG_BUFFER_HEXDUMP("Got X:", x_res_le, ECC_P256_SIZE_BYTES, ESP_LOG_DEBUG);
ESP_LOG_BUFFER_HEXDUMP("Expected Y:", y_mul_le, 32, ESP_LOG_DEBUG);
ESP_LOG_BUFFER_HEXDUMP("Got Y:", y_res_le, 32, ESP_LOG_DEBUG);
ESP_LOG_BUFFER_HEXDUMP("Expected Y:", y_mul_le, ECC_P256_SIZE_BYTES, ESP_LOG_DEBUG);
ESP_LOG_BUFFER_HEXDUMP("Got Y:", y_res_le, ECC_P256_SIZE_BYTES, ESP_LOG_DEBUG);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(x_mul_le, x_res_le, 32, "X coordinate of P256 point multiplication ");
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(y_mul_le, y_res_le, 32, "Y coordinate of P256 point multiplication ");
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(x_mul_le, x_res_le, ECC_P256_SIZE_BYTES, "X coordinate of P256 point multiplication ");
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(y_mul_le, y_res_le, ECC_P256_SIZE_BYTES, "Y coordinate of P256 point multiplication ");
memset(x_res_le, 0x0, 32);
memset(y_res_le, 0x0, 32);
memset(x_mul_le, 0x0, 32);
memset(y_mul_le, 0x0, 32);
memset(x_res_le, 0x0, ECC_MAX_BUFFER_SIZE);
memset(y_res_le, 0x0, ECC_MAX_BUFFER_SIZE);
memset(x_mul_le, 0x0, ECC_MAX_BUFFER_SIZE);
memset(y_mul_le, 0x0, ECC_MAX_BUFFER_SIZE);
/* P192 */
ecc_be_to_le(ecc_p192_scalar, scalar_le, 24);
ecc_be_to_le(ecc_p192_point_x, x_le, 24);
ecc_be_to_le(ecc_p192_point_y, y_le, 24);
ecc_be_to_le(ecc_p192_scalar, scalar_le, ECC_P192_SIZE_BYTES);
ecc_be_to_le(ecc_p192_point_x, x_le, ECC_P192_SIZE_BYTES);
ecc_be_to_le(ecc_p192_point_y, y_le, ECC_P192_SIZE_BYTES);
ecc_point_mul(scalar_le, x_le, y_le, 24, verify_first, x_res_le, y_res_le);
ecc_point_mul(scalar_le, x_le, y_le, ECC_P192_SIZE_BYTES, verify_first, x_res_le, y_res_le);
ecc_be_to_le(ecc_p192_mul_res_x, x_mul_le, 24);
ecc_be_to_le(ecc_p192_mul_res_y, y_mul_le, 24);
ecc_be_to_le(ecc_p192_mul_res_x, x_mul_le, ECC_P192_SIZE_BYTES);
ecc_be_to_le(ecc_p192_mul_res_y, y_mul_le, ECC_P192_SIZE_BYTES);
ESP_LOG_BUFFER_HEXDUMP("Expected X:", x_mul_le, 32, ESP_LOG_DEBUG);
ESP_LOG_BUFFER_HEXDUMP("Got X:", x_res_le, 32, ESP_LOG_DEBUG);
ESP_LOG_BUFFER_HEXDUMP("Expected X:", x_mul_le, ECC_P256_SIZE_BYTES, ESP_LOG_DEBUG);
ESP_LOG_BUFFER_HEXDUMP("Got X:", x_res_le, ECC_P256_SIZE_BYTES, ESP_LOG_DEBUG);
ESP_LOG_BUFFER_HEXDUMP("Expected Y:", y_mul_le, 32, ESP_LOG_DEBUG);
ESP_LOG_BUFFER_HEXDUMP("Got Y:", y_res_le, 32, ESP_LOG_DEBUG);
ESP_LOG_BUFFER_HEXDUMP("Expected Y:", y_mul_le, ECC_P256_SIZE_BYTES, ESP_LOG_DEBUG);
ESP_LOG_BUFFER_HEXDUMP("Got Y:", y_res_le, ECC_P256_SIZE_BYTES, ESP_LOG_DEBUG);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(x_mul_le, x_res_le, 24, "X coordinate of P192 point multiplication ");
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(y_mul_le, y_res_le, 24, "Y coordinate of P192 point multiplication ");
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(x_mul_le, x_res_le, ECC_P192_SIZE_BYTES, "X coordinate of P192 point multiplication ");
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(y_mul_le, y_res_le, ECC_P192_SIZE_BYTES, "Y coordinate of P192 point multiplication ");
#if SOC_ECC_SUPPORT_CURVE_P384
if (ecc_ll_is_p384_curve_operations_supported()) {
memset(x_res_le, 0x0, ECC_MAX_BUFFER_SIZE);
memset(y_res_le, 0x0, ECC_MAX_BUFFER_SIZE);
memset(x_mul_le, 0x0, ECC_MAX_BUFFER_SIZE);
memset(y_mul_le, 0x0, ECC_MAX_BUFFER_SIZE);
/* P384 */
ecc_be_to_le(ecc_p384_scalar, scalar_le, ECC_P384_SIZE_BYTES);
ecc_be_to_le(ecc_p384_point_x, x_le, ECC_P384_SIZE_BYTES);
ecc_be_to_le(ecc_p384_point_y, y_le, ECC_P384_SIZE_BYTES);
ecc_point_mul(scalar_le, x_le, y_le, ECC_P384_SIZE_BYTES, verify_first, x_res_le, y_res_le);
ecc_be_to_le(ecc_p384_mul_res_x, x_mul_le, ECC_P384_SIZE_BYTES);
ecc_be_to_le(ecc_p384_mul_res_y, y_mul_le, ECC_P384_SIZE_BYTES);
ESP_LOG_BUFFER_HEXDUMP("Expected Result X:", x_mul_le, ECC_P384_SIZE_BYTES, ESP_LOG_DEBUG);
ESP_LOG_BUFFER_HEXDUMP("Got Result X:", x_res_le, ECC_P384_SIZE_BYTES, ESP_LOG_DEBUG);
ESP_LOG_BUFFER_HEXDUMP("Expected Result Y:", y_mul_le, ECC_P384_SIZE_BYTES, ESP_LOG_DEBUG);
ESP_LOG_BUFFER_HEXDUMP("Got Result Y:", y_res_le, ECC_P384_SIZE_BYTES, ESP_LOG_DEBUG);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(x_mul_le, x_res_le, ECC_P384_SIZE_BYTES, "X coordinate of P384 point multiplication ");
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(y_mul_le, y_res_le, ECC_P384_SIZE_BYTES, "Y coordinate of P384 point multiplication ");
}
#endif /* SOC_ECC_SUPPORT_CURVE_P384 */
}
TEST(ecc, ecc_point_multiplication_on_SECP192R1_and_SECP256R1)
TEST(ecc, ecc_point_multiplication_on_SECP192R1_SECP256R1_SECP384R1)
{
test_ecc_point_mul_inner(false);
}
@@ -153,17 +190,17 @@ static void test_ecc_point_mul_inner_constant_time(void)
return;
}
#endif
uint8_t scalar_le[32];
uint8_t x_le[32];
uint8_t y_le[32];
uint8_t scalar_le[ECC_MAX_BUFFER_SIZE];
uint8_t x_le[ECC_MAX_BUFFER_SIZE];
uint8_t y_le[ECC_MAX_BUFFER_SIZE];
/* P256 */
ecc_be_to_le(ecc_p256_scalar, scalar_le, 32);
ecc_be_to_le(ecc_p256_point_x, x_le, 32);
ecc_be_to_le(ecc_p256_point_y, y_le, 32);
ecc_be_to_le(ecc_p256_scalar, scalar_le, ECC_P256_SIZE_BYTES);
ecc_be_to_le(ecc_p256_point_x, x_le, ECC_P256_SIZE_BYTES);
ecc_be_to_le(ecc_p256_point_y, y_le, ECC_P256_SIZE_BYTES);
uint8_t x_res_le[32];
uint8_t y_res_le[32];
uint8_t x_res_le[ECC_MAX_BUFFER_SIZE];
uint8_t y_res_le[ECC_MAX_BUFFER_SIZE];
double deviation = 0;
uint32_t elapsed_time, mean_elapsed_time, total_elapsed_time = 0;
@@ -172,7 +209,7 @@ static void test_ecc_point_mul_inner_constant_time(void)
for (int i = 0; i < loop_count; i++) {
ccomp_timer_start();
ecc_point_mul(scalar_le, x_le, y_le, 32, 0, x_res_le, y_res_le);
ecc_point_mul(scalar_le, x_le, y_le, ECC_P256_SIZE_BYTES, 0, x_res_le, y_res_le);
elapsed_time = ccomp_timer_stop();
max_time = MAX(elapsed_time, max_time);
@@ -185,9 +222,9 @@ static void test_ecc_point_mul_inner_constant_time(void)
TEST_ASSERT_LESS_THAN_DOUBLE(CONST_TIME_DEVIATION_PERCENT, deviation);
/* P192 */
ecc_be_to_le(ecc_p192_scalar, scalar_le, 24);
ecc_be_to_le(ecc_p192_point_x, x_le, 24);
ecc_be_to_le(ecc_p192_point_y, y_le, 24);
ecc_be_to_le(ecc_p192_scalar, scalar_le, ECC_P192_SIZE_BYTES);
ecc_be_to_le(ecc_p192_point_x, x_le, ECC_P192_SIZE_BYTES);
ecc_be_to_le(ecc_p192_point_y, y_le, ECC_P192_SIZE_BYTES);
max_time = 0;
min_time = UINT32_MAX;
@@ -195,7 +232,7 @@ static void test_ecc_point_mul_inner_constant_time(void)
for (int i = 0; i < loop_count; i++) {
ccomp_timer_start();
ecc_point_mul(scalar_le, x_le, y_le, 24, 0, x_res_le, y_res_le);
ecc_point_mul(scalar_le, x_le, y_le, ECC_P192_SIZE_BYTES, 0, x_res_le, y_res_le);
elapsed_time = ccomp_timer_stop();
max_time = MAX(elapsed_time, max_time);
@@ -206,9 +243,36 @@ static void test_ecc_point_mul_inner_constant_time(void)
deviation = ((double)(max_time - mean_elapsed_time) / mean_elapsed_time);
TEST_ASSERT_LESS_THAN_DOUBLE(CONST_TIME_DEVIATION_PERCENT, deviation);
#if SOC_ECC_SUPPORT_CURVE_P384
if (ecc_ll_is_p384_curve_operations_supported()) {
/* P384 */
ecc_be_to_le(ecc_p384_scalar, scalar_le, ECC_P384_SIZE_BYTES);
ecc_be_to_le(ecc_p384_point_x, x_le, ECC_P384_SIZE_BYTES);
ecc_be_to_le(ecc_p384_point_y, y_le, ECC_P384_SIZE_BYTES);
max_time = 0;
min_time = UINT32_MAX;
total_elapsed_time = 0;
for (int i = 0; i < loop_count; i++) {
ccomp_timer_start();
ecc_point_mul(scalar_le, x_le, y_le, ECC_P384_SIZE_BYTES, 0, x_res_le, y_res_le);
elapsed_time = ccomp_timer_stop();
max_time = MAX(elapsed_time, max_time);
min_time = MIN(elapsed_time, min_time);
total_elapsed_time += elapsed_time;
}
mean_elapsed_time = total_elapsed_time / loop_count;
deviation = ((double)(max_time - mean_elapsed_time) / mean_elapsed_time);
TEST_ASSERT_LESS_THAN_DOUBLE(CONST_TIME_DEVIATION_PERCENT, deviation);
}
#endif /* SOC_ECC_SUPPORT_CURVE_P384 */
}
TEST(ecc, ecc_point_multiplication_const_time_check_on_SECP192R1_and_SECP256R1)
TEST(ecc, ecc_point_multiplication_const_time_check_on_SECP192R1_SECP256R1_SECP384R1)
{
test_ecc_point_mul_inner_constant_time();
}
@@ -235,42 +299,59 @@ static int ecc_point_verify(const uint8_t *x_le, const uint8_t *y_le, uint8_t le
return ret;
}
TEST(ecc, ecc_point_verification_on_SECP192R1_and_SECP256R1)
TEST(ecc, ecc_point_verification_on_SECP192R1_SECP256R1_SECP384R1)
{
int res;
uint8_t x_le[32];
uint8_t y_le[32];
uint8_t x_le[ECC_MAX_BUFFER_SIZE];
uint8_t y_le[ECC_MAX_BUFFER_SIZE];
/* P256 */
ecc_be_to_le(ecc_p256_point_x, x_le, 32);
ecc_be_to_le(ecc_p256_point_y, y_le, 32);
ecc_be_to_le(ecc_p256_point_x, x_le, ECC_P256_SIZE_BYTES);
ecc_be_to_le(ecc_p256_point_y, y_le, ECC_P256_SIZE_BYTES);
// Case 1: Correct point on curve
res = ecc_point_verify(x_le, y_le, 32);
res = ecc_point_verify(x_le, y_le, ECC_P256_SIZE_BYTES);
TEST_ASSERT_EQUAL(1, res);
// Case 2: Modify one byte from the point
x_le[6] = x_le[6] ^ 0xFF;
res = ecc_point_verify(x_le, y_le, 32);
res = ecc_point_verify(x_le, y_le, ECC_P256_SIZE_BYTES);
TEST_ASSERT_EQUAL(0, res);
/* P192 */
ecc_be_to_le(ecc_p192_point_x, x_le, 24);
ecc_be_to_le(ecc_p192_point_y, y_le, 24);
ecc_be_to_le(ecc_p192_point_x, x_le, ECC_P192_SIZE_BYTES);
ecc_be_to_le(ecc_p192_point_y, y_le, ECC_P192_SIZE_BYTES);
// Case 1: Correct point on curve
res = ecc_point_verify(x_le, y_le, 24);
res = ecc_point_verify(x_le, y_le, ECC_P192_SIZE_BYTES);
TEST_ASSERT_EQUAL(1, res);
// Case 2: Modify one byte from the point
x_le[6] = x_le[6] ^ 0xFF;
res = ecc_point_verify(x_le, y_le, 24);
res = ecc_point_verify(x_le, y_le, ECC_P192_SIZE_BYTES);
TEST_ASSERT_EQUAL(0, res);
#if SOC_ECC_SUPPORT_CURVE_P384
if (ecc_ll_is_p384_curve_operations_supported()) {
/* P384 */
ecc_be_to_le(ecc_p384_point_x, x_le, ECC_P384_SIZE_BYTES);
ecc_be_to_le(ecc_p384_point_y, y_le, ECC_P384_SIZE_BYTES);
// Case 1: Correct point on curve
res = ecc_point_verify(x_le, y_le, ECC_P384_SIZE_BYTES);
TEST_ASSERT_EQUAL(1, res);
// Case 2: Modify one byte from the point
x_le[6] = x_le[6] ^ 0xFF;
res = ecc_point_verify(x_le, y_le, ECC_P384_SIZE_BYTES);
TEST_ASSERT_EQUAL(0, res);
}
#endif /* SOC_ECC_SUPPORT_CURVE_P384 */
}
#endif
#if SOC_ECC_SUPPORT_POINT_MULT && SOC_ECC_SUPPORT_POINT_VERIFY && !defined(SOC_ECC_SUPPORT_POINT_VERIFY_QUIRK)
TEST(ecc, ecc_point_verification_and_multiplication_on_SECP192R1_and_SECP256R1)
TEST(ecc, ecc_point_verification_and_multiplication_on_SECP192R1_SECP256R1_SECP384R1)
{
test_ecc_point_mul_inner(true);
}
@@ -281,7 +362,7 @@ static void ecc_point_inv_mul(const uint8_t *num_le, const uint8_t *deno_le, uin
{
esp_crypto_ecc_enable_periph_clk(true);
uint8_t zero[32] = {0};
uint8_t zero[ECC_MAX_BUFFER_SIZE] = {0};
ecc_hal_write_mul_param(zero, num_le, deno_le, len);
ecc_hal_set_mode(ECC_MODE_INVERSE_MUL);
@@ -296,14 +377,24 @@ static void ecc_point_inv_mul(const uint8_t *num_le, const uint8_t *deno_le, uin
esp_crypto_ecc_enable_periph_clk(false);
}
TEST(ecc, ecc_inverse_multiplication_or_mod_division_using_SECP192R1_and_SECP256R1_order_of_curve)
TEST(ecc, ecc_inverse_multiplication_or_mod_division_using_SECP192R1_SECP256R1_SECP384R1_order_of_curve)
{
uint8_t res[32] = {0};
ecc_point_inv_mul(ecc256_num, ecc256_den, 32, res);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc256_inv_mul_res, res, 32, "P256 Inverse multiplication (or Mod division)");
uint8_t res[ECC_MAX_BUFFER_SIZE] = {0};
ecc_point_inv_mul(ecc256_num, ecc256_den, ECC_P256_SIZE_BYTES, res);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc256_inv_mul_res, res, ECC_P256_SIZE_BYTES, "P256 Inverse multiplication (or Mod division)");
ecc_point_inv_mul(ecc192_num, ecc192_den, 24, res);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc192_inv_mul_res, res, 24, "P192 Inverse multiplication (or Mod division)");
ecc_point_inv_mul(ecc192_num, ecc192_den, ECC_P192_SIZE_BYTES, res);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc192_inv_mul_res, res, ECC_P192_SIZE_BYTES, "P192 Inverse multiplication (or Mod division)");
#if SOC_ECC_SUPPORT_CURVE_P384
if (ecc_ll_is_p384_curve_operations_supported()) {
ecc_point_inv_mul(ecc384_num, ecc384_den, ECC_P384_SIZE_BYTES, res);
ESP_LOG_BUFFER_HEXDUMP("Expected Result X:", ecc384_inv_mul_res, ECC_P384_SIZE_BYTES, ESP_LOG_DEBUG);
ESP_LOG_BUFFER_HEXDUMP("Got Result X:", res, ECC_P384_SIZE_BYTES, ESP_LOG_DEBUG);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc384_inv_mul_res, res, ECC_P384_SIZE_BYTES, "P384 Inverse multiplication (or Mod division)");
}
#endif /* SOC_ECC_SUPPORT_CURVE_P384 */
}
#endif
@@ -331,42 +422,61 @@ static void ecc_jacob_mul(uint8_t *k_le, uint8_t *x_le, uint8_t *y_le, uint8_t l
static void test_ecc_jacob_mul_inner(bool verify_first)
{
uint8_t scalar_le[32];
uint8_t x_le[32];
uint8_t y_le[32];
uint8_t scalar_le[ECC_MAX_BUFFER_SIZE];
uint8_t x_le[ECC_MAX_BUFFER_SIZE];
uint8_t y_le[ECC_MAX_BUFFER_SIZE];
/* P256 */
ecc_be_to_le(ecc_p256_scalar, scalar_le, 32);
ecc_be_to_le(ecc_p256_point_x, x_le, 32);
ecc_be_to_le(ecc_p256_point_y, y_le, 32);
ecc_be_to_le(ecc_p256_scalar, scalar_le, ECC_P256_SIZE_BYTES);
ecc_be_to_le(ecc_p256_point_x, x_le, ECC_P256_SIZE_BYTES);
ecc_be_to_le(ecc_p256_point_y, y_le, ECC_P256_SIZE_BYTES);
uint8_t x_res_le[32];
uint8_t y_res_le[32];
uint8_t z_res_le[32];
uint8_t x_res_le[ECC_MAX_BUFFER_SIZE];
uint8_t y_res_le[ECC_MAX_BUFFER_SIZE];
uint8_t z_res_le[ECC_MAX_BUFFER_SIZE];
ecc_jacob_mul(scalar_le, x_le, y_le, 32, verify_first, x_res_le, y_res_le, z_res_le);
ecc_jacob_mul(scalar_le, x_le, y_le, ECC_P256_SIZE_BYTES, verify_first, x_res_le, y_res_le, z_res_le);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc_p256_jacob_mul_res_x_le, x_res_le, 32, "X coordinate of P256 point jacobian multiplication ");
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc_p256_jacob_mul_res_y_le, y_res_le, 32, "Y coordinate of P256 point jacobian multiplication ");
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc_p256_jacob_mul_res_z_le, z_res_le, 32, "Z coordinate of P256 point jacobian multiplication ");
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc_p256_jacob_mul_res_x_le, x_res_le, ECC_P256_SIZE_BYTES, "X coordinate of P256 point jacobian multiplication ");
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc_p256_jacob_mul_res_y_le, y_res_le, ECC_P256_SIZE_BYTES, "Y coordinate of P256 point jacobian multiplication ");
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc_p256_jacob_mul_res_z_le, z_res_le, ECC_P256_SIZE_BYTES, "Z coordinate of P256 point jacobian multiplication ");
memset(x_res_le, 0x0, 32);
memset(y_res_le, 0x0, 32);
memset(z_res_le, 0x0, 32);
memset(x_res_le, 0x0, ECC_MAX_BUFFER_SIZE);
memset(y_res_le, 0x0, ECC_MAX_BUFFER_SIZE);
memset(z_res_le, 0x0, ECC_MAX_BUFFER_SIZE);
/* P192 */
ecc_be_to_le(ecc_p192_scalar, scalar_le, 24);
ecc_be_to_le(ecc_p192_point_x, x_le, 24);
ecc_be_to_le(ecc_p192_point_y, y_le, 24);
ecc_be_to_le(ecc_p192_scalar, scalar_le, ECC_P192_SIZE_BYTES);
ecc_be_to_le(ecc_p192_point_x, x_le, ECC_P192_SIZE_BYTES);
ecc_be_to_le(ecc_p192_point_y, y_le, ECC_P192_SIZE_BYTES);
ecc_jacob_mul(scalar_le, x_le, y_le, 24, verify_first, x_res_le, y_res_le, z_res_le);
ecc_jacob_mul(scalar_le, x_le, y_le, ECC_P192_SIZE_BYTES, verify_first, x_res_le, y_res_le, z_res_le);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc_p192_jacob_mul_res_x_le, x_res_le, 24, "X coordinate of P192 point jacobian multiplication ");
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc_p192_jacob_mul_res_y_le, y_res_le, 24, "Y coordinate of P192 point jacobian multiplication ");
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc_p192_jacob_mul_res_z_le, z_res_le, 24, "Z coordinate of P192 point jacobian multiplication ");
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc_p192_jacob_mul_res_x_le, x_res_le, ECC_P192_SIZE_BYTES, "X coordinate of P192 point jacobian multiplication ");
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc_p192_jacob_mul_res_y_le, y_res_le, ECC_P192_SIZE_BYTES, "Y coordinate of P192 point jacobian multiplication ");
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc_p192_jacob_mul_res_z_le, z_res_le, ECC_P192_SIZE_BYTES, "Z coordinate of P192 point jacobian multiplication ");
#if SOC_ECC_SUPPORT_CURVE_P384
if (ecc_ll_is_p384_curve_operations_supported()) {
memset(x_res_le, 0x0, ECC_MAX_BUFFER_SIZE);
memset(y_res_le, 0x0, ECC_MAX_BUFFER_SIZE);
memset(z_res_le, 0x0, ECC_MAX_BUFFER_SIZE);
/* P384 */
ecc_be_to_le(ecc_p384_scalar, scalar_le, ECC_P384_SIZE_BYTES);
ecc_be_to_le(ecc_p384_point_x, x_le, ECC_P384_SIZE_BYTES);
ecc_be_to_le(ecc_p384_point_y, y_le, ECC_P384_SIZE_BYTES);
ecc_jacob_mul(scalar_le, x_le, y_le, ECC_P384_SIZE_BYTES, verify_first, x_res_le, y_res_le, z_res_le);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc_p384_jacob_mul_res_x_le, x_res_le, ECC_P384_SIZE_BYTES, "X coordinate of P384 point jacobian multiplication ");
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc_p384_jacob_mul_res_y_le, y_res_le, ECC_P384_SIZE_BYTES, "Y coordinate of P384 point jacobian multiplication ");
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc_p384_jacob_mul_res_z_le, z_res_le, ECC_P384_SIZE_BYTES, "Z coordinate of P384 point jacobian multiplication ");
}
#endif /* SOC_ECC_SUPPORT_CURVE_P384 */
}
TEST(ecc, ecc_jacobian_point_multiplication_on_SECP192R1_and_SECP256R1)
TEST(ecc, ecc_jacobian_point_multiplication_on_SECP192R1_SECP256R1_SECP384R1)
{
test_ecc_jacob_mul_inner(false);
}
@@ -393,21 +503,29 @@ static int ecc_jacob_verify(const uint8_t *x_le, const uint8_t *y_le, const uint
return ret;
}
TEST(ecc, ecc_jacobian_point_verification_on_SECP192R1_and_SECP256R1)
TEST(ecc, ecc_jacobian_point_verification_on_SECP192R1_SECP256R1_SECP384R1)
{
int res;
/* P256 */
res = ecc_jacob_verify(ecc_p256_jacob_mul_res_x_le, ecc_p256_jacob_mul_res_y_le, ecc_p256_jacob_mul_res_z_le, 32);
res = ecc_jacob_verify(ecc_p256_jacob_mul_res_x_le, ecc_p256_jacob_mul_res_y_le, ecc_p256_jacob_mul_res_z_le, ECC_P256_SIZE_BYTES);
TEST_ASSERT_EQUAL(1, res);
/* P192 */
res = ecc_jacob_verify(ecc_p192_jacob_mul_res_x_le, ecc_p192_jacob_mul_res_y_le, ecc_p192_jacob_mul_res_z_le, 24);
res = ecc_jacob_verify(ecc_p192_jacob_mul_res_x_le, ecc_p192_jacob_mul_res_y_le, ecc_p192_jacob_mul_res_z_le, ECC_P192_SIZE_BYTES);
TEST_ASSERT_EQUAL(1, res);
#if SOC_ECC_SUPPORT_CURVE_P384
if (ecc_ll_is_p384_curve_operations_supported()) {
/* P384 */
res = ecc_jacob_verify(ecc_p384_jacob_mul_res_x_le, ecc_p384_jacob_mul_res_y_le, ecc_p384_jacob_mul_res_z_le, ECC_P384_SIZE_BYTES);
TEST_ASSERT_EQUAL(1, res);
}
#endif /* SOC_ECC_SUPPORT_CURVE_P384 */
}
#endif
#if SOC_ECC_SUPPORT_JACOB_POINT_MULT && SOC_ECC_SUPPORT_JACOB_POINT_VERIFY
TEST(ecc, ecc_point_verification_and_jacobian_point_multiplication_on_SECP192R1_and_SECP256R1)
TEST(ecc, ecc_point_verification_and_jacobian_point_multiplication_on_SECP192R1_SECP256R1_SECP384R1)
{
test_ecc_jacob_mul_inner(true);
}
@@ -434,56 +552,78 @@ static void ecc_point_addition(uint8_t *px_le, uint8_t *py_le, uint8_t *qx_le, u
esp_crypto_ecc_enable_periph_clk(false);
}
TEST(ecc, ecc_point_addition_on_SECP192R1_and_SECP256R1)
TEST(ecc, ecc_point_addition_on_SECP192R1_SECP256R1_SECP384R1)
{
uint8_t scalar_le[32] = {0};
uint8_t x_le[32] = {0};
uint8_t y_le[32] = {0};
uint8_t z_le[32] = {0};
uint8_t scalar_le[ECC_MAX_BUFFER_SIZE] = {0};
uint8_t x_le[ECC_MAX_BUFFER_SIZE] = {0};
uint8_t y_le[ECC_MAX_BUFFER_SIZE] = {0};
uint8_t z_le[ECC_MAX_BUFFER_SIZE] = {0};
/* P256
* R = 2 * P
*/
ecc_be_to_le(ecc_p256_point_x, x_le, 32);
ecc_be_to_le(ecc_p256_point_y, y_le, 32);
ecc_be_to_le(ecc_p256_point_x, x_le, ECC_P256_SIZE_BYTES);
ecc_be_to_le(ecc_p256_point_y, y_le, ECC_P256_SIZE_BYTES);
scalar_le[0] = 0x2;
uint8_t x_res_le[32];
uint8_t y_res_le[32];
uint8_t z_res_le[32];
uint8_t x_res_le[ECC_MAX_BUFFER_SIZE];
uint8_t y_res_le[ECC_MAX_BUFFER_SIZE];
uint8_t z_res_le[ECC_MAX_BUFFER_SIZE];
ecc_jacob_mul(scalar_le, x_le, y_le, 32, 0, x_res_le, y_res_le, z_res_le);
ecc_jacob_mul(scalar_le, x_le, y_le, ECC_P256_SIZE_BYTES, 0, x_res_le, y_res_le, z_res_le);
uint8_t x_add_le[32];
uint8_t y_add_le[32];
uint8_t z_add_le[32];
uint8_t x_add_le[ECC_MAX_BUFFER_SIZE];
uint8_t y_add_le[ECC_MAX_BUFFER_SIZE];
uint8_t z_add_le[ECC_MAX_BUFFER_SIZE];
z_le[0] = 0x1;
ecc_point_addition(x_le, y_le, x_le, y_le, z_le, 32, 1, x_add_le, y_add_le, z_add_le);
ecc_point_addition(x_le, y_le, x_le, y_le, z_le, ECC_P256_SIZE_BYTES, 1, x_add_le, y_add_le, z_add_le);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(x_add_le, x_res_le, 32, "X coordinate of P256 point addition");
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(y_add_le, y_res_le, 32, "Y coordinate of P256 point addition");
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(z_add_le, z_res_le, 32, "Z coordinate of P256 point addition");
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(x_add_le, x_res_le, ECC_P256_SIZE_BYTES, "X coordinate of P256 point addition");
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(y_add_le, y_res_le, ECC_P256_SIZE_BYTES, "Y coordinate of P256 point addition");
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(z_add_le, z_res_le, ECC_P256_SIZE_BYTES, "Z coordinate of P256 point addition");
/* P192
* R = 2 * P
*/
ecc_be_to_le(ecc_p192_point_x, x_le, 24);
ecc_be_to_le(ecc_p192_point_y, y_le, 24);
ecc_be_to_le(ecc_p192_point_x, x_le, ECC_P192_SIZE_BYTES);
ecc_be_to_le(ecc_p192_point_y, y_le, ECC_P192_SIZE_BYTES);
scalar_le[0] = 0x2;
ecc_jacob_mul(scalar_le, x_le, y_le, 24, 0, x_res_le, y_res_le, z_res_le);
ecc_jacob_mul(scalar_le, x_le, y_le, ECC_P192_SIZE_BYTES, 0, x_res_le, y_res_le, z_res_le);
z_le[0] = 0x1;
ecc_point_addition(x_le, y_le, x_le, y_le, z_le, 24, 1, x_add_le, y_add_le, z_add_le);
ecc_point_addition(x_le, y_le, x_le, y_le, z_le, ECC_P192_SIZE_BYTES, 1, x_add_le, y_add_le, z_add_le);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(x_add_le, x_res_le, 24, "X coordinate of P192 point addition");
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(y_add_le, y_res_le, 24, "Y coordinate of P192 point addition");
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(z_add_le, z_res_le, 24, "Z coordinate of P192 point addition");
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(x_add_le, x_res_le, ECC_P192_SIZE_BYTES, "X coordinate of P192 point addition");
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(y_add_le, y_res_le, ECC_P192_SIZE_BYTES, "Y coordinate of P192 point addition");
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(z_add_le, z_res_le, ECC_P192_SIZE_BYTES, "Z coordinate of P192 point addition");
#if SOC_ECC_SUPPORT_CURVE_P384
if (ecc_ll_is_p384_curve_operations_supported()) {
/* P384
* R = 2 * P
*/
ecc_be_to_le(ecc_p384_point_x, x_le, ECC_P384_SIZE_BYTES);
ecc_be_to_le(ecc_p384_point_y, y_le, ECC_P384_SIZE_BYTES);
scalar_le[0] = 0x2;
ecc_jacob_mul(scalar_le, x_le, y_le, ECC_P384_SIZE_BYTES, 0, x_res_le, y_res_le, z_res_le);
z_le[0] = 0x1;
ecc_point_addition(x_le, y_le, x_le, y_le, z_le, ECC_P384_SIZE_BYTES, 1, x_add_le, y_add_le, z_add_le);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(x_add_le, x_res_le, ECC_P384_SIZE_BYTES, "X coordinate of P384 point addition");
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(y_add_le, y_res_le, ECC_P384_SIZE_BYTES, "Y coordinate of P384 point addition");
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(z_add_le, z_res_le, ECC_P384_SIZE_BYTES, "Z coordinate of P384 point addition");
}
#endif /* SOC_ECC_SUPPORT_CURVE_P384 */
}
#endif
@@ -508,87 +648,109 @@ static void ecc_mod_op(ecc_mode_t mode, const uint8_t *a, const uint8_t *b, uint
#endif
#if SOC_ECC_SUPPORT_MOD_ADD
TEST(ecc, ecc_mod_addition_using_SECP192R1_and_SECP256R1_order_of_curve)
TEST(ecc, ecc_mod_addition_using_SECP192R1_SECP256R1_SECP384R1_order_of_curve)
{
uint8_t res[32] = {0};
ecc_mod_op(ECC_MODE_MOD_ADD, ecc256_x, ecc256_y, 32, res);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc256_add_res, res, 32, "P256 mod addition");
uint8_t res[ECC_MAX_BUFFER_SIZE] = {0};
ecc_mod_op(ECC_MODE_MOD_ADD, ecc256_x, ecc256_y, ECC_P256_SIZE_BYTES, res);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc256_add_res, res, ECC_P256_SIZE_BYTES, "P256 mod addition");
ecc_mod_op(ECC_MODE_MOD_ADD, ecc192_x, ecc192_y, 24, res);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc192_add_res, res, 24, "P192 mod addition");
ecc_mod_op(ECC_MODE_MOD_ADD, ecc192_x, ecc192_y, ECC_P192_SIZE_BYTES, res);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc192_add_res, res, ECC_P192_SIZE_BYTES, "P192 mod addition");
#if SOC_ECC_SUPPORT_CURVE_P384
if (ecc_ll_is_p384_curve_operations_supported()) {
ecc_mod_op(ECC_MODE_MOD_ADD, ecc384_x, ecc384_y, ECC_P384_SIZE_BYTES, res);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc384_add_res, res, ECC_P384_SIZE_BYTES, "P384 mod addition");
}
#endif /* SOC_ECC_SUPPORT_CURVE_P384 */
}
#endif
#if SOC_ECC_SUPPORT_MOD_SUB
TEST(ecc, ecc_mod_subtraction_using_SECP192R1_and_SECP256R1_order_of_curve)
TEST(ecc, ecc_mod_subtraction_using_SECP192R1_SECP256R1_SECP384R1_order_of_curve)
{
uint8_t res[32] = {0};
ecc_mod_op(ECC_MODE_MOD_SUB, ecc256_x, ecc256_y, 32, res);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc256_sub_res, res, 32, "P256 mod subtraction");
uint8_t res[ECC_MAX_BUFFER_SIZE] = {0};
ecc_mod_op(ECC_MODE_MOD_SUB, ecc256_x, ecc256_y, ECC_P256_SIZE_BYTES, res);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc256_sub_res, res, ECC_P256_SIZE_BYTES, "P256 mod subtraction");
ecc_mod_op(ECC_MODE_MOD_SUB, ecc192_x, ecc192_y, 24, res);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc192_sub_res, res, 24, "P192 mod subtraction");
ecc_mod_op(ECC_MODE_MOD_SUB, ecc192_x, ecc192_y, ECC_P192_SIZE_BYTES, res);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc192_sub_res, res, ECC_P192_SIZE_BYTES, "P192 mod subtraction");
#if SOC_ECC_SUPPORT_CURVE_P384
if (ecc_ll_is_p384_curve_operations_supported()) {
ecc_mod_op(ECC_MODE_MOD_SUB, ecc384_x, ecc384_y, ECC_P384_SIZE_BYTES, res);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc384_sub_res, res, ECC_P384_SIZE_BYTES, "P384 mod subtraction");
}
#endif /* SOC_ECC_SUPPORT_CURVE_P384 */
}
#endif
#if SOC_ECC_SUPPORT_MOD_MUL
TEST(ecc, ecc_mod_multiplication_using_SECP192R1_and_SECP256R1_order_of_curve)
TEST(ecc, ecc_mod_multiplication_using_SECP192R1_SECP256R1_SECP384R1_order_of_curve)
{
uint8_t res[32] = {0};
ecc_mod_op(ECC_MODE_MOD_MUL, ecc256_x, ecc256_y, 32, res);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc256_mul_res, res, 32, "P256 mod multiplication");
uint8_t res[ECC_MAX_BUFFER_SIZE] = {0};
ecc_mod_op(ECC_MODE_MOD_MUL, ecc256_x, ecc256_y, ECC_P256_SIZE_BYTES, res);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc256_mul_res, res, ECC_P256_SIZE_BYTES, "P256 mod multiplication");
ecc_mod_op(ECC_MODE_MOD_MUL, ecc192_x, ecc192_y, 24, res);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc192_mul_res, res, 24, "P192 mod multiplication");
ecc_mod_op(ECC_MODE_MOD_MUL, ecc192_x, ecc192_y, ECC_P192_SIZE_BYTES, res);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc192_mul_res, res, ECC_P192_SIZE_BYTES, "P192 mod multiplication");
#if SOC_ECC_SUPPORT_CURVE_P384
if (ecc_ll_is_p384_curve_operations_supported()) {
ecc_mod_op(ECC_MODE_MOD_MUL, ecc384_x, ecc384_y, ECC_P384_SIZE_BYTES, res);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc384_mul_res, res, ECC_P384_SIZE_BYTES, "P384 mod multiplication");
}
#endif /* SOC_ECC_SUPPORT_CURVE_P384 */
}
#endif
TEST_GROUP_RUNNER(ecc)
{
#if SOC_ECC_SUPPORT_POINT_MULT
RUN_TEST_CASE(ecc, ecc_point_multiplication_on_SECP192R1_and_SECP256R1);
RUN_TEST_CASE(ecc, ecc_point_multiplication_on_SECP192R1_SECP256R1_SECP384R1);
#if SOC_ECC_CONSTANT_TIME_POINT_MUL
RUN_TEST_CASE(ecc, ecc_point_multiplication_const_time_check_on_SECP192R1_and_SECP256R1);
RUN_TEST_CASE(ecc, ecc_point_multiplication_const_time_check_on_SECP192R1_SECP256R1_SECP384R1);
#endif
#endif
#if SOC_ECC_SUPPORT_POINT_VERIFY && !defined(SOC_ECC_SUPPORT_POINT_VERIFY_QUIRK)
RUN_TEST_CASE(ecc, ecc_point_verification_on_SECP192R1_and_SECP256R1);
RUN_TEST_CASE(ecc, ecc_point_verification_on_SECP192R1_SECP256R1_SECP384R1);
#endif
#if SOC_ECC_SUPPORT_POINT_MULT && SOC_ECC_SUPPORT_POINT_VERIFY && !defined(SOC_ECC_SUPPORT_POINT_VERIFY_QUIRK)
RUN_TEST_CASE(ecc, ecc_point_verification_and_multiplication_on_SECP192R1_and_SECP256R1);
RUN_TEST_CASE(ecc, ecc_point_verification_and_multiplication_on_SECP192R1_SECP256R1_SECP384R1);
#endif
#if SOC_ECC_SUPPORT_POINT_DIVISION
RUN_TEST_CASE(ecc, ecc_inverse_multiplication_or_mod_division_using_SECP192R1_and_SECP256R1_order_of_curve);
RUN_TEST_CASE(ecc, ecc_inverse_multiplication_or_mod_division_using_SECP192R1_SECP256R1_SECP384R1_order_of_curve);
#endif
#if SOC_ECC_SUPPORT_JACOB_POINT_MULT
RUN_TEST_CASE(ecc, ecc_jacobian_point_multiplication_on_SECP192R1_and_SECP256R1);
RUN_TEST_CASE(ecc, ecc_jacobian_point_multiplication_on_SECP192R1_SECP256R1_SECP384R1);
#endif
#if SOC_ECC_SUPPORT_JACOB_POINT_VERIFY
RUN_TEST_CASE(ecc, ecc_jacobian_point_verification_on_SECP192R1_and_SECP256R1);
RUN_TEST_CASE(ecc, ecc_jacobian_point_verification_on_SECP192R1_SECP256R1_SECP384R1);
#endif
#if SOC_ECC_SUPPORT_JACOB_POINT_MULT && SOC_ECC_SUPPORT_JACOB_POINT_VERIFY
RUN_TEST_CASE(ecc, ecc_point_verification_and_jacobian_point_multiplication_on_SECP192R1_and_SECP256R1);
RUN_TEST_CASE(ecc, ecc_point_verification_and_jacobian_point_multiplication_on_SECP192R1_SECP256R1_SECP384R1);
#endif
#if SOC_ECC_SUPPORT_POINT_ADDITION
RUN_TEST_CASE(ecc, ecc_point_addition_on_SECP192R1_and_SECP256R1);
RUN_TEST_CASE(ecc, ecc_point_addition_on_SECP192R1_SECP256R1_SECP384R1);
#endif
#if SOC_ECC_SUPPORT_MOD_ADD
RUN_TEST_CASE(ecc, ecc_mod_addition_using_SECP192R1_and_SECP256R1_order_of_curve);
RUN_TEST_CASE(ecc, ecc_mod_addition_using_SECP192R1_SECP256R1_SECP384R1_order_of_curve);
#endif
#if SOC_ECC_SUPPORT_MOD_SUB
RUN_TEST_CASE(ecc, ecc_mod_subtraction_using_SECP192R1_and_SECP256R1_order_of_curve);
RUN_TEST_CASE(ecc, ecc_mod_subtraction_using_SECP192R1_SECP256R1_SECP384R1_order_of_curve);
#endif
#if SOC_ECC_SUPPORT_MOD_MUL
RUN_TEST_CASE(ecc, ecc_mod_multiplication_using_SECP192R1_and_SECP256R1_order_of_curve);
RUN_TEST_CASE(ecc, ecc_mod_multiplication_using_SECP192R1_SECP256R1_SECP384R1_order_of_curve);
#endif
}

4
components/soc/esp32c5/include/soc/Kconfig.soc_caps.in
View File

@@ -1047,6 +1047,10 @@ config SOC_ECC_CONSTANT_TIME_POINT_MUL
bool
default y
config SOC_ECC_SUPPORT_CURVE_P384
bool
default y
config SOC_ECDSA_SUPPORT_EXPORT_PUBKEY
bool
default y

1
components/soc/esp32c5/include/soc/soc_caps.h
View File

@@ -421,6 +421,7 @@
/*--------------------------- ECC CAPS ---------------------------------------*/
#define SOC_ECC_CONSTANT_TIME_POINT_MUL 1
#define SOC_ECC_SUPPORT_CURVE_P384 (1)
/*--------------------------- ECDSA CAPS ---------------------------------------*/
#define SOC_ECDSA_SUPPORT_EXPORT_PUBKEY (1)

8
components/soc/esp32p4/include/soc/Kconfig.soc_caps.in
View File

@@ -1419,6 +1419,14 @@ config SOC_SHA_SUPPORT_SHA512_T
bool
default y
config SOC_ECC_CONSTANT_TIME_POINT_MUL
bool
default y
config SOC_ECC_SUPPORT_CURVE_P384
bool
default y
config SOC_ECDSA_SUPPORT_EXPORT_PUBKEY
bool
default y

4
components/soc/esp32p4/include/soc/soc_caps.h
View File

@@ -529,6 +529,10 @@
#define SOC_SHA_SUPPORT_SHA512_256 (1)
#define SOC_SHA_SUPPORT_SHA512_T (1)
/*--------------------------- ECC CAPS ---------------------------------------*/
#define SOC_ECC_CONSTANT_TIME_POINT_MUL 1
#define SOC_ECC_SUPPORT_CURVE_P384 (1)
/*--------------------------- ECDSA CAPS ---------------------------------------*/
#define SOC_ECDSA_SUPPORT_EXPORT_PUBKEY (1)
#define SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE (1)