diff --git a/components/hal/ecc_hal.c b/components/hal/ecc_hal.c index 79c28ce501..47d068401c 100644 --- a/components/hal/ecc_hal.c +++ b/components/hal/ecc_hal.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2021-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2021-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -7,6 +7,14 @@ #include "hal/ecc_ll.h" #include "soc/soc_caps.h" +/* ECC curve size constants in bytes */ +#define ECC_P192_SIZE_BYTES 24 +#define ECC_P256_SIZE_BYTES 32 +#define ECC_P384_SIZE_BYTES 48 + +/* Maximum ECC buffer size for all supported curves */ +#define ECC_MAX_BUFFER_SIZE 48 + void ecc_hal_set_mode(ecc_mode_t mode) { ecc_ll_set_mode(mode); @@ -30,7 +38,7 @@ int ecc_hal_is_calc_finished(void) static void clear_param_registers(void) { - uint8_t buf[32] = {0}; + uint8_t buf[ECC_MAX_BUFFER_SIZE] = {0}; ecc_ll_write_param(ECC_PARAM_PX, buf, sizeof(buf)); ecc_ll_write_param(ECC_PARAM_PY, buf, sizeof(buf)); @@ -44,7 +52,7 @@ static void clear_param_registers(void) void ecc_hal_write_mul_param(const uint8_t *k, const uint8_t *px, const uint8_t *py, uint16_t len) { - ecc_curve_t curve = len == 32 ? ECC_CURVE_SECP256R1 : ECC_CURVE_SECP192R1; + ecc_curve_t curve = len == ECC_P384_SIZE_BYTES ? ECC_CURVE_SECP384R1 : (len == ECC_P256_SIZE_BYTES ? ECC_CURVE_SECP256R1 : ECC_CURVE_SECP192R1); ecc_ll_set_curve(curve); clear_param_registers(); @@ -56,7 +64,7 @@ void ecc_hal_write_mul_param(const uint8_t *k, const uint8_t *px, const uint8_t void ecc_hal_write_verify_param(const uint8_t *px, const uint8_t *py, uint16_t len) { - ecc_curve_t curve = len == 32 ? ECC_CURVE_SECP256R1 : ECC_CURVE_SECP192R1; + ecc_curve_t curve = len == ECC_P384_SIZE_BYTES ? ECC_CURVE_SECP384R1 : (len == ECC_P256_SIZE_BYTES ? ECC_CURVE_SECP256R1 : ECC_CURVE_SECP192R1); ecc_ll_set_curve(curve); clear_param_registers(); @@ -96,7 +104,7 @@ void ecc_hal_set_mod_base(ecc_mod_base_t base) void ecc_hal_write_jacob_verify_param(const uint8_t *qx, const uint8_t *qy, const uint8_t *qz, uint16_t len) { - ecc_curve_t curve = len == 32 ? ECC_CURVE_SECP256R1 : ECC_CURVE_SECP192R1; + ecc_curve_t curve = len == ECC_P384_SIZE_BYTES ? ECC_CURVE_SECP384R1 : (len == ECC_P256_SIZE_BYTES ? ECC_CURVE_SECP256R1 : ECC_CURVE_SECP192R1); ecc_ll_set_curve(curve); clear_param_registers(); @@ -127,7 +135,7 @@ int ecc_hal_read_jacob_mul_result(uint8_t *rx, uint8_t *ry, uint8_t *rz, uint16_ void ecc_hal_write_point_add_param(const uint8_t *px, const uint8_t *py, const uint8_t *qx, const uint8_t *qy, const uint8_t *qz, uint16_t len) { - ecc_curve_t curve = len == 32 ? ECC_CURVE_SECP256R1 : ECC_CURVE_SECP192R1; + ecc_curve_t curve = len == ECC_P384_SIZE_BYTES ? ECC_CURVE_SECP384R1 : (len == ECC_P256_SIZE_BYTES ? ECC_CURVE_SECP256R1 : ECC_CURVE_SECP192R1); ecc_ll_set_curve(curve); clear_param_registers(); @@ -154,7 +162,7 @@ int ecc_hal_read_point_add_result(uint8_t *rx, uint8_t *ry, uint8_t *rz, uint16_ void ecc_hal_write_mod_op_param(const uint8_t *a, const uint8_t *b, uint16_t len) { - ecc_curve_t curve = len == 32 ? ECC_CURVE_SECP256R1 : ECC_CURVE_SECP192R1; + ecc_curve_t curve = len == ECC_P384_SIZE_BYTES ? ECC_CURVE_SECP384R1 : (len == ECC_P256_SIZE_BYTES ? ECC_CURVE_SECP256R1 : ECC_CURVE_SECP192R1); ecc_ll_set_curve(curve); clear_param_registers(); diff --git a/components/hal/esp32c5/include/hal/ecc_ll.h b/components/hal/esp32c5/include/hal/ecc_ll.h index 9060cdbf72..54c7b8bc2d 100644 --- a/components/hal/esp32c5/include/hal/ecc_ll.h +++ b/components/hal/esp32c5/include/hal/ecc_ll.h @@ -148,6 +148,11 @@ static inline void ecc_ll_set_mod_base(ecc_mod_base_t base) } } +static inline bool ecc_ll_is_p384_curve_operations_supported(void) +{ + return true; +} + static inline void ecc_ll_enable_constant_time_point_mul(bool enable) { if (enable) { diff --git a/components/hal/esp32p4/include/hal/ecc_ll.h b/components/hal/esp32p4/include/hal/ecc_ll.h index d7977a83b8..8e56f508cf 100644 --- a/components/hal/esp32p4/include/hal/ecc_ll.h +++ b/components/hal/esp32p4/include/hal/ecc_ll.h @@ -9,8 +9,11 @@ #include #include "hal/assert.h" #include "hal/ecc_types.h" +#include "hal/efuse_hal.h" #include "soc/ecc_mult_reg.h" #include "soc/hp_sys_clkrst_struct.h" +#include "soc/chip_revision.h" +#include "hal/config.h" #ifdef __cplusplus extern "C" { @@ -124,16 +127,15 @@ static inline void ecc_ll_set_mode(ecc_mode_t mode) static inline void ecc_ll_set_curve(ecc_curve_t curve) { - switch(curve) { - case ECC_CURVE_SECP256R1: - REG_SET_BIT(ECC_MULT_CONF_REG, ECC_MULT_KEY_LENGTH); - break; + switch (curve) { case ECC_CURVE_SECP192R1: - REG_CLR_BIT(ECC_MULT_CONF_REG, ECC_MULT_KEY_LENGTH); + case ECC_CURVE_SECP256R1: + case ECC_CURVE_SECP384R1: + case ECC_CURVE_SM2: + REG_SET_FIELD(ECC_MULT_CONF_REG, ECC_MULT_KEY_LENGTH, curve); break; default: HAL_ASSERT(false && "Unsupported curve"); - return; } } @@ -246,10 +248,22 @@ static inline void ecc_ll_read_param(ecc_ll_param_t param, uint8_t *buf, uint16_ memcpy(buf, (void *)reg, len); } +static inline bool ecc_ll_is_p384_curve_operations_supported(void) +{ +#if HAL_CONFIG(CHIP_SUPPORT_MIN_REV) >= 300 + return true; +#else + return false; +#endif +} + static inline void ecc_ll_enable_constant_time_point_mul(bool enable) { - // Not supported for ESP32-P4 - (void) enable; //unused + if (enable) { + REG_SET_BIT(ECC_MULT_CONF_REG, ECC_MULT_SECURITY_MODE); + } else { + REG_CLR_BIT(ECC_MULT_CONF_REG, ECC_MULT_SECURITY_MODE); + } } #ifdef __cplusplus diff --git a/components/hal/test_apps/crypto/main/ecc/ecc_params.h b/components/hal/test_apps/crypto/main/ecc/ecc_params.h index 77aecedda9..85fde9de38 100644 --- a/components/hal/test_apps/crypto/main/ecc/ecc_params.h +++ b/components/hal/test_apps/crypto/main/ecc/ecc_params.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 * @@ -220,3 +220,150 @@ static const uint8_t ecc192_mul_res[] = { 0x8C, 0xFB, 0xA5, 0xCE, 0x1E, 0x7B, 0xE6, 0xF3, 0x8F, 0x79, 0x71, 0xCF, 0xD6, 0xF3, 0x41, 0xE6 }; + +#if SOC_ECC_SUPPORT_CURVE_P384 +static const uint8_t ecc_p384_point_x[] = { + 0xaa, 0x87, 0xca, 0x22, 0xbe, 0x8b, 0x05, 0x37, + 0x8e, 0xb1, 0xc7, 0x1e, 0xf3, 0x20, 0xad, 0x74, + 0x6e, 0x1d, 0x3b, 0x62, 0x8b, 0xa7, 0x9b, 0x98, + 0x59, 0xf7, 0x41, 0xe0, 0x82, 0x54, 0x2a, 0x38, + 0x55, 0x02, 0xf2, 0x5d, 0xbf, 0x55, 0x29, 0x6c, + 0x3a, 0x54, 0x5e, 0x38, 0x72, 0x76, 0x0a, 0xb7 +}; + +static const uint8_t ecc_p384_point_y[] = { + 0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, + 0x5d, 0x9e, 0x98, 0xbf, 0x92, 0x92, 0xdc, 0x29, + 0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c, + 0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0, + 0x0a, 0x60, 0xb1, 0xce, 0x1d, 0x7e, 0x81, 0x9d, + 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f +}; + +static const uint8_t ecc_p384_scalar[] = { + 0x68, 0xd1, 0x09, 0xa7, 0xc7, 0x7e, 0xeb, 0xbd, + 0x43, 0x18, 0x7e, 0xdd, 0x69, 0x23, 0x7e, 0x0a, + 0xef, 0x07, 0xc2, 0x0e, 0xc5, 0x3d, 0xe7, 0xcb, + 0xd4, 0x36, 0xad, 0x9b, 0xdc, 0xf8, 0x6c, 0x5c, + 0x0c, 0x3d, 0xce, 0x45, 0xcd, 0x6f, 0x7f, 0x18, + 0x40, 0xc5, 0x29, 0xf3, 0xcd, 0x12, 0x1d, 0xc2 +}; + +static const uint8_t ecc_p384_mul_res_x[] = { + 0x74, 0x1d, 0xc3, 0xba, 0xac, 0x60, 0x37, 0xfc, + 0x57, 0x85, 0x90, 0x95, 0x64, 0xe6, 0xd1, 0xef, + 0x86, 0xdf, 0x42, 0xe0, 0xaf, 0x11, 0x24, 0x1f, + 0xe9, 0x97, 0x6e, 0x0c, 0xd9, 0xe5, 0xa0, 0x5d, + 0xd9, 0x91, 0x96, 0x71, 0xef, 0x96, 0xe9, 0x7e, + 0x90, 0xba, 0xa8, 0x33, 0xe2, 0x2e, 0xf0, 0x7b +}; + +static const uint8_t ecc_p384_mul_res_y[] = { + 0xc3, 0xe0, 0x66, 0x50, 0xd9, 0x1e, 0xa9, 0x42, + 0xcb, 0x0d, 0xec, 0xb6, 0x29, 0xe2, 0xae, 0x75, + 0xc6, 0xa2, 0xb9, 0xa6, 0xcf, 0x2c, 0x97, 0x01, + 0xcc, 0xff, 0x7c, 0x1c, 0xd1, 0x01, 0xde, 0xbc, + 0x40, 0x56, 0x8c, 0x18, 0x21, 0x9d, 0xbd, 0xc0, + 0x2d, 0x41, 0x5b, 0x92, 0x52, 0x5a, 0x40, 0x57 +}; + +static const uint8_t ecc_p384_jacob_mul_res_x_le[] = { + 0xE3, 0xFC, 0x92, 0x29, 0xCF, 0xCB, 0xF7, 0x90, + 0x04, 0xAD, 0xD2, 0x7C, 0xFD, 0x4B, 0xFB, 0x18, + 0xF1, 0x34, 0x93, 0x2C, 0xA3, 0x66, 0x02, 0xE8, + 0x54, 0xD3, 0x8C, 0xB6, 0x69, 0x75, 0x4E, 0xD2, + 0x80, 0xA3, 0x01, 0xC7, 0x78, 0x41, 0x9B, 0x2F, + 0x11, 0xEF, 0x79, 0x45, 0x8F, 0x31, 0x2A, 0x96 +}; + +static const uint8_t ecc_p384_jacob_mul_res_y_le[] = { + 0x42, 0xC0, 0x3B, 0xF0, 0x81, 0x86, 0xA0, 0xC9, + 0xA0, 0xC6, 0x59, 0x34, 0xF1, 0x2B, 0xDC, 0x02, + 0xE8, 0x92, 0x10, 0x1C, 0xBF, 0xAC, 0x5E, 0x17, + 0x5F, 0x53, 0xE2, 0x74, 0x3E, 0x46, 0xBA, 0xE9, + 0x83, 0x7B, 0xF3, 0x67, 0xD4, 0xF7, 0xA3, 0x4F, + 0x05, 0xB8, 0x62, 0xC0, 0x42, 0x1C, 0x0D, 0x77 +}; + +static const uint8_t ecc_p384_jacob_mul_res_z_le[] = { + 0xCB, 0x3B, 0xFB, 0x58, 0x85, 0x3A, 0xA5, 0x47, + 0x22, 0x9C, 0xF8, 0x0B, 0xDB, 0x08, 0xDD, 0x0D, + 0xA5, 0x7B, 0xE4, 0x2D, 0x1E, 0xEF, 0x8B, 0x88, + 0xE2, 0x73, 0x24, 0xCC, 0x74, 0xCA, 0xBA, 0x0A, + 0x69, 0x22, 0xEF, 0x7F, 0xCC, 0x92, 0x37, 0x24, + 0x8D, 0xF3, 0xAC, 0xCF, 0x76, 0xD7, 0x16, 0x4D +}; + +static const uint8_t ecc384_x[] = { + 0xaa, 0x87, 0xca, 0x22, 0xbe, 0x8b, 0x05, 0x37, + 0x8e, 0xb1, 0xc7, 0x1e, 0xf3, 0x20, 0xad, 0x74, + 0x6e, 0x1d, 0x3b, 0x62, 0x8b, 0xa7, 0x9b, 0x98, + 0x59, 0xf7, 0x41, 0xe0, 0x82, 0x54, 0x2a, 0x38, + 0x55, 0x02, 0xf2, 0x5d, 0xbf, 0x55, 0x29, 0x6c, + 0x3a, 0x54, 0x5e, 0x38, 0x72, 0x76, 0x0a, 0xb7 +}; + +static const uint8_t ecc384_y[] = { + 0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, + 0x5d, 0x9e, 0x98, 0xbf, 0x92, 0x92, 0xdc, 0x29, + 0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c, + 0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0, + 0x0a, 0x60, 0xb1, 0xce, 0x1d, 0x7e, 0x81, 0x9d, + 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f +}; + +static const uint8_t ecc384_add_res[] = { + 0x6D, 0x75, 0xE3, 0xA0, 0xE9, 0x98, 0x45, 0xB9, + 0x70, 0xA8, 0xAF, 0x95, 0xD3, 0xA5, 0x6F, 0x46, + 0x87, 0xE4, 0x21, 0x2B, 0x32, 0xF4, 0x4C, 0x4D, + 0x43, 0xD2, 0x73, 0xF3, 0x37, 0x45, 0xE3, 0xF8, + 0x5F, 0x62, 0xA3, 0x2C, 0xDD, 0xD3, 0xAA, 0x09, + 0xB5, 0x97, 0x7B, 0xB4, 0x02, 0x61, 0x19, 0x16 +}; + +static const uint8_t ecc384_sub_res[] = { + 0x74, 0x70, 0xEC, 0xD7, 0x27, 0x65, 0xD9, 0xC7, + 0x30, 0x13, 0x2F, 0x5F, 0x60, 0x8E, 0xD0, 0x4A, + 0x76, 0x28, 0x1D, 0xA5, 0x62, 0x0D, 0x87, 0x1C, + 0x70, 0x1C, 0x10, 0xCD, 0xCD, 0x63, 0x71, 0x77, + 0x4A, 0xA2, 0x40, 0x8F, 0xA1, 0xD7, 0xA7, 0xCE, + 0xBF, 0x10, 0x41, 0xBC, 0xE1, 0x8B, 0xFB, 0x57 +}; + +static const uint8_t ecc384_mul_res[] = { + 0x63, 0x67, 0x7D, 0x8B, 0x32, 0x4C, 0x13, 0xE6, + 0x49, 0xAB, 0xDE, 0x9F, 0xDB, 0x68, 0x57, 0x49, + 0xDE, 0x88, 0x77, 0x56, 0x45, 0xB0, 0x7B, 0xD7, + 0xAB, 0xFB, 0xF4, 0x55, 0xC0, 0xD3, 0xD0, 0x2D, + 0x37, 0x14, 0x8F, 0x3A, 0x1E, 0x72, 0x7E, 0x49, + 0x77, 0xA0, 0xB9, 0xC8, 0xD0, 0x44, 0xDD, 0x16 +}; + +static const uint8_t ecc384_num[] = { + 0x68, 0xd1, 0x09, 0xa7, 0xc7, 0x7e, 0xeb, 0xbd, + 0x43, 0x18, 0x7e, 0xdd, 0x69, 0x23, 0x7e, 0x0a, + 0xef, 0x07, 0xc2, 0x0e, 0xc5, 0x3d, 0xe7, 0xcb, + 0xd4, 0x36, 0xad, 0x9b, 0xdc, 0xf8, 0x6c, 0x5c, + 0x0c, 0x3d, 0xce, 0x45, 0xcd, 0x6f, 0x7f, 0x18, + 0x40, 0xc5, 0x29, 0xf3, 0xcd, 0x12, 0x1d, 0xc2 +}; + +static const uint8_t ecc384_den[] = { + 0x68, 0xd1, 0x09, 0xa7, 0xc7, 0x7e, 0xeb, 0xbd, + 0x43, 0x18, 0x7e, 0xdd, 0x69, 0x23, 0x7e, 0x0a, + 0xef, 0x07, 0xc2, 0x0e, 0xc5, 0x3d, 0xe7, 0xcb, + 0xd4, 0x36, 0xad, 0x9b, 0xdc, 0xf8, 0x6c, 0x5c, + 0x0c, 0x3d, 0xce, 0x45, 0xcd, 0x6f, 0x7f, 0x18, + 0x40, 0xc5, 0x8c, 0x56, 0x68, 0xb7, 0xb8, 0x67 +}; + +static const uint8_t ecc384_inv_mul_res[] = { + 0x05, 0x35, 0xe1, 0x77, 0xd0, 0xd0, 0x47, 0x38, + 0x65, 0xe8, 0x4c, 0xeb, 0x31, 0x96, 0xd9, 0xfc, + 0x18, 0x0a, 0xe2, 0xd9, 0x5d, 0x40, 0xf4, 0x89, + 0x8a, 0xc6, 0xfc, 0x32, 0x5f, 0xd8, 0xc7, 0x74, + 0x15, 0x44, 0xa5, 0xd6, 0xca, 0x72, 0xc1, 0x2f, + 0xd7, 0xb3, 0x17, 0xda, 0x6f, 0x49, 0x17, 0xb7 +}; + +#endif /* SOC_ECC_SUPPORT_CURVE_P384 */ diff --git a/components/hal/test_apps/crypto/main/ecc/test_ecc.c b/components/hal/test_apps/crypto/main/ecc/test_ecc.c index 603771d081..b8fe24a7e5 100644 --- a/components/hal/test_apps/crypto/main/ecc/test_ecc.c +++ b/components/hal/test_apps/crypto/main/ecc/test_ecc.c @@ -20,6 +20,15 @@ #include "unity_fixture.h" #include "ccomp_timer.h" +/* ECC curve size constants in bytes */ +#define ECC_P192_SIZE_BYTES 24 +#define ECC_P256_SIZE_BYTES 32 +#define ECC_P384_SIZE_BYTES 48 + +/* Maximum ECC buffer size for all supported curves */ +#define ECC_MAX_BUFFER_SIZE 48 + +/* ECC operation support flags */ #define SOC_ECC_SUPPORT_POINT_MULT 1 #define SOC_ECC_SUPPORT_POINT_VERIFY 1 @@ -36,7 +45,7 @@ static void ecc_be_to_le(const uint8_t* be_point, uint8_t *le_point, uint8_t len) { /* When the size is 24 bytes, it should be padded with 0 bytes*/ - memset(le_point, 0x0, 32); + memset(le_point, 0x0, ECC_MAX_BUFFER_SIZE); for (int i = 0; i < len; i++) { le_point[i] = be_point[len - i - 1]; @@ -82,61 +91,89 @@ static void ecc_point_mul(const uint8_t *k_le, const uint8_t *x_le, const uint8_ static void test_ecc_point_mul_inner(bool verify_first) { - uint8_t scalar_le[32]; - uint8_t x_le[32]; - uint8_t y_le[32]; + uint8_t scalar_le[ECC_MAX_BUFFER_SIZE]; + uint8_t x_le[ECC_MAX_BUFFER_SIZE]; + uint8_t y_le[ECC_MAX_BUFFER_SIZE]; /* P256 */ - ecc_be_to_le(ecc_p256_scalar, scalar_le, 32); - ecc_be_to_le(ecc_p256_point_x, x_le, 32); - ecc_be_to_le(ecc_p256_point_y, y_le, 32); + ecc_be_to_le(ecc_p256_scalar, scalar_le, ECC_P256_SIZE_BYTES); + ecc_be_to_le(ecc_p256_point_x, x_le, ECC_P256_SIZE_BYTES); + ecc_be_to_le(ecc_p256_point_y, y_le, ECC_P256_SIZE_BYTES); - uint8_t x_res_le[32]; - uint8_t y_res_le[32]; + uint8_t x_res_le[ECC_MAX_BUFFER_SIZE]; + uint8_t y_res_le[ECC_MAX_BUFFER_SIZE]; - ecc_point_mul(scalar_le, x_le, y_le, 32, verify_first, x_res_le, y_res_le); + ecc_point_mul(scalar_le, x_le, y_le, ECC_P256_SIZE_BYTES, verify_first, x_res_le, y_res_le); - uint8_t x_mul_le[32]; - uint8_t y_mul_le[32]; + uint8_t x_mul_le[ECC_MAX_BUFFER_SIZE]; + uint8_t y_mul_le[ECC_MAX_BUFFER_SIZE]; - ecc_be_to_le(ecc_p256_mul_res_x, x_mul_le, 32); - ecc_be_to_le(ecc_p256_mul_res_y, y_mul_le, 32); + ecc_be_to_le(ecc_p256_mul_res_x, x_mul_le, ECC_P256_SIZE_BYTES); + ecc_be_to_le(ecc_p256_mul_res_y, y_mul_le, ECC_P256_SIZE_BYTES); - ESP_LOG_BUFFER_HEXDUMP("Expected X:", x_mul_le, 32, ESP_LOG_DEBUG); - ESP_LOG_BUFFER_HEXDUMP("Got X:", x_res_le, 32, ESP_LOG_DEBUG); + ESP_LOG_BUFFER_HEXDUMP("Expected X:", x_mul_le, ECC_P256_SIZE_BYTES, ESP_LOG_DEBUG); + ESP_LOG_BUFFER_HEXDUMP("Got X:", x_res_le, ECC_P256_SIZE_BYTES, ESP_LOG_DEBUG); - ESP_LOG_BUFFER_HEXDUMP("Expected Y:", y_mul_le, 32, ESP_LOG_DEBUG); - ESP_LOG_BUFFER_HEXDUMP("Got Y:", y_res_le, 32, ESP_LOG_DEBUG); + ESP_LOG_BUFFER_HEXDUMP("Expected Y:", y_mul_le, ECC_P256_SIZE_BYTES, ESP_LOG_DEBUG); + ESP_LOG_BUFFER_HEXDUMP("Got Y:", y_res_le, ECC_P256_SIZE_BYTES, ESP_LOG_DEBUG); - TEST_ASSERT_EQUAL_MEMORY_MESSAGE(x_mul_le, x_res_le, 32, "X coordinate of P256 point multiplication "); - TEST_ASSERT_EQUAL_MEMORY_MESSAGE(y_mul_le, y_res_le, 32, "Y coordinate of P256 point multiplication "); + TEST_ASSERT_EQUAL_MEMORY_MESSAGE(x_mul_le, x_res_le, ECC_P256_SIZE_BYTES, "X coordinate of P256 point multiplication "); + TEST_ASSERT_EQUAL_MEMORY_MESSAGE(y_mul_le, y_res_le, ECC_P256_SIZE_BYTES, "Y coordinate of P256 point multiplication "); - memset(x_res_le, 0x0, 32); - memset(y_res_le, 0x0, 32); - memset(x_mul_le, 0x0, 32); - memset(y_mul_le, 0x0, 32); + memset(x_res_le, 0x0, ECC_MAX_BUFFER_SIZE); + memset(y_res_le, 0x0, ECC_MAX_BUFFER_SIZE); + memset(x_mul_le, 0x0, ECC_MAX_BUFFER_SIZE); + memset(y_mul_le, 0x0, ECC_MAX_BUFFER_SIZE); /* P192 */ - ecc_be_to_le(ecc_p192_scalar, scalar_le, 24); - ecc_be_to_le(ecc_p192_point_x, x_le, 24); - ecc_be_to_le(ecc_p192_point_y, y_le, 24); + ecc_be_to_le(ecc_p192_scalar, scalar_le, ECC_P192_SIZE_BYTES); + ecc_be_to_le(ecc_p192_point_x, x_le, ECC_P192_SIZE_BYTES); + ecc_be_to_le(ecc_p192_point_y, y_le, ECC_P192_SIZE_BYTES); - ecc_point_mul(scalar_le, x_le, y_le, 24, verify_first, x_res_le, y_res_le); + ecc_point_mul(scalar_le, x_le, y_le, ECC_P192_SIZE_BYTES, verify_first, x_res_le, y_res_le); - ecc_be_to_le(ecc_p192_mul_res_x, x_mul_le, 24); - ecc_be_to_le(ecc_p192_mul_res_y, y_mul_le, 24); + ecc_be_to_le(ecc_p192_mul_res_x, x_mul_le, ECC_P192_SIZE_BYTES); + ecc_be_to_le(ecc_p192_mul_res_y, y_mul_le, ECC_P192_SIZE_BYTES); - ESP_LOG_BUFFER_HEXDUMP("Expected X:", x_mul_le, 32, ESP_LOG_DEBUG); - ESP_LOG_BUFFER_HEXDUMP("Got X:", x_res_le, 32, ESP_LOG_DEBUG); + ESP_LOG_BUFFER_HEXDUMP("Expected X:", x_mul_le, ECC_P256_SIZE_BYTES, ESP_LOG_DEBUG); + ESP_LOG_BUFFER_HEXDUMP("Got X:", x_res_le, ECC_P256_SIZE_BYTES, ESP_LOG_DEBUG); - ESP_LOG_BUFFER_HEXDUMP("Expected Y:", y_mul_le, 32, ESP_LOG_DEBUG); - ESP_LOG_BUFFER_HEXDUMP("Got Y:", y_res_le, 32, ESP_LOG_DEBUG); + ESP_LOG_BUFFER_HEXDUMP("Expected Y:", y_mul_le, ECC_P256_SIZE_BYTES, ESP_LOG_DEBUG); + ESP_LOG_BUFFER_HEXDUMP("Got Y:", y_res_le, ECC_P256_SIZE_BYTES, ESP_LOG_DEBUG); - TEST_ASSERT_EQUAL_MEMORY_MESSAGE(x_mul_le, x_res_le, 24, "X coordinate of P192 point multiplication "); - TEST_ASSERT_EQUAL_MEMORY_MESSAGE(y_mul_le, y_res_le, 24, "Y coordinate of P192 point multiplication "); + TEST_ASSERT_EQUAL_MEMORY_MESSAGE(x_mul_le, x_res_le, ECC_P192_SIZE_BYTES, "X coordinate of P192 point multiplication "); + TEST_ASSERT_EQUAL_MEMORY_MESSAGE(y_mul_le, y_res_le, ECC_P192_SIZE_BYTES, "Y coordinate of P192 point multiplication "); + +#if SOC_ECC_SUPPORT_CURVE_P384 + if (ecc_ll_is_p384_curve_operations_supported()) { + memset(x_res_le, 0x0, ECC_MAX_BUFFER_SIZE); + memset(y_res_le, 0x0, ECC_MAX_BUFFER_SIZE); + memset(x_mul_le, 0x0, ECC_MAX_BUFFER_SIZE); + memset(y_mul_le, 0x0, ECC_MAX_BUFFER_SIZE); + + /* P384 */ + ecc_be_to_le(ecc_p384_scalar, scalar_le, ECC_P384_SIZE_BYTES); + ecc_be_to_le(ecc_p384_point_x, x_le, ECC_P384_SIZE_BYTES); + ecc_be_to_le(ecc_p384_point_y, y_le, ECC_P384_SIZE_BYTES); + + ecc_point_mul(scalar_le, x_le, y_le, ECC_P384_SIZE_BYTES, verify_first, x_res_le, y_res_le); + + ecc_be_to_le(ecc_p384_mul_res_x, x_mul_le, ECC_P384_SIZE_BYTES); + ecc_be_to_le(ecc_p384_mul_res_y, y_mul_le, ECC_P384_SIZE_BYTES); + + ESP_LOG_BUFFER_HEXDUMP("Expected Result X:", x_mul_le, ECC_P384_SIZE_BYTES, ESP_LOG_DEBUG); + ESP_LOG_BUFFER_HEXDUMP("Got Result X:", x_res_le, ECC_P384_SIZE_BYTES, ESP_LOG_DEBUG); + + ESP_LOG_BUFFER_HEXDUMP("Expected Result Y:", y_mul_le, ECC_P384_SIZE_BYTES, ESP_LOG_DEBUG); + ESP_LOG_BUFFER_HEXDUMP("Got Result Y:", y_res_le, ECC_P384_SIZE_BYTES, ESP_LOG_DEBUG); + + TEST_ASSERT_EQUAL_MEMORY_MESSAGE(x_mul_le, x_res_le, ECC_P384_SIZE_BYTES, "X coordinate of P384 point multiplication "); + TEST_ASSERT_EQUAL_MEMORY_MESSAGE(y_mul_le, y_res_le, ECC_P384_SIZE_BYTES, "Y coordinate of P384 point multiplication "); + } +#endif /* SOC_ECC_SUPPORT_CURVE_P384 */ } -TEST(ecc, ecc_point_multiplication_on_SECP192R1_and_SECP256R1) +TEST(ecc, ecc_point_multiplication_on_SECP192R1_SECP256R1_SECP384R1) { test_ecc_point_mul_inner(false); } @@ -153,17 +190,17 @@ static void test_ecc_point_mul_inner_constant_time(void) return; } #endif - uint8_t scalar_le[32]; - uint8_t x_le[32]; - uint8_t y_le[32]; + uint8_t scalar_le[ECC_MAX_BUFFER_SIZE]; + uint8_t x_le[ECC_MAX_BUFFER_SIZE]; + uint8_t y_le[ECC_MAX_BUFFER_SIZE]; /* P256 */ - ecc_be_to_le(ecc_p256_scalar, scalar_le, 32); - ecc_be_to_le(ecc_p256_point_x, x_le, 32); - ecc_be_to_le(ecc_p256_point_y, y_le, 32); + ecc_be_to_le(ecc_p256_scalar, scalar_le, ECC_P256_SIZE_BYTES); + ecc_be_to_le(ecc_p256_point_x, x_le, ECC_P256_SIZE_BYTES); + ecc_be_to_le(ecc_p256_point_y, y_le, ECC_P256_SIZE_BYTES); - uint8_t x_res_le[32]; - uint8_t y_res_le[32]; + uint8_t x_res_le[ECC_MAX_BUFFER_SIZE]; + uint8_t y_res_le[ECC_MAX_BUFFER_SIZE]; double deviation = 0; uint32_t elapsed_time, mean_elapsed_time, total_elapsed_time = 0; @@ -172,7 +209,7 @@ static void test_ecc_point_mul_inner_constant_time(void) for (int i = 0; i < loop_count; i++) { ccomp_timer_start(); - ecc_point_mul(scalar_le, x_le, y_le, 32, 0, x_res_le, y_res_le); + ecc_point_mul(scalar_le, x_le, y_le, ECC_P256_SIZE_BYTES, 0, x_res_le, y_res_le); elapsed_time = ccomp_timer_stop(); max_time = MAX(elapsed_time, max_time); @@ -185,9 +222,9 @@ static void test_ecc_point_mul_inner_constant_time(void) TEST_ASSERT_LESS_THAN_DOUBLE(CONST_TIME_DEVIATION_PERCENT, deviation); /* P192 */ - ecc_be_to_le(ecc_p192_scalar, scalar_le, 24); - ecc_be_to_le(ecc_p192_point_x, x_le, 24); - ecc_be_to_le(ecc_p192_point_y, y_le, 24); + ecc_be_to_le(ecc_p192_scalar, scalar_le, ECC_P192_SIZE_BYTES); + ecc_be_to_le(ecc_p192_point_x, x_le, ECC_P192_SIZE_BYTES); + ecc_be_to_le(ecc_p192_point_y, y_le, ECC_P192_SIZE_BYTES); max_time = 0; min_time = UINT32_MAX; @@ -195,7 +232,7 @@ static void test_ecc_point_mul_inner_constant_time(void) for (int i = 0; i < loop_count; i++) { ccomp_timer_start(); - ecc_point_mul(scalar_le, x_le, y_le, 24, 0, x_res_le, y_res_le); + ecc_point_mul(scalar_le, x_le, y_le, ECC_P192_SIZE_BYTES, 0, x_res_le, y_res_le); elapsed_time = ccomp_timer_stop(); max_time = MAX(elapsed_time, max_time); @@ -206,9 +243,36 @@ static void test_ecc_point_mul_inner_constant_time(void) deviation = ((double)(max_time - mean_elapsed_time) / mean_elapsed_time); TEST_ASSERT_LESS_THAN_DOUBLE(CONST_TIME_DEVIATION_PERCENT, deviation); + +#if SOC_ECC_SUPPORT_CURVE_P384 + if (ecc_ll_is_p384_curve_operations_supported()) { + /* P384 */ + ecc_be_to_le(ecc_p384_scalar, scalar_le, ECC_P384_SIZE_BYTES); + ecc_be_to_le(ecc_p384_point_x, x_le, ECC_P384_SIZE_BYTES); + ecc_be_to_le(ecc_p384_point_y, y_le, ECC_P384_SIZE_BYTES); + + max_time = 0; + min_time = UINT32_MAX; + total_elapsed_time = 0; + + for (int i = 0; i < loop_count; i++) { + ccomp_timer_start(); + ecc_point_mul(scalar_le, x_le, y_le, ECC_P384_SIZE_BYTES, 0, x_res_le, y_res_le); + elapsed_time = ccomp_timer_stop(); + + max_time = MAX(elapsed_time, max_time); + min_time = MIN(elapsed_time, min_time); + total_elapsed_time += elapsed_time; + } + mean_elapsed_time = total_elapsed_time / loop_count; + deviation = ((double)(max_time - mean_elapsed_time) / mean_elapsed_time); + + TEST_ASSERT_LESS_THAN_DOUBLE(CONST_TIME_DEVIATION_PERCENT, deviation); + } +#endif /* SOC_ECC_SUPPORT_CURVE_P384 */ } -TEST(ecc, ecc_point_multiplication_const_time_check_on_SECP192R1_and_SECP256R1) +TEST(ecc, ecc_point_multiplication_const_time_check_on_SECP192R1_SECP256R1_SECP384R1) { test_ecc_point_mul_inner_constant_time(); } @@ -235,42 +299,59 @@ static int ecc_point_verify(const uint8_t *x_le, const uint8_t *y_le, uint8_t le return ret; } -TEST(ecc, ecc_point_verification_on_SECP192R1_and_SECP256R1) +TEST(ecc, ecc_point_verification_on_SECP192R1_SECP256R1_SECP384R1) { int res; - uint8_t x_le[32]; - uint8_t y_le[32]; + uint8_t x_le[ECC_MAX_BUFFER_SIZE]; + uint8_t y_le[ECC_MAX_BUFFER_SIZE]; /* P256 */ - ecc_be_to_le(ecc_p256_point_x, x_le, 32); - ecc_be_to_le(ecc_p256_point_y, y_le, 32); + ecc_be_to_le(ecc_p256_point_x, x_le, ECC_P256_SIZE_BYTES); + ecc_be_to_le(ecc_p256_point_y, y_le, ECC_P256_SIZE_BYTES); // Case 1: Correct point on curve - res = ecc_point_verify(x_le, y_le, 32); + res = ecc_point_verify(x_le, y_le, ECC_P256_SIZE_BYTES); TEST_ASSERT_EQUAL(1, res); // Case 2: Modify one byte from the point x_le[6] = x_le[6] ^ 0xFF; - res = ecc_point_verify(x_le, y_le, 32); + res = ecc_point_verify(x_le, y_le, ECC_P256_SIZE_BYTES); TEST_ASSERT_EQUAL(0, res); /* P192 */ - ecc_be_to_le(ecc_p192_point_x, x_le, 24); - ecc_be_to_le(ecc_p192_point_y, y_le, 24); + ecc_be_to_le(ecc_p192_point_x, x_le, ECC_P192_SIZE_BYTES); + ecc_be_to_le(ecc_p192_point_y, y_le, ECC_P192_SIZE_BYTES); // Case 1: Correct point on curve - res = ecc_point_verify(x_le, y_le, 24); + res = ecc_point_verify(x_le, y_le, ECC_P192_SIZE_BYTES); TEST_ASSERT_EQUAL(1, res); // Case 2: Modify one byte from the point x_le[6] = x_le[6] ^ 0xFF; - res = ecc_point_verify(x_le, y_le, 24); + res = ecc_point_verify(x_le, y_le, ECC_P192_SIZE_BYTES); TEST_ASSERT_EQUAL(0, res); + +#if SOC_ECC_SUPPORT_CURVE_P384 + if (ecc_ll_is_p384_curve_operations_supported()) { + /* P384 */ + ecc_be_to_le(ecc_p384_point_x, x_le, ECC_P384_SIZE_BYTES); + ecc_be_to_le(ecc_p384_point_y, y_le, ECC_P384_SIZE_BYTES); + + // Case 1: Correct point on curve + res = ecc_point_verify(x_le, y_le, ECC_P384_SIZE_BYTES); + TEST_ASSERT_EQUAL(1, res); + + // Case 2: Modify one byte from the point + x_le[6] = x_le[6] ^ 0xFF; + res = ecc_point_verify(x_le, y_le, ECC_P384_SIZE_BYTES); + TEST_ASSERT_EQUAL(0, res); + } +#endif /* SOC_ECC_SUPPORT_CURVE_P384 */ } #endif #if SOC_ECC_SUPPORT_POINT_MULT && SOC_ECC_SUPPORT_POINT_VERIFY && !defined(SOC_ECC_SUPPORT_POINT_VERIFY_QUIRK) -TEST(ecc, ecc_point_verification_and_multiplication_on_SECP192R1_and_SECP256R1) +TEST(ecc, ecc_point_verification_and_multiplication_on_SECP192R1_SECP256R1_SECP384R1) { test_ecc_point_mul_inner(true); } @@ -281,7 +362,7 @@ static void ecc_point_inv_mul(const uint8_t *num_le, const uint8_t *deno_le, uin { esp_crypto_ecc_enable_periph_clk(true); - uint8_t zero[32] = {0}; + uint8_t zero[ECC_MAX_BUFFER_SIZE] = {0}; ecc_hal_write_mul_param(zero, num_le, deno_le, len); ecc_hal_set_mode(ECC_MODE_INVERSE_MUL); @@ -296,14 +377,24 @@ static void ecc_point_inv_mul(const uint8_t *num_le, const uint8_t *deno_le, uin esp_crypto_ecc_enable_periph_clk(false); } -TEST(ecc, ecc_inverse_multiplication_or_mod_division_using_SECP192R1_and_SECP256R1_order_of_curve) +TEST(ecc, ecc_inverse_multiplication_or_mod_division_using_SECP192R1_SECP256R1_SECP384R1_order_of_curve) { - uint8_t res[32] = {0}; - ecc_point_inv_mul(ecc256_num, ecc256_den, 32, res); - TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc256_inv_mul_res, res, 32, "P256 Inverse multiplication (or Mod division)"); + uint8_t res[ECC_MAX_BUFFER_SIZE] = {0}; + ecc_point_inv_mul(ecc256_num, ecc256_den, ECC_P256_SIZE_BYTES, res); + TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc256_inv_mul_res, res, ECC_P256_SIZE_BYTES, "P256 Inverse multiplication (or Mod division)"); - ecc_point_inv_mul(ecc192_num, ecc192_den, 24, res); - TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc192_inv_mul_res, res, 24, "P192 Inverse multiplication (or Mod division)"); + ecc_point_inv_mul(ecc192_num, ecc192_den, ECC_P192_SIZE_BYTES, res); + TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc192_inv_mul_res, res, ECC_P192_SIZE_BYTES, "P192 Inverse multiplication (or Mod division)"); + +#if SOC_ECC_SUPPORT_CURVE_P384 + if (ecc_ll_is_p384_curve_operations_supported()) { + ecc_point_inv_mul(ecc384_num, ecc384_den, ECC_P384_SIZE_BYTES, res); + ESP_LOG_BUFFER_HEXDUMP("Expected Result X:", ecc384_inv_mul_res, ECC_P384_SIZE_BYTES, ESP_LOG_DEBUG); + ESP_LOG_BUFFER_HEXDUMP("Got Result X:", res, ECC_P384_SIZE_BYTES, ESP_LOG_DEBUG); + + TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc384_inv_mul_res, res, ECC_P384_SIZE_BYTES, "P384 Inverse multiplication (or Mod division)"); + } +#endif /* SOC_ECC_SUPPORT_CURVE_P384 */ } #endif @@ -331,42 +422,61 @@ static void ecc_jacob_mul(uint8_t *k_le, uint8_t *x_le, uint8_t *y_le, uint8_t l static void test_ecc_jacob_mul_inner(bool verify_first) { - uint8_t scalar_le[32]; - uint8_t x_le[32]; - uint8_t y_le[32]; + uint8_t scalar_le[ECC_MAX_BUFFER_SIZE]; + uint8_t x_le[ECC_MAX_BUFFER_SIZE]; + uint8_t y_le[ECC_MAX_BUFFER_SIZE]; /* P256 */ - ecc_be_to_le(ecc_p256_scalar, scalar_le, 32); - ecc_be_to_le(ecc_p256_point_x, x_le, 32); - ecc_be_to_le(ecc_p256_point_y, y_le, 32); + ecc_be_to_le(ecc_p256_scalar, scalar_le, ECC_P256_SIZE_BYTES); + ecc_be_to_le(ecc_p256_point_x, x_le, ECC_P256_SIZE_BYTES); + ecc_be_to_le(ecc_p256_point_y, y_le, ECC_P256_SIZE_BYTES); - uint8_t x_res_le[32]; - uint8_t y_res_le[32]; - uint8_t z_res_le[32]; + uint8_t x_res_le[ECC_MAX_BUFFER_SIZE]; + uint8_t y_res_le[ECC_MAX_BUFFER_SIZE]; + uint8_t z_res_le[ECC_MAX_BUFFER_SIZE]; - ecc_jacob_mul(scalar_le, x_le, y_le, 32, verify_first, x_res_le, y_res_le, z_res_le); + ecc_jacob_mul(scalar_le, x_le, y_le, ECC_P256_SIZE_BYTES, verify_first, x_res_le, y_res_le, z_res_le); - TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc_p256_jacob_mul_res_x_le, x_res_le, 32, "X coordinate of P256 point jacobian multiplication "); - TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc_p256_jacob_mul_res_y_le, y_res_le, 32, "Y coordinate of P256 point jacobian multiplication "); - TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc_p256_jacob_mul_res_z_le, z_res_le, 32, "Z coordinate of P256 point jacobian multiplication "); + TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc_p256_jacob_mul_res_x_le, x_res_le, ECC_P256_SIZE_BYTES, "X coordinate of P256 point jacobian multiplication "); + TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc_p256_jacob_mul_res_y_le, y_res_le, ECC_P256_SIZE_BYTES, "Y coordinate of P256 point jacobian multiplication "); + TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc_p256_jacob_mul_res_z_le, z_res_le, ECC_P256_SIZE_BYTES, "Z coordinate of P256 point jacobian multiplication "); - memset(x_res_le, 0x0, 32); - memset(y_res_le, 0x0, 32); - memset(z_res_le, 0x0, 32); + memset(x_res_le, 0x0, ECC_MAX_BUFFER_SIZE); + memset(y_res_le, 0x0, ECC_MAX_BUFFER_SIZE); + memset(z_res_le, 0x0, ECC_MAX_BUFFER_SIZE); /* P192 */ - ecc_be_to_le(ecc_p192_scalar, scalar_le, 24); - ecc_be_to_le(ecc_p192_point_x, x_le, 24); - ecc_be_to_le(ecc_p192_point_y, y_le, 24); + ecc_be_to_le(ecc_p192_scalar, scalar_le, ECC_P192_SIZE_BYTES); + ecc_be_to_le(ecc_p192_point_x, x_le, ECC_P192_SIZE_BYTES); + ecc_be_to_le(ecc_p192_point_y, y_le, ECC_P192_SIZE_BYTES); - ecc_jacob_mul(scalar_le, x_le, y_le, 24, verify_first, x_res_le, y_res_le, z_res_le); + ecc_jacob_mul(scalar_le, x_le, y_le, ECC_P192_SIZE_BYTES, verify_first, x_res_le, y_res_le, z_res_le); - TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc_p192_jacob_mul_res_x_le, x_res_le, 24, "X coordinate of P192 point jacobian multiplication "); - TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc_p192_jacob_mul_res_y_le, y_res_le, 24, "Y coordinate of P192 point jacobian multiplication "); - TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc_p192_jacob_mul_res_z_le, z_res_le, 24, "Z coordinate of P192 point jacobian multiplication "); + TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc_p192_jacob_mul_res_x_le, x_res_le, ECC_P192_SIZE_BYTES, "X coordinate of P192 point jacobian multiplication "); + TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc_p192_jacob_mul_res_y_le, y_res_le, ECC_P192_SIZE_BYTES, "Y coordinate of P192 point jacobian multiplication "); + TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc_p192_jacob_mul_res_z_le, z_res_le, ECC_P192_SIZE_BYTES, "Z coordinate of P192 point jacobian multiplication "); + +#if SOC_ECC_SUPPORT_CURVE_P384 + if (ecc_ll_is_p384_curve_operations_supported()) { + memset(x_res_le, 0x0, ECC_MAX_BUFFER_SIZE); + memset(y_res_le, 0x0, ECC_MAX_BUFFER_SIZE); + memset(z_res_le, 0x0, ECC_MAX_BUFFER_SIZE); + + /* P384 */ + ecc_be_to_le(ecc_p384_scalar, scalar_le, ECC_P384_SIZE_BYTES); + ecc_be_to_le(ecc_p384_point_x, x_le, ECC_P384_SIZE_BYTES); + ecc_be_to_le(ecc_p384_point_y, y_le, ECC_P384_SIZE_BYTES); + + ecc_jacob_mul(scalar_le, x_le, y_le, ECC_P384_SIZE_BYTES, verify_first, x_res_le, y_res_le, z_res_le); + + TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc_p384_jacob_mul_res_x_le, x_res_le, ECC_P384_SIZE_BYTES, "X coordinate of P384 point jacobian multiplication "); + TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc_p384_jacob_mul_res_y_le, y_res_le, ECC_P384_SIZE_BYTES, "Y coordinate of P384 point jacobian multiplication "); + TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc_p384_jacob_mul_res_z_le, z_res_le, ECC_P384_SIZE_BYTES, "Z coordinate of P384 point jacobian multiplication "); + } +#endif /* SOC_ECC_SUPPORT_CURVE_P384 */ } -TEST(ecc, ecc_jacobian_point_multiplication_on_SECP192R1_and_SECP256R1) +TEST(ecc, ecc_jacobian_point_multiplication_on_SECP192R1_SECP256R1_SECP384R1) { test_ecc_jacob_mul_inner(false); } @@ -393,21 +503,29 @@ static int ecc_jacob_verify(const uint8_t *x_le, const uint8_t *y_le, const uint return ret; } -TEST(ecc, ecc_jacobian_point_verification_on_SECP192R1_and_SECP256R1) +TEST(ecc, ecc_jacobian_point_verification_on_SECP192R1_SECP256R1_SECP384R1) { int res; /* P256 */ - res = ecc_jacob_verify(ecc_p256_jacob_mul_res_x_le, ecc_p256_jacob_mul_res_y_le, ecc_p256_jacob_mul_res_z_le, 32); + res = ecc_jacob_verify(ecc_p256_jacob_mul_res_x_le, ecc_p256_jacob_mul_res_y_le, ecc_p256_jacob_mul_res_z_le, ECC_P256_SIZE_BYTES); TEST_ASSERT_EQUAL(1, res); /* P192 */ - res = ecc_jacob_verify(ecc_p192_jacob_mul_res_x_le, ecc_p192_jacob_mul_res_y_le, ecc_p192_jacob_mul_res_z_le, 24); + res = ecc_jacob_verify(ecc_p192_jacob_mul_res_x_le, ecc_p192_jacob_mul_res_y_le, ecc_p192_jacob_mul_res_z_le, ECC_P192_SIZE_BYTES); TEST_ASSERT_EQUAL(1, res); + +#if SOC_ECC_SUPPORT_CURVE_P384 + if (ecc_ll_is_p384_curve_operations_supported()) { + /* P384 */ + res = ecc_jacob_verify(ecc_p384_jacob_mul_res_x_le, ecc_p384_jacob_mul_res_y_le, ecc_p384_jacob_mul_res_z_le, ECC_P384_SIZE_BYTES); + TEST_ASSERT_EQUAL(1, res); + } +#endif /* SOC_ECC_SUPPORT_CURVE_P384 */ } #endif #if SOC_ECC_SUPPORT_JACOB_POINT_MULT && SOC_ECC_SUPPORT_JACOB_POINT_VERIFY -TEST(ecc, ecc_point_verification_and_jacobian_point_multiplication_on_SECP192R1_and_SECP256R1) +TEST(ecc, ecc_point_verification_and_jacobian_point_multiplication_on_SECP192R1_SECP256R1_SECP384R1) { test_ecc_jacob_mul_inner(true); } @@ -434,56 +552,78 @@ static void ecc_point_addition(uint8_t *px_le, uint8_t *py_le, uint8_t *qx_le, u esp_crypto_ecc_enable_periph_clk(false); } -TEST(ecc, ecc_point_addition_on_SECP192R1_and_SECP256R1) +TEST(ecc, ecc_point_addition_on_SECP192R1_SECP256R1_SECP384R1) { - uint8_t scalar_le[32] = {0}; - uint8_t x_le[32] = {0}; - uint8_t y_le[32] = {0}; - uint8_t z_le[32] = {0}; + uint8_t scalar_le[ECC_MAX_BUFFER_SIZE] = {0}; + uint8_t x_le[ECC_MAX_BUFFER_SIZE] = {0}; + uint8_t y_le[ECC_MAX_BUFFER_SIZE] = {0}; + uint8_t z_le[ECC_MAX_BUFFER_SIZE] = {0}; /* P256 * R = 2 * P */ - ecc_be_to_le(ecc_p256_point_x, x_le, 32); - ecc_be_to_le(ecc_p256_point_y, y_le, 32); + ecc_be_to_le(ecc_p256_point_x, x_le, ECC_P256_SIZE_BYTES); + ecc_be_to_le(ecc_p256_point_y, y_le, ECC_P256_SIZE_BYTES); scalar_le[0] = 0x2; - uint8_t x_res_le[32]; - uint8_t y_res_le[32]; - uint8_t z_res_le[32]; + uint8_t x_res_le[ECC_MAX_BUFFER_SIZE]; + uint8_t y_res_le[ECC_MAX_BUFFER_SIZE]; + uint8_t z_res_le[ECC_MAX_BUFFER_SIZE]; - ecc_jacob_mul(scalar_le, x_le, y_le, 32, 0, x_res_le, y_res_le, z_res_le); + ecc_jacob_mul(scalar_le, x_le, y_le, ECC_P256_SIZE_BYTES, 0, x_res_le, y_res_le, z_res_le); - uint8_t x_add_le[32]; - uint8_t y_add_le[32]; - uint8_t z_add_le[32]; + uint8_t x_add_le[ECC_MAX_BUFFER_SIZE]; + uint8_t y_add_le[ECC_MAX_BUFFER_SIZE]; + uint8_t z_add_le[ECC_MAX_BUFFER_SIZE]; z_le[0] = 0x1; - ecc_point_addition(x_le, y_le, x_le, y_le, z_le, 32, 1, x_add_le, y_add_le, z_add_le); + ecc_point_addition(x_le, y_le, x_le, y_le, z_le, ECC_P256_SIZE_BYTES, 1, x_add_le, y_add_le, z_add_le); - TEST_ASSERT_EQUAL_MEMORY_MESSAGE(x_add_le, x_res_le, 32, "X coordinate of P256 point addition"); - TEST_ASSERT_EQUAL_MEMORY_MESSAGE(y_add_le, y_res_le, 32, "Y coordinate of P256 point addition"); - TEST_ASSERT_EQUAL_MEMORY_MESSAGE(z_add_le, z_res_le, 32, "Z coordinate of P256 point addition"); + TEST_ASSERT_EQUAL_MEMORY_MESSAGE(x_add_le, x_res_le, ECC_P256_SIZE_BYTES, "X coordinate of P256 point addition"); + TEST_ASSERT_EQUAL_MEMORY_MESSAGE(y_add_le, y_res_le, ECC_P256_SIZE_BYTES, "Y coordinate of P256 point addition"); + TEST_ASSERT_EQUAL_MEMORY_MESSAGE(z_add_le, z_res_le, ECC_P256_SIZE_BYTES, "Z coordinate of P256 point addition"); /* P192 * R = 2 * P */ - ecc_be_to_le(ecc_p192_point_x, x_le, 24); - ecc_be_to_le(ecc_p192_point_y, y_le, 24); + ecc_be_to_le(ecc_p192_point_x, x_le, ECC_P192_SIZE_BYTES); + ecc_be_to_le(ecc_p192_point_y, y_le, ECC_P192_SIZE_BYTES); scalar_le[0] = 0x2; - ecc_jacob_mul(scalar_le, x_le, y_le, 24, 0, x_res_le, y_res_le, z_res_le); + ecc_jacob_mul(scalar_le, x_le, y_le, ECC_P192_SIZE_BYTES, 0, x_res_le, y_res_le, z_res_le); z_le[0] = 0x1; - ecc_point_addition(x_le, y_le, x_le, y_le, z_le, 24, 1, x_add_le, y_add_le, z_add_le); + ecc_point_addition(x_le, y_le, x_le, y_le, z_le, ECC_P192_SIZE_BYTES, 1, x_add_le, y_add_le, z_add_le); - TEST_ASSERT_EQUAL_MEMORY_MESSAGE(x_add_le, x_res_le, 24, "X coordinate of P192 point addition"); - TEST_ASSERT_EQUAL_MEMORY_MESSAGE(y_add_le, y_res_le, 24, "Y coordinate of P192 point addition"); - TEST_ASSERT_EQUAL_MEMORY_MESSAGE(z_add_le, z_res_le, 24, "Z coordinate of P192 point addition"); + TEST_ASSERT_EQUAL_MEMORY_MESSAGE(x_add_le, x_res_le, ECC_P192_SIZE_BYTES, "X coordinate of P192 point addition"); + TEST_ASSERT_EQUAL_MEMORY_MESSAGE(y_add_le, y_res_le, ECC_P192_SIZE_BYTES, "Y coordinate of P192 point addition"); + TEST_ASSERT_EQUAL_MEMORY_MESSAGE(z_add_le, z_res_le, ECC_P192_SIZE_BYTES, "Z coordinate of P192 point addition"); + +#if SOC_ECC_SUPPORT_CURVE_P384 + if (ecc_ll_is_p384_curve_operations_supported()) { + /* P384 + * R = 2 * P + */ + ecc_be_to_le(ecc_p384_point_x, x_le, ECC_P384_SIZE_BYTES); + ecc_be_to_le(ecc_p384_point_y, y_le, ECC_P384_SIZE_BYTES); + + scalar_le[0] = 0x2; + + ecc_jacob_mul(scalar_le, x_le, y_le, ECC_P384_SIZE_BYTES, 0, x_res_le, y_res_le, z_res_le); + + z_le[0] = 0x1; + + ecc_point_addition(x_le, y_le, x_le, y_le, z_le, ECC_P384_SIZE_BYTES, 1, x_add_le, y_add_le, z_add_le); + + TEST_ASSERT_EQUAL_MEMORY_MESSAGE(x_add_le, x_res_le, ECC_P384_SIZE_BYTES, "X coordinate of P384 point addition"); + TEST_ASSERT_EQUAL_MEMORY_MESSAGE(y_add_le, y_res_le, ECC_P384_SIZE_BYTES, "Y coordinate of P384 point addition"); + TEST_ASSERT_EQUAL_MEMORY_MESSAGE(z_add_le, z_res_le, ECC_P384_SIZE_BYTES, "Z coordinate of P384 point addition"); + } +#endif /* SOC_ECC_SUPPORT_CURVE_P384 */ } #endif @@ -508,87 +648,109 @@ static void ecc_mod_op(ecc_mode_t mode, const uint8_t *a, const uint8_t *b, uint #endif #if SOC_ECC_SUPPORT_MOD_ADD -TEST(ecc, ecc_mod_addition_using_SECP192R1_and_SECP256R1_order_of_curve) +TEST(ecc, ecc_mod_addition_using_SECP192R1_SECP256R1_SECP384R1_order_of_curve) { - uint8_t res[32] = {0}; - ecc_mod_op(ECC_MODE_MOD_ADD, ecc256_x, ecc256_y, 32, res); - TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc256_add_res, res, 32, "P256 mod addition"); + uint8_t res[ECC_MAX_BUFFER_SIZE] = {0}; + ecc_mod_op(ECC_MODE_MOD_ADD, ecc256_x, ecc256_y, ECC_P256_SIZE_BYTES, res); + TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc256_add_res, res, ECC_P256_SIZE_BYTES, "P256 mod addition"); - ecc_mod_op(ECC_MODE_MOD_ADD, ecc192_x, ecc192_y, 24, res); - TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc192_add_res, res, 24, "P192 mod addition"); + ecc_mod_op(ECC_MODE_MOD_ADD, ecc192_x, ecc192_y, ECC_P192_SIZE_BYTES, res); + TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc192_add_res, res, ECC_P192_SIZE_BYTES, "P192 mod addition"); + +#if SOC_ECC_SUPPORT_CURVE_P384 + if (ecc_ll_is_p384_curve_operations_supported()) { + ecc_mod_op(ECC_MODE_MOD_ADD, ecc384_x, ecc384_y, ECC_P384_SIZE_BYTES, res); + TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc384_add_res, res, ECC_P384_SIZE_BYTES, "P384 mod addition"); + } +#endif /* SOC_ECC_SUPPORT_CURVE_P384 */ } #endif #if SOC_ECC_SUPPORT_MOD_SUB -TEST(ecc, ecc_mod_subtraction_using_SECP192R1_and_SECP256R1_order_of_curve) +TEST(ecc, ecc_mod_subtraction_using_SECP192R1_SECP256R1_SECP384R1_order_of_curve) { - uint8_t res[32] = {0}; - ecc_mod_op(ECC_MODE_MOD_SUB, ecc256_x, ecc256_y, 32, res); - TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc256_sub_res, res, 32, "P256 mod subtraction"); + uint8_t res[ECC_MAX_BUFFER_SIZE] = {0}; + ecc_mod_op(ECC_MODE_MOD_SUB, ecc256_x, ecc256_y, ECC_P256_SIZE_BYTES, res); + TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc256_sub_res, res, ECC_P256_SIZE_BYTES, "P256 mod subtraction"); - ecc_mod_op(ECC_MODE_MOD_SUB, ecc192_x, ecc192_y, 24, res); - TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc192_sub_res, res, 24, "P192 mod subtraction"); + ecc_mod_op(ECC_MODE_MOD_SUB, ecc192_x, ecc192_y, ECC_P192_SIZE_BYTES, res); + TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc192_sub_res, res, ECC_P192_SIZE_BYTES, "P192 mod subtraction"); + +#if SOC_ECC_SUPPORT_CURVE_P384 + if (ecc_ll_is_p384_curve_operations_supported()) { + ecc_mod_op(ECC_MODE_MOD_SUB, ecc384_x, ecc384_y, ECC_P384_SIZE_BYTES, res); + TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc384_sub_res, res, ECC_P384_SIZE_BYTES, "P384 mod subtraction"); + } +#endif /* SOC_ECC_SUPPORT_CURVE_P384 */ } #endif #if SOC_ECC_SUPPORT_MOD_MUL -TEST(ecc, ecc_mod_multiplication_using_SECP192R1_and_SECP256R1_order_of_curve) +TEST(ecc, ecc_mod_multiplication_using_SECP192R1_SECP256R1_SECP384R1_order_of_curve) { - uint8_t res[32] = {0}; - ecc_mod_op(ECC_MODE_MOD_MUL, ecc256_x, ecc256_y, 32, res); - TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc256_mul_res, res, 32, "P256 mod multiplication"); + uint8_t res[ECC_MAX_BUFFER_SIZE] = {0}; + ecc_mod_op(ECC_MODE_MOD_MUL, ecc256_x, ecc256_y, ECC_P256_SIZE_BYTES, res); + TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc256_mul_res, res, ECC_P256_SIZE_BYTES, "P256 mod multiplication"); - ecc_mod_op(ECC_MODE_MOD_MUL, ecc192_x, ecc192_y, 24, res); - TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc192_mul_res, res, 24, "P192 mod multiplication"); + ecc_mod_op(ECC_MODE_MOD_MUL, ecc192_x, ecc192_y, ECC_P192_SIZE_BYTES, res); + TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc192_mul_res, res, ECC_P192_SIZE_BYTES, "P192 mod multiplication"); + +#if SOC_ECC_SUPPORT_CURVE_P384 + if (ecc_ll_is_p384_curve_operations_supported()) { + ecc_mod_op(ECC_MODE_MOD_MUL, ecc384_x, ecc384_y, ECC_P384_SIZE_BYTES, res); + TEST_ASSERT_EQUAL_MEMORY_MESSAGE(ecc384_mul_res, res, ECC_P384_SIZE_BYTES, "P384 mod multiplication"); + } +#endif /* SOC_ECC_SUPPORT_CURVE_P384 */ } #endif + TEST_GROUP_RUNNER(ecc) { #if SOC_ECC_SUPPORT_POINT_MULT - RUN_TEST_CASE(ecc, ecc_point_multiplication_on_SECP192R1_and_SECP256R1); + RUN_TEST_CASE(ecc, ecc_point_multiplication_on_SECP192R1_SECP256R1_SECP384R1); #if SOC_ECC_CONSTANT_TIME_POINT_MUL - RUN_TEST_CASE(ecc, ecc_point_multiplication_const_time_check_on_SECP192R1_and_SECP256R1); + RUN_TEST_CASE(ecc, ecc_point_multiplication_const_time_check_on_SECP192R1_SECP256R1_SECP384R1); #endif #endif #if SOC_ECC_SUPPORT_POINT_VERIFY && !defined(SOC_ECC_SUPPORT_POINT_VERIFY_QUIRK) - RUN_TEST_CASE(ecc, ecc_point_verification_on_SECP192R1_and_SECP256R1); + RUN_TEST_CASE(ecc, ecc_point_verification_on_SECP192R1_SECP256R1_SECP384R1); #endif #if SOC_ECC_SUPPORT_POINT_MULT && SOC_ECC_SUPPORT_POINT_VERIFY && !defined(SOC_ECC_SUPPORT_POINT_VERIFY_QUIRK) - RUN_TEST_CASE(ecc, ecc_point_verification_and_multiplication_on_SECP192R1_and_SECP256R1); + RUN_TEST_CASE(ecc, ecc_point_verification_and_multiplication_on_SECP192R1_SECP256R1_SECP384R1); #endif #if SOC_ECC_SUPPORT_POINT_DIVISION - RUN_TEST_CASE(ecc, ecc_inverse_multiplication_or_mod_division_using_SECP192R1_and_SECP256R1_order_of_curve); + RUN_TEST_CASE(ecc, ecc_inverse_multiplication_or_mod_division_using_SECP192R1_SECP256R1_SECP384R1_order_of_curve); #endif #if SOC_ECC_SUPPORT_JACOB_POINT_MULT - RUN_TEST_CASE(ecc, ecc_jacobian_point_multiplication_on_SECP192R1_and_SECP256R1); + RUN_TEST_CASE(ecc, ecc_jacobian_point_multiplication_on_SECP192R1_SECP256R1_SECP384R1); #endif #if SOC_ECC_SUPPORT_JACOB_POINT_VERIFY - RUN_TEST_CASE(ecc, ecc_jacobian_point_verification_on_SECP192R1_and_SECP256R1); + RUN_TEST_CASE(ecc, ecc_jacobian_point_verification_on_SECP192R1_SECP256R1_SECP384R1); #endif #if SOC_ECC_SUPPORT_JACOB_POINT_MULT && SOC_ECC_SUPPORT_JACOB_POINT_VERIFY - RUN_TEST_CASE(ecc, ecc_point_verification_and_jacobian_point_multiplication_on_SECP192R1_and_SECP256R1); + RUN_TEST_CASE(ecc, ecc_point_verification_and_jacobian_point_multiplication_on_SECP192R1_SECP256R1_SECP384R1); #endif #if SOC_ECC_SUPPORT_POINT_ADDITION - RUN_TEST_CASE(ecc, ecc_point_addition_on_SECP192R1_and_SECP256R1); + RUN_TEST_CASE(ecc, ecc_point_addition_on_SECP192R1_SECP256R1_SECP384R1); #endif #if SOC_ECC_SUPPORT_MOD_ADD - RUN_TEST_CASE(ecc, ecc_mod_addition_using_SECP192R1_and_SECP256R1_order_of_curve); + RUN_TEST_CASE(ecc, ecc_mod_addition_using_SECP192R1_SECP256R1_SECP384R1_order_of_curve); #endif #if SOC_ECC_SUPPORT_MOD_SUB - RUN_TEST_CASE(ecc, ecc_mod_subtraction_using_SECP192R1_and_SECP256R1_order_of_curve); + RUN_TEST_CASE(ecc, ecc_mod_subtraction_using_SECP192R1_SECP256R1_SECP384R1_order_of_curve); #endif #if SOC_ECC_SUPPORT_MOD_MUL - RUN_TEST_CASE(ecc, ecc_mod_multiplication_using_SECP192R1_and_SECP256R1_order_of_curve); + RUN_TEST_CASE(ecc, ecc_mod_multiplication_using_SECP192R1_SECP256R1_SECP384R1_order_of_curve); #endif } diff --git a/components/soc/esp32c5/include/soc/Kconfig.soc_caps.in b/components/soc/esp32c5/include/soc/Kconfig.soc_caps.in index 156c1415ec..30fada2020 100644 --- a/components/soc/esp32c5/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32c5/include/soc/Kconfig.soc_caps.in @@ -1047,6 +1047,10 @@ config SOC_ECC_CONSTANT_TIME_POINT_MUL bool default y +config SOC_ECC_SUPPORT_CURVE_P384 + bool + default y + config SOC_ECDSA_SUPPORT_EXPORT_PUBKEY bool default y diff --git a/components/soc/esp32c5/include/soc/soc_caps.h b/components/soc/esp32c5/include/soc/soc_caps.h index 256729f244..95f0ce8602 100644 --- a/components/soc/esp32c5/include/soc/soc_caps.h +++ b/components/soc/esp32c5/include/soc/soc_caps.h @@ -421,6 +421,7 @@ /*--------------------------- ECC CAPS ---------------------------------------*/ #define SOC_ECC_CONSTANT_TIME_POINT_MUL 1 +#define SOC_ECC_SUPPORT_CURVE_P384 (1) /*--------------------------- ECDSA CAPS ---------------------------------------*/ #define SOC_ECDSA_SUPPORT_EXPORT_PUBKEY (1) diff --git a/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in b/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in index 9e80e3c042..c28cee48d6 100644 --- a/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in +++ b/components/soc/esp32p4/include/soc/Kconfig.soc_caps.in @@ -1419,6 +1419,14 @@ config SOC_SHA_SUPPORT_SHA512_T bool default y +config SOC_ECC_CONSTANT_TIME_POINT_MUL + bool + default y + +config SOC_ECC_SUPPORT_CURVE_P384 + bool + default y + config SOC_ECDSA_SUPPORT_EXPORT_PUBKEY bool default y diff --git a/components/soc/esp32p4/include/soc/soc_caps.h b/components/soc/esp32p4/include/soc/soc_caps.h index 1c13d7ca73..ed7db8bdab 100644 --- a/components/soc/esp32p4/include/soc/soc_caps.h +++ b/components/soc/esp32p4/include/soc/soc_caps.h @@ -529,6 +529,10 @@ #define SOC_SHA_SUPPORT_SHA512_256 (1) #define SOC_SHA_SUPPORT_SHA512_T (1) +/*--------------------------- ECC CAPS ---------------------------------------*/ +#define SOC_ECC_CONSTANT_TIME_POINT_MUL 1 +#define SOC_ECC_SUPPORT_CURVE_P384 (1) + /*--------------------------- ECDSA CAPS ---------------------------------------*/ #define SOC_ECDSA_SUPPORT_EXPORT_PUBKEY (1) #define SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE (1)