Merge branch 'feat/support_key_manager_esp32c5' into 'master'

Support key manager esp32c5

Closes IDF-12626, IDF-12628, IDF-12629, IDF-8621, IDF-9007, IDF-12855, IDF-9070, IDF-7902, and IDF-7548

See merge request espressif/esp-idf!38894

Author: Harshal5

components/bootloader_support/src/esp32c5/flash_encryption_secure_features.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2022-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -71,12 +71,9 @@ esp_err_t esp_flash_encryption_enable_secure_features(void)
 
 esp_err_t esp_flash_encryption_enable_key_mgr(void)
 {
-    // Enable and reset key manager
-    // To suppress build errors about spinlock's __DECLARE_RCC_ATOMIC_ENV
-    int __DECLARE_RCC_ATOMIC_ENV __attribute__ ((unused));
-    key_mgr_ll_enable_bus_clock(true);
-    key_mgr_ll_enable_peripheral_clock(true);
-    key_mgr_ll_reset_register();
+    _key_mgr_ll_enable_bus_clock(true);
+    _key_mgr_ll_enable_peripheral_clock(true);
+    _key_mgr_ll_reset_register();
 
     while (key_mgr_ll_get_state() != ESP_KEY_MGR_STATE_IDLE) {
     };

components/bootloader_support/src/esp32p4/flash_encryption_secure_features.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2022-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -53,12 +53,9 @@ esp_err_t esp_flash_encryption_enable_secure_features(void)
 
 esp_err_t esp_flash_encryption_enable_key_mgr(void)
 {
-    // Enable and reset key manager
-    // To suppress build errors about spinlock's __DECLARE_RCC_ATOMIC_ENV
-    int __DECLARE_RCC_ATOMIC_ENV __attribute__ ((unused));
-    key_mgr_ll_enable_bus_clock(true);
-    key_mgr_ll_enable_peripheral_clock(true);
-    key_mgr_ll_reset_register();
+    _key_mgr_ll_enable_bus_clock(true);
+    _key_mgr_ll_enable_peripheral_clock(true);
+    _key_mgr_ll_reset_register();
 
     while (key_mgr_ll_get_state() != ESP_KEY_MGR_STATE_IDLE) {
     };

components/esp_hw_support/include/esp_crypto_lock.h

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */

components/esp_hw_support/include/esp_hmac.h

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -9,6 +9,7 @@
 #include <stdbool.h>
 #include "esp_err.h"
 #include "soc/soc_caps.h"
+#include "hal/hmac_types.h"
 
 #if !SOC_HMAC_SUPPORTED && !CI_HEADER_CHECK
 #error "HMAC peripheral is not supported for the selected target"
@@ -18,19 +19,6 @@
 extern "C" {
 #endif
 
-/**
- * The possible efuse keys for the HMAC peripheral
- */
-typedef enum {
-    HMAC_KEY0 = 0,
-    HMAC_KEY1,
-    HMAC_KEY2,
-    HMAC_KEY3,
-    HMAC_KEY4,
-    HMAC_KEY5,
-    HMAC_KEY_MAX
-} hmac_key_id_t;
-
 /**
  * @brief
  * Calculate the HMAC of a given message.

components/esp_rom/esp32c5/include/esp32c5/rom/key_mgr.h

@@ -0,0 +1,115 @@
+/*
+ * SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#pragma once
+
+#include "soc/soc_caps.h"
+
+#if SOC_KEY_MANAGER_SUPPORTED
+
+#include "rom/ets_sys.h"
+#include "esp_attr.h"
+#include <stdint.h>
+#include "rom/km.h"
+
+#if __cplusplus
+extern "C" {
+#endif
+
+// store huk info, occupy 96 words
+struct huk_info {
+// store huk info, occupy 165 words
+#define HUK_INFO_LEN 660
+
+    uint8_t info[HUK_INFO_LEN];
+    uint32_t crc;
+} PACKED_ATTR;
+
+// store key info, occupy 512 bits
+struct key_info {
+#define KEY_INFO_LEN 64
+    uint8_t info[KEY_INFO_LEN];
+    uint32_t crc;
+} PACKED_ATTR;
+
+struct huk_key_block {
+#define KEY_HUK_SECTOR_MAGIC 0xDEA5CE5A
+    uint32_t magic;
+    uint32_t version; // for backward compatibility
+    uint8_t reserved[16];
+    struct huk_info huk_info;
+    struct key_info key_info[2]; // at most 2 key info (XTS-512_1 and XTS-512_2), at least use 1
+} WORD_ALIGNED_ATTR PACKED_ATTR;
+
+/*
+ * We define two info sectors "active" and "backup" here
+ * Most rom code would rely only on the "active" sector for the key information
+ *
+ * But there could be a situation where the huk and key information must be regenerated
+ * based on ageing and other factors. For that scenario, we need a "backup" sector
+ */
+#define KEY_HUK_SECTOR_OFFSET(i) ((i)*0x1000)
+#define ACTIVE_SECTOR_OFFSET     KEY_HUK_SECTOR_OFFSET(0)
+#define BACKUP_SECTOR_OFFSET     KEY_HUK_SECTOR_OFFSET(1)
+
+#define KM_PERI_ECDSA (BIT(0))
+#define KM_PERI_XTS   (BIT(1))
+
+struct km_deploy_ops {
+#define KM_KEY_PURPOSE_ECDSA_KEY_192   1
+#define KM_KEY_PURPOSE_ECDSA_KEY_256   2
+#define KM_KEY_PURPOSE_FLASH_XTS_256_1 3
+#define KM_KEY_PURPOSE_FLASH_XTS_256_2 4
+#define KM_KEY_PURPOSE_FLASH_XTS_128   5
+#define KM_KEY_PURPOSE_HMAC            6
+#define KM_KEY_PURPOSE_DS              7
+#define KM_KEY_PURPOSE_PSRAM_XTS_256_1 8
+#define KM_KEY_PURPOSE_PSRAM_XTS_256_2 9
+#define KM_KEY_PURPOSE_PSRAM_XTS_128   10
+#define KM_KEY_PURPOSE_ECDSA_KEY_384_L 11
+#define KM_KEY_PURPOSE_ECDSA_KEY_384_H 12
+    int km_key_purpose;
+#define KM_DEPLOY_MODE_RANDOM  0
+#define KM_DEPLOY_MODE_AES     1
+#define KM_DEPLOY_MODE_ECDH0   2
+#define KM_DEPLOY_MODE_ECDH1   3
+#define KM_DEPLOY_MODE_RECOVER 4
+#define KM_DEPLOY_MODE_EXPORT  5
+    int deploy_mode;
+    uint8_t *init_key; // 256 bits, only used in aes and ecdh1 deploy mode
+    int deploy_only_once;
+    int force_use_km_key;
+    int km_use_efuse_key;
+    uint32_t efuse_km_rnd_switch_cycle; // 0 means use default
+    uint32_t km_rnd_switch_cycle;       // 0 means use default
+    int km_use_sw_init_key;
+    struct huk_info *huk_info;
+    struct key_info *key_info;
+};
+
+/* state of km */
+#define KM_STATE_IDLE    0
+#define KM_STATE_LOAD    1
+#define KM_STATE_GAIN    2
+#define KM_STATE_BUSY    3
+#define KM_STATE_INVALID 4
+
+/* state of huk generator
+ * values defined same as km
+ */
+#define HUK_STATE_IDLE 0
+#define HUK_STATE_LOAD 1
+#define HUK_STATE_GAIN 2
+#define HUK_STATE_BUSY 3
+
+#define HUK_NOT_GENERATED 0
+#define HUK_GEN_VALID     1
+#define HUK_GEN_INVALID   2
+
+#if __cplusplus
+}
+#endif
+#endif

components/esp_security/include/esp_key_mgr.h

@@ -22,7 +22,7 @@ extern "C" {
 #define KEY_MGR_ASSIST_INFO_SIZE         64
 #define KEY_MGR_KEY_RECOVERY_INFO_SIZE   64
 
-#define KEY_MGR_HUK_INFO_SIZE            HUK_INFO_SIZE
+#define KEY_MGR_HUK_INFO_SIZE            HUK_INFO_LEN
 #define KEY_MGR_HUK_RISK_ALERT_LEVEL     HUK_RISK_ALERT_LEVEL
 
 /* AES deploy mode */

components/esp_security/src/esp_crypto_periph_clk.c

@@ -80,7 +80,10 @@ void esp_crypto_mpi_enable_periph_clk(bool enable)
     MPI_RCC_ATOMIC() {
         mpi_ll_enable_bus_clock(enable);
         if (enable) {
+            mpi_ll_power_up();
             mpi_ll_reset_register();
+        } else {
+            mpi_ll_power_down();
         }
     }
 }
@@ -141,9 +144,12 @@ void esp_crypto_ecdsa_enable_periph_clk(bool enable)
 void esp_crypto_key_mgr_enable_periph_clk(bool enable)
 {
     KEY_MANAGER_RCC_ATOMIC() {
+        key_mgr_ll_power_up();
         key_mgr_ll_enable_bus_clock(enable);
         key_mgr_ll_enable_peripheral_clock(enable);
-        key_mgr_ll_reset_register();
+        if (enable) {
+            key_mgr_ll_reset_register();
+        }
     }
 }
 #endif

components/esp_security/src/esp_ds.c

@@ -17,6 +17,7 @@
 #include "esp_cpu.h"
 #endif
 
+#include "soc/soc_caps.h"
 #include "esp_ds.h"
 #include "esp_crypto_lock.h"
 #include "esp_crypto_periph_clk.h"
@@ -37,6 +38,10 @@
 #include "hal/sha_ll.h"
 #endif /* !CONFIG_IDF_TARGET_ESP32S2 */
 
+#ifdef SOC_KEY_MANAGER_DS_KEY_DEPLOY
+#include "hal/key_mgr_hal.h"
+#endif
+
 /**
  * The vtask delay \c esp_ds_sign() is using while waiting for completion of the signing operation.
  */
@@ -247,22 +252,16 @@ static void ds_acquire_enable(void)
 
     // We also enable SHA and HMAC here. SHA is used by HMAC, HMAC is used by DS.
     esp_crypto_hmac_enable_periph_clk(true);
-
     esp_crypto_sha_enable_periph_clk(true);
-
+    esp_crypto_mpi_enable_periph_clk(true);
     esp_crypto_ds_enable_periph_clk(true);
-
-    hmac_hal_start();
 }
 
 static void ds_disable_release(void)
 {
-    ds_hal_finish();
-
     esp_crypto_ds_enable_periph_clk(false);
-
+    esp_crypto_mpi_enable_periph_clk(false);
     esp_crypto_sha_enable_periph_clk(false);
-
     esp_crypto_hmac_enable_periph_clk(false);
 
     esp_crypto_ds_lock_release();
@@ -326,19 +325,32 @@ esp_err_t esp_ds_start_sign(const void *message,
 
     ds_acquire_enable();
 
-    // initiate hmac
-    uint32_t conf_error = hmac_hal_configure(HMAC_OUTPUT_DS, key_id);
-    if (conf_error) {
-        ds_disable_release();
-        return ESP_ERR_HW_CRYPTO_DS_HMAC_FAIL;
+#if SOC_KEY_MANAGER_DS_KEY_DEPLOY
+    if (key_id == HMAC_KEY_KM) {
+        key_mgr_hal_set_key_usage(ESP_KEY_MGR_DS_KEY, ESP_KEY_MGR_USE_OWN_KEY);
+        ds_hal_set_key_source(DS_KEY_SOURCE_KEY_MGR);
+    } else {
+        key_mgr_hal_set_key_usage(ESP_KEY_MGR_DS_KEY, ESP_KEY_MGR_USE_EFUSE_KEY);
+        ds_hal_set_key_source(DS_KEY_SOURCE_EFUSE);
+#endif
+        // initiate hmac
+        hmac_hal_start();
+        uint32_t conf_error = hmac_hal_configure(HMAC_OUTPUT_DS, key_id);
+        if (conf_error) {
+            ds_disable_release();
+            return ESP_ERR_HW_CRYPTO_DS_HMAC_FAIL;
+        }
+#if SOC_KEY_MANAGER_DS_KEY_DEPLOY
     }
+#endif
 
     ds_hal_start();
 
     // check encryption key from HMAC
     int64_t start_time = get_time_us();
     while (ds_ll_busy() != 0) {
         if ((get_time_us() - start_time) > SOC_DS_KEY_CHECK_MAX_WAIT_US) {
+            ds_hal_finish();
             ds_disable_release();
             return ESP_ERR_HW_CRYPTO_DS_INVALID_KEY;
         }
@@ -348,6 +360,7 @@ esp_err_t esp_ds_start_sign(const void *message,
     *esp_ds_ctx = malloc(sizeof(esp_ds_context_t));
 #endif
     if (!*esp_ds_ctx) {
+        ds_hal_finish();
         ds_disable_release();
         return ESP_ERR_NO_MEM;
     }
@@ -398,6 +411,7 @@ esp_err_t esp_ds_finish_sign(void *signature, esp_ds_context_t *esp_ds_ctx)
 #endif
 
     hmac_hal_clean();
+    ds_hal_finish();
 
     ds_disable_release();