fix(hal): Make the ECDSA countermeasure dynamically applicable

AdityaHPatwardhan · AdityaHPatwardhan · commit bef2a72ecbd9 · 2025-01-24T11:50:17.000+08:00
This commit makes the ECDSA countermeasure dynamically applicable
    across different revisions of the ESP32H2 SoC.
diff --git a/components/esp_hw_support/port/esp32h2/Kconfig.hw_support b/components/esp_hw_support/port/esp32h2/Kconfig.hw_support
@@ -15,16 +15,13 @@ choice ESP32H2_REV_MIN
         bool "Rev v0.1 (ECO1)"
     config ESP32H2_REV_MIN_2
         bool "Rev v0.2 (ECO2)"
-    config ESP32H2_REV_MIN_102
-        bool "Rev v1.2 (ECO5)"
 endchoice
 
 config ESP32H2_REV_MIN_FULL
     int
     default 0 if ESP32H2_REV_MIN_0
     default 1 if ESP32H2_REV_MIN_1
     default 2 if ESP32H2_REV_MIN_2
-    default 102 if ESP32H2_REV_MIN_102
 
 config ESP_REV_MIN_FULL
     int
@@ -34,7 +31,7 @@ config ESP_REV_MIN_FULL
     # MAX Revision
     #
 
-    comment "Maximum Supported ESP32-H2 Revision (Rev v1.99)"
+    comment "Maximum Supported ESP32-H2 Revision (Rev v0.99)"
     # Maximum revision that IDF supports.
     # It can not be changed by user.
     # Only Espressif can change it when a new version will be supported in IDF.
diff --git a/components/esp_security/Kconfig b/components/esp_security/Kconfig
@@ -40,7 +40,6 @@ menu "ESP Security Specific"
     config ESP_CRYPTO_FORCE_ECC_CONSTANT_TIME_POINT_MUL
         bool "Forcefully enable ECC constant time point multiplication operations"
         depends on SOC_ECC_CONSTANT_TIME_POINT_MUL
-        depends on !(IDF_TARGET_ESP32H2 && ESP32H2_REV_MIN_FULL < 102)
         default N
         help
             If enabled, the app startup code will burn the ECC_FORCE_CONST_TIME efuse bit to force the
diff --git a/components/esp_security/src/init.c b/components/esp_security/src/init.c
@@ -12,6 +12,8 @@
 #include "esp_efuse_table.h"
 #include "esp_security_priv.h"
 #include "esp_err.h"
+#include "hal/efuse_hal.h"
+
 #if SOC_KEY_MANAGER_ECDSA_KEY_DEPLOY || SOC_KEY_MANAGER_FE_KEY_DEPLOY
 #include "hal/key_mgr_ll.h"
 #endif
@@ -41,7 +43,13 @@ ESP_SYSTEM_INIT_FN(esp_security_init, SECONDARY, BIT(0), 103)
 #endif
 
 #if CONFIG_ESP_CRYPTO_FORCE_ECC_CONSTANT_TIME_POINT_MUL
-    if (!esp_efuse_read_field_bit(ESP_EFUSE_ECC_FORCE_CONST_TIME)) {
+    bool force_constant_time = true;
+#if CONFIG_IDF_TARGET_ESP32H2
+    if (!ESP_CHIP_REV_ABOVE(efuse_hal_chip_revision(), 102)) {
+        force_constant_time = false;
+    }
+#endif
+    if (!esp_efuse_read_field_bit(ESP_EFUSE_ECC_FORCE_CONST_TIME) && force_constant_time) {
         ESP_EARLY_LOGD(TAG, "Forcefully enabling ECC constant time operations");
         esp_err_t err = esp_efuse_write_field_bit(ESP_EFUSE_ECC_FORCE_CONST_TIME);
         if (err != ESP_OK) {
diff --git a/components/hal/Kconfig b/components/hal/Kconfig
@@ -105,7 +105,7 @@ menu "Hardware Abstraction Layer (HAL) and Low Level (LL)"
 
     config HAL_ECDSA_GEN_SIG_CM
         bool "Enable countermeasure for ECDSA signature generation"
-        depends on IDF_TARGET_ESP32H2 && ESP32H2_REV_MIN_FULL < 102
+        depends on IDF_TARGET_ESP32H2
         default n
         help
             Enable this option to apply the countermeasure for ECDSA signature operation
diff --git a/components/hal/ecdsa_hal.c b/components/hal/ecdsa_hal.c
@@ -12,6 +12,7 @@
 #if CONFIG_HAL_ECDSA_GEN_SIG_CM
 #include "esp_fault.h"
 #include "esp_random.h"
+#include "soc/chip_revision.h"
 #endif
 
 #ifdef SOC_KEY_MANAGER_ECDSA_KEY_DEPLOY
@@ -136,7 +137,11 @@ void ecdsa_hal_gen_signature(ecdsa_hal_config_t *conf, const uint8_t *hash,
     configure_ecdsa_periph(conf);
 
 #if CONFIG_HAL_ECDSA_GEN_SIG_CM
-    ecdsa_hal_gen_signature_with_countermeasure(hash, r_out, s_out, len);
+    if (!ESP_CHIP_REV_ABOVE(efuse_hal_chip_revision(), 102)) {
+        ecdsa_hal_gen_signature_with_countermeasure(hash, r_out, s_out, len);
+    } else {
+        ecdsa_hal_gen_signature_inner(hash, r_out, s_out, len);
+    }
 #else /* CONFIG_HAL_ECDSA_GEN_SIG_CM */
     ecdsa_hal_gen_signature_inner(hash, r_out, s_out, len);
 #endif /* !CONFIG_HAL_ECDSA_GEN_SIG_CM */
diff --git a/components/mbedtls/port/ecdsa/ecdsa_alt.c b/components/mbedtls/port/ecdsa/ecdsa_alt.c
@@ -27,6 +27,8 @@
 
 #if CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN_CONSTANT_TIME_CM
 #include "esp_timer.h"
+#include "soc/chip_revision.h"
+#include "hal/efuse_hal.h"
 
 #if CONFIG_ESP_CRYPTO_DPA_PROTECTION_LEVEL_HIGH
 /*
@@ -362,9 +364,11 @@ static int esp_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi* r, mbedtls_mpi* s
 #endif
         ecdsa_hal_gen_signature(&conf, sha_le, r_le, s_le, len);
 #if CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN_CONSTANT_TIME_CM
-        sig_time = esp_timer_get_time() - sig_time;
-        if (sig_time < ECDSA_CM_FIXED_SIG_TIME) {
-            esp_rom_delay_us(ECDSA_CM_FIXED_SIG_TIME - sig_time);
+        if (!ESP_CHIP_REV_ABOVE(efuse_hal_chip_revision(), 102)) {
+            sig_time = esp_timer_get_time() - sig_time;
+            if (sig_time < ECDSA_CM_FIXED_SIG_TIME) {
+                esp_rom_delay_us(ECDSA_CM_FIXED_SIG_TIME - sig_time);
+            }
         }
 #endif
         process_again = !ecdsa_hal_get_operation_result()
