Merge branch 'fix/secure_boot_verify_app_api_support_ecdsa_p384_v5.5' into 'release/v5.5'

Application's Secure Boot verify API support ECDSA-P384 (v5.5)

See merge request espressif/esp-idf!44181

components/bootloader_support/src/secure_boot_v2/secure_boot_ecdsa_signature.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -13,12 +13,17 @@
 #include "mbedtls/ctr_drbg.h"
 #include "mbedtls/ecp.h"
 #include "rom/ecdsa.h"
+#include "sdkconfig.h"
 
 #include "secure_boot_signature_priv.h"
 
 static const char *TAG = "secure_boot_v2_ecdsa";
 
+#if CONFIG_SECURE_BOOT_ECDSA_KEY_LEN_384_BITS
+#define ECDSA_INTEGER_LEN 48
+#else
 #define ECDSA_INTEGER_LEN 32
+#endif /* CONFIG_SECURE_BOOT_ECDSA_KEY_LEN_384_BITS */
 
 esp_err_t verify_ecdsa_signature_block(const ets_secure_boot_signature_t *sig_block, const uint8_t *image_digest, const ets_secure_boot_sig_block_t *trusted_block)
 {
@@ -48,6 +53,12 @@ esp_err_t verify_ecdsa_signature_block(const ets_secure_boot_signature_t *sig_bl
             key_size = 32;
             mbedtls_ecp_group_load(&ecdsa_context.MBEDTLS_PRIVATE(grp), MBEDTLS_ECP_DP_SECP256R1);
             break;
+#if CONFIG_SECURE_BOOT_ECDSA_KEY_LEN_384_BITS
+        case ECDSA_CURVE_P384:
+            key_size = 48;
+            mbedtls_ecp_group_load(&ecdsa_context.MBEDTLS_PRIVATE(grp), MBEDTLS_ECP_DP_SECP384R1);
+            break;
+#endif /* CONFIG_SECURE_BOOT_ECDSA_KEY_LEN_384_BITS */
         default:
             ESP_LOGE(TAG, "Invalid curve ID");
             return ESP_ERR_INVALID_ARG;

components/esp_rom/esp32c5/include/esp32c5/rom/ecdsa.h

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2021-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2021-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -12,7 +12,8 @@
 extern "C" {
 #endif
 
-#define ETS_DIGEST_LEN 32 /* SHA-256, bytes */
+#define ETS_DIGEST_SHA256_LEN 32 /* SHA-256, bytes */
+#define ETS_DIGEST_SHA384_LEN 48 /* SHA-384, bytes */
 
 typedef enum {
     ECDSA_CURVE_P192 = 1,

components/esp_rom/esp32p4/include/esp32p4/rom/ecdsa.h

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -12,11 +12,13 @@
 extern "C" {
 #endif
 
-#define ETS_DIGEST_LEN 32 /* SHA-256, bytes */
+#define ETS_DIGEST_SHA256_LEN 32 /* SHA-256, bytes */
+#define ETS_DIGEST_SHA384_LEN 48 /* SHA-384, bytes */
 
 typedef enum {
     ECDSA_CURVE_P192 = 1,
-    ECDSA_CURVE_P256 = 2
+    ECDSA_CURVE_P256 = 2,
+    ECDSA_CURVE_P384 = 3
 } ECDSA_CURVE;
 
 int ets_ecdsa_verify(const uint8_t *key, const uint8_t *sig, ECDSA_CURVE curve_id, const uint8_t *digest, uint8_t *verified_digest);