espressif/esptool
1
0
Fork 0
mirror of https://github.com/espressif/esptool.git synced 2025-10-15 04:14:48 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat(efuse): ESP32P4 adds ecdsa_key support

Browse Source
This commit is contained in:
KonstantinKondrashov
2023-08-23 17:57:26 +08:00
committed by Roland Dobai
parent ffaf6db9db
commit 3654267765
3 changed files with 27 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
espefuse/efuse/esp32p4/fields.py
View File

@@ -381,7 +381,7 @@ class EfuseMacField(EfuseField):
class EfuseKeyPurposeField(EfuseField):
KEY_PURPOSES = [
("USER", 0, None, None, "no_need_rd_protect"), # User purposes (software-only use)
("RESERVED", 1, None, None, "no_need_rd_protect"), # Reserved
("ECDSA_KEY", 1, None, "Reverse", "need_rd_protect"), # ECDSA key
("XTS_AES_256_KEY_1", 2, None, "Reverse", "need_rd_protect"), # XTS_AES_256_KEY_1 (flash/PSRAM encryption)
("XTS_AES_256_KEY_2", 3, None, "Reverse", "need_rd_protect"), # XTS_AES_256_KEY_2 (flash/PSRAM encryption)
("XTS_AES_128_KEY", 4, None, "Reverse", "need_rd_protect"), # XTS_AES_128_KEY (flash/PSRAM encryption)
@@ -428,6 +428,11 @@ class EfuseKeyPurposeField(EfuseField):
return p[0]
return "FORBIDDEN_STATE"
def get_name(self, raw_val):
for key in self.KEY_PURPOSES:
if key[1] == raw_val:
return key[0]
def save(self, new_value):
raw_val = int(self.check_format(str(new_value)))
return super(EfuseKeyPurposeField, self).save(raw_val)

15
espefuse/efuse/esp32p4/operations.py
View File

@@ -65,7 +65,7 @@ def add_commands(subparsers, efuses):
)
burn_key.add_argument(
"keyfile",
help="File containing 256 bits of binary key data",
help="File containing 256 bits of binary key data. For the ECDSA_KEY purpose use PEM file.",
action="append",
type=argparse.FileType("rb"),
)
@@ -86,7 +86,7 @@ def add_commands(subparsers, efuses):
)
burn_key.add_argument(
"keyfile",
help="File containing 256 bits of binary key data",
help="File containing 256 bits of binary key data. For the ECDSA_KEY purpose use PEM file.",
nargs="?",
action="append",
metavar="KEYFILE",
@@ -232,14 +232,21 @@ def burn_key(esp, efuses, args, digest=None):
block = efuses.blocks[block_num]
if digest is None:
data = datafile.read()
if keypurpose == "ECDSA_KEY":
sk = espsecure.load_ecdsa_signing_key(datafile)
data = sk.to_string()
if len(data) == 24:
# the private key is 24 bytes long for NIST192p, add 8 bytes of padding
data = b"\x00" * 8 + data
else:
data = datafile.read()
else:
data = datafile
print(" - %s" % (efuse.name), end=" ")
revers_msg = None
if efuses[block.key_purpose_name].need_reverse(keypurpose):
revers_msg = "\tReversing byte order for AES-XTS hardware peripheral"
revers_msg = f"\tReversing byte order for {keypurpose} hardware peripheral"
data = data[::-1]
print(
"-> [{}]".format(

13
test/test_espefuse.py
View File

@@ -280,9 +280,10 @@ class TestReadProtectionCommands(EfuseTestCase):
ret_code=2,
)
else:
key1_purpose = "USER" if arg_chip in ["esp32p4"] else "RESERVED"
self.espefuse_py(
f"burn_key BLOCK_KEY0 {IMAGES_DIR}/256bit USER \
BLOCK_KEY1 {IMAGES_DIR}/256bit RESERVED \
BLOCK_KEY1 {IMAGES_DIR}/256bit {key1_purpose} \
BLOCK_KEY2 {IMAGES_DIR}/256bit SECURE_BOOT_DIGEST0 \
BLOCK_KEY3 {IMAGES_DIR}/256bit SECURE_BOOT_DIGEST1 \
BLOCK_KEY4 {IMAGES_DIR}/256bit SECURE_BOOT_DIGEST2 \
@@ -1054,7 +1055,10 @@ class TestBurnKeyCommands(EfuseTestCase):
"acadaeaf a8a9aaab a4a5a6a7 22a1a2a3"
) in output
@pytest.mark.skipif(arg_chip != "esp32h2", reason="Only for ESP32-H2 chips")
@pytest.mark.skipif(
arg_chip not in ["esp32h2", "esp32p4"],
reason="These chips support ECDSA_KEY",
)
def test_burn_key_ecdsa_key(self):
self.espefuse_py(
f"burn_key \
@@ -1077,7 +1081,10 @@ class TestBurnKeyCommands(EfuseTestCase):
"00000000 00000000 00000000 00000000"
) in output
@pytest.mark.skipif(arg_chip != "esp32h2", reason="Only for ESP32-H2 chips")
@pytest.mark.skipif(
arg_chip not in ["esp32h2", "esp32p4"],
reason="These chips support ECDSA_KEY",
)
def test_burn_key_ecdsa_key_check_byte_order(self):
self.espefuse_py(
f"burn_key \