espressif/esptool
1
0
Fork 0
mirror of https://github.com/espressif/esptool.git synced 2025-10-16 14:28:54 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat(efuse): ESP32P4 adds ecdsa_key support

Browse Source
This commit is contained in:
KonstantinKondrashov
2023-08-23 17:57:26 +08:00
committed by Roland Dobai
parent ffaf6db9db
commit 3654267765
3 changed files with 27 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
espefuse/efuse/esp32p4/fields.py
View File

@@ -381,7 +381,7 @@ class EfuseMacField(EfuseField):
class EfuseKeyPurposeField(EfuseField): class EfuseKeyPurposeField(EfuseField):
KEY_PURPOSES = [ KEY_PURPOSES = [
("USER", 0, None, None, "no_need_rd_protect"), # User purposes (software-only use) ("USER", 0, None, None, "no_need_rd_protect"), # User purposes (software-only use)
("RESERVED", 1, None, None, "no_need_rd_protect"), # Reserved ("ECDSA_KEY", 1, None, "Reverse", "need_rd_protect"), # ECDSA key
("XTS_AES_256_KEY_1", 2, None, "Reverse", "need_rd_protect"), # XTS_AES_256_KEY_1 (flash/PSRAM encryption) ("XTS_AES_256_KEY_1", 2, None, "Reverse", "need_rd_protect"), # XTS_AES_256_KEY_1 (flash/PSRAM encryption)
("XTS_AES_256_KEY_2", 3, None, "Reverse", "need_rd_protect"), # XTS_AES_256_KEY_2 (flash/PSRAM encryption) ("XTS_AES_256_KEY_2", 3, None, "Reverse", "need_rd_protect"), # XTS_AES_256_KEY_2 (flash/PSRAM encryption)
("XTS_AES_128_KEY", 4, None, "Reverse", "need_rd_protect"), # XTS_AES_128_KEY (flash/PSRAM encryption) ("XTS_AES_128_KEY", 4, None, "Reverse", "need_rd_protect"), # XTS_AES_128_KEY (flash/PSRAM encryption)
@@ -428,6 +428,11 @@ class EfuseKeyPurposeField(EfuseField):
return p[0] return p[0]
return "FORBIDDEN_STATE" return "FORBIDDEN_STATE"
def get_name(self, raw_val):
for key in self.KEY_PURPOSES:
if key[1] == raw_val:
return key[0]
def save(self, new_value): def save(self, new_value):
raw_val = int(self.check_format(str(new_value))) raw_val = int(self.check_format(str(new_value)))
return super(EfuseKeyPurposeField, self).save(raw_val) return super(EfuseKeyPurposeField, self).save(raw_val)

15
espefuse/efuse/esp32p4/operations.py
View File

@@ -65,7 +65,7 @@ def add_commands(subparsers, efuses):
) )
burn_key.add_argument( burn_key.add_argument(
"keyfile", "keyfile",
help="File containing 256 bits of binary key data", help="File containing 256 bits of binary key data. For the ECDSA_KEY purpose use PEM file.",
action="append", action="append",
type=argparse.FileType("rb"), type=argparse.FileType("rb"),
) )
@@ -86,7 +86,7 @@ def add_commands(subparsers, efuses):
) )
burn_key.add_argument( burn_key.add_argument(
"keyfile", "keyfile",
help="File containing 256 bits of binary key data", help="File containing 256 bits of binary key data. For the ECDSA_KEY purpose use PEM file.",
nargs="?", nargs="?",
action="append", action="append",
metavar="KEYFILE", metavar="KEYFILE",
@@ -232,14 +232,21 @@ def burn_key(esp, efuses, args, digest=None):
block = efuses.blocks[block_num] block = efuses.blocks[block_num]
if digest is None: if digest is None:
data = datafile.read() if keypurpose == "ECDSA_KEY":
sk = espsecure.load_ecdsa_signing_key(datafile)
data = sk.to_string()
if len(data) == 24:
# the private key is 24 bytes long for NIST192p, add 8 bytes of padding
data = b"\x00" * 8 + data
else:
data = datafile.read()
else: else:
data = datafile data = datafile
print(" - %s" % (efuse.name), end=" ") print(" - %s" % (efuse.name), end=" ")
revers_msg = None revers_msg = None
if efuses[block.key_purpose_name].need_reverse(keypurpose): if efuses[block.key_purpose_name].need_reverse(keypurpose):
revers_msg = "\tReversing byte order for AES-XTS hardware peripheral" revers_msg = f"\tReversing byte order for {keypurpose} hardware peripheral"
data = data[::-1] data = data[::-1]
print( print(
"-> [{}]".format( "-> [{}]".format(

13
test/test_espefuse.py
View File

@@ -280,9 +280,10 @@ class TestReadProtectionCommands(EfuseTestCase):
ret_code=2, ret_code=2,
) )
else: else:
key1_purpose = "USER" if arg_chip in ["esp32p4"] else "RESERVED"
self.espefuse_py( self.espefuse_py(
f"burn_key BLOCK_KEY0 {IMAGES_DIR}/256bit USER \ f"burn_key BLOCK_KEY0 {IMAGES_DIR}/256bit USER \
BLOCK_KEY1 {IMAGES_DIR}/256bit RESERVED \ BLOCK_KEY1 {IMAGES_DIR}/256bit {key1_purpose} \
BLOCK_KEY2 {IMAGES_DIR}/256bit SECURE_BOOT_DIGEST0 \ BLOCK_KEY2 {IMAGES_DIR}/256bit SECURE_BOOT_DIGEST0 \
BLOCK_KEY3 {IMAGES_DIR}/256bit SECURE_BOOT_DIGEST1 \ BLOCK_KEY3 {IMAGES_DIR}/256bit SECURE_BOOT_DIGEST1 \
BLOCK_KEY4 {IMAGES_DIR}/256bit SECURE_BOOT_DIGEST2 \ BLOCK_KEY4 {IMAGES_DIR}/256bit SECURE_BOOT_DIGEST2 \
@@ -1054,7 +1055,10 @@ class TestBurnKeyCommands(EfuseTestCase):
"acadaeaf a8a9aaab a4a5a6a7 22a1a2a3" "acadaeaf a8a9aaab a4a5a6a7 22a1a2a3"
) in output ) in output
@pytest.mark.skipif(arg_chip != "esp32h2", reason="Only for ESP32-H2 chips") @pytest.mark.skipif(
arg_chip not in ["esp32h2", "esp32p4"],
reason="These chips support ECDSA_KEY",
)
def test_burn_key_ecdsa_key(self): def test_burn_key_ecdsa_key(self):
self.espefuse_py( self.espefuse_py(
f"burn_key \ f"burn_key \
@@ -1077,7 +1081,10 @@ class TestBurnKeyCommands(EfuseTestCase):
"00000000 00000000 00000000 00000000" "00000000 00000000 00000000 00000000"
) in output ) in output
@pytest.mark.skipif(arg_chip != "esp32h2", reason="Only for ESP32-H2 chips") @pytest.mark.skipif(
arg_chip not in ["esp32h2", "esp32p4"],
reason="These chips support ECDSA_KEY",
)
def test_burn_key_ecdsa_key_check_byte_order(self): def test_burn_key_ecdsa_key_check_byte_order(self):
self.espefuse_py( self.espefuse_py(
f"burn_key \ f"burn_key \