espressif/esptool
1
0
Fork 0
mirror of https://github.com/espressif/esptool.git synced 2025-10-21 06:40:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(espefuse): Fix burn_key for ECDSA_KEY, it can read pem file

Browse Source
This commit is contained in:
Konstantin Kondrashov
2024-03-29 13:26:04 +03:00
parent ef8ee8aedf
commit 450db240a4
4 changed files with 47 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
espefuse/efuse/esp32c5/operations.py
View File

@@ -236,14 +236,21 @@ def burn_key(esp, efuses, args, digest=None):
block = efuses.blocks[block_num] block = efuses.blocks[block_num]
if digest is None: if digest is None:
data = datafile.read() if keypurpose == "ECDSA_KEY":
sk = espsecure.load_ecdsa_signing_key(datafile)
data = sk.to_string()
if len(data) == 24:
# the private key is 24 bytes long for NIST192p, and 8 bytes of padding
data = b"\x00" * 8 + data
else:
data = datafile.read()
else: else:
data = datafile data = datafile
print(" - %s" % (efuse.name), end=" ") print(" - %s" % (efuse.name), end=" ")
revers_msg = None revers_msg = None
if efuses[block.key_purpose_name].need_reverse(keypurpose): if efuses[block.key_purpose_name].need_reverse(keypurpose):
revers_msg = "\tReversing byte order for AES-XTS hardware peripheral" revers_msg = f"\tReversing byte order for {keypurpose} hardware peripheral"
data = data[::-1] data = data[::-1]
print( print(
"-> [{}]".format( "-> [{}]".format(

11
espefuse/efuse/esp32c5beta3/operations.py
View File

@@ -236,14 +236,21 @@ def burn_key(esp, efuses, args, digest=None):
block = efuses.blocks[block_num] block = efuses.blocks[block_num]
if digest is None: if digest is None:
data = datafile.read() if keypurpose == "ECDSA_KEY":
sk = espsecure.load_ecdsa_signing_key(datafile)
data = sk.to_string()
if len(data) == 24:
# the private key is 24 bytes long for NIST192p, and 8 bytes of padding
data = b"\x00" * 8 + data
else:
data = datafile.read()
else: else:
data = datafile data = datafile
print(" - %s" % (efuse.name), end=" ") print(" - %s" % (efuse.name), end=" ")
revers_msg = None revers_msg = None
if efuses[block.key_purpose_name].need_reverse(keypurpose): if efuses[block.key_purpose_name].need_reverse(keypurpose):
revers_msg = "\tReversing byte order for AES-XTS hardware peripheral" revers_msg = f"\tReversing byte order for {keypurpose} hardware peripheral"
data = data[::-1] data = data[::-1]
print( print(
"-> [{}]".format( "-> [{}]".format(

2
espefuse/efuse/esp32c61/operations.py
View File

@@ -304,7 +304,7 @@ def burn_key(esp, efuses, args, digest=None):
if digest is None: if digest is None:
if keypurpose == "ECDSA_KEY": if keypurpose == "ECDSA_KEY":
sk = espsecure._load_ecdsa_signing_key(datafile) sk = espsecure.load_ecdsa_signing_key(datafile)
data = sk.to_string() data = sk.to_string()
if len(data) == 24: if len(data) == 24:
# the private key is 24 bytes long for NIST192p, and 8 bytes of padding # the private key is 24 bytes long for NIST192p, and 8 bytes of padding

37
test/test_espefuse.py
View File

@@ -902,6 +902,9 @@ class TestBurnKeyCommands(EfuseTestCase):
"esp32c6", "esp32c6",
"esp32h2", "esp32h2",
"esp32p4", "esp32p4",
"esp32c5",
"esp32c5beta3",
"esp32c61",
], ],
reason="Only chips with 6 keys", reason="Only chips with 6 keys",
) )
@@ -910,9 +913,13 @@ class TestBurnKeyCommands(EfuseTestCase):
BLOCK_KEY0 {IMAGES_DIR}/256bit XTS_AES_256_KEY_1 \ BLOCK_KEY0 {IMAGES_DIR}/256bit XTS_AES_256_KEY_1 \
BLOCK_KEY1 {IMAGES_DIR}/256bit_1 XTS_AES_256_KEY_2 \ BLOCK_KEY1 {IMAGES_DIR}/256bit_1 XTS_AES_256_KEY_2 \
BLOCK_KEY2 {IMAGES_DIR}/256bit_2 XTS_AES_128_KEY" BLOCK_KEY2 {IMAGES_DIR}/256bit_2 XTS_AES_128_KEY"
if arg_chip in ["esp32c3", "esp32c6"] or arg_chip in [ if arg_chip in [
"esp32c3",
"esp32c6",
"esp32h2", "esp32h2",
"esp32h2beta1", "esp32h2beta1",
"esp32c5",
"esp32c5beta3",
]: ]:
cmd = cmd.replace("XTS_AES_256_KEY_1", "XTS_AES_128_KEY") cmd = cmd.replace("XTS_AES_256_KEY_1", "XTS_AES_128_KEY")
cmd = cmd.replace("XTS_AES_256_KEY_2", "XTS_AES_128_KEY") cmd = cmd.replace("XTS_AES_256_KEY_2", "XTS_AES_128_KEY")
@@ -986,8 +993,8 @@ class TestBurnKeyCommands(EfuseTestCase):
self.check_data_block_in_log(output, f"{IMAGES_DIR}/192bit_2") self.check_data_block_in_log(output, f"{IMAGES_DIR}/192bit_2")
@pytest.mark.skipif( @pytest.mark.skipif(
arg_chip not in ["esp32s2", "esp32s3", "esp32p4"], arg_chip not in ["esp32s2", "esp32s3", "esp32p4", "esp32c61"],
reason="512 bit keys are only supported on ESP32-S2, S3, and P4", reason="512 bit keys are only supported on ESP32-S2, S3, P4, C61",
) )
def test_burn_key_512bit(self): def test_burn_key_512bit(self):
self.espefuse_py( self.espefuse_py(
@@ -1004,8 +1011,8 @@ class TestBurnKeyCommands(EfuseTestCase):
) )
@pytest.mark.skipif( @pytest.mark.skipif(
arg_chip not in ["esp32s2", "esp32s3", "esp32p4"], arg_chip not in ["esp32s2", "esp32s3", "esp32p4", "esp32c61"],
reason="512 bit keys are only supported on ESP32-S2, S3, and P4", reason="512 bit keys are only supported on ESP32-S2, S3, P4, C61",
) )
def test_burn_key_512bit_non_consecutive_blocks(self): def test_burn_key_512bit_non_consecutive_blocks(self):
# Burn efuses separately to test different kinds # Burn efuses separately to test different kinds
@@ -1047,8 +1054,8 @@ class TestBurnKeyCommands(EfuseTestCase):
) in output ) in output
@pytest.mark.skipif( @pytest.mark.skipif(
arg_chip not in ["esp32s2", "esp32s3", "esp32p4"], arg_chip not in ["esp32s2", "esp32s3", "esp32p4", "esp32c61"],
reason="512 bit keys are only supported on ESP32-S2, S3, and P4", reason="512 bit keys are only supported on ESP32-S2, S3, P4, C61",
) )
def test_burn_key_512bit_non_consecutive_blocks_loop_around(self): def test_burn_key_512bit_non_consecutive_blocks_loop_around(self):
self.espefuse_py( self.espefuse_py(
@@ -1080,7 +1087,7 @@ class TestBurnKeyCommands(EfuseTestCase):
) in output ) in output
@pytest.mark.skipif( @pytest.mark.skipif(
arg_chip not in ["esp32h2", "esp32p4"], arg_chip not in ["esp32h2", "esp32c5", "esp32c5beta3", "esp32c61", "esp32p4"],
reason="These chips support ECDSA_KEY", reason="These chips support ECDSA_KEY",
) )
def test_burn_key_ecdsa_key(self): def test_burn_key_ecdsa_key(self):
@@ -1106,7 +1113,7 @@ class TestBurnKeyCommands(EfuseTestCase):
) in output ) in output
@pytest.mark.skipif( @pytest.mark.skipif(
arg_chip not in ["esp32h2", "esp32p4"], arg_chip not in ["esp32h2", "esp32c5", "esp32c5beta3", "esp32c61", "esp32p4"],
reason="These chips support ECDSA_KEY", reason="These chips support ECDSA_KEY",
) )
def test_burn_key_ecdsa_key_check_byte_order(self): def test_burn_key_ecdsa_key_check_byte_order(self):
@@ -1211,6 +1218,9 @@ class TestBurnBlockDataCommands(EfuseTestCase):
"esp32c6", "esp32c6",
"esp32h2", "esp32h2",
"esp32p4", "esp32p4",
"esp32c5",
"esp32c5beta3",
"esp32c61",
], ],
reason="Only chip with 6 keys", reason="Only chip with 6 keys",
) )
@@ -1349,6 +1359,9 @@ class TestBurnBlockDataCommands(EfuseTestCase):
"esp32c6", "esp32c6",
"esp32h2", "esp32h2",
"esp32p4", "esp32p4",
"esp32c5",
"esp32c5beta3",
"esp32c61",
], ],
reason="Only chips with 6 keys", reason="Only chips with 6 keys",
) )
@@ -1545,6 +1558,9 @@ class TestBurnKeyDigestCommandsEsp32C2(EfuseTestCase):
"esp32c6", "esp32c6",
"esp32h2", "esp32h2",
"esp32p4", "esp32p4",
"esp32c5",
"esp32c5beta3",
"esp32c61",
], ],
reason="Supports 6 key blocks", reason="Supports 6 key blocks",
) )
@@ -1657,6 +1673,9 @@ class TestBurnBitCommands(EfuseTestCase):
"esp32c6", "esp32c6",
"esp32h2", "esp32h2",
"esp32p4", "esp32p4",
"esp32c5",
"esp32c5beta3",
"esp32c61",
], ],
reason="Only chip with 6 keys", reason="Only chip with 6 keys",
) )