From 1f2cbde525b3f5b1df4b3de3e4ba6855f77883c3 Mon Sep 17 00:00:00 2001 From: "harshal.patil" Date: Tue, 11 Nov 2025 10:58:17 +0530 Subject: [PATCH] change(esp_key_mgr): Store key_len field in the key_info - Update the Key Manager key types to be generic - Define a new enum to determine the length of the keys - Refactor the Key Manager driver support generic key types and key lengths - Also store key deployment mode in the key recovery info --- .../flash_encryption_secure_features.c | 2 +- .../flash_encryption_secure_features.c | 2 +- .../src/flash_encryption/flash_encrypt.c | 19 +- components/esp_security/include/esp_key_mgr.h | 4 + components/esp_security/src/esp_key_mgr.c | 190 +++++++++-------- components/esp_security/src/init.c | 2 +- .../crypto_drivers/main/test_key_mgr.c | 12 +- components/hal/ecdsa_hal.c | 12 +- .../hal/esp32c5/include/hal/key_mgr_ll.h | 135 ++++++++---- .../hal/esp32p4/include/hal/key_mgr_ll.h | 197 +++++++++--------- components/hal/include/hal/key_mgr_hal.h | 6 +- components/hal/include/hal/key_mgr_types.h | 43 ++-- components/hal/key_mgr_hal.c | 8 +- .../main/key_manager/test_key_manager.c | 27 ++- .../test_apps/main/test_mbedtls_ecdsa.c | 27 +-- 15 files changed, 379 insertions(+), 307 deletions(-) diff --git a/components/bootloader_support/src/esp32c5/flash_encryption_secure_features.c b/components/bootloader_support/src/esp32c5/flash_encryption_secure_features.c index e07a2b40a1..81cf0828b6 100644 --- a/components/bootloader_support/src/esp32c5/flash_encryption_secure_features.c +++ b/components/bootloader_support/src/esp32c5/flash_encryption_secure_features.c @@ -77,7 +77,7 @@ esp_err_t esp_flash_encryption_use_efuse_key(void) esp_crypto_key_mgr_enable_periph_clk(true); // Force Key Manager to use eFuse key for XTS-AES operation - key_mgr_hal_set_key_usage(ESP_KEY_MGR_XTS_AES_128_KEY, ESP_KEY_MGR_USE_EFUSE_KEY); + key_mgr_hal_set_key_usage(ESP_KEY_MGR_FLASH_XTS_AES_KEY, ESP_KEY_MGR_USE_EFUSE_KEY); return ESP_OK; } diff --git a/components/bootloader_support/src/esp32p4/flash_encryption_secure_features.c b/components/bootloader_support/src/esp32p4/flash_encryption_secure_features.c index 6d945a9761..e5f8dd1860 100644 --- a/components/bootloader_support/src/esp32p4/flash_encryption_secure_features.c +++ b/components/bootloader_support/src/esp32p4/flash_encryption_secure_features.c @@ -59,7 +59,7 @@ esp_err_t esp_flash_encryption_use_efuse_key(void) esp_crypto_key_mgr_enable_periph_clk(true); // Force Key Manager to use eFuse key for XTS-AES operation - key_mgr_hal_set_key_usage(ESP_KEY_MGR_XTS_AES_128_KEY, ESP_KEY_MGR_USE_EFUSE_KEY); + key_mgr_hal_set_key_usage(ESP_KEY_MGR_FLASH_XTS_AES_KEY, ESP_KEY_MGR_USE_EFUSE_KEY); return ESP_OK; } diff --git a/components/bootloader_support/src/flash_encryption/flash_encrypt.c b/components/bootloader_support/src/flash_encryption/flash_encrypt.c index 766183b176..7da8a6957d 100644 --- a/components/bootloader_support/src/flash_encryption/flash_encrypt.c +++ b/components/bootloader_support/src/flash_encryption/flash_encrypt.c @@ -151,14 +151,19 @@ static esp_err_t key_manager_read_key_recovery_info(esp_key_mgr_key_recovery_inf continue; } + if (key_recovery_info->key_type != ESP_KEY_MGR_FLASH_XTS_AES_KEY) { + ESP_LOGD(TAG, "Key Manager sector %d has incorrect key type %d", i, key_recovery_info->key_type); + continue; + } + #if CONFIG_SECURE_FLASH_ENCRYPTION_AES256 - if (key_recovery_info->key_type != ESP_KEY_MGR_XTS_AES_256_KEY) { - ESP_LOGD(TAG, "Key Manager sector %d has incorrect key type", i); + if (key_recovery_info->key_len != ESP_KEY_MGR_XTS_AES_LEN_256) { + ESP_LOGD(TAG, "Key Manager sector %d has incorrect key length %d", i, key_recovery_info->key_len); continue; } #else - if (key_recovery_info->key_type != ESP_KEY_MGR_XTS_AES_128_KEY) { - ESP_LOGD(TAG, "Key Manager sector %d has incorrect key type", i); + if (key_recovery_info->key_len != ESP_KEY_MGR_XTS_AES_LEN_128) { + ESP_LOGD(TAG, "Key Manager sector %d has incorrect key length %d", i, key_recovery_info->key_len); continue; } #endif @@ -201,10 +206,12 @@ static esp_err_t key_manager_generate_key(esp_key_mgr_key_recovery_info_t *key_r esp_key_mgr_random_key_config_t key_config; memset(&key_config, 0, sizeof(esp_key_mgr_random_key_config_t)); + key_config.key_type = ESP_KEY_MGR_FLASH_XTS_AES_KEY; + #if CONFIG_SECURE_FLASH_ENCRYPTION_AES256 - key_config.key_type = ESP_KEY_MGR_XTS_AES_256_KEY; + key_config.key_len = ESP_KEY_MGR_XTS_AES_LEN_256; #else - key_config.key_type = ESP_KEY_MGR_XTS_AES_128_KEY; + key_config.key_len = ESP_KEY_MGR_XTS_AES_LEN_128; #endif // Generate a new key and load it into Key Manager diff --git a/components/esp_security/include/esp_key_mgr.h b/components/esp_security/include/esp_key_mgr.h index 09f7fb4cf5..5e768c681d 100644 --- a/components/esp_security/include/esp_key_mgr.h +++ b/components/esp_security/include/esp_key_mgr.h @@ -35,6 +35,7 @@ extern "C" { typedef struct { esp_key_mgr_key_type_t key_type; + esp_key_mgr_key_len_t key_len; bool use_pre_generated_huk_info; bool use_pre_generated_sw_init_key; WORD_ALIGNED_ATTR esp_key_mgr_huk_info_t huk_info; @@ -45,6 +46,7 @@ typedef struct { typedef struct { esp_key_mgr_key_type_t key_type; + esp_key_mgr_key_len_t key_len; bool use_pre_generated_huk_info; WORD_ALIGNED_ATTR esp_key_mgr_huk_info_t huk_info; WORD_ALIGNED_ATTR uint8_t k1_G[2][KEY_MGR_ECDH0_INFO_SIZE]; @@ -52,12 +54,14 @@ typedef struct { typedef struct { esp_key_mgr_key_type_t key_type; + esp_key_mgr_key_len_t key_len; bool use_pre_generated_huk_info; WORD_ALIGNED_ATTR esp_key_mgr_huk_info_t huk_info; } esp_key_mgr_random_key_config_t; typedef struct { esp_key_mgr_key_type_t key_type; + esp_key_mgr_key_len_t key_len; WORD_ALIGNED_ATTR uint8_t k2_G[2][KEY_MGR_ECDH0_INFO_SIZE]; } esp_key_mgr_ecdh0_info_t; diff --git a/components/esp_security/src/esp_key_mgr.c b/components/esp_security/src/esp_key_mgr.c index f1ccecb4b0..ea91777eff 100644 --- a/components/esp_security/src/esp_key_mgr.c +++ b/components/esp_security/src/esp_key_mgr.c @@ -38,13 +38,10 @@ static _lock_t s_key_mgr_psram_key_lock; static void esp_key_mgr_acquire_key_lock(esp_key_mgr_key_type_t key_type) { switch (key_type) { - case ESP_KEY_MGR_ECDSA_192_KEY: - case ESP_KEY_MGR_ECDSA_256_KEY: - case ESP_KEY_MGR_ECDSA_384_KEY: + case ESP_KEY_MGR_ECDSA_KEY: _lock_acquire(&s_key_mgr_ecdsa_key_lock); break; - case ESP_KEY_MGR_XTS_AES_128_KEY: - case ESP_KEY_MGR_XTS_AES_256_KEY: + case ESP_KEY_MGR_FLASH_XTS_AES_KEY: _lock_acquire(&s_key_mgr_xts_aes_key_lock); break; case ESP_KEY_MGR_HMAC_KEY: @@ -53,8 +50,7 @@ static void esp_key_mgr_acquire_key_lock(esp_key_mgr_key_type_t key_type) case ESP_KEY_MGR_DS_KEY: _lock_acquire(&s_key_mgr_ds_key_lock); break; - case ESP_KEY_MGR_PSRAM_128_KEY: - case ESP_KEY_MGR_PSRAM_256_KEY: + case ESP_KEY_MGR_PSRAM_XTS_AES_KEY: _lock_acquire(&s_key_mgr_psram_key_lock); break; default: @@ -67,13 +63,10 @@ static void esp_key_mgr_acquire_key_lock(esp_key_mgr_key_type_t key_type) static void esp_key_mgr_release_key_lock(esp_key_mgr_key_type_t key_type) { switch (key_type) { - case ESP_KEY_MGR_ECDSA_192_KEY: - case ESP_KEY_MGR_ECDSA_256_KEY: - case ESP_KEY_MGR_ECDSA_384_KEY: + case ESP_KEY_MGR_ECDSA_KEY: _lock_release(&s_key_mgr_ecdsa_key_lock); break; - case ESP_KEY_MGR_XTS_AES_128_KEY: - case ESP_KEY_MGR_XTS_AES_256_KEY: + case ESP_KEY_MGR_FLASH_XTS_AES_KEY: _lock_release(&s_key_mgr_xts_aes_key_lock); break; case ESP_KEY_MGR_HMAC_KEY: @@ -82,8 +75,7 @@ static void esp_key_mgr_release_key_lock(esp_key_mgr_key_type_t key_type) case ESP_KEY_MGR_DS_KEY: _lock_release(&s_key_mgr_ds_key_lock); break; - case ESP_KEY_MGR_PSRAM_128_KEY: - case ESP_KEY_MGR_PSRAM_256_KEY: + case ESP_KEY_MGR_PSRAM_XTS_AES_KEY: _lock_release(&s_key_mgr_psram_key_lock); break; default: @@ -96,15 +88,11 @@ static void esp_key_mgr_release_key_lock(esp_key_mgr_key_type_t key_type) static void esp_key_mgr_acquire_key_lock(esp_key_mgr_key_type_t key_type) { switch (key_type) { - case ESP_KEY_MGR_ECDSA_192_KEY: - case ESP_KEY_MGR_ECDSA_256_KEY: - case ESP_KEY_MGR_ECDSA_384_KEY: - case ESP_KEY_MGR_XTS_AES_128_KEY: - case ESP_KEY_MGR_XTS_AES_256_KEY: + case ESP_KEY_MGR_ECDSA_KEY: + case ESP_KEY_MGR_FLASH_XTS_AES_KEY: case ESP_KEY_MGR_HMAC_KEY: case ESP_KEY_MGR_DS_KEY: - case ESP_KEY_MGR_PSRAM_128_KEY: - case ESP_KEY_MGR_PSRAM_256_KEY: + case ESP_KEY_MGR_PSRAM_XTS_AES_KEY: break; default: ESP_LOGE(TAG, "Invalid key type"); @@ -116,15 +104,11 @@ static void esp_key_mgr_acquire_key_lock(esp_key_mgr_key_type_t key_type) static void esp_key_mgr_release_key_lock(esp_key_mgr_key_type_t key_type) { switch (key_type) { - case ESP_KEY_MGR_ECDSA_192_KEY: - case ESP_KEY_MGR_ECDSA_256_KEY: - case ESP_KEY_MGR_ECDSA_384_KEY: - case ESP_KEY_MGR_XTS_AES_128_KEY: - case ESP_KEY_MGR_XTS_AES_256_KEY: + case ESP_KEY_MGR_ECDSA_KEY: + case ESP_KEY_MGR_FLASH_XTS_AES_KEY: case ESP_KEY_MGR_HMAC_KEY: case ESP_KEY_MGR_DS_KEY: - case ESP_KEY_MGR_PSRAM_128_KEY: - case ESP_KEY_MGR_PSRAM_256_KEY: + case ESP_KEY_MGR_PSRAM_XTS_AES_KEY: break; default: ESP_LOGE(TAG, "Invalid key type"); @@ -158,25 +142,47 @@ static void esp_key_mgr_release_hardware(bool deployment_mode) esp_crypto_key_mgr_enable_periph_clk(false); } -static esp_key_mgr_key_purpose_t get_key_purpose(esp_key_mgr_key_type_t key_type) +static esp_key_mgr_key_purpose_t get_key_purpose(const esp_key_mgr_key_type_t key_type, const esp_key_mgr_key_len_t key_len) { switch (key_type) { - case ESP_KEY_MGR_ECDSA_192_KEY: - return ESP_KEY_MGR_KEY_PURPOSE_ECDSA_192; - case ESP_KEY_MGR_ECDSA_256_KEY: - return ESP_KEY_MGR_KEY_PURPOSE_ECDSA_256; - case ESP_KEY_MGR_XTS_AES_128_KEY: - return ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_128; - case ESP_KEY_MGR_XTS_AES_256_KEY: - return ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_1; + case ESP_KEY_MGR_ECDSA_KEY: + switch (key_len) { + case ESP_KEY_MGR_ECDSA_LEN_192: + return ESP_KEY_MGR_KEY_PURPOSE_ECDSA_192; + case ESP_KEY_MGR_ECDSA_LEN_256: + return ESP_KEY_MGR_KEY_PURPOSE_ECDSA_256; + case ESP_KEY_MGR_ECDSA_LEN_384: + // TODO: Verify: (IDF-14120) + return ESP_KEY_MGR_KEY_PURPOSE_ECDSA_384_H; + default: + return ESP_KEY_MGR_KEY_PURPOSE_INVALID; + } + + case ESP_KEY_MGR_FLASH_XTS_AES_KEY: + switch (key_len) { + case ESP_KEY_MGR_XTS_AES_LEN_128: + return ESP_KEY_MGR_KEY_PURPOSE_FLASH_128; + case ESP_KEY_MGR_XTS_AES_LEN_256: + return ESP_KEY_MGR_KEY_PURPOSE_FLASH_256_1; + default: + return ESP_KEY_MGR_KEY_PURPOSE_INVALID; + } + case ESP_KEY_MGR_HMAC_KEY: return ESP_KEY_MGR_KEY_PURPOSE_HMAC; + case ESP_KEY_MGR_DS_KEY: return ESP_KEY_MGR_KEY_PURPOSE_DS; - case ESP_KEY_MGR_PSRAM_128_KEY: - return ESP_KEY_MGR_KEY_PURPOSE_PSRAM_128; - case ESP_KEY_MGR_PSRAM_256_KEY: - return ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_1; + + case ESP_KEY_MGR_PSRAM_XTS_AES_KEY: + switch (key_len) { + case ESP_KEY_MGR_XTS_AES_LEN_128: + return ESP_KEY_MGR_KEY_PURPOSE_PSRAM_128; + case ESP_KEY_MGR_XTS_AES_LEN_256: + return ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_1; + default: + return ESP_KEY_MGR_KEY_PURPOSE_INVALID; + } default: return ESP_KEY_MGR_KEY_PURPOSE_INVALID; } @@ -309,7 +315,7 @@ static esp_err_t key_mgr_deploy_key_aes_mode(aes_deploy_config_t *config) key_mgr_wait_for_state(ESP_KEY_MGR_STATE_IDLE); if ((!key_mgr_hal_is_huk_valid()) || (!config->huk_deployed)) { - // For purpose ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_2 or ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2 this part shall be already executed + // For purpose ESP_KEY_MGR_KEY_PURPOSE_FLASH_256_2 or ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2 this part shall be already executed huk_deploy_config_t huk_deploy_config = { .use_pre_generated_huk_info = config->key_config->use_pre_generated_huk_info, .pre_generated_huk_info = &config->key_config->huk_info, @@ -325,7 +331,7 @@ static esp_err_t key_mgr_deploy_key_aes_mode(aes_deploy_config_t *config) } uint8_t key_recovery_info_index = 0; - if (config->key_purpose == ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_2 || config->key_purpose == ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2) { + if (config->key_purpose == ESP_KEY_MGR_KEY_PURPOSE_FLASH_256_2 || config->key_purpose == ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2) { key_recovery_info_index = 1; } @@ -339,12 +345,11 @@ static esp_err_t key_mgr_deploy_key_aes_mode(aes_deploy_config_t *config) key_mgr_hal_set_key_purpose(config->key_purpose); // Set key length for XTS-AES key - esp_key_mgr_key_type_t key_type = (esp_key_mgr_key_type_t) config->key_config->key_type; + esp_key_mgr_key_type_t key_type = config->key_config->key_type; + esp_key_mgr_key_len_t key_len = config->key_config->key_len; - if (key_type == ESP_KEY_MGR_XTS_AES_128_KEY || key_type == ESP_KEY_MGR_PSRAM_128_KEY) { - key_mgr_hal_set_xts_aes_key_len(key_type, ESP_KEY_MGR_XTS_AES_LEN_256); - } else if (key_type == ESP_KEY_MGR_XTS_AES_256_KEY || key_type == ESP_KEY_MGR_PSRAM_256_KEY) { - key_mgr_hal_set_xts_aes_key_len(key_type, ESP_KEY_MGR_XTS_AES_LEN_512); + if (key_type == ESP_KEY_MGR_FLASH_XTS_AES_KEY || key_type == ESP_KEY_MGR_PSRAM_XTS_AES_KEY) { + key_mgr_hal_set_xts_aes_key_len(key_type, key_len); } if (config->key_config->use_pre_generated_sw_init_key) { @@ -375,8 +380,8 @@ static esp_err_t key_mgr_deploy_key_aes_mode(aes_deploy_config_t *config) key_mgr_hal_read_public_info(key_recovery_info, KEY_MGR_KEY_RECOVERY_INFO_SIZE); - if (config->key_purpose != ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_1 && config->key_purpose != ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_1) { - if (!key_mgr_hal_is_key_deployment_valid(key_type)) { + if (config->key_purpose != ESP_KEY_MGR_KEY_PURPOSE_FLASH_256_1 && config->key_purpose != ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_1) { + if (!key_mgr_hal_is_key_deployment_valid(key_type, key_len)) { ESP_LOGE(TAG, "Key deployment is not valid"); return ESP_FAIL; } @@ -389,6 +394,8 @@ static esp_err_t key_mgr_deploy_key_aes_mode(aes_deploy_config_t *config) config->key_info->key_info[key_recovery_info_index].crc = esp_rom_crc32_le(0, key_recovery_info, KEY_MGR_KEY_RECOVERY_INFO_SIZE); config->key_info->key_type = key_type; + config->key_info->key_len = key_len; + config->key_info->key_deployment_mode = ESP_KEY_MGR_KEYGEN_MODE_AES; config->key_info->magic = KEY_HUK_SECTOR_MAGIC; return ESP_OK; @@ -408,7 +415,7 @@ esp_err_t esp_key_mgr_deploy_key_in_aes_mode(const esp_key_mgr_aes_key_config_t .k1_encrypted = key_config->k1_encrypted[0], }; - aes_deploy_config.key_purpose = get_key_purpose(key_config->key_type); + aes_deploy_config.key_purpose = get_key_purpose(key_config->key_type, key_config->key_len); if (aes_deploy_config.key_purpose == ESP_KEY_MGR_KEY_PURPOSE_INVALID) { ESP_LOGE(TAG, "Invalid key type"); return ESP_ERR_INVALID_ARG; @@ -424,8 +431,8 @@ esp_err_t esp_key_mgr_deploy_key_in_aes_mode(const esp_key_mgr_aes_key_config_t aes_deploy_config.huk_deployed = true; - if (key_config->key_type == ESP_KEY_MGR_XTS_AES_256_KEY || key_config->key_type == ESP_KEY_MGR_PSRAM_256_KEY) { - aes_deploy_config.key_purpose = key_config->key_type == ESP_KEY_MGR_XTS_AES_256_KEY ? ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_2 : ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2; + if (aes_deploy_config.key_purpose == ESP_KEY_MGR_KEY_PURPOSE_FLASH_256_1 || aes_deploy_config.key_purpose == ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_1) { + aes_deploy_config.key_purpose = key_config->key_type == ESP_KEY_MGR_FLASH_XTS_AES_KEY ? ESP_KEY_MGR_KEY_PURPOSE_FLASH_256_2 : ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2; aes_deploy_config.k1_encrypted = key_config->k1_encrypted[1]; esp_ret = key_mgr_deploy_key_aes_mode(&aes_deploy_config); if (esp_ret != ESP_OK) { @@ -473,11 +480,11 @@ static esp_err_t key_mgr_recover_key(key_recovery_config_t *config) key_mgr_hal_set_key_generator_mode(ESP_KEY_MGR_KEYGEN_MODE_RECOVER); // Set XTS-AES key length - esp_key_mgr_key_type_t key_type = (esp_key_mgr_key_type_t) config->key_recovery_info->key_type; - if (key_type == ESP_KEY_MGR_XTS_AES_128_KEY || key_type == ESP_KEY_MGR_PSRAM_128_KEY) { - key_mgr_hal_set_xts_aes_key_len(key_type, ESP_KEY_MGR_XTS_AES_LEN_256); - } else if (key_type == ESP_KEY_MGR_XTS_AES_256_KEY || key_type == ESP_KEY_MGR_PSRAM_256_KEY) { - key_mgr_hal_set_xts_aes_key_len(key_type, ESP_KEY_MGR_XTS_AES_LEN_512); + esp_key_mgr_key_type_t key_type = config->key_recovery_info->key_type; + esp_key_mgr_key_len_t key_len = config->key_recovery_info->key_len; + + if (key_type == ESP_KEY_MGR_FLASH_XTS_AES_KEY || key_type == ESP_KEY_MGR_PSRAM_XTS_AES_KEY) { + key_mgr_hal_set_xts_aes_key_len(key_type, key_len); } key_mgr_hal_set_key_purpose(config->key_purpose); @@ -486,7 +493,7 @@ static esp_err_t key_mgr_recover_key(key_recovery_config_t *config) key_mgr_wait_for_state(ESP_KEY_MGR_STATE_LOAD); - if (config->key_purpose == ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_2 || config->key_purpose == ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2) { + if (config->key_purpose == ESP_KEY_MGR_KEY_PURPOSE_FLASH_256_2 || config->key_purpose == ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2) { if (!check_key_info_validity(&config->key_recovery_info->key_info[1])) { ESP_LOGE(TAG, "Key info not valid"); return ESP_FAIL; @@ -504,8 +511,8 @@ static esp_err_t key_mgr_recover_key(key_recovery_config_t *config) key_mgr_wait_for_state(ESP_KEY_MGR_STATE_GAIN); // TODO: Maybe need to extend this to ECDSA_384_L and ECDSA_384_H (IDF-14120) - if (config->key_purpose != ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_1 && config->key_purpose != ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_1) { - if (!key_mgr_hal_is_key_deployment_valid(key_type)) { + if (config->key_purpose != ESP_KEY_MGR_KEY_PURPOSE_FLASH_256_1 && config->key_purpose != ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_1) { + if (!key_mgr_hal_is_key_deployment_valid(key_type, key_len)) { ESP_LOGD(TAG, "Key deployment is not valid"); return ESP_FAIL; } @@ -531,7 +538,7 @@ esp_err_t esp_key_mgr_activate_key(esp_key_mgr_key_recovery_info_t *key_recovery .key_recovery_info = key_recovery_info, }; - key_recovery_config.key_purpose = get_key_purpose(key_type); + key_recovery_config.key_purpose = get_key_purpose(key_type, key_recovery_info->key_len); if (key_recovery_config.key_purpose == ESP_KEY_MGR_KEY_PURPOSE_INVALID) { ESP_LOGE(TAG, "Invalid key type"); return ESP_ERR_INVALID_ARG; @@ -548,8 +555,8 @@ esp_err_t esp_key_mgr_activate_key(esp_key_mgr_key_recovery_info_t *key_recovery goto cleanup; } - if (key_type == ESP_KEY_MGR_XTS_AES_256_KEY || key_type == ESP_KEY_MGR_PSRAM_256_KEY) { - key_recovery_config.key_purpose = key_type == ESP_KEY_MGR_XTS_AES_256_KEY ? ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_2 : ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2; + if (key_recovery_config.key_purpose == ESP_KEY_MGR_KEY_PURPOSE_FLASH_256_1 || key_recovery_config.key_purpose == ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_1) { + key_recovery_config.key_purpose = key_recovery_config.key_purpose == ESP_KEY_MGR_KEY_PURPOSE_FLASH_256_1 ? ESP_KEY_MGR_KEY_PURPOSE_FLASH_256_2 : ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2; esp_ret = key_mgr_recover_key(&key_recovery_config); if (esp_ret != ESP_OK) { ESP_LOGE(TAG, "Failed to recover key"); @@ -593,7 +600,7 @@ static esp_err_t key_mgr_deploy_key_ecdh0_mode(ecdh0_deploy_config_t *config) key_mgr_wait_for_state(ESP_KEY_MGR_STATE_IDLE); if ((!key_mgr_hal_is_huk_valid()) || (!config->huk_deployed)) { - // For purpose ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_2 or ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2 this part shall be already executed + // For purpose ESP_KEY_MGR_KEY_PURPOSE_FLASH_256_2 or ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2 this part shall be already executed huk_deploy_config_t huk_deploy_config = { .use_pre_generated_huk_info = config->key_config->use_pre_generated_huk_info, .pre_generated_huk_info = &config->key_config->huk_info, @@ -609,7 +616,7 @@ static esp_err_t key_mgr_deploy_key_ecdh0_mode(ecdh0_deploy_config_t *config) } uint8_t key_recovery_info_index = 0; - if (config->key_purpose == ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_2 || config->key_purpose == ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2) { + if (config->key_purpose == ESP_KEY_MGR_KEY_PURPOSE_FLASH_256_2 || config->key_purpose == ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2) { key_recovery_info_index = 1; } @@ -623,12 +630,11 @@ static esp_err_t key_mgr_deploy_key_ecdh0_mode(ecdh0_deploy_config_t *config) key_mgr_hal_set_key_purpose(config->key_purpose); // Set XTS-AES key length - esp_key_mgr_key_type_t key_type = (esp_key_mgr_key_type_t) config->key_config->key_type; + esp_key_mgr_key_type_t key_type = config->key_config->key_type; + esp_key_mgr_key_len_t key_len = config->key_config->key_len; - if (key_type == ESP_KEY_MGR_XTS_AES_128_KEY || key_type == ESP_KEY_MGR_PSRAM_128_KEY) { - key_mgr_hal_set_xts_aes_key_len(key_type, ESP_KEY_MGR_XTS_AES_LEN_256); - } else if (key_type == ESP_KEY_MGR_XTS_AES_256_KEY || key_type == ESP_KEY_MGR_PSRAM_256_KEY) { - key_mgr_hal_set_xts_aes_key_len(key_type, ESP_KEY_MGR_XTS_AES_LEN_512); + if (key_type == ESP_KEY_MGR_FLASH_XTS_AES_KEY || key_type == ESP_KEY_MGR_PSRAM_XTS_AES_KEY) { + key_mgr_hal_set_xts_aes_key_len(key_type, key_len); } key_mgr_hal_start(); @@ -647,8 +653,8 @@ static esp_err_t key_mgr_deploy_key_ecdh0_mode(ecdh0_deploy_config_t *config) key_mgr_hal_read_public_info(key_recovery_info, KEY_MGR_KEY_RECOVERY_INFO_SIZE); key_mgr_hal_read_assist_info(config->ecdh0_key_info); - if (config->key_purpose != ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_1 && config->key_purpose != ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_1) { - if (!key_mgr_hal_is_key_deployment_valid(key_type)) { + if (config->key_purpose != ESP_KEY_MGR_KEY_PURPOSE_FLASH_256_1 && config->key_purpose != ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_1) { + if (!key_mgr_hal_is_key_deployment_valid(key_type, key_len)) { ESP_LOGE(TAG, "Key deployment is not valid"); return ESP_FAIL; } @@ -661,6 +667,8 @@ static esp_err_t key_mgr_deploy_key_ecdh0_mode(ecdh0_deploy_config_t *config) config->key_info->key_info[key_recovery_info_index].crc = esp_rom_crc32_le(0, key_recovery_info, KEY_MGR_KEY_RECOVERY_INFO_SIZE); config->key_info->key_type = key_type; + config->key_info->key_len = key_len; + config->key_info->key_deployment_mode = ESP_KEY_MGR_KEYGEN_MODE_ECDH0; config->key_info->magic = KEY_HUK_SECTOR_MAGIC; return ESP_OK; @@ -675,8 +683,6 @@ esp_err_t esp_key_mgr_deploy_key_in_ecdh0_mode(const esp_key_mgr_ecdh0_key_confi ESP_LOGD(TAG, "Key Deployment in ECDH0 mode"); - esp_key_mgr_key_type_t key_type = key_config->key_type; - ecdh0_deploy_config_t ecdh0_deploy_config = { .key_config = key_config, .key_info = key_info, @@ -684,7 +690,7 @@ esp_err_t esp_key_mgr_deploy_key_in_ecdh0_mode(const esp_key_mgr_ecdh0_key_confi .ecdh0_key_info = ecdh0_key_info->k2_G[0], }; - ecdh0_deploy_config.key_purpose = get_key_purpose(key_config->key_type); + ecdh0_deploy_config.key_purpose = get_key_purpose(key_config->key_type, key_config->key_len); if (ecdh0_deploy_config.key_purpose == ESP_KEY_MGR_KEY_PURPOSE_INVALID) { ESP_LOGE(TAG, "Invalid key type"); return ESP_ERR_INVALID_ARG; @@ -700,8 +706,8 @@ esp_err_t esp_key_mgr_deploy_key_in_ecdh0_mode(const esp_key_mgr_ecdh0_key_confi ecdh0_deploy_config.huk_deployed = true; - if (key_type == ESP_KEY_MGR_XTS_AES_256_KEY || key_type == ESP_KEY_MGR_PSRAM_256_KEY) { - ecdh0_deploy_config.key_purpose = key_type == ESP_KEY_MGR_XTS_AES_256_KEY ? ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_2 : ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2; + if (ecdh0_deploy_config.key_purpose == ESP_KEY_MGR_KEY_PURPOSE_FLASH_256_1 || ecdh0_deploy_config.key_purpose == ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_1) { + ecdh0_deploy_config.key_purpose = key_config->key_type == ESP_KEY_MGR_FLASH_XTS_AES_KEY ? ESP_KEY_MGR_KEY_PURPOSE_FLASH_256_2 : ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2; ecdh0_deploy_config.k1_G = key_config->k1_G[1]; ecdh0_deploy_config.ecdh0_key_info = ecdh0_key_info->k2_G[1]; esp_ret = key_mgr_deploy_key_ecdh0_mode(&ecdh0_deploy_config); @@ -712,7 +718,7 @@ esp_err_t esp_key_mgr_deploy_key_in_ecdh0_mode(const esp_key_mgr_ecdh0_key_confi } // Set the Key Manager Static Register to use own key for the respective key type - key_mgr_hal_set_key_usage(key_type, ESP_KEY_MGR_USE_OWN_KEY); + key_mgr_hal_set_key_usage(key_config->key_type, ESP_KEY_MGR_USE_OWN_KEY); cleanup: esp_key_mgr_release_hardware(true); @@ -732,7 +738,7 @@ static esp_err_t key_mgr_deploy_key_random_mode(random_deploy_config_t *config) key_mgr_wait_for_state(ESP_KEY_MGR_STATE_IDLE); if ((!key_mgr_hal_is_huk_valid()) || (!config->huk_deployed)) { - // For purpose ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_2 or ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2 this part shall be already executed + // For purpose ESP_KEY_MGR_KEY_PURPOSE_FLASH_256_2 or ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2 this part shall be already executed huk_deploy_config_t huk_deploy_config = { .use_pre_generated_huk_info = config->key_config->use_pre_generated_huk_info, .pre_generated_huk_info = &config->key_config->huk_info, @@ -747,7 +753,7 @@ static esp_err_t key_mgr_deploy_key_random_mode(random_deploy_config_t *config) } uint8_t key_recovery_info_index = 0; - if (config->key_purpose == ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_2 || config->key_purpose == ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2) { + if (config->key_purpose == ESP_KEY_MGR_KEY_PURPOSE_FLASH_256_2 || config->key_purpose == ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2) { key_recovery_info_index = 1; } @@ -760,11 +766,11 @@ static esp_err_t key_mgr_deploy_key_random_mode(random_deploy_config_t *config) key_mgr_hal_set_key_purpose(config->key_purpose); // Set XTS-AES key length - esp_key_mgr_key_type_t key_type = (esp_key_mgr_key_type_t) config->key_config->key_type; - if (key_type == ESP_KEY_MGR_XTS_AES_128_KEY || key_type == ESP_KEY_MGR_PSRAM_128_KEY) { - key_mgr_hal_set_xts_aes_key_len(key_type, ESP_KEY_MGR_XTS_AES_LEN_256); - } else if (key_type == ESP_KEY_MGR_XTS_AES_256_KEY || key_type == ESP_KEY_MGR_PSRAM_256_KEY) { - key_mgr_hal_set_xts_aes_key_len(key_type, ESP_KEY_MGR_XTS_AES_LEN_512); + esp_key_mgr_key_type_t key_type = config->key_config->key_type; + esp_key_mgr_key_len_t key_len = config->key_config->key_len; + + if (key_type == ESP_KEY_MGR_FLASH_XTS_AES_KEY || key_type == ESP_KEY_MGR_PSRAM_XTS_AES_KEY) { + key_mgr_hal_set_xts_aes_key_len(key_type, key_len); } key_mgr_hal_start(); @@ -777,8 +783,8 @@ static esp_err_t key_mgr_deploy_key_random_mode(random_deploy_config_t *config) key_mgr_wait_for_state(ESP_KEY_MGR_STATE_GAIN); key_mgr_hal_read_public_info(key_recovery_info, KEY_MGR_KEY_RECOVERY_INFO_SIZE); - if (config->key_purpose != ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_1 && config->key_purpose != ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_1) { - if (!key_mgr_hal_is_key_deployment_valid(key_type)) { + if (config->key_purpose != ESP_KEY_MGR_KEY_PURPOSE_FLASH_256_1 && config->key_purpose != ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_1) { + if (!key_mgr_hal_is_key_deployment_valid(key_type, key_len)) { ESP_LOGE(TAG, "Key deployment is not valid"); return ESP_FAIL; } @@ -791,6 +797,8 @@ static esp_err_t key_mgr_deploy_key_random_mode(random_deploy_config_t *config) config->key_info->key_info[key_recovery_info_index].crc = esp_rom_crc32_le(0, key_recovery_info, KEY_MGR_KEY_RECOVERY_INFO_SIZE); config->key_info->key_type = key_type; + config->key_info->key_len = key_len; + config->key_info->key_deployment_mode = ESP_KEY_MGR_KEYGEN_MODE_RANDOM; config->key_info->magic = KEY_HUK_SECTOR_MAGIC; return ESP_OK; @@ -809,7 +817,7 @@ esp_err_t esp_key_mgr_deploy_key_in_random_mode(const esp_key_mgr_random_key_con .key_info = key_recovery_info, }; - random_deploy_config.key_purpose = get_key_purpose(key_config->key_type); + random_deploy_config.key_purpose = get_key_purpose(key_config->key_type, key_config->key_len); if (random_deploy_config.key_purpose == ESP_KEY_MGR_KEY_PURPOSE_INVALID) { ESP_LOGE(TAG, "Invalid key type"); return ESP_ERR_INVALID_ARG; @@ -825,8 +833,8 @@ esp_err_t esp_key_mgr_deploy_key_in_random_mode(const esp_key_mgr_random_key_con random_deploy_config.huk_deployed = true; - if (key_config->key_type == ESP_KEY_MGR_XTS_AES_256_KEY || key_config->key_type == ESP_KEY_MGR_PSRAM_256_KEY) { - random_deploy_config.key_purpose = key_config->key_type == ESP_KEY_MGR_XTS_AES_256_KEY ? ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_2 : ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2; + if (random_deploy_config.key_purpose == ESP_KEY_MGR_KEY_PURPOSE_FLASH_256_1 || random_deploy_config.key_purpose == ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_1) { + random_deploy_config.key_purpose = key_config->key_type == ESP_KEY_MGR_FLASH_XTS_AES_KEY ? ESP_KEY_MGR_KEY_PURPOSE_FLASH_256_2 : ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2; esp_ret = key_mgr_deploy_key_random_mode(&random_deploy_config); if (esp_ret != ESP_OK) { ESP_LOGE(TAG, "Key deployment in Random mode failed"); diff --git a/components/esp_security/src/init.c b/components/esp_security/src/init.c index d73fda5c88..9a3a3fc147 100644 --- a/components/esp_security/src/init.c +++ b/components/esp_security/src/init.c @@ -48,7 +48,7 @@ static void esp_key_mgr_init(void) }; // Force Key Manager to use eFuse key by-default for an XTS-AES operation. - key_mgr_ll_set_key_usage(ESP_KEY_MGR_XTS_AES_128_KEY, ESP_KEY_MGR_USE_EFUSE_KEY); + key_mgr_ll_set_key_usage(ESP_KEY_MGR_FLASH_XTS_AES_KEY, ESP_KEY_MGR_USE_EFUSE_KEY); } } #endif /* SOC_KEY_MANAGER_SUPPORT_KEY_DEPLOYMENT */ diff --git a/components/esp_security/test_apps/crypto_drivers/main/test_key_mgr.c b/components/esp_security/test_apps/crypto_drivers/main/test_key_mgr.c index a2f9c01181..5b5a34abac 100644 --- a/components/esp_security/test_apps/crypto_drivers/main/test_key_mgr.c +++ b/components/esp_security/test_apps/crypto_drivers/main/test_key_mgr.c @@ -147,7 +147,8 @@ TEST_CASE("Key Manager AES mode: XTS-AES-128 key deployment", "[hw_crypto] [key_ memcpy(key_config->k1_encrypted, (uint8_t*) k1_encrypt, KEY_MGR_K1_ENCRYPTED_SIZE); memcpy(key_config->sw_init_key, (uint8_t*) init_key, KEY_MGR_SW_INIT_KEY_SIZE); key_config->use_pre_generated_sw_init_key = 1; - key_config->key_type = ESP_KEY_MGR_XTS_AES_128_KEY; + key_config->key_type = ESP_KEY_MGR_FLASH_XTS_AES_KEY; + key_config->key_len = ESP_KEY_MGR_XTS_AES_LEN_128; esp_key_mgr_key_recovery_info_t *key_recovery_info = calloc(1, sizeof(esp_key_mgr_key_recovery_info_t)); TEST_ASSERT_NOT_NULL(key_recovery_info); @@ -167,7 +168,8 @@ TEST_CASE("Key Manager ECDH0 mode: XTS-AES-128 key deployment", "[hw_crypto] [ke TEST_ASSERT_NOT_NULL(key_config); memcpy(key_config->k1_G, (uint8_t*) k1_G, KEY_MGR_ECDH0_INFO_SIZE); - key_config->key_type = ESP_KEY_MGR_XTS_AES_128_KEY; + key_config->key_type = ESP_KEY_MGR_FLASH_XTS_AES_KEY; + key_config->key_len = ESP_KEY_MGR_XTS_AES_LEN_128; esp_key_mgr_key_recovery_info_t *key_recovery_info = calloc(1, sizeof(esp_key_mgr_key_recovery_info_t)); TEST_ASSERT_NOT_NULL(key_recovery_info); @@ -190,7 +192,8 @@ TEST_CASE("Key Manager Random mode: XTS-AES-128 key deployment", "[hw_crypto] [k esp_key_mgr_random_key_config_t *key_config = calloc(1, sizeof(esp_key_mgr_random_key_config_t)); TEST_ASSERT_NOT_NULL(key_config); - key_config->key_type = ESP_KEY_MGR_XTS_AES_128_KEY; + key_config->key_type = ESP_KEY_MGR_FLASH_XTS_AES_KEY; + key_config->key_len = ESP_KEY_MGR_XTS_AES_LEN_128; esp_key_mgr_key_recovery_info_t *key_recovery_info = calloc(1, sizeof(esp_key_mgr_key_recovery_info_t)); TEST_ASSERT_NOT_NULL(key_recovery_info); @@ -211,7 +214,8 @@ TEST_CASE("Key Manager random mode: ECDSA key deployment", "[hw_crypto] [key_mgr esp_key_mgr_random_key_config_t *key_config = calloc(1, sizeof(esp_key_mgr_random_key_config_t)); TEST_ASSERT_NOT_NULL(key_config); - key_config->key_type = ESP_KEY_MGR_ECDSA_256_KEY; + key_config->key_type = ESP_KEY_MGR_ECDSA_KEY; + key_config->key_len = ESP_KEY_MGR_ECDSA_LEN_256; esp_key_mgr_key_recovery_info_t *key_recovery_info = calloc(1, sizeof(esp_key_mgr_key_recovery_info_t)); TEST_ASSERT_NOT_NULL(key_recovery_info); diff --git a/components/hal/ecdsa_hal.c b/components/hal/ecdsa_hal.c index 923119017b..72a74bf213 100644 --- a/components/hal/ecdsa_hal.c +++ b/components/hal/ecdsa_hal.c @@ -50,20 +50,12 @@ static void configure_ecdsa_periph(ecdsa_hal_config_t *conf) } // Force Key Manager to use eFuse key for XTS-AES operation - if (conf->curve == ECDSA_CURVE_SECP192R1) { - key_mgr_hal_set_key_usage(ESP_KEY_MGR_ECDSA_192_KEY, ESP_KEY_MGR_USE_EFUSE_KEY); - } else { - key_mgr_hal_set_key_usage(ESP_KEY_MGR_ECDSA_256_KEY, ESP_KEY_MGR_USE_EFUSE_KEY); - } + key_mgr_hal_set_key_usage(ESP_KEY_MGR_ECDSA_KEY, ESP_KEY_MGR_USE_EFUSE_KEY); #endif } #if SOC_KEY_MANAGER_SUPPORTED else { - if (conf->curve == ECDSA_CURVE_SECP192R1) { - key_mgr_hal_set_key_usage(ESP_KEY_MGR_ECDSA_192_KEY, ESP_KEY_MGR_USE_OWN_KEY); - } else { - key_mgr_hal_set_key_usage(ESP_KEY_MGR_ECDSA_256_KEY, ESP_KEY_MGR_USE_OWN_KEY); - } + key_mgr_hal_set_key_usage(ESP_KEY_MGR_ECDSA_KEY, ESP_KEY_MGR_USE_OWN_KEY); } #endif diff --git a/components/hal/esp32c5/include/hal/key_mgr_ll.h b/components/hal/esp32c5/include/hal/key_mgr_ll.h index 71fc8167f7..83e4bbfbc2 100644 --- a/components/hal/esp32c5/include/hal/key_mgr_ll.h +++ b/components/hal/esp32c5/include/hal/key_mgr_ll.h @@ -163,9 +163,7 @@ static inline void key_mgr_ll_use_sw_init_key(void) static inline void key_mgr_ll_set_key_usage(const esp_key_mgr_key_type_t key_type, const esp_key_mgr_key_usage_t key_usage) { switch (key_type) { - case ESP_KEY_MGR_ECDSA_192_KEY: - case ESP_KEY_MGR_ECDSA_256_KEY: - case ESP_KEY_MGR_ECDSA_384_KEY: + case ESP_KEY_MGR_ECDSA_KEY: if (key_usage == ESP_KEY_MGR_USE_EFUSE_KEY) { REG_SET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_ECDSA); } else { @@ -173,8 +171,7 @@ static inline void key_mgr_ll_set_key_usage(const esp_key_mgr_key_type_t key_typ } break; - case ESP_KEY_MGR_XTS_AES_128_KEY: - case ESP_KEY_MGR_XTS_AES_256_KEY: + case ESP_KEY_MGR_FLASH_XTS_AES_KEY: if (key_usage == ESP_KEY_MGR_USE_EFUSE_KEY) { REG_SET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_FLASH); } else { @@ -198,8 +195,7 @@ static inline void key_mgr_ll_set_key_usage(const esp_key_mgr_key_type_t key_typ } break; - case ESP_KEY_MGR_PSRAM_128_KEY: - case ESP_KEY_MGR_PSRAM_256_KEY: + case ESP_KEY_MGR_PSRAM_XTS_AES_KEY: if (key_usage == ESP_KEY_MGR_USE_EFUSE_KEY) { REG_SET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_PSRAM); } else { @@ -215,30 +211,30 @@ static inline void key_mgr_ll_set_key_usage(const esp_key_mgr_key_type_t key_typ static inline esp_key_mgr_key_usage_t key_mgr_ll_get_key_usage(esp_key_mgr_key_type_t key_type) { switch (key_type) { - case ESP_KEY_MGR_ECDSA_192_KEY: - case ESP_KEY_MGR_ECDSA_256_KEY: - case ESP_KEY_MGR_ECDSA_384_KEY: + case ESP_KEY_MGR_ECDSA_KEY: return (esp_key_mgr_key_usage_t) (REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_ECDSA)); + break; - case ESP_KEY_MGR_XTS_AES_128_KEY: - case ESP_KEY_MGR_XTS_AES_256_KEY: + case ESP_KEY_MGR_FLASH_XTS_AES_KEY: return (esp_key_mgr_key_usage_t) (REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_FLASH)); + break; case ESP_KEY_MGR_HMAC_KEY: return (esp_key_mgr_key_usage_t) (REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_HMAC)); + break; case ESP_KEY_MGR_DS_KEY: return (esp_key_mgr_key_usage_t) (REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_DS)); + break; - case ESP_KEY_MGR_PSRAM_128_KEY: - case ESP_KEY_MGR_PSRAM_256_KEY: + case ESP_KEY_MGR_PSRAM_XTS_AES_KEY: return (esp_key_mgr_key_usage_t) (REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_PSRAM)); + break; default: HAL_ASSERT(false && "Unsupported key type"); return ESP_KEY_MGR_USAGE_INVALID; } - return ESP_KEY_MGR_USAGE_INVALID; } /** @@ -259,14 +255,11 @@ static inline void key_mgr_ll_lock_use_sw_init_key_reg(void) static inline void key_mgr_ll_lock_use_efuse_key_reg(esp_key_mgr_key_type_t key_type) { switch(key_type) { - case ESP_KEY_MGR_ECDSA_192_KEY: - case ESP_KEY_MGR_ECDSA_256_KEY: - case ESP_KEY_MGR_ECDSA_384_KEY: + case ESP_KEY_MGR_ECDSA_KEY: REG_SET_BIT(KEYMNG_LOCK_REG, KEYMNG_USE_EFUSE_KEY_LOCK_ECDSA); break; - case ESP_KEY_MGR_XTS_AES_128_KEY: - case ESP_KEY_MGR_XTS_AES_256_KEY: + case ESP_KEY_MGR_FLASH_XTS_AES_KEY: REG_SET_BIT(KEYMNG_LOCK_REG, KEYMNG_USE_EFUSE_KEY_LOCK_FLASH); break; @@ -278,8 +271,7 @@ static inline void key_mgr_ll_lock_use_efuse_key_reg(esp_key_mgr_key_type_t key_ REG_SET_BIT(KEYMNG_LOCK_REG, KEYMNG_USE_EFUSE_KEY_LOCK_DS); break; - case ESP_KEY_MGR_PSRAM_128_KEY: - case ESP_KEY_MGR_PSRAM_256_KEY: + case ESP_KEY_MGR_PSRAM_XTS_AES_KEY: REG_SET_BIT(KEYMNG_LOCK_REG, KEYMNG_USE_EFUSE_KEY_LOCK_PSRAM); break; @@ -318,32 +310,53 @@ static inline bool key_mgr_ll_is_result_success(void) * @return 1 for Success * 0 for failure */ -static inline bool key_mgr_ll_is_key_deployment_valid(const esp_key_mgr_key_type_t key_type) +static inline bool key_mgr_ll_is_key_deployment_valid(const esp_key_mgr_key_type_t key_type, const esp_key_mgr_key_len_t key_len) { switch (key_type) { - case ESP_KEY_MGR_ECDSA_192_KEY: - return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_ECDSA_192_VLD); - case ESP_KEY_MGR_ECDSA_256_KEY: - return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_ECDSA_256_VLD); - case ESP_KEY_MGR_ECDSA_384_KEY: - return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_ECDSA_384_VLD); - - case ESP_KEY_MGR_XTS_AES_128_KEY: - case ESP_KEY_MGR_XTS_AES_256_KEY: + case ESP_KEY_MGR_ECDSA_KEY: + switch (key_len) { + case ESP_KEY_MGR_ECDSA_LEN_192: + return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_ECDSA_192_VLD); + case ESP_KEY_MGR_ECDSA_LEN_256: + return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_ECDSA_256_VLD); + case ESP_KEY_MGR_ECDSA_LEN_384: + return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_ECDSA_384_VLD); + default: + HAL_ASSERT(false && "Unsupported key type"); + return 0; + } + case ESP_KEY_MGR_FLASH_XTS_AES_KEY: + switch (key_len) { + case ESP_KEY_MGR_XTS_AES_LEN_128: + case ESP_KEY_MGR_XTS_AES_LEN_256: + return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_FLASH_VLD); + default: + HAL_ASSERT(false && "Unsupported key type"); + return 0; + } return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_FLASH_VLD); + break; case ESP_KEY_MGR_HMAC_KEY: return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_HMAC_VLD); + break; case ESP_KEY_MGR_DS_KEY: return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_DS_VLD); + break; - case ESP_KEY_MGR_PSRAM_128_KEY: - case ESP_KEY_MGR_PSRAM_256_KEY: - return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_PSRAM_VLD); + case ESP_KEY_MGR_PSRAM_XTS_AES_KEY: + switch (key_len) { + case ESP_KEY_MGR_XTS_AES_LEN_128: + case ESP_KEY_MGR_XTS_AES_LEN_256: + return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_PSRAM_VLD); + default: + HAL_ASSERT(false && "Unsupported key type"); + return 0; + } default: - HAL_ASSERT(false && "Unsupported key type"); + HAL_ASSERT(false && "Unsupported mode"); return 0; } } @@ -411,22 +424,54 @@ static inline bool key_mgr_ll_is_huk_valid(void) } /* @brief Set the XTS-AES (Flash Encryption) key length for the Key Manager */ -static inline void key_mgr_ll_set_xts_aes_key_len(const esp_key_mgr_key_type_t key_type, const esp_key_mgr_xts_aes_key_len_t key_len) +static inline void key_mgr_ll_set_xts_aes_key_len(const esp_key_mgr_key_type_t key_type, const esp_key_mgr_key_len_t key_len) { - if (key_type == ESP_KEY_MGR_XTS_AES_128_KEY || key_type == ESP_KEY_MGR_XTS_AES_256_KEY) { - REG_SET_FIELD(KEYMNG_STATIC_REG, KEYMNG_FLASH_KEY_LEN, key_len); - } else if (key_type == ESP_KEY_MGR_PSRAM_128_KEY || key_type == ESP_KEY_MGR_PSRAM_256_KEY) { - REG_SET_FIELD(KEYMNG_STATIC_REG, KEYMNG_PSRAM_KEY_LEN, key_len); + uint32_t key_len_bit_mask; + + if (key_type == ESP_KEY_MGR_FLASH_XTS_AES_KEY) { + key_len_bit_mask = KEYMNG_FLASH_KEY_LEN; + } else if (key_type == ESP_KEY_MGR_PSRAM_XTS_AES_KEY) { + key_len_bit_mask = KEYMNG_PSRAM_KEY_LEN; + } else { + HAL_ASSERT(false && "Unsupported key type"); + return; + } + + switch (key_len) { + case ESP_KEY_MGR_XTS_AES_LEN_128: + REG_CLR_BIT(KEYMNG_STATIC_REG, key_len_bit_mask); + break; + case ESP_KEY_MGR_XTS_AES_LEN_256: + REG_SET_BIT(KEYMNG_STATIC_REG, key_len_bit_mask); + break; + default: + HAL_ASSERT(false && "Unsupported key length"); + return; } } /* @brief Get the XTS-AES (Flash Encryption) key length for the Key Manager */ -static inline esp_key_mgr_xts_aes_key_len_t key_mgr_ll_get_xts_aes_key_len(const esp_key_mgr_key_type_t key_type) +static inline esp_key_mgr_key_len_t key_mgr_ll_get_xts_aes_key_len(const esp_key_mgr_key_type_t key_type) { - if (key_type == ESP_KEY_MGR_PSRAM_128_KEY || key_type == ESP_KEY_MGR_PSRAM_256_KEY) { - return (esp_key_mgr_xts_aes_key_len_t) REG_GET_FIELD(KEYMNG_STATIC_REG, KEYMNG_PSRAM_KEY_LEN); + uint32_t key_len_bit = 0; + + if (key_type == ESP_KEY_MGR_FLASH_XTS_AES_KEY) { + key_len_bit = REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_FLASH_KEY_LEN); + } else if (key_type == ESP_KEY_MGR_PSRAM_XTS_AES_KEY) { + key_len_bit = REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_PSRAM_KEY_LEN); } else { - return (esp_key_mgr_xts_aes_key_len_t) REG_GET_FIELD(KEYMNG_STATIC_REG, KEYMNG_FLASH_KEY_LEN); + HAL_ASSERT(false && "Unsupported key type"); + return (esp_key_mgr_key_len_t) key_len_bit; + } + + switch (key_len_bit) { + case 0: + return ESP_KEY_MGR_XTS_AES_LEN_128; + case 1: + return ESP_KEY_MGR_XTS_AES_LEN_256; + default: + HAL_ASSERT(false && "Unsupported key length"); + return (esp_key_mgr_key_len_t) key_len_bit; } } diff --git a/components/hal/esp32p4/include/hal/key_mgr_ll.h b/components/hal/esp32p4/include/hal/key_mgr_ll.h index 285f5909f0..6090696355 100644 --- a/components/hal/esp32p4/include/hal/key_mgr_ll.h +++ b/components/hal/esp32p4/include/hal/key_mgr_ll.h @@ -187,9 +187,7 @@ static inline void key_mgr_ll_use_sw_init_key(void) static inline void key_mgr_ll_set_key_usage(const esp_key_mgr_key_type_t key_type, const esp_key_mgr_key_usage_t key_usage) { switch (key_type) { - case ESP_KEY_MGR_ECDSA_192_KEY: - case ESP_KEY_MGR_ECDSA_256_KEY: - case ESP_KEY_MGR_ECDSA_384_KEY: + case ESP_KEY_MGR_ECDSA_KEY: if (key_usage == ESP_KEY_MGR_USE_EFUSE_KEY) { REG_SET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_ECDSA); } else { @@ -197,39 +195,38 @@ static inline void key_mgr_ll_set_key_usage(const esp_key_mgr_key_type_t key_typ } break; - case ESP_KEY_MGR_XTS_AES_128_KEY: - case ESP_KEY_MGR_XTS_AES_256_KEY: - if (key_usage == ESP_KEY_MGR_USE_EFUSE_KEY) { - REG_SET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_FLASH); - } else { - REG_CLR_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_FLASH); - } - break; -#if HAL_CONFIG(CHIP_SUPPORT_MIN_REV) >= 300 - case ESP_KEY_MGR_HMAC_KEY: - if (key_usage == ESP_KEY_MGR_USE_EFUSE_KEY) { - REG_SET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_HMAC); - } else { - REG_CLR_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_HMAC); - } - break; - - case ESP_KEY_MGR_DS_KEY: - if (key_usage == ESP_KEY_MGR_USE_EFUSE_KEY) { - REG_SET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_DS); - } else { - REG_CLR_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_DS); - } - break; - - case ESP_KEY_MGR_PSRAM_128_KEY: - case ESP_KEY_MGR_PSRAM_256_KEY: - if (key_usage == ESP_KEY_MGR_USE_EFUSE_KEY) { - REG_SET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_PSRAM); - } else { - REG_CLR_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_PSRAM); - } + case ESP_KEY_MGR_FLASH_XTS_AES_KEY: + if (key_usage == ESP_KEY_MGR_USE_EFUSE_KEY) { + REG_SET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_FLASH); + } else { + REG_CLR_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_FLASH); + } break; + +#if HAL_CONFIG(CHIP_SUPPORT_MIN_REV) >= 300 + case ESP_KEY_MGR_HMAC_KEY: + if (key_usage == ESP_KEY_MGR_USE_EFUSE_KEY) { + REG_SET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_HMAC); + } else { + REG_CLR_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_HMAC); + } + break; + + case ESP_KEY_MGR_DS_KEY: + if (key_usage == ESP_KEY_MGR_USE_EFUSE_KEY) { + REG_SET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_DS); + } else { + REG_CLR_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_DS); + } + break; + + case ESP_KEY_MGR_PSRAM_XTS_AES_KEY: + if (key_usage == ESP_KEY_MGR_USE_EFUSE_KEY) { + REG_SET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_PSRAM); + } else { + REG_CLR_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_PSRAM); + } + break; #endif default: HAL_ASSERT(false && "Unsupported mode"); @@ -240,35 +237,26 @@ static inline void key_mgr_ll_set_key_usage(const esp_key_mgr_key_type_t key_typ static inline esp_key_mgr_key_usage_t key_mgr_ll_get_key_usage(esp_key_mgr_key_type_t key_type) { switch (key_type) { - case ESP_KEY_MGR_ECDSA_192_KEY: - case ESP_KEY_MGR_ECDSA_256_KEY: - case ESP_KEY_MGR_ECDSA_384_KEY: + case ESP_KEY_MGR_ECDSA_KEY: return (esp_key_mgr_key_usage_t) (REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_ECDSA)); - break; - case ESP_KEY_MGR_XTS_AES_128_KEY: - case ESP_KEY_MGR_XTS_AES_256_KEY: - return (esp_key_mgr_key_usage_t) (REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_FLASH)); - break; + case ESP_KEY_MGR_FLASH_XTS_AES_KEY: + return (esp_key_mgr_key_usage_t) (REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_FLASH)); + #if HAL_CONFIG(CHIP_SUPPORT_MIN_REV) >= 300 - case ESP_KEY_MGR_HMAC_KEY: - return (esp_key_mgr_key_usage_t) (REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_HMAC)); - break; + case ESP_KEY_MGR_HMAC_KEY: + return (esp_key_mgr_key_usage_t) (REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_HMAC)); - case ESP_KEY_MGR_DS_KEY: - return (esp_key_mgr_key_usage_t) (REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_DS)); - break; + case ESP_KEY_MGR_DS_KEY: + return (esp_key_mgr_key_usage_t) (REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_DS)); - case ESP_KEY_MGR_PSRAM_128_KEY: - case ESP_KEY_MGR_PSRAM_256_KEY: - return (esp_key_mgr_key_usage_t) (REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_PSRAM)); - break; + case ESP_KEY_MGR_PSRAM_XTS_AES_KEY: + return (esp_key_mgr_key_usage_t) (REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_PSRAM)); #endif default: HAL_ASSERT(false && "Unsupported mode"); return ESP_KEY_MGR_USAGE_INVALID; } - return ESP_KEY_MGR_USAGE_INVALID; } /** @@ -289,29 +277,26 @@ static inline void key_mgr_ll_lock_use_sw_init_key_reg(void) static inline void key_mgr_ll_lock_use_efuse_key_reg(esp_key_mgr_key_type_t key_type) { switch(key_type) { - case ESP_KEY_MGR_ECDSA_192_KEY: - case ESP_KEY_MGR_ECDSA_256_KEY: - case ESP_KEY_MGR_ECDSA_384_KEY: + case ESP_KEY_MGR_ECDSA_KEY: REG_SET_BIT(KEYMNG_LOCK_REG, KEYMNG_USE_EFUSE_KEY_LOCK_ECDSA); break; - case ESP_KEY_MGR_XTS_AES_128_KEY: - case ESP_KEY_MGR_XTS_AES_256_KEY: - REG_SET_BIT(KEYMNG_LOCK_REG, KEYMNG_USE_EFUSE_KEY_LOCK_FLASH); - break; + case ESP_KEY_MGR_FLASH_XTS_AES_KEY: + REG_SET_BIT(KEYMNG_LOCK_REG, KEYMNG_USE_EFUSE_KEY_LOCK_FLASH); + break; + #if HAL_CONFIG(CHIP_SUPPORT_MIN_REV) >= 300 - case ESP_KEY_MGR_HMAC_KEY: - REG_SET_BIT(KEYMNG_LOCK_REG, KEYMNG_USE_EFUSE_KEY_LOCK_HMAC); - break; + case ESP_KEY_MGR_HMAC_KEY: + REG_SET_BIT(KEYMNG_LOCK_REG, KEYMNG_USE_EFUSE_KEY_LOCK_HMAC); + break; - case ESP_KEY_MGR_DS_KEY: - REG_SET_BIT(KEYMNG_LOCK_REG, KEYMNG_USE_EFUSE_KEY_LOCK_DS); - break; + case ESP_KEY_MGR_DS_KEY: + REG_SET_BIT(KEYMNG_LOCK_REG, KEYMNG_USE_EFUSE_KEY_LOCK_DS); + break; - case ESP_KEY_MGR_PSRAM_128_KEY: - case ESP_KEY_MGR_PSRAM_256_KEY: - REG_SET_BIT(KEYMNG_LOCK_REG, KEYMNG_USE_EFUSE_KEY_LOCK_PSRAM); - break; + case ESP_KEY_MGR_PSRAM_XTS_AES_KEY: + REG_SET_BIT(KEYMNG_LOCK_REG, KEYMNG_USE_EFUSE_KEY_LOCK_PSRAM); + break; #endif default: HAL_ASSERT(false && "Unsupported key type"); @@ -348,19 +333,33 @@ static inline bool key_mgr_ll_is_result_success(void) * @return 1 for Success * 0 for failure */ -static inline bool key_mgr_ll_is_key_deployment_valid(const esp_key_mgr_key_type_t key_type) +static inline bool key_mgr_ll_is_key_deployment_valid(const esp_key_mgr_key_type_t key_type, const esp_key_mgr_key_len_t key_len) { switch (key_type) { - case ESP_KEY_MGR_ECDSA_192_KEY: - return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_ECDSA_192_VLD); - case ESP_KEY_MGR_ECDSA_256_KEY: - return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_ECDSA_256_VLD); - case ESP_KEY_MGR_ECDSA_384_KEY: - return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_ECDSA_384_VLD); + case ESP_KEY_MGR_ECDSA_KEY: + switch (key_len) { + case ESP_KEY_MGR_ECDSA_LEN_192: + return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_ECDSA_192_VLD); + case ESP_KEY_MGR_ECDSA_LEN_256: + return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_ECDSA_256_VLD); + case ESP_KEY_MGR_ECDSA_LEN_384: + return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_ECDSA_384_VLD); + default: + HAL_ASSERT(false && "Unsupported key type"); + return 0; + } + + case ESP_KEY_MGR_FLASH_XTS_AES_KEY: + switch (key_len) { + case ESP_KEY_MGR_XTS_AES_LEN_128: + return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_FLASH_VLD); + case ESP_KEY_MGR_XTS_AES_LEN_256: + return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_FLASH_VLD); + default: + HAL_ASSERT(false && "Unsupported key type"); + return 0; + } - case ESP_KEY_MGR_XTS_AES_128_KEY: - case ESP_KEY_MGR_XTS_AES_256_KEY: - return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_FLASH_VLD); #if HAL_CONFIG(CHIP_SUPPORT_MIN_REV) >= 300 case ESP_KEY_MGR_HMAC_KEY: return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_HMAC_VLD); @@ -368,9 +367,16 @@ static inline bool key_mgr_ll_is_key_deployment_valid(const esp_key_mgr_key_type case ESP_KEY_MGR_DS_KEY: return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_DS_VLD); - case ESP_KEY_MGR_PSRAM_128_KEY: - case ESP_KEY_MGR_PSRAM_256_KEY: - return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_PSRAM_VLD); + case ESP_KEY_MGR_PSRAM_XTS_AES_KEY: + switch (key_len) { + case ESP_KEY_MGR_XTS_AES_LEN_128: + return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_PSRAM_VLD); + case ESP_KEY_MGR_XTS_AES_LEN_256: + return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_PSRAM_VLD); + default: + HAL_ASSERT(false && "Unsupported key type"); + return 0; + } #endif default: HAL_ASSERT(false && "Unsupported mode"); @@ -440,29 +446,32 @@ static inline bool key_mgr_ll_is_huk_valid(void) return REG_GET_FIELD(KEYMNG_HUK_VLD_REG, KEYMNG_HUK_VALID); } /* @brief Set the XTS-AES (Flash Encryption) key length for the Key Manager */ -static inline void key_mgr_ll_set_xts_aes_key_len(const esp_key_mgr_key_type_t key_type, const esp_key_mgr_xts_aes_key_len_t key_len) +static inline void key_mgr_ll_set_xts_aes_key_len(const esp_key_mgr_key_type_t key_type, const esp_key_mgr_key_len_t key_len) { - if (key_type == ESP_KEY_MGR_XTS_AES_128_KEY || key_type == ESP_KEY_MGR_XTS_AES_256_KEY) { + if (key_type == ESP_KEY_MGR_FLASH_XTS_AES_KEY) { REG_SET_FIELD(KEYMNG_STATIC_REG, KEYMNG_FLASH_KEY_LEN, key_len); } #if HAL_CONFIG(CHIP_SUPPORT_MIN_REV) >= 300 - else if (key_type == ESP_KEY_MGR_PSRAM_128_KEY || key_type == ESP_KEY_MGR_PSRAM_256_KEY) { + else if (key_type == ESP_KEY_MGR_PSRAM_XTS_AES_KEY) { REG_SET_FIELD(KEYMNG_STATIC_REG, KEYMNG_PSRAM_KEY_LEN, key_len); } #endif } /* @brief Get the XTS-AES (Flash Encryption) key length for the Key Manager */ -static inline esp_key_mgr_xts_aes_key_len_t key_mgr_ll_get_xts_aes_key_len(const esp_key_mgr_key_type_t key_type) +static inline esp_key_mgr_key_len_t key_mgr_ll_get_xts_aes_key_len(const esp_key_mgr_key_type_t key_type) { - if (key_type == ESP_KEY_MGR_XTS_AES_128_KEY || key_type == ESP_KEY_MGR_XTS_AES_256_KEY) { - return (esp_key_mgr_xts_aes_key_len_t) REG_GET_FIELD(KEYMNG_STATIC_REG, KEYMNG_FLASH_KEY_LEN); - } else { + if (key_type == ESP_KEY_MGR_FLASH_XTS_AES_KEY) { + return (esp_key_mgr_key_len_t) REG_GET_FIELD(KEYMNG_STATIC_REG, KEYMNG_FLASH_KEY_LEN); + } #if HAL_CONFIG(CHIP_SUPPORT_MIN_REV) >= 300 - return (esp_key_mgr_xts_aes_key_len_t) REG_GET_FIELD(KEYMNG_STATIC_REG, KEYMNG_PSRAM_KEY_LEN); -#else - HAL_ASSERT(false && "Unsupported key type"); + else if (key_type == ESP_KEY_MGR_PSRAM_XTS_AES_KEY) { + return (esp_key_mgr_key_len_t) REG_GET_FIELD(KEYMNG_STATIC_REG, KEYMNG_PSRAM_KEY_LEN); + } #endif + else { + HAL_ASSERT(false && "Unsupported key type"); + return (esp_key_mgr_key_len_t) 0; } } diff --git a/components/hal/include/hal/key_mgr_hal.h b/components/hal/include/hal/key_mgr_hal.h index 8434601a5d..f542781454 100644 --- a/components/hal/include/hal/key_mgr_hal.h +++ b/components/hal/include/hal/key_mgr_hal.h @@ -57,7 +57,7 @@ bool key_mgr_hal_is_result_success(void); * @return 1 for Success * 0 for failure */ -bool key_mgr_hal_is_key_deployment_valid(const esp_key_mgr_key_type_t key_type); +bool key_mgr_hal_is_key_deployment_valid(const esp_key_mgr_key_type_t key_type, const esp_key_mgr_key_len_t key_len); /** * @brief Check if the HUK is valid or not @@ -112,10 +112,10 @@ void key_mgr_hal_write_public_info(const uint8_t *public_info_buf, const size_t void key_mgr_hal_read_public_info(uint8_t *public_info_buf, const size_t read_len); /* @brief Set the XTS-AES key length for the Key Manager */ -void key_mgr_hal_set_xts_aes_key_len(const esp_key_mgr_key_type_t key_type, const esp_key_mgr_xts_aes_key_len_t key_len); +void key_mgr_hal_set_xts_aes_key_len(const esp_key_mgr_key_type_t key_type, const esp_key_mgr_key_len_t key_len); /* @brief Get the XTS-AES key length for the Key Manager */ -esp_key_mgr_xts_aes_key_len_t key_mgr_hal_get_xts_aes_key_len(const esp_key_mgr_key_type_t key_type); +esp_key_mgr_key_len_t key_mgr_hal_get_xts_aes_key_len(const esp_key_mgr_key_type_t key_type); /** * @brief Read state of Key Manager diff --git a/components/hal/include/hal/key_mgr_types.h b/components/hal/include/hal/key_mgr_types.h index dcdc8bd30e..48d764b901 100644 --- a/components/hal/include/hal/key_mgr_types.h +++ b/components/hal/include/hal/key_mgr_types.h @@ -20,41 +20,32 @@ extern "C" { * @brief State of Key Manager: idle, load, gain or busy. */ typedef enum { - ESP_KEY_MGR_STATE_IDLE = 0, /* Key Manager is idle */ + ESP_KEY_MGR_STATE_IDLE = 0, /* Key Manager is idle */ ESP_KEY_MGR_STATE_LOAD = 1, /* Key Manager is ready to receive input */ ESP_KEY_MGR_STATE_GAIN = 2, /* Key Manager is ready to provide output */ - ESP_KEY_MGR_STATE_BUSY = 3, /* Key Manager is busy */ + ESP_KEY_MGR_STATE_BUSY = 3, /* Key Manager is busy */ } esp_key_mgr_state_t; /** - * @brief Length of the XTS AES key + * @brief Length of the deployed key (XTS-AES, ECDSA) */ typedef enum { - ESP_KEY_MGR_XTS_AES_LEN_256 = 0, /* xts-aes key is 256 bit, please note that xts-aes algorithm is XTS_AES_128 */ - ESP_KEY_MGR_XTS_AES_LEN_512, /* xts-aes key is 512 bit, please note that xts-aes algorithm is XTS_AES_256 */ -} esp_key_mgr_xts_aes_key_len_t; + ESP_KEY_MGR_ECDSA_LEN_192 = 0, /* ecdsa key is 192 bit */ + ESP_KEY_MGR_ECDSA_LEN_256, /* ecdsa key is 256 bit */ + ESP_KEY_MGR_ECDSA_LEN_384, /* ecdsa key is 384 bit */ + ESP_KEY_MGR_XTS_AES_LEN_128, /* xts-aes key is 128 bit */ + ESP_KEY_MGR_XTS_AES_LEN_256, /* xts-aes key is 512 bit, please note that xts-aes algorithm is XTS_AES_256 */ +} esp_key_mgr_key_len_t; /** - * @brief Length of the PSRAM key + * @brief Type of the key */ typedef enum { - ESP_KEY_MGR_PSRAM_LEN_256 = 0, /* psram key is 256 bit, please note that xts-aes algorithm is XTS_AES_128 */ - ESP_KEY_MGR_PSRAM_LEN_512, /* psram key is 512 bit, please note that xts-aes algorithm is XTS_AES_256 */ -} esp_key_mgr_psram_key_len_t; - -/** - * @brief Type of the key: ECDSA, XTS - */ -typedef enum { - ESP_KEY_MGR_XTS_AES_128_KEY, /* XTS-AES 128-bit key */ - ESP_KEY_MGR_XTS_AES_256_KEY, /* XTS-AES 256-bit key */ - ESP_KEY_MGR_ECDSA_192_KEY, /* ECDSA 192-bit key */ - ESP_KEY_MGR_ECDSA_256_KEY, /* ECDSA 256-bit key */ - ESP_KEY_MGR_ECDSA_384_KEY, /* ECDSA 384-bit key */ - ESP_KEY_MGR_HMAC_KEY, /* HMAC key */ - ESP_KEY_MGR_DS_KEY, /* Digital signature key */ - ESP_KEY_MGR_PSRAM_128_KEY, /* PSRAM 128-bit key */ - ESP_KEY_MGR_PSRAM_256_KEY, /* PSRAM 256-bit key */ + ESP_KEY_MGR_ECDSA_KEY = 0, /* ECDSA key */ + ESP_KEY_MGR_FLASH_XTS_AES_KEY, /* XTS-AES key */ + ESP_KEY_MGR_HMAC_KEY, /* HMAC key */ + ESP_KEY_MGR_DS_KEY, /* Digital signature key */ + ESP_KEY_MGR_PSRAM_XTS_AES_KEY, /* PSRAM XTS-AES key */ } esp_key_mgr_key_type_t; /* @@ -140,7 +131,9 @@ typedef struct WORD_ALIGNED_ATTR PACKED_ATTR { uint32_t magic; uint32_t version; // for backward compatibility uint8_t key_type; - uint8_t reserved[15]; + uint8_t key_len; + uint8_t key_deployment_mode; + uint8_t reserved[13]; esp_key_mgr_huk_info_t huk_info; esp_key_mgr_key_info_t key_info[2]; // at most 2 key info (XTS-512_1 and XTS-512_2), at least use 1 } esp_key_mgr_key_recovery_info_t; diff --git a/components/hal/key_mgr_hal.c b/components/hal/key_mgr_hal.c index 5dcb67f5b2..9a9c281238 100644 --- a/components/hal/key_mgr_hal.c +++ b/components/hal/key_mgr_hal.c @@ -44,9 +44,9 @@ bool key_mgr_hal_is_result_success(void) return key_mgr_ll_is_result_success(); } -bool key_mgr_hal_is_key_deployment_valid(const esp_key_mgr_key_type_t key_type) +bool key_mgr_hal_is_key_deployment_valid(const esp_key_mgr_key_type_t key_type, const esp_key_mgr_key_len_t key_len) { - return key_mgr_ll_is_key_deployment_valid(key_type); + return key_mgr_ll_is_key_deployment_valid(key_type, key_len); } void key_mgr_hal_write_sw_init_key(const uint8_t *sw_init_key_buf, const size_t data_len) @@ -79,12 +79,12 @@ bool key_mgr_hal_is_huk_valid(void) return key_mgr_ll_is_huk_valid(); } -void key_mgr_hal_set_xts_aes_key_len(const esp_key_mgr_key_type_t key_type, const esp_key_mgr_xts_aes_key_len_t key_len) +void key_mgr_hal_set_xts_aes_key_len(const esp_key_mgr_key_type_t key_type, const esp_key_mgr_key_len_t key_len) { key_mgr_ll_set_xts_aes_key_len(key_type, key_len); } -esp_key_mgr_xts_aes_key_len_t key_mgr_hal_get_xts_aes_key_len(const esp_key_mgr_key_type_t key_type) +esp_key_mgr_key_len_t key_mgr_hal_get_xts_aes_key_len(const esp_key_mgr_key_type_t key_type) { return key_mgr_ll_get_xts_aes_key_len(key_type); } diff --git a/components/hal/test_apps/crypto/main/key_manager/test_key_manager.c b/components/hal/test_apps/crypto/main/key_manager/test_key_manager.c index 121b49a6c8..886ee5492a 100644 --- a/components/hal/test_apps/crypto/main/key_manager/test_key_manager.c +++ b/components/hal/test_apps/crypto/main/key_manager/test_key_manager.c @@ -92,7 +92,8 @@ static void key_mgr_test_xts_aes_128_aes_mode(void) memcpy(key_config.k1_encrypted, (uint8_t*) test_data_xts_aes_128.k1_encrypted, KEY_MGR_K1_ENCRYPTED_SIZE); memcpy(key_config.sw_init_key, (uint8_t*) test_data_xts_aes_128.init_key, KEY_MGR_SW_INIT_KEY_SIZE); key_config.use_pre_generated_sw_init_key = 1; - key_config.key_type = ESP_KEY_MGR_XTS_AES_128_KEY; + key_config.key_type = ESP_KEY_MGR_FLASH_XTS_AES_KEY; + key_config.key_len = ESP_KEY_MGR_XTS_AES_LEN_128; static esp_key_mgr_key_recovery_info_t key_recovery_info; TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deploy_key_in_aes_mode(&key_config, &key_recovery_info)); @@ -105,7 +106,8 @@ static void key_mgr_test_xts_aes_128_ecdh0_mode(void) { static esp_key_mgr_ecdh0_key_config_t key_config; memcpy(key_config.k1_G[0], (uint8_t*) test_data_ecdh0.k1_G[0], KEY_MGR_ECDH0_INFO_SIZE); - key_config.key_type = ESP_KEY_MGR_XTS_AES_128_KEY; + key_config.key_type = ESP_KEY_MGR_FLASH_XTS_AES_KEY; + key_config.key_len = ESP_KEY_MGR_XTS_AES_LEN_128; static esp_key_mgr_key_recovery_info_t key_recovery_info; static esp_key_mgr_ecdh0_info_t ecdh0_info; @@ -128,7 +130,8 @@ static void key_mgr_test_xts_aes_256_aes_mode(void) memcpy(key_config.k1_encrypted[1], (uint8_t*) test_data_xts_aes_256.k1_encrypted[1], KEY_MGR_K1_ENCRYPTED_SIZE); memcpy(key_config.sw_init_key, (uint8_t*) test_data_xts_aes_256.init_key, KEY_MGR_SW_INIT_KEY_SIZE); key_config.use_pre_generated_sw_init_key = 1; - key_config.key_type = ESP_KEY_MGR_XTS_AES_256_KEY; + key_config.key_type = ESP_KEY_MGR_FLASH_XTS_AES_KEY; + key_config.key_len = ESP_KEY_MGR_XTS_AES_LEN_256; static esp_key_mgr_key_recovery_info_t key_recovery_info; TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deploy_key_in_aes_mode(&key_config, &key_recovery_info)); @@ -142,7 +145,8 @@ static void key_mgr_test_xts_aes_256_ecdh0_mode(void) static esp_key_mgr_ecdh0_key_config_t key_config; memcpy(key_config.k1_G[0], (uint8_t*) test_data_ecdh0.k1_G[0], KEY_MGR_ECDH0_INFO_SIZE); memcpy(key_config.k1_G[1], (uint8_t*) test_data_ecdh0.k1_G[1], KEY_MGR_ECDH0_INFO_SIZE); - key_config.key_type = ESP_KEY_MGR_XTS_AES_256_KEY; + key_config.key_type = ESP_KEY_MGR_FLASH_XTS_AES_KEY; + key_config.key_len = ESP_KEY_MGR_XTS_AES_LEN_256; static esp_key_mgr_key_recovery_info_t key_recovery_info; static esp_key_mgr_ecdh0_info_t ecdh0_info; @@ -177,7 +181,8 @@ static void test_xts_aes_key_random_mode(void) static void key_mgr_test_xts_aes_128_random_mode(void) { static esp_key_mgr_random_key_config_t key_config; - key_config.key_type = ESP_KEY_MGR_XTS_AES_128_KEY; + key_config.key_type = ESP_KEY_MGR_FLASH_XTS_AES_KEY; + key_config.key_len = ESP_KEY_MGR_XTS_AES_LEN_128; static esp_key_mgr_key_recovery_info_t key_recovery_info; TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deploy_key_in_random_mode(&key_config, &key_recovery_info)); @@ -191,7 +196,8 @@ static void key_mgr_test_xts_aes_128_random_mode(void) static void key_mgr_test_xts_aes_256_random_mode(void) { static esp_key_mgr_random_key_config_t key_config; - key_config.key_type = ESP_KEY_MGR_XTS_AES_256_KEY; + key_config.key_type = ESP_KEY_MGR_FLASH_XTS_AES_KEY; + key_config.key_len = ESP_KEY_MGR_XTS_AES_LEN_256; static esp_key_mgr_key_recovery_info_t key_recovery_info; TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deploy_key_in_random_mode(&key_config, &key_recovery_info)); @@ -257,7 +263,8 @@ static void key_mgr_test_ecdsa_p256_aes_mode(void) memcpy(key_config.k1_encrypted, (uint8_t*) test_data_ecdsa.k1_encrypted, KEY_MGR_K1_ENCRYPTED_SIZE); memcpy(key_config.sw_init_key, (uint8_t*) test_data_ecdsa.init_key, KEY_MGR_SW_INIT_KEY_SIZE); key_config.use_pre_generated_sw_init_key = 1; - key_config.key_type = ESP_KEY_MGR_ECDSA_256_KEY; + key_config.key_type = ESP_KEY_MGR_ECDSA_KEY; + key_config.key_len = ESP_KEY_MGR_ECDSA_LEN_256; static esp_key_mgr_key_recovery_info_t key_recovery_info; TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deploy_key_in_aes_mode(&key_config, &key_recovery_info)); @@ -274,7 +281,8 @@ static void key_mgr_test_ecdsa_ecdh0_mode(void) { static esp_key_mgr_ecdh0_key_config_t key_config; memcpy(key_config.k1_G[0], (uint8_t*) test_data_ecdh0.k1_G[0], KEY_MGR_ECDH0_INFO_SIZE); - key_config.key_type = ESP_KEY_MGR_ECDSA_256_KEY; + key_config.key_type = ESP_KEY_MGR_ECDSA_KEY; + key_config.key_len = ESP_KEY_MGR_ECDSA_LEN_256; static esp_key_mgr_key_recovery_info_t key_recovery_info; static esp_key_mgr_ecdh0_info_t ecdh0_info; @@ -292,7 +300,8 @@ static void key_mgr_test_ecdsa_ecdh0_mode(void) static void key_mgr_test_ecdsa_random_mode(void) { static esp_key_mgr_random_key_config_t key_config; - key_config.key_type = ESP_KEY_MGR_ECDSA_256_KEY; + key_config.key_type = ESP_KEY_MGR_ECDSA_KEY; + key_config.key_len = ESP_KEY_MGR_ECDSA_LEN_256; static esp_key_mgr_key_recovery_info_t key_recovery_info; TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deploy_key_in_random_mode(&key_config, &key_recovery_info)); diff --git a/components/mbedtls/test_apps/main/test_mbedtls_ecdsa.c b/components/mbedtls/test_apps/main/test_mbedtls_ecdsa.c index bb8eab21a7..7007f3baad 100644 --- a/components/mbedtls/test_apps/main/test_mbedtls_ecdsa.c +++ b/components/mbedtls/test_apps/main/test_mbedtls_ecdsa.c @@ -359,12 +359,13 @@ TEST_CASE("mbedtls ECDSA signature generation on SECP384R1", "[mbedtls][efuse_ke #if SOC_KEY_MANAGER_SUPPORTED -static void deploy_key_in_key_manager(const uint8_t *k1_encrypted, esp_key_mgr_key_type_t key_type) { +static void deploy_key_in_key_manager(const uint8_t *k1_encrypted, esp_key_mgr_key_type_t key_type, esp_key_mgr_key_len_t key_len) { esp_key_mgr_aes_key_config_t *key_config = NULL; key_config = heap_caps_calloc(1, sizeof(esp_key_mgr_aes_key_config_t), MALLOC_CAP_INTERNAL); TEST_ASSERT_NOT_NULL(key_config); key_config->key_type = key_type; + key_config->key_len = key_len; key_config->use_pre_generated_sw_init_key = 1; memcpy(key_config->k2_info, (uint8_t*) k2_info, KEY_MGR_K2_INFO_SIZE); memcpy(key_config->k1_encrypted[0], (uint8_t*) k1_encrypted, KEY_MGR_K1_ENCRYPTED_SIZE); @@ -389,9 +390,9 @@ TEST_CASE("mbedtls ECDSA signature generation on SECP192R1", "[mbedtls][key_mana TEST_IGNORE_MESSAGE("Key manager is not supported"); } - deploy_key_in_key_manager(k1_ecdsa192_encrypt, ESP_KEY_MGR_ECDSA_192_KEY); + deploy_key_in_key_manager(k1_ecdsa192_encrypt, ESP_KEY_MGR_ECDSA_KEY, ESP_KEY_MGR_ECDSA_LEN_192); test_ecdsa_sign(MBEDTLS_ECP_DP_SECP192R1, sha, ecdsa192_pub_x, ecdsa192_pub_y, false, USE_ECDSA_KEY_FROM_KEY_MANAGER); - esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_192_KEY); + esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_KEY); } TEST_CASE("mbedtls ECDSA signature generation on SECP256R1", "[mbedtls][key_manager_key]") @@ -400,9 +401,9 @@ TEST_CASE("mbedtls ECDSA signature generation on SECP256R1", "[mbedtls][key_mana TEST_IGNORE_MESSAGE("Key manager is not supported"); } - deploy_key_in_key_manager(k1_ecdsa256_encrypt, ESP_KEY_MGR_ECDSA_256_KEY); + deploy_key_in_key_manager(k1_ecdsa256_encrypt, ESP_KEY_MGR_ECDSA_KEY, ESP_KEY_MGR_ECDSA_LEN_256); test_ecdsa_sign(MBEDTLS_ECP_DP_SECP256R1, sha, ecdsa256_pub_x, ecdsa256_pub_y, false, USE_ECDSA_KEY_FROM_KEY_MANAGER); - esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_256_KEY); + esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_KEY); } #endif /* SOC_KEY_MANAGER_SUPPORTED */ @@ -443,9 +444,9 @@ TEST_CASE("mbedtls ECDSA deterministic signature generation on SECP192R1", "[mbe if (!ecdsa_ll_is_deterministic_mode_supported()) { ESP_LOGI(TAG, "Skipping test because ECDSA deterministic mode is not supported."); } else { - deploy_key_in_key_manager(k1_ecdsa192_encrypt, ESP_KEY_MGR_ECDSA_192_KEY); + deploy_key_in_key_manager(k1_ecdsa192_encrypt, ESP_KEY_MGR_ECDSA_KEY, ESP_KEY_MGR_ECDSA_LEN_192); test_ecdsa_sign(MBEDTLS_ECP_DP_SECP192R1, sha, ecdsa192_pub_x, ecdsa192_pub_y, true, USE_ECDSA_KEY_FROM_KEY_MANAGER); - esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_192_KEY); + esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_KEY); } } @@ -454,9 +455,9 @@ TEST_CASE("mbedtls ECDSA deterministic signature generation on SECP256R1", "[mbe if (!ecdsa_ll_is_deterministic_mode_supported()) { ESP_LOGI(TAG, "Skipping test because ECDSA deterministic mode is not supported."); } else { - deploy_key_in_key_manager(k1_ecdsa256_encrypt, ESP_KEY_MGR_ECDSA_256_KEY); + deploy_key_in_key_manager(k1_ecdsa256_encrypt, ESP_KEY_MGR_ECDSA_KEY, ESP_KEY_MGR_ECDSA_LEN_256); test_ecdsa_sign(MBEDTLS_ECP_DP_SECP256R1, sha, ecdsa256_pub_x, ecdsa256_pub_y, true, USE_ECDSA_KEY_FROM_KEY_MANAGER); - esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_256_KEY); + esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_KEY); } } #endif /* SOC_KEY_MANAGER_SUPPORTED */ @@ -532,9 +533,9 @@ TEST_CASE("mbedtls ECDSA export public key on SECP192R1", "[mbedtls][key_manager TEST_IGNORE_MESSAGE("Key manager is not supported"); } - deploy_key_in_key_manager(k1_ecdsa192_encrypt, ESP_KEY_MGR_ECDSA_192_KEY); + deploy_key_in_key_manager(k1_ecdsa192_encrypt, ESP_KEY_MGR_ECDSA_KEY, ESP_KEY_MGR_ECDSA_LEN_192); test_ecdsa_export_pubkey(MBEDTLS_ECP_DP_SECP192R1, ecdsa192_pub_x, ecdsa192_pub_y, USE_ECDSA_KEY_FROM_KEY_MANAGER); - esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_192_KEY); + esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_KEY); } TEST_CASE("mbedtls ECDSA export public key on SECP256R1", "[mbedtls][key_manager_key]") @@ -543,9 +544,9 @@ TEST_CASE("mbedtls ECDSA export public key on SECP256R1", "[mbedtls][key_manager TEST_IGNORE_MESSAGE("Key manager is not supported"); } - deploy_key_in_key_manager(k1_ecdsa256_encrypt, ESP_KEY_MGR_ECDSA_256_KEY); + deploy_key_in_key_manager(k1_ecdsa256_encrypt, ESP_KEY_MGR_ECDSA_KEY, ESP_KEY_MGR_ECDSA_LEN_256); test_ecdsa_export_pubkey(MBEDTLS_ECP_DP_SECP256R1, ecdsa256_pub_x, ecdsa256_pub_y, USE_ECDSA_KEY_FROM_KEY_MANAGER); - esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_256_KEY); + esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_KEY); } #endif #endif /* SOC_ECDSA_SUPPORT_EXPORT_PUBKEY */