diff --git a/components/bootloader_support/src/esp32c5/flash_encryption_secure_features.c b/components/bootloader_support/src/esp32c5/flash_encryption_secure_features.c index e07a2b40a1..81cf0828b6 100644 --- a/components/bootloader_support/src/esp32c5/flash_encryption_secure_features.c +++ b/components/bootloader_support/src/esp32c5/flash_encryption_secure_features.c @@ -77,7 +77,7 @@ esp_err_t esp_flash_encryption_use_efuse_key(void) esp_crypto_key_mgr_enable_periph_clk(true); // Force Key Manager to use eFuse key for XTS-AES operation - key_mgr_hal_set_key_usage(ESP_KEY_MGR_XTS_AES_128_KEY, ESP_KEY_MGR_USE_EFUSE_KEY); + key_mgr_hal_set_key_usage(ESP_KEY_MGR_FLASH_XTS_AES_KEY, ESP_KEY_MGR_USE_EFUSE_KEY); return ESP_OK; } diff --git a/components/bootloader_support/src/esp32p4/flash_encryption_secure_features.c b/components/bootloader_support/src/esp32p4/flash_encryption_secure_features.c index 6d945a9761..e5f8dd1860 100644 --- a/components/bootloader_support/src/esp32p4/flash_encryption_secure_features.c +++ b/components/bootloader_support/src/esp32p4/flash_encryption_secure_features.c @@ -59,7 +59,7 @@ esp_err_t esp_flash_encryption_use_efuse_key(void) esp_crypto_key_mgr_enable_periph_clk(true); // Force Key Manager to use eFuse key for XTS-AES operation - key_mgr_hal_set_key_usage(ESP_KEY_MGR_XTS_AES_128_KEY, ESP_KEY_MGR_USE_EFUSE_KEY); + key_mgr_hal_set_key_usage(ESP_KEY_MGR_FLASH_XTS_AES_KEY, ESP_KEY_MGR_USE_EFUSE_KEY); return ESP_OK; } diff --git a/components/bootloader_support/src/flash_encryption/flash_encrypt.c b/components/bootloader_support/src/flash_encryption/flash_encrypt.c index 766183b176..7da8a6957d 100644 --- a/components/bootloader_support/src/flash_encryption/flash_encrypt.c +++ b/components/bootloader_support/src/flash_encryption/flash_encrypt.c @@ -151,14 +151,19 @@ static esp_err_t key_manager_read_key_recovery_info(esp_key_mgr_key_recovery_inf continue; } + if (key_recovery_info->key_type != ESP_KEY_MGR_FLASH_XTS_AES_KEY) { + ESP_LOGD(TAG, "Key Manager sector %d has incorrect key type %d", i, key_recovery_info->key_type); + continue; + } + #if CONFIG_SECURE_FLASH_ENCRYPTION_AES256 - if (key_recovery_info->key_type != ESP_KEY_MGR_XTS_AES_256_KEY) { - ESP_LOGD(TAG, "Key Manager sector %d has incorrect key type", i); + if (key_recovery_info->key_len != ESP_KEY_MGR_XTS_AES_LEN_256) { + ESP_LOGD(TAG, "Key Manager sector %d has incorrect key length %d", i, key_recovery_info->key_len); continue; } #else - if (key_recovery_info->key_type != ESP_KEY_MGR_XTS_AES_128_KEY) { - ESP_LOGD(TAG, "Key Manager sector %d has incorrect key type", i); + if (key_recovery_info->key_len != ESP_KEY_MGR_XTS_AES_LEN_128) { + ESP_LOGD(TAG, "Key Manager sector %d has incorrect key length %d", i, key_recovery_info->key_len); continue; } #endif @@ -201,10 +206,12 @@ static esp_err_t key_manager_generate_key(esp_key_mgr_key_recovery_info_t *key_r esp_key_mgr_random_key_config_t key_config; memset(&key_config, 0, sizeof(esp_key_mgr_random_key_config_t)); + key_config.key_type = ESP_KEY_MGR_FLASH_XTS_AES_KEY; + #if CONFIG_SECURE_FLASH_ENCRYPTION_AES256 - key_config.key_type = ESP_KEY_MGR_XTS_AES_256_KEY; + key_config.key_len = ESP_KEY_MGR_XTS_AES_LEN_256; #else - key_config.key_type = ESP_KEY_MGR_XTS_AES_128_KEY; + key_config.key_len = ESP_KEY_MGR_XTS_AES_LEN_128; #endif // Generate a new key and load it into Key Manager diff --git a/components/esp_security/include/esp_key_mgr.h b/components/esp_security/include/esp_key_mgr.h index 09f7fb4cf5..5e768c681d 100644 --- a/components/esp_security/include/esp_key_mgr.h +++ b/components/esp_security/include/esp_key_mgr.h @@ -35,6 +35,7 @@ extern "C" { typedef struct { esp_key_mgr_key_type_t key_type; + esp_key_mgr_key_len_t key_len; bool use_pre_generated_huk_info; bool use_pre_generated_sw_init_key; WORD_ALIGNED_ATTR esp_key_mgr_huk_info_t huk_info; @@ -45,6 +46,7 @@ typedef struct { typedef struct { esp_key_mgr_key_type_t key_type; + esp_key_mgr_key_len_t key_len; bool use_pre_generated_huk_info; WORD_ALIGNED_ATTR esp_key_mgr_huk_info_t huk_info; WORD_ALIGNED_ATTR uint8_t k1_G[2][KEY_MGR_ECDH0_INFO_SIZE]; @@ -52,12 +54,14 @@ typedef struct { typedef struct { esp_key_mgr_key_type_t key_type; + esp_key_mgr_key_len_t key_len; bool use_pre_generated_huk_info; WORD_ALIGNED_ATTR esp_key_mgr_huk_info_t huk_info; } esp_key_mgr_random_key_config_t; typedef struct { esp_key_mgr_key_type_t key_type; + esp_key_mgr_key_len_t key_len; WORD_ALIGNED_ATTR uint8_t k2_G[2][KEY_MGR_ECDH0_INFO_SIZE]; } esp_key_mgr_ecdh0_info_t; diff --git a/components/esp_security/src/esp_key_mgr.c b/components/esp_security/src/esp_key_mgr.c index f1ccecb4b0..6ffefe5898 100644 --- a/components/esp_security/src/esp_key_mgr.c +++ b/components/esp_security/src/esp_key_mgr.c @@ -38,13 +38,10 @@ static _lock_t s_key_mgr_psram_key_lock; static void esp_key_mgr_acquire_key_lock(esp_key_mgr_key_type_t key_type) { switch (key_type) { - case ESP_KEY_MGR_ECDSA_192_KEY: - case ESP_KEY_MGR_ECDSA_256_KEY: - case ESP_KEY_MGR_ECDSA_384_KEY: + case ESP_KEY_MGR_ECDSA_KEY: _lock_acquire(&s_key_mgr_ecdsa_key_lock); break; - case ESP_KEY_MGR_XTS_AES_128_KEY: - case ESP_KEY_MGR_XTS_AES_256_KEY: + case ESP_KEY_MGR_FLASH_XTS_AES_KEY: _lock_acquire(&s_key_mgr_xts_aes_key_lock); break; case ESP_KEY_MGR_HMAC_KEY: @@ -53,8 +50,7 @@ static void esp_key_mgr_acquire_key_lock(esp_key_mgr_key_type_t key_type) case ESP_KEY_MGR_DS_KEY: _lock_acquire(&s_key_mgr_ds_key_lock); break; - case ESP_KEY_MGR_PSRAM_128_KEY: - case ESP_KEY_MGR_PSRAM_256_KEY: + case ESP_KEY_MGR_PSRAM_XTS_AES_KEY: _lock_acquire(&s_key_mgr_psram_key_lock); break; default: @@ -67,13 +63,10 @@ static void esp_key_mgr_acquire_key_lock(esp_key_mgr_key_type_t key_type) static void esp_key_mgr_release_key_lock(esp_key_mgr_key_type_t key_type) { switch (key_type) { - case ESP_KEY_MGR_ECDSA_192_KEY: - case ESP_KEY_MGR_ECDSA_256_KEY: - case ESP_KEY_MGR_ECDSA_384_KEY: + case ESP_KEY_MGR_ECDSA_KEY: _lock_release(&s_key_mgr_ecdsa_key_lock); break; - case ESP_KEY_MGR_XTS_AES_128_KEY: - case ESP_KEY_MGR_XTS_AES_256_KEY: + case ESP_KEY_MGR_FLASH_XTS_AES_KEY: _lock_release(&s_key_mgr_xts_aes_key_lock); break; case ESP_KEY_MGR_HMAC_KEY: @@ -82,8 +75,7 @@ static void esp_key_mgr_release_key_lock(esp_key_mgr_key_type_t key_type) case ESP_KEY_MGR_DS_KEY: _lock_release(&s_key_mgr_ds_key_lock); break; - case ESP_KEY_MGR_PSRAM_128_KEY: - case ESP_KEY_MGR_PSRAM_256_KEY: + case ESP_KEY_MGR_PSRAM_XTS_AES_KEY: _lock_release(&s_key_mgr_psram_key_lock); break; default: @@ -96,15 +88,11 @@ static void esp_key_mgr_release_key_lock(esp_key_mgr_key_type_t key_type) static void esp_key_mgr_acquire_key_lock(esp_key_mgr_key_type_t key_type) { switch (key_type) { - case ESP_KEY_MGR_ECDSA_192_KEY: - case ESP_KEY_MGR_ECDSA_256_KEY: - case ESP_KEY_MGR_ECDSA_384_KEY: - case ESP_KEY_MGR_XTS_AES_128_KEY: - case ESP_KEY_MGR_XTS_AES_256_KEY: + case ESP_KEY_MGR_ECDSA_KEY: + case ESP_KEY_MGR_FLASH_XTS_AES_KEY: case ESP_KEY_MGR_HMAC_KEY: case ESP_KEY_MGR_DS_KEY: - case ESP_KEY_MGR_PSRAM_128_KEY: - case ESP_KEY_MGR_PSRAM_256_KEY: + case ESP_KEY_MGR_PSRAM_XTS_AES_KEY: break; default: ESP_LOGE(TAG, "Invalid key type"); @@ -116,15 +104,11 @@ static void esp_key_mgr_acquire_key_lock(esp_key_mgr_key_type_t key_type) static void esp_key_mgr_release_key_lock(esp_key_mgr_key_type_t key_type) { switch (key_type) { - case ESP_KEY_MGR_ECDSA_192_KEY: - case ESP_KEY_MGR_ECDSA_256_KEY: - case ESP_KEY_MGR_ECDSA_384_KEY: - case ESP_KEY_MGR_XTS_AES_128_KEY: - case ESP_KEY_MGR_XTS_AES_256_KEY: + case ESP_KEY_MGR_ECDSA_KEY: + case ESP_KEY_MGR_FLASH_XTS_AES_KEY: case ESP_KEY_MGR_HMAC_KEY: case ESP_KEY_MGR_DS_KEY: - case ESP_KEY_MGR_PSRAM_128_KEY: - case ESP_KEY_MGR_PSRAM_256_KEY: + case ESP_KEY_MGR_PSRAM_XTS_AES_KEY: break; default: ESP_LOGE(TAG, "Invalid key type"); @@ -158,25 +142,82 @@ static void esp_key_mgr_release_hardware(bool deployment_mode) esp_crypto_key_mgr_enable_periph_clk(false); } -static esp_key_mgr_key_purpose_t get_key_purpose(esp_key_mgr_key_type_t key_type) +/** + * @brief Check if a key purpose requires a secondary deployment stage + * + * Multi-part keys (256-bit XTS-AES and 384-bit ECDSA) require two deployment stages. + * This function identifies the primary purposes that need a follow-up secondary deployment. + * + * @param purpose Key purpose to check + * @return true if this purpose requires a secondary deployment, false otherwise + */ +static inline bool is_multi_stage_key_purpose(esp_key_mgr_key_purpose_t purpose) +{ + return (purpose == ESP_KEY_MGR_KEY_PURPOSE_FLASH_256_1 || + purpose == ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_1 || + purpose == ESP_KEY_MGR_KEY_PURPOSE_ECDSA_384_H); +} + +/** + * @brief Get the secondary key purpose for a given primary purpose + * + * @param primary_purpose The primary key purpose + * @return The corresponding secondary purpose, or ESP_KEY_MGR_KEY_PURPOSE_INVALID if not applicable + */ +static inline esp_key_mgr_key_purpose_t get_secondary_key_purpose(esp_key_mgr_key_purpose_t primary_purpose) +{ + switch (primary_purpose) { + case ESP_KEY_MGR_KEY_PURPOSE_FLASH_256_1: + return ESP_KEY_MGR_KEY_PURPOSE_FLASH_256_2; + case ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_1: + return ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2; + case ESP_KEY_MGR_KEY_PURPOSE_ECDSA_384_H: + return ESP_KEY_MGR_KEY_PURPOSE_ECDSA_384_L; + default: + return ESP_KEY_MGR_KEY_PURPOSE_INVALID; + } +} + +static esp_key_mgr_key_purpose_t get_key_purpose(const esp_key_mgr_key_type_t key_type, const esp_key_mgr_key_len_t key_len) { switch (key_type) { - case ESP_KEY_MGR_ECDSA_192_KEY: - return ESP_KEY_MGR_KEY_PURPOSE_ECDSA_192; - case ESP_KEY_MGR_ECDSA_256_KEY: - return ESP_KEY_MGR_KEY_PURPOSE_ECDSA_256; - case ESP_KEY_MGR_XTS_AES_128_KEY: - return ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_128; - case ESP_KEY_MGR_XTS_AES_256_KEY: - return ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_1; + case ESP_KEY_MGR_ECDSA_KEY: + switch (key_len) { + case ESP_KEY_MGR_ECDSA_LEN_192: + return ESP_KEY_MGR_KEY_PURPOSE_ECDSA_192; + case ESP_KEY_MGR_ECDSA_LEN_256: + return ESP_KEY_MGR_KEY_PURPOSE_ECDSA_256; + case ESP_KEY_MGR_ECDSA_LEN_384: + return ESP_KEY_MGR_KEY_PURPOSE_ECDSA_384_H; + default: + return ESP_KEY_MGR_KEY_PURPOSE_INVALID; + } + + case ESP_KEY_MGR_FLASH_XTS_AES_KEY: + switch (key_len) { + case ESP_KEY_MGR_XTS_AES_LEN_128: + return ESP_KEY_MGR_KEY_PURPOSE_FLASH_128; + case ESP_KEY_MGR_XTS_AES_LEN_256: + return ESP_KEY_MGR_KEY_PURPOSE_FLASH_256_1; + default: + return ESP_KEY_MGR_KEY_PURPOSE_INVALID; + } + case ESP_KEY_MGR_HMAC_KEY: return ESP_KEY_MGR_KEY_PURPOSE_HMAC; + case ESP_KEY_MGR_DS_KEY: return ESP_KEY_MGR_KEY_PURPOSE_DS; - case ESP_KEY_MGR_PSRAM_128_KEY: - return ESP_KEY_MGR_KEY_PURPOSE_PSRAM_128; - case ESP_KEY_MGR_PSRAM_256_KEY: - return ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_1; + + case ESP_KEY_MGR_PSRAM_XTS_AES_KEY: + switch (key_len) { + case ESP_KEY_MGR_XTS_AES_LEN_128: + return ESP_KEY_MGR_KEY_PURPOSE_PSRAM_128; + case ESP_KEY_MGR_XTS_AES_LEN_256: + return ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_1; + default: + return ESP_KEY_MGR_KEY_PURPOSE_INVALID; + } default: return ESP_KEY_MGR_KEY_PURPOSE_INVALID; } @@ -309,7 +350,7 @@ static esp_err_t key_mgr_deploy_key_aes_mode(aes_deploy_config_t *config) key_mgr_wait_for_state(ESP_KEY_MGR_STATE_IDLE); if ((!key_mgr_hal_is_huk_valid()) || (!config->huk_deployed)) { - // For purpose ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_2 or ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2 this part shall be already executed + // For purpose ESP_KEY_MGR_KEY_PURPOSE_FLASH_256_2 or ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2 this part shall be already executed huk_deploy_config_t huk_deploy_config = { .use_pre_generated_huk_info = config->key_config->use_pre_generated_huk_info, .pre_generated_huk_info = &config->key_config->huk_info, @@ -324,10 +365,7 @@ static esp_err_t key_mgr_deploy_key_aes_mode(aes_deploy_config_t *config) ESP_LOGD(TAG, "HUK deployed successfully"); } - uint8_t key_recovery_info_index = 0; - if (config->key_purpose == ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_2 || config->key_purpose == ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2) { - key_recovery_info_index = 1; - } + uint8_t key_recovery_info_index = is_multi_stage_key_purpose(config->key_purpose) ? 0 : 1; uint8_t *key_recovery_info = config->key_info->key_info[key_recovery_info_index].info; @@ -339,12 +377,11 @@ static esp_err_t key_mgr_deploy_key_aes_mode(aes_deploy_config_t *config) key_mgr_hal_set_key_purpose(config->key_purpose); // Set key length for XTS-AES key - esp_key_mgr_key_type_t key_type = (esp_key_mgr_key_type_t) config->key_config->key_type; + esp_key_mgr_key_type_t key_type = config->key_config->key_type; + esp_key_mgr_key_len_t key_len = config->key_config->key_len; - if (key_type == ESP_KEY_MGR_XTS_AES_128_KEY || key_type == ESP_KEY_MGR_PSRAM_128_KEY) { - key_mgr_hal_set_xts_aes_key_len(key_type, ESP_KEY_MGR_XTS_AES_LEN_256); - } else if (key_type == ESP_KEY_MGR_XTS_AES_256_KEY || key_type == ESP_KEY_MGR_PSRAM_256_KEY) { - key_mgr_hal_set_xts_aes_key_len(key_type, ESP_KEY_MGR_XTS_AES_LEN_512); + if (key_type == ESP_KEY_MGR_FLASH_XTS_AES_KEY || key_type == ESP_KEY_MGR_PSRAM_XTS_AES_KEY) { + key_mgr_hal_set_xts_aes_key_len(key_type, key_len); } if (config->key_config->use_pre_generated_sw_init_key) { @@ -375,8 +412,11 @@ static esp_err_t key_mgr_deploy_key_aes_mode(aes_deploy_config_t *config) key_mgr_hal_read_public_info(key_recovery_info, KEY_MGR_KEY_RECOVERY_INFO_SIZE); - if (config->key_purpose != ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_1 && config->key_purpose != ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_1) { - if (!key_mgr_hal_is_key_deployment_valid(key_type)) { + // Check if key deployment validation should be skipped for this purpose + // Primary purposes in multi-stage deployments skip validation after the first stage + // because the key is not yet completely deployed. + if (!is_multi_stage_key_purpose(config->key_purpose)) { + if (!key_mgr_hal_is_key_deployment_valid(key_type, key_len)) { ESP_LOGE(TAG, "Key deployment is not valid"); return ESP_FAIL; } @@ -389,6 +429,8 @@ static esp_err_t key_mgr_deploy_key_aes_mode(aes_deploy_config_t *config) config->key_info->key_info[key_recovery_info_index].crc = esp_rom_crc32_le(0, key_recovery_info, KEY_MGR_KEY_RECOVERY_INFO_SIZE); config->key_info->key_type = key_type; + config->key_info->key_len = key_len; + config->key_info->key_deployment_mode = ESP_KEY_MGR_KEYGEN_MODE_AES; config->key_info->magic = KEY_HUK_SECTOR_MAGIC; return ESP_OK; @@ -408,7 +450,7 @@ esp_err_t esp_key_mgr_deploy_key_in_aes_mode(const esp_key_mgr_aes_key_config_t .k1_encrypted = key_config->k1_encrypted[0], }; - aes_deploy_config.key_purpose = get_key_purpose(key_config->key_type); + aes_deploy_config.key_purpose = get_key_purpose(key_config->key_type, key_config->key_len); if (aes_deploy_config.key_purpose == ESP_KEY_MGR_KEY_PURPOSE_INVALID) { ESP_LOGE(TAG, "Invalid key type"); return ESP_ERR_INVALID_ARG; @@ -424,8 +466,8 @@ esp_err_t esp_key_mgr_deploy_key_in_aes_mode(const esp_key_mgr_aes_key_config_t aes_deploy_config.huk_deployed = true; - if (key_config->key_type == ESP_KEY_MGR_XTS_AES_256_KEY || key_config->key_type == ESP_KEY_MGR_PSRAM_256_KEY) { - aes_deploy_config.key_purpose = key_config->key_type == ESP_KEY_MGR_XTS_AES_256_KEY ? ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_2 : ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2; + if (is_multi_stage_key_purpose(aes_deploy_config.key_purpose)) { + aes_deploy_config.key_purpose = get_secondary_key_purpose(aes_deploy_config.key_purpose); aes_deploy_config.k1_encrypted = key_config->k1_encrypted[1]; esp_ret = key_mgr_deploy_key_aes_mode(&aes_deploy_config); if (esp_ret != ESP_OK) { @@ -473,11 +515,11 @@ static esp_err_t key_mgr_recover_key(key_recovery_config_t *config) key_mgr_hal_set_key_generator_mode(ESP_KEY_MGR_KEYGEN_MODE_RECOVER); // Set XTS-AES key length - esp_key_mgr_key_type_t key_type = (esp_key_mgr_key_type_t) config->key_recovery_info->key_type; - if (key_type == ESP_KEY_MGR_XTS_AES_128_KEY || key_type == ESP_KEY_MGR_PSRAM_128_KEY) { - key_mgr_hal_set_xts_aes_key_len(key_type, ESP_KEY_MGR_XTS_AES_LEN_256); - } else if (key_type == ESP_KEY_MGR_XTS_AES_256_KEY || key_type == ESP_KEY_MGR_PSRAM_256_KEY) { - key_mgr_hal_set_xts_aes_key_len(key_type, ESP_KEY_MGR_XTS_AES_LEN_512); + esp_key_mgr_key_type_t key_type = config->key_recovery_info->key_type; + esp_key_mgr_key_len_t key_len = config->key_recovery_info->key_len; + + if (key_type == ESP_KEY_MGR_FLASH_XTS_AES_KEY || key_type == ESP_KEY_MGR_PSRAM_XTS_AES_KEY) { + key_mgr_hal_set_xts_aes_key_len(key_type, key_len); } key_mgr_hal_set_key_purpose(config->key_purpose); @@ -486,26 +528,22 @@ static esp_err_t key_mgr_recover_key(key_recovery_config_t *config) key_mgr_wait_for_state(ESP_KEY_MGR_STATE_LOAD); - if (config->key_purpose == ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_2 || config->key_purpose == ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2) { - if (!check_key_info_validity(&config->key_recovery_info->key_info[1])) { - ESP_LOGE(TAG, "Key info not valid"); - return ESP_FAIL; - } - key_mgr_hal_write_assist_info(config->key_recovery_info->key_info[1].info, KEY_MGR_KEY_RECOVERY_INFO_SIZE); - } else { - if (!check_key_info_validity(&config->key_recovery_info->key_info[0])) { - ESP_LOGE(TAG, "Key info not valid"); - return ESP_FAIL; - } - key_mgr_hal_write_assist_info(config->key_recovery_info->key_info[0].info, KEY_MGR_KEY_RECOVERY_INFO_SIZE); + uint8_t key_recovery_info_index = is_multi_stage_key_purpose(config->key_purpose) ? 0 : 1; + + if (!check_key_info_validity(&config->key_recovery_info->key_info[key_recovery_info_index])) { + ESP_LOGE(TAG, "Key info not valid"); + return ESP_FAIL; } + key_mgr_hal_write_assist_info(config->key_recovery_info->key_info[key_recovery_info_index].info, KEY_MGR_KEY_RECOVERY_INFO_SIZE); key_mgr_hal_continue(); key_mgr_wait_for_state(ESP_KEY_MGR_STATE_GAIN); - // TODO: Maybe need to extend this to ECDSA_384_L and ECDSA_384_H (IDF-14120) - if (config->key_purpose != ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_1 && config->key_purpose != ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_1) { - if (!key_mgr_hal_is_key_deployment_valid(key_type)) { + // Check if key deployment validation should be skipped for this purpose + // Primary purposes in multi-stage deployments skip validation after the first stage + // because the key is not yet completely deployed. + if (!is_multi_stage_key_purpose(config->key_purpose)) { + if (!key_mgr_hal_is_key_deployment_valid(key_type, key_len)) { ESP_LOGD(TAG, "Key deployment is not valid"); return ESP_FAIL; } @@ -531,7 +569,7 @@ esp_err_t esp_key_mgr_activate_key(esp_key_mgr_key_recovery_info_t *key_recovery .key_recovery_info = key_recovery_info, }; - key_recovery_config.key_purpose = get_key_purpose(key_type); + key_recovery_config.key_purpose = get_key_purpose(key_type, key_recovery_info->key_len); if (key_recovery_config.key_purpose == ESP_KEY_MGR_KEY_PURPOSE_INVALID) { ESP_LOGE(TAG, "Invalid key type"); return ESP_ERR_INVALID_ARG; @@ -548,8 +586,8 @@ esp_err_t esp_key_mgr_activate_key(esp_key_mgr_key_recovery_info_t *key_recovery goto cleanup; } - if (key_type == ESP_KEY_MGR_XTS_AES_256_KEY || key_type == ESP_KEY_MGR_PSRAM_256_KEY) { - key_recovery_config.key_purpose = key_type == ESP_KEY_MGR_XTS_AES_256_KEY ? ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_2 : ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2; + if (is_multi_stage_key_purpose(key_recovery_config.key_purpose)) { + key_recovery_config.key_purpose = get_secondary_key_purpose(key_recovery_config.key_purpose); esp_ret = key_mgr_recover_key(&key_recovery_config); if (esp_ret != ESP_OK) { ESP_LOGE(TAG, "Failed to recover key"); @@ -593,7 +631,7 @@ static esp_err_t key_mgr_deploy_key_ecdh0_mode(ecdh0_deploy_config_t *config) key_mgr_wait_for_state(ESP_KEY_MGR_STATE_IDLE); if ((!key_mgr_hal_is_huk_valid()) || (!config->huk_deployed)) { - // For purpose ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_2 or ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2 this part shall be already executed + // For purpose ESP_KEY_MGR_KEY_PURPOSE_FLASH_256_2 or ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2 this part shall be already executed huk_deploy_config_t huk_deploy_config = { .use_pre_generated_huk_info = config->key_config->use_pre_generated_huk_info, .pre_generated_huk_info = &config->key_config->huk_info, @@ -608,10 +646,7 @@ static esp_err_t key_mgr_deploy_key_ecdh0_mode(ecdh0_deploy_config_t *config) ESP_LOGD(TAG, "HUK deployed successfully"); } - uint8_t key_recovery_info_index = 0; - if (config->key_purpose == ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_2 || config->key_purpose == ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2) { - key_recovery_info_index = 1; - } + uint8_t key_recovery_info_index = is_multi_stage_key_purpose(config->key_purpose) ? 0 : 1; uint8_t *key_recovery_info = config->key_info->key_info[key_recovery_info_index].info; @@ -623,12 +658,11 @@ static esp_err_t key_mgr_deploy_key_ecdh0_mode(ecdh0_deploy_config_t *config) key_mgr_hal_set_key_purpose(config->key_purpose); // Set XTS-AES key length - esp_key_mgr_key_type_t key_type = (esp_key_mgr_key_type_t) config->key_config->key_type; + esp_key_mgr_key_type_t key_type = config->key_config->key_type; + esp_key_mgr_key_len_t key_len = config->key_config->key_len; - if (key_type == ESP_KEY_MGR_XTS_AES_128_KEY || key_type == ESP_KEY_MGR_PSRAM_128_KEY) { - key_mgr_hal_set_xts_aes_key_len(key_type, ESP_KEY_MGR_XTS_AES_LEN_256); - } else if (key_type == ESP_KEY_MGR_XTS_AES_256_KEY || key_type == ESP_KEY_MGR_PSRAM_256_KEY) { - key_mgr_hal_set_xts_aes_key_len(key_type, ESP_KEY_MGR_XTS_AES_LEN_512); + if (key_type == ESP_KEY_MGR_FLASH_XTS_AES_KEY || key_type == ESP_KEY_MGR_PSRAM_XTS_AES_KEY) { + key_mgr_hal_set_xts_aes_key_len(key_type, key_len); } key_mgr_hal_start(); @@ -647,8 +681,11 @@ static esp_err_t key_mgr_deploy_key_ecdh0_mode(ecdh0_deploy_config_t *config) key_mgr_hal_read_public_info(key_recovery_info, KEY_MGR_KEY_RECOVERY_INFO_SIZE); key_mgr_hal_read_assist_info(config->ecdh0_key_info); - if (config->key_purpose != ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_1 && config->key_purpose != ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_1) { - if (!key_mgr_hal_is_key_deployment_valid(key_type)) { + // Check if key deployment validation should be skipped for this purpose + // Primary purposes in multi-stage deployments skip validation after the first stage + // because the key is not yet completely deployed. + if (!is_multi_stage_key_purpose(config->key_purpose)) { + if (!key_mgr_hal_is_key_deployment_valid(key_type, key_len)) { ESP_LOGE(TAG, "Key deployment is not valid"); return ESP_FAIL; } @@ -661,6 +698,8 @@ static esp_err_t key_mgr_deploy_key_ecdh0_mode(ecdh0_deploy_config_t *config) config->key_info->key_info[key_recovery_info_index].crc = esp_rom_crc32_le(0, key_recovery_info, KEY_MGR_KEY_RECOVERY_INFO_SIZE); config->key_info->key_type = key_type; + config->key_info->key_len = key_len; + config->key_info->key_deployment_mode = ESP_KEY_MGR_KEYGEN_MODE_ECDH0; config->key_info->magic = KEY_HUK_SECTOR_MAGIC; return ESP_OK; @@ -675,8 +714,6 @@ esp_err_t esp_key_mgr_deploy_key_in_ecdh0_mode(const esp_key_mgr_ecdh0_key_confi ESP_LOGD(TAG, "Key Deployment in ECDH0 mode"); - esp_key_mgr_key_type_t key_type = key_config->key_type; - ecdh0_deploy_config_t ecdh0_deploy_config = { .key_config = key_config, .key_info = key_info, @@ -684,7 +721,7 @@ esp_err_t esp_key_mgr_deploy_key_in_ecdh0_mode(const esp_key_mgr_ecdh0_key_confi .ecdh0_key_info = ecdh0_key_info->k2_G[0], }; - ecdh0_deploy_config.key_purpose = get_key_purpose(key_config->key_type); + ecdh0_deploy_config.key_purpose = get_key_purpose(key_config->key_type, key_config->key_len); if (ecdh0_deploy_config.key_purpose == ESP_KEY_MGR_KEY_PURPOSE_INVALID) { ESP_LOGE(TAG, "Invalid key type"); return ESP_ERR_INVALID_ARG; @@ -700,8 +737,8 @@ esp_err_t esp_key_mgr_deploy_key_in_ecdh0_mode(const esp_key_mgr_ecdh0_key_confi ecdh0_deploy_config.huk_deployed = true; - if (key_type == ESP_KEY_MGR_XTS_AES_256_KEY || key_type == ESP_KEY_MGR_PSRAM_256_KEY) { - ecdh0_deploy_config.key_purpose = key_type == ESP_KEY_MGR_XTS_AES_256_KEY ? ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_2 : ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2; + if (is_multi_stage_key_purpose(ecdh0_deploy_config.key_purpose)) { + ecdh0_deploy_config.key_purpose = get_secondary_key_purpose(ecdh0_deploy_config.key_purpose); ecdh0_deploy_config.k1_G = key_config->k1_G[1]; ecdh0_deploy_config.ecdh0_key_info = ecdh0_key_info->k2_G[1]; esp_ret = key_mgr_deploy_key_ecdh0_mode(&ecdh0_deploy_config); @@ -712,7 +749,7 @@ esp_err_t esp_key_mgr_deploy_key_in_ecdh0_mode(const esp_key_mgr_ecdh0_key_confi } // Set the Key Manager Static Register to use own key for the respective key type - key_mgr_hal_set_key_usage(key_type, ESP_KEY_MGR_USE_OWN_KEY); + key_mgr_hal_set_key_usage(key_config->key_type, ESP_KEY_MGR_USE_OWN_KEY); cleanup: esp_key_mgr_release_hardware(true); @@ -732,7 +769,7 @@ static esp_err_t key_mgr_deploy_key_random_mode(random_deploy_config_t *config) key_mgr_wait_for_state(ESP_KEY_MGR_STATE_IDLE); if ((!key_mgr_hal_is_huk_valid()) || (!config->huk_deployed)) { - // For purpose ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_2 or ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2 this part shall be already executed + // For purpose ESP_KEY_MGR_KEY_PURPOSE_FLASH_256_2 or ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2 this part shall be already executed huk_deploy_config_t huk_deploy_config = { .use_pre_generated_huk_info = config->key_config->use_pre_generated_huk_info, .pre_generated_huk_info = &config->key_config->huk_info, @@ -746,10 +783,7 @@ static esp_err_t key_mgr_deploy_key_random_mode(random_deploy_config_t *config) ESP_LOGD(TAG, "HUK deployed successfully"); } - uint8_t key_recovery_info_index = 0; - if (config->key_purpose == ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_2 || config->key_purpose == ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2) { - key_recovery_info_index = 1; - } + uint8_t key_recovery_info_index = is_multi_stage_key_purpose(config->key_purpose) ? 0 : 1; uint8_t *key_recovery_info = config->key_info->key_info[key_recovery_info_index].info; @@ -760,11 +794,11 @@ static esp_err_t key_mgr_deploy_key_random_mode(random_deploy_config_t *config) key_mgr_hal_set_key_purpose(config->key_purpose); // Set XTS-AES key length - esp_key_mgr_key_type_t key_type = (esp_key_mgr_key_type_t) config->key_config->key_type; - if (key_type == ESP_KEY_MGR_XTS_AES_128_KEY || key_type == ESP_KEY_MGR_PSRAM_128_KEY) { - key_mgr_hal_set_xts_aes_key_len(key_type, ESP_KEY_MGR_XTS_AES_LEN_256); - } else if (key_type == ESP_KEY_MGR_XTS_AES_256_KEY || key_type == ESP_KEY_MGR_PSRAM_256_KEY) { - key_mgr_hal_set_xts_aes_key_len(key_type, ESP_KEY_MGR_XTS_AES_LEN_512); + esp_key_mgr_key_type_t key_type = config->key_config->key_type; + esp_key_mgr_key_len_t key_len = config->key_config->key_len; + + if (key_type == ESP_KEY_MGR_FLASH_XTS_AES_KEY || key_type == ESP_KEY_MGR_PSRAM_XTS_AES_KEY) { + key_mgr_hal_set_xts_aes_key_len(key_type, key_len); } key_mgr_hal_start(); @@ -777,8 +811,11 @@ static esp_err_t key_mgr_deploy_key_random_mode(random_deploy_config_t *config) key_mgr_wait_for_state(ESP_KEY_MGR_STATE_GAIN); key_mgr_hal_read_public_info(key_recovery_info, KEY_MGR_KEY_RECOVERY_INFO_SIZE); - if (config->key_purpose != ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_1 && config->key_purpose != ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_1) { - if (!key_mgr_hal_is_key_deployment_valid(key_type)) { + // Check if key deployment validation should be skipped for this purpose + // Primary purposes in multi-stage deployments skip validation after the first stage + // because the key is not yet completely deployed. + if (!is_multi_stage_key_purpose(config->key_purpose)) { + if (!key_mgr_hal_is_key_deployment_valid(key_type, key_len)) { ESP_LOGE(TAG, "Key deployment is not valid"); return ESP_FAIL; } @@ -791,6 +828,8 @@ static esp_err_t key_mgr_deploy_key_random_mode(random_deploy_config_t *config) config->key_info->key_info[key_recovery_info_index].crc = esp_rom_crc32_le(0, key_recovery_info, KEY_MGR_KEY_RECOVERY_INFO_SIZE); config->key_info->key_type = key_type; + config->key_info->key_len = key_len; + config->key_info->key_deployment_mode = ESP_KEY_MGR_KEYGEN_MODE_RANDOM; config->key_info->magic = KEY_HUK_SECTOR_MAGIC; return ESP_OK; @@ -809,7 +848,7 @@ esp_err_t esp_key_mgr_deploy_key_in_random_mode(const esp_key_mgr_random_key_con .key_info = key_recovery_info, }; - random_deploy_config.key_purpose = get_key_purpose(key_config->key_type); + random_deploy_config.key_purpose = get_key_purpose(key_config->key_type, key_config->key_len); if (random_deploy_config.key_purpose == ESP_KEY_MGR_KEY_PURPOSE_INVALID) { ESP_LOGE(TAG, "Invalid key type"); return ESP_ERR_INVALID_ARG; @@ -825,8 +864,8 @@ esp_err_t esp_key_mgr_deploy_key_in_random_mode(const esp_key_mgr_random_key_con random_deploy_config.huk_deployed = true; - if (key_config->key_type == ESP_KEY_MGR_XTS_AES_256_KEY || key_config->key_type == ESP_KEY_MGR_PSRAM_256_KEY) { - random_deploy_config.key_purpose = key_config->key_type == ESP_KEY_MGR_XTS_AES_256_KEY ? ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_2 : ESP_KEY_MGR_KEY_PURPOSE_PSRAM_256_2; + if (is_multi_stage_key_purpose(random_deploy_config.key_purpose)) { + random_deploy_config.key_purpose = get_secondary_key_purpose(random_deploy_config.key_purpose); esp_ret = key_mgr_deploy_key_random_mode(&random_deploy_config); if (esp_ret != ESP_OK) { ESP_LOGE(TAG, "Key deployment in Random mode failed"); diff --git a/components/esp_security/src/init.c b/components/esp_security/src/init.c index d73fda5c88..9a3a3fc147 100644 --- a/components/esp_security/src/init.c +++ b/components/esp_security/src/init.c @@ -48,7 +48,7 @@ static void esp_key_mgr_init(void) }; // Force Key Manager to use eFuse key by-default for an XTS-AES operation. - key_mgr_ll_set_key_usage(ESP_KEY_MGR_XTS_AES_128_KEY, ESP_KEY_MGR_USE_EFUSE_KEY); + key_mgr_ll_set_key_usage(ESP_KEY_MGR_FLASH_XTS_AES_KEY, ESP_KEY_MGR_USE_EFUSE_KEY); } } #endif /* SOC_KEY_MANAGER_SUPPORT_KEY_DEPLOYMENT */ diff --git a/components/esp_security/test_apps/crypto_drivers/main/test_key_mgr.c b/components/esp_security/test_apps/crypto_drivers/main/test_key_mgr.c index a2f9c01181..5b5a34abac 100644 --- a/components/esp_security/test_apps/crypto_drivers/main/test_key_mgr.c +++ b/components/esp_security/test_apps/crypto_drivers/main/test_key_mgr.c @@ -147,7 +147,8 @@ TEST_CASE("Key Manager AES mode: XTS-AES-128 key deployment", "[hw_crypto] [key_ memcpy(key_config->k1_encrypted, (uint8_t*) k1_encrypt, KEY_MGR_K1_ENCRYPTED_SIZE); memcpy(key_config->sw_init_key, (uint8_t*) init_key, KEY_MGR_SW_INIT_KEY_SIZE); key_config->use_pre_generated_sw_init_key = 1; - key_config->key_type = ESP_KEY_MGR_XTS_AES_128_KEY; + key_config->key_type = ESP_KEY_MGR_FLASH_XTS_AES_KEY; + key_config->key_len = ESP_KEY_MGR_XTS_AES_LEN_128; esp_key_mgr_key_recovery_info_t *key_recovery_info = calloc(1, sizeof(esp_key_mgr_key_recovery_info_t)); TEST_ASSERT_NOT_NULL(key_recovery_info); @@ -167,7 +168,8 @@ TEST_CASE("Key Manager ECDH0 mode: XTS-AES-128 key deployment", "[hw_crypto] [ke TEST_ASSERT_NOT_NULL(key_config); memcpy(key_config->k1_G, (uint8_t*) k1_G, KEY_MGR_ECDH0_INFO_SIZE); - key_config->key_type = ESP_KEY_MGR_XTS_AES_128_KEY; + key_config->key_type = ESP_KEY_MGR_FLASH_XTS_AES_KEY; + key_config->key_len = ESP_KEY_MGR_XTS_AES_LEN_128; esp_key_mgr_key_recovery_info_t *key_recovery_info = calloc(1, sizeof(esp_key_mgr_key_recovery_info_t)); TEST_ASSERT_NOT_NULL(key_recovery_info); @@ -190,7 +192,8 @@ TEST_CASE("Key Manager Random mode: XTS-AES-128 key deployment", "[hw_crypto] [k esp_key_mgr_random_key_config_t *key_config = calloc(1, sizeof(esp_key_mgr_random_key_config_t)); TEST_ASSERT_NOT_NULL(key_config); - key_config->key_type = ESP_KEY_MGR_XTS_AES_128_KEY; + key_config->key_type = ESP_KEY_MGR_FLASH_XTS_AES_KEY; + key_config->key_len = ESP_KEY_MGR_XTS_AES_LEN_128; esp_key_mgr_key_recovery_info_t *key_recovery_info = calloc(1, sizeof(esp_key_mgr_key_recovery_info_t)); TEST_ASSERT_NOT_NULL(key_recovery_info); @@ -211,7 +214,8 @@ TEST_CASE("Key Manager random mode: ECDSA key deployment", "[hw_crypto] [key_mgr esp_key_mgr_random_key_config_t *key_config = calloc(1, sizeof(esp_key_mgr_random_key_config_t)); TEST_ASSERT_NOT_NULL(key_config); - key_config->key_type = ESP_KEY_MGR_ECDSA_256_KEY; + key_config->key_type = ESP_KEY_MGR_ECDSA_KEY; + key_config->key_len = ESP_KEY_MGR_ECDSA_LEN_256; esp_key_mgr_key_recovery_info_t *key_recovery_info = calloc(1, sizeof(esp_key_mgr_key_recovery_info_t)); TEST_ASSERT_NOT_NULL(key_recovery_info); diff --git a/components/esp_tee/test_apps/tee_test_fw/main/test_esp_tee_sec_stg.c b/components/esp_tee/test_apps/tee_test_fw/main/test_esp_tee_sec_stg.c index 2f979eb137..b1dbef45fe 100644 --- a/components/esp_tee/test_apps/tee_test_fw/main/test_esp_tee_sec_stg.c +++ b/components/esp_tee/test_apps/tee_test_fw/main/test_esp_tee_sec_stg.c @@ -480,7 +480,6 @@ static void test_ecdsa_sign(mbedtls_ecp_group_id gid) .grp_id = gid, .tee_key_id = key_id, .load_pubkey = true, - .use_tee_sec_stg_key = true, }; TEST_ASSERT_EQUAL(0, esp_ecdsa_tee_set_pk_context(&key_ctx, &conf)); diff --git a/components/hal/ecdsa_hal.c b/components/hal/ecdsa_hal.c index 923119017b..36480dfab2 100644 --- a/components/hal/ecdsa_hal.c +++ b/components/hal/ecdsa_hal.c @@ -49,21 +49,13 @@ static void configure_ecdsa_periph(ecdsa_hal_config_t *conf) HAL_ASSERT(false && "Key manager is not supported"); } - // Force Key Manager to use eFuse key for XTS-AES operation - if (conf->curve == ECDSA_CURVE_SECP192R1) { - key_mgr_hal_set_key_usage(ESP_KEY_MGR_ECDSA_192_KEY, ESP_KEY_MGR_USE_EFUSE_KEY); - } else { - key_mgr_hal_set_key_usage(ESP_KEY_MGR_ECDSA_256_KEY, ESP_KEY_MGR_USE_EFUSE_KEY); - } + // Force Key Manager to use eFuse key for ECDSA operation + key_mgr_hal_set_key_usage(ESP_KEY_MGR_ECDSA_KEY, ESP_KEY_MGR_USE_EFUSE_KEY); #endif } #if SOC_KEY_MANAGER_SUPPORTED else { - if (conf->curve == ECDSA_CURVE_SECP192R1) { - key_mgr_hal_set_key_usage(ESP_KEY_MGR_ECDSA_192_KEY, ESP_KEY_MGR_USE_OWN_KEY); - } else { - key_mgr_hal_set_key_usage(ESP_KEY_MGR_ECDSA_256_KEY, ESP_KEY_MGR_USE_OWN_KEY); - } + key_mgr_hal_set_key_usage(ESP_KEY_MGR_ECDSA_KEY, ESP_KEY_MGR_USE_OWN_KEY); } #endif diff --git a/components/hal/esp32c5/include/hal/key_mgr_ll.h b/components/hal/esp32c5/include/hal/key_mgr_ll.h index 71fc8167f7..83e4bbfbc2 100644 --- a/components/hal/esp32c5/include/hal/key_mgr_ll.h +++ b/components/hal/esp32c5/include/hal/key_mgr_ll.h @@ -163,9 +163,7 @@ static inline void key_mgr_ll_use_sw_init_key(void) static inline void key_mgr_ll_set_key_usage(const esp_key_mgr_key_type_t key_type, const esp_key_mgr_key_usage_t key_usage) { switch (key_type) { - case ESP_KEY_MGR_ECDSA_192_KEY: - case ESP_KEY_MGR_ECDSA_256_KEY: - case ESP_KEY_MGR_ECDSA_384_KEY: + case ESP_KEY_MGR_ECDSA_KEY: if (key_usage == ESP_KEY_MGR_USE_EFUSE_KEY) { REG_SET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_ECDSA); } else { @@ -173,8 +171,7 @@ static inline void key_mgr_ll_set_key_usage(const esp_key_mgr_key_type_t key_typ } break; - case ESP_KEY_MGR_XTS_AES_128_KEY: - case ESP_KEY_MGR_XTS_AES_256_KEY: + case ESP_KEY_MGR_FLASH_XTS_AES_KEY: if (key_usage == ESP_KEY_MGR_USE_EFUSE_KEY) { REG_SET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_FLASH); } else { @@ -198,8 +195,7 @@ static inline void key_mgr_ll_set_key_usage(const esp_key_mgr_key_type_t key_typ } break; - case ESP_KEY_MGR_PSRAM_128_KEY: - case ESP_KEY_MGR_PSRAM_256_KEY: + case ESP_KEY_MGR_PSRAM_XTS_AES_KEY: if (key_usage == ESP_KEY_MGR_USE_EFUSE_KEY) { REG_SET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_PSRAM); } else { @@ -215,30 +211,30 @@ static inline void key_mgr_ll_set_key_usage(const esp_key_mgr_key_type_t key_typ static inline esp_key_mgr_key_usage_t key_mgr_ll_get_key_usage(esp_key_mgr_key_type_t key_type) { switch (key_type) { - case ESP_KEY_MGR_ECDSA_192_KEY: - case ESP_KEY_MGR_ECDSA_256_KEY: - case ESP_KEY_MGR_ECDSA_384_KEY: + case ESP_KEY_MGR_ECDSA_KEY: return (esp_key_mgr_key_usage_t) (REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_ECDSA)); + break; - case ESP_KEY_MGR_XTS_AES_128_KEY: - case ESP_KEY_MGR_XTS_AES_256_KEY: + case ESP_KEY_MGR_FLASH_XTS_AES_KEY: return (esp_key_mgr_key_usage_t) (REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_FLASH)); + break; case ESP_KEY_MGR_HMAC_KEY: return (esp_key_mgr_key_usage_t) (REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_HMAC)); + break; case ESP_KEY_MGR_DS_KEY: return (esp_key_mgr_key_usage_t) (REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_DS)); + break; - case ESP_KEY_MGR_PSRAM_128_KEY: - case ESP_KEY_MGR_PSRAM_256_KEY: + case ESP_KEY_MGR_PSRAM_XTS_AES_KEY: return (esp_key_mgr_key_usage_t) (REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_PSRAM)); + break; default: HAL_ASSERT(false && "Unsupported key type"); return ESP_KEY_MGR_USAGE_INVALID; } - return ESP_KEY_MGR_USAGE_INVALID; } /** @@ -259,14 +255,11 @@ static inline void key_mgr_ll_lock_use_sw_init_key_reg(void) static inline void key_mgr_ll_lock_use_efuse_key_reg(esp_key_mgr_key_type_t key_type) { switch(key_type) { - case ESP_KEY_MGR_ECDSA_192_KEY: - case ESP_KEY_MGR_ECDSA_256_KEY: - case ESP_KEY_MGR_ECDSA_384_KEY: + case ESP_KEY_MGR_ECDSA_KEY: REG_SET_BIT(KEYMNG_LOCK_REG, KEYMNG_USE_EFUSE_KEY_LOCK_ECDSA); break; - case ESP_KEY_MGR_XTS_AES_128_KEY: - case ESP_KEY_MGR_XTS_AES_256_KEY: + case ESP_KEY_MGR_FLASH_XTS_AES_KEY: REG_SET_BIT(KEYMNG_LOCK_REG, KEYMNG_USE_EFUSE_KEY_LOCK_FLASH); break; @@ -278,8 +271,7 @@ static inline void key_mgr_ll_lock_use_efuse_key_reg(esp_key_mgr_key_type_t key_ REG_SET_BIT(KEYMNG_LOCK_REG, KEYMNG_USE_EFUSE_KEY_LOCK_DS); break; - case ESP_KEY_MGR_PSRAM_128_KEY: - case ESP_KEY_MGR_PSRAM_256_KEY: + case ESP_KEY_MGR_PSRAM_XTS_AES_KEY: REG_SET_BIT(KEYMNG_LOCK_REG, KEYMNG_USE_EFUSE_KEY_LOCK_PSRAM); break; @@ -318,32 +310,53 @@ static inline bool key_mgr_ll_is_result_success(void) * @return 1 for Success * 0 for failure */ -static inline bool key_mgr_ll_is_key_deployment_valid(const esp_key_mgr_key_type_t key_type) +static inline bool key_mgr_ll_is_key_deployment_valid(const esp_key_mgr_key_type_t key_type, const esp_key_mgr_key_len_t key_len) { switch (key_type) { - case ESP_KEY_MGR_ECDSA_192_KEY: - return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_ECDSA_192_VLD); - case ESP_KEY_MGR_ECDSA_256_KEY: - return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_ECDSA_256_VLD); - case ESP_KEY_MGR_ECDSA_384_KEY: - return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_ECDSA_384_VLD); - - case ESP_KEY_MGR_XTS_AES_128_KEY: - case ESP_KEY_MGR_XTS_AES_256_KEY: + case ESP_KEY_MGR_ECDSA_KEY: + switch (key_len) { + case ESP_KEY_MGR_ECDSA_LEN_192: + return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_ECDSA_192_VLD); + case ESP_KEY_MGR_ECDSA_LEN_256: + return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_ECDSA_256_VLD); + case ESP_KEY_MGR_ECDSA_LEN_384: + return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_ECDSA_384_VLD); + default: + HAL_ASSERT(false && "Unsupported key type"); + return 0; + } + case ESP_KEY_MGR_FLASH_XTS_AES_KEY: + switch (key_len) { + case ESP_KEY_MGR_XTS_AES_LEN_128: + case ESP_KEY_MGR_XTS_AES_LEN_256: + return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_FLASH_VLD); + default: + HAL_ASSERT(false && "Unsupported key type"); + return 0; + } return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_FLASH_VLD); + break; case ESP_KEY_MGR_HMAC_KEY: return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_HMAC_VLD); + break; case ESP_KEY_MGR_DS_KEY: return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_DS_VLD); + break; - case ESP_KEY_MGR_PSRAM_128_KEY: - case ESP_KEY_MGR_PSRAM_256_KEY: - return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_PSRAM_VLD); + case ESP_KEY_MGR_PSRAM_XTS_AES_KEY: + switch (key_len) { + case ESP_KEY_MGR_XTS_AES_LEN_128: + case ESP_KEY_MGR_XTS_AES_LEN_256: + return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_PSRAM_VLD); + default: + HAL_ASSERT(false && "Unsupported key type"); + return 0; + } default: - HAL_ASSERT(false && "Unsupported key type"); + HAL_ASSERT(false && "Unsupported mode"); return 0; } } @@ -411,22 +424,54 @@ static inline bool key_mgr_ll_is_huk_valid(void) } /* @brief Set the XTS-AES (Flash Encryption) key length for the Key Manager */ -static inline void key_mgr_ll_set_xts_aes_key_len(const esp_key_mgr_key_type_t key_type, const esp_key_mgr_xts_aes_key_len_t key_len) +static inline void key_mgr_ll_set_xts_aes_key_len(const esp_key_mgr_key_type_t key_type, const esp_key_mgr_key_len_t key_len) { - if (key_type == ESP_KEY_MGR_XTS_AES_128_KEY || key_type == ESP_KEY_MGR_XTS_AES_256_KEY) { - REG_SET_FIELD(KEYMNG_STATIC_REG, KEYMNG_FLASH_KEY_LEN, key_len); - } else if (key_type == ESP_KEY_MGR_PSRAM_128_KEY || key_type == ESP_KEY_MGR_PSRAM_256_KEY) { - REG_SET_FIELD(KEYMNG_STATIC_REG, KEYMNG_PSRAM_KEY_LEN, key_len); + uint32_t key_len_bit_mask; + + if (key_type == ESP_KEY_MGR_FLASH_XTS_AES_KEY) { + key_len_bit_mask = KEYMNG_FLASH_KEY_LEN; + } else if (key_type == ESP_KEY_MGR_PSRAM_XTS_AES_KEY) { + key_len_bit_mask = KEYMNG_PSRAM_KEY_LEN; + } else { + HAL_ASSERT(false && "Unsupported key type"); + return; + } + + switch (key_len) { + case ESP_KEY_MGR_XTS_AES_LEN_128: + REG_CLR_BIT(KEYMNG_STATIC_REG, key_len_bit_mask); + break; + case ESP_KEY_MGR_XTS_AES_LEN_256: + REG_SET_BIT(KEYMNG_STATIC_REG, key_len_bit_mask); + break; + default: + HAL_ASSERT(false && "Unsupported key length"); + return; } } /* @brief Get the XTS-AES (Flash Encryption) key length for the Key Manager */ -static inline esp_key_mgr_xts_aes_key_len_t key_mgr_ll_get_xts_aes_key_len(const esp_key_mgr_key_type_t key_type) +static inline esp_key_mgr_key_len_t key_mgr_ll_get_xts_aes_key_len(const esp_key_mgr_key_type_t key_type) { - if (key_type == ESP_KEY_MGR_PSRAM_128_KEY || key_type == ESP_KEY_MGR_PSRAM_256_KEY) { - return (esp_key_mgr_xts_aes_key_len_t) REG_GET_FIELD(KEYMNG_STATIC_REG, KEYMNG_PSRAM_KEY_LEN); + uint32_t key_len_bit = 0; + + if (key_type == ESP_KEY_MGR_FLASH_XTS_AES_KEY) { + key_len_bit = REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_FLASH_KEY_LEN); + } else if (key_type == ESP_KEY_MGR_PSRAM_XTS_AES_KEY) { + key_len_bit = REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_PSRAM_KEY_LEN); } else { - return (esp_key_mgr_xts_aes_key_len_t) REG_GET_FIELD(KEYMNG_STATIC_REG, KEYMNG_FLASH_KEY_LEN); + HAL_ASSERT(false && "Unsupported key type"); + return (esp_key_mgr_key_len_t) key_len_bit; + } + + switch (key_len_bit) { + case 0: + return ESP_KEY_MGR_XTS_AES_LEN_128; + case 1: + return ESP_KEY_MGR_XTS_AES_LEN_256; + default: + HAL_ASSERT(false && "Unsupported key length"); + return (esp_key_mgr_key_len_t) key_len_bit; } } diff --git a/components/hal/esp32p4/include/hal/key_mgr_ll.h b/components/hal/esp32p4/include/hal/key_mgr_ll.h index 285f5909f0..6090696355 100644 --- a/components/hal/esp32p4/include/hal/key_mgr_ll.h +++ b/components/hal/esp32p4/include/hal/key_mgr_ll.h @@ -187,9 +187,7 @@ static inline void key_mgr_ll_use_sw_init_key(void) static inline void key_mgr_ll_set_key_usage(const esp_key_mgr_key_type_t key_type, const esp_key_mgr_key_usage_t key_usage) { switch (key_type) { - case ESP_KEY_MGR_ECDSA_192_KEY: - case ESP_KEY_MGR_ECDSA_256_KEY: - case ESP_KEY_MGR_ECDSA_384_KEY: + case ESP_KEY_MGR_ECDSA_KEY: if (key_usage == ESP_KEY_MGR_USE_EFUSE_KEY) { REG_SET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_ECDSA); } else { @@ -197,39 +195,38 @@ static inline void key_mgr_ll_set_key_usage(const esp_key_mgr_key_type_t key_typ } break; - case ESP_KEY_MGR_XTS_AES_128_KEY: - case ESP_KEY_MGR_XTS_AES_256_KEY: - if (key_usage == ESP_KEY_MGR_USE_EFUSE_KEY) { - REG_SET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_FLASH); - } else { - REG_CLR_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_FLASH); - } - break; -#if HAL_CONFIG(CHIP_SUPPORT_MIN_REV) >= 300 - case ESP_KEY_MGR_HMAC_KEY: - if (key_usage == ESP_KEY_MGR_USE_EFUSE_KEY) { - REG_SET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_HMAC); - } else { - REG_CLR_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_HMAC); - } - break; - - case ESP_KEY_MGR_DS_KEY: - if (key_usage == ESP_KEY_MGR_USE_EFUSE_KEY) { - REG_SET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_DS); - } else { - REG_CLR_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_DS); - } - break; - - case ESP_KEY_MGR_PSRAM_128_KEY: - case ESP_KEY_MGR_PSRAM_256_KEY: - if (key_usage == ESP_KEY_MGR_USE_EFUSE_KEY) { - REG_SET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_PSRAM); - } else { - REG_CLR_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_PSRAM); - } + case ESP_KEY_MGR_FLASH_XTS_AES_KEY: + if (key_usage == ESP_KEY_MGR_USE_EFUSE_KEY) { + REG_SET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_FLASH); + } else { + REG_CLR_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_FLASH); + } break; + +#if HAL_CONFIG(CHIP_SUPPORT_MIN_REV) >= 300 + case ESP_KEY_MGR_HMAC_KEY: + if (key_usage == ESP_KEY_MGR_USE_EFUSE_KEY) { + REG_SET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_HMAC); + } else { + REG_CLR_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_HMAC); + } + break; + + case ESP_KEY_MGR_DS_KEY: + if (key_usage == ESP_KEY_MGR_USE_EFUSE_KEY) { + REG_SET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_DS); + } else { + REG_CLR_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_DS); + } + break; + + case ESP_KEY_MGR_PSRAM_XTS_AES_KEY: + if (key_usage == ESP_KEY_MGR_USE_EFUSE_KEY) { + REG_SET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_PSRAM); + } else { + REG_CLR_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_PSRAM); + } + break; #endif default: HAL_ASSERT(false && "Unsupported mode"); @@ -240,35 +237,26 @@ static inline void key_mgr_ll_set_key_usage(const esp_key_mgr_key_type_t key_typ static inline esp_key_mgr_key_usage_t key_mgr_ll_get_key_usage(esp_key_mgr_key_type_t key_type) { switch (key_type) { - case ESP_KEY_MGR_ECDSA_192_KEY: - case ESP_KEY_MGR_ECDSA_256_KEY: - case ESP_KEY_MGR_ECDSA_384_KEY: + case ESP_KEY_MGR_ECDSA_KEY: return (esp_key_mgr_key_usage_t) (REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_ECDSA)); - break; - case ESP_KEY_MGR_XTS_AES_128_KEY: - case ESP_KEY_MGR_XTS_AES_256_KEY: - return (esp_key_mgr_key_usage_t) (REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_FLASH)); - break; + case ESP_KEY_MGR_FLASH_XTS_AES_KEY: + return (esp_key_mgr_key_usage_t) (REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_FLASH)); + #if HAL_CONFIG(CHIP_SUPPORT_MIN_REV) >= 300 - case ESP_KEY_MGR_HMAC_KEY: - return (esp_key_mgr_key_usage_t) (REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_HMAC)); - break; + case ESP_KEY_MGR_HMAC_KEY: + return (esp_key_mgr_key_usage_t) (REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_HMAC)); - case ESP_KEY_MGR_DS_KEY: - return (esp_key_mgr_key_usage_t) (REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_DS)); - break; + case ESP_KEY_MGR_DS_KEY: + return (esp_key_mgr_key_usage_t) (REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_DS)); - case ESP_KEY_MGR_PSRAM_128_KEY: - case ESP_KEY_MGR_PSRAM_256_KEY: - return (esp_key_mgr_key_usage_t) (REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_PSRAM)); - break; + case ESP_KEY_MGR_PSRAM_XTS_AES_KEY: + return (esp_key_mgr_key_usage_t) (REG_GET_BIT(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY_PSRAM)); #endif default: HAL_ASSERT(false && "Unsupported mode"); return ESP_KEY_MGR_USAGE_INVALID; } - return ESP_KEY_MGR_USAGE_INVALID; } /** @@ -289,29 +277,26 @@ static inline void key_mgr_ll_lock_use_sw_init_key_reg(void) static inline void key_mgr_ll_lock_use_efuse_key_reg(esp_key_mgr_key_type_t key_type) { switch(key_type) { - case ESP_KEY_MGR_ECDSA_192_KEY: - case ESP_KEY_MGR_ECDSA_256_KEY: - case ESP_KEY_MGR_ECDSA_384_KEY: + case ESP_KEY_MGR_ECDSA_KEY: REG_SET_BIT(KEYMNG_LOCK_REG, KEYMNG_USE_EFUSE_KEY_LOCK_ECDSA); break; - case ESP_KEY_MGR_XTS_AES_128_KEY: - case ESP_KEY_MGR_XTS_AES_256_KEY: - REG_SET_BIT(KEYMNG_LOCK_REG, KEYMNG_USE_EFUSE_KEY_LOCK_FLASH); - break; + case ESP_KEY_MGR_FLASH_XTS_AES_KEY: + REG_SET_BIT(KEYMNG_LOCK_REG, KEYMNG_USE_EFUSE_KEY_LOCK_FLASH); + break; + #if HAL_CONFIG(CHIP_SUPPORT_MIN_REV) >= 300 - case ESP_KEY_MGR_HMAC_KEY: - REG_SET_BIT(KEYMNG_LOCK_REG, KEYMNG_USE_EFUSE_KEY_LOCK_HMAC); - break; + case ESP_KEY_MGR_HMAC_KEY: + REG_SET_BIT(KEYMNG_LOCK_REG, KEYMNG_USE_EFUSE_KEY_LOCK_HMAC); + break; - case ESP_KEY_MGR_DS_KEY: - REG_SET_BIT(KEYMNG_LOCK_REG, KEYMNG_USE_EFUSE_KEY_LOCK_DS); - break; + case ESP_KEY_MGR_DS_KEY: + REG_SET_BIT(KEYMNG_LOCK_REG, KEYMNG_USE_EFUSE_KEY_LOCK_DS); + break; - case ESP_KEY_MGR_PSRAM_128_KEY: - case ESP_KEY_MGR_PSRAM_256_KEY: - REG_SET_BIT(KEYMNG_LOCK_REG, KEYMNG_USE_EFUSE_KEY_LOCK_PSRAM); - break; + case ESP_KEY_MGR_PSRAM_XTS_AES_KEY: + REG_SET_BIT(KEYMNG_LOCK_REG, KEYMNG_USE_EFUSE_KEY_LOCK_PSRAM); + break; #endif default: HAL_ASSERT(false && "Unsupported key type"); @@ -348,19 +333,33 @@ static inline bool key_mgr_ll_is_result_success(void) * @return 1 for Success * 0 for failure */ -static inline bool key_mgr_ll_is_key_deployment_valid(const esp_key_mgr_key_type_t key_type) +static inline bool key_mgr_ll_is_key_deployment_valid(const esp_key_mgr_key_type_t key_type, const esp_key_mgr_key_len_t key_len) { switch (key_type) { - case ESP_KEY_MGR_ECDSA_192_KEY: - return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_ECDSA_192_VLD); - case ESP_KEY_MGR_ECDSA_256_KEY: - return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_ECDSA_256_VLD); - case ESP_KEY_MGR_ECDSA_384_KEY: - return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_ECDSA_384_VLD); + case ESP_KEY_MGR_ECDSA_KEY: + switch (key_len) { + case ESP_KEY_MGR_ECDSA_LEN_192: + return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_ECDSA_192_VLD); + case ESP_KEY_MGR_ECDSA_LEN_256: + return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_ECDSA_256_VLD); + case ESP_KEY_MGR_ECDSA_LEN_384: + return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_ECDSA_384_VLD); + default: + HAL_ASSERT(false && "Unsupported key type"); + return 0; + } + + case ESP_KEY_MGR_FLASH_XTS_AES_KEY: + switch (key_len) { + case ESP_KEY_MGR_XTS_AES_LEN_128: + return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_FLASH_VLD); + case ESP_KEY_MGR_XTS_AES_LEN_256: + return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_FLASH_VLD); + default: + HAL_ASSERT(false && "Unsupported key type"); + return 0; + } - case ESP_KEY_MGR_XTS_AES_128_KEY: - case ESP_KEY_MGR_XTS_AES_256_KEY: - return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_FLASH_VLD); #if HAL_CONFIG(CHIP_SUPPORT_MIN_REV) >= 300 case ESP_KEY_MGR_HMAC_KEY: return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_HMAC_VLD); @@ -368,9 +367,16 @@ static inline bool key_mgr_ll_is_key_deployment_valid(const esp_key_mgr_key_type case ESP_KEY_MGR_DS_KEY: return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_DS_VLD); - case ESP_KEY_MGR_PSRAM_128_KEY: - case ESP_KEY_MGR_PSRAM_256_KEY: - return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_PSRAM_VLD); + case ESP_KEY_MGR_PSRAM_XTS_AES_KEY: + switch (key_len) { + case ESP_KEY_MGR_XTS_AES_LEN_128: + return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_PSRAM_VLD); + case ESP_KEY_MGR_XTS_AES_LEN_256: + return REG_GET_FIELD(KEYMNG_KEY_VLD_REG, KEYMNG_KEY_PSRAM_VLD); + default: + HAL_ASSERT(false && "Unsupported key type"); + return 0; + } #endif default: HAL_ASSERT(false && "Unsupported mode"); @@ -440,29 +446,32 @@ static inline bool key_mgr_ll_is_huk_valid(void) return REG_GET_FIELD(KEYMNG_HUK_VLD_REG, KEYMNG_HUK_VALID); } /* @brief Set the XTS-AES (Flash Encryption) key length for the Key Manager */ -static inline void key_mgr_ll_set_xts_aes_key_len(const esp_key_mgr_key_type_t key_type, const esp_key_mgr_xts_aes_key_len_t key_len) +static inline void key_mgr_ll_set_xts_aes_key_len(const esp_key_mgr_key_type_t key_type, const esp_key_mgr_key_len_t key_len) { - if (key_type == ESP_KEY_MGR_XTS_AES_128_KEY || key_type == ESP_KEY_MGR_XTS_AES_256_KEY) { + if (key_type == ESP_KEY_MGR_FLASH_XTS_AES_KEY) { REG_SET_FIELD(KEYMNG_STATIC_REG, KEYMNG_FLASH_KEY_LEN, key_len); } #if HAL_CONFIG(CHIP_SUPPORT_MIN_REV) >= 300 - else if (key_type == ESP_KEY_MGR_PSRAM_128_KEY || key_type == ESP_KEY_MGR_PSRAM_256_KEY) { + else if (key_type == ESP_KEY_MGR_PSRAM_XTS_AES_KEY) { REG_SET_FIELD(KEYMNG_STATIC_REG, KEYMNG_PSRAM_KEY_LEN, key_len); } #endif } /* @brief Get the XTS-AES (Flash Encryption) key length for the Key Manager */ -static inline esp_key_mgr_xts_aes_key_len_t key_mgr_ll_get_xts_aes_key_len(const esp_key_mgr_key_type_t key_type) +static inline esp_key_mgr_key_len_t key_mgr_ll_get_xts_aes_key_len(const esp_key_mgr_key_type_t key_type) { - if (key_type == ESP_KEY_MGR_XTS_AES_128_KEY || key_type == ESP_KEY_MGR_XTS_AES_256_KEY) { - return (esp_key_mgr_xts_aes_key_len_t) REG_GET_FIELD(KEYMNG_STATIC_REG, KEYMNG_FLASH_KEY_LEN); - } else { + if (key_type == ESP_KEY_MGR_FLASH_XTS_AES_KEY) { + return (esp_key_mgr_key_len_t) REG_GET_FIELD(KEYMNG_STATIC_REG, KEYMNG_FLASH_KEY_LEN); + } #if HAL_CONFIG(CHIP_SUPPORT_MIN_REV) >= 300 - return (esp_key_mgr_xts_aes_key_len_t) REG_GET_FIELD(KEYMNG_STATIC_REG, KEYMNG_PSRAM_KEY_LEN); -#else - HAL_ASSERT(false && "Unsupported key type"); + else if (key_type == ESP_KEY_MGR_PSRAM_XTS_AES_KEY) { + return (esp_key_mgr_key_len_t) REG_GET_FIELD(KEYMNG_STATIC_REG, KEYMNG_PSRAM_KEY_LEN); + } #endif + else { + HAL_ASSERT(false && "Unsupported key type"); + return (esp_key_mgr_key_len_t) 0; } } diff --git a/components/hal/include/hal/key_mgr_hal.h b/components/hal/include/hal/key_mgr_hal.h index 8434601a5d..f542781454 100644 --- a/components/hal/include/hal/key_mgr_hal.h +++ b/components/hal/include/hal/key_mgr_hal.h @@ -57,7 +57,7 @@ bool key_mgr_hal_is_result_success(void); * @return 1 for Success * 0 for failure */ -bool key_mgr_hal_is_key_deployment_valid(const esp_key_mgr_key_type_t key_type); +bool key_mgr_hal_is_key_deployment_valid(const esp_key_mgr_key_type_t key_type, const esp_key_mgr_key_len_t key_len); /** * @brief Check if the HUK is valid or not @@ -112,10 +112,10 @@ void key_mgr_hal_write_public_info(const uint8_t *public_info_buf, const size_t void key_mgr_hal_read_public_info(uint8_t *public_info_buf, const size_t read_len); /* @brief Set the XTS-AES key length for the Key Manager */ -void key_mgr_hal_set_xts_aes_key_len(const esp_key_mgr_key_type_t key_type, const esp_key_mgr_xts_aes_key_len_t key_len); +void key_mgr_hal_set_xts_aes_key_len(const esp_key_mgr_key_type_t key_type, const esp_key_mgr_key_len_t key_len); /* @brief Get the XTS-AES key length for the Key Manager */ -esp_key_mgr_xts_aes_key_len_t key_mgr_hal_get_xts_aes_key_len(const esp_key_mgr_key_type_t key_type); +esp_key_mgr_key_len_t key_mgr_hal_get_xts_aes_key_len(const esp_key_mgr_key_type_t key_type); /** * @brief Read state of Key Manager diff --git a/components/hal/include/hal/key_mgr_types.h b/components/hal/include/hal/key_mgr_types.h index dcdc8bd30e..48d764b901 100644 --- a/components/hal/include/hal/key_mgr_types.h +++ b/components/hal/include/hal/key_mgr_types.h @@ -20,41 +20,32 @@ extern "C" { * @brief State of Key Manager: idle, load, gain or busy. */ typedef enum { - ESP_KEY_MGR_STATE_IDLE = 0, /* Key Manager is idle */ + ESP_KEY_MGR_STATE_IDLE = 0, /* Key Manager is idle */ ESP_KEY_MGR_STATE_LOAD = 1, /* Key Manager is ready to receive input */ ESP_KEY_MGR_STATE_GAIN = 2, /* Key Manager is ready to provide output */ - ESP_KEY_MGR_STATE_BUSY = 3, /* Key Manager is busy */ + ESP_KEY_MGR_STATE_BUSY = 3, /* Key Manager is busy */ } esp_key_mgr_state_t; /** - * @brief Length of the XTS AES key + * @brief Length of the deployed key (XTS-AES, ECDSA) */ typedef enum { - ESP_KEY_MGR_XTS_AES_LEN_256 = 0, /* xts-aes key is 256 bit, please note that xts-aes algorithm is XTS_AES_128 */ - ESP_KEY_MGR_XTS_AES_LEN_512, /* xts-aes key is 512 bit, please note that xts-aes algorithm is XTS_AES_256 */ -} esp_key_mgr_xts_aes_key_len_t; + ESP_KEY_MGR_ECDSA_LEN_192 = 0, /* ecdsa key is 192 bit */ + ESP_KEY_MGR_ECDSA_LEN_256, /* ecdsa key is 256 bit */ + ESP_KEY_MGR_ECDSA_LEN_384, /* ecdsa key is 384 bit */ + ESP_KEY_MGR_XTS_AES_LEN_128, /* xts-aes key is 128 bit */ + ESP_KEY_MGR_XTS_AES_LEN_256, /* xts-aes key is 512 bit, please note that xts-aes algorithm is XTS_AES_256 */ +} esp_key_mgr_key_len_t; /** - * @brief Length of the PSRAM key + * @brief Type of the key */ typedef enum { - ESP_KEY_MGR_PSRAM_LEN_256 = 0, /* psram key is 256 bit, please note that xts-aes algorithm is XTS_AES_128 */ - ESP_KEY_MGR_PSRAM_LEN_512, /* psram key is 512 bit, please note that xts-aes algorithm is XTS_AES_256 */ -} esp_key_mgr_psram_key_len_t; - -/** - * @brief Type of the key: ECDSA, XTS - */ -typedef enum { - ESP_KEY_MGR_XTS_AES_128_KEY, /* XTS-AES 128-bit key */ - ESP_KEY_MGR_XTS_AES_256_KEY, /* XTS-AES 256-bit key */ - ESP_KEY_MGR_ECDSA_192_KEY, /* ECDSA 192-bit key */ - ESP_KEY_MGR_ECDSA_256_KEY, /* ECDSA 256-bit key */ - ESP_KEY_MGR_ECDSA_384_KEY, /* ECDSA 384-bit key */ - ESP_KEY_MGR_HMAC_KEY, /* HMAC key */ - ESP_KEY_MGR_DS_KEY, /* Digital signature key */ - ESP_KEY_MGR_PSRAM_128_KEY, /* PSRAM 128-bit key */ - ESP_KEY_MGR_PSRAM_256_KEY, /* PSRAM 256-bit key */ + ESP_KEY_MGR_ECDSA_KEY = 0, /* ECDSA key */ + ESP_KEY_MGR_FLASH_XTS_AES_KEY, /* XTS-AES key */ + ESP_KEY_MGR_HMAC_KEY, /* HMAC key */ + ESP_KEY_MGR_DS_KEY, /* Digital signature key */ + ESP_KEY_MGR_PSRAM_XTS_AES_KEY, /* PSRAM XTS-AES key */ } esp_key_mgr_key_type_t; /* @@ -140,7 +131,9 @@ typedef struct WORD_ALIGNED_ATTR PACKED_ATTR { uint32_t magic; uint32_t version; // for backward compatibility uint8_t key_type; - uint8_t reserved[15]; + uint8_t key_len; + uint8_t key_deployment_mode; + uint8_t reserved[13]; esp_key_mgr_huk_info_t huk_info; esp_key_mgr_key_info_t key_info[2]; // at most 2 key info (XTS-512_1 and XTS-512_2), at least use 1 } esp_key_mgr_key_recovery_info_t; diff --git a/components/hal/key_mgr_hal.c b/components/hal/key_mgr_hal.c index 5dcb67f5b2..9a9c281238 100644 --- a/components/hal/key_mgr_hal.c +++ b/components/hal/key_mgr_hal.c @@ -44,9 +44,9 @@ bool key_mgr_hal_is_result_success(void) return key_mgr_ll_is_result_success(); } -bool key_mgr_hal_is_key_deployment_valid(const esp_key_mgr_key_type_t key_type) +bool key_mgr_hal_is_key_deployment_valid(const esp_key_mgr_key_type_t key_type, const esp_key_mgr_key_len_t key_len) { - return key_mgr_ll_is_key_deployment_valid(key_type); + return key_mgr_ll_is_key_deployment_valid(key_type, key_len); } void key_mgr_hal_write_sw_init_key(const uint8_t *sw_init_key_buf, const size_t data_len) @@ -79,12 +79,12 @@ bool key_mgr_hal_is_huk_valid(void) return key_mgr_ll_is_huk_valid(); } -void key_mgr_hal_set_xts_aes_key_len(const esp_key_mgr_key_type_t key_type, const esp_key_mgr_xts_aes_key_len_t key_len) +void key_mgr_hal_set_xts_aes_key_len(const esp_key_mgr_key_type_t key_type, const esp_key_mgr_key_len_t key_len) { key_mgr_ll_set_xts_aes_key_len(key_type, key_len); } -esp_key_mgr_xts_aes_key_len_t key_mgr_hal_get_xts_aes_key_len(const esp_key_mgr_key_type_t key_type) +esp_key_mgr_key_len_t key_mgr_hal_get_xts_aes_key_len(const esp_key_mgr_key_type_t key_type) { return key_mgr_ll_get_xts_aes_key_len(key_type); } diff --git a/components/hal/test_apps/crypto/main/key_manager/ecdsa_192_key.pem b/components/hal/test_apps/crypto/main/key_manager/ecdsa_192_key.pem new file mode 100644 index 0000000000..56c7094fb5 --- /dev/null +++ b/components/hal/test_apps/crypto/main/key_manager/ecdsa_192_key.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MF8CAQEEGDXkbV5pWiMz+DCRueuWFyVZh/evy5rYyaAKBggqhkjOPQMBAaE0AzIA +BNaaJCemMzzHS5Eo8+3Dk5cHda8oYh1FadIbVLhnJA5EHrDv8QfStCVMSwV4mKoV +4A== +-----END EC PRIVATE KEY----- diff --git a/components/hal/test_apps/crypto/main/key_manager/ecdsa_256_key.pem b/components/hal/test_apps/crypto/main/key_manager/ecdsa_256_key.pem index 5e4dc4d806..9bfc1bf5a0 100644 --- a/components/hal/test_apps/crypto/main/key_manager/ecdsa_256_key.pem +++ b/components/hal/test_apps/crypto/main/key_manager/ecdsa_256_key.pem @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEICySt/VCEPFi962COuQDE+cXD3Bz8XjZy2O5SM1LsHsGoAoGCCqGSM49 -AwEHoUQDQgAEBYu5KXarLURySNNaeZcxtBTxC0vJAM/evz9NC01IjCVQlOLJ4Y6i -3UviK3bgk+3FqpJBM+SQCqeDgd7ktPtr9Q== +MHcCAQEEIDXkbV5pWiMz+DCRueuWFyVZh/evy5rYybp9nCInR4ADoAoGCCqGSM49 +AwEHoUQDQgAEtK2sL4kKVX9prPt6DqZBxJ24ZkXHnY2/oQZqnn4E1w4XtSHvIgFT +XdPWQ84RYC7IbrPmL36o0ftKY1xWtgMhFQ== -----END EC PRIVATE KEY----- diff --git a/components/hal/test_apps/crypto/main/key_manager/ecdsa_384_key.pem b/components/hal/test_apps/crypto/main/key_manager/ecdsa_384_key.pem new file mode 100644 index 0000000000..95cac99e07 --- /dev/null +++ b/components/hal/test_apps/crypto/main/key_manager/ecdsa_384_key.pem @@ -0,0 +1,6 @@ +-----BEGIN EC PRIVATE KEY----- +MIGkAgEBBDA15G1eaVojM/gwkbnrlhclWYf3r8ua2Mm6fZwiJ0eAA14RGq+Kl7Ap +1rabwaNfV2+gBwYFK4EEACKhZANiAAQSh7nvJpR8mRriSCjrNV2pAobLOigdosYt +u9I7EvTU4DmUthIIuFIoOdjkg8qvK2sucHc7sTdTx2BVwT8BeBCkTwPwqWPc5vnN +GEvVeg/3DrbA4k8MjT5z4C2cn752AM0= +-----END EC PRIVATE KEY----- diff --git a/components/hal/test_apps/crypto/main/key_manager/gen_key_manager_test_cases.py b/components/hal/test_apps/crypto/main/key_manager/gen_key_manager_test_cases.py index e271b3d48b..94c5752a8f 100644 --- a/components/hal/test_apps/crypto/main/key_manager/gen_key_manager_test_cases.py +++ b/components/hal/test_apps/crypto/main/key_manager/gen_key_manager_test_cases.py @@ -1,6 +1,5 @@ # SPDX-FileCopyrightText: 2024-2025 Espressif Systems (Shanghai) CO LTD # SPDX-License-Identifier: Unlicense OR CC0-1.0 -import argparse import hashlib import hmac import os @@ -18,9 +17,6 @@ from cryptography.hazmat.primitives.ciphers import modes from cryptography.utils import int_to_bytes from ecdsa.curves import NIST256p -supported_targets = {'esp32p4', 'esp32c5'} -supported_ds_key_size = {'esp32p4': [4096, 3072, 2048, 1024], 'esp32c5': [3072, 2048, 1024]} - # Constants TEST_COUNT = 5 STORAGE_PARTITION_OFFSET = 0x160000 @@ -100,24 +96,32 @@ def generate_xts_test_data(key: bytes, base_flash_address: int = STORAGE_PARTITI return xts_test_data -def generate_ecdsa_256_key_and_pub_key(filename: str) -> tuple: - with open(filename, 'rb') as f: - private_number = int.from_bytes(f.read(), byteorder='big') +def generate_ecdsa_key_and_pub_key(key: bytes, key_size: int) -> tuple: + private_number = int.from_bytes(key, byteorder='big') - private_key = ec.derive_private_key(private_number, ec.SECP256R1()) + if key_size == 192: + curve = ec.SECP192R1() + elif key_size == 256: + curve = ec.SECP256R1() + elif key_size == 384: + curve = ec.SECP384R1() + else: + raise ValueError(f'Unsupported key size: {key_size}') + + private_key = ec.derive_private_key(private_number, curve) pem = private_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption(), ) - with open('ecdsa_256_key.pem', 'wb') as pem_file: + with open(f'ecdsa_{key_size}_key.pem', 'wb') as pem_file: pem_file.write(pem) public_key = private_key.public_key() pub_numbers = public_key.public_numbers() - pubx = pub_numbers.x.to_bytes(32, byteorder='little') - puby = pub_numbers.y.to_bytes(32, byteorder='little') + pubx = pub_numbers.x.to_bytes(key_size // 8, byteorder='little') + puby = pub_numbers.y.to_bytes(key_size // 8, byteorder='little') return pubx, puby @@ -128,20 +132,16 @@ def perform_ecc_point_multiplication(k1_int: int) -> Any: return k1_G -def generate_k1_G(key_file_path: str) -> tuple: +def generate_k1_G(k1_bytes: bytes) -> tuple: k1_G = [] - if os.path.exists(key_file_path): - with open(key_file_path, 'rb') as key_file: - k1_bytes = key_file.read() + k1_int = int.from_bytes(k1_bytes, byteorder='big') + k1_G_point = perform_ecc_point_multiplication(k1_int) + k1_G = k1_G_point.to_bytes()[:64] - k1_int = int.from_bytes(k1_bytes, byteorder='big') - k1_G_point = perform_ecc_point_multiplication(k1_int) - k1_G = k1_G_point.to_bytes()[:64] - - k1_G = k1_G[::-1] - k1_G_x = k1_G[:32] - k1_G_y = k1_G[32:] - k1_G = k1_G_y + k1_G_x + k1_G = k1_G[::-1] + k1_G_x = k1_G[:32] + k1_G_y = k1_G[32:] + k1_G = k1_G_y + k1_G_x return k1_G, k1_G @@ -238,14 +238,22 @@ def write_to_c_header( init_key: bytes, k1: bytes, k2_info: bytes, + k1_encrypted_24: list, + k1_encrypted_24_reversed: list, k1_encrypted_32: list, k1_encrypted_32_reversed: list, + k1_encrypted_48: list, + k1_encrypted_48_reversed: list, test_data_xts_aes_128: list, k1_encrypted_64: list, k1_encrypted_64_reversed: list, xts_test_data_xts_aes_256: list, - pubx: bytes, - puby: bytes, + ecdsa_p192_pubx: bytes, + ecdsa_p192_puby: bytes, + ecdsa_p256_pubx: bytes, + ecdsa_p256_puby: bytes, + ecdsa_p384_pubx: bytes, + ecdsa_p384_puby: bytes, k1_G_0: bytes, k1_G_1: bytes, hmac_message: bytes, @@ -271,8 +279,12 @@ typedef struct test_xts_data {{ }} test_xts_data_t; typedef struct test_ecdsa_data {{ - uint8_t pubx[32]; - uint8_t puby[32]; + uint8_t ecdsa_p192_pubx[24]; + uint8_t ecdsa_p192_puby[24]; + uint8_t ecdsa_p256_pubx[32]; + uint8_t ecdsa_p256_puby[32]; + uint8_t ecdsa_p384_pubx[48]; + uint8_t ecdsa_p384_puby[48]; }} test_ecdsa_data_t; typedef struct test_hmac_data {{ @@ -297,7 +309,9 @@ typedef struct test_ds_data {{ typedef struct test_data {{ uint8_t init_key[32]; uint8_t k2_info[64]; - uint8_t k1_encrypted[2][32]; // For both 256-bit and 512-bit keys + // [0] for XTS-AES-128 / ECDSA-P192 / HMAC / DS, [1] for XTS-AES-256 / ECDSA-P256 + // [2] for ECDSA-P384-H, [3] for ECDSA-P384-L + uint8_t k1_encrypted[4][32]; uint8_t plaintext_data[128]; union {{ test_xts_data_t xts_test_data[TEST_COUNT]; @@ -354,10 +368,19 @@ test_data_aes_mode_t test_data_xts_aes_128 = {{ test_data_aes_mode_t test_data_ecdsa = {{ .init_key = {{ {key_to_c_format(init_key)} }}, .k2_info = {{ {key_to_c_format(k2_info)} }}, - .k1_encrypted = {{ {{ {key_to_c_format(k1_encrypted_32_reversed[0])} }}, {{ }} }}, + .k1_encrypted = {{ + {{ {key_to_c_format(k1_encrypted_24_reversed[0])} }}, + {{ {key_to_c_format(k1_encrypted_32_reversed[0])} }}, + {{ {key_to_c_format(k1_encrypted_48_reversed[0])} }}, + {{ {key_to_c_format(k1_encrypted_48_reversed[1])} }}, + }}, .ecdsa_test_data = {{ - .pubx = {{ {key_to_c_format(pubx)} }}, - .puby = {{ {key_to_c_format(puby)} }} + .ecdsa_p192_pubx = {{ {key_to_c_format(ecdsa_p192_pubx)} }}, + .ecdsa_p192_puby = {{ {key_to_c_format(ecdsa_p192_puby)} }}, + .ecdsa_p256_pubx = {{ {key_to_c_format(ecdsa_p256_pubx)} }}, + .ecdsa_p256_puby = {{ {key_to_c_format(ecdsa_p256_puby)} }}, + .ecdsa_p384_pubx = {{ {key_to_c_format(ecdsa_p384_pubx)} }}, + .ecdsa_p384_puby = {{ {key_to_c_format(ecdsa_p384_puby)} }}, }} }}; """ @@ -413,7 +436,7 @@ test_data_aes_mode_t test_data_ds = {{ file.write(header_content) -def generate_tests_cases(target: str) -> None: +def generate_tests_cases() -> None: # Main script logic follows as per your provided structure init_key = key_from_file_or_generate('init_key.bin', 32) k2 = key_from_file_or_generate('k2.bin', 32) @@ -423,28 +446,47 @@ def generate_tests_cases(target: str) -> None: temp_result_outer = calculate_aes_cipher(temp_result_inner + rand_num, init_key) k2_info = temp_result_outer - k1_32 = key_from_file_or_generate('k1.bin', 32) - k1_64 = key_from_file_or_generate('k1_64.bin', 64) + k1 = key_from_file_or_generate('k1_64.bin', 64) + k1_24 = k1[:24] + k1_32 = k1[:32] + k1_48 = k1[:48] + k1_64 = k1[:] + + k1_24_reversed = k1_24[::-1] k1_32_reversed = k1_32[::-1] + k1_48_1 = k1_48[:16] + k1_48_1_reversed = k1_48_1[::-1] + k1_48_2 = k1_48[16:] + k1_48_2_reversed = k1_48_2[::-1] + k1_64_1 = k1_64[:32] k1_64_1_reversed = k1_64_1[::-1] k1_64_2 = k1_64[32:] k1_64_2_reversed = k1_64_2[::-1] + k1_encrypted_24 = [calculate_aes_cipher(b'\x00' * 8 + k1_24, k2)] k1_encrypted_32 = [calculate_aes_cipher(k1_32, k2)] + k1_encrypted_48 = [calculate_aes_cipher(b'\x00' * 16 + k1_48_1, k2), calculate_aes_cipher(k1_48_2, k2)] k1_encrypted_64 = [calculate_aes_cipher(k1_64_1, k2), calculate_aes_cipher(k1_64_2, k2)] + k1_encrypted_24_reversed = [calculate_aes_cipher(k1_24_reversed + b'\x00' * 8, k2)] k1_encrypted_32_reversed = [calculate_aes_cipher(k1_32_reversed, k2)] + k1_encrypted_48_reversed = [ + calculate_aes_cipher(k1_48_1_reversed + b'\x00' * 16, k2), + calculate_aes_cipher(k1_48_2_reversed, k2), + ] k1_encrypted_64_reversed = [calculate_aes_cipher(k1_64_1_reversed, k2), calculate_aes_cipher(k1_64_2_reversed, k2)] test_data_xts_aes_128 = generate_xts_test_data(k1_32) xts_test_data_xts_aes_256 = generate_xts_test_data(k1_64) - pubx, puby = generate_ecdsa_256_key_and_pub_key('k1.bin') + ecdsa_p192_pubx, ecdsa_p192_puby = generate_ecdsa_key_and_pub_key(k1_24, 192) + ecdsa_p256_pubx, ecdsa_p256_puby = generate_ecdsa_key_and_pub_key(k1_32, 256) + ecdsa_p384_pubx, ecdsa_p384_puby = generate_ecdsa_key_and_pub_key(k1_48, 384) - k1_G_0, k1_G_1 = generate_k1_G('k1.bin') + k1_G_0, k1_G_1 = generate_k1_G(k1_32) hmac_message, hmac_result = generate_hmac_test_data(k1_32) @@ -462,14 +504,22 @@ def generate_tests_cases(target: str) -> None: init_key, k1_32, k2_info, + k1_encrypted_24, + k1_encrypted_24_reversed, k1_encrypted_32, k1_encrypted_32_reversed, + k1_encrypted_48, + k1_encrypted_48_reversed, test_data_xts_aes_128, k1_encrypted_64, k1_encrypted_64_reversed, xts_test_data_xts_aes_256, - pubx, - puby, + ecdsa_p192_pubx, + ecdsa_p192_puby, + ecdsa_p256_pubx, + ecdsa_p256_puby, + ecdsa_p384_pubx, + ecdsa_p384_puby, k1_G_0, k1_G_1, hmac_message, @@ -485,15 +535,4 @@ def generate_tests_cases(target: str) -> None: if __name__ == '__main__': - parser = argparse.ArgumentParser(description="""Generates Digital Signature Test Cases""") - - parser.add_argument( - '--target', - required=True, - choices=supported_targets, - help='Target to generate test cases for, different targets support different max key length', - ) - - args = parser.parse_args() - - generate_tests_cases(args.target) + generate_tests_cases() diff --git a/components/hal/test_apps/crypto/main/key_manager/key_manager_test_cases.h b/components/hal/test_apps/crypto/main/key_manager/key_manager_test_cases.h index d6cfe6fd54..b6742bd3a2 100644 --- a/components/hal/test_apps/crypto/main/key_manager/key_manager_test_cases.h +++ b/components/hal/test_apps/crypto/main/key_manager/key_manager_test_cases.h @@ -15,8 +15,12 @@ typedef struct test_xts_data { } test_xts_data_t; typedef struct test_ecdsa_data { - uint8_t pubx[32]; - uint8_t puby[32]; + uint8_t ecdsa_p192_pubx[24]; + uint8_t ecdsa_p192_puby[24]; + uint8_t ecdsa_p256_pubx[32]; + uint8_t ecdsa_p256_puby[32]; + uint8_t ecdsa_p384_pubx[48]; + uint8_t ecdsa_p384_puby[48]; } test_ecdsa_data_t; typedef struct test_hmac_data { @@ -41,7 +45,9 @@ typedef struct test_ds_data { typedef struct test_data { uint8_t init_key[32]; uint8_t k2_info[64]; - uint8_t k1_encrypted[2][32]; // For both 256-bit and 512-bit keys + // [0] for XTS-AES-128 / ECDSA-P192 / HMAC / DS, [1] for XTS-AES-256 / ECDSA-P256 + // [2] for ECDSA-P384-H, [3] for ECDSA-P384-L + uint8_t k1_encrypted[4][32]; uint8_t plaintext_data[128]; union { test_xts_data_t xts_test_data[TEST_COUNT]; @@ -61,14 +67,14 @@ typedef struct test_data_ecdh0 { test_data_aes_mode_t test_data_xts_aes_128 = { .init_key = { 0xee, 0x89, 0x95, 0xda, 0x3c, 0x8a, 0x43, 0x83, 0xa9, 0x4b, 0x25, 0x5b, 0x04, 0x7e, 0xf1, 0x57, 0xb8, 0xe8, 0x06, 0x45, 0x87, 0x76, 0xee, 0x1b, 0x4e, 0x2e, 0x55, 0xa7, 0x1f, 0x25, 0xe1, 0x94 }, .k2_info = { 0x8f, 0x96, 0x33, 0x47, 0xe1, 0xa5, 0x57, 0xe9, 0x2a, 0x51, 0xa9, 0xbe, 0x48, 0x84, 0x25, 0x4e, 0x6f, 0x50, 0x1c, 0x45, 0xdb, 0xb6, 0xfa, 0xeb, 0x35, 0xd2, 0x27, 0x91, 0x3f, 0x67, 0x57, 0xd9, 0xcb, 0x55, 0xe4, 0x2b, 0x18, 0x16, 0xe7, 0xce, 0x6c, 0xf2, 0x58, 0x71, 0x17, 0x76, 0x2a, 0x86, 0x05, 0xe7, 0x37, 0x45, 0x71, 0x34, 0xca, 0xaf, 0x60, 0x07, 0xdf, 0xf4, 0xd2, 0xee, 0x3d, 0x4b }, - .k1_encrypted = { { 0xe0, 0xe8, 0x41, 0xe3, 0xd0, 0x92, 0x71, 0x84, 0x4b, 0x02, 0x1e, 0xec, 0x14, 0xdd, 0xaf, 0xf8, 0x39, 0xf9, 0x6a, 0x8d, 0x1b, 0xd7, 0x64, 0x3b, 0x7b, 0xa6, 0x05, 0x42, 0x01, 0xfb, 0xab, 0xe1 }, { } }, + .k1_encrypted = { { 0x37, 0xcf, 0x5b, 0x9e, 0x08, 0x26, 0x36, 0x31, 0xd7, 0x51, 0x3c, 0x33, 0x0d, 0x5d, 0x03, 0xad, 0x48, 0x6e, 0xbe, 0x82, 0xce, 0xa9, 0xc8, 0xd5, 0x98, 0x11, 0x24, 0xcc, 0x83, 0xf8, 0xf9, 0x53 }, { } }, .plaintext_data = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80 }, .xts_test_data = { - {.data_size = 32, .data_offset = 0x160000, .ciphertext = {0x0d, 0x02, 0x33, 0x69, 0x2f, 0x0f, 0x6f, 0x3e, 0xd1, 0xf0, 0x3d, 0x38, 0x63, 0xe3, 0x45, 0xe1, 0x01, 0xe2, 0xde, 0x88, 0xf2, 0x4e, 0x94, 0xa2, 0x22, 0xfe, 0x01, 0x6e, 0xe0, 0xf5, 0x16, 0x7c}}, - {.data_size = 64, .data_offset = 0x160100, .ciphertext = {0xc0, 0xc8, 0x19, 0x93, 0x12, 0xa2, 0xa6, 0x9c, 0xeb, 0x2b, 0x15, 0x84, 0x06, 0x71, 0x34, 0xfc, 0xef, 0xba, 0x53, 0xef, 0x66, 0xd8, 0xfd, 0x7f, 0x47, 0x88, 0x03, 0xe7, 0x44, 0xc4, 0x83, 0x30, 0x11, 0x2d, 0xd8, 0x87, 0xcd, 0xf9, 0x0c, 0x74, 0xa4, 0x14, 0x2d, 0xa5, 0xab, 0xf6, 0xd7, 0xdc, 0x4f, 0x8d, 0x22, 0x1a, 0x2e, 0x3d, 0x6d, 0x0f, 0xb3, 0xed, 0xf0, 0x7b, 0x01, 0x18, 0xf0, 0xd3}}, - {.data_size = 128, .data_offset = 0x160200, .ciphertext = {0xba, 0xe8, 0x7d, 0xfe, 0x1d, 0x7c, 0x95, 0x41, 0x5b, 0x59, 0x84, 0x4b, 0x37, 0x8e, 0x29, 0x53, 0xf5, 0x9d, 0x90, 0x07, 0xec, 0xc9, 0xdf, 0x52, 0xd5, 0xab, 0x7c, 0x73, 0x21, 0x52, 0x8d, 0xdc, 0x6f, 0xe1, 0xaa, 0x16, 0x4d, 0x86, 0x8a, 0x12, 0x29, 0x49, 0x9f, 0x96, 0x23, 0xd2, 0x4c, 0xa8, 0xcf, 0xe7, 0xa8, 0x83, 0x69, 0x57, 0x41, 0x92, 0x0a, 0x06, 0xf8, 0x7a, 0x30, 0xc6, 0xd6, 0x51, 0xb0, 0x34, 0x46, 0x08, 0x77, 0xc9, 0x49, 0x9d, 0x63, 0xee, 0x9f, 0x66, 0x08, 0xc1, 0x01, 0x0c, 0x07, 0x24, 0xc2, 0x76, 0x86, 0x14, 0xcb, 0xa1, 0x27, 0xc0, 0xe9, 0xcd, 0x1d, 0x60, 0x70, 0xa0, 0x0a, 0x21, 0x9e, 0x91, 0xfa, 0x1a, 0x8c, 0x10, 0x87, 0x17, 0x36, 0xf6, 0x20, 0xc2, 0x7e, 0x96, 0x0f, 0xde, 0x30, 0x28, 0x5a, 0x3a, 0x9e, 0x08, 0xe1, 0x35, 0xb3, 0x36, 0x2f, 0xc7, 0x0d, 0x28}}, - {.data_size = 16, .data_offset = 0x160300, .ciphertext = {0x0a, 0x2c, 0xcf, 0x75, 0x73, 0xa0, 0x5f, 0x80, 0xbb, 0xfb, 0xed, 0x9b, 0xc2, 0xd6, 0x05, 0x92}}, - {.data_size = 32, .data_offset = 0x160400, .ciphertext = {0x1e, 0x45, 0xab, 0xea, 0x70, 0x46, 0xb9, 0x08, 0x6d, 0x2f, 0xd1, 0xe4, 0x7f, 0xf3, 0x5d, 0xf9, 0x2e, 0xf9, 0x3d, 0x1f, 0x23, 0xe8, 0xa2, 0xd8, 0x5a, 0x53, 0xe7, 0xd7, 0xd7, 0x51, 0xe6, 0x92}}, + {.data_size = 32, .data_offset = 0x160000, .ciphertext = {0xba, 0xa3, 0xa4, 0x8f, 0x77, 0xac, 0xb5, 0x96, 0xc2, 0x9c, 0x76, 0xc3, 0x0f, 0x0e, 0xc5, 0xf1, 0xa8, 0x44, 0x4e, 0x05, 0x79, 0x0e, 0xa4, 0x1f, 0x72, 0x0a, 0xa5, 0xa9, 0xd8, 0x7c, 0xe8, 0xf5}}, + {.data_size = 64, .data_offset = 0x160100, .ciphertext = {0xf9, 0x09, 0x32, 0x28, 0xdc, 0x0b, 0x44, 0x8a, 0xbc, 0x06, 0x0e, 0xfb, 0x0e, 0x58, 0xfa, 0x3a, 0x16, 0x27, 0x41, 0xab, 0xde, 0xa7, 0x2b, 0xf5, 0xcc, 0xe0, 0x8c, 0xde, 0xda, 0x3b, 0x9b, 0x39, 0x04, 0xdf, 0x02, 0x5d, 0x87, 0xe8, 0x19, 0x2f, 0x87, 0x3a, 0x77, 0x00, 0x9c, 0x38, 0xb1, 0xfb, 0xae, 0xd8, 0xa7, 0x39, 0x4b, 0x89, 0x83, 0x4d, 0x4a, 0x9c, 0xee, 0x50, 0x3e, 0xd1, 0x64, 0xd2}}, + {.data_size = 128, .data_offset = 0x160200, .ciphertext = {0x03, 0xb0, 0xa3, 0x50, 0x55, 0x50, 0xdb, 0xc9, 0x6b, 0x39, 0xb2, 0x19, 0xd2, 0x57, 0xf8, 0x7b, 0x07, 0x3c, 0xe0, 0x01, 0xec, 0xc1, 0x38, 0x92, 0x8c, 0x96, 0x64, 0xbf, 0x18, 0xde, 0x12, 0x18, 0xa5, 0xca, 0x3a, 0x97, 0x6b, 0x7d, 0x0d, 0xe5, 0x15, 0xa1, 0x2d, 0x28, 0xdb, 0xb5, 0xe0, 0x2b, 0x7e, 0x6a, 0x9a, 0xe0, 0x16, 0x7b, 0xbf, 0x3c, 0x49, 0x05, 0x4e, 0x46, 0x92, 0x63, 0x7b, 0x49, 0x22, 0x60, 0x6a, 0xde, 0x96, 0x02, 0xd0, 0x24, 0x03, 0x69, 0x3b, 0xfe, 0x5f, 0xfe, 0xe4, 0x0c, 0xe3, 0x77, 0x40, 0x98, 0x43, 0xe9, 0x2a, 0xaf, 0x35, 0x57, 0x6f, 0x60, 0x08, 0x43, 0xd4, 0xb3, 0x7e, 0xb6, 0x2d, 0x19, 0x56, 0xc3, 0x94, 0x49, 0x93, 0x94, 0x3d, 0x8a, 0xf9, 0xbe, 0xb4, 0x19, 0x63, 0x20, 0x09, 0xae, 0x45, 0x00, 0x33, 0x4e, 0xa4, 0xbf, 0x09, 0x74, 0x78, 0x03, 0x13, 0x0b}}, + {.data_size = 16, .data_offset = 0x160300, .ciphertext = {0x8c, 0x37, 0x62, 0x84, 0x37, 0xb0, 0x80, 0x0f, 0xf2, 0xb2, 0xa8, 0x1b, 0x1e, 0x7f, 0xeb, 0x1b}}, + {.data_size = 32, .data_offset = 0x160400, .ciphertext = {0x05, 0x19, 0x1b, 0x8f, 0x30, 0xf1, 0x4d, 0x74, 0xc6, 0xf1, 0x3d, 0x9c, 0xcb, 0xbe, 0x7d, 0x06, 0x1a, 0xf4, 0xdd, 0x41, 0x23, 0x1e, 0x61, 0xe0, 0xaa, 0x14, 0x6a, 0x16, 0xac, 0x4c, 0x01, 0x67}}, } }; @@ -90,51 +96,60 @@ test_data_aes_mode_t test_data_xts_aes_256 = { test_data_aes_mode_t test_data_ecdsa = { .init_key = { 0xee, 0x89, 0x95, 0xda, 0x3c, 0x8a, 0x43, 0x83, 0xa9, 0x4b, 0x25, 0x5b, 0x04, 0x7e, 0xf1, 0x57, 0xb8, 0xe8, 0x06, 0x45, 0x87, 0x76, 0xee, 0x1b, 0x4e, 0x2e, 0x55, 0xa7, 0x1f, 0x25, 0xe1, 0x94 }, .k2_info = { 0x8f, 0x96, 0x33, 0x47, 0xe1, 0xa5, 0x57, 0xe9, 0x2a, 0x51, 0xa9, 0xbe, 0x48, 0x84, 0x25, 0x4e, 0x6f, 0x50, 0x1c, 0x45, 0xdb, 0xb6, 0xfa, 0xeb, 0x35, 0xd2, 0x27, 0x91, 0x3f, 0x67, 0x57, 0xd9, 0xcb, 0x55, 0xe4, 0x2b, 0x18, 0x16, 0xe7, 0xce, 0x6c, 0xf2, 0x58, 0x71, 0x17, 0x76, 0x2a, 0x86, 0x05, 0xe7, 0x37, 0x45, 0x71, 0x34, 0xca, 0xaf, 0x60, 0x07, 0xdf, 0xf4, 0xd2, 0xee, 0x3d, 0x4b }, - .k1_encrypted = { { 0xe0, 0xe8, 0x41, 0xe3, 0xd0, 0x92, 0x71, 0x84, 0x4b, 0x02, 0x1e, 0xec, 0x14, 0xdd, 0xaf, 0xf8, 0x39, 0xf9, 0x6a, 0x8d, 0x1b, 0xd7, 0x64, 0x3b, 0x7b, 0xa6, 0x05, 0x42, 0x01, 0xfb, 0xab, 0xe1 }, { } }, + .k1_encrypted = { + { 0xf2, 0x97, 0xcb, 0x28, 0xe0, 0x9b, 0xae, 0xc8, 0xa3, 0xbe, 0x53, 0xa0, 0xde, 0x43, 0xbe, 0xdd, 0xab, 0x93, 0x78, 0xf9, 0x05, 0x69, 0xd0, 0x8c, 0x80, 0x03, 0x07, 0x4c, 0x12, 0x17, 0x5a, 0xb3 }, + { 0x37, 0xcf, 0x5b, 0x9e, 0x08, 0x26, 0x36, 0x31, 0xd7, 0x51, 0x3c, 0x33, 0x0d, 0x5d, 0x03, 0xad, 0x48, 0x6e, 0xbe, 0x82, 0xce, 0xa9, 0xc8, 0xd5, 0x98, 0x11, 0x24, 0xcc, 0x83, 0xf8, 0xf9, 0x53 }, + { 0x48, 0x6e, 0xbe, 0x82, 0xce, 0xa9, 0xc8, 0xd5, 0x98, 0x11, 0x24, 0xcc, 0x83, 0xf8, 0xf9, 0x53, 0x1b, 0x44, 0xdf, 0x62, 0x72, 0x6e, 0xff, 0x10, 0xcf, 0x9b, 0xff, 0xac, 0xb3, 0x9f, 0xec, 0x22 }, + { 0x31, 0xd4, 0x4f, 0xf4, 0xf6, 0x1d, 0xa1, 0xc7, 0x1f, 0x2c, 0x11, 0xca, 0x9f, 0x21, 0x26, 0xaa, 0x37, 0xcf, 0x5b, 0x9e, 0x08, 0x26, 0x36, 0x31, 0xd7, 0x51, 0x3c, 0x33, 0x0d, 0x5d, 0x03, 0xad }, + }, .ecdsa_test_data = { - .pubx = { 0x25, 0x8c, 0x48, 0x4d, 0x0b, 0x4d, 0x3f, 0xbf, 0xde, 0xcf, 0x00, 0xc9, 0x4b, 0x0b, 0xf1, 0x14, 0xb4, 0x31, 0x97, 0x79, 0x5a, 0xd3, 0x48, 0x72, 0x44, 0x2d, 0xab, 0x76, 0x29, 0xb9, 0x8b, 0x05 }, - .puby = { 0xf5, 0x6b, 0xfb, 0xb4, 0xe4, 0xde, 0x81, 0x83, 0xa7, 0x0a, 0x90, 0xe4, 0x33, 0x41, 0x92, 0xaa, 0xc5, 0xed, 0x93, 0xe0, 0x76, 0x2b, 0xe2, 0x4b, 0xdd, 0xa2, 0x8e, 0xe1, 0xc9, 0xe2, 0x94, 0x50 } + .ecdsa_p192_pubx = { 0x69, 0x45, 0x1d, 0x62, 0x28, 0xaf, 0x75, 0x07, 0x97, 0x93, 0xc3, 0xed, 0xf3, 0x28, 0x91, 0x4b, 0xc7, 0x3c, 0x33, 0xa6, 0x27, 0x24, 0x9a, 0xd6 }, + .ecdsa_p192_puby = { 0xe0, 0x15, 0xaa, 0x98, 0x78, 0x05, 0x4b, 0x4c, 0x25, 0xb4, 0xd2, 0x07, 0xf1, 0xef, 0xb0, 0x1e, 0x44, 0x0e, 0x24, 0x67, 0xb8, 0x54, 0x1b, 0xd2 }, + .ecdsa_p256_pubx = { 0x0e, 0xd7, 0x04, 0x7e, 0x9e, 0x6a, 0x06, 0xa1, 0xbf, 0x8d, 0x9d, 0xc7, 0x45, 0x66, 0xb8, 0x9d, 0xc4, 0x41, 0xa6, 0x0e, 0x7a, 0xfb, 0xac, 0x69, 0x7f, 0x55, 0x0a, 0x89, 0x2f, 0xac, 0xad, 0xb4 }, + .ecdsa_p256_puby = { 0x15, 0x21, 0x03, 0xb6, 0x56, 0x5c, 0x63, 0x4a, 0xfb, 0xd1, 0xa8, 0x7e, 0x2f, 0xe6, 0xb3, 0x6e, 0xc8, 0x2e, 0x60, 0x11, 0xce, 0x43, 0xd6, 0xd3, 0x5d, 0x53, 0x01, 0x22, 0xef, 0x21, 0xb5, 0x17 }, + .ecdsa_p384_pubx = { 0x6b, 0x2b, 0xaf, 0xca, 0x83, 0xe4, 0xd8, 0x39, 0x28, 0x52, 0xb8, 0x08, 0x12, 0xb6, 0x94, 0x39, 0xe0, 0xd4, 0xf4, 0x12, 0x3b, 0xd2, 0xbb, 0x2d, 0xc6, 0xa2, 0x1d, 0x28, 0x3a, 0xcb, 0x86, 0x02, 0xa9, 0x5d, 0x35, 0xeb, 0x28, 0x48, 0xe2, 0x1a, 0x99, 0x7c, 0x94, 0x26, 0xef, 0xb9, 0x87, 0x12 }, + .ecdsa_p384_puby = { 0xcd, 0x00, 0x76, 0xbe, 0x9f, 0x9c, 0x2d, 0xe0, 0x73, 0x3e, 0x8d, 0x0c, 0x4f, 0xe2, 0xc0, 0xb6, 0x0e, 0xf7, 0x0f, 0x7a, 0xd5, 0x4b, 0x18, 0xcd, 0xf9, 0xe6, 0xdc, 0x63, 0xa9, 0xf0, 0x03, 0x4f, 0xa4, 0x10, 0x78, 0x01, 0x3f, 0xc1, 0x55, 0x60, 0xc7, 0x53, 0x37, 0xb1, 0x3b, 0x77, 0x70, 0x2e }, } }; test_data_ecdh0_mode_t test_data_ecdh0 = { .plaintext_data = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80 }, .k1 = { - { 0x2c, 0x92, 0xb7, 0xf5, 0x42, 0x10, 0xf1, 0x62, 0xf7, 0xad, 0x82, 0x3a, 0xe4, 0x03, 0x13, 0xe7, 0x17, 0x0f, 0x70, 0x73, 0xf1, 0x78, 0xd9, 0xcb, 0x63, 0xb9, 0x48, 0xcd, 0x4b, 0xb0, 0x7b, 0x06 }, - { 0x2c, 0x92, 0xb7, 0xf5, 0x42, 0x10, 0xf1, 0x62, 0xf7, 0xad, 0x82, 0x3a, 0xe4, 0x03, 0x13, 0xe7, 0x17, 0x0f, 0x70, 0x73, 0xf1, 0x78, 0xd9, 0xcb, 0x63, 0xb9, 0x48, 0xcd, 0x4b, 0xb0, 0x7b, 0x06 }, + { 0x35, 0xe4, 0x6d, 0x5e, 0x69, 0x5a, 0x23, 0x33, 0xf8, 0x30, 0x91, 0xb9, 0xeb, 0x96, 0x17, 0x25, 0x59, 0x87, 0xf7, 0xaf, 0xcb, 0x9a, 0xd8, 0xc9, 0xba, 0x7d, 0x9c, 0x22, 0x27, 0x47, 0x80, 0x03 }, + { 0x35, 0xe4, 0x6d, 0x5e, 0x69, 0x5a, 0x23, 0x33, 0xf8, 0x30, 0x91, 0xb9, 0xeb, 0x96, 0x17, 0x25, 0x59, 0x87, 0xf7, 0xaf, 0xcb, 0x9a, 0xd8, 0xc9, 0xba, 0x7d, 0x9c, 0x22, 0x27, 0x47, 0x80, 0x03 }, }, .k1_G = { - { 0x25, 0x8c, 0x48, 0x4d, 0x0b, 0x4d, 0x3f, 0xbf, 0xde, 0xcf, 0x00, 0xc9, 0x4b, 0x0b, 0xf1, 0x14, 0xb4, 0x31, 0x97, 0x79, 0x5a, 0xd3, 0x48, 0x72, 0x44, 0x2d, 0xab, 0x76, 0x29, 0xb9, 0x8b, 0x05, 0xf5, 0x6b, 0xfb, 0xb4, 0xe4, 0xde, 0x81, 0x83, 0xa7, 0x0a, 0x90, 0xe4, 0x33, 0x41, 0x92, 0xaa, 0xc5, 0xed, 0x93, 0xe0, 0x76, 0x2b, 0xe2, 0x4b, 0xdd, 0xa2, 0x8e, 0xe1, 0xc9, 0xe2, 0x94, 0x50 }, - { 0x25, 0x8c, 0x48, 0x4d, 0x0b, 0x4d, 0x3f, 0xbf, 0xde, 0xcf, 0x00, 0xc9, 0x4b, 0x0b, 0xf1, 0x14, 0xb4, 0x31, 0x97, 0x79, 0x5a, 0xd3, 0x48, 0x72, 0x44, 0x2d, 0xab, 0x76, 0x29, 0xb9, 0x8b, 0x05, 0xf5, 0x6b, 0xfb, 0xb4, 0xe4, 0xde, 0x81, 0x83, 0xa7, 0x0a, 0x90, 0xe4, 0x33, 0x41, 0x92, 0xaa, 0xc5, 0xed, 0x93, 0xe0, 0x76, 0x2b, 0xe2, 0x4b, 0xdd, 0xa2, 0x8e, 0xe1, 0xc9, 0xe2, 0x94, 0x50 }, + { 0x0e, 0xd7, 0x04, 0x7e, 0x9e, 0x6a, 0x06, 0xa1, 0xbf, 0x8d, 0x9d, 0xc7, 0x45, 0x66, 0xb8, 0x9d, 0xc4, 0x41, 0xa6, 0x0e, 0x7a, 0xfb, 0xac, 0x69, 0x7f, 0x55, 0x0a, 0x89, 0x2f, 0xac, 0xad, 0xb4, 0x15, 0x21, 0x03, 0xb6, 0x56, 0x5c, 0x63, 0x4a, 0xfb, 0xd1, 0xa8, 0x7e, 0x2f, 0xe6, 0xb3, 0x6e, 0xc8, 0x2e, 0x60, 0x11, 0xce, 0x43, 0xd6, 0xd3, 0x5d, 0x53, 0x01, 0x22, 0xef, 0x21, 0xb5, 0x17 }, + { 0x0e, 0xd7, 0x04, 0x7e, 0x9e, 0x6a, 0x06, 0xa1, 0xbf, 0x8d, 0x9d, 0xc7, 0x45, 0x66, 0xb8, 0x9d, 0xc4, 0x41, 0xa6, 0x0e, 0x7a, 0xfb, 0xac, 0x69, 0x7f, 0x55, 0x0a, 0x89, 0x2f, 0xac, 0xad, 0xb4, 0x15, 0x21, 0x03, 0xb6, 0x56, 0x5c, 0x63, 0x4a, 0xfb, 0xd1, 0xa8, 0x7e, 0x2f, 0xe6, 0xb3, 0x6e, 0xc8, 0x2e, 0x60, 0x11, 0xce, 0x43, 0xd6, 0xd3, 0x5d, 0x53, 0x01, 0x22, 0xef, 0x21, 0xb5, 0x17 }, } }; test_data_aes_mode_t test_data_hmac = { .init_key = { 0xee, 0x89, 0x95, 0xda, 0x3c, 0x8a, 0x43, 0x83, 0xa9, 0x4b, 0x25, 0x5b, 0x04, 0x7e, 0xf1, 0x57, 0xb8, 0xe8, 0x06, 0x45, 0x87, 0x76, 0xee, 0x1b, 0x4e, 0x2e, 0x55, 0xa7, 0x1f, 0x25, 0xe1, 0x94 }, .k2_info = { 0x8f, 0x96, 0x33, 0x47, 0xe1, 0xa5, 0x57, 0xe9, 0x2a, 0x51, 0xa9, 0xbe, 0x48, 0x84, 0x25, 0x4e, 0x6f, 0x50, 0x1c, 0x45, 0xdb, 0xb6, 0xfa, 0xeb, 0x35, 0xd2, 0x27, 0x91, 0x3f, 0x67, 0x57, 0xd9, 0xcb, 0x55, 0xe4, 0x2b, 0x18, 0x16, 0xe7, 0xce, 0x6c, 0xf2, 0x58, 0x71, 0x17, 0x76, 0x2a, 0x86, 0x05, 0xe7, 0x37, 0x45, 0x71, 0x34, 0xca, 0xaf, 0x60, 0x07, 0xdf, 0xf4, 0xd2, 0xee, 0x3d, 0x4b }, - .k1_encrypted = { { 0xd8, 0xf5, 0xe3, 0x3e, 0x9e, 0x79, 0xb7, 0x94, 0x3c, 0x84, 0xb0, 0xd4, 0x73, 0x21, 0x55, 0x39, 0x3f, 0xa4, 0x5f, 0x27, 0x5d, 0x4a, 0x2d, 0x2a, 0x30, 0xe5, 0xa2, 0xae, 0x78, 0xde, 0x34, 0x50 }, { } }, + .k1_encrypted = { { 0x92, 0x09, 0xe1, 0xb9, 0x45, 0x56, 0x38, 0x98, 0x6c, 0x83, 0xe2, 0xff, 0xc7, 0x82, 0x84, 0x69, 0x0a, 0xb4, 0xc7, 0x48, 0x84, 0xa4, 0xa0, 0xf6, 0x5c, 0xef, 0x4a, 0xd5, 0x70, 0x33, 0xfe, 0x7c }, { } }, .hmac_test_data = { .message = { 0x44, 0x65, 0x6c, 0x65, 0x6e, 0x69, 0x74, 0x69, 0x20, 0x76, 0x6f, 0x6c, 0x75, 0x70, 0x74, 0x61, 0x73, 0x20, 0x65, 0x78, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x62, 0x6f, 0x20, 0x65, 0x74, 0x20, 0x61, 0x73, 0x73, 0x75, 0x6d, 0x65, 0x6e, 0x64, 0x61, 0x2e, 0x20, 0x53, 0x65, 0x64, 0x20, 0x65, 0x74, 0x20, 0x61, 0x6c, 0x69, 0x71, 0x75, 0x69, 0x64, 0x20, 0x6d, 0x69, 0x6e, 0x75, 0x73, 0x20, 0x71, 0x75, 0x69, 0x73, 0x2e, 0x20, 0x50, 0x72, 0x61, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x69, 0x75, 0x6d, 0x20, 0x63, 0x75, 0x70, 0x69, 0x64, 0x69, 0x74, 0x61, 0x74, 0x65, 0x20, 0x71, 0x75, 0x69, 0x61, 0x20, 0x6e, 0x65, 0x6d, 0x6f, 0x20, 0x65, 0x73, 0x74, 0x2e, 0x20, 0x4c, 0x61, 0x62, 0x6f, 0x72, 0x69, 0x6f, 0x73, 0x61, 0x6d, 0x20, 0x70, 0x61, 0x72, 0x69, 0x61, 0x74, 0x75, 0x72, 0x20, 0x75, 0x74, 0x20, 0x64, 0x69, 0x73, 0x74, 0x69, 0x6e, 0x63, 0x74, 0x69, 0x6f, 0x20, 0x74, 0x65, 0x6e, 0x65, 0x74, 0x75, 0x72, 0x2e, 0x20, 0x53, 0x75, 0x6e, 0x74, 0x20, 0x61, 0x72, 0x63, 0x68, 0x69, 0x74, 0x65, 0x63, 0x74, 0x6f, 0x20, 0x69, 0x75, 0x72, 0x65, 0x20, 0x61, 0x73, 0x70, 0x65, 0x72, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x20, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x61, 0x20, 0x75, 0x74, 0x20, 0x72, 0x65, 0x63, 0x75, 0x73, 0x61, 0x6e, 0x64, 0x61, 0x65, 0x2e, 0x20, 0x55, 0x74, 0x20, 0x71, 0x75, 0x69, 0x62, 0x75, 0x73, 0x64, 0x61, 0x6d, 0x20, 0x6f, 0x63, 0x63, 0x61, 0x65, 0x63, 0x61, 0x74, 0x69, 0x20, 0x75, 0x74, 0x20, 0x71, 0x75, 0x69, 0x20, 0x73, 0x69, 0x74, 0x20, 0x64, 0x69, 0x67, 0x6e, 0x69, 0x73, 0x73, 0x69, 0x6d, 0x6f, 0x73, 0x20, 0x65, 0x61, 0x71, 0x75, 0x65, 0x2e, 0x2e }, - .hmac_result = { 0xa8, 0xc0, 0x4e, 0x46, 0x70, 0x24, 0x52, 0x24, 0x47, 0x05, 0x8a, 0xa0, 0x99, 0x2b, 0xf8, 0x67, 0xf6, 0x72, 0x6f, 0x51, 0xe0, 0x94, 0x97, 0xe5, 0x88, 0x71, 0x2d, 0x42, 0x63, 0xa9, 0x2c, 0xb7 } + .hmac_result = { 0xfe, 0xc4, 0x5b, 0xb8, 0x5a, 0x78, 0x83, 0x88, 0x61, 0x9d, 0x9f, 0x60, 0x4b, 0xca, 0x0e, 0xab, 0x0c, 0x91, 0x20, 0x09, 0x32, 0xcb, 0x9c, 0x66, 0xad, 0x4a, 0x3d, 0x71, 0xb9, 0xc6, 0x0c, 0x03 } } }; test_data_aes_mode_t test_data_ds = { .init_key = { 0xee, 0x89, 0x95, 0xda, 0x3c, 0x8a, 0x43, 0x83, 0xa9, 0x4b, 0x25, 0x5b, 0x04, 0x7e, 0xf1, 0x57, 0xb8, 0xe8, 0x06, 0x45, 0x87, 0x76, 0xee, 0x1b, 0x4e, 0x2e, 0x55, 0xa7, 0x1f, 0x25, 0xe1, 0x94 }, .k2_info = { 0x8f, 0x96, 0x33, 0x47, 0xe1, 0xa5, 0x57, 0xe9, 0x2a, 0x51, 0xa9, 0xbe, 0x48, 0x84, 0x25, 0x4e, 0x6f, 0x50, 0x1c, 0x45, 0xdb, 0xb6, 0xfa, 0xeb, 0x35, 0xd2, 0x27, 0x91, 0x3f, 0x67, 0x57, 0xd9, 0xcb, 0x55, 0xe4, 0x2b, 0x18, 0x16, 0xe7, 0xce, 0x6c, 0xf2, 0x58, 0x71, 0x17, 0x76, 0x2a, 0x86, 0x05, 0xe7, 0x37, 0x45, 0x71, 0x34, 0xca, 0xaf, 0x60, 0x07, 0xdf, 0xf4, 0xd2, 0xee, 0x3d, 0x4b }, - .k1_encrypted = { { 0xe0, 0xe8, 0x41, 0xe3, 0xd0, 0x92, 0x71, 0x84, 0x4b, 0x02, 0x1e, 0xec, 0x14, 0xdd, 0xaf, 0xf8, 0x39, 0xf9, 0x6a, 0x8d, 0x1b, 0xd7, 0x64, 0x3b, 0x7b, 0xa6, 0x05, 0x42, 0x01, 0xfb, 0xab, 0xe1 }, { } }, + .k1_encrypted = { { 0x37, 0xcf, 0x5b, 0x9e, 0x08, 0x26, 0x36, 0x31, 0xd7, 0x51, 0x3c, 0x33, 0x0d, 0x5d, 0x03, 0xad, 0x48, 0x6e, 0xbe, 0x82, 0xce, 0xa9, 0xc8, 0xd5, 0x98, 0x11, 0x24, 0xcc, 0x83, 0xf8, 0xf9, 0x53 }, { } }, .ds_test_data = { #if SOC_DS_SIGNATURE_MAX_BIT_LEN == 4096 - .ds_message = { 0x24, 0x9b, 0x52, 0x6f, 0xcd, 0xa0, 0x61, 0xab, 0xaa, 0x78, 0x7e, 0x3f, 0x4a, 0xd6, 0x0c, 0xd6, 0x54, 0xe7, 0xbc, 0x86, 0x07, 0xfc, 0xf5, 0x10, 0xfc, 0x81, 0x34, 0x70, 0x71, 0xcd, 0x07, 0x26, 0xa3, 0xec, 0x7c, 0x6d, 0xaa, 0xf9, 0x3b, 0x95, 0x50, 0xc8, 0x95, 0xee, 0x2a, 0x10, 0x81, 0x3b, 0xcb, 0x67, 0xdb, 0xe7, 0x17, 0x21, 0xe6, 0x9c, 0x2a, 0x3a, 0xb4, 0xa4, 0x68, 0x8d, 0x87, 0x62, 0x3d, 0xd4, 0x24, 0xdf, 0xeb, 0x35, 0x02, 0xf8, 0xd6, 0x46, 0x09, 0xc1, 0xaf, 0x0d, 0x39, 0x5f, 0x5f, 0x03, 0x5f, 0xd0, 0x4e, 0x3d, 0x29, 0x15, 0x53, 0x70, 0x6a, 0x57, 0x92, 0xfe, 0x21, 0x52, 0xae, 0xcf, 0x0e, 0xd9, 0xad, 0x66, 0xc3, 0x0f, 0x52, 0xe2, 0xd3, 0x52, 0x4d, 0xf7, 0x52, 0x3b, 0x43, 0x9e, 0x5e, 0xb7, 0xfa, 0x70, 0xc2, 0x9a, 0x53, 0xd7, 0x36, 0x4f, 0xa8, 0x80, 0xc1, 0xab, 0x62, 0xc8, 0x22, 0xef, 0x67, 0x78, 0x71, 0x74, 0x69, 0x09, 0xfd, 0x3e, 0x2c, 0x02, 0xd6, 0xeb, 0xc9, 0x15, 0x51, 0x5e, 0x9a, 0x14, 0x5c, 0x97, 0xcc, 0x4a, 0xc6, 0x6e, 0x1c, 0x57, 0xb7, 0x24, 0x6d, 0xe6, 0x39, 0x8f, 0x86, 0x37, 0x48, 0xf0, 0xd6, 0x46, 0x75, 0x13, 0x02, 0x46, 0x7d, 0x7a, 0x07, 0x1e, 0xf0, 0x69, 0x56, 0x93, 0xdc, 0x11, 0xb3, 0xd7, 0xbf, 0x55, 0x92, 0x64, 0x02, 0xf2, 0x26, 0x5d, 0x4f, 0x04, 0x45, 0xed, 0x59, 0x40, 0xf2, 0xa3, 0x3f, 0x50, 0x01, 0xc8, 0xea, 0xd1, 0x53, 0x96, 0xc6, 0x3c, 0x55, 0x67, 0x2e, 0x02, 0x28, 0xc0, 0xfd, 0xee, 0x19, 0x19, 0xa6, 0x37, 0xf3, 0x95, 0xeb, 0xd6, 0xd3, 0xbc, 0x4f, 0x8b, 0xa8, 0x3d, 0x7d, 0x35, 0xa5, 0x22, 0x23, 0x1a, 0x2c, 0x24, 0x8c, 0x90, 0x14, 0xfc, 0x4f, 0x2e, 0xc6, 0x03, 0x42, 0x33, 0x07, 0x7a, 0xec, 0xe8, 0xc3, 0x9c, 0x13, 0x7c, 0x56, 0x8c, 0xd0, 0x5a, 0x90, 0xe3, 0x40, 0x68, 0xeb, 0x9d, 0x91, 0x73, 0x85, 0xe3, 0x7d, 0xb3, 0xa9, 0x9a, 0x82, 0x1c, 0x0a, 0x50, 0x1f, 0x1a, 0xc6, 0x22, 0x88, 0x24, 0x04, 0x79, 0xfe, 0x3e, 0xce, 0x6f, 0xae, 0xa7, 0x8f, 0xb3, 0x3b, 0x05, 0xf1, 0xbb, 0x3b, 0xf1, 0x7b, 0x0a, 0x4f, 0x7e, 0x81, 0xea, 0xdf, 0x04, 0x27, 0x4b, 0x76, 0x4d, 0x52, 0x93, 0xd3, 0xa1, 0xc8, 0x6c, 0x42, 0xcb, 0x3f, 0xaf, 0xd2, 0x74, 0x5b, 0x75, 0x4e, 0xd2, 0x4f, 0x3a, 0x28, 0xf0, 0xe1, 0xfe, 0xac, 0xe1, 0xb9, 0x47, 0xc5, 0x27, 0x0f, 0xe6, 0xd8, 0x7b, 0x1d, 0x5c, 0x52, 0xf4, 0xf2, 0x3d, 0x98, 0x9a, 0x27, 0x3a, 0xac, 0x9e, 0xa4, 0x9c, 0xea, 0xfb, 0xf6, 0x95, 0xf0, 0xbf, 0x15, 0xc5, 0xa9, 0xf2, 0x74, 0x30, 0x5e, 0xff, 0x90, 0x71, 0x30, 0x6a, 0x6f, 0x92, 0xb9, 0x7c, 0x7b, 0xe4, 0x9b, 0xae, 0x2d, 0xb8, 0xdc, 0xe2, 0x4e, 0x7c, 0x5e, 0xc1, 0xc1, 0xb6, 0xf7, 0x48, 0x67, 0x06, 0x28, 0x84, 0xf1, 0xd2, 0x0b, 0x34, 0xff, 0xd6, 0x29, 0xc8, 0xce, 0x46, 0x8f, 0x4d, 0x8f, 0x26, 0x43, 0x0d, 0x65, 0xfa, 0xdc, 0x0e, 0x54, 0x60, 0x24, 0xae, 0x49, 0x64, 0x27, 0x73, 0x8e, 0x8d, 0x6a, 0xc2, 0x7a, 0xee, 0x09, 0xf8, 0xbb, 0xbb, 0x0b, 0x05, 0x36, 0xa5, 0xca, 0x87, 0x3c, 0x32, 0x69, 0xbc, 0x91, 0x0b, 0x53, 0xec, 0x7e, 0x5a, 0x68, 0x8a, 0xea, 0xa5, 0xd9, 0x2b, 0x7a, 0xbd, 0x66, 0x93, 0xa0, 0x0e, 0x30, 0x4c, 0xf7, 0x54, 0x4f, 0x7f, 0x63, 0x79, 0x53, 0xdc, 0xd0, 0xf0, 0x0a, 0x0c, 0xb2, 0x68, 0x3e, 0xab, 0xed, 0x60, 0x78, 0xbe, 0x59, 0xc4, 0x72, 0xcb, 0x35, 0xd6, 0x44, 0x44, 0xfd, 0x10, 0x47, 0xa2, 0x28, 0xed, 0xcd, 0x3b, 0x7e, 0xe9, 0x42, 0x37 }, - .ds_encrypted_input_params = { 0xb6, 0x7e, 0xce, 0xf8, 0x83, 0x31, 0x57, 0x71, 0x2c, 0x34, 0x27, 0xe9, 0x98, 0xc9, 0x9f, 0x07, 0x8d, 0xeb, 0x88, 0x1c, 0xd3, 0xed, 0x6f, 0x32, 0x40, 0xd2, 0x94, 0x7a, 0x52, 0x30, 0x78, 0x55, 0x72, 0xcb, 0x9a, 0x67, 0x6c, 0x68, 0x0b, 0x9e, 0x09, 0x8e, 0x52, 0x5b, 0x6c, 0x6a, 0xc8, 0xcb, 0x44, 0xa9, 0x0d, 0x42, 0xff, 0xcc, 0x0f, 0x70, 0x95, 0x73, 0x35, 0x4b, 0x1a, 0xef, 0xf7, 0x6f, 0x23, 0x6e, 0x7a, 0xd2, 0xdd, 0xa1, 0xdb, 0x20, 0xe7, 0x50, 0x5a, 0x1a, 0x3c, 0xa8, 0xa7, 0xa6, 0x41, 0x92, 0x8e, 0x90, 0x49, 0x11, 0x90, 0x83, 0x7b, 0x03, 0x1b, 0x9a, 0x32, 0xf4, 0x63, 0x10, 0x04, 0x61, 0xf3, 0x91, 0x8c, 0xbd, 0xed, 0x9e, 0x36, 0x90, 0x7d, 0x0a, 0xbb, 0xd2, 0xbe, 0x9b, 0xcb, 0x8f, 0x7c, 0x7a, 0xb7, 0x98, 0xaf, 0x19, 0x4f, 0x83, 0x26, 0xcc, 0x46, 0x56, 0x8a, 0x77, 0x03, 0x0e, 0x40, 0x7e, 0x17, 0x9e, 0xf8, 0x5e, 0xdc, 0x53, 0x27, 0x66, 0x33, 0x90, 0x9c, 0x1c, 0xfc, 0x85, 0xa1, 0xc3, 0x2a, 0x4d, 0xc0, 0xe0, 0xb5, 0xd8, 0x3f, 0x81, 0x64, 0x33, 0x68, 0x16, 0x48, 0xc8, 0x48, 0xc1, 0x6b, 0xbd, 0x1f, 0xe3, 0x57, 0xe2, 0x5c, 0xf7, 0x0f, 0x66, 0x9c, 0x90, 0xe6, 0x06, 0x09, 0x79, 0xe5, 0x04, 0x0d, 0x8d, 0x81, 0x76, 0x71, 0xc4, 0x5d, 0xae, 0x55, 0x03, 0x91, 0x3a, 0x1c, 0xe6, 0x4f, 0x92, 0x48, 0xbe, 0x20, 0xc2, 0x2c, 0xb4, 0x4e, 0xee, 0x89, 0xf5, 0xa0, 0x93, 0xa2, 0x09, 0x81, 0x1d, 0xa5, 0xf5, 0xac, 0xc8, 0xf0, 0x8c, 0xf3, 0x04, 0xca, 0x98, 0x4d, 0xc5, 0x20, 0xdf, 0x0e, 0x10, 0x9b, 0x62, 0x22, 0x36, 0xef, 0x71, 0x83, 0xb6, 0x23, 0xf9, 0xd4, 0x71, 0x2a, 0x03, 0xce, 0x8c, 0x65, 0x15, 0x58, 0x04, 0xa6, 0x11, 0xa1, 0xcb, 0x5b, 0x2c, 0xcf, 0xe1, 0xd2, 0x06, 0x86, 0xd2, 0x07, 0xcd, 0xd7, 0xcc, 0xd8, 0xb8, 0xb5, 0x3e, 0xe3, 0x19, 0x56, 0xa3, 0xf5, 0x9e, 0x8b, 0x85, 0x21, 0x38, 0x6b, 0xea, 0xec, 0xf2, 0x57, 0xf6, 0x2f, 0x0f, 0x79, 0x5e, 0xcd, 0xad, 0xa9, 0x42, 0xb3, 0x75, 0x2f, 0xc6, 0xf5, 0x6a, 0xf6, 0x62, 0x1a, 0x7c, 0xbb, 0x83, 0x80, 0xdb, 0x1d, 0x30, 0x37, 0x07, 0x5a, 0x1b, 0x92, 0x5b, 0x4a, 0xc8, 0x0c, 0x2f, 0xd5, 0x97, 0xd6, 0x35, 0x5f, 0xb8, 0xae, 0x9c, 0x5c, 0x80, 0x57, 0xad, 0xd3, 0x4b, 0x5b, 0xe3, 0x45, 0x47, 0x9a, 0x59, 0x07, 0xff, 0xaa, 0x9d, 0x43, 0x57, 0xaf, 0x42, 0xbd, 0x7d, 0x76, 0x74, 0x7a, 0xdf, 0x81, 0xfd, 0x5e, 0xab, 0x72, 0xfe, 0xed, 0xd3, 0x44, 0xe1, 0x69, 0x0d, 0xc1, 0x33, 0xc7, 0xda, 0x9d, 0xd8, 0xfe, 0x82, 0x1d, 0x72, 0xba, 0xd8, 0x79, 0x2e, 0x10, 0x4e, 0x7d, 0x64, 0x13, 0xac, 0x3e, 0x6c, 0xb2, 0x9c, 0x29, 0xae, 0x0b, 0x38, 0x1b, 0x02, 0x79, 0xb8, 0xad, 0x23, 0x8a, 0xc9, 0x8c, 0xbd, 0xaf, 0xc2, 0x86, 0x76, 0x3a, 0x86, 0xbd, 0x6e, 0x1e, 0xd9, 0x87, 0x00, 0x94, 0x9c, 0x03, 0x10, 0x9f, 0x51, 0x9b, 0x11, 0x4b, 0x6a, 0x25, 0x2e, 0xac, 0x5e, 0x74, 0x7e, 0xf3, 0xe2, 0x11, 0x12, 0x90, 0x40, 0xc0, 0x9e, 0xe8, 0x0a, 0x3d, 0x17, 0xea, 0x6a, 0x27, 0xe7, 0x99, 0xaa, 0xe5, 0x1c, 0x61, 0x31, 0xc3, 0xe9, 0x01, 0xac, 0x67, 0xe5, 0x9b, 0xec, 0xd2, 0x0c, 0x5d, 0x12, 0xfc, 0xa9, 0x1d, 0x7c, 0xcf, 0x68, 0xfb, 0x80, 0x66, 0xf0, 0x34, 0xe3, 0xdf, 0x3d, 0xdc, 0xd0, 0x91, 0xd8, 0x1f, 0xeb, 0x0c, 0x50, 0xdd, 0x37, 0xea, 0x4f, 0x3a, 0x29, 0x21, 0x0c, 0xb1, 0xea, 0x09, 0xdd, 0x23, 0xbd, 0x32, 0xcc, 0x93, 0xe2, 0x83, 0xe4, 0xc9, 0xd3, 0x16, 0x90, 0x91, 0x81, 0x3f, 0x0d, 0x8e, 0x95, 0x6b, 0x49, 0x00, 0x76, 0x0c, 0x95, 0x6b, 0x97, 0x89, 0x03, 0x1f, 0xa4, 0x14, 0x3c, 0xe3, 0xb4, 0x6f, 0x79, 0x5b, 0x31, 0x02, 0x11, 0xe7, 0x91, 0xe4, 0x9b, 0x4e, 0x5d, 0x7b, 0x2f, 0x9d, 0xb0, 0xa4, 0x08, 0x07, 0x79, 0x0b, 0xa7, 0x10, 0x6a, 0xf3, 0x27, 0x4d, 0xb7, 0xca, 0x76, 0x16, 0xcc, 0x91, 0xa6, 0x86, 0xcf, 0xbe, 0xbf, 0xb4, 0x15, 0x35, 0x61, 0x0a, 0x55, 0x0f, 0xd9, 0x0e, 0x5e, 0xb9, 0x8a, 0xe7, 0xbb, 0x36, 0xf5, 0xea, 0x31, 0xdc, 0x5a, 0xae, 0x9a, 0x5e, 0xa0, 0xd2, 0xfd, 0xdb, 0xcb, 0x51, 0x3c, 0xb1, 0x48, 0xee, 0xa5, 0xeb, 0xb1, 0x84, 0x62, 0x56, 0x75, 0x56, 0x79, 0xdd, 0xf9, 0xa8, 0x26, 0x72, 0x74, 0x5b, 0xad, 0x1f, 0xcf, 0x01, 0x94, 0x5c, 0xf7, 0xd3, 0x2d, 0x60, 0xa4, 0x23, 0x8a, 0x1f, 0x97, 0x2c, 0xe6, 0x13, 0x8c, 0x61, 0x6b, 0x9c, 0xba, 0x02, 0x3d, 0x25, 0xf5, 0x86, 0x44, 0xcd, 0xee, 0x56, 0x10, 0x32, 0xbb, 0xee, 0xf2, 0x3b, 0x2b, 0x4e, 0xa2, 0x1e, 0xb1, 0x8b, 0x00, 0x14, 0x21, 0xbb, 0x57, 0x38, 0xf4, 0x49, 0x42, 0x27, 0x0e, 0x82, 0xd0, 0x9d, 0xcd, 0x53, 0x72, 0x25, 0xa1, 0x6e, 0xe9, 0xfd, 0xd8, 0xaf, 0x3b, 0xc5, 0x69, 0x1e, 0x58, 0x2f, 0x1f, 0x2b, 0x77, 0xa1, 0x46, 0x03, 0x35, 0x6e, 0x38, 0x0e, 0x9e, 0xa6, 0x22, 0x80, 0x69, 0x05, 0x2b, 0x8c, 0x8e, 0x7a, 0x64, 0x02, 0xe6, 0x4f, 0x71, 0x85, 0x89, 0xc6, 0xf5, 0xe4, 0xd2, 0xe8, 0xd0, 0x0b, 0x1e, 0xc3, 0x5b, 0x92, 0xd8, 0xe1, 0x1f, 0xd5, 0x95, 0xee, 0x24, 0x01, 0x33, 0xa1, 0x39, 0x76, 0x44, 0xd8, 0xba, 0xd4, 0x79, 0x08, 0xae, 0x2a, 0xcf, 0xb5, 0xe3, 0x4a, 0x86, 0x2d, 0x38, 0x64, 0xff, 0x9e, 0x26, 0xec, 0x20, 0x37, 0xe9, 0xd5, 0x0a, 0xa2, 0x3a, 0x3d, 0x75, 0xd9, 0xf7, 0x66, 0x6b, 0x6d, 0x63, 0x53, 0x16, 0x88, 0x37, 0xad, 0xa0, 0x2e, 0x77, 0xc2, 0x2e, 0x43, 0x1a, 0xf9, 0x55, 0xc8, 0x74, 0xa7, 0xb4, 0xe9, 0x24, 0x2f, 0xa5, 0xb8, 0x1e, 0x1b, 0x58, 0x5d, 0x44, 0x2f, 0x58, 0x59, 0x00, 0x34, 0xe3, 0xf5, 0xa9, 0x12, 0x06, 0x20, 0x5c, 0x59, 0x7b, 0x29, 0x3c, 0x8b, 0x4b, 0x0e, 0xc3, 0x6b, 0x43, 0x55, 0x04, 0x08, 0x65, 0x1a, 0x9a, 0x42, 0xf4, 0xd1, 0xbc, 0x1e, 0x10, 0x96, 0x79, 0x6f, 0xaa, 0x29, 0x8e, 0x3d, 0xce, 0x09, 0x94, 0xff, 0xdd, 0x8a, 0x49, 0x73, 0xde, 0x49, 0xb9, 0xb7, 0x44, 0x9a, 0xd1, 0xcf, 0xc3, 0xd7, 0xb4, 0x71, 0x97, 0xa0, 0x9f, 0x73, 0x62, 0xbb, 0x0a, 0x59, 0x63, 0x64, 0x73, 0x3a, 0x62, 0x5f, 0xae, 0x4b, 0xac, 0xe2, 0x0d, 0x30, 0xa5, 0x2a, 0x65, 0x04, 0x13, 0x17, 0xbb, 0x4f, 0x72, 0xaf, 0xce, 0x5a, 0x28, 0x69, 0xfa, 0x60, 0xe0, 0xc5, 0xc4, 0x65, 0x5d, 0x48, 0xd1, 0x1c, 0x91, 0xd1, 0x59, 0xf4, 0xde, 0x79, 0x2a, 0xf1, 0xd5, 0x60, 0x12, 0xd2, 0x84, 0xc8, 0x0e, 0x0d, 0xa9, 0x78, 0x3b, 0xfb, 0xff, 0x1d, 0xdd, 0xd9, 0x9b, 0xac, 0xa0, 0x8c, 0x76, 0x96, 0xe5, 0x10, 0xfb, 0xfe, 0xab, 0x14, 0xbd, 0x66, 0xa4, 0xa2, 0xe2, 0xe9, 0x6c, 0xf5, 0x6e, 0xba, 0x3a, 0x7a, 0x8a, 0x97, 0x65, 0x9b, 0xdb, 0x92, 0xff, 0xea, 0xd7, 0xa6, 0xeb, 0x48, 0x89, 0x2a, 0x21, 0x83, 0xb8, 0xa2, 0xf3, 0xd9, 0xae, 0xa0, 0x7d, 0xd2, 0x2a, 0xde, 0xaa, 0xaf, 0x8b, 0x30, 0xfd, 0x0c, 0xc0, 0xcb, 0x69, 0x3d, 0x55, 0xe0, 0x9a, 0x57, 0xd3, 0x6d, 0x60, 0xf9, 0xc9, 0x98, 0x30, 0x57, 0x6a, 0x22, 0xaf, 0x72, 0xc1, 0x29, 0xcc, 0xdb, 0x81, 0xe7, 0xe1, 0xdc, 0xca, 0xfe, 0xea, 0xa9, 0xc4, 0x48, 0x64, 0x16, 0x91, 0xba, 0xb7, 0x0b, 0x76, 0xd9, 0x9f, 0xed, 0x19, 0xfb, 0x70, 0x6e, 0xc9, 0xb0, 0xe5, 0x24, 0x1d, 0x99, 0x1c, 0xd3, 0x23, 0x6f, 0x11, 0x4e, 0xac, 0x11, 0xb0, 0xfc, 0x3c, 0x3b, 0xc7, 0xb7, 0xc7, 0x1a, 0xdf, 0x56, 0xe3, 0xd0, 0x4c, 0x2a, 0xde, 0xa4, 0x70, 0xa1, 0xb8, 0xbf, 0x81, 0xab, 0x7b, 0x10, 0x3f, 0xe9, 0x7d, 0xf1, 0x82, 0xcc, 0x4e, 0xcf, 0x00, 0x79, 0x69, 0xdb, 0x99, 0xdf, 0x15, 0xee, 0x1e, 0xbd, 0x28, 0x34, 0xfc, 0xc5, 0x1f, 0xea, 0xf0, 0xca, 0x9f, 0x73, 0x60, 0x5d, 0xe3, 0x03, 0x2f, 0x24, 0xb5, 0x18, 0xcb, 0x35, 0x14, 0x88, 0x87, 0xa0, 0xef, 0x63, 0x43, 0xbc, 0x24, 0x2b, 0x67, 0x8e, 0xc6, 0x4a, 0x92, 0xcf, 0xd9, 0xd3, 0xb8, 0xfb, 0x74, 0xc2, 0x4c, 0xb1, 0x00, 0x5d, 0xa5, 0x23, 0x59, 0xf7, 0xfe, 0x8e, 0x25, 0x07, 0x7f, 0xf8, 0xfd, 0x29, 0x4a, 0x93, 0x80, 0x63, 0x0d, 0xd3, 0x56, 0xff, 0x61, 0x74, 0x1e, 0x19, 0x8f, 0x15, 0x34, 0xd0, 0x53, 0xbf, 0x30, 0xae, 0x86, 0x46, 0x56, 0xfc, 0x73, 0x80, 0x57, 0xe4, 0x11, 0x59, 0x2d, 0xd4, 0x0a, 0xfe, 0x16, 0x22, 0x23, 0xe2, 0xec, 0x15, 0x15, 0xc4, 0xb8, 0xe2, 0xd0, 0x45, 0xa9, 0xce, 0xb4, 0x48, 0x54, 0x79, 0x73, 0x6d, 0x1b, 0x49, 0x32, 0x5b, 0xe3, 0x23, 0x78, 0xf4, 0xa6, 0xe2, 0xd4, 0xc4, 0x43, 0xeb, 0xd4, 0x1b, 0x9f, 0xdb, 0xb6, 0xdb, 0x7a, 0x54, 0x83, 0x99, 0xb9, 0x7c, 0x24, 0x0e, 0x08, 0xbc, 0x27, 0x65, 0x15, 0x24, 0xc5, 0x8b, 0x35, 0xe7, 0x9a, 0x24, 0x62, 0x88, 0x2b, 0x13, 0xe5, 0xc9, 0x5a, 0x14, 0xe8, 0xde, 0xa0, 0x17, 0xb2, 0x1d, 0xcb, 0xb5, 0xb0, 0xc6, 0xcd, 0x89, 0x89, 0xe7, 0x2a, 0x8a, 0x8f, 0x9e, 0x1c, 0xc5, 0x6c, 0xf4, 0xc5, 0x9b, 0xad, 0x39, 0xe1, 0xef, 0xb5, 0x9a, 0xc8, 0x67, 0x33, 0x45, 0xae, 0x44, 0xca, 0x12, 0x2c, 0x8b, 0x6f, 0x16, 0x30, 0x0b, 0xbc, 0x3b, 0x5b, 0x7c, 0xd0, 0x79, 0x31, 0xf6, 0xd9, 0x56, 0x8b, 0xe7, 0xc0, 0x8b, 0x26, 0x46, 0x0d, 0xe8, 0xa9, 0x99, 0x6a, 0xf6, 0x84, 0x89, 0xb9, 0x40, 0xbb, 0xd5, 0x97, 0xd8, 0x3c, 0x3d, 0xcf, 0xd1, 0xf2, 0xa5, 0xf6, 0xda, 0x50, 0x76, 0xe4, 0x28, 0xe4, 0x9f, 0x75, 0x67, 0x9f, 0xa2, 0x9b, 0x56, 0xf8, 0xd8, 0xbc, 0x25, 0x30, 0x57, 0x13, 0xa8, 0x33, 0xcf, 0x0a, 0xb9, 0xba, 0x22, 0x12, 0xac, 0xe0, 0xf1, 0xfb, 0x89, 0xe8, 0x50, 0x5b, 0x9b, 0xb9, 0x06, 0xf4, 0x8b, 0x63, 0xf5, 0x58, 0xd0, 0x12, 0x8b, 0xc1, 0xe5, 0x5e, 0xa9, 0x02, 0x36, 0x78, 0x33, 0xea, 0x91, 0x7d, 0xac, 0x67, 0x0b, 0x98, 0xa5, 0x24, 0xe7, 0xe3, 0xb2, 0xd9, 0xa0, 0xcc, 0x7b, 0xa5, 0x90, 0x6f, 0x36, 0xf4, 0xc1, 0x85, 0x13, 0x57, 0x31, 0xb4, 0x36, 0x44, 0x91, 0x7e, 0x50, 0xb7, 0x5a, 0x30, 0x33, 0xf2, 0xf3, 0x4f, 0x5d, 0x7f, 0x15, 0xad, 0x9c, 0xd5, 0x40, 0x35, 0x4c, 0x0b, 0x7c, 0xc2, 0x9e, 0xd7, 0xfb, 0xa8, 0xd0, 0xb3, 0x39, 0x3e, 0x02, 0xb8, 0x4c, 0x1d, 0x60, 0xfd, 0x45, 0xef, 0x5b, 0x45, 0xef, 0xc1, 0x0b, 0xea, 0xd3, 0xa0, 0x61, 0x9e, 0xab, 0x68, 0xc9, 0xa6, 0x88, 0x87, 0x50, 0xd0, 0xdf, 0x77, 0x93, 0x7d, 0x42, 0xcc, 0x3e, 0xb5, 0xb8, 0xf9, 0xe0, 0x6e, 0xee, 0x69, 0xf5, 0x7f, 0xb7, 0x28, 0x23, 0x0b, 0x0c, 0xc5, 0x7f, 0x42, 0xbe, 0x25, 0x57, 0x7c, 0x47, 0x0a, 0xc0, 0x51, 0xf0, 0xf8, 0x90, 0xea, 0x41, 0x71, 0x70, 0xb0, 0xd2, 0xd3, 0xca, 0x2d, 0x0b, 0xf4, 0xae, 0x0d, 0x65, 0x7f, 0x89, 0x0e, 0x30, 0x2f, 0x6a, 0x21, 0xcc, 0x9d, 0x6e, 0x2e, 0xa6, 0xe2, 0xda, 0xd0, 0xbf, 0xbd, 0xcb, 0x53, 0x98, 0xa1, 0xaa, 0xfe, 0xe0, 0x8b, 0xb5, 0x50, 0xdb, 0x89, 0xa3, 0xfe, 0x02, 0x32, 0x35, 0x7b, 0xb7, 0x5e, 0x3c, 0x3b, 0x2c, 0x71, 0xe2, 0x00, 0x31, 0x84, 0x59, 0xd2, 0x30, 0x27, 0xa4, 0xe4, 0x36, 0xc1, 0x36, 0x4c, 0x38, 0x16 }, + .ds_message = { 0x29, 0x35, 0xb7, 0x0d, 0x63, 0x95, 0xaf, 0x34, 0xc3, 0xc1, 0xe5, 0x21, 0xb8, 0x74, 0xb8, 0x38, 0x95, 0xe9, 0x10, 0xf6, 0x81, 0x7e, 0xf8, 0x65, 0x05, 0x59, 0x7f, 0x2b, 0xda, 0x85, 0xa9, 0xaa, 0xa6, 0xcf, 0xf7, 0xdf, 0xa7, 0x16, 0x08, 0x48, 0x02, 0x5c, 0x2b, 0x1c, 0xed, 0x92, 0xb6, 0x0c, 0xac, 0xd2, 0x7f, 0x70, 0x50, 0x1e, 0x5b, 0x4a, 0x32, 0xec, 0x19, 0xe8, 0xa3, 0x88, 0xca, 0x36, 0x83, 0x24, 0xe4, 0x5d, 0x1a, 0xf6, 0x38, 0x11, 0xdb, 0xcb, 0xab, 0x3e, 0x2b, 0xcb, 0x76, 0x6a, 0x88, 0x3c, 0xf8, 0x11, 0x8f, 0xfd, 0x85, 0x82, 0xbf, 0xad, 0xc0, 0x47, 0x5a, 0xcd, 0xaf, 0x3b, 0x77, 0xf0, 0x53, 0x89, 0xe9, 0xfe, 0x0a, 0x76, 0x93, 0xf9, 0xf3, 0xf5, 0x5f, 0x16, 0x12, 0x07, 0x53, 0x15, 0x31, 0x03, 0xb9, 0x16, 0x62, 0x88, 0x6c, 0x2e, 0x41, 0x10, 0x88, 0x63, 0xb9, 0x77, 0xa5, 0xc2, 0xa1, 0xb8, 0x90, 0x8c, 0x3d, 0x74, 0x14, 0xb1, 0xf3, 0xde, 0x4b, 0x90, 0xd4, 0xb0, 0x95, 0xd9, 0xc0, 0x3d, 0x61, 0x1e, 0x03, 0xf7, 0x79, 0x9f, 0x98, 0x44, 0x4b, 0x13, 0xf5, 0xb1, 0x57, 0xfd, 0x76, 0xde, 0x30, 0x0e, 0x16, 0xf0, 0xb0, 0x7b, 0xa9, 0x5e, 0x0d, 0xf8, 0xf8, 0x39, 0xea, 0xe4, 0x72, 0x9b, 0xb7, 0xb9, 0xa6, 0xb2, 0x97, 0xd8, 0x2e, 0xf2, 0xf3, 0x18, 0xc3, 0x35, 0xd1, 0x69, 0x9b, 0x07, 0x4e, 0x37, 0xcd, 0xb5, 0xae, 0x8e, 0x7c, 0x3e, 0xaf, 0xfa, 0x29, 0x7f, 0x2b, 0x7c, 0x85, 0x57, 0x0f, 0x45, 0x49, 0xd8, 0x76, 0x2a, 0x7f, 0xc4, 0xf0, 0x3b, 0xca, 0x38, 0x90, 0x7d, 0x99, 0x7b, 0x0c, 0xf1, 0x07, 0x98, 0x0b, 0x00, 0x86, 0xbb, 0xa0, 0x55, 0x2b, 0xd0, 0x84, 0x56, 0x05, 0x05, 0x30, 0x61, 0xa5, 0xe5, 0xca, 0x6d, 0xb4, 0x43, 0x7c, 0x61, 0x4f, 0x84, 0xe1, 0xed, 0xd9, 0xdc, 0xf8, 0x17, 0xf4, 0x11, 0xd2, 0xa1, 0x85, 0xde, 0x00, 0x5e, 0x29, 0x2b, 0x64, 0xcb, 0x88, 0x2f, 0xc8, 0x13, 0x2d, 0xfb, 0xd6, 0xc7, 0x49, 0xc8, 0xf7, 0x41, 0x56, 0x20, 0xd9, 0x8c, 0xb4, 0xb8, 0xba, 0x82, 0xe9, 0xe7, 0xa5, 0x73, 0xec, 0xc5, 0xaa, 0x47, 0x47, 0x07, 0xf0, 0x34, 0x27, 0x4b, 0x3d, 0x6c, 0x79, 0x57, 0x52, 0x4c, 0xdd, 0x39, 0xb1, 0x57, 0x38, 0xd8, 0x5e, 0x89, 0x96, 0x2b, 0x38, 0xd9, 0x2d, 0x88, 0x88, 0x7d, 0xb3, 0x6e, 0xde, 0x80, 0x05, 0xd5, 0xc4, 0xeb, 0x7b, 0xcd, 0x36, 0xbf, 0xa4, 0xd6, 0xaa, 0x63, 0x61, 0xbc, 0xa8, 0x78, 0xd1, 0xb3, 0xbb, 0x30, 0x96, 0x73, 0xf1, 0x47, 0xcb, 0x77, 0xa4, 0x45, 0x04, 0x57, 0x6b, 0x4b, 0x3d, 0x7f, 0xd4, 0x84, 0xac, 0x5e, 0x3a, 0xf2, 0xa4, 0x89, 0x07, 0x52, 0x3b, 0xed, 0xcd, 0x08, 0xd8, 0xb9, 0xff, 0x3e, 0x72, 0xf3, 0x4e, 0xbd, 0x59, 0x97, 0x22, 0x8e, 0x58, 0xc3, 0x2c, 0x66, 0x97, 0x79, 0x53, 0x20, 0x9e, 0x7b, 0x20, 0xf9, 0xde, 0xad, 0x21, 0x65, 0x0a, 0x4f, 0x61, 0xea, 0x13, 0xa9, 0x95, 0x89, 0xd2, 0xbb, 0x8d, 0x1e, 0x3c, 0x01, 0x41, 0x51, 0xb3, 0xe7, 0xd5, 0xa3, 0xdd, 0x78, 0x29, 0x5d, 0xe9, 0x2f, 0x2c, 0x1e, 0xf7, 0x74, 0x6c, 0x6e, 0x66, 0x44, 0xb7, 0xd3, 0x8e, 0x09, 0x27, 0xf6, 0x7f, 0x1a, 0xd4, 0x2b, 0xc2, 0x57, 0xcc, 0xb3, 0x5e, 0x22, 0xc1, 0x82, 0x5d, 0xcc, 0x66, 0xc8, 0xb2, 0x86, 0x42, 0x83, 0xc4, 0xe7, 0xea, 0x70, 0x48, 0x20, 0x2a, 0x33, 0x54, 0xda, 0x46, 0x15, 0x64, 0x4b, 0x72, 0x97, 0x1a, 0x83, 0xe9, 0x6a, 0x65, 0x7a, 0xe0, 0xec, 0x0a, 0xe1, 0xbc, 0xe2, 0x0b, 0x1a, 0x1c, 0x39, 0x31, 0x15, 0x2b, 0xbf, 0xf8, 0x64, 0x00, 0x69, 0x1b, 0xa4 }, + .ds_encrypted_input_params = { 0x8b, 0x5a, 0x3f, 0x8b, 0xf0, 0x8a, 0x45, 0x00, 0x4e, 0x13, 0x97, 0x3b, 0x24, 0x50, 0x00, 0x11, 0x92, 0xfe, 0xb5, 0x51, 0xfa, 0x75, 0xbc, 0x95, 0xbf, 0x90, 0xad, 0xf1, 0x08, 0x1c, 0x44, 0xa6, 0xae, 0x7b, 0x51, 0x2e, 0x88, 0x59, 0xb3, 0xb4, 0x41, 0x9f, 0x3d, 0x01, 0x5d, 0x82, 0xe9, 0xcc, 0x94, 0x87, 0x2d, 0x17, 0x6b, 0x8f, 0x04, 0xc1, 0x93, 0xa1, 0x93, 0x8e, 0x73, 0xe6, 0x08, 0xeb, 0x9b, 0x9f, 0x24, 0x87, 0x27, 0x9b, 0xb8, 0x27, 0x30, 0xeb, 0x3a, 0x8f, 0x3c, 0x97, 0xce, 0x34, 0xa6, 0xa7, 0xdd, 0xa3, 0x66, 0x25, 0xf8, 0x39, 0x0a, 0xb9, 0xb6, 0x49, 0x62, 0x2d, 0x3e, 0xe5, 0xe4, 0x8e, 0x35, 0xbf, 0xf8, 0x8b, 0xb3, 0xc1, 0xa8, 0xc8, 0x48, 0x60, 0x9d, 0x1f, 0xd2, 0x0e, 0x91, 0xbc, 0xb6, 0xae, 0xff, 0x8b, 0xd9, 0x99, 0xcb, 0x05, 0x3e, 0xdb, 0x36, 0x36, 0xe1, 0x36, 0xf4, 0x89, 0x03, 0xb9, 0xf9, 0xbc, 0xe9, 0x36, 0x29, 0x68, 0x22, 0x4f, 0x2f, 0x9e, 0x6e, 0x8f, 0xe1, 0xb0, 0x0a, 0xcf, 0xc9, 0xab, 0x00, 0x1c, 0x75, 0xaa, 0x8b, 0x4d, 0xf0, 0x07, 0x30, 0xf7, 0xea, 0x40, 0x7b, 0xee, 0x82, 0xd3, 0xab, 0xe1, 0x29, 0xc4, 0x17, 0x7e, 0x9c, 0x85, 0xe9, 0x49, 0xa9, 0x6d, 0xaa, 0xdb, 0xb3, 0x27, 0xd4, 0x76, 0x62, 0x02, 0x5e, 0x63, 0x43, 0x12, 0x04, 0xb5, 0x12, 0x9e, 0x6f, 0xb5, 0xab, 0x8f, 0x53, 0x5a, 0xf3, 0xc0, 0x03, 0x09, 0xc0, 0x53, 0xc4, 0x8a, 0xb0, 0x9b, 0xfb, 0xf3, 0x0d, 0xe8, 0x08, 0x8a, 0x09, 0xcf, 0x09, 0x55, 0xd5, 0xce, 0x8b, 0x2c, 0x3c, 0xed, 0x46, 0x82, 0xaa, 0x30, 0xe9, 0x06, 0xa1, 0xfc, 0x14, 0xf8, 0x98, 0x76, 0x6a, 0x56, 0x57, 0xa1, 0x1a, 0x79, 0x14, 0x6b, 0x2c, 0xca, 0x67, 0xda, 0x5b, 0x19, 0x01, 0xd8, 0x77, 0x32, 0x73, 0x74, 0x1d, 0xa1, 0x5a, 0x90, 0xc3, 0x6a, 0xcc, 0xf7, 0x87, 0x7d, 0x5c, 0x76, 0x7b, 0xae, 0x06, 0x27, 0x55, 0x9a, 0xa4, 0x09, 0xf0, 0x5a, 0x51, 0x20, 0xcf, 0x67, 0x75, 0x55, 0xfc, 0x83, 0x4c, 0x02, 0x64, 0x12, 0x16, 0xc4, 0x54, 0x46, 0x8b, 0x37, 0x29, 0x55, 0x68, 0xa0, 0xd2, 0xd7, 0x31, 0x42, 0x2b, 0x16, 0xf2, 0x54, 0x56, 0x78, 0x5a, 0xde, 0x20, 0xc0, 0xd0, 0x89, 0x53, 0xf1, 0x9e, 0xaa, 0x1c, 0x6f, 0xca, 0xf9, 0xee, 0x28, 0xf0, 0x2d, 0xfc, 0x40, 0x90, 0x4d, 0x8b, 0xf9, 0xec, 0xb3, 0x5f, 0x8a, 0x16, 0xc6, 0xc3, 0xce, 0x73, 0xc5, 0xde, 0x47, 0x93, 0xca, 0xa6, 0x15, 0xf1, 0x06, 0xb0, 0xfe, 0xed, 0x2b, 0xea, 0x2f, 0x33, 0xd5, 0x7c, 0x4a, 0x20, 0x3c, 0xfe, 0x09, 0x54, 0x5a, 0xcc, 0x9d, 0x31, 0x61, 0xa5, 0x1b, 0x28, 0xa2, 0x46, 0xd5, 0xcf, 0xab, 0x37, 0x0e, 0x25, 0x4d, 0x04, 0xd2, 0x96, 0x5a, 0x44, 0xc0, 0xcb, 0x7b, 0x67, 0xd3, 0x78, 0x2d, 0x72, 0xc8, 0x9d, 0x1e, 0xf9, 0xe1, 0x46, 0x83, 0x9b, 0x9e, 0xa1, 0x40, 0x6e, 0x5e, 0x61, 0x66, 0x21, 0x86, 0x40, 0x5d, 0x72, 0xca, 0x90, 0xd9, 0xcd, 0x57, 0x9c, 0x13, 0x42, 0x76, 0x38, 0xc9, 0x9b, 0x58, 0x8b, 0x3b, 0x15, 0x49, 0xfc, 0x67, 0x18, 0x93, 0x00, 0xb4, 0xc6, 0x22, 0x13, 0x08, 0x4e, 0x53, 0x50, 0x34, 0x6d, 0x88, 0x50, 0x24, 0x53, 0x24, 0x7c, 0x0d, 0x5a, 0x05, 0xcd, 0x3f, 0x5c, 0x15, 0x9a, 0xdb, 0x66, 0x03, 0x3e, 0xf0, 0x4d, 0x2d, 0x6f, 0x38, 0xc9, 0xef, 0xf5, 0xcb, 0xaf, 0x98, 0x38, 0x55, 0xc3, 0xbd, 0x60, 0xdb, 0x9b, 0xc8, 0x06, 0x87, 0xd0, 0xe2, 0x7b, 0x6c, 0x39, 0x9e, 0x65, 0xaa, 0xff, 0x70, 0xe5, 0xaa, 0x50, 0x24, 0xe4, 0x61, 0x42, 0xc8, 0x62, 0x90, 0xc2, 0x37, 0xae, 0x29, 0x8d, 0xd3, 0xbd, 0xb5, 0x14, 0x5d, 0xd6, 0x84, 0xc3, 0xa6, 0xfa, 0x5c, 0xc3, 0x1b, 0xe5, 0xae, 0x76, 0x91, 0x0b, 0xcc, 0x44, 0x42, 0x3b, 0x3f, 0x49, 0x75, 0xe0, 0x66, 0xb1, 0x1a, 0x42, 0x34, 0xf4, 0x6c, 0x3e, 0x67, 0x5e, 0x4f, 0x5e, 0x68, 0x4a, 0xa9, 0xd7, 0x28, 0x16, 0xf9, 0xb6, 0xad, 0x1e, 0x2a, 0x0a, 0xe7, 0x6c, 0xee, 0x97, 0x83, 0xfa, 0x64, 0xf0, 0xab, 0x02, 0x72, 0xd4, 0xbb, 0xe4, 0xe5, 0xd3, 0xd7, 0x67, 0xe0, 0xd2, 0x7c, 0xaa, 0x15, 0x42, 0x64, 0x13, 0x33, 0x98, 0x63, 0x7a, 0x3a, 0xd6, 0x99, 0xe6, 0x96, 0x81, 0x44, 0x87, 0x2b, 0x1f, 0xd1, 0x4e, 0xd1, 0xde, 0xa7, 0x9b, 0x3b, 0x0d, 0xaf, 0x41, 0xee, 0x40, 0xc5, 0x9e, 0xd4, 0x62, 0xd6, 0x72, 0x59, 0xc2, 0xd7, 0xb9, 0x55, 0x96, 0x26, 0xde, 0xc2, 0x82, 0xa3, 0x8c, 0xcc, 0xfa, 0xd8, 0x49, 0x57, 0x32, 0x11, 0x95, 0xf2, 0xba, 0xdb, 0x67, 0xd0, 0xb0, 0x66, 0xda, 0x89, 0x23, 0xff, 0x79, 0x16, 0xc1, 0xee, 0xd9, 0xeb, 0xea, 0x10, 0x8e, 0xf1, 0x77, 0x6c, 0x11, 0x7a, 0x83, 0xfd, 0xa5, 0x29, 0x67, 0x72, 0x28, 0x66, 0x24, 0x5d, 0x4d, 0xc1, 0x85, 0x8d, 0x06, 0x5a, 0xcb, 0xd5, 0xad, 0x5e, 0x08, 0xdd, 0x02, 0xa8, 0x14, 0xe4, 0x84, 0x6a, 0x90, 0xa5, 0x97, 0x14, 0x78, 0xc6, 0x8d, 0xcf, 0x07, 0xb1, 0xf5, 0xdb, 0x12, 0xf7, 0x67, 0x51, 0x19, 0x7c, 0x23, 0x7d, 0x97, 0xac, 0x5d, 0xda, 0xc4, 0xe3, 0x62, 0x2d, 0x31, 0xf4, 0x31, 0x74, 0xa4, 0x06, 0x7a, 0x35, 0x24, 0x4d, 0xa8, 0x86, 0xeb, 0xee, 0xdc, 0x0f, 0xd6, 0xc7, 0x31, 0xbb, 0xb2, 0x1d, 0xfb, 0xab, 0xb1, 0xf0, 0xb8, 0x37, 0xef, 0xd7, 0x0d, 0x2a, 0x9e, 0x63, 0xcf, 0x60, 0xa1, 0xd6, 0x9f, 0x2d, 0xd3, 0x8d, 0x64, 0x78, 0xe4, 0x3d, 0xfb, 0x3f, 0x2c, 0x76, 0x79, 0x09, 0xb7, 0x67, 0x69, 0x5e, 0x18, 0x66, 0x8a, 0x72, 0x4a, 0x77, 0x4d, 0x48, 0x04, 0xc2, 0x33, 0xda, 0x54, 0x46, 0xe1, 0x7c, 0xfa, 0xbe, 0x7e, 0xf3, 0xc9, 0xa8, 0x97, 0xe4, 0xf2, 0xbb, 0xb3, 0x9d, 0x5c, 0xd3, 0xd2, 0x88, 0x6e, 0x69, 0x9a, 0xa5, 0x8a, 0x05, 0x69, 0x55, 0xc1, 0x7a, 0x2a, 0x3e, 0x10, 0x87, 0x67, 0xbf, 0x78, 0x98, 0x73, 0x33, 0xe2, 0x02, 0x25, 0xfa, 0x5d, 0x39, 0xd1, 0xe3, 0x9b, 0x37, 0xd1, 0xc4, 0xfa, 0x94, 0xb9, 0x2a, 0x54, 0xc5, 0x2d, 0x66, 0x34, 0x3b, 0x6c, 0x7f, 0x1c, 0x28, 0x37, 0x4c, 0xd0, 0x84, 0x10, 0x46, 0x89, 0xf2, 0xb5, 0xf0, 0xbf, 0xa6, 0xad, 0xca, 0xc9, 0x2b, 0x26, 0xa7, 0x91, 0x9c, 0x4b, 0xa9, 0xb3, 0x49, 0x6f, 0xfc, 0x11, 0x29, 0x34, 0x03, 0x4d, 0xe3, 0x5c, 0x84, 0xe3, 0x49, 0x15, 0x56, 0x4f, 0x84, 0x21, 0xff, 0xa7, 0x7d, 0xa1, 0x58, 0x03, 0xaa, 0xb8, 0x52, 0xc9, 0xb4, 0x51, 0x24, 0x79, 0xf6, 0x7a, 0xa9, 0xcd, 0x6c, 0xb6, 0xdc, 0x77, 0xf2, 0xad, 0x7c, 0x74, 0x1d, 0xf0, 0xce, 0x11, 0x6c, 0x05, 0x0b, 0x86, 0x14, 0x76, 0x61, 0x6f, 0xd0, 0x6f, 0x81, 0x47, 0x78, 0x5f, 0x62, 0x80, 0x75, 0xb9, 0xbe, 0xb3, 0x24, 0x88, 0x57, 0x9f, 0x0e, 0x6c, 0x94, 0x44, 0x55, 0x72, 0x62, 0x54, 0xd5, 0x18, 0xdc, 0xee, 0x5d, 0x28, 0xea, 0xf4, 0x70, 0x80, 0x0f, 0x6d, 0xa7, 0x11, 0x38, 0x05, 0xa5, 0x0c, 0xa0, 0xe0, 0x4a, 0x1d, 0x66, 0x53, 0x8c, 0x85, 0x8b, 0xbd, 0x58, 0x59, 0x6e, 0x3a, 0x19, 0x19, 0x74, 0xdf, 0x30, 0x0c, 0x1b, 0x93, 0x25, 0xbd, 0xee, 0xb5, 0x73, 0x9c, 0x41, 0x04, 0x00, 0x0f, 0xbd, 0x21, 0x4b, 0x62, 0x7f, 0x1f, 0xb0, 0xd2, 0xeb, 0x3c, 0xdb, 0x2d, 0x41, 0x19, 0x1b, 0xea, 0x3f, 0xf0, 0x14, 0x2c, 0xf9, 0x0e, 0x4b, 0x01, 0xe5, 0x4d, 0x14, 0x90, 0x8e, 0xb2, 0x8e, 0xfb, 0xd7, 0x37, 0x14, 0x3b, 0x2c, 0xe1, 0x6e, 0xe8, 0x1d, 0x64, 0x0d, 0xe3, 0x24, 0xa0, 0x67, 0x2e, 0xd8, 0x27, 0x69, 0x3f, 0x41, 0x6a, 0x2b, 0x83, 0xda, 0x5a, 0x4b, 0x97, 0xc6, 0x3f, 0x86, 0xe0, 0x8c, 0x6d, 0xe6, 0x19, 0xae, 0xa9, 0xdf, 0x85, 0xbb, 0xcc, 0x23, 0x4d, 0x23, 0x24, 0x84, 0x61, 0xe8, 0x95, 0x73, 0x38, 0xcd, 0xce, 0x95, 0x92, 0x7f, 0xc5, 0x73, 0x33, 0x8e, 0x2e, 0x6e, 0x14, 0xcd, 0x56, 0xec, 0xac, 0xc9, 0x02, 0x12, 0x01, 0xb3, 0x07, 0xa4, 0xb9, 0x6a, 0xe9, 0xde, 0x87, 0x8f, 0x42, 0xea, 0x8d, 0x39, 0x18, 0xd3, 0xbb, 0xf6, 0x4d, 0xe1, 0xd4, 0xbe, 0x25, 0x04, 0xed, 0x51, 0xf3, 0x1c, 0xef, 0x1b, 0x8e, 0xbc, 0x3a, 0x6e, 0x68, 0x4b, 0x37, 0xfd, 0x4c, 0xa0, 0x5a, 0x38, 0x7e, 0xa2, 0xa2, 0xde, 0x9e, 0x5d, 0xe8, 0x48, 0x9e, 0x92, 0x2d, 0xe5, 0x2e, 0xba, 0x64, 0x4e, 0xaf, 0x74, 0xc8, 0xcc, 0xde, 0xa3, 0xe1, 0xf4, 0x0c, 0xdd, 0x66, 0x99, 0xd2, 0x1d, 0xef, 0x40, 0x25, 0x8f, 0xe5, 0x77, 0xe3, 0x33, 0xbe, 0xa9, 0xdf, 0x5c, 0xb4, 0x7b, 0x97, 0xe9, 0xd9, 0x05, 0xa0, 0x1b, 0xb0, 0xda, 0x2f, 0xd5, 0xa3, 0xdf, 0x46, 0x8f, 0xa5, 0xe8, 0xe1, 0x12, 0xe3, 0x43, 0xb6, 0xf2, 0xcd, 0x1d, 0xb9, 0xdd, 0xfc, 0xb2, 0xcb, 0x5f, 0xdd, 0xb7, 0x13, 0x52, 0xae, 0x9b, 0x72, 0xfb, 0xab, 0xb9, 0xeb, 0x21, 0xa1, 0xf2, 0x52, 0x44, 0x32, 0xe5, 0xa0, 0xe6, 0xb7, 0x08, 0xec, 0x5e, 0x93, 0x54, 0x4a, 0x76, 0x09, 0xae, 0x2a, 0x55, 0x9c, 0x98, 0x76, 0xc9, 0x19, 0xe1, 0x1f, 0xc1, 0x3c, 0x17, 0xc4, 0xb1, 0xc0, 0xf9, 0xd5, 0x6a, 0x83, 0xde, 0xc1, 0x67, 0x09, 0x60, 0xd0, 0x01, 0x3e, 0xc4, 0x83, 0xc9, 0x26, 0x59, 0x8b, 0xc4, 0xbe, 0x26, 0x5f, 0xe0, 0x69, 0x8e, 0x43, 0x4d, 0x1d, 0x8e, 0xe3, 0x97, 0x7f, 0xb6, 0x38, 0x03, 0x31, 0x45, 0x11, 0x9e, 0xb7, 0x38, 0xca, 0xe5, 0x7f, 0xf3, 0x87, 0xd6, 0x3b, 0x75, 0x6e, 0x58, 0x8b, 0x98, 0xdb, 0x6e, 0x7b, 0x46, 0x27, 0x17, 0x65, 0xec, 0x04, 0x07, 0x82, 0xea, 0xab, 0x98, 0x11, 0xe1, 0x4c, 0x8e, 0xf3, 0xb0, 0x83, 0xf2, 0xb7, 0xd2, 0xcf, 0x6d, 0x0a, 0xf3, 0xad, 0xc4, 0x0e, 0x25, 0x2e, 0xcd, 0xfe, 0xee, 0x4d, 0xfd, 0x03, 0xc4, 0x78, 0xad, 0x4e, 0x58, 0xac, 0x36, 0x4a, 0x68, 0xba, 0x7f, 0xdd, 0x73, 0xef, 0xfc, 0xca, 0xf2, 0x58, 0x75, 0x94, 0xfd, 0x70, 0x25, 0xef, 0x7c, 0x17, 0x96, 0x6d, 0x70, 0x97, 0xf2, 0x56, 0x7b, 0x5f, 0xfa, 0x03, 0xe5, 0x6f, 0xf3, 0x0e, 0x37, 0x6b, 0x60, 0x04, 0x9d, 0x1b, 0x30, 0xbf, 0xe0, 0xda, 0x42, 0x69, 0x3c, 0x33, 0xcb, 0xac, 0x89, 0xff, 0x8f, 0x92, 0x20, 0xea, 0x2f, 0xb0, 0xdf, 0xee, 0x7b, 0x04, 0xc2, 0x13, 0xea, 0x23, 0xa2, 0xf8, 0x2b, 0x1b, 0xc9, 0x6a, 0x34, 0xf8, 0x18, 0x4e, 0x1c, 0xc9, 0x6d, 0xe5, 0xd6, 0x37, 0xe8, 0x56, 0x12, 0x3e, 0xc3, 0xe9, 0x4a, 0x85, 0x0b, 0x1f, 0xac, 0x6b, 0x26, 0xf3, 0x20, 0x4c, 0x61, 0x70, 0x79, 0xaa, 0x08, 0xf0, 0x17, 0xb9, 0x7f, 0xc7, 0xe7, 0xc5, 0x5a, 0xfe, 0xcd, 0x6d, 0xa0, 0x5a, 0x11, 0x88, 0x52, 0xcf, 0x37, 0x32, 0xa1, 0x6f, 0x2d, 0xc7, 0xed, 0x74, 0x5e, 0xf0, 0x5d, 0x32, 0x5f, 0xcc, 0xf9, 0xfa, 0x33, 0x3a, 0xd4, 0xfa, 0x81, 0x5c, 0xb5, 0x73, 0x00, 0x60, 0xb0, 0x11, 0xa4, 0xa0, 0x8c, 0x0a, 0x9c, 0x97, 0x19, 0xfa, 0x59, 0x6d, 0xc2, 0x75, 0xd5, 0x00, 0x05, 0x8c, 0x72, 0x5e, 0xa3, 0x85, 0xb3, 0xf2, 0xef, 0x0d, 0xef, 0x9f, 0x80, 0x45, 0x2a, 0x8a, 0x42, 0xc7, 0x2b, 0x3c, 0x0f, 0x78, 0xf0, 0x54, 0x94, 0xd5, 0x2e, 0x0d, 0x76, 0x2d, 0xfe, 0x2a, 0xb9, 0x1a, 0xb2, 0x95, 0x3d, 0xa4, 0x52, 0xbe, 0xa6, 0xa2, 0x8e, 0x77, 0x9d, 0xa5, 0x77, 0x0a, 0x46 }, .ds_key_size = 4096, - .ds_result = { 0xa2, 0xbe, 0x4f, 0x7b, 0xd7, 0xcb, 0x10, 0xb4, 0x9e, 0x0f, 0x74, 0x53, 0x09, 0xc7, 0x13, 0x32, 0x20, 0x5b, 0xf3, 0x32, 0x9f, 0x79, 0xe5, 0xe3, 0x46, 0x9a, 0xfd, 0xe8, 0x36, 0xfa, 0x73, 0x99, 0x34, 0xee, 0xd3, 0x73, 0xd7, 0x67, 0xfd, 0x50, 0xe6, 0xf7, 0x82, 0x1f, 0x19, 0x8e, 0x8c, 0xab, 0x5d, 0x9c, 0xe5, 0xbd, 0xe1, 0xc3, 0xf0, 0xe6, 0x96, 0x17, 0x02, 0x0d, 0x3a, 0xc4, 0x62, 0x30, 0xf4, 0x5b, 0x9b, 0xfa, 0x59, 0xae, 0x2b, 0x69, 0x69, 0x64, 0x90, 0xbe, 0x09, 0x13, 0x13, 0xa0, 0xe5, 0xa4, 0xc2, 0xac, 0xe5, 0x5a, 0xae, 0x0d, 0x0e, 0x46, 0xe9, 0xa9, 0x8c, 0x44, 0x4a, 0x5f, 0x9e, 0xf0, 0x3a, 0xb6, 0x94, 0x27, 0x9d, 0x40, 0xff, 0x61, 0x8e, 0xd8, 0xd6, 0x1a, 0xdd, 0xcc, 0x2c, 0xc2, 0xd1, 0x53, 0xec, 0x1e, 0xce, 0x05, 0x92, 0x4e, 0xaf, 0x8b, 0x7f, 0x91, 0xdb, 0x17, 0x18, 0x4e, 0x82, 0x60, 0xf1, 0x36, 0xdf, 0x31, 0xb2, 0x60, 0xe1, 0x44, 0x8f, 0xb3, 0xe0, 0x73, 0xc8, 0xf7, 0xe7, 0x69, 0xb8, 0x24, 0xf8, 0xcb, 0x56, 0x0c, 0xed, 0x6b, 0x36, 0x9b, 0xe3, 0x52, 0xca, 0x50, 0xc4, 0xa8, 0x67, 0x84, 0xa0, 0xc8, 0x25, 0x81, 0xaf, 0x57, 0x06, 0x4e, 0x78, 0x98, 0xf7, 0x0c, 0x74, 0x8e, 0xf4, 0x3e, 0x28, 0x7b, 0x4e, 0xe5, 0x2c, 0x6e, 0x5e, 0xa6, 0x29, 0x7d, 0x5f, 0xd5, 0x90, 0x84, 0xce, 0x1a, 0x57, 0x1a, 0xd6, 0xfb, 0xf1, 0xec, 0xd7, 0x81, 0x18, 0x2a, 0x94, 0xaf, 0xc7, 0x0a, 0x77, 0xe7, 0x6c, 0xd5, 0x87, 0xa2, 0x15, 0x56, 0x0f, 0xdb, 0x3e, 0xe2, 0x64, 0xa7, 0x71, 0x4e, 0xd0, 0xcf, 0x3e, 0x10, 0x97, 0x40, 0x16, 0x69, 0x9d, 0xd4, 0x18, 0xb1, 0xdb, 0xf9, 0xca, 0x6a, 0x5d, 0xb3, 0x9f, 0xe2, 0x3e, 0x57, 0xf9, 0xac, 0x11, 0x88, 0x00, 0x22, 0xf4, 0xcd, 0xa9, 0x15, 0xc2, 0x0b, 0xc8, 0x9b, 0x73, 0x04, 0xdf, 0xf8, 0xdd, 0xeb, 0x50, 0xaa, 0xdd, 0x34, 0x8f, 0x36, 0xca, 0x59, 0x06, 0x70, 0xb0, 0x4a, 0xea, 0x13, 0xed, 0xb5, 0x55, 0x3c, 0xd2, 0xe7, 0x30, 0x2a, 0x41, 0xb5, 0x2c, 0xdb, 0xd5, 0x2a, 0xf7, 0x31, 0xb3, 0x71, 0x22, 0xcd, 0xfd, 0x6b, 0x3a, 0x98, 0x4b, 0xf4, 0xe9, 0xc8, 0xa0, 0x92, 0xc1, 0xcd, 0x23, 0x97, 0x88, 0x21, 0x45, 0xc1, 0xe4, 0x3b, 0x77, 0x69, 0xfb, 0xcd, 0x42, 0x3e, 0x6c, 0xe3, 0x96, 0xc3, 0xfa, 0x5a, 0x0c, 0xea, 0x87, 0x01, 0xee, 0x23, 0x1f, 0x58, 0x07, 0x2c, 0x98, 0x69, 0x6c, 0x14, 0xbd, 0xe6, 0x11, 0x4e, 0x77, 0x67, 0x02, 0x4c, 0x23, 0x36, 0x97, 0xd6, 0x95, 0x95, 0x48, 0x1f, 0x1a, 0xab, 0x8f, 0x13, 0xaa, 0x0b, 0x8d, 0xb5, 0x08, 0xad, 0xaf, 0xf2, 0x7a, 0x70, 0xcc, 0x8a, 0x26, 0x47, 0x34, 0xba, 0x85, 0x07, 0xc9, 0x3a, 0x1e, 0x56, 0x6b, 0x53, 0x47, 0xdc, 0x4a, 0x39, 0xa5, 0x5a, 0x87, 0x3f, 0x6a, 0xb0, 0x96, 0xd8, 0x86, 0xba, 0x01, 0xee, 0x91, 0xb8, 0xca, 0x41, 0xaa, 0x5a, 0x10, 0x4c, 0x9b, 0x5d, 0xf9, 0xd4, 0xac, 0x5f, 0x05, 0x48, 0xfb, 0xa0, 0x63, 0xf7, 0x2c, 0x13, 0xd1, 0x18, 0x2c, 0x62, 0xe8, 0xe6, 0x5c, 0xc2, 0xe6, 0x81, 0x61, 0x84, 0xa8, 0x35, 0xb2, 0x19, 0x35, 0x4a, 0x1b, 0x75, 0x01, 0x91, 0x97, 0x83, 0xc6, 0x24, 0xf2, 0xc4, 0xf4, 0x05, 0xe4, 0x96, 0x60, 0xc8, 0x14, 0x00, 0x30, 0x9c, 0x45, 0xc9, 0x29, 0x22, 0xf4, 0x4c, 0x2f, 0x27, 0x65, 0xdf, 0x24, 0x87, 0x6b, 0x10, 0x65, 0x20, 0x48, 0x1a, 0x36, 0x54, 0xd1, 0x01, 0x80, 0xb1, 0x6a, 0x3e, 0xc0, 0xb6, 0x13, 0x9d, 0xbf, 0x64, 0x44, 0x6e, 0xe2, 0xfe, 0x86, 0x81, 0xaa, 0xa7, 0x07, 0x3d }, + .ds_result = { 0xf1, 0xdd, 0xd5, 0x9d, 0x73, 0x05, 0xc4, 0x21, 0x9c, 0x69, 0x5f, 0x04, 0x28, 0x30, 0x58, 0xc8, 0x77, 0x7b, 0xbf, 0x44, 0x9f, 0xd1, 0xdf, 0x2e, 0xac, 0x7c, 0x64, 0x92, 0x73, 0xf2, 0x70, 0x98, 0x7c, 0x80, 0x05, 0xf0, 0x1f, 0x90, 0xdb, 0x9d, 0x21, 0x60, 0x3d, 0x0f, 0x39, 0x16, 0xe1, 0x39, 0xab, 0x62, 0xa8, 0xc5, 0x43, 0x86, 0xb3, 0x5a, 0x99, 0x99, 0xae, 0x9c, 0x20, 0x02, 0xd6, 0x6f, 0x5e, 0x26, 0xd4, 0x12, 0x7f, 0xcd, 0xab, 0x43, 0xd1, 0x46, 0x72, 0x79, 0x1a, 0x1e, 0x2b, 0xcc, 0xb7, 0xe3, 0xf3, 0x7e, 0xd1, 0x31, 0x22, 0xe0, 0x61, 0x7d, 0x18, 0x3e, 0xcb, 0x94, 0xc9, 0xe0, 0x64, 0xf6, 0x4e, 0x7a, 0x7a, 0x3f, 0x8c, 0x80, 0xad, 0x68, 0x4c, 0x98, 0x3c, 0xc1, 0xe3, 0x0f, 0xc5, 0x4b, 0xbb, 0xa8, 0x5d, 0xad, 0xd0, 0x6d, 0x56, 0x92, 0xcf, 0x5f, 0x63, 0x83, 0x93, 0xa2, 0x52, 0xb1, 0x55, 0x11, 0xb6, 0xfc, 0xb2, 0x7d, 0xe4, 0x22, 0xb7, 0xfd, 0xf4, 0xf0, 0x6f, 0x4c, 0xa9, 0x4e, 0x30, 0xc6, 0xad, 0xb4, 0x1c, 0x30, 0xf4, 0x1e, 0x1c, 0xe4, 0x0f, 0x5a, 0x4d, 0x34, 0xd7, 0x91, 0xe1, 0xcd, 0x18, 0xfc, 0x77, 0x05, 0xa9, 0x5c, 0x72, 0xab, 0x79, 0x2a, 0xa8, 0x26, 0x9e, 0xb6, 0x3b, 0xd1, 0x18, 0x01, 0x4a, 0x5f, 0xf0, 0x40, 0x8d, 0x39, 0x41, 0x54, 0x90, 0xc4, 0xbb, 0xf9, 0xb0, 0x84, 0x70, 0x59, 0x6c, 0xc2, 0x91, 0xfe, 0x02, 0x18, 0xe0, 0xa3, 0xc8, 0xc6, 0x62, 0xa6, 0x64, 0x53, 0xb8, 0xc0, 0xd2, 0x64, 0x7c, 0x41, 0x15, 0x17, 0x4f, 0xd0, 0xa8, 0x8b, 0xad, 0x35, 0xe6, 0x35, 0xd4, 0x92, 0x34, 0x03, 0xb7, 0x41, 0xc8, 0x5a, 0x5e, 0xc8, 0xe2, 0x55, 0x67, 0x9d, 0x95, 0x83, 0x3a, 0xc8, 0x17, 0xa3, 0x0a, 0x4e, 0x47, 0xe6, 0x44, 0xa1, 0x22, 0x30, 0x50, 0xdb, 0x68, 0xb5, 0x69, 0x97, 0x52, 0xa7, 0xc6, 0x5b, 0x33, 0x86, 0x25, 0xe3, 0x5b, 0x16, 0xb1, 0x7a, 0x77, 0xe6, 0xf8, 0xd7, 0xde, 0xc8, 0x17, 0xe7, 0x7a, 0x12, 0xdf, 0x95, 0xae, 0xa5, 0xb3, 0x01, 0x58, 0xfe, 0x0e, 0xec, 0x74, 0x0c, 0xfc, 0x08, 0xcc, 0xb7, 0xbb, 0xb1, 0x6c, 0x46, 0x09, 0x9d, 0x36, 0x4a, 0x39, 0xa9, 0xb5, 0x9b, 0xe3, 0x02, 0xbf, 0x74, 0xf0, 0x3e, 0xc5, 0xd9, 0xd2, 0xf7, 0x55, 0xbc, 0x40, 0xdd, 0x0c, 0x6f, 0xae, 0xf8, 0xe4, 0xe2, 0x36, 0x75, 0x53, 0x8a, 0xae, 0x78, 0x6d, 0x4b, 0xc3, 0x91, 0xaf, 0xfd, 0x74, 0xd5, 0x45, 0xed, 0x1d, 0xe4, 0xdc, 0xad, 0x71, 0x87, 0xa8, 0x52, 0x4a, 0x20, 0xcb, 0xcc, 0x30, 0x98, 0x64, 0xb3, 0x08, 0x47, 0xce, 0xb0, 0x93, 0xd1, 0x2b, 0xcd, 0xa4, 0x3d, 0xee, 0x52, 0x37, 0xfe, 0xd8, 0x55, 0x2b, 0x0e, 0x0c, 0xa3, 0x2d, 0x01, 0x9b, 0xfc, 0x65, 0x41, 0xa0, 0x81, 0x71, 0x43, 0x64, 0xd8, 0x1d, 0x8c, 0x36, 0xc2, 0xc8, 0xe7, 0x89, 0x84, 0xb7, 0xa7, 0x8e, 0xbd, 0x32, 0xf0, 0xe0, 0xa0, 0x5b, 0x47, 0x97, 0xe7, 0x81, 0x15, 0xa3, 0x24, 0x39, 0x40, 0x47, 0x17, 0x07, 0xe5, 0x35, 0x19, 0x81, 0x04, 0xdc, 0x57, 0xce, 0x52, 0xd4, 0xcd, 0xe7, 0xe4, 0x97, 0xb3, 0x1d, 0x60, 0x7b, 0xbb, 0xb5, 0x15, 0xb3, 0x4b, 0x27, 0xf1, 0xda, 0x2b, 0xd9, 0xe9, 0x4e, 0xca, 0x57, 0x1d, 0xb6, 0xde, 0x8d, 0x0f, 0x9e, 0xbd, 0xdb, 0xaf, 0xde, 0x69, 0x0a, 0xd6, 0x5a, 0x37, 0xc5, 0x38, 0x76, 0x33, 0x73, 0xc9, 0x07, 0xa6, 0xbb, 0x50, 0xa4, 0x31, 0x0e, 0x27, 0x50, 0xef, 0xab, 0x34, 0x7a, 0xe2, 0xb5, 0x42, 0xec, 0x0c, 0x63, 0x70, 0x2b, 0xed, 0x97, 0xee, 0xe4, 0x7b, 0x62, 0xc9, 0xaf, 0x02, 0x7b, 0xc6, 0x17, 0x43 }, #elif SOC_DS_SIGNATURE_MAX_BIT_LEN == 3072 - .ds_message = { 0x55, 0xa7, 0xa1, 0x8e, 0x10, 0xb3, 0x30, 0x81, 0x42, 0xef, 0xf3, 0x25, 0xc6, 0x7e, 0xd4, 0x0b, 0x0c, 0x67, 0x33, 0xdf, 0x3a, 0xc9, 0x6d, 0x75, 0x19, 0x80, 0x8c, 0xf0, 0xb3, 0x2f, 0x7e, 0x62, 0xd9, 0xae, 0xa6, 0xdc, 0xdd, 0x67, 0x6f, 0x7d, 0x27, 0x4f, 0x46, 0x37, 0x8d, 0x3d, 0xba, 0x2e, 0x8b, 0x84, 0x48, 0x25, 0x4b, 0x8c, 0x6d, 0xdc, 0xcf, 0x19, 0xf0, 0xae, 0x56, 0x2f, 0x6e, 0x1a, 0xe7, 0xa6, 0xdb, 0x72, 0x67, 0x1c, 0xde, 0xcc, 0x16, 0x92, 0x07, 0xf4, 0x66, 0x0b, 0x26, 0xc0, 0x60, 0xd4, 0x45, 0xf1, 0x88, 0xbd, 0x3d, 0xa1, 0x05, 0x7f, 0x96, 0x3f, 0x79, 0x71, 0x19, 0x5b, 0xfa, 0x62, 0xac, 0xc6, 0xaa, 0x8c, 0xc6, 0x8a, 0x50, 0x20, 0x25, 0xc2, 0x60, 0x6b, 0x96, 0xe8, 0xb6, 0xaf, 0x3a, 0xb7, 0x48, 0x08, 0x7b, 0xc4, 0x48, 0xc3, 0x4c, 0xd4, 0x5d, 0x28, 0x7a, 0xbb, 0x37, 0x0d, 0x09, 0xb0, 0x51, 0xdf, 0x2e, 0xee, 0xa4, 0x79, 0xf5, 0x7f, 0x90, 0xcd, 0x12, 0xcf, 0x8b, 0x17, 0x27, 0xce, 0x02, 0x33, 0x91, 0x52, 0x84, 0x2b, 0x09, 0x71, 0x55, 0xe0, 0xd1, 0xfa, 0xc0, 0x34, 0x9b, 0xb0, 0xc2, 0x57, 0xc9, 0x53, 0x21, 0x0f, 0x00, 0xec, 0x1d, 0x61, 0x7f, 0x56, 0x81, 0xca, 0xa2, 0xff, 0xb2, 0x7e, 0xc0, 0x8b, 0xc8, 0x02, 0x21, 0xf6, 0x0f, 0xd0, 0x46, 0xa5, 0xd1, 0x43, 0xce, 0xcb, 0x0e, 0x50, 0xb8, 0x4b, 0x45, 0x3a, 0xac, 0x5f, 0x83, 0x58, 0x30, 0x49, 0xe0, 0x6d, 0x18, 0xc2, 0x96, 0xe7, 0x0c, 0xa6, 0x5b, 0x6e, 0xff, 0xab, 0xa7, 0x40, 0x6d, 0x2d, 0xf8, 0xda, 0x68, 0x9f, 0xf4, 0x29, 0x4f, 0x6e, 0xfd, 0xda, 0x68, 0x8d, 0x0e, 0x6a, 0x12, 0x96, 0x18, 0x95, 0x53, 0x4f, 0xfd, 0x52, 0x61, 0x42, 0x1c, 0xe5, 0x2c, 0xc1, 0x6b, 0x27, 0xee, 0xd0, 0xdf, 0x2d, 0x34, 0x57, 0x39, 0x21, 0x88, 0xda, 0x1e, 0x40, 0xfa, 0x81, 0x85, 0xb2, 0x59, 0x9f, 0x4c, 0x4d, 0xa9, 0xed, 0xca, 0x69, 0x70, 0xbf, 0xc0, 0xaf, 0x6f, 0x10, 0xd0, 0x5d, 0x44, 0xfe, 0xc4, 0x0a, 0xa1, 0x51, 0x9b, 0x44, 0x3a, 0x12, 0x6c, 0x4c, 0x4d, 0x4b, 0x8e, 0x77, 0xe1, 0x83, 0x4a, 0x50, 0x72, 0x02, 0x3e, 0x0d, 0x27, 0xdf, 0xca, 0x0e, 0x3e, 0x36, 0x8c, 0x6c, 0x49, 0xe7, 0xa2, 0xd3, 0x3a, 0x17, 0x85, 0xf7, 0x33, 0xcb, 0xbd, 0xa9, 0xd4, 0xf8, 0xd8, 0x55, 0x61, 0x97, 0x51, 0x97, 0x45, 0x49, 0x41, 0xc0, 0x36, 0xc3, 0x60, 0x85, 0x08, 0x5e, 0xfa, 0x14, 0xc0, 0x14, 0x56, 0x50, 0xdc, 0xae, 0xc0, 0x71, 0xcd, 0x96, 0x4d, 0x94, 0x8f, 0x11, 0xe5, 0x68, 0x68, 0xba, 0x8a, 0x44, 0xde, 0x85, 0x44, 0xdc, 0x1d, 0x85, 0xa2, 0x30, 0xcd, 0xfc, 0xe9, 0x11, 0xea, 0xdc }, - .ds_encrypted_input_params = { 0xb9, 0xe0, 0xf0, 0x75, 0xf1, 0x2f, 0x97, 0x74, 0x5a, 0x91, 0x99, 0xdf, 0xd4, 0x65, 0x56, 0xec, 0xbc, 0xca, 0xa5, 0xf1, 0x83, 0xe7, 0x13, 0x86, 0x95, 0xb6, 0xc2, 0xf9, 0xf4, 0x2c, 0x55, 0xb0, 0x5b, 0x3c, 0x77, 0x64, 0x6b, 0x25, 0xf0, 0x25, 0x31, 0xb0, 0xd8, 0x60, 0xfd, 0x06, 0xcb, 0x6e, 0xa1, 0xf8, 0x79, 0x4f, 0xdf, 0xe5, 0x03, 0x4d, 0xcb, 0x30, 0xed, 0xb2, 0x10, 0xe4, 0x89, 0x34, 0x37, 0x0d, 0xe6, 0xb2, 0x69, 0x41, 0x3c, 0x8e, 0x54, 0x34, 0xbb, 0x7c, 0x08, 0x34, 0xe9, 0x37, 0xe8, 0x89, 0x5e, 0xe7, 0x1d, 0xac, 0x2c, 0x83, 0x33, 0xf3, 0x35, 0x12, 0x5f, 0x2a, 0xec, 0xfa, 0xc2, 0x33, 0xd2, 0x08, 0x4e, 0xcc, 0x86, 0xf2, 0xb3, 0xfb, 0xff, 0x07, 0x1a, 0xa1, 0x07, 0xf4, 0xfb, 0x87, 0xf0, 0x80, 0xbd, 0xc2, 0x27, 0x2b, 0x42, 0xf7, 0xc2, 0xd2, 0xae, 0x9f, 0x82, 0xf2, 0x91, 0xb7, 0xf5, 0x53, 0x25, 0x15, 0xf1, 0x5c, 0x6c, 0x33, 0x88, 0xff, 0x44, 0x13, 0xcb, 0x00, 0x23, 0xbc, 0xfd, 0xae, 0x0d, 0xf8, 0x9d, 0xb7, 0x45, 0x35, 0x80, 0xce, 0xcd, 0x77, 0x5c, 0x9a, 0xc2, 0x46, 0x0a, 0x3c, 0x44, 0xeb, 0xdd, 0xa3, 0x08, 0xcf, 0x5a, 0x38, 0x07, 0x89, 0x88, 0x0f, 0x0d, 0x1b, 0x84, 0x3c, 0xcb, 0x4e, 0x61, 0x07, 0xec, 0x20, 0x89, 0xbb, 0x3c, 0x63, 0xf8, 0x7f, 0x50, 0x68, 0x25, 0x85, 0xba, 0xa4, 0xec, 0xf7, 0x11, 0x8d, 0xa6, 0xa0, 0x2c, 0xc5, 0xa8, 0x7d, 0x9a, 0x85, 0xb6, 0x7a, 0x6a, 0x45, 0x5b, 0x46, 0xc7, 0xcb, 0xda, 0x25, 0xbf, 0x6a, 0xfe, 0xbf, 0xbc, 0xb0, 0x11, 0x19, 0x43, 0x71, 0x0e, 0x1f, 0x66, 0xac, 0x81, 0xd4, 0xe5, 0x3a, 0x03, 0xd8, 0xb0, 0x83, 0xbf, 0xbc, 0x57, 0x24, 0x7a, 0x03, 0x54, 0x2f, 0x58, 0x82, 0x5d, 0x63, 0x4f, 0x78, 0xff, 0x78, 0x84, 0x46, 0x51, 0x9d, 0x40, 0x6c, 0xe5, 0x97, 0xf9, 0xa3, 0x2b, 0x14, 0x02, 0x0f, 0x97, 0xe4, 0xde, 0x32, 0xc3, 0xcf, 0xe6, 0xcf, 0x9c, 0x38, 0xc0, 0x5f, 0x44, 0x9e, 0x78, 0xc9, 0x88, 0xbd, 0xc6, 0x84, 0x25, 0x20, 0x7a, 0xb5, 0xae, 0xc5, 0xf6, 0xe1, 0xb2, 0xdb, 0x1d, 0xb9, 0x06, 0x3f, 0x8a, 0x29, 0xd5, 0xc6, 0xe3, 0x3e, 0x5c, 0x86, 0xe6, 0x88, 0x56, 0x0f, 0x36, 0xe8, 0x48, 0xf0, 0xa8, 0x9b, 0x47, 0x3a, 0xeb, 0x69, 0xb7, 0x03, 0x45, 0x8d, 0xfb, 0xa7, 0xf2, 0x56, 0xd4, 0x2a, 0x81, 0x00, 0x7a, 0x80, 0xfa, 0x72, 0x5d, 0x00, 0x20, 0x67, 0xe3, 0x11, 0x19, 0x1d, 0x22, 0xde, 0x99, 0x03, 0xe5, 0xf2, 0x3f, 0x27, 0x25, 0x05, 0x4b, 0x87, 0x63, 0xb6, 0x50, 0x62, 0xaa, 0x19, 0xe0, 0xf9, 0x35, 0x80, 0x57, 0x01, 0x7d, 0xdd, 0x98, 0xf1, 0x4a, 0x19, 0x5b, 0x5b, 0x7a, 0xf5, 0xab, 0x87, 0x5b, 0x42, 0xfb, 0x01, 0xc4, 0xc5, 0x95, 0xa3, 0x46, 0xfb, 0xd0, 0x96, 0x59, 0x13, 0x7b, 0xdf, 0x11, 0x25, 0x38, 0x80, 0x64, 0x69, 0x53, 0xee, 0xe3, 0x59, 0xf3, 0x9d, 0x4a, 0xee, 0x2f, 0x3f, 0x39, 0xd2, 0x5b, 0xce, 0x73, 0x3e, 0x73, 0xd5, 0x30, 0x1b, 0x50, 0x68, 0x74, 0x3a, 0x29, 0x30, 0x29, 0x63, 0xbb, 0xdf, 0x27, 0xc9, 0x68, 0xeb, 0x5b, 0xb3, 0xe9, 0x9a, 0xa8, 0x11, 0x2a, 0x99, 0x71, 0xcd, 0x1f, 0x02, 0x09, 0xbb, 0x3d, 0x82, 0x12, 0x47, 0x7e, 0xd2, 0x01, 0xeb, 0x1a, 0xd3, 0xb6, 0x24, 0x32, 0xfa, 0x03, 0x09, 0xec, 0x29, 0xfa, 0x56, 0x30, 0xb2, 0xba, 0x9a, 0x23, 0x6c, 0x09, 0xd3, 0x66, 0xfb, 0xa1, 0xef, 0x32, 0xe4, 0x09, 0x4b, 0xfb, 0x41, 0x3a, 0x8f, 0xac, 0xde, 0x4a, 0xad, 0x4d, 0x91, 0xf5, 0xb9, 0x7d, 0x90, 0x3e, 0x41, 0x7e, 0x95, 0x6d, 0x64, 0x4d, 0x83, 0x2a, 0x6e, 0xa5, 0x99, 0x87, 0x70, 0xc6, 0xb0, 0xc8, 0xab, 0xe6, 0xde, 0xec, 0x5b, 0x66, 0xc7, 0x08, 0xe8, 0x10, 0x7d, 0x38, 0x60, 0x06, 0x5b, 0x6c, 0xbc, 0x0e, 0xc9, 0x3c, 0x1c, 0x87, 0x40, 0x8a, 0x90, 0xf8, 0x11, 0xa7, 0xc0, 0x32, 0x7c, 0x50, 0x25, 0xd6, 0x08, 0x94, 0x54, 0x79, 0x5b, 0x3f, 0xc2, 0x8a, 0xa9, 0xc2, 0xcb, 0xca, 0xf4, 0x22, 0x3d, 0x12, 0x0a, 0x77, 0xcd, 0x8e, 0x1f, 0x32, 0x6b, 0x8d, 0xde, 0x8b, 0xcd, 0xca, 0x94, 0xea, 0x5a, 0xa9, 0xf0, 0xaf, 0x91, 0x25, 0x60, 0x0f, 0x87, 0xc1, 0x0b, 0xfc, 0xe5, 0x87, 0xed, 0xb4, 0xf0, 0xad, 0xa5, 0x08, 0x48, 0xbf, 0x2c, 0x07, 0x57, 0x2a, 0x59, 0x52, 0xd7, 0x24, 0x53, 0x0c, 0x41, 0x08, 0x6e, 0x87, 0x1b, 0x89, 0xd3, 0x7e, 0x79, 0x49, 0xa9, 0xeb, 0x99, 0x97, 0x9d, 0x49, 0x01, 0x34, 0x1f, 0x65, 0x0d, 0xcc, 0x4c, 0xe5, 0xdc, 0x90, 0x14, 0xa4, 0x37, 0x8e, 0x51, 0xf8, 0x85, 0xbc, 0xde, 0x21, 0x87, 0xc3, 0xd9, 0xa9, 0x6c, 0x85, 0x2c, 0x7d, 0x8d, 0xba, 0xcb, 0x89, 0xc9, 0x15, 0x73, 0xd3, 0x81, 0x0b, 0x0c, 0x7c, 0x24, 0x16, 0x86, 0x17, 0x90, 0xce, 0x25, 0x54, 0x9e, 0xb5, 0xd1, 0x35, 0x83, 0x24, 0x7e, 0x7b, 0x42, 0x22, 0x9b, 0xe2, 0x42, 0xbd, 0x1e, 0x01, 0x98, 0x7a, 0x9b, 0x61, 0x75, 0x51, 0x74, 0xf6, 0x42, 0x31, 0x60, 0x42, 0x16, 0x71, 0x75, 0xee, 0x22, 0xdb, 0xd7, 0x03, 0xa1, 0x8d, 0x1c, 0x20, 0x04, 0x40, 0x60, 0x20, 0xb9, 0x70, 0x3c, 0x1c, 0x29, 0xf2, 0x3f, 0x6c, 0xfc, 0x79, 0xe0, 0x72, 0x9c, 0xec, 0x8c, 0x1e, 0x29, 0xe7, 0x92, 0x91, 0xdd, 0x7d, 0x20, 0x39, 0xc7, 0xcf, 0xf4, 0x47, 0xdc, 0x9d, 0xea, 0x25, 0xcf, 0x72, 0x52, 0xea, 0x87, 0x5a, 0x6f, 0xce, 0x50, 0x20, 0x69, 0x91, 0xd3, 0x7b, 0x55, 0x52, 0xd9, 0xdf, 0x57, 0x76, 0x3b, 0xdc, 0x6c, 0x17, 0x89, 0x32, 0x04, 0xa6, 0x60, 0x7e, 0x66, 0x55, 0x35, 0xf4, 0x6a, 0xe0, 0x34, 0xf7, 0x57, 0x77, 0xdc, 0xba, 0x02, 0x20, 0x5d, 0xc9, 0xad, 0x8a, 0x19, 0xdb, 0x90, 0xc3, 0x28, 0x10, 0x6c, 0xdd, 0xd3, 0x75, 0x9d, 0x75, 0xac, 0xec, 0xf8, 0x5a, 0x85, 0x8a, 0x89, 0xaa, 0xe9, 0xca, 0xc0, 0xbc, 0xff, 0x42, 0x91, 0x66, 0x49, 0x4c, 0x4b, 0x29, 0x94, 0xad, 0x87, 0x41, 0x87, 0x15, 0x3e, 0x14, 0xd6, 0x4a, 0x74, 0x6d, 0xee, 0xa2, 0x27, 0x81, 0x79, 0xa2, 0x3f, 0x27, 0x82, 0x32, 0xa4, 0x46, 0xf0, 0x59, 0x25, 0x21, 0x31, 0xb8, 0xda, 0xba, 0x50, 0x6f, 0xa4, 0x59, 0xad, 0x8c, 0xb5, 0x9c, 0x83, 0x0b, 0x40, 0x71, 0x25, 0xba, 0x76, 0xa3, 0xa2, 0xe1, 0x6d, 0x5d, 0xda, 0x2f, 0xc4, 0xe3, 0x3f, 0x5c, 0x60, 0x12, 0xfe, 0x74, 0xe6, 0x18, 0x5c, 0x4a, 0x34, 0x65, 0x6b, 0x87, 0x34, 0x3b, 0x3c, 0xf2, 0x0e, 0x78, 0x33, 0x46, 0xc5, 0xa5, 0xd9, 0x10, 0xcc, 0x5e, 0x4d, 0xd2, 0xf2, 0x98, 0xad, 0xcc, 0xef, 0xb3, 0x11, 0x0f, 0x6c, 0x07, 0x9e, 0x84, 0xfc, 0x42, 0x8e, 0x19, 0x81, 0x92, 0x49, 0xe0, 0xca, 0xdd, 0x15, 0x88, 0x1d, 0x4c, 0xd3, 0x3e, 0x24, 0xbb, 0x59, 0x89, 0xd8, 0xae, 0x06, 0x4a, 0x26, 0x0b, 0xe2, 0x38, 0x18, 0x31, 0x7b, 0xb3, 0x0c, 0x73, 0x04, 0x48, 0x39, 0xe4, 0x46, 0x99, 0x67, 0x8d, 0x08, 0xa1, 0xb9, 0x5d, 0x7e, 0xc6, 0x57, 0x40, 0xca, 0x53, 0xd9, 0xab, 0xdc, 0xc3, 0x6d, 0x1f, 0x65, 0xd4, 0xfa, 0x3a, 0xa3, 0xde, 0x9d, 0x7f, 0x23, 0x0f, 0xa4, 0x45, 0xca, 0xbd, 0x05, 0xd9, 0xd7, 0x81, 0xc2, 0xa4, 0x88, 0x03, 0x12, 0x5b, 0x7f, 0xe8, 0xde, 0x08, 0xbc, 0x80, 0xea, 0x13, 0xb4, 0xf1, 0xe8, 0x69, 0x79, 0x71, 0xea, 0x7c, 0xd7, 0x0b, 0xbd, 0x2e, 0x8b, 0xb2, 0x6d, 0xce, 0xd0, 0xe9, 0x3a, 0xd6, 0xd4, 0xf6, 0xa3, 0x7a, 0x4e, 0x4b, 0x07, 0xd3, 0xc7, 0x46, 0xee, 0xf6, 0xeb, 0x07, 0xf7, 0xf8, 0x3f, 0x3d, 0x35, 0xa8, 0x73, 0x9c, 0xae, 0x21, 0xa5, 0x52, 0xb8, 0x1a, 0x9e, 0xce, 0xe3, 0x9f, 0x2f, 0x9a, 0xc2, 0xee, 0xbb, 0x27, 0xcb, 0x35, 0xb3, 0x24, 0x63, 0x5e, 0x93, 0x1d, 0xeb, 0x3e, 0x33, 0x54, 0xf1, 0x7f, 0x0a, 0x8b, 0xe4, 0x28, 0x73, 0x52, 0x81, 0x73, 0x5c, 0x6a, 0xf3, 0x25, 0x6f, 0xf1, 0xda, 0x5f, 0x96, 0xb2, 0xf5, 0x87, 0x80, 0xf2, 0x01, 0x10, 0x38, 0xa6, 0xc8, 0xdf, 0x75, 0x7a, 0x52, 0xd4, 0x4d, 0xc0, 0x85, 0xdf, 0xb8, 0x4f, 0x75, 0x32, 0xd2, 0x3a, 0x71, 0x11, 0x84, 0x7e, 0x08, 0x35, 0x87, 0xca, 0x5c, 0x5e, 0xa3, 0xac, 0x04, 0xca, 0x11, 0x66, 0x19, 0x0c, 0x73, 0xdc, 0x48, 0x42, 0xc4, 0x03, 0x06, 0x0a, 0xe4, 0x9d, 0x50, 0xd1, 0xb2, 0xab, 0x81, 0x74, 0xd9, 0xe8, 0x94, 0xc1, 0x6c, 0x24, 0x57, 0x45, 0x2e, 0x47, 0x00, 0x64, 0x96, 0x23, 0x7d, 0x3c, 0x2a, 0x25, 0x17, 0x92, 0x9a, 0x8b, 0x81 }, + .ds_message = { 0x6e, 0xec, 0x39, 0xd5, 0xc7, 0x09, 0x68, 0x9f, 0xcd, 0xb6, 0x3e, 0x1c, 0x74, 0xa7, 0x03, 0x91, 0xe7, 0xbd, 0x26, 0x8b, 0xeb, 0xbe, 0x3f, 0x81, 0xf9, 0xcc, 0xd6, 0x10, 0xea, 0x4c, 0xd6, 0xb1, 0xb9, 0xe5, 0x2f, 0x9d, 0x56, 0xc9, 0x44, 0x2e, 0xb1, 0x62, 0x2f, 0x61, 0xac, 0x15, 0x2c, 0x69, 0xe8, 0xb0, 0x97, 0x4b, 0x2c, 0xd5, 0x3e, 0xc1, 0xce, 0x19, 0x31, 0xb1, 0x73, 0xa3, 0xe8, 0xc8, 0x0a, 0x6f, 0x31, 0xa4, 0x02, 0x71, 0x06, 0xa0, 0xae, 0xed, 0xdc, 0xb5, 0x67, 0xfe, 0xe9, 0xcf, 0x6e, 0x3f, 0xa6, 0x2f, 0x29, 0x5f, 0xcf, 0x20, 0x36, 0x80, 0xdb, 0x62, 0xae, 0x84, 0xd7, 0x47, 0x09, 0x43, 0xd2, 0x95, 0x1d, 0x68, 0x07, 0xc1, 0x0e, 0xcc, 0x15, 0x8c, 0xe2, 0x00, 0x3e, 0x12, 0x0b, 0xf5, 0x7e, 0x7e, 0xec, 0x2d, 0x72, 0xf5, 0xd3, 0xb8, 0x0b, 0x37, 0x92, 0xd8, 0xea, 0x1e, 0x80, 0x00, 0x75, 0xb9, 0x8b, 0x8d, 0x7e, 0x2e, 0x91, 0xf5, 0xdb, 0x91, 0x26, 0x8a, 0x07, 0x1b, 0x0b, 0xf1, 0xf9, 0x47, 0x6c, 0x49, 0x00, 0x3d, 0x04, 0x2b, 0xfa, 0xfb, 0x29, 0xf5, 0xde, 0x32, 0xcd, 0x80, 0x3c, 0x88, 0xbd, 0x40, 0xbe, 0x76, 0x11, 0x24, 0x0d, 0x00, 0x65, 0x1c, 0xcf, 0x5c, 0x3b, 0xbc, 0x70, 0x40, 0x29, 0xf8, 0x4d, 0xdc, 0x06, 0x31, 0x16, 0xea, 0xa2, 0x6a, 0x36, 0xfc, 0xca, 0x63, 0xf6, 0x6f, 0x5d, 0x48, 0x8e, 0xdf, 0x78, 0x6f, 0x09, 0xe4, 0x41, 0xee, 0xe1, 0x11, 0x41, 0x6b, 0x00, 0x29, 0x8e, 0xfd, 0x27, 0x58, 0xfd, 0x7b, 0xf3, 0x53, 0x71, 0xd8, 0xc3, 0x7c, 0x26, 0xfc, 0x2b, 0xb4, 0xa6, 0xf3, 0x46, 0xc7, 0x92, 0xe1, 0xd2, 0x47, 0xc2, 0xaf, 0x4f, 0x10, 0xa8, 0x7c, 0x55, 0x26, 0x54, 0xbd, 0x69, 0x35, 0xf8, 0x55, 0x0a, 0x45, 0x11, 0x5c, 0x36, 0xc6, 0x20, 0x9d, 0x3e, 0x27, 0xd3, 0xf9, 0xb8, 0x62, 0x13, 0x26, 0x9e, 0x6d, 0xba, 0x9c, 0xe9, 0xec, 0xb7, 0x3d, 0x84, 0xf4, 0x0b, 0x8e, 0x59, 0xde, 0xc3, 0xd6, 0x1f, 0xe6, 0x05, 0x85, 0x96, 0x7d, 0xd5, 0x6d, 0x79, 0xd7, 0xb2, 0x17, 0x84, 0xd4, 0xaf, 0xfa, 0x03, 0x7f, 0xc7, 0x2e, 0x72, 0xa4, 0x06, 0xa1, 0xe3, 0x45, 0x30, 0x75, 0x4a, 0x10, 0xce, 0x1c, 0xa6, 0xc3, 0x18, 0x1e, 0x14, 0xcf, 0x31, 0xd5, 0xe1, 0x88, 0x57, 0x8a, 0xbc, 0x2d, 0x5d, 0x5d, 0x2c, 0x2a, 0x09, 0xaf, 0x51, 0x7c, 0x51, 0x06, 0xcc, 0xa9, 0x2e, 0x68, 0x00, 0x05, 0x1d, 0x40, 0x07, 0x05, 0x56, 0x7a, 0xba, 0xdf, 0x3b, 0x10, 0x38, 0x94, 0xb0, 0xf3, 0x87, 0xeb, 0x74, 0x7a, 0x17, 0xf6, 0x37, 0x00, 0xb4, 0x81, 0x3b, 0x21, 0x8b, 0xb6, 0x25, 0xd6, 0x90, 0x6f, 0x07, 0xbe, 0x54, 0x6e, 0x46, 0x55, 0xe8, 0x17 }, + .ds_encrypted_input_params = { 0x08, 0x02, 0x0e, 0x26, 0xd6, 0x3f, 0xe7, 0x55, 0x75, 0xd8, 0x04, 0x9a, 0x2c, 0xcb, 0x09, 0x7c, 0x36, 0xf3, 0xce, 0xcf, 0x74, 0xaf, 0x6c, 0x4e, 0x9b, 0x96, 0xf8, 0x49, 0xe5, 0xa9, 0x73, 0x00, 0x45, 0xe0, 0xeb, 0x8a, 0x14, 0x61, 0xb3, 0xc9, 0x99, 0x84, 0x27, 0x88, 0x31, 0x54, 0x78, 0x4e, 0x22, 0x73, 0x4f, 0x5e, 0x80, 0x0b, 0xca, 0x84, 0x03, 0x5e, 0x5f, 0x21, 0xa6, 0x60, 0xa2, 0x3d, 0x61, 0x4f, 0xfd, 0x8d, 0xea, 0x0a, 0xef, 0x1f, 0x32, 0xb0, 0x8f, 0xee, 0x4b, 0x5f, 0x37, 0x6d, 0x0b, 0x0a, 0x2f, 0xe2, 0x5c, 0xa4, 0x2a, 0xf6, 0xa4, 0x41, 0xce, 0xd7, 0x0b, 0x4f, 0x66, 0x22, 0x23, 0x5e, 0xfb, 0x05, 0xc6, 0x31, 0x90, 0x4d, 0xbc, 0x39, 0x49, 0xde, 0x70, 0x68, 0x48, 0xb4, 0xc5, 0x5b, 0xaf, 0x9b, 0x73, 0x06, 0x3d, 0x85, 0x4c, 0xcb, 0x61, 0x21, 0x3c, 0x85, 0x09, 0x87, 0xfb, 0x1a, 0x6d, 0xcc, 0x8f, 0x21, 0x71, 0xcf, 0x53, 0x03, 0x7b, 0x02, 0x0b, 0x41, 0xd3, 0x8c, 0x0e, 0xe2, 0xa2, 0x8f, 0x33, 0xc3, 0x41, 0xcf, 0xaf, 0xf2, 0xc6, 0x6a, 0x76, 0xc2, 0x72, 0xe2, 0x8c, 0x10, 0xff, 0x68, 0xbd, 0x07, 0x50, 0x65, 0x2f, 0xf7, 0x2d, 0xfc, 0x3a, 0x78, 0x70, 0xe9, 0x50, 0x29, 0x9a, 0xb4, 0x2d, 0x51, 0x14, 0xb3, 0x81, 0x86, 0x27, 0xd6, 0x1e, 0x34, 0xad, 0x4d, 0x92, 0xfa, 0x1e, 0x94, 0x3c, 0x42, 0xf6, 0x6d, 0x76, 0x87, 0x1e, 0x9a, 0xb6, 0x0b, 0x5f, 0x0b, 0xc5, 0x47, 0xcf, 0x38, 0xb8, 0xd1, 0xc0, 0x21, 0x92, 0xd3, 0x58, 0x9b, 0xb9, 0xd1, 0x32, 0x2c, 0xdf, 0x6c, 0x54, 0x18, 0xcc, 0xdc, 0x92, 0x9b, 0xfc, 0x18, 0xa0, 0x79, 0x84, 0x69, 0x8f, 0xa7, 0x99, 0x4a, 0x18, 0xd4, 0xa9, 0xb4, 0x3f, 0x60, 0x64, 0x94, 0x1b, 0xc5, 0xfd, 0xfe, 0xc8, 0x8d, 0x2e, 0xdc, 0xd2, 0x21, 0xc7, 0xf1, 0x9b, 0xd6, 0x4c, 0xb3, 0x69, 0x67, 0x2d, 0x68, 0x6d, 0x0c, 0xd6, 0x98, 0x40, 0xb8, 0xe5, 0x86, 0x5a, 0x7d, 0x9d, 0x99, 0x9f, 0xf9, 0xa4, 0x2c, 0xc5, 0x25, 0x52, 0x8c, 0xa2, 0xfb, 0x0c, 0x24, 0x4b, 0x4b, 0x24, 0x29, 0xf0, 0x6f, 0x21, 0x7d, 0xc7, 0x6f, 0x8c, 0x4a, 0x5b, 0x6e, 0x2d, 0xab, 0x6e, 0x60, 0x9d, 0x64, 0xd8, 0xb5, 0x63, 0xa8, 0x4e, 0x47, 0x47, 0x73, 0xa4, 0xea, 0x61, 0xe3, 0x0f, 0x94, 0xc8, 0x78, 0x71, 0xcd, 0x25, 0x93, 0x04, 0xf9, 0x72, 0x1b, 0x1b, 0x12, 0x80, 0xd0, 0x8a, 0xb8, 0x1b, 0x57, 0x55, 0x6d, 0x6e, 0xdc, 0x41, 0x84, 0x63, 0xf9, 0x77, 0x6e, 0x73, 0x2a, 0xa3, 0xb2, 0xfa, 0xb8, 0x45, 0x20, 0xcb, 0x9b, 0x1b, 0x21, 0xdb, 0x1a, 0x43, 0xf7, 0xc4, 0xce, 0xda, 0xc3, 0x24, 0x8e, 0x31, 0x76, 0x7a, 0x85, 0xef, 0x45, 0xca, 0xbf, 0xdc, 0xbc, 0x71, 0xaf, 0x1c, 0x40, 0x2c, 0xc3, 0x56, 0x5e, 0x9f, 0x18, 0x92, 0xee, 0x98, 0x3a, 0xe3, 0xd4, 0x71, 0xe5, 0x53, 0x5e, 0xe8, 0xf7, 0x8b, 0x25, 0xc3, 0x94, 0xfb, 0x98, 0xc6, 0x9d, 0x15, 0x3d, 0xd8, 0xcf, 0xd9, 0x85, 0xb8, 0xd5, 0x80, 0x9d, 0x15, 0xe7, 0xfa, 0x61, 0xaa, 0x26, 0x71, 0x58, 0x4b, 0xb3, 0x63, 0x27, 0x31, 0xa0, 0xa8, 0xbb, 0x19, 0x88, 0x05, 0xbe, 0x2a, 0xc1, 0x8f, 0x0e, 0x60, 0x63, 0x14, 0xd3, 0xa2, 0xa4, 0x68, 0xf6, 0xb4, 0x69, 0xdd, 0x5f, 0x77, 0xff, 0x96, 0x5f, 0x91, 0x04, 0xba, 0xe4, 0x4e, 0x72, 0x53, 0x52, 0xf3, 0x3b, 0x9c, 0xca, 0x51, 0xf8, 0x82, 0x60, 0xe5, 0x99, 0x85, 0xad, 0xf9, 0xa8, 0x8d, 0x25, 0xcb, 0x6d, 0xc2, 0x0c, 0x32, 0x2b, 0x89, 0xa9, 0xbe, 0xc0, 0x06, 0xdf, 0x96, 0x64, 0xdc, 0xa9, 0x46, 0xbb, 0x8c, 0xa5, 0x98, 0xfe, 0xf5, 0x9b, 0x26, 0xbf, 0x43, 0xb8, 0x0b, 0x43, 0x3f, 0x26, 0xdf, 0xf1, 0x36, 0x7f, 0xf5, 0x43, 0x47, 0x50, 0xd0, 0xab, 0x9b, 0xb8, 0x61, 0x67, 0xb3, 0xf5, 0xf3, 0xf7, 0x75, 0x2a, 0x3c, 0xfe, 0x8d, 0x8f, 0x3a, 0x55, 0x05, 0x4d, 0xbb, 0x02, 0x59, 0xce, 0xde, 0x2a, 0x4b, 0xd4, 0x81, 0xb4, 0x8d, 0xcf, 0xf4, 0xa9, 0x37, 0x5f, 0xf5, 0xfa, 0xdc, 0xc8, 0x03, 0x9f, 0x5e, 0xfe, 0x57, 0x82, 0xf2, 0x59, 0x6f, 0xaf, 0x92, 0x0b, 0x67, 0x72, 0xd4, 0x79, 0xb6, 0xa9, 0xde, 0xa4, 0x8d, 0x7b, 0xc5, 0xa8, 0x09, 0xa8, 0xe4, 0x70, 0x2c, 0xbe, 0x07, 0x33, 0x11, 0xd7, 0xff, 0xe4, 0x4f, 0x55, 0xb1, 0x21, 0xba, 0x2b, 0x1e, 0x7a, 0x1c, 0x6e, 0x5b, 0x16, 0xcd, 0x0d, 0xe7, 0x9b, 0x2e, 0xdd, 0xfa, 0xbb, 0xf8, 0x92, 0x6e, 0x23, 0x4d, 0xbf, 0xac, 0x9e, 0x3a, 0xcf, 0x16, 0xc8, 0x1a, 0x9c, 0xea, 0x90, 0x2c, 0x36, 0x92, 0x31, 0xb4, 0xd2, 0xdf, 0xde, 0x36, 0x8c, 0x28, 0xd3, 0xb4, 0x0e, 0x8f, 0x2e, 0x86, 0x92, 0x4e, 0x49, 0xfb, 0xb3, 0xf8, 0xd4, 0x46, 0x77, 0x78, 0x2f, 0xfa, 0xf5, 0x11, 0x00, 0xa8, 0xa2, 0xc5, 0xd3, 0x25, 0x53, 0x67, 0x00, 0xf2, 0xe3, 0x61, 0xe4, 0x2b, 0xb8, 0xf3, 0x89, 0x13, 0x54, 0x08, 0x4a, 0x43, 0xa6, 0xe4, 0xea, 0xdb, 0x02, 0xf0, 0xdd, 0xc7, 0x41, 0x02, 0x99, 0x8a, 0x9c, 0x76, 0xf5, 0xe8, 0xf2, 0x4c, 0x79, 0x33, 0xa0, 0x4f, 0xbd, 0x02, 0x3d, 0x75, 0x59, 0x96, 0xb4, 0xa1, 0xd6, 0x60, 0xb3, 0xad, 0x8b, 0xe7, 0x15, 0xc4, 0x74, 0x31, 0xdb, 0xe0, 0x38, 0xb3, 0xd4, 0x8c, 0x53, 0x3a, 0xdd, 0xe5, 0xf3, 0x49, 0xcf, 0xbf, 0x66, 0x93, 0x05, 0x10, 0xe5, 0x6d, 0x57, 0x96, 0x7e, 0xce, 0x99, 0xb3, 0x3d, 0x0a, 0xf8, 0x34, 0xa9, 0xdd, 0x6e, 0x1f, 0x60, 0x16, 0xa9, 0x35, 0x17, 0xb4, 0x0a, 0x10, 0x8b, 0x54, 0xe5, 0x20, 0x0d, 0x70, 0xf9, 0x8f, 0xac, 0x89, 0x04, 0x75, 0xb5, 0xbe, 0x58, 0xc5, 0x46, 0xf4, 0x37, 0x5f, 0xc8, 0x8c, 0x58, 0xfa, 0x93, 0x26, 0x13, 0xf9, 0xad, 0xc0, 0xfe, 0x13, 0x06, 0x11, 0x93, 0x9e, 0xef, 0xaf, 0xf5, 0x7f, 0x5b, 0xbd, 0x45, 0x32, 0xe1, 0x53, 0xbc, 0x94, 0x93, 0x31, 0x36, 0x66, 0x3a, 0x37, 0x8e, 0xcf, 0x91, 0xdd, 0xde, 0x65, 0x2b, 0x69, 0x66, 0x9b, 0x58, 0x97, 0x0e, 0x1d, 0x80, 0xb3, 0xc8, 0xca, 0xdb, 0x15, 0x90, 0x90, 0x23, 0xa1, 0x90, 0x7a, 0x30, 0xed, 0x31, 0x86, 0xca, 0x09, 0x09, 0x2a, 0x32, 0xf1, 0x49, 0xc4, 0xc8, 0x8e, 0x5a, 0x2f, 0x2d, 0xde, 0xf7, 0xba, 0xd8, 0x61, 0x3f, 0xfe, 0xce, 0x46, 0xd8, 0x54, 0x02, 0x1a, 0x95, 0xa4, 0xfd, 0xc6, 0x6d, 0xdb, 0x26, 0xe3, 0xc5, 0xca, 0x92, 0x23, 0x6e, 0xd4, 0x51, 0x10, 0xfc, 0xb9, 0x35, 0x01, 0xf1, 0x7f, 0x01, 0xdc, 0x66, 0x28, 0xef, 0x06, 0x09, 0x4d, 0xbe, 0xf0, 0x60, 0x70, 0x7a, 0x1c, 0xc6, 0xd1, 0xb0, 0xa0, 0xc9, 0xd4, 0xfc, 0x0a, 0x58, 0x4e, 0x6a, 0x6e, 0x63, 0xf8, 0x17, 0x10, 0x0e, 0x9b, 0x64, 0x76, 0x17, 0xe3, 0x22, 0x50, 0x93, 0xa1, 0xb3, 0xce, 0xb3, 0xf2, 0xb3, 0xc7, 0xe8, 0x09, 0xa8, 0xbb, 0x6d, 0x7d, 0xea, 0x68, 0x76, 0xd8, 0xa1, 0x61, 0xaa, 0xc1, 0x4f, 0x34, 0x02, 0x66, 0xf5, 0xb8, 0xe7, 0x46, 0x93, 0x58, 0xb6, 0x26, 0xda, 0x3a, 0x1c, 0xda, 0x63, 0x38, 0xce, 0xe0, 0x55, 0x26, 0x5a, 0x15, 0xda, 0xd6, 0x2a, 0xa1, 0xb6, 0xf7, 0x60, 0x1f, 0xa9, 0x41, 0x87, 0x18, 0xe2, 0xf1, 0x0c, 0x05, 0x2f, 0x1d, 0xc6, 0x07, 0xc9, 0x53, 0x9b, 0x97, 0x18, 0x6a, 0xbe, 0x0e, 0x40, 0xf3, 0x6a, 0xb4, 0xb0, 0x61, 0x5d, 0xde, 0x1e, 0xaf, 0xc0, 0x0d, 0xdd, 0xe2, 0x9c, 0xb5, 0xca, 0x3b, 0xaf, 0x1c, 0x31, 0xd3, 0x90, 0x69, 0x4d, 0x07, 0x99, 0x05, 0xf0, 0x5e, 0x26, 0x08, 0xa4, 0xb7, 0xdd, 0x81, 0x9d, 0x85, 0x55, 0xe8, 0x93, 0x6c, 0xba, 0x27, 0x0d, 0x26, 0x3a, 0x63, 0xd9, 0x2c, 0x4c, 0x9d, 0x03, 0xe2, 0x58, 0x3b, 0xc5, 0x48, 0x60, 0x31, 0x90, 0x81, 0x82, 0x07, 0x7b, 0xaf, 0x33, 0x5b, 0x85, 0xe6, 0xe0, 0x8d, 0x15, 0x5c, 0x69, 0x7a, 0xd8, 0x27, 0x4b, 0xb1, 0x69, 0xfd, 0x8e, 0x9a, 0x9b, 0x87, 0xbd, 0xac, 0xdc, 0xde, 0xf0, 0x39, 0x88, 0xa1, 0x74, 0x01, 0x40, 0x55, 0x33, 0x16, 0x6e, 0xbb, 0xbb, 0xb2, 0x27, 0x9a, 0x21, 0x86, 0xef, 0xeb, 0xc6, 0xab, 0x1f, 0x98, 0xa4, 0xbf, 0x9d, 0x2a, 0x32, 0x68, 0x44, 0x50, 0x9e, 0xb0, 0x32, 0x46, 0xd6, 0x75, 0x38, 0x78, 0xb4, 0xd8, 0x43, 0xaf, 0xe2, 0x27, 0xd5, 0x90, 0xd8, 0x47, 0xbe, 0xdb, 0xd3, 0x0f, 0x2e, 0xbc, 0x5d, 0xea, 0x29, 0x98, 0xb0, 0xee, 0x0d, 0x10, 0x7b, 0xbb, 0x20, 0x01, 0x22, 0xd0, 0xc4, 0x3b, 0xec, 0xdf, 0x62, 0x83, 0xaa, 0xb6, 0x9a, 0xce, 0xaf, 0x57, 0xec, 0x81, 0xa4, 0x7f, 0x8b }, .ds_key_size = 3072, - .ds_result = { 0x8d, 0x8b, 0x79, 0x31, 0xbb, 0xc8, 0x02, 0x33, 0xf3, 0x32, 0x96, 0x53, 0xd0, 0x19, 0xd8, 0x3d, 0x71, 0x9d, 0xc9, 0xf1, 0xad, 0x3a, 0x2b, 0x07, 0xb7, 0x08, 0x6f, 0xe4, 0x45, 0xfa, 0x44, 0x7d, 0x66, 0xa5, 0x01, 0x71, 0x28, 0x34, 0xaa, 0x53, 0x0c, 0x66, 0x53, 0x9b, 0x39, 0xeb, 0xb9, 0x6f, 0x24, 0xa6, 0x2e, 0xb7, 0xbd, 0x01, 0x88, 0xab, 0x02, 0x0f, 0x7f, 0x7b, 0xdf, 0xf9, 0xd7, 0x40, 0x51, 0xde, 0x94, 0x83, 0x47, 0x72, 0xab, 0x96, 0xb5, 0xb9, 0xca, 0xbf, 0xc5, 0xff, 0xe4, 0x15, 0x61, 0x65, 0xca, 0x29, 0xf6, 0x37, 0x6a, 0xb0, 0x2e, 0xb4, 0xb9, 0x99, 0x1c, 0x0c, 0xcd, 0x02, 0x3e, 0x26, 0x91, 0x04, 0xc0, 0x6f, 0x13, 0x42, 0xeb, 0x38, 0xc9, 0x63, 0xd3, 0x44, 0xc0, 0xa3, 0x49, 0x30, 0xed, 0xf2, 0x92, 0xbb, 0x66, 0x6d, 0x18, 0x25, 0x91, 0xc2, 0x82, 0x3c, 0x61, 0xf1, 0x95, 0x1a, 0x9d, 0x78, 0xef, 0x48, 0x55, 0xd5, 0xc5, 0xdc, 0x67, 0x7b, 0xba, 0x8a, 0x5e, 0x46, 0x32, 0x1d, 0x37, 0xbc, 0x1b, 0x1b, 0x47, 0xe9, 0x30, 0xa7, 0x89, 0x63, 0x80, 0x87, 0x6c, 0xe5, 0x37, 0xc3, 0x72, 0x35, 0x22, 0x7b, 0xb0, 0xec, 0x20, 0xf7, 0x2c, 0x00, 0xe7, 0x90, 0xec, 0x7f, 0xe1, 0x91, 0xe8, 0xca, 0xf1, 0x06, 0x86, 0xb1, 0xf0, 0x38, 0x5c, 0x2e, 0xfa, 0x0d, 0x95, 0xf1, 0xb1, 0x69, 0x28, 0xd4, 0x55, 0x20, 0xa6, 0xcd, 0xf3, 0x4b, 0x5d, 0xce, 0x7b, 0xd8, 0x43, 0x76, 0x5b, 0x6a, 0x66, 0x59, 0x84, 0x5a, 0xc4, 0xc4, 0xb5, 0x9d, 0x22, 0x07, 0x72, 0x7c, 0xe6, 0xf8, 0x0b, 0x4c, 0x69, 0x11, 0x91, 0x14, 0x84, 0x26, 0x31, 0x3e, 0x12, 0xf7, 0xb1, 0x67, 0x0c, 0x54, 0xe2, 0x17, 0x8a, 0xfa, 0x59, 0x17, 0xf8, 0x21, 0xc1, 0x50, 0x98, 0xd8, 0x0e, 0x36, 0x98, 0xbd, 0x76, 0x06, 0x8f, 0x85, 0x4b, 0x55, 0x16, 0xeb, 0xa4, 0xaa, 0xd5, 0xd9, 0xba, 0x31, 0x91, 0x5e, 0xc6, 0x76, 0xcb, 0xbb, 0x10, 0x5b, 0x82, 0x0c, 0x38, 0x82, 0x91, 0x05, 0x98, 0x15, 0xc4, 0x49, 0x3f, 0xab, 0xe3, 0x29, 0x36, 0x72, 0xc3, 0xfc, 0xb2, 0xde, 0x94, 0x4b, 0x2f, 0x49, 0xba, 0xb1, 0x2c, 0xfe, 0x4c, 0x02, 0x2c, 0x59, 0x1b, 0x31, 0xd9, 0xa6, 0x4a, 0x7c, 0xfb, 0x47, 0xf2, 0x17, 0x73, 0x2d, 0xaa, 0x88, 0x2c, 0x9e, 0xd1, 0xf6, 0xbb, 0xd9, 0x4b, 0x93, 0x15, 0x92, 0x1d, 0x0a, 0xfc, 0xf1, 0xff, 0xf2, 0x3d, 0x96, 0xb9, 0x58, 0x00, 0x4c, 0xfa, 0xee, 0x1c, 0xe1, 0xc7, 0x8d, 0xd4, 0xd0, 0xdc, 0xaa, 0x4d, 0x6c, 0x5b, 0x08, 0x19, 0x5c, 0xd9, 0xdb, 0x8e, 0x55, 0x35, 0xa3, 0x41, 0xe8, 0xda, 0xa4, 0xcc, 0x33, 0xb9, 0x17, 0x08, 0x4b, 0xc5, 0x6d, 0x7a, 0x6a, 0x86, 0x5c }, + .ds_result = { 0x23, 0x54, 0x4f, 0x7e, 0x5b, 0x54, 0x6f, 0xef, 0xc9, 0x9b, 0xb6, 0x35, 0x14, 0xe1, 0xeb, 0x58, 0xf8, 0x7d, 0x0a, 0x94, 0x24, 0x42, 0x87, 0xf0, 0x4a, 0x46, 0xb9, 0xe2, 0x85, 0xb3, 0x79, 0xed, 0x18, 0x66, 0xa5, 0x34, 0x56, 0x48, 0xd8, 0x42, 0x92, 0x06, 0xaf, 0x32, 0xd4, 0xc5, 0xf3, 0x4f, 0x12, 0x40, 0xec, 0x65, 0xe7, 0x8c, 0x9e, 0x5c, 0xd7, 0xb8, 0x69, 0x8d, 0x7a, 0x6c, 0xa0, 0x0d, 0x6f, 0x6b, 0xe8, 0xe1, 0xee, 0x39, 0xad, 0xc5, 0x40, 0x8e, 0x36, 0xd6, 0x45, 0xbe, 0x20, 0xd5, 0x7d, 0x01, 0xa6, 0x1d, 0x21, 0xe8, 0x3a, 0x79, 0x8c, 0x69, 0xc6, 0x93, 0x84, 0x7a, 0xd4, 0x55, 0xaf, 0x65, 0x0e, 0x6e, 0x37, 0xe7, 0x4b, 0x3a, 0xf3, 0x39, 0x11, 0xb5, 0xb4, 0xf8, 0x8d, 0x36, 0x91, 0xc8, 0xc8, 0x63, 0x86, 0xc5, 0x1f, 0x86, 0x65, 0x12, 0xf4, 0x73, 0x65, 0x35, 0x71, 0x53, 0x8f, 0xa4, 0x6c, 0x86, 0xb8, 0xbd, 0xb7, 0x05, 0x6f, 0x64, 0x3b, 0xc7, 0x63, 0x40, 0x5a, 0xb4, 0x09, 0xf5, 0xaa, 0x10, 0xf2, 0xab, 0x4c, 0x2f, 0xdb, 0x78, 0xb3, 0x2c, 0x00, 0x99, 0x99, 0xdc, 0xee, 0x4f, 0xdc, 0x95, 0xfe, 0x25, 0x10, 0x0e, 0x01, 0xcf, 0x98, 0x7e, 0x20, 0xe4, 0x75, 0xb9, 0x63, 0x88, 0x53, 0x3c, 0xd7, 0x65, 0xef, 0xb6, 0xe9, 0x92, 0x0e, 0x1e, 0x43, 0x0f, 0xa9, 0x74, 0x2f, 0xa1, 0xa0, 0xf5, 0xd5, 0x29, 0xaa, 0xc9, 0x08, 0xf2, 0x42, 0x19, 0x49, 0x47, 0x1e, 0x28, 0xc4, 0x31, 0xc0, 0x82, 0x5d, 0x9a, 0x43, 0x8a, 0x6e, 0x7d, 0xc5, 0x51, 0xa1, 0xee, 0xd3, 0xdc, 0x0b, 0x50, 0x69, 0x2f, 0xe8, 0x3b, 0xe9, 0xbf, 0x88, 0x04, 0x9f, 0x55, 0x18, 0xf8, 0xc2, 0x68, 0x7f, 0x98, 0xdc, 0x1b, 0x75, 0x27, 0x6a, 0x95, 0xbc, 0xc6, 0x13, 0xeb, 0xfa, 0xa6, 0x73, 0x9c, 0x92, 0xc1, 0xf6, 0xd7, 0x96, 0x87, 0x19, 0x0c, 0xc1, 0x97, 0x8a, 0x12, 0x05, 0x8f, 0x71, 0xce, 0xa0, 0x9b, 0x17, 0x08, 0x1a, 0x71, 0xfb, 0x7f, 0x49, 0x32, 0x69, 0x7f, 0x86, 0x94, 0x42, 0x8f, 0x47, 0x68, 0x1d, 0x61, 0x6f, 0x11, 0x82, 0x76, 0x25, 0xbe, 0x20, 0xd4, 0xa5, 0xcb, 0xa7, 0x63, 0xae, 0x3b, 0x55, 0x8a, 0xf8, 0xb1, 0x54, 0xe2, 0x97, 0xd0, 0x6b, 0xa5, 0x01, 0x75, 0xe3, 0xa6, 0x1b, 0xe0, 0xfb, 0xb4, 0xba, 0x67, 0xf4, 0xca, 0xcb, 0xd1, 0xb1, 0x4b, 0x2f, 0xdf, 0x51, 0x12, 0xe7, 0x1f, 0xcb, 0x5a, 0xd1, 0x75, 0x72, 0x25, 0x10, 0x5c, 0x72, 0x10, 0xb3, 0x01, 0x1b, 0xf8, 0xdc, 0xbe, 0xda, 0xcb, 0x6a, 0x88, 0xe3, 0xb2, 0xff, 0x47, 0xef, 0xb4, 0x4b, 0x3b, 0x9a, 0x01, 0x54, 0x20, 0x45, 0xda, 0xc3, 0xc0, 0x03, 0xed, 0x68, 0x51, 0xc9, 0x99, 0x3d, 0xff, 0x61, 0x91 }, #endif - .ds_encrypted_input_params_iv = { 0xff, 0xb6, 0x53, 0x89, 0xd3, 0xe6, 0x33, 0x9b, 0x37, 0xd9, 0x09, 0xc0, 0xd5, 0xe3, 0x98, 0xd6 }, + .ds_encrypted_input_params_iv = { 0x95, 0x65, 0x6e, 0x21, 0xdd, 0x34, 0xa4, 0x8d, 0x1f, 0x57, 0xb6, 0x82, 0x59, 0x78, 0x91, 0x71 }, }, }; diff --git a/components/hal/test_apps/crypto/main/key_manager/test_key_manager.c b/components/hal/test_apps/crypto/main/key_manager/test_key_manager.c index 121b49a6c8..c063daad68 100644 --- a/components/hal/test_apps/crypto/main/key_manager/test_key_manager.c +++ b/components/hal/test_apps/crypto/main/key_manager/test_key_manager.c @@ -84,80 +84,88 @@ static void test_xts_aes_key_ecdh0_mode(test_data_ecdh0_mode_t *test_data) ESP_LOG_BUFFER_HEXDUMP("Encrypted data", read_data, data_size, ESP_LOG_DEBUG); } -#if SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_128 -static void key_mgr_test_xts_aes_128_aes_mode(void) +#if SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_128 || SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_256 +static void key_mgr_test_xts_aes_key_aes_mode(esp_key_mgr_key_len_t key_len, test_data_aes_mode_t *test_data) { static esp_key_mgr_aes_key_config_t key_config; - memcpy(key_config.k2_info, (uint8_t*) test_data_xts_aes_128.k2_info, KEY_MGR_K2_INFO_SIZE); - memcpy(key_config.k1_encrypted, (uint8_t*) test_data_xts_aes_128.k1_encrypted, KEY_MGR_K1_ENCRYPTED_SIZE); - memcpy(key_config.sw_init_key, (uint8_t*) test_data_xts_aes_128.init_key, KEY_MGR_SW_INIT_KEY_SIZE); - key_config.use_pre_generated_sw_init_key = 1; - key_config.key_type = ESP_KEY_MGR_XTS_AES_128_KEY; - - static esp_key_mgr_key_recovery_info_t key_recovery_info; - TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deploy_key_in_aes_mode(&key_config, &key_recovery_info)); - TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_activate_key(&key_recovery_info)); - test_xts_aes_key_aes_mode(&test_data_xts_aes_128); - TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deactivate_key(key_recovery_info.key_type)); -} - -static void key_mgr_test_xts_aes_128_ecdh0_mode(void) -{ - static esp_key_mgr_ecdh0_key_config_t key_config; - memcpy(key_config.k1_G[0], (uint8_t*) test_data_ecdh0.k1_G[0], KEY_MGR_ECDH0_INFO_SIZE); - key_config.key_type = ESP_KEY_MGR_XTS_AES_128_KEY; - - static esp_key_mgr_key_recovery_info_t key_recovery_info; - static esp_key_mgr_ecdh0_info_t ecdh0_info; - TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deploy_key_in_ecdh0_mode(&key_config, &key_recovery_info, &ecdh0_info)); - - ESP_LOG_BUFFER_HEXDUMP("K2_G", ecdh0_info.k2_G[0], KEY_MGR_ECDH0_INFO_SIZE, ESP_LOG_DEBUG); - - TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_activate_key(&key_recovery_info)); - test_xts_aes_key_ecdh0_mode(&test_data_ecdh0); - TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deactivate_key(key_recovery_info.key_type)); -} -#endif /* SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_128 */ + memcpy(key_config.k2_info, (uint8_t*) test_data->k2_info, KEY_MGR_K2_INFO_SIZE); + memcpy(key_config.k1_encrypted[0], (uint8_t*) test_data->k1_encrypted[0], KEY_MGR_K1_ENCRYPTED_SIZE); #if SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_256 -static void key_mgr_test_xts_aes_256_aes_mode(void) -{ - static esp_key_mgr_aes_key_config_t key_config; - memcpy(key_config.k2_info, (uint8_t*) test_data_xts_aes_256.k2_info, KEY_MGR_K2_INFO_SIZE); - memcpy(key_config.k1_encrypted[0], (uint8_t*) test_data_xts_aes_256.k1_encrypted[0], KEY_MGR_K1_ENCRYPTED_SIZE); - memcpy(key_config.k1_encrypted[1], (uint8_t*) test_data_xts_aes_256.k1_encrypted[1], KEY_MGR_K1_ENCRYPTED_SIZE); - memcpy(key_config.sw_init_key, (uint8_t*) test_data_xts_aes_256.init_key, KEY_MGR_SW_INIT_KEY_SIZE); + if (key_len == ESP_KEY_MGR_XTS_AES_LEN_256) { + memcpy(key_config.k1_encrypted[1], (uint8_t*) test_data->k1_encrypted[1], KEY_MGR_K1_ENCRYPTED_SIZE); + } +#endif /* SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_256 */ + + memcpy(key_config.sw_init_key, (uint8_t*) test_data->init_key, KEY_MGR_SW_INIT_KEY_SIZE); key_config.use_pre_generated_sw_init_key = 1; - key_config.key_type = ESP_KEY_MGR_XTS_AES_256_KEY; + key_config.key_type = ESP_KEY_MGR_FLASH_XTS_AES_KEY; + key_config.key_len = key_len; static esp_key_mgr_key_recovery_info_t key_recovery_info; TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deploy_key_in_aes_mode(&key_config, &key_recovery_info)); TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_activate_key(&key_recovery_info)); - test_xts_aes_key_aes_mode(&test_data_xts_aes_256); + test_xts_aes_key_aes_mode(test_data); TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deactivate_key(key_recovery_info.key_type)); } -static void key_mgr_test_xts_aes_256_ecdh0_mode(void) +static void key_mgr_test_xts_aes_key_ecdh0_mode(esp_key_mgr_key_len_t key_len) { static esp_key_mgr_ecdh0_key_config_t key_config; memcpy(key_config.k1_G[0], (uint8_t*) test_data_ecdh0.k1_G[0], KEY_MGR_ECDH0_INFO_SIZE); - memcpy(key_config.k1_G[1], (uint8_t*) test_data_ecdh0.k1_G[1], KEY_MGR_ECDH0_INFO_SIZE); - key_config.key_type = ESP_KEY_MGR_XTS_AES_256_KEY; + +#if SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_256 + if (key_len == ESP_KEY_MGR_XTS_AES_LEN_256) { + memcpy(key_config.k1_G[1], (uint8_t*) test_data_ecdh0.k1_G[1], KEY_MGR_ECDH0_INFO_SIZE); + } +#endif /* SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_256 */ + + key_config.key_type = ESP_KEY_MGR_FLASH_XTS_AES_KEY; + key_config.key_len = key_len; static esp_key_mgr_key_recovery_info_t key_recovery_info; static esp_key_mgr_ecdh0_info_t ecdh0_info; TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deploy_key_in_ecdh0_mode(&key_config, &key_recovery_info, &ecdh0_info)); ESP_LOG_BUFFER_HEXDUMP("K2_G_0", ecdh0_info.k2_G[0], KEY_MGR_ECDH0_INFO_SIZE, ESP_LOG_DEBUG); - ESP_LOG_BUFFER_HEXDUMP("K2_G_1", ecdh0_info.k2_G[1], KEY_MGR_ECDH0_INFO_SIZE, ESP_LOG_DEBUG); +#if SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_256 + if (key_len == ESP_KEY_MGR_XTS_AES_LEN_256) { + ESP_LOG_BUFFER_HEXDUMP("K2_G_1", ecdh0_info.k2_G[1], KEY_MGR_ECDH0_INFO_SIZE, ESP_LOG_DEBUG); + } +#endif /* SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_256 */ TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_activate_key(&key_recovery_info)); test_xts_aes_key_ecdh0_mode(&test_data_ecdh0); TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deactivate_key(key_recovery_info.key_type)); } +#endif /* SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_128 || SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_256 */ + +#if SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_128 +static void key_mgr_test_xts_aes_128_aes_mode(void) +{ + key_mgr_test_xts_aes_key_aes_mode(ESP_KEY_MGR_XTS_AES_LEN_128, &test_data_xts_aes_128); +} + +static void key_mgr_test_xts_aes_128_ecdh0_mode(void) +{ + key_mgr_test_xts_aes_key_ecdh0_mode(ESP_KEY_MGR_XTS_AES_LEN_128); +} +#endif /* SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_128 */ + +#if SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_256 +static void key_mgr_test_xts_aes_256_aes_mode(void) +{ + key_mgr_test_xts_aes_key_aes_mode(ESP_KEY_MGR_XTS_AES_LEN_256, &test_data_xts_aes_256); +} + +static void key_mgr_test_xts_aes_256_ecdh0_mode(void) +{ + key_mgr_test_xts_aes_key_ecdh0_mode(ESP_KEY_MGR_XTS_AES_LEN_256); +} #endif /* SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_256 */ #if CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS +#if SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_128 || SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_256 static void test_xts_aes_key_random_mode(void) { const esp_partition_t *partition = get_test_storage_partition(); @@ -173,11 +181,11 @@ static void test_xts_aes_key_random_mode(void) } } -#if SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_128 -static void key_mgr_test_xts_aes_128_random_mode(void) +static void key_mgr_test_xts_aes_key_random_mode(esp_key_mgr_key_len_t key_len) { static esp_key_mgr_random_key_config_t key_config; - key_config.key_type = ESP_KEY_MGR_XTS_AES_128_KEY; + key_config.key_type = ESP_KEY_MGR_FLASH_XTS_AES_KEY; + key_config.key_len = key_len; static esp_key_mgr_key_recovery_info_t key_recovery_info; TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deploy_key_in_random_mode(&key_config, &key_recovery_info)); @@ -185,19 +193,19 @@ static void key_mgr_test_xts_aes_128_random_mode(void) test_xts_aes_key_random_mode(); TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deactivate_key(key_recovery_info.key_type)); } +#endif /* SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_128 || SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_256 */ + +#if SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_128 +static void key_mgr_test_xts_aes_128_random_mode(void) +{ + key_mgr_test_xts_aes_key_random_mode(ESP_KEY_MGR_XTS_AES_LEN_128); +} #endif /* SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_128 */ #if SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_256 static void key_mgr_test_xts_aes_256_random_mode(void) { - static esp_key_mgr_random_key_config_t key_config; - key_config.key_type = ESP_KEY_MGR_XTS_AES_256_KEY; - - static esp_key_mgr_key_recovery_info_t key_recovery_info; - TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deploy_key_in_random_mode(&key_config, &key_recovery_info)); - TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_activate_key(&key_recovery_info)); - test_xts_aes_key_random_mode(); - TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deactivate_key(key_recovery_info.key_type)); + key_mgr_test_xts_aes_key_random_mode(ESP_KEY_MGR_XTS_AES_LEN_256); } #endif /* SOC_KEY_MANAGER_FE_KEY_DEPLOY_XTS_AES_256 */ #endif /* CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS */ @@ -205,103 +213,182 @@ static void key_mgr_test_xts_aes_256_random_mode(void) #if SOC_KEY_MANAGER_ECDSA_KEY_DEPLOY #if SOC_ECDSA_SUPPORT_EXPORT_PUBKEY -extern void test_ecdsa_export_pubkey(bool is_p256, uint8_t *ecdsa_pub_x, uint8_t *ecdsa_pub_y, bool use_km_key); -extern void test_ecdsa_export_pubkey_inner(bool is_p256, uint8_t *exported_pub_x, uint8_t *exported_pub_y, bool use_km_key, uint16_t *len); +extern void test_ecdsa_export_pubkey(ecdsa_curve_t curve, uint8_t *ecdsa_pub_x, uint8_t *ecdsa_pub_y, bool use_km_key); +extern void test_ecdsa_export_pubkey_inner(ecdsa_curve_t curve, uint8_t *exported_pub_x, uint8_t *exported_pub_y, bool use_km_key, uint16_t *len); #endif -extern void test_ecdsa_sign(bool is_p256, uint8_t* sha, uint8_t* r_le, uint8_t* s_le, bool use_km_key, ecdsa_sign_type_t k_type); -extern int test_ecdsa_verify(bool is_p256, uint8_t* sha, uint8_t* r_le, uint8_t* s_le, uint8_t *pub_x, uint8_t *pub_y); -extern void test_ecdsa_sign_and_verify(bool is_p256, uint8_t* sha, uint8_t* pub_x, uint8_t* pub_y, bool use_km_key, ecdsa_sign_type_t k_type); +extern void test_ecdsa_sign(ecdsa_curve_t curve, uint8_t* sha, uint8_t* r_le, uint8_t* s_le, bool use_km_key, ecdsa_sign_type_t k_type); +extern int test_ecdsa_verify(ecdsa_curve_t curve, uint8_t* sha, uint8_t* r_le, uint8_t* s_le, uint8_t *pub_x, uint8_t *pub_y); +extern void test_ecdsa_sign_and_verify(ecdsa_curve_t curve, uint8_t* sha, uint8_t* pub_x, uint8_t* pub_y, bool use_km_key, ecdsa_sign_type_t k_type); /* const uint8_t message[32] = { 0xDF, 0xDE, 0xD7, 0x4A, 0x47, 0xB1, 0x4F, 0x73, 0x00, 0x21, 0x62, 0xC7, 0x66, 0x6D, 0xA3, 0x95, 0x66, 0x19, 0x62, 0x7F, 0x71, 0x7B, 0x3C, 0x66, 0x82, 0xD3, 0x9F, 0x71, 0xAC, 0x9C, 0xC3, 0x39 }; */ +/* sha384 digest of the above message */ +uint8_t sha_digest[48] = { 0xF0, 0x94, 0xC4, 0x4A, 0xF0, 0xEE, 0x68, 0xDB, 0x5B, 0x6A, 0x12, 0x84, 0xAC, 0xAF, 0x49, 0x0C, 0x24, 0xED, 0x70, 0x41, 0xE6, 0xE3, 0xBD, 0x74, 0x2B, 0x8D, 0xCF, 0x46, 0x19, 0xE1, 0xC2, 0x61, 0xCA, 0x79, 0xF3, 0x86, 0xF9, 0x04, 0xC0, 0x63, 0xC6, 0xF0, 0xEE, 0x36, 0x7C, 0x5C, 0x82, 0x89 }; -/* sha256 digest of the above message */ -uint8_t sha256_digest[32] = { 0x47, 0xA6, 0xEF, 0xBE, 0x39, 0x5E, 0xE4, 0xAE, 0x2B, 0xEC, 0x83, 0xB1, 0xED, 0xAF, 0xC6, 0x78, 0x57, 0x7A, 0x16, 0x8C, 0x22, 0x16, 0x13, 0xE2, 0xAC, 0xA8, 0x50, 0xD5, 0x67, 0x95, 0x9F, 0x71 }; - -void test_ecdsa_key_aes_mode(test_data_aes_mode_t *ecdsa_test_data, ecdsa_sign_type_t k_type) +void test_ecdsa_key_aes_mode(ecdsa_curve_t curve, uint8_t *sha_digest, uint8_t *pub_x, uint8_t *pub_y, ecdsa_sign_type_t k_type) { - test_ecdsa_sign_and_verify(1, sha256_digest, ecdsa_test_data->ecdsa_test_data.pubx, ecdsa_test_data->ecdsa_test_data.puby, 1, k_type); + test_ecdsa_sign_and_verify(curve, sha_digest, pub_x, pub_y, 1, k_type); #ifdef SOC_ECDSA_SUPPORT_EXPORT_PUBKEY - test_ecdsa_export_pubkey(1, ecdsa_test_data->ecdsa_test_data.pubx, ecdsa_test_data->ecdsa_test_data.puby, 1); + test_ecdsa_export_pubkey(curve, pub_x, pub_y, 1); #endif } -void key_mgr_test_ecdsa_key(bool is_p256, ecdsa_sign_type_t k_type) +void key_mgr_test_ecdsa_key(esp_key_mgr_key_len_t key_len, ecdsa_sign_type_t k_type) { - uint8_t pub_x[32] = {}; - uint8_t pub_y[32] = {}; - uint8_t r_le[32] = {0}; - uint8_t s_le[32] = {0}; + uint8_t pub_x[48] = {}; + uint8_t pub_y[48] = {}; + uint8_t r_le[48] = {0}; + uint8_t s_le[48] = {0}; - test_ecdsa_sign(is_p256, sha256_digest, r_le, s_le, 1, k_type); + uint16_t sha_digest_len = 0; - ESP_LOG_BUFFER_HEXDUMP("ECDSA message sha256 digest", sha256_digest, sizeof(sha256_digest), ESP_LOG_DEBUG); + ecdsa_curve_t curve = ECDSA_CURVE_SECP192R1; + + switch (key_len) { + case ESP_KEY_MGR_ECDSA_LEN_192: + sha_digest_len = 24; + curve = ECDSA_CURVE_SECP192R1; + break; + case ESP_KEY_MGR_ECDSA_LEN_256: + sha_digest_len = 32; + curve = ECDSA_CURVE_SECP256R1; + break; +#if SOC_ECDSA_SUPPORT_CURVE_P384 + case ESP_KEY_MGR_ECDSA_LEN_384: + sha_digest_len = 48; + curve = ECDSA_CURVE_SECP384R1; + break; +#endif + default: + TEST_FAIL_MESSAGE("Unsupported key length"); + return; + } + + test_ecdsa_sign(curve, sha_digest, r_le, s_le, 1, k_type); + + ESP_LOG_BUFFER_HEXDUMP("ECDSA message digest", sha_digest, sha_digest_len, ESP_LOG_DEBUG); ESP_LOG_BUFFER_HEXDUMP("ECDSA signature r_le", r_le, sizeof(r_le), ESP_LOG_DEBUG); ESP_LOG_BUFFER_HEXDUMP("ECDSA signature s_le", s_le, sizeof(s_le), ESP_LOG_DEBUG); // Export the pubkey from ECDSA peripheral uint16_t pubkey_len = 0; - test_ecdsa_export_pubkey_inner(is_p256, pub_x, pub_y, 1, &pubkey_len); + test_ecdsa_export_pubkey_inner(curve, pub_x, pub_y, 1, &pubkey_len); ESP_LOG_BUFFER_HEXDUMP("ECDSA key pubx", pub_x, pubkey_len, ESP_LOG_DEBUG); ESP_LOG_BUFFER_HEXDUMP("ECDSA key puby", pub_y, pubkey_len, ESP_LOG_DEBUG); - TEST_ASSERT_EQUAL(0, test_ecdsa_verify(is_p256, sha256_digest, r_le, s_le, pub_x, pub_y)); + TEST_ASSERT_EQUAL(0, test_ecdsa_verify(curve, sha_digest, r_le, s_le, pub_x, pub_y)); } -static void key_mgr_test_ecdsa_p256_aes_mode(void) +/* Generic ECDSA AES mode test function */ +static void key_mgr_test_ecdsa_key_aes_mode(esp_key_mgr_key_len_t key_len, test_data_aes_mode_t *test_data) { static esp_key_mgr_aes_key_config_t key_config; - memcpy(key_config.k2_info, (uint8_t*) test_data_ecdsa.k2_info, KEY_MGR_K2_INFO_SIZE); - memcpy(key_config.k1_encrypted, (uint8_t*) test_data_ecdsa.k1_encrypted, KEY_MGR_K1_ENCRYPTED_SIZE); - memcpy(key_config.sw_init_key, (uint8_t*) test_data_ecdsa.init_key, KEY_MGR_SW_INIT_KEY_SIZE); + ecdsa_curve_t curve = ECDSA_CURVE_SECP192R1; + uint8_t *pub_x = NULL; + uint8_t *pub_y = NULL; + + memcpy(key_config.k2_info, (uint8_t*) test_data->k2_info, KEY_MGR_K2_INFO_SIZE); + + if (key_len == ESP_KEY_MGR_ECDSA_LEN_192) { + memcpy(key_config.k1_encrypted[0], (uint8_t*) test_data->k1_encrypted[0], KEY_MGR_K1_ENCRYPTED_SIZE); + pub_x = test_data->ecdsa_test_data.ecdsa_p192_pubx; + pub_y = test_data->ecdsa_test_data.ecdsa_p192_puby; + curve = ECDSA_CURVE_SECP192R1; + } + else if (key_len == ESP_KEY_MGR_ECDSA_LEN_256) { + memcpy(key_config.k1_encrypted[0], (uint8_t*) test_data->k1_encrypted[1], KEY_MGR_K1_ENCRYPTED_SIZE); + pub_x = test_data->ecdsa_test_data.ecdsa_p256_pubx; + pub_y = test_data->ecdsa_test_data.ecdsa_p256_puby; + curve = ECDSA_CURVE_SECP256R1; + } +#if SOC_ECDSA_SUPPORT_CURVE_P384 + else if (key_len == ESP_KEY_MGR_ECDSA_LEN_384) { + memcpy(key_config.k1_encrypted[0], (uint8_t*) test_data->k1_encrypted[2], KEY_MGR_K1_ENCRYPTED_SIZE); + memcpy(key_config.k1_encrypted[1], (uint8_t*) test_data->k1_encrypted[3], KEY_MGR_K1_ENCRYPTED_SIZE); + pub_x = test_data->ecdsa_test_data.ecdsa_p384_pubx; + pub_y = test_data->ecdsa_test_data.ecdsa_p384_puby; + curve = ECDSA_CURVE_SECP384R1; + } +#endif + memcpy(key_config.sw_init_key, (uint8_t*) test_data->init_key, KEY_MGR_SW_INIT_KEY_SIZE); key_config.use_pre_generated_sw_init_key = 1; - key_config.key_type = ESP_KEY_MGR_ECDSA_256_KEY; + key_config.key_type = ESP_KEY_MGR_ECDSA_KEY; + key_config.key_len = key_len; static esp_key_mgr_key_recovery_info_t key_recovery_info; TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deploy_key_in_aes_mode(&key_config, &key_recovery_info)); TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_activate_key(&key_recovery_info)); -#ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE - test_ecdsa_key_aes_mode(&test_data_ecdsa, ECDSA_K_TYPE_DETERMINISITIC); + +#if SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE + test_ecdsa_key_aes_mode(curve, sha_digest, pub_x, pub_y, ECDSA_K_TYPE_DETERMINISITIC); #endif - test_ecdsa_key_aes_mode(&test_data_ecdsa, ECDSA_K_TYPE_TRNG); + test_ecdsa_key_aes_mode(curve, sha_digest, pub_x, pub_y, ECDSA_K_TYPE_TRNG); TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deactivate_key(key_recovery_info.key_type)); } -static void key_mgr_test_ecdsa_ecdh0_mode(void) +/* Generic ECDSA ECDH0 mode test function */ +static void key_mgr_test_ecdsa_key_ecdh0_mode(esp_key_mgr_key_len_t key_len) { static esp_key_mgr_ecdh0_key_config_t key_config; memcpy(key_config.k1_G[0], (uint8_t*) test_data_ecdh0.k1_G[0], KEY_MGR_ECDH0_INFO_SIZE); - key_config.key_type = ESP_KEY_MGR_ECDSA_256_KEY; +#if SOC_ECDSA_SUPPORT_CURVE_P384 + // For 384-bit keys, copy the second k1_G block + if (key_len == ESP_KEY_MGR_ECDSA_LEN_384) { + memcpy(key_config.k1_G[1], (uint8_t*) test_data_ecdh0.k1_G[1], KEY_MGR_ECDH0_INFO_SIZE); + } +#endif + key_config.key_type = ESP_KEY_MGR_ECDSA_KEY; + key_config.key_len = key_len; static esp_key_mgr_key_recovery_info_t key_recovery_info; static esp_key_mgr_ecdh0_info_t ecdh0_info; TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deploy_key_in_ecdh0_mode(&key_config, &key_recovery_info, &ecdh0_info)); - ESP_LOG_BUFFER_HEXDUMP("K2_G", ecdh0_info.k2_G[0], KEY_MGR_ECDH0_INFO_SIZE, ESP_LOG_DEBUG); - TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_activate_key(&key_recovery_info)); -#ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE - key_mgr_test_ecdsa_key(1, ECDSA_K_TYPE_DETERMINISITIC); + ESP_LOG_BUFFER_HEXDUMP("K2_G_0", ecdh0_info.k2_G[0], KEY_MGR_ECDH0_INFO_SIZE, ESP_LOG_DEBUG); +#if SOC_ECDSA_SUPPORT_CURVE_P384 + if (key_len == ESP_KEY_MGR_ECDSA_LEN_384) { + ESP_LOG_BUFFER_HEXDUMP("K2_G_1", ecdh0_info.k2_G[1], KEY_MGR_ECDH0_INFO_SIZE, ESP_LOG_DEBUG); + } #endif - key_mgr_test_ecdsa_key(1, ECDSA_K_TYPE_TRNG); + TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_activate_key(&key_recovery_info)); + +#if SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE + key_mgr_test_ecdsa_key(key_len, ECDSA_K_TYPE_DETERMINISITIC); +#endif + key_mgr_test_ecdsa_key(key_len, ECDSA_K_TYPE_TRNG); + TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deactivate_key(key_recovery_info.key_type)); } -static void key_mgr_test_ecdsa_random_mode(void) +/* Generic ECDSA random mode test function */ +static void key_mgr_test_ecdsa_key_random_mode(esp_key_mgr_key_len_t key_len) { static esp_key_mgr_random_key_config_t key_config; - key_config.key_type = ESP_KEY_MGR_ECDSA_256_KEY; + key_config.key_type = ESP_KEY_MGR_ECDSA_KEY; + key_config.key_len = key_len; static esp_key_mgr_key_recovery_info_t key_recovery_info; TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deploy_key_in_random_mode(&key_config, &key_recovery_info)); TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_activate_key(&key_recovery_info)); + + if (key_len == ESP_KEY_MGR_ECDSA_LEN_256) { #ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE - key_mgr_test_ecdsa_key(1, ECDSA_K_TYPE_DETERMINISITIC); + key_mgr_test_ecdsa_key(ECDSA_CURVE_SECP256R1, ECDSA_K_TYPE_DETERMINISITIC); +#endif + key_mgr_test_ecdsa_key(ECDSA_CURVE_SECP256R1, ECDSA_K_TYPE_TRNG); + } +#if SOC_ECDSA_SUPPORT_CURVE_P384 + else if (key_len == ESP_KEY_MGR_ECDSA_LEN_384) { +#ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE + key_mgr_test_ecdsa_key(ECDSA_CURVE_SECP384R1, ECDSA_K_TYPE_DETERMINISITIC); +#endif + key_mgr_test_ecdsa_key(ECDSA_CURVE_SECP384R1, ECDSA_K_TYPE_TRNG); + } #endif - key_mgr_test_ecdsa_key(1, ECDSA_K_TYPE_TRNG); TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deactivate_key(key_recovery_info.key_type)); } #endif /* SOC_KEY_MANAGER_ECDSA_KEY_DEPLOY */ @@ -330,7 +417,6 @@ static void key_mgr_test_hmac_key_aes_random_mode(const uint8_t *message, size_t // We cannot verify the result here as the HMAC key deployed is unknown. } - static void key_mgr_test_hmac_aes_mode(void) { static esp_key_mgr_aes_key_config_t key_config; @@ -476,20 +562,52 @@ TEST(key_manager, xts_key_256_random_deployment) #endif /* SOC_KEY_MANAGER_FE_KEY_DEPLOY */ #if SOC_KEY_MANAGER_ECDSA_KEY_DEPLOY +TEST(key_manager, ecdsa_p192_key_aes_deployment) +{ + key_mgr_test_ecdsa_key_aes_mode(ESP_KEY_MGR_ECDSA_LEN_192, &test_data_ecdsa); +} + +TEST(key_manager, ecdsa_p192_key_ecdh0_deployment) +{ + key_mgr_test_ecdsa_key_ecdh0_mode(ESP_KEY_MGR_ECDSA_LEN_192); +} + +TEST(key_manager, ecdsa_p192_key_random_deployment) +{ + key_mgr_test_ecdsa_key_random_mode(ESP_KEY_MGR_ECDSA_LEN_192); +} + TEST(key_manager, ecdsa_p256_key_aes_deployment) { - key_mgr_test_ecdsa_p256_aes_mode(); + key_mgr_test_ecdsa_key_aes_mode(ESP_KEY_MGR_ECDSA_LEN_256, &test_data_ecdsa); } TEST(key_manager, ecdsa_p256_key_ecdh0_deployment) { - key_mgr_test_ecdsa_ecdh0_mode(); + key_mgr_test_ecdsa_key_ecdh0_mode(ESP_KEY_MGR_ECDSA_LEN_256); } TEST(key_manager, ecdsa_p256_key_random_deployment) { - key_mgr_test_ecdsa_random_mode(); + key_mgr_test_ecdsa_key_random_mode(ESP_KEY_MGR_ECDSA_LEN_256); } + +#if SOC_ECDSA_SUPPORT_CURVE_P384 +TEST(key_manager, ecdsa_p384_key_aes_deployment) +{ + key_mgr_test_ecdsa_key_aes_mode(ESP_KEY_MGR_ECDSA_LEN_384, &test_data_ecdsa); +} + +TEST(key_manager, ecdsa_p384_key_ecdh0_deployment) +{ + key_mgr_test_ecdsa_key_ecdh0_mode(ESP_KEY_MGR_ECDSA_LEN_384); +} + +TEST(key_manager, ecdsa_p384_key_random_deployment) +{ + key_mgr_test_ecdsa_key_random_mode(ESP_KEY_MGR_ECDSA_LEN_384); +} +#endif /* SOC_ECDSA_SUPPORT_CURVE_P384 */ #endif /* SOC_KEY_MANAGER_ECDSA_KEY_DEPLOY */ #if SOC_KEY_MANAGER_HMAC_KEY_DEPLOY @@ -538,9 +656,19 @@ TEST_GROUP_RUNNER(key_manager) #endif /* SOC_KEY_MANAGER_FE_KEY_DEPLOY */ #if SOC_KEY_MANAGER_ECDSA_KEY_DEPLOY + RUN_TEST_CASE(key_manager, ecdsa_p192_key_aes_deployment); + RUN_TEST_CASE(key_manager, ecdsa_p192_key_ecdh0_deployment); + RUN_TEST_CASE(key_manager, ecdsa_p192_key_random_deployment); + RUN_TEST_CASE(key_manager, ecdsa_p256_key_aes_deployment); RUN_TEST_CASE(key_manager, ecdsa_p256_key_ecdh0_deployment); RUN_TEST_CASE(key_manager, ecdsa_p256_key_random_deployment); + +#if SOC_ECDSA_SUPPORT_CURVE_P384 + RUN_TEST_CASE(key_manager, ecdsa_p384_key_aes_deployment); + RUN_TEST_CASE(key_manager, ecdsa_p384_key_ecdh0_deployment); + RUN_TEST_CASE(key_manager, ecdsa_p384_key_random_deployment); +#endif /* SOC_ECDSA_SUPPORT_CURVE_P384 */ #endif /* SOC_KEY_MANAGER_ECDSA_KEY_DEPLOY */ #if SOC_KEY_MANAGER_HMAC_KEY_DEPLOY diff --git a/components/hal/test_apps/crypto/sdkconfig.defaults b/components/hal/test_apps/crypto/sdkconfig.defaults index 13eafa08c2..1e7d4540c0 100644 --- a/components/hal/test_apps/crypto/sdkconfig.defaults +++ b/components/hal/test_apps/crypto/sdkconfig.defaults @@ -1,3 +1,7 @@ +CONFIG_COMPILER_STACK_CHECK=y +CONFIG_COMPILER_STACK_CHECK_MODE_STRONG=y +CONFIG_FREERTOS_WATCHPOINT_END_OF_STACK=y + CONFIG_ESP_TASK_WDT_EN=y CONFIG_ESP_TASK_WDT_INIT=n CONFIG_UNITY_ENABLE_FIXTURE=y diff --git a/components/mbedtls/port/ecdsa/ecdsa_alt.c b/components/mbedtls/port/ecdsa/ecdsa_alt.c index 01d6d9be44..1385a7d8c1 100644 --- a/components/mbedtls/port/ecdsa/ecdsa_alt.c +++ b/components/mbedtls/port/ecdsa/ecdsa_alt.c @@ -595,7 +595,7 @@ int esp_ecdsa_tee_set_pk_context(mbedtls_pk_context *key_ctx, esp_ecdsa_pk_conf_ return ret; } - if (!conf->use_tee_sec_stg_key) { + if (!conf->tee_key_id) { ESP_LOGE(TAG, "Invalid esp_ecdsa_pk_conf_t configuration"); return ret; } diff --git a/components/mbedtls/port/include/ecdsa/ecdsa_alt.h b/components/mbedtls/port/include/ecdsa/ecdsa_alt.h index b2b8f3a65a..3fe1145b2d 100644 --- a/components/mbedtls/port/include/ecdsa/ecdsa_alt.h +++ b/components/mbedtls/port/include/ecdsa/ecdsa_alt.h @@ -30,19 +30,15 @@ typedef struct { mbedtls_ecp_group_id grp_id; /*!< MbedTLS ECP group identifier */ union { uint8_t efuse_block; /*!< EFuse block id for ECDSA private key */ +#if CONFIG_MBEDTLS_TEE_SEC_STG_ECDSA_SIGN const char *tee_key_id; /*!< TEE secure storage key id for ECDSA private key */ - }; /*!< Union to hold either EFuse block id or TEE secure storage key id for ECDSA private key */ +#endif + bool use_km_key; /*!< Use key deployed in the key manager for ECDSA operation. Note: The key must be already deployed by the application and it must be activated for the lifetime of this context */ + }; /*!< Union to hold either EFuse block id or TEE secure storage key id or use key deployed in the key manager for ECDSA operation for ECDSA private key */ #if SOC_ECDSA_SUPPORT_EXPORT_PUBKEY || CONFIG_MBEDTLS_TEE_SEC_STG_ECDSA_SIGN bool load_pubkey; /*!< Export ECDSA public key from the hardware */ - #endif - bool use_km_key; /*!< Use key deployed in the key manager for ECDSA operation. - Note: The key must be already deployed by the application and it must be activated for the lifetime of this context */ -#if CONFIG_MBEDTLS_TEE_SEC_STG_ECDSA_SIGN - bool use_tee_sec_stg_key; /*!< Use key deployed in the TEE secure storage for ECDSA operation. - Note: The key must be already deployed by the application and it must be activated for the lifetime of this context */ -#endif -} esp_ecdsa_pk_conf_t; //TODO: IDF-9008 (Add a config to select the ecdsa key from the key manager peripheral) +} esp_ecdsa_pk_conf_t; #if SOC_ECDSA_SUPPORT_EXPORT_PUBKEY || __DOXYGEN__ diff --git a/components/mbedtls/test_apps/main/test_mbedtls_ecdsa.c b/components/mbedtls/test_apps/main/test_mbedtls_ecdsa.c index bb8eab21a7..7007f3baad 100644 --- a/components/mbedtls/test_apps/main/test_mbedtls_ecdsa.c +++ b/components/mbedtls/test_apps/main/test_mbedtls_ecdsa.c @@ -359,12 +359,13 @@ TEST_CASE("mbedtls ECDSA signature generation on SECP384R1", "[mbedtls][efuse_ke #if SOC_KEY_MANAGER_SUPPORTED -static void deploy_key_in_key_manager(const uint8_t *k1_encrypted, esp_key_mgr_key_type_t key_type) { +static void deploy_key_in_key_manager(const uint8_t *k1_encrypted, esp_key_mgr_key_type_t key_type, esp_key_mgr_key_len_t key_len) { esp_key_mgr_aes_key_config_t *key_config = NULL; key_config = heap_caps_calloc(1, sizeof(esp_key_mgr_aes_key_config_t), MALLOC_CAP_INTERNAL); TEST_ASSERT_NOT_NULL(key_config); key_config->key_type = key_type; + key_config->key_len = key_len; key_config->use_pre_generated_sw_init_key = 1; memcpy(key_config->k2_info, (uint8_t*) k2_info, KEY_MGR_K2_INFO_SIZE); memcpy(key_config->k1_encrypted[0], (uint8_t*) k1_encrypted, KEY_MGR_K1_ENCRYPTED_SIZE); @@ -389,9 +390,9 @@ TEST_CASE("mbedtls ECDSA signature generation on SECP192R1", "[mbedtls][key_mana TEST_IGNORE_MESSAGE("Key manager is not supported"); } - deploy_key_in_key_manager(k1_ecdsa192_encrypt, ESP_KEY_MGR_ECDSA_192_KEY); + deploy_key_in_key_manager(k1_ecdsa192_encrypt, ESP_KEY_MGR_ECDSA_KEY, ESP_KEY_MGR_ECDSA_LEN_192); test_ecdsa_sign(MBEDTLS_ECP_DP_SECP192R1, sha, ecdsa192_pub_x, ecdsa192_pub_y, false, USE_ECDSA_KEY_FROM_KEY_MANAGER); - esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_192_KEY); + esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_KEY); } TEST_CASE("mbedtls ECDSA signature generation on SECP256R1", "[mbedtls][key_manager_key]") @@ -400,9 +401,9 @@ TEST_CASE("mbedtls ECDSA signature generation on SECP256R1", "[mbedtls][key_mana TEST_IGNORE_MESSAGE("Key manager is not supported"); } - deploy_key_in_key_manager(k1_ecdsa256_encrypt, ESP_KEY_MGR_ECDSA_256_KEY); + deploy_key_in_key_manager(k1_ecdsa256_encrypt, ESP_KEY_MGR_ECDSA_KEY, ESP_KEY_MGR_ECDSA_LEN_256); test_ecdsa_sign(MBEDTLS_ECP_DP_SECP256R1, sha, ecdsa256_pub_x, ecdsa256_pub_y, false, USE_ECDSA_KEY_FROM_KEY_MANAGER); - esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_256_KEY); + esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_KEY); } #endif /* SOC_KEY_MANAGER_SUPPORTED */ @@ -443,9 +444,9 @@ TEST_CASE("mbedtls ECDSA deterministic signature generation on SECP192R1", "[mbe if (!ecdsa_ll_is_deterministic_mode_supported()) { ESP_LOGI(TAG, "Skipping test because ECDSA deterministic mode is not supported."); } else { - deploy_key_in_key_manager(k1_ecdsa192_encrypt, ESP_KEY_MGR_ECDSA_192_KEY); + deploy_key_in_key_manager(k1_ecdsa192_encrypt, ESP_KEY_MGR_ECDSA_KEY, ESP_KEY_MGR_ECDSA_LEN_192); test_ecdsa_sign(MBEDTLS_ECP_DP_SECP192R1, sha, ecdsa192_pub_x, ecdsa192_pub_y, true, USE_ECDSA_KEY_FROM_KEY_MANAGER); - esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_192_KEY); + esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_KEY); } } @@ -454,9 +455,9 @@ TEST_CASE("mbedtls ECDSA deterministic signature generation on SECP256R1", "[mbe if (!ecdsa_ll_is_deterministic_mode_supported()) { ESP_LOGI(TAG, "Skipping test because ECDSA deterministic mode is not supported."); } else { - deploy_key_in_key_manager(k1_ecdsa256_encrypt, ESP_KEY_MGR_ECDSA_256_KEY); + deploy_key_in_key_manager(k1_ecdsa256_encrypt, ESP_KEY_MGR_ECDSA_KEY, ESP_KEY_MGR_ECDSA_LEN_256); test_ecdsa_sign(MBEDTLS_ECP_DP_SECP256R1, sha, ecdsa256_pub_x, ecdsa256_pub_y, true, USE_ECDSA_KEY_FROM_KEY_MANAGER); - esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_256_KEY); + esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_KEY); } } #endif /* SOC_KEY_MANAGER_SUPPORTED */ @@ -532,9 +533,9 @@ TEST_CASE("mbedtls ECDSA export public key on SECP192R1", "[mbedtls][key_manager TEST_IGNORE_MESSAGE("Key manager is not supported"); } - deploy_key_in_key_manager(k1_ecdsa192_encrypt, ESP_KEY_MGR_ECDSA_192_KEY); + deploy_key_in_key_manager(k1_ecdsa192_encrypt, ESP_KEY_MGR_ECDSA_KEY, ESP_KEY_MGR_ECDSA_LEN_192); test_ecdsa_export_pubkey(MBEDTLS_ECP_DP_SECP192R1, ecdsa192_pub_x, ecdsa192_pub_y, USE_ECDSA_KEY_FROM_KEY_MANAGER); - esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_192_KEY); + esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_KEY); } TEST_CASE("mbedtls ECDSA export public key on SECP256R1", "[mbedtls][key_manager_key]") @@ -543,9 +544,9 @@ TEST_CASE("mbedtls ECDSA export public key on SECP256R1", "[mbedtls][key_manager TEST_IGNORE_MESSAGE("Key manager is not supported"); } - deploy_key_in_key_manager(k1_ecdsa256_encrypt, ESP_KEY_MGR_ECDSA_256_KEY); + deploy_key_in_key_manager(k1_ecdsa256_encrypt, ESP_KEY_MGR_ECDSA_KEY, ESP_KEY_MGR_ECDSA_LEN_256); test_ecdsa_export_pubkey(MBEDTLS_ECP_DP_SECP256R1, ecdsa256_pub_x, ecdsa256_pub_y, USE_ECDSA_KEY_FROM_KEY_MANAGER); - esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_256_KEY); + esp_key_mgr_deactivate_key(ESP_KEY_MGR_ECDSA_KEY); } #endif #endif /* SOC_ECDSA_SUPPORT_EXPORT_PUBKEY */