espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-11-30 06:09:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat(esp_key_mgr): Support Digital Signature key deployments using Key Manager

Browse Source
This commit is contained in:
harshal.patil
2025-06-10 16:57:20 +05:30
parent 265b0d7579
commit 33d8c05d95
9 changed files with 103 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
components/esp_security/src/esp_key_mgr.c
View File

@@ -35,6 +35,7 @@ static const char *TAG = "esp_key_mgr";
static _lock_t s_key_mgr_ecdsa_key_lock;
static _lock_t s_key_mgr_xts_aes_key_lock;
static _lock_t s_key_mgr_hmac_key_lock;
static _lock_t s_key_mgr_ds_key_lock;
ESP_STATIC_ASSERT(sizeof(esp_key_mgr_key_recovery_info_t) == sizeof(struct huk_key_block), "Size of esp_key_mgr_key_recovery_info_t should match huk_key_block (from ROM)");
@@ -57,6 +58,9 @@ static void esp_key_mgr_acquire_key_lock(esp_key_mgr_key_type_t key_type)
case ESP_KEY_MGR_HMAC_KEY:
_lock_acquire(&s_key_mgr_hmac_key_lock);
break;
case ESP_KEY_MGR_DS_KEY:
_lock_acquire(&s_key_mgr_ds_key_lock);
break;
default:
ESP_LOGE(TAG, "Invalid key type");
break;
@@ -79,6 +83,9 @@ static void esp_key_mgr_release_key_lock(esp_key_mgr_key_type_t key_type)
case ESP_KEY_MGR_HMAC_KEY:
_lock_release(&s_key_mgr_hmac_key_lock);
break;
case ESP_KEY_MGR_DS_KEY:
_lock_release(&s_key_mgr_ds_key_lock);
break;
default:
ESP_LOGE(TAG, "Invalid key type");
break;
@@ -351,6 +358,8 @@ esp_err_t esp_key_mgr_deploy_key_in_aes_mode(const esp_key_mgr_aes_key_config_t
aes_deploy_config.key_purpose = ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_1;
} else if (key_type == ESP_KEY_MGR_HMAC_KEY) {
aes_deploy_config.key_purpose = ESP_KEY_MGR_KEY_PURPOSE_HMAC;
} else if (key_type == ESP_KEY_MGR_DS_KEY) {
aes_deploy_config.key_purpose = ESP_KEY_MGR_KEY_PURPOSE_DS;
} else {
ESP_LOGE(TAG, "Invalid key type");
return ESP_ERR_INVALID_ARG;
@@ -472,6 +481,8 @@ esp_err_t esp_key_mgr_activate_key(esp_key_mgr_key_recovery_info_t *key_recovery
key_purpose = ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_1;
} else if (key_type == ESP_KEY_MGR_HMAC_KEY) {
key_purpose = ESP_KEY_MGR_KEY_PURPOSE_HMAC;
} else if (key_type == ESP_KEY_MGR_DS_KEY) {
key_purpose = ESP_KEY_MGR_KEY_PURPOSE_DS;
} else {
ESP_LOGE(TAG, "Invalid key type");
return ESP_ERR_INVALID_ARG;
@@ -643,6 +654,9 @@ esp_err_t esp_key_mgr_deploy_key_in_ecdh0_mode(const esp_key_mgr_ecdh0_key_confi
} else if (key_type == ESP_KEY_MGR_HMAC_KEY) {
ecdh0_deploy_config.key_purpose = ESP_KEY_MGR_KEY_PURPOSE_HMAC;
ecdh0_deploy_config.ecdh0_key_info = ecdh0_key_info->k2_G[0];
} else if (key_type == ESP_KEY_MGR_DS_KEY) {
ecdh0_deploy_config.key_purpose = ESP_KEY_MGR_KEY_PURPOSE_DS;
ecdh0_deploy_config.ecdh0_key_info = ecdh0_key_info->k2_G[0];
} else {
ESP_LOGE(TAG, "Invalid key type");
return ESP_ERR_INVALID_ARG;
@@ -777,6 +791,8 @@ esp_err_t esp_key_mgr_deploy_key_in_random_mode(const esp_key_mgr_random_key_con
random_deploy_config.key_purpose = ESP_KEY_MGR_KEY_PURPOSE_XTS_AES_256_1;
} else if (key_type == ESP_KEY_MGR_HMAC_KEY) {
random_deploy_config.key_purpose = ESP_KEY_MGR_KEY_PURPOSE_HMAC;
} else if (key_type == ESP_KEY_MGR_DS_KEY) {
random_deploy_config.key_purpose = ESP_KEY_MGR_KEY_PURPOSE_DS;
} else {
ESP_LOGE(TAG, "Invalid key type");
return ESP_ERR_INVALID_ARG;