espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-08-02 12:14:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'bugfix/nvs_encryption_keys_v4.3' into 'release/v4.3'

Browse Source 
NVS: fix nvs_flash_generate_keys to generate random keys (Github PR) (v4.3)

See merge request espressif/esp-idf!12781
This commit is contained in:
Mahavir Jain
2021-03-23 04:41:01 +00:00
parent 4a20f68f5c a697377871
commit 5019a6571e
1 changed files with 16 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
components/nvs_flash/src/nvs_api.cpp
View File

@@ -571,16 +571,28 @@ extern "C" esp_err_t nvs_flash_generate_keys(const esp_partition_t* partition, n
} }
for(uint8_t cnt = 0; cnt < NVS_KEY_SIZE; cnt++) { for(uint8_t cnt = 0; cnt < NVS_KEY_SIZE; cnt++) {
/* Adjacent 16-byte blocks should be different */
if (((cnt / 16) & 1) == 0) {
cfg->eky[cnt] = 0xff; cfg->eky[cnt] = 0xff;
cfg->tky[cnt] = 0xee; cfg->tky[cnt] = 0xee;
} else {
cfg->eky[cnt] = 0x99;
cfg->tky[cnt] = 0x88;
}
} }
err = esp_partition_write(partition, 0, cfg->eky, NVS_KEY_SIZE); /**
* Write key configuration without encryption engine (using raw partition write APIs).
* But the read is decrypted through flash encryption engine. This allows unique NVS encryption configuration,
* as flash encryption key is randomly generated per device.
*/
err = esp_partition_write_raw(partition, 0, cfg->eky, NVS_KEY_SIZE);
if(err != ESP_OK) { if(err != ESP_OK) {
return err; return err;
} }
err = esp_partition_write(partition, NVS_KEY_SIZE, cfg->tky, NVS_KEY_SIZE); /* Write without encryption, see note above */
err = esp_partition_write_raw(partition, NVS_KEY_SIZE, cfg->tky, NVS_KEY_SIZE);
if(err != ESP_OK) { if(err != ESP_OK) {
return err; return err;
} }