fix(espefuse): Fix burn_key for ECDSA_KEY, it can read pem file

espressif · Mar 29, 2024 · 450db24 · 450db24
1 parent ef8ee8a
commit 450db24
Show file tree

Hide file tree

Showing 4 changed files with 47 additions and 14 deletions.
diff --git a/espefuse/efuse/esp32c5/operations.py b/espefuse/efuse/esp32c5/operations.py
@@ -236,14 +236,21 @@ def burn_key(esp, efuses, args, digest=None):
         block = efuses.blocks[block_num]
 
         if digest is None:
-            data = datafile.read()
+            if keypurpose == "ECDSA_KEY":
+                sk = espsecure.load_ecdsa_signing_key(datafile)
+                data = sk.to_string()
+                if len(data) == 24:
+                    # the private key is 24 bytes long for NIST192p, and 8 bytes of padding
+                    data = b"\x00" * 8 + data
+            else:
+                data = datafile.read()
         else:
             data = datafile
 
         print(" - %s" % (efuse.name), end=" ")
         revers_msg = None
         if efuses[block.key_purpose_name].need_reverse(keypurpose):
-            revers_msg = "\tReversing byte order for AES-XTS hardware peripheral"
+            revers_msg = f"\tReversing byte order for {keypurpose} hardware peripheral"
             data = data[::-1]
         print(
             "-> [{}]".format(

diff --git a/espefuse/efuse/esp32c5beta3/operations.py b/espefuse/efuse/esp32c5beta3/operations.py
@@ -236,14 +236,21 @@ def burn_key(esp, efuses, args, digest=None):
         block = efuses.blocks[block_num]
 
         if digest is None:
-            data = datafile.read()
+            if keypurpose == "ECDSA_KEY":
+                sk = espsecure.load_ecdsa_signing_key(datafile)
+                data = sk.to_string()
+                if len(data) == 24:
+                    # the private key is 24 bytes long for NIST192p, and 8 bytes of padding
+                    data = b"\x00" * 8 + data
+            else:
+                data = datafile.read()
         else:
             data = datafile
 
         print(" - %s" % (efuse.name), end=" ")
         revers_msg = None
         if efuses[block.key_purpose_name].need_reverse(keypurpose):
-            revers_msg = "\tReversing byte order for AES-XTS hardware peripheral"
+            revers_msg = f"\tReversing byte order for {keypurpose} hardware peripheral"
             data = data[::-1]
         print(
             "-> [{}]".format(

diff --git a/espefuse/efuse/esp32c61/operations.py b/espefuse/efuse/esp32c61/operations.py
@@ -304,7 +304,7 @@ def burn_key(esp, efuses, args, digest=None):
 
         if digest is None:
             if keypurpose == "ECDSA_KEY":
-                sk = espsecure._load_ecdsa_signing_key(datafile)
+                sk = espsecure.load_ecdsa_signing_key(datafile)
                 data = sk.to_string()
                 if len(data) == 24:
                     # the private key is 24 bytes long for NIST192p, and 8 bytes of padding

diff --git a/test/test_espefuse.py b/test/test_espefuse.py
@@ -902,6 +902,9 @@ def test_burn_key_one_key_block_with_fe_and_sb_keys(self):
             "esp32c6",
             "esp32h2",
             "esp32p4",
+            "esp32c5",
+            "esp32c5beta3",
+            "esp32c61",
         ],
         reason="Only chips with 6 keys",
     )
@@ -910,9 +913,13 @@ def test_burn_key_with_6_keys(self):
                BLOCK_KEY0 {IMAGES_DIR}/256bit   XTS_AES_256_KEY_1 \
                BLOCK_KEY1 {IMAGES_DIR}/256bit_1 XTS_AES_256_KEY_2 \
                BLOCK_KEY2 {IMAGES_DIR}/256bit_2 XTS_AES_128_KEY"
-        if arg_chip in ["esp32c3", "esp32c6"] or arg_chip in [
+        if arg_chip in [
+            "esp32c3",
+            "esp32c6",
             "esp32h2",
             "esp32h2beta1",
+            "esp32c5",
+            "esp32c5beta3",
         ]:
             cmd = cmd.replace("XTS_AES_256_KEY_1", "XTS_AES_128_KEY")
             cmd = cmd.replace("XTS_AES_256_KEY_2", "XTS_AES_128_KEY")
@@ -986,8 +993,8 @@ def test_burn_key_with_34_coding_scheme(self):
         self.check_data_block_in_log(output, f"{IMAGES_DIR}/192bit_2")
 
     @pytest.mark.skipif(
-        arg_chip not in ["esp32s2", "esp32s3", "esp32p4"],
-        reason="512 bit keys are only supported on ESP32-S2, S3, and P4",
+        arg_chip not in ["esp32s2", "esp32s3", "esp32p4", "esp32c61"],
+        reason="512 bit keys are only supported on ESP32-S2, S3, P4, C61",
     )
     def test_burn_key_512bit(self):
         self.espefuse_py(
@@ -1004,8 +1011,8 @@ def test_burn_key_512bit(self):
         )
 
     @pytest.mark.skipif(
-        arg_chip not in ["esp32s2", "esp32s3", "esp32p4"],
-        reason="512 bit keys are only supported on ESP32-S2, S3, and P4",
+        arg_chip not in ["esp32s2", "esp32s3", "esp32p4", "esp32c61"],
+        reason="512 bit keys are only supported on ESP32-S2, S3, P4, C61",
     )
     def test_burn_key_512bit_non_consecutive_blocks(self):
         # Burn efuses separately to test different kinds
@@ -1047,8 +1054,8 @@ def test_burn_key_512bit_non_consecutive_blocks(self):
         ) in output
 
     @pytest.mark.skipif(
-        arg_chip not in ["esp32s2", "esp32s3", "esp32p4"],
-        reason="512 bit keys are only supported on ESP32-S2, S3, and P4",
+        arg_chip not in ["esp32s2", "esp32s3", "esp32p4", "esp32c61"],
+        reason="512 bit keys are only supported on ESP32-S2, S3, P4, C61",
     )
     def test_burn_key_512bit_non_consecutive_blocks_loop_around(self):
         self.espefuse_py(
@@ -1080,7 +1087,7 @@ def test_burn_key_512bit_non_consecutive_blocks_loop_around(self):
         ) in output
 
     @pytest.mark.skipif(
-        arg_chip not in ["esp32h2", "esp32p4"],
+        arg_chip not in ["esp32h2", "esp32c5", "esp32c5beta3", "esp32c61", "esp32p4"],
         reason="These chips support ECDSA_KEY",
     )
     def test_burn_key_ecdsa_key(self):
@@ -1106,7 +1113,7 @@ def test_burn_key_ecdsa_key(self):
         ) in output
 
     @pytest.mark.skipif(
-        arg_chip not in ["esp32h2", "esp32p4"],
+        arg_chip not in ["esp32h2", "esp32c5", "esp32c5beta3", "esp32c61", "esp32p4"],
         reason="These chips support ECDSA_KEY",
     )
     def test_burn_key_ecdsa_key_check_byte_order(self):
@@ -1211,6 +1218,9 @@ def test_burn_block_data_with_1_key_block(self):
             "esp32c6",
             "esp32h2",
             "esp32p4",
+            "esp32c5",
+            "esp32c5beta3",
+            "esp32c61",
         ],
         reason="Only chip with 6 keys",
     )
@@ -1349,6 +1359,9 @@ def test_burn_block_data_with_offset_1_key_block(self):
             "esp32c6",
             "esp32h2",
             "esp32p4",
+            "esp32c5",
+            "esp32c5beta3",
+            "esp32c61",
         ],
         reason="Only chips with 6 keys",
     )
@@ -1545,6 +1558,9 @@ def test_burn_key_from_digest2(self):
         "esp32c6",
         "esp32h2",
         "esp32p4",
+        "esp32c5",
+        "esp32c5beta3",
+        "esp32c61",
     ],
     reason="Supports 6 key blocks",
 )
@@ -1657,6 +1673,9 @@ def test_burn_bit_for_chips_with_1_key_block(self):
             "esp32c6",
             "esp32h2",
             "esp32p4",
+            "esp32c5",
+            "esp32c5beta3",
+            "esp32c61",
         ],
         reason="Only chip with 6 keys",
     )