I am curious about the NVS encryption key :
https://github.com/espressif/esp-idf/bl ... i.cpp#L585
The self generation seems to be based on the Flash Encryption key. However this makes a key made of twice the same 16-byte block.
Could a key similar to the flash encryption be generated with the RNG ?
Any reason to base the NVS key on the flash key ?
Can the Key be generated on a PC and then flashed to the flash ?
Regards,
Stan
Non-volatile storage with flash encryption enabled.
Re: Non-volatile storage with flash encryption enabled.
Hi Stan,
The AES-XTS keys are generated by taking two different generated ciphertexts (all 0xff and all 0xee) which are written to flash as-is. These are then decrypted by the flash encryption hardware, which does use the same AES key to decrypt both (due to reading the same 32 byte block). However due to the different starting ciphertexts each of the two AES-XTS keys will be different and not interchangeable, and can only be derived by someone possessing the flash encryption key.
There's no reason why they couldn't be generated using the RNG. However, the AES-XTS keys will always need to be stored in the flash and protected using flash encryption. This means anyone with the flash encryption key will be able to read the AES-XTS keys, no matter what these keys are. So generating from the RNG doesn't add any additional protection, and it has the downside that if the keys are accidentally erased from flash they will be lost forever - whereas with the current scheme they can be recreated, provided the flash encryption key is not lost.
The AES-XTS keys are generated by taking two different generated ciphertexts (all 0xff and all 0xee) which are written to flash as-is. These are then decrypted by the flash encryption hardware, which does use the same AES key to decrypt both (due to reading the same 32 byte block). However due to the different starting ciphertexts each of the two AES-XTS keys will be different and not interchangeable, and can only be derived by someone possessing the flash encryption key.
There's no reason why they couldn't be generated using the RNG. However, the AES-XTS keys will always need to be stored in the flash and protected using flash encryption. This means anyone with the flash encryption key will be able to read the AES-XTS keys, no matter what these keys are. So generating from the RNG doesn't add any additional protection, and it has the downside that if the keys are accidentally erased from flash they will be lost forever - whereas with the current scheme they can be recreated, provided the flash encryption key is not lost.
Re: Non-volatile storage with flash encryption enabled.
I think he is saying that because the ciphertext is two identical 128-bit blocks then the key will also be. So key space has been reduced to 128-bit.
Re: Non-volatile storage with flash encryption enabled.
The ciphertext is not two identical 128-bit blocks. The first block is all 0xff and the second block is all 0xee.
However, because the flash encryption algorithm only tweaks the key for each 256-bit pair of AES blocks then they will be decrypted with the same (256-bit) AES key (to produce two different plaintexts for use as keys, because of the two different ciphertexts).
The thing to note is that the strength of these keys will only be as strong as the (256-bit) efuse flash encryption key used to derive them. But if the ciphertext inputs were randomly generated (instead of all 0xff and all 0xee), this would still be true.
Re: Non-volatile storage with flash encryption enabled.
Im trying to compile with code from the test suite as guided by WiFive and the latest from esp-idf but get the following errors:
i do include the following files:
Anything I'm missing or is it still not complete?
Rgds
/A
Code: Select all
undefined reference to `nvs_flash_read_security_cfg'
undefined reference to `nvs_flash_generate_keys'
undefined reference to `nvs_flash_secure_init'
Code: Select all
#include "nvs.h"
#include "nvs_flash.h"
#include "esp_partition.h"
#include "esp_flash_encrypt.h"
Rgds
/A
Re: Non-volatile storage with flash encryption enabled.
NVS encryption option only becomes available when Flash encryption feature is open.
First, read Flash Encryption docs to know how to configure and use it: https://docs.espressif.com/projects/esp ... ption.html.
Then, go to menuconfig, Component config, NVS, and open "Enable NVS encryption" option.
First, read Flash Encryption docs to know how to configure and use it: https://docs.espressif.com/projects/esp ... ption.html.
Then, go to menuconfig, Component config, NVS, and open "Enable NVS encryption" option.
Re: Non-volatile storage with flash encryption enabled.
Who is online
Users browsing this forum: Bing [Bot], Majestic-12 [Bot] and 63 guests