Page 2 of 2
Re: Non-volatile storage with flash encryption enabled.
Posted: Tue Nov 13, 2018 1:22 am
by kyklas
I am curious about the NVS encryption key :
https://github.com/espressif/esp-idf/bl ... i.cpp#L585
The self generation seems to be based on the Flash Encryption key. However this makes a key made of twice the same 16-byte block.
Could a key similar to the flash encryption be generated with the RNG ?
Any reason to base the NVS key on the flash key ?
Can the Key be generated on a PC and then flashed to the flash ?
Regards,
Stan
Re: Non-volatile storage with flash encryption enabled.
Posted: Tue Nov 13, 2018 11:30 pm
by ESP_Angus
Hi Stan,
The AES-XTS keys are generated by taking two different generated ciphertexts (all 0xff and all 0xee) which are written to flash as-is. These are then decrypted by the flash encryption hardware, which does use the same AES key to decrypt both (due to reading the same 32 byte block). However due to the different starting ciphertexts each of the two AES-XTS keys will be different and not interchangeable, and can only be derived by someone possessing the flash encryption key.
There's no reason why they couldn't be generated using the RNG. However, the AES-XTS keys will always need to be stored in the flash and protected using flash encryption. This means anyone with the flash encryption key will be able to read the AES-XTS keys, no matter what these keys are. So generating from the RNG doesn't add any additional protection, and it has the downside that if the keys are accidentally erased from flash they will be lost forever - whereas with the current scheme they can be recreated, provided the flash encryption key is not lost.
Re: Non-volatile storage with flash encryption enabled.
Posted: Wed Nov 14, 2018 1:55 pm
by WiFive
I think he is saying that because the ciphertext is two identical 128-bit blocks then the key will also be. So key space has been reduced to 128-bit.
Re: Non-volatile storage with flash encryption enabled.
Posted: Wed Nov 14, 2018 10:44 pm
by ESP_Angus
WiFive wrote: ↑Wed Nov 14, 2018 1:55 pm
I think he is saying that because the ciphertext is two identical 128-bit blocks then the key will also be. So key space has been reduced to 128-bit.
The ciphertext is not two identical 128-bit blocks. The first block is all 0xff and the second block is all 0xee.
However, because the flash encryption algorithm only tweaks the key for each 256-bit pair of AES blocks then they will be decrypted with the same (256-bit) AES key (to produce two different plaintexts for use as keys, because of the two different ciphertexts).
The thing to note is that the strength of these keys will only be as strong as the (256-bit) efuse flash encryption key used to derive them. But if the ciphertext inputs were randomly generated (instead of all 0xff and all 0xee), this would still be true.
Re: Non-volatile storage with flash encryption enabled.
Posted: Thu Nov 15, 2018 7:55 am
by WiFive
ESP_Angus wrote: ↑Wed Nov 14, 2018 10:44 pm
The ciphertext is not two identical 128-bit blocks. The first block is all 0xff and the second block is all 0xee.
Each key has a different ciphertext but each key is 256bit which is 2 128bit blocks which are identical.
Re: Non-volatile storage with flash encryption enabled.
Posted: Fri Nov 16, 2018 3:31 am
by jas39_
Im trying to compile with code from the test suite as guided by WiFive and the latest from esp-idf but get the following errors:
Code: Select all
undefined reference to `nvs_flash_read_security_cfg'
undefined reference to `nvs_flash_generate_keys'
undefined reference to `nvs_flash_secure_init'
i do include the following files:
Code: Select all
#include "nvs.h"
#include "nvs_flash.h"
#include "esp_partition.h"
#include "esp_flash_encrypt.h"
Anything I'm missing or is it still not complete?
Rgds
/A
Re: Non-volatile storage with flash encryption enabled.
Posted: Fri Nov 16, 2018 4:20 am
by ESP_igrr
NVS encryption option only becomes available when Flash encryption feature is open.
First, read Flash Encryption docs to know how to configure and use it:
https://docs.espressif.com/projects/esp ... ption.html.
Then, go to menuconfig, Component config, NVS, and open "Enable NVS encryption" option.
Re: Non-volatile storage with flash encryption enabled.
Posted: Sun Nov 18, 2018 12:50 pm
by WiFive
WiFive wrote: ↑Thu Nov 15, 2018 7:55 am
ESP_Angus wrote: ↑Wed Nov 14, 2018 10:44 pm
The ciphertext is not two identical 128-bit blocks. The first block is all 0xff and the second block is all 0xee.
Each key has a different ciphertext but each key is 256bit which is 2 128bit blocks which are identical.
@ESP_Angus how about:
for(uint8_t cnt = 0; cnt < NVS_KEY_SIZE; cnt++) {
cfg->eky[cnt] = 0xff - cnt;
cfg->tky[cnt] = 0xee - cnt;
}