Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Encrypt 512 bit Overflow (IDFGH-14324) #15115

Closed
3 tasks done
hdpklm opened this issue Dec 31, 2024 · 2 comments
Closed
3 tasks done

Encrypt 512 bit Overflow (IDFGH-14324) #15115

hdpklm opened this issue Dec 31, 2024 · 2 comments
Assignees
@KonstantinKondrashov
Labels
Resolution: NA Issue resolution is unavailable Status: Done Issue is done internally Type: Bug bugs in IDF

Comments

@hdpklm
Copy link

hdpklm commented Dec 31, 2024

Answers checklist.

  • I have read the documentation ESP-IDF Programming Guide and the issue is not addressed there.
  • I have updated my IDF branch (master or release) to the latest version and checked that the issue is present there.
  • I have searched the issue tracker for a similar issue and not found a similar issue.

IDF version.

v5.3.1

Operating System used.

Windows

How did you build your project?

VS Code IDE

If you are using Windows, please specify command line type.

CMD

What is the expected behavior?

encrypt app

What is the actual behavior?

C:\Hassan\esp32-python\tools\compile-encrypt>espsecure.py encrypt_flash_data --keyfile secure_boot_encryption_key.bin --address 0x10000 --output encrypted/app.bin signed\app.bin

Steps to reproduce.

  1. espsecure generate_flash_encryption_key --keylen 512 my_flash_encryption_key.bin
  2. espefuse.py --port COM6 burn_key BLOCK_KEY0 secure_boot_encryption_key.bin XTS_AES_256_KEY
  3. espefuse.py --port COM6 burn_key_digest BLOCK_KEY2 secure_boot_signing_key.pem SECURE_BOOT_DIGEST0
  4. espsecure.py encrypt_flash_data --keyfile secure_boot_encryption_key.bin --address 0x10000 --output encrypted/app.bin signed\app.bin

Build or installation Logs.

espsecure.py v4.8.1
Using 512-bit key
Traceback (most recent call last):
  File "C:\Python39\lib\runpy.py", line 197, in _run_module_as_main
    return _run_code(code, main_globals, None,
  File "C:\Python39\lib\runpy.py", line 87, in _run_code
    exec(code, run_globals)
  File "C:\Hassan\Programs\Espressif\python_env\idf5.3_py3.9_env\lib\site-packages\espsecure\__main__.py", line 8, in <module>
    espsecure._main()
  File "C:\Hassan\Programs\Espressif\python_env\idf5.3_py3.9_env\lib\site-packages\espsecure\__init__.py", line 1901, in _main
    main()
  File "C:\Hassan\Programs\Espressif\python_env\idf5.3_py3.9_env\lib\site-packages\espsecure\__init__.py", line 1888, in main
    operation_func(args)
  File "C:\Hassan\Programs\Espressif\python_env\idf5.3_py3.9_env\lib\site-packages\espsecure\__init__.py", line 1424, in encrypt_flash_data
    return _flash_encryption_operation_esp32(
  File "C:\Hassan\Programs\Espressif\python_env\idf5.3_py3.9_env\lib\site-packages\espsecure\__init__.py", line 1270, in _flash_encryption_operation_esp32
    block_key = _flash_encryption_tweak_key(key, block_offs, tweak_range)
  File "C:\Hassan\Programs\Espressif\python_env\idf5.3_py3.9_env\lib\site-packages\espsecure\__init__.py", line 1225, in _flash_encryption_tweak_key
    return int.to_bytes(key, length=32, byteorder="big", signed=False)
OverflowError: int too big to convert

More Information.

I wish you a Happy New Year.

I can't encrypt the app with 512bit, but I got this error "OverflowError: int too large to convert", chatgpt told me that "espsecure.py" can only encrypt 256bit keys and I burned the key on the ESP32S3.
Any help please?
@hdpklm hdpklm added the Type: Bug bugs in IDF label Dec 31, 2024
@github-actions github-actions bot changed the title Encrypt 512 bit Overflow Encrypt 512 bit Overflow (IDFGH-14324) Dec 31, 2024
@espressif-bot espressif-bot added the Status: Opened Issue is new label Dec 31, 2024
@KonstantinKondrashov
Copy link
Collaborator

KonstantinKondrashov commented Dec 31, 2024
edited
Loading

Hi @hdpklm!
I think you have to use --aes_xts along with the encrypt_flash_data cmd for ESP32S3. Could you try it?

espsecure.py encrypt_flash_data --aes_xts --keyfile secure_boot_encryption_key.bin --address 0x10000 --output encrypted/app.bin signed\app.bin

See the example doc - https://github.com/espressif/esp-idf/tree/master/examples/security/security_features_app#encrypting-the-partitions

@hdpklm
Copy link
Author

hdpklm commented Dec 31, 2024

yes, its work, thank you 😎

@hdpklm hdpklm closed this as completed Dec 31, 2024
@espressif-bot espressif-bot added Status: Reviewing Issue is being reviewed Status: Done Issue is done internally Resolution: NA Issue resolution is unavailable and removed Status: Opened Issue is new Status: Reviewing Issue is being reviewed labels Dec 31, 2024
espressif-bot pushed a commit to espressif/esptool that referenced this issue Jan 3, 2025
@KonstantinKondrashov
feat(espsecure): Improves an error message for encrypt_flash_data and…
ef407ed 
… decrypt_flash_data

Closes espressif/esp-idf#15115
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@KonstantinKondrashov KonstantinKondrashov

Labels
Resolution: NA Issue resolution is unavailable Status: Done Issue is done internally Type: Bug bugs in IDF
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hdpklm @KonstantinKondrashov @espressif-bot