2023-04-05 18:03:56 +05:30
|
|
|
/*
|
|
|
|
* SPDX-FileCopyrightText: 2015-2023 Espressif Systems (Shanghai) CO LTD
|
|
|
|
*
|
|
|
|
* SPDX-License-Identifier: Apache-2.0
|
|
|
|
*/
|
2016-08-17 23:08:22 +08:00
|
|
|
#ifndef nvs_flash_h
|
|
|
|
#define nvs_flash_h
|
|
|
|
|
|
|
|
#ifdef __cplusplus
|
|
|
|
extern "C" {
|
|
|
|
#endif
|
|
|
|
|
2017-07-13 23:46:19 +08:00
|
|
|
#include "nvs.h"
|
2018-07-02 16:40:43 +05:30
|
|
|
#include "esp_partition.h"
|
|
|
|
|
|
|
|
|
|
|
|
#define NVS_KEY_SIZE 32 // AES-256
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Key for encryption and decryption
|
|
|
|
*/
|
|
|
|
typedef struct {
|
|
|
|
uint8_t eky[NVS_KEY_SIZE]; /*!< XTS encryption and decryption key*/
|
|
|
|
uint8_t tky[NVS_KEY_SIZE]; /*!< XTS tweak key */
|
|
|
|
} nvs_sec_cfg_t;
|
2017-07-13 23:46:19 +08:00
|
|
|
|
2023-04-05 18:03:56 +05:30
|
|
|
/**
|
|
|
|
* @brief Callback function prototype for generating the NVS encryption keys
|
|
|
|
*/
|
|
|
|
typedef esp_err_t (*nvs_flash_generate_keys_t) (const void *scheme_data, nvs_sec_cfg_t* cfg);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Callback function prototype for reading the NVS encryption keys
|
|
|
|
*/
|
|
|
|
typedef esp_err_t (*nvs_flash_read_cfg_t) (const void *scheme_data, nvs_sec_cfg_t* cfg);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief NVS encryption: Security scheme configuration structure
|
|
|
|
*/
|
|
|
|
typedef struct
|
|
|
|
{
|
|
|
|
int scheme_id; /*!< Security Scheme ID (E.g. HMAC) */
|
|
|
|
void *scheme_data; /*!< Scheme-specific data (E.g. eFuse block for HMAC-based key generation) */
|
|
|
|
nvs_flash_generate_keys_t nvs_flash_key_gen; /*!< Callback for the nvs_flash_key_gen implementation */
|
|
|
|
nvs_flash_read_cfg_t nvs_flash_read_cfg; /*!< Callback for the nvs_flash_read_keys implementation */
|
|
|
|
} nvs_sec_scheme_t;
|
|
|
|
|
2016-11-15 18:23:29 +08:00
|
|
|
/**
|
2017-08-21 15:26:16 +05:30
|
|
|
* @brief Initialize the default NVS partition.
|
|
|
|
*
|
|
|
|
* This API initialises the default NVS partition. The default NVS partition
|
2017-09-18 22:30:21 +08:00
|
|
|
* is the one that is labeled "nvs" in the partition table.
|
2016-11-15 18:23:29 +08:00
|
|
|
*
|
2020-12-15 08:31:39 +05:30
|
|
|
* When "NVS_ENCRYPTION" is enabled in the menuconfig, this API enables
|
|
|
|
* the NVS encryption for the default NVS partition as follows
|
|
|
|
* 1. Read security configurations from the first NVS key
|
|
|
|
* partition listed in the partition table. (NVS key partition is
|
|
|
|
* any "data" type partition which has the subtype value set to "nvs_keys")
|
2024-03-28 09:14:05 +01:00
|
|
|
* 2. If the NVS key partition obtained in the previous step is empty,
|
|
|
|
* generate and store new keys in that NVS key partition.
|
2020-12-15 08:31:39 +05:30
|
|
|
* 3. Internally call "nvs_flash_secure_init()" with
|
|
|
|
* the security configurations obtained/generated in the previous steps.
|
|
|
|
*
|
|
|
|
* Post initialization NVS read/write APIs
|
|
|
|
* remain the same irrespective of NVS encryption.
|
|
|
|
*
|
2017-03-14 21:24:56 +08:00
|
|
|
* @return
|
|
|
|
* - ESP_OK if storage was successfully initialized.
|
|
|
|
* - ESP_ERR_NVS_NO_FREE_PAGES if the NVS storage contains no empty pages
|
|
|
|
* (which may happen if NVS partition was truncated)
|
2017-08-21 15:26:16 +05:30
|
|
|
* - ESP_ERR_NOT_FOUND if no partition with label "nvs" is found in the partition table
|
2020-12-15 08:06:46 +05:30
|
|
|
* - ESP_ERR_NO_MEM in case memory could not be allocated for the internal structures
|
2017-03-14 21:24:56 +08:00
|
|
|
* - one of the error codes from the underlying flash storage driver
|
2020-12-15 08:31:39 +05:30
|
|
|
* - error codes from nvs_flash_read_security_cfg API (when "NVS_ENCRYPTION" is enabled).
|
|
|
|
* - error codes from nvs_flash_generate_keys API (when "NVS_ENCRYPTION" is enabled).
|
|
|
|
* - error codes from nvs_flash_secure_init_partition API (when "NVS_ENCRYPTION" is enabled) .
|
2016-11-15 18:23:29 +08:00
|
|
|
*/
|
2016-09-27 12:45:06 +10:00
|
|
|
esp_err_t nvs_flash_init(void);
|
|
|
|
|
2017-08-21 15:26:16 +05:30
|
|
|
/**
|
|
|
|
* @brief Initialize NVS flash storage for the specified partition.
|
|
|
|
*
|
2019-12-06 16:16:07 +08:00
|
|
|
* @param[in] partition_label Label of the partition. Must be no longer than 16 characters.
|
2017-08-21 15:26:16 +05:30
|
|
|
*
|
|
|
|
* @return
|
|
|
|
* - ESP_OK if storage was successfully initialized.
|
|
|
|
* - ESP_ERR_NVS_NO_FREE_PAGES if the NVS storage contains no empty pages
|
|
|
|
* (which may happen if NVS partition was truncated)
|
|
|
|
* - ESP_ERR_NOT_FOUND if specified partition is not found in the partition table
|
2020-12-15 08:06:46 +05:30
|
|
|
* - ESP_ERR_NO_MEM in case memory could not be allocated for the internal structures
|
2017-08-21 15:26:16 +05:30
|
|
|
* - one of the error codes from the underlying flash storage driver
|
|
|
|
*/
|
2017-09-18 22:30:21 +08:00
|
|
|
esp_err_t nvs_flash_init_partition(const char *partition_label);
|
|
|
|
|
2020-04-23 12:19:06 +03:00
|
|
|
/**
|
|
|
|
* @brief Initialize NVS flash storage for the partition specified by partition pointer.
|
|
|
|
*
|
|
|
|
* @param[in] partition pointer to a partition obtained by the ESP partition API.
|
|
|
|
*
|
|
|
|
* @return
|
|
|
|
* - ESP_OK if storage was successfully initialized
|
|
|
|
* - ESP_ERR_NVS_NO_FREE_PAGES if the NVS storage contains no empty pages
|
|
|
|
* (which may happen if NVS partition was truncated)
|
|
|
|
* - ESP_ERR_INVALID_ARG in case partition is NULL
|
2020-12-15 08:06:46 +05:30
|
|
|
* - ESP_ERR_NO_MEM in case memory could not be allocated for the internal structures
|
2020-04-23 12:19:06 +03:00
|
|
|
* - one of the error codes from the underlying flash storage driver
|
|
|
|
*/
|
|
|
|
esp_err_t nvs_flash_init_partition_ptr(const esp_partition_t *partition);
|
|
|
|
|
2017-09-18 22:30:21 +08:00
|
|
|
/**
|
|
|
|
* @brief Deinitialize NVS storage for the default NVS partition
|
|
|
|
*
|
|
|
|
* Default NVS partition is the partition with "nvs" label in the partition table.
|
|
|
|
*
|
|
|
|
* @return
|
|
|
|
* - ESP_OK on success (storage was deinitialized)
|
|
|
|
* - ESP_ERR_NVS_NOT_INITIALIZED if the storage was not initialized prior to this call
|
|
|
|
*/
|
|
|
|
esp_err_t nvs_flash_deinit(void);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Deinitialize NVS storage for the given NVS partition
|
|
|
|
*
|
|
|
|
* @param[in] partition_label Label of the partition
|
|
|
|
*
|
|
|
|
* @return
|
|
|
|
* - ESP_OK on success
|
|
|
|
* - ESP_ERR_NVS_NOT_INITIALIZED if the storage for given partition was not
|
|
|
|
* initialized prior to this call
|
|
|
|
*/
|
|
|
|
esp_err_t nvs_flash_deinit_partition(const char* partition_label);
|
2016-08-17 23:08:22 +08:00
|
|
|
|
2017-07-13 23:46:19 +08:00
|
|
|
/**
|
2017-08-21 15:26:16 +05:30
|
|
|
* @brief Erase the default NVS partition
|
2017-07-13 23:46:19 +08:00
|
|
|
*
|
2020-03-05 19:02:26 +08:00
|
|
|
* Erases all contents of the default NVS partition (one with label "nvs").
|
|
|
|
*
|
|
|
|
* @note If the partition is initialized, this function first de-initializes it. Afterwards, the partition has to
|
|
|
|
* be initialized again to be used.
|
2017-07-13 23:46:19 +08:00
|
|
|
*
|
|
|
|
* @return
|
|
|
|
* - ESP_OK on success
|
2017-08-21 15:26:16 +05:30
|
|
|
* - ESP_ERR_NOT_FOUND if there is no NVS partition labeled "nvs" in the
|
|
|
|
* partition table
|
2020-03-05 19:02:26 +08:00
|
|
|
* - different error in case de-initialization fails (shouldn't happen)
|
2017-07-13 23:46:19 +08:00
|
|
|
*/
|
|
|
|
esp_err_t nvs_flash_erase(void);
|
|
|
|
|
2017-08-21 15:26:16 +05:30
|
|
|
/**
|
|
|
|
* @brief Erase specified NVS partition
|
|
|
|
*
|
2020-03-05 19:02:26 +08:00
|
|
|
* Erase all content of a specified NVS partition
|
|
|
|
*
|
|
|
|
* @note If the partition is initialized, this function first de-initializes it. Afterwards, the partition has to
|
|
|
|
* be initialized again to be used.
|
2017-08-21 15:26:16 +05:30
|
|
|
*
|
2020-03-05 19:02:26 +08:00
|
|
|
* @param[in] part_name Name (label) of the partition which should be erased
|
2017-08-21 15:26:16 +05:30
|
|
|
*
|
|
|
|
* @return
|
|
|
|
* - ESP_OK on success
|
|
|
|
* - ESP_ERR_NOT_FOUND if there is no NVS partition with the specified name
|
|
|
|
* in the partition table
|
2020-03-05 19:02:26 +08:00
|
|
|
* - different error in case de-initialization fails (shouldn't happen)
|
2017-08-21 15:26:16 +05:30
|
|
|
*/
|
|
|
|
esp_err_t nvs_flash_erase_partition(const char *part_name);
|
|
|
|
|
2020-04-23 12:19:06 +03:00
|
|
|
/**
|
|
|
|
* @brief Erase custom partition.
|
|
|
|
*
|
|
|
|
* Erase all content of specified custom partition.
|
|
|
|
*
|
|
|
|
* @note
|
|
|
|
* If the partition is initialized, this function first de-initializes it.
|
|
|
|
* Afterwards, the partition has to be initialized again to be used.
|
|
|
|
*
|
|
|
|
* @param[in] partition pointer to a partition obtained by the ESP partition API.
|
|
|
|
*
|
|
|
|
* @return
|
|
|
|
* - ESP_OK on success
|
|
|
|
* - ESP_ERR_NOT_FOUND if there is no partition with the specified
|
|
|
|
* parameters in the partition table
|
|
|
|
* - ESP_ERR_INVALID_ARG in case partition is NULL
|
|
|
|
* - one of the error codes from the underlying flash storage driver
|
|
|
|
*/
|
|
|
|
esp_err_t nvs_flash_erase_partition_ptr(const esp_partition_t *partition);
|
|
|
|
|
2018-07-02 16:40:43 +05:30
|
|
|
/**
|
|
|
|
* @brief Initialize the default NVS partition.
|
|
|
|
*
|
|
|
|
* This API initialises the default NVS partition. The default NVS partition
|
|
|
|
* is the one that is labeled "nvs" in the partition table.
|
|
|
|
*
|
2019-12-06 16:16:07 +08:00
|
|
|
* @param[in] cfg Security configuration (keys) to be used for NVS encryption/decryption.
|
|
|
|
* If cfg is NULL, no encryption is used.
|
2018-07-02 16:40:43 +05:30
|
|
|
*
|
|
|
|
* @return
|
2021-03-08 10:44:15 +08:00
|
|
|
* - ESP_OK if storage has been initialized successfully.
|
2018-07-02 16:40:43 +05:30
|
|
|
* - ESP_ERR_NVS_NO_FREE_PAGES if the NVS storage contains no empty pages
|
|
|
|
* (which may happen if NVS partition was truncated)
|
|
|
|
* - ESP_ERR_NOT_FOUND if no partition with label "nvs" is found in the partition table
|
2020-12-15 08:06:46 +05:30
|
|
|
* - ESP_ERR_NO_MEM in case memory could not be allocated for the internal structures
|
2018-07-02 16:40:43 +05:30
|
|
|
* - one of the error codes from the underlying flash storage driver
|
|
|
|
*/
|
|
|
|
esp_err_t nvs_flash_secure_init(nvs_sec_cfg_t* cfg);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Initialize NVS flash storage for the specified partition.
|
|
|
|
*
|
2021-03-08 10:44:15 +08:00
|
|
|
* @param[in] partition_label Label of the partition. Note that internally, a reference to
|
2018-07-02 16:40:43 +05:30
|
|
|
* passed value is kept and it should be accessible for future operations
|
|
|
|
*
|
2019-12-06 16:16:07 +08:00
|
|
|
* @param[in] cfg Security configuration (keys) to be used for NVS encryption/decryption.
|
|
|
|
* If cfg is null, no encryption/decryption is used.
|
2018-07-02 16:40:43 +05:30
|
|
|
* @return
|
2021-03-08 10:44:15 +08:00
|
|
|
* - ESP_OK if storage has been initialized successfully.
|
2018-07-02 16:40:43 +05:30
|
|
|
* - ESP_ERR_NVS_NO_FREE_PAGES if the NVS storage contains no empty pages
|
|
|
|
* (which may happen if NVS partition was truncated)
|
|
|
|
* - ESP_ERR_NOT_FOUND if specified partition is not found in the partition table
|
2020-12-15 08:06:46 +05:30
|
|
|
* - ESP_ERR_NO_MEM in case memory could not be allocated for the internal structures
|
2018-07-02 16:40:43 +05:30
|
|
|
* - one of the error codes from the underlying flash storage driver
|
|
|
|
*/
|
|
|
|
esp_err_t nvs_flash_secure_init_partition(const char *partition_label, nvs_sec_cfg_t* cfg);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Generate and store NVS keys in the provided esp partition
|
2019-12-06 16:16:07 +08:00
|
|
|
*
|
2018-07-02 16:40:43 +05:30
|
|
|
* @param[in] partition Pointer to partition structure obtained using
|
|
|
|
* esp_partition_find_first or esp_partition_get.
|
|
|
|
* Must be non-NULL.
|
|
|
|
* @param[out] cfg Pointer to nvs security configuration structure.
|
2019-12-06 16:16:07 +08:00
|
|
|
* Pointer must be non-NULL.
|
2018-07-02 16:40:43 +05:30
|
|
|
* Generated keys will be populated in this structure.
|
|
|
|
*
|
|
|
|
*
|
2019-12-06 16:16:07 +08:00
|
|
|
* @return
|
2023-04-05 18:03:56 +05:30
|
|
|
* - ESP_OK, if cfg was read successfully;
|
|
|
|
* - ESP_ERR_INVALID_ARG, if partition or cfg is NULL;
|
|
|
|
* - or error codes from esp_partition_write/erase APIs.
|
2018-07-02 16:40:43 +05:30
|
|
|
*/
|
|
|
|
|
|
|
|
esp_err_t nvs_flash_generate_keys(const esp_partition_t* partition, nvs_sec_cfg_t* cfg);
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
2019-12-06 16:16:07 +08:00
|
|
|
* @brief Read NVS security configuration from a partition.
|
|
|
|
*
|
2018-07-02 16:40:43 +05:30
|
|
|
* @param[in] partition Pointer to partition structure obtained using
|
|
|
|
* esp_partition_find_first or esp_partition_get.
|
|
|
|
* Must be non-NULL.
|
|
|
|
* @param[out] cfg Pointer to nvs security configuration structure.
|
|
|
|
* Pointer must be non-NULL.
|
|
|
|
*
|
2021-03-08 10:44:15 +08:00
|
|
|
* @note Provided partition is assumed to be marked 'encrypted'.
|
2018-07-02 16:40:43 +05:30
|
|
|
*
|
2019-12-06 16:16:07 +08:00
|
|
|
* @return
|
2023-04-05 18:03:56 +05:30
|
|
|
* - ESP_OK, if cfg was read successfully;
|
|
|
|
* - ESP_ERR_INVALID_ARG, if partition or cfg is NULL
|
|
|
|
* - ESP_ERR_NVS_KEYS_NOT_INITIALIZED, if the partition is not yet written with keys.
|
|
|
|
* - ESP_ERR_NVS_CORRUPT_KEY_PART, if the partition containing keys is found to be corrupt
|
|
|
|
* - or error codes from esp_partition_read API.
|
2018-07-02 16:40:43 +05:30
|
|
|
*/
|
|
|
|
|
|
|
|
esp_err_t nvs_flash_read_security_cfg(const esp_partition_t* partition, nvs_sec_cfg_t* cfg);
|
|
|
|
|
2023-04-05 18:03:56 +05:30
|
|
|
/**
|
|
|
|
* @brief Registers the given security scheme for NVS encryption
|
|
|
|
* The scheme registered with sec_scheme_id by this API be used as
|
|
|
|
* the default security scheme for the "nvs" partition.
|
|
|
|
* Users will have to call this API explicitly in their application.
|
|
|
|
*
|
|
|
|
* @param[in] scheme_cfg Pointer to the security scheme configuration structure
|
|
|
|
* that the user (or the nvs_key_provider) wants to register.
|
|
|
|
*
|
|
|
|
* @return
|
|
|
|
* - ESP_OK, if security scheme registration succeeds;
|
|
|
|
* - ESP_ERR_INVALID_ARG, if scheme_cfg is NULL;
|
|
|
|
* - ESP_FAIL, if security scheme registration fails
|
|
|
|
*/
|
|
|
|
esp_err_t nvs_flash_register_security_scheme(nvs_sec_scheme_t *scheme_cfg);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Fetch the configuration structure for the default active
|
|
|
|
* security scheme for NVS encryption
|
|
|
|
*
|
|
|
|
* @return Pointer to the default active security scheme configuration
|
|
|
|
* (NULL if no scheme is registered yet i.e. active)
|
|
|
|
*/
|
|
|
|
nvs_sec_scheme_t *nvs_flash_get_default_security_scheme(void);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Generate (and store) the NVS keys using the specified key-protection scheme
|
|
|
|
*
|
|
|
|
* @param[in] scheme_cfg Security scheme specific configuration
|
|
|
|
*
|
|
|
|
* @param[out] cfg Security configuration (encryption keys)
|
|
|
|
*
|
|
|
|
* @return
|
|
|
|
* - ESP_OK, if cfg was populated successfully with generated encryption keys;
|
|
|
|
* - ESP_ERR_INVALID_ARG, if scheme_cfg or cfg is NULL;
|
|
|
|
* - ESP_FAIL, if the key generation process fails
|
|
|
|
*/
|
|
|
|
esp_err_t nvs_flash_generate_keys_v2(nvs_sec_scheme_t *scheme_cfg, nvs_sec_cfg_t* cfg);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Read NVS security configuration set by the specified security scheme
|
|
|
|
*
|
|
|
|
* @param[in] scheme_cfg Security scheme specific configuration
|
|
|
|
*
|
|
|
|
* @param[out] cfg Security configuration (encryption keys)
|
|
|
|
*
|
|
|
|
* @return
|
|
|
|
* - ESP_OK, if cfg was read successfully;
|
|
|
|
* - ESP_ERR_INVALID_ARG, if scheme_cfg or cfg is NULL;
|
|
|
|
* - ESP_FAIL, if the key reading process fails
|
|
|
|
*/
|
|
|
|
esp_err_t nvs_flash_read_security_cfg_v2(nvs_sec_scheme_t *scheme_cfg, nvs_sec_cfg_t* cfg);
|
|
|
|
|
2016-08-17 23:08:22 +08:00
|
|
|
#ifdef __cplusplus
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
|
|
#endif /* nvs_flash_h */
|