espsecure: add option for 512bit key for encrypt_flash_data

espsecure.py

@@ -67,21 +67,22 @@ def swap_word_order(source):
 
 
 def _load_hardware_key(keyfile):
-    """ Load a 256-bit key, similar to stored in efuse, from a file
+    """ Load a 256/512-bit key, similar to stored in efuse, from a file
 
     192-bit keys will be extended to 256-bit using the same algorithm used
     by hardware if 3/4 Coding Scheme is set.
     """
     key = keyfile.read()
-    if len(key) not in [24, 32]:
-        raise esptool.FatalError("Key file contains wrong length (%d bytes), 24 or 32 expected." % len(key))
+    if len(key) not in [24, 32, 64]:
+        raise esptool.FatalError("Key file contains wrong length (%d bytes), 24, 32 or 64 expected." % len(key))
     if len(key) == 24:
         key = key + key[8:16]
+        assert len(key) == 32
         print("Using 192-bit key (extended)")
-    else:
+    elif len(key) == 32:
         print("Using 256-bit key")
-
-    assert len(key) == 32
+    else:
+        print("Using 512-bit key")
     return key
 
 

test/secure_images/512bit_key.bin

@@ -0,0 +1 @@
+�\�3i��'����u��������Q�Xn�J��V:�-֋��@��H�fP��?�s��#�

test/test_espsecure.py

@@ -438,6 +438,12 @@ def test_encrypt_decrypt_app(self):
                                    'ef-flashencryption-key.bin',
                                    0x20000, aes_xts=True)
 
+    def test_encrypt_decrypt_app_512_bit_key(self):
+        self._test_encrypt_decrypt('hello-world-signed.bin',
+                                   'hello-world-signed-encrypted-aes-xts-256.bin',
+                                   '512bit_key.bin',
+                                   0x10000, aes_xts=True)
+
     def test_padding(self):
         # Random 2048 bits hex string
         plaintext = binascii.unhexlify("c33b7c49f12a969a9bb45af5f660b73f"