ThePassionate opened a new pull request, #17952:
URL: https://github.com/apache/nuttx/pull/17952
## Summary
Introduces comprehensive key management interfaces and support for
generating
RSA and ECDSA key pairs in the cryptodev module. Includes detailed
documentation
of all key management operations.
## Problem
The cryptodev module lacked interfaces for:
1. Key lifecycle management (allocation, validation, import, export,
deletion)
2. Secure key generation for RSA and ECDSA
3. Key storage operations (save/load from FLASH)
4. Documentation of available key management operations
## Solution
Added complete key management infrastructure including:
### Commit 1: crypto: add key management and RSA/ECDSA keypair generation
- Added key management operation constants:
* CRK_ALLOCATE_KEY: Request available key ID
* CRK_VALIDATE_KEYID: Validate key ID availability
* CRK_IMPORT_KEY / CRK_EXPORT_KEY: Key import/export operations
* CRK_EXPORT_PUBLIC_KEY: Export public portion of keypair
* CRK_GENERATE_AES_KEY: AES key generation
* CRK_GENERATE_RSA_KEY: RSA keypair generation
* CRK_GENERATE_SECP256R1_KEY: ECDSA keypair generation
* CRK_DELETE_KEY: Remove key from driver
* CRK_SAVE_KEY / CRK_LOAD_KEY: Persist keys to/from FLASH
- Added capability flags (CRF_*) for each operation
- Extended cryptkop structure support in cryptodev module
### Commit 2: docs: enhance crypto documentation with key management and
asymmetric crypto
- Added "Asymmetric Cryptography and Key Management" section
- Documented RSA and ECDSA key generation capabilities
- Detailed all key management operations with their purposes:
* Key allocation/validation
* Key import/export operations
* Key generation (AES, RSA, ECDSA)
* Key lifecycle management
* Usage patterns for cryptographic operations
## Changes
- include/crypto/cryptodev.h: Added 12 new key management operation
constants and capability flags
- crypto/cryptodev.c: Extended operation handling (62 lines added)
- Documentation/components/crypto.rst: Added comprehensive key management
documentation
## Testing
- Verified key management constants are properly recognized
- Tested key generation interfaces
- Documentation updates reviewed against cryptodev.h definitions
## Security Considerations
- Key management operations support both software and hardware-accelerated
implementations
- Key storage supports FLASH persistence for secure key management
- Public/private key separation through CRK_EXPORT_PUBLIC_KEY
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
