Mirrors_Framework/nuttx
1
0
Fork 0
mirror of https://github.com/apache/nuttx.git synced 2026-05-18 00:34:10 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

docs: enhance crypto documentation with key management features

Browse Source 
Add detailed documentation for:
- MTD-based key storage and persistence
- AES key generation with multiple key sizes
- ECC P-256 key pair generation for ECDSA operations
- Key lifecycle management (save/load/delete)

Signed-off-by: makejian <makejian@xiaomi.com>
This commit is contained in:
makejian
2026-01-27 10:53:36 +08:00
committed by Donny(董九柱)
parent b663bfed8e
commit 83fdd685df
1 changed files with 43 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Documentation/components/crypto.rst
+43
View File
@@ -186,3 +186,46 @@ The cryptodev module supports RSA digital signatures via the cryptokey interface
- Output: verification result
Both padding schemes are supported via the cryptokey ioctl interface accessible through ``/dev/crypto``.
Key Management Operations
--------------------------
The cryptodev module provides comprehensive key management interfaces:
**Key Generation**
- CRK_GENERATE_AES_KEY: Generate AES key data with specified key ID
- Supports 128-bit, 192-bit, and 256-bit key generation
- Generates cryptographically secure random AES keys using software implementation
- Keys can be used immediately for AES encryption/decryption operations
- CRK_GENERATE_RSA_KEY: Generate RSA keypair (public and private) with specified key ID
- CRK_GENERATE_SECP256R1_KEY: Generate ECDSA keypair on SECP256R1 curve with specified key ID
- Generates P-256 elliptic curve keypairs for ECDSA operations
- Uses NuttX's lightweight ECC implementation for key generation
- Generated keys can be used for ECDSA digital signature operations
**Key Lifecycle Management**
- CRK_DELETE_KEY: Remove key with specified key ID from the driver
- CRK_SAVE_KEY: Persist key data to FLASH storage for non-volatile storage
- CRK_LOAD_KEY: Load previously saved key data from FLASH into RAM
**MTD-based Key Storage**
NuttX supports persistent key storage using MTD (Memory Technology Device):
- Keys can be saved to MTD-based storage for non-volatile persistence
- Software-based key management (swkey) provides transparent MTD integration
- Keys are automatically loaded from MTD upon system initialization
- Supports both symmetric (AES) and asymmetric (RSA, ECC) key storage
- Enables secure device configuration and credential persistence across reboots
**Cryptographic Operations Using Keys**
Once keys are allocated, generated, or imported, they can be used for:
- Symmetric encryption/decryption operations (AES)
- RSA signature generation and verification
- ECDSA digital signature operations
- Key exchange protocols