diff --git a/examples/security/flash_encryption/README.md b/examples/security/flash_encryption/README.md index ed2d028d70..cebd888439 100644 --- a/examples/security/flash_encryption/README.md +++ b/examples/security/flash_encryption/README.md @@ -97,8 +97,8 @@ Reading with esp_partition_read: I (461) example: 0x3ffb4da0 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f |................| I (471) example: 0x3ffb4db0 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f |................| Reading with spi_flash_read: -I (491) example: 0x3ffb4da0 29 68 2e 13 88 a0 5b 7f cc 6b 39 f9 d7 7b 32 2f |)h....[..k9..{2/| -I (491) example: 0x3ffb4db0 9f e6 55 37 4b 91 b0 83 cd a6 e9 4e cd fa b4 c7 |..U7K......N....| +I (491) example: 0x3ffb4b30 35 9b f2 07 b4 6d 40 89 28 b4 1e 22 98 7b 4a 36 |5....m@.(..".{J6| +I (491) example: 0x3ffb4b40 ba 89 81 67 77 a3 60 5e 0a e7 51 01 b3 58 c2 f6 |...gw.`^..Q..X..| ``` ## Troubleshooting diff --git a/examples/security/flash_encryption/example_test.py b/examples/security/flash_encryption/example_test.py index cea78bbf6f..61df61bc0d 100644 --- a/examples/security/flash_encryption/example_test.py +++ b/examples/security/flash_encryption/example_test.py @@ -1,5 +1,19 @@ from __future__ import print_function +import binascii +from io import BytesIO +from collections import namedtuple +import os +import sys + import ttfw_idf +try: + import espsecure +except ImportError: + idf_path = os.getenv("IDF_PATH") + if not idf_path or not os.path.exists(idf_path): + raise + sys.path.insert(0, os.path.join(idf_path, "components", "esptool_py", "esptool")) + import espsecure # To prepare a test runner for this example: @@ -14,15 +28,31 @@ def test_examples_security_flash_encryption(env, extra_data): dut = env.get_dut('flash_encryption', 'examples/security/flash_encryption') # start test dut.start_app() + + # calculate the expected ciphertext + flash_addr = int(dut.app.partition_table["storage"]["offset"], 0) + plain_hex_str = '00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f' + plain_data = binascii.unhexlify(plain_hex_str.replace(' ', '')) + + # Emulate espsecure encrypt_flash_data command + EncryptFlashDataArgs = namedtuple('EncryptFlashDataArgs', ['output', 'plaintext_file', 'address', 'keyfile', 'flash_crypt_conf']) + args = EncryptFlashDataArgs(BytesIO(), BytesIO(plain_data), flash_addr, BytesIO(b'\x00' * 32), 0xF) + espsecure.encrypt_flash_data(args) + + expected_ciphertext = args.output.getvalue() + hex_ciphertext = binascii.hexlify(expected_ciphertext).decode('ascii') + expected_str = (' '.join(hex_ciphertext[i:i + 2] for i in range(0, 16, 2)) + ' ' + + ' '.join(hex_ciphertext[i:i + 2] for i in range(16, 32, 2))) + lines = [ 'FLASH_CRYPT_CNT eFuse value is 1', 'Flash encryption feature is enabled in DEVELOPMENT mode', 'with esp_partition_write', - '00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f', + plain_hex_str, 'with esp_partition_read', - '00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f', + plain_hex_str, 'with spi_flash_read', - '29 68 2e 13 88 a0 5b 7f cc 6b 39 f9 d7 7b 32 2f' + expected_str ] for line in lines: dut.expect(line, timeout=2)