diff --git a/components/esp_security/test_apps/crypto_drivers/main/Kconfig.projbuild b/components/esp_security/test_apps/crypto_drivers/main/Kconfig.projbuild new file mode 100644 index 0000000000..7cdf8c00fa --- /dev/null +++ b/components/esp_security/test_apps/crypto_drivers/main/Kconfig.projbuild @@ -0,0 +1,9 @@ +menu "ESP Security Tests" + config ESP_SECURITY_ENABLE_FPGA_TESTS + bool "Allow enabling the esp_security tests that require burning efuses" + default y if IDF_ENV_FPGA + default n + help + This includes the esp_security tests that actually require burning some efuses. + It is better to run these tests on an FPGA to avoid mistakenly burning eFuses. +endmenu diff --git a/components/esp_security/test_apps/crypto_drivers/main/test_ds.c b/components/esp_security/test_apps/crypto_drivers/main/test_ds.c index 576e23fd62..13d53308be 100644 --- a/components/esp_security/test_apps/crypto_drivers/main/test_ds.c +++ b/components/esp_security/test_apps/crypto_drivers/main/test_ds.c @@ -255,7 +255,7 @@ TEST_CASE("Digital Signature Blocking HMAC key out of range", "[hw_crypto] [ds]" TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_sign(message, &ds_data, HMAC_KEY0 - 1, signature_data)); } -#if CONFIG_IDF_ENV_FPGA +#if CONFIG_ESP_SECURITY_ENABLE_FPGA_TESTS static void burn_hmac_keys(void) { @@ -435,4 +435,4 @@ TEST_CASE("Digital Signature Invalid Data (FPGA only)", "[hw_crypto] [ds]") } } -#endif // CONFIG_IDF_ENV_FPGA +#endif // CONFIG_ESP_SECURITY_ENABLE_FPGA_TESTS diff --git a/components/esp_security/test_apps/crypto_drivers/main/test_hmac.c b/components/esp_security/test_apps/crypto_drivers/main/test_hmac.c index 61fd9fb1c0..8f8ccf39ef 100644 --- a/components/esp_security/test_apps/crypto_drivers/main/test_hmac.c +++ b/components/esp_security/test_apps/crypto_drivers/main/test_hmac.c @@ -10,7 +10,7 @@ #include "esp_log.h" #include "esp_hmac.h" -#if CONFIG_IDF_ENV_FPGA +#if CONFIG_ESP_SECURITY_ENABLE_FPGA_TESTS /* Allow testing varying message lengths (truncating the same message) for various results */ @@ -1297,7 +1297,7 @@ TEST_CASE("HMAC 'upstream' wait lock", "[hw_crypto]") } } -#endif // CONFIG_IDF_ENV_FPGA +#endif // CONFIG_ESP_SECURITY_ENABLE_FPGA_TESTS /** * This test is just a parameter test and does not write any keys to efuse. diff --git a/components/hal/test_apps/crypto/README.md b/components/hal/test_apps/crypto/README.md index 4e2c6f4f57..3b25adda8a 100644 --- a/components/hal/test_apps/crypto/README.md +++ b/components/hal/test_apps/crypto/README.md @@ -67,7 +67,8 @@ This contains tests for the following features of the crypto peripherals: - SHA-512/256 - SHA-512/t -> **_NOTE:_** The verification tests for the HMAC and Digital Signature peripherals would get exercised in only in an FPGA environment. +> **_NOTE:_** The verification tests for the HMAC and Digital Signature peripherals would get exercised only by enabling the example config in an FPGA environment. + # Burning the HMAC key The HMAC tests need an HMAC key to be burned in the `BLOCK_KEY3` and `BLOCK_KEY4` of the efuses. As this verification application is independent of the efuse component, the user needs to manually burn the keys and their key purposes using `espefuse.py`. diff --git a/components/hal/test_apps/crypto/main/Kconfig.projbuild b/components/hal/test_apps/crypto/main/Kconfig.projbuild index 051c5bae14..ee68e84f19 100644 --- a/components/hal/test_apps/crypto/main/Kconfig.projbuild +++ b/components/hal/test_apps/crypto/main/Kconfig.projbuild @@ -1,6 +1,14 @@ menu "Test App Configuration" + config CRYPTO_TEST_APP_ENABLE_FPGA_TESTS + bool "Allow enabling the crypto tests that require burning efuses" + default y if IDF_ENV_FPGA + default n + help + This includes the crypto tests that actually require burning some efuses. + It is better to run these tests on an FPGA to avoid mistakenly burning eFuses. + config CRYPTO_TEST_APP_ENABLE_DS_TESTS bool "Enable DS Peripheral test cases" default y diff --git a/components/hal/test_apps/crypto/main/app_main.c b/components/hal/test_apps/crypto/main/app_main.c index 460445a343..87dcee3d8e 100644 --- a/components/hal/test_apps/crypto/main/app_main.c +++ b/components/hal/test_apps/crypto/main/app_main.c @@ -34,7 +34,7 @@ static void run_all_tests(void) RUN_TEST_GROUP(key_manager); #endif -#if CONFIG_IDF_ENV_FPGA +#if CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS #if CONFIG_SOC_HMAC_SUPPORTED && CONFIG_CRYPTO_TEST_APP_ENABLE_HMAC_TESTS RUN_TEST_GROUP(hmac); @@ -48,7 +48,7 @@ static void run_all_tests(void) RUN_TEST_GROUP(ecdsa) #endif -#endif /* CONFIG_IDF_ENV_FPGA */ +#endif /* CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS */ } static void test_task(void *pvParameters) diff --git a/components/hal/test_apps/crypto/main/key_manager/test_key_manager.c b/components/hal/test_apps/crypto/main/key_manager/test_key_manager.c index ca424eb132..2def4096e8 100644 --- a/components/hal/test_apps/crypto/main/key_manager/test_key_manager.c +++ b/components/hal/test_apps/crypto/main/key_manager/test_key_manager.c @@ -263,7 +263,7 @@ static void key_mgr_test_ecdsa_random_mode(void) TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deactivate_key(key_recovery_info.key_type)); } -#if CONFIG_IDF_ENV_FPGA +#if CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS static void test_xts_aes_key_random_mode(void) { @@ -351,7 +351,7 @@ TEST(key_manager, ecdsa_key_random_deployment) key_mgr_test_ecdsa_random_mode(); } -#if CONFIG_IDF_ENV_FPGA +#if CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS TEST(key_manager, xts_key_random_deployment) { key_mgr_test_xts_aes_128_random_mode(); @@ -367,7 +367,7 @@ TEST_GROUP_RUNNER(key_manager) RUN_TEST_CASE(key_manager, xts_key_ecdh0_deployment); RUN_TEST_CASE(key_manager, ecdsa_key_ecdh0_deployment); RUN_TEST_CASE(key_manager, ecdsa_key_random_deployment); -#if CONFIG_IDF_ENV_FPGA +#if CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS RUN_TEST_CASE(key_manager, xts_key_random_deployment); #endif