espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-08-04 21:24:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

test(hal/crypto): Add HMAC and DS using Key Manager key tests

Browse Source 
- Also updated the test app to use esp_crypto_periph_clk.h
This commit is contained in:
harshal.patil
2025-06-12 16:02:00 +05:30
parent 6ca4d621b5
commit ea322ee6ef
16 changed files with 762 additions and 429 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
components/hal/test_apps/crypto/main/aes/aes_block.c
View File

@@ -1,5 +1,5 @@
/* /*
* SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
* *
* SPDX-License-Identifier: CC0-1.0 * SPDX-License-Identifier: CC0-1.0
*/ */
@@ -8,7 +8,7 @@
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include "esp_private/esp_crypto_lock_internal.h" #include "esp_crypto_periph_clk.h"
#include "hal/aes_types.h" #include "hal/aes_types.h"
#include "hal/aes_hal.h" #include "hal/aes_hal.h"
#include "hal/aes_ll.h" #include "hal/aes_ll.h"
@@ -30,10 +30,7 @@ void aes_crypt_cbc_block(int mode,
uint32_t *iv_words = (uint32_t *)iv; uint32_t *iv_words = (uint32_t *)iv;
unsigned char temp[16]; unsigned char temp[16];
AES_RCC_ATOMIC() { esp_crypto_aes_enable_periph_clk(true);
aes_ll_enable_bus_clock(true);
aes_ll_reset_register();
}
/* Sets the key used for AES encryption/decryption */ /* Sets the key used for AES encryption/decryption */
aes_hal_setkey(key, key_bytes, mode); aes_hal_setkey(key, key_bytes, mode);
@@ -71,9 +68,7 @@ void aes_crypt_cbc_block(int mode,
} }
} }
AES_RCC_ATOMIC() { esp_crypto_aes_enable_periph_clk(false);
aes_ll_enable_bus_clock(false);
}
} }
@@ -89,10 +84,7 @@ void aes_crypt_ctr_block(uint8_t key_bytes,
int c, i; int c, i;
size_t n = *nc_off; size_t n = *nc_off;
AES_RCC_ATOMIC() { esp_crypto_aes_enable_periph_clk(true);
aes_ll_enable_bus_clock(true);
aes_ll_reset_register();
}
/* Sets the key used for AES encryption/decryption */ /* Sets the key used for AES encryption/decryption */
aes_hal_setkey(key, key_bytes, ESP_AES_ENCRYPT); aes_hal_setkey(key, key_bytes, ESP_AES_ENCRYPT);
@@ -113,9 +105,7 @@ void aes_crypt_ctr_block(uint8_t key_bytes,
*nc_off = n; *nc_off = n;
AES_RCC_ATOMIC() { esp_crypto_aes_enable_periph_clk(false);
aes_ll_enable_bus_clock(false);
}
} }
#endif #endif

47
components/hal/test_apps/crypto/main/ds/ds_types.h Normal file
View File

@@ -0,0 +1,47 @@
/*
* SPDX-FileCopyrightText: 2025 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Unlicense OR CC0-1.0
*/
#include <stdint.h>
#include "soc/soc_caps.h"
#define ESP_ERR_HW_CRYPTO_DS_HMAC_FAIL (0x1) /*!< HMAC peripheral problem */
#define ESP_ERR_HW_CRYPTO_DS_INVALID_KEY (0x2) /*!< given HMAC key isn't correct, HMAC peripheral problem */
#define ESP_ERR_HW_CRYPTO_DS_INVALID_DIGEST (0x4) /*!< message digest check failed, result is invalid */
#define ESP_ERR_HW_CRYPTO_DS_INVALID_PADDING (0x5) /*!< padding check failed, but result is produced anyway and can be read*/
#define ESP_DS_IV_BIT_LEN 128
#define ESP_DS_IV_LEN (ESP_DS_IV_BIT_LEN / 8)
#define ESP_DS_SIGNATURE_MAX_BIT_LEN SOC_RSA_MAX_BIT_LEN
#define ESP_DS_SIGNATURE_MD_BIT_LEN 256
#define ESP_DS_SIGNATURE_M_PRIME_BIT_LEN 32
#define ESP_DS_SIGNATURE_L_BIT_LEN 32
#define ESP_DS_SIGNATURE_PADDING_BIT_LEN 64
#define ESP_DS_C_LEN (((ESP_DS_SIGNATURE_MAX_BIT_LEN * 3 \
+ ESP_DS_SIGNATURE_MD_BIT_LEN \
+ ESP_DS_SIGNATURE_M_PRIME_BIT_LEN \
+ ESP_DS_SIGNATURE_L_BIT_LEN \
+ ESP_DS_SIGNATURE_PADDING_BIT_LEN) / 8))
typedef enum {
ESP_DS_RSA_1024 = (1024 / 32) - 1,
ESP_DS_RSA_2048 = (2048 / 32) - 1,
ESP_DS_RSA_3072 = (3072 / 32) - 1,
ESP_DS_RSA_4096 = (4096 / 32) - 1
} esp_digital_signature_length_t;
typedef struct esp_digital_signature_data {
esp_digital_signature_length_t rsa_length;
uint32_t iv[ESP_DS_IV_BIT_LEN / 32];
uint8_t c[ESP_DS_C_LEN];
} esp_ds_data_t;
typedef struct {
uint32_t Y[ESP_DS_SIGNATURE_MAX_BIT_LEN / 32];
uint32_t M[ESP_DS_SIGNATURE_MAX_BIT_LEN / 32];
uint32_t Rb[ESP_DS_SIGNATURE_MAX_BIT_LEN / 32];
uint32_t M_prime;
uint32_t length;
} esp_ds_p_data_t;

150
components/hal/test_apps/crypto/main/ds/test_ds.c
View File

@@ -13,84 +13,23 @@
#include "soc/soc_caps.h" #include "soc/soc_caps.h"
#include "esp_log.h" #include "esp_log.h"
#include "ds_types.h"
const static char *TAG = "test_ds"; const static char *TAG = "test_ds";
#include "rom/efuse.h" #include "rom/efuse.h"
#if CONFIG_IDF_TARGET_ESP32S2 #include "rom/sha.h"
#include "esp32s2/rom/digital_signature.h" #include "rom/digital_signature.h"
#include "esp32s2/rom/aes.h" #include "rom/aes.h"
#include "esp32s2/rom/sha.h" #include "rom/hmac.h"
#include "esp32s2/rom/hmac.h"
#include "soc/soc_memory_layout.h" #if SOC_KEY_MANAGER_DS_KEY_DEPLOY
#elif CONFIG_IDF_TARGET_ESP32C3 #include "hal/key_mgr_ll.h"
#include "esp32c3/rom/digital_signature.h"
#include "esp32c3/rom/hmac.h"
#elif CONFIG_IDF_TARGET_ESP32S3
#include "esp32s3/rom/digital_signature.h"
#include "esp32s3/rom/aes.h"
#include "esp32s3/rom/sha.h"
#elif CONFIG_IDF_TARGET_ESP32C6
#include "esp32c6/rom/digital_signature.h"
#include "esp32c6/rom/aes.h"
#include "esp32c6/rom/sha.h"
#elif CONFIG_IDF_TARGET_ESP32H2
#include "esp32h2/rom/digital_signature.h"
#include "esp32h2/rom/aes.h"
#include "esp32h2/rom/sha.h"
#elif CONFIG_IDF_TARGET_ESP32P4
#include "esp32p4/rom/digital_signature.h"
#include "esp32p4/rom/aes.h"
#include "esp32p4/rom/sha.h"
#elif CONFIG_IDF_TARGET_ESP32C5
#include "esp32c5/rom/digital_signature.h"
#include "esp32c5/rom/aes.h"
#include "esp32c5/rom/sha.h"
#elif CONFIG_IDF_TARGET_ESP32H21
#include "esp32h21/rom/digital_signature.h"
#include "esp32h21/rom/aes.h"
#include "esp32h21/rom/sha.h"
#endif #endif
#define ESP_ERR_HW_CRYPTO_DS_HMAC_FAIL (0x1) /*!< HMAC peripheral problem */ #if CONFIG_IDF_TARGET_ESP32S2
#define ESP_ERR_HW_CRYPTO_DS_INVALID_KEY (0x2) /*!< given HMAC key isn't correct, HMAC peripheral problem */ #include "soc/soc_memory_layout.h"
#define ESP_ERR_HW_CRYPTO_DS_INVALID_DIGEST (0x4) /*!< message digest check failed, result is invalid */ #endif
#define ESP_ERR_HW_CRYPTO_DS_INVALID_PADDING (0x5) /*!< padding check failed, but result is produced anyway and can be read*/
#define ESP_DS_IV_BIT_LEN 128
#define ESP_DS_IV_LEN (ESP_DS_IV_BIT_LEN / 8)
#define ESP_DS_SIGNATURE_MAX_BIT_LEN SOC_RSA_MAX_BIT_LEN
#define ESP_DS_SIGNATURE_MD_BIT_LEN 256
#define ESP_DS_SIGNATURE_M_PRIME_BIT_LEN 32
#define ESP_DS_SIGNATURE_L_BIT_LEN 32
#define ESP_DS_SIGNATURE_PADDING_BIT_LEN 64
#define ESP_DS_C_LEN (((ESP_DS_SIGNATURE_MAX_BIT_LEN * 3 \
+ ESP_DS_SIGNATURE_MD_BIT_LEN \
+ ESP_DS_SIGNATURE_M_PRIME_BIT_LEN \
+ ESP_DS_SIGNATURE_L_BIT_LEN \
+ ESP_DS_SIGNATURE_PADDING_BIT_LEN) / 8))
typedef enum {
ESP_DS_RSA_1024 = (1024 / 32) - 1,
ESP_DS_RSA_2048 = (2048 / 32) - 1,
ESP_DS_RSA_3072 = (3072 / 32) - 1,
ESP_DS_RSA_4096 = (4096 / 32) - 1
} esp_digital_signature_length_t;
typedef struct esp_digital_signature_data {
esp_digital_signature_length_t rsa_length;
uint32_t iv[ESP_DS_IV_BIT_LEN / 32];
uint8_t c[ESP_DS_C_LEN];
} esp_ds_data_t;
typedef struct {
uint32_t Y[ESP_DS_SIGNATURE_MAX_BIT_LEN / 32];
uint32_t M[ESP_DS_SIGNATURE_MAX_BIT_LEN / 32];
uint32_t Rb[ESP_DS_SIGNATURE_MAX_BIT_LEN / 32];
uint32_t M_prime;
uint32_t length;
} esp_ds_p_data_t;
#define NUM_RESULTS 10 #define NUM_RESULTS 10
@@ -128,43 +67,23 @@ _Static_assert(NUM_RESULTS == NUM_MESSAGES, "expected_results size should be the
#include "hal/hmac_hal.h" #include "hal/hmac_hal.h"
#include "hal/hmac_ll.h" #include "hal/hmac_ll.h"
#include "hal/sha_ll.h" #include "hal/sha_ll.h"
#include "esp_crypto_periph_clk.h"
static void ds_acquire_enable(void) static void ds_acquire_enable(void)
{ {
HMAC_RCC_ATOMIC() { // We also enable SHA and HMAC here. SHA is used by HMAC, HMAC is used by DS.
hmac_ll_enable_bus_clock(true); esp_crypto_hmac_enable_periph_clk(true);
hmac_ll_reset_register(); esp_crypto_sha_enable_periph_clk(true);
} esp_crypto_mpi_enable_periph_clk(true);
esp_crypto_ds_enable_periph_clk(true);
SHA_RCC_ATOMIC() {
sha_ll_enable_bus_clock(true);
sha_ll_reset_register();
}
DS_RCC_ATOMIC() {
ds_ll_enable_bus_clock(true);
ds_ll_reset_register();
}
hmac_hal_start();
} }
static void ds_disable_release(void) static void ds_disable_release(void)
{ {
ds_hal_finish(); esp_crypto_mpi_enable_periph_clk(false);
esp_crypto_sha_enable_periph_clk(false);
DS_RCC_ATOMIC() { esp_crypto_hmac_enable_periph_clk(false);
ds_ll_enable_bus_clock(false); esp_crypto_ds_enable_periph_clk(false);
}
SHA_RCC_ATOMIC() {
sha_ll_enable_bus_clock(false);
}
HMAC_RCC_ATOMIC() {
hmac_ll_enable_bus_clock(false);
}
} }
@@ -172,11 +91,22 @@ static esp_err_t esp_ds_start_sign(const void *message, const esp_ds_data_t *dat
{ {
ds_acquire_enable(); ds_acquire_enable();
uint32_t conf_error = hmac_hal_configure(HMAC_OUTPUT_DS, key_id); #if SOC_KEY_MANAGER_DS_KEY_DEPLOY
if (conf_error) { if (key_id == HMAC_KEY_KM) {
ds_disable_release(); ds_hal_set_key_source(DS_KEY_SOURCE_KEY_MGR);
return ESP_ERR_HW_CRYPTO_DS_HMAC_FAIL; } else {
ds_hal_set_key_source(DS_KEY_SOURCE_EFUSE);
#endif
hmac_hal_start();
uint32_t conf_error = hmac_hal_configure(HMAC_OUTPUT_DS, key_id);
if (conf_error) {
ds_disable_release();
ESP_LOGE(TAG, "HMAC configure failed");
return ESP_ERR_HW_CRYPTO_DS_HMAC_FAIL;
}
#if SOC_KEY_MANAGER_DS_KEY_DEPLOY
} }
#endif
ds_hal_start(); ds_hal_start();
@@ -211,13 +141,13 @@ static esp_err_t esp_ds_finish_sign(void *signature, const esp_ds_data_t *data)
} }
hmac_hal_clean(); hmac_hal_clean();
ds_hal_finish();
ds_disable_release(); ds_disable_release();
return return_value; return return_value;
} }
static esp_err_t esp_ds_sign(const void *message, esp_err_t esp_ds_sign(const void *message,
const esp_ds_data_t *data, const esp_ds_data_t *data,
uint32_t key_id, uint32_t key_id,
void *signature) void *signature)
@@ -287,8 +217,8 @@ static void ds_disable_release(void)
} }
static esp_err_t esp_ds_start_sign(const void *message, static esp_err_t esp_ds_start_sign(const void *message,
const esp_ds_data_t *data, const esp_ds_data_t *data,
uint32_t key_id) uint32_t key_id)
{ {
ds_acquire_enable(); ds_acquire_enable();

50
components/hal/test_apps/crypto/main/ecc/test_ecc.c
View File

@@ -9,7 +9,7 @@
#include <string.h> #include <string.h>
#include <sys/param.h> #include <sys/param.h>
#include "sdkconfig.h" #include "sdkconfig.h"
#include "esp_private/esp_crypto_lock_internal.h" #include "esp_crypto_periph_clk.h"
#include "esp_log.h" #include "esp_log.h"
#include "ecc_params.h" #include "ecc_params.h"
#include "soc/soc_caps.h" #include "soc/soc_caps.h"
@@ -43,24 +43,6 @@ static void ecc_be_to_le(const uint8_t* be_point, uint8_t *le_point, uint8_t len
} }
} }
static void ecc_enable_and_reset(void)
{
ECC_RCC_ATOMIC() {
ecc_ll_enable_bus_clock(true);
ecc_ll_power_up();
ecc_ll_reset_register();
}
}
static void ecc_disable(void)
{
ECC_RCC_ATOMIC() {
ecc_ll_enable_bus_clock(false);
ecc_ll_power_down();
}
}
TEST_GROUP(ecc); TEST_GROUP(ecc);
TEST_SETUP(ecc) TEST_SETUP(ecc)
@@ -79,7 +61,7 @@ TEST_TEAR_DOWN(ecc)
static void ecc_point_mul(const uint8_t *k_le, const uint8_t *x_le, const uint8_t *y_le, uint8_t len, bool verify_first, static void ecc_point_mul(const uint8_t *k_le, const uint8_t *x_le, const uint8_t *y_le, uint8_t len, bool verify_first,
uint8_t *res_x_le, uint8_t *res_y_le) uint8_t *res_x_le, uint8_t *res_y_le)
{ {
ecc_enable_and_reset(); esp_crypto_ecc_enable_periph_clk(true);
ecc_hal_write_mul_param(k_le, x_le, y_le, len); ecc_hal_write_mul_param(k_le, x_le, y_le, len);
if (verify_first) { if (verify_first) {
@@ -95,7 +77,7 @@ static void ecc_point_mul(const uint8_t *k_le, const uint8_t *x_le, const uint8_
} }
ecc_hal_read_mul_result(res_x_le, res_y_le, len); ecc_hal_read_mul_result(res_x_le, res_y_le, len);
ecc_disable(); esp_crypto_ecc_enable_periph_clk(false);
} }
static void test_ecc_point_mul_inner(bool verify_first) static void test_ecc_point_mul_inner(bool verify_first)
@@ -161,7 +143,7 @@ TEST(ecc, ecc_point_multiplication_on_SECP192R1_and_SECP256R1)
#if SOC_ECC_CONSTANT_TIME_POINT_MUL #if SOC_ECC_CONSTANT_TIME_POINT_MUL
#define CONST_TIME_DEVIATION_PERCENT 0.002 #define CONST_TIME_DEVIATION_PERCENT 0.0025
static void test_ecc_point_mul_inner_constant_time(void) static void test_ecc_point_mul_inner_constant_time(void)
{ {
@@ -237,7 +219,7 @@ TEST(ecc, ecc_point_multiplication_const_time_check_on_SECP192R1_and_SECP256R1)
#if SOC_ECC_SUPPORT_POINT_VERIFY && !defined(SOC_ECC_SUPPORT_POINT_VERIFY_QUIRK) #if SOC_ECC_SUPPORT_POINT_VERIFY && !defined(SOC_ECC_SUPPORT_POINT_VERIFY_QUIRK)
static int ecc_point_verify(const uint8_t *x_le, const uint8_t *y_le, uint8_t len) static int ecc_point_verify(const uint8_t *x_le, const uint8_t *y_le, uint8_t len)
{ {
ecc_enable_and_reset(); esp_crypto_ecc_enable_periph_clk(true);
ecc_hal_write_verify_param(x_le, y_le, len); ecc_hal_write_verify_param(x_le, y_le, len);
ecc_hal_set_mode(ECC_MODE_VERIFY); ecc_hal_set_mode(ECC_MODE_VERIFY);
@@ -248,7 +230,7 @@ static int ecc_point_verify(const uint8_t *x_le, const uint8_t *y_le, uint8_t le
} }
int ret = ecc_hal_read_verify_result(); int ret = ecc_hal_read_verify_result();
ecc_disable(); esp_crypto_ecc_enable_periph_clk(false);
return ret; return ret;
} }
@@ -297,7 +279,7 @@ TEST(ecc, ecc_point_verification_and_multiplication_on_SECP192R1_and_SECP256R1)
#if SOC_ECC_SUPPORT_POINT_DIVISION #if SOC_ECC_SUPPORT_POINT_DIVISION
static void ecc_point_inv_mul(const uint8_t *num_le, const uint8_t *deno_le, uint8_t len, uint8_t *res_le) static void ecc_point_inv_mul(const uint8_t *num_le, const uint8_t *deno_le, uint8_t len, uint8_t *res_le)
{ {
ecc_enable_and_reset(); esp_crypto_ecc_enable_periph_clk(true);
uint8_t zero[32] = {0}; uint8_t zero[32] = {0};
ecc_hal_write_mul_param(zero, num_le, deno_le, len); ecc_hal_write_mul_param(zero, num_le, deno_le, len);
@@ -311,7 +293,7 @@ static void ecc_point_inv_mul(const uint8_t *num_le, const uint8_t *deno_le, uin
} }
ecc_hal_read_mul_result(zero, res_le, len); ecc_hal_read_mul_result(zero, res_le, len);
ecc_disable(); esp_crypto_ecc_enable_periph_clk(false);
} }
TEST(ecc, ecc_inverse_multiplication_or_mod_division_using_SECP192R1_and_SECP256R1_order_of_curve) TEST(ecc, ecc_inverse_multiplication_or_mod_division_using_SECP192R1_and_SECP256R1_order_of_curve)
@@ -329,7 +311,7 @@ TEST(ecc, ecc_inverse_multiplication_or_mod_division_using_SECP192R1_and_SECP256
static void ecc_jacob_mul(uint8_t *k_le, uint8_t *x_le, uint8_t *y_le, uint8_t len, bool verify_first, static void ecc_jacob_mul(uint8_t *k_le, uint8_t *x_le, uint8_t *y_le, uint8_t len, bool verify_first,
uint8_t *res_x_le, uint8_t *res_y_le, uint8_t *res_z_le) uint8_t *res_x_le, uint8_t *res_y_le, uint8_t *res_z_le)
{ {
ecc_enable_and_reset(); esp_crypto_ecc_enable_periph_clk(true);
ecc_hal_write_mul_param(k_le, x_le, y_le, len); ecc_hal_write_mul_param(k_le, x_le, y_le, len);
if (verify_first) { if (verify_first) {
@@ -344,7 +326,7 @@ static void ecc_jacob_mul(uint8_t *k_le, uint8_t *x_le, uint8_t *y_le, uint8_t l
} }
ecc_hal_read_jacob_mul_result(res_x_le, res_y_le, res_z_le, len); ecc_hal_read_jacob_mul_result(res_x_le, res_y_le, res_z_le, len);
ecc_disable(); esp_crypto_ecc_enable_periph_clk(false);
} }
static void test_ecc_jacob_mul_inner(bool verify_first) static void test_ecc_jacob_mul_inner(bool verify_first)
@@ -393,7 +375,7 @@ TEST(ecc, ecc_jacobian_point_multiplication_on_SECP192R1_and_SECP256R1)
#if SOC_ECC_SUPPORT_JACOB_POINT_VERIFY #if SOC_ECC_SUPPORT_JACOB_POINT_VERIFY
static int ecc_jacob_verify(const uint8_t *x_le, const uint8_t *y_le, const uint8_t *z_le, uint8_t len) static int ecc_jacob_verify(const uint8_t *x_le, const uint8_t *y_le, const uint8_t *z_le, uint8_t len)
{ {
ecc_enable_and_reset(); esp_crypto_ecc_enable_periph_clk(true);
ecc_hal_write_jacob_verify_param(x_le, y_le, z_le, len); ecc_hal_write_jacob_verify_param(x_le, y_le, z_le, len);
@@ -406,7 +388,7 @@ static int ecc_jacob_verify(const uint8_t *x_le, const uint8_t *y_le, const uint
} }
int ret = ecc_hal_read_verify_result(); int ret = ecc_hal_read_verify_result();
ecc_disable(); esp_crypto_ecc_enable_periph_clk(false);
return ret; return ret;
} }
@@ -436,7 +418,7 @@ static void ecc_point_addition(uint8_t *px_le, uint8_t *py_le, uint8_t *qx_le, u
uint8_t len, bool jacob_output, uint8_t len, bool jacob_output,
uint8_t *x_res_le, uint8_t *y_res_le, uint8_t *z_res_le) uint8_t *x_res_le, uint8_t *y_res_le, uint8_t *z_res_le)
{ {
ecc_enable_and_reset(); esp_crypto_ecc_enable_periph_clk(true);
ecc_hal_write_point_add_param(px_le, py_le, qx_le, qy_le, qz_le, len); ecc_hal_write_point_add_param(px_le, py_le, qx_le, qy_le, qz_le, len);
@@ -449,7 +431,7 @@ static void ecc_point_addition(uint8_t *px_le, uint8_t *py_le, uint8_t *qx_le, u
} }
ecc_hal_read_point_add_result(x_res_le, y_res_le, z_res_le, len, jacob_output); ecc_hal_read_point_add_result(x_res_le, y_res_le, z_res_le, len, jacob_output);
ecc_disable(); esp_crypto_ecc_enable_periph_clk(false);
} }
TEST(ecc, ecc_point_addition_on_SECP192R1_and_SECP256R1) TEST(ecc, ecc_point_addition_on_SECP192R1_and_SECP256R1)
@@ -508,7 +490,7 @@ TEST(ecc, ecc_point_addition_on_SECP192R1_and_SECP256R1)
#if SOC_ECC_SUPPORT_MOD_ADD || SOC_ECC_SUPPORT_MOD_SUB || SOC_ECC_SUPPORT_MOD_MUL #if SOC_ECC_SUPPORT_MOD_ADD || SOC_ECC_SUPPORT_MOD_SUB || SOC_ECC_SUPPORT_MOD_MUL
static void ecc_mod_op(ecc_mode_t mode, const uint8_t *a, const uint8_t *b, uint8_t len, uint8_t *res_le) static void ecc_mod_op(ecc_mode_t mode, const uint8_t *a, const uint8_t *b, uint8_t len, uint8_t *res_le)
{ {
ecc_enable_and_reset(); esp_crypto_ecc_enable_periph_clk(true);
ecc_hal_write_mod_op_param(a, b, len); ecc_hal_write_mod_op_param(a, b, len);
@@ -521,7 +503,7 @@ static void ecc_mod_op(ecc_mode_t mode, const uint8_t *a, const uint8_t *b, uint
} }
ecc_hal_read_mod_op_result(res_le, len); ecc_hal_read_mod_op_result(res_le, len);
ecc_disable(); esp_crypto_ecc_enable_periph_clk(false);
} }
#endif #endif

35
components/hal/test_apps/crypto/main/ecdsa/test_ecdsa.c
View File

@@ -10,7 +10,7 @@
#include "esp_crypto_lock.h" #include "esp_crypto_lock.h"
#include "esp_efuse_chip.h" #include "esp_efuse_chip.h"
#include "esp_private/esp_crypto_lock_internal.h" #include "esp_crypto_periph_clk.h"
#include "esp_random.h" #include "esp_random.h"
#include "esp_err.h" #include "esp_err.h"
#include "esp_efuse.h" #include "esp_efuse.h"
@@ -35,41 +35,20 @@ __attribute__((unused)) static const char * TAG = "crypto_test";
static void ecdsa_enable_and_reset(void) static void ecdsa_enable_and_reset(void)
{ {
ECDSA_RCC_ATOMIC() { esp_crypto_ecdsa_enable_periph_clk(true);
ecdsa_ll_enable_bus_clock(true); esp_crypto_ecc_enable_periph_clk(true);
ecdsa_ll_reset_register();
}
ECC_RCC_ATOMIC() {
ecc_ll_enable_bus_clock(true);
ecc_ll_power_up();
ecc_ll_reset_register();
}
#ifdef SOC_ECDSA_USES_MPI #ifdef SOC_ECDSA_USES_MPI
MPI_RCC_ATOMIC() { esp_crypto_mpi_enable_periph_clk(true);
mpi_ll_enable_bus_clock(true);
mpi_ll_reset_register();
}
#endif #endif
} }
static void ecdsa_disable(void) static void ecdsa_disable(void)
{ {
#ifdef SOC_ECDSA_USES_MPI #ifdef SOC_ECDSA_USES_MPI
MPI_RCC_ATOMIC() { esp_crypto_mpi_enable_periph_clk(false);
mpi_ll_enable_bus_clock(false);
}
#endif #endif
esp_crypto_ecc_enable_periph_clk(false);
ECC_RCC_ATOMIC() { esp_crypto_ecdsa_enable_periph_clk(false);
ecc_ll_enable_bus_clock(false);
ecc_ll_power_down();
}
ECDSA_RCC_ATOMIC() {
ecdsa_ll_enable_bus_clock(false);
}
} }
static void ecc_be_to_le(const uint8_t* be_point, uint8_t *le_point, uint8_t len) static void ecc_be_to_le(const uint8_t* be_point, uint8_t *le_point, uint8_t len)

37
components/hal/test_apps/crypto/main/hmac/test_hmac.c
View File

@@ -1,11 +1,11 @@
/* /*
* SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
* *
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
*/ */
#include <string.h> #include <string.h>
#include "esp_private/esp_crypto_lock_internal.h" #include "esp_crypto_periph_clk.h"
#include "esp_log.h" #include "esp_log.h"
#include "memory_checks.h" #include "memory_checks.h"
#include "unity_fixture.h" #include "unity_fixture.h"
@@ -61,24 +61,13 @@ static void write_and_padd(uint8_t *block, const uint8_t *data, uint16_t data_le
bzero(block + data_len + 1, SHA256_BLOCK_SZ - data_len - 1); bzero(block + data_len + 1, SHA256_BLOCK_SZ - data_len - 1);
} }
static esp_err_t hmac_calculate(uint32_t key_id, const void *message, size_t message_len, uint8_t *hmac) esp_err_t hmac_calculate(uint32_t key_id, const void *message, size_t message_len, uint8_t *hmac)
{ {
const uint8_t *message_bytes = (const uint8_t *)message; const uint8_t *message_bytes = (const uint8_t *)message;
HMAC_RCC_ATOMIC() { esp_crypto_hmac_enable_periph_clk(true);
hmac_ll_enable_bus_clock(true); esp_crypto_sha_enable_periph_clk(true);
hmac_ll_reset_register(); esp_crypto_ds_enable_periph_clk(true);
}
SHA_RCC_ATOMIC() {
sha_ll_enable_bus_clock(true);
sha_ll_reset_register();
}
DS_RCC_ATOMIC() {
ds_ll_enable_bus_clock(true);
ds_ll_reset_register();
}
hmac_hal_start(); hmac_hal_start();
@@ -130,17 +119,9 @@ static esp_err_t hmac_calculate(uint32_t key_id, const void *message, size_t mes
hmac_hal_read_result_256(hmac); hmac_hal_read_result_256(hmac);
DS_RCC_ATOMIC() { esp_crypto_hmac_enable_periph_clk(false);
ds_ll_enable_bus_clock(false); esp_crypto_sha_enable_periph_clk(false);
} esp_crypto_ds_enable_periph_clk(false);
SHA_RCC_ATOMIC() {
sha_ll_enable_bus_clock(false);
}
HMAC_RCC_ATOMIC() {
hmac_ll_enable_bus_clock(false);
}
return ESP_OK; return ESP_OK;
} }

5
components/hal/test_apps/crypto/main/key_manager/ecdsa_256_key.pem Normal file
View File

@@ -0,0 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEICySt/VCEPFi962COuQDE+cXD3Bz8XjZy2O5SM1LsHsGoAoGCCqGSM49
AwEHoUQDQgAEBYu5KXarLURySNNaeZcxtBTxC0vJAM/evz9NC01IjCVQlOLJ4Y6i
3UviK3bgk+3FqpJBM+SQCqeDgd7ktPtr9Q==
-----END EC PRIVATE KEY-----

289
components/hal/test_apps/crypto/main/key_manager/gen_key_manager_test_cases.py
View File

@@ -1,17 +1,26 @@
# SPDX-FileCopyrightText: 2024-2025 Espressif Systems (Shanghai) CO LTD # SPDX-FileCopyrightText: 2024-2025 Espressif Systems (Shanghai) CO LTD
# SPDX-License-Identifier: Unlicense OR CC0-1.0 # SPDX-License-Identifier: Unlicense OR CC0-1.0
import argparse
import hashlib
import hmac
import os import os
import random
import struct import struct
from typing import Any from typing import Any
from cryptography.hazmat.backends import default_backend from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import ec from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives.ciphers import Cipher from cryptography.hazmat.primitives.ciphers import Cipher
from cryptography.hazmat.primitives.ciphers import algorithms from cryptography.hazmat.primitives.ciphers import algorithms
from cryptography.hazmat.primitives.ciphers import modes from cryptography.hazmat.primitives.ciphers import modes
from cryptography.utils import int_to_bytes
from ecdsa.curves import NIST256p from ecdsa.curves import NIST256p
supported_targets = {'esp32p4', 'esp32c5'}
supported_ds_key_size = {'esp32p4': [4096, 3072, 2048, 1024], 'esp32c5': [3072, 2048, 1024]}
# Constants # Constants
TEST_COUNT = 5 TEST_COUNT = 5
STORAGE_PARTITION_OFFSET = 0x160000 STORAGE_PARTITION_OFFSET = 0x160000
@@ -137,18 +146,119 @@ def generate_k1_G(key_file_path: str) -> tuple:
return k1_G, k1_G return k1_G, k1_G
def generate_hmac_test_data(key: bytes) -> tuple:
hmac_message = (
'Deleniti voluptas explicabo et assumenda. Sed et aliquid minus quis. '
'Praesentium cupiditate quia nemo est. Laboriosam pariatur ut distinctio tenetur. '
'Sunt architecto iure aspernatur soluta ut recusandae. '
'Ut quibusdam occaecati ut qui sit dignissimos eaque..'
).encode('utf-8')
hmac_result = hmac.HMAC(key, hmac_message, hashlib.sha256).digest()
return hmac_message, hmac_result
def number_as_bytes(number, pad_bits=0): # type: (int, int) -> bytes
"""
Given a number, format as a little endian array of bytes
"""
result = int_to_bytes(number)[::-1] # type: bytes
while pad_bits != 0 and len(result) < (pad_bits // 8):
result += b'\x00'
return result
def number_as_bignum_words(number): # type: (int) -> str
"""
Given a number, format result as a C array of words
(little-endian, same as ESP32 RSA peripheral or mbedTLS)
"""
result = []
while number != 0:
result.append('0x%08x' % (number & 0xFFFFFFFF))
number >>= 32
return '{ ' + ', '.join(result) + ' }'
def generate_ds_encrypted_input_params(aes_key: bytes, target: str) -> tuple:
iv = os.urandom(16)
max_key_size = max(supported_ds_key_size[target])
key_size = max_key_size
private_key = rsa.generate_private_key(public_exponent=65537, key_size=key_size, backend=default_backend())
priv_numbers = private_key.private_numbers()
pub_numbers = private_key.public_key().public_numbers()
Y = priv_numbers.d
M = pub_numbers.n
rr = 1 << (key_size * 2)
rinv = rr % pub_numbers.n
mprime = -rsa._modinv(M, 1 << 32)
mprime &= 0xFFFFFFFF
length = key_size // 32 - 1
# calculate MD from preceding values and IV
# Y_max_key_size || M_max_key_size || Rb_max_key_size || M_prime32 || LENGTH32 || IV128
md_in = (
number_as_bytes(Y, max_key_size)
+ number_as_bytes(M, max_key_size)
+ number_as_bytes(rinv, max_key_size)
+ struct.pack('<II', mprime, length)
+ iv
)
md = hashlib.sha256(md_in).digest()
# generate expected C value from P bitstring
#
# Y_max_key_size || M_max_key_size || Rb_max_key_size || M_prime32 || LENGTH32 || 0x08*8
# E.g. for C3: Y3072 || M3072 || Rb3072 || M_prime32 || LENGTH32 || MD256 || 0x08*8
p = (
number_as_bytes(Y, max_key_size)
+ number_as_bytes(M, max_key_size)
+ number_as_bytes(rinv, max_key_size)
+ md
+ struct.pack('<II', mprime, length)
+ b'\x08' * 8
)
# expected_len = max_len_Y + max_len_M + max_len_rinv + md (32 bytes)
# + (mprime + length packed (8bytes)) + padding (8 bytes)
expected_len = (max_key_size / 8) * 3 + 32 + 8 + 8
assert len(p) == expected_len
cipher = Cipher(algorithms.AES(aes_key), modes.CBC(iv), backend=default_backend())
encryptor = cipher.encryptor()
ds_encrypted_input_params = encryptor.update(p) + encryptor.finalize()
mask = (1 << key_size) - 1 # truncate messages if needed
ds_message = random.randrange(0, 1 << max_key_size)
ds_result = number_as_bytes(pow(ds_message & mask, Y, M))
return number_as_bytes(ds_message), ds_encrypted_input_params, iv, key_size, ds_result
def write_to_c_header( def write_to_c_header(
init_key: bytes, init_key: bytes,
k1: bytes, k1: bytes,
k2_info: bytes, k2_info: bytes,
k1_encrypted_32: list, k1_encrypted_32: list,
k1_encrypted_32_reversed: list,
test_data_xts_aes_128: list, test_data_xts_aes_128: list,
k1_encrypted_64: list, k1_encrypted_64: list,
k1_encrypted_64_reversed: list,
xts_test_data_xts_aes_256: list, xts_test_data_xts_aes_256: list,
pubx: bytes, pubx: bytes,
puby: bytes, puby: bytes,
k1_G_0: bytes, k1_G_0: bytes,
k1_G_1: bytes, k1_G_1: bytes,
hmac_message: bytes,
hmac_result: bytes,
ds_message: bytes,
ds_encrypted_input_params: bytes,
ds_encrypted_input_params_iv: bytes,
ds_key_size: int,
ds_result: bytes,
) -> None: ) -> None:
with open('key_manager_test_cases.h', 'w', encoding='utf-8') as file: with open('key_manager_test_cases.h', 'w', encoding='utf-8') as file:
header_content = """#include <stdint.h> header_content = """#include <stdint.h>
@@ -166,13 +276,30 @@ typedef struct test_ecdsa_data {
uint8_t puby[32]; uint8_t puby[32];
} test_ecdsa_data_t; } test_ecdsa_data_t;
typedef struct test_hmac_data {
uint8_t message[%d];
uint8_t hmac_result[32];
} test_hmac_data_t;
typedef struct test_ds_data {
uint8_t ds_message[%d / 8];
uint8_t ds_encrypted_input_params[%d];
uint8_t ds_encrypted_input_params_iv[16];
size_t ds_key_size;
uint8_t ds_result[%d];
} test_ds_data_t;
typedef struct test_data { typedef struct test_data {
uint8_t init_key[32]; uint8_t init_key[32];
uint8_t k2_info[64]; uint8_t k2_info[64];
uint8_t k1_encrypted[2][32]; // For both 256-bit and 512-bit keys uint8_t k1_encrypted[2][32]; // For both 256-bit and 512-bit keys
uint8_t plaintext_data[128]; uint8_t plaintext_data[128];
test_xts_data_t xts_test_data[TEST_COUNT]; union {
test_ecdsa_data_t ecdsa_test_data; test_xts_data_t xts_test_data[TEST_COUNT];
test_ecdsa_data_t ecdsa_test_data;
test_hmac_data_t hmac_test_data;
test_ds_data_t ds_test_data;
};
} test_data_aes_mode_t; } test_data_aes_mode_t;
typedef struct test_data_ecdh0 { typedef struct test_data_ecdh0 {
@@ -189,9 +316,13 @@ test_data_aes_mode_t test_data_xts_aes_128 = {
.plaintext_data = { %s }, .plaintext_data = { %s },
.xts_test_data = { .xts_test_data = {
""" % ( """ % (
len(hmac_message),
ds_key_size,
len(ds_encrypted_input_params),
len(ds_result),
key_to_c_format(init_key), key_to_c_format(init_key),
key_to_c_format(k2_info), key_to_c_format(k2_info),
key_to_c_format(k1_encrypted_32[0]), key_to_c_format(k1_encrypted_32_reversed[0]),
key_to_c_format(bytes(range(1, 129))), key_to_c_format(bytes(range(1, 129))),
) )
@@ -209,8 +340,8 @@ test_data_aes_mode_t test_data_xts_aes_128 = {
header_content += f'\t.init_key = {{{key_to_c_format(init_key)}}},\n' header_content += f'\t.init_key = {{{key_to_c_format(init_key)}}},\n'
header_content += f'\t.k2_info = {{{key_to_c_format(k2_info)}}},\n' header_content += f'\t.k2_info = {{{key_to_c_format(k2_info)}}},\n'
header_content += ( header_content += (
f'\t.k1_encrypted = {{{{{key_to_c_format(k1_encrypted_64[0])}}}, ' f'\t.k1_encrypted = {{{{{key_to_c_format(k1_encrypted_64_reversed[0])}}}, '
f'{{{key_to_c_format(k1_encrypted_64[1])}}}}},\n' f'{{{key_to_c_format(k1_encrypted_64_reversed[1])}}}}},\n'
) )
header_content += f'\t.plaintext_data = {{{key_to_c_format(bytes(range(1, 129)))}}},\n' header_content += f'\t.plaintext_data = {{{key_to_c_format(bytes(range(1, 129)))}}},\n'
header_content += ' .xts_test_data = {\n' header_content += ' .xts_test_data = {\n'
@@ -221,7 +352,7 @@ test_data_aes_mode_t test_data_xts_aes_128 = {
f'.data_offset = 0x{flash_address:x}, ' f'.data_offset = 0x{flash_address:x}, '
f'.ciphertext = {{{key_to_c_format(ciphertext)}}}}},\n' f'.ciphertext = {{{key_to_c_format(ciphertext)}}}}},\n'
) )
header_content += '\t}\n};\n\n' header_content += '\t}\n};\n'
header_content += """ header_content += """
test_data_aes_mode_t test_data_ecdsa = { test_data_aes_mode_t test_data_ecdsa = {
@@ -236,10 +367,11 @@ test_data_aes_mode_t test_data_ecdsa = {
""" % ( """ % (
key_to_c_format(init_key), key_to_c_format(init_key),
key_to_c_format(k2_info), key_to_c_format(k2_info),
key_to_c_format(k1_encrypted_32[0]), key_to_c_format(k1_encrypted_32_reversed[0]),
key_to_c_format(pubx), key_to_c_format(pubx),
key_to_c_format(puby), key_to_c_format(puby),
) )
header_content += """ header_content += """
test_data_ecdh0_mode_t test_data_ecdh0 = { test_data_ecdh0_mode_t test_data_ecdh0 = {
.plaintext_data = { %s }, .plaintext_data = { %s },
@@ -252,7 +384,6 @@ test_data_ecdh0_mode_t test_data_ecdh0 = {
{ %s }, { %s },
} }
};\n };\n
""" % ( """ % (
key_to_c_format(bytes(range(1, 129))), key_to_c_format(bytes(range(1, 129))),
key_to_c_format(k1), key_to_c_format(k1),
@@ -261,50 +392,124 @@ test_data_ecdh0_mode_t test_data_ecdh0 = {
key_to_c_format(k1_G_1), key_to_c_format(k1_G_1),
) )
header_content += """
test_data_aes_mode_t test_data_hmac = {
.init_key = { %s },
.k2_info = { %s },
.k1_encrypted = { { %s }, { } },
.hmac_test_data = {
.message = { %s },
.hmac_result = { %s }
}
};\n
""" % (
key_to_c_format(init_key),
key_to_c_format(k2_info),
key_to_c_format(k1_encrypted_32[0]),
key_to_c_format(hmac_message),
key_to_c_format(hmac_result),
)
header_content += """
test_data_aes_mode_t test_data_ds = {
.init_key = { %s },
.k2_info = { %s },
.k1_encrypted = { { %s }, { } },
.ds_test_data = {
.ds_message = { %s },
.ds_encrypted_input_params = { %s },
.ds_encrypted_input_params_iv = { %s },
.ds_key_size = %d,
.ds_result = { %s }
}
};\n
""" % (
key_to_c_format(init_key),
key_to_c_format(k2_info),
key_to_c_format(k1_encrypted_32_reversed[0]),
key_to_c_format(ds_message),
key_to_c_format(ds_encrypted_input_params),
key_to_c_format(ds_encrypted_input_params_iv),
ds_key_size,
key_to_c_format(ds_result),
)
file.write(header_content) file.write(header_content)
# Main script logic follows as per your provided structure def generate_tests_cases(target: str) -> None:
init_key = key_from_file_or_generate('init_key.bin', 32) # Main script logic follows as per your provided structure
k2 = key_from_file_or_generate('k2.bin', 32) init_key = key_from_file_or_generate('init_key.bin', 32)
rand_num = key_from_file_or_generate('rand_num.bin', 32) k2 = key_from_file_or_generate('k2.bin', 32)
rand_num = key_from_file_or_generate('rand_num.bin', 32)
temp_result_inner = calculate_aes_cipher(k2, rand_num) temp_result_inner = calculate_aes_cipher(k2, rand_num)
temp_result_outer = calculate_aes_cipher(temp_result_inner + rand_num, init_key) temp_result_outer = calculate_aes_cipher(temp_result_inner + rand_num, init_key)
k2_info = temp_result_outer k2_info = temp_result_outer
k1_32 = key_from_file_or_generate('k1.bin', 32) k1_32 = key_from_file_or_generate('k1.bin', 32)
k1_64 = key_from_file_or_generate('k1_64.bin', 64) k1_64 = key_from_file_or_generate('k1_64.bin', 64)
k1_32_reversed = k1_32[::-1] k1_32_reversed = k1_32[::-1]
k1_64_reversed = k1_64[::-1] k1_64_1 = k1_64[:32]
k1_64_1_reversed = k1_64_1[::-1]
k1_64_2 = k1_64[32:]
k1_64_2_reversed = k1_64_2[::-1]
k1_64_1 = k1_64[:32] k1_encrypted_32 = [calculate_aes_cipher(k1_32, k2)]
k1_64_1_reversed = k1_64_1[::-1] k1_encrypted_64 = [calculate_aes_cipher(k1_64_1, k2), calculate_aes_cipher(k1_64_2, k2)]
k1_64_2 = k1_64[32:]
k1_64_2_reversed = k1_64_2[::-1]
k1_encrypted_32 = [calculate_aes_cipher(k1_32_reversed, k2)] k1_encrypted_32_reversed = [calculate_aes_cipher(k1_32_reversed, k2)]
k1_encrypted_64 = [calculate_aes_cipher(k1_64_1_reversed, k2), calculate_aes_cipher(k1_64_2_reversed, k2)] k1_encrypted_64_reversed = [calculate_aes_cipher(k1_64_1_reversed, k2), calculate_aes_cipher(k1_64_2_reversed, k2)]
test_data_xts_aes_128 = generate_xts_test_data(k1_32) test_data_xts_aes_128 = generate_xts_test_data(k1_32)
xts_test_data_xts_aes_256 = generate_xts_test_data(k1_64) xts_test_data_xts_aes_256 = generate_xts_test_data(k1_64)
pubx, puby = generate_ecdsa_256_key_and_pub_key('k1.bin') pubx, puby = generate_ecdsa_256_key_and_pub_key('k1.bin')
k1_G_0, k1_G_1 = generate_k1_G('k1.bin') k1_G_0, k1_G_1 = generate_k1_G('k1.bin')
write_to_c_header( hmac_message, hmac_result = generate_hmac_test_data(k1_32)
init_key,
k1_32, ds_message, ds_encrypted_input_params, ds_encrypted_input_params_iv, ds_key_size, ds_result = (
k2_info, generate_ds_encrypted_input_params(k1_32, target)
k1_encrypted_32, )
test_data_xts_aes_128,
k1_encrypted_64, write_to_c_header(
xts_test_data_xts_aes_256, init_key,
pubx, k1_32,
puby, k2_info,
k1_G_0, k1_encrypted_32,
k1_G_1, k1_encrypted_32_reversed,
) test_data_xts_aes_128,
k1_encrypted_64,
k1_encrypted_64_reversed,
xts_test_data_xts_aes_256,
pubx,
puby,
k1_G_0,
k1_G_1,
hmac_message,
hmac_result,
ds_message,
ds_encrypted_input_params,
ds_encrypted_input_params_iv,
ds_key_size,
ds_result,
)
if __name__ == '__main__':
parser = argparse.ArgumentParser(description="""Generates Digital Signature Test Cases""")
parser.add_argument(
'--target',
required=True,
choices=supported_targets,
help='Target to generate test cases for, different targets support different max key length',
)
args = parser.parse_args()
generate_tests_cases(args.target)

1
components/hal/test_apps/crypto/main/key_manager/init_key.bin Normal file
View File

@@ -0,0 +1 @@
<EFBFBD><<3C>C<EFBFBD><43>K%[~<7E>W<EFBFBD><57>E<>v<EFBFBD>N.U<>%<25><>

1
components/hal/test_apps/crypto/main/key_manager/k1.bin Normal file
View File

@@ -0,0 +1 @@
,<2C><><EFBFBD>B<10>b<EFBFBD><62><EFBFBD>:<3A><13>ps<70>x<EFBFBD><78>c<EFBFBD>H<EFBFBD>K<EFBFBD>{

BIN
components/hal/test_apps/crypto/main/key_manager/k1_64.bin Normal file
View File

Binary file not shown.

1
components/hal/test_apps/crypto/main/key_manager/k2.bin Normal file
View File

@@ -0,0 +1 @@
!<21>V1,J<>8~f<>*<2A>D<EFBFBD>_<EFBFBD>*<2A>B+<2B>(7<><16>X(<28>

98
components/hal/test_apps/crypto/main/key_manager/key_manager_test_cases.h
View File

File diff suppressed because one or more lines are too long

1
components/hal/test_apps/crypto/main/key_manager/rand_num.bin Normal file
View File

@@ -0,0 +1 @@
<EFBFBD>y/<2F>A╙<08>fI<0E>B<EFBFBD>XR<10>Fn&<26>S&6l<36><6C>V

425
components/hal/test_apps/crypto/main/key_manager/test_key_manager.c
View File

@@ -1,5 +1,5 @@
/* /*
* SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD * SPDX-FileCopyrightText: 2024-2025 Espressif Systems (Shanghai) CO LTD
* *
* SPDX-License-Identifier: Unlicense OR CC0-1.0 * SPDX-License-Identifier: Unlicense OR CC0-1.0
*/ */
@@ -25,9 +25,17 @@
#include "key_manager_test_cases.h" #include "key_manager_test_cases.h"
#include "esp_log.h" #include "esp_log.h"
// For ECDSA tests #if SOC_KEY_MANAGER_ECDSA_KEY_DEPLOY
#include "hal/ecdsa_hal.h" #include "hal/ecdsa_types.h"
#endif
#if SOC_KEY_MANAGER_HMAC_KEY_DEPLOY
#include "hal/hmac_types.h"
#endif
#if SOC_KEY_MANAGER_DS_KEY_DEPLOY
#include "ds/ds_types.h"
#endif
#if SOC_KEY_MANAGER_FE_KEY_DEPLOY
const esp_partition_t *get_test_storage_partition(void) const esp_partition_t *get_test_storage_partition(void)
{ {
/* This finds "storage" partition defined partition table */ /* This finds "storage" partition defined partition table */
@@ -35,32 +43,26 @@ const esp_partition_t *get_test_storage_partition(void)
ESP_PARTITION_SUBTYPE_ANY, "storage"); ESP_PARTITION_SUBTYPE_ANY, "storage");
if (!result) { if (!result) {
/* means partition table set wrong */ /* means partition table set wrong */
printf("ERROR in obtaining storage partition"); ESP_LOGE("", "ERROR in obtaining storage partition");
return NULL; return NULL;
} }
return result; return result;
} }
static void print_data_in_hex(const uint8_t *data, int size, const char *info_str)
{
printf("%s: 0x", info_str);
for(int i = 0 ; i < size; i++) {
printf("%02x", data[i]);
}
printf("\n");
}
static void test_xts_aes_key_aes_mode(test_data_aes_mode_t *test_data) static void test_xts_aes_key_aes_mode(test_data_aes_mode_t *test_data)
{ {
const esp_partition_t *partition = get_test_storage_partition(); const esp_partition_t *partition = get_test_storage_partition();
ESP_ERROR_CHECK(esp_partition_erase_range(partition, 0, partition->size)); ESP_ERROR_CHECK(esp_partition_erase_range(partition, 0, partition->size));
uint8_t read_data[128];
for (int i = 0; i < TEST_COUNT; i++) { for (int i = 0; i < TEST_COUNT; i++) {
memset(read_data, 0, sizeof(read_data));
uint32_t address = test_data->xts_test_data[i].data_offset; uint32_t address = test_data->xts_test_data[i].data_offset;
uint32_t data_size = test_data->xts_test_data[i].data_size; uint32_t data_size = test_data->xts_test_data[i].data_size;
ESP_ERROR_CHECK(esp_flash_write_encrypted(NULL, address, test_data->plaintext_data, data_size)); ESP_ERROR_CHECK(esp_flash_write_encrypted(NULL, address, test_data->plaintext_data, data_size));
static uint8_t read_data[128];
ESP_ERROR_CHECK(esp_flash_read(NULL, read_data, address, data_size)); ESP_ERROR_CHECK(esp_flash_read(NULL, read_data, address, data_size));
TEST_ASSERT_EQUAL_HEX8_ARRAY(test_data->xts_test_data[i].ciphertext, read_data, data_size); TEST_ASSERT_EQUAL_HEX8_ARRAY(test_data->xts_test_data[i].ciphertext, read_data, data_size);
} }
} }
@@ -70,18 +72,20 @@ static void test_xts_aes_key_ecdh0_mode(test_data_ecdh0_mode_t *test_data)
const esp_partition_t *partition = get_test_storage_partition(); const esp_partition_t *partition = get_test_storage_partition();
ESP_ERROR_CHECK(esp_partition_erase_range(partition, 0, partition->size)); ESP_ERROR_CHECK(esp_partition_erase_range(partition, 0, partition->size));
uint8_t read_data[128] = { 0 };
uint32_t address = partition->address; uint32_t address = partition->address;
uint32_t data_size = 32; uint32_t data_size = 32;
print_data_in_hex(test_data->plaintext_data, data_size, "Plaintext data"); ESP_LOG_BUFFER_HEXDUMP("Plaintext data", test_data->plaintext_data, data_size, ESP_LOG_DEBUG);
ESP_ERROR_CHECK(esp_flash_write_encrypted(NULL, address, test_data->plaintext_data, data_size)); ESP_ERROR_CHECK(esp_flash_write_encrypted(NULL, address, test_data->plaintext_data, data_size));
static uint8_t read_data[128];
ESP_ERROR_CHECK(esp_flash_read(NULL, read_data, address, data_size)); ESP_ERROR_CHECK(esp_flash_read(NULL, read_data, address, data_size));
print_data_in_hex(read_data, data_size, "Encrypted data");
ESP_LOG_BUFFER_HEXDUMP("Encrypted data", read_data, data_size, ESP_LOG_DEBUG);
} }
static void key_mgr_test_xts_aes_128(void) #if SOC_FLASH_ENCRYPTION_XTS_AES_128
static void key_mgr_test_xts_aes_128_aes_mode(void)
{ {
static esp_key_mgr_aes_key_config_t key_config; static esp_key_mgr_aes_key_config_t key_config;
memcpy(key_config.k2_info, (uint8_t*) test_data_xts_aes_128.k2_info, KEY_MGR_K2_INFO_SIZE); memcpy(key_config.k2_info, (uint8_t*) test_data_xts_aes_128.k2_info, KEY_MGR_K2_INFO_SIZE);
@@ -95,9 +99,27 @@ static void key_mgr_test_xts_aes_128(void)
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_activate_key(&key_recovery_info)); TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_activate_key(&key_recovery_info));
test_xts_aes_key_aes_mode(&test_data_xts_aes_128); test_xts_aes_key_aes_mode(&test_data_xts_aes_128);
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deactivate_key(key_recovery_info.key_type)); TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deactivate_key(key_recovery_info.key_type));
} }
static void key_mgr_test_xts_aes_128_ecdh0_mode(void)
{
static esp_key_mgr_ecdh0_key_config_t key_config;
memcpy(key_config.k1_G[0], (uint8_t*) test_data_ecdh0.k1_G[0], KEY_MGR_ECDH0_INFO_SIZE);
key_config.key_type = ESP_KEY_MGR_XTS_AES_128_KEY;
static esp_key_mgr_key_recovery_info_t key_recovery_info;
static esp_key_mgr_ecdh0_info_t ecdh0_info;
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deploy_key_in_ecdh0_mode(&key_config, &key_recovery_info, &ecdh0_info));
ESP_LOG_BUFFER_HEXDUMP("K2_G", ecdh0_info.k2_G[0], KEY_MGR_ECDH0_INFO_SIZE, ESP_LOG_DEBUG);
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_activate_key(&key_recovery_info));
test_xts_aes_key_ecdh0_mode(&test_data_ecdh0);
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deactivate_key(key_recovery_info.key_type));
}
#endif /* SOC_FLASH_ENCRYPTION_XTS_AES_128 */
#if SOC_FLASH_ENCRYPTION_XTS_AES_256
static void key_mgr_test_xts_aes_256_aes_mode(void) static void key_mgr_test_xts_aes_256_aes_mode(void)
{ {
static esp_key_mgr_aes_key_config_t key_config; static esp_key_mgr_aes_key_config_t key_config;
@@ -115,11 +137,80 @@ static void key_mgr_test_xts_aes_256_aes_mode(void)
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deactivate_key(key_recovery_info.key_type)); TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deactivate_key(key_recovery_info.key_type));
} }
#ifdef SOC_ECDSA_SUPPORT_EXPORT_PUBKEY static void key_mgr_test_xts_aes_256_ecdh0_mode(void)
{
static esp_key_mgr_ecdh0_key_config_t key_config;
memcpy(key_config.k1_G[0], (uint8_t*) test_data_ecdh0.k1_G[0], KEY_MGR_ECDH0_INFO_SIZE);
memcpy(key_config.k1_G[1], (uint8_t*) test_data_ecdh0.k1_G[1], KEY_MGR_ECDH0_INFO_SIZE);
key_config.key_type = ESP_KEY_MGR_XTS_AES_256_KEY;
static esp_key_mgr_key_recovery_info_t key_recovery_info;
static esp_key_mgr_ecdh0_info_t ecdh0_info;
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deploy_key_in_ecdh0_mode(&key_config, &key_recovery_info, &ecdh0_info));
ESP_LOG_BUFFER_HEXDUMP("K2_G_0", ecdh0_info.k2_G[0], KEY_MGR_ECDH0_INFO_SIZE, ESP_LOG_DEBUG);
ESP_LOG_BUFFER_HEXDUMP("K2_G_1", ecdh0_info.k2_G[1], KEY_MGR_ECDH0_INFO_SIZE, ESP_LOG_DEBUG);
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_activate_key(&key_recovery_info));
test_xts_aes_key_ecdh0_mode(&test_data_ecdh0);
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deactivate_key(key_recovery_info.key_type));
}
#endif /* SOC_FLASH_ENCRYPTION_XTS_AES_256 */
#if CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS
static void test_xts_aes_key_random_mode(void)
{
const esp_partition_t *partition = get_test_storage_partition();
ESP_ERROR_CHECK(esp_partition_erase_range(partition, 0, partition->size));
uint8_t plaintext_data[1024] = {[0 ... 1023] = 0xBE};
const int write_size = 16;
for (int i = 0; i < sizeof(plaintext_data) / write_size; i++) {
ESP_LOGI("", " i = %d", i);
ESP_ERROR_CHECK(esp_flash_write_encrypted(NULL, partition->address + (i * write_size), plaintext_data, write_size));
static uint8_t read_data[128];
ESP_ERROR_CHECK(esp_partition_read(partition, write_size * i, read_data, write_size));
TEST_ASSERT_EQUAL_HEX8_ARRAY(plaintext_data + (i * write_size), read_data, write_size);
}
}
#if SOC_FLASH_ENCRYPTION_XTS_AES_128
static void key_mgr_test_xts_aes_128_random_mode(void)
{
static esp_key_mgr_random_key_config_t key_config;
key_config.key_type = ESP_KEY_MGR_XTS_AES_128_KEY;
static esp_key_mgr_key_recovery_info_t key_recovery_info;
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deploy_key_in_random_mode(&key_config, &key_recovery_info));
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_activate_key(&key_recovery_info));
test_xts_aes_key_random_mode();
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deactivate_key(key_recovery_info.key_type));
}
#endif /* SOC_FLASH_ENCRYPTION_XTS_AES_128 */
#if SOC_FLASH_ENCRYPTION_XTS_AES_256
static void key_mgr_test_xts_aes_256_random_mode(void)
{
static esp_key_mgr_random_key_config_t key_config;
key_config.key_type = ESP_KEY_MGR_XTS_AES_256_KEY;
static esp_key_mgr_key_recovery_info_t key_recovery_info;
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deploy_key_in_random_mode(&key_config, &key_recovery_info));
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_activate_key(&key_recovery_info));
test_xts_aes_key_random_mode();
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deactivate_key(key_recovery_info.key_type));
}
#endif /* SOC_FLASH_ENCRYPTION_XTS_AES_256 */
#endif /* CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS */
#endif /* SOC_KEY_MANAGER_FE_KEY_DEPLOY */
#if SOC_KEY_MANAGER_ECDSA_KEY_DEPLOY
#if SOC_ECDSA_SUPPORT_EXPORT_PUBKEY
extern void test_ecdsa_export_pubkey(bool is_p256, uint8_t *ecdsa_pub_x, uint8_t *ecdsa_pub_y, bool use_km_key); extern void test_ecdsa_export_pubkey(bool is_p256, uint8_t *ecdsa_pub_x, uint8_t *ecdsa_pub_y, bool use_km_key);
extern void test_ecdsa_export_pubkey_inner(bool is_p256, uint8_t *exported_pub_x, uint8_t *exported_pub_y, bool use_km_key, uint16_t *len); extern void test_ecdsa_export_pubkey_inner(bool is_p256, uint8_t *exported_pub_x, uint8_t *exported_pub_y, bool use_km_key, uint16_t *len);
#endif #endif
extern void test_ecdsa_sign(bool is_p256, uint8_t* sha, uint8_t* r_le, uint8_t* s_le, bool use_km_key, ecdsa_sign_type_t k_type);
extern int test_ecdsa_verify(bool is_p256, uint8_t* sha, uint8_t* r_le, uint8_t* s_le, uint8_t *pub_x, uint8_t *pub_y);
extern void test_ecdsa_sign_and_verify(bool is_p256, uint8_t* sha, uint8_t* pub_x, uint8_t* pub_y, bool use_km_key, ecdsa_sign_type_t k_type); extern void test_ecdsa_sign_and_verify(bool is_p256, uint8_t* sha, uint8_t* pub_x, uint8_t* pub_y, bool use_km_key, ecdsa_sign_type_t k_type);
/* /*
@@ -137,11 +228,6 @@ void test_ecdsa_key_aes_mode(test_data_aes_mode_t *ecdsa_test_data, ecdsa_sign_t
#endif #endif
} }
extern void test_ecdsa_sign(bool is_p256, uint8_t* sha, uint8_t* r_le, uint8_t* s_le, bool use_km_key, ecdsa_sign_type_t k_type);
extern int test_ecdsa_verify(bool is_p256, uint8_t* sha, uint8_t* r_le, uint8_t* s_le, uint8_t *pub_x, uint8_t *pub_y);
void key_mgr_test_ecdsa_key(bool is_p256, ecdsa_sign_type_t k_type) void key_mgr_test_ecdsa_key(bool is_p256, ecdsa_sign_type_t k_type)
{ {
uint8_t pub_x[32] = {}; uint8_t pub_x[32] = {};
@@ -151,18 +237,17 @@ void key_mgr_test_ecdsa_key(bool is_p256, ecdsa_sign_type_t k_type)
test_ecdsa_sign(is_p256, sha256_digest, r_le, s_le, 1, k_type); test_ecdsa_sign(is_p256, sha256_digest, r_le, s_le, 1, k_type);
print_data_in_hex(sha256_digest, sizeof(sha256_digest), "ECDSA message sha256 digest"); ESP_LOG_BUFFER_HEXDUMP("ECDSA message sha256 digest", sha256_digest, sizeof(sha256_digest), ESP_LOG_DEBUG);
print_data_in_hex(r_le, sizeof(r_le), "ECDSA signature r_le"); ESP_LOG_BUFFER_HEXDUMP("ECDSA signature r_le", r_le, sizeof(r_le), ESP_LOG_DEBUG);
print_data_in_hex(s_le, sizeof(s_le), "ECDSA signature s_le"); ESP_LOG_BUFFER_HEXDUMP("ECDSA signature s_le", s_le, sizeof(s_le), ESP_LOG_DEBUG);
// Export the pubkey from ECDSA peripheral // Export the pubkey from ECDSA peripheral
uint16_t pubkey_len = 0; uint16_t pubkey_len = 0;
test_ecdsa_export_pubkey_inner(is_p256, pub_x, pub_y, 1, &pubkey_len); test_ecdsa_export_pubkey_inner(is_p256, pub_x, pub_y, 1, &pubkey_len);
print_data_in_hex(pub_x, pubkey_len, "ECDSA key pubx"); ESP_LOG_BUFFER_HEXDUMP("ECDSA key pubx", pub_x, pubkey_len, ESP_LOG_DEBUG);
print_data_in_hex(pub_y, pubkey_len, "ECDSA key puby"); ESP_LOG_BUFFER_HEXDUMP("ECDSA key puby", pub_y, pubkey_len, ESP_LOG_DEBUG);
TEST_ASSERT_EQUAL(0, test_ecdsa_verify(is_p256, sha256_digest, r_le, s_le, pub_x, pub_y)); TEST_ASSERT_EQUAL(0, test_ecdsa_verify(is_p256, sha256_digest, r_le, s_le, pub_x, pub_y));
} }
static void key_mgr_test_ecdsa_p256_aes_mode(void) static void key_mgr_test_ecdsa_p256_aes_mode(void)
@@ -185,47 +270,8 @@ static void key_mgr_test_ecdsa_p256_aes_mode(void)
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deactivate_key(key_recovery_info.key_type)); TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deactivate_key(key_recovery_info.key_type));
} }
static void key_mgr_test_xts_aes_128_ecdh0_mode(void)
{
printf("\nKey Manager ECDH0 deployment: XTS_AES_128 key\n");
static esp_key_mgr_ecdh0_key_config_t key_config;
memcpy(key_config.k1_G[0], (uint8_t*) test_data_ecdh0.k1_G[0], KEY_MGR_ECDH0_INFO_SIZE);
key_config.key_type = ESP_KEY_MGR_XTS_AES_128_KEY;
static esp_key_mgr_key_recovery_info_t key_recovery_info;
static esp_key_mgr_ecdh0_info_t ecdh0_info;
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deploy_key_in_ecdh0_mode(&key_config, &key_recovery_info, &ecdh0_info));
print_data_in_hex(ecdh0_info.k2_G[0], KEY_MGR_ECDH0_INFO_SIZE, "K2_G");
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_activate_key(&key_recovery_info));
test_xts_aes_key_ecdh0_mode(&test_data_ecdh0);
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deactivate_key(key_recovery_info.key_type));
}
static void key_mgr_test_xts_aes_256_ecdh0_mode(void)
{
printf("\nKey Manager ECDH0 deployment: XTS_AES_256 key\n");
static esp_key_mgr_ecdh0_key_config_t key_config;
memcpy(key_config.k1_G[0], (uint8_t*) test_data_ecdh0.k1_G[0], KEY_MGR_ECDH0_INFO_SIZE);
memcpy(key_config.k1_G[1], (uint8_t*) test_data_ecdh0.k1_G[1], KEY_MGR_ECDH0_INFO_SIZE);
key_config.key_type = ESP_KEY_MGR_XTS_AES_256_KEY;
static esp_key_mgr_key_recovery_info_t key_recovery_info;
static esp_key_mgr_ecdh0_info_t ecdh0_info;
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deploy_key_in_ecdh0_mode(&key_config, &key_recovery_info, &ecdh0_info));
print_data_in_hex(ecdh0_info.k2_G[0], KEY_MGR_ECDH0_INFO_SIZE, "K2_G_0");
print_data_in_hex(ecdh0_info.k2_G[1], KEY_MGR_ECDH0_INFO_SIZE, "K2_G_1");
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_activate_key(&key_recovery_info));
test_xts_aes_key_ecdh0_mode(&test_data_ecdh0);
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deactivate_key(key_recovery_info.key_type));
}
static void key_mgr_test_ecdsa_ecdh0_mode(void) static void key_mgr_test_ecdsa_ecdh0_mode(void)
{ {
printf("\nKey Manager ECDH0 deployment: ECDSA_256 key\n");
static esp_key_mgr_ecdh0_key_config_t key_config; static esp_key_mgr_ecdh0_key_config_t key_config;
memcpy(key_config.k1_G[0], (uint8_t*) test_data_ecdh0.k1_G[0], KEY_MGR_ECDH0_INFO_SIZE); memcpy(key_config.k1_G[0], (uint8_t*) test_data_ecdh0.k1_G[0], KEY_MGR_ECDH0_INFO_SIZE);
key_config.key_type = ESP_KEY_MGR_ECDSA_256_KEY; key_config.key_type = ESP_KEY_MGR_ECDSA_256_KEY;
@@ -233,8 +279,7 @@ static void key_mgr_test_ecdsa_ecdh0_mode(void)
static esp_key_mgr_key_recovery_info_t key_recovery_info; static esp_key_mgr_key_recovery_info_t key_recovery_info;
static esp_key_mgr_ecdh0_info_t ecdh0_info; static esp_key_mgr_ecdh0_info_t ecdh0_info;
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deploy_key_in_ecdh0_mode(&key_config, &key_recovery_info, &ecdh0_info)); TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deploy_key_in_ecdh0_mode(&key_config, &key_recovery_info, &ecdh0_info));
ESP_LOG_BUFFER_HEXDUMP("K2_G", ecdh0_info.k2_G[0], KEY_MGR_ECDH0_INFO_SIZE, ESP_LOG_DEBUG);
print_data_in_hex(ecdh0_info.k2_G[0], KEY_MGR_ECDH0_INFO_SIZE, "K2_G");
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_activate_key(&key_recovery_info)); TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_activate_key(&key_recovery_info));
#ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE #ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE
@@ -246,7 +291,6 @@ static void key_mgr_test_ecdsa_ecdh0_mode(void)
static void key_mgr_test_ecdsa_random_mode(void) static void key_mgr_test_ecdsa_random_mode(void)
{ {
printf("\nKey Manager Random deployment: ECDSA_256 key\n");
static esp_key_mgr_random_key_config_t key_config; static esp_key_mgr_random_key_config_t key_config;
key_config.key_type = ESP_KEY_MGR_ECDSA_256_KEY; key_config.key_type = ESP_KEY_MGR_ECDSA_256_KEY;
@@ -254,57 +298,128 @@ static void key_mgr_test_ecdsa_random_mode(void)
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deploy_key_in_random_mode(&key_config, &key_recovery_info)); TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deploy_key_in_random_mode(&key_config, &key_recovery_info));
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_activate_key(&key_recovery_info)); TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_activate_key(&key_recovery_info));
#ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE #ifdef SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE
key_mgr_test_ecdsa_key(1, ECDSA_K_TYPE_DETERMINISITIC); key_mgr_test_ecdsa_key(1, ECDSA_K_TYPE_DETERMINISITIC);
#endif #endif
key_mgr_test_ecdsa_key(1, ECDSA_K_TYPE_TRNG); key_mgr_test_ecdsa_key(1, ECDSA_K_TYPE_TRNG);
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deactivate_key(key_recovery_info.key_type)); TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deactivate_key(key_recovery_info.key_type));
} }
#endif /* SOC_KEY_MANAGER_ECDSA_KEY_DEPLOY */
#if CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS #if SOC_KEY_MANAGER_HMAC_KEY_DEPLOY
extern esp_err_t hmac_calculate(uint32_t key_id, const void *message, size_t message_len, uint8_t *hmac);
static void test_xts_aes_key_random_mode(void) static void key_mgr_test_hmac_key_aes_mode(test_data_aes_mode_t *test_data)
{ {
const esp_partition_t *partition = get_test_storage_partition(); uint8_t hmac[32] = {0};
ESP_ERROR_CHECK(esp_partition_erase_range(partition, 0, partition->size)); TEST_ASSERT_EQUAL(ESP_OK, hmac_calculate(HMAC_KEY_KM, test_data->hmac_test_data.message, sizeof(test_data->hmac_test_data.message), hmac));
uint8_t plaintext_data[1024] = {[0 ... 1023] = 0xBE}; TEST_ASSERT_EQUAL_HEX8_ARRAY(test_data->hmac_test_data.hmac_result, hmac, sizeof(test_data->hmac_test_data.hmac_result));
const int write_size = 16; }
for (int i = 0; i < sizeof(plaintext_data) / write_size; i++) {
printf("\n i = %d\n", i); static void key_mgr_test_hmac_key_ecdh0_mode(const uint8_t *message, size_t message_len)
ESP_ERROR_CHECK(esp_flash_write_encrypted(NULL, partition->address + (i * write_size), plaintext_data, write_size)); {
static uint8_t read_data[128]; uint8_t hmac[32] = {0};
ESP_ERROR_CHECK(esp_partition_read(partition, write_size * i, read_data, write_size)); TEST_ASSERT_EQUAL(ESP_OK, hmac_calculate(HMAC_KEY_KM, message, message_len, hmac));
TEST_ASSERT_EQUAL_HEX8_ARRAY(plaintext_data + (i * write_size), read_data, write_size); // We cannot verify the result here as the HMAC key deployed is unknown.
} }
static void key_mgr_test_hmac_key_aes_random_mode(const uint8_t *message, size_t message_len)
{
uint8_t hmac[32] = {0};
TEST_ASSERT_EQUAL(ESP_OK, hmac_calculate(HMAC_KEY_KM, message, message_len, hmac));
// We cannot verify the result here as the HMAC key deployed is unknown.
} }
static void key_mgr_test_xts_aes_128_random_mode(void) static void key_mgr_test_hmac_aes_mode(void)
{ {
static esp_key_mgr_random_key_config_t key_config; static esp_key_mgr_aes_key_config_t key_config;
key_config.key_type = ESP_KEY_MGR_XTS_AES_128_KEY; memcpy(key_config.k2_info, (uint8_t*) test_data_hmac.k2_info, KEY_MGR_K2_INFO_SIZE);
memcpy(key_config.k1_encrypted, (uint8_t*) test_data_hmac.k1_encrypted, KEY_MGR_K1_ENCRYPTED_SIZE);
memcpy(key_config.sw_init_key, (uint8_t*) test_data_hmac.init_key, KEY_MGR_SW_INIT_KEY_SIZE);
key_config.use_pre_generated_sw_init_key = 1;
key_config.key_type = ESP_KEY_MGR_HMAC_KEY;
static esp_key_mgr_key_recovery_info_t key_recovery_info; static esp_key_mgr_key_recovery_info_t key_recovery_info;
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deploy_key_in_random_mode(&key_config, &key_recovery_info)); TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deploy_key_in_aes_mode(&key_config, &key_recovery_info));
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_activate_key(&key_recovery_info)); ESP_LOG_BUFFER_HEXDUMP("key_info", key_recovery_info.key_info, sizeof(esp_key_mgr_key_info_t), ESP_LOG_DEBUG);
test_xts_aes_key_random_mode();
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deactivate_key(key_recovery_info.key_type));
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_activate_key(&key_recovery_info));
key_mgr_test_hmac_key_aes_mode(&test_data_hmac);
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deactivate_key(key_recovery_info.key_type));
} }
static void key_mgr_test_xts_aes_256_random_mode(void) static void key_mgr_test_hmac_ecdh0_mode(void)
{
static esp_key_mgr_ecdh0_key_config_t key_config;
memcpy(key_config.k1_G[0], (uint8_t*) test_data_ecdh0.k1_G[0], KEY_MGR_ECDH0_INFO_SIZE);
key_config.key_type = ESP_KEY_MGR_HMAC_KEY;
static esp_key_mgr_key_recovery_info_t key_recovery_info;
static esp_key_mgr_ecdh0_info_t ecdh0_info;
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deploy_key_in_ecdh0_mode(&key_config, &key_recovery_info, &ecdh0_info));
ESP_LOG_BUFFER_HEXDUMP("K2_G", ecdh0_info.k2_G[0], KEY_MGR_ECDH0_INFO_SIZE, ESP_LOG_DEBUG);
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_activate_key(&key_recovery_info));
key_mgr_test_hmac_key_ecdh0_mode(test_data_hmac.hmac_test_data.message, sizeof(test_data_hmac.hmac_test_data.message));
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deactivate_key(key_recovery_info.key_type));
}
static void key_mgr_test_hmac_random_mode(void)
{ {
static esp_key_mgr_random_key_config_t key_config; static esp_key_mgr_random_key_config_t key_config;
key_config.key_type = ESP_KEY_MGR_XTS_AES_256_KEY; key_config.key_type = ESP_KEY_MGR_HMAC_KEY;
static esp_key_mgr_key_recovery_info_t key_recovery_info; static esp_key_mgr_key_recovery_info_t key_recovery_info;
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deploy_key_in_random_mode(&key_config, &key_recovery_info)); TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deploy_key_in_random_mode(&key_config, &key_recovery_info));
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_activate_key(&key_recovery_info)); TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_activate_key(&key_recovery_info));
test_xts_aes_key_random_mode(); key_mgr_test_hmac_key_aes_random_mode(test_data_hmac.hmac_test_data.message, sizeof(test_data_hmac.hmac_test_data.message));
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deactivate_key(key_recovery_info.key_type)); TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deactivate_key(key_recovery_info.key_type));
} }
#endif #endif /* SOC_KEY_MANAGER_HMAC_KEY_DEPLOY */
#if SOC_KEY_MANAGER_DS_KEY_DEPLOY
extern esp_err_t esp_ds_sign(const void *message,
const esp_ds_data_t *data,
uint32_t key_id,
void *signature);
static void key_mgr_test_ds_key_aes_mode(test_data_aes_mode_t *test_data)
{
esp_ds_data_t esp_ds_data = {0};
esp_ds_data.rsa_length = test_data->ds_test_data.ds_key_size / 32 - 1;
memcpy(esp_ds_data.iv, test_data->ds_test_data.ds_encrypted_input_params_iv, sizeof(esp_ds_data.iv));
memcpy(esp_ds_data.c, test_data->ds_test_data.ds_encrypted_input_params, sizeof(esp_ds_data.c));
uint8_t signature[4096 / 8] = {0}; // Max possible RSA signature size
esp_err_t ds_r = esp_ds_sign(test_data->ds_test_data.ds_message,
&esp_ds_data,
HMAC_KEY_KM,
signature);
TEST_ASSERT_EQUAL(ESP_OK, ds_r);
TEST_ASSERT_EQUAL_HEX8_ARRAY(test_data->ds_test_data.ds_result, signature, sizeof(test_data->ds_test_data.ds_result));
}
static void key_mgr_test_ds_aes_mode(void)
{
static esp_key_mgr_aes_key_config_t key_config;
memcpy(key_config.k2_info, (uint8_t*) test_data_ds.k2_info, KEY_MGR_K2_INFO_SIZE);
memcpy(key_config.k1_encrypted, (uint8_t*) test_data_ds.k1_encrypted, KEY_MGR_K1_ENCRYPTED_SIZE);
memcpy(key_config.sw_init_key, (uint8_t*) test_data_ds.init_key, KEY_MGR_SW_INIT_KEY_SIZE);
key_config.use_pre_generated_sw_init_key = 1;
key_config.key_type = ESP_KEY_MGR_DS_KEY;
static esp_key_mgr_key_recovery_info_t key_recovery_info;
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deploy_key_in_aes_mode(&key_config, &key_recovery_info));
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_activate_key(&key_recovery_info));
key_mgr_test_ds_key_aes_mode(&test_data_ds);
TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deactivate_key(key_recovery_info.key_type));
}
#endif /* SOC_KEY_MANAGER_DS_KEY_DEPLOY */
TEST_GROUP(key_manager); TEST_GROUP(key_manager);
@@ -320,56 +435,124 @@ TEST_TEAR_DOWN(key_manager)
test_utils_get_leak_level(ESP_LEAK_TYPE_CRITICAL, ESP_COMP_LEAK_ALL)); test_utils_get_leak_level(ESP_LEAK_TYPE_CRITICAL, ESP_COMP_LEAK_ALL));
} }
#if SOC_KEY_MANAGER_FE_KEY_DEPLOY
#if SOC_FLASH_ENCRYPTION_XTS_AES_128
TEST(key_manager, xts_aes_128_key_aes_deployment) TEST(key_manager, xts_aes_128_key_aes_deployment)
{ {
key_mgr_test_xts_aes_128(); key_mgr_test_xts_aes_128_aes_mode();
} }
TEST(key_manager, xts_key_128_ecdh0_deployment)
{
key_mgr_test_xts_aes_128_ecdh0_mode();
}
#if CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS
TEST(key_manager, xts_key_128_random_deployment)
{
key_mgr_test_xts_aes_128_random_mode();
}
#endif /* CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS */
#endif /* SOC_FLASH_ENCRYPTION_XTS_AES_128 */
#if SOC_FLASH_ENCRYPTION_XTS_AES_256
TEST(key_manager, xts_aes_256_key_aes_deployment) TEST(key_manager, xts_aes_256_key_aes_deployment)
{ {
key_mgr_test_xts_aes_256_aes_mode(); key_mgr_test_xts_aes_256_aes_mode();
} }
TEST(key_manager, ecdsa_key_aes_deployment) TEST(key_manager, xts_key_256_ecdh0_deployment)
{
key_mgr_test_xts_aes_256_ecdh0_mode();
}
#if CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS
TEST(key_manager, xts_key_256_random_deployment)
{
key_mgr_test_xts_aes_256_random_mode();
}
#endif /* CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS */
#endif /* SOC_FLASH_ENCRYPTION_XTS_AES_256 */
#endif /* SOC_KEY_MANAGER_FE_KEY_DEPLOY */
#if SOC_KEY_MANAGER_ECDSA_KEY_DEPLOY
TEST(key_manager, ecdsa_p256_key_aes_deployment)
{ {
key_mgr_test_ecdsa_p256_aes_mode(); key_mgr_test_ecdsa_p256_aes_mode();
} }
TEST(key_manager, xts_key_ecdh0_deployment) TEST(key_manager, ecdsa_p256_key_ecdh0_deployment)
{
key_mgr_test_xts_aes_128_ecdh0_mode();
key_mgr_test_xts_aes_256_ecdh0_mode();
}
TEST(key_manager, ecdsa_key_ecdh0_deployment)
{ {
key_mgr_test_ecdsa_ecdh0_mode(); key_mgr_test_ecdsa_ecdh0_mode();
} }
TEST(key_manager, ecdsa_key_random_deployment) TEST(key_manager, ecdsa_p256_key_random_deployment)
{ {
key_mgr_test_ecdsa_random_mode(); key_mgr_test_ecdsa_random_mode();
} }
#endif /* SOC_KEY_MANAGER_ECDSA_KEY_DEPLOY */
#if CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS #if SOC_KEY_MANAGER_HMAC_KEY_DEPLOY
TEST(key_manager, xts_key_random_deployment) TEST(key_manager, hmac_key_aes_deployment)
{ {
key_mgr_test_xts_aes_128_random_mode(); key_mgr_test_hmac_aes_mode();
key_mgr_test_xts_aes_256_random_mode();
} }
#endif
TEST(key_manager, hmac_key_ecdh0_deployment)
{
key_mgr_test_hmac_ecdh0_mode();
}
TEST(key_manager, hmac_key_random_deployment)
{
key_mgr_test_hmac_random_mode();
}
#endif /* SOC_KEY_MANAGER_HMAC_KEY_DEPLOY */
#if SOC_KEY_MANAGER_DS_KEY_DEPLOY
TEST(key_manager, ds_key_aes_deployment)
{
key_mgr_test_ds_aes_mode();
}
#endif /* SOC_KEY_MANAGER_DS_KEY_DEPLOY */
TEST_GROUP_RUNNER(key_manager) TEST_GROUP_RUNNER(key_manager)
{ {
#if SOC_KEY_MANAGER_FE_KEY_DEPLOY
#if SOC_FLASH_ENCRYPTION_XTS_AES_128
RUN_TEST_CASE(key_manager, xts_aes_128_key_aes_deployment); RUN_TEST_CASE(key_manager, xts_aes_128_key_aes_deployment);
RUN_TEST_CASE(key_manager, xts_aes_256_key_aes_deployment); RUN_TEST_CASE(key_manager, xts_key_128_ecdh0_deployment);
RUN_TEST_CASE(key_manager, ecdsa_key_aes_deployment);
RUN_TEST_CASE(key_manager, xts_key_ecdh0_deployment);
RUN_TEST_CASE(key_manager, ecdsa_key_ecdh0_deployment);
RUN_TEST_CASE(key_manager, ecdsa_key_random_deployment);
#if CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS #if CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS
// This tests expects Flash encryption to be enabled as the test compares the decrypted flash data with the plaintext data // This tests expects Flash encryption to be enabled as the test compares the decrypted flash data with the plaintext data
RUN_TEST_CASE(key_manager, xts_key_random_deployment); RUN_TEST_CASE(key_manager, xts_key_128_random_deployment);
#endif #endif /* CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS */
#endif /* SOC_FLASH_ENCRYPTION_XTS_AES_128 */
#if SOC_FLASH_ENCRYPTION_XTS_AES_256
RUN_TEST_CASE(key_manager, xts_aes_256_key_aes_deployment);
RUN_TEST_CASE(key_manager, xts_key_256_ecdh0_deployment);
#if CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS
RUN_TEST_CASE(key_manager, xts_key_256_random_deployment);
#endif /* CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS */
#endif /* SOC_FLASH_ENCRYPTION_XTS_AES_256 */
#endif /* SOC_KEY_MANAGER_FE_KEY_DEPLOY */
#if SOC_KEY_MANAGER_ECDSA_KEY_DEPLOY
RUN_TEST_CASE(key_manager, ecdsa_p256_key_aes_deployment);
RUN_TEST_CASE(key_manager, ecdsa_p256_key_ecdh0_deployment);
RUN_TEST_CASE(key_manager, ecdsa_p256_key_random_deployment);
#endif /* SOC_KEY_MANAGER_ECDSA_KEY_DEPLOY */
#if SOC_KEY_MANAGER_HMAC_KEY_DEPLOY
RUN_TEST_CASE(key_manager, hmac_key_aes_deployment);
RUN_TEST_CASE(key_manager, hmac_key_ecdh0_deployment);
RUN_TEST_CASE(key_manager, hmac_key_random_deployment);
#endif /* SOC_KEY_MANAGER_HMAC_KEY_DEPLOY */
#if SOC_KEY_MANAGER_DS_KEY_DEPLOY
RUN_TEST_CASE(key_manager, ds_key_aes_deployment);
// Verifying deployment of a DS key using the ECDH0 and Random mode of the Key Manager
// is not possible as the deployed DS key is not known to user in these modes to
// pre-generate the ciphertext input data.
#endif /* SOC_KEY_MANAGER_DS_KEY_DEPLOY */
} }

29
components/hal/test_apps/crypto/main/sha/sha_block.c
View File

@@ -12,7 +12,7 @@
#include "soc/periph_defs.h" #include "soc/periph_defs.h"
#include "esp_private/periph_ctrl.h" #include "esp_private/periph_ctrl.h"
#include "esp_private/esp_crypto_lock_internal.h" #include "esp_crypto_periph_clk.h"
#include "hal/sha_hal.h" #include "hal/sha_hal.h"
#include "hal/sha_ll.h" #include "hal/sha_ll.h"
#include "sha_block.h" #include "sha_block.h"
@@ -68,10 +68,7 @@ static void sha1_update_block(sha1_ctx* ctx, esp_sha_type sha_type, const unsign
if ( (ilen >= 64) || local_len) { if ( (ilen >= 64) || local_len) {
/* Enable peripheral module */ /* Enable peripheral module */
SHA_RCC_ATOMIC() { esp_crypto_sha_enable_periph_clk(true);
sha_ll_enable_bus_clock(true);
sha_ll_reset_register();
}
sha_hal_wait_idle(); sha_hal_wait_idle();
sha_hal_set_mode(sha_type); sha_hal_set_mode(sha_type);
@@ -103,9 +100,7 @@ static void sha1_update_block(sha1_ctx* ctx, esp_sha_type sha_type, const unsign
sha_hal_read_digest(sha_type, ctx->state); sha_hal_read_digest(sha_type, ctx->state);
/* Disable peripheral module */ /* Disable peripheral module */
SHA_RCC_ATOMIC() { esp_crypto_sha_enable_periph_clk(false);
sha_ll_enable_bus_clock(false);
}
} }
if ( ilen > 0 ) { if ( ilen > 0 ) {
@@ -172,10 +167,7 @@ static void sha256_update_block(sha256_ctx* ctx, esp_sha_type sha_type, const un
if ( (ilen >= 64) || local_len) { if ( (ilen >= 64) || local_len) {
/* Enable peripheral module */ /* Enable peripheral module */
SHA_RCC_ATOMIC() { esp_crypto_sha_enable_periph_clk(true);
sha_ll_enable_bus_clock(true);
sha_ll_reset_register();
}
sha_hal_wait_idle(); sha_hal_wait_idle();
sha_hal_set_mode(sha_type); sha_hal_set_mode(sha_type);
@@ -207,9 +199,7 @@ static void sha256_update_block(sha256_ctx* ctx, esp_sha_type sha_type, const un
sha_hal_read_digest(sha_type, ctx->state); sha_hal_read_digest(sha_type, ctx->state);
/* Disable peripheral module */ /* Disable peripheral module */
SHA_RCC_ATOMIC() { esp_crypto_sha_enable_periph_clk(false);
sha_ll_enable_bus_clock(false);
}
} }
if ( ilen > 0 ) { if ( ilen > 0 ) {
@@ -321,10 +311,7 @@ static void sha512_update_block(sha512_ctx* ctx, esp_sha_type sha_type, const un
if ( (ilen >= 128) || local_len) { if ( (ilen >= 128) || local_len) {
/* Enable peripheral module */ /* Enable peripheral module */
SHA_RCC_ATOMIC() { esp_crypto_sha_enable_periph_clk(true);
sha_ll_enable_bus_clock(true);
sha_ll_reset_register();
}
sha_hal_wait_idle(); sha_hal_wait_idle();
sha_hal_set_mode(sha_type); sha_hal_set_mode(sha_type);
@@ -360,9 +347,7 @@ static void sha512_update_block(sha512_ctx* ctx, esp_sha_type sha_type, const un
sha_hal_read_digest(sha_type, ctx->state); sha_hal_read_digest(sha_type, ctx->state);
/* Disable peripheral module */ /* Disable peripheral module */
SHA_RCC_ATOMIC() { esp_crypto_sha_enable_periph_clk(false);
sha_ll_enable_bus_clock(false);
}
} }
if ( ilen > 0 ) { if ( ilen > 0 ) {