ci(hal): add support for 4096 bits size digital signature hal test

2023-08-02 14:10:24 +05:30
parent b8c208cdb3
commit 21c3549800
8 changed files with 29 additions and 17 deletions
--- a/components/hal/test_apps/crypto/README.md
+++ b/components/hal/test_apps/crypto/README.md
@@ -62,12 +62,22 @@ espefuse.py -p $ESPPORT burn_key BLOCK_KEY4 main/hmac/hmac_key.bin HMAC_UP

 The tests needs some HMAC keys to be burned in the `BLOCK_KEY1`, `BLOCK_KEY2` and `BLOCK_KEY3` of the efuses. As this verification application is independent of the efuse component, the user needs to manually burn the keys and their key purposes using `espefuse.py`.

+If SOC_DS_SIGNATURE_MAX_BIT_LEN == 3072:
 ```bash
-espefuse.py -p $ESPPORT burn_key BLOCK_KEY1 main/ds/ds_key1.bin HMAC_DOWN_DIGITAL_SIGNATURE --do-not-confirm
+espefuse.py -p $ESPPORT burn_key BLOCK_KEY1 main/ds/keys/3072/ds_key1.bin HMAC_DOWN_DIGITAL_SIGNATURE

-espefuse.py -p $ESPPORT burn_key BLOCK_KEY2 main/ds/ds_key2.bin HMAC_DOWN_DIGITAL_SIGNATURE --do-not-confirm
+espefuse.py -p $ESPPORT burn_key BLOCK_KEY2 main/ds/keys/3072/ds_key2.bin HMAC_DOWN_DIGITAL_SIGNATURE

-espefuse.py -p $ESPPORT burn_key BLOCK_KEY3 main/ds/ds_key3.bin HMAC_DOWN_DIGITAL_SIGNATURE --do-not-confirm
+espefuse.py -p $ESPPORT burn_key BLOCK_KEY3 main/ds/keys/3072/ds_key3.bin HMAC_DOWN_DIGITAL_SIGNATURE
+```
+
+If SOC_DS_SIGNATURE_MAX_BIT_LEN == 4096:
+```bash
+espefuse.py -p $ESPPORT burn_key BLOCK_KEY1 main/ds/keys/4096/ds_key1.bin HMAC_DOWN_DIGITAL_SIGNATURE
+
+espefuse.py -p $ESPPORT burn_key BLOCK_KEY2 main/ds/keys/4096/ds_key2.bin HMAC_DOWN_DIGITAL_SIGNATURE
+
+espefuse.py -p $ESPPORT burn_key BLOCK_KEY3 main/ds/keys/4096/ds_key3.bin HMAC_DOWN_DIGITAL_SIGNATURE
 ```

 # Burning the ECDSA keys
@@ -75,9 +85,9 @@ espefuse.py -p $ESPPORT burn_key BLOCK_KEY3 main/ds/ds_key3.bin HMAC_DOWN_DIGITA
 The ECDSA tests need some ECDSA keys to be burned in the `BLOCK_KEY1` and `BLOCK_KEY2` of the efuses. As this verification application is independent of the efuse component, the user needs to manually burn the keys and their key purposes using `espefuse.py`.

 ```bash
-espefuse.py -p $ESPPORT burn_key BLOCK_KEY1 main/ecdsa/ecdsa192_priv_key.pem ECDSA_KEY --do-not-confirm
+espefuse.py -p $ESPPORT burn_key BLOCK_KEY1 main/ecdsa/ecdsa192_priv_key.pem ECDSA_KEY

-espefuse.py -p $ESPPORT burn_key BLOCK_KEY2 main/ecdsa/ecdsa256_priv_key.pem ECDSA_KEY --do-not-confirm
+espefuse.py -p $ESPPORT burn_key BLOCK_KEY2 main/ecdsa/ecdsa256_priv_key.pem ECDSA_KEY
 ```

 # Building
--- a/components/hal/test_apps/crypto/main/ds/keys/3072/ds_key1.bin
+++ b/components/hal/test_apps/crypto/main/ds/keys/3072/ds_key1.bin
--- a/components/hal/test_apps/crypto/main/ds/keys/3072/ds_key2.bin
+++ b/components/hal/test_apps/crypto/main/ds/keys/3072/ds_key2.bin
--- a/components/hal/test_apps/crypto/main/ds/keys/3072/ds_key3.bin
+++ b/components/hal/test_apps/crypto/main/ds/keys/3072/ds_key3.bin
--- a/components/hal/test_apps/crypto/main/ds/keys/4096/ds_key1.bin
+++ b/components/hal/test_apps/crypto/main/ds/keys/4096/ds_key1.bin
@@ -0,0 +1 @@
+<EFBFBD><19>Q<EFBFBD><51>?1<>C<EFBFBD><17>{⇅A<E28785>B`R؎E<D88E>|;<3B><><EFBFBD><EFBFBD>
--- a/components/hal/test_apps/crypto/main/ds/keys/4096/ds_key2.bin
+++ b/components/hal/test_apps/crypto/main/ds/keys/4096/ds_key2.bin
@@ -0,0 +1 @@
+=q<><71><EFBFBD><15>0f<30><66>]<1E><><03>}H޼<><DEBC><EFBFBD>>ղ<>F<EFBFBD>
--- a/components/hal/test_apps/crypto/main/ds/keys/4096/ds_key3.bin
+++ b/components/hal/test_apps/crypto/main/ds/keys/4096/ds_key3.bin
--- a/components/hal/test_apps/crypto/main/ds/test_ds.c
+++ b/components/hal/test_apps/crypto/main/ds/test_ds.c
@@ -47,6 +47,11 @@ typedef enum {
 #include "esp32h2/rom/digital_signature.h"
 #include "esp32h2/rom/aes.h"
 #include "esp32h2/rom/sha.h"
+#elif CONFIG_IDF_TARGET_ESP32P4
+#include "esp32p4/rom/efuse.h"
+#include "esp32p4/rom/digital_signature.h"
+#include "esp32p4/rom/aes.h"
+#include "esp32p4/rom/sha.h"
 #endif

 #define ESP_ERR_HW_CRYPTO_DS_HMAC_FAIL           (0x1) /*!< HMAC peripheral problem */
@@ -467,7 +472,7 @@ TEST(ds, digital_signature_blocking_operation)

        ds_r = esp_ds_finish_sign(signature, &ds_data);
        TEST_ASSERT_EQUAL(ESP_OK, ds_r);
-#elif CONFIG_IDF_TARGET_ESP32C3
+#else
        esp_err_t ds_r = esp_ds_sign(test_messages[0],
                                     &ds_data,
                                     t->hmac_key_idx + 1,
@@ -498,14 +503,11 @@ TEST(ds, digital_signature_invalid_data)

        esp_err_t ds_r = esp_ds_start_sign(test_messages[0], &ds_data, t->hmac_key_idx + 1);
        TEST_ASSERT_EQUAL(ESP_OK, ds_r);
-        ds_r = esp_ds_finish_sign(signature, &ds_data);
-#if CONFIG_IDF_TARGET_ESP32S2 || CONFIG_IDF_TARGET_ESP32S3
-        TEST_ASSERT_EQUAL(ESP_ERR_HW_CRYPTO_DS_INVALID_DIGEST, ds_r);
-#elif CONFIG_IDF_TARGET_ESP32C3
-        TEST_ASSERT_EQUAL(ESP_ERR_HW_CRYPTO_DS_INVALID_DIGEST, ds_r);
-#endif
-        TEST_ASSERT_EQUAL_HEX8_ARRAY(zero, signature, DS_MAX_BITS / 8);

+        ds_r = esp_ds_finish_sign(signature, &ds_data);
+        TEST_ASSERT_EQUAL(ESP_ERR_HW_CRYPTO_DS_INVALID_DIGEST, ds_r);
+
+        TEST_ASSERT_EQUAL_HEX8_ARRAY(zero, signature, DS_MAX_BITS / 8);
        ds_data.iv[bit / 8] ^= 1 << (bit % 8);
    }

@@ -517,12 +519,10 @@ TEST(ds, digital_signature_invalid_data)

        esp_err_t ds_r = esp_ds_start_sign(test_messages[0], &ds_data, t->hmac_key_idx + 1);
        TEST_ASSERT_EQUAL(ESP_OK, ds_r);
+
        ds_r = esp_ds_finish_sign(signature, &ds_data);
-#if CONFIG_IDF_TARGET_ESP32S2 || CONFIG_IDF_TARGET_ESP32S3
        TEST_ASSERT_EQUAL(ESP_ERR_HW_CRYPTO_DS_INVALID_DIGEST, ds_r);
-#elif CONFIG_IDF_TARGET_ESP32C3
-        TEST_ASSERT_EQUAL(ESP_ERR_HW_CRYPTO_DS_INVALID_DIGEST, ds_r);
-#endif
+
        TEST_ASSERT_EQUAL_HEX8_ARRAY(zero, signature, DS_MAX_BITS / 8);

        ds_data.c[bit / 8] ^= 1 << (bit % 8);
				`@@ -0,0 +1 @@`
				<EFBFBD><19>Q<EFBFBD><51>?1<>C<EFBFBD><17>{⇅A<E28785>B`R؎E<D88E>\|;<3B><><EFBFBD><EFBFBD>
				`@@ -0,0 +1 @@`
				`=q<><71><EFBFBD><15>0f<30><66>]<1E><><03>}H޼<><DEBC><EFBFBD>>ղ<>F<EFBFBD>`