Merge branch 'ci/enable_crypto_drivers_test_for_esp32c61' into 'master'

Enable crypto drivers test app build only for supported targets

Closes IDF-10987 and IDF-7583

See merge request espressif/esp-idf!33958

components/esp_security/test_apps/.build-test-rules.yml

@@ -1,7 +1,5 @@
 # Documentation: .gitlab/ci/README.md#manifest-file-to-control-the-buildtest-apps
 
 components/esp_security/test_apps/crypto_drivers:
-  disable:
-    - if: IDF_TARGET in ["esp32c61"]
-      temporary: true
-      reason: Support for ESP32C61 is yet to be added.
+  enable:
+    - if: ((SOC_HMAC_SUPPORTED == 1) or (SOC_DIG_SIGN_SUPPORTED == 1)) or (SOC_KEY_MANAGER_SUPPORTED == 1)

components/esp_security/test_apps/crypto_drivers/README.md

@@ -1,3 +1,3 @@
-| Supported Targets | ESP32 | ESP32-C2 | ESP32-C3 | ESP32-C5 | ESP32-C6 | ESP32-H2 | ESP32-P4 | ESP32-S2 | ESP32-S3 |
-| ----------------- | ----- | -------- | -------- | -------- | -------- | -------- | -------- | -------- | -------- |
+| Supported Targets | ESP32-C3 | ESP32-C5 | ESP32-C6 | ESP32-H2 | ESP32-P4 | ESP32-S2 | ESP32-S3 |
+| ----------------- | -------- | -------- | -------- | -------- | -------- | -------- | -------- |
 

components/esp_security/test_apps/crypto_drivers/main/CMakeLists.txt

@@ -1,7 +1,16 @@
-set(srcs "test_app_main.c"
-          "test_ds.c"
-          "test_hmac.c"
-          "test_key_mgr.c")
+set(srcs "test_app_main.c")
+
+if(CONFIG_SOC_HMAC_SUPPORTED)
+    list(APPEND srcs "test_hmac.c")
+endif()
+
+if(CONFIG_SOC_DIG_SIGN_SUPPORTED)
+    list(APPEND srcs "test_ds.c")
+endif()
+
+if(CONFIG_SOC_KEY_MANAGER_SUPPORTED)
+    list(APPEND srcs "test_key_mgr.c")
+endif()
 
 idf_component_register(SRCS ${srcs}
                        REQUIRES unity efuse test_utils spi_flash esp_security

components/esp_security/test_apps/crypto_drivers/main/Kconfig.projbuild

@@ -0,0 +1,9 @@
+menu "ESP Security Tests"
+    config ESP_SECURITY_ENABLE_FPGA_TESTS
+        bool "Allow enabling the esp_security tests that require burning efuses"
+        default y if IDF_ENV_FPGA
+        default n
+        help
+            This includes the esp_security tests that actually require burning some efuses.
+            It is better to run these tests on an FPGA to avoid mistakenly burning eFuses.
+endmenu

components/esp_security/test_apps/crypto_drivers/main/test_ds.c

@@ -8,8 +8,6 @@
 #include "unity.h"
 
 #include "soc/soc_caps.h"
-
-#if SOC_DIG_SIGN_SUPPORTED
 #include "rom/efuse.h"
 #if CONFIG_IDF_TARGET_ESP32S2
 #include "esp32s2/rom/digital_signature.h"
@@ -257,7 +255,7 @@ TEST_CASE("Digital Signature Blocking HMAC key out of range", "[hw_crypto] [ds]"
     TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_sign(message, &ds_data, HMAC_KEY0 - 1, signature_data));
 }
 
-#if CONFIG_IDF_ENV_FPGA
+#if CONFIG_ESP_SECURITY_ENABLE_FPGA_TESTS
 
 static void burn_hmac_keys(void)
 {
@@ -437,5 +435,4 @@ TEST_CASE("Digital Signature Invalid Data (FPGA only)", "[hw_crypto] [ds]")
     }
 }
 
-#endif // CONFIG_IDF_ENV_FPGA
-#endif // SOC_DIG_SIGN_SUPPORTED
+#endif // CONFIG_ESP_SECURITY_ENABLE_FPGA_TESTS

components/esp_security/test_apps/crypto_drivers/main/test_hmac.c

@@ -8,11 +8,9 @@
 #include "esp_efuse.h"
 #include "esp_efuse_table.h"
 #include "esp_log.h"
-
-#if SOC_HMAC_SUPPORTED
 #include "esp_hmac.h"
 
-#if CONFIG_IDF_ENV_FPGA
+#if CONFIG_ESP_SECURITY_ENABLE_FPGA_TESTS
 
 /* Allow testing varying message lengths (truncating the same message)
    for various results */
@@ -1299,7 +1297,7 @@ TEST_CASE("HMAC 'upstream' wait lock", "[hw_crypto]")
     }
 }
 
-#endif // CONFIG_IDF_ENV_FPGA
+#endif // CONFIG_ESP_SECURITY_ENABLE_FPGA_TESTS
 
 /**
  * This test is just a parameter test and does not write any keys to efuse.
@@ -1315,5 +1313,3 @@ TEST_CASE("HMAC key out of range", "[hw_crypto]")
     TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_hmac_calculate(HMAC_KEY0 - 1, message, 47, hmac));
     TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_hmac_calculate(HMAC_KEY5 + 1, message, 47, hmac));
 }
-
-#endif // SOC_HMAC_SUPPORTED

components/esp_security/test_apps/crypto_drivers/main/test_key_mgr.c

@@ -7,7 +7,6 @@
 #include "unity.h"
 
 #include "soc/soc_caps.h"
-#if SOC_KEY_MANAGER_SUPPORTED
 #include "esp_partition.h"
 #include "esp_flash.h"
 #include "esp_log.h"
@@ -143,4 +142,3 @@ TEST_CASE("Key Manager random mode: ECDSA key deployment", "[hw_crypto] [key_mgr
     esp_ret = esp_key_mgr_deploy_key_in_random_mode(&key_config, &key_info);
     TEST_ASSERT_EQUAL(ESP_OK, esp_ret);
 }
-#endif

components/esp_security/test_apps/crypto_drivers/pytest_crypto_drivers.py

@@ -1,17 +1,16 @@
-# SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD
+# SPDX-FileCopyrightText: 2022-2024 Espressif Systems (Shanghai) CO LTD
 # SPDX-License-Identifier: CC0-1.0
 import pytest
 from pytest_embedded import Dut
 
 
+@pytest.mark.esp32s2
+@pytest.mark.esp32s3
+@pytest.mark.esp32c3
+@pytest.mark.esp32c6
+@pytest.mark.esp32h2
+@pytest.mark.esp32p4
+@pytest.mark.esp32c5
 @pytest.mark.generic
-@pytest.mark.temp_skip_ci(targets=['esp32c61'], reason='Support for ESP32C61 is yet to be added.')  # TODO: [ESP32C61] IDF-10987
-@pytest.mark.parametrize(
-    'config',
-    [
-        pytest.param('default', marks=[pytest.mark.supported_targets]),
-    ],
-    indirect=True,
-)
 def test_crypto_drivers(dut: Dut) -> None:
     dut.run_all_single_board_cases(timeout=180)

components/hal/test_apps/crypto/README.md

@@ -67,7 +67,8 @@ This contains tests for the following features of the crypto peripherals:
         - SHA-512/256
         - SHA-512/t
 
-> **_NOTE:_** The verification tests for the HMAC and Digital Signature peripherals would get exercised in only in an FPGA environment.
+> **_NOTE:_** The verification tests for the HMAC and Digital Signature peripherals would get exercised only by enabling the example config in an FPGA environment.
+
 # Burning the HMAC key
 
 The HMAC tests need an HMAC key to be burned in the `BLOCK_KEY3` and `BLOCK_KEY4` of the efuses. As this verification application is independent of the efuse component, the user needs to manually burn the keys and their key purposes using `espefuse.py`.

components/hal/test_apps/crypto/main/Kconfig.projbuild

@@ -1,6 +1,14 @@
 
 menu "Test App Configuration"
 
+    config CRYPTO_TEST_APP_ENABLE_FPGA_TESTS
+        bool "Allow enabling the crypto tests that require burning efuses"
+        default y if IDF_ENV_FPGA
+        default n
+        help
+            This includes the crypto tests that actually require burning some efuses.
+            It is better to run these tests on an FPGA to avoid mistakenly burning eFuses.
+
     config CRYPTO_TEST_APP_ENABLE_DS_TESTS
         bool "Enable DS Peripheral test cases"
         default y

components/hal/test_apps/crypto/main/app_main.c

@@ -34,7 +34,7 @@ static void run_all_tests(void)
     RUN_TEST_GROUP(key_manager);
 #endif
 
-#if CONFIG_IDF_ENV_FPGA
+#if CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS
 
 #if CONFIG_SOC_HMAC_SUPPORTED && CONFIG_CRYPTO_TEST_APP_ENABLE_HMAC_TESTS
     RUN_TEST_GROUP(hmac);
@@ -48,7 +48,7 @@ static void run_all_tests(void)
     RUN_TEST_GROUP(ecdsa)
 #endif
 
-#endif /* CONFIG_IDF_ENV_FPGA */
+#endif /* CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS */
 }
 
 static void test_task(void *pvParameters)

components/hal/test_apps/crypto/main/key_manager/test_key_manager.c

@@ -263,7 +263,7 @@ static void key_mgr_test_ecdsa_random_mode(void)
     TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deactivate_key(key_recovery_info.key_type));
 }
 
-#if CONFIG_IDF_ENV_FPGA
+#if CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS
 
 static void test_xts_aes_key_random_mode(void)
 {
@@ -351,7 +351,7 @@ TEST(key_manager, ecdsa_key_random_deployment)
     key_mgr_test_ecdsa_random_mode();
 }
 
-#if CONFIG_IDF_ENV_FPGA
+#if CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS
 TEST(key_manager, xts_key_random_deployment)
 {
     key_mgr_test_xts_aes_128_random_mode();
@@ -367,7 +367,7 @@ TEST_GROUP_RUNNER(key_manager)
     RUN_TEST_CASE(key_manager, xts_key_ecdh0_deployment);
     RUN_TEST_CASE(key_manager, ecdsa_key_ecdh0_deployment);
     RUN_TEST_CASE(key_manager, ecdsa_key_random_deployment);
-#if CONFIG_IDF_ENV_FPGA
+#if CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS
     RUN_TEST_CASE(key_manager, xts_key_random_deployment);
 #endif