diff --git a/components/esp_security/test_apps/.build-test-rules.yml b/components/esp_security/test_apps/.build-test-rules.yml index abfc86a2c5..baac155ce3 100644 --- a/components/esp_security/test_apps/.build-test-rules.yml +++ b/components/esp_security/test_apps/.build-test-rules.yml @@ -1,7 +1,5 @@ # Documentation: .gitlab/ci/README.md#manifest-file-to-control-the-buildtest-apps components/esp_security/test_apps/crypto_drivers: - disable: - - if: IDF_TARGET in ["esp32c61"] - temporary: true - reason: Support for ESP32C61 is yet to be added. + enable: + - if: ((SOC_HMAC_SUPPORTED == 1) or (SOC_DIG_SIGN_SUPPORTED == 1)) or (SOC_KEY_MANAGER_SUPPORTED == 1) diff --git a/components/esp_security/test_apps/crypto_drivers/README.md b/components/esp_security/test_apps/crypto_drivers/README.md index 351f5fdebc..1dfe1331b4 100644 --- a/components/esp_security/test_apps/crypto_drivers/README.md +++ b/components/esp_security/test_apps/crypto_drivers/README.md @@ -1,3 +1,3 @@ -| Supported Targets | ESP32 | ESP32-C2 | ESP32-C3 | ESP32-C5 | ESP32-C6 | ESP32-H2 | ESP32-P4 | ESP32-S2 | ESP32-S3 | -| ----------------- | ----- | -------- | -------- | -------- | -------- | -------- | -------- | -------- | -------- | +| Supported Targets | ESP32-C3 | ESP32-C5 | ESP32-C6 | ESP32-H2 | ESP32-P4 | ESP32-S2 | ESP32-S3 | +| ----------------- | -------- | -------- | -------- | -------- | -------- | -------- | -------- | diff --git a/components/esp_security/test_apps/crypto_drivers/main/CMakeLists.txt b/components/esp_security/test_apps/crypto_drivers/main/CMakeLists.txt index 6748567554..b6ae16ae0a 100644 --- a/components/esp_security/test_apps/crypto_drivers/main/CMakeLists.txt +++ b/components/esp_security/test_apps/crypto_drivers/main/CMakeLists.txt @@ -1,7 +1,16 @@ -set(srcs "test_app_main.c" - "test_ds.c" - "test_hmac.c" - "test_key_mgr.c") +set(srcs "test_app_main.c") + +if(CONFIG_SOC_HMAC_SUPPORTED) + list(APPEND srcs "test_hmac.c") +endif() + +if(CONFIG_SOC_DIG_SIGN_SUPPORTED) + list(APPEND srcs "test_ds.c") +endif() + +if(CONFIG_SOC_KEY_MANAGER_SUPPORTED) + list(APPEND srcs "test_key_mgr.c") +endif() idf_component_register(SRCS ${srcs} REQUIRES unity efuse test_utils spi_flash esp_security diff --git a/components/esp_security/test_apps/crypto_drivers/main/Kconfig.projbuild b/components/esp_security/test_apps/crypto_drivers/main/Kconfig.projbuild new file mode 100644 index 0000000000..7cdf8c00fa --- /dev/null +++ b/components/esp_security/test_apps/crypto_drivers/main/Kconfig.projbuild @@ -0,0 +1,9 @@ +menu "ESP Security Tests" + config ESP_SECURITY_ENABLE_FPGA_TESTS + bool "Allow enabling the esp_security tests that require burning efuses" + default y if IDF_ENV_FPGA + default n + help + This includes the esp_security tests that actually require burning some efuses. + It is better to run these tests on an FPGA to avoid mistakenly burning eFuses. +endmenu diff --git a/components/esp_security/test_apps/crypto_drivers/main/test_ds.c b/components/esp_security/test_apps/crypto_drivers/main/test_ds.c index d631c7dd35..13d53308be 100644 --- a/components/esp_security/test_apps/crypto_drivers/main/test_ds.c +++ b/components/esp_security/test_apps/crypto_drivers/main/test_ds.c @@ -8,8 +8,6 @@ #include "unity.h" #include "soc/soc_caps.h" - -#if SOC_DIG_SIGN_SUPPORTED #include "rom/efuse.h" #if CONFIG_IDF_TARGET_ESP32S2 #include "esp32s2/rom/digital_signature.h" @@ -257,7 +255,7 @@ TEST_CASE("Digital Signature Blocking HMAC key out of range", "[hw_crypto] [ds]" TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_sign(message, &ds_data, HMAC_KEY0 - 1, signature_data)); } -#if CONFIG_IDF_ENV_FPGA +#if CONFIG_ESP_SECURITY_ENABLE_FPGA_TESTS static void burn_hmac_keys(void) { @@ -437,5 +435,4 @@ TEST_CASE("Digital Signature Invalid Data (FPGA only)", "[hw_crypto] [ds]") } } -#endif // CONFIG_IDF_ENV_FPGA -#endif // SOC_DIG_SIGN_SUPPORTED +#endif // CONFIG_ESP_SECURITY_ENABLE_FPGA_TESTS diff --git a/components/esp_security/test_apps/crypto_drivers/main/test_hmac.c b/components/esp_security/test_apps/crypto_drivers/main/test_hmac.c index 9c20debc52..8f8ccf39ef 100644 --- a/components/esp_security/test_apps/crypto_drivers/main/test_hmac.c +++ b/components/esp_security/test_apps/crypto_drivers/main/test_hmac.c @@ -8,11 +8,9 @@ #include "esp_efuse.h" #include "esp_efuse_table.h" #include "esp_log.h" - -#if SOC_HMAC_SUPPORTED #include "esp_hmac.h" -#if CONFIG_IDF_ENV_FPGA +#if CONFIG_ESP_SECURITY_ENABLE_FPGA_TESTS /* Allow testing varying message lengths (truncating the same message) for various results */ @@ -1299,7 +1297,7 @@ TEST_CASE("HMAC 'upstream' wait lock", "[hw_crypto]") } } -#endif // CONFIG_IDF_ENV_FPGA +#endif // CONFIG_ESP_SECURITY_ENABLE_FPGA_TESTS /** * This test is just a parameter test and does not write any keys to efuse. @@ -1315,5 +1313,3 @@ TEST_CASE("HMAC key out of range", "[hw_crypto]") TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_hmac_calculate(HMAC_KEY0 - 1, message, 47, hmac)); TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_hmac_calculate(HMAC_KEY5 + 1, message, 47, hmac)); } - -#endif // SOC_HMAC_SUPPORTED diff --git a/components/esp_security/test_apps/crypto_drivers/main/test_key_mgr.c b/components/esp_security/test_apps/crypto_drivers/main/test_key_mgr.c index 4484a9fde5..1fdb5b28f1 100644 --- a/components/esp_security/test_apps/crypto_drivers/main/test_key_mgr.c +++ b/components/esp_security/test_apps/crypto_drivers/main/test_key_mgr.c @@ -7,7 +7,6 @@ #include "unity.h" #include "soc/soc_caps.h" -#if SOC_KEY_MANAGER_SUPPORTED #include "esp_partition.h" #include "esp_flash.h" #include "esp_log.h" @@ -143,4 +142,3 @@ TEST_CASE("Key Manager random mode: ECDSA key deployment", "[hw_crypto] [key_mgr esp_ret = esp_key_mgr_deploy_key_in_random_mode(&key_config, &key_info); TEST_ASSERT_EQUAL(ESP_OK, esp_ret); } -#endif diff --git a/components/esp_security/test_apps/crypto_drivers/pytest_crypto_drivers.py b/components/esp_security/test_apps/crypto_drivers/pytest_crypto_drivers.py index e0709970c5..44435595f0 100644 --- a/components/esp_security/test_apps/crypto_drivers/pytest_crypto_drivers.py +++ b/components/esp_security/test_apps/crypto_drivers/pytest_crypto_drivers.py @@ -1,17 +1,16 @@ -# SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD +# SPDX-FileCopyrightText: 2022-2024 Espressif Systems (Shanghai) CO LTD # SPDX-License-Identifier: CC0-1.0 import pytest from pytest_embedded import Dut +@pytest.mark.esp32s2 +@pytest.mark.esp32s3 +@pytest.mark.esp32c3 +@pytest.mark.esp32c6 +@pytest.mark.esp32h2 +@pytest.mark.esp32p4 +@pytest.mark.esp32c5 @pytest.mark.generic -@pytest.mark.temp_skip_ci(targets=['esp32c61'], reason='Support for ESP32C61 is yet to be added.') # TODO: [ESP32C61] IDF-10987 -@pytest.mark.parametrize( - 'config', - [ - pytest.param('default', marks=[pytest.mark.supported_targets]), - ], - indirect=True, -) def test_crypto_drivers(dut: Dut) -> None: dut.run_all_single_board_cases(timeout=180) diff --git a/components/hal/test_apps/crypto/README.md b/components/hal/test_apps/crypto/README.md index 4e2c6f4f57..3b25adda8a 100644 --- a/components/hal/test_apps/crypto/README.md +++ b/components/hal/test_apps/crypto/README.md @@ -67,7 +67,8 @@ This contains tests for the following features of the crypto peripherals: - SHA-512/256 - SHA-512/t -> **_NOTE:_** The verification tests for the HMAC and Digital Signature peripherals would get exercised in only in an FPGA environment. +> **_NOTE:_** The verification tests for the HMAC and Digital Signature peripherals would get exercised only by enabling the example config in an FPGA environment. + # Burning the HMAC key The HMAC tests need an HMAC key to be burned in the `BLOCK_KEY3` and `BLOCK_KEY4` of the efuses. As this verification application is independent of the efuse component, the user needs to manually burn the keys and their key purposes using `espefuse.py`. diff --git a/components/hal/test_apps/crypto/main/Kconfig.projbuild b/components/hal/test_apps/crypto/main/Kconfig.projbuild index 051c5bae14..ee68e84f19 100644 --- a/components/hal/test_apps/crypto/main/Kconfig.projbuild +++ b/components/hal/test_apps/crypto/main/Kconfig.projbuild @@ -1,6 +1,14 @@ menu "Test App Configuration" + config CRYPTO_TEST_APP_ENABLE_FPGA_TESTS + bool "Allow enabling the crypto tests that require burning efuses" + default y if IDF_ENV_FPGA + default n + help + This includes the crypto tests that actually require burning some efuses. + It is better to run these tests on an FPGA to avoid mistakenly burning eFuses. + config CRYPTO_TEST_APP_ENABLE_DS_TESTS bool "Enable DS Peripheral test cases" default y diff --git a/components/hal/test_apps/crypto/main/app_main.c b/components/hal/test_apps/crypto/main/app_main.c index 460445a343..87dcee3d8e 100644 --- a/components/hal/test_apps/crypto/main/app_main.c +++ b/components/hal/test_apps/crypto/main/app_main.c @@ -34,7 +34,7 @@ static void run_all_tests(void) RUN_TEST_GROUP(key_manager); #endif -#if CONFIG_IDF_ENV_FPGA +#if CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS #if CONFIG_SOC_HMAC_SUPPORTED && CONFIG_CRYPTO_TEST_APP_ENABLE_HMAC_TESTS RUN_TEST_GROUP(hmac); @@ -48,7 +48,7 @@ static void run_all_tests(void) RUN_TEST_GROUP(ecdsa) #endif -#endif /* CONFIG_IDF_ENV_FPGA */ +#endif /* CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS */ } static void test_task(void *pvParameters) diff --git a/components/hal/test_apps/crypto/main/key_manager/test_key_manager.c b/components/hal/test_apps/crypto/main/key_manager/test_key_manager.c index ca424eb132..2def4096e8 100644 --- a/components/hal/test_apps/crypto/main/key_manager/test_key_manager.c +++ b/components/hal/test_apps/crypto/main/key_manager/test_key_manager.c @@ -263,7 +263,7 @@ static void key_mgr_test_ecdsa_random_mode(void) TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deactivate_key(key_recovery_info.key_type)); } -#if CONFIG_IDF_ENV_FPGA +#if CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS static void test_xts_aes_key_random_mode(void) { @@ -351,7 +351,7 @@ TEST(key_manager, ecdsa_key_random_deployment) key_mgr_test_ecdsa_random_mode(); } -#if CONFIG_IDF_ENV_FPGA +#if CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS TEST(key_manager, xts_key_random_deployment) { key_mgr_test_xts_aes_128_random_mode(); @@ -367,7 +367,7 @@ TEST_GROUP_RUNNER(key_manager) RUN_TEST_CASE(key_manager, xts_key_ecdh0_deployment); RUN_TEST_CASE(key_manager, ecdsa_key_ecdh0_deployment); RUN_TEST_CASE(key_manager, ecdsa_key_random_deployment); -#if CONFIG_IDF_ENV_FPGA +#if CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS RUN_TEST_CASE(key_manager, xts_key_random_deployment); #endif