From 9e3a846356b9bed3b3189bbb212e943f3a89a156 Mon Sep 17 00:00:00 2001 From: "harshal.patil" Date: Thu, 3 Oct 2024 11:23:24 +0530 Subject: [PATCH 1/2] ci(esp_security): Enable crypto drivers test app build only for supported targets --- .../test_apps/.build-test-rules.yml | 6 ++---- .../test_apps/crypto_drivers/README.md | 4 ++-- .../crypto_drivers/main/CMakeLists.txt | 17 +++++++++++++---- .../test_apps/crypto_drivers/main/test_ds.c | 3 --- .../test_apps/crypto_drivers/main/test_hmac.c | 4 ---- .../crypto_drivers/main/test_key_mgr.c | 2 -- .../crypto_drivers/pytest_crypto_drivers.py | 17 ++++++++--------- 7 files changed, 25 insertions(+), 28 deletions(-) diff --git a/components/esp_security/test_apps/.build-test-rules.yml b/components/esp_security/test_apps/.build-test-rules.yml index abfc86a2c5..baac155ce3 100644 --- a/components/esp_security/test_apps/.build-test-rules.yml +++ b/components/esp_security/test_apps/.build-test-rules.yml @@ -1,7 +1,5 @@ # Documentation: .gitlab/ci/README.md#manifest-file-to-control-the-buildtest-apps components/esp_security/test_apps/crypto_drivers: - disable: - - if: IDF_TARGET in ["esp32c61"] - temporary: true - reason: Support for ESP32C61 is yet to be added. + enable: + - if: ((SOC_HMAC_SUPPORTED == 1) or (SOC_DIG_SIGN_SUPPORTED == 1)) or (SOC_KEY_MANAGER_SUPPORTED == 1) diff --git a/components/esp_security/test_apps/crypto_drivers/README.md b/components/esp_security/test_apps/crypto_drivers/README.md index 351f5fdebc..1dfe1331b4 100644 --- a/components/esp_security/test_apps/crypto_drivers/README.md +++ b/components/esp_security/test_apps/crypto_drivers/README.md @@ -1,3 +1,3 @@ -| Supported Targets | ESP32 | ESP32-C2 | ESP32-C3 | ESP32-C5 | ESP32-C6 | ESP32-H2 | ESP32-P4 | ESP32-S2 | ESP32-S3 | -| ----------------- | ----- | -------- | -------- | -------- | -------- | -------- | -------- | -------- | -------- | +| Supported Targets | ESP32-C3 | ESP32-C5 | ESP32-C6 | ESP32-H2 | ESP32-P4 | ESP32-S2 | ESP32-S3 | +| ----------------- | -------- | -------- | -------- | -------- | -------- | -------- | -------- | diff --git a/components/esp_security/test_apps/crypto_drivers/main/CMakeLists.txt b/components/esp_security/test_apps/crypto_drivers/main/CMakeLists.txt index 6748567554..b6ae16ae0a 100644 --- a/components/esp_security/test_apps/crypto_drivers/main/CMakeLists.txt +++ b/components/esp_security/test_apps/crypto_drivers/main/CMakeLists.txt @@ -1,7 +1,16 @@ -set(srcs "test_app_main.c" - "test_ds.c" - "test_hmac.c" - "test_key_mgr.c") +set(srcs "test_app_main.c") + +if(CONFIG_SOC_HMAC_SUPPORTED) + list(APPEND srcs "test_hmac.c") +endif() + +if(CONFIG_SOC_DIG_SIGN_SUPPORTED) + list(APPEND srcs "test_ds.c") +endif() + +if(CONFIG_SOC_KEY_MANAGER_SUPPORTED) + list(APPEND srcs "test_key_mgr.c") +endif() idf_component_register(SRCS ${srcs} REQUIRES unity efuse test_utils spi_flash esp_security diff --git a/components/esp_security/test_apps/crypto_drivers/main/test_ds.c b/components/esp_security/test_apps/crypto_drivers/main/test_ds.c index d631c7dd35..576e23fd62 100644 --- a/components/esp_security/test_apps/crypto_drivers/main/test_ds.c +++ b/components/esp_security/test_apps/crypto_drivers/main/test_ds.c @@ -8,8 +8,6 @@ #include "unity.h" #include "soc/soc_caps.h" - -#if SOC_DIG_SIGN_SUPPORTED #include "rom/efuse.h" #if CONFIG_IDF_TARGET_ESP32S2 #include "esp32s2/rom/digital_signature.h" @@ -438,4 +436,3 @@ TEST_CASE("Digital Signature Invalid Data (FPGA only)", "[hw_crypto] [ds]") } #endif // CONFIG_IDF_ENV_FPGA -#endif // SOC_DIG_SIGN_SUPPORTED diff --git a/components/esp_security/test_apps/crypto_drivers/main/test_hmac.c b/components/esp_security/test_apps/crypto_drivers/main/test_hmac.c index 9c20debc52..61fd9fb1c0 100644 --- a/components/esp_security/test_apps/crypto_drivers/main/test_hmac.c +++ b/components/esp_security/test_apps/crypto_drivers/main/test_hmac.c @@ -8,8 +8,6 @@ #include "esp_efuse.h" #include "esp_efuse_table.h" #include "esp_log.h" - -#if SOC_HMAC_SUPPORTED #include "esp_hmac.h" #if CONFIG_IDF_ENV_FPGA @@ -1315,5 +1313,3 @@ TEST_CASE("HMAC key out of range", "[hw_crypto]") TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_hmac_calculate(HMAC_KEY0 - 1, message, 47, hmac)); TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_hmac_calculate(HMAC_KEY5 + 1, message, 47, hmac)); } - -#endif // SOC_HMAC_SUPPORTED diff --git a/components/esp_security/test_apps/crypto_drivers/main/test_key_mgr.c b/components/esp_security/test_apps/crypto_drivers/main/test_key_mgr.c index 4484a9fde5..1fdb5b28f1 100644 --- a/components/esp_security/test_apps/crypto_drivers/main/test_key_mgr.c +++ b/components/esp_security/test_apps/crypto_drivers/main/test_key_mgr.c @@ -7,7 +7,6 @@ #include "unity.h" #include "soc/soc_caps.h" -#if SOC_KEY_MANAGER_SUPPORTED #include "esp_partition.h" #include "esp_flash.h" #include "esp_log.h" @@ -143,4 +142,3 @@ TEST_CASE("Key Manager random mode: ECDSA key deployment", "[hw_crypto] [key_mgr esp_ret = esp_key_mgr_deploy_key_in_random_mode(&key_config, &key_info); TEST_ASSERT_EQUAL(ESP_OK, esp_ret); } -#endif diff --git a/components/esp_security/test_apps/crypto_drivers/pytest_crypto_drivers.py b/components/esp_security/test_apps/crypto_drivers/pytest_crypto_drivers.py index e0709970c5..44435595f0 100644 --- a/components/esp_security/test_apps/crypto_drivers/pytest_crypto_drivers.py +++ b/components/esp_security/test_apps/crypto_drivers/pytest_crypto_drivers.py @@ -1,17 +1,16 @@ -# SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD +# SPDX-FileCopyrightText: 2022-2024 Espressif Systems (Shanghai) CO LTD # SPDX-License-Identifier: CC0-1.0 import pytest from pytest_embedded import Dut +@pytest.mark.esp32s2 +@pytest.mark.esp32s3 +@pytest.mark.esp32c3 +@pytest.mark.esp32c6 +@pytest.mark.esp32h2 +@pytest.mark.esp32p4 +@pytest.mark.esp32c5 @pytest.mark.generic -@pytest.mark.temp_skip_ci(targets=['esp32c61'], reason='Support for ESP32C61 is yet to be added.') # TODO: [ESP32C61] IDF-10987 -@pytest.mark.parametrize( - 'config', - [ - pytest.param('default', marks=[pytest.mark.supported_targets]), - ], - indirect=True, -) def test_crypto_drivers(dut: Dut) -> None: dut.run_all_single_board_cases(timeout=180) From e12c261b1b2713aaa374f3fcb67a7f2ebf66d5eb Mon Sep 17 00:00:00 2001 From: "harshal.patil" Date: Thu, 3 Oct 2024 15:17:22 +0530 Subject: [PATCH 2/2] ci(esp_security): Add config to enable FPGA-related tests --- .../test_apps/crypto_drivers/main/Kconfig.projbuild | 9 +++++++++ .../esp_security/test_apps/crypto_drivers/main/test_ds.c | 4 ++-- .../test_apps/crypto_drivers/main/test_hmac.c | 4 ++-- components/hal/test_apps/crypto/README.md | 3 ++- components/hal/test_apps/crypto/main/Kconfig.projbuild | 8 ++++++++ components/hal/test_apps/crypto/main/app_main.c | 4 ++-- .../test_apps/crypto/main/key_manager/test_key_manager.c | 6 +++--- 7 files changed, 28 insertions(+), 10 deletions(-) create mode 100644 components/esp_security/test_apps/crypto_drivers/main/Kconfig.projbuild diff --git a/components/esp_security/test_apps/crypto_drivers/main/Kconfig.projbuild b/components/esp_security/test_apps/crypto_drivers/main/Kconfig.projbuild new file mode 100644 index 0000000000..7cdf8c00fa --- /dev/null +++ b/components/esp_security/test_apps/crypto_drivers/main/Kconfig.projbuild @@ -0,0 +1,9 @@ +menu "ESP Security Tests" + config ESP_SECURITY_ENABLE_FPGA_TESTS + bool "Allow enabling the esp_security tests that require burning efuses" + default y if IDF_ENV_FPGA + default n + help + This includes the esp_security tests that actually require burning some efuses. + It is better to run these tests on an FPGA to avoid mistakenly burning eFuses. +endmenu diff --git a/components/esp_security/test_apps/crypto_drivers/main/test_ds.c b/components/esp_security/test_apps/crypto_drivers/main/test_ds.c index 576e23fd62..13d53308be 100644 --- a/components/esp_security/test_apps/crypto_drivers/main/test_ds.c +++ b/components/esp_security/test_apps/crypto_drivers/main/test_ds.c @@ -255,7 +255,7 @@ TEST_CASE("Digital Signature Blocking HMAC key out of range", "[hw_crypto] [ds]" TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_sign(message, &ds_data, HMAC_KEY0 - 1, signature_data)); } -#if CONFIG_IDF_ENV_FPGA +#if CONFIG_ESP_SECURITY_ENABLE_FPGA_TESTS static void burn_hmac_keys(void) { @@ -435,4 +435,4 @@ TEST_CASE("Digital Signature Invalid Data (FPGA only)", "[hw_crypto] [ds]") } } -#endif // CONFIG_IDF_ENV_FPGA +#endif // CONFIG_ESP_SECURITY_ENABLE_FPGA_TESTS diff --git a/components/esp_security/test_apps/crypto_drivers/main/test_hmac.c b/components/esp_security/test_apps/crypto_drivers/main/test_hmac.c index 61fd9fb1c0..8f8ccf39ef 100644 --- a/components/esp_security/test_apps/crypto_drivers/main/test_hmac.c +++ b/components/esp_security/test_apps/crypto_drivers/main/test_hmac.c @@ -10,7 +10,7 @@ #include "esp_log.h" #include "esp_hmac.h" -#if CONFIG_IDF_ENV_FPGA +#if CONFIG_ESP_SECURITY_ENABLE_FPGA_TESTS /* Allow testing varying message lengths (truncating the same message) for various results */ @@ -1297,7 +1297,7 @@ TEST_CASE("HMAC 'upstream' wait lock", "[hw_crypto]") } } -#endif // CONFIG_IDF_ENV_FPGA +#endif // CONFIG_ESP_SECURITY_ENABLE_FPGA_TESTS /** * This test is just a parameter test and does not write any keys to efuse. diff --git a/components/hal/test_apps/crypto/README.md b/components/hal/test_apps/crypto/README.md index 4e2c6f4f57..3b25adda8a 100644 --- a/components/hal/test_apps/crypto/README.md +++ b/components/hal/test_apps/crypto/README.md @@ -67,7 +67,8 @@ This contains tests for the following features of the crypto peripherals: - SHA-512/256 - SHA-512/t -> **_NOTE:_** The verification tests for the HMAC and Digital Signature peripherals would get exercised in only in an FPGA environment. +> **_NOTE:_** The verification tests for the HMAC and Digital Signature peripherals would get exercised only by enabling the example config in an FPGA environment. + # Burning the HMAC key The HMAC tests need an HMAC key to be burned in the `BLOCK_KEY3` and `BLOCK_KEY4` of the efuses. As this verification application is independent of the efuse component, the user needs to manually burn the keys and their key purposes using `espefuse.py`. diff --git a/components/hal/test_apps/crypto/main/Kconfig.projbuild b/components/hal/test_apps/crypto/main/Kconfig.projbuild index 051c5bae14..ee68e84f19 100644 --- a/components/hal/test_apps/crypto/main/Kconfig.projbuild +++ b/components/hal/test_apps/crypto/main/Kconfig.projbuild @@ -1,6 +1,14 @@ menu "Test App Configuration" + config CRYPTO_TEST_APP_ENABLE_FPGA_TESTS + bool "Allow enabling the crypto tests that require burning efuses" + default y if IDF_ENV_FPGA + default n + help + This includes the crypto tests that actually require burning some efuses. + It is better to run these tests on an FPGA to avoid mistakenly burning eFuses. + config CRYPTO_TEST_APP_ENABLE_DS_TESTS bool "Enable DS Peripheral test cases" default y diff --git a/components/hal/test_apps/crypto/main/app_main.c b/components/hal/test_apps/crypto/main/app_main.c index 460445a343..87dcee3d8e 100644 --- a/components/hal/test_apps/crypto/main/app_main.c +++ b/components/hal/test_apps/crypto/main/app_main.c @@ -34,7 +34,7 @@ static void run_all_tests(void) RUN_TEST_GROUP(key_manager); #endif -#if CONFIG_IDF_ENV_FPGA +#if CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS #if CONFIG_SOC_HMAC_SUPPORTED && CONFIG_CRYPTO_TEST_APP_ENABLE_HMAC_TESTS RUN_TEST_GROUP(hmac); @@ -48,7 +48,7 @@ static void run_all_tests(void) RUN_TEST_GROUP(ecdsa) #endif -#endif /* CONFIG_IDF_ENV_FPGA */ +#endif /* CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS */ } static void test_task(void *pvParameters) diff --git a/components/hal/test_apps/crypto/main/key_manager/test_key_manager.c b/components/hal/test_apps/crypto/main/key_manager/test_key_manager.c index ca424eb132..2def4096e8 100644 --- a/components/hal/test_apps/crypto/main/key_manager/test_key_manager.c +++ b/components/hal/test_apps/crypto/main/key_manager/test_key_manager.c @@ -263,7 +263,7 @@ static void key_mgr_test_ecdsa_random_mode(void) TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deactivate_key(key_recovery_info.key_type)); } -#if CONFIG_IDF_ENV_FPGA +#if CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS static void test_xts_aes_key_random_mode(void) { @@ -351,7 +351,7 @@ TEST(key_manager, ecdsa_key_random_deployment) key_mgr_test_ecdsa_random_mode(); } -#if CONFIG_IDF_ENV_FPGA +#if CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS TEST(key_manager, xts_key_random_deployment) { key_mgr_test_xts_aes_128_random_mode(); @@ -367,7 +367,7 @@ TEST_GROUP_RUNNER(key_manager) RUN_TEST_CASE(key_manager, xts_key_ecdh0_deployment); RUN_TEST_CASE(key_manager, ecdsa_key_ecdh0_deployment); RUN_TEST_CASE(key_manager, ecdsa_key_random_deployment); -#if CONFIG_IDF_ENV_FPGA +#if CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS RUN_TEST_CASE(key_manager, xts_key_random_deployment); #endif