ci(esp_security): Add config to enable FPGA-related tests

2024-10-03 15:17:22 +05:30
parent 9e3a846356
commit e12c261b1b
7 changed files with 28 additions and 10 deletions
--- a/components/esp_security/test_apps/crypto_drivers/main/Kconfig.projbuild
+++ b/components/esp_security/test_apps/crypto_drivers/main/Kconfig.projbuild
@@ -0,0 +1,9 @@
+menu "ESP Security Tests"
+    config ESP_SECURITY_ENABLE_FPGA_TESTS
+        bool "Allow enabling the esp_security tests that require burning efuses"
+        default y if IDF_ENV_FPGA
+        default n
+        help
+            This includes the esp_security tests that actually require burning some efuses.
+            It is better to run these tests on an FPGA to avoid mistakenly burning eFuses.
+endmenu
--- a/components/esp_security/test_apps/crypto_drivers/main/test_ds.c
+++ b/components/esp_security/test_apps/crypto_drivers/main/test_ds.c
@@ -255,7 +255,7 @@ TEST_CASE("Digital Signature Blocking HMAC key out of range", "[hw_crypto] [ds]"
    TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_sign(message, &ds_data, HMAC_KEY0 - 1, signature_data));
 }

-#if CONFIG_IDF_ENV_FPGA
+#if CONFIG_ESP_SECURITY_ENABLE_FPGA_TESTS

 static void burn_hmac_keys(void)
 {
@@ -435,4 +435,4 @@ TEST_CASE("Digital Signature Invalid Data (FPGA only)", "[hw_crypto] [ds]")
    }
 }

-#endif // CONFIG_IDF_ENV_FPGA
+#endif // CONFIG_ESP_SECURITY_ENABLE_FPGA_TESTS
--- a/components/esp_security/test_apps/crypto_drivers/main/test_hmac.c
+++ b/components/esp_security/test_apps/crypto_drivers/main/test_hmac.c
@@ -10,7 +10,7 @@
 #include "esp_log.h"
 #include "esp_hmac.h"

-#if CONFIG_IDF_ENV_FPGA
+#if CONFIG_ESP_SECURITY_ENABLE_FPGA_TESTS

 /* Allow testing varying message lengths (truncating the same message)
   for various results */
@@ -1297,7 +1297,7 @@ TEST_CASE("HMAC 'upstream' wait lock", "[hw_crypto]")
    }
 }

-#endif // CONFIG_IDF_ENV_FPGA
+#endif // CONFIG_ESP_SECURITY_ENABLE_FPGA_TESTS

 /**
 * This test is just a parameter test and does not write any keys to efuse.
--- a/components/hal/test_apps/crypto/README.md
+++ b/components/hal/test_apps/crypto/README.md
@@ -67,7 +67,8 @@ This contains tests for the following features of the crypto peripherals:
        - SHA-512/256
        - SHA-512/t

-> **_NOTE:_** The verification tests for the HMAC and Digital Signature peripherals would get exercised in only in an FPGA environment.
+> **_NOTE:_** The verification tests for the HMAC and Digital Signature peripherals would get exercised only by enabling the example config in an FPGA environment.
+
 # Burning the HMAC key

 The HMAC tests need an HMAC key to be burned in the `BLOCK_KEY3` and `BLOCK_KEY4` of the efuses. As this verification application is independent of the efuse component, the user needs to manually burn the keys and their key purposes using `espefuse.py`.
--- a/components/hal/test_apps/crypto/main/Kconfig.projbuild
+++ b/components/hal/test_apps/crypto/main/Kconfig.projbuild
@@ -1,6 +1,14 @@

 menu "Test App Configuration"

+    config CRYPTO_TEST_APP_ENABLE_FPGA_TESTS
+        bool "Allow enabling the crypto tests that require burning efuses"
+        default y if IDF_ENV_FPGA
+        default n
+        help
+            This includes the crypto tests that actually require burning some efuses.
+            It is better to run these tests on an FPGA to avoid mistakenly burning eFuses.
+
    config CRYPTO_TEST_APP_ENABLE_DS_TESTS
        bool "Enable DS Peripheral test cases"
        default y
--- a/components/hal/test_apps/crypto/main/app_main.c
+++ b/components/hal/test_apps/crypto/main/app_main.c
@@ -34,7 +34,7 @@ static void run_all_tests(void)
    RUN_TEST_GROUP(key_manager);
 #endif

-#if CONFIG_IDF_ENV_FPGA
+#if CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS

 #if CONFIG_SOC_HMAC_SUPPORTED && CONFIG_CRYPTO_TEST_APP_ENABLE_HMAC_TESTS
    RUN_TEST_GROUP(hmac);
@@ -48,7 +48,7 @@ static void run_all_tests(void)
    RUN_TEST_GROUP(ecdsa)
 #endif

-#endif /* CONFIG_IDF_ENV_FPGA */
+#endif /* CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS */
 }

 static void test_task(void *pvParameters)
--- a/components/hal/test_apps/crypto/main/key_manager/test_key_manager.c
+++ b/components/hal/test_apps/crypto/main/key_manager/test_key_manager.c
@@ -263,7 +263,7 @@ static void key_mgr_test_ecdsa_random_mode(void)
    TEST_ASSERT_EQUAL(ESP_OK, esp_key_mgr_deactivate_key(key_recovery_info.key_type));
 }

-#if CONFIG_IDF_ENV_FPGA
+#if CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS

 static void test_xts_aes_key_random_mode(void)
 {
@@ -351,7 +351,7 @@ TEST(key_manager, ecdsa_key_random_deployment)
    key_mgr_test_ecdsa_random_mode();
 }

-#if CONFIG_IDF_ENV_FPGA
+#if CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS
 TEST(key_manager, xts_key_random_deployment)
 {
    key_mgr_test_xts_aes_128_random_mode();
@@ -367,7 +367,7 @@ TEST_GROUP_RUNNER(key_manager)
    RUN_TEST_CASE(key_manager, xts_key_ecdh0_deployment);
    RUN_TEST_CASE(key_manager, ecdsa_key_ecdh0_deployment);
    RUN_TEST_CASE(key_manager, ecdsa_key_random_deployment);
-#if CONFIG_IDF_ENV_FPGA
+#if CONFIG_CRYPTO_TEST_APP_ENABLE_FPGA_TESTS
    RUN_TEST_CASE(key_manager, xts_key_random_deployment);
 #endif