alex/esp-idf
alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2024-10-05 20:47:46 -04:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

esp32s2: move crypto related functions

Browse Source
This commit is contained in:
Renz Bagaporo 2021-03-03 18:21:07 +08:00 committed by Michael (XIAO Xufeng)
parent ea2aafbb7a
commit 702e41e1c8
36 changed files with 154 additions and 613 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
components/esp32c3/CMakeLists.txt
View File

@ -11,10 +11,7 @@ if(BOOTLOADER_BUILD)
else()
# Regular app build
set(srcs "dport_access.c"
"esp_hmac.c"
"esp_ds.c"
"esp_crypto_lock.c")
set(srcs "dport_access.c")
set(include_dirs "include")
set(requires driver efuse soc riscv) #unfortunately rom/uart uses SOC registers directly

80
components/esp32c3/test/test_sha.c
View File

@ -1,80 +0,0 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "esp_types.h"
#include "esp32c3/clk.h"
#include "esp_log.h"
#include "esp_timer.h"
#include "esp_heap_caps.h"
#include "idf_performance.h"
#include "unity.h"
#include "test_utils.h"
#include "mbedtls/sha1.h"
#include "mbedtls/sha256.h"
#include "sha/sha_dma.h"
/* Note: Most of the SHA functions are called as part of mbedTLS, so
are tested as part of mbedTLS tests. Only esp_sha() is different.
*/
#define TAG "sha_test"
TEST_CASE("Test esp_sha()", "[hw_crypto]")
{
const size_t BUFFER_SZ = 32 * 1024 + 6; // NB: not an exact multiple of SHA block size
int64_t begin, end;
uint32_t us_sha1;
uint8_t sha1_result[20] = { 0 };
void *buffer = heap_caps_malloc(BUFFER_SZ, MALLOC_CAP_8BIT|MALLOC_CAP_INTERNAL);
TEST_ASSERT_NOT_NULL(buffer);
memset(buffer, 0xEE, BUFFER_SZ);
const uint8_t sha1_expected[20] = { 0xc7, 0xbb, 0xd3, 0x74, 0xf2, 0xf6, 0x20, 0x86,
0x61, 0xf4, 0x50, 0xd5, 0xf5, 0x18, 0x44, 0xcc,
0x7a, 0xb7, 0xa5, 0x4a };
begin = esp_timer_get_time();
esp_sha(SHA1, buffer, BUFFER_SZ, sha1_result);
end = esp_timer_get_time();
TEST_ASSERT_EQUAL_HEX8_ARRAY(sha1_expected, sha1_result, sizeof(sha1_expected));
us_sha1 = end - begin;
ESP_LOGI(TAG, "esp_sha() 32KB SHA1 in %u us", us_sha1);
free(buffer);
TEST_PERFORMANCE_CCOMP_LESS_THAN(TIME_SHA1_32KB, "%dus", us_sha1);
}
TEST_CASE("Test esp_sha() function with long input", "[hw_crypto]")
{
const void* ptr;
spi_flash_mmap_handle_t handle;
uint8_t sha1_espsha[20] = { 0 };
uint8_t sha1_mbedtls[20] = { 0 };
uint8_t sha256_espsha[32] = { 0 };
uint8_t sha256_mbedtls[32] = { 0 };
const size_t LEN = 1024 * 1024;
/* mmap() 1MB of flash, we don't care what it is really */
esp_err_t err = spi_flash_mmap(0x0, LEN, SPI_FLASH_MMAP_DATA, &ptr, &handle);
TEST_ASSERT_EQUAL_HEX32(ESP_OK, err);
TEST_ASSERT_NOT_NULL(ptr);
/* Compare esp_sha() result to the mbedTLS result, should always be the same */
esp_sha(SHA1, ptr, LEN, sha1_espsha);
int r = mbedtls_sha1_ret(ptr, LEN, sha1_mbedtls);
TEST_ASSERT_EQUAL(0, r);
esp_sha(SHA2_256, ptr, LEN, sha256_espsha);
r = mbedtls_sha256_ret(ptr, LEN, sha256_mbedtls, 0);
TEST_ASSERT_EQUAL(0, r);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha1_espsha, sha1_mbedtls, sizeof(sha1_espsha), "SHA1 results should match");
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha256_espsha, sha256_mbedtls, sizeof(sha256_espsha), "SHA256 results should match");
}

5
components/esp32s2/CMakeLists.txt
View File

@ -13,10 +13,7 @@ else()
set(srcs "dport_access.c"
"spiram.c"
"spiram_psram.c"
"esp_crypto_lock.c"
"esp_hmac.c"
"esp_ds.c")
"spiram_psram.c")
set(include_dirs "include")

379
components/esp32s2/test/test_ds.c
View File

@ -1,379 +0,0 @@
// Copyright 2020 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "unity.h"
#include "esp32s2/rom/efuse.h"
#include "esp32s2/rom/digital_signature.h"
#include "esp32s2/rom/aes.h"
#include "esp32s2/rom/sha.h"
#include <string.h>
#include "esp_ds.h"
#define NUM_RESULTS 10
typedef struct {
uint8_t iv[ETS_DS_IV_LEN];
ets_ds_p_data_t p_data;
uint8_t expected_c[ETS_DS_C_LEN];
uint8_t hmac_key_idx;
uint32_t expected_results[NUM_RESULTS][4096/32];
} encrypt_testcase_t;
// Generated header (gen_digital_signature_tests.py) defines
// NUM_HMAC_KEYS, test_hmac_keys, NUM_MESSAGES, NUM_CASES, test_messages[], test_cases[]
// Some adaptations were made: removed the 512 bit case and changed RSA lengths to the enums from esp_ds.h
#include "digital_signature_test_cases.h"
_Static_assert(NUM_RESULTS == NUM_MESSAGES, "expected_results size should be the same as NUM_MESSAGES in generated header");
TEST_CASE("Digital Signature Parameter Encryption data NULL", "[hw_crypto]")
{
const char iv [32];
esp_ds_p_data_t p_data;
const char key [32];
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_encrypt_params(NULL, iv, &p_data, key));
}
TEST_CASE("Digital Signature Parameter Encryption iv NULL", "[hw_crypto]")
{
esp_ds_data_t data;
esp_ds_p_data_t p_data;
const char key [32];
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_encrypt_params(&data, NULL, &p_data, key));
}
TEST_CASE("Digital Signature Parameter Encryption p_data NULL", "[hw_crypto]")
{
esp_ds_data_t data;
const char iv [32];
const char key [32];
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_encrypt_params(&data, iv, NULL, key));
}
TEST_CASE("Digital Signature Parameter Encryption key NULL", "[hw_crypto]")
{
esp_ds_data_t data;
const char iv [32];
esp_ds_p_data_t p_data;
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_encrypt_params(&data, iv, &p_data, NULL));
}
TEST_CASE("Digital Signature Parameter Encryption", "[hw_crypto]")
{
for (int i = 0; i < NUM_CASES; i++) {
printf("Encrypting test case %d...\n", i);
const encrypt_testcase_t *t = &test_cases[i];
esp_ds_data_t result = { };
esp_ds_p_data_t p_data;
memcpy(p_data.Y, t->p_data.Y, 4096/8);
memcpy(p_data.M, t->p_data.M, 4096/8);
memcpy(p_data.Rb, t->p_data.Rb, 4096/8);
p_data.M_prime = t->p_data.M_prime;
p_data.length = t->p_data.length;
esp_err_t r = esp_ds_encrypt_params(&result, t->iv, &p_data,
test_hmac_keys[t->hmac_key_idx]);
printf("Encrypting test case %d done\n", i);
TEST_ASSERT_EQUAL(ESP_OK, r);
TEST_ASSERT_EQUAL(t->p_data.length, result.rsa_length);
TEST_ASSERT_EQUAL_HEX8_ARRAY(t->iv, result.iv, ETS_DS_IV_LEN);
TEST_ASSERT_EQUAL_HEX8_ARRAY(t->expected_c, result.c, ETS_DS_C_LEN);
}
}
TEST_CASE("Digital Signature start Invalid message", "[hw_crypto]")
{
esp_ds_data_t ds_data = { };
ds_data.rsa_length = ESP_DS_RSA_4096;
esp_ds_context_t *ctx;
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_start_sign(NULL, &ds_data, HMAC_KEY1, &ctx));
}
TEST_CASE("Digital Signature start Invalid data", "[hw_crypto]")
{
const char *message = "test";
esp_ds_context_t *ctx;
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_start_sign(message, NULL, HMAC_KEY1, &ctx));
}
TEST_CASE("Digital Signature start Invalid context", "[hw_crypto]")
{
esp_ds_data_t ds_data = {};
ds_data.rsa_length = ESP_DS_RSA_4096;
const char *message = "test";
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_start_sign(message, &ds_data, HMAC_KEY1, NULL));
}
TEST_CASE("Digital Signature RSA length 0", "[hw_crypto]")
{
esp_ds_data_t ds_data = {};
ds_data.rsa_length = 0;
const char *message = "test";
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_start_sign(message, &ds_data, HMAC_KEY1, NULL));
}
TEST_CASE("Digital Signature RSA length too long", "[hw_crypto]")
{
esp_ds_data_t ds_data = {};
ds_data.rsa_length = 128;
const char *message = "test";
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_start_sign(message, &ds_data, HMAC_KEY1, NULL));
}
TEST_CASE("Digital Signature start HMAC key out of range", "[hw_crypto]")
{
esp_ds_data_t ds_data = {};
ds_data.rsa_length = ESP_DS_RSA_4096;
esp_ds_context_t *ctx;
const char *message = "test";
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_start_sign(message, &ds_data, HMAC_KEY5 + 1, &ctx));
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_start_sign(message, &ds_data, HMAC_KEY0 - 1, &ctx));
}
TEST_CASE("Digital Signature finish Invalid signature ptr", "[hw_crypto]")
{
esp_ds_context_t *ctx = NULL;
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_finish_sign(NULL, ctx));
}
TEST_CASE("Digital Signature finish Invalid context", "[hw_crypto]")
{
uint8_t signature_data [128 * 4];
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_finish_sign(signature_data, NULL));
}
TEST_CASE("Digital Signature Blocking Invalid message", "[hw_crypto]")
{
esp_ds_data_t ds_data = { };
ds_data.rsa_length = ESP_DS_RSA_4096;
uint8_t signature_data [128 * 4];
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_sign(NULL, &ds_data, HMAC_KEY1, signature_data));
}
TEST_CASE("Digital Signature Blocking Invalid data", "[hw_crypto]")
{
const char *message = "test";
uint8_t signature_data [128 * 4];
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_sign(message, NULL, HMAC_KEY1, signature_data));
}
TEST_CASE("Digital Signature Blocking Invalid signature ptr", "[hw_crypto]")
{
esp_ds_data_t ds_data = {};
ds_data.rsa_length = ESP_DS_RSA_4096;
const char *message = "test";
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_sign(message, &ds_data, HMAC_KEY1, NULL));
}
TEST_CASE("Digital Signature Blocking RSA length 0", "[hw_crypto]")
{
esp_ds_data_t ds_data = {};
ds_data.rsa_length = 0;
const char *message = "test";
uint8_t signature_data [128 * 4];
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_sign(message, &ds_data, HMAC_KEY1, signature_data));
}
TEST_CASE("Digital Signature Blocking RSA length too long", "[hw_crypto]")
{
esp_ds_data_t ds_data = {};
ds_data.rsa_length = 128;
const char *message = "test";
uint8_t signature_data [128 * 4];
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_sign(message, &ds_data, HMAC_KEY1, signature_data));
}
TEST_CASE("Digital Signature Blocking HMAC key out of range", "[hw_crypto]")
{
esp_ds_data_t ds_data = {};
ds_data.rsa_length = 127;
const char *message = "test";
uint8_t signature_data [128 * 4];
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_sign(message, &ds_data, HMAC_KEY5 + 1, signature_data));
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_sign(message, &ds_data, HMAC_KEY0 - 1, signature_data));
}
#if CONFIG_IDF_ENV_FPGA
static void burn_hmac_keys(void)
{
printf("Burning %d HMAC keys to efuse...\n", NUM_HMAC_KEYS);
for (int i = 0; i < NUM_HMAC_KEYS; i++) {
// TODO: vary the purpose across the keys
ets_efuse_purpose_t purpose = ETS_EFUSE_KEY_PURPOSE_HMAC_DOWN_DIGITAL_SIGNATURE;
// starting from block 1, block 0 occupied with HMAC upstream test key
int ets_status = ets_efuse_write_key(ETS_EFUSE_BLOCK_KEY1 + i,
purpose,
test_hmac_keys[i], 32);
if (ets_status == ESP_OK) {
printf("written DS test key to block [%d]!\n", ETS_EFUSE_BLOCK_KEY1 + i);
} else {
printf("writing DS test key to block [%d] failed, maybe written already\n", ETS_EFUSE_BLOCK_KEY1 + i);
}
}
}
TEST_CASE("Digital Signature wrong HMAC key purpose (FPGA only)", "[hw_crypto]")
{
esp_ds_data_t ds_data = {};
ds_data.rsa_length = ESP_DS_RSA_4096;
esp_ds_context_t *ctx;
const char *message = "test";
// HMAC fails in that case because it checks for the correct purpose
TEST_ASSERT_EQUAL(ESP_ERR_HW_CRYPTO_DS_HMAC_FAIL, esp_ds_start_sign(message, &ds_data, HMAC_KEY0, &ctx));
}
TEST_CASE("Digital Signature Blocking wrong HMAC key purpose (FPGA only)", "[hw_crypto]")
{
esp_ds_data_t ds_data = {};
ds_data.rsa_length = ESP_DS_RSA_4096;
const char *message = "test";
uint8_t signature_data [128 * 4];
// HMAC fails in that case because it checks for the correct purpose
TEST_ASSERT_EQUAL(ESP_ERR_HW_CRYPTO_DS_HMAC_FAIL, esp_ds_sign(message, &ds_data, HMAC_KEY0, signature_data));
}
TEST_CASE("Digital Signature Operation (FPGA only)", "[hw_crypto]")
{
burn_hmac_keys();
for (int i = 0; i < NUM_CASES; i++) {
printf("Running test case %d...\n", i);
const encrypt_testcase_t *t = &test_cases[i];
// copy encrypt parameter test case into ds_data structure
esp_ds_data_t ds_data = { };
memcpy(ds_data.iv, t->iv, ETS_DS_IV_LEN);
memcpy(ds_data.c, t->expected_c, ETS_DS_C_LEN);
ds_data.rsa_length = t->p_data.length;
for (int j = 0; j < NUM_MESSAGES; j++) {
uint8_t signature[4096/8] = { 0 };
printf(" ... message %d\n", j);
esp_ds_context_t *esp_ds_ctx;
esp_err_t ds_r = esp_ds_start_sign(test_messages[j],
&ds_data,
t->hmac_key_idx + 1,
&esp_ds_ctx);
TEST_ASSERT_EQUAL(ESP_OK, ds_r);
ds_r = esp_ds_finish_sign(signature, esp_ds_ctx);
TEST_ASSERT_EQUAL(ESP_OK, ds_r);
TEST_ASSERT_EQUAL_HEX8_ARRAY(t->expected_results[j], signature, sizeof(signature));
}
}
}
TEST_CASE("Digital Signature Blocking Operation (FPGA only)", "[hw_crypto]")
{
burn_hmac_keys();
for (int i = 0; i < NUM_CASES; i++) {
printf("Running test case %d...\n", i);
const encrypt_testcase_t *t = &test_cases[i];
// copy encrypt parameter test case into ds_data structure
esp_ds_data_t ds_data = { };
memcpy(ds_data.iv, t->iv, ETS_DS_IV_LEN);
memcpy(ds_data.c, t->expected_c, ETS_DS_C_LEN);
ds_data.rsa_length = t->p_data.length;
uint8_t signature[4096/8] = { 0 };
esp_ds_context_t *esp_ds_ctx;
esp_err_t ds_r = esp_ds_start_sign(test_messages[0],
&ds_data,
t->hmac_key_idx + 1,
&esp_ds_ctx);
TEST_ASSERT_EQUAL(ESP_OK, ds_r);
ds_r = esp_ds_finish_sign(signature, esp_ds_ctx);
TEST_ASSERT_EQUAL(ESP_OK, ds_r);
TEST_ASSERT_EQUAL_HEX8_ARRAY(t->expected_results[0], signature, sizeof(signature));
}
}
TEST_CASE("Digital Signature Invalid Data (FPGA only)", "[hw_crypto]")
{
burn_hmac_keys();
// Set up a valid test case
const encrypt_testcase_t *t = &test_cases[0];
esp_ds_data_t ds_data = { };
memcpy(ds_data.iv, t->iv, ETS_DS_IV_LEN);
memcpy(ds_data.c, t->expected_c, ETS_DS_C_LEN);
ds_data.rsa_length = t->p_data.length;
uint8_t signature[4096/8] = { 0 };
const uint8_t zero[4096/8] = { 0 };
// Corrupt the IV one bit at a time, rerun and expect failure
for (int bit = 0; bit < 128; bit++) {
printf("Corrupting IV bit %d...\n", bit);
ds_data.iv[bit / 8] ^= 1 << (bit % 8);
esp_ds_context_t *esp_ds_ctx;
esp_err_t ds_r = esp_ds_start_sign(test_messages[0], &ds_data, t->hmac_key_idx + 1, &esp_ds_ctx);
TEST_ASSERT_EQUAL(ESP_OK, ds_r);
ds_r = esp_ds_finish_sign(signature, esp_ds_ctx);
TEST_ASSERT_EQUAL(ESP_ERR_HW_CRYPTO_DS_INVALID_DIGEST, ds_r);
TEST_ASSERT_EQUAL_HEX8_ARRAY(zero, signature, 4096/8);
ds_data.iv[bit / 8] ^= 1 << (bit % 8);
}
// Corrupt encrypted key data one bit at a time, rerun and expect failure
printf("Corrupting C...\n");
for (int bit = 0; bit < ETS_DS_C_LEN * 8; bit++) {
printf("Corrupting C bit %d...\n", bit);
ds_data.c[bit / 8] ^= 1 << (bit % 8);
esp_ds_context_t *esp_ds_ctx;
esp_err_t ds_r = esp_ds_start_sign(test_messages[0], &ds_data, t->hmac_key_idx + 1, &esp_ds_ctx);
TEST_ASSERT_EQUAL(ESP_OK, ds_r);
ds_r = esp_ds_finish_sign(signature, esp_ds_ctx);
TEST_ASSERT_EQUAL(ESP_ERR_HW_CRYPTO_DS_INVALID_DIGEST, ds_r);
TEST_ASSERT_EQUAL_HEX8_ARRAY(zero, signature, 4096/8);
ds_data.c[bit / 8] ^= 1 << (bit % 8);
}
}
#endif // CONFIG_IDF_ENV_FPGA

103
components/esp32s2/test/test_sha.c
View File

@ -1,103 +0,0 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "esp_types.h"
#include "esp32s2/clk.h"
#include "esp_log.h"
#include "ccomp_timer.h"
#include "esp_heap_caps.h"
#include "idf_performance.h"
#include "unity.h"
#include "test_utils.h"
#include "mbedtls/sha1.h"
#include "mbedtls/sha256.h"
#include "mbedtls/sha512.h"
#include "sha/sha_dma.h"
/* Note: Most of the SHA functions are called as part of mbedTLS, so
are tested as part of mbedTLS tests. Only esp_sha() is different.
*/
#define TAG "sha_test"
TEST_CASE("Test esp_sha()", "[hw_crypto]")
{
const size_t BUFFER_SZ = 32 * 1024 + 6; // NB: not an exact multiple of SHA block size
uint32_t us_sha1, us_sha512;
uint8_t sha1_result[20] = { 0 };
uint8_t sha512_result[64] = { 0 };
void *buffer = heap_caps_malloc(BUFFER_SZ, MALLOC_CAP_8BIT|MALLOC_CAP_INTERNAL);
TEST_ASSERT_NOT_NULL(buffer);
memset(buffer, 0xEE, BUFFER_SZ);
const uint8_t sha1_expected[20] = { 0xc7, 0xbb, 0xd3, 0x74, 0xf2, 0xf6, 0x20, 0x86,
0x61, 0xf4, 0x50, 0xd5, 0xf5, 0x18, 0x44, 0xcc,
0x7a, 0xb7, 0xa5, 0x4a };
const uint8_t sha512_expected[64] = { 0xc7, 0x7f, 0xda, 0x8c, 0xb3, 0x58, 0x14, 0x8a,
0x52, 0x3b, 0x46, 0x04, 0xc0, 0x85, 0xc5, 0xf0,
0x46, 0x64, 0x14, 0xd5, 0x96, 0x7a, 0xa2, 0x80,
0x20, 0x9c, 0x04, 0x27, 0x7d, 0x3b, 0xf9, 0x1f,
0xb2, 0xa3, 0x45, 0x3c, 0xa1, 0x6a, 0x8d, 0xdd,
0x35, 0x5e, 0x35, 0x57, 0x76, 0x22, 0x74, 0xd8,
0x1e, 0x07, 0xc6, 0xa2, 0x9e, 0x3b, 0x65, 0x75,
0x80, 0x7d, 0xe6, 0x6e, 0x47, 0x61, 0x2c, 0x94 };
ccomp_timer_start();;
esp_sha(SHA1, buffer, BUFFER_SZ, sha1_result);
us_sha1 = ccomp_timer_stop();
TEST_ASSERT_EQUAL_HEX8_ARRAY(sha1_expected, sha1_result, sizeof(sha1_expected));
ESP_LOGI(TAG, "esp_sha() 32KB SHA1 in %u us", us_sha1);
ccomp_timer_start();;
esp_sha(SHA2_512, buffer, BUFFER_SZ, sha512_result);
us_sha512 = ccomp_timer_stop();
TEST_ASSERT_EQUAL_HEX8_ARRAY(sha512_expected, sha512_result, sizeof(sha512_expected));
ESP_LOGI(TAG, "esp_sha() 32KB SHA512 in %u us", us_sha512);
free(buffer);
TEST_PERFORMANCE_CCOMP_LESS_THAN(TIME_SHA1_32KB, "%dus", us_sha1);
TEST_PERFORMANCE_CCOMP_LESS_THAN(TIME_SHA512_32KB, "%dus", us_sha512);
}
TEST_CASE("Test esp_sha() function with long input", "[hw_crypto]")
{
const void* ptr;
spi_flash_mmap_handle_t handle;
uint8_t sha1_espsha[20] = { 0 };
uint8_t sha1_mbedtls[20] = { 0 };
uint8_t sha256_espsha[32] = { 0 };
uint8_t sha256_mbedtls[32] = { 0 };
uint8_t sha512_espsha[64] = { 0 };
uint8_t sha512_mbedtls[64] = { 0 };
const size_t LEN = 1024 * 1024;
/* mmap() 1MB of flash, we don't care what it is really */
esp_err_t err = spi_flash_mmap(0x0, LEN, SPI_FLASH_MMAP_DATA, &ptr, &handle);
TEST_ASSERT_EQUAL_HEX32(ESP_OK, err);
TEST_ASSERT_NOT_NULL(ptr);
/* Compare esp_sha() result to the mbedTLS result, should always be the same */
esp_sha(SHA1, ptr, LEN, sha1_espsha);
int r = mbedtls_sha1_ret(ptr, LEN, sha1_mbedtls);
TEST_ASSERT_EQUAL(0, r);
esp_sha(SHA2_256, ptr, LEN, sha256_espsha);
r = mbedtls_sha256_ret(ptr, LEN, sha256_mbedtls, 0);
TEST_ASSERT_EQUAL(0, r);
esp_sha(SHA2_512, ptr, LEN, sha512_espsha);
r = mbedtls_sha512_ret(ptr, LEN, sha512_mbedtls, 0);
TEST_ASSERT_EQUAL(0, r);
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha1_espsha, sha1_mbedtls, sizeof(sha1_espsha), "SHA1 results should match");
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha256_espsha, sha256_mbedtls, sizeof(sha256_espsha), "SHA256 results should match");
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha512_espsha, sha512_mbedtls, sizeof(sha512_espsha), "SHA512 results should match");
}

1
components/esp32s3/CMakeLists.txt
View File

@ -13,7 +13,6 @@ else()
# Regular app build
set(srcs "dport_access.c"
"esp_crypto_lock.c"
"spiram.c"
"spi_timing_config.c")
set(include_dirs "include")

8
components/esp_common/src/esp_err_to_name.c
View File

@ -5,9 +5,6 @@
#if __has_include("soc/soc.h")
#include "soc/soc.h"
#endif
#if __has_include("esp_ds.h")
#include "esp_ds.h"
#endif
#if __has_include("esp_efuse.h")
#include "esp_efuse.h"
#endif
@ -59,6 +56,9 @@
#if __has_include("nvs.h")
#include "nvs.h"
#endif
#if __has_include("soc/esp32s2/esp_ds.h")
#include "soc/esp32s2/esp_ds.h"
#endif
#if __has_include("ulp_common.h")
#include "ulp_common.h"
#endif
@ -740,7 +740,7 @@ static const esp_err_msg_t esp_err_msg_table[] = {
ERR_TBL_IT(ESP_ERR_HW_CRYPTO_BASE), /* 49152 0xc000 Starting number of HW cryptography
module error codes */
# endif
// components/esp32s2/include/esp_ds.h
// components/esp_hw_support/include/soc/esp32s2/esp_ds.h
# ifdef ESP_ERR_HW_CRYPTO_DS_HMAC_FAIL
ERR_TBL_IT(ESP_ERR_HW_CRYPTO_DS_HMAC_FAIL), /* 49153 0xc001 HMAC peripheral problem */
# endif

2
components/esp_hw_support/CMakeLists.txt
View File

@ -25,7 +25,7 @@ else()
endif()
idf_component_register(SRCS ${srcs}
INCLUDE_DIRS include include/soc
INCLUDE_DIRS include include/soc include/soc/${target}
PRIV_INCLUDE_DIRS port/include
REQUIRES ${requires}
PRIV_REQUIRES ${priv_requires}

0
components/esp32c3/include/esp_crypto_lock.h → components/esp_hw_support/include/soc/esp32c3/esp_crypto_lock.h
View File

0
components/esp32c3/include/esp_ds.h → components/esp_hw_support/include/soc/esp32c3/esp_ds.h
View File

0
components/esp32c3/include/esp_hmac.h → components/esp_hw_support/include/soc/esp32c3/esp_hmac.h
View File

0
components/esp32s2/include/esp_crypto_lock.h → components/esp_hw_support/include/soc/esp32s2/esp_crypto_lock.h
View File

0
components/esp32s2/include/esp_ds.h → components/esp_hw_support/include/soc/esp32s2/esp_ds.h
View File

0
components/esp32s2/include/esp_hmac.h → components/esp_hw_support/include/soc/esp32s2/esp_hmac.h
View File

0
components/esp32s3/include/esp_crypto_lock.h → components/esp_hw_support/include/soc/esp32s3/esp_crypto_lock.h
View File

6
components/esp_hw_support/port/esp32c3/CMakeLists.txt
View File

@ -9,7 +9,11 @@ set(srcs "cpu_util_esp32c3.c"
)
if(NOT BOOTLOADER_BUILD)
list(APPEND srcs "../async_memcpy_impl_gdma.c" "memprot.c")
list(APPEND srcs "../async_memcpy_impl_gdma.c"
"memprot.c"
"esp_hmac.c"
"esp_crypto_lock.c"
"esp_ds.c")
endif()
add_prefix(srcs "${CMAKE_CURRENT_LIST_DIR}/" "${srcs}")

0
components/esp32c3/esp_crypto_lock.c → components/esp_hw_support/port/esp32c3/esp_crypto_lock.c
View File

0
components/esp32c3/esp_ds.c → components/esp_hw_support/port/esp32c3/esp_ds.c
View File

0
components/esp32c3/esp_hmac.c → components/esp_hw_support/port/esp32c3/esp_hmac.c
View File

6
components/esp_hw_support/port/esp32s2/CMakeLists.txt
View File

@ -14,7 +14,11 @@ set(srcs
)
if(NOT BOOTLOADER_BUILD)
list(APPEND srcs "async_memcpy_impl_cp_dma.c" "memprot.c")
list(APPEND srcs "async_memcpy_impl_cp_dma.c"
"memprot.c"
"esp_hmac.c"
"esp_crypto_lock.c"
"esp_ds.c")
endif()
add_prefix(srcs "${CMAKE_CURRENT_LIST_DIR}/" "${srcs}")

0
components/esp32s2/esp_crypto_lock.c → components/esp_hw_support/port/esp32s2/esp_crypto_lock.c
View File

0
components/esp32s2/esp_ds.c → components/esp_hw_support/port/esp32s2/esp_ds.c
View File

0
components/esp32s2/esp_hmac.c → components/esp_hw_support/port/esp32s2/esp_hmac.c
View File

4
components/esp_hw_support/port/esp32s3/CMakeLists.txt
View File

@ -13,7 +13,9 @@ set(srcs
)
if(NOT BOOTLOADER_BUILD)
list(APPEND srcs "../async_memcpy_impl_gdma.c" "memprot.c")
list(APPEND srcs "../async_memcpy_impl_gdma.c"
"esp_crypto_lock.c"
"memprot.c")
endif()
add_prefix(srcs "${CMAKE_CURRENT_LIST_DIR}/" "${srcs}")

0
components/esp32s3/esp_crypto_lock.c → components/esp_hw_support/port/esp32s3/esp_crypto_lock.c
View File

0
components/esp32c3/test/digital_signature_test_cases.h → components/esp_hw_support/test/digital_signature_test_cases_3072.h
View File

0
components/esp32s2/test/digital_signature_test_cases.h → components/esp_hw_support/test/digital_signature_test_cases_4096.h
View File

0
components/esp32s2/test/gen_digital_signature_tests.py → components/esp_hw_support/test/gen_digital_signature_tests.py
View File

101
components/esp32c3/test/test_ds.c → components/esp_hw_support/test/test_ds.c
View File

@ -12,16 +12,32 @@
// See the License for the specific language governing permissions and
// limitations under the License.
#include <string.h>
#include "unity.h"
#include "soc/soc_caps.h"
#if SOC_DIG_SIGN_SUPPORTED
#if CONFIG_IDF_TARGET_ESP32S2
#include "esp32s2/rom/efuse.h"
#include "esp32s2/rom/digital_signature.h"
#include "esp32s2/rom/aes.h"
#include "esp32s2/rom/sha.h"
#elif CONFIG_IDF_TARGET_ESP32C3
#include "esp32c3/rom/efuse.h"
#include "esp32c3/rom/digital_signature.h"
#include "esp32c3/rom/hmac.h"
#include <string.h>
#endif
#include "esp_ds.h"
#define NUM_RESULTS 10
#if CONFIG_IDF_TARGET_ESP32S2
#define DS_MAX_BITS (4096)
#elif CONFIG_IDF_TARGET_ESP32C3
#define DS_MAX_BITS (ETS_DS_MAX_BITS)
#endif
typedef struct {
uint8_t iv[ETS_DS_IV_LEN];
@ -31,9 +47,16 @@ typedef struct {
uint32_t expected_results[NUM_RESULTS][DS_MAX_BITS/32];
} encrypt_testcase_t;
// Generated header (components/esp32s2/test/gen_digital_signature_tests.py) defines
// Generated header digital_signature_test_cases_<bits>.h (by gen_digital_signature_tests.py) defines
// NUM_HMAC_KEYS, test_hmac_keys, NUM_MESSAGES, NUM_CASES, test_messages[], test_cases[]
#include "digital_signature_test_cases.h"
// Some adaptations were made: removed the 512 bit case and changed RSA lengths to the enums from esp_ds.h
#if DS_MAX_BITS == 4096
#define RSA_LEN (ESP_DS_RSA_4096)
#include "digital_signature_test_cases_4096.h"
#elif DS_MAX_BITS == 3072
#define RSA_LEN (ESP_DS_RSA_3072)
#include "digital_signature_test_cases_3072.h"
#endif
_Static_assert(NUM_RESULTS == NUM_MESSAGES, "expected_results size should be the same as NUM_MESSAGES in generated header");
@ -81,16 +104,15 @@ TEST_CASE("Digital Signature Parameter Encryption", "[hw_crypto] [ds]")
esp_ds_data_t result = { };
esp_ds_p_data_t p_data;
memcpy(p_data.Y, t->p_data.Y, ESP_DS_SIGNATURE_MAX_BIT_LEN/8);
memcpy(p_data.M, t->p_data.M, ESP_DS_SIGNATURE_MAX_BIT_LEN/8);
memcpy(p_data.Rb, t->p_data.Rb, ESP_DS_SIGNATURE_MAX_BIT_LEN/8);
memcpy(p_data.Y, t->p_data.Y, DS_MAX_BITS/8);
memcpy(p_data.M, t->p_data.M, DS_MAX_BITS/8);
memcpy(p_data.Rb, t->p_data.Rb, DS_MAX_BITS/8);
p_data.M_prime = t->p_data.M_prime;
p_data.length = t->p_data.length;
esp_err_t r = esp_ds_encrypt_params(&result, t->iv, &p_data,
test_hmac_keys[t->hmac_key_idx]);
printf("Encrypting test case %d done\n", i);
TEST_ASSERT_EQUAL(ESP_OK, r);
TEST_ASSERT_EQUAL(t->p_data.length, result.rsa_length);
TEST_ASSERT_EQUAL_HEX8_ARRAY(t->iv, result.iv, ETS_DS_IV_LEN);
@ -101,7 +123,7 @@ TEST_CASE("Digital Signature Parameter Encryption", "[hw_crypto] [ds]")
TEST_CASE("Digital Signature start Invalid message", "[hw_crypto] [ds]")
{
esp_ds_data_t ds_data = { };
ds_data.rsa_length = ESP_DS_RSA_3072;
ds_data.rsa_length = RSA_LEN;
esp_ds_context_t *ctx;
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_start_sign(NULL, &ds_data, HMAC_KEY1, &ctx));
@ -118,7 +140,7 @@ TEST_CASE("Digital Signature start Invalid data", "[hw_crypto] [ds]")
TEST_CASE("Digital Signature start Invalid context", "[hw_crypto] [ds]")
{
esp_ds_data_t ds_data = {};
ds_data.rsa_length = ESP_DS_RSA_3072;
ds_data.rsa_length = RSA_LEN;
const char *message = "test";
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_start_sign(message, &ds_data, HMAC_KEY1, NULL));
@ -145,7 +167,7 @@ TEST_CASE("Digital Signature RSA length too long", "[hw_crypto] [ds]")
TEST_CASE("Digital Signature start HMAC key out of range", "[hw_crypto] [ds]")
{
esp_ds_data_t ds_data = {};
ds_data.rsa_length = ESP_DS_RSA_3072;
ds_data.rsa_length = RSA_LEN;
esp_ds_context_t *ctx;
const char *message = "test";
@ -170,7 +192,7 @@ TEST_CASE("Digital Signature finish Invalid context", "[hw_crypto] [ds]")
TEST_CASE("Digital Signature Blocking Invalid message", "[hw_crypto] [ds]")
{
esp_ds_data_t ds_data = { };
ds_data.rsa_length = ESP_DS_RSA_3072;
ds_data.rsa_length = RSA_LEN;
uint8_t signature_data [128 * 4];
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_sign(NULL, &ds_data, HMAC_KEY1, signature_data));
@ -187,7 +209,7 @@ TEST_CASE("Digital Signature Blocking Invalid data", "[hw_crypto] [ds]")
TEST_CASE("Digital Signature Blocking Invalid signature ptr", "[hw_crypto] [ds]")
{
esp_ds_data_t ds_data = {};
ds_data.rsa_length = ESP_DS_RSA_3072;
ds_data.rsa_length = RSA_LEN;
const char *message = "test";
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_sign(message, &ds_data, HMAC_KEY1, NULL));
@ -226,17 +248,26 @@ TEST_CASE("Digital Signature Blocking HMAC key out of range", "[hw_crypto] [ds]"
#if CONFIG_IDF_ENV_FPGA
// Burn eFuse blocks 1, 2 and 3. Block 0 is used for HMAC tests already.
static void burn_hmac_keys(void)
{
printf("Burning %d HMAC keys to efuse...\n", NUM_HMAC_KEYS);
for (int i = 0; i < NUM_HMAC_KEYS; i++) {
// TODO: vary the purpose across the keys
ets_efuse_purpose_t purpose = ETS_EFUSE_KEY_PURPOSE_HMAC_DOWN_DIGITAL_SIGNATURE;
ets_efuse_write_key(ETS_EFUSE_BLOCK_KEY1 + i,
purpose,
test_hmac_keys[i], 32);
// starting from block 1, block 0 occupied with HMAC upstream test key
int __attribute__((unused)) ets_status = ets_efuse_write_key(ETS_EFUSE_BLOCK_KEY1 + i,
purpose,
test_hmac_keys[i], 32);
#if CONFIG_IDF_TARGET_ESP32S2
if (ets_status == ESP_OK) {
printf("written DS test key to block [%d]!\n", ETS_EFUSE_BLOCK_KEY1 + i);
} else {
printf("writing DS test key to block [%d] failed, maybe written already\n", ETS_EFUSE_BLOCK_KEY1 + i);
}
#endif
}
#if CONFIG_IDF_TARGET_ESP32C3
/* verify the keys are what we expect (possibly they're already burned, doesn't matter but they have to match) */
uint8_t block_compare[32];
for (int i = 0; i < NUM_HMAC_KEYS; i++) {
@ -244,6 +275,7 @@ static void burn_hmac_keys(void)
memcpy(block_compare, (void *)ets_efuse_get_read_register_address(ETS_EFUSE_BLOCK_KEY1 + i), 32);
TEST_ASSERT_EQUAL_HEX8_ARRAY(test_hmac_keys[i], block_compare, 32);
}
#endif
}
// This test uses the HMAC_KEY0 eFuse key which hasn't been burned by burn_hmac_keys().
@ -251,12 +283,16 @@ static void burn_hmac_keys(void)
TEST_CASE("Digital Signature wrong HMAC key purpose (FPGA only)", "[hw_crypto] [ds]")
{
esp_ds_data_t ds_data = {};
ds_data.rsa_length = ESP_DS_RSA_3072;
ds_data.rsa_length = RSA_LEN;
esp_ds_context_t *ctx;
const char *message = "test";
// HMAC fails in that case because it checks for the correct purpose
#if CONFIG_IDF_TARGET_ESP32S2
TEST_ASSERT_EQUAL(ESP_ERR_HW_CRYPTO_DS_HMAC_FAIL, esp_ds_start_sign(message, &ds_data, HMAC_KEY0, &ctx));
#elif CONFIG_IDF_TARGET_ESP32C3
TEST_ASSERT_EQUAL(ESP32C3_ERR_HW_CRYPTO_DS_HMAC_FAIL, esp_ds_start_sign(message, &ds_data, HMAC_KEY0, &ctx));
#endif
}
// This test uses the HMAC_KEY0 eFuse key which hasn't been burned by burn_hmac_keys().
@ -264,12 +300,16 @@ TEST_CASE("Digital Signature wrong HMAC key purpose (FPGA only)", "[hw_crypto] [
TEST_CASE("Digital Signature Blocking wrong HMAC key purpose (FPGA only)", "[hw_crypto] [ds]")
{
esp_ds_data_t ds_data = {};
ds_data.rsa_length = ESP_DS_RSA_3072;
ds_data.rsa_length = RSA_LEN;
const char *message = "test";
uint8_t signature_data [128 * 4];
// HMAC fails in that case because it checks for the correct purpose
#if CONFIG_IDF_TARGET_ESP32S2
TEST_ASSERT_EQUAL(ESP_ERR_HW_CRYPTO_DS_HMAC_FAIL, esp_ds_sign(message, &ds_data, HMAC_KEY0, signature_data));
#elif CONFIG_IDF_TARGET_ESP32C3
TEST_ASSERT_EQUAL(ESP32C3_ERR_HW_CRYPTO_DS_HMAC_FAIL, esp_ds_sign(message, &ds_data, HMAC_KEY0, signature_data));
#endif
}
TEST_CASE("Digital Signature Operation (FPGA only)", "[hw_crypto] [ds]")
@ -291,6 +331,7 @@ TEST_CASE("Digital Signature Operation (FPGA only)", "[hw_crypto] [ds]")
printf(" ... message %d\n", j);
esp_ds_context_t *esp_ds_ctx;
esp_err_t ds_r = esp_ds_start_sign(test_messages[j],
&ds_data,
t->hmac_key_idx + 1,
@ -302,8 +343,9 @@ TEST_CASE("Digital Signature Operation (FPGA only)", "[hw_crypto] [ds]")
TEST_ASSERT_EQUAL_HEX8_ARRAY(t->expected_results[j], signature, sizeof(signature));
}
#if CONFIG_IDF_TARGET_ESP32C3
ets_hmac_invalidate_downstream(ETS_EFUSE_KEY_PURPOSE_HMAC_DOWN_DIGITAL_SIGNATURE);
#endif
}
}
@ -322,12 +364,24 @@ TEST_CASE("Digital Signature Blocking Operation (FPGA only)", "[hw_crypto] [ds]"
ds_data.rsa_length = t->p_data.length;
uint8_t signature[DS_MAX_BITS/8] = { 0 };
#if CONFIG_IDF_TARGET_ESP32S2
esp_ds_context_t *esp_ds_ctx;
esp_err_t ds_r = esp_ds_start_sign(test_messages[0],
&ds_data,
t->hmac_key_idx + 1,
&esp_ds_ctx);
TEST_ASSERT_EQUAL(ESP_OK, ds_r);
ds_r = esp_ds_finish_sign(signature, esp_ds_ctx);
TEST_ASSERT_EQUAL(ESP_OK, ds_r);
#elif CONFIG_IDF_TARGET_ESP32C3
esp_err_t ds_r = esp_ds_sign(test_messages[0],
&ds_data,
t->hmac_key_idx + 1,
signature);
TEST_ASSERT_EQUAL(ESP_OK, ds_r);
#endif
TEST_ASSERT_EQUAL_HEX8_ARRAY(t->expected_results[0], signature, sizeof(signature));
}
@ -356,7 +410,11 @@ TEST_CASE("Digital Signature Invalid Data (FPGA only)", "[hw_crypto] [ds]")
esp_err_t ds_r = esp_ds_start_sign(test_messages[0], &ds_data, t->hmac_key_idx + 1, &esp_ds_ctx);
TEST_ASSERT_EQUAL(ESP_OK, ds_r);
ds_r = esp_ds_finish_sign(signature, esp_ds_ctx);
#if CONFIG_IDF_TARGET_ESP32S2
TEST_ASSERT_EQUAL(ESP_ERR_HW_CRYPTO_DS_INVALID_DIGEST, ds_r);
#elif CONFIG_IDF_TARGET_ESP32C3
TEST_ASSERT_EQUAL(ESP32C3_ERR_HW_CRYPTO_DS_INVALID_DIGEST, ds_r);
#endif
TEST_ASSERT_EQUAL_HEX8_ARRAY(zero, signature, DS_MAX_BITS/8);
ds_data.iv[bit / 8] ^= 1 << (bit % 8);
@ -372,7 +430,11 @@ TEST_CASE("Digital Signature Invalid Data (FPGA only)", "[hw_crypto] [ds]")
esp_err_t ds_r = esp_ds_start_sign(test_messages[0], &ds_data, t->hmac_key_idx + 1, &esp_ds_ctx);
TEST_ASSERT_EQUAL(ESP_OK, ds_r);
ds_r = esp_ds_finish_sign(signature, esp_ds_ctx);
#if CONFIG_IDF_TARGET_ESP32S2
TEST_ASSERT_EQUAL(ESP_ERR_HW_CRYPTO_DS_INVALID_DIGEST, ds_r);
#elif CONFIG_IDF_TARGET_ESP32C3
TEST_ASSERT_EQUAL(ESP32C3_ERR_HW_CRYPTO_DS_INVALID_DIGEST, ds_r);
#endif
TEST_ASSERT_EQUAL_HEX8_ARRAY(zero, signature, DS_MAX_BITS/8);
ds_data.c[bit / 8] ^= 1 << (bit % 8);
@ -380,3 +442,4 @@ TEST_CASE("Digital Signature Invalid Data (FPGA only)", "[hw_crypto] [ds]")
}
#endif // CONFIG_IDF_ENV_FPGA
#endif // SOC_DIG_SIGN_SUPPORTED

6
components/esp32s2/test/test_hmac.c → components/esp_hw_support/test/test_hmac.c
View File

@ -12,12 +12,14 @@
// See the License for the specific language governing permissions and
// limitations under the License.
#include "esp_hmac.h"
#include "unity.h"
#include "esp_efuse.h"
#include "esp_efuse_table.h"
#include "esp_log.h"
#if SOC_HMAC_SUPPORTED
#include "esp_hmac.h"
#if CONFIG_IDF_ENV_FPGA
#include "esp32s2/rom/efuse.h"
@ -1033,3 +1035,5 @@ TEST_CASE("HMAC key out of range", "[hw_crypto]")
}
#endif // CONFIG_IDF_ENV_FPGA
#endif // SOC_HMAC_SUPPORTED

11
components/hal/include/hal/sha_types.h
View File

@ -19,25 +19,26 @@
/* Use enum from rom for backwards compatibility */
#if CONFIG_IDF_TARGET_ESP32
#include "esp32/rom/sha.h"
typedef enum SHA_TYPE esp_sha_type;
#elif CONFIG_IDF_TARGET_ESP32S2
#include "esp32s2/rom/sha.h"
typedef SHA_TYPE esp_sha_type;
#elif CONFIG_IDF_TARGET_ESP32S3
#include "esp32s3/rom/sha.h"
typedef SHA_TYPE esp_sha_type;
#elif CONFIG_IDF_TARGET_ESP32C3
#include "esp32c3/rom/sha.h"
typedef SHA_TYPE esp_sha_type;
#elif CONFIG_IDF_TARGET_ESP32H2
#include "esp32h2/rom/sha.h"
typedef SHA_TYPE esp_sha_type;
#endif
#ifdef __cplusplus
extern "C" {
#endif
/* Use enum from rom for backwards compatibility */
#if CONFIG_IDF_TARGET_ESP32
typedef enum SHA_TYPE esp_sha_type;
#else
typedef SHA_TYPE esp_sha_type;
#endif
#ifdef __cplusplus
}

0
components/esp32/test/test_aes_sha_rsa.c → components/mbedtls/test/test_aes_sha_rsa.c.bak
View File

39
components/esp32/test/test_sha.c → components/mbedtls/test/test_sha.c
View File

@ -7,19 +7,31 @@
#include <stdlib.h>
#include <string.h>
#include "esp_types.h"
#include "esp32/clk.h"
#include "esp_log.h"
#include "esp_timer.h"
#include "ccomp_timer.h"
#include "esp_heap_caps.h"
#include "idf_performance.h"
#if CONFIG_IDF_TARGET_ESP32
#include "esp32/clk.h"
#elif CONFIG_IDF_TARGET_ESP32S2
#include "esp32s2/clk.h"
#elif CONFIG_IDF_TARGET_ESP32C3
#include "esp32c3/clk.h"
#endif
#include "soc/soc_caps.h"
#include "unity.h"
#include "test_utils.h"
#include "mbedtls/sha1.h"
#include "mbedtls/sha256.h"
#if SOC_SHA_SUPPORT_SHA512
#include "mbedtls/sha512.h"
#endif
#include "sha/sha_parallel_engine.h"
#include "ccomp_timer.h"
/* Note: Most of the SHA functions are called as part of mbedTLS, so
are tested as part of mbedTLS tests. Only esp_sha() is different.
@ -32,9 +44,14 @@ TEST_CASE("Test esp_sha()", "[hw_crypto]")
const size_t BUFFER_SZ = 32 * 1024 + 6; // NB: not an exact multiple of SHA block size
int64_t elapsed;
uint32_t us_sha1, us_sha512;
uint32_t us_sha1;
uint8_t sha1_result[20] = { 0 };
#if SOC_SHA_SUPPORT_SHA512
uint32_t us_sha512;
uint8_t sha512_result[64] = { 0 };
#endif
void *buffer = heap_caps_malloc(BUFFER_SZ, MALLOC_CAP_8BIT|MALLOC_CAP_INTERNAL);
TEST_ASSERT_NOT_NULL(buffer);
memset(buffer, 0xEE, BUFFER_SZ);
@ -42,6 +59,7 @@ TEST_CASE("Test esp_sha()", "[hw_crypto]")
const uint8_t sha1_expected[20] = { 0xc7, 0xbb, 0xd3, 0x74, 0xf2, 0xf6, 0x20, 0x86,
0x61, 0xf4, 0x50, 0xd5, 0xf5, 0x18, 0x44, 0xcc,
0x7a, 0xb7, 0xa5, 0x4a };
#if SOC_SHA_SUPPORT_SHA512
const uint8_t sha512_expected[64] = { 0xc7, 0x7f, 0xda, 0x8c, 0xb3, 0x58, 0x14, 0x8a,
0x52, 0x3b, 0x46, 0x04, 0xc0, 0x85, 0xc5, 0xf0,
0x46, 0x64, 0x14, 0xd5, 0x96, 0x7a, 0xa2, 0x80,
@ -50,6 +68,7 @@ TEST_CASE("Test esp_sha()", "[hw_crypto]")
0x35, 0x5e, 0x35, 0x57, 0x76, 0x22, 0x74, 0xd8,
0x1e, 0x07, 0xc6, 0xa2, 0x9e, 0x3b, 0x65, 0x75,
0x80, 0x7d, 0xe6, 0x6e, 0x47, 0x61, 0x2c, 0x94 };
#endif
ccomp_timer_start();
esp_sha(SHA1, buffer, BUFFER_SZ, sha1_result);
@ -58,6 +77,7 @@ TEST_CASE("Test esp_sha()", "[hw_crypto]")
us_sha1 = elapsed;
ESP_LOGI(TAG, "esp_sha() 32KB SHA1 in %u us", us_sha1);
#if SOC_SHA_SUPPORT_SHA512
ccomp_timer_start();
esp_sha(SHA2_512, buffer, BUFFER_SZ, sha512_result);
elapsed = ccomp_timer_stop();
@ -65,11 +85,15 @@ TEST_CASE("Test esp_sha()", "[hw_crypto]")
us_sha512 = elapsed;
ESP_LOGI(TAG, "esp_sha() 32KB SHA512 in %u us", us_sha512);
#endif
free(buffer);
TEST_PERFORMANCE_CCOMP_LESS_THAN(TIME_SHA1_32KB, "%dus", us_sha1);
#if SOC_SHA_SUPPORT_SHA512
TEST_PERFORMANCE_CCOMP_LESS_THAN(TIME_SHA512_32KB, "%dus", us_sha512);
#endif
}
TEST_CASE("Test esp_sha() function with long input", "[hw_crypto]")
@ -80,8 +104,11 @@ TEST_CASE("Test esp_sha() function with long input", "[hw_crypto]")
uint8_t sha1_mbedtls[20] = { 0 };
uint8_t sha256_espsha[32] = { 0 };
uint8_t sha256_mbedtls[32] = { 0 };
#if SOC_SHA_SUPPORT_SHA512
uint8_t sha512_espsha[64] = { 0 };
uint8_t sha512_mbedtls[64] = { 0 };
#endif
const size_t LEN = 1024 * 1024;
@ -101,13 +128,17 @@ TEST_CASE("Test esp_sha() function with long input", "[hw_crypto]")
r = mbedtls_sha256_ret(ptr, LEN, sha256_mbedtls, 0);
TEST_ASSERT_EQUAL(0, r);
#if SOC_SHA_SUPPORT_SHA512
esp_sha(SHA2_512, ptr, LEN, sha512_espsha);
r = mbedtls_sha512_ret(ptr, LEN, sha512_mbedtls, 0);
TEST_ASSERT_EQUAL(0, r);
#endif
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha1_espsha, sha1_mbedtls, sizeof(sha1_espsha), "SHA1 results should match");
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha256_espsha, sha256_mbedtls, sizeof(sha256_espsha), "SHA256 results should match");
#if SOC_SHA_SUPPORT_SHA512
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha512_espsha, sha512_mbedtls, sizeof(sha512_espsha), "SHA512 results should match");
#endif
}

4
docs/doxygen/Doxyfile_esp32c3
View File

@ -1,4 +1,4 @@
INPUT += \
$(IDF_PATH)/components/driver/esp32c3/include/driver/temp_sensor.h \
$(IDF_PATH)/components/esp32s2/include/esp_ds.h \
$(IDF_PATH)/components/esp32c3/include/esp_hmac.h
$(IDF_PATH)/components/esp_hw_support/include/soc/esp32c3/esp_ds.h \
$(IDF_PATH)/components/esp_hw_support/include/soc/esp32c3/esp_hmac.h

4
docs/doxygen/Doxyfile_esp32s2
View File

@ -7,8 +7,8 @@ INPUT += \
$(IDF_PATH)/components/driver/esp32s2/include/driver/temp_sensor.h \
$(IDF_PATH)/components/soc/$(IDF_TARGET)/include/soc/touch_sensor_channel.h \
$(IDF_PATH)/components/driver/$(IDF_TARGET)/include/driver/touch_sensor.h \
$(IDF_PATH)/components/esp32s2/include/esp_hmac.h \
$(IDF_PATH)/components/esp32s2/include/esp_ds.h \
$(IDF_PATH)/components/esp_hw_support/include/soc/esp32s2/esp_ds.h \
$(IDF_PATH)/components/esp_hw_support/include/soc/esp32s2/esp_hmac.h \
$(IDF_PATH)/components/ulp/include/esp32s2/ulp_riscv.h \
$(IDF_PATH)/components/ulp/include/$(IDF_TARGET)/ulp.h \
$(IDF_PATH)/components/touch_element/include/touch_element/touch_element.h \

3
tools/ci/mypy_ignore_list.txt
View File

@ -1,9 +1,10 @@
components/app_update/otatool.py
components/efuse/efuse_table_gen.py
components/efuse/test_efuse_host/efuse_tests.py
components/esp32s2/test/gen_digital_signature_tests.py
components/esp_local_ctrl/python/esp_local_ctrl_pb2.py
components/esp_netif/test_apps/component_ut_test.py
components/esp_hw_support/test/gen_digital_signature_tests.py
components/espcoredump/corefile/elf.py
components/espcoredump/corefile/gdb.py
components/espcoredump/test/test_espcoredump.py
components/lwip/weekend_test/net_suite_test.py