mirror of
https://github.com/espressif/esp-idf.git
synced 2024-09-20 00:36:01 -04:00
esp32h2: Move from target component to esp_hw_support (new structure)
This commit is contained in:
Angus Gratton
Michael (XIAO Xufeng)
parent
867f13c6b7
commit
f0471b18b2
@ -1,66 +1,16 @@
|
||||
idf_build_get_property(target IDF_TARGET)
|
||||
idf_build_get_property(sdkconfig_header SDKCONFIG_HEADER)
|
||||
if(NOT "${target}" STREQUAL "esp32h2")
|
||||
return()
|
||||
endif()
|
||||
|
||||
if(BOOTLOADER_BUILD)
|
||||
# For bootloader, all we need from esp32h2 is headers
|
||||
idf_component_register(INCLUDE_DIRS include REQUIRES riscv)
|
||||
target_linker_script(${COMPONENT_LIB} INTERFACE "ld/esp32h2.peripherals.ld")
|
||||
else()
|
||||
# Regular app build
|
||||
|
||||
set(srcs "dport_access.c"
|
||||
"esp_hmac.c"
|
||||
"esp_ds.c"
|
||||
"esp_crypto_lock.c"
|
||||
"memprot.c")
|
||||
set(include_dirs "include")
|
||||
|
||||
set(requires driver efuse soc riscv) #unfortunately rom/uart uses SOC registers directly
|
||||
|
||||
# driver is a public requirement because esp_sleep.h uses gpio_num_t & touch_pad_t
|
||||
# app_update is added here because cpu_start.c uses esp_ota_get_app_description() function.
|
||||
# esp_timer is added here because cpu_start.c uses esp_timer
|
||||
set(priv_requires
|
||||
app_trace app_update bootloader_support log mbedtls nvs_flash
|
||||
pthread spi_flash vfs espcoredump esp_common esp_timer)
|
||||
|
||||
idf_component_register(SRCS "${srcs}"
|
||||
INCLUDE_DIRS "${include_dirs}"
|
||||
REQUIRES "${requires}"
|
||||
PRIV_REQUIRES "${priv_requires}"
|
||||
REQUIRED_IDF_TARGETS esp32h2)
|
||||
|
||||
target_linker_script(${COMPONENT_LIB} INTERFACE "${CMAKE_CURRENT_BINARY_DIR}/esp32h2_out.ld")
|
||||
|
||||
# Process the template file through the linker script generation mechanism, and use the output for linking the
|
||||
# final binary
|
||||
target_linker_script(${COMPONENT_LIB} INTERFACE "${CMAKE_CURRENT_LIST_DIR}/ld/esp32h2.project.ld.in"
|
||||
PROCESS "${CMAKE_CURRENT_BINARY_DIR}/ld/esp32h2.project.ld")
|
||||
target_linker_script(${COMPONENT_LIB} INTERFACE "ld/esp32h2.peripherals.ld")
|
||||
|
||||
target_link_libraries(${COMPONENT_LIB} PUBLIC gcc)
|
||||
target_link_libraries(${COMPONENT_LIB} INTERFACE "-u call_user_start_cpu0")
|
||||
|
||||
idf_build_get_property(config_dir CONFIG_DIR)
|
||||
# Preprocess esp32h2.ld linker script to include configuration, becomes esp32h2_out.ld
|
||||
set(LD_DIR ${CMAKE_CURRENT_SOURCE_DIR}/ld)
|
||||
add_custom_command(
|
||||
OUTPUT esp32h2_out.ld
|
||||
COMMAND "${CMAKE_C_COMPILER}" -C -P -x c -E -o esp32h2_out.ld -I ${config_dir} ${LD_DIR}/esp32h2.ld
|
||||
MAIN_DEPENDENCY ${LD_DIR}/esp32h2.ld
|
||||
DEPENDS ${sdkconfig_header}
|
||||
COMMENT "Generating linker script..."
|
||||
VERBATIM)
|
||||
|
||||
add_custom_target(esp32h2_linker_script DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/esp32h2_out.ld)
|
||||
add_dependencies(${COMPONENT_LIB} esp32h2_linker_script)
|
||||
|
||||
# disable stack protection in files which are involved in initialization of that feature
|
||||
set_source_files_properties(
|
||||
cpu_start.c
|
||||
PROPERTIES COMPILE_FLAGS
|
||||
-fno-stack-protector)
|
||||
if(NOT BOOTLOADER_BUILD)
|
||||
# [refactor-todo] propagate these requirements for compatibility
|
||||
# remove in the future
|
||||
set(legacy_reqs driver efuse soc)
|
||||
endif()
|
||||
|
||||
idf_component_register(INCLUDE_DIRS include
|
||||
REQUIRES riscv "${legacy_reqs}"
|
||||
REQUIRED_IDF_TARGETS esp32h2)
|
||||
|
||||
target_linker_script(${COMPONENT_LIB} INTERFACE "ld/esp32h2.peripherals.ld")
|
||||
|
||||
@ -1,9 +0,0 @@
|
||||
if(IDF_TARGET STREQUAL "esp32h2")
|
||||
idf_component_register(SRC_DIRS .
|
||||
INCLUDE_DIRS . ${CMAKE_CURRENT_BINARY_DIR}
|
||||
REQUIRES unity test_utils esp_common mbedtls
|
||||
)
|
||||
|
||||
idf_build_set_property(COMPILE_DEFINITIONS "-DESP_TIMER_DYNAMIC_OVERFLOW_VAL" APPEND)
|
||||
target_link_libraries(${COMPONENT_LIB} INTERFACE "-u ld_include_test_dport_xt_highint5")
|
||||
endif()
|
||||
@ -1,4 +0,0 @@
|
||||
#
|
||||
# Component Makefile (not used for tests, but CI checks test parity between GNU Make & CMake)
|
||||
#
|
||||
COMPONENT_CONFIG_ONLY := 1
|
||||
File diff suppressed because one or more lines are too long
@ -1,382 +0,0 @@
|
||||
// Copyright 2020 Espressif Systems (Shanghai) PTE LTD
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#include "unity.h"
|
||||
#include "esp32h2/rom/efuse.h"
|
||||
#include "esp32h2/rom/digital_signature.h"
|
||||
#include "esp32h2/rom/hmac.h"
|
||||
#include <string.h>
|
||||
|
||||
#include "esp_ds.h"
|
||||
|
||||
#define NUM_RESULTS 10
|
||||
#define DS_MAX_BITS (ETS_DS_MAX_BITS)
|
||||
|
||||
typedef struct {
|
||||
uint8_t iv[ETS_DS_IV_LEN];
|
||||
ets_ds_p_data_t p_data;
|
||||
uint8_t expected_c[ETS_DS_C_LEN];
|
||||
uint8_t hmac_key_idx;
|
||||
uint32_t expected_results[NUM_RESULTS][DS_MAX_BITS/32];
|
||||
} encrypt_testcase_t;
|
||||
|
||||
// Generated header (components/esp32s2/test/gen_digital_signature_tests.py) defines
|
||||
// NUM_HMAC_KEYS, test_hmac_keys, NUM_MESSAGES, NUM_CASES, test_messages[], test_cases[]
|
||||
#include "digital_signature_test_cases.h"
|
||||
|
||||
_Static_assert(NUM_RESULTS == NUM_MESSAGES, "expected_results size should be the same as NUM_MESSAGES in generated header");
|
||||
|
||||
TEST_CASE("Digital Signature Parameter Encryption data NULL", "[hw_crypto] [ds]")
|
||||
{
|
||||
const char iv [32];
|
||||
esp_ds_p_data_t p_data;
|
||||
const char key [32];
|
||||
|
||||
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_encrypt_params(NULL, iv, &p_data, key));
|
||||
}
|
||||
|
||||
TEST_CASE("Digital Signature Parameter Encryption iv NULL", "[hw_crypto] [ds]")
|
||||
{
|
||||
esp_ds_data_t data;
|
||||
esp_ds_p_data_t p_data;
|
||||
const char key [32];
|
||||
|
||||
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_encrypt_params(&data, NULL, &p_data, key));
|
||||
}
|
||||
|
||||
TEST_CASE("Digital Signature Parameter Encryption p_data NULL", "[hw_crypto] [ds]")
|
||||
{
|
||||
esp_ds_data_t data;
|
||||
const char iv [32];
|
||||
const char key [32];
|
||||
|
||||
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_encrypt_params(&data, iv, NULL, key));
|
||||
}
|
||||
|
||||
TEST_CASE("Digital Signature Parameter Encryption key NULL", "[hw_crypto] [ds]")
|
||||
{
|
||||
esp_ds_data_t data;
|
||||
const char iv [32];
|
||||
esp_ds_p_data_t p_data;
|
||||
|
||||
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_encrypt_params(&data, iv, &p_data, NULL));
|
||||
}
|
||||
|
||||
TEST_CASE("Digital Signature Parameter Encryption", "[hw_crypto] [ds]")
|
||||
{
|
||||
for (int i = 0; i < NUM_CASES; i++) {
|
||||
printf("Encrypting test case %d...\n", i);
|
||||
const encrypt_testcase_t *t = &test_cases[i];
|
||||
esp_ds_data_t result = { };
|
||||
esp_ds_p_data_t p_data;
|
||||
|
||||
memcpy(p_data.Y, t->p_data.Y, ESP_DS_SIGNATURE_MAX_BIT_LEN/8);
|
||||
memcpy(p_data.M, t->p_data.M, ESP_DS_SIGNATURE_MAX_BIT_LEN/8);
|
||||
memcpy(p_data.Rb, t->p_data.Rb, ESP_DS_SIGNATURE_MAX_BIT_LEN/8);
|
||||
p_data.M_prime = t->p_data.M_prime;
|
||||
p_data.length = t->p_data.length;
|
||||
|
||||
esp_err_t r = esp_ds_encrypt_params(&result, t->iv, &p_data,
|
||||
test_hmac_keys[t->hmac_key_idx]);
|
||||
printf("Encrypting test case %d done\n", i);
|
||||
|
||||
TEST_ASSERT_EQUAL(ESP_OK, r);
|
||||
TEST_ASSERT_EQUAL(t->p_data.length, result.rsa_length);
|
||||
TEST_ASSERT_EQUAL_HEX8_ARRAY(t->iv, result.iv, ETS_DS_IV_LEN);
|
||||
TEST_ASSERT_EQUAL_HEX8_ARRAY(t->expected_c, result.c, ETS_DS_C_LEN);
|
||||
}
|
||||
}
|
||||
|
||||
TEST_CASE("Digital Signature start Invalid message", "[hw_crypto] [ds]")
|
||||
{
|
||||
esp_ds_data_t ds_data = { };
|
||||
ds_data.rsa_length = ESP_DS_RSA_3072;
|
||||
esp_ds_context_t *ctx;
|
||||
|
||||
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_start_sign(NULL, &ds_data, HMAC_KEY1, &ctx));
|
||||
}
|
||||
|
||||
TEST_CASE("Digital Signature start Invalid data", "[hw_crypto] [ds]")
|
||||
{
|
||||
const char *message = "test";
|
||||
esp_ds_context_t *ctx;
|
||||
|
||||
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_start_sign(message, NULL, HMAC_KEY1, &ctx));
|
||||
}
|
||||
|
||||
TEST_CASE("Digital Signature start Invalid context", "[hw_crypto] [ds]")
|
||||
{
|
||||
esp_ds_data_t ds_data = {};
|
||||
ds_data.rsa_length = ESP_DS_RSA_3072;
|
||||
const char *message = "test";
|
||||
|
||||
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_start_sign(message, &ds_data, HMAC_KEY1, NULL));
|
||||
}
|
||||
|
||||
TEST_CASE("Digital Signature RSA length 0", "[hw_crypto] [ds]")
|
||||
{
|
||||
esp_ds_data_t ds_data = {};
|
||||
ds_data.rsa_length = 0;
|
||||
const char *message = "test";
|
||||
|
||||
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_start_sign(message, &ds_data, HMAC_KEY1, NULL));
|
||||
}
|
||||
|
||||
TEST_CASE("Digital Signature RSA length too long", "[hw_crypto] [ds]")
|
||||
{
|
||||
esp_ds_data_t ds_data = {};
|
||||
ds_data.rsa_length = 128;
|
||||
const char *message = "test";
|
||||
|
||||
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_start_sign(message, &ds_data, HMAC_KEY1, NULL));
|
||||
}
|
||||
|
||||
TEST_CASE("Digital Signature start HMAC key out of range", "[hw_crypto] [ds]")
|
||||
{
|
||||
esp_ds_data_t ds_data = {};
|
||||
ds_data.rsa_length = ESP_DS_RSA_3072;
|
||||
esp_ds_context_t *ctx;
|
||||
const char *message = "test";
|
||||
|
||||
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_start_sign(message, &ds_data, HMAC_KEY5 + 1, &ctx));
|
||||
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_start_sign(message, &ds_data, HMAC_KEY0 - 1, &ctx));
|
||||
}
|
||||
|
||||
TEST_CASE("Digital Signature finish Invalid signature ptr", "[hw_crypto] [ds]")
|
||||
{
|
||||
esp_ds_context_t *ctx = NULL;
|
||||
|
||||
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_finish_sign(NULL, ctx));
|
||||
}
|
||||
|
||||
TEST_CASE("Digital Signature finish Invalid context", "[hw_crypto] [ds]")
|
||||
{
|
||||
uint8_t signature_data [128 * 4];
|
||||
|
||||
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_finish_sign(signature_data, NULL));
|
||||
}
|
||||
|
||||
TEST_CASE("Digital Signature Blocking Invalid message", "[hw_crypto] [ds]")
|
||||
{
|
||||
esp_ds_data_t ds_data = { };
|
||||
ds_data.rsa_length = ESP_DS_RSA_3072;
|
||||
uint8_t signature_data [128 * 4];
|
||||
|
||||
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_sign(NULL, &ds_data, HMAC_KEY1, signature_data));
|
||||
}
|
||||
|
||||
TEST_CASE("Digital Signature Blocking Invalid data", "[hw_crypto] [ds]")
|
||||
{
|
||||
const char *message = "test";
|
||||
uint8_t signature_data [128 * 4];
|
||||
|
||||
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_sign(message, NULL, HMAC_KEY1, signature_data));
|
||||
}
|
||||
|
||||
TEST_CASE("Digital Signature Blocking Invalid signature ptr", "[hw_crypto] [ds]")
|
||||
{
|
||||
esp_ds_data_t ds_data = {};
|
||||
ds_data.rsa_length = ESP_DS_RSA_3072;
|
||||
const char *message = "test";
|
||||
|
||||
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_sign(message, &ds_data, HMAC_KEY1, NULL));
|
||||
}
|
||||
|
||||
TEST_CASE("Digital Signature Blocking RSA length 0", "[hw_crypto] [ds]")
|
||||
{
|
||||
esp_ds_data_t ds_data = {};
|
||||
ds_data.rsa_length = 0;
|
||||
const char *message = "test";
|
||||
uint8_t signature_data [128 * 4];
|
||||
|
||||
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_sign(message, &ds_data, HMAC_KEY1, signature_data));
|
||||
}
|
||||
|
||||
TEST_CASE("Digital Signature Blocking RSA length too long", "[hw_crypto] [ds]")
|
||||
{
|
||||
esp_ds_data_t ds_data = {};
|
||||
ds_data.rsa_length = 128;
|
||||
const char *message = "test";
|
||||
uint8_t signature_data [128 * 4];
|
||||
|
||||
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_sign(message, &ds_data, HMAC_KEY1, signature_data));
|
||||
}
|
||||
|
||||
TEST_CASE("Digital Signature Blocking HMAC key out of range", "[hw_crypto] [ds]")
|
||||
{
|
||||
esp_ds_data_t ds_data = {};
|
||||
ds_data.rsa_length = 127;
|
||||
const char *message = "test";
|
||||
uint8_t signature_data [128 * 4];
|
||||
|
||||
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_sign(message, &ds_data, HMAC_KEY5 + 1, signature_data));
|
||||
TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_ds_sign(message, &ds_data, HMAC_KEY0 - 1, signature_data));
|
||||
}
|
||||
|
||||
#if CONFIG_IDF_ENV_FPGA
|
||||
|
||||
// Burn eFuse blocks 1, 2 and 3. Block 0 is used for HMAC tests already.
|
||||
static void burn_hmac_keys(void)
|
||||
{
|
||||
printf("Burning %d HMAC keys to efuse...\n", NUM_HMAC_KEYS);
|
||||
for (int i = 0; i < NUM_HMAC_KEYS; i++) {
|
||||
// TODO: vary the purpose across the keys
|
||||
ets_efuse_purpose_t purpose = ETS_EFUSE_KEY_PURPOSE_HMAC_DOWN_DIGITAL_SIGNATURE;
|
||||
ets_efuse_write_key(ETS_EFUSE_BLOCK_KEY1 + i,
|
||||
purpose,
|
||||
test_hmac_keys[i], 32);
|
||||
}
|
||||
/* verify the keys are what we expect (possibly they're already burned, doesn't matter but they have to match) */
|
||||
uint8_t block_compare[32];
|
||||
for (int i = 0; i < NUM_HMAC_KEYS; i++) {
|
||||
printf("Checking key %d...\n", i);
|
||||
memcpy(block_compare, (void *)ets_efuse_get_read_register_address(ETS_EFUSE_BLOCK_KEY1 + i), 32);
|
||||
TEST_ASSERT_EQUAL_HEX8_ARRAY(test_hmac_keys[i], block_compare, 32);
|
||||
}
|
||||
}
|
||||
|
||||
// This test uses the HMAC_KEY0 eFuse key which hasn't been burned by burn_hmac_keys().
|
||||
// HMAC_KEY0 is usually used for HMAC upstream (user access) tests.
|
||||
TEST_CASE("Digital Signature wrong HMAC key purpose (FPGA only)", "[hw_crypto] [ds]")
|
||||
{
|
||||
esp_ds_data_t ds_data = {};
|
||||
ds_data.rsa_length = ESP_DS_RSA_3072;
|
||||
esp_ds_context_t *ctx;
|
||||
const char *message = "test";
|
||||
|
||||
// HMAC fails in that case because it checks for the correct purpose
|
||||
TEST_ASSERT_EQUAL(ESP32H2_ERR_HW_CRYPTO_DS_HMAC_FAIL, esp_ds_start_sign(message, &ds_data, HMAC_KEY0, &ctx));
|
||||
}
|
||||
|
||||
// This test uses the HMAC_KEY0 eFuse key which hasn't been burned by burn_hmac_keys().
|
||||
// HMAC_KEY0 is usually used for HMAC upstream (user access) tests.
|
||||
TEST_CASE("Digital Signature Blocking wrong HMAC key purpose (FPGA only)", "[hw_crypto] [ds]")
|
||||
{
|
||||
esp_ds_data_t ds_data = {};
|
||||
ds_data.rsa_length = ESP_DS_RSA_3072;
|
||||
const char *message = "test";
|
||||
uint8_t signature_data [128 * 4];
|
||||
|
||||
// HMAC fails in that case because it checks for the correct purpose
|
||||
TEST_ASSERT_EQUAL(ESP32H2_ERR_HW_CRYPTO_DS_HMAC_FAIL, esp_ds_sign(message, &ds_data, HMAC_KEY0, signature_data));
|
||||
}
|
||||
|
||||
TEST_CASE("Digital Signature Operation (FPGA only)", "[hw_crypto] [ds]")
|
||||
{
|
||||
burn_hmac_keys();
|
||||
|
||||
for (int i = 0; i < NUM_CASES; i++) {
|
||||
printf("Running test case %d...\n", i);
|
||||
const encrypt_testcase_t *t = &test_cases[i];
|
||||
|
||||
// copy encrypt parameter test case into ds_data structure
|
||||
esp_ds_data_t ds_data = { };
|
||||
memcpy(ds_data.iv, t->iv, ETS_DS_IV_LEN);
|
||||
memcpy(ds_data.c, t->expected_c, ETS_DS_C_LEN);
|
||||
ds_data.rsa_length = t->p_data.length;
|
||||
|
||||
for (int j = 0; j < NUM_MESSAGES; j++) {
|
||||
uint8_t signature[DS_MAX_BITS/8] = { 0 };
|
||||
printf(" ... message %d\n", j);
|
||||
|
||||
esp_ds_context_t *esp_ds_ctx;
|
||||
esp_err_t ds_r = esp_ds_start_sign(test_messages[j],
|
||||
&ds_data,
|
||||
t->hmac_key_idx + 1,
|
||||
&esp_ds_ctx);
|
||||
TEST_ASSERT_EQUAL(ESP_OK, ds_r);
|
||||
|
||||
ds_r = esp_ds_finish_sign(signature, esp_ds_ctx);
|
||||
TEST_ASSERT_EQUAL(ESP_OK, ds_r);
|
||||
|
||||
TEST_ASSERT_EQUAL_HEX8_ARRAY(t->expected_results[j], signature, sizeof(signature));
|
||||
}
|
||||
|
||||
ets_hmac_invalidate_downstream(ETS_EFUSE_KEY_PURPOSE_HMAC_DOWN_DIGITAL_SIGNATURE);
|
||||
}
|
||||
}
|
||||
|
||||
TEST_CASE("Digital Signature Blocking Operation (FPGA only)", "[hw_crypto] [ds]")
|
||||
{
|
||||
burn_hmac_keys();
|
||||
|
||||
for (int i = 0; i < NUM_CASES; i++) {
|
||||
printf("Running test case %d...\n", i);
|
||||
const encrypt_testcase_t *t = &test_cases[i];
|
||||
|
||||
// copy encrypt parameter test case into ds_data structure
|
||||
esp_ds_data_t ds_data = { };
|
||||
memcpy(ds_data.iv, t->iv, ETS_DS_IV_LEN);
|
||||
memcpy(ds_data.c, t->expected_c, ETS_DS_C_LEN);
|
||||
ds_data.rsa_length = t->p_data.length;
|
||||
|
||||
uint8_t signature[DS_MAX_BITS/8] = { 0 };
|
||||
|
||||
esp_err_t ds_r = esp_ds_sign(test_messages[0],
|
||||
&ds_data,
|
||||
t->hmac_key_idx + 1,
|
||||
signature);
|
||||
TEST_ASSERT_EQUAL(ESP_OK, ds_r);
|
||||
|
||||
TEST_ASSERT_EQUAL_HEX8_ARRAY(t->expected_results[0], signature, sizeof(signature));
|
||||
}
|
||||
}
|
||||
|
||||
TEST_CASE("Digital Signature Invalid Data (FPGA only)", "[hw_crypto] [ds]")
|
||||
{
|
||||
burn_hmac_keys();
|
||||
|
||||
// Set up a valid test case
|
||||
const encrypt_testcase_t *t = &test_cases[0];
|
||||
esp_ds_data_t ds_data = { };
|
||||
memcpy(ds_data.iv, t->iv, ETS_DS_IV_LEN);
|
||||
memcpy(ds_data.c, t->expected_c, ETS_DS_C_LEN);
|
||||
ds_data.rsa_length = t->p_data.length;
|
||||
|
||||
uint8_t signature[DS_MAX_BITS/8] = { 0 };
|
||||
const uint8_t zero[DS_MAX_BITS/8] = { 0 };
|
||||
|
||||
// Corrupt the IV one bit at a time, rerun and expect failure
|
||||
for (int bit = 0; bit < 128; bit++) {
|
||||
printf("Corrupting IV bit %d...\n", bit);
|
||||
ds_data.iv[bit / 8] ^= 1 << (bit % 8);
|
||||
esp_ds_context_t *esp_ds_ctx;
|
||||
|
||||
esp_err_t ds_r = esp_ds_start_sign(test_messages[0], &ds_data, t->hmac_key_idx + 1, &esp_ds_ctx);
|
||||
TEST_ASSERT_EQUAL(ESP_OK, ds_r);
|
||||
ds_r = esp_ds_finish_sign(signature, esp_ds_ctx);
|
||||
TEST_ASSERT_EQUAL(ESP32H2_ERR_HW_CRYPTO_DS_INVALID_DIGEST, ds_r);
|
||||
TEST_ASSERT_EQUAL_HEX8_ARRAY(zero, signature, DS_MAX_BITS/8);
|
||||
|
||||
ds_data.iv[bit / 8] ^= 1 << (bit % 8);
|
||||
}
|
||||
|
||||
// Corrupt encrypted key data one bit at a time, rerun and expect failure
|
||||
printf("Corrupting C...\n");
|
||||
for (int bit = 0; bit < ETS_DS_C_LEN * 8; bit++) {
|
||||
printf("Corrupting C bit %d...\n", bit);
|
||||
ds_data.c[bit / 8] ^= 1 << (bit % 8);
|
||||
esp_ds_context_t *esp_ds_ctx;
|
||||
|
||||
esp_err_t ds_r = esp_ds_start_sign(test_messages[0], &ds_data, t->hmac_key_idx + 1, &esp_ds_ctx);
|
||||
TEST_ASSERT_EQUAL(ESP_OK, ds_r);
|
||||
ds_r = esp_ds_finish_sign(signature, esp_ds_ctx);
|
||||
TEST_ASSERT_EQUAL(ESP32H2_ERR_HW_CRYPTO_DS_INVALID_DIGEST, ds_r);
|
||||
TEST_ASSERT_EQUAL_HEX8_ARRAY(zero, signature, DS_MAX_BITS/8);
|
||||
|
||||
ds_data.c[bit / 8] ^= 1 << (bit % 8);
|
||||
}
|
||||
}
|
||||
|
||||
#endif // CONFIG_IDF_ENV_FPGA
|
||||
@ -1,80 +0,0 @@
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include "esp_types.h"
|
||||
#include "esp32h2/clk.h"
|
||||
#include "esp_log.h"
|
||||
#include "esp_timer.h"
|
||||
#include "esp_heap_caps.h"
|
||||
#include "idf_performance.h"
|
||||
|
||||
#include "unity.h"
|
||||
#include "test_utils.h"
|
||||
#include "mbedtls/sha1.h"
|
||||
#include "mbedtls/sha256.h"
|
||||
#include "sha/sha_dma.h"
|
||||
|
||||
/* Note: Most of the SHA functions are called as part of mbedTLS, so
|
||||
are tested as part of mbedTLS tests. Only esp_sha() is different.
|
||||
*/
|
||||
|
||||
#define TAG "sha_test"
|
||||
|
||||
TEST_CASE("Test esp_sha()", "[hw_crypto]")
|
||||
{
|
||||
const size_t BUFFER_SZ = 32 * 1024 + 6; // NB: not an exact multiple of SHA block size
|
||||
|
||||
int64_t begin, end;
|
||||
uint32_t us_sha1;
|
||||
uint8_t sha1_result[20] = { 0 };
|
||||
void *buffer = heap_caps_malloc(BUFFER_SZ, MALLOC_CAP_8BIT|MALLOC_CAP_INTERNAL);
|
||||
TEST_ASSERT_NOT_NULL(buffer);
|
||||
memset(buffer, 0xEE, BUFFER_SZ);
|
||||
|
||||
const uint8_t sha1_expected[20] = { 0xc7, 0xbb, 0xd3, 0x74, 0xf2, 0xf6, 0x20, 0x86,
|
||||
0x61, 0xf4, 0x50, 0xd5, 0xf5, 0x18, 0x44, 0xcc,
|
||||
0x7a, 0xb7, 0xa5, 0x4a };
|
||||
|
||||
begin = esp_timer_get_time();
|
||||
esp_sha(SHA1, buffer, BUFFER_SZ, sha1_result);
|
||||
end = esp_timer_get_time();
|
||||
TEST_ASSERT_EQUAL_HEX8_ARRAY(sha1_expected, sha1_result, sizeof(sha1_expected));
|
||||
us_sha1 = end - begin;
|
||||
ESP_LOGI(TAG, "esp_sha() 32KB SHA1 in %u us", us_sha1);
|
||||
|
||||
free(buffer);
|
||||
|
||||
TEST_PERFORMANCE_CCOMP_LESS_THAN(TIME_SHA1_32KB, "%dus", us_sha1);
|
||||
}
|
||||
|
||||
TEST_CASE("Test esp_sha() function with long input", "[hw_crypto]")
|
||||
{
|
||||
const void* ptr;
|
||||
spi_flash_mmap_handle_t handle;
|
||||
uint8_t sha1_espsha[20] = { 0 };
|
||||
uint8_t sha1_mbedtls[20] = { 0 };
|
||||
uint8_t sha256_espsha[32] = { 0 };
|
||||
uint8_t sha256_mbedtls[32] = { 0 };
|
||||
|
||||
const size_t LEN = 1024 * 1024;
|
||||
|
||||
/* mmap() 1MB of flash, we don't care what it is really */
|
||||
esp_err_t err = spi_flash_mmap(0x0, LEN, SPI_FLASH_MMAP_DATA, &ptr, &handle);
|
||||
|
||||
TEST_ASSERT_EQUAL_HEX32(ESP_OK, err);
|
||||
TEST_ASSERT_NOT_NULL(ptr);
|
||||
|
||||
/* Compare esp_sha() result to the mbedTLS result, should always be the same */
|
||||
|
||||
esp_sha(SHA1, ptr, LEN, sha1_espsha);
|
||||
int r = mbedtls_sha1_ret(ptr, LEN, sha1_mbedtls);
|
||||
TEST_ASSERT_EQUAL(0, r);
|
||||
|
||||
esp_sha(SHA2_256, ptr, LEN, sha256_espsha);
|
||||
r = mbedtls_sha256_ret(ptr, LEN, sha256_mbedtls, 0);
|
||||
TEST_ASSERT_EQUAL(0, r);
|
||||
|
||||
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha1_espsha, sha1_mbedtls, sizeof(sha1_espsha), "SHA1 results should match");
|
||||
|
||||
TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha256_espsha, sha256_mbedtls, sizeof(sha256_espsha), "SHA256 results should match");
|
||||
}
|
||||
@ -20,6 +20,7 @@
|
||||
#pragma once
|
||||
|
||||
#include <stdbool.h>
|
||||
#include <stdint.h>
|
||||
#include "esp_attr.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
@ -9,7 +9,12 @@ set(srcs "cpu_util_esp32h2.c"
|
||||
)
|
||||
|
||||
if(NOT BOOTLOADER_BUILD)
|
||||
list(APPEND srcs "../async_memcpy_impl_gdma.c")
|
||||
list(APPEND srcs "../async_memcpy_impl_gdma.c"
|
||||
"memprot.c"
|
||||
"esp_hmac.c"
|
||||
"esp_crypto_lock.c"
|
||||
"esp_ds.c"
|
||||
"dport_access.c")
|
||||
endif()
|
||||
|
||||
add_prefix(srcs "${CMAKE_CURRENT_LIST_DIR}/" "${srcs}")
|
||||
@ -17,8 +22,3 @@ add_prefix(srcs "${CMAKE_CURRENT_LIST_DIR}/" "${srcs}")
|
||||
target_sources(${COMPONENT_LIB} PRIVATE "${srcs}")
|
||||
target_include_directories(${COMPONENT_LIB} PUBLIC . private_include)
|
||||
target_include_directories(${COMPONENT_LIB} PRIVATE ../hal)
|
||||
|
||||
if(NOT CMAKE_BUILD_EARLY_EXPANSION)
|
||||
set_source_files_properties("${CMAKE_CURRENT_LIST_DIR}/rtc_clk.c" PROPERTIES
|
||||
COMPILE_FLAGS "-fno-jump-tables -fno-tree-switch-conversion")
|
||||
endif()
|
||||
|
||||
Loading…
Reference in New Issue
Block a user