From 6964de6f45316546d60a95c5bfeb45da420f80d9 Mon Sep 17 00:00:00 2001 From: "harshal.patil" Date: Tue, 10 Feb 2026 17:35:19 +0530 Subject: [PATCH] test(esp_security): Update the Key Manager test to support ESP32-P4 --- .../crypto_drivers/main/test_key_mgr.c | 57 +++++++------ .../test_gen/generate_km_test_cases.py | 80 ++++++++++++++++++ .../crypto_drivers/test_gen/init_key.bin | 1 + .../crypto_drivers/test_gen/k1_xts_aes.bin | Bin 0 -> 32 bytes .../test_apps/crypto_drivers/test_gen/k2.bin | 1 + .../crypto_drivers/test_gen/rand_num.bin | 1 + 6 files changed, 115 insertions(+), 25 deletions(-) create mode 100644 components/esp_security/test_apps/crypto_drivers/test_gen/generate_km_test_cases.py create mode 100644 components/esp_security/test_apps/crypto_drivers/test_gen/init_key.bin create mode 100644 components/esp_security/test_apps/crypto_drivers/test_gen/k1_xts_aes.bin create mode 100644 components/esp_security/test_apps/crypto_drivers/test_gen/k2.bin create mode 100644 components/esp_security/test_apps/crypto_drivers/test_gen/rand_num.bin diff --git a/components/esp_security/test_apps/crypto_drivers/main/test_key_mgr.c b/components/esp_security/test_apps/crypto_drivers/main/test_key_mgr.c index 5b5a34abac..0418cd0080 100644 --- a/components/esp_security/test_apps/crypto_drivers/main/test_key_mgr.c +++ b/components/esp_security/test_apps/crypto_drivers/main/test_key_mgr.c @@ -41,8 +41,21 @@ typedef struct { #if SOC_RSA_MAX_BIT_LEN == 4096 #include "digital_signature_test_cases_4096.h" + +// Note: generated using the hmac_key_idx = 2 of digital_signature_test_cases_4096 +#define DS_KEY_IDX 1 +static const uint8_t k1_ds_encrypt[] = { + 0xf1, 0xbf, 0xa0, 0x27, 0x83, 0x02, 0x85, 0x94, 0x07, 0xb4, 0x20, 0x46, 0x1f, 0x1d, 0x4e, 0x24, 0x1d, 0x38, 0xcb, 0x21, 0xed, 0xcf, 0x85, 0x79, 0xe7, 0x17, 0xbf, 0x9d, 0xbb, 0xb8, 0x6f, 0xbd +}; + #elif SOC_RSA_MAX_BIT_LEN == 3072 #include "digital_signature_test_cases_3072.h" + +// Note: generated using the hmac_key_idx = 0 of digital_signature_test_cases_3072 +#define DS_KEY_IDX 0 +static const uint8_t k1_ds_encrypt[] = { + 0xdc, 0xcc, 0x8e, 0xd4, 0x66, 0xb4, 0x1a, 0x4b, 0x9f, 0xba, 0xa3, 0x2e, 0x99, 0x6b, 0x45, 0x07, 0xd4, 0xf6, 0xe4, 0x4e, 0x6f, 0x26, 0xca, 0x20, 0xbd, 0xb4, 0x98, 0x7c, 0x32, 0x4f, 0x21, 0x55 +}; #endif #endif /* SOC_KEY_MANAGER_DS_KEY_DEPLOY */ @@ -61,14 +74,14 @@ static const uint8_t plaintext_data[ENCRYPTED_DATA_SIZE] = { }; static const uint8_t expected_ciphertext[ENCRYPTED_DATA_SIZE] = { - 0xf9, 0xb6, 0x08, 0x0f, 0xfb, 0x37, 0x46, 0xe4, 0x99, 0x3c, 0xf9, 0x29, 0xab, 0x90, 0xd5, 0x3f, - 0xc8, 0x70, 0x45, 0xae, 0x28, 0x16, 0xbd, 0x83, 0x66, 0x16, 0x83, 0x86, 0x01, 0xc9, 0xa2, 0x97, - 0xa4, 0xf6, 0xf0, 0x40, 0xb5, 0xfd, 0xb7, 0x13, 0x60, 0xc3, 0x39, 0xf2, 0x32, 0x5a, 0xa3, 0x89, - 0xfd, 0x77, 0x9c, 0x6b, 0x0e, 0x98, 0xdf, 0x8f, 0xf7, 0xcc, 0x2a, 0x1e, 0xce, 0xdc, 0xef, 0x41, - 0xac, 0x0f, 0x48, 0x97, 0xa1, 0x1a, 0xc0, 0x82, 0x42, 0x7e, 0x1a, 0x35, 0xcd, 0xcb, 0x2b, 0x1d, - 0x72, 0xc6, 0x78, 0xab, 0x35, 0x58, 0xd1, 0xe3, 0xb1, 0x61, 0x8d, 0x11, 0x70, 0x91, 0x62, 0xb4, - 0x5f, 0xdd, 0x75, 0x2f, 0x78, 0xc4, 0x95, 0x67, 0x3a, 0xd3, 0x87, 0x02, 0x35, 0x78, 0x48, 0xef, - 0xf2, 0xde, 0xdb, 0x59, 0xda, 0x33, 0xa6, 0x27, 0xdd, 0x33, 0x18, 0x0c, 0x57, 0x24, 0x95, 0x38, + 0xa, 0x6, 0x88, 0xb9, 0x9f, 0x3e, 0xff, 0xf5, 0x63, 0x37, 0xa2, 0xd6, 0xbb, 0x71, 0x50, 0x89, + 0xa7, 0xbf, 0xa1, 0x5d, 0x3a, 0xc7, 0x18, 0x66, 0xa7, 0xab, 0x5f, 0x7, 0xd, 0x7c, 0xad, 0xcc, + 0x8c, 0x9a, 0xc7, 0xff, 0x10, 0xf6, 0xab, 0xef, 0x62, 0x71, 0xdf, 0xc, 0x60, 0x18, 0x4f, 0xa2, + 0x2c, 0x55, 0x14, 0x41, 0xd5, 0xfc, 0x87, 0x44, 0xe1, 0xd1, 0xd1, 0x78, 0x76, 0x9f, 0x43, 0x87, + 0xa0, 0xb4, 0xea, 0x66, 0xbc, 0x56, 0x35, 0x39, 0x53, 0x60, 0xa6, 0xea, 0x1e, 0x7d, 0x48, 0x17, + 0x6e, 0x58, 0x4c, 0x68, 0xc0, 0xfb, 0x54, 0x35, 0x92, 0x7b, 0x89, 0x9f, 0x69, 0x33, 0x1, 0x17, + 0x85, 0xe2, 0x69, 0x26, 0xfb, 0x61, 0x7e, 0x15, 0x11, 0x26, 0x59, 0xf1, 0x4f, 0xeb, 0x4d, 0x25, + 0x8e, 0xc5, 0xb9, 0x64, 0xdf, 0xc7, 0x52, 0x87, 0x2d, 0xb, 0xd6, 0xdd, 0xb1, 0xb3, 0xfe, 0xaf, }; /* Big endian */ @@ -79,27 +92,21 @@ static const uint8_t init_key[] = { /* Big endian */ static const uint8_t k2_info[] = { - 0x8f, 0x96, 0x33, 0x47, 0xe1, 0xa5, 0x57, 0xe9, 0x2a, 0x51, 0xa9, 0xbe, 0x48, 0x84, 0x25, 0x4e, - 0x6f, 0x50, 0x1c, 0x45, 0xdb, 0xb6, 0xfa, 0xeb, 0x35, 0xd2, 0x27, 0x91, 0x3f, 0x67, 0x57, 0xd9, - 0xcb, 0x55, 0xe4, 0x2b, 0x18, 0x16, 0xe7, 0xce, 0x6c, 0xf2, 0x58, 0x71, 0x17, 0x76, 0x2a, 0x86, - 0x05, 0xe7, 0x37, 0x45, 0x71, 0x34, 0xca, 0xaf, 0x60, 0x07, 0xdf, 0xf4, 0xd2, 0xee, 0x3d, 0x4b, + 0xba, 0x7f, 0xe1, 0x43, 0xce, 0x19, 0xaf, 0xe8, 0xee, 0x04, 0x17, 0xcf, 0x67, 0x9d, 0xf4, 0xeb, + 0x44, 0x12, 0x6f, 0xee, 0x9f, 0xfe, 0x9f, 0x5f, 0x20, 0x18, 0x9f, 0x27, 0x3f, 0xcb, 0x7b, 0xba, + 0x92, 0x37, 0x07, 0x92, 0x47, 0xee, 0x1a, 0xbe, 0xa8, 0x7e, 0x32, 0x70, 0xc1, 0x05, 0x42, 0xe4, + 0x88, 0x9d, 0x0b, 0x2b, 0x40, 0x87, 0x6e, 0x58, 0xf3, 0xf3, 0x63, 0x62, 0xd1, 0x5c, 0x9a, 0xe8 }; /* Big endian */ -static const uint8_t k1_encrypt[] = { - 0xe0, 0xe8, 0x41, 0xe3, 0xd0, 0x92, 0x71, 0x84, 0x4b, 0x02, 0x1e, 0xec, 0x14, 0xdd, 0xaf, 0xf8, - 0x39, 0xf9, 0x6a, 0x8d, 0x1b, 0xd7, 0x64, 0x3b, 0x7b, 0xa6, 0x05, 0x42, 0x01, 0xfb, 0xab, 0xe1, +static const uint8_t k1_xts_aes_encrypt[] = { + 0x0a, 0x43, 0x2a, 0xee, 0xb5, 0xd0, 0x6b, 0x58, 0x34, 0x2d, 0x0d, 0xbf, 0xf7, 0x04, 0x60, 0x81, + 0x08, 0x79, 0x38, 0xb3, 0xb5, 0xdf, 0x25, 0xb4, 0x38, 0x8e, 0x93, 0x5d, 0xbf, 0xd1, 0x91, 0x6d, }; static const uint8_t k1_hmac_encrypt[] = { - 0x9e, 0xd8, 0x62, 0x4f, 0x27, 0xe1, 0x13, 0xfc, 0x50, 0x4b, 0x7f, 0x68, 0x70, 0x7b, 0xa1, 0xb2, - 0xb1, 0x75, 0x21, 0x43, 0x88, 0x7d, 0xed, 0x4b, 0x58, 0x27, 0xb4, 0x15, 0x57, 0xc2, 0x46, 0x78, -}; - -// Note: generated using the hmac_key_idx = 0 of digital_signature_test_cases_3072 -static const uint8_t k1_ds_encrypt[] = { - 0xa9, 0xf7, 0xd1, 0xd9, 0xaa, 0x80, 0xfa, 0x6f, 0xfa, 0x34, 0xf6, 0x66, 0xbf, 0xba, 0x7b, 0xc9, - 0xa9, 0xf4, 0xeb, 0xba, 0x43, 0x61, 0x59, 0x32, 0x5d, 0xa0, 0xda, 0xd9, 0x0d, 0xc7, 0xde, 0xb2, + 0x02, 0xf7, 0x05, 0x75, 0xfd, 0x12, 0x99, 0xc2, 0xb9, 0xc0, 0x2e, 0x40, 0xd0, 0x69, 0xb0, 0x83, + 0x13, 0xfc, 0x74, 0xc3, 0xec, 0x4f, 0xf4, 0xd4, 0xe2, 0x35, 0xb5, 0x42, 0x4e, 0x61, 0x0f, 0x6d, }; static const uint8_t k1_G[] = { @@ -144,7 +151,7 @@ TEST_CASE("Key Manager AES mode: XTS-AES-128 key deployment", "[hw_crypto] [key_ TEST_ASSERT_NOT_NULL(key_config); memcpy(key_config->k2_info, (uint8_t*) k2_info, KEY_MGR_K2_INFO_SIZE); - memcpy(key_config->k1_encrypted, (uint8_t*) k1_encrypt, KEY_MGR_K1_ENCRYPTED_SIZE); + memcpy(key_config->k1_encrypted, (uint8_t*) k1_xts_aes_encrypt, KEY_MGR_K1_ENCRYPTED_SIZE); memcpy(key_config->sw_init_key, (uint8_t*) init_key, KEY_MGR_SW_INIT_KEY_SIZE); key_config->use_pre_generated_sw_init_key = 1; key_config->key_type = ESP_KEY_MGR_FLASH_XTS_AES_KEY; @@ -317,7 +324,7 @@ static esp_err_t test_ds_key(void) for (int i = 0; i < NUM_MESSAGES; i++) { printf("Running test case %d...\n", i); const encrypt_testcase_t *t = &test_cases[0]; - assert(t->hmac_key_idx == 0); // as the key deployed using Key Manager is the HMAC key ID 0 + assert(t->hmac_key_idx == DS_KEY_IDX); // as the key deployed using Key Manager is the HMAC key with index DS_KEY_IDX // copy encrypt parameter test case into ds_data structure memcpy(ds_data.iv, t->iv, ESP_DS_IV_LEN); diff --git a/components/esp_security/test_apps/crypto_drivers/test_gen/generate_km_test_cases.py b/components/esp_security/test_apps/crypto_drivers/test_gen/generate_km_test_cases.py new file mode 100644 index 0000000000..8869a0aaaa --- /dev/null +++ b/components/esp_security/test_apps/crypto_drivers/test_gen/generate_km_test_cases.py @@ -0,0 +1,80 @@ +# SPDX-FileCopyrightText: 2026 Espressif Systems (Shanghai) CO LTD +# SPDX-License-Identifier: Unlicense OR CC0-1.0 +import hashlib +import hmac +import os +from typing import Any + +from cryptography.hazmat.backends import default_backend +from cryptography.hazmat.primitives.ciphers import Cipher +from cryptography.hazmat.primitives.ciphers import algorithms +from cryptography.hazmat.primitives.ciphers import modes + + +def key_to_c_format(key: bytes) -> str: + return ', '.join([f'0x{byte:02x}' for byte in key]) + + +def calculate_aes_cipher(data: bytes, key: bytes) -> Any: + cipher = Cipher(algorithms.AES(key), modes.ECB(), backend=default_backend()) + encryptor = cipher.encryptor() + return encryptor.update(data) + encryptor.finalize() + + +# Helper functions +def generate_random_key(size: int = 32) -> bytes: + return os.urandom(size) + + +def save_key_to_file(key: bytes, filename: str) -> None: + with open(filename, 'wb') as file: + file.write(key) + + +def key_from_file_or_generate(filename: str, size: int = 32) -> bytes: + if not os.path.exists(filename): + key = generate_random_key(size) + save_key_to_file(key, filename) + + with open(filename, 'rb') as file: + return file.read() + + +init_key = key_from_file_or_generate('init_key.bin', 32) +k2 = key_from_file_or_generate('k2.bin', 32) +rand_num = key_from_file_or_generate('rand_num.bin', 32) + +temp_result_inner = calculate_aes_cipher(k2, rand_num) +temp_result_outer = calculate_aes_cipher(temp_result_inner + rand_num, init_key) +k2_info = temp_result_outer + +print(f'init_key = {key_to_c_format(init_key)}') +print(f'k2_info = {key_to_c_format(k2_info)}') + +# XTS-AES key +k1_xts_aes = key_from_file_or_generate('k1_xts_aes.bin', 32) +k1_xts_aes_reversed = k1_xts_aes[::-1] +k1_xts_aes_encrypted_reversed = calculate_aes_cipher(k1_xts_aes_reversed, k2) +print(f'k1_xts_aes_encrypt = {key_to_c_format(k1_xts_aes_encrypted_reversed)}') + +# HMAC Key +# Key from hmac_test_cases.h +# k1_hmac_reversed = bytes([ +# 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, +# 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 +# ]) +k1_hmac_reversed = bytes([]) +k1_hmac_encrypted_reversed = calculate_aes_cipher(k1_hmac_reversed, k2) +print(f'k1_hmac_encrypt = {key_to_c_format(k1_hmac_encrypted_reversed)}') + +# Digital Signature +# Key DS_KEY_IDX from digital_signature_test_cases_.h +# hmac_key_for_ds = bytes([ +# 0x3d, 0x71, 0xd5, 0xc7, 0xe0, 0x15, 0xe6, 0x30, 0x66, 0xe8, 0xee, 0x5d, 0x14, 0x1e, 0xe1, 0xa1, +# 0x03, 0xd9, 0x7d, 0x48, 0x16, 0xde, 0xbc, 0xba, 0xaa, 0xf4, 0x3e, 0xd5, 0xb2, 0xbc, 0x46, 0xbc +# ]) +hmac_key_for_ds = bytes([]) +k1_ds = hmac.HMAC(hmac_key_for_ds, b'\xff' * 32, hashlib.sha256).digest() +k1_ds_reversed = k1_ds[::-1] +k1_ds_encrypted_reversed = calculate_aes_cipher(k1_ds_reversed, k2) +print(f'k1_ds_encrypt = {key_to_c_format(k1_ds_encrypted_reversed)}') diff --git a/components/esp_security/test_apps/crypto_drivers/test_gen/init_key.bin b/components/esp_security/test_apps/crypto_drivers/test_gen/init_key.bin new file mode 100644 index 0000000000..726a088171 --- /dev/null +++ b/components/esp_security/test_apps/crypto_drivers/test_gen/init_key.bin @@ -0,0 +1 @@ +92j+Y!_N literal 0 HcmV?d00001 diff --git a/components/esp_security/test_apps/crypto_drivers/test_gen/k2.bin b/components/esp_security/test_apps/crypto_drivers/test_gen/k2.bin new file mode 100644 index 0000000000..bac187128b --- /dev/null +++ b/components/esp_security/test_apps/crypto_drivers/test_gen/k2.bin @@ -0,0 +1 @@ +"Ɲsi%8 E3fb2$ \ No newline at end of file diff --git a/components/esp_security/test_apps/crypto_drivers/test_gen/rand_num.bin b/components/esp_security/test_apps/crypto_drivers/test_gen/rand_num.bin new file mode 100644 index 0000000000..79b963fbec --- /dev/null +++ b/components/esp_security/test_apps/crypto_drivers/test_gen/rand_num.bin @@ -0,0 +1 @@ +XGȟk܀u' E4&C \ No newline at end of file