Merge branch 'bugfix/flash_encryption_example_espsecure_public' into 'master'

examples: fix flash encryption example test (third version)

See merge request espressif/esp-idf!10480

examples/security/flash_encryption/README.md

@@ -100,8 +100,8 @@ Reading with esp_partition_read:
 I (461) example: 0x3ffb4da0   00 01 02 03 04 05 06 07  08 09 0a 0b 0c 0d 0e 0f  |................|
 I (471) example: 0x3ffb4db0   10 11 12 13 14 15 16 17  18 19 1a 1b 1c 1d 1e 1f  |................|
 Reading with spi_flash_read:
-I (491) example: 0x3ffb4da0   29 68 2e 13 88 a0 5b 7f  cc 6b 39 f9 d7 7b 32 2f  |)h....[..k9..{2/|
-I (491) example: 0x3ffb4db0   9f e6 55 37 4b 91 b0 83  cd a6 e9 4e cd fa b4 c7  |..U7K......N....|
+I (491) example: 0x3ffb4b30   35 9b f2 07 b4 6d 40 89  28 b4 1e 22 98 7b 4a 36  |5....m@.(..".{J6|
+I (491) example: 0x3ffb4b40   ba 89 81 67 77 a3 60 5e  0a e7 51 01 b3 58 c2 f6  |...gw.`^..Q..X..|
 ```
 
 ## Troubleshooting

examples/security/flash_encryption/example_test.py

@@ -1,5 +1,19 @@
 from __future__ import print_function
+import binascii
+from io import BytesIO
+from collections import namedtuple
+import os
+import sys
+
 import ttfw_idf
+try:
+    import espsecure
+except ImportError:
+    idf_path = os.getenv("IDF_PATH")
+    if not idf_path or not os.path.exists(idf_path):
+        raise
+    sys.path.insert(0, os.path.join(idf_path, "components", "esptool_py", "esptool"))
+    import espsecure
 
 
 # To prepare a test runner for this example:
@@ -14,15 +28,31 @@ def test_examples_security_flash_encryption(env, extra_data):
     dut = env.get_dut('flash_encryption', 'examples/security/flash_encryption', dut_class=ttfw_idf.ESP32DUT)
     # start test
     dut.start_app()
+
+    # calculate the expected ciphertext
+    flash_addr = dut.app.partition_table["storage"]["offset"]
+    plain_hex_str = '00 01 02 03 04 05 06 07  08 09 0a 0b 0c 0d 0e 0f'
+    plain_data = binascii.unhexlify(plain_hex_str.replace(' ', ''))
+
+    # Emulate espsecure encrypt_flash_data command
+    EncryptFlashDataArgs = namedtuple('EncryptFlashDataArgs', ['output', 'plaintext_file', 'address', 'keyfile', 'flash_crypt_conf'])
+    args = EncryptFlashDataArgs(BytesIO(), BytesIO(plain_data), flash_addr, BytesIO(b'\x00' * 32), 0xF)
+    espsecure.encrypt_flash_data(args)
+
+    expected_ciphertext = args.output.getvalue()
+    hex_ciphertext = binascii.hexlify(expected_ciphertext).decode('ascii')
+    expected_str = (' '.join(hex_ciphertext[i:i + 2] for i in range(0, 16, 2)) + '  ' +
+                    ' '.join(hex_ciphertext[i:i + 2] for i in range(16, 32, 2)))
+
     lines = [
         'FLASH_CRYPT_CNT eFuse value is 1',
         'Flash encryption feature is enabled in DEVELOPMENT mode',
         'with esp_partition_write',
-        '00 01 02 03 04 05 06 07  08 09 0a 0b 0c 0d 0e 0f',
+        plain_hex_str,
         'with esp_partition_read',
-        '00 01 02 03 04 05 06 07  08 09 0a 0b 0c 0d 0e 0f',
+        plain_hex_str,
         'with spi_flash_read',
-        '29 68 2e 13 88 a0 5b 7f  cc 6b 39 f9 d7 7b 32 2f'
+        expected_str
     ]
     for line in lines:
         dut.expect(line, timeout=2)