examples: fix flash encryption example test

Commit 5e8795eebe has changed the partition table offset, which has resulted in the ciphertext not matching the one expected in the example test. Fix by calculating the ciphertext using espsecure.py.
2025-08-08 12:10:59 +00:00 · 2020-09-17 00:06:54 +02:00
parent f4296b947e
commit cdb4b3b889
2 changed files with 35 additions and 5 deletions
--- a/examples/security/flash_encryption/example_test.py
+++ b/examples/security/flash_encryption/example_test.py
@@ -1,5 +1,19 @@
 from __future__ import print_function
+import binascii
+from io import BytesIO
+from collections import namedtuple
+import os
+import sys
+
 import ttfw_idf
+try:
+    import espsecure
+except ImportError:
+    idf_path = os.getenv("IDF_PATH")
+    if not idf_path or not os.path.exists(idf_path):
+        raise
+    sys.path.insert(0, os.path.join(idf_path, "components", "esptool_py", "esptool"))
+    import espsecure


 # To prepare a test runner for this example:
@@ -14,15 +28,31 @@ def test_examples_security_flash_encryption(env, extra_data):
    dut = env.get_dut('flash_encryption', 'examples/security/flash_encryption', dut_class=ttfw_idf.ESP32DUT)
    # start test
    dut.start_app()
+
+    # calculate the expected ciphertext
+    flash_addr = dut.app.partition_table["storage"]["offset"]
+    plain_hex_str = '00 01 02 03 04 05 06 07  08 09 0a 0b 0c 0d 0e 0f'
+    plain_data = binascii.unhexlify(plain_hex_str.replace(' ', ''))
+
+    # Emulate espsecure encrypt_flash_data command
+    EncryptFlashDataArgs = namedtuple('EncryptFlashDataArgs', ['output', 'plaintext_file', 'address', 'keyfile', 'flash_crypt_conf'])
+    args = EncryptFlashDataArgs(BytesIO(), BytesIO(plain_data), flash_addr, BytesIO(b'\x00' * 32), 0xF)
+    espsecure.encrypt_flash_data(args)
+
+    expected_ciphertext = args.output.getvalue()
+    hex_ciphertext = binascii.hexlify(expected_ciphertext).decode('ascii')
+    expected_str = (' '.join(hex_ciphertext[i:i + 2] for i in range(0, 16, 2)) + '  ' +
+                    ' '.join(hex_ciphertext[i:i + 2] for i in range(16, 32, 2)))
+
    lines = [
        'FLASH_CRYPT_CNT eFuse value is 1',
        'Flash encryption feature is enabled in DEVELOPMENT mode',
        'with esp_partition_write',
-        '00 01 02 03 04 05 06 07  08 09 0a 0b 0c 0d 0e 0f',
+        plain_hex_str,
        'with esp_partition_read',
-        '00 01 02 03 04 05 06 07  08 09 0a 0b 0c 0d 0e 0f',
+        plain_hex_str,
        'with spi_flash_read',
-        '29 68 2e 13 88 a0 5b 7f  cc 6b 39 f9 d7 7b 32 2f'
+        expected_str
    ]
    for line in lines:
        dut.expect(line, timeout=2)