Merge branch 'bugfix/mbedtls_custom_cert_ut' into 'master'

ci: Fix `custom certificate bundle` UT failure for S3 See merge request espressif/esp-idf!18574
2024-10-05 20:47:46 -04:00 · 2022-06-22 14:57:27 +08:00 · 2022-06-22 14:57:27 +08:00 · a75548bb1a
commit a75548bb1a
parent e9385aa5c0 fbeac8d43c
3 changed files with 23 additions and 6 deletions
--- a/components/mbedtls/port/esp32s3/bignum.c
+++ b/components/mbedtls/port/esp32s3/bignum.c
@ -16,6 +16,7 @@
 #include "soc/system_reg.h"
 #include "soc/periph_defs.h"
 #include <sys/param.h>
+#include "esp_crypto_lock.h"

 size_t esp_mpi_hardware_words(size_t words)
 {
@ -24,6 +25,8 @@ size_t esp_mpi_hardware_words(size_t words)

 void esp_mpi_enable_hardware_hw_op( void )
 {
+    esp_crypto_mpi_lock_acquire();
+
    /* Enable RSA hardware */
    periph_module_enable(PERIPH_RSA_MODULE);

@ -43,6 +46,8 @@ void esp_mpi_disable_hardware_hw_op( void )

    /* Disable RSA hardware */
    periph_module_disable(PERIPH_RSA_MODULE);
+
+    esp_crypto_mpi_lock_release();
 }

 void esp_mpi_interrupt_enable( bool enable )
--- a/components/mbedtls/test/test_esp_crt_bundle.c
+++ b/components/mbedtls/test/test_esp_crt_bundle.c
@ -73,9 +73,6 @@ typedef enum {

 int esp_crt_verify_callback(void *buf, mbedtls_x509_crt *crt, int data, uint32_t *flags);

-#if !TEMPORARY_DISABLED_FOR_TARGETS(ESP32S3)
-// TODO ESP32-S3 IDF-1878
-
 static const char *TAG = "cert_bundle_test";

 static volatile bool exit_flag;
@ -294,6 +291,12 @@ int client_task(const uint8_t *bundle, size_t bundle_size, esp_crt_validate_res_

    *res = (ret == 0) ? ESP_CRT_VALIDATE_OK : ESP_CRT_VALIDATE_FAIL;

+    if (*res == ESP_CRT_VALIDATE_OK) {
+        ESP_LOGI(TAG, "Certificate verification passed!");
+    } else {
+        ESP_LOGE(TAG, "Certificate verification failed!");
+    }
+

    // Reset session before new connection
    mbedtls_ssl_close_notify(&client.ssl);
@ -345,8 +348,6 @@ TEST_CASE("custom certificate bundle", "[mbedtls]")
   vSemaphoreDelete(signal_sem);
 }

-#endif //!TEMPORARY_DISABLED_FOR_TARGETS(ESP32S3)
-
 TEST_CASE("custom certificate bundle - weak hash", "[mbedtls]")
 {
    /* A weak signature hash on the trusted certificate should not stop
--- a/components/mbedtls/test/test_rsa.c
+++ b/components/mbedtls/test/test_rsa.c
@ -423,7 +423,18 @@ static void print_rsa_details(mbedtls_rsa_context *rsa)
 }
 #endif

-TEST_CASE("test performance RSA key operations", "[bignum]")
+/** NOTE:
+* For ESP32-S3, CONFIG_ESP_CONSOLE_SECONDARY_USB_SERIAL_JTAG is enabled
+* by default; allocating a lock of 92 bytes, which is never freed.
+*
+* MR !18574 adds the MPI crypto lock for S3 increasing the leakage by
+* 92 bytes. This caused the RSA UT to fail with a leakage more than
+* 1024 bytes.
+*
+* The allocations made by ESP32-S2 (944 bytes) and ESP32-S3 are the same,
+* except for the JTAG lock (92 + 944 > 1024).
+*/
+TEST_CASE("test performance RSA key operations", "[bignum][leaks=1088]")
 {
    for (int keysize = 2048; keysize <= SOC_RSA_MAX_BIT_LEN; keysize += 1024) {
        rsa_key_operations(keysize, true, false);