diff --git a/components/mbedtls/test/test_apb_dport_access.c b/components/mbedtls/test/test_apb_dport_access.c new file mode 100644 index 0000000000..54e518bc1c --- /dev/null +++ b/components/mbedtls/test/test_apb_dport_access.c @@ -0,0 +1,55 @@ +/* Implementation of utility functions to verify + unit tests aren't performing SMP-unsafe DPORT reads. +*/ + +#include "unity.h" +#include "sdkconfig.h" +#include "freertos/FreeRTOS.h" +#include "freertos/task.h" +#include "soc/uart_reg.h" +#include "test_apb_dport_access.h" + +#ifndef CONFIG_FREERTOS_UNICORE + +static void apb_access_loop_task(void *ignore); + +static volatile bool apb_access_corrupt; +static TaskHandle_t apb_task_handle; + +void start_apb_access_loop() +{ + apb_access_corrupt = false; + xTaskCreatePinnedToCore(apb_access_loop_task, "accessAPB", 2048, NULL, + UNITY_FREERTOS_PRIORITY - 1, + &apb_task_handle, !UNITY_FREERTOS_CPU); +} + +void verify_apb_access_loop() +{ + vTaskDelete(apb_task_handle); + apb_task_handle = NULL; + TEST_ASSERT_FALSE(apb_access_corrupt); + printf("Verified no APB corruption from operations\n"); +} + +static void apb_access_loop_task(void *ignore) +{ + uint32_t initial = REG_READ(UART_DATE_REG(0)); + while(1) { + if (REG_READ(UART_DATE_REG(0)) != initial) { + apb_access_corrupt = true; + } + } +} + +#else /*CONFIG_FREERTOS_UNICORE */ + +void start_apb_access_loop() +{ +} + +void verify_apb_access_loop() +{ +} + +#endif diff --git a/components/mbedtls/test/test_apb_dport_access.h b/components/mbedtls/test/test_apb_dport_access.h new file mode 100644 index 0000000000..a974c2d424 --- /dev/null +++ b/components/mbedtls/test/test_apb_dport_access.h @@ -0,0 +1,18 @@ +/* Utility functions to test that APB access is still safe + while the other CPU performs some set of DPORT accesses + + (see ECO 3.10 and the standalone esp32 test_dport.c for more). +*/ + +/* start_apb_access_loop() starts a task reading from APB in a loop on the non-Unity-test CPU. + + Call this before doing something which involes DPORT reads. + + Does nothing in unicore mode. +*/ +void start_apb_access_loop(); + +/* verify_apb_access_loop() kills the task started by start_apb_access_loop() + and verifies that none of the APB reads were corrupted by unsafe DPORT reads. +*/ +void verify_apb_access_loop(); diff --git a/components/mbedtls/test/test_mbedtls.c b/components/mbedtls/test/test_mbedtls.c index acde6e9dd3..9dc1b66492 100644 --- a/components/mbedtls/test/test_mbedtls.c +++ b/components/mbedtls/test/test_mbedtls.c @@ -20,19 +20,26 @@ #include "freertos/semphr.h" #include "unity.h" #include "sdkconfig.h" +#include "test_apb_dport_access.h" TEST_CASE("mbedtls AES self-tests", "[aes]") { + start_apb_access_loop(); TEST_ASSERT_FALSE_MESSAGE(mbedtls_aes_self_test(1), "AES self-tests should pass."); + verify_apb_access_loop(); } TEST_CASE("mbedtls MPI self-tests", "[bignum]") { + start_apb_access_loop(); TEST_ASSERT_FALSE_MESSAGE(mbedtls_mpi_self_test(1), "MPI self-tests should pass."); + verify_apb_access_loop(); } TEST_CASE("mbedtls RSA self-tests", "[bignum]") { + start_apb_access_loop(); TEST_ASSERT_FALSE_MESSAGE(mbedtls_rsa_self_test(1), "RSA self-tests should pass."); + verify_apb_access_loop(); } diff --git a/components/mbedtls/test/test_mbedtls_sha.c b/components/mbedtls/test/test_mbedtls_sha.c index e62769a60b..e31eec9bb7 100644 --- a/components/mbedtls/test/test_mbedtls_sha.c +++ b/components/mbedtls/test/test_mbedtls_sha.c @@ -13,13 +13,16 @@ #include "freertos/semphr.h" #include "unity.h" #include "sdkconfig.h" +#include "test_apb_dport_access.h" TEST_CASE("mbedtls SHA self-tests", "[mbedtls]") { + start_apb_access_loop(); TEST_ASSERT_FALSE_MESSAGE(mbedtls_sha1_self_test(1), "SHA1 self-tests should pass."); TEST_ASSERT_FALSE_MESSAGE(mbedtls_sha256_self_test(1), "SHA256 self-tests should pass."); TEST_ASSERT_FALSE_MESSAGE(mbedtls_sha512_self_test(1), "SHA512 self-tests should pass."); TEST_ASSERT_FALSE_MESSAGE(mbedtls_sha512_self_test(1), "SHA512 self-tests should pass."); + verify_apb_access_loop(); } static const unsigned char *one_hundred_as = (unsigned char *)