From fbeac8d43c2621fbdce99128c333b63e05549894 Mon Sep 17 00:00:00 2001 From: Laukik Hase Date: Mon, 20 Jun 2022 10:40:10 +0530 Subject: [PATCH] ci: Enable `custom certificate bundle` test for ESP32-S3 - Increase leakage limit for `test performance RSA key operations` UT by 64 bytes --- components/mbedtls/test/test_esp_crt_bundle.c | 11 ++++++----- components/mbedtls/test/test_rsa.c | 13 ++++++++++++- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/components/mbedtls/test/test_esp_crt_bundle.c b/components/mbedtls/test/test_esp_crt_bundle.c index b8ea822435..1c0e3e57a2 100644 --- a/components/mbedtls/test/test_esp_crt_bundle.c +++ b/components/mbedtls/test/test_esp_crt_bundle.c @@ -73,9 +73,6 @@ typedef enum { int esp_crt_verify_callback(void *buf, mbedtls_x509_crt *crt, int data, uint32_t *flags); -#if !TEMPORARY_DISABLED_FOR_TARGETS(ESP32S3) -// TODO ESP32-S3 IDF-1878 - static const char *TAG = "cert_bundle_test"; static volatile bool exit_flag; @@ -294,6 +291,12 @@ int client_task(const uint8_t *bundle, size_t bundle_size, esp_crt_validate_res_ *res = (ret == 0) ? ESP_CRT_VALIDATE_OK : ESP_CRT_VALIDATE_FAIL; + if (*res == ESP_CRT_VALIDATE_OK) { + ESP_LOGI(TAG, "Certificate verification passed!"); + } else { + ESP_LOGE(TAG, "Certificate verification failed!"); + } + // Reset session before new connection mbedtls_ssl_close_notify(&client.ssl); @@ -345,8 +348,6 @@ TEST_CASE("custom certificate bundle", "[mbedtls]") vSemaphoreDelete(signal_sem); } -#endif //!TEMPORARY_DISABLED_FOR_TARGETS(ESP32S3) - TEST_CASE("custom certificate bundle - weak hash", "[mbedtls]") { /* A weak signature hash on the trusted certificate should not stop diff --git a/components/mbedtls/test/test_rsa.c b/components/mbedtls/test/test_rsa.c index c69c60b07f..ef3f9c2c6f 100644 --- a/components/mbedtls/test/test_rsa.c +++ b/components/mbedtls/test/test_rsa.c @@ -423,7 +423,18 @@ static void print_rsa_details(mbedtls_rsa_context *rsa) } #endif -TEST_CASE("test performance RSA key operations", "[bignum]") +/** NOTE: +* For ESP32-S3, CONFIG_ESP_CONSOLE_SECONDARY_USB_SERIAL_JTAG is enabled +* by default; allocating a lock of 92 bytes, which is never freed. +* +* MR !18574 adds the MPI crypto lock for S3 increasing the leakage by +* 92 bytes. This caused the RSA UT to fail with a leakage more than +* 1024 bytes. +* +* The allocations made by ESP32-S2 (944 bytes) and ESP32-S3 are the same, +* except for the JTAG lock (92 + 944 > 1024). +*/ +TEST_CASE("test performance RSA key operations", "[bignum][leaks=1088]") { for (int keysize = 2048; keysize <= SOC_RSA_MAX_BIT_LEN; keysize += 1024) { rsa_key_operations(keysize, true, false);