From 24e6ecb502839ab20c7a6f869a711c1df7af873e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 6 Feb 2025 14:48:35 +0100 Subject: [PATCH 01/23] tests: move components-compliance.sh to tf-psa-crypto repo This file is cancelled from the Mbed TLS repo and copied to the TF-PSA-Crypto one. Signed-off-by: Valerio Setti --- tests/scripts/components-compliance.sh | 32 -------------------------- 1 file changed, 32 deletions(-) delete mode 100644 tests/scripts/components-compliance.sh diff --git a/tests/scripts/components-compliance.sh b/tests/scripts/components-compliance.sh deleted file mode 100644 index cce0890460..0000000000 --- a/tests/scripts/components-compliance.sh +++ /dev/null @@ -1,32 +0,0 @@ -# components-compliance.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -# This file contains test components that are executed by all.sh - -################################################################ -#### Compliance Testing -################################################################ - -component_test_psa_compliance () { - # The arch tests build with gcc, so require use of gcc here to link properly - msg "build: make, default config (out-of-box), libmbedcrypto.a only" - CC=gcc make -C library libmbedcrypto.a - - msg "unit test: test_psa_compliance.py" - CC=gcc $FRAMEWORK/scripts/test_psa_compliance.py --build-dir="." -} - -support_test_psa_compliance () { - # psa-compliance-tests only supports CMake >= 3.10.0 - ver="$(cmake --version)" - ver="${ver#cmake version }" - ver_major="${ver%%.*}" - - ver="${ver#*.}" - ver_minor="${ver%%.*}" - - [ "$ver_major" -eq 3 ] && [ "$ver_minor" -ge 10 ] -} - From e06f9f3eba5de851eec46b3c463d640978a91913 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 7 Feb 2025 11:55:02 +0100 Subject: [PATCH 02/23] framework: update reference Signed-off-by: Valerio Setti --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 2eb60b8da3..9c2eb756ca 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 2eb60b8da3745f8882741f6fa4c2b316abf5478a +Subproject commit 9c2eb756ca8c8edbbc100ac2530c3066833952a7 From 1e781adb629622ed6bb4cc134bae60dad50d8b03 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 6 Feb 2025 14:51:39 +0100 Subject: [PATCH 03/23] tf-psa-crypto: update reference Signed-off-by: Valerio Setti --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index dcbe6fc1da..67995d5def 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit dcbe6fc1da160e17ffa6ad8d2f503e13d7f505ff +Subproject commit 67995d5def986d60fc81d85f5b3965e8f660e2e9 From 76e476245a7d0a6dd1e23479b5f4cd50aa365233 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Mon, 17 Feb 2025 15:51:59 +0000 Subject: [PATCH 04/23] Move zeroize config to TF-PSA-Crypto This commit moves user-config-zeroize-memset.h to TF-PSA-Crypto where it more appropriately belongs. Signed-off-by: Harry Ramsey --- tests/configs/user-config-zeroize-memset.h | 17 ----------------- 1 file changed, 17 deletions(-) delete mode 100644 tests/configs/user-config-zeroize-memset.h diff --git a/tests/configs/user-config-zeroize-memset.h b/tests/configs/user-config-zeroize-memset.h deleted file mode 100644 index 270d12584b..0000000000 --- a/tests/configs/user-config-zeroize-memset.h +++ /dev/null @@ -1,17 +0,0 @@ -/* crypto_config.h modifier that defines mbedtls_platform_zeroize() to be - * memset(), so that the compile can check arguments for us. - * Used for testing. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include - -/* Define _ALT so we don't get the built-in implementation. The test code will - * also need to define MBEDTLS_TEST_DEFINES_ZEROIZE so we don't get the - * declaration. */ -#define MBEDTLS_PLATFORM_ZEROIZE_ALT - -#define mbedtls_platform_zeroize(buf, len) memset(buf, 0, len) From 2a75a60d34d04c648d409db203a202ad2a02426b Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Mon, 17 Feb 2025 15:52:58 +0000 Subject: [PATCH 05/23] Update path to user-config-zeroize-memset.h This commit updates the path to user-config-zeroize-memset.h as it has been moved to TF-PSA-Crypto. Signed-off-by: Harry Ramsey --- tests/scripts/components-compiler.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh index cb6dd9253e..469c62cb09 100644 --- a/tests/scripts/components-compiler.sh +++ b/tests/scripts/components-compiler.sh @@ -114,7 +114,7 @@ component_build_zeroize_checks () { scripts/config.py full # Only compile - we're looking for sizeof-pointer-memaccess warnings - make CFLAGS="'-DTF_PSA_CRYPTO_USER_CONFIG_FILE=\"../tests/configs/user-config-zeroize-memset.h\"' -DMBEDTLS_TEST_DEFINES_ZEROIZE -Werror -Wsizeof-pointer-memaccess" + make CFLAGS="'-DTF_PSA_CRYPTO_USER_CONFIG_FILE=\"$TF_PSA_CRYPTO_ROOT_DIR/tests/configs/user-config-zeroize-memset.h\"' -DMBEDTLS_TEST_DEFINES_ZEROIZE -Werror -Wsizeof-pointer-memaccess" } component_test_zeroize () { From 82c42190a1d6a0f4f7b28aec61f5f38a821a6f20 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Mon, 17 Feb 2025 15:54:33 +0000 Subject: [PATCH 06/23] Update TF-PSA-Crypto pointer Signed-off-by: Harry Ramsey --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 67995d5def..da76c6b191 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 67995d5def986d60fc81d85f5b3965e8f660e2e9 +Subproject commit da76c6b1915c75e9dd9efc32f7d206a05b5d36c8 From b14141dd71c81f16a6790d13542255811ecc6f84 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Wed, 19 Feb 2025 15:17:32 +0000 Subject: [PATCH 07/23] Move programs out of Mbed TLS This commit moves demo_common.sh, dlopen_demo.sh, metatest.c query_compile_time_config.c, query_config.h, query_included_headers.c, zeroize.c and test_zeroize.gdb from MbedTLS into the MbedTLS framework. Signed-off-by: Harry Ramsey --- programs/demo_common.sh | 137 ------ programs/test/dlopen_demo.sh | 42 -- programs/test/metatest.c | 484 ---------------------- programs/test/query_compile_time_config.c | 66 --- programs/test/query_config.h | 34 -- programs/test/query_included_headers.c | 29 -- programs/test/zeroize.c | 72 ---- tests/scripts/test_zeroize.gdb | 64 --- 8 files changed, 928 deletions(-) delete mode 100644 programs/demo_common.sh delete mode 100755 programs/test/dlopen_demo.sh delete mode 100644 programs/test/metatest.c delete mode 100644 programs/test/query_compile_time_config.c delete mode 100644 programs/test/query_config.h delete mode 100644 programs/test/query_included_headers.c delete mode 100644 programs/test/zeroize.c delete mode 100644 tests/scripts/test_zeroize.gdb diff --git a/programs/demo_common.sh b/programs/demo_common.sh deleted file mode 100644 index d8fcda5544..0000000000 --- a/programs/demo_common.sh +++ /dev/null @@ -1,137 +0,0 @@ -## Common shell functions used by demo scripts programs/*/*.sh. - -## How to write a demo script -## ========================== -## -## Include this file near the top of each demo script: -## . "${0%/*}/../demo_common.sh" -## -## Start with a "msg" call that explains the purpose of the script. -## Then call the "depends_on" function to ensure that all config -## dependencies are met. -## -## As the last thing in the script, call the cleanup function. -## -## You can use the functions and variables described below. - -set -e -u - -## $root_dir is the root directory of the Mbed TLS source tree. -root_dir="${0%/*}" -# Find a nice path to the root directory, avoiding unnecessary "../". -# The code supports demo scripts nested up to 4 levels deep. -# The code works no matter where the demo script is relative to the current -# directory, even if it is called with a relative path. -n=4 # limit the search depth -while ! [ -d "$root_dir/programs" ] || ! [ -d "$root_dir/library" ]; do - if [ $n -eq 0 ]; then - echo >&2 "This doesn't seem to be an Mbed TLS source tree." - exit 125 - fi - n=$((n - 1)) - case $root_dir in - .) root_dir="..";; - ..|?*/..) root_dir="$root_dir/..";; - ?*/*) root_dir="${root_dir%/*}";; - /*) root_dir="/";; - *) root_dir=".";; - esac -done - -## $programs_dir is the directory containing the sample programs. -# Assume an in-tree build. -programs_dir="$root_dir/programs" - -## msg LINE... -## msg &2 < -#include -#include -#include "test/helpers.h" -#include "test/threading_helpers.h" -#include "test/macros.h" -#include "test/memory.h" -#include "common.h" - -#include -#include - -#if defined(MBEDTLS_THREADING_C) -#include -#endif - - -/* This is an external variable, so the compiler doesn't know that we're never - * changing its value. - */ -volatile int false_but_the_compiler_does_not_know = 0; - -/* Hide calls to calloc/free from static checkers such as - * `gcc-12 -Wuse-after-free`, to avoid compile-time complaints about - * code where we do mean to cause a runtime error. */ -void * (* volatile calloc_but_the_compiler_does_not_know)(size_t, size_t) = mbedtls_calloc; -void(*volatile free_but_the_compiler_does_not_know)(void *) = mbedtls_free; - -/* Set n bytes at the address p to all-bits-zero, in such a way that - * the compiler should not know that p is all-bits-zero. */ -static void set_to_zero_but_the_compiler_does_not_know(volatile void *p, size_t n) -{ - memset((void *) p, false_but_the_compiler_does_not_know, n); -} - -/* Simulate an access to the given object, to avoid compiler optimizations - * in code that prepares or consumes the object. */ -static void do_nothing_with_object(void *p) -{ - (void) p; -} -void(*volatile do_nothing_with_object_but_the_compiler_does_not_know)(void *) = - do_nothing_with_object; - - -/****************************************************************/ -/* Test framework features */ -/****************************************************************/ - -static void meta_test_fail(const char *name) -{ - (void) name; - mbedtls_test_fail("Forced test failure", __LINE__, __FILE__); -} - -static void meta_test_not_equal(const char *name) -{ - int left = 20; - int right = 10; - - (void) name; - - TEST_EQUAL(left, right); -exit: - ; -} - -static void meta_test_not_le_s(const char *name) -{ - int left = 20; - int right = 10; - - (void) name; - - TEST_LE_S(left, right); -exit: - ; -} - -static void meta_test_not_le_u(const char *name) -{ - size_t left = 20; - size_t right = 10; - - (void) name; - - TEST_LE_U(left, right); -exit: - ; -} - -/****************************************************************/ -/* Platform features */ -/****************************************************************/ - -static void null_pointer_dereference(const char *name) -{ - (void) name; - volatile char *volatile p; - set_to_zero_but_the_compiler_does_not_know(&p, sizeof(p)); - /* Undefined behavior (read from null data pointer) */ - mbedtls_printf("%p -> %u\n", (void *) p, (unsigned) *p); -} - -static void null_pointer_call(const char *name) -{ - (void) name; - unsigned(*volatile p)(void); - set_to_zero_but_the_compiler_does_not_know(&p, sizeof(p)); - /* Undefined behavior (execute null function pointer) */ - /* The pointer representation may be truncated, but we don't care: - * the only point of printing it is to have some use of the pointer - * to dissuade the compiler from optimizing it away. */ - mbedtls_printf("%lx() -> %u\n", (unsigned long) (uintptr_t) p, p()); -} - - -/****************************************************************/ -/* Memory */ -/****************************************************************/ - -static void read_after_free(const char *name) -{ - (void) name; - volatile char *p = calloc_but_the_compiler_does_not_know(1, 1); - *p = 'a'; - free_but_the_compiler_does_not_know((void *) p); - /* Undefined behavior (read after free) */ - mbedtls_printf("%u\n", (unsigned) *p); -} - -static void double_free(const char *name) -{ - (void) name; - volatile char *p = calloc_but_the_compiler_does_not_know(1, 1); - *p = 'a'; - free_but_the_compiler_does_not_know((void *) p); - /* Undefined behavior (double free) */ - free_but_the_compiler_does_not_know((void *) p); -} - -static void read_uninitialized_stack(const char *name) -{ - (void) name; - char buf[1]; - if (false_but_the_compiler_does_not_know) { - buf[0] = '!'; - } - char *volatile p = buf; - if (*p != 0) { - /* Unspecified result (read from uninitialized memory) */ - mbedtls_printf("%u\n", (unsigned) *p); - } -} - -static void memory_leak(const char *name) -{ - (void) name; - volatile char *p = calloc_but_the_compiler_does_not_know(1, 1); - mbedtls_printf("%u\n", (unsigned) *p); - /* Leak of a heap object */ -} - -/* name = "test_memory_poison_%(start)_%(offset)_%(count)_%(direction)" - * Poison a region starting at start from an 8-byte aligned origin, - * encompassing count bytes. Access the region at offset from the start. - * %(start), %(offset) and %(count) are decimal integers. - * %(direction) is either the character 'r' for read or 'w' for write. - */ -static void test_memory_poison(const char *name) -{ - size_t start = 0, offset = 0, count = 0; - char direction = 'r'; - if (sscanf(name, - "%*[^0-9]%" MBEDTLS_PRINTF_SIZET - "%*[^0-9]%" MBEDTLS_PRINTF_SIZET - "%*[^0-9]%" MBEDTLS_PRINTF_SIZET - "_%c", - &start, &offset, &count, &direction) != 4) { - mbedtls_fprintf(stderr, "%s: Bad name format: %s\n", __func__, name); - return; - } - - union { - long long ll; - unsigned char buf[32]; - } aligned; - memset(aligned.buf, 'a', sizeof(aligned.buf)); - - if (start > sizeof(aligned.buf)) { - mbedtls_fprintf(stderr, - "%s: start=%" MBEDTLS_PRINTF_SIZET - " > size=%" MBEDTLS_PRINTF_SIZET, - __func__, start, sizeof(aligned.buf)); - return; - } - if (start + count > sizeof(aligned.buf)) { - mbedtls_fprintf(stderr, - "%s: start+count=%" MBEDTLS_PRINTF_SIZET - " > size=%" MBEDTLS_PRINTF_SIZET, - __func__, start + count, sizeof(aligned.buf)); - return; - } - if (offset >= count) { - mbedtls_fprintf(stderr, - "%s: offset=%" MBEDTLS_PRINTF_SIZET - " >= count=%" MBEDTLS_PRINTF_SIZET, - __func__, offset, count); - return; - } - - MBEDTLS_TEST_MEMORY_POISON(aligned.buf + start, count); - - if (direction == 'w') { - aligned.buf[start + offset] = 'b'; - do_nothing_with_object_but_the_compiler_does_not_know(aligned.buf); - } else { - do_nothing_with_object_but_the_compiler_does_not_know(aligned.buf); - mbedtls_printf("%u\n", (unsigned) aligned.buf[start + offset]); - } -} - - -/****************************************************************/ -/* Threading */ -/****************************************************************/ - -static void mutex_lock_not_initialized(const char *name) -{ - (void) name; -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; - memset(&mutex, 0, sizeof(mutex)); - /* This mutex usage error is detected by our test framework's mutex usage - * verification framework. See framework/tests/src/threading_helpers.c. Other - * threading implementations (e.g. pthread without our instrumentation) - * might consider this normal usage. */ - TEST_ASSERT(mbedtls_mutex_lock(&mutex) == 0); -exit: - ; -#endif -} - -static void mutex_unlock_not_initialized(const char *name) -{ - (void) name; -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; - memset(&mutex, 0, sizeof(mutex)); - /* This mutex usage error is detected by our test framework's mutex usage - * verification framework. See framework/tests/src/threading_helpers.c. Other - * threading implementations (e.g. pthread without our instrumentation) - * might consider this normal usage. */ - TEST_ASSERT(mbedtls_mutex_unlock(&mutex) == 0); -exit: - ; -#endif -} - -static void mutex_free_not_initialized(const char *name) -{ - (void) name; -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; - memset(&mutex, 0, sizeof(mutex)); - /* This mutex usage error is detected by our test framework's mutex usage - * verification framework. See framework/tests/src/threading_helpers.c. Other - * threading implementations (e.g. pthread without our instrumentation) - * might consider this normal usage. */ - mbedtls_mutex_free(&mutex); -#endif -} - -static void mutex_double_init(const char *name) -{ - (void) name; -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; - mbedtls_mutex_init(&mutex); - /* This mutex usage error is detected by our test framework's mutex usage - * verification framework. See framework/tests/src/threading_helpers.c. Other - * threading implementations (e.g. pthread without our instrumentation) - * might consider this normal usage. */ - mbedtls_mutex_init(&mutex); - mbedtls_mutex_free(&mutex); -#endif -} - -static void mutex_double_free(const char *name) -{ - (void) name; -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; - mbedtls_mutex_init(&mutex); - mbedtls_mutex_free(&mutex); - /* This mutex usage error is detected by our test framework's mutex usage - * verification framework. See framework/tests/src/threading_helpers.c. Other - * threading implementations (e.g. pthread without our instrumentation) - * might consider this normal usage. */ - mbedtls_mutex_free(&mutex); -#endif -} - -static void mutex_leak(const char *name) -{ - (void) name; -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; - mbedtls_mutex_init(&mutex); -#endif - /* This mutex usage error is detected by our test framework's mutex usage - * verification framework. See framework/tests/src/threading_helpers.c. Other - * threading implementations (e.g. pthread without our instrumentation) - * might consider this normal usage. */ -} - - -/****************************************************************/ -/* Command line entry point */ -/****************************************************************/ - -typedef struct { - /** Command line argument that will trigger that metatest. - * - * Conventionally matches "[a-z0-9_]+". */ - const char *name; - - /** Platform under which that metatest is valid. - * - * - "any": should work anywhere. - * - "asan": triggers ASan (Address Sanitizer). - * - "msan": triggers MSan (Memory Sanitizer). - * - "pthread": requires MBEDTLS_THREADING_PTHREAD and MBEDTLS_TEST_HOOKS, - * which enables MBEDTLS_TEST_MUTEX_USAGE internally in the test - * framework (see framework/tests/src/threading_helpers.c). - */ - const char *platform; - - /** Function that performs the metatest. - * - * The function receives the name as an argument. This allows using the - * same function to perform multiple variants of a test based on the name. - * - * When executed on a conforming platform, the function is expected to - * either cause a test failure (mbedtls_test_fail()), or cause the - * program to abort in some way (e.g. by causing a segfault or by - * triggering a sanitizer). - * - * When executed on a non-conforming platform, the function may return - * normally or may have unpredictable behavior. - */ - void (*entry_point)(const char *name); -} metatest_t; - -/* The list of available meta-tests. Remember to register new functions here! - * - * Note that we always compile all the functions, so that `metatest --list` - * will always list all the available meta-tests. - * - * See the documentation of metatest_t::platform for the meaning of - * platform values. - */ -metatest_t metatests[] = { - { "test_fail", "any", meta_test_fail }, - { "test_not_equal", "any", meta_test_not_equal }, - { "test_not_le_s", "any", meta_test_not_le_s }, - { "test_not_le_u", "any", meta_test_not_le_u }, - { "null_dereference", "any", null_pointer_dereference }, - { "null_call", "any", null_pointer_call }, - { "read_after_free", "asan", read_after_free }, - { "double_free", "asan", double_free }, - { "read_uninitialized_stack", "msan", read_uninitialized_stack }, - { "memory_leak", "asan", memory_leak }, - { "test_memory_poison_0_0_8_r", "poison", test_memory_poison }, - { "test_memory_poison_0_0_8_w", "poison", test_memory_poison }, - { "test_memory_poison_0_7_8_r", "poison", test_memory_poison }, - { "test_memory_poison_0_7_8_w", "poison", test_memory_poison }, - { "test_memory_poison_0_0_1_r", "poison", test_memory_poison }, - { "test_memory_poison_0_0_1_w", "poison", test_memory_poison }, - { "test_memory_poison_0_1_2_r", "poison", test_memory_poison }, - { "test_memory_poison_0_1_2_w", "poison", test_memory_poison }, - { "test_memory_poison_7_0_8_r", "poison", test_memory_poison }, - { "test_memory_poison_7_0_8_w", "poison", test_memory_poison }, - { "test_memory_poison_7_7_8_r", "poison", test_memory_poison }, - { "test_memory_poison_7_7_8_w", "poison", test_memory_poison }, - { "test_memory_poison_7_0_1_r", "poison", test_memory_poison }, - { "test_memory_poison_7_0_1_w", "poison", test_memory_poison }, - { "test_memory_poison_7_1_2_r", "poison", test_memory_poison }, - { "test_memory_poison_7_1_2_w", "poison", test_memory_poison }, - { "mutex_lock_not_initialized", "pthread", mutex_lock_not_initialized }, - { "mutex_unlock_not_initialized", "pthread", mutex_unlock_not_initialized }, - { "mutex_free_not_initialized", "pthread", mutex_free_not_initialized }, - { "mutex_double_init", "pthread", mutex_double_init }, - { "mutex_double_free", "pthread", mutex_double_free }, - { "mutex_leak", "pthread", mutex_leak }, - { NULL, NULL, NULL } -}; - -static void help(FILE *out, const char *argv0) -{ - mbedtls_fprintf(out, "Usage: %s list|TEST\n", argv0); - mbedtls_fprintf(out, "Run a meta-test that should cause a test failure.\n"); - mbedtls_fprintf(out, "With 'list', list the available tests and their platform requirement.\n"); -} - -int main(int argc, char *argv[]) -{ - const char *argv0 = argc > 0 ? argv[0] : "metatest"; - if (argc != 2) { - help(stderr, argv0); - mbedtls_exit(MBEDTLS_EXIT_FAILURE); - } - - /* Support "-help", "--help", "--list", etc. */ - const char *command = argv[1]; - while (*command == '-') { - ++command; - } - - if (strcmp(argv[1], "help") == 0) { - help(stdout, argv0); - mbedtls_exit(MBEDTLS_EXIT_SUCCESS); - } - if (strcmp(argv[1], "list") == 0) { - for (const metatest_t *p = metatests; p->name != NULL; p++) { - mbedtls_printf("%s %s\n", p->name, p->platform); - } - mbedtls_exit(MBEDTLS_EXIT_SUCCESS); - } - -#if defined(MBEDTLS_TEST_MUTEX_USAGE) - mbedtls_test_mutex_usage_init(); -#endif - - for (const metatest_t *p = metatests; p->name != NULL; p++) { - if (strcmp(argv[1], p->name) == 0) { - mbedtls_printf("Running metatest %s...\n", argv[1]); - p->entry_point(argv[1]); -#if defined(MBEDTLS_TEST_MUTEX_USAGE) - mbedtls_test_mutex_usage_check(); -#endif - int result = (int) mbedtls_test_get_result(); - - mbedtls_printf("Running metatest %s... done, result=%d\n", - argv[1], result); - mbedtls_exit(result == MBEDTLS_TEST_RESULT_SUCCESS ? - MBEDTLS_EXIT_SUCCESS : - MBEDTLS_EXIT_FAILURE); - } - } - - mbedtls_fprintf(stderr, "%s: FATAL: No such metatest: %s\n", - argv0, command); - mbedtls_exit(MBEDTLS_EXIT_FAILURE); -} diff --git a/programs/test/query_compile_time_config.c b/programs/test/query_compile_time_config.c deleted file mode 100644 index a70e6daef3..0000000000 --- a/programs/test/query_compile_time_config.c +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Query the Mbed TLS compile time configuration - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#define USAGE \ - "usage: %s [ -all | -any | -l ] ...\n\n" \ - "This program takes command line arguments which correspond to\n" \ - "the string representation of Mbed TLS compile time configurations.\n\n" \ - "If \"--all\" and \"--any\" are not used, then, if all given arguments\n" \ - "are defined in the Mbed TLS build, 0 is returned; otherwise 1 is\n" \ - "returned. Macro expansions of configurations will be printed (if any).\n" \ - "-l\tPrint all available configuration.\n" \ - "-all\tReturn 0 if all configurations are defined. Otherwise, return 1\n" \ - "-any\tReturn 0 if any configuration is defined. Otherwise, return 1\n" \ - "-h\tPrint this usage\n" - -#include -#include "query_config.h" - -int main(int argc, char *argv[]) -{ - int i; - - if (argc < 2 || strcmp(argv[1], "-h") == 0) { - mbedtls_printf(USAGE, argv[0]); - return MBEDTLS_EXIT_FAILURE; - } - - if (strcmp(argv[1], "-l") == 0) { - list_config(); - return 0; - } - - if (strcmp(argv[1], "-all") == 0) { - for (i = 2; i < argc; i++) { - if (query_config(argv[i]) != 0) { - return 1; - } - } - return 0; - } - - if (strcmp(argv[1], "-any") == 0) { - for (i = 2; i < argc; i++) { - if (query_config(argv[i]) == 0) { - return 0; - } - } - return 1; - } - - for (i = 1; i < argc; i++) { - if (query_config(argv[i]) != 0) { - return 1; - } - } - - return 0; -} diff --git a/programs/test/query_config.h b/programs/test/query_config.h deleted file mode 100644 index 43f120bf01..0000000000 --- a/programs/test/query_config.h +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Query Mbed TLS compile time configurations from mbedtls_config.h - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef MBEDTLS_PROGRAMS_TEST_QUERY_CONFIG_H -#define MBEDTLS_PROGRAMS_TEST_QUERY_CONFIG_H - -#include "mbedtls/build_info.h" - -/** Check whether a given configuration symbol is enabled. - * - * \param config The symbol to query (e.g. "MBEDTLS_RSA_C"). - * \return \c 0 if the symbol was defined at compile time - * (in MBEDTLS_CONFIG_FILE or mbedtls_config.h), - * \c 1 otherwise. - * - * \note This function is defined in `programs/test/query_config.c` - * which is automatically generated by - * `scripts/generate_query_config.pl`. - */ -int query_config(const char *config); - -/** List all enabled configuration symbols - * - * \note This function is defined in `programs/test/query_config.c` - * which is automatically generated by - * `scripts/generate_query_config.pl`. - */ -void list_config(void); - -#endif /* MBEDTLS_PROGRAMS_TEST_QUERY_CONFIG_H */ diff --git a/programs/test/query_included_headers.c b/programs/test/query_included_headers.c deleted file mode 100644 index cdafa16204..0000000000 --- a/programs/test/query_included_headers.c +++ /dev/null @@ -1,29 +0,0 @@ -/* Ad hoc report on included headers. */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include - -int main(void) -{ - - /* Which PSA platform header? */ -#if defined(PSA_CRYPTO_PLATFORM_H) - mbedtls_printf("PSA_CRYPTO_PLATFORM_H\n"); -#endif -#if defined(PSA_CRYPTO_PLATFORM_ALT_H) - mbedtls_printf("PSA_CRYPTO_PLATFORM_ALT_H\n"); -#endif - - /* Which PSA struct header? */ -#if defined(PSA_CRYPTO_STRUCT_H) - mbedtls_printf("PSA_CRYPTO_STRUCT_H\n"); -#endif -#if defined(PSA_CRYPTO_STRUCT_ALT_H) - mbedtls_printf("PSA_CRYPTO_STRUCT_ALT_H\n"); -#endif - -} diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c deleted file mode 100644 index c1cee0d840..0000000000 --- a/programs/test/zeroize.c +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Zeroize application for debugger-driven testing - * - * This is a simple test application used for debugger-driven testing to check - * whether calls to mbedtls_platform_zeroize() are being eliminated by compiler - * optimizations. This application is used by the GDB script at - * tests/scripts/test_zeroize.gdb: the script sets a breakpoint at the last - * return statement in the main() function of this program. The debugger - * facilities are then used to manually inspect the memory and verify that the - * call to mbedtls_platform_zeroize() was not eliminated. - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include - -#include "mbedtls/platform.h" - -#include "mbedtls/platform_util.h" - -#define BUFFER_LEN 1024 - -static void usage(void) -{ - mbedtls_printf("Zeroize is a simple program to assist with testing\n"); - mbedtls_printf("the mbedtls_platform_zeroize() function by using the\n"); - mbedtls_printf("debugger. This program takes a file as input and\n"); - mbedtls_printf("prints the first %d characters. Usage:\n\n", BUFFER_LEN); - mbedtls_printf(" zeroize \n"); -} - -int main(int argc, char **argv) -{ - int exit_code = MBEDTLS_EXIT_FAILURE; - FILE *fp; - char buf[BUFFER_LEN]; - char *p = buf; - char *end = p + BUFFER_LEN; - int c; - - if (argc != 2) { - mbedtls_printf("This program takes exactly 1 argument\n"); - usage(); - mbedtls_exit(exit_code); - } - - fp = fopen(argv[1], "r"); - if (fp == NULL) { - mbedtls_printf("Could not open file '%s'\n", argv[1]); - mbedtls_exit(exit_code); - } - - while ((c = fgetc(fp)) != EOF && p < end - 1) { - *p++ = (char) c; - } - *p = '\0'; - - if (p - buf != 0) { - mbedtls_printf("%s\n", buf); - exit_code = MBEDTLS_EXIT_SUCCESS; - } else { - mbedtls_printf("The file is empty!\n"); - } - - fclose(fp); - mbedtls_platform_zeroize(buf, sizeof(buf)); - - mbedtls_exit(exit_code); // GDB_BREAK_HERE -- don't remove this comment! -} diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb deleted file mode 100644 index 57f771f56a..0000000000 --- a/tests/scripts/test_zeroize.gdb +++ /dev/null @@ -1,64 +0,0 @@ -# test_zeroize.gdb -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# -# Purpose -# -# Run a test using the debugger to check that the mbedtls_platform_zeroize() -# function in platform_util.h is not being optimized out by the compiler. To do -# so, the script loads the test program at programs/test/zeroize.c and sets a -# breakpoint at the last return statement in main(). When the breakpoint is -# hit, the debugger manually checks the contents to be zeroized and checks that -# it is actually cleared. -# -# The mbedtls_platform_zeroize() test is debugger driven because there does not -# seem to be a mechanism to reliably check whether the zeroize calls are being -# eliminated by compiler optimizations from within the compiled program. The -# problem is that a compiler would typically remove what it considers to be -# "unnecessary" assignments as part of redundant code elimination. To identify -# such code, the compilar will create some form dependency graph between -# reads and writes to variables (among other situations). It will then use this -# data structure to remove redundant code that does not have an impact on the -# program's observable behavior. In the case of mbedtls_platform_zeroize(), an -# intelligent compiler could determine that this function clears a block of -# memory that is not accessed later in the program, so removing the call to -# mbedtls_platform_zeroize() does not have an observable behavior. However, -# inserting a test after a call to mbedtls_platform_zeroize() to check whether -# the block of memory was correctly zeroed would force the compiler to not -# eliminate the mbedtls_platform_zeroize() call. If this does not occur, then -# the compiler potentially has a bug. -# -# Note: This test requires that the test program is compiled with -g3. - -set confirm off - -file ./programs/test/zeroize - -search GDB_BREAK_HERE -break $_ - -set args ./programs/test/zeroize.c -run - -set $i = 0 -set $len = sizeof(buf) -set $buf = buf - -while $i < $len - if $buf[$i++] != 0 - echo The buffer at was not zeroized\n - quit 1 - end -end - -echo The buffer was correctly zeroized\n - -continue - -if $_exitcode != 0 - echo The program did not terminate correctly\n - quit 1 -end - -quit 0 From 2543ec0608ad601d0171d893d6848891a49979ba Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Tue, 11 Feb 2025 14:06:44 +0000 Subject: [PATCH 08/23] Update paths for moved program files in makefiles This commit updates the file paths necessary for dlopen_demo.sh, metatest.c query_compile_time_config.c, query_config.h, query_included_headers.c and zeroize.c. This commit also adds a CFLAG to find header files now contained in the framework. Signed-off-by: Harry Ramsey --- programs/Makefile | 33 ++++++++++++++++++--------------- 1 file changed, 18 insertions(+), 15 deletions(-) diff --git a/programs/Makefile b/programs/Makefile index c177c28a25..07638a7c04 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -1,4 +1,5 @@ MBEDTLS_TEST_PATH = ../tests +FRAMEWORK = ${MBEDTLS_PATH}/framework include ../scripts/common.make ifeq ($(shell uname -s),Linux) @@ -24,6 +25,8 @@ else BUILD_DLOPEN = endif +LOCAL_CFLAGS += -I$(FRAMEWORK)/tests/programs + ## The following assignment is the list of base names of applications that ## will be built on Windows. Extra Linux/Unix/POSIX-only applications can ## be declared by appending with `APPS += ...` afterwards. @@ -301,7 +304,7 @@ ssl/ssl_client1$(EXEXT): ssl/ssl_client1.c $(DEP) SSL_TEST_OBJECTS = test/query_config.o ssl/ssl_test_lib.o SSL_TEST_DEPS = $(SSL_TEST_OBJECTS) \ - test/query_config.h \ + $(FRAMEWORK)/tests/programs/query_config.h \ ssl/ssl_test_lib.h \ ssl/ssl_test_common_source.c \ $(DEP) @@ -322,7 +325,7 @@ ssl/ssl_server2$(EXEXT): ssl/ssl_server2.c $(SSL_TEST_DEPS) echo " CC ssl/ssl_server2.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_server2.c $(SSL_TEST_OBJECTS) $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -ssl/ssl_context_info$(EXEXT): ssl/ssl_context_info.c test/query_config.o test/query_config.h $(DEP) +ssl/ssl_context_info$(EXEXT): ssl/ssl_context_info.c test/query_config.o $(FRAMEWORK)/tests/programs/query_config.h $(DEP) echo " CC ssl/ssl_context_info.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_context_info.c test/query_config.o $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ @@ -363,17 +366,17 @@ test/dlopen$(EXEXT): test/dlopen.c $(DEP) $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/dlopen.c $(LDFLAGS) $(DLOPEN_LDFLAGS) -o $@ endif -test/metatest$(EXEXT): test/metatest.c $(DEP) - echo " CC test/metatest.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -I../library -I../tf-psa-crypto/core test/metatest.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +test/metatest$(EXEXT): $(FRAMEWORK)/tests/programs/metatest.c $(DEP) + echo " CC $(FRAMEWORK)/tests/programs/metatest.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -I../library -I../tf-psa-crypto/core $(FRAMEWORK)/tests/programs/metatest.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -test/query_config.o: test/query_config.c test/query_config.h $(DEP) +test/query_config.o: test/query_config.c $(FRAMEWORK)/tests/programs/query_config.h $(DEP) echo " CC test/query_config.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -c test/query_config.c -o $@ -test/query_included_headers$(EXEXT): test/query_included_headers.c $(DEP) - echo " CC test/query_included_headers.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/query_included_headers.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +test/query_included_headers$(EXEXT): $(FRAMEWORK)/tests/programs/query_included_headers.c $(DEP) + echo " CC $(FRAMEWORK)/tests/programs/query_included_headers.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $(FRAMEWORK)/tests/programs/query_included_headers.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ test/selftest$(EXEXT): test/selftest.c $(DEP) echo " CC test/selftest.c" @@ -383,13 +386,13 @@ test/udp_proxy$(EXEXT): test/udp_proxy.c $(DEP) echo " CC test/udp_proxy.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/udp_proxy.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -test/zeroize$(EXEXT): test/zeroize.c $(DEP) - echo " CC test/zeroize.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/zeroize.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +test/zeroize$(EXEXT): $(FRAMEWORK)/tests/programs/zeroize.c $(DEP) + echo " CC $(FRAMEWORK)/tests/programs/zeroize.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $(FRAMEWORK)/tests/programs/zeroize.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -test/query_compile_time_config$(EXEXT): test/query_compile_time_config.c test/query_config.o test/query_config.h $(DEP) - echo " CC test/query_compile_time_config.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/query_compile_time_config.c test/query_config.o $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +test/query_compile_time_config$(EXEXT): $(FRAMEWORK)/tests/programs/query_compile_time_config.c test/query_config.o $(FRAMEWORK)/tests/programs/query_config.h $(DEP) + echo " CC $(FRAMEWORK)/tests/programs/query_compile_time_config.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $(FRAMEWORK)/tests/programs/query_compile_time_config.c test/query_config.o $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ util/pem2der$(EXEXT): util/pem2der.c $(DEP) echo " CC util/pem2der.c" From c19b8e80e7ed024297f394b4f0124f40a7bbb1cf Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Tue, 11 Feb 2025 14:14:00 +0000 Subject: [PATCH 09/23] Update include paths in C files Signed-off-by: Harry Ramsey --- programs/ssl/ssl_test_lib.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index a8387d7196..6fc3d73072 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -66,7 +66,7 @@ #include -#include "../test/query_config.h" +#include "query_config.h" #define ALPN_LIST_SIZE 10 #define GROUP_LIST_SIZE 25 From 53ba6ad106128eb72f9177bd8eda1b47ced21787 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Wed, 12 Feb 2025 10:18:51 +0000 Subject: [PATCH 10/23] Update paths for moved program files in CMakeLists This commit fixes the paths of program files which were moved to the MbedTLS Framework. Signed-off-by: Harry Ramsey --- programs/ssl/CMakeLists.txt | 10 +++++----- programs/test/CMakeLists.txt | 13 ++++++++++--- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt index a27c6262b5..65f65b9bdd 100644 --- a/programs/ssl/CMakeLists.txt +++ b/programs/ssl/CMakeLists.txt @@ -35,7 +35,7 @@ foreach(exe IN LISTS executables) if(exe STREQUAL "ssl_client2" OR exe STREQUAL "ssl_server2") list(APPEND extra_sources ssl_test_lib.c - ${CMAKE_CURRENT_SOURCE_DIR}/../test/query_config.h + ${MBEDTLS_FRAMEWORK_DIR}/tests/programs/query_config.h ${CMAKE_CURRENT_BINARY_DIR}/../test/query_config.c) endif() add_executable(${exe} @@ -45,14 +45,13 @@ foreach(exe IN LISTS executables) ${extra_sources}) set_base_compile_options(${exe}) target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include + target_include_directories(${exe} PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/programs + ${MBEDTLS_FRAMEWORK_DIR}/tests/include ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) if(exe STREQUAL "ssl_client2" OR exe STREQUAL "ssl_server2") if(GEN_FILES) add_dependencies(${exe} generate_query_config_c) endif() - target_include_directories(${exe} - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../test) endif() endforeach() @@ -62,7 +61,8 @@ if(THREADS_FOUND) $ $) set_base_compile_options(ssl_pthread_server) - target_include_directories(ssl_pthread_server PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include + target_include_directories(ssl_pthread_server PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/programs + ${MBEDTLS_FRAMEWORK_DIR}/tests/include ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) target_link_libraries(ssl_pthread_server ${libs} ${CMAKE_THREAD_LIBS_INIT}) list(APPEND executables ssl_pthread_server) diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index dec1e8c28a..9c781a6b49 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -76,17 +76,24 @@ else() endif() foreach(exe IN LISTS executables_libs executables_mbedcrypto) + set(source ${exe}.c) set(extra_sources "") + if(NOT EXISTS ${source} AND + EXISTS ${MBEDTLS_FRAMEWORK_DIR}/tests/programs/${source}) + set(source ${MBEDTLS_FRAMEWORK_DIR}/tests/programs/${source}) + endif() + if(exe STREQUAL "query_compile_time_config") list(APPEND extra_sources - ${CMAKE_CURRENT_SOURCE_DIR}/query_config.h + ${MBEDTLS_FRAMEWORK_DIR}/tests/programs/query_config.h ${CMAKE_CURRENT_BINARY_DIR}/query_config.c) endif() - add_executable(${exe} ${exe}.c $ + add_executable(${exe} ${source} $ ${extra_sources}) set_base_compile_options(${exe}) target_include_directories(${exe} - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) + PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/include + ${MBEDTLS_FRAMEWORK_DIR}/tests/programs) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../library ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/core) From d096793c3f355abd09c739d0aa397d7524740d00 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Wed, 12 Feb 2025 20:29:33 +0000 Subject: [PATCH 11/23] Update paths for moved program files in components-build-system.sh This commit updates the paths for dlopen_demo.sh in components-build-system.sh as the file has been moved to the framework. Signed-off-by: Harry Ramsey --- tests/scripts/components-build-system.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/components-build-system.sh b/tests/scripts/components-build-system.sh index d6ad88ab82..91a999e10a 100644 --- a/tests/scripts/components-build-system.sh +++ b/tests/scripts/components-build-system.sh @@ -13,7 +13,7 @@ component_test_make_shared () { msg "build/test: make shared" # ~ 40s make SHARED=1 TEST_CPP=1 all check ldd programs/util/strerror | grep libmbedcrypto - programs/test/dlopen_demo.sh + $FRAMEWORK/tests/programs/dlopen_demo.sh } component_test_cmake_shared () { @@ -22,7 +22,7 @@ component_test_cmake_shared () { make ldd programs/util/strerror | grep libtfpsacrypto make test - programs/test/dlopen_demo.sh + $FRAMEWORK/tests/programs/dlopen_demo.sh } support_test_cmake_out_of_source () { From ec4af6c6e2f99821e9a60fb0d2f2ea10abef828b Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Wed, 12 Feb 2025 20:56:34 +0000 Subject: [PATCH 12/23] Update paths for moved programs in generate_visualc_files.pl This commit updates the paths for moved programs in generate_visualc_files.pl. Signed-off-by: Harry Ramsey --- scripts/generate_visualc_files.pl | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index d0fcb7d60f..053040a9c5 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -22,6 +22,7 @@ my $vsx_sln_tpl_file = "scripts/data_files/vs2017-sln-template.sln"; my $vsx_sln_file = "$vsx_dir/mbedTLS.sln"; my $mbedtls_programs_dir = "programs"; +my $framework_programs_dir = "framework/tests/programs"; my $tfpsacrypto_programs_dir = "tf-psa-crypto/programs"; my $mbedtls_header_dir = 'include/mbedtls'; @@ -59,6 +60,7 @@ my @include_directories = qw( tf-psa-crypto/drivers/everest/include/everest/kremlib tests/include framework/tests/include + framework/tests/programs ); my $include_directories = join(';', map {"../../$_"} @include_directories); @@ -125,6 +127,7 @@ sub check_dirs { && -d $tls_test_header_dir && -d $test_drivers_header_dir && -d $mbedtls_programs_dir + && -d $framework_programs_dir && -d $tfpsacrypto_programs_dir; } @@ -164,7 +167,14 @@ sub gen_app { (my $appname = $path) =~ s/.*\\//; my $is_test_app = ($path =~ m/^test\\/); - my $srcs = ""; + my $srcs; + if( $appname eq "metatest" or $appname eq "query_compile_time_config" or + $appname eq "query_included_headers" or $appname eq "zeroize" ) { + $srcs = ""; + } else { + $srcs = ""; + } + if( $appname eq "ssl_client2" or $appname eq "ssl_server2" or $appname eq "query_compile_time_config" ) { $srcs .= "\n "; @@ -283,6 +293,7 @@ sub main { $tls_source_dir, $crypto_core_source_dir, $crypto_source_dir, + $framework_programs_dir, @thirdparty_header_dirs, ); my @headers = (map { <$_/*.h> } @header_dirs); From 9b4035cc9ebbe8a0ef6611e6fb813e69f6b7481c Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Mon, 17 Feb 2025 10:00:11 +0000 Subject: [PATCH 13/23] Update path for moved test_zeroize.gdb script This commit updates the path for the moved test_zeroize.gdb script which has been moved to MbedTLS-Framework. Signed-off-by: Harry Ramsey --- tests/scripts/components-compiler.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh index 469c62cb09..74543b13e9 100644 --- a/tests/scripts/components-compiler.sh +++ b/tests/scripts/components-compiler.sh @@ -136,7 +136,7 @@ component_test_zeroize () { for compiler in clang gcc; do msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()" make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" - gdb -ex "$gdb_disable_aslr" -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log + gdb -ex "$gdb_disable_aslr" -x $FRAMEWORK/tests/programs/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log grep "The buffer was correctly zeroized" test_zeroize.log not grep -i "error" test_zeroize.log rm -f test_zeroize.log From f6fb2f0cb41a273b689b9e53f6c45c529ac48eb4 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Tue, 18 Feb 2025 17:52:45 +0000 Subject: [PATCH 14/23] Update documentation regarding test_zeroize This commit updates the paths in documentation for test_zeroize since it has been moved to MbedTLS Framework. Signed-off-by: Harry Ramsey --- docs/architecture/testing/invasive-testing.md | 2 +- programs/README.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/architecture/testing/invasive-testing.md b/docs/architecture/testing/invasive-testing.md index 464f7611f2..bf8d631d79 100644 --- a/docs/architecture/testing/invasive-testing.md +++ b/docs/architecture/testing/invasive-testing.md @@ -275,7 +275,7 @@ This section lists some strategies that are currently used for invasive testing, Goal: test that `mbedtls_platform_zeroize` does wipe the memory buffer. -Solution ([debugger](#debugger-based-testing)): implemented in `tests/scripts/test_zeroize.gdb`. +Solution ([debugger](#debugger-based-testing)): implemented in `framework/tests/programs/test_zeroize.gdb`. Rationale: this cannot be tested by adding C code, because the danger is that the compiler optimizes the zeroization away, and any C code that observes the zeroization would cause the compiler not to optimize it away. diff --git a/programs/README.md b/programs/README.md index f53bde5611..a58037d097 100644 --- a/programs/README.md +++ b/programs/README.md @@ -53,7 +53,7 @@ This subdirectory mostly contains sample programs that illustrate specific featu ## Random number generator (RNG) examples -* [`random/gen_entropy.c`](random/gen_entropy.c): shows how to use the default entropy sources to generate random data. +* [`random/gen_entropy.c`](random/gen_entropy.c): shows how to use the default entropy sources to generate random data. Note: most applications should only use the entropy generator to seed a cryptographic pseudorandom generator, as illustrated by `random/gen_random_ctr_drbg.c`. * [`random/gen_random_ctr_drbg.c`](random/gen_random_ctr_drbg.c): shows how to use the default entropy sources to seed a pseudorandom generator, and how to use the resulting random generator to generate random data. @@ -96,7 +96,7 @@ In addition to providing options for testing client-side features, the `ssl_clie * [`test/udp_proxy.c`](test/udp_proxy.c): a UDP proxy that can inject certain failures (delay, duplicate, drop). Useful for testing DTLS. -* [`test/zeroize.c`](test/zeroize.c): a test program for `mbedtls_platform_zeroize`, used by [`tests/scripts/test_zeroize.gdb`](tests/scripts/test_zeroize.gdb). +* [`test/zeroize.c`](../framework/tests/programs/zeroize.c): a test program for `mbedtls_platform_zeroize`, used by [`test_zeroize.gdb`](../framework/tests/programs/test_zeroize.gdb). ## Development utilities From 21506fd7f19257315d10cf278bbea2c331f7a4dd Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Wed, 19 Feb 2025 14:47:10 +0000 Subject: [PATCH 15/23] Update documentation regarding metatest This commit updates the paths in the documentation for metatest.c as it has been moved to MbedTLS Framework. Signed-off-by: Harry Ramsey --- tests/suites/test_suite_test_helpers.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_test_helpers.function b/tests/suites/test_suite_test_helpers.function index 8c5d5adf65..0139faf14f 100644 --- a/tests/suites/test_suite_test_helpers.function +++ b/tests/suites/test_suite_test_helpers.function @@ -15,7 +15,7 @@ /* Test that poison+unpoison leaves the memory accessible. */ /* We can't test that poisoning makes the memory inaccessible: * there's no sane way to catch an Asan/Valgrind complaint. - * That negative testing is done in programs/test/metatest.c. */ + * That negative testing is done in framework/tests/programs/metatest.c. */ void memory_poison_unpoison(int align, int size) { unsigned char *buf = NULL; From 48d1374a2cfe0b99ccf44e76f1d456fb3291ae2a Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Mon, 17 Feb 2025 10:01:43 +0000 Subject: [PATCH 16/23] Update framework pointer Signed-off-by: Harry Ramsey --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 9c2eb756ca..523a12d05b 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 9c2eb756ca8c8edbbc100ac2530c3066833952a7 +Subproject commit 523a12d05b91301b020e2aa560d9774135e3a801 From 5befe36d2aeb4f4b9893c25427cb087b14070358 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Wed, 19 Feb 2025 15:27:49 +0000 Subject: [PATCH 17/23] Update TF-PSA-Crypto pointer Signed-off-by: Harry Ramsey --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index da76c6b191..67212566e9 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit da76c6b1915c75e9dd9efc32f7d206a05b5d36c8 +Subproject commit 67212566e95c936f8375eb634c249dd71dea582d From 6a9cf113611de1d8ac18f49563883a639ae7c7d6 Mon Sep 17 00:00:00 2001 From: Stefan Gloor Date: Fri, 21 Feb 2025 10:30:02 +0100 Subject: [PATCH 18/23] fix: remove superfluous BEFORE_COLON in x509_crl.c BEFORE_COLON and BC defines with the accompanying comment are only required in x509_crt and x509_csr, but not used in x509_crl.c. Signed-off-by: Stefan Gloor --- library/x509_crl.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/library/x509_crl.c b/library/x509_crl.c index e67fde7210..bc4fdbb884 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -582,11 +582,6 @@ int mbedtls_x509_crl_parse_file(mbedtls_x509_crl *chain, const char *path) #endif /* MBEDTLS_FS_IO */ #if !defined(MBEDTLS_X509_REMOVE_INFO) -/* - * Return an informational string about the certificate. - */ -#define BEFORE_COLON 14 -#define BC "14" /* * Return an informational string about the CRL. */ From b5c079b13c4977bdba8593d174d7851e41b5788e Mon Sep 17 00:00:00 2001 From: Stefan Gloor Date: Fri, 21 Feb 2025 10:33:51 +0100 Subject: [PATCH 19/23] fix: rename BEFORE_COLON and BC to avoid conflicts Namespace BEFORE_COLON and BC defines by prepending MBEDTLS_ and expanding BC to BEFORE_COLON_STR. This is to avoid naming conflicts with third-party code. No functional change. Signed-off-by: Stefan Gloor --- library/x509_crt.c | 12 ++++++------ library/x509_csr.c | 12 ++++++------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 113eb1b072..5d26ebbbc1 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1743,15 +1743,15 @@ static int x509_info_cert_policies(char **buf, size_t *size, /* * Return an informational string about the certificate. */ -#define BEFORE_COLON 18 -#define BC "18" +#define MBEDTLS_BEFORE_COLON 18 +#define MBEDTLS_BEFORE_COLON_STR "18" int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix, const mbedtls_x509_crt *crt) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; char *p; - char key_size_str[BEFORE_COLON]; + char key_size_str[MBEDTLS_BEFORE_COLON]; p = buf; n = size; @@ -1805,13 +1805,13 @@ int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix, MBEDTLS_X509_SAFE_SNPRINTF; /* Key size */ - if ((ret = mbedtls_x509_key_size_helper(key_size_str, BEFORE_COLON, + if ((ret = mbedtls_x509_key_size_helper(key_size_str, MBEDTLS_BEFORE_COLON, mbedtls_pk_get_name(&crt->pk))) != 0) { return ret; } - ret = mbedtls_snprintf(p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str, - (int) mbedtls_pk_get_bitlen(&crt->pk)); + ret = mbedtls_snprintf(p, n, "\n%s%-" MBEDTLS_BEFORE_COLON_STR "s: %d bits", + prefix, key_size_str, (int) mbedtls_pk_get_bitlen(&crt->pk)); MBEDTLS_X509_SAFE_SNPRINTF; /* diff --git a/library/x509_csr.c b/library/x509_csr.c index 3a78268685..8e5fdb6813 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -519,8 +519,8 @@ int mbedtls_x509_csr_parse_file(mbedtls_x509_csr *csr, const char *path) #endif /* MBEDTLS_FS_IO */ #if !defined(MBEDTLS_X509_REMOVE_INFO) -#define BEFORE_COLON 14 -#define BC "14" +#define MBEDTLS_BEFORE_COLON 14 +#define MBEDTLS_BEFORE_COLON_STR "14" /* * Return an informational string about the CSR. */ @@ -530,7 +530,7 @@ int mbedtls_x509_csr_info(char *buf, size_t size, const char *prefix, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; char *p; - char key_size_str[BEFORE_COLON]; + char key_size_str[MBEDTLS_BEFORE_COLON]; p = buf; n = size; @@ -551,13 +551,13 @@ int mbedtls_x509_csr_info(char *buf, size_t size, const char *prefix, csr->sig_opts); MBEDTLS_X509_SAFE_SNPRINTF; - if ((ret = mbedtls_x509_key_size_helper(key_size_str, BEFORE_COLON, + if ((ret = mbedtls_x509_key_size_helper(key_size_str, MBEDTLS_BEFORE_COLON, mbedtls_pk_get_name(&csr->pk))) != 0) { return ret; } - ret = mbedtls_snprintf(p, n, "\n%s%-" BC "s: %d bits\n", prefix, key_size_str, - (int) mbedtls_pk_get_bitlen(&csr->pk)); + ret = mbedtls_snprintf(p, n, "\n%s%-" MBEDTLS_BEFORE_COLON_STR "s: %d bits\n", + prefix, key_size_str, (int) mbedtls_pk_get_bitlen(&csr->pk)); MBEDTLS_X509_SAFE_SNPRINTF; /* From 34b4aa1f585d2dfce06401d9a2a3e02e28579b38 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 17 Feb 2025 10:21:28 +0100 Subject: [PATCH 20/23] programs: move benchmark to tf-psa-crypto repo This commit also removes references from Makefile and README.md. Signed-off-by: Valerio Setti --- programs/Makefile | 5 - programs/README.md | 3 - programs/test/CMakeLists.txt | 1 - programs/test/benchmark.c | 1272 ---------------------------------- 4 files changed, 1281 deletions(-) delete mode 100644 programs/test/benchmark.c diff --git a/programs/Makefile b/programs/Makefile index 07638a7c04..79bb402f1b 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -79,7 +79,6 @@ APPS = \ ssl/ssl_mail_client \ ssl/ssl_server \ ssl/ssl_server2 \ - test/benchmark \ test/metatest \ test/query_compile_time_config \ test/query_included_headers \ @@ -345,10 +344,6 @@ ssl/mini_client$(EXEXT): ssl/mini_client.c $(DEP) echo " CC ssl/mini_client.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/mini_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -test/benchmark$(EXEXT): test/benchmark.c $(DEP) - echo " CC test/benchmark.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/benchmark.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - test/cpp_dummy_build.cpp: test/generate_cpp_dummy_build.sh echo " Gen test/cpp_dummy_build.cpp" test/generate_cpp_dummy_build.sh diff --git a/programs/README.md b/programs/README.md index a58037d097..5e5f40a4c3 100644 --- a/programs/README.md +++ b/programs/README.md @@ -90,8 +90,6 @@ In addition to providing options for testing client-side features, the `ssl_clie ## Test utilities -* [`test/benchmark.c`](test/benchmark.c): benchmark for cryptographic algorithms. - * [`test/selftest.c`](test/selftest.c): runs the self-test function in each library module. * [`test/udp_proxy.c`](test/udp_proxy.c): a UDP proxy that can inject certain failures (delay, duplicate, drop). Useful for testing DTLS. @@ -115,4 +113,3 @@ In addition to providing options for testing client-side features, the `ssl_clie * [`x509/crl_app.c`](x509/crl_app.c): loads and dumps a certificate revocation list (CRL). * [`x509/req_app.c`](x509/req_app.c): loads and dumps a certificate signing request (CSR). - diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index 9c781a6b49..089f8a67e8 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -13,7 +13,6 @@ add_dependencies(${programs_target} ${executables_libs}) add_dependencies(${ssl_opt_target} udp_proxy) set(executables_mbedcrypto - benchmark zeroize ) add_dependencies(${programs_target} ${executables_mbedcrypto}) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c deleted file mode 100644 index c878e3426d..0000000000 --- a/programs/test/benchmark.c +++ /dev/null @@ -1,1272 +0,0 @@ -/* - * Benchmark demonstration program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_HAVE_TIME) -int main(void) -{ - mbedtls_printf("MBEDTLS_HAVE_TIME not defined.\n"); - mbedtls_exit(0); -} -#else - -#include -#include - -#include "mbedtls/md5.h" -#include "mbedtls/ripemd160.h" -#include "mbedtls/sha1.h" -#include "mbedtls/sha256.h" -#include "mbedtls/sha512.h" -#include "mbedtls/sha3.h" - -#include "mbedtls/des.h" -#include "mbedtls/aes.h" -#include "mbedtls/aria.h" -#include "mbedtls/camellia.h" -#include "mbedtls/chacha20.h" -#include "mbedtls/gcm.h" -#include "mbedtls/ccm.h" -#include "mbedtls/chachapoly.h" -#include "mbedtls/cmac.h" -#include "mbedtls/poly1305.h" - -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/hmac_drbg.h" - -#include "mbedtls/rsa.h" -#include "mbedtls/dhm.h" -#include "mbedtls/ecdsa.h" -#include "mbedtls/ecdh.h" - -#include "mbedtls/error_common.h" - -/* *INDENT-OFF* */ -#ifndef asm -#define asm __asm -#endif -/* *INDENT-ON* */ - -#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) - -#include -#include - -struct _hr_time { - LARGE_INTEGER start; -}; - -#else - -#include -#include -#include -#include -#include - -struct _hr_time { - struct timeval start; -}; - -#endif /* _WIN32 && !EFIX64 && !EFI32 */ - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) -#include "mbedtls/memory_buffer_alloc.h" -#endif - -#ifdef MBEDTLS_TIMING_ALT -void mbedtls_set_alarm(int seconds); -unsigned long mbedtls_timing_hardclock(void); -extern volatile int mbedtls_timing_alarmed; -#else -static void mbedtls_set_alarm(int seconds); -static unsigned long mbedtls_timing_hardclock(void); -#endif - -/* - * For heap usage estimates, we need an estimate of the overhead per allocated - * block. ptmalloc2/3 (used in gnu libc for instance) uses 2 size_t per block, - * so use that as our baseline. - */ -#define MEM_BLOCK_OVERHEAD (2 * sizeof(size_t)) - -/* - * Size to use for the alloc buffer if MEMORY_BUFFER_ALLOC_C is defined. - */ -#define HEAP_SIZE (1u << 16) /* 64k */ - -#define BUFSIZE 1024 -#define HEADER_FORMAT " %-24s : " -#define TITLE_LEN 25 - -#define OPTIONS \ - "md5, ripemd160, sha1, sha256, sha512,\n" \ - "sha3_224, sha3_256, sha3_384, sha3_512,\n" \ - "des3, des, camellia, chacha20,\n" \ - "aes_cbc, aes_cfb128, aes_cfb8, aes_gcm, aes_ccm, aes_xts, chachapoly\n" \ - "aes_cmac, des3_cmac, poly1305\n" \ - "ctr_drbg, hmac_drbg\n" \ - "rsa, dhm, ecdsa, ecdh.\n" - -#if defined(MBEDTLS_ERROR_C) -#define PRINT_ERROR \ - mbedtls_printf("Error code: %d", ret); -/* mbedtls_strerror(ret, (char *) tmp, sizeof(tmp)); \ - mbedtls_printf("FAILED: %s\n", tmp); */ -#else -#define PRINT_ERROR \ - mbedtls_printf("FAILED: -0x%04x\n", (unsigned int) -ret); -#endif - -#define TIME_AND_TSC(TITLE, CODE) \ - do { \ - unsigned long ii, jj, tsc; \ - int ret = 0; \ - \ - mbedtls_printf(HEADER_FORMAT, TITLE); \ - fflush(stdout); \ - \ - mbedtls_set_alarm(1); \ - for (ii = 1; ret == 0 && !mbedtls_timing_alarmed; ii++) \ - { \ - ret = CODE; \ - } \ - \ - tsc = mbedtls_timing_hardclock(); \ - for (jj = 0; ret == 0 && jj < 1024; jj++) \ - { \ - ret = CODE; \ - } \ - \ - if (ret != 0) \ - { \ - PRINT_ERROR; \ - } \ - else \ - { \ - mbedtls_printf("%9lu KiB/s, %9lu cycles/byte\n", \ - ii * BUFSIZE / 1024, \ - (mbedtls_timing_hardclock() - tsc) \ - / (jj * BUFSIZE)); \ - } \ - } while (0) - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_MEMORY_DEBUG) - -/* How much space to reserve for the title when printing heap usage results. - * Updated manually as the output of the following command: - * - * sed -n 's/.*[T]IME_PUBLIC.*"\(.*\)",/\1/p' programs/test/benchmark.c | - * awk '{print length+3}' | sort -rn | head -n1 - * - * This computes the maximum length of a title +3, because we appends "/s" and - * want at least one space. (If the value is too small, the only consequence - * is poor alignment.) */ -#define TITLE_SPACE 17 - -#define MEMORY_MEASURE_INIT \ - size_t max_used, max_blocks, max_bytes; \ - size_t prv_used, prv_blocks; \ - size_t alloc_cnt, free_cnt, prv_alloc, prv_free; \ - mbedtls_memory_buffer_alloc_cur_get(&prv_used, &prv_blocks); \ - mbedtls_memory_buffer_alloc_max_reset(); - -#define MEMORY_MEASURE_RESET \ - mbedtls_memory_buffer_alloc_count_get(&prv_alloc, &prv_free); - -#define MEMORY_MEASURE_PRINT(title_len) \ - mbedtls_memory_buffer_alloc_max_get(&max_used, &max_blocks); \ - mbedtls_memory_buffer_alloc_count_get(&alloc_cnt, &free_cnt); \ - ii = TITLE_SPACE > (title_len) ? TITLE_SPACE - (title_len) : 1; \ - while (ii--) mbedtls_printf(" "); \ - max_used -= prv_used; \ - max_blocks -= prv_blocks; \ - max_bytes = max_used + MEM_BLOCK_OVERHEAD * max_blocks; \ - mbedtls_printf("%6u heap bytes, %6u allocs", \ - (unsigned) max_bytes, \ - (unsigned) (alloc_cnt - prv_alloc)); - -#else -#define MEMORY_MEASURE_INIT -#define MEMORY_MEASURE_RESET -#define MEMORY_MEASURE_PRINT(title_len) -#endif - -#define TIME_PUBLIC(TITLE, TYPE, CODE) \ - do { \ - unsigned long ii; \ - int ret; \ - MEMORY_MEASURE_INIT; \ - \ - mbedtls_printf(HEADER_FORMAT, TITLE); \ - fflush(stdout); \ - mbedtls_set_alarm(3); \ - \ - ret = 0; \ - for (ii = 1; !mbedtls_timing_alarmed && !ret; ii++) \ - { \ - MEMORY_MEASURE_RESET; \ - CODE; \ - } \ - \ - if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED) \ - { \ - mbedtls_printf("Feature Not Supported. Skipping.\n"); \ - ret = 0; \ - } \ - else if (ret != 0) \ - { \ - PRINT_ERROR; \ - } \ - else \ - { \ - mbedtls_printf("%6lu " TYPE "/s", ii / 3); \ - MEMORY_MEASURE_PRINT(sizeof(TYPE) + 1); \ - mbedtls_printf("\n"); \ - } \ - } while (0) - -#if !defined(MBEDTLS_TIMING_ALT) -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - (defined(_MSC_VER) && defined(_M_IX86)) || defined(__WATCOMC__) - -#define HAVE_HARDCLOCK - -static unsigned long mbedtls_timing_hardclock(void) -{ - unsigned long tsc; - __asm rdtsc - __asm mov[tsc], eax - return tsc; -} -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - ( _MSC_VER && _M_IX86 ) || __WATCOMC__ */ - -/* some versions of mingw-64 have 32-bit longs even on x84_64 */ -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && (defined(__i386__) || ( \ - (defined(__amd64__) || defined(__x86_64__)) && __SIZEOF_LONG__ == 4)) - -#define HAVE_HARDCLOCK - -static unsigned long mbedtls_timing_hardclock(void) -{ - unsigned long lo, hi; - asm volatile ("rdtsc" : "=a" (lo), "=d" (hi)); - return lo; -} -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - __GNUC__ && __i386__ */ - -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && (defined(__amd64__) || defined(__x86_64__)) - -#define HAVE_HARDCLOCK - -static unsigned long mbedtls_timing_hardclock(void) -{ - unsigned long lo, hi; - asm volatile ("rdtsc" : "=a" (lo), "=d" (hi)); - return lo | (hi << 32); -} -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - __GNUC__ && ( __amd64__ || __x86_64__ ) */ - -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && (defined(__powerpc__) || defined(__ppc__)) - -#define HAVE_HARDCLOCK - -static unsigned long mbedtls_timing_hardclock(void) -{ - unsigned long tbl, tbu0, tbu1; - - do { - asm volatile ("mftbu %0" : "=r" (tbu0)); - asm volatile ("mftb %0" : "=r" (tbl)); - asm volatile ("mftbu %0" : "=r" (tbu1)); - } while (tbu0 != tbu1); - - return tbl; -} -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - __GNUC__ && ( __powerpc__ || __ppc__ ) */ - -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && defined(__sparc64__) - -#if defined(__OpenBSD__) -#warning OpenBSD does not allow access to tick register using software version instead -#else -#define HAVE_HARDCLOCK - -static unsigned long mbedtls_timing_hardclock(void) -{ - unsigned long tick; - asm volatile ("rdpr %%tick, %0;" : "=&r" (tick)); - return tick; -} -#endif /* __OpenBSD__ */ -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - __GNUC__ && __sparc64__ */ - -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && defined(__sparc__) && !defined(__sparc64__) - -#define HAVE_HARDCLOCK - -static unsigned long mbedtls_timing_hardclock(void) -{ - unsigned long tick; - asm volatile (".byte 0x83, 0x41, 0x00, 0x00"); - asm volatile ("mov %%g1, %0" : "=r" (tick)); - return tick; -} -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - __GNUC__ && __sparc__ && !__sparc64__ */ - -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && defined(__alpha__) - -#define HAVE_HARDCLOCK - -static unsigned long mbedtls_timing_hardclock(void) -{ - unsigned long cc; - asm volatile ("rpcc %0" : "=r" (cc)); - return cc & 0xFFFFFFFF; -} -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - __GNUC__ && __alpha__ */ - -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && defined(__ia64__) - -#define HAVE_HARDCLOCK - -static unsigned long mbedtls_timing_hardclock(void) -{ - unsigned long itc; - asm volatile ("mov %0 = ar.itc" : "=r" (itc)); - return itc; -} -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - __GNUC__ && __ia64__ */ - -#if !defined(HAVE_HARDCLOCK) && defined(_WIN32) && \ - !defined(EFIX64) && !defined(EFI32) - -#define HAVE_HARDCLOCK - -static unsigned long mbedtls_timing_hardclock(void) -{ - LARGE_INTEGER offset; - - QueryPerformanceCounter(&offset); - - return (unsigned long) (offset.QuadPart); -} -#endif /* !HAVE_HARDCLOCK && _WIN32 && !EFIX64 && !EFI32 */ - -#if !defined(HAVE_HARDCLOCK) - -#define HAVE_HARDCLOCK - -static int hardclock_init = 0; -static struct timeval tv_init; - -static unsigned long mbedtls_timing_hardclock(void) -{ - struct timeval tv_cur; - - if (hardclock_init == 0) { - gettimeofday(&tv_init, NULL); - hardclock_init = 1; - } - - gettimeofday(&tv_cur, NULL); - return (tv_cur.tv_sec - tv_init.tv_sec) * 1000000U - + (tv_cur.tv_usec - tv_init.tv_usec); -} -#endif /* !HAVE_HARDCLOCK */ - -volatile int mbedtls_timing_alarmed = 0; - -#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) - -/* It's OK to use a global because alarm() is supposed to be global anyway */ -static DWORD alarmMs; - -static void TimerProc(void *TimerContext) -{ - (void) TimerContext; - Sleep(alarmMs); - mbedtls_timing_alarmed = 1; - /* _endthread will be called implicitly on return - * That ensures execution of thread function's epilogue */ -} - -static void mbedtls_set_alarm(int seconds) -{ - if (seconds == 0) { - /* No need to create a thread for this simple case. - * Also, this shorcut is more reliable at least on MinGW32 */ - mbedtls_timing_alarmed = 1; - return; - } - - mbedtls_timing_alarmed = 0; - alarmMs = seconds * 1000; - (void) _beginthread(TimerProc, 0, NULL); -} - -#else /* _WIN32 && !EFIX64 && !EFI32 */ - -static void sighandler(int signum) -{ - mbedtls_timing_alarmed = 1; - signal(signum, sighandler); -} - -static void mbedtls_set_alarm(int seconds) -{ - mbedtls_timing_alarmed = 0; - signal(SIGALRM, sighandler); - alarm(seconds); - if (seconds == 0) { - /* alarm(0) cancelled any previous pending alarm, but the - handler won't fire, so raise the flag straight away. */ - mbedtls_timing_alarmed = 1; - } -} - -#endif /* _WIN32 && !EFIX64 && !EFI32 */ -#endif /* !MBEDTLS_TIMING_ALT */ - -static int myrand(void *rng_state, unsigned char *output, size_t len) -{ - size_t use_len; - int rnd; - - if (rng_state != NULL) { - rng_state = NULL; - } - - while (len > 0) { - use_len = len; - if (use_len > sizeof(int)) { - use_len = sizeof(int); - } - - rnd = rand(); - memcpy(output, &rnd, use_len); - output += use_len; - len -= use_len; - } - - return 0; -} - -#define CHECK_AND_CONTINUE(R) \ - { \ - int CHECK_AND_CONTINUE_ret = (R); \ - if (CHECK_AND_CONTINUE_ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED) { \ - mbedtls_printf("Feature not supported. Skipping.\n"); \ - continue; \ - } \ - else if (CHECK_AND_CONTINUE_ret != 0) { \ - mbedtls_exit(1); \ - } \ - } - -#if defined(MBEDTLS_ECP_C) -static int set_ecp_curve(const char *string, mbedtls_ecp_curve_info *curve) -{ - const mbedtls_ecp_curve_info *found = - mbedtls_ecp_curve_info_from_name(string); - if (found != NULL) { - *curve = *found; - return 1; - } else { - return 0; - } -} -#endif - -unsigned char buf[BUFSIZE]; - -typedef struct { - char md5, ripemd160, sha1, sha256, sha512, - sha3_224, sha3_256, sha3_384, sha3_512, - des3, des, - aes_cbc, aes_cfb128, aes_cfb8, aes_ctr, aes_gcm, aes_ccm, aes_xts, chachapoly, - aes_cmac, des3_cmac, - aria, camellia, chacha20, - poly1305, - ctr_drbg, hmac_drbg, - rsa, dhm, ecdsa, ecdh; -} todo_list; - - -int main(int argc, char *argv[]) -{ - int i; - unsigned char tmp[200]; - char title[TITLE_LEN]; - todo_list todo; -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - unsigned char alloc_buf[HEAP_SIZE] = { 0 }; -#endif -#if defined(MBEDTLS_ECP_C) - mbedtls_ecp_curve_info single_curve[2] = { - { MBEDTLS_ECP_DP_NONE, 0, 0, NULL }, - { MBEDTLS_ECP_DP_NONE, 0, 0, NULL }, - }; - const mbedtls_ecp_curve_info *curve_list = mbedtls_ecp_curve_list(); -#endif - -#if defined(MBEDTLS_ECP_C) - (void) curve_list; /* Unused in some configurations where no benchmark uses ECC */ -#endif - - if (argc <= 1) { - memset(&todo, 1, sizeof(todo)); - } else { - memset(&todo, 0, sizeof(todo)); - - for (i = 1; i < argc; i++) { - if (strcmp(argv[i], "md5") == 0) { - todo.md5 = 1; - } else if (strcmp(argv[i], "ripemd160") == 0) { - todo.ripemd160 = 1; - } else if (strcmp(argv[i], "sha1") == 0) { - todo.sha1 = 1; - } else if (strcmp(argv[i], "sha256") == 0) { - todo.sha256 = 1; - } else if (strcmp(argv[i], "sha512") == 0) { - todo.sha512 = 1; - } else if (strcmp(argv[i], "sha3_224") == 0) { - todo.sha3_224 = 1; - } else if (strcmp(argv[i], "sha3_256") == 0) { - todo.sha3_256 = 1; - } else if (strcmp(argv[i], "sha3_384") == 0) { - todo.sha3_384 = 1; - } else if (strcmp(argv[i], "sha3_512") == 0) { - todo.sha3_512 = 1; - } else if (strcmp(argv[i], "des3") == 0) { - todo.des3 = 1; - } else if (strcmp(argv[i], "des") == 0) { - todo.des = 1; - } else if (strcmp(argv[i], "aes_cbc") == 0) { - todo.aes_cbc = 1; - } else if (strcmp(argv[i], "aes_cfb128") == 0) { - todo.aes_cfb128 = 1; - } else if (strcmp(argv[i], "aes_cfb8") == 0) { - todo.aes_cfb8 = 1; - } else if (strcmp(argv[i], "aes_ctr") == 0) { - todo.aes_ctr = 1; - } else if (strcmp(argv[i], "aes_xts") == 0) { - todo.aes_xts = 1; - } else if (strcmp(argv[i], "aes_gcm") == 0) { - todo.aes_gcm = 1; - } else if (strcmp(argv[i], "aes_ccm") == 0) { - todo.aes_ccm = 1; - } else if (strcmp(argv[i], "chachapoly") == 0) { - todo.chachapoly = 1; - } else if (strcmp(argv[i], "aes_cmac") == 0) { - todo.aes_cmac = 1; - } else if (strcmp(argv[i], "des3_cmac") == 0) { - todo.des3_cmac = 1; - } else if (strcmp(argv[i], "aria") == 0) { - todo.aria = 1; - } else if (strcmp(argv[i], "camellia") == 0) { - todo.camellia = 1; - } else if (strcmp(argv[i], "chacha20") == 0) { - todo.chacha20 = 1; - } else if (strcmp(argv[i], "poly1305") == 0) { - todo.poly1305 = 1; - } else if (strcmp(argv[i], "ctr_drbg") == 0) { - todo.ctr_drbg = 1; - } else if (strcmp(argv[i], "hmac_drbg") == 0) { - todo.hmac_drbg = 1; - } else if (strcmp(argv[i], "rsa") == 0) { - todo.rsa = 1; - } else if (strcmp(argv[i], "dhm") == 0) { - todo.dhm = 1; - } else if (strcmp(argv[i], "ecdsa") == 0) { - todo.ecdsa = 1; - } else if (strcmp(argv[i], "ecdh") == 0) { - todo.ecdh = 1; - } -#if defined(MBEDTLS_ECP_C) - else if (set_ecp_curve(argv[i], single_curve)) { - curve_list = single_curve; - } -#endif - else { - mbedtls_printf("Unrecognized option: %s\n", argv[i]); - mbedtls_printf("Available options: " OPTIONS); - } - } - } - - mbedtls_printf("\n"); - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf)); -#endif - memset(buf, 0xAA, sizeof(buf)); - memset(tmp, 0xBB, sizeof(tmp)); - - /* Avoid "unused static function" warning in configurations without - * symmetric crypto. */ - (void) mbedtls_timing_hardclock; - -#if defined(MBEDTLS_MD5_C) - if (todo.md5) { - TIME_AND_TSC("MD5", mbedtls_md5(buf, BUFSIZE, tmp)); - } -#endif - -#if defined(MBEDTLS_RIPEMD160_C) - if (todo.ripemd160) { - TIME_AND_TSC("RIPEMD160", mbedtls_ripemd160(buf, BUFSIZE, tmp)); - } -#endif - -#if defined(MBEDTLS_SHA1_C) - if (todo.sha1) { - TIME_AND_TSC("SHA-1", mbedtls_sha1(buf, BUFSIZE, tmp)); - } -#endif - -#if defined(MBEDTLS_SHA256_C) - if (todo.sha256) { - TIME_AND_TSC("SHA-256", mbedtls_sha256(buf, BUFSIZE, tmp, 0)); - } -#endif - -#if defined(MBEDTLS_SHA512_C) - if (todo.sha512) { - TIME_AND_TSC("SHA-512", mbedtls_sha512(buf, BUFSIZE, tmp, 0)); - } -#endif -#if defined(MBEDTLS_SHA3_C) - if (todo.sha3_224) { - TIME_AND_TSC("SHA3-224", mbedtls_sha3(MBEDTLS_SHA3_224, buf, BUFSIZE, tmp, 28)); - } - if (todo.sha3_256) { - TIME_AND_TSC("SHA3-256", mbedtls_sha3(MBEDTLS_SHA3_256, buf, BUFSIZE, tmp, 32)); - } - if (todo.sha3_384) { - TIME_AND_TSC("SHA3-384", mbedtls_sha3(MBEDTLS_SHA3_384, buf, BUFSIZE, tmp, 48)); - } - if (todo.sha3_512) { - TIME_AND_TSC("SHA3-512", mbedtls_sha3(MBEDTLS_SHA3_512, buf, BUFSIZE, tmp, 64)); - } -#endif - -#if defined(MBEDTLS_DES_C) -#if defined(MBEDTLS_CIPHER_MODE_CBC) - if (todo.des3) { - mbedtls_des3_context des3; - - mbedtls_des3_init(&des3); - if (mbedtls_des3_set3key_enc(&des3, tmp) != 0) { - mbedtls_exit(1); - } - TIME_AND_TSC("3DES", - mbedtls_des3_crypt_cbc(&des3, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf)); - mbedtls_des3_free(&des3); - } - - if (todo.des) { - mbedtls_des_context des; - - mbedtls_des_init(&des); - if (mbedtls_des_setkey_enc(&des, tmp) != 0) { - mbedtls_exit(1); - } - TIME_AND_TSC("DES", - mbedtls_des_crypt_cbc(&des, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf)); - mbedtls_des_free(&des); - } - -#endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_CMAC_C) - if (todo.des3_cmac) { - unsigned char output[8]; - const mbedtls_cipher_info_t *cipher_info; - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - - cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_DES_EDE3_ECB); - - TIME_AND_TSC("3DES-CMAC", - mbedtls_cipher_cmac(cipher_info, tmp, 192, buf, - BUFSIZE, output)); - } -#endif /* MBEDTLS_CMAC_C */ -#endif /* MBEDTLS_DES_C */ - -#if defined(MBEDTLS_AES_C) -#if defined(MBEDTLS_CIPHER_MODE_CBC) - if (todo.aes_cbc) { - int keysize; - mbedtls_aes_context aes; - - mbedtls_aes_init(&aes); - for (keysize = 128; keysize <= 256; keysize += 64) { - mbedtls_snprintf(title, sizeof(title), "AES-CBC-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize)); - - TIME_AND_TSC(title, - mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_ENCRYPT, BUFSIZE, tmp, buf, buf)); - } - mbedtls_aes_free(&aes); - } -#endif -#if defined(MBEDTLS_CIPHER_MODE_CFB) - if (todo.aes_cfb128) { - int keysize; - size_t iv_off = 0; - mbedtls_aes_context aes; - - mbedtls_aes_init(&aes); - for (keysize = 128; keysize <= 256; keysize += 64) { - mbedtls_snprintf(title, sizeof(title), "AES-CFB128-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize)); - - TIME_AND_TSC(title, - mbedtls_aes_crypt_cfb128(&aes, MBEDTLS_AES_ENCRYPT, BUFSIZE, - &iv_off, tmp, buf, buf)); - } - mbedtls_aes_free(&aes); - } - if (todo.aes_cfb8) { - int keysize; - mbedtls_aes_context aes; - - mbedtls_aes_init(&aes); - for (keysize = 128; keysize <= 256; keysize += 64) { - mbedtls_snprintf(title, sizeof(title), "AES-CFB8-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize)); - - TIME_AND_TSC(title, - mbedtls_aes_crypt_cfb8(&aes, MBEDTLS_AES_ENCRYPT, BUFSIZE, tmp, buf, buf)); - } - mbedtls_aes_free(&aes); - } -#endif -#if defined(MBEDTLS_CIPHER_MODE_CTR) - if (todo.aes_ctr) { - int keysize; - mbedtls_aes_context aes; - - uint8_t stream_block[16]; - size_t nc_off; - - mbedtls_aes_init(&aes); - for (keysize = 128; keysize <= 256; keysize += 64) { - mbedtls_snprintf(title, sizeof(title), "AES-CTR-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - memset(stream_block, 0, sizeof(stream_block)); - nc_off = 0; - - CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize)); - - TIME_AND_TSC(title, mbedtls_aes_crypt_ctr(&aes, BUFSIZE, &nc_off, tmp, stream_block, - buf, buf)); - } - mbedtls_aes_free(&aes); - } -#endif -#if defined(MBEDTLS_CIPHER_MODE_XTS) - if (todo.aes_xts) { - int keysize; - mbedtls_aes_xts_context ctx; - - mbedtls_aes_xts_init(&ctx); - for (keysize = 128; keysize <= 256; keysize += 128) { - mbedtls_snprintf(title, sizeof(title), "AES-XTS-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - CHECK_AND_CONTINUE(mbedtls_aes_xts_setkey_enc(&ctx, tmp, keysize * 2)); - - TIME_AND_TSC(title, - mbedtls_aes_crypt_xts(&ctx, MBEDTLS_AES_ENCRYPT, BUFSIZE, - tmp, buf, buf)); - - mbedtls_aes_xts_free(&ctx); - } - } -#endif -#if defined(MBEDTLS_GCM_C) - if (todo.aes_gcm) { - int keysize; - mbedtls_gcm_context gcm; - - mbedtls_gcm_init(&gcm); - for (keysize = 128; keysize <= 256; keysize += 64) { - mbedtls_snprintf(title, sizeof(title), "AES-GCM-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - mbedtls_gcm_setkey(&gcm, MBEDTLS_CIPHER_ID_AES, tmp, keysize); - - TIME_AND_TSC(title, - mbedtls_gcm_crypt_and_tag(&gcm, MBEDTLS_GCM_ENCRYPT, BUFSIZE, tmp, - 12, NULL, 0, buf, buf, 16, tmp)); - - mbedtls_gcm_free(&gcm); - } - } -#endif -#if defined(MBEDTLS_CCM_C) - if (todo.aes_ccm) { - int keysize; - mbedtls_ccm_context ccm; - - mbedtls_ccm_init(&ccm); - for (keysize = 128; keysize <= 256; keysize += 64) { - mbedtls_snprintf(title, sizeof(title), "AES-CCM-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - mbedtls_ccm_setkey(&ccm, MBEDTLS_CIPHER_ID_AES, tmp, keysize); - - TIME_AND_TSC(title, - mbedtls_ccm_encrypt_and_tag(&ccm, BUFSIZE, tmp, - 12, NULL, 0, buf, buf, tmp, 16)); - - mbedtls_ccm_free(&ccm); - } - } -#endif -#if defined(MBEDTLS_CHACHAPOLY_C) - if (todo.chachapoly) { - mbedtls_chachapoly_context chachapoly; - - mbedtls_chachapoly_init(&chachapoly); - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - - mbedtls_snprintf(title, sizeof(title), "ChaCha20-Poly1305"); - - mbedtls_chachapoly_setkey(&chachapoly, tmp); - - TIME_AND_TSC(title, - mbedtls_chachapoly_encrypt_and_tag(&chachapoly, - BUFSIZE, tmp, NULL, 0, buf, buf, tmp)); - - mbedtls_chachapoly_free(&chachapoly); - } -#endif -#if defined(MBEDTLS_CMAC_C) - if (todo.aes_cmac) { - unsigned char output[16]; - const mbedtls_cipher_info_t *cipher_info; - mbedtls_cipher_type_t cipher_type; - int keysize; - - for (keysize = 128, cipher_type = MBEDTLS_CIPHER_AES_128_ECB; - keysize <= 256; - keysize += 64, cipher_type++) { - mbedtls_snprintf(title, sizeof(title), "AES-CMAC-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - - cipher_info = mbedtls_cipher_info_from_type(cipher_type); - - TIME_AND_TSC(title, - mbedtls_cipher_cmac(cipher_info, tmp, keysize, - buf, BUFSIZE, output)); - } - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - TIME_AND_TSC("AES-CMAC-PRF-128", - mbedtls_aes_cmac_prf_128(tmp, 16, buf, BUFSIZE, - output)); - } -#endif /* MBEDTLS_CMAC_C */ -#endif /* MBEDTLS_AES_C */ - -#if defined(MBEDTLS_ARIA_C) && defined(MBEDTLS_CIPHER_MODE_CBC) - if (todo.aria) { - int keysize; - mbedtls_aria_context aria; - - mbedtls_aria_init(&aria); - for (keysize = 128; keysize <= 256; keysize += 64) { - mbedtls_snprintf(title, sizeof(title), "ARIA-CBC-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - mbedtls_aria_setkey_enc(&aria, tmp, keysize); - - TIME_AND_TSC(title, - mbedtls_aria_crypt_cbc(&aria, MBEDTLS_ARIA_ENCRYPT, - BUFSIZE, tmp, buf, buf)); - } - mbedtls_aria_free(&aria); - } -#endif - -#if defined(MBEDTLS_CAMELLIA_C) && defined(MBEDTLS_CIPHER_MODE_CBC) - if (todo.camellia) { - int keysize; - mbedtls_camellia_context camellia; - - mbedtls_camellia_init(&camellia); - for (keysize = 128; keysize <= 256; keysize += 64) { - mbedtls_snprintf(title, sizeof(title), "CAMELLIA-CBC-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - mbedtls_camellia_setkey_enc(&camellia, tmp, keysize); - - TIME_AND_TSC(title, - mbedtls_camellia_crypt_cbc(&camellia, MBEDTLS_CAMELLIA_ENCRYPT, - BUFSIZE, tmp, buf, buf)); - } - mbedtls_camellia_free(&camellia); - } -#endif - -#if defined(MBEDTLS_CHACHA20_C) - if (todo.chacha20) { - TIME_AND_TSC("ChaCha20", mbedtls_chacha20_crypt(buf, buf, 0U, BUFSIZE, buf, buf)); - } -#endif - -#if defined(MBEDTLS_POLY1305_C) - if (todo.poly1305) { - TIME_AND_TSC("Poly1305", mbedtls_poly1305_mac(buf, buf, BUFSIZE, buf)); - } -#endif - -#if defined(MBEDTLS_CTR_DRBG_C) - if (todo.ctr_drbg) { - mbedtls_ctr_drbg_context ctr_drbg; - - mbedtls_ctr_drbg_init(&ctr_drbg); - if (mbedtls_ctr_drbg_seed(&ctr_drbg, myrand, NULL, NULL, 0) != 0) { - mbedtls_exit(1); - } - TIME_AND_TSC("CTR_DRBG (NOPR)", - mbedtls_ctr_drbg_random(&ctr_drbg, buf, BUFSIZE)); - mbedtls_ctr_drbg_free(&ctr_drbg); - - mbedtls_ctr_drbg_init(&ctr_drbg); - if (mbedtls_ctr_drbg_seed(&ctr_drbg, myrand, NULL, NULL, 0) != 0) { - mbedtls_exit(1); - } - mbedtls_ctr_drbg_set_prediction_resistance(&ctr_drbg, MBEDTLS_CTR_DRBG_PR_ON); - TIME_AND_TSC("CTR_DRBG (PR)", - mbedtls_ctr_drbg_random(&ctr_drbg, buf, BUFSIZE)); - mbedtls_ctr_drbg_free(&ctr_drbg); - } -#endif - -#if defined(MBEDTLS_HMAC_DRBG_C) && \ - (defined(MBEDTLS_SHA1_C) || defined(MBEDTLS_SHA256_C)) - if (todo.hmac_drbg) { - mbedtls_hmac_drbg_context hmac_drbg; - const mbedtls_md_info_t *md_info; - - mbedtls_hmac_drbg_init(&hmac_drbg); - -#if defined(MBEDTLS_SHA1_C) - if ((md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1)) == NULL) { - mbedtls_exit(1); - } - - if (mbedtls_hmac_drbg_seed(&hmac_drbg, md_info, myrand, NULL, NULL, 0) != 0) { - mbedtls_exit(1); - } - TIME_AND_TSC("HMAC_DRBG SHA-1 (NOPR)", - mbedtls_hmac_drbg_random(&hmac_drbg, buf, BUFSIZE)); - - if (mbedtls_hmac_drbg_seed(&hmac_drbg, md_info, myrand, NULL, NULL, 0) != 0) { - mbedtls_exit(1); - } - mbedtls_hmac_drbg_set_prediction_resistance(&hmac_drbg, - MBEDTLS_HMAC_DRBG_PR_ON); - TIME_AND_TSC("HMAC_DRBG SHA-1 (PR)", - mbedtls_hmac_drbg_random(&hmac_drbg, buf, BUFSIZE)); -#endif - -#if defined(MBEDTLS_SHA256_C) - if ((md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256)) == NULL) { - mbedtls_exit(1); - } - - if (mbedtls_hmac_drbg_seed(&hmac_drbg, md_info, myrand, NULL, NULL, 0) != 0) { - mbedtls_exit(1); - } - TIME_AND_TSC("HMAC_DRBG SHA-256 (NOPR)", - mbedtls_hmac_drbg_random(&hmac_drbg, buf, BUFSIZE)); - - if (mbedtls_hmac_drbg_seed(&hmac_drbg, md_info, myrand, NULL, NULL, 0) != 0) { - mbedtls_exit(1); - } - mbedtls_hmac_drbg_set_prediction_resistance(&hmac_drbg, - MBEDTLS_HMAC_DRBG_PR_ON); - TIME_AND_TSC("HMAC_DRBG SHA-256 (PR)", - mbedtls_hmac_drbg_random(&hmac_drbg, buf, BUFSIZE)); -#endif - mbedtls_hmac_drbg_free(&hmac_drbg); - } -#endif /* MBEDTLS_HMAC_DRBG_C && ( MBEDTLS_SHA1_C || MBEDTLS_SHA256_C ) */ - -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) - if (todo.rsa) { - int keysize; - mbedtls_rsa_context rsa; - - for (keysize = 2048; keysize <= 4096; keysize += 1024) { - mbedtls_snprintf(title, sizeof(title), "RSA-%d", keysize); - - mbedtls_rsa_init(&rsa); - mbedtls_rsa_gen_key(&rsa, myrand, NULL, keysize, 65537); - - TIME_PUBLIC(title, " public", - buf[0] = 0; - ret = mbedtls_rsa_public(&rsa, buf, buf)); - - TIME_PUBLIC(title, "private", - buf[0] = 0; - ret = mbedtls_rsa_private(&rsa, myrand, NULL, buf, buf)); - - mbedtls_rsa_free(&rsa); - } - } -#endif - -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_BIGNUM_C) - if (todo.dhm) { - int dhm_sizes[] = { 2048, 3072 }; - static const unsigned char dhm_P_2048[] = - MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN; - static const unsigned char dhm_P_3072[] = - MBEDTLS_DHM_RFC3526_MODP_3072_P_BIN; - static const unsigned char dhm_G_2048[] = - MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN; - static const unsigned char dhm_G_3072[] = - MBEDTLS_DHM_RFC3526_MODP_3072_G_BIN; - - const unsigned char *dhm_P[] = { dhm_P_2048, dhm_P_3072 }; - const size_t dhm_P_size[] = { sizeof(dhm_P_2048), - sizeof(dhm_P_3072) }; - - const unsigned char *dhm_G[] = { dhm_G_2048, dhm_G_3072 }; - const size_t dhm_G_size[] = { sizeof(dhm_G_2048), - sizeof(dhm_G_3072) }; - - mbedtls_dhm_context dhm; - size_t olen; - size_t n; - mbedtls_mpi P, G; - mbedtls_mpi_init(&P); mbedtls_mpi_init(&G); - - for (i = 0; (size_t) i < sizeof(dhm_sizes) / sizeof(dhm_sizes[0]); i++) { - mbedtls_dhm_init(&dhm); - - if (mbedtls_mpi_read_binary(&P, dhm_P[i], - dhm_P_size[i]) != 0 || - mbedtls_mpi_read_binary(&G, dhm_G[i], - dhm_G_size[i]) != 0 || - mbedtls_dhm_set_group(&dhm, &P, &G) != 0) { - mbedtls_exit(1); - } - - n = mbedtls_dhm_get_len(&dhm); - mbedtls_dhm_make_public(&dhm, (int) n, buf, n, myrand, NULL); - - if (mbedtls_dhm_read_public(&dhm, buf, n) != 0) { - mbedtls_exit(1); - } - - mbedtls_snprintf(title, sizeof(title), "DHE-%d", dhm_sizes[i]); - TIME_PUBLIC(title, "handshake", - ret |= mbedtls_dhm_make_public(&dhm, (int) n, buf, n, - myrand, NULL); - ret |= - mbedtls_dhm_calc_secret(&dhm, buf, sizeof(buf), &olen, myrand, NULL)); - - mbedtls_snprintf(title, sizeof(title), "DH-%d", dhm_sizes[i]); - TIME_PUBLIC(title, "handshake", - ret |= - mbedtls_dhm_calc_secret(&dhm, buf, sizeof(buf), &olen, myrand, NULL)); - - mbedtls_dhm_free(&dhm); - mbedtls_mpi_free(&P), mbedtls_mpi_free(&G); - } - } -#endif - -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA256_C) - if (todo.ecdsa) { - mbedtls_ecdsa_context ecdsa; - const mbedtls_ecp_curve_info *curve_info; - size_t sig_len; - - memset(buf, 0x2A, sizeof(buf)); - - for (curve_info = curve_list; - curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++) { - if (!mbedtls_ecdsa_can_do(curve_info->grp_id)) { - continue; - } - - mbedtls_ecdsa_init(&ecdsa); - - if (mbedtls_ecdsa_genkey(&ecdsa, curve_info->grp_id, myrand, NULL) != 0) { - mbedtls_exit(1); - } - - mbedtls_snprintf(title, sizeof(title), "ECDSA-%s", - curve_info->name); - TIME_PUBLIC(title, - "sign", - ret = - mbedtls_ecdsa_write_signature(&ecdsa, MBEDTLS_MD_SHA256, buf, - curve_info->bit_size, - tmp, sizeof(tmp), &sig_len, myrand, - NULL)); - - mbedtls_ecdsa_free(&ecdsa); - } - - for (curve_info = curve_list; - curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++) { - if (!mbedtls_ecdsa_can_do(curve_info->grp_id)) { - continue; - } - - mbedtls_ecdsa_init(&ecdsa); - - if (mbedtls_ecdsa_genkey(&ecdsa, curve_info->grp_id, myrand, NULL) != 0 || - mbedtls_ecdsa_write_signature(&ecdsa, MBEDTLS_MD_SHA256, buf, curve_info->bit_size, - tmp, sizeof(tmp), &sig_len, myrand, NULL) != 0) { - mbedtls_exit(1); - } - - mbedtls_snprintf(title, sizeof(title), "ECDSA-%s", - curve_info->name); - TIME_PUBLIC(title, "verify", - ret = mbedtls_ecdsa_read_signature(&ecdsa, buf, curve_info->bit_size, - tmp, sig_len)); - - mbedtls_ecdsa_free(&ecdsa); - } - } -#endif - -#if defined(MBEDTLS_ECDH_C) - if (todo.ecdh) { - mbedtls_ecdh_context ecdh_srv, ecdh_cli; - unsigned char buf_srv[BUFSIZE], buf_cli[BUFSIZE]; - const mbedtls_ecp_curve_info *curve_info; - size_t params_len, publen, seclen; - - for (curve_info = curve_list; - curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++) { - if (!mbedtls_ecdh_can_do(curve_info->grp_id)) { - continue; - } - - mbedtls_ecdh_init(&ecdh_srv); - - CHECK_AND_CONTINUE(mbedtls_ecdh_setup(&ecdh_srv, curve_info->grp_id)); - CHECK_AND_CONTINUE(mbedtls_ecdh_make_params(&ecdh_srv, ¶ms_len, buf_srv, - sizeof(buf_srv), myrand, NULL)); - - mbedtls_snprintf(title, sizeof(title), "ECDHE-%s", curve_info->name); - TIME_PUBLIC(title, - "ephemeral handshake", - const unsigned char *p_srv = buf_srv; - mbedtls_ecdh_init(&ecdh_cli); - - CHECK_AND_CONTINUE(mbedtls_ecdh_read_params(&ecdh_cli, &p_srv, - p_srv + params_len)); - CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh_cli, &publen, buf_cli, - sizeof(buf_cli), myrand, NULL)); - - CHECK_AND_CONTINUE(mbedtls_ecdh_calc_secret(&ecdh_cli, &seclen, buf_cli, - sizeof(buf_cli), myrand, NULL)); - mbedtls_ecdh_free(&ecdh_cli); - ); - - mbedtls_ecdh_free(&ecdh_srv); - } - - for (curve_info = curve_list; - curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++) { - if (!mbedtls_ecdh_can_do(curve_info->grp_id)) { - continue; - } - - mbedtls_ecdh_init(&ecdh_srv); - mbedtls_ecdh_init(&ecdh_cli); - - CHECK_AND_CONTINUE(mbedtls_ecdh_setup(&ecdh_srv, curve_info->grp_id)); - CHECK_AND_CONTINUE(mbedtls_ecdh_make_params(&ecdh_srv, ¶ms_len, buf_srv, - sizeof(buf_srv), myrand, NULL)); - - const unsigned char *p_srv = buf_srv; - CHECK_AND_CONTINUE(mbedtls_ecdh_read_params(&ecdh_cli, &p_srv, - p_srv + params_len)); - CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh_cli, &publen, buf_cli, - sizeof(buf_cli), myrand, NULL)); - - - mbedtls_snprintf(title, sizeof(title), "ECDH-%s", curve_info->name); - TIME_PUBLIC(title, - "static handshake", - CHECK_AND_CONTINUE(mbedtls_ecdh_calc_secret(&ecdh_cli, &seclen, buf_cli, - sizeof(buf_cli), myrand, NULL)); - ); - - mbedtls_ecdh_free(&ecdh_cli); - mbedtls_ecdh_free(&ecdh_srv); - } - } -#endif - - mbedtls_printf("\n"); - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - mbedtls_memory_buffer_alloc_free(); -#endif - - mbedtls_exit(0); -} - -#endif /* MBEDTLS_HAVE_TIME */ From f8244d49b074f19f3007862722f0c47b1b352ab4 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 19 Feb 2025 10:35:41 +0100 Subject: [PATCH 21/23] programs: update .gitignore Remove entry for benchmark program since it was moved to the tf-psa-crypto repo. Signed-off-by: Valerio Setti --- programs/.gitignore | 1 - 1 file changed, 1 deletion(-) diff --git a/programs/.gitignore b/programs/.gitignore index c3e61c16bd..939e405952 100644 --- a/programs/.gitignore +++ b/programs/.gitignore @@ -46,7 +46,6 @@ ssl/ssl_mail_client ssl/ssl_pthread_server ssl/ssl_server ssl/ssl_server2 -test/benchmark test/cpp_dummy_build test/cpp_dummy_build.cpp test/dlopen From 69d078157655691de1aa5798cc8333a9231d1446 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 19 Feb 2025 11:07:44 +0100 Subject: [PATCH 22/23] scripts: move ecc-heap.sh to tf-psa-crypto Since benchmark programs was moved to tf-psa-crypto, this script should be moved as well. Signed-off-by: Valerio Setti --- scripts/ecc-heap.sh | 87 --------------------------------------------- 1 file changed, 87 deletions(-) delete mode 100755 scripts/ecc-heap.sh diff --git a/scripts/ecc-heap.sh b/scripts/ecc-heap.sh deleted file mode 100755 index 3eb2ff4492..0000000000 --- a/scripts/ecc-heap.sh +++ /dev/null @@ -1,87 +0,0 @@ -#!/bin/sh - -# Measure heap usage (and performance) of ECC operations with various values of -# the relevant tunable compile-time parameters. -# -# Usage (preferably on a 32-bit platform): -# cmake -D CMAKE_BUILD_TYPE=Release . -# scripts/ecc-heap.sh | tee ecc-heap.log -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -set -eu - -CONFIG_H='include/mbedtls/mbedtls_config.h' - -if [ -r $CONFIG_H ]; then :; else - echo "$CONFIG_H not found" >&2 - exit 1 -fi - -if grep -i cmake Makefile >/dev/null; then :; else - echo "Needs Cmake" >&2 - exit 1 -fi - -if git status | grep -F $CONFIG_H >/dev/null 2>&1; then - echo "mbedtls_config.h not clean" >&2 - exit 1 -fi - -CONFIG_BAK=${CONFIG_H}.bak -cp $CONFIG_H $CONFIG_BAK - -cat << EOF >$CONFIG_H -#define MBEDTLS_PLATFORM_C -#define MBEDTLS_PLATFORM_MEMORY -#define MBEDTLS_MEMORY_BUFFER_ALLOC_C -#define MBEDTLS_MEMORY_DEBUG - -#define MBEDTLS_TIMING_C - -#define MBEDTLS_BIGNUM_C -#define MBEDTLS_ECP_C -#define MBEDTLS_ASN1_PARSE_C -#define MBEDTLS_ASN1_WRITE_C -#define MBEDTLS_ECDSA_C -#define MBEDTLS_SHA256_C // ECDSA benchmark needs it -#define MBEDTLS_SHA224_C // SHA256 requires this for now -#define MBEDTLS_ECDH_C - -// NIST curves >= 256 bits -#define MBEDTLS_ECP_DP_SECP256R1_ENABLED -#define MBEDTLS_ECP_DP_SECP384R1_ENABLED -#define MBEDTLS_ECP_DP_SECP521R1_ENABLED -// SECP "koblitz-like" curve >= 256 bits -#define MBEDTLS_ECP_DP_SECP256K1_ENABLED -// Brainpool curves (no specialised "mod p" routine) -#define MBEDTLS_ECP_DP_BP256R1_ENABLED -#define MBEDTLS_ECP_DP_BP384R1_ENABLED -#define MBEDTLS_ECP_DP_BP512R1_ENABLED -// Montgomery curves -#define MBEDTLS_ECP_DP_CURVE25519_ENABLED -#define MBEDTLS_ECP_DP_CURVE448_ENABLED - -#define MBEDTLS_HAVE_ASM // just make things a bit faster -#define MBEDTLS_ECP_NIST_OPTIM // faster and less allocations - -//#define MBEDTLS_ECP_WINDOW_SIZE 4 -//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 -EOF - -for F in 0 1; do - for W in 2 3 4; do - scripts/config.py set MBEDTLS_ECP_WINDOW_SIZE $W - scripts/config.py set MBEDTLS_ECP_FIXED_POINT_OPTIM $F - make benchmark >/dev/null 2>&1 - echo "fixed point optim = $F, max window size = $W" - echo "--------------------------------------------" - programs/test/benchmark ecdh ecdsa - done -done - -# cleanup - -mv $CONFIG_BAK $CONFIG_H -make clean From aa380c4a829d051eb840b15ab88aff9f9362ad57 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 21 Feb 2025 11:31:33 +0100 Subject: [PATCH 23/23] tf-psa-crypto: update reference Signed-off-by: Valerio Setti --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 67212566e9..2cfed8e711 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 67212566e95c936f8375eb634c249dd71dea582d +Subproject commit 2cfed8e711554ffc9432209caa62244938a7da7b