diff --git a/components/mbedtls/port/esp32/esp_bignum.c b/components/mbedtls/port/esp32/esp_bignum.c index 5e6fc90f3..3af4a4591 100644 --- a/components/mbedtls/port/esp32/esp_bignum.c +++ b/components/mbedtls/port/esp32/esp_bignum.c @@ -564,6 +564,9 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi return ret; } + /* Grow Z to result size early, avoid interim allocations */ + MBEDTLS_MPI_CHK( mbedtls_mpi_grow(Z, z_words) ); + /* If either factor is over 2048 bits, we can't use the standard hardware multiplier (it assumes result is double longest factor, and result is max 4096 bits.) @@ -608,8 +611,6 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi start_op(RSA_MULT_START_REG); - MBEDTLS_MPI_CHK( mbedtls_mpi_grow(Z, z_words) ); - wait_op_complete(RSA_MULT_START_REG); /* Read back the result */ @@ -716,9 +717,6 @@ static int mpi_mult_mpi_overlong(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbe }; mbedtls_mpi_init(&Ztemp); - /* Grow Z to result size early, avoid interim allocations */ - mbedtls_mpi_grow(Z, z_words); - /* Get result Ztemp = Yp * X (need temporary variable Ztemp) */ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi(&Ztemp, X, &Yp) ); diff --git a/components/mbedtls/port/esp32s2beta/esp_bignum.c b/components/mbedtls/port/esp32s2beta/esp_bignum.c index af9aec8cd..cfaa93884 100644 --- a/components/mbedtls/port/esp32s2beta/esp_bignum.c +++ b/components/mbedtls/port/esp32s2beta/esp_bignum.c @@ -449,6 +449,7 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi return mpi_mult_mpi_failover_mod_mult(Z, X, Y, z_words); } else { /* Still too long for the hardware unit... */ + mbedtls_mpi_grow(Z, z_words); if(y_words > x_words) { return mpi_mult_mpi_overlong(Z, X, Y, y_words, z_words); } else { @@ -573,9 +574,6 @@ static int mpi_mult_mpi_overlong(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbe }; mbedtls_mpi_init(&Ztemp); - /* Grow Z to result size early, avoid interim allocations */ - mbedtls_mpi_grow(Z, z_words); - /* Get result Ztemp = Yp * X (need temporary variable Ztemp) */ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi(&Ztemp, X, &Yp) ); diff --git a/components/mbedtls/test/test_mbedtls_mpi.c b/components/mbedtls/test/test_mbedtls_mpi.c index d30faf3e5..d3f758d66 100644 --- a/components/mbedtls/test/test_mbedtls_mpi.c +++ b/components/mbedtls/test/test_mbedtls_mpi.c @@ -18,7 +18,7 @@ */ void mbedtls_mpi_printf(const char *name, const mbedtls_mpi *X) { - static char buf[1024]; + static char buf[2048]; size_t n; memset(buf, 0, sizeof(buf)); mbedtls_mpi_write_string(X, 16, buf, sizeof(buf)-1, &n); @@ -29,11 +29,15 @@ void mbedtls_mpi_printf(const char *name, const mbedtls_mpi *X) } } -/* Assert E = A * B */ -static void test_bignum_mult(const char *a_str, const char *b_str, const char *e_str, size_t mod_bits) +/* + Assert E == X, X=A*B if res_operands_overlap==0 + Assert E == A, A=A*B if res_operands_overlap==1 + Assert E == B, B=A*B if res_operands_overlap==2 +*/ +static void test_bignum_mult_variant(const char *a_str, const char *b_str, const char *e_str, size_t mod_bits, int res_operands_overlap) { mbedtls_mpi A, B, X, E, M; - char x_buf[1024] = { 0 }; + char x_buf[2048] = {0}; size_t x_buf_len = 0; mbedtls_mpi_init(&A); @@ -44,9 +48,17 @@ static void test_bignum_mult(const char *a_str, const char *b_str, const char *e TEST_ASSERT_FALSE(mbedtls_mpi_read_string(&A, 16, a_str)); TEST_ASSERT_FALSE(mbedtls_mpi_read_string(&B, 16, b_str)); - /* E = A * B */ + /* calulate X = A * B variant */ TEST_ASSERT_FALSE(mbedtls_mpi_read_string(&E, 16, e_str)); - TEST_ASSERT_FALSE(mbedtls_mpi_mul_mpi(&X, &A, &B)); + if (res_operands_overlap == 0) { + TEST_ASSERT_FALSE(mbedtls_mpi_mul_mpi(&X, &A, &B)); + } else if (res_operands_overlap == 1) { + mbedtls_mpi_copy( &X, &A ); + TEST_ASSERT_FALSE(mbedtls_mpi_mul_mpi(&X, &X, &B)); + } else if (res_operands_overlap == 2) { + mbedtls_mpi_copy( &X, &B ); + TEST_ASSERT_FALSE(mbedtls_mpi_mul_mpi(&X, &A, &X)); + } mbedtls_mpi_write_string(&X, 16, x_buf, sizeof(x_buf)-1, &x_buf_len); TEST_ASSERT_EQUAL_STRING_MESSAGE(e_str, x_buf, "mbedtls_mpi_mul_mpi result wrong"); @@ -73,6 +85,15 @@ static void test_bignum_mult(const char *a_str, const char *b_str, const char *e mbedtls_mpi_free(&E); } +/* Assert E = A * B, including 3 variants: X=A*B A*=B, B*=A */ +static void test_bignum_mult(const char *a_str, const char *b_str, const char *e_str, size_t mod_bits) +{ + for (int overlap_operands=0; overlap_operands < 3; ++overlap_operands) { + test_bignum_mult_variant(a_str, b_str, e_str, mod_bits, overlap_operands); + } +} + + TEST_CASE("test MPI multiplication", "[bignum]") { /* Run some trivial numbers tests w/ various high modulo bit counts, @@ -115,6 +136,13 @@ TEST_CASE("test MPI multiplication", "[bignum]") "390587293875124938ABBECD0EEEEE3333333333333333333333333333333399999888000AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBB00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000EDFABC0204048975876873487387478327482374871327482347328742837483247283748234723874238478327400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003012111111111111111100000000000000000000000111111111111111111111111", "02603AF70D0421C1AD82CE623F28F70B128118D06D00C27D433EC25BA86E6105C3890A0B1973B8BE068CA68E159A21078785DDB37F94216FBF4AEC939958AF4B8CEA2A48895CECA87562FC846EAAE0C866AF9D41EEABFB1D579F5828E9666A15E2AF946F16A189B5C645872FDCA247D309AB0BCAFB0D112881186FCFFEDC87061B4AE4A375E9BBCF579A7BC87A8EAC8C6F66E107986FC603F920F5E1A0FD8C619D88D90066FFFC8F4DB77437EBD7E3BD7E398C4C01F93426E347E039DCA7B0A73C0C90A9C4271BB761ADFF88971D190CE5DA98EFC5D7390D33BC034908AF81D784A4D7F32D0902E0C5DABC706635D5A28FC0E3A364EDEB21E8E117041D0E4B51CA6F9684F434057E7FCF2AF6BD050334B1D11E043B0967154E57354B681161D3C618974D5A7E0385755B80B931AE9B59DD4402BAEC206F04B8440741B3C4CA6D9F7DAF0AE6B3BF1B24B76C2F12B9E9A7C50D32E2093608FC9A30CBD852329E64A9AE0BC3F513899EBFA28629C1DF38081FB8C6630408F70D7B9A37701ABA4176C8B7DCB8CC78BD7783B861A7FC50862E75191DB8", 4096); + + /* multiply two very large numbers (4080 bits x 4088 bits) with and without overlapping multipliers/multiplicant */ + test_bignum_mult("B96BF707C8CD3CA5AE8247C5CA2AF98140EFAE60179BE3F5BEAD7DA3C6D17404C529239DD1EFE6CADAE1AAFB4FE936B0107839C28A7861E4364EB093CB4698E4BBF6BD8BEF85D9B35781D14AEE1BE86E57B49DF98896CF037CCBD8C622603D84891FD6AC48BE4728E564E64FB715C149C243BAA289569D0FF2E0C9E183D38C8A669CEFF542737E35F3E484D39FF7A3727EF8DB733DAB3E359E1456C0AE33C358EFEC8079EDDD5D58E09B37744EE1DBDF567742CFC0CE98BCC9AD90242ECCF7F6FA696C8C1B32A4D7285C56AB3658DB1AD89A7331F69DEFE212DE8EEEE5B377EC7A4112A27A0FD02EFABB9D3025F6563B65DC214A38A6E7BF8C78B6A3D2A8BA12D75BFBF26ACA655EF13A145AC18D2A6C9B535AAF8290314A2512451B3BD6DA19C42F1FD1B958E1F49303EDEC0392A8CD8450FBC177B26FD2D6CC23F051655565B42FEDE9685A9E708CFC8EA766B94D7B9B627BFA98945BB8EF88E9E7FB696BC4729240F1C25F7085E8C8A9DE2241BBC388FFC65E0058B4327D554FD2D8AA872614052C38BE177F9EC0E705DFDD5F82DD5ED49DAF3582CA64E7F14CE97FD6F25B53FD888D1593450EDC5E79A947F18D0917E01F66ACE99FF4A249C14957A9860B839CEE5096F78FE02C7610E558FC0FCA803A6EF0FBA64AB94893E61080BC5D2AC5DA548E9E0D8E2B63BAB6B82247DF22007D925711E0FE45EB14B92665B6", + "C15B96BF707C8CD3CA5AE8247C5CA2AF98140EFAE60179BE3F5BEAD7DA3C6D17404C529239DD1EFE6CADAE1AAFB4FE936B0107839C28A7861E4364EB093CB4698E4BBF6BD8BEF85D9B35781D14AEE1BE86E57B49DF98896CF037CCBD8C622603D84891FD6AC48BE4728E564E64FB715C149C243BAA289569D0FF2E0C9E183D38C8A669CEFF542737E35F3E484D39FF7A3727EF8DB733DAB3E359E1456C0AE33C358EFEC8079EDDD5D58E09B37744EE1DBDF567742CFC0CE98BCC9AD90242ECCF7F6FA696C8C1B32A4D7285C56AB3658DB1AD89A7331F69DEFE212DE8EEEE5B377EC7A4112A27A0FD02EFABB9D3025F6563B65DC214A38A6E7BF8C78B6A3D2A8BA12D75BFBF26ACA655EF13A145AC18D2A6C9B535AAF8290314A2512451B3BD6DA19C42F1FD1B958E1F49303EDEC0392A8CD8450FBC177B26FD2D6CC23F051655565B42FEDE9685A9E708CFC8EA766B94D7B9B627BFA98945BB8EF88E9E7FB696BC4729240F1C25F7085E8C8A9DE2241BBC388FFC65E0058B4327D554FD2D8AA872614052C38BE177F9EC0E705DFDD5F82DD5ED49DAF3582CA64E7F14CE97FD6F25B53FD888D1593450EDC5E79A947F18D0917E01F66ACE99FF4A249C14957A9860B839CEE5096F78FE02C7610E558FC0FCA803A6EF0FBA64AB94893E61080BC5D2AC5DA548E9E0D8E2B63BAB6B82247DF22007D925711E0FE45EB14B92665B6", + "08C0CBBCD99EC6C840B63887B07378C45DF268C118061B2AFFD9D0C854EE0F7DE5F548FF5BA7F155CCA81EF086F9760FCD86722167AC88E504723CB19A772D9EFF4EC75DD29F6187D34535B2A801C82DF9B1D0F08B64373A5AE5BD31346EE06EDB032B0A306A871E4FDB576F3E8D8F32ED4E054D9292719E77A1C5500FBEC23C59F5CC49A4E0B49D15F92D426FEF36376CB674AACDABF68A731746CA74440C71534D30CBF0252DE4EC38EA53E5821C9868F636239923C460CB813C4F05DD5EC36987A390FDBB7EE345F9D2687D1EF9A26A1FF84BF38049E995E1A5F2D5318A7BEFC9AA15528F7A2253299D30718459CF7958694AA58D91CA28F22718D07105C3FBFA4FEA970A810DD52BFC6AB4D44E3253347A3C5F42C1E723588343B210581F3B8A97C616A26C9C99C1376E169B8C8ED5DE6FA2272D24FB05BA6351B687A27C5CA1CF3FC1BA2BF06DD7598DED3F89080A2AB6DD694000698A7488274396E55EA78104584A5A0523C4744D018DCBFD3E411DA8CA679199FE818C59E08B126356028E3B6AAEA61ACE679D6EF2587CCAE513AB99EB161A405A8AA6FB36BB308BB7CBC21E2117B7CE4B4D1A1FE7EE0386DD229220BFD892A293FD7B8F6617743612736CC2F6200C736FD49C6A4AC9565E4B4EFD841C5FC3F6883621FD4319A11319EF462B549A12DA699612F2E8CE08525559C3487AAD57DFDBF1CAB847174C2FF8BA8D5232E33E5D8F60E5BE4CD8BE5857A860B615EFCFFF38DC0EE6A40F725D5275892419D3915EDB534166AC402B5849EB16AF1E8ADA68EF8C2E6AC8BE254DAEDAC135DA0ECA0E5A3CCF5332CFAB4C2249A92EF96A7DD6F69B4B0F9379CDA164FB1CB1934F27F42C0CEF9AFBA6A0B1716A4A1092E6CC7081AC74503A22F3C2071BB4D3A6842772C02CE78BD1FB4E0D39EB19E2425D3DC77777A8E8254F86A69950C75C1D8CF98C512ECEAF2FF15DC8A6D373A20045F63166BFDB8899C6095D91FC282D49DB9154E74DC64C41A98EFABDB207FF31A88718FF5410EA5A15E76F9591E5BE3B26035FD8567117588D9B94708B98FD764529B43B09EC6A2CDF79E2C05D3A799484516369795E103C7FCB78F1B1CADA47C3092695220FF2DB05136A9401897DE182EDB89022E4E7419B43172808C0A9F3ED80A8DF0A9E5F8E59E57994053050E709E63A4809AAECC3DEABDF5E2B9ED3F8FDA6297811A666E81BB0914B1F9D5D558EE40DBD89BE8B9D7F58575CE66C5A5EC2939463D1CECDD760B2C0584535FEEB2125CB675A1AB09CEDC81F27FA6830423B1F8D426E361EB1B9AD203C33176ACAB28C618714E068DA294C9338EF92FF4ED9F67F438E33E53797C1C31F8FF8D5466887E5610EA41C0CABC07ED90894BA73ECF84F5F3C5443EFAC61F9826C54D176D482CB5174D08A7EA3C3933FEE4986DB38A1EEC08D3366711D64", + 0); + } static bool test_bignum_modexp(const char *z_str, const char *x_str, const char *y_str, const char *m_str, int ret_error) diff --git a/components/mbedtls/test/test_rsa.c b/components/mbedtls/test/test_rsa.c index f1185160b..c10df5088 100644 --- a/components/mbedtls/test/test_rsa.c +++ b/components/mbedtls/test/test_rsa.c @@ -19,6 +19,8 @@ #include "sdkconfig.h" #include "test_utils.h" +#define PRINT_DEBUG_INFO + /* Taken from openssl s_client -connect api.gigafive.com:443 -showcerts */ static const char *rsa4096_cert = "-----BEGIN CERTIFICATE-----\n"\ @@ -182,10 +184,18 @@ static const uint8_t pki_rsa2048_output[] = { 0xf9, 0xe9, 0x50, 0x29, 0x5d, 0x4f, 0xcc, 0xc9, }; +#ifdef CONFIG_MBEDTLS_HARDWARE_MPI +/* Pregenerated RSA 4096 size keys using openssl */ +static const char privkey_buf[] = "-----BEGIN RSA PRIVATE KEY-----\n" + "MIIJKAIBAAKCAgEA1blr9wfIzTylroJHxcoq+YFA765gF5vj9b6tfaPG0XQExSkjndHv5sra4ar7T+k2sBB4OcKKeGHkNk6wk8tGmOS79r2L74XZs1eB0UruG+huV7Sd+YiWzwN8y9jGImA9hIkf1qxIvkco5WTmT7cVwUnCQ7qiiVadD/LgyeGD04yKZpzv9UJzfjXz5ITTn/ejcn7423M9qz41nhRWwK4zw1jv7IB57d1dWOCbN3RO4dvfVndCz8DOmLzJrZAkLsz39vppbIwbMqTXKFxWqzZY2xrYmnMx9p3v4hLeju7ls3fsekESonoP0C76u50wJfZWO2XcIUo4pue/jHi2o9KouhLXW/vyasplXvE6FFrBjSpsm1Nar4KQMUolEkUbO9baGcQvH9G5WOH0kwPt7AOSqM2EUPvBd7Jv0tbMI/BRZVVltC/t6WhannCM/I6nZrlNe5tie/qYlFu474jp5/tpa8RykkDxwl9whejIqd4iQbvDiP/GXgBYtDJ9VU/S2KqHJhQFLDi+F3+ewOcF391fgt1e1J2vNYLKZOfxTOl/1vJbU/2IjRWTRQ7cXnmpR/GNCRfgH2as6Z/0oknBSVephguDnO5QlveP4Cx2EOVY/A/KgDpu8PumSrlIk+YQgLxdKsXaVI6eDY4rY7q2uCJH3yIAfZJXEeD+ResUuSZltvECAwEAAQKCAgBwR89+oipOGHR6b5tBP+q/1bXFtXhqLs3eBuSiQu5qj2cKJYi+mtJMD3paYDdTThQa/ywKPDf+8n6wQTrnCj32iQRupjnkBg/O9kQPLixVoRCHJy5vL+D6tLxVY3cEDEeFX3zIjQ5SWJQVn6KXcnoNZ7CVYHGPcV9mR5TsuntFImp7aituUBDY14NgJKABRFosBqS6tZpKYo5MlCbXZy1ujUTOnNhxrIAj9yvUQFhIs/hrNpB1ELf46gWSF03LAIesyvWjvx9yxcL7QzeNDyozQbFVwvsWsvaZcIxXzw4B8RjdSV5+2V2BY4z6D6SB7R50ahjxrEqC9PFe3PQmsL9OvFjV9idYwFOhxiWXGjIm3wwFFLOj3e0TShscj2Iw+Ghd3wApvSdBZxzdjap1NHC+Q6yYU+BnivxUHcopVPPM3rsLndyRC6zfrQw/OkOlAP3bNL1hRedPRmRDOz0V1ihEpgC1VfXx6XOu4eg8xWiJgWX+BGvT5GWjfQg2hB1Jm344r3l0eLhr25dO80GIac2QGT2+WmYkXcsQ3AiqAn2VF8UB5mU+Iyh96jmSFVVltGZgfp98yFYN63/7wB++lhVQmJZwbglutng1qjQBFslIULddIHiYvF+AVvkrO3Hc2zg8rT91tbE13k06A1zlNGcQuQKLax8e+2/BNjsZU2E4uQKCAQEA7L4obKWYRHgG6j1VEDRrQU8Vkm4L11B+ZD/rsEh3q7LbzViOPv+1dZ40jX2qYScWyaefI46bukJlk/mlNv4Dh3EnSFvHPCInDM3oImCYImwUx0hkbSRyRNwlwRwx81LJzIR84cCqpNWrXXcplomUSM62ea1E1vtNSZs9Bg2OLoWvFOTPgk/xDi6ezdb6JFiId6cARup/bmZ363mg8jCq0wpTLVdUGrezfMj4GpB1uQET5xqXleumQu/04cHPOfXwpV0ikIOId/ldY/PetiRd86B32aB2Xd4fHUpxHMY+63MFmL6SsqMQJMPubv+eIrOId4HhT+nXNFBZXolT5XG5NwKCAQEA5xvvccHNyCTL0AebxD6EihWnp0/Dd0DwXWxZw0Yhhc9xa/W/QtygB6kPb35oKGvCKdm4dWCIGln03dU5D6CMNkJlbkxpo8gybz34SJ/6OvU836rBLHZXE3Xiqbe5XkdMdarA7kTEhEUqekDXPxhws9dWh0YjtAnBPpm1GQppiykI2edkiIhRgju5ghe+/UjAjxrEgCKZeAODh46hwZHERRKQN2MFUOFcOVDq+2wTJem9r3h1uBQAiZn8PDyx0rlRkwH2dZSSauVW+I713N0JGucOV7FeMO0ebioqqckh0i91ZJNH//Io8Sp8WuBsU/vcP9jT+5BDkCbc71BRO/AFFwKCAQBj4a6oeA0QBhvUw9+ZoKQHv9f4GZnBU+KfZSCJFWn39NQrhMsu5S+n2gGOGJDDwHwqxB+uHsKxCMZWciM0WmMex6ytKJucUURscIsZxespyrPRiEdmjNPxHXiISt8AK9OcB+GwVVsphERygI35Rz5aoWv3VhUPJqNrBKXwYdO06Q3/ILIz5oprU1wIuER9BSU+ZiUFxnXRHEZIAN7Yj5Piyh5hqNCBHTQK17dlbcFdNokxHdUKmYth/l8wyFYnvA21lt+4XOY8x+aQ/xjde+ZvnSozlTGbVNWHxBqI61MsfzDDStQVrhpniIqWJh6PwXM4CIII9z2mgqfR7NqKmTptAoIBAQDTYQOigmZbFvyrayoXVi8XtTLAnv3jByxR5pY7OtvSbagJ3J1w5CYim4iYq39M6TKP4KkMApy5rWl/tFQabPeRcS0gsxc0TBmFEaMTme7fGgrxcFZ6+koubHZCUN5k0sWmIeWQiKlNaY2uf7vf49TBSMXFuGtTclCjlybCnnlmZMPJuhCDqFsUyNelm15+f5pPyWXM5NiFooEc7WIZj996Zb4uSo1EKruVWONzzqe814s9AOp60SCkuoiv97uVRxbLZNItPRSmXNktQmSx/CEl0AuYPYwvJ9HbZQncfTBH9ExlDyidernjyr4uyHGMZyJN614ICy0gncsZv9ZtAd1FAoIBAA4toGPU/VcKFmK92zgO05jsg5vJzw5xeoxRWKrLg7iby6Su6BuNgaVwfYWeZuOhnXakid7FvFXKH6x44o9gyFm5bKqFhaXDzAnxzqcLeM5V+gititOsstpZCbVOoKQOhgTHyxpFNVX3E/nB8EunydWyhQMxKme//NsRroFm1vWljQKyL3zER82AzyseEpEYZoB/6g0n5uF2lR7KllxeBlINsceQ8g3JkmJTdS1hoXcyUSsZ+EgrRbCykNB5aVC5G3/W1OSZsFHbbMrYHCMnaYKwMqLmOkb11o6nOrJJ4pgHj8CVcp2TNjfy3y0Ru6RZ42b0Q+3LktJBGu9r5d04FgI=\n" + "-----END RSA PRIVATE KEY-----"; +#endif + _Static_assert(sizeof(pki_rsa2048_output) == 2048/8, "rsa2048 output is wrong size"); _Static_assert(sizeof(pki_rsa4096_output) == 4096/8, "rsa4096 output is wrong size"); static void test_cert(const char *cert, const uint8_t *expected_output, size_t output_len); +void mbedtls_mpi_printf(const char *name, const mbedtls_mpi *X); TEST_CASE("mbedtls RSA4096 cert", "[mbedtls]") { @@ -242,6 +252,7 @@ static void test_cert(const char *cert, const uint8_t *expected_output, size_t o } #ifdef CONFIG_MBEDTLS_HARDWARE_MPI +static void rsa_key_operations(int keysize, bool check_performance, bool use_blinding, bool generate_new_rsa); static int myrand(void *rng_state, unsigned char *output, size_t len) { @@ -249,7 +260,37 @@ static int myrand(void *rng_state, unsigned char *output, size_t len) return mbedtls_hardware_poll(rng_state, output, len, &olen); } +#ifdef PRINT_DEBUG_INFO +static void print_rsa_details(mbedtls_rsa_context *rsa) +{ + mbedtls_mpi X[5]; + for (int i=0; i<5; ++i) { + mbedtls_mpi_init( &X[i] ); + } + + if (0 == mbedtls_rsa_export(rsa, &X[0], &X[1], &X[2], &X[3], &X[4])) { + for (int i=0; i<5; ++i) { + mbedtls_mpi_printf((char*)"N\0P\0Q\0D\0E" + 2*i, &X[i]); + mbedtls_mpi_free( &X[i] ); + } + } +} +#endif + TEST_CASE("test performance RSA key operations", "[bignum][ignore]") +{ + for (int keysize = 2048; keysize <= 4096; keysize += 2048) { + rsa_key_operations(keysize, true, false, true); + } +} + +TEST_CASE("test RSA-4096 calculations", "[bignum]") +{ + // use pre-genrated keys to make the test run a bit faster + rsa_key_operations(4096, false, true, false); +} + +static void rsa_key_operations(int keysize, bool check_performance, bool use_blinding, bool generate_new_rsa) { mbedtls_rsa_context rsa; unsigned char orig_buf[4096 / 8]; @@ -259,37 +300,48 @@ TEST_CASE("test performance RSA key operations", "[bignum][ignore]") int public_perf, private_perf; printf("First, orig_buf is encrypted by the public key, and then decrypted by the private key\n"); + printf("keysize=%d check_performance=%d use_blinding=%d generate_new_rsa=%d\n", keysize, check_performance, use_blinding, generate_new_rsa); - for (int keysize = 2048; keysize <= 4096; keysize += 2048) { - memset(orig_buf, 0xAA, sizeof(orig_buf)); - orig_buf[0] = 0; // Ensure that orig_buf is smaller than rsa.N - + memset(orig_buf, 0xAA, sizeof(orig_buf)); + orig_buf[0] = 0; // Ensure that orig_buf is smaller than rsa.N + if (generate_new_rsa) { mbedtls_rsa_init(&rsa, MBEDTLS_RSA_PRIVATE, 0); TEST_ASSERT_EQUAL(0, mbedtls_rsa_gen_key(&rsa, myrand, NULL, keysize, 65537)); - - TEST_ASSERT_EQUAL(keysize, (int)rsa.len * 8); - TEST_ASSERT_EQUAL(keysize, (int)rsa.D.n * sizeof(mbedtls_mpi_uint) * 8); // The private exponent - - start = esp_timer_get_time(); - TEST_ASSERT_EQUAL(0, mbedtls_rsa_public(&rsa, orig_buf, encrypted_buf)); - public_perf = esp_timer_get_time() - start; - - start = esp_timer_get_time(); - TEST_ASSERT_EQUAL(0, mbedtls_rsa_private(&rsa, NULL, NULL, encrypted_buf, decrypted_buf)); - private_perf = esp_timer_get_time() - start; - - if (keysize == 2048) { - TEST_PERFORMANCE_LESS_THAN(RSA_2048KEY_PUBLIC_OP, "public operations %d us", public_perf); - TEST_PERFORMANCE_LESS_THAN(RSA_2048KEY_PRIVATE_OP, "private operations %d us", private_perf); - } else { - TEST_PERFORMANCE_LESS_THAN(RSA_4096KEY_PUBLIC_OP, "public operations %d us", public_perf); - TEST_PERFORMANCE_LESS_THAN(RSA_4096KEY_PRIVATE_OP, "private operations %d us", private_perf); - } - - TEST_ASSERT_EQUAL_MEMORY_MESSAGE(orig_buf, decrypted_buf, keysize / 8, "RSA operation"); - - mbedtls_rsa_free(&rsa); + } else if (keysize==4096) { // pre-generated private key only available for keysize=4096 + mbedtls_pk_context clientkey; + mbedtls_pk_init(&clientkey); + TEST_ASSERT_EQUAL(0, mbedtls_pk_parse_key(&clientkey, (const uint8_t *)privkey_buf, sizeof(privkey_buf), NULL, 0)); + memcpy(&rsa, mbedtls_pk_rsa(clientkey), sizeof(mbedtls_rsa_context)); + } else { + printf("Not supported keysize, please use generate_new_rsa=true\n"); + abort(); } +#ifdef PRINT_DEBUG_INFO + print_rsa_details(&rsa); +#endif + + TEST_ASSERT_EQUAL(keysize, (int)rsa.len * 8); + TEST_ASSERT_EQUAL(keysize, (int)rsa.D.n * sizeof(mbedtls_mpi_uint) * 8); // The private exponent + + start = esp_timer_get_time(); + TEST_ASSERT_EQUAL(0, mbedtls_rsa_public(&rsa, orig_buf, encrypted_buf)); + public_perf = esp_timer_get_time() - start; + + start = esp_timer_get_time(); + TEST_ASSERT_EQUAL(0, mbedtls_rsa_private(&rsa, use_blinding?myrand:NULL, NULL, encrypted_buf, decrypted_buf)); + private_perf = esp_timer_get_time() - start; + + if (check_performance && keysize == 2048) { + TEST_PERFORMANCE_LESS_THAN(RSA_2048KEY_PUBLIC_OP, "public operations %d us", public_perf); + TEST_PERFORMANCE_LESS_THAN(RSA_2048KEY_PRIVATE_OP, "private operations %d us", private_perf); + } else if (check_performance && keysize == 4096) { + TEST_PERFORMANCE_LESS_THAN(RSA_4096KEY_PUBLIC_OP, "public operations %d us", public_perf); + TEST_PERFORMANCE_LESS_THAN(RSA_4096KEY_PRIVATE_OP, "private operations %d us", private_perf); + } + + TEST_ASSERT_EQUAL_MEMORY_MESSAGE(orig_buf, decrypted_buf, keysize / 8, "RSA operation"); + + mbedtls_rsa_free(&rsa); } #endif // CONFIG_MBEDTLS_HARDWARE_MPI \ No newline at end of file