From e8d3b80e4baa775903028c6341b7d84fa50d141b Mon Sep 17 00:00:00 2001
From: KonstantinKondrashov <konstantin@espressif.com>
Date: Tue, 22 Oct 2019 18:22:02 +0800
Subject: [PATCH] mbedtls: Add an UT for performance RSA key operations

(New) - Montgomery exponentiation: Z = X ^ Y mod M  (HAC 14.94)
keysize = 2048 bits
RSA key operation (performance): public [21894 us], private [199119 us]
RSA key operation (performance): public [18768 us], private [189051 us]
RSA key operation (performance): public [16242 us], private [190821 us]
keysize = 3072 bits
RSA key operation (performance): public [39762 us], private [437480 us]
RSA key operation (performance): public [36550 us], private [449422 us]
RSA key operation (performance): public [40536 us], private [443451 us]
keysize = 4096 bits
RSA key operation (performance): public [65671 us], private [885215 us]
RSA key operation (performance): public [60770 us], private [880936 us]
RSA key operation (performance): public [68951 us], private [872027 us]

(Old) - Sliding-window exponentiation: Z = X ^ Y mod M  (HAC 14.85)
keysize = 2048 bits
RSA key operation (performance): public [93206 us], private [280189 us]
RSA key operation (performance): public [93060 us], private [278893 us]
RSA key operation (performance): public [97520 us], private [283252 us]
keysize = 3072 bits
RSA key operation (performance): public [293614 us], private [858157 us]
RSA key operation (performance): public [289902 us], private [843701 us]
RSA key operation (performance): public [291495 us], private [845232 us]
keysize = 4096 bits
RSA key operation (performance): public [653192 us], private [1912126 us]
RSA key operation (performance): public [656661 us], private [1901792 us]
RSA key operation (performance): public [641390 us], private [1938911 us]
---
 components/idf_test/include/idf_performance.h |  4 ++
 components/mbedtls/test/test_rsa.c            | 55 +++++++++++++++++++
 2 files changed, 59 insertions(+)

diff --git a/components/idf_test/include/idf_performance.h b/components/idf_test/include/idf_performance.h
index 8a952c406..bb640cfcf 100644
--- a/components/idf_test/include/idf_performance.h
+++ b/components/idf_test/include/idf_performance.h
@@ -31,3 +31,7 @@
 #define IDF_PERFORMANCE_MAX_ESP32_CYCLES_PER_DIV 70
 #define IDF_PERFORMANCE_MAX_ESP32_CYCLES_PER_SQRT 140
 
+#define IDF_PERFORMANCE_MAX_RSA_2048KEY_PUBLIC_OP  19000
+#define IDF_PERFORMANCE_MAX_RSA_2048KEY_PRIVATE_OP 180000
+#define IDF_PERFORMANCE_MAX_RSA_4096KEY_PUBLIC_OP  65000
+#define IDF_PERFORMANCE_MAX_RSA_4096KEY_PRIVATE_OP 850000
diff --git a/components/mbedtls/test/test_rsa.c b/components/mbedtls/test/test_rsa.c
index df6d8f238..80f36a469 100644
--- a/components/mbedtls/test/test_rsa.c
+++ b/components/mbedtls/test/test_rsa.c
@@ -11,11 +11,13 @@
 #include "mbedtls/rsa.h"
 #include "mbedtls/pk.h"
 #include "mbedtls/x509_crt.h"
+#include "mbedtls/entropy_poll.h"
 #include "freertos/FreeRTOS.h"
 #include "freertos/task.h"
 #include "freertos/semphr.h"
 #include "unity.h"
 #include "sdkconfig.h"
+#include "test_utils.h"
 
 /* Taken from openssl s_client -connect api.gigafive.com:443 -showcerts
  */
@@ -238,3 +240,56 @@ static void test_cert(const char *cert, const uint8_t *expected_output, size_t o
 
     mbedtls_x509_crt_free(&crt);
 }
+
+static int myrand(void *rng_state, unsigned char *output, size_t len)
+{
+    size_t olen;
+    return mbedtls_hardware_poll(rng_state, output, len, &olen);
+}
+
+#ifdef CONFIG_MBEDTLS_HARDWARE_MPI
+
+TEST_CASE("test performance RSA key operations", "[bignum][ignore]")
+{
+    mbedtls_rsa_context rsa;
+    unsigned char orig_buf[4096 / 8];
+    unsigned char encrypted_buf[4096 / 8];
+    unsigned char decrypted_buf[4096 / 8];
+    int64_t start;
+    int public_perf, private_perf;
+
+    printf("First, orig_buf is encrypted by the public key, and then decrypted by the private key\n");
+
+    for (int keysize = 2048; keysize <= 4096; keysize += 2048) {
+        memset(orig_buf, 0xAA, sizeof(orig_buf));
+        orig_buf[0] = 0; // Ensure that orig_buf is smaller than rsa.N
+
+        mbedtls_rsa_init(&rsa, MBEDTLS_RSA_PRIVATE, 0);
+        TEST_ASSERT_EQUAL(0, mbedtls_rsa_gen_key(&rsa, myrand, NULL, keysize, 65537));
+
+        TEST_ASSERT_EQUAL(keysize, (int)rsa.len * 8);
+        TEST_ASSERT_EQUAL(keysize, (int)rsa.D.n * sizeof(mbedtls_mpi_uint) * 8); // The private exponent
+
+        start = esp_timer_get_time();
+        TEST_ASSERT_EQUAL(0, mbedtls_rsa_public(&rsa, orig_buf, encrypted_buf));
+        public_perf = esp_timer_get_time() - start;
+
+        start = esp_timer_get_time();
+        TEST_ASSERT_EQUAL(0, mbedtls_rsa_private(&rsa, NULL, NULL, encrypted_buf, decrypted_buf));
+        private_perf = esp_timer_get_time() - start;
+
+        if (keysize == 2048) {
+            TEST_PERFORMANCE_LESS_THAN(RSA_2048KEY_PUBLIC_OP, "public operations %d us", public_perf);
+            TEST_PERFORMANCE_LESS_THAN(RSA_2048KEY_PRIVATE_OP, "private operations %d us", private_perf);
+        } else {
+            TEST_PERFORMANCE_LESS_THAN(RSA_4096KEY_PUBLIC_OP, "public operations %d us", public_perf);
+            TEST_PERFORMANCE_LESS_THAN(RSA_4096KEY_PRIVATE_OP, "private operations %d us", private_perf);
+        }
+
+        TEST_ASSERT_EQUAL_MEMORY_MESSAGE(orig_buf, decrypted_buf, keysize / 8, "RSA operation");
+
+        mbedtls_rsa_free(&rsa);
+    }
+}
+
+#endif // CONFIG_MBEDTLS_HARDWARE_MPI
\ No newline at end of file