Merge pull request #8855 from gilles-peskine-arm/benchmark-ecdh-no-legacy
Remove most uses of MBEDTLS_ALLOW_PRIVATE_ACCESS in test programs
This commit is contained in:
commit
81c322329e
16 changed files with 68 additions and 188 deletions
3
ChangeLog.d/benchmark-ecdh.txt
Normal file
3
ChangeLog.d/benchmark-ecdh.txt
Normal file
|
@ -0,0 +1,3 @@
|
|||
Features
|
||||
* The benchmark program now reports times for both ephemeral and static
|
||||
ECDH in all ECDH configurations.
|
|
@ -1,5 +1,3 @@
|
|||
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
|
||||
|
||||
#include "mbedtls/ssl.h"
|
||||
#include "mbedtls/entropy.h"
|
||||
#include "mbedtls/ctr_drbg.h"
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
|
||||
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdint.h>
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
|
||||
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdint.h>
|
||||
|
@ -137,7 +135,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
|
|||
ret = mbedtls_ssl_handshake(&ssl);
|
||||
|
||||
if (ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) {
|
||||
biomemfuzz.Offset = ssl.next_record_offset;
|
||||
biomemfuzz.Offset = ssl.MBEDTLS_PRIVATE(next_record_offset);
|
||||
mbedtls_ssl_session_reset(&ssl);
|
||||
mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout);
|
||||
if (mbedtls_ssl_set_client_transport_id(&ssl, client_ip, sizeof(client_ip)) != 0) {
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
|
||||
|
||||
#include <stdint.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
@ -73,7 +71,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
|
|||
if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY ||
|
||||
mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY_DH) {
|
||||
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(pk);
|
||||
mbedtls_ecp_group_id grp_id = ecp->grp.id;
|
||||
mbedtls_ecp_group_id grp_id = mbedtls_ecp_keypair_get_group_id(ecp);
|
||||
const mbedtls_ecp_curve_info *curve_info =
|
||||
mbedtls_ecp_curve_info_from_grp_id(grp_id);
|
||||
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
|
||||
|
||||
#include <stdint.h>
|
||||
#include <stdlib.h>
|
||||
#include "mbedtls/pk.h"
|
||||
|
@ -49,7 +47,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
|
|||
if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY ||
|
||||
mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY_DH) {
|
||||
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(pk);
|
||||
mbedtls_ecp_group_id grp_id = ecp->grp.id;
|
||||
mbedtls_ecp_group_id grp_id = mbedtls_ecp_keypair_get_group_id(ecp);
|
||||
const mbedtls_ecp_curve_info *curve_info =
|
||||
mbedtls_ecp_curve_info_from_grp_id(grp_id);
|
||||
|
||||
|
@ -61,9 +59,15 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
|
|||
|
||||
/* It's a public key, so the private value should not have
|
||||
* been changed from its initialization to 0. */
|
||||
if (mbedtls_mpi_cmp_int(&ecp->d, 0) != 0) {
|
||||
mbedtls_mpi d;
|
||||
mbedtls_mpi_init(&d);
|
||||
if (mbedtls_ecp_export(ecp, NULL, &d, NULL) != 0) {
|
||||
abort();
|
||||
}
|
||||
if (mbedtls_mpi_cmp_int(&d, 0) != 0) {
|
||||
abort();
|
||||
}
|
||||
mbedtls_mpi_free(&d);
|
||||
} else
|
||||
#endif
|
||||
{
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
|
||||
|
||||
#include "mbedtls/ssl.h"
|
||||
#include "mbedtls/entropy.h"
|
||||
#include "mbedtls/ctr_drbg.h"
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
|
||||
|
||||
#include <stdint.h>
|
||||
#include "mbedtls/x509_crl.h"
|
||||
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
|
||||
|
||||
#include <stdint.h>
|
||||
#include "mbedtls/x509_crt.h"
|
||||
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
|
||||
|
||||
#include <stdint.h>
|
||||
#include "mbedtls/x509_csr.h"
|
||||
|
||||
|
|
|
@ -5,8 +5,6 @@
|
|||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
|
||||
|
||||
#include "mbedtls/build_info.h"
|
||||
#include "mbedtls/debug.h"
|
||||
#include "mbedtls/platform.h"
|
||||
|
@ -551,23 +549,23 @@ void print_deserialized_ssl_session(const uint8_t *ssl, uint32_t len,
|
|||
const mbedtls_md_info_t *md_info;
|
||||
#endif
|
||||
|
||||
printf("\tciphersuite : %s\n", ciphersuite_info->name);
|
||||
printf("\tcipher flags : 0x%02X\n", ciphersuite_info->flags);
|
||||
printf("\tciphersuite : %s\n", mbedtls_ssl_ciphersuite_get_name(ciphersuite_info));
|
||||
printf("\tcipher flags : 0x%02X\n", ciphersuite_info->MBEDTLS_PRIVATE(flags));
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_C)
|
||||
const mbedtls_cipher_info_t *cipher_info;
|
||||
cipher_info = mbedtls_cipher_info_from_type(ciphersuite_info->cipher);
|
||||
cipher_info = mbedtls_cipher_info_from_type(ciphersuite_info->MBEDTLS_PRIVATE(cipher));
|
||||
if (cipher_info == NULL) {
|
||||
printf_err("Cannot find cipher info\n");
|
||||
} else {
|
||||
printf("\tcipher : %s\n", cipher_info->name);
|
||||
printf("\tcipher : %s\n", mbedtls_cipher_info_get_name(cipher_info));
|
||||
}
|
||||
#else /* MBEDTLS_CIPHER_C */
|
||||
printf("\tcipher type : %d\n", ciphersuite_info->cipher);
|
||||
printf("\tcipher type : %d\n", ciphersuite_info->MBEDTLS_PRIVATE(cipher));
|
||||
#endif /* MBEDTLS_CIPHER_C */
|
||||
|
||||
#if defined(MBEDTLS_MD_C)
|
||||
md_info = mbedtls_md_info_from_type(ciphersuite_info->mac);
|
||||
md_info = mbedtls_md_info_from_type(ciphersuite_info->MBEDTLS_PRIVATE(mac));
|
||||
if (md_info == NULL) {
|
||||
printf_err("Cannot find Message-Digest info\n");
|
||||
} else {
|
||||
|
|
|
@ -8,7 +8,6 @@
|
|||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
|
||||
|
||||
#include "ssl_test_lib.h"
|
||||
|
||||
|
|
|
@ -5,8 +5,6 @@
|
|||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
|
||||
|
||||
#include "mbedtls/build_info.h"
|
||||
|
||||
#include "mbedtls/platform.h"
|
||||
|
@ -1188,141 +1186,44 @@ int main(int argc, char *argv[])
|
|||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C) && defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
|
||||
if (todo.ecdh) {
|
||||
mbedtls_ecdh_context ecdh;
|
||||
mbedtls_mpi z;
|
||||
const mbedtls_ecp_curve_info montgomery_curve_list[] = {
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
|
||||
{ MBEDTLS_ECP_DP_CURVE25519, 0, 0, "Curve25519" },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
|
||||
{ MBEDTLS_ECP_DP_CURVE448, 0, 0, "Curve448" },
|
||||
#endif
|
||||
{ MBEDTLS_ECP_DP_NONE, 0, 0, 0 }
|
||||
};
|
||||
const mbedtls_ecp_curve_info *curve_info;
|
||||
size_t olen;
|
||||
const mbedtls_ecp_curve_info *selected_montgomery_curve_list =
|
||||
montgomery_curve_list;
|
||||
|
||||
if (curve_list == (const mbedtls_ecp_curve_info *) &single_curve) {
|
||||
mbedtls_ecp_group grp;
|
||||
|
||||
mbedtls_ecp_group_init(&grp);
|
||||
if (mbedtls_ecp_group_load(&grp, curve_list->grp_id) != 0) {
|
||||
mbedtls_exit(1);
|
||||
}
|
||||
if (mbedtls_ecp_get_type(&grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
|
||||
selected_montgomery_curve_list = single_curve;
|
||||
} else { /* empty list */
|
||||
selected_montgomery_curve_list = single_curve + 1;
|
||||
}
|
||||
mbedtls_ecp_group_free(&grp);
|
||||
}
|
||||
|
||||
for (curve_info = curve_list;
|
||||
curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
|
||||
curve_info++) {
|
||||
if (!mbedtls_ecdh_can_do(curve_info->grp_id)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
mbedtls_ecdh_init(&ecdh);
|
||||
|
||||
CHECK_AND_CONTINUE(mbedtls_ecp_group_load(&ecdh.grp, curve_info->grp_id));
|
||||
CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh, &olen, buf, sizeof(buf),
|
||||
myrand, NULL));
|
||||
CHECK_AND_CONTINUE(mbedtls_ecp_copy(&ecdh.Qp, &ecdh.Q));
|
||||
|
||||
mbedtls_snprintf(title, sizeof(title), "ECDHE-%s",
|
||||
curve_info->name);
|
||||
TIME_PUBLIC(title, "handshake",
|
||||
CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh, &olen, buf, sizeof(buf),
|
||||
myrand, NULL));
|
||||
CHECK_AND_CONTINUE(mbedtls_ecdh_calc_secret(&ecdh, &olen, buf, sizeof(buf),
|
||||
myrand, NULL)));
|
||||
mbedtls_ecdh_free(&ecdh);
|
||||
}
|
||||
|
||||
/* Montgomery curves need to be handled separately */
|
||||
for (curve_info = selected_montgomery_curve_list;
|
||||
curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
|
||||
curve_info++) {
|
||||
mbedtls_ecdh_init(&ecdh);
|
||||
mbedtls_mpi_init(&z);
|
||||
|
||||
CHECK_AND_CONTINUE(mbedtls_ecp_group_load(&ecdh.grp, curve_info->grp_id));
|
||||
CHECK_AND_CONTINUE(mbedtls_ecdh_gen_public(&ecdh.grp, &ecdh.d, &ecdh.Qp, myrand, NULL));
|
||||
|
||||
mbedtls_snprintf(title, sizeof(title), "ECDHE-%s",
|
||||
curve_info->name);
|
||||
TIME_PUBLIC(title, "handshake",
|
||||
CHECK_AND_CONTINUE(mbedtls_ecdh_gen_public(&ecdh.grp, &ecdh.d, &ecdh.Q,
|
||||
myrand, NULL));
|
||||
CHECK_AND_CONTINUE(mbedtls_ecdh_compute_shared(&ecdh.grp, &z, &ecdh.Qp,
|
||||
&ecdh.d,
|
||||
myrand, NULL)));
|
||||
|
||||
mbedtls_ecdh_free(&ecdh);
|
||||
mbedtls_mpi_free(&z);
|
||||
}
|
||||
|
||||
for (curve_info = curve_list;
|
||||
curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
|
||||
curve_info++) {
|
||||
if (!mbedtls_ecdh_can_do(curve_info->grp_id)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
mbedtls_ecdh_init(&ecdh);
|
||||
|
||||
CHECK_AND_CONTINUE(mbedtls_ecp_group_load(&ecdh.grp, curve_info->grp_id));
|
||||
CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh, &olen, buf, sizeof(buf),
|
||||
myrand, NULL));
|
||||
CHECK_AND_CONTINUE(mbedtls_ecp_copy(&ecdh.Qp, &ecdh.Q));
|
||||
CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh, &olen, buf, sizeof(buf),
|
||||
myrand, NULL));
|
||||
|
||||
mbedtls_snprintf(title, sizeof(title), "ECDH-%s",
|
||||
curve_info->name);
|
||||
TIME_PUBLIC(title, "handshake",
|
||||
CHECK_AND_CONTINUE(mbedtls_ecdh_calc_secret(&ecdh, &olen, buf, sizeof(buf),
|
||||
myrand, NULL)));
|
||||
mbedtls_ecdh_free(&ecdh);
|
||||
}
|
||||
|
||||
/* Montgomery curves need to be handled separately */
|
||||
for (curve_info = selected_montgomery_curve_list;
|
||||
curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
|
||||
curve_info++) {
|
||||
mbedtls_ecdh_init(&ecdh);
|
||||
mbedtls_mpi_init(&z);
|
||||
|
||||
CHECK_AND_CONTINUE(mbedtls_ecp_group_load(&ecdh.grp, curve_info->grp_id));
|
||||
CHECK_AND_CONTINUE(mbedtls_ecdh_gen_public(&ecdh.grp, &ecdh.d, &ecdh.Qp,
|
||||
myrand, NULL));
|
||||
CHECK_AND_CONTINUE(mbedtls_ecdh_gen_public(&ecdh.grp, &ecdh.d, &ecdh.Q, myrand, NULL));
|
||||
|
||||
mbedtls_snprintf(title, sizeof(title), "ECDH-%s",
|
||||
curve_info->name);
|
||||
TIME_PUBLIC(title, "handshake",
|
||||
CHECK_AND_CONTINUE(mbedtls_ecdh_compute_shared(&ecdh.grp, &z, &ecdh.Qp,
|
||||
&ecdh.d,
|
||||
myrand, NULL)));
|
||||
|
||||
mbedtls_ecdh_free(&ecdh);
|
||||
mbedtls_mpi_free(&z);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C)
|
||||
if (todo.ecdh) {
|
||||
mbedtls_ecdh_context ecdh_srv, ecdh_cli;
|
||||
unsigned char buf_srv[BUFSIZE], buf_cli[BUFSIZE];
|
||||
const mbedtls_ecp_curve_info *curve_info;
|
||||
size_t olen;
|
||||
size_t params_len, publen, seclen;
|
||||
|
||||
for (curve_info = curve_list;
|
||||
curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
|
||||
curve_info++) {
|
||||
if (!mbedtls_ecdh_can_do(curve_info->grp_id)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
mbedtls_ecdh_init(&ecdh_srv);
|
||||
|
||||
CHECK_AND_CONTINUE(mbedtls_ecdh_setup(&ecdh_srv, curve_info->grp_id));
|
||||
CHECK_AND_CONTINUE(mbedtls_ecdh_make_params(&ecdh_srv, ¶ms_len, buf_srv,
|
||||
sizeof(buf_srv), myrand, NULL));
|
||||
|
||||
mbedtls_snprintf(title, sizeof(title), "ECDHE-%s", curve_info->name);
|
||||
TIME_PUBLIC(title,
|
||||
"ephemeral handshake",
|
||||
const unsigned char *p_srv = buf_srv;
|
||||
mbedtls_ecdh_init(&ecdh_cli);
|
||||
|
||||
CHECK_AND_CONTINUE(mbedtls_ecdh_read_params(&ecdh_cli, &p_srv,
|
||||
p_srv + params_len));
|
||||
CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh_cli, &publen, buf_cli,
|
||||
sizeof(buf_cli), myrand, NULL));
|
||||
|
||||
CHECK_AND_CONTINUE(mbedtls_ecdh_calc_secret(&ecdh_cli, &seclen, buf_cli,
|
||||
sizeof(buf_cli), myrand, NULL));
|
||||
mbedtls_ecdh_free(&ecdh_cli);
|
||||
);
|
||||
|
||||
mbedtls_ecdh_free(&ecdh_srv);
|
||||
}
|
||||
|
||||
for (curve_info = curve_list;
|
||||
curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
|
||||
|
@ -1334,31 +1235,26 @@ int main(int argc, char *argv[])
|
|||
mbedtls_ecdh_init(&ecdh_srv);
|
||||
mbedtls_ecdh_init(&ecdh_cli);
|
||||
|
||||
mbedtls_snprintf(title, sizeof(title), "ECDHE-%s", curve_info->name);
|
||||
TIME_PUBLIC(title,
|
||||
"full handshake",
|
||||
const unsigned char *p_srv = buf_srv;
|
||||
|
||||
CHECK_AND_CONTINUE(mbedtls_ecdh_setup(&ecdh_srv, curve_info->grp_id));
|
||||
CHECK_AND_CONTINUE(mbedtls_ecdh_make_params(&ecdh_srv, &olen, buf_srv,
|
||||
CHECK_AND_CONTINUE(mbedtls_ecdh_make_params(&ecdh_srv, ¶ms_len, buf_srv,
|
||||
sizeof(buf_srv), myrand, NULL));
|
||||
|
||||
const unsigned char *p_srv = buf_srv;
|
||||
CHECK_AND_CONTINUE(mbedtls_ecdh_read_params(&ecdh_cli, &p_srv,
|
||||
p_srv + olen));
|
||||
CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh_cli, &olen, buf_cli,
|
||||
p_srv + params_len));
|
||||
CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh_cli, &publen, buf_cli,
|
||||
sizeof(buf_cli), myrand, NULL));
|
||||
|
||||
CHECK_AND_CONTINUE(mbedtls_ecdh_read_public(&ecdh_srv, buf_cli, olen));
|
||||
CHECK_AND_CONTINUE(mbedtls_ecdh_calc_secret(&ecdh_srv, &olen, buf_srv,
|
||||
sizeof(buf_srv), myrand, NULL));
|
||||
|
||||
CHECK_AND_CONTINUE(mbedtls_ecdh_calc_secret(&ecdh_cli, &olen, buf_cli,
|
||||
mbedtls_snprintf(title, sizeof(title), "ECDH-%s", curve_info->name);
|
||||
TIME_PUBLIC(title,
|
||||
"static handshake",
|
||||
CHECK_AND_CONTINUE(mbedtls_ecdh_calc_secret(&ecdh_cli, &seclen, buf_cli,
|
||||
sizeof(buf_cli), myrand, NULL));
|
||||
mbedtls_ecdh_free(&ecdh_cli);
|
||||
|
||||
mbedtls_ecdh_free(&ecdh_srv);
|
||||
);
|
||||
|
||||
mbedtls_ecdh_free(&ecdh_cli);
|
||||
mbedtls_ecdh_free(&ecdh_srv);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -26,7 +26,6 @@
|
|||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
|
||||
|
||||
#include <mbedtls/platform.h>
|
||||
#include <mbedtls/platform_util.h>
|
||||
|
|
|
@ -5,8 +5,6 @@
|
|||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
|
||||
|
||||
#include "mbedtls/build_info.h"
|
||||
|
||||
#include "mbedtls/entropy.h"
|
||||
|
|
|
@ -11,7 +11,6 @@
|
|||
* example of good general usage.
|
||||
*/
|
||||
|
||||
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
|
||||
|
||||
#include "mbedtls/build_info.h"
|
||||
|
||||
|
|
Loading…
Reference in a new issue