Merge pull request #10023 from gilles-peskine-arm/tls-defragmentation-merge-development-20250303
[tls-defragmentation/development] Update main branch
diff --git a/docs/architecture/testing/invasive-testing.md b/docs/architecture/testing/invasive-testing.md
index 464f761..bf8d631 100644
--- a/docs/architecture/testing/invasive-testing.md
+++ b/docs/architecture/testing/invasive-testing.md
@@ -275,7 +275,7 @@
Goal: test that `mbedtls_platform_zeroize` does wipe the memory buffer.
-Solution ([debugger](#debugger-based-testing)): implemented in `tests/scripts/test_zeroize.gdb`.
+Solution ([debugger](#debugger-based-testing)): implemented in `framework/tests/programs/test_zeroize.gdb`.
Rationale: this cannot be tested by adding C code, because the danger is that the compiler optimizes the zeroization away, and any C code that observes the zeroization would cause the compiler not to optimize it away.
diff --git a/framework b/framework
index 2eb60b8..523a12d 160000
--- a/framework
+++ b/framework
@@ -1 +1 @@
-Subproject commit 2eb60b8da3745f8882741f6fa4c2b316abf5478a
+Subproject commit 523a12d05b91301b020e2aa560d9774135e3a801
diff --git a/library/x509_crl.c b/library/x509_crl.c
index e67fde7..bc4fdbb 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@@ -583,11 +583,6 @@
#if !defined(MBEDTLS_X509_REMOVE_INFO)
/*
- * Return an informational string about the certificate.
- */
-#define BEFORE_COLON 14
-#define BC "14"
-/*
* Return an informational string about the CRL.
*/
int mbedtls_x509_crl_info(char *buf, size_t size, const char *prefix,
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 113eb1b..5d26ebb 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1743,15 +1743,15 @@
/*
* Return an informational string about the certificate.
*/
-#define BEFORE_COLON 18
-#define BC "18"
+#define MBEDTLS_BEFORE_COLON 18
+#define MBEDTLS_BEFORE_COLON_STR "18"
int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix,
const mbedtls_x509_crt *crt)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
char *p;
- char key_size_str[BEFORE_COLON];
+ char key_size_str[MBEDTLS_BEFORE_COLON];
p = buf;
n = size;
@@ -1805,13 +1805,13 @@
MBEDTLS_X509_SAFE_SNPRINTF;
/* Key size */
- if ((ret = mbedtls_x509_key_size_helper(key_size_str, BEFORE_COLON,
+ if ((ret = mbedtls_x509_key_size_helper(key_size_str, MBEDTLS_BEFORE_COLON,
mbedtls_pk_get_name(&crt->pk))) != 0) {
return ret;
}
- ret = mbedtls_snprintf(p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str,
- (int) mbedtls_pk_get_bitlen(&crt->pk));
+ ret = mbedtls_snprintf(p, n, "\n%s%-" MBEDTLS_BEFORE_COLON_STR "s: %d bits",
+ prefix, key_size_str, (int) mbedtls_pk_get_bitlen(&crt->pk));
MBEDTLS_X509_SAFE_SNPRINTF;
/*
diff --git a/library/x509_csr.c b/library/x509_csr.c
index 3a78268..8e5fdb6 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -519,8 +519,8 @@
#endif /* MBEDTLS_FS_IO */
#if !defined(MBEDTLS_X509_REMOVE_INFO)
-#define BEFORE_COLON 14
-#define BC "14"
+#define MBEDTLS_BEFORE_COLON 14
+#define MBEDTLS_BEFORE_COLON_STR "14"
/*
* Return an informational string about the CSR.
*/
@@ -530,7 +530,7 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
char *p;
- char key_size_str[BEFORE_COLON];
+ char key_size_str[MBEDTLS_BEFORE_COLON];
p = buf;
n = size;
@@ -551,13 +551,13 @@
csr->sig_opts);
MBEDTLS_X509_SAFE_SNPRINTF;
- if ((ret = mbedtls_x509_key_size_helper(key_size_str, BEFORE_COLON,
+ if ((ret = mbedtls_x509_key_size_helper(key_size_str, MBEDTLS_BEFORE_COLON,
mbedtls_pk_get_name(&csr->pk))) != 0) {
return ret;
}
- ret = mbedtls_snprintf(p, n, "\n%s%-" BC "s: %d bits\n", prefix, key_size_str,
- (int) mbedtls_pk_get_bitlen(&csr->pk));
+ ret = mbedtls_snprintf(p, n, "\n%s%-" MBEDTLS_BEFORE_COLON_STR "s: %d bits\n",
+ prefix, key_size_str, (int) mbedtls_pk_get_bitlen(&csr->pk));
MBEDTLS_X509_SAFE_SNPRINTF;
/*
diff --git a/programs/.gitignore b/programs/.gitignore
index c3e61c1..939e405 100644
--- a/programs/.gitignore
+++ b/programs/.gitignore
@@ -46,7 +46,6 @@
ssl/ssl_pthread_server
ssl/ssl_server
ssl/ssl_server2
-test/benchmark
test/cpp_dummy_build
test/cpp_dummy_build.cpp
test/dlopen
diff --git a/programs/Makefile b/programs/Makefile
index c177c28..79bb402 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -1,4 +1,5 @@
MBEDTLS_TEST_PATH = ../tests
+FRAMEWORK = ${MBEDTLS_PATH}/framework
include ../scripts/common.make
ifeq ($(shell uname -s),Linux)
@@ -24,6 +25,8 @@
BUILD_DLOPEN =
endif
+LOCAL_CFLAGS += -I$(FRAMEWORK)/tests/programs
+
## The following assignment is the list of base names of applications that
## will be built on Windows. Extra Linux/Unix/POSIX-only applications can
## be declared by appending with `APPS += ...` afterwards.
@@ -76,7 +79,6 @@
ssl/ssl_mail_client \
ssl/ssl_server \
ssl/ssl_server2 \
- test/benchmark \
test/metatest \
test/query_compile_time_config \
test/query_included_headers \
@@ -301,7 +303,7 @@
SSL_TEST_OBJECTS = test/query_config.o ssl/ssl_test_lib.o
SSL_TEST_DEPS = $(SSL_TEST_OBJECTS) \
- test/query_config.h \
+ $(FRAMEWORK)/tests/programs/query_config.h \
ssl/ssl_test_lib.h \
ssl/ssl_test_common_source.c \
$(DEP)
@@ -322,7 +324,7 @@
echo " CC ssl/ssl_server2.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_server2.c $(SSL_TEST_OBJECTS) $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-ssl/ssl_context_info$(EXEXT): ssl/ssl_context_info.c test/query_config.o test/query_config.h $(DEP)
+ssl/ssl_context_info$(EXEXT): ssl/ssl_context_info.c test/query_config.o $(FRAMEWORK)/tests/programs/query_config.h $(DEP)
echo " CC ssl/ssl_context_info.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_context_info.c test/query_config.o $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
@@ -342,10 +344,6 @@
echo " CC ssl/mini_client.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/mini_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test/benchmark$(EXEXT): test/benchmark.c $(DEP)
- echo " CC test/benchmark.c"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/benchmark.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
test/cpp_dummy_build.cpp: test/generate_cpp_dummy_build.sh
echo " Gen test/cpp_dummy_build.cpp"
test/generate_cpp_dummy_build.sh
@@ -363,17 +361,17 @@
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/dlopen.c $(LDFLAGS) $(DLOPEN_LDFLAGS) -o $@
endif
-test/metatest$(EXEXT): test/metatest.c $(DEP)
- echo " CC test/metatest.c"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -I../library -I../tf-psa-crypto/core test/metatest.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+test/metatest$(EXEXT): $(FRAMEWORK)/tests/programs/metatest.c $(DEP)
+ echo " CC $(FRAMEWORK)/tests/programs/metatest.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -I../library -I../tf-psa-crypto/core $(FRAMEWORK)/tests/programs/metatest.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test/query_config.o: test/query_config.c test/query_config.h $(DEP)
+test/query_config.o: test/query_config.c $(FRAMEWORK)/tests/programs/query_config.h $(DEP)
echo " CC test/query_config.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) -c test/query_config.c -o $@
-test/query_included_headers$(EXEXT): test/query_included_headers.c $(DEP)
- echo " CC test/query_included_headers.c"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/query_included_headers.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+test/query_included_headers$(EXEXT): $(FRAMEWORK)/tests/programs/query_included_headers.c $(DEP)
+ echo " CC $(FRAMEWORK)/tests/programs/query_included_headers.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $(FRAMEWORK)/tests/programs/query_included_headers.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
test/selftest$(EXEXT): test/selftest.c $(DEP)
echo " CC test/selftest.c"
@@ -383,13 +381,13 @@
echo " CC test/udp_proxy.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/udp_proxy.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test/zeroize$(EXEXT): test/zeroize.c $(DEP)
- echo " CC test/zeroize.c"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/zeroize.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+test/zeroize$(EXEXT): $(FRAMEWORK)/tests/programs/zeroize.c $(DEP)
+ echo " CC $(FRAMEWORK)/tests/programs/zeroize.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $(FRAMEWORK)/tests/programs/zeroize.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test/query_compile_time_config$(EXEXT): test/query_compile_time_config.c test/query_config.o test/query_config.h $(DEP)
- echo " CC test/query_compile_time_config.c"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/query_compile_time_config.c test/query_config.o $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+test/query_compile_time_config$(EXEXT): $(FRAMEWORK)/tests/programs/query_compile_time_config.c test/query_config.o $(FRAMEWORK)/tests/programs/query_config.h $(DEP)
+ echo " CC $(FRAMEWORK)/tests/programs/query_compile_time_config.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $(FRAMEWORK)/tests/programs/query_compile_time_config.c test/query_config.o $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
util/pem2der$(EXEXT): util/pem2der.c $(DEP)
echo " CC util/pem2der.c"
diff --git a/programs/README.md b/programs/README.md
index f53bde5..5e5f40a 100644
--- a/programs/README.md
+++ b/programs/README.md
@@ -53,7 +53,7 @@
## Random number generator (RNG) examples
-* [`random/gen_entropy.c`](random/gen_entropy.c): shows how to use the default entropy sources to generate random data.
+* [`random/gen_entropy.c`](random/gen_entropy.c): shows how to use the default entropy sources to generate random data.
Note: most applications should only use the entropy generator to seed a cryptographic pseudorandom generator, as illustrated by `random/gen_random_ctr_drbg.c`.
* [`random/gen_random_ctr_drbg.c`](random/gen_random_ctr_drbg.c): shows how to use the default entropy sources to seed a pseudorandom generator, and how to use the resulting random generator to generate random data.
@@ -90,13 +90,11 @@
## Test utilities
-* [`test/benchmark.c`](test/benchmark.c): benchmark for cryptographic algorithms.
-
* [`test/selftest.c`](test/selftest.c): runs the self-test function in each library module.
* [`test/udp_proxy.c`](test/udp_proxy.c): a UDP proxy that can inject certain failures (delay, duplicate, drop). Useful for testing DTLS.
-* [`test/zeroize.c`](test/zeroize.c): a test program for `mbedtls_platform_zeroize`, used by [`tests/scripts/test_zeroize.gdb`](tests/scripts/test_zeroize.gdb).
+* [`test/zeroize.c`](../framework/tests/programs/zeroize.c): a test program for `mbedtls_platform_zeroize`, used by [`test_zeroize.gdb`](../framework/tests/programs/test_zeroize.gdb).
## Development utilities
@@ -115,4 +113,3 @@
* [`x509/crl_app.c`](x509/crl_app.c): loads and dumps a certificate revocation list (CRL).
* [`x509/req_app.c`](x509/req_app.c): loads and dumps a certificate signing request (CSR).
-
diff --git a/programs/demo_common.sh b/programs/demo_common.sh
deleted file mode 100644
index d8fcda5..0000000
--- a/programs/demo_common.sh
+++ /dev/null
@@ -1,137 +0,0 @@
-## Common shell functions used by demo scripts programs/*/*.sh.
-
-## How to write a demo script
-## ==========================
-##
-## Include this file near the top of each demo script:
-## . "${0%/*}/../demo_common.sh"
-##
-## Start with a "msg" call that explains the purpose of the script.
-## Then call the "depends_on" function to ensure that all config
-## dependencies are met.
-##
-## As the last thing in the script, call the cleanup function.
-##
-## You can use the functions and variables described below.
-
-set -e -u
-
-## $root_dir is the root directory of the Mbed TLS source tree.
-root_dir="${0%/*}"
-# Find a nice path to the root directory, avoiding unnecessary "../".
-# The code supports demo scripts nested up to 4 levels deep.
-# The code works no matter where the demo script is relative to the current
-# directory, even if it is called with a relative path.
-n=4 # limit the search depth
-while ! [ -d "$root_dir/programs" ] || ! [ -d "$root_dir/library" ]; do
- if [ $n -eq 0 ]; then
- echo >&2 "This doesn't seem to be an Mbed TLS source tree."
- exit 125
- fi
- n=$((n - 1))
- case $root_dir in
- .) root_dir="..";;
- ..|?*/..) root_dir="$root_dir/..";;
- ?*/*) root_dir="${root_dir%/*}";;
- /*) root_dir="/";;
- *) root_dir=".";;
- esac
-done
-
-## $programs_dir is the directory containing the sample programs.
-# Assume an in-tree build.
-programs_dir="$root_dir/programs"
-
-## msg LINE...
-## msg <TEXT_ORIGIN
-## Display an informational message.
-msg () {
- if [ $# -eq 0 ]; then
- sed 's/^/# /'
- else
- for x in "$@"; do
- echo "# $x"
- done
- fi
-}
-
-## run "Message" COMMAND ARGUMENT...
-## Display the message, then run COMMAND with the specified arguments.
-run () {
- echo
- echo "# $1"
- shift
- echo "+ $*"
- "$@"
-}
-
-## Like '!', but stop on failure with 'set -e'
-not () {
- if "$@"; then false; fi
-}
-
-## run_bad "Message" COMMAND ARGUMENT...
-## Like run, but the command is expected to fail.
-run_bad () {
- echo
- echo "$1 This must fail."
- shift
- echo "+ ! $*"
- not "$@"
-}
-
-## config_has SYMBOL...
-## Succeeds if the library configuration has all SYMBOLs set.
-config_has () {
- for x in "$@"; do
- "$programs_dir/test/query_compile_time_config" "$x"
- done
-}
-
-## depends_on SYMBOL...
-## Exit if the library configuration does not have all SYMBOLs set.
-depends_on () {
- m=
- for x in "$@"; do
- if ! config_has "$x"; then
- m="$m $x"
- fi
- done
- if [ -n "$m" ]; then
- cat >&2 <<EOF
-$0: this demo requires the following
-configuration options to be enabled at compile time:
- $m
-EOF
- # Exit with a success status so that this counts as a pass for run_demos.py.
- exit
- fi
-}
-
-## Add the names of files to clean up to this whitespace-separated variable.
-## The file names must not contain whitespace characters.
-files_to_clean=
-
-## Call this function at the end of each script.
-## It is called automatically if the script is killed by a signal.
-cleanup () {
- rm -f -- $files_to_clean
-}
-
-
-
-################################################################
-## End of the public interfaces. Code beyond this point is not
-## meant to be called directly from a demo script.
-
-trap 'cleanup; trap - HUP; kill -HUP $$' HUP
-trap 'cleanup; trap - INT; kill -INT $$' INT
-trap 'cleanup; trap - TERM; kill -TERM $$' TERM
-
-if config_has MBEDTLS_ENTROPY_NV_SEED; then
- # Create a seedfile that's sufficiently long in all library configurations.
- # This is necessary for programs that use randomness.
- # Assume that the name of the seedfile is the default name.
- files_to_clean="$files_to_clean seedfile"
- dd if=/dev/urandom of=seedfile ibs=64 obs=64 count=1
-fi
diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt
index a27c626..65f65b9 100644
--- a/programs/ssl/CMakeLists.txt
+++ b/programs/ssl/CMakeLists.txt
@@ -35,7 +35,7 @@
if(exe STREQUAL "ssl_client2" OR exe STREQUAL "ssl_server2")
list(APPEND extra_sources
ssl_test_lib.c
- ${CMAKE_CURRENT_SOURCE_DIR}/../test/query_config.h
+ ${MBEDTLS_FRAMEWORK_DIR}/tests/programs/query_config.h
${CMAKE_CURRENT_BINARY_DIR}/../test/query_config.c)
endif()
add_executable(${exe}
@@ -45,14 +45,13 @@
${extra_sources})
set_base_compile_options(${exe})
target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT})
- target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include
+ target_include_directories(${exe} PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/programs
+ ${MBEDTLS_FRAMEWORK_DIR}/tests/include
${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
if(exe STREQUAL "ssl_client2" OR exe STREQUAL "ssl_server2")
if(GEN_FILES)
add_dependencies(${exe} generate_query_config_c)
endif()
- target_include_directories(${exe}
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../test)
endif()
endforeach()
@@ -62,7 +61,8 @@
$<TARGET_OBJECTS:mbedtls_test>
$<TARGET_OBJECTS:mbedtls_test_helpers>)
set_base_compile_options(ssl_pthread_server)
- target_include_directories(ssl_pthread_server PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include
+ target_include_directories(ssl_pthread_server PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/programs
+ ${MBEDTLS_FRAMEWORK_DIR}/tests/include
${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
target_link_libraries(ssl_pthread_server ${libs} ${CMAKE_THREAD_LIBS_INIT})
list(APPEND executables ssl_pthread_server)
diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h
index a8387d7..6fc3d73 100644
--- a/programs/ssl/ssl_test_lib.h
+++ b/programs/ssl/ssl_test_lib.h
@@ -66,7 +66,7 @@
#include <test/helpers.h>
-#include "../test/query_config.h"
+#include "query_config.h"
#define ALPN_LIST_SIZE 10
#define GROUP_LIST_SIZE 25
diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
index dec1e8c..089f8a6 100644
--- a/programs/test/CMakeLists.txt
+++ b/programs/test/CMakeLists.txt
@@ -13,7 +13,6 @@
add_dependencies(${ssl_opt_target} udp_proxy)
set(executables_mbedcrypto
- benchmark
zeroize
)
add_dependencies(${programs_target} ${executables_mbedcrypto})
@@ -76,17 +75,24 @@
endif()
foreach(exe IN LISTS executables_libs executables_mbedcrypto)
+ set(source ${exe}.c)
set(extra_sources "")
+ if(NOT EXISTS ${source} AND
+ EXISTS ${MBEDTLS_FRAMEWORK_DIR}/tests/programs/${source})
+ set(source ${MBEDTLS_FRAMEWORK_DIR}/tests/programs/${source})
+ endif()
+
if(exe STREQUAL "query_compile_time_config")
list(APPEND extra_sources
- ${CMAKE_CURRENT_SOURCE_DIR}/query_config.h
+ ${MBEDTLS_FRAMEWORK_DIR}/tests/programs/query_config.h
${CMAKE_CURRENT_BINARY_DIR}/query_config.c)
endif()
- add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>
+ add_executable(${exe} ${source} $<TARGET_OBJECTS:mbedtls_test>
${extra_sources})
set_base_compile_options(${exe})
target_include_directories(${exe}
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
+ PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/include
+ ${MBEDTLS_FRAMEWORK_DIR}/tests/programs)
target_include_directories(${exe}
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../library
${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/core)
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
deleted file mode 100644
index c878e34..0000000
--- a/programs/test/benchmark.c
+++ /dev/null
@@ -1,1272 +0,0 @@
-/*
- * Benchmark demonstration program
- *
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/platform.h"
-
-#if !defined(MBEDTLS_HAVE_TIME)
-int main(void)
-{
- mbedtls_printf("MBEDTLS_HAVE_TIME not defined.\n");
- mbedtls_exit(0);
-}
-#else
-
-#include <string.h>
-#include <stdlib.h>
-
-#include "mbedtls/md5.h"
-#include "mbedtls/ripemd160.h"
-#include "mbedtls/sha1.h"
-#include "mbedtls/sha256.h"
-#include "mbedtls/sha512.h"
-#include "mbedtls/sha3.h"
-
-#include "mbedtls/des.h"
-#include "mbedtls/aes.h"
-#include "mbedtls/aria.h"
-#include "mbedtls/camellia.h"
-#include "mbedtls/chacha20.h"
-#include "mbedtls/gcm.h"
-#include "mbedtls/ccm.h"
-#include "mbedtls/chachapoly.h"
-#include "mbedtls/cmac.h"
-#include "mbedtls/poly1305.h"
-
-#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/hmac_drbg.h"
-
-#include "mbedtls/rsa.h"
-#include "mbedtls/dhm.h"
-#include "mbedtls/ecdsa.h"
-#include "mbedtls/ecdh.h"
-
-#include "mbedtls/error_common.h"
-
-/* *INDENT-OFF* */
-#ifndef asm
-#define asm __asm
-#endif
-/* *INDENT-ON* */
-
-#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
-
-#include <windows.h>
-#include <process.h>
-
-struct _hr_time {
- LARGE_INTEGER start;
-};
-
-#else
-
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/time.h>
-#include <signal.h>
-#include <time.h>
-
-struct _hr_time {
- struct timeval start;
-};
-
-#endif /* _WIN32 && !EFIX64 && !EFI32 */
-
-#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-#include "mbedtls/memory_buffer_alloc.h"
-#endif
-
-#ifdef MBEDTLS_TIMING_ALT
-void mbedtls_set_alarm(int seconds);
-unsigned long mbedtls_timing_hardclock(void);
-extern volatile int mbedtls_timing_alarmed;
-#else
-static void mbedtls_set_alarm(int seconds);
-static unsigned long mbedtls_timing_hardclock(void);
-#endif
-
-/*
- * For heap usage estimates, we need an estimate of the overhead per allocated
- * block. ptmalloc2/3 (used in gnu libc for instance) uses 2 size_t per block,
- * so use that as our baseline.
- */
-#define MEM_BLOCK_OVERHEAD (2 * sizeof(size_t))
-
-/*
- * Size to use for the alloc buffer if MEMORY_BUFFER_ALLOC_C is defined.
- */
-#define HEAP_SIZE (1u << 16) /* 64k */
-
-#define BUFSIZE 1024
-#define HEADER_FORMAT " %-24s : "
-#define TITLE_LEN 25
-
-#define OPTIONS \
- "md5, ripemd160, sha1, sha256, sha512,\n" \
- "sha3_224, sha3_256, sha3_384, sha3_512,\n" \
- "des3, des, camellia, chacha20,\n" \
- "aes_cbc, aes_cfb128, aes_cfb8, aes_gcm, aes_ccm, aes_xts, chachapoly\n" \
- "aes_cmac, des3_cmac, poly1305\n" \
- "ctr_drbg, hmac_drbg\n" \
- "rsa, dhm, ecdsa, ecdh.\n"
-
-#if defined(MBEDTLS_ERROR_C)
-#define PRINT_ERROR \
- mbedtls_printf("Error code: %d", ret);
-/* mbedtls_strerror(ret, (char *) tmp, sizeof(tmp)); \
- mbedtls_printf("FAILED: %s\n", tmp); */
-#else
-#define PRINT_ERROR \
- mbedtls_printf("FAILED: -0x%04x\n", (unsigned int) -ret);
-#endif
-
-#define TIME_AND_TSC(TITLE, CODE) \
- do { \
- unsigned long ii, jj, tsc; \
- int ret = 0; \
- \
- mbedtls_printf(HEADER_FORMAT, TITLE); \
- fflush(stdout); \
- \
- mbedtls_set_alarm(1); \
- for (ii = 1; ret == 0 && !mbedtls_timing_alarmed; ii++) \
- { \
- ret = CODE; \
- } \
- \
- tsc = mbedtls_timing_hardclock(); \
- for (jj = 0; ret == 0 && jj < 1024; jj++) \
- { \
- ret = CODE; \
- } \
- \
- if (ret != 0) \
- { \
- PRINT_ERROR; \
- } \
- else \
- { \
- mbedtls_printf("%9lu KiB/s, %9lu cycles/byte\n", \
- ii * BUFSIZE / 1024, \
- (mbedtls_timing_hardclock() - tsc) \
- / (jj * BUFSIZE)); \
- } \
- } while (0)
-
-#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_MEMORY_DEBUG)
-
-/* How much space to reserve for the title when printing heap usage results.
- * Updated manually as the output of the following command:
- *
- * sed -n 's/.*[T]IME_PUBLIC.*"\(.*\)",/\1/p' programs/test/benchmark.c |
- * awk '{print length+3}' | sort -rn | head -n1
- *
- * This computes the maximum length of a title +3, because we appends "/s" and
- * want at least one space. (If the value is too small, the only consequence
- * is poor alignment.) */
-#define TITLE_SPACE 17
-
-#define MEMORY_MEASURE_INIT \
- size_t max_used, max_blocks, max_bytes; \
- size_t prv_used, prv_blocks; \
- size_t alloc_cnt, free_cnt, prv_alloc, prv_free; \
- mbedtls_memory_buffer_alloc_cur_get(&prv_used, &prv_blocks); \
- mbedtls_memory_buffer_alloc_max_reset();
-
-#define MEMORY_MEASURE_RESET \
- mbedtls_memory_buffer_alloc_count_get(&prv_alloc, &prv_free);
-
-#define MEMORY_MEASURE_PRINT(title_len) \
- mbedtls_memory_buffer_alloc_max_get(&max_used, &max_blocks); \
- mbedtls_memory_buffer_alloc_count_get(&alloc_cnt, &free_cnt); \
- ii = TITLE_SPACE > (title_len) ? TITLE_SPACE - (title_len) : 1; \
- while (ii--) mbedtls_printf(" "); \
- max_used -= prv_used; \
- max_blocks -= prv_blocks; \
- max_bytes = max_used + MEM_BLOCK_OVERHEAD * max_blocks; \
- mbedtls_printf("%6u heap bytes, %6u allocs", \
- (unsigned) max_bytes, \
- (unsigned) (alloc_cnt - prv_alloc));
-
-#else
-#define MEMORY_MEASURE_INIT
-#define MEMORY_MEASURE_RESET
-#define MEMORY_MEASURE_PRINT(title_len)
-#endif
-
-#define TIME_PUBLIC(TITLE, TYPE, CODE) \
- do { \
- unsigned long ii; \
- int ret; \
- MEMORY_MEASURE_INIT; \
- \
- mbedtls_printf(HEADER_FORMAT, TITLE); \
- fflush(stdout); \
- mbedtls_set_alarm(3); \
- \
- ret = 0; \
- for (ii = 1; !mbedtls_timing_alarmed && !ret; ii++) \
- { \
- MEMORY_MEASURE_RESET; \
- CODE; \
- } \
- \
- if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED) \
- { \
- mbedtls_printf("Feature Not Supported. Skipping.\n"); \
- ret = 0; \
- } \
- else if (ret != 0) \
- { \
- PRINT_ERROR; \
- } \
- else \
- { \
- mbedtls_printf("%6lu " TYPE "/s", ii / 3); \
- MEMORY_MEASURE_PRINT(sizeof(TYPE) + 1); \
- mbedtls_printf("\n"); \
- } \
- } while (0)
-
-#if !defined(MBEDTLS_TIMING_ALT)
-#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
- (defined(_MSC_VER) && defined(_M_IX86)) || defined(__WATCOMC__)
-
-#define HAVE_HARDCLOCK
-
-static unsigned long mbedtls_timing_hardclock(void)
-{
- unsigned long tsc;
- __asm rdtsc
- __asm mov[tsc], eax
- return tsc;
-}
-#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
- ( _MSC_VER && _M_IX86 ) || __WATCOMC__ */
-
-/* some versions of mingw-64 have 32-bit longs even on x84_64 */
-#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
- defined(__GNUC__) && (defined(__i386__) || ( \
- (defined(__amd64__) || defined(__x86_64__)) && __SIZEOF_LONG__ == 4))
-
-#define HAVE_HARDCLOCK
-
-static unsigned long mbedtls_timing_hardclock(void)
-{
- unsigned long lo, hi;
- asm volatile ("rdtsc" : "=a" (lo), "=d" (hi));
- return lo;
-}
-#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
- __GNUC__ && __i386__ */
-
-#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
- defined(__GNUC__) && (defined(__amd64__) || defined(__x86_64__))
-
-#define HAVE_HARDCLOCK
-
-static unsigned long mbedtls_timing_hardclock(void)
-{
- unsigned long lo, hi;
- asm volatile ("rdtsc" : "=a" (lo), "=d" (hi));
- return lo | (hi << 32);
-}
-#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
- __GNUC__ && ( __amd64__ || __x86_64__ ) */
-
-#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
- defined(__GNUC__) && (defined(__powerpc__) || defined(__ppc__))
-
-#define HAVE_HARDCLOCK
-
-static unsigned long mbedtls_timing_hardclock(void)
-{
- unsigned long tbl, tbu0, tbu1;
-
- do {
- asm volatile ("mftbu %0" : "=r" (tbu0));
- asm volatile ("mftb %0" : "=r" (tbl));
- asm volatile ("mftbu %0" : "=r" (tbu1));
- } while (tbu0 != tbu1);
-
- return tbl;
-}
-#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
- __GNUC__ && ( __powerpc__ || __ppc__ ) */
-
-#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
- defined(__GNUC__) && defined(__sparc64__)
-
-#if defined(__OpenBSD__)
-#warning OpenBSD does not allow access to tick register using software version instead
-#else
-#define HAVE_HARDCLOCK
-
-static unsigned long mbedtls_timing_hardclock(void)
-{
- unsigned long tick;
- asm volatile ("rdpr %%tick, %0;" : "=&r" (tick));
- return tick;
-}
-#endif /* __OpenBSD__ */
-#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
- __GNUC__ && __sparc64__ */
-
-#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
- defined(__GNUC__) && defined(__sparc__) && !defined(__sparc64__)
-
-#define HAVE_HARDCLOCK
-
-static unsigned long mbedtls_timing_hardclock(void)
-{
- unsigned long tick;
- asm volatile (".byte 0x83, 0x41, 0x00, 0x00");
- asm volatile ("mov %%g1, %0" : "=r" (tick));
- return tick;
-}
-#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
- __GNUC__ && __sparc__ && !__sparc64__ */
-
-#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
- defined(__GNUC__) && defined(__alpha__)
-
-#define HAVE_HARDCLOCK
-
-static unsigned long mbedtls_timing_hardclock(void)
-{
- unsigned long cc;
- asm volatile ("rpcc %0" : "=r" (cc));
- return cc & 0xFFFFFFFF;
-}
-#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
- __GNUC__ && __alpha__ */
-
-#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
- defined(__GNUC__) && defined(__ia64__)
-
-#define HAVE_HARDCLOCK
-
-static unsigned long mbedtls_timing_hardclock(void)
-{
- unsigned long itc;
- asm volatile ("mov %0 = ar.itc" : "=r" (itc));
- return itc;
-}
-#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
- __GNUC__ && __ia64__ */
-
-#if !defined(HAVE_HARDCLOCK) && defined(_WIN32) && \
- !defined(EFIX64) && !defined(EFI32)
-
-#define HAVE_HARDCLOCK
-
-static unsigned long mbedtls_timing_hardclock(void)
-{
- LARGE_INTEGER offset;
-
- QueryPerformanceCounter(&offset);
-
- return (unsigned long) (offset.QuadPart);
-}
-#endif /* !HAVE_HARDCLOCK && _WIN32 && !EFIX64 && !EFI32 */
-
-#if !defined(HAVE_HARDCLOCK)
-
-#define HAVE_HARDCLOCK
-
-static int hardclock_init = 0;
-static struct timeval tv_init;
-
-static unsigned long mbedtls_timing_hardclock(void)
-{
- struct timeval tv_cur;
-
- if (hardclock_init == 0) {
- gettimeofday(&tv_init, NULL);
- hardclock_init = 1;
- }
-
- gettimeofday(&tv_cur, NULL);
- return (tv_cur.tv_sec - tv_init.tv_sec) * 1000000U
- + (tv_cur.tv_usec - tv_init.tv_usec);
-}
-#endif /* !HAVE_HARDCLOCK */
-
-volatile int mbedtls_timing_alarmed = 0;
-
-#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
-
-/* It's OK to use a global because alarm() is supposed to be global anyway */
-static DWORD alarmMs;
-
-static void TimerProc(void *TimerContext)
-{
- (void) TimerContext;
- Sleep(alarmMs);
- mbedtls_timing_alarmed = 1;
- /* _endthread will be called implicitly on return
- * That ensures execution of thread function's epilogue */
-}
-
-static void mbedtls_set_alarm(int seconds)
-{
- if (seconds == 0) {
- /* No need to create a thread for this simple case.
- * Also, this shorcut is more reliable at least on MinGW32 */
- mbedtls_timing_alarmed = 1;
- return;
- }
-
- mbedtls_timing_alarmed = 0;
- alarmMs = seconds * 1000;
- (void) _beginthread(TimerProc, 0, NULL);
-}
-
-#else /* _WIN32 && !EFIX64 && !EFI32 */
-
-static void sighandler(int signum)
-{
- mbedtls_timing_alarmed = 1;
- signal(signum, sighandler);
-}
-
-static void mbedtls_set_alarm(int seconds)
-{
- mbedtls_timing_alarmed = 0;
- signal(SIGALRM, sighandler);
- alarm(seconds);
- if (seconds == 0) {
- /* alarm(0) cancelled any previous pending alarm, but the
- handler won't fire, so raise the flag straight away. */
- mbedtls_timing_alarmed = 1;
- }
-}
-
-#endif /* _WIN32 && !EFIX64 && !EFI32 */
-#endif /* !MBEDTLS_TIMING_ALT */
-
-static int myrand(void *rng_state, unsigned char *output, size_t len)
-{
- size_t use_len;
- int rnd;
-
- if (rng_state != NULL) {
- rng_state = NULL;
- }
-
- while (len > 0) {
- use_len = len;
- if (use_len > sizeof(int)) {
- use_len = sizeof(int);
- }
-
- rnd = rand();
- memcpy(output, &rnd, use_len);
- output += use_len;
- len -= use_len;
- }
-
- return 0;
-}
-
-#define CHECK_AND_CONTINUE(R) \
- { \
- int CHECK_AND_CONTINUE_ret = (R); \
- if (CHECK_AND_CONTINUE_ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED) { \
- mbedtls_printf("Feature not supported. Skipping.\n"); \
- continue; \
- } \
- else if (CHECK_AND_CONTINUE_ret != 0) { \
- mbedtls_exit(1); \
- } \
- }
-
-#if defined(MBEDTLS_ECP_C)
-static int set_ecp_curve(const char *string, mbedtls_ecp_curve_info *curve)
-{
- const mbedtls_ecp_curve_info *found =
- mbedtls_ecp_curve_info_from_name(string);
- if (found != NULL) {
- *curve = *found;
- return 1;
- } else {
- return 0;
- }
-}
-#endif
-
-unsigned char buf[BUFSIZE];
-
-typedef struct {
- char md5, ripemd160, sha1, sha256, sha512,
- sha3_224, sha3_256, sha3_384, sha3_512,
- des3, des,
- aes_cbc, aes_cfb128, aes_cfb8, aes_ctr, aes_gcm, aes_ccm, aes_xts, chachapoly,
- aes_cmac, des3_cmac,
- aria, camellia, chacha20,
- poly1305,
- ctr_drbg, hmac_drbg,
- rsa, dhm, ecdsa, ecdh;
-} todo_list;
-
-
-int main(int argc, char *argv[])
-{
- int i;
- unsigned char tmp[200];
- char title[TITLE_LEN];
- todo_list todo;
-#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
- unsigned char alloc_buf[HEAP_SIZE] = { 0 };
-#endif
-#if defined(MBEDTLS_ECP_C)
- mbedtls_ecp_curve_info single_curve[2] = {
- { MBEDTLS_ECP_DP_NONE, 0, 0, NULL },
- { MBEDTLS_ECP_DP_NONE, 0, 0, NULL },
- };
- const mbedtls_ecp_curve_info *curve_list = mbedtls_ecp_curve_list();
-#endif
-
-#if defined(MBEDTLS_ECP_C)
- (void) curve_list; /* Unused in some configurations where no benchmark uses ECC */
-#endif
-
- if (argc <= 1) {
- memset(&todo, 1, sizeof(todo));
- } else {
- memset(&todo, 0, sizeof(todo));
-
- for (i = 1; i < argc; i++) {
- if (strcmp(argv[i], "md5") == 0) {
- todo.md5 = 1;
- } else if (strcmp(argv[i], "ripemd160") == 0) {
- todo.ripemd160 = 1;
- } else if (strcmp(argv[i], "sha1") == 0) {
- todo.sha1 = 1;
- } else if (strcmp(argv[i], "sha256") == 0) {
- todo.sha256 = 1;
- } else if (strcmp(argv[i], "sha512") == 0) {
- todo.sha512 = 1;
- } else if (strcmp(argv[i], "sha3_224") == 0) {
- todo.sha3_224 = 1;
- } else if (strcmp(argv[i], "sha3_256") == 0) {
- todo.sha3_256 = 1;
- } else if (strcmp(argv[i], "sha3_384") == 0) {
- todo.sha3_384 = 1;
- } else if (strcmp(argv[i], "sha3_512") == 0) {
- todo.sha3_512 = 1;
- } else if (strcmp(argv[i], "des3") == 0) {
- todo.des3 = 1;
- } else if (strcmp(argv[i], "des") == 0) {
- todo.des = 1;
- } else if (strcmp(argv[i], "aes_cbc") == 0) {
- todo.aes_cbc = 1;
- } else if (strcmp(argv[i], "aes_cfb128") == 0) {
- todo.aes_cfb128 = 1;
- } else if (strcmp(argv[i], "aes_cfb8") == 0) {
- todo.aes_cfb8 = 1;
- } else if (strcmp(argv[i], "aes_ctr") == 0) {
- todo.aes_ctr = 1;
- } else if (strcmp(argv[i], "aes_xts") == 0) {
- todo.aes_xts = 1;
- } else if (strcmp(argv[i], "aes_gcm") == 0) {
- todo.aes_gcm = 1;
- } else if (strcmp(argv[i], "aes_ccm") == 0) {
- todo.aes_ccm = 1;
- } else if (strcmp(argv[i], "chachapoly") == 0) {
- todo.chachapoly = 1;
- } else if (strcmp(argv[i], "aes_cmac") == 0) {
- todo.aes_cmac = 1;
- } else if (strcmp(argv[i], "des3_cmac") == 0) {
- todo.des3_cmac = 1;
- } else if (strcmp(argv[i], "aria") == 0) {
- todo.aria = 1;
- } else if (strcmp(argv[i], "camellia") == 0) {
- todo.camellia = 1;
- } else if (strcmp(argv[i], "chacha20") == 0) {
- todo.chacha20 = 1;
- } else if (strcmp(argv[i], "poly1305") == 0) {
- todo.poly1305 = 1;
- } else if (strcmp(argv[i], "ctr_drbg") == 0) {
- todo.ctr_drbg = 1;
- } else if (strcmp(argv[i], "hmac_drbg") == 0) {
- todo.hmac_drbg = 1;
- } else if (strcmp(argv[i], "rsa") == 0) {
- todo.rsa = 1;
- } else if (strcmp(argv[i], "dhm") == 0) {
- todo.dhm = 1;
- } else if (strcmp(argv[i], "ecdsa") == 0) {
- todo.ecdsa = 1;
- } else if (strcmp(argv[i], "ecdh") == 0) {
- todo.ecdh = 1;
- }
-#if defined(MBEDTLS_ECP_C)
- else if (set_ecp_curve(argv[i], single_curve)) {
- curve_list = single_curve;
- }
-#endif
- else {
- mbedtls_printf("Unrecognized option: %s\n", argv[i]);
- mbedtls_printf("Available options: " OPTIONS);
- }
- }
- }
-
- mbedtls_printf("\n");
-
-#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
- mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf));
-#endif
- memset(buf, 0xAA, sizeof(buf));
- memset(tmp, 0xBB, sizeof(tmp));
-
- /* Avoid "unused static function" warning in configurations without
- * symmetric crypto. */
- (void) mbedtls_timing_hardclock;
-
-#if defined(MBEDTLS_MD5_C)
- if (todo.md5) {
- TIME_AND_TSC("MD5", mbedtls_md5(buf, BUFSIZE, tmp));
- }
-#endif
-
-#if defined(MBEDTLS_RIPEMD160_C)
- if (todo.ripemd160) {
- TIME_AND_TSC("RIPEMD160", mbedtls_ripemd160(buf, BUFSIZE, tmp));
- }
-#endif
-
-#if defined(MBEDTLS_SHA1_C)
- if (todo.sha1) {
- TIME_AND_TSC("SHA-1", mbedtls_sha1(buf, BUFSIZE, tmp));
- }
-#endif
-
-#if defined(MBEDTLS_SHA256_C)
- if (todo.sha256) {
- TIME_AND_TSC("SHA-256", mbedtls_sha256(buf, BUFSIZE, tmp, 0));
- }
-#endif
-
-#if defined(MBEDTLS_SHA512_C)
- if (todo.sha512) {
- TIME_AND_TSC("SHA-512", mbedtls_sha512(buf, BUFSIZE, tmp, 0));
- }
-#endif
-#if defined(MBEDTLS_SHA3_C)
- if (todo.sha3_224) {
- TIME_AND_TSC("SHA3-224", mbedtls_sha3(MBEDTLS_SHA3_224, buf, BUFSIZE, tmp, 28));
- }
- if (todo.sha3_256) {
- TIME_AND_TSC("SHA3-256", mbedtls_sha3(MBEDTLS_SHA3_256, buf, BUFSIZE, tmp, 32));
- }
- if (todo.sha3_384) {
- TIME_AND_TSC("SHA3-384", mbedtls_sha3(MBEDTLS_SHA3_384, buf, BUFSIZE, tmp, 48));
- }
- if (todo.sha3_512) {
- TIME_AND_TSC("SHA3-512", mbedtls_sha3(MBEDTLS_SHA3_512, buf, BUFSIZE, tmp, 64));
- }
-#endif
-
-#if defined(MBEDTLS_DES_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
- if (todo.des3) {
- mbedtls_des3_context des3;
-
- mbedtls_des3_init(&des3);
- if (mbedtls_des3_set3key_enc(&des3, tmp) != 0) {
- mbedtls_exit(1);
- }
- TIME_AND_TSC("3DES",
- mbedtls_des3_crypt_cbc(&des3, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf));
- mbedtls_des3_free(&des3);
- }
-
- if (todo.des) {
- mbedtls_des_context des;
-
- mbedtls_des_init(&des);
- if (mbedtls_des_setkey_enc(&des, tmp) != 0) {
- mbedtls_exit(1);
- }
- TIME_AND_TSC("DES",
- mbedtls_des_crypt_cbc(&des, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf));
- mbedtls_des_free(&des);
- }
-
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_CMAC_C)
- if (todo.des3_cmac) {
- unsigned char output[8];
- const mbedtls_cipher_info_t *cipher_info;
-
- memset(buf, 0, sizeof(buf));
- memset(tmp, 0, sizeof(tmp));
-
- cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_DES_EDE3_ECB);
-
- TIME_AND_TSC("3DES-CMAC",
- mbedtls_cipher_cmac(cipher_info, tmp, 192, buf,
- BUFSIZE, output));
- }
-#endif /* MBEDTLS_CMAC_C */
-#endif /* MBEDTLS_DES_C */
-
-#if defined(MBEDTLS_AES_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
- if (todo.aes_cbc) {
- int keysize;
- mbedtls_aes_context aes;
-
- mbedtls_aes_init(&aes);
- for (keysize = 128; keysize <= 256; keysize += 64) {
- mbedtls_snprintf(title, sizeof(title), "AES-CBC-%d", keysize);
-
- memset(buf, 0, sizeof(buf));
- memset(tmp, 0, sizeof(tmp));
- CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize));
-
- TIME_AND_TSC(title,
- mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_ENCRYPT, BUFSIZE, tmp, buf, buf));
- }
- mbedtls_aes_free(&aes);
- }
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
- if (todo.aes_cfb128) {
- int keysize;
- size_t iv_off = 0;
- mbedtls_aes_context aes;
-
- mbedtls_aes_init(&aes);
- for (keysize = 128; keysize <= 256; keysize += 64) {
- mbedtls_snprintf(title, sizeof(title), "AES-CFB128-%d", keysize);
-
- memset(buf, 0, sizeof(buf));
- memset(tmp, 0, sizeof(tmp));
- CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize));
-
- TIME_AND_TSC(title,
- mbedtls_aes_crypt_cfb128(&aes, MBEDTLS_AES_ENCRYPT, BUFSIZE,
- &iv_off, tmp, buf, buf));
- }
- mbedtls_aes_free(&aes);
- }
- if (todo.aes_cfb8) {
- int keysize;
- mbedtls_aes_context aes;
-
- mbedtls_aes_init(&aes);
- for (keysize = 128; keysize <= 256; keysize += 64) {
- mbedtls_snprintf(title, sizeof(title), "AES-CFB8-%d", keysize);
-
- memset(buf, 0, sizeof(buf));
- memset(tmp, 0, sizeof(tmp));
- CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize));
-
- TIME_AND_TSC(title,
- mbedtls_aes_crypt_cfb8(&aes, MBEDTLS_AES_ENCRYPT, BUFSIZE, tmp, buf, buf));
- }
- mbedtls_aes_free(&aes);
- }
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
- if (todo.aes_ctr) {
- int keysize;
- mbedtls_aes_context aes;
-
- uint8_t stream_block[16];
- size_t nc_off;
-
- mbedtls_aes_init(&aes);
- for (keysize = 128; keysize <= 256; keysize += 64) {
- mbedtls_snprintf(title, sizeof(title), "AES-CTR-%d", keysize);
-
- memset(buf, 0, sizeof(buf));
- memset(tmp, 0, sizeof(tmp));
- memset(stream_block, 0, sizeof(stream_block));
- nc_off = 0;
-
- CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize));
-
- TIME_AND_TSC(title, mbedtls_aes_crypt_ctr(&aes, BUFSIZE, &nc_off, tmp, stream_block,
- buf, buf));
- }
- mbedtls_aes_free(&aes);
- }
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
- if (todo.aes_xts) {
- int keysize;
- mbedtls_aes_xts_context ctx;
-
- mbedtls_aes_xts_init(&ctx);
- for (keysize = 128; keysize <= 256; keysize += 128) {
- mbedtls_snprintf(title, sizeof(title), "AES-XTS-%d", keysize);
-
- memset(buf, 0, sizeof(buf));
- memset(tmp, 0, sizeof(tmp));
- CHECK_AND_CONTINUE(mbedtls_aes_xts_setkey_enc(&ctx, tmp, keysize * 2));
-
- TIME_AND_TSC(title,
- mbedtls_aes_crypt_xts(&ctx, MBEDTLS_AES_ENCRYPT, BUFSIZE,
- tmp, buf, buf));
-
- mbedtls_aes_xts_free(&ctx);
- }
- }
-#endif
-#if defined(MBEDTLS_GCM_C)
- if (todo.aes_gcm) {
- int keysize;
- mbedtls_gcm_context gcm;
-
- mbedtls_gcm_init(&gcm);
- for (keysize = 128; keysize <= 256; keysize += 64) {
- mbedtls_snprintf(title, sizeof(title), "AES-GCM-%d", keysize);
-
- memset(buf, 0, sizeof(buf));
- memset(tmp, 0, sizeof(tmp));
- mbedtls_gcm_setkey(&gcm, MBEDTLS_CIPHER_ID_AES, tmp, keysize);
-
- TIME_AND_TSC(title,
- mbedtls_gcm_crypt_and_tag(&gcm, MBEDTLS_GCM_ENCRYPT, BUFSIZE, tmp,
- 12, NULL, 0, buf, buf, 16, tmp));
-
- mbedtls_gcm_free(&gcm);
- }
- }
-#endif
-#if defined(MBEDTLS_CCM_C)
- if (todo.aes_ccm) {
- int keysize;
- mbedtls_ccm_context ccm;
-
- mbedtls_ccm_init(&ccm);
- for (keysize = 128; keysize <= 256; keysize += 64) {
- mbedtls_snprintf(title, sizeof(title), "AES-CCM-%d", keysize);
-
- memset(buf, 0, sizeof(buf));
- memset(tmp, 0, sizeof(tmp));
- mbedtls_ccm_setkey(&ccm, MBEDTLS_CIPHER_ID_AES, tmp, keysize);
-
- TIME_AND_TSC(title,
- mbedtls_ccm_encrypt_and_tag(&ccm, BUFSIZE, tmp,
- 12, NULL, 0, buf, buf, tmp, 16));
-
- mbedtls_ccm_free(&ccm);
- }
- }
-#endif
-#if defined(MBEDTLS_CHACHAPOLY_C)
- if (todo.chachapoly) {
- mbedtls_chachapoly_context chachapoly;
-
- mbedtls_chachapoly_init(&chachapoly);
- memset(buf, 0, sizeof(buf));
- memset(tmp, 0, sizeof(tmp));
-
- mbedtls_snprintf(title, sizeof(title), "ChaCha20-Poly1305");
-
- mbedtls_chachapoly_setkey(&chachapoly, tmp);
-
- TIME_AND_TSC(title,
- mbedtls_chachapoly_encrypt_and_tag(&chachapoly,
- BUFSIZE, tmp, NULL, 0, buf, buf, tmp));
-
- mbedtls_chachapoly_free(&chachapoly);
- }
-#endif
-#if defined(MBEDTLS_CMAC_C)
- if (todo.aes_cmac) {
- unsigned char output[16];
- const mbedtls_cipher_info_t *cipher_info;
- mbedtls_cipher_type_t cipher_type;
- int keysize;
-
- for (keysize = 128, cipher_type = MBEDTLS_CIPHER_AES_128_ECB;
- keysize <= 256;
- keysize += 64, cipher_type++) {
- mbedtls_snprintf(title, sizeof(title), "AES-CMAC-%d", keysize);
-
- memset(buf, 0, sizeof(buf));
- memset(tmp, 0, sizeof(tmp));
-
- cipher_info = mbedtls_cipher_info_from_type(cipher_type);
-
- TIME_AND_TSC(title,
- mbedtls_cipher_cmac(cipher_info, tmp, keysize,
- buf, BUFSIZE, output));
- }
-
- memset(buf, 0, sizeof(buf));
- memset(tmp, 0, sizeof(tmp));
- TIME_AND_TSC("AES-CMAC-PRF-128",
- mbedtls_aes_cmac_prf_128(tmp, 16, buf, BUFSIZE,
- output));
- }
-#endif /* MBEDTLS_CMAC_C */
-#endif /* MBEDTLS_AES_C */
-
-#if defined(MBEDTLS_ARIA_C) && defined(MBEDTLS_CIPHER_MODE_CBC)
- if (todo.aria) {
- int keysize;
- mbedtls_aria_context aria;
-
- mbedtls_aria_init(&aria);
- for (keysize = 128; keysize <= 256; keysize += 64) {
- mbedtls_snprintf(title, sizeof(title), "ARIA-CBC-%d", keysize);
-
- memset(buf, 0, sizeof(buf));
- memset(tmp, 0, sizeof(tmp));
- mbedtls_aria_setkey_enc(&aria, tmp, keysize);
-
- TIME_AND_TSC(title,
- mbedtls_aria_crypt_cbc(&aria, MBEDTLS_ARIA_ENCRYPT,
- BUFSIZE, tmp, buf, buf));
- }
- mbedtls_aria_free(&aria);
- }
-#endif
-
-#if defined(MBEDTLS_CAMELLIA_C) && defined(MBEDTLS_CIPHER_MODE_CBC)
- if (todo.camellia) {
- int keysize;
- mbedtls_camellia_context camellia;
-
- mbedtls_camellia_init(&camellia);
- for (keysize = 128; keysize <= 256; keysize += 64) {
- mbedtls_snprintf(title, sizeof(title), "CAMELLIA-CBC-%d", keysize);
-
- memset(buf, 0, sizeof(buf));
- memset(tmp, 0, sizeof(tmp));
- mbedtls_camellia_setkey_enc(&camellia, tmp, keysize);
-
- TIME_AND_TSC(title,
- mbedtls_camellia_crypt_cbc(&camellia, MBEDTLS_CAMELLIA_ENCRYPT,
- BUFSIZE, tmp, buf, buf));
- }
- mbedtls_camellia_free(&camellia);
- }
-#endif
-
-#if defined(MBEDTLS_CHACHA20_C)
- if (todo.chacha20) {
- TIME_AND_TSC("ChaCha20", mbedtls_chacha20_crypt(buf, buf, 0U, BUFSIZE, buf, buf));
- }
-#endif
-
-#if defined(MBEDTLS_POLY1305_C)
- if (todo.poly1305) {
- TIME_AND_TSC("Poly1305", mbedtls_poly1305_mac(buf, buf, BUFSIZE, buf));
- }
-#endif
-
-#if defined(MBEDTLS_CTR_DRBG_C)
- if (todo.ctr_drbg) {
- mbedtls_ctr_drbg_context ctr_drbg;
-
- mbedtls_ctr_drbg_init(&ctr_drbg);
- if (mbedtls_ctr_drbg_seed(&ctr_drbg, myrand, NULL, NULL, 0) != 0) {
- mbedtls_exit(1);
- }
- TIME_AND_TSC("CTR_DRBG (NOPR)",
- mbedtls_ctr_drbg_random(&ctr_drbg, buf, BUFSIZE));
- mbedtls_ctr_drbg_free(&ctr_drbg);
-
- mbedtls_ctr_drbg_init(&ctr_drbg);
- if (mbedtls_ctr_drbg_seed(&ctr_drbg, myrand, NULL, NULL, 0) != 0) {
- mbedtls_exit(1);
- }
- mbedtls_ctr_drbg_set_prediction_resistance(&ctr_drbg, MBEDTLS_CTR_DRBG_PR_ON);
- TIME_AND_TSC("CTR_DRBG (PR)",
- mbedtls_ctr_drbg_random(&ctr_drbg, buf, BUFSIZE));
- mbedtls_ctr_drbg_free(&ctr_drbg);
- }
-#endif
-
-#if defined(MBEDTLS_HMAC_DRBG_C) && \
- (defined(MBEDTLS_SHA1_C) || defined(MBEDTLS_SHA256_C))
- if (todo.hmac_drbg) {
- mbedtls_hmac_drbg_context hmac_drbg;
- const mbedtls_md_info_t *md_info;
-
- mbedtls_hmac_drbg_init(&hmac_drbg);
-
-#if defined(MBEDTLS_SHA1_C)
- if ((md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1)) == NULL) {
- mbedtls_exit(1);
- }
-
- if (mbedtls_hmac_drbg_seed(&hmac_drbg, md_info, myrand, NULL, NULL, 0) != 0) {
- mbedtls_exit(1);
- }
- TIME_AND_TSC("HMAC_DRBG SHA-1 (NOPR)",
- mbedtls_hmac_drbg_random(&hmac_drbg, buf, BUFSIZE));
-
- if (mbedtls_hmac_drbg_seed(&hmac_drbg, md_info, myrand, NULL, NULL, 0) != 0) {
- mbedtls_exit(1);
- }
- mbedtls_hmac_drbg_set_prediction_resistance(&hmac_drbg,
- MBEDTLS_HMAC_DRBG_PR_ON);
- TIME_AND_TSC("HMAC_DRBG SHA-1 (PR)",
- mbedtls_hmac_drbg_random(&hmac_drbg, buf, BUFSIZE));
-#endif
-
-#if defined(MBEDTLS_SHA256_C)
- if ((md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256)) == NULL) {
- mbedtls_exit(1);
- }
-
- if (mbedtls_hmac_drbg_seed(&hmac_drbg, md_info, myrand, NULL, NULL, 0) != 0) {
- mbedtls_exit(1);
- }
- TIME_AND_TSC("HMAC_DRBG SHA-256 (NOPR)",
- mbedtls_hmac_drbg_random(&hmac_drbg, buf, BUFSIZE));
-
- if (mbedtls_hmac_drbg_seed(&hmac_drbg, md_info, myrand, NULL, NULL, 0) != 0) {
- mbedtls_exit(1);
- }
- mbedtls_hmac_drbg_set_prediction_resistance(&hmac_drbg,
- MBEDTLS_HMAC_DRBG_PR_ON);
- TIME_AND_TSC("HMAC_DRBG SHA-256 (PR)",
- mbedtls_hmac_drbg_random(&hmac_drbg, buf, BUFSIZE));
-#endif
- mbedtls_hmac_drbg_free(&hmac_drbg);
- }
-#endif /* MBEDTLS_HMAC_DRBG_C && ( MBEDTLS_SHA1_C || MBEDTLS_SHA256_C ) */
-
-#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
- if (todo.rsa) {
- int keysize;
- mbedtls_rsa_context rsa;
-
- for (keysize = 2048; keysize <= 4096; keysize += 1024) {
- mbedtls_snprintf(title, sizeof(title), "RSA-%d", keysize);
-
- mbedtls_rsa_init(&rsa);
- mbedtls_rsa_gen_key(&rsa, myrand, NULL, keysize, 65537);
-
- TIME_PUBLIC(title, " public",
- buf[0] = 0;
- ret = mbedtls_rsa_public(&rsa, buf, buf));
-
- TIME_PUBLIC(title, "private",
- buf[0] = 0;
- ret = mbedtls_rsa_private(&rsa, myrand, NULL, buf, buf));
-
- mbedtls_rsa_free(&rsa);
- }
- }
-#endif
-
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_BIGNUM_C)
- if (todo.dhm) {
- int dhm_sizes[] = { 2048, 3072 };
- static const unsigned char dhm_P_2048[] =
- MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN;
- static const unsigned char dhm_P_3072[] =
- MBEDTLS_DHM_RFC3526_MODP_3072_P_BIN;
- static const unsigned char dhm_G_2048[] =
- MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN;
- static const unsigned char dhm_G_3072[] =
- MBEDTLS_DHM_RFC3526_MODP_3072_G_BIN;
-
- const unsigned char *dhm_P[] = { dhm_P_2048, dhm_P_3072 };
- const size_t dhm_P_size[] = { sizeof(dhm_P_2048),
- sizeof(dhm_P_3072) };
-
- const unsigned char *dhm_G[] = { dhm_G_2048, dhm_G_3072 };
- const size_t dhm_G_size[] = { sizeof(dhm_G_2048),
- sizeof(dhm_G_3072) };
-
- mbedtls_dhm_context dhm;
- size_t olen;
- size_t n;
- mbedtls_mpi P, G;
- mbedtls_mpi_init(&P); mbedtls_mpi_init(&G);
-
- for (i = 0; (size_t) i < sizeof(dhm_sizes) / sizeof(dhm_sizes[0]); i++) {
- mbedtls_dhm_init(&dhm);
-
- if (mbedtls_mpi_read_binary(&P, dhm_P[i],
- dhm_P_size[i]) != 0 ||
- mbedtls_mpi_read_binary(&G, dhm_G[i],
- dhm_G_size[i]) != 0 ||
- mbedtls_dhm_set_group(&dhm, &P, &G) != 0) {
- mbedtls_exit(1);
- }
-
- n = mbedtls_dhm_get_len(&dhm);
- mbedtls_dhm_make_public(&dhm, (int) n, buf, n, myrand, NULL);
-
- if (mbedtls_dhm_read_public(&dhm, buf, n) != 0) {
- mbedtls_exit(1);
- }
-
- mbedtls_snprintf(title, sizeof(title), "DHE-%d", dhm_sizes[i]);
- TIME_PUBLIC(title, "handshake",
- ret |= mbedtls_dhm_make_public(&dhm, (int) n, buf, n,
- myrand, NULL);
- ret |=
- mbedtls_dhm_calc_secret(&dhm, buf, sizeof(buf), &olen, myrand, NULL));
-
- mbedtls_snprintf(title, sizeof(title), "DH-%d", dhm_sizes[i]);
- TIME_PUBLIC(title, "handshake",
- ret |=
- mbedtls_dhm_calc_secret(&dhm, buf, sizeof(buf), &olen, myrand, NULL));
-
- mbedtls_dhm_free(&dhm);
- mbedtls_mpi_free(&P), mbedtls_mpi_free(&G);
- }
- }
-#endif
-
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA256_C)
- if (todo.ecdsa) {
- mbedtls_ecdsa_context ecdsa;
- const mbedtls_ecp_curve_info *curve_info;
- size_t sig_len;
-
- memset(buf, 0x2A, sizeof(buf));
-
- for (curve_info = curve_list;
- curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
- curve_info++) {
- if (!mbedtls_ecdsa_can_do(curve_info->grp_id)) {
- continue;
- }
-
- mbedtls_ecdsa_init(&ecdsa);
-
- if (mbedtls_ecdsa_genkey(&ecdsa, curve_info->grp_id, myrand, NULL) != 0) {
- mbedtls_exit(1);
- }
-
- mbedtls_snprintf(title, sizeof(title), "ECDSA-%s",
- curve_info->name);
- TIME_PUBLIC(title,
- "sign",
- ret =
- mbedtls_ecdsa_write_signature(&ecdsa, MBEDTLS_MD_SHA256, buf,
- curve_info->bit_size,
- tmp, sizeof(tmp), &sig_len, myrand,
- NULL));
-
- mbedtls_ecdsa_free(&ecdsa);
- }
-
- for (curve_info = curve_list;
- curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
- curve_info++) {
- if (!mbedtls_ecdsa_can_do(curve_info->grp_id)) {
- continue;
- }
-
- mbedtls_ecdsa_init(&ecdsa);
-
- if (mbedtls_ecdsa_genkey(&ecdsa, curve_info->grp_id, myrand, NULL) != 0 ||
- mbedtls_ecdsa_write_signature(&ecdsa, MBEDTLS_MD_SHA256, buf, curve_info->bit_size,
- tmp, sizeof(tmp), &sig_len, myrand, NULL) != 0) {
- mbedtls_exit(1);
- }
-
- mbedtls_snprintf(title, sizeof(title), "ECDSA-%s",
- curve_info->name);
- TIME_PUBLIC(title, "verify",
- ret = mbedtls_ecdsa_read_signature(&ecdsa, buf, curve_info->bit_size,
- tmp, sig_len));
-
- mbedtls_ecdsa_free(&ecdsa);
- }
- }
-#endif
-
-#if defined(MBEDTLS_ECDH_C)
- if (todo.ecdh) {
- mbedtls_ecdh_context ecdh_srv, ecdh_cli;
- unsigned char buf_srv[BUFSIZE], buf_cli[BUFSIZE];
- const mbedtls_ecp_curve_info *curve_info;
- size_t params_len, publen, seclen;
-
- for (curve_info = curve_list;
- curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
- curve_info++) {
- if (!mbedtls_ecdh_can_do(curve_info->grp_id)) {
- continue;
- }
-
- mbedtls_ecdh_init(&ecdh_srv);
-
- CHECK_AND_CONTINUE(mbedtls_ecdh_setup(&ecdh_srv, curve_info->grp_id));
- CHECK_AND_CONTINUE(mbedtls_ecdh_make_params(&ecdh_srv, ¶ms_len, buf_srv,
- sizeof(buf_srv), myrand, NULL));
-
- mbedtls_snprintf(title, sizeof(title), "ECDHE-%s", curve_info->name);
- TIME_PUBLIC(title,
- "ephemeral handshake",
- const unsigned char *p_srv = buf_srv;
- mbedtls_ecdh_init(&ecdh_cli);
-
- CHECK_AND_CONTINUE(mbedtls_ecdh_read_params(&ecdh_cli, &p_srv,
- p_srv + params_len));
- CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh_cli, &publen, buf_cli,
- sizeof(buf_cli), myrand, NULL));
-
- CHECK_AND_CONTINUE(mbedtls_ecdh_calc_secret(&ecdh_cli, &seclen, buf_cli,
- sizeof(buf_cli), myrand, NULL));
- mbedtls_ecdh_free(&ecdh_cli);
- );
-
- mbedtls_ecdh_free(&ecdh_srv);
- }
-
- for (curve_info = curve_list;
- curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
- curve_info++) {
- if (!mbedtls_ecdh_can_do(curve_info->grp_id)) {
- continue;
- }
-
- mbedtls_ecdh_init(&ecdh_srv);
- mbedtls_ecdh_init(&ecdh_cli);
-
- CHECK_AND_CONTINUE(mbedtls_ecdh_setup(&ecdh_srv, curve_info->grp_id));
- CHECK_AND_CONTINUE(mbedtls_ecdh_make_params(&ecdh_srv, ¶ms_len, buf_srv,
- sizeof(buf_srv), myrand, NULL));
-
- const unsigned char *p_srv = buf_srv;
- CHECK_AND_CONTINUE(mbedtls_ecdh_read_params(&ecdh_cli, &p_srv,
- p_srv + params_len));
- CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh_cli, &publen, buf_cli,
- sizeof(buf_cli), myrand, NULL));
-
-
- mbedtls_snprintf(title, sizeof(title), "ECDH-%s", curve_info->name);
- TIME_PUBLIC(title,
- "static handshake",
- CHECK_AND_CONTINUE(mbedtls_ecdh_calc_secret(&ecdh_cli, &seclen, buf_cli,
- sizeof(buf_cli), myrand, NULL));
- );
-
- mbedtls_ecdh_free(&ecdh_cli);
- mbedtls_ecdh_free(&ecdh_srv);
- }
- }
-#endif
-
- mbedtls_printf("\n");
-
-#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
- mbedtls_memory_buffer_alloc_free();
-#endif
-
- mbedtls_exit(0);
-}
-
-#endif /* MBEDTLS_HAVE_TIME */
diff --git a/programs/test/dlopen_demo.sh b/programs/test/dlopen_demo.sh
deleted file mode 100755
index 7280f1d..0000000
--- a/programs/test/dlopen_demo.sh
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/bin/sh
-
-# Run the shared library dynamic loading demo program.
-# This is only expected to work when Mbed TLS is built as a shared library.
-
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-. "${0%/*}/../demo_common.sh"
-
-msg "Test the dynamic loading of libmbed*"
-
-program="$programs_dir/test/dlopen"
-library_dir="$root_dir/library"
-
-# Skip this test if we don't have a shared library build. Detect this
-# through the absence of the demo program.
-if [ ! -e "$program" ]; then
- msg "$0: this demo requires a shared library build."
- # Exit with a success status so that this counts as a pass for run_demos.py.
- exit
-fi
-
-# ELF-based Unix-like (Linux, *BSD, Solaris, ...)
-if [ -n "${LD_LIBRARY_PATH-}" ]; then
- LD_LIBRARY_PATH="$library_dir:$LD_LIBRARY_PATH"
-else
- LD_LIBRARY_PATH="$library_dir"
-fi
-export LD_LIBRARY_PATH
-
-# OSX/macOS
-if [ -n "${DYLD_LIBRARY_PATH-}" ]; then
- DYLD_LIBRARY_PATH="$library_dir:$DYLD_LIBRARY_PATH"
-else
- DYLD_LIBRARY_PATH="$library_dir"
-fi
-export DYLD_LIBRARY_PATH
-
-msg "Running dynamic loading test program: $program"
-msg "Loading libraries from: $library_dir"
-"$program"
diff --git a/programs/test/metatest.c b/programs/test/metatest.c
deleted file mode 100644
index f39cb54..0000000
--- a/programs/test/metatest.c
+++ /dev/null
@@ -1,484 +0,0 @@
-/** \file metatest.c
- *
- * \brief Test features of the test framework.
- *
- * When you run this program, it runs a single "meta-test". A meta-test
- * performs an operation which should be caught as a failure by our
- * test framework. The meta-test passes if this program calls `exit` with
- * a nonzero status, or aborts, or is terminated by a signal, or if the
- * framework running the program considers the run an error (this happens
- * with Valgrind for a memory leak). The non-success of the meta-test
- * program means that the test failure has been caught correctly.
- *
- * Some failures are purely functional: the logic of the code causes the
- * test result to be set to FAIL. Other failures come from extra
- * instrumentation which is not present in a normal build; for example,
- * Asan or Valgrind to detect memory leaks. This is reflected by the
- * "platform" associated with each meta-test.
- *
- * Use the companion script `tests/scripts/run-metatests.sh` to run all
- * the meta-tests for a given platform and validate that they trigger a
- * detected failure as expected.
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-
-#include <mbedtls/debug.h>
-#include <mbedtls/platform.h>
-#include <mbedtls/platform_util.h>
-#include "test/helpers.h"
-#include "test/threading_helpers.h"
-#include "test/macros.h"
-#include "test/memory.h"
-#include "common.h"
-
-#include <stdio.h>
-#include <string.h>
-
-#if defined(MBEDTLS_THREADING_C)
-#include <mbedtls/threading.h>
-#endif
-
-
-/* This is an external variable, so the compiler doesn't know that we're never
- * changing its value.
- */
-volatile int false_but_the_compiler_does_not_know = 0;
-
-/* Hide calls to calloc/free from static checkers such as
- * `gcc-12 -Wuse-after-free`, to avoid compile-time complaints about
- * code where we do mean to cause a runtime error. */
-void * (* volatile calloc_but_the_compiler_does_not_know)(size_t, size_t) = mbedtls_calloc;
-void(*volatile free_but_the_compiler_does_not_know)(void *) = mbedtls_free;
-
-/* Set n bytes at the address p to all-bits-zero, in such a way that
- * the compiler should not know that p is all-bits-zero. */
-static void set_to_zero_but_the_compiler_does_not_know(volatile void *p, size_t n)
-{
- memset((void *) p, false_but_the_compiler_does_not_know, n);
-}
-
-/* Simulate an access to the given object, to avoid compiler optimizations
- * in code that prepares or consumes the object. */
-static void do_nothing_with_object(void *p)
-{
- (void) p;
-}
-void(*volatile do_nothing_with_object_but_the_compiler_does_not_know)(void *) =
- do_nothing_with_object;
-
-
-/****************************************************************/
-/* Test framework features */
-/****************************************************************/
-
-static void meta_test_fail(const char *name)
-{
- (void) name;
- mbedtls_test_fail("Forced test failure", __LINE__, __FILE__);
-}
-
-static void meta_test_not_equal(const char *name)
-{
- int left = 20;
- int right = 10;
-
- (void) name;
-
- TEST_EQUAL(left, right);
-exit:
- ;
-}
-
-static void meta_test_not_le_s(const char *name)
-{
- int left = 20;
- int right = 10;
-
- (void) name;
-
- TEST_LE_S(left, right);
-exit:
- ;
-}
-
-static void meta_test_not_le_u(const char *name)
-{
- size_t left = 20;
- size_t right = 10;
-
- (void) name;
-
- TEST_LE_U(left, right);
-exit:
- ;
-}
-
-/****************************************************************/
-/* Platform features */
-/****************************************************************/
-
-static void null_pointer_dereference(const char *name)
-{
- (void) name;
- volatile char *volatile p;
- set_to_zero_but_the_compiler_does_not_know(&p, sizeof(p));
- /* Undefined behavior (read from null data pointer) */
- mbedtls_printf("%p -> %u\n", (void *) p, (unsigned) *p);
-}
-
-static void null_pointer_call(const char *name)
-{
- (void) name;
- unsigned(*volatile p)(void);
- set_to_zero_but_the_compiler_does_not_know(&p, sizeof(p));
- /* Undefined behavior (execute null function pointer) */
- /* The pointer representation may be truncated, but we don't care:
- * the only point of printing it is to have some use of the pointer
- * to dissuade the compiler from optimizing it away. */
- mbedtls_printf("%lx() -> %u\n", (unsigned long) (uintptr_t) p, p());
-}
-
-
-/****************************************************************/
-/* Memory */
-/****************************************************************/
-
-static void read_after_free(const char *name)
-{
- (void) name;
- volatile char *p = calloc_but_the_compiler_does_not_know(1, 1);
- *p = 'a';
- free_but_the_compiler_does_not_know((void *) p);
- /* Undefined behavior (read after free) */
- mbedtls_printf("%u\n", (unsigned) *p);
-}
-
-static void double_free(const char *name)
-{
- (void) name;
- volatile char *p = calloc_but_the_compiler_does_not_know(1, 1);
- *p = 'a';
- free_but_the_compiler_does_not_know((void *) p);
- /* Undefined behavior (double free) */
- free_but_the_compiler_does_not_know((void *) p);
-}
-
-static void read_uninitialized_stack(const char *name)
-{
- (void) name;
- char buf[1];
- if (false_but_the_compiler_does_not_know) {
- buf[0] = '!';
- }
- char *volatile p = buf;
- if (*p != 0) {
- /* Unspecified result (read from uninitialized memory) */
- mbedtls_printf("%u\n", (unsigned) *p);
- }
-}
-
-static void memory_leak(const char *name)
-{
- (void) name;
- volatile char *p = calloc_but_the_compiler_does_not_know(1, 1);
- mbedtls_printf("%u\n", (unsigned) *p);
- /* Leak of a heap object */
-}
-
-/* name = "test_memory_poison_%(start)_%(offset)_%(count)_%(direction)"
- * Poison a region starting at start from an 8-byte aligned origin,
- * encompassing count bytes. Access the region at offset from the start.
- * %(start), %(offset) and %(count) are decimal integers.
- * %(direction) is either the character 'r' for read or 'w' for write.
- */
-static void test_memory_poison(const char *name)
-{
- size_t start = 0, offset = 0, count = 0;
- char direction = 'r';
- if (sscanf(name,
- "%*[^0-9]%" MBEDTLS_PRINTF_SIZET
- "%*[^0-9]%" MBEDTLS_PRINTF_SIZET
- "%*[^0-9]%" MBEDTLS_PRINTF_SIZET
- "_%c",
- &start, &offset, &count, &direction) != 4) {
- mbedtls_fprintf(stderr, "%s: Bad name format: %s\n", __func__, name);
- return;
- }
-
- union {
- long long ll;
- unsigned char buf[32];
- } aligned;
- memset(aligned.buf, 'a', sizeof(aligned.buf));
-
- if (start > sizeof(aligned.buf)) {
- mbedtls_fprintf(stderr,
- "%s: start=%" MBEDTLS_PRINTF_SIZET
- " > size=%" MBEDTLS_PRINTF_SIZET,
- __func__, start, sizeof(aligned.buf));
- return;
- }
- if (start + count > sizeof(aligned.buf)) {
- mbedtls_fprintf(stderr,
- "%s: start+count=%" MBEDTLS_PRINTF_SIZET
- " > size=%" MBEDTLS_PRINTF_SIZET,
- __func__, start + count, sizeof(aligned.buf));
- return;
- }
- if (offset >= count) {
- mbedtls_fprintf(stderr,
- "%s: offset=%" MBEDTLS_PRINTF_SIZET
- " >= count=%" MBEDTLS_PRINTF_SIZET,
- __func__, offset, count);
- return;
- }
-
- MBEDTLS_TEST_MEMORY_POISON(aligned.buf + start, count);
-
- if (direction == 'w') {
- aligned.buf[start + offset] = 'b';
- do_nothing_with_object_but_the_compiler_does_not_know(aligned.buf);
- } else {
- do_nothing_with_object_but_the_compiler_does_not_know(aligned.buf);
- mbedtls_printf("%u\n", (unsigned) aligned.buf[start + offset]);
- }
-}
-
-
-/****************************************************************/
-/* Threading */
-/****************************************************************/
-
-static void mutex_lock_not_initialized(const char *name)
-{
- (void) name;
-#if defined(MBEDTLS_THREADING_C)
- mbedtls_threading_mutex_t mutex;
- memset(&mutex, 0, sizeof(mutex));
- /* This mutex usage error is detected by our test framework's mutex usage
- * verification framework. See framework/tests/src/threading_helpers.c. Other
- * threading implementations (e.g. pthread without our instrumentation)
- * might consider this normal usage. */
- TEST_ASSERT(mbedtls_mutex_lock(&mutex) == 0);
-exit:
- ;
-#endif
-}
-
-static void mutex_unlock_not_initialized(const char *name)
-{
- (void) name;
-#if defined(MBEDTLS_THREADING_C)
- mbedtls_threading_mutex_t mutex;
- memset(&mutex, 0, sizeof(mutex));
- /* This mutex usage error is detected by our test framework's mutex usage
- * verification framework. See framework/tests/src/threading_helpers.c. Other
- * threading implementations (e.g. pthread without our instrumentation)
- * might consider this normal usage. */
- TEST_ASSERT(mbedtls_mutex_unlock(&mutex) == 0);
-exit:
- ;
-#endif
-}
-
-static void mutex_free_not_initialized(const char *name)
-{
- (void) name;
-#if defined(MBEDTLS_THREADING_C)
- mbedtls_threading_mutex_t mutex;
- memset(&mutex, 0, sizeof(mutex));
- /* This mutex usage error is detected by our test framework's mutex usage
- * verification framework. See framework/tests/src/threading_helpers.c. Other
- * threading implementations (e.g. pthread without our instrumentation)
- * might consider this normal usage. */
- mbedtls_mutex_free(&mutex);
-#endif
-}
-
-static void mutex_double_init(const char *name)
-{
- (void) name;
-#if defined(MBEDTLS_THREADING_C)
- mbedtls_threading_mutex_t mutex;
- mbedtls_mutex_init(&mutex);
- /* This mutex usage error is detected by our test framework's mutex usage
- * verification framework. See framework/tests/src/threading_helpers.c. Other
- * threading implementations (e.g. pthread without our instrumentation)
- * might consider this normal usage. */
- mbedtls_mutex_init(&mutex);
- mbedtls_mutex_free(&mutex);
-#endif
-}
-
-static void mutex_double_free(const char *name)
-{
- (void) name;
-#if defined(MBEDTLS_THREADING_C)
- mbedtls_threading_mutex_t mutex;
- mbedtls_mutex_init(&mutex);
- mbedtls_mutex_free(&mutex);
- /* This mutex usage error is detected by our test framework's mutex usage
- * verification framework. See framework/tests/src/threading_helpers.c. Other
- * threading implementations (e.g. pthread without our instrumentation)
- * might consider this normal usage. */
- mbedtls_mutex_free(&mutex);
-#endif
-}
-
-static void mutex_leak(const char *name)
-{
- (void) name;
-#if defined(MBEDTLS_THREADING_C)
- mbedtls_threading_mutex_t mutex;
- mbedtls_mutex_init(&mutex);
-#endif
- /* This mutex usage error is detected by our test framework's mutex usage
- * verification framework. See framework/tests/src/threading_helpers.c. Other
- * threading implementations (e.g. pthread without our instrumentation)
- * might consider this normal usage. */
-}
-
-
-/****************************************************************/
-/* Command line entry point */
-/****************************************************************/
-
-typedef struct {
- /** Command line argument that will trigger that metatest.
- *
- * Conventionally matches "[a-z0-9_]+". */
- const char *name;
-
- /** Platform under which that metatest is valid.
- *
- * - "any": should work anywhere.
- * - "asan": triggers ASan (Address Sanitizer).
- * - "msan": triggers MSan (Memory Sanitizer).
- * - "pthread": requires MBEDTLS_THREADING_PTHREAD and MBEDTLS_TEST_HOOKS,
- * which enables MBEDTLS_TEST_MUTEX_USAGE internally in the test
- * framework (see framework/tests/src/threading_helpers.c).
- */
- const char *platform;
-
- /** Function that performs the metatest.
- *
- * The function receives the name as an argument. This allows using the
- * same function to perform multiple variants of a test based on the name.
- *
- * When executed on a conforming platform, the function is expected to
- * either cause a test failure (mbedtls_test_fail()), or cause the
- * program to abort in some way (e.g. by causing a segfault or by
- * triggering a sanitizer).
- *
- * When executed on a non-conforming platform, the function may return
- * normally or may have unpredictable behavior.
- */
- void (*entry_point)(const char *name);
-} metatest_t;
-
-/* The list of available meta-tests. Remember to register new functions here!
- *
- * Note that we always compile all the functions, so that `metatest --list`
- * will always list all the available meta-tests.
- *
- * See the documentation of metatest_t::platform for the meaning of
- * platform values.
- */
-metatest_t metatests[] = {
- { "test_fail", "any", meta_test_fail },
- { "test_not_equal", "any", meta_test_not_equal },
- { "test_not_le_s", "any", meta_test_not_le_s },
- { "test_not_le_u", "any", meta_test_not_le_u },
- { "null_dereference", "any", null_pointer_dereference },
- { "null_call", "any", null_pointer_call },
- { "read_after_free", "asan", read_after_free },
- { "double_free", "asan", double_free },
- { "read_uninitialized_stack", "msan", read_uninitialized_stack },
- { "memory_leak", "asan", memory_leak },
- { "test_memory_poison_0_0_8_r", "poison", test_memory_poison },
- { "test_memory_poison_0_0_8_w", "poison", test_memory_poison },
- { "test_memory_poison_0_7_8_r", "poison", test_memory_poison },
- { "test_memory_poison_0_7_8_w", "poison", test_memory_poison },
- { "test_memory_poison_0_0_1_r", "poison", test_memory_poison },
- { "test_memory_poison_0_0_1_w", "poison", test_memory_poison },
- { "test_memory_poison_0_1_2_r", "poison", test_memory_poison },
- { "test_memory_poison_0_1_2_w", "poison", test_memory_poison },
- { "test_memory_poison_7_0_8_r", "poison", test_memory_poison },
- { "test_memory_poison_7_0_8_w", "poison", test_memory_poison },
- { "test_memory_poison_7_7_8_r", "poison", test_memory_poison },
- { "test_memory_poison_7_7_8_w", "poison", test_memory_poison },
- { "test_memory_poison_7_0_1_r", "poison", test_memory_poison },
- { "test_memory_poison_7_0_1_w", "poison", test_memory_poison },
- { "test_memory_poison_7_1_2_r", "poison", test_memory_poison },
- { "test_memory_poison_7_1_2_w", "poison", test_memory_poison },
- { "mutex_lock_not_initialized", "pthread", mutex_lock_not_initialized },
- { "mutex_unlock_not_initialized", "pthread", mutex_unlock_not_initialized },
- { "mutex_free_not_initialized", "pthread", mutex_free_not_initialized },
- { "mutex_double_init", "pthread", mutex_double_init },
- { "mutex_double_free", "pthread", mutex_double_free },
- { "mutex_leak", "pthread", mutex_leak },
- { NULL, NULL, NULL }
-};
-
-static void help(FILE *out, const char *argv0)
-{
- mbedtls_fprintf(out, "Usage: %s list|TEST\n", argv0);
- mbedtls_fprintf(out, "Run a meta-test that should cause a test failure.\n");
- mbedtls_fprintf(out, "With 'list', list the available tests and their platform requirement.\n");
-}
-
-int main(int argc, char *argv[])
-{
- const char *argv0 = argc > 0 ? argv[0] : "metatest";
- if (argc != 2) {
- help(stderr, argv0);
- mbedtls_exit(MBEDTLS_EXIT_FAILURE);
- }
-
- /* Support "-help", "--help", "--list", etc. */
- const char *command = argv[1];
- while (*command == '-') {
- ++command;
- }
-
- if (strcmp(argv[1], "help") == 0) {
- help(stdout, argv0);
- mbedtls_exit(MBEDTLS_EXIT_SUCCESS);
- }
- if (strcmp(argv[1], "list") == 0) {
- for (const metatest_t *p = metatests; p->name != NULL; p++) {
- mbedtls_printf("%s %s\n", p->name, p->platform);
- }
- mbedtls_exit(MBEDTLS_EXIT_SUCCESS);
- }
-
-#if defined(MBEDTLS_TEST_MUTEX_USAGE)
- mbedtls_test_mutex_usage_init();
-#endif
-
- for (const metatest_t *p = metatests; p->name != NULL; p++) {
- if (strcmp(argv[1], p->name) == 0) {
- mbedtls_printf("Running metatest %s...\n", argv[1]);
- p->entry_point(argv[1]);
-#if defined(MBEDTLS_TEST_MUTEX_USAGE)
- mbedtls_test_mutex_usage_check();
-#endif
- int result = (int) mbedtls_test_get_result();
-
- mbedtls_printf("Running metatest %s... done, result=%d\n",
- argv[1], result);
- mbedtls_exit(result == MBEDTLS_TEST_RESULT_SUCCESS ?
- MBEDTLS_EXIT_SUCCESS :
- MBEDTLS_EXIT_FAILURE);
- }
- }
-
- mbedtls_fprintf(stderr, "%s: FATAL: No such metatest: %s\n",
- argv0, command);
- mbedtls_exit(MBEDTLS_EXIT_FAILURE);
-}
diff --git a/programs/test/query_compile_time_config.c b/programs/test/query_compile_time_config.c
deleted file mode 100644
index a70e6da..0000000
--- a/programs/test/query_compile_time_config.c
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Query the Mbed TLS compile time configuration
- *
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/platform.h"
-
-#define USAGE \
- "usage: %s [ -all | -any | -l ] <MBEDTLS_CONFIG> ...\n\n" \
- "This program takes command line arguments which correspond to\n" \
- "the string representation of Mbed TLS compile time configurations.\n\n" \
- "If \"--all\" and \"--any\" are not used, then, if all given arguments\n" \
- "are defined in the Mbed TLS build, 0 is returned; otherwise 1 is\n" \
- "returned. Macro expansions of configurations will be printed (if any).\n" \
- "-l\tPrint all available configuration.\n" \
- "-all\tReturn 0 if all configurations are defined. Otherwise, return 1\n" \
- "-any\tReturn 0 if any configuration is defined. Otherwise, return 1\n" \
- "-h\tPrint this usage\n"
-
-#include <string.h>
-#include "query_config.h"
-
-int main(int argc, char *argv[])
-{
- int i;
-
- if (argc < 2 || strcmp(argv[1], "-h") == 0) {
- mbedtls_printf(USAGE, argv[0]);
- return MBEDTLS_EXIT_FAILURE;
- }
-
- if (strcmp(argv[1], "-l") == 0) {
- list_config();
- return 0;
- }
-
- if (strcmp(argv[1], "-all") == 0) {
- for (i = 2; i < argc; i++) {
- if (query_config(argv[i]) != 0) {
- return 1;
- }
- }
- return 0;
- }
-
- if (strcmp(argv[1], "-any") == 0) {
- for (i = 2; i < argc; i++) {
- if (query_config(argv[i]) == 0) {
- return 0;
- }
- }
- return 1;
- }
-
- for (i = 1; i < argc; i++) {
- if (query_config(argv[i]) != 0) {
- return 1;
- }
- }
-
- return 0;
-}
diff --git a/programs/test/query_config.h b/programs/test/query_config.h
deleted file mode 100644
index 43f120b..0000000
--- a/programs/test/query_config.h
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- * Query Mbed TLS compile time configurations from mbedtls_config.h
- *
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef MBEDTLS_PROGRAMS_TEST_QUERY_CONFIG_H
-#define MBEDTLS_PROGRAMS_TEST_QUERY_CONFIG_H
-
-#include "mbedtls/build_info.h"
-
-/** Check whether a given configuration symbol is enabled.
- *
- * \param config The symbol to query (e.g. "MBEDTLS_RSA_C").
- * \return \c 0 if the symbol was defined at compile time
- * (in MBEDTLS_CONFIG_FILE or mbedtls_config.h),
- * \c 1 otherwise.
- *
- * \note This function is defined in `programs/test/query_config.c`
- * which is automatically generated by
- * `scripts/generate_query_config.pl`.
- */
-int query_config(const char *config);
-
-/** List all enabled configuration symbols
- *
- * \note This function is defined in `programs/test/query_config.c`
- * which is automatically generated by
- * `scripts/generate_query_config.pl`.
- */
-void list_config(void);
-
-#endif /* MBEDTLS_PROGRAMS_TEST_QUERY_CONFIG_H */
diff --git a/programs/test/query_included_headers.c b/programs/test/query_included_headers.c
deleted file mode 100644
index cdafa16..0000000
--- a/programs/test/query_included_headers.c
+++ /dev/null
@@ -1,29 +0,0 @@
-/* Ad hoc report on included headers. */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <psa/crypto.h>
-#include <mbedtls/platform.h>
-
-int main(void)
-{
-
- /* Which PSA platform header? */
-#if defined(PSA_CRYPTO_PLATFORM_H)
- mbedtls_printf("PSA_CRYPTO_PLATFORM_H\n");
-#endif
-#if defined(PSA_CRYPTO_PLATFORM_ALT_H)
- mbedtls_printf("PSA_CRYPTO_PLATFORM_ALT_H\n");
-#endif
-
- /* Which PSA struct header? */
-#if defined(PSA_CRYPTO_STRUCT_H)
- mbedtls_printf("PSA_CRYPTO_STRUCT_H\n");
-#endif
-#if defined(PSA_CRYPTO_STRUCT_ALT_H)
- mbedtls_printf("PSA_CRYPTO_STRUCT_ALT_H\n");
-#endif
-
-}
diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c
deleted file mode 100644
index c1cee0d..0000000
--- a/programs/test/zeroize.c
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Zeroize application for debugger-driven testing
- *
- * This is a simple test application used for debugger-driven testing to check
- * whether calls to mbedtls_platform_zeroize() are being eliminated by compiler
- * optimizations. This application is used by the GDB script at
- * tests/scripts/test_zeroize.gdb: the script sets a breakpoint at the last
- * return statement in the main() function of this program. The debugger
- * facilities are then used to manually inspect the memory and verify that the
- * call to mbedtls_platform_zeroize() was not eliminated.
- *
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include "mbedtls/build_info.h"
-
-#include <stdio.h>
-
-#include "mbedtls/platform.h"
-
-#include "mbedtls/platform_util.h"
-
-#define BUFFER_LEN 1024
-
-static void usage(void)
-{
- mbedtls_printf("Zeroize is a simple program to assist with testing\n");
- mbedtls_printf("the mbedtls_platform_zeroize() function by using the\n");
- mbedtls_printf("debugger. This program takes a file as input and\n");
- mbedtls_printf("prints the first %d characters. Usage:\n\n", BUFFER_LEN);
- mbedtls_printf(" zeroize <FILE>\n");
-}
-
-int main(int argc, char **argv)
-{
- int exit_code = MBEDTLS_EXIT_FAILURE;
- FILE *fp;
- char buf[BUFFER_LEN];
- char *p = buf;
- char *end = p + BUFFER_LEN;
- int c;
-
- if (argc != 2) {
- mbedtls_printf("This program takes exactly 1 argument\n");
- usage();
- mbedtls_exit(exit_code);
- }
-
- fp = fopen(argv[1], "r");
- if (fp == NULL) {
- mbedtls_printf("Could not open file '%s'\n", argv[1]);
- mbedtls_exit(exit_code);
- }
-
- while ((c = fgetc(fp)) != EOF && p < end - 1) {
- *p++ = (char) c;
- }
- *p = '\0';
-
- if (p - buf != 0) {
- mbedtls_printf("%s\n", buf);
- exit_code = MBEDTLS_EXIT_SUCCESS;
- } else {
- mbedtls_printf("The file is empty!\n");
- }
-
- fclose(fp);
- mbedtls_platform_zeroize(buf, sizeof(buf));
-
- mbedtls_exit(exit_code); // GDB_BREAK_HERE -- don't remove this comment!
-}
diff --git a/scripts/ecc-heap.sh b/scripts/ecc-heap.sh
deleted file mode 100755
index 3eb2ff4..0000000
--- a/scripts/ecc-heap.sh
+++ /dev/null
@@ -1,87 +0,0 @@
-#!/bin/sh
-
-# Measure heap usage (and performance) of ECC operations with various values of
-# the relevant tunable compile-time parameters.
-#
-# Usage (preferably on a 32-bit platform):
-# cmake -D CMAKE_BUILD_TYPE=Release .
-# scripts/ecc-heap.sh | tee ecc-heap.log
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-set -eu
-
-CONFIG_H='include/mbedtls/mbedtls_config.h'
-
-if [ -r $CONFIG_H ]; then :; else
- echo "$CONFIG_H not found" >&2
- exit 1
-fi
-
-if grep -i cmake Makefile >/dev/null; then :; else
- echo "Needs Cmake" >&2
- exit 1
-fi
-
-if git status | grep -F $CONFIG_H >/dev/null 2>&1; then
- echo "mbedtls_config.h not clean" >&2
- exit 1
-fi
-
-CONFIG_BAK=${CONFIG_H}.bak
-cp $CONFIG_H $CONFIG_BAK
-
-cat << EOF >$CONFIG_H
-#define MBEDTLS_PLATFORM_C
-#define MBEDTLS_PLATFORM_MEMORY
-#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
-#define MBEDTLS_MEMORY_DEBUG
-
-#define MBEDTLS_TIMING_C
-
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_ECP_C
-#define MBEDTLS_ASN1_PARSE_C
-#define MBEDTLS_ASN1_WRITE_C
-#define MBEDTLS_ECDSA_C
-#define MBEDTLS_SHA256_C // ECDSA benchmark needs it
-#define MBEDTLS_SHA224_C // SHA256 requires this for now
-#define MBEDTLS_ECDH_C
-
-// NIST curves >= 256 bits
-#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
-// SECP "koblitz-like" curve >= 256 bits
-#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
-// Brainpool curves (no specialised "mod p" routine)
-#define MBEDTLS_ECP_DP_BP256R1_ENABLED
-#define MBEDTLS_ECP_DP_BP384R1_ENABLED
-#define MBEDTLS_ECP_DP_BP512R1_ENABLED
-// Montgomery curves
-#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
-#define MBEDTLS_ECP_DP_CURVE448_ENABLED
-
-#define MBEDTLS_HAVE_ASM // just make things a bit faster
-#define MBEDTLS_ECP_NIST_OPTIM // faster and less allocations
-
-//#define MBEDTLS_ECP_WINDOW_SIZE 4
-//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1
-EOF
-
-for F in 0 1; do
- for W in 2 3 4; do
- scripts/config.py set MBEDTLS_ECP_WINDOW_SIZE $W
- scripts/config.py set MBEDTLS_ECP_FIXED_POINT_OPTIM $F
- make benchmark >/dev/null 2>&1
- echo "fixed point optim = $F, max window size = $W"
- echo "--------------------------------------------"
- programs/test/benchmark ecdh ecdsa
- done
-done
-
-# cleanup
-
-mv $CONFIG_BAK $CONFIG_H
-make clean
diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl
index d0fcb7d..053040a 100755
--- a/scripts/generate_visualc_files.pl
+++ b/scripts/generate_visualc_files.pl
@@ -22,6 +22,7 @@
my $vsx_sln_file = "$vsx_dir/mbedTLS.sln";
my $mbedtls_programs_dir = "programs";
+my $framework_programs_dir = "framework/tests/programs";
my $tfpsacrypto_programs_dir = "tf-psa-crypto/programs";
my $mbedtls_header_dir = 'include/mbedtls';
@@ -59,6 +60,7 @@
tf-psa-crypto/drivers/everest/include/everest/kremlib
tests/include
framework/tests/include
+ framework/tests/programs
);
my $include_directories = join(';', map {"../../$_"} @include_directories);
@@ -125,6 +127,7 @@
&& -d $tls_test_header_dir
&& -d $test_drivers_header_dir
&& -d $mbedtls_programs_dir
+ && -d $framework_programs_dir
&& -d $tfpsacrypto_programs_dir;
}
@@ -164,7 +167,14 @@
(my $appname = $path) =~ s/.*\\//;
my $is_test_app = ($path =~ m/^test\\/);
- my $srcs = "<ClCompile Include=\"..\\..\\programs\\$path.c\" \/>";
+ my $srcs;
+ if( $appname eq "metatest" or $appname eq "query_compile_time_config" or
+ $appname eq "query_included_headers" or $appname eq "zeroize" ) {
+ $srcs = "<ClCompile Include=\"..\\..\\framework\\tests\\programs\\$appname.c\" \/>";
+ } else {
+ $srcs = "<ClCompile Include=\"..\\..\\programs\\$path.c\" \/>";
+ }
+
if( $appname eq "ssl_client2" or $appname eq "ssl_server2" or
$appname eq "query_compile_time_config" ) {
$srcs .= "\n <ClCompile Include=\"..\\..\\programs\\test\\query_config.c\" \/>";
@@ -283,6 +293,7 @@
$tls_source_dir,
$crypto_core_source_dir,
$crypto_source_dir,
+ $framework_programs_dir,
@thirdparty_header_dirs,
);
my @headers = (map { <$_/*.h> } @header_dirs);
diff --git a/tests/configs/user-config-zeroize-memset.h b/tests/configs/user-config-zeroize-memset.h
deleted file mode 100644
index 270d125..0000000
--- a/tests/configs/user-config-zeroize-memset.h
+++ /dev/null
@@ -1,17 +0,0 @@
-/* crypto_config.h modifier that defines mbedtls_platform_zeroize() to be
- * memset(), so that the compile can check arguments for us.
- * Used for testing.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <string.h>
-
-/* Define _ALT so we don't get the built-in implementation. The test code will
- * also need to define MBEDTLS_TEST_DEFINES_ZEROIZE so we don't get the
- * declaration. */
-#define MBEDTLS_PLATFORM_ZEROIZE_ALT
-
-#define mbedtls_platform_zeroize(buf, len) memset(buf, 0, len)
diff --git a/tests/scripts/components-build-system.sh b/tests/scripts/components-build-system.sh
index d6ad88a..91a999e 100644
--- a/tests/scripts/components-build-system.sh
+++ b/tests/scripts/components-build-system.sh
@@ -13,7 +13,7 @@
msg "build/test: make shared" # ~ 40s
make SHARED=1 TEST_CPP=1 all check
ldd programs/util/strerror | grep libmbedcrypto
- programs/test/dlopen_demo.sh
+ $FRAMEWORK/tests/programs/dlopen_demo.sh
}
component_test_cmake_shared () {
@@ -22,7 +22,7 @@
make
ldd programs/util/strerror | grep libtfpsacrypto
make test
- programs/test/dlopen_demo.sh
+ $FRAMEWORK/tests/programs/dlopen_demo.sh
}
support_test_cmake_out_of_source () {
diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh
index cb6dd92..74543b1 100644
--- a/tests/scripts/components-compiler.sh
+++ b/tests/scripts/components-compiler.sh
@@ -114,7 +114,7 @@
scripts/config.py full
# Only compile - we're looking for sizeof-pointer-memaccess warnings
- make CFLAGS="'-DTF_PSA_CRYPTO_USER_CONFIG_FILE=\"../tests/configs/user-config-zeroize-memset.h\"' -DMBEDTLS_TEST_DEFINES_ZEROIZE -Werror -Wsizeof-pointer-memaccess"
+ make CFLAGS="'-DTF_PSA_CRYPTO_USER_CONFIG_FILE=\"$TF_PSA_CRYPTO_ROOT_DIR/tests/configs/user-config-zeroize-memset.h\"' -DMBEDTLS_TEST_DEFINES_ZEROIZE -Werror -Wsizeof-pointer-memaccess"
}
component_test_zeroize () {
@@ -136,7 +136,7 @@
for compiler in clang gcc; do
msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()"
make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag"
- gdb -ex "$gdb_disable_aslr" -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log
+ gdb -ex "$gdb_disable_aslr" -x $FRAMEWORK/tests/programs/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log
grep "The buffer was correctly zeroized" test_zeroize.log
not grep -i "error" test_zeroize.log
rm -f test_zeroize.log
diff --git a/tests/scripts/components-compliance.sh b/tests/scripts/components-compliance.sh
deleted file mode 100644
index cce0890..0000000
--- a/tests/scripts/components-compliance.sh
+++ /dev/null
@@ -1,32 +0,0 @@
-# components-compliance.sh
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-# This file contains test components that are executed by all.sh
-
-################################################################
-#### Compliance Testing
-################################################################
-
-component_test_psa_compliance () {
- # The arch tests build with gcc, so require use of gcc here to link properly
- msg "build: make, default config (out-of-box), libmbedcrypto.a only"
- CC=gcc make -C library libmbedcrypto.a
-
- msg "unit test: test_psa_compliance.py"
- CC=gcc $FRAMEWORK/scripts/test_psa_compliance.py --build-dir="."
-}
-
-support_test_psa_compliance () {
- # psa-compliance-tests only supports CMake >= 3.10.0
- ver="$(cmake --version)"
- ver="${ver#cmake version }"
- ver_major="${ver%%.*}"
-
- ver="${ver#*.}"
- ver_minor="${ver%%.*}"
-
- [ "$ver_major" -eq 3 ] && [ "$ver_minor" -ge 10 ]
-}
-
diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb
deleted file mode 100644
index 57f771f..0000000
--- a/tests/scripts/test_zeroize.gdb
+++ /dev/null
@@ -1,64 +0,0 @@
-# test_zeroize.gdb
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-#
-# Purpose
-#
-# Run a test using the debugger to check that the mbedtls_platform_zeroize()
-# function in platform_util.h is not being optimized out by the compiler. To do
-# so, the script loads the test program at programs/test/zeroize.c and sets a
-# breakpoint at the last return statement in main(). When the breakpoint is
-# hit, the debugger manually checks the contents to be zeroized and checks that
-# it is actually cleared.
-#
-# The mbedtls_platform_zeroize() test is debugger driven because there does not
-# seem to be a mechanism to reliably check whether the zeroize calls are being
-# eliminated by compiler optimizations from within the compiled program. The
-# problem is that a compiler would typically remove what it considers to be
-# "unnecessary" assignments as part of redundant code elimination. To identify
-# such code, the compilar will create some form dependency graph between
-# reads and writes to variables (among other situations). It will then use this
-# data structure to remove redundant code that does not have an impact on the
-# program's observable behavior. In the case of mbedtls_platform_zeroize(), an
-# intelligent compiler could determine that this function clears a block of
-# memory that is not accessed later in the program, so removing the call to
-# mbedtls_platform_zeroize() does not have an observable behavior. However,
-# inserting a test after a call to mbedtls_platform_zeroize() to check whether
-# the block of memory was correctly zeroed would force the compiler to not
-# eliminate the mbedtls_platform_zeroize() call. If this does not occur, then
-# the compiler potentially has a bug.
-#
-# Note: This test requires that the test program is compiled with -g3.
-
-set confirm off
-
-file ./programs/test/zeroize
-
-search GDB_BREAK_HERE
-break $_
-
-set args ./programs/test/zeroize.c
-run
-
-set $i = 0
-set $len = sizeof(buf)
-set $buf = buf
-
-while $i < $len
- if $buf[$i++] != 0
- echo The buffer at was not zeroized\n
- quit 1
- end
-end
-
-echo The buffer was correctly zeroized\n
-
-continue
-
-if $_exitcode != 0
- echo The program did not terminate correctly\n
- quit 1
-end
-
-quit 0
diff --git a/tests/suites/test_suite_test_helpers.function b/tests/suites/test_suite_test_helpers.function
index 8c5d5ad..0139faf 100644
--- a/tests/suites/test_suite_test_helpers.function
+++ b/tests/suites/test_suite_test_helpers.function
@@ -15,7 +15,7 @@
/* Test that poison+unpoison leaves the memory accessible. */
/* We can't test that poisoning makes the memory inaccessible:
* there's no sane way to catch an Asan/Valgrind complaint.
- * That negative testing is done in programs/test/metatest.c. */
+ * That negative testing is done in framework/tests/programs/metatest.c. */
void memory_poison_unpoison(int align, int size)
{
unsigned char *buf = NULL;
diff --git a/tf-psa-crypto b/tf-psa-crypto
index dcbe6fc..2cfed8e 160000
--- a/tf-psa-crypto
+++ b/tf-psa-crypto
@@ -1 +1 @@
-Subproject commit dcbe6fc1da160e17ffa6ad8d2f503e13d7f505ff
+Subproject commit 2cfed8e711554ffc9432209caa62244938a7da7b