Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

xtest: add asymmetric cipher algorithm perf test #691

Closed
wants to merge 2 commits into from

Conversation

yuzexiyzx
Copy link
Contributor

@yuzexiyzx yuzexiyzx commented Aug 8, 2023

Add perf test for DH,RSA,ECDH,ECDSA

Copy link
Contributor

@jenswi-linaro jenswi-linaro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it make sense to refactor the *_perf TAs into a single TA instead?


#define TA_UUID TA_ASYM_CIPHER_PERF_UUID

#define TA_FLAGS (TA_FLAG_USER_MODE | TA_FLAG_EXEC_DDR | \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TA_FLAG_USER_MODE and TA_FLAG_EXEC_DDR are deprecated and not needed any longer.
I'm not sure TA_FLAG_SECURE_DATA_PATH or TA_FLAG_CACHE_MAINTENANCE are needed.
We should be able to define TA_FLAGS to 0.

Copy link
Contributor

@jenswi-linaro jenswi-linaro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's time to consolidate the *_perf TAs into a single TA new perf TA.

.flags = TEEC_MEM_INPUT | TEEC_MEM_OUTPUT
};

static void errx(const char *msg, TEEC_Result res, uint32_t *orig)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems that there's quite a bit of copy & paste from host/xtest/hash_perf.c or host/xtest/aes_perf.c in this file.
Duplicated code is one thing, but now we have a third copy. It's time to consolidate the code before it get even harder to maintain.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK.I will consilidate them.What is the new TA's name?perf?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will do that with another commit after the asyn_cipher one. Is that OK?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK.I will consilidate them.What is the new TA's name?perf?

I suggest crypto_perf.

@yuzexiyzx
Copy link
Contributor Author

@jenswi-linaro @jforissier I have modified the code according to the comments, but the CI failed. It seems that the error is not related to my change

@jforissier
Copy link
Contributor

@jenswi-linaro @jforissier I have modified the code according to the comments, but the CI failed. It seems that the error is not related to my change

I think it is:

2023-09-15T04:12:31.8220760Z /__w/optee_test/optee_repo_qemu_v8/out-br/build/optee_test_ext-1.0/host/xtest/aes_perf.c:18:10: fatal error: ta_aes_perf.h: No such file or directory
2023-09-15T04:12:31.8221211Z    18 | #include <ta_aes_perf.h>

@yuzexiyzx yuzexiyzx force-pushed the master branch 3 times, most recently from d7350b2 to 8639913 Compare September 19, 2023 07:54
@jforissier
Copy link
Contributor

It would be better to combine the apps before introducing the asymmetric ciphers...

@yuzexiyzx
Copy link
Contributor Author

It would be better to combine the apps before introducing the asymmetric ciphers...
OK.Do you any have comments on the combining the apps commit? It would be easier for me to modify it before changing the commit order.

Copy link
Contributor

@etienne-lms etienne-lms left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comments related to comit "xtest: add asymmetric cipher algorithm perf test".

@@ -0,0 +1,86 @@
/* SPDX-License-Identifier: BSD-2-Clause */
/*
* Copyright (c) 2015, Linaro Limited
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Update? (2023)

MODE_SIGN = 2,
MODE_VERIFY = 3,
MODE_GENKEYPAIR = 4,
} Asym_Cipher_Mode;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

prefer no typedef and use snake_case labels:

enum asym_cipher_mode {
	MODE_ENCRYPT = 0,
	MODE_DECRYPT = 1,
	MODE_SIGN = 2,
	MODE_VERIFY = 3,
	MODE_GENKEYPAIR = 4,
}

Ditto for RSA_Cipher_Mode and RSA_Sign_Mode below.

#include <tee_internal_api.h>
#include <tee_ta_api.h>
#include <string.h>
#include <trace.h>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

swap the 2 above lines

*/

#include <stddef.h>
#include <utee_defines.h>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

move to line 14


#define CHECK(res, name, action) do { \
if ((res) != TEE_SUCCESS) { \
printf(name ": 0x%08x", (res)); \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use EMSG() instead of printf() for error trace messages in the TA.

Ditto for the other occurences of printf() in this TA source file.
Note: also remove \n termination character when using EMSG().

fprintf(stderr, " 3: RSASSA_PKCS1_V1_5_SHA384 4: RSASSA_PKCS1_V1_5_SHA512 5: RSASSA_PKCS1_PSS_MGF1_SHA1\n");
fprintf(stderr, " 6: RSASSA_PKCS1_PSS_MGF1_SHA224 7: RSASSA_PKCS1_PSS_MGF1_SHA256 8: RSASSA_PKCS1_PSS_MGF1_SHA384\n");
fprintf(stderr, " 9: RSASSA_PKCS1_PSS_MGF1_SHA512\n");
fprintf(stderr, " -s salt_len only RSA SSA_PKCS1_PSS support! [%u]\n", salt_len);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

-s SALT_LEN ...

&in_shm : &out_shm;
op.params[3].memref.size = (mode == MODE_DECRYPT) ?
size : out_shm.size;
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would suggest to use a switch/case here:

		...
		op.params[0].tmpref.buffer = buf;
		op.params[0].tmpref.size = blen;
		op.params[1].value.a = l;
		op.params[1].value.b = mode;

		switch (mode) {
		case MODE_ENCRYPT:
			op.params[2].memref.parent = &in_shm;
			op.params[2].memref.size = size;
			op.params[3].memref.parent = &out_shm;
			op.params[3].memref.size = out_shm.size;
			break;
		case MODE_SIGN:
			op.params[2].memref.parent = &hash_shm;
			op.params[2].memref.size = hash_shm.size;
			op.params[3].memref.parent = &out_shm;
			op.params[3].memref.size = out_shm.size;
			break;
		case MODE_DECRYPT:
			prepare_enc_sign(size, mode, is_random, buf, blen);
			op.params[2].memref.parent = &out_shm;
			op.params[2].memref.size = out_shm.size;
			op.params[3].memref.parent = &in_shm;
			op.params[3].memref.size = size;
			break;
		case MODE_VERIFY:
			prepare_enc_sign(size, mode, is_random, buf, blen);
			op.params[2].memref.parent = &hash_shm;
			op.params[2].memref.size = hash_shm.size;
			op.params[3].memref.parent = &out_shm;
			op.params[3].memref.size = out_shm.size;
			break;
		default:
			fprintf(stderr, "Unexpected mode value\n");
			exit(1);
		}

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks

case RSAES_PKCS1_OAEP_SHA512:
return SHA512_LEN;
default:
printf("The algo[%u] is err!\n", algo);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Replace is err with is not valid
I think these error message should better be printed with fprintf(stderr, ...)

Ditto for othter is err and is error occurrences below.

int width_bytes = BITS_TO_BYTES(width_bits);
int salt_temp = 0;
int hash_len = get_hash_sign_len(rsa_algo);
if (hash_len == -1)

This comment was marked as resolved.

return TEE_ERROR_BAD_PARAMETERS;
}

return 0;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/0/TEE_SUCCESS/

Ditto at lines 165, 191 and 197.

*/

#ifndef TA_ASYM_CIPHER_PERF_H
#define TA_ASYM_CIPHER_PERF_H
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

By the way, this TA does more than just cipher (sign/verify). Rename to ta_asymm_crypto_perf.h?

@yuzexiyzx yuzexiyzx force-pushed the master branch 3 times, most recently from 3fcbed6 to 0bcf34f Compare September 22, 2023 06:23

#include "crypto_common.h"
#include "xtest_helpers.h"
#include <utee_defines.h>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

move this line between line 20 and lien 21?

fprintf(stderr, " [-t tee_type] [-m mode] [-n LOOP] [-r|--no-inited] [-d WIDTH_BITS]");
fprintf(stderr, " [-k SIZE] [-a rsa_algo] [-s salt_len] [-v [-v]] [-w SEC]");
fprintf(stderr, "\n");
fprintf(stderr, "Asymmetric Cipher performance testing tool for OP-TEE\n");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove "Cipher" (here and at few other places) since this is not only about ciphering.

&in_shm : &out_shm;
op.params[3].memref.size = (mode == MODE_DECRYPT) ?
size : out_shm.size;
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks

ap = (const struct attr_packed *)(const void *)(buf + num_attrs_size);

if (num_attrs >= 0) {
size_t n;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

= 0

if (!a)
return TEE_ERROR_OUT_OF_MEMORY;
for (n = 0; n < num_attrs; n++) {
uintptr_t p;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

= 0

}

TEE_Result cmd_asym_process_rsa_ecc(uint32_t param_types,
TEE_Param params[TEE_NUM_PARAMS])
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

indentation

TEE_PARAM_TYPE_MEMREF_OUTPUT);
TEE_Attribute *attrs = NULL;
uint32_t attr_count = 0;

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove this empty line

&crypto_obj);
CHECK(res, "TEE_AllocateTransientObject", return res;);

return res;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

at this stage we're always successful. Prefer explicit return TEE_SUCCESS.


TEE_FreeOperation(hash_op);

return res;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

return TEE_SUCCESS

&params[1].memref.size);

TEE_Free(attrs);
CHECK(res, "TEE_AsymmetricEncrypt", return res;);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fix trace message, e.g.:

	if (mode == MODE_DECRYPT)
		CHECK(res, "TEE_AsymmetricEncrypt", return res;);
	else
		CHECK(res, "TEE_AsymmetricSignDigest", return res;);

@yuzexiyzx
Copy link
Contributor Author

@jforissier @etienne-lms I have modified the code according to the comments.

#endif
/* SPDX-License-Identifier: BSD-2-Clause */
/*
* Copyright (c) 2023, Linaro Limited
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe the copyright from 2015 should be kept since this file has only been edited.

/* SPDX-License-Identifier: BSD-2-Clause */
/*
* Copyright (c) 2023, Linaro Limited
* All rights reserved.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Drop this please, we don't use that any longer.

objectType = TEE_TYPE_AES;
use_iv = 1;
break;
case TA_SM4_ECB:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SM4 support looks new, please mention that in the commit message.

Copy link
Contributor

@jforissier jforissier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewing commit "xtest: combine aes_perf and hash_perf into crypto_perf".

With my comments addressed:
Acked-by: Jerome Forissier <[email protected]>

Comment on lines 17 to 21
#define TA_CIPHER_PERF_CMD_PREPARE_KEY 0
#define TA_CIPHER_PERF_CMD_PROCESS 1
#define TA_CIPHER_PERF_CMD_PROCESS_SDP 2
#define TA_HASH_PERF_CMD_PREPARE_OP 3
#define TA_HASH_PERF_CMD_PROCESS 4
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please keep a common TA_CRYPTO_PERF_CMD_ prefix, to be consistent with TA_CRYPTO_PERF_UUID.

#define TA_CRYPTO_PERF_CMD_CIPHER_PREPARE_KEY	0
#define TA_CRYPTO_PERF_CMD_CIPHER_PROCESS	1
#define TA_CRYPTO_PERF_CMD_CIPHER_PROCESS_SDP	2
#define TA_CRYPTO_PERF_CMD_HASH_PREPARE_OP	3
#define TA_CRYPTO_PERF_CMD_HASH_PROCESS		4
...

include $(BUILD_OPTEE_MK)
LOCAL_PATH := $(call my-dir)

local_module := e626662e-c0e2-485c-b8c8-09fbce6edf3d.ta
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe the UUID should be changed. The new TA is not compatible with the old one, it accepts a different list of commands.

@@ -13,7 +12,7 @@ target_include_directories(${PROJECT_NAME}
INTERFACE os_test/include
INTERFACE rpc_test/include
INTERFACE sdp_basic/include
INTERFACE hash_perf/include
INTERFACE crypto_perf/include
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nitpicking: would be better placed below line 10 (alphabetical order)

#include <tee_internal_api_extensions.h>
#include <tee_internal_api.h>
#include <tee_ta_api.h>
#include <string.h>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

could you move this at top

@@ -72,5 +77,54 @@
#define SHA256_LEN 32
#define SHA384_LEN 48
#define SHA512_LEN 64
#define WIDTH_BITS_25519 256

This comment was marked as resolved.

@@ -486,9 +488,479 @@ TEE_Result cmd_hash_prepare_op(uint32_t param_types, TEE_Param params[4])
}
return TEE_SUCCESS;
}
struct attr_packed {

This comment was marked as resolved.


if (IS_ALIGNED_WITH_TYPE(buf, uint32_t) || blen < num_attrs_size)
return TEE_ERROR_BAD_PARAMETERS;
num_attrs = *(uint32_t *) (void *)buf;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please remove the space char. We don't use space char when casting: num_attrs = *(uint32_t *)(void *)buf;

TEE_PARAM_TYPE_MEMREF_INPUT,
TEE_PARAM_TYPE_MEMREF_INOUT,
TEE_PARAM_TYPE_NONE);
if (param_types != exp_param_types)

This comment was marked as resolved.

@etienne-lms
Copy link
Contributor

By the way, commit "xtest: add asymmetric cipher and SM4 algorithm perf test" no more implements the SM4 part. Could you update the commit message.

fprintf(stderr, " -d WIDTH_BITS ECC:the width_bits only support 192/224/256/384/521 [%u]\n", width_bits);
fprintf(stderr, " DH: width_bits <= 2048, RSA: width_bits <= 4096 [%u]\n", width_bits);
fprintf(stderr, " -a ALGO Crypto algorithm tested when TYPE is 2(RSA)\n");
fprintf(stderr, " EN/DE: 0: RSA_NOPAD 1: RSAES_PKCS1_V1_5 2: RSAES_PKCS1_OAEP_SHA1\n");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These lines become too long in the usage() print. The width of a terminal is 80 columns.

int warmup = CRYPTO_DEF_WARMUP;
int mode = MODE_GENKEYPAIR;
int width_bits = 1024;
uint32_t tee_type = 0;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be more convenient to have a valid default value.

fprintf(stderr, "\n");
fprintf(stderr, "Options:\n");
fprintf(stderr, " -h|--help Print this help and exit\n");
fprintf(stderr, " -t TYPE Test type for asymmetric algo [%u]\n", tee_type);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This parameter should not be optional if the default value isn't usable.

fprintf(stderr, "Options:\n");
fprintf(stderr, " -h|--help Print this help and exit\n");
fprintf(stderr, " -t TYPE Test type for asymmetric algo [%u]\n", tee_type);
fprintf(stderr, " 1:DH 2:RSA 3:ECDSA 4:ECDH 5:X25519\n");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd rather take these parameters as strings. When this is used in a script or a saved sequence of commands it's easier to see what's tested. Same for the -m and -a parameters.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

May I keep this way to -a paramter,since there are too many cases in -a parameter.What's more, it is different for meaning of num when mode is ENC/DEC or SIGN/VERIFY

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looping over const char *asym_algo[] = { "DH", "RSA", "ECDSA", "ECDH", "X25519" }; to determine the index and use that can't be too hard.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

DH,RSA……are -t parameters.I mean -a parameters,such as RSAES_PKCS1_V1_5,RSAES_PKCS1_OAEP_SHA256 and so on.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The greater reason to use the same approach there.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@yuzexiyzx you did not address this comment

Copy link
Contributor

@etienne-lms etienne-lms left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it would help to have 3 commits here. 1 for combining AES/hashes tests TA a,d applets, 1 for adding SM4 tests and the last one for asymm crypto tests. Sorry for such a late comment.

@@ -103,6 +103,7 @@ void usage(char *program)
printf("\t--sha-perf [opts] Deprecated, same as --hash-perf\n");
printf("\t--hash-perf [opts] Hash performance testing tool (-h for usage)\n");
printf("\t--aes-perf [opts] AES performance testing tool (-h for usage)\n");
printf("\t--asym-cipher-perf [opts] Aysmmetric cipher performance testing tool (-h for usage)\n");

This comment was marked as resolved.

#include <tee_client_api_extensions.h>
#include <time.h>
#include <utee_defines.h>
#include <unistd.h>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

swap the 2 above lines.

struct statistics {
int n;
double m;
double M2;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

prefer lower case m2 (use uppercase for macros).

@yuzexiyzx
Copy link
Contributor Author

SM4 need more modification on CA side,so I will do this later in other pull request.SM4 will not be added here.

@yuzexiyzx yuzexiyzx force-pushed the master branch 2 times, most recently from 26c4f82 to 7aa2296 Compare October 30, 2023 04:20
Copy link
Contributor

@jforissier jforissier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

xtest: combine aes and hash into crypto_perf

s/aes/AES/

There is quite a bit of copy in these files.So, I cosolidate the

consolidate

code to make it easier to maintain.In addition, SM4 algorithm is
added.

SM4 is not added, please remove.

@@ -18,6 +18,12 @@
#define TA_CRYPTO_PERF_CMD_CIPHER_PROCESS_SDP 2
#define TA_CRYPTO_PERF_CMD_HASH_PREPARE_OP 3
#define TA_CRYPTO_PERF_CMD_HASH_PROCESS 4
#define TA_CRYPTO_PERF_CMD_ASYM_CIPHER_PREPARE_OBJ 5
#define TA_CRYPTO_PERF_CMD_ASYM_CIPHER_PREPARE_HASH 6
#define TA_CRYPTO_CMD_ASYM_CIPHER_PREPARE_KEYPAIR 7
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TA_CRYPTO_PERF_CMD_ASYM_CIPHER_PREPARE_KEYPAIR

@yuzexiyzx yuzexiyzx force-pushed the master branch 2 times, most recently from 9459096 to 0ff0d37 Compare October 30, 2023 11:48
Copy link
Contributor

@etienne-lms etienne-lms left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For commit "xtest: combine AES and hash into crypto_perf":
Acked-by: Etienne Carriere <[email protected]> with the 2 issues fixed.

#define TA_HMAC_SHA512 10
#define TA_HMAC_SM3 11

#define PKCS_V1_5_MIN 11
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added macros from line 56 tp 68 belongs to commit "xtest: add asymmetric cipher perf test".

return cmd_hash_prepare_op(nParamTypes, pParams);
case TA_CRYPTO_PERF_CMD_HASH_PROCESS:
return cmd_hash_process(nParamTypes, pParams);
case TA_CRYPTO_PERF_CMD_ASYM_CIPHER_PROCESS_GEN_KEYPAIR:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

addes cases from line 72 to line 82 belongs the the next commit in the series.

Copy link
Contributor

@etienne-lms etienne-lms left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comments for commit "xtest: add asymmetric cipher perf test".

Android.mk Outdated
@@ -53,6 +53,7 @@ srcs += adbg/src/adbg_case.c \
regression_8000.c \
regression_8100.c \
hash_perf.c \
asym_cipher_perf.c \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nitpicking; would be better right below line 45 to follow alphabetical order.

return res;
}

static TEE_Result get_keypair_type(uint32_t value)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This function wrongly mixes TEE_Result values and TEE_TYPE_xxx values.
You could use TEE_TYPE_ILLEGAL_VALUE as error case return value, and change this function to return a uint32_t value.

TEE_Result cmd_asym_prepare_obj(uint32_t param_types, TEE_Param params[4])
{
TEE_Result res = TEE_ERROR_GENERIC;
uint32_t tee_type;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

= TEE_TYPE_ILLEGAL_VALUE

res = TEE_DigestDoFinal(hash_op, params[1].memref.buffer,
params[1].memref.size, params[2].memref.buffer,
&params[2].memref.size);
CHECK(res, "TEE_DigestDoFinal", return res;);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

call TEE_FreeOperation(hash_op); before line 882.

s->m += delta / s->n;
s->m2 += delta * (x - s->m);
if (!s->initialized) {
s->min = s->max = x;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

prefer split over 2 lines:

		s->min = x;
		s->max = x;

if (tee_type == ECDSA || tee_type == ECDH) {
curve_id = get_curve_id(width_bits);
if (curve_id == TEE_ERROR_BAD_PARAMETERS)
return TEE_ERROR_BAD_PARAMETERS;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

return -1;


static uint32_t get_curve_id(uint32_t width_bits)
{
uint32_t curve_id = TEE_ERROR_BAD_PARAMETERS;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

use TEE_CRYPTO_ELEMENT_NONE that is the ID defined in the spec for when no curve element ID is applicable.
Definitly not TEE_ERROR_BAD_PARAMETERS that is a TEE_Result reserved ID.

curve_id = TEE_ECC_CURVE_NIST_P521;
break;
default:
printf("ECC curve is not support!\n");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"... is not supported\n"

free_shm();
free(buf);
close_ta();
return res;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

At this stage, the perf test did not fail. Prefer return 0

}

res = pack_attrs(params, param_count, &buf, &blen);
CHECK(res, "pack_attrs", return res;);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/return res;/return -1;/ for consistency in return codes.
Ditto at line 458.

} else if (mode == MODE_SIGN || mode == MODE_VERIFY) {
if (check_rsa_hash_params(rsa_algo, width_bits, size,
salt_len))
return -1;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indentation

{
fprintf(stderr, "Usage: %s [-h]\n", progname);
fprintf(stderr, "Usage: %s [-t] [-m] [-k SIZE]", progname);
fprintf(stderr, " [-t tee_type] [-m mode] [-n LOOP] [-r|--no-inited] [-d WIDTH_BITS]");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The name tee_type is confusing, please find a better name. Perhaps algo_class or main_algo?

fprintf(stderr, "Options:\n");
fprintf(stderr, " -h|--help Print this help and exit\n");
fprintf(stderr, " -t TYPE Test type for asymmetric algo [%u]\n", tee_type);
fprintf(stderr, " 1:DH 2:RSA 3:ECDSA 4:ECDH 5:X25519\n");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The numbers mean nothing now, please remove them. Same below.

fprintf(stderr, " -d WIDTH_BITS ECC:the width_bits only support 192/224/256/384/521 [%u]\n", width_bits);
fprintf(stderr, " DH: width_bits <= 2048, RSA: width_bits <= 4096 [%u]\n", width_bits);
fprintf(stderr, " -a ALGO Crypto algorithm tested when TYPE is 2(RSA)\n");
fprintf(stderr, " EN/DE: 0:RSA_NOPAD 1:RSAES_PKCS1_V1_5 2:RSAES_PKCS1_OAEP_SHA1\n");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ENC/DEC to match the -m MODE above.

fprintf(stderr, " EN/DE: 0:RSA_NOPAD 1:RSAES_PKCS1_V1_5 2:RSAES_PKCS1_OAEP_SHA1\n");
fprintf(stderr, " 3:RSAES_PKCS1_OAEP_SHA224 4:RSAES_PKCS1_OAEP_SHA256\n");
fprintf(stderr, " 5:RSAES_PKCS1_OAEP_SHA384 6:RSAES_PKCS1_OAEP_SHA512\n");
fprintf(stderr, " SIGN/VERSIGN: 0:RSASSA_PKCS1_V1_5_SHA1 1:RSASSA_PKCS1_V1_5_SHA224\n");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SIGN/VERIFY

{
uint32_t rsa_cipher_mode = RSA_NOPAD;

if (!strcasecmp(argv, "RSA_NOPAD"))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't suppose it's harmful, but why should we ignore the case?

@@ -18,6 +18,12 @@
#define TA_CRYPTO_PERF_CMD_CIPHER_PROCESS_SDP 2
#define TA_CRYPTO_PERF_CMD_HASH_PREPARE_OP 3
#define TA_CRYPTO_PERF_CMD_HASH_PROCESS 4
#define TA_CRYPTO_PERF_CMD_ASYM_CIPHER_PREPARE_OBJ 5
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please remove the "carriage ret" characters that it seems your editor has added in all patches of this PR.

EMSG("ECDSA error mode");
res = TEE_ERROR_BAD_PARAMETERS;
}
}

This comment was marked as resolved.

return TEE_ERROR_BAD_PARAMETERS;

tee_type = get_keypair_type(params[0].value.a);
if (tee_type == TEE_ERROR_BAD_PARAMETERS)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if (tee_type == TEE_TYPE_ILLEGAL_VALUE)

else if (mode == MODE_SIGN)
do_asym = TEE_AsymmetricSignDigest;

if (mode == MODE_VERIFY) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be more consistent to use

	else if (mode == MODE_VERIFY)
		do_asym = TEE_AsymmetricVerifyDigest;

above and remove the below specific loop.

params[2].memref.buffer, params[2].memref.size,
params[3].memref.buffer, &params[3].memref.size);

CHECK(res, "TEE_AsymmetricEncrypt", goto out;);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

for consistency and simplicity: CHECK(res, "TEE proccessing failed", goto out;);

@@ -68,6 +68,7 @@ srcs += adbg/src/adbg_case.c \
regression_8000.c \
regression_8100.c \
hash_perf.c \
asym_cipher_perf.c \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nitpicking: prefer between aes_perf.c \ and benchmark_1000.c \ to follow the alphabetical order.

if (orig)
fprintf(stderr, " (orig=%d)", (int)*orig);
fprintf(stderr, "\n");
exit (1);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove the space char

fprintf(stderr, "\n");
fprintf(stderr, "Options:\n");
fprintf(stderr, " -h|--help Print this help and exit\n");
fprintf(stderr, " -t TYPE Test type for asymmetric algo [%u]\n", main_algo);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think there should not be a default value for algo type. Also main_algo is a numerical value whereas the option argument is expected to be a string: DH, RSA, ...
All in one, remove [%u] here IMHO.

fprintf(stderr, " -h|--help Print this help and exit\n");
fprintf(stderr, " -t TYPE Test type for asymmetric algo [%u]\n", main_algo);
fprintf(stderr, " DH, RSA, ECDSA, ECDH, X25519\n");
fprintf(stderr, " -m MODE Test asymmetric mode [%u]\n", mode);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ditto about [%u]

fprintf(stderr, " -k SIZE Plaintext Length [%u]\n", size);
fprintf(stderr, " -d WIDTH_BITS ECC:the width_bits only support 192/224/256/384/521 [%u]\n", width_bits);
fprintf(stderr, " DH: width_bits <= 2048, RSA: width_bits <= 4096 [%u]\n", width_bits);
fprintf(stderr, " -a ALGO Crypto algorithm tested when TYPE is 2(RSA)\n");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/2(RSA)/RSA/

int width_bytes = BITS_TO_BYTES(width_bits);
int hash_len = 0;

if (rsa_algo == 0) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/0/RSA_NOPAD/

fprintf(stderr, "The size or algo is not valid!\n");
return -1;
}
}

This comment was marked as resolved.

}
}

return TEE_SUCCESS;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/TEE_SUCCESS/0/

}
}

return TEE_SUCCESS;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/TEE_SUCCESS/0/

if (mode == MODE_DECRYPT)
res = TEE_AsymmetricEncrypt(crypto_op_enc_sign, NULL, 0,
params[0].memref.buffer, params[0].memref.size,
params[1].memref.buffer, &params[1].memref.size);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

indentation

		res = TEE_AsymmetricEncrypt(crypto_op_enc_sign, NULL, 0,
					    params[0].memref.buffer,
					    params[0].memref.size,
					    params[1].memref.buffer,
					    &params[1].memref.size);

Copy link
Contributor

@etienne-lms etienne-lms left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For commit "xtest: combine AES and hash into crypto_perf":

 Signed-off-by: Zexi Yu <[email protected]>
 Acked-by: Jerome Forissier <[email protected]>
-          Etienne Carriere <[email protected]>
+Acked-by: Etienne Carriere <[email protected]>

There is quite a bit of copy in these files.So, I cosonlidate the
code to make it easier to maintain.

Signed-off-by: Zexi Yu <[email protected]>
Acked-by: Jerome Forissier <[email protected]>
Acked-by: Etienne Carriere <[email protected]>
Copy link
Contributor

@etienne-lms etienne-lms left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This P-R is not far from being fine. Thanks for your patience. Some remaining issues to fix and few nitpicking comments to address.

Have a look at the CI test

case X25519:
return TEE_TYPE_X25519_KEYPAIR;
default:
EMSG("The algo[%u] is not valid", algo);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the variable name is value
Try to build with CFG_TEE_TA_LOG_LEVEL=0 then CFG_TEE_TA_LOG_LEVEL=4 to check debug traces syntax.

}

TEE_Result cmd_asym_process_keypair(uint32_t param_types,
TEE_Param params[TEE_NUM_PARAMS])
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

indentation

return res;
}

TEE_Result cmd_asym_prepare_obj(uint32_t param_types, TEE_Param params[4])
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/4/TEE_NUM_PARAMS/ for consistency with other functions.

Ditto for cmd_asym_prepare_keypair() and cmd_asym_prepare_hash().

fprintf(stderr, "\n");
fprintf(stderr, "Options:\n");
fprintf(stderr, " -h|--help Print this help and exit\n");
fprintf(stderr, " -t TYPE Test type for asymmetric algo\n", main_algo);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove main_algo argument since no more printed.

same comment at line 141.


out_shm.size = op.params[1].memref.size;

return;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nitpicking: for consistency with the other functions implementation:

 
 	res = TEEC_InvokeCommand(&sess, cmd, &op, &ret_origin);
-
 	check_res(res, "TEEC_InvokeCommand", &ret_origin);
-
 	out_shm.size = op.params[1].memref.size;
-
-	return;
 }

/* Make sure the N > M */
((unsigned char *)(in_shm.buffer))[0] = 0x00;
/* Avoid the problem that the last encryption result is
less than the plaintext. */
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

			/*
			 * Avoid the problem that the last encryption result is
			 * less than the plaintext.
			 */

replace less with shorter?

return -1;
}

static int get_hash_sign_len(uint32_t algo)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think get_hash_sign_len() and get_hash_sign_len() could be merged into a single get_hash_len() function.

fprintf(stderr, "The size or algo is not valid!\n");
return -1;
}
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

	} else {
		return -1;
	}

if (main_algo == RSA) {
if (mode == MODE_ENCRYPT || mode == MODE_DECRYPT) {
if (check_rsa_cipher_params(rsa_algo, width_bits, size))
return -1;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

also call USAGE();

ditto at line 842


if (main_algo == ECDSA || main_algo == ECDH) {
curve_id = get_curve_id(width_bits);
if (curve_id == TEE_CRYPTO_ELEMENT_NULL)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TEE_CRYPTO_ELEMENT_NONE

@yuzexiyzx yuzexiyzx force-pushed the master branch 2 times, most recently from 66f9d70 to 1f353a1 Compare November 9, 2023 08:28
Add perf test for DH, RSA, ECDH, ECDSA algorithm

Signed-off-by: Zexi Yu <[email protected]>
Android.mk Outdated
@@ -53,6 +53,7 @@ srcs += adbg/src/adbg_case.c \
regression_8000.c \
regression_8100.c \
hash_perf.c \
asym_cipher_perf.c \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's use alphabetical order please since the list is mostly sorted already (hash_perf.c needs to move though)

@@ -57,6 +57,7 @@ set (SRC
regression_8000.c
regression_8100.c
hash_perf.c
asym_cipher_perf.c
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same

@@ -68,6 +68,7 @@ srcs += adbg/src/adbg_case.c \
regression_8000.c \
regression_8100.c \
hash_perf.c \
asym_cipher_perf.c \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same

fprintf(stderr, "Options:\n");
fprintf(stderr, " -h|--help Print this help and exit\n");
fprintf(stderr, " -t TYPE Test type for asymmetric algo [%u]\n", tee_type);
fprintf(stderr, " 1:DH 2:RSA 3:ECDSA 4:ECDH 5:X25519\n");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@yuzexiyzx you did not address this comment

Comment on lines +150 to +153
fprintf(stderr, " RSA_NOPAD, RSAES_PKCS1_V1_5, RSAES_PKCS1_OAEP_SHA1\n");
fprintf(stderr, " RSAES_PKCS1_OAEP_SHA224, RSAES_PKCS1_OAEP_SHA256\n");
fprintf(stderr, " RSAES_PKCS1_OAEP_SHA384, RSAES_PKCS1_OAEP_SHA512\n");
fprintf(stderr, " RSASSA_PKCS1_V1_5_SHA1, RSASSA_PKCS1_V1_5_SHA224\n");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Replace tabs with 8 spaces

fprintf(stderr, " RSASSA_PKCS1_V1_5_SHA256, RSASSA_PKCS1_V1_5_SHA384\n");
fprintf(stderr, " RSASSA_PKCS1_V1_5_SHA512, RSASSA_PKCS1_PSS_MGF1_SHA1\n");
fprintf(stderr, " RSASSA_PKCS1_PSS_MGF1_SHA224, RSASSA_PKCS1_PSS_MGF1_SHA256\n");
fprintf(stderr, " RSASSA_PKCS1_PSS_MGF1_SHA384, RSASSA_PKCS1_PSS_MGF1_SHA512\n");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add the default algorithm in square brackets like for other options.

fprintf(stderr, " RSASSA_PKCS1_V1_5_SHA512, RSASSA_PKCS1_PSS_MGF1_SHA1\n");
fprintf(stderr, " RSASSA_PKCS1_PSS_MGF1_SHA224, RSASSA_PKCS1_PSS_MGF1_SHA256\n");
fprintf(stderr, " RSASSA_PKCS1_PSS_MGF1_SHA384, RSASSA_PKCS1_PSS_MGF1_SHA512\n");
fprintf(stderr, " -s SALT_LEN only RSA SSA_PKCS1_PSS support! [%u]\n", salt_len);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

" -s SALT_LEN Salt length in bytes (only when ALGO is one of RSASSA_PKCS1_PSS_*) [%u]\n", salt_len

fprintf(stderr, " -k SIZE Plaintext Length [%u]\n", size);
fprintf(stderr, " -d WIDTH_BITS ECC:the width_bits only support 192/224/256/384/521 [%u]\n", width_bits);
fprintf(stderr, " DH: width_bits <= 2048, RSA: width_bits <= 4096 [%u]\n", width_bits);
fprintf(stderr, " -a ALGO Crypto algorithm tested when TYPE is RSA\n");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried providing unsupported strings (-a XYZ) and also give -a when -t is not RSA, and I did not receive proper error messages.

@jforissier
Copy link
Contributor

@yuzexiyzx please address comments, rebase onto latest master, and submit another PR. This one is getting too big, I often get error messages from GitHub when loading the page. Thanks.

@yuzexiyzx yuzexiyzx closed this Nov 13, 2023
@etienne-lms
Copy link
Contributor

For the record: superseded by #706

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants