[Cryptech-Commits] [sw/stm32] 01/01: timing tests for RSA signing
git at cryptech.is
git at cryptech.is
Wed Feb 19 01:25:34 UTC 2020
This is an automated email from the git hooks/post-receive script.
paul at psgd.org pushed a commit to branch modexpng
in repository sw/stm32.
commit 16c9fbd9bc9ad432260fda7558415aedf64844d7
Author: Paul Selkirk <paul at psgd.org>
AuthorDate: Tue Feb 18 19:41:41 2020 -0500
timing tests for RSA signing
---
Makefile | 19 ++++++---
libraries/libtfm/Makefile | 2 +-
projects/cli-test/Makefile | 19 +++++----
projects/cli-test/cli-test.c | 50 +++++++++++++++-------
projects/cli-test/mgmt-cli.c | 15 +++++--
projects/cli-test/mgmt-misc.c | 94 +++++++++++++++++++++++++++++++++++++++--
projects/hsm/Makefile | 9 ++++
projects/hsm/mgmt-cli.c | 10 +++--
projects/hsm/mgmt-misc.c | 97 ++++++++++++++++++++++++++++++++++++++++---
9 files changed, 271 insertions(+), 44 deletions(-)
diff --git a/Makefile b/Makefile
index a12f804..69a764a 100644
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,6 @@
-# Copyright (c) 2015-2017, NORDUnet A/S
-# All rights reserved.
+# Copyright (c) 2015-2017, NORDUnet A/S All rights reserved.
+# Copyright: 2020, The Commons Conservancy Cryptech Project
+# SPDX-License-Identifier: BSD-3-Clause
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -11,9 +12,9 @@
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
-# - Neither the name of the NORDUnet nor the names of its contributors may
-# be used to endorse or promote products derived from this software
-# without specific prior written permission.
+# - Neither the name of the copyright holder nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
# IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
@@ -130,6 +131,9 @@ CFLAGS += -I$(MBED_DIR)/targets/hal/TARGET_STM/TARGET_STM32F4/$(BOARD)
ifdef DO_TASK_METRICS
CFLAGS += -DDO_TASK_METRICS
endif
+ifdef DO_TIMING
+CFLAGS += -DDO_TIMING
+endif
%.o : %.c
$(CC) $(CFLAGS) -c -o $@ $<
@@ -158,7 +162,7 @@ $(LIBTFM_BLD)/libtfm.a: .FORCE
$(MAKE) -C $(LIBTFM_BLD) PREFIX=$(PREFIX)
$(LIBHAL_BLD)/libhal.a: $(LIBTFM_BLD)/libtfm.a .FORCE
- $(MAKE) -C $(LIBHAL_BLD) IO_BUS=fmc RPC_MODE=server RPC_TRANSPORT=serial KS=flash libhal.a
+ $(MAKE) -C $(LIBHAL_BLD) IO_BUS=fmc RPC_MODE=server RPC_TRANSPORT=serial KS=flash HASH_CORES=yes libhal.a
$(LIBCLI_BLD)/libcli.a: .FORCE
$(MAKE) -C $(LIBCLI_BLD)
@@ -175,6 +179,9 @@ hsm: $(BOARD_OBJS) $(LIBS) $(LIBHAL_BLD)/libhal.a $(LIBCLI_BLD)/libcli.a .FORCE
bootloader: $(BOARD_OBJS) $(LIBS) $(LIBHAL_BLD)/libhal.a .FORCE
$(MAKE) -C projects/bootloader
+modexpng-test: $(BOARD_OBJS) $(LIBS) .FORCE
+ $(MAKE) -C projects/modexpng-test
+
# don't automatically delete objects, to avoid a lot of unnecessary rebuilding
.SECONDARY: $(BOARD_OBJS)
diff --git a/libraries/libtfm/Makefile b/libraries/libtfm/Makefile
index 359729b..34b9314 100644
--- a/libraries/libtfm/Makefile
+++ b/libraries/libtfm/Makefile
@@ -5,7 +5,7 @@
# vpath %.c ${LIBTFM_SRC}
# vpath %.h ${LIBTFM_SRC}
-BITS := 8192
+BITS := 4096
HDR := ${LIBTFM_SRC}/tomsfastmath/src/headers/tfm.h
LIB := tomsfastmath/libtfm.a
diff --git a/projects/cli-test/Makefile b/projects/cli-test/Makefile
index e01b243..5bb3fb1 100644
--- a/projects/cli-test/Makefile
+++ b/projects/cli-test/Makefile
@@ -1,5 +1,6 @@
-TEST = cli-test
+PROJ = cli-test
+# objs in addition to $(PROJ).o
OBJS = \
mgmt-cli.o \
mgmt-dfu.o \
@@ -7,17 +8,21 @@ OBJS = \
mgmt-keystore.o \
mgmt-masterkey.o \
mgmt-misc.o \
- mgmt-show.o \
- mgmt-test.o \
- test-fmc.o \
- test-mkmif.o \
- test_sdram.o
+ mgmt-show.o
CFLAGS += -I$(LIBCLI_SRC) -I$(LIBHAL_SRC)
+CFLAGS += -I$(LIBTFM_BLD)
+CFLAGS += -Wno-missing-field-initializers
+
+ifdef DO_TIMING
+CFLAGS += -DDO_TIMING
+OBJS += mgmt-timing.o $(TOPLEVEL)/stm-dwt.o
+LDFLAGS += -lm
+endif
LIBS += $(LIBCLI_BLD)/libcli.a $(LIBHAL_BLD)/libhal.a $(LIBTFM_BLD)/libtfm.a
-all: $(TEST:=.elf)
+all: $(PROJ:=.elf)
%.elf: %.o $(BOARD_OBJS) $(OBJS) $(LIBS)
$(CC) $(CFLAGS) $^ -o $@ -T$(LDSCRIPT) -g -Wl,-Map=$*.map
diff --git a/projects/cli-test/cli-test.c b/projects/cli-test/cli-test.c
index c0fe57e..c50338b 100644
--- a/projects/cli-test/cli-test.c
+++ b/projects/cli-test/cli-test.c
@@ -57,9 +57,18 @@ int
main()
{
stm_init();
-
led_on(LED_GREEN);
+ /* For the hsm, the keystores are initialized in hal_rpc_server_init(),
+ * which is...less than optimal, but this is not the time or place to fix
+ * it, especially in light of all the terrible things I'm doing in this
+ * version of cli-test.
+ */
+ extern void *hal_ks_token, *hal_ks_volatile;
+ extern int hal_ks_init(void *, int);
+ if (hal_ks_init(hal_ks_volatile, 1) != 0 || hal_ks_init(hal_ks_token, 1) != 0)
+ Error_Handler();
+
while (1) {
cli_main();
/* embedded_cli_loop returns when the user enters 'quit' or 'exit' */
@@ -70,23 +79,36 @@ main()
}
-/*
- * Dummy to solve link problem. Not obvious to me that a program
- * called "cli-test" should be duplicating all of the HSM keystore
- * logic, let alone that it should be doing it badly, but, whatever.
- *
- * We could just copy the sdram_malloc() code from hsm.c, but since
- * one of the other commands linked into cli-test goes merrily stomping
- * all over the entire SDRAM chip, that might not work out so well.
- *
- * Issue deferred until somebody cares.
- */
+/* end of variables declared with __attribute__((section(".sdram1"))) */
+extern uint8_t _esdram1 __asm ("_esdram1");
+/* end of SDRAM1 section */
+extern uint8_t __end_sdram1 __asm ("__end_sdram1");
+static uint8_t *sdram_heap = &_esdram1;
-#warning hal_allocate_static_memory() stubbed out in cli-test, see source code
+/* Allocate memory from SDRAM1. */
+static uint8_t *sdram_malloc(size_t size)
+{
+ uint8_t *p = sdram_heap;
+#define pad(n) (((n) + 3) & ~3)
+ size = pad(size);
+
+ if (p + size + sizeof(uint32_t) > &__end_sdram1)
+ return NULL;
+
+ *(uint32_t *)p = (uint32_t)size;
+ p += sizeof(uint32_t);
+
+ sdram_heap += size + sizeof(uint32_t);
+ return p;
+}
+
+/* Implement static memory allocation for libhal over sdram_malloc().
+ * Used in hal_ks_init.
+ */
void *hal_allocate_static_memory(const size_t size)
{
- return NULL;
+ return sdram_malloc(size);
}
int hal_free_static_memory(const void * const ptr)
diff --git a/projects/cli-test/mgmt-cli.c b/projects/cli-test/mgmt-cli.c
index d7f7383..960d691 100644
--- a/projects/cli-test/mgmt-cli.c
+++ b/projects/cli-test/mgmt-cli.c
@@ -4,6 +4,8 @@
* Management CLI code.
*
* Copyright (c) 2016-2017, NORDUnet A/S All rights reserved.
+ * Copyright: 2020, The Commons Conservancy Cryptech Project
+ * SPDX-License-Identifier: BSD-3-Clause
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
@@ -15,9 +17,9 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
- * - Neither the name of the NORDUnet nor the names of its contributors may
- * be used to endorse or promote products derived from this software
- * without specific prior written permission.
+ * - Neither the name of the copyright holder nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
@@ -47,6 +49,9 @@
#include "mgmt-test.h"
#include "mgmt-keystore.h"
#include "mgmt-masterkey.h"
+#ifdef DO_TIMING
+#include "mgmt-timing.h"
+#endif
#undef HAL_OK
#define HAL_OK LIBHAL_OK
@@ -172,9 +177,11 @@ int cli_main(void)
configure_cli_show(cli);
configure_cli_fpga(cli);
configure_cli_misc(cli);
- configure_cli_test(cli);
configure_cli_keystore(cli);
configure_cli_masterkey(cli);
+#ifdef DO_TIMING
+ configure_cli_timing(cli);
+#endif
while (1) {
control_mgmt_uart_dma_rx(DMA_RX_START);
diff --git a/projects/cli-test/mgmt-misc.c b/projects/cli-test/mgmt-misc.c
index db8dbd2..ca95c63 100644
--- a/projects/cli-test/mgmt-misc.c
+++ b/projects/cli-test/mgmt-misc.c
@@ -3,7 +3,9 @@
* -----------
* Miscellaneous CLI functions.
*
- * Copyright (c) 2016, NORDUnet A/S All rights reserved.
+ * Copyright (c) 2016-2017, NORDUnet A/S All rights reserved.
+ * Copyright: 2020, The Commons Conservancy Cryptech Project
+ * SPDX-License-Identifier: BSD-3-Clause
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
@@ -15,9 +17,9 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
- * - Neither the name of the NORDUnet nor the names of its contributors may
- * be used to endorse or promote products derived from this software
- * without specific prior written permission.
+ * - Neither the name of the copyright holder nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
@@ -144,11 +146,95 @@ static int cmd_reboot(struct cli_def *cli, const char *command, char *argv[], in
return CLI_OK;
}
+static int cmd_rsa_blinding(struct cli_def *cli, const char *command, char *argv[], int argc)
+{
+ if (argc != 1) {
+ cli_print(cli, "Wrong number of arguments (%i).", argc);
+ cli_print(cli, "Syntax: %s <on|off|clear>", command);
+ return CLI_ERROR;
+ }
+
+ if (strcmp(argv[0], "on") == 0)
+ hal_rsa_set_blinding(1);
+ else if (strcmp(argv[0], "off") == 0)
+ hal_rsa_set_blinding(0);
+ else if (strcmp(argv[0], "clear") == 0)
+ hal_rsa_clear_blinding_cache();
+ else {
+ cli_print(cli, "Argument must be 'on', 'off', or 'clear' - not '%s'", argv[0]);
+ return CLI_ERROR;
+ }
+
+ return CLI_OK;
+}
+
+static int cmd_rsa_crt(struct cli_def *cli, const char *command, char *argv[], int argc)
+{
+ int onoff;
+
+ if (argc != 1) {
+ cli_print(cli, "Wrong number of arguments (%i).", argc);
+ cli_print(cli, "Syntax: %s <on|off>", command);
+ return CLI_ERROR;
+ }
+
+ if (strcmp(argv[0], "on") == 0)
+ onoff = 1;
+ else if (strcmp(argv[0], "off") == 0)
+ onoff = 0;
+ else {
+ cli_print(cli, "Argument must be 'on' or 'off' - not '%s'", argv[0]);
+ return CLI_ERROR;
+ }
+
+ hal_rsa_set_crt(onoff);
+
+ return CLI_OK;
+}
+
+static int cmd_rsa_modexpng(struct cli_def *cli, const char *command, char *argv[], int argc)
+{
+ int onoff;
+
+ if (argc != 1) {
+ cli_print(cli, "Wrong number of arguments (%i).", argc);
+ cli_print(cli, "Syntax: %s <on|off>", command);
+ return CLI_ERROR;
+ }
+
+ if (strcmp(argv[0], "on") == 0)
+ onoff = 1;
+ else if (strcmp(argv[0], "off") == 0)
+ onoff = 0;
+ else {
+ cli_print(cli, "Argument must be 'on' or 'off' - not '%s'", argv[0]);
+ return CLI_ERROR;
+ }
+
+ hal_error_t err;
+ if ((err = hal_modexp_use_modexpng(onoff)) == LIBHAL_OK)
+ return CLI_OK;
+
+ cli_print(cli, hal_error_string(err));
+ return CLI_ERROR;
+}
+
void configure_cli_misc(struct cli_def *cli)
{
/* filetransfer */
cli_register_command(cli, NULL, "filetransfer", cmd_filetransfer, 0, 0, "Test file transfering");
+ struct cli_command *c_rsa = cli_register_command(cli, NULL, "rsa", NULL, 0, 0, NULL);
+
+ /* rsa blinding */
+ cli_register_command(cli, c_rsa, "blinding", cmd_rsa_blinding, 0, 0, "Set use of RSA blinding");
+
+ /* rsa crt */
+ cli_register_command(cli, c_rsa, "crt", cmd_rsa_crt, 0, 0, "Set use of RSA CRT");
+
+ /* rsa modexpng */
+ cli_register_command(cli, c_rsa, "modexpng", cmd_rsa_modexpng, 0, 0, "Set use of ModExpNG");
+
/* reboot */
cli_register_command(cli, NULL, "reboot", cmd_reboot, 0, 0, "Reboot the STM32");
}
diff --git a/projects/hsm/Makefile b/projects/hsm/Makefile
index 37c552d..5e6c4bb 100644
--- a/projects/hsm/Makefile
+++ b/projects/hsm/Makefile
@@ -16,6 +16,8 @@ CFLAGS += -DNUM_RPC_TASK=4
CFLAGS += -I$(LIBHAL_SRC)
CFLAGS += -I$(LIBCLI_SRC)
+CFLAGS += -I$(LIBTFM_BLD)
+CFLAGS += -Wno-missing-field-initializers
LIBS += $(LIBHAL_BLD)/libhal.a $(LIBTFM_BLD)/libtfm.a
LIBS += $(LIBCLI_BLD)/libcli.a
@@ -32,6 +34,13 @@ ifdef DO_TASK_METRICS
CFLAGS += -DDO_TASK_METRICS
endif
+ifdef DO_TIMING
+CFLAGS += -DDO_TIMING
+CFLAGS += -I../cli-test
+OBJS += ../cli-test/mgmt-timing.o $(TOPLEVEL)/stm-dwt.o
+LDFLAGS += -lm
+endif
+
all: $(PROJ:=.elf)
%.elf: %.o $(BOARD_OBJS) $(OBJS) $(LIBS)
diff --git a/projects/hsm/mgmt-cli.c b/projects/hsm/mgmt-cli.c
index 2b5be1f..10b260f 100644
--- a/projects/hsm/mgmt-cli.c
+++ b/projects/hsm/mgmt-cli.c
@@ -4,6 +4,8 @@
* Management CLI code.
*
* Copyright (c) 2016-2017, NORDUnet A/S All rights reserved.
+ * Copyright: 2020, The Commons Conservancy Cryptech Project
+ * SPDX-License-Identifier: BSD-3-Clause
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
@@ -15,9 +17,9 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
- * - Neither the name of the NORDUnet nor the names of its contributors may
- * be used to endorse or promote products derived from this software
- * without specific prior written permission.
+ * - Neither the name of the copyright holder nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
@@ -49,6 +51,7 @@
#include "mgmt-keystore.h"
#include "mgmt-masterkey.h"
#include "mgmt-task.h"
+#include "mgmt-timing.h"
#undef HAL_OK
#define HAL_OK LIBHAL_OK
@@ -197,6 +200,7 @@ int cli_main(void)
configure_cli_bootloader(cli);
configure_cli_misc(cli);
configure_cli_task(cli);
+ configure_cli_timing(cli);
while (1) {
control_mgmt_uart_dma_rx(DMA_RX_START);
diff --git a/projects/hsm/mgmt-misc.c b/projects/hsm/mgmt-misc.c
index 86f1be8..377af73 100644
--- a/projects/hsm/mgmt-misc.c
+++ b/projects/hsm/mgmt-misc.c
@@ -3,7 +3,9 @@
* -----------
* Miscellaneous CLI functions.
*
- * Copyright (c) 2016, NORDUnet A/S All rights reserved.
+ * Copyright (c) 2016-2018, NORDUnet A/S All rights reserved.
+ * Copyright: 2020, The Commons Conservancy Cryptech Project
+ * SPDX-License-Identifier: BSD-3-Clause
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
@@ -15,9 +17,9 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
- * - Neither the name of the NORDUnet nor the names of its contributors may
- * be used to endorse or promote products derived from this software
- * without specific prior written permission.
+ * - Neither the name of the copyright holder nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
@@ -155,6 +157,79 @@ static int cmd_reboot(struct cli_def *cli, const char *command, char *argv[], in
return CLI_OK;
}
+static int cmd_rsa_blinding(struct cli_def *cli, const char *command, char *argv[], int argc)
+{
+ if (argc != 1) {
+ cli_print(cli, "Wrong number of arguments (%i).", argc);
+ cli_print(cli, "Syntax: %s <on|off|clear>", command);
+ return CLI_ERROR;
+ }
+
+ if (strcmp(argv[0], "on") == 0)
+ hal_rsa_set_blinding(1);
+ else if (strcmp(argv[0], "off") == 0)
+ hal_rsa_set_blinding(0);
+ else if (strcmp(argv[0], "clear") == 0)
+ hal_rsa_clear_blinding_cache();
+ else {
+ cli_print(cli, "Argument must be 'on', 'off', or 'clear' - not '%s'", argv[0]);
+ return CLI_ERROR;
+ }
+
+ return CLI_OK;
+}
+
+static int cmd_rsa_crt(struct cli_def *cli, const char *command, char *argv[], int argc)
+{
+ int onoff;
+
+ if (argc != 1) {
+ cli_print(cli, "Wrong number of arguments (%i).", argc);
+ cli_print(cli, "Syntax: %s <on|off>", command);
+ return CLI_ERROR;
+ }
+
+ if (strcmp(argv[0], "on") == 0)
+ onoff = 1;
+ else if (strcmp(argv[0], "off") == 0)
+ onoff = 0;
+ else {
+ cli_print(cli, "Argument must be 'on' or 'off' - not '%s'", argv[0]);
+ return CLI_ERROR;
+ }
+
+ hal_rsa_set_crt(onoff);
+
+ return CLI_OK;
+}
+
+static int cmd_rsa_modexpng(struct cli_def *cli, const char *command, char *argv[], int argc)
+{
+ int onoff;
+
+ if (argc != 1) {
+ cli_print(cli, "Wrong number of arguments (%i).", argc);
+ cli_print(cli, "Syntax: %s <on|off>", command);
+ return CLI_ERROR;
+ }
+
+ if (strcmp(argv[0], "on") == 0)
+ onoff = 1;
+ else if (strcmp(argv[0], "off") == 0)
+ onoff = 0;
+ else {
+ cli_print(cli, "Argument must be 'on' or 'off' - not '%s'", argv[0]);
+ return CLI_ERROR;
+ }
+
+ hal_error_t err;
+ if ((err = hal_modexp_use_modexpng(onoff)) == LIBHAL_OK)
+ return CLI_OK;
+
+ cli_print(cli, hal_error_string(err));
+ return CLI_ERROR;
+}
+
void configure_cli_misc(struct cli_def *cli)
{
#ifdef DO_PROFILING
@@ -165,7 +240,19 @@ void configure_cli_misc(struct cli_def *cli)
/* profile stop */
cli_register_command(cli, c_profile, "stop", cmd_profile_stop, 0, 0, "Stop collecting profiling data");
-#endif
+#endif
+
+ struct cli_command *c_rsa = cli_register_command(cli, NULL, "rsa", NULL, 0, 0, NULL);
+
+ /* rsa blinding */
+ cli_register_command(cli, c_rsa, "blinding", cmd_rsa_blinding, 0, 0, "Set use of RSA blinding");
+
+ /* rsa crt */
+ cli_register_command(cli, c_rsa, "crt", cmd_rsa_crt, 0, 0, "Set use of RSA CRT");
+
+ /* rsa modexpng */
+ cli_register_command(cli, c_rsa, "modexpng", cmd_rsa_modexpng, 0, 0, "Set use of ModExpNG");
+
/* reboot */
cli_register_command(cli, NULL, "reboot", cmd_reboot, 0, 0, "Reboot the STM32");
}
More information about the Commits
mailing list