From b9dee2127e5608ee689e4febf1a94dc7a98d7f59 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Fri, 15 Apr 2022 09:16:33 +0200
Subject: [PATCH 1/5] Fix dependency issue
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 scripts/ecc-heap.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/scripts/ecc-heap.sh b/scripts/ecc-heap.sh
index 8d1beee5f..71c33f855 100755
--- a/scripts/ecc-heap.sh
+++ b/scripts/ecc-heap.sh
@@ -54,6 +54,7 @@ cat << EOF >$CONFIG_H
 
 #define MBEDTLS_BIGNUM_C
 #define MBEDTLS_ECP_C
+#define MBEDTLS_ECP_NO_INTERNAL_RNG
 #define MBEDTLS_ASN1_PARSE_C
 #define MBEDTLS_ASN1_WRITE_C
 #define MBEDTLS_ECDSA_C

From 8c683f92847a1f0a191041e95980b87e79dacc92 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 5 Jan 2022 10:09:49 +0100
Subject: [PATCH 2/5] Enable ECDSA in ecc-heap.sh
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Clearly the intention was to enable it, as ECDSA_C was defined, but the
benchmark also requires SHA-256 for ECDSA.

Also, specify "ecdh ecdsa" when invoking the benchmark program, in order
to avoid spurious output about SHA-256.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 scripts/ecc-heap.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/scripts/ecc-heap.sh b/scripts/ecc-heap.sh
index 71c33f855..d985fa20c 100755
--- a/scripts/ecc-heap.sh
+++ b/scripts/ecc-heap.sh
@@ -58,6 +58,8 @@ cat << EOF >$CONFIG_H
 #define MBEDTLS_ASN1_PARSE_C
 #define MBEDTLS_ASN1_WRITE_C
 #define MBEDTLS_ECDSA_C
+#define MBEDTLS_SHA256_C // ECDSA benchmark needs it
+#define MBEDTLS_SHA224_C // SHA256 requires this for now
 #define MBEDTLS_ECDH_C
 
 #define MBEDTLS_ECP_DP_SECP192R1_ENABLED
@@ -80,7 +82,7 @@ for F in 0 1; do
         make benchmark >/dev/null 2>&1
         echo "fixed point optim = $F, max window size = $W"
         echo "--------------------------------------------"
-        programs/test/benchmark
+        programs/test/benchmark ecdh ecdsa
     done
 done
 

From 6408495f42a308b940eb2b5333d1c25f9dab1cc8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 5 Jan 2022 10:34:17 +0100
Subject: [PATCH 3/5] Fix alignment in benchmark output
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 programs/test/benchmark.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index 88c9e65c5..7aae7dcdf 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -152,11 +152,12 @@ do {                                                                    \
  * Updated manually as the output of the following command:
  *
  *  sed -n 's/.*[T]IME_PUBLIC.*"\(.*\)",/\1/p' programs/test/benchmark.c |
- *      awk '{print length+2}' | sort -rn | head -n1
+ *      awk '{print length+3}' | sort -rn | head -n1
  *
- * This computes the maximum length of a title +2 (because we appends "/s").
- * (If the value is too small, the only consequence is poor alignement.) */
-#define TITLE_SPACE 16
+ * This computes the maximum length of a title +3, because we appends "/s" and
+ * want at least one space. (If the value is too small, the only consequence
+ * is poor alignement.) */
+#define TITLE_SPACE 17
 
 #define MEMORY_MEASURE_INIT                                             \
     size_t max_used, max_blocks, max_bytes;                             \

From 4ecee83d8a15f08d3fcac37df25b16a1ead97743 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 5 Jan 2022 12:01:38 +0100
Subject: [PATCH 4/5] Update config used by ecc-heap.sh
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- optimize a bit
- update default (commented out, so purely cosmetic)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 scripts/ecc-heap.sh | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/scripts/ecc-heap.sh b/scripts/ecc-heap.sh
index d985fa20c..5053fa717 100755
--- a/scripts/ecc-heap.sh
+++ b/scripts/ecc-heap.sh
@@ -71,7 +71,10 @@ cat << EOF >$CONFIG_H
 
 #include "check_config.h"
 
-//#define MBEDTLS_ECP_WINDOW_SIZE            6
+#define MBEDTLS_HAVE_ASM // just make things a bit faster
+#define MBEDTLS_ECP_NIST_OPTIM // faster and less allocations
+
+//#define MBEDTLS_ECP_WINDOW_SIZE            4
 //#define MBEDTLS_ECP_FIXED_POINT_OPTIM      1
 EOF
 

From d021197060af8bec31e3c7851ca4585122b9c892 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Thu, 6 Jan 2022 12:20:48 +0100
Subject: [PATCH 5/5] Tune coverage of ecc-heap.sh
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Include more curves. For example, the Brainpool curves don't have
dedicated "mod p" reduction routines, so they have a much larger number
of allocs (comparable to the NIST curves with `MBEDTLS_ECP_NIST_OPTIM`
disabled).

On the other hand, to keep the script's running time reasonable, remove
a few things:
- curves smaller than 256 bits (out of favour these days)
- window sizes larger than the default: 6 was particularly useless as
it's never selected by the current code; 5 can only be selected with
curves >= 384 and is unlikely to be used in practice as it increases
heap usage quite a lot for very little performance gain.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 scripts/ecc-heap.sh | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/scripts/ecc-heap.sh b/scripts/ecc-heap.sh
index 5053fa717..f16de8340 100755
--- a/scripts/ecc-heap.sh
+++ b/scripts/ecc-heap.sh
@@ -62,12 +62,19 @@ cat << EOF >$CONFIG_H
 #define MBEDTLS_SHA224_C // SHA256 requires this for now
 #define MBEDTLS_ECDH_C
 
-#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
+// NIST curves >= 256 bits
 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED
 #define MBEDTLS_ECP_DP_SECP384R1_ENABLED
 #define MBEDTLS_ECP_DP_SECP521R1_ENABLED
+// SECP "koblitz-like" curve >= 256 bits
+#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
+// Brainpool curves (no specialised "mod p" routine)
+#define MBEDTLS_ECP_DP_BP256R1_ENABLED
+#define MBEDTLS_ECP_DP_BP384R1_ENABLED
+#define MBEDTLS_ECP_DP_BP512R1_ENABLED
+// Montgomery curves
 #define MBEDTLS_ECP_DP_CURVE25519_ENABLED
+#define MBEDTLS_ECP_DP_CURVE448_ENABLED
 
 #include "check_config.h"
 
@@ -79,7 +86,7 @@ cat << EOF >$CONFIG_H
 EOF
 
 for F in 0 1; do
-    for W in 2 3 4 5 6; do
+    for W in 2 3 4; do
         scripts/config.py set MBEDTLS_ECP_WINDOW_SIZE $W
         scripts/config.py set MBEDTLS_ECP_FIXED_POINT_OPTIM $F
         make benchmark >/dev/null 2>&1