mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-22 17:05:36 +01:00
Merge remote-tracking branch 'public/pr/1609' into development
This commit is contained in:
commit
e783f4a767
@ -21,6 +21,7 @@ Bugfix
|
||||
MBEDTLS_THREADING_C is defined. Found by TrinityTonic, #1095
|
||||
|
||||
Changes
|
||||
* Removed support for Yotta as a build tool.
|
||||
* Add tests for session resumption in DTLS.
|
||||
* Close a test gap in (D)TLS between the client side and the server side:
|
||||
test the handling of large packets and small packets on the client side
|
||||
|
35
README.md
35
README.md
@ -11,47 +11,16 @@ Compiler options can be set using conventional environment variables such as `CC
|
||||
Compiling
|
||||
---------
|
||||
|
||||
There are currently four active build systems used within Mbed TLS releases:
|
||||
There are currently three active build systems used within Mbed TLS releases:
|
||||
|
||||
- yotta
|
||||
- GNU Make
|
||||
- CMake
|
||||
- Microsoft Visual Studio (Microsoft Visual Studio 2010 or later)
|
||||
|
||||
The main systems used for development are CMake and GNU Make. Those systems are always complete and up-to-date. The others should reflect all changes present in the CMake and Make build system, although features may not be ported there automatically.
|
||||
|
||||
Yotta, as a build system, is slightly different from the other build systems:
|
||||
|
||||
- it provides a minimalistic configuration file by default
|
||||
- depending on the yotta target, features of Mbed OS may be used in examples and tests
|
||||
|
||||
The Make and CMake build systems create three libraries: libmbedcrypto, libmbedx509, and libmbedtls. Note that libmbedtls depends on libmbedx509 and libmbedcrypto, and libmbedx509 depends on libmbedcrypto. As a result, some linkers will expect flags to be in a specific order, for example the GNU linker wants `-lmbedtls -lmbedx509 -lmbedcrypto`. Also, when loading shared libraries using dlopen(), you'll need to load libmbedcrypto first, then libmbedx509, before you can load libmbedtls.
|
||||
|
||||
### Yotta
|
||||
|
||||
[yotta](http://yottabuild.org) is a package manager and build system developed by Mbed, and is the build system of Mbed OS 16.03. To install it on your platform, please follow the yotta [installation instructions](http://docs.yottabuild.org/#installing).
|
||||
|
||||
Once yotta is installed, you can use it to download the latest version of Mbed TLS from the yotta registry with:
|
||||
|
||||
yotta install mbedtls
|
||||
|
||||
and build it with:
|
||||
|
||||
yotta build
|
||||
|
||||
If, on the other hand, you already have a copy of Mbed TLS from a source other than the yotta registry, for example from cloning our GitHub repository, or from downloading a tarball of the standalone edition, then you'll first need to generate the yotta module by running:
|
||||
|
||||
yotta/create-module.sh
|
||||
|
||||
This should be executed from the root Mbed TLS project directory. This will create the yotta module in the `yotta/module` directory within it. You can then change to that directory and build as usual:
|
||||
|
||||
cd yotta/module
|
||||
yotta build
|
||||
|
||||
In any case, you'll probably want to set the yotta target before building unless it has already been set globally. For more information on using yotta, please consult the [yotta documentation](http://docs.yottabuild.org/).
|
||||
|
||||
For more details on the yotta/Mbed OS edition of Mbed TLS, including example programs, please consult the [Readme at the root of the yotta module](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/README.md).
|
||||
|
||||
### Make
|
||||
|
||||
We require GNU Make. To build the library and the sample programs, GNU Make and a C compiler are sufficient. Some of the more advanced build targets require some Unix/Linux tools.
|
||||
@ -78,7 +47,7 @@ In order to build for a Windows platform, you should use `WINDOWS_BUILD=1` if th
|
||||
|
||||
Setting the variable `SHARED` in your environment will build shared libraries in addition to the static libraries. Setting `DEBUG` gives you a debug build. You can override `CFLAGS` and `LDFLAGS` by setting them in your environment or on the make command line; compiler warning options may be overridden separately using `WARNING_CFLAGS`. Some directory-specific options (for example, `-I` directives) are still preserved.
|
||||
|
||||
Please note that setting `CFLAGS` overrides its default value of `-O2` and setting `WARNING_CFLAGS` overrides its default value (starting with `-Wall -W`), so it you just want to add some warning options to the default ones, you can do so by setting `CFLAGS=-O2 -Werror` for example. Setting `WARNING_CFLAGS` is useful when you want to get rid of its default content (for example because your compiler doesn't accept `-Wall` as an option). Directory-specific options cannot be overriden from the command line.
|
||||
Please note that setting `CFLAGS` overrides its default value of `-O2` and setting `WARNING_CFLAGS` overrides its default value (starting with `-Wall -W`), so if you just want to add some warning options to the default ones, you can do so by setting `CFLAGS=-O2 -Werror` for example. Setting `WARNING_CFLAGS` is useful when you want to get rid of its default content (for example because your compiler doesn't accept `-Wall` as an option). Directory-specific options cannot be overriden from the command line.
|
||||
|
||||
Depending on your platform, you might run into some issues. Please check the Makefiles in `library/`, `programs/` and `tests/` for options to manually add or remove for specific platforms. You can also check [the Mbed TLS Knowledge Base](https://tls.mbed.org/kb) for articles on your platform or issue.
|
||||
|
||||
|
@ -696,7 +696,7 @@ RECURSIVE = YES
|
||||
# Note that relative paths are relative to the directory from which doxygen is
|
||||
# run.
|
||||
|
||||
EXCLUDE = ../configs ../yotta/module
|
||||
EXCLUDE = ../configs
|
||||
|
||||
# The EXCLUDE_SYMLINKS tag can be used to select whether or not files or
|
||||
# directories that are symbolic links (a Unix file system feature) are excluded
|
||||
|
@ -565,9 +565,8 @@
|
||||
#endif /* TriCore */
|
||||
|
||||
/*
|
||||
* gcc -O0 by default uses r7 for the frame pointer, so it complains about our
|
||||
* use of r7 below, unless -fomit-frame-pointer is passed. Unfortunately,
|
||||
* passing that option is not easy when building with yotta.
|
||||
* Note, gcc -O0 by default uses r7 for the frame pointer, so it complains about
|
||||
* our use of r7 below, unless -fomit-frame-pointer is passed.
|
||||
*
|
||||
* On the other hand, -fomit-frame-pointer is implied by any -Ox options with
|
||||
* x !=0, which we can detect using __OPTIMIZE__ (which is also defined by
|
||||
|
@ -3150,23 +3150,12 @@
|
||||
|
||||
/* \} name SECTION: Customisation configuration options */
|
||||
|
||||
/* Target and application specific configurations */
|
||||
//#define YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE "target_config.h"
|
||||
|
||||
#if defined(TARGET_LIKE_MBED) && defined(YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE)
|
||||
#include YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
/*
|
||||
/* Target and application specific configurations
|
||||
*
|
||||
* Allow user to override any previous default.
|
||||
*
|
||||
* Use two macro names for that, as:
|
||||
* - with yotta the prefix YOTTA_CFG_ is forced
|
||||
* - without yotta is looks weird to have a YOTTA prefix.
|
||||
*/
|
||||
#if defined(YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE)
|
||||
#include YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE
|
||||
#elif defined(MBEDTLS_USER_CONFIG_FILE)
|
||||
#if defined(MBEDTLS_USER_CONFIG_FILE)
|
||||
#include MBEDTLS_USER_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
|
@ -38,7 +38,6 @@
|
||||
# * G++
|
||||
# * arm-gcc and mingw-gcc
|
||||
# * ArmCC 5 and ArmCC 6, unless invoked with --no-armcc
|
||||
# * Yotta build dependencies, unless invoked with --no-yotta
|
||||
# * OpenSSL and GnuTLS command line tools, recent enough for the
|
||||
# interoperability tests. If they don't support SSLv3 then a legacy
|
||||
# version of these tools must be present as well (search for LEGACY
|
||||
@ -96,7 +95,6 @@ MEMORY=0
|
||||
FORCE=0
|
||||
KEEP_GOING=0
|
||||
RUN_ARMCC=1
|
||||
YOTTA=1
|
||||
|
||||
# Default commands, can be overriden by the environment
|
||||
: ${OPENSSL:="openssl"}
|
||||
@ -130,12 +128,10 @@ General options:
|
||||
--no-force Refuse to overwrite modified files (default).
|
||||
--no-keep-going Stop at the first error (default).
|
||||
--no-memory No additional memory tests (default).
|
||||
--no-yotta Skip yotta module build.
|
||||
--out-of-source-dir=<path> Directory used for CMake out-of-source build tests.
|
||||
--random-seed Use a random seed value for randomized tests (default).
|
||||
-r|--release-test Run this script in release mode. This fixes the seed value to 1.
|
||||
-s|--seed Integer seed value to use for this test run.
|
||||
--yotta Build yotta module (on by default).
|
||||
|
||||
Tool path options:
|
||||
--armc5-bin-dir=<ARMC5_bin_dir_path> ARM Compiler 5 bin directory.
|
||||
@ -160,7 +156,7 @@ cleanup()
|
||||
command make clean
|
||||
|
||||
# Remove CMake artefacts
|
||||
find . -name .git -prune -o -name yotta -prune -o \
|
||||
find . -name .git -prune \
|
||||
-iname CMakeFiles -exec rm -rf {} \+ -o \
|
||||
\( -iname cmake_install.cmake -o \
|
||||
-iname CTestTestfile.cmake -o \
|
||||
@ -253,7 +249,6 @@ while [ $# -gt 0 ]; do
|
||||
--no-force) FORCE=0;;
|
||||
--no-keep-going) KEEP_GOING=0;;
|
||||
--no-memory) MEMORY=0;;
|
||||
--no-yotta) YOTTA=0;;
|
||||
--openssl) shift; OPENSSL="$1";;
|
||||
--openssl-legacy) shift; OPENSSL_LEGACY="$1";;
|
||||
--openssl-next) shift; OPENSSL_NEXT="$1";;
|
||||
@ -261,7 +256,6 @@ while [ $# -gt 0 ]; do
|
||||
--random-seed) unset SEED;;
|
||||
--release-test|-r) SEED=1;;
|
||||
--seed|-s) shift; SEED="$1";;
|
||||
--yotta) YOTTA=1;;
|
||||
*)
|
||||
echo >&2 "Unknown option: $1"
|
||||
echo >&2 "Run $0 --help for usage."
|
||||
@ -272,20 +266,10 @@ while [ $# -gt 0 ]; do
|
||||
done
|
||||
|
||||
if [ $FORCE -eq 1 ]; then
|
||||
if [ $YOTTA -eq 1 ]; then
|
||||
rm -rf yotta/module "$OUT_OF_SOURCE_DIR"
|
||||
fi
|
||||
git checkout-index -f -q $CONFIG_H
|
||||
cleanup
|
||||
else
|
||||
|
||||
if [ $YOTTA -ne 0 ] && [ -d yotta/module ]; then
|
||||
err_msg "Warning - there is an existing yotta module in the directory 'yotta/module'"
|
||||
echo "You can either delete your work and retry, or force the test to overwrite the"
|
||||
echo "test by rerunning the script as: $0 --force"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -d "$OUT_OF_SOURCE_DIR" ]; then
|
||||
echo "Warning - there is an existing directory at '$OUT_OF_SOURCE_DIR'" >&2
|
||||
echo "You can either delete this directory manually, or force the test by rerunning"
|
||||
@ -462,14 +446,6 @@ tests/scripts/doxygen.sh
|
||||
#### Build and test many configurations and targets
|
||||
################################################################
|
||||
|
||||
if [ $RUN_ARMCC -ne 0 ] && [ $YOTTA -ne 0 ]; then
|
||||
# Note - use of yotta is deprecated, and yotta also requires armcc to be on the
|
||||
# path, and uses whatever version of armcc it finds there.
|
||||
msg "build: create and build yotta module" # ~ 30s
|
||||
cleanup
|
||||
record_status tests/scripts/yotta-build.sh
|
||||
fi
|
||||
|
||||
msg "build: cmake, gcc, ASan" # ~ 1 min 50s
|
||||
cleanup
|
||||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
|
@ -40,7 +40,7 @@ diff macros identifiers | sed -n -e 's/< //p' > actual-macros
|
||||
for THING in actual-macros enum-consts; do
|
||||
printf "Names of $THING: "
|
||||
test -r $THING
|
||||
BAD=$( grep -v '^MBEDTLS_[0-9A-Z_]*[0-9A-Z]$\|^YOTTA_[0-9A-Z_]*[0-9A-Z]$' $THING || true )
|
||||
BAD=$( grep -v '^MBEDTLS_[0-9A-Z_]*[0-9A-Z]$' $THING || true )
|
||||
if [ "x$BAD" = "x" ]; then
|
||||
echo "PASS"
|
||||
else
|
||||
|
@ -1,61 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
# yotta-build.sh
|
||||
#
|
||||
# This file is part of mbed TLS (https://tls.mbed.org)
|
||||
#
|
||||
# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved
|
||||
#
|
||||
# Purpose
|
||||
#
|
||||
# To run test builds of the yotta module for all supported targets.
|
||||
|
||||
set -eu
|
||||
|
||||
check_tools()
|
||||
{
|
||||
for TOOL in "$@"; do
|
||||
if ! `hash "$TOOL" >/dev/null 2>&1`; then
|
||||
echo "$TOOL not found!" >&2
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
yotta_build()
|
||||
{
|
||||
TARGET=$1
|
||||
|
||||
echo; echo "*** $TARGET (release) ***"
|
||||
yt -t $TARGET build
|
||||
|
||||
echo; echo "*** $TARGET (debug) ***"
|
||||
yt -t $TARGET build -d
|
||||
}
|
||||
|
||||
# Make sure the tools we need are available.
|
||||
check_tools "arm-none-eabi-gcc" "armcc" "yotta"
|
||||
|
||||
yotta/create-module.sh
|
||||
cd yotta/module
|
||||
yt update || true # needs network
|
||||
|
||||
if uname -a | grep 'Linux.*x86' >/dev/null; then
|
||||
yotta_build x86-linux-native
|
||||
fi
|
||||
if uname -a | grep 'Darwin.*x86' >/dev/null; then
|
||||
yotta_build x86-osx-native
|
||||
fi
|
||||
|
||||
# armcc build tests.
|
||||
yotta_build frdm-k64f-armcc
|
||||
#yotta_build nordic-nrf51822-16k-armcc
|
||||
|
||||
# arm-none-eabi-gcc build tests.
|
||||
yotta_build frdm-k64f-gcc
|
||||
#yotta_build st-nucleo-f401re-gcc # dirent
|
||||
#yotta_build stm32f429i-disco-gcc # fails in mbed-hal-st-stm32f4
|
||||
#yotta_build nordic-nrf51822-16k-gcc # fails in minar-platform
|
||||
#yotta_build bbc-microbit-classic-gcc # fails in minar-platform
|
||||
#yotta_build st-stm32f439zi-gcc # fails in mbed-hal-st-stm32f4
|
||||
#yotta_build st-stm32f429i-disco-gcc # fails in mbed-hal-st-stm32f4
|
1
yotta/.gitignore
vendored
1
yotta/.gitignore
vendored
@ -1 +0,0 @@
|
||||
module
|
@ -1,47 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
set -eu
|
||||
|
||||
# relative to the script's directory
|
||||
TREE=..
|
||||
DEST=module
|
||||
|
||||
# make sure we're running in our own directory
|
||||
if [ -f create-module.sh ]; then :; else
|
||||
cd $( dirname $0 )
|
||||
if [ -f create-module.sh ]; then :; else
|
||||
echo "Please run the script from is directory." >&2
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
# use a temporary directory to build the module, then rsync to DEST
|
||||
# this allows touching only new files, for more efficient re-builds
|
||||
TMP=$DEST-tmp
|
||||
rm -rf $TMP
|
||||
|
||||
mkdir -p $TMP/mbedtls $TMP/source
|
||||
cp $TREE/include/mbedtls/*.h $TMP/mbedtls
|
||||
cp $TREE/library/*.c $TMP/source
|
||||
|
||||
# temporary, should depend on external module later
|
||||
cp data/entropy_hardware_poll.c $TMP/source
|
||||
cp data/target_config.h $TMP/mbedtls
|
||||
|
||||
data/adjust-config.sh $TREE/scripts/config.pl $TMP/mbedtls/config.h
|
||||
|
||||
mkdir -p $TMP/test
|
||||
cp -r data/example-* $TMP/test
|
||||
# later we should have the generated test suites here too
|
||||
|
||||
cp data/module.json $TMP
|
||||
cp data/README.md $TMP
|
||||
|
||||
cp ../LICENSE $TMP
|
||||
if [ -f ../apache-2.0.txt ]; then cp ../apache-2.0.txt $TMP; fi
|
||||
|
||||
mkdir -p $DEST
|
||||
rsync -cr --delete --exclude build --exclude yotta_\* $TMP/ $DEST/
|
||||
rm -rf $TMP
|
||||
|
||||
echo "mbed TLS yotta module created in '$PWD/$DEST'."
|
@ -1,103 +0,0 @@
|
||||
# mbed TLS
|
||||
|
||||
mbed TLS makes it trivially easy for developers to include cryptographic and SSL/TLS capabilities in their embedded products, with a minimal code footprint. It offers an SSL library with an intuitive API and readable source code.
|
||||
|
||||
**Note:** The current release is beta, and implements no secure source of random numbers, weakening its security.
|
||||
|
||||
Currently the only supported yotta targets are:
|
||||
- `frdm-k64f-gcc`
|
||||
- `frdm-k64f-armcc`
|
||||
- `x86-linux-native`
|
||||
- `x86-osx-native`
|
||||
|
||||
## Sample programs
|
||||
|
||||
This release includes the following examples:
|
||||
|
||||
1. [**Self test:**](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/example-selftest) Tests different basic functions in the mbed TLS library.
|
||||
|
||||
2. [**Benchmark:**](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/example-benchmark) Measures the time taken to perform basic cryptographic functions used in the library.
|
||||
|
||||
3. [**Hashing:**](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/example-hashing) Demonstrates the various APIs for computing hashes of data (also known as message digests) with SHA-256.
|
||||
|
||||
4. [**Authenticated encryption:**](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/example-authcrypt) Demonstrates usage of the Cipher API for encrypting and authenticating data with AES-CCM.
|
||||
|
||||
These examples are integrated as yotta tests, so that they are built automatically when you build mbed TLS. Each of them comes with complete usage instructions as a Readme file in the repository.
|
||||
|
||||
## Performing TLS and DTLS connections
|
||||
|
||||
A high-level API for performing TLS and DTLS connections with mbed TLS in mbed OS is provided in a separate yotta module: [mbed-tls-sockets](https://github.com/ARMmbed/mbed-tls-sockets). We recommend this API for TLS and DTLS connections. It is very similar to the API provided by the [sockets](https://github.com/ARMmbed/sockets) module for unencrypted TCP and UDP connections.
|
||||
|
||||
The `mbed-tls-sockets` module includes a complete [example TLS client](https://github.com/ARMmbed/mbed-tls-sockets/blob/master/test/tls-client/main.cpp) with [usage instructions](https://github.com/ARMmbed/mbed-tls-sockets/blob/master/test/tls-client/README.md).
|
||||
|
||||
## Configuring mbed TLS features
|
||||
|
||||
mbed TLS makes it easy to disable any feature during compilation, if that feature isn't required for a particular project. The default configuration enables all modern and widely-used features, which should meet the needs of new projects, and disables all features that are older or less common, to minimize the code footprint.
|
||||
|
||||
The list of available compilation flags is available in the fully documented [config.h file](https://github.com/ARMmbed/mbedtls/blob/development/include/mbedtls/config.h).
|
||||
|
||||
If you need to adjust those flags, you can provide your own configuration-adjustment file with suitable `#define` and `#undef` statements. These will be included between the default definitions and the sanity checks. Your configuration file should be in your application's include directory, and can be named freely; you just need to let mbed TLS know the file's name. To do that, use yotta's [configuration system](http://docs.yottabuild.org/reference/config.html). The file's name should be in your `config.json` file, under mbedtls, as the key `user-config-file`.
|
||||
|
||||
For example, in an application called `myapp`, if you want to enable the EC J-PAKE key exchange and disable the CBC cipher mode, you can create a file named `mbedtls-config-changes.h` in the `myapp` directory containing the following lines:
|
||||
|
||||
#define MBEDTLS_ECJPAKE_C
|
||||
#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
|
||||
|
||||
#undef MBEDTLS_CIPHER_MODE_CBC
|
||||
|
||||
And then create a file named `config.json` at the root of your application with the following contents:
|
||||
|
||||
{
|
||||
"mbedtls": {
|
||||
"user-config-file": "\"myapp/mbedtls-config-changes.h\""
|
||||
}
|
||||
}
|
||||
|
||||
Please note: you need to provide the exact name that will be used in the `#include` directive, including the `<>` or quotes around the name.
|
||||
|
||||
## Getting mbed TLS from GitHub
|
||||
|
||||
Like most components of mbed OS, mbed TLS is developed in the open and its source can be found on GitHub: [ARMmbed/mbedtls](https://github.com/ARMmbed/mbedtls). Unlike most other mbed OS components, however, you cannot just clone the repository and run `yotta build` from its root. This is because mbed TLS also exists as an independent component, so its repository includes things that are not relevant for mbed OS, as well as other build systems.
|
||||
|
||||
The way to use mbed TLS from a clone of the GitHub repository is to run the following commands from the root of a checkout:
|
||||
|
||||
yotta/create-module.sh
|
||||
cd yotta/module
|
||||
|
||||
You can then run any yotta command you would normally run, such as `yotta build` or `yotta link`.
|
||||
|
||||
## Differences between the standalone and mbed OS editions
|
||||
|
||||
While the two editions share the same code base, there are still a number of differences, mainly in configuration and integration. You should keep in mind those differences when reading some articles in our [knowledge base](https://tls.mbed.org/kb), as currently all the articles are about the standalone edition.
|
||||
|
||||
* The mbed OS edition has a smaller set of features enabled by default in `config.h`, in order to reduce footprint. While the default configuration of the standalone edition puts more emphasize on maintaining interoperability with old peers, the mbed OS edition only enables the most modern ciphers and the latest version of (D)TLS.
|
||||
|
||||
* The following components of mbed TLS are disabled in the mbed OS edition: `net_sockets.c` and `timing.c`. This is because mbed OS include their equivalents.
|
||||
|
||||
* The mbed OS edition comes with a fully integrated API for (D)TLS connections in a companion module: [mbed-tls-sockets](https://github.com/ARMmbed/mbed-tls-sockets). See "Performing TLS and DTLS connections" above.
|
||||
|
||||
## Other resources
|
||||
|
||||
The [mbed TLS website](https://tls.mbed.org) contains many other useful
|
||||
resources for the developer, such as [developer
|
||||
documentation](https://tls.mbed.org/dev-corner), [knowledgebase
|
||||
articles](https://tls.mbed.org/kb), and a [support forum](https://tls.mbed.org/discussions).
|
||||
|
||||
## Contributing
|
||||
|
||||
We gratefully accept bug reports and contributions from the community. There are some requirements we need to fulfill in order to be able to integrate contributions:
|
||||
|
||||
* Simple bug fixes to existing code do not contain copyright themselves and we can integrate without issue. The same is true of trivial contributions.
|
||||
|
||||
* For larger contributions, such as a new feature, the code can possibly fall under copyright law. We then need your consent to share in the ownership of the copyright. We have a form for this, which we will send to you in case you submit a contribution or pull request that we deem this necessary for.
|
||||
|
||||
To contribute, please:
|
||||
|
||||
* [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://tls.mbed.org/discussions) around a feature idea or a bug.
|
||||
|
||||
* Fork the [mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the "development" branch as a basis.
|
||||
|
||||
* Write a test that shows that the bug was fixed or that the feature works as expected.
|
||||
|
||||
* Send a pull request and bug us until it gets merged and published. We will include your name in the ChangeLog.
|
||||
|
@ -1,77 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
set -eu
|
||||
|
||||
if [ $# -ne 2 ]; then
|
||||
echo "Usage: $0 path/to/config.pl path/to/config.h" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
SCRIPT=$1
|
||||
FILE=$2
|
||||
|
||||
conf() {
|
||||
$SCRIPT -f $FILE $@
|
||||
}
|
||||
|
||||
|
||||
# Set the target specific header
|
||||
conf set YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE \"mbedtls/target_config.h\"
|
||||
|
||||
# not supported on mbed OS, nor used by mbed Client
|
||||
conf unset MBEDTLS_NET_C
|
||||
conf unset MBEDTLS_TIMING_C
|
||||
|
||||
# not supported on all targets with mbed OS, nor used by mbed Client
|
||||
conf unset MBEDTLS_FS_IO
|
||||
|
||||
conf unset MBEDTLS_CIPHER_MODE_CFB
|
||||
conf unset MBEDTLS_CIPHER_MODE_CTR
|
||||
conf unset MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
|
||||
conf unset MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
|
||||
conf unset MBEDTLS_CIPHER_PADDING_ZEROS
|
||||
conf unset MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
conf unset MBEDTLS_ECP_DP_SECP224R1_ENABLED
|
||||
conf unset MBEDTLS_ECP_DP_SECP521R1_ENABLED
|
||||
conf unset MBEDTLS_ECP_DP_SECP192K1_ENABLED
|
||||
conf unset MBEDTLS_ECP_DP_SECP224K1_ENABLED
|
||||
conf unset MBEDTLS_ECP_DP_SECP256K1_ENABLED
|
||||
conf unset MBEDTLS_ECP_DP_BP256R1_ENABLED
|
||||
conf unset MBEDTLS_ECP_DP_BP384R1_ENABLED
|
||||
conf unset MBEDTLS_ECP_DP_BP512R1_ENABLED
|
||||
conf unset MBEDTLS_PK_PARSE_EC_EXTENDED
|
||||
|
||||
conf unset MBEDTLS_AESNI_C
|
||||
conf unset MBEDTLS_ARC4_C
|
||||
conf unset MBEDTLS_BLOWFISH_C
|
||||
conf unset MBEDTLS_CAMELLIA_C
|
||||
conf unset MBEDTLS_DES_C
|
||||
conf unset MBEDTLS_DHM_C
|
||||
conf unset MBEDTLS_GENPRIME
|
||||
conf unset MBEDTLS_MD5_C
|
||||
conf unset MBEDTLS_PADLOCK_C
|
||||
conf unset MBEDTLS_PEM_WRITE_C
|
||||
conf unset MBEDTLS_PKCS5_C
|
||||
conf unset MBEDTLS_PKCS12_C
|
||||
conf unset MBEDTLS_RIPEMD160_C
|
||||
conf unset MBEDTLS_SHA1_C
|
||||
conf unset MBEDTLS_XTEA_C
|
||||
|
||||
conf unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
||||
|
||||
conf unset MBEDTLS_X509_CSR_PARSE_C
|
||||
conf unset MBEDTLS_X509_CREATE_C
|
||||
conf unset MBEDTLS_X509_CRT_WRITE_C
|
||||
conf unset MBEDTLS_X509_CSR_WRITE_C
|
||||
|
||||
conf unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
|
||||
conf unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
|
||||
conf unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
||||
conf unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
|
||||
conf unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
||||
conf unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
||||
conf unset MBEDTLS_SSL_FALLBACK_SCSV
|
||||
conf unset MBEDTLS_SSL_CBC_RECORD_SPLITTING
|
||||
conf unset MBEDTLS_SSL_PROTO_TLS1
|
||||
conf unset MBEDTLS_SSL_PROTO_TLS1_1
|
||||
conf unset MBEDTLS_SSL_TRUNCATED_HMAC
|
@ -1,88 +0,0 @@
|
||||
/*
|
||||
* Hardware entropy collector for the K64F, using Freescale's RNGA
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
/*
|
||||
* WARNING: this is temporary!
|
||||
* This should be in a separate yotta module which would be a target
|
||||
* dependency of mbedtls (see IOTSSL-313)
|
||||
*/
|
||||
|
||||
#if defined(TARGET_LIKE_K64F)
|
||||
|
||||
/*
|
||||
* Reference: "K64 Sub-Family Reference Manual, Rev. 2", chapter 34
|
||||
*/
|
||||
|
||||
#include "fsl_clock_manager.h"
|
||||
|
||||
/*
|
||||
* Get one byte of entropy from the RNG, assuming it is up and running.
|
||||
* As recommended (34.1.1), get only one bit of each output.
|
||||
*/
|
||||
static void rng_get_byte( unsigned char *byte )
|
||||
{
|
||||
size_t bit;
|
||||
|
||||
/* 34.5 Steps 3-4-5: poll SR and read from OR when ready */
|
||||
for( bit = 0; bit < 8; bit++ )
|
||||
{
|
||||
while( ( RNG->SR & RNG_SR_OREG_LVL_MASK ) == 0 );
|
||||
*byte |= ( RNG->OR & 1 ) << bit;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Get len bytes of entropy from the hardware RNG.
|
||||
*/
|
||||
int mbedtls_hardware_poll( void *data,
|
||||
unsigned char *output, size_t len, size_t *olen )
|
||||
{
|
||||
size_t i;
|
||||
int ret;
|
||||
((void) data);
|
||||
|
||||
CLOCK_SYS_EnableRngaClock( 0 );
|
||||
|
||||
/* Set "Interrupt Mask", "High Assurance" and "Go",
|
||||
* unset "Clear interrupt" and "Sleep" */
|
||||
RNG->CR = RNG_CR_INTM_MASK | RNG_CR_HA_MASK | RNG_CR_GO_MASK;
|
||||
|
||||
for( i = 0; i < len; i++ )
|
||||
rng_get_byte( output + i );
|
||||
|
||||
/* Just be extra sure that we didn't do it wrong */
|
||||
if( ( RNG->SR & RNG_SR_SECV_MASK ) != 0 )
|
||||
{
|
||||
ret = -1;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
*olen = len;
|
||||
ret = 0;
|
||||
|
||||
cleanup:
|
||||
/* Disable clock to save power - assume we're the only users of RNG */
|
||||
CLOCK_SYS_DisableRngaClock( 0 );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#endif
|
@ -1,68 +0,0 @@
|
||||
# Authenticated Encryption Example
|
||||
|
||||
This application performs authenticated encryption and authenticated decryption of a buffer. It serves as a tutorial for the basic authenticated encryption functions of mbed TLS.
|
||||
|
||||
## Pre-requisites
|
||||
|
||||
To build and run this example you must have:
|
||||
|
||||
* A computer with the following software installed:
|
||||
* [CMake](http://www.cmake.org/download/).
|
||||
* [yotta](https://github.com/ARMmbed/yotta). Please note that **yotta has its own set of dependencies**, listed in the [installation instructions](http://armmbed.github.io/yotta/#installing-on-windows).
|
||||
* [Python](https://www.python.org/downloads/).
|
||||
* [The ARM GCC toolchain](https://launchpad.net/gcc-arm-embedded).
|
||||
* A serial terminal emulator (Like screen, pySerial and cu).
|
||||
* An [FRDM-K64F](http://developer.mbed.org/platforms/FRDM-K64F/) development board, or another board supported by mbed OS (in which case you'll have to substitute frdm-k64f-gcc with the appropriate target in the instructions below).
|
||||
* A micro-USB cable.
|
||||
* If your OS is Windows, please follow the installation instructions [for the serial port driver](https://developer.mbed.org/handbook/Windows-serial-configuration).
|
||||
|
||||
## Getting started
|
||||
|
||||
1. Connect the FRDM-K64F to the computer with the micro-USB cable, being careful to use the "OpenSDA" connector on the target board.
|
||||
|
||||
2. Navigate to the mbedtls directory supplied with your release and open a terminal.
|
||||
|
||||
3. Set the yotta target:
|
||||
|
||||
```
|
||||
yotta target frdm-k64f-gcc
|
||||
```
|
||||
|
||||
4. Build mbedtls and the examples. This may take a long time if this is your first compilation:
|
||||
|
||||
```
|
||||
$ yotta build
|
||||
```
|
||||
|
||||
5. Copy `build/frdm-k64f-gcc/test/mbedtls-test-example-authcrypt.bin` to your mbed board and wait until the LED next to the USB port stops blinking.
|
||||
|
||||
6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F.
|
||||
|
||||
Use the following settings:
|
||||
|
||||
* 115200 baud (not 9600).
|
||||
* 8N1.
|
||||
* No flow control.
|
||||
|
||||
7. Press the Reset button on the board.
|
||||
|
||||
8. The output in the terminal window should look like:
|
||||
|
||||
```
|
||||
{{timeout;10}}
|
||||
{{host_test_name;default}}
|
||||
{{description;mbed TLS example authcrypt}}
|
||||
{{test_id;MBEDTLS_EX_AUTHCRYPT}}
|
||||
{{start}}
|
||||
|
||||
|
||||
plaintext message: 536f6d65207468696e67732061726520626574746572206c65667420756e7265616400
|
||||
ciphertext: c57f7afb94f14c7977d785d08682a2596bd62ee9dcf216b8cccd997afee9b402f5de1739e8e6467aa363749ef39392e5c66622b01c7203ec0a3d14
|
||||
decrypted: 536f6d65207468696e67732061726520626574746572206c65667420756e7265616400
|
||||
|
||||
DONE
|
||||
{{success}}
|
||||
{{end}}
|
||||
```
|
||||
|
||||
The actual output for the ciphertext line will vary on each run because of the use of a random nonce in the encryption process.
|
@ -1,197 +0,0 @@
|
||||
/*
|
||||
* Hello world example of using the authenticated encryption with mbed TLS
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#include "mbedtls/cipher.h"
|
||||
#include "mbedtls/entropy.h"
|
||||
#include "mbedtls/ctr_drbg.h"
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
static void print_hex(const char *title, const unsigned char buf[], size_t len)
|
||||
{
|
||||
printf("%s: ", title);
|
||||
|
||||
for (size_t i = 0; i < len; i++)
|
||||
printf("%02x", buf[i]);
|
||||
|
||||
printf("\r\n");
|
||||
}
|
||||
|
||||
/*
|
||||
* The pre-shared key. Should be generated randomly and be unique to the
|
||||
* device/channel/etc. Just used a fixed on here for simplicity.
|
||||
*/
|
||||
static const unsigned char secret_key[16] = {
|
||||
0xf4, 0x82, 0xc6, 0x70, 0x3c, 0xc7, 0x61, 0x0a,
|
||||
0xb9, 0xa0, 0xb8, 0xe9, 0x87, 0xb8, 0xc1, 0x72,
|
||||
};
|
||||
|
||||
static int example(void)
|
||||
{
|
||||
/* message that should be protected */
|
||||
const char message[] = "Some things are better left unread";
|
||||
/* metadata transmitted in the clear but authenticated */
|
||||
const char metadata[] = "eg sequence number, routing info";
|
||||
/* ciphertext buffer large enough to hold message + nonce + tag */
|
||||
unsigned char ciphertext[128] = { 0 };
|
||||
int ret;
|
||||
|
||||
printf("\r\n\r\n");
|
||||
print_hex("plaintext message", (unsigned char *) message, sizeof message);
|
||||
|
||||
/*
|
||||
* Setup random number generator
|
||||
* (Note: later this might be done automatically.)
|
||||
*/
|
||||
mbedtls_entropy_context entropy; /* entropy pool for seeding PRNG */
|
||||
mbedtls_ctr_drbg_context drbg; /* pseudo-random generator */
|
||||
|
||||
mbedtls_entropy_init(&entropy);
|
||||
mbedtls_ctr_drbg_init(&drbg);
|
||||
|
||||
/* Seed the PRNG using the entropy pool, and throw in our secret key as an
|
||||
* additional source of randomness. */
|
||||
ret = mbedtls_ctr_drbg_seed(&drbg, mbedtls_entropy_func, &entropy,
|
||||
secret_key, sizeof (secret_key));
|
||||
if (ret != 0) {
|
||||
printf("mbedtls_ctr_drbg_init() returned -0x%04X\r\n", -ret);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Setup AES-CCM contex
|
||||
*/
|
||||
mbedtls_cipher_context_t ctx;
|
||||
|
||||
mbedtls_cipher_init(&ctx);
|
||||
|
||||
ret = mbedtls_cipher_setup(&ctx, mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_CCM));
|
||||
if (ret != 0) {
|
||||
printf("mbedtls_cipher_setup() returned -0x%04X\r\n", -ret);
|
||||
return 1;
|
||||
}
|
||||
|
||||
ret = mbedtls_cipher_setkey(&ctx, secret_key, 8 * sizeof secret_key, MBEDTLS_ENCRYPT);
|
||||
if (ret != 0) {
|
||||
printf("mbedtls_cipher_setkey() returned -0x%04X\r\n", -ret);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Encrypt-authenticate the message and authenticate additional data
|
||||
*
|
||||
* First generate a random 8-byte nonce.
|
||||
* Put it directly in the output buffer as the recipient will need it.
|
||||
*
|
||||
* Warning: you must never re-use the same (key, nonce) pair. One of the
|
||||
* best ways to ensure this to use a counter for the nonce. However this
|
||||
* means you should save the counter accross rebots, if the key is a
|
||||
* long-term one. The alternative we choose here is to generate the nonce
|
||||
* randomly. However it only works if you have a good source of
|
||||
* randomness.
|
||||
*/
|
||||
const size_t nonce_len = 8;
|
||||
mbedtls_ctr_drbg_random(&drbg, ciphertext, nonce_len);
|
||||
|
||||
size_t ciphertext_len = 0;
|
||||
/* Go for a conservative 16-byte (128-bit) tag
|
||||
* and append it to the ciphertext */
|
||||
const size_t tag_len = 16;
|
||||
ret = mbedtls_cipher_auth_encrypt(&ctx, ciphertext, nonce_len,
|
||||
(const unsigned char *) metadata, sizeof metadata,
|
||||
(const unsigned char *) message, sizeof message,
|
||||
ciphertext + nonce_len, &ciphertext_len,
|
||||
ciphertext + nonce_len + sizeof message, tag_len );
|
||||
if (ret != 0) {
|
||||
printf("mbedtls_cipher_auth_encrypt() returned -0x%04X\r\n", -ret);
|
||||
return 1;
|
||||
}
|
||||
ciphertext_len += nonce_len + tag_len;
|
||||
|
||||
/*
|
||||
* The following information should now be transmitted:
|
||||
* - first ciphertext_len bytes of ciphertext buffer
|
||||
* - metadata if not already transmitted elsewhere
|
||||
*/
|
||||
print_hex("ciphertext", ciphertext, ciphertext_len);
|
||||
|
||||
/*
|
||||
* Decrypt-authenticate
|
||||
*/
|
||||
unsigned char decrypted[128] = { 0 };
|
||||
size_t decrypted_len = 0;
|
||||
|
||||
ret = mbedtls_cipher_setkey(&ctx, secret_key, 8 * sizeof secret_key, MBEDTLS_DECRYPT);
|
||||
if (ret != 0) {
|
||||
printf("mbedtls_cipher_setkey() returned -0x%04X\r\n", -ret);
|
||||
return 1;
|
||||
}
|
||||
|
||||
ret = mbedtls_cipher_auth_decrypt(&ctx,
|
||||
ciphertext, nonce_len,
|
||||
(const unsigned char *) metadata, sizeof metadata,
|
||||
ciphertext + nonce_len, ciphertext_len - nonce_len - tag_len,
|
||||
decrypted, &decrypted_len,
|
||||
ciphertext + ciphertext_len - tag_len, tag_len );
|
||||
/* Checking the return code is CRITICAL for security here */
|
||||
if (ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED) {
|
||||
printf("Something bad is happening! Data is not authentic!\r\n");
|
||||
return 1;
|
||||
}
|
||||
if (ret != 0) {
|
||||
printf("mbedtls_cipher_authdecrypt() returned -0x%04X\r\n", -ret);
|
||||
return 1;
|
||||
}
|
||||
|
||||
print_hex("decrypted", decrypted, decrypted_len);
|
||||
|
||||
printf("\r\nDONE\r\n");
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#if defined(TARGET_LIKE_MBED)
|
||||
|
||||
#include "mbed-drivers/test_env.h"
|
||||
#include "minar/minar.h"
|
||||
|
||||
static void run() {
|
||||
MBED_HOSTTEST_TIMEOUT(10);
|
||||
MBED_HOSTTEST_SELECT(default);
|
||||
MBED_HOSTTEST_DESCRIPTION(mbed TLS example authcrypt);
|
||||
MBED_HOSTTEST_START("MBEDTLS_EX_AUTHCRYPT");
|
||||
MBED_HOSTTEST_RESULT(example() == 0);
|
||||
}
|
||||
|
||||
void app_start(int, char*[]) {
|
||||
/* Use 115200 bps for consistency with other examples */
|
||||
get_stdio_serial().baud(115200);
|
||||
minar::Scheduler::postCallback(mbed::util::FunctionPointer0<void>(run).bind());
|
||||
}
|
||||
|
||||
#else
|
||||
|
||||
int main() {
|
||||
return example();
|
||||
}
|
||||
|
||||
#endif
|
@ -1,100 +0,0 @@
|
||||
# mbed TLS Benchmark Example
|
||||
|
||||
This application benchmarks the various cryptographic primitives offered by mbed TLS.
|
||||
|
||||
## Pre-requisites
|
||||
|
||||
To build and run this example you must have:
|
||||
|
||||
* A computer with the following software installed:
|
||||
* [CMake](http://www.cmake.org/download/).
|
||||
* [yotta](https://github.com/ARMmbed/yotta). Please note that **yotta has its own set of dependencies**, listed in the [installation instructions](http://armmbed.github.io/yotta/#installing-on-windows).
|
||||
* [Python](https://www.python.org/downloads/).
|
||||
* [The ARM GCC toolchain](https://launchpad.net/gcc-arm-embedded).
|
||||
* A serial terminal emulator (Like screen, pySerial and cu).
|
||||
* An [FRDM-K64F](http://developer.mbed.org/platforms/FRDM-K64F/) development board, or another board supported by mbed OS (in which case you'll have to substitute frdm-k64f-gcc with the appropriate target in the instructions below).
|
||||
* A micro-USB cable.
|
||||
* If your OS is Windows, please follow the installation instructions [for the serial port driver](https://developer.mbed.org/handbook/Windows-serial-configuration).
|
||||
|
||||
## Getting started
|
||||
|
||||
1. Connect the FRDM-K64F to the computer with the micro-USB cable, being careful to use the "OpenSDA" connector on the target board.
|
||||
|
||||
2. Navigate to the mbedtls directory supplied with your release and open a terminal.
|
||||
|
||||
3. Set the yotta target:
|
||||
|
||||
```
|
||||
yotta target frdm-k64f-gcc
|
||||
```
|
||||
|
||||
4. Build mbedtls and the examples. This may take a long time if this is your first compilation:
|
||||
|
||||
```
|
||||
$ yotta build
|
||||
```
|
||||
|
||||
5. Copy `build/frdm-k64f-gcc/test/mbedtls-test-example-benchmark.bin` to your mbed board and wait until the LED next to the USB port stops blinking.
|
||||
|
||||
6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F.
|
||||
|
||||
Use the following settings:
|
||||
|
||||
* 115200 baud (not 9600).
|
||||
* 8N1.
|
||||
* No flow control.
|
||||
|
||||
7. Press the Reset button on the board.
|
||||
|
||||
8. The output in the terminal window should look like:
|
||||
|
||||
```
|
||||
{{timeout;150}}
|
||||
{{host_test_name;default}}
|
||||
{{description;mbed TLS benchmark program}}
|
||||
{{test_id;MBEDTLS_BENCHMARK}}
|
||||
{{start}}
|
||||
|
||||
|
||||
SHA-1 : 3644 KiB/s, 32 cycles/byte
|
||||
SHA-256 : 1957 KiB/s, 59 cycles/byte
|
||||
SHA-512 : 587 KiB/s, 200 cycles/byte
|
||||
AES-CBC-128 : 1359 KiB/s, 86 cycles/byte
|
||||
AES-CBC-192 : 1183 KiB/s, 99 cycles/byte
|
||||
AES-CBC-256 : 1048 KiB/s, 111 cycles/byte
|
||||
AES-GCM-128 : 421 KiB/s, 279 cycles/byte
|
||||
AES-GCM-192 : 403 KiB/s, 292 cycles/byte
|
||||
AES-GCM-256 : 385 KiB/s, 305 cycles/byte
|
||||
AES-CCM-128 : 542 KiB/s, 216 cycles/byte
|
||||
AES-CCM-192 : 484 KiB/s, 242 cycles/byte
|
||||
AES-CCM-256 : 437 KiB/s, 268 cycles/byte
|
||||
CTR_DRBG (NOPR) : 1002 KiB/s, 117 cycles/byte
|
||||
CTR_DRBG (PR) : 705 KiB/s, 166 cycles/byte
|
||||
HMAC_DRBG SHA-1 (NOPR) : 228 KiB/s, 517 cycles/byte
|
||||
HMAC_DRBG SHA-1 (PR) : 210 KiB/s, 561 cycles/byte
|
||||
HMAC_DRBG SHA-256 (NOPR) : 212 KiB/s, 557 cycles/byte
|
||||
HMAC_DRBG SHA-256 (PR) : 185 KiB/s, 637 cycles/byte
|
||||
RSA-2048 : 41 ms/ public
|
||||
RSA-2048 : 1349 ms/private
|
||||
RSA-4096 : 134 ms/ public
|
||||
RSA-4096 : 7149 ms/private
|
||||
ECDSA-secp384r1 : 640 ms/sign
|
||||
ECDSA-secp256r1 : 387 ms/sign
|
||||
ECDSA-secp384r1 : 1233 ms/verify
|
||||
ECDSA-secp256r1 : 751 ms/verify
|
||||
ECDHE-secp384r1 : 1191 ms/handshake
|
||||
ECDHE-secp256r1 : 730 ms/handshake
|
||||
ECDHE-Curve25519 : 611 ms/handshake
|
||||
ECDH-secp384r1 : 584 ms/handshake
|
||||
ECDH-secp256r1 : 365 ms/handshake
|
||||
ECDH-Curve25519 : 303 ms/handshake
|
||||
|
||||
{{success}}
|
||||
{{end}}
|
||||
```
|
||||
|
||||
Any performance data generated by this example application are indicative only of the performance of the mbed TLS module on the platform it's executed on.
|
||||
|
||||
Differences in the integration of mbed TLS into the platform, such as whether all available hardware accelerators have been used or not, can lead to significant differences in performance, and so results from the program are not intended to be used to meaningfully compare platforms.
|
||||
|
||||
The figures may also slightly change from execution to execution due to variations in the timing functions.
|
@ -1,951 +0,0 @@
|
||||
/*
|
||||
* Benchmark demonstration program
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#if !defined(TARGET_LIKE_MBED)
|
||||
|
||||
#include <stdio.h>
|
||||
|
||||
int main() {
|
||||
printf("this version of this program only works on mbed OS\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
#else
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#include <stdio.h>
|
||||
#define mbedtls_exit exit
|
||||
#define mbedtls_printf printf
|
||||
#define mbedtls_snprintf snprintf
|
||||
#define mbedtls_free free
|
||||
#endif
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#include "mbedtls/md4.h"
|
||||
#include "mbedtls/md5.h"
|
||||
#include "mbedtls/ripemd160.h"
|
||||
#include "mbedtls/sha1.h"
|
||||
#include "mbedtls/sha256.h"
|
||||
#include "mbedtls/sha512.h"
|
||||
#include "mbedtls/arc4.h"
|
||||
#include "mbedtls/des.h"
|
||||
#include "mbedtls/aes.h"
|
||||
#include "mbedtls/blowfish.h"
|
||||
#include "mbedtls/camellia.h"
|
||||
#include "mbedtls/gcm.h"
|
||||
#include "mbedtls/ccm.h"
|
||||
#include "mbedtls/havege.h"
|
||||
#include "mbedtls/ctr_drbg.h"
|
||||
#include "mbedtls/hmac_drbg.h"
|
||||
#include "mbedtls/rsa.h"
|
||||
#include "mbedtls/pk.h"
|
||||
#include "mbedtls/dhm.h"
|
||||
#include "mbedtls/ecdsa.h"
|
||||
#include "mbedtls/ecdh.h"
|
||||
#include "mbedtls/error.h"
|
||||
|
||||
#include "mbed-drivers/mbed.h"
|
||||
|
||||
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
|
||||
#include "mbedtls/memory_buffer_alloc.h"
|
||||
#endif
|
||||
|
||||
#define RSA_PRIVATE_KEY_2048 \
|
||||
"-----BEGIN RSA PRIVATE KEY-----\r\n" \
|
||||
"MIIEogIBAAKCAQEA2dwVr+IMGEtA2/MCP6fA5eb/6B18Bq6e7gw8brNPkm3E6LyR\r\n" \
|
||||
"4DnMJVxZmw3bPDKBDoKzfntkMESi/Yw5UopLtVfjGfWeQWPClqffLZBsZ60BRAsg\r\n" \
|
||||
"/g+ID5tgzxSuxzftypK59uexOVCAm7hCKZHGO3DbI7bLY27j7VAgEP7d/yuaz5Fx\r\n" \
|
||||
"Kl/vu7shqrBoz6ABJVJD3KC8nUiMRUCXRINmxbyUUjA4DnicZv6+xrGKr36r6M8h\r\n" \
|
||||
"VYLa5msKc8WzbnBWzpUsrpb4/r7ML+qp92gdSfVJ8/bLiU7h2C7faDA59uaqrFK9\r\n" \
|
||||
"xmDdx7FaWhGQs3LWW6w1UNgkPS0FDYUslpsnsQIDAQABAoIBAC7IJNwM5V3+IuJY\r\n" \
|
||||
"T35Nzo1PyloUosJokvY5KGz5Ejg2XBdCDu0gXCcVqqQyGIbXrYDpLhQV+RCoXHun\r\n" \
|
||||
"tdN0oQdC5SB47s/J1Uo2qCUHo0+sBd6PqTkFKsl3KxWssk9TQjvCwC412IefMs69\r\n" \
|
||||
"hW+ZvwCanmQP56LleApIr2oW4KLfW8Ry/QfZlua+dizctdN7+H1mWwgZQTY9T27J\r\n" \
|
||||
"6RtGRA5NVkKVPzIHVJfdpKoO7xGg1g06aEbPB/VmGvZaaFWWnaf7uRvFjLZecBLu\r\n" \
|
||||
"QSx2DA/GDjirlDYj99PJb7DtB4xRtKzsyw0o+xapC8w6OtIl/3xFt9moCu2jGrsx\r\n" \
|
||||
"vpjHdfECgYEA7fSACRseIs9gAIVX8wq6gayTpA47DHYWAD6IQfIj35SJ+AgsvbFF\r\n" \
|
||||
"4AmrwDhcJVPmDy1N4nLBfyGAMt/2CfiYkdkW6QFX/ULRMMBL/G7kWV8hYQDICB2g\r\n" \
|
||||
"xaMRN1lPCmFq6BkSWjwIYTnYDFBDWVm1GVT8TMtJoM8Erej9qC0PeFUCgYEA6mF3\r\n" \
|
||||
"bigO3t8f5sig+XepaftEUbkJMzo72TVRnIR2ycdR2ihelPQ+25g9dwV0ZA5XXhBS\r\n" \
|
||||
"DKOABWjMM739Mwmy9v26Dlmu9R01zHQktMvtEAyfz7lk2NF0aMuj8285OJUBf9bz\r\n" \
|
||||
"Cq3MjtMCD+4CZ6iaEqCdUKOuxfpx5cWVJV+qve0CgYBhD1YaYMFOGaBjFgDl1f51\r\n" \
|
||||
"Xltqk5NqZdBbkSYrIAWZ8RDF5y+4wFJsLAWuhk6vuyUgE66tK3nZzWRpXAkT0B8L\r\n" \
|
||||
"fq1lpXKqj1KcvBNCiEkEW1VWJ+dvyAYIF5eyJ++hoFLnETL3M32HivyhKSwPihPg\r\n" \
|
||||
"nVW8TT9fJJIYDe1JZ/fjcQKBgHJfv7UsrR0LSvkG3K8AOtbx+8PZhOjPuRbk0v+L\r\n" \
|
||||
"EKCkuIe5/XW4vtfQMeZb7hFJgk7vrepm+vkoy8VQKDf4urGW3W1VTHBmobM01hi4\r\n" \
|
||||
"DuYvEul+Mf0wMRtWjJolo4m+BO5KiW2jpFfqFm6JmfjVqOIAKOSKC6am8V/MDF0h\r\n" \
|
||||
"kyN9AoGAT9oOiEXMolbkDZw/QCaBiRoAGlGlNYUkJ+58U6OjIZLISw6aFv+Y2uE0\r\n" \
|
||||
"mEImItjuYZtSYKblWikp6ldPoKlt9bwEFe3c6IZ8kJ3+xyEyAGrvjXjEY7PzP6dp\r\n" \
|
||||
"Ajbjp9X9uocEBv9W/KsBLdQ7yizcL/toHwdBO4vQqmqTvAc5IIw=\r\n" \
|
||||
"-----END RSA PRIVATE KEY-----\r\n"
|
||||
|
||||
#define RSA_PRIVATE_KEY_4096 \
|
||||
"-----BEGIN RSA PRIVATE KEY-----\r\n" \
|
||||
"MIIJKgIBAAKCAgEAmkdGjoIshJuOt2NO47qB3Z3yyvmLg2j351isItSNuFQU3qr+\r\n" \
|
||||
"jXHIeANf03yw/K0Zvos8RPd+CqLjoxAQL3QDH4bZAl88bIo29i+SANbNSrKQmc0k\r\n" \
|
||||
"pH+yzw3alDzO0GZaOPZjsbo6AwBrno5msi0vRuC2aY8vGLPsZWSyLai7tneS1j/o\r\n" \
|
||||
"vYW6XIo8Cj61j2Ypy9HhVUW/4Wc+zAT25D/x7jTpkqJLWWT+YzibNbOY48M5eJcB\r\n" \
|
||||
"6/sMyUIeI3/u/wXyMrooNyLiCpedkuHRA0m7u5cWPTUISTunSRlVFij/NHJjuU8e\r\n" \
|
||||
"wA3B29yfZFsUqDEnyc+OxniIueAixTomVszxAaVn8zFEbYhFMPqziiFp99u3jfeG\r\n" \
|
||||
"k1q9mmUi/uCfUC4e2IC5rqq1ZbKSduH7Ug/Vn2bGQahww0sZFRHDXFrnBcotcW+M\r\n" \
|
||||
"bnC290VBDnYgzmdYrIOxuPb2aUwJo4ZlbKh5uBB1PigMuyhLKibQ1a+V5ZJGdpP6\r\n" \
|
||||
"SE9PGIdgYWSmh2QEMuLE6v+wTO2LQ5JgqsvFfi3GIZvkn0s8jTS72Jq2uMkFkMer\r\n" \
|
||||
"UBjPDYaSPy5kpo103KerWs+cMPOJ/3FtZzI++7MoSUTkWVr1ySQFt5i1EIZ/0Thi\r\n" \
|
||||
"jut2jNe8a4AoA3TtC8Rkk/3AIIbg8MVNT4EnT+KHROTMu6gET1oJ3YfBRpUCAwEA\r\n" \
|
||||
"AQKCAgEAhuNSmT7PVZH8kfLOAuYKrY1vvm+4v0iDl048Eqfs0QESziyLK3gUYnnw\r\n" \
|
||||
"yqP2yrU+EQ8Dvvj0xq/sf6GHxTWVlXb9PcmutueRbmXhLcKg83J0Y0StiPXtjIL8\r\n" \
|
||||
"XSddW3Bh6fPi7n14Qy+W6KZwu9AtybanRlvePabyRSRpdOpWVQ7u30w5XZsSed6S\r\n" \
|
||||
"6BI0BBC68m2qqje1sInoqdCdXKtcB31TytUDNEHM+UuAyM8iGeGS2hCNqZlycHTS\r\n" \
|
||||
"jQ9KEsdMH3YLu0lQgRpWtxmg+VL6ROWwmAtKF12EwbDYZ+uoVl69OkQnCpv8pxKa\r\n" \
|
||||
"ec/4m6V+uEA1AOpaAMorHG3fH31IKWC/fTZstovgO/eG2XCtlbcCoWCQ7amFq16l\r\n" \
|
||||
"Gh1UKeBHxMXpDj4oDmIUGUvgzSNnEeSN/v76losWvWYQDjXR/LMDa/CNYsD8BmJR\r\n" \
|
||||
"PZidIjIXdVRlYOhA7ljtySQvp6RBujBfw3tsVMyZw2XzXFwM9O89b1xXC6+M5jf9\r\n" \
|
||||
"DXs/U7Fw+J9qq/YpByABcPCwWdttwdQFRbOxwxaSOKarIqS87TW1JuFcNJ59Ut6G\r\n" \
|
||||
"kMvAg6gC34U+0ktkG/AmI1hgjC+P7ErHCXBR2xARoGzcO/CMZF59S+Z2HFchpTSP\r\n" \
|
||||
"5T2o4mGy3VfHSBidQQrcZRukg8ZP8M1NF3bXjpY6QZpeLHc4oHECggEBAMjdgzzk\r\n" \
|
||||
"xp4mIYFxAEiXYt7tzuUXJk+0UpEJj5uboWLirUZqZmNUPyh6WDnzlREBH++Ms0LO\r\n" \
|
||||
"+AWSfaGPDoMb0NE2j3c4FRWAhe7Vn6lj7nLVpF2RdwRo88yGerZ4uwGMY8NUQCtn\r\n" \
|
||||
"zum3J7eCJ5DojiceRb6uMxTJ8xZmUC4W2f3J/lrR7wlYjyVnnHqH5HcemYUipWSw\r\n" \
|
||||
"sM0/cHp3lrz2VWrbAEu8HVpklvDQpdAgl7cjXt/JHYawY+p426IF/PzQSRROnzgy\r\n" \
|
||||
"4WI8FVYNV2tgu0TOFURbkkEvuj/duDKeooUIF0G0XHzha5oAX/j0iWiHbrOF6wHj\r\n" \
|
||||
"0xeajL9msKBnmD8CggEBAMSgLWmv7G31x4tndJCcXnX4AyVL7KpygAx/ZwCcyTR8\r\n" \
|
||||
"rY1rO07f/ta2noEra/xmEW/BW98qJFCHSU2nSLAQ5FpFSWyuQqrnffrMJnfWyvpr\r\n" \
|
||||
"ceQ0yQ/MiA6/JIOvGAjabcspzZijxzGp+Qk3eTT0yOXLSVOCH9B9XVHLodcy4PQM\r\n" \
|
||||
"KSCxy0vVHhVNl2SdPEwTXRmxk99Q/rw6IHVpQxBq1OhQt05nTKT+rZMD/grSK22e\r\n" \
|
||||
"my2F0DodAJwLo063Zv3RXQZhDYodMmjcp9Hqrtvj9P3HD7J3z6ACiV3SCi8cZumL\r\n" \
|
||||
"bSmnKCcd0bb45+aOWm31ieECJuIcJ9rOREEa/KDYTCsCggEBAMG5WkSVhLWsou37\r\n" \
|
||||
"dUGNuA63nq42SH3gtS0q4nU6gUkkw+dA4ST1cMByVrr1oRQ4WHup4I4TnQOKyF3T\r\n" \
|
||||
"4jQy1I+ipnVeAn+tZ/7zyzwMpEHeqNqRXA9FxbTBEoMAJ6QTqXgOvqDeSqIAQm7r\r\n" \
|
||||
"OYu5rrgtqyh/S8bGCwvUe4ooAfCSKx2ekYMbBVwW9MT8YS09tuS/iHJ3Mt2RTMLg\r\n" \
|
||||
"qeHvVmxrcXqZoFm44Ba7tN/pP0mi9HKyviZT4tmV3IYEbn3JyGGsfkUuVU9wEUfg\r\n" \
|
||||
"MCrgrVxrwfketAzooiHMjkVL2ASjzAJTmEvdAPETYXxzJD9LN0ovY3t8JfAC37IN\r\n" \
|
||||
"sVXS8/MCggEBALByOS59Y4Ktq1rLBQx8djwQyuneP0wZohUVAx7Gk7xZIfklQDyg\r\n" \
|
||||
"v/R4PrcVezstcPpDnykdjScCsGJR+uWc0v667I/ttP/e6utz5hVmmBGu965dPAzE\r\n" \
|
||||
"c1ggaSkOqFfRg/Nr2Qbf+fH0YPnHYSqHe/zSt0OMIvaaeXLcdKhEDSCUBRhE1HWB\r\n" \
|
||||
"kxR046WzgBeYzNQwycz9xwqsctJKGpeR9ute+5ANHPd3X9XtID0fqz8ctI5eZaSw\r\n" \
|
||||
"wApIW01ZQcAF8B+4WkkVuFXnpWW33yCOaRyPVOPHpnclr5WU1fS+3Q85QkW9rkej\r\n" \
|
||||
"97zlkl0QY9AHJqrXnoML1ywAK7ns+MVyNK8CggEAf62xcKZhOb1djeF72Ms+i/i/\r\n" \
|
||||
"WIAq4Q4YpsElgvJTHpNH2v9g4ngSTKe3ws3bGc502sWRlhcoTFMOW2rJNe/iqKkb\r\n" \
|
||||
"3cdeTkseDbpqozmJWz9dJWSVtXas2bZjzBEa//gQ7nHGVeQdqZJQ9rxPsoOAkfpi\r\n" \
|
||||
"qCFrmfUVUqC53e3XMt8+W+aSvKl+JZiB9ozkO9A6Q0vfQLKtjUMdQE3XaCFQT8DI\r\n" \
|
||||
"smaLBlBmeRaBpc02ENeC4ADlWosm1SwgxqMhuh2Alba/GrHOoPlVl4hDs9Fb5a6R\r\n" \
|
||||
"rmpXSt07GAxnG6j9jssA95E4rc1zO0CVKG5bvjVTxwi/sT0/VVX7VsJM4uTAQg==\r\n" \
|
||||
"-----END RSA PRIVATE KEY-----\r\n"
|
||||
|
||||
#if defined _MSC_VER && !defined snprintf
|
||||
#define snprintf _snprintf
|
||||
#endif
|
||||
|
||||
/*
|
||||
* For heap usage estimates, we need an estimate of the overhead per allocated
|
||||
* block. ptmalloc2/3 (used in gnu libc for instance) uses 2 size_t per block,
|
||||
* so use that as our baseline.
|
||||
*/
|
||||
#define MEM_BLOCK_OVERHEAD ( 2 * sizeof( size_t ) )
|
||||
|
||||
/*
|
||||
* Size to use for the malloc buffer if MEMORY_BUFFER_ALLOC_C is defined.
|
||||
*/
|
||||
#define HEAP_SIZE (1u << 16) // 64k
|
||||
|
||||
#define BUFSIZE 1024
|
||||
#define HEADER_FORMAT " %-24s : "
|
||||
#define TITLE_LEN 25
|
||||
|
||||
#define OPTIONS \
|
||||
"md4, md5, ripemd160, sha1, sha256, sha512,\r\n" \
|
||||
"arc4, des3, des, aes_cbc, aes_gcm, aes_ccm, camellia, blowfish,\r\n" \
|
||||
"havege, ctr_drbg, hmac_drbg\r\n" \
|
||||
"rsa, dhm, ecdsa, ecdh.\r\n"
|
||||
|
||||
#if defined(MBEDTLS_ERROR_C)
|
||||
#define PRINT_ERROR \
|
||||
mbedtls_strerror( ret, ( char * )tmp, sizeof( tmp ) ); \
|
||||
mbedtls_printf( "FAILED: %s\r\n", tmp );
|
||||
#else
|
||||
#define PRINT_ERROR \
|
||||
mbedtls_printf( "FAILED: -0x%04x\r\n", -ret );
|
||||
#endif
|
||||
|
||||
static unsigned long mbedtls_timing_hardclock( void )
|
||||
{
|
||||
static int dwt_started = 0;
|
||||
|
||||
if( dwt_started == 0 )
|
||||
{
|
||||
CoreDebug->DEMCR |= CoreDebug_DEMCR_TRCENA_Msk;
|
||||
DWT->CTRL |= DWT_CTRL_CYCCNTENA_Msk;
|
||||
}
|
||||
|
||||
return( DWT->CYCCNT );
|
||||
}
|
||||
|
||||
static volatile int alarmed;
|
||||
static void alarm() { alarmed = 1; }
|
||||
|
||||
#define TIME_AND_TSC( TITLE, CODE ) \
|
||||
do { \
|
||||
unsigned long i, j, tsc; \
|
||||
Timeout t; \
|
||||
\
|
||||
mbedtls_printf( HEADER_FORMAT, TITLE ); \
|
||||
fflush( stdout ); \
|
||||
\
|
||||
for( i = 1, alarmed = 0, t.attach( alarm, 1.0 ); !alarmed; i++ ) \
|
||||
{ \
|
||||
CODE; \
|
||||
} \
|
||||
\
|
||||
tsc = mbedtls_timing_hardclock(); \
|
||||
for( j = 0; j < 1024; j++ ) \
|
||||
{ \
|
||||
CODE; \
|
||||
} \
|
||||
\
|
||||
mbedtls_printf( "%9lu KiB/s, %9lu cycles/byte\r\n", \
|
||||
i * BUFSIZE / 1024, \
|
||||
( mbedtls_timing_hardclock() - tsc ) / ( j * BUFSIZE ) ); \
|
||||
} while( 0 )
|
||||
|
||||
#if defined(MBEDTLS_ERROR_C)
|
||||
#define PRINT_ERROR \
|
||||
mbedtls_strerror( ret, ( char * )tmp, sizeof( tmp ) ); \
|
||||
mbedtls_printf( "FAILED: %s\r\n", tmp );
|
||||
#else
|
||||
#define PRINT_ERROR \
|
||||
mbedtls_printf( "FAILED: -0x%04x\r\n", -ret );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_MEMORY_DEBUG)
|
||||
|
||||
#define MEMORY_MEASURE_INIT \
|
||||
size_t max_used, max_blocks, max_bytes; \
|
||||
size_t prv_used, prv_blocks; \
|
||||
mbedtls_memory_buffer_alloc_cur_get( &prv_used, &prv_blocks ); \
|
||||
mbedtls_memory_buffer_alloc_max_reset( );
|
||||
|
||||
#define MEMORY_MEASURE_PRINT( title_len ) \
|
||||
mbedtls_memory_buffer_alloc_max_get( &max_used, &max_blocks ); \
|
||||
for( i = 12 - title_len; i != 0; i-- ) mbedtls_printf( " " ); \
|
||||
max_used -= prv_used; \
|
||||
max_blocks -= prv_blocks; \
|
||||
max_bytes = max_used + MEM_BLOCK_OVERHEAD * max_blocks; \
|
||||
mbedtls_printf( "%6u heap bytes", (unsigned) max_bytes );
|
||||
|
||||
#else
|
||||
#define MEMORY_MEASURE_INIT
|
||||
#define MEMORY_MEASURE_PRINT( title_len )
|
||||
#endif
|
||||
|
||||
#define TIME_PUBLIC( TITLE, TYPE, CODE ) \
|
||||
do { \
|
||||
unsigned long ms; \
|
||||
int ret = 0; \
|
||||
Timer t; \
|
||||
MEMORY_MEASURE_INIT; \
|
||||
\
|
||||
mbedtls_printf( HEADER_FORMAT, TITLE ); \
|
||||
fflush( stdout ); \
|
||||
\
|
||||
t.start(); \
|
||||
CODE; \
|
||||
t.stop(); \
|
||||
ms = t.read_ms(); \
|
||||
\
|
||||
if( ret != 0 ) \
|
||||
{ \
|
||||
PRINT_ERROR; \
|
||||
} \
|
||||
else \
|
||||
{ \
|
||||
mbedtls_printf( "%6lu ms/" TYPE, ms ); \
|
||||
MEMORY_MEASURE_PRINT( sizeof( TYPE ) + 1 ); \
|
||||
mbedtls_printf( "\r\n" ); \
|
||||
} \
|
||||
} while( 0 )
|
||||
|
||||
static int myrand( void *rng_state, unsigned char *output, size_t len )
|
||||
{
|
||||
size_t use_len;
|
||||
int rnd;
|
||||
|
||||
if( rng_state != NULL )
|
||||
rng_state = NULL;
|
||||
|
||||
while( len > 0 )
|
||||
{
|
||||
use_len = len;
|
||||
if( use_len > sizeof(int) )
|
||||
use_len = sizeof(int);
|
||||
|
||||
rnd = rand();
|
||||
memcpy( output, &rnd, use_len );
|
||||
output += use_len;
|
||||
len -= use_len;
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Clear some memory that was used to prepare the context
|
||||
*/
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
void ecp_clear_precomputed( mbedtls_ecp_group *grp )
|
||||
{
|
||||
if( grp->T != NULL )
|
||||
{
|
||||
size_t i;
|
||||
for( i = 0; i < grp->T_size; i++ )
|
||||
mbedtls_ecp_point_free( &grp->T[i] );
|
||||
mbedtls_free( grp->T );
|
||||
}
|
||||
grp->T = NULL;
|
||||
grp->T_size = 0;
|
||||
}
|
||||
#else
|
||||
#define ecp_clear_precomputed( g )
|
||||
#endif
|
||||
|
||||
unsigned char buf[BUFSIZE];
|
||||
|
||||
typedef struct {
|
||||
char md4, md5, ripemd160, sha1, sha256, sha512,
|
||||
arc4, des3, des, aes_cbc, aes_gcm, aes_ccm, camellia, blowfish,
|
||||
havege, ctr_drbg, hmac_drbg,
|
||||
rsa, dhm, ecdsa, ecdh;
|
||||
} todo_list;
|
||||
|
||||
int benchmark( int argc, char *argv[] )
|
||||
{
|
||||
int i;
|
||||
unsigned char tmp[200];
|
||||
char title[TITLE_LEN];
|
||||
todo_list todo;
|
||||
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
|
||||
unsigned char malloc_buf[HEAP_SIZE] = { 0 };
|
||||
#endif
|
||||
|
||||
if( argc <= 1 )
|
||||
{
|
||||
memset( &todo, 1, sizeof( todo ) );
|
||||
}
|
||||
else
|
||||
{
|
||||
memset( &todo, 0, sizeof( todo ) );
|
||||
|
||||
for( i = 1; i < argc; i++ )
|
||||
{
|
||||
if( strcmp( argv[i], "md4" ) == 0 )
|
||||
todo.md4 = 1;
|
||||
else if( strcmp( argv[i], "md5" ) == 0 )
|
||||
todo.md5 = 1;
|
||||
else if( strcmp( argv[i], "ripemd160" ) == 0 )
|
||||
todo.ripemd160 = 1;
|
||||
else if( strcmp( argv[i], "sha1" ) == 0 )
|
||||
todo.sha1 = 1;
|
||||
else if( strcmp( argv[i], "sha256" ) == 0 )
|
||||
todo.sha256 = 1;
|
||||
else if( strcmp( argv[i], "sha512" ) == 0 )
|
||||
todo.sha512 = 1;
|
||||
else if( strcmp( argv[i], "arc4" ) == 0 )
|
||||
todo.arc4 = 1;
|
||||
else if( strcmp( argv[i], "des3" ) == 0 )
|
||||
todo.des3 = 1;
|
||||
else if( strcmp( argv[i], "des" ) == 0 )
|
||||
todo.des = 1;
|
||||
else if( strcmp( argv[i], "aes_cbc" ) == 0 )
|
||||
todo.aes_cbc = 1;
|
||||
else if( strcmp( argv[i], "aes_gcm" ) == 0 )
|
||||
todo.aes_gcm = 1;
|
||||
else if( strcmp( argv[i], "aes_ccm" ) == 0 )
|
||||
todo.aes_ccm = 1;
|
||||
else if( strcmp( argv[i], "camellia" ) == 0 )
|
||||
todo.camellia = 1;
|
||||
else if( strcmp( argv[i], "blowfish" ) == 0 )
|
||||
todo.blowfish = 1;
|
||||
else if( strcmp( argv[i], "havege" ) == 0 )
|
||||
todo.havege = 1;
|
||||
else if( strcmp( argv[i], "ctr_drbg" ) == 0 )
|
||||
todo.ctr_drbg = 1;
|
||||
else if( strcmp( argv[i], "hmac_drbg" ) == 0 )
|
||||
todo.hmac_drbg = 1;
|
||||
else if( strcmp( argv[i], "rsa" ) == 0 )
|
||||
todo.rsa = 1;
|
||||
else if( strcmp( argv[i], "dhm" ) == 0 )
|
||||
todo.dhm = 1;
|
||||
else if( strcmp( argv[i], "ecdsa" ) == 0 )
|
||||
todo.ecdsa = 1;
|
||||
else if( strcmp( argv[i], "ecdh" ) == 0 )
|
||||
todo.ecdh = 1;
|
||||
else
|
||||
{
|
||||
mbedtls_printf( "Unrecognized option: %s\r\n", argv[i] );
|
||||
mbedtls_printf( "Available options: " OPTIONS );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
mbedtls_printf( "\r\n\r\n" );
|
||||
|
||||
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
|
||||
mbedtls_memory_buffer_alloc_init( malloc_buf, sizeof( malloc_buf ) );
|
||||
#endif
|
||||
memset( buf, 0xAA, sizeof( buf ) );
|
||||
memset( tmp, 0xBB, sizeof( tmp ) );
|
||||
|
||||
#if defined(MBEDTLS_MD4_C)
|
||||
if( todo.md4 )
|
||||
TIME_AND_TSC( "MD4", mbedtls_md4( buf, BUFSIZE, tmp ) );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_MD5_C)
|
||||
if( todo.md5 )
|
||||
TIME_AND_TSC( "MD5", mbedtls_md5( buf, BUFSIZE, tmp ) );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_RIPEMD160_C)
|
||||
if( todo.ripemd160 )
|
||||
TIME_AND_TSC( "RIPEMD160", mbedtls_ripemd160( buf, BUFSIZE, tmp ) );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA1_C)
|
||||
if( todo.sha1 )
|
||||
TIME_AND_TSC( "SHA-1", mbedtls_sha1( buf, BUFSIZE, tmp ) );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
if( todo.sha256 )
|
||||
TIME_AND_TSC( "SHA-256", mbedtls_sha256( buf, BUFSIZE, tmp, 0 ) );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
if( todo.sha512 )
|
||||
TIME_AND_TSC( "SHA-512", mbedtls_sha512( buf, BUFSIZE, tmp, 0 ) );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ARC4_C)
|
||||
if( todo.arc4 )
|
||||
{
|
||||
mbedtls_arc4_context arc4;
|
||||
mbedtls_arc4_init( &arc4 );
|
||||
mbedtls_arc4_setup( &arc4, tmp, 32 );
|
||||
TIME_AND_TSC( "ARC4", mbedtls_arc4_crypt( &arc4, BUFSIZE, buf, buf ) );
|
||||
mbedtls_arc4_free( &arc4 );
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_DES_C) && defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
if( todo.des3 )
|
||||
{
|
||||
mbedtls_des3_context des3;
|
||||
mbedtls_des3_init( &des3 );
|
||||
mbedtls_des3_set3key_enc( &des3, tmp );
|
||||
TIME_AND_TSC( "3DES",
|
||||
mbedtls_des3_crypt_cbc( &des3, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
|
||||
mbedtls_des3_free( &des3 );
|
||||
}
|
||||
|
||||
if( todo.des )
|
||||
{
|
||||
mbedtls_des_context des;
|
||||
mbedtls_des_init( &des );
|
||||
mbedtls_des_setkey_enc( &des, tmp );
|
||||
TIME_AND_TSC( "DES",
|
||||
mbedtls_des_crypt_cbc( &des, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
|
||||
mbedtls_des_free( &des );
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_AES_C)
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
if( todo.aes_cbc )
|
||||
{
|
||||
int keysize;
|
||||
mbedtls_aes_context aes;
|
||||
mbedtls_aes_init( &aes );
|
||||
for( keysize = 128; keysize <= 256; keysize += 64 )
|
||||
{
|
||||
mbedtls_snprintf( title, sizeof( title ), "AES-CBC-%d", keysize );
|
||||
|
||||
memset( buf, 0, sizeof( buf ) );
|
||||
memset( tmp, 0, sizeof( tmp ) );
|
||||
mbedtls_aes_setkey_enc( &aes, tmp, keysize );
|
||||
|
||||
TIME_AND_TSC( title,
|
||||
mbedtls_aes_crypt_cbc( &aes, MBEDTLS_AES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
|
||||
}
|
||||
mbedtls_aes_free( &aes );
|
||||
}
|
||||
#endif
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
if( todo.aes_gcm )
|
||||
{
|
||||
int keysize;
|
||||
mbedtls_gcm_context gcm;
|
||||
|
||||
mbedtls_gcm_init( &gcm );
|
||||
for( keysize = 128; keysize <= 256; keysize += 64 )
|
||||
{
|
||||
mbedtls_snprintf( title, sizeof( title ), "AES-GCM-%d", keysize );
|
||||
|
||||
memset( buf, 0, sizeof( buf ) );
|
||||
memset( tmp, 0, sizeof( tmp ) );
|
||||
mbedtls_gcm_setkey( &gcm, MBEDTLS_CIPHER_ID_AES, tmp, keysize );
|
||||
|
||||
TIME_AND_TSC( title,
|
||||
mbedtls_gcm_crypt_and_tag( &gcm, MBEDTLS_GCM_ENCRYPT, BUFSIZE, tmp,
|
||||
12, NULL, 0, buf, buf, 16, tmp ) );
|
||||
|
||||
mbedtls_gcm_free( &gcm );
|
||||
}
|
||||
}
|
||||
#endif
|
||||
#if defined(MBEDTLS_CCM_C)
|
||||
if( todo.aes_ccm )
|
||||
{
|
||||
int keysize;
|
||||
mbedtls_ccm_context ccm;
|
||||
|
||||
mbedtls_ccm_init( &ccm );
|
||||
for( keysize = 128; keysize <= 256; keysize += 64 )
|
||||
{
|
||||
mbedtls_snprintf( title, sizeof( title ), "AES-CCM-%d", keysize );
|
||||
|
||||
memset( buf, 0, sizeof( buf ) );
|
||||
memset( tmp, 0, sizeof( tmp ) );
|
||||
mbedtls_ccm_setkey( &ccm, MBEDTLS_CIPHER_ID_AES, tmp, keysize );
|
||||
|
||||
TIME_AND_TSC( title,
|
||||
mbedtls_ccm_encrypt_and_tag( &ccm, BUFSIZE, tmp,
|
||||
12, NULL, 0, buf, buf, tmp, 16 ) );
|
||||
|
||||
mbedtls_ccm_free( &ccm );
|
||||
}
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CAMELLIA_C) && defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
if( todo.camellia )
|
||||
{
|
||||
int keysize;
|
||||
mbedtls_camellia_context camellia;
|
||||
mbedtls_camellia_init( &camellia );
|
||||
for( keysize = 128; keysize <= 256; keysize += 64 )
|
||||
{
|
||||
mbedtls_snprintf( title, sizeof( title ), "CAMELLIA-CBC-%d", keysize );
|
||||
|
||||
memset( buf, 0, sizeof( buf ) );
|
||||
memset( tmp, 0, sizeof( tmp ) );
|
||||
mbedtls_camellia_setkey_enc( &camellia, tmp, keysize );
|
||||
|
||||
TIME_AND_TSC( title,
|
||||
mbedtls_camellia_crypt_cbc( &camellia, MBEDTLS_CAMELLIA_ENCRYPT,
|
||||
BUFSIZE, tmp, buf, buf ) );
|
||||
}
|
||||
mbedtls_camellia_free( &camellia );
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_BLOWFISH_C) && defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
if( todo.blowfish )
|
||||
{
|
||||
int keysize;
|
||||
mbedtls_blowfish_context blowfish;
|
||||
mbedtls_blowfish_init( &blowfish );
|
||||
|
||||
for( keysize = 128; keysize <= 256; keysize += 64 )
|
||||
{
|
||||
mbedtls_snprintf( title, sizeof( title ), "BLOWFISH-CBC-%d", keysize );
|
||||
|
||||
memset( buf, 0, sizeof( buf ) );
|
||||
memset( tmp, 0, sizeof( tmp ) );
|
||||
mbedtls_blowfish_setkey( &blowfish, tmp, keysize );
|
||||
|
||||
TIME_AND_TSC( title,
|
||||
mbedtls_blowfish_crypt_cbc( &blowfish, MBEDTLS_BLOWFISH_ENCRYPT, BUFSIZE,
|
||||
tmp, buf, buf ) );
|
||||
}
|
||||
|
||||
mbedtls_blowfish_free( &blowfish );
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_HAVEGE_C)
|
||||
if( todo.havege )
|
||||
{
|
||||
mbedtls_havege_state hs;
|
||||
mbedtls_havege_init( &hs );
|
||||
TIME_AND_TSC( "HAVEGE", mbedtls_havege_random( &hs, buf, BUFSIZE ) );
|
||||
mbedtls_havege_free( &hs );
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CTR_DRBG_C)
|
||||
if( todo.ctr_drbg )
|
||||
{
|
||||
mbedtls_ctr_drbg_context ctr_drbg;
|
||||
|
||||
mbedtls_ctr_drbg_init( &ctr_drbg );
|
||||
|
||||
if( mbedtls_ctr_drbg_seed( &ctr_drbg, myrand, NULL, NULL, 0 ) != 0 )
|
||||
mbedtls_exit(1);
|
||||
TIME_AND_TSC( "CTR_DRBG (NOPR)",
|
||||
if( mbedtls_ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 )
|
||||
mbedtls_exit(1) );
|
||||
|
||||
if( mbedtls_ctr_drbg_seed( &ctr_drbg, myrand, NULL, NULL, 0 ) != 0 )
|
||||
mbedtls_exit(1);
|
||||
mbedtls_ctr_drbg_set_prediction_resistance( &ctr_drbg, MBEDTLS_CTR_DRBG_PR_ON );
|
||||
TIME_AND_TSC( "CTR_DRBG (PR)",
|
||||
if( mbedtls_ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 )
|
||||
mbedtls_exit(1) );
|
||||
mbedtls_ctr_drbg_free( &ctr_drbg );
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_HMAC_DRBG_C)
|
||||
if( todo.hmac_drbg )
|
||||
{
|
||||
mbedtls_hmac_drbg_context hmac_drbg;
|
||||
const mbedtls_md_info_t *md_info;
|
||||
|
||||
mbedtls_hmac_drbg_init( &hmac_drbg );
|
||||
|
||||
#if defined(MBEDTLS_SHA1_C)
|
||||
if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) == NULL )
|
||||
mbedtls_exit(1);
|
||||
|
||||
if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 )
|
||||
mbedtls_exit(1);
|
||||
TIME_AND_TSC( "HMAC_DRBG SHA-1 (NOPR)",
|
||||
if( mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) != 0 )
|
||||
mbedtls_exit(1) );
|
||||
mbedtls_hmac_drbg_free( &hmac_drbg );
|
||||
|
||||
if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 )
|
||||
mbedtls_exit(1);
|
||||
mbedtls_hmac_drbg_set_prediction_resistance( &hmac_drbg,
|
||||
MBEDTLS_HMAC_DRBG_PR_ON );
|
||||
TIME_AND_TSC( "HMAC_DRBG SHA-1 (PR)",
|
||||
if( mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) != 0 )
|
||||
mbedtls_exit(1) );
|
||||
mbedtls_hmac_drbg_free( &hmac_drbg );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ) ) == NULL )
|
||||
mbedtls_exit(1);
|
||||
|
||||
if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 )
|
||||
mbedtls_exit(1);
|
||||
TIME_AND_TSC( "HMAC_DRBG SHA-256 (NOPR)",
|
||||
if( mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) != 0 )
|
||||
mbedtls_exit(1) );
|
||||
mbedtls_hmac_drbg_free( &hmac_drbg );
|
||||
|
||||
if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 )
|
||||
mbedtls_exit(1);
|
||||
mbedtls_hmac_drbg_set_prediction_resistance( &hmac_drbg,
|
||||
MBEDTLS_HMAC_DRBG_PR_ON );
|
||||
TIME_AND_TSC( "HMAC_DRBG SHA-256 (PR)",
|
||||
if( mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) != 0 )
|
||||
mbedtls_exit(1) );
|
||||
mbedtls_hmac_drbg_free( &hmac_drbg );
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_RSA_C) && \
|
||||
defined(MBEDTLS_PEM_PARSE_C) && defined(MBEDTLS_PK_PARSE_C)
|
||||
if( todo.rsa )
|
||||
{
|
||||
mbedtls_pk_context pk;
|
||||
mbedtls_rsa_context *rsa;
|
||||
const char *rsa_keys[] = { RSA_PRIVATE_KEY_2048, RSA_PRIVATE_KEY_4096 };
|
||||
size_t i;
|
||||
|
||||
for( i = 0; i < sizeof( rsa_keys ) / sizeof( rsa_keys[0] ); i++ )
|
||||
{
|
||||
mbedtls_pk_init( &pk );
|
||||
mbedtls_pk_parse_key( &pk, (const unsigned char *) rsa_keys[i],
|
||||
strlen( rsa_keys[i] ) + 1, NULL, 0 );
|
||||
rsa = mbedtls_pk_rsa( pk );
|
||||
|
||||
mbedtls_snprintf( title, sizeof( title ), "RSA-%d", mbedtls_pk_get_bitlen( &pk ) );
|
||||
|
||||
TIME_PUBLIC( title, " public",
|
||||
buf[0] = 0;
|
||||
ret = mbedtls_rsa_public( rsa, buf, buf ) );
|
||||
|
||||
TIME_PUBLIC( title, "private",
|
||||
buf[0] = 0;
|
||||
ret = mbedtls_rsa_private( rsa, myrand, NULL, buf, buf ) );
|
||||
|
||||
mbedtls_pk_free( &pk );
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_BIGNUM_C)
|
||||
if( todo.dhm )
|
||||
{
|
||||
int dhm_sizes[] = { 2048, 3072 };
|
||||
const char *dhm_P[] = {
|
||||
MBEDTLS_DHM_RFC3526_MODP_2048_P,
|
||||
MBEDTLS_DHM_RFC3526_MODP_3072_P,
|
||||
};
|
||||
const char *dhm_G[] = {
|
||||
MBEDTLS_DHM_RFC3526_MODP_2048_G,
|
||||
MBEDTLS_DHM_RFC3526_MODP_3072_G,
|
||||
};
|
||||
|
||||
mbedtls_dhm_context dhm;
|
||||
size_t olen;
|
||||
for( i = 0; (size_t) i < sizeof( dhm_sizes ) / sizeof( dhm_sizes[0] ); i++ )
|
||||
{
|
||||
mbedtls_dhm_init( &dhm );
|
||||
|
||||
if( mbedtls_mpi_read_string( &dhm.P, 16, dhm_P[i] ) != 0 ||
|
||||
mbedtls_mpi_read_string( &dhm.G, 16, dhm_G[i] ) != 0 )
|
||||
{
|
||||
mbedtls_exit( 1 );
|
||||
}
|
||||
|
||||
dhm.len = mbedtls_mpi_size( &dhm.P );
|
||||
mbedtls_dhm_make_public( &dhm, (int) dhm.len, buf, dhm.len, myrand, NULL );
|
||||
if( mbedtls_mpi_copy( &dhm.GY, &dhm.GX ) != 0 )
|
||||
mbedtls_exit( 1 );
|
||||
|
||||
mbedtls_snprintf( title, sizeof( title ), "DHE-%d", dhm_sizes[i] );
|
||||
TIME_PUBLIC( title, "handshake",
|
||||
ret |= mbedtls_dhm_make_public( &dhm, (int) dhm.len, buf, dhm.len,
|
||||
myrand, NULL );
|
||||
ret |= mbedtls_dhm_calc_secret( &dhm, buf, sizeof( buf ), &olen, myrand, NULL ) );
|
||||
|
||||
mbedtls_snprintf( title, sizeof( title ), "DH-%d", dhm_sizes[i] );
|
||||
TIME_PUBLIC( title, "handshake",
|
||||
ret |= mbedtls_dhm_calc_secret( &dhm, buf, sizeof( buf ), &olen, myrand, NULL ) );
|
||||
|
||||
mbedtls_dhm_free( &dhm );
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA256_C)
|
||||
if( todo.ecdsa )
|
||||
{
|
||||
mbedtls_ecdsa_context ecdsa;
|
||||
const mbedtls_ecp_curve_info *curve_info;
|
||||
size_t sig_len;
|
||||
|
||||
memset( buf, 0x2A, sizeof( buf ) );
|
||||
|
||||
for( curve_info = mbedtls_ecp_curve_list();
|
||||
curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
|
||||
curve_info++ )
|
||||
{
|
||||
mbedtls_ecdsa_init( &ecdsa );
|
||||
|
||||
if( mbedtls_ecdsa_genkey( &ecdsa, curve_info->grp_id, myrand, NULL ) != 0 )
|
||||
mbedtls_exit( 1 );
|
||||
ecp_clear_precomputed( &ecdsa.grp );
|
||||
|
||||
mbedtls_snprintf( title, sizeof( title ), "ECDSA-%s",
|
||||
curve_info->name );
|
||||
TIME_PUBLIC( title, "sign",
|
||||
ret = mbedtls_ecdsa_write_signature( &ecdsa, MBEDTLS_MD_SHA256, buf, curve_info->bit_size,
|
||||
tmp, &sig_len, myrand, NULL ) );
|
||||
|
||||
mbedtls_ecdsa_free( &ecdsa );
|
||||
}
|
||||
|
||||
for( curve_info = mbedtls_ecp_curve_list();
|
||||
curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
|
||||
curve_info++ )
|
||||
{
|
||||
mbedtls_ecdsa_init( &ecdsa );
|
||||
|
||||
if( mbedtls_ecdsa_genkey( &ecdsa, curve_info->grp_id, myrand, NULL ) != 0 ||
|
||||
mbedtls_ecdsa_write_signature( &ecdsa, MBEDTLS_MD_SHA256, buf, curve_info->bit_size,
|
||||
tmp, &sig_len, myrand, NULL ) != 0 )
|
||||
{
|
||||
mbedtls_exit( 1 );
|
||||
}
|
||||
ecp_clear_precomputed( &ecdsa.grp );
|
||||
|
||||
mbedtls_snprintf( title, sizeof( title ), "ECDSA-%s",
|
||||
curve_info->name );
|
||||
TIME_PUBLIC( title, "verify",
|
||||
ret = mbedtls_ecdsa_read_signature( &ecdsa, buf, curve_info->bit_size,
|
||||
tmp, sig_len ) );
|
||||
|
||||
mbedtls_ecdsa_free( &ecdsa );
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C)
|
||||
if( todo.ecdh )
|
||||
{
|
||||
mbedtls_ecdh_context ecdh;
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
|
||||
mbedtls_mpi z;
|
||||
#endif
|
||||
const mbedtls_ecp_curve_info *curve_info;
|
||||
size_t olen;
|
||||
|
||||
for( curve_info = mbedtls_ecp_curve_list();
|
||||
curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
|
||||
curve_info++ )
|
||||
{
|
||||
mbedtls_ecdh_init( &ecdh );
|
||||
|
||||
if( mbedtls_ecp_group_load( &ecdh.grp, curve_info->grp_id ) != 0 ||
|
||||
mbedtls_ecdh_make_public( &ecdh, &olen, buf, sizeof( buf),
|
||||
myrand, NULL ) != 0 ||
|
||||
mbedtls_ecp_copy( &ecdh.Qp, &ecdh.Q ) != 0 )
|
||||
{
|
||||
mbedtls_exit( 1 );
|
||||
}
|
||||
ecp_clear_precomputed( &ecdh.grp );
|
||||
|
||||
mbedtls_snprintf( title, sizeof( title ), "ECDHE-%s",
|
||||
curve_info->name );
|
||||
TIME_PUBLIC( title, "handshake",
|
||||
ret |= mbedtls_ecdh_make_public( &ecdh, &olen, buf, sizeof( buf),
|
||||
myrand, NULL );
|
||||
ret |= mbedtls_ecdh_calc_secret( &ecdh, &olen, buf, sizeof( buf ),
|
||||
myrand, NULL ) );
|
||||
mbedtls_ecdh_free( &ecdh );
|
||||
}
|
||||
|
||||
/* Curve25519 needs to be handled separately */
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
|
||||
mbedtls_ecdh_init( &ecdh );
|
||||
mbedtls_mpi_init( &z );
|
||||
|
||||
if( mbedtls_ecp_group_load( &ecdh.grp, MBEDTLS_ECP_DP_CURVE25519 ) != 0 ||
|
||||
mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Qp, myrand, NULL ) != 0 )
|
||||
{
|
||||
mbedtls_exit( 1 );
|
||||
}
|
||||
|
||||
TIME_PUBLIC( "ECDHE-Curve25519", "handshake",
|
||||
ret |= mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Q,
|
||||
myrand, NULL );
|
||||
ret |= mbedtls_ecdh_compute_shared( &ecdh.grp, &z, &ecdh.Qp, &ecdh.d,
|
||||
myrand, NULL ) );
|
||||
|
||||
mbedtls_ecdh_free( &ecdh );
|
||||
mbedtls_mpi_free( &z );
|
||||
#endif
|
||||
|
||||
for( curve_info = mbedtls_ecp_curve_list();
|
||||
curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
|
||||
curve_info++ )
|
||||
{
|
||||
mbedtls_ecdh_init( &ecdh );
|
||||
|
||||
if( mbedtls_ecp_group_load( &ecdh.grp, curve_info->grp_id ) != 0 ||
|
||||
mbedtls_ecdh_make_public( &ecdh, &olen, buf, sizeof( buf),
|
||||
myrand, NULL ) != 0 ||
|
||||
mbedtls_ecp_copy( &ecdh.Qp, &ecdh.Q ) != 0 ||
|
||||
mbedtls_ecdh_make_public( &ecdh, &olen, buf, sizeof( buf),
|
||||
myrand, NULL ) != 0 )
|
||||
{
|
||||
mbedtls_exit( 1 );
|
||||
}
|
||||
ecp_clear_precomputed( &ecdh.grp );
|
||||
|
||||
mbedtls_snprintf( title, sizeof( title ), "ECDH-%s",
|
||||
curve_info->name );
|
||||
TIME_PUBLIC( title, "handshake",
|
||||
ret |= mbedtls_ecdh_calc_secret( &ecdh, &olen, buf, sizeof( buf ),
|
||||
myrand, NULL ) );
|
||||
mbedtls_ecdh_free( &ecdh );
|
||||
}
|
||||
|
||||
/* Curve25519 needs to be handled separately */
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
|
||||
mbedtls_ecdh_init( &ecdh );
|
||||
mbedtls_mpi_init( &z );
|
||||
|
||||
if( mbedtls_ecp_group_load( &ecdh.grp, MBEDTLS_ECP_DP_CURVE25519 ) != 0 ||
|
||||
mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Qp,
|
||||
myrand, NULL ) != 0 ||
|
||||
mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Q, myrand, NULL ) != 0 )
|
||||
{
|
||||
mbedtls_exit( 1 );
|
||||
}
|
||||
|
||||
TIME_PUBLIC( "ECDH-Curve25519", "handshake",
|
||||
ret |= mbedtls_ecdh_compute_shared( &ecdh.grp, &z, &ecdh.Qp, &ecdh.d,
|
||||
myrand, NULL ) );
|
||||
|
||||
mbedtls_ecdh_free( &ecdh );
|
||||
mbedtls_mpi_free( &z );
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
|
||||
mbedtls_printf( "\r\n" );
|
||||
|
||||
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
|
||||
mbedtls_memory_buffer_alloc_free();
|
||||
#endif
|
||||
|
||||
#if defined(_WIN32)
|
||||
mbedtls_printf( " Press Enter to exit this program.\r\n" );
|
||||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#include "mbed-drivers/test_env.h"
|
||||
#include "minar/minar.h"
|
||||
|
||||
static void run() {
|
||||
MBED_HOSTTEST_TIMEOUT(150);
|
||||
MBED_HOSTTEST_SELECT(default);
|
||||
MBED_HOSTTEST_DESCRIPTION(mbed TLS benchmark program);
|
||||
MBED_HOSTTEST_START("MBEDTLS_BENCHMARK");
|
||||
MBED_HOSTTEST_RESULT(benchmark(0, NULL) == 0);
|
||||
}
|
||||
|
||||
void app_start(int, char*[]) {
|
||||
/* Use 115200 bps for consistency with other examples */
|
||||
get_stdio_serial().baud(115200);
|
||||
minar::Scheduler::postCallback(mbed::util::FunctionPointer0<void>(run).bind());
|
||||
}
|
||||
|
||||
#endif /* TARGET_LIKE_MBED */
|
@ -1,67 +0,0 @@
|
||||
# SHA-256 Hash Example
|
||||
|
||||
This application performs hashing of a buffer with SHA-256 using various APIs. It serves as a tutorial for the basic hashing APIs of mbed TLS.
|
||||
|
||||
## Pre-requisites
|
||||
|
||||
To build and run this example you must have:
|
||||
|
||||
* A computer with the following software installed:
|
||||
* [CMake](http://www.cmake.org/download/).
|
||||
* [yotta](https://github.com/ARMmbed/yotta). Please note that **yotta has its own set of dependencies**, listed in the [installation instructions](http://armmbed.github.io/yotta/#installing-on-windows).
|
||||
* [Python](https://www.python.org/downloads/).
|
||||
* [The ARM GCC toolchain](https://launchpad.net/gcc-arm-embedded).
|
||||
* A serial terminal emulator (Like screen, pySerial and cu).
|
||||
* An [FRDM-K64F](http://developer.mbed.org/platforms/FRDM-K64F/) development board, or another board supported by mbed OS (in which case you'll have to substitute frdm-k64f-gcc with the appropriate target in the instructions below).
|
||||
* A micro-USB cable.
|
||||
* If your OS is Windows, please follow the installation instructions [for the serial port driver](https://developer.mbed.org/handbook/Windows-serial-configuration).
|
||||
|
||||
## Getting started
|
||||
|
||||
1. Connect the FRDM-K64F to the computer with the micro-USB cable, being careful to use the "OpenSDA" connector on the target board.
|
||||
|
||||
2. Navigate to the mbedtls directory supplied with your release and open a terminal.
|
||||
|
||||
3. Set the yotta target:
|
||||
|
||||
```
|
||||
yotta target frdm-k64f-gcc
|
||||
```
|
||||
|
||||
4. Build mbedtls and the examples. This may take a long time if this is your first compilation:
|
||||
|
||||
```
|
||||
$ yotta build
|
||||
```
|
||||
|
||||
5. Copy `build/frdm-k64f-gcc/test/mbedtls-test-example-hashing.bin` to your mbed board and wait until the LED next to the USB port stops blinking.
|
||||
|
||||
6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F.
|
||||
|
||||
Use the following settings:
|
||||
|
||||
* 115200 baud (not 9600).
|
||||
* 8N1.
|
||||
* No flow control.
|
||||
|
||||
7. Press the Reset button on the board.
|
||||
|
||||
8. The output in the terminal window should look like:
|
||||
|
||||
```
|
||||
{{timeout;10}}
|
||||
{{host_test_name;default}}
|
||||
{{description;mbed TLS example on hashing}}
|
||||
{{test_id;MBEDTLS_EX_HASHING}}
|
||||
{{start}}
|
||||
|
||||
|
||||
Method 1: 315f5bdb76d078c43b8ac0064e4a0164612b1fce77c869345bfc94c75894edd3
|
||||
Method 2: 315f5bdb76d078c43b8ac0064e4a0164612b1fce77c869345bfc94c75894edd3
|
||||
Method 3: 315f5bdb76d078c43b8ac0064e4a0164612b1fce77c869345bfc94c75894edd3
|
||||
Method 4: 315f5bdb76d078c43b8ac0064e4a0164612b1fce77c869345bfc94c75894edd3
|
||||
|
||||
DONE
|
||||
{{success}}
|
||||
{{end}}
|
||||
```
|
@ -1,177 +0,0 @@
|
||||
/*
|
||||
* Hello world example of using the hashing functions of mbed TLS
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
/*
|
||||
* This program illustrates various ways of hashing a buffer.
|
||||
* You normally need only one of these two includes.
|
||||
*/
|
||||
#include "mbedtls/sha256.h" /* SHA-256 only */
|
||||
#include "mbedtls/md.h" /* generic interface */
|
||||
|
||||
#if defined(TARGET_LIKE_MBED)
|
||||
#include "mbed-drivers/mbed.h"
|
||||
#endif
|
||||
#include <cstdio>
|
||||
|
||||
static void print_hex(const char *title, const unsigned char buf[], size_t len)
|
||||
{
|
||||
printf("%s: ", title);
|
||||
|
||||
for (size_t i = 0; i < len; i++)
|
||||
printf("%02x", buf[i]);
|
||||
|
||||
printf("\r\n");
|
||||
}
|
||||
|
||||
static const char hello_str[] = "Hello, world!";
|
||||
static const unsigned char *hello_buffer = (const unsigned char *) hello_str;
|
||||
static const size_t hello_len = sizeof hello_str - 1;
|
||||
|
||||
int example(void)
|
||||
{
|
||||
printf( "\r\n\r\n" );
|
||||
|
||||
/*
|
||||
* Method 1: use all-in-one function of a specific SHA-xxx module
|
||||
*/
|
||||
unsigned char output1[32]; /* SHA-256 outputs 32 bytes */
|
||||
|
||||
/* 0 here means use the full SHA-256, not the SHA-224 variant */
|
||||
mbedtls_sha256(hello_buffer, hello_len, output1, 0);
|
||||
|
||||
print_hex("Method 1", output1, sizeof output1);
|
||||
|
||||
|
||||
/*
|
||||
* Method 2: use the streaming interface of a specific SHA-xxx module
|
||||
* This is useful if we get our input piecewise.
|
||||
*/
|
||||
unsigned char output2[32];
|
||||
mbedtls_sha256_context ctx2;
|
||||
|
||||
mbedtls_sha256_init(&ctx2);
|
||||
mbedtls_sha256_starts(&ctx2, 0); /* SHA-256, not 224 */
|
||||
|
||||
/* Simulating multiple fragments */
|
||||
mbedtls_sha256_update(&ctx2, hello_buffer, 1);
|
||||
mbedtls_sha256_update(&ctx2, hello_buffer + 1, 1);
|
||||
mbedtls_sha256_update(&ctx2, hello_buffer + 2, hello_len - 2);
|
||||
|
||||
mbedtls_sha256_finish(&ctx2, output2);
|
||||
print_hex("Method 2", output2, sizeof output2);
|
||||
|
||||
/* Or you could re-use the context by doing mbedtls_sha256_starts() again */
|
||||
mbedtls_sha256_free(&ctx2);
|
||||
|
||||
/*
|
||||
* Method 3: use all-in-one function of the generice interface
|
||||
*/
|
||||
unsigned char output3[MBEDTLS_MD_MAX_SIZE]; /* Enough for any hash */
|
||||
|
||||
/* Can easily pick any hash you want, by identifier */
|
||||
const mbedtls_md_info_t *md_info3 = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
|
||||
|
||||
if (md_info3 == NULL)
|
||||
{
|
||||
printf("SHA256 not available\r\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
int ret3 = mbedtls_md(md_info3, hello_buffer, hello_len, output3);
|
||||
|
||||
if (ret3 != 0)
|
||||
{
|
||||
printf("md() returned -0x%04X\r\n", -ret3);
|
||||
return 1;
|
||||
}
|
||||
|
||||
print_hex("Method 3", output3, mbedtls_md_get_size(md_info3));
|
||||
|
||||
|
||||
/*
|
||||
* Method 4: streaming & generic interface
|
||||
*/
|
||||
unsigned char output4[MBEDTLS_MD_MAX_SIZE]; /* Enough for any hash */
|
||||
|
||||
const mbedtls_md_info_t *md_info4 = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
|
||||
|
||||
if (md_info4 == NULL)
|
||||
{
|
||||
printf("SHA256 not available\r\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
mbedtls_md_context_t ctx4;
|
||||
|
||||
mbedtls_md_init(&ctx4);
|
||||
|
||||
int ret4 = mbedtls_md_init_ctx(&ctx4, md_info4);
|
||||
if (ret4 != 0)
|
||||
{
|
||||
printf("md_init_ctx() returned -0x%04X\r\n", -ret4);
|
||||
return 1;
|
||||
}
|
||||
|
||||
mbedtls_md_starts(&ctx4);
|
||||
|
||||
/* Simulating multiple fragments */
|
||||
mbedtls_md_update(&ctx4, hello_buffer, 1);
|
||||
mbedtls_md_update(&ctx4, hello_buffer + 1, 1);
|
||||
mbedtls_md_update(&ctx4, hello_buffer + 2, hello_len - 2);
|
||||
|
||||
mbedtls_md_finish(&ctx4, output4);
|
||||
print_hex("Method 4", output4, mbedtls_md_get_size(md_info4));
|
||||
|
||||
/* Or you could re-use the context by doing mbedtls_md_starts() again */
|
||||
mbedtls_md_free(&ctx4);
|
||||
|
||||
|
||||
printf("\r\nDONE\r\n");
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#if defined(TARGET_LIKE_MBED)
|
||||
|
||||
#include "mbed-drivers/test_env.h"
|
||||
#include "minar/minar.h"
|
||||
|
||||
static void run() {
|
||||
MBED_HOSTTEST_TIMEOUT(10);
|
||||
MBED_HOSTTEST_SELECT(default);
|
||||
MBED_HOSTTEST_DESCRIPTION(mbed TLS example on hashing);
|
||||
MBED_HOSTTEST_START("MBEDTLS_EX_HASHING");
|
||||
MBED_HOSTTEST_RESULT(example() == 0);
|
||||
}
|
||||
|
||||
void app_start(int, char*[]) {
|
||||
/* Use 115200 bps for consistency with other examples */
|
||||
get_stdio_serial().baud(115200);
|
||||
minar::Scheduler::postCallback(mbed::util::FunctionPointer0<void>(run).bind());
|
||||
}
|
||||
|
||||
#else
|
||||
|
||||
int main() {
|
||||
return example();
|
||||
}
|
||||
|
||||
#endif
|
@ -1,82 +0,0 @@
|
||||
# mbed TLS Selftest Example
|
||||
|
||||
This application runs the various selftest functions of individual mbed TLS components. It serves as a basic sanity check to verify operation of mbed TLS on your platform. In the future, a wider portion of the mbed TLS test suite will become part of this example application.
|
||||
|
||||
## Pre-requisites
|
||||
|
||||
To build and run this example you must have:
|
||||
|
||||
* A computer with the following software installed:
|
||||
* [CMake](http://www.cmake.org/download/).
|
||||
* [yotta](https://github.com/ARMmbed/yotta). Please note that **yotta has its own set of dependencies**, listed in the [installation instructions](http://armmbed.github.io/yotta/#installing-on-windows).
|
||||
* [Python](https://www.python.org/downloads/).
|
||||
* [The ARM GCC toolchain](https://launchpad.net/gcc-arm-embedded).
|
||||
* A serial terminal emulator (Like screen, pySerial and cu).
|
||||
* An [FRDM-K64F](http://developer.mbed.org/platforms/FRDM-K64F/) development board, or another board supported by mbed OS (in which case you'll have to substitute frdm-k64f-gcc with the appropriate target in the instructions below).
|
||||
* A micro-USB cable.
|
||||
* If your OS is Windows, please follow the installation instructions [for the serial port driver](https://developer.mbed.org/handbook/Windows-serial-configuration).
|
||||
|
||||
## Getting started
|
||||
|
||||
1. Connect the FRDM-K64F to the computer with the micro-USB cable, being careful to use the "OpenSDA" connector on the target board.
|
||||
|
||||
2. Navigate to the mbedtls directory supplied with your release and open a terminal.
|
||||
|
||||
3. Set the yotta target:
|
||||
|
||||
```
|
||||
yotta target frdm-k64f-gcc
|
||||
```
|
||||
|
||||
4. Build mbedtls and the examples. This may take a long time if this is your first compilation:
|
||||
|
||||
```
|
||||
$ yotta build
|
||||
```
|
||||
|
||||
5. Copy `build/frdm-k64f-gcc/test/mbedtls-test-example-selftest.bin` to your mbed board and wait until the LED next to the USB port stops blinking.
|
||||
|
||||
6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F.
|
||||
|
||||
Use the following settings:
|
||||
|
||||
* 115200 baud (not 9600).
|
||||
* 8N1.
|
||||
* No flow control.
|
||||
|
||||
7. Press the Reset button on the board.
|
||||
|
||||
8. The output in the terminal window should look like:
|
||||
|
||||
```
|
||||
{{timeout;40}}
|
||||
{{host_test_name;default}}
|
||||
{{description;mbed TLS selftest program}}
|
||||
{{test_id;MBEDTLS_SELFTEST}}
|
||||
{{start}}
|
||||
|
||||
SHA-224 test #1: passed
|
||||
SHA-224 test #2: passed
|
||||
SHA-224 test #3: passed
|
||||
SHA-256 test #1: passed
|
||||
SHA-256 test #2: passed
|
||||
SHA-256 test #3: passed
|
||||
|
||||
[ ... several lines omitted ... ]
|
||||
|
||||
CTR_DRBG (PR = TRUE) : passed
|
||||
CTR_DRBG (PR = FALSE): passed
|
||||
|
||||
HMAC_DRBG (PR = True) : passed
|
||||
HMAC_DRBG (PR = False) : passed
|
||||
|
||||
ECP test #1 (constant op_count, base point G): passed
|
||||
ECP test #2 (constant op_count, other point): passed
|
||||
|
||||
ENTROPY test: passed
|
||||
|
||||
[ All tests passed ]
|
||||
|
||||
{{success}}
|
||||
{{end}}
|
||||
```
|
@ -1,268 +0,0 @@
|
||||
/*
|
||||
* Self-test demonstration program
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#if !defined(POLARSSL_CONFIG_FILE)
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "mbedtls/entropy.h"
|
||||
#include "mbedtls/hmac_drbg.h"
|
||||
#include "mbedtls/ctr_drbg.h"
|
||||
#include "mbedtls/dhm.h"
|
||||
#include "mbedtls/gcm.h"
|
||||
#include "mbedtls/ccm.h"
|
||||
#include "mbedtls/md2.h"
|
||||
#include "mbedtls/md4.h"
|
||||
#include "mbedtls/md5.h"
|
||||
#include "mbedtls/ripemd160.h"
|
||||
#include "mbedtls/sha1.h"
|
||||
#include "mbedtls/sha256.h"
|
||||
#include "mbedtls/sha512.h"
|
||||
#include "mbedtls/arc4.h"
|
||||
#include "mbedtls/des.h"
|
||||
#include "mbedtls/aes.h"
|
||||
#include "mbedtls/camellia.h"
|
||||
#include "mbedtls/base64.h"
|
||||
#include "mbedtls/bignum.h"
|
||||
#include "mbedtls/rsa.h"
|
||||
#include "mbedtls/x509.h"
|
||||
#include "mbedtls/xtea.h"
|
||||
#include "mbedtls/pkcs5.h"
|
||||
#include "mbedtls/ecp.h"
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#include <stdio.h>
|
||||
#define mbedtls_printf printf
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
|
||||
#include "mbedtls/memory_buffer_alloc.h"
|
||||
#endif
|
||||
|
||||
int selftest( int argc, char *argv[] )
|
||||
{
|
||||
int ret = 0, v;
|
||||
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
|
||||
unsigned char buf[1000000];
|
||||
#endif
|
||||
|
||||
if( argc == 2 && strcmp( argv[1], "-quiet" ) == 0 )
|
||||
v = 0;
|
||||
else
|
||||
{
|
||||
v = 1;
|
||||
mbedtls_printf( "\n" );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
|
||||
mbedtls_memory_buffer_alloc_init( buf, sizeof(buf) );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_MD2_C)
|
||||
if( ( ret = mbedtls_md2_self_test( v ) ) != 0 )
|
||||
return( ret );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_MD4_C)
|
||||
if( ( ret = mbedtls_md4_self_test( v ) ) != 0 )
|
||||
return( ret );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_MD5_C)
|
||||
if( ( ret = mbedtls_md5_self_test( v ) ) != 0 )
|
||||
return( ret );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_RIPEMD160_C)
|
||||
if( ( ret = mbedtls_ripemd160_self_test( v ) ) != 0 )
|
||||
return( ret );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA1_C)
|
||||
if( ( ret = mbedtls_sha1_self_test( v ) ) != 0 )
|
||||
return( ret );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
if( ( ret = mbedtls_sha256_self_test( v ) ) != 0 )
|
||||
return( ret );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
if( ( ret = mbedtls_sha512_self_test( v ) ) != 0 )
|
||||
return( ret );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ARC4_C)
|
||||
if( ( ret = mbedtls_arc4_self_test( v ) ) != 0 )
|
||||
return( ret );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_DES_C)
|
||||
if( ( ret = mbedtls_des_self_test( v ) ) != 0 )
|
||||
return( ret );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_AES_C)
|
||||
if( ( ret = mbedtls_aes_self_test( v ) ) != 0 )
|
||||
return( ret );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C)
|
||||
if( ( ret = mbedtls_gcm_self_test( v ) ) != 0 )
|
||||
return( ret );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C)
|
||||
if( ( ret = mbedtls_ccm_self_test( v ) ) != 0 )
|
||||
return( ret );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_BASE64_C)
|
||||
if( ( ret = mbedtls_base64_self_test( v ) ) != 0 )
|
||||
return( ret );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_BIGNUM_C)
|
||||
if( ( ret = mbedtls_mpi_self_test( v ) ) != 0 )
|
||||
return( ret );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
if( ( ret = mbedtls_rsa_self_test( v ) ) != 0 )
|
||||
return( ret );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_USE_C)
|
||||
if( ( ret = mbedtls_x509_self_test( v ) ) != 0 )
|
||||
return( ret );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_XTEA_C)
|
||||
if( ( ret = mbedtls_xtea_self_test( v ) ) != 0 )
|
||||
return( ret );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CAMELLIA_C)
|
||||
if( ( ret = mbedtls_camellia_self_test( v ) ) != 0 )
|
||||
return( ret );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CTR_DRBG_C)
|
||||
if( ( ret = mbedtls_ctr_drbg_self_test( v ) ) != 0 )
|
||||
return( ret );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_HMAC_DRBG_C)
|
||||
if( ( ret = mbedtls_hmac_drbg_self_test( v ) ) != 0 )
|
||||
return( ret );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
if( ( ret = mbedtls_ecp_self_test( v ) ) != 0 )
|
||||
return( ret );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_DHM_C)
|
||||
if( ( ret = mbedtls_dhm_self_test( v ) ) != 0 )
|
||||
return( ret );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ENTROPY_C)
|
||||
if( ( ret = mbedtls_entropy_self_test( v ) ) != 0 )
|
||||
return( ret );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PKCS5_C)
|
||||
if( ( ret = mbedtls_pkcs5_self_test( v ) ) != 0 )
|
||||
return( ret );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_TIMING_C)
|
||||
if( ( ret = mbedtls_timing_self_test( v ) ) != 0 )
|
||||
return( ret );
|
||||
#endif
|
||||
|
||||
#else
|
||||
mbedtls_printf( " POLARSSL_SELF_TEST not defined.\n" );
|
||||
#endif
|
||||
|
||||
if( v != 0 )
|
||||
{
|
||||
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_MEMORY_DEBUG)
|
||||
mbedtls_memory_buffer_alloc_status();
|
||||
#endif
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
|
||||
mbedtls_memory_buffer_alloc_free();
|
||||
|
||||
if( ( ret = mbedtls_memory_buffer_alloc_self_test( v ) ) != 0 )
|
||||
return( ret );
|
||||
#endif
|
||||
|
||||
if( v != 0 )
|
||||
{
|
||||
mbedtls_printf( " [ All tests passed ]\n\n" );
|
||||
#if defined(_WIN32)
|
||||
mbedtls_printf( " Press Enter to exit this program.\n" );
|
||||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
}
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#if defined(TARGET_LIKE_MBED)
|
||||
|
||||
#include "mbed-drivers/test_env.h"
|
||||
#include "minar/minar.h"
|
||||
|
||||
static void run() {
|
||||
MBED_HOSTTEST_TIMEOUT(40);
|
||||
MBED_HOSTTEST_SELECT(default);
|
||||
MBED_HOSTTEST_DESCRIPTION(mbed TLS selftest program);
|
||||
MBED_HOSTTEST_START("MBEDTLS_SELFTEST");
|
||||
MBED_HOSTTEST_RESULT(selftest(0, NULL) == 0);
|
||||
}
|
||||
|
||||
void app_start(int, char*[]) {
|
||||
/* Use 115200 bps for consistency with other examples */
|
||||
get_stdio_serial().baud(115200);
|
||||
minar::Scheduler::postCallback(mbed::util::FunctionPointer0<void>(run).bind());
|
||||
}
|
||||
|
||||
#else
|
||||
|
||||
int main() {
|
||||
return selftest(0, NULL);
|
||||
}
|
||||
|
||||
#endif
|
@ -1,18 +0,0 @@
|
||||
{
|
||||
"name": "mbedtls",
|
||||
"version": "2.3.1",
|
||||
"description": "The mbed TLS crypto/SSL/TLS library",
|
||||
"licenses": [
|
||||
{
|
||||
"url": "https://spdx.org/licenses/Apache-2.0",
|
||||
"type": "Apache-2.0"
|
||||
}
|
||||
],
|
||||
"dependencies": {},
|
||||
"targetDependencies": {
|
||||
"mbed": { "cmsis-core": "^1.0.0" }
|
||||
},
|
||||
"testTargetDependencies": {
|
||||
"mbed": { "mbed-drivers": "^1.0.0" }
|
||||
}
|
||||
}
|
@ -1,35 +0,0 @@
|
||||
/*
|
||||
* Temporary target-specific config.h for entropy collection
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#if defined(TARGET_LIKE_MBED)
|
||||
#define MBEDTLS_NO_PLATFORM_ENTROPY
|
||||
#undef MBEDTLS_HAVE_TIME_DATE
|
||||
#undef MBEDTLS_FS_IO
|
||||
#endif
|
||||
|
||||
/*
|
||||
* WARNING: this is temporary!
|
||||
* This should be in a separate yotta module which would be a target
|
||||
* dependency of mbedtls (see IOTSSL-313)
|
||||
*/
|
||||
#if defined(TARGET_LIKE_K64F)
|
||||
#define MBEDTLS_ENTROPY_HARDWARE_ALT
|
||||
#endif
|
Loading…
Reference in New Issue
Block a user