diff options
Diffstat (limited to 'tests')
-rwxr-xr-x | tests/parallel-signatures.py | 57 | ||||
-rw-r--r-- | tests/test-rsa.c | 41 |
2 files changed, 44 insertions, 54 deletions
diff --git a/tests/parallel-signatures.py b/tests/parallel-signatures.py index 006b753..8d98460 100755 --- a/tests/parallel-signatures.py +++ b/tests/parallel-signatures.py @@ -54,7 +54,6 @@ from argparse import ArgumentParser, ArgumentDefaultsHelpFormatter from tornado.gen import Return, coroutine from tornado.ioloop import IOLoop from tornado.iostream import IOStream, StreamClosedError -from tornado.queues import Queue from Crypto.Util.asn1 import DerSequence, DerNull, DerOctetString from Crypto.Util.number import inverse @@ -197,55 +196,52 @@ def pkcs1_hash_and_pad(text): @coroutine -def worker(args, k, p, q, r, m): - while True: - n = yield q.get() +def client(args, k, p, q, r, m, v, h): + while q: + n = q.pop(0) logger.debug("Signing %s", n) - try: - t0 = datetime.datetime.now() - s = yield p.sign(data = m) - t1 = datetime.datetime.now() - if args.verify: - k.verify(s) - r.add(t0, t1) - except: - logger.exception("Signature failed") - finally: - q.task_done() + t0 = datetime.datetime.now() + s = yield p.sign(data = m) + t1 = datetime.datetime.now() + logger.debug("Signature %s: %s", n, ":".join("{:02x}".format(ord(b)) for b in s)) + if args.verify and not v.verify(h, s): + raise RuntimeError("RSA verification failed") + r.add(t0, t1) + @coroutine def main(): parser = ArgumentParser(description = __doc__, formatter_class = ArgumentDefaultsHelpFormatter) parser.add_argument("-i", "--iterations", default = 1000, type = int, help = "iterations") + parser.add_argument("-c", "--clients", default = 4, type = int, help = "client count") parser.add_argument("-k", "--key", choices = tuple(key_table), default = "rsa_2048", help = "key to test") parser.add_argument("-p", "--pin", default = "fnord", help = "user PIN") - parser.add_argument("-q", "--quiet", action = "store_true", help = "be less chatty") + parser.add_argument("-q", "--quiet", action = "store_true", help = "bark less") + parser.add_argument("-d", "--debug", action = "store_true", help = "bark more") parser.add_argument("-t", "--text", default = "Hamsters'R'Us", help = "plaintext to sign") parser.add_argument("-v", "--verify", action = "store_true", help = "verify signatures") - parser.add_argument("-w", "--workers", default = 4, type = int, help = "worker count") args = parser.parse_args() + if args.debug: + logging.getLogger().setLevel(logging.DEBUG) + k = key_table[args.key] - q = Queue() - - tbs = pkcs1_hash_and_pad(args.text) - der = k.exportKey(format = "DER", pkcs = 8) + d = k.exportKey(format = "DER", pkcs = 8) + h = SHA256(args.text) + v = PKCS115_SigScheme(k) + q = range(args.iterations) + m = pkcs1_hash_and_pad(args.text) + r = Result(args, args.key) - hsms = [HSM() for i in xrange(args.workers)] + hsms = [HSM() for i in xrange(args.clients)] for hsm in hsms: yield hsm.login(HAL_USER_NORMAL, args.pin) - pkeys = yield [hsm.pkey_load(der, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE) for hsm in hsms] - - r = Result(args, args.key) - - for pkey in pkeys: - IOLoop.current().spawn_callback(worker, args, k, pkey, q, r, tbs) + pkeys = yield [hsm.pkey_load(d, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE) for hsm in hsms] - yield [q.put(i) for i in xrange(args.iterations)] - yield q.join() + yield [client(args, k, pkey, q, r, m, v, h) for pkey in pkeys] yield [pkey.delete() for pkey in pkeys] @@ -296,6 +292,7 @@ class Result(object): "mean {0.mean} " "speedup {0.speedup} " "(n {0.n}, " + "c {0.args.clients} " "t0 {0.t0} " "t1 {0.t1})\n").format(self)) sys.stdout.flush() diff --git a/tests/test-rsa.c b/tests/test-rsa.c index 176ba03..853f90f 100644 --- a/tests/test-rsa.c +++ b/tests/test-rsa.c @@ -49,8 +49,7 @@ * Run one modexp test. */ -static int test_modexp(hal_core_t *core, - const char * const kind, +static int test_modexp(const char * const kind, const rsa_tc_t * const tc, const rsa_tc_bn_t * const msg, /* Input message */ const rsa_tc_bn_t * const exp, /* Exponent */ @@ -61,7 +60,6 @@ static int test_modexp(hal_core_t *core, printf("%s test for %lu-bit RSA key\n", kind, (unsigned long) tc->size); hal_modexp_arg_t args = { - .core = core, .msg = msg->val, .msg_len = msg->len, .exp = exp->val, .exp_len = exp->len, .mod = tc->n.val, .mod_len = tc->n.len, @@ -83,8 +81,7 @@ static int test_modexp(hal_core_t *core, * Run one RSA CRT test. */ -static int test_decrypt(hal_core_t *core, - const char * const kind, +static int test_decrypt(const char * const kind, const rsa_tc_t * const tc) { printf("%s test for %lu-bit RSA key\n", kind, (unsigned long) tc->size); @@ -107,7 +104,7 @@ static int test_decrypt(hal_core_t *core, uint8_t result[tc->n.len]; - if ((err = hal_rsa_decrypt(core, NULL, key, tc->m.val, tc->m.len, result, sizeof(result))) != HAL_OK) + if ((err = hal_rsa_decrypt(NULL, NULL, key, tc->m.val, tc->m.len, result, sizeof(result))) != HAL_OK) printf("RSA CRT failed: %s\n", hal_error_string(err)); const int mismatch = (err == HAL_OK && memcmp(result, tc->s.val, tc->s.len) != 0); @@ -124,8 +121,7 @@ static int test_decrypt(hal_core_t *core, * Run one RSA key generation + CRT test. */ -static int test_gen(hal_core_t *core, - const char * const kind, +static int test_gen(const char * const kind, const rsa_tc_t * const tc) { printf("%s test for %lu-bit RSA key\n", kind, (unsigned long) tc->size); @@ -138,7 +134,7 @@ static int test_gen(hal_core_t *core, const uint8_t f4[] = { 0x01, 0x00, 0x01 }; - if ((err = hal_rsa_key_gen(core, &key1, keybuf1, sizeof(keybuf1), bitsToBytes(tc->size), f4, sizeof(f4))) != HAL_OK) + if ((err = hal_rsa_key_gen(NULL, &key1, keybuf1, sizeof(keybuf1), bitsToBytes(tc->size), f4, sizeof(f4))) != HAL_OK) return printf("RSA key generation failed: %s\n", hal_error_string(err)), 0; size_t der_len = 0; @@ -174,7 +170,7 @@ static int test_gen(hal_core_t *core, uint8_t result[tc->n.len]; - if ((err = hal_rsa_decrypt(core, NULL, key1, tc->m.val, tc->m.len, result, sizeof(result))) != HAL_OK) + if ((err = hal_rsa_decrypt(NULL, NULL, key1, tc->m.val, tc->m.len, result, sizeof(result))) != HAL_OK) printf("RSA CRT failed: %s\n", hal_error_string(err)); snprintf(fn, sizeof(fn), "test-rsa-sig-%04lu.der", (unsigned long) tc->size); @@ -192,7 +188,7 @@ static int test_gen(hal_core_t *core, if (err != HAL_OK) /* Deferred failure from hal_rsa_decrypt(), above */ return 0; - if ((err = hal_rsa_encrypt(core, key1, result, sizeof(result), result, sizeof(result))) != HAL_OK) + if ((err = hal_rsa_encrypt(NULL, key1, result, sizeof(result), result, sizeof(result))) != HAL_OK) printf("First RSA signature check failed: %s\n", hal_error_string(err)); int mismatch = 0; @@ -239,7 +235,7 @@ static int test_gen(hal_core_t *core, * the public key passes the signature verification test below. */ - if ((err = hal_rsa_encrypt(core, key2, result, sizeof(result), result, sizeof(result))) != HAL_OK) + if ((err = hal_rsa_encrypt(NULL, key2, result, sizeof(result), result, sizeof(result))) != HAL_OK) return printf("Second RSA signature check failed: %s\n", hal_error_string(err)), 0; if (err == HAL_OK && memcmp(result, tc->m.val, tc->m.len) != 0) @@ -286,34 +282,31 @@ static void _time_check(const struct timeval t0, const int ok) * and try generating a signature with that. */ -static int test_rsa(hal_core_t *core, const rsa_tc_t * const tc) +static int test_rsa(const rsa_tc_t * const tc) { int ok = 1; /* RSA encryption */ - time_check(test_modexp(core, "Verification", tc, &tc->s, &tc->e, &tc->m)); + time_check(test_modexp("Verification", tc, &tc->s, &tc->e, &tc->m)); /* Brute force RSA decryption */ - time_check(test_modexp(core, "Signature (ModExp)", tc, &tc->m, &tc->d, &tc->s)); + time_check(test_modexp("Signature (ModExp)", tc, &tc->m, &tc->d, &tc->s)); /* RSA decyrption using CRT */ - time_check(test_decrypt(core, "Signature (CRT)", tc)); + time_check(test_decrypt("Signature (CRT)", tc)); /* Key generation and CRT -- not test vector, so writes key and sig to file */ - time_check(test_gen(core, "Generation and CRT", tc)); + time_check(test_gen("Generation and CRT", tc)); return ok; } int main(void) { - hal_core_t *core = hal_core_find(MODEXPS6_NAME, NULL); - if (core == NULL) - core = hal_core_find(MODEXPA7_NAME, NULL); - const hal_core_info_t *core_info = hal_core_info(core); + const hal_core_info_t *info = hal_core_info(hal_core_find(MODEXPA7_NAME, NULL)); - if (core_info != NULL) - printf("\"%8.8s\" \"%4.4s\"\n\n", core_info->name, core_info->version); + if (info != NULL) + printf("\"%8.8s\" \"%4.4s\"\n\n", info->name, info->version); /* * Run the test cases. @@ -324,7 +317,7 @@ int main(void) /* Normal test */ for (size_t i = 0; i < (sizeof(rsa_tc)/sizeof(*rsa_tc)); i++) - if (!test_rsa(core, &rsa_tc[i])) + if (!test_rsa(&rsa_tc[i])) return 1; return 0; |