aboutsummaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
Diffstat (limited to 'tests')
-rwxr-xr-xtests/parallel-signatures.py57
-rw-r--r--tests/test-rsa.c41
2 files changed, 44 insertions, 54 deletions
diff --git a/tests/parallel-signatures.py b/tests/parallel-signatures.py
index 006b753..8d98460 100755
--- a/tests/parallel-signatures.py
+++ b/tests/parallel-signatures.py
@@ -54,7 +54,6 @@ from argparse import ArgumentParser, ArgumentDefaultsHelpFormatter
from tornado.gen import Return, coroutine
from tornado.ioloop import IOLoop
from tornado.iostream import IOStream, StreamClosedError
-from tornado.queues import Queue
from Crypto.Util.asn1 import DerSequence, DerNull, DerOctetString
from Crypto.Util.number import inverse
@@ -197,55 +196,52 @@ def pkcs1_hash_and_pad(text):
@coroutine
-def worker(args, k, p, q, r, m):
- while True:
- n = yield q.get()
+def client(args, k, p, q, r, m, v, h):
+ while q:
+ n = q.pop(0)
logger.debug("Signing %s", n)
- try:
- t0 = datetime.datetime.now()
- s = yield p.sign(data = m)
- t1 = datetime.datetime.now()
- if args.verify:
- k.verify(s)
- r.add(t0, t1)
- except:
- logger.exception("Signature failed")
- finally:
- q.task_done()
+ t0 = datetime.datetime.now()
+ s = yield p.sign(data = m)
+ t1 = datetime.datetime.now()
+ logger.debug("Signature %s: %s", n, ":".join("{:02x}".format(ord(b)) for b in s))
+ if args.verify and not v.verify(h, s):
+ raise RuntimeError("RSA verification failed")
+ r.add(t0, t1)
+
@coroutine
def main():
parser = ArgumentParser(description = __doc__, formatter_class = ArgumentDefaultsHelpFormatter)
parser.add_argument("-i", "--iterations", default = 1000, type = int, help = "iterations")
+ parser.add_argument("-c", "--clients", default = 4, type = int, help = "client count")
parser.add_argument("-k", "--key", choices = tuple(key_table),
default = "rsa_2048", help = "key to test")
parser.add_argument("-p", "--pin", default = "fnord", help = "user PIN")
- parser.add_argument("-q", "--quiet", action = "store_true", help = "be less chatty")
+ parser.add_argument("-q", "--quiet", action = "store_true", help = "bark less")
+ parser.add_argument("-d", "--debug", action = "store_true", help = "bark more")
parser.add_argument("-t", "--text", default = "Hamsters'R'Us", help = "plaintext to sign")
parser.add_argument("-v", "--verify", action = "store_true", help = "verify signatures")
- parser.add_argument("-w", "--workers", default = 4, type = int, help = "worker count")
args = parser.parse_args()
+ if args.debug:
+ logging.getLogger().setLevel(logging.DEBUG)
+
k = key_table[args.key]
- q = Queue()
-
- tbs = pkcs1_hash_and_pad(args.text)
- der = k.exportKey(format = "DER", pkcs = 8)
+ d = k.exportKey(format = "DER", pkcs = 8)
+ h = SHA256(args.text)
+ v = PKCS115_SigScheme(k)
+ q = range(args.iterations)
+ m = pkcs1_hash_and_pad(args.text)
+ r = Result(args, args.key)
- hsms = [HSM() for i in xrange(args.workers)]
+ hsms = [HSM() for i in xrange(args.clients)]
for hsm in hsms:
yield hsm.login(HAL_USER_NORMAL, args.pin)
- pkeys = yield [hsm.pkey_load(der, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE) for hsm in hsms]
-
- r = Result(args, args.key)
-
- for pkey in pkeys:
- IOLoop.current().spawn_callback(worker, args, k, pkey, q, r, tbs)
+ pkeys = yield [hsm.pkey_load(d, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE) for hsm in hsms]
- yield [q.put(i) for i in xrange(args.iterations)]
- yield q.join()
+ yield [client(args, k, pkey, q, r, m, v, h) for pkey in pkeys]
yield [pkey.delete() for pkey in pkeys]
@@ -296,6 +292,7 @@ class Result(object):
"mean {0.mean} "
"speedup {0.speedup} "
"(n {0.n}, "
+ "c {0.args.clients} "
"t0 {0.t0} "
"t1 {0.t1})\n").format(self))
sys.stdout.flush()
diff --git a/tests/test-rsa.c b/tests/test-rsa.c
index 176ba03..853f90f 100644
--- a/tests/test-rsa.c
+++ b/tests/test-rsa.c
@@ -49,8 +49,7 @@
* Run one modexp test.
*/
-static int test_modexp(hal_core_t *core,
- const char * const kind,
+static int test_modexp(const char * const kind,
const rsa_tc_t * const tc,
const rsa_tc_bn_t * const msg, /* Input message */
const rsa_tc_bn_t * const exp, /* Exponent */
@@ -61,7 +60,6 @@ static int test_modexp(hal_core_t *core,
printf("%s test for %lu-bit RSA key\n", kind, (unsigned long) tc->size);
hal_modexp_arg_t args = {
- .core = core,
.msg = msg->val, .msg_len = msg->len,
.exp = exp->val, .exp_len = exp->len,
.mod = tc->n.val, .mod_len = tc->n.len,
@@ -83,8 +81,7 @@ static int test_modexp(hal_core_t *core,
* Run one RSA CRT test.
*/
-static int test_decrypt(hal_core_t *core,
- const char * const kind,
+static int test_decrypt(const char * const kind,
const rsa_tc_t * const tc)
{
printf("%s test for %lu-bit RSA key\n", kind, (unsigned long) tc->size);
@@ -107,7 +104,7 @@ static int test_decrypt(hal_core_t *core,
uint8_t result[tc->n.len];
- if ((err = hal_rsa_decrypt(core, NULL, key, tc->m.val, tc->m.len, result, sizeof(result))) != HAL_OK)
+ if ((err = hal_rsa_decrypt(NULL, NULL, key, tc->m.val, tc->m.len, result, sizeof(result))) != HAL_OK)
printf("RSA CRT failed: %s\n", hal_error_string(err));
const int mismatch = (err == HAL_OK && memcmp(result, tc->s.val, tc->s.len) != 0);
@@ -124,8 +121,7 @@ static int test_decrypt(hal_core_t *core,
* Run one RSA key generation + CRT test.
*/
-static int test_gen(hal_core_t *core,
- const char * const kind,
+static int test_gen(const char * const kind,
const rsa_tc_t * const tc)
{
printf("%s test for %lu-bit RSA key\n", kind, (unsigned long) tc->size);
@@ -138,7 +134,7 @@ static int test_gen(hal_core_t *core,
const uint8_t f4[] = { 0x01, 0x00, 0x01 };
- if ((err = hal_rsa_key_gen(core, &key1, keybuf1, sizeof(keybuf1), bitsToBytes(tc->size), f4, sizeof(f4))) != HAL_OK)
+ if ((err = hal_rsa_key_gen(NULL, &key1, keybuf1, sizeof(keybuf1), bitsToBytes(tc->size), f4, sizeof(f4))) != HAL_OK)
return printf("RSA key generation failed: %s\n", hal_error_string(err)), 0;
size_t der_len = 0;
@@ -174,7 +170,7 @@ static int test_gen(hal_core_t *core,
uint8_t result[tc->n.len];
- if ((err = hal_rsa_decrypt(core, NULL, key1, tc->m.val, tc->m.len, result, sizeof(result))) != HAL_OK)
+ if ((err = hal_rsa_decrypt(NULL, NULL, key1, tc->m.val, tc->m.len, result, sizeof(result))) != HAL_OK)
printf("RSA CRT failed: %s\n", hal_error_string(err));
snprintf(fn, sizeof(fn), "test-rsa-sig-%04lu.der", (unsigned long) tc->size);
@@ -192,7 +188,7 @@ static int test_gen(hal_core_t *core,
if (err != HAL_OK) /* Deferred failure from hal_rsa_decrypt(), above */
return 0;
- if ((err = hal_rsa_encrypt(core, key1, result, sizeof(result), result, sizeof(result))) != HAL_OK)
+ if ((err = hal_rsa_encrypt(NULL, key1, result, sizeof(result), result, sizeof(result))) != HAL_OK)
printf("First RSA signature check failed: %s\n", hal_error_string(err));
int mismatch = 0;
@@ -239,7 +235,7 @@ static int test_gen(hal_core_t *core,
* the public key passes the signature verification test below.
*/
- if ((err = hal_rsa_encrypt(core, key2, result, sizeof(result), result, sizeof(result))) != HAL_OK)
+ if ((err = hal_rsa_encrypt(NULL, key2, result, sizeof(result), result, sizeof(result))) != HAL_OK)
return printf("Second RSA signature check failed: %s\n", hal_error_string(err)), 0;
if (err == HAL_OK && memcmp(result, tc->m.val, tc->m.len) != 0)
@@ -286,34 +282,31 @@ static void _time_check(const struct timeval t0, const int ok)
* and try generating a signature with that.
*/
-static int test_rsa(hal_core_t *core, const rsa_tc_t * const tc)
+static int test_rsa(const rsa_tc_t * const tc)
{
int ok = 1;
/* RSA encryption */
- time_check(test_modexp(core, "Verification", tc, &tc->s, &tc->e, &tc->m));
+ time_check(test_modexp("Verification", tc, &tc->s, &tc->e, &tc->m));
/* Brute force RSA decryption */
- time_check(test_modexp(core, "Signature (ModExp)", tc, &tc->m, &tc->d, &tc->s));
+ time_check(test_modexp("Signature (ModExp)", tc, &tc->m, &tc->d, &tc->s));
/* RSA decyrption using CRT */
- time_check(test_decrypt(core, "Signature (CRT)", tc));
+ time_check(test_decrypt("Signature (CRT)", tc));
/* Key generation and CRT -- not test vector, so writes key and sig to file */
- time_check(test_gen(core, "Generation and CRT", tc));
+ time_check(test_gen("Generation and CRT", tc));
return ok;
}
int main(void)
{
- hal_core_t *core = hal_core_find(MODEXPS6_NAME, NULL);
- if (core == NULL)
- core = hal_core_find(MODEXPA7_NAME, NULL);
- const hal_core_info_t *core_info = hal_core_info(core);
+ const hal_core_info_t *info = hal_core_info(hal_core_find(MODEXPA7_NAME, NULL));
- if (core_info != NULL)
- printf("\"%8.8s\" \"%4.4s\"\n\n", core_info->name, core_info->version);
+ if (info != NULL)
+ printf("\"%8.8s\" \"%4.4s\"\n\n", info->name, info->version);
/*
* Run the test cases.
@@ -324,7 +317,7 @@ int main(void)
/* Normal test */
for (size_t i = 0; i < (sizeof(rsa_tc)/sizeof(*rsa_tc)); i++)
- if (!test_rsa(core, &rsa_tc[i]))
+ if (!test_rsa(&rsa_tc[i]))
return 1;
return 0;