From 27e041246f520705da4c32101b09a1439a0241b1 Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 24 Mar 2016 08:42:19 -0700 Subject: [PATCH 1/3] Added benchmark for the RNG. --- wolfcrypt/benchmark/benchmark.c | 48 +++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index f77976be9..96c705077 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -84,6 +84,7 @@ #ifdef HAVE_NTRU #include "libntruencrypt/ntru_crypto.h" #endif +#include #if defined(WOLFSSL_MDK_ARM) extern FILE * wolfSSL_fopen(const char *fname, const char *mode) ; @@ -174,6 +175,7 @@ void bench_ed25519KeySign(void); void bench_ntru(void); void bench_ntruKeyGen(void); #endif +void bench_rng(void); double current_time(int); @@ -290,6 +292,7 @@ int benchmark_test(void *args) } #endif + bench_rng(); #ifndef NO_AES #ifdef HAVE_AES_CBC bench_aes(0); @@ -427,6 +430,51 @@ enum BenchmarkBounds { static const char blockType[] = "megs"; /* used in printf output */ #endif +void bench_rng(void) +{ + int ret, i; + double start, total, persec; +#ifndef HAVE_LOCAL_RNG + WC_RNG rng; +#endif + +#ifndef HAVE_LOCAL_RNG + ret = wc_InitRng(&rng); + if (ret < 0) { + printf("InitRNG failed\n"); + return; + } +#endif + + start = current_time(1); + BEGIN_INTEL_CYCLES + + for(i = 0; i < numBlocks; i++) { + ret = wc_RNG_GenerateBlock(&rng, plain, sizeof(plain)); + if (ret < 0) { + printf("wc_RNG_GenerateBlock failed %d\n", ret); + break; + } + } + + END_INTEL_CYCLES + total = current_time(0) - start; + + persec = 1 / total * numBlocks; +#ifdef BENCH_EMBEDDED + /* since using kB, convert to MB/s */ + persec = persec / 1024; +#endif + printf("RNG %d %s took %5.3f seconds, %8.3f MB/s", numBlocks, + blockType, total, persec); + SHOW_INTEL_CYCLES + printf("\n"); + +#ifndef HAVE_LOCAL_RNG + wc_FreeRng(&rng); +#endif +} + #ifndef NO_AES From f539a60a40f4be02b92233a8db23a8e66a63538a Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 25 Mar 2016 06:59:35 -0700 Subject: [PATCH 2/3] Adjusted the RNG benchmark to split into smaller requests of max allowed RNG size. --- wolfcrypt/benchmark/benchmark.c | 19 +++++++++++++++---- wolfcrypt/src/random.c | 7 ++++++- wolfssl/wolfcrypt/random.h | 2 ++ 3 files changed, 23 insertions(+), 5 deletions(-) diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 96c705077..31b2e7bea 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -434,6 +434,7 @@ void bench_rng(void) { int ret, i; double start, total, persec; + int pos, len, remain; #ifndef HAVE_LOCAL_RNG WC_RNG rng; #endif @@ -450,10 +451,20 @@ void bench_rng(void) BEGIN_INTEL_CYCLES for(i = 0; i < numBlocks; i++) { - ret = wc_RNG_GenerateBlock(&rng, plain, sizeof(plain)); - if (ret < 0) { - printf("wc_RNG_GenerateBlock failed %d\n", ret); - break; + /* Split request to handle large RNG request */ + pos = 0; + remain = (int)sizeof(plain); + while (remain > 0) { + len = remain; + if (len > RNG_MAX_BLOCK_LEN) + len = RNG_MAX_BLOCK_LEN; + ret = wc_RNG_GenerateBlock(&rng, &plain[pos], len); + if (ret < 0) { + printf("wc_RNG_GenerateBlock failed %d\n", ret); + break; + } + remain -= len; + pos += len; } } diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 2b5f40bfc..124e18281 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -194,6 +194,11 @@ int wc_FreeRng(WC_RNG* rng) #define DRBG_FAILED 2 #define DRBG_CONT_FAILED 3 +/* Verify max gen block len */ +#if RNG_MAX_BLOCK_LEN > MAX_REQUEST_LEN + #error RNG_MAX_BLOCK_LEN is larger than NIST DBRG max request length +#endif + enum { drbgInitC = 0, @@ -533,7 +538,7 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz) { int ret; - if (rng == NULL || output == NULL || sz > MAX_REQUEST_LEN) + if (rng == NULL || output == NULL || sz > RNG_MAX_BLOCK_LEN) return BAD_FUNC_ARG; if (rng->status != DRBG_OK) diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h index cfcc671a2..2e1e1e072 100644 --- a/wolfssl/wolfcrypt/random.h +++ b/wolfssl/wolfcrypt/random.h @@ -68,6 +68,8 @@ typedef struct OS_Seed { #endif } OS_Seed; +/* Maximum generate block length */ +#define RNG_MAX_BLOCK_LEN (0x10000) #if (defined(HAVE_HASHDRBG) || defined(NO_RC4)) && !defined(CUSTOM_RAND_GENERATE_BLOCK) From 5569dfe838a3a4e3bd62ff471c29c26416588435 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 25 Mar 2016 08:56:11 -0700 Subject: [PATCH 3/3] Fix with FIPS build and RNG_MAX_BLOCK_LEN define location. --- wolfssl/wolfcrypt/random.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h index 2e1e1e072..421203dd9 100644 --- a/wolfssl/wolfcrypt/random.h +++ b/wolfssl/wolfcrypt/random.h @@ -35,6 +35,9 @@ extern "C" { #endif +/* Maximum generate block length */ +#define RNG_MAX_BLOCK_LEN (0x10000) + #ifndef HAVE_FIPS /* avoid redefining structs and macros */ #if defined(WOLFSSL_FORCE_RC4_DRBG) && defined(NO_RC4) #error Cannot have WOLFSSL_FORCE_RC4_DRBG and NO_RC4 defined. @@ -68,8 +71,6 @@ typedef struct OS_Seed { #endif } OS_Seed; -/* Maximum generate block length */ -#define RNG_MAX_BLOCK_LEN (0x10000) #if (defined(HAVE_HASHDRBG) || defined(NO_RC4)) && !defined(CUSTOM_RAND_GENERATE_BLOCK)