xtest: add asymmetric cipher algorithm perf test

[yuzexiyzx]

Add perf test for DH,RSA,ECDH,ECDSA

[jenswi-linaro]

Would it make sense to refactor the *_perf TAs into a single TA instead?

[jenswi-linaro]

TA_FLAG_USER_MODE and TA_FLAG_EXEC_DDR are deprecated and not needed any longer.
I'm not sure TA_FLAG_SECURE_DATA_PATH or TA_FLAG_CACHE_MAINTENANCE are needed.
We should be able to define TA_FLAGS to 0.

[jenswi-linaro]

I think it's time to consolidate the *_perf TAs into a single TA new perf TA.

[jenswi-linaro]

It seems that there's quite a bit of copy & paste from host/xtest/hash_perf.c or host/xtest/aes_perf.c in this file.
Duplicated code is one thing, but now we have a third copy. It's time to consolidate the code before it get even harder to maintain.

[jforissier]

I agree.

[yuzexiyzx]

OK.I will consilidate them.What is the new TA's name?perf?

[yuzexiyzx]

I will do that with another commit after the asyn_cipher one. Is that OK?

[jforissier]

OK.I will consilidate them.What is the new TA's name?perf?

I suggest crypto_perf.

[yuzexiyzx]

@jenswi-linaro @jforissier I have modified the code according to the comments, but the CI failed. It seems that the error is not related to my change

[jforissier]

@jenswi-linaro @jforissier I have modified the code according to the comments, but the CI failed. It seems that the error is not related to my change

I think it is:

2023-09-15T04:12:31.8220760Z /__w/optee_test/optee_repo_qemu_v8/out-br/build/optee_test_ext-1.0/host/xtest/aes_perf.c:18:10: fatal error: ta_aes_perf.h: No such file or directory
2023-09-15T04:12:31.8221211Z    18 | #include <ta_aes_perf.h>

[jforissier]

It would be better to combine the apps before introducing the asymmetric ciphers...

[yuzexiyzx]

It would be better to combine the apps before introducing the asymmetric ciphers...
OK.Do you any have comments on the combining the apps commit? It would be easier for me to modify it before changing the commit order.

[etienne-lms]

Comments related to comit "xtest: add asymmetric cipher algorithm perf test".

[etienne-lms]

Update? (2023)

[etienne-lms]

prefer no typedef and use snake_case labels:

enum asym_cipher_mode {
	MODE_ENCRYPT = 0,
	MODE_DECRYPT = 1,
	MODE_SIGN = 2,
	MODE_VERIFY = 3,
	MODE_GENKEYPAIR = 4,
}

Ditto for RSA_Cipher_Mode and RSA_Sign_Mode below.

[etienne-lms]

swap the 2 above lines

[etienne-lms]

move to line 14

[etienne-lms]

Use EMSG() instead of printf() for error trace messages in the TA.

Ditto for the other occurences of printf() in this TA source file.
Note: also remove \n termination character when using EMSG().

[etienne-lms]

-s SALT_LEN ...

[etienne-lms]

I would suggest to use a switch/case here:

		...
		op.params[0].tmpref.buffer = buf;
		op.params[0].tmpref.size = blen;
		op.params[1].value.a = l;
		op.params[1].value.b = mode;

		switch (mode) {
		case MODE_ENCRYPT:
			op.params[2].memref.parent = &in_shm;
			op.params[2].memref.size = size;
			op.params[3].memref.parent = &out_shm;
			op.params[3].memref.size = out_shm.size;
			break;
		case MODE_SIGN:
			op.params[2].memref.parent = &hash_shm;
			op.params[2].memref.size = hash_shm.size;
			op.params[3].memref.parent = &out_shm;
			op.params[3].memref.size = out_shm.size;
			break;
		case MODE_DECRYPT:
			prepare_enc_sign(size, mode, is_random, buf, blen);
			op.params[2].memref.parent = &out_shm;
			op.params[2].memref.size = out_shm.size;
			op.params[3].memref.parent = &in_shm;
			op.params[3].memref.size = size;
			break;
		case MODE_VERIFY:
			prepare_enc_sign(size, mode, is_random, buf, blen);
			op.params[2].memref.parent = &hash_shm;
			op.params[2].memref.size = hash_shm.size;
			op.params[3].memref.parent = &out_shm;
			op.params[3].memref.size = out_shm.size;
			break;
		default:
			fprintf(stderr, "Unexpected mode value\n");
			exit(1);
		}

[etienne-lms]

thanks

[etienne-lms]

Replace is err with is not valid
I think these error message should better be printed with fprintf(stderr, ...)

Ditto for othter is err and is error occurrences below.

[etienne-lms]

s/0/TEE_SUCCESS/

Ditto at lines 165, 191 and 197.

[etienne-lms]

By the way, this TA does more than just cipher (sign/verify). Rename to ta_asymm_crypto_perf.h?

[etienne-lms]

move this line between line 20 and lien 21?

[etienne-lms]

remove "Cipher" (here and at few other places) since this is not only about ciphering.

[etienne-lms]

thanks

[etienne-lms]

= 0

[etienne-lms]

= 0

[etienne-lms]

indentation

[etienne-lms]

remove this empty line

[etienne-lms]

at this stage we're always successful. Prefer explicit return TEE_SUCCESS.

[etienne-lms]

return TEE_SUCCESS

[etienne-lms]

Fix trace message, e.g.:

	if (mode == MODE_DECRYPT)
		CHECK(res, "TEE_AsymmetricEncrypt", return res;);
	else
		CHECK(res, "TEE_AsymmetricSignDigest", return res;);

[yuzexiyzx]

@jforissier @etienne-lms I have modified the code according to the comments.

[jenswi-linaro]

I believe the copyright from 2015 should be kept since this file has only been edited.

[jenswi-linaro]

Drop this please, we don't use that any longer.

[jenswi-linaro]

SM4 support looks new, please mention that in the commit message.

[jforissier]

Reviewing commit "xtest: combine aes_perf and hash_perf into crypto_perf".

With my comments addressed:
Acked-by: Jerome Forissier <[email protected]>

[jforissier]

Please keep a common TA_CRYPTO_PERF_CMD_ prefix, to be consistent with TA_CRYPTO_PERF_UUID.

#define TA_CRYPTO_PERF_CMD_CIPHER_PREPARE_KEY	0
#define TA_CRYPTO_PERF_CMD_CIPHER_PROCESS	1
#define TA_CRYPTO_PERF_CMD_CIPHER_PROCESS_SDP	2
#define TA_CRYPTO_PERF_CMD_HASH_PREPARE_OP	3
#define TA_CRYPTO_PERF_CMD_HASH_PROCESS		4
...

[jforissier]

I believe the UUID should be changed. The new TA is not compatible with the old one, it accepts a different list of commands.

[etienne-lms]

nitpicking: would be better placed below line 10 (alphabetical order)

[etienne-lms]

could you move this at top

[etienne-lms]

please remove the space char. We don't use space char when casting: num_attrs = *(uint32_t *)(void *)buf;

[etienne-lms]

By the way, commit "xtest: add asymmetric cipher and SM4 algorithm perf test" no more implements the SM4 part. Could you update the commit message.

[jenswi-linaro]

These lines become too long in the usage() print. The width of a terminal is 80 columns.

[jenswi-linaro]

It would be more convenient to have a valid default value.

[jenswi-linaro]

This parameter should not be optional if the default value isn't usable.

[jenswi-linaro]

I'd rather take these parameters as strings. When this is used in a script or a saved sequence of commands it's easier to see what's tested. Same for the -m and -a parameters.

[yuzexiyzx]

May I keep this way to -a paramter,since there are too many cases in -a parameter.What's more, it is different for meaning of num when mode is ENC/DEC or SIGN/VERIFY

[jenswi-linaro]

Looping over const char *asym_algo[] = { "DH", "RSA", "ECDSA", "ECDH", "X25519" }; to determine the index and use that can't be too hard.

[yuzexiyzx]

DH,RSA……are -t parameters.I mean -a parameters，such as RSAES_PKCS1_V1_5，RSAES_PKCS1_OAEP_SHA256 and so on.

[jenswi-linaro]

The greater reason to use the same approach there.

[jforissier]

@yuzexiyzx you did not address this comment

[etienne-lms]

I think it would help to have 3 commits here. 1 for combining AES/hashes tests TA a,d applets, 1 for adding SM4 tests and the last one for asymm crypto tests. Sorry for such a late comment.

[etienne-lms]

swap the 2 above lines.

[etienne-lms]

prefer lower case m2 (use uppercase for macros).

[yuzexiyzx]

SM4 need more modification on CA side,so I will do this later in other pull request.SM4 will not be added here.

[jforissier]

xtest: combine aes and hash into crypto_perf

s/aes/AES/

There is quite a bit of copy in these files.So, I cosolidate the

consolidate

code to make it easier to maintain.In addition, SM4 algorithm is
added.

SM4 is not added, please remove.

[jforissier]

TA_CRYPTO_PERF_CMD_ASYM_CIPHER_PREPARE_KEYPAIR

[etienne-lms]

For commit "xtest: combine AES and hash into crypto_perf":
Acked-by: Etienne Carriere <[email protected]> with the 2 issues fixed.

[etienne-lms]

added macros from line 56 tp 68 belongs to commit "xtest: add asymmetric cipher perf test".

[etienne-lms]

addes cases from line 72 to line 82 belongs the the next commit in the series.

[etienne-lms]

Comments for commit "xtest: add asymmetric cipher perf test".

[etienne-lms]

nitpicking; would be better right below line 45 to follow alphabetical order.

[etienne-lms]

This function wrongly mixes TEE_Result values and TEE_TYPE_xxx values.
You could use TEE_TYPE_ILLEGAL_VALUE as error case return value, and change this function to return a uint32_t value.

[etienne-lms]

= TEE_TYPE_ILLEGAL_VALUE

[etienne-lms]

call TEE_FreeOperation(hash_op); before line 882.

[etienne-lms]

prefer split over 2 lines:

		s->min = x;
		s->max = x;

[etienne-lms]

return -1;

[etienne-lms]

use TEE_CRYPTO_ELEMENT_NONE that is the ID defined in the spec for when no curve element ID is applicable.
Definitly not TEE_ERROR_BAD_PARAMETERS that is a TEE_Result reserved ID.

[etienne-lms]

"... is not supported\n"

[etienne-lms]

At this stage, the perf test did not fail. Prefer return 0

[etienne-lms]

s/return res;/return -1;/ for consistency in return codes.
Ditto at line 458.

[jenswi-linaro]

Indentation

[jenswi-linaro]

The name tee_type is confusing, please find a better name. Perhaps algo_class or main_algo?

[jenswi-linaro]

The numbers mean nothing now, please remove them. Same below.

[jenswi-linaro]

ENC/DEC to match the -m MODE above.

[jenswi-linaro]

SIGN/VERIFY

[jenswi-linaro]

I don't suppose it's harmful, but why should we ignore the case?

[jenswi-linaro]

Please remove the "carriage ret" characters that it seems your editor has added in all patches of this PR.

[etienne-lms]

if (tee_type == TEE_TYPE_ILLEGAL_VALUE)

[etienne-lms]

It would be more consistent to use

	else if (mode == MODE_VERIFY)
		do_asym = TEE_AsymmetricVerifyDigest;

above and remove the below specific loop.

[etienne-lms]

for consistency and simplicity: CHECK(res, "TEE proccessing failed", goto out;);

[etienne-lms]

nitpicking: prefer between aes_perf.c \ and benchmark_1000.c \ to follow the alphabetical order.

[etienne-lms]

remove the space char

[etienne-lms]

I think there should not be a default value for algo type. Also main_algo is a numerical value whereas the option argument is expected to be a string: DH, RSA, ...
All in one, remove [%u] here IMHO.

[etienne-lms]

ditto about [%u]

[etienne-lms]

s/2(RSA)/RSA/

[etienne-lms]

s/0/RSA_NOPAD/

[etienne-lms]

s/TEE_SUCCESS/0/

[etienne-lms]

s/TEE_SUCCESS/0/

[etienne-lms]

indentation

		res = TEE_AsymmetricEncrypt(crypto_op_enc_sign, NULL, 0,
					    params[0].memref.buffer,
					    params[0].memref.size,
					    params[1].memref.buffer,
					    &params[1].memref.size);

[etienne-lms]

For commit "xtest: combine AES and hash into crypto_perf":

 Signed-off-by: Zexi Yu <[email protected]>
 Acked-by: Jerome Forissier <[email protected]>
-          Etienne Carriere <[email protected]>
+Acked-by: Etienne Carriere <[email protected]>

[etienne-lms]

This P-R is not far from being fine. Thanks for your patience. Some remaining issues to fix and few nitpicking comments to address.

Have a look at the CI test

[etienne-lms]

the variable name is value
Try to build with CFG_TEE_TA_LOG_LEVEL=0 then CFG_TEE_TA_LOG_LEVEL=4 to check debug traces syntax.

[etienne-lms]

indentation

[etienne-lms]

s/4/TEE_NUM_PARAMS/ for consistency with other functions.

Ditto for cmd_asym_prepare_keypair() and cmd_asym_prepare_hash().

[etienne-lms]

remove main_algo argument since no more printed.

same comment at line 141.

[etienne-lms]

nitpicking: for consistency with the other functions implementation:

 
 	res = TEEC_InvokeCommand(&sess, cmd, &op, &ret_origin);
-
 	check_res(res, "TEEC_InvokeCommand", &ret_origin);
-
 	out_shm.size = op.params[1].memref.size;
-
-	return;
 }

[etienne-lms]

			/*
			 * Avoid the problem that the last encryption result is
			 * less than the plaintext.
			 */

replace less with shorter?

[etienne-lms]

I think get_hash_sign_len() and get_hash_sign_len() could be merged into a single get_hash_len() function.

[etienne-lms]

	} else {
		return -1;
	}

[etienne-lms]

also call USAGE();

ditto at line 842

[etienne-lms]

TEE_CRYPTO_ELEMENT_NONE

[jforissier]

Let's use alphabetical order please since the list is mostly sorted already (hash_perf.c needs to move though)

[jforissier]

Same

[jforissier]

Same

[jforissier]

@yuzexiyzx you did not address this comment

[jforissier]

Replace tabs with 8 spaces

[jforissier]

Please add the default algorithm in square brackets like for other options.

[jforissier]

" -s SALT_LEN Salt length in bytes (only when ALGO is one of RSASSA_PKCS1_PSS_*) [%u]\n", salt_len

[jforissier]

I tried providing unsupported strings (-a XYZ) and also give -a when -t is not RSA, and I did not receive proper error messages.

[jforissier]

@yuzexiyzx please address comments, rebase onto latest master, and submit another PR. This one is getting too big, I often get error messages from GitHub when loading the page. Thanks.

[etienne-lms]

For the record: superseded by #706