From ed7377dba90365c81a9bcdcbac69f9758dde57dd Mon Sep 17 00:00:00 2001 From: Nicola Tuveri Date: Mon, 3 Oct 2016 20:28:32 +0300 Subject: [PATCH] Use EVP interface for ECDH in apps/speed.c Reviewed-by: Richard Levitte Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1658) --- apps/speed.c | 181 ++++++++++++++++++++++++++------------------------- 1 file changed, 94 insertions(+), 87 deletions(-) diff --git a/apps/speed.c b/apps/speed.c index 0e4d224dbb..ad51922c03 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -163,8 +163,9 @@ typedef struct loopargs_st { #endif #ifndef OPENSSL_NO_EC EC_KEY *ecdsa[EC_NUM]; - EC_KEY *ecdh_a[EC_NUM]; - EC_KEY *ecdh_b[EC_NUM]; + //EVP_PKEY *ecdh_a[EC_NUM]; + //EVP_PKEY *ecdh_b[EC_NUM]; + EVP_PKEY_CTX *ecdh_ctx[EC_NUM]; unsigned char *secret_a; unsigned char *secret_b; size_t outlen; @@ -1040,20 +1041,30 @@ static int ECDSA_verify_loop(void *args) /* ******************************************************************** */ static long ecdh_c[EC_NUM][1]; -static int ECDH_compute_key_loop(void *args) +static void ECDH_EVP_derive_key(unsigned char *derived_secret, + size_t *outlen, + /*EVP_PKEY *ecdh_a,EVP_PKEY *ecdh_b,*/ + EVP_PKEY_CTX *ctx) { - loopargs_t *tempargs = *(loopargs_t **)args; - EC_KEY **ecdh_a = tempargs->ecdh_a; - EC_KEY **ecdh_b = tempargs->ecdh_b; - unsigned char *secret_a = tempargs->secret_a; + if( !EVP_PKEY_derive(ctx, derived_secret, outlen) ) { + // FIXME: handle errors + ; + } + return; +} + +static int ECDH_EVP_derive_key_loop(void *args) +{ + loopargs_t *tempargs = *(loopargs_t **) args; + //EVP_PKEY *ecdh_a = tempargs->ecdh_a[testnum]; + //EVP_PKEY *ecdh_b = tempargs->ecdh_b[testnum]; + EVP_PKEY_CTX *ctx = tempargs->ecdh_ctx[testnum]; + unsigned char *derived_secret = tempargs->secret_a; int count; - size_t outlen = tempargs->outlen; - kdf_fn kdf = tempargs->kdf; + size_t *outlen = &(tempargs->outlen); for (count = 0; COND(ecdh_c[testnum][0]); count++) { - ECDH_compute_key(secret_a, outlen, - EC_KEY_get0_public_key(ecdh_b[testnum]), - ecdh_a[testnum], kdf); + ECDH_EVP_derive_key(derived_secret, outlen, /*ecdh_a, ecdh_b,*/ ctx); } return count; } @@ -2558,85 +2569,80 @@ int speed_main(int argc, char **argv) if (!ecdh_doit[testnum]) continue; + for (i = 0; i < loopargs_len; i++) { - loopargs[i].ecdh_a[testnum] = EC_KEY_new_by_curve_name(test_curves[testnum]); - loopargs[i].ecdh_b[testnum] = EC_KEY_new_by_curve_name(test_curves[testnum]); - if (loopargs[i].ecdh_a[testnum] == NULL || - loopargs[i].ecdh_b[testnum] == NULL) { - ecdh_checks = 0; - break; - } - } - if (ecdh_checks == 0) { - BIO_printf(bio_err, "ECDH failure.\n"); - ERR_print_errors(bio_err); - rsa_count = 1; - } else { - for (i = 0; i < loopargs_len; i++) { - /* generate two ECDH key pairs */ - if (!EC_KEY_generate_key(loopargs[i].ecdh_a[testnum]) || - !EC_KEY_generate_key(loopargs[i].ecdh_b[testnum])) { - BIO_printf(bio_err, "ECDH key generation failure.\n"); - ERR_print_errors(bio_err); + EVP_PKEY_CTX *kctx = NULL, *ctx = NULL; + EVP_PKEY *key_A = NULL, *key_B = NULL; + + if (testnum == R_EC_X25519) { + kctx = EVP_PKEY_CTX_new_id(test_curves[testnum], NULL); // keygen ctx from NID + } else { + EVP_PKEY_CTX *pctx = NULL; + EVP_PKEY *params = NULL; + + if( /* Create the context for parameter generation */ + !(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL)) || + /* Initialise the parameter generation */ + !EVP_PKEY_paramgen_init(pctx) || + /* Set the curve by NID */ + !EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, test_curves[testnum]) || + /* Create the parameter object params */ + !EVP_PKEY_paramgen(pctx, ¶ms) || + 0) { ecdh_checks = 0; + BIO_printf(bio_err, "ECDH init failure.\n"); + ERR_print_errors(bio_err); rsa_count = 1; - } else { - int secret_size_a, secret_size_b; - /* - * If field size is not more than 24 octets, then use SHA-1 - * hash of result; otherwise, use result (see section 4.8 of - * draft-ietf-tls-ecc-03.txt). - */ - int field_size = EC_GROUP_get_degree( - EC_KEY_get0_group(loopargs[i].ecdh_a[testnum])); - - if (field_size <= 24 * 8) { /* 192 bits */ - loopargs[i].outlen = KDF1_SHA1_len; - loopargs[i].kdf = KDF1_SHA1; - } else { - loopargs[i].outlen = (field_size + 7) / 8; - loopargs[i].kdf = NULL; - } - secret_size_a = - ECDH_compute_key(loopargs[i].secret_a, loopargs[i].outlen, - EC_KEY_get0_public_key(loopargs[i].ecdh_b[testnum]), - loopargs[i].ecdh_a[testnum], loopargs[i].kdf); - secret_size_b = - ECDH_compute_key(loopargs[i].secret_b, loopargs[i].outlen, - EC_KEY_get0_public_key(loopargs[i].ecdh_a[testnum]), - loopargs[i].ecdh_b[testnum], loopargs[i].kdf); - if (secret_size_a != secret_size_b) - ecdh_checks = 0; - else - ecdh_checks = 1; - - for (k = 0; k < secret_size_a && ecdh_checks == 1; k++) { - if (loopargs[i].secret_a[k] != loopargs[i].secret_b[k]) - ecdh_checks = 0; - } - - if (ecdh_checks == 0) { - BIO_printf(bio_err, "ECDH computations don't match.\n"); - ERR_print_errors(bio_err); - rsa_count = 1; - break; - } + break; } + /* Create the context for the key generation */ + kctx = EVP_PKEY_CTX_new(params, NULL); + + EVP_PKEY_free(params); params = NULL; + EVP_PKEY_CTX_free(pctx); pctx = NULL; } - if (ecdh_checks != 0) { - pkey_print_message("", "ecdh", - ecdh_c[testnum][0], - test_curves_bits[testnum], ECDH_SECONDS); - Time_F(START); - count = run_benchmark(async_jobs, ECDH_compute_key_loop, loopargs); - d = Time_F(STOP); - BIO_printf(bio_err, - mr ? "+R7:%ld:%d:%.2f\n" : - "%ld %d-bit ECDH ops in %.2fs\n", count, - test_curves_bits[testnum], d); - ecdh_results[testnum][0] = d / (double)count; - rsa_count = count; + if ( !kctx || // keygen ctx is not null + !EVP_PKEY_keygen_init(kctx) || // init keygen ctx + 0) { + ecdh_checks = 0; + BIO_printf(bio_err, "ECDH keygen failure.\n"); + ERR_print_errors(bio_err); + rsa_count = 1; + break; } + + if ( !EVP_PKEY_keygen(kctx, &key_A) || // generate secret key A + !EVP_PKEY_keygen(kctx, &key_B) || // generate secret key B + !(ctx = EVP_PKEY_CTX_new(key_A, NULL)) || // derivation ctx from skeyA + !EVP_PKEY_derive_init(ctx) || // init derivation ctx + !EVP_PKEY_derive_set_peer(ctx, key_B) || // set peer pubkey in ctx + 0) { + ecdh_checks = 0; + BIO_printf(bio_err, "ECDH key generation failure.\n"); + ERR_print_errors(bio_err); + rsa_count = 1; + break; + } + + //loopargs[i].ecdh_a[testnum] = key_A; + //loopargs[i].ecdh_b[testnum] = key_B; + loopargs[i].ecdh_ctx[testnum] = ctx; + + EVP_PKEY_CTX_free(kctx); kctx = NULL; + } + if (ecdh_checks != 0) { + pkey_print_message("", "ecdh", + ecdh_c[testnum][0], + test_curves_bits[testnum], ECDH_SECONDS); + Time_F(START); + count = run_benchmark(async_jobs, ECDH_EVP_derive_key_loop, loopargs); + d = Time_F(STOP); + BIO_printf(bio_err, + mr ? "+R7:%ld:%d:%.2f\n" : + "%ld %d-bit ECDH ops in %.2fs\n", count, + test_curves_bits[testnum], d); + ecdh_results[testnum][0] = d / (double)count; + rsa_count = count; } if (rsa_count <= 1) { @@ -2799,8 +2805,9 @@ int speed_main(int argc, char **argv) #ifndef OPENSSL_NO_EC for (k = 0; k < EC_NUM; k++) { EC_KEY_free(loopargs[i].ecdsa[k]); - EC_KEY_free(loopargs[i].ecdh_a[k]); - EC_KEY_free(loopargs[i].ecdh_b[k]); + //EVP_PKEY_free(loopargs[i].ecdh_a[k]); + //EVP_PKEY_free(loopargs[i].ecdh_b[k]); + EVP_PKEY_CTX_free(loopargs[i].ecdh_ctx[k]); } OPENSSL_free(loopargs[i].secret_a); OPENSSL_free(loopargs[i].secret_b); -- 2.25.1