From 021703c0adca3491a47bf631d8e76b1bbb1d7fa7 Mon Sep 17 00:00:00 2001 From: declan-ebz Date: Wed, 16 Jul 2025 15:00:22 +1000 Subject: [PATCH 1/4] Add PQC_sign_speed_test to sigtest.c for benchmarking --- iccpkg/pqc/sigtest.c | 108 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 106 insertions(+), 2 deletions(-) diff --git a/iccpkg/pqc/sigtest.c b/iccpkg/pqc/sigtest.c index b9638b0..22f1999 100644 --- a/iccpkg/pqc/sigtest.c +++ b/iccpkg/pqc/sigtest.c @@ -12,6 +12,7 @@ #include #include #include +#include #if 0 #include @@ -608,6 +609,100 @@ PQC_sign_test(ICC_CTX* ctx, const char* algname, const char* hash, size_t msg_le return 0; } +int PQC_sign_speed_test(ICC_CTX* ctx, const char* algname, const char* hash, size_t msg_len, int num_iters, int encdec) +{ + int i, ret_val; + double total_keygen = 0, total_sign = 0, total_verify = 0; + + for (i = 0; i < num_iters; i++) { + clock_t start, end; + pkbuf pk = { 0 }; /* public key */ + skbuf sk = { 0 }; /* private/secret key */ + sbuf signature = { 0 }; + unsigned char* message = malloc(msg_len); + if (!message) { + printf("Memory allocation failed\n"); + return 99; + } + count_up(message, msg_len); + /* Generate and time the public/private keypair */ + start = clock(); + ret_val = SignatureEVP_gen(ctx, algname, &pk, &sk, encdec); + end = clock(); + if (ret_val != 0) { + printf("SignatureEVP_gen failed at iteration %d with code %d\n", i, ret_val); + return 1; + } + total_keygen += (double)(end - start) / CLOCKS_PER_SEC; + + /* get rid of gen context */ + if (sk.ctx) { + ICC_EVP_PKEY_CTX_free(ctx, sk.ctx); + sk.ctx = NULL; + } + if (encdec & (raw | pkcs8)) { + /* delete ICC key and context so we use private encoding */ + if (sk.key) { + ICC_EVP_PKEY_free(ctx, sk.key); + sk.key = NULL; + } + } + + /* Time signature generation */ + start = clock(); + ret_val = SignatureEVP_sign(ctx, &signature, &sk, message, msg_len, encdec, hash); + end = clock(); + if (ret_val != 0) { + printf("SignatureEVP_sign failed at iteration %d with code %d\n", i, ret_val); + return 2; + } + total_sign += (double)(end - start) / CLOCKS_PER_SEC; + + /* Time signature verification */ + start = clock(); + ret_val = SignatureEVP_verify(ctx, &pk, message, msg_len, &signature, encdec, hash); + end = clock(); + if (ret_val != 0) { + printf("SignatureEVP_verify failed at iteration %d with code %d\n", i, ret_val); + return 3; + } + total_verify += (double)(end - start) / CLOCKS_PER_SEC; + + /* Clean up signature data allocated resources */ + if (signature.data) { + free(signature.data); + signature.data = NULL; + } + free(message); + + /* Clean up allocated resources */ + if (pk.der.data) { + free(pk.der.data); + pk.der.data = NULL; + } + if (sk.ctx) { + ICC_EVP_PKEY_CTX_free(ctx, sk.ctx); + sk.ctx = NULL; + } + if (sk.key) { + ICC_EVP_PKEY_free(ctx, sk.key); + sk.key = NULL; + } + if (sk.der.data) { + free(sk.der.data); + sk.der.data = NULL; + } + } + + printf("\n=== Timing results over %d iterations ===\n", num_iters); + printf("Average keygen: %.6f sec\n", total_keygen / num_iters); + printf("Average sign : %.6f sec\n", total_sign / num_iters); + printf("Average verify: %.6f sec\n", total_verify / num_iters); + printf("=========================================\n"); + + return 0; +} + static char* algs[] = { @@ -677,6 +772,8 @@ int main(int argc, const char *argv[]) size_t dataSize = 100; enum ed encdec = none; int rv = 0; + bool speed_test = false; + /* Parse command-line arguments */ if(argc > 1) { @@ -745,6 +842,9 @@ int main(int argc, const char *argv[]) i++; algname = argv[i]; } + else if (NULL != strstr(arg, "-speed")) { + speed_test = true; + } else if (*arg == '-') { /* another setting - pass it on */ i++; @@ -853,8 +953,12 @@ int main(int argc, const char *argv[]) algname = to_SIGNATURE_ALGNAME(3); /* Dilithium 768 */ printf("algname = %s\n", algname?algname:"NULL"); } - /* Execute the signature test */ - rv = PQC_sign_test(icc_ctx, algname, hash, dataSize, verbose, encdec); + /* Execute the signature test or speed test if the flag is set */ + if (speed_test) { + rv = PQC_sign_speed_test(icc_ctx, algname, hash, dataSize, 100, encdec); // 100 iterations + } else { + rv = PQC_sign_test(icc_ctx, algname, hash, dataSize, verbose, encdec); + } if (rv) { OpenSSLError(icc_ctx); printf("%s: Error %d, try -? to get help\n", algname, rv); From be35c84111b45d30674a20a156f2946aebf6a353 Mon Sep 17 00:00:00 2001 From: declan-ebz Date: Wed, 23 Jul 2025 13:01:09 +1000 Subject: [PATCH 2/4] Restructured speed tests into separate functions and added iterations in command args --- iccpkg/pqc/sigtest.c | 868 ++++++++++++++++++++++++++++--------------- 1 file changed, 572 insertions(+), 296 deletions(-) diff --git a/iccpkg/pqc/sigtest.c b/iccpkg/pqc/sigtest.c index 22f1999..9c966e6 100644 --- a/iccpkg/pqc/sigtest.c +++ b/iccpkg/pqc/sigtest.c @@ -4,41 +4,46 @@ this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution. */ - - /* - sigtest.c + +/* + sigtest.c */ #include #include #include #include -#include +#include #if 0 #include #else #define bool int #define false 0 -#define true 1 +#define true 1 #endif #if defined(_WIN32) -# include +#include #else -# include +#include #endif -# include "icc.h" +#include "icc.h" /* We want to use PKCS1 and PKCS8 encodings for i2d/d2i */ /* these are all independent bits that can be combined */ /* public is pkcs1 or binary (default) */ /* private is none, raw or pkcs8 */ -enum ed { none = 0, raw = 1, pkcs1 = 2, pkcs8 = 4 }; +enum ed +{ + none = 0, + raw = 1, + pkcs1 = 2, + pkcs8 = 4 +}; /* Helper function to print byte arrays in hexadecimal */ -static -void fprintBstr(FILE* fp, const char* S, const unsigned char* A, size_t L) +static void fprintBstr(FILE *fp, const char *S, const unsigned char *A, size_t L) { size_t i; @@ -53,36 +58,38 @@ void fprintBstr(FILE* fp, const char* S, const unsigned char* A, size_t L) fprintf(fp, "\n"); } -static -void -count_up(unsigned char* b, size_t n) +static void +count_up(unsigned char *b, size_t n) { size_t i; - for (i = 0; i < n; i++) { + for (i = 0; i < n; i++) + { b[i] = (unsigned char)i; } } - /* Key buffer definitions */ -struct kbuf_s { - unsigned char* data; +struct kbuf_s +{ + unsigned char *data; size_t len; }; typedef struct kbuf_s kbuf; /* Public key - encoded */ -struct pkbuf_s { +struct pkbuf_s +{ int nid; /* ICC key id */ kbuf der; }; typedef struct pkbuf_s pkbuf; /* Private key - holds context */ -struct skbuf_s { - ICC_EVP_PKEY_CTX* ctx; /* ICC context for the key */ - ICC_EVP_PKEY* key; /* the key */ - int nid; /* ICC key id */ +struct skbuf_s +{ + ICC_EVP_PKEY_CTX *ctx; /* ICC context for the key */ + ICC_EVP_PKEY *key; /* the key */ + int nid; /* ICC key id */ kbuf der; }; typedef struct skbuf_s skbuf; @@ -92,40 +99,47 @@ typedef kbuf sbuf; /* Generate signature key pair - return 0 for success */ -int -SignatureEVP_gen(ICC_CTX* ctx, const char* nm, pkbuf* p_pkc, skbuf* p_skc, enum ed encdec) +int SignatureEVP_gen(ICC_CTX *ctx, const char *nm, pkbuf *p_pkc, skbuf *p_skc, enum ed encdec) { - ICC_EVP_PKEY_CTX* evp_sp; /* key context */ - ICC_EVP_PKEY* pa = NULL; /* key pair */ + ICC_EVP_PKEY_CTX *evp_sp; /* key context */ + ICC_EVP_PKEY *pa = NULL; /* key pair */ int rv = ICC_OSSL_SUCCESS; const int nid = ICC_OBJ_txt2nid(ctx, nm); - if (!nid) { + if (!nid) + { return 1; /* Unsupported algorithm */ } evp_sp = ICC_EVP_PKEY_CTX_new_id(ctx, nid, NULL); - if (!evp_sp) { + if (!evp_sp) + { /* try newer API */ evp_sp = ICC_EVP_PKEY_CTX_new_from_name(ctx, NULL, nm, NULL); - if (!evp_sp) { + if (!evp_sp) + { return 2; /* Failed to create key context */ } } rv = ICC_EVP_PKEY_keygen_init(ctx, evp_sp); - if (rv != ICC_OSSL_SUCCESS) { - if (evp_sp) { + if (rv != ICC_OSSL_SUCCESS) + { + if (evp_sp) + { ICC_EVP_PKEY_CTX_free(ctx, evp_sp); } return 3; /* Keygen initialization failed */ } rv = ICC_EVP_PKEY_keygen(ctx, evp_sp, &pa); - if (rv != ICC_OSSL_SUCCESS) { - if (evp_sp) { + if (rv != ICC_OSSL_SUCCESS) + { + if (evp_sp) + { ICC_EVP_PKEY_CTX_free(ctx, evp_sp); } - if (pa) { + if (pa) + { ICC_EVP_PKEY_free(ctx, pa); } return 4; /* Key generation failed */ @@ -138,29 +152,34 @@ SignatureEVP_gen(ICC_CTX* ctx, const char* nm, pkbuf* p_pkc, skbuf* p_skc, enum /* encode (always) */ { int len; - unsigned char* pp = NULL; - if (encdec & pkcs1) { + unsigned char *pp = NULL; + if (encdec & pkcs1) + { /* PKCS1 */ /* this variant encodes the OID for the key type rather than a raw encoding */ len = ICC_i2d_PUBKEY(ctx, pa, NULL); - if (len <= 0) { + if (len <= 0) + { return 5; } p_pkc->der.len = len; pp = p_pkc->der.data = malloc(len); rv = ICC_i2d_PUBKEY(ctx, pa, &pp); } - else { + else + { /* binary */ len = ICC_i2d_PublicKey(ctx, pa, NULL); - if (len <= 0) { + if (len <= 0) + { return 5; /* Invalid public key length */ } p_pkc->der.len = len; pp = p_pkc->der.data = malloc(len); rv = ICC_i2d_PublicKey(ctx, pa, &pp); } - if (rv <= 0) { + if (rv <= 0) + { return 6; /* Failed to encode public key */ } } @@ -173,26 +192,31 @@ SignatureEVP_gen(ICC_CTX* ctx, const char* nm, pkbuf* p_pkc, skbuf* p_skc, enum { int len; - unsigned char* pp = NULL; - if (encdec & pkcs8) { - ICC_PKCS8_PRIV_KEY_INFO* p8 = ICC_EVP_PKEY2PKCS8(ctx, pa); - if (!p8) { + unsigned char *pp = NULL; + if (encdec & pkcs8) + { + ICC_PKCS8_PRIV_KEY_INFO *p8 = ICC_EVP_PKEY2PKCS8(ctx, pa); + if (!p8) + { return 11; } len = ICC_i2d_PKCS8_PRIV_KEY_INFO(ctx, p8, NULL); p_skc->der.len = len; pp = p_skc->der.data = malloc(len); rv = ICC_i2d_PKCS8_PRIV_KEY_INFO(ctx, p8, &pp); - if (rv <= 0) { + if (rv <= 0) + { return 7; /* Failed to encode private key */ } } - else if (encdec & raw) { + else if (encdec & raw) + { len = ICC_i2d_PrivateKey(ctx, pa, NULL); p_skc->der.len = len; pp = p_skc->der.data = malloc(len); rv = ICC_i2d_PrivateKey(ctx, pa, &pp); - if (rv <= 0) { + if (rv <= 0) + { return 7; /* Failed to encode private key */ } } @@ -205,27 +229,31 @@ SignatureEVP_gen(ICC_CTX* ctx, const char* nm, pkbuf* p_pkc, skbuf* p_skc, enum /* reconstruct keys from encoding */ { int len; - ICC_EVP_PKEY* npa = NULL; /* For decoded key */ - const unsigned char* pp = NULL; + ICC_EVP_PKEY *npa = NULL; /* For decoded key */ + const unsigned char *pp = NULL; /* public */ pp = p_pkc->der.data; len = (int)p_pkc->der.len; - if (encdec & pkcs1) { + if (encdec & pkcs1) + { /* reconstruct key from encoding */ npa = ICC_d2i_PUBKEY(ctx, &npa, &pp, len); } - else { + else + { /* Reconstruct public key from encoding and type */ npa = ICC_d2i_PublicKey(ctx, p_pkc->nid, &npa, &pp, len); } - if (!npa) { + if (!npa) + { return 1; /* Failed to reconstruct public key */ } - if (1 != ICC_EVP_PKEY_cmp(ctx, pa, npa)) { /*compare pubkey and decoded key */ + if (1 != ICC_EVP_PKEY_cmp(ctx, pa, npa)) + { /*compare pubkey and decoded key */ printf("warning - public key encode/decode missmatch\n"); - /* return 20; */ + /* return 20; */ } ICC_EVP_PKEY_free(ctx, npa); npa = NULL; @@ -233,33 +261,41 @@ SignatureEVP_gen(ICC_CTX* ctx, const char* nm, pkbuf* p_pkc, skbuf* p_skc, enum /* private */ pp = p_skc->der.data; len = (int)p_skc->der.len; - if (encdec & pkcs8) { - ICC_PKCS8_PRIV_KEY_INFO* p8 = NULL; + if (encdec & pkcs8) + { + ICC_PKCS8_PRIV_KEY_INFO *p8 = NULL; p8 = ICC_d2i_PKCS8_PRIV_KEY_INFO(ctx, NULL, &pp, len); - if (!p8) { + if (!p8) + { return 11; } npa = ICC_EVP_PKCS82PKEY(ctx, p8); ICC_PKCS8_PRIV_KEY_INFO_free(ctx, p8); - if (!npa) { + if (!npa) + { return 9; } } - else if (encdec & raw) { + else if (encdec & raw) + { npa = ICC_d2i_PrivateKey(ctx, p_skc->nid, &npa, &pp, len); - if (!npa) { + if (!npa) + { return 9; } } - if(npa) { + if (npa) + { size_t keylen = ICC_EVP_PKEY_size(ctx, pa); size_t kl = ICC_EVP_PKEY_size(ctx, npa); - if (keylen == 0 || kl != keylen) { + if (keylen == 0 || kl != keylen) + { printf("warning - key size missmatch %d != %d\n", (int)keylen, (int)kl); return 22; } - if (1 != ICC_EVP_PKEY_cmp(ctx, pa, npa)) { + if (1 != ICC_EVP_PKEY_cmp(ctx, pa, npa)) + { printf("warning - private key encode/decode missmatch\n"); /* return 21; */ } @@ -273,114 +309,135 @@ SignatureEVP_gen(ICC_CTX* ctx, const char* nm, pkbuf* p_pkc, skbuf* p_skc, enum /* Sign a message - return 0 for success, non-zero otherwise */ -int -SignatureEVP_sign(ICC_CTX* ctx, sbuf* sig, const skbuf* p_skc, const unsigned char* msg, size_t msg_len, enum ed encdec, const char* hash) +int SignatureEVP_sign(ICC_CTX *ctx, sbuf *sig, const skbuf *p_skc, const unsigned char *msg, size_t msg_len, enum ed encdec, const char *hash) { int rc; size_t siglen = 0; - unsigned char* signature; + unsigned char *signature; - ICC_EVP_PKEY* skey = p_skc->key; - if (!skey) { + ICC_EVP_PKEY *skey = p_skc->key; + if (!skey) + { /* reconstruct key from encoding */ - const unsigned char* pp = p_skc->der.data; - if (encdec & pkcs8) { - ICC_PKCS8_PRIV_KEY_INFO* p8 = NULL; + const unsigned char *pp = p_skc->der.data; + if (encdec & pkcs8) + { + ICC_PKCS8_PRIV_KEY_INFO *p8 = NULL; p8 = ICC_d2i_PKCS8_PRIV_KEY_INFO(ctx, NULL, &pp, (long)p_skc->der.len); - if (!p8) { + if (!p8) + { return 11; } skey = ICC_EVP_PKCS82PKEY(ctx, p8); ICC_PKCS8_PRIV_KEY_INFO_free(ctx, p8); } - else { + else + { skey = ICC_d2i_PrivateKey(ctx, p_skc->nid, &skey, &pp, (long)p_skc->der.len); } - if (!skey) { + if (!skey) + { return 9; } } /* - * May need to hash if sign alg is limited in size. - * Note that PQC hash internally so no hashing reqired. - */ - if (!hash) { - ICC_EVP_PKEY_CTX* skc = p_skc->ctx; /* Private key context */ + * May need to hash if sign alg is limited in size. + * Note that PQC hash internally so no hashing reqired. + */ + if (!hash) + { + ICC_EVP_PKEY_CTX *skc = p_skc->ctx; /* Private key context */ - if (!skc) { + if (!skc) + { /* create context from key */ skc = ICC_EVP_PKEY_CTX_new(ctx, skey, NULL); - if (!skc) { + if (!skc) + { return 10; /* no context */ } } rc = ICC_EVP_PKEY_sign_init(ctx, skc); - if (rc != ICC_OSSL_SUCCESS) { + if (rc != ICC_OSSL_SUCCESS) + { return 1; /* Sign initialization failed */ } rc = ICC_EVP_PKEY_sign(ctx, skc, NULL, &siglen, msg, msg_len); - if (rc != ICC_OSSL_SUCCESS) { + if (rc != ICC_OSSL_SUCCESS) + { return 2; /* Failed to get signature length */ } signature = malloc(siglen); - if (!signature) { + if (!signature) + { return 3; /* Memory allocation failed */ } rc = ICC_EVP_PKEY_sign(ctx, skc, signature, &siglen, msg, msg_len); - if (rc != ICC_OSSL_SUCCESS) { + if (rc != ICC_OSSL_SUCCESS) + { free(signature); return 4; /* Signing failed */ } - if (!p_skc->ctx) { + if (!p_skc->ctx) + { /* free temp ctx */ ICC_EVP_PKEY_CTX_free(ctx, skc); } } - else { + else + { /* need to hash / sign */ unsigned int slen; - ICC_EVP_MD_CTX* md = NULL; + ICC_EVP_MD_CTX *md = NULL; md = ICC_EVP_MD_CTX_new(ctx); ICC_EVP_MD_CTX_init(ctx, md); { - const ICC_EVP_MD* mdt = NULL; /* does not need to be freed */ + const ICC_EVP_MD *mdt = NULL; /* does not need to be freed */ mdt = ICC_EVP_get_digestbyname(ctx, hash); rc = ICC_EVP_SignInit(ctx, md, mdt); - if (rc != ICC_OSSL_SUCCESS) { + if (rc != ICC_OSSL_SUCCESS) + { return 5; } } rc = ICC_EVP_SignUpdate(ctx, md, msg, (unsigned int)msg_len); - if (rc != ICC_OSSL_SUCCESS) { + if (rc != ICC_OSSL_SUCCESS) + { return 6; } rc = ICC_EVP_SignFinal(ctx, md, NULL, &slen, skey); - if (rc != ICC_OSSL_SUCCESS) { - if (!p_skc->key) { + if (rc != ICC_OSSL_SUCCESS) + { + if (!p_skc->key) + { /* clean up temporary */ ICC_EVP_PKEY_free(ctx, skey); } return 7; } signature = malloc(slen); - if (!signature) { - if (!p_skc->key) { + if (!signature) + { + if (!p_skc->key) + { /* clean up temporary */ ICC_EVP_PKEY_free(ctx, skey); } return 3; /* Memory allocation failed */ } rc = ICC_EVP_SignFinal(ctx, md, signature, &slen, skey); - if (rc != ICC_OSSL_SUCCESS) { + if (rc != ICC_OSSL_SUCCESS) + { free(signature); - if (!p_skc->key) { + if (!p_skc->key) + { /* clean up temporary */ ICC_EVP_PKEY_free(ctx, skey); } @@ -394,7 +451,8 @@ SignatureEVP_sign(ICC_CTX* ctx, sbuf* sig, const skbuf* p_skc, const unsigned ch sig->data = signature; sig->len = siglen; - if (!p_skc->key) { + if (!p_skc->key) + { /* clean up temporary */ ICC_EVP_PKEY_free(ctx, skey); } @@ -403,45 +461,51 @@ SignatureEVP_sign(ICC_CTX* ctx, sbuf* sig, const skbuf* p_skc, const unsigned ch } /* Verify a signature - return 0 for success, non-zero for failure */ -int -SignatureEVP_verify(ICC_CTX* ctx, const pkbuf* p_pkc, const unsigned char* msg, size_t msg_len, const sbuf* sig, enum ed encdec, const char* hash) +int SignatureEVP_verify(ICC_CTX *ctx, const pkbuf *p_pkc, const unsigned char *msg, size_t msg_len, const sbuf *sig, enum ed encdec, const char *hash) { int rc = -1; - ICC_EVP_PKEY* pa = NULL; - ICC_EVP_PKEY_CTX* evp_pk = NULL; + ICC_EVP_PKEY *pa = NULL; + ICC_EVP_PKEY_CTX *evp_pk = NULL; /* public key */ { - const unsigned char* pp = p_pkc->der.data; + const unsigned char *pp = p_pkc->der.data; long len = (long)p_pkc->der.len; - if (encdec & pkcs1) { + if (encdec & pkcs1) + { /* reconstruct key from encoding */ pa = ICC_d2i_PUBKEY(ctx, &pa, &pp, (long)len); } - else { + else + { /* Reconstruct public key from encoding and type */ pa = ICC_d2i_PublicKey(ctx, p_pkc->nid, &pa, &pp, len); } - if (!pa) { + if (!pa) + { return 1; /* Failed to reconstruct public key */ } } /* EVP context */ evp_pk = ICC_EVP_PKEY_CTX_new(ctx, pa, NULL); - if (!evp_pk) { + if (!evp_pk) + { /* try new API */ evp_pk = ICC_EVP_PKEY_CTX_new_from_pkey(ctx, NULL, pa, NULL); - if (!evp_pk) { + if (!evp_pk) + { ICC_EVP_PKEY_free(ctx, pa); return 2; /* Failed to create public key context */ } } - if (!hash) { + if (!hash) + { rc = ICC_EVP_PKEY_verify_init(ctx, evp_pk); - if (rc != ICC_OSSL_SUCCESS) { + if (rc != ICC_OSSL_SUCCESS) + { ICC_EVP_PKEY_free(ctx, pa); ICC_EVP_PKEY_CTX_free(ctx, evp_pk); return 3; /* Verification initialization failed */ @@ -449,17 +513,19 @@ SignatureEVP_verify(ICC_CTX* ctx, const pkbuf* p_pkc, const unsigned char* msg, rc = ICC_EVP_PKEY_verify(ctx, evp_pk, sig->data, sig->len, msg, msg_len); } - else { + else + { /* need to hash / verify */ - - ICC_EVP_MD_CTX* md = NULL; + + ICC_EVP_MD_CTX *md = NULL; md = ICC_EVP_MD_CTX_new(ctx); ICC_EVP_MD_CTX_init(ctx, md); { - const ICC_EVP_MD* mdt = NULL; /* does not need to be freed */ + const ICC_EVP_MD *mdt = NULL; /* does not need to be freed */ mdt = ICC_EVP_get_digestbyname(ctx, hash); rc = ICC_EVP_VerifyInit(ctx, md, mdt); - if (rc != ICC_OSSL_SUCCESS) { + if (rc != ICC_OSSL_SUCCESS) + { ICC_EVP_MD_CTX_free(ctx, md); ICC_EVP_PKEY_free(ctx, pa); ICC_EVP_PKEY_CTX_free(ctx, evp_pk); @@ -467,7 +533,8 @@ SignatureEVP_verify(ICC_CTX* ctx, const pkbuf* p_pkc, const unsigned char* msg, } } rc = ICC_EVP_VerifyUpdate(ctx, md, msg, (unsigned int)msg_len); - if (rc != ICC_OSSL_SUCCESS) { + if (rc != ICC_OSSL_SUCCESS) + { ICC_EVP_MD_CTX_free(ctx, md); ICC_EVP_PKEY_free(ctx, pa); ICC_EVP_PKEY_CTX_free(ctx, evp_pk); @@ -481,12 +548,14 @@ SignatureEVP_verify(ICC_CTX* ctx, const pkbuf* p_pkc, const unsigned char* msg, /* clean up */ ICC_EVP_PKEY_free(ctx, pa); ICC_EVP_PKEY_CTX_free(ctx, evp_pk); - + /* final status check of the verification call */ - if (rc < 0) { + if (rc < 0) + { return 4; /* Verification error */ } - if (rc == 0) { + if (rc == 0) + { return 5; /* Verification failed */ } @@ -494,33 +563,37 @@ SignatureEVP_verify(ICC_CTX* ctx, const pkbuf* p_pkc, const unsigned char* msg, } /* Signature test function - generates keys, signs a message, and verifies the signature */ -int -PQC_sign_test(ICC_CTX* ctx, const char* algname, const char* hash, size_t msg_len, int verbose, int encdec) +int PQC_sign_test(ICC_CTX *ctx, const char *algname, const char *hash, size_t msg_len, int verbose, int encdec) { - FILE* fp_rsp = stdout; + FILE *fp_rsp = stdout; int ret_val; - pkbuf pk = { 0 }; /* public key */ - skbuf sk = { 0 }; /* private/secret key */ + pkbuf pk = {0}; /* public key */ + skbuf sk = {0}; /* private/secret key */ - if (verbose) { + if (verbose) + { printf("Algorithm : %s\n", algname); - printf("Hash : %s\n", hash? hash:"NULL"); + printf("Hash : %s\n", hash ? hash : "NULL"); printf("Data length : %u\n", (unsigned)msg_len); } { /* Generate the public/private keypair */ - if (verbose) { + if (verbose) + { printf("keygen\t"); } - if ((ret_val = SignatureEVP_gen(ctx, algname, &pk, &sk, encdec)) != 0) { + if ((ret_val = SignatureEVP_gen(ctx, algname, &pk, &sk, encdec)) != 0) + { printf("Error: SignatureEVP_gen(ctx, %s, &pk, &sk, %d) returned <%d>\n", algname, encdec, ret_val); return 1; } - if (verbose) { + if (verbose) + { fprintBstr(fp_rsp, "pk = ", pk.der.data, pk.der.len); - if (encdec & (raw | pkcs8)) { + if (encdec & (raw | pkcs8)) + { fprintBstr(fp_rsp, "sk = ", sk.der.data, sk.der.len); } } @@ -529,20 +602,24 @@ PQC_sign_test(ICC_CTX* ctx, const char* algname, const char* hash, size_t msg_le { int keylen = 0; keylen = ICC_EVP_PKEY_size(ctx, sk.key); - if (verbose) { + if (verbose) + { fprintf(fp_rsp, "key size = %d", keylen); } } /* get rid of gen context */ - if (sk.ctx) { + if (sk.ctx) + { ICC_EVP_PKEY_CTX_free(ctx, sk.ctx); sk.ctx = NULL; } - if (encdec & (raw|pkcs8)) { + if (encdec & (raw | pkcs8)) + { /* delete ICC key and context so we use private encoding */ - if (sk.key) { + if (sk.key) + { ICC_EVP_PKEY_free(ctx, sk.key); sk.key = NULL; } @@ -550,38 +627,46 @@ PQC_sign_test(ICC_CTX* ctx, const char* algname, const char* hash, size_t msg_le { sbuf signature; - unsigned char* message = malloc(msg_len); - if (message) { + unsigned char *message = malloc(msg_len); + if (message) + { count_up(message, msg_len); } - if (verbose) { + if (verbose) + { printf("sign\t"); } - if ((ret_val = SignatureEVP_sign(ctx, &signature, &sk, message, msg_len, encdec, hash)) != 0) { + if ((ret_val = SignatureEVP_sign(ctx, &signature, &sk, message, msg_len, encdec, hash)) != 0) + { printf("SignatureEVP_sign returned <%d>\n", ret_val); return 2; } - if (verbose) { + if (verbose) + { fprintBstr(fp_rsp, "signature = ", signature.data, signature.len); } fprintf(fp_rsp, "\n"); - if (verbose) { + if (verbose) + { printf("verify\t"); } { ret_val = SignatureEVP_verify(ctx, &pk, message, msg_len, &signature, encdec, hash); - if (ret_val != 0) { + if (ret_val != 0) + { printf("SignatureEVP_verify failed with code <%d>\n", ret_val); return 3; } - else { + else + { if (verbose) printf("Signature verification succeeded.\n"); } } - if (signature.data) { + if (signature.data) + { free(signature.data); signature.data = NULL; } @@ -589,19 +674,23 @@ PQC_sign_test(ICC_CTX* ctx, const char* algname, const char* hash, size_t msg_le } /* Clean up allocated resources */ - if (pk.der.data) { + if (pk.der.data) + { free(pk.der.data); pk.der.data = NULL; } - if (sk.ctx) { + if (sk.ctx) + { ICC_EVP_PKEY_CTX_free(ctx, sk.ctx); sk.ctx = NULL; } - if (sk.key) { + if (sk.key) + { ICC_EVP_PKEY_free(ctx, sk.key); sk.key = NULL; } - if (sk.der.data) { + if (sk.der.data) + { free(sk.der.data); sk.der.data = NULL; } @@ -609,152 +698,295 @@ PQC_sign_test(ICC_CTX* ctx, const char* algname, const char* hash, size_t msg_le return 0; } -int PQC_sign_speed_test(ICC_CTX* ctx, const char* algname, const char* hash, size_t msg_len, int num_iters, int encdec) +// int PQC_sign_speed_test(ICC_CTX* ctx, const char* algname, const char* hash, size_t msg_len, int num_iters, int encdec) +// { +// int i, ret_val; +// double total_keygen = 0, total_sign = 0, total_verify = 0; + +// for (i = 0; i < num_iters; i++) { +// clock_t start, end; +// pkbuf pk = { 0 }; /* public key */ +// skbuf sk = { 0 }; /* private/secret key */ +// sbuf signature = { 0 }; +// unsigned char* message = malloc(msg_len); +// if (!message) { +// printf("Memory allocation failed\n"); +// return 99; +// } +// count_up(message, msg_len); +// /* Generate and time the public/private keypair */ +// start = clock(); +// ret_val = SignatureEVP_gen(ctx, algname, &pk, &sk, encdec); +// end = clock(); +// if (ret_val != 0) { +// printf("SignatureEVP_gen failed at iteration %d with code %d\n", i, ret_val); +// return 1; +// } +// total_keygen += (double)(end - start) / CLOCKS_PER_SEC; + +// /* get rid of gen context */ +// if (sk.ctx) { +// ICC_EVP_PKEY_CTX_free(ctx, sk.ctx); +// sk.ctx = NULL; +// } +// if (encdec & (raw | pkcs8)) { +// /* delete ICC key and context so we use private encoding */ +// if (sk.key) { +// ICC_EVP_PKEY_free(ctx, sk.key); +// sk.key = NULL; +// } +// } + +// /* Time signature generation */ +// start = clock(); +// ret_val = SignatureEVP_sign(ctx, &signature, &sk, message, msg_len, encdec, hash); +// end = clock(); +// if (ret_val != 0) { +// printf("SignatureEVP_sign failed at iteration %d with code %d\n", i, ret_val); +// return 2; +// } +// total_sign += (double)(end - start) / CLOCKS_PER_SEC; + +// /* Time signature verification */ +// start = clock(); +// ret_val = SignatureEVP_verify(ctx, &pk, message, msg_len, &signature, encdec, hash); +// end = clock(); +// if (ret_val != 0) { +// printf("SignatureEVP_verify failed at iteration %d with code %d\n", i, ret_val); +// return 3; +// } +// total_verify += (double)(end - start) / CLOCKS_PER_SEC; + +// /* Clean up signature data allocated resources */ +// if (signature.data) { +// free(signature.data); +// signature.data = NULL; +// } +// free(message); + +// /* Clean up allocated resources */ +// if (pk.der.data) { +// free(pk.der.data); +// pk.der.data = NULL; +// } +// if (sk.ctx) { +// ICC_EVP_PKEY_CTX_free(ctx, sk.ctx); +// sk.ctx = NULL; +// } +// if (sk.key) { +// ICC_EVP_PKEY_free(ctx, sk.key); +// sk.key = NULL; +// } +// if (sk.der.data) { +// free(sk.der.data); +// sk.der.data = NULL; +// } +// } + +// printf("\n=== Timing results over %d iterations ===\n", num_iters); +// printf("Average keygen: %.6f sec\n", total_keygen / num_iters); +// printf("Average sign : %.6f sec\n", total_sign / num_iters); +// printf("Average verify: %.6f sec\n", total_verify / num_iters); +// printf("=========================================\n"); + +// return 0; +// } + +double PQC_speed_test_keygen(ICC_CTX *ctx, const char *algname, int num_iters, enum ed encdec) { int i, ret_val; - double total_keygen = 0, total_sign = 0, total_verify = 0; - - for (i = 0; i < num_iters; i++) { - clock_t start, end; - pkbuf pk = { 0 }; /* public key */ - skbuf sk = { 0 }; /* private/secret key */ - sbuf signature = { 0 }; - unsigned char* message = malloc(msg_len); - if (!message) { - printf("Memory allocation failed\n"); - return 99; - } - count_up(message, msg_len); - /* Generate and time the public/private keypair */ - start = clock(); + clock_t start, end; + + start = clock(); + for (i = 0; i < num_iters; i++) + { + pkbuf pk = {0}; + skbuf sk = {0}; ret_val = SignatureEVP_gen(ctx, algname, &pk, &sk, encdec); - end = clock(); - if (ret_val != 0) { + if (ret_val != 0) + { printf("SignatureEVP_gen failed at iteration %d with code %d\n", i, ret_val); return 1; } - total_keygen += (double)(end - start) / CLOCKS_PER_SEC; - - /* get rid of gen context */ - if (sk.ctx) { + /* Clean up allocated resources */ + if (pk.der.data) + free(pk.der.data); + if (sk.ctx) ICC_EVP_PKEY_CTX_free(ctx, sk.ctx); - sk.ctx = NULL; - } - if (encdec & (raw | pkcs8)) { - /* delete ICC key and context so we use private encoding */ - if (sk.key) { - ICC_EVP_PKEY_free(ctx, sk.key); - sk.key = NULL; - } - } + if (sk.key) + ICC_EVP_PKEY_free(ctx, sk.key); + if (sk.der.data) + free(sk.der.data); + } + end = clock(); - /* Time signature generation */ - start = clock(); - ret_val = SignatureEVP_sign(ctx, &signature, &sk, message, msg_len, encdec, hash); - end = clock(); - if (ret_val != 0) { - printf("SignatureEVP_sign failed at iteration %d with code %d\n", i, ret_val); - return 2; - } - total_sign += (double)(end - start) / CLOCKS_PER_SEC; + return (double)(end - start) / CLOCKS_PER_SEC / num_iters; +} - /* Time signature verification */ - start = clock(); - ret_val = SignatureEVP_verify(ctx, &pk, message, msg_len, &signature, encdec, hash); - end = clock(); - if (ret_val != 0) { - printf("SignatureEVP_verify failed at iteration %d with code %d\n", i, ret_val); - return 3; +double PQC_speed_test_sign(ICC_CTX *ctx, const char *algname, const char *hash, size_t msg_len, int num_iters, enum ed encdec) +{ + int i, ret_val; + clock_t start, end; + pkbuf pk = {0}; + skbuf sk = {0}; + sbuf signature = {0}; + unsigned char *message = malloc(msg_len); + if (!message) + return 1; + count_up(message, msg_len); + + ret_val = SignatureEVP_gen(ctx, algname, &pk, &sk, encdec); + if (ret_val != 0) + { + printf("SignatureEVP_gen failed at iteration %d with code %d\n", i, ret_val); + return 1; + } + /* get rid of gen context */ + if (sk.ctx) + { + ICC_EVP_PKEY_CTX_free(ctx, sk.ctx); + sk.ctx = NULL; + } + if (encdec & (raw | pkcs8)) + { + /* delete ICC key and context so we use private encoding */ + if (sk.key) + { + ICC_EVP_PKEY_free(ctx, sk.key); + sk.key = NULL; } - total_verify += (double)(end - start) / CLOCKS_PER_SEC; + } - /* Clean up signature data allocated resources */ - if (signature.data) { + start = clock(); + for (i = 0; i < num_iters; i++) + { + if (signature.data) free(signature.data); - signature.data = NULL; + ret_val = SignatureEVP_sign(ctx, &signature, &sk, message, msg_len, encdec, hash); + if (ret_val != 0) + { + printf("SignatureEVP_sign failed at iteration %d with code %d\n", i, ret_val); + return 1; } + } + end = clock(); + /* Clean up allocated resources */ + if (signature.data) + free(signature.data); + if (message) free(message); + if (pk.der.data) + free(pk.der.data); + if (sk.der.data) + free(sk.der.data); - /* Clean up allocated resources */ - if (pk.der.data) { - free(pk.der.data); - pk.der.data = NULL; - } - if (sk.ctx) { - ICC_EVP_PKEY_CTX_free(ctx, sk.ctx); - sk.ctx = NULL; - } - if (sk.key) { - ICC_EVP_PKEY_free(ctx, sk.key); - sk.key = NULL; - } - if (sk.der.data) { - free(sk.der.data); - sk.der.data = NULL; + return (double)(end - start) / CLOCKS_PER_SEC / num_iters; +} + +double PQC_speed_test_verify(ICC_CTX *ctx, const char *algname, const char *hash, size_t msg_len, int num_iters, enum ed encdec) +{ + int i, ret_val; + clock_t start, end; + pkbuf pk = {0}; + skbuf sk = {0}; + sbuf signature = {0}; + unsigned char *message = malloc(msg_len); + if (!message) + return 1; + count_up(message, msg_len); + + ret_val = SignatureEVP_gen(ctx, algname, &pk, &sk, encdec); + if (ret_val != 0) + return 1; + + ret_val = SignatureEVP_sign(ctx, &signature, &sk, message, msg_len, encdec, hash); + if (ret_val != 0) + return 1; + + start = clock(); + for (i = 0; i < num_iters; i++) + { + ret_val = SignatureEVP_verify(ctx, &pk, message, msg_len, &signature, encdec, hash); + if (ret_val != 0) + { + printf("SignatureEVP_verify failed at iteration %d with code %d\n", i, ret_val); + return 1; } } + end = clock(); + /* Clean up allocated resources */ + free(signature.data); + free(message); + if (pk.der.data) + free(pk.der.data); + if (sk.ctx) + ICC_EVP_PKEY_CTX_free(ctx, sk.ctx); + if (sk.key) + ICC_EVP_PKEY_free(ctx, sk.key); + if (sk.der.data) + free(sk.der.data); - printf("\n=== Timing results over %d iterations ===\n", num_iters); - printf("Average keygen: %.6f sec\n", total_keygen / num_iters); - printf("Average sign : %.6f sec\n", total_sign / num_iters); - printf("Average verify: %.6f sec\n", total_verify / num_iters); - printf("=========================================\n"); - - return 0; + return (double)(end - start) / CLOCKS_PER_SEC / num_iters; } -static -char* algs[] = +void print_speed_results(double keygen_t, double sign_t, double verify_t, int iters) { - "rsaEncryption", - "ML_DSA_44", /* "Dilithium_512",*/ - "ML_DSA_65", /* "Dilithium_768",*/ - "ML_DSA_87", /* "Dilithium_1024",*/ - "SLH_DSA_SHAKE_128s", /* sphincs */ - /* - "SLH_DSA_SHAKE_192s", - "SLH_DSA_SHAKE_256s", - */ - NULL -}; + printf("\n=== Timing results over %d iterations ===\n", iters); + printf("Average keygen: %.6f sec\n", keygen_t); + printf("Average sign : %.6f sec\n", sign_t); + printf("Average verify: %.6f sec\n", verify_t); + printf("========================================\n"); +} + +static char *algs[] = + { + "rsaEncryption", + "ML_DSA_44", /* "Dilithium_512",*/ + "ML_DSA_65", /* "Dilithium_768",*/ + "ML_DSA_87", /* "Dilithium_1024",*/ + "SLH_DSA_SHAKE_128s", /* sphincs */ + /* + "SLH_DSA_SHAKE_192s", + "SLH_DSA_SHAKE_256s", + */ + NULL}; /* Map command line arguments to signature algorithm names */ -static -const char* to_SIGNATURE_ALGNAME(int k) +static const char *to_SIGNATURE_ALGNAME(int k) { /* k is 1 based so adjust for 0 based index */ if (k > sizeof(algs) / sizeof(algs[0])) return NULL; - return algs[k-1]; + return algs[k - 1]; } -static -void fcb(const char* a, int b, int c) +static void fcb(const char *a, int b, int c) { printf("fcb:%s, %d, %d\n", a, b, c); } -static -void tcb(const char* val1, const char* val2) +static void tcb(const char *val1, const char *val2) { printf("Tcb:%s, %s \n", val1, val2); } -static -int OpenSSLError(ICC_CTX* ctx) +static int OpenSSLError(ICC_CTX *ctx) { unsigned long retcode = -1; unsigned max = 5; /* may be more than one error recorded so print them all */ - while (retcode) { + while (retcode) + { retcode = ICC_ERR_get_error(ctx); - if (retcode) { + if (retcode) + { static char buf[4096]; ICC_ERR_error_string(ctx, retcode, buf); printf("OpenSSL error %d [%s]\n", retcode, buf); } /* infinite loop breaker */ - if (max == 0) break; + if (max == 0) + break; max--; } return retcode; @@ -763,64 +995,76 @@ int OpenSSLError(ICC_CTX* ctx) /* Main function to parse arguments and execute signature tests */ int main(int argc, const char *argv[]) { - const char* algname = NULL; - const char* hash = NULL; /*eg, "SHA256"*/ - const char* iccPath = NULL; - bool isFips = false, wantFips = false, verbose = false ; + const char *algname = NULL; + const char *hash = NULL; /*eg, "SHA256"*/ + const char *iccPath = NULL; + bool isFips = false, wantFips = false, verbose = false; bool wantTraceCB = false; /* Trace callback */ - bool wantFipsCB = false; /* FIPS callback */ + bool wantFipsCB = false; /* FIPS callback */ size_t dataSize = 100; enum ed encdec = none; int rv = 0; bool speed_test = false; - + int iterations = 100; /* default iterations for speed test */ /* Parse command-line arguments */ - if(argc > 1) { - const char* arg; + if (argc > 1) + { + const char *arg; int i; - for( i = 1; i < argc; i++) { + for (i = 1; i < argc; i++) + { arg = argv[i]; - if (NULL != strstr(arg, "-?")) { + if (NULL != strstr(arg, "-?")) + { int j; printf("Usage: sigtest [-v] [-fips] [-fcb] [-tcb] [-alg ] [-h ] [-l ] [-ed ] []\n"); printf(" -fips Request FIPS mode ICC\n"); printf(" -fcb Install a FIPS callback routine (prints message 'fcb:...')\n"); printf(" -tcb Install a TRACE callback routine (prints message 'tcb:...')\n"); printf(" -alg Refer following table...\n"); - for ( j = 1; to_SIGNATURE_ALGNAME(j); j++) { + for (j = 1; to_SIGNATURE_ALGNAME(j); j++) + { printf(" %d %s\n", j, to_SIGNATURE_ALGNAME(j)); } printf(" -hash OpenSSL/ICC hash function (e.g. SHA256)\n"); printf(" -ed Key Encoding\n"); return 0; } - else if (NULL != strstr(arg, "-fips")) { + else if (NULL != strstr(arg, "-fips")) + { wantFips = true; } - else if (NULL != strstr(arg, "-fcb")) { + else if (NULL != strstr(arg, "-fcb")) + { wantFipsCB = true; wantFips = true; } - else if (NULL != strstr(arg, "-tcb")) { + else if (NULL != strstr(arg, "-tcb")) + { wantTraceCB = true; } - else if (NULL != strstr(arg, "-h")) { + else if (NULL != strstr(arg, "-h")) + { i++; hash = argv[i]; } - else if (NULL != strstr(arg, "-l")) { + else if (NULL != strstr(arg, "-l")) + { i++; dataSize = atoi(argv[i]); } - else if (NULL != strstr(arg, "-p")) { + else if (NULL != strstr(arg, "-p")) + { i++; iccPath = argv[i]; } - else if (NULL != strstr(arg, "-v")) { + else if (NULL != strstr(arg, "-v")) + { verbose = true; } - else if (NULL != strstr(arg, "-ed")) { + else if (NULL != strstr(arg, "-ed")) + { i++; arg = argv[i]; if (!strcmp(arg, "none")) @@ -833,27 +1077,44 @@ int main(int argc, const char *argv[]) encdec = pkcs8; else if (!strcmp(arg, "pkcs")) encdec = pkcs1 | pkcs8; - else { + else + { printf("%s: bad encoding, try -? to get help\n", arg); return -1; } } - else if (NULL != strstr(arg, "-alg")) { + else if (NULL != strstr(arg, "-alg")) + { i++; algname = argv[i]; } - else if (NULL != strstr(arg, "-speed")) { + else if (NULL != strstr(arg, "-speed")) + { speed_test = true; } - else if (*arg == '-') { + else if (NULL != strstr(arg, "-iterations")) + { + i++; + if (i < argc) + iterations = atoi(argv[i]); + else + { + printf("Missing value after -iterations\n"); + return -1; + } + } + else if (*arg == '-') + { /* another setting - pass it on */ i++; } - else { + else + { int k = 0; k = (int)atoi(arg); algname = to_SIGNATURE_ALGNAME(k); - if (k == 0 || !algname) { + if (k == 0 || !algname) + { printf("%s: bad argument, try -? to get help\n", arg); return -1; } @@ -863,11 +1124,12 @@ int main(int argc, const char *argv[]) { ICC_STATUS status; - ICC_CTX* icc_ctx = NULL; + ICC_CTX *icc_ctx = NULL; /* Initialize ICC context */ icc_ctx = ICC_Init(&status, iccPath); - if (NULL == icc_ctx) { + if (NULL == icc_ctx) + { printf("ICC not initialized, exiting\n"); if (iccPath) printf("icc path was: %s\n", iccPath); @@ -875,9 +1137,10 @@ int main(int argc, const char *argv[]) } /* - * Set FIPS only work before the attach - */ - if (wantFips) { + * Set FIPS only work before the attach + */ + if (wantFips) + { isFips = true; ICC_SetValue(icc_ctx, &status, ICC_FIPS_APPROVED_MODE, wantFips ? "on" : "off"); if (ICC_OK != status.majRC) @@ -889,7 +1152,8 @@ int main(int argc, const char *argv[]) printf("FIPS %s.\n", isFips ? "on" : "off"); /* Attach to ICC */ - if (ICC_ERROR == ICC_Attach(icc_ctx, &status)) { + if (ICC_ERROR == ICC_Attach(icc_ctx, &status)) + { printf("ICC_Attach() failed, exiting\n"); ICC_Cleanup(icc_ctx, &status); exit(1); @@ -897,26 +1161,29 @@ int main(int argc, const char *argv[]) /* check and report the ICC version we found */ { - char iccversion[ICC_VALUESIZE+1]; - if (ICC_ERROR == ICC_GetValue(icc_ctx, &status, ICC_VERSION, (void*)iccversion, ICC_VALUESIZE)) { + char iccversion[ICC_VALUESIZE + 1]; + if (ICC_ERROR == ICC_GetValue(icc_ctx, &status, ICC_VERSION, (void *)iccversion, ICC_VALUESIZE)) + { printf("ICC_GetValue() failed, exiting\n"); ICC_Cleanup(icc_ctx, &status); exit(1); } iccversion[ICC_VALUESIZE] = '\0'; printf("ICC_Version: %s\n", iccversion); - if (strstr(iccversion, "8.6") != NULL) { + if (strstr(iccversion, "8.6") != NULL) + { printf("sigtest: %s\n", "ICC 8.6 not supported"); exit(1); } } /* - * Callbacks only work after the attach - * Also, FIPS callback only works in FIPS mode - */ - if (wantFipsCB) { - typedef void (*CALLBACK_T)(const char*, int, int); + * Callbacks only work after the attach + * Also, FIPS callback only works in FIPS mode + */ + if (wantFipsCB) + { + typedef void (*CALLBACK_T)(const char *, int, int); CALLBACK_T x = fcb; rv = ICC_SetValue(icc_ctx, &status, ICC_FIPS_CALLBACK, &x); @@ -927,10 +1194,11 @@ int main(int argc, const char *argv[]) } } - if (wantTraceCB) { - typedef void (*TRACE_CALLBACK_T)(const char*, const char*); + if (wantTraceCB) + { + typedef void (*TRACE_CALLBACK_T)(const char *, const char *); TRACE_CALLBACK_T x = tcb; - + rv = ICC_SetValue(icc_ctx, &status, ICC_TRACE_CALLBACK, &x); if (ICC_OK != status.majRC) { @@ -938,7 +1206,7 @@ int main(int argc, const char *argv[]) } ICC_GetValue(icc_ctx, &status, ICC_TRACE_CALLBACK, &x, sizeof(TRACE_CALLBACK_T)); } - + #if 0 /* ICC has no DRGB so we can't do KAT on ICC */ { @@ -948,18 +1216,26 @@ int main(int argc, const char *argv[]) } #endif - if (!algname) { + if (!algname) + { /* default */ algname = to_SIGNATURE_ALGNAME(3); /* Dilithium 768 */ - printf("algname = %s\n", algname?algname:"NULL"); + printf("algname = %s\n", algname ? algname : "NULL"); } /* Execute the signature test or speed test if the flag is set */ - if (speed_test) { - rv = PQC_sign_speed_test(icc_ctx, algname, hash, dataSize, 100, encdec); // 100 iterations - } else { + if (speed_test) + { + double t_k = PQC_speed_test_keygen(icc_ctx, algname, iterations, encdec); + double t_s = PQC_speed_test_sign(icc_ctx, algname, hash, dataSize, iterations, encdec); + double t_v = PQC_speed_test_verify(icc_ctx, algname, hash, dataSize, iterations, encdec); + print_speed_results(t_k, t_s, t_v, iterations); + } + else + { rv = PQC_sign_test(icc_ctx, algname, hash, dataSize, verbose, encdec); } - if (rv) { + if (rv) + { OpenSSLError(icc_ctx); printf("%s: Error %d, try -? to get help\n", algname, rv); } From bc3d856505a5f966260d080678ff07843d86be68 Mon Sep 17 00:00:00 2001 From: declan-ebz Date: Wed, 23 Jul 2025 13:04:40 +1000 Subject: [PATCH 3/4] Restructured speed tests into separate functions and added iterations in command args, removal of old function. --- iccpkg/pqc/sigtest.c | 94 -------------------------------------------- 1 file changed, 94 deletions(-) diff --git a/iccpkg/pqc/sigtest.c b/iccpkg/pqc/sigtest.c index 9c966e6..36358b5 100644 --- a/iccpkg/pqc/sigtest.c +++ b/iccpkg/pqc/sigtest.c @@ -698,100 +698,6 @@ int PQC_sign_test(ICC_CTX *ctx, const char *algname, const char *hash, size_t ms return 0; } -// int PQC_sign_speed_test(ICC_CTX* ctx, const char* algname, const char* hash, size_t msg_len, int num_iters, int encdec) -// { -// int i, ret_val; -// double total_keygen = 0, total_sign = 0, total_verify = 0; - -// for (i = 0; i < num_iters; i++) { -// clock_t start, end; -// pkbuf pk = { 0 }; /* public key */ -// skbuf sk = { 0 }; /* private/secret key */ -// sbuf signature = { 0 }; -// unsigned char* message = malloc(msg_len); -// if (!message) { -// printf("Memory allocation failed\n"); -// return 99; -// } -// count_up(message, msg_len); -// /* Generate and time the public/private keypair */ -// start = clock(); -// ret_val = SignatureEVP_gen(ctx, algname, &pk, &sk, encdec); -// end = clock(); -// if (ret_val != 0) { -// printf("SignatureEVP_gen failed at iteration %d with code %d\n", i, ret_val); -// return 1; -// } -// total_keygen += (double)(end - start) / CLOCKS_PER_SEC; - -// /* get rid of gen context */ -// if (sk.ctx) { -// ICC_EVP_PKEY_CTX_free(ctx, sk.ctx); -// sk.ctx = NULL; -// } -// if (encdec & (raw | pkcs8)) { -// /* delete ICC key and context so we use private encoding */ -// if (sk.key) { -// ICC_EVP_PKEY_free(ctx, sk.key); -// sk.key = NULL; -// } -// } - -// /* Time signature generation */ -// start = clock(); -// ret_val = SignatureEVP_sign(ctx, &signature, &sk, message, msg_len, encdec, hash); -// end = clock(); -// if (ret_val != 0) { -// printf("SignatureEVP_sign failed at iteration %d with code %d\n", i, ret_val); -// return 2; -// } -// total_sign += (double)(end - start) / CLOCKS_PER_SEC; - -// /* Time signature verification */ -// start = clock(); -// ret_val = SignatureEVP_verify(ctx, &pk, message, msg_len, &signature, encdec, hash); -// end = clock(); -// if (ret_val != 0) { -// printf("SignatureEVP_verify failed at iteration %d with code %d\n", i, ret_val); -// return 3; -// } -// total_verify += (double)(end - start) / CLOCKS_PER_SEC; - -// /* Clean up signature data allocated resources */ -// if (signature.data) { -// free(signature.data); -// signature.data = NULL; -// } -// free(message); - -// /* Clean up allocated resources */ -// if (pk.der.data) { -// free(pk.der.data); -// pk.der.data = NULL; -// } -// if (sk.ctx) { -// ICC_EVP_PKEY_CTX_free(ctx, sk.ctx); -// sk.ctx = NULL; -// } -// if (sk.key) { -// ICC_EVP_PKEY_free(ctx, sk.key); -// sk.key = NULL; -// } -// if (sk.der.data) { -// free(sk.der.data); -// sk.der.data = NULL; -// } -// } - -// printf("\n=== Timing results over %d iterations ===\n", num_iters); -// printf("Average keygen: %.6f sec\n", total_keygen / num_iters); -// printf("Average sign : %.6f sec\n", total_sign / num_iters); -// printf("Average verify: %.6f sec\n", total_verify / num_iters); -// printf("=========================================\n"); - -// return 0; -// } - double PQC_speed_test_keygen(ICC_CTX *ctx, const char *algname, int num_iters, enum ed encdec) { int i, ret_val; From d5c071df415fcaf9a6c00592c1227fa7c0ee14d2 Mon Sep 17 00:00:00 2001 From: declan-ebz Date: Fri, 25 Jul 2025 14:53:09 +1000 Subject: [PATCH 4/4] Restored code to before formatting changes. --- iccpkg/pqc/sigtest.c | 548 +++++++++++++++++-------------------------- 1 file changed, 218 insertions(+), 330 deletions(-) diff --git a/iccpkg/pqc/sigtest.c b/iccpkg/pqc/sigtest.c index 36358b5..65be3ed 100644 --- a/iccpkg/pqc/sigtest.c +++ b/iccpkg/pqc/sigtest.c @@ -4,9 +4,9 @@ this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution. */ - -/* - sigtest.c + + /* + sigtest.c */ #include #include @@ -19,31 +19,26 @@ #else #define bool int #define false 0 -#define true 1 +#define true 1 #endif #if defined(_WIN32) -#include +# include #else -#include +# include #endif -#include "icc.h" +# include "icc.h" /* We want to use PKCS1 and PKCS8 encodings for i2d/d2i */ /* these are all independent bits that can be combined */ /* public is pkcs1 or binary (default) */ /* private is none, raw or pkcs8 */ -enum ed -{ - none = 0, - raw = 1, - pkcs1 = 2, - pkcs8 = 4 -}; +enum ed { none = 0, raw = 1, pkcs1 = 2, pkcs8 = 4 }; /* Helper function to print byte arrays in hexadecimal */ -static void fprintBstr(FILE *fp, const char *S, const unsigned char *A, size_t L) +static +void fprintBstr(FILE* fp, const char* S, const unsigned char* A, size_t L) { size_t i; @@ -58,38 +53,36 @@ static void fprintBstr(FILE *fp, const char *S, const unsigned char *A, size_t L fprintf(fp, "\n"); } -static void -count_up(unsigned char *b, size_t n) +static +void +count_up(unsigned char* b, size_t n) { size_t i; - for (i = 0; i < n; i++) - { + for (i = 0; i < n; i++) { b[i] = (unsigned char)i; } } + /* Key buffer definitions */ -struct kbuf_s -{ - unsigned char *data; +struct kbuf_s { + unsigned char* data; size_t len; }; typedef struct kbuf_s kbuf; /* Public key - encoded */ -struct pkbuf_s -{ +struct pkbuf_s { int nid; /* ICC key id */ kbuf der; }; typedef struct pkbuf_s pkbuf; /* Private key - holds context */ -struct skbuf_s -{ - ICC_EVP_PKEY_CTX *ctx; /* ICC context for the key */ - ICC_EVP_PKEY *key; /* the key */ - int nid; /* ICC key id */ +struct skbuf_s { + ICC_EVP_PKEY_CTX* ctx; /* ICC context for the key */ + ICC_EVP_PKEY* key; /* the key */ + int nid; /* ICC key id */ kbuf der; }; typedef struct skbuf_s skbuf; @@ -99,47 +92,40 @@ typedef kbuf sbuf; /* Generate signature key pair - return 0 for success */ -int SignatureEVP_gen(ICC_CTX *ctx, const char *nm, pkbuf *p_pkc, skbuf *p_skc, enum ed encdec) +int +SignatureEVP_gen(ICC_CTX* ctx, const char* nm, pkbuf* p_pkc, skbuf* p_skc, enum ed encdec) { - ICC_EVP_PKEY_CTX *evp_sp; /* key context */ - ICC_EVP_PKEY *pa = NULL; /* key pair */ + ICC_EVP_PKEY_CTX* evp_sp; /* key context */ + ICC_EVP_PKEY* pa = NULL; /* key pair */ int rv = ICC_OSSL_SUCCESS; const int nid = ICC_OBJ_txt2nid(ctx, nm); - if (!nid) - { + if (!nid) { return 1; /* Unsupported algorithm */ } evp_sp = ICC_EVP_PKEY_CTX_new_id(ctx, nid, NULL); - if (!evp_sp) - { + if (!evp_sp) { /* try newer API */ evp_sp = ICC_EVP_PKEY_CTX_new_from_name(ctx, NULL, nm, NULL); - if (!evp_sp) - { + if (!evp_sp) { return 2; /* Failed to create key context */ } } rv = ICC_EVP_PKEY_keygen_init(ctx, evp_sp); - if (rv != ICC_OSSL_SUCCESS) - { - if (evp_sp) - { + if (rv != ICC_OSSL_SUCCESS) { + if (evp_sp) { ICC_EVP_PKEY_CTX_free(ctx, evp_sp); } return 3; /* Keygen initialization failed */ } rv = ICC_EVP_PKEY_keygen(ctx, evp_sp, &pa); - if (rv != ICC_OSSL_SUCCESS) - { - if (evp_sp) - { + if (rv != ICC_OSSL_SUCCESS) { + if (evp_sp) { ICC_EVP_PKEY_CTX_free(ctx, evp_sp); } - if (pa) - { + if (pa) { ICC_EVP_PKEY_free(ctx, pa); } return 4; /* Key generation failed */ @@ -152,34 +138,29 @@ int SignatureEVP_gen(ICC_CTX *ctx, const char *nm, pkbuf *p_pkc, skbuf *p_skc, e /* encode (always) */ { int len; - unsigned char *pp = NULL; - if (encdec & pkcs1) - { + unsigned char* pp = NULL; + if (encdec & pkcs1) { /* PKCS1 */ /* this variant encodes the OID for the key type rather than a raw encoding */ len = ICC_i2d_PUBKEY(ctx, pa, NULL); - if (len <= 0) - { + if (len <= 0) { return 5; } p_pkc->der.len = len; pp = p_pkc->der.data = malloc(len); rv = ICC_i2d_PUBKEY(ctx, pa, &pp); } - else - { + else { /* binary */ len = ICC_i2d_PublicKey(ctx, pa, NULL); - if (len <= 0) - { + if (len <= 0) { return 5; /* Invalid public key length */ } p_pkc->der.len = len; pp = p_pkc->der.data = malloc(len); rv = ICC_i2d_PublicKey(ctx, pa, &pp); } - if (rv <= 0) - { + if (rv <= 0) { return 6; /* Failed to encode public key */ } } @@ -192,31 +173,26 @@ int SignatureEVP_gen(ICC_CTX *ctx, const char *nm, pkbuf *p_pkc, skbuf *p_skc, e { int len; - unsigned char *pp = NULL; - if (encdec & pkcs8) - { - ICC_PKCS8_PRIV_KEY_INFO *p8 = ICC_EVP_PKEY2PKCS8(ctx, pa); - if (!p8) - { + unsigned char* pp = NULL; + if (encdec & pkcs8) { + ICC_PKCS8_PRIV_KEY_INFO* p8 = ICC_EVP_PKEY2PKCS8(ctx, pa); + if (!p8) { return 11; } len = ICC_i2d_PKCS8_PRIV_KEY_INFO(ctx, p8, NULL); p_skc->der.len = len; pp = p_skc->der.data = malloc(len); rv = ICC_i2d_PKCS8_PRIV_KEY_INFO(ctx, p8, &pp); - if (rv <= 0) - { + if (rv <= 0) { return 7; /* Failed to encode private key */ } } - else if (encdec & raw) - { + else if (encdec & raw) { len = ICC_i2d_PrivateKey(ctx, pa, NULL); p_skc->der.len = len; pp = p_skc->der.data = malloc(len); rv = ICC_i2d_PrivateKey(ctx, pa, &pp); - if (rv <= 0) - { + if (rv <= 0) { return 7; /* Failed to encode private key */ } } @@ -229,31 +205,27 @@ int SignatureEVP_gen(ICC_CTX *ctx, const char *nm, pkbuf *p_pkc, skbuf *p_skc, e /* reconstruct keys from encoding */ { int len; - ICC_EVP_PKEY *npa = NULL; /* For decoded key */ - const unsigned char *pp = NULL; + ICC_EVP_PKEY* npa = NULL; /* For decoded key */ + const unsigned char* pp = NULL; /* public */ pp = p_pkc->der.data; len = (int)p_pkc->der.len; - if (encdec & pkcs1) - { + if (encdec & pkcs1) { /* reconstruct key from encoding */ npa = ICC_d2i_PUBKEY(ctx, &npa, &pp, len); } - else - { + else { /* Reconstruct public key from encoding and type */ npa = ICC_d2i_PublicKey(ctx, p_pkc->nid, &npa, &pp, len); } - if (!npa) - { + if (!npa) { return 1; /* Failed to reconstruct public key */ } - if (1 != ICC_EVP_PKEY_cmp(ctx, pa, npa)) - { /*compare pubkey and decoded key */ + if (1 != ICC_EVP_PKEY_cmp(ctx, pa, npa)) { /*compare pubkey and decoded key */ printf("warning - public key encode/decode missmatch\n"); - /* return 20; */ + /* return 20; */ } ICC_EVP_PKEY_free(ctx, npa); npa = NULL; @@ -261,41 +233,33 @@ int SignatureEVP_gen(ICC_CTX *ctx, const char *nm, pkbuf *p_pkc, skbuf *p_skc, e /* private */ pp = p_skc->der.data; len = (int)p_skc->der.len; - if (encdec & pkcs8) - { - ICC_PKCS8_PRIV_KEY_INFO *p8 = NULL; + if (encdec & pkcs8) { + ICC_PKCS8_PRIV_KEY_INFO* p8 = NULL; p8 = ICC_d2i_PKCS8_PRIV_KEY_INFO(ctx, NULL, &pp, len); - if (!p8) - { + if (!p8) { return 11; } npa = ICC_EVP_PKCS82PKEY(ctx, p8); ICC_PKCS8_PRIV_KEY_INFO_free(ctx, p8); - if (!npa) - { + if (!npa) { return 9; } } - else if (encdec & raw) - { + else if (encdec & raw) { npa = ICC_d2i_PrivateKey(ctx, p_skc->nid, &npa, &pp, len); - if (!npa) - { + if (!npa) { return 9; } } - if (npa) - { + if(npa) { size_t keylen = ICC_EVP_PKEY_size(ctx, pa); size_t kl = ICC_EVP_PKEY_size(ctx, npa); - if (keylen == 0 || kl != keylen) - { + if (keylen == 0 || kl != keylen) { printf("warning - key size missmatch %d != %d\n", (int)keylen, (int)kl); return 22; } - if (1 != ICC_EVP_PKEY_cmp(ctx, pa, npa)) - { + if (1 != ICC_EVP_PKEY_cmp(ctx, pa, npa)) { printf("warning - private key encode/decode missmatch\n"); /* return 21; */ } @@ -309,135 +273,114 @@ int SignatureEVP_gen(ICC_CTX *ctx, const char *nm, pkbuf *p_pkc, skbuf *p_skc, e /* Sign a message - return 0 for success, non-zero otherwise */ -int SignatureEVP_sign(ICC_CTX *ctx, sbuf *sig, const skbuf *p_skc, const unsigned char *msg, size_t msg_len, enum ed encdec, const char *hash) +int +SignatureEVP_sign(ICC_CTX* ctx, sbuf* sig, const skbuf* p_skc, const unsigned char* msg, size_t msg_len, enum ed encdec, const char* hash) { int rc; size_t siglen = 0; - unsigned char *signature; + unsigned char* signature; - ICC_EVP_PKEY *skey = p_skc->key; - if (!skey) - { + ICC_EVP_PKEY* skey = p_skc->key; + if (!skey) { /* reconstruct key from encoding */ - const unsigned char *pp = p_skc->der.data; - if (encdec & pkcs8) - { - ICC_PKCS8_PRIV_KEY_INFO *p8 = NULL; + const unsigned char* pp = p_skc->der.data; + if (encdec & pkcs8) { + ICC_PKCS8_PRIV_KEY_INFO* p8 = NULL; p8 = ICC_d2i_PKCS8_PRIV_KEY_INFO(ctx, NULL, &pp, (long)p_skc->der.len); - if (!p8) - { + if (!p8) { return 11; } skey = ICC_EVP_PKCS82PKEY(ctx, p8); ICC_PKCS8_PRIV_KEY_INFO_free(ctx, p8); } - else - { + else { skey = ICC_d2i_PrivateKey(ctx, p_skc->nid, &skey, &pp, (long)p_skc->der.len); } - if (!skey) - { + if (!skey) { return 9; } } /* - * May need to hash if sign alg is limited in size. - * Note that PQC hash internally so no hashing reqired. - */ - if (!hash) - { - ICC_EVP_PKEY_CTX *skc = p_skc->ctx; /* Private key context */ + * May need to hash if sign alg is limited in size. + * Note that PQC hash internally so no hashing reqired. + */ + if (!hash) { + ICC_EVP_PKEY_CTX* skc = p_skc->ctx; /* Private key context */ - if (!skc) - { + if (!skc) { /* create context from key */ skc = ICC_EVP_PKEY_CTX_new(ctx, skey, NULL); - if (!skc) - { + if (!skc) { return 10; /* no context */ } } rc = ICC_EVP_PKEY_sign_init(ctx, skc); - if (rc != ICC_OSSL_SUCCESS) - { + if (rc != ICC_OSSL_SUCCESS) { return 1; /* Sign initialization failed */ } rc = ICC_EVP_PKEY_sign(ctx, skc, NULL, &siglen, msg, msg_len); - if (rc != ICC_OSSL_SUCCESS) - { + if (rc != ICC_OSSL_SUCCESS) { return 2; /* Failed to get signature length */ } signature = malloc(siglen); - if (!signature) - { + if (!signature) { return 3; /* Memory allocation failed */ } rc = ICC_EVP_PKEY_sign(ctx, skc, signature, &siglen, msg, msg_len); - if (rc != ICC_OSSL_SUCCESS) - { + if (rc != ICC_OSSL_SUCCESS) { free(signature); return 4; /* Signing failed */ } - if (!p_skc->ctx) - { + if (!p_skc->ctx) { /* free temp ctx */ ICC_EVP_PKEY_CTX_free(ctx, skc); } } - else - { + else { /* need to hash / sign */ unsigned int slen; - ICC_EVP_MD_CTX *md = NULL; + ICC_EVP_MD_CTX* md = NULL; md = ICC_EVP_MD_CTX_new(ctx); ICC_EVP_MD_CTX_init(ctx, md); { - const ICC_EVP_MD *mdt = NULL; /* does not need to be freed */ + const ICC_EVP_MD* mdt = NULL; /* does not need to be freed */ mdt = ICC_EVP_get_digestbyname(ctx, hash); rc = ICC_EVP_SignInit(ctx, md, mdt); - if (rc != ICC_OSSL_SUCCESS) - { + if (rc != ICC_OSSL_SUCCESS) { return 5; } } rc = ICC_EVP_SignUpdate(ctx, md, msg, (unsigned int)msg_len); - if (rc != ICC_OSSL_SUCCESS) - { + if (rc != ICC_OSSL_SUCCESS) { return 6; } rc = ICC_EVP_SignFinal(ctx, md, NULL, &slen, skey); - if (rc != ICC_OSSL_SUCCESS) - { - if (!p_skc->key) - { + if (rc != ICC_OSSL_SUCCESS) { + if (!p_skc->key) { /* clean up temporary */ ICC_EVP_PKEY_free(ctx, skey); } return 7; } signature = malloc(slen); - if (!signature) - { - if (!p_skc->key) - { + if (!signature) { + if (!p_skc->key) { /* clean up temporary */ ICC_EVP_PKEY_free(ctx, skey); } return 3; /* Memory allocation failed */ } rc = ICC_EVP_SignFinal(ctx, md, signature, &slen, skey); - if (rc != ICC_OSSL_SUCCESS) - { + if (rc != ICC_OSSL_SUCCESS) { free(signature); - if (!p_skc->key) - { + if (!p_skc->key) { /* clean up temporary */ ICC_EVP_PKEY_free(ctx, skey); } @@ -451,8 +394,7 @@ int SignatureEVP_sign(ICC_CTX *ctx, sbuf *sig, const skbuf *p_skc, const unsigne sig->data = signature; sig->len = siglen; - if (!p_skc->key) - { + if (!p_skc->key) { /* clean up temporary */ ICC_EVP_PKEY_free(ctx, skey); } @@ -461,51 +403,45 @@ int SignatureEVP_sign(ICC_CTX *ctx, sbuf *sig, const skbuf *p_skc, const unsigne } /* Verify a signature - return 0 for success, non-zero for failure */ -int SignatureEVP_verify(ICC_CTX *ctx, const pkbuf *p_pkc, const unsigned char *msg, size_t msg_len, const sbuf *sig, enum ed encdec, const char *hash) +int +SignatureEVP_verify(ICC_CTX* ctx, const pkbuf* p_pkc, const unsigned char* msg, size_t msg_len, const sbuf* sig, enum ed encdec, const char* hash) { int rc = -1; - ICC_EVP_PKEY *pa = NULL; - ICC_EVP_PKEY_CTX *evp_pk = NULL; + ICC_EVP_PKEY* pa = NULL; + ICC_EVP_PKEY_CTX* evp_pk = NULL; /* public key */ { - const unsigned char *pp = p_pkc->der.data; + const unsigned char* pp = p_pkc->der.data; long len = (long)p_pkc->der.len; - if (encdec & pkcs1) - { + if (encdec & pkcs1) { /* reconstruct key from encoding */ pa = ICC_d2i_PUBKEY(ctx, &pa, &pp, (long)len); } - else - { + else { /* Reconstruct public key from encoding and type */ pa = ICC_d2i_PublicKey(ctx, p_pkc->nid, &pa, &pp, len); } - if (!pa) - { + if (!pa) { return 1; /* Failed to reconstruct public key */ } } /* EVP context */ evp_pk = ICC_EVP_PKEY_CTX_new(ctx, pa, NULL); - if (!evp_pk) - { + if (!evp_pk) { /* try new API */ evp_pk = ICC_EVP_PKEY_CTX_new_from_pkey(ctx, NULL, pa, NULL); - if (!evp_pk) - { + if (!evp_pk) { ICC_EVP_PKEY_free(ctx, pa); return 2; /* Failed to create public key context */ } } - if (!hash) - { + if (!hash) { rc = ICC_EVP_PKEY_verify_init(ctx, evp_pk); - if (rc != ICC_OSSL_SUCCESS) - { + if (rc != ICC_OSSL_SUCCESS) { ICC_EVP_PKEY_free(ctx, pa); ICC_EVP_PKEY_CTX_free(ctx, evp_pk); return 3; /* Verification initialization failed */ @@ -513,19 +449,17 @@ int SignatureEVP_verify(ICC_CTX *ctx, const pkbuf *p_pkc, const unsigned char *m rc = ICC_EVP_PKEY_verify(ctx, evp_pk, sig->data, sig->len, msg, msg_len); } - else - { + else { /* need to hash / verify */ - - ICC_EVP_MD_CTX *md = NULL; + + ICC_EVP_MD_CTX* md = NULL; md = ICC_EVP_MD_CTX_new(ctx); ICC_EVP_MD_CTX_init(ctx, md); { - const ICC_EVP_MD *mdt = NULL; /* does not need to be freed */ + const ICC_EVP_MD* mdt = NULL; /* does not need to be freed */ mdt = ICC_EVP_get_digestbyname(ctx, hash); rc = ICC_EVP_VerifyInit(ctx, md, mdt); - if (rc != ICC_OSSL_SUCCESS) - { + if (rc != ICC_OSSL_SUCCESS) { ICC_EVP_MD_CTX_free(ctx, md); ICC_EVP_PKEY_free(ctx, pa); ICC_EVP_PKEY_CTX_free(ctx, evp_pk); @@ -533,8 +467,7 @@ int SignatureEVP_verify(ICC_CTX *ctx, const pkbuf *p_pkc, const unsigned char *m } } rc = ICC_EVP_VerifyUpdate(ctx, md, msg, (unsigned int)msg_len); - if (rc != ICC_OSSL_SUCCESS) - { + if (rc != ICC_OSSL_SUCCESS) { ICC_EVP_MD_CTX_free(ctx, md); ICC_EVP_PKEY_free(ctx, pa); ICC_EVP_PKEY_CTX_free(ctx, evp_pk); @@ -548,14 +481,12 @@ int SignatureEVP_verify(ICC_CTX *ctx, const pkbuf *p_pkc, const unsigned char *m /* clean up */ ICC_EVP_PKEY_free(ctx, pa); ICC_EVP_PKEY_CTX_free(ctx, evp_pk); - + /* final status check of the verification call */ - if (rc < 0) - { + if (rc < 0) { return 4; /* Verification error */ } - if (rc == 0) - { + if (rc == 0) { return 5; /* Verification failed */ } @@ -563,37 +494,33 @@ int SignatureEVP_verify(ICC_CTX *ctx, const pkbuf *p_pkc, const unsigned char *m } /* Signature test function - generates keys, signs a message, and verifies the signature */ -int PQC_sign_test(ICC_CTX *ctx, const char *algname, const char *hash, size_t msg_len, int verbose, int encdec) +int +PQC_sign_test(ICC_CTX* ctx, const char* algname, const char* hash, size_t msg_len, int verbose, int encdec) { - FILE *fp_rsp = stdout; + FILE* fp_rsp = stdout; int ret_val; - pkbuf pk = {0}; /* public key */ - skbuf sk = {0}; /* private/secret key */ + pkbuf pk = { 0 }; /* public key */ + skbuf sk = { 0 }; /* private/secret key */ - if (verbose) - { + if (verbose) { printf("Algorithm : %s\n", algname); - printf("Hash : %s\n", hash ? hash : "NULL"); + printf("Hash : %s\n", hash? hash:"NULL"); printf("Data length : %u\n", (unsigned)msg_len); } { /* Generate the public/private keypair */ - if (verbose) - { + if (verbose) { printf("keygen\t"); } - if ((ret_val = SignatureEVP_gen(ctx, algname, &pk, &sk, encdec)) != 0) - { + if ((ret_val = SignatureEVP_gen(ctx, algname, &pk, &sk, encdec)) != 0) { printf("Error: SignatureEVP_gen(ctx, %s, &pk, &sk, %d) returned <%d>\n", algname, encdec, ret_val); return 1; } - if (verbose) - { + if (verbose) { fprintBstr(fp_rsp, "pk = ", pk.der.data, pk.der.len); - if (encdec & (raw | pkcs8)) - { + if (encdec & (raw | pkcs8)) { fprintBstr(fp_rsp, "sk = ", sk.der.data, sk.der.len); } } @@ -602,24 +529,20 @@ int PQC_sign_test(ICC_CTX *ctx, const char *algname, const char *hash, size_t ms { int keylen = 0; keylen = ICC_EVP_PKEY_size(ctx, sk.key); - if (verbose) - { + if (verbose) { fprintf(fp_rsp, "key size = %d", keylen); } } /* get rid of gen context */ - if (sk.ctx) - { + if (sk.ctx) { ICC_EVP_PKEY_CTX_free(ctx, sk.ctx); sk.ctx = NULL; } - if (encdec & (raw | pkcs8)) - { + if (encdec & (raw|pkcs8)) { /* delete ICC key and context so we use private encoding */ - if (sk.key) - { + if (sk.key) { ICC_EVP_PKEY_free(ctx, sk.key); sk.key = NULL; } @@ -627,46 +550,38 @@ int PQC_sign_test(ICC_CTX *ctx, const char *algname, const char *hash, size_t ms { sbuf signature; - unsigned char *message = malloc(msg_len); - if (message) - { + unsigned char* message = malloc(msg_len); + if (message) { count_up(message, msg_len); } - if (verbose) - { + if (verbose) { printf("sign\t"); } - if ((ret_val = SignatureEVP_sign(ctx, &signature, &sk, message, msg_len, encdec, hash)) != 0) - { + if ((ret_val = SignatureEVP_sign(ctx, &signature, &sk, message, msg_len, encdec, hash)) != 0) { printf("SignatureEVP_sign returned <%d>\n", ret_val); return 2; } - if (verbose) - { + if (verbose) { fprintBstr(fp_rsp, "signature = ", signature.data, signature.len); } fprintf(fp_rsp, "\n"); - if (verbose) - { + if (verbose) { printf("verify\t"); } { ret_val = SignatureEVP_verify(ctx, &pk, message, msg_len, &signature, encdec, hash); - if (ret_val != 0) - { + if (ret_val != 0) { printf("SignatureEVP_verify failed with code <%d>\n", ret_val); return 3; } - else - { + else { if (verbose) printf("Signature verification succeeded.\n"); } } - if (signature.data) - { + if (signature.data) { free(signature.data); signature.data = NULL; } @@ -674,23 +589,19 @@ int PQC_sign_test(ICC_CTX *ctx, const char *algname, const char *hash, size_t ms } /* Clean up allocated resources */ - if (pk.der.data) - { + if (pk.der.data) { free(pk.der.data); pk.der.data = NULL; } - if (sk.ctx) - { + if (sk.ctx) { ICC_EVP_PKEY_CTX_free(ctx, sk.ctx); sk.ctx = NULL; } - if (sk.key) - { + if (sk.key) { ICC_EVP_PKEY_free(ctx, sk.key); sk.key = NULL; } - if (sk.der.data) - { + if (sk.der.data) { free(sk.der.data); sk.der.data = NULL; } @@ -844,55 +755,58 @@ void print_speed_results(double keygen_t, double sign_t, double verify_t, int it printf("========================================\n"); } -static char *algs[] = - { - "rsaEncryption", - "ML_DSA_44", /* "Dilithium_512",*/ - "ML_DSA_65", /* "Dilithium_768",*/ - "ML_DSA_87", /* "Dilithium_1024",*/ - "SLH_DSA_SHAKE_128s", /* sphincs */ - /* - "SLH_DSA_SHAKE_192s", - "SLH_DSA_SHAKE_256s", - */ - NULL}; +static +char* algs[] = +{ + "rsaEncryption", + "ML_DSA_44", /* "Dilithium_512",*/ + "ML_DSA_65", /* "Dilithium_768",*/ + "ML_DSA_87", /* "Dilithium_1024",*/ + "SLH_DSA_SHAKE_128s", /* sphincs */ + /* + "SLH_DSA_SHAKE_192s", + "SLH_DSA_SHAKE_256s", + */ + NULL +}; /* Map command line arguments to signature algorithm names */ -static const char *to_SIGNATURE_ALGNAME(int k) +static +const char* to_SIGNATURE_ALGNAME(int k) { /* k is 1 based so adjust for 0 based index */ if (k > sizeof(algs) / sizeof(algs[0])) return NULL; - return algs[k - 1]; + return algs[k-1]; } -static void fcb(const char *a, int b, int c) +static +void fcb(const char* a, int b, int c) { printf("fcb:%s, %d, %d\n", a, b, c); } -static void tcb(const char *val1, const char *val2) +static +void tcb(const char* val1, const char* val2) { printf("Tcb:%s, %s \n", val1, val2); } -static int OpenSSLError(ICC_CTX *ctx) +static +int OpenSSLError(ICC_CTX* ctx) { unsigned long retcode = -1; unsigned max = 5; /* may be more than one error recorded so print them all */ - while (retcode) - { + while (retcode) { retcode = ICC_ERR_get_error(ctx); - if (retcode) - { + if (retcode) { static char buf[4096]; ICC_ERR_error_string(ctx, retcode, buf); printf("OpenSSL error %d [%s]\n", retcode, buf); } /* infinite loop breaker */ - if (max == 0) - break; + if (max == 0) break; max--; } return retcode; @@ -901,12 +815,12 @@ static int OpenSSLError(ICC_CTX *ctx) /* Main function to parse arguments and execute signature tests */ int main(int argc, const char *argv[]) { - const char *algname = NULL; - const char *hash = NULL; /*eg, "SHA256"*/ - const char *iccPath = NULL; - bool isFips = false, wantFips = false, verbose = false; + const char* algname = NULL; + const char* hash = NULL; /*eg, "SHA256"*/ + const char* iccPath = NULL; + bool isFips = false, wantFips = false, verbose = false ; bool wantTraceCB = false; /* Trace callback */ - bool wantFipsCB = false; /* FIPS callback */ + bool wantFipsCB = false; /* FIPS callback */ size_t dataSize = 100; enum ed encdec = none; int rv = 0; @@ -914,63 +828,51 @@ int main(int argc, const char *argv[]) int iterations = 100; /* default iterations for speed test */ /* Parse command-line arguments */ - if (argc > 1) - { - const char *arg; + if(argc > 1) { + const char* arg; int i; - for (i = 1; i < argc; i++) - { + for( i = 1; i < argc; i++) { arg = argv[i]; - if (NULL != strstr(arg, "-?")) - { + if (NULL != strstr(arg, "-?")) { int j; printf("Usage: sigtest [-v] [-fips] [-fcb] [-tcb] [-alg ] [-h ] [-l ] [-ed ] []\n"); printf(" -fips Request FIPS mode ICC\n"); printf(" -fcb Install a FIPS callback routine (prints message 'fcb:...')\n"); printf(" -tcb Install a TRACE callback routine (prints message 'tcb:...')\n"); printf(" -alg Refer following table...\n"); - for (j = 1; to_SIGNATURE_ALGNAME(j); j++) - { + for ( j = 1; to_SIGNATURE_ALGNAME(j); j++) { printf(" %d %s\n", j, to_SIGNATURE_ALGNAME(j)); } printf(" -hash OpenSSL/ICC hash function (e.g. SHA256)\n"); printf(" -ed Key Encoding\n"); return 0; } - else if (NULL != strstr(arg, "-fips")) - { + else if (NULL != strstr(arg, "-fips")) { wantFips = true; } - else if (NULL != strstr(arg, "-fcb")) - { + else if (NULL != strstr(arg, "-fcb")) { wantFipsCB = true; wantFips = true; } - else if (NULL != strstr(arg, "-tcb")) - { + else if (NULL != strstr(arg, "-tcb")) { wantTraceCB = true; } - else if (NULL != strstr(arg, "-h")) - { + else if (NULL != strstr(arg, "-h")) { i++; hash = argv[i]; } - else if (NULL != strstr(arg, "-l")) - { + else if (NULL != strstr(arg, "-l")) { i++; dataSize = atoi(argv[i]); } - else if (NULL != strstr(arg, "-p")) - { + else if (NULL != strstr(arg, "-p")) { i++; iccPath = argv[i]; } - else if (NULL != strstr(arg, "-v")) - { + else if (NULL != strstr(arg, "-v")) { verbose = true; } - else if (NULL != strstr(arg, "-ed")) - { + else if (NULL != strstr(arg, "-ed")) { i++; arg = argv[i]; if (!strcmp(arg, "none")) @@ -983,14 +885,12 @@ int main(int argc, const char *argv[]) encdec = pkcs8; else if (!strcmp(arg, "pkcs")) encdec = pkcs1 | pkcs8; - else - { + else { printf("%s: bad encoding, try -? to get help\n", arg); return -1; } } - else if (NULL != strstr(arg, "-alg")) - { + else if (NULL != strstr(arg, "-alg")) { i++; algname = argv[i]; } @@ -1009,18 +909,15 @@ int main(int argc, const char *argv[]) return -1; } } - else if (*arg == '-') - { + else if (*arg == '-') { /* another setting - pass it on */ i++; } - else - { + else { int k = 0; k = (int)atoi(arg); algname = to_SIGNATURE_ALGNAME(k); - if (k == 0 || !algname) - { + if (k == 0 || !algname) { printf("%s: bad argument, try -? to get help\n", arg); return -1; } @@ -1030,12 +927,11 @@ int main(int argc, const char *argv[]) { ICC_STATUS status; - ICC_CTX *icc_ctx = NULL; + ICC_CTX* icc_ctx = NULL; /* Initialize ICC context */ icc_ctx = ICC_Init(&status, iccPath); - if (NULL == icc_ctx) - { + if (NULL == icc_ctx) { printf("ICC not initialized, exiting\n"); if (iccPath) printf("icc path was: %s\n", iccPath); @@ -1043,10 +939,9 @@ int main(int argc, const char *argv[]) } /* - * Set FIPS only work before the attach - */ - if (wantFips) - { + * Set FIPS only work before the attach + */ + if (wantFips) { isFips = true; ICC_SetValue(icc_ctx, &status, ICC_FIPS_APPROVED_MODE, wantFips ? "on" : "off"); if (ICC_OK != status.majRC) @@ -1058,8 +953,7 @@ int main(int argc, const char *argv[]) printf("FIPS %s.\n", isFips ? "on" : "off"); /* Attach to ICC */ - if (ICC_ERROR == ICC_Attach(icc_ctx, &status)) - { + if (ICC_ERROR == ICC_Attach(icc_ctx, &status)) { printf("ICC_Attach() failed, exiting\n"); ICC_Cleanup(icc_ctx, &status); exit(1); @@ -1067,29 +961,26 @@ int main(int argc, const char *argv[]) /* check and report the ICC version we found */ { - char iccversion[ICC_VALUESIZE + 1]; - if (ICC_ERROR == ICC_GetValue(icc_ctx, &status, ICC_VERSION, (void *)iccversion, ICC_VALUESIZE)) - { + char iccversion[ICC_VALUESIZE+1]; + if (ICC_ERROR == ICC_GetValue(icc_ctx, &status, ICC_VERSION, (void*)iccversion, ICC_VALUESIZE)) { printf("ICC_GetValue() failed, exiting\n"); ICC_Cleanup(icc_ctx, &status); exit(1); } iccversion[ICC_VALUESIZE] = '\0'; printf("ICC_Version: %s\n", iccversion); - if (strstr(iccversion, "8.6") != NULL) - { + if (strstr(iccversion, "8.6") != NULL) { printf("sigtest: %s\n", "ICC 8.6 not supported"); exit(1); } } /* - * Callbacks only work after the attach - * Also, FIPS callback only works in FIPS mode - */ - if (wantFipsCB) - { - typedef void (*CALLBACK_T)(const char *, int, int); + * Callbacks only work after the attach + * Also, FIPS callback only works in FIPS mode + */ + if (wantFipsCB) { + typedef void (*CALLBACK_T)(const char*, int, int); CALLBACK_T x = fcb; rv = ICC_SetValue(icc_ctx, &status, ICC_FIPS_CALLBACK, &x); @@ -1100,11 +991,10 @@ int main(int argc, const char *argv[]) } } - if (wantTraceCB) - { - typedef void (*TRACE_CALLBACK_T)(const char *, const char *); + if (wantTraceCB) { + typedef void (*TRACE_CALLBACK_T)(const char*, const char*); TRACE_CALLBACK_T x = tcb; - + rv = ICC_SetValue(icc_ctx, &status, ICC_TRACE_CALLBACK, &x); if (ICC_OK != status.majRC) { @@ -1112,7 +1002,7 @@ int main(int argc, const char *argv[]) } ICC_GetValue(icc_ctx, &status, ICC_TRACE_CALLBACK, &x, sizeof(TRACE_CALLBACK_T)); } - + #if 0 /* ICC has no DRGB so we can't do KAT on ICC */ { @@ -1122,11 +1012,10 @@ int main(int argc, const char *argv[]) } #endif - if (!algname) - { + if (!algname) { /* default */ algname = to_SIGNATURE_ALGNAME(3); /* Dilithium 768 */ - printf("algname = %s\n", algname ? algname : "NULL"); + printf("algname = %s\n", algname?algname:"NULL"); } /* Execute the signature test or speed test if the flag is set */ if (speed_test) @@ -1140,8 +1029,7 @@ int main(int argc, const char *argv[]) { rv = PQC_sign_test(icc_ctx, algname, hash, dataSize, verbose, encdec); } - if (rv) - { + if (rv) { OpenSSLError(icc_ctx); printf("%s: Error %d, try -? to get help\n", algname, rv); } @@ -1151,4 +1039,4 @@ int main(int argc, const char *argv[]) } return rv; -} +} \ No newline at end of file