2 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
31 #define HASH_SIZE(cname) br_ ## cname ## _SIZE
33 #define SPEED_HASH(Name, cname) \
35 test_speed_ ## cname(void) \
37 unsigned char buf[8192]; \
38 unsigned char tmp[HASH_SIZE(cname)]; \
39 br_ ## cname ## _context mc; \
43 memset(buf, 'T', sizeof buf); \
44 for (i = 0; i < 10; i ++) { \
45 br_ ## cname ## _init(&mc); \
46 br_ ## cname ## _update(&mc, buf, sizeof buf); \
47 br_ ## cname ## _out(&mc, tmp); \
55 br_ ## cname ## _init(&mc); \
57 for (k = num; k > 0; k --) { \
58 br_ ## cname ## _update(&mc, buf, sizeof buf); \
61 br_ ## cname ## _out(&mc, tmp); \
62 tt = (double)(end - begin) / CLOCKS_PER_SEC; \
64 printf("%-30s %8.2f MB/s\n", #Name, \
65 ((double)sizeof buf) * (double)num \
66 / (tt * 1000000.0)); \
74 #define BLOCK_SIZE(cname) br_ ## cname ## _BLOCK_SIZE
76 #define SPEED_BLOCKCIPHER_CBC(Name, fname, cname, klen, dir) \
78 test_speed_ ## fname(void) \
80 unsigned char key[klen]; \
81 unsigned char buf[8192 - (8192 % BLOCK_SIZE(cname))]; \
82 unsigned char iv[BLOCK_SIZE(cname)]; \
83 const br_block_cbc ## dir ## _class *vt; \
84 br_ ## cname ## _cbc ## dir ## _keys ec; \
88 memset(key, 'T', sizeof key); \
89 memset(buf, 'P', sizeof buf); \
90 memset(iv, 'X', sizeof iv); \
91 vt = &br_ ## cname ## _cbc ## dir ## _vtable; \
92 for (i = 0; i < 10; i ++) { \
93 vt->init(&ec.vtable, key, sizeof key); \
94 vt->run(&ec.vtable, iv, buf, sizeof buf); \
102 vt->init(&ec.vtable, key, sizeof key); \
104 for (k = num; k > 0; k --) { \
105 vt->run(&ec.vtable, iv, buf, sizeof buf); \
108 tt = (double)(end - begin) / CLOCKS_PER_SEC; \
110 printf("%-30s %8.2f MB/s\n", #Name, \
111 ((double)sizeof buf) * (double)num \
112 / (tt * 1000000.0)); \
120 #define SPEED_BLOCKCIPHER_CTR(Name, fname, cname, klen) \
122 test_speed_ ## fname(void) \
124 unsigned char key[klen]; \
125 unsigned char buf[8192 - (8192 % BLOCK_SIZE(cname))]; \
126 unsigned char iv[BLOCK_SIZE(cname) - 4]; \
127 const br_block_ctr_class *vt; \
128 br_ ## cname ## _ctr_keys ec; \
132 memset(key, 'T', sizeof key); \
133 memset(buf, 'P', sizeof buf); \
134 memset(iv, 'X', sizeof iv); \
135 vt = &br_ ## cname ## _ctr_vtable; \
136 for (i = 0; i < 10; i ++) { \
137 vt->init(&ec.vtable, key, sizeof key); \
138 vt->run(&ec.vtable, iv, 1, buf, sizeof buf); \
142 clock_t begin, end; \
146 vt->init(&ec.vtable, key, sizeof key); \
148 for (k = num; k > 0; k --) { \
149 vt->run(&ec.vtable, iv, 1, buf, sizeof buf); \
152 tt = (double)(end - begin) / CLOCKS_PER_SEC; \
154 printf("%-30s %8.2f MB/s\n", #Name, \
155 ((double)sizeof buf) * (double)num \
156 / (tt * 1000000.0)); \
164 #define SPEED_CHACHA20(Name, fname) \
166 test_speed_ ## fname(void) \
168 unsigned char key[32]; \
169 unsigned char buf[8192]; \
170 unsigned char iv[12]; \
174 memset(key, 'T', sizeof key); \
175 memset(buf, 'P', sizeof buf); \
176 memset(iv, 'X', sizeof iv); \
177 for (i = 0; i < 10; i ++) { \
178 br_ ## fname ## _run(key, iv, i, buf, sizeof buf); \
182 clock_t begin, end; \
187 for (k = num; k > 0; k --) { \
188 br_ ## fname ## _run(key, iv, \
189 (uint32_t)k, buf, sizeof buf); \
192 tt = (double)(end - begin) / CLOCKS_PER_SEC; \
194 printf("%-30s %8.2f MB/s\n", #Name, \
195 ((double)sizeof buf) * (double)num \
196 / (tt * 1000000.0)); \
205 SPEED_HASH(SHA
-1, sha1
)
206 SPEED_HASH(SHA
-256, sha256
)
207 SPEED_HASH(SHA
-512, sha512
)
209 #define SPEED_AES(iname) \
210 SPEED_BLOCKCIPHER_CBC(AES-128 CBC encrypt (iname), aes128_ ## iname ## _cbcenc, aes_ ## iname, 16, enc) \
211 SPEED_BLOCKCIPHER_CBC(AES-128 CBC decrypt (iname), aes128_ ## iname ## _cbcdec, aes_ ## iname, 16, dec) \
212 SPEED_BLOCKCIPHER_CBC(AES-192 CBC encrypt (iname), aes192_ ## iname ## _cbcenc, aes_ ## iname, 24, enc) \
213 SPEED_BLOCKCIPHER_CBC(AES-192 CBC decrypt (iname), aes192_ ## iname ## _cbcdec, aes_ ## iname, 24, dec) \
214 SPEED_BLOCKCIPHER_CBC(AES-256 CBC encrypt (iname), aes256_ ## iname ## _cbcenc, aes_ ## iname, 32, enc) \
215 SPEED_BLOCKCIPHER_CBC(AES-256 CBC decrypt (iname), aes256_ ## iname ## _cbcdec, aes_ ## iname, 32, dec) \
216 SPEED_BLOCKCIPHER_CTR(AES-128 CTR (iname), aes128_ ## iname ## _ctr, aes_ ## iname, 16) \
217 SPEED_BLOCKCIPHER_CTR(AES-192 CTR (iname), aes192_ ## iname ## _ctr, aes_ ## iname, 24) \
218 SPEED_BLOCKCIPHER_CTR(AES-256 CTR (iname), aes256_ ## iname ## _ctr, aes_ ## iname, 32)
225 #define SPEED_DES(iname) \
226 SPEED_BLOCKCIPHER_CBC(DES CBC encrypt (iname), des_ ## iname ## _cbcenc, des_ ## iname, 8, enc) \
227 SPEED_BLOCKCIPHER_CBC(DES CBC decrypt (iname), des_ ## iname ## _cbcdec, des_ ## iname, 8, dec) \
228 SPEED_BLOCKCIPHER_CBC(3DES CBC encrypt (iname), 3des_ ## iname ## _cbcenc, des_ ## iname, 24, enc) \
229 SPEED_BLOCKCIPHER_CBC(3DES CBC decrypt (iname), 3des_ ## iname ## _cbcdec, des_ ## iname, 24, dec)
234 SPEED_CHACHA20(ChaCha20
, chacha20_ct
)
237 test_speed_ghash_inner(char *name
, br_ghash gh
)
239 unsigned char buf
[8192], h
[16], y
[16];
243 memset(buf
, 'T', sizeof buf
);
244 memset(h
, 'P', sizeof h
);
245 memset(y
, 0, sizeof y
);
246 for (i
= 0; i
< 10; i
++) {
247 gh(y
, h
, buf
, sizeof buf
);
256 for (k
= num
; k
> 0; k
--) {
257 gh(y
, h
, buf
, sizeof buf
);
260 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
262 printf("%-30s %8.2f MB/s\n", name
,
263 ((double)sizeof buf
) * (double)num
273 test_speed_ghash_ctmul(void)
275 test_speed_ghash_inner("GHASH (ctmul)", &br_ghash_ctmul
);
279 test_speed_ghash_ctmul32(void)
281 test_speed_ghash_inner("GHASH (ctmul32)", &br_ghash_ctmul32
);
285 test_speed_ghash_ctmul64(void)
287 test_speed_ghash_inner("GHASH (ctmul64)", &br_ghash_ctmul64
);
291 fake_chacha20(const void *key
, const void *iv
,
292 uint32_t cc
, void *data
, size_t len
)
298 return cc
+ (uint32_t)((len
+ 63) >> 6);
302 * To speed-test Poly1305, we run it with a do-nothing stub instead of
306 test_speed_poly1305_inner(char *name
, br_poly1305_run pl
)
308 unsigned char buf
[8192], key
[32], iv
[12], aad
[13], tag
[16];
312 memset(key
, 'K', sizeof key
);
313 memset(iv
, 'I', sizeof iv
);
314 memset(aad
, 'A', sizeof aad
);
315 memset(buf
, 'T', sizeof buf
);
316 for (i
= 0; i
< 10; i
++) {
317 pl(key
, iv
, buf
, sizeof buf
,
318 aad
, sizeof aad
, tag
, &fake_chacha20
, 0);
327 for (k
= num
; k
> 0; k
--) {
328 pl(key
, iv
, buf
, sizeof buf
,
329 aad
, sizeof aad
, tag
, &fake_chacha20
, 0);
332 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
334 printf("%-30s %8.2f MB/s\n", name
,
335 ((double)sizeof buf
) * (double)num
345 test_speed_poly1305_ctmul(void)
347 test_speed_poly1305_inner("Poly1305 (ctmul)", &br_poly1305_ctmul_run
);
351 test_speed_poly1305_ctmul32(void)
353 test_speed_poly1305_inner("Poly1305 (ctmul32)",
354 &br_poly1305_ctmul32_run
);
358 test_speed_poly1305_i15(void)
360 test_speed_poly1305_inner("Poly1305 (i15)", &br_poly1305_i15_run
);
363 static const unsigned char RSA_N
[] = {
364 0xE9, 0xF2, 0x4A, 0x2F, 0x96, 0xDF, 0x0A, 0x23,
365 0x01, 0x85, 0xF1, 0x2C, 0xB2, 0xA8, 0xEF, 0x23,
366 0xCE, 0x2E, 0xB0, 0x4E, 0x18, 0x31, 0x95, 0x5B,
367 0x98, 0x2D, 0x9B, 0x8C, 0xE3, 0x1A, 0x2B, 0x96,
368 0xB5, 0xC7, 0xEE, 0xED, 0x72, 0x43, 0x2D, 0xFE,
369 0x7F, 0x61, 0x33, 0xEA, 0x14, 0xFC, 0xDE, 0x80,
370 0x17, 0x42, 0xF0, 0xF3, 0xC3, 0xC7, 0x89, 0x47,
371 0x76, 0x5B, 0xFA, 0x33, 0xC4, 0x8C, 0x94, 0xDE,
372 0x6A, 0x75, 0xD8, 0x1A, 0xF4, 0x49, 0xBC, 0xF3,
373 0xB7, 0x9E, 0x2C, 0x8D, 0xEC, 0x5A, 0xEE, 0xBF,
374 0x4B, 0x5A, 0x7F, 0xEF, 0x21, 0x39, 0xDB, 0x1D,
375 0x83, 0x5E, 0x7E, 0x2F, 0xAA, 0x5E, 0xBA, 0x28,
376 0xC3, 0xA2, 0x53, 0x19, 0xFB, 0x2F, 0x78, 0x6B,
377 0x14, 0x60, 0x49, 0x3C, 0xCC, 0x1B, 0xE9, 0x1E,
378 0x3D, 0x10, 0xA4, 0xEB, 0x7F, 0x66, 0x98, 0xF6,
379 0xC3, 0xAC, 0x35, 0xF5, 0x01, 0x84, 0xFF, 0x7D,
380 0x1F, 0x72, 0xBE, 0xB4, 0xD1, 0x89, 0xC8, 0xDD,
381 0x44, 0xE7, 0xB5, 0x2E, 0x2C, 0xE1, 0x85, 0xF5,
382 0x15, 0x50, 0xA9, 0x08, 0xC7, 0x67, 0xD9, 0x2B,
383 0x6C, 0x11, 0xB3, 0xEB, 0x28, 0x8D, 0xF4, 0xCC,
384 0xE3, 0xC3, 0xC5, 0x04, 0x0E, 0x7C, 0x8D, 0xDB,
385 0x39, 0x06, 0x6A, 0x74, 0x75, 0xDF, 0xA8, 0x0F,
386 0xDA, 0x67, 0x5A, 0x73, 0x1E, 0xFD, 0x8E, 0x4C,
387 0xEE, 0x17, 0xEE, 0x1E, 0x67, 0xDB, 0x98, 0x70,
388 0x60, 0xF7, 0xB9, 0xB5, 0x1F, 0x19, 0x93, 0xD6,
389 0x3F, 0x2F, 0x1F, 0xB6, 0x5B, 0x59, 0xAA, 0x85,
390 0xBB, 0x25, 0xE4, 0x13, 0xEF, 0xE7, 0xB9, 0x87,
391 0x9C, 0x3F, 0x5E, 0xE4, 0x08, 0xA3, 0x51, 0xCF,
392 0x8B, 0xAD, 0xF4, 0xE6, 0x1A, 0x5F, 0x51, 0xDD,
393 0xA8, 0xBE, 0xE8, 0xD1, 0x20, 0x19, 0x61, 0x6C,
394 0x18, 0xAB, 0xCA, 0x0A, 0xD9, 0x82, 0xA6, 0x94,
395 0xD5, 0x69, 0x2A, 0xF6, 0x43, 0x66, 0x31, 0x09
398 static const unsigned char RSA_E
[] = {
402 static const unsigned char RSA_P
[] = {
403 0xFD, 0x39, 0x40, 0x56, 0x20, 0x80, 0xC5, 0x81,
404 0x4C, 0x5F, 0x0C, 0x1A, 0x52, 0x84, 0x03, 0x2F,
405 0xCE, 0x82, 0xB0, 0xD8, 0x30, 0x23, 0x7F, 0x77,
406 0x45, 0xC2, 0x01, 0xC4, 0x68, 0x96, 0x0D, 0xA7,
407 0x22, 0xA9, 0x6C, 0xA9, 0x1A, 0x33, 0xE5, 0x2F,
408 0xB5, 0x07, 0x9A, 0xF9, 0xEA, 0x33, 0xA5, 0xC8,
409 0x96, 0x60, 0x6A, 0xCA, 0xEB, 0xE5, 0x6E, 0x09,
410 0x46, 0x7E, 0x2D, 0xEF, 0x93, 0x7D, 0x56, 0xED,
411 0x75, 0x70, 0x3B, 0x96, 0xC4, 0xD5, 0xDB, 0x0B,
412 0x3F, 0x69, 0xDF, 0x06, 0x18, 0x76, 0xF4, 0xCF,
413 0xF8, 0x84, 0x22, 0xDF, 0xBD, 0x71, 0x62, 0x7B,
414 0x67, 0x99, 0xBC, 0x09, 0x95, 0x54, 0xA4, 0x98,
415 0x83, 0xF5, 0xA9, 0xCF, 0x09, 0xA5, 0x1F, 0x61,
416 0x25, 0xB4, 0x70, 0x6C, 0x91, 0xB8, 0xB3, 0xD0,
417 0xCE, 0x9C, 0x45, 0x65, 0x9B, 0xEF, 0xD4, 0x70,
418 0xBE, 0x86, 0xD2, 0x98, 0x5D, 0xEB, 0xE3, 0xFF
421 static const unsigned char RSA_Q
[] = {
422 0xEC, 0x82, 0xEE, 0x63, 0x5F, 0x40, 0x52, 0xDB,
423 0x38, 0x7A, 0x37, 0x6A, 0x54, 0x5B, 0xD9, 0xA0,
424 0x73, 0xB4, 0xBB, 0x52, 0xB2, 0x84, 0x07, 0xD0,
425 0xCC, 0x82, 0x0D, 0x20, 0xB3, 0xFA, 0xD5, 0xB6,
426 0x25, 0x92, 0x35, 0x4D, 0xB4, 0xC7, 0x36, 0x48,
427 0xCE, 0x5E, 0x21, 0x4A, 0xA6, 0x74, 0x65, 0xF4,
428 0x7D, 0x1D, 0xBC, 0x3B, 0xE2, 0xF4, 0x3E, 0x11,
429 0x58, 0x10, 0x6C, 0x04, 0x46, 0x9E, 0x8D, 0x57,
430 0xE0, 0x04, 0xE2, 0xEC, 0x47, 0xCF, 0xB3, 0x2A,
431 0xFD, 0x4C, 0x55, 0x18, 0xDB, 0xDE, 0x3B, 0xDC,
432 0xF4, 0x5B, 0xDA, 0xF3, 0x1A, 0xC8, 0x41, 0x6F,
433 0x73, 0x3B, 0xFE, 0x3C, 0xA0, 0xDB, 0xBA, 0x6E,
434 0x65, 0xA5, 0xE8, 0x02, 0xA5, 0x6C, 0xEA, 0x03,
435 0xF6, 0x99, 0xF7, 0xCB, 0x4B, 0xB7, 0x11, 0x51,
436 0x93, 0x88, 0x3F, 0xF9, 0x06, 0x85, 0xA9, 0x1E,
437 0xCA, 0x64, 0xF8, 0x11, 0xA5, 0x1A, 0xCA, 0xF7
440 static const unsigned char RSA_DP
[] = {
441 0x77, 0x95, 0xE0, 0x02, 0x4C, 0x9B, 0x43, 0xAA,
442 0xCA, 0x4C, 0x60, 0xC4, 0xD5, 0x8F, 0x2E, 0x8A,
443 0x17, 0x36, 0xB5, 0x19, 0x83, 0xB2, 0x5F, 0xF2,
444 0x0D, 0xE9, 0x8F, 0x38, 0x18, 0x44, 0x34, 0xF2,
445 0x67, 0x76, 0x27, 0xB0, 0xBC, 0x85, 0x21, 0x89,
446 0x24, 0x2F, 0x11, 0x4B, 0x51, 0x05, 0x4F, 0x17,
447 0xA9, 0x9C, 0xA3, 0x12, 0x6D, 0xD1, 0x0D, 0xE4,
448 0x27, 0x7C, 0x53, 0x69, 0x3E, 0xF8, 0x04, 0x63,
449 0x64, 0x00, 0xBA, 0xC3, 0x7A, 0xF5, 0x9B, 0xDA,
450 0x75, 0xFA, 0x23, 0xAF, 0x17, 0x42, 0xA6, 0x5E,
451 0xC8, 0xF8, 0x6E, 0x17, 0xC7, 0xB9, 0x92, 0x4E,
452 0xC1, 0x20, 0x63, 0x23, 0x0B, 0x78, 0xCB, 0xBA,
453 0x93, 0x27, 0x23, 0x28, 0x79, 0x5F, 0x97, 0xB0,
454 0x23, 0x44, 0x51, 0x8B, 0x94, 0x4D, 0xEB, 0xED,
455 0x82, 0x85, 0x5E, 0x68, 0x9B, 0xF9, 0xE9, 0x13,
456 0xCD, 0x86, 0x92, 0x52, 0x0E, 0x98, 0xE6, 0x35
459 static const unsigned char RSA_DQ
[] = {
460 0xD8, 0xDD, 0x71, 0xB3, 0x62, 0xBA, 0xBB, 0x7E,
461 0xD1, 0xF9, 0x96, 0xE8, 0x83, 0xB3, 0xB9, 0x08,
462 0x9C, 0x30, 0x03, 0x77, 0xDF, 0xC2, 0x9A, 0xDC,
463 0x05, 0x39, 0xD6, 0xC9, 0xBE, 0xDE, 0x68, 0xA9,
464 0xDD, 0x27, 0x84, 0x82, 0xDD, 0x19, 0xB1, 0x97,
465 0xEE, 0xCA, 0x77, 0x22, 0x59, 0x20, 0xEF, 0xFF,
466 0xCF, 0xDD, 0xBD, 0x24, 0xF8, 0x84, 0xD6, 0x88,
467 0xD6, 0xC4, 0x30, 0x17, 0x77, 0x9D, 0x98, 0xA3,
468 0x14, 0x01, 0xC7, 0x05, 0xBB, 0x0F, 0x23, 0x0D,
469 0x6F, 0x37, 0x57, 0xEC, 0x34, 0x67, 0x41, 0x62,
470 0xE8, 0x19, 0x75, 0xD9, 0x66, 0x1C, 0x6B, 0x8B,
471 0xC3, 0x11, 0x26, 0x9C, 0xF7, 0x2E, 0xA3, 0x72,
472 0xE8, 0xF7, 0xC8, 0x96, 0xEC, 0x92, 0xC2, 0xBD,
473 0xA1, 0x98, 0x2A, 0x93, 0x99, 0xB8, 0xA2, 0x43,
474 0xB7, 0xD0, 0xBE, 0x40, 0x1C, 0x8F, 0xE0, 0xB4,
475 0x20, 0x07, 0x97, 0x43, 0xAE, 0xAD, 0xB3, 0x9F
478 static const unsigned char RSA_IQ
[] = {
479 0xB7, 0xE2, 0x60, 0xA9, 0x62, 0xEC, 0xEC, 0x0B,
480 0x57, 0x02, 0x96, 0xF9, 0x36, 0x35, 0x2C, 0x37,
481 0xAF, 0xC2, 0xEE, 0x71, 0x49, 0x26, 0x8E, 0x0F,
482 0x27, 0xB1, 0xFA, 0x0F, 0xEA, 0xDC, 0xF0, 0x8B,
483 0x53, 0x6C, 0xB2, 0x46, 0x27, 0xCD, 0x29, 0xA2,
484 0x35, 0x0F, 0x5D, 0x8A, 0x3F, 0x20, 0x8C, 0x13,
485 0x3D, 0xA1, 0xFF, 0x85, 0x91, 0x99, 0xE8, 0x50,
486 0xED, 0xF1, 0x29, 0x00, 0xEE, 0x24, 0x90, 0xB5,
487 0x5F, 0x3A, 0x74, 0x26, 0xD7, 0xA2, 0x24, 0x8D,
488 0x89, 0x88, 0xD8, 0x35, 0x22, 0x22, 0x8A, 0x66,
489 0x5D, 0x5C, 0xDE, 0x83, 0x8C, 0xFA, 0x27, 0xE6,
490 0xB9, 0xEB, 0x72, 0x08, 0xCD, 0x53, 0x4B, 0x93,
491 0x0F, 0xAD, 0xC3, 0xF8, 0x7C, 0xFE, 0x84, 0xD7,
492 0x08, 0xF3, 0xBE, 0x3D, 0x60, 0x1E, 0x95, 0x8D,
493 0x44, 0x5B, 0x65, 0x7E, 0xC1, 0x30, 0xC3, 0x84,
494 0xC0, 0xB0, 0xFE, 0xBF, 0x28, 0x54, 0x1E, 0xC4
497 static const br_rsa_public_key RSA_PK
= {
498 (void *)RSA_N
, sizeof RSA_N
,
499 (void *)RSA_E
, sizeof RSA_E
502 static const br_rsa_private_key RSA_SK
= {
504 (void *)RSA_P
, sizeof RSA_P
,
505 (void *)RSA_Q
, sizeof RSA_Q
,
506 (void *)RSA_DP
, sizeof RSA_DP
,
507 (void *)RSA_DQ
, sizeof RSA_DQ
,
508 (void *)RSA_IQ
, sizeof RSA_IQ
512 test_speed_rsa_inner(char *name
,
513 br_rsa_public fpub
, br_rsa_private fpriv
)
515 unsigned char tmp
[sizeof RSA_N
];
519 memset(tmp
, 'R', sizeof tmp
);
521 for (i
= 0; i
< 10; i
++) {
522 if (!fpriv(tmp
, &RSA_SK
)) {
533 for (k
= num
; k
> 0; k
--) {
537 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
539 printf("%-30s %8.2f priv/s\n", name
,
546 for (i
= 0; i
< 10; i
++) {
547 if (!fpub(tmp
, sizeof tmp
, &RSA_PK
)) {
558 for (k
= num
; k
> 0; k
--) {
559 fpub(tmp
, sizeof tmp
, &RSA_PK
);
562 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
564 printf("%-30s %8.2f pub/s\n", name
,
574 test_speed_rsa_i15(void)
576 test_speed_rsa_inner("RSA i15",
577 &br_rsa_i15_public
, &br_rsa_i15_private
);
581 test_speed_rsa_i31(void)
583 test_speed_rsa_inner("RSA i31",
584 &br_rsa_i31_public
, &br_rsa_i31_private
);
588 test_speed_rsa_i32(void)
590 test_speed_rsa_inner("RSA i32",
591 &br_rsa_i32_public
, &br_rsa_i32_private
);
595 test_speed_ec_inner_1(const char *name
,
596 const br_ec_impl
*impl
, const br_ec_curve_def
*cd
)
598 unsigned char bx
[80], U
[160];
599 uint32_t x
[22], n
[22];
604 nlen
= cd
->order_len
;
605 br_i31_decode(n
, cd
->order
, nlen
);
606 memset(bx
, 'T', sizeof bx
);
607 br_i31_decode_reduce(x
, bx
, sizeof bx
, n
);
608 br_i31_encode(bx
, nlen
, x
);
609 ulen
= cd
->generator_len
;
610 memcpy(U
, cd
->generator
, ulen
);
611 for (i
= 0; i
< 10; i
++) {
612 impl
->mul(U
, ulen
, bx
, nlen
, cd
->curve
);
621 for (k
= num
; k
> 0; k
--) {
622 impl
->mul(U
, ulen
, bx
, nlen
, cd
->curve
);
625 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
627 printf("%-30s %8.2f mul/s\n", name
,
637 test_speed_ec_inner_2(const char *name
,
638 const br_ec_impl
*impl
, const br_ec_curve_def
*cd
)
640 unsigned char bx
[80], U
[160];
641 uint32_t x
[22], n
[22];
646 nlen
= cd
->order_len
;
647 br_i31_decode(n
, cd
->order
, nlen
);
648 memset(bx
, 'T', sizeof bx
);
649 br_i31_decode_reduce(x
, bx
, sizeof bx
, n
);
650 br_i31_encode(bx
, nlen
, x
);
651 for (i
= 0; i
< 10; i
++) {
652 impl
->mulgen(U
, bx
, nlen
, cd
->curve
);
661 for (k
= num
; k
> 0; k
--) {
662 impl
->mulgen(U
, bx
, nlen
, cd
->curve
);
665 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
667 printf("%-30s %8.2f mul/s\n", name
,
677 test_speed_ec_inner(const char *name
,
678 const br_ec_impl
*impl
, const br_ec_curve_def
*cd
)
682 test_speed_ec_inner_1(name
, impl
, cd
);
683 sprintf(tmp
, "%s (FP)", name
);
684 test_speed_ec_inner_2(tmp
, impl
, cd
);
688 test_speed_ec_p256_m15(void)
690 test_speed_ec_inner("EC p256_m15",
691 &br_ec_p256_m15
, &br_secp256r1
);
695 test_speed_ec_prime_i15(void)
697 test_speed_ec_inner("EC prime_i15 P-256",
698 &br_ec_prime_i15
, &br_secp256r1
);
699 test_speed_ec_inner("EC prime_i15 P-384",
700 &br_ec_prime_i15
, &br_secp384r1
);
701 test_speed_ec_inner("EC prime_i15 P-521",
702 &br_ec_prime_i15
, &br_secp521r1
);
706 test_speed_ec_prime_i31(void)
708 test_speed_ec_inner("EC prime_i31 P-256",
709 &br_ec_prime_i31
, &br_secp256r1
);
710 test_speed_ec_inner("EC prime_i31 P-384",
711 &br_ec_prime_i31
, &br_secp384r1
);
712 test_speed_ec_inner("EC prime_i31 P-521",
713 &br_ec_prime_i31
, &br_secp521r1
);
717 test_speed_ec_c25519_i15(void)
719 test_speed_ec_inner("EC c25519_i15",
720 &br_ec_c25519_i15
, &br_curve25519
);
724 test_speed_ec_c25519_i31(void)
726 test_speed_ec_inner("EC c25519_i31",
727 &br_ec_c25519_i31
, &br_curve25519
);
731 test_speed_ec_c25519_m15(void)
733 test_speed_ec_inner("EC c25519_m15",
734 &br_ec_c25519_m15
, &br_curve25519
);
738 test_speed_ec_c25519_m31(void)
740 test_speed_ec_inner("EC c25519_m31",
741 &br_ec_c25519_m31
, &br_curve25519
);
745 test_speed_ecdsa_inner(const char *name
,
746 const br_ec_impl
*impl
, const br_ec_curve_def
*cd
,
747 br_ecdsa_sign sign
, br_ecdsa_vrfy vrfy
)
749 unsigned char bx
[80], U
[160], hv
[32], sig
[160];
750 uint32_t x
[22], n
[22];
751 size_t nlen
, ulen
, sig_len
;
754 br_ec_private_key sk
;
757 nlen
= cd
->order_len
;
758 br_i31_decode(n
, cd
->order
, nlen
);
759 memset(bx
, 'T', sizeof bx
);
760 br_i31_decode_reduce(x
, bx
, sizeof bx
, n
);
761 br_i31_encode(bx
, nlen
, x
);
762 ulen
= cd
->generator_len
;
763 memcpy(U
, cd
->generator
, ulen
);
764 impl
->mul(U
, ulen
, bx
, nlen
, cd
->curve
);
765 sk
.curve
= cd
->curve
;
768 pk
.curve
= cd
->curve
;
772 memset(hv
, 'H', sizeof hv
);
773 sig_len
= sign(impl
, &br_sha256_vtable
, hv
, &sk
, sig
);
774 if (vrfy(impl
, hv
, sizeof hv
, &pk
, sig
, sig_len
) != 1) {
775 fprintf(stderr
, "self-test sign/verify failed\n");
779 for (i
= 0; i
< 10; i
++) {
781 sign(impl
, &br_sha256_vtable
, hv
, &sk
, sig
);
782 vrfy(impl
, hv
, sizeof hv
, &pk
, sig
, sig_len
);
792 for (k
= num
; k
> 0; k
--) {
794 sig_len
= sign(impl
, &br_sha256_vtable
, hv
, &sk
, sig
);
797 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
799 printf("%-30s %8.2f sign/s\n", name
,
814 for (k
= num
; k
> 0; k
--) {
815 vrfy(impl
, hv
, sizeof hv
, &pk
, sig
, sig_len
);
818 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
820 printf("%-30s %8.2f verify/s\n", name
,
830 test_speed_ecdsa_p256_m15(void)
832 test_speed_ecdsa_inner("ECDSA m15 P-256",
833 &br_ec_p256_m15
, &br_secp256r1
,
834 &br_ecdsa_i15_sign_asn1
,
835 &br_ecdsa_i15_vrfy_asn1
);
839 test_speed_ecdsa_i15(void)
841 test_speed_ecdsa_inner("ECDSA i15 P-256",
842 &br_ec_prime_i15
, &br_secp256r1
,
843 &br_ecdsa_i15_sign_asn1
,
844 &br_ecdsa_i15_vrfy_asn1
);
845 test_speed_ecdsa_inner("ECDSA i15 P-384",
846 &br_ec_prime_i15
, &br_secp384r1
,
847 &br_ecdsa_i15_sign_asn1
,
848 &br_ecdsa_i15_vrfy_asn1
);
849 test_speed_ecdsa_inner("ECDSA i15 P-521",
850 &br_ec_prime_i15
, &br_secp521r1
,
851 &br_ecdsa_i15_sign_asn1
,
852 &br_ecdsa_i15_vrfy_asn1
);
856 test_speed_ecdsa_i31(void)
858 test_speed_ecdsa_inner("ECDSA i31 P-256",
859 &br_ec_prime_i31
, &br_secp256r1
,
860 &br_ecdsa_i31_sign_asn1
,
861 &br_ecdsa_i31_vrfy_asn1
);
862 test_speed_ecdsa_inner("ECDSA i31 P-384",
863 &br_ec_prime_i31
, &br_secp384r1
,
864 &br_ecdsa_i31_sign_asn1
,
865 &br_ecdsa_i31_vrfy_asn1
);
866 test_speed_ecdsa_inner("ECDSA i31 P-521",
867 &br_ec_prime_i31
, &br_secp521r1
,
868 &br_ecdsa_i31_sign_asn1
,
869 &br_ecdsa_i31_vrfy_asn1
);
875 test_speed_ec_prime_i31_inner(const char *name
,
876 const unsigned char *bg
, const br_ec_prime_i31_curve
*cc
)
878 unsigned char bx
[80], point
[160];
879 uint32_t x
[BR_EC_I31_LEN
];
880 br_ec_prime_i31_jacobian P
;
888 plen
= (xbl
+ 7) >> 3;
889 memset(bx
, 'T', sizeof bx
);
890 br_i31_decode_reduce(x
, bx
, sizeof bx
, cc
->p
);
891 br_i31_encode(bx
, plen
, x
);
892 br_ec_prime_i31_decode(&P
, bg
, 1 + (plen
<< 1), cc
);
893 for (i
= 0; i
< 10; i
++) {
894 br_ec_prime_i31_mul(&P
, bx
, plen
, cc
);
895 br_ec_prime_i31_encode(point
, &P
, cc
);
904 for (k
= num
; k
> 0; k
--) {
905 br_ec_prime_i31_mul(&P
, bx
, plen
, cc
);
906 br_ec_prime_i31_encode(point
, &P
, cc
);
909 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
911 printf("%-30s %8.2f mul/s\n", name
,
921 test_speed_ec_prime_i31(void)
923 test_speed_ec_prime_i31_inner("EC i31 P-256",
924 br_g_secp256r1
, &br_ec_prime_i31_secp256r1
);
925 test_speed_ec_prime_i31_inner("EC i31 P-384",
926 br_g_secp384r1
, &br_ec_prime_i31_secp384r1
);
927 test_speed_ec_prime_i31_inner("EC i31 P-521",
928 br_g_secp521r1
, &br_ec_prime_i31_secp521r1
);
932 test_speed_ec_prime_i32_inner(const char *name
,
933 const unsigned char *bg
, const br_ec_prime_i32_curve
*cc
)
935 unsigned char bx
[80], point
[160];
936 uint32_t x
[BR_EC_I32_LEN
];
937 br_ec_prime_i32_jacobian P
;
942 plen
= (cc
->p
[0] + 7) >> 3;
943 memset(bx
, 'T', sizeof bx
);
944 br_i32_decode_reduce(x
, bx
, sizeof bx
, cc
->p
);
945 br_i32_encode(bx
, plen
, x
);
946 br_ec_prime_i32_decode(&P
, bg
, 1 + (plen
<< 1), cc
);
947 for (i
= 0; i
< 10; i
++) {
948 br_ec_prime_i32_mul(&P
, bx
, plen
, cc
);
949 br_ec_prime_i32_encode(point
, &P
, cc
);
958 for (k
= num
; k
> 0; k
--) {
959 br_ec_prime_i32_mul(&P
, bx
, plen
, cc
);
960 br_ec_prime_i32_encode(point
, &P
, cc
);
963 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
965 printf("%-30s %8.2f mul/s\n", name
,
975 test_speed_ec_prime_i32(void)
977 test_speed_ec_prime_i32_inner("EC i32 P-256",
978 br_g_secp256r1
, &br_ec_prime_i32_secp256r1
);
979 test_speed_ec_prime_i32_inner("EC i32 P-384",
980 br_g_secp384r1
, &br_ec_prime_i32_secp384r1
);
981 test_speed_ec_prime_i32_inner("EC i32 P-521",
982 br_g_secp521r1
, &br_ec_prime_i32_secp521r1
);
989 static const unsigned char bp
[] = {
990 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00,
991 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
992 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
993 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
996 unsigned char tmp
[60 + sizeof bp
];
997 uint32_t p
[10], x
[10], y
[10], z
[10], p0i
;
1001 br_i31_decode(p
, bp
, sizeof bp
);
1002 p0i
= br_i31_ninv31(p
[1]);
1003 memset(tmp
, 'T', sizeof tmp
);
1004 br_i31_decode_reduce(x
, tmp
, sizeof tmp
, p
);
1005 memset(tmp
, 'U', sizeof tmp
);
1006 br_i31_decode_reduce(y
, tmp
, sizeof tmp
, p
);
1008 for (i
= 0; i
< 10; i
++) {
1009 br_i31_to_monty(x
, p
);
1018 for (k
= num
; k
> 0; k
--) {
1019 br_i31_to_monty(x
, p
);
1022 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
1024 printf("%-30s %8.2f ops/s\n", "i31 to_monty",
1032 for (i
= 0; i
< 10; i
++) {
1033 br_i31_from_monty(x
, p
, p0i
);
1042 for (k
= num
; k
> 0; k
--) {
1043 br_i31_from_monty(x
, p
, p0i
);
1046 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
1048 printf("%-30s %8.2f ops/s\n", "i31 from_monty",
1056 for (i
= 0; i
< 10; i
++) {
1057 br_i31_montymul(z
, x
, y
, p
, p0i
);
1066 for (k
= num
; k
> 0; k
--) {
1067 br_i31_montymul(z
, x
, y
, p
, p0i
);
1070 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
1072 printf("%-30s %8.2f ops/s\n", "i31 montymul",
1083 static unsigned char P2048
[] = {
1084 0xFD, 0xB6, 0xE0, 0x3E, 0x00, 0x49, 0x4C, 0xF0, 0x69, 0x3A, 0xDD, 0x7D,
1085 0xF8, 0xA2, 0x41, 0xB0, 0x6C, 0x67, 0xC5, 0xBA, 0xB8, 0x46, 0x80, 0xF5,
1086 0xBF, 0xAB, 0x98, 0xFC, 0x84, 0x73, 0xA5, 0x63, 0xC9, 0x52, 0x12, 0xDA,
1087 0x4C, 0xC1, 0x5B, 0x9D, 0x8D, 0xDF, 0xCD, 0xFE, 0xC5, 0xAD, 0x5A, 0x6F,
1088 0xDD, 0x02, 0xD9, 0xEC, 0x71, 0xEF, 0xEB, 0xB6, 0x95, 0xED, 0x94, 0x25,
1089 0x0E, 0x63, 0xDD, 0x6A, 0x52, 0xC7, 0x93, 0xAF, 0x85, 0x9D, 0x2C, 0xBE,
1090 0x5C, 0xBE, 0x35, 0xD8, 0xDD, 0x39, 0xEF, 0x1B, 0xB1, 0x49, 0x67, 0xB2,
1091 0x33, 0xC9, 0x7C, 0xE1, 0x51, 0x79, 0x51, 0x59, 0xCA, 0x6E, 0x2A, 0xDF,
1092 0x0D, 0x76, 0x1C, 0xE7, 0xA5, 0xC0, 0x1E, 0x6C, 0x56, 0x3A, 0x32, 0xE5,
1093 0xB5, 0xC5, 0xD4, 0xDB, 0xFE, 0xFF, 0xF8, 0xF2, 0x96, 0xA9, 0xC9, 0x65,
1094 0x59, 0x9E, 0x01, 0x79, 0x9D, 0x38, 0x68, 0x0F, 0xAD, 0x43, 0x3A, 0xD6,
1095 0x84, 0x0A, 0xE2, 0xEF, 0x96, 0xC1, 0x6D, 0x89, 0x74, 0x19, 0x63, 0x82,
1096 0x3B, 0xA0, 0x9C, 0xBA, 0x78, 0xDE, 0xDC, 0xC2, 0xE7, 0xD4, 0xFA, 0xD6,
1097 0x19, 0x21, 0x29, 0xAE, 0x5E, 0xF4, 0x38, 0x81, 0xC6, 0x9E, 0x0E, 0x3C,
1098 0xCD, 0xC0, 0xDC, 0x93, 0x5D, 0xFD, 0x9A, 0x5C, 0xAB, 0x54, 0x1F, 0xFF,
1099 0x9C, 0x12, 0x1B, 0x4C, 0xDF, 0x2D, 0x9C, 0x85, 0xF9, 0x68, 0x15, 0x89,
1100 0x42, 0x9B, 0x6C, 0x45, 0x89, 0x3A, 0xBC, 0xE9, 0x19, 0x91, 0xBE, 0x0C,
1101 0xEF, 0x90, 0xCC, 0xF6, 0xD6, 0xF0, 0x3D, 0x5C, 0xF5, 0xE5, 0x0F, 0x2F,
1102 0x02, 0x8A, 0x83, 0x4B, 0x93, 0x2F, 0x14, 0x12, 0x1F, 0x56, 0x9A, 0x12,
1103 0x58, 0x88, 0xAE, 0x60, 0xB8, 0x5A, 0xE4, 0xA1, 0xBF, 0x4A, 0x81, 0x84,
1104 0xAB, 0xBB, 0xE4, 0xD0, 0x1D, 0x41, 0xD9, 0x0A, 0xAB, 0x1E, 0x47, 0x5B,
1105 0x31, 0xAC, 0x2B, 0x73
1108 static unsigned char G2048
[] = {
1113 test_speed_modpow(void)
1115 uint32_t mx
[65], mp
[65], me
[65], t1
[65], t2
[65], len
;
1116 unsigned char e
[64];
1120 len
= br_int_decode(mp
, sizeof mp
/ sizeof mp
[0],
1121 P2048
, sizeof P2048
);
1125 memset(e
, 'P', sizeof e
);
1126 if (!br_int_decode(me
, sizeof me
/ sizeof me
[0], e
, sizeof e
)) {
1129 if (!br_modint_decode(mx
, mp
, G2048
, sizeof G2048
)) {
1132 for (i
= 0; i
< 10; i
++) {
1133 br_modint_to_monty(mx
, mp
);
1134 br_modint_montypow(mx
, me
, mp
, t1
, t2
);
1135 br_modint_from_monty(mx
, mp
);
1144 for (k
= num
; k
> 0; k
--) {
1145 br_modint_to_monty(mx
, mp
);
1146 br_modint_montypow(mx
, me
, mp
, t1
, t2
);
1147 br_modint_from_monty(mx
, mp
);
1150 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
1152 printf("%-30s %8.2f exp/s\n", "pow[2048:256]",
1162 test_speed_moddiv(void)
1164 uint32_t mx
[65], my
[65], mp
[65], t1
[65], t2
[65], t3
[65], len
;
1165 unsigned char x
[255], y
[255];
1169 len
= br_int_decode(mp
, sizeof mp
/ sizeof mp
[0],
1170 P2048
, sizeof P2048
);
1174 memset(x
, 'T', sizeof x
);
1175 memset(y
, 'P', sizeof y
);
1176 if (!br_modint_decode(mx
, mp
, x
, sizeof x
)) {
1179 if (!br_modint_decode(my
, mp
, y
, sizeof y
)) {
1182 for (i
= 0; i
< 10; i
++) {
1183 br_modint_div(mx
, my
, mp
, t1
, t2
, t3
);
1192 for (k
= num
; k
> 0; k
--) {
1193 br_modint_div(mx
, my
, mp
, t1
, t2
, t3
);
1196 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
1198 printf("%-30s %8.2f div/s\n", "div[2048]",
1208 #define STU(x) { test_speed_ ## x, #x }
1210 static const struct {
1219 STU(aes128_big_cbcenc
),
1220 STU(aes128_big_cbcdec
),
1221 STU(aes192_big_cbcenc
),
1222 STU(aes192_big_cbcdec
),
1223 STU(aes256_big_cbcenc
),
1224 STU(aes256_big_cbcdec
),
1225 STU(aes128_big_ctr
),
1226 STU(aes192_big_ctr
),
1227 STU(aes256_big_ctr
),
1229 STU(aes128_small_cbcenc
),
1230 STU(aes128_small_cbcdec
),
1231 STU(aes192_small_cbcenc
),
1232 STU(aes192_small_cbcdec
),
1233 STU(aes256_small_cbcenc
),
1234 STU(aes256_small_cbcdec
),
1235 STU(aes128_small_ctr
),
1236 STU(aes192_small_ctr
),
1237 STU(aes256_small_ctr
),
1239 STU(aes128_ct_cbcenc
),
1240 STU(aes128_ct_cbcdec
),
1241 STU(aes192_ct_cbcenc
),
1242 STU(aes192_ct_cbcdec
),
1243 STU(aes256_ct_cbcenc
),
1244 STU(aes256_ct_cbcdec
),
1249 STU(aes128_ct64_cbcenc
),
1250 STU(aes128_ct64_cbcdec
),
1251 STU(aes192_ct64_cbcenc
),
1252 STU(aes192_ct64_cbcdec
),
1253 STU(aes256_ct64_cbcenc
),
1254 STU(aes256_ct64_cbcdec
),
1255 STU(aes128_ct64_ctr
),
1256 STU(aes192_ct64_ctr
),
1257 STU(aes256_ct64_ctr
),
1259 STU(des_tab_cbcenc
),
1260 STU(des_tab_cbcdec
),
1261 STU(3des_tab_cbcenc
),
1262 STU(3des_tab_cbcdec
),
1266 STU(3des_ct_cbcenc
),
1267 STU(3des_ct_cbcdec
),
1275 STU(poly1305_ctmul
),
1276 STU(poly1305_ctmul32
),
1289 STU(ecdsa_p256_m15
),
1297 eq_name(const char *s1
, const char *s2
)
1304 if (c1
>= 'A' && c1
<= 'Z') {
1308 case '-': case '_': case '.': case ' ':
1316 if (c2
>= 'A' && c2
<= 'Z') {
1320 case '-': case '_': case '.': case ' ':
1336 main(int argc
, char *argv
[])
1341 printf("usage: testspeed all | name...\n");
1342 printf("individual test names:\n");
1343 for (u
= 0; u
< (sizeof tfns
) / (sizeof tfns
[0]); u
++) {
1344 printf(" %s\n", tfns
[u
].name
);
1347 for (u
= 0; u
< (sizeof tfns
) / (sizeof tfns
[0]); u
++) {
1350 for (i
= 1; i
< argc
; i
++) {
1351 if (eq_name(argv
[i
], tfns
[u
].name
)
1352 || eq_name(argv
[i
], "all"))