2 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
31 #define HASH_SIZE(cname) br_ ## cname ## _SIZE
33 #define SPEED_HASH(Name, cname) \
35 test_speed_ ## cname(void) \
37 unsigned char buf[8192]; \
38 unsigned char tmp[HASH_SIZE(cname)]; \
39 br_ ## cname ## _context mc; \
43 memset(buf, 'T', sizeof buf); \
44 for (i = 0; i < 10; i ++) { \
45 br_ ## cname ## _init(&mc); \
46 br_ ## cname ## _update(&mc, buf, sizeof buf); \
47 br_ ## cname ## _out(&mc, tmp); \
55 br_ ## cname ## _init(&mc); \
57 for (k = num; k > 0; k --) { \
58 br_ ## cname ## _update(&mc, buf, sizeof buf); \
61 br_ ## cname ## _out(&mc, tmp); \
62 tt = (double)(end - begin) / CLOCKS_PER_SEC; \
64 printf("%-30s %8.2f MB/s\n", #Name, \
65 ((double)sizeof buf) * (double)num \
66 / (tt * 1000000.0)); \
74 #define BLOCK_SIZE(cname) br_ ## cname ## _BLOCK_SIZE
76 #define SPEED_BLOCKCIPHER_CBC(Name, fname, cname, klen, dir) \
78 test_speed_ ## fname(void) \
80 unsigned char key[klen]; \
81 unsigned char buf[8192 - (8192 % BLOCK_SIZE(cname))]; \
82 unsigned char iv[BLOCK_SIZE(cname)]; \
83 const br_block_cbc ## dir ## _class *vt; \
84 br_ ## cname ## _cbc ## dir ## _keys ec; \
88 memset(key, 'T', sizeof key); \
89 memset(buf, 'P', sizeof buf); \
90 memset(iv, 'X', sizeof iv); \
91 vt = &br_ ## cname ## _cbc ## dir ## _vtable; \
92 for (i = 0; i < 10; i ++) { \
93 vt->init(&ec.vtable, key, sizeof key); \
94 vt->run(&ec.vtable, iv, buf, sizeof buf); \
102 vt->init(&ec.vtable, key, sizeof key); \
104 for (k = num; k > 0; k --) { \
105 vt->run(&ec.vtable, iv, buf, sizeof buf); \
108 tt = (double)(end - begin) / CLOCKS_PER_SEC; \
110 printf("%-30s %8.2f MB/s\n", #Name, \
111 ((double)sizeof buf) * (double)num \
112 / (tt * 1000000.0)); \
120 #define SPEED_BLOCKCIPHER_CTR(Name, fname, cname, klen) \
122 test_speed_ ## fname(void) \
124 unsigned char key[klen]; \
125 unsigned char buf[8192 - (8192 % BLOCK_SIZE(cname))]; \
126 unsigned char iv[BLOCK_SIZE(cname) - 4]; \
127 const br_block_ctr_class *vt; \
128 br_ ## cname ## _ctr_keys ec; \
132 memset(key, 'T', sizeof key); \
133 memset(buf, 'P', sizeof buf); \
134 memset(iv, 'X', sizeof iv); \
135 vt = &br_ ## cname ## _ctr_vtable; \
136 for (i = 0; i < 10; i ++) { \
137 vt->init(&ec.vtable, key, sizeof key); \
138 vt->run(&ec.vtable, iv, 1, buf, sizeof buf); \
142 clock_t begin, end; \
146 vt->init(&ec.vtable, key, sizeof key); \
148 for (k = num; k > 0; k --) { \
149 vt->run(&ec.vtable, iv, 1, buf, sizeof buf); \
152 tt = (double)(end - begin) / CLOCKS_PER_SEC; \
154 printf("%-30s %8.2f MB/s\n", #Name, \
155 ((double)sizeof buf) * (double)num \
156 / (tt * 1000000.0)); \
164 #define SPEED_CHACHA20(Name, fname) \
166 test_speed_ ## fname(void) \
168 unsigned char key[32]; \
169 unsigned char buf[8192]; \
170 unsigned char iv[12]; \
174 memset(key, 'T', sizeof key); \
175 memset(buf, 'P', sizeof buf); \
176 memset(iv, 'X', sizeof iv); \
177 for (i = 0; i < 10; i ++) { \
178 br_ ## fname ## _run(key, iv, i, buf, sizeof buf); \
182 clock_t begin, end; \
187 for (k = num; k > 0; k --) { \
188 br_ ## fname ## _run(key, iv, \
189 (uint32_t)k, buf, sizeof buf); \
192 tt = (double)(end - begin) / CLOCKS_PER_SEC; \
194 printf("%-30s %8.2f MB/s\n", #Name, \
195 ((double)sizeof buf) * (double)num \
196 / (tt * 1000000.0)); \
205 SPEED_HASH(SHA
-1, sha1
)
206 SPEED_HASH(SHA
-256, sha256
)
207 SPEED_HASH(SHA
-512, sha512
)
209 #define SPEED_AES(iname) \
210 SPEED_BLOCKCIPHER_CBC(AES-128 CBC encrypt (iname), aes128_ ## iname ## _cbcenc, aes_ ## iname, 16, enc) \
211 SPEED_BLOCKCIPHER_CBC(AES-128 CBC decrypt (iname), aes128_ ## iname ## _cbcdec, aes_ ## iname, 16, dec) \
212 SPEED_BLOCKCIPHER_CBC(AES-192 CBC encrypt (iname), aes192_ ## iname ## _cbcenc, aes_ ## iname, 24, enc) \
213 SPEED_BLOCKCIPHER_CBC(AES-192 CBC decrypt (iname), aes192_ ## iname ## _cbcdec, aes_ ## iname, 24, dec) \
214 SPEED_BLOCKCIPHER_CBC(AES-256 CBC encrypt (iname), aes256_ ## iname ## _cbcenc, aes_ ## iname, 32, enc) \
215 SPEED_BLOCKCIPHER_CBC(AES-256 CBC decrypt (iname), aes256_ ## iname ## _cbcdec, aes_ ## iname, 32, dec) \
216 SPEED_BLOCKCIPHER_CTR(AES-128 CTR (iname), aes128_ ## iname ## _ctr, aes_ ## iname, 16) \
217 SPEED_BLOCKCIPHER_CTR(AES-192 CTR (iname), aes192_ ## iname ## _ctr, aes_ ## iname, 24) \
218 SPEED_BLOCKCIPHER_CTR(AES-256 CTR (iname), aes256_ ## iname ## _ctr, aes_ ## iname, 32)
225 #define SPEED_DES(iname) \
226 SPEED_BLOCKCIPHER_CBC(DES CBC encrypt (iname), des_ ## iname ## _cbcenc, des_ ## iname, 8, enc) \
227 SPEED_BLOCKCIPHER_CBC(DES CBC decrypt (iname), des_ ## iname ## _cbcdec, des_ ## iname, 8, dec) \
228 SPEED_BLOCKCIPHER_CBC(3DES CBC encrypt (iname), 3des_ ## iname ## _cbcenc, des_ ## iname, 24, enc) \
229 SPEED_BLOCKCIPHER_CBC(3DES CBC decrypt (iname), 3des_ ## iname ## _cbcdec, des_ ## iname, 24, dec)
234 SPEED_CHACHA20(ChaCha20
, chacha20_ct
)
237 test_speed_ghash_inner(char *name
, br_ghash gh
)
239 unsigned char buf
[8192], h
[16], y
[16];
243 memset(buf
, 'T', sizeof buf
);
244 memset(h
, 'P', sizeof h
);
245 memset(y
, 0, sizeof y
);
246 for (i
= 0; i
< 10; i
++) {
247 gh(y
, h
, buf
, sizeof buf
);
256 for (k
= num
; k
> 0; k
--) {
257 gh(y
, h
, buf
, sizeof buf
);
260 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
262 printf("%-30s %8.2f MB/s\n", name
,
263 ((double)sizeof buf
) * (double)num
273 test_speed_ghash_ctmul(void)
275 test_speed_ghash_inner("GHASH (ctmul)", &br_ghash_ctmul
);
279 test_speed_ghash_ctmul32(void)
281 test_speed_ghash_inner("GHASH (ctmul32)", &br_ghash_ctmul32
);
285 test_speed_ghash_ctmul64(void)
287 test_speed_ghash_inner("GHASH (ctmul64)", &br_ghash_ctmul64
);
291 fake_chacha20(const void *key
, const void *iv
,
292 uint32_t cc
, void *data
, size_t len
)
298 return cc
+ (uint32_t)((len
+ 63) >> 6);
302 * To speed-test Poly1305, we run it with a do-nothing stub instead of
306 test_speed_poly1305_inner(char *name
, br_poly1305_run pl
)
308 unsigned char buf
[8192], key
[32], iv
[12], aad
[13], tag
[16];
312 memset(key
, 'K', sizeof key
);
313 memset(iv
, 'I', sizeof iv
);
314 memset(aad
, 'A', sizeof aad
);
315 memset(buf
, 'T', sizeof buf
);
316 for (i
= 0; i
< 10; i
++) {
317 pl(key
, iv
, buf
, sizeof buf
,
318 aad
, sizeof aad
, tag
, &fake_chacha20
, 0);
327 for (k
= num
; k
> 0; k
--) {
328 pl(key
, iv
, buf
, sizeof buf
,
329 aad
, sizeof aad
, tag
, &fake_chacha20
, 0);
332 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
334 printf("%-30s %8.2f MB/s\n", name
,
335 ((double)sizeof buf
) * (double)num
345 test_speed_poly1305_ctmul(void)
347 test_speed_poly1305_inner("Poly1305 (ctmul)", &br_poly1305_ctmul_run
);
350 static const unsigned char RSA_N
[] = {
351 0xE9, 0xF2, 0x4A, 0x2F, 0x96, 0xDF, 0x0A, 0x23,
352 0x01, 0x85, 0xF1, 0x2C, 0xB2, 0xA8, 0xEF, 0x23,
353 0xCE, 0x2E, 0xB0, 0x4E, 0x18, 0x31, 0x95, 0x5B,
354 0x98, 0x2D, 0x9B, 0x8C, 0xE3, 0x1A, 0x2B, 0x96,
355 0xB5, 0xC7, 0xEE, 0xED, 0x72, 0x43, 0x2D, 0xFE,
356 0x7F, 0x61, 0x33, 0xEA, 0x14, 0xFC, 0xDE, 0x80,
357 0x17, 0x42, 0xF0, 0xF3, 0xC3, 0xC7, 0x89, 0x47,
358 0x76, 0x5B, 0xFA, 0x33, 0xC4, 0x8C, 0x94, 0xDE,
359 0x6A, 0x75, 0xD8, 0x1A, 0xF4, 0x49, 0xBC, 0xF3,
360 0xB7, 0x9E, 0x2C, 0x8D, 0xEC, 0x5A, 0xEE, 0xBF,
361 0x4B, 0x5A, 0x7F, 0xEF, 0x21, 0x39, 0xDB, 0x1D,
362 0x83, 0x5E, 0x7E, 0x2F, 0xAA, 0x5E, 0xBA, 0x28,
363 0xC3, 0xA2, 0x53, 0x19, 0xFB, 0x2F, 0x78, 0x6B,
364 0x14, 0x60, 0x49, 0x3C, 0xCC, 0x1B, 0xE9, 0x1E,
365 0x3D, 0x10, 0xA4, 0xEB, 0x7F, 0x66, 0x98, 0xF6,
366 0xC3, 0xAC, 0x35, 0xF5, 0x01, 0x84, 0xFF, 0x7D,
367 0x1F, 0x72, 0xBE, 0xB4, 0xD1, 0x89, 0xC8, 0xDD,
368 0x44, 0xE7, 0xB5, 0x2E, 0x2C, 0xE1, 0x85, 0xF5,
369 0x15, 0x50, 0xA9, 0x08, 0xC7, 0x67, 0xD9, 0x2B,
370 0x6C, 0x11, 0xB3, 0xEB, 0x28, 0x8D, 0xF4, 0xCC,
371 0xE3, 0xC3, 0xC5, 0x04, 0x0E, 0x7C, 0x8D, 0xDB,
372 0x39, 0x06, 0x6A, 0x74, 0x75, 0xDF, 0xA8, 0x0F,
373 0xDA, 0x67, 0x5A, 0x73, 0x1E, 0xFD, 0x8E, 0x4C,
374 0xEE, 0x17, 0xEE, 0x1E, 0x67, 0xDB, 0x98, 0x70,
375 0x60, 0xF7, 0xB9, 0xB5, 0x1F, 0x19, 0x93, 0xD6,
376 0x3F, 0x2F, 0x1F, 0xB6, 0x5B, 0x59, 0xAA, 0x85,
377 0xBB, 0x25, 0xE4, 0x13, 0xEF, 0xE7, 0xB9, 0x87,
378 0x9C, 0x3F, 0x5E, 0xE4, 0x08, 0xA3, 0x51, 0xCF,
379 0x8B, 0xAD, 0xF4, 0xE6, 0x1A, 0x5F, 0x51, 0xDD,
380 0xA8, 0xBE, 0xE8, 0xD1, 0x20, 0x19, 0x61, 0x6C,
381 0x18, 0xAB, 0xCA, 0x0A, 0xD9, 0x82, 0xA6, 0x94,
382 0xD5, 0x69, 0x2A, 0xF6, 0x43, 0x66, 0x31, 0x09
385 static const unsigned char RSA_E
[] = {
389 static const unsigned char RSA_P
[] = {
390 0xFD, 0x39, 0x40, 0x56, 0x20, 0x80, 0xC5, 0x81,
391 0x4C, 0x5F, 0x0C, 0x1A, 0x52, 0x84, 0x03, 0x2F,
392 0xCE, 0x82, 0xB0, 0xD8, 0x30, 0x23, 0x7F, 0x77,
393 0x45, 0xC2, 0x01, 0xC4, 0x68, 0x96, 0x0D, 0xA7,
394 0x22, 0xA9, 0x6C, 0xA9, 0x1A, 0x33, 0xE5, 0x2F,
395 0xB5, 0x07, 0x9A, 0xF9, 0xEA, 0x33, 0xA5, 0xC8,
396 0x96, 0x60, 0x6A, 0xCA, 0xEB, 0xE5, 0x6E, 0x09,
397 0x46, 0x7E, 0x2D, 0xEF, 0x93, 0x7D, 0x56, 0xED,
398 0x75, 0x70, 0x3B, 0x96, 0xC4, 0xD5, 0xDB, 0x0B,
399 0x3F, 0x69, 0xDF, 0x06, 0x18, 0x76, 0xF4, 0xCF,
400 0xF8, 0x84, 0x22, 0xDF, 0xBD, 0x71, 0x62, 0x7B,
401 0x67, 0x99, 0xBC, 0x09, 0x95, 0x54, 0xA4, 0x98,
402 0x83, 0xF5, 0xA9, 0xCF, 0x09, 0xA5, 0x1F, 0x61,
403 0x25, 0xB4, 0x70, 0x6C, 0x91, 0xB8, 0xB3, 0xD0,
404 0xCE, 0x9C, 0x45, 0x65, 0x9B, 0xEF, 0xD4, 0x70,
405 0xBE, 0x86, 0xD2, 0x98, 0x5D, 0xEB, 0xE3, 0xFF
408 static const unsigned char RSA_Q
[] = {
409 0xEC, 0x82, 0xEE, 0x63, 0x5F, 0x40, 0x52, 0xDB,
410 0x38, 0x7A, 0x37, 0x6A, 0x54, 0x5B, 0xD9, 0xA0,
411 0x73, 0xB4, 0xBB, 0x52, 0xB2, 0x84, 0x07, 0xD0,
412 0xCC, 0x82, 0x0D, 0x20, 0xB3, 0xFA, 0xD5, 0xB6,
413 0x25, 0x92, 0x35, 0x4D, 0xB4, 0xC7, 0x36, 0x48,
414 0xCE, 0x5E, 0x21, 0x4A, 0xA6, 0x74, 0x65, 0xF4,
415 0x7D, 0x1D, 0xBC, 0x3B, 0xE2, 0xF4, 0x3E, 0x11,
416 0x58, 0x10, 0x6C, 0x04, 0x46, 0x9E, 0x8D, 0x57,
417 0xE0, 0x04, 0xE2, 0xEC, 0x47, 0xCF, 0xB3, 0x2A,
418 0xFD, 0x4C, 0x55, 0x18, 0xDB, 0xDE, 0x3B, 0xDC,
419 0xF4, 0x5B, 0xDA, 0xF3, 0x1A, 0xC8, 0x41, 0x6F,
420 0x73, 0x3B, 0xFE, 0x3C, 0xA0, 0xDB, 0xBA, 0x6E,
421 0x65, 0xA5, 0xE8, 0x02, 0xA5, 0x6C, 0xEA, 0x03,
422 0xF6, 0x99, 0xF7, 0xCB, 0x4B, 0xB7, 0x11, 0x51,
423 0x93, 0x88, 0x3F, 0xF9, 0x06, 0x85, 0xA9, 0x1E,
424 0xCA, 0x64, 0xF8, 0x11, 0xA5, 0x1A, 0xCA, 0xF7
427 static const unsigned char RSA_DP
[] = {
428 0x77, 0x95, 0xE0, 0x02, 0x4C, 0x9B, 0x43, 0xAA,
429 0xCA, 0x4C, 0x60, 0xC4, 0xD5, 0x8F, 0x2E, 0x8A,
430 0x17, 0x36, 0xB5, 0x19, 0x83, 0xB2, 0x5F, 0xF2,
431 0x0D, 0xE9, 0x8F, 0x38, 0x18, 0x44, 0x34, 0xF2,
432 0x67, 0x76, 0x27, 0xB0, 0xBC, 0x85, 0x21, 0x89,
433 0x24, 0x2F, 0x11, 0x4B, 0x51, 0x05, 0x4F, 0x17,
434 0xA9, 0x9C, 0xA3, 0x12, 0x6D, 0xD1, 0x0D, 0xE4,
435 0x27, 0x7C, 0x53, 0x69, 0x3E, 0xF8, 0x04, 0x63,
436 0x64, 0x00, 0xBA, 0xC3, 0x7A, 0xF5, 0x9B, 0xDA,
437 0x75, 0xFA, 0x23, 0xAF, 0x17, 0x42, 0xA6, 0x5E,
438 0xC8, 0xF8, 0x6E, 0x17, 0xC7, 0xB9, 0x92, 0x4E,
439 0xC1, 0x20, 0x63, 0x23, 0x0B, 0x78, 0xCB, 0xBA,
440 0x93, 0x27, 0x23, 0x28, 0x79, 0x5F, 0x97, 0xB0,
441 0x23, 0x44, 0x51, 0x8B, 0x94, 0x4D, 0xEB, 0xED,
442 0x82, 0x85, 0x5E, 0x68, 0x9B, 0xF9, 0xE9, 0x13,
443 0xCD, 0x86, 0x92, 0x52, 0x0E, 0x98, 0xE6, 0x35
446 static const unsigned char RSA_DQ
[] = {
447 0xD8, 0xDD, 0x71, 0xB3, 0x62, 0xBA, 0xBB, 0x7E,
448 0xD1, 0xF9, 0x96, 0xE8, 0x83, 0xB3, 0xB9, 0x08,
449 0x9C, 0x30, 0x03, 0x77, 0xDF, 0xC2, 0x9A, 0xDC,
450 0x05, 0x39, 0xD6, 0xC9, 0xBE, 0xDE, 0x68, 0xA9,
451 0xDD, 0x27, 0x84, 0x82, 0xDD, 0x19, 0xB1, 0x97,
452 0xEE, 0xCA, 0x77, 0x22, 0x59, 0x20, 0xEF, 0xFF,
453 0xCF, 0xDD, 0xBD, 0x24, 0xF8, 0x84, 0xD6, 0x88,
454 0xD6, 0xC4, 0x30, 0x17, 0x77, 0x9D, 0x98, 0xA3,
455 0x14, 0x01, 0xC7, 0x05, 0xBB, 0x0F, 0x23, 0x0D,
456 0x6F, 0x37, 0x57, 0xEC, 0x34, 0x67, 0x41, 0x62,
457 0xE8, 0x19, 0x75, 0xD9, 0x66, 0x1C, 0x6B, 0x8B,
458 0xC3, 0x11, 0x26, 0x9C, 0xF7, 0x2E, 0xA3, 0x72,
459 0xE8, 0xF7, 0xC8, 0x96, 0xEC, 0x92, 0xC2, 0xBD,
460 0xA1, 0x98, 0x2A, 0x93, 0x99, 0xB8, 0xA2, 0x43,
461 0xB7, 0xD0, 0xBE, 0x40, 0x1C, 0x8F, 0xE0, 0xB4,
462 0x20, 0x07, 0x97, 0x43, 0xAE, 0xAD, 0xB3, 0x9F
465 static const unsigned char RSA_IQ
[] = {
466 0xB7, 0xE2, 0x60, 0xA9, 0x62, 0xEC, 0xEC, 0x0B,
467 0x57, 0x02, 0x96, 0xF9, 0x36, 0x35, 0x2C, 0x37,
468 0xAF, 0xC2, 0xEE, 0x71, 0x49, 0x26, 0x8E, 0x0F,
469 0x27, 0xB1, 0xFA, 0x0F, 0xEA, 0xDC, 0xF0, 0x8B,
470 0x53, 0x6C, 0xB2, 0x46, 0x27, 0xCD, 0x29, 0xA2,
471 0x35, 0x0F, 0x5D, 0x8A, 0x3F, 0x20, 0x8C, 0x13,
472 0x3D, 0xA1, 0xFF, 0x85, 0x91, 0x99, 0xE8, 0x50,
473 0xED, 0xF1, 0x29, 0x00, 0xEE, 0x24, 0x90, 0xB5,
474 0x5F, 0x3A, 0x74, 0x26, 0xD7, 0xA2, 0x24, 0x8D,
475 0x89, 0x88, 0xD8, 0x35, 0x22, 0x22, 0x8A, 0x66,
476 0x5D, 0x5C, 0xDE, 0x83, 0x8C, 0xFA, 0x27, 0xE6,
477 0xB9, 0xEB, 0x72, 0x08, 0xCD, 0x53, 0x4B, 0x93,
478 0x0F, 0xAD, 0xC3, 0xF8, 0x7C, 0xFE, 0x84, 0xD7,
479 0x08, 0xF3, 0xBE, 0x3D, 0x60, 0x1E, 0x95, 0x8D,
480 0x44, 0x5B, 0x65, 0x7E, 0xC1, 0x30, 0xC3, 0x84,
481 0xC0, 0xB0, 0xFE, 0xBF, 0x28, 0x54, 0x1E, 0xC4
484 static const br_rsa_public_key RSA_PK
= {
485 (void *)RSA_N
, sizeof RSA_N
,
486 (void *)RSA_E
, sizeof RSA_E
489 static const br_rsa_private_key RSA_SK
= {
491 (void *)RSA_P
, sizeof RSA_P
,
492 (void *)RSA_Q
, sizeof RSA_Q
,
493 (void *)RSA_DP
, sizeof RSA_DP
,
494 (void *)RSA_DQ
, sizeof RSA_DQ
,
495 (void *)RSA_IQ
, sizeof RSA_IQ
499 test_speed_rsa_inner(char *name
,
500 br_rsa_public fpub
, br_rsa_private fpriv
)
502 unsigned char tmp
[sizeof RSA_N
];
506 memset(tmp
, 'R', sizeof tmp
);
508 for (i
= 0; i
< 10; i
++) {
509 if (!fpriv(tmp
, &RSA_SK
)) {
520 for (k
= num
; k
> 0; k
--) {
524 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
526 printf("%-30s %8.2f priv/s\n", name
,
533 for (i
= 0; i
< 10; i
++) {
534 if (!fpub(tmp
, sizeof tmp
, &RSA_PK
)) {
545 for (k
= num
; k
> 0; k
--) {
546 fpub(tmp
, sizeof tmp
, &RSA_PK
);
549 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
551 printf("%-30s %8.2f pub/s\n", name
,
561 test_speed_rsa_i31(void)
563 test_speed_rsa_inner("RSA i31",
564 &br_rsa_i31_public
, &br_rsa_i31_private
);
568 test_speed_rsa_i32(void)
570 test_speed_rsa_inner("RSA i32",
571 &br_rsa_i32_public
, &br_rsa_i32_private
);
575 test_speed_ec_inner(const char *name
,
576 const br_ec_impl
*impl
, const br_ec_curve_def
*cd
)
578 unsigned char bx
[80], U
[160];
579 uint32_t x
[22], n
[22];
584 nlen
= cd
->order_len
;
585 br_i31_decode(n
, cd
->order
, nlen
);
586 memset(bx
, 'T', sizeof bx
);
587 br_i31_decode_reduce(x
, bx
, sizeof bx
, n
);
588 br_i31_encode(bx
, nlen
, x
);
589 ulen
= cd
->generator_len
;
590 memcpy(U
, cd
->generator
, ulen
);
591 for (i
= 0; i
< 10; i
++) {
592 impl
->mul(U
, ulen
, bx
, nlen
, cd
->curve
);
601 for (k
= num
; k
> 0; k
--) {
602 impl
->mul(U
, ulen
, bx
, nlen
, cd
->curve
);
605 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
607 printf("%-30s %8.2f mul/s\n", name
,
617 test_speed_ec_prime_i31(void)
619 test_speed_ec_inner("EC i31 P-256", &br_ec_prime_i31
, &br_secp256r1
);
620 test_speed_ec_inner("EC i31 P-384", &br_ec_prime_i31
, &br_secp384r1
);
621 test_speed_ec_inner("EC i31 P-521", &br_ec_prime_i31
, &br_secp521r1
);
625 test_speed_ecdsa_inner(const char *name
,
626 const br_ec_impl
*impl
, const br_ec_curve_def
*cd
,
627 br_ecdsa_sign sign
, br_ecdsa_vrfy vrfy
)
629 unsigned char bx
[80], U
[160], hv
[32], sig
[160];
630 uint32_t x
[22], n
[22];
631 size_t nlen
, ulen
, sig_len
;
634 br_ec_private_key sk
;
637 nlen
= cd
->order_len
;
638 br_i31_decode(n
, cd
->order
, nlen
);
639 memset(bx
, 'T', sizeof bx
);
640 br_i31_decode_reduce(x
, bx
, sizeof bx
, n
);
641 br_i31_encode(bx
, nlen
, x
);
642 ulen
= cd
->generator_len
;
643 memcpy(U
, cd
->generator
, ulen
);
644 impl
->mul(U
, ulen
, bx
, nlen
, cd
->curve
);
645 sk
.curve
= cd
->curve
;
648 pk
.curve
= cd
->curve
;
652 memset(hv
, 'H', sizeof hv
);
653 sig_len
= sign(impl
, &br_sha256_vtable
, hv
, &sk
, sig
);
654 if (vrfy(impl
, hv
, sizeof hv
, &pk
, sig
, sig_len
) != 1) {
655 fprintf(stderr
, "self-test sign/verify failed\n");
659 for (i
= 0; i
< 10; i
++) {
661 sign(impl
, &br_sha256_vtable
, hv
, &sk
, sig
);
662 vrfy(impl
, hv
, sizeof hv
, &pk
, sig
, sig_len
);
672 for (k
= num
; k
> 0; k
--) {
674 sig_len
= sign(impl
, &br_sha256_vtable
, hv
, &sk
, sig
);
677 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
679 printf("%-30s %8.2f sign/s\n", name
,
694 for (k
= num
; k
> 0; k
--) {
695 vrfy(impl
, hv
, sizeof hv
, &pk
, sig
, sig_len
);
698 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
700 printf("%-30s %8.2f verify/s\n", name
,
710 test_speed_ecdsa_i31(void)
712 test_speed_ecdsa_inner("ECDSA i31 P-256",
713 &br_ec_prime_i31
, &br_secp256r1
,
714 &br_ecdsa_i31_sign_asn1
,
715 &br_ecdsa_i31_vrfy_asn1
);
716 test_speed_ecdsa_inner("ECDSA i31 P-384",
717 &br_ec_prime_i31
, &br_secp384r1
,
718 &br_ecdsa_i31_sign_asn1
,
719 &br_ecdsa_i31_vrfy_asn1
);
720 test_speed_ecdsa_inner("ECDSA i31 P-521",
721 &br_ec_prime_i31
, &br_secp521r1
,
722 &br_ecdsa_i31_sign_asn1
,
723 &br_ecdsa_i31_vrfy_asn1
);
729 test_speed_ec_prime_i31_inner(const char *name
,
730 const unsigned char *bg
, const br_ec_prime_i31_curve
*cc
)
732 unsigned char bx
[80], point
[160];
733 uint32_t x
[BR_EC_I31_LEN
];
734 br_ec_prime_i31_jacobian P
;
742 plen
= (xbl
+ 7) >> 3;
743 memset(bx
, 'T', sizeof bx
);
744 br_i31_decode_reduce(x
, bx
, sizeof bx
, cc
->p
);
745 br_i31_encode(bx
, plen
, x
);
746 br_ec_prime_i31_decode(&P
, bg
, 1 + (plen
<< 1), cc
);
747 for (i
= 0; i
< 10; i
++) {
748 br_ec_prime_i31_mul(&P
, bx
, plen
, cc
);
749 br_ec_prime_i31_encode(point
, &P
, cc
);
758 for (k
= num
; k
> 0; k
--) {
759 br_ec_prime_i31_mul(&P
, bx
, plen
, cc
);
760 br_ec_prime_i31_encode(point
, &P
, cc
);
763 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
765 printf("%-30s %8.2f mul/s\n", name
,
775 test_speed_ec_prime_i31(void)
777 test_speed_ec_prime_i31_inner("EC i31 P-256",
778 br_g_secp256r1
, &br_ec_prime_i31_secp256r1
);
779 test_speed_ec_prime_i31_inner("EC i31 P-384",
780 br_g_secp384r1
, &br_ec_prime_i31_secp384r1
);
781 test_speed_ec_prime_i31_inner("EC i31 P-521",
782 br_g_secp521r1
, &br_ec_prime_i31_secp521r1
);
786 test_speed_ec_prime_i32_inner(const char *name
,
787 const unsigned char *bg
, const br_ec_prime_i32_curve
*cc
)
789 unsigned char bx
[80], point
[160];
790 uint32_t x
[BR_EC_I32_LEN
];
791 br_ec_prime_i32_jacobian P
;
796 plen
= (cc
->p
[0] + 7) >> 3;
797 memset(bx
, 'T', sizeof bx
);
798 br_i32_decode_reduce(x
, bx
, sizeof bx
, cc
->p
);
799 br_i32_encode(bx
, plen
, x
);
800 br_ec_prime_i32_decode(&P
, bg
, 1 + (plen
<< 1), cc
);
801 for (i
= 0; i
< 10; i
++) {
802 br_ec_prime_i32_mul(&P
, bx
, plen
, cc
);
803 br_ec_prime_i32_encode(point
, &P
, cc
);
812 for (k
= num
; k
> 0; k
--) {
813 br_ec_prime_i32_mul(&P
, bx
, plen
, cc
);
814 br_ec_prime_i32_encode(point
, &P
, cc
);
817 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
819 printf("%-30s %8.2f mul/s\n", name
,
829 test_speed_ec_prime_i32(void)
831 test_speed_ec_prime_i32_inner("EC i32 P-256",
832 br_g_secp256r1
, &br_ec_prime_i32_secp256r1
);
833 test_speed_ec_prime_i32_inner("EC i32 P-384",
834 br_g_secp384r1
, &br_ec_prime_i32_secp384r1
);
835 test_speed_ec_prime_i32_inner("EC i32 P-521",
836 br_g_secp521r1
, &br_ec_prime_i32_secp521r1
);
843 static const unsigned char bp
[] = {
844 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00,
845 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
846 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
847 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
850 unsigned char tmp
[60 + sizeof bp
];
851 uint32_t p
[10], x
[10], y
[10], z
[10], p0i
;
855 br_i31_decode(p
, bp
, sizeof bp
);
856 p0i
= br_i31_ninv31(p
[1]);
857 memset(tmp
, 'T', sizeof tmp
);
858 br_i31_decode_reduce(x
, tmp
, sizeof tmp
, p
);
859 memset(tmp
, 'U', sizeof tmp
);
860 br_i31_decode_reduce(y
, tmp
, sizeof tmp
, p
);
862 for (i
= 0; i
< 10; i
++) {
863 br_i31_to_monty(x
, p
);
872 for (k
= num
; k
> 0; k
--) {
873 br_i31_to_monty(x
, p
);
876 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
878 printf("%-30s %8.2f ops/s\n", "i31 to_monty",
886 for (i
= 0; i
< 10; i
++) {
887 br_i31_from_monty(x
, p
, p0i
);
896 for (k
= num
; k
> 0; k
--) {
897 br_i31_from_monty(x
, p
, p0i
);
900 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
902 printf("%-30s %8.2f ops/s\n", "i31 from_monty",
910 for (i
= 0; i
< 10; i
++) {
911 br_i31_montymul(z
, x
, y
, p
, p0i
);
920 for (k
= num
; k
> 0; k
--) {
921 br_i31_montymul(z
, x
, y
, p
, p0i
);
924 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
926 printf("%-30s %8.2f ops/s\n", "i31 montymul",
937 static unsigned char P2048
[] = {
938 0xFD, 0xB6, 0xE0, 0x3E, 0x00, 0x49, 0x4C, 0xF0, 0x69, 0x3A, 0xDD, 0x7D,
939 0xF8, 0xA2, 0x41, 0xB0, 0x6C, 0x67, 0xC5, 0xBA, 0xB8, 0x46, 0x80, 0xF5,
940 0xBF, 0xAB, 0x98, 0xFC, 0x84, 0x73, 0xA5, 0x63, 0xC9, 0x52, 0x12, 0xDA,
941 0x4C, 0xC1, 0x5B, 0x9D, 0x8D, 0xDF, 0xCD, 0xFE, 0xC5, 0xAD, 0x5A, 0x6F,
942 0xDD, 0x02, 0xD9, 0xEC, 0x71, 0xEF, 0xEB, 0xB6, 0x95, 0xED, 0x94, 0x25,
943 0x0E, 0x63, 0xDD, 0x6A, 0x52, 0xC7, 0x93, 0xAF, 0x85, 0x9D, 0x2C, 0xBE,
944 0x5C, 0xBE, 0x35, 0xD8, 0xDD, 0x39, 0xEF, 0x1B, 0xB1, 0x49, 0x67, 0xB2,
945 0x33, 0xC9, 0x7C, 0xE1, 0x51, 0x79, 0x51, 0x59, 0xCA, 0x6E, 0x2A, 0xDF,
946 0x0D, 0x76, 0x1C, 0xE7, 0xA5, 0xC0, 0x1E, 0x6C, 0x56, 0x3A, 0x32, 0xE5,
947 0xB5, 0xC5, 0xD4, 0xDB, 0xFE, 0xFF, 0xF8, 0xF2, 0x96, 0xA9, 0xC9, 0x65,
948 0x59, 0x9E, 0x01, 0x79, 0x9D, 0x38, 0x68, 0x0F, 0xAD, 0x43, 0x3A, 0xD6,
949 0x84, 0x0A, 0xE2, 0xEF, 0x96, 0xC1, 0x6D, 0x89, 0x74, 0x19, 0x63, 0x82,
950 0x3B, 0xA0, 0x9C, 0xBA, 0x78, 0xDE, 0xDC, 0xC2, 0xE7, 0xD4, 0xFA, 0xD6,
951 0x19, 0x21, 0x29, 0xAE, 0x5E, 0xF4, 0x38, 0x81, 0xC6, 0x9E, 0x0E, 0x3C,
952 0xCD, 0xC0, 0xDC, 0x93, 0x5D, 0xFD, 0x9A, 0x5C, 0xAB, 0x54, 0x1F, 0xFF,
953 0x9C, 0x12, 0x1B, 0x4C, 0xDF, 0x2D, 0x9C, 0x85, 0xF9, 0x68, 0x15, 0x89,
954 0x42, 0x9B, 0x6C, 0x45, 0x89, 0x3A, 0xBC, 0xE9, 0x19, 0x91, 0xBE, 0x0C,
955 0xEF, 0x90, 0xCC, 0xF6, 0xD6, 0xF0, 0x3D, 0x5C, 0xF5, 0xE5, 0x0F, 0x2F,
956 0x02, 0x8A, 0x83, 0x4B, 0x93, 0x2F, 0x14, 0x12, 0x1F, 0x56, 0x9A, 0x12,
957 0x58, 0x88, 0xAE, 0x60, 0xB8, 0x5A, 0xE4, 0xA1, 0xBF, 0x4A, 0x81, 0x84,
958 0xAB, 0xBB, 0xE4, 0xD0, 0x1D, 0x41, 0xD9, 0x0A, 0xAB, 0x1E, 0x47, 0x5B,
959 0x31, 0xAC, 0x2B, 0x73
962 static unsigned char G2048
[] = {
967 test_speed_modpow(void)
969 uint32_t mx
[65], mp
[65], me
[65], t1
[65], t2
[65], len
;
974 len
= br_int_decode(mp
, sizeof mp
/ sizeof mp
[0],
975 P2048
, sizeof P2048
);
979 memset(e
, 'P', sizeof e
);
980 if (!br_int_decode(me
, sizeof me
/ sizeof me
[0], e
, sizeof e
)) {
983 if (!br_modint_decode(mx
, mp
, G2048
, sizeof G2048
)) {
986 for (i
= 0; i
< 10; i
++) {
987 br_modint_to_monty(mx
, mp
);
988 br_modint_montypow(mx
, me
, mp
, t1
, t2
);
989 br_modint_from_monty(mx
, mp
);
998 for (k
= num
; k
> 0; k
--) {
999 br_modint_to_monty(mx
, mp
);
1000 br_modint_montypow(mx
, me
, mp
, t1
, t2
);
1001 br_modint_from_monty(mx
, mp
);
1004 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
1006 printf("%-30s %8.2f exp/s\n", "pow[2048:256]",
1016 test_speed_moddiv(void)
1018 uint32_t mx
[65], my
[65], mp
[65], t1
[65], t2
[65], t3
[65], len
;
1019 unsigned char x
[255], y
[255];
1023 len
= br_int_decode(mp
, sizeof mp
/ sizeof mp
[0],
1024 P2048
, sizeof P2048
);
1028 memset(x
, 'T', sizeof x
);
1029 memset(y
, 'P', sizeof y
);
1030 if (!br_modint_decode(mx
, mp
, x
, sizeof x
)) {
1033 if (!br_modint_decode(my
, mp
, y
, sizeof y
)) {
1036 for (i
= 0; i
< 10; i
++) {
1037 br_modint_div(mx
, my
, mp
, t1
, t2
, t3
);
1046 for (k
= num
; k
> 0; k
--) {
1047 br_modint_div(mx
, my
, mp
, t1
, t2
, t3
);
1050 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
1052 printf("%-30s %8.2f div/s\n", "div[2048]",
1062 #define STU(x) { test_speed_ ## x, #x }
1064 static const struct {
1073 STU(aes128_big_cbcenc
),
1074 STU(aes128_big_cbcdec
),
1075 STU(aes192_big_cbcenc
),
1076 STU(aes192_big_cbcdec
),
1077 STU(aes256_big_cbcenc
),
1078 STU(aes256_big_cbcdec
),
1079 STU(aes128_big_ctr
),
1080 STU(aes192_big_ctr
),
1081 STU(aes256_big_ctr
),
1083 STU(aes128_small_cbcenc
),
1084 STU(aes128_small_cbcdec
),
1085 STU(aes192_small_cbcenc
),
1086 STU(aes192_small_cbcdec
),
1087 STU(aes256_small_cbcenc
),
1088 STU(aes256_small_cbcdec
),
1089 STU(aes128_small_ctr
),
1090 STU(aes192_small_ctr
),
1091 STU(aes256_small_ctr
),
1093 STU(aes128_ct_cbcenc
),
1094 STU(aes128_ct_cbcdec
),
1095 STU(aes192_ct_cbcenc
),
1096 STU(aes192_ct_cbcdec
),
1097 STU(aes256_ct_cbcenc
),
1098 STU(aes256_ct_cbcdec
),
1103 STU(aes128_ct64_cbcenc
),
1104 STU(aes128_ct64_cbcdec
),
1105 STU(aes192_ct64_cbcenc
),
1106 STU(aes192_ct64_cbcdec
),
1107 STU(aes256_ct64_cbcenc
),
1108 STU(aes256_ct64_cbcdec
),
1109 STU(aes128_ct64_ctr
),
1110 STU(aes192_ct64_ctr
),
1111 STU(aes256_ct64_ctr
),
1113 STU(des_tab_cbcenc
),
1114 STU(des_tab_cbcdec
),
1115 STU(3des_tab_cbcenc
),
1116 STU(3des_tab_cbcdec
),
1120 STU(3des_ct_cbcenc
),
1121 STU(3des_ct_cbcdec
),
1129 STU(poly1305_ctmul
),
1140 eq_name(const char *s1
, const char *s2
)
1147 if (c1
>= 'A' && c1
<= 'Z') {
1151 case '-': case '_': case '.': case ' ':
1159 if (c2
>= 'A' && c2
<= 'Z') {
1163 case '-': case '_': case '.': case ' ':
1179 main(int argc
, char *argv
[])
1184 printf("usage: testspeed all | name...\n");
1185 printf("individual test names:\n");
1186 for (u
= 0; u
< (sizeof tfns
) / (sizeof tfns
[0]); u
++) {
1187 printf(" %s\n", tfns
[u
].name
);
1190 for (u
= 0; u
< (sizeof tfns
) / (sizeof tfns
[0]); u
++) {
1193 for (i
= 1; i
< argc
; i
++) {
1194 if (eq_name(argv
[i
], tfns
[u
].name
)
1195 || eq_name(argv
[i
], "all"))