+static void
+test_speed_ghash_pclmul(void)
+{
+ br_ghash gh;
+
+ gh = br_ghash_pclmul_get();
+ if (gh == 0) {
+ printf("%-30s UNAVAILABLE\n", "GHASH (pclmul)");
+ fflush(stdout);
+ } else {
+ test_speed_ghash_inner("GHASH (pclmul)", gh);
+ }
+}
+
+static void
+test_speed_ghash_pwr8(void)
+{
+ br_ghash gh;
+
+ gh = br_ghash_pwr8_get();
+ if (gh == 0) {
+ printf("%-30s UNAVAILABLE\n", "GHASH (pwr8)");
+ fflush(stdout);
+ } else {
+ test_speed_ghash_inner("GHASH (pwr8)", gh);
+ }
+}
+
+static uint32_t
+fake_chacha20(const void *key, const void *iv,
+ uint32_t cc, void *data, size_t len)
+{
+ (void)key;
+ (void)iv;
+ (void)data;
+ (void)len;
+ return cc + (uint32_t)((len + 63) >> 6);
+}
+
+/*
+ * To speed-test Poly1305, we run it with a do-nothing stub instead of
+ * ChaCha20.
+ */
+static void
+test_speed_poly1305_inner(char *name, br_poly1305_run pl)
+{
+ unsigned char buf[8192], key[32], iv[12], aad[13], tag[16];
+ int i;
+ long num;
+
+ memset(key, 'K', sizeof key);
+ memset(iv, 'I', sizeof iv);
+ memset(aad, 'A', sizeof aad);
+ memset(buf, 'T', sizeof buf);
+ for (i = 0; i < 10; i ++) {
+ pl(key, iv, buf, sizeof buf,
+ aad, sizeof aad, tag, &fake_chacha20, 0);
+ }
+ num = 10;
+ for (;;) {
+ clock_t begin, end;
+ double tt;
+ long k;
+
+ begin = clock();
+ for (k = num; k > 0; k --) {
+ pl(key, iv, buf, sizeof buf,
+ aad, sizeof aad, tag, &fake_chacha20, 0);
+ }
+ end = clock();
+ tt = (double)(end - begin) / CLOCKS_PER_SEC;
+ if (tt >= 2.0) {
+ printf("%-30s %8.2f MB/s\n", name,
+ ((double)sizeof buf) * (double)num
+ / (tt * 1000000.0));
+ fflush(stdout);
+ return;
+ }
+ num <<= 1;
+ }
+}
+
+static void
+test_speed_poly1305_ctmul(void)
+{
+ test_speed_poly1305_inner("Poly1305 (ctmul)", &br_poly1305_ctmul_run);
+}
+
+static void
+test_speed_poly1305_ctmul32(void)
+{
+ test_speed_poly1305_inner("Poly1305 (ctmul32)",
+ &br_poly1305_ctmul32_run);
+}
+
+static void
+test_speed_poly1305_ctmulq(void)
+{
+ br_poly1305_run bp;
+
+ bp = br_poly1305_ctmulq_get();
+ if (bp == 0) {
+ printf("%-30s UNAVAILABLE\n", "Poly1305 (ctmulq)");
+ } else {
+ test_speed_poly1305_inner("Poly1305 (ctmulq)", bp);
+ }
+}
+
+static void
+test_speed_poly1305_i15(void)
+{
+ test_speed_poly1305_inner("Poly1305 (i15)", &br_poly1305_i15_run);
+}
+
+static void
+test_speed_eax_inner(char *name,
+ const br_block_ctrcbc_class *vt, size_t key_len)
+{
+ unsigned char buf[8192], key[32], nonce[16], aad[16], tag[16];
+ int i;
+ long num;
+ br_aes_gen_ctrcbc_keys ac;
+ br_eax_context ec;
+
+ if (vt == NULL) {
+ printf("%-30s UNAVAILABLE\n", name);
+ fflush(stdout);
+ return;
+ }
+ memset(key, 'K', key_len);
+ memset(nonce, 'N', sizeof nonce);
+ memset(aad, 'A', sizeof aad);
+ memset(buf, 'T', sizeof buf);
+ for (i = 0; i < 10; i ++) {
+ vt->init(&ac.vtable, key, key_len);
+ br_eax_init(&ec, &ac.vtable);
+ br_eax_reset(&ec, nonce, sizeof nonce);
+ br_eax_aad_inject(&ec, aad, sizeof aad);
+ br_eax_flip(&ec);
+ br_eax_run(&ec, 1, buf, sizeof buf);
+ br_eax_get_tag(&ec, tag);
+ }
+ num = 10;
+ for (;;) {
+ clock_t begin, end;
+ double tt;
+ long k;
+
+ begin = clock();
+ for (k = num; k > 0; k --) {
+ vt->init(&ac.vtable, key, key_len);
+ br_eax_init(&ec, &ac.vtable);
+ br_eax_reset(&ec, nonce, sizeof nonce);
+ br_eax_aad_inject(&ec, aad, sizeof aad);
+ br_eax_flip(&ec);
+ br_eax_run(&ec, 1, buf, sizeof buf);
+ br_eax_get_tag(&ec, tag);
+ }
+ end = clock();
+ tt = (double)(end - begin) / CLOCKS_PER_SEC;
+ if (tt >= 2.0) {
+ printf("%-30s %8.2f MB/s\n", name,
+ ((double)sizeof buf) * (double)num
+ / (tt * 1000000.0));
+ fflush(stdout);
+ return;
+ }
+ num <<= 1;
+ }
+}
+
+#define SPEED_EAX(Algo, algo, keysize, impl) \
+static void \
+test_speed_eax_ ## algo ## keysize ## _ ## impl(void) \
+{ \
+ test_speed_eax_inner("EAX " #Algo "-" #keysize "(" #impl ")", \
+ br_ ## algo ## _ ## impl ## _ctrcbc_get_vtable() \
+ , (keysize) >> 3); \
+}
+
+SPEED_EAX(AES, aes, 128, big)
+SPEED_EAX(AES, aes, 128, small)
+SPEED_EAX(AES, aes, 128, ct)
+SPEED_EAX(AES, aes, 128, ct64)
+SPEED_EAX(AES, aes, 128, x86ni)
+SPEED_EAX(AES, aes, 128, pwr8)
+SPEED_EAX(AES, aes, 192, big)
+SPEED_EAX(AES, aes, 192, small)
+SPEED_EAX(AES, aes, 192, ct)
+SPEED_EAX(AES, aes, 192, ct64)
+SPEED_EAX(AES, aes, 192, x86ni)
+SPEED_EAX(AES, aes, 192, pwr8)
+SPEED_EAX(AES, aes, 256, big)
+SPEED_EAX(AES, aes, 256, small)
+SPEED_EAX(AES, aes, 256, ct)
+SPEED_EAX(AES, aes, 256, ct64)
+SPEED_EAX(AES, aes, 256, x86ni)
+SPEED_EAX(AES, aes, 256, pwr8)
+
+static void
+test_speed_shake_inner(int security_level)
+{
+ unsigned char buf[8192];
+ br_shake_context sc;
+ int i;
+ long num;
+
+ memset(buf, 'D', sizeof buf);
+ br_shake_init(&sc, security_level);
+ for (i = 0; i < 10; i ++) {
+ br_shake_inject(&sc, buf, sizeof buf);
+ }
+ num = 10;
+ for (;;) {
+ clock_t begin, end;
+ double tt;
+ long k;
+
+ begin = clock();
+ for (k = num; k > 0; k --) {
+ br_shake_inject(&sc, buf, sizeof buf);
+ }
+ end = clock();
+ tt = (double)(end - begin) / CLOCKS_PER_SEC;
+ if (tt >= 2.0) {
+ printf("SHAKE%-3d (inject) %8.2f MB/s\n",
+ security_level,
+ ((double)sizeof buf) * (double)num
+ / (tt * 1000000.0));
+ fflush(stdout);
+ break;
+ }
+ num <<= 1;
+ }
+
+ br_shake_flip(&sc);
+ for (i = 0; i < 10; i ++) {
+ br_shake_produce(&sc, buf, sizeof buf);
+ }
+
+ num = 10;
+ for (;;) {
+ clock_t begin, end;
+ double tt;
+ long k;
+
+ begin = clock();
+ for (k = num; k > 0; k --) {
+ br_shake_produce(&sc, buf, sizeof buf);
+ }
+ end = clock();
+ tt = (double)(end - begin) / CLOCKS_PER_SEC;
+ if (tt >= 2.0) {
+ printf("SHAKE%-3d (produce) %8.2f MB/s\n",
+ security_level,
+ ((double)sizeof buf) * (double)num
+ / (tt * 1000000.0));
+ fflush(stdout);
+ break;
+ }
+ num <<= 1;
+ }
+}
+
+static void
+test_speed_shake128(void)
+{
+ test_speed_shake_inner(128);
+}
+
+static void
+test_speed_shake256(void)
+{
+ test_speed_shake_inner(256);
+}
+