2 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
31 #define HASH_SIZE(cname) br_ ## cname ## _SIZE
33 #define SPEED_HASH(Name, cname) \
35 test_speed_ ## cname(void) \
37 unsigned char buf[8192]; \
38 unsigned char tmp[HASH_SIZE(cname)]; \
39 br_ ## cname ## _context mc; \
43 memset(buf, 'T', sizeof buf); \
44 for (i = 0; i < 10; i ++) { \
45 br_ ## cname ## _init(&mc); \
46 br_ ## cname ## _update(&mc, buf, sizeof buf); \
47 br_ ## cname ## _out(&mc, tmp); \
55 br_ ## cname ## _init(&mc); \
57 for (k = num; k > 0; k --) { \
58 br_ ## cname ## _update(&mc, buf, sizeof buf); \
61 br_ ## cname ## _out(&mc, tmp); \
62 tt = (double)(end - begin) / CLOCKS_PER_SEC; \
64 printf("%-30s %8.2f MB/s\n", #Name, \
65 ((double)sizeof buf) * (double)num \
66 / (tt * 1000000.0)); \
74 #define BLOCK_SIZE(cname) br_ ## cname ## _BLOCK_SIZE
76 #define SPEED_BLOCKCIPHER_CBC(Name, fname, cname, klen, dir) \
78 test_speed_ ## fname(void) \
80 unsigned char key[klen]; \
81 unsigned char buf[8192 - (8192 % BLOCK_SIZE(cname))]; \
82 unsigned char iv[BLOCK_SIZE(cname)]; \
83 const br_block_cbc ## dir ## _class *vt; \
84 br_ ## cname ## _cbc ## dir ## _keys ec; \
88 memset(key, 'T', sizeof key); \
89 memset(buf, 'P', sizeof buf); \
90 memset(iv, 'X', sizeof iv); \
91 vt = br_ ## cname ## _cbc ## dir ## _get_vtable(); \
93 printf("%-30s UNAVAILABLE\n", #Name); \
97 for (i = 0; i < 10; i ++) { \
98 vt->init(&ec.vtable, key, sizeof key); \
99 vt->run(&ec.vtable, iv, buf, sizeof buf); \
103 clock_t begin, end; \
107 vt->init(&ec.vtable, key, sizeof key); \
109 for (k = num; k > 0; k --) { \
110 vt->run(&ec.vtable, iv, buf, sizeof buf); \
113 tt = (double)(end - begin) / CLOCKS_PER_SEC; \
115 printf("%-30s %8.2f MB/s\n", #Name, \
116 ((double)sizeof buf) * (double)num \
117 / (tt * 1000000.0)); \
125 #define SPEED_BLOCKCIPHER_CTR(Name, fname, cname, klen) \
127 test_speed_ ## fname(void) \
129 unsigned char key[klen]; \
130 unsigned char buf[8192 - (8192 % BLOCK_SIZE(cname))]; \
131 unsigned char iv[BLOCK_SIZE(cname) - 4]; \
132 const br_block_ctr_class *vt; \
133 br_ ## cname ## _ctr_keys ec; \
137 memset(key, 'T', sizeof key); \
138 memset(buf, 'P', sizeof buf); \
139 memset(iv, 'X', sizeof iv); \
140 vt = br_ ## cname ## _ctr_get_vtable(); \
142 printf("%-30s UNAVAILABLE\n", #Name); \
146 for (i = 0; i < 10; i ++) { \
147 vt->init(&ec.vtable, key, sizeof key); \
148 vt->run(&ec.vtable, iv, 1, buf, sizeof buf); \
152 clock_t begin, end; \
156 vt->init(&ec.vtable, key, sizeof key); \
158 for (k = num; k > 0; k --) { \
159 vt->run(&ec.vtable, iv, 1, buf, sizeof buf); \
162 tt = (double)(end - begin) / CLOCKS_PER_SEC; \
164 printf("%-30s %8.2f MB/s\n", #Name, \
165 ((double)sizeof buf) * (double)num \
166 / (tt * 1000000.0)); \
174 #define SPEED_CHACHA20(Name, fname) \
176 test_speed_ ## fname(void) \
178 br_chacha20_run bc; \
179 unsigned char key[32]; \
180 unsigned char buf[8192]; \
181 unsigned char iv[12]; \
185 bc = br_ ## fname ## _get(); \
187 printf("%-30s UNAVAILABLE\n", #Name); \
191 memset(key, 'T', sizeof key); \
192 memset(buf, 'P', sizeof buf); \
193 memset(iv, 'X', sizeof iv); \
194 for (i = 0; i < 10; i ++) { \
195 bc(key, iv, i, buf, sizeof buf); \
199 clock_t begin, end; \
204 for (k = num; k > 0; k --) { \
205 bc(key, iv, (uint32_t)k, buf, sizeof buf); \
208 tt = (double)(end - begin) / CLOCKS_PER_SEC; \
210 printf("%-30s %8.2f MB/s\n", #Name, \
211 ((double)sizeof buf) * (double)num \
212 / (tt * 1000000.0)); \
221 SPEED_HASH(SHA
-1, sha1
)
222 SPEED_HASH(SHA
-256, sha256
)
223 SPEED_HASH(SHA
-512, sha512
)
226 * There are no vtable selection functions for the portable implementations,
227 * so we define some custom macros.
229 #define br_aes_big_cbcenc_get_vtable() (&br_aes_big_cbcenc_vtable)
230 #define br_aes_big_cbcdec_get_vtable() (&br_aes_big_cbcdec_vtable)
231 #define br_aes_big_ctr_get_vtable() (&br_aes_big_ctr_vtable)
232 #define br_aes_big_ctrcbc_get_vtable() (&br_aes_big_ctrcbc_vtable)
233 #define br_aes_small_cbcenc_get_vtable() (&br_aes_small_cbcenc_vtable)
234 #define br_aes_small_cbcdec_get_vtable() (&br_aes_small_cbcdec_vtable)
235 #define br_aes_small_ctr_get_vtable() (&br_aes_small_ctr_vtable)
236 #define br_aes_small_ctrcbc_get_vtable() (&br_aes_small_ctrcbc_vtable)
237 #define br_aes_ct_cbcenc_get_vtable() (&br_aes_ct_cbcenc_vtable)
238 #define br_aes_ct_cbcdec_get_vtable() (&br_aes_ct_cbcdec_vtable)
239 #define br_aes_ct_ctr_get_vtable() (&br_aes_ct_ctr_vtable)
240 #define br_aes_ct_ctrcbc_get_vtable() (&br_aes_ct_ctrcbc_vtable)
241 #define br_aes_ct64_cbcenc_get_vtable() (&br_aes_ct64_cbcenc_vtable)
242 #define br_aes_ct64_cbcdec_get_vtable() (&br_aes_ct64_cbcdec_vtable)
243 #define br_aes_ct64_ctr_get_vtable() (&br_aes_ct64_ctr_vtable)
244 #define br_aes_ct64_ctrcbc_get_vtable() (&br_aes_ct64_ctrcbc_vtable)
245 #define br_chacha20_ct_get() (&br_chacha20_ct_run)
247 #define SPEED_AES(iname) \
248 SPEED_BLOCKCIPHER_CBC(AES-128 CBC encrypt (iname), aes128_ ## iname ## _cbcenc, aes_ ## iname, 16, enc) \
249 SPEED_BLOCKCIPHER_CBC(AES-128 CBC decrypt (iname), aes128_ ## iname ## _cbcdec, aes_ ## iname, 16, dec) \
250 SPEED_BLOCKCIPHER_CBC(AES-192 CBC encrypt (iname), aes192_ ## iname ## _cbcenc, aes_ ## iname, 24, enc) \
251 SPEED_BLOCKCIPHER_CBC(AES-192 CBC decrypt (iname), aes192_ ## iname ## _cbcdec, aes_ ## iname, 24, dec) \
252 SPEED_BLOCKCIPHER_CBC(AES-256 CBC encrypt (iname), aes256_ ## iname ## _cbcenc, aes_ ## iname, 32, enc) \
253 SPEED_BLOCKCIPHER_CBC(AES-256 CBC decrypt (iname), aes256_ ## iname ## _cbcdec, aes_ ## iname, 32, dec) \
254 SPEED_BLOCKCIPHER_CTR(AES-128 CTR (iname), aes128_ ## iname ## _ctr, aes_ ## iname, 16) \
255 SPEED_BLOCKCIPHER_CTR(AES-192 CTR (iname), aes192_ ## iname ## _ctr, aes_ ## iname, 24) \
256 SPEED_BLOCKCIPHER_CTR(AES-256 CTR (iname), aes256_ ## iname ## _ctr, aes_ ## iname, 32)
265 #define br_des_tab_cbcenc_get_vtable() (&br_des_tab_cbcenc_vtable)
266 #define br_des_tab_cbcdec_get_vtable() (&br_des_tab_cbcdec_vtable)
267 #define br_des_ct_cbcenc_get_vtable() (&br_des_ct_cbcenc_vtable)
268 #define br_des_ct_cbcdec_get_vtable() (&br_des_ct_cbcdec_vtable)
270 #define SPEED_DES(iname) \
271 SPEED_BLOCKCIPHER_CBC(DES CBC encrypt (iname), des_ ## iname ## _cbcenc, des_ ## iname, 8, enc) \
272 SPEED_BLOCKCIPHER_CBC(DES CBC decrypt (iname), des_ ## iname ## _cbcdec, des_ ## iname, 8, dec) \
273 SPEED_BLOCKCIPHER_CBC(3DES CBC encrypt (iname), 3des_ ## iname ## _cbcenc, des_ ## iname, 24, enc) \
274 SPEED_BLOCKCIPHER_CBC(3DES CBC decrypt (iname), 3des_ ## iname ## _cbcdec, des_ ## iname, 24, dec)
279 SPEED_CHACHA20(ChaCha20 (ct
), chacha20_ct
)
280 SPEED_CHACHA20(ChaCha20 (sse2
), chacha20_sse2
)
283 test_speed_ghash_inner(char *name
, br_ghash gh
)
285 unsigned char buf
[8192], h
[16], y
[16];
289 memset(buf
, 'T', sizeof buf
);
290 memset(h
, 'P', sizeof h
);
291 memset(y
, 0, sizeof y
);
292 for (i
= 0; i
< 10; i
++) {
293 gh(y
, h
, buf
, sizeof buf
);
302 for (k
= num
; k
> 0; k
--) {
303 gh(y
, h
, buf
, sizeof buf
);
306 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
308 printf("%-30s %8.2f MB/s\n", name
,
309 ((double)sizeof buf
) * (double)num
319 test_speed_ghash_ctmul(void)
321 test_speed_ghash_inner("GHASH (ctmul)", &br_ghash_ctmul
);
325 test_speed_ghash_ctmul32(void)
327 test_speed_ghash_inner("GHASH (ctmul32)", &br_ghash_ctmul32
);
331 test_speed_ghash_ctmul64(void)
333 test_speed_ghash_inner("GHASH (ctmul64)", &br_ghash_ctmul64
);
337 test_speed_ghash_pclmul(void)
341 gh
= br_ghash_pclmul_get();
343 printf("%-30s UNAVAILABLE\n", "GHASH (pclmul)");
346 test_speed_ghash_inner("GHASH (pclmul)", gh
);
351 test_speed_ghash_pwr8(void)
355 gh
= br_ghash_pwr8_get();
357 printf("%-30s UNAVAILABLE\n", "GHASH (pwr8)");
360 test_speed_ghash_inner("GHASH (pwr8)", gh
);
365 fake_chacha20(const void *key
, const void *iv
,
366 uint32_t cc
, void *data
, size_t len
)
372 return cc
+ (uint32_t)((len
+ 63) >> 6);
376 * To speed-test Poly1305, we run it with a do-nothing stub instead of
380 test_speed_poly1305_inner(char *name
, br_poly1305_run pl
)
382 unsigned char buf
[8192], key
[32], iv
[12], aad
[13], tag
[16];
386 memset(key
, 'K', sizeof key
);
387 memset(iv
, 'I', sizeof iv
);
388 memset(aad
, 'A', sizeof aad
);
389 memset(buf
, 'T', sizeof buf
);
390 for (i
= 0; i
< 10; i
++) {
391 pl(key
, iv
, buf
, sizeof buf
,
392 aad
, sizeof aad
, tag
, &fake_chacha20
, 0);
401 for (k
= num
; k
> 0; k
--) {
402 pl(key
, iv
, buf
, sizeof buf
,
403 aad
, sizeof aad
, tag
, &fake_chacha20
, 0);
406 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
408 printf("%-30s %8.2f MB/s\n", name
,
409 ((double)sizeof buf
) * (double)num
419 test_speed_poly1305_ctmul(void)
421 test_speed_poly1305_inner("Poly1305 (ctmul)", &br_poly1305_ctmul_run
);
425 test_speed_poly1305_ctmul32(void)
427 test_speed_poly1305_inner("Poly1305 (ctmul32)",
428 &br_poly1305_ctmul32_run
);
432 test_speed_poly1305_ctmulq(void)
436 bp
= br_poly1305_ctmulq_get();
438 printf("%-30s UNAVAILABLE\n", "Poly1305 (ctmulq)");
440 test_speed_poly1305_inner("Poly1305 (ctmulq)", bp
);
445 test_speed_poly1305_i15(void)
447 test_speed_poly1305_inner("Poly1305 (i15)", &br_poly1305_i15_run
);
451 test_speed_eax_inner(char *name
,
452 const br_block_ctrcbc_class
*vt
, size_t key_len
)
454 unsigned char buf
[8192], key
[32], nonce
[16], aad
[16], tag
[16];
457 br_aes_gen_ctrcbc_keys ac
;
461 printf("%-30s UNAVAILABLE\n", name
);
465 memset(key
, 'K', key_len
);
466 memset(nonce
, 'N', sizeof nonce
);
467 memset(aad
, 'A', sizeof aad
);
468 memset(buf
, 'T', sizeof buf
);
469 for (i
= 0; i
< 10; i
++) {
470 vt
->init(&ac
.vtable
, key
, key_len
);
471 br_eax_init(&ec
, &ac
.vtable
);
472 br_eax_reset(&ec
, nonce
, sizeof nonce
);
473 br_eax_aad_inject(&ec
, aad
, sizeof aad
);
475 br_eax_run(&ec
, 1, buf
, sizeof buf
);
476 br_eax_get_tag(&ec
, tag
);
485 for (k
= num
; k
> 0; k
--) {
486 vt
->init(&ac
.vtable
, key
, key_len
);
487 br_eax_init(&ec
, &ac
.vtable
);
488 br_eax_reset(&ec
, nonce
, sizeof nonce
);
489 br_eax_aad_inject(&ec
, aad
, sizeof aad
);
491 br_eax_run(&ec
, 1, buf
, sizeof buf
);
492 br_eax_get_tag(&ec
, tag
);
495 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
497 printf("%-30s %8.2f MB/s\n", name
,
498 ((double)sizeof buf
) * (double)num
507 #define SPEED_EAX(Algo, algo, keysize, impl) \
509 test_speed_eax_ ## algo ## keysize ## _ ## impl(void) \
511 test_speed_eax_inner("EAX " #Algo "-" #keysize "(" #impl ")", \
512 br_ ## algo ## _ ## impl ## _ctrcbc_get_vtable() \
516 SPEED_EAX(AES
, aes
, 128, big
)
517 SPEED_EAX(AES
, aes
, 128, small
)
518 SPEED_EAX(AES
, aes
, 128, ct
)
519 SPEED_EAX(AES
, aes
, 128, ct64
)
520 SPEED_EAX(AES
, aes
, 128, x86ni
)
521 SPEED_EAX(AES
, aes
, 192, big
)
522 SPEED_EAX(AES
, aes
, 192, small
)
523 SPEED_EAX(AES
, aes
, 192, ct
)
524 SPEED_EAX(AES
, aes
, 192, ct64
)
525 SPEED_EAX(AES
, aes
, 192, x86ni
)
526 SPEED_EAX(AES
, aes
, 256, big
)
527 SPEED_EAX(AES
, aes
, 256, small
)
528 SPEED_EAX(AES
, aes
, 256, ct
)
529 SPEED_EAX(AES
, aes
, 256, ct64
)
530 SPEED_EAX(AES
, aes
, 256, x86ni
)
532 static const unsigned char RSA_N
[] = {
533 0xE9, 0xF2, 0x4A, 0x2F, 0x96, 0xDF, 0x0A, 0x23,
534 0x01, 0x85, 0xF1, 0x2C, 0xB2, 0xA8, 0xEF, 0x23,
535 0xCE, 0x2E, 0xB0, 0x4E, 0x18, 0x31, 0x95, 0x5B,
536 0x98, 0x2D, 0x9B, 0x8C, 0xE3, 0x1A, 0x2B, 0x96,
537 0xB5, 0xC7, 0xEE, 0xED, 0x72, 0x43, 0x2D, 0xFE,
538 0x7F, 0x61, 0x33, 0xEA, 0x14, 0xFC, 0xDE, 0x80,
539 0x17, 0x42, 0xF0, 0xF3, 0xC3, 0xC7, 0x89, 0x47,
540 0x76, 0x5B, 0xFA, 0x33, 0xC4, 0x8C, 0x94, 0xDE,
541 0x6A, 0x75, 0xD8, 0x1A, 0xF4, 0x49, 0xBC, 0xF3,
542 0xB7, 0x9E, 0x2C, 0x8D, 0xEC, 0x5A, 0xEE, 0xBF,
543 0x4B, 0x5A, 0x7F, 0xEF, 0x21, 0x39, 0xDB, 0x1D,
544 0x83, 0x5E, 0x7E, 0x2F, 0xAA, 0x5E, 0xBA, 0x28,
545 0xC3, 0xA2, 0x53, 0x19, 0xFB, 0x2F, 0x78, 0x6B,
546 0x14, 0x60, 0x49, 0x3C, 0xCC, 0x1B, 0xE9, 0x1E,
547 0x3D, 0x10, 0xA4, 0xEB, 0x7F, 0x66, 0x98, 0xF6,
548 0xC3, 0xAC, 0x35, 0xF5, 0x01, 0x84, 0xFF, 0x7D,
549 0x1F, 0x72, 0xBE, 0xB4, 0xD1, 0x89, 0xC8, 0xDD,
550 0x44, 0xE7, 0xB5, 0x2E, 0x2C, 0xE1, 0x85, 0xF5,
551 0x15, 0x50, 0xA9, 0x08, 0xC7, 0x67, 0xD9, 0x2B,
552 0x6C, 0x11, 0xB3, 0xEB, 0x28, 0x8D, 0xF4, 0xCC,
553 0xE3, 0xC3, 0xC5, 0x04, 0x0E, 0x7C, 0x8D, 0xDB,
554 0x39, 0x06, 0x6A, 0x74, 0x75, 0xDF, 0xA8, 0x0F,
555 0xDA, 0x67, 0x5A, 0x73, 0x1E, 0xFD, 0x8E, 0x4C,
556 0xEE, 0x17, 0xEE, 0x1E, 0x67, 0xDB, 0x98, 0x70,
557 0x60, 0xF7, 0xB9, 0xB5, 0x1F, 0x19, 0x93, 0xD6,
558 0x3F, 0x2F, 0x1F, 0xB6, 0x5B, 0x59, 0xAA, 0x85,
559 0xBB, 0x25, 0xE4, 0x13, 0xEF, 0xE7, 0xB9, 0x87,
560 0x9C, 0x3F, 0x5E, 0xE4, 0x08, 0xA3, 0x51, 0xCF,
561 0x8B, 0xAD, 0xF4, 0xE6, 0x1A, 0x5F, 0x51, 0xDD,
562 0xA8, 0xBE, 0xE8, 0xD1, 0x20, 0x19, 0x61, 0x6C,
563 0x18, 0xAB, 0xCA, 0x0A, 0xD9, 0x82, 0xA6, 0x94,
564 0xD5, 0x69, 0x2A, 0xF6, 0x43, 0x66, 0x31, 0x09
567 static const unsigned char RSA_E
[] = {
571 static const unsigned char RSA_P
[] = {
572 0xFD, 0x39, 0x40, 0x56, 0x20, 0x80, 0xC5, 0x81,
573 0x4C, 0x5F, 0x0C, 0x1A, 0x52, 0x84, 0x03, 0x2F,
574 0xCE, 0x82, 0xB0, 0xD8, 0x30, 0x23, 0x7F, 0x77,
575 0x45, 0xC2, 0x01, 0xC4, 0x68, 0x96, 0x0D, 0xA7,
576 0x22, 0xA9, 0x6C, 0xA9, 0x1A, 0x33, 0xE5, 0x2F,
577 0xB5, 0x07, 0x9A, 0xF9, 0xEA, 0x33, 0xA5, 0xC8,
578 0x96, 0x60, 0x6A, 0xCA, 0xEB, 0xE5, 0x6E, 0x09,
579 0x46, 0x7E, 0x2D, 0xEF, 0x93, 0x7D, 0x56, 0xED,
580 0x75, 0x70, 0x3B, 0x96, 0xC4, 0xD5, 0xDB, 0x0B,
581 0x3F, 0x69, 0xDF, 0x06, 0x18, 0x76, 0xF4, 0xCF,
582 0xF8, 0x84, 0x22, 0xDF, 0xBD, 0x71, 0x62, 0x7B,
583 0x67, 0x99, 0xBC, 0x09, 0x95, 0x54, 0xA4, 0x98,
584 0x83, 0xF5, 0xA9, 0xCF, 0x09, 0xA5, 0x1F, 0x61,
585 0x25, 0xB4, 0x70, 0x6C, 0x91, 0xB8, 0xB3, 0xD0,
586 0xCE, 0x9C, 0x45, 0x65, 0x9B, 0xEF, 0xD4, 0x70,
587 0xBE, 0x86, 0xD2, 0x98, 0x5D, 0xEB, 0xE3, 0xFF
590 static const unsigned char RSA_Q
[] = {
591 0xEC, 0x82, 0xEE, 0x63, 0x5F, 0x40, 0x52, 0xDB,
592 0x38, 0x7A, 0x37, 0x6A, 0x54, 0x5B, 0xD9, 0xA0,
593 0x73, 0xB4, 0xBB, 0x52, 0xB2, 0x84, 0x07, 0xD0,
594 0xCC, 0x82, 0x0D, 0x20, 0xB3, 0xFA, 0xD5, 0xB6,
595 0x25, 0x92, 0x35, 0x4D, 0xB4, 0xC7, 0x36, 0x48,
596 0xCE, 0x5E, 0x21, 0x4A, 0xA6, 0x74, 0x65, 0xF4,
597 0x7D, 0x1D, 0xBC, 0x3B, 0xE2, 0xF4, 0x3E, 0x11,
598 0x58, 0x10, 0x6C, 0x04, 0x46, 0x9E, 0x8D, 0x57,
599 0xE0, 0x04, 0xE2, 0xEC, 0x47, 0xCF, 0xB3, 0x2A,
600 0xFD, 0x4C, 0x55, 0x18, 0xDB, 0xDE, 0x3B, 0xDC,
601 0xF4, 0x5B, 0xDA, 0xF3, 0x1A, 0xC8, 0x41, 0x6F,
602 0x73, 0x3B, 0xFE, 0x3C, 0xA0, 0xDB, 0xBA, 0x6E,
603 0x65, 0xA5, 0xE8, 0x02, 0xA5, 0x6C, 0xEA, 0x03,
604 0xF6, 0x99, 0xF7, 0xCB, 0x4B, 0xB7, 0x11, 0x51,
605 0x93, 0x88, 0x3F, 0xF9, 0x06, 0x85, 0xA9, 0x1E,
606 0xCA, 0x64, 0xF8, 0x11, 0xA5, 0x1A, 0xCA, 0xF7
609 static const unsigned char RSA_DP
[] = {
610 0x77, 0x95, 0xE0, 0x02, 0x4C, 0x9B, 0x43, 0xAA,
611 0xCA, 0x4C, 0x60, 0xC4, 0xD5, 0x8F, 0x2E, 0x8A,
612 0x17, 0x36, 0xB5, 0x19, 0x83, 0xB2, 0x5F, 0xF2,
613 0x0D, 0xE9, 0x8F, 0x38, 0x18, 0x44, 0x34, 0xF2,
614 0x67, 0x76, 0x27, 0xB0, 0xBC, 0x85, 0x21, 0x89,
615 0x24, 0x2F, 0x11, 0x4B, 0x51, 0x05, 0x4F, 0x17,
616 0xA9, 0x9C, 0xA3, 0x12, 0x6D, 0xD1, 0x0D, 0xE4,
617 0x27, 0x7C, 0x53, 0x69, 0x3E, 0xF8, 0x04, 0x63,
618 0x64, 0x00, 0xBA, 0xC3, 0x7A, 0xF5, 0x9B, 0xDA,
619 0x75, 0xFA, 0x23, 0xAF, 0x17, 0x42, 0xA6, 0x5E,
620 0xC8, 0xF8, 0x6E, 0x17, 0xC7, 0xB9, 0x92, 0x4E,
621 0xC1, 0x20, 0x63, 0x23, 0x0B, 0x78, 0xCB, 0xBA,
622 0x93, 0x27, 0x23, 0x28, 0x79, 0x5F, 0x97, 0xB0,
623 0x23, 0x44, 0x51, 0x8B, 0x94, 0x4D, 0xEB, 0xED,
624 0x82, 0x85, 0x5E, 0x68, 0x9B, 0xF9, 0xE9, 0x13,
625 0xCD, 0x86, 0x92, 0x52, 0x0E, 0x98, 0xE6, 0x35
628 static const unsigned char RSA_DQ
[] = {
629 0xD8, 0xDD, 0x71, 0xB3, 0x62, 0xBA, 0xBB, 0x7E,
630 0xD1, 0xF9, 0x96, 0xE8, 0x83, 0xB3, 0xB9, 0x08,
631 0x9C, 0x30, 0x03, 0x77, 0xDF, 0xC2, 0x9A, 0xDC,
632 0x05, 0x39, 0xD6, 0xC9, 0xBE, 0xDE, 0x68, 0xA9,
633 0xDD, 0x27, 0x84, 0x82, 0xDD, 0x19, 0xB1, 0x97,
634 0xEE, 0xCA, 0x77, 0x22, 0x59, 0x20, 0xEF, 0xFF,
635 0xCF, 0xDD, 0xBD, 0x24, 0xF8, 0x84, 0xD6, 0x88,
636 0xD6, 0xC4, 0x30, 0x17, 0x77, 0x9D, 0x98, 0xA3,
637 0x14, 0x01, 0xC7, 0x05, 0xBB, 0x0F, 0x23, 0x0D,
638 0x6F, 0x37, 0x57, 0xEC, 0x34, 0x67, 0x41, 0x62,
639 0xE8, 0x19, 0x75, 0xD9, 0x66, 0x1C, 0x6B, 0x8B,
640 0xC3, 0x11, 0x26, 0x9C, 0xF7, 0x2E, 0xA3, 0x72,
641 0xE8, 0xF7, 0xC8, 0x96, 0xEC, 0x92, 0xC2, 0xBD,
642 0xA1, 0x98, 0x2A, 0x93, 0x99, 0xB8, 0xA2, 0x43,
643 0xB7, 0xD0, 0xBE, 0x40, 0x1C, 0x8F, 0xE0, 0xB4,
644 0x20, 0x07, 0x97, 0x43, 0xAE, 0xAD, 0xB3, 0x9F
647 static const unsigned char RSA_IQ
[] = {
648 0xB7, 0xE2, 0x60, 0xA9, 0x62, 0xEC, 0xEC, 0x0B,
649 0x57, 0x02, 0x96, 0xF9, 0x36, 0x35, 0x2C, 0x37,
650 0xAF, 0xC2, 0xEE, 0x71, 0x49, 0x26, 0x8E, 0x0F,
651 0x27, 0xB1, 0xFA, 0x0F, 0xEA, 0xDC, 0xF0, 0x8B,
652 0x53, 0x6C, 0xB2, 0x46, 0x27, 0xCD, 0x29, 0xA2,
653 0x35, 0x0F, 0x5D, 0x8A, 0x3F, 0x20, 0x8C, 0x13,
654 0x3D, 0xA1, 0xFF, 0x85, 0x91, 0x99, 0xE8, 0x50,
655 0xED, 0xF1, 0x29, 0x00, 0xEE, 0x24, 0x90, 0xB5,
656 0x5F, 0x3A, 0x74, 0x26, 0xD7, 0xA2, 0x24, 0x8D,
657 0x89, 0x88, 0xD8, 0x35, 0x22, 0x22, 0x8A, 0x66,
658 0x5D, 0x5C, 0xDE, 0x83, 0x8C, 0xFA, 0x27, 0xE6,
659 0xB9, 0xEB, 0x72, 0x08, 0xCD, 0x53, 0x4B, 0x93,
660 0x0F, 0xAD, 0xC3, 0xF8, 0x7C, 0xFE, 0x84, 0xD7,
661 0x08, 0xF3, 0xBE, 0x3D, 0x60, 0x1E, 0x95, 0x8D,
662 0x44, 0x5B, 0x65, 0x7E, 0xC1, 0x30, 0xC3, 0x84,
663 0xC0, 0xB0, 0xFE, 0xBF, 0x28, 0x54, 0x1E, 0xC4
666 static const br_rsa_public_key RSA_PK
= {
667 (void *)RSA_N
, sizeof RSA_N
,
668 (void *)RSA_E
, sizeof RSA_E
671 static const br_rsa_private_key RSA_SK
= {
673 (void *)RSA_P
, sizeof RSA_P
,
674 (void *)RSA_Q
, sizeof RSA_Q
,
675 (void *)RSA_DP
, sizeof RSA_DP
,
676 (void *)RSA_DQ
, sizeof RSA_DQ
,
677 (void *)RSA_IQ
, sizeof RSA_IQ
681 test_speed_rsa_inner(char *name
,
682 br_rsa_public fpub
, br_rsa_private fpriv
, br_rsa_keygen kgen
)
684 unsigned char tmp
[sizeof RSA_N
];
687 br_hmac_drbg_context rng
;
689 memset(tmp
, 'R', sizeof tmp
);
691 for (i
= 0; i
< 10; i
++) {
692 if (!fpriv(tmp
, &RSA_SK
)) {
703 for (k
= num
; k
> 0; k
--) {
707 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
709 printf("%-30s %8.2f priv/s\n", name
,
716 for (i
= 0; i
< 10; i
++) {
717 if (!fpub(tmp
, sizeof tmp
, &RSA_PK
)) {
728 for (k
= num
; k
> 0; k
--) {
729 fpub(tmp
, sizeof tmp
, &RSA_PK
);
732 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
734 printf("%-30s %8.2f pub/s\n", name
,
743 printf("%-30s KEYGEN UNAVAILABLE\n", name
);
747 br_hmac_drbg_init(&rng
, &br_sha256_vtable
, "RSA keygen seed", 15);
756 for (k
= num
; k
> 0; k
--) {
757 br_rsa_private_key sk
;
758 unsigned char kbuf
[BR_RSA_KBUF_PRIV_SIZE(1024)];
760 kgen(&rng
.vtable
, &sk
, kbuf
, NULL
, NULL
, 1024, 0);
763 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
765 printf("%-30s %8.2f kgen[1024]/s\n", name
,
780 for (k
= num
; k
> 0; k
--) {
781 br_rsa_private_key sk
;
782 unsigned char kbuf
[BR_RSA_KBUF_PRIV_SIZE(2048)];
784 kgen(&rng
.vtable
, &sk
, kbuf
, NULL
, NULL
, 2048, 0);
787 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
789 printf("%-30s %8.2f kgen[2048]/s\n", name
,
799 test_speed_rsa_i15(void)
801 test_speed_rsa_inner("RSA i15",
802 &br_rsa_i15_public
, &br_rsa_i15_private
, &br_rsa_i15_keygen
);
806 test_speed_rsa_i31(void)
808 test_speed_rsa_inner("RSA i31",
809 &br_rsa_i31_public
, &br_rsa_i31_private
, &br_rsa_i31_keygen
);
813 test_speed_rsa_i32(void)
815 test_speed_rsa_inner("RSA i32",
816 &br_rsa_i32_public
, &br_rsa_i32_private
, 0);
820 test_speed_rsa_i62(void)
826 pub
= br_rsa_i62_public_get();
827 priv
= br_rsa_i62_private_get();
828 kgen
= br_rsa_i62_keygen_get();
830 test_speed_rsa_inner("RSA i62", pub
, priv
, kgen
);
832 printf("%-30s UNAVAILABLE\n", "RSA i62");
837 test_speed_ec_inner_1(const char *name
,
838 const br_ec_impl
*impl
, const br_ec_curve_def
*cd
)
840 unsigned char bx
[80], U
[160];
841 uint32_t x
[22], n
[22];
846 nlen
= cd
->order_len
;
847 br_i31_decode(n
, cd
->order
, nlen
);
848 memset(bx
, 'T', sizeof bx
);
849 br_i31_decode_reduce(x
, bx
, sizeof bx
, n
);
850 br_i31_encode(bx
, nlen
, x
);
851 ulen
= cd
->generator_len
;
852 memcpy(U
, cd
->generator
, ulen
);
853 for (i
= 0; i
< 10; i
++) {
854 impl
->mul(U
, ulen
, bx
, nlen
, cd
->curve
);
863 for (k
= num
; k
> 0; k
--) {
864 impl
->mul(U
, ulen
, bx
, nlen
, cd
->curve
);
867 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
869 printf("%-30s %8.2f mul/s\n", name
,
879 test_speed_ec_inner_2(const char *name
,
880 const br_ec_impl
*impl
, const br_ec_curve_def
*cd
)
882 unsigned char bx
[80], U
[160];
883 uint32_t x
[22], n
[22];
888 nlen
= cd
->order_len
;
889 br_i31_decode(n
, cd
->order
, nlen
);
890 memset(bx
, 'T', sizeof bx
);
891 br_i31_decode_reduce(x
, bx
, sizeof bx
, n
);
892 br_i31_encode(bx
, nlen
, x
);
893 for (i
= 0; i
< 10; i
++) {
894 impl
->mulgen(U
, bx
, nlen
, cd
->curve
);
903 for (k
= num
; k
> 0; k
--) {
904 impl
->mulgen(U
, bx
, nlen
, cd
->curve
);
907 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
909 printf("%-30s %8.2f mul/s\n", name
,
919 test_speed_ec_inner(const char *name
,
920 const br_ec_impl
*impl
, const br_ec_curve_def
*cd
)
924 test_speed_ec_inner_1(name
, impl
, cd
);
925 sprintf(tmp
, "%s (FP)", name
);
926 test_speed_ec_inner_2(tmp
, impl
, cd
);
930 test_speed_ec_p256_m15(void)
932 test_speed_ec_inner("EC p256_m15",
933 &br_ec_p256_m15
, &br_secp256r1
);
937 test_speed_ec_p256_m31(void)
939 test_speed_ec_inner("EC p256_m31",
940 &br_ec_p256_m31
, &br_secp256r1
);
944 test_speed_ec_prime_i15(void)
946 test_speed_ec_inner("EC prime_i15 P-256",
947 &br_ec_prime_i15
, &br_secp256r1
);
948 test_speed_ec_inner("EC prime_i15 P-384",
949 &br_ec_prime_i15
, &br_secp384r1
);
950 test_speed_ec_inner("EC prime_i15 P-521",
951 &br_ec_prime_i15
, &br_secp521r1
);
955 test_speed_ec_prime_i31(void)
957 test_speed_ec_inner("EC prime_i31 P-256",
958 &br_ec_prime_i31
, &br_secp256r1
);
959 test_speed_ec_inner("EC prime_i31 P-384",
960 &br_ec_prime_i31
, &br_secp384r1
);
961 test_speed_ec_inner("EC prime_i31 P-521",
962 &br_ec_prime_i31
, &br_secp521r1
);
966 test_speed_ec_c25519_i15(void)
968 test_speed_ec_inner("EC c25519_i15",
969 &br_ec_c25519_i15
, &br_curve25519
);
973 test_speed_ec_c25519_i31(void)
975 test_speed_ec_inner("EC c25519_i31",
976 &br_ec_c25519_i31
, &br_curve25519
);
980 test_speed_ec_c25519_m15(void)
982 test_speed_ec_inner("EC c25519_m15",
983 &br_ec_c25519_m15
, &br_curve25519
);
987 test_speed_ec_c25519_m31(void)
989 test_speed_ec_inner("EC c25519_m31",
990 &br_ec_c25519_m31
, &br_curve25519
);
994 test_speed_ecdsa_inner(const char *name
,
995 const br_ec_impl
*impl
, const br_ec_curve_def
*cd
,
996 br_ecdsa_sign sign
, br_ecdsa_vrfy vrfy
)
998 unsigned char bx
[80], U
[160], hv
[32], sig
[160];
999 uint32_t x
[22], n
[22];
1000 size_t nlen
, ulen
, sig_len
;
1003 br_ec_private_key sk
;
1004 br_ec_public_key pk
;
1006 nlen
= cd
->order_len
;
1007 br_i31_decode(n
, cd
->order
, nlen
);
1008 memset(bx
, 'T', sizeof bx
);
1009 br_i31_decode_reduce(x
, bx
, sizeof bx
, n
);
1010 br_i31_encode(bx
, nlen
, x
);
1011 ulen
= cd
->generator_len
;
1012 memcpy(U
, cd
->generator
, ulen
);
1013 impl
->mul(U
, ulen
, bx
, nlen
, cd
->curve
);
1014 sk
.curve
= cd
->curve
;
1017 pk
.curve
= cd
->curve
;
1021 memset(hv
, 'H', sizeof hv
);
1022 sig_len
= sign(impl
, &br_sha256_vtable
, hv
, &sk
, sig
);
1023 if (vrfy(impl
, hv
, sizeof hv
, &pk
, sig
, sig_len
) != 1) {
1024 fprintf(stderr
, "self-test sign/verify failed\n");
1028 for (i
= 0; i
< 10; i
++) {
1030 sign(impl
, &br_sha256_vtable
, hv
, &sk
, sig
);
1031 vrfy(impl
, hv
, sizeof hv
, &pk
, sig
, sig_len
);
1041 for (k
= num
; k
> 0; k
--) {
1043 sig_len
= sign(impl
, &br_sha256_vtable
, hv
, &sk
, sig
);
1046 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
1048 printf("%-30s %8.2f sign/s\n", name
,
1063 for (k
= num
; k
> 0; k
--) {
1064 vrfy(impl
, hv
, sizeof hv
, &pk
, sig
, sig_len
);
1067 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
1069 printf("%-30s %8.2f verify/s\n", name
,
1079 test_speed_ecdsa_p256_m15(void)
1081 test_speed_ecdsa_inner("ECDSA m15 P-256",
1082 &br_ec_p256_m15
, &br_secp256r1
,
1083 &br_ecdsa_i15_sign_asn1
,
1084 &br_ecdsa_i15_vrfy_asn1
);
1088 test_speed_ecdsa_p256_m31(void)
1090 test_speed_ecdsa_inner("ECDSA m31 P-256",
1091 &br_ec_p256_m31
, &br_secp256r1
,
1092 &br_ecdsa_i31_sign_asn1
,
1093 &br_ecdsa_i31_vrfy_asn1
);
1097 test_speed_ecdsa_i15(void)
1099 test_speed_ecdsa_inner("ECDSA i15 P-256",
1100 &br_ec_prime_i15
, &br_secp256r1
,
1101 &br_ecdsa_i15_sign_asn1
,
1102 &br_ecdsa_i15_vrfy_asn1
);
1103 test_speed_ecdsa_inner("ECDSA i15 P-384",
1104 &br_ec_prime_i15
, &br_secp384r1
,
1105 &br_ecdsa_i15_sign_asn1
,
1106 &br_ecdsa_i15_vrfy_asn1
);
1107 test_speed_ecdsa_inner("ECDSA i15 P-521",
1108 &br_ec_prime_i15
, &br_secp521r1
,
1109 &br_ecdsa_i15_sign_asn1
,
1110 &br_ecdsa_i15_vrfy_asn1
);
1114 test_speed_ecdsa_i31(void)
1116 test_speed_ecdsa_inner("ECDSA i31 P-256",
1117 &br_ec_prime_i31
, &br_secp256r1
,
1118 &br_ecdsa_i31_sign_asn1
,
1119 &br_ecdsa_i31_vrfy_asn1
);
1120 test_speed_ecdsa_inner("ECDSA i31 P-384",
1121 &br_ec_prime_i31
, &br_secp384r1
,
1122 &br_ecdsa_i31_sign_asn1
,
1123 &br_ecdsa_i31_vrfy_asn1
);
1124 test_speed_ecdsa_inner("ECDSA i31 P-521",
1125 &br_ec_prime_i31
, &br_secp521r1
,
1126 &br_ecdsa_i31_sign_asn1
,
1127 &br_ecdsa_i31_vrfy_asn1
);
1131 test_speed_i31(void)
1133 static const unsigned char bp
[] = {
1134 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00,
1135 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
1136 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
1137 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
1140 unsigned char tmp
[60 + sizeof bp
];
1141 uint32_t p
[10], x
[10], y
[10], z
[10], p0i
;
1145 br_i31_decode(p
, bp
, sizeof bp
);
1146 p0i
= br_i31_ninv31(p
[1]);
1147 memset(tmp
, 'T', sizeof tmp
);
1148 br_i31_decode_reduce(x
, tmp
, sizeof tmp
, p
);
1149 memset(tmp
, 'U', sizeof tmp
);
1150 br_i31_decode_reduce(y
, tmp
, sizeof tmp
, p
);
1152 for (i
= 0; i
< 10; i
++) {
1153 br_i31_to_monty(x
, p
);
1162 for (k
= num
; k
> 0; k
--) {
1163 br_i31_to_monty(x
, p
);
1166 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
1168 printf("%-30s %8.2f ops/s\n", "i31 to_monty",
1176 for (i
= 0; i
< 10; i
++) {
1177 br_i31_from_monty(x
, p
, p0i
);
1186 for (k
= num
; k
> 0; k
--) {
1187 br_i31_from_monty(x
, p
, p0i
);
1190 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
1192 printf("%-30s %8.2f ops/s\n", "i31 from_monty",
1200 for (i
= 0; i
< 10; i
++) {
1201 br_i31_montymul(z
, x
, y
, p
, p0i
);
1210 for (k
= num
; k
> 0; k
--) {
1211 br_i31_montymul(z
, x
, y
, p
, p0i
);
1214 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
1216 printf("%-30s %8.2f ops/s\n", "i31 montymul",
1227 static unsigned char P2048
[] = {
1228 0xFD, 0xB6, 0xE0, 0x3E, 0x00, 0x49, 0x4C, 0xF0, 0x69, 0x3A, 0xDD, 0x7D,
1229 0xF8, 0xA2, 0x41, 0xB0, 0x6C, 0x67, 0xC5, 0xBA, 0xB8, 0x46, 0x80, 0xF5,
1230 0xBF, 0xAB, 0x98, 0xFC, 0x84, 0x73, 0xA5, 0x63, 0xC9, 0x52, 0x12, 0xDA,
1231 0x4C, 0xC1, 0x5B, 0x9D, 0x8D, 0xDF, 0xCD, 0xFE, 0xC5, 0xAD, 0x5A, 0x6F,
1232 0xDD, 0x02, 0xD9, 0xEC, 0x71, 0xEF, 0xEB, 0xB6, 0x95, 0xED, 0x94, 0x25,
1233 0x0E, 0x63, 0xDD, 0x6A, 0x52, 0xC7, 0x93, 0xAF, 0x85, 0x9D, 0x2C, 0xBE,
1234 0x5C, 0xBE, 0x35, 0xD8, 0xDD, 0x39, 0xEF, 0x1B, 0xB1, 0x49, 0x67, 0xB2,
1235 0x33, 0xC9, 0x7C, 0xE1, 0x51, 0x79, 0x51, 0x59, 0xCA, 0x6E, 0x2A, 0xDF,
1236 0x0D, 0x76, 0x1C, 0xE7, 0xA5, 0xC0, 0x1E, 0x6C, 0x56, 0x3A, 0x32, 0xE5,
1237 0xB5, 0xC5, 0xD4, 0xDB, 0xFE, 0xFF, 0xF8, 0xF2, 0x96, 0xA9, 0xC9, 0x65,
1238 0x59, 0x9E, 0x01, 0x79, 0x9D, 0x38, 0x68, 0x0F, 0xAD, 0x43, 0x3A, 0xD6,
1239 0x84, 0x0A, 0xE2, 0xEF, 0x96, 0xC1, 0x6D, 0x89, 0x74, 0x19, 0x63, 0x82,
1240 0x3B, 0xA0, 0x9C, 0xBA, 0x78, 0xDE, 0xDC, 0xC2, 0xE7, 0xD4, 0xFA, 0xD6,
1241 0x19, 0x21, 0x29, 0xAE, 0x5E, 0xF4, 0x38, 0x81, 0xC6, 0x9E, 0x0E, 0x3C,
1242 0xCD, 0xC0, 0xDC, 0x93, 0x5D, 0xFD, 0x9A, 0x5C, 0xAB, 0x54, 0x1F, 0xFF,
1243 0x9C, 0x12, 0x1B, 0x4C, 0xDF, 0x2D, 0x9C, 0x85, 0xF9, 0x68, 0x15, 0x89,
1244 0x42, 0x9B, 0x6C, 0x45, 0x89, 0x3A, 0xBC, 0xE9, 0x19, 0x91, 0xBE, 0x0C,
1245 0xEF, 0x90, 0xCC, 0xF6, 0xD6, 0xF0, 0x3D, 0x5C, 0xF5, 0xE5, 0x0F, 0x2F,
1246 0x02, 0x8A, 0x83, 0x4B, 0x93, 0x2F, 0x14, 0x12, 0x1F, 0x56, 0x9A, 0x12,
1247 0x58, 0x88, 0xAE, 0x60, 0xB8, 0x5A, 0xE4, 0xA1, 0xBF, 0x4A, 0x81, 0x84,
1248 0xAB, 0xBB, 0xE4, 0xD0, 0x1D, 0x41, 0xD9, 0x0A, 0xAB, 0x1E, 0x47, 0x5B,
1249 0x31, 0xAC, 0x2B, 0x73
1252 static unsigned char G2048
[] = {
1257 test_speed_modpow(void)
1259 uint32_t mx
[65], mp
[65], me
[65], t1
[65], t2
[65], len
;
1260 unsigned char e
[64];
1264 len
= br_int_decode(mp
, sizeof mp
/ sizeof mp
[0],
1265 P2048
, sizeof P2048
);
1269 memset(e
, 'P', sizeof e
);
1270 if (!br_int_decode(me
, sizeof me
/ sizeof me
[0], e
, sizeof e
)) {
1273 if (!br_modint_decode(mx
, mp
, G2048
, sizeof G2048
)) {
1276 for (i
= 0; i
< 10; i
++) {
1277 br_modint_to_monty(mx
, mp
);
1278 br_modint_montypow(mx
, me
, mp
, t1
, t2
);
1279 br_modint_from_monty(mx
, mp
);
1288 for (k
= num
; k
> 0; k
--) {
1289 br_modint_to_monty(mx
, mp
);
1290 br_modint_montypow(mx
, me
, mp
, t1
, t2
);
1291 br_modint_from_monty(mx
, mp
);
1294 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
1296 printf("%-30s %8.2f exp/s\n", "pow[2048:256]",
1306 test_speed_moddiv(void)
1308 uint32_t mx
[65], my
[65], mp
[65], t1
[65], t2
[65], t3
[65], len
;
1309 unsigned char x
[255], y
[255];
1313 len
= br_int_decode(mp
, sizeof mp
/ sizeof mp
[0],
1314 P2048
, sizeof P2048
);
1318 memset(x
, 'T', sizeof x
);
1319 memset(y
, 'P', sizeof y
);
1320 if (!br_modint_decode(mx
, mp
, x
, sizeof x
)) {
1323 if (!br_modint_decode(my
, mp
, y
, sizeof y
)) {
1326 for (i
= 0; i
< 10; i
++) {
1327 br_modint_div(mx
, my
, mp
, t1
, t2
, t3
);
1336 for (k
= num
; k
> 0; k
--) {
1337 br_modint_div(mx
, my
, mp
, t1
, t2
, t3
);
1340 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
1342 printf("%-30s %8.2f div/s\n", "div[2048]",
1352 #define STU(x) { test_speed_ ## x, #x }
1354 static const struct {
1363 STU(aes128_big_cbcenc
),
1364 STU(aes128_big_cbcdec
),
1365 STU(aes192_big_cbcenc
),
1366 STU(aes192_big_cbcdec
),
1367 STU(aes256_big_cbcenc
),
1368 STU(aes256_big_cbcdec
),
1369 STU(aes128_big_ctr
),
1370 STU(aes192_big_ctr
),
1371 STU(aes256_big_ctr
),
1373 STU(aes128_small_cbcenc
),
1374 STU(aes128_small_cbcdec
),
1375 STU(aes192_small_cbcenc
),
1376 STU(aes192_small_cbcdec
),
1377 STU(aes256_small_cbcenc
),
1378 STU(aes256_small_cbcdec
),
1379 STU(aes128_small_ctr
),
1380 STU(aes192_small_ctr
),
1381 STU(aes256_small_ctr
),
1383 STU(aes128_ct_cbcenc
),
1384 STU(aes128_ct_cbcdec
),
1385 STU(aes192_ct_cbcenc
),
1386 STU(aes192_ct_cbcdec
),
1387 STU(aes256_ct_cbcenc
),
1388 STU(aes256_ct_cbcdec
),
1393 STU(aes128_ct64_cbcenc
),
1394 STU(aes128_ct64_cbcdec
),
1395 STU(aes192_ct64_cbcenc
),
1396 STU(aes192_ct64_cbcdec
),
1397 STU(aes256_ct64_cbcenc
),
1398 STU(aes256_ct64_cbcdec
),
1399 STU(aes128_ct64_ctr
),
1400 STU(aes192_ct64_ctr
),
1401 STU(aes256_ct64_ctr
),
1403 STU(aes128_x86ni_cbcenc
),
1404 STU(aes128_x86ni_cbcdec
),
1405 STU(aes192_x86ni_cbcenc
),
1406 STU(aes192_x86ni_cbcdec
),
1407 STU(aes256_x86ni_cbcenc
),
1408 STU(aes256_x86ni_cbcdec
),
1409 STU(aes128_x86ni_ctr
),
1410 STU(aes192_x86ni_ctr
),
1411 STU(aes256_x86ni_ctr
),
1413 STU(aes128_pwr8_cbcenc
),
1414 STU(aes128_pwr8_cbcdec
),
1415 STU(aes192_pwr8_cbcenc
),
1416 STU(aes192_pwr8_cbcdec
),
1417 STU(aes256_pwr8_cbcenc
),
1418 STU(aes256_pwr8_cbcdec
),
1419 STU(aes128_pwr8_ctr
),
1420 STU(aes192_pwr8_ctr
),
1421 STU(aes256_pwr8_ctr
),
1423 STU(des_tab_cbcenc
),
1424 STU(des_tab_cbcdec
),
1425 STU(3des_tab_cbcenc
),
1426 STU(3des_tab_cbcdec
),
1430 STU(3des_ct_cbcenc
),
1431 STU(3des_ct_cbcdec
),
1442 STU(poly1305_ctmul
),
1443 STU(poly1305_ctmul32
),
1444 STU(poly1305_ctmulq
),
1447 STU(eax_aes128_big
),
1448 STU(eax_aes192_big
),
1449 STU(eax_aes256_big
),
1450 STU(eax_aes128_small
),
1451 STU(eax_aes192_small
),
1452 STU(eax_aes256_small
),
1456 STU(eax_aes128_ct64
),
1457 STU(eax_aes192_ct64
),
1458 STU(eax_aes256_ct64
),
1459 STU(eax_aes128_x86ni
),
1460 STU(eax_aes192_x86ni
),
1461 STU(eax_aes256_x86ni
),
1475 STU(ecdsa_p256_m15
),
1476 STU(ecdsa_p256_m31
),
1484 eq_name(const char *s1
, const char *s2
)
1491 if (c1
>= 'A' && c1
<= 'Z') {
1495 case '-': case '_': case '.': case ' ':
1503 if (c2
>= 'A' && c2
<= 'Z') {
1507 case '-': case '_': case '.': case ' ':
1523 main(int argc
, char *argv
[])
1528 printf("usage: testspeed all | name...\n");
1529 printf("individual test names:\n");
1530 for (u
= 0; u
< (sizeof tfns
) / (sizeof tfns
[0]); u
++) {
1531 printf(" %s\n", tfns
[u
].name
);
1534 for (u
= 0; u
< (sizeof tfns
) / (sizeof tfns
[0]); u
++) {
1537 for (i
= 1; i
< argc
; i
++) {
1538 if (eq_name(argv
[i
], tfns
[u
].name
)
1539 || eq_name(argv
[i
], "all"))