2 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
31 #define HASH_SIZE(cname) br_ ## cname ## _SIZE
33 #define SPEED_HASH(Name, cname) \
35 test_speed_ ## cname(void) \
37 unsigned char buf[8192]; \
38 unsigned char tmp[HASH_SIZE(cname)]; \
39 br_ ## cname ## _context mc; \
43 memset(buf, 'T', sizeof buf); \
44 for (i = 0; i < 10; i ++) { \
45 br_ ## cname ## _init(&mc); \
46 br_ ## cname ## _update(&mc, buf, sizeof buf); \
47 br_ ## cname ## _out(&mc, tmp); \
55 br_ ## cname ## _init(&mc); \
57 for (k = num; k > 0; k --) { \
58 br_ ## cname ## _update(&mc, buf, sizeof buf); \
61 br_ ## cname ## _out(&mc, tmp); \
62 tt = (double)(end - begin) / CLOCKS_PER_SEC; \
64 printf("%-30s %8.2f MB/s\n", #Name, \
65 ((double)sizeof buf) * (double)num \
66 / (tt * 1000000.0)); \
74 #define BLOCK_SIZE(cname) br_ ## cname ## _BLOCK_SIZE
76 #define SPEED_BLOCKCIPHER_CBC(Name, fname, cname, klen, dir) \
78 test_speed_ ## fname(void) \
80 unsigned char key[klen]; \
81 unsigned char buf[8192 - (8192 % BLOCK_SIZE(cname))]; \
82 unsigned char iv[BLOCK_SIZE(cname)]; \
83 const br_block_cbc ## dir ## _class *vt; \
84 br_ ## cname ## _cbc ## dir ## _keys ec; \
88 memset(key, 'T', sizeof key); \
89 memset(buf, 'P', sizeof buf); \
90 memset(iv, 'X', sizeof iv); \
91 vt = br_ ## cname ## _cbc ## dir ## _get_vtable(); \
93 printf("%-30s UNAVAILABLE\n", #Name); \
97 for (i = 0; i < 10; i ++) { \
98 vt->init(&ec.vtable, key, sizeof key); \
99 vt->run(&ec.vtable, iv, buf, sizeof buf); \
103 clock_t begin, end; \
107 vt->init(&ec.vtable, key, sizeof key); \
109 for (k = num; k > 0; k --) { \
110 vt->run(&ec.vtable, iv, buf, sizeof buf); \
113 tt = (double)(end - begin) / CLOCKS_PER_SEC; \
115 printf("%-30s %8.2f MB/s\n", #Name, \
116 ((double)sizeof buf) * (double)num \
117 / (tt * 1000000.0)); \
125 #define SPEED_BLOCKCIPHER_CTR(Name, fname, cname, klen) \
127 test_speed_ ## fname(void) \
129 unsigned char key[klen]; \
130 unsigned char buf[8192 - (8192 % BLOCK_SIZE(cname))]; \
131 unsigned char iv[BLOCK_SIZE(cname) - 4]; \
132 const br_block_ctr_class *vt; \
133 br_ ## cname ## _ctr_keys ec; \
137 memset(key, 'T', sizeof key); \
138 memset(buf, 'P', sizeof buf); \
139 memset(iv, 'X', sizeof iv); \
140 vt = br_ ## cname ## _ctr_get_vtable(); \
142 printf("%-30s UNAVAILABLE\n", #Name); \
146 for (i = 0; i < 10; i ++) { \
147 vt->init(&ec.vtable, key, sizeof key); \
148 vt->run(&ec.vtable, iv, 1, buf, sizeof buf); \
152 clock_t begin, end; \
156 vt->init(&ec.vtable, key, sizeof key); \
158 for (k = num; k > 0; k --) { \
159 vt->run(&ec.vtable, iv, 1, buf, sizeof buf); \
162 tt = (double)(end - begin) / CLOCKS_PER_SEC; \
164 printf("%-30s %8.2f MB/s\n", #Name, \
165 ((double)sizeof buf) * (double)num \
166 / (tt * 1000000.0)); \
174 #define SPEED_CHACHA20(Name, fname) \
176 test_speed_ ## fname(void) \
178 br_chacha20_run bc; \
179 unsigned char key[32]; \
180 unsigned char buf[8192]; \
181 unsigned char iv[12]; \
185 bc = br_ ## fname ## _get(); \
187 printf("%-30s UNAVAILABLE\n", #Name); \
191 memset(key, 'T', sizeof key); \
192 memset(buf, 'P', sizeof buf); \
193 memset(iv, 'X', sizeof iv); \
194 for (i = 0; i < 10; i ++) { \
195 bc(key, iv, i, buf, sizeof buf); \
199 clock_t begin, end; \
204 for (k = num; k > 0; k --) { \
205 bc(key, iv, (uint32_t)k, buf, sizeof buf); \
208 tt = (double)(end - begin) / CLOCKS_PER_SEC; \
210 printf("%-30s %8.2f MB/s\n", #Name, \
211 ((double)sizeof buf) * (double)num \
212 / (tt * 1000000.0)); \
221 SPEED_HASH(SHA
-1, sha1
)
222 SPEED_HASH(SHA
-256, sha256
)
223 SPEED_HASH(SHA
-512, sha512
)
226 * There are no vtable selection functions for the portable implementations,
227 * so we define some custom macros.
229 #define br_aes_big_cbcenc_get_vtable() (&br_aes_big_cbcenc_vtable)
230 #define br_aes_big_cbcdec_get_vtable() (&br_aes_big_cbcdec_vtable)
231 #define br_aes_big_ctr_get_vtable() (&br_aes_big_ctr_vtable)
232 #define br_aes_big_ctrcbc_get_vtable() (&br_aes_big_ctrcbc_vtable)
233 #define br_aes_small_cbcenc_get_vtable() (&br_aes_small_cbcenc_vtable)
234 #define br_aes_small_cbcdec_get_vtable() (&br_aes_small_cbcdec_vtable)
235 #define br_aes_small_ctr_get_vtable() (&br_aes_small_ctr_vtable)
236 #define br_aes_small_ctrcbc_get_vtable() (&br_aes_small_ctrcbc_vtable)
237 #define br_aes_ct_cbcenc_get_vtable() (&br_aes_ct_cbcenc_vtable)
238 #define br_aes_ct_cbcdec_get_vtable() (&br_aes_ct_cbcdec_vtable)
239 #define br_aes_ct_ctr_get_vtable() (&br_aes_ct_ctr_vtable)
240 #define br_aes_ct_ctrcbc_get_vtable() (&br_aes_ct_ctrcbc_vtable)
241 #define br_aes_ct64_cbcenc_get_vtable() (&br_aes_ct64_cbcenc_vtable)
242 #define br_aes_ct64_cbcdec_get_vtable() (&br_aes_ct64_cbcdec_vtable)
243 #define br_aes_ct64_ctr_get_vtable() (&br_aes_ct64_ctr_vtable)
244 #define br_aes_ct64_ctrcbc_get_vtable() (&br_aes_ct64_ctrcbc_vtable)
245 #define br_chacha20_ct_get() (&br_chacha20_ct_run)
247 #define SPEED_AES(iname) \
248 SPEED_BLOCKCIPHER_CBC(AES-128 CBC encrypt (iname), aes128_ ## iname ## _cbcenc, aes_ ## iname, 16, enc) \
249 SPEED_BLOCKCIPHER_CBC(AES-128 CBC decrypt (iname), aes128_ ## iname ## _cbcdec, aes_ ## iname, 16, dec) \
250 SPEED_BLOCKCIPHER_CBC(AES-192 CBC encrypt (iname), aes192_ ## iname ## _cbcenc, aes_ ## iname, 24, enc) \
251 SPEED_BLOCKCIPHER_CBC(AES-192 CBC decrypt (iname), aes192_ ## iname ## _cbcdec, aes_ ## iname, 24, dec) \
252 SPEED_BLOCKCIPHER_CBC(AES-256 CBC encrypt (iname), aes256_ ## iname ## _cbcenc, aes_ ## iname, 32, enc) \
253 SPEED_BLOCKCIPHER_CBC(AES-256 CBC decrypt (iname), aes256_ ## iname ## _cbcdec, aes_ ## iname, 32, dec) \
254 SPEED_BLOCKCIPHER_CTR(AES-128 CTR (iname), aes128_ ## iname ## _ctr, aes_ ## iname, 16) \
255 SPEED_BLOCKCIPHER_CTR(AES-192 CTR (iname), aes192_ ## iname ## _ctr, aes_ ## iname, 24) \
256 SPEED_BLOCKCIPHER_CTR(AES-256 CTR (iname), aes256_ ## iname ## _ctr, aes_ ## iname, 32)
265 #define br_des_tab_cbcenc_get_vtable() (&br_des_tab_cbcenc_vtable)
266 #define br_des_tab_cbcdec_get_vtable() (&br_des_tab_cbcdec_vtable)
267 #define br_des_ct_cbcenc_get_vtable() (&br_des_ct_cbcenc_vtable)
268 #define br_des_ct_cbcdec_get_vtable() (&br_des_ct_cbcdec_vtable)
270 #define SPEED_DES(iname) \
271 SPEED_BLOCKCIPHER_CBC(DES CBC encrypt (iname), des_ ## iname ## _cbcenc, des_ ## iname, 8, enc) \
272 SPEED_BLOCKCIPHER_CBC(DES CBC decrypt (iname), des_ ## iname ## _cbcdec, des_ ## iname, 8, dec) \
273 SPEED_BLOCKCIPHER_CBC(3DES CBC encrypt (iname), 3des_ ## iname ## _cbcenc, des_ ## iname, 24, enc) \
274 SPEED_BLOCKCIPHER_CBC(3DES CBC decrypt (iname), 3des_ ## iname ## _cbcdec, des_ ## iname, 24, dec)
279 SPEED_CHACHA20(ChaCha20 (ct
), chacha20_ct
)
280 SPEED_CHACHA20(ChaCha20 (sse2
), chacha20_sse2
)
283 test_speed_ghash_inner(char *name
, br_ghash gh
)
285 unsigned char buf
[8192], h
[16], y
[16];
289 memset(buf
, 'T', sizeof buf
);
290 memset(h
, 'P', sizeof h
);
291 memset(y
, 0, sizeof y
);
292 for (i
= 0; i
< 10; i
++) {
293 gh(y
, h
, buf
, sizeof buf
);
302 for (k
= num
; k
> 0; k
--) {
303 gh(y
, h
, buf
, sizeof buf
);
306 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
308 printf("%-30s %8.2f MB/s\n", name
,
309 ((double)sizeof buf
) * (double)num
319 test_speed_ghash_ctmul(void)
321 test_speed_ghash_inner("GHASH (ctmul)", &br_ghash_ctmul
);
325 test_speed_ghash_ctmul32(void)
327 test_speed_ghash_inner("GHASH (ctmul32)", &br_ghash_ctmul32
);
331 test_speed_ghash_ctmul64(void)
333 test_speed_ghash_inner("GHASH (ctmul64)", &br_ghash_ctmul64
);
337 test_speed_ghash_pclmul(void)
341 gh
= br_ghash_pclmul_get();
343 printf("%-30s UNAVAILABLE\n", "GHASH (pclmul)");
346 test_speed_ghash_inner("GHASH (pclmul)", gh
);
351 test_speed_ghash_pwr8(void)
355 gh
= br_ghash_pwr8_get();
357 printf("%-30s UNAVAILABLE\n", "GHASH (pwr8)");
360 test_speed_ghash_inner("GHASH (pwr8)", gh
);
365 fake_chacha20(const void *key
, const void *iv
,
366 uint32_t cc
, void *data
, size_t len
)
372 return cc
+ (uint32_t)((len
+ 63) >> 6);
376 * To speed-test Poly1305, we run it with a do-nothing stub instead of
380 test_speed_poly1305_inner(char *name
, br_poly1305_run pl
)
382 unsigned char buf
[8192], key
[32], iv
[12], aad
[13], tag
[16];
386 memset(key
, 'K', sizeof key
);
387 memset(iv
, 'I', sizeof iv
);
388 memset(aad
, 'A', sizeof aad
);
389 memset(buf
, 'T', sizeof buf
);
390 for (i
= 0; i
< 10; i
++) {
391 pl(key
, iv
, buf
, sizeof buf
,
392 aad
, sizeof aad
, tag
, &fake_chacha20
, 0);
401 for (k
= num
; k
> 0; k
--) {
402 pl(key
, iv
, buf
, sizeof buf
,
403 aad
, sizeof aad
, tag
, &fake_chacha20
, 0);
406 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
408 printf("%-30s %8.2f MB/s\n", name
,
409 ((double)sizeof buf
) * (double)num
419 test_speed_poly1305_ctmul(void)
421 test_speed_poly1305_inner("Poly1305 (ctmul)", &br_poly1305_ctmul_run
);
425 test_speed_poly1305_ctmul32(void)
427 test_speed_poly1305_inner("Poly1305 (ctmul32)",
428 &br_poly1305_ctmul32_run
);
432 test_speed_poly1305_ctmulq(void)
436 bp
= br_poly1305_ctmulq_get();
438 printf("%-30s UNAVAILABLE\n", "Poly1305 (ctmulq)");
440 test_speed_poly1305_inner("Poly1305 (ctmulq)", bp
);
445 test_speed_poly1305_i15(void)
447 test_speed_poly1305_inner("Poly1305 (i15)", &br_poly1305_i15_run
);
451 test_speed_eax_inner(char *name
,
452 const br_block_ctrcbc_class
*vt
, size_t key_len
)
454 unsigned char buf
[8192], key
[32], nonce
[16], aad
[16], tag
[16];
457 br_aes_gen_ctrcbc_keys ac
;
461 printf("%-30s UNAVAILABLE\n", name
);
465 memset(key
, 'K', key_len
);
466 memset(nonce
, 'N', sizeof nonce
);
467 memset(aad
, 'A', sizeof aad
);
468 memset(buf
, 'T', sizeof buf
);
469 for (i
= 0; i
< 10; i
++) {
470 vt
->init(&ac
.vtable
, key
, key_len
);
471 br_eax_init(&ec
, &ac
.vtable
);
472 br_eax_reset(&ec
, nonce
, sizeof nonce
);
473 br_eax_aad_inject(&ec
, aad
, sizeof aad
);
475 br_eax_run(&ec
, 1, buf
, sizeof buf
);
476 br_eax_get_tag(&ec
, tag
);
485 for (k
= num
; k
> 0; k
--) {
486 vt
->init(&ac
.vtable
, key
, key_len
);
487 br_eax_init(&ec
, &ac
.vtable
);
488 br_eax_reset(&ec
, nonce
, sizeof nonce
);
489 br_eax_aad_inject(&ec
, aad
, sizeof aad
);
491 br_eax_run(&ec
, 1, buf
, sizeof buf
);
492 br_eax_get_tag(&ec
, tag
);
495 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
497 printf("%-30s %8.2f MB/s\n", name
,
498 ((double)sizeof buf
) * (double)num
507 #define SPEED_EAX(Algo, algo, keysize, impl) \
509 test_speed_eax_ ## algo ## keysize ## _ ## impl(void) \
511 test_speed_eax_inner("EAX " #Algo "-" #keysize "(" #impl ")", \
512 br_ ## algo ## _ ## impl ## _ctrcbc_get_vtable() \
516 SPEED_EAX(AES
, aes
, 128, big
)
517 SPEED_EAX(AES
, aes
, 128, small
)
518 SPEED_EAX(AES
, aes
, 128, ct
)
519 SPEED_EAX(AES
, aes
, 128, ct64
)
520 SPEED_EAX(AES
, aes
, 128, x86ni
)
521 SPEED_EAX(AES
, aes
, 128, pwr8
)
522 SPEED_EAX(AES
, aes
, 192, big
)
523 SPEED_EAX(AES
, aes
, 192, small
)
524 SPEED_EAX(AES
, aes
, 192, ct
)
525 SPEED_EAX(AES
, aes
, 192, ct64
)
526 SPEED_EAX(AES
, aes
, 192, x86ni
)
527 SPEED_EAX(AES
, aes
, 192, pwr8
)
528 SPEED_EAX(AES
, aes
, 256, big
)
529 SPEED_EAX(AES
, aes
, 256, small
)
530 SPEED_EAX(AES
, aes
, 256, ct
)
531 SPEED_EAX(AES
, aes
, 256, ct64
)
532 SPEED_EAX(AES
, aes
, 256, x86ni
)
533 SPEED_EAX(AES
, aes
, 256, pwr8
)
536 test_speed_shake_inner(int security_level
)
538 unsigned char buf
[8192];
543 memset(buf
, 'D', sizeof buf
);
544 br_shake_init(&sc
, security_level
);
545 for (i
= 0; i
< 10; i
++) {
546 br_shake_inject(&sc
, buf
, sizeof buf
);
555 for (k
= num
; k
> 0; k
--) {
556 br_shake_inject(&sc
, buf
, sizeof buf
);
559 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
561 printf("SHAKE%-3d (inject) %8.2f MB/s\n",
563 ((double)sizeof buf
) * (double)num
572 for (i
= 0; i
< 10; i
++) {
573 br_shake_produce(&sc
, buf
, sizeof buf
);
583 for (k
= num
; k
> 0; k
--) {
584 br_shake_produce(&sc
, buf
, sizeof buf
);
587 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
589 printf("SHAKE%-3d (produce) %8.2f MB/s\n",
591 ((double)sizeof buf
) * (double)num
601 test_speed_shake128(void)
603 test_speed_shake_inner(128);
607 test_speed_shake256(void)
609 test_speed_shake_inner(256);
612 static const unsigned char RSA_N
[] = {
613 0xE9, 0xF2, 0x4A, 0x2F, 0x96, 0xDF, 0x0A, 0x23,
614 0x01, 0x85, 0xF1, 0x2C, 0xB2, 0xA8, 0xEF, 0x23,
615 0xCE, 0x2E, 0xB0, 0x4E, 0x18, 0x31, 0x95, 0x5B,
616 0x98, 0x2D, 0x9B, 0x8C, 0xE3, 0x1A, 0x2B, 0x96,
617 0xB5, 0xC7, 0xEE, 0xED, 0x72, 0x43, 0x2D, 0xFE,
618 0x7F, 0x61, 0x33, 0xEA, 0x14, 0xFC, 0xDE, 0x80,
619 0x17, 0x42, 0xF0, 0xF3, 0xC3, 0xC7, 0x89, 0x47,
620 0x76, 0x5B, 0xFA, 0x33, 0xC4, 0x8C, 0x94, 0xDE,
621 0x6A, 0x75, 0xD8, 0x1A, 0xF4, 0x49, 0xBC, 0xF3,
622 0xB7, 0x9E, 0x2C, 0x8D, 0xEC, 0x5A, 0xEE, 0xBF,
623 0x4B, 0x5A, 0x7F, 0xEF, 0x21, 0x39, 0xDB, 0x1D,
624 0x83, 0x5E, 0x7E, 0x2F, 0xAA, 0x5E, 0xBA, 0x28,
625 0xC3, 0xA2, 0x53, 0x19, 0xFB, 0x2F, 0x78, 0x6B,
626 0x14, 0x60, 0x49, 0x3C, 0xCC, 0x1B, 0xE9, 0x1E,
627 0x3D, 0x10, 0xA4, 0xEB, 0x7F, 0x66, 0x98, 0xF6,
628 0xC3, 0xAC, 0x35, 0xF5, 0x01, 0x84, 0xFF, 0x7D,
629 0x1F, 0x72, 0xBE, 0xB4, 0xD1, 0x89, 0xC8, 0xDD,
630 0x44, 0xE7, 0xB5, 0x2E, 0x2C, 0xE1, 0x85, 0xF5,
631 0x15, 0x50, 0xA9, 0x08, 0xC7, 0x67, 0xD9, 0x2B,
632 0x6C, 0x11, 0xB3, 0xEB, 0x28, 0x8D, 0xF4, 0xCC,
633 0xE3, 0xC3, 0xC5, 0x04, 0x0E, 0x7C, 0x8D, 0xDB,
634 0x39, 0x06, 0x6A, 0x74, 0x75, 0xDF, 0xA8, 0x0F,
635 0xDA, 0x67, 0x5A, 0x73, 0x1E, 0xFD, 0x8E, 0x4C,
636 0xEE, 0x17, 0xEE, 0x1E, 0x67, 0xDB, 0x98, 0x70,
637 0x60, 0xF7, 0xB9, 0xB5, 0x1F, 0x19, 0x93, 0xD6,
638 0x3F, 0x2F, 0x1F, 0xB6, 0x5B, 0x59, 0xAA, 0x85,
639 0xBB, 0x25, 0xE4, 0x13, 0xEF, 0xE7, 0xB9, 0x87,
640 0x9C, 0x3F, 0x5E, 0xE4, 0x08, 0xA3, 0x51, 0xCF,
641 0x8B, 0xAD, 0xF4, 0xE6, 0x1A, 0x5F, 0x51, 0xDD,
642 0xA8, 0xBE, 0xE8, 0xD1, 0x20, 0x19, 0x61, 0x6C,
643 0x18, 0xAB, 0xCA, 0x0A, 0xD9, 0x82, 0xA6, 0x94,
644 0xD5, 0x69, 0x2A, 0xF6, 0x43, 0x66, 0x31, 0x09
647 static const unsigned char RSA_E
[] = {
651 static const unsigned char RSA_P
[] = {
652 0xFD, 0x39, 0x40, 0x56, 0x20, 0x80, 0xC5, 0x81,
653 0x4C, 0x5F, 0x0C, 0x1A, 0x52, 0x84, 0x03, 0x2F,
654 0xCE, 0x82, 0xB0, 0xD8, 0x30, 0x23, 0x7F, 0x77,
655 0x45, 0xC2, 0x01, 0xC4, 0x68, 0x96, 0x0D, 0xA7,
656 0x22, 0xA9, 0x6C, 0xA9, 0x1A, 0x33, 0xE5, 0x2F,
657 0xB5, 0x07, 0x9A, 0xF9, 0xEA, 0x33, 0xA5, 0xC8,
658 0x96, 0x60, 0x6A, 0xCA, 0xEB, 0xE5, 0x6E, 0x09,
659 0x46, 0x7E, 0x2D, 0xEF, 0x93, 0x7D, 0x56, 0xED,
660 0x75, 0x70, 0x3B, 0x96, 0xC4, 0xD5, 0xDB, 0x0B,
661 0x3F, 0x69, 0xDF, 0x06, 0x18, 0x76, 0xF4, 0xCF,
662 0xF8, 0x84, 0x22, 0xDF, 0xBD, 0x71, 0x62, 0x7B,
663 0x67, 0x99, 0xBC, 0x09, 0x95, 0x54, 0xA4, 0x98,
664 0x83, 0xF5, 0xA9, 0xCF, 0x09, 0xA5, 0x1F, 0x61,
665 0x25, 0xB4, 0x70, 0x6C, 0x91, 0xB8, 0xB3, 0xD0,
666 0xCE, 0x9C, 0x45, 0x65, 0x9B, 0xEF, 0xD4, 0x70,
667 0xBE, 0x86, 0xD2, 0x98, 0x5D, 0xEB, 0xE3, 0xFF
670 static const unsigned char RSA_Q
[] = {
671 0xEC, 0x82, 0xEE, 0x63, 0x5F, 0x40, 0x52, 0xDB,
672 0x38, 0x7A, 0x37, 0x6A, 0x54, 0x5B, 0xD9, 0xA0,
673 0x73, 0xB4, 0xBB, 0x52, 0xB2, 0x84, 0x07, 0xD0,
674 0xCC, 0x82, 0x0D, 0x20, 0xB3, 0xFA, 0xD5, 0xB6,
675 0x25, 0x92, 0x35, 0x4D, 0xB4, 0xC7, 0x36, 0x48,
676 0xCE, 0x5E, 0x21, 0x4A, 0xA6, 0x74, 0x65, 0xF4,
677 0x7D, 0x1D, 0xBC, 0x3B, 0xE2, 0xF4, 0x3E, 0x11,
678 0x58, 0x10, 0x6C, 0x04, 0x46, 0x9E, 0x8D, 0x57,
679 0xE0, 0x04, 0xE2, 0xEC, 0x47, 0xCF, 0xB3, 0x2A,
680 0xFD, 0x4C, 0x55, 0x18, 0xDB, 0xDE, 0x3B, 0xDC,
681 0xF4, 0x5B, 0xDA, 0xF3, 0x1A, 0xC8, 0x41, 0x6F,
682 0x73, 0x3B, 0xFE, 0x3C, 0xA0, 0xDB, 0xBA, 0x6E,
683 0x65, 0xA5, 0xE8, 0x02, 0xA5, 0x6C, 0xEA, 0x03,
684 0xF6, 0x99, 0xF7, 0xCB, 0x4B, 0xB7, 0x11, 0x51,
685 0x93, 0x88, 0x3F, 0xF9, 0x06, 0x85, 0xA9, 0x1E,
686 0xCA, 0x64, 0xF8, 0x11, 0xA5, 0x1A, 0xCA, 0xF7
689 static const unsigned char RSA_DP
[] = {
690 0x77, 0x95, 0xE0, 0x02, 0x4C, 0x9B, 0x43, 0xAA,
691 0xCA, 0x4C, 0x60, 0xC4, 0xD5, 0x8F, 0x2E, 0x8A,
692 0x17, 0x36, 0xB5, 0x19, 0x83, 0xB2, 0x5F, 0xF2,
693 0x0D, 0xE9, 0x8F, 0x38, 0x18, 0x44, 0x34, 0xF2,
694 0x67, 0x76, 0x27, 0xB0, 0xBC, 0x85, 0x21, 0x89,
695 0x24, 0x2F, 0x11, 0x4B, 0x51, 0x05, 0x4F, 0x17,
696 0xA9, 0x9C, 0xA3, 0x12, 0x6D, 0xD1, 0x0D, 0xE4,
697 0x27, 0x7C, 0x53, 0x69, 0x3E, 0xF8, 0x04, 0x63,
698 0x64, 0x00, 0xBA, 0xC3, 0x7A, 0xF5, 0x9B, 0xDA,
699 0x75, 0xFA, 0x23, 0xAF, 0x17, 0x42, 0xA6, 0x5E,
700 0xC8, 0xF8, 0x6E, 0x17, 0xC7, 0xB9, 0x92, 0x4E,
701 0xC1, 0x20, 0x63, 0x23, 0x0B, 0x78, 0xCB, 0xBA,
702 0x93, 0x27, 0x23, 0x28, 0x79, 0x5F, 0x97, 0xB0,
703 0x23, 0x44, 0x51, 0x8B, 0x94, 0x4D, 0xEB, 0xED,
704 0x82, 0x85, 0x5E, 0x68, 0x9B, 0xF9, 0xE9, 0x13,
705 0xCD, 0x86, 0x92, 0x52, 0x0E, 0x98, 0xE6, 0x35
708 static const unsigned char RSA_DQ
[] = {
709 0xD8, 0xDD, 0x71, 0xB3, 0x62, 0xBA, 0xBB, 0x7E,
710 0xD1, 0xF9, 0x96, 0xE8, 0x83, 0xB3, 0xB9, 0x08,
711 0x9C, 0x30, 0x03, 0x77, 0xDF, 0xC2, 0x9A, 0xDC,
712 0x05, 0x39, 0xD6, 0xC9, 0xBE, 0xDE, 0x68, 0xA9,
713 0xDD, 0x27, 0x84, 0x82, 0xDD, 0x19, 0xB1, 0x97,
714 0xEE, 0xCA, 0x77, 0x22, 0x59, 0x20, 0xEF, 0xFF,
715 0xCF, 0xDD, 0xBD, 0x24, 0xF8, 0x84, 0xD6, 0x88,
716 0xD6, 0xC4, 0x30, 0x17, 0x77, 0x9D, 0x98, 0xA3,
717 0x14, 0x01, 0xC7, 0x05, 0xBB, 0x0F, 0x23, 0x0D,
718 0x6F, 0x37, 0x57, 0xEC, 0x34, 0x67, 0x41, 0x62,
719 0xE8, 0x19, 0x75, 0xD9, 0x66, 0x1C, 0x6B, 0x8B,
720 0xC3, 0x11, 0x26, 0x9C, 0xF7, 0x2E, 0xA3, 0x72,
721 0xE8, 0xF7, 0xC8, 0x96, 0xEC, 0x92, 0xC2, 0xBD,
722 0xA1, 0x98, 0x2A, 0x93, 0x99, 0xB8, 0xA2, 0x43,
723 0xB7, 0xD0, 0xBE, 0x40, 0x1C, 0x8F, 0xE0, 0xB4,
724 0x20, 0x07, 0x97, 0x43, 0xAE, 0xAD, 0xB3, 0x9F
727 static const unsigned char RSA_IQ
[] = {
728 0xB7, 0xE2, 0x60, 0xA9, 0x62, 0xEC, 0xEC, 0x0B,
729 0x57, 0x02, 0x96, 0xF9, 0x36, 0x35, 0x2C, 0x37,
730 0xAF, 0xC2, 0xEE, 0x71, 0x49, 0x26, 0x8E, 0x0F,
731 0x27, 0xB1, 0xFA, 0x0F, 0xEA, 0xDC, 0xF0, 0x8B,
732 0x53, 0x6C, 0xB2, 0x46, 0x27, 0xCD, 0x29, 0xA2,
733 0x35, 0x0F, 0x5D, 0x8A, 0x3F, 0x20, 0x8C, 0x13,
734 0x3D, 0xA1, 0xFF, 0x85, 0x91, 0x99, 0xE8, 0x50,
735 0xED, 0xF1, 0x29, 0x00, 0xEE, 0x24, 0x90, 0xB5,
736 0x5F, 0x3A, 0x74, 0x26, 0xD7, 0xA2, 0x24, 0x8D,
737 0x89, 0x88, 0xD8, 0x35, 0x22, 0x22, 0x8A, 0x66,
738 0x5D, 0x5C, 0xDE, 0x83, 0x8C, 0xFA, 0x27, 0xE6,
739 0xB9, 0xEB, 0x72, 0x08, 0xCD, 0x53, 0x4B, 0x93,
740 0x0F, 0xAD, 0xC3, 0xF8, 0x7C, 0xFE, 0x84, 0xD7,
741 0x08, 0xF3, 0xBE, 0x3D, 0x60, 0x1E, 0x95, 0x8D,
742 0x44, 0x5B, 0x65, 0x7E, 0xC1, 0x30, 0xC3, 0x84,
743 0xC0, 0xB0, 0xFE, 0xBF, 0x28, 0x54, 0x1E, 0xC4
746 static const br_rsa_public_key RSA_PK
= {
747 (void *)RSA_N
, sizeof RSA_N
,
748 (void *)RSA_E
, sizeof RSA_E
751 static const br_rsa_private_key RSA_SK
= {
753 (void *)RSA_P
, sizeof RSA_P
,
754 (void *)RSA_Q
, sizeof RSA_Q
,
755 (void *)RSA_DP
, sizeof RSA_DP
,
756 (void *)RSA_DQ
, sizeof RSA_DQ
,
757 (void *)RSA_IQ
, sizeof RSA_IQ
761 test_speed_rsa_inner(char *name
,
762 br_rsa_public fpub
, br_rsa_private fpriv
, br_rsa_keygen kgen
)
764 unsigned char tmp
[sizeof RSA_N
];
768 br_hmac_drbg_context rng;
770 br_aesctr_drbg_context rng
;
771 const br_block_ctr_class
*ictr
;
773 memset(tmp
, 'R', sizeof tmp
);
775 for (i
= 0; i
< 10; i
++) {
776 if (!fpriv(tmp
, &RSA_SK
)) {
787 for (k
= num
; k
> 0; k
--) {
791 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
793 printf("%-30s %8.2f priv/s\n", name
,
800 for (i
= 0; i
< 10; i
++) {
801 if (!fpub(tmp
, sizeof tmp
, &RSA_PK
)) {
812 for (k
= num
; k
> 0; k
--) {
813 fpub(tmp
, sizeof tmp
, &RSA_PK
);
816 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
818 printf("%-30s %8.2f pub/s\n", name
,
827 printf("%-30s KEYGEN UNAVAILABLE\n", name
);
832 br_hmac_drbg_init(&rng, &br_sha256_vtable, "RSA keygen seed", 15);
834 ictr
= br_aes_x86ni_ctr_get_vtable();
836 ictr
= br_aes_pwr8_ctr_get_vtable();
839 ictr
= &br_aes_ct64_ctr_vtable
;
841 ictr
= &br_aes_ct_ctr_vtable
;
845 br_aesctr_drbg_init(&rng
, ictr
, "RSA keygen seed", 15);
854 for (k
= num
; k
> 0; k
--) {
855 br_rsa_private_key sk
;
856 unsigned char kbuf
[BR_RSA_KBUF_PRIV_SIZE(1024)];
858 kgen(&rng
.vtable
, &sk
, kbuf
, NULL
, NULL
, 1024, 0);
861 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
863 printf("%-30s %8.2f kgen[1024]/s\n", name
,
878 for (k
= num
; k
> 0; k
--) {
879 br_rsa_private_key sk
;
880 unsigned char kbuf
[BR_RSA_KBUF_PRIV_SIZE(2048)];
882 kgen(&rng
.vtable
, &sk
, kbuf
, NULL
, NULL
, 2048, 0);
885 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
887 printf("%-30s %8.2f kgen[2048]/s\n", name
,
897 test_speed_rsa_i15(void)
899 test_speed_rsa_inner("RSA i15",
900 &br_rsa_i15_public
, &br_rsa_i15_private
, &br_rsa_i15_keygen
);
904 test_speed_rsa_i31(void)
906 test_speed_rsa_inner("RSA i31",
907 &br_rsa_i31_public
, &br_rsa_i31_private
, &br_rsa_i31_keygen
);
911 test_speed_rsa_i32(void)
913 test_speed_rsa_inner("RSA i32",
914 &br_rsa_i32_public
, &br_rsa_i32_private
, 0);
918 test_speed_rsa_i62(void)
924 pub
= br_rsa_i62_public_get();
925 priv
= br_rsa_i62_private_get();
926 kgen
= br_rsa_i62_keygen_get();
928 test_speed_rsa_inner("RSA i62", pub
, priv
, kgen
);
930 printf("%-30s UNAVAILABLE\n", "RSA i62");
935 test_speed_ec_inner_1(const char *name
,
936 const br_ec_impl
*impl
, const br_ec_curve_def
*cd
)
938 unsigned char bx
[80], U
[160];
939 uint32_t x
[22], n
[22];
944 nlen
= cd
->order_len
;
945 br_i31_decode(n
, cd
->order
, nlen
);
946 memset(bx
, 'T', sizeof bx
);
947 br_i31_decode_reduce(x
, bx
, sizeof bx
, n
);
948 br_i31_encode(bx
, nlen
, x
);
949 ulen
= cd
->generator_len
;
950 memcpy(U
, cd
->generator
, ulen
);
951 for (i
= 0; i
< 10; i
++) {
952 impl
->mul(U
, ulen
, bx
, nlen
, cd
->curve
);
961 for (k
= num
; k
> 0; k
--) {
962 impl
->mul(U
, ulen
, bx
, nlen
, cd
->curve
);
965 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
967 printf("%-30s %8.2f mul/s\n", name
,
977 test_speed_ec_inner_2(const char *name
,
978 const br_ec_impl
*impl
, const br_ec_curve_def
*cd
)
980 unsigned char bx
[80], U
[160];
981 uint32_t x
[22], n
[22];
986 nlen
= cd
->order_len
;
987 br_i31_decode(n
, cd
->order
, nlen
);
988 memset(bx
, 'T', sizeof bx
);
989 br_i31_decode_reduce(x
, bx
, sizeof bx
, n
);
990 br_i31_encode(bx
, nlen
, x
);
991 for (i
= 0; i
< 10; i
++) {
992 impl
->mulgen(U
, bx
, nlen
, cd
->curve
);
1001 for (k
= num
; k
> 0; k
--) {
1002 impl
->mulgen(U
, bx
, nlen
, cd
->curve
);
1005 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
1007 printf("%-30s %8.2f mul/s\n", name
,
1017 test_speed_ec_inner(const char *name
,
1018 const br_ec_impl
*impl
, const br_ec_curve_def
*cd
)
1022 test_speed_ec_inner_1(name
, impl
, cd
);
1023 sprintf(tmp
, "%s (FP)", name
);
1024 test_speed_ec_inner_2(tmp
, impl
, cd
);
1028 test_speed_ec_p256_m15(void)
1030 test_speed_ec_inner("EC p256_m15",
1031 &br_ec_p256_m15
, &br_secp256r1
);
1035 test_speed_ec_p256_m31(void)
1037 test_speed_ec_inner("EC p256_m31",
1038 &br_ec_p256_m31
, &br_secp256r1
);
1042 test_speed_ec_prime_i15(void)
1044 test_speed_ec_inner("EC prime_i15 P-256",
1045 &br_ec_prime_i15
, &br_secp256r1
);
1046 test_speed_ec_inner("EC prime_i15 P-384",
1047 &br_ec_prime_i15
, &br_secp384r1
);
1048 test_speed_ec_inner("EC prime_i15 P-521",
1049 &br_ec_prime_i15
, &br_secp521r1
);
1053 test_speed_ec_prime_i31(void)
1055 test_speed_ec_inner("EC prime_i31 P-256",
1056 &br_ec_prime_i31
, &br_secp256r1
);
1057 test_speed_ec_inner("EC prime_i31 P-384",
1058 &br_ec_prime_i31
, &br_secp384r1
);
1059 test_speed_ec_inner("EC prime_i31 P-521",
1060 &br_ec_prime_i31
, &br_secp521r1
);
1064 test_speed_ec_c25519_i15(void)
1066 test_speed_ec_inner("EC c25519_i15",
1067 &br_ec_c25519_i15
, &br_curve25519
);
1071 test_speed_ec_c25519_i31(void)
1073 test_speed_ec_inner("EC c25519_i31",
1074 &br_ec_c25519_i31
, &br_curve25519
);
1078 test_speed_ec_c25519_m15(void)
1080 test_speed_ec_inner("EC c25519_m15",
1081 &br_ec_c25519_m15
, &br_curve25519
);
1085 test_speed_ec_c25519_m31(void)
1087 test_speed_ec_inner("EC c25519_m31",
1088 &br_ec_c25519_m31
, &br_curve25519
);
1092 test_speed_ec_c25519_m62(void)
1094 const br_ec_impl
*ec
;
1096 ec
= br_ec_c25519_m62_get();
1098 test_speed_ec_inner("EC c25519_m62", ec
, &br_curve25519
);
1100 printf("%-30s UNAVAILABLE\n", "EC c25519_m62");
1105 test_speed_ecdsa_inner(const char *name
,
1106 const br_ec_impl
*impl
, const br_ec_curve_def
*cd
,
1107 br_ecdsa_sign sign
, br_ecdsa_vrfy vrfy
)
1109 unsigned char bx
[80], U
[160], hv
[32], sig
[160];
1110 uint32_t x
[22], n
[22];
1111 size_t nlen
, ulen
, sig_len
;
1114 br_ec_private_key sk
;
1115 br_ec_public_key pk
;
1117 nlen
= cd
->order_len
;
1118 br_i31_decode(n
, cd
->order
, nlen
);
1119 memset(bx
, 'T', sizeof bx
);
1120 br_i31_decode_reduce(x
, bx
, sizeof bx
, n
);
1121 br_i31_encode(bx
, nlen
, x
);
1122 ulen
= cd
->generator_len
;
1123 memcpy(U
, cd
->generator
, ulen
);
1124 impl
->mul(U
, ulen
, bx
, nlen
, cd
->curve
);
1125 sk
.curve
= cd
->curve
;
1128 pk
.curve
= cd
->curve
;
1132 memset(hv
, 'H', sizeof hv
);
1133 sig_len
= sign(impl
, &br_sha256_vtable
, hv
, &sk
, sig
);
1134 if (vrfy(impl
, hv
, sizeof hv
, &pk
, sig
, sig_len
) != 1) {
1135 fprintf(stderr
, "self-test sign/verify failed\n");
1139 for (i
= 0; i
< 10; i
++) {
1141 sign(impl
, &br_sha256_vtable
, hv
, &sk
, sig
);
1142 vrfy(impl
, hv
, sizeof hv
, &pk
, sig
, sig_len
);
1152 for (k
= num
; k
> 0; k
--) {
1154 sig_len
= sign(impl
, &br_sha256_vtable
, hv
, &sk
, sig
);
1157 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
1159 printf("%-30s %8.2f sign/s\n", name
,
1174 for (k
= num
; k
> 0; k
--) {
1175 vrfy(impl
, hv
, sizeof hv
, &pk
, sig
, sig_len
);
1178 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
1180 printf("%-30s %8.2f verify/s\n", name
,
1190 test_speed_ecdsa_p256_m15(void)
1192 test_speed_ecdsa_inner("ECDSA m15 P-256",
1193 &br_ec_p256_m15
, &br_secp256r1
,
1194 &br_ecdsa_i15_sign_asn1
,
1195 &br_ecdsa_i15_vrfy_asn1
);
1199 test_speed_ecdsa_p256_m31(void)
1201 test_speed_ecdsa_inner("ECDSA m31 P-256",
1202 &br_ec_p256_m31
, &br_secp256r1
,
1203 &br_ecdsa_i31_sign_asn1
,
1204 &br_ecdsa_i31_vrfy_asn1
);
1208 test_speed_ecdsa_i15(void)
1210 test_speed_ecdsa_inner("ECDSA i15 P-256",
1211 &br_ec_prime_i15
, &br_secp256r1
,
1212 &br_ecdsa_i15_sign_asn1
,
1213 &br_ecdsa_i15_vrfy_asn1
);
1214 test_speed_ecdsa_inner("ECDSA i15 P-384",
1215 &br_ec_prime_i15
, &br_secp384r1
,
1216 &br_ecdsa_i15_sign_asn1
,
1217 &br_ecdsa_i15_vrfy_asn1
);
1218 test_speed_ecdsa_inner("ECDSA i15 P-521",
1219 &br_ec_prime_i15
, &br_secp521r1
,
1220 &br_ecdsa_i15_sign_asn1
,
1221 &br_ecdsa_i15_vrfy_asn1
);
1225 test_speed_ecdsa_i31(void)
1227 test_speed_ecdsa_inner("ECDSA i31 P-256",
1228 &br_ec_prime_i31
, &br_secp256r1
,
1229 &br_ecdsa_i31_sign_asn1
,
1230 &br_ecdsa_i31_vrfy_asn1
);
1231 test_speed_ecdsa_inner("ECDSA i31 P-384",
1232 &br_ec_prime_i31
, &br_secp384r1
,
1233 &br_ecdsa_i31_sign_asn1
,
1234 &br_ecdsa_i31_vrfy_asn1
);
1235 test_speed_ecdsa_inner("ECDSA i31 P-521",
1236 &br_ec_prime_i31
, &br_secp521r1
,
1237 &br_ecdsa_i31_sign_asn1
,
1238 &br_ecdsa_i31_vrfy_asn1
);
1242 test_speed_i31(void)
1244 static const unsigned char bp
[] = {
1245 /* A 521-bit prime integer (order of the P-521 curve). */
1246 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
1247 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
1248 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
1249 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
1250 0xFF, 0xFA, 0x51, 0x86, 0x87, 0x83, 0xBF, 0x2F,
1251 0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09,
1252 0xA5, 0xD0, 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C,
1253 0x47, 0xAE, 0xBB, 0x6F, 0xB7, 0x1E, 0x91, 0x38,
1257 unsigned char tmp
[60 + sizeof bp
];
1258 uint32_t p
[20], x
[20], y
[20], z
[20], uu
[60], p0i
;
1262 br_i31_decode(p
, bp
, sizeof bp
);
1263 p0i
= br_i31_ninv31(p
[1]);
1264 memset(tmp
, 'T', sizeof tmp
);
1265 br_i31_decode_reduce(x
, tmp
, sizeof tmp
, p
);
1266 memset(tmp
, 'U', sizeof tmp
);
1267 br_i31_decode_reduce(y
, tmp
, sizeof tmp
, p
);
1269 for (i
= 0; i
< 10; i
++) {
1270 br_i31_to_monty(x
, p
);
1279 for (k
= num
; k
> 0; k
--) {
1280 br_i31_to_monty(x
, p
);
1283 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
1285 printf("%-30s %8.2f ops/s\n", "i31 to_monty",
1293 for (i
= 0; i
< 10; i
++) {
1294 br_i31_from_monty(x
, p
, p0i
);
1303 for (k
= num
; k
> 0; k
--) {
1304 br_i31_from_monty(x
, p
, p0i
);
1307 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
1309 printf("%-30s %8.2f ops/s\n", "i31 from_monty",
1317 for (i
= 0; i
< 10; i
++) {
1318 br_i31_montymul(z
, x
, y
, p
, p0i
);
1327 for (k
= num
; k
> 0; k
--) {
1328 br_i31_montymul(z
, x
, y
, p
, p0i
);
1331 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
1333 printf("%-30s %8.2f ops/s\n", "i31 montymul",
1341 for (i
= 0; i
< 10; i
++) {
1342 br_i31_moddiv(x
, y
, p
, p0i
, uu
);
1351 for (k
= num
; k
> 0; k
--) {
1352 br_i31_moddiv(x
, y
, p
, p0i
, uu
);
1355 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
1357 printf("%-30s %8.2f ops/s\n", "i31 moddiv",
1368 static unsigned char P2048
[] = {
1369 0xFD, 0xB6, 0xE0, 0x3E, 0x00, 0x49, 0x4C, 0xF0, 0x69, 0x3A, 0xDD, 0x7D,
1370 0xF8, 0xA2, 0x41, 0xB0, 0x6C, 0x67, 0xC5, 0xBA, 0xB8, 0x46, 0x80, 0xF5,
1371 0xBF, 0xAB, 0x98, 0xFC, 0x84, 0x73, 0xA5, 0x63, 0xC9, 0x52, 0x12, 0xDA,
1372 0x4C, 0xC1, 0x5B, 0x9D, 0x8D, 0xDF, 0xCD, 0xFE, 0xC5, 0xAD, 0x5A, 0x6F,
1373 0xDD, 0x02, 0xD9, 0xEC, 0x71, 0xEF, 0xEB, 0xB6, 0x95, 0xED, 0x94, 0x25,
1374 0x0E, 0x63, 0xDD, 0x6A, 0x52, 0xC7, 0x93, 0xAF, 0x85, 0x9D, 0x2C, 0xBE,
1375 0x5C, 0xBE, 0x35, 0xD8, 0xDD, 0x39, 0xEF, 0x1B, 0xB1, 0x49, 0x67, 0xB2,
1376 0x33, 0xC9, 0x7C, 0xE1, 0x51, 0x79, 0x51, 0x59, 0xCA, 0x6E, 0x2A, 0xDF,
1377 0x0D, 0x76, 0x1C, 0xE7, 0xA5, 0xC0, 0x1E, 0x6C, 0x56, 0x3A, 0x32, 0xE5,
1378 0xB5, 0xC5, 0xD4, 0xDB, 0xFE, 0xFF, 0xF8, 0xF2, 0x96, 0xA9, 0xC9, 0x65,
1379 0x59, 0x9E, 0x01, 0x79, 0x9D, 0x38, 0x68, 0x0F, 0xAD, 0x43, 0x3A, 0xD6,
1380 0x84, 0x0A, 0xE2, 0xEF, 0x96, 0xC1, 0x6D, 0x89, 0x74, 0x19, 0x63, 0x82,
1381 0x3B, 0xA0, 0x9C, 0xBA, 0x78, 0xDE, 0xDC, 0xC2, 0xE7, 0xD4, 0xFA, 0xD6,
1382 0x19, 0x21, 0x29, 0xAE, 0x5E, 0xF4, 0x38, 0x81, 0xC6, 0x9E, 0x0E, 0x3C,
1383 0xCD, 0xC0, 0xDC, 0x93, 0x5D, 0xFD, 0x9A, 0x5C, 0xAB, 0x54, 0x1F, 0xFF,
1384 0x9C, 0x12, 0x1B, 0x4C, 0xDF, 0x2D, 0x9C, 0x85, 0xF9, 0x68, 0x15, 0x89,
1385 0x42, 0x9B, 0x6C, 0x45, 0x89, 0x3A, 0xBC, 0xE9, 0x19, 0x91, 0xBE, 0x0C,
1386 0xEF, 0x90, 0xCC, 0xF6, 0xD6, 0xF0, 0x3D, 0x5C, 0xF5, 0xE5, 0x0F, 0x2F,
1387 0x02, 0x8A, 0x83, 0x4B, 0x93, 0x2F, 0x14, 0x12, 0x1F, 0x56, 0x9A, 0x12,
1388 0x58, 0x88, 0xAE, 0x60, 0xB8, 0x5A, 0xE4, 0xA1, 0xBF, 0x4A, 0x81, 0x84,
1389 0xAB, 0xBB, 0xE4, 0xD0, 0x1D, 0x41, 0xD9, 0x0A, 0xAB, 0x1E, 0x47, 0x5B,
1390 0x31, 0xAC, 0x2B, 0x73
1393 static unsigned char G2048
[] = {
1398 test_speed_modpow(void)
1400 uint32_t mx
[65], mp
[65], me
[65], t1
[65], t2
[65], len
;
1401 unsigned char e
[64];
1405 len
= br_int_decode(mp
, sizeof mp
/ sizeof mp
[0],
1406 P2048
, sizeof P2048
);
1410 memset(e
, 'P', sizeof e
);
1411 if (!br_int_decode(me
, sizeof me
/ sizeof me
[0], e
, sizeof e
)) {
1414 if (!br_modint_decode(mx
, mp
, G2048
, sizeof G2048
)) {
1417 for (i
= 0; i
< 10; i
++) {
1418 br_modint_to_monty(mx
, mp
);
1419 br_modint_montypow(mx
, me
, mp
, t1
, t2
);
1420 br_modint_from_monty(mx
, mp
);
1429 for (k
= num
; k
> 0; k
--) {
1430 br_modint_to_monty(mx
, mp
);
1431 br_modint_montypow(mx
, me
, mp
, t1
, t2
);
1432 br_modint_from_monty(mx
, mp
);
1435 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
1437 printf("%-30s %8.2f exp/s\n", "pow[2048:256]",
1447 test_speed_moddiv(void)
1449 uint32_t mx
[65], my
[65], mp
[65], t1
[65], t2
[65], t3
[65], len
;
1450 unsigned char x
[255], y
[255];
1454 len
= br_int_decode(mp
, sizeof mp
/ sizeof mp
[0],
1455 P2048
, sizeof P2048
);
1459 memset(x
, 'T', sizeof x
);
1460 memset(y
, 'P', sizeof y
);
1461 if (!br_modint_decode(mx
, mp
, x
, sizeof x
)) {
1464 if (!br_modint_decode(my
, mp
, y
, sizeof y
)) {
1467 for (i
= 0; i
< 10; i
++) {
1468 br_modint_div(mx
, my
, mp
, t1
, t2
, t3
);
1477 for (k
= num
; k
> 0; k
--) {
1478 br_modint_div(mx
, my
, mp
, t1
, t2
, t3
);
1481 tt
= (double)(end
- begin
) / CLOCKS_PER_SEC
;
1483 printf("%-30s %8.2f div/s\n", "div[2048]",
1493 #define STU(x) { test_speed_ ## x, #x }
1495 static const struct {
1504 STU(aes128_big_cbcenc
),
1505 STU(aes128_big_cbcdec
),
1506 STU(aes192_big_cbcenc
),
1507 STU(aes192_big_cbcdec
),
1508 STU(aes256_big_cbcenc
),
1509 STU(aes256_big_cbcdec
),
1510 STU(aes128_big_ctr
),
1511 STU(aes192_big_ctr
),
1512 STU(aes256_big_ctr
),
1514 STU(aes128_small_cbcenc
),
1515 STU(aes128_small_cbcdec
),
1516 STU(aes192_small_cbcenc
),
1517 STU(aes192_small_cbcdec
),
1518 STU(aes256_small_cbcenc
),
1519 STU(aes256_small_cbcdec
),
1520 STU(aes128_small_ctr
),
1521 STU(aes192_small_ctr
),
1522 STU(aes256_small_ctr
),
1524 STU(aes128_ct_cbcenc
),
1525 STU(aes128_ct_cbcdec
),
1526 STU(aes192_ct_cbcenc
),
1527 STU(aes192_ct_cbcdec
),
1528 STU(aes256_ct_cbcenc
),
1529 STU(aes256_ct_cbcdec
),
1534 STU(aes128_ct64_cbcenc
),
1535 STU(aes128_ct64_cbcdec
),
1536 STU(aes192_ct64_cbcenc
),
1537 STU(aes192_ct64_cbcdec
),
1538 STU(aes256_ct64_cbcenc
),
1539 STU(aes256_ct64_cbcdec
),
1540 STU(aes128_ct64_ctr
),
1541 STU(aes192_ct64_ctr
),
1542 STU(aes256_ct64_ctr
),
1544 STU(aes128_x86ni_cbcenc
),
1545 STU(aes128_x86ni_cbcdec
),
1546 STU(aes192_x86ni_cbcenc
),
1547 STU(aes192_x86ni_cbcdec
),
1548 STU(aes256_x86ni_cbcenc
),
1549 STU(aes256_x86ni_cbcdec
),
1550 STU(aes128_x86ni_ctr
),
1551 STU(aes192_x86ni_ctr
),
1552 STU(aes256_x86ni_ctr
),
1554 STU(aes128_pwr8_cbcenc
),
1555 STU(aes128_pwr8_cbcdec
),
1556 STU(aes192_pwr8_cbcenc
),
1557 STU(aes192_pwr8_cbcdec
),
1558 STU(aes256_pwr8_cbcenc
),
1559 STU(aes256_pwr8_cbcdec
),
1560 STU(aes128_pwr8_ctr
),
1561 STU(aes192_pwr8_ctr
),
1562 STU(aes256_pwr8_ctr
),
1564 STU(des_tab_cbcenc
),
1565 STU(des_tab_cbcdec
),
1566 STU(3des_tab_cbcenc
),
1567 STU(3des_tab_cbcdec
),
1571 STU(3des_ct_cbcenc
),
1572 STU(3des_ct_cbcdec
),
1583 STU(poly1305_ctmul
),
1584 STU(poly1305_ctmul32
),
1585 STU(poly1305_ctmulq
),
1588 STU(eax_aes128_big
),
1589 STU(eax_aes192_big
),
1590 STU(eax_aes256_big
),
1591 STU(eax_aes128_small
),
1592 STU(eax_aes192_small
),
1593 STU(eax_aes256_small
),
1597 STU(eax_aes128_ct64
),
1598 STU(eax_aes192_ct64
),
1599 STU(eax_aes256_ct64
),
1600 STU(eax_aes128_x86ni
),
1601 STU(eax_aes192_x86ni
),
1602 STU(eax_aes256_x86ni
),
1603 STU(eax_aes128_pwr8
),
1604 STU(eax_aes192_pwr8
),
1605 STU(eax_aes256_pwr8
),
1623 STU(ecdsa_p256_m15
),
1624 STU(ecdsa_p256_m31
),
1632 eq_name(const char *s1
, const char *s2
)
1639 if (c1
>= 'A' && c1
<= 'Z') {
1643 case '-': case '_': case '.': case ' ':
1651 if (c2
>= 'A' && c2
<= 'Z') {
1655 case '-': case '_': case '.': case ' ':
1671 main(int argc
, char *argv
[])
1676 printf("usage: testspeed all | name...\n");
1677 printf("individual test names:\n");
1678 for (u
= 0; u
< (sizeof tfns
) / (sizeof tfns
[0]); u
++) {
1679 printf(" %s\n", tfns
[u
].name
);
1682 for (u
= 0; u
< (sizeof tfns
) / (sizeof tfns
[0]); u
++) {
1685 for (i
= 1; i
< argc
; i
++) {
1686 if (eq_name(argv
[i
], tfns
[u
].name
)
1687 || eq_name(argv
[i
], "all"))