diff options
author | Werner Koch <wk@gnupg.org> | 2015-01-16 14:55:03 +0100 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 2015-01-16 14:55:03 +0100 |
commit | 067d7d8752d4d8a98f8e0e5e9b1a5b13e1b7ff9c (patch) | |
tree | 1eab7affe5d24e919a22a5d4a29c8303342cf8db /tests/bench-slope.c | |
parent | 9d2a22c94ae99f9301321082c4fb8d73f4085fda (diff) | |
download | libgcrypt-067d7d8752d4d8a98f8e0e5e9b1a5b13e1b7ff9c.tar.gz |
Add OCB cipher mode
* cipher/cipher-ocb.c: New.
* cipher/Makefile.am (libcipher_la_SOURCES): Add cipher-ocb.c
* cipher/cipher-internal.h (OCB_BLOCK_LEN, OCB_L_TABLE_SIZE): New.
(gcry_cipher_handle): Add fields marks.finalize and u_mode.ocb.
* cipher/cipher.c (_gcry_cipher_open_internal): Add OCB mode.
(_gcry_cipher_open_internal): Setup default taglen of OCB.
(cipher_reset): Clear OCB specific data.
(cipher_encrypt, cipher_decrypt, _gcry_cipher_authenticate)
(_gcry_cipher_gettag, _gcry_cipher_checktag): Call OCB functions.
(_gcry_cipher_setiv): Add OCB specific nonce setting.
(_gcry_cipher_ctl): Add GCRYCTL_FINALIZE and GCRYCTL_SET_TAGLEN
* src/gcrypt.h.in (GCRYCTL_SET_TAGLEN): New.
(gcry_cipher_final): New.
* cipher/bufhelp.h (buf_xor_1): New.
* tests/basic.c (hex2buffer): New.
(check_ocb_cipher): New.
(main): Call it here. Add option --cipher-modes.
* tests/bench-slope.c (bench_aead_encrypt_do_bench): Call
gcry_cipher_final.
(bench_aead_decrypt_do_bench): Ditto.
(bench_aead_authenticate_do_bench): Ditto. Check error code.
(bench_ocb_encrypt_do_bench): New.
(bench_ocb_decrypt_do_bench): New.
(bench_ocb_authenticate_do_bench): New.
(ocb_encrypt_ops): New.
(ocb_decrypt_ops): New.
(ocb_authenticate_ops): New.
(cipher_modes): Add them.
(cipher_bench_one): Skip wrong block length for OCB.
* tests/benchmark.c (cipher_bench): Add field noncelen to MODES. Add
OCB support.
--
See the comments on top of cipher/cipher-ocb.c for the patent status
of the OCB mode.
The implementation has not yet been optimized and as such is not faster
that the other AEAD modes. A first candidate for optimization is the
double_block function. Large improvements can be expected by writing
an AES ECB function to work on multiple blocks.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'tests/bench-slope.c')
-rw-r--r-- | tests/bench-slope.c | 90 |
1 files changed, 78 insertions, 12 deletions
diff --git a/tests/bench-slope.c b/tests/bench-slope.c index ebf672e4..c309b7e6 100644 --- a/tests/bench-slope.c +++ b/tests/bench-slope.c @@ -916,6 +916,7 @@ bench_aead_encrypt_do_bench (struct bench_obj *obj, void *buf, size_t buflen, gcry_cipher_setiv (hd, nonce, noncelen); + gcry_cipher_final (hd); err = gcry_cipher_encrypt (hd, buf, buflen, buf, buflen); if (err) { @@ -945,6 +946,7 @@ bench_aead_decrypt_do_bench (struct bench_obj *obj, void *buf, size_t buflen, gcry_cipher_setiv (hd, nonce, noncelen); + gcry_cipher_final (hd); err = gcry_cipher_decrypt (hd, buf, buflen, buf, buflen); if (err) { @@ -976,7 +978,14 @@ bench_aead_authenticate_do_bench (struct bench_obj *obj, void *buf, char tag[16] = { 0, }; char data = 0xff; - gcry_cipher_setiv (hd, nonce, noncelen); + err = gcry_cipher_setiv (hd, nonce, noncelen); + if (err) + { + fprintf (stderr, PGM ": gcry_cipher_setiv failed: %s\n", + gpg_strerror (err)); + gcry_cipher_close (hd); + exit (1); + } err = gcry_cipher_authenticate (hd, buf, buflen); if (err) @@ -987,6 +996,7 @@ bench_aead_authenticate_do_bench (struct bench_obj *obj, void *buf, exit (1); } + gcry_cipher_final (hd); err = gcry_cipher_encrypt (hd, &data, sizeof (data), &data, sizeof (data)); if (err) { @@ -1012,7 +1022,7 @@ bench_gcm_encrypt_do_bench (struct bench_obj *obj, void *buf, size_t buflen) { char nonce[12] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, - 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88, }; + 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88 }; bench_aead_encrypt_do_bench (obj, buf, buflen, nonce, sizeof(nonce)); } @@ -1021,7 +1031,7 @@ bench_gcm_decrypt_do_bench (struct bench_obj *obj, void *buf, size_t buflen) { char nonce[12] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, - 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88, }; + 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88 }; bench_aead_decrypt_do_bench (obj, buf, buflen, nonce, sizeof(nonce)); } @@ -1030,7 +1040,7 @@ bench_gcm_authenticate_do_bench (struct bench_obj *obj, void *buf, size_t buflen) { char nonce[12] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, - 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88, }; + 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88 }; bench_aead_authenticate_do_bench (obj, buf, buflen, nonce, sizeof(nonce)); } @@ -1054,6 +1064,55 @@ static struct bench_ops gcm_authenticate_ops = { static void +bench_ocb_encrypt_do_bench (struct bench_obj *obj, void *buf, + size_t buflen) +{ + char nonce[15] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, + 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88, + 0x00, 0x00, 0x01 }; + bench_aead_encrypt_do_bench (obj, buf, buflen, nonce, sizeof(nonce)); +} + +static void +bench_ocb_decrypt_do_bench (struct bench_obj *obj, void *buf, + size_t buflen) +{ + char nonce[15] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, + 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88, + 0x00, 0x00, 0x01 }; + bench_aead_decrypt_do_bench (obj, buf, buflen, nonce, sizeof(nonce)); +} + +static void +bench_ocb_authenticate_do_bench (struct bench_obj *obj, void *buf, + size_t buflen) +{ + char nonce[15] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, + 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88, + 0x00, 0x00, 0x01 }; + bench_aead_authenticate_do_bench (obj, buf, buflen, nonce, sizeof(nonce)); +} + +static struct bench_ops ocb_encrypt_ops = { + &bench_encrypt_init, + &bench_encrypt_free, + &bench_ocb_encrypt_do_bench +}; + +static struct bench_ops ocb_decrypt_ops = { + &bench_encrypt_init, + &bench_encrypt_free, + &bench_ocb_decrypt_do_bench +}; + +static struct bench_ops ocb_authenticate_ops = { + &bench_encrypt_init, + &bench_encrypt_free, + &bench_ocb_authenticate_do_bench +}; + + +static void bench_poly1305_encrypt_do_bench (struct bench_obj *obj, void *buf, size_t buflen) { @@ -1115,6 +1174,9 @@ static struct bench_cipher_mode cipher_modes[] = { {GCRY_CIPHER_MODE_GCM, "GCM enc", &gcm_encrypt_ops}, {GCRY_CIPHER_MODE_GCM, "GCM dec", &gcm_decrypt_ops}, {GCRY_CIPHER_MODE_GCM, "GCM auth", &gcm_authenticate_ops}, + {GCRY_CIPHER_MODE_OCB, "OCB enc", &ocb_encrypt_ops}, + {GCRY_CIPHER_MODE_OCB, "OCB dec", &ocb_decrypt_ops}, + {GCRY_CIPHER_MODE_OCB, "OCB auth", &ocb_authenticate_ops}, {GCRY_CIPHER_MODE_POLY1305, "POLY1305 enc", &poly1305_encrypt_ops}, {GCRY_CIPHER_MODE_POLY1305, "POLY1305 dec", &poly1305_decrypt_ops}, {GCRY_CIPHER_MODE_POLY1305, "POLY1305 auth", &poly1305_authenticate_ops}, @@ -1155,10 +1217,14 @@ cipher_bench_one (int algo, struct bench_cipher_mode *pmode) if (mode.mode == GCRY_CIPHER_MODE_CCM && blklen != GCRY_CCM_BLOCK_LEN) return; - /* CCM has restrictions for block-size */ + /* GCM has restrictions for block-size */ if (mode.mode == GCRY_CIPHER_MODE_GCM && blklen != GCRY_GCM_BLOCK_LEN) return; + /* Our OCB implementaion has restrictions for block-size. */ + if (mode.mode == GCRY_CIPHER_MODE_OCB && blklen != 16) + return; + bench_print_mode (14, mode.name); obj.ops = mode.ops; @@ -1197,17 +1263,17 @@ cipher_bench (char **argv, int argc) if (argv && argc) { for (i = 0; i < argc; i++) - { - algo = gcry_cipher_map_name (argv[i]); - if (algo) - _cipher_bench (algo); - } + { + algo = gcry_cipher_map_name (argv[i]); + if (algo) + _cipher_bench (algo); + } } else { for (i = 1; i < 400; i++) - if (!gcry_cipher_test_algo (i)) - _cipher_bench (i); + if (!gcry_cipher_test_algo (i)) + _cipher_bench (i); } } |