| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
* configure.ac (available_digests_64): Merge with available_digests.
(available_kdfs_64): Merge with available_kdfs.
<64 bit datatype test>: Bail out if no such type is available.
* src/types.h: Emit #error if no u64 can be defined.
(PROPERLY_ALIGNED_TYPE): Always add u64 type.
* cipher/bithelp.h: Remove all code paths which handle the
case of !HAVE_U64_TYPEDEF.
* cipher/bufhelp.h: Ditto.
* cipher/cipher-ccm.c: Ditto.
* cipher/cipher-gcm.c: Ditto.
* cipher/cipher-internal.h: Ditto.
* cipher/cipher.c: Ditto.
* cipher/hash-common.h: Ditto.
* cipher/md.c: Ditto.
* cipher/poly1305.c: Ditto.
* cipher/scrypt.c: Ditto.
* cipher/tiger.c: Ditto.
* src/g10lib.h: Ditto.
* tests/basic.c: Ditto.
* tests/bench-slope.c: Ditto.
* tests/benchmark.c: Ditto.
--
Given that SHA-2 and some other algorithms require a 64 bit type it
does not make anymore sense to conditionally compile some part when
the platform does not provide such a type.
GnuPG-bug-id: 1815.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/hash-common.c (_gcry_hash_selftest_check_one): Add handling for
XOFs.
* src/keccak.c (keccak_ops_t): Rename 'extract_inplace' to 'extract'
and add 'pos' argument.
(KECCAK_CONTEXT): Add 'suffix'.
(keccak_extract_inplace64): Rename to...
(keccak_extract64): ...this; Add handling for 'pos' argument.
(keccak_extract_inplace32bi): Rename to...
(keccak_extract32bi): ...this; Add handling for 'pos' argument.
(keccak_extract_inplace64): Rename to...
(keccak_extract64): ...this; Add handling for 'pos' argument.
(keccak_extract_inplace32bi_bmi2): Rename to...
(keccak_extract32bi_bmi2): ...this; Add handling for 'pos' argument.
(keccak_init): Setup 'suffix'; add SHAKE128 & SHAKE256.
(shake128_init, shake256_init): New.
(keccak_final): Do not initial permute for SHAKE output; use correct
suffix for SHAKE.
(keccak_extract): New.
(keccak_selftests_keccak): Add SHAKE128 & SHAKE256 test-vectors.
(run_selftests): Add SHAKE128 & SHAKE256.
(shake128_asn, oid_spec_shake128, shake256_asn, oid_spec_shake256)
(_gcry_digest_spec_shake128, _gcry_digest_spec_shake256): New.
* cipher/md.c (digest_list): Add SHAKE128 & SHAKE256.
* doc/gcrypt.texi: Ditto.
* src/cipher.h (_gcry_digest_spec_shake128)
(_gcry_digest_spec_shake256): New.
* src/gcrypt.h.in (GCRY_MD_SHAKE128, GCRY_MD_SHAKE256): New.
* tests/basic.c (check_one_md): Add XOF check; Add 'elen' argument.
(check_one_md_multi): Skip if algo is XOF.
(check_digests): Add SHAKE128 & SHAKE256 test vectors.
* tests/bench-slope.c (kdf_bench_one): Skip XOFs.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* tests/bench-slope.c (bench_kdf_mode, bench_kdf_init, bench_kdf_free)
(bench_kdf_do_bench, kdf_ops, kdf_bench_one, kdf_bench): New.
(print_help): Add 'kdf'.
(main): Add KDF benchmarks.
--
Introduce KDF benchmarking to bench-slope. Output is given as
nanosecs/iter (and cycles/iter if --cpu-mhz used). Only PBKDF2
is support with this initial patch.
For example, below shows output of KDF bench-slope before
and after commit "md: keep contexts for HMAC in GcryDigestEntry",
on Intel Core i5-4570 @ 3.2 Ghz:
Before:
$ tests/bench-slope --cpu-mhz 3201 kdf
KDF:
| nanosecs/iter cycles/iter
PBKDF2-HMAC-MD5 | 882.4 2824.7
PBKDF2-HMAC-SHA1 | 832.6 2665.0
PBKDF2-HMAC-RIPEMD160 | 1148.3 3675.6
PBKDF2-HMAC-TIGER192 | 1339.6 4288.2
PBKDF2-HMAC-SHA256 | 1460.5 4675.1
PBKDF2-HMAC-SHA384 | 1723.2 5515.8
PBKDF2-HMAC-SHA512 | 1729.1 5534.7
PBKDF2-HMAC-SHA224 | 1424.0 4558.3
PBKDF2-HMAC-WHIRLPOOL | 2459.7 7873.5
PBKDF2-HMAC-TIGER | 1350.2 4322.1
PBKDF2-HMAC-TIGER2 | 1348.7 4317.3
PBKDF2-HMAC-GOSTR3411_94 | 7374.1 23604.4
PBKDF2-HMAC-STRIBOG256 | 6060.0 19398.1
PBKDF2-HMAC-STRIBOG512 | 7512.8 24048.3
PBKDF2-HMAC-GOSTR3411_CP | 7378.3 23618.0
PBKDF2-HMAC-SHA3-224 | 2789.6 8929.5
PBKDF2-HMAC-SHA3-256 | 2785.1 8915.0
PBKDF2-HMAC-SHA3-384 | 2955.5 9460.5
PBKDF2-HMAC-SHA3-512 | 2859.7 9153.9
=
After:
$ tests/bench-slope --cpu-mhz 3201 kdf
KDF:
| nanosecs/iter cycles/iter
PBKDF2-HMAC-MD5 | 405.9 1299.2
PBKDF2-HMAC-SHA1 | 392.1 1255.0
PBKDF2-HMAC-RIPEMD160 | 540.9 1731.5
PBKDF2-HMAC-TIGER192 | 637.1 2039.4
PBKDF2-HMAC-SHA256 | 691.8 2214.3
PBKDF2-HMAC-SHA384 | 848.0 2714.3
PBKDF2-HMAC-SHA512 | 875.7 2803.1
PBKDF2-HMAC-SHA224 | 689.2 2206.0
PBKDF2-HMAC-WHIRLPOOL | 1535.6 4915.5
PBKDF2-HMAC-TIGER | 636.3 2036.7
PBKDF2-HMAC-TIGER2 | 636.6 2037.7
PBKDF2-HMAC-GOSTR3411_94 | 5311.5 17002.2
PBKDF2-HMAC-STRIBOG256 | 4308.0 13790.0
PBKDF2-HMAC-STRIBOG512 | 5767.4 18461.4
PBKDF2-HMAC-GOSTR3411_CP | 5309.4 16995.4
PBKDF2-HMAC-SHA3-224 | 1333.1 4267.2
PBKDF2-HMAC-SHA3-256 | 1327.8 4250.4
PBKDF2-HMAC-SHA3-384 | 1392.8 4458.3
PBKDF2-HMAC-SHA3-512 | 1428.5 4572.7
=
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* tests/bench-slope.c (do_slope_benchmark): Free 'measurements' at end.
(bench_mac_init): Move 'key' free at end of function.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* cipher/cipher-ocb.c: New.
* cipher/Makefile.am (libcipher_la_SOURCES): Add cipher-ocb.c
* cipher/cipher-internal.h (OCB_BLOCK_LEN, OCB_L_TABLE_SIZE): New.
(gcry_cipher_handle): Add fields marks.finalize and u_mode.ocb.
* cipher/cipher.c (_gcry_cipher_open_internal): Add OCB mode.
(_gcry_cipher_open_internal): Setup default taglen of OCB.
(cipher_reset): Clear OCB specific data.
(cipher_encrypt, cipher_decrypt, _gcry_cipher_authenticate)
(_gcry_cipher_gettag, _gcry_cipher_checktag): Call OCB functions.
(_gcry_cipher_setiv): Add OCB specific nonce setting.
(_gcry_cipher_ctl): Add GCRYCTL_FINALIZE and GCRYCTL_SET_TAGLEN
* src/gcrypt.h.in (GCRYCTL_SET_TAGLEN): New.
(gcry_cipher_final): New.
* cipher/bufhelp.h (buf_xor_1): New.
* tests/basic.c (hex2buffer): New.
(check_ocb_cipher): New.
(main): Call it here. Add option --cipher-modes.
* tests/bench-slope.c (bench_aead_encrypt_do_bench): Call
gcry_cipher_final.
(bench_aead_decrypt_do_bench): Ditto.
(bench_aead_authenticate_do_bench): Ditto. Check error code.
(bench_ocb_encrypt_do_bench): New.
(bench_ocb_decrypt_do_bench): New.
(bench_ocb_authenticate_do_bench): New.
(ocb_encrypt_ops): New.
(ocb_decrypt_ops): New.
(ocb_authenticate_ops): New.
(cipher_modes): Add them.
(cipher_bench_one): Skip wrong block length for OCB.
* tests/benchmark.c (cipher_bench): Add field noncelen to MODES. Add
OCB support.
--
See the comments on top of cipher/cipher-ocb.c for the patent status
of the OCB mode.
The implementation has not yet been optimized and as such is not faster
that the other AEAD modes. A first candidate for optimization is the
double_block function. Large improvements can be expected by writing
an AES ECB function to work on multiple blocks.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
draft-irtf-cfrg-chacha20-poly1305-03
* cipher/cipher-internal.h (gcry_cipher_handle): Use separate byte
counters for AAD and data in Poly1305.
* cipher/cipher-poly1305.c (poly1305_fill_bytecount): Remove.
(poly1305_fill_bytecounts, poly1305_do_padding): New.
(poly1305_aad_finish): Fill padding to Poly1305 and do not fill AAD
length.
(_gcry_cipher_poly1305_authenticate, _gcry_cipher_poly1305_encrypt)
(_gcry_cipher_poly1305_decrypt): Update AAD and data length separately.
(_gcry_cipher_poly1305_tag): Fill padding and bytecounts to Poly1305.
(_gcry_cipher_poly1305_setkey, _gcry_cipher_poly1305_setiv): Reset
AAD and data byte counts; only allow 96-bit IV.
* cipher/cipher.c (_gcry_cipher_open_internal): Limit Poly1305-AEAD to
ChaCha20 cipher.
* tests/basic.c (_check_poly1305_cipher): Update test-vectors.
(check_ciphers): Limit Poly1305-AEAD checks to ChaCha20.
* tests/bench-slope.c (cipher_bench_one): Ditto.
--
Latest Internet-Draft version for "ChaCha20 and Poly1305 for IETF protocols"
has added additional padding to Poly1305-AEAD and limited support IV size to
96-bits:
https://www.ietf.org/rfcdiff?url1=draft-nir-cfrg-chacha20-poly1305-03&difftype=--html&submit=Go!&url2=draft-irtf-cfrg-chacha20-poly1305-03
Patch makes Poly1305-AEAD implementation to match the changes and limits
Poly1305-AEAD to ChaCha20 only.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* cipher/Makefile.am: Add 'cipher-poly1305.c'.
* cipher/cipher-internal.h (gcry_cipher_handle): Add 'u_mode.poly1305'.
(_gcry_cipher_poly1305_encrypt, _gcry_cipher_poly1305_decrypt)
(_gcry_cipher_poly1305_setiv, _gcry_cipher_poly1305_authenticate)
(_gcry_cipher_poly1305_get_tag, _gcry_cipher_poly1305_check_tag): New.
* cipher/cipher-poly1305.c: New.
* cipher/cipher.c (_gcry_cipher_open_internal, cipher_setkey)
(cipher_reset, cipher_encrypt, cipher_decrypt, _gcry_cipher_setiv)
(_gcry_cipher_authenticate, _gcry_cipher_gettag)
(_gcry_cipher_checktag): Handle 'GCRY_CIPHER_MODE_POLY1305'.
(cipher_setiv): Move handling of 'GCRY_CIPHER_MODE_GCM' to ...
(_gcry_cipher_setiv): ... here, as with other modes.
* src/gcrypt.h.in: Add 'GCRY_CIPHER_MODE_POLY1305'.
* tests/basic.c (_check_poly1305_cipher, check_poly1305_cipher): New.
(check_ciphers): Add Poly1305 check.
(check_cipher_modes): Call 'check_poly1305_cipher'.
* tests/bench-slope.c (bench_gcm_encrypt_do_bench): Rename to
bench_aead_... and take nonce as argument.
(bench_gcm_decrypt_do_bench, bench_gcm_authenticate_do_bench): Ditto.
(bench_gcm_encrypt_do_bench, bench_gcm_decrypt_do_bench)
(bench_gcm_authenticate_do_bench, bench_poly1305_encrypt_do_bench)
(bench_poly1305_decrypt_do_bench)
(bench_poly1305_authenticate_do_bench, poly1305_encrypt_ops)
(poly1305_decrypt_ops, poly1305_authenticate_ops): New.
(cipher_modes): Add Poly1305.
(cipher_bench_one): Add special handling for Poly1305.
--
Patch adds Poly1305 based AEAD cipher mode to libgcrypt. ChaCha20 variant
of this mode is proposed for use in TLS and ipsec:
https://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-04
http://tools.ietf.org/html/draft-nir-ipsecme-chacha20-poly1305-02
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* cipher/mac-internal.h (_gcry_mac_type_spec_poly1305_aes)
(_gcry_mac_type_spec_poly1305_camellia)
(_gcry_mac_type_spec_poly1305_twofish)
(_gcry_mac_type_spec_poly1305_serpent)
(_gcry_mac_type_spec_poly1305_seed): New.
* cipher/mac-poly1305.c (poly1305mac_context_s): Add 'hd' and
'nonce_set'.
(poly1305mac_open, poly1305mac_close, poly1305mac_setkey): Add handling
for Poly1305-*** MACs.
(poly1305mac_prepare_key, poly1305mac_setiv): New.
(poly1305mac_reset, poly1305mac_write, poly1305mac_read): Add handling
for 'nonce_set'.
(poly1305mac_ops): Add 'poly1305mac_setiv'.
(_gcry_mac_type_spec_poly1305_aes)
(_gcry_mac_type_spec_poly1305_camellia)
(_gcry_mac_type_spec_poly1305_twofish)
(_gcry_mac_type_spec_poly1305_serpent)
(_gcry_mac_type_spec_poly1305_seed): New.
* cipher/mac.c (mac_list): Add Poly1305-AES, Poly1305-Twofish,
Poly1305-Serpent, Poly1305-SEED and Poly1305-Camellia.
* src/gcrypt.h.in: Add 'GCRY_MAC_POLY1305_AES',
'GCRY_MAC_POLY1305_CAMELLIA', 'GCRY_MAC_POLY1305_TWOFISH',
'GCRY_MAC_POLY1305_SERPENT' and 'GCRY_MAC_POLY1305_SEED'.
* tests/basic.c (check_mac): Add Poly1305-AES test vectors.
* tests/bench-slope.c (bench_mac_init): Set IV for Poly1305-*** MACs.
* tests/bench-slope.c (mac_bench): Set IV for Poly1305-*** MACs.
--
Patch adds Bernstein's Poly1305-AES message authentication code to libgcrypt
and other variants of Poly1305-<128-bit block cipher>.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* cipher/Makefile.am: Add 'mac-poly1305.c', 'poly1305.c' and
'poly1305-internal.h'.
* cipher/mac-internal.h (poly1305mac_context_s): New.
(gcry_mac_handle): Add 'u.poly1305mac'.
(_gcry_mac_type_spec_poly1305mac): New.
* cipher/mac-poly1305.c: New.
* cipher/mac.c (mac_list): Add Poly1305.
* cipher/poly1305-internal.h: New.
* cipher/poly1305.c: New.
* src/gcrypt.h.in: Add 'GCRY_MAC_POLY1305'.
* tests/basic.c (check_mac): Add Poly1035 test vectors; Allow
overriding lengths of data and key buffers.
* tests/bench-slope.c (mac_bench): Increase max algo number from 500 to
600.
* tests/benchmark.c (mac_bench): Ditto.
--
Patch adds Bernstein's Poly1305 message authentication code to libgcrypt.
Implementation is based on Andrew Moon's public domain implementation
from: https://github.com/floodyberry/poly1305-opt
The algorithm added by this patch is the plain Poly1305 without AES and
takes 32-bit key that must not be reused.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* cipher/cipher-ccm.c: Move code inside [HAVE_U64_TYPEDEF].
[HAVE_U64_TYPEDEF] (_gcry_cipher_ccm_set_lengths): Use 'u64' for
data lengths.
[!HAVE_U64_TYPEDEF] (_gcry_cipher_ccm_encrypt)
(_gcry_cipher_ccm_decrypt, _gcry_cipher_ccm_set_nonce)
(_gcry_cipher_ccm_authenticate, _gcry_cipher_ccm_get_tag)
(_gcry_cipher_ccm_check_tag): Dummy functions returning
GPG_ERROR_NOT_SUPPORTED.
* cipher/cipher-internal.h (gcry_cipher_handle.u_mode.ccm)
(_gcry_cipher_ccm_set_lengths): Move inside [HAVE_U64_TYPEDEF] and use
u64 instead of size_t for CCM data lengths.
* cipher/cipher.c (_gcry_cipher_open_internal, cipher_reset)
(_gcry_cipher_ctl) [!HAVE_U64_TYPEDEF]: Return GPG_ERR_NOT_SUPPORTED
for CCM.
(_gcry_cipher_ctl) [HAVE_U64_TYPEDEF]: Use u64 for
GCRYCTL_SET_CCM_LENGTHS length parameters.
* tests/basic.c: Do not use CCM if !HAVE_U64_TYPEDEF.
* tests/bench-slope.c: Ditto.
* tests/benchmark.c: Ditto.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* tests/tsexp.c (check_extract_param): Fix compiler warning.
* tests/Makefile.am (TESTS_ENVIRONMENT): Set GCRYPT_IN_REGRESSION_TEST.
* tests/bench-slope.c (main): Speed up if in regression test mode.
* tests/benchmark.c (main): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* tests/bench-slope.c (STR, STR2): New.
(cvs_mode): New.
(num_measurement_repetitions): New. Replace use of
NUM_MEASUREMENT_REPETITIONS by this.
(current_section_name, current_algo_name, current_mode_name): New.
(bench_print_result_csv): New.
(bench_print_result_std): Rename from bench_print_result.
(bench_print_result): New. Divert depending on CSV_MODE.
(bench_print_header, bench_print_footer): take care of CSV_MODE.
(bench_print_algo, bench_print_mode): New. Use them instead of
explicit printfs.
(main): Add options --csv and --repetitions.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/Makefile.am: Add 'mac-gmac.c'.
* cipher/mac-gmac.c: New.
* cipher/mac-internal.h (gcry_mac_handle): Add 'u.gcm'.
(_gcry_mac_type_spec_gmac_aes, _gcry_mac_type_spec_gmac_twofish)
(_gcry_mac_type_spec_gmac_serpent, _gcry_mac_type_spec_gmac_seed)
(_gcry_mac_type_spec_gmac_camellia): New externs.
* cipher/mac.c (mac_list): Add GMAC specifications.
* doc/gcrypt.texi: Add mention of GMAC.
* src/gcrypt.h.in (gcry_mac_algos): Add GCM algorithms.
* tests/basic.c (check_one_mac): Add support for MAC IVs.
(check_mac): Add support for MAC IVs and add GMAC test vectors.
* tests/bench-slope.c (mac_bench): Iterate algorithm numbers to 499.
* tests/benchmark.c (mac_bench): Iterate algorithm numbers to 499.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* cipher/Makefile.am: Add 'cipher-gcm.c'.
* cipher/cipher-ccm.c (_gcry_ciphert_ccm_set_lengths)
(_gcry_cipher_ccm_authenticate, _gcry_cipher_ccm_tag)
(_gcry_cipher_ccm_encrypt, _gcry_cipher_ccm_decrypt): Change
'c->u_mode.ccm.tag' to 'c->marks.tag'.
* cipher/cipher-gcm.c: New.
* cipher/cipher-internal.h (GCM_USE_TABLES): New.
(gcry_cipher_handle): Add 'marks.tag', 'u_tag', 'length' and
'gcm_table'; Remove 'u_mode.ccm.tag'.
(_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt)
(_gcry_cipher_gcm_setiv, _gcry_cipher_gcm_authenticate)
(_gcry_cipher_gcm_get_tag, _gcry_cipher_gcm_check_tag): New.
* cipher/cipher.c (_gcry_cipher_open_internal, cipher_setkey)
(cipher_encrypt, cipher_decrypt, _gcry_cipher_authenticate)
(_gcry_cipher_gettag, _gcry_cipher_checktag): Add GCM mode handling.
* src/gcrypt.h.in (gcry_cipher_modes): Add GCRY_CIPHER_MODE_GCM.
(GCRY_GCM_BLOCK_LEN): New.
* tests/basic.c (check_gcm_cipher): New.
(check_ciphers): Add GCM check.
(check_cipher_modes): Call 'check_gcm_cipher'.
* tests/bench-slope.c (bench_gcm_encrypt_do_bench)
(bench_gcm_decrypt_do_bench, bench_gcm_authenticate_do_bench)
(gcm_encrypt_ops, gcm_decrypt_ops, gcm_authenticate_ops): New.
(cipher_modes): Add GCM enc/dec/auth.
(cipher_bench_one): Limit GCM to block ciphers with 16 byte block-size.
* tests/benchmark.c (cipher_bench): Add GCM.
--
Currently it is still quite slow.
Still no support for generate_iv(). Is it really necessary?
TODO: Merge/reuse cipher-internal state used by CCM.
Changelog entry will be present in final patch submission.
Changes since v1:
- 6x-7x speedup.
- added bench-slope support
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
[jk: mangle new file throught 'indent -nut']
[jk: few fixes]
[jk: changelog]
|
|
* cipher/Makefile.am: Add 'mac.c', 'mac-internal.h' and 'mac-hmac.c'.
* cipher/bufhelp.h (buf_eq_const): New.
* cipher/cipher-ccm.c (_gcry_cipher_ccm_tag): Use 'buf_eq_const' for
constant-time compare.
* cipher/mac-hmac.c: New.
* cipher/mac-internal.h: New.
* cipher/mac.c: New.
* doc/gcrypt.texi: Add documentation for MAC API.
* src/gcrypt-int.h [GPG_ERROR_VERSION_NUMBER < 1.13]
(GPG_ERR_MAC_ALGO): New.
* src/gcrypt.h.in (gcry_mac_handle, gcry_mac_hd_t, gcry_mac_algos)
(gcry_mac_flags, gcry_mac_open, gcry_mac_close, gcry_mac_ctl)
(gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write)
(gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen)
(gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name)
(gcry_mac_reset, gcry_mac_test_algo): New.
* src/libgcrypt.def (gcry_mac_open, gcry_mac_close, gcry_mac_ctl)
(gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write)
(gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen)
(gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name): New.
* src/libgcrypt.vers (gcry_mac_open, gcry_mac_close, gcry_mac_ctl)
(gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write)
(gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen)
(gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name): New.
* src/visibility.c (gcry_mac_open, gcry_mac_close, gcry_mac_ctl)
(gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write)
(gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen)
(gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name): New.
* src/visibility.h (gcry_mac_open, gcry_mac_close, gcry_mac_ctl)
(gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write)
(gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen)
(gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name): New.
* tests/basic.c (check_one_mac, check_mac): New.
(main): Call 'check_mac'.
* tests/bench-slope.c (bench_print_header, bench_print_footer): Allow
variable algorithm name width.
(_cipher_bench, hash_bench): Update to above change.
(bench_hash_do_bench): Add 'gcry_md_reset'.
(bench_mac_mode, bench_mac_init, bench_mac_free, bench_mac_do_bench)
(mac_ops, mac_modes, mac_bench_one, _mac_bench, mac_bench): New.
(main): Add 'mac' benchmark options.
* tests/benchmark.c (mac_repetitions, mac_bench): New.
(main): Add 'mac' benchmark options.
--
Add MAC API, with HMAC algorithms. Internally uses HMAC functionality of the
MD module.
[v2]:
- Add documentation for MAC API.
- Change length argument for gcry_mac_read from size_t to size_t* for
returning number of written bytes.
[v3]:
- HMAC algorithm ids start from 101.
- Fix coding style for new files.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* tests/bench-slope.c (BUF_STEP_SIZE): Half step size to 64.
(NUM_MEASUREMENT_REPETITIONS): Double repetitions to 64.
--
Tweak parameters for better repeatability of results with fast ciphers
(AES-NI).
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* tests/benchmark.c (main): Add feature to skip the test.
* tests/bench-slope.c (main): Ditto.
(get_slope): Repace C++ style comment.
(double_cmp, cipher_bench, _hash_bench): Repalce system reserved
symbols.
--
During development a quick run of the regression is often useful,
however the benchmarks take a lot of time and thus this feature
allows to skip theses tests.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* tests/Makefile.am (TESTS): Add 'bench-slope'.
* tests/bench-slope.c: New.
--
Bench-slope is new benchmarking tool for libgcrypt for obtaining overheadless
cycles/byte speed of cipher and hash algorithms. Tool measures the time each
operation (hash/encrypt/decrypt/authentication) takes for different buffer
sizes of from ~0kB to ~4kB and calculates the slope for these data points.
The default output is then given as nanosecs/byte and mebibytes/sec. If user
provides the speed of used CPU, tool also outputs cycles/byte result (CPU-Ghz *
ns/B = c/B).
Output without CPU speed (with ARM Cortex-A8):
$ tests/bench-slope hash
Hash:
| nanosecs/byte mebibytes/sec cycles/byte
MD5 | 7.35 ns/B 129.7 MiB/s - c/B
SHA1 | 12.30 ns/B 77.53 MiB/s - c/B
RIPEMD160 | 15.96 ns/B 59.77 MiB/s - c/B
TIGER192 | 55.55 ns/B 17.17 MiB/s - c/B
SHA256 | 24.38 ns/B 39.12 MiB/s - c/B
SHA384 | 34.24 ns/B 27.86 MiB/s - c/B
SHA512 | 34.19 ns/B 27.90 MiB/s - c/B
SHA224 | 24.38 ns/B 39.12 MiB/s - c/B
MD4 | 5.68 ns/B 168.0 MiB/s - c/B
CRC32 | 9.26 ns/B 103.0 MiB/s - c/B
CRC32RFC1510 | 9.20 ns/B 103.6 MiB/s - c/B
CRC24RFC2440 | 87.31 ns/B 10.92 MiB/s - c/B
WHIRLPOOL | 253.3 ns/B 3.77 MiB/s - c/B
TIGER | 55.55 ns/B 17.17 MiB/s - c/B
TIGER2 | 55.55 ns/B 17.17 MiB/s - c/B
GOSTR3411_94 | 212.0 ns/B 4.50 MiB/s - c/B
STRIBOG256 | 630.1 ns/B 1.51 MiB/s - c/B
STRIBOG512 | 630.1 ns/B 1.51 MiB/s - c/B
=
With CPU speed (with Intel i5-4570, 3.2Ghz when turbo-boost disabled):
$ tests/bench-slope --cpu-mhz 3201 cipher arcfour blowfish aes
Cipher:
ARCFOUR | nanosecs/byte mebibytes/sec cycles/byte
STREAM enc | 2.43 ns/B 392.1 MiB/s 7.79 c/B
STREAM dec | 2.44 ns/B 390.2 MiB/s 7.82 c/B
=
BLOWFISH | nanosecs/byte mebibytes/sec cycles/byte
ECB enc | 7.62 ns/B 125.2 MiB/s 24.38 c/B
ECB dec | 7.63 ns/B 125.0 MiB/s 24.43 c/B
CBC enc | 9.18 ns/B 103.9 MiB/s 29.38 c/B
CBC dec | 2.60 ns/B 366.2 MiB/s 8.34 c/B
CFB enc | 9.17 ns/B 104.0 MiB/s 29.35 c/B
CFB dec | 2.66 ns/B 358.1 MiB/s 8.53 c/B
OFB enc | 8.97 ns/B 106.3 MiB/s 28.72 c/B
OFB dec | 8.97 ns/B 106.3 MiB/s 28.71 c/B
CTR enc | 2.60 ns/B 366.5 MiB/s 8.33 c/B
CTR dec | 2.60 ns/B 367.1 MiB/s 8.32 c/B
=
AES | nanosecs/byte mebibytes/sec cycles/byte
ECB enc | 0.439 ns/B 2173.0 MiB/s 1.40 c/B
ECB dec | 0.489 ns/B 1949.5 MiB/s 1.57 c/B
CBC enc | 1.64 ns/B 580.8 MiB/s 5.26 c/B
CBC dec | 0.219 ns/B 4357.6 MiB/s 0.701 c/B
CFB enc | 1.53 ns/B 623.6 MiB/s 4.90 c/B
CFB dec | 0.219 ns/B 4350.5 MiB/s 0.702 c/B
OFB enc | 1.51 ns/B 629.9 MiB/s 4.85 c/B
OFB dec | 1.51 ns/B 629.9 MiB/s 4.85 c/B
CTR enc | 0.288 ns/B 3308.5 MiB/s 0.923 c/B
CTR dec | 0.288 ns/B 3316.9 MiB/s 0.920 c/B
CCM enc | 1.93 ns/B 493.8 MiB/s 6.18 c/B
CCM dec | 1.93 ns/B 494.0 MiB/s 6.18 c/B
CCM auth | 1.64 ns/B 580.1 MiB/s 5.26 c/B
=
Note: It's highly recommented to disable turbo-boost and dynamic CPU frequency
features when making these kind of measurements to reduce variance.
Note: The results are maximum performance for each operation; the actual speed
in application depends on various matters, such as: used buffer sizes, cache
usage, etc.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
