summaryrefslogtreecommitdiff
path: root/tests/benchmark.c
AgeCommit message (Collapse)AuthorFilesLines
2016-03-18Always require a 64 bit integer typeWerner Koch1-4/+0
* configure.ac (available_digests_64): Merge with available_digests. (available_kdfs_64): Merge with available_kdfs. <64 bit datatype test>: Bail out if no such type is available. * src/types.h: Emit #error if no u64 can be defined. (PROPERLY_ALIGNED_TYPE): Always add u64 type. * cipher/bithelp.h: Remove all code paths which handle the case of !HAVE_U64_TYPEDEF. * cipher/bufhelp.h: Ditto. * cipher/cipher-ccm.c: Ditto. * cipher/cipher-gcm.c: Ditto. * cipher/cipher-internal.h: Ditto. * cipher/cipher.c: Ditto. * cipher/hash-common.h: Ditto. * cipher/md.c: Ditto. * cipher/poly1305.c: Ditto. * cipher/scrypt.c: Ditto. * cipher/tiger.c: Ditto. * src/g10lib.h: Ditto. * tests/basic.c: Ditto. * tests/bench-slope.c: Ditto. * tests/benchmark.c: Ditto. -- Given that SHA-2 and some other algorithms require a 64 bit type it does not make anymore sense to conditionally compile some part when the platform does not provide such a type. GnuPG-bug-id: 1815. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-03-18tests: Fix testsuite after the FIPS adjustments.Vitezslav Cizek1-0/+6
* tests/benchmark.c (ecc_bench): Avoid not approved curves in FIPS. * tests/curves.c (check_get_params): Skip Brainpool curves in FIPS. * tests/keygen.c (check_dsa_keys): Generate 2048 and 3072 bits keys. (check_ecc_keys): Skip Ed25519 in FIPS mode. * tests/random.c (main): Don't switch DRBG in FIPS mode. * tests/t-ed25519.c (main): Ed25519 isn't supported in FIPS mode. * tests/t-kdf.c (check_openpgp): Skip vectors using md5 in FIPS. * tests/t-mpi-point.c (context_param): Skip P-192 and Ed25519 in FIPS. (main): Skip math tests that use P-192 and Ed25519 in FIPS. -- Fix the testsuite to make it pass after the FIPS adjustmens. This consists mostly of disabling the tests that use not approved curves and algorithms as well as increasing the keysizes. Signed-off-by: Vitezslav Cizek <vcizek@suse.com> Additional changes by wk: - Removed changes already done with commit e40939b. The original patch had these chnages: * tests/fips186-dsa.c (main): Merely suggest a future improvement. * tests/pubkey.c (get_dsa_key_*new): Increase keysizes. (check_run): Skip tests with small domain in FIPS. (main): Skip Ed25519 sample key test in FIPS. Noet that get_dsa_key_fips186_with_seed_new was not changed from 1024 to 3072 but to 2048 bit. - Return with 77 (skip) from t-ed25519.c in FIPS mode. - Some code style changes. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-03-18tests: Fixes for RSA testsuite in FIPS modeVitezslav Cizek1-7/+14
* tests/basic.c (get_keys_new): Generate 2048 bit key. * tests/benchmark.c (rsa_bench): Skip keys of lengths different than 2048 and 3072 in FIPS mode. * tests/keygen.c (check_rsa_keys): Failure if short keys can be generated in FIPS mode. (check_dsa_keys): Ditto for DSA keys. * tests/pubkey.c (check_x931_derived_key): Skip keys < 2048 in FIPS. -- Thanks to Ludwig Nussel. Signed-off-by: Vitezslav Cizek <vcizek@suse.com> Additional changes by wk: - Remove printing of "FAIL" in fail() because this is reserved for use by the test driver of the Makefile. - Move setting of IN_FIPS_MODE after gcry_check_version in keygen.c Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-15tests: Improve stopwatch.hWerner Koch1-25/+25
* tests/stopwatch.h (elapsed_time): Add arg divisor.
2015-01-16Add OCB cipher modeWerner Koch1-2/+50
* cipher/cipher-ocb.c: New. * cipher/Makefile.am (libcipher_la_SOURCES): Add cipher-ocb.c * cipher/cipher-internal.h (OCB_BLOCK_LEN, OCB_L_TABLE_SIZE): New. (gcry_cipher_handle): Add fields marks.finalize and u_mode.ocb. * cipher/cipher.c (_gcry_cipher_open_internal): Add OCB mode. (_gcry_cipher_open_internal): Setup default taglen of OCB. (cipher_reset): Clear OCB specific data. (cipher_encrypt, cipher_decrypt, _gcry_cipher_authenticate) (_gcry_cipher_gettag, _gcry_cipher_checktag): Call OCB functions. (_gcry_cipher_setiv): Add OCB specific nonce setting. (_gcry_cipher_ctl): Add GCRYCTL_FINALIZE and GCRYCTL_SET_TAGLEN * src/gcrypt.h.in (GCRYCTL_SET_TAGLEN): New. (gcry_cipher_final): New. * cipher/bufhelp.h (buf_xor_1): New. * tests/basic.c (hex2buffer): New. (check_ocb_cipher): New. (main): Call it here. Add option --cipher-modes. * tests/bench-slope.c (bench_aead_encrypt_do_bench): Call gcry_cipher_final. (bench_aead_decrypt_do_bench): Ditto. (bench_aead_authenticate_do_bench): Ditto. Check error code. (bench_ocb_encrypt_do_bench): New. (bench_ocb_decrypt_do_bench): New. (bench_ocb_authenticate_do_bench): New. (ocb_encrypt_ops): New. (ocb_decrypt_ops): New. (ocb_authenticate_ops): New. (cipher_modes): Add them. (cipher_bench_one): Skip wrong block length for OCB. * tests/benchmark.c (cipher_bench): Add field noncelen to MODES. Add OCB support. -- See the comments on top of cipher/cipher-ocb.c for the patent status of the OCB mode. The implementation has not yet been optimized and as such is not faster that the other AEAD modes. A first candidate for optimization is the double_block function. Large improvements can be expected by writing an AES ECB function to work on multiple blocks. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-24tests: Add a prime mode to benchmark.Werner Koch1-5/+68
* tests/benchmark.c (progress_cb): Add a single char mode. (prime_bench): New. (main): Add a "prime" mode. Factor with_progress out to file scope. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-08-09tests: Add a benchmark for Elgamal.Werner Koch1-3/+262
* tests/benchmark.c (sample_public_elg_key_1024): New. (sample_private_elg_key_1024): New. (sample_public_elg_key_2048, sample_private_elg_key_2048): New. (sample_public_elg_key_3072, sample_private_elg_key_3072): New. (elg_bench): New. (main): Add elg_bench. Add commands "elg" and "public".
2014-05-12Add Poly1305-AES (-Camellia, etc) MACsJussi Kivilinna1-0/+12
* cipher/mac-internal.h (_gcry_mac_type_spec_poly1305_aes) (_gcry_mac_type_spec_poly1305_camellia) (_gcry_mac_type_spec_poly1305_twofish) (_gcry_mac_type_spec_poly1305_serpent) (_gcry_mac_type_spec_poly1305_seed): New. * cipher/mac-poly1305.c (poly1305mac_context_s): Add 'hd' and 'nonce_set'. (poly1305mac_open, poly1305mac_close, poly1305mac_setkey): Add handling for Poly1305-*** MACs. (poly1305mac_prepare_key, poly1305mac_setiv): New. (poly1305mac_reset, poly1305mac_write, poly1305mac_read): Add handling for 'nonce_set'. (poly1305mac_ops): Add 'poly1305mac_setiv'. (_gcry_mac_type_spec_poly1305_aes) (_gcry_mac_type_spec_poly1305_camellia) (_gcry_mac_type_spec_poly1305_twofish) (_gcry_mac_type_spec_poly1305_serpent) (_gcry_mac_type_spec_poly1305_seed): New. * cipher/mac.c (mac_list): Add Poly1305-AES, Poly1305-Twofish, Poly1305-Serpent, Poly1305-SEED and Poly1305-Camellia. * src/gcrypt.h.in: Add 'GCRY_MAC_POLY1305_AES', 'GCRY_MAC_POLY1305_CAMELLIA', 'GCRY_MAC_POLY1305_TWOFISH', 'GCRY_MAC_POLY1305_SERPENT' and 'GCRY_MAC_POLY1305_SEED'. * tests/basic.c (check_mac): Add Poly1305-AES test vectors. * tests/bench-slope.c (bench_mac_init): Set IV for Poly1305-*** MACs. * tests/bench-slope.c (mac_bench): Set IV for Poly1305-*** MACs. -- Patch adds Bernstein's Poly1305-AES message authentication code to libgcrypt and other variants of Poly1305-<128-bit block cipher>. Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2014-05-12Add Poly1305 MACJussi Kivilinna1-1/+1
* cipher/Makefile.am: Add 'mac-poly1305.c', 'poly1305.c' and 'poly1305-internal.h'. * cipher/mac-internal.h (poly1305mac_context_s): New. (gcry_mac_handle): Add 'u.poly1305mac'. (_gcry_mac_type_spec_poly1305mac): New. * cipher/mac-poly1305.c: New. * cipher/mac.c (mac_list): Add Poly1305. * cipher/poly1305-internal.h: New. * cipher/poly1305.c: New. * src/gcrypt.h.in: Add 'GCRY_MAC_POLY1305'. * tests/basic.c (check_mac): Add Poly1035 test vectors; Allow overriding lengths of data and key buffers. * tests/bench-slope.c (mac_bench): Increase max algo number from 500 to 600. * tests/benchmark.c (mac_bench): Ditto. -- Patch adds Bernstein's Poly1305 message authentication code to libgcrypt. Implementation is based on Andrew Moon's public domain implementation from: https://github.com/floodyberry/poly1305-opt The algorithm added by this patch is the plain Poly1305 without AES and takes 32-bit key that must not be reused. Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2014-01-27Fix most of memory leaks in tests codeDmitry Eremin-Solenikov1-1/+1
* tests/basic.c (check_ccm_cipher): Close cipher after use. * tests/basic.c (check_one_cipher): Correct length of used buffer. * tests/benchmark.c (cipher_bench): Use xcalloc to make buffer initialized. * tests/keygen.c (check_ecc_keys): Release generated key. * tests/t-mpi-point.c (context_param): Release mpi Q. * tests/t-sexp.c (check_extract_param): Release extracted number. -- The only remaining reported memory leak is one expected leak from mpitests.c. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
2013-12-15Use u64 for CCM data lengthsJussi Kivilinna1-2/+5
* cipher/cipher-ccm.c: Move code inside [HAVE_U64_TYPEDEF]. [HAVE_U64_TYPEDEF] (_gcry_cipher_ccm_set_lengths): Use 'u64' for data lengths. [!HAVE_U64_TYPEDEF] (_gcry_cipher_ccm_encrypt) (_gcry_cipher_ccm_decrypt, _gcry_cipher_ccm_set_nonce) (_gcry_cipher_ccm_authenticate, _gcry_cipher_ccm_get_tag) (_gcry_cipher_ccm_check_tag): Dummy functions returning GPG_ERROR_NOT_SUPPORTED. * cipher/cipher-internal.h (gcry_cipher_handle.u_mode.ccm) (_gcry_cipher_ccm_set_lengths): Move inside [HAVE_U64_TYPEDEF] and use u64 instead of size_t for CCM data lengths. * cipher/cipher.c (_gcry_cipher_open_internal, cipher_reset) (_gcry_cipher_ctl) [!HAVE_U64_TYPEDEF]: Return GPG_ERR_NOT_SUPPORTED for CCM. (_gcry_cipher_ctl) [HAVE_U64_TYPEDEF]: Use u64 for GCRYCTL_SET_CCM_LENGTHS length parameters. * tests/basic.c: Do not use CCM if !HAVE_U64_TYPEDEF. * tests/bench-slope.c: Ditto. * tests/benchmark.c: Ditto. -- Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2013-12-09tests: Speed up benchmarks in regression test mode.Werner Koch1-0/+13
* tests/tsexp.c (check_extract_param): Fix compiler warning. * tests/Makefile.am (TESTS_ENVIRONMENT): Set GCRYPT_IN_REGRESSION_TEST. * tests/bench-slope.c (main): Speed up if in regression test mode. * tests/benchmark.c (main): Ditto. Signed-off-by: Werner Koch <wk@gnupg.org>
2013-12-02ecc: Use constant time point operation for Twisted Edwards.Werner Koch1-1/+7
* mpi/ec.c (_gcry_mpi_ec_mul_point): Try to do a constant time operation if needed. * tests/benchmark.c (main): Add option --use-secmem. Signed-off-by: Werner Koch <wk@gnupg.org>
2013-11-21Add GMAC to MAC APIJussi Kivilinna1-1/+1
* cipher/Makefile.am: Add 'mac-gmac.c'. * cipher/mac-gmac.c: New. * cipher/mac-internal.h (gcry_mac_handle): Add 'u.gcm'. (_gcry_mac_type_spec_gmac_aes, _gcry_mac_type_spec_gmac_twofish) (_gcry_mac_type_spec_gmac_serpent, _gcry_mac_type_spec_gmac_seed) (_gcry_mac_type_spec_gmac_camellia): New externs. * cipher/mac.c (mac_list): Add GMAC specifications. * doc/gcrypt.texi: Add mention of GMAC. * src/gcrypt.h.in (gcry_mac_algos): Add GCM algorithms. * tests/basic.c (check_one_mac): Add support for MAC IVs. (check_mac): Add support for MAC IVs and add GMAC test vectors. * tests/bench-slope.c (mac_bench): Iterate algorithm numbers to 499. * tests/benchmark.c (mac_bench): Iterate algorithm numbers to 499. -- Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2013-11-19Initial implementation of GCMDmitry Eremin-Solenikov1-0/+2
* cipher/Makefile.am: Add 'cipher-gcm.c'. * cipher/cipher-ccm.c (_gcry_ciphert_ccm_set_lengths) (_gcry_cipher_ccm_authenticate, _gcry_cipher_ccm_tag) (_gcry_cipher_ccm_encrypt, _gcry_cipher_ccm_decrypt): Change 'c->u_mode.ccm.tag' to 'c->marks.tag'. * cipher/cipher-gcm.c: New. * cipher/cipher-internal.h (GCM_USE_TABLES): New. (gcry_cipher_handle): Add 'marks.tag', 'u_tag', 'length' and 'gcm_table'; Remove 'u_mode.ccm.tag'. (_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt) (_gcry_cipher_gcm_setiv, _gcry_cipher_gcm_authenticate) (_gcry_cipher_gcm_get_tag, _gcry_cipher_gcm_check_tag): New. * cipher/cipher.c (_gcry_cipher_open_internal, cipher_setkey) (cipher_encrypt, cipher_decrypt, _gcry_cipher_authenticate) (_gcry_cipher_gettag, _gcry_cipher_checktag): Add GCM mode handling. * src/gcrypt.h.in (gcry_cipher_modes): Add GCRY_CIPHER_MODE_GCM. (GCRY_GCM_BLOCK_LEN): New. * tests/basic.c (check_gcm_cipher): New. (check_ciphers): Add GCM check. (check_cipher_modes): Call 'check_gcm_cipher'. * tests/bench-slope.c (bench_gcm_encrypt_do_bench) (bench_gcm_decrypt_do_bench, bench_gcm_authenticate_do_bench) (gcm_encrypt_ops, gcm_decrypt_ops, gcm_authenticate_ops): New. (cipher_modes): Add GCM enc/dec/auth. (cipher_bench_one): Limit GCM to block ciphers with 16 byte block-size. * tests/benchmark.c (cipher_bench): Add GCM. -- Currently it is still quite slow. Still no support for generate_iv(). Is it really necessary? TODO: Merge/reuse cipher-internal state used by CCM. Changelog entry will be present in final patch submission. Changes since v1: - 6x-7x speedup. - added bench-slope support Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> [jk: mangle new file throught 'indent -nut'] [jk: few fixes] [jk: changelog]
2013-11-16Add new MAC API, initially with HMACJussi Kivilinna1-1/+145
* cipher/Makefile.am: Add 'mac.c', 'mac-internal.h' and 'mac-hmac.c'. * cipher/bufhelp.h (buf_eq_const): New. * cipher/cipher-ccm.c (_gcry_cipher_ccm_tag): Use 'buf_eq_const' for constant-time compare. * cipher/mac-hmac.c: New. * cipher/mac-internal.h: New. * cipher/mac.c: New. * doc/gcrypt.texi: Add documentation for MAC API. * src/gcrypt-int.h [GPG_ERROR_VERSION_NUMBER < 1.13] (GPG_ERR_MAC_ALGO): New. * src/gcrypt.h.in (gcry_mac_handle, gcry_mac_hd_t, gcry_mac_algos) (gcry_mac_flags, gcry_mac_open, gcry_mac_close, gcry_mac_ctl) (gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write) (gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen) (gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name) (gcry_mac_reset, gcry_mac_test_algo): New. * src/libgcrypt.def (gcry_mac_open, gcry_mac_close, gcry_mac_ctl) (gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write) (gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen) (gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name): New. * src/libgcrypt.vers (gcry_mac_open, gcry_mac_close, gcry_mac_ctl) (gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write) (gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen) (gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name): New. * src/visibility.c (gcry_mac_open, gcry_mac_close, gcry_mac_ctl) (gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write) (gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen) (gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name): New. * src/visibility.h (gcry_mac_open, gcry_mac_close, gcry_mac_ctl) (gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write) (gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen) (gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name): New. * tests/basic.c (check_one_mac, check_mac): New. (main): Call 'check_mac'. * tests/bench-slope.c (bench_print_header, bench_print_footer): Allow variable algorithm name width. (_cipher_bench, hash_bench): Update to above change. (bench_hash_do_bench): Add 'gcry_md_reset'. (bench_mac_mode, bench_mac_init, bench_mac_free, bench_mac_do_bench) (mac_ops, mac_modes, mac_bench_one, _mac_bench, mac_bench): New. (main): Add 'mac' benchmark options. * tests/benchmark.c (mac_repetitions, mac_bench): New. (main): Add 'mac' benchmark options. -- Add MAC API, with HMAC algorithms. Internally uses HMAC functionality of the MD module. [v2]: - Add documentation for MAC API. - Change length argument for gcry_mac_read from size_t to size_t* for returning number of written bytes. [v3]: - HMAC algorithm ids start from 101. - Fix coding style for new files. Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2013-11-05ecc: Require "eddsa" flag for curve Ed25519.Werner Koch1-1/+2
* src/cipher.h (PUBKEY_FLAG_ECDSA): Remove. * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Remove "ecdsa". * cipher/ecc.c (ecc_generate, ecc_sign, ecc_verify): Require "eddsa" flag. * cipher/ecc-misc.c (_gcry_ecc_compute_public): Depend "eddsa" flag. * tests/benchmark.c, tests/keygen.c, tests/pubkey.c * tests/t-ed25519.c, tests/t-mpi-point.c: Adjust for changed flags. -- This changes make using ECDSA signatures the default for all curves. If another signing algorithm is to be used, the corresponding flag needs to be given. In particular the flags "eddsa" is now always required with curve Ed25519 to comply with the specs. This change makes the code better readable by not assuming a certain signature algorithm depending on the curve. Signed-off-by: Werner Koch <wk@gnupg.org>
2013-10-29tests: Add feature to skip benchmarks.Werner Koch1-0/+5
* tests/benchmark.c (main): Add feature to skip the test. * tests/bench-slope.c (main): Ditto. (get_slope): Repace C++ style comment. (double_cmp, cipher_bench, _hash_bench): Repalce system reserved symbols. -- During development a quick run of the regression is often useful, however the benchmarks take a lot of time and thus this feature allows to skip theses tests. Signed-off-by: Werner Koch <wk@gnupg.org>
2013-10-22Add Counter with CBC-MAC mode (CCM)Jussi Kivilinna1-4/+76
* cipher/Makefile.am: Add 'cipher-ccm.c'. * cipher/cipher-ccm.c: New. * cipher/cipher-internal.h (gcry_cipher_handle): Add 'u_mode'. (_gcry_cipher_ccm_encrypt, _gcry_cipher_ccm_decrypt) (_gcry_cipher_ccm_set_nonce, _gcry_cipher_ccm_authenticate) (_gcry_cipher_ccm_get_tag, _gcry_cipher_ccm_check_tag) (_gcry_cipher_ccm_set_lengths): New prototypes. * cipher/cipher.c (gcry_cipher_open, cipher_encrypt, cipher_decrypt) (_gcry_cipher_setiv, _gcry_cipher_authenticate, _gcry_cipher_gettag) (_gcry_cipher_checktag, gry_cipher_ctl): Add handling for CCM mode. * doc/gcrypt.texi: Add documentation for GCRY_CIPHER_MODE_CCM. * src/gcrypt.h.in (gcry_cipher_modes): Add 'GCRY_CIPHER_MODE_CCM'. (gcry_ctl_cmds): Add 'GCRYCTL_SET_CCM_LENGTHS'. (GCRY_CCM_BLOCK_LEN): New. * tests/basic.c (check_ccm_cipher): New. (check_cipher_modes): Call 'check_ccm_cipher'. * tests/benchmark.c (ccm_aead_init): New. (cipher_bench): Add handling for AEAD modes and add CCM benchmarking. -- Patch adds CCM (Counter with CBC-MAC) mode as defined in RFC 3610 and NIST Special Publication 800-38C. Example for encrypting message (split in two buffers; buf1, buf2) and authenticating additional non-encrypted data (split in two buffers; aadbuf1, aadbuf2) with authentication tag length of eigth bytes: size_t params[3]; taglen = 8; gcry_cipher_setkey(h, key, len(key)); gcry_cipher_setiv(h, nonce, len(nonce)); params[0] = len(buf1) + len(buf2); /* 0: enclen */ params[1] = len(aadbuf1) + len(aadbuf2); /* 1: aadlen */ params[2] = taglen; /* 2: authtaglen */ gcry_cipher_ctl(h, GCRYCTL_SET_CCM_LENGTHS, params, sizeof(size_t) * 3); gcry_cipher_authenticate(h, aadbuf1, len(aadbuf1)); gcry_cipher_authenticate(h, aadbuf2, len(aadbuf2)); gcry_cipher_encrypt(h, buf1, len(buf1), buf1, len(buf1)); gcry_cipher_encrypt(h, buf2, len(buf2), buf2, len(buf2)); gcry_cipher_gettag(h, tag, taglen); Example for decrypting above message and checking authentication tag: size_t params[3]; taglen = 8; gcry_cipher_setkey(h, key, len(key)); gcry_cipher_setiv(h, nonce, len(nonce)); params[0] = len(buf1) + len(buf2); /* 0: enclen */ params[1] = len(aadbuf1) + len(aadbuf2); /* 1: aadlen */ params[2] = taglen; /* 2: authtaglen */ gcry_cipher_ctl(h, GCRYCTL_SET_CCM_LENGTHS, params, sizeof(size_t) * 3); gcry_cipher_authenticate(h, aadbuf1, len(aadbuf1)); gcry_cipher_authenticate(h, aadbuf2, len(aadbuf2)); gcry_cipher_decrypt(h, buf1, len(buf1), buf1, len(buf1)); gcry_cipher_decrypt(h, buf2, len(buf2), buf2, len(buf2)); err = gcry_cipher_checktag(h, tag, taglen); if (gpg_err_code (err) == GPG_ERR_CHECKSUM) { /* Authentication failed. */ } else if (err == 0) { /* Authentication ok. */ } Example for encrypting message without additional authenticated data: size_t params[3]; taglen = 10; gcry_cipher_setkey(h, key, len(key)); gcry_cipher_setiv(h, nonce, len(nonce)); params[0] = len(buf1); /* 0: enclen */ params[1] = 0; /* 1: aadlen */ params[2] = taglen; /* 2: authtaglen */ gcry_cipher_ctl(h, GCRYCTL_SET_CCM_LENGTHS, params, sizeof(size_t) * 3); gcry_cipher_encrypt(h, buf1, len(buf1), buf1, len(buf1)); gcry_cipher_gettag(h, tag, taglen); To reset CCM state for cipher handle, one can either set new nonce or use 'gcry_cipher_reset'. This implementation reuses existing CTR mode code for encryption/decryption and is there for able to process multiple buffers that are not multiple of blocksize. AAD data maybe also be passed into gcry_cipher_authenticate in non-blocksize chunks. [v4]: GCRYCTL_SET_CCM_PARAMS => GCRY_SET_CCM_LENGTHS Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2013-10-16ecc: Add support for GOST R 34.10-2001/-2012 signaturesDmitry Eremin-Solenikov1-1/+16
* src/cipher.h: define PUBKEY_FLAG_GOST * cipher/ecc-curves.c: Add GOST2001-test and GOST2012-test curves defined in standards. Typical applications would use either those curves, or curves defined in RFC 4357 (will be added later). * cipher/ecc.c (sign_gost, verify_gost): New. (ecc_sign, ecc_verify): use sign_gost/verify_gost if PUBKEY_FLAG_GOST is set. (ecc_names): add "gost" for gost signatures. * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist, _gcry_pk_util_preparse_sigval): set PUBKEY_FLAG_GOST if gost flag is present in s-exp. * tests/benchmark.c (ecc_bench): also benchmark GOST signatures. * tests/basic.c (check_pubkey): add two public keys from GOST R 34.10-2012 standard. (check_pubkey_sign_ecdsa): add two data sets to check gost signatures. * tests/curves.c: correct N_CURVES as we now have 2 more curves. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> Removed some comments from the new curve definitions in ecc-curves.c to avoid line wrapping. Eventually we will develop a precompiler to avoid parsing those hex strings. -wk
2013-09-19tests: Beautify some diagnostics.Werner Koch1-7/+27
* tests/benchmark.c (ecc_bench): Print the key sexp in very verbose mode. (main): Add option --pk-count. * tests/keygen.c: Add Elgamal generation and improved diagnostics. * tests/t-ed25519.c (check_ed25519): Print running number of tests done. Signed-off-by: Werner Koch <wk@gnupg.org>
2013-09-18ecc: Add Ed25519 key generation and prepare for optimizations.Werner Koch1-8/+41
* src/mpi.h (enum ecc_dialects): New. * src/ec-context.h (mpi_ec_ctx_s): Add field DIALECT. * cipher/ecc-common.h (elliptic_curve_t): Ditto. * cipher/ecc-curves.c (ecc_domain_parms_t): Ditto. (domain_parms): Add dialect values. (_gcry_ecc_fill_in_curve): Set dialect. (_gcry_ecc_get_curve): Ditto. (_gcry_mpi_ec_new): Ditto. (_gcry_ecc_get_param): Use ECC_DIALECT_STANDARD for now. * cipher/ecc-misc.c (_gcry_ecc_curve_copy): Copy dialect. (_gcry_ecc_dialect2str): New. * mpi/ec.c (ec_p_init): Add arg DIALECT. (_gcry_mpi_ec_p_internal_new): Ditto. (_gcry_mpi_ec_p_new): Ditto. * mpi/mpiutil.c (gcry_mpi_set_opaque): Set the secure flag. (_gcry_mpi_set_opaque_copy): New. * cipher/ecc-misc.c (_gcry_ecc_os2ec): Take care of an opaque MPI. * cipher/ecc.c (eddsa_generate_key): New. (generate_key): Rename to nist_generate_key and factor some code out to ... (ecc_generate_ext): here. Divert to eddsa_generate_key if desired. (eddsa_decodepoint): Take care of an opaque MPI. (ecc_check_secret_key): Ditto. (ecc_sign): Ditto. * cipher/pubkey.c (sexp_elements_extract_ecc): Store public and secret key as opaque MPIs. (gcry_pk_genkey): Add the curve_name also to the private key part of the result. * tests/benchmark.c (ecc_bench): Support Ed25519. (main): Add option --debug. * tests/curves.c (sample_key_2): Make sure that P and N are positive. * tests/keygen.c (show): New. (check_ecc_keys): Support Ed25519. -- There are two main purposes of this patch: Add a key generation feature for Ed25519 and add the "dialect" thingy which will eventually be used to add curve specific optimization. Note that the entire way of how we interface between the public key modules and pubkey.c is overly complex and probably also the cause for a lot of performance overhead. Given that we don't have the loadable module system anymore, we should entirely get rid of the MPI-array based internal interface and move parts of the s-expression handling direct into the pubkey modules. This needs to be fixed or we are turning Libgcrypt into another software incarnation of Heathrow Airport. Signed-off-by: Werner Koch <wk@gnupg.org>
2013-09-16tests: Factor time measurement code out.Werner Koch1-84/+2
* tests/benchmark.c (started_at, stopped_at, start_timer, stop_timer) (elapsed time): Factor out to .. * tests/stopwatch.h: new file.
2013-08-07tests: fix memory leaks.NIIBE Yutaka1-1/+3
* tests/benchmark.c (dsa_bench): Release SIG. * tests/mpitests.c (test_powm): Release BASE, EXP, MOD, and RES. * tests/prime.c (check_primes): Release PRIME. * tests/tsexp.c (basic): Use intermediate variable M for constant. Release S1, S2 and A.
2013-07-10Fix 'Please include winsock2.h before windows.h' warnings with mingw32Jussi Kivilinna1-0/+1
* random/rndw32.c: include winsock2.h before windows.h. * src/ath.h [_WIN32]: Ditto. * tests/benchmark.c [_WIN32]: Ditto. -- Patch silences warnings of following type: /usr/lib/gcc/i686-w64-mingw32/4.6/../../../../i686-w64-mingw32/include/winsock2.h:15:2: warning: #warning Please include winsock2.h before windows.h [-Wcpp] Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2013-06-26Make gpg-error replacement defines more robust.Werner Koch1-1/+1
* configure.ac (AH_BOTTOM): Move GPG_ERR_ replacement defines to ... * src/gcrypt-int.h: new file. * src/visibility.h, src/cipher.h: Replace gcrypt.h by gcrypt-int.h. * tests/: Ditto for all test files. -- Defining newer gpg-error codes in config.h was not a good idea, because config.h is usually included before gpg-error.h and thus gpg-error.h would be double defines to lead to faulty code there like typedef enum { [...] 191 = 191, [...] };
2012-12-03random: Add a RNG selection interface and system RNG wrapper.Werner Koch1-0/+17
* random/random-system.c: New. * random/Makefile.am (librandom_la_SOURCES): Add new module. * random/random.c (struct rng_types): New. (_gcry_set_preferred_rng_type, _gcry_get_rng_type): New. (_gcry_random_initialize, gcry_random_add_bytes, do_randomize) (_gcry_set_random_seed_file, _gcry_update_random_seed_file) (_gcry_fast_random_poll): Dispatch to the actual RNG. * src/gcrypt.h.in (GCRYCTL_SET_PREFERRED_RNG_TYPE): New. GCRYCTL_GET_CURRENT_RNG_TYPE): New. (gcry_rng_types): New. * src/global.c (print_config): Print the TNG type. (global_init, _gcry_vcontrol): Implement the new control codes. * doc/gcrypt.texi (Controlling the library): Document the new control codes. * tests/benchmark.c (main): Add options to test the RNG types. * tests/random.c (main): Add new options. (print_hex): Print to stderr. (progress_cb, rng_type): New. (check_rng_type_switching, check_early_rng_type_switching): New. (run_all_rng_tests): New. -- The purpose of this change is to allow applications with moderate random requirements to use the system's RNG (e.g. /dev/urandom). The type switching logic makes sure that existing applications won't be affected by this change. A library is in almost all cases not able to degrade the quality of the RNG. The definition of "degrade" comes from our own assertion of the quality/trustworthiness of the RNGs: The most trustworthy RNG is the CSPRNG which dates back to the early GnuPG days. It is quite conservative and often requires more seeding than might be justified. GCRY_RNG_TYPE_STANDARD is the default unless the process is in FIPS mode. The second trustworthy RNG is the FIPS recommended X9.81 AES based implementation. It is seeded by the system's RNG. GCRY_RNG_TYPE_FIPS is the only available RNG if running in FIPS mode. The third trustworthy RNG is a mere wrapper around the system's native RNG. Thus there is no extra step on top of what, for example, /dev/random provides. GCRY_RNG_TYPE_SYSTEM may be used by applications which would use /dev/random or /dev/urandom instead.
2011-02-21Final changes for 1.5.0-beta1Werner Koch1-2/+3
2011-02-21Allow --alignment option for md_benchWerner Koch1-26/+36
2011-02-16Add GCRYCTL_DISABLE_HWFWerner Koch1-0/+11
This option is useful to disable detected hardware features. It has been implemented in benchmark, so that it is now possible to run tests/benchmark --disable-hwf intel-aesni cipher aes aes192 aes256 to compare the use of AES-NI insns to the pure C code.
2011-02-15Add asm code to use aeskeygenassist.Werner Koch1-15/+55
However, this code is disabled right now.
2011-02-14Use a better alignment.Werner Koch1-4/+34
benchmark does now support the option --alignment 16 to test the non-aligned overhead.
2011-02-04Nuked almost all trailing whitespace.Werner Koch1-15/+14
Check and install the standard git pre-commit hook.
2010-01-21Support WindowsCE.Werner Koch1-0/+13
2009-12-11Boost performance of SHA-512 and SHA-256.Werner Koch1-10/+51
2009-12-10Cleaned up the cipher encrypy/decrypt constraints checks.Werner Koch1-8/+7
2009-12-09Implemented the AES-Wrap algorithmWerner Koch1-1/+2
2009-07-09[random/ChangeLog]Werner Koch1-0/+21
* rndlinux.c (_gcry_rndlinux_gather_random): Print real values for the progess function and call it before blocking. Suggested by Christian Grothoff. * rndunix.c (slow_poll): Add similar, but not yet functional, code. SCALAR(0x81980e8) Copyright 2008, 2009 Free Software Foundation, Inc. [tests/ChangeLog] * benchmark.c (progress_cb): New. (main): Add option --progress.
2009-07-02Minor bug fixes.Werner Koch1-6/+6
2008-12-05Fixed error cases in mpicoder.Werner Koch1-1/+1
Documentation cleanups.
2008-12-03Fix last moi-pow.c change.Werner Koch1-1/+7
Add some code to allow standalone builds of some test programs.
2008-10-24Do no restrtc usage of MD5 in fips mode.Werner Koch1-2/+13
2008-10-02Add CAVS test.Werner Koch1-1/+3
Various minor fixes. Sigbus fixes for AES.
2008-09-18Windows fix.Werner Koch1-1/+1
2008-08-26Implemented transient-key flag as requested by the GNUNet folks.Werner Koch1-17/+22
Documentation cleanups. Removed FIPS logging unless in double verbose state.
2008-08-19A whole bunch of changes to eventually support Werner Koch1-1/+7
FIPS restricted mode. Also some documentation improvements and other minor enhancements. See the ChangeLogs. Stay tuned.
2008-03-17Better AES performance.Werner Koch1-6/+50
2008-03-12Add a non-blinding testWerner Koch1-6/+39
2007-11-30Add support for the HW RNG. However i was not able to test it because itWerner Koch1-6/+34
seems to be disabled by the OS.
2007-10-31Reorganizatiosn to support the visibility attribute.Werner Koch1-20/+47
This can be improved by using fucntion aliases instead of wrapper functions.