kris
/
boringssl
1
0
Atdalīts 0
Kods Problēmas 0 Izmaiņu pieprasījumi 0 Laidieni 0 Vikivietne Aktivitāte
Nevar pievienot vairāk kā 25 tēmas Tēmai ir jāsākas ar burtu vai ciparu, tā var saturēt domu zīmes ('-') un var būt līdz 35 simboliem gara.
3598 Revīzijas
12 Atzari
38 MiB
Koks: 97db926cf7
Atzari Tagi
${ item.name }
Izveidot atzaru ${ searchTerm }
no '97db926cf7'
${ noResults }
boringssl/tool/speed.cc

speed.cc 20 KiB
Neapstrādāts Parastais skats Vēsture

Split the speed tests into their own file.
pirms 10 gadiem
Give bssl speed proper arg parsing and a -timeout flag. I've found that changing the timeout to 10s rather than 1s gives much more stable numbers. BUG=82 Change-Id: Ie026bf808e8bf78b35925add69f84c3ff31c31ab Reviewed-on: https://boringssl-review.googlesource.com/10349 CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Commit-Queue: David Benjamin <davidben@google.com> Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: Adam Langley <agl@google.com>
pirms 8 gadiem
Remove string.h from base.h. Including string.h in base.h causes any file that includes a BoringSSL header to include string.h. Generally this wouldn't be a problem, although string.h might slow down the compile if it wasn't otherwise needed. However, it also causes problems for ipsec-tools in Android because OpenSSL didn't have this behaviour. This change removes string.h from base.h and, instead, adds it to each .c file that requires it. Change-Id: I5968e50b0e230fd3adf9b72dd2836e6f52d6fb37 Reviewed-on: https://boringssl-review.googlesource.com/3200 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Split the speed tests into their own file.
pirms 10 gadiem
tool: include base.h before testing OPENSSL_WINDOWS. Even though windows.h etc are system headers, conditional includes have to come after the others. Change-Id: I839b3b6c32a76c806698e2cdc71e50433fa900b2
pirms 9 gadiem
Replace Scoped* heap types with bssl::UniquePtr. Unlike the Scoped* types, bssl::UniquePtr is available to C++ users, and offered for a large variety of types. The 'extern "C++"' trick is used to make the C++ bits digestible to C callers that wrap header files in 'extern "C"'. Change-Id: Ifbca4c2997d6628e33028c7d7620c72aff0f862e Reviewed-on: https://boringssl-review.googlesource.com/10521 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 8 gadiem
Add X25519 and Ed25519 support. (Ed25519 support is disabled when |OPENSSL_SMALL| is defined.) libcrypto.a sizes: x86-64 -O3 -march=native: +78012 (1584902 → 1662914) x86-64 -O3 -march=native -DOPENSSL_SMALL: +10596 (1356206 → 1366802) Android armv7 Thumb -O2 -DOPENSSL_SMALL: +13132 (1258462 → 1271594) Change-Id: I6a7e64d481e4ce4daa7d5057578081358746cfb9 Reviewed-on: https://boringssl-review.googlesource.com/6497 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
tool: include base.h before testing OPENSSL_WINDOWS. Even though windows.h etc are system headers, conditional includes have to come after the others. Change-Id: I839b3b6c32a76c806698e2cdc71e50433fa900b2
pirms 9 gadiem
Replace Scoped* heap types with bssl::UniquePtr. Unlike the Scoped* types, bssl::UniquePtr is available to C++ users, and offered for a large variety of types. The 'extern "C++"' trick is used to make the C++ bits digestible to C callers that wrap header files in 'extern "C"'. Change-Id: Ifbca4c2997d6628e33028c7d7620c72aff0f862e Reviewed-on: https://boringssl-review.googlesource.com/10521 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 8 gadiem
Remove some easy obj.h dependencies. A lot of consumers of obj.h only want the NID values. Others didn't need it at all. This also removes some OBJ_nid2sn and OBJ_nid2ln calls in EVP error paths which isn't worth pulling a large table in for. BUG=chromium:499653 Change-Id: Id6dff578f993012e35b740a13b8e4f9c2edc0744 Reviewed-on: https://boringssl-review.googlesource.com/7563 Reviewed-by: David Benjamin <davidben@google.com>
pirms 8 gadiem
tool: include base.h before testing OPENSSL_WINDOWS. Even though windows.h etc are system headers, conditional includes have to come after the others. Change-Id: I839b3b6c32a76c806698e2cdc71e50433fa900b2
pirms 9 gadiem
Split the speed tests into their own file.
pirms 10 gadiem
Wrap MSVC-only warning pragmas in a macro. There's a __pragma expression which allows this. Android builds us Windows with MinGW for some reason, so we actually do have to tolerate non-MSVC-compatible Windows compilers. (Clang for Windows is much more sensible than MinGW and intentionally mimicks MSVC.) MinGW doesn't understand MSVC's pragmas and warns a lot. #pragma warning is safe to suppress, so wrap those to shush them. This also lets us do away with a few ifdefs. Change-Id: I1f5a8bec4940d4b2d947c4c1cc9341bc15ec4972 Reviewed-on: https://boringssl-review.googlesource.com/8236 Reviewed-by: Adam Langley <agl@google.com>
pirms 8 gadiem
Lowercase some Windows headers. MinGW on Linux needs lowercase include files. On Windows this doesn't matter since the filesystems are case-insensitive, but building BoringSSL on Linux with MinGW has case-sensitive filesystems. Change-Id: Id9c120d819071b041341fbb978352812d6d073bc Reviewed-on: https://boringssl-review.googlesource.com/4090 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Wrap MSVC-only warning pragmas in a macro. There's a __pragma expression which allows this. Android builds us Windows with MinGW for some reason, so we actually do have to tolerate non-MSVC-compatible Windows compilers. (Clang for Windows is much more sensible than MinGW and intentionally mimicks MSVC.) MinGW doesn't understand MSVC's pragmas and warns a lot. #pragma warning is safe to suppress, so wrap those to shush them. This also lets us do away with a few ifdefs. Change-Id: I1f5a8bec4940d4b2d947c4c1cc9341bc15ec4972 Reviewed-on: https://boringssl-review.googlesource.com/8236 Reviewed-by: Adam Langley <agl@google.com>
pirms 8 gadiem
Include some build fixes for OS X. Apart from the obvious little issues, this also works around a (seeming) libtool/linker: a.c defines a symbol: int kFoo; b.c uses it: extern int kFoo; int f() { return kFoo; } compile them: $ gcc -c a.c $ gcc -c b.c and create a dummy main in order to run it, main.c: int f(); int main() { return f(); } this works as expected: $ gcc main.c a.o b.o but, if we make an archive: $ ar q lib.a a.o b.o and use that: $ gcc main.c lib.a Undefined symbols for architecture x86_64 "_kFoo", referenced from: _f in lib.a(b.o) (It doesn't matter what order the .o files are put into the .a) Linux and Windows don't seem to have this problem. nm on a.o shows that the symbol is of type "C", which is a "common symbol"[1]. Basically the linker will merge multiple common symbol definitions together. If ones makes a.c read: int kFoo = 0; Then one gets a type "D" symbol - a "data section symbol" and everything works just fine. This might actually be a libtool bug instead of an ld bug: Looking at `xxd lib.a | less`, the __.SYMDEF SORTED index at the beginning of the archive doesn't contain an entry for kFoo unless initialised. Change-Id: I4cdad9ba46e9919221c3cbd79637508959359427
pirms 10 gadiem
Fix IWYU violation in speed.cc. We need time.h for clock_gettime on Linux. Previously, scoped_types.h was pulling in everything and getting it for us, but now it doesn't exist. We seem to have been pulling it in on accident anyway but it seems Android's system headers end up not doing so. Change-Id: I0a04495b1462649d77d62018e317c416803ac58d Reviewed-on: https://boringssl-review.googlesource.com/11000 Reviewed-by: Matt Braithwaite <mab@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 8 gadiem
Split the speed tests into their own file.
pirms 10 gadiem
Make constants in bssl tool actually const. Change-Id: Iedf6a1bafbe195b689e1aebd2293332e38c1f4c7 Reviewed-on: https://boringssl-review.googlesource.com/5042 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Add 64-bit, P-256 implementation. This is taken from upstream, although it originally came from us. This will only take effect on 64-bit systems (x86-64 and aarch64). Before: Did 1496 ECDH P-256 operations in 1038743us (1440.2 ops/sec) Did 2783 ECDSA P-256 signing operations in 1081006us (2574.5 ops/sec) Did 2400 ECDSA P-256 verify operations in 1059508us (2265.2 ops/sec) After: Did 4147 ECDH P-256 operations in 1061723us (3905.9 ops/sec) Did 9372 ECDSA P-256 signing operations in 1040589us (9006.4 ops/sec) Did 4114 ECDSA P-256 verify operations in 1063478us (3868.4 ops/sec) Change-Id: I11fabb03239cc3a7c4a97325ed4e4c97421f91a9
pirms 9 gadiem
Remove string.h from base.h. Including string.h in base.h causes any file that includes a BoringSSL header to include string.h. Generally this wouldn't be a problem, although string.h might slow down the compile if it wasn't otherwise needed. However, it also causes problems for ipsec-tools in Android because OpenSSL didn't have this behaviour. This change removes string.h from base.h and, instead, adds it to each .c file that requires it. Change-Id: I5968e50b0e230fd3adf9b72dd2836e6f52d6fb37 Reviewed-on: https://boringssl-review.googlesource.com/3200 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Split the speed tests into their own file.
pirms 10 gadiem
Include some build fixes for OS X. Apart from the obvious little issues, this also works around a (seeming) libtool/linker: a.c defines a symbol: int kFoo; b.c uses it: extern int kFoo; int f() { return kFoo; } compile them: $ gcc -c a.c $ gcc -c b.c and create a dummy main in order to run it, main.c: int f(); int main() { return f(); } this works as expected: $ gcc main.c a.o b.o but, if we make an archive: $ ar q lib.a a.o b.o and use that: $ gcc main.c lib.a Undefined symbols for architecture x86_64 "_kFoo", referenced from: _f in lib.a(b.o) (It doesn't matter what order the .o files are put into the .a) Linux and Windows don't seem to have this problem. nm on a.o shows that the symbol is of type "C", which is a "common symbol"[1]. Basically the linker will merge multiple common symbol definitions together. If ones makes a.c read: int kFoo = 0; Then one gets a type "D" symbol - a "data section symbol" and everything works just fine. This might actually be a libtool bug instead of an ld bug: Looking at `xxd lib.a | less`, the __.SYMDEF SORTED index at the beginning of the archive doesn't contain an entry for kFoo unless initialised. Change-Id: I4cdad9ba46e9919221c3cbd79637508959359427
pirms 10 gadiem
Split the speed tests into their own file.
pirms 10 gadiem
Give bssl speed proper arg parsing and a -timeout flag. I've found that changing the timeout to 10s rather than 1s gives much more stable numbers. BUG=82 Change-Id: Ie026bf808e8bf78b35925add69f84c3ff31c31ab Reviewed-on: https://boringssl-review.googlesource.com/10349 CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Commit-Queue: David Benjamin <davidben@google.com> Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: Adam Langley <agl@google.com>
pirms 8 gadiem
Split the speed tests into their own file.
pirms 10 gadiem
Give bssl speed proper arg parsing and a -timeout flag. I've found that changing the timeout to 10s rather than 1s gives much more stable numbers. BUG=82 Change-Id: Ie026bf808e8bf78b35925add69f84c3ff31c31ab Reviewed-on: https://boringssl-review.googlesource.com/10349 CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Commit-Queue: David Benjamin <davidben@google.com> Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: Adam Langley <agl@google.com>
pirms 8 gadiem
Split the speed tests into their own file.
pirms 10 gadiem
Give bssl speed proper arg parsing and a -timeout flag. I've found that changing the timeout to 10s rather than 1s gives much more stable numbers. BUG=82 Change-Id: Ie026bf808e8bf78b35925add69f84c3ff31c31ab Reviewed-on: https://boringssl-review.googlesource.com/10349 CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Commit-Queue: David Benjamin <davidben@google.com> Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: Adam Langley <agl@google.com>
pirms 8 gadiem
Split the speed tests into their own file.
pirms 10 gadiem
Give bssl speed proper arg parsing and a -timeout flag. I've found that changing the timeout to 10s rather than 1s gives much more stable numbers. BUG=82 Change-Id: Ie026bf808e8bf78b35925add69f84c3ff31c31ab Reviewed-on: https://boringssl-review.googlesource.com/10349 CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Commit-Queue: David Benjamin <davidben@google.com> Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: Adam Langley <agl@google.com>
pirms 8 gadiem
Split the speed tests into their own file.
pirms 10 gadiem
tool: benchmark the RNG. This change adds a benchmark for the RNG and also allows specific speed tests to be selected via a command-line argument, since the full speed suite is getting quite lengthy now and is only going to get longer in the future. Change-Id: If62c69177d58d3eb945d6108524c144ea0044137 Reviewed-on: https://boringssl-review.googlesource.com/4326 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Split the speed tests into their own file.
pirms 10 gadiem
tool: benchmark the RNG. This change adds a benchmark for the RNG and also allows specific speed tests to be selected via a command-line argument, since the full speed suite is getting quite lengthy now and is only going to get longer in the future. Change-Id: If62c69177d58d3eb945d6108524c144ea0044137 Reviewed-on: https://boringssl-review.googlesource.com/4326 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Split the speed tests into their own file.
pirms 10 gadiem
Include |BN_MONT_CTX| construction in RSA verification speed test. Change-Id: I30d6560156bedeac781b12c16a65cfede7891bb7 Reviewed-on: https://boringssl-review.googlesource.com/10522 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 8 gadiem
Split the speed tests into their own file.
pirms 10 gadiem
Rename BIO_print_errors_fp back to ERR_print_errors_fp & refactor it. A previous change in BoringSSL renamed ERR_print_errors_fp to BIO_print_errors_fp as part of refactoring the code to improve the layering of modules within BoringSSL. Rename it back for better compatibility with code that was using the function under the original name. Move its definition back to crypto/err using an implementation that avoids depending on crypto/bio. Change-Id: Iee7703bb1eb4a3d640aff6485712bea71d7c1052 Reviewed-on: https://boringssl-review.googlesource.com/4310 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Split the speed tests into their own file.
pirms 10 gadiem
Include |BN_MONT_CTX| construction in RSA verification speed test. Change-Id: I30d6560156bedeac781b12c16a65cfede7891bb7 Reviewed-on: https://boringssl-review.googlesource.com/10522 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 8 gadiem
Replace Scoped* heap types with bssl::UniquePtr. Unlike the Scoped* types, bssl::UniquePtr is available to C++ users, and offered for a large variety of types. The 'extern "C++"' trick is used to make the C++ bits digestible to C callers that wrap header files in 'extern "C"'. Change-Id: Ifbca4c2997d6628e33028c7d7620c72aff0f862e Reviewed-on: https://boringssl-review.googlesource.com/10521 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 8 gadiem
Include |BN_MONT_CTX| construction in RSA verification speed test. Change-Id: I30d6560156bedeac781b12c16a65cfede7891bb7 Reviewed-on: https://boringssl-review.googlesource.com/10522 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 8 gadiem
Split the speed tests into their own file.
pirms 10 gadiem
Rename BIO_print_errors_fp back to ERR_print_errors_fp & refactor it. A previous change in BoringSSL renamed ERR_print_errors_fp to BIO_print_errors_fp as part of refactoring the code to improve the layering of modules within BoringSSL. Rename it back for better compatibility with code that was using the function under the original name. Move its definition back to crypto/err using an implementation that avoids depending on crypto/bio. Change-Id: Iee7703bb1eb4a3d640aff6485712bea71d7c1052 Reviewed-on: https://boringssl-review.googlesource.com/4310 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Split the speed tests into their own file.
pirms 10 gadiem
Align pointers by hand. This avoids having Windows be different and is also easier for testing because it's a simple matter to unalign the pointer if needed. Change-Id: I32cfa5834e3fe4f16304a25092b9c71946d4744d Reviewed-on: https://boringssl-review.googlesource.com/3131 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Fix out-of-bounds memory write in speed.cc. Windows x64 uses the IL32P64 data model, which means that unsigned int is 32 bits and size_t is 64 bits. Previously, the expression |~(alignment - 1)| resulted in the 32-bit value 0xFFFFFFF0, which was then extended to the 64-bit value 0x00000000FFFFFFF0 when promoted to size_t. When the input pointer was masked with this value, the result was a pointer that was usually way outside the boundaries of the array. The new code casts |alignment| to size_t first prior to the bitwise negation, resulting in the correct mask value of 0xFFFFFFFFFFFFFFF0. Change-Id: I04754aa9e1ce7a615c2b4c74051cfcca38dbb52f Reviewed-on: https://boringssl-review.googlesource.com/3961 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Benchmark AEADs with aligned buffers. This eliminates a source of variability from the benchmarks. Change-Id: I8ce07bd68e7591f8c5545040b02b96d21609a0e5 Reviewed-on: https://boringssl-review.googlesource.com/2920 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Split the speed tests into their own file.
pirms 10 gadiem
Also test AES-CBC modes in the speed tool. This change adds the AES-128-CBC-SHA and AES-256-CBC-SHA AEADs to the speed test. These AEADs need an 11 byte additional data so the test is extended to be able to provide that. Change-Id: I9a57c2321a979a68ab0df9faf1bb26b44a3009c4 Reviewed-on: https://boringssl-review.googlesource.com/2922 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Align pointers by hand. This avoids having Windows be different and is also easier for testing because it's a simple matter to unalign the pointer if needed. Change-Id: I32cfa5834e3fe4f16304a25092b9c71946d4744d Reviewed-on: https://boringssl-review.googlesource.com/3131 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Use scopers in tool/ Change-Id: I4e61dc57d1ec65e892b1933f35663db164f017eb Reviewed-on: https://boringssl-review.googlesource.com/11681 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
pirms 8 gadiem
Split the speed tests into their own file.
pirms 10 gadiem
Free new[]'d array using delete[] instead of free in speed.cc. Change-Id: Ic3d5e8de0b6800c0852c2057427836302c1f1aaa Reviewed-on: https://boringssl-review.googlesource.com/3962 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Also test AES-CBC modes in the speed tool. This change adds the AES-128-CBC-SHA and AES-256-CBC-SHA AEADs to the speed test. These AEADs need an 11 byte additional data so the test is extended to be able to provide that. Change-Id: I9a57c2321a979a68ab0df9faf1bb26b44a3009c4 Reviewed-on: https://boringssl-review.googlesource.com/2922 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Split the speed tests into their own file.
pirms 10 gadiem
Align pointers by hand. This avoids having Windows be different and is also easier for testing because it's a simple matter to unalign the pointer if needed. Change-Id: I32cfa5834e3fe4f16304a25092b9c71946d4744d Reviewed-on: https://boringssl-review.googlesource.com/3131 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Use scopers in tool/ Change-Id: I4e61dc57d1ec65e892b1933f35663db164f017eb Reviewed-on: https://boringssl-review.googlesource.com/11681 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
pirms 8 gadiem
Fix bssl speed. The TLS AEADs require EVP_AEAD_CTX_init_with_direction now. The speed command was never updated to account for this. BUG=467762 Change-Id: I8c7d4566b51d54d91d17318b8f4813ad8f19c777 Reviewed-on: https://boringssl-review.googlesource.com/3971 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Split the speed tests into their own file.
pirms 10 gadiem
Rename BIO_print_errors_fp back to ERR_print_errors_fp & refactor it. A previous change in BoringSSL renamed ERR_print_errors_fp to BIO_print_errors_fp as part of refactoring the code to improve the layering of modules within BoringSSL. Rename it back for better compatibility with code that was using the function under the original name. Move its definition back to crypto/err using an implementation that avoids depending on crypto/bio. Change-Id: Iee7703bb1eb4a3d640aff6485712bea71d7c1052 Reviewed-on: https://boringssl-review.googlesource.com/4310 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Split the speed tests into their own file.
pirms 10 gadiem
Align pointers by hand. This avoids having Windows be different and is also easier for testing because it's a simple matter to unalign the pointer if needed. Change-Id: I32cfa5834e3fe4f16304a25092b9c71946d4744d Reviewed-on: https://boringssl-review.googlesource.com/3131 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Split the speed tests into their own file.
pirms 10 gadiem
Use scopers in tool/ Change-Id: I4e61dc57d1ec65e892b1933f35663db164f017eb Reviewed-on: https://boringssl-review.googlesource.com/11681 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
pirms 8 gadiem
Split the speed tests into their own file.
pirms 10 gadiem
Rename BIO_print_errors_fp back to ERR_print_errors_fp & refactor it. A previous change in BoringSSL renamed ERR_print_errors_fp to BIO_print_errors_fp as part of refactoring the code to improve the layering of modules within BoringSSL. Rename it back for better compatibility with code that was using the function under the original name. Move its definition back to crypto/err using an implementation that avoids depending on crypto/bio. Change-Id: Iee7703bb1eb4a3d640aff6485712bea71d7c1052 Reviewed-on: https://boringssl-review.googlesource.com/4310 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Split the speed tests into their own file.
pirms 10 gadiem
Also test AES-CBC modes in the speed tool. This change adds the AES-128-CBC-SHA and AES-256-CBC-SHA AEADs to the speed test. These AEADs need an 11 byte additional data so the test is extended to be able to provide that. Change-Id: I9a57c2321a979a68ab0df9faf1bb26b44a3009c4 Reviewed-on: https://boringssl-review.googlesource.com/2922 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
tool: benchmark the RNG. This change adds a benchmark for the RNG and also allows specific speed tests to be selected via a command-line argument, since the full speed suite is getting quite lengthy now and is only going to get longer in the future. Change-Id: If62c69177d58d3eb945d6108524c144ea0044137 Reviewed-on: https://boringssl-review.googlesource.com/4326 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Also test AES-CBC modes in the speed tool. This change adds the AES-128-CBC-SHA and AES-256-CBC-SHA AEADs to the speed test. These AEADs need an 11 byte additional data so the test is extended to be able to provide that. Change-Id: I9a57c2321a979a68ab0df9faf1bb26b44a3009c4 Reviewed-on: https://boringssl-review.googlesource.com/2922 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Split the speed tests into their own file.
pirms 10 gadiem
Add benchmarks for hash functions to bssl speed.
pirms 10 gadiem
Rename BIO_print_errors_fp back to ERR_print_errors_fp & refactor it. A previous change in BoringSSL renamed ERR_print_errors_fp to BIO_print_errors_fp as part of refactoring the code to improve the layering of modules within BoringSSL. Rename it back for better compatibility with code that was using the function under the original name. Move its definition back to crypto/err using an implementation that avoids depending on crypto/bio. Change-Id: Iee7703bb1eb4a3d640aff6485712bea71d7c1052 Reviewed-on: https://boringssl-review.googlesource.com/4310 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Add benchmarks for hash functions to bssl speed.
pirms 10 gadiem
tool: benchmark the RNG. This change adds a benchmark for the RNG and also allows specific speed tests to be selected via a command-line argument, since the full speed suite is getting quite lengthy now and is only going to get longer in the future. Change-Id: If62c69177d58d3eb945d6108524c144ea0044137 Reviewed-on: https://boringssl-review.googlesource.com/4326 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Add benchmarks for hash functions to bssl speed.
pirms 10 gadiem
Fix more clang-tidy warnings. Changes imported from Chih-hung Hsieh's CL at https://android-review.googlesource.com/c/235696/. Change-Id: I02f170f0a059c21a8d6f221dcc779f6476f36bbf Reviewed-on: https://boringssl-review.googlesource.com/12026 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 8 gadiem
tool: benchmark the RNG. This change adds a benchmark for the RNG and also allows specific speed tests to be selected via a command-line argument, since the full speed suite is getting quite lengthy now and is only going to get longer in the future. Change-Id: If62c69177d58d3eb945d6108524c144ea0044137 Reviewed-on: https://boringssl-review.googlesource.com/4326 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Add 64-bit, P-256 implementation. This is taken from upstream, although it originally came from us. This will only take effect on 64-bit systems (x86-64 and aarch64). Before: Did 1496 ECDH P-256 operations in 1038743us (1440.2 ops/sec) Did 2783 ECDSA P-256 signing operations in 1081006us (2574.5 ops/sec) Did 2400 ECDSA P-256 verify operations in 1059508us (2265.2 ops/sec) After: Did 4147 ECDH P-256 operations in 1061723us (3905.9 ops/sec) Did 9372 ECDSA P-256 signing operations in 1040589us (9006.4 ops/sec) Did 4114 ECDSA P-256 verify operations in 1063478us (3868.4 ops/sec) Change-Id: I11fabb03239cc3a7c4a97325ed4e4c97421f91a9
pirms 9 gadiem
Replace Scoped* heap types with bssl::UniquePtr. Unlike the Scoped* types, bssl::UniquePtr is available to C++ users, and offered for a large variety of types. The 'extern "C++"' trick is used to make the C++ bits digestible to C callers that wrap header files in 'extern "C"'. Change-Id: Ifbca4c2997d6628e33028c7d7620c72aff0f862e Reviewed-on: https://boringssl-review.googlesource.com/10521 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 8 gadiem
Add 64-bit, P-256 implementation. This is taken from upstream, although it originally came from us. This will only take effect on 64-bit systems (x86-64 and aarch64). Before: Did 1496 ECDH P-256 operations in 1038743us (1440.2 ops/sec) Did 2783 ECDSA P-256 signing operations in 1081006us (2574.5 ops/sec) Did 2400 ECDSA P-256 verify operations in 1059508us (2265.2 ops/sec) After: Did 4147 ECDH P-256 operations in 1061723us (3905.9 ops/sec) Did 9372 ECDSA P-256 signing operations in 1040589us (9006.4 ops/sec) Did 4114 ECDSA P-256 verify operations in 1063478us (3868.4 ops/sec) Change-Id: I11fabb03239cc3a7c4a97325ed4e4c97421f91a9
pirms 9 gadiem
Replace Scoped* heap types with bssl::UniquePtr. Unlike the Scoped* types, bssl::UniquePtr is available to C++ users, and offered for a large variety of types. The 'extern "C++"' trick is used to make the C++ bits digestible to C callers that wrap header files in 'extern "C"'. Change-Id: Ifbca4c2997d6628e33028c7d7620c72aff0f862e Reviewed-on: https://boringssl-review.googlesource.com/10521 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 8 gadiem
Add 64-bit, P-256 implementation. This is taken from upstream, although it originally came from us. This will only take effect on 64-bit systems (x86-64 and aarch64). Before: Did 1496 ECDH P-256 operations in 1038743us (1440.2 ops/sec) Did 2783 ECDSA P-256 signing operations in 1081006us (2574.5 ops/sec) Did 2400 ECDSA P-256 verify operations in 1059508us (2265.2 ops/sec) After: Did 4147 ECDH P-256 operations in 1061723us (3905.9 ops/sec) Did 9372 ECDSA P-256 signing operations in 1040589us (9006.4 ops/sec) Did 4114 ECDSA P-256 verify operations in 1063478us (3868.4 ops/sec) Change-Id: I11fabb03239cc3a7c4a97325ed4e4c97421f91a9
pirms 9 gadiem
Replace Scoped* heap types with bssl::UniquePtr. Unlike the Scoped* types, bssl::UniquePtr is available to C++ users, and offered for a large variety of types. The 'extern "C++"' trick is used to make the C++ bits digestible to C callers that wrap header files in 'extern "C"'. Change-Id: Ifbca4c2997d6628e33028c7d7620c72aff0f862e Reviewed-on: https://boringssl-review.googlesource.com/10521 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 8 gadiem
Add 64-bit, P-256 implementation. This is taken from upstream, although it originally came from us. This will only take effect on 64-bit systems (x86-64 and aarch64). Before: Did 1496 ECDH P-256 operations in 1038743us (1440.2 ops/sec) Did 2783 ECDSA P-256 signing operations in 1081006us (2574.5 ops/sec) Did 2400 ECDSA P-256 verify operations in 1059508us (2265.2 ops/sec) After: Did 4147 ECDH P-256 operations in 1061723us (3905.9 ops/sec) Did 9372 ECDSA P-256 signing operations in 1040589us (9006.4 ops/sec) Did 4114 ECDSA P-256 verify operations in 1063478us (3868.4 ops/sec) Change-Id: I11fabb03239cc3a7c4a97325ed4e4c97421f91a9
pirms 9 gadiem
Replace Scoped* heap types with bssl::UniquePtr. Unlike the Scoped* types, bssl::UniquePtr is available to C++ users, and offered for a large variety of types. The 'extern "C++"' trick is used to make the C++ bits digestible to C callers that wrap header files in 'extern "C"'. Change-Id: Ifbca4c2997d6628e33028c7d7620c72aff0f862e Reviewed-on: https://boringssl-review.googlesource.com/10521 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 8 gadiem
Add 64-bit, P-256 implementation. This is taken from upstream, although it originally came from us. This will only take effect on 64-bit systems (x86-64 and aarch64). Before: Did 1496 ECDH P-256 operations in 1038743us (1440.2 ops/sec) Did 2783 ECDSA P-256 signing operations in 1081006us (2574.5 ops/sec) Did 2400 ECDSA P-256 verify operations in 1059508us (2265.2 ops/sec) After: Did 4147 ECDH P-256 operations in 1061723us (3905.9 ops/sec) Did 9372 ECDSA P-256 signing operations in 1040589us (9006.4 ops/sec) Did 4114 ECDSA P-256 verify operations in 1063478us (3868.4 ops/sec) Change-Id: I11fabb03239cc3a7c4a97325ed4e4c97421f91a9
pirms 9 gadiem
Add X25519 and Ed25519 support. (Ed25519 support is disabled when |OPENSSL_SMALL| is defined.) libcrypto.a sizes: x86-64 -O3 -march=native: +78012 (1584902 → 1662914) x86-64 -O3 -march=native -DOPENSSL_SMALL: +10596 (1356206 → 1366802) Android armv7 Thumb -O2 -DOPENSSL_SMALL: +13132 (1258462 → 1271594) Change-Id: I6a7e64d481e4ce4daa7d5057578081358746cfb9 Reviewed-on: https://boringssl-review.googlesource.com/6497 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Fix curve25519 code for MSVC. MSVC doesn't like unary minus on unsigned types. Also, the speed test always failed because the inputs were all zeros and thus had small order. Change-Id: Ic2d3c2c9bd57dc66295d93891396871cebac1e0b
pirms 9 gadiem
Add X25519 and Ed25519 support. (Ed25519 support is disabled when |OPENSSL_SMALL| is defined.) libcrypto.a sizes: x86-64 -O3 -march=native: +78012 (1584902 → 1662914) x86-64 -O3 -march=native -DOPENSSL_SMALL: +10596 (1356206 → 1366802) Android armv7 Thumb -O2 -DOPENSSL_SMALL: +13132 (1258462 → 1271594) Change-Id: I6a7e64d481e4ce4daa7d5057578081358746cfb9 Reviewed-on: https://boringssl-review.googlesource.com/6497 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Add SPAKE2 over Ed25519. SPAKE2 is a password-authenticated key exchange. This implementation is over the twisted Edwards curve Ed25519, and uses SHA-512 as the hash primitive. See https://tools.ietf.org/html/draft-irtf-cfrg-spake2-03 Change-Id: I2cd3c3ebdc3d55ac3aea3a9eb0d06275509597ac Reviewed-on: https://boringssl-review.googlesource.com/7114 Reviewed-by: Adam Langley <agl@google.com>
pirms 8 gadiem
Replace Scoped* heap types with bssl::UniquePtr. Unlike the Scoped* types, bssl::UniquePtr is available to C++ users, and offered for a large variety of types. The 'extern "C++"' trick is used to make the C++ bits digestible to C callers that wrap header files in 'extern "C"'. Change-Id: Ifbca4c2997d6628e33028c7d7620c72aff0f862e Reviewed-on: https://boringssl-review.googlesource.com/10521 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 8 gadiem
Add SPAKE2 over Ed25519. SPAKE2 is a password-authenticated key exchange. This implementation is over the twisted Edwards curve Ed25519, and uses SHA-512 as the hash primitive. See https://tools.ietf.org/html/draft-irtf-cfrg-spake2-03 Change-Id: I2cd3c3ebdc3d55ac3aea3a9eb0d06275509597ac Reviewed-on: https://boringssl-review.googlesource.com/7114 Reviewed-by: Adam Langley <agl@google.com>
pirms 8 gadiem
Pass |alice_msg| by reference in the SPAKE2 speed test. This is an attempt to make MSVC happy. Currently it's saying: ..\tool\speed.cc(508) : error C2536: 'SpeedSPAKE2::<lambda_…>::SpeedSPAKE2::<lambda_…>::alice_msg' : cannot specify explicit initializer for arrays Change-Id: Ifba1df26b5d734f142668a41834645c1549f9f52 Reviewed-on: https://boringssl-review.googlesource.com/7248 Reviewed-by: David Benjamin <davidben@google.com>
pirms 8 gadiem
Replace Scoped* heap types with bssl::UniquePtr. Unlike the Scoped* types, bssl::UniquePtr is available to C++ users, and offered for a large variety of types. The 'extern "C++"' trick is used to make the C++ bits digestible to C callers that wrap header files in 'extern "C"'. Change-Id: Ifbca4c2997d6628e33028c7d7620c72aff0f862e Reviewed-on: https://boringssl-review.googlesource.com/10521 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 8 gadiem
Add SPAKE2 over Ed25519. SPAKE2 is a password-authenticated key exchange. This implementation is over the twisted Edwards curve Ed25519, and uses SHA-512 as the hash primitive. See https://tools.ietf.org/html/draft-irtf-cfrg-spake2-03 Change-Id: I2cd3c3ebdc3d55ac3aea3a9eb0d06275509597ac Reviewed-on: https://boringssl-review.googlesource.com/7114 Reviewed-by: Adam Langley <agl@google.com>
pirms 8 gadiem
Give bssl speed proper arg parsing and a -timeout flag. I've found that changing the timeout to 10s rather than 1s gives much more stable numbers. BUG=82 Change-Id: Ie026bf808e8bf78b35925add69f84c3ff31c31ab Reviewed-on: https://boringssl-review.googlesource.com/10349 CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Commit-Queue: David Benjamin <davidben@google.com> Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: Adam Langley <agl@google.com>
pirms 8 gadiem
Split the speed tests into their own file.
pirms 10 gadiem
Give bssl speed proper arg parsing and a -timeout flag. I've found that changing the timeout to 10s rather than 1s gives much more stable numbers. BUG=82 Change-Id: Ie026bf808e8bf78b35925add69f84c3ff31c31ab Reviewed-on: https://boringssl-review.googlesource.com/10349 CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Commit-Queue: David Benjamin <davidben@google.com> Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: Adam Langley <agl@google.com>
pirms 8 gadiem
tool: benchmark the RNG. This change adds a benchmark for the RNG and also allows specific speed tests to be selected via a command-line argument, since the full speed suite is getting quite lengthy now and is only going to get longer in the future. Change-Id: If62c69177d58d3eb945d6108524c144ea0044137 Reviewed-on: https://boringssl-review.googlesource.com/4326 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Give bssl speed proper arg parsing and a -timeout flag. I've found that changing the timeout to 10s rather than 1s gives much more stable numbers. BUG=82 Change-Id: Ie026bf808e8bf78b35925add69f84c3ff31c31ab Reviewed-on: https://boringssl-review.googlesource.com/10349 CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Commit-Queue: David Benjamin <davidben@google.com> Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: Adam Langley <agl@google.com>
pirms 8 gadiem
tool: benchmark the RNG. This change adds a benchmark for the RNG and also allows specific speed tests to be selected via a command-line argument, since the full speed suite is getting quite lengthy now and is only going to get longer in the future. Change-Id: If62c69177d58d3eb945d6108524c144ea0044137 Reviewed-on: https://boringssl-review.googlesource.com/4326 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Split the speed tests into their own file.
pirms 10 gadiem
Use scopers in tool/ Change-Id: I4e61dc57d1ec65e892b1933f35663db164f017eb Reviewed-on: https://boringssl-review.googlesource.com/11681 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
pirms 8 gadiem
Split the speed tests into their own file.
pirms 10 gadiem
Rename BIO_print_errors_fp back to ERR_print_errors_fp & refactor it. A previous change in BoringSSL renamed ERR_print_errors_fp to BIO_print_errors_fp as part of refactoring the code to improve the layering of modules within BoringSSL. Rename it back for better compatibility with code that was using the function under the original name. Move its definition back to crypto/err using an implementation that avoids depending on crypto/bio. Change-Id: Iee7703bb1eb4a3d640aff6485712bea71d7c1052 Reviewed-on: https://boringssl-review.googlesource.com/4310 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Split the speed tests into their own file.
pirms 10 gadiem
Use scopers in tool/ Change-Id: I4e61dc57d1ec65e892b1933f35663db164f017eb Reviewed-on: https://boringssl-review.googlesource.com/11681 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
pirms 8 gadiem
Split the speed tests into their own file.
pirms 10 gadiem
Use scopers in tool/ Change-Id: I4e61dc57d1ec65e892b1933f35663db164f017eb Reviewed-on: https://boringssl-review.googlesource.com/11681 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
pirms 8 gadiem
Multi-prime RSA support. RSA with more than two primes is specified in https://tools.ietf.org/html/rfc3447, although the idea goes back far earier than that. This change ports some of the changes in http://rt.openssl.org/Ticket/Display.html?id=3477&user=guest&pass=guest to BoringSSL—specifically those bits that are under an OpenSSL license. Change-Id: I51e8e345e2148702b8ce12e00518f6ef4683d3e1 Reviewed-on: https://boringssl-review.googlesource.com/4870 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Use scopers in tool/ Change-Id: I4e61dc57d1ec65e892b1933f35663db164f017eb Reviewed-on: https://boringssl-review.googlesource.com/11681 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
pirms 8 gadiem
Multi-prime RSA support. RSA with more than two primes is specified in https://tools.ietf.org/html/rfc3447, although the idea goes back far earier than that. This change ports some of the changes in http://rt.openssl.org/Ticket/Display.html?id=3477&user=guest&pass=guest to BoringSSL—specifically those bits that are under an OpenSSL license. Change-Id: I51e8e345e2148702b8ce12e00518f6ef4683d3e1 Reviewed-on: https://boringssl-review.googlesource.com/4870 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Use scopers in tool/ Change-Id: I4e61dc57d1ec65e892b1933f35663db164f017eb Reviewed-on: https://boringssl-review.googlesource.com/11681 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
pirms 8 gadiem
Split the speed tests into their own file.
pirms 10 gadiem
Rename BIO_print_errors_fp back to ERR_print_errors_fp & refactor it. A previous change in BoringSSL renamed ERR_print_errors_fp to BIO_print_errors_fp as part of refactoring the code to improve the layering of modules within BoringSSL. Rename it back for better compatibility with code that was using the function under the original name. Move its definition back to crypto/err using an implementation that avoids depending on crypto/bio. Change-Id: Iee7703bb1eb4a3d640aff6485712bea71d7c1052 Reviewed-on: https://boringssl-review.googlesource.com/4310 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Split the speed tests into their own file.
pirms 10 gadiem
Use scopers in tool/ Change-Id: I4e61dc57d1ec65e892b1933f35663db164f017eb Reviewed-on: https://boringssl-review.googlesource.com/11681 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
pirms 8 gadiem
Split the speed tests into their own file.
pirms 10 gadiem
Use scopers in tool/ Change-Id: I4e61dc57d1ec65e892b1933f35663db164f017eb Reviewed-on: https://boringssl-review.googlesource.com/11681 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
pirms 8 gadiem
Split the speed tests into their own file.
pirms 10 gadiem
Also test AES-CBC modes in the speed tool. This change adds the AES-128-CBC-SHA and AES-256-CBC-SHA AEADs to the speed test. These AEADs need an 11 byte additional data so the test is extended to be able to provide that. Change-Id: I9a57c2321a979a68ab0df9faf1bb26b44a3009c4 Reviewed-on: https://boringssl-review.googlesource.com/2922 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
tool: benchmark the RNG. This change adds a benchmark for the RNG and also allows specific speed tests to be selected via a command-line argument, since the full speed suite is getting quite lengthy now and is only going to get longer in the future. Change-Id: If62c69177d58d3eb945d6108524c144ea0044137 Reviewed-on: https://boringssl-review.googlesource.com/4326 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Point EVP_aead_chacha20_poly1305 at the standardized version. The consumers have all been updated, so we can move EVP_aead_chacha20_poly1305 to its final state. Unfortunately, the _rfc7539-suffixed version will need to stick around for just a hair longer. Also the tls1.h macros, but the remaining consumers are okay with that changing underneath them. Change-Id: Ibbb70ec1860d6ac6a7e1d7b45e70fe692bf5ebe5 Reviewed-on: https://boringssl-review.googlesource.com/6600 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Add the RFC 7539 ChaCha20-Poly1305 AEAD. Change-Id: I07dfde7cc304d903c2253600905cc3e6257716c5 Reviewed-on: https://boringssl-review.googlesource.com/6101 Reviewed-by: Adam Langley <alangley@gmail.com>
pirms 9 gadiem
Add RC4-SHA1 and DES-EDE3-CBC-SHA1 to bssl speed. For completeness. In so far as we care about legacy ciphers' performance at all, we should have the others too. Change-Id: Idd2d93345f3af8b6ac5772a1cb3c201f84fe3197 Reviewed-on: https://boringssl-review.googlesource.com/6750 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
tool: benchmark the RNG. This change adds a benchmark for the RNG and also allows specific speed tests to be selected via a command-line argument, since the full speed suite is getting quite lengthy now and is only going to get longer in the future. Change-Id: If62c69177d58d3eb945d6108524c144ea0044137 Reviewed-on: https://boringssl-review.googlesource.com/4326 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Add generic AES-GCM-SIV support. AES-GCM-SIV is an AEAD with nonce-misuse resistance. It can reuse hardware support for AES-GCM and thus encrypt at ~66% the speed, and decrypt at 100% the speed, of AES-GCM. See https://tools.ietf.org/html/draft-irtf-cfrg-gcmsiv-02 This implementation is generic, not optimised, and reuses existing AES and GHASH support as much as possible. It is guarded by !OPENSSL_SMALL, at least for now. Change-Id: Ia9f77b256ef5dfb8588bb9ecfe6ee0e827626f57 Reviewed-on: https://boringssl-review.googlesource.com/12541 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 8 gadiem
tool: benchmark the RNG. This change adds a benchmark for the RNG and also allows specific speed tests to be selected via a command-line argument, since the full speed suite is getting quite lengthy now and is only going to get longer in the future. Change-Id: If62c69177d58d3eb945d6108524c144ea0044137 Reviewed-on: https://boringssl-review.googlesource.com/4326 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Add 64-bit, P-256 implementation. This is taken from upstream, although it originally came from us. This will only take effect on 64-bit systems (x86-64 and aarch64). Before: Did 1496 ECDH P-256 operations in 1038743us (1440.2 ops/sec) Did 2783 ECDSA P-256 signing operations in 1081006us (2574.5 ops/sec) Did 2400 ECDSA P-256 verify operations in 1059508us (2265.2 ops/sec) After: Did 4147 ECDH P-256 operations in 1061723us (3905.9 ops/sec) Did 9372 ECDSA P-256 signing operations in 1040589us (9006.4 ops/sec) Did 4114 ECDSA P-256 verify operations in 1063478us (3868.4 ops/sec) Change-Id: I11fabb03239cc3a7c4a97325ed4e4c97421f91a9
pirms 9 gadiem
Add X25519 and Ed25519 support. (Ed25519 support is disabled when |OPENSSL_SMALL| is defined.) libcrypto.a sizes: x86-64 -O3 -march=native: +78012 (1584902 → 1662914) x86-64 -O3 -march=native -DOPENSSL_SMALL: +10596 (1356206 → 1366802) Android armv7 Thumb -O2 -DOPENSSL_SMALL: +13132 (1258462 → 1271594) Change-Id: I6a7e64d481e4ce4daa7d5057578081358746cfb9 Reviewed-on: https://boringssl-review.googlesource.com/6497 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Add SPAKE2 over Ed25519. SPAKE2 is a password-authenticated key exchange. This implementation is over the twisted Edwards curve Ed25519, and uses SHA-512 as the hash primitive. See https://tools.ietf.org/html/draft-irtf-cfrg-spake2-03 Change-Id: I2cd3c3ebdc3d55ac3aea3a9eb0d06275509597ac Reviewed-on: https://boringssl-review.googlesource.com/7114 Reviewed-by: Adam Langley <agl@google.com>
pirms 8 gadiem
Remove New Hope key agreement. Change-Id: Iaac633616a54ba1ed04c14e4778865c169a68621 Reviewed-on: https://boringssl-review.googlesource.com/12703 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 7 gadiem
Split the speed tests into their own file.
pirms 10 gadiem
tool: benchmark the RNG. This change adds a benchmark for the RNG and also allows specific speed tests to be selected via a command-line argument, since the full speed suite is getting quite lengthy now and is only going to get longer in the future. Change-Id: If62c69177d58d3eb945d6108524c144ea0044137 Reviewed-on: https://boringssl-review.googlesource.com/4326 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Split the speed tests into their own file.
pirms 10 gadiem
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646 
  1. /* Copyright (c) 2014, Google Inc.

  2.  *

  3.  * Permission to use, copy, modify, and/or distribute this software for any

  4.  * purpose with or without fee is hereby granted, provided that the above

  5.  * copyright notice and this permission notice appear in all copies.

  6.  *

  7.  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

  8.  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

  9.  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY

  10.  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

  11.  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION

  12.  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN

  13.  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

  14. 

  15. #include <string>

  16. #include <functional>

  17. #include <memory>

  18. #include <vector>

  19. 

  20. #include <stdint.h>

  21. #include <stdlib.h>

  22. #include <string.h>

  23. 

  24. #include <openssl/aead.h>

  25. #include <openssl/bn.h>

  26. #include <openssl/curve25519.h>

  27. #include <openssl/digest.h>

  28. #include <openssl/err.h>

  29. #include <openssl/ec.h>

  30. #include <openssl/ecdsa.h>

  31. #include <openssl/ec_key.h>

  32. #include <openssl/nid.h>

  33. #include <openssl/rand.h>

  34. #include <openssl/rsa.h>

  35. 

  36. #if defined(OPENSSL_WINDOWS)

  37. OPENSSL_MSVC_PRAGMA(warning(push, 3))

  38. #include <windows.h>

  39. OPENSSL_MSVC_PRAGMA(warning(pop))

  40. #elif defined(OPENSSL_APPLE)

  41. #include <sys/time.h>

  42. #else

  43. #include <time.h>

  44. #endif

  45. 

  46. #include "internal.h"

  47. 

  48. 

  49. // TimeResults represents the results of benchmarking a function.

  50. struct TimeResults {

  51.   // num_calls is the number of function calls done in the time period.

  52.   unsigned num_calls;

  53.   // us is the number of microseconds that elapsed in the time period.

  54.   unsigned us;

  55. 

  56.   void Print(const std::string &description) {

  57.     printf("Did %u %s operations in %uus (%.1f ops/sec)\n", num_calls,

  58.            description.c_str(), us,

  59.            (static_cast<double>(num_calls) / us) * 1000000);

  60.   }

  61. 

  62.   void PrintWithBytes(const std::string &description, size_t bytes_per_call) {

  63.     printf("Did %u %s operations in %uus (%.1f ops/sec): %.1f MB/s\n",

  64.            num_calls, description.c_str(), us,

  65.            (static_cast<double>(num_calls) / us) * 1000000,

  66.            static_cast<double>(bytes_per_call * num_calls) / us);

  67.   }

  68. };

  69. 

  70. #if defined(OPENSSL_WINDOWS)

  71. static uint64_t time_now() { return GetTickCount64() * 1000; }

  72. #elif defined(OPENSSL_APPLE)

  73. static uint64_t time_now() {

  74.   struct timeval tv;

  75.   uint64_t ret;

  76. 

  77.   gettimeofday(&tv, NULL);

  78.   ret = tv.tv_sec;

  79.   ret *= 1000000;

  80.   ret += tv.tv_usec;

  81.   return ret;

  82. }

  83. #else

  84. static uint64_t time_now() {

  85.   struct timespec ts;

  86.   clock_gettime(CLOCK_MONOTONIC, &ts);

  87. 

  88.   uint64_t ret = ts.tv_sec;

  89.   ret *= 1000000;

  90.   ret += ts.tv_nsec / 1000;

  91.   return ret;

  92. }

  93. #endif

  94. 

  95. static uint64_t g_timeout_seconds = 1;

  96. 

  97. static bool TimeFunction(TimeResults *results, std::function<bool()> func) {

  98.   // total_us is the total amount of time that we'll aim to measure a function

  99.   // for.

  100.   const uint64_t total_us = g_timeout_seconds * 1000000;

  101.   uint64_t start = time_now(), now, delta;

  102.   unsigned done = 0, iterations_between_time_checks;

  103. 

  104.   if (!func()) {

  105.     return false;

  106.   }

  107.   now = time_now();

  108.   delta = now - start;

  109.   if (delta == 0) {

  110.     iterations_between_time_checks = 250;

  111.   } else {

  112.     // Aim for about 100ms between time checks.

  113.     iterations_between_time_checks =

  114.         static_cast<double>(100000) / static_cast<double>(delta);

  115.     if (iterations_between_time_checks > 1000) {

  116.       iterations_between_time_checks = 1000;

  117.     } else if (iterations_between_time_checks < 1) {

  118.       iterations_between_time_checks = 1;

  119.     }

  120.   }

  121. 

  122.   for (;;) {

  123.     for (unsigned i = 0; i < iterations_between_time_checks; i++) {

  124.       if (!func()) {

  125.         return false;

  126.       }

  127.       done++;

  128.     }

  129. 

  130.     now = time_now();

  131.     if (now - start > total_us) {

  132.       break;

  133.     }

  134.   }

  135. 

  136.   results->us = now - start;

  137.   results->num_calls = done;

  138.   return true;

  139. }

  140. 

  141. static bool SpeedRSA(const std::string &key_name, RSA *key,

  142.                      const std::string &selected) {

  143.   if (!selected.empty() && key_name.find(selected) == std::string::npos) {

  144.     return true;

  145.   }

  146. 

  147.   std::unique_ptr<uint8_t[]> sig(new uint8_t[RSA_size(key)]);

  148.   const uint8_t fake_sha256_hash[32] = {0};

  149.   unsigned sig_len;

  150. 

  151.   TimeResults results;

  152.   if (!TimeFunction(&results,

  153.                     [key, &sig, &fake_sha256_hash, &sig_len]() -> bool {

  154.         /* Usually during RSA signing we're using a long-lived |RSA| that has

  155.          * already had all of its |BN_MONT_CTX|s constructed, so it makes

  156.          * sense to use |key| directly here. */

  157.         return RSA_sign(NID_sha256, fake_sha256_hash, sizeof(fake_sha256_hash),

  158.                         sig.get(), &sig_len, key);

  159.       })) {

  160.     fprintf(stderr, "RSA_sign failed.\n");

  161.     ERR_print_errors_fp(stderr);

  162.     return false;

  163.   }

  164.   results.Print(key_name + " signing");

  165. 

  166.   if (!TimeFunction(&results,

  167.                     [key, &fake_sha256_hash, &sig, sig_len]() -> bool {

  168.         /* Usually during RSA verification we have to parse an RSA key from a

  169.          * certificate or similar, in which case we'd need to construct a new

  170.          * RSA key, with a new |BN_MONT_CTX| for the public modulus. If we were

  171.          * to use |key| directly instead, then these costs wouldn't be

  172.          * accounted for. */

  173.         bssl::UniquePtr<RSA> verify_key(RSA_new());

  174.         if (!verify_key) {

  175.           return false;

  176.         }

  177.         verify_key->n = BN_dup(key->n);

  178.         verify_key->e = BN_dup(key->e);

  179.         if (!verify_key->n ||

  180.             !verify_key->e) {

  181.           return false;

  182.         }

  183.         return RSA_verify(NID_sha256, fake_sha256_hash,

  184.                           sizeof(fake_sha256_hash), sig.get(), sig_len, key);

  185.       })) {

  186.     fprintf(stderr, "RSA_verify failed.\n");

  187.     ERR_print_errors_fp(stderr);

  188.     return false;

  189.   }

  190.   results.Print(key_name + " verify");

  191. 

  192.   return true;

  193. }

  194. 

  195. static uint8_t *align(uint8_t *in, unsigned alignment) {

  196.   return reinterpret_cast<uint8_t *>(

  197.       (reinterpret_cast<uintptr_t>(in) + alignment) &

  198.       ~static_cast<size_t>(alignment - 1));

  199. }

  200. 

  201. static bool SpeedAEADChunk(const EVP_AEAD *aead, const std::string &name,

  202.                            size_t chunk_len, size_t ad_len) {

  203.   static const unsigned kAlignment = 16;

  204. 

  205.   bssl::ScopedEVP_AEAD_CTX ctx;

  206.   const size_t key_len = EVP_AEAD_key_length(aead);

  207.   const size_t nonce_len = EVP_AEAD_nonce_length(aead);

  208.   const size_t overhead_len = EVP_AEAD_max_overhead(aead);

  209. 

  210.   std::unique_ptr<uint8_t[]> key(new uint8_t[key_len]);

  211.   memset(key.get(), 0, key_len);

  212.   std::unique_ptr<uint8_t[]> nonce(new uint8_t[nonce_len]);

  213.   memset(nonce.get(), 0, nonce_len);

  214.   std::unique_ptr<uint8_t[]> in_storage(new uint8_t[chunk_len + kAlignment]);

  215.   std::unique_ptr<uint8_t[]> out_storage(new uint8_t[chunk_len + overhead_len + kAlignment]);

  216.   std::unique_ptr<uint8_t[]> ad(new uint8_t[ad_len]);

  217.   memset(ad.get(), 0, ad_len);

  218. 

  219.   uint8_t *const in = align(in_storage.get(), kAlignment);

  220.   memset(in, 0, chunk_len);

  221.   uint8_t *const out = align(out_storage.get(), kAlignment);

  222.   memset(out, 0, chunk_len + overhead_len);

  223. 

  224.   if (!EVP_AEAD_CTX_init_with_direction(ctx.get(), aead, key.get(), key_len,

  225.                                         EVP_AEAD_DEFAULT_TAG_LENGTH,

  226.                                         evp_aead_seal)) {

  227.     fprintf(stderr, "Failed to create EVP_AEAD_CTX.\n");

  228.     ERR_print_errors_fp(stderr);

  229.     return false;

  230.   }

  231. 

  232.   TimeResults results;

  233.   if (!TimeFunction(&results, [chunk_len, overhead_len, nonce_len, ad_len, in,

  234.                                out, &ctx, &nonce, &ad]() -> bool {

  235.         size_t out_len;

  236.         return EVP_AEAD_CTX_seal(ctx.get(), out, &out_len,

  237.                                  chunk_len + overhead_len, nonce.get(),

  238.                                  nonce_len, in, chunk_len, ad.get(), ad_len);

  239.       })) {

  240.     fprintf(stderr, "EVP_AEAD_CTX_seal failed.\n");

  241.     ERR_print_errors_fp(stderr);

  242.     return false;

  243.   }

  244. 

  245.   results.PrintWithBytes(name + " seal", chunk_len);

  246.   return true;

  247. }

  248. 

  249. static bool SpeedAEAD(const EVP_AEAD *aead, const std::string &name,

  250.                       size_t ad_len, const std::string &selected) {

  251.   if (!selected.empty() && name.find(selected) == std::string::npos) {

  252.     return true;

  253.   }

  254. 

  255.   return SpeedAEADChunk(aead, name + " (16 bytes)", 16, ad_len) &&

  256.          SpeedAEADChunk(aead, name + " (1350 bytes)", 1350, ad_len) &&

  257.          SpeedAEADChunk(aead, name + " (8192 bytes)", 8192, ad_len);

  258. }

  259. 

  260. static bool SpeedHashChunk(const EVP_MD *md, const std::string &name,

  261.                            size_t chunk_len) {

  262.   EVP_MD_CTX *ctx = EVP_MD_CTX_create();

  263.   uint8_t scratch[8192];

  264. 

  265.   if (chunk_len > sizeof(scratch)) {

  266.     return false;

  267.   }

  268. 

  269.   TimeResults results;

  270.   if (!TimeFunction(&results, [ctx, md, chunk_len, &scratch]() -> bool {

  271.         uint8_t digest[EVP_MAX_MD_SIZE];

  272.         unsigned int md_len;

  273. 

  274.         return EVP_DigestInit_ex(ctx, md, NULL /* ENGINE */) &&

  275.                EVP_DigestUpdate(ctx, scratch, chunk_len) &&

  276.                EVP_DigestFinal_ex(ctx, digest, &md_len);

  277.       })) {

  278.     fprintf(stderr, "EVP_DigestInit_ex failed.\n");

  279.     ERR_print_errors_fp(stderr);

  280.     return false;

  281.   }

  282. 

  283.   results.PrintWithBytes(name, chunk_len);

  284. 

  285.   EVP_MD_CTX_destroy(ctx);

  286. 

  287.   return true;

  288. }

  289. static bool SpeedHash(const EVP_MD *md, const std::string &name,

  290.                       const std::string &selected) {

  291.   if (!selected.empty() && name.find(selected) == std::string::npos) {

  292.     return true;

  293.   }

  294. 

  295.   return SpeedHashChunk(md, name + " (16 bytes)", 16) &&

  296.          SpeedHashChunk(md, name + " (256 bytes)", 256) &&

  297.          SpeedHashChunk(md, name + " (8192 bytes)", 8192);

  298. }

  299. 

  300. static bool SpeedRandomChunk(const std::string &name, size_t chunk_len) {

  301.   uint8_t scratch[8192];

  302. 

  303.   if (chunk_len > sizeof(scratch)) {

  304.     return false;

  305.   }

  306. 

  307.   TimeResults results;

  308.   if (!TimeFunction(&results, [chunk_len, &scratch]() -> bool {

  309.         RAND_bytes(scratch, chunk_len);

  310.         return true;

  311.       })) {

  312.     return false;

  313.   }

  314. 

  315.   results.PrintWithBytes(name, chunk_len);

  316.   return true;

  317. }

  318. 

  319. static bool SpeedRandom(const std::string &selected) {

  320.   if (!selected.empty() && selected != "RNG") {

  321.     return true;

  322.   }

  323. 

  324.   return SpeedRandomChunk("RNG (16 bytes)", 16) &&

  325.          SpeedRandomChunk("RNG (256 bytes)", 256) &&

  326.          SpeedRandomChunk("RNG (8192 bytes)", 8192);

  327. }

  328. 

  329. static bool SpeedECDHCurve(const std::string &name, int nid,

  330.                            const std::string &selected) {

  331.   if (!selected.empty() && name.find(selected) == std::string::npos) {

  332.     return true;

  333.   }

  334. 

  335.   TimeResults results;

  336.   if (!TimeFunction(&results, [nid]() -> bool {

  337.         bssl::UniquePtr<EC_KEY> key(EC_KEY_new_by_curve_name(nid));

  338.         if (!key ||

  339.             !EC_KEY_generate_key(key.get())) {

  340.           return false;

  341.         }

  342.         const EC_GROUP *const group = EC_KEY_get0_group(key.get());

  343.         bssl::UniquePtr<EC_POINT> point(EC_POINT_new(group));

  344.         bssl::UniquePtr<BN_CTX> ctx(BN_CTX_new());

  345. 

  346.         bssl::UniquePtr<BIGNUM> x(BN_new());

  347.         bssl::UniquePtr<BIGNUM> y(BN_new());

  348. 

  349.         if (!point || !ctx || !x || !y ||

  350.             !EC_POINT_mul(group, point.get(), NULL,

  351.                           EC_KEY_get0_public_key(key.get()),

  352.                           EC_KEY_get0_private_key(key.get()), ctx.get()) ||

  353.             !EC_POINT_get_affine_coordinates_GFp(group, point.get(), x.get(),

  354.                                                  y.get(), ctx.get())) {

  355.           return false;

  356.         }

  357. 

  358.         return true;

  359.       })) {

  360.     return false;

  361.   }

  362. 

  363.   results.Print(name);

  364.   return true;

  365. }

  366. 

  367. static bool SpeedECDSACurve(const std::string &name, int nid,

  368.                             const std::string &selected) {

  369.   if (!selected.empty() && name.find(selected) == std::string::npos) {

  370.     return true;

  371.   }

  372. 

  373.   bssl::UniquePtr<EC_KEY> key(EC_KEY_new_by_curve_name(nid));

  374.   if (!key ||

  375.       !EC_KEY_generate_key(key.get())) {

  376.     return false;

  377.   }

  378. 

  379.   uint8_t signature[256];

  380.   if (ECDSA_size(key.get()) > sizeof(signature)) {

  381.     return false;

  382.   }

  383.   uint8_t digest[20];

  384.   memset(digest, 42, sizeof(digest));

  385.   unsigned sig_len;

  386. 

  387.   TimeResults results;

  388.   if (!TimeFunction(&results, [&key, &signature, &digest, &sig_len]() -> bool {

  389.         return ECDSA_sign(0, digest, sizeof(digest), signature, &sig_len,

  390.                           key.get()) == 1;

  391.       })) {

  392.     return false;

  393.   }

  394. 

  395.   results.Print(name + " signing");

  396. 

  397.   if (!TimeFunction(&results, [&key, &signature, &digest, sig_len]() -> bool {

  398.         return ECDSA_verify(0, digest, sizeof(digest), signature, sig_len,

  399.                             key.get()) == 1;

  400.       })) {

  401.     return false;

  402.   }

  403. 

  404.   results.Print(name + " verify");

  405. 

  406.   return true;

  407. }

  408. 

  409. static bool SpeedECDH(const std::string &selected) {

  410.   return SpeedECDHCurve("ECDH P-224", NID_secp224r1, selected) &&

  411.          SpeedECDHCurve("ECDH P-256", NID_X9_62_prime256v1, selected) &&

  412.          SpeedECDHCurve("ECDH P-384", NID_secp384r1, selected) &&

  413.          SpeedECDHCurve("ECDH P-521", NID_secp521r1, selected);

  414. }

  415. 

  416. static bool SpeedECDSA(const std::string &selected) {

  417.   return SpeedECDSACurve("ECDSA P-224", NID_secp224r1, selected) &&

  418.          SpeedECDSACurve("ECDSA P-256", NID_X9_62_prime256v1, selected) &&

  419.          SpeedECDSACurve("ECDSA P-384", NID_secp384r1, selected) &&

  420.          SpeedECDSACurve("ECDSA P-521", NID_secp521r1, selected);

  421. }

  422. 

  423. static bool Speed25519(const std::string &selected) {

  424.   if (!selected.empty() && selected.find("25519") == std::string::npos) {

  425.     return true;

  426.   }

  427. 

  428.   TimeResults results;

  429. 

  430.   uint8_t public_key[32], private_key[64];

  431. 

  432.   if (!TimeFunction(&results, [&public_key, &private_key]() -> bool {

  433.         ED25519_keypair(public_key, private_key);

  434.         return true;

  435.       })) {

  436.     return false;

  437.   }

  438. 

  439.   results.Print("Ed25519 key generation");

  440. 

  441.   static const uint8_t kMessage[] = {0, 1, 2, 3, 4, 5};

  442.   uint8_t signature[64];

  443. 

  444.   if (!TimeFunction(&results, [&private_key, &signature]() -> bool {

  445.         return ED25519_sign(signature, kMessage, sizeof(kMessage),

  446.                             private_key) == 1;

  447.       })) {

  448.     return false;

  449.   }

  450. 

  451.   results.Print("Ed25519 signing");

  452. 

  453.   if (!TimeFunction(&results, [&public_key, &signature]() -> bool {

  454.         return ED25519_verify(kMessage, sizeof(kMessage), signature,

  455.                               public_key) == 1;

  456.       })) {

  457.     fprintf(stderr, "Ed25519 verify failed.\n");

  458.     return false;

  459.   }

  460. 

  461.   results.Print("Ed25519 verify");

  462. 

  463.   if (!TimeFunction(&results, []() -> bool {

  464.         uint8_t out[32], in[32];

  465.         memset(in, 0, sizeof(in));

  466.         X25519_public_from_private(out, in);

  467.         return true;

  468.       })) {

  469.     fprintf(stderr, "Curve25519 base-point multiplication failed.\n");

  470.     return false;

  471.   }

  472. 

  473.   results.Print("Curve25519 base-point multiplication");

  474. 

  475.   if (!TimeFunction(&results, []() -> bool {

  476.         uint8_t out[32], in1[32], in2[32];

  477.         memset(in1, 0, sizeof(in1));

  478.         memset(in2, 0, sizeof(in2));

  479.         in1[0] = 1;

  480.         in2[0] = 9;

  481.         return X25519(out, in1, in2) == 1;

  482.       })) {

  483.     fprintf(stderr, "Curve25519 arbitrary point multiplication failed.\n");

  484.     return false;

  485.   }

  486. 

  487.   results.Print("Curve25519 arbitrary point multiplication");

  488. 

  489.   return true;

  490. }

  491. 

  492. static bool SpeedSPAKE2(const std::string &selected) {

  493.   if (!selected.empty() && selected.find("SPAKE2") == std::string::npos) {

  494.     return true;

  495.   }

  496. 

  497.   TimeResults results;

  498. 

  499.   static const uint8_t kAliceName[] = {'A'};

  500.   static const uint8_t kBobName[] = {'B'};

  501.   static const uint8_t kPassword[] = "password";

  502.   bssl::UniquePtr<SPAKE2_CTX> alice(SPAKE2_CTX_new(spake2_role_alice,

  503.                                     kAliceName, sizeof(kAliceName), kBobName,

  504.                                     sizeof(kBobName)));

  505.   uint8_t alice_msg[SPAKE2_MAX_MSG_SIZE];

  506.   size_t alice_msg_len;

  507. 

  508.   if (!SPAKE2_generate_msg(alice.get(), alice_msg, &alice_msg_len,

  509.                            sizeof(alice_msg),

  510.                            kPassword, sizeof(kPassword))) {

  511.     fprintf(stderr, "SPAKE2_generate_msg failed.\n");

  512.     return false;

  513.   }

  514. 

  515.   if (!TimeFunction(&results, [&alice_msg, alice_msg_len]() -> bool {

  516.         bssl::UniquePtr<SPAKE2_CTX> bob(SPAKE2_CTX_new(spake2_role_bob,

  517.                                         kBobName, sizeof(kBobName), kAliceName,

  518.                                         sizeof(kAliceName)));

  519.         uint8_t bob_msg[SPAKE2_MAX_MSG_SIZE], bob_key[64];

  520.         size_t bob_msg_len, bob_key_len;

  521.         if (!SPAKE2_generate_msg(bob.get(), bob_msg, &bob_msg_len,

  522.                                  sizeof(bob_msg), kPassword,

  523.                                  sizeof(kPassword)) ||

  524.             !SPAKE2_process_msg(bob.get(), bob_key, &bob_key_len,

  525.                                 sizeof(bob_key), alice_msg, alice_msg_len)) {

  526.           return false;

  527.         }

  528. 

  529.         return true;

  530.       })) {

  531.     fprintf(stderr, "SPAKE2 failed.\n");

  532.   }

  533. 

  534.   results.Print("SPAKE2 over Ed25519");

  535. 

  536.   return true;

  537. }

  538. 

  539. static const struct argument kArguments[] = {

  540.     {

  541.      "-filter", kOptionalArgument,

  542.      "A filter on the speed tests to run",

  543.     },

  544.     {

  545.      "-timeout", kOptionalArgument,

  546.      "The number of seconds to run each test for (default is 1)",

  547.     },

  548.     {

  549.      "", kOptionalArgument, "",

  550.     },

  551. };

  552. 

  553. bool Speed(const std::vector<std::string> &args) {

  554.   std::map<std::string, std::string> args_map;

  555.   if (!ParseKeyValueArguments(&args_map, args, kArguments)) {

  556.     PrintUsage(kArguments);

  557.     return false;

  558.   }

  559. 

  560.   std::string selected;

  561.   if (args_map.count("-filter") != 0) {

  562.     selected = args_map["-filter"];

  563.   }

  564. 

  565.   if (args_map.count("-timeout") != 0) {

  566.     g_timeout_seconds = atoi(args_map["-timeout"].c_str());

  567.   }

  568. 

  569.   bssl::UniquePtr<RSA> key(

  570.       RSA_private_key_from_bytes(kDERRSAPrivate2048, kDERRSAPrivate2048Len));

  571.   if (key == nullptr) {

  572.     fprintf(stderr, "Failed to parse RSA key.\n");

  573.     ERR_print_errors_fp(stderr);

  574.     return false;

  575.   }

  576. 

  577.   if (!SpeedRSA("RSA 2048", key.get(), selected)) {

  578.     return false;

  579.   }

  580. 

  581.   key.reset(RSA_private_key_from_bytes(kDERRSAPrivate3Prime2048,

  582.                                        kDERRSAPrivate3Prime2048Len));

  583.   if (key == nullptr) {

  584.     fprintf(stderr, "Failed to parse RSA key.\n");

  585.     ERR_print_errors_fp(stderr);

  586.     return false;

  587.   }

  588. 

  589.   if (!SpeedRSA("RSA 2048 (3 prime, e=3)", key.get(), selected)) {

  590.     return false;

  591.   }

  592. 

  593.   key.reset(

  594.       RSA_private_key_from_bytes(kDERRSAPrivate4096, kDERRSAPrivate4096Len));

  595.   if (key == nullptr) {

  596.     fprintf(stderr, "Failed to parse 4096-bit RSA key.\n");

  597.     ERR_print_errors_fp(stderr);

  598.     return 1;

  599.   }

  600. 

  601.   if (!SpeedRSA("RSA 4096", key.get(), selected)) {

  602.     return false;

  603.   }

  604. 

  605.   key.reset();

  606. 

  607.   // kTLSADLen is the number of bytes of additional data that TLS passes to

  608.   // AEADs.

  609.   static const size_t kTLSADLen = 13;

  610.   // kLegacyADLen is the number of bytes that TLS passes to the "legacy" AEADs.

  611.   // These are AEADs that weren't originally defined as AEADs, but which we use

  612.   // via the AEAD interface. In order for that to work, they have some TLS

  613.   // knowledge in them and construct a couple of the AD bytes internally.

  614.   static const size_t kLegacyADLen = kTLSADLen - 2;

  615. 

  616.   if (!SpeedAEAD(EVP_aead_aes_128_gcm(), "AES-128-GCM", kTLSADLen, selected) ||

  617.       !SpeedAEAD(EVP_aead_aes_256_gcm(), "AES-256-GCM", kTLSADLen, selected) ||

  618.       !SpeedAEAD(EVP_aead_chacha20_poly1305(), "ChaCha20-Poly1305", kTLSADLen,

  619.                  selected) ||

  620.       !SpeedAEAD(EVP_aead_chacha20_poly1305_old(), "ChaCha20-Poly1305-Old",

  621.                  kTLSADLen, selected) ||

  622.       !SpeedAEAD(EVP_aead_des_ede3_cbc_sha1_tls(), "DES-EDE3-CBC-SHA1",

  623.                  kLegacyADLen, selected) ||

  624.       !SpeedAEAD(EVP_aead_aes_128_cbc_sha1_tls(), "AES-128-CBC-SHA1",

  625.                  kLegacyADLen, selected) ||

  626.       !SpeedAEAD(EVP_aead_aes_256_cbc_sha1_tls(), "AES-256-CBC-SHA1",

  627.                  kLegacyADLen, selected) ||

  628. #if !defined(OPENSSL_SMALL)

  629.       !SpeedAEAD(EVP_aead_aes_128_gcm_siv(), "AES-128-GCM-SIV", kTLSADLen,

  630.                  selected) ||

  631.       !SpeedAEAD(EVP_aead_aes_256_gcm_siv(), "AES-256-GCM-SIV", kTLSADLen,

  632.                  selected) ||

  633. #endif

  634.       !SpeedHash(EVP_sha1(), "SHA-1", selected) ||

  635.       !SpeedHash(EVP_sha256(), "SHA-256", selected) ||

  636.       !SpeedHash(EVP_sha512(), "SHA-512", selected) ||

  637.       !SpeedRandom(selected) ||

  638.       !SpeedECDH(selected) ||

  639.       !SpeedECDSA(selected) ||

  640.       !Speed25519(selected) ||

  641.       !SpeedSPAKE2(selected)) {

  642.     return false;

  643.   }

  644. 

  645.   return true;

  646. }