kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Actually benchmark RSA verification with a fresh key.

Browse Source 
https://boringssl-review.googlesource.com/10522 didn't actually do what
it was supposed to do. In fact, it appears, not paying attention to it,
we've managed to make RSA verify slower than ECDSA verify. Oops.

Did 32000 RSA 2048 verify (same key) operations in 1016746us (31473.0 ops/sec)
Did 5525 RSA 2048 verify (fresh key) operations in 1067209us (5177.1 ops/sec)
Did 8957 ECDSA P-256 verify operations in 1078570us (8304.5 ops/sec)

The difference is in setting up the BN_MONT_CTX, either computing R^2 or n0.
I'm guessing R^2. The current algorithm needs to be constant-time, but we can
split out a variable-time one if necessary.

Change-Id: Ie064a0e464aaa803815b56a6734bc9e2becef1a7
Reviewed-on: https://boringssl-review.googlesource.com/27244
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
David Benjamin 2018-04-09 20:17:20 -04:00 committed by CQ bot account: commit-bot@chromium.org
parent bb2e1e1eea
commit f11ea19043
1 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
tool/speed.cc
View File

@ -167,6 +167,17 @@ static bool SpeedRSA(const std::string &key_name, RSA *key,
}
results.Print(key_name + " signing");
if (!TimeFunction(&results,
[key, &fake_sha256_hash, &sig, sig_len]() -> bool {
return RSA_verify(NID_sha256, fake_sha256_hash,
sizeof(fake_sha256_hash), sig.get(), sig_len, key);
})) {
fprintf(stderr, "RSA_verify failed.\n");
ERR_print_errors_fp(stderr);
return false;
}
results.Print(key_name + " verify (same key)");
if (!TimeFunction(&results,
[key, &fake_sha256_hash, &sig, sig_len]() -> bool {
// Usually during RSA verification we have to parse an RSA key from a
@ -185,13 +196,14 @@ static bool SpeedRSA(const std::string &key_name, RSA *key,
return false;
}
return RSA_verify(NID_sha256, fake_sha256_hash,
sizeof(fake_sha256_hash), sig.get(), sig_len, key);
sizeof(fake_sha256_hash), sig.get(), sig_len,
verify_key.get());
})) {
fprintf(stderr, "RSA_verify failed.\n");
ERR_print_errors_fp(stderr);
return false;
}
results.Print(key_name + " verify");
results.Print(key_name + " verify (fresh key)");
return true;
}