xref: /freebsd/contrib/bearssl/test/test_speed.c (revision 2aaf9152a852aba9eb2036b95f4948ee77988826)
1 /*
2  * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
3  *
4  * Permission is hereby granted, free of charge, to any person obtaining
5  * a copy of this software and associated documentation files (the
6  * "Software"), to deal in the Software without restriction, including
7  * without limitation the rights to use, copy, modify, merge, publish,
8  * distribute, sublicense, and/or sell copies of the Software, and to
9  * permit persons to whom the Software is furnished to do so, subject to
10  * the following conditions:
11  *
12  * The above copyright notice and this permission notice shall be
13  * included in all copies or substantial portions of the Software.
14  *
15  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22  * SOFTWARE.
23  */
24 
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include <time.h>
29 #include "inner.h"
30 
31 #define HASH_SIZE(cname)   br_ ## cname ## _SIZE
32 
33 #define SPEED_HASH(Name, cname) \
34 static void \
35 test_speed_ ## cname(void) \
36 { \
37 	unsigned char buf[8192]; \
38 	unsigned char tmp[HASH_SIZE(cname)]; \
39 	br_ ## cname ## _context mc; \
40 	int i; \
41 	long num; \
42  \
43 	memset(buf, 'T', sizeof buf); \
44 	for (i = 0; i < 10; i ++) { \
45 		br_ ## cname ## _init(&mc); \
46 		br_ ## cname ## _update(&mc, buf, sizeof buf); \
47 		br_ ## cname ## _out(&mc, tmp); \
48 	} \
49 	num = 10; \
50 	for (;;) { \
51 		clock_t begin, end; \
52 		double tt; \
53 		long k; \
54  \
55 		br_ ## cname ## _init(&mc); \
56 		begin = clock(); \
57 		for (k = num; k > 0; k --) { \
58 			br_ ## cname ## _update(&mc, buf, sizeof buf); \
59 		} \
60 		end = clock(); \
61 		br_ ## cname ## _out(&mc, tmp); \
62 		tt = (double)(end - begin) / CLOCKS_PER_SEC; \
63 		if (tt >= 2.0) { \
64 			printf("%-30s %8.2f MB/s\n", #Name, \
65 				((double)sizeof buf) * (double)num \
66 				/ (tt * 1000000.0)); \
67 			fflush(stdout); \
68 			return; \
69 		} \
70 		num <<= 1; \
71 	} \
72 }
73 
74 #define BLOCK_SIZE(cname)   br_ ## cname ## _BLOCK_SIZE
75 
76 #define SPEED_BLOCKCIPHER_CBC(Name, fname, cname, klen, dir) \
77 static void \
78 test_speed_ ## fname(void) \
79 { \
80 	unsigned char key[klen]; \
81 	unsigned char buf[8192 - (8192 % BLOCK_SIZE(cname))]; \
82 	unsigned char iv[BLOCK_SIZE(cname)]; \
83 	const br_block_cbc ## dir ## _class *vt; \
84 	br_ ## cname ## _cbc ## dir ## _keys ec; \
85 	int i; \
86 	long num; \
87  \
88 	memset(key, 'T', sizeof key); \
89 	memset(buf, 'P', sizeof buf); \
90 	memset(iv, 'X', sizeof iv); \
91 	vt = br_ ## cname ## _cbc ## dir ## _get_vtable(); \
92 	if (vt == NULL) { \
93 		printf("%-30s UNAVAILABLE\n", #Name); \
94 		fflush(stdout); \
95 		return; \
96 	} \
97 	for (i = 0; i < 10; i ++) { \
98 		vt->init(&ec.vtable, key, sizeof key); \
99 		vt->run(&ec.vtable, iv, buf, sizeof buf); \
100 	} \
101 	num = 10; \
102 	for (;;) { \
103 		clock_t begin, end; \
104 		double tt; \
105 		long k; \
106  \
107 		vt->init(&ec.vtable, key, sizeof key); \
108 		begin = clock(); \
109 		for (k = num; k > 0; k --) { \
110 			vt->run(&ec.vtable, iv, buf, sizeof buf); \
111 		} \
112 		end = clock(); \
113 		tt = (double)(end - begin) / CLOCKS_PER_SEC; \
114 		if (tt >= 2.0) { \
115 			printf("%-30s %8.2f MB/s\n", #Name, \
116 				((double)sizeof buf) * (double)num \
117 				/ (tt * 1000000.0)); \
118 			fflush(stdout); \
119 			return; \
120 		} \
121 		num <<= 1; \
122 	} \
123 }
124 
125 #define SPEED_BLOCKCIPHER_CTR(Name, fname, cname, klen) \
126 static void \
127 test_speed_ ## fname(void) \
128 { \
129 	unsigned char key[klen]; \
130 	unsigned char buf[8192 - (8192 % BLOCK_SIZE(cname))]; \
131 	unsigned char iv[BLOCK_SIZE(cname) - 4]; \
132 	const br_block_ctr_class *vt; \
133 	br_ ## cname ## _ctr_keys ec; \
134 	int i; \
135 	long num; \
136  \
137 	memset(key, 'T', sizeof key); \
138 	memset(buf, 'P', sizeof buf); \
139 	memset(iv, 'X', sizeof iv); \
140 	vt = br_ ## cname ## _ctr_get_vtable(); \
141 	if (vt == NULL) { \
142 		printf("%-30s UNAVAILABLE\n", #Name); \
143 		fflush(stdout); \
144 		return; \
145 	} \
146 	for (i = 0; i < 10; i ++) { \
147 		vt->init(&ec.vtable, key, sizeof key); \
148 		vt->run(&ec.vtable, iv, 1, buf, sizeof buf); \
149 	} \
150 	num = 10; \
151 	for (;;) { \
152 		clock_t begin, end; \
153 		double tt; \
154 		long k; \
155  \
156 		vt->init(&ec.vtable, key, sizeof key); \
157 		begin = clock(); \
158 		for (k = num; k > 0; k --) { \
159 			vt->run(&ec.vtable, iv, 1, buf, sizeof buf); \
160 		} \
161 		end = clock(); \
162 		tt = (double)(end - begin) / CLOCKS_PER_SEC; \
163 		if (tt >= 2.0) { \
164 			printf("%-30s %8.2f MB/s\n", #Name, \
165 				((double)sizeof buf) * (double)num \
166 				/ (tt * 1000000.0)); \
167 			fflush(stdout); \
168 			return; \
169 		} \
170 		num <<= 1; \
171 	} \
172 }
173 
174 #define SPEED_CHACHA20(Name, fname) \
175 static void \
176 test_speed_ ## fname(void) \
177 { \
178 	br_chacha20_run bc; \
179 	unsigned char key[32]; \
180 	unsigned char buf[8192]; \
181 	unsigned char iv[12]; \
182 	int i; \
183 	long num; \
184  \
185 	bc = br_ ## fname ## _get(); \
186 	if (bc == 0) { \
187 		printf("%-30s UNAVAILABLE\n", #Name); \
188 		fflush(stdout); \
189 		return; \
190 	} \
191 	memset(key, 'T', sizeof key); \
192 	memset(buf, 'P', sizeof buf); \
193 	memset(iv, 'X', sizeof iv); \
194 	for (i = 0; i < 10; i ++) { \
195 		bc(key, iv, i, buf, sizeof buf); \
196 	} \
197 	num = 10; \
198 	for (;;) { \
199 		clock_t begin, end; \
200 		double tt; \
201 		long k; \
202  \
203 		begin = clock(); \
204 		for (k = num; k > 0; k --) { \
205 			bc(key, iv, (uint32_t)k, buf, sizeof buf); \
206 		} \
207 		end = clock(); \
208 		tt = (double)(end - begin) / CLOCKS_PER_SEC; \
209 		if (tt >= 2.0) { \
210 			printf("%-30s %8.2f MB/s\n", #Name, \
211 				((double)sizeof buf) * (double)num \
212 				/ (tt * 1000000.0)); \
213 			fflush(stdout); \
214 			return; \
215 		} \
216 		num <<= 1; \
217 	} \
218 }
219 
SPEED_HASH(MD5,md5)220 SPEED_HASH(MD5, md5)
221 SPEED_HASH(SHA-1, sha1)
222 SPEED_HASH(SHA-256, sha256)
223 SPEED_HASH(SHA-512, sha512)
224 
225 /*
226  * There are no vtable selection functions for the portable implementations,
227  * so we define some custom macros.
228  */
229 #define br_aes_big_cbcenc_get_vtable()     (&br_aes_big_cbcenc_vtable)
230 #define br_aes_big_cbcdec_get_vtable()     (&br_aes_big_cbcdec_vtable)
231 #define br_aes_big_ctr_get_vtable()        (&br_aes_big_ctr_vtable)
232 #define br_aes_big_ctrcbc_get_vtable()     (&br_aes_big_ctrcbc_vtable)
233 #define br_aes_small_cbcenc_get_vtable()   (&br_aes_small_cbcenc_vtable)
234 #define br_aes_small_cbcdec_get_vtable()   (&br_aes_small_cbcdec_vtable)
235 #define br_aes_small_ctr_get_vtable()      (&br_aes_small_ctr_vtable)
236 #define br_aes_small_ctrcbc_get_vtable()   (&br_aes_small_ctrcbc_vtable)
237 #define br_aes_ct_cbcenc_get_vtable()      (&br_aes_ct_cbcenc_vtable)
238 #define br_aes_ct_cbcdec_get_vtable()      (&br_aes_ct_cbcdec_vtable)
239 #define br_aes_ct_ctr_get_vtable()         (&br_aes_ct_ctr_vtable)
240 #define br_aes_ct_ctrcbc_get_vtable()      (&br_aes_ct_ctrcbc_vtable)
241 #define br_aes_ct64_cbcenc_get_vtable()    (&br_aes_ct64_cbcenc_vtable)
242 #define br_aes_ct64_cbcdec_get_vtable()    (&br_aes_ct64_cbcdec_vtable)
243 #define br_aes_ct64_ctr_get_vtable()       (&br_aes_ct64_ctr_vtable)
244 #define br_aes_ct64_ctrcbc_get_vtable()    (&br_aes_ct64_ctrcbc_vtable)
245 #define br_chacha20_ct_get()               (&br_chacha20_ct_run)
246 
247 #define SPEED_AES(iname) \
248 SPEED_BLOCKCIPHER_CBC(AES-128 CBC encrypt (iname), aes128_ ## iname ## _cbcenc, aes_ ## iname, 16, enc) \
249 SPEED_BLOCKCIPHER_CBC(AES-128 CBC decrypt (iname), aes128_ ## iname ## _cbcdec, aes_ ## iname, 16, dec) \
250 SPEED_BLOCKCIPHER_CBC(AES-192 CBC encrypt (iname), aes192_ ## iname ## _cbcenc, aes_ ## iname, 24, enc) \
251 SPEED_BLOCKCIPHER_CBC(AES-192 CBC decrypt (iname), aes192_ ## iname ## _cbcdec, aes_ ## iname, 24, dec) \
252 SPEED_BLOCKCIPHER_CBC(AES-256 CBC encrypt (iname), aes256_ ## iname ## _cbcenc, aes_ ## iname, 32, enc) \
253 SPEED_BLOCKCIPHER_CBC(AES-256 CBC decrypt (iname), aes256_ ## iname ## _cbcdec, aes_ ## iname, 32, dec) \
254 SPEED_BLOCKCIPHER_CTR(AES-128 CTR (iname), aes128_ ## iname ## _ctr, aes_ ## iname, 16) \
255 SPEED_BLOCKCIPHER_CTR(AES-192 CTR (iname), aes192_ ## iname ## _ctr, aes_ ## iname, 24) \
256 SPEED_BLOCKCIPHER_CTR(AES-256 CTR (iname), aes256_ ## iname ## _ctr, aes_ ## iname, 32)
257 
258 SPEED_AES(big)
259 SPEED_AES(small)
260 SPEED_AES(ct)
261 SPEED_AES(ct64)
262 SPEED_AES(x86ni)
263 SPEED_AES(pwr8)
264 
265 #define br_des_tab_cbcenc_get_vtable()     (&br_des_tab_cbcenc_vtable)
266 #define br_des_tab_cbcdec_get_vtable()     (&br_des_tab_cbcdec_vtable)
267 #define br_des_ct_cbcenc_get_vtable()      (&br_des_ct_cbcenc_vtable)
268 #define br_des_ct_cbcdec_get_vtable()      (&br_des_ct_cbcdec_vtable)
269 
270 #define SPEED_DES(iname) \
271 SPEED_BLOCKCIPHER_CBC(DES CBC encrypt (iname), des_ ## iname ## _cbcenc, des_ ## iname, 8, enc) \
272 SPEED_BLOCKCIPHER_CBC(DES CBC decrypt (iname), des_ ## iname ## _cbcdec, des_ ## iname, 8, dec) \
273 SPEED_BLOCKCIPHER_CBC(3DES CBC encrypt (iname), 3des_ ## iname ## _cbcenc, des_ ## iname, 24, enc) \
274 SPEED_BLOCKCIPHER_CBC(3DES CBC decrypt (iname), 3des_ ## iname ## _cbcdec, des_ ## iname, 24, dec)
275 
276 SPEED_DES(tab)
277 SPEED_DES(ct)
278 
279 SPEED_CHACHA20(ChaCha20 (ct), chacha20_ct)
280 SPEED_CHACHA20(ChaCha20 (sse2), chacha20_sse2)
281 
282 static void
283 test_speed_ghash_inner(char *name, br_ghash gh)
284 {
285 	unsigned char buf[8192], h[16], y[16];
286 	int i;
287 	long num;
288 
289 	memset(buf, 'T', sizeof buf);
290 	memset(h, 'P', sizeof h);
291 	memset(y, 0, sizeof y);
292 	for (i = 0; i < 10; i ++) {
293 		gh(y, h, buf, sizeof buf);
294 	}
295 	num = 10;
296 	for (;;) {
297 		clock_t begin, end;
298 		double tt;
299 		long k;
300 
301 		begin = clock();
302 		for (k = num; k > 0; k --) {
303 			gh(y, h, buf, sizeof buf);
304 		}
305 		end = clock();
306 		tt = (double)(end - begin) / CLOCKS_PER_SEC;
307 		if (tt >= 2.0) {
308 			printf("%-30s %8.2f MB/s\n", name,
309 				((double)sizeof buf) * (double)num
310 				/ (tt * 1000000.0));
311 			fflush(stdout);
312 			return;
313 		}
314 		num <<= 1;
315 	}
316 }
317 
318 static void
test_speed_ghash_ctmul(void)319 test_speed_ghash_ctmul(void)
320 {
321 	test_speed_ghash_inner("GHASH (ctmul)", &br_ghash_ctmul);
322 }
323 
324 static void
test_speed_ghash_ctmul32(void)325 test_speed_ghash_ctmul32(void)
326 {
327 	test_speed_ghash_inner("GHASH (ctmul32)", &br_ghash_ctmul32);
328 }
329 
330 static void
test_speed_ghash_ctmul64(void)331 test_speed_ghash_ctmul64(void)
332 {
333 	test_speed_ghash_inner("GHASH (ctmul64)", &br_ghash_ctmul64);
334 }
335 
336 static void
test_speed_ghash_pclmul(void)337 test_speed_ghash_pclmul(void)
338 {
339 	br_ghash gh;
340 
341 	gh = br_ghash_pclmul_get();
342 	if (gh == 0) {
343 		printf("%-30s UNAVAILABLE\n", "GHASH (pclmul)");
344 		fflush(stdout);
345 	} else {
346 		test_speed_ghash_inner("GHASH (pclmul)", gh);
347 	}
348 }
349 
350 static void
test_speed_ghash_pwr8(void)351 test_speed_ghash_pwr8(void)
352 {
353 	br_ghash gh;
354 
355 	gh = br_ghash_pwr8_get();
356 	if (gh == 0) {
357 		printf("%-30s UNAVAILABLE\n", "GHASH (pwr8)");
358 		fflush(stdout);
359 	} else {
360 		test_speed_ghash_inner("GHASH (pwr8)", gh);
361 	}
362 }
363 
364 static uint32_t
fake_chacha20(const void * key,const void * iv,uint32_t cc,void * data,size_t len)365 fake_chacha20(const void *key, const void *iv,
366 	uint32_t cc, void *data, size_t len)
367 {
368 	(void)key;
369 	(void)iv;
370 	(void)data;
371 	(void)len;
372 	return cc + (uint32_t)((len + 63) >> 6);
373 }
374 
375 /*
376  * To speed-test Poly1305, we run it with a do-nothing stub instead of
377  * ChaCha20.
378  */
379 static void
test_speed_poly1305_inner(char * name,br_poly1305_run pl)380 test_speed_poly1305_inner(char *name, br_poly1305_run pl)
381 {
382 	unsigned char buf[8192], key[32], iv[12], aad[13], tag[16];
383 	int i;
384 	long num;
385 
386 	memset(key, 'K', sizeof key);
387 	memset(iv, 'I', sizeof iv);
388 	memset(aad, 'A', sizeof aad);
389 	memset(buf, 'T', sizeof buf);
390 	for (i = 0; i < 10; i ++) {
391 		pl(key, iv, buf, sizeof buf,
392 			aad, sizeof aad, tag, &fake_chacha20, 0);
393 	}
394 	num = 10;
395 	for (;;) {
396 		clock_t begin, end;
397 		double tt;
398 		long k;
399 
400 		begin = clock();
401 		for (k = num; k > 0; k --) {
402 			pl(key, iv, buf, sizeof buf,
403 				aad, sizeof aad, tag, &fake_chacha20, 0);
404 		}
405 		end = clock();
406 		tt = (double)(end - begin) / CLOCKS_PER_SEC;
407 		if (tt >= 2.0) {
408 			printf("%-30s %8.2f MB/s\n", name,
409 				((double)sizeof buf) * (double)num
410 				/ (tt * 1000000.0));
411 			fflush(stdout);
412 			return;
413 		}
414 		num <<= 1;
415 	}
416 }
417 
418 static void
test_speed_poly1305_ctmul(void)419 test_speed_poly1305_ctmul(void)
420 {
421 	test_speed_poly1305_inner("Poly1305 (ctmul)", &br_poly1305_ctmul_run);
422 }
423 
424 static void
test_speed_poly1305_ctmul32(void)425 test_speed_poly1305_ctmul32(void)
426 {
427 	test_speed_poly1305_inner("Poly1305 (ctmul32)",
428 		&br_poly1305_ctmul32_run);
429 }
430 
431 static void
test_speed_poly1305_ctmulq(void)432 test_speed_poly1305_ctmulq(void)
433 {
434 	br_poly1305_run bp;
435 
436 	bp = br_poly1305_ctmulq_get();
437 	if (bp == 0) {
438 		printf("%-30s UNAVAILABLE\n", "Poly1305 (ctmulq)");
439 	} else {
440 		test_speed_poly1305_inner("Poly1305 (ctmulq)", bp);
441 	}
442 }
443 
444 static void
test_speed_poly1305_i15(void)445 test_speed_poly1305_i15(void)
446 {
447 	test_speed_poly1305_inner("Poly1305 (i15)", &br_poly1305_i15_run);
448 }
449 
450 static void
test_speed_eax_inner(char * name,const br_block_ctrcbc_class * vt,size_t key_len)451 test_speed_eax_inner(char *name,
452 	const br_block_ctrcbc_class *vt, size_t key_len)
453 {
454 	unsigned char buf[8192], key[32], nonce[16], aad[16], tag[16];
455 	int i;
456 	long num;
457 	br_aes_gen_ctrcbc_keys ac;
458 	br_eax_context ec;
459 
460 	if (vt == NULL) {
461 		printf("%-30s UNAVAILABLE\n", name);
462 		fflush(stdout);
463 		return;
464 	}
465 	memset(key, 'K', key_len);
466 	memset(nonce, 'N', sizeof nonce);
467 	memset(aad, 'A', sizeof aad);
468 	memset(buf, 'T', sizeof buf);
469 	for (i = 0; i < 10; i ++) {
470 		vt->init(&ac.vtable, key, key_len);
471 		br_eax_init(&ec, &ac.vtable);
472 		br_eax_reset(&ec, nonce, sizeof nonce);
473 		br_eax_aad_inject(&ec, aad, sizeof aad);
474 		br_eax_flip(&ec);
475 		br_eax_run(&ec, 1, buf, sizeof buf);
476 		br_eax_get_tag(&ec, tag);
477 	}
478 	num = 10;
479 	for (;;) {
480 		clock_t begin, end;
481 		double tt;
482 		long k;
483 
484 		begin = clock();
485 		for (k = num; k > 0; k --) {
486 			vt->init(&ac.vtable, key, key_len);
487 			br_eax_init(&ec, &ac.vtable);
488 			br_eax_reset(&ec, nonce, sizeof nonce);
489 			br_eax_aad_inject(&ec, aad, sizeof aad);
490 			br_eax_flip(&ec);
491 			br_eax_run(&ec, 1, buf, sizeof buf);
492 			br_eax_get_tag(&ec, tag);
493 		}
494 		end = clock();
495 		tt = (double)(end - begin) / CLOCKS_PER_SEC;
496 		if (tt >= 2.0) {
497 			printf("%-30s %8.2f MB/s\n", name,
498 				((double)sizeof buf) * (double)num
499 				/ (tt * 1000000.0));
500 			fflush(stdout);
501 			return;
502 		}
503 		num <<= 1;
504 	}
505 }
506 
507 #define SPEED_EAX(Algo, algo, keysize, impl) \
508 static void \
509 test_speed_eax_ ## algo ## keysize ## _ ## impl(void) \
510 { \
511 	test_speed_eax_inner("EAX " #Algo "-" #keysize "(" #impl ")", \
512 		br_ ## algo ## _ ## impl ##  _ctrcbc_get_vtable() \
513 		, (keysize) >> 3); \
514 }
515 
516 SPEED_EAX(AES, aes, 128, big)
517 SPEED_EAX(AES, aes, 128, small)
518 SPEED_EAX(AES, aes, 128, ct)
519 SPEED_EAX(AES, aes, 128, ct64)
520 SPEED_EAX(AES, aes, 128, x86ni)
521 SPEED_EAX(AES, aes, 128, pwr8)
522 SPEED_EAX(AES, aes, 192, big)
523 SPEED_EAX(AES, aes, 192, small)
524 SPEED_EAX(AES, aes, 192, ct)
525 SPEED_EAX(AES, aes, 192, ct64)
526 SPEED_EAX(AES, aes, 192, x86ni)
527 SPEED_EAX(AES, aes, 192, pwr8)
528 SPEED_EAX(AES, aes, 256, big)
529 SPEED_EAX(AES, aes, 256, small)
530 SPEED_EAX(AES, aes, 256, ct)
531 SPEED_EAX(AES, aes, 256, ct64)
532 SPEED_EAX(AES, aes, 256, x86ni)
533 SPEED_EAX(AES, aes, 256, pwr8)
534 
535 static void
test_speed_shake_inner(int security_level)536 test_speed_shake_inner(int security_level)
537 {
538 	unsigned char buf[8192];
539 	br_shake_context sc;
540 	int i;
541 	long num;
542 
543 	memset(buf, 'D', sizeof buf);
544 	br_shake_init(&sc, security_level);
545 	for (i = 0; i < 10; i ++) {
546 		br_shake_inject(&sc, buf, sizeof buf);
547 	}
548 	num = 10;
549 	for (;;) {
550 		clock_t begin, end;
551 		double tt;
552 		long k;
553 
554 		begin = clock();
555 		for (k = num; k > 0; k --) {
556 			br_shake_inject(&sc, buf, sizeof buf);
557 		}
558 		end = clock();
559 		tt = (double)(end - begin) / CLOCKS_PER_SEC;
560 		if (tt >= 2.0) {
561 			printf("SHAKE%-3d (inject)              %8.2f MB/s\n",
562 				security_level,
563 				((double)sizeof buf) * (double)num
564 				/ (tt * 1000000.0));
565 			fflush(stdout);
566 			break;
567 		}
568 		num <<= 1;
569 	}
570 
571 	br_shake_flip(&sc);
572 	for (i = 0; i < 10; i ++) {
573 		br_shake_produce(&sc, buf, sizeof buf);
574 	}
575 
576 	num = 10;
577 	for (;;) {
578 		clock_t begin, end;
579 		double tt;
580 		long k;
581 
582 		begin = clock();
583 		for (k = num; k > 0; k --) {
584 			br_shake_produce(&sc, buf, sizeof buf);
585 		}
586 		end = clock();
587 		tt = (double)(end - begin) / CLOCKS_PER_SEC;
588 		if (tt >= 2.0) {
589 			printf("SHAKE%-3d (produce)             %8.2f MB/s\n",
590 				security_level,
591 				((double)sizeof buf) * (double)num
592 				/ (tt * 1000000.0));
593 			fflush(stdout);
594 			break;
595 		}
596 		num <<= 1;
597 	}
598 }
599 
600 static void
test_speed_shake128(void)601 test_speed_shake128(void)
602 {
603 	test_speed_shake_inner(128);
604 }
605 
606 static void
test_speed_shake256(void)607 test_speed_shake256(void)
608 {
609 	test_speed_shake_inner(256);
610 }
611 
612 static const unsigned char RSA_N[] = {
613 	0xE9, 0xF2, 0x4A, 0x2F, 0x96, 0xDF, 0x0A, 0x23,
614 	0x01, 0x85, 0xF1, 0x2C, 0xB2, 0xA8, 0xEF, 0x23,
615 	0xCE, 0x2E, 0xB0, 0x4E, 0x18, 0x31, 0x95, 0x5B,
616 	0x98, 0x2D, 0x9B, 0x8C, 0xE3, 0x1A, 0x2B, 0x96,
617 	0xB5, 0xC7, 0xEE, 0xED, 0x72, 0x43, 0x2D, 0xFE,
618 	0x7F, 0x61, 0x33, 0xEA, 0x14, 0xFC, 0xDE, 0x80,
619 	0x17, 0x42, 0xF0, 0xF3, 0xC3, 0xC7, 0x89, 0x47,
620 	0x76, 0x5B, 0xFA, 0x33, 0xC4, 0x8C, 0x94, 0xDE,
621 	0x6A, 0x75, 0xD8, 0x1A, 0xF4, 0x49, 0xBC, 0xF3,
622 	0xB7, 0x9E, 0x2C, 0x8D, 0xEC, 0x5A, 0xEE, 0xBF,
623 	0x4B, 0x5A, 0x7F, 0xEF, 0x21, 0x39, 0xDB, 0x1D,
624 	0x83, 0x5E, 0x7E, 0x2F, 0xAA, 0x5E, 0xBA, 0x28,
625 	0xC3, 0xA2, 0x53, 0x19, 0xFB, 0x2F, 0x78, 0x6B,
626 	0x14, 0x60, 0x49, 0x3C, 0xCC, 0x1B, 0xE9, 0x1E,
627 	0x3D, 0x10, 0xA4, 0xEB, 0x7F, 0x66, 0x98, 0xF6,
628 	0xC3, 0xAC, 0x35, 0xF5, 0x01, 0x84, 0xFF, 0x7D,
629 	0x1F, 0x72, 0xBE, 0xB4, 0xD1, 0x89, 0xC8, 0xDD,
630 	0x44, 0xE7, 0xB5, 0x2E, 0x2C, 0xE1, 0x85, 0xF5,
631 	0x15, 0x50, 0xA9, 0x08, 0xC7, 0x67, 0xD9, 0x2B,
632 	0x6C, 0x11, 0xB3, 0xEB, 0x28, 0x8D, 0xF4, 0xCC,
633 	0xE3, 0xC3, 0xC5, 0x04, 0x0E, 0x7C, 0x8D, 0xDB,
634 	0x39, 0x06, 0x6A, 0x74, 0x75, 0xDF, 0xA8, 0x0F,
635 	0xDA, 0x67, 0x5A, 0x73, 0x1E, 0xFD, 0x8E, 0x4C,
636 	0xEE, 0x17, 0xEE, 0x1E, 0x67, 0xDB, 0x98, 0x70,
637 	0x60, 0xF7, 0xB9, 0xB5, 0x1F, 0x19, 0x93, 0xD6,
638 	0x3F, 0x2F, 0x1F, 0xB6, 0x5B, 0x59, 0xAA, 0x85,
639 	0xBB, 0x25, 0xE4, 0x13, 0xEF, 0xE7, 0xB9, 0x87,
640 	0x9C, 0x3F, 0x5E, 0xE4, 0x08, 0xA3, 0x51, 0xCF,
641 	0x8B, 0xAD, 0xF4, 0xE6, 0x1A, 0x5F, 0x51, 0xDD,
642 	0xA8, 0xBE, 0xE8, 0xD1, 0x20, 0x19, 0x61, 0x6C,
643 	0x18, 0xAB, 0xCA, 0x0A, 0xD9, 0x82, 0xA6, 0x94,
644 	0xD5, 0x69, 0x2A, 0xF6, 0x43, 0x66, 0x31, 0x09
645 };
646 
647 static const unsigned char RSA_E[] = {
648 	0x01, 0x00, 0x01
649 };
650 
651 static const unsigned char RSA_P[] = {
652 	0xFD, 0x39, 0x40, 0x56, 0x20, 0x80, 0xC5, 0x81,
653 	0x4C, 0x5F, 0x0C, 0x1A, 0x52, 0x84, 0x03, 0x2F,
654 	0xCE, 0x82, 0xB0, 0xD8, 0x30, 0x23, 0x7F, 0x77,
655 	0x45, 0xC2, 0x01, 0xC4, 0x68, 0x96, 0x0D, 0xA7,
656 	0x22, 0xA9, 0x6C, 0xA9, 0x1A, 0x33, 0xE5, 0x2F,
657 	0xB5, 0x07, 0x9A, 0xF9, 0xEA, 0x33, 0xA5, 0xC8,
658 	0x96, 0x60, 0x6A, 0xCA, 0xEB, 0xE5, 0x6E, 0x09,
659 	0x46, 0x7E, 0x2D, 0xEF, 0x93, 0x7D, 0x56, 0xED,
660 	0x75, 0x70, 0x3B, 0x96, 0xC4, 0xD5, 0xDB, 0x0B,
661 	0x3F, 0x69, 0xDF, 0x06, 0x18, 0x76, 0xF4, 0xCF,
662 	0xF8, 0x84, 0x22, 0xDF, 0xBD, 0x71, 0x62, 0x7B,
663 	0x67, 0x99, 0xBC, 0x09, 0x95, 0x54, 0xA4, 0x98,
664 	0x83, 0xF5, 0xA9, 0xCF, 0x09, 0xA5, 0x1F, 0x61,
665 	0x25, 0xB4, 0x70, 0x6C, 0x91, 0xB8, 0xB3, 0xD0,
666 	0xCE, 0x9C, 0x45, 0x65, 0x9B, 0xEF, 0xD4, 0x70,
667 	0xBE, 0x86, 0xD2, 0x98, 0x5D, 0xEB, 0xE3, 0xFF
668 };
669 
670 static const unsigned char RSA_Q[] = {
671 	0xEC, 0x82, 0xEE, 0x63, 0x5F, 0x40, 0x52, 0xDB,
672 	0x38, 0x7A, 0x37, 0x6A, 0x54, 0x5B, 0xD9, 0xA0,
673 	0x73, 0xB4, 0xBB, 0x52, 0xB2, 0x84, 0x07, 0xD0,
674 	0xCC, 0x82, 0x0D, 0x20, 0xB3, 0xFA, 0xD5, 0xB6,
675 	0x25, 0x92, 0x35, 0x4D, 0xB4, 0xC7, 0x36, 0x48,
676 	0xCE, 0x5E, 0x21, 0x4A, 0xA6, 0x74, 0x65, 0xF4,
677 	0x7D, 0x1D, 0xBC, 0x3B, 0xE2, 0xF4, 0x3E, 0x11,
678 	0x58, 0x10, 0x6C, 0x04, 0x46, 0x9E, 0x8D, 0x57,
679 	0xE0, 0x04, 0xE2, 0xEC, 0x47, 0xCF, 0xB3, 0x2A,
680 	0xFD, 0x4C, 0x55, 0x18, 0xDB, 0xDE, 0x3B, 0xDC,
681 	0xF4, 0x5B, 0xDA, 0xF3, 0x1A, 0xC8, 0x41, 0x6F,
682 	0x73, 0x3B, 0xFE, 0x3C, 0xA0, 0xDB, 0xBA, 0x6E,
683 	0x65, 0xA5, 0xE8, 0x02, 0xA5, 0x6C, 0xEA, 0x03,
684 	0xF6, 0x99, 0xF7, 0xCB, 0x4B, 0xB7, 0x11, 0x51,
685 	0x93, 0x88, 0x3F, 0xF9, 0x06, 0x85, 0xA9, 0x1E,
686 	0xCA, 0x64, 0xF8, 0x11, 0xA5, 0x1A, 0xCA, 0xF7
687 };
688 
689 static const unsigned char RSA_DP[] = {
690 	0x77, 0x95, 0xE0, 0x02, 0x4C, 0x9B, 0x43, 0xAA,
691 	0xCA, 0x4C, 0x60, 0xC4, 0xD5, 0x8F, 0x2E, 0x8A,
692 	0x17, 0x36, 0xB5, 0x19, 0x83, 0xB2, 0x5F, 0xF2,
693 	0x0D, 0xE9, 0x8F, 0x38, 0x18, 0x44, 0x34, 0xF2,
694 	0x67, 0x76, 0x27, 0xB0, 0xBC, 0x85, 0x21, 0x89,
695 	0x24, 0x2F, 0x11, 0x4B, 0x51, 0x05, 0x4F, 0x17,
696 	0xA9, 0x9C, 0xA3, 0x12, 0x6D, 0xD1, 0x0D, 0xE4,
697 	0x27, 0x7C, 0x53, 0x69, 0x3E, 0xF8, 0x04, 0x63,
698 	0x64, 0x00, 0xBA, 0xC3, 0x7A, 0xF5, 0x9B, 0xDA,
699 	0x75, 0xFA, 0x23, 0xAF, 0x17, 0x42, 0xA6, 0x5E,
700 	0xC8, 0xF8, 0x6E, 0x17, 0xC7, 0xB9, 0x92, 0x4E,
701 	0xC1, 0x20, 0x63, 0x23, 0x0B, 0x78, 0xCB, 0xBA,
702 	0x93, 0x27, 0x23, 0x28, 0x79, 0x5F, 0x97, 0xB0,
703 	0x23, 0x44, 0x51, 0x8B, 0x94, 0x4D, 0xEB, 0xED,
704 	0x82, 0x85, 0x5E, 0x68, 0x9B, 0xF9, 0xE9, 0x13,
705 	0xCD, 0x86, 0x92, 0x52, 0x0E, 0x98, 0xE6, 0x35
706 };
707 
708 static const unsigned char RSA_DQ[] = {
709 	0xD8, 0xDD, 0x71, 0xB3, 0x62, 0xBA, 0xBB, 0x7E,
710 	0xD1, 0xF9, 0x96, 0xE8, 0x83, 0xB3, 0xB9, 0x08,
711 	0x9C, 0x30, 0x03, 0x77, 0xDF, 0xC2, 0x9A, 0xDC,
712 	0x05, 0x39, 0xD6, 0xC9, 0xBE, 0xDE, 0x68, 0xA9,
713 	0xDD, 0x27, 0x84, 0x82, 0xDD, 0x19, 0xB1, 0x97,
714 	0xEE, 0xCA, 0x77, 0x22, 0x59, 0x20, 0xEF, 0xFF,
715 	0xCF, 0xDD, 0xBD, 0x24, 0xF8, 0x84, 0xD6, 0x88,
716 	0xD6, 0xC4, 0x30, 0x17, 0x77, 0x9D, 0x98, 0xA3,
717 	0x14, 0x01, 0xC7, 0x05, 0xBB, 0x0F, 0x23, 0x0D,
718 	0x6F, 0x37, 0x57, 0xEC, 0x34, 0x67, 0x41, 0x62,
719 	0xE8, 0x19, 0x75, 0xD9, 0x66, 0x1C, 0x6B, 0x8B,
720 	0xC3, 0x11, 0x26, 0x9C, 0xF7, 0x2E, 0xA3, 0x72,
721 	0xE8, 0xF7, 0xC8, 0x96, 0xEC, 0x92, 0xC2, 0xBD,
722 	0xA1, 0x98, 0x2A, 0x93, 0x99, 0xB8, 0xA2, 0x43,
723 	0xB7, 0xD0, 0xBE, 0x40, 0x1C, 0x8F, 0xE0, 0xB4,
724 	0x20, 0x07, 0x97, 0x43, 0xAE, 0xAD, 0xB3, 0x9F
725 };
726 
727 static const unsigned char RSA_IQ[] = {
728 	0xB7, 0xE2, 0x60, 0xA9, 0x62, 0xEC, 0xEC, 0x0B,
729 	0x57, 0x02, 0x96, 0xF9, 0x36, 0x35, 0x2C, 0x37,
730 	0xAF, 0xC2, 0xEE, 0x71, 0x49, 0x26, 0x8E, 0x0F,
731 	0x27, 0xB1, 0xFA, 0x0F, 0xEA, 0xDC, 0xF0, 0x8B,
732 	0x53, 0x6C, 0xB2, 0x46, 0x27, 0xCD, 0x29, 0xA2,
733 	0x35, 0x0F, 0x5D, 0x8A, 0x3F, 0x20, 0x8C, 0x13,
734 	0x3D, 0xA1, 0xFF, 0x85, 0x91, 0x99, 0xE8, 0x50,
735 	0xED, 0xF1, 0x29, 0x00, 0xEE, 0x24, 0x90, 0xB5,
736 	0x5F, 0x3A, 0x74, 0x26, 0xD7, 0xA2, 0x24, 0x8D,
737 	0x89, 0x88, 0xD8, 0x35, 0x22, 0x22, 0x8A, 0x66,
738 	0x5D, 0x5C, 0xDE, 0x83, 0x8C, 0xFA, 0x27, 0xE6,
739 	0xB9, 0xEB, 0x72, 0x08, 0xCD, 0x53, 0x4B, 0x93,
740 	0x0F, 0xAD, 0xC3, 0xF8, 0x7C, 0xFE, 0x84, 0xD7,
741 	0x08, 0xF3, 0xBE, 0x3D, 0x60, 0x1E, 0x95, 0x8D,
742 	0x44, 0x5B, 0x65, 0x7E, 0xC1, 0x30, 0xC3, 0x84,
743 	0xC0, 0xB0, 0xFE, 0xBF, 0x28, 0x54, 0x1E, 0xC4
744 };
745 
746 static const br_rsa_public_key RSA_PK = {
747 	(void *)RSA_N, sizeof RSA_N,
748 	(void *)RSA_E, sizeof RSA_E
749 };
750 
751 static const br_rsa_private_key RSA_SK = {
752 	2048,
753 	(void *)RSA_P, sizeof RSA_P,
754 	(void *)RSA_Q, sizeof RSA_Q,
755 	(void *)RSA_DP, sizeof RSA_DP,
756 	(void *)RSA_DQ, sizeof RSA_DQ,
757 	(void *)RSA_IQ, sizeof RSA_IQ
758 };
759 
760 static void
test_speed_rsa_inner(char * name,br_rsa_public fpub,br_rsa_private fpriv,br_rsa_keygen kgen)761 test_speed_rsa_inner(char *name,
762 	br_rsa_public fpub, br_rsa_private fpriv, br_rsa_keygen kgen)
763 {
764 	unsigned char tmp[sizeof RSA_N];
765 	int i;
766 	long num;
767 	/*
768 	br_hmac_drbg_context rng;
769 	*/
770 	br_aesctr_drbg_context rng;
771 	const br_block_ctr_class *ictr;
772 
773 	memset(tmp, 'R', sizeof tmp);
774 	tmp[0] = 0;
775 	for (i = 0; i < 10; i ++) {
776 		if (!fpriv(tmp, &RSA_SK)) {
777 			abort();
778 		}
779 	}
780 	num = 10;
781 	for (;;) {
782 		clock_t begin, end;
783 		double tt;
784 		long k;
785 
786 		begin = clock();
787 		for (k = num; k > 0; k --) {
788 			fpriv(tmp, &RSA_SK);
789 		}
790 		end = clock();
791 		tt = (double)(end - begin) / CLOCKS_PER_SEC;
792 		if (tt >= 2.0) {
793 			printf("%-30s %8.2f priv/s\n", name,
794 				(double)num / tt);
795 			fflush(stdout);
796 			break;
797 		}
798 		num <<= 1;
799 	}
800 	for (i = 0; i < 10; i ++) {
801 		if (!fpub(tmp, sizeof tmp, &RSA_PK)) {
802 			abort();
803 		}
804 	}
805 	num = 10;
806 	for (;;) {
807 		clock_t begin, end;
808 		double tt;
809 		long k;
810 
811 		begin = clock();
812 		for (k = num; k > 0; k --) {
813 			fpub(tmp, sizeof tmp, &RSA_PK);
814 		}
815 		end = clock();
816 		tt = (double)(end - begin) / CLOCKS_PER_SEC;
817 		if (tt >= 2.0) {
818 			printf("%-30s %8.2f pub/s\n", name,
819 				(double)num / tt);
820 			fflush(stdout);
821 			break;
822 		}
823 		num <<= 1;
824 	}
825 
826 	if (kgen == 0) {
827 		printf("%-30s KEYGEN UNAVAILABLE\n", name);
828 		fflush(stdout);
829 		return;
830 	}
831 	/*
832 	br_hmac_drbg_init(&rng, &br_sha256_vtable, "RSA keygen seed", 15);
833 	*/
834 	ictr = br_aes_x86ni_ctr_get_vtable();
835 	if (ictr == NULL) {
836 		ictr = br_aes_pwr8_ctr_get_vtable();
837 		if (ictr == NULL) {
838 #if BR_64
839 			ictr = &br_aes_ct64_ctr_vtable;
840 #else
841 			ictr = &br_aes_ct_ctr_vtable;
842 #endif
843 		}
844 	}
845 	br_aesctr_drbg_init(&rng, ictr, "RSA keygen seed", 15);
846 
847 	num = 10;
848 	for (;;) {
849 		clock_t begin, end;
850 		double tt;
851 		long k;
852 
853 		begin = clock();
854 		for (k = num; k > 0; k --) {
855 			br_rsa_private_key sk;
856 			unsigned char kbuf[BR_RSA_KBUF_PRIV_SIZE(1024)];
857 
858 			kgen(&rng.vtable, &sk, kbuf, NULL, NULL, 1024, 0);
859 		}
860 		end = clock();
861 		tt = (double)(end - begin) / CLOCKS_PER_SEC;
862 		if (tt >= 10.0) {
863 			printf("%-30s %8.2f kgen[1024]/s\n", name,
864 				(double)num / tt);
865 			fflush(stdout);
866 			break;
867 		}
868 		num <<= 1;
869 	}
870 
871 	num = 10;
872 	for (;;) {
873 		clock_t begin, end;
874 		double tt;
875 		long k;
876 
877 		begin = clock();
878 		for (k = num; k > 0; k --) {
879 			br_rsa_private_key sk;
880 			unsigned char kbuf[BR_RSA_KBUF_PRIV_SIZE(2048)];
881 
882 			kgen(&rng.vtable, &sk, kbuf, NULL, NULL, 2048, 0);
883 		}
884 		end = clock();
885 		tt = (double)(end - begin) / CLOCKS_PER_SEC;
886 		if (tt >= 10.0) {
887 			printf("%-30s %8.2f kgen[2048]/s\n", name,
888 				(double)num / tt);
889 			fflush(stdout);
890 			break;
891 		}
892 		num <<= 1;
893 	}
894 }
895 
896 static void
test_speed_rsa_i15(void)897 test_speed_rsa_i15(void)
898 {
899 	test_speed_rsa_inner("RSA i15",
900 		&br_rsa_i15_public, &br_rsa_i15_private, &br_rsa_i15_keygen);
901 }
902 
903 static void
test_speed_rsa_i31(void)904 test_speed_rsa_i31(void)
905 {
906 	test_speed_rsa_inner("RSA i31",
907 		&br_rsa_i31_public, &br_rsa_i31_private, &br_rsa_i31_keygen);
908 }
909 
910 static void
test_speed_rsa_i32(void)911 test_speed_rsa_i32(void)
912 {
913 	test_speed_rsa_inner("RSA i32",
914 		&br_rsa_i32_public, &br_rsa_i32_private, 0);
915 }
916 
917 static void
test_speed_rsa_i62(void)918 test_speed_rsa_i62(void)
919 {
920 	br_rsa_public pub;
921 	br_rsa_private priv;
922 	br_rsa_keygen kgen;
923 
924 	pub = br_rsa_i62_public_get();
925 	priv = br_rsa_i62_private_get();
926 	kgen = br_rsa_i62_keygen_get();
927 	if (pub) {
928 		test_speed_rsa_inner("RSA i62", pub, priv, kgen);
929 	} else {
930 		printf("%-30s UNAVAILABLE\n", "RSA i62");
931 	}
932 }
933 
934 static void
test_speed_ec_inner_1(const char * name,const br_ec_impl * impl,const br_ec_curve_def * cd)935 test_speed_ec_inner_1(const char *name,
936 	const br_ec_impl *impl, const br_ec_curve_def *cd)
937 {
938 	unsigned char bx[80], U[160];
939 	uint32_t x[22], n[22];
940 	size_t nlen, ulen;
941 	int i;
942 	long num;
943 
944 	nlen = cd->order_len;
945 	br_i31_decode(n, cd->order, nlen);
946 	memset(bx, 'T', sizeof bx);
947 	br_i31_decode_reduce(x, bx, sizeof bx, n);
948 	br_i31_encode(bx, nlen, x);
949 	ulen = cd->generator_len;
950 	memcpy(U, cd->generator, ulen);
951 	for (i = 0; i < 10; i ++) {
952 		impl->mul(U, ulen, bx, nlen, cd->curve);
953 	}
954 	num = 10;
955 	for (;;) {
956 		clock_t begin, end;
957 		double tt;
958 		long k;
959 
960 		begin = clock();
961 		for (k = num; k > 0; k --) {
962 			impl->mul(U, ulen, bx, nlen, cd->curve);
963 		}
964 		end = clock();
965 		tt = (double)(end - begin) / CLOCKS_PER_SEC;
966 		if (tt >= 2.0) {
967 			printf("%-30s %8.2f mul/s\n", name,
968 				(double)num / tt);
969 			fflush(stdout);
970 			break;
971 		}
972 		num <<= 1;
973 	}
974 }
975 
976 static void
test_speed_ec_inner_2(const char * name,const br_ec_impl * impl,const br_ec_curve_def * cd)977 test_speed_ec_inner_2(const char *name,
978 	const br_ec_impl *impl, const br_ec_curve_def *cd)
979 {
980 	unsigned char bx[80], U[160];
981 	uint32_t x[22], n[22];
982 	size_t nlen;
983 	int i;
984 	long num;
985 
986 	nlen = cd->order_len;
987 	br_i31_decode(n, cd->order, nlen);
988 	memset(bx, 'T', sizeof bx);
989 	br_i31_decode_reduce(x, bx, sizeof bx, n);
990 	br_i31_encode(bx, nlen, x);
991 	for (i = 0; i < 10; i ++) {
992 		impl->mulgen(U, bx, nlen, cd->curve);
993 	}
994 	num = 10;
995 	for (;;) {
996 		clock_t begin, end;
997 		double tt;
998 		long k;
999 
1000 		begin = clock();
1001 		for (k = num; k > 0; k --) {
1002 			impl->mulgen(U, bx, nlen, cd->curve);
1003 		}
1004 		end = clock();
1005 		tt = (double)(end - begin) / CLOCKS_PER_SEC;
1006 		if (tt >= 2.0) {
1007 			printf("%-30s %8.2f mul/s\n", name,
1008 				(double)num / tt);
1009 			fflush(stdout);
1010 			break;
1011 		}
1012 		num <<= 1;
1013 	}
1014 }
1015 
1016 static void
test_speed_ec_inner(const char * name,const br_ec_impl * impl,const br_ec_curve_def * cd)1017 test_speed_ec_inner(const char *name,
1018 	const br_ec_impl *impl, const br_ec_curve_def *cd)
1019 {
1020 	char tmp[50];
1021 
1022 	test_speed_ec_inner_1(name, impl, cd);
1023 	sprintf(tmp, "%s (FP)", name);
1024 	test_speed_ec_inner_2(tmp, impl, cd);
1025 }
1026 
1027 static void
test_speed_ec_p256_m15(void)1028 test_speed_ec_p256_m15(void)
1029 {
1030 	test_speed_ec_inner("EC p256_m15",
1031 		&br_ec_p256_m15, &br_secp256r1);
1032 }
1033 
1034 static void
test_speed_ec_p256_m31(void)1035 test_speed_ec_p256_m31(void)
1036 {
1037 	test_speed_ec_inner("EC p256_m31",
1038 		&br_ec_p256_m31, &br_secp256r1);
1039 }
1040 
1041 static void
test_speed_ec_p256_m62(void)1042 test_speed_ec_p256_m62(void)
1043 {
1044 	const br_ec_impl *ec;
1045 
1046 	ec = br_ec_p256_m62_get();
1047 	if (ec != NULL) {
1048 		test_speed_ec_inner("EC p256_m62", ec, &br_secp256r1);
1049 	} else {
1050 		printf("%-30s UNAVAILABLE\n", "EC p256_m62");
1051 	}
1052 }
1053 
1054 static void
test_speed_ec_p256_m64(void)1055 test_speed_ec_p256_m64(void)
1056 {
1057 	const br_ec_impl *ec;
1058 
1059 	ec = br_ec_p256_m64_get();
1060 	if (ec != NULL) {
1061 		test_speed_ec_inner("EC p256_m64", ec, &br_secp256r1);
1062 	} else {
1063 		printf("%-30s UNAVAILABLE\n", "EC p256_m64");
1064 	}
1065 }
1066 
1067 static void
test_speed_ec_prime_i15(void)1068 test_speed_ec_prime_i15(void)
1069 {
1070 	test_speed_ec_inner("EC prime_i15 P-256",
1071 		&br_ec_prime_i15, &br_secp256r1);
1072 	test_speed_ec_inner("EC prime_i15 P-384",
1073 		&br_ec_prime_i15, &br_secp384r1);
1074 	test_speed_ec_inner("EC prime_i15 P-521",
1075 		&br_ec_prime_i15, &br_secp521r1);
1076 }
1077 
1078 static void
test_speed_ec_prime_i31(void)1079 test_speed_ec_prime_i31(void)
1080 {
1081 	test_speed_ec_inner("EC prime_i31 P-256",
1082 		&br_ec_prime_i31, &br_secp256r1);
1083 	test_speed_ec_inner("EC prime_i31 P-384",
1084 		&br_ec_prime_i31, &br_secp384r1);
1085 	test_speed_ec_inner("EC prime_i31 P-521",
1086 		&br_ec_prime_i31, &br_secp521r1);
1087 }
1088 
1089 static void
test_speed_ec_c25519_i15(void)1090 test_speed_ec_c25519_i15(void)
1091 {
1092 	test_speed_ec_inner("EC c25519_i15",
1093 		&br_ec_c25519_i15, &br_curve25519);
1094 }
1095 
1096 static void
test_speed_ec_c25519_i31(void)1097 test_speed_ec_c25519_i31(void)
1098 {
1099 	test_speed_ec_inner("EC c25519_i31",
1100 		&br_ec_c25519_i31, &br_curve25519);
1101 }
1102 
1103 static void
test_speed_ec_c25519_m15(void)1104 test_speed_ec_c25519_m15(void)
1105 {
1106 	test_speed_ec_inner("EC c25519_m15",
1107 		&br_ec_c25519_m15, &br_curve25519);
1108 }
1109 
1110 static void
test_speed_ec_c25519_m31(void)1111 test_speed_ec_c25519_m31(void)
1112 {
1113 	test_speed_ec_inner("EC c25519_m31",
1114 		&br_ec_c25519_m31, &br_curve25519);
1115 }
1116 
1117 static void
test_speed_ec_c25519_m62(void)1118 test_speed_ec_c25519_m62(void)
1119 {
1120 	const br_ec_impl *ec;
1121 
1122 	ec = br_ec_c25519_m62_get();
1123 	if (ec != NULL) {
1124 		test_speed_ec_inner("EC c25519_m62", ec, &br_curve25519);
1125 	} else {
1126 		printf("%-30s UNAVAILABLE\n", "EC c25519_m62");
1127 	}
1128 }
1129 
1130 static void
test_speed_ec_c25519_m64(void)1131 test_speed_ec_c25519_m64(void)
1132 {
1133 	const br_ec_impl *ec;
1134 
1135 	ec = br_ec_c25519_m64_get();
1136 	if (ec != NULL) {
1137 		test_speed_ec_inner("EC c25519_m64", ec, &br_curve25519);
1138 	} else {
1139 		printf("%-30s UNAVAILABLE\n", "EC c25519_m64");
1140 	}
1141 }
1142 
1143 static void
test_speed_ecdsa_inner(const char * name,const br_ec_impl * impl,const br_ec_curve_def * cd,br_ecdsa_sign sign,br_ecdsa_vrfy vrfy)1144 test_speed_ecdsa_inner(const char *name,
1145 	const br_ec_impl *impl, const br_ec_curve_def *cd,
1146 	br_ecdsa_sign sign, br_ecdsa_vrfy vrfy)
1147 {
1148 	unsigned char bx[80], U[160], hv[32], sig[160];
1149 	uint32_t x[22], n[22];
1150 	size_t nlen, ulen, sig_len;
1151 	int i;
1152 	long num;
1153 	br_ec_private_key sk;
1154 	br_ec_public_key pk;
1155 
1156 	nlen = cd->order_len;
1157 	br_i31_decode(n, cd->order, nlen);
1158 	memset(bx, 'T', sizeof bx);
1159 	br_i31_decode_reduce(x, bx, sizeof bx, n);
1160 	br_i31_encode(bx, nlen, x);
1161 	ulen = cd->generator_len;
1162 	memcpy(U, cd->generator, ulen);
1163 	impl->mul(U, ulen, bx, nlen, cd->curve);
1164 	sk.curve = cd->curve;
1165 	sk.x = bx;
1166 	sk.xlen = nlen;
1167 	pk.curve = cd->curve;
1168 	pk.q = U;
1169 	pk.qlen = ulen;
1170 
1171 	memset(hv, 'H', sizeof hv);
1172 	sig_len = sign(impl, &br_sha256_vtable, hv, &sk, sig);
1173 	if (vrfy(impl, hv, sizeof hv, &pk, sig, sig_len) != 1) {
1174 		fprintf(stderr, "self-test sign/verify failed\n");
1175 		exit(EXIT_FAILURE);
1176 	}
1177 
1178 	for (i = 0; i < 10; i ++) {
1179 		hv[1] ++;
1180 		sign(impl, &br_sha256_vtable, hv, &sk, sig);
1181 		vrfy(impl, hv, sizeof hv, &pk, sig, sig_len);
1182 	}
1183 
1184 	num = 10;
1185 	for (;;) {
1186 		clock_t begin, end;
1187 		double tt;
1188 		long k;
1189 
1190 		begin = clock();
1191 		for (k = num; k > 0; k --) {
1192 			hv[1] ++;
1193 			sig_len = sign(impl, &br_sha256_vtable, hv, &sk, sig);
1194 		}
1195 		end = clock();
1196 		tt = (double)(end - begin) / CLOCKS_PER_SEC;
1197 		if (tt >= 2.0) {
1198 			printf("%-30s %8.2f sign/s\n", name,
1199 				(double)num / tt);
1200 			fflush(stdout);
1201 			break;
1202 		}
1203 		num <<= 1;
1204 	}
1205 
1206 	num = 10;
1207 	for (;;) {
1208 		clock_t begin, end;
1209 		double tt;
1210 		long k;
1211 
1212 		begin = clock();
1213 		for (k = num; k > 0; k --) {
1214 			vrfy(impl, hv, sizeof hv, &pk, sig, sig_len);
1215 		}
1216 		end = clock();
1217 		tt = (double)(end - begin) / CLOCKS_PER_SEC;
1218 		if (tt >= 2.0) {
1219 			printf("%-30s %8.2f verify/s\n", name,
1220 				(double)num / tt);
1221 			fflush(stdout);
1222 			break;
1223 		}
1224 		num <<= 1;
1225 	}
1226 }
1227 
1228 static void
test_speed_ecdsa_p256_m15(void)1229 test_speed_ecdsa_p256_m15(void)
1230 {
1231 	test_speed_ecdsa_inner("ECDSA m15 P-256",
1232 		&br_ec_p256_m15, &br_secp256r1,
1233 		&br_ecdsa_i15_sign_asn1,
1234 		&br_ecdsa_i15_vrfy_asn1);
1235 }
1236 
1237 static void
test_speed_ecdsa_p256_m31(void)1238 test_speed_ecdsa_p256_m31(void)
1239 {
1240 	test_speed_ecdsa_inner("ECDSA m31 P-256",
1241 		&br_ec_p256_m31, &br_secp256r1,
1242 		&br_ecdsa_i31_sign_asn1,
1243 		&br_ecdsa_i31_vrfy_asn1);
1244 }
1245 
1246 static void
test_speed_ecdsa_p256_m62(void)1247 test_speed_ecdsa_p256_m62(void)
1248 {
1249 	const br_ec_impl *ec;
1250 
1251 	ec = br_ec_p256_m62_get();
1252 	if (ec != NULL) {
1253 		test_speed_ecdsa_inner("ECDSA m62 P-256",
1254 			ec, &br_secp256r1,
1255 			&br_ecdsa_i31_sign_asn1,
1256 			&br_ecdsa_i31_vrfy_asn1);
1257 	} else {
1258 		printf("%-30s UNAVAILABLE\n", "ECDSA m62 P-256");
1259 	}
1260 }
1261 
1262 static void
test_speed_ecdsa_p256_m64(void)1263 test_speed_ecdsa_p256_m64(void)
1264 {
1265 	const br_ec_impl *ec;
1266 
1267 	ec = br_ec_p256_m64_get();
1268 	if (ec != NULL) {
1269 		test_speed_ecdsa_inner("ECDSA m64 P-256",
1270 			ec, &br_secp256r1,
1271 			&br_ecdsa_i31_sign_asn1,
1272 			&br_ecdsa_i31_vrfy_asn1);
1273 	} else {
1274 		printf("%-30s UNAVAILABLE\n", "ECDSA m64 P-256");
1275 	}
1276 }
1277 
1278 static void
test_speed_ecdsa_i15(void)1279 test_speed_ecdsa_i15(void)
1280 {
1281 	test_speed_ecdsa_inner("ECDSA i15 P-256",
1282 		&br_ec_prime_i15, &br_secp256r1,
1283 		&br_ecdsa_i15_sign_asn1,
1284 		&br_ecdsa_i15_vrfy_asn1);
1285 	test_speed_ecdsa_inner("ECDSA i15 P-384",
1286 		&br_ec_prime_i15, &br_secp384r1,
1287 		&br_ecdsa_i15_sign_asn1,
1288 		&br_ecdsa_i15_vrfy_asn1);
1289 	test_speed_ecdsa_inner("ECDSA i15 P-521",
1290 		&br_ec_prime_i15, &br_secp521r1,
1291 		&br_ecdsa_i15_sign_asn1,
1292 		&br_ecdsa_i15_vrfy_asn1);
1293 }
1294 
1295 static void
test_speed_ecdsa_i31(void)1296 test_speed_ecdsa_i31(void)
1297 {
1298 	test_speed_ecdsa_inner("ECDSA i31 P-256",
1299 		&br_ec_prime_i31, &br_secp256r1,
1300 		&br_ecdsa_i31_sign_asn1,
1301 		&br_ecdsa_i31_vrfy_asn1);
1302 	test_speed_ecdsa_inner("ECDSA i31 P-384",
1303 		&br_ec_prime_i31, &br_secp384r1,
1304 		&br_ecdsa_i31_sign_asn1,
1305 		&br_ecdsa_i31_vrfy_asn1);
1306 	test_speed_ecdsa_inner("ECDSA i31 P-521",
1307 		&br_ec_prime_i31, &br_secp521r1,
1308 		&br_ecdsa_i31_sign_asn1,
1309 		&br_ecdsa_i31_vrfy_asn1);
1310 }
1311 
1312 static void
test_speed_i31(void)1313 test_speed_i31(void)
1314 {
1315 	static const unsigned char bp[] = {
1316 		/* A 521-bit prime integer (order of the P-521 curve). */
1317 		0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
1318 		0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
1319 		0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
1320 		0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
1321 		0xFF, 0xFA, 0x51, 0x86, 0x87, 0x83, 0xBF, 0x2F,
1322 		0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09,
1323 		0xA5, 0xD0, 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C,
1324 		0x47, 0xAE, 0xBB, 0x6F, 0xB7, 0x1E, 0x91, 0x38,
1325 		0x64, 0x09
1326 	};
1327 
1328 	unsigned char tmp[60 + sizeof bp];
1329 	uint32_t p[20], x[20], y[20], z[20], uu[60], p0i;
1330 	int i;
1331 	long num;
1332 
1333 	br_i31_decode(p, bp, sizeof bp);
1334 	p0i = br_i31_ninv31(p[1]);
1335 	memset(tmp, 'T', sizeof tmp);
1336 	br_i31_decode_reduce(x, tmp, sizeof tmp, p);
1337 	memset(tmp, 'U', sizeof tmp);
1338 	br_i31_decode_reduce(y, tmp, sizeof tmp, p);
1339 
1340 	for (i = 0; i < 10; i ++) {
1341 		br_i31_to_monty(x, p);
1342 	}
1343 	num = 10;
1344 	for (;;) {
1345 		clock_t begin, end;
1346 		double tt;
1347 		long k;
1348 
1349 		begin = clock();
1350 		for (k = num; k > 0; k --) {
1351 			br_i31_to_monty(x, p);
1352 		}
1353 		end = clock();
1354 		tt = (double)(end - begin) / CLOCKS_PER_SEC;
1355 		if (tt >= 2.0) {
1356 			printf("%-30s %8.2f ops/s\n", "i31 to_monty",
1357 				(double)num / tt);
1358 			fflush(stdout);
1359 			break;
1360 		}
1361 		num <<= 1;
1362 	}
1363 
1364 	for (i = 0; i < 10; i ++) {
1365 		br_i31_from_monty(x, p, p0i);
1366 	}
1367 	num = 10;
1368 	for (;;) {
1369 		clock_t begin, end;
1370 		double tt;
1371 		long k;
1372 
1373 		begin = clock();
1374 		for (k = num; k > 0; k --) {
1375 			br_i31_from_monty(x, p, p0i);
1376 		}
1377 		end = clock();
1378 		tt = (double)(end - begin) / CLOCKS_PER_SEC;
1379 		if (tt >= 2.0) {
1380 			printf("%-30s %8.2f ops/s\n", "i31 from_monty",
1381 				(double)num / tt);
1382 			fflush(stdout);
1383 			break;
1384 		}
1385 		num <<= 1;
1386 	}
1387 
1388 	for (i = 0; i < 10; i ++) {
1389 		br_i31_montymul(z, x, y, p, p0i);
1390 	}
1391 	num = 10;
1392 	for (;;) {
1393 		clock_t begin, end;
1394 		double tt;
1395 		long k;
1396 
1397 		begin = clock();
1398 		for (k = num; k > 0; k --) {
1399 			br_i31_montymul(z, x, y, p, p0i);
1400 		}
1401 		end = clock();
1402 		tt = (double)(end - begin) / CLOCKS_PER_SEC;
1403 		if (tt >= 2.0) {
1404 			printf("%-30s %8.2f ops/s\n", "i31 montymul",
1405 				(double)num / tt);
1406 			fflush(stdout);
1407 			break;
1408 		}
1409 		num <<= 1;
1410 	}
1411 
1412 	for (i = 0; i < 10; i ++) {
1413 		br_i31_moddiv(x, y, p, p0i, uu);
1414 	}
1415 	num = 10;
1416 	for (;;) {
1417 		clock_t begin, end;
1418 		double tt;
1419 		long k;
1420 
1421 		begin = clock();
1422 		for (k = num; k > 0; k --) {
1423 			br_i31_moddiv(x, y, p, p0i, uu);
1424 		}
1425 		end = clock();
1426 		tt = (double)(end - begin) / CLOCKS_PER_SEC;
1427 		if (tt >= 2.0) {
1428 			printf("%-30s %8.2f ops/s\n", "i31 moddiv",
1429 				(double)num / tt);
1430 			fflush(stdout);
1431 			break;
1432 		}
1433 		num <<= 1;
1434 	}
1435 }
1436 
1437 #if 0
1438 
1439 static unsigned char P2048[] = {
1440 	0xFD, 0xB6, 0xE0, 0x3E, 0x00, 0x49, 0x4C, 0xF0, 0x69, 0x3A, 0xDD, 0x7D,
1441 	0xF8, 0xA2, 0x41, 0xB0, 0x6C, 0x67, 0xC5, 0xBA, 0xB8, 0x46, 0x80, 0xF5,
1442 	0xBF, 0xAB, 0x98, 0xFC, 0x84, 0x73, 0xA5, 0x63, 0xC9, 0x52, 0x12, 0xDA,
1443 	0x4C, 0xC1, 0x5B, 0x9D, 0x8D, 0xDF, 0xCD, 0xFE, 0xC5, 0xAD, 0x5A, 0x6F,
1444 	0xDD, 0x02, 0xD9, 0xEC, 0x71, 0xEF, 0xEB, 0xB6, 0x95, 0xED, 0x94, 0x25,
1445 	0x0E, 0x63, 0xDD, 0x6A, 0x52, 0xC7, 0x93, 0xAF, 0x85, 0x9D, 0x2C, 0xBE,
1446 	0x5C, 0xBE, 0x35, 0xD8, 0xDD, 0x39, 0xEF, 0x1B, 0xB1, 0x49, 0x67, 0xB2,
1447 	0x33, 0xC9, 0x7C, 0xE1, 0x51, 0x79, 0x51, 0x59, 0xCA, 0x6E, 0x2A, 0xDF,
1448 	0x0D, 0x76, 0x1C, 0xE7, 0xA5, 0xC0, 0x1E, 0x6C, 0x56, 0x3A, 0x32, 0xE5,
1449 	0xB5, 0xC5, 0xD4, 0xDB, 0xFE, 0xFF, 0xF8, 0xF2, 0x96, 0xA9, 0xC9, 0x65,
1450 	0x59, 0x9E, 0x01, 0x79, 0x9D, 0x38, 0x68, 0x0F, 0xAD, 0x43, 0x3A, 0xD6,
1451 	0x84, 0x0A, 0xE2, 0xEF, 0x96, 0xC1, 0x6D, 0x89, 0x74, 0x19, 0x63, 0x82,
1452 	0x3B, 0xA0, 0x9C, 0xBA, 0x78, 0xDE, 0xDC, 0xC2, 0xE7, 0xD4, 0xFA, 0xD6,
1453 	0x19, 0x21, 0x29, 0xAE, 0x5E, 0xF4, 0x38, 0x81, 0xC6, 0x9E, 0x0E, 0x3C,
1454 	0xCD, 0xC0, 0xDC, 0x93, 0x5D, 0xFD, 0x9A, 0x5C, 0xAB, 0x54, 0x1F, 0xFF,
1455 	0x9C, 0x12, 0x1B, 0x4C, 0xDF, 0x2D, 0x9C, 0x85, 0xF9, 0x68, 0x15, 0x89,
1456 	0x42, 0x9B, 0x6C, 0x45, 0x89, 0x3A, 0xBC, 0xE9, 0x19, 0x91, 0xBE, 0x0C,
1457 	0xEF, 0x90, 0xCC, 0xF6, 0xD6, 0xF0, 0x3D, 0x5C, 0xF5, 0xE5, 0x0F, 0x2F,
1458 	0x02, 0x8A, 0x83, 0x4B, 0x93, 0x2F, 0x14, 0x12, 0x1F, 0x56, 0x9A, 0x12,
1459 	0x58, 0x88, 0xAE, 0x60, 0xB8, 0x5A, 0xE4, 0xA1, 0xBF, 0x4A, 0x81, 0x84,
1460 	0xAB, 0xBB, 0xE4, 0xD0, 0x1D, 0x41, 0xD9, 0x0A, 0xAB, 0x1E, 0x47, 0x5B,
1461 	0x31, 0xAC, 0x2B, 0x73
1462 };
1463 
1464 static unsigned char G2048[] = {
1465 	0x02
1466 };
1467 
1468 static void
1469 test_speed_modpow(void)
1470 {
1471 	uint32_t mx[65], mp[65], me[65], t1[65], t2[65], len;
1472 	unsigned char e[64];
1473 	int i;
1474 	long num;
1475 
1476 	len = br_int_decode(mp, sizeof mp / sizeof mp[0],
1477 		P2048, sizeof P2048);
1478 	if (len != 65) {
1479 		abort();
1480 	}
1481 	memset(e, 'P', sizeof e);
1482 	if (!br_int_decode(me, sizeof me / sizeof me[0], e, sizeof e)) {
1483 		abort();
1484 	}
1485 	if (!br_modint_decode(mx, mp, G2048, sizeof G2048)) {
1486 		abort();
1487 	}
1488 	for (i = 0; i < 10; i ++) {
1489 		br_modint_to_monty(mx, mp);
1490 		br_modint_montypow(mx, me, mp, t1, t2);
1491 		br_modint_from_monty(mx, mp);
1492 	}
1493 	num = 10;
1494 	for (;;) {
1495 		clock_t begin, end;
1496 		double tt;
1497 		long k;
1498 
1499 		begin = clock();
1500 		for (k = num; k > 0; k --) {
1501 			br_modint_to_monty(mx, mp);
1502 			br_modint_montypow(mx, me, mp, t1, t2);
1503 			br_modint_from_monty(mx, mp);
1504 		}
1505 		end = clock();
1506 		tt = (double)(end - begin) / CLOCKS_PER_SEC;
1507 		if (tt >= 2.0) {
1508 			printf("%-30s %8.2f exp/s\n", "pow[2048:256]",
1509 				(double)num / tt);
1510 			fflush(stdout);
1511 			return;
1512 		}
1513 		num <<= 1;
1514 	}
1515 }
1516 
1517 static void
1518 test_speed_moddiv(void)
1519 {
1520 	uint32_t mx[65], my[65], mp[65], t1[65], t2[65], t3[65], len;
1521 	unsigned char x[255], y[255];
1522 	int i;
1523 	long num;
1524 
1525 	len = br_int_decode(mp, sizeof mp / sizeof mp[0],
1526 		P2048, sizeof P2048);
1527 	if (len != 65) {
1528 		abort();
1529 	}
1530 	memset(x, 'T', sizeof x);
1531 	memset(y, 'P', sizeof y);
1532 	if (!br_modint_decode(mx, mp, x, sizeof x)) {
1533 		abort();
1534 	}
1535 	if (!br_modint_decode(my, mp, y, sizeof y)) {
1536 		abort();
1537 	}
1538 	for (i = 0; i < 10; i ++) {
1539 		br_modint_div(mx, my, mp, t1, t2, t3);
1540 	}
1541 	num = 10;
1542 	for (;;) {
1543 		clock_t begin, end;
1544 		double tt;
1545 		long k;
1546 
1547 		begin = clock();
1548 		for (k = num; k > 0; k --) {
1549 			br_modint_div(mx, my, mp, t1, t2, t3);
1550 		}
1551 		end = clock();
1552 		tt = (double)(end - begin) / CLOCKS_PER_SEC;
1553 		if (tt >= 2.0) {
1554 			printf("%-30s %8.2f div/s\n", "div[2048]",
1555 				(double)num / tt);
1556 			fflush(stdout);
1557 			return;
1558 		}
1559 		num <<= 1;
1560 	}
1561 }
1562 #endif
1563 
1564 #define STU(x)   { test_speed_ ## x, #x }
1565 
1566 static const struct {
1567 	void (*fn)(void);
1568 	char *name;
1569 } tfns[] = {
1570 	STU(md5),
1571 	STU(sha1),
1572 	STU(sha256),
1573 	STU(sha512),
1574 
1575 	STU(aes128_big_cbcenc),
1576 	STU(aes128_big_cbcdec),
1577 	STU(aes192_big_cbcenc),
1578 	STU(aes192_big_cbcdec),
1579 	STU(aes256_big_cbcenc),
1580 	STU(aes256_big_cbcdec),
1581 	STU(aes128_big_ctr),
1582 	STU(aes192_big_ctr),
1583 	STU(aes256_big_ctr),
1584 
1585 	STU(aes128_small_cbcenc),
1586 	STU(aes128_small_cbcdec),
1587 	STU(aes192_small_cbcenc),
1588 	STU(aes192_small_cbcdec),
1589 	STU(aes256_small_cbcenc),
1590 	STU(aes256_small_cbcdec),
1591 	STU(aes128_small_ctr),
1592 	STU(aes192_small_ctr),
1593 	STU(aes256_small_ctr),
1594 
1595 	STU(aes128_ct_cbcenc),
1596 	STU(aes128_ct_cbcdec),
1597 	STU(aes192_ct_cbcenc),
1598 	STU(aes192_ct_cbcdec),
1599 	STU(aes256_ct_cbcenc),
1600 	STU(aes256_ct_cbcdec),
1601 	STU(aes128_ct_ctr),
1602 	STU(aes192_ct_ctr),
1603 	STU(aes256_ct_ctr),
1604 
1605 	STU(aes128_ct64_cbcenc),
1606 	STU(aes128_ct64_cbcdec),
1607 	STU(aes192_ct64_cbcenc),
1608 	STU(aes192_ct64_cbcdec),
1609 	STU(aes256_ct64_cbcenc),
1610 	STU(aes256_ct64_cbcdec),
1611 	STU(aes128_ct64_ctr),
1612 	STU(aes192_ct64_ctr),
1613 	STU(aes256_ct64_ctr),
1614 
1615 	STU(aes128_x86ni_cbcenc),
1616 	STU(aes128_x86ni_cbcdec),
1617 	STU(aes192_x86ni_cbcenc),
1618 	STU(aes192_x86ni_cbcdec),
1619 	STU(aes256_x86ni_cbcenc),
1620 	STU(aes256_x86ni_cbcdec),
1621 	STU(aes128_x86ni_ctr),
1622 	STU(aes192_x86ni_ctr),
1623 	STU(aes256_x86ni_ctr),
1624 
1625 	STU(aes128_pwr8_cbcenc),
1626 	STU(aes128_pwr8_cbcdec),
1627 	STU(aes192_pwr8_cbcenc),
1628 	STU(aes192_pwr8_cbcdec),
1629 	STU(aes256_pwr8_cbcenc),
1630 	STU(aes256_pwr8_cbcdec),
1631 	STU(aes128_pwr8_ctr),
1632 	STU(aes192_pwr8_ctr),
1633 	STU(aes256_pwr8_ctr),
1634 
1635 	STU(des_tab_cbcenc),
1636 	STU(des_tab_cbcdec),
1637 	STU(3des_tab_cbcenc),
1638 	STU(3des_tab_cbcdec),
1639 
1640 	STU(des_ct_cbcenc),
1641 	STU(des_ct_cbcdec),
1642 	STU(3des_ct_cbcenc),
1643 	STU(3des_ct_cbcdec),
1644 
1645 	STU(chacha20_ct),
1646 	STU(chacha20_sse2),
1647 
1648 	STU(ghash_ctmul),
1649 	STU(ghash_ctmul32),
1650 	STU(ghash_ctmul64),
1651 	STU(ghash_pclmul),
1652 	STU(ghash_pwr8),
1653 
1654 	STU(poly1305_ctmul),
1655 	STU(poly1305_ctmul32),
1656 	STU(poly1305_ctmulq),
1657 	STU(poly1305_i15),
1658 
1659 	STU(eax_aes128_big),
1660 	STU(eax_aes192_big),
1661 	STU(eax_aes256_big),
1662 	STU(eax_aes128_small),
1663 	STU(eax_aes192_small),
1664 	STU(eax_aes256_small),
1665 	STU(eax_aes128_ct),
1666 	STU(eax_aes192_ct),
1667 	STU(eax_aes256_ct),
1668 	STU(eax_aes128_ct64),
1669 	STU(eax_aes192_ct64),
1670 	STU(eax_aes256_ct64),
1671 	STU(eax_aes128_x86ni),
1672 	STU(eax_aes192_x86ni),
1673 	STU(eax_aes256_x86ni),
1674 	STU(eax_aes128_pwr8),
1675 	STU(eax_aes192_pwr8),
1676 	STU(eax_aes256_pwr8),
1677 
1678 	STU(shake128),
1679 	STU(shake256),
1680 
1681 	STU(rsa_i15),
1682 	STU(rsa_i31),
1683 	STU(rsa_i32),
1684 	STU(rsa_i62),
1685 	STU(ec_prime_i15),
1686 	STU(ec_prime_i31),
1687 	STU(ec_p256_m15),
1688 	STU(ec_p256_m31),
1689 	STU(ec_p256_m62),
1690 	STU(ec_p256_m64),
1691 	STU(ec_c25519_i15),
1692 	STU(ec_c25519_i31),
1693 	STU(ec_c25519_m15),
1694 	STU(ec_c25519_m31),
1695 	STU(ec_c25519_m62),
1696 	STU(ec_c25519_m64),
1697 	STU(ecdsa_p256_m15),
1698 	STU(ecdsa_p256_m31),
1699 	STU(ecdsa_p256_m62),
1700 	STU(ecdsa_p256_m64),
1701 	STU(ecdsa_i15),
1702 	STU(ecdsa_i31),
1703 
1704 	STU(i31)
1705 };
1706 
1707 static int
eq_name(const char * s1,const char * s2)1708 eq_name(const char *s1, const char *s2)
1709 {
1710 	for (;;) {
1711 		int c1, c2;
1712 
1713 		for (;;) {
1714 			c1 = *s1 ++;
1715 			if (c1 >= 'A' && c1 <= 'Z') {
1716 				c1 += 'a' - 'A';
1717 			} else {
1718 				switch (c1) {
1719 				case '-': case '_': case '.': case ' ':
1720 					continue;
1721 				}
1722 			}
1723 			break;
1724 		}
1725 		for (;;) {
1726 			c2 = *s2 ++;
1727 			if (c2 >= 'A' && c2 <= 'Z') {
1728 				c2 += 'a' - 'A';
1729 			} else {
1730 				switch (c2) {
1731 				case '-': case '_': case '.': case ' ':
1732 					continue;
1733 				}
1734 			}
1735 			break;
1736 		}
1737 		if (c1 != c2) {
1738 			return 0;
1739 		}
1740 		if (c1 == 0) {
1741 			return 1;
1742 		}
1743 	}
1744 }
1745 
1746 int
main(int argc,char * argv[])1747 main(int argc, char *argv[])
1748 {
1749 	size_t u;
1750 
1751 	if (argc <= 1) {
1752 		printf("usage: testspeed all | name...\n");
1753 		printf("individual test names:\n");
1754 		for (u = 0; u < (sizeof tfns) / (sizeof tfns[0]); u ++) {
1755 			printf("   %s\n", tfns[u].name);
1756 		}
1757 	} else {
1758 		for (u = 0; u < (sizeof tfns) / (sizeof tfns[0]); u ++) {
1759 			int i;
1760 
1761 			for (i = 1; i < argc; i ++) {
1762 				if (eq_name(argv[i], tfns[u].name)
1763 					|| eq_name(argv[i], "all"))
1764 				{
1765 					tfns[u].fn();
1766 					break;
1767 				}
1768 			}
1769 		}
1770 	}
1771 	return 0;
1772 }
1773