aboutsummaryrefslogtreecommitdiffstats
path: root/src/cli/speed.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Content:Tomasz Frydrych2017-04-031-7/+2
| | | | | | | | | * fixes for deprecated constructions in c++11 and later (explicit rule of 3/5 or implicit rule of 0 and other violations) * `default` specifier instead of `{}` in some places(probably all) * removal of unreachable code (for example `return` after `throw`) * removal of compilation unit only visible, but not used functions * fix for `throw()` specifier - used instead `BOTAN_NOEXCEPT` * removed not needed semicolons
* Add RDRAND_RNG speed testJack Lloyd2017-03-191-0/+12
|
* Add toggle to disable SIMD speed test added in 2a7127fea6Jack Lloyd2017-02-041-36/+105
| | | | | | | | | | Failed to consider need for ISA flags (none required on x86-64 or aarch64 which are my primary test targets) but handling this correctly requires splitting up speed.cpp which requires a lot more refactoring work than I want to take on. Anyway the additional complexity just for this microbenchmark is not worth it so hide it behind a macro check. Also add an ECC scalar perf test.
* Add modexp speed testJack Lloyd2017-02-021-1/+38
| | | | Tests both short and full size exponents
* Report cycles/byte in speed testsJack Lloyd2017-02-021-19/+150
| | | | Add SIMD perf test
* Fix duplicate entry in XMSS speed paramsJack Lloyd2017-01-061-1/+1
|
* Fix XMSS speed commandJack Lloyd2016-12-241-4/+6
|
* Make XMSS more friendly about invalid params.Jack Lloyd2016-11-251-1/+2
| | | | | | Previously just throw an exception from map.at Add an XMSS keygen test, and add default params for create_private_key
* Add CECPQ1 TLS ciphersuitesJack Lloyd2016-11-171-1/+1
| | | | | | | | | | | | | Tested against BoringSSL (as client + server) and google.com (as client). Fix a stupid crashing bug in NewHope's BoringSSL mode. Remove unneeded error return from curve25519_donna - always returned 0. Default policy prefers ChaChaPoly1305 over GCM and CECPQ1 over ECDH/DH, which means the default no-extra-configuration ciphersuite (for Botan client speaking to Botan server) is a ciphersuite which is both implemented in constant time on all platforms and (hopefully) provides post quantum security. Good Things.
* Basic speed test for XMSSJack Lloyd2016-11-121-0/+34
|
* Add SHAKE-128 and SHAKE-256 as hash functionsJack Lloyd2016-11-101-7/+7
|
* Merge GH #696 Add ECKCDSA and ECGDSA speed testsJack Lloyd2016-10-301-0/+62
|\
| * Add speedtests for ECKCDSA and ECGDSANever2016-10-301-0/+62
| |
* | Fix crash when default IV is empty. GH #697Jack Lloyd2016-10-301-1/+2
|/
* Remove HMAC_RNG, X9.31-RNG, BeOS stats, EGD reader, Unix process runnerJack Lloyd2016-10-281-17/+0
| | | | | Change AutoSeeded_RNG to use SHA-384, SHA-256, SHA-3(256), or SHA-1, whichever is available (in that order).
* Add create_private_key, expose key loading functions in pk_algs.hJack Lloyd2016-10-201-2/+4
|
* Add OS2ECP benchmark.Jack Lloyd2016-10-131-0/+36
| | | | | Turns out decompressing a point is ~50x slower than checking (x,y) is on the curve. Update relnote accordingly.
* Revert PK_Verifier change (don't require RNG there).Jack Lloyd2016-10-071-1/+1
| | | | | | | Verification is deterministic and public, so really no RNG is ever needed. Change provider handling - accepts "base", "openssl", or empty, otherwise throws a Provider_Not_Found exception.
* Remove Algo_Registry usage from public key code.Jack Lloyd2016-10-071-8/+8
| | | | | | | | Instead the key types exposes operations like `create_encryption_op` which will return the relevant operation if the algorithm supports it. Changes pubkey.h interface, now RNG is passed at init time. Blinder previous created its own RNG, now it takes it from app.
* Remove unused variableJack Lloyd2016-09-281-2/+0
| | | | [ci skip]
* Maintainer mode fixes.Jack Lloyd2016-09-211-1/+1
| | | | | | Mostly unused args and missing override notations. Fix DH - load_check calls were commented out for debugging.
* Merge GH #613 NewHope R-LWE key exchangeJack Lloyd2016-09-051-0/+77
|\
| * Newhope is really limited by RNG speed.Jack Lloyd2016-08-301-5/+33
| | | | | | | | 4x-8x overall speedup switching from HMAC_DRBG to ChaCha20
| * Add NEWHOPE KEM schemeJack Lloyd2016-08-301-0/+49
| | | | | | | | | | | | | | | | | | | | Provides conjectured 200-bit security against a quantum attacker. Based on the public domain reference implementation at https://github.com/tpoeppelmann/newhope and bit-for-bit compatible with that version. Test vectors generated by the reference testvector.c
* | 4x interleaved SSE2Jack Lloyd2016-09-011-2/+3
|/
* RNG changes (GH #593)Jack Lloyd2016-08-241-5/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change reseed interval logic to count calls to `randomize` rather than bytes, to match SP 800-90A Changes RNG reseeding API: there is no implicit reference to the global entropy sources within the RNGs anymore. The entropy sources must be supplied with the API call. Adds support for reseding directly from another RNG (such as a system or hardware RNG). Stateful_RNG keeps optional references to both an RNG and a set of entropy sources. During a reseed, both sources are used if set. These can be provided to HMAC_DRBG constructor. For HMAC_DRBG, SP800-90A requires we output no more than 2**16 bytes per DRBG request. We treat requests longer than that as if the caller had instead made several sequential maximum-length requests. This means it is possible for one or more reseeds to trigger even in the course of generating a single (long) output (generate a 256-bit key and use ChaCha or HKDF if this is a problem). Adds RNG::randomize_with_ts_input which takes timestamps and uses them as the additional_data DRBG field. Stateful_RNG overrides this to also include the process ID and the reseed counter. AutoSeeded_RNG's `randomize` uses this. Officially deprecates RNG::make_rng and the Serialized_RNG construtor which creates an AutoSeeded_RNG. With these removed, it would be possible to perform a build with no AutoSeeded_RNG/HMAC_DRBG at all (eg, for applications which only use the system RNG). Tests courtesy @cordney in GH PRs #598 and #600
* Revamp entropy pollingJack Lloyd2016-07-171-20/+8
| | | | | Remove Entropy_Accumulator, instead have entropy sources directly add entropy to the RNG.
* HMAC_RNG not always in buildJack Lloyd2016-07-171-2/+7
|
* Add Stateful_RNGJack Lloyd2016-07-171-4/+2
| | | | | | | | | | | | | | Handles fork checking for HMAC_RNG and HMAC_DRBG AutoSeeded_RNG change - switch to HMAC_DRBG as default. Start removing the io buffer from entropy poller. Update default RNG poll bits to 256. Fix McEliece test, was using wrong RNG API. Update docs.
* Add FPE_FE1 runtime metricsJack Lloyd2016-05-231-0/+47
|
* Remove Transform base classJack Lloyd2016-04-211-2/+2
| | | | | | | | | | | | | | | | | | | | | | With sufficient squinting, Transform provided an abstract base interface that covered both cipher modes and compression algorithms. However it mapped on neither of them particularly well. In addition this API had the same problem that has made me dislike the Pipe/Filter API: given a Transform&, what does it do when you put bits in? Maybe it encrypts. Maybe it compresses. It's a floor wax and a dessert topping! Currently the Cipher_Mode interface is left mostly unchanged, with the APIs previously on Transform just moved down the type hierarchy. I think there are some definite improvements possible here, wrt handling of in-place encryption, but left for a later commit. The compression API is split into two types, Compression_Algorithm and Decompression_Algorithm. Compression_Algorithm's start() call takes the compression level, allowing varying compressions with a single object. And flushing the compression state is moved to a bool param on `Compression_Algorithm::update`. All the nonsense WRT compression algorithms having zero length nonces, input granularity rules, etc as a result of using the Transform interface goes away.
* Fix a couple MSVC warnings.Jack Lloyd2016-04-091-6/+8
| | | | | | | | Cast std::streamsize to size_t since MSVC is worried gcount() might return a negative number. The entropy callbacks took the entropy estimate as a size_t instead of a double, which causes some verbose warnings due to the conversion.
* Add McEliece timeJack Lloyd2016-04-031-0/+82
|
* Clean up PK decryption encoding.Jack Lloyd2016-03-201-4/+7
| | | | | | | Previously RSA and ElGamal stripped off leading zeros which were then assumed by the padding decoders. Instead have them produce ciphertexts with leading zeros. Changes EME_Raw to strip leading zeros to match existing behavior.
* cppcheck fixes: Class 'X' has a constructor with 1 argument that is not ↵Daniel Neus2016-03-051-6/+6
| | | | explicit.
* For odd moduli use a input-independent modular inverse algorithm.Jack Lloyd2016-02-201-4/+49
| | | | Also adds a (not const time) implementation of almost Montgomery reduction.
* Add tests and timings for inverse_modJack Lloyd2016-02-201-7/+38
|
* Fix remaining Wshadow warnings and enable on gcc and clangRené Korthaus2016-02-181-3/+3
|
* Guard use of X9.31 RNG in macro checkJack Lloyd2016-01-291-3/+5
|
* Fix buffer sizes in speed. Avoid repeated MAC keyingsJack Lloyd2016-01-291-12/+8
|
* Add time tests for all RNG typesJack Lloyd2016-01-261-11/+68
|
* Add speed test for entropy sourcesJack Lloyd2016-01-171-6/+31
|
* Support small buffers in speed tests. Add RNG speed tests.Jack Lloyd2016-01-171-0/+798
|
* CLI rewriteJack Lloyd2015-12-191-214/+0
| | | | | | | | | | | | | | | | | | The command line tools' origin as a collection of examples and test programs glued together led to some unfortunate problems; lots of hardcoded values, missing parameters, and obsolete crypto. Adds a small library for writing command line programs of the sort needed here (cli.h), which cuts the length of many of the commands in half and makes commands more pleasant to write and extend. Generalizes a lot of the commands also, eg previously only signing/verification with DSA/SHA-1 was included! Removes the fuzzer entry point since that's fairly useless outside of an instrumented build. Removes the in-library API for benchmarking.
* Rename cmd/app -> cliSimon Warta2015-12-091-0/+214