Loading apps/speed.c +28 −2 Original line number Diff line number Diff line Loading @@ -183,6 +183,7 @@ #ifndef OPENSSL_NO_ECDH #include <openssl/ecdh.h> #endif #include <openssl/modes.h> #ifndef HAVE_FORK # if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_NETWARE) Loading Loading @@ -214,7 +215,7 @@ static void print_result(int alg,int run_no,int count,double time_used); static int do_multi(int multi); #endif #define ALGOR_NUM 29 #define ALGOR_NUM 30 #define SIZE_NUM 5 #define RSA_NUM 4 #define DSA_NUM 3 Loading @@ -229,7 +230,7 @@ static const char *names[ALGOR_NUM]={ "aes-128 cbc","aes-192 cbc","aes-256 cbc", "camellia-128 cbc","camellia-192 cbc","camellia-256 cbc", "evp","sha256","sha512","whirlpool", "aes-128 ige","aes-192 ige","aes-256 ige"}; "aes-128 ige","aes-192 ige","aes-256 ige","ghash" }; static double results[ALGOR_NUM][SIZE_NUM]; static int lengths[SIZE_NUM]={16,64,256,1024,8*1024}; #ifndef OPENSSL_NO_RSA Loading Loading @@ -479,6 +480,7 @@ int MAIN(int argc, char **argv) #define D_IGE_128_AES 26 #define D_IGE_192_AES 27 #define D_IGE_256_AES 28 #define D_GHASH 29 double d=0.0; long c[ALGOR_NUM][SIZE_NUM]; #define R_DSA_512 0 Loading Loading @@ -904,6 +906,10 @@ int MAIN(int argc, char **argv) doit[D_CBC_192_AES]=1; doit[D_CBC_256_AES]=1; } else if (strcmp(*argv,"ghash") == 0) { doit[D_GHASH]=1; } else #endif #ifndef OPENSSL_NO_CAMELLIA Loading Loading @@ -1273,6 +1279,7 @@ int MAIN(int argc, char **argv) c[D_IGE_128_AES][0]=count; c[D_IGE_192_AES][0]=count; c[D_IGE_256_AES][0]=count; c[D_GHASH][0]=count; for (i=1; i<SIZE_NUM; i++) { Loading Loading @@ -1566,7 +1573,11 @@ int MAIN(int argc, char **argv) print_message(names[D_SHA1],c[D_SHA1][j],lengths[j]); Time_F(START); for (count=0,run=1; COND(c[D_SHA1][j]); count++) #if 0 EVP_Digest(buf,(unsigned long)lengths[j],&(sha[0]),NULL,EVP_sha1(),NULL); #else SHA1(buf,lengths[j],sha); #endif d=Time_F(STOP); print_result(D_SHA1,j,count,d); } Loading Loading @@ -1763,7 +1774,22 @@ int MAIN(int argc, char **argv) print_result(D_IGE_256_AES,j,count,d); } } if (doit[D_GHASH]) { GCM128_CONTEXT *ctx = CRYPTO_gcm128_new(&aes_ks1,(block128_f)AES_encrypt); CRYPTO_gcm128_setiv (ctx,"0123456789ab",12); for (j=0; j<SIZE_NUM; j++) { print_message(names[D_GHASH],c[D_GHASH][j],lengths[j]); Time_F(START); for (count=0,run=1; COND(c[D_GHASH][j]); count++) CRYPTO_gcm128_aad(ctx,buf,lengths[j]); d=Time_F(STOP); print_result(D_GHASH,j,count,d); } CRYPTO_gcm128_release(ctx); } #endif #ifndef OPENSSL_NO_CAMELLIA Loading crypto/modes/gcm128.c +36 −29 Original line number Diff line number Diff line Loading @@ -47,6 +47,7 @@ * ==================================================================== */ #include "crypto.h" #include "modes_lcl.h" #include <string.h> Loading Loading @@ -458,8 +459,8 @@ static void gcm_ghash_4bit(u64 Xi[2],const u128 Htable[16], /* * Extra 256+16 bytes per-key plus 512 bytes shared tables * [should] give ~50% improvement... One could have PACK()-ed * the rem_8bit even here, but priority is to minimize memory * usage... * the rem_8bit even here, but the priority is to minimize * cache footprint... */ u128 Hshr4[16]; /* Htable shifted right by 4 bits */ u8 Hshl4[16]; /* Htable shifted left by 4 bits */ Loading Loading @@ -496,7 +497,6 @@ static void gcm_ghash_4bit(u64 Xi[2],const u128 Htable[16], 0xA7D0, 0xA612, 0xA454, 0xA596, 0xA0D8, 0xA11A, 0xA35C, 0xA29E, 0xB5E0, 0xB422, 0xB664, 0xB7A6, 0xB2E8, 0xB32A, 0xB16C, 0xB0AE, 0xBBF0, 0xBA32, 0xB874, 0xB9B6, 0xBCF8, 0xBD3A, 0xBF7C, 0xBEBE }; /* * This pre-processing phase slows down procedure by approximately * same time as it makes each loop spin faster. In other words Loading @@ -512,24 +512,7 @@ static void gcm_ghash_4bit(u64 Xi[2],const u128 Htable[16], } do { nlo = ((const u8 *)Xi)[15]; nlo ^= inp[15]; nhi = nlo>>4; nlo &= 0xf; Z.hi = Htable[nlo].hi; Z.lo = Htable[nlo].lo; rem = (size_t)Z.lo&0xff; Z.lo = (Z.hi<<56)|(Z.lo>>8); Z.hi = (Z.hi>>8); Z.hi ^= Hshr4[nhi].hi; Z.lo ^= Hshr4[nhi].lo; Z.hi ^= (u64)rem_8bit[rem^Hshl4[nhi]]<<48; for (cnt=14; cnt>0; --cnt) { for (Z.lo=0, Z.hi=0, cnt=15; cnt; --cnt) { nlo = ((const u8 *)Xi)[cnt]; nlo ^= inp[cnt]; nhi = nlo>>4; Loading Loading @@ -733,7 +716,7 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx,void *key,block128_f block) #if TABLE_BITS==8 gcm_init_8bit(ctx->Htable,ctx->H.u); #elif TABLE_BITS==4 # if defined(GHASH_ASM_IAX) # if defined(GHASH_ASM_IAX) /* both x86 and x86_64 */ if (OPENSSL_ia32cap_P[1]&(1<<1)) { gcm_init_clmul(ctx->Htable,ctx->H.u); ctx->gmult = gcm_gmult_clmul; Loading @@ -741,7 +724,7 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx,void *key,block128_f block) return; } gcm_init_4bit(ctx->Htable,ctx->H.u); # if defined(GHASH_ASM_X86) # if defined(GHASH_ASM_X86) /* x86 only */ if (OPENSSL_ia32cap_P[0]&(1<<23)) { ctx->gmult = gcm_gmult_4bit_mmx; ctx->ghash = gcm_ghash_4bit_mmx; Loading Loading @@ -1109,7 +1092,8 @@ void CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, ctx->res = n; } void CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx) int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx,const unsigned char *tag, size_t len) { const union { long one; char little; } is_endian = {1}; u64 alen = ctx->len.u[0]<<3; Loading Loading @@ -1139,6 +1123,29 @@ void CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx) ctx->Xi.u[0] ^= ctx->EK0.u[0]; ctx->Xi.u[1] ^= ctx->EK0.u[1]; if (tag && len<=sizeof(ctx->Xi)) return memcmp(ctx->Xi.c,tag,len); else return -1; } GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block) { GCM128_CONTEXT *ret; if ((ret = (GCM128_CONTEXT *)OPENSSL_malloc(sizeof(GCM128_CONTEXT)))) CRYPTO_gcm128_init(ret,key,block); return ret; } void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx) { if (ctx) { OPENSSL_cleanse(ctx,sizeof(*ctx)); OPENSSL_free(ctx); } } #if defined(SELFTEST) Loading Loading @@ -1365,14 +1372,14 @@ static const u8 IV18[]={0x93,0x13,0x22,0x5d,0xf8,0x84,0x06,0xe5,0x55,0x90,0x9c,0 CRYPTO_gcm128_setiv(&ctx,IV##n,sizeof(IV##n)); \ if (A##n) CRYPTO_gcm128_aad(&ctx,A##n,sizeof(A##n)); \ if (P##n) CRYPTO_gcm128_encrypt(&ctx,P##n,out,sizeof(out)); \ CRYPTO_gcm128_finish(&ctx); \ if (memcmp(ctx.Xi.c,T##n,16) || (C##n && memcmp(out,C##n,sizeof(out)))) \ if (CRYPTO_gcm128_finish(&ctx,T##n,16) || \ (C##n && memcmp(out,C##n,sizeof(out)))) \ ret++, printf ("encrypt test#%d failed.\n",n);\ CRYPTO_gcm128_setiv(&ctx,IV##n,sizeof(IV##n)); \ if (A##n) CRYPTO_gcm128_aad(&ctx,A##n,sizeof(A##n)); \ if (C##n) CRYPTO_gcm128_decrypt(&ctx,C##n,out,sizeof(out)); \ CRYPTO_gcm128_finish(&ctx); \ if (memcmp(ctx.Xi.c,T##n,16) || (P##n && memcmp(out,P##n,sizeof(out)))) \ if (CRYPTO_gcm128_finish(&ctx,T##n,16) || \ (P##n && memcmp(out,P##n,sizeof(out)))) \ ret++, printf ("decrypt test#%d failed.\n",n); \ } while(0) Loading crypto/modes/modes.h +10 −8 Original line number Diff line number Diff line Loading @@ -82,7 +82,7 @@ size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out, typedef struct gcm128_context GCM128_CONTEXT; void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block); GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block); void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv, size_t len); void CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad, Loading @@ -93,4 +93,6 @@ void CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, void CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, const unsigned char *in, unsigned char *out, size_t len); void CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx); int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx,const unsigned char *tag, size_t len); void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx); Loading
apps/speed.c +28 −2 Original line number Diff line number Diff line Loading @@ -183,6 +183,7 @@ #ifndef OPENSSL_NO_ECDH #include <openssl/ecdh.h> #endif #include <openssl/modes.h> #ifndef HAVE_FORK # if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_NETWARE) Loading Loading @@ -214,7 +215,7 @@ static void print_result(int alg,int run_no,int count,double time_used); static int do_multi(int multi); #endif #define ALGOR_NUM 29 #define ALGOR_NUM 30 #define SIZE_NUM 5 #define RSA_NUM 4 #define DSA_NUM 3 Loading @@ -229,7 +230,7 @@ static const char *names[ALGOR_NUM]={ "aes-128 cbc","aes-192 cbc","aes-256 cbc", "camellia-128 cbc","camellia-192 cbc","camellia-256 cbc", "evp","sha256","sha512","whirlpool", "aes-128 ige","aes-192 ige","aes-256 ige"}; "aes-128 ige","aes-192 ige","aes-256 ige","ghash" }; static double results[ALGOR_NUM][SIZE_NUM]; static int lengths[SIZE_NUM]={16,64,256,1024,8*1024}; #ifndef OPENSSL_NO_RSA Loading Loading @@ -479,6 +480,7 @@ int MAIN(int argc, char **argv) #define D_IGE_128_AES 26 #define D_IGE_192_AES 27 #define D_IGE_256_AES 28 #define D_GHASH 29 double d=0.0; long c[ALGOR_NUM][SIZE_NUM]; #define R_DSA_512 0 Loading Loading @@ -904,6 +906,10 @@ int MAIN(int argc, char **argv) doit[D_CBC_192_AES]=1; doit[D_CBC_256_AES]=1; } else if (strcmp(*argv,"ghash") == 0) { doit[D_GHASH]=1; } else #endif #ifndef OPENSSL_NO_CAMELLIA Loading Loading @@ -1273,6 +1279,7 @@ int MAIN(int argc, char **argv) c[D_IGE_128_AES][0]=count; c[D_IGE_192_AES][0]=count; c[D_IGE_256_AES][0]=count; c[D_GHASH][0]=count; for (i=1; i<SIZE_NUM; i++) { Loading Loading @@ -1566,7 +1573,11 @@ int MAIN(int argc, char **argv) print_message(names[D_SHA1],c[D_SHA1][j],lengths[j]); Time_F(START); for (count=0,run=1; COND(c[D_SHA1][j]); count++) #if 0 EVP_Digest(buf,(unsigned long)lengths[j],&(sha[0]),NULL,EVP_sha1(),NULL); #else SHA1(buf,lengths[j],sha); #endif d=Time_F(STOP); print_result(D_SHA1,j,count,d); } Loading Loading @@ -1763,7 +1774,22 @@ int MAIN(int argc, char **argv) print_result(D_IGE_256_AES,j,count,d); } } if (doit[D_GHASH]) { GCM128_CONTEXT *ctx = CRYPTO_gcm128_new(&aes_ks1,(block128_f)AES_encrypt); CRYPTO_gcm128_setiv (ctx,"0123456789ab",12); for (j=0; j<SIZE_NUM; j++) { print_message(names[D_GHASH],c[D_GHASH][j],lengths[j]); Time_F(START); for (count=0,run=1; COND(c[D_GHASH][j]); count++) CRYPTO_gcm128_aad(ctx,buf,lengths[j]); d=Time_F(STOP); print_result(D_GHASH,j,count,d); } CRYPTO_gcm128_release(ctx); } #endif #ifndef OPENSSL_NO_CAMELLIA Loading
crypto/modes/gcm128.c +36 −29 Original line number Diff line number Diff line Loading @@ -47,6 +47,7 @@ * ==================================================================== */ #include "crypto.h" #include "modes_lcl.h" #include <string.h> Loading Loading @@ -458,8 +459,8 @@ static void gcm_ghash_4bit(u64 Xi[2],const u128 Htable[16], /* * Extra 256+16 bytes per-key plus 512 bytes shared tables * [should] give ~50% improvement... One could have PACK()-ed * the rem_8bit even here, but priority is to minimize memory * usage... * the rem_8bit even here, but the priority is to minimize * cache footprint... */ u128 Hshr4[16]; /* Htable shifted right by 4 bits */ u8 Hshl4[16]; /* Htable shifted left by 4 bits */ Loading Loading @@ -496,7 +497,6 @@ static void gcm_ghash_4bit(u64 Xi[2],const u128 Htable[16], 0xA7D0, 0xA612, 0xA454, 0xA596, 0xA0D8, 0xA11A, 0xA35C, 0xA29E, 0xB5E0, 0xB422, 0xB664, 0xB7A6, 0xB2E8, 0xB32A, 0xB16C, 0xB0AE, 0xBBF0, 0xBA32, 0xB874, 0xB9B6, 0xBCF8, 0xBD3A, 0xBF7C, 0xBEBE }; /* * This pre-processing phase slows down procedure by approximately * same time as it makes each loop spin faster. In other words Loading @@ -512,24 +512,7 @@ static void gcm_ghash_4bit(u64 Xi[2],const u128 Htable[16], } do { nlo = ((const u8 *)Xi)[15]; nlo ^= inp[15]; nhi = nlo>>4; nlo &= 0xf; Z.hi = Htable[nlo].hi; Z.lo = Htable[nlo].lo; rem = (size_t)Z.lo&0xff; Z.lo = (Z.hi<<56)|(Z.lo>>8); Z.hi = (Z.hi>>8); Z.hi ^= Hshr4[nhi].hi; Z.lo ^= Hshr4[nhi].lo; Z.hi ^= (u64)rem_8bit[rem^Hshl4[nhi]]<<48; for (cnt=14; cnt>0; --cnt) { for (Z.lo=0, Z.hi=0, cnt=15; cnt; --cnt) { nlo = ((const u8 *)Xi)[cnt]; nlo ^= inp[cnt]; nhi = nlo>>4; Loading Loading @@ -733,7 +716,7 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx,void *key,block128_f block) #if TABLE_BITS==8 gcm_init_8bit(ctx->Htable,ctx->H.u); #elif TABLE_BITS==4 # if defined(GHASH_ASM_IAX) # if defined(GHASH_ASM_IAX) /* both x86 and x86_64 */ if (OPENSSL_ia32cap_P[1]&(1<<1)) { gcm_init_clmul(ctx->Htable,ctx->H.u); ctx->gmult = gcm_gmult_clmul; Loading @@ -741,7 +724,7 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx,void *key,block128_f block) return; } gcm_init_4bit(ctx->Htable,ctx->H.u); # if defined(GHASH_ASM_X86) # if defined(GHASH_ASM_X86) /* x86 only */ if (OPENSSL_ia32cap_P[0]&(1<<23)) { ctx->gmult = gcm_gmult_4bit_mmx; ctx->ghash = gcm_ghash_4bit_mmx; Loading Loading @@ -1109,7 +1092,8 @@ void CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, ctx->res = n; } void CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx) int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx,const unsigned char *tag, size_t len) { const union { long one; char little; } is_endian = {1}; u64 alen = ctx->len.u[0]<<3; Loading Loading @@ -1139,6 +1123,29 @@ void CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx) ctx->Xi.u[0] ^= ctx->EK0.u[0]; ctx->Xi.u[1] ^= ctx->EK0.u[1]; if (tag && len<=sizeof(ctx->Xi)) return memcmp(ctx->Xi.c,tag,len); else return -1; } GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block) { GCM128_CONTEXT *ret; if ((ret = (GCM128_CONTEXT *)OPENSSL_malloc(sizeof(GCM128_CONTEXT)))) CRYPTO_gcm128_init(ret,key,block); return ret; } void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx) { if (ctx) { OPENSSL_cleanse(ctx,sizeof(*ctx)); OPENSSL_free(ctx); } } #if defined(SELFTEST) Loading Loading @@ -1365,14 +1372,14 @@ static const u8 IV18[]={0x93,0x13,0x22,0x5d,0xf8,0x84,0x06,0xe5,0x55,0x90,0x9c,0 CRYPTO_gcm128_setiv(&ctx,IV##n,sizeof(IV##n)); \ if (A##n) CRYPTO_gcm128_aad(&ctx,A##n,sizeof(A##n)); \ if (P##n) CRYPTO_gcm128_encrypt(&ctx,P##n,out,sizeof(out)); \ CRYPTO_gcm128_finish(&ctx); \ if (memcmp(ctx.Xi.c,T##n,16) || (C##n && memcmp(out,C##n,sizeof(out)))) \ if (CRYPTO_gcm128_finish(&ctx,T##n,16) || \ (C##n && memcmp(out,C##n,sizeof(out)))) \ ret++, printf ("encrypt test#%d failed.\n",n);\ CRYPTO_gcm128_setiv(&ctx,IV##n,sizeof(IV##n)); \ if (A##n) CRYPTO_gcm128_aad(&ctx,A##n,sizeof(A##n)); \ if (C##n) CRYPTO_gcm128_decrypt(&ctx,C##n,out,sizeof(out)); \ CRYPTO_gcm128_finish(&ctx); \ if (memcmp(ctx.Xi.c,T##n,16) || (P##n && memcmp(out,P##n,sizeof(out)))) \ if (CRYPTO_gcm128_finish(&ctx,T##n,16) || \ (P##n && memcmp(out,P##n,sizeof(out)))) \ ret++, printf ("decrypt test#%d failed.\n",n); \ } while(0) Loading
crypto/modes/modes.h +10 −8 Original line number Diff line number Diff line Loading @@ -82,7 +82,7 @@ size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out, typedef struct gcm128_context GCM128_CONTEXT; void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block); GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block); void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv, size_t len); void CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad, Loading @@ -93,4 +93,6 @@ void CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, void CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, const unsigned char *in, unsigned char *out, size_t len); void CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx); int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx,const unsigned char *tag, size_t len); void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx);
