Commit 2707d5a8 authored by Niels Möller's avatar Niels Möller
Browse files

Merge branch 'openssl-bench-update'

parents f1a07b86 d78c3266
......@@ -13,6 +13,25 @@
* ecc-mod-inv.c (ecc_mod_inv): Add missing assert. Fixes a
"dead increment" warning from the clang static analyzer.
2017-08-26 Niels Möller <nisse@lysator.liu.se>
* examples/nettle-openssl.c (struct openssl_cipher_ctx): New
struct. Use everywhere, instead of typing EVP_CIPHER_CTX pointers
directly.
* configure.ac: Update openssl-related tests. Checks for
cipher-specific headers are replaced by a check for openssl/evp.h,
and the check for the BF_ecb_encrypt function is replaced by a
check for EVP_CIPHER_CTX_new.
2017-08-03 Daniel P. Berrange <berrange@redhat.com>
* examples/nettle-openssl.c: Rewritten to use openssl's EVP APIs.
The older cipher-specific functions always use openssl's generic
software implementation, while the EVP functions enables
platform-specific code, e.g., using the x86 AES-NI instructions.
(nettle_openssl_init): New function.
2017-07-18 Niels Möller <nisse@lysator.liu.se>
* ecc-add-eh.c (ecc_add_eh): Fix in-place operation by reordering
......
......@@ -185,7 +185,7 @@ AC_HEADER_TIME
AC_CHECK_SIZEOF(long)
AC_CHECK_SIZEOF(size_t)
AC_CHECK_HEADERS([openssl/blowfish.h openssl/des.h openssl/cast.h openssl/aes.h openssl/ecdsa.h],,
AC_CHECK_HEADERS([openssl/evp.h openssl/ecdsa.h],,
[enable_openssl=no
break])
......@@ -885,7 +885,7 @@ OPENSSL_LIBFLAGS=''
# Check for openssl's libcrypto (used only for benchmarking)
if test x$enable_openssl = xyes ; then
AC_CHECK_LIB(crypto, BF_ecb_encrypt,
AC_CHECK_LIB(crypto, EVP_CIPHER_CTX_new,
[OPENSSL_LIBFLAGS='-lcrypto'],
[enable_openssl=no])
fi
......
......@@ -723,6 +723,10 @@ main(int argc, char **argv)
int c;
const char *alg;
#if WITH_OPENSSL
nettle_openssl_init();
#endif
const struct nettle_hash *hashes[] =
{
&nettle_md2, &nettle_md4, &nettle_md5,
......
......@@ -2,7 +2,8 @@
Glue that's used only by the benchmark, and subject to change.
Copyright (C) 2002 Niels Möller
Copyright (C) 2002, 2017 Niels Möller
Copyright (C) 2017 Red Hat, Inc.
This file is part of GNU Nettle.
......@@ -45,17 +46,69 @@
#include <assert.h>
#include <openssl/aes.h>
#include <openssl/blowfish.h>
#include <openssl/des.h>
#include <openssl/cast.h>
#include <openssl/rc4.h>
#include <openssl/conf.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/md5.h>
#include <openssl/sha.h>
#include "nettle-internal.h"
/* We use Openssl's EVP api for all openssl ciphers. This API selects
platform-specific implementations if appropriate, e.g., using x86
AES-NI instructions. */
struct openssl_cipher_ctx {
EVP_CIPHER_CTX *evp;
};
void
nettle_openssl_init(void)
{
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
#if OPENSSL_VERSION_NUMBER >= 0x1010000
CONF_modules_load_file(NULL, NULL, 0);
#else
OPENSSL_config(NULL);
#endif
}
static void
openssl_evp_set_encrypt_key(void *p, const uint8_t *key,
const EVP_CIPHER *cipher)
{
struct openssl_cipher_ctx *ctx = p;
ctx->evp = EVP_CIPHER_CTX_new();
assert(EVP_EncryptInit_ex(ctx->evp, cipher, NULL, key, NULL) == 1);
EVP_CIPHER_CTX_set_padding(ctx->evp, 0);
}
static void
openssl_evp_set_decrypt_key(void *p, const uint8_t *key,
const EVP_CIPHER *cipher)
{
struct openssl_cipher_ctx *ctx = p;
ctx->evp = EVP_CIPHER_CTX_new();
assert(EVP_DecryptInit_ex(ctx->evp, cipher, NULL, key, NULL) == 1);
EVP_CIPHER_CTX_set_padding(ctx->evp, 0);
}
static void
openssl_evp_encrypt(const void *p, size_t length,
uint8_t *dst, const uint8_t *src)
{
const struct openssl_cipher_ctx *ctx = p;
int len;
assert(EVP_EncryptUpdate(ctx->evp, dst, &len, src, length) == 1);
}
static void
openssl_evp_decrypt(const void *p, size_t length,
uint8_t *dst, const uint8_t *src)
{
const struct openssl_cipher_ctx *ctx = p;
int len;
assert(EVP_DecryptUpdate(ctx->evp, dst, &len, src, length) == 1);
}
/* AES */
static nettle_set_key_func openssl_aes128_set_encrypt_key;
......@@ -64,273 +117,152 @@ static nettle_set_key_func openssl_aes192_set_encrypt_key;
static nettle_set_key_func openssl_aes192_set_decrypt_key;
static nettle_set_key_func openssl_aes256_set_encrypt_key;
static nettle_set_key_func openssl_aes256_set_decrypt_key;
static void
openssl_aes128_set_encrypt_key(void *ctx, const uint8_t *key)
{
AES_set_encrypt_key(key, 128, ctx);
openssl_evp_set_encrypt_key(ctx, key, EVP_aes_128_ecb());
}
static void
openssl_aes128_set_decrypt_key(void *ctx, const uint8_t *key)
{
AES_set_decrypt_key(key, 128, ctx);
openssl_evp_set_decrypt_key(ctx, key, EVP_aes_128_ecb());
}
static void
openssl_aes192_set_encrypt_key(void *ctx, const uint8_t *key)
{
AES_set_encrypt_key(key, 192, ctx);
openssl_evp_set_encrypt_key(ctx, key, EVP_aes_192_ecb());
}
static void
openssl_aes192_set_decrypt_key(void *ctx, const uint8_t *key)
{
AES_set_decrypt_key(key, 192, ctx);
openssl_evp_set_decrypt_key(ctx, key, EVP_aes_192_ecb());
}
static void
openssl_aes256_set_encrypt_key(void *ctx, const uint8_t *key)
{
AES_set_encrypt_key(key, 256, ctx);
openssl_evp_set_encrypt_key(ctx, key, EVP_aes_256_ecb());
}
static void
openssl_aes256_set_decrypt_key(void *ctx, const uint8_t *key)
{
AES_set_decrypt_key(key, 256, ctx);
}
static nettle_cipher_func openssl_aes_encrypt;
static void
openssl_aes_encrypt(const void *ctx, size_t length,
uint8_t *dst, const uint8_t *src)
{
assert (!(length % AES_BLOCK_SIZE));
while (length)
{
AES_ecb_encrypt(src, dst, ctx, AES_ENCRYPT);
length -= AES_BLOCK_SIZE;
dst += AES_BLOCK_SIZE;
src += AES_BLOCK_SIZE;
}
}
static nettle_cipher_func openssl_aes_decrypt;
static void
openssl_aes_decrypt(const void *ctx, size_t length,
uint8_t *dst, const uint8_t *src)
{
assert (!(length % AES_BLOCK_SIZE));
while (length)
{
AES_ecb_encrypt(src, dst, ctx, AES_DECRYPT);
length -= AES_BLOCK_SIZE;
dst += AES_BLOCK_SIZE;
src += AES_BLOCK_SIZE;
}
openssl_evp_set_decrypt_key(ctx, key, EVP_aes_256_ecb());
}
const struct nettle_cipher
nettle_openssl_aes128 = {
"openssl aes128", sizeof(AES_KEY),
"openssl aes128", sizeof(struct openssl_cipher_ctx),
16, 16,
openssl_aes128_set_encrypt_key, openssl_aes128_set_decrypt_key,
openssl_aes_encrypt, openssl_aes_decrypt
openssl_evp_encrypt, openssl_evp_decrypt
};
const struct nettle_cipher
nettle_openssl_aes192 = {
"openssl aes192", sizeof(AES_KEY),
/* Claim no block size, so that the benchmark doesn't try CBC mode
* (as openssl cipher + nettle cbc is somewhat pointless to
* benchmark). */
"openssl aes192", sizeof(struct openssl_cipher_ctx),
16, 24,
openssl_aes192_set_encrypt_key, openssl_aes192_set_decrypt_key,
openssl_aes_encrypt, openssl_aes_decrypt
openssl_evp_encrypt, openssl_evp_decrypt
};
const struct nettle_cipher
nettle_openssl_aes256 = {
"openssl aes256", sizeof(AES_KEY),
/* Claim no block size, so that the benchmark doesn't try CBC mode
* (as openssl cipher + nettle cbc is somewhat pointless to
* benchmark). */
"openssl aes256", sizeof(struct openssl_cipher_ctx),
16, 32,
openssl_aes256_set_encrypt_key, openssl_aes256_set_decrypt_key,
openssl_aes_encrypt, openssl_aes_decrypt
openssl_evp_encrypt, openssl_evp_decrypt
};
/* Arcfour */
static nettle_set_key_func openssl_arcfour128_set_key;
static void
openssl_arcfour128_set_key(void *ctx, const uint8_t *key)
openssl_arcfour128_set_encrypt_key(void *ctx, const uint8_t *key)
{
RC4_set_key(ctx, 16, key);
openssl_evp_set_encrypt_key(ctx, key, EVP_rc4());
}
static nettle_crypt_func openssl_arcfour_crypt;
static void
openssl_arcfour_crypt(void *ctx, size_t length,
uint8_t *dst, const uint8_t *src)
openssl_arcfour128_set_decrypt_key(void *ctx, const uint8_t *key)
{
RC4(ctx, length, src, dst);
openssl_evp_set_decrypt_key(ctx, key, EVP_rc4());
}
const struct nettle_aead
nettle_openssl_arcfour128 = {
"openssl arcfour128", sizeof(RC4_KEY),
"openssl arcfour128", sizeof(struct openssl_cipher_ctx),
1, 16, 0, 0,
openssl_arcfour128_set_key,
openssl_arcfour128_set_key,
openssl_arcfour128_set_encrypt_key,
openssl_arcfour128_set_decrypt_key,
NULL, NULL,
openssl_arcfour_crypt,
openssl_arcfour_crypt,
(nettle_crypt_func *)openssl_evp_encrypt,
(nettle_crypt_func *)openssl_evp_decrypt,
NULL,
};
/* Blowfish */
static nettle_set_key_func openssl_bf128_set_key;
static void
openssl_bf128_set_key(void *ctx, const uint8_t *key)
openssl_bf128_set_encrypt_key(void *ctx, const uint8_t *key)
{
BF_set_key(ctx, 16, key);
openssl_evp_set_encrypt_key(ctx, key, EVP_bf_ecb());
}
static nettle_cipher_func openssl_bf_encrypt;
static void
openssl_bf_encrypt(const void *ctx, size_t length,
uint8_t *dst, const uint8_t *src)
openssl_bf128_set_decrypt_key(void *ctx, const uint8_t *key)
{
assert (!(length % BF_BLOCK));
while (length)
{
BF_ecb_encrypt(src, dst, ctx, BF_ENCRYPT);
length -= BF_BLOCK;
dst += BF_BLOCK;
src += BF_BLOCK;
}
}
static nettle_cipher_func openssl_bf_decrypt;
static void
openssl_bf_decrypt(const void *ctx, size_t length,
uint8_t *dst, const uint8_t *src)
{
assert (!(length % BF_BLOCK));
while (length)
{
BF_ecb_encrypt(src, dst, ctx, BF_DECRYPT);
length -= BF_BLOCK;
dst += BF_BLOCK;
src += BF_BLOCK;
}
openssl_evp_set_decrypt_key(ctx, key, EVP_bf_ecb());
}
const struct nettle_cipher
nettle_openssl_blowfish128 = {
"openssl bf128", sizeof(BF_KEY),
"openssl bf128", sizeof(struct openssl_cipher_ctx),
8, 16,
openssl_bf128_set_key, openssl_bf128_set_key,
openssl_bf_encrypt, openssl_bf_decrypt
openssl_bf128_set_encrypt_key, openssl_bf128_set_decrypt_key,
openssl_evp_encrypt, openssl_evp_decrypt
};
/* DES */
static nettle_set_key_func openssl_des_set_key;
static void
openssl_des_set_key(void *ctx, const uint8_t *key)
{
/* Not sure what "unchecked" means. We want to ignore parity bits,
but it would still make sense to check for weak keys. */
/* Explicit cast used as I don't want to care about openssl's broken
array typedefs DES_cblock and const_DES_cblock. */
DES_set_key_unchecked( (void *) key, ctx);
}
#define DES_BLOCK_SIZE 8
static nettle_cipher_func openssl_des_encrypt;
static void
openssl_des_encrypt(const void *ctx, size_t length,
uint8_t *dst, const uint8_t *src)
openssl_des_set_encrypt_key(void *ctx, const uint8_t *key)
{
assert (!(length % DES_BLOCK_SIZE));
while (length)
{
DES_ecb_encrypt((void *) src, (void *) dst,
(void *) ctx, DES_ENCRYPT);
length -= DES_BLOCK_SIZE;
dst += DES_BLOCK_SIZE;
src += DES_BLOCK_SIZE;
}
openssl_evp_set_encrypt_key(ctx, key, EVP_des_ecb());
}
static nettle_cipher_func openssl_des_decrypt;
static void
openssl_des_decrypt(const void *ctx, size_t length,
uint8_t *dst, const uint8_t *src)
openssl_des_set_decrypt_key(void *ctx, const uint8_t *key)
{
assert (!(length % DES_BLOCK_SIZE));
while (length)
{
DES_ecb_encrypt((void *) src, (void *) dst,
(void *) ctx, DES_DECRYPT);
length -= DES_BLOCK_SIZE;
dst += DES_BLOCK_SIZE;
src += DES_BLOCK_SIZE;
}
openssl_evp_set_decrypt_key(ctx, key, EVP_des_ecb());
}
const struct nettle_cipher
nettle_openssl_des = {
"openssl des", sizeof(DES_key_schedule),
"openssl des", sizeof(struct openssl_cipher_ctx),
8, 8,
openssl_des_set_key, openssl_des_set_key,
openssl_des_encrypt, openssl_des_decrypt
openssl_des_set_encrypt_key, openssl_des_set_decrypt_key,
openssl_evp_encrypt, openssl_evp_decrypt
};
/* Cast128 */
static nettle_set_key_func openssl_cast128_set_key;
static void
openssl_cast128_set_key(void *ctx, const uint8_t *key)
openssl_cast128_set_encrypt_key(void *ctx, const uint8_t *key)
{
CAST_set_key(ctx, 16, key);
openssl_evp_set_encrypt_key(ctx, key, EVP_cast5_ecb());
}
static nettle_cipher_func openssl_cast_encrypt;
static void
openssl_cast_encrypt(const void *ctx, size_t length,
uint8_t *dst, const uint8_t *src)
openssl_cast128_set_decrypt_key(void *ctx, const uint8_t *key)
{
assert (!(length % CAST_BLOCK));
while (length)
{
CAST_ecb_encrypt(src, dst, ctx, CAST_ENCRYPT);
length -= CAST_BLOCK;
dst += CAST_BLOCK;
src += CAST_BLOCK;
}
}
static nettle_cipher_func openssl_cast_decrypt;
static void
openssl_cast_decrypt(const void *ctx, size_t length,
uint8_t *dst, const uint8_t *src)
{
assert (!(length % CAST_BLOCK));
while (length)
{
CAST_ecb_encrypt(src, dst, ctx, CAST_DECRYPT);
length -= CAST_BLOCK;
dst += CAST_BLOCK;
src += CAST_BLOCK;
}
openssl_evp_set_decrypt_key(ctx, key, EVP_cast5_ecb());
}
const struct nettle_cipher
nettle_openssl_cast128 = {
"openssl cast128", sizeof(CAST_KEY),
8, CAST_KEY_LENGTH,
openssl_cast128_set_key, openssl_cast128_set_key,
openssl_cast_encrypt, openssl_cast_decrypt
"openssl cast128", sizeof(struct openssl_cipher_ctx),
8, 16,
openssl_cast128_set_encrypt_key, openssl_cast128_set_decrypt_key,
openssl_evp_encrypt, openssl_evp_decrypt
};
/* Hash functions */
......
......@@ -79,6 +79,7 @@ extern const struct nettle_aead nettle_salsa20r12;
/* Glue to openssl, for comparative benchmarking. Code in
* examples/nettle-openssl.c. */
extern void nettle_openssl_init(void);
extern const struct nettle_cipher nettle_openssl_aes128;
extern const struct nettle_cipher nettle_openssl_aes192;
extern const struct nettle_cipher nettle_openssl_aes256;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment