From 4c1b5472ccb2ba4d8016c6d6b8b2f8fad3088732 Mon Sep 17 00:00:00 2001 From: Jeffrey Walton Date: Fri, 30 Sep 2016 01:09:21 -0400 Subject: [PATCH] Cutover to SecByteBlock member for AES (Issue 302, CVE-2016-7544) --- benchmarks-alloca.html | 218 +++++++++++++++++++++++++++++++++++ benchmarks-byteblock.html | 218 +++++++++++++++++++++++++++++++++++ benchmarks-native.html | 216 ++++++++++++++++++++++++++++++++++ benchmarks-secbyteblock.html | 218 +++++++++++++++++++++++++++++++++++ config.h | 9 +- integer.cpp | 196 ++++++++++++++++++------------- rijndael.cpp | 76 +++++++----- rijndael.h | 6 + stdcpp.h | 6 +- 9 files changed, 1045 insertions(+), 118 deletions(-) create mode 100644 benchmarks-alloca.html create mode 100644 benchmarks-byteblock.html create mode 100644 benchmarks-native.html create mode 100644 benchmarks-secbyteblock.html diff --git a/benchmarks-alloca.html b/benchmarks-alloca.html new file mode 100644 index 00000000..bc542f4c --- /dev/null +++ b/benchmarks-alloca.html @@ -0,0 +1,218 @@ + + + +Speed Comparison of Popular Crypto Algorithms + + +

Crypto++ 5.6.5 Benchmarks

+

Here are speed benchmarks for some commonly used cryptographic algorithms.

+CPU frequency of the test platform is 1.81899e+09 Hz. ++ + + + + +
AlgorithmMiB/SecondCycles Per ByteMicroseconds to
Setup Key and IV		Cycles to
Setup Key and IV + +
AES/GCM (2K tables)2178.00.7961448 +
AES/GCM (64K tables)2347.43.7266778 +
AES/CCM (128-bit key)12613.80.300545 +
AES/EAX (128-bit key)12513.80.6401164 +
GMAC(AES) (2K tables)8442.10.7951446 +
GMAC(AES) (64K tables)12321.43.7526825 +
VMAC(AES)-64 (128-bit key)79550.21.2102201 +
VMAC(AES)-128 (128-bit key)42230.41.4622659 +
HMAC(SHA-1) (128-bit key)2726.40.242440 +
Two-Track-MAC (160-bit key)2148.10.01426 +
CMAC(AES) (128-bit key)2217.90.230418 +
DMAC(AES) (128-bit key)2227.80.6001091 +
BLAKE2s (256-bit key)5703.00.225409 +
BLAKE2b (512-bit key)7582.30.263478 +
CRC324354.0 +
CRC32C42300.4 +
Adler3213151.3 +
MD55293.3 +
SHA-12736.4 +
SHA-2561869.3 +
SHA-5122357.4 +
Keccak-22415711.0 +
Keccak-25614811.7 +
Keccak-38411415.3 +
Keccak-5127822.1 +
SHA3-22415711.0 +
SHA3-25614911.7 +
SHA3-38411415.3 +
SHA3-5127922.0 +
Tiger4354.0 +
Whirlpool13512.9 +
RIPEMD-1602158.1 +
RIPEMD-3202327.5 +
RIPEMD-1283185.5 +
RIPEMD-2563445.0 +
BLAKE2s5483.2 +
BLAKE2b7572.3 +
Panama-LE (256-bit key)15241.10.7691399 +
Panama-BE (256-bit key)6802.61.4432625 +
Salsa20 (256-bit key)2108.30.137249 +
Salsa20/123355.20.164298 +
Salsa20/84743.70.164298 +
ChaCha20 (256-bit key)3275.30.089162 +
ChaCha12 (256-bit key)5123.40.088160 +
ChaCha8 (256-bit key)7262.40.090163 +
Sosemanuk (128-bit key)12661.40.458833 +
MARC4 (128-bit key)3934.41.4492636 +
SEAL-3.0-LE (160-bit key)6322.738.47069976 +
WAKE-OFB-LE (256-bit key)3325.21.7563194 +
AES/CTR (128-bit key)2856.10.243442 +
AES/CTR (192-bit key)2357.40.242440 +
AES/CTR (256-bit key)2008.70.256466 +
AES/CBC (128-bit key)2217.80.184334 +
AES/CBC (192-bit key)1899.20.186338 +
AES/CBC (256-bit key)16510.50.201366 +
AES/OFB (128-bit key)2138.10.231421 +
AES/CFB (128-bit key)2197.90.342622 +
AES/ECB (128-bit key)2317.50.092167 +
Camellia/CTR (128-bit key)11714.90.224408 +
Camellia/CTR (256-bit key)9218.90.249454 +
Twofish/CTR (128-bit key)14611.92.5424623 +
Serpent/CTR (128-bit key)7124.60.511930 +
CAST-256/CTR (128-bit key)7323.81.2522278 +
RC6/CTR (128-bit key)11914.52.0083653 +
MARS/CTR (128-bit key)8520.51.5012730 +
SHACAL-2/CTR (128-bit key)11415.20.305555 +
SHACAL-2/CTR (512-bit key)11415.20.314571 +
DES/CTR (64-bit key)6128.52.7585016 +
DES-XEX3/CTR (192-bit key)5730.42.8275143 +
DES-EDE3/CTR (192-bit key)2473.211.65421198 +
IDEA/CTR (128-bit key)7124.50.255464 +
RC5 (r=16)10516.51.6122933 +
Blowfish/CTR (128-bit key)10516.536.79966936 +
TEA/CTR (128-bit key)5829.80.204371 +
XTEA/CTR (128-bit key)5830.00.204372 +
CAST-128/CTR (128-bit key)8320.80.336612 +
SKIPJACK/CTR (80-bit key)3549.31.8353338 +
SEED/CTR (1/2 K table)5432.20.278505
++ + + + + + + + +
OperationMilliseconds/OperationMegacycles/Operation + +
RSA 1024 Encryption0.020.04 +
RSA 1024 Decryption0.340.63 +
LUC 1024 Encryption0.020.04 +
LUC 1024 Decryption0.561.02 +
DLIES 1024 Encryption0.230.42 +
DLIES 1024 Encryption with precomputation0.420.77 +
DLIES 1024 Decryption0.330.61 +
LUCELG 512 Encryption0.150.27 +
LUCELG 512 Encryption with precomputation0.140.26 +
LUCELG 512 Decryption0.160.29 +
RSA 2048 Encryption0.040.07 +
RSA 2048 Decryption1.562.83 +
LUC 2048 Encryption0.050.08 +
LUC 2048 Decryption2.604.73 +
DLIES 2048 Encryption1.112.01 +
DLIES 2048 Encryption with precomputation1.272.30 +
DLIES 2048 Decryption1.071.94 +
LUCELG 1024 Encryption0.510.93 +
LUCELG 1024 Encryption with precomputation0.510.93 +
LUCELG 1024 Decryption0.470.85 +
RSA 1024 Signature0.340.63 +
RSA 1024 Verification0.020.04 +
RW 1024 Signature0.370.67 +
RW 1024 Signature with precomputation0.370.67 +
RW 1024 Verification0.010.02 +
LUC 1024 Signature0.571.04 +
LUC 1024 Verification0.020.04 +
NR 1024 Signature0.120.22 +
NR 1024 Signature with precomputation0.120.21 +
NR 1024 Verification0.130.24 +
NR 1024 Verification with precomputation0.180.33 +
DSA 1024 Signature0.120.23 +
DSA 1024 Signature with precomputation0.120.22 +
DSA 1024 Verification0.140.25 +
DSA 1024 Verification with precomputation0.190.34 +
LUC-HMP 512 Signature0.140.25 +
LUC-HMP 512 Signature with precomputation0.140.25 +
LUC-HMP 512 Verification0.140.25 +
LUC-HMP 512 Verification with precomputation0.140.25 +
ESIGN 1023 Signature0.060.10 +
ESIGN 1023 Verification0.020.03 +
ESIGN 1536 Signature0.090.17 +
ESIGN 1536 Verification0.030.06 +
RSA 2048 Signature1.552.81 +
RSA 2048 Verification0.040.07 +
RW 2048 Signature1.602.91 +
RW 2048 Signature with precomputation1.602.91 +
RW 2048 Verification0.020.04 +
LUC 2048 Signature2.574.67 +
LUC 2048 Verification0.050.08 +
NR 2048 Signature0.551.01 +
NR 2048 Signature with precomputation0.270.50 +
NR 2048 Verification0.621.14 +
NR 2048 Verification with precomputation0.430.78 +
LUC-HMP 1024 Signature0.500.90 +
LUC-HMP 1024 Signature with precomputation0.490.90 +
LUC-HMP 1024 Verification0.500.91 +
LUC-HMP 1024 Verification with precomputation0.510.93 +
ESIGN 2046 Signature0.120.21 +
ESIGN 2046 Verification0.040.07 +
XTR-DH 171 Key-Pair Generation0.170.31 +
XTR-DH 171 Key Agreement0.330.60 +
XTR-DH 342 Key-Pair Generation0.430.79 +
XTR-DH 342 Key Agreement0.851.54 +
DH 1024 Key-Pair Generation0.120.21 +
DH 1024 Key-Pair Generation with precomputation0.210.39 +
DH 1024 Key Agreement0.300.54 +
DH 2048 Key-Pair Generation0.561.02 +
DH 2048 Key-Pair Generation with precomputation0.631.15 +
DH 2048 Key Agreement1.021.86 +
LUCDIF 512 Key-Pair Generation0.070.13 +
LUCDIF 512 Key-Pair Generation with precomputation0.070.13 +
LUCDIF 512 Key Agreement0.150.27 +
LUCDIF 1024 Key-Pair Generation0.250.46 +
LUCDIF 1024 Key-Pair Generation with precomputation0.260.47 +
LUCDIF 1024 Key Agreement0.430.78 +
MQV 1024 Key-Pair Generation0.110.20 +
MQV 1024 Key-Pair Generation with precomputation0.120.21 +
MQV 1024 Key Agreement0.220.41 +
MQV 2048 Key-Pair Generation0.540.98 +
MQV 2048 Key-Pair Generation with precomputation0.270.49 +
MQV 2048 Key Agreement1.001.81 +
ECIES over GF(p) 256 Encryption1.402.55 +
ECIES over GF(p) 256 Encryption with precomputation1.192.17 +
ECIES over GF(p) 256 Decryption1.011.83 +
ECDSA over GF(p) 256 Signature0.721.30 +
ECDSA over GF(p) 256 Signature with precomputation0.611.12 +
ECDSA over GF(p) 256 Verification2.494.52 +
ECDSA over GF(p) 256 Verification with precomputation1.011.84 +
ECDHC over GF(p) 256 Key-Pair Generation0.731.32 +
ECDHC over GF(p) 256 Key-Pair Generation with precomputation0.621.12 +
ECDHC over GF(p) 256 Key Agreement0.691.26 +
ECMQVC over GF(p) 256 Key-Pair Generation0.711.29 +
ECMQVC over GF(p) 256 Key-Pair Generation with precomputation0.611.11 +
ECMQVC over GF(p) 256 Key Agreement2.534.60
ECIES over GF(2^n) 233 Encryption7.7014.00 +
ECIES over GF(2^n) 233 Encryption with precomputation2.123.86 +
ECIES over GF(2^n) 233 Decryption4.397.98 +
ECDSA over GF(2^n) 233 Signature3.877.04 +
ECDSA over GF(2^n) 233 Signature with precomputation1.081.97 +
ECDSA over GF(2^n) 233 Verification4.838.78 +
ECDSA over GF(2^n) 233 Verification with precomputation1.773.21 +
ECDHC over GF(2^n) 233 Key-Pair Generation3.937.14 +
ECDHC over GF(2^n) 233 Key-Pair Generation with precomputation1.091.98 +
ECDHC over GF(2^n) 233 Key Agreement4.077.40 +
ECMQVC over GF(2^n) 233 Key-Pair Generation3.887.06 +
ECMQVC over GF(2^n) 233 Key-Pair Generation with precomputation1.081.97 +
ECMQVC over GF(2^n) 233 Key Agreement4.888.88
+Throughput Geometric Average: 990.021173 + +Test ended at Tue Sep 27 02:18:43 2016 + + diff --git a/benchmarks-byteblock.html b/benchmarks-byteblock.html new file mode 100644 index 00000000..c83e1562 --- /dev/null +++ b/benchmarks-byteblock.html @@ -0,0 +1,218 @@ + + + +Speed Comparison of Popular Crypto Algorithms + + +

Crypto++ 5.6.5 Benchmarks

+

Here are speed benchmarks for some commonly used cryptographic algorithms.

+CPU frequency of the test platform is 1.81899e+09 Hz. ++ + + + + +
AlgorithmMiB/SecondCycles Per ByteMicroseconds to
Setup Key and IV		Cycles to
Setup Key and IV + +
AES/GCM (2K tables)2187.90.7691399 +
AES/GCM (64K tables)2357.43.6776689 +
AES/CCM (128-bit key)12513.90.308560 +
AES/EAX (128-bit key)12513.80.6281142 +
GMAC(AES) (2K tables)8512.00.7671395 +
GMAC(AES) (64K tables)12341.43.6786690 +
VMAC(AES)-64 (128-bit key)78220.21.1912167 +
VMAC(AES)-128 (128-bit key)41860.41.4392617 +
HMAC(SHA-1) (128-bit key)2646.60.260473 +
Two-Track-MAC (160-bit key)2138.20.01527 +
CMAC(AES) (128-bit key)2207.90.228415 +
DMAC(AES) (128-bit key)2217.80.7171304 +
BLAKE2s (256-bit key)5683.10.249453 +
BLAKE2b (512-bit key)7522.30.301548 +
CRC324354.0 +
CRC32C42580.4 +
Adler3213161.3 +
MD55313.3 +
SHA-12676.5 +
SHA-2561869.3 +
SHA-5122347.4 +
Keccak-22415711.0 +
Keccak-25614911.7 +
Keccak-38411415.2 +
Keccak-5127922.0 +
SHA3-22415711.0 +
SHA3-25614911.7 +
SHA3-38411415.2 +
SHA3-5127921.9 +
Tiger4324.0 +
Whirlpool13412.9 +
RIPEMD-1602168.0 +
RIPEMD-3202327.5 +
RIPEMD-1283195.4 +
RIPEMD-2563445.0 +
BLAKE2s5693.0 +
BLAKE2b7532.3 +
Panama-LE (256-bit key)16141.10.7771414 +
Panama-BE (256-bit key)6852.51.4282597 +
Salsa20 (256-bit key)2108.30.144261 +
Salsa20/123325.20.167303 +
Salsa20/84713.70.166301 +
ChaCha20 (256-bit key)3245.30.090164 +
ChaCha12 (256-bit key)5233.30.093169 +
ChaCha8 (256-bit key)7122.40.092167 +
Sosemanuk (128-bit key)12611.40.474863 +
MARC4 (128-bit key)3864.51.4072558 +
SEAL-3.0-LE (160-bit key)6422.737.37867990 +
WAKE-OFB-LE (256-bit key)3285.31.7283143 +
AES/CTR (128-bit key)2896.00.243443 +
AES/CTR (192-bit key)2397.30.246447 +
AES/CTR (256-bit key)2018.60.261476 +
AES/CBC (128-bit key)2217.90.185336 +
AES/CBC (192-bit key)1899.20.187341 +
AES/CBC (256-bit key)16410.60.203370 +
AES/OFB (128-bit key)2148.10.236430 +
AES/CFB (128-bit key)2207.90.345627 +
AES/ECB (128-bit key)2307.50.093168 +
Camellia/CTR (128-bit key)11714.90.228415 +
Camellia/CTR (256-bit key)9218.90.252459 +
Twofish/CTR (128-bit key)14512.02.5804693 +
Serpent/CTR (128-bit key)6925.10.466848 +
CAST-256/CTR (128-bit key)7423.41.2292235 +
RC6/CTR (128-bit key)12114.32.0333699 +
MARS/CTR (128-bit key)8320.91.5082743 +
SHACAL-2/CTR (128-bit key)11415.20.311565 +
SHACAL-2/CTR (512-bit key)11515.10.319581 +
DES/CTR (64-bit key)6128.32.5674669 +
DES-XEX3/CTR (192-bit key)5730.32.5864703 +
DES-EDE3/CTR (192-bit key)2473.38.17814876 +
IDEA/CTR (128-bit key)7124.40.260473 +
RC5 (r=16)10516.51.5862885 +
Blowfish/CTR (128-bit key)10516.536.77766898 +
TEA/CTR (128-bit key)5929.20.212385 +
XTEA/CTR (128-bit key)5829.80.212386 +
CAST-128/CTR (128-bit key)8320.90.344626 +
SKIPJACK/CTR (80-bit key)3648.61.8233317 +
SEED/CTR (1/2 K table)5332.40.286520
++ + + + + + + + +
OperationMilliseconds/OperationMegacycles/Operation + +
RSA 1024 Encryption0.020.04 +
RSA 1024 Decryption0.340.62 +
LUC 1024 Encryption0.020.04 +
LUC 1024 Decryption0.551.00 +
DLIES 1024 Encryption0.220.41 +
DLIES 1024 Encryption with precomputation0.420.76 +
DLIES 1024 Decryption0.310.57 +
LUCELG 512 Encryption0.140.25 +
LUCELG 512 Encryption with precomputation0.140.25 +
LUCELG 512 Decryption0.150.27 +
RSA 2048 Encryption0.040.07 +
RSA 2048 Decryption1.542.80 +
LUC 2048 Encryption0.050.08 +
LUC 2048 Decryption2.564.67 +
DLIES 2048 Encryption1.071.95 +
DLIES 2048 Encryption with precomputation1.222.22 +
DLIES 2048 Decryption1.031.88 +
LUCELG 1024 Encryption0.500.90 +
LUCELG 1024 Encryption with precomputation0.490.90 +
LUCELG 1024 Decryption0.430.78 +
RSA 1024 Signature0.340.62 +
RSA 1024 Verification0.020.04 +
RW 1024 Signature0.370.66 +
RW 1024 Signature with precomputation0.370.67 +
RW 1024 Verification0.010.02 +
LUC 1024 Signature0.551.00 +
LUC 1024 Verification0.020.04 +
NR 1024 Signature0.120.21 +
NR 1024 Signature with precomputation0.120.21 +
NR 1024 Verification0.130.24 +
NR 1024 Verification with precomputation0.190.34 +
DSA 1024 Signature0.120.22 +
DSA 1024 Signature with precomputation0.120.22 +
DSA 1024 Verification0.140.25 +
DSA 1024 Verification with precomputation0.180.34 +
LUC-HMP 512 Signature0.130.24 +
LUC-HMP 512 Signature with precomputation0.130.24 +
LUC-HMP 512 Verification0.130.25 +
LUC-HMP 512 Verification with precomputation0.140.25 +
ESIGN 1023 Signature0.060.11 +
ESIGN 1023 Verification0.020.03 +
ESIGN 1536 Signature0.090.17 +
ESIGN 1536 Verification0.030.06 +
RSA 2048 Signature1.542.81 +
RSA 2048 Verification0.040.07 +
RW 2048 Signature1.582.88 +
RW 2048 Signature with precomputation1.592.89 +
RW 2048 Verification0.020.04 +
LUC 2048 Signature2.574.68 +
LUC 2048 Verification0.040.08 +
NR 2048 Signature0.540.99 +
NR 2048 Signature with precomputation0.270.50 +
NR 2048 Verification0.611.11 +
NR 2048 Verification with precomputation0.430.79 +
LUC-HMP 1024 Signature0.490.90 +
LUC-HMP 1024 Signature with precomputation0.500.91 +
LUC-HMP 1024 Verification0.500.91 +
LUC-HMP 1024 Verification with precomputation0.500.91 +
ESIGN 2046 Signature0.120.21 +
ESIGN 2046 Verification0.040.06 +
XTR-DH 171 Key-Pair Generation0.160.30 +
XTR-DH 171 Key Agreement0.320.59 +
XTR-DH 342 Key-Pair Generation0.420.77 +
XTR-DH 342 Key Agreement0.851.54 +
DH 1024 Key-Pair Generation0.120.21 +
DH 1024 Key-Pair Generation with precomputation0.220.39 +
DH 1024 Key Agreement0.310.56 +
DH 2048 Key-Pair Generation0.551.00 +
DH 2048 Key-Pair Generation with precomputation0.631.15 +
DH 2048 Key Agreement1.041.90 +
LUCDIF 512 Key-Pair Generation0.070.13 +
LUCDIF 512 Key-Pair Generation with precomputation0.070.13 +
LUCDIF 512 Key Agreement0.150.27 +
LUCDIF 1024 Key-Pair Generation0.260.47 +
LUCDIF 1024 Key-Pair Generation with precomputation0.250.46 +
LUCDIF 1024 Key Agreement0.430.79 +
MQV 1024 Key-Pair Generation0.120.21 +
MQV 1024 Key-Pair Generation with precomputation0.110.21 +
MQV 1024 Key Agreement0.220.41 +
MQV 2048 Key-Pair Generation0.551.00 +
MQV 2048 Key-Pair Generation with precomputation0.270.49 +
MQV 2048 Key Agreement0.991.79 +
ECIES over GF(p) 256 Encryption1.402.55 +
ECIES over GF(p) 256 Encryption with precomputation1.182.15 +
ECIES over GF(p) 256 Decryption0.991.80 +
ECDSA over GF(p) 256 Signature0.711.30 +
ECDSA over GF(p) 256 Signature with precomputation0.611.11 +
ECDSA over GF(p) 256 Verification2.494.53 +
ECDSA over GF(p) 256 Verification with precomputation1.011.83 +
ECDHC over GF(p) 256 Key-Pair Generation0.701.27 +
ECDHC over GF(p) 256 Key-Pair Generation with precomputation0.601.09 +
ECDHC over GF(p) 256 Key Agreement0.721.31 +
ECMQVC over GF(p) 256 Key-Pair Generation0.701.28 +
ECMQVC over GF(p) 256 Key-Pair Generation with precomputation0.601.08 +
ECMQVC over GF(p) 256 Key Agreement2.484.51
ECIES over GF(2^n) 233 Encryption7.7114.03 +
ECIES over GF(2^n) 233 Encryption with precomputation2.133.87 +
ECIES over GF(2^n) 233 Decryption4.347.90 +
ECDSA over GF(2^n) 233 Signature3.887.07 +
ECDSA over GF(2^n) 233 Signature with precomputation1.091.98 +
ECDSA over GF(2^n) 233 Verification4.718.57 +
ECDSA over GF(2^n) 233 Verification with precomputation1.833.33 +
ECDHC over GF(2^n) 233 Key-Pair Generation3.836.97 +
ECDHC over GF(2^n) 233 Key-Pair Generation with precomputation1.071.94 +
ECDHC over GF(2^n) 233 Key Agreement3.907.09 +
ECMQVC over GF(2^n) 233 Key-Pair Generation3.846.98 +
ECMQVC over GF(2^n) 233 Key-Pair Generation with precomputation1.061.93 +
ECMQVC over GF(2^n) 233 Key Agreement4.818.75
+Throughput Geometric Average: 997.032044 + +Test ended at Tue Sep 27 01:43:06 2016 + + diff --git a/benchmarks-native.html b/benchmarks-native.html new file mode 100644 index 00000000..322de7e4 --- /dev/null +++ b/benchmarks-native.html @@ -0,0 +1,216 @@ + + + +Speed Comparison of Popular Crypto Algorithms + + +

Crypto++ 5.6.5 Benchmarks

+

Here are speed benchmarks for some commonly used cryptographic algorithms.

+CPU frequency of the test platform is 1.81899e+09 Hz. ++ + + + + +
AlgorithmMiB/SecondCycles Per ByteMicroseconds to
Setup Key and IV		Cycles to
Setup Key and IV + +
AES/GCM8872.00.491893 +
AES/CCM (128-bit key)4523.80.311565 +
AES/EAX (128-bit key)4603.80.400728 +
GMAC(AES)15051.20.493896 +
VMAC(AES)-64 (128-bit key)77440.20.6531188 +
VMAC(AES)-128 (128-bit key)40070.40.7401346 +
HMAC(SHA-1) (128-bit key)2686.50.259472 +
Two-Track-MAC (160-bit key)2118.20.01528 +
CMAC(AES) (128-bit key)5843.00.153278 +
DMAC(AES) (128-bit key)5833.00.431784 +
BLAKE2s (256-bit key)5693.00.250455 +
BLAKE2b (512-bit key)7512.30.295536 +
CRC324254.1 +
CRC32C41240.4 +
Adler3212811.4 +
MD55283.3 +
SHA-12656.5 +
SHA-2561819.6 +
SHA-5122297.6 +
Keccak-22415111.5 +
Keccak-25614711.8 +
Keccak-38411215.5 +
Keccak-5127922.0 +
SHA3-22415811.0 +
SHA3-25614811.7 +
SHA3-38411415.2 +
SHA3-5127921.9 +
Tiger4364.0 +
Whirlpool13512.9 +
RIPEMD-1602178.0 +
RIPEMD-3202337.5 +
RIPEMD-1283185.5 +
RIPEMD-2563465.0 +
BLAKE2s5703.0 +
BLAKE2b7452.3 +
Panama-LE (256-bit key)16061.10.7711403 +
Panama-BE (256-bit key)6402.71.4252592 +
Salsa20 (256-bit key)2108.30.141256 +
Salsa20/123345.20.171311 +
Salsa20/84783.60.175318 +
ChaCha20 (256-bit key)3175.50.095172 +
ChaCha12 (256-bit key)5173.40.093169 +
ChaCha8 (256-bit key)7132.40.093169 +
Sosemanuk (128-bit key)12691.40.457830 +
MARC4 (128-bit key)3954.41.3972541 +
SEAL-3.0-LE (160-bit key)6512.737.30367855 +
WAKE-OFB-LE (256-bit key)3345.21.7253137 +
AES/CTR (128-bit key)23500.70.236430 +
AES/CTR (192-bit key)20000.90.228415 +
AES/CTR (256-bit key)17361.00.248451 +
AES/CBC (128-bit key)5902.90.180327 +
AES/CBC (192-bit key)4993.50.170310 +
AES/CBC (256-bit key)4334.00.190345 +
AES/OFB (128-bit key)5533.10.232422 +
AES/CFB (128-bit key)5743.00.258469 +
AES/ECB (128-bit key)28240.60.083151 +
Camellia/CTR (128-bit key)11614.90.229416 +
Camellia/CTR (256-bit key)9218.90.253460 +
Twofish/CTR (128-bit key)14611.92.5314604 +
Serpent/CTR (128-bit key)7124.50.461838 +
CAST-256/CTR (128-bit key)7523.31.2222223 +
RC6/CTR (128-bit key)12114.32.1203857 +
MARS/CTR (128-bit key)8520.41.4892708 +
SHACAL-2/CTR (128-bit key)11415.20.312568 +
SHACAL-2/CTR (512-bit key)11515.10.318578 +
DES/CTR (64-bit key)6128.42.5704674 +
DES-XEX3/CTR (192-bit key)5730.42.5934716 +
DES-EDE3/CTR (192-bit key)2473.48.21214938 +
IDEA/CTR (128-bit key)7124.40.261474 +
RC5 (r=16)10217.01.7023096 +
Blowfish/CTR (128-bit key)10316.836.86067048 +
TEA/CTR (128-bit key)5929.50.230418 +
XTEA/CTR (128-bit key)5829.90.230419 +
CAST-128/CTR (128-bit key)8320.90.344625 +
SKIPJACK/CTR (80-bit key)3549.11.8503366 +
SEED/CTR (1/2 K table)5432.30.282514
++ + + + + + + + +
OperationMilliseconds/OperationMegacycles/Operation + +
RSA 1024 Encryption0.020.04 +
RSA 1024 Decryption0.340.62 +
LUC 1024 Encryption0.020.04 +
LUC 1024 Decryption0.561.02 +
DLIES 1024 Encryption0.230.41 +
DLIES 1024 Encryption with precomputation0.420.77 +
DLIES 1024 Decryption0.320.59 +
LUCELG 512 Encryption0.140.25 +
LUCELG 512 Encryption with precomputation0.140.25 +
LUCELG 512 Decryption0.150.27 +
RSA 2048 Encryption0.040.07 +
RSA 2048 Decryption1.572.85 +
LUC 2048 Encryption0.050.08 +
LUC 2048 Decryption2.544.62 +
DLIES 2048 Encryption1.091.98 +
DLIES 2048 Encryption with precomputation1.252.27 +
DLIES 2048 Decryption1.041.90 +
LUCELG 1024 Encryption0.500.91 +
LUCELG 1024 Encryption with precomputation0.500.90 +
LUCELG 1024 Decryption0.430.78 +
RSA 1024 Signature0.350.63 +
RSA 1024 Verification0.020.04 +
RW 1024 Signature0.370.68 +
RW 1024 Signature with precomputation0.370.67 +
RW 1024 Verification0.010.02 +
LUC 1024 Signature0.561.02 +
LUC 1024 Verification0.020.04 +
NR 1024 Signature0.120.22 +
NR 1024 Signature with precomputation0.120.22 +
NR 1024 Verification0.130.24 +
NR 1024 Verification with precomputation0.190.34 +
DSA 1024 Signature0.120.22 +
DSA 1024 Signature with precomputation0.120.22 +
DSA 1024 Verification0.130.24 +
DSA 1024 Verification with precomputation0.190.35 +
LUC-HMP 512 Signature0.140.25 +
LUC-HMP 512 Signature with precomputation0.140.25 +
LUC-HMP 512 Verification0.140.25 +
LUC-HMP 512 Verification with precomputation0.140.25 +
ESIGN 1023 Signature0.060.11 +
ESIGN 1023 Verification0.020.03 +
ESIGN 1536 Signature0.100.17 +
ESIGN 1536 Verification0.030.06 +
RSA 2048 Signature1.602.91 +
RSA 2048 Verification0.040.07 +
RW 2048 Signature1.642.98 +
RW 2048 Signature with precomputation1.673.04 +
RW 2048 Verification0.020.04 +
LUC 2048 Signature2.604.74 +
LUC 2048 Verification0.050.08 +
NR 2048 Signature0.571.03 +
NR 2048 Signature with precomputation0.280.51 +
NR 2048 Verification0.631.14 +
NR 2048 Verification with precomputation0.410.74 +
LUC-HMP 1024 Signature0.500.90 +
LUC-HMP 1024 Signature with precomputation0.520.94 +
LUC-HMP 1024 Verification0.510.92 +
LUC-HMP 1024 Verification with precomputation0.510.92 +
ESIGN 2046 Signature0.120.21 +
ESIGN 2046 Verification0.040.07 +
XTR-DH 171 Key-Pair Generation0.170.31 +
XTR-DH 171 Key Agreement0.330.61 +
XTR-DH 342 Key-Pair Generation0.440.79 +
XTR-DH 342 Key Agreement0.881.59 +
DH 1024 Key-Pair Generation0.120.22 +
DH 1024 Key-Pair Generation with precomputation0.220.40 +
DH 1024 Key Agreement0.330.60 +
DH 2048 Key-Pair Generation0.561.02 +
DH 2048 Key-Pair Generation with precomputation0.641.16 +
DH 2048 Key Agreement1.051.91 +
LUCDIF 512 Key-Pair Generation0.070.13 +
LUCDIF 512 Key-Pair Generation with precomputation0.070.13 +
LUCDIF 512 Key Agreement0.150.27 +
LUCDIF 1024 Key-Pair Generation0.250.46 +
LUCDIF 1024 Key-Pair Generation with precomputation0.250.46 +
LUCDIF 1024 Key Agreement0.430.79 +
MQV 1024 Key-Pair Generation0.110.21 +
MQV 1024 Key-Pair Generation with precomputation0.110.20 +
MQV 1024 Key Agreement0.220.41 +
MQV 2048 Key-Pair Generation0.551.00 +
MQV 2048 Key-Pair Generation with precomputation0.270.49 +
MQV 2048 Key Agreement1.011.85 +
ECIES over GF(p) 256 Encryption1.412.56 +
ECIES over GF(p) 256 Encryption with precomputation1.202.18 +
ECIES over GF(p) 256 Decryption0.991.79 +
ECDSA over GF(p) 256 Signature0.721.31 +
ECDSA over GF(p) 256 Signature with precomputation0.611.12 +
ECDSA over GF(p) 256 Verification2.504.54 +
ECDSA over GF(p) 256 Verification with precomputation1.001.82 +
ECDHC over GF(p) 256 Key-Pair Generation0.711.28 +
ECDHC over GF(p) 256 Key-Pair Generation with precomputation0.621.13 +
ECDHC over GF(p) 256 Key Agreement0.721.31 +
ECMQVC over GF(p) 256 Key-Pair Generation0.711.29 +
ECMQVC over GF(p) 256 Key-Pair Generation with precomputation0.601.09 +
ECMQVC over GF(p) 256 Key Agreement2.544.62
ECIES over GF(2^n) 233 Encryption7.7714.13 +
ECIES over GF(2^n) 233 Encryption with precomputation2.143.89 +
ECIES over GF(2^n) 233 Decryption4.428.04 +
ECDSA over GF(2^n) 233 Signature3.947.16 +
ECDSA over GF(2^n) 233 Signature with precomputation1.081.97 +
ECDSA over GF(2^n) 233 Verification4.858.83 +
ECDSA over GF(2^n) 233 Verification with precomputation1.793.25 +
ECDHC over GF(2^n) 233 Key-Pair Generation3.897.08 +
ECDHC over GF(2^n) 233 Key-Pair Generation with precomputation1.071.95 +
ECDHC over GF(2^n) 233 Key Agreement3.937.15 +
ECMQVC over GF(2^n) 233 Key-Pair Generation3.887.05 +
ECMQVC over GF(2^n) 233 Key-Pair Generation with precomputation1.081.96 +
ECMQVC over GF(2^n) 233 Key Agreement4.908.91
+Throughput Geometric Average: 1110.724645 + +Test ended at Mon Sep 26 23:32:16 2016 + + diff --git a/benchmarks-secbyteblock.html b/benchmarks-secbyteblock.html new file mode 100644 index 00000000..123a152d --- /dev/null +++ b/benchmarks-secbyteblock.html @@ -0,0 +1,218 @@ + + + +Speed Comparison of Popular Crypto Algorithms + + +

Crypto++ 5.6.5 Benchmarks

+

Here are speed benchmarks for some commonly used cryptographic algorithms.

+CPU frequency of the test platform is 1.81899e+09 Hz. ++ + + + + +
AlgorithmMiB/SecondCycles Per ByteMicroseconds to
Setup Key and IV		Cycles to
Setup Key and IV + +
AES/GCM (2K tables)2188.00.7611383 +
AES/GCM (64K tables)2317.53.7766868 +
AES/CCM (128-bit key)12613.80.319580 +
AES/EAX (128-bit key)12513.80.6431169 +
GMAC(AES) (2K tables)8522.00.7611384 +
GMAC(AES) (64K tables)12331.43.7046737 +
VMAC(AES)-64 (128-bit key)79530.21.1582107 +
VMAC(AES)-128 (128-bit key)41970.41.4242591 +
HMAC(SHA-1) (128-bit key)2766.30.258470 +
Two-Track-MAC (160-bit key)2158.10.01426 +
CMAC(AES) (128-bit key)2207.90.226412 +
DMAC(AES) (128-bit key)2217.80.8471541 +
BLAKE2s (256-bit key)5683.10.224407 +
BLAKE2b (512-bit key)7732.20.273496 +
CRC324344.0 +
CRC32C42640.4 +
Adler3213101.3 +
MD55293.3 +
SHA-12756.3 +
SHA-2561869.4 +
SHA-5122347.4 +
Keccak-22415811.0 +
Keccak-25614911.6 +
Keccak-38411415.2 +
Keccak-5127921.9 +
SHA3-22415811.0 +
SHA3-25614911.7 +
SHA3-38411415.2 +
SHA3-5127921.9 +
Tiger4354.0 +
Whirlpool13413.0 +
RIPEMD-1602158.1 +
RIPEMD-3202337.5 +
RIPEMD-1283185.5 +
RIPEMD-2563455.0 +
BLAKE2s5693.0 +
BLAKE2b7612.3 +
Panama-LE (256-bit key)16031.10.7701401 +
Panama-BE (256-bit key)6882.51.4232588 +
Salsa20 (256-bit key)2098.30.132240 +
Salsa20/123355.20.161293 +
Salsa20/84773.60.161293 +
ChaCha20 (256-bit key)3285.30.087158 +
ChaCha12 (256-bit key)5093.40.087159 +
ChaCha8 (256-bit key)7252.40.088159 +
Sosemanuk (128-bit key)12621.40.453825 +
MARC4 (128-bit key)3954.41.4022550 +
SEAL-3.0-LE (160-bit key)6512.737.32267889 +
WAKE-OFB-LE (256-bit key)3295.31.7183125 +
AES/CTR (128-bit key)2945.90.237431 +
AES/CTR (192-bit key)2407.20.239435 +
AES/CTR (256-bit key)2038.60.255464 +
AES/CBC (128-bit key)2227.80.181330 +
AES/CBC (192-bit key)1899.20.184334 +
AES/CBC (256-bit key)16510.50.201366 +
AES/OFB (128-bit key)2148.10.232422 +
AES/CFB (128-bit key)2207.90.333606 +
AES/ECB (128-bit key)2307.60.092168 +
Camellia/CTR (128-bit key)11614.90.224407 +
Camellia/CTR (256-bit key)9119.00.247449 +
Twofish/CTR (128-bit key)14611.92.5264594 +
Serpent/CTR (128-bit key)7124.50.457831 +
CAST-256/CTR (128-bit key)7423.41.2302237 +
RC6/CTR (128-bit key)12114.31.9823605 +
MARS/CTR (128-bit key)8620.21.4922714 +
SHACAL-2/CTR (128-bit key)11415.20.307559 +
SHACAL-2/CTR (512-bit key)11415.20.315572 +
DES/CTR (64-bit key)6128.52.5254593 +
DES-XEX3/CTR (192-bit key)5730.42.5464632 +
DES-EDE3/CTR (192-bit key)2473.58.15814840 +
IDEA/CTR (128-bit key)7124.40.255464 +
RC5 (r=16)10516.61.5822877 +
Blowfish/CTR (128-bit key)10416.636.79666931 +
TEA/CTR (128-bit key)5929.40.206375 +
XTEA/CTR (128-bit key)5829.90.205373 +
CAST-128/CTR (128-bit key)8321.00.339616 +
SKIPJACK/CTR (80-bit key)3648.71.8353337 +
SEED/CTR (1/2 K table)5432.40.280509
++ + + + + + + + +
OperationMilliseconds/OperationMegacycles/Operation + +
RSA 1024 Encryption0.020.04 +
RSA 1024 Decryption0.340.62 +
LUC 1024 Encryption0.020.04 +
LUC 1024 Decryption0.551.00 +
DLIES 1024 Encryption0.230.42 +
DLIES 1024 Encryption with precomputation0.420.77 +
DLIES 1024 Decryption0.330.60 +
LUCELG 512 Encryption0.140.25 +
LUCELG 512 Encryption with precomputation0.140.25 +
LUCELG 512 Decryption0.140.26 +
RSA 2048 Encryption0.040.07 +
RSA 2048 Decryption1.542.81 +
LUC 2048 Encryption0.050.08 +
LUC 2048 Decryption2.564.66 +
DLIES 2048 Encryption1.071.95 +
DLIES 2048 Encryption with precomputation1.212.21 +
DLIES 2048 Decryption1.031.88 +
LUCELG 1024 Encryption0.500.90 +
LUCELG 1024 Encryption with precomputation0.490.90 +
LUCELG 1024 Decryption0.430.79 +
RSA 1024 Signature0.340.62 +
RSA 1024 Verification0.020.04 +
RW 1024 Signature0.370.67 +
RW 1024 Signature with precomputation0.370.67 +
RW 1024 Verification0.010.02 +
LUC 1024 Signature0.561.02 +
LUC 1024 Verification0.020.04 +
NR 1024 Signature0.120.21 +
NR 1024 Signature with precomputation0.120.22 +
NR 1024 Verification0.130.24 +
NR 1024 Verification with precomputation0.190.35 +
DSA 1024 Signature0.120.22 +
DSA 1024 Signature with precomputation0.120.22 +
DSA 1024 Verification0.130.24 +
DSA 1024 Verification with precomputation0.190.34 +
LUC-HMP 512 Signature0.130.24 +
LUC-HMP 512 Signature with precomputation0.130.24 +
LUC-HMP 512 Verification0.140.25 +
LUC-HMP 512 Verification with precomputation0.140.25 +
ESIGN 1023 Signature0.060.10 +
ESIGN 1023 Verification0.020.03 +
ESIGN 1536 Signature0.090.17 +
ESIGN 1536 Verification0.030.06 +
RSA 2048 Signature1.552.82 +
RSA 2048 Verification0.040.07 +
RW 2048 Signature1.612.92 +
RW 2048 Signature with precomputation1.602.90 +
RW 2048 Verification0.020.04 +
LUC 2048 Signature2.614.75 +
LUC 2048 Verification0.040.08 +
NR 2048 Signature0.551.00 +
NR 2048 Signature with precomputation0.280.51 +
NR 2048 Verification0.611.12 +
NR 2048 Verification with precomputation0.420.76 +
LUC-HMP 1024 Signature0.500.92 +
LUC-HMP 1024 Signature with precomputation0.500.91 +
LUC-HMP 1024 Verification0.510.93 +
LUC-HMP 1024 Verification with precomputation0.520.94 +
ESIGN 2046 Signature0.120.21 +
ESIGN 2046 Verification0.040.06 +
XTR-DH 171 Key-Pair Generation0.170.30 +
XTR-DH 171 Key Agreement0.330.60 +
XTR-DH 342 Key-Pair Generation0.430.78 +
XTR-DH 342 Key Agreement0.861.56 +
DH 1024 Key-Pair Generation0.120.21 +
DH 1024 Key-Pair Generation with precomputation0.210.39 +
DH 1024 Key Agreement0.320.58 +
DH 2048 Key-Pair Generation0.551.00 +
DH 2048 Key-Pair Generation with precomputation0.631.15 +
DH 2048 Key Agreement1.041.89 +
LUCDIF 512 Key-Pair Generation0.070.13 +
LUCDIF 512 Key-Pair Generation with precomputation0.070.13 +
LUCDIF 512 Key Agreement0.140.26 +
LUCDIF 1024 Key-Pair Generation0.250.46 +
LUCDIF 1024 Key-Pair Generation with precomputation0.250.46 +
LUCDIF 1024 Key Agreement0.440.80 +
MQV 1024 Key-Pair Generation0.110.20 +
MQV 1024 Key-Pair Generation with precomputation0.110.20 +
MQV 1024 Key Agreement0.220.41 +
MQV 2048 Key-Pair Generation0.540.98 +
MQV 2048 Key-Pair Generation with precomputation0.270.49 +
MQV 2048 Key Agreement1.001.81 +
ECIES over GF(p) 256 Encryption1.412.57 +
ECIES over GF(p) 256 Encryption with precomputation1.202.19 +
ECIES over GF(p) 256 Decryption1.001.82 +
ECDSA over GF(p) 256 Signature0.721.31 +
ECDSA over GF(p) 256 Signature with precomputation0.621.12 +
ECDSA over GF(p) 256 Verification2.474.50 +
ECDSA over GF(p) 256 Verification with precomputation1.021.85 +
ECDHC over GF(p) 256 Key-Pair Generation0.711.29 +
ECDHC over GF(p) 256 Key-Pair Generation with precomputation0.601.09 +
ECDHC over GF(p) 256 Key Agreement0.711.29 +
ECMQVC over GF(p) 256 Key-Pair Generation0.701.28 +
ECMQVC over GF(p) 256 Key-Pair Generation with precomputation0.601.08 +
ECMQVC over GF(p) 256 Key Agreement2.504.55
ECIES over GF(2^n) 233 Encryption7.6913.98 +
ECIES over GF(2^n) 233 Encryption with precomputation2.133.87 +
ECIES over GF(2^n) 233 Decryption4.448.08 +
ECDSA over GF(2^n) 233 Signature3.867.03 +
ECDSA over GF(2^n) 233 Signature with precomputation1.081.97 +
ECDSA over GF(2^n) 233 Verification4.808.74 +
ECDSA over GF(2^n) 233 Verification with precomputation1.833.33 +
ECDHC over GF(2^n) 233 Key-Pair Generation3.857.01 +
ECDHC over GF(2^n) 233 Key-Pair Generation with precomputation1.061.94 +
ECDHC over GF(2^n) 233 Key Agreement3.927.13 +
ECMQVC over GF(2^n) 233 Key-Pair Generation3.857.01 +
ECMQVC over GF(2^n) 233 Key-Pair Generation with precomputation1.061.94 +
ECMQVC over GF(2^n) 233 Key Agreement4.858.82
+Throughput Geometric Average: 995.348464 + +Test ended at Tue Sep 27 02:03:40 2016 + + diff --git a/config.h b/config.h index 327585da..64df50a8 100644 --- a/config.h +++ b/config.h @@ -490,25 +490,28 @@ NAMESPACE_END // MSVC 2008 (http://msdn.microsoft.com/en-us/library/bb892950%28v=vs.90%29.aspx) // SunCC could generate SSE4 at 12.1, but the intrinsics are missing until 12.4. #if !defined(CRYPTOPP_DISABLE_ASM) && !defined(CRYPTOPP_DISABLE_SSE4) && !defined(_M_ARM) && ((_MSC_VER >= 1500) || (defined(__SSE4_1__) && defined(__SSE4_2__))) - #define CRYPTOPP_BOOL_SSE4_INTRINSICS_AVAILABLE 1 + #define CRYPTOPP_BOOL_SSE4_INTRINSICS_AVAILABLE 0 #else #define CRYPTOPP_BOOL_SSE4_INTRINSICS_AVAILABLE 0 #endif // Don't disgorge AES-NI from CLMUL. There will be two to four subtle breaks #if !defined(CRYPTOPP_DISABLE_ASM) && !defined(CRYPTOPP_DISABLE_AESNI) && !defined(_M_ARM) && (_MSC_FULL_VER >= 150030729 || __INTEL_COMPILER >= 1110 || (defined(__AES__) && defined(__PCLMUL__))) - #define CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE 1 + #define CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE 0 #else #define CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE 0 #endif // AVX2 in MSC 18.00 #if !defined(CRYPTOPP_DISABLE_ASM) && !defined(CRYPTOPP_DISABLE_AVX) && !defined(_M_ARM) && ((_MSC_VER >= 1600) || (defined(__RDRND__) || defined(__RDSEED__) || defined(__AVX__))) - #define CRYPTOPP_BOOL_AVX_AVAILABLE 1 + #define CRYPTOPP_BOOL_AVX_AVAILABLE 0 #else #define CRYPTOPP_BOOL_AVX_AVAILABLE 0 #endif +// Enabled for testing Issue 302. If this hits production then please raise redflags +#define CRYPTOPP_ALLOW_RIJNDAEL_UNALIGNED_DATA_ACCESS 1 + // Requires ARMv7 and ACLE 1.0. Testing shows ARMv7 is really ARMv7a under most toolchains. #if !defined(CRYPTOPP_BOOL_NEON_INTRINSICS_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ASM) # if defined(__ARM_NEON__) || defined(__ARM_NEON) || defined(_M_ARM) diff --git a/integer.cpp b/integer.cpp index 35f22698..7cc4d70a 100644 --- a/integer.cpp +++ b/integer.cpp @@ -415,12 +415,15 @@ S DivideThreeWordsByTwo(S *A, S B0, S B1, D *dummy=NULL) // CRYPTOPP_ASSERT {A[2],A[1]} < {B1,B0}, so quotient can fit in a S CRYPTOPP_ASSERT(A[2] < B1 || (A[2]==B1 && A[1] < B0)); - // estimate the quotient: do a 2 S by 1 S divide - S Q; - if (S(B1+1) == 0) - Q = A[2]; - else if (B1 > 0) + // estimate the quotient: do a 2 S by 1 S divide. + // Profiling tells us the original second case was dominant, so it was promoted to the first If statement. + // The code change occurred at Commit dc99266599a0e72d. + + S Q; bool pre = (S(B1+1) == 0); + if (B1 > 0 && !pre) Q = D(A[1], A[2]) / S(B1+1); + else if (pre) + Q = A[2]; else Q = D(A[0], A[1]) / B0; @@ -451,9 +454,10 @@ S DivideThreeWordsByTwo(S *A, S B0, S B1, D *dummy=NULL) template inline D DivideFourWordsByTwo(S *T, const D &Al, const D &Ah, const D &B) { - if (!B) // if divisor is 0, we assume divisor==2**(2*WORD_BITS) - return D(Ah.GetLowHalf(), Ah.GetHighHalf()); - else + // Profiling tells us the original second case was dominant, so it was promoted to the first If statement. + // The code change occurred at Commit dc99266599a0e72d. + + if (!!B) { S Q[2]; T[0] = Al.GetLowHalf(); @@ -464,6 +468,10 @@ inline D DivideFourWordsByTwo(S *T, const D &Al, const D &Ah, const D &B) Q[0] = DivideThreeWordsByTwo(T, B.GetLowHalf(), B.GetHighHalf()); return D(Q[0], Q[1]); } + else // if divisor is 0, we assume divisor==2**(2*WORD_BITS) + { + return D(Ah.GetLowHalf(), Ah.GetHighHalf()); + } } // returns quotient, which must fit in a word @@ -2342,10 +2350,12 @@ void AsymmetricMultiply(word *R, word *T, const word *A, size_t NA, const word * { if (NA == NB) { - if (A == B) - Square(R, T, A, NA); - else + // Profiling tells us the original second case was dominant, so it was promoted to the first If statement. + // The code change occurred at Commit dc99266599a0e72d. + if (A != B) Multiply(R, T, A, B, NA); + else + Square(R, T, A, NA); return; } @@ -2360,8 +2370,14 @@ void AsymmetricMultiply(word *R, word *T, const word *A, size_t NA, const word * if (NA==2 && !A[1]) { + // Profiling tells us the original Default case was dominant, so it was promoted to the first Case statement. + // The code change occurred at Commit dc99266599a0e72d. switch (A[0]) { + default: + R[NB] = LinearMultiply(R, B, A[0], NB); + R[NB+1] = 0; + return; case 0: SetWords(R, 0, NB+2); return; @@ -2369,10 +2385,6 @@ void AsymmetricMultiply(word *R, word *T, const word *A, size_t NA, const word * CopyWords(R, B, NB); R[NB] = R[NB+1] = 0; return; - default: - R[NB] = LinearMultiply(R, B, A[0], NB); - R[NB+1] = 0; - return; } } @@ -2405,16 +2417,9 @@ void AsymmetricMultiply(word *R, word *T, const word *A, size_t NA, const word * void RecursiveInverseModPower2(word *R, word *T, const word *A, size_t N) { - if (N==2) - { - T[0] = AtomicInverseModPower2(A[0]); - T[1] = 0; - s_pBot[0](T+2, T, A); - TwosComplement(T+2, 2); - Increment(T+2, 2, 2); - s_pBot[0](R, T, T+2); - } - else + // Profiling tells us the original Else was dominant, so it was promoted to the first If statement. + // The code change occurred at Commit dc99266599a0e72d. + if (N!=2) { const size_t N2 = N/2; RecursiveInverseModPower2(R0, T0, A0, N2); @@ -2426,6 +2431,15 @@ void RecursiveInverseModPower2(word *R, word *T, const word *A, size_t N) TwosComplement(T0, N2); MultiplyBottom(R1, T1, R0, T0, N2); } + else + { + T[0] = AtomicInverseModPower2(A[0]); + T[1] = 0; + s_pBot[0](T+2, T, A); + TwosComplement(T+2, 2); + Increment(T+2, 2, 2); + s_pBot[0](R, T, T+2); + } } // R[N] --- result = X/(2**(WORD_BITS*N)) mod M @@ -2876,7 +2890,8 @@ static inline size_t RoundupSize(size_t n) return 32; else if (n<=64) return 64; - else return size_t(1) << BitPrecision(n-1); + else + return size_t(1) << BitPrecision(n-1); } Integer::Integer() @@ -2946,7 +2961,7 @@ Integer::Integer(BufferedTransformation &encodedInteger, size_t byteCount, Signe { CRYPTOPP_ASSERT(o == BIG_ENDIAN_ORDER || o == LITTLE_ENDIAN_ORDER); - if(o == LITTLE_ENDIAN_ORDER) + if (o == LITTLE_ENDIAN_ORDER) { SecByteBlock block(byteCount); encodedInteger.Get(block, block.size()); @@ -2963,7 +2978,7 @@ Integer::Integer(const byte *encodedInteger, size_t byteCount, Signedness s, Byt { CRYPTOPP_ASSERT(o == BIG_ENDIAN_ORDER || o == LITTLE_ENDIAN_ORDER); - if(o == LITTLE_ENDIAN_ORDER) + if (o == LITTLE_ENDIAN_ORDER) { SecByteBlock block(byteCount); #if (CRYPTOPP_MSC_VERSION >= 1400) @@ -3054,10 +3069,12 @@ Integer& Integer::operator=(const Integer& t) bool Integer::GetBit(size_t n) const { - if (n/WORD_BITS >= reg.size()) - return 0; - else + // Profiling tells us the original Else was dominant, so it was promoted to the first If statement. + // The code change occurred at Commit dc99266599a0e72d. + if (n/WORD_BITS < reg.size()) return bool((reg[n/WORD_BITS] >> (n % WORD_BITS)) & 1); + else + return 0; } void Integer::SetBit(size_t n, bool value) @@ -3076,10 +3093,12 @@ void Integer::SetBit(size_t n, bool value) byte Integer::GetByte(size_t n) const { - if (n/WORD_SIZE >= reg.size()) - return 0; - else + // Profiling tells us the original Else was dominant, so it was promoted to the first If statement. + // The code change occurred at Commit dc99266599a0e72d. + if (n/WORD_SIZE < reg.size()) return byte(reg[n/WORD_SIZE] >> ((n%WORD_SIZE)*8)); + else + return 0; } void Integer::SetByte(size_t n, byte value) @@ -3172,18 +3191,20 @@ static Integer StringToInteger(const T *str, ByteOrder order) str += 2, length -= 2; } - if(order == BIG_ENDIAN_ORDER) + if (order == BIG_ENDIAN_ORDER) { for (unsigned int i=0; i(str[i]); + // Profiling showd the second and third Else needed to be swapped + // The code change occurred at Commit dc99266599a0e72d. if (ch >= '0' && ch <= '9') digit = ch - '0'; - else if (ch >= 'A' && ch <= 'F') - digit = ch - 'A' + 10; else if (ch >= 'a' && ch <= 'f') digit = ch - 'a' + 10; + else if (ch >= 'A' && ch <= 'F') + digit = ch - 'A' + 10; else digit = radix; @@ -3194,7 +3215,7 @@ static Integer StringToInteger(const T *str, ByteOrder order) } } } - else if(radix == 16 && order == LITTLE_ENDIAN_ORDER) + else if (radix == 16 && order == LITTLE_ENDIAN_ORDER) { // Nibble high, low and count unsigned int nh = 0, nl = 0, nc = 0; @@ -3206,21 +3227,21 @@ static Integer StringToInteger(const T *str, ByteOrder order) if (ch >= '0' && ch <= '9') digit = ch - '0'; - else if (ch >= 'A' && ch <= 'F') - digit = ch - 'A' + 10; else if (ch >= 'a' && ch <= 'f') digit = ch - 'a' + 10; + else if (ch >= 'A' && ch <= 'F') + digit = ch - 'A' + 10; else digit = radix; if (digit < radix) { - if(nc++ == 0) + if (nc++ == 0) nh = digit; else nl = digit; - if(nc == 2) + if (nc == 2) { v += position * (nh << 4 | nl); nc = 0, position <<= 8; @@ -3228,7 +3249,7 @@ static Integer StringToInteger(const T *str, ByteOrder order) } } - if(nc == 1) + if (nc == 1) v += nh * position; } else // LITTLE_ENDIAN_ORDER && radix != 16 @@ -3239,10 +3260,10 @@ static Integer StringToInteger(const T *str, ByteOrder order) if (ch >= '0' && ch <= '9') digit = ch - '0'; - else if (ch >= 'A' && ch <= 'F') - digit = ch - 'A' + 10; else if (ch >= 'a' && ch <= 'f') digit = ch - 'a' + 10; + else if (ch >= 'A' && ch <= 'F') + digit = ch - 'A' + 10; else digit = radix; @@ -3337,11 +3358,14 @@ void Integer::Decode(BufferedTransformation &bt, size_t inputLen, Signedness s) size_t Integer::MinEncodedSize(Signedness signedness) const { + // Profiling tells us the original second If was dominant, so it was promoted to the first If statement. + // The code change occurred at Commit dc99266599a0e72d. unsigned int outputLen = STDMAX(1U, ByteCount()); - if (signedness == UNSIGNED) - return outputLen; - if (NotNegative() && (GetByte(outputLen-1) & 0x80)) + const bool pre = (signedness == UNSIGNED); + if (!pre && NotNegative() && (GetByte(outputLen-1) & 0x80)) outputLen++; + if (pre) + return outputLen; if (IsNegative() && *this < -Power2(outputLen*8-1)) outputLen++; return outputLen; @@ -3665,7 +3689,7 @@ std::ostream& operator<<(std::ostream& out, const Integer &a) } #ifdef CRYPTOPP_USE_STD_SHOWBASE - if(out.flags() & std::ios_base::showbase) + if (out.flags() & std::ios_base::showbase) out << suffix; return out; @@ -3716,15 +3740,19 @@ Integer& Integer::operator--() void PositiveAdd(Integer &sum, const Integer &a, const Integer& b) { - int carry; - if (a.reg.size() == b.reg.size()) - carry = Add(sum.reg, a.reg, b.reg, a.reg.size()); - else if (a.reg.size() > b.reg.size()) + // Profiling tells us the original second Else If was dominant, so it was promoted to the first If statement. + // The code change occurred at Commit dc99266599a0e72d. + int carry; const bool pre = (a.reg.size() == b.reg.size()); + if (!pre && a.reg.size() > b.reg.size()) { carry = Add(sum.reg, a.reg, b.reg, b.reg.size()); CopyWords(sum.reg+b.reg.size(), a.reg+b.reg.size(), a.reg.size()-b.reg.size()); carry = Increment(sum.reg+b.reg.size(), a.reg.size()-b.reg.size(), carry); } + else if (pre) + { + carry = Add(sum.reg, a.reg, b.reg, a.reg.size()); + } else { carry = Add(sum.reg, a.reg, b.reg, a.reg.size()); @@ -3747,7 +3775,17 @@ void PositiveSubtract(Integer &diff, const Integer &a, const Integer& b) unsigned bSize = b.WordCount(); bSize += bSize%2; - if (aSize == bSize) + // Profiling tells us the original second Else If was dominant, so it was promoted to the first If statement. + // The code change occurred at Commit dc99266599a0e72d. + if (aSize > bSize) + { + word borrow = Subtract(diff.reg, a.reg, b.reg, bSize); + CopyWords(diff.reg+bSize, a.reg+bSize, aSize-bSize); + borrow = Decrement(diff.reg+bSize, aSize-bSize, borrow); + CRYPTOPP_ASSERT(!borrow); + diff.sign = Integer::POSITIVE; + } + else if (aSize == bSize) { if (Compare(a.reg, b.reg, aSize) >= 0) { @@ -3760,14 +3798,6 @@ void PositiveSubtract(Integer &diff, const Integer &a, const Integer& b) diff.sign = Integer::NEGATIVE; } } - else if (aSize > bSize) - { - word borrow = Subtract(diff.reg, a.reg, b.reg, bSize); - CopyWords(diff.reg+bSize, a.reg+bSize, aSize-bSize); - borrow = Decrement(diff.reg+bSize, aSize-bSize, borrow); - CRYPTOPP_ASSERT(!borrow); - diff.sign = Integer::POSITIVE; - } else { word borrow = Subtract(diff.reg, b.reg, a.reg, aSize); @@ -4045,8 +4075,6 @@ void Integer::Divide(word &remainder, Integer "ient, const Integer ÷nd if (!divisor) throw Integer::DivideByZero(); - CRYPTOPP_ASSERT(divisor); - if ((divisor & (divisor-1)) == 0) // divisor is a power of 2 { quotient = dividend >> (BitPrecision(divisor)-1); @@ -4089,29 +4117,32 @@ word Integer::Modulo(word divisor) const if (!divisor) throw Integer::DivideByZero(); - CRYPTOPP_ASSERT(divisor); - word remainder; - if ((divisor & (divisor-1)) == 0) // divisor is a power of 2 - remainder = reg[0] & (divisor-1); - else + // Profiling tells us the original Else was dominant, so it was promoted to the first If statement. + // The code change occurred at Commit dc99266599a0e72d. + if ((divisor & (divisor-1)) != 0) // divisor is not a power of 2 { + // Profiling tells us the original Else was dominant, so it was promoted to the first If statement. + // The code change occurred at Commit dc99266599a0e72d. unsigned int i = WordCount(); - - if (divisor <= 5) + if (divisor > 5) + { + remainder = 0; + while (i--) + remainder = DWord(reg[i], remainder) % divisor; + } + else { DWord sum(0, 0); while (i--) sum += reg[i]; remainder = sum % divisor; } - else - { - remainder = 0; - while (i--) - remainder = DWord(reg[i], remainder) % divisor; - } + } + else // divisor is a power of 2 + { + remainder = reg[0] & (divisor-1); } if (IsNegative() && remainder) @@ -4128,12 +4159,13 @@ void Integer::Negate() int Integer::PositiveCompare(const Integer& t) const { - unsigned size = WordCount(), tSize = t.WordCount(); - - if (size == tSize) - return CryptoPP::Compare(reg, t.reg, size); - else + // Profiling tells us the original Else was dominant, so it was promoted to the first If statement. + // The code change occurred at Commit dc99266599a0e72d. + const unsigned size = WordCount(), tSize = t.WordCount(); + if (size != tSize) return size > tSize ? 1 : -1; + else + return CryptoPP::Compare(reg, t.reg, size); } int Integer::Compare(const Integer& t) const diff --git a/rijndael.cpp b/rijndael.cpp index 54daaef7..ffab6a64 100644 --- a/rijndael.cpp +++ b/rijndael.cpp @@ -1035,13 +1035,33 @@ void Rijndael_Enc_AdvancedProcessBlocks(void *locals, const word32 *k); #if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X86 -/* Determine whether the range between begin and end overlaps - * with the same 4k block offsets as the Te table. - */ +// Determine whether the range between begin and end overlaps +// with the same 4k block offsets as the Te table. Logically, +// the code is trying to create the condition: +// +// Two sepearate memory pages: +// +// +-----+ +-----+ +// |XXXXX| |YYYYY| +// |XXXXX| |YYYYY| +// | | | | +// | | | | +// +-----+ +-----+ +// Te Table Locals +// +// Have a logical cache view of (X and Y may be inverted): +// +// +-----+ +// |XXXXX| +// |XXXXX| +// |YYYYY| +// |YYYYY| +// +-----+ +// static inline bool AliasedWithTable(const byte *begin, const byte *end) { - size_t s0 = size_t(begin)%4096, s1 = size_t(end)%4096; - size_t t0 = size_t(Te)%4096, t1 = (size_t(Te)+sizeof(Te))%4096; + ptrdiff_t s0 = uintptr_t(begin)%4096, s1 = uintptr_t(end)%4096; + ptrdiff_t t0 = uintptr_t(Te)%4096, t1 = (uintptr_t(Te)+sizeof(Te))%4096; if (t1 > t0) return (s0 >= t0 && s0 < t1) || (s1 > t0 && s1 <= t1); else @@ -1230,6 +1250,21 @@ inline size_t AESNI_AdvancedProcessBlocks(F1 func1, F4 func4, MAYBE_CONST __m128 } #endif +#if (CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE)) && !defined(CRYPTOPP_DISABLE_RIJNDAEL_ASM) +struct Locals +{ + word32 subkeys[4*12], workspace[8]; + const byte *inBlocks, *inXorBlocks, *outXorBlocks; + byte *outBlocks; + size_t inIncrement, inXorIncrement, outXorIncrement, outIncrement; + size_t regSpill, lengthAndCounterFlag, keysBegin; +}; + +const size_t Rijndael::Enc::aliasPageSize = 4096; +const size_t Rijndael::Enc::aliasBlockSize = 256; +const size_t Rijndael::Enc::sizeToAllocate = aliasPageSize + aliasBlockSize + sizeof(Locals); +#endif + size_t Rijndael::Enc::AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const { #if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE @@ -1243,30 +1278,11 @@ size_t Rijndael::Enc::AdvancedProcessBlocks(const byte *inBlocks, const byte *xo if (length < BLOCKSIZE) return length; - struct Locals - { - word32 subkeys[4*12], workspace[8]; - const byte *inBlocks, *inXorBlocks, *outXorBlocks; - byte *outBlocks; - size_t inIncrement, inXorIncrement, outXorIncrement, outIncrement; - size_t regSpill, lengthAndCounterFlag, keysBegin; - }; + static const byte *zeros = (const byte*)(Te+aliasBlockSize); + byte *space = NULL, *originalSpace = const_cast(m_aliasBlock.data()); - const byte* zeros = (byte *)(Te+256); - byte *space = NULL, *originalSpace = NULL; - - const size_t aliasPageSize = 4096; - const size_t aliasBlockSize = 256; - const size_t sizeToAllocate = aliasPageSize + aliasBlockSize + sizeof(Locals); -#if (CRYPTOPP_MSC_VERSION >= 1400) - originalSpace = (byte *)_malloca(sizeToAllocate); -#else - originalSpace = (byte *)alloca(sizeToAllocate); -#endif - /* round up to nearest 256 byte boundary */ - space = originalSpace + - (aliasBlockSize - (size_t)originalSpace % aliasBlockSize) - % aliasBlockSize; + // round up to nearest 256 byte boundary + space = originalSpace + (aliasBlockSize - (uintptr_t)originalSpace % aliasBlockSize) % aliasBlockSize; while (AliasedWithTable(space, space + sizeof(Locals))) { space += 256; @@ -1301,10 +1317,6 @@ size_t Rijndael::Enc::AdvancedProcessBlocks(const byte *inBlocks, const byte *xo Rijndael_Enc_AdvancedProcessBlocks(&locals, m_key); -#if (CRYPTOPP_MSC_VERSION >= 1400) - _freea(originalSpace); -#endif - return length % BLOCKSIZE; } #endif diff --git a/rijndael.h b/rijndael.h index 50fdf1eb..a5c61994 100644 --- a/rijndael.h +++ b/rijndael.h @@ -56,7 +56,13 @@ class CRYPTOPP_DLL Rijndael : public Rijndael_Info, public BlockCipherDocumentat public: void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; #if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X86 + Enc() : m_aliasBlock(sizeToAllocate) {} size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const; + private: + static const size_t aliasPageSize; + static const size_t aliasBlockSize; + static const size_t sizeToAllocate; + SecByteBlock m_aliasBlock; #endif }; diff --git a/stdcpp.h b/stdcpp.h index a176a597..02e9cac3 100644 --- a/stdcpp.h +++ b/stdcpp.h @@ -44,7 +44,11 @@ namespace std { #include #include #include -#include "trap.h" + +// uintptr_t and ptrdiff_t +#if (__cplusplus < 201103L) +# include +#endif #ifdef CRYPTOPP_INCLUDE_VECTOR_CC // workaround needed on Sun Studio 12u1 Sun C++ 5.10 SunOS_i386 128229-02 2009/09/21