[Git][NTPsec/ntpsec][master] 2 commits: Fix attic/digest-timing.c to build on OpenSSL without CMAC

Hal Murray gitlab at mg.gitlab.com
Sun Mar 4 09:06:32 UTC 2018 

Hal Murray pushed to branch master at NTPsec / ntpsec


Commits:
1ff2d210 by Hal Murray at 2018-03-04T09:01:03Z
Fix attic/digest-timing.c to build on OpenSSL without CMAC

- - - - -
aa8711e5 by Hal Murray at 2018-03-04T09:01:03Z
Add HMAC timings to attic/digest-timing

- - - - -


1 changed file:

- attic/digest-timing.c


Changes:

=====================================
attic/digest-timing.c
=====================================
--- a/attic/digest-timing.c
+++ b/attic/digest-timing.c
@@ -12,13 +12,23 @@
  * Check /proc/cpuinfo flags for "aes" to see if you have it.
  */
 
+/* This may not be high enough.
+ * 0x10000003  1.0.0b fails
+ * 0x1000105fL 1.0.1e works.
+ */
+#define CMAC_VERSION_CUTOFF 0x10000003
+
 #include <stdint.h>
 #include <stdlib.h>
 #include <stdio.h>
 #include <time.h>
 
+#include <openssl/opensslv.h>
 #include <openssl/err.h>
+#if OPENSSL_VERSION_NUMBER > CMAC_VERSION_CUTOFF
 #include <openssl/cmac.h>
+#include <openssl/hmac.h>
+#endif
 #include <openssl/evp.h>
 #include <openssl/md5.h>
 #include <openssl/rand.h>
@@ -50,14 +60,20 @@ int NUM = 1000000;
 #define MAX_KEY_LENGTH 64
 
 EVP_MD_CTX *ctx;
+#if OPENSSL_VERSION_NUMBER > CMAC_VERSION_CUTOFF
 CMAC_CTX *cmac;
+HMAC_CTX *hmac;
+#endif
 
 static void ssl_init(void)
 {
   ERR_load_crypto_strings();
   OpenSSL_add_all_digests();
   ctx = EVP_MD_CTX_new();
+#if OPENSSL_VERSION_NUMBER > CMAC_VERSION_CUTOFF
   cmac = CMAC_CTX_new();
+  hmac = HMAC_CTX_new();
+#endif
 }
 
 static unsigned int SSL_Digest(
@@ -96,6 +112,7 @@ static unsigned int SSL_DigestSlow(
   return len;
 }
 
+#if OPENSSL_VERSION_NUMBER > CMAC_VERSION_CUTOFF
 static size_t SSL_CMAC(
   const EVP_CIPHER *cipher, /* cipher algorithm */
   uint8_t *key,             /* key pointer */
@@ -105,13 +122,28 @@ static size_t SSL_CMAC(
 ) {
   unsigned char answer[EVP_MAX_MD_SIZE];
   size_t len;
-  CMAC_resume(cmac);
   CMAC_Init(cmac, key, keylength, cipher, NULL);
   CMAC_Update(cmac, pkt, pktlength);
   CMAC_Final(cmac, answer, &len);
   return len;
 }
 
+static size_t SSL_HMAC(
+  const EVP_MD *digest,     /* digest algorithm */
+  uint8_t *key,             /* key pointer */
+  int     keylength,        /* key size */
+  uint8_t *pkt,             /* packet pointer */
+  int     pktlength         /* packet length */
+) {
+  unsigned char answer[EVP_MAX_MD_SIZE];
+  unsigned int len;
+  HMAC_Init_ex(hmac, key, keylength, digest, NULL);
+  HMAC_Update(hmac, pkt, pktlength);
+  HMAC_Final(hmac, answer, &len);
+  return len;
+}
+#endif
+
 static void DoDigest(
   const char *name,       /* type of digest */
   uint8_t *key,           /* key pointer */
@@ -151,6 +183,7 @@ static void DoDigest(
   printf("\n");
 }
 
+#if OPENSSL_VERSION_NUMBER > CMAC_VERSION_CUTOFF
 static void DoCMAC(
   const char *name,       /* name of cipher */
   const EVP_CIPHER *cipher,
@@ -173,12 +206,37 @@ static void DoCMAC(
   }
   clock_gettime(CLOCK_MONOTONIC, &stop);
   fast = (stop.tv_sec-start.tv_sec)*1E9 + (stop.tv_nsec-start.tv_nsec);
-  printf("%10s  %2d %2d %2lu %6.0f  %6.3f",
+  printf("%10s  %2d %2d %2lu %6.0f  %6.3f\n",
     name, keylength, pktlength, digestlength, fast/NUM,  fast/1E9);
-
-  printf("\n");
 }
 
+static void DoHMAC(
+  const char *name,       /* name of cipher */
+  uint8_t *key,           /* key pointer */
+  int     keylength,      /* key length */
+  uint8_t *pkt,           /* packet pointer */
+  int     pktlength       /* packet length */
+)
+{
+  int type = OBJ_sn2nid(name);
+  const EVP_MD *digest = EVP_get_digestbynid(type);
+  struct timespec start, stop;
+  int i;
+  double fast;
+  unsigned long digestlength = 0;
+
+  if (NULL == digest) return;
+
+  clock_gettime(CLOCK_MONOTONIC, &start);
+  for (i = 0; i < NUM; i++) {
+    digestlength = SSL_HMAC(digest, key, keylength, pkt, pktlength);
+  }
+  clock_gettime(CLOCK_MONOTONIC, &stop);
+  fast = (stop.tv_sec-start.tv_sec)*1E9 + (stop.tv_nsec-start.tv_nsec);
+  printf("%10s  %2d %2d %2lu %6.0f  %6.3f\n",
+    name, keylength, pktlength, digestlength, fast/NUM,  fast/1E9);
+}
+#endif
 
 
 int main(int argc, char *argv[])
@@ -217,6 +275,7 @@ int main(int argc, char *argv[])
   DoDigest("RIPEMD160", key, 20, packet, PACKET_LENGTH);
   DoDigest("RIPEMD160", key, 32, packet, PACKET_LENGTH);
 
+#if OPENSSL_VERSION_NUMBER > CMAC_VERSION_CUTOFF
   printf("\n");
   printf("# KL=key length, PL=packet length, CL=CMAC length\n");
   printf("# CMAC      KL PL CL  ns/op sec/run\n");
@@ -229,6 +288,18 @@ int main(int argc, char *argv[])
   DoCMAC("CAM-192", EVP_camellia_192_cbc(), key, 24, packet, PACKET_LENGTH);
   DoCMAC("CAM-256", EVP_camellia_256_cbc(), key, 32, packet, PACKET_LENGTH);
 
+  printf("\n");
+  printf("# KL=key length, PL=packet length, CL=HMAC length\n");
+  printf("# HMAC      KL PL CL  ns/op sec/run\n");
+
+  DoHMAC("MD5",    key,  8, packet, PACKET_LENGTH);
+  DoHMAC("SHA1",   key, 16, packet, PACKET_LENGTH);
+  DoHMAC("SHA256", key, 16, packet, PACKET_LENGTH);
+  DoHMAC("SHA256", key, 20, packet, PACKET_LENGTH);
+  DoHMAC("SHA512", key, 16, packet, PACKET_LENGTH);
+  DoHMAC("SHA512", key, 32, packet, PACKET_LENGTH);
+#endif
+
   return 0;
   
 }



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/e568c71fcdfb040f21e1c4f747b2b4938fa33402...aa8711e5ce022efe4712ac41524a2a4bf3a595ad

---
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/e568c71fcdfb040f21e1c4f747b2b4938fa33402...aa8711e5ce022efe4712ac41524a2a4bf3a595ad
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20180304/7aba43ff/attachment.html>

More information about the vc mailing list