2019-05-10 09:26:02 +02:00
|
|
|
// Copyright (c) 2019 The Bitcoin Core developers
|
|
|
|
// Distributed under the MIT software license, see the accompanying
|
|
|
|
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
|
|
|
|
|
|
|
|
|
|
|
#include <bench/bench.h>
|
|
|
|
#include <crypto/chacha20.h>
|
|
|
|
|
|
|
|
/* Number of bytes to process per iteration */
|
|
|
|
static const uint64_t BUFFER_SIZE_TINY = 64;
|
|
|
|
static const uint64_t BUFFER_SIZE_SMALL = 256;
|
|
|
|
static const uint64_t BUFFER_SIZE_LARGE = 1024*1024;
|
|
|
|
|
2021-06-26 12:03:16 +02:00
|
|
|
static void CHACHA20(benchmark::Bench& bench, size_t buffersize)
|
2019-05-10 09:26:02 +02:00
|
|
|
{
|
|
|
|
std::vector<uint8_t> key(32,0);
|
Merge bitcoin/bitcoin#26153: Reduce wasted pseudorandom bytes in ChaCha20 + various improvements
511aa4f1c7508f15cab8d7e58007900ad6fd3d5d Add unit test for ChaCha20's new caching (Pieter Wuille)
fb243d25f754da8f01793b41e2d225b917f3e5d7 Improve test vectors for ChaCha20 (Pieter Wuille)
93aee8bbdad808b7009279b67470d496cc26b936 Inline ChaCha20 32-byte specific constants (Pieter Wuille)
62ec713961ade7b58e90c905395558a41e8a59f0 Only support 32-byte keys in ChaCha20{,Aligned} (Pieter Wuille)
f21994a02e1cc46d41995581b54222abc655be93 Use ChaCha20Aligned in MuHash3072 code (Pieter Wuille)
5d16f757639e2cc6e81db6e07bc1d5dd74abca6c Use ChaCha20 caching in FastRandomContext (Pieter Wuille)
38eaece67b1bc37b2f502348c5d7537480a34346 Add fuzz test for testing that ChaCha20 works as a stream (Pieter Wuille)
5f05b27841af0bed1b6e7de5f46ffe33e5919e4d Add xoroshiro128++ PRNG (Martin Leitner-Ankerl)
12ff72476ac0dbf8add736ad3fb5fad2eeab156c Make unrestricted ChaCha20 cipher not waste keystream bytes (Pieter Wuille)
6babf402130a8f3ef3058594750aeaa50b8f5044 Rename ChaCha20::Seek -> Seek64 to clarify multiple of 64 (Pieter Wuille)
e37bcaa0a6dbb334ab6e817efcb609ccee6edc39 Split ChaCha20 into aligned/unaligned variants (Pieter Wuille)
Pull request description:
This is an alternative to #25354 (by my benchmarking, somewhat faster), subsumes #25712, and adds additional test vectors.
It separates the multiple-of-64-bytes-only "core" logic (which becomes simpler) from a layer around which performs caching/slicing to support arbitrary byte amounts. Both have their uses (in particular, the MuHash3072 code can benefit from multiple-of-64-bytes assumptions), plus the separation results in more readable code. Also, since FastRandomContext effectively had its own (more naive) caching on top of ChaCha20, that can be dropped in favor of ChaCha20's new built-in caching.
I thought about rebasing #25712 on top of this, but the changes before are fairly extensive, so redid it instead.
ACKs for top commit:
ajtowns:
ut reACK 511aa4f1c7508f15cab8d7e58007900ad6fd3d5d
dhruv:
tACK crACK 511aa4f1c7
Tree-SHA512: 3aa80971322a93e780c75a8d35bd39da3a9ea570fbae4491eaf0c45242f5f670a24a592c50ad870d5fd09b9f88ec06e274e8aa3cefd9561d623c63f7198cf2c7
2023-02-15 15:51:38 +01:00
|
|
|
ChaCha20 ctx(key.data());
|
2019-05-10 09:26:02 +02:00
|
|
|
ctx.SetIV(0);
|
Merge bitcoin/bitcoin#26153: Reduce wasted pseudorandom bytes in ChaCha20 + various improvements
511aa4f1c7508f15cab8d7e58007900ad6fd3d5d Add unit test for ChaCha20's new caching (Pieter Wuille)
fb243d25f754da8f01793b41e2d225b917f3e5d7 Improve test vectors for ChaCha20 (Pieter Wuille)
93aee8bbdad808b7009279b67470d496cc26b936 Inline ChaCha20 32-byte specific constants (Pieter Wuille)
62ec713961ade7b58e90c905395558a41e8a59f0 Only support 32-byte keys in ChaCha20{,Aligned} (Pieter Wuille)
f21994a02e1cc46d41995581b54222abc655be93 Use ChaCha20Aligned in MuHash3072 code (Pieter Wuille)
5d16f757639e2cc6e81db6e07bc1d5dd74abca6c Use ChaCha20 caching in FastRandomContext (Pieter Wuille)
38eaece67b1bc37b2f502348c5d7537480a34346 Add fuzz test for testing that ChaCha20 works as a stream (Pieter Wuille)
5f05b27841af0bed1b6e7de5f46ffe33e5919e4d Add xoroshiro128++ PRNG (Martin Leitner-Ankerl)
12ff72476ac0dbf8add736ad3fb5fad2eeab156c Make unrestricted ChaCha20 cipher not waste keystream bytes (Pieter Wuille)
6babf402130a8f3ef3058594750aeaa50b8f5044 Rename ChaCha20::Seek -> Seek64 to clarify multiple of 64 (Pieter Wuille)
e37bcaa0a6dbb334ab6e817efcb609ccee6edc39 Split ChaCha20 into aligned/unaligned variants (Pieter Wuille)
Pull request description:
This is an alternative to #25354 (by my benchmarking, somewhat faster), subsumes #25712, and adds additional test vectors.
It separates the multiple-of-64-bytes-only "core" logic (which becomes simpler) from a layer around which performs caching/slicing to support arbitrary byte amounts. Both have their uses (in particular, the MuHash3072 code can benefit from multiple-of-64-bytes assumptions), plus the separation results in more readable code. Also, since FastRandomContext effectively had its own (more naive) caching on top of ChaCha20, that can be dropped in favor of ChaCha20's new built-in caching.
I thought about rebasing #25712 on top of this, but the changes before are fairly extensive, so redid it instead.
ACKs for top commit:
ajtowns:
ut reACK 511aa4f1c7508f15cab8d7e58007900ad6fd3d5d
dhruv:
tACK crACK 511aa4f1c7
Tree-SHA512: 3aa80971322a93e780c75a8d35bd39da3a9ea570fbae4491eaf0c45242f5f670a24a592c50ad870d5fd09b9f88ec06e274e8aa3cefd9561d623c63f7198cf2c7
2023-02-15 15:51:38 +01:00
|
|
|
ctx.Seek64(0);
|
2019-05-10 09:26:02 +02:00
|
|
|
std::vector<uint8_t> in(buffersize,0);
|
|
|
|
std::vector<uint8_t> out(buffersize,0);
|
2021-06-26 12:03:16 +02:00
|
|
|
bench.batch(in.size()).unit("byte").run([&] {
|
2019-05-10 09:26:02 +02:00
|
|
|
ctx.Crypt(in.data(), out.data(), in.size());
|
2021-06-26 12:03:16 +02:00
|
|
|
});
|
2019-05-10 09:26:02 +02:00
|
|
|
}
|
|
|
|
|
2021-06-26 12:03:16 +02:00
|
|
|
static void CHACHA20_64BYTES(benchmark::Bench& bench)
|
2019-05-10 09:26:02 +02:00
|
|
|
{
|
2021-06-26 12:03:16 +02:00
|
|
|
CHACHA20(bench, BUFFER_SIZE_TINY);
|
2019-05-10 09:26:02 +02:00
|
|
|
}
|
|
|
|
|
2021-06-26 12:03:16 +02:00
|
|
|
static void CHACHA20_256BYTES(benchmark::Bench& bench)
|
2019-05-10 09:26:02 +02:00
|
|
|
{
|
2021-06-26 12:03:16 +02:00
|
|
|
CHACHA20(bench, BUFFER_SIZE_SMALL);
|
2019-05-10 09:26:02 +02:00
|
|
|
}
|
|
|
|
|
2021-06-26 12:03:16 +02:00
|
|
|
static void CHACHA20_1MB(benchmark::Bench& bench)
|
2019-05-10 09:26:02 +02:00
|
|
|
{
|
2021-06-26 12:03:16 +02:00
|
|
|
CHACHA20(bench, BUFFER_SIZE_LARGE);
|
2019-05-10 09:26:02 +02:00
|
|
|
}
|
|
|
|
|
2021-06-26 12:03:16 +02:00
|
|
|
BENCHMARK(CHACHA20_64BYTES);
|
|
|
|
BENCHMARK(CHACHA20_256BYTES);
|
|
|
|
BENCHMARK(CHACHA20_1MB);
|