From c512a0a4eeb3d1511011affe423e4880431a497b Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Fri, 2 Feb 2024 10:15:46 +0100 Subject: [PATCH 1/6] add ECDSA to bench/speed --- bench/dune | 2 +- bench/speed.ml | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 69 insertions(+), 1 deletion(-) diff --git a/bench/dune b/bench/dune index f29164b4..63558d89 100644 --- a/bench/dune +++ b/bench/dune @@ -2,4 +2,4 @@ (names speed) (modules speed) (libraries mirage-crypto mirage-crypto-rng mirage-crypto-rng.unix - mirage-crypto-pk)) + mirage-crypto-pk mirage-crypto-ec)) diff --git a/bench/speed.ml b/bench/speed.ml index c574fcae..3b194856 100644 --- a/bench/speed.ml +++ b/bench/speed.ml @@ -179,6 +179,38 @@ let dh_secrets = "60057457975706301816395663645420233759377744187465730049174048360108513636349450241008234412972340882517684187851" ; ]) +let ecdsa_p224 = + Result.get_ok + (Mirage_crypto_ec.P224.Dsa.priv_of_cstruct + (Cstruct.of_hex "f254645834cfff245599be937a00535f6a2c8b00dc34bdf50df68903")) + +let ecdsa_p224_sig () = + Mirage_crypto_ec.P224.Dsa.sign ~key:ecdsa_p224 (Cstruct.sub msg 0 28) + +let ecdsa_p256 = + Result.get_ok + (Mirage_crypto_ec.P256.Dsa.priv_of_cstruct + (Cstruct.of_hex "089f4ffcccf9ba13fedd0942ef08cf2d909f32e2934ab5c93b6c99be5a9ff527")) + +let ecdsa_p256_sig () = + Mirage_crypto_ec.P256.Dsa.sign ~key:ecdsa_p256 (Cstruct.sub msg 0 32) + +let ecdsa_p384 = + Result.get_ok + (Mirage_crypto_ec.P384.Dsa.priv_of_cstruct + (Cstruct.of_hex "f5c0c9fb95178641af76f3831f41e2d37cfaafffc7e60172cfb089fe604b56a61c7c31a6904b3b5d08207a4b81e25ea5")) + +let ecdsa_p384_sig () = + Mirage_crypto_ec.P384.Dsa.sign ~key:ecdsa_p384 (Cstruct.sub msg 0 48) + +let ecdsa_p521 = + Result.get_ok + (Mirage_crypto_ec.P521.Dsa.priv_of_cstruct + (Cstruct.of_hex "00b18f60c0352ad8e3ef982f1ddfcf6eec7fa6caf0e6f368354a8b02b2d8ac1e059e309891e2bfa85791a5e71b40bdecbf902bf243dc3b0080495cf4d91c78728bd5")) + +let ecdsa_p521_sig () = + Mirage_crypto_ec.P521.Dsa.sign ~key:ecdsa_p521 (Cstruct.sub msg 0 65) + let bm name f = (name, fun () -> f name) let benchmarks = [ @@ -245,6 +277,41 @@ let benchmarks = [ (fun (k, _) -> string_of_int (Z.numbits k.p)) [dsa_1024,dsa_sig_1024 () ; dsa_2048,dsa_sig_2048 () ; dsa_3072,dsa_sig_3072 ()]); + bm "ecdsa-sign" (fun name -> + count name (function + | `P224 key -> Mirage_crypto_ec.P224.Dsa.sign ~key (Cstruct.sub msg 0 28) + | `P256 key -> Mirage_crypto_ec.P256.Dsa.sign ~key (Cstruct.sub msg 0 32) + | `P384 key -> Mirage_crypto_ec.P384.Dsa.sign ~key (Cstruct.sub msg 0 48) + | `P521 key -> Mirage_crypto_ec.P521.Dsa.sign ~key (Cstruct.sub msg 0 65) + ) + (function + | `P224 _ -> "P224" + | `P256 _ -> "P256" + | `P384 _ -> "P384" + | `P521 _ -> "P521" + ) + [`P224 ecdsa_p224; `P256 ecdsa_p256; `P384 ecdsa_p384; `P521 ecdsa_p521 ]); + + bm "ecdsa-verify" (fun name -> + count name (function + | `P224 (key, signature) -> Mirage_crypto_ec.P224.Dsa.(verify ~key:(pub_of_priv key) signature (Cstruct.sub msg 0 28)) + | `P256 (key, signature) -> Mirage_crypto_ec.P256.Dsa.(verify ~key:(pub_of_priv key) signature (Cstruct.sub msg 0 32)) + | `P384 (key, signature) -> Mirage_crypto_ec.P384.Dsa.(verify ~key:(pub_of_priv key) signature (Cstruct.sub msg 0 48)) + | `P521 (key, signature) -> Mirage_crypto_ec.P521.Dsa.(verify ~key:(pub_of_priv key) signature (Cstruct.sub msg 0 65)) + ) + (function + | `P224 _ -> "P224" + | `P256 _ -> "P256" + | `P384 _ -> "P384" + | `P521 _ -> "P521" + ) + [ + `P224 (ecdsa_p224, ecdsa_p224_sig ()); + `P256 (ecdsa_p256, ecdsa_p256_sig ()); + `P384 (ecdsa_p384, ecdsa_p384_sig ()); + `P521 (ecdsa_p521, ecdsa_p521_sig ()); + ]); + bm "dh-secret" (fun name -> count name (fun (_, group) -> Mirage_crypto_pk.Dh.gen_key group) fst dh_groups); @@ -333,6 +400,7 @@ let runv fs = let () = + Printexc.record_backtrace true; let seed = Cstruct.of_string "abcd" in let g = Mirage_crypto_rng.(create ~seed (module Fortuna)) in Mirage_crypto_rng.set_default_generator g; From e38e772316eeb1338456f16faab2c54505ca55fa Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Tue, 6 Feb 2024 17:22:46 +0100 Subject: [PATCH 2/6] ecdsa-generate --- bench/speed.ml | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/bench/speed.ml b/bench/speed.ml index 3b194856..01416200 100644 --- a/bench/speed.ml +++ b/bench/speed.ml @@ -277,6 +277,20 @@ let benchmarks = [ (fun (k, _) -> string_of_int (Z.numbits k.p)) [dsa_1024,dsa_sig_1024 () ; dsa_2048,dsa_sig_2048 () ; dsa_3072,dsa_sig_3072 ()]); + bm "ecdsa-generate" (fun name -> + count name + (function + | `P224 -> Mirage_crypto_ec.P224.Dsa.generate () |> ignore + | `P256 -> Mirage_crypto_ec.P256.Dsa.generate () |> ignore + | `P384 -> Mirage_crypto_ec.P384.Dsa.generate () |> ignore + | `P521 -> Mirage_crypto_ec.P521.Dsa.generate () |> ignore + ) + (function + | `P224 -> "P224" | `P256 -> "P256" | `P384 -> "P384" | `P521 -> "P521" + ) + + [`P224;`P256;`P384;`P521]); + bm "ecdsa-sign" (fun name -> count name (function | `P224 key -> Mirage_crypto_ec.P224.Dsa.sign ~key (Cstruct.sub msg 0 28) @@ -285,10 +299,7 @@ let benchmarks = [ | `P521 key -> Mirage_crypto_ec.P521.Dsa.sign ~key (Cstruct.sub msg 0 65) ) (function - | `P224 _ -> "P224" - | `P256 _ -> "P256" - | `P384 _ -> "P384" - | `P521 _ -> "P521" + | `P224 _ -> "P224" | `P256 _ -> "P256" | `P384 _ -> "P384" | `P521 _ -> "P521" ) [`P224 ecdsa_p224; `P256 ecdsa_p256; `P384 ecdsa_p384; `P521 ecdsa_p521 ]); @@ -300,10 +311,7 @@ let benchmarks = [ | `P521 (key, signature) -> Mirage_crypto_ec.P521.Dsa.(verify ~key:(pub_of_priv key) signature (Cstruct.sub msg 0 65)) ) (function - | `P224 _ -> "P224" - | `P256 _ -> "P256" - | `P384 _ -> "P384" - | `P521 _ -> "P521" + | `P224 _ -> "P224" | `P256 _ -> "P256" | `P384 _ -> "P384" | `P521 _ -> "P521" ) [ `P224 (ecdsa_p224, ecdsa_p224_sig ()); From 7006175eead775baa14cbc046c3c5b3334715758 Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Tue, 6 Feb 2024 18:11:18 +0100 Subject: [PATCH 3/6] remaining ec bench --- bench/speed.ml | 89 ++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 71 insertions(+), 18 deletions(-) diff --git a/bench/speed.ml b/bench/speed.ml index 01416200..af35b46e 100644 --- a/bench/speed.ml +++ b/bench/speed.ml @@ -211,6 +211,27 @@ let ecdsa_p521 = let ecdsa_p521_sig () = Mirage_crypto_ec.P521.Dsa.sign ~key:ecdsa_p521 (Cstruct.sub msg 0 65) +let ed25519 = + Result.get_ok (Mirage_crypto_ec.Ed25519.priv_of_cstruct + (Cstruct.of_hex "3e0ab682171275c569fce9ca8bccd2d2771454a2300c3529f7a4d80b843883bc")) + +let ed25519_sig () = + Mirage_crypto_ec.Ed25519.sign ~key:ed25519 msg + +let ecdh_shares = + [ + `P224 (Mirage_crypto_ec.P224.Dh.secret_of_cs (Cstruct.of_hex "60a814ec54d0c2d28c03ff01df32267d40432311df41aacb2fa5fdf7") |> Result.get_ok |> fst, + Cstruct.of_hex "042d8d91c909fdab2f7f0c33466dd74697e5166d378982e9ecf5492cb32d69d7eb96dc57d775b70d56237f8ec49e5752c87542dc41dc5049d2"); + `P256 (Mirage_crypto_ec.P256.Dh.secret_of_cs (Cstruct.of_hex "470d57706c7706b68a3f423aeaf4ff7fdd02494a10d3e381c3c11f7276802cdc") |> Result.get_ok |> fst, + Cstruct.of_hex "0411b3fc82721c269a19909a3b2fc26d9895826d0cfcbc1f7626e488f01f4ca6b5c5ed76adee7af81bb20b17cf231cbf0c67db0295d68d1d92c2d2a5a80638d78d"); + `P384 (Mirage_crypto_ec.P384.Dh.secret_of_cs (Cstruct.of_hex "ee55e29b61752d5a3e525656db8bd8fe6f94fab8aacc9e92acff4c4812bf7a6187aba46cc60ab8f08efcf2d574584b74") |> Result.get_ok |> fst, + Cstruct.of_hex "040489cf24bc80bf89fdfe9c05ecc39f6916ad4509d9398597950d3d24e828f6bf56ba4ad6d21ed7863bed68e413364bd4c7b1e9047d36124c6953be7c61209cb3fc56452f7305293783c7c0ed929d6c98c7bc97f60a72ed2269a8eb19bb7ee131"); + `P521 (Mirage_crypto_ec.P521.Dh.secret_of_cs (Cstruct.of_hex "00aa470ba1cc843ba314821e72de4cd299aec1f26e9d64a0d87db18a3da9f65c45ecfcc5617ff0d73b2e0e1cdff8048e01be5e20149412e7dbfab7feae249b1bfa4d") |> Result.get_ok |> fst, + Cstruct.of_hex "04001d1629eeb1c425f904d755330079d13c77da921e01cf50d717e0d6850a81a3902bb92a03faeacbd6289c1590685a6044b5e94dcfc41deb6a88db62a891b0b893bb00e42a66b2f013bdd0d27d8e07cb35fc3e2c2b22f93ecfd5eab7886197ca073c2c5e6831d65e2d0b8aa408438e49542f05f41c576df70e3caf5bb8227d483094ae58"); + `X25519 (Mirage_crypto_ec.X25519.secret_of_cs (Cstruct.of_hex "4c6db7cf935bcf84026178d40c956af09d8e363203490d2c41625acb68b931a4") |> Result.get_ok |> fst, + Cstruct.of_hex "ca19193cf5c0b38c61aa01c172b2e93d16f750d0846277ad322de5e4fb332429"); + ] + let bm name f = (name, fun () -> f name) let benchmarks = [ @@ -278,46 +299,52 @@ let benchmarks = [ [dsa_1024,dsa_sig_1024 () ; dsa_2048,dsa_sig_2048 () ; dsa_3072,dsa_sig_3072 ()]); bm "ecdsa-generate" (fun name -> + let open Mirage_crypto_ec in count name (function - | `P224 -> Mirage_crypto_ec.P224.Dsa.generate () |> ignore - | `P256 -> Mirage_crypto_ec.P256.Dsa.generate () |> ignore - | `P384 -> Mirage_crypto_ec.P384.Dsa.generate () |> ignore - | `P521 -> Mirage_crypto_ec.P521.Dsa.generate () |> ignore + | `P224 -> P224.Dsa.generate () |> ignore + | `P256 -> P256.Dsa.generate () |> ignore + | `P384 -> P384.Dsa.generate () |> ignore + | `P521 -> P521.Dsa.generate () |> ignore + | `Ed25519 -> Ed25519.generate () |> ignore ) (function - | `P224 -> "P224" | `P256 -> "P256" | `P384 -> "P384" | `P521 -> "P521" + | `P224 -> "P224" | `P256 -> "P256" | `P384 -> "P384" | `P521 -> "P521" | `Ed25519 -> "Ed25519" ) - - [`P224;`P256;`P384;`P521]); + [`P224; `P256; `P384; `P521; `Ed25519]); bm "ecdsa-sign" (fun name -> + let open Mirage_crypto_ec in count name (function - | `P224 key -> Mirage_crypto_ec.P224.Dsa.sign ~key (Cstruct.sub msg 0 28) - | `P256 key -> Mirage_crypto_ec.P256.Dsa.sign ~key (Cstruct.sub msg 0 32) - | `P384 key -> Mirage_crypto_ec.P384.Dsa.sign ~key (Cstruct.sub msg 0 48) - | `P521 key -> Mirage_crypto_ec.P521.Dsa.sign ~key (Cstruct.sub msg 0 65) + | `P224 key -> P224.Dsa.sign ~key (Cstruct.sub msg 0 28) + | `P256 key -> P256.Dsa.sign ~key (Cstruct.sub msg 0 32) + | `P384 key -> P384.Dsa.sign ~key (Cstruct.sub msg 0 48) + | `P521 key -> P521.Dsa.sign ~key (Cstruct.sub msg 0 65) + | `Ed25519 key -> Ed25519.sign ~key msg, Cstruct.empty ) (function - | `P224 _ -> "P224" | `P256 _ -> "P256" | `P384 _ -> "P384" | `P521 _ -> "P521" + | `P224 _ -> "P224" | `P256 _ -> "P256" | `P384 _ -> "P384" | `P521 _ -> "P521" | `Ed25519 _ -> "Ed25519" ) - [`P224 ecdsa_p224; `P256 ecdsa_p256; `P384 ecdsa_p384; `P521 ecdsa_p521 ]); + [`P224 ecdsa_p224; `P256 ecdsa_p256; `P384 ecdsa_p384; `P521 ecdsa_p521; `Ed25519 ed25519 ]); bm "ecdsa-verify" (fun name -> + let open Mirage_crypto_ec in count name (function - | `P224 (key, signature) -> Mirage_crypto_ec.P224.Dsa.(verify ~key:(pub_of_priv key) signature (Cstruct.sub msg 0 28)) - | `P256 (key, signature) -> Mirage_crypto_ec.P256.Dsa.(verify ~key:(pub_of_priv key) signature (Cstruct.sub msg 0 32)) - | `P384 (key, signature) -> Mirage_crypto_ec.P384.Dsa.(verify ~key:(pub_of_priv key) signature (Cstruct.sub msg 0 48)) - | `P521 (key, signature) -> Mirage_crypto_ec.P521.Dsa.(verify ~key:(pub_of_priv key) signature (Cstruct.sub msg 0 65)) + | `P224 (key, signature) -> P224.Dsa.(verify ~key:(pub_of_priv key) signature (Cstruct.sub msg 0 28)) + | `P256 (key, signature) -> P256.Dsa.(verify ~key:(pub_of_priv key) signature (Cstruct.sub msg 0 32)) + | `P384 (key, signature) -> P384.Dsa.(verify ~key:(pub_of_priv key) signature (Cstruct.sub msg 0 48)) + | `P521 (key, signature) -> P521.Dsa.(verify ~key:(pub_of_priv key) signature (Cstruct.sub msg 0 65)) + | `Ed25519 (key, signature) -> Ed25519.(verify ~key:(pub_of_priv key) signature ~msg) ) (function - | `P224 _ -> "P224" | `P256 _ -> "P256" | `P384 _ -> "P384" | `P521 _ -> "P521" + | `P224 _ -> "P224" | `P256 _ -> "P256" | `P384 _ -> "P384" | `P521 _ -> "P521" | `Ed25519 _ -> "Ed25519" ) [ `P224 (ecdsa_p224, ecdsa_p224_sig ()); `P256 (ecdsa_p256, ecdsa_p256_sig ()); `P384 (ecdsa_p384, ecdsa_p384_sig ()); `P521 (ecdsa_p521, ecdsa_p521_sig ()); + `Ed25519 (ed25519, ed25519_sig ()); ]); bm "dh-secret" (fun name -> @@ -329,6 +356,32 @@ let benchmarks = [ Mirage_crypto_pk.Dh.shared sec share) (fun ((g, _), _) -> g) dh_secrets); + bm "ecdh-secret" (fun name -> + let open Mirage_crypto_ec in + count name (function + | `P224 -> P224.Dh.gen_key () |> ignore + | `P256 -> P256.Dh.gen_key () |> ignore + | `P384 -> P384.Dh.gen_key () |> ignore + | `P521 -> P521.Dh.gen_key () |> ignore + | `X25519 -> X25519.gen_key () |> ignore) + (function + | `P224 -> "P224" | `P256 -> "P256" | `P384 -> "P384" | `P521 -> "P521" | `X25519 -> "X25519" + ) + [`P224; `P256; `P384; `P521; `X25519]); + + bm "ecdh-share" (fun name -> + let open Mirage_crypto_ec in + count name (function + | `P224 (sec, share) -> P224.Dh.key_exchange sec share |> Result.get_ok |> ignore + | `P256 (sec, share) -> P256.Dh.key_exchange sec share |> Result.get_ok |> ignore + | `P384 (sec, share) -> P384.Dh.key_exchange sec share |> Result.get_ok |> ignore + | `P521 (sec, share) -> P521.Dh.key_exchange sec share |> Result.get_ok |> ignore + | `X25519 (sec, share) -> X25519.key_exchange sec share |> Result.get_ok |> ignore) + (function + | `P224 _ -> "P224" | `P256 _ -> "P256" | `P384 _ -> "P384" | `P521 _ -> "P521" | `X25519 _ -> "X25519" + ) + ecdh_shares); + bm "chacha20-poly1305" (fun name -> let key = Mirage_crypto.Chacha20.of_secret (Mirage_crypto_rng.generate 32) and nonce = Mirage_crypto_rng.generate 8 in From 8bcfc9145ad76a486980ba40f9693fbf184319d9 Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Tue, 6 Feb 2024 18:12:18 +0100 Subject: [PATCH 4/6] minimize diff --- bench/speed.ml | 1 - 1 file changed, 1 deletion(-) diff --git a/bench/speed.ml b/bench/speed.ml index af35b46e..c0196efb 100644 --- a/bench/speed.ml +++ b/bench/speed.ml @@ -461,7 +461,6 @@ let runv fs = let () = - Printexc.record_backtrace true; let seed = Cstruct.of_string "abcd" in let g = Mirage_crypto_rng.(create ~seed (module Fortuna)) in Mirage_crypto_rng.set_default_generator g; From 62ee83819bdda03e9b8a8361685682d0fdd1defa Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Tue, 6 Feb 2024 18:24:37 +0100 Subject: [PATCH 5/6] DRY --- bench/speed.ml | 100 +++++++++++++++++++++---------------------------- 1 file changed, 43 insertions(+), 57 deletions(-) diff --git a/bench/speed.ml b/bench/speed.ml index c0196efb..21d24348 100644 --- a/bench/speed.ml +++ b/bench/speed.ml @@ -218,18 +218,26 @@ let ed25519 = let ed25519_sig () = Mirage_crypto_ec.Ed25519.sign ~key:ed25519 msg +let ecdsas = [ + ("P224", `P224 (ecdsa_p224, ecdsa_p224_sig ())); + ("P256", `P256 (ecdsa_p256, ecdsa_p256_sig ())); + ("P384", `P384 (ecdsa_p384, ecdsa_p384_sig ())); + ("P521", `P521 (ecdsa_p521, ecdsa_p521_sig ())); + ("Ed25519", `Ed25519 (ed25519, ed25519_sig ())); +] + let ecdh_shares = [ - `P224 (Mirage_crypto_ec.P224.Dh.secret_of_cs (Cstruct.of_hex "60a814ec54d0c2d28c03ff01df32267d40432311df41aacb2fa5fdf7") |> Result.get_ok |> fst, - Cstruct.of_hex "042d8d91c909fdab2f7f0c33466dd74697e5166d378982e9ecf5492cb32d69d7eb96dc57d775b70d56237f8ec49e5752c87542dc41dc5049d2"); - `P256 (Mirage_crypto_ec.P256.Dh.secret_of_cs (Cstruct.of_hex "470d57706c7706b68a3f423aeaf4ff7fdd02494a10d3e381c3c11f7276802cdc") |> Result.get_ok |> fst, - Cstruct.of_hex "0411b3fc82721c269a19909a3b2fc26d9895826d0cfcbc1f7626e488f01f4ca6b5c5ed76adee7af81bb20b17cf231cbf0c67db0295d68d1d92c2d2a5a80638d78d"); - `P384 (Mirage_crypto_ec.P384.Dh.secret_of_cs (Cstruct.of_hex "ee55e29b61752d5a3e525656db8bd8fe6f94fab8aacc9e92acff4c4812bf7a6187aba46cc60ab8f08efcf2d574584b74") |> Result.get_ok |> fst, - Cstruct.of_hex "040489cf24bc80bf89fdfe9c05ecc39f6916ad4509d9398597950d3d24e828f6bf56ba4ad6d21ed7863bed68e413364bd4c7b1e9047d36124c6953be7c61209cb3fc56452f7305293783c7c0ed929d6c98c7bc97f60a72ed2269a8eb19bb7ee131"); - `P521 (Mirage_crypto_ec.P521.Dh.secret_of_cs (Cstruct.of_hex "00aa470ba1cc843ba314821e72de4cd299aec1f26e9d64a0d87db18a3da9f65c45ecfcc5617ff0d73b2e0e1cdff8048e01be5e20149412e7dbfab7feae249b1bfa4d") |> Result.get_ok |> fst, - Cstruct.of_hex "04001d1629eeb1c425f904d755330079d13c77da921e01cf50d717e0d6850a81a3902bb92a03faeacbd6289c1590685a6044b5e94dcfc41deb6a88db62a891b0b893bb00e42a66b2f013bdd0d27d8e07cb35fc3e2c2b22f93ecfd5eab7886197ca073c2c5e6831d65e2d0b8aa408438e49542f05f41c576df70e3caf5bb8227d483094ae58"); - `X25519 (Mirage_crypto_ec.X25519.secret_of_cs (Cstruct.of_hex "4c6db7cf935bcf84026178d40c956af09d8e363203490d2c41625acb68b931a4") |> Result.get_ok |> fst, - Cstruct.of_hex "ca19193cf5c0b38c61aa01c172b2e93d16f750d0846277ad322de5e4fb332429"); + ("P224", `P224 (Mirage_crypto_ec.P224.Dh.secret_of_cs (Cstruct.of_hex "60a814ec54d0c2d28c03ff01df32267d40432311df41aacb2fa5fdf7") |> Result.get_ok |> fst, + Cstruct.of_hex "042d8d91c909fdab2f7f0c33466dd74697e5166d378982e9ecf5492cb32d69d7eb96dc57d775b70d56237f8ec49e5752c87542dc41dc5049d2")); + ("P256", `P256 (Mirage_crypto_ec.P256.Dh.secret_of_cs (Cstruct.of_hex "470d57706c7706b68a3f423aeaf4ff7fdd02494a10d3e381c3c11f7276802cdc") |> Result.get_ok |> fst, + Cstruct.of_hex "0411b3fc82721c269a19909a3b2fc26d9895826d0cfcbc1f7626e488f01f4ca6b5c5ed76adee7af81bb20b17cf231cbf0c67db0295d68d1d92c2d2a5a80638d78d")); + ("P384", `P384 (Mirage_crypto_ec.P384.Dh.secret_of_cs (Cstruct.of_hex "ee55e29b61752d5a3e525656db8bd8fe6f94fab8aacc9e92acff4c4812bf7a6187aba46cc60ab8f08efcf2d574584b74") |> Result.get_ok |> fst, + Cstruct.of_hex "040489cf24bc80bf89fdfe9c05ecc39f6916ad4509d9398597950d3d24e828f6bf56ba4ad6d21ed7863bed68e413364bd4c7b1e9047d36124c6953be7c61209cb3fc56452f7305293783c7c0ed929d6c98c7bc97f60a72ed2269a8eb19bb7ee131")); + ("P521", `P521 (Mirage_crypto_ec.P521.Dh.secret_of_cs (Cstruct.of_hex "00aa470ba1cc843ba314821e72de4cd299aec1f26e9d64a0d87db18a3da9f65c45ecfcc5617ff0d73b2e0e1cdff8048e01be5e20149412e7dbfab7feae249b1bfa4d") |> Result.get_ok |> fst, + Cstruct.of_hex "04001d1629eeb1c425f904d755330079d13c77da921e01cf50d717e0d6850a81a3902bb92a03faeacbd6289c1590685a6044b5e94dcfc41deb6a88db62a891b0b893bb00e42a66b2f013bdd0d27d8e07cb35fc3e2c2b22f93ecfd5eab7886197ca073c2c5e6831d65e2d0b8aa408438e49542f05f41c576df70e3caf5bb8227d483094ae58")); + ("X25519", `X25519 (Mirage_crypto_ec.X25519.secret_of_cs (Cstruct.of_hex "4c6db7cf935bcf84026178d40c956af09d8e363203490d2c41625acb68b931a4") |> Result.get_ok |> fst, + Cstruct.of_hex "ca19193cf5c0b38c61aa01c172b2e93d16f750d0846277ad322de5e4fb332429")); ] let bm name f = (name, fun () -> f name) @@ -301,51 +309,35 @@ let benchmarks = [ bm "ecdsa-generate" (fun name -> let open Mirage_crypto_ec in count name - (function - | `P224 -> P224.Dsa.generate () |> ignore - | `P256 -> P256.Dsa.generate () |> ignore - | `P384 -> P384.Dsa.generate () |> ignore - | `P521 -> P521.Dsa.generate () |> ignore - | `Ed25519 -> Ed25519.generate () |> ignore + (fun (_, x) -> match x with + | `P224 _ -> P224.Dsa.generate () |> ignore + | `P256 _ -> P256.Dsa.generate () |> ignore + | `P384 _ -> P384.Dsa.generate () |> ignore + | `P521 _ -> P521.Dsa.generate () |> ignore + | `Ed25519 _ -> Ed25519.generate () |> ignore ) - (function - | `P224 -> "P224" | `P256 -> "P256" | `P384 -> "P384" | `P521 -> "P521" | `Ed25519 -> "Ed25519" - ) - [`P224; `P256; `P384; `P521; `Ed25519]); + fst ecdsas); bm "ecdsa-sign" (fun name -> let open Mirage_crypto_ec in - count name (function - | `P224 key -> P224.Dsa.sign ~key (Cstruct.sub msg 0 28) - | `P256 key -> P256.Dsa.sign ~key (Cstruct.sub msg 0 32) - | `P384 key -> P384.Dsa.sign ~key (Cstruct.sub msg 0 48) - | `P521 key -> P521.Dsa.sign ~key (Cstruct.sub msg 0 65) - | `Ed25519 key -> Ed25519.sign ~key msg, Cstruct.empty - ) - (function - | `P224 _ -> "P224" | `P256 _ -> "P256" | `P384 _ -> "P384" | `P521 _ -> "P521" | `Ed25519 _ -> "Ed25519" + count name (fun (_, x) -> match x with + | `P224 (key, _) -> P224.Dsa.sign ~key (Cstruct.sub msg 0 28) + | `P256 (key, _) -> P256.Dsa.sign ~key (Cstruct.sub msg 0 32) + | `P384 (key, _) -> P384.Dsa.sign ~key (Cstruct.sub msg 0 48) + | `P521 (key, _) -> P521.Dsa.sign ~key (Cstruct.sub msg 0 65) + | `Ed25519 (key, _) -> Ed25519.sign ~key msg, Cstruct.empty ) - [`P224 ecdsa_p224; `P256 ecdsa_p256; `P384 ecdsa_p384; `P521 ecdsa_p521; `Ed25519 ed25519 ]); + fst ecdsas); bm "ecdsa-verify" (fun name -> let open Mirage_crypto_ec in - count name (function + count name (fun (_, x) -> match x with | `P224 (key, signature) -> P224.Dsa.(verify ~key:(pub_of_priv key) signature (Cstruct.sub msg 0 28)) | `P256 (key, signature) -> P256.Dsa.(verify ~key:(pub_of_priv key) signature (Cstruct.sub msg 0 32)) | `P384 (key, signature) -> P384.Dsa.(verify ~key:(pub_of_priv key) signature (Cstruct.sub msg 0 48)) | `P521 (key, signature) -> P521.Dsa.(verify ~key:(pub_of_priv key) signature (Cstruct.sub msg 0 65)) | `Ed25519 (key, signature) -> Ed25519.(verify ~key:(pub_of_priv key) signature ~msg) - ) - (function - | `P224 _ -> "P224" | `P256 _ -> "P256" | `P384 _ -> "P384" | `P521 _ -> "P521" | `Ed25519 _ -> "Ed25519" - ) - [ - `P224 (ecdsa_p224, ecdsa_p224_sig ()); - `P256 (ecdsa_p256, ecdsa_p256_sig ()); - `P384 (ecdsa_p384, ecdsa_p384_sig ()); - `P521 (ecdsa_p521, ecdsa_p521_sig ()); - `Ed25519 (ed25519, ed25519_sig ()); - ]); + ) fst ecdsas); bm "dh-secret" (fun name -> count name (fun (_, group) -> Mirage_crypto_pk.Dh.gen_key group) @@ -358,29 +350,23 @@ let benchmarks = [ bm "ecdh-secret" (fun name -> let open Mirage_crypto_ec in - count name (function - | `P224 -> P224.Dh.gen_key () |> ignore - | `P256 -> P256.Dh.gen_key () |> ignore - | `P384 -> P384.Dh.gen_key () |> ignore - | `P521 -> P521.Dh.gen_key () |> ignore - | `X25519 -> X25519.gen_key () |> ignore) - (function - | `P224 -> "P224" | `P256 -> "P256" | `P384 -> "P384" | `P521 -> "P521" | `X25519 -> "X25519" - ) - [`P224; `P256; `P384; `P521; `X25519]); + count name (fun (_, x) -> match x with + | `P224 _ -> P224.Dh.gen_key () |> ignore + | `P256 _ -> P256.Dh.gen_key () |> ignore + | `P384 _ -> P384.Dh.gen_key () |> ignore + | `P521 _ -> P521.Dh.gen_key () |> ignore + | `X25519 _ -> X25519.gen_key () |> ignore) + fst ecdh_shares); bm "ecdh-share" (fun name -> let open Mirage_crypto_ec in - count name (function + count name (fun (_, x) -> match x with | `P224 (sec, share) -> P224.Dh.key_exchange sec share |> Result.get_ok |> ignore | `P256 (sec, share) -> P256.Dh.key_exchange sec share |> Result.get_ok |> ignore | `P384 (sec, share) -> P384.Dh.key_exchange sec share |> Result.get_ok |> ignore | `P521 (sec, share) -> P521.Dh.key_exchange sec share |> Result.get_ok |> ignore | `X25519 (sec, share) -> X25519.key_exchange sec share |> Result.get_ok |> ignore) - (function - | `P224 _ -> "P224" | `P256 _ -> "P256" | `P384 _ -> "P384" | `P521 _ -> "P521" | `X25519 _ -> "X25519" - ) - ecdh_shares); + fst ecdh_shares); bm "chacha20-poly1305" (fun name -> let key = Mirage_crypto.Chacha20.of_secret (Mirage_crypto_rng.generate 32) From 683a43e286f83b098dfdebe05804fa48510dbb1b Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Tue, 6 Feb 2024 18:37:34 +0100 Subject: [PATCH 6/6] mirage-crypto: conflict with result < 1.5 (since that redefines Result module, and we don't get Result.get_ok) --- mirage-crypto.opam | 1 + 1 file changed, 1 insertion(+) diff --git a/mirage-crypto.opam b/mirage-crypto.opam index 56da60ca..d6ad51ce 100644 --- a/mirage-crypto.opam +++ b/mirage-crypto.opam @@ -22,6 +22,7 @@ depends: [ ] conflicts: [ "ocaml-freestanding" + "result" {< "1.5"} ] description: """ Mirage-crypto provides symmetric ciphers (DES, AES, RC4, ChaCha20/Poly1305), and