20579846577

Committed 29 Dec 2025 06:24PM UTC coverage: 90.415% (+0.2%) from 90.243%

Build # 20579846577

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request #5167 from randombit/jack/src-size-reductions

Changes to reduce unnecessary inclusions

Run Details

101523 of 112285 relevant lines covered (90.42%)

12817276.56 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/src/cli/perf_x509.cpp

/*
* (C) 2025 Jack Lloyd
*     2025 René Meusel - Rohde & Schwarz Cybersecurity
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include "perf.h"
#include <algorithm>

// Always available:
#include <botan/assert.h>

#if defined(BOTAN_HAS_X509)
   #include <botan/ber_dec.h>
   #include <botan/bigint.h>
   #include <botan/der_enc.h>
   #include <botan/pk_algs.h>
   #include <botan/pk_keys.h>
   #include <botan/x509_ca.h>
   #include <botan/x509_ext.h>
   #include <botan/x509self.h>
#endif

namespace Botan_CLI {

#if defined(BOTAN_HAS_X509) && defined(BOTAN_HAS_ML_DSA)

class PerfTest_ASN1_Parsing final : public PerfTest {
   private:
      struct CA {
            std::unique_ptr<Botan::Private_Key> root_key;
            Botan::X509_CA ca;
      };

   private:
      static std::string_view get_hash_function() { return "SHAKE-256(512)"; }

      static std::unique_ptr<Botan::Private_Key> create_private_key(Botan::RandomNumberGenerator& rng) {
         return Botan::create_private_key("ML-DSA", rng, "ML-DSA-6x5");
      }

      static CA create_ca(Botan::RandomNumberGenerator& rng) {
         auto root_cert_options = Botan::X509_Cert_Options("Benchmark Root/DE/RS/CS");
         root_cert_options.dns = "unobtainium.example.com";
         root_cert_options.email = "idont@exist.com";
         root_cert_options.is_CA = true;

         auto root_key = create_private_key(rng);
         BOTAN_ASSERT_NONNULL(root_key);
         auto root_cert = Botan::X509::create_self_signed_cert(root_cert_options, *root_key, get_hash_function(), rng);
         auto ca = Botan::X509_CA(root_cert, *root_key, get_hash_function(), rng);

         return CA{
            std::move(root_key),
            std::move(ca),
         };
      }

      static Botan::X509_Certificate make_certificate(std::string_view common_name,
                                                      CA& ca,
                                                      Botan::RandomNumberGenerator& rng) {
         Botan::X509_DN subject;
         subject.add_attribute("X520.CommonName", common_name);
         subject.add_attribute("X520.Country", "DE");
         subject.add_attribute("X520.State", "Berlin");
         subject.add_attribute("X520.Organization", "RS");
         subject.add_attribute("X520.OrganizationalUnit", "CS");

         Botan::AlternativeName an;
         an.add_dns("gibtsnicht.example.com");
         an.add_email("not.available@anywhere.com");

         Botan::Extensions exts;
         exts.add(std::make_unique<Botan::Cert_Extension::Subject_Alternative_Name>(an));

         const auto cert_key = create_private_key(rng);
         BOTAN_ASSERT_NONNULL(cert_key);
         const auto cert_req = Botan::PKCS10_Request::create(*cert_key, subject, exts, get_hash_function(), rng);

         const auto now = std::chrono::system_clock::now();
         using namespace std::chrono_literals;
         return ca.ca.sign_request(cert_req, rng, Botan::X509_Time(now), Botan::X509_Time(now + 24h * 365));
      }

      static Botan::X509_CRL make_revocation_list(size_t entries, CA& ca, Botan::RandomNumberGenerator& rng) {
         const auto empty_crl = ca.ca.new_crl(rng);

         std::vector<Botan::CRL_Entry> crl_entries(entries);
         std::generate(crl_entries.begin(), crl_entries.end(), [&] {
            std::vector<uint8_t> crl_entry_buffer;

            // Generating the CRL entries through their ASN.1 structure because
            // our public API does not allow creating them without the actual
            // certificate that is supposed to be revoked.
            Botan::Extensions exts;
            exts.add(std::make_unique<Botan::Cert_Extension::CRL_ReasonCode>(Botan::CRL_Code::KeyCompromise));
            Botan::DER_Encoder(crl_entry_buffer)
               .start_sequence()
               .encode(Botan::BigInt::from_bytes(rng.random_array<16>()))
               .encode(Botan::X509_Time(std::chrono::system_clock::now()))
               .start_sequence()
               .encode(exts)
               .end_cons()
               .end_cons();

            Botan::BER_Decoder ber(crl_entry_buffer);

            Botan::CRL_Entry entry;
            entry.decode_from(ber);
            return entry;
         });

         return ca.ca.update_crl(empty_crl, crl_entries, rng);
      }

   public:
      void go(const PerfConfig& config) override {
         auto ca = create_ca(config.rng());
         auto cert = make_certificate("Test Certificate", ca, config.rng());
         auto crl = make_revocation_list(500, ca, config.rng());

         const auto cert_encoded = cert.BER_encode();
         const auto crl_encoded = crl.BER_encode();

         auto cert_timer = config.make_timer("X509 Certificate Parsing");
         auto crl_timer = config.make_timer("X509 CRL Parsing");

         const auto runtime = config.runtime();

         while(cert_timer->under(runtime)) {
            cert_timer->start();
            std::ignore = Botan::X509_Certificate(cert_encoded);
            cert_timer->stop();
         }

         while(crl_timer->under(runtime)) {
            crl_timer->start();
            std::ignore = Botan::X509_CRL(crl_encoded);
            crl_timer->stop();
         }

         config.record_result(*cert_timer);
         config.record_result(*crl_timer);
      }
};

BOTAN_REGISTER_PERF_TEST("asn1_parsing", PerfTest_ASN1_Parsing);

#endif

}  // namespace Botan_CLI

1	/*
2	* (C) 2025 Jack Lloyd
3	* 2025 René Meusel - Rohde & Schwarz Cybersecurity
4	*
5	* Botan is released under the Simplified BSD License (see license.txt)
6	*/
7
8	#include "perf.h"
9	#include <algorithm>
10
11	// Always available:
12	#include <botan/assert.h>
13
14	#if defined(BOTAN_HAS_X509)
15	#include <botan/ber_dec.h>
16	#include <botan/bigint.h>
17	#include <botan/der_enc.h>
18	#include <botan/pk_algs.h>
19	#include <botan/pk_keys.h>
20	#include <botan/x509_ca.h>
21	#include <botan/x509_ext.h>
22	#include <botan/x509self.h>
23	#endif
24
25	namespace Botan_CLI {
26
27	#if defined(BOTAN_HAS_X509) && defined(BOTAN_HAS_ML_DSA)
28
29	class PerfTest_ASN1_Parsing final : public PerfTest {	×
30	private:
31	struct CA {
32	std::unique_ptr<Botan::Private_Key> root_key;
33	Botan::X509_CA ca;
34	};
35
36	private:
37	static std::string_view get_hash_function() { return "SHAKE-256(512)"; }	×
38
39	static std::unique_ptr<Botan::Private_Key> create_private_key(Botan::RandomNumberGenerator& rng) {	×
40	return Botan::create_private_key("ML-DSA", rng, "ML-DSA-6x5");	×
41	}
42
43	static CA create_ca(Botan::RandomNumberGenerator& rng) {	×
44	auto root_cert_options = Botan::X509_Cert_Options("Benchmark Root/DE/RS/CS");	×
45	root_cert_options.dns = "unobtainium.example.com";	×
46	root_cert_options.email = "idont@exist.com";	×
47	root_cert_options.is_CA = true;	×
48
49	auto root_key = create_private_key(rng);	×
50	BOTAN_ASSERT_NONNULL(root_key);	×
51	auto root_cert = Botan::X509::create_self_signed_cert(root_cert_options, *root_key, get_hash_function(), rng);	×
52	auto ca = Botan::X509_CA(root_cert, *root_key, get_hash_function(), rng);	×
53
54	return CA{	×
55	std::move(root_key),
56	std::move(ca),
57	};	×
58	}	×
59
60	static Botan::X509_Certificate make_certificate(std::string_view common_name,	×
61	CA& ca,
62	Botan::RandomNumberGenerator& rng) {
63	Botan::X509_DN subject;	×
64	subject.add_attribute("X520.CommonName", common_name);	×
65	subject.add_attribute("X520.Country", "DE");	×
66	subject.add_attribute("X520.State", "Berlin");	×
67	subject.add_attribute("X520.Organization", "RS");	×
68	subject.add_attribute("X520.OrganizationalUnit", "CS");	×
69
70	Botan::AlternativeName an;	×
71	an.add_dns("gibtsnicht.example.com");	×
72	an.add_email("not.available@anywhere.com");	×
73
74	Botan::Extensions exts;	×
75	exts.add(std::make_unique<Botan::Cert_Extension::Subject_Alternative_Name>(an));	×
76
77	const auto cert_key = create_private_key(rng);	×
78	BOTAN_ASSERT_NONNULL(cert_key);	×
79	const auto cert_req = Botan::PKCS10_Request::create(*cert_key, subject, exts, get_hash_function(), rng);	×
80
81	const auto now = std::chrono::system_clock::now();	×
82	using namespace std::chrono_literals;	×
83	return ca.ca.sign_request(cert_req, rng, Botan::X509_Time(now), Botan::X509_Time(now + 24h * 365));	×
84	}	×
85
86	static Botan::X509_CRL make_revocation_list(size_t entries, CA& ca, Botan::RandomNumberGenerator& rng) {	×
87	const auto empty_crl = ca.ca.new_crl(rng);	×
88
89	std::vector<Botan::CRL_Entry> crl_entries(entries);	×
90	std::generate(crl_entries.begin(), crl_entries.end(), [&] {	×
91	std::vector<uint8_t> crl_entry_buffer;	×
92
93	// Generating the CRL entries through their ASN.1 structure because
94	// our public API does not allow creating them without the actual
95	// certificate that is supposed to be revoked.
96	Botan::Extensions exts;	×
97	exts.add(std::make_unique<Botan::Cert_Extension::CRL_ReasonCode>(Botan::CRL_Code::KeyCompromise));	×
98	Botan::DER_Encoder(crl_entry_buffer)	×
99	.start_sequence()	×
100	.encode(Botan::BigInt::from_bytes(rng.random_array<16>()))	×
101	.encode(Botan::X509_Time(std::chrono::system_clock::now()))	×
102	.start_sequence()	×
103	.encode(exts)	×
104	.end_cons()	×
105	.end_cons();	×
106
107	Botan::BER_Decoder ber(crl_entry_buffer);	×
108
109	Botan::CRL_Entry entry;	×
110	entry.decode_from(ber);	×
111	return entry;	×
112	});	×
113
114	return ca.ca.update_crl(empty_crl, crl_entries, rng);	×
115	}	×
116
117	public:
118	void go(const PerfConfig& config) override {	×
119	auto ca = create_ca(config.rng());	×
120	auto cert = make_certificate("Test Certificate", ca, config.rng());	×
121	auto crl = make_revocation_list(500, ca, config.rng());	×
122
123	const auto cert_encoded = cert.BER_encode();	×
124	const auto crl_encoded = crl.BER_encode();	×
125
126	auto cert_timer = config.make_timer("X509 Certificate Parsing");	×
127	auto crl_timer = config.make_timer("X509 CRL Parsing");	×
128
129	const auto runtime = config.runtime();	×
130
131	while(cert_timer->under(runtime)) {	×
132	cert_timer->start();	×
133	std::ignore = Botan::X509_Certificate(cert_encoded);	×
134	cert_timer->stop();	×
135	}
136
137	while(crl_timer->under(runtime)) {	×
138	crl_timer->start();	×
139	std::ignore = Botan::X509_CRL(crl_encoded);	×
140	crl_timer->stop();	×
141	}
142
143	config.record_result(*cert_timer);	×
144	config.record_result(*crl_timer);	×
145	}	×
146	};
147
148	BOTAN_REGISTER_PERF_TEST("asn1_parsing", PerfTest_ASN1_Parsing);	×
149
150	#endif
151
152	} // namespace Botan_CLI

randombit / botan / 20579846577

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous