21780928802

Committed 07 Feb 2026 01:36PM UTC coverage: 90.068% (+0.003%) from 90.065%

Build # 21780928802

Build Type

Pull #5295

github

Committed by

web-flow

Commit Message

Merge cbabeb61a into ebf8f0044

Pull Request Pull Request #5295: Reduce header dependencies in tests and cli

Run Details

102234 of 113508 relevant lines covered (90.07%)

11464546.51 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/src/cli/perf_x509.cpp

/*
* (C) 2025 Jack Lloyd
*     2025 René Meusel - Rohde & Schwarz Cybersecurity
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include "perf.h"
#include <algorithm>

// Always available:
#include <botan/assert.h>

#if defined(BOTAN_HAS_X509)
   #include <botan/ber_dec.h>
   #include <botan/bigint.h>
   #include <botan/der_enc.h>
   #include <botan/pk_algs.h>
   #include <botan/pk_keys.h>
   #include <botan/rng.h>
   #include <botan/x509_ca.h>
   #include <botan/x509_ext.h>
   #include <botan/x509self.h>
#endif

namespace Botan_CLI {

#if defined(BOTAN_HAS_X509) && defined(BOTAN_HAS_ML_DSA)

class PerfTest_ASN1_Parsing final : public PerfTest {
   private:
      struct CA {
            std::unique_ptr<Botan::Private_Key> root_key;
            Botan::X509_CA ca;
      };

   private:
      static std::string_view get_hash_function() { return "SHAKE-256(512)"; }

      static std::unique_ptr<Botan::Private_Key> create_private_key(Botan::RandomNumberGenerator& rng) {
         return Botan::create_private_key("ML-DSA", rng, "ML-DSA-6x5");
      }

      static CA create_ca(Botan::RandomNumberGenerator& rng) {
         auto root_cert_options = Botan::X509_Cert_Options("Benchmark Root/DE/RS/CS");
         root_cert_options.dns = "unobtainium.example.com";
         root_cert_options.email = "idont@exist.com";
         root_cert_options.is_CA = true;

         auto root_key = create_private_key(rng);
         BOTAN_ASSERT_NONNULL(root_key);
         auto root_cert = Botan::X509::create_self_signed_cert(root_cert_options, *root_key, get_hash_function(), rng);
         auto ca = Botan::X509_CA(root_cert, *root_key, get_hash_function(), rng);

         return CA{
            std::move(root_key),
            std::move(ca),
         };
      }

      static Botan::X509_Certificate make_certificate(std::string_view common_name,
                                                      CA& ca,
                                                      Botan::RandomNumberGenerator& rng) {
         Botan::X509_DN subject;
         subject.add_attribute("X520.CommonName", common_name);
         subject.add_attribute("X520.Country", "DE");
         subject.add_attribute("X520.State", "Berlin");
         subject.add_attribute("X520.Organization", "RS");
         subject.add_attribute("X520.OrganizationalUnit", "CS");

         Botan::AlternativeName an;
         an.add_dns("gibtsnicht.example.com");
         an.add_email("not.available@anywhere.com");

         Botan::Extensions exts;
         exts.add(std::make_unique<Botan::Cert_Extension::Subject_Alternative_Name>(an));

         const auto cert_key = create_private_key(rng);
         BOTAN_ASSERT_NONNULL(cert_key);
         const auto cert_req = Botan::PKCS10_Request::create(*cert_key, subject, exts, get_hash_function(), rng);

         const auto now = std::chrono::system_clock::now();
         using namespace std::chrono_literals;
         return ca.ca.sign_request(cert_req, rng, Botan::X509_Time(now), Botan::X509_Time(now + 24h * 365));
      }

      static Botan::X509_CRL make_revocation_list(size_t entries, CA& ca, Botan::RandomNumberGenerator& rng) {
         const auto empty_crl = ca.ca.new_crl(rng);

         std::vector<Botan::CRL_Entry> crl_entries(entries);
         std::generate(crl_entries.begin(), crl_entries.end(), [&] {
            std::vector<uint8_t> crl_entry_buffer;

            // Generating the CRL entries through their ASN.1 structure because
            // our public API does not allow creating them without the actual
            // certificate that is supposed to be revoked.
            Botan::Extensions exts;
            exts.add(std::make_unique<Botan::Cert_Extension::CRL_ReasonCode>(Botan::CRL_Code::KeyCompromise));
            Botan::DER_Encoder(crl_entry_buffer)
               .start_sequence()
               .encode(Botan::BigInt::from_bytes(rng.random_array<16>()))
               .encode(Botan::X509_Time(std::chrono::system_clock::now()))
               .start_sequence()
               .encode(exts)
               .end_cons()
               .end_cons();

            Botan::BER_Decoder ber(crl_entry_buffer);

            Botan::CRL_Entry entry;
            entry.decode_from(ber);
            return entry;
         });

         return ca.ca.update_crl(empty_crl, crl_entries, rng);
      }

   public:
      void go(const PerfConfig& config) override {
         auto ca = create_ca(config.rng());
         auto cert = make_certificate("Test Certificate", ca, config.rng());
         auto crl = make_revocation_list(500, ca, config.rng());

         const auto cert_encoded = cert.BER_encode();
         const auto crl_encoded = crl.BER_encode();

         auto cert_timer = config.make_timer("X509 Certificate Parsing");
         auto crl_timer = config.make_timer("X509 CRL Parsing");

         const auto runtime = config.runtime();

         while(cert_timer->under(runtime)) {
            cert_timer->start();
            std::ignore = Botan::X509_Certificate(cert_encoded);
            cert_timer->stop();
         }

         while(crl_timer->under(runtime)) {
            crl_timer->start();
            std::ignore = Botan::X509_CRL(crl_encoded);
            crl_timer->stop();
         }

         config.record_result(*cert_timer);
         config.record_result(*crl_timer);
      }
};

BOTAN_REGISTER_PERF_TEST("asn1_parsing", PerfTest_ASN1_Parsing);

#endif

}  // namespace Botan_CLI

1	/*
2	* (C) 2025 Jack Lloyd
3	* 2025 René Meusel - Rohde & Schwarz Cybersecurity
4	*
5	* Botan is released under the Simplified BSD License (see license.txt)
6	*/
7
8	#include "perf.h"
9	#include <algorithm>
10
11	// Always available:
12	#include <botan/assert.h>
13
14	#if defined(BOTAN_HAS_X509)
15	#include <botan/ber_dec.h>
16	#include <botan/bigint.h>
17	#include <botan/der_enc.h>
18	#include <botan/pk_algs.h>
19	#include <botan/pk_keys.h>
20	#include <botan/rng.h>
21	#include <botan/x509_ca.h>
22	#include <botan/x509_ext.h>
23	#include <botan/x509self.h>
24	#endif
25
26	namespace Botan_CLI {
27
28	#if defined(BOTAN_HAS_X509) && defined(BOTAN_HAS_ML_DSA)
29
30	class PerfTest_ASN1_Parsing final : public PerfTest {	×
31	private:
32	struct CA {
33	std::unique_ptr<Botan::Private_Key> root_key;
34	Botan::X509_CA ca;
35	};
36
37	private:
38	static std::string_view get_hash_function() { return "SHAKE-256(512)"; }	×
39
40	static std::unique_ptr<Botan::Private_Key> create_private_key(Botan::RandomNumberGenerator& rng) {	×
41	return Botan::create_private_key("ML-DSA", rng, "ML-DSA-6x5");	×
42	}
43
44	static CA create_ca(Botan::RandomNumberGenerator& rng) {	×
45	auto root_cert_options = Botan::X509_Cert_Options("Benchmark Root/DE/RS/CS");	×
46	root_cert_options.dns = "unobtainium.example.com";	×
47	root_cert_options.email = "idont@exist.com";	×
48	root_cert_options.is_CA = true;	×
49
50	auto root_key = create_private_key(rng);	×
51	BOTAN_ASSERT_NONNULL(root_key);	×
52	auto root_cert = Botan::X509::create_self_signed_cert(root_cert_options, *root_key, get_hash_function(), rng);	×
53	auto ca = Botan::X509_CA(root_cert, *root_key, get_hash_function(), rng);	×
54
55	return CA{	×
56	std::move(root_key),
57	std::move(ca),
58	};	×
59	}	×
60
61	static Botan::X509_Certificate make_certificate(std::string_view common_name,	×
62	CA& ca,
63	Botan::RandomNumberGenerator& rng) {
64	Botan::X509_DN subject;	×
65	subject.add_attribute("X520.CommonName", common_name);	×
66	subject.add_attribute("X520.Country", "DE");	×
67	subject.add_attribute("X520.State", "Berlin");	×
68	subject.add_attribute("X520.Organization", "RS");	×
69	subject.add_attribute("X520.OrganizationalUnit", "CS");	×
70
71	Botan::AlternativeName an;	×
72	an.add_dns("gibtsnicht.example.com");	×
73	an.add_email("not.available@anywhere.com");	×
74
75	Botan::Extensions exts;	×
76	exts.add(std::make_unique<Botan::Cert_Extension::Subject_Alternative_Name>(an));	×
77
78	const auto cert_key = create_private_key(rng);	×
79	BOTAN_ASSERT_NONNULL(cert_key);	×
80	const auto cert_req = Botan::PKCS10_Request::create(*cert_key, subject, exts, get_hash_function(), rng);	×
81
82	const auto now = std::chrono::system_clock::now();	×
83	using namespace std::chrono_literals;	×
84	return ca.ca.sign_request(cert_req, rng, Botan::X509_Time(now), Botan::X509_Time(now + 24h * 365));	×
85	}	×
86
87	static Botan::X509_CRL make_revocation_list(size_t entries, CA& ca, Botan::RandomNumberGenerator& rng) {	×
88	const auto empty_crl = ca.ca.new_crl(rng);	×
89
90	std::vector<Botan::CRL_Entry> crl_entries(entries);	×
91	std::generate(crl_entries.begin(), crl_entries.end(), [&] {	×
92	std::vector<uint8_t> crl_entry_buffer;	×
93
94	// Generating the CRL entries through their ASN.1 structure because
95	// our public API does not allow creating them without the actual
96	// certificate that is supposed to be revoked.
97	Botan::Extensions exts;	×
98	exts.add(std::make_unique<Botan::Cert_Extension::CRL_ReasonCode>(Botan::CRL_Code::KeyCompromise));	×
99	Botan::DER_Encoder(crl_entry_buffer)	×
100	.start_sequence()	×
101	.encode(Botan::BigInt::from_bytes(rng.random_array<16>()))	×
102	.encode(Botan::X509_Time(std::chrono::system_clock::now()))	×
103	.start_sequence()	×
104	.encode(exts)	×
105	.end_cons()	×
106	.end_cons();	×
107
108	Botan::BER_Decoder ber(crl_entry_buffer);	×
109
110	Botan::CRL_Entry entry;	×
111	entry.decode_from(ber);	×
112	return entry;	×
113	});	×
114
115	return ca.ca.update_crl(empty_crl, crl_entries, rng);	×
116	}	×
117
118	public:
119	void go(const PerfConfig& config) override {	×
120	auto ca = create_ca(config.rng());	×
121	auto cert = make_certificate("Test Certificate", ca, config.rng());	×
122	auto crl = make_revocation_list(500, ca, config.rng());	×
123
124	const auto cert_encoded = cert.BER_encode();	×
125	const auto crl_encoded = crl.BER_encode();	×
126
127	auto cert_timer = config.make_timer("X509 Certificate Parsing");	×
128	auto crl_timer = config.make_timer("X509 CRL Parsing");	×
129
130	const auto runtime = config.runtime();	×
131
132	while(cert_timer->under(runtime)) {	×
133	cert_timer->start();	×
134	std::ignore = Botan::X509_Certificate(cert_encoded);	×
135	cert_timer->stop();	×
136	}
137
138	while(crl_timer->under(runtime)) {	×
139	crl_timer->start();	×
140	std::ignore = Botan::X509_CRL(crl_encoded);	×
141	crl_timer->stop();	×
142	}
143
144	config.record_result(*cert_timer);	×
145	config.record_result(*crl_timer);	×
146	}	×
147	};
148
149	BOTAN_REGISTER_PERF_TEST("asn1_parsing", PerfTest_ASN1_Parsing);	×
150
151	#endif
152
153	} // namespace Botan_CLI

randombit / botan / 21780928802

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous