From fc0f535882d2f489e6d0eff3b06697d1225e8443 Mon Sep 17 00:00:00 2001
From: Jesper Louis Andersen <jesper.louis.andersen@gmail.com>
Date: Wed, 17 Dec 2014 16:17:12 +0100
Subject: [PATCH] Introduce timing for precomputed values.

---
 src/enacl.erl        |  3 +++
 src/enacl_timing.erl | 42 +++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 44 insertions(+), 1 deletion(-)

diff --git a/src/enacl.erl b/src/enacl.erl
index e73e4b3..b23c943 100644
--- a/src/enacl.erl
+++ b/src/enacl.erl
@@ -79,6 +79,9 @@
 -define(HASH_REDUCTIONS, 104 * 2).
 -define(BOX_SIZE, 32 * 1024).
 -define(BOX_REDUCTIONS, 115 * 2).
+-define(BOX_BEFORENM_REDUCTIONS, 60).
+-define(BOX_AFTERNM_SIZE, 64 * 1024).
+-define(BOX_AFTERNM_REDUCTIONS, 110 * 2).
 -define(SIGN_SIZE, 16 * 1024).
 -define(SIGN_REDUCTIONS, 160 * 2).
 -define(SECRETBOX_SIZE, 64 * 1024).
diff --git a/src/enacl_timing.erl b/src/enacl_timing.erl
index 24edb20..cb07393 100644
--- a/src/enacl_timing.erl
+++ b/src/enacl_timing.erl
@@ -11,7 +11,8 @@ all() ->
     time_secretbox(),
     time_stream(),
     time_auth(),
-    time_onetimeauth()].
+    time_onetimeauth(),
+    time_precomputed()].
 
 -define(ROUNDS, 300).
 
@@ -171,6 +172,45 @@ box(Bin, Nonce, PK, SK, N) ->
     enacl_nif:crypto_box_b(Bin, Nonce, PK, SK),
     box(Bin, Nonce, PK, SK, N-1).
 
+%% PRECOMPUTED
+%% -------------------
+
+time_precomputed() ->
+    Sz = 1024 * 64,
+    Bin = binary:copy(<<0>>, Sz),
+    ZB = binary:copy(<<0>>, enacl_nif:crypto_box_ZEROBYTES()),
+    BZB = binary:copy(<<0>>, enacl_nif:crypto_box_BOXZEROBYTES()),
+    Nonce = binary:copy(<<0>>, enacl_nif:crypto_box_NONCEBYTES()),
+    #{ public := PK1, secret := SK1 } = enacl:box_keypair(),
+    #{ public := PK2, secret := SK2 } = enacl:box_keypair(),
+    T = timed(fun() -> beforenm(PK1, SK2, ?ROUNDS) end) / ?ROUNDS,
+    K = enacl_nif:crypto_box_beforenm(PK1, SK2),
+    K = enacl_nif:crypto_box_beforenm(PK2, SK1),
+    T2 = timed(fun() -> afternm([ZB, Bin], Nonce, K, ?ROUNDS) end) / ?ROUNDS,
+    Ciphered = enacl_nif:crypto_box_afternm_b([ZB, Bin], Nonce, K),
+    Bin = enacl_nif:crypto_box_open_afternm_b([BZB, Ciphered], Nonce, K),
+    T3 = timed(fun() -> afternm_open([BZB, Ciphered], Nonce, K, ?ROUNDS) end) / ?ROUNDS,
+    [
+      #{ size => 'n/a', time => T, operation => box_beforenm },
+      #{ size => Sz, time => T2, operation => box_afternm },
+      #{ size => Sz, time => T3, operation => box_open_afternm }
+    ].
+    
+afternm(_M, _Nonce, _K, 0) -> ok;
+afternm(M, Nonce, K, N) ->
+    enacl_nif:crypto_box_afternm_b(M, Nonce, K),
+    afternm(M, Nonce, K, N-1).
+    
+afternm_open(_C, _Nonce, _K, 0) -> ok;
+afternm_open(C, Nonce, K, N) ->
+    enacl_nif:crypto_box_open_afternm_b(C, Nonce, K),
+    afternm_open(C, Nonce, K, N-1).
+
+beforenm(_PK, _SK, 0) -> ok;
+beforenm(PK, SK, N) ->
+    enacl_nif:crypto_box_beforenm(PK, SK),
+    beforenm(PK, SK, N-1).
+
 %% HASHING
 %% ----------------
 time_hashing() ->