22-Sep-14 Markku-Juhani O. Saarinen [email protected]
BRUTUS is an alternative testing framework for CAESAR ciphers.
Individual ciphers are compiled into shared libraries. A testing main()
program then loads only those ciphers that you want to run on a particular
test on. BRUTUS runs on most modern Linux systems, including better-equipped
embedded systems. The codebase is fairly small and easily modifiable.
The main advantage of BRUTUS over SUPERCOP is that it allows a rapid testing cycle. You can compile and run basic tests on over 200 candidate variants in just few minutes (about 95% currently runnable). You can also easily add your own test code into the framework.
After fixing a bunch of memory leaks and other horrendous bugs in the implementations (despite academic credentials, some of you guys really wouldn't be able to hold an entry-level job in a real security company), the reference ciphers are now included with the BRUTUS package. Many obvious bugs still remain but I haven't touched implementation errors that don't threaten the stability of the testing framework. It's your shame if you can't code.
No warranty whatsoever. I don't own the cipher implementations. If you use my code in your project, attribute me.
The first round BRUTUS report has been published in Journal Of Cryptographic Engineering. The paper [The BRUTUS automatic cryptanalytic framework: Testing CAESAR authenticated encryption candidates for weaknesses] (http://link.springer.com/article/10.1007%2Fs13389-015-0114-1) is freely downloadable.
Cheers,
- Markku https://mjos.fi.
#Short Tutorial
Brutus is written for a recent-release Linux system. In addition to compilers
and gnu make you will need OpenSSL's cryptolib
and headers installed as
some candidates utilize AES. On debian/ubuntu:
$ sudo apt-get install libssl-dev
Choose a working directory and cd there. Extract the Brutus package:
$ git clone https://github.com/mjosaarinen/brutus.git
or
$ wget https://mjos.fi/dist/brutus-current.txz
$ tar xfvJ brutus-current.txz
Now check the compiler flags in brutus_cc.cfg
. If you have an old compiler
or an otherwise exotic system, you may want to discard native optimizations and
go with something geneneric like:
echo "gcc -Wall -O3" > brutus_cc.cfg
We are ready to compile the libraries and test framework. Just write:
$ make
This takes one or two minutes to complete, depending on your system.
When make
is called for the first time, the main test code and modules
are first compiled and then the makefile calls the dynlib compiling
script mkaeadlibs.sh
. If your system has cryptolib in some exotic location,
you need to tweak this script. If you play with some part the test code, the
makefile will just recompile that part for your next test, not the libraries.
In the end, the file aeadlibs.txt
contains the list of ciphers that produced
at least some kind of library. All of the dynamic libraries are in aeadlibs
subdirectory. The compiler output of each library is in *.err
and *.so
is
the shared library (if it exists). For example:
$ ls aeadlibs/stribob192*
aeadlibs/stribob192r1-8bit.err aeadlibs/stribob192r2d2-bitslice.err
aeadlibs/stribob192r1-8bit.so aeadlibs/stribob192r2d2-bitslice.so
aeadlibs/stribob192r1-ref.err aeadlibs/stribob192r2d2-neon.err
aeadlibs/stribob192r1-ref.so aeadlibs/stribob192r2d2-ref.err
aeadlibs/stribob192r1-xmm.err aeadlibs/stribob192r2d2-ref.so
aeadlibs/stribob192r1-xmm.so aeadlibs/stribob192r2d2-ssse3.err
aeadlibs/stribob192r2d2-8bit.err aeadlibs/stribob192r2d2-ssse3.so
aeadlibs/stribob192r2d2-8bit.so
We also have the brutus
executable binary:
$ ./brutus
Usage: brutus [flags] aead1.so aead2.so ..
-h Quick help
-q Switch off verbose
-kN Generate KAT for max length N
-tN Force exit after N seconds
-rN Use random seed N
-cN Coherence test (N sec timeout)
-sN Encryption/Authentication Speed (N secs each)
-fN Fast throughput test (N secs for enc/dec)
Brutus is invoked with flags and library filenames. The following wildcard will quickly test all variants of keyak for speed and coherence. Note that all numbers "N" are optional; there are defaults.
$ ./brutus -c2 -f aeadlibs/*keyakv1-*.so
BRUTUS (Sep 24 2014) by Markku-Juhani O. Saarinen <[email protected]>
[lakekeyakv1-ref] Coherence Check (limit=2 sec) key=16 nsec=0 npub=16 a=16
[lakekeyakv1-ref] Throughput (limit=1 sec) key=16 nsec=0 npub=16 a=16
[lakekeyakv1-ref] 43788.04 kB/s encrypt(mlen=65536 adlen=0)
[lakekeyakv1-ref] 43811.63 kB/s decrypt(mlen=65536 adlen=0)
[oceankeyakv1-ref] Coherence Check (limit=2 sec) key=16 nsec=0 npub=16 a=16
[oceankeyakv1-ref] Throughput (limit=1 sec) key=16 nsec=0 npub=16 a=16
[oceankeyakv1-ref] 43156.03 kB/s encrypt(mlen=65536 adlen=0)
[oceankeyakv1-ref] 43047.13 kB/s decrypt(mlen=65536 adlen=0)
[riverkeyakv1-ref] Coherence Check (limit=2 sec) key=16 nsec=0 npub=16 a=16
[riverkeyakv1-ref] Throughput (limit=1 sec) key=16 nsec=0 npub=16 a=16
[riverkeyakv1-ref] 18984.20 kB/s encrypt(mlen=65536 adlen=0)
[riverkeyakv1-ref] 18877.08 kB/s decrypt(mlen=65536 adlen=0)
[seakeyakv1-ref] Coherence Check (limit=2 sec) key=16 nsec=0 npub=16 a=16
[seakeyakv1-ref] Throughput (limit=1 sec) key=16 nsec=0 npub=16 a=16
[seakeyakv1-ref] 42998.03 kB/s encrypt(mlen=65536 adlen=0)
[seakeyakv1-ref] 43321.04 kB/s decrypt(mlen=65536 adlen=0
The output should be mostly self-explanatory.