~mdw / catacomb / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge branch '2.5.x'
[catacomb] / progs / perftest.c
CommitLineData
e2edda68 1/* -*-c-*-
2 *
e2edda68 3 * Measure performance of various operations (Unix-specific)
4 *
5 * (c) 2004 Straylight/Edgeware
6 */
7
45c0fd36 8/*----- Licensing notice --------------------------------------------------*
e2edda68 9 *
10 * This file is part of Catacomb.
11 *
12 * Catacomb is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU Library General Public License as
14 * published by the Free Software Foundation; either version 2 of the
15 * License, or (at your option) any later version.
45c0fd36 16 *
e2edda68 17 * Catacomb is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU Library General Public License for more details.
45c0fd36 21 *
e2edda68 22 * You should have received a copy of the GNU Library General Public
23 * License along with Catacomb; if not, write to the Free
24 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
25 * MA 02111-1307, USA.
26 */
27
28/*----- Header files ------------------------------------------------------*/
29
cd6eca43
MW		 30#define _FILE_OFFSET_BITS 64
31
e2edda68 32#include "config.h"
33
34#include <errno.h>
35#include <limits.h>
36#include <math.h>
37#include <stdio.h>
38#include <string.h>
39#include <stdlib.h>
40#include <time.h>
41
42#include <sys/types.h>
43#include <sys/time.h>
44#include <unistd.h>
45
8ae2bc5c
MW		 46#ifdef HAVE_LINUX_PERF_EVENT_H
47# include <linux/perf_event.h>
48# include <asm/unistd.h>
49#endif
50
e2edda68 51#include <mLib/alloc.h>
8ae2bc5c 52#include <mLib/bits.h>
e2edda68 53#include <mLib/dstr.h>
54#include <mLib/mdwopt.h>
55#include <mLib/quis.h>
56#include <mLib/report.h>
57#include <mLib/sub.h>
58#include <mLib/tv.h>
59
60#include "rand.h"
61#include "mp.h"
62#include "mprand.h"
63#include "fibrand.h"
64#include "rsa.h"
57fe52c7
MW		 65#include "mpint.h"
66#include "mptext.h"
e2edda68 67#include "mpmont.h"
68#include "mpbarrett.h"
69#include "dh.h"
70#include "pgen.h"
71#include "ec.h"
72#include "group.h"
fc2d44af 73#include "x25519.h"
643eb1bb 74#include "x448.h"
d56fd9d1 75#include "ed25519.h"
c578d5d8 76#include "ed448.h"
e2edda68 77
c65df279 78#include "cc.h"
ceded834 79#include "gaead.h"
e2edda68 80#include "gcipher.h"
81#include "ghash.h"
82#include "gmac.h"
ef7cf21d 83#include "poly1305.h"
19e6e199 84
c65df279 85#include "ectab.h"
86#include "ptab.h"
e2edda68 87
88/*----- Options -----------------------------------------------------------*/
89
90typedef struct opts {
91 const char *name; /* Pre-configured named thing */
8ae2bc5c 92 const char *opwhat; /* What to call operations */
e2edda68 93 unsigned fbits; /* Field size bits */
94 unsigned gbits; /* Group size bits */
95 unsigned n; /* Number of factors */
96 unsigned i; /* Number of intervals (or zero) */
a43e80e3 97 unsigned k; /* Main loop batch size */
8ae2bc5c 98 unsigned long sc; /* Scale factor */
e2edda68 99 double t; /* Time for each interval (secs) */
57fe52c7 100 mp *e; /* Public exponent */
e74e12bc
MW		 101 unsigned f; /* Flags */
102#define OF_NOCHECK 1u /* Don't do group checking */
e2edda68 103} opts;
104
105/*----- Job switch --------------------------------------------------------*/
106
107/* --- Barrett exponentiation --- */
108
109typedef struct bar_ctx {
110 size_t n;
111 mpbarrett b;
112 mp_expfactor *e;
113} bar_ctx;
114
115static void *bar_init(opts *o)
116{
117 bar_ctx *c = CREATE(bar_ctx);
118 gprime_param gp;
119 qd_parse qd;
120 size_t i;
121
122 if (o->name) {
123 qd.p = o->name;
124 if (dh_parse(&qd, &gp))
125 die(1, "bad prime group: %s", qd.e);
126 } else {
127 if (!o->fbits) o->fbits = 1024;
128 dh_gen(&gp, o->gbits, o->fbits, 0, &rand_global, pgen_evspin, 0);
129 }
130 mpbarrett_create(&c->b, gp.p);
131 if (!o->n) o->n = 1;
132 c->n = o->n;
133 c->e = xmalloc(c->n * sizeof(group_expfactor));
134 for (i = 0; i < c->n; i++) {
135 c->e[i].base = mprand_range(MP_NEW, gp.p, &rand_global, 0);
136 c->e[i].exp = mprand_range(MP_NEW, gp.q, &rand_global, 0);
137 }
138 dh_paramfree(&gp);
139 return (c);
140}
141
142static void bar_run(void *cc)
143{
144 bar_ctx *c = cc;
145 mp *d = mpbarrett_exp(&c->b, MP_NEW, c->e[0].base, c->e[0].exp);
146 MP_DROP(d);
147}
148
149static void barsim_run(void *cc)
150{
151 bar_ctx *c = cc;
152 mp *d = mpbarrett_mexp(&c->b, MP_NEW, c->e, c->n);
153 MP_DROP(d);
154}
155
156/* --- Montgomery exponentiation --- */
157
158typedef struct mont_ctx {
159 size_t n;
160 mpmont m;
161 mp_expfactor *e;
162} mont_ctx;
163
164static void *mont_init(opts *o)
165{
166 mont_ctx *c = CREATE(mont_ctx);
167 gprime_param gp;
168 qd_parse qd;
169 size_t i;
170
171 if (o->name) {
172 qd.p = o->name;
173 if (dh_parse(&qd, &gp))
174 die(1, "bad prime group: %s", qd.e);
175 } else {
176 if (!o->fbits) o->fbits = 1024;
177 dh_gen(&gp, o->gbits, o->fbits, 0, &rand_global, pgen_evspin, 0);
178 }
179 mpmont_create(&c->m, gp.p);
180 if (!o->n) o->n = 1;
181 c->n = o->n;
182 c->e = xmalloc(c->n * sizeof(mp_expfactor));
183 for (i = 0; i < c->n; i++) {
184 c->e[i].base = mprand_range(MP_NEW, gp.p, &rand_global, 0);
185 c->e[i].exp = mprand_range(MP_NEW, gp.q, &rand_global, 0);
186 }
187 dh_paramfree(&gp);
188 return (c);
189}
190
191static void mont_run(void *cc)
192{
193 mont_ctx *c = cc;
194 mp *d = mpmont_expr(&c->m, MP_NEW, c->e[0].base, c->e[0].exp);
195 MP_DROP(d);
196}
197
198static void montsim_run(void *cc)
199{
200 mont_ctx *c = cc;
201 mp *d = mpmont_mexpr(&c->m, MP_NEW, c->e, c->n);
202 MP_DROP(d);
203}
204
205/* --- Group exponentiation --- */
206
207typedef struct gr_ctx {
208 size_t n;
209 group *g;
210 group_expfactor *e;
211} gr_ctx;
212
213static void *grp_init(opts *o)
214{
215 gr_ctx *c = CREATE(gr_ctx);
216 const char *e;
217 gprime_param gp;
218 qd_parse qd;
219 size_t i;
220
221 if (o->name) {
222 qd.p = o->name;
223 if (dh_parse(&qd, &gp))
224 die(1, "bad prime group: %s", qd.e);
225 } else {
226 if (!o->fbits) o->fbits = 1024;
227 dh_gen(&gp, o->gbits, o->fbits, 0, &rand_global, pgen_evspin, 0);
228 }
229 c->g = group_prime(&gp);
e74e12bc 230 if (!(o->f & OF_NOCHECK) && (e = G_CHECK(c->g, &rand_global)) != 0)
e2edda68 231 die(1, "bad group: %s", e);
232 if (!o->n) o->n = 1;
233 c->n = o->n;
234 c->e = xmalloc(c->n * sizeof(group_expfactor));
235 for (i = 0; i < c->n; i++) {
236 c->e[i].base = G_CREATE(c->g);
237 G_FROMINT(c->g, c->e[i].base,
238 mprand_range(MP_NEW, gp.p, &rand_global, 0));
239 c->e[i].exp = mprand_range(MP_NEW, gp.q, &rand_global, 0);
240 }
241 dh_paramfree(&gp);
242 return (c);
243}
244
245static void *grec_init(opts *o)
246{
247 gr_ctx *c = CREATE(gr_ctx);
248 const char *e;
249 ec_info ei;
250 ec p = EC_INIT;
251 size_t i;
252
253 if (!o->name)
254 die(1, "can't generate elliptic curves");
255 if ((e = ec_getinfo(&ei, o->name)) != 0)
256 die(1, "bad curve: %s", e);
257 c->g = group_ec(&ei);
e74e12bc 258 if (!(o->f & OF_NOCHECK) && (e = G_CHECK(c->g, &rand_global)) != 0)
e2edda68 259 die(1, "bad group: %s", e);
260 if (!o->n) o->n = 1;
261 c->n = o->n;
262 c->e = xmalloc(c->n * sizeof(group_expfactor));
263 for (i = 0; i < c->n; i++) {
264 c->e[i].base = G_CREATE(c->g);
265 ec_rand(ei.c, &p, &rand_global);
266 G_FROMEC(c->g, c->e[i].base, &p);
267 c->e[i].exp = mprand_range(MP_NEW, ei.r, &rand_global, 0);
268 }
269 EC_DESTROY(&p);
270 return (c);
271}
272
273static void gr_run(void *cc)
274{
275 gr_ctx *c = cc;
276 ge *x = G_CREATE(c->g);
277 G_EXP(c->g, x, c->e[0].base, c->e[0].exp);
278 G_DESTROY(c->g, x);
279}
280
281static void grsim_run(void *cc)
282{
283 gr_ctx *c = cc;
284 ge *x = G_CREATE(c->g);
285 G_MEXP(c->g, x, c->e, c->n);
286 G_DESTROY(c->g, x);
287}
288
fc2d44af
MW		 289/* --- x25519 --- */
290
291typedef struct x25519_jobctx {
292 octet k[X25519_KEYSZ];
293 octet p[X25519_PUBSZ];
294} x25519_jobctx;
295
296static void *x25519_jobinit(opts *o)
297{
298 x25519_jobctx *c = CREATE(x25519_jobctx);
299 rand_get(RAND_GLOBAL, c->k, sizeof(c->k));
300 rand_get(RAND_GLOBAL, c->p, sizeof(c->p));
301 return (c);
302}
303
304static void x25519_jobrun(void *cc)
305 { x25519_jobctx *c = cc; octet z[X25519_OUTSZ]; x25519(z, c->k, c->p); }
306
643eb1bb
MW		 307/* --- x448 --- */
308
309typedef struct x448_jobctx {
310 octet k[X448_KEYSZ];
311 octet p[X448_PUBSZ];
312} x448_jobctx;
313
314static void *x448_jobinit(opts *o)
315{
316 x448_jobctx *c = CREATE(x448_jobctx);
317 rand_get(RAND_GLOBAL, c->k, sizeof(c->k));
318 rand_get(RAND_GLOBAL, c->p, sizeof(c->p));
319 return (c);
320}
321
322static void x448_jobrun(void *cc)
323 { x448_jobctx *c = cc; octet z[X448_OUTSZ]; x448(z, c->k, c->p); }
324
d56fd9d1
MW		 325/* --- Ed25519 --- */
326
327typedef struct ed25519_signctx {
328 octet k[ED25519_KEYSZ];
329 octet K[ED25519_PUBSZ];
330 octet m[64];
331} ed25519_signctx;
332
333typedef struct ed25519_vrfctx {
334 octet K[ED25519_PUBSZ];
335 octet m[64];
336 octet sig[ED25519_SIGSZ];
337} ed25519_vrfctx;
338
339static void *ed25519_signinit(opts *o)
340{
341 ed25519_signctx *c = CREATE(ed25519_signctx);
342
343 rand_get(RAND_GLOBAL, c->k, sizeof(c->k));
344 rand_get(RAND_GLOBAL, c->m, sizeof(c->m));
345 ed25519_pubkey(c->K, c->k, sizeof(c->k));
346 return (c);
347}
348
349static void ed25519_signrun(void *cc)
350{
351 ed25519_signctx *c = cc;
352 octet sig[ED25519_SIGSZ];
353
354 ed25519_sign(sig, c->k, sizeof(c->k), c->K, c->m, sizeof(c->m));
355}
356
357static void *ed25519_vrfinit(opts *o)
358{
359 octet k[ED25519_KEYSZ];
360 ed25519_vrfctx *c = CREATE(ed25519_vrfctx);
361
362 rand_get(RAND_GLOBAL, k, sizeof(k));
363 rand_get(RAND_GLOBAL, c->m, sizeof(c->m));
364 ed25519_pubkey(c->K, k, sizeof(k));
365 ed25519_sign(c->sig, k, sizeof(k), c->K, c->m, sizeof(c->m));
366 return (c);
367}
368
369static void ed25519_vrfrun(void *cc)
370{
371 ed25519_vrfctx *c = cc;
372 ed25519_verify(c->K, c->m, sizeof(c->m), c->sig);
373}
374
c578d5d8
MW		 375/* --- Ed448 --- */
376
377typedef struct ed448_signctx {
378 octet k[ED448_KEYSZ];
379 octet K[ED448_PUBSZ];
380 octet m[64];
381} ed448_signctx;
382
383typedef struct ed448_vrfctx {
384 octet K[ED448_PUBSZ];
385 octet m[64];
386 octet sig[ED448_SIGSZ];
387} ed448_vrfctx;
388
389static void *ed448_signinit(opts *o)
390{
391 ed448_signctx *c = CREATE(ed448_signctx);
392
393 rand_get(RAND_GLOBAL, c->k, sizeof(c->k));
394 rand_get(RAND_GLOBAL, c->m, sizeof(c->m));
395 ed448_pubkey(c->K, c->k, sizeof(c->k));
396 return (c);
397}
398
399static void ed448_signrun(void *cc)
400{
401 ed448_signctx *c = cc;
402 octet sig[ED448_SIGSZ];
403
404 ed448_sign(sig, c->k, sizeof(c->k), c->K, 0, 0, 0, c->m, sizeof(c->m));
405}
406
407static void *ed448_vrfinit(opts *o)
408{
409 octet k[ED448_KEYSZ];
410 ed448_vrfctx *c = CREATE(ed448_vrfctx);
411
412 rand_get(RAND_GLOBAL, k, sizeof(k));
413 rand_get(RAND_GLOBAL, c->m, sizeof(c->m));
414 ed448_pubkey(c->K, k, sizeof(k));
415 ed448_sign(c->sig, k, sizeof(k), c->K, 0, 0, 0, c->m, sizeof(c->m));
416 return (c);
417}
418
419static void ed448_vrfrun(void *cc)
420{
421 ed448_vrfctx *c = cc;
422 ed448_verify(c->K, 0, 0, 0, c->m, sizeof(c->m), c->sig);
423}
424
e2edda68 425/* --- RSA --- */
426
427typedef struct rsapriv_ctx {
428 rsa_priv rp;
429 rsa_privctx rpc;
430 mp *m;
431} rsapriv_ctx;
432
433static void *rsapriv_init(opts *o)
434{
435 rsapriv_ctx *c = CREATE(rsapriv_ctx);
436
437 if (!o->fbits) o->fbits = 1024;
57fe52c7
MW		 438 if (!o->e) o->e = mp_fromulong(MP_NEW, 65537);
439 rsa_gen_e(&c->rp, o->fbits, o->e, &rand_global, 0, pgen_evspin, 0);
e2edda68 440 rsa_privcreate(&c->rpc, &c->rp, 0);
441 c->m = mprand_range(MP_NEW, c->rp.n, &rand_global, 0);
442 return (c);
443}
444
445static void *rsaprivblind_init(opts *o)
446{
447 rsapriv_ctx *c = CREATE(rsapriv_ctx);
448
449 if (!o->fbits) o->fbits = 1024;
57fe52c7
MW		 450 if (!o->e) o->e = mp_fromulong(MP_NEW, 65537);
451 rsa_gen_e(&c->rp, o->fbits, o->e, &rand_global, 0, pgen_evspin, 0);
e2edda68 452 rsa_privcreate(&c->rpc, &c->rp, fibrand_create(0));
453 c->m = mprand_range(MP_NEW, c->rp.n, &rand_global, 0);
454 return (c);
455}
456
457static void rsapriv_run(void *cc)
458{
459 rsapriv_ctx *c = cc;
460 mp *d = rsa_privop(&c->rpc, MP_NEW, c->m);
461 MP_DROP(d);
462}
463
464typedef struct rsapub_ctx {
465 rsa_pub rp;
466 rsa_pubctx rpc;
467 mp *m;
468} rsapub_ctx;
469
470static void *rsapub_init(opts *o)
471{
472 rsapub_ctx *c = CREATE(rsapub_ctx);
473 rsa_priv rp;
474
475 if (!o->fbits) o->fbits = 1024;
57fe52c7
MW		 476 if (!o->e) o->e = mp_fromulong(MP_NEW, 65537);
477 rsa_gen_e(&rp, o->fbits, o->e, &rand_global, 0, pgen_evspin, 0);
e2edda68 478 c->rp.n = MP_COPY(rp.n);
479 c->rp.e = MP_COPY(rp.e);
480 rsa_privfree(&rp);
481 rsa_pubcreate(&c->rpc, &c->rp);
482 c->m = mprand_range(MP_NEW, c->rp.n, &rand_global, 0);
483 return (c);
484}
485
486static void rsapub_run(void *cc)
487{
488 rsapub_ctx *c = cc;
489 mp *d = rsa_pubop(&c->rpc, MP_NEW, c->m);
490 MP_DROP(d);
491}
492
493/* --- Symmetric encryption --- */
494
495typedef struct ksched_ctx {
496 const gccipher *c;
497 octet *k;
498 size_t ksz;
499} ksched_ctx;
500
501static void *ksched_init(opts *o)
502{
503 ksched_ctx *c = CREATE(ksched_ctx);
504 if (!o->name)
505 die(1, "must specify encryption scheme name");
506 if ((c->c = gcipher_byname(o->name)) == 0)
507 die(1, "encryption scheme `%s' not known", o->name);
178c2540
MW		 508 c->ksz = keysz(o->fbits/8, c->c->keysz);
509 if (o->fbits%8 || (o->fbits && c->ksz != o->fbits/8))
510 die(1, "bad key size %u for %s", o->fbits, o->name);
e2edda68 511 c->k = xmalloc(c->ksz);
512 rand_get(RAND_GLOBAL, c->k, c->ksz);
513 return (c);
514}
515
516static void ksched_run(void *cc)
517{
518 ksched_ctx *c = cc;
519 gcipher *gc = GC_INIT(c->c, c->k, c->ksz);
520 GC_DESTROY(gc);
521}
522
523typedef struct enc_ctx {
524 gcipher *c;
525 octet *m;
526 size_t sz;
527 size_t n;
528} enc_ctx;
529
530static void *enc_init(opts *o)
531{
532 enc_ctx *c = CREATE(enc_ctx);
533 const gccipher *cc;
534 size_t ksz;
535 octet *k;
536 if (!o->name)
537 die(1, "must specify encryption scheme name");
538 if ((cc = gcipher_byname(o->name)) == 0)
539 die(1, "encryption scheme `%s' not known", o->name);
178c2540
MW		 540 ksz = keysz(o->fbits/8, cc->keysz);
541 if (o->fbits%8 || (o->fbits && ksz != o->fbits/8))
542 die(1, "bad key size %u for %s", o->fbits, o->name);
e2edda68 543 k = xmalloc(ksz);
544 rand_get(RAND_GLOBAL, k, ksz);
545 c->c = GC_INIT(cc, k, ksz);
546 xfree(k);
547 c->sz = o->gbits ? o->gbits : 65536;
548 c->n = o->n ? o->n : 16;
8ae2bc5c 549 o->opwhat = "byte"; o->sc = c->n*c->sz;
e2edda68 550 c->m = xmalloc(c->sz);
551 return (c);
552}
553
554static void enc_run(void *cc)
555{
556 enc_ctx *c = cc;
557 size_t i;
558 for (i = 0; i < c->n; i++)
559 GC_ENCRYPT(c->c, c->m, c->m, c->sz);
560}
561
ceded834
MW		 562/* --- Authenticated encryption --- */
563
564typedef struct aeadsetup_ctx {
565 const gcaead *aec;
566 octet *k; size_t ksz;
567 octet *n; size_t nsz;
568 size_t tsz;
569} aeadsetup_ctx;
570
571static void *aeadsetup_init(opts *o)
572{
573 aeadsetup_ctx *c = CREATE(aeadsetup_ctx);
574 if (!o->name)
575 die(1, "must specify encryption scheme name");
576 if ((c->aec = gaead_byname(o->name)) == 0)
577 die(1, "aead scheme `%s' not known", o->name);
578 c->ksz = keysz(o->fbits/8, c->aec->keysz);
579 c->nsz = keysz_pad(o->gbits/8, c->aec->noncesz);
580 c->tsz = keysz(0, c->aec->tagsz);
581 if (o->fbits%8 || (o->fbits && c->ksz != o->fbits/8))
582 die(1, "bad key size %u for %s", o->fbits, o->name);
583 if (o->gbits%8 || (o->gbits && c->nsz != o->gbits/8))
584 die(1, "bad nonce size %u for %s", o->gbits, o->name);
585 c->k = xmalloc(c->ksz); rand_get(RAND_GLOBAL, c->k, c->ksz);
586 c->n = xmalloc(c->nsz); rand_get(RAND_GLOBAL, c->n, c->nsz);
587 return (c);
588}
589
590static void aeadsetup_run(void *cc)
591{
592 aeadsetup_ctx *c = cc;
593 gaead_key *k = GAEAD_KEY(c->aec, c->k, c->ksz);
594 gaead_enc *e = GAEAD_ENC(k, c->n, c->nsz, 0, 0, c->tsz);
595 GAEAD_DESTROY(e); GAEAD_DESTROY(k);
596}
597
598typedef struct aeadenc_ctx {
599 gaead_enc *enc;
600 octet *n; size_t nsz;
601 octet *p, *q; size_t sz; size_t nn;
602 size_t tsz;
603} aeadenc_ctx;
604
605static void *aeadenc_init(opts *o)
606{
607 aeadenc_ctx *c = CREATE(aeadenc_ctx);
608 const gcaead *aec;
609 gaead_key *key;
610 octet *k; size_t ksz;
611
612 if (!o->name)
613 die(1, "must specify encryption scheme name");
614 if ((aec = gaead_byname(o->name)) == 0)
615 die(1, "aead scheme `%s' not known", o->name);
616 c->sz = o->gbits ? o->gbits : 65536;
617 c->nn = o->n ? o->n : 16;
618 ksz = keysz(o->fbits/8, aec->keysz);
619 c->nsz = keysz(0, aec->noncesz);
620 c->tsz = keysz(0, aec->tagsz);
621 if (o->fbits%8 || (o->fbits && ksz != o->fbits/8))
622 die(1, "bad key size %u for %s", o->fbits, o->name);
623
624 k = xmalloc(ksz); rand_get(RAND_GLOBAL, k, ksz);
625 c->n = xmalloc(c->nsz); rand_get(RAND_GLOBAL, c->n, c->nsz);
626 c->p = xmalloc(c->sz); c->q = xmalloc(c->sz + aec->bufsz);
627
628 key = GAEAD_KEY(aec, k, ksz);
629 c->enc = GAEAD_ENC(key, c->n, c->nsz, 0, 0, c->tsz);
630 GAEAD_DESTROY(key); xfree(k);
631
632 o->opwhat = "byte"; o->sc = c->nn*c->sz;
633 return (c);
634}
635
636static void aeadaad_run(void *cc)
637{
638 aeadenc_ctx *c = cc;
639 gaead_aad *a;
640 size_t i;
641
642 GAEAD_REINIT(c->enc, c->n, c->nsz, c->nn*c->sz, 0, c->tsz);
643 a = GAEAD_AAD(c->enc);
644 for (i = 0; i < c->nn; i++) GAEAD_HASH(a, c->p, c->sz);
645 GAEAD_DESTROY(a);
646}
647
648static void aeadenc_run(void *cc)
649{
650 aeadenc_ctx *c = cc;
651 buf b;
652 size_t i;
653
654 GAEAD_REINIT(c->enc, c->n, c->nsz, 0, c->nn*c->sz, c->tsz);
655 for (i = 0; i < c->nn; i++) {
656 buf_init(&b, c->q, c->sz + c->enc->ops->c->bufsz);
657 GAEAD_ENCRYPT(c->enc, c->p, c->sz, &b);
658 }
659}
660
e2edda68 661/* --- Hashing --- */
662
663typedef struct hash_ctx {
664 const gchash *h;
665 octet *m;
666 size_t sz;
667 size_t n;
668} hash_ctx;
669
670static void *hash_init(opts *o)
671{
672 hash_ctx *c = CREATE(hash_ctx);
673 if (!o->name)
674 die(1, "must specify hash function name");
675 if ((c->h = ghash_byname(o->name)) == 0)
676 die(1, "hash function `%s' not known", o->name);
677 c->sz = o->gbits ? o->gbits : 65536;
678 c->n = o->n ? o->n : 16;
8ae2bc5c 679 o->opwhat = "byte"; o->sc = c->n*c->sz;
e2edda68 680 c->m = xmalloc(c->sz);
681 return (c);
682}
683
684static void hash_run(void *cc)
685{
686 hash_ctx *c = cc;
687 size_t i;
688 ghash *h = GH_INIT(c->h);
689 for (i = 0; i < c->n; i++)
690 GH_HASH(h, c->m, c->sz);
691 GH_DONE(h, 0);
692 GH_DESTROY(h);
693}
694
ef7cf21d
MW		 695/* --- Poly1305 --- */
696
697typedef struct poly1305_jobctx {
698 poly1305_key k;
699 octet s[POLY1305_MASKSZ];
700 octet *m;
701 size_t sz;
702 size_t n;
703} poly1305_jobctx;
704
705static void *poly1305_jobinit(opts *o)
706{
707 octet k[POLY1305_KEYSZ];
708 poly1305_jobctx *c = CREATE(poly1305_jobctx);
709 rand_get(RAND_GLOBAL, k, sizeof(k));
710 poly1305_keyinit(&c->k, k, sizeof(k));
711 rand_get(RAND_GLOBAL, c->s, sizeof(c->s));
712 c->sz = o->gbits ? o->gbits : 65536;
713 c->n = o->n ? o->n : 16;
8ae2bc5c 714 o->opwhat = "byte"; o->sc = c->n*c->sz;
ef7cf21d
MW		 715 c->m = xmalloc(c->sz);
716 return (c);
717}
718
719static void poly1305_jobrun(void *cc)
720{
721 poly1305_jobctx *c = cc;
722 poly1305_ctx ctx;
723 octet t[POLY1305_TAGSZ];
724 size_t i;
725 poly1305_macinit(&ctx, &c->k, c->s);
726 for (i = 0; i < c->n; i++) poly1305_hash(&ctx, c->m, c->sz);
727 poly1305_done(&ctx, t);
728}
729
e2edda68 730/* --- Job table --- */
731
c65df279 732typedef struct jobops {
e2edda68 733 const char *name;
734 void *(*init)(opts *);
735 void (*run)(void *);
736} jobops;
737
738static const jobops jobtab[] = {
45c0fd36 739 { "g-prime-exp", grp_init, gr_run },
e2edda68 740 { "g-ec-mul", grec_init, gr_run },
741 { "g-prime-exp-sim", grp_init, grsim_run },
742 { "g-ec-mul-sim", grec_init, grsim_run },
743 { "barrett-exp", bar_init, bar_run },
744 { "barrett-exp-sim", bar_init, barsim_run },
745 { "mont-exp", mont_init, mont_run },
746 { "mont-exp-sim", mont_init, montsim_run },
747 { "rsa-priv", rsapriv_init, rsapriv_run },
748 { "rsa-priv-blind", rsaprivblind_init, rsapriv_run },
749 { "rsa-pub", rsapub_init, rsapub_run },
fc2d44af 750 { "x25519", x25519_jobinit, x25519_jobrun },
643eb1bb 751 { "x448", x448_jobinit, x448_jobrun },
d56fd9d1
MW		 752 { "ed25519-sign", ed25519_signinit, ed25519_signrun },
753 { "ed25519-vrf", ed25519_vrfinit, ed25519_vrfrun },
c578d5d8
MW		 754 { "ed448-sign", ed448_signinit, ed448_signrun },
755 { "ed448-vrf", ed448_vrfinit, ed448_vrfrun },
e2edda68 756 { "ksched", ksched_init, ksched_run },
757 { "enc", enc_init, enc_run },
ceded834
MW		 758 { "aead-setup", aeadsetup_init, aeadsetup_run },
759 { "aead-aad", aeadenc_init, aeadaad_run },
760 { "aead-enc", aeadenc_init, aeadenc_run },
e2edda68 761 { "hash", hash_init, hash_run },
ef7cf21d 762 { "poly1305", poly1305_jobinit, poly1305_jobrun },
e2edda68 763 { 0, 0, 0 }
764};
765
8ae2bc5c
MW		 766/*----- Cycle counting ----------------------------------------------------*/
767
768typedef kludge64 cycles;
769static int cyclecount_active_p = 0;
770
771#if defined(__GNUC__) && (CPUFAM_X86 || CPUFAM_AMD64)
772
773static void init_cyclecount(void) { cyclecount_active_p = 1; }
774
775static cycles cyclecount(void)
776{
777 uint32 lo, hi;
778 kludge64 cy;
779
780 __asm__("rdtsc" : "=a"(lo), "=d"(hi));
781 SET64(cy, hi, lo);
782 return cy;
783}
784
785#elif defined(HAVE_LINUX_PERF_EVENT_H) && defined(HAVE_UINT64)
786
787static int perf_fd = -1;
788
789static void init_cyclecount(void)
790{
791 struct perf_event_attr attr = { 0 };
792
793 attr.type = PERF_TYPE_HARDWARE;
794 attr.size = sizeof(attr);
795 attr.config = PERF_COUNT_HW_CPU_CYCLES;
796 attr.disabled = 0;
797 attr.exclude_kernel = 1;
798 attr.exclude_hv = 1;
799
800 if ((perf_fd = syscall(__NR_perf_event_open, &attr, 0, -1, -1, 0)) < 0)
801 moan("failed to open perf event: %s", strerror(errno));
802 else
803 cyclecount_active_p = 1;
804}
805
806static cycles cyclecount(void)
807{
808 kludge64 cy;
809 ssize_t n;
810
811 if (!cyclecount_active_p)
812 goto fail;
813 else if ((n = read(perf_fd, &cy.i, sizeof(cy.i))) != sizeof(cy.i)) {
814 if (n < 0) moan("error reading perf event: %s", strerror(errno));
815 else moan("unexpected short read from perf event");
816 cyclecount_active_p = 0; close(perf_fd); perf_fd = -1;
817 goto fail;
818 }
819end:
820 return (cy);
821fail:
822 SET64(cy, 0, 0);
823 goto end;
824}
825
826#else
827
828static void init_cyclecount(void) { cyclecount_active_p = 0; }
829static cycles cyclecount(void) { kludge64 cy; SET64(cy, 0, 0); return (cy); }
830
831#endif
832
e2edda68 833/*----- Main code ---------------------------------------------------------*/
834
c65df279 835void version(FILE *fp)
e2edda68 836{
837 pquis(fp, "$, Catacomb " VERSION "\n");
838}
839
840static void usage(FILE *fp)
841{
842 pquis(fp, "Usage: $ [-options] job\n");
843}
844
845static void help(FILE *fp)
846{
847 version(fp);
848 putc('\n', fp);
849 usage(fp);
850 pquis(fp, "\n\
851Various performance tests.\n\
c65df279 852\n\
853Options:\n\
854\n\
855-h, --help Show this help text.\n\
856-v, --version Show program version number.\n\
857-u, --usage Show terse usage message.\n\
858-l, --list [ITEM...] List all the various names of things.\n\
859\n\
860-C, --name=NAME Select curve/DH-group/enc/hash name.\n\
178c2540 861-b, --field-bits Field size for g-prime and rsa;\n\
ceded834 862 key bits for ksched, enc, aead-setup, aead-enc.\n\
78614e02 863-q, --no-check Don't check field/group for validity.\n\
ceded834
MW		 864-B, --group-bits Group size for g-prime; nonce bits for aead-setup;\n\
865 data size for enc, aead-aad, aead-enc, and hash.\n\
6fbaed95 866-n, --factors=COUNT Number of factors for {exp,mul}-sim;\n\
ceded834 867 inner iters for enc, aead-aad, aead-enc, hash.\n\
c65df279 868-i, --intervals=COUNT Number of intervals to run for. [0; forever]\n\
a43e80e3 869-k, --batch=COUNT Number of operations to batch between timer checks.\n\
c65df279 870-t, --time=TIME Length of an interval in seconds. [1]\n\
e2edda68 871");
872}
873
c65df279 874#define LISTS(LI) \
875 LI("Lists", list, \
876 listtab[i].name, listtab[i].name) \
877 LI("Jobs", job, \
878 jobtab[i].name, jobtab[i].name) \
879 LI("Elliptic curves", ec, \
880 ectab[i].name, ectab[i].name) \
881 LI("Diffie-Hellman groups", dh, \
882 ptab[i].name, ptab[i].name) \
883 LI("Encryption algorithms", cipher, \
884 gciphertab[i], gciphertab[i]->name) \
ceded834
MW		 885 LI("Authenticated encryption schemes", aead, \
886 gaeadtab[i], gaeadtab[i]->name) \
c65df279 887 LI("Hash functions", hash, \
888 ghashtab[i], ghashtab[i]->name)
889
890MAKELISTTAB(listtab, LISTS)
891
e2edda68 892static unsigned uarg(const char *what, const char *p)
893{
894 char *q;
895 unsigned long u;
896 errno = 0;
897 u = strtoul(p, &q, 0);
898 if (*q || u > UINT_MAX || q == p || errno)
899 die(1, "bad %s `%s'", what, p);
900 return (u);
901}
902
57fe52c7
MW		 903static mp *mparg(const char *what, const char *p)
904{
905 char *q;
906 mp *x = mp_readstring(MP_NEW, p, &q, 0);
907 if (!x || *q) die(1, "bad %s `%s'", what, p);
908 return (x);
909}
910
e2edda68 911static double farg(const char *what, const char *p)
912{
913 char *q;
914 double f;
915 errno = 0;
916 f = strtod(p, &q);
917 if (*q || q == p || errno)
918 die(1, "bad %s `%s'", what, p);
919 return (f);
920}
921
922int main(int argc, char *argv[])
923{
924 int i;
925 opts o = { 0 };
926 const jobops *j;
927 struct timeval tv_next, tv_now;
8ae2bc5c 928 double t, ttot, cy, cytot;
a43e80e3 929 unsigned n, k;
e2edda68 930 unsigned long ii;
24d2e65e 931 clock_t c0, c1;
8ae2bc5c 932 kludge64 cy0, cy1, cydiff;
e2edda68 933 double itot;
934 void *p;
935
936 ego(argv[0]);
8ae2bc5c 937 o.t = 1; o.k = 1; o.sc = 1; o.opwhat = "op";
e2edda68 938 for (;;) {
939 static const struct option opts[] = {
940 { "help", 0, 0, 'h' },
941 { "version", 0, 0, 'v' },
942 { "usage", 0, 0, 'u' },
c65df279 943 { "list", 0, 0, 'l' },
e2edda68 944 { "name", OPTF_ARGREQ, 0, 'C' },
945 { "field-bits", OPTF_ARGREQ, 0, 'b' },
946 { "group-bits", OPTF_ARGREQ, 0, 'B' },
947 { "factors", OPTF_ARGREQ, 0, 'n' },
948 { "intervals", OPTF_ARGREQ, 0, 'i' },
a43e80e3 949 { "batch", OPTF_ARGREQ, 0, 'k' },
57fe52c7 950 { "public-exponent", OPTF_ARGREQ, 0, 'e' },
e2edda68 951 { "time", OPTF_ARGREQ, 0, 't' },
e74e12bc 952 { "no-check", 0, 0, 'q' },
e2edda68 953 { 0, 0, 0, 0 }
954 };
955
a43e80e3 956 i = mdwopt(argc, argv, "hvulC:b:B:n:i:k:e:t:q", opts, 0, 0, 0);
e2edda68 957 if (i < 0) break;
958 switch (i) {
959 case 'h': help(stdout); exit(0);
960 case 'v': version(stdout); exit(0);
961 case 'u': usage(stdout); exit(0);
c65df279 962 case 'l': exit(displaylists(listtab, argv + optind));
e2edda68 963 case 'C': o.name = optarg; break;
964 case 'b': o.fbits = uarg("field bits", optarg); break;
965 case 'B': o.gbits = uarg("subgroup bits", optarg); break;
966 case 'n': o.n = uarg("factor count", optarg); break;
57fe52c7
MW		 967 case 'e':
968 mp_drop(o.e); o.e = mparg("public exponent", optarg);
969 if (MP_CMP(o.e, <, MP_THREE) || MP_EVENP(o.e))
970 die(1, "invalid public exponent");
971 break;
e2edda68 972 case 'i': o.i = uarg("interval count", optarg); break;
973 case 't': o.t = farg("interval length", optarg); break;
a43e80e3 974 case 'k': o.k = uarg("batch size", optarg); break;
e74e12bc 975 case 'q': o.f |= OF_NOCHECK; break;
e2edda68 976 default: usage(stderr); exit(1);
977 }
978 }
979 if (optind + 1 != argc) { usage(stderr); exit(1); }
980
981 for (j = jobtab; j->name; j++)
982 if (strcmp(j->name, argv[optind]) == 0) break;
983 if (!j->name) die(1, "unknown job type `%s'", argv[optind]);
984 p = j->init(&o);
985
986 n = 0;
8ae2bc5c 987 ttot = itot = 0; cytot = 0; init_cyclecount();
e2edda68 988 gettimeofday(&tv_now, 0);
989 do {
990 tv_addl(&tv_next, &tv_now, o.t, fmod(o.t * MILLION, MILLION));
991 ii = 0;
8ae2bc5c 992 c0 = clock(); cy0 = cyclecount();
e2edda68 993 do {
a43e80e3
MW		 994 for (k = 0; k < o.k; k++) { j->run(p); }
995 ii += k;
e2edda68 996 gettimeofday(&tv_now, 0);
997 } while (TV_CMP(&tv_now, <, &tv_next));
8ae2bc5c 998 cy1 = cyclecount(); c1 = clock();
24d2e65e
MW		 999 t = (double)(c1 - c0)/CLOCKS_PER_SEC;
1000 itot += ii; ttot += t;
8ae2bc5c 1001 printf("%5u: did = %5lu; /sec = %5f; avg /sec = %5f",
e2edda68 1002 n, ii, ii/t, itot/ttot);
8ae2bc5c
MW		 1003 if (cyclecount_active_p) {
1004 SUB64(cydiff, cy1, cy0); cy = LO64(cydiff) + ldexp(HI64(cydiff), 32);
1005 cytot += cy;
1006 printf(" (cy/%s = %3f; avg cy/%s = %3f)",
1007 o.opwhat, cy/ii/o.sc, o.opwhat, cytot/itot/o.sc);
1008 }
1009 putchar('\n');
e2edda68 1010 fflush(stdout);
1011 n++;
1012 } while (!o.i || n < o.i);
1013
1014 return (0);
1015}
1016
1017/*----- That's all, folks -------------------------------------------------*/
Catacomb cryptographic library