[catacomb] / progs / perftest.c

/* -*-c-*-
 *
 * Measure performance of various operations (Unix-specific)
 *
 * (c) 2004 Straylight/Edgeware
 */

/*----- Licensing notice --------------------------------------------------*
 *
 * This file is part of Catacomb.
 *
 * Catacomb is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Library General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 *
 * Catacomb is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Library General Public License for more details.
 *
 * You should have received a copy of the GNU Library General Public
 * License along with Catacomb; if not, write to the Free
 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
 * MA 02111-1307, USA.
 */

/*----- Header files ------------------------------------------------------*/

#define _FILE_OFFSET_BITS 64

#include "config.h"

#include <errno.h>
#include <limits.h>
#include <math.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <time.h>

#include <sys/types.h>
#include <sys/time.h>
#include <unistd.h>

#include <mLib/alloc.h>
#include <mLib/dstr.h>
#include <mLib/mdwopt.h>
#include <mLib/quis.h>
#include <mLib/report.h>
#include <mLib/sub.h>
#include <mLib/tv.h>

#include "rand.h"
#include "mp.h"
#include "mprand.h"
#include "fibrand.h"
#include "rsa.h"
#include "mpmont.h"
#include "mpbarrett.h"
#include "dh.h"
#include "pgen.h"
#include "ec.h"
#include "group.h"

#include "cc.h"
#include "gcipher.h"
#include "ghash.h"
#include "gmac.h"
#include "poly1305.h"

#include "ectab.h"
#include "ptab.h"

/*----- Options -----------------------------------------------------------*/

typedef struct opts {
  const char *name;			/* Pre-configured named thing */
  unsigned fbits;			/* Field size bits */
  unsigned gbits;			/* Group size bits */
  unsigned n;				/* Number of factors */
  unsigned i;				/* Number of intervals (or zero) */
  double t;				/* Time for each interval (secs) */
  unsigned f;				/* Flags */
#define OF_NOCHECK 1u			/*   Don't do group checking */
} opts;

/*----- Job switch --------------------------------------------------------*/

/* --- Barrett exponentiation --- */

typedef struct bar_ctx {
  size_t n;
  mpbarrett b;
  mp_expfactor *e;
} bar_ctx;

static void *bar_init(opts *o)
{
  bar_ctx *c = CREATE(bar_ctx);
  gprime_param gp;
  qd_parse qd;
  size_t i;

  if (o->name) {
    qd.p = o->name;
    if (dh_parse(&qd, &gp))
      die(1, "bad prime group: %s", qd.e);
  } else {
    if (!o->fbits) o->fbits = 1024;
    dh_gen(&gp, o->gbits, o->fbits, 0, &rand_global, pgen_evspin, 0);
  }
  mpbarrett_create(&c->b, gp.p);
  if (!o->n) o->n = 1;
  c->n = o->n;
  c->e = xmalloc(c->n * sizeof(group_expfactor));
  for (i = 0; i < c->n; i++) {
    c->e[i].base = mprand_range(MP_NEW, gp.p, &rand_global, 0);
    c->e[i].exp = mprand_range(MP_NEW, gp.q, &rand_global, 0);
  }
  dh_paramfree(&gp);
  return (c);
}

static void bar_run(void *cc)
{
  bar_ctx *c = cc;
  mp *d = mpbarrett_exp(&c->b, MP_NEW, c->e[0].base, c->e[0].exp);
  MP_DROP(d);
}

static void barsim_run(void *cc)
{
  bar_ctx *c = cc;
  mp *d = mpbarrett_mexp(&c->b, MP_NEW, c->e, c->n);
  MP_DROP(d);
}

/* --- Montgomery exponentiation --- */

typedef struct mont_ctx {
  size_t n;
  mpmont m;
  mp_expfactor *e;
} mont_ctx;

static void *mont_init(opts *o)
{
  mont_ctx *c = CREATE(mont_ctx);
  gprime_param gp;
  qd_parse qd;
  size_t i;

  if (o->name) {
    qd.p = o->name;
    if (dh_parse(&qd, &gp))
      die(1, "bad prime group: %s", qd.e);
  } else {
    if (!o->fbits) o->fbits = 1024;
    dh_gen(&gp, o->gbits, o->fbits, 0, &rand_global, pgen_evspin, 0);
  }
  mpmont_create(&c->m, gp.p);
  if (!o->n) o->n = 1;
  c->n = o->n;
  c->e = xmalloc(c->n * sizeof(mp_expfactor));
  for (i = 0; i < c->n; i++) {
    c->e[i].base = mprand_range(MP_NEW, gp.p, &rand_global, 0);
    c->e[i].exp = mprand_range(MP_NEW, gp.q, &rand_global, 0);
  }
  dh_paramfree(&gp);
  return (c);
}

static void mont_run(void *cc)
{
  mont_ctx *c = cc;
  mp *d = mpmont_expr(&c->m, MP_NEW, c->e[0].base, c->e[0].exp);
  MP_DROP(d);
}

static void montsim_run(void *cc)
{
  mont_ctx *c = cc;
  mp *d = mpmont_mexpr(&c->m, MP_NEW, c->e, c->n);
  MP_DROP(d);
}

/* --- Group exponentiation --- */

typedef struct gr_ctx {
  size_t n;
  group *g;
  group_expfactor *e;
} gr_ctx;

static void *grp_init(opts *o)
{
  gr_ctx *c = CREATE(gr_ctx);
  const char *e;
  gprime_param gp;
  qd_parse qd;
  size_t i;

  if (o->name) {
    qd.p = o->name;
    if (dh_parse(&qd, &gp))
      die(1, "bad prime group: %s", qd.e);
  } else {
    if (!o->fbits) o->fbits = 1024;
    dh_gen(&gp, o->gbits, o->fbits, 0, &rand_global, pgen_evspin, 0);
  }
  c->g = group_prime(&gp);
  if (!(o->f & OF_NOCHECK) && (e = G_CHECK(c->g, &rand_global)) != 0)
    die(1, "bad group: %s", e);
  if (!o->n) o->n = 1;
  c->n = o->n;
  c->e = xmalloc(c->n * sizeof(group_expfactor));
  for (i = 0; i < c->n; i++) {
    c->e[i].base = G_CREATE(c->g);
    G_FROMINT(c->g, c->e[i].base,
	      mprand_range(MP_NEW, gp.p, &rand_global, 0));
    c->e[i].exp = mprand_range(MP_NEW, gp.q, &rand_global, 0);
  }
  dh_paramfree(&gp);
  return (c);
}

static void *grec_init(opts *o)
{
  gr_ctx *c = CREATE(gr_ctx);
  const char *e;
  ec_info ei;
  ec p = EC_INIT;
  size_t i;

  if (!o->name)
    die(1, "can't generate elliptic curves");
  if ((e = ec_getinfo(&ei, o->name)) != 0)
    die(1, "bad curve: %s", e);
  c->g = group_ec(&ei);
  if (!(o->f & OF_NOCHECK) && (e = G_CHECK(c->g, &rand_global)) != 0)
    die(1, "bad group: %s", e);
  if (!o->n) o->n = 1;
  c->n = o->n;
  c->e = xmalloc(c->n * sizeof(group_expfactor));
  for (i = 0; i < c->n; i++) {
    c->e[i].base = G_CREATE(c->g);
    ec_rand(ei.c, &p, &rand_global);
    G_FROMEC(c->g, c->e[i].base, &p);
    c->e[i].exp = mprand_range(MP_NEW, ei.r, &rand_global, 0);
  }
  EC_DESTROY(&p);
  return (c);
}

static void gr_run(void *cc)
{
  gr_ctx *c = cc;
  ge *x = G_CREATE(c->g);
  G_EXP(c->g, x, c->e[0].base, c->e[0].exp);
  G_DESTROY(c->g, x);
}

static void grsim_run(void *cc)
{
  gr_ctx *c = cc;
  ge *x = G_CREATE(c->g);
  G_MEXP(c->g, x, c->e, c->n);
  G_DESTROY(c->g, x);
}

/* --- RSA --- */

typedef struct rsapriv_ctx {
  rsa_priv rp;
  rsa_privctx rpc;
  mp *m;
} rsapriv_ctx;

static void *rsapriv_init(opts *o)
{
  rsapriv_ctx *c = CREATE(rsapriv_ctx);

  if (!o->fbits) o->fbits = 1024;
  rsa_gen(&c->rp, o->fbits, &rand_global, 0, pgen_evspin, 0);
  rsa_privcreate(&c->rpc, &c->rp, 0);
  c->m = mprand_range(MP_NEW, c->rp.n, &rand_global, 0);
  return (c);
}

static void *rsaprivblind_init(opts *o)
{
  rsapriv_ctx *c = CREATE(rsapriv_ctx);

  if (!o->fbits) o->fbits = 1024;
  rsa_gen(&c->rp, o->fbits, &rand_global, 0, pgen_evspin, 0);
  rsa_privcreate(&c->rpc, &c->rp, fibrand_create(0));
  c->m = mprand_range(MP_NEW, c->rp.n, &rand_global, 0);
  return (c);
}

static void rsapriv_run(void *cc)
{
  rsapriv_ctx *c = cc;
  mp *d = rsa_privop(&c->rpc, MP_NEW, c->m);
  MP_DROP(d);
}

typedef struct rsapub_ctx {
  rsa_pub rp;
  rsa_pubctx rpc;
  mp *m;
} rsapub_ctx;

static void *rsapub_init(opts *o)
{
  rsapub_ctx *c = CREATE(rsapub_ctx);
  rsa_priv rp;

  if (!o->fbits) o->fbits = 1024;
  rsa_gen(&rp, o->fbits, &rand_global, 0, pgen_evspin, 0);
  c->rp.n = MP_COPY(rp.n);
  c->rp.e = MP_COPY(rp.e);
  rsa_privfree(&rp);
  rsa_pubcreate(&c->rpc, &c->rp);
  c->m = mprand_range(MP_NEW, c->rp.n, &rand_global, 0);
  return (c);
}

static void rsapub_run(void *cc)
{
  rsapub_ctx *c = cc;
  mp *d = rsa_pubop(&c->rpc, MP_NEW, c->m);
  MP_DROP(d);
}

/* --- Symmetric encryption --- */

typedef struct ksched_ctx {
  const gccipher *c;
  octet *k;
  size_t ksz;
} ksched_ctx;

static void *ksched_init(opts *o)
{
  ksched_ctx *c = CREATE(ksched_ctx);
  if (!o->name)
    die(1, "must specify encryption scheme name");
  if ((c->c = gcipher_byname(o->name)) == 0)
    die(1, "encryption scheme `%s' not known", o->name);
  c->ksz = keysz(o->gbits/8, c->c->keysz);
  c->k = xmalloc(c->ksz);
  rand_get(RAND_GLOBAL, c->k, c->ksz);
  return (c);
}

static void ksched_run(void *cc)
{
  ksched_ctx *c = cc;
  gcipher *gc = GC_INIT(c->c, c->k, c->ksz);
  GC_DESTROY(gc);
}

typedef struct enc_ctx {
  gcipher *c;
  octet *m;
  size_t sz;
  size_t n;
} enc_ctx;

static void *enc_init(opts *o)
{
  enc_ctx *c = CREATE(enc_ctx);
  const gccipher *cc;
  size_t ksz;
  octet *k;
  if (!o->name)
    die(1, "must specify encryption scheme name");
  if ((cc = gcipher_byname(o->name)) == 0)
    die(1, "encryption scheme `%s' not known", o->name);
  ksz = keysz(0, cc->keysz);
  k = xmalloc(ksz);
  rand_get(RAND_GLOBAL, k, ksz);
  c->c = GC_INIT(cc, k, ksz);
  xfree(k);
  c->sz = o->gbits ? o->gbits : 65536;
  c->n = o->n ? o->n : 16;
  c->m = xmalloc(c->sz);
  return (c);
}

static void enc_run(void *cc)
{
  enc_ctx *c = cc;
  size_t i;
  for (i = 0; i < c->n; i++)
    GC_ENCRYPT(c->c, c->m, c->m, c->sz);
}

/* --- Hashing --- */

typedef struct hash_ctx {
  const gchash *h;
  octet *m;
  size_t sz;
  size_t n;
} hash_ctx;

static void *hash_init(opts *o)
{
  hash_ctx *c = CREATE(hash_ctx);
  if (!o->name)
    die(1, "must specify hash function name");
  if ((c->h = ghash_byname(o->name)) == 0)
    die(1, "hash function `%s' not known", o->name);
  c->sz = o->gbits ? o->gbits : 65536;
  c->n = o->n ? o->n : 16;
  c->m = xmalloc(c->sz);
  return (c);
}

static void hash_run(void *cc)
{
  hash_ctx *c = cc;
  size_t i;
  ghash *h = GH_INIT(c->h);
  for (i = 0; i < c->n; i++)
    GH_HASH(h, c->m, c->sz);
  GH_DONE(h, 0);
  GH_DESTROY(h);
}

/* --- Poly1305 --- */

typedef struct poly1305_jobctx {
  poly1305_key k;
  octet s[POLY1305_MASKSZ];
  octet *m;
  size_t sz;
  size_t n;
} poly1305_jobctx;

static void *poly1305_jobinit(opts *o)
{
  octet k[POLY1305_KEYSZ];
  poly1305_jobctx *c = CREATE(poly1305_jobctx);
  rand_get(RAND_GLOBAL, k, sizeof(k));
  poly1305_keyinit(&c->k, k, sizeof(k));
  rand_get(RAND_GLOBAL, c->s, sizeof(c->s));
  c->sz = o->gbits ? o->gbits : 65536;
  c->n = o->n ? o->n : 16;
  c->m = xmalloc(c->sz);
  return (c);
}

static void poly1305_jobrun(void *cc)
{
  poly1305_jobctx *c = cc;
  poly1305_ctx ctx;
  octet t[POLY1305_TAGSZ];
  size_t i;
  poly1305_macinit(&ctx, &c->k, c->s);
  for (i = 0; i < c->n; i++) poly1305_hash(&ctx, c->m, c->sz);
  poly1305_done(&ctx, t);
}

/* --- Job table --- */

typedef struct jobops {
  const char *name;
  void *(*init)(opts *);
  void (*run)(void *);
} jobops;

static const jobops jobtab[] = {
  { "g-prime-exp",		grp_init,		gr_run },
  { "g-ec-mul",			grec_init,		gr_run },
  { "g-prime-exp-sim",		grp_init,		grsim_run },
  { "g-ec-mul-sim",		grec_init,		grsim_run },
  { "barrett-exp",		bar_init,		bar_run },
  { "barrett-exp-sim",		bar_init,		barsim_run },
  { "mont-exp",			mont_init,		mont_run },
  { "mont-exp-sim",		mont_init,		montsim_run },
  { "rsa-priv",			rsapriv_init,		rsapriv_run },
  { "rsa-priv-blind",		rsaprivblind_init,	rsapriv_run },
  { "rsa-pub",			rsapub_init,		rsapub_run },
  { "ksched",			ksched_init,		ksched_run },
  { "enc",			enc_init,		enc_run },
  { "hash",			hash_init,		hash_run },
  { "poly1305",			poly1305_jobinit,	poly1305_jobrun },
  { 0,				0,			0 }
};

/*----- Main code ---------------------------------------------------------*/

void version(FILE *fp)
{
  pquis(fp, "$, Catacomb " VERSION "\n");
}

static void usage(FILE *fp)
{
  pquis(fp, "Usage: $ [-options] job\n");
}

static void help(FILE *fp)
{
  version(fp);
  putc('\n', fp);
  usage(fp);
  pquis(fp, "\n\
Various performance tests.\n\
\n\
Options:\n\
\n\
-h, --help		Show this help text.\n\
-v, --version		Show program version number.\n\
-u, --usage		Show terse usage message.\n\
-l, --list [ITEM...]	List all the various names of things.\n\
\n\
-C, --name=NAME		Select curve/DH-group/enc/hash name.\n\
-b, --field-bits	Field size for g-prime and rsa.\n\
-q, --no-check		Don't check field/group for validity.\n\
-B, --group-bits	Group size for g-prime; key size for ksched;\n\
			  data size for enc and hash.\n\
-n, --factors=COUNT	Number of factors for {exp,mul}-sim.\n\
-i, --intervals=COUNT	Number of intervals to run for.  [0; forever]\n\
-t, --time=TIME		Length of an interval in seconds.  [1]\n\
");
}

#define LISTS(LI)							\
  LI("Lists", list,							\
     listtab[i].name, listtab[i].name)					\
  LI("Jobs", job,							\
     jobtab[i].name, jobtab[i].name)					\
  LI("Elliptic curves", ec,						\
     ectab[i].name, ectab[i].name)					\
  LI("Diffie-Hellman groups", dh,					\
     ptab[i].name, ptab[i].name)					\
  LI("Encryption algorithms", cipher,					\
     gciphertab[i], gciphertab[i]->name)				\
  LI("Hash functions", hash,						\
     ghashtab[i], ghashtab[i]->name)

MAKELISTTAB(listtab, LISTS)

static unsigned uarg(const char *what, const char *p)
{
  char *q;
  unsigned long u;
  errno = 0;
  u = strtoul(p, &q, 0);
  if (*q || u > UINT_MAX || q == p || errno)
    die(1, "bad %s `%s'", what, p);
  return (u);
}

static double farg(const char *what, const char *p)
{
  char *q;
  double f;
  errno = 0;
  f = strtod(p, &q);
  if (*q || q == p || errno)
    die(1, "bad %s `%s'", what, p);
  return (f);
}

int main(int argc, char *argv[])
{
  int i;
  opts o = { 0 };
  const jobops *j;
  struct timeval tv_next, tv_now;
  double t, ttot;
  unsigned n;
  unsigned long ii;
  clock_t c_start, c_stop;
  double itot;
  void *p;

  ego(argv[0]);
  o.t = 1;
  for (;;) {
    static const struct option opts[] = {
      { "help",		0,		0,	'h' },
      { "version",	0,		0,	'v' },
      { "usage",	0,		0,	'u' },
      { "list",		0,		0,	'l' },
      { "name",		OPTF_ARGREQ,	0,	'C' },
      { "field-bits",	OPTF_ARGREQ,	0,	'b' },
      { "group-bits",	OPTF_ARGREQ,	0,	'B' },
      { "factors",	OPTF_ARGREQ,	0,	'n' },
      { "intervals",	OPTF_ARGREQ,	0,	'i' },
      { "time",		OPTF_ARGREQ,	0,	't' },
      { "no-check",	0,		0,	'q' },
      { 0,		0,		0,	0 }
    };

    i = mdwopt(argc, argv, "hvulC:b:B:n:i:t:q", opts, 0, 0, 0);
    if (i < 0) break;
    switch (i) {
      case 'h': help(stdout); exit(0);
      case 'v': version(stdout); exit(0);
      case 'u': usage(stdout); exit(0);
      case 'l': exit(displaylists(listtab, argv + optind));
      case 'C': o.name = optarg; break;
      case 'b': o.fbits = uarg("field bits", optarg); break;
      case 'B': o.gbits = uarg("subgroup bits", optarg); break;
      case 'n': o.n = uarg("factor count", optarg); break;
      case 'i': o.i = uarg("interval count", optarg); break;
      case 't': o.t = farg("interval length", optarg); break;
      case 'q': o.f |= OF_NOCHECK; break;
      default: usage(stderr); exit(1);
    }
  }
  if (optind + 1 != argc) { usage(stderr); exit(1); }

  for (j = jobtab; j->name; j++)
    if (strcmp(j->name, argv[optind]) == 0) break;
  if (!j->name) die(1, "unknown job type `%s'", argv[optind]);
  p = j->init(&o);

  n = 0;
  ttot = itot =	 0;
  gettimeofday(&tv_now, 0);
  do {
    tv_addl(&tv_next, &tv_now, o.t, fmod(o.t * MILLION, MILLION));
    ii = 0;
    c_start = clock();
    do {
      j->run(p);
      ii++;
      gettimeofday(&tv_now, 0);
    } while (TV_CMP(&tv_now, <, &tv_next));
    c_stop = clock();
    t = (double)(c_stop - c_start)/CLOCKS_PER_SEC;
    itot += ii;
    ttot += t;
    printf("%5u: did = %5lu; /sec = %5f; avg /sec = %5f\n",
	   n, ii, ii/t, itot/ttot);
    fflush(stdout);
    n++;
  } while (!o.i || n < o.i);

  return (0);
}

/*----- That's all, folks -------------------------------------------------*/
Commit	Line	Data
e2edda68	1	/* --c--
e2edda68	2	*
e2edda68	3	* Measure performance of various operations (Unix-specific)
	4	*
	5	* (c) 2004 Straylight/Edgeware
	6	*/
	7
45c0fd36	8	/----- Licensing notice --------------------------------------------------
e2edda68	9	*
	10	* This file is part of Catacomb.
	11	*
	12	* Catacomb is free software; you can redistribute it and/or modify
	13	* it under the terms of the GNU Library General Public License as
	14	* published by the Free Software Foundation; either version 2 of the
	15	* License, or (at your option) any later version.
45c0fd36	16	*
e2edda68	17	* Catacomb is distributed in the hope that it will be useful,
	18	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	19	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	20	* GNU Library General Public License for more details.
45c0fd36	21	*
e2edda68	22	* You should have received a copy of the GNU Library General Public
	23	* License along with Catacomb; if not, write to the Free
	24	* Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
	25	* MA 02111-1307, USA.
	26	*/
	27
	28	/----- Header files ------------------------------------------------------/
	29
cd6eca43 MW	30	#define _FILE_OFFSET_BITS 64
cd6eca43 MW	31
e2edda68	32	#include "config.h"
	33
	34	#include <errno.h>
	35	#include <limits.h>
	36	#include <math.h>
	37	#include <stdio.h>
	38	#include <string.h>
	39	#include <stdlib.h>
	40	#include <time.h>
	41
	42	#include <sys/types.h>
	43	#include <sys/time.h>
	44	#include <unistd.h>
	45
	46	#include <mLib/alloc.h>
	47	#include <mLib/dstr.h>
	48	#include <mLib/mdwopt.h>
	49	#include <mLib/quis.h>
	50	#include <mLib/report.h>
	51	#include <mLib/sub.h>
	52	#include <mLib/tv.h>
	53
	54	#include "rand.h"
	55	#include "mp.h"
	56	#include "mprand.h"
	57	#include "fibrand.h"
	58	#include "rsa.h"
	59	#include "mpmont.h"
	60	#include "mpbarrett.h"
	61	#include "dh.h"
	62	#include "pgen.h"
	63	#include "ec.h"
	64	#include "group.h"
	65
c65df279	66	#include "cc.h"
e2edda68	67	#include "gcipher.h"
	68	#include "ghash.h"
	69	#include "gmac.h"
ef7cf21d	70	#include "poly1305.h"
19e6e199	71
c65df279	72	#include "ectab.h"
c65df279	73	#include "ptab.h"
e2edda68	74
	75	/----- Options -----------------------------------------------------------/
	76
	77	typedef struct opts {
	78	const char name; / Pre-configured named thing */
	79	unsigned fbits; /* Field size bits */
	80	unsigned gbits; /* Group size bits */
	81	unsigned n; /* Number of factors */
	82	unsigned i; /* Number of intervals (or zero) */
	83	double t; /* Time for each interval (secs) */
e74e12bc MW	84	unsigned f; /* Flags */
e74e12bc MW	85	#define OF_NOCHECK 1u /* Don't do group checking */
e2edda68	86	} opts;
	87
	88	/----- Job switch --------------------------------------------------------/
	89
	90	/* --- Barrett exponentiation --- */
	91
	92	typedef struct bar_ctx {
	93	size_t n;
	94	mpbarrett b;
	95	mp_expfactor *e;
	96	} bar_ctx;
	97
	98	static void bar_init(opts o)
	99	{
	100	bar_ctx *c = CREATE(bar_ctx);
	101	gprime_param gp;
	102	qd_parse qd;
	103	size_t i;
	104
	105	if (o->name) {
	106	qd.p = o->name;
	107	if (dh_parse(&qd, &gp))
	108	die(1, "bad prime group: %s", qd.e);
	109	} else {
	110	if (!o->fbits) o->fbits = 1024;
	111	dh_gen(&gp, o->gbits, o->fbits, 0, &rand_global, pgen_evspin, 0);
	112	}
	113	mpbarrett_create(&c->b, gp.p);
	114	if (!o->n) o->n = 1;
	115	c->n = o->n;
	116	c->e = xmalloc(c->n * sizeof(group_expfactor));
	117	for (i = 0; i < c->n; i++) {
	118	c->e[i].base = mprand_range(MP_NEW, gp.p, &rand_global, 0);
	119	c->e[i].exp = mprand_range(MP_NEW, gp.q, &rand_global, 0);
	120	}
	121	dh_paramfree(&gp);
	122	return (c);
	123	}
	124
	125	static void bar_run(void *cc)
	126	{
	127	bar_ctx *c = cc;
	128	mp *d = mpbarrett_exp(&c->b, MP_NEW, c->e[0].base, c->e[0].exp);
	129	MP_DROP(d);
	130	}
	131
	132	static void barsim_run(void *cc)
	133	{
	134	bar_ctx *c = cc;
	135	mp *d = mpbarrett_mexp(&c->b, MP_NEW, c->e, c->n);
	136	MP_DROP(d);
	137	}
	138
	139	/* --- Montgomery exponentiation --- */
	140
	141	typedef struct mont_ctx {
	142	size_t n;
	143	mpmont m;
	144	mp_expfactor *e;
	145	} mont_ctx;
	146
	147	static void mont_init(opts o)
	148	{
	149	mont_ctx *c = CREATE(mont_ctx);
150	gprime_param gp;
151	qd_parse qd;
152	size_t i;
153
154	if (o->name) {
155	qd.p = o->name;
156	if (dh_parse(&qd, &gp))
157	die(1, "bad prime group: %s", qd.e);
158	} else {
159	if (!o->fbits) o->fbits = 1024;
160	dh_gen(&gp, o->gbits, o->fbits, 0, &rand_global, pgen_evspin, 0);
161	}
162	mpmont_create(&c->m, gp.p);
163	if (!o->n) o->n = 1;
164	c->n = o->n;
165	c->e = xmalloc(c->n * sizeof(mp_expfactor));
166	for (i = 0; i < c->n; i++) {
167	c->e[i].base = mprand_range(MP_NEW, gp.p, &rand_global, 0);
168	c->e[i].exp = mprand_range(MP_NEW, gp.q, &rand_global, 0);
169	}
170	dh_paramfree(&gp);
171	return (c);
172	}
173
174	static void mont_run(void *cc)
175	{
176	mont_ctx *c = cc;
177	mp *d = mpmont_expr(&c->m, MP_NEW, c->e[0].base, c->e[0].exp);
178	MP_DROP(d);
179	}
180
181	static void montsim_run(void *cc)
182	{
183	mont_ctx *c = cc;
184	mp *d = mpmont_mexpr(&c->m, MP_NEW, c->e, c->n);
185	MP_DROP(d);
186	}
187
188	/* --- Group exponentiation --- */
189
190	typedef struct gr_ctx {
191	size_t n;
192	group *g;
193	group_expfactor *e;
194	} gr_ctx;
195
196	static void grp_init(opts o)
197	{
198	gr_ctx *c = CREATE(gr_ctx);
199	const char *e;
200	gprime_param gp;
201	qd_parse qd;
202	size_t i;
203
204	if (o->name) {
205	qd.p = o->name;
206	if (dh_parse(&qd, &gp))
207	die(1, "bad prime group: %s", qd.e);
208	} else {
209	if (!o->fbits) o->fbits = 1024;
210	dh_gen(&gp, o->gbits, o->fbits, 0, &rand_global, pgen_evspin, 0);
211	}
212	c->g = group_prime(&gp);
e74e12bc	213	if (!(o->f & OF_NOCHECK) && (e = G_CHECK(c->g, &rand_global)) != 0)
e2edda68	214	die(1, "bad group: %s", e);
	215	if (!o->n) o->n = 1;
	216	c->n = o->n;
	217	c->e = xmalloc(c->n * sizeof(group_expfactor));
	218	for (i = 0; i < c->n; i++) {
	219	c->e[i].base = G_CREATE(c->g);
	220	G_FROMINT(c->g, c->e[i].base,
	221	mprand_range(MP_NEW, gp.p, &rand_global, 0));
	222	c->e[i].exp = mprand_range(MP_NEW, gp.q, &rand_global, 0);
	223	}
	224	dh_paramfree(&gp);
	225	return (c);
	226	}
	227
	228	static void grec_init(opts o)
	229	{
	230	gr_ctx *c = CREATE(gr_ctx);
	231	const char *e;
	232	ec_info ei;
	233	ec p = EC_INIT;
	234	size_t i;
	235
	236	if (!o->name)
	237	die(1, "can't generate elliptic curves");
	238	if ((e = ec_getinfo(&ei, o->name)) != 0)
	239	die(1, "bad curve: %s", e);
	240	c->g = group_ec(&ei);
e74e12bc	241	if (!(o->f & OF_NOCHECK) && (e = G_CHECK(c->g, &rand_global)) != 0)
e2edda68	242	die(1, "bad group: %s", e);
	243	if (!o->n) o->n = 1;
	244	c->n = o->n;
	245	c->e = xmalloc(c->n * sizeof(group_expfactor));
	246	for (i = 0; i < c->n; i++) {
	247	c->e[i].base = G_CREATE(c->g);
	248	ec_rand(ei.c, &p, &rand_global);
	249	G_FROMEC(c->g, c->e[i].base, &p);
	250	c->e[i].exp = mprand_range(MP_NEW, ei.r, &rand_global, 0);
	251	}
	252	EC_DESTROY(&p);
	253	return (c);
	254	}
	255
	256	static void gr_run(void *cc)
	257	{
	258	gr_ctx *c = cc;
	259	ge *x = G_CREATE(c->g);
	260	G_EXP(c->g, x, c->e[0].base, c->e[0].exp);
	261	G_DESTROY(c->g, x);
	262	}
	263
	264	static void grsim_run(void *cc)
	265	{
	266	gr_ctx *c = cc;
	267	ge *x = G_CREATE(c->g);
	268	G_MEXP(c->g, x, c->e, c->n);
	269	G_DESTROY(c->g, x);
	270	}
	271
	272	/* --- RSA --- */
	273
	274	typedef struct rsapriv_ctx {
	275	rsa_priv rp;
	276	rsa_privctx rpc;
	277	mp *m;
	278	} rsapriv_ctx;
	279
	280	static void rsapriv_init(opts o)
	281	{
	282	rsapriv_ctx *c = CREATE(rsapriv_ctx);
	283
	284	if (!o->fbits) o->fbits = 1024;
	285	rsa_gen(&c->rp, o->fbits, &rand_global, 0, pgen_evspin, 0);
	286	rsa_privcreate(&c->rpc, &c->rp, 0);
	287	c->m = mprand_range(MP_NEW, c->rp.n, &rand_global, 0);
	288	return (c);
	289	}
	290
	291	static void rsaprivblind_init(opts o)
	292	{
	293	rsapriv_ctx *c = CREATE(rsapriv_ctx);
	294
	295	if (!o->fbits) o->fbits = 1024;
	296	rsa_gen(&c->rp, o->fbits, &rand_global, 0, pgen_evspin, 0);
	297	rsa_privcreate(&c->rpc, &c->rp, fibrand_create(0));
	298	c->m = mprand_range(MP_NEW, c->rp.n, &rand_global, 0);
	299	return (c);
	300	}
	301
	302	static void rsapriv_run(void *cc)
	303	{
	304	rsapriv_ctx *c = cc;
	305	mp *d = rsa_privop(&c->rpc, MP_NEW, c->m);
306	MP_DROP(d);
307	}
308
309	typedef struct rsapub_ctx {
310	rsa_pub rp;
311	rsa_pubctx rpc;
312	mp *m;
313	} rsapub_ctx;
314
315	static void rsapub_init(opts o)
316	{
317	rsapub_ctx *c = CREATE(rsapub_ctx);
318	rsa_priv rp;
319
320	if (!o->fbits) o->fbits = 1024;
321	rsa_gen(&rp, o->fbits, &rand_global, 0, pgen_evspin, 0);
322	c->rp.n = MP_COPY(rp.n);
323	c->rp.e = MP_COPY(rp.e);
324	rsa_privfree(&rp);
325	rsa_pubcreate(&c->rpc, &c->rp);
326	c->m = mprand_range(MP_NEW, c->rp.n, &rand_global, 0);
327	return (c);
328	}
329
330	static void rsapub_run(void *cc)
331	{
332	rsapub_ctx *c = cc;
333	mp *d = rsa_pubop(&c->rpc, MP_NEW, c->m);
334	MP_DROP(d);
335	}
336
337	/* --- Symmetric encryption --- */
338
339	typedef struct ksched_ctx {
340	const gccipher *c;
341	octet *k;
342	size_t ksz;
343	} ksched_ctx;
344
345	static void ksched_init(opts o)
346	{
347	ksched_ctx *c = CREATE(ksched_ctx);
348	if (!o->name)
349	die(1, "must specify encryption scheme name");
350	if ((c->c = gcipher_byname(o->name)) == 0)
351	die(1, "encryption scheme `%s' not known", o->name);
352	c->ksz = keysz(o->gbits/8, c->c->keysz);
353	c->k = xmalloc(c->ksz);
354	rand_get(RAND_GLOBAL, c->k, c->ksz);
355	return (c);
356	}
357
358	static void ksched_run(void *cc)
359	{
360	ksched_ctx *c = cc;
361	gcipher *gc = GC_INIT(c->c, c->k, c->ksz);
362	GC_DESTROY(gc);
363	}
364
365	typedef struct enc_ctx {
366	gcipher *c;
367	octet *m;
368	size_t sz;
369	size_t n;
370	} enc_ctx;
371
372	static void enc_init(opts o)
373	{
374	enc_ctx *c = CREATE(enc_ctx);
375	const gccipher *cc;
376	size_t ksz;
377	octet *k;
378	if (!o->name)
379	die(1, "must specify encryption scheme name");
380	if ((cc = gcipher_byname(o->name)) == 0)
381	die(1, "encryption scheme `%s' not known", o->name);
382	ksz = keysz(0, cc->keysz);
383	k = xmalloc(ksz);
384	rand_get(RAND_GLOBAL, k, ksz);
385	c->c = GC_INIT(cc, k, ksz);
386	xfree(k);
387	c->sz = o->gbits ? o->gbits : 65536;
388	c->n = o->n ? o->n : 16;
389	c->m = xmalloc(c->sz);
390	return (c);
391	}
392
393	static void enc_run(void *cc)
394	{
395	enc_ctx *c = cc;
396	size_t i;
397	for (i = 0; i < c->n; i++)
398	GC_ENCRYPT(c->c, c->m, c->m, c->sz);
399	}
400
401	/* --- Hashing --- */
402
403	typedef struct hash_ctx {
404	const gchash *h;
405	octet *m;
406	size_t sz;
407	size_t n;
408	} hash_ctx;
409
410	static void hash_init(opts o)
411	{
412	hash_ctx *c = CREATE(hash_ctx);
413	if (!o->name)
414	die(1, "must specify hash function name");
415	if ((c->h = ghash_byname(o->name)) == 0)
416	die(1, "hash function `%s' not known", o->name);
417	c->sz = o->gbits ? o->gbits : 65536;
418	c->n = o->n ? o->n : 16;
419	c->m = xmalloc(c->sz);
420	return (c);
421	}
422
423	static void hash_run(void *cc)
424	{
425	hash_ctx *c = cc;
426	size_t i;
427	ghash *h = GH_INIT(c->h);
428	for (i = 0; i < c->n; i++)
429	GH_HASH(h, c->m, c->sz);
430	GH_DONE(h, 0);
431	GH_DESTROY(h);
432	}
433
ef7cf21d MW	434	/* --- Poly1305 --- */
	435
	436	typedef struct poly1305_jobctx {
	437	poly1305_key k;
	438	octet s[POLY1305_MASKSZ];
	439	octet *m;
	440	size_t sz;
	441	size_t n;
	442	} poly1305_jobctx;
	443
	444	static void poly1305_jobinit(opts o)
	445	{
	446	octet k[POLY1305_KEYSZ];
	447	poly1305_jobctx *c = CREATE(poly1305_jobctx);
	448	rand_get(RAND_GLOBAL, k, sizeof(k));
	449	poly1305_keyinit(&c->k, k, sizeof(k));
	450	rand_get(RAND_GLOBAL, c->s, sizeof(c->s));
	451	c->sz = o->gbits ? o->gbits : 65536;
	452	c->n = o->n ? o->n : 16;
	453	c->m = xmalloc(c->sz);
	454	return (c);
	455	}
	456
	457	static void poly1305_jobrun(void *cc)
	458	{
	459	poly1305_jobctx *c = cc;
	460	poly1305_ctx ctx;
	461	octet t[POLY1305_TAGSZ];
	462	size_t i;
	463	poly1305_macinit(&ctx, &c->k, c->s);
	464	for (i = 0; i < c->n; i++) poly1305_hash(&ctx, c->m, c->sz);
	465	poly1305_done(&ctx, t);
	466	}
	467
e2edda68	468	/* --- Job table --- */
e2edda68	469
c65df279	470	typedef struct jobops {
e2edda68	471	const char *name;
	472	void (init)(opts *);
	473	void (run)(void );
	474	} jobops;
	475
	476	static const jobops jobtab[] = {
45c0fd36	477	{ "g-prime-exp", grp_init, gr_run },
e2edda68	478	{ "g-ec-mul", grec_init, gr_run },
	479	{ "g-prime-exp-sim", grp_init, grsim_run },
	480	{ "g-ec-mul-sim", grec_init, grsim_run },
	481	{ "barrett-exp", bar_init, bar_run },
	482	{ "barrett-exp-sim", bar_init, barsim_run },
	483	{ "mont-exp", mont_init, mont_run },
	484	{ "mont-exp-sim", mont_init, montsim_run },
	485	{ "rsa-priv", rsapriv_init, rsapriv_run },
	486	{ "rsa-priv-blind", rsaprivblind_init, rsapriv_run },
	487	{ "rsa-pub", rsapub_init, rsapub_run },
	488	{ "ksched", ksched_init, ksched_run },
	489	{ "enc", enc_init, enc_run },
	490	{ "hash", hash_init, hash_run },
ef7cf21d	491	{ "poly1305", poly1305_jobinit, poly1305_jobrun },
e2edda68	492	{ 0, 0, 0 }
	493	};
	494
	495	/----- Main code ---------------------------------------------------------/
	496
c65df279	497	void version(FILE *fp)
e2edda68	498	{
	499	pquis(fp, "$, Catacomb " VERSION "\n");
	500	}
	501
	502	static void usage(FILE *fp)
	503	{
	504	pquis(fp, "Usage: $ [-options] job\n");
	505	}
	506
	507	static void help(FILE *fp)
	508	{
	509	version(fp);
	510	putc('\n', fp);
	511	usage(fp);
	512	pquis(fp, "\n\
	513	Various performance tests.\n\
c65df279	514	\n\
	515	Options:\n\
	516	\n\
	517	-h, --help Show this help text.\n\
	518	-v, --version Show program version number.\n\
	519	-u, --usage Show terse usage message.\n\
	520	-l, --list [ITEM...] List all the various names of things.\n\
	521	\n\
	522	-C, --name=NAME Select curve/DH-group/enc/hash name.\n\
	523	-b, --field-bits Field size for g-prime and rsa.\n\
78614e02	524	-q, --no-check Don't check field/group for validity.\n\
c65df279	525	-B, --group-bits Group size for g-prime; key size for ksched;\n\
	526	data size for enc and hash.\n\
	527	-n, --factors=COUNT Number of factors for {exp,mul}-sim.\n\
	528	-i, --intervals=COUNT Number of intervals to run for. [0; forever]\n\
	529	-t, --time=TIME Length of an interval in seconds. [1]\n\
e2edda68	530	");
	531	}
	532
c65df279	533	#define LISTS(LI) \
	534	LI("Lists", list, \
	535	listtab[i].name, listtab[i].name) \
	536	LI("Jobs", job, \
	537	jobtab[i].name, jobtab[i].name) \
	538	LI("Elliptic curves", ec, \
	539	ectab[i].name, ectab[i].name) \
	540	LI("Diffie-Hellman groups", dh, \
	541	ptab[i].name, ptab[i].name) \
	542	LI("Encryption algorithms", cipher, \
	543	gciphertab[i], gciphertab[i]->name) \
	544	LI("Hash functions", hash, \
	545	ghashtab[i], ghashtab[i]->name)
	546
	547	MAKELISTTAB(listtab, LISTS)
	548
e2edda68	549	static unsigned uarg(const char what, const char p)
	550	{
	551	char *q;
	552	unsigned long u;
	553	errno = 0;
	554	u = strtoul(p, &q, 0);
	555	if (*q \|\| u > UINT_MAX \|\| q == p \|\| errno)
	556	die(1, "bad %s `%s'", what, p);
	557	return (u);
	558	}
	559
	560	static double farg(const char what, const char p)
	561	{
	562	char *q;
	563	double f;
	564	errno = 0;
	565	f = strtod(p, &q);
	566	if (*q \|\| q == p \|\| errno)
	567	die(1, "bad %s `%s'", what, p);
	568	return (f);
	569	}
	570
	571	int main(int argc, char *argv[])
	572	{
	573	int i;
	574	opts o = { 0 };
	575	const jobops *j;
	576	struct timeval tv_next, tv_now;
	577	double t, ttot;
	578	unsigned n;
	579	unsigned long ii;
	580	clock_t c_start, c_stop;
	581	double itot;
	582	void *p;
	583
	584	ego(argv[0]);
	585	o.t = 1;
	586	for (;;) {
	587	static const struct option opts[] = {
	588	{ "help", 0, 0, 'h' },
	589	{ "version", 0, 0, 'v' },
	590	{ "usage", 0, 0, 'u' },
c65df279	591	{ "list", 0, 0, 'l' },
e2edda68	592	{ "name", OPTF_ARGREQ, 0, 'C' },
	593	{ "field-bits", OPTF_ARGREQ, 0, 'b' },
	594	{ "group-bits", OPTF_ARGREQ, 0, 'B' },
	595	{ "factors", OPTF_ARGREQ, 0, 'n' },
	596	{ "intervals", OPTF_ARGREQ, 0, 'i' },
	597	{ "time", OPTF_ARGREQ, 0, 't' },
e74e12bc	598	{ "no-check", 0, 0, 'q' },
e2edda68	599	{ 0, 0, 0, 0 }
	600	};
	601
e74e12bc	602	i = mdwopt(argc, argv, "hvulC:b:B:n:i:t:q", opts, 0, 0, 0);
e2edda68	603	if (i < 0) break;
	604	switch (i) {
	605	case 'h': help(stdout); exit(0);
	606	case 'v': version(stdout); exit(0);
	607	case 'u': usage(stdout); exit(0);
c65df279	608	case 'l': exit(displaylists(listtab, argv + optind));
e2edda68	609	case 'C': o.name = optarg; break;
	610	case 'b': o.fbits = uarg("field bits", optarg); break;
	611	case 'B': o.gbits = uarg("subgroup bits", optarg); break;
	612	case 'n': o.n = uarg("factor count", optarg); break;
	613	case 'i': o.i = uarg("interval count", optarg); break;
	614	case 't': o.t = farg("interval length", optarg); break;
e74e12bc	615	case 'q': o.f \|= OF_NOCHECK; break;
e2edda68	616	default: usage(stderr); exit(1);
	617	}
	618	}
	619	if (optind + 1 != argc) { usage(stderr); exit(1); }
	620
	621	for (j = jobtab; j->name; j++)
	622	if (strcmp(j->name, argv[optind]) == 0) break;
	623	if (!j->name) die(1, "unknown job type `%s'", argv[optind]);
	624	p = j->init(&o);
	625
	626	n = 0;
45c0fd36	627	ttot = itot = 0;
e2edda68	628	gettimeofday(&tv_now, 0);
	629	do {
	630	tv_addl(&tv_next, &tv_now, o.t, fmod(o.t * MILLION, MILLION));
	631	ii = 0;
	632	c_start = clock();
	633	do {
	634	j->run(p);
	635	ii++;
	636	gettimeofday(&tv_now, 0);
	637	} while (TV_CMP(&tv_now, <, &tv_next));
	638	c_stop = clock();
	639	t = (double)(c_stop - c_start)/CLOCKS_PER_SEC;
	640	itot += ii;
	641	ttot += t;
	642	printf("%5u: did = %5lu; /sec = %5f; avg /sec = %5f\n",
	643	n, ii, ii/t, itot/ttot);
	644	fflush(stdout);
	645	n++;
	646	} while (!o.i \|\| n < o.i);
	647
	648	return (0);
	649	}
	650
	651	/----- That's all, folks -------------------------------------------------/