3 * Measure performance of various operations (Unix-specific)
5 * (c) 2004 Straylight/Edgeware
8 /*----- Licensing notice --------------------------------------------------*
10 * This file is part of Catacomb.
12 * Catacomb is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU Library General Public License as
14 * published by the Free Software Foundation; either version 2 of the
15 * License, or (at your option) any later version.
17 * Catacomb is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU Library General Public License for more details.
22 * You should have received a copy of the GNU Library General Public
23 * License along with Catacomb; if not, write to the Free
24 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
28 /*----- Header files ------------------------------------------------------*/
30 #define _FILE_OFFSET_BITS 64
42 #include <sys/types.h>
46 #include <mLib/alloc.h>
47 #include <mLib/dstr.h>
48 #include <mLib/mdwopt.h>
49 #include <mLib/quis.h>
50 #include <mLib/report.h>
62 #include "mpbarrett.h"
81 /*----- Options -----------------------------------------------------------*/
84 const char *name; /* Pre-configured named thing */
85 unsigned fbits; /* Field size bits */
86 unsigned gbits; /* Group size bits */
87 unsigned n; /* Number of factors */
88 unsigned i; /* Number of intervals (or zero) */
89 unsigned k; /* Main loop batch size */
90 double t; /* Time for each interval (secs) */
91 mp *e; /* Public exponent */
92 unsigned f; /* Flags */
93 #define OF_NOCHECK 1u /* Don't do group checking */
96 /*----- Job switch --------------------------------------------------------*/
98 /* --- Barrett exponentiation --- */
100 typedef struct bar_ctx {
106 static void *bar_init(opts *o)
108 bar_ctx *c = CREATE(bar_ctx);
115 if (dh_parse(&qd, &gp))
116 die(1, "bad prime group: %s", qd.e);
118 if (!o->fbits) o->fbits = 1024;
119 dh_gen(&gp, o->gbits, o->fbits, 0, &rand_global, pgen_evspin, 0);
121 mpbarrett_create(&c->b, gp.p);
124 c->e = xmalloc(c->n * sizeof(group_expfactor));
125 for (i = 0; i < c->n; i++) {
126 c->e[i].base = mprand_range(MP_NEW, gp.p, &rand_global, 0);
127 c->e[i].exp = mprand_range(MP_NEW, gp.q, &rand_global, 0);
133 static void bar_run(void *cc)
136 mp *d = mpbarrett_exp(&c->b, MP_NEW, c->e[0].base, c->e[0].exp);
140 static void barsim_run(void *cc)
143 mp *d = mpbarrett_mexp(&c->b, MP_NEW, c->e, c->n);
147 /* --- Montgomery exponentiation --- */
149 typedef struct mont_ctx {
155 static void *mont_init(opts *o)
157 mont_ctx *c = CREATE(mont_ctx);
164 if (dh_parse(&qd, &gp))
165 die(1, "bad prime group: %s", qd.e);
167 if (!o->fbits) o->fbits = 1024;
168 dh_gen(&gp, o->gbits, o->fbits, 0, &rand_global, pgen_evspin, 0);
170 mpmont_create(&c->m, gp.p);
173 c->e = xmalloc(c->n * sizeof(mp_expfactor));
174 for (i = 0; i < c->n; i++) {
175 c->e[i].base = mprand_range(MP_NEW, gp.p, &rand_global, 0);
176 c->e[i].exp = mprand_range(MP_NEW, gp.q, &rand_global, 0);
182 static void mont_run(void *cc)
185 mp *d = mpmont_expr(&c->m, MP_NEW, c->e[0].base, c->e[0].exp);
189 static void montsim_run(void *cc)
192 mp *d = mpmont_mexpr(&c->m, MP_NEW, c->e, c->n);
196 /* --- Group exponentiation --- */
198 typedef struct gr_ctx {
204 static void *grp_init(opts *o)
206 gr_ctx *c = CREATE(gr_ctx);
214 if (dh_parse(&qd, &gp))
215 die(1, "bad prime group: %s", qd.e);
217 if (!o->fbits) o->fbits = 1024;
218 dh_gen(&gp, o->gbits, o->fbits, 0, &rand_global, pgen_evspin, 0);
220 c->g = group_prime(&gp);
221 if (!(o->f & OF_NOCHECK) && (e = G_CHECK(c->g, &rand_global)) != 0)
222 die(1, "bad group: %s", e);
225 c->e = xmalloc(c->n * sizeof(group_expfactor));
226 for (i = 0; i < c->n; i++) {
227 c->e[i].base = G_CREATE(c->g);
228 G_FROMINT(c->g, c->e[i].base,
229 mprand_range(MP_NEW, gp.p, &rand_global, 0));
230 c->e[i].exp = mprand_range(MP_NEW, gp.q, &rand_global, 0);
236 static void *grec_init(opts *o)
238 gr_ctx *c = CREATE(gr_ctx);
245 die(1, "can't generate elliptic curves");
246 if ((e = ec_getinfo(&ei, o->name)) != 0)
247 die(1, "bad curve: %s", e);
248 c->g = group_ec(&ei);
249 if (!(o->f & OF_NOCHECK) && (e = G_CHECK(c->g, &rand_global)) != 0)
250 die(1, "bad group: %s", e);
253 c->e = xmalloc(c->n * sizeof(group_expfactor));
254 for (i = 0; i < c->n; i++) {
255 c->e[i].base = G_CREATE(c->g);
256 ec_rand(ei.c, &p, &rand_global);
257 G_FROMEC(c->g, c->e[i].base, &p);
258 c->e[i].exp = mprand_range(MP_NEW, ei.r, &rand_global, 0);
264 static void gr_run(void *cc)
267 ge *x = G_CREATE(c->g);
268 G_EXP(c->g, x, c->e[0].base, c->e[0].exp);
272 static void grsim_run(void *cc)
275 ge *x = G_CREATE(c->g);
276 G_MEXP(c->g, x, c->e, c->n);
282 typedef struct x25519_jobctx {
283 octet k[X25519_KEYSZ];
284 octet p[X25519_PUBSZ];
287 static void *x25519_jobinit(opts *o)
289 x25519_jobctx *c = CREATE(x25519_jobctx);
290 rand_get(RAND_GLOBAL, c->k, sizeof(c->k));
291 rand_get(RAND_GLOBAL, c->p, sizeof(c->p));
295 static void x25519_jobrun(void *cc)
296 { x25519_jobctx *c = cc; octet z[X25519_OUTSZ]; x25519(z, c->k, c->p); }
300 typedef struct x448_jobctx {
305 static void *x448_jobinit(opts *o)
307 x448_jobctx *c = CREATE(x448_jobctx);
308 rand_get(RAND_GLOBAL, c->k, sizeof(c->k));
309 rand_get(RAND_GLOBAL, c->p, sizeof(c->p));
313 static void x448_jobrun(void *cc)
314 { x448_jobctx *c = cc; octet z[X448_OUTSZ]; x448(z, c->k, c->p); }
316 /* --- Ed25519 --- */
318 typedef struct ed25519_signctx {
319 octet k[ED25519_KEYSZ];
320 octet K[ED25519_PUBSZ];
324 typedef struct ed25519_vrfctx {
325 octet K[ED25519_PUBSZ];
327 octet sig[ED25519_SIGSZ];
330 static void *ed25519_signinit(opts *o)
332 ed25519_signctx *c = CREATE(ed25519_signctx);
334 rand_get(RAND_GLOBAL, c->k, sizeof(c->k));
335 rand_get(RAND_GLOBAL, c->m, sizeof(c->m));
336 ed25519_pubkey(c->K, c->k, sizeof(c->k));
340 static void ed25519_signrun(void *cc)
342 ed25519_signctx *c = cc;
343 octet sig[ED25519_SIGSZ];
345 ed25519_sign(sig, c->k, sizeof(c->k), c->K, c->m, sizeof(c->m));
348 static void *ed25519_vrfinit(opts *o)
350 octet k[ED25519_KEYSZ];
351 ed25519_vrfctx *c = CREATE(ed25519_vrfctx);
353 rand_get(RAND_GLOBAL, k, sizeof(k));
354 rand_get(RAND_GLOBAL, c->m, sizeof(c->m));
355 ed25519_pubkey(c->K, k, sizeof(k));
356 ed25519_sign(c->sig, k, sizeof(k), c->K, c->m, sizeof(c->m));
360 static void ed25519_vrfrun(void *cc)
362 ed25519_vrfctx *c = cc;
363 ed25519_verify(c->K, c->m, sizeof(c->m), c->sig);
368 typedef struct ed448_signctx {
369 octet k[ED448_KEYSZ];
370 octet K[ED448_PUBSZ];
374 typedef struct ed448_vrfctx {
375 octet K[ED448_PUBSZ];
377 octet sig[ED448_SIGSZ];
380 static void *ed448_signinit(opts *o)
382 ed448_signctx *c = CREATE(ed448_signctx);
384 rand_get(RAND_GLOBAL, c->k, sizeof(c->k));
385 rand_get(RAND_GLOBAL, c->m, sizeof(c->m));
386 ed448_pubkey(c->K, c->k, sizeof(c->k));
390 static void ed448_signrun(void *cc)
392 ed448_signctx *c = cc;
393 octet sig[ED448_SIGSZ];
395 ed448_sign(sig, c->k, sizeof(c->k), c->K, 0, 0, 0, c->m, sizeof(c->m));
398 static void *ed448_vrfinit(opts *o)
400 octet k[ED448_KEYSZ];
401 ed448_vrfctx *c = CREATE(ed448_vrfctx);
403 rand_get(RAND_GLOBAL, k, sizeof(k));
404 rand_get(RAND_GLOBAL, c->m, sizeof(c->m));
405 ed448_pubkey(c->K, k, sizeof(k));
406 ed448_sign(c->sig, k, sizeof(k), c->K, 0, 0, 0, c->m, sizeof(c->m));
410 static void ed448_vrfrun(void *cc)
412 ed448_vrfctx *c = cc;
413 ed448_verify(c->K, 0, 0, 0, c->m, sizeof(c->m), c->sig);
418 typedef struct rsapriv_ctx {
424 static void *rsapriv_init(opts *o)
426 rsapriv_ctx *c = CREATE(rsapriv_ctx);
428 if (!o->fbits) o->fbits = 1024;
429 if (!o->e) o->e = mp_fromulong(MP_NEW, 65537);
430 rsa_gen_e(&c->rp, o->fbits, o->e, &rand_global, 0, pgen_evspin, 0);
431 rsa_privcreate(&c->rpc, &c->rp, 0);
432 c->m = mprand_range(MP_NEW, c->rp.n, &rand_global, 0);
436 static void *rsaprivblind_init(opts *o)
438 rsapriv_ctx *c = CREATE(rsapriv_ctx);
440 if (!o->fbits) o->fbits = 1024;
441 if (!o->e) o->e = mp_fromulong(MP_NEW, 65537);
442 rsa_gen_e(&c->rp, o->fbits, o->e, &rand_global, 0, pgen_evspin, 0);
443 rsa_privcreate(&c->rpc, &c->rp, fibrand_create(0));
444 c->m = mprand_range(MP_NEW, c->rp.n, &rand_global, 0);
448 static void rsapriv_run(void *cc)
451 mp *d = rsa_privop(&c->rpc, MP_NEW, c->m);
455 typedef struct rsapub_ctx {
461 static void *rsapub_init(opts *o)
463 rsapub_ctx *c = CREATE(rsapub_ctx);
466 if (!o->fbits) o->fbits = 1024;
467 if (!o->e) o->e = mp_fromulong(MP_NEW, 65537);
468 rsa_gen_e(&rp, o->fbits, o->e, &rand_global, 0, pgen_evspin, 0);
469 c->rp.n = MP_COPY(rp.n);
470 c->rp.e = MP_COPY(rp.e);
472 rsa_pubcreate(&c->rpc, &c->rp);
473 c->m = mprand_range(MP_NEW, c->rp.n, &rand_global, 0);
477 static void rsapub_run(void *cc)
480 mp *d = rsa_pubop(&c->rpc, MP_NEW, c->m);
484 /* --- Symmetric encryption --- */
486 typedef struct ksched_ctx {
492 static void *ksched_init(opts *o)
494 ksched_ctx *c = CREATE(ksched_ctx);
496 die(1, "must specify encryption scheme name");
497 if ((c->c = gcipher_byname(o->name)) == 0)
498 die(1, "encryption scheme `%s' not known", o->name);
499 c->ksz = keysz(o->fbits/8, c->c->keysz);
500 if (o->fbits%8 || (o->fbits && c->ksz != o->fbits/8))
501 die(1, "bad key size %u for %s", o->fbits, o->name);
502 c->k = xmalloc(c->ksz);
503 rand_get(RAND_GLOBAL, c->k, c->ksz);
507 static void ksched_run(void *cc)
510 gcipher *gc = GC_INIT(c->c, c->k, c->ksz);
514 typedef struct enc_ctx {
521 static void *enc_init(opts *o)
523 enc_ctx *c = CREATE(enc_ctx);
528 die(1, "must specify encryption scheme name");
529 if ((cc = gcipher_byname(o->name)) == 0)
530 die(1, "encryption scheme `%s' not known", o->name);
531 ksz = keysz(o->fbits/8, cc->keysz);
532 if (o->fbits%8 || (o->fbits && ksz != o->fbits/8))
533 die(1, "bad key size %u for %s", o->fbits, o->name);
535 rand_get(RAND_GLOBAL, k, ksz);
536 c->c = GC_INIT(cc, k, ksz);
538 c->sz = o->gbits ? o->gbits : 65536;
539 c->n = o->n ? o->n : 16;
540 c->m = xmalloc(c->sz);
544 static void enc_run(void *cc)
548 for (i = 0; i < c->n; i++)
549 GC_ENCRYPT(c->c, c->m, c->m, c->sz);
552 /* --- Hashing --- */
554 typedef struct hash_ctx {
561 static void *hash_init(opts *o)
563 hash_ctx *c = CREATE(hash_ctx);
565 die(1, "must specify hash function name");
566 if ((c->h = ghash_byname(o->name)) == 0)
567 die(1, "hash function `%s' not known", o->name);
568 c->sz = o->gbits ? o->gbits : 65536;
569 c->n = o->n ? o->n : 16;
570 c->m = xmalloc(c->sz);
574 static void hash_run(void *cc)
578 ghash *h = GH_INIT(c->h);
579 for (i = 0; i < c->n; i++)
580 GH_HASH(h, c->m, c->sz);
585 /* --- Poly1305 --- */
587 typedef struct poly1305_jobctx {
589 octet s[POLY1305_MASKSZ];
595 static void *poly1305_jobinit(opts *o)
597 octet k[POLY1305_KEYSZ];
598 poly1305_jobctx *c = CREATE(poly1305_jobctx);
599 rand_get(RAND_GLOBAL, k, sizeof(k));
600 poly1305_keyinit(&c->k, k, sizeof(k));
601 rand_get(RAND_GLOBAL, c->s, sizeof(c->s));
602 c->sz = o->gbits ? o->gbits : 65536;
603 c->n = o->n ? o->n : 16;
604 c->m = xmalloc(c->sz);
608 static void poly1305_jobrun(void *cc)
610 poly1305_jobctx *c = cc;
612 octet t[POLY1305_TAGSZ];
614 poly1305_macinit(&ctx, &c->k, c->s);
615 for (i = 0; i < c->n; i++) poly1305_hash(&ctx, c->m, c->sz);
616 poly1305_done(&ctx, t);
619 /* --- Job table --- */
621 typedef struct jobops {
623 void *(*init)(opts *);
627 static const jobops jobtab[] = {
628 { "g-prime-exp", grp_init, gr_run },
629 { "g-ec-mul", grec_init, gr_run },
630 { "g-prime-exp-sim", grp_init, grsim_run },
631 { "g-ec-mul-sim", grec_init, grsim_run },
632 { "barrett-exp", bar_init, bar_run },
633 { "barrett-exp-sim", bar_init, barsim_run },
634 { "mont-exp", mont_init, mont_run },
635 { "mont-exp-sim", mont_init, montsim_run },
636 { "rsa-priv", rsapriv_init, rsapriv_run },
637 { "rsa-priv-blind", rsaprivblind_init, rsapriv_run },
638 { "rsa-pub", rsapub_init, rsapub_run },
639 { "x25519", x25519_jobinit, x25519_jobrun },
640 { "x448", x448_jobinit, x448_jobrun },
641 { "ed25519-sign", ed25519_signinit, ed25519_signrun },
642 { "ed25519-vrf", ed25519_vrfinit, ed25519_vrfrun },
643 { "ed448-sign", ed448_signinit, ed448_signrun },
644 { "ed448-vrf", ed448_vrfinit, ed448_vrfrun },
645 { "ksched", ksched_init, ksched_run },
646 { "enc", enc_init, enc_run },
647 { "hash", hash_init, hash_run },
648 { "poly1305", poly1305_jobinit, poly1305_jobrun },
652 /*----- Main code ---------------------------------------------------------*/
654 void version(FILE *fp)
656 pquis(fp, "$, Catacomb " VERSION "\n");
659 static void usage(FILE *fp)
661 pquis(fp, "Usage: $ [-options] job\n");
664 static void help(FILE *fp)
670 Various performance tests.\n\
674 -h, --help Show this help text.\n\
675 -v, --version Show program version number.\n\
676 -u, --usage Show terse usage message.\n\
677 -l, --list [ITEM...] List all the various names of things.\n\
679 -C, --name=NAME Select curve/DH-group/enc/hash name.\n\
680 -b, --field-bits Field size for g-prime and rsa;\n\
681 key bits for ksched and enc.\n\
682 -q, --no-check Don't check field/group for validity.\n\
683 -B, --group-bits Group size for g-prime; data size for enc and hash.\n\
684 -n, --factors=COUNT Number of factors for {exp,mul}-sim;\n\
685 inner iterations for enc and hash.\n\
686 -i, --intervals=COUNT Number of intervals to run for. [0; forever]\n\
687 -k, --batch=COUNT Number of operations to batch between timer checks.\n\
688 -t, --time=TIME Length of an interval in seconds. [1]\n\
694 listtab[i].name, listtab[i].name) \
696 jobtab[i].name, jobtab[i].name) \
697 LI("Elliptic curves", ec, \
698 ectab[i].name, ectab[i].name) \
699 LI("Diffie-Hellman groups", dh, \
700 ptab[i].name, ptab[i].name) \
701 LI("Encryption algorithms", cipher, \
702 gciphertab[i], gciphertab[i]->name) \
703 LI("Hash functions", hash, \
704 ghashtab[i], ghashtab[i]->name)
706 MAKELISTTAB(listtab, LISTS)
708 static unsigned uarg(const char *what, const char *p)
713 u = strtoul(p, &q, 0);
714 if (*q || u > UINT_MAX || q == p || errno)
715 die(1, "bad %s `%s'", what, p);
719 static mp *mparg(const char *what, const char *p)
722 mp *x = mp_readstring(MP_NEW, p, &q, 0);
723 if (!x || *q) die(1, "bad %s `%s'", what, p);
727 static double farg(const char *what, const char *p)
733 if (*q || q == p || errno)
734 die(1, "bad %s `%s'", what, p);
738 int main(int argc, char *argv[])
743 struct timeval tv_next, tv_now;
754 static const struct option opts[] = {
755 { "help", 0, 0, 'h' },
756 { "version", 0, 0, 'v' },
757 { "usage", 0, 0, 'u' },
758 { "list", 0, 0, 'l' },
759 { "name", OPTF_ARGREQ, 0, 'C' },
760 { "field-bits", OPTF_ARGREQ, 0, 'b' },
761 { "group-bits", OPTF_ARGREQ, 0, 'B' },
762 { "factors", OPTF_ARGREQ, 0, 'n' },
763 { "intervals", OPTF_ARGREQ, 0, 'i' },
764 { "batch", OPTF_ARGREQ, 0, 'k' },
765 { "public-exponent", OPTF_ARGREQ, 0, 'e' },
766 { "time", OPTF_ARGREQ, 0, 't' },
767 { "no-check", 0, 0, 'q' },
771 i = mdwopt(argc, argv, "hvulC:b:B:n:i:k:e:t:q", opts, 0, 0, 0);
774 case 'h': help(stdout); exit(0);
775 case 'v': version(stdout); exit(0);
776 case 'u': usage(stdout); exit(0);
777 case 'l': exit(displaylists(listtab, argv + optind));
778 case 'C': o.name = optarg; break;
779 case 'b': o.fbits = uarg("field bits", optarg); break;
780 case 'B': o.gbits = uarg("subgroup bits", optarg); break;
781 case 'n': o.n = uarg("factor count", optarg); break;
783 mp_drop(o.e); o.e = mparg("public exponent", optarg);
784 if (MP_CMP(o.e, <, MP_THREE) || MP_EVENP(o.e))
785 die(1, "invalid public exponent");
787 case 'i': o.i = uarg("interval count", optarg); break;
788 case 't': o.t = farg("interval length", optarg); break;
789 case 'k': o.k = uarg("batch size", optarg); break;
790 case 'q': o.f |= OF_NOCHECK; break;
791 default: usage(stderr); exit(1);
794 if (optind + 1 != argc) { usage(stderr); exit(1); }
796 for (j = jobtab; j->name; j++)
797 if (strcmp(j->name, argv[optind]) == 0) break;
798 if (!j->name) die(1, "unknown job type `%s'", argv[optind]);
803 gettimeofday(&tv_now, 0);
805 tv_addl(&tv_next, &tv_now, o.t, fmod(o.t * MILLION, MILLION));
809 for (k = 0; k < o.k; k++) { j->run(p); }
811 gettimeofday(&tv_now, 0);
812 } while (TV_CMP(&tv_now, <, &tv_next));
814 printf("%5u: did = %5lu; /sec = %5f; avg /sec = %5f\n",
815 t = (double)(c1 - c0)/CLOCKS_PER_SEC;
816 itot += ii; ttot += t;
817 n, ii, ii/t, itot/ttot);
820 } while (!o.i || n < o.i);
825 /*----- That's all, folks -------------------------------------------------*/