[catacomb] / progs / perftest.c

/* -*-c-*-
 *
 * Measure performance of various operations (Unix-specific)
 *
 * (c) 2004 Straylight/Edgeware
 */

/*----- Licensing notice --------------------------------------------------*
 *
 * This file is part of Catacomb.
 *
 * Catacomb is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Library General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 *
 * Catacomb is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Library General Public License for more details.
 *
 * You should have received a copy of the GNU Library General Public
 * License along with Catacomb; if not, write to the Free
 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
 * MA 02111-1307, USA.
 */

/*----- Header files ------------------------------------------------------*/

#define _FILE_OFFSET_BITS 64

#include "config.h"

#include <errno.h>
#include <limits.h>
#include <math.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <time.h>

#include <sys/types.h>
#include <sys/time.h>
#include <unistd.h>

#ifdef HAVE_LINUX_PERF_EVENT_H
#  include <linux/perf_event.h>
#  include <asm/unistd.h>
#endif

#include <mLib/alloc.h>
#include <mLib/bits.h>
#include <mLib/dstr.h>
#include <mLib/macros.h>
#include <mLib/mdwopt.h>
#include <mLib/quis.h>
#include <mLib/report.h>
#include <mLib/sub.h>
#include <mLib/tv.h>

#include "rand.h"
#include "mp.h"
#include "mprand.h"
#include "fibrand.h"
#include "rsa.h"
#include "mpint.h"
#include "mptext.h"
#include "mpmont.h"
#include "mpbarrett.h"
#include "dh.h"
#include "pgen.h"
#include "ec.h"
#include "group.h"
#include "x25519.h"
#include "x448.h"
#include "ed25519.h"
#include "ed448.h"

#include "cc.h"
#include "gaead.h"
#include "gcipher.h"
#include "ghash.h"
#include "gmac.h"
#include "poly1305.h"

#include "ectab.h"
#include "ptab.h"

/*----- Options -----------------------------------------------------------*/

typedef struct opts {
  const char *name;                     /* Pre-configured named thing */
  const char *opwhat;                   /* What to call operations */
  unsigned fbits;                       /* Field size bits */
  unsigned gbits;                       /* Group size bits */
  unsigned n;                           /* Number of factors */
  unsigned i;                           /* Number of intervals (or zero) */
  unsigned k;                           /* Main loop batch size */
  unsigned long sc;                     /* Scale factor */
  double t;                             /* Time for each interval (secs) */
  mp *e;                                /* Public exponent */
  unsigned f;                           /* Flags */
#define OF_NOCHECK 1u                   /*   Don't do group checking */
} opts;

/*----- Job switch --------------------------------------------------------*/

/* --- Barrett exponentiation --- */

typedef struct bar_ctx {
  size_t n;
  mpbarrett b;
  mp_expfactor *e;
} bar_ctx;

static void *bar_init(opts *o)
{
  bar_ctx *c = CREATE(bar_ctx);
  gprime_param gp;
  qd_parse qd;
  size_t i;

  if (o->name) {
    qd.p = o->name;
    if (dh_parse(&qd, &gp))
      die(1, "bad prime group: %s", qd.e);
  } else {
    if (!o->fbits) o->fbits = 1024;
    dh_gen(&gp, o->gbits, o->fbits, 0, &rand_global, pgen_evspin, 0);
  }
  mpbarrett_create(&c->b, gp.p);
  if (!o->n) o->n = 1;
  c->n = o->n;
  c->e = xmalloc(c->n * sizeof(group_expfactor));
  for (i = 0; i < c->n; i++) {
    c->e[i].base = mprand_range(MP_NEW, gp.p, &rand_global, 0);
    c->e[i].exp = mprand_range(MP_NEW, gp.q, &rand_global, 0);
  }
  dh_paramfree(&gp);
  return (c);
}

static void bar_run(void *cc)
{
  bar_ctx *c = cc;
  mp *d = mpbarrett_exp(&c->b, MP_NEW, c->e[0].base, c->e[0].exp);
  MP_DROP(d);
}

static void barsim_run(void *cc)
{
  bar_ctx *c = cc;
  mp *d = mpbarrett_mexp(&c->b, MP_NEW, c->e, c->n);
  MP_DROP(d);
}

/* --- Montgomery exponentiation --- */

typedef struct mont_ctx {
  size_t n;
  mpmont m;
  mp_expfactor *e;
} mont_ctx;

static void *mont_init(opts *o)
{
  mont_ctx *c = CREATE(mont_ctx);
  gprime_param gp;
  qd_parse qd;
  size_t i;

  if (o->name) {
    qd.p = o->name;
    if (dh_parse(&qd, &gp))
      die(1, "bad prime group: %s", qd.e);
  } else {
    if (!o->fbits) o->fbits = 1024;
    dh_gen(&gp, o->gbits, o->fbits, 0, &rand_global, pgen_evspin, 0);
  }
  mpmont_create(&c->m, gp.p);
  if (!o->n) o->n = 1;
  c->n = o->n;
  c->e = xmalloc(c->n * sizeof(mp_expfactor));
  for (i = 0; i < c->n; i++) {
    c->e[i].base = mprand_range(MP_NEW, gp.p, &rand_global, 0);
    c->e[i].exp = mprand_range(MP_NEW, gp.q, &rand_global, 0);
  }
  dh_paramfree(&gp);
  return (c);
}

static void mont_run(void *cc)
{
  mont_ctx *c = cc;
  mp *d = mpmont_expr(&c->m, MP_NEW, c->e[0].base, c->e[0].exp);
  MP_DROP(d);
}

static void montsim_run(void *cc)
{
  mont_ctx *c = cc;
  mp *d = mpmont_mexpr(&c->m, MP_NEW, c->e, c->n);
  MP_DROP(d);
}

/* --- Group exponentiation --- */

typedef struct gr_ctx {
  size_t n;
  group *g;
  group_expfactor *e;
} gr_ctx;

static void *grp_init(opts *o)
{
  gr_ctx *c = CREATE(gr_ctx);
  const char *e;
  gprime_param gp;
  qd_parse qd;
  size_t i;

  if (o->name) {
    qd.p = o->name;
    if (dh_parse(&qd, &gp))
      die(1, "bad prime group: %s", qd.e);
  } else {
    if (!o->fbits) o->fbits = 1024;
    dh_gen(&gp, o->gbits, o->fbits, 0, &rand_global, pgen_evspin, 0);
  }
  c->g = group_prime(&gp);
  if (!(o->f & OF_NOCHECK) && (e = G_CHECK(c->g, &rand_global)) != 0)
    die(1, "bad group: %s", e);
  if (!o->n) o->n = 1;
  c->n = o->n;
  c->e = xmalloc(c->n * sizeof(group_expfactor));
  for (i = 0; i < c->n; i++) {
    c->e[i].base = G_CREATE(c->g);
    G_FROMINT(c->g, c->e[i].base,
              mprand_range(MP_NEW, gp.p, &rand_global, 0));
    c->e[i].exp = mprand_range(MP_NEW, gp.q, &rand_global, 0);
  }
  dh_paramfree(&gp);
  return (c);
}

static void *grec_init(opts *o)
{
  gr_ctx *c = CREATE(gr_ctx);
  const char *e;
  ec_info ei;
  ec p = EC_INIT;
  size_t i;

  if (!o->name)
    die(1, "can't generate elliptic curves");
  if ((e = ec_getinfo(&ei, o->name)) != 0)
    die(1, "bad curve: %s", e);
  c->g = group_ec(&ei);
  if (!(o->f & OF_NOCHECK) && (e = G_CHECK(c->g, &rand_global)) != 0)
    die(1, "bad group: %s", e);
  if (!o->n) o->n = 1;
  c->n = o->n;
  c->e = xmalloc(c->n * sizeof(group_expfactor));
  for (i = 0; i < c->n; i++) {
    c->e[i].base = G_CREATE(c->g);
    ec_rand(ei.c, &p, &rand_global);
    G_FROMEC(c->g, c->e[i].base, &p);
    c->e[i].exp = mprand_range(MP_NEW, ei.r, &rand_global, 0);
  }
  EC_DESTROY(&p);
  return (c);
}

static void gr_run(void *cc)
{
  gr_ctx *c = cc;
  ge *x = G_CREATE(c->g);
  G_EXP(c->g, x, c->e[0].base, c->e[0].exp);
  G_DESTROY(c->g, x);
}

static void grsim_run(void *cc)
{
  gr_ctx *c = cc;
  ge *x = G_CREATE(c->g);
  G_MEXP(c->g, x, c->e, c->n);
  G_DESTROY(c->g, x);
}

/* --- x25519 --- */

typedef struct x25519_jobctx {
  octet k[X25519_KEYSZ];
  octet p[X25519_PUBSZ];
} x25519_jobctx;

static void *x25519_jobinit(opts *o)
{
  x25519_jobctx *c = CREATE(x25519_jobctx);
  rand_get(RAND_GLOBAL, c->k, sizeof(c->k));
  rand_get(RAND_GLOBAL, c->p, sizeof(c->p));
  return (c);
}

static void x25519_jobrun(void *cc)
  { x25519_jobctx *c = cc; octet z[X25519_OUTSZ]; x25519(z, c->k, c->p); }

/* --- x448 --- */

typedef struct x448_jobctx {
  octet k[X448_KEYSZ];
  octet p[X448_PUBSZ];
} x448_jobctx;

static void *x448_jobinit(opts *o)
{
  x448_jobctx *c = CREATE(x448_jobctx);
  rand_get(RAND_GLOBAL, c->k, sizeof(c->k));
  rand_get(RAND_GLOBAL, c->p, sizeof(c->p));
  return (c);
}

static void x448_jobrun(void *cc)
  { x448_jobctx *c = cc; octet z[X448_OUTSZ]; x448(z, c->k, c->p); }

/* --- Ed25519 --- */

typedef struct ed25519_signctx {
  octet k[ED25519_KEYSZ];
  octet K[ED25519_PUBSZ];
  octet m[64];
} ed25519_signctx;

typedef struct ed25519_vrfctx {
  octet K[ED25519_PUBSZ];
  octet m[64];
  octet sig[ED25519_SIGSZ];
} ed25519_vrfctx;

static void *ed25519_signinit(opts *o)
{
  ed25519_signctx *c = CREATE(ed25519_signctx);

  rand_get(RAND_GLOBAL, c->k, sizeof(c->k));
  rand_get(RAND_GLOBAL, c->m, sizeof(c->m));
  ed25519_pubkey(c->K, c->k, sizeof(c->k));
  return (c);
}

static void ed25519_signrun(void *cc)
{
  ed25519_signctx *c = cc;
  octet sig[ED25519_SIGSZ];

  ed25519_sign(sig, c->k, sizeof(c->k), c->K, c->m, sizeof(c->m));
}

static void *ed25519_vrfinit(opts *o)
{
  octet k[ED25519_KEYSZ];
  ed25519_vrfctx *c = CREATE(ed25519_vrfctx);

  rand_get(RAND_GLOBAL, k, sizeof(k));
  rand_get(RAND_GLOBAL, c->m, sizeof(c->m));
  ed25519_pubkey(c->K, k, sizeof(k));
  ed25519_sign(c->sig, k, sizeof(k), c->K, c->m, sizeof(c->m));
  return (c);
}

static void ed25519_vrfrun(void *cc)
{
  ed25519_vrfctx *c = cc;
  ed25519_verify(c->K, c->m, sizeof(c->m), c->sig);
}

/* --- Ed448 --- */

typedef struct ed448_signctx {
  octet k[ED448_KEYSZ];
  octet K[ED448_PUBSZ];
  octet m[64];
} ed448_signctx;

typedef struct ed448_vrfctx {
  octet K[ED448_PUBSZ];
  octet m[64];
  octet sig[ED448_SIGSZ];
} ed448_vrfctx;

static void *ed448_signinit(opts *o)
{
  ed448_signctx *c = CREATE(ed448_signctx);

  rand_get(RAND_GLOBAL, c->k, sizeof(c->k));
  rand_get(RAND_GLOBAL, c->m, sizeof(c->m));
  ed448_pubkey(c->K, c->k, sizeof(c->k));
  return (c);
}

static void ed448_signrun(void *cc)
{
  ed448_signctx *c = cc;
  octet sig[ED448_SIGSZ];

  ed448_sign(sig, c->k, sizeof(c->k), c->K, 0, 0, 0, c->m, sizeof(c->m));
}

static void *ed448_vrfinit(opts *o)
{
  octet k[ED448_KEYSZ];
  ed448_vrfctx *c = CREATE(ed448_vrfctx);

  rand_get(RAND_GLOBAL, k, sizeof(k));
  rand_get(RAND_GLOBAL, c->m, sizeof(c->m));
  ed448_pubkey(c->K, k, sizeof(k));
  ed448_sign(c->sig, k, sizeof(k), c->K, 0, 0, 0, c->m, sizeof(c->m));
  return (c);
}

static void ed448_vrfrun(void *cc)
{
  ed448_vrfctx *c = cc;
  ed448_verify(c->K, 0, 0, 0, c->m, sizeof(c->m), c->sig);
}

/* --- RSA --- */

typedef struct rsapriv_ctx {
  rsa_priv rp;
  rsa_privctx rpc;
  mp *m;
} rsapriv_ctx;

static void *rsapriv_init(opts *o)
{
  rsapriv_ctx *c = CREATE(rsapriv_ctx);

  if (!o->fbits) o->fbits = 1024;
  if (!o->e) o->e = mp_fromulong(MP_NEW, 65537);
  rsa_gen_e(&c->rp, o->fbits, o->e, &rand_global, 0, pgen_evspin, 0);
  rsa_privcreate(&c->rpc, &c->rp, 0);
  c->m = mprand_range(MP_NEW, c->rp.n, &rand_global, 0);
  return (c);
}

static void *rsaprivblind_init(opts *o)
{
  rsapriv_ctx *c = CREATE(rsapriv_ctx);

  if (!o->fbits) o->fbits = 1024;
  if (!o->e) o->e = mp_fromulong(MP_NEW, 65537);
  rsa_gen_e(&c->rp, o->fbits, o->e, &rand_global, 0, pgen_evspin, 0);
  rsa_privcreate(&c->rpc, &c->rp, fibrand_create(0));
  c->m = mprand_range(MP_NEW, c->rp.n, &rand_global, 0);
  return (c);
}

static void rsapriv_run(void *cc)
{
  rsapriv_ctx *c = cc;
  mp *d = rsa_privop(&c->rpc, MP_NEW, c->m);
  MP_DROP(d);
}

typedef struct rsapub_ctx {
  rsa_pub rp;
  rsa_pubctx rpc;
  mp *m;
} rsapub_ctx;

static void *rsapub_init(opts *o)
{
  rsapub_ctx *c = CREATE(rsapub_ctx);
  rsa_priv rp;

  if (!o->fbits) o->fbits = 1024;
  if (!o->e) o->e = mp_fromulong(MP_NEW, 65537);
  rsa_gen_e(&rp, o->fbits, o->e, &rand_global, 0, pgen_evspin, 0);
  c->rp.n = MP_COPY(rp.n);
  c->rp.e = MP_COPY(rp.e);
  rsa_privfree(&rp);
  rsa_pubcreate(&c->rpc, &c->rp);
  c->m = mprand_range(MP_NEW, c->rp.n, &rand_global, 0);
  return (c);
}

static void rsapub_run(void *cc)
{
  rsapub_ctx *c = cc;
  mp *d = rsa_pubop(&c->rpc, MP_NEW, c->m);
  MP_DROP(d);
}

/* --- Symmetric encryption --- */

typedef struct ksched_ctx {
  const gccipher *c;
  octet *k;
  size_t ksz;
} ksched_ctx;

static void *ksched_init(opts *o)
{
  ksched_ctx *c = CREATE(ksched_ctx);
  if (!o->name)
    die(1, "must specify encryption scheme name");
  if ((c->c = gcipher_byname(o->name)) == 0)
    die(1, "encryption scheme `%s' not known", o->name);
  c->ksz = keysz(o->fbits/8, c->c->keysz);
  if (o->fbits%8 || (o->fbits && c->ksz != o->fbits/8))
    die(1, "bad key size %u for %s", o->fbits, o->name);
  c->k = xmalloc(c->ksz);
  rand_get(RAND_GLOBAL, c->k, c->ksz);
  return (c);
}

static void ksched_run(void *cc)
{
  ksched_ctx *c = cc;
  gcipher *gc = GC_INIT(c->c, c->k, c->ksz);
  GC_DESTROY(gc);
}

typedef struct enc_ctx {
  gcipher *c;
  octet *m;
  size_t sz;
  size_t n;
} enc_ctx;

static void *enc_init(opts *o)
{
  enc_ctx *c = CREATE(enc_ctx);
  const gccipher *cc;
  size_t ksz;
  octet *k;
  if (!o->name)
    die(1, "must specify encryption scheme name");
  if ((cc = gcipher_byname(o->name)) == 0)
    die(1, "encryption scheme `%s' not known", o->name);
  ksz = keysz(o->fbits/8, cc->keysz);
  if (o->fbits%8 || (o->fbits && ksz != o->fbits/8))
    die(1, "bad key size %u for %s", o->fbits, o->name);
  k = xmalloc(ksz);
  rand_get(RAND_GLOBAL, k, ksz);
  c->c = GC_INIT(cc, k, ksz);
  xfree(k);
  c->sz = o->gbits ? o->gbits : 65536;
  c->n = o->n ? o->n : 16;
  o->opwhat = "byte"; o->sc = c->n*c->sz;
  c->m = xmalloc(c->sz);
  return (c);
}

static void enc_run(void *cc)
{
  enc_ctx *c = cc;
  size_t i;
  for (i = 0; i < c->n; i++)
    GC_ENCRYPT(c->c, c->m, c->m, c->sz);
}

/* --- Authenticated encryption --- */

typedef struct aeadsetup_ctx {
  const gcaead *aec;
  octet *k; size_t ksz;
  octet *n; size_t nsz;
  size_t tsz;
} aeadsetup_ctx;

static void *aeadsetup_init(opts *o)
{
  aeadsetup_ctx *c = CREATE(aeadsetup_ctx);
  if (!o->name)
    die(1, "must specify encryption scheme name");
  if ((c->aec = gaead_byname(o->name)) == 0)
    die(1, "aead scheme `%s' not known", o->name);
  c->ksz = keysz(o->fbits/8, c->aec->keysz);
  c->nsz = keysz_pad(o->gbits/8, c->aec->noncesz);
  c->tsz = keysz(0, c->aec->tagsz);
  if (o->fbits%8 || (o->fbits && c->ksz != o->fbits/8))
    die(1, "bad key size %u for %s", o->fbits, o->name);
  if (o->gbits%8 || (o->gbits && c->nsz != o->gbits/8))
    die(1, "bad nonce size %u for %s", o->gbits, o->name);
  c->k = xmalloc(c->ksz); rand_get(RAND_GLOBAL, c->k, c->ksz);
  c->n = xmalloc(c->nsz); rand_get(RAND_GLOBAL, c->n, c->nsz);
  return (c);
}

static void aeadsetup_run(void *cc)
{
  aeadsetup_ctx *c = cc;
  gaead_key *k = GAEAD_KEY(c->aec, c->k, c->ksz);
  gaead_enc *e = GAEAD_ENC(k, c->n, c->nsz, 0, 0, c->tsz);
  GAEAD_DESTROY(e); GAEAD_DESTROY(k);
}

typedef struct aeadenc_ctx {
  gaead_enc *enc;
  octet *n; size_t nsz;
  octet *p, *q; size_t sz; size_t nn;
  size_t tsz;
} aeadenc_ctx;

static void *aeadenc_init(opts *o)
{
  aeadenc_ctx *c = CREATE(aeadenc_ctx);
  const gcaead *aec;
  gaead_key *key;
  octet *k; size_t ksz;

  if (!o->name)
    die(1, "must specify encryption scheme name");
  if ((aec = gaead_byname(o->name)) == 0)
    die(1, "aead scheme `%s' not known", o->name);
  c->sz = o->gbits ? o->gbits : 65536;
  c->nn = o->n ? o->n : 16;
  ksz = keysz(o->fbits/8, aec->keysz);
  c->nsz = keysz(0, aec->noncesz);
  c->tsz = keysz(0, aec->tagsz);
  if (o->fbits%8 || (o->fbits && ksz != o->fbits/8))
    die(1, "bad key size %u for %s", o->fbits, o->name);

  k = xmalloc(ksz); rand_get(RAND_GLOBAL, k, ksz);
  c->n = xmalloc(c->nsz); rand_get(RAND_GLOBAL, c->n, c->nsz);
  c->p = xmalloc(c->sz); c->q = xmalloc(c->sz + aec->bufsz);

  key = GAEAD_KEY(aec, k, ksz);
  c->enc = GAEAD_ENC(key, c->n, c->nsz, 0, 0, c->tsz);
  GAEAD_DESTROY(key); xfree(k);

  o->opwhat = "byte"; o->sc = c->nn*c->sz;
  return (c);
}

static void aeadaad_run(void *cc)
{
  aeadenc_ctx *c = cc;
  gaead_aad *a;
  size_t i;

  GAEAD_REINIT(c->enc, c->n, c->nsz, c->nn*c->sz, 0, c->tsz);
  a = GAEAD_AAD(c->enc);
  for (i = 0; i < c->nn; i++) GAEAD_HASH(a, c->p, c->sz);
  GAEAD_DESTROY(a);
}

static void aeadenc_run(void *cc)
{
  aeadenc_ctx *c = cc;
  buf b;
  size_t i;

  GAEAD_REINIT(c->enc, c->n, c->nsz, 0, c->nn*c->sz, c->tsz);
  for (i = 0; i < c->nn; i++) {
    buf_init(&b, c->q, c->sz + c->enc->ops->c->bufsz);
    GAEAD_ENCRYPT(c->enc, c->p, c->sz, &b);
  }
}

/* --- Hashing --- */

typedef struct hash_ctx {
  const gchash *h;
  octet *m;
  size_t sz;
  size_t n;
} hash_ctx;

static void *hash_init(opts *o)
{
  hash_ctx *c = CREATE(hash_ctx);
  if (!o->name)
    die(1, "must specify hash function name");
  if ((c->h = ghash_byname(o->name)) == 0)
    die(1, "hash function `%s' not known", o->name);
  c->sz = o->gbits ? o->gbits : 65536;
  c->n = o->n ? o->n : 16;
  o->opwhat = "byte"; o->sc = c->n*c->sz;
  c->m = xmalloc(c->sz);
  return (c);
}

static void hash_run(void *cc)
{
  hash_ctx *c = cc;
  size_t i;
  ghash *h = GH_INIT(c->h);
  for (i = 0; i < c->n; i++)
    GH_HASH(h, c->m, c->sz);
  GH_DONE(h, 0);
  GH_DESTROY(h);
}

/* --- Poly1305 --- */

typedef struct poly1305_jobctx {
  poly1305_key k;
  octet s[POLY1305_MASKSZ];
  octet *m;
  size_t sz;
  size_t n;
} poly1305_jobctx;

static void *poly1305_jobinit(opts *o)
{
  octet k[POLY1305_KEYSZ];
  poly1305_jobctx *c = CREATE(poly1305_jobctx);
  rand_get(RAND_GLOBAL, k, sizeof(k));
  poly1305_keyinit(&c->k, k, sizeof(k));
  rand_get(RAND_GLOBAL, c->s, sizeof(c->s));
  c->sz = o->gbits ? o->gbits : 65536;
  c->n = o->n ? o->n : 16;
  o->opwhat = "byte"; o->sc = c->n*c->sz;
  c->m = xmalloc(c->sz);
  return (c);
}

static void poly1305_jobrun(void *cc)
{
  poly1305_jobctx *c = cc;
  poly1305_ctx ctx;
  octet t[POLY1305_TAGSZ];
  size_t i;
  poly1305_macinit(&ctx, &c->k, c->s);
  for (i = 0; i < c->n; i++) poly1305_hash(&ctx, c->m, c->sz);
  poly1305_done(&ctx, t);
}

/* --- Job table --- */

typedef struct jobops {
  const char *name;
  void *(*init)(opts *);
  void (*run)(void *);
} jobops;

static const jobops jobtab[] = {
  { "g-prime-exp",              grp_init,               gr_run },
  { "g-ec-mul",                 grec_init,              gr_run },
  { "g-prime-exp-sim",          grp_init,               grsim_run },
  { "g-ec-mul-sim",             grec_init,              grsim_run },
  { "barrett-exp",              bar_init,               bar_run },
  { "barrett-exp-sim",          bar_init,               barsim_run },
  { "mont-exp",                 mont_init,              mont_run },
  { "mont-exp-sim",             mont_init,              montsim_run },
  { "rsa-priv",                 rsapriv_init,           rsapriv_run },
  { "rsa-priv-blind",           rsaprivblind_init,      rsapriv_run },
  { "rsa-pub",                  rsapub_init,            rsapub_run },
  { "x25519",                   x25519_jobinit,         x25519_jobrun },
  { "x448",                     x448_jobinit,           x448_jobrun },
  { "ed25519-sign",             ed25519_signinit,       ed25519_signrun },
  { "ed25519-vrf",              ed25519_vrfinit,        ed25519_vrfrun },
  { "ed448-sign",               ed448_signinit,         ed448_signrun },
  { "ed448-vrf",                ed448_vrfinit,          ed448_vrfrun },
  { "ksched",                   ksched_init,            ksched_run },
  { "enc",                      enc_init,               enc_run },
  { "aead-setup",               aeadsetup_init,         aeadsetup_run },
  { "aead-aad",                 aeadenc_init,           aeadaad_run },
  { "aead-enc",                 aeadenc_init,           aeadenc_run },
  { "hash",                     hash_init,              hash_run },
  { "poly1305",                 poly1305_jobinit,       poly1305_jobrun },
  { 0,                          0,                      0 }
};

/*----- Cycle counting ----------------------------------------------------*/

typedef kludge64 cycles;
static int cyclecount_active_p = 0;

#if defined(__GNUC__) && (CPUFAM_X86 || CPUFAM_AMD64)

static void init_cyclecount(void) { cyclecount_active_p = 1; }

static cycles cyclecount(void)
{
  uint32 lo, hi;
  kludge64 cy;

  __asm__("rdtsc" : "=a"(lo), "=d"(hi));
  SET64(cy, hi, lo);
  return cy;
}

#elif defined(HAVE_LINUX_PERF_EVENT_H) && defined(HAVE_UINT64)

static int perf_fd = -1;

static void init_cyclecount(void)
{
  struct perf_event_attr attr = { 0 };

  attr.type = PERF_TYPE_HARDWARE;
  attr.size = sizeof(attr);
  attr.config = PERF_COUNT_HW_CPU_CYCLES;
  attr.disabled = 0;
  attr.exclude_kernel = 1;
  attr.exclude_hv = 1;

  if ((perf_fd = syscall(__NR_perf_event_open, &attr, 0, -1, -1, 0)) < 0)
    moan("failed to open perf event: %s", strerror(errno));
  else
    cyclecount_active_p = 1;
}

static cycles cyclecount(void)
{
  kludge64 cy;
  ssize_t n;

  if (!cyclecount_active_p)
    goto fail;
  else if ((n = read(perf_fd, &cy.i, sizeof(cy.i))) != sizeof(cy.i)) {
    if (n < 0) moan("error reading perf event: %s", strerror(errno));
    else moan("unexpected short read from perf event");
    cyclecount_active_p = 0; close(perf_fd); perf_fd = -1;
    goto fail;
  }
end:
  return (cy);
fail:
  SET64(cy, 0, 0);
  goto end;
}

#else

static void init_cyclecount(void) { cyclecount_active_p = 0; }
static cycles cyclecount(void) { kludge64 cy; SET64(cy, 0, 0); return (cy); }

#endif

/*----- Main code ---------------------------------------------------------*/

void version(FILE *fp)
{
  pquis(fp, "$, Catacomb " VERSION "\n");
}

static void usage(FILE *fp)
{
  pquis(fp, "Usage: $ [-options] job\n");
}

static void help(FILE *fp)
{
  version(fp);
  putc('\n', fp);
  usage(fp);
  pquis(fp, "\n\
Various performance tests.\n\
\n\
Options:\n\
\n\
-h, --help              Show this help text.\n\
-v, --version           Show program version number.\n\
-u, --usage             Show terse usage message.\n\
-l, --list [ITEM...]    List all the various names of things.\n\
\n\
-C, --name=NAME         Select curve/DH-group/enc/hash name.\n\
-b, --field-bits        Field size for g-prime and rsa;\n\
                          key bits for ksched, enc, aead-setup, aead-enc.\n\
-q, --no-check          Don't check field/group for validity.\n\
-B, --group-bits        Group size for g-prime; nonce bits for aead-setup;\n\
                          data size for enc, aead-aad, aead-enc, and hash.\n\
-n, --factors=COUNT     Number of factors for {exp,mul}-sim;\n\
                          inner iters for enc, aead-aad, aead-enc, hash.\n\
-i, --intervals=COUNT   Number of intervals to run for.  [0; forever]\n\
-k, --batch=COUNT       Number of operations to batch between timer checks.\n\
-t, --time=TIME         Length of an interval in seconds.  [1]\n\
");
}

#define LISTS(LI)                                                       \
  LI("Lists", list,                                                     \
     listtab[i].name, listtab[i].name)                                  \
  LI("Jobs", job,                                                       \
     jobtab[i].name, jobtab[i].name)                                    \
  LI("Elliptic curves", ec,                                             \
     ectab[i].name, ectab[i].name)                                      \
  LI("Diffie-Hellman groups", dh,                                       \
     ptab[i].name, ptab[i].name)                                        \
  LI("Encryption algorithms", cipher,                                   \
     gciphertab[i], gciphertab[i]->name)                                \
  LI("Authenticated encryption schemes", aead,                          \
     gaeadtab[i], gaeadtab[i]->name)                                    \
  LI("Hash functions", hash,                                            \
     ghashtab[i], ghashtab[i]->name)

MAKELISTTAB(listtab, LISTS)

static unsigned uarg(const char *what, const char *p)
{
  char *q;
  unsigned long u;
  errno = 0;
  u = strtoul(p, &q, 0);
  if (*q || u > UINT_MAX || q == p || errno)
    die(1, "bad %s `%s'", what, p);
  return (u);
}

static mp *mparg(const char *what, const char *p)
{
  char *q;
  mp *x = mp_readstring(MP_NEW, p, &q, 0);
  if (!x || *q) die(1, "bad %s `%s'", what, p);
  return (x);
}

static double farg(const char *what, const char *p)
{
  char *q;
  double f;
  errno = 0;
  f = strtod(p, &q);
  if (*q || q == p || errno)
    die(1, "bad %s `%s'", what, p);
  return (f);
}

int main(int argc, char *argv[])
{
  int i;
  opts o = { 0 };
  const jobops *j;
  struct timeval tv_next, tv_now;
  double t, ttot, cy, cytot;
  unsigned n, k;
  unsigned long ii;
  clock_t c0, c1;
  kludge64 cy0, cy1, cydiff;
  double itot;
  void *p;

  ego(argv[0]);
  o.t = 1; o.k = 1; o.sc = 1; o.opwhat = "op";
  for (;;) {
    static const struct option opts[] = {
      { "help",         0,              0,      'h' },
      { "version",      0,              0,      'v' },
      { "usage",        0,              0,      'u' },
      { "list",         0,              0,      'l' },
      { "name",         OPTF_ARGREQ,    0,      'C' },
      { "field-bits",   OPTF_ARGREQ,    0,      'b' },
      { "group-bits",   OPTF_ARGREQ,    0,      'B' },
      { "factors",      OPTF_ARGREQ,    0,      'n' },
      { "intervals",    OPTF_ARGREQ,    0,      'i' },
      { "batch",        OPTF_ARGREQ,    0,      'k' },
      { "public-exponent", OPTF_ARGREQ, 0,      'e' },
      { "time",         OPTF_ARGREQ,    0,      't' },
      { "no-check",     0,              0,      'q' },
      { 0,              0,              0,      0 }
    };

    i = mdwopt(argc, argv, "hvulC:b:B:n:i:k:e:t:q", opts, 0, 0, 0);
    if (i < 0) break;
    switch (i) {
      case 'h': help(stdout); exit(0);
      case 'v': version(stdout); exit(0);
      case 'u': usage(stdout); exit(0);
      case 'l': exit(displaylists(listtab, argv + optind));
      case 'C': o.name = optarg; break;
      case 'b': o.fbits = uarg("field bits", optarg); break;
      case 'B': o.gbits = uarg("subgroup bits", optarg); break;
      case 'n': o.n = uarg("factor count", optarg); break;
      case 'e':
        mp_drop(o.e); o.e = mparg("public exponent", optarg);
        if (MP_CMP(o.e, <, MP_THREE) || MP_EVENP(o.e))
          die(1, "invalid public exponent");
        break;
      case 'i': o.i = uarg("interval count", optarg); break;
      case 't': o.t = farg("interval length", optarg); break;
      case 'k': o.k = uarg("batch size", optarg); break;
      case 'q': o.f |= OF_NOCHECK; break;
      default: usage(stderr); exit(1);
    }
  }
  if (optind + 1 != argc) { usage(stderr); exit(1); }

  for (j = jobtab; j->name; j++)
    if (STRCMP(j->name, ==, argv[optind])) break;
  if (!j->name) die(1, "unknown job type `%s'", argv[optind]);
  p = j->init(&o);

  n = 0;
  ttot = itot = 0; cytot = 0; init_cyclecount();
  gettimeofday(&tv_now, 0);
  do {
    tv_addl(&tv_next, &tv_now, o.t, fmod(o.t * MILLION, MILLION));
    ii = 0;
    c0 = clock(); cy0 = cyclecount();
    do {
      for (k = 0; k < o.k; k++) { j->run(p); }
      ii += k;
      gettimeofday(&tv_now, 0);
    } while (TV_CMP(&tv_now, <, &tv_next));
    cy1 = cyclecount(); c1 = clock();
    t = (double)(c1 - c0)/CLOCKS_PER_SEC;
    itot += ii; ttot += t;
    printf("%5u: did = %5lu; /sec = %5f; avg /sec = %5f",
           n, ii, ii/t, itot/ttot);
    if (cyclecount_active_p) {
      SUB64(cydiff, cy1, cy0); cy = LO64(cydiff) + ldexp(HI64(cydiff), 32);
      cytot += cy;
      printf(" (cy/%s = %3f; avg cy/%s = %3f)",
             o.opwhat, cy/ii/o.sc, o.opwhat, cytot/itot/o.sc);
    }
    putchar('\n');
    fflush(stdout);
    n++;
  } while (!o.i || n < o.i);

  return (0);
}

/*----- That's all, folks -------------------------------------------------*/