Removed by request of Theo Deraadt <deraadt@cvs.openbsd.org>, pending
further resolution or re-implementation.
This commit is contained in:
parent
70c91c4341
commit
9c301eca05
|
@ -1,502 +0,0 @@
|
|||
/* $NetBSD: cryptotest.c,v 1.2 2004/01/21 02:14:14 jonathan Exp $ */
|
||||
/* $FreeBSD: /repoman/r/ncvs/src/tools/tools/crypto/cryptotest.c,v 1.3.2.2 2003/06/03 00:14:44 sam Exp $ */
|
||||
|
||||
/*
|
||||
* This program repeatedly encrypts and decrypts a buffer with the built-in
|
||||
* iv and key, using hardware crypto. At the end, it computes the data rate
|
||||
* achieved. invoke with the number of times to encrypt and the buffer size.
|
||||
*
|
||||
* For a test of how fast a crypto card is, use something like:
|
||||
* cryptotest -z 1024
|
||||
* This will run a series of tests using the available crypto/cipher
|
||||
* algorithms over a variety of buffer sizes. The 1024 says to do 1024
|
||||
* iterations. Extra arguments can be used to specify one or more buffer
|
||||
* sizes to use in doing tests.
|
||||
*
|
||||
* To fork multiple processes all doing the same work, specify -t X on the
|
||||
* command line to get X "threads" running simultaneously. No effort is made
|
||||
* synchronize the threads or otherwise maximize load.
|
||||
*
|
||||
* If the kernel crypto code is built with CRYPTO_TIMING and you run as root,
|
||||
* then you can specify the -p option to get a "profile" of the time spent
|
||||
* processing crypto operations. At present this data is only meaningful for
|
||||
* symmetric operations. To get meaningful numbers you must run on an idle
|
||||
* machine.
|
||||
*
|
||||
* Expect ~400 Mb/s for a Broadcom 582x for 8K buffers on a reasonable CPU
|
||||
* (64-bit PCI helps). Hifn 7811 parts top out at ~110 Mb/s.
|
||||
*
|
||||
* This code originally came from openbsd; give them all the credit.
|
||||
*/
|
||||
#include <sys/types.h>
|
||||
#include <sys/param.h>
|
||||
#include <sys/time.h>
|
||||
#include <sys/ioctl.h>
|
||||
#include <stdio.h>
|
||||
#include <fcntl.h>
|
||||
#include <unistd.h>
|
||||
#include <sys/wait.h>
|
||||
#include <sys/mman.h>
|
||||
|
||||
#include <sys/sysctl.h>
|
||||
#include <sys/time.h>
|
||||
#include <crypto/cryptodev.h>
|
||||
|
||||
#define CHUNK 64 /* how much to display */
|
||||
#define N(a) (sizeof (a) / sizeof (a[0]))
|
||||
#define streq(a,b) (strcasecmp(a,b) == 0)
|
||||
|
||||
void hexdump(char *, int);
|
||||
|
||||
int cryptodev_fd;
|
||||
int fd;
|
||||
struct session_op session;
|
||||
struct crypt_op cryptop;
|
||||
char iv[8] = "00000000";
|
||||
int verbose = 0;
|
||||
int opflags = 0;
|
||||
int verify = 0;
|
||||
|
||||
struct alg {
|
||||
const char* name;
|
||||
int ishash;
|
||||
int blocksize;
|
||||
int minkeylen;
|
||||
int maxkeylen;
|
||||
int code;
|
||||
} algorithms[] = {
|
||||
#ifdef CRYPTO_NULL_CBC
|
||||
{ "null", 0, 8, 1, 256, CRYPTO_NULL_CBC },
|
||||
#endif
|
||||
{ "des", 0, 8, 8, 8, CRYPTO_DES_CBC },
|
||||
{ "3des", 0, 8, 24, 24, CRYPTO_3DES_CBC },
|
||||
{ "blf", 0, 8, 5, 56, CRYPTO_BLF_CBC },
|
||||
{ "cast", 0, 8, 5, 16, CRYPTO_CAST_CBC },
|
||||
{ "skj", 0, 8, 10, 10, CRYPTO_SKIPJACK_CBC },
|
||||
{ "aes", 0, 16, 16, 16, CRYPTO_RIJNDAEL128_CBC},
|
||||
{ "aes192", 0, 16, 24, 24, CRYPTO_RIJNDAEL128_CBC},
|
||||
{ "aes256", 0, 16, 32, 32, CRYPTO_RIJNDAEL128_CBC},
|
||||
#ifdef notdef
|
||||
{ "arc4", 0, 8, 1, 32, CRYPTO_ARC4 },
|
||||
#endif
|
||||
{ "md5", 1, 8, 16, 16, CRYPTO_MD5_HMAC },
|
||||
{ "sha1", 1, 8, 20, 20, CRYPTO_SHA1_HMAC },
|
||||
{ "sha256", 1, 8, 32, 32, CRYPTO_SHA2_HMAC },
|
||||
{ "sha384", 1, 8, 48, 48, CRYPTO_SHA2_HMAC },
|
||||
{ "sha512", 1, 8, 64, 64, CRYPTO_SHA2_HMAC },
|
||||
};
|
||||
|
||||
static void
|
||||
usage(const char* cmd)
|
||||
{
|
||||
printf("usage: %s [-c] [-z] [-s] [-b] [-v] [-a algorithm] [count] [size ...]\n",
|
||||
cmd);
|
||||
printf("where algorithm is one of:\n");
|
||||
printf(" des 3des (default) blowfish cast skipjack\n");
|
||||
printf(" aes (aka rijndael) aes192 aes256 arc4\n");
|
||||
printf("count is the number of encrypt/decrypt ops to do\n");
|
||||
printf("size is the number of bytes of text to encrypt+decrypt\n");
|
||||
printf("\n");
|
||||
printf("-c check the results (slows timing)\n");
|
||||
printf("-z run all available algorithms on a variety of sizes\n");
|
||||
printf("-v be verbose\n");
|
||||
printf("-b mark operations for batching\n");
|
||||
printf("-p profile kernel crypto operation (must be root)\n");
|
||||
exit(-1);
|
||||
}
|
||||
|
||||
static struct alg*
|
||||
getalgbycode(int cipher)
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 0; i < N(algorithms); i++)
|
||||
if (cipher == algorithms[i].code)
|
||||
return &algorithms[i];
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static struct alg*
|
||||
getalgbyname(const char* name)
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 0; i < N(algorithms); i++)
|
||||
if (streq(name, algorithms[i].name))
|
||||
return &algorithms[i];
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static void
|
||||
runtest(struct alg *alg, int count, int size, int cmd, struct timeval *tv)
|
||||
{
|
||||
int i;
|
||||
struct timeval start, stop, dt;
|
||||
char *cleartext, *ciphertext, *originaltext;
|
||||
|
||||
if (ioctl(cryptodev_fd,CRIOGET,&fd) == -1)
|
||||
err(1, "CRIOGET failed");
|
||||
|
||||
bzero(&session, sizeof(session));
|
||||
if (!alg->ishash) {
|
||||
session.keylen = (alg->minkeylen + alg->maxkeylen)/2;
|
||||
session.key = (char *) malloc(session.keylen);
|
||||
if (session.key == NULL)
|
||||
err(1, "malloc (key)");
|
||||
for (i = 0; i < session.keylen; i++)
|
||||
session.key[i] = '0' + (i%10);
|
||||
session.cipher = alg->code;
|
||||
} else {
|
||||
session.mackeylen = (alg->minkeylen + alg->maxkeylen)/2;
|
||||
session.mackey = (char *) malloc(session.mackeylen);
|
||||
if (session.mackey == NULL)
|
||||
err(1, "malloc (mac)");
|
||||
for (i = 0; i < session.mackeylen; i++)
|
||||
session.mackey[i] = '0' + (i%10);
|
||||
session.mac = alg->code;
|
||||
}
|
||||
if (ioctl(fd, cmd, &session) == -1) {
|
||||
if (cmd == CIOCGSESSION) {
|
||||
close(fd);
|
||||
if (verbose) {
|
||||
printf("cipher %s", alg->name);
|
||||
if (alg->ishash)
|
||||
printf(" mackeylen %u\n", session.mackeylen);
|
||||
else
|
||||
printf(" keylen %u\n", session.keylen);
|
||||
perror("CIOCGSESSION");
|
||||
}
|
||||
/* hardware doesn't support algorithm; skip it */
|
||||
return;
|
||||
}
|
||||
printf("cipher %s keylen %u mackeylen %u\n",
|
||||
alg->name, session.keylen, session.mackeylen);
|
||||
err(1, "CIOCGSESSION failed");
|
||||
}
|
||||
|
||||
if ((originaltext = (char *)malloc(size)) == NULL)
|
||||
err(1, "malloc (originaltext)");
|
||||
if ((cleartext = (char *)malloc(size)) == NULL)
|
||||
err(1, "malloc (cleartext)");
|
||||
if ((ciphertext = (char *)malloc(size)) == NULL)
|
||||
err(1, "malloc (ciphertext)");
|
||||
for (i = 0; i < size; i++)
|
||||
cleartext[i] = 'a' + i%26;
|
||||
memcpy(originaltext, cleartext, size);
|
||||
|
||||
if (verbose) {
|
||||
printf("session = 0x%x\n", session.ses);
|
||||
printf("count = %d, size = %d\n", count, size);
|
||||
cryptop.ses = session.ses;
|
||||
if (!alg->ishash) {
|
||||
printf("iv:");
|
||||
hexdump(iv, sizeof iv);
|
||||
}
|
||||
printf("cleartext:");
|
||||
hexdump(cleartext, MIN(size, CHUNK));
|
||||
}
|
||||
|
||||
gettimeofday(&start, NULL);
|
||||
if (!alg->ishash) {
|
||||
for (i = 0; i < count; i++) {
|
||||
cryptop.op = COP_ENCRYPT;
|
||||
cryptop.flags = opflags;
|
||||
cryptop.len = size;
|
||||
cryptop.src = cleartext;
|
||||
cryptop.dst = ciphertext;
|
||||
cryptop.mac = 0;
|
||||
cryptop.iv = iv;
|
||||
|
||||
if (ioctl(fd, CIOCCRYPT, &cryptop) == -1)
|
||||
err(1, "CIOCCRYPT failed");
|
||||
|
||||
if (verify && bcmp(ciphertext, cleartext, size) == 0) {
|
||||
printf("cipher text unchanged:");
|
||||
hexdump(ciphertext, size);
|
||||
}
|
||||
|
||||
memset(cleartext, 'x', MIN(size, CHUNK));
|
||||
cryptop.op = COP_DECRYPT;
|
||||
cryptop.flags = opflags;
|
||||
cryptop.len = size;
|
||||
cryptop.src = ciphertext;
|
||||
cryptop.dst = cleartext;
|
||||
cryptop.mac = 0;
|
||||
cryptop.iv = iv;
|
||||
|
||||
if (ioctl(fd, CIOCCRYPT, &cryptop) == -1)
|
||||
err(1, "CIOCCRYPT failed");
|
||||
|
||||
if (verify && bcmp(cleartext, originaltext, size) != 0) {
|
||||
printf("decrypt mismatch:\n");
|
||||
printf("original:");
|
||||
hexdump(originaltext, size);
|
||||
printf("cleartext:");
|
||||
hexdump(cleartext, size);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
for (i = 0; i < count; i++) {
|
||||
cryptop.op = 0;
|
||||
cryptop.flags = opflags;
|
||||
cryptop.len = size;
|
||||
cryptop.src = cleartext;
|
||||
cryptop.dst = 0;
|
||||
cryptop.mac = ciphertext;
|
||||
cryptop.iv = 0;
|
||||
|
||||
if (ioctl(fd, CIOCCRYPT, &cryptop) == -1)
|
||||
err(1, "CIOCCRYPT failed");
|
||||
}
|
||||
}
|
||||
gettimeofday(&stop, NULL);
|
||||
|
||||
if (ioctl(fd, CIOCFSESSION, &session.ses) == -1)
|
||||
perror("CIOCFSESSION");
|
||||
|
||||
if (verbose) {
|
||||
printf("cleartext:");
|
||||
hexdump(cleartext, MIN(size, CHUNK));
|
||||
}
|
||||
timersub(&stop, &start, tv);
|
||||
|
||||
free(ciphertext);
|
||||
free(cleartext);
|
||||
|
||||
close(fd);
|
||||
}
|
||||
|
||||
#ifdef __FreeBSD__
|
||||
static void
|
||||
resetstats()
|
||||
{
|
||||
struct cryptostats stats;
|
||||
size_t slen;
|
||||
|
||||
slen = sizeof (stats);
|
||||
if (sysctlbyname("kern.crypto_stats", &stats, &slen, NULL, NULL) < 0) {
|
||||
perror("kern.crypto_stats");
|
||||
return;
|
||||
}
|
||||
bzero(&stats.cs_invoke, sizeof (stats.cs_invoke));
|
||||
bzero(&stats.cs_done, sizeof (stats.cs_done));
|
||||
bzero(&stats.cs_cb, sizeof (stats.cs_cb));
|
||||
bzero(&stats.cs_finis, sizeof (stats.cs_finis));
|
||||
stats.cs_invoke.min.tv_sec = 10000;
|
||||
stats.cs_done.min.tv_sec = 10000;
|
||||
stats.cs_cb.min.tv_sec = 10000;
|
||||
stats.cs_finis.min.tv_sec = 10000;
|
||||
if (sysctlbyname("kern.crypto_stats", NULL, NULL, &stats, sizeof (stats)) < 0)
|
||||
perror("kern.cryptostats");
|
||||
}
|
||||
|
||||
static void
|
||||
printt(const char* tag, struct cryptotstat *ts)
|
||||
{
|
||||
uint64_t avg, min, max;
|
||||
|
||||
if (ts->count == 0)
|
||||
return;
|
||||
avg = (1000000000LL*ts->acc.tv_sec + ts->acc.tv_nsec) / ts->count;
|
||||
min = 1000000000LL*ts->min.tv_sec + ts->min.tv_nsec;
|
||||
max = 1000000000LL*ts->max.tv_sec + ts->max.tv_nsec;
|
||||
printf("%16.16s: avg %6llu ns : min %6llu ns : max %7llu ns [%u samps]\n",
|
||||
tag, avg, min, max, ts->count);
|
||||
}
|
||||
#endif
|
||||
|
||||
static void
|
||||
runtests(struct alg *alg, int count, int size, int cmd, int threads, int profile)
|
||||
{
|
||||
int i, status;
|
||||
double t;
|
||||
void *region;
|
||||
struct timeval *tvp;
|
||||
struct timeval total;
|
||||
int otiming;
|
||||
|
||||
if (size % alg->blocksize) {
|
||||
if (verbose)
|
||||
printf("skipping blocksize %u 'cuz not a multiple of "
|
||||
"%s blocksize %u\n",
|
||||
size, alg->name, alg->blocksize);
|
||||
return;
|
||||
}
|
||||
|
||||
region = mmap(NULL, threads * sizeof (struct timeval),
|
||||
PROT_READ|PROT_WRITE, MAP_ANON|MAP_SHARED, -1, 0);
|
||||
if (region == MAP_FAILED) {
|
||||
perror("mmap");
|
||||
return;
|
||||
}
|
||||
tvp = (struct timeval *) region;
|
||||
#ifdef __FreeBSD__
|
||||
if (profile) {
|
||||
size_t tlen = sizeof (otiming);
|
||||
int timing = 1;
|
||||
|
||||
resetstats();
|
||||
if (sysctlbyname("debug.crypto_timing", &otiming, &tlen,
|
||||
&timing, sizeof (timing)) < 0)
|
||||
perror("debug.crypto_timing");
|
||||
}
|
||||
#endif
|
||||
|
||||
if (threads > 1) {
|
||||
for (i = 0; i < threads; i++)
|
||||
if (fork() == 0) {
|
||||
runtest(alg, count, size, cmd, &tvp[i]);
|
||||
exit(0);
|
||||
}
|
||||
while (waitpid(WAIT_MYPGRP, &status, 0) != -1)
|
||||
;
|
||||
} else
|
||||
runtest(alg, count, size, cmd, tvp);
|
||||
|
||||
t = 0;
|
||||
for (i = 0; i < threads; i++)
|
||||
t += (((double)tvp[i].tv_sec * 1000000 + tvp[i].tv_usec) / 1000000);
|
||||
if (t) {
|
||||
int nops = alg->ishash ? count : 2*count;
|
||||
|
||||
t /= threads;
|
||||
printf("%6.3lf sec, %7d %6s crypts, %7d bytes, %8.0lf byte/sec, %7.1lf Mb/sec\n",
|
||||
t, nops, alg->name, size, (double)nops*size / t,
|
||||
(double)nops*size / t * 8 / 1024 / 1024);
|
||||
}
|
||||
#ifdef __FreeBSD__
|
||||
if (profile) {
|
||||
struct cryptostats stats;
|
||||
size_t slen = sizeof (stats);
|
||||
|
||||
if (sysctlbyname("debug.crypto_timing", NULL, NULL,
|
||||
&otiming, sizeof (otiming)) < 0)
|
||||
perror("debug.crypto_timing");
|
||||
if (sysctlbyname("kern.crypto_stats", &stats, &slen, NULL, NULL) < 0)
|
||||
perror("kern.cryptostats");
|
||||
if (stats.cs_invoke.count) {
|
||||
printt("dispatch->invoke", &stats.cs_invoke);
|
||||
printt("invoke->done", &stats.cs_done);
|
||||
printt("done->cb", &stats.cs_cb);
|
||||
printt("cb->finis", &stats.cs_finis);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
fflush(stdout);
|
||||
}
|
||||
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
struct alg *alg = NULL;
|
||||
int count = 1;
|
||||
int sizes[128], nsizes = 0;
|
||||
int cmd = CIOCGSESSION;
|
||||
int testall = 0;
|
||||
int maxthreads = 1;
|
||||
int profile = 0;
|
||||
int i, ch;
|
||||
|
||||
while ((ch = getopt(argc, argv, "cpzsva:bt:")) != -1) {
|
||||
switch (ch) {
|
||||
#ifdef CIOCGSSESSION
|
||||
case 's':
|
||||
cmd = CIOCGSSESSION;
|
||||
break;
|
||||
#endif
|
||||
case 'v':
|
||||
verbose++;
|
||||
break;
|
||||
case 'a':
|
||||
alg = getalgbyname(optarg);
|
||||
if (alg == NULL) {
|
||||
if (streq(optarg, "rijndael"))
|
||||
alg = getalgbyname("aes");
|
||||
else
|
||||
usage(argv[0]);
|
||||
}
|
||||
break;
|
||||
case 't':
|
||||
maxthreads = atoi(optarg);
|
||||
break;
|
||||
case 'z':
|
||||
testall = 1;
|
||||
break;
|
||||
case 'p':
|
||||
profile = 1;
|
||||
break;
|
||||
case 'b':
|
||||
opflags |= COP_F_BATCH;
|
||||
break;
|
||||
case 'c':
|
||||
verify = 1;
|
||||
break;
|
||||
default:
|
||||
usage(argv[0]);
|
||||
}
|
||||
}
|
||||
argc -= optind, argv += optind;
|
||||
if (argc > 0)
|
||||
count = atoi(argv[0]);
|
||||
while (argc > 1) {
|
||||
int s = atoi(argv[1]);
|
||||
if (nsizes < N(sizes)) {
|
||||
sizes[nsizes++] = s;
|
||||
} else {
|
||||
printf("Too many sizes, ignoring %u\n", s);
|
||||
}
|
||||
argc--, argv++;
|
||||
}
|
||||
if (nsizes == 0) {
|
||||
if (alg)
|
||||
sizes[nsizes++] = alg->blocksize;
|
||||
else
|
||||
sizes[nsizes++] = 8;
|
||||
if (testall) {
|
||||
while (sizes[nsizes-1] < 8*1024) {
|
||||
sizes[nsizes] = sizes[nsizes-1]<<1;
|
||||
nsizes++;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ((cryptodev_fd = open("/dev/crypto",O_RDWR,0)) < 0)
|
||||
err(1, "/dev/crypto");
|
||||
|
||||
if (testall) {
|
||||
for (i = 0; i < N(algorithms); i++) {
|
||||
int j;
|
||||
alg = &algorithms[i];
|
||||
for (j = 0; j < nsizes; j++)
|
||||
runtests(alg, count, sizes[j], cmd, maxthreads, profile);
|
||||
}
|
||||
} else {
|
||||
if (alg == NULL)
|
||||
alg = getalgbycode(CRYPTO_3DES_CBC);
|
||||
for (i = 0; i < nsizes; i++)
|
||||
runtests(alg, count, sizes[i], cmd, maxthreads, profile);
|
||||
}
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
void
|
||||
hexdump(char *p, int n)
|
||||
{
|
||||
int i;
|
||||
for (i = 0; i < n; i++) {
|
||||
if (i%16 == 0) {
|
||||
if (i != 0) {
|
||||
int j;
|
||||
char *l = p-16;
|
||||
printf(" |");
|
||||
for (j = 0; j < 16; j++,l++)
|
||||
printf("%c", (((*l)&0xff)>0x1f && ((*l)&0xff)<0x7f) ? (*l)&0xff : '.');
|
||||
printf("|");
|
||||
}
|
||||
printf("\n%04x: ", i);
|
||||
}
|
||||
printf(" %02x", (int)(*p++)&0xff);
|
||||
}
|
||||
printf("\n");
|
||||
}
|
Loading…
Reference in New Issue