2 * libcryptsetup - cryptsetup library, cipher benchmark
4 * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved.
5 * Copyright (C) 2012-2023 Milan Broz
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 2
10 * of the License, or (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
27 int crypt_benchmark(struct crypt_device *cd,
29 const char *cipher_mode,
30 size_t volume_key_size,
33 double *encryption_mbs,
34 double *decryption_mbs)
37 char *iv = NULL, *key = NULL, mode[MAX_CIPHER_LEN], *c;
40 if (!cipher || !cipher_mode || !volume_key_size || !encryption_mbs || !decryption_mbs)
48 if (posix_memalign(&buffer, crypt_getpagesize(), buffer_size))
50 memset(buffer, 0, buffer_size);
52 r = crypt_cipher_ivsize(cipher, cipher_mode);
53 if (r >= 0 && iv_size != (size_t)r) {
54 log_dbg(cd, "IV length for benchmark adjusted to %i bytes (requested %zu).", r, iv_size);
62 crypt_random_get(cd, iv, iv_size, CRYPT_RND_NORMAL);
65 key = malloc(volume_key_size);
69 crypt_random_get(cd, key, volume_key_size, CRYPT_RND_NORMAL);
71 strncpy(mode, cipher_mode, sizeof(mode)-1);
72 /* Ignore IV generator */
73 if ((c = strchr(mode, '-')))
76 r = crypt_cipher_perf_kernel(cipher, cipher_mode, buffer, buffer_size, key, volume_key_size,
77 iv, iv_size, encryption_mbs, decryption_mbs);
80 log_dbg(cd, "Measured cipher runtime is too low.");
82 log_dbg(cd, "Cannot initialize cipher %s, mode %s, key size %zu, IV size %zu.",
83 cipher, cipher_mode, volume_key_size, iv_size);
92 int crypt_benchmark_pbkdf(struct crypt_device *cd,
93 struct crypt_pbkdf_type *pbkdf,
98 size_t volume_key_size,
99 int (*progress)(uint32_t time_ms, void *usrptr),
105 if (!pbkdf || (!password && password_size))
112 kdf_opt = !strcmp(pbkdf->type, CRYPT_KDF_PBKDF2) ? pbkdf->hash : "";
114 log_dbg(cd, "Running %s(%s) benchmark.", pbkdf->type, kdf_opt);
116 crypt_process_priority(cd, &priority, true);
117 r = crypt_pbkdf_perf(pbkdf->type, pbkdf->hash, password, password_size,
118 salt, salt_size, volume_key_size, pbkdf->time_ms,
119 pbkdf->max_memory_kb, pbkdf->parallel_threads,
120 &pbkdf->iterations, &pbkdf->max_memory_kb, progress, usrptr);
121 crypt_process_priority(cd, &priority, false);
124 log_dbg(cd, "Benchmark returns %s(%s) %u iterations, %u memory, %u threads (for %zu-bits key).",
125 pbkdf->type, kdf_opt, pbkdf->iterations, pbkdf->max_memory_kb,
126 pbkdf->parallel_threads, volume_key_size * 8);
130 struct benchmark_usrptr {
131 struct crypt_device *cd;
132 struct crypt_pbkdf_type *pbkdf;
135 static int benchmark_callback(uint32_t time_ms, void *usrptr)
137 struct benchmark_usrptr *u = usrptr;
139 log_dbg(u->cd, "PBKDF benchmark: memory cost = %u, iterations = %u, "
140 "threads = %u (took %u ms)", u->pbkdf->max_memory_kb,
141 u->pbkdf->iterations, u->pbkdf->parallel_threads, time_ms);
147 * Used in internal places to benchmark crypt_device context PBKDF.
148 * Once requested parameters are benchmarked, iterations attribute is set,
149 * and the benchmarked values can be reused.
150 * Note that memory cost can be changed after benchmark (if used).
151 * NOTE: You need to check that you are benchmarking for the same key size.
153 int crypt_benchmark_pbkdf_internal(struct crypt_device *cd,
154 struct crypt_pbkdf_type *pbkdf,
155 size_t volume_key_size)
157 struct crypt_pbkdf_limits pbkdf_limits;
161 struct benchmark_usrptr u = {
166 r = crypt_pbkdf_get_limits(pbkdf->type, &pbkdf_limits);
170 if (pbkdf->flags & CRYPT_PBKDF_NO_BENCHMARK) {
171 if (pbkdf->iterations) {
172 log_dbg(cd, "Reusing PBKDF values (no benchmark flag is set).");
175 log_err(cd, _("PBKDF benchmark disabled but iterations not set."));
179 /* For PBKDF2 run benchmark always. Also note it depends on volume_key_size! */
180 if (!strcmp(pbkdf->type, CRYPT_KDF_PBKDF2)) {
182 * For PBKDF2 it is enough to run benchmark for only 1 second
183 * and interpolate final iterations value from it.
185 ms_tmp = pbkdf->time_ms;
186 pbkdf->time_ms = 1000;
187 pbkdf->parallel_threads = 0; /* N/A in PBKDF2 */
188 pbkdf->max_memory_kb = 0; /* N/A in PBKDF2 */
190 r = crypt_benchmark_pbkdf(cd, pbkdf, "foobarfo", 8, "01234567890abcdef", 16,
191 volume_key_size, &benchmark_callback, &u);
192 pbkdf->time_ms = ms_tmp;
194 log_err(cd, _("Not compatible PBKDF2 options (using hash algorithm %s)."),
199 PBKDF2_tmp = ((double)pbkdf->iterations * pbkdf->time_ms / 1000.);
200 if (PBKDF2_tmp > (double)UINT32_MAX)
202 pbkdf->iterations = AT_LEAST((uint32_t)PBKDF2_tmp, pbkdf_limits.min_iterations);
204 /* Already benchmarked */
205 if (pbkdf->iterations) {
206 log_dbg(cd, "Reusing PBKDF values.");
210 r = crypt_benchmark_pbkdf(cd, pbkdf, "foobarfo", 8,
211 "0123456789abcdef0123456789abcdef", 32,
212 volume_key_size, &benchmark_callback, &u);
214 log_err(cd, _("Not compatible PBKDF options."));