1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* lib/crypto/crypto_tests/t_kperf.c */
4 * Copyright (C) 2009 by the Massachusetts Institute of Technology.
7 * Export of this software from the United States of America may
8 * require a specific license from the United States Government.
9 * It is the responsibility of any person or organization contemplating
10 * export to obtain such a license before exporting.
12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13 * distribute this software and its documentation for any purpose and
14 * without fee is hereby granted, provided that the above copyright
15 * notice appear in all copies and that both that copyright notice and
16 * this permission notice appear in supporting documentation, and that
17 * the name of M.I.T. not be used in advertising or publicity pertaining
18 * to distribution of the software without specific, written prior
19 * permission. Furthermore if you modify this software you must label
20 * your software as modified software and not distribute it in such a
21 * fashion that it might be confused with the original M.I.T. software.
22 * M.I.T. makes no representations about the suitability of
23 * this software for any purpose. It is provided "as is" without express
24 * or implied warranty.
28 * This file contains a harness to measure the performance improvement
29 * of using the the krb5_k functions (which cache derived keys) over
30 * the equivalent krb5_c functions which do not. Sample usages:
32 * ./t_kperf ce aes128-cts 10 100000
33 * ./t_kperf kv aes256-cts 1024 10000
35 * The first usage encrypts ('e') a hundred thousand ten-byte blobs
36 * with aes128-cts, using the non-caching APIs ('c'). The second
37 * usage verifies ('v') ten thousand checksums over 1K blobs with the
38 * first available keyed checksum type for aes256-cts, using the
39 * caching APIs ('k'). Run commands under "time" to measure how much
40 * time is used by the operations.
46 main(int argc, char **argv)
52 krb5_cksumtype cktype;
53 int blocksize, num_blocks, intf, op, i;
56 krb5_enc_data outblock;
61 fprintf(stderr, "Usage: t_kperf {c|k}{e|d|m|v} type size nblocks\n");
65 assert(intf == 'c' || intf =='k');
67 ret = krb5_string_to_enctype(argv[2], &enctype);
69 blocksize = atoi(argv[3]);
70 num_blocks = atoi(argv[4]);
72 block.data = "notrandom";
74 krb5_c_random_seed(NULL, &block);
76 krb5_c_make_random_key(NULL, enctype, &kblock);
77 krb5_k_create_key(NULL, &kblock, &key);
79 block.length = blocksize;
80 block.data = calloc(1, blocksize);
82 krb5_c_encrypt_length(NULL, enctype, blocksize, &outlen);
83 outblock.enctype = enctype;
84 outblock.ciphertext.length = outlen;
85 outblock.ciphertext.data = calloc(1, outlen);
87 krb5int_c_mandatory_cksumtype(NULL, enctype, &cktype);
88 krb5_c_checksum_length(NULL, cktype, &cklen);
89 sum.checksum_type = cktype;
91 sum.contents = calloc(1, cklen);
94 * Decrypting typically involves copying the output after checking the
95 * hash, so we need to create a valid ciphertext to correctly measure its
99 krb5_c_encrypt(NULL, &kblock, 0, NULL, &block, &outblock);
101 for (i = 0; i < num_blocks; i++) {
104 krb5_c_encrypt(NULL, &kblock, 0, NULL, &block, &outblock);
106 krb5_c_decrypt(NULL, &kblock, 0, NULL, &outblock, &block);
108 krb5_c_make_checksum(NULL, cktype, &kblock, 0, &block, &sum);
110 krb5_c_verify_checksum(NULL, &kblock, 0, &block, &sum, &val);
113 krb5_k_encrypt(NULL, key, 0, NULL, &block, &outblock);
115 krb5_k_decrypt(NULL, key, 0, NULL, &outblock, &block);
117 krb5_k_make_checksum(NULL, cktype, key, 0, &block, &sum);
119 krb5_k_verify_checksum(NULL, key, 0, &block, &sum, &val);