summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorsam <sam@FreeBSD.org>2003-06-02 23:45:32 +0000
committersam <sam@FreeBSD.org>2003-06-02 23:45:32 +0000
commitb3ca652b31af4c3c53cbeb1ad4131a1b91fe2f92 (patch)
tree64f83b59a15ab20ff489dfcbb73fbbb4cb0d8135
parentf28b98fc3eaba40f6c1bc700960c12c4728f651f (diff)
downloadFreeBSD-src-b3ca652b31af4c3c53cbeb1ad4131a1b91fe2f92.zip
FreeBSD-src-b3ca652b31af4c3c53cbeb1ad4131a1b91fe2f92.tar.gz
Merge from private version:
o add hash operations o make AES operations useful: split into 3 ops based on key length (specify aes for AES w/ 128 bit keys, aes192 for 192-bit keys, and aes256 for 256-bit keys o add -c option to force encrypt->decrypt result to be compared against the original plaintext (need to compare it against a known good implementation like openssl) o change multi-threaded test output to be more meaningingful o fix default block size selection to consider algorithm's blocking needs
-rw-r--r--tools/tools/crypto/cryptotest.c177
1 files changed, 127 insertions, 50 deletions
diff --git a/tools/tools/crypto/cryptotest.c b/tools/tools/crypto/cryptotest.c
index 7f1f951..74ea147 100644
--- a/tools/tools/crypto/cryptotest.c
+++ b/tools/tools/crypto/cryptotest.c
@@ -54,38 +54,53 @@ struct crypt_op cryptop;
char iv[8] = "00000000";
int verbose = 0;
int opflags = 0;
+int verify = 0;
struct alg {
const char* name;
+ int ishash;
int blocksize;
int minkeylen;
int maxkeylen;
int code;
} algorithms[] = {
#ifdef CRYPTO_NULL_CBC
- { "null", 8, 1, 256, CRYPTO_NULL_CBC },
+ { "null", 0, 8, 1, 256, CRYPTO_NULL_CBC },
#endif
- { "des", 8, 8, 8, CRYPTO_DES_CBC },
- { "3des", 8, 24, 24, CRYPTO_3DES_CBC },
- { "blf", 8, 5, 56, CRYPTO_BLF_CBC },
- { "cast", 8, 5, 16, CRYPTO_CAST_CBC },
- { "skj", 8, 10, 10, CRYPTO_SKIPJACK_CBC },
- { "aes", 16, 8, 32, CRYPTO_RIJNDAEL128_CBC },
+ { "des", 0, 8, 8, 8, CRYPTO_DES_CBC },
+ { "3des", 0, 8, 24, 24, CRYPTO_3DES_CBC },
+ { "blf", 0, 8, 5, 56, CRYPTO_BLF_CBC },
+ { "cast", 0, 8, 5, 16, CRYPTO_CAST_CBC },
+ { "skj", 0, 8, 10, 10, CRYPTO_SKIPJACK_CBC },
+ { "aes", 0, 16, 16, 16, CRYPTO_RIJNDAEL128_CBC},
+ { "aes192", 0, 16, 24, 24, CRYPTO_RIJNDAEL128_CBC},
+ { "aes256", 0, 16, 32, 32, CRYPTO_RIJNDAEL128_CBC},
#ifdef notdef
- { "arc4", 8, 1, 32, CRYPTO_ARC4 },
+ { "arc4", 0, 8, 1, 32, CRYPTO_ARC4 },
#endif
+ { "md5", 1, 8, 16, 16, CRYPTO_MD5_HMAC },
+ { "sha1", 1, 8, 20, 20, CRYPTO_SHA1_HMAC },
+ { "sha256", 1, 8, 32, 32, CRYPTO_SHA2_HMAC },
+ { "sha384", 1, 8, 48, 48, CRYPTO_SHA2_HMAC },
+ { "sha512", 1, 8, 64, 64, CRYPTO_SHA2_HMAC },
};
static void
usage(const char* cmd)
{
- printf("usage: %s [-z] [-s] [-v] [-a algorithm] [count] [size ...]\n",
+ printf("usage: %s [-c] [-z] [-s] [-b] [-v] [-a algorithm] [count] [size ...]\n",
cmd);
printf("where algorithm is one of:\n");
printf(" des 3des (default) blowfish cast skipjack\n");
- printf(" rijndael arc4\n");
+ printf(" aes (aka rijndael) aes192 aes256 arc4\n");
printf("count is the number of encrypt/decrypt ops to do\n");
printf("size is the number of bytes of text to encrypt+decrypt\n");
+ printf("\n");
+ printf("-c check the results (slows timing)\n");
+ printf("-z run all available algorithms on a variety of sizes\n");
+ printf("-v be verbose\n");
+ printf("-b mark operations for batching\n");
+ printf("-p profile kernel crypto operation (must be root)\n");
exit(-1);
}
@@ -116,70 +131,122 @@ runtest(struct alg *alg, int count, int size, int cmd, struct timeval *tv)
{
int i;
struct timeval start, stop, dt;
- char *cleartext, *ciphertext;
+ char *cleartext, *ciphertext, *originaltext;
if (ioctl(cryptodev_fd,CRIOGET,&fd) == -1)
err(1, "CRIOGET failed");
- session.mac = 0;
- session.keylen = (alg->minkeylen + alg->maxkeylen)/2;
- session.key = (char *) malloc(session.keylen);
- if (session.key == NULL)
- err(1, "malloc (key)");
- for (i = 0; i < session.keylen; i++)
- session.key[i] = '0' + (i%10);
- session.cipher = alg->code;
+ bzero(&session, sizeof(session));
+ if (!alg->ishash) {
+ session.keylen = (alg->minkeylen + alg->maxkeylen)/2;
+ session.key = (char *) malloc(session.keylen);
+ if (session.key == NULL)
+ err(1, "malloc (key)");
+ for (i = 0; i < session.keylen; i++)
+ session.key[i] = '0' + (i%10);
+ session.cipher = alg->code;
+ } else {
+ session.mackeylen = (alg->minkeylen + alg->maxkeylen)/2;
+ session.mackey = (char *) malloc(session.mackeylen);
+ if (session.mackey == NULL)
+ err(1, "malloc (mac)");
+ for (i = 0; i < session.mackeylen; i++)
+ session.mackey[i] = '0' + (i%10);
+ session.mac = alg->code;
+ }
if (ioctl(fd, cmd, &session) == -1) {
if (cmd == CIOCGSESSION) {
close(fd);
+ if (verbose) {
+ printf("cipher %s", alg->name);
+ if (alg->ishash)
+ printf(" mackeylen %u\n", session.mackeylen);
+ else
+ printf(" keylen %u\n", session.keylen);
+ perror("CIOCGSESSION");
+ }
/* hardware doesn't support algorithm; skip it */
return;
}
- printf("cipher %s keylen %u\n", alg->name, session.keylen);
+ printf("cipher %s keylen %u mackeylen %u\n",
+ alg->name, session.keylen, session.mackeylen);
err(1, "CIOCGSESSION failed");
}
+ if ((originaltext = (char *)malloc(size)) == NULL)
+ err(1, "malloc (originaltext)");
if ((cleartext = (char *)malloc(size)) == NULL)
err(1, "malloc (cleartext)");
if ((ciphertext = (char *)malloc(size)) == NULL)
err(1, "malloc (ciphertext)");
for (i = 0; i < size; i++)
cleartext[i] = 'a' + i%26;
+ memcpy(originaltext, cleartext, size);
if (verbose) {
printf("session = 0x%x\n", session.ses);
printf("count = %d, size = %d\n", count, size);
cryptop.ses = session.ses;
- printf("iv:");
- hexdump(iv, sizeof iv);
+ if (!alg->ishash) {
+ printf("iv:");
+ hexdump(iv, sizeof iv);
+ }
printf("cleartext:");
hexdump(cleartext, MIN(size, CHUNK));
}
gettimeofday(&start, NULL);
- for (i = 0; i < count; i++) {
- cryptop.op = COP_ENCRYPT;
- cryptop.flags = opflags;
- cryptop.len = size;
- cryptop.src = cleartext;
- cryptop.dst = ciphertext;
- cryptop.mac = 0;
- cryptop.iv = iv;
-
- if (ioctl(fd, CIOCCRYPT, &cryptop) == -1)
- err(1, "CIOCCRYPT failed");
-
- memset(cleartext, 'x', MIN(size, CHUNK));
- cryptop.op = COP_DECRYPT;
- cryptop.flags = opflags;
- cryptop.len = size;
- cryptop.src = ciphertext;
- cryptop.dst = cleartext;
- cryptop.mac = 0;
- cryptop.iv = iv;
-
- if (ioctl(fd, CIOCCRYPT, &cryptop) == -1)
- err(1, "CIOCCRYPT failed");
+ if (!alg->ishash) {
+ for (i = 0; i < count; i++) {
+ cryptop.op = COP_ENCRYPT;
+ cryptop.flags = opflags;
+ cryptop.len = size;
+ cryptop.src = cleartext;
+ cryptop.dst = ciphertext;
+ cryptop.mac = 0;
+ cryptop.iv = iv;
+
+ if (ioctl(fd, CIOCCRYPT, &cryptop) == -1)
+ err(1, "CIOCCRYPT failed");
+
+ if (verify && bcmp(ciphertext, cleartext, size) == 0) {
+ printf("cipher text unchanged:");
+ hexdump(ciphertext, size);
+ }
+
+ memset(cleartext, 'x', MIN(size, CHUNK));
+ cryptop.op = COP_DECRYPT;
+ cryptop.flags = opflags;
+ cryptop.len = size;
+ cryptop.src = ciphertext;
+ cryptop.dst = cleartext;
+ cryptop.mac = 0;
+ cryptop.iv = iv;
+
+ if (ioctl(fd, CIOCCRYPT, &cryptop) == -1)
+ err(1, "CIOCCRYPT failed");
+
+ if (verify && bcmp(cleartext, originaltext, size) != 0) {
+ printf("decrypt mismatch:\n");
+ printf("original:");
+ hexdump(originaltext, size);
+ printf("cleartext:");
+ hexdump(cleartext, size);
+ }
+ }
+ } else {
+ for (i = 0; i < count; i++) {
+ cryptop.op = 0;
+ cryptop.flags = opflags;
+ cryptop.len = size;
+ cryptop.src = cleartext;
+ cryptop.dst = 0;
+ cryptop.mac = ciphertext;
+ cryptop.iv = 0;
+
+ if (ioctl(fd, CIOCCRYPT, &cryptop) == -1)
+ err(1, "CIOCCRYPT failed");
+ }
}
gettimeofday(&stop, NULL);
@@ -289,9 +356,12 @@ runtests(struct alg *alg, int count, int size, int cmd, int threads, int profile
for (i = 0; i < threads; i++)
t += (((double)tvp[i].tv_sec * 1000000 + tvp[i].tv_usec) / 1000000);
if (t) {
+ int nops = alg->ishash ? count : 2*count;
+
+ t /= threads;
printf("%6.3lf sec, %7d %6s crypts, %7d bytes, %8.0lf byte/sec, %7.1lf Mb/sec\n",
- t/threads, 2*count*threads, alg->name, size, (double)2*count*size*threads / t,
- (double)2*count*size*threads / t * 8 / 1024 / 1024);
+ t, nops, alg->name, size, (double)nops*size / t,
+ (double)nops*size / t * 8 / 1024 / 1024);
}
#ifdef __FreeBSD__
if (profile) {
@@ -326,7 +396,7 @@ main(int argc, char **argv)
int profile = 0;
int i, ch;
- while ((ch = getopt(argc, argv, "pzsva:bt:")) != -1) {
+ while ((ch = getopt(argc, argv, "cpzsva:bt:")) != -1) {
switch (ch) {
#ifdef CIOCGSSESSION
case 's':
@@ -357,6 +427,9 @@ main(int argc, char **argv)
case 'b':
opflags |= COP_F_BATCH;
break;
+ case 'c':
+ verify = 1;
+ break;
default:
usage(argv[0]);
}
@@ -374,7 +447,10 @@ main(int argc, char **argv)
argc--, argv++;
}
if (nsizes == 0) {
- sizes[nsizes++] = 8;
+ if (alg)
+ sizes[nsizes++] = alg->blocksize;
+ else
+ sizes[nsizes++] = 8;
if (testall) {
while (sizes[nsizes-1] < 8*1024) {
sizes[nsizes] = sizes[nsizes-1]<<1;
@@ -403,7 +479,8 @@ main(int argc, char **argv)
return (0);
}
-void hexdump(char *p, int n)
+void
+hexdump(char *p, int n)
{
int i;
for (i = 0; i < n; i++) {
OpenPOWER on IntegriCloud