nettle-benchmark.c 17.8 KB
Newer Older
1 2 3 4 5 6 7 8
/* nettle-benchmark.c
 *
 * Tries the performance of the various algorithms.
 *
 */
 
/* nettle, low-level cryptographics library
 *
Niels Möller's avatar
Niels Möller committed
9
 * Copyright (C) 2001, 2010, 2014 Niels Möller
10 11 12 13 14 15 16 17 18 19 20 21 22
 *  
 * The nettle library is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation; either version 2.1 of the License, or (at your
 * option) any later version.
 * 
 * The nettle library is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
 * License for more details.
 * 
 * You should have received a copy of the GNU Lesser General Public License
 * along with the nettle library; see the file COPYING.LIB.  If not, write to
23 24
 * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 * MA 02111-1301, USA.
25 26
 */

27 28
#if HAVE_CONFIG_H
# include "config.h"
29 30 31 32
#endif

#include <assert.h>
#include <errno.h>
33
#include <math.h>
Niels Möller's avatar
Niels Möller committed
34
#include <stdarg.h>
35 36 37 38 39
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include <time.h>
40

41 42
#include "timing.h"

43
#include "aes.h"
Niels Möller's avatar
Niels Möller committed
44 45 46
#include "arcfour.h"
#include "blowfish.h"
#include "cast128.h"
Niels Möller's avatar
Niels Möller committed
47
#include "cbc.h"
Niels Möller's avatar
Niels Möller committed
48
#include "ctr.h"
Niels Möller's avatar
Niels Möller committed
49
#include "des.h"
50
#include "eax.h"
Niels Möller's avatar
Niels Möller committed
51
#include "gcm.h"
52
#include "memxor.h"
53
#include "salsa20.h"
Niels Möller's avatar
Niels Möller committed
54
#include "serpent.h"
55 56
#include "sha1.h"
#include "sha2.h"
Niels Möller's avatar
Niels Möller committed
57
#include "sha3.h"
Niels Möller's avatar
Niels Möller committed
58
#include "twofish.h"
Niels Möller's avatar
Niels Möller committed
59
#include "umac.h"
60
#include "poly1305.h"
Niels Möller's avatar
Niels Möller committed
61

62 63 64
#include "nettle-meta.h"
#include "nettle-internal.h"

Niels Möller's avatar
Niels Möller committed
65
#include "getopt.h"
66

67
static double frequency = 0.0;
Niels Möller's avatar
Niels Möller committed
68

69
/* Process BENCH_BLOCK bytes at a time, for BENCH_INTERVAL seconds. */
70
#define BENCH_BLOCK 10240
71
#define BENCH_INTERVAL 0.1
Niels Möller's avatar
Niels Möller committed
72

73 74
/* FIXME: Proper configure test for rdtsc? */
#ifndef WITH_CYCLE_COUNTER
75
# if defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__))
76 77 78 79 80 81 82
#  define WITH_CYCLE_COUNTER 1
# else
#  define WITH_CYCLE_COUNTER 0
# endif
#endif

#if WITH_CYCLE_COUNTER
83
# if defined(__i386__)
84 85 86 87 88 89 90 91 92
#define GET_CYCLE_COUNTER(hi, lo)		\
  __asm__("xorl %%eax,%%eax\n"			\
	  "movl %%ebx, %%edi\n"			\
	  "cpuid\n"				\
	  "rdtsc\n"				\
	  "movl %%edi, %%ebx\n"			\
	  : "=a" (lo), "=d" (hi)		\
	  : /* No inputs. */			\
	  : "%edi", "%ecx", "cc")
93 94 95 96 97 98 99 100 101 102 103
# elif defined(__x86_64__)
#define GET_CYCLE_COUNTER(hi, lo)		\
  __asm__("xorl %%eax,%%eax\n"			\
	  "mov %%rbx, %%r10\n"			\
	  "cpuid\n"				\
	  "rdtsc\n"				\
	  "mov %%r10, %%rbx\n"			\
	  : "=a" (lo), "=d" (hi)		\
	  : /* No inputs. */			\
	  : "%r10", "%rcx", "cc")
# endif
104 105 106
#define BENCH_ITERATIONS 10
#endif

107
static void NORETURN PRINTF_STYLE(1,2)
Niels Möller's avatar
Niels Möller committed
108 109 110 111 112 113 114 115 116 117
die(const char *format, ...)
{
  va_list args;
  va_start(args, format);
  vfprintf(stderr, format, args);
  va_end(args);

  exit(EXIT_FAILURE);
}

118 119
static double overhead = 0.0; 

120
/* Returns second per function call */
121 122 123
static double
time_function(void (*f)(void *arg), void *arg)
{
124
  unsigned ncalls;
125 126
  double elapsed;

127
  for (ncalls = 10 ;;)
128
    {
129
      unsigned i;
130 131

      time_start();
132 133
      for (i = 0; i < ncalls; i++)
	f(arg);
134
      elapsed = time_end();
135 136 137 138 139 140
      if (elapsed > BENCH_INTERVAL)
	break;
      else if (elapsed < BENCH_INTERVAL / 10)
	ncalls *= 10;
      else
	ncalls *= 2;
141
    }
142 143 144 145 146 147 148
  return elapsed / ncalls - overhead;
}

static void
bench_nothing(void *arg UNUSED)
{
  return;
149 150
}

151 152 153 154
struct bench_memxor_info
{
  uint8_t *dst;
  const uint8_t *src;
155
  const uint8_t *other;  
156 157 158 159 160 161 162 163 164
};

static void
bench_memxor(void *arg)
{
  struct bench_memxor_info *info = arg;
  memxor (info->dst, info->src, BENCH_BLOCK);
}

165 166 167 168 169 170 171
static void
bench_memxor3(void *arg)
{
  struct bench_memxor_info *info = arg;
  memxor3 (info->dst, info->src, info->other, BENCH_BLOCK);
}

172 173 174
struct bench_hash_info
{
  void *ctx;
175
  nettle_hash_update_func *update;
176 177 178 179 180 181 182 183 184 185
  const uint8_t *data;
};

static void
bench_hash(void *arg)
{
  struct bench_hash_info *info = arg;
  info->update(info->ctx, BENCH_BLOCK, info->data);
}

186 187 188
struct bench_cipher_info
{
  void *ctx;
189
  nettle_cipher_func *crypt;
190 191 192 193 194 195 196
  uint8_t *data;
};

static void
bench_cipher(void *arg)
{
  struct bench_cipher_info *info = arg;
197
  info->crypt(info->ctx, BENCH_BLOCK, info->data, info->data);
198 199 200 201 202
}

struct bench_cbc_info
{
  void *ctx;
203
  nettle_cipher_func *crypt;
204
 
205
  uint8_t *data;
206
  
207 208 209 210 211 212 213 214
  unsigned block_size;
  uint8_t *iv;
};

static void
bench_cbc_encrypt(void *arg)
{
  struct bench_cbc_info *info = arg;
215 216 217
  cbc_encrypt(info->ctx, info->crypt,
	      info->block_size, info->iv,
	      BENCH_BLOCK, info->data, info->data);
218 219 220 221 222 223
}

static void
bench_cbc_decrypt(void *arg)
{
  struct bench_cbc_info *info = arg;
224 225 226
  cbc_decrypt(info->ctx, info->crypt,
	      info->block_size, info->iv,
	      BENCH_BLOCK, info->data, info->data);
227 228
}

Niels Möller's avatar
Niels Möller committed
229 230 231 232 233 234 235 236 237
static void
bench_ctr(void *arg)
{
  struct bench_cbc_info *info = arg;
  ctr_crypt(info->ctx, info->crypt,
	    info->block_size, info->iv,
	    BENCH_BLOCK, info->data, info->data);
}

238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259
struct bench_aead_info
{
  void *ctx;
  nettle_crypt_func *crypt;
  nettle_hash_update_func *update;
  uint8_t *data;
};

static void
bench_aead_crypt(void *arg)
{
  const struct bench_aead_info *info = arg;
  info->crypt (info->ctx, BENCH_BLOCK, info->data, info->data);
}

static void
bench_aead_update(void *arg)
{
  const struct bench_aead_info *info = arg;
  info->update (info->ctx, BENCH_BLOCK, info->data);
}

260 261 262 263 264
/* Set data[i] = floor(sqrt(i)) */
static void
init_data(uint8_t *data)
{
  unsigned i,j;
Niels Möller's avatar
Niels Möller committed
265
  for (i = j = 0; i<BENCH_BLOCK;  i++)
266 267 268 269 270 271 272 273
    {
      if (j*j < i)
	j++;
      data[i] = j;
    }
}

static void
Niels Möller's avatar
Niels Möller committed
274 275
init_key(unsigned length,
         uint8_t *key)
276
{
Niels Möller's avatar
Niels Möller committed
277 278 279
  unsigned i;
  for (i = 0; i<length; i++)
    key[i] = i;
280 281
}

282 283 284 285 286 287 288 289 290
static void
init_nonce(unsigned length,
	   uint8_t *nonce)
{
  unsigned i;
  for (i = 0; i<length; i++)
    nonce[i] = 3*i;
}

291 292 293 294 295
static void
header(void)
{
  printf("%18s %11s Mbyte/s%s\n",
	 "Algorithm", "mode", 
Niels Möller's avatar
Niels Möller committed
296
	 frequency > 0.0 ? " cycles/byte cycles/block" : "");  
297 298
}

Niels Möller's avatar
Niels Möller committed
299
static void
Niels Möller's avatar
Niels Möller committed
300
display(const char *name, const char *mode, unsigned block_size,
301
	double time)
Niels Möller's avatar
Niels Möller committed
302
{
303
  printf("%18s %11s %7.2f",
Niels Möller's avatar
Niels Möller committed
304
	 name, mode,
305
	 BENCH_BLOCK / (time * 1048576.0));
306
  if (frequency > 0.0)
Niels Möller's avatar
Niels Möller committed
307
    {
308
      printf(" %11.2f", time * frequency / BENCH_BLOCK);
Niels Möller's avatar
Niels Möller committed
309
      if (block_size > 0)
310
	printf(" %12.2f", time * frequency * block_size / BENCH_BLOCK);
Niels Möller's avatar
Niels Möller committed
311
    }
312
  printf("\n");
Niels Möller's avatar
Niels Möller committed
313 314
}

315 316 317 318 319
static void *
xalloc(size_t size)
{
  void *p = malloc(size);
  if (!p)
320
    die("Virtual memory exhausted.\n");
321 322 323 324

  return p;
}

325 326 327 328 329 330 331 332 333 334 335 336
static void
time_overhead(void)
{
  overhead = time_function(bench_nothing, NULL);
  printf("benchmark call overhead: %7f us", overhead * 1e6);
  if (frequency > 0.0)
    printf("%7.2f cycles\n", overhead * frequency);
  printf("\n");  
}



337 338 339 340
static void
time_memxor(void)
{
  struct bench_memxor_info info;
341
  uint8_t src[BENCH_BLOCK + sizeof(long)];
342
  uint8_t other[BENCH_BLOCK + sizeof(long)];
343
  uint8_t dst[BENCH_BLOCK];
344 345 346 347

  info.src = src;
  info.dst = dst;

348 349
  display ("memxor", "aligned", sizeof(unsigned long),
	   time_function(bench_memxor, &info));
350
  info.src = src + 1;
351
  display ("memxor", "unaligned", sizeof(unsigned long),
352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367
	   time_function(bench_memxor, &info));

  info.src = src;
  info.other = other;
  display ("memxor3", "aligned", sizeof(unsigned long),
	   time_function(bench_memxor3, &info));

  info.other = other + 1;
  display ("memxor3", "unaligned01", sizeof(unsigned long),
	   time_function(bench_memxor3, &info));
  info.src = src + 1;
  display ("memxor3", "unaligned11", sizeof(unsigned long),
	   time_function(bench_memxor3, &info));
  info.other = other + 2;
  display ("memxor3", "unaligned12", sizeof(unsigned long),
	   time_function(bench_memxor3, &info));  
368 369
}

370 371 372 373 374
static void
time_hash(const struct nettle_hash *hash)
{
  static uint8_t data[BENCH_BLOCK];
  struct bench_hash_info info;
375

376
  info.ctx = xalloc(hash->context_size); 
377 378 379 380 381 382
  info.update = hash->update;
  info.data = data;

  init_data(data);
  hash->init(info.ctx);

Niels Möller's avatar
Niels Möller committed
383
  display(hash->name, "update", hash->block_size,
384
	  time_function(bench_hash, &info));
385 386

  free(info.ctx);
387 388
}

Niels Möller's avatar
Niels Möller committed
389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405
static void
time_umac(void)
{
  static uint8_t data[BENCH_BLOCK];
  struct bench_hash_info info;
  struct umac32_ctx ctx32;
  struct umac64_ctx ctx64;
  struct umac96_ctx ctx96;
  struct umac128_ctx ctx128;
  
  uint8_t key[16];

  umac32_set_key (&ctx32, key);
  info.ctx = &ctx32;
  info.update = (nettle_hash_update_func *) umac32_update;
  info.data = data;

406
  display("umac32", "update", UMAC_DATA_SIZE,
Niels Möller's avatar
Niels Möller committed
407 408 409 410 411 412 413
	  time_function(bench_hash, &info));

  umac64_set_key (&ctx64, key);
  info.ctx = &ctx64;
  info.update = (nettle_hash_update_func *) umac64_update;
  info.data = data;

414
  display("umac64", "update", UMAC_DATA_SIZE,
Niels Möller's avatar
Niels Möller committed
415 416 417 418 419 420 421
	  time_function(bench_hash, &info));

  umac96_set_key (&ctx96, key);
  info.ctx = &ctx96;
  info.update = (nettle_hash_update_func *) umac96_update;
  info.data = data;

422
  display("umac96", "update", UMAC_DATA_SIZE,
Niels Möller's avatar
Niels Möller committed
423 424 425 426 427 428 429
	  time_function(bench_hash, &info));

  umac128_set_key (&ctx128, key);
  info.ctx = &ctx128;
  info.update = (nettle_hash_update_func *) umac128_update;
  info.data = data;

430
  display("umac128", "update", UMAC_DATA_SIZE,
Niels Möller's avatar
Niels Möller committed
431 432 433
	  time_function(bench_hash, &info));
}

434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450
static void
time_poly1305_aes(void)
{
  static uint8_t data[BENCH_BLOCK];
  struct bench_hash_info info;
  struct poly1305_aes_ctx ctx;
  uint8_t key[32];

  poly1305_aes_set_key (&ctx, key);
  info.ctx = &ctx;
  info.update = (nettle_hash_update_func *) poly1305_aes_update;
  info.data = data;

  display("poly1305-aes", "update", 1024,
	  time_function(bench_hash, &info));
}

451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467
static int
prefix_p(const char *prefix, const char *s)
{
  size_t i;
  for (i = 0; prefix[i]; i++)
    if (prefix[i] != s[i])
      return 0;
  return 1;
}

static int
block_cipher_p(const struct nettle_cipher *cipher)
{
  /* Don't use nettle cbc and ctr for openssl ciphers. */
  return cipher->block_size > 0 && !prefix_p("openssl", cipher->name);
}

Niels Möller's avatar
Niels Möller committed
468
static void
469
time_cipher(const struct nettle_cipher *cipher)
Niels Möller's avatar
Niels Möller committed
470
{
471 472
  void *ctx = xalloc(cipher->context_size);
  uint8_t *key = xalloc(cipher->key_size);
Niels Möller's avatar
Niels Möller committed
473

474
  static uint8_t data[BENCH_BLOCK];
Niels Möller's avatar
Niels Möller committed
475 476 477 478

  printf("\n");
  
  init_data(data);
479 480

  {
Niels Möller's avatar
Niels Möller committed
481 482 483 484 485
    /* Decent initializers are a GNU extension, so don't use it here. */
    struct bench_cipher_info info;
    info.ctx = ctx;
    info.crypt = cipher->encrypt;
    info.data = data;
486
    
Niels Möller's avatar
Niels Möller committed
487
    init_key(cipher->key_size, key);
488
    cipher->set_encrypt_key(ctx, key);
Niels Möller's avatar
Niels Möller committed
489

Niels Möller's avatar
Niels Möller committed
490
    display(cipher->name, "ECB encrypt", cipher->block_size,
Niels Möller's avatar
Niels Möller committed
491
	    time_function(bench_cipher, &info));
492
  }
Niels Möller's avatar
Niels Möller committed
493
  
494
  {
Niels Möller's avatar
Niels Möller committed
495 496 497 498
    struct bench_cipher_info info;
    info.ctx = ctx;
    info.crypt = cipher->decrypt;
    info.data = data;
499
    
Niels Möller's avatar
Niels Möller committed
500
    init_key(cipher->key_size, key);
501
    cipher->set_decrypt_key(ctx, key);
Niels Möller's avatar
Niels Möller committed
502

Niels Möller's avatar
Niels Möller committed
503
    display(cipher->name, "ECB decrypt", cipher->block_size,
Niels Möller's avatar
Niels Möller committed
504
	    time_function(bench_cipher, &info));
505 506
  }

507
  if (block_cipher_p(cipher))
Niels Möller's avatar
Niels Möller committed
508
    {
509
      uint8_t *iv = xalloc(cipher->block_size);
Niels Möller's avatar
Niels Möller committed
510 511 512
      
      /* Do CBC mode */
      {
Niels Möller's avatar
Niels Möller committed
513 514 515 516 517 518
        struct bench_cbc_info info;
	info.ctx = ctx;
	info.crypt = cipher->encrypt;
	info.data = data;
	info.block_size = cipher->block_size;
	info.iv = iv;
519
    
520
        memset(iv, 0, sizeof(cipher->block_size));
521
    
522
        cipher->set_encrypt_key(ctx, key);
523

Niels Möller's avatar
Niels Möller committed
524
	display(cipher->name, "CBC encrypt", cipher->block_size,
Niels Möller's avatar
Niels Möller committed
525
		time_function(bench_cbc_encrypt, &info));
Niels Möller's avatar
Niels Möller committed
526
      }
527

Niels Möller's avatar
Niels Möller committed
528
      {
Niels Möller's avatar
Niels Möller committed
529 530 531 532 533 534
        struct bench_cbc_info info;
	info.ctx = ctx;
	info.crypt = cipher->decrypt;
	info.data = data;
	info.block_size = cipher->block_size;
	info.iv = iv;
535
    
536
        memset(iv, 0, sizeof(cipher->block_size));
537

538
        cipher->set_decrypt_key(ctx, key);
539

Niels Möller's avatar
Niels Möller committed
540
	display(cipher->name, "CBC decrypt", cipher->block_size,
Niels Möller's avatar
Niels Möller committed
541
		time_function(bench_cbc_decrypt, &info));
Niels Möller's avatar
Niels Möller committed
542
      }
Niels Möller's avatar
Niels Möller committed
543 544 545 546 547 548 549 550 551 552

      /* Do CTR mode */
      {
        struct bench_cbc_info info;
	info.ctx = ctx;
	info.crypt = cipher->encrypt;
	info.data = data;
	info.block_size = cipher->block_size;
	info.iv = iv;
    
553
        memset(iv, 0, sizeof(cipher->block_size));
Niels Möller's avatar
Niels Möller committed
554
    
555
        cipher->set_encrypt_key(ctx, key);
Niels Möller's avatar
Niels Möller committed
556 557 558 559 560

	display(cipher->name, "CTR", cipher->block_size,
		time_function(bench_ctr, &info));	
      }
      
561
      free(iv);
Niels Möller's avatar
Niels Möller committed
562
    }
563 564
  free(ctx);
  free(key);
Niels Möller's avatar
Niels Möller committed
565 566
}

567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631
static void
time_aead(const struct nettle_aead *aead)
{
  void *ctx = xalloc(aead->context_size);
  uint8_t *key = xalloc(aead->key_size);
  uint8_t *nonce = xalloc(aead->nonce_size);
  static uint8_t data[BENCH_BLOCK];

  printf("\n");
  
  init_data(data);
  if (aead->set_nonce)
    init_nonce (aead->nonce_size, nonce);

  {
    /* Decent initializers are a GNU extension, so don't use it here. */
    struct bench_aead_info info;
    info.ctx = ctx;
    info.crypt = aead->encrypt;
    info.data = data;
    
    init_key(aead->key_size, key);
    aead->set_encrypt_key(ctx, key);
    if (aead->set_nonce)
      aead->set_nonce (ctx, nonce);

    display(aead->name, "encrypt", aead->block_size,
	    time_function(bench_aead_crypt, &info));
  }
  
  {
    struct bench_aead_info info;
    info.ctx = ctx;
    info.crypt = aead->decrypt;
    info.data = data;
    
    init_key(aead->key_size, key);
    aead->set_decrypt_key(ctx, key);
    if (aead->set_nonce)
      aead->set_nonce (ctx, nonce);

    display(aead->name, "decrypt", aead->block_size,
	    time_function(bench_aead_crypt, &info));
  }

  if (aead->update)
    {
      struct bench_aead_info info;
      info.ctx = ctx;
      info.update = aead->update;
      info.data = data;

      aead->set_encrypt_key(ctx, key);

      if (aead->set_nonce)
	aead->set_nonce (ctx, nonce);
    
      display(aead->name, "update", aead->block_size,
	      time_function(bench_aead_update, &info));
    }
  free(ctx);
  free(key);
  free(nonce);
}

Niels Möller's avatar
Niels Möller committed
632 633
/* Try to get accurate cycle times for assembler functions. */
#if WITH_CYCLE_COUNTER
634 635 636 637 638 639 640 641 642 643 644 645 646
static int
compare_double(const void *ap, const void *bp)
{
  double a = *(const double *) ap;
  double b = *(const double *) bp;
  if (a < b)
    return -1;
  else if (a > b)
    return 1;
  else
    return 0;
}

Niels Möller's avatar
Niels Möller committed
647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668
#define TIME_CYCLES(t, code) do {				\
  double tc_count[5];						\
  uint32_t tc_start_lo, tc_start_hi, tc_end_lo, tc_end_hi;	\
  unsigned tc_i, tc_j;						\
  for (tc_j = 0; tc_j < 5; tc_j++)				\
    {								\
      tc_i = 0;							\
      GET_CYCLE_COUNTER(tc_start_hi, tc_start_lo);		\
      for (; tc_i < BENCH_ITERATIONS; tc_i++)			\
	{ code; }						\
								\
      GET_CYCLE_COUNTER(tc_end_hi, tc_end_lo);			\
								\
      tc_end_hi -= (tc_start_hi + (tc_start_lo > tc_end_lo));	\
      tc_end_lo -= tc_start_lo;					\
								\
      tc_count[tc_j] = ldexp(tc_end_hi, 32) + tc_end_lo;	\
    }								\
  qsort(tc_count, 5, sizeof(double), compare_double);		\
  (t) = tc_count[2] / BENCH_ITERATIONS;				\
} while (0)

669 670 671 672
static void
bench_sha1_compress(void)
{
  uint32_t state[_SHA1_DIGEST_LENGTH];
Niels Möller's avatar
Niels Möller committed
673 674
  uint8_t data[SHA1_DATA_SIZE];
  double t;
675

Niels Möller's avatar
Niels Möller committed
676
  TIME_CYCLES (t, _nettle_sha1_compress(state, data));
677

Niels Möller's avatar
Niels Möller committed
678
  printf("sha1_compress: %.2f cycles\n", t);  
679 680
}

681 682 683 684
static void
bench_salsa20_core(void)
{
  uint32_t state[_SALSA20_INPUT_LENGTH];
Niels Möller's avatar
Niels Möller committed
685
  double t;
686

Niels Möller's avatar
Niels Möller committed
687 688 689
  TIME_CYCLES (t, _nettle_salsa20_core(state, state, 20));
  printf("salsa20_core: %.2f cycles\n", t);  
}
690

Niels Möller's avatar
Niels Möller committed
691 692 693 694 695
static void
bench_sha3_permute(void)
{
  struct sha3_state state;
  double t;
696

Niels Möller's avatar
Niels Möller committed
697 698
  TIME_CYCLES (t, sha3_permute (&state));
  printf("sha3_permute: %.2f cycles (%.2f / round)\n", t, t / 24.0);
699 700 701 702
}
#else
#define bench_sha1_compress()
#define bench_salsa20_core()
Niels Möller's avatar
Niels Möller committed
703
#define bench_sha3_permute()
704 705
#endif

Niels Möller's avatar
Niels Möller committed
706
#if WITH_OPENSSL
707 708 709 710
# define OPENSSL(x) x,
#else
# define OPENSSL(x)
#endif
Niels Möller's avatar
Niels Möller committed
711 712

int
713
main(int argc, char **argv)
Niels Möller's avatar
Niels Möller committed
714 715
{
  unsigned i;
716
  int c;
717
  const char *alg;
718 719 720 721

  const struct nettle_hash *hashes[] =
    {
      &nettle_md2, &nettle_md4, &nettle_md5,
722
      OPENSSL(&nettle_openssl_md5)
723
      &nettle_sha1, OPENSSL(&nettle_openssl_sha1)
Niels Möller's avatar
Niels Möller committed
724 725
      &nettle_sha224, &nettle_sha256,
      &nettle_sha384, &nettle_sha512,
726 727
      &nettle_sha3_224, &nettle_sha3_256,
      &nettle_sha3_384, &nettle_sha3_512,
728
      &nettle_ripemd160, &nettle_gosthash94,
729 730 731
      NULL
    };

732
  const struct nettle_cipher *ciphers[] =
Niels Möller's avatar
Niels Möller committed
733
    {
734
      &nettle_aes128, &nettle_aes192, &nettle_aes256,
Niels Möller's avatar
Niels Möller committed
735 736 737 738
      OPENSSL(&nettle_openssl_aes128)
      OPENSSL(&nettle_openssl_aes192)
      OPENSSL(&nettle_openssl_aes256)
      &nettle_blowfish128, OPENSSL(&nettle_openssl_blowfish128)
Niels Möller's avatar
Niels Möller committed
739
      &nettle_camellia128, &nettle_camellia192, &nettle_camellia256,
740 741 742
      &nettle_cast128, OPENSSL(&nettle_openssl_cast128)
      &nettle_des, OPENSSL(&nettle_openssl_des)
      &nettle_des3,
743 744
      &nettle_serpent256,
      &nettle_twofish128, &nettle_twofish192, &nettle_twofish256,
745 746 747 748 749
      NULL
    };

  const struct nettle_aead *aeads[] =
    {
750 751 752 753
      /* Stream ciphers */
      &nettle_arcfour128, OPENSSL(&nettle_openssl_arcfour128)
      &nettle_salsa20, &nettle_salsa20r12, &nettle_chacha,
      /* Proper AEAD algorithme. */
754 755 756 757 758 759 760
      &nettle_gcm_aes128,
      &nettle_gcm_aes192,
      &nettle_gcm_aes256,
      &nettle_gcm_camellia128,
      &nettle_gcm_camellia256,
      &nettle_eax_aes128,
      &nettle_chacha_poly1305,
761
      NULL
Niels Möller's avatar
Niels Möller committed
762
    };
763

764 765 766 767 768 769 770 771 772 773
  enum { OPT_HELP = 300 };
  static const struct option options[] =
    {
      /* Name, args, flag, val */
      { "help", no_argument, NULL, OPT_HELP },
      { "clock-frequency", required_argument, NULL, 'f' },
      { NULL, 0, NULL, 0 }
    };
  
  while ( (c = getopt_long(argc, argv, "f:", options, NULL)) != -1)
774 775 776 777 778 779 780
    switch (c)
      {
      case 'f':
	frequency = atof(optarg);
	if (frequency > 0.0)
	  break;

781 782 783 784 785
      case OPT_HELP:
	printf("Usage: nettle-benchmark [-f clock frequency] [alg]\n");
	return EXIT_SUCCESS;

      case '?':
786 787 788 789 790 791
	return EXIT_FAILURE;

      default:
	abort();
    }

792
  alg = argv[optind];
793

794
  time_init();
795
  bench_sha1_compress();
796
  bench_salsa20_core();
Niels Möller's avatar
Niels Möller committed
797 798
  bench_sha3_permute();
  printf("\n");
799 800
  time_overhead();

801 802
  header();

803 804 805 806 807
  if (!alg || strstr ("memxor", alg))
    {
      time_memxor();
      printf("\n");
    }
808
  
809
  for (i = 0; hashes[i]; i++)
810 811
    if (!alg || strstr(hashes[i]->name, alg))
      time_hash(hashes[i]);
Niels Möller's avatar
Niels Möller committed
812

Niels Möller's avatar
Niels Möller committed
813 814 815
  if (!alg || strstr ("umac", alg))
    time_umac();

816 817 818
  if (!alg || strstr ("poly1305-aes", alg))
    time_poly1305_aes();

819
  for (i = 0; ciphers[i]; i++)
820 821 822
    if (!alg || strstr(ciphers[i]->name, alg))
      time_cipher(ciphers[i]);

823 824 825
  for (i = 0; aeads[i]; i++)
    if (!alg || strstr(aeads[i]->name, alg))
      time_aead(aeads[i]);
Niels Möller's avatar
Niels Möller committed
826

827 828
  return 0;
}