nettle-benchmark.c 13.7 KB
Newer Older
1 2 3 4 5 6 7 8
/* nettle-benchmark.c
 *
 * Tries the performance of the various algorithms.
 *
 */
 
/* nettle, low-level cryptographics library
 *
Niels Möller's avatar
Niels Möller committed
9
 * Copyright (C) 2001, 2010 Niels Mller
10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
 *  
 * The nettle library is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation; either version 2.1 of the License, or (at your
 * option) any later version.
 * 
 * The nettle library is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
 * License for more details.
 * 
 * You should have received a copy of the GNU Lesser General Public License
 * along with the nettle library; see the file COPYING.LIB.  If not, write to
 * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
 * MA 02111-1307, USA.
 */

27 28
#if HAVE_CONFIG_H
# include "config.h"
29 30 31 32
#endif

#include <assert.h>
#include <errno.h>
33
#include <math.h>
Niels Möller's avatar
Niels Möller committed
34
#include <stdarg.h>
35 36 37 38 39
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include <time.h>
40

41
#include "aes.h"
Niels Möller's avatar
Niels Möller committed
42 43 44
#include "arcfour.h"
#include "blowfish.h"
#include "cast128.h"
Niels Möller's avatar
Niels Möller committed
45
#include "cbc.h"
Niels Möller's avatar
Niels Möller committed
46
#include "des.h"
Niels Möller's avatar
Niels Möller committed
47
#include "gcm.h"
48
#include "memxor.h"
Niels Möller's avatar
Niels Möller committed
49
#include "serpent.h"
50
#include "sha.h"
Niels Möller's avatar
Niels Möller committed
51 52
#include "twofish.h"

53 54 55
#include "nettle-meta.h"
#include "nettle-internal.h"

Niels Möller's avatar
Niels Möller committed
56
#include "getopt.h"
57

58
static double frequency = 0.0;
Niels Möller's avatar
Niels Möller committed
59

60
/* Process BENCH_BLOCK bytes at a time, for BENCH_INTERVAL seconds. */
61
#define BENCH_BLOCK 10240
62
#define BENCH_INTERVAL 0.1
Niels Möller's avatar
Niels Möller committed
63

64 65
/* FIXME: Proper configure test for rdtsc? */
#ifndef WITH_CYCLE_COUNTER
66
# if defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__))
67 68 69 70 71 72 73
#  define WITH_CYCLE_COUNTER 1
# else
#  define WITH_CYCLE_COUNTER 0
# endif
#endif

#if WITH_CYCLE_COUNTER
74
# if defined(__i386__)
75 76 77 78 79 80 81 82 83
#define GET_CYCLE_COUNTER(hi, lo)		\
  __asm__("xorl %%eax,%%eax\n"			\
	  "movl %%ebx, %%edi\n"			\
	  "cpuid\n"				\
	  "rdtsc\n"				\
	  "movl %%edi, %%ebx\n"			\
	  : "=a" (lo), "=d" (hi)		\
	  : /* No inputs. */			\
	  : "%edi", "%ecx", "cc")
84 85 86 87 88 89 90 91 92 93 94
# elif defined(__x86_64__)
#define GET_CYCLE_COUNTER(hi, lo)		\
  __asm__("xorl %%eax,%%eax\n"			\
	  "mov %%rbx, %%r10\n"			\
	  "cpuid\n"				\
	  "rdtsc\n"				\
	  "mov %%r10, %%rbx\n"			\
	  : "=a" (lo), "=d" (hi)		\
	  : /* No inputs. */			\
	  : "%r10", "%rcx", "cc")
# endif
95 96 97
#define BENCH_ITERATIONS 10
#endif

Niels Möller's avatar
Niels Möller committed
98 99 100 101 102 103 104 105 106 107 108
static void
die(const char *format, ...)
{
  va_list args;
  va_start(args, format);
  vfprintf(stderr, format, args);
  va_end(args);

  exit(EXIT_FAILURE);
}

109 110
static double overhead = 0.0; 

111
#if HAVE_CLOCK_GETTIME && defined CLOCK_PROCESS_CPUTIME_ID
112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142
#define TRY_CLOCK_GETTIME 1
struct timespec cgt_start;

static int
cgt_works_p(void)
{
  struct timespec now;
  return clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &now) == 0;
}

static void
cgt_time_start(void)
{
  if (clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &cgt_start) < 0)
    die("clock_gettime failed: %s\n", strerror(errno));
}

static double
cgt_time_end(void)
{
    struct timespec end;
    if (clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &end) < 0)
      die("clock_gettime failed: %s\n", strerror(errno));

    return end.tv_sec - cgt_start.tv_sec
      + 1e-9 * (end.tv_nsec - cgt_start.tv_nsec);
}

static void (*time_start)(void);
static double (*time_end)(void);

143
#else /* !HAVE_CLOCK_GETTIME */
144 145 146
#define TRY_CLOCK_GETTIME 0
#define time_start clock_time_start
#define time_end clock_time_end
147 148
#endif /* !HAVE_CLOCK_GETTIME */

149 150 151 152 153 154 155 156 157 158 159 160 161 162
static clock_t clock_start;

static void
clock_time_start(void)
{
  clock_start = clock();
}

static double
clock_time_end(void)
{
  return (double) (clock() - (clock_start)) / CLOCKS_PER_SEC;
}

163
/* Returns second per function call */
164 165 166
static double
time_function(void (*f)(void *arg), void *arg)
{
167
  unsigned ncalls;
168 169
  double elapsed;

170
  for (ncalls = 10 ;;)
171
    {
172
      unsigned i;
173 174

      time_start();
175 176
      for (i = 0; i < ncalls; i++)
	f(arg);
177
      elapsed = time_end();
178 179 180 181 182 183
      if (elapsed > BENCH_INTERVAL)
	break;
      else if (elapsed < BENCH_INTERVAL / 10)
	ncalls *= 10;
      else
	ncalls *= 2;
184
    }
185 186 187 188 189 190 191
  return elapsed / ncalls - overhead;
}

static void
bench_nothing(void *arg UNUSED)
{
  return;
192 193
}

194 195 196 197
struct bench_memxor_info
{
  uint8_t *dst;
  const uint8_t *src;
198
  const uint8_t *other;  
199 200 201 202 203 204 205 206 207
};

static void
bench_memxor(void *arg)
{
  struct bench_memxor_info *info = arg;
  memxor (info->dst, info->src, BENCH_BLOCK);
}

208 209 210 211 212 213 214
static void
bench_memxor3(void *arg)
{
  struct bench_memxor_info *info = arg;
  memxor3 (info->dst, info->src, info->other, BENCH_BLOCK);
}

215 216 217
struct bench_hash_info
{
  void *ctx;
218
  nettle_hash_update_func *update;
219 220 221 222 223 224 225 226 227 228
  const uint8_t *data;
};

static void
bench_hash(void *arg)
{
  struct bench_hash_info *info = arg;
  info->update(info->ctx, BENCH_BLOCK, info->data);
}

229 230 231
struct bench_cipher_info
{
  void *ctx;
232
  nettle_crypt_func *crypt;
233 234 235 236 237 238 239
  uint8_t *data;
};

static void
bench_cipher(void *arg)
{
  struct bench_cipher_info *info = arg;
240
  info->crypt(info->ctx, BENCH_BLOCK, info->data, info->data);
241 242 243 244 245
}

struct bench_cbc_info
{
  void *ctx;
246
  nettle_crypt_func *crypt;
247
 
248
  uint8_t *data;
249
  
250 251 252 253 254 255 256 257
  unsigned block_size;
  uint8_t *iv;
};

static void
bench_cbc_encrypt(void *arg)
{
  struct bench_cbc_info *info = arg;
258 259 260
  cbc_encrypt(info->ctx, info->crypt,
	      info->block_size, info->iv,
	      BENCH_BLOCK, info->data, info->data);
261 262 263 264 265 266
}

static void
bench_cbc_decrypt(void *arg)
{
  struct bench_cbc_info *info = arg;
267 268 269
  cbc_decrypt(info->ctx, info->crypt,
	      info->block_size, info->iv,
	      BENCH_BLOCK, info->data, info->data);
270 271 272 273 274 275 276
}

/* Set data[i] = floor(sqrt(i)) */
static void
init_data(uint8_t *data)
{
  unsigned i,j;
Niels Möller's avatar
Niels Möller committed
277
  for (i = j = 0; i<BENCH_BLOCK;  i++)
278 279 280 281 282 283 284 285
    {
      if (j*j < i)
	j++;
      data[i] = j;
    }
}

static void
Niels Möller's avatar
Niels Möller committed
286 287
init_key(unsigned length,
         uint8_t *key)
288
{
Niels Möller's avatar
Niels Möller committed
289 290 291
  unsigned i;
  for (i = 0; i<length; i++)
    key[i] = i;
292 293
}

294 295 296 297 298
static void
header(void)
{
  printf("%18s %11s Mbyte/s%s\n",
	 "Algorithm", "mode", 
Niels Möller's avatar
Niels Möller committed
299
	 frequency > 0.0 ? " cycles/byte cycles/block" : "");  
300 301
}

Niels Möller's avatar
Niels Möller committed
302
static void
Niels Möller's avatar
Niels Möller committed
303
display(const char *name, const char *mode, unsigned block_size,
304
	double time)
Niels Möller's avatar
Niels Möller committed
305
{
306
  printf("%18s %11s %7.2f",
Niels Möller's avatar
Niels Möller committed
307
	 name, mode,
308
	 BENCH_BLOCK / (time * 1048576.0));
309
  if (frequency > 0.0)
Niels Möller's avatar
Niels Möller committed
310
    {
311
      printf(" %11.2f", time * frequency / BENCH_BLOCK);
Niels Möller's avatar
Niels Möller committed
312
      if (block_size > 0)
313
	printf(" %12.2f", time * frequency * block_size / BENCH_BLOCK);
Niels Möller's avatar
Niels Möller committed
314
    }
315
  printf("\n");
Niels Möller's avatar
Niels Möller committed
316 317
}

318 319 320 321 322
static void *
xalloc(size_t size)
{
  void *p = malloc(size);
  if (!p)
323
    die("Virtual memory exhausted.\n");
324 325 326 327

  return p;
}

328 329 330 331 332 333 334 335 336 337 338 339
static void
time_overhead(void)
{
  overhead = time_function(bench_nothing, NULL);
  printf("benchmark call overhead: %7f us", overhead * 1e6);
  if (frequency > 0.0)
    printf("%7.2f cycles\n", overhead * frequency);
  printf("\n");  
}



340 341 342 343
static void
time_memxor(void)
{
  struct bench_memxor_info info;
344
  uint8_t src[BENCH_BLOCK + sizeof(long)];
345
  uint8_t other[BENCH_BLOCK + sizeof(long)];
346
  uint8_t dst[BENCH_BLOCK];
347 348 349 350

  info.src = src;
  info.dst = dst;

351 352
  display ("memxor", "aligned", sizeof(unsigned long),
	   time_function(bench_memxor, &info));
353
  info.src = src + 1;
354
  display ("memxor", "unaligned", sizeof(unsigned long),
355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370
	   time_function(bench_memxor, &info));

  info.src = src;
  info.other = other;
  display ("memxor3", "aligned", sizeof(unsigned long),
	   time_function(bench_memxor3, &info));

  info.other = other + 1;
  display ("memxor3", "unaligned01", sizeof(unsigned long),
	   time_function(bench_memxor3, &info));
  info.src = src + 1;
  display ("memxor3", "unaligned11", sizeof(unsigned long),
	   time_function(bench_memxor3, &info));
  info.other = other + 2;
  display ("memxor3", "unaligned12", sizeof(unsigned long),
	   time_function(bench_memxor3, &info));  
371 372
}

373 374 375 376 377
static void
time_hash(const struct nettle_hash *hash)
{
  static uint8_t data[BENCH_BLOCK];
  struct bench_hash_info info;
378

379
  info.ctx = xalloc(hash->context_size); 
380 381 382 383 384 385
  info.update = hash->update;
  info.data = data;

  init_data(data);
  hash->init(info.ctx);

Niels Möller's avatar
Niels Möller committed
386
  display(hash->name, "update", hash->block_size,
387
	  time_function(bench_hash, &info));
388 389

  free(info.ctx);
390 391
}

Niels Möller's avatar
Niels Möller committed
392 393 394 395 396
static void
time_gmac(void)
{
  static uint8_t data[BENCH_BLOCK];
  struct bench_hash_info info;
397
  struct gcm_aes_ctx ctx;
Niels Möller's avatar
Niels Möller committed
398 399 400
  uint8_t key[16];
  uint8_t iv[GCM_IV_SIZE];

401 402
  gcm_aes_set_key(&ctx, sizeof(key), key);
  gcm_aes_set_iv(&ctx, sizeof(iv), iv);
Niels Möller's avatar
Niels Möller committed
403

404 405
  info.ctx = &ctx;
  info.update = (nettle_hash_update_func *) gcm_aes_auth;
Niels Möller's avatar
Niels Möller committed
406 407 408 409 410 411
  info.data = data;

  display("gmac", "auth", GCM_BLOCK_SIZE,
	  time_function(bench_hash, &info));
}

Niels Möller's avatar
Niels Möller committed
412
static void
413
time_cipher(const struct nettle_cipher *cipher)
Niels Möller's avatar
Niels Möller committed
414
{
415 416
  void *ctx = xalloc(cipher->context_size);
  uint8_t *key = xalloc(cipher->key_size);
Niels Möller's avatar
Niels Möller committed
417

418
  static uint8_t data[BENCH_BLOCK];
Niels Möller's avatar
Niels Möller committed
419 420 421 422

  printf("\n");
  
  init_data(data);
423 424

  {
Niels Möller's avatar
Niels Möller committed
425 426 427 428 429
    /* Decent initializers are a GNU extension, so don't use it here. */
    struct bench_cipher_info info;
    info.ctx = ctx;
    info.crypt = cipher->encrypt;
    info.data = data;
430
    
Niels Möller's avatar
Niels Möller committed
431
    init_key(cipher->key_size, key);
432
    cipher->set_encrypt_key(ctx, cipher->key_size, key);
Niels Möller's avatar
Niels Möller committed
433

Niels Möller's avatar
Niels Möller committed
434
    display(cipher->name, "ECB encrypt", cipher->block_size,
Niels Möller's avatar
Niels Möller committed
435
	    time_function(bench_cipher, &info));
436
  }
Niels Möller's avatar
Niels Möller committed
437
  
438
  {
Niels Möller's avatar
Niels Möller committed
439 440 441 442
    struct bench_cipher_info info;
    info.ctx = ctx;
    info.crypt = cipher->decrypt;
    info.data = data;
443
    
Niels Möller's avatar
Niels Möller committed
444
    init_key(cipher->key_size, key);
445
    cipher->set_decrypt_key(ctx, cipher->key_size, key);
Niels Möller's avatar
Niels Möller committed
446

Niels Möller's avatar
Niels Möller committed
447
    display(cipher->name, "ECB decrypt", cipher->block_size,
Niels Möller's avatar
Niels Möller committed
448
	    time_function(bench_cipher, &info));
449 450
  }

Niels Möller's avatar
Niels Möller committed
451 452
  /* Don't use nettle cbc to benchmark openssl ciphers */
  if (cipher->block_size && cipher->name[0] != 'o')
Niels Möller's avatar
Niels Möller committed
453
    {
454
      uint8_t *iv = xalloc(cipher->block_size);
Niels Möller's avatar
Niels Möller committed
455 456 457
      
      /* Do CBC mode */
      {
Niels Möller's avatar
Niels Möller committed
458 459 460 461 462 463
        struct bench_cbc_info info;
	info.ctx = ctx;
	info.crypt = cipher->encrypt;
	info.data = data;
	info.block_size = cipher->block_size;
	info.iv = iv;
464
    
Niels Möller's avatar
Niels Möller committed
465
        memset(iv, 0, sizeof(iv));
466
    
467
        cipher->set_encrypt_key(ctx, cipher->key_size, key);
468

Niels Möller's avatar
Niels Möller committed
469
	display(cipher->name, "CBC encrypt", cipher->block_size,
Niels Möller's avatar
Niels Möller committed
470
		time_function(bench_cbc_encrypt, &info));
Niels Möller's avatar
Niels Möller committed
471
      }
472

Niels Möller's avatar
Niels Möller committed
473
      {
Niels Möller's avatar
Niels Möller committed
474 475 476 477 478 479
        struct bench_cbc_info info;
	info.ctx = ctx;
	info.crypt = cipher->decrypt;
	info.data = data;
	info.block_size = cipher->block_size;
	info.iv = iv;
480
    
Niels Möller's avatar
Niels Möller committed
481
        memset(iv, 0, sizeof(iv));
482

483
        cipher->set_decrypt_key(ctx, cipher->key_size, key);
484

Niels Möller's avatar
Niels Möller committed
485
	display(cipher->name, "CBC decrypt", cipher->block_size,
Niels Möller's avatar
Niels Möller committed
486
		time_function(bench_cbc_decrypt, &info));
Niels Möller's avatar
Niels Möller committed
487
      }
488
      free(iv);
Niels Möller's avatar
Niels Möller committed
489
    }
490 491
  free(ctx);
  free(key);
Niels Möller's avatar
Niels Möller committed
492 493
}

494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541
static int
compare_double(const void *ap, const void *bp)
{
  double a = *(const double *) ap;
  double b = *(const double *) bp;
  if (a < b)
    return -1;
  else if (a > b)
    return 1;
  else
    return 0;
}

/* Try to get accurate cycle times for assembler functions. */
static void
bench_sha1_compress(void)
{
#if WITH_CYCLE_COUNTER
  uint32_t state[_SHA1_DIGEST_LENGTH];
  uint8_t data[BENCH_ITERATIONS * SHA1_DATA_SIZE];
  uint32_t start_lo, start_hi, end_lo, end_hi;

  double count[5];
  
  uint8_t *p;
  unsigned i, j;

  for (j = 0; j < 5; j++)
    {
      i = 0;
      p = data;
      GET_CYCLE_COUNTER(start_hi, start_lo);
      for (; i < BENCH_ITERATIONS; i++, p += SHA1_DATA_SIZE)
	_nettle_sha1_compress(state, p);

      GET_CYCLE_COUNTER(end_hi, end_lo);

      end_hi -= (start_hi + (start_lo > end_lo));
      end_lo -= start_lo;

      count[j] = ldexp(end_hi, 32) + end_lo;
    }

  qsort(count, 5, sizeof(double), compare_double);
  printf("sha1_compress: %.2f cycles\n\n", count[2] / BENCH_ITERATIONS);  
#endif
}

Niels Möller's avatar
Niels Möller committed
542
#if WITH_OPENSSL
543 544 545 546
# define OPENSSL(x) x,
#else
# define OPENSSL(x)
#endif
Niels Möller's avatar
Niels Möller committed
547 548

int
549
main(int argc, char **argv)
Niels Möller's avatar
Niels Möller committed
550 551
{
  unsigned i;
552
  int c;
553
  const char *alg;
554 555 556 557

  const struct nettle_hash *hashes[] =
    {
      &nettle_md2, &nettle_md4, &nettle_md5,
558
      OPENSSL(&nettle_openssl_md5)
559
      &nettle_sha1, OPENSSL(&nettle_openssl_sha1)
Niels Möller's avatar
Niels Möller committed
560 561
      &nettle_sha224, &nettle_sha256,
      &nettle_sha384, &nettle_sha512,
562 563 564
      NULL
    };

565
  const struct nettle_cipher *ciphers[] =
Niels Möller's avatar
Niels Möller committed
566
    {
567
      &nettle_aes128, &nettle_aes192, &nettle_aes256,
Niels Möller's avatar
Niels Möller committed
568 569 570 571 572
      OPENSSL(&nettle_openssl_aes128)
      OPENSSL(&nettle_openssl_aes192)
      OPENSSL(&nettle_openssl_aes256)
      &nettle_arcfour128, OPENSSL(&nettle_openssl_arcfour128)
      &nettle_blowfish128, OPENSSL(&nettle_openssl_blowfish128)
Niels Möller's avatar
Niels Möller committed
573
      &nettle_camellia128, &nettle_camellia192, &nettle_camellia256,
574 575 576
      &nettle_cast128, OPENSSL(&nettle_openssl_cast128)
      &nettle_des, OPENSSL(&nettle_openssl_des)
      &nettle_des3,
577 578
      &nettle_serpent256,
      &nettle_twofish128, &nettle_twofish192, &nettle_twofish256,
579
      NULL
Niels Möller's avatar
Niels Möller committed
580
    };
581

582 583 584 585 586 587 588 589 590 591
  enum { OPT_HELP = 300 };
  static const struct option options[] =
    {
      /* Name, args, flag, val */
      { "help", no_argument, NULL, OPT_HELP },
      { "clock-frequency", required_argument, NULL, 'f' },
      { NULL, 0, NULL, 0 }
    };
  
  while ( (c = getopt_long(argc, argv, "f:", options, NULL)) != -1)
592 593 594 595 596 597 598
    switch (c)
      {
      case 'f':
	frequency = atof(optarg);
	if (frequency > 0.0)
	  break;

599 600 601 602 603
      case OPT_HELP:
	printf("Usage: nettle-benchmark [-f clock frequency] [alg]\n");
	return EXIT_SUCCESS;

      case '?':
604 605 606 607 608 609
	return EXIT_FAILURE;

      default:
	abort();
    }

610
  alg = argv[optind];
611

612 613 614 615 616 617 618 619 620 621 622 623 624 625
  /* Choose timing function */
#if TRY_CLOCK_GETTIME
  if (cgt_works_p())
    {
      time_start = cgt_time_start;
      time_end = cgt_time_end;
    }
  else
    {
      fprintf(stderr, "clock_gettime not working, falling back to clock\n");
      time_start = clock_time_start;
      time_end = clock_time_end;
    }
#endif
626 627
  bench_sha1_compress();

628 629
  time_overhead();

630 631
  header();

632 633 634 635 636
  if (!alg || strstr ("memxor", alg))
    {
      time_memxor();
      printf("\n");
    }
637
  
638 639 640 641 642
  for (i = 0; hashes[i]; i++)
    {
      if (!alg || strstr(hashes[i]->name, alg))
	time_hash(hashes[i]);
    }
Niels Möller's avatar
Niels Möller committed
643 644 645 646 647 648 649

  if (!alg || strstr ("gmac", alg))
    {
      time_gmac();
      printf("\n");
    }

650
  for (i = 0; ciphers[i]; i++)
651 652 653
    if (!alg || strstr(ciphers[i]->name, alg))
      time_cipher(ciphers[i]);

654 655
  return 0;
}