nettle-benchmark.c 14.1 KB
Newer Older
1 2 3 4 5 6 7 8
/* nettle-benchmark.c
 *
 * Tries the performance of the various algorithms.
 *
 */
 
/* nettle, low-level cryptographics library
 *
Niels Möller's avatar
Niels Möller committed
9
 * Copyright (C) 2001, 2010 Niels Mller
10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
 *  
 * The nettle library is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation; either version 2.1 of the License, or (at your
 * option) any later version.
 * 
 * The nettle library is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
 * License for more details.
 * 
 * You should have received a copy of the GNU Lesser General Public License
 * along with the nettle library; see the file COPYING.LIB.  If not, write to
 * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
 * MA 02111-1307, USA.
 */

27 28
#if HAVE_CONFIG_H
# include "config.h"
29 30 31 32
#endif

#include <assert.h>
#include <errno.h>
33
#include <math.h>
Niels Möller's avatar
Niels Möller committed
34
#include <stdarg.h>
35 36 37 38 39
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include <time.h>
40

41
#include "aes.h"
Niels Möller's avatar
Niels Möller committed
42 43 44
#include "arcfour.h"
#include "blowfish.h"
#include "cast128.h"
Niels Möller's avatar
Niels Möller committed
45
#include "cbc.h"
Niels Möller's avatar
Niels Möller committed
46
#include "des.h"
Niels Möller's avatar
Niels Möller committed
47
#include "gcm.h"
48
#include "memxor.h"
Niels Möller's avatar
Niels Möller committed
49
#include "serpent.h"
50
#include "sha.h"
Niels Möller's avatar
Niels Möller committed
51 52
#include "twofish.h"

53 54 55
#include "nettle-meta.h"
#include "nettle-internal.h"

Niels Möller's avatar
Niels Möller committed
56
#include "getopt.h"
57

58
static double frequency = 0.0;
Niels Möller's avatar
Niels Möller committed
59

60
/* Process BENCH_BLOCK bytes at a time, for BENCH_INTERVAL seconds. */
61
#define BENCH_BLOCK 10240
62
#define BENCH_INTERVAL 0.1
Niels Möller's avatar
Niels Möller committed
63

64 65
/* FIXME: Proper configure test for rdtsc? */
#ifndef WITH_CYCLE_COUNTER
66
# if defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__))
67 68 69 70 71 72 73
#  define WITH_CYCLE_COUNTER 1
# else
#  define WITH_CYCLE_COUNTER 0
# endif
#endif

#if WITH_CYCLE_COUNTER
74
# if defined(__i386__)
75 76 77 78 79 80 81 82 83
#define GET_CYCLE_COUNTER(hi, lo)		\
  __asm__("xorl %%eax,%%eax\n"			\
	  "movl %%ebx, %%edi\n"			\
	  "cpuid\n"				\
	  "rdtsc\n"				\
	  "movl %%edi, %%ebx\n"			\
	  : "=a" (lo), "=d" (hi)		\
	  : /* No inputs. */			\
	  : "%edi", "%ecx", "cc")
84 85 86 87 88 89 90 91 92 93 94
# elif defined(__x86_64__)
#define GET_CYCLE_COUNTER(hi, lo)		\
  __asm__("xorl %%eax,%%eax\n"			\
	  "mov %%rbx, %%r10\n"			\
	  "cpuid\n"				\
	  "rdtsc\n"				\
	  "mov %%r10, %%rbx\n"			\
	  : "=a" (lo), "=d" (hi)		\
	  : /* No inputs. */			\
	  : "%r10", "%rcx", "cc")
# endif
95 96 97
#define BENCH_ITERATIONS 10
#endif

Niels Möller's avatar
Niels Möller committed
98 99 100 101 102 103 104 105 106 107 108
static void
die(const char *format, ...)
{
  va_list args;
  va_start(args, format);
  vfprintf(stderr, format, args);
  va_end(args);

  exit(EXIT_FAILURE);
}

109 110
static double overhead = 0.0; 

111
#if HAVE_CLOCK_GETTIME && defined CLOCK_PROCESS_CPUTIME_ID
112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142
#define TRY_CLOCK_GETTIME 1
struct timespec cgt_start;

static int
cgt_works_p(void)
{
  struct timespec now;
  return clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &now) == 0;
}

static void
cgt_time_start(void)
{
  if (clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &cgt_start) < 0)
    die("clock_gettime failed: %s\n", strerror(errno));
}

static double
cgt_time_end(void)
{
    struct timespec end;
    if (clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &end) < 0)
      die("clock_gettime failed: %s\n", strerror(errno));

    return end.tv_sec - cgt_start.tv_sec
      + 1e-9 * (end.tv_nsec - cgt_start.tv_nsec);
}

static void (*time_start)(void);
static double (*time_end)(void);

143
#else /* !HAVE_CLOCK_GETTIME */
144 145 146
#define TRY_CLOCK_GETTIME 0
#define time_start clock_time_start
#define time_end clock_time_end
147 148
#endif /* !HAVE_CLOCK_GETTIME */

149 150 151 152 153 154 155 156 157 158 159 160 161 162
static clock_t clock_start;

static void
clock_time_start(void)
{
  clock_start = clock();
}

static double
clock_time_end(void)
{
  return (double) (clock() - (clock_start)) / CLOCKS_PER_SEC;
}

163
/* Returns second per function call */
164 165 166
static double
time_function(void (*f)(void *arg), void *arg)
{
167
  unsigned ncalls;
168 169
  double elapsed;

170
  for (ncalls = 10 ;;)
171
    {
172
      unsigned i;
173 174

      time_start();
175 176
      for (i = 0; i < ncalls; i++)
	f(arg);
177
      elapsed = time_end();
178 179 180 181 182 183
      if (elapsed > BENCH_INTERVAL)
	break;
      else if (elapsed < BENCH_INTERVAL / 10)
	ncalls *= 10;
      else
	ncalls *= 2;
184
    }
185 186 187 188 189 190 191
  return elapsed / ncalls - overhead;
}

static void
bench_nothing(void *arg UNUSED)
{
  return;
192 193
}

194 195 196 197
struct bench_memxor_info
{
  uint8_t *dst;
  const uint8_t *src;
198
  const uint8_t *other;  
199 200 201 202 203 204 205 206 207
};

static void
bench_memxor(void *arg)
{
  struct bench_memxor_info *info = arg;
  memxor (info->dst, info->src, BENCH_BLOCK);
}

208 209 210 211 212 213 214
static void
bench_memxor3(void *arg)
{
  struct bench_memxor_info *info = arg;
  memxor3 (info->dst, info->src, info->other, BENCH_BLOCK);
}

215 216 217
struct bench_hash_info
{
  void *ctx;
218
  nettle_hash_update_func *update;
219 220 221 222 223 224 225 226 227 228
  const uint8_t *data;
};

static void
bench_hash(void *arg)
{
  struct bench_hash_info *info = arg;
  info->update(info->ctx, BENCH_BLOCK, info->data);
}

229 230 231
struct bench_cipher_info
{
  void *ctx;
232
  nettle_crypt_func *crypt;
233 234 235 236 237 238 239
  uint8_t *data;
};

static void
bench_cipher(void *arg)
{
  struct bench_cipher_info *info = arg;
240
  info->crypt(info->ctx, BENCH_BLOCK, info->data, info->data);
241 242 243 244 245
}

struct bench_cbc_info
{
  void *ctx;
246
  nettle_crypt_func *crypt;
247
 
248
  uint8_t *data;
249
  
250 251 252 253 254 255 256 257
  unsigned block_size;
  uint8_t *iv;
};

static void
bench_cbc_encrypt(void *arg)
{
  struct bench_cbc_info *info = arg;
258 259 260
  cbc_encrypt(info->ctx, info->crypt,
	      info->block_size, info->iv,
	      BENCH_BLOCK, info->data, info->data);
261 262 263 264 265 266
}

static void
bench_cbc_decrypt(void *arg)
{
  struct bench_cbc_info *info = arg;
267 268 269
  cbc_decrypt(info->ctx, info->crypt,
	      info->block_size, info->iv,
	      BENCH_BLOCK, info->data, info->data);
270 271 272 273 274 275 276
}

/* Set data[i] = floor(sqrt(i)) */
static void
init_data(uint8_t *data)
{
  unsigned i,j;
Niels Möller's avatar
Niels Möller committed
277
  for (i = j = 0; i<BENCH_BLOCK;  i++)
278 279 280 281 282 283 284 285
    {
      if (j*j < i)
	j++;
      data[i] = j;
    }
}

static void
Niels Möller's avatar
Niels Möller committed
286 287
init_key(unsigned length,
         uint8_t *key)
288
{
Niels Möller's avatar
Niels Möller committed
289 290 291
  unsigned i;
  for (i = 0; i<length; i++)
    key[i] = i;
292 293
}

294 295 296 297 298
static void
header(void)
{
  printf("%18s %11s Mbyte/s%s\n",
	 "Algorithm", "mode", 
Niels Möller's avatar
Niels Möller committed
299
	 frequency > 0.0 ? " cycles/byte cycles/block" : "");  
300 301
}

Niels Möller's avatar
Niels Möller committed
302
static void
Niels Möller's avatar
Niels Möller committed
303
display(const char *name, const char *mode, unsigned block_size,
304
	double time)
Niels Möller's avatar
Niels Möller committed
305
{
306
  printf("%18s %11s %7.2f",
Niels Möller's avatar
Niels Möller committed
307
	 name, mode,
308
	 BENCH_BLOCK / (time * 1048576.0));
309
  if (frequency > 0.0)
Niels Möller's avatar
Niels Möller committed
310
    {
311
      printf(" %11.2f", time * frequency / BENCH_BLOCK);
Niels Möller's avatar
Niels Möller committed
312
      if (block_size > 0)
313
	printf(" %12.2f", time * frequency * block_size / BENCH_BLOCK);
Niels Möller's avatar
Niels Möller committed
314
    }
315
  printf("\n");
Niels Möller's avatar
Niels Möller committed
316 317
}

318 319 320 321 322
static void *
xalloc(size_t size)
{
  void *p = malloc(size);
  if (!p)
323
    die("Virtual memory exhausted.\n");
324 325 326 327

  return p;
}

328 329 330 331 332 333 334 335 336 337 338 339
static void
time_overhead(void)
{
  overhead = time_function(bench_nothing, NULL);
  printf("benchmark call overhead: %7f us", overhead * 1e6);
  if (frequency > 0.0)
    printf("%7.2f cycles\n", overhead * frequency);
  printf("\n");  
}



340 341 342 343
static void
time_memxor(void)
{
  struct bench_memxor_info info;
344
  uint8_t src[BENCH_BLOCK + sizeof(long)];
345
  uint8_t other[BENCH_BLOCK + sizeof(long)];
346
  uint8_t dst[BENCH_BLOCK];
347 348 349 350

  info.src = src;
  info.dst = dst;

351 352
  display ("memxor", "aligned", sizeof(unsigned long),
	   time_function(bench_memxor, &info));
353
  info.src = src + 1;
354
  display ("memxor", "unaligned", sizeof(unsigned long),
355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370
	   time_function(bench_memxor, &info));

  info.src = src;
  info.other = other;
  display ("memxor3", "aligned", sizeof(unsigned long),
	   time_function(bench_memxor3, &info));

  info.other = other + 1;
  display ("memxor3", "unaligned01", sizeof(unsigned long),
	   time_function(bench_memxor3, &info));
  info.src = src + 1;
  display ("memxor3", "unaligned11", sizeof(unsigned long),
	   time_function(bench_memxor3, &info));
  info.other = other + 2;
  display ("memxor3", "unaligned12", sizeof(unsigned long),
	   time_function(bench_memxor3, &info));  
371 372
}

373 374 375 376 377
static void
time_hash(const struct nettle_hash *hash)
{
  static uint8_t data[BENCH_BLOCK];
  struct bench_hash_info info;
378

379
  info.ctx = xalloc(hash->context_size); 
380 381 382 383 384 385
  info.update = hash->update;
  info.data = data;

  init_data(data);
  hash->init(info.ctx);

Niels Möller's avatar
Niels Möller committed
386
  display(hash->name, "update", hash->block_size,
387
	  time_function(bench_hash, &info));
388 389

  free(info.ctx);
390 391
}

Niels Möller's avatar
Niels Möller committed
392
static void
393
time_gcm(void)
Niels Möller's avatar
Niels Möller committed
394 395
{
  static uint8_t data[BENCH_BLOCK];
396 397
  struct bench_hash_info hinfo;
  struct bench_cipher_info cinfo;
398
  struct gcm_aes_ctx ctx;
399

Niels Möller's avatar
Niels Möller committed
400 401 402
  uint8_t key[16];
  uint8_t iv[GCM_IV_SIZE];

403 404
  gcm_aes_set_key(&ctx, sizeof(key), key);
  gcm_aes_set_iv(&ctx, sizeof(iv), iv);
Niels Möller's avatar
Niels Möller committed
405

406 407 408 409 410 411 412 413 414 415
  hinfo.ctx = &ctx;
  hinfo.update = (nettle_hash_update_func *) gcm_aes_update;
  hinfo.data = data;
  
  display("gcm-aes", "update", GCM_BLOCK_SIZE,
	  time_function(bench_hash, &hinfo));
  
  cinfo.ctx = &ctx;
  cinfo.crypt = (nettle_crypt_func *) gcm_aes_encrypt;
  cinfo.data = data;
Niels Möller's avatar
Niels Möller committed
416

417 418 419 420 421 422 423
  display("gcm-aes", "encrypt", GCM_BLOCK_SIZE,
	  time_function(bench_cipher, &cinfo));

  cinfo.crypt = (nettle_crypt_func *) gcm_aes_decrypt;

  display("gcm-aes", "decrypt", GCM_BLOCK_SIZE,
	  time_function(bench_cipher, &cinfo));
Niels Möller's avatar
Niels Möller committed
424 425
}

Niels Möller's avatar
Niels Möller committed
426
static void
427
time_cipher(const struct nettle_cipher *cipher)
Niels Möller's avatar
Niels Möller committed
428
{
429 430
  void *ctx = xalloc(cipher->context_size);
  uint8_t *key = xalloc(cipher->key_size);
Niels Möller's avatar
Niels Möller committed
431

432
  static uint8_t data[BENCH_BLOCK];
Niels Möller's avatar
Niels Möller committed
433 434 435 436

  printf("\n");
  
  init_data(data);
437 438

  {
Niels Möller's avatar
Niels Möller committed
439 440 441 442 443
    /* Decent initializers are a GNU extension, so don't use it here. */
    struct bench_cipher_info info;
    info.ctx = ctx;
    info.crypt = cipher->encrypt;
    info.data = data;
444
    
Niels Möller's avatar
Niels Möller committed
445
    init_key(cipher->key_size, key);
446
    cipher->set_encrypt_key(ctx, cipher->key_size, key);
Niels Möller's avatar
Niels Möller committed
447

Niels Möller's avatar
Niels Möller committed
448
    display(cipher->name, "ECB encrypt", cipher->block_size,
Niels Möller's avatar
Niels Möller committed
449
	    time_function(bench_cipher, &info));
450
  }
Niels Möller's avatar
Niels Möller committed
451
  
452
  {
Niels Möller's avatar
Niels Möller committed
453 454 455 456
    struct bench_cipher_info info;
    info.ctx = ctx;
    info.crypt = cipher->decrypt;
    info.data = data;
457
    
Niels Möller's avatar
Niels Möller committed
458
    init_key(cipher->key_size, key);
459
    cipher->set_decrypt_key(ctx, cipher->key_size, key);
Niels Möller's avatar
Niels Möller committed
460

Niels Möller's avatar
Niels Möller committed
461
    display(cipher->name, "ECB decrypt", cipher->block_size,
Niels Möller's avatar
Niels Möller committed
462
	    time_function(bench_cipher, &info));
463 464
  }

Niels Möller's avatar
Niels Möller committed
465 466
  /* Don't use nettle cbc to benchmark openssl ciphers */
  if (cipher->block_size && cipher->name[0] != 'o')
Niels Möller's avatar
Niels Möller committed
467
    {
468
      uint8_t *iv = xalloc(cipher->block_size);
Niels Möller's avatar
Niels Möller committed
469 470 471
      
      /* Do CBC mode */
      {
Niels Möller's avatar
Niels Möller committed
472 473 474 475 476 477
        struct bench_cbc_info info;
	info.ctx = ctx;
	info.crypt = cipher->encrypt;
	info.data = data;
	info.block_size = cipher->block_size;
	info.iv = iv;
478
    
Niels Möller's avatar
Niels Möller committed
479
        memset(iv, 0, sizeof(iv));
480
    
481
        cipher->set_encrypt_key(ctx, cipher->key_size, key);
482

Niels Möller's avatar
Niels Möller committed
483
	display(cipher->name, "CBC encrypt", cipher->block_size,
Niels Möller's avatar
Niels Möller committed
484
		time_function(bench_cbc_encrypt, &info));
Niels Möller's avatar
Niels Möller committed
485
      }
486

Niels Möller's avatar
Niels Möller committed
487
      {
Niels Möller's avatar
Niels Möller committed
488 489 490 491 492 493
        struct bench_cbc_info info;
	info.ctx = ctx;
	info.crypt = cipher->decrypt;
	info.data = data;
	info.block_size = cipher->block_size;
	info.iv = iv;
494
    
Niels Möller's avatar
Niels Möller committed
495
        memset(iv, 0, sizeof(iv));
496

497
        cipher->set_decrypt_key(ctx, cipher->key_size, key);
498

Niels Möller's avatar
Niels Möller committed
499
	display(cipher->name, "CBC decrypt", cipher->block_size,
Niels Möller's avatar
Niels Möller committed
500
		time_function(bench_cbc_decrypt, &info));
Niels Möller's avatar
Niels Möller committed
501
      }
502
      free(iv);
Niels Möller's avatar
Niels Möller committed
503
    }
504 505
  free(ctx);
  free(key);
Niels Möller's avatar
Niels Möller committed
506 507
}

508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555
static int
compare_double(const void *ap, const void *bp)
{
  double a = *(const double *) ap;
  double b = *(const double *) bp;
  if (a < b)
    return -1;
  else if (a > b)
    return 1;
  else
    return 0;
}

/* Try to get accurate cycle times for assembler functions. */
static void
bench_sha1_compress(void)
{
#if WITH_CYCLE_COUNTER
  uint32_t state[_SHA1_DIGEST_LENGTH];
  uint8_t data[BENCH_ITERATIONS * SHA1_DATA_SIZE];
  uint32_t start_lo, start_hi, end_lo, end_hi;

  double count[5];
  
  uint8_t *p;
  unsigned i, j;

  for (j = 0; j < 5; j++)
    {
      i = 0;
      p = data;
      GET_CYCLE_COUNTER(start_hi, start_lo);
      for (; i < BENCH_ITERATIONS; i++, p += SHA1_DATA_SIZE)
	_nettle_sha1_compress(state, p);

      GET_CYCLE_COUNTER(end_hi, end_lo);

      end_hi -= (start_hi + (start_lo > end_lo));
      end_lo -= start_lo;

      count[j] = ldexp(end_hi, 32) + end_lo;
    }

  qsort(count, 5, sizeof(double), compare_double);
  printf("sha1_compress: %.2f cycles\n\n", count[2] / BENCH_ITERATIONS);  
#endif
}

Niels Möller's avatar
Niels Möller committed
556
#if WITH_OPENSSL
557 558 559 560
# define OPENSSL(x) x,
#else
# define OPENSSL(x)
#endif
Niels Möller's avatar
Niels Möller committed
561 562

int
563
main(int argc, char **argv)
Niels Möller's avatar
Niels Möller committed
564 565
{
  unsigned i;
566
  int c;
567
  const char *alg;
568 569 570 571

  const struct nettle_hash *hashes[] =
    {
      &nettle_md2, &nettle_md4, &nettle_md5,
572
      OPENSSL(&nettle_openssl_md5)
573
      &nettle_sha1, OPENSSL(&nettle_openssl_sha1)
Niels Möller's avatar
Niels Möller committed
574 575
      &nettle_sha224, &nettle_sha256,
      &nettle_sha384, &nettle_sha512,
576 577 578
      NULL
    };

579
  const struct nettle_cipher *ciphers[] =
Niels Möller's avatar
Niels Möller committed
580
    {
581
      &nettle_aes128, &nettle_aes192, &nettle_aes256,
Niels Möller's avatar
Niels Möller committed
582 583 584 585 586
      OPENSSL(&nettle_openssl_aes128)
      OPENSSL(&nettle_openssl_aes192)
      OPENSSL(&nettle_openssl_aes256)
      &nettle_arcfour128, OPENSSL(&nettle_openssl_arcfour128)
      &nettle_blowfish128, OPENSSL(&nettle_openssl_blowfish128)
Niels Möller's avatar
Niels Möller committed
587
      &nettle_camellia128, &nettle_camellia192, &nettle_camellia256,
588 589 590
      &nettle_cast128, OPENSSL(&nettle_openssl_cast128)
      &nettle_des, OPENSSL(&nettle_openssl_des)
      &nettle_des3,
591 592
      &nettle_serpent256,
      &nettle_twofish128, &nettle_twofish192, &nettle_twofish256,
593
      NULL
Niels Möller's avatar
Niels Möller committed
594
    };
595

596 597 598 599 600 601 602 603 604 605
  enum { OPT_HELP = 300 };
  static const struct option options[] =
    {
      /* Name, args, flag, val */
      { "help", no_argument, NULL, OPT_HELP },
      { "clock-frequency", required_argument, NULL, 'f' },
      { NULL, 0, NULL, 0 }
    };
  
  while ( (c = getopt_long(argc, argv, "f:", options, NULL)) != -1)
606 607 608 609 610 611 612
    switch (c)
      {
      case 'f':
	frequency = atof(optarg);
	if (frequency > 0.0)
	  break;

613 614 615 616 617
      case OPT_HELP:
	printf("Usage: nettle-benchmark [-f clock frequency] [alg]\n");
	return EXIT_SUCCESS;

      case '?':
618 619 620 621 622 623
	return EXIT_FAILURE;

      default:
	abort();
    }

624
  alg = argv[optind];
625

626 627 628 629 630 631 632 633 634 635 636 637 638 639
  /* Choose timing function */
#if TRY_CLOCK_GETTIME
  if (cgt_works_p())
    {
      time_start = cgt_time_start;
      time_end = cgt_time_end;
    }
  else
    {
      fprintf(stderr, "clock_gettime not working, falling back to clock\n");
      time_start = clock_time_start;
      time_end = clock_time_end;
    }
#endif
640 641
  bench_sha1_compress();

642 643
  time_overhead();

644 645
  header();

646 647 648 649 650
  if (!alg || strstr ("memxor", alg))
    {
      time_memxor();
      printf("\n");
    }
651
  
652
  for (i = 0; hashes[i]; i++)
653 654
    if (!alg || strstr(hashes[i]->name, alg))
      time_hash(hashes[i]);
Niels Möller's avatar
Niels Möller committed
655

656
  for (i = 0; ciphers[i]; i++)
657 658 659
    if (!alg || strstr(ciphers[i]->name, alg))
      time_cipher(ciphers[i]);

660 661 662 663 664 665
  if (!alg || strstr ("gcm", alg))
    {
      printf("\n");
      time_gcm();
    }

666 667
  return 0;
}