4
* A driver for the generic cipher type
12
* Copyright (c) 2001-2006, Cisco Systems, Inc.
13
* All rights reserved.
15
* Redistribution and use in source and binary forms, with or without
16
* modification, are permitted provided that the following conditions
19
* Redistributions of source code must retain the above copyright
20
* notice, this list of conditions and the following disclaimer.
22
* Redistributions in binary form must reproduce the above
23
* copyright notice, this list of conditions and the following
24
* disclaimer in the documentation and/or other materials provided
25
* with the distribution.
27
* Neither the name of the Cisco Systems, Inc. nor the names of its
28
* contributors may be used to endorse or promote products derived
29
* from this software without specific prior written permission.
31
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
32
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
33
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
34
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
35
* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
36
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
37
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
38
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
39
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
40
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
41
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
42
* OF THE POSSIBILITY OF SUCH DAMAGE.
46
#include <stdio.h> /* for printf() */
47
#include <stdlib.h> /* for rand() */
48
#include <string.h> /* for memset() */
49
#include <unistd.h> /* for getopt() */
52
#include "null_cipher.h"
57
cipher_driver_test_throughput(cipher_t *c);
60
cipher_driver_self_test(cipher_type_t *ct);
64
* cipher_driver_test_buffering(ct) tests the cipher's output
65
* buffering for correctness by checking the consistency of succesive
70
cipher_driver_test_buffering(cipher_t *c);
74
* functions for testing cipher cache thrash
77
cipher_driver_test_array_throughput(cipher_type_t *ct,
78
int klen, int num_cipher);
81
cipher_array_test_throughput(cipher_t *ca[], int num_cipher);
84
cipher_array_bits_per_second(cipher_t *cipher_array[], int num_cipher,
85
unsigned octets_in_buffer, int num_trials);
88
cipher_array_delete(cipher_t *cipher_array[], int num_cipher);
91
cipher_array_alloc_init(cipher_t ***cipher_array, int num_ciphers,
92
cipher_type_t *ctype, int klen);
95
usage(char *prog_name) {
96
printf("usage: %s [ -t | -v | -a ]\n", prog_name);
101
check_status(err_status_t s) {
103
printf("error (code %d)\n", s);
110
* null_cipher, aes_icm, and aes_cbc are the cipher meta-objects
111
* defined in the files in crypto/cipher subdirectory. these are
112
* declared external so that we can use these cipher types here
115
extern cipher_type_t null_cipher;
116
extern cipher_type_t aes_icm;
117
extern cipher_type_t aes_cbc;
120
main(int argc, char *argv[]) {
123
unsigned char test_key[20] = {
124
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
125
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
126
0x10, 0x11, 0x12, 0x13
129
unsigned do_timing_test = 0;
130
unsigned do_validation = 0;
131
unsigned do_array_timing_test = 0;
133
/* process input arguments */
135
q = getopt(argc, argv, "tva");
146
do_array_timing_test = 1;
153
printf("cipher test driver\n"
155
"Cisco Systems, Inc.\n");
157
if (!do_validation && !do_timing_test && !do_array_timing_test)
160
/* arry timing (cache thrash) test */
161
if (do_array_timing_test) {
162
int max_num_cipher = 1 << 16; /* number of ciphers in cipher_array */
165
for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8)
166
cipher_driver_test_array_throughput(&null_cipher, 0, num_cipher);
168
for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8)
169
cipher_driver_test_array_throughput(&aes_icm, 30, num_cipher);
171
for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8)
172
cipher_driver_test_array_throughput(&aes_cbc, 16, num_cipher);
177
cipher_driver_self_test(&null_cipher);
178
cipher_driver_self_test(&aes_icm);
179
cipher_driver_self_test(&aes_cbc);
182
/* do timing and/or buffer_test on null_cipher */
183
status = cipher_type_alloc(&null_cipher, &c, 0);
184
check_status(status);
186
status = cipher_init(c, NULL, direction_encrypt);
187
check_status(status);
190
cipher_driver_test_throughput(c);
192
status = cipher_driver_test_buffering(c);
193
check_status(status);
195
status = cipher_dealloc(c);
196
check_status(status);
199
/* run the throughput test on the aes_icm cipher */
200
status = cipher_type_alloc(&aes_icm, &c, 30);
202
fprintf(stderr, "error: can't allocate cipher\n");
206
status = cipher_init(c, test_key, direction_encrypt);
207
check_status(status);
210
cipher_driver_test_throughput(c);
213
status = cipher_driver_test_buffering(c);
214
check_status(status);
217
status = cipher_dealloc(c);
218
check_status(status);
224
cipher_driver_test_throughput(cipher_t *c) {
226
int min_enc_len = 32;
227
int max_enc_len = 2048; /* should be a power of two */
228
int num_trials = 100000;
230
printf("timing %s throughput:\n", c->type->description);
232
for (i=min_enc_len; i <= max_enc_len; i = i * 2)
233
printf("msg len: %d\tgigabits per second: %f\n",
234
i, cipher_bits_per_second(c, i, num_trials) / 1e9);
239
cipher_driver_self_test(cipher_type_t *ct) {
242
printf("running cipher self-test for %s...", ct->description);
243
status = cipher_type_self_test(ct);
245
printf("failed with error code %d\n", status);
250
return err_status_ok;
254
* cipher_driver_test_buffering(ct) tests the cipher's output
255
* buffering for correctness by checking the consistency of succesive
260
cipher_driver_test_buffering(cipher_t *c) {
261
int i, j, num_trials = 1000;
262
unsigned len, buflen = 1024;
263
uint8_t buffer0[buflen], buffer1[buflen], *current, *end;
265
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
266
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x34
270
printf("testing output buffering for cipher %s...",
271
c->type->description);
273
for (i=0; i < num_trials; i++) {
275
/* set buffers to zero */
276
for (j=0; j < buflen; j++)
277
buffer0[j] = buffer1[j] = 0;
279
/* initialize cipher */
280
status = cipher_set_iv(c, idx);
284
/* generate 'reference' value by encrypting all at once */
285
status = cipher_encrypt(c, buffer0, &buflen);
289
/* re-initialize cipher */
290
status = cipher_set_iv(c, idx);
294
/* now loop over short lengths until buffer1 is encrypted */
296
end = buffer1 + buflen;
297
while (current < end) {
299
/* choose a short length */
300
len = rand() & 0x01f;
302
/* make sure that len doesn't cause us to overreach the buffer */
303
if (current + len > end)
306
status = cipher_encrypt(c, current, &len);
310
/* advance pointer into buffer1 to reflect encryption */
313
/* if buffer1 is all encrypted, break out of loop */
318
/* compare buffers */
319
for (j=0; j < buflen; j++)
320
if (buffer0[j] != buffer1[j]) {
322
printf("test case %d failed at byte %d\n", i, j);
323
printf("computed: %s\n", octet_string_hex_string(buffer1, buflen));
324
printf("expected: %s\n", octet_string_hex_string(buffer0, buflen));
326
return err_status_algo_fail;
332
return err_status_ok;
337
* The function cipher_test_throughput_array() tests the effect of CPU
338
* cache thrash on cipher throughput.
340
* cipher_array_alloc_init(ctype, array, num_ciphers) creates an array
341
* of cipher_t of type ctype
345
cipher_array_alloc_init(cipher_t ***ca, int num_ciphers,
346
cipher_type_t *ctype, int klen) {
350
cipher_t **cipher_array;
352
/* allocate array of pointers to ciphers */
353
cipher_array = (cipher_t **) malloc(sizeof(cipher_t *) * num_ciphers);
354
if (cipher_array == NULL)
355
return err_status_alloc_fail;
357
/* set ca to location of cipher_array */
361
key = crypto_alloc(klen);
364
return err_status_alloc_fail;
367
/* allocate and initialize an array of ciphers */
368
for (i=0; i < num_ciphers; i++) {
370
/* allocate cipher */
371
status = cipher_type_alloc(ctype, cipher_array, klen);
375
/* generate random key and initialize cipher */
376
for (j=0; j < klen; j++)
377
key[j] = (uint8_t) rand();
378
status = cipher_init(*cipher_array, key, direction_encrypt);
382
/* printf("%dth cipher is at %p\n", i, *cipher_array); */
383
/* printf("%dth cipher description: %s\n", i, */
384
/* (*cipher_array)->type->description); */
386
/* advance cipher array pointer */
390
return err_status_ok;
394
cipher_array_delete(cipher_t *cipher_array[], int num_cipher) {
397
for (i=0; i < num_cipher; i++) {
398
cipher_dealloc(cipher_array[i]);
403
return err_status_ok;
408
* cipher_array_bits_per_second(c, l, t) computes (an estimate of) the
409
* number of bits that a cipher implementation can encrypt in a second
410
* when distinct keys are used to encrypt distinct messages
412
* c is a cipher (which MUST be allocated an initialized already), l
413
* is the length in octets of the test data to be encrypted, and t is
414
* the number of trials
416
* if an error is encountered, the value 0 is returned
420
cipher_array_bits_per_second(cipher_t *cipher_array[], int num_cipher,
421
unsigned octets_in_buffer, int num_trials) {
425
unsigned char *enc_buf;
426
int cipher_index = 0;
429
enc_buf = crypto_alloc(octets_in_buffer);
431
return 0; /* indicate bad parameters by returning null */
433
/* time repeated trials */
434
v128_set_to_zero(&nonce);
436
for(i=0; i < num_trials; i++, nonce.v32[3] = i) {
438
/* choose a cipher at random from the array*/
439
cipher_index = (*((uint32_t *)enc_buf)) % num_cipher;
441
/* encrypt buffer with cipher */
442
cipher_set_iv(cipher_array[cipher_index], &nonce);
443
cipher_encrypt(cipher_array[cipher_index], enc_buf, &octets_in_buffer);
445
timer = clock() - timer;
454
return CLOCKS_PER_SEC * num_trials * 8 * octets_in_buffer / timer;
458
cipher_array_test_throughput(cipher_t *ca[], int num_cipher) {
460
int min_enc_len = 16;
461
int max_enc_len = 2048; /* should be a power of two */
462
int num_trials = 10000;
464
printf("timing %s throughput with array size %d:\n",
465
(ca[0])->type->description, num_cipher);
467
for (i=min_enc_len; i <= max_enc_len; i = i * 4)
468
printf("msg len: %d\tgigabits per second: %f\n", i,
469
cipher_array_bits_per_second(ca, num_cipher, i, num_trials) / 1e9);
474
cipher_driver_test_array_throughput(cipher_type_t *ct,
475
int klen, int num_cipher) {
476
cipher_t **ca = NULL;
479
status = cipher_array_alloc_init(&ca, num_cipher, ct, klen);
481
printf("error: cipher_array_alloc_init() failed with error code %d\n",
486
cipher_array_test_throughput(ca, num_cipher);
488
cipher_array_delete(ca, num_cipher);
490
return err_status_ok;