2011-11-11 18:34:03 +01:00
|
|
|
/* Copyright (c) 2001-2004, Roger Dingledine.
|
|
|
|
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
2018-06-20 14:13:28 +02:00
|
|
|
* Copyright (c) 2007-2018, The Tor Project, Inc. */
|
2011-11-11 18:34:03 +01:00
|
|
|
/* See LICENSE for licensing information */
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \file bench.c
|
|
|
|
* \brief Benchmarks for lower level Tor modules.
|
|
|
|
**/
|
|
|
|
|
|
|
|
#include "orconfig.h"
|
|
|
|
|
2018-06-20 15:35:05 +02:00
|
|
|
#include "or/or.h"
|
|
|
|
#include "or/onion_tap.h"
|
|
|
|
#include "or/relay_crypto.h"
|
2012-11-28 20:14:35 +01:00
|
|
|
#include <openssl/opensslv.h>
|
|
|
|
#include <openssl/evp.h>
|
|
|
|
#include <openssl/ec.h>
|
|
|
|
#include <openssl/ecdh.h>
|
|
|
|
#include <openssl/obj_mac.h>
|
2013-01-03 17:52:41 +01:00
|
|
|
|
2018-06-20 15:35:05 +02:00
|
|
|
#include "or/config.h"
|
2018-06-21 18:47:11 +02:00
|
|
|
#include "lib/crypt_ops/crypto_curve25519.h"
|
2018-06-20 15:35:05 +02:00
|
|
|
#include "or/onion_ntor.h"
|
2018-06-21 18:47:11 +02:00
|
|
|
#include "lib/crypt_ops/crypto_ed25519.h"
|
|
|
|
#include "lib/crypt_ops/crypto_rand.h"
|
2018-06-20 15:35:05 +02:00
|
|
|
#include "or/consdiff.h"
|
2011-11-11 18:34:03 +01:00
|
|
|
|
2018-06-20 15:35:05 +02:00
|
|
|
#include "or/cell_st.h"
|
|
|
|
#include "or/or_circuit_st.h"
|
2018-06-15 17:34:33 +02:00
|
|
|
|
2011-11-11 18:34:03 +01:00
|
|
|
#if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_PROCESS_CPUTIME_ID)
|
|
|
|
static uint64_t nanostart;
|
|
|
|
static inline uint64_t
|
|
|
|
timespec_to_nsec(const struct timespec *ts)
|
|
|
|
{
|
|
|
|
return ((uint64_t)ts->tv_sec)*1000000000 + ts->tv_nsec;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
reset_perftime(void)
|
|
|
|
{
|
|
|
|
struct timespec ts;
|
|
|
|
int r;
|
|
|
|
r = clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &ts);
|
|
|
|
tor_assert(r == 0);
|
|
|
|
nanostart = timespec_to_nsec(&ts);
|
|
|
|
}
|
|
|
|
|
|
|
|
static uint64_t
|
|
|
|
perftime(void)
|
|
|
|
{
|
|
|
|
struct timespec ts;
|
|
|
|
int r;
|
|
|
|
r = clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &ts);
|
|
|
|
tor_assert(r == 0);
|
|
|
|
return timespec_to_nsec(&ts) - nanostart;
|
|
|
|
}
|
|
|
|
|
2017-09-15 22:24:44 +02:00
|
|
|
#else /* !(defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_PROCESS_CPUTIME_ID)) */
|
2011-11-11 18:34:03 +01:00
|
|
|
static struct timeval tv_start = { 0, 0 };
|
|
|
|
static void
|
|
|
|
reset_perftime(void)
|
|
|
|
{
|
|
|
|
tor_gettimeofday(&tv_start);
|
|
|
|
}
|
|
|
|
static uint64_t
|
|
|
|
perftime(void)
|
|
|
|
{
|
|
|
|
struct timeval now, out;
|
|
|
|
tor_gettimeofday(&now);
|
|
|
|
timersub(&now, &tv_start, &out);
|
|
|
|
return ((uint64_t)out.tv_sec)*1000000000 + out.tv_usec*1000;
|
|
|
|
}
|
2017-09-15 22:24:44 +02:00
|
|
|
#endif /* defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_PROCESS_CPUTIME_ID) */
|
2011-11-11 18:34:03 +01:00
|
|
|
|
2011-11-11 18:46:22 +01:00
|
|
|
#define NANOCOUNT(start,end,iters) \
|
|
|
|
( ((double)((end)-(start))) / (iters) )
|
|
|
|
|
2014-09-25 16:13:25 +02:00
|
|
|
#define MICROCOUNT(start,end,iters) \
|
|
|
|
( NANOCOUNT((start), (end), (iters)) / 1000.0 )
|
|
|
|
|
2011-11-11 18:34:03 +01:00
|
|
|
/** Run AES performance benchmarks. */
|
|
|
|
static void
|
|
|
|
bench_aes(void)
|
|
|
|
{
|
|
|
|
int len, i;
|
|
|
|
char *b1, *b2;
|
2012-01-18 21:53:30 +01:00
|
|
|
crypto_cipher_t *c;
|
2011-11-11 18:34:03 +01:00
|
|
|
uint64_t start, end;
|
|
|
|
const int bytes_per_iter = (1<<24);
|
|
|
|
reset_perftime();
|
2016-09-16 16:12:30 +02:00
|
|
|
char key[CIPHER_KEY_LEN];
|
|
|
|
crypto_rand(key, sizeof(key));
|
|
|
|
c = crypto_cipher_new(key);
|
2012-03-20 20:35:43 +01:00
|
|
|
|
2011-11-11 18:34:03 +01:00
|
|
|
for (len = 1; len <= 8192; len *= 2) {
|
|
|
|
int iters = bytes_per_iter / len;
|
|
|
|
b1 = tor_malloc_zero(len);
|
|
|
|
b2 = tor_malloc_zero(len);
|
|
|
|
start = perftime();
|
|
|
|
for (i = 0; i < iters; ++i) {
|
|
|
|
crypto_cipher_encrypt(c, b1, b2, len);
|
|
|
|
}
|
|
|
|
end = perftime();
|
|
|
|
tor_free(b1);
|
|
|
|
tor_free(b2);
|
|
|
|
printf("%d bytes: %.2f nsec per byte\n", len,
|
2011-11-11 18:46:22 +01:00
|
|
|
NANOCOUNT(start, end, iters*len));
|
2011-11-11 18:34:03 +01:00
|
|
|
}
|
2012-01-18 21:53:30 +01:00
|
|
|
crypto_cipher_free(c);
|
2011-11-11 18:34:03 +01:00
|
|
|
}
|
|
|
|
|
2012-11-28 21:39:00 +01:00
|
|
|
static void
|
|
|
|
bench_onion_TAP(void)
|
|
|
|
{
|
|
|
|
const int iters = 1<<9;
|
|
|
|
int i;
|
|
|
|
crypto_pk_t *key, *key2;
|
|
|
|
uint64_t start, end;
|
2012-12-05 03:27:07 +01:00
|
|
|
char os[TAP_ONIONSKIN_CHALLENGE_LEN];
|
|
|
|
char or[TAP_ONIONSKIN_REPLY_LEN];
|
2017-01-18 20:29:52 +01:00
|
|
|
crypto_dh_t *dh_out = NULL;
|
2012-11-28 21:39:00 +01:00
|
|
|
|
|
|
|
key = crypto_pk_new();
|
|
|
|
key2 = crypto_pk_new();
|
2013-02-11 21:20:20 +01:00
|
|
|
if (crypto_pk_generate_key_with_bits(key, 1024) < 0)
|
|
|
|
goto done;
|
|
|
|
if (crypto_pk_generate_key_with_bits(key2, 1024) < 0)
|
|
|
|
goto done;
|
2012-11-28 21:39:00 +01:00
|
|
|
|
|
|
|
reset_perftime();
|
|
|
|
start = perftime();
|
|
|
|
for (i = 0; i < iters; ++i) {
|
2012-12-05 03:27:07 +01:00
|
|
|
onion_skin_TAP_create(key, &dh_out, os);
|
2012-11-28 21:39:00 +01:00
|
|
|
crypto_dh_free(dh_out);
|
|
|
|
}
|
|
|
|
end = perftime();
|
2012-12-04 03:24:21 +01:00
|
|
|
printf("Client-side, part 1: %f usec.\n", NANOCOUNT(start, end, iters)/1e3);
|
2012-11-28 21:39:00 +01:00
|
|
|
|
2012-12-05 03:27:07 +01:00
|
|
|
onion_skin_TAP_create(key, &dh_out, os);
|
2012-11-28 21:39:00 +01:00
|
|
|
start = perftime();
|
|
|
|
for (i = 0; i < iters; ++i) {
|
|
|
|
char key_out[CPATH_KEY_MATERIAL_LEN];
|
2012-12-05 03:27:07 +01:00
|
|
|
onion_skin_TAP_server_handshake(os, key, NULL, or,
|
|
|
|
key_out, sizeof(key_out));
|
2012-11-28 21:39:00 +01:00
|
|
|
}
|
|
|
|
end = perftime();
|
2012-12-04 03:24:21 +01:00
|
|
|
printf("Server-side, key guessed right: %f usec\n",
|
|
|
|
NANOCOUNT(start, end, iters)/1e3);
|
2012-11-28 21:39:00 +01:00
|
|
|
|
|
|
|
start = perftime();
|
|
|
|
for (i = 0; i < iters; ++i) {
|
|
|
|
char key_out[CPATH_KEY_MATERIAL_LEN];
|
2012-12-05 03:27:07 +01:00
|
|
|
onion_skin_TAP_server_handshake(os, key2, key, or,
|
|
|
|
key_out, sizeof(key_out));
|
2012-11-28 21:39:00 +01:00
|
|
|
}
|
|
|
|
end = perftime();
|
2012-12-04 03:24:21 +01:00
|
|
|
printf("Server-side, key guessed wrong: %f usec.\n",
|
|
|
|
NANOCOUNT(start, end, iters)/1e3);
|
2012-11-28 21:39:00 +01:00
|
|
|
|
|
|
|
start = perftime();
|
|
|
|
for (i = 0; i < iters; ++i) {
|
|
|
|
crypto_dh_t *dh;
|
|
|
|
char key_out[CPATH_KEY_MATERIAL_LEN];
|
|
|
|
int s;
|
|
|
|
dh = crypto_dh_dup(dh_out);
|
2014-10-16 19:26:42 +02:00
|
|
|
s = onion_skin_TAP_client_handshake(dh, or, key_out, sizeof(key_out),
|
|
|
|
NULL);
|
2013-02-11 20:57:10 +01:00
|
|
|
crypto_dh_free(dh);
|
2012-11-28 21:39:00 +01:00
|
|
|
tor_assert(s == 0);
|
|
|
|
}
|
|
|
|
end = perftime();
|
2012-12-04 03:24:21 +01:00
|
|
|
printf("Client-side, part 2: %f usec.\n",
|
|
|
|
NANOCOUNT(start, end, iters)/1e3);
|
2012-11-28 21:39:00 +01:00
|
|
|
|
2013-02-11 21:20:20 +01:00
|
|
|
done:
|
2017-01-18 20:29:52 +01:00
|
|
|
crypto_dh_free(dh_out);
|
2012-11-28 21:39:00 +01:00
|
|
|
crypto_pk_free(key);
|
2013-02-11 21:20:20 +01:00
|
|
|
crypto_pk_free(key2);
|
2012-11-28 21:39:00 +01:00
|
|
|
}
|
|
|
|
|
2012-12-04 03:24:21 +01:00
|
|
|
static void
|
2015-07-06 11:57:23 +02:00
|
|
|
bench_onion_ntor_impl(void)
|
2012-12-04 03:24:21 +01:00
|
|
|
{
|
|
|
|
const int iters = 1<<10;
|
|
|
|
int i;
|
|
|
|
curve25519_keypair_t keypair1, keypair2;
|
|
|
|
uint64_t start, end;
|
|
|
|
uint8_t os[NTOR_ONIONSKIN_LEN];
|
|
|
|
uint8_t or[NTOR_REPLY_LEN];
|
|
|
|
ntor_handshake_state_t *state = NULL;
|
|
|
|
uint8_t nodeid[DIGEST_LEN];
|
|
|
|
di_digest256_map_t *keymap = NULL;
|
|
|
|
|
|
|
|
curve25519_secret_key_generate(&keypair1.seckey, 0);
|
|
|
|
curve25519_public_key_generate(&keypair1.pubkey, &keypair1.seckey);
|
|
|
|
curve25519_secret_key_generate(&keypair2.seckey, 0);
|
|
|
|
curve25519_public_key_generate(&keypair2.pubkey, &keypair2.seckey);
|
|
|
|
dimap_add_entry(&keymap, keypair1.pubkey.public_key, &keypair1);
|
|
|
|
dimap_add_entry(&keymap, keypair2.pubkey.public_key, &keypair2);
|
2017-09-13 03:09:18 +02:00
|
|
|
crypto_rand((char *)nodeid, sizeof(nodeid));
|
2012-12-04 03:24:21 +01:00
|
|
|
|
|
|
|
reset_perftime();
|
|
|
|
start = perftime();
|
|
|
|
for (i = 0; i < iters; ++i) {
|
|
|
|
onion_skin_ntor_create(nodeid, &keypair1.pubkey, &state, os);
|
|
|
|
ntor_handshake_state_free(state);
|
2013-06-18 17:33:15 +02:00
|
|
|
state = NULL;
|
2012-12-04 03:24:21 +01:00
|
|
|
}
|
|
|
|
end = perftime();
|
|
|
|
printf("Client-side, part 1: %f usec.\n", NANOCOUNT(start, end, iters)/1e3);
|
|
|
|
|
2013-02-11 20:57:10 +01:00
|
|
|
state = NULL;
|
2012-12-04 03:24:21 +01:00
|
|
|
onion_skin_ntor_create(nodeid, &keypair1.pubkey, &state, os);
|
|
|
|
start = perftime();
|
|
|
|
for (i = 0; i < iters; ++i) {
|
|
|
|
uint8_t key_out[CPATH_KEY_MATERIAL_LEN];
|
2012-12-07 19:40:21 +01:00
|
|
|
onion_skin_ntor_server_handshake(os, keymap, NULL, nodeid, or,
|
2012-12-04 03:24:21 +01:00
|
|
|
key_out, sizeof(key_out));
|
|
|
|
}
|
|
|
|
end = perftime();
|
|
|
|
printf("Server-side: %f usec\n",
|
|
|
|
NANOCOUNT(start, end, iters)/1e3);
|
|
|
|
|
|
|
|
start = perftime();
|
|
|
|
for (i = 0; i < iters; ++i) {
|
|
|
|
uint8_t key_out[CPATH_KEY_MATERIAL_LEN];
|
|
|
|
int s;
|
2014-10-16 19:26:42 +02:00
|
|
|
s = onion_skin_ntor_client_handshake(state, or, key_out, sizeof(key_out),
|
|
|
|
NULL);
|
2012-12-04 03:24:21 +01:00
|
|
|
tor_assert(s == 0);
|
|
|
|
}
|
|
|
|
end = perftime();
|
|
|
|
printf("Client-side, part 2: %f usec.\n",
|
|
|
|
NANOCOUNT(start, end, iters)/1e3);
|
|
|
|
|
|
|
|
ntor_handshake_state_free(state);
|
|
|
|
dimap_free(keymap, NULL);
|
|
|
|
}
|
|
|
|
|
2015-07-06 11:57:23 +02:00
|
|
|
static void
|
|
|
|
bench_onion_ntor(void)
|
|
|
|
{
|
|
|
|
int ed;
|
|
|
|
|
|
|
|
for (ed = 0; ed <= 1; ++ed) {
|
|
|
|
printf("Ed25519-based basepoint multiply = %s.\n",
|
|
|
|
(ed == 0) ? "disabled" : "enabled");
|
|
|
|
curve25519_set_impl_params(ed);
|
|
|
|
bench_onion_ntor_impl();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-09-25 16:13:25 +02:00
|
|
|
static void
|
2015-07-06 12:11:10 +02:00
|
|
|
bench_ed25519_impl(void)
|
2014-09-25 16:13:25 +02:00
|
|
|
{
|
|
|
|
uint64_t start, end;
|
|
|
|
const int iters = 1<<12;
|
|
|
|
int i;
|
|
|
|
const uint8_t msg[] = "but leaving, could not tell what they had heard";
|
|
|
|
ed25519_signature_t sig;
|
|
|
|
ed25519_keypair_t kp;
|
|
|
|
curve25519_keypair_t curve_kp;
|
|
|
|
ed25519_public_key_t pubkey_tmp;
|
|
|
|
|
|
|
|
ed25519_secret_key_generate(&kp.seckey, 0);
|
|
|
|
start = perftime();
|
|
|
|
for (i = 0; i < iters; ++i) {
|
|
|
|
ed25519_public_key_generate(&kp.pubkey, &kp.seckey);
|
|
|
|
}
|
|
|
|
end = perftime();
|
|
|
|
printf("Generate public key: %.2f usec\n",
|
|
|
|
MICROCOUNT(start, end, iters));
|
|
|
|
|
|
|
|
start = perftime();
|
|
|
|
for (i = 0; i < iters; ++i) {
|
|
|
|
ed25519_sign(&sig, msg, sizeof(msg), &kp);
|
|
|
|
}
|
|
|
|
end = perftime();
|
|
|
|
printf("Sign a short message: %.2f usec\n",
|
|
|
|
MICROCOUNT(start, end, iters));
|
|
|
|
|
|
|
|
start = perftime();
|
|
|
|
for (i = 0; i < iters; ++i) {
|
|
|
|
ed25519_checksig(&sig, msg, sizeof(msg), &kp.pubkey);
|
|
|
|
}
|
|
|
|
end = perftime();
|
|
|
|
printf("Verify signature: %.2f usec\n",
|
|
|
|
MICROCOUNT(start, end, iters));
|
|
|
|
|
|
|
|
curve25519_keypair_generate(&curve_kp, 0);
|
|
|
|
start = perftime();
|
|
|
|
for (i = 0; i < iters; ++i) {
|
|
|
|
ed25519_public_key_from_curve25519_public_key(&pubkey_tmp,
|
|
|
|
&curve_kp.pubkey, 1);
|
|
|
|
}
|
|
|
|
end = perftime();
|
|
|
|
printf("Convert public point from curve25519: %.2f usec\n",
|
|
|
|
MICROCOUNT(start, end, iters));
|
|
|
|
|
|
|
|
curve25519_keypair_generate(&curve_kp, 0);
|
|
|
|
start = perftime();
|
|
|
|
for (i = 0; i < iters; ++i) {
|
|
|
|
ed25519_public_blind(&pubkey_tmp, &kp.pubkey, msg);
|
|
|
|
}
|
|
|
|
end = perftime();
|
|
|
|
printf("Blind a public key: %.2f usec\n",
|
|
|
|
MICROCOUNT(start, end, iters));
|
|
|
|
}
|
|
|
|
|
2015-07-06 12:11:10 +02:00
|
|
|
static void
|
|
|
|
bench_ed25519(void)
|
|
|
|
{
|
|
|
|
int donna;
|
|
|
|
|
|
|
|
for (donna = 0; donna <= 1; ++donna) {
|
|
|
|
printf("Ed25519-donna = %s.\n",
|
|
|
|
(donna == 0) ? "disabled" : "enabled");
|
|
|
|
ed25519_set_impl_params(donna);
|
|
|
|
bench_ed25519_impl();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2011-11-11 18:34:03 +01:00
|
|
|
static void
|
|
|
|
bench_cell_aes(void)
|
|
|
|
{
|
|
|
|
uint64_t start, end;
|
|
|
|
const int len = 509;
|
|
|
|
const int iters = (1<<16);
|
|
|
|
const int max_misalign = 15;
|
|
|
|
char *b = tor_malloc(len+max_misalign);
|
2012-01-18 21:53:30 +01:00
|
|
|
crypto_cipher_t *c;
|
2011-11-11 18:34:03 +01:00
|
|
|
int i, misalign;
|
2016-09-16 16:12:30 +02:00
|
|
|
char key[CIPHER_KEY_LEN];
|
|
|
|
crypto_rand(key, sizeof(key));
|
|
|
|
c = crypto_cipher_new(key);
|
2011-11-11 18:34:03 +01:00
|
|
|
|
|
|
|
reset_perftime();
|
|
|
|
for (misalign = 0; misalign <= max_misalign; ++misalign) {
|
|
|
|
start = perftime();
|
|
|
|
for (i = 0; i < iters; ++i) {
|
|
|
|
crypto_cipher_crypt_inplace(c, b+misalign, len);
|
|
|
|
}
|
|
|
|
end = perftime();
|
|
|
|
printf("%d bytes, misaligned by %d: %.2f nsec per byte\n", len, misalign,
|
2011-11-11 18:46:22 +01:00
|
|
|
NANOCOUNT(start, end, iters*len));
|
2011-11-11 18:34:03 +01:00
|
|
|
}
|
|
|
|
|
2012-01-18 21:53:30 +01:00
|
|
|
crypto_cipher_free(c);
|
2011-11-11 18:34:03 +01:00
|
|
|
tor_free(b);
|
|
|
|
}
|
|
|
|
|
|
|
|
/** Run digestmap_t performance benchmarks. */
|
|
|
|
static void
|
|
|
|
bench_dmap(void)
|
|
|
|
{
|
2012-01-18 21:53:30 +01:00
|
|
|
smartlist_t *sl = smartlist_new();
|
|
|
|
smartlist_t *sl2 = smartlist_new();
|
2011-11-11 18:46:22 +01:00
|
|
|
uint64_t start, end, pt2, pt3, pt4;
|
|
|
|
int iters = 8192;
|
2011-11-11 18:34:03 +01:00
|
|
|
const int elts = 4000;
|
2011-11-11 18:46:22 +01:00
|
|
|
const int fpostests = 100000;
|
2011-11-11 18:34:03 +01:00
|
|
|
char d[20];
|
|
|
|
int i,n=0, fp = 0;
|
|
|
|
digestmap_t *dm = digestmap_new();
|
|
|
|
digestset_t *ds = digestset_new(elts);
|
|
|
|
|
|
|
|
for (i = 0; i < elts; ++i) {
|
|
|
|
crypto_rand(d, 20);
|
|
|
|
smartlist_add(sl, tor_memdup(d, 20));
|
|
|
|
}
|
|
|
|
for (i = 0; i < elts; ++i) {
|
|
|
|
crypto_rand(d, 20);
|
|
|
|
smartlist_add(sl2, tor_memdup(d, 20));
|
|
|
|
}
|
|
|
|
printf("nbits=%d\n", ds->mask+1);
|
|
|
|
|
2011-11-11 18:46:22 +01:00
|
|
|
reset_perftime();
|
|
|
|
|
|
|
|
start = perftime();
|
2011-11-11 18:34:03 +01:00
|
|
|
for (i = 0; i < iters; ++i) {
|
|
|
|
SMARTLIST_FOREACH(sl, const char *, cp, digestmap_set(dm, cp, (void*)1));
|
|
|
|
}
|
2011-11-11 18:46:22 +01:00
|
|
|
pt2 = perftime();
|
|
|
|
printf("digestmap_set: %.2f ns per element\n",
|
|
|
|
NANOCOUNT(start, pt2, iters*elts));
|
|
|
|
|
2011-11-11 18:34:03 +01:00
|
|
|
for (i = 0; i < iters; ++i) {
|
|
|
|
SMARTLIST_FOREACH(sl, const char *, cp, digestmap_get(dm, cp));
|
|
|
|
SMARTLIST_FOREACH(sl2, const char *, cp, digestmap_get(dm, cp));
|
|
|
|
}
|
2011-11-11 18:46:22 +01:00
|
|
|
pt3 = perftime();
|
|
|
|
printf("digestmap_get: %.2f ns per element\n",
|
|
|
|
NANOCOUNT(pt2, pt3, iters*elts*2));
|
|
|
|
|
2011-11-11 18:34:03 +01:00
|
|
|
for (i = 0; i < iters; ++i) {
|
|
|
|
SMARTLIST_FOREACH(sl, const char *, cp, digestset_add(ds, cp));
|
|
|
|
}
|
2011-11-11 18:46:22 +01:00
|
|
|
pt4 = perftime();
|
|
|
|
printf("digestset_add: %.2f ns per element\n",
|
|
|
|
NANOCOUNT(pt3, pt4, iters*elts));
|
|
|
|
|
2011-11-11 18:34:03 +01:00
|
|
|
for (i = 0; i < iters; ++i) {
|
2012-04-11 18:50:50 +02:00
|
|
|
SMARTLIST_FOREACH(sl, const char *, cp, n += digestset_contains(ds, cp));
|
|
|
|
SMARTLIST_FOREACH(sl2, const char *, cp, n += digestset_contains(ds, cp));
|
2011-11-11 18:34:03 +01:00
|
|
|
}
|
2011-11-11 18:46:22 +01:00
|
|
|
end = perftime();
|
2012-04-11 18:50:50 +02:00
|
|
|
printf("digestset_contains: %.2f ns per element.\n",
|
2011-11-11 18:46:22 +01:00
|
|
|
NANOCOUNT(pt4, end, iters*elts*2));
|
|
|
|
/* We need to use this, or else the whole loop gets optimized out. */
|
|
|
|
printf("Hits == %d\n", n);
|
2011-11-11 18:34:03 +01:00
|
|
|
|
|
|
|
for (i = 0; i < fpostests; ++i) {
|
|
|
|
crypto_rand(d, 20);
|
2012-04-11 18:50:50 +02:00
|
|
|
if (digestset_contains(ds, d)) ++fp;
|
2011-11-11 18:34:03 +01:00
|
|
|
}
|
2011-11-11 18:46:22 +01:00
|
|
|
printf("False positive rate on digestset: %.2f%%\n",
|
|
|
|
(fp/(double)fpostests)*100);
|
2011-11-11 18:34:03 +01:00
|
|
|
|
|
|
|
digestmap_free(dm, NULL);
|
|
|
|
digestset_free(ds);
|
|
|
|
SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
|
|
|
|
SMARTLIST_FOREACH(sl2, char *, cp, tor_free(cp));
|
|
|
|
smartlist_free(sl);
|
|
|
|
smartlist_free(sl2);
|
|
|
|
}
|
|
|
|
|
2014-05-06 18:55:39 +02:00
|
|
|
static void
|
|
|
|
bench_siphash(void)
|
|
|
|
{
|
|
|
|
char buf[128];
|
|
|
|
int lens[] = { 7, 8, 15, 16, 20, 32, 111, 128, -1 };
|
|
|
|
int i, j;
|
|
|
|
uint64_t start, end;
|
|
|
|
const int N = 300000;
|
|
|
|
crypto_rand(buf, sizeof(buf));
|
|
|
|
|
|
|
|
for (i = 0; lens[i] > 0; ++i) {
|
|
|
|
reset_perftime();
|
|
|
|
start = perftime();
|
|
|
|
for (j = 0; j < N; ++j) {
|
2014-05-07 02:46:26 +02:00
|
|
|
siphash24g(buf, lens[i]);
|
2014-05-06 18:55:39 +02:00
|
|
|
}
|
|
|
|
end = perftime();
|
|
|
|
printf("siphash24g(%d): %.2f ns per call\n",
|
|
|
|
lens[i], NANOCOUNT(start,end,N));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-12-18 23:15:01 +01:00
|
|
|
static void
|
|
|
|
bench_digest(void)
|
|
|
|
{
|
|
|
|
char buf[8192];
|
|
|
|
char out[DIGEST512_LEN];
|
|
|
|
const int lens[] = { 1, 16, 32, 64, 128, 512, 1024, 2048, -1 };
|
|
|
|
const int N = 300000;
|
|
|
|
uint64_t start, end;
|
|
|
|
crypto_rand(buf, sizeof(buf));
|
|
|
|
|
|
|
|
for (int alg = 0; alg < N_DIGEST_ALGORITHMS; alg++) {
|
|
|
|
for (int i = 0; lens[i] > 0; ++i) {
|
|
|
|
reset_perftime();
|
|
|
|
start = perftime();
|
|
|
|
for (int j = 0; j < N; ++j) {
|
|
|
|
switch (alg) {
|
|
|
|
case DIGEST_SHA1:
|
|
|
|
crypto_digest(out, buf, lens[i]);
|
|
|
|
break;
|
|
|
|
case DIGEST_SHA256:
|
|
|
|
case DIGEST_SHA3_256:
|
|
|
|
crypto_digest256(out, buf, lens[i], alg);
|
|
|
|
break;
|
|
|
|
case DIGEST_SHA512:
|
|
|
|
case DIGEST_SHA3_512:
|
|
|
|
crypto_digest512(out, buf, lens[i], alg);
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
tor_assert(0);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
end = perftime();
|
|
|
|
printf("%s(%d): %.2f ns per call\n",
|
|
|
|
crypto_digest_algorithm_get_name(alg),
|
|
|
|
lens[i], NANOCOUNT(start,end,N));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2011-11-11 19:06:17 +01:00
|
|
|
static void
|
|
|
|
bench_cell_ops(void)
|
|
|
|
{
|
|
|
|
const int iters = 1<<16;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
/* benchmarks for cell ops at relay. */
|
|
|
|
or_circuit_t *or_circ = tor_malloc_zero(sizeof(or_circuit_t));
|
|
|
|
cell_t *cell = tor_malloc(sizeof(cell_t));
|
|
|
|
int outbound;
|
|
|
|
uint64_t start, end;
|
|
|
|
|
|
|
|
crypto_rand((char*)cell->payload, sizeof(cell->payload));
|
|
|
|
|
|
|
|
/* Mock-up or_circuit_t */
|
2012-10-12 18:22:13 +02:00
|
|
|
or_circ->base_.magic = OR_CIRCUIT_MAGIC;
|
|
|
|
or_circ->base_.purpose = CIRCUIT_PURPOSE_OR;
|
2011-11-11 19:06:17 +01:00
|
|
|
|
|
|
|
/* Initialize crypto */
|
2016-09-16 16:12:30 +02:00
|
|
|
char key1[CIPHER_KEY_LEN], key2[CIPHER_KEY_LEN];
|
|
|
|
crypto_rand(key1, sizeof(key1));
|
|
|
|
crypto_rand(key2, sizeof(key2));
|
2018-03-17 15:59:15 +01:00
|
|
|
or_circ->crypto.f_crypto = crypto_cipher_new(key1);
|
|
|
|
or_circ->crypto.b_crypto = crypto_cipher_new(key2);
|
|
|
|
or_circ->crypto.f_digest = crypto_digest_new();
|
|
|
|
or_circ->crypto.b_digest = crypto_digest_new();
|
2011-11-11 19:06:17 +01:00
|
|
|
|
|
|
|
reset_perftime();
|
|
|
|
|
|
|
|
for (outbound = 0; outbound <= 1; ++outbound) {
|
|
|
|
cell_direction_t d = outbound ? CELL_DIRECTION_OUT : CELL_DIRECTION_IN;
|
|
|
|
start = perftime();
|
|
|
|
for (i = 0; i < iters; ++i) {
|
|
|
|
char recognized = 0;
|
|
|
|
crypt_path_t *layer_hint = NULL;
|
2018-03-17 15:14:35 +01:00
|
|
|
relay_decrypt_cell(TO_CIRCUIT(or_circ), cell, d,
|
|
|
|
&layer_hint, &recognized);
|
2011-11-11 19:06:17 +01:00
|
|
|
}
|
|
|
|
end = perftime();
|
|
|
|
printf("%sbound cells: %.2f ns per cell. (%.2f ns per byte of payload)\n",
|
|
|
|
outbound?"Out":" In",
|
|
|
|
NANOCOUNT(start,end,iters),
|
|
|
|
NANOCOUNT(start,end,iters*CELL_PAYLOAD_SIZE));
|
|
|
|
}
|
|
|
|
|
2018-03-17 15:59:15 +01:00
|
|
|
relay_crypto_clear(&or_circ->crypto);
|
2011-11-11 19:06:17 +01:00
|
|
|
tor_free(or_circ);
|
|
|
|
tor_free(cell);
|
|
|
|
}
|
|
|
|
|
2012-11-28 20:14:35 +01:00
|
|
|
static void
|
|
|
|
bench_dh(void)
|
|
|
|
{
|
|
|
|
const int iters = 1<<10;
|
|
|
|
int i;
|
|
|
|
uint64_t start, end;
|
|
|
|
|
|
|
|
reset_perftime();
|
|
|
|
start = perftime();
|
|
|
|
for (i = 0; i < iters; ++i) {
|
|
|
|
char dh_pubkey_a[DH_BYTES], dh_pubkey_b[DH_BYTES];
|
|
|
|
char secret_a[DH_BYTES], secret_b[DH_BYTES];
|
|
|
|
ssize_t slen_a, slen_b;
|
|
|
|
crypto_dh_t *dh_a = crypto_dh_new(DH_TYPE_TLS);
|
|
|
|
crypto_dh_t *dh_b = crypto_dh_new(DH_TYPE_TLS);
|
|
|
|
crypto_dh_generate_public(dh_a);
|
|
|
|
crypto_dh_generate_public(dh_b);
|
|
|
|
crypto_dh_get_public(dh_a, dh_pubkey_a, sizeof(dh_pubkey_a));
|
|
|
|
crypto_dh_get_public(dh_b, dh_pubkey_b, sizeof(dh_pubkey_b));
|
|
|
|
slen_a = crypto_dh_compute_secret(LOG_NOTICE,
|
|
|
|
dh_a, dh_pubkey_b, sizeof(dh_pubkey_b),
|
|
|
|
secret_a, sizeof(secret_a));
|
|
|
|
slen_b = crypto_dh_compute_secret(LOG_NOTICE,
|
|
|
|
dh_b, dh_pubkey_a, sizeof(dh_pubkey_a),
|
|
|
|
secret_b, sizeof(secret_b));
|
|
|
|
tor_assert(slen_a == slen_b);
|
checkSpace.pl now forbids more identifiers.
The functions it warns about are:
assert, memcmp, strcat, strcpy, sprintf, malloc, free, realloc,
strdup, strndup, calloc.
Also, fix a few lingering instances of these in the code. Use other
conventions to indicate _intended_ use of assert and
malloc/realloc/etc.
2016-09-06 18:35:37 +02:00
|
|
|
tor_assert(fast_memeq(secret_a, secret_b, slen_a));
|
2012-11-28 20:14:35 +01:00
|
|
|
crypto_dh_free(dh_a);
|
|
|
|
crypto_dh_free(dh_b);
|
|
|
|
}
|
|
|
|
end = perftime();
|
|
|
|
printf("Complete DH handshakes (1024 bit, public and private ops):\n"
|
|
|
|
" %f millisec each.\n", NANOCOUNT(start, end, iters)/1e6);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
bench_ecdh_impl(int nid, const char *name)
|
|
|
|
{
|
|
|
|
const int iters = 1<<10;
|
|
|
|
int i;
|
|
|
|
uint64_t start, end;
|
|
|
|
|
|
|
|
reset_perftime();
|
|
|
|
start = perftime();
|
|
|
|
for (i = 0; i < iters; ++i) {
|
|
|
|
char secret_a[DH_BYTES], secret_b[DH_BYTES];
|
|
|
|
ssize_t slen_a, slen_b;
|
|
|
|
EC_KEY *dh_a = EC_KEY_new_by_curve_name(nid);
|
|
|
|
EC_KEY *dh_b = EC_KEY_new_by_curve_name(nid);
|
2014-02-07 23:36:11 +01:00
|
|
|
if (!dh_a || !dh_b) {
|
|
|
|
puts("Skipping. (No implementation?)");
|
|
|
|
return;
|
|
|
|
}
|
2012-11-28 20:14:35 +01:00
|
|
|
|
|
|
|
EC_KEY_generate_key(dh_a);
|
|
|
|
EC_KEY_generate_key(dh_b);
|
|
|
|
slen_a = ECDH_compute_key(secret_a, DH_BYTES,
|
|
|
|
EC_KEY_get0_public_key(dh_b), dh_a,
|
|
|
|
NULL);
|
|
|
|
slen_b = ECDH_compute_key(secret_b, DH_BYTES,
|
|
|
|
EC_KEY_get0_public_key(dh_a), dh_b,
|
|
|
|
NULL);
|
|
|
|
|
|
|
|
tor_assert(slen_a == slen_b);
|
checkSpace.pl now forbids more identifiers.
The functions it warns about are:
assert, memcmp, strcat, strcpy, sprintf, malloc, free, realloc,
strdup, strndup, calloc.
Also, fix a few lingering instances of these in the code. Use other
conventions to indicate _intended_ use of assert and
malloc/realloc/etc.
2016-09-06 18:35:37 +02:00
|
|
|
tor_assert(fast_memeq(secret_a, secret_b, slen_a));
|
2012-11-28 20:14:35 +01:00
|
|
|
EC_KEY_free(dh_a);
|
|
|
|
EC_KEY_free(dh_b);
|
|
|
|
}
|
|
|
|
end = perftime();
|
|
|
|
printf("Complete ECDH %s handshakes (2 public and 2 private ops):\n"
|
|
|
|
" %f millisec each.\n", name, NANOCOUNT(start, end, iters)/1e6);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
bench_ecdh_p256(void)
|
|
|
|
{
|
|
|
|
bench_ecdh_impl(NID_X9_62_prime256v1, "P-256");
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
bench_ecdh_p224(void)
|
|
|
|
{
|
|
|
|
bench_ecdh_impl(NID_secp224r1, "P-224");
|
|
|
|
}
|
|
|
|
|
2011-11-11 18:34:03 +01:00
|
|
|
typedef void (*bench_fn)(void);
|
|
|
|
|
|
|
|
typedef struct benchmark_t {
|
|
|
|
const char *name;
|
|
|
|
bench_fn fn;
|
|
|
|
int enabled;
|
|
|
|
} benchmark_t;
|
|
|
|
|
|
|
|
#define ENT(s) { #s , bench_##s, 0 }
|
|
|
|
|
|
|
|
static struct benchmark_t benchmarks[] = {
|
|
|
|
ENT(dmap),
|
2014-05-06 18:55:39 +02:00
|
|
|
ENT(siphash),
|
2015-12-18 23:15:01 +01:00
|
|
|
ENT(digest),
|
2011-11-11 18:34:03 +01:00
|
|
|
ENT(aes),
|
2012-11-28 21:39:00 +01:00
|
|
|
ENT(onion_TAP),
|
2012-12-04 03:24:21 +01:00
|
|
|
ENT(onion_ntor),
|
2014-09-25 16:13:25 +02:00
|
|
|
ENT(ed25519),
|
2014-10-27 14:37:50 +01:00
|
|
|
|
2011-11-11 18:34:03 +01:00
|
|
|
ENT(cell_aes),
|
2011-11-11 19:06:17 +01:00
|
|
|
ENT(cell_ops),
|
2012-11-28 20:14:35 +01:00
|
|
|
ENT(dh),
|
|
|
|
ENT(ecdh_p256),
|
|
|
|
ENT(ecdh_p224),
|
2011-11-11 18:34:03 +01:00
|
|
|
{NULL,NULL,0}
|
|
|
|
};
|
|
|
|
|
|
|
|
static benchmark_t *
|
|
|
|
find_benchmark(const char *name)
|
|
|
|
{
|
|
|
|
benchmark_t *b;
|
|
|
|
for (b = benchmarks; b->name; ++b) {
|
|
|
|
if (!strcmp(name, b->name)) {
|
|
|
|
return b;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
/** Main entry point for benchmark code: parse the command line, and run
|
|
|
|
* some benchmarks. */
|
|
|
|
int
|
|
|
|
main(int argc, const char **argv)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
int list=0, n_enabled=0;
|
2012-11-28 21:39:00 +01:00
|
|
|
char *errmsg;
|
|
|
|
or_options_t *options;
|
2011-11-11 18:34:03 +01:00
|
|
|
|
|
|
|
tor_threads_init();
|
2017-04-25 16:29:07 +02:00
|
|
|
tor_compress_init();
|
2011-11-11 18:34:03 +01:00
|
|
|
|
2017-03-14 20:00:39 +01:00
|
|
|
if (argc == 4 && !strcmp(argv[1], "diff")) {
|
|
|
|
init_logging(1);
|
|
|
|
const int N = 200;
|
|
|
|
char *f1 = read_file_to_str(argv[2], RFTS_BIN, NULL);
|
|
|
|
char *f2 = read_file_to_str(argv[3], RFTS_BIN, NULL);
|
|
|
|
if (! f1 || ! f2) {
|
|
|
|
perror("X");
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
for (i = 0; i < N; ++i) {
|
|
|
|
char *diff = consensus_diff_generate(f1, f2);
|
|
|
|
tor_free(diff);
|
|
|
|
}
|
|
|
|
char *diff = consensus_diff_generate(f1, f2);
|
|
|
|
printf("%s", diff);
|
|
|
|
tor_free(f1);
|
|
|
|
tor_free(f2);
|
|
|
|
tor_free(diff);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2011-11-11 18:34:03 +01:00
|
|
|
for (i = 1; i < argc; ++i) {
|
|
|
|
if (!strcmp(argv[i], "--list")) {
|
|
|
|
list = 1;
|
|
|
|
} else {
|
2016-07-05 20:19:31 +02:00
|
|
|
benchmark_t *benchmark = find_benchmark(argv[i]);
|
2011-11-11 18:34:03 +01:00
|
|
|
++n_enabled;
|
2016-07-05 20:19:31 +02:00
|
|
|
if (benchmark) {
|
|
|
|
benchmark->enabled = 1;
|
2011-11-11 18:34:03 +01:00
|
|
|
} else {
|
|
|
|
printf("No such benchmark as %s\n", argv[i]);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
reset_perftime();
|
|
|
|
|
2015-11-25 16:30:58 +01:00
|
|
|
if (crypto_seed_rng() < 0) {
|
|
|
|
printf("Couldn't seed RNG; exiting.\n");
|
|
|
|
return 1;
|
|
|
|
}
|
2018-03-14 00:19:55 +01:00
|
|
|
|
|
|
|
init_protocol_warning_severity_level();
|
2014-02-12 17:46:58 +01:00
|
|
|
crypto_init_siphash_key();
|
2012-11-28 21:39:00 +01:00
|
|
|
options = options_new();
|
2014-09-11 05:30:37 +02:00
|
|
|
init_logging(1);
|
2012-11-28 21:39:00 +01:00
|
|
|
options->command = CMD_RUN_UNITTESTS;
|
|
|
|
options->DataDirectory = tor_strdup("");
|
2018-01-16 19:29:11 +01:00
|
|
|
options->KeyDirectory = tor_strdup("");
|
|
|
|
options->CacheDirectory = tor_strdup("");
|
2012-11-28 21:39:00 +01:00
|
|
|
options_init(options);
|
|
|
|
if (set_options(options, &errmsg) < 0) {
|
|
|
|
printf("Failed to set initial options: %s\n", errmsg);
|
|
|
|
tor_free(errmsg);
|
|
|
|
return 1;
|
|
|
|
}
|
2011-11-11 19:06:17 +01:00
|
|
|
|
2016-07-05 20:19:31 +02:00
|
|
|
for (benchmark_t *b = benchmarks; b->name; ++b) {
|
2011-11-11 18:34:03 +01:00
|
|
|
if (b->enabled || n_enabled == 0) {
|
|
|
|
printf("===== %s =====\n", b->name);
|
|
|
|
if (!list)
|
|
|
|
b->fn();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|