libgocryptfs/internal/speed/speed.go

// Package speed implements the "-speed" command-line option,
// similar to "openssl speed".
// It benchmarks the crypto algorithms and libraries used by
// gocryptfs.
package speed

import (
	"crypto/aes"
	"crypto/cipher"
	"crypto/rand"
	"fmt"
	"log"
	"testing"

	"github.com/rfjakob/gocryptfs/internal/siv_aead"
	"github.com/rfjakob/gocryptfs/internal/stupidgcm"
)

// 128-bit file ID + 64 bit block number = 192 bits = 24 bytes
const adLen = 24

// gocryptfs uses fixed-size 4 kiB blocks
const blockSize = 4096

// Run - run the speed the test and print the results.
func Run() {
	bTable := []struct {
		name      string
		f         func(*testing.B)
		preferred bool
	}{
		{name: "AES-GCM-256-OpenSSL", f: bStupidGCM, preferred: stupidgcm.PreferOpenSSL()},
		{name: "AES-GCM-256-Go", f: bGoGCM, preferred: !stupidgcm.PreferOpenSSL()},
		{name: "AES-SIV-512-Go", f: bAESSIV, preferred: false},
	}
	for _, b := range bTable {
		fmt.Printf("%-20s\t", b.name)
		mbs := mbPerSec(testing.Benchmark(b.f))
		if mbs > 0 {
			fmt.Printf("%7.2f MB/s", mbs)
		} else {
			fmt.Printf("    N/A")
		}
		if b.preferred {
			fmt.Printf("\t(selected in auto mode)\n")
		} else {
			fmt.Printf("\t\n")
		}
	}
}

func mbPerSec(r testing.BenchmarkResult) float64 {
	if r.Bytes <= 0 || r.T <= 0 || r.N <= 0 {
		return 0
	}
	return (float64(r.Bytes) * float64(r.N) / 1e6) / r.T.Seconds()
}

// Get "n" random bytes from /dev/urandom or panic
func randBytes(n int) []byte {
	b := make([]byte, n)
	_, err := rand.Read(b)
	if err != nil {
		log.Panic("Failed to read random bytes: " + err.Error())
	}
	return b
}

// bStupidGCM benchmarks stupidgcm's openssl GCM
func bStupidGCM(b *testing.B) {
	if stupidgcm.BuiltWithoutOpenssl {
		b.Skip("openssl has been disabled at compile-time")
	}
	key := randBytes(32)
	authData := randBytes(adLen)
	iv := randBytes(16)
	in := make([]byte, blockSize)
	b.SetBytes(int64(len(in)))

	sGCM := stupidgcm.New(key, false)

	b.ResetTimer()
	for i := 0; i < b.N; i++ {
		// Encrypt and append to nonce
		sGCM.Seal(iv, iv, in, authData)
	}
}

// bGoGCM benchmarks Go stdlib GCM
func bGoGCM(b *testing.B) {
	key := randBytes(32)
	authData := randBytes(adLen)
	iv := randBytes(16)
	in := make([]byte, blockSize)
	b.SetBytes(int64(len(in)))

	gAES, err := aes.NewCipher(key)
	if err != nil {
		b.Fatal(err)
	}
	gGCM, err := cipher.NewGCMWithNonceSize(gAES, 16)
	if err != nil {
		b.Fatal(err)
	}

	b.ResetTimer()
	for i := 0; i < b.N; i++ {
		// Encrypt and append to nonce
		gGCM.Seal(iv, iv, in, authData)
	}
}

// bAESSIV benchmarks AES-SIV from github.com/jacobsa/crypto/siv
func bAESSIV(b *testing.B) {
	key := randBytes(64)
	authData := randBytes(adLen)
	iv := randBytes(16)
	in := make([]byte, blockSize)
	b.SetBytes(int64(len(in)))
	gGCM := siv_aead.New(key)

	b.ResetTimer()
	for i := 0; i < b.N; i++ {
		// Encrypt and append to nonce
		gGCM.Seal(iv, iv, in, authData)
	}
}
Implement "gocryptfs -speed" A crypto benchmark mode like "openssl speed". Example run: $ ./gocryptfs -speed AES-GCM-256-OpenSSL 180.89 MB/s (selected in auto mode) AES-GCM-256-Go 48.19 MB/s AES-SIV-512-Go 37.40 MB/s 2017-02-22 23:55:43 +01:00			`// Package speed implements the "-speed" command-line option,`
			`// similar to "openssl speed".`
			`// It benchmarks the crypto algorithms and libraries used by`
			`// gocryptfs.`
			`package speed`

			`import (`
			`"crypto/aes"`
			`"crypto/cipher"`
			`"crypto/rand"`
			`"fmt"`
			`"log"`
			`"testing"`

			`"github.com/rfjakob/gocryptfs/internal/siv_aead"`
			`"github.com/rfjakob/gocryptfs/internal/stupidgcm"`
			`)`

speed: add code comments 2020-02-29 21:26:28 +01:00			`// 128-bit file ID + 64 bit block number = 192 bits = 24 bytes`
			`const adLen = 24`

			`// gocryptfs uses fixed-size 4 kiB blocks`
			`const blockSize = 4096`

fix golint complaints 2017-04-29 14:50:58 +02:00			`// Run - run the speed the test and print the results.`
Implement "gocryptfs -speed" A crypto benchmark mode like "openssl speed". Example run: $ ./gocryptfs -speed AES-GCM-256-OpenSSL 180.89 MB/s (selected in auto mode) AES-GCM-256-Go 48.19 MB/s AES-SIV-512-Go 37.40 MB/s 2017-02-22 23:55:43 +01:00			`func Run() {`
			`bTable := []struct {`
			`name string`
			`f func(*testing.B)`
			`preferred bool`
			`}{`
merge prefer_openssl package into stupidgcm Now that I have discovered golang.org/x/sys/cpu and that Go versions below 1.6 are uncommon, there was not much useful code left in prefer_openssl. Merge the remains into stupidgcm. 2020-02-15 17:21:30 +01:00			`{name: "AES-GCM-256-OpenSSL", f: bStupidGCM, preferred: stupidgcm.PreferOpenSSL()},`
			`{name: "AES-GCM-256-Go", f: bGoGCM, preferred: !stupidgcm.PreferOpenSSL()},`
Implement "gocryptfs -speed" A crypto benchmark mode like "openssl speed". Example run: $ ./gocryptfs -speed AES-GCM-256-OpenSSL 180.89 MB/s (selected in auto mode) AES-GCM-256-Go 48.19 MB/s AES-SIV-512-Go 37.40 MB/s 2017-02-22 23:55:43 +01:00			`{name: "AES-SIV-512-Go", f: bAESSIV, preferred: false},`
			`}`
			`for _, b := range bTable {`
			`fmt.Printf("%-20s\t", b.name)`
			`mbs := mbPerSec(testing.Benchmark(b.f))`
			`if mbs > 0 {`
			`fmt.Printf("%7.2f MB/s", mbs)`
			`} else {`
			`fmt.Printf(" N/A")`
			`}`
			`if b.preferred {`
			`fmt.Printf("\t(selected in auto mode)\n")`
			`} else {`
			`fmt.Printf("\t\n")`
			`}`
			`}`
			`}`

			`func mbPerSec(r testing.BenchmarkResult) float64 {`
			`if r.Bytes <= 0 \|\| r.T <= 0 \|\| r.N <= 0 {`
			`return 0`
			`}`
			`return (float64(r.Bytes) * float64(r.N) / 1e6) / r.T.Seconds()`
			`}`

			`// Get "n" random bytes from /dev/urandom or panic`
			`func randBytes(n int) []byte {`
			`b := make([]byte, n)`
			`_, err := rand.Read(b)`
			`if err != nil {`
			`log.Panic("Failed to read random bytes: " + err.Error())`
			`}`
			`return b`
			`}`

speed: add code comments 2020-02-29 21:26:28 +01:00			`// bStupidGCM benchmarks stupidgcm's openssl GCM`
Implement "gocryptfs -speed" A crypto benchmark mode like "openssl speed". Example run: $ ./gocryptfs -speed AES-GCM-256-OpenSSL 180.89 MB/s (selected in auto mode) AES-GCM-256-Go 48.19 MB/s AES-SIV-512-Go 37.40 MB/s 2017-02-22 23:55:43 +01:00			`func bStupidGCM(b *testing.B) {`
			`if stupidgcm.BuiltWithoutOpenssl {`
			`b.Skip("openssl has been disabled at compile-time")`
			`}`
			`key := randBytes(32)`
speed: add code comments 2020-02-29 21:26:28 +01:00			`authData := randBytes(adLen)`
Implement "gocryptfs -speed" A crypto benchmark mode like "openssl speed". Example run: $ ./gocryptfs -speed AES-GCM-256-OpenSSL 180.89 MB/s (selected in auto mode) AES-GCM-256-Go 48.19 MB/s AES-SIV-512-Go 37.40 MB/s 2017-02-22 23:55:43 +01:00			`iv := randBytes(16)`
			`in := make([]byte, blockSize)`
			`b.SetBytes(int64(len(in)))`

Add -forcedecode Force decode of encrypted files even if the integrity check fails, instead of failing with an IO error. Warning messages are still printed to syslog if corrupted files are encountered. It can be useful to recover files from disks with bad sectors or other corrupted media. Closes https://github.com/rfjakob/gocryptfs/pull/102 . 2017-04-08 02:09:28 +02:00			`sGCM := stupidgcm.New(key, false)`
Implement "gocryptfs -speed" A crypto benchmark mode like "openssl speed". Example run: $ ./gocryptfs -speed AES-GCM-256-OpenSSL 180.89 MB/s (selected in auto mode) AES-GCM-256-Go 48.19 MB/s AES-SIV-512-Go 37.40 MB/s 2017-02-22 23:55:43 +01:00
			`b.ResetTimer()`
			`for i := 0; i < b.N; i++ {`
			`// Encrypt and append to nonce`
			`sGCM.Seal(iv, iv, in, authData)`
			`}`
			`}`

speed: add code comments 2020-02-29 21:26:28 +01:00			`// bGoGCM benchmarks Go stdlib GCM`
Implement "gocryptfs -speed" A crypto benchmark mode like "openssl speed". Example run: $ ./gocryptfs -speed AES-GCM-256-OpenSSL 180.89 MB/s (selected in auto mode) AES-GCM-256-Go 48.19 MB/s AES-SIV-512-Go 37.40 MB/s 2017-02-22 23:55:43 +01:00			`func bGoGCM(b *testing.B) {`
			`key := randBytes(32)`
speed: add code comments 2020-02-29 21:26:28 +01:00			`authData := randBytes(adLen)`
Implement "gocryptfs -speed" A crypto benchmark mode like "openssl speed". Example run: $ ./gocryptfs -speed AES-GCM-256-OpenSSL 180.89 MB/s (selected in auto mode) AES-GCM-256-Go 48.19 MB/s AES-SIV-512-Go 37.40 MB/s 2017-02-22 23:55:43 +01:00			`iv := randBytes(16)`
			`in := make([]byte, blockSize)`
			`b.SetBytes(int64(len(in)))`

			`gAES, err := aes.NewCipher(key)`
			`if err != nil {`
			`b.Fatal(err)`
			`}`
			`gGCM, err := cipher.NewGCMWithNonceSize(gAES, 16)`
			`if err != nil {`
			`b.Fatal(err)`
			`}`

			`b.ResetTimer()`
			`for i := 0; i < b.N; i++ {`
			`// Encrypt and append to nonce`
			`gGCM.Seal(iv, iv, in, authData)`
			`}`
			`}`

speed: add code comments 2020-02-29 21:26:28 +01:00			`// bAESSIV benchmarks AES-SIV from github.com/jacobsa/crypto/siv`
Implement "gocryptfs -speed" A crypto benchmark mode like "openssl speed". Example run: $ ./gocryptfs -speed AES-GCM-256-OpenSSL 180.89 MB/s (selected in auto mode) AES-GCM-256-Go 48.19 MB/s AES-SIV-512-Go 37.40 MB/s 2017-02-22 23:55:43 +01:00			`func bAESSIV(b *testing.B) {`
			`key := randBytes(64)`
speed: add code comments 2020-02-29 21:26:28 +01:00			`authData := randBytes(adLen)`
Implement "gocryptfs -speed" A crypto benchmark mode like "openssl speed". Example run: $ ./gocryptfs -speed AES-GCM-256-OpenSSL 180.89 MB/s (selected in auto mode) AES-GCM-256-Go 48.19 MB/s AES-SIV-512-Go 37.40 MB/s 2017-02-22 23:55:43 +01:00			`iv := randBytes(16)`
			`in := make([]byte, blockSize)`
			`b.SetBytes(int64(len(in)))`
			`gGCM := siv_aead.New(key)`

			`b.ResetTimer()`
			`for i := 0; i < b.N; i++ {`
			`// Encrypt and append to nonce`
			`gGCM.Seal(iv, iv, in, authData)`
			`}`
			`}`