From c6a6641b58d4bd8fd9e64ad7a653eff9886ee6e2 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Tue, 8 Dec 2015 13:19:19 +0100 Subject: [PATCH] tests: add encryption benchmarks to cryptfs --- .gitignore | 4 +- cryptfs/openssl_benchmark.bash | 3 ++ cryptfs/openssl_test.go | 76 +++++++++++++++++++++++++++++++ openssl_benchmark/openssl_test.go | 14 +++++- 4 files changed, 94 insertions(+), 3 deletions(-) create mode 100755 cryptfs/openssl_benchmark.bash create mode 100644 cryptfs/openssl_test.go diff --git a/.gitignore b/.gitignore index 5108eb7..93e4413 100644 --- a/.gitignore +++ b/.gitignore @@ -6,4 +6,6 @@ # binary releases /*.tar.gz -c + +# Binaries created for cpu profiling +*.test diff --git a/cryptfs/openssl_benchmark.bash b/cryptfs/openssl_benchmark.bash new file mode 100755 index 0000000..df29628 --- /dev/null +++ b/cryptfs/openssl_benchmark.bash @@ -0,0 +1,3 @@ +#!/bin/bash + +go test -run NONE -bench BenchmarkEnc diff --git a/cryptfs/openssl_test.go b/cryptfs/openssl_test.go new file mode 100644 index 0000000..85a97d9 --- /dev/null +++ b/cryptfs/openssl_test.go @@ -0,0 +1,76 @@ +package cryptfs + +// Benchmark go built-int GCM against spacemonkey openssl bindings +// +// Note: The benchmarks in this file supersede the ones in the openssl_benchmark +// directory as they use the same code paths that gocryptfs actually uses. +// +// Run benchmark: +// go test -bench Enc + +import ( + "crypto/aes" + "crypto/cipher" + "testing" +) + +func benchmarkGoEnc(b *testing.B, plaintext []byte, key []byte, nonce []byte) (ciphertext []byte) { + b.SetBytes(int64(len(plaintext))) + aes, err := aes.NewCipher(key[:]) + if err != nil { + b.Fatal(err) + } + aesgcm, err := cipher.NewGCMWithNonceSize(aes, len(nonce)) + if err != nil { + b.Fatal(err) + } + // This would be fileID + blockNo + aData := make([]byte, 24) + b.ResetTimer() + for i := 0; i < b.N; i++ { + // Encrypt plaintext and append to nonce + ciphertext = aesgcm.Seal(nonce, nonce, plaintext, aData) + } + return ciphertext +} + +func benchmarkOpensslEnc(b *testing.B, plaintext []byte, key []byte, nonce []byte) (ciphertext []byte) { + b.SetBytes(int64(len(plaintext))) + var aesgcm opensslGCM + aesgcm.key = key + // This would be fileID + blockNo + aData := make([]byte, 24) + for i := 0; i < b.N; i++ { + // Encrypt plaintext and append to nonce + ciphertext = aesgcm.Seal(nonce, nonce, plaintext, aData) + } + return ciphertext +} + +func BenchmarkEnc_Go_4k_AES256_nonce96(b *testing.B) { + plaintext := make([]byte, 4048) + key := make([]byte, 256/8) + nonce := make([]byte, 96/8) + benchmarkGoEnc(b, plaintext, key, nonce) +} + +func BenchmarkEnc_Go_4k_AES256_nonce128(b *testing.B) { + plaintext := make([]byte, 4048) + key := make([]byte, 256/8) + nonce := make([]byte, 128/8) + benchmarkGoEnc(b, plaintext, key, nonce) +} + +func BenchmarkEnc_OpenSSL_4k_AES256_nonce96(b *testing.B) { + plaintext := make([]byte, 4048) + key := make([]byte, 256/8) + nonce := make([]byte, 96/8) + benchmarkOpensslEnc(b, plaintext, key, nonce) +} + +func BenchmarkEnc_OpenSSL_4k_AES256_nonce128(b *testing.B) { + plaintext := make([]byte, 4048) + key := make([]byte, 256/8) + nonce := make([]byte, 96/8) + benchmarkOpensslEnc(b, plaintext, key, nonce) +} diff --git a/openssl_benchmark/openssl_test.go b/openssl_benchmark/openssl_test.go index 76c68a8..35abca7 100644 --- a/openssl_benchmark/openssl_test.go +++ b/openssl_benchmark/openssl_test.go @@ -2,6 +2,8 @@ package benchmark // Benchmark go built-int GCM against spacemonkey openssl bindings // +// Note: This is deprecated in favor of the benchmarks integrated in cryptfs. +// // Run benchmark: // go test -bench=. @@ -33,10 +35,11 @@ func BenchmarkGoEnc4K(b *testing.B) { aes, _ := aes.NewCipher(key[:]) aesgcm, _ := cipher.NewGCM(aes) var out []byte - + // This would be fileID + blockNo + aData := make([]byte, 24) b.ResetTimer() for i := 0; i < b.N; i++ { - out = aesgcm.Seal(out[:0], nonce[:], buf, nil) + out = aesgcm.Seal(out[:0], nonce[:], buf, aData) } } @@ -67,6 +70,9 @@ func BenchmarkOpensslEnc4K(b *testing.B) { var key [cryptfs.KEY_LEN]byte var nonce [12]byte + // This would be fileID + blockNo + aData := make([]byte, 24) + var ciphertext bytes.Buffer var part []byte @@ -77,6 +83,10 @@ func BenchmarkOpensslEnc4K(b *testing.B) { if err != nil { b.FailNow() } + err = ectx.ExtraData(aData) + if err != nil { + b.FailNow() + } part, err = ectx.EncryptUpdate(buf) if err != nil { b.FailNow()