[Git][NTPsec/ntpsec][master] 4 commits: Add hack to measure execute times of digests

Hal Murray gitlab at mg.gitlab.com
Sun Feb 18 11:27:08 UTC 2018 

Hal Murray pushed to branch master at NTPsec / ntpsec


Commits:
979f57a4 by Hal Murray at 2018-02-17T21:31:19-08:00
Add hack to measure execute times of digests

- - - - -
98971690 by Hal Murray at 2018-02-17T21:31:19-08:00
Print OpenSSL version string

- - - - -
1dc565f6 by Hal Murray at 2018-02-18T03:14:58-08:00
Decouple from ntp defs file (used UNUSED_ARG)

- - - - -
ecb0d680 by Hal Murray at 2018-02-18T03:23:33-08:00
Minor cleanup on support for slightly older versions of OpenSSL

- - - - -


6 changed files:

- attic/README
- attic/digest.c → attic/digest-find.c
- + attic/digest-timing.c
- attic/wscript
- libntp/macencrypt.c
- libntp/ssl_init.c


Changes:

=====================================
attic/README
=====================================
--- a/attic/README
+++ b/attic/README
@@ -7,6 +7,11 @@ documentation, alas.  Read the header comments.
 calc_tickadj::	Calculates "optimal" value for tick given ntp.drift file
 		Tested: 20160226
 
+digest-find.c::	Hack to see if various digests are supported by OpenSSL
+
+digest-timing.c:: Hack to measure execution times for various digests
+		and key lengths
+
 kern.c:: 	Header comment from deep in the mists of past time says:
 		"This program simulates a first-order, type-II
 		phase-lock loop using actual code segments from


=====================================
attic/digest.c → attic/digest-find.c
=====================================
--- a/attic/digest.c
+++ b/attic/digest-find.c
@@ -20,8 +20,7 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 
-#include "ntp_types.h"
-
+#define UNUSED_ARG(arg)         ((void)(arg))
 
 
 const char* digests[] = {
@@ -42,8 +41,9 @@ main (
   UNUSED_ARG(argc);
   UNUSED_ARG(argv);
 
-  unsigned int version = OPENSSL_VERSION_NUMBER;
-  printf("OpenSSL Version is %x\n", version);
+  unsigned int versionNumber = OPENSSL_VERSION_NUMBER;
+  const char *versionText = OPENSSL_VERSION_TEXT;
+  printf("OpenSSL xVersion is %x, %s\n", versionNumber, versionText);
 
   /* needed if OPENSSL_VERSION_NUMBER < 0x10100000L */
   OpenSSL_add_all_digests();


=====================================
attic/digest-timing.c
=====================================
--- /dev/null
+++ b/attic/digest-timing.c
@@ -0,0 +1,171 @@
+/* Last modified on Sat Aug 28 14:30:11 PDT 1999 by murray */
+
+/* Hack to time the digest calculations for various algorithms.
+ *
+ * This is just the digest timing.
+ * It doesn't include the copy or compare or finding the right key.
+ *
+ * Beware of overflows in the timing computations.
+ */
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <time.h>
+
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/md5.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+
+#define UNUSED_ARG(arg)         ((void)(arg))
+
+#ifndef EVP_MD_CTX_reset
+/* Slightly older version of OpenSSL */
+/* Similar hack in ssl_init.c */
+#define EVP_MD_CTX_new() EVP_MD_CTX_create()
+#define EVP_MD_CTX_free(ctx) EVP_MD_CTX_destroy(ctx)
+#define EVP_MD_CTX_reset(ctx) EVP_MD_CTX_init(ctx)
+#endif
+
+
+/* Get timing for old slower way too.  Pre Feb 2018 */
+#define DoSLOW 1
+
+int NUM = 1000000;
+
+#define PACKET_LENGTH 48
+/* Nothing magic about these key lengths.
+ * ntpkeygen just happens to label things this way.
+ */
+#define MD5_KEY_LENGTH 16
+#define SHA1_KEY_LENGTH 20
+#define MAX_KEY_LENGTH 64
+
+EVP_MD_CTX *ctx;
+
+void ssl_init(void);
+void ssl_init(void)
+{
+  ERR_load_crypto_strings();
+  OpenSSL_add_all_digests();
+  ctx = EVP_MD_CTX_new();
+}
+
+static unsigned int SSL_Digest(
+  const EVP_MD *digest,   /* hash algorithm */
+  uint8_t *key,           /* key pointer */
+  int     keylength,       /* key size */
+  uint8_t *pkt,           /* packet pointer */
+  int     pktlength       /* packet length */
+) {
+  unsigned char answer[EVP_MAX_MD_SIZE];
+  unsigned int len;
+  EVP_MD_CTX_reset(ctx);
+  EVP_DigestInit(ctx, digest);
+  EVP_DigestUpdate(ctx, key, keylength);
+  EVP_DigestUpdate(ctx, pkt, pktlength);
+  EVP_DigestFinal(ctx, answer, &len);
+  return len;
+}
+
+static unsigned int SSL_DigestSlow(
+  int type,               /* hash algorithm */
+  uint8_t *key,           /* key pointer */
+  int     keylength,       /* key size */
+  uint8_t *pkt,           /* packet pointer */
+  int     pktlength       /* packet length */
+) {
+  EVP_MD_CTX *ctxx;
+  unsigned char answer[EVP_MAX_MD_SIZE];
+  unsigned int len;
+  ctxx = EVP_MD_CTX_new();
+  EVP_DigestInit(ctxx, EVP_get_digestbynid(type));
+  EVP_DigestUpdate(ctxx, key, keylength);
+  EVP_DigestUpdate(ctxx, pkt, pktlength);
+  EVP_DigestFinal(ctxx, answer, &len);
+  EVP_MD_CTX_free(ctxx);
+  return len;
+}
+
+static void DoOne(
+  const char *name,       /* type of digest */
+  uint8_t *key,           /* key pointer */
+  int     keylength,      /* key size */
+  uint8_t *pkt,           /* packet pointer */
+  int     pktlength       /* packet length */
+)
+{
+  int type = OBJ_sn2nid(name);
+  const EVP_MD *digest = EVP_get_digestbynid(type);
+  struct timespec start, stop;
+  int i;
+  double fast, slow;
+  unsigned int digestlength = 0;
+
+  if (NULL == digest) return;
+
+  clock_gettime(CLOCK_MONOTONIC, &start);
+  for (i = 0; i < NUM; i++) {
+    digestlength = SSL_Digest(digest, key, keylength, pkt, pktlength);
+  }
+  clock_gettime(CLOCK_MONOTONIC, &stop);
+  fast = (stop.tv_sec-start.tv_sec)*1E9 + (stop.tv_nsec-start.tv_nsec);
+  printf("%10s  %2d %2d %2u %6.0f  %6.3f",
+    name, keylength, pktlength, digestlength, fast/NUM,  fast/1E9);
+
+#ifdef DoSLOW
+  clock_gettime(CLOCK_MONOTONIC, &start);
+  for (i = 0; i < NUM; i++) {
+    digestlength = SSL_DigestSlow(type, key, keylength, pkt, pktlength);
+  }
+  clock_gettime(CLOCK_MONOTONIC, &stop);
+  slow = (stop.tv_sec-start.tv_sec)*1E9 + (stop.tv_nsec-start.tv_nsec);
+  printf("   %6.0f  %2.0f %4.0f",
+    slow/NUM, (slow-fast)*100.0/slow, (slow-fast)/NUM);
+#endif
+  printf("\n");
+}
+
+
+
+int main(int argc, char *argv[])
+{
+  uint8_t key[MAX_KEY_LENGTH];
+  uint8_t packet[PACKET_LENGTH];
+
+  UNUSED_ARG(argc);
+  UNUSED_ARG(argv);
+
+  ssl_init();
+  RAND_bytes((unsigned char *)&key, MAX_KEY_LENGTH);
+  RAND_bytes((unsigned char *)&packet, PACKET_LENGTH);
+
+  printf("# %s\n", OPENSSL_VERSION_TEXT);
+  printf("# KL=key length, PL=packet length, DL=digest length\n");
+  printf("# Digest    KL PL DL  ns/op sec/run     slow   %% diff\n");
+
+  DoOne("MD5",    key, MD5_KEY_LENGTH, packet, PACKET_LENGTH);
+  DoOne("MD5",    key, MD5_KEY_LENGTH-1, packet, PACKET_LENGTH);
+  DoOne("MD5",    key, SHA1_KEY_LENGTH, packet, PACKET_LENGTH);
+  DoOne("SHA1",   key, MD5_KEY_LENGTH, packet, PACKET_LENGTH);
+  DoOne("SHA1",   key, SHA1_KEY_LENGTH, packet, PACKET_LENGTH);
+  DoOne("SHA1",   key, SHA1_KEY_LENGTH-1, packet, PACKET_LENGTH);
+  DoOne("SHA224", key, 16, packet, PACKET_LENGTH);
+  DoOne("SHA224", key, 20, packet, PACKET_LENGTH);
+  DoOne("SHA256", key, 16, packet, PACKET_LENGTH);
+  DoOne("SHA256", key, 20, packet, PACKET_LENGTH);
+  DoOne("SHA384", key, 16, packet, PACKET_LENGTH);
+  DoOne("SHA384", key, 20, packet, PACKET_LENGTH);
+  DoOne("SHA512", key, 16, packet, PACKET_LENGTH);
+  DoOne("SHA512", key, 20, packet, PACKET_LENGTH);
+  DoOne("SHA512", key, 24, packet, PACKET_LENGTH);
+  DoOne("SHA512", key, 32, packet, PACKET_LENGTH);
+  DoOne("RIPEMD160", key, 16, packet, PACKET_LENGTH);
+  DoOne("RIPEMD160", key, 20, packet, PACKET_LENGTH);
+  DoOne("RIPEMD160", key, 32, packet, PACKET_LENGTH);
+
+  return 0;
+  
+}


=====================================
attic/wscript
=====================================
--- a/attic/wscript
+++ b/attic/wscript
@@ -1,7 +1,7 @@
 def build(ctx):
     bldnode = ctx.bldnode.abspath()
 
-    util = ['sht', 'digest']
+    util = ['sht', 'digest-find', 'digest-timing']
 
     for name in util:
         ctx(


=====================================
libntp/macencrypt.c
=====================================
--- a/libntp/macencrypt.c
+++ b/libntp/macencrypt.c
@@ -16,7 +16,7 @@
 
 #ifndef EVP_MD_CTX_reset
 /* Slightly older version of OpenSSL */
-/* Similar hack in ssl_init.c */
+/* Similar hack in ssl_init.c and attic/digest-timing.c */
 #define EVP_MD_CTX_reset(ctx) EVP_MD_CTX_init(ctx)
 #endif
 


=====================================
libntp/ssl_init.c
=====================================
--- a/libntp/ssl_init.c
+++ b/libntp/ssl_init.c
@@ -13,7 +13,7 @@
 
 #ifndef EVP_MD_CTX_new
 /* Slightly older version of OpenSSL */
-/* Similar hack in macencrypt.c */
+/* Similar hack in macencrypt.c and attic/digest-timing.c */
 #define EVP_MD_CTX_new() EVP_MD_CTX_create()
 #endif
 



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/cef6aa5ed981b75bb37323342af81039976f5ca5...ecb0d680804a54fb054b2c7ae9816b61095c6713

---
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/cef6aa5ed981b75bb37323342af81039976f5ca5...ecb0d680804a54fb054b2c7ae9816b61095c6713
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20180218/1c2a5089/attachment.html>

More information about the vc mailing list