[Git][NTPsec/ntpsec][master] 4 commits: Add hack to measure execute times of digests
Hal Murray
gitlab at mg.gitlab.com
Sun Feb 18 11:27:08 UTC 2018
Hal Murray pushed to branch master at NTPsec / ntpsec
Commits:
979f57a4 by Hal Murray at 2018-02-17T21:31:19-08:00
Add hack to measure execute times of digests
- - - - -
98971690 by Hal Murray at 2018-02-17T21:31:19-08:00
Print OpenSSL version string
- - - - -
1dc565f6 by Hal Murray at 2018-02-18T03:14:58-08:00
Decouple from ntp defs file (used UNUSED_ARG)
- - - - -
ecb0d680 by Hal Murray at 2018-02-18T03:23:33-08:00
Minor cleanup on support for slightly older versions of OpenSSL
- - - - -
6 changed files:
- attic/README
- attic/digest.c → attic/digest-find.c
- + attic/digest-timing.c
- attic/wscript
- libntp/macencrypt.c
- libntp/ssl_init.c
Changes:
=====================================
attic/README
=====================================
--- a/attic/README
+++ b/attic/README
@@ -7,6 +7,11 @@ documentation, alas. Read the header comments.
calc_tickadj:: Calculates "optimal" value for tick given ntp.drift file
Tested: 20160226
+digest-find.c:: Hack to see if various digests are supported by OpenSSL
+
+digest-timing.c:: Hack to measure execution times for various digests
+ and key lengths
+
kern.c:: Header comment from deep in the mists of past time says:
"This program simulates a first-order, type-II
phase-lock loop using actual code segments from
=====================================
attic/digest.c → attic/digest-find.c
=====================================
--- a/attic/digest.c
+++ b/attic/digest-find.c
@@ -20,8 +20,7 @@
#include <openssl/objects.h>
#include <openssl/evp.h>
-#include "ntp_types.h"
-
+#define UNUSED_ARG(arg) ((void)(arg))
const char* digests[] = {
@@ -42,8 +41,9 @@ main (
UNUSED_ARG(argc);
UNUSED_ARG(argv);
- unsigned int version = OPENSSL_VERSION_NUMBER;
- printf("OpenSSL Version is %x\n", version);
+ unsigned int versionNumber = OPENSSL_VERSION_NUMBER;
+ const char *versionText = OPENSSL_VERSION_TEXT;
+ printf("OpenSSL xVersion is %x, %s\n", versionNumber, versionText);
/* needed if OPENSSL_VERSION_NUMBER < 0x10100000L */
OpenSSL_add_all_digests();
=====================================
attic/digest-timing.c
=====================================
--- /dev/null
+++ b/attic/digest-timing.c
@@ -0,0 +1,171 @@
+/* Last modified on Sat Aug 28 14:30:11 PDT 1999 by murray */
+
+/* Hack to time the digest calculations for various algorithms.
+ *
+ * This is just the digest timing.
+ * It doesn't include the copy or compare or finding the right key.
+ *
+ * Beware of overflows in the timing computations.
+ */
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <time.h>
+
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/md5.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+
+#define UNUSED_ARG(arg) ((void)(arg))
+
+#ifndef EVP_MD_CTX_reset
+/* Slightly older version of OpenSSL */
+/* Similar hack in ssl_init.c */
+#define EVP_MD_CTX_new() EVP_MD_CTX_create()
+#define EVP_MD_CTX_free(ctx) EVP_MD_CTX_destroy(ctx)
+#define EVP_MD_CTX_reset(ctx) EVP_MD_CTX_init(ctx)
+#endif
+
+
+/* Get timing for old slower way too. Pre Feb 2018 */
+#define DoSLOW 1
+
+int NUM = 1000000;
+
+#define PACKET_LENGTH 48
+/* Nothing magic about these key lengths.
+ * ntpkeygen just happens to label things this way.
+ */
+#define MD5_KEY_LENGTH 16
+#define SHA1_KEY_LENGTH 20
+#define MAX_KEY_LENGTH 64
+
+EVP_MD_CTX *ctx;
+
+void ssl_init(void);
+void ssl_init(void)
+{
+ ERR_load_crypto_strings();
+ OpenSSL_add_all_digests();
+ ctx = EVP_MD_CTX_new();
+}
+
+static unsigned int SSL_Digest(
+ const EVP_MD *digest, /* hash algorithm */
+ uint8_t *key, /* key pointer */
+ int keylength, /* key size */
+ uint8_t *pkt, /* packet pointer */
+ int pktlength /* packet length */
+) {
+ unsigned char answer[EVP_MAX_MD_SIZE];
+ unsigned int len;
+ EVP_MD_CTX_reset(ctx);
+ EVP_DigestInit(ctx, digest);
+ EVP_DigestUpdate(ctx, key, keylength);
+ EVP_DigestUpdate(ctx, pkt, pktlength);
+ EVP_DigestFinal(ctx, answer, &len);
+ return len;
+}
+
+static unsigned int SSL_DigestSlow(
+ int type, /* hash algorithm */
+ uint8_t *key, /* key pointer */
+ int keylength, /* key size */
+ uint8_t *pkt, /* packet pointer */
+ int pktlength /* packet length */
+) {
+ EVP_MD_CTX *ctxx;
+ unsigned char answer[EVP_MAX_MD_SIZE];
+ unsigned int len;
+ ctxx = EVP_MD_CTX_new();
+ EVP_DigestInit(ctxx, EVP_get_digestbynid(type));
+ EVP_DigestUpdate(ctxx, key, keylength);
+ EVP_DigestUpdate(ctxx, pkt, pktlength);
+ EVP_DigestFinal(ctxx, answer, &len);
+ EVP_MD_CTX_free(ctxx);
+ return len;
+}
+
+static void DoOne(
+ const char *name, /* type of digest */
+ uint8_t *key, /* key pointer */
+ int keylength, /* key size */
+ uint8_t *pkt, /* packet pointer */
+ int pktlength /* packet length */
+)
+{
+ int type = OBJ_sn2nid(name);
+ const EVP_MD *digest = EVP_get_digestbynid(type);
+ struct timespec start, stop;
+ int i;
+ double fast, slow;
+ unsigned int digestlength = 0;
+
+ if (NULL == digest) return;
+
+ clock_gettime(CLOCK_MONOTONIC, &start);
+ for (i = 0; i < NUM; i++) {
+ digestlength = SSL_Digest(digest, key, keylength, pkt, pktlength);
+ }
+ clock_gettime(CLOCK_MONOTONIC, &stop);
+ fast = (stop.tv_sec-start.tv_sec)*1E9 + (stop.tv_nsec-start.tv_nsec);
+ printf("%10s %2d %2d %2u %6.0f %6.3f",
+ name, keylength, pktlength, digestlength, fast/NUM, fast/1E9);
+
+#ifdef DoSLOW
+ clock_gettime(CLOCK_MONOTONIC, &start);
+ for (i = 0; i < NUM; i++) {
+ digestlength = SSL_DigestSlow(type, key, keylength, pkt, pktlength);
+ }
+ clock_gettime(CLOCK_MONOTONIC, &stop);
+ slow = (stop.tv_sec-start.tv_sec)*1E9 + (stop.tv_nsec-start.tv_nsec);
+ printf(" %6.0f %2.0f %4.0f",
+ slow/NUM, (slow-fast)*100.0/slow, (slow-fast)/NUM);
+#endif
+ printf("\n");
+}
+
+
+
+int main(int argc, char *argv[])
+{
+ uint8_t key[MAX_KEY_LENGTH];
+ uint8_t packet[PACKET_LENGTH];
+
+ UNUSED_ARG(argc);
+ UNUSED_ARG(argv);
+
+ ssl_init();
+ RAND_bytes((unsigned char *)&key, MAX_KEY_LENGTH);
+ RAND_bytes((unsigned char *)&packet, PACKET_LENGTH);
+
+ printf("# %s\n", OPENSSL_VERSION_TEXT);
+ printf("# KL=key length, PL=packet length, DL=digest length\n");
+ printf("# Digest KL PL DL ns/op sec/run slow %% diff\n");
+
+ DoOne("MD5", key, MD5_KEY_LENGTH, packet, PACKET_LENGTH);
+ DoOne("MD5", key, MD5_KEY_LENGTH-1, packet, PACKET_LENGTH);
+ DoOne("MD5", key, SHA1_KEY_LENGTH, packet, PACKET_LENGTH);
+ DoOne("SHA1", key, MD5_KEY_LENGTH, packet, PACKET_LENGTH);
+ DoOne("SHA1", key, SHA1_KEY_LENGTH, packet, PACKET_LENGTH);
+ DoOne("SHA1", key, SHA1_KEY_LENGTH-1, packet, PACKET_LENGTH);
+ DoOne("SHA224", key, 16, packet, PACKET_LENGTH);
+ DoOne("SHA224", key, 20, packet, PACKET_LENGTH);
+ DoOne("SHA256", key, 16, packet, PACKET_LENGTH);
+ DoOne("SHA256", key, 20, packet, PACKET_LENGTH);
+ DoOne("SHA384", key, 16, packet, PACKET_LENGTH);
+ DoOne("SHA384", key, 20, packet, PACKET_LENGTH);
+ DoOne("SHA512", key, 16, packet, PACKET_LENGTH);
+ DoOne("SHA512", key, 20, packet, PACKET_LENGTH);
+ DoOne("SHA512", key, 24, packet, PACKET_LENGTH);
+ DoOne("SHA512", key, 32, packet, PACKET_LENGTH);
+ DoOne("RIPEMD160", key, 16, packet, PACKET_LENGTH);
+ DoOne("RIPEMD160", key, 20, packet, PACKET_LENGTH);
+ DoOne("RIPEMD160", key, 32, packet, PACKET_LENGTH);
+
+ return 0;
+
+}
=====================================
attic/wscript
=====================================
--- a/attic/wscript
+++ b/attic/wscript
@@ -1,7 +1,7 @@
def build(ctx):
bldnode = ctx.bldnode.abspath()
- util = ['sht', 'digest']
+ util = ['sht', 'digest-find', 'digest-timing']
for name in util:
ctx(
=====================================
libntp/macencrypt.c
=====================================
--- a/libntp/macencrypt.c
+++ b/libntp/macencrypt.c
@@ -16,7 +16,7 @@
#ifndef EVP_MD_CTX_reset
/* Slightly older version of OpenSSL */
-/* Similar hack in ssl_init.c */
+/* Similar hack in ssl_init.c and attic/digest-timing.c */
#define EVP_MD_CTX_reset(ctx) EVP_MD_CTX_init(ctx)
#endif
=====================================
libntp/ssl_init.c
=====================================
--- a/libntp/ssl_init.c
+++ b/libntp/ssl_init.c
@@ -13,7 +13,7 @@
#ifndef EVP_MD_CTX_new
/* Slightly older version of OpenSSL */
-/* Similar hack in macencrypt.c */
+/* Similar hack in macencrypt.c and attic/digest-timing.c */
#define EVP_MD_CTX_new() EVP_MD_CTX_create()
#endif
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/cef6aa5ed981b75bb37323342af81039976f5ca5...ecb0d680804a54fb054b2c7ae9816b61095c6713
---
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/cef6aa5ed981b75bb37323342af81039976f5ca5...ecb0d680804a54fb054b2c7ae9816b61095c6713
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20180218/1c2a5089/attachment.html>
More information about the vc
mailing list