[Cryptech-Commits] [sw/libhal] 02/02: Allow multiple iterations in verify, for better timing measurement.
git at cryptech.is
git at cryptech.is
Wed Apr 10 19:42:49 UTC 2019
This is an automated email from the git hooks/post-receive script.
paul at psgd.org pushed a commit to branch master
in repository sw/libhal.
commit 9e6edd6082cc8d501e2b062983ed58b01ef677d7
Author: Paul Selkirk <paul at psgd.org>
AuthorDate: Wed Apr 10 15:42:09 2019 -0400
Allow multiple iterations in verify, for better timing measurement.
---
utils/pkey.c | 69 ++++++++++++++++++++++++++++++++----------------------------
1 file changed, 37 insertions(+), 32 deletions(-)
diff --git a/utils/pkey.c b/utils/pkey.c
index fa566a9..76c1bf7 100644
--- a/utils/pkey.c
+++ b/utils/pkey.c
@@ -54,15 +54,17 @@
* i.e. Generate an RSA key with default parameters, hash the default message
* and sign it 100 times, verify the signature, and delete the key.
*
- * generate rsa [-l keylen-in-bits] [-e exponent]
- * generate ec [-c curve]
- * generate hashsig [-L levels] [-h height] [-w Winternitz factor]
- * list [-t type] [-c curve] [-y keystore]
+ * [-i (info)] [-p pin]
+ * generate [-x (exportable)] [-v (volatile keystore)]
+ * rsa [-l keylen-in-bits] [-e exponent]
+ * ec [-c curve]
+ * hashsig [-L levels] [-h height] [-w Winternitz factor]
+ * list [-t type]
* sign [-h (hash)] [-k keyname] [-m msgfile] [-s sigfile] [-n iterations]
* verify [-h (hash)] [-k keyname] [-m msgfile] [-s sigfile]
* export [-k keyname] [-K kekekfile] [-o outfile]
* import [-K kekekfile] [-i infile] [-x (exportable)] [-v (volatile keystore)]
- * delete [-k keyname]
+ * delete [-k keyname] ...
*/
/*
@@ -564,16 +566,10 @@ static int pkey_list(int argc, char *argv[])
{
char usage[] = "Usage: list [-t type] [-c curve] [-y keystore]";
-#if 0
- char *type = NULL;
- char *curve = NULL;
- char *keystore = NULL;
-#endif
-
int type_rsa = 0, type_ec = 0, type_hashsig = 0;
int opt;
- while ((opt = getopt(argc, argv, "-t:c:y:")) != -1) {
+ while ((opt = getopt(argc, argv, "-t:")) != -1) {
switch (opt) {
case 1:
/* found the next command */
@@ -589,14 +585,6 @@ static int pkey_list(int argc, char *argv[])
else
lose("unsupported key type %s, expected 'rsa', 'ec', or 'hashsig'\n", optarg);
break;
-#if 0
- case 'c':
- curve = optarg;
- break;
- case 'y':
- keystore = optarg;
- break;
-#endif
default:
puts(usage);
return -1;
@@ -819,10 +807,14 @@ done:
if (info) {
gettimeofday(&tv_end, NULL);
timersub(&tv_end, &tv_start, &tv_diff);
- long per_sig = (tv_diff.tv_sec * 1000000 + tv_diff.tv_usec) / i;
- printf("Info: %ldm%ld.%03lds to generate %d signatures of length %lu (%ld.%03lds per signature)\n",
- (long)tv_diff.tv_sec / 60, (long)tv_diff.tv_sec % 60, (long)tv_diff.tv_usec / 1000, i, sig_len,
- (long)per_sig / 1000000, ((long)per_sig % 1000000) / 1000);
+ printf("Info: %ldm%ld.%03lds to generate %d signature%s of length %lu",
+ (long)tv_diff.tv_sec / 60, (long)tv_diff.tv_sec % 60, (long)tv_diff.tv_usec / 1000, i, ((i > 1) ? "s" : ""), sig_len);
+ if (i > 1) {
+ long per_sig = (tv_diff.tv_sec * 1000000 + tv_diff.tv_usec) / i;
+ printf(" (%ld.%03lds per signature)",
+ (long)per_sig / 1000000, ((long)per_sig % 1000000) / 1000);
+ }
+ printf("\n");
}
if (sig_fn != NULL && file_write(sig_fn, sig, sig_len, 0) != 0)
@@ -836,12 +828,13 @@ fail:
static int pkey_verify(int argc, char *argv[])
{
- char usage[] = "Usage: verify [-h (hash)] [-k keyname] [-m msgfile] [-s sigfile]";
+ char usage[] = "Usage: verify [-h (hash)] [-k keyname] [-m msgfile] [-s sigfile] [-n iterations]";
int hash_msg = 0;
+ unsigned n = 1;
int opt;
- while ((opt = getopt(argc, argv, "-hk:m:s:")) != -1) {
+ while ((opt = getopt(argc, argv, "-hk:m:s:n:")) != -1) {
switch (opt) {
case 1:
/* found the next command */
@@ -863,6 +856,9 @@ static int pkey_verify(int argc, char *argv[])
if (file_read(optarg, sig, &sig_len, sizeof(sig)) != 0)
return -1;
break;
+ case 'n':
+ n = atoi(optarg);
+ break;
default:
puts(usage);
return -1;
@@ -894,20 +890,29 @@ done:
if (hash_msg && hash_message(m = digest, &mlen, sizeof(digest)) != 0)
goto fail;
- hal_error_t err;
struct timeval tv_start, tv_end, tv_diff;
if (info)
gettimeofday(&tv_start, NULL);
- if ((err = hal_rpc_pkey_verify(key_handle, hal_hash_handle_none,
- m, mlen, sig, sig_len)) != HAL_OK)
- lose("Error verifying: %s\n", hal_error_string(err));
+ unsigned i;
+ for (i = 0; i < n; ++i) {
+ hal_error_t err;
+ if ((err = hal_rpc_pkey_verify(key_handle, hal_hash_handle_none,
+ m, mlen, sig, sig_len)) != HAL_OK)
+ lose("Error verifying: %s\n", hal_error_string(err));
+ }
if (info) {
gettimeofday(&tv_end, NULL);
timersub(&tv_end, &tv_start, &tv_diff);
- printf("Info: %ldm%ld.%03lds to verify 1 signature\n",
- (long)tv_diff.tv_sec / 60, (long)tv_diff.tv_sec % 60, (long)tv_diff.tv_usec / 1000);
+ printf("Info: %ldm%ld.%03lds to verify %d signature",
+ (long)tv_diff.tv_sec / 60, (long)tv_diff.tv_sec % 60, (long)tv_diff.tv_usec / 1000, i);
+ if (i > 1) {
+ long per_sig = (tv_diff.tv_sec * 1000000 + tv_diff.tv_usec) / i;
+ printf("s (%ld.%03lds per verification)",
+ (long)per_sig / 1000000, ((long)per_sig % 1000000) / 1000);
+ }
+ printf("\n");
}
return 0;
More information about the Commits
mailing list