[Cryptech-Commits] [sw/libhal] 02/02: Allow multiple iterations in verify, for better timing measurement.

git at cryptech.is git at cryptech.is
Wed Apr 10 19:42:49 UTC 2019


This is an automated email from the git hooks/post-receive script.

paul at psgd.org pushed a commit to branch master
in repository sw/libhal.

commit 9e6edd6082cc8d501e2b062983ed58b01ef677d7
Author: Paul Selkirk <paul at psgd.org>
AuthorDate: Wed Apr 10 15:42:09 2019 -0400

    Allow multiple iterations in verify, for better timing measurement.
---
 utils/pkey.c | 69 ++++++++++++++++++++++++++++++++----------------------------
 1 file changed, 37 insertions(+), 32 deletions(-)

diff --git a/utils/pkey.c b/utils/pkey.c
index fa566a9..76c1bf7 100644
--- a/utils/pkey.c
+++ b/utils/pkey.c
@@ -54,15 +54,17 @@
  * i.e. Generate an RSA key with default parameters, hash the default message
  * and sign it 100 times, verify the signature, and delete the key.
  *
- * generate rsa [-l keylen-in-bits] [-e exponent]
- * generate ec [-c curve]
- * generate hashsig [-L levels] [-h height] [-w Winternitz factor]
- * list [-t type] [-c curve] [-y keystore]
+ * [-i (info)] [-p pin]
+ * generate [-x (exportable)] [-v (volatile keystore)]
+ *          rsa [-l keylen-in-bits] [-e exponent]
+ *          ec [-c curve]
+ *          hashsig [-L levels] [-h height] [-w Winternitz factor]
+ * list [-t type]
  * sign [-h (hash)] [-k keyname] [-m msgfile] [-s sigfile] [-n iterations]
  * verify [-h (hash)] [-k keyname] [-m msgfile] [-s sigfile]
  * export [-k keyname] [-K kekekfile] [-o outfile]
  * import [-K kekekfile] [-i infile] [-x (exportable)] [-v (volatile keystore)]
- * delete [-k keyname]
+ * delete [-k keyname] ...
  */
 
 /*
@@ -564,16 +566,10 @@ static int pkey_list(int argc, char *argv[])
 {
     char usage[] = "Usage: list [-t type] [-c curve] [-y keystore]";
 
-#if 0
-    char *type = NULL;
-    char *curve = NULL;
-    char *keystore = NULL;
-#endif
-
     int type_rsa = 0, type_ec = 0, type_hashsig = 0;
 
     int opt;
-    while ((opt = getopt(argc, argv, "-t:c:y:")) != -1) {
+    while ((opt = getopt(argc, argv, "-t:")) != -1) {
         switch (opt) {
         case 1:
             /* found the next command */
@@ -589,14 +585,6 @@ static int pkey_list(int argc, char *argv[])
             else
                 lose("unsupported key type %s, expected 'rsa', 'ec', or 'hashsig'\n", optarg);
             break;
-#if 0
-        case 'c':
-            curve = optarg;
-            break;
-        case 'y':
-            keystore = optarg;
-            break;
-#endif
         default:
             puts(usage);
             return -1;
@@ -819,10 +807,14 @@ done:
     if (info) {
         gettimeofday(&tv_end, NULL);
         timersub(&tv_end, &tv_start, &tv_diff);
-        long per_sig = (tv_diff.tv_sec * 1000000 + tv_diff.tv_usec) / i;
-        printf("Info: %ldm%ld.%03lds to generate %d signatures of length %lu (%ld.%03lds per signature)\n",
-               (long)tv_diff.tv_sec / 60, (long)tv_diff.tv_sec % 60, (long)tv_diff.tv_usec / 1000, i, sig_len,
-               (long)per_sig / 1000000, ((long)per_sig % 1000000) / 1000);
+        printf("Info: %ldm%ld.%03lds to generate %d signature%s of length %lu",
+               (long)tv_diff.tv_sec / 60, (long)tv_diff.tv_sec % 60, (long)tv_diff.tv_usec / 1000, i, ((i > 1) ? "s" : ""), sig_len);
+        if (i > 1) {
+            long per_sig = (tv_diff.tv_sec * 1000000 + tv_diff.tv_usec) / i;
+            printf(" (%ld.%03lds per signature)",
+                   (long)per_sig / 1000000, ((long)per_sig % 1000000) / 1000);
+        }
+        printf("\n");
     }
 
     if (sig_fn != NULL && file_write(sig_fn, sig, sig_len, 0) != 0)
@@ -836,12 +828,13 @@ fail:
 
 static int pkey_verify(int argc, char *argv[])
 {
-    char usage[] = "Usage: verify [-h (hash)] [-k keyname] [-m msgfile] [-s sigfile]";
+    char usage[] = "Usage: verify [-h (hash)] [-k keyname] [-m msgfile] [-s sigfile] [-n iterations]";
 
     int hash_msg = 0;
+    unsigned n = 1;
 
     int opt;
-    while ((opt = getopt(argc, argv, "-hk:m:s:")) != -1) {
+    while ((opt = getopt(argc, argv, "-hk:m:s:n:")) != -1) {
         switch (opt) {
         case 1:
             /* found the next command */
@@ -863,6 +856,9 @@ static int pkey_verify(int argc, char *argv[])
             if (file_read(optarg, sig, &sig_len, sizeof(sig)) != 0)
                 return -1;
             break;
+        case 'n':
+            n = atoi(optarg);
+            break;
         default:
             puts(usage);
             return -1;
@@ -894,20 +890,29 @@ done:
     if (hash_msg && hash_message(m = digest, &mlen, sizeof(digest)) != 0)
         goto fail;
 
-    hal_error_t err;
     struct timeval tv_start, tv_end, tv_diff;
     if (info)
         gettimeofday(&tv_start, NULL);
 
-    if ((err = hal_rpc_pkey_verify(key_handle, hal_hash_handle_none,
-                                   m, mlen, sig, sig_len)) != HAL_OK)
-        lose("Error verifying: %s\n", hal_error_string(err));
+    unsigned i;
+    for (i = 0; i < n; ++i) {
+        hal_error_t err;
+        if ((err = hal_rpc_pkey_verify(key_handle, hal_hash_handle_none,
+                                       m, mlen, sig, sig_len)) != HAL_OK)
+            lose("Error verifying: %s\n", hal_error_string(err));
+    }
 
     if (info) {
         gettimeofday(&tv_end, NULL);
         timersub(&tv_end, &tv_start, &tv_diff);
-        printf("Info: %ldm%ld.%03lds to verify 1 signature\n",
-               (long)tv_diff.tv_sec / 60, (long)tv_diff.tv_sec % 60, (long)tv_diff.tv_usec / 1000);
+        printf("Info: %ldm%ld.%03lds to verify %d signature",
+               (long)tv_diff.tv_sec / 60, (long)tv_diff.tv_sec % 60, (long)tv_diff.tv_usec / 1000, i);
+        if (i > 1) {
+            long per_sig = (tv_diff.tv_sec * 1000000 + tv_diff.tv_usec) / i;
+            printf("s (%ld.%03lds per verification)",
+                   (long)per_sig / 1000000, ((long)per_sig % 1000000) / 1000);
+        }
+        printf("\n");
     }
 
     return 0;



More information about the Commits mailing list