projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
migrated scripts to new fingerprinting API
[strongswan.git] / scripts / pubkey_speed.c
1
2 #include <stdio.h>
3 #include <time.h>
4 #include <library.h>
5 #include <debug.h>
6 #include <credentials/keys/private_key.h>
7
8 void start_timing(struct timespec *start)
9 {
10 clock_gettime(CLOCK_THREAD_CPUTIME_ID, start);
11 }
12
13 double end_timing(struct timespec *start)
14 {
15 struct timespec end;
16
17 clock_gettime(CLOCK_THREAD_CPUTIME_ID, &end);
18 return (end.tv_nsec - start->tv_nsec) / 1000000000.0 +
19 (end.tv_sec - start->tv_sec) * 1.0;
20 }
21
22 static void usage()
23 {
24 printf("usage: pubkey_speed plugins rsa|ecdsa rounds\n");
25 exit(1);
26 }
27
28 static char data_buf[] = {0x01,0x02,0x03,0x04,0x05,0x06,0x07};
29
30 int main(int argc, char *argv[])
31 {
32 private_key_t *private;
33 public_key_t *public;
34 struct timespec timing;
35 int round, rounds, read;
36 char buf[8096], *pos = buf;
37 key_type_t type = KEY_ANY;
38 signature_scheme_t scheme = SIGN_UNKNOWN;
39 chunk_t keydata, *sigs, data = chunk_from_buf(data_buf);
40
41 if (argc < 4)
42 {
43 usage();
44 }
45
46 rounds = atoi(argv[3]);
47
48 if (streq(argv[2], "rsa"))
49 {
50 type = KEY_RSA;
51 scheme = SIGN_RSA_EMSA_PKCS1_SHA1;
52 }
53 else if (streq(argv[2], "ecdsa"))
54 {
55 type = KEY_ECDSA;
56 }
57 else
58 {
59 usage();
60 }
61
62 library_init(STRONGSWAN_CONF);
63 lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, argv[1]);
64 atexit(library_deinit);
65
66 keydata = chunk_create(buf, 0);
67 while ((read = fread(pos, 1, sizeof(buf) - (pos - buf), stdin)))
68 {
69 pos += read;
70 keydata.len += read;
71 }
72
73 private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
74 BUILD_BLOB_PEM, keydata, BUILD_END);
75 if (!private)
76 {
77 printf("parsing private key failed.\n");
78 exit(1);
79 }
80 if (type == KEY_ECDSA)
81 {
82 switch (private->get_keysize(private))
83 {
84 case 32:
85 scheme = SIGN_ECDSA_256;
86 break;
87 case 48:
88 scheme = SIGN_ECDSA_384;
89 break;
90 case 66:
91 scheme = SIGN_ECDSA_521;
92 break;
93 default:
94 printf("%d bit ECDSA private key size not supported",
95 private->get_keysize(private) * 8);
96 exit(1);
97 }
98 }
99
100 printf("%4d bit %N: ", private->get_keysize(private)*8,
101 key_type_names, type);
102
103 sigs = malloc(sizeof(chunk_t) * rounds);
104
105 start_timing(&timing);
106 for (round = 0; round < rounds; round++)
107 {
108 if (!private->sign(private, scheme, data, &sigs[round]))
109 {
110 printf("creating signature failed\n");
111 exit(1);
112 }
113 };
114 printf("sign()/s: %8.1f ", rounds / end_timing(&timing));
115
116 public = private->get_public_key(private);
117 if (!public)
118 {
119 printf("extracting public key failed\n");
120 exit(1);
121 }
122 start_timing(&timing);
123 for (round = 0; round < rounds; round++)
124 {
125 if (!public->verify(public, scheme, data, sigs[round]))
126 {
127 printf("signature verification failed\n");
128 exit(1);
129 }
130 }
131 printf("verify()/s: %8.1f\n", rounds / end_timing(&timing));
132 public->destroy(public);
133 private->destroy(private);
134
135 for (round = 0; round < rounds; round++)
136 {
137 free(sigs[round].ptr);
138 }
139 free(sigs);
140 return 0;
141 }
142
strongSwan - IPsec VPN