projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
remove obsolete scripts
[strongswan.git] / scripts / pubkey_speed.c
1
2 #include <stdio.h>
3 #include <time.h>
4 #include <library.h>
5 #include <debug.h>
6 #include <credentials/keys/private_key.h>
7 #include <asn1/pem.h>
8
9 void start_timing(struct timespec *start)
10 {
11 clock_gettime(CLOCK_THREAD_CPUTIME_ID, start);
12 }
13
14 double end_timing(struct timespec *start)
15 {
16 struct timespec end;
17
18 clock_gettime(CLOCK_THREAD_CPUTIME_ID, &end);
19 return (end.tv_nsec - start->tv_nsec) / 1000000000.0 +
20 (end.tv_sec - start->tv_sec) * 1.0;
21 }
22
23 static void usage()
24 {
25 printf("usage: pubkey_speed plugins rsa|ecdsa rounds\n");
26 exit(1);
27 }
28
29 static char data_buf[] = {0x01,0x02,0x03,0x04,0x05,0x06,0x07};
30
31 int main(int argc, char *argv[])
32 {
33 private_key_t *private;
34 public_key_t *public;
35 struct timespec timing;
36 int round, rounds, read;
37 char buf[8096], *pos = buf;
38 key_type_t type;
39 signature_scheme_t scheme;
40 chunk_t keydata, *sigs, data = chunk_from_buf(data_buf);
41
42 if (argc < 4)
43 {
44 usage();
45 }
46
47 rounds = atoi(argv[3]);
48
49 if (streq(argv[2], "rsa"))
50 {
51 type = KEY_RSA;
52 scheme = SIGN_RSA_EMSA_PKCS1_SHA1;
53 }
54 else if (streq(argv[2], "ecdsa"))
55 {
56 type = KEY_ECDSA;
57 }
58 else
59 {
60 usage();
61 }
62
63 library_init(STRONGSWAN_CONF);
64 lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, argv[1]);
65 atexit(library_deinit);
66
67 keydata = chunk_create(buf, 0);
68 while ((read = fread(pos, 1, sizeof(buf) - (pos - buf), stdin)))
69 {
70 pos += read;
71 keydata.len += read;
72 }
73 if (pem_to_bin(&keydata, chunk_empty, NULL) != SUCCESS)
74 {
75 printf("converting PEM private key failed.\n");
76 exit(1);
77 }
78
79 private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
80 BUILD_BLOB_ASN1_DER, keydata, BUILD_END);
81 if (!private)
82 {
83 printf("parsing private key failed.\n");
84 exit(1);
85 }
86 if (type == KEY_ECDSA)
87 {
88 switch (private->get_keysize(private))
89 {
90 case 32:
91 scheme = SIGN_ECDSA_256;
92 break;
93 case 48:
94 scheme = SIGN_ECDSA_384;
95 break;
96 case 66:
97 scheme = SIGN_ECDSA_521;
98 break;
99 default:
100 printf("%d bit ECDSA private key size not supported",
101 private->get_keysize(private) * 8);
102 exit(1);
103 }
104 }
105
106 printf("%4d bit %N: ", private->get_keysize(private)*8,
107 key_type_names, type);
108
109 sigs = malloc(sizeof(chunk_t) * rounds);
110
111 start_timing(&timing);
112 for (round = 0; round < rounds; round++)
113 {
114 if (!private->sign(private, scheme, data, &sigs[round]))
115 {
116 printf("creating signature failed\n");
117 exit(1);
118 }
119 };
120 printf("sign()/s: %8.1f ", rounds / end_timing(&timing));
121
122 public = private->get_public_key(private);
123 if (!public)
124 {
125 printf("extracting public key failed\n");
126 exit(1);
127 }
128 start_timing(&timing);
129 for (round = 0; round < rounds; round++)
130 {
131 if (!public->verify(public, scheme, data, sigs[round]))
132 {
133 printf("signature verification failed\n");
134 exit(1);
135 }
136 }
137 printf("verify()/s: %8.1f\n", rounds / end_timing(&timing));
138 public->destroy(public);
139 private->destroy(private);
140
141 for (round = 0; round < rounds; round++)
142 {
143 free(sigs[round].ptr);
144 }
145 free(sigs);
146 return 0;
147 }
148
strongSwan - IPsec VPN