diff options
| author | Peter Maydell | 2018-10-24 23:08:42 +0200 |
|---|---|---|
| committer | Peter Maydell | 2018-10-24 23:08:42 +0200 |
| commit | a4d710251fa5aa9ec26de4626f11c78500195d12 (patch) | |
| tree | 9069382c4c25523c5ef4425880c0ca97afdb0fa8 /tests | |
| parent | Merge remote-tracking branch 'remotes/amarkovic/tags/mips-queue-oct-2018-part... (diff) | |
| parent | crypto: add testing for unaligned buffers with XTS cipher mode (diff) | |
| download | qemu-a4d710251fa5aa9ec26de4626f11c78500195d12.tar.gz qemu-a4d710251fa5aa9ec26de4626f11c78500195d12.tar.xz qemu-a4d710251fa5aa9ec26de4626f11c78500195d12.zip | |
Merge remote-tracking branch 'remotes/berrange/tags/qcrypto-next-pull-request' into staging
Improve performance of XTS cipher mode impl
The XTS cipher mode performance is approximately doubled and test
coverage is improved.
# gpg: Signature made Wed 24 Oct 2018 19:05:08 BST
# gpg: using RSA key BE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>"
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>"
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF
* remotes/berrange/tags/qcrypto-next-pull-request:
crypto: add testing for unaligned buffers with XTS cipher mode
crypto: refactor XTS cipher mode test suite
crypto: annotate xts_tweak_encdec as inlineable
crypto: convert xts_mult_x to use xts_uint128 type
crypto: convert xts_tweak_encdec to use xts_uint128 type
crypto: introduce a xts_uint128 data type
crypto: remove code duplication in tweak encrypt/decrypt
crypto: expand algorithm coverage for cipher benchmark
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/benchmark-crypto-cipher.c | 149 | ||||
| -rw-r--r-- | tests/test-crypto-xts.c | 226 |
2 files changed, 292 insertions, 83 deletions
diff --git a/tests/benchmark-crypto-cipher.c b/tests/benchmark-crypto-cipher.c index f5a0d0bc32..67fdf8c31d 100644 --- a/tests/benchmark-crypto-cipher.c +++ b/tests/benchmark-crypto-cipher.c @@ -15,17 +15,27 @@ #include "crypto/init.h" #include "crypto/cipher.h" -static void test_cipher_speed(const void *opaque) +static void test_cipher_speed(size_t chunk_size, + QCryptoCipherMode mode, + QCryptoCipherAlgorithm alg) { QCryptoCipher *cipher; Error *err = NULL; double total = 0.0; - size_t chunk_size = (size_t)opaque; uint8_t *key = NULL, *iv = NULL; uint8_t *plaintext = NULL, *ciphertext = NULL; - size_t nkey = qcrypto_cipher_get_key_len(QCRYPTO_CIPHER_ALG_AES_128); - size_t niv = qcrypto_cipher_get_iv_len(QCRYPTO_CIPHER_ALG_AES_128, - QCRYPTO_CIPHER_MODE_CBC); + size_t nkey; + size_t niv; + + if (!qcrypto_cipher_supports(alg, mode)) { + return; + } + + nkey = qcrypto_cipher_get_key_len(alg); + niv = qcrypto_cipher_get_iv_len(alg, mode); + if (mode == QCRYPTO_CIPHER_MODE_XTS) { + nkey *= 2; + } key = g_new0(uint8_t, nkey); memset(key, g_test_rand_int(), nkey); @@ -38,14 +48,14 @@ static void test_cipher_speed(const void *opaque) plaintext = g_new0(uint8_t, chunk_size); memset(plaintext, g_test_rand_int(), chunk_size); - cipher = qcrypto_cipher_new(QCRYPTO_CIPHER_ALG_AES_128, - QCRYPTO_CIPHER_MODE_CBC, + cipher = qcrypto_cipher_new(alg, mode, key, nkey, &err); g_assert(cipher != NULL); - g_assert(qcrypto_cipher_setiv(cipher, - iv, niv, - &err) == 0); + if (mode != QCRYPTO_CIPHER_MODE_ECB) + g_assert(qcrypto_cipher_setiv(cipher, + iv, niv, + &err) == 0); g_test_timer_start(); do { @@ -55,13 +65,26 @@ static void test_cipher_speed(const void *opaque) chunk_size, &err) == 0); total += chunk_size; - } while (g_test_timer_elapsed() < 5.0); + } while (g_test_timer_elapsed() < 1.0); total /= MiB; - g_print("cbc(aes128): "); - g_print("Testing chunk_size %zu bytes ", chunk_size); - g_print("done: %.2f MB in %.2f secs: ", total, g_test_timer_last()); - g_print("%.2f MB/sec\n", total / g_test_timer_last()); + g_print("Enc chunk %zu bytes ", chunk_size); + g_print("%.2f MB/sec ", total / g_test_timer_last()); + + total = 0.0; + g_test_timer_start(); + do { + g_assert(qcrypto_cipher_decrypt(cipher, + plaintext, + ciphertext, + chunk_size, + &err) == 0); + total += chunk_size; + } while (g_test_timer_elapsed() < 1.0); + + total /= MiB; + g_print("Dec chunk %zu bytes ", chunk_size); + g_print("%.2f MB/sec ", total / g_test_timer_last()); qcrypto_cipher_free(cipher); g_free(plaintext); @@ -70,19 +93,99 @@ static void test_cipher_speed(const void *opaque) g_free(key); } -int main(int argc, char **argv) + +static void test_cipher_speed_ecb_aes_128(const void *opaque) +{ + size_t chunk_size = (size_t)opaque; + test_cipher_speed(chunk_size, + QCRYPTO_CIPHER_MODE_ECB, + QCRYPTO_CIPHER_ALG_AES_128); +} + +static void test_cipher_speed_ecb_aes_256(const void *opaque) { - size_t i; - char name[64]; + size_t chunk_size = (size_t)opaque; + test_cipher_speed(chunk_size, + QCRYPTO_CIPHER_MODE_ECB, + QCRYPTO_CIPHER_ALG_AES_256); +} + +static void test_cipher_speed_cbc_aes_128(const void *opaque) +{ + size_t chunk_size = (size_t)opaque; + test_cipher_speed(chunk_size, + QCRYPTO_CIPHER_MODE_CBC, + QCRYPTO_CIPHER_ALG_AES_128); +} +static void test_cipher_speed_cbc_aes_256(const void *opaque) +{ + size_t chunk_size = (size_t)opaque; + test_cipher_speed(chunk_size, + QCRYPTO_CIPHER_MODE_CBC, + QCRYPTO_CIPHER_ALG_AES_256); +} + +static void test_cipher_speed_ctr_aes_128(const void *opaque) +{ + size_t chunk_size = (size_t)opaque; + test_cipher_speed(chunk_size, + QCRYPTO_CIPHER_MODE_CTR, + QCRYPTO_CIPHER_ALG_AES_128); +} + +static void test_cipher_speed_ctr_aes_256(const void *opaque) +{ + size_t chunk_size = (size_t)opaque; + test_cipher_speed(chunk_size, + QCRYPTO_CIPHER_MODE_CTR, + QCRYPTO_CIPHER_ALG_AES_256); +} + +static void test_cipher_speed_xts_aes_128(const void *opaque) +{ + size_t chunk_size = (size_t)opaque; + test_cipher_speed(chunk_size, + QCRYPTO_CIPHER_MODE_XTS, + QCRYPTO_CIPHER_ALG_AES_128); +} + +static void test_cipher_speed_xts_aes_256(const void *opaque) +{ + size_t chunk_size = (size_t)opaque; + test_cipher_speed(chunk_size, + QCRYPTO_CIPHER_MODE_XTS, + QCRYPTO_CIPHER_ALG_AES_256); +} + + +int main(int argc, char **argv) +{ g_test_init(&argc, &argv, NULL); g_assert(qcrypto_init(NULL) == 0); - for (i = 512; i <= 64 * KiB; i *= 2) { - memset(name, 0 , sizeof(name)); - snprintf(name, sizeof(name), "/crypto/cipher/speed-%zu", i); - g_test_add_data_func(name, (void *)i, test_cipher_speed); - } +#define ADD_TEST(mode, cipher, keysize, chunk) \ + g_test_add_data_func( \ + "/crypto/cipher/" #mode "-" #cipher "-" #keysize "/chunk-" #chunk, \ + (void *)chunk, \ + test_cipher_speed_ ## mode ## _ ## cipher ## _ ## keysize) + +#define ADD_TESTS(chunk) \ + do { \ + ADD_TEST(ecb, aes, 128, chunk); \ + ADD_TEST(ecb, aes, 256, chunk); \ + ADD_TEST(cbc, aes, 128, chunk); \ + ADD_TEST(cbc, aes, 256, chunk); \ + ADD_TEST(ctr, aes, 128, chunk); \ + ADD_TEST(ctr, aes, 256, chunk); \ + ADD_TEST(xts, aes, 128, chunk); \ + ADD_TEST(xts, aes, 256, chunk); \ + } while (0) + + ADD_TESTS(512); + ADD_TESTS(4096); + ADD_TESTS(16384); + ADD_TESTS(65536); return g_test_run(); } diff --git a/tests/test-crypto-xts.c b/tests/test-crypto-xts.c index 1f1412c45a..6fb61cf635 100644 --- a/tests/test-crypto-xts.c +++ b/tests/test-crypto-xts.c @@ -1,7 +1,7 @@ /* * QEMU Crypto XTS cipher mode * - * Copyright (c) 2015-2016 Red Hat, Inc. + * Copyright (c) 2015-2018 Red Hat, Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -340,70 +340,161 @@ static void test_xts_aes_decrypt(const void *ctx, static void test_xts(const void *opaque) { const QCryptoXTSTestData *data = opaque; - unsigned char out[512], Torg[16], T[16]; + uint8_t out[512], Torg[16], T[16]; uint64_t seq; - int j; - unsigned long len; struct TestAES aesdata; struct TestAES aestweak; - for (j = 0; j < 2; j++) { - /* skip the cases where - * the length is smaller than 2*blocklen - * or the length is not a multiple of 32 - */ - if ((j == 1) && ((data->PTLEN < 32) || (data->PTLEN % 32))) { - continue; - } - len = data->PTLEN / 2; - - AES_set_encrypt_key(data->key1, data->keylen / 2 * 8, &aesdata.enc); - AES_set_decrypt_key(data->key1, data->keylen / 2 * 8, &aesdata.dec); - AES_set_encrypt_key(data->key2, data->keylen / 2 * 8, &aestweak.enc); - AES_set_decrypt_key(data->key2, data->keylen / 2 * 8, &aestweak.dec); - - seq = data->seqnum; - STORE64L(seq, Torg); - memset(Torg + 8, 0, 8); - - memcpy(T, Torg, sizeof(T)); - if (j == 0) { - xts_encrypt(&aesdata, &aestweak, - test_xts_aes_encrypt, - test_xts_aes_decrypt, - T, data->PTLEN, out, data->PTX); - } else { - xts_encrypt(&aesdata, &aestweak, - test_xts_aes_encrypt, - test_xts_aes_decrypt, - T, len, out, data->PTX); - xts_encrypt(&aesdata, &aestweak, - test_xts_aes_encrypt, - test_xts_aes_decrypt, - T, len, &out[len], &data->PTX[len]); - } + AES_set_encrypt_key(data->key1, data->keylen / 2 * 8, &aesdata.enc); + AES_set_decrypt_key(data->key1, data->keylen / 2 * 8, &aesdata.dec); + AES_set_encrypt_key(data->key2, data->keylen / 2 * 8, &aestweak.enc); + AES_set_decrypt_key(data->key2, data->keylen / 2 * 8, &aestweak.dec); - g_assert(memcmp(out, data->CTX, data->PTLEN) == 0); - - memcpy(T, Torg, sizeof(T)); - if (j == 0) { - xts_decrypt(&aesdata, &aestweak, - test_xts_aes_encrypt, - test_xts_aes_decrypt, - T, data->PTLEN, out, data->CTX); - } else { - xts_decrypt(&aesdata, &aestweak, - test_xts_aes_encrypt, - test_xts_aes_decrypt, - T, len, out, data->CTX); - xts_decrypt(&aesdata, &aestweak, - test_xts_aes_encrypt, - test_xts_aes_decrypt, - T, len, &out[len], &data->CTX[len]); - } + seq = data->seqnum; + STORE64L(seq, Torg); + memset(Torg + 8, 0, 8); - g_assert(memcmp(out, data->PTX, data->PTLEN) == 0); - } + memcpy(T, Torg, sizeof(T)); + xts_encrypt(&aesdata, &aestweak, + test_xts_aes_encrypt, + test_xts_aes_decrypt, + T, data->PTLEN, out, data->PTX); + + g_assert(memcmp(out, data->CTX, data->PTLEN) == 0); + + memcpy(T, Torg, sizeof(T)); + xts_decrypt(&aesdata, &aestweak, + test_xts_aes_encrypt, + test_xts_aes_decrypt, + T, data->PTLEN, out, data->CTX); + + g_assert(memcmp(out, data->PTX, data->PTLEN) == 0); +} + + +static void test_xts_split(const void *opaque) +{ + const QCryptoXTSTestData *data = opaque; + uint8_t out[512], Torg[16], T[16]; + uint64_t seq; + unsigned long len = data->PTLEN / 2; + struct TestAES aesdata; + struct TestAES aestweak; + + AES_set_encrypt_key(data->key1, data->keylen / 2 * 8, &aesdata.enc); + AES_set_decrypt_key(data->key1, data->keylen / 2 * 8, &aesdata.dec); + AES_set_encrypt_key(data->key2, data->keylen / 2 * 8, &aestweak.enc); + AES_set_decrypt_key(data->key2, data->keylen / 2 * 8, &aestweak.dec); + + seq = data->seqnum; + STORE64L(seq, Torg); + memset(Torg + 8, 0, 8); + + memcpy(T, Torg, sizeof(T)); + xts_encrypt(&aesdata, &aestweak, + test_xts_aes_encrypt, + test_xts_aes_decrypt, + T, len, out, data->PTX); + xts_encrypt(&aesdata, &aestweak, + test_xts_aes_encrypt, + test_xts_aes_decrypt, + T, len, &out[len], &data->PTX[len]); + + g_assert(memcmp(out, data->CTX, data->PTLEN) == 0); + + memcpy(T, Torg, sizeof(T)); + xts_decrypt(&aesdata, &aestweak, + test_xts_aes_encrypt, + test_xts_aes_decrypt, + T, len, out, data->CTX); + xts_decrypt(&aesdata, &aestweak, + test_xts_aes_encrypt, + test_xts_aes_decrypt, + T, len, &out[len], &data->CTX[len]); + + g_assert(memcmp(out, data->PTX, data->PTLEN) == 0); +} + + +static void test_xts_unaligned(const void *opaque) +{ +#define BAD_ALIGN 3 + const QCryptoXTSTestData *data = opaque; + uint8_t in[512 + BAD_ALIGN], out[512 + BAD_ALIGN]; + uint8_t Torg[16], T[16 + BAD_ALIGN]; + uint64_t seq; + struct TestAES aesdata; + struct TestAES aestweak; + + AES_set_encrypt_key(data->key1, data->keylen / 2 * 8, &aesdata.enc); + AES_set_decrypt_key(data->key1, data->keylen / 2 * 8, &aesdata.dec); + AES_set_encrypt_key(data->key2, data->keylen / 2 * 8, &aestweak.enc); + AES_set_decrypt_key(data->key2, data->keylen / 2 * 8, &aestweak.dec); + + seq = data->seqnum; + STORE64L(seq, Torg); + memset(Torg + 8, 0, 8); + + /* IV not aligned */ + memcpy(T + BAD_ALIGN, Torg, 16); + memcpy(in, data->PTX, data->PTLEN); + xts_encrypt(&aesdata, &aestweak, + test_xts_aes_encrypt, + test_xts_aes_decrypt, + T + BAD_ALIGN, data->PTLEN, out, in); + + g_assert(memcmp(out, data->CTX, data->PTLEN) == 0); + + /* plain text not aligned */ + memcpy(T, Torg, 16); + memcpy(in + BAD_ALIGN, data->PTX, data->PTLEN); + xts_encrypt(&aesdata, &aestweak, + test_xts_aes_encrypt, + test_xts_aes_decrypt, + T, data->PTLEN, out, in + BAD_ALIGN); + + g_assert(memcmp(out, data->CTX, data->PTLEN) == 0); + + /* cipher text not aligned */ + memcpy(T, Torg, 16); + memcpy(in, data->PTX, data->PTLEN); + xts_encrypt(&aesdata, &aestweak, + test_xts_aes_encrypt, + test_xts_aes_decrypt, + T, data->PTLEN, out + BAD_ALIGN, in); + + g_assert(memcmp(out + BAD_ALIGN, data->CTX, data->PTLEN) == 0); + + + /* IV not aligned */ + memcpy(T + BAD_ALIGN, Torg, 16); + memcpy(in, data->CTX, data->PTLEN); + xts_decrypt(&aesdata, &aestweak, + test_xts_aes_encrypt, + test_xts_aes_decrypt, + T + BAD_ALIGN, data->PTLEN, out, in); + + g_assert(memcmp(out, data->PTX, data->PTLEN) == 0); + + /* cipher text not aligned */ + memcpy(T, Torg, 16); + memcpy(in + BAD_ALIGN, data->CTX, data->PTLEN); + xts_decrypt(&aesdata, &aestweak, + test_xts_aes_encrypt, + test_xts_aes_decrypt, + T, data->PTLEN, out, in + BAD_ALIGN); + + g_assert(memcmp(out, data->PTX, data->PTLEN) == 0); + + /* plain text not aligned */ + memcpy(T, Torg, 16); + memcpy(in, data->CTX, data->PTLEN); + xts_decrypt(&aesdata, &aestweak, + test_xts_aes_encrypt, + test_xts_aes_decrypt, + T, data->PTLEN, out + BAD_ALIGN, in); + + g_assert(memcmp(out + BAD_ALIGN, data->PTX, data->PTLEN) == 0); } @@ -416,7 +507,22 @@ int main(int argc, char **argv) g_assert(qcrypto_init(NULL) == 0); for (i = 0; i < G_N_ELEMENTS(test_data); i++) { - g_test_add_data_func(test_data[i].path, &test_data[i], test_xts); + gchar *path = g_strdup_printf("%s/basic", test_data[i].path); + g_test_add_data_func(path, &test_data[i], test_xts); + g_free(path); + + /* skip the cases where the length is smaller than 2*blocklen + * or the length is not a multiple of 32 + */ + if ((test_data[i].PTLEN >= 32) && !(test_data[i].PTLEN % 32)) { + path = g_strdup_printf("%s/split", test_data[i].path); + g_test_add_data_func(path, &test_data[i], test_xts_split); + g_free(path); + } + + path = g_strdup_printf("%s/unaligned", test_data[i].path); + g_test_add_data_func(path, &test_data[i], test_xts_unaligned); + g_free(path); } return g_test_run(); |