tests: add encryption benchmarks to cryptfs

4 files changed, 94 insertions, 3 deletions

diff --git a/.gitignore b/.gitignore
index 5108eb7..93e4413 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,4 +6,6 @@
 
 # binary releases
 /*.tar.gz
-c
+
+# Binaries created for cpu profiling
+*.test
diff --git a/cryptfs/openssl_benchmark.bash b/cryptfs/openssl_benchmark.bash
new file mode 100755
index 0000000..df29628
--- /dev/null
+++ b/cryptfs/openssl_benchmark.bash
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+go test -run NONE -bench BenchmarkEnc
diff --git a/cryptfs/openssl_test.go b/cryptfs/openssl_test.go
new file mode 100644
index 0000000..85a97d9
--- /dev/null
+++ b/cryptfs/openssl_test.go
@@ -0,0 +1,76 @@
+package cryptfs
+
+// Benchmark go built-int GCM against spacemonkey openssl bindings
+//
+// Note: The benchmarks in this file supersede the ones in the openssl_benchmark
+//       directory as they use the same code paths that gocryptfs actually uses.
+//
+// Run benchmark:
+// go test -bench Enc
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"testing"
+)
+
+func benchmarkGoEnc(b *testing.B, plaintext []byte, key []byte, nonce []byte) (ciphertext []byte) {
+	b.SetBytes(int64(len(plaintext)))
+	aes, err := aes.NewCipher(key[:])
+	if err != nil {
+		b.Fatal(err)
+	}
+	aesgcm, err := cipher.NewGCMWithNonceSize(aes, len(nonce))
+	if err != nil {
+		b.Fatal(err)
+	}
+	// This would be fileID + blockNo
+	aData := make([]byte, 24)
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		// Encrypt plaintext and append to nonce
+		ciphertext = aesgcm.Seal(nonce, nonce, plaintext, aData)
+	}
+	return ciphertext
+}
+
+func benchmarkOpensslEnc(b *testing.B, plaintext []byte, key []byte, nonce []byte) (ciphertext []byte) {
+	b.SetBytes(int64(len(plaintext)))
+	var aesgcm opensslGCM
+	aesgcm.key = key
+	// This would be fileID + blockNo
+	aData := make([]byte, 24)
+	for i := 0; i < b.N; i++ {
+		// Encrypt plaintext and append to nonce
+		ciphertext = aesgcm.Seal(nonce, nonce, plaintext, aData)
+	}
+	return ciphertext
+}
+
+func BenchmarkEnc_Go_4k_AES256_nonce96(b *testing.B) {
+	plaintext := make([]byte, 4048)
+	key := make([]byte, 256/8)
+	nonce := make([]byte, 96/8)
+	benchmarkGoEnc(b, plaintext, key, nonce)
+}
+
+func BenchmarkEnc_Go_4k_AES256_nonce128(b *testing.B) {
+	plaintext := make([]byte, 4048)
+	key := make([]byte, 256/8)
+	nonce := make([]byte, 128/8)
+	benchmarkGoEnc(b, plaintext, key, nonce)
+}
+
+func BenchmarkEnc_OpenSSL_4k_AES256_nonce96(b *testing.B) {
+	plaintext := make([]byte, 4048)
+	key := make([]byte, 256/8)
+	nonce := make([]byte, 96/8)
+	benchmarkOpensslEnc(b, plaintext, key, nonce)
+}
+
+func BenchmarkEnc_OpenSSL_4k_AES256_nonce128(b *testing.B) {
+	plaintext := make([]byte, 4048)
+	key := make([]byte, 256/8)
+	nonce := make([]byte, 96/8)
+	benchmarkOpensslEnc(b, plaintext, key, nonce)
+}
diff --git a/openssl_benchmark/openssl_test.go b/openssl_benchmark/openssl_test.go
index 76c68a8..35abca7 100644
--- a/openssl_benchmark/openssl_test.go
+++ b/openssl_benchmark/openssl_test.go
@@ -2,6 +2,8 @@ package benchmark
 
 // Benchmark go built-int GCM against spacemonkey openssl bindings
 //
+// Note: This is deprecated in favor of the benchmarks integrated in cryptfs.
+//
 // Run benchmark:
 // go test -bench=.
 
@@ -33,10 +35,11 @@ func BenchmarkGoEnc4K(b *testing.B) {
 	aes, _ := aes.NewCipher(key[:])
 	aesgcm, _ := cipher.NewGCM(aes)
 	var out []byte
-
+	// This would be fileID + blockNo
+	aData := make([]byte, 24)
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		out = aesgcm.Seal(out[:0], nonce[:], buf, nil)
+		out = aesgcm.Seal(out[:0], nonce[:], buf, aData)
 	}
 }
 
@@ -67,6 +70,9 @@ func BenchmarkOpensslEnc4K(b *testing.B) {
 	var key [cryptfs.KEY_LEN]byte
 	var nonce [12]byte
 
+	// This would be fileID + blockNo
+	aData := make([]byte, 24)
+
 	var ciphertext bytes.Buffer
 	var part []byte
 
@@ -77,6 +83,10 @@ func BenchmarkOpensslEnc4K(b *testing.B) {
 		if err != nil {
 			b.FailNow()
 		}
+		err = ectx.ExtraData(aData)
+		if err != nil {
+			b.FailNow()
+		}
 		part, err = ectx.EncryptUpdate(buf)
 		if err != nil {
 			b.FailNow()