summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitignore4
-rwxr-xr-xcryptfs/openssl_benchmark.bash3
-rw-r--r--cryptfs/openssl_test.go76
-rw-r--r--openssl_benchmark/openssl_test.go14
4 files changed, 94 insertions, 3 deletions
diff --git a/.gitignore b/.gitignore
index 5108eb7..93e4413 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,4 +6,6 @@
# binary releases
/*.tar.gz
-c
+
+# Binaries created for cpu profiling
+*.test
diff --git a/cryptfs/openssl_benchmark.bash b/cryptfs/openssl_benchmark.bash
new file mode 100755
index 0000000..df29628
--- /dev/null
+++ b/cryptfs/openssl_benchmark.bash
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+go test -run NONE -bench BenchmarkEnc
diff --git a/cryptfs/openssl_test.go b/cryptfs/openssl_test.go
new file mode 100644
index 0000000..85a97d9
--- /dev/null
+++ b/cryptfs/openssl_test.go
@@ -0,0 +1,76 @@
+package cryptfs
+
+// Benchmark go built-int GCM against spacemonkey openssl bindings
+//
+// Note: The benchmarks in this file supersede the ones in the openssl_benchmark
+// directory as they use the same code paths that gocryptfs actually uses.
+//
+// Run benchmark:
+// go test -bench Enc
+
+import (
+ "crypto/aes"
+ "crypto/cipher"
+ "testing"
+)
+
+func benchmarkGoEnc(b *testing.B, plaintext []byte, key []byte, nonce []byte) (ciphertext []byte) {
+ b.SetBytes(int64(len(plaintext)))
+ aes, err := aes.NewCipher(key[:])
+ if err != nil {
+ b.Fatal(err)
+ }
+ aesgcm, err := cipher.NewGCMWithNonceSize(aes, len(nonce))
+ if err != nil {
+ b.Fatal(err)
+ }
+ // This would be fileID + blockNo
+ aData := make([]byte, 24)
+ b.ResetTimer()
+ for i := 0; i < b.N; i++ {
+ // Encrypt plaintext and append to nonce
+ ciphertext = aesgcm.Seal(nonce, nonce, plaintext, aData)
+ }
+ return ciphertext
+}
+
+func benchmarkOpensslEnc(b *testing.B, plaintext []byte, key []byte, nonce []byte) (ciphertext []byte) {
+ b.SetBytes(int64(len(plaintext)))
+ var aesgcm opensslGCM
+ aesgcm.key = key
+ // This would be fileID + blockNo
+ aData := make([]byte, 24)
+ for i := 0; i < b.N; i++ {
+ // Encrypt plaintext and append to nonce
+ ciphertext = aesgcm.Seal(nonce, nonce, plaintext, aData)
+ }
+ return ciphertext
+}
+
+func BenchmarkEnc_Go_4k_AES256_nonce96(b *testing.B) {
+ plaintext := make([]byte, 4048)
+ key := make([]byte, 256/8)
+ nonce := make([]byte, 96/8)
+ benchmarkGoEnc(b, plaintext, key, nonce)
+}
+
+func BenchmarkEnc_Go_4k_AES256_nonce128(b *testing.B) {
+ plaintext := make([]byte, 4048)
+ key := make([]byte, 256/8)
+ nonce := make([]byte, 128/8)
+ benchmarkGoEnc(b, plaintext, key, nonce)
+}
+
+func BenchmarkEnc_OpenSSL_4k_AES256_nonce96(b *testing.B) {
+ plaintext := make([]byte, 4048)
+ key := make([]byte, 256/8)
+ nonce := make([]byte, 96/8)
+ benchmarkOpensslEnc(b, plaintext, key, nonce)
+}
+
+func BenchmarkEnc_OpenSSL_4k_AES256_nonce128(b *testing.B) {
+ plaintext := make([]byte, 4048)
+ key := make([]byte, 256/8)
+ nonce := make([]byte, 96/8)
+ benchmarkOpensslEnc(b, plaintext, key, nonce)
+}
diff --git a/openssl_benchmark/openssl_test.go b/openssl_benchmark/openssl_test.go
index 76c68a8..35abca7 100644
--- a/openssl_benchmark/openssl_test.go
+++ b/openssl_benchmark/openssl_test.go
@@ -2,6 +2,8 @@ package benchmark
// Benchmark go built-int GCM against spacemonkey openssl bindings
//
+// Note: This is deprecated in favor of the benchmarks integrated in cryptfs.
+//
// Run benchmark:
// go test -bench=.
@@ -33,10 +35,11 @@ func BenchmarkGoEnc4K(b *testing.B) {
aes, _ := aes.NewCipher(key[:])
aesgcm, _ := cipher.NewGCM(aes)
var out []byte
-
+ // This would be fileID + blockNo
+ aData := make([]byte, 24)
b.ResetTimer()
for i := 0; i < b.N; i++ {
- out = aesgcm.Seal(out[:0], nonce[:], buf, nil)
+ out = aesgcm.Seal(out[:0], nonce[:], buf, aData)
}
}
@@ -67,6 +70,9 @@ func BenchmarkOpensslEnc4K(b *testing.B) {
var key [cryptfs.KEY_LEN]byte
var nonce [12]byte
+ // This would be fileID + blockNo
+ aData := make([]byte, 24)
+
var ciphertext bytes.Buffer
var part []byte
@@ -77,6 +83,10 @@ func BenchmarkOpensslEnc4K(b *testing.B) {
if err != nil {
b.FailNow()
}
+ err = ectx.ExtraData(aData)
+ if err != nil {
+ b.FailNow()
+ }
part, err = ectx.EncryptUpdate(buf)
if err != nil {
b.FailNow()