moved publickey speed test to a standalone program

This reverts commit 08874d6ae29745de264f269b15afbbf6cd5acaad.

3 files changed, 152 insertions, 1 deletions

diff --git a/scripts/.gitignore b/scripts/.gitignore
index f9da93bc4..8ab4cc4df 100644
--- a/scripts/.gitignore
+++ b/scripts/.gitignore
@@ -5,3 +5,4 @@ key2keyid
 keyid2sql
 thread_analysis
 dh_speed
+pubkey_speed
diff --git a/scripts/Makefile.am b/scripts/Makefile.am
index 5a0ad1d68..f8d62b3bc 100644
--- a/scripts/Makefile.am
+++ b/scripts/Makefile.am
@@ -4,7 +4,7 @@ AM_CFLAGS = \
 -DSTRONGSWAN_CONF=\"${strongswan_conf}\"
 
 noinst_PROGRAMS = bin2array bin2sql id2sql key2keyid keyid2sql \
-	thread_analysis dh_speed
+	thread_analysis dh_speed pubkey_speed
 bin2array_SOURCES = bin2array.c
 bin2sql_SOURCES = bin2sql.c
 id2sql_SOURCES = id2sql.c
@@ -12,7 +12,9 @@ key2keyid_SOURCES = key2keyid.c
 keyid2sql_SOURCES = keyid2sql.c
 thread_analysis_SOURCES = thread_analysis.c
 dh_speed_SOURCES = dh_speed.c
+pubkey_speed_SOURCES = pubkey_speed.c
 id2sql_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
 key2keyid_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
 keyid2sql_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
 dh_speed_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lrt
+pubkey_speed_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lrt
diff --git a/scripts/pubkey_speed.c b/scripts/pubkey_speed.c
new file mode 100644
index 000000000..8f1e7449c
--- /dev/null
+++ b/scripts/pubkey_speed.c
@@ -0,0 +1,148 @@
+
+#include <stdio.h>
+#include <time.h>
+#include <library.h>
+#include <debug.h>
+#include <credentials/keys/private_key.h>
+#include <asn1/pem.h>
+
+void start_timing(struct timespec *start)
+{
+	clock_gettime(CLOCK_THREAD_CPUTIME_ID, start);
+}
+
+double end_timing(struct timespec *start)
+{
+	struct timespec end;
+	
+	clock_gettime(CLOCK_THREAD_CPUTIME_ID, &end);
+	return (end.tv_nsec - start->tv_nsec) / 1000000000.0 +
+			(end.tv_sec - start->tv_sec) * 1.0;
+}
+
+static void usage()
+{
+	printf("usage: pubkey_speed plugins rsa|ecdsa rounds\n");
+	exit(1);
+}
+
+static char data_buf[] = {0x01,0x02,0x03,0x04,0x05,0x06,0x07};
+
+int main(int argc, char *argv[])
+{
+	private_key_t *private;
+	public_key_t *public;
+	struct timespec timing;
+	int round, rounds, read;
+	char buf[8096], *pos = buf;
+	key_type_t type;
+	signature_scheme_t scheme;
+	chunk_t keydata, *sigs, data = chunk_from_buf(data_buf);
+	
+	if (argc < 4)
+	{
+		usage();
+	}
+	
+	rounds = atoi(argv[3]);
+	
+	if (streq(argv[2], "rsa"))
+	{
+		type = KEY_RSA;
+		scheme = SIGN_RSA_EMSA_PKCS1_SHA1;
+	}
+	else if (streq(argv[2], "ecdsa"))
+	{
+		type = KEY_ECDSA;
+	}
+	else
+	{
+		usage();
+	}
+	
+	library_init(STRONGSWAN_CONF);
+	lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, argv[1]);
+	atexit(library_deinit);
+	
+	keydata = chunk_create(buf, 0);
+	while ((read = fread(pos, 1, sizeof(buf) - (pos - buf), stdin)))
+	{
+		pos += read;
+		keydata.len += read;
+	}
+	if (pem_to_bin(&keydata, chunk_empty, NULL) != SUCCESS)
+	{
+		printf("converting PEM private key failed.\n");
+		exit(1);
+	}
+	
+	private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
+								 BUILD_BLOB_ASN1_DER, keydata, BUILD_END);
+	if (!private)
+	{
+		printf("parsing private key failed.\n");
+		exit(1);
+	}
+	if (type == KEY_ECDSA)
+	{
+		switch (private->get_keysize(private))
+		{
+			case 32:
+				scheme = SIGN_ECDSA_256; 
+				break;
+			case 48:
+				scheme = SIGN_ECDSA_384;
+				break;
+			case 66:
+				scheme = SIGN_ECDSA_521;
+				break;
+			default:
+				printf("%d bit ECDSA private key size not supported",
+						private->get_keysize(private) * 8);
+				exit(1);
+		}
+	}
+	
+	printf("%4d bit %N: ", private->get_keysize(private)*8,
+		key_type_names, type);
+	
+	sigs = malloc(sizeof(chunk_t) * rounds);
+	
+	start_timing(&timing);
+	for (round = 0; round < rounds; round++)
+	{
+		if (!private->sign(private, scheme, data, &sigs[round]))
+		{
+			printf("creating signature failed\n");
+			exit(1);
+		}
+	};
+	printf("sign()/s: %8.1f   ", rounds / end_timing(&timing));
+	
+	public = private->get_public_key(private);
+	if (!public)
+	{
+		printf("extracting public key failed\n");
+		exit(1);
+	}
+	start_timing(&timing);
+	for (round = 0; round < rounds; round++)
+	{
+		if (!public->verify(public, scheme, data, sigs[round]))
+		{
+			printf("signature verification failed\n");
+			exit(1);
+		}
+	}
+	printf("verify()/s: %8.1f\n", rounds / end_timing(&timing));
+	public->destroy(public);
+	private->destroy(private);
+	
+	for (round = 0; round < rounds; round++)
+	{
+		free(sigs[round].ptr);
+	}
+	free(sigs);
+	return 0;
+}
+