/src/cryptsetup/lib/utils_benchmark.c
Line | Count | Source |
1 | | // SPDX-License-Identifier: GPL-2.0-or-later |
2 | | /* |
3 | | * libcryptsetup - cryptsetup library, cipher benchmark |
4 | | * |
5 | | * Copyright (C) 2012-2025 Red Hat, Inc. All rights reserved. |
6 | | * Copyright (C) 2012-2025 Milan Broz |
7 | | */ |
8 | | |
9 | | #include <stdlib.h> |
10 | | #include <errno.h> |
11 | | |
12 | | #include "internal.h" |
13 | | |
14 | | int crypt_benchmark(struct crypt_device *cd, |
15 | | const char *cipher, |
16 | | const char *cipher_mode, |
17 | | size_t volume_key_size, |
18 | | size_t iv_size, |
19 | | size_t buffer_size, |
20 | | double *encryption_mbs, |
21 | | double *decryption_mbs) |
22 | 0 | { |
23 | 0 | void *buffer = NULL; |
24 | 0 | char *iv = NULL, *key = NULL, mode[MAX_CIPHER_LEN], *c; |
25 | 0 | int r; |
26 | |
|
27 | 0 | if (!cipher || !cipher_mode || !volume_key_size || !encryption_mbs || !decryption_mbs) |
28 | 0 | return -EINVAL; |
29 | | |
30 | 0 | r = init_crypto(cd); |
31 | 0 | if (r < 0) |
32 | 0 | return r; |
33 | | |
34 | 0 | r = -ENOMEM; |
35 | 0 | if (posix_memalign(&buffer, crypt_getpagesize(), buffer_size)) |
36 | 0 | goto out; |
37 | 0 | memset(buffer, 0, buffer_size); |
38 | |
|
39 | 0 | r = crypt_cipher_ivsize(cipher, cipher_mode); |
40 | 0 | if (r >= 0 && iv_size != (size_t)r) { |
41 | 0 | log_dbg(cd, "IV length for benchmark adjusted to %i bytes (requested %zu).", r, iv_size); |
42 | 0 | iv_size = r; |
43 | 0 | } |
44 | |
|
45 | 0 | if (iv_size) { |
46 | 0 | iv = malloc(iv_size); |
47 | 0 | if (!iv) |
48 | 0 | goto out; |
49 | 0 | crypt_random_get(cd, iv, iv_size, CRYPT_RND_NORMAL); |
50 | 0 | } |
51 | | |
52 | 0 | key = malloc(volume_key_size); |
53 | 0 | if (!key) |
54 | 0 | goto out; |
55 | | |
56 | 0 | crypt_random_get(cd, key, volume_key_size, CRYPT_RND_NORMAL); |
57 | |
|
58 | 0 | strncpy(mode, cipher_mode, sizeof(mode)-1); |
59 | | /* Ignore IV generator */ |
60 | 0 | if ((c = strchr(mode, '-'))) |
61 | 0 | *c = '\0'; |
62 | |
|
63 | 0 | r = crypt_cipher_perf_kernel(cipher, cipher_mode, buffer, buffer_size, key, volume_key_size, |
64 | 0 | iv, iv_size, encryption_mbs, decryption_mbs); |
65 | |
|
66 | 0 | if (r == -ERANGE) |
67 | 0 | log_dbg(cd, "Measured cipher runtime is too low."); |
68 | 0 | else if (r) |
69 | 0 | log_dbg(cd, "Cannot initialize cipher %s, mode %s, key size %zu, IV size %zu.", |
70 | 0 | cipher, cipher_mode, volume_key_size, iv_size); |
71 | 0 | out: |
72 | 0 | free(buffer); |
73 | 0 | free(key); |
74 | 0 | free(iv); |
75 | |
|
76 | 0 | return r; |
77 | 0 | } |
78 | | |
79 | | int crypt_benchmark_pbkdf(struct crypt_device *cd, |
80 | | struct crypt_pbkdf_type *pbkdf, |
81 | | const char *password, |
82 | | size_t password_size, |
83 | | const char *salt, |
84 | | size_t salt_size, |
85 | | size_t volume_key_size, |
86 | | int (*progress)(uint32_t time_ms, void *usrptr), |
87 | | void *usrptr) |
88 | 0 | { |
89 | 0 | int r, priority; |
90 | 0 | const char *kdf_opt; |
91 | 0 | uint32_t memory_kb; |
92 | |
|
93 | 0 | if (!pbkdf || (!password && password_size)) |
94 | 0 | return -EINVAL; |
95 | | |
96 | 0 | r = init_crypto(cd); |
97 | 0 | if (r < 0) |
98 | 0 | return r; |
99 | | |
100 | 0 | kdf_opt = !strcmp(pbkdf->type, CRYPT_KDF_PBKDF2) ? pbkdf->hash : ""; |
101 | |
|
102 | 0 | log_dbg(cd, "Running %s(%s) benchmark.", pbkdf->type, kdf_opt); |
103 | |
|
104 | 0 | memory_kb = pbkdf_adjusted_phys_memory_kb(); |
105 | 0 | if (memory_kb < pbkdf->max_memory_kb) { |
106 | 0 | log_dbg(cd, "Not enough physical memory detected, " |
107 | 0 | "PBKDF max memory decreased from %dkB to %dkB.", |
108 | 0 | pbkdf->max_memory_kb, memory_kb); |
109 | 0 | pbkdf->max_memory_kb = memory_kb; |
110 | 0 | } |
111 | |
|
112 | 0 | crypt_process_priority(cd, &priority, true); |
113 | 0 | r = crypt_pbkdf_perf(pbkdf->type, pbkdf->hash, password, password_size, |
114 | 0 | salt, salt_size, volume_key_size, pbkdf->time_ms, |
115 | 0 | pbkdf->max_memory_kb, pbkdf->parallel_threads, |
116 | 0 | &pbkdf->iterations, &pbkdf->max_memory_kb, progress, usrptr); |
117 | 0 | crypt_process_priority(cd, &priority, false); |
118 | |
|
119 | 0 | if (!r) |
120 | 0 | log_dbg(cd, "Benchmark returns %s(%s) %u iterations, %u memory, %u threads (for %zu-bits key).", |
121 | 0 | pbkdf->type, kdf_opt, pbkdf->iterations, pbkdf->max_memory_kb, |
122 | 0 | pbkdf->parallel_threads, volume_key_size * 8); |
123 | 0 | return r; |
124 | 0 | } |
125 | | |
126 | | struct benchmark_usrptr { |
127 | | struct crypt_device *cd; |
128 | | struct crypt_pbkdf_type *pbkdf; |
129 | | }; |
130 | | |
131 | | static int benchmark_callback(uint32_t time_ms, void *usrptr) |
132 | 0 | { |
133 | 0 | struct benchmark_usrptr *u = usrptr; |
134 | |
|
135 | 0 | log_dbg(u->cd, "PBKDF benchmark: memory cost = %u, iterations = %u, " |
136 | 0 | "threads = %u (took %u ms)", u->pbkdf->max_memory_kb, |
137 | 0 | u->pbkdf->iterations, u->pbkdf->parallel_threads, time_ms); |
138 | |
|
139 | 0 | return 0; |
140 | 0 | } |
141 | | |
142 | | /* |
143 | | * Used in internal places to benchmark crypt_device context PBKDF. |
144 | | * Once requested parameters are benchmarked, iterations attribute is set, |
145 | | * and the benchmarked values can be reused. |
146 | | * Note that memory cost can be changed after benchmark (if used). |
147 | | * NOTE: You need to check that you are benchmarking for the same key size. |
148 | | */ |
149 | | int crypt_benchmark_pbkdf_internal(struct crypt_device *cd, |
150 | | struct crypt_pbkdf_type *pbkdf, |
151 | | size_t volume_key_size) |
152 | 0 | { |
153 | 0 | struct crypt_pbkdf_limits pbkdf_limits; |
154 | 0 | double PBKDF2_tmp; |
155 | 0 | uint32_t ms_tmp; |
156 | 0 | int r = -EINVAL; |
157 | 0 | struct benchmark_usrptr u = { |
158 | 0 | .cd = cd, |
159 | 0 | .pbkdf = pbkdf |
160 | 0 | }; |
161 | |
|
162 | 0 | r = crypt_pbkdf_get_limits(pbkdf->type, &pbkdf_limits); |
163 | 0 | if (r) |
164 | 0 | return r; |
165 | | |
166 | 0 | if (pbkdf->flags & CRYPT_PBKDF_NO_BENCHMARK) { |
167 | 0 | if (pbkdf->iterations) { |
168 | 0 | log_dbg(cd, "Reusing PBKDF values (no benchmark flag is set)."); |
169 | 0 | return 0; |
170 | 0 | } |
171 | 0 | log_err(cd, _("PBKDF benchmark disabled but iterations not set.")); |
172 | 0 | return -EINVAL; |
173 | 0 | } |
174 | | |
175 | | /* For PBKDF2 run benchmark always. Also note it depends on volume_key_size! */ |
176 | 0 | if (!strcmp(pbkdf->type, CRYPT_KDF_PBKDF2)) { |
177 | | /* |
178 | | * For PBKDF2 it is enough to run benchmark for only 1 second |
179 | | * and interpolate final iterations value from it. |
180 | | */ |
181 | 0 | ms_tmp = pbkdf->time_ms; |
182 | 0 | pbkdf->time_ms = 1000; |
183 | 0 | pbkdf->parallel_threads = 0; /* N/A in PBKDF2 */ |
184 | 0 | pbkdf->max_memory_kb = 0; /* N/A in PBKDF2 */ |
185 | |
|
186 | 0 | r = crypt_benchmark_pbkdf(cd, pbkdf, "foobarfo", 8, "01234567890abcdef", 16, |
187 | 0 | volume_key_size, &benchmark_callback, &u); |
188 | 0 | pbkdf->time_ms = ms_tmp; |
189 | 0 | if (r < 0) { |
190 | 0 | log_err(cd, _("Not compatible PBKDF2 options (using hash algorithm %s)."), |
191 | 0 | pbkdf->hash); |
192 | 0 | return r; |
193 | 0 | } |
194 | | |
195 | 0 | PBKDF2_tmp = ((double)pbkdf->iterations * pbkdf->time_ms / 1000.); |
196 | 0 | if (PBKDF2_tmp > (double)UINT32_MAX) |
197 | 0 | return -EINVAL; |
198 | 0 | pbkdf->iterations = AT_LEAST((uint32_t)PBKDF2_tmp, pbkdf_limits.min_iterations); |
199 | 0 | } else { |
200 | | /* Already benchmarked */ |
201 | 0 | if (pbkdf->iterations) { |
202 | 0 | log_dbg(cd, "Reusing PBKDF values."); |
203 | 0 | return 0; |
204 | 0 | } |
205 | | |
206 | 0 | r = crypt_benchmark_pbkdf(cd, pbkdf, "foobarfo", 8, |
207 | 0 | "0123456789abcdef0123456789abcdef", 32, |
208 | 0 | volume_key_size, &benchmark_callback, &u); |
209 | 0 | if (r < 0) |
210 | 0 | log_err(cd, _("Not compatible PBKDF options.")); |
211 | 0 | } |
212 | | |
213 | 0 | return r; |
214 | 0 | } |