1 /* 2 * Copyright (c) 2003-2005 Kungliga Tekniska Högskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of KTH nor the names of its contributors may be 18 * used to endorse or promote products derived from this software without 19 * specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY 22 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE 25 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 26 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 27 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 28 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 29 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 30 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 31 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 32 33 #include "krb5_locl.h" 34 #include <err.h> 35 #include <getarg.h> 36 37 static void 38 time_encryption(krb5_context context, size_t size, 39 krb5_enctype etype, int iterations) 40 { 41 struct timeval tv1, tv2; 42 krb5_error_code ret; 43 krb5_keyblock key; 44 krb5_crypto crypto; 45 krb5_data data; 46 char *etype_name; 47 void *buf; 48 int i; 49 50 ret = krb5_generate_random_keyblock(context, etype, &key); 51 if (ret) 52 krb5_err(context, 1, ret, "krb5_generate_random_keyblock"); 53 54 ret = krb5_enctype_to_string(context, etype, &etype_name); 55 if (ret) 56 krb5_err(context, 1, ret, "krb5_enctype_to_string"); 57 58 buf = malloc(size); 59 if (buf == NULL) 60 krb5_errx(context, 1, "out of memory"); 61 memset(buf, 0, size); 62 63 ret = krb5_crypto_init(context, &key, 0, &crypto); 64 if (ret) 65 krb5_err(context, 1, ret, "krb5_crypto_init"); 66 67 gettimeofday(&tv1, NULL); 68 69 for (i = 0; i < iterations; i++) { 70 ret = krb5_encrypt(context, crypto, 0, buf, size, &data); 71 if (ret) 72 krb5_err(context, 1, ret, "encrypt: %d", i); 73 krb5_data_free(&data); 74 } 75 76 gettimeofday(&tv2, NULL); 77 78 timevalsub(&tv2, &tv1); 79 80 printf("%s size: %7lu iterations: %d time: %3ld.%06ld\n", 81 etype_name, (unsigned long)size, iterations, 82 (long)tv2.tv_sec, (long)tv2.tv_usec); 83 84 free(buf); 85 free(etype_name); 86 krb5_crypto_destroy(context, crypto); 87 krb5_free_keyblock_contents(context, &key); 88 } 89 90 static void 91 time_s2k(krb5_context context, 92 krb5_enctype etype, 93 const char *password, 94 krb5_salt salt, 95 int iterations) 96 { 97 struct timeval tv1, tv2; 98 krb5_error_code ret; 99 krb5_keyblock key; 100 krb5_data opaque; 101 char *etype_name; 102 int i; 103 104 ret = krb5_enctype_to_string(context, etype, &etype_name); 105 if (ret) 106 krb5_err(context, 1, ret, "krb5_enctype_to_string"); 107 108 opaque.data = NULL; 109 opaque.length = 0; 110 111 gettimeofday(&tv1, NULL); 112 113 for (i = 0; i < iterations; i++) { 114 ret = krb5_string_to_key_salt_opaque(context, etype, password, salt, 115 opaque, &key); 116 if (ret) 117 krb5_err(context, 1, ret, "krb5_string_to_key_data_salt_opaque"); 118 krb5_free_keyblock_contents(context, &key); 119 } 120 121 gettimeofday(&tv2, NULL); 122 123 timevalsub(&tv2, &tv1); 124 125 printf("%s string2key %d iterations time: %3ld.%06ld\n", 126 etype_name, iterations, (long)tv2.tv_sec, (long)tv2.tv_usec); 127 free(etype_name); 128 129 } 130 131 static int version_flag = 0; 132 static int help_flag = 0; 133 134 static struct getargs args[] = { 135 {"version", 0, arg_flag, &version_flag, 136 "print version", NULL }, 137 {"help", 0, arg_flag, &help_flag, 138 NULL, NULL } 139 }; 140 141 static void 142 usage (int ret) 143 { 144 arg_printusage (args, 145 sizeof(args)/sizeof(*args), 146 NULL, 147 ""); 148 exit (ret); 149 } 150 151 int 152 main(int argc, char **argv) 153 { 154 krb5_context context; 155 krb5_error_code ret; 156 int i, enciter, s2kiter; 157 int optidx = 0; 158 krb5_salt salt; 159 160 krb5_enctype enctypes[] = { 161 ETYPE_DES_CBC_CRC, 162 ETYPE_DES3_CBC_SHA1, 163 ETYPE_ARCFOUR_HMAC_MD5, 164 ETYPE_AES128_CTS_HMAC_SHA1_96, 165 ETYPE_AES256_CTS_HMAC_SHA1_96 166 }; 167 168 setprogname(argv[0]); 169 170 if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) 171 usage(1); 172 173 if (help_flag) 174 usage (0); 175 176 if(version_flag){ 177 print_version(NULL); 178 exit(0); 179 } 180 181 salt.salttype = KRB5_PW_SALT; 182 salt.saltvalue.data = NULL; 183 salt.saltvalue.length = 0; 184 185 ret = krb5_init_context(&context); 186 if (ret) 187 errx (1, "krb5_init_context failed: %d", ret); 188 189 enciter = 1000; 190 s2kiter = 100; 191 192 for (i = 0; i < sizeof(enctypes)/sizeof(enctypes[0]); i++) { 193 194 krb5_enctype_enable(context, enctypes[i]); 195 196 time_encryption(context, 16, enctypes[i], enciter); 197 time_encryption(context, 32, enctypes[i], enciter); 198 time_encryption(context, 512, enctypes[i], enciter); 199 time_encryption(context, 1024, enctypes[i], enciter); 200 time_encryption(context, 2048, enctypes[i], enciter); 201 time_encryption(context, 4096, enctypes[i], enciter); 202 time_encryption(context, 8192, enctypes[i], enciter); 203 time_encryption(context, 16384, enctypes[i], enciter); 204 time_encryption(context, 32768, enctypes[i], enciter); 205 206 time_s2k(context, enctypes[i], "mYsecreitPassword", salt, s2kiter); 207 } 208 209 krb5_free_context(context); 210 211 return 0; 212 } 213