p11perftest

An utility to benchmark speed of operations of a PKCS#11 implementation.

Warning

On Nov 30th 2023, This repo has been rebased for quality reasons. Pay attention when you are fetching or pulling from it. We apologize for the inconvenience.

Installing

Pre-requisites

You will need the following:

• a recent/decent C++ compiler that supports C++17
• the Boost library (a recent copy, above 1.60)
• the Botan library (a recent copy, above 2.17.1)

On RedHat/Oracle, you can generally find Boost on RPMs, from the EPEL repository. Check out this link to add EPEL to your yum repositories. Note that on EPEL, boost is suffixed with a version number, like boost169.

Botan has to be compiled from scratch. Check out online instructions to compile and install it.

To boostrap the autotools environment, you will need the following packages deployed on your system:

• autoconf
• automake
• autoconf-archive
• libtool

Installation

Once you have it all, you can bootstrap, configure and compile. You will need to adapt the flags in the instruction below to adapt to your environment.

In the example below, boost library is deployed within /usr/lib64/boost169, and botan has its pkg-config configuration deployed in /usr/local/lib/pkgconfig

$ ./bootstrap.sh
$ ./configure -C  --with-boost-libdir=/usr/lib64/boost169  CXXFLAGS=-I/usr/include/boost169 PKG_CONFIG_PATH=/usr/local/lib/pkgconfig
$ make

Note that to execute p11perftest, you may have to adjust LD_LIBRARY_PATH to include the path to where Botan is deployed (typically /usr/local/lib )

Usage

Keys to generate

In case session keys cannot be used (which is the default behaviour), keys must be created directly on the cryptographic token. In order to execute the test, you will need to create the following keys upfront:

| key name | description | |--------------------|----------------------------------------------------------------------------------------------| | rsa-2048 | a 2048 bits RSA key, with CKA_SIGN, CKA_ENCRYPT, CKA_DECRYPT, CKA_WRAP, CKA_UNWRAP | | rsa-3072 | a 3072 bits RSA key, with CKA_SIGN, CKA_ENCRYPT, CKA_DECRYPT, CKA_WRAP, CKA_UNWRAP | | rsa-4096 | a 4096 bits RSA key, with CKA_SIGN, CKA_ENCRYPT, CKA_DECRYPT, CKA_WRAP, CKA_UNWRAP | | ecdsa-secp256r1 | a secp256r1 ECDSA key, with CKA_SIGN | | ecdsa-secp384r1 | a secp384r1 ECDSA key, with CKA_SIGN | | ecdsa-secp521r1 | a secp521r1 ECDSA key, with CKA_SIGN | | ecdh-secp256r1 | a secp256r1 ECDH key, with CKA_DERIVE | | ecdh-secp384r1 | a secp384r1 ECDH key, with CKA_DERIVE | | ecdh-secp521r1 | a secp521r1 ECDH key, with CKA_DERIVE | | des-128 | a 2DES key, with CKA_ENCRYPT | | des-192 | a 3DES key, with CKA_ENCRYPT | | aes-128 | a 128 bits AES key, with CKA_ENCRYPT | | aes-192 | a 192 bits AES key, with CKA_ENCRYPT | | aes-256 | a 256 bits AES key, with CKA_ENCRYPT | | hmac-sha1 | a 160 bits generic secret key, with CKA_SIGN | | hmac-sha256 | a 256 bits generic secret key, with CKA_SIGN | | hmac-sha512 | a 512 bits generic secret key, with CKA_SIGN | | xorder-128 | a 128 bits generic secret key, with CKA_DERIVE | | rand-128 | a 128 bits AES key (not used during testing), presence yet needed |

There is a script at scripts/createkeys.sh to create these keys, using the PKCS#11 toolkit. There is also a python script, at scripts/generatekeys.py. It requires Python 3, and you will need to deploy the dependent libraries using pip:

$ pip install -r requirements.txt

implemented tests

| name | measured operation | allowed vectors | involved mechanisms | |-----------|------------------------------------------------------|--------------------------------------------------------------|----------------------------------------| | aescbc | AES encryption, in CBC mode | 16n, n>1 | CKM_AES_CBC | | aesecb | AES encryption, in ECB mode | 16n, n>1 | CKM_AES_ECB | | aesgcm | AES encryption, in GCM mode, IV=12 bytes, no AAD | 1+ | CKM_AES_GCM | | descbc | 3DES encryption, in CBC mode | 8n, n>1 | CKM_DES3_CBC | | desecb | AES encryption, in ECB mode | 8n, n>1 | CKM_DES3_ECB | | ecdh | Elliptic curve based Diffie Hellman key derivation | keysize dependent | CKM_ECDH1_DERIVE | | ecdsa | ECDSA digital signature (hashing in software) | 1+ | CKM_ECDSA | | hmac | HMAC generation | 1+ CKM_SHA_1_HMAC, CKM_SHA256_HMAC, ... | | | jwe | JWE decryption (RFC7516), using RSA OAEP and AES GCM | 1+ | CKM_RSA_PKCS_OAEP and CKM_AES_GCM | | oaep | RSA OAEP decryption | keysize dependent | CKM_RSA_PKCS_OAEP with C_Decrypt() | | oaepunw | RSA OAEP unwrapping ( a generic secret key) | keysize dependent | CKM_RSA_PKCS_OAEP with C_Unwrap() | | rand | Generate random numbers | 1+ | C_GenerateRandom() | | xorder | Key derivation based on exclusive OR | 1+ | CKM_XOR_BASE_AND_DATA |

Invocation

p11perftest can be invoked with only three arguments:

• a path to a PKCS#11 library
• a slot index
• a password

Here is the full list of supported arguments:

• -h [ --help ], print help message
• -l [ --library ] arg, PKCS#11 library path
• -s [ --slot ] arg, slot index to use
• -p [ --password ] arg, password for token in slot
• -t [ --threads ] arg (=1), number of concurrent threads
• -i [ --iterations ] arg (=200), number of iterations
• --skip arg (=0), number of iterations to skip before recording for statistics (in addition to iterations)
• -j [ --json ], output results as JSON
• -o [ --jsonfile ] arg, JSON output file name
• -c [ --coverage ] arg (=rsa,ecdsa,ecdh,hmac,des,aes,xorder,rand,jwe,oaep,oaepunw), coverage of test cases
• -v [ --vectors ] arg (=8,16,64,256,1024,4096), test vectors to use
• -k [ --keysizes ] arg (=rsa2048,rsa3072,rsa4096,ecnistp256,ecnistp384,ecnistp521,hmac160,hmac256,hmac512,des128,des192,aes128,aes192,aes256), key sizes or curves to use
• -f [ --flavour ] arg (=generic), PKCS#11 implementation flavour. Possible values: generic, luna , utimaco, entrust, marvell
• -n [ --nogenerate ], do not attempt to generate session keys; instead, use pre-existing keys on token

Some arguments allow to specify more than one value. To do so, just separate values with a comma , and without space between values.

Skipping iterations

Some tokens tend to show a different performance for the first call of an API, compared to the subsequent ones. The parameter --skip allows to skip any number of iterations, i.e. these are executed but not accounted for in statistics.

algorithms descriptors

By default, coverage for des includes ECB and CBC mode; coverage for aes includes ECB, CBC and GCM modes; coverage for jwe includes RSA-OAEP and RSA-OAEP-SHA256; coverage for oaep includes OAEP decryption with SHA1 and OAEP with SHA256, and oaepunw includes OAEP key unwrapping with SHA1 and with SHA256. It is possible to narrow down to specific modes:

• for AES, aesecb, aescbc, or aesgcm instead of aes
• for DES, desecb or descbc for des
• for JWE, jweoaepsha1 for RSA-OAEP or jweoaepsha256 for RSA-OAEP-SHA256
• for OAEP decryption, oaepsha1 for OAEP with SHA1 or oaepsha256 for OAEP with SHA256
• for OAEP unwrapping, oaepunwsha1 for