From ed08985212345ac11904b2db5b7f78be0d8885e3 Mon Sep 17 00:00:00 2001 From: Matt Corallo Date: Sat, 2 Mar 2024 20:20:11 +0000 Subject: [PATCH] Add a simple benchmark of 2048-bit RSA validation This shows our RSA is only roughly 3.5x slower than OpenSSL. --- bench/Cargo.toml | 22 ++++++++++++++++++++++ bench/benches/bench.rs | 18 ++++++++++++++++++ src/lib.rs | 4 ++-- test.sh | 2 ++ 4 files changed, 44 insertions(+), 2 deletions(-) create mode 100644 bench/Cargo.toml create mode 100644 bench/benches/bench.rs diff --git a/bench/Cargo.toml b/bench/Cargo.toml new file mode 100644 index 0000000..63158a3 --- /dev/null +++ b/bench/Cargo.toml @@ -0,0 +1,22 @@ +[package] +name = "bench" +version = "0.0.1" +authors = ["Matt Corallo"] +edition = "2021" + +[[bench]] +name = "bench" +harness = false + +[features] + +[dependencies] +dnssec-prover = { path = "../", features = ["validation"] } +criterion = { version = "0.4", default-features = false } + +[profile.release] +opt-level = 3 +codegen-units = 1 +lto = true +panic = "abort" +debug = true diff --git a/bench/benches/bench.rs b/bench/benches/bench.rs new file mode 100644 index 0000000..2d963bc --- /dev/null +++ b/bench/benches/bench.rs @@ -0,0 +1,18 @@ +use criterion::{Criterion, criterion_group, criterion_main}; + +use dnssec_prover::crypto::rsa::validate_rsa; + +pub fn bench_validate_rsa(bench: &mut Criterion) { + // A signature by the root key over the root DNSKEY RRSet + let pk = [3, 1, 0, 1, 172, 255, 180, 9, 188, 201, 57, 248, 49, 247, 161, 229, 236, 136, 247, 165, 146, 85, 236, 83, 4, 11, 228, 50, 2, 115, 144, 164, 206, 137, 109, 111, 144, 134, 243, 197, 225, 119, 251, 254, 17, 129, 99, 170, 236, 122, 241, 70, 44, 71, 148, 89, 68, 196, 226, 192, 38, 190, 94, 152, 187, 205, 237, 37, 151, 130, 114, 225, 227, 224, 121, 197, 9, 77, 87, 63, 14, 131, 201, 47, 2, 179, 45, 53, 19, 177, 85, 11, 130, 105, 41, 200, 13, 208, 249, 44, 172, 150, 109, 23, 118, 159, 213, 134, 123, 100, 124, 63, 56, 2, 154, 189, 196, 129, 82, 235, 143, 32, 113, 89, 236, 197, 210, 50, 199, 193, 83, 124, 121, 244, 183, 172, 40, 255, 17, 104, 47, 33, 104, 27, 246, 214, 171, 165, 85, 3, 43, 246, 249, 240, 54, 190, 178, 170, 165, 179, 119, 141, 110, 235, 251, 166, 191, 158, 161, 145, 190, 74, 176, 202, 234, 117, 158, 47, 119, 58, 31, 144, 41, 199, 62, 203, 141, 87, 53, 185, 50, 29, 176, 133, 241, 184, 226, 216, 3, 143, 226, 148, 25, 146, 84, 140, 238, 13, 103, 221, 69, 71, 225, 29, 214, 58, 249, 201, 252, 28, 84, 102, 251, 104, 76, 240, 9, 215, 25, 124, 44, 247, 158, 121, 42, 181, 1, 230, 168, 161, 202, 81, 154, 242, 203, 155, 95, 99, 103, 233, 76, 13, 71, 80, 36, 81, 53, 123, 225, 181]; + let sig = [65, 115, 233, 139, 96, 56, 141, 120, 18, 235, 246, 135, 229, 147, 194, 79, 248, 142, 175, 190, 87, 97, 217, 61, 147, 23, 166, 98, 178, 218, 85, 165, 0, 137, 163, 149, 44, 55, 0, 172, 243, 130, 242, 252, 175, 232, 18, 171, 43, 67, 42, 254, 88, 109, 218, 169, 127, 92, 4, 85, 162, 64, 189, 238, 125, 86, 236, 30, 237, 167, 52, 233, 177, 153, 94, 237, 159, 92, 77, 43, 219, 65, 231, 200, 254, 245, 102, 21, 156, 41, 251, 143, 166, 105, 221, 159, 249, 58, 154, 208, 10, 80, 45, 102, 133, 92, 71, 107, 39, 130, 19, 134, 204, 27, 35, 10, 77, 167, 199, 181, 195, 209, 240, 77, 145, 211, 252, 30, 73, 189, 239, 175, 220, 34, 223, 242, 142, 247, 73, 198, 26, 85, 230, 194, 229, 206, 250, 33, 248, 122, 51, 153, 64, 146, 118, 179, 81, 98, 125, 254, 62, 111, 67, 172, 136, 157, 10, 92, 81, 29, 237, 231, 109, 7, 47, 226, 143, 17, 192, 223, 152, 53, 193, 232, 99, 139, 175, 243, 236, 118, 79, 16, 9, 240, 119, 44, 158, 33, 120, 48, 154, 35, 65, 254, 105, 239, 216, 63, 55, 157, 166, 120, 161, 1, 83, 254, 135, 56, 101, 59, 54, 116, 190, 152, 251, 64, 232, 120, 149, 52, 35, 55, 181, 51, 88, 214, 61, 93, 178, 190, 18, 22, 71, 93, 20, 38, 10, 102, 50, 116, 5, 15, 232, 90, 76, 153]; + let rrset_hash = [140, 68, 236, 250, 90, 111, 205, 231, 46, 160, 114, 28, 159, 35, 246, 195, 44, 166, 121, 87, 96, 109, 15, 185, 199, 84, 51, 216, 237, 33, 168, 164]; + bench.bench_function("validate_rsa", |b| b.iter(|| { + validate_rsa(&pk, &sig, &rrset_hash).unwrap(); + })); +} + +criterion_group!(benches, + bench_validate_rsa, +); +criterion_main!(benches); diff --git a/src/lib.rs b/src/lib.rs index f726320..6aedb70 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -44,9 +44,9 @@ extern crate alloc; #[cfg(feature = "validation")] mod base32; -#[cfg(all(feature = "validation", fuzzing))] +#[cfg(all(feature = "validation", any(fuzzing, dnssec_validate_bench)))] pub mod crypto; -#[cfg(all(feature = "validation", not(fuzzing)))] +#[cfg(all(feature = "validation", not(any(fuzzing, dnssec_validate_bench))))] mod crypto; pub mod rr; diff --git a/test.sh b/test.sh index 9572653..4d89ab0 100755 --- a/test.sh +++ b/test.sh @@ -18,3 +18,5 @@ cargo build --bin http_proof_gen --features build_server cargo doc --features std,tokio,validation cd fuzz RUSTFLAGS=--cfg=fuzzing RUSTC_BOOTSTRAP=1 cargo build --features stdin_fuzz +cd ../bench +RUSTFLAGS="--cfg=dnssec_validate_bench" cargo bench -- 2.39.5