-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbenchmark.rb
107 lines (86 loc) · 2.8 KB
/
benchmark.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
require 'benchmark/ips'
require 'active_support'
N = 10_000
BASE_SECRET = '6df604f5ad2caa8f0c9d4819e5c67f59aef0908bf18a2f1cf7c759681b5b3ebd385094f6812d0a56aba82be362683e355fc632c68a9ef7b30af7f79aaf8ec516'
key_gen = ActiveSupport::KeyGenerator.new(BASE_SECRET, iterations: 2)
message = Marshal.dump(session_id: '0f2cbc872d465a2924eb6ca46ad07e67', _csrf_token: 'hN37thEmzXiLVfb69kpln6IfSBpG7Bk18TTPK5BwBxs=')
cipher_hmac_cbc = 'aes-256-cbc'
cipher_gcm = 'aes-256-gcm'
# salts and secrets for HMAC CBC
enc_salt = 'enc salt'
sign_salt = 'sign salt'
enc_secret = key_gen.generate_key(enc_salt)
sign_secret = key_gen.generate_key(sign_salt)
# salts and secrets for GCM
gcm_salt = 'gcm salt'
gcm_secret = key_gen.generate_key(gcm_salt)
# initialize some verifiers
verifier = ActiveSupport::MessageVerifier.new(
key_gen.generate_key('salt'),
serializer: ActiveSupport::MessageEncryptor::NullSerializer)
verifier = ActiveSupport::MessageVerifier.new(
key_gen.generate_key('salt'),
digest: 'SHA256',
serializer: ActiveSupport::MessageEncryptor::NullSerializer)
# predefine a signed message
signed_message = verifier.generate(message)
# initialize encryptors
encryptor_hmac_cbc = ActiveSupport::MessageEncryptor.new(
enc_secret[0, ActiveSupport::MessageEncryptor.key_len(cipher_hmac_cbc)],
sign_secret,
digest: 'SHA1',
cipher: cipher_hmac_cbc,
serializer: ActiveSupport::MessageEncryptor::NullSerializer)
encryptor_gcm = ActiveSupport::MessageEncryptor.new(
gcm_secret[0, ActiveSupport::MessageEncryptor.key_len(cipher_gcm)],
cipher: cipher_gcm,
serializer: ActiveSupport::MessageEncryptor::NullSerializer)
# predefine some ciphertexts
ct_hmac_cbc = encryptor_hmac_cbc.encrypt_and_sign(message)
ct_gcm = encryptor_gcm.encrypt_and_sign(message)
puts "Size of HMAC signed message: #{signed_message.size}"
puts "Size of HMAC CBC ciphertext: #{ct_hmac_cbc.size}"
puts "Size of GCM ciphertext: #{ct_gcm.size}"
puts "\n"
Benchmark.ips do |x|
x.report('HMAC SHA1 generate') do
N.times do
verifier.generate(message)
end
end
x.report('HMAC SHA1 verify') do
N.times do
verifier.verify(signed_message)
end
end
x.report('HMAC SHA256 generate') do
N.times do
verifier.generate(message)
end
end
x.report('HMAC SHA256 verify') do
N.times do
verifier.verify(signed_message)
end
end
x.report('HMAC-CBC encrypt_and_sign') do
N.times do
encryptor_hmac_cbc.encrypt_and_sign(message)
end
end
x.report('HMAC-CBC decrypt_and_verify') do
N.times do
encryptor_hmac_cbc.decrypt_and_verify(ct_hmac_cbc)
end
end
x.report('GCM encrypt_and_sign') do
N.times do
encryptor_gcm.encrypt_and_sign(message)
end
end
x.report('GCM decrypt_and_verify') do
N.times do
encryptor_gcm.decrypt_and_verify(ct_gcm)
end
end
end