ctperf

Reports on the performance of PKCS #11 cryptographic operations.

NOTE This performance measurement is application-dependent, therefore the results are indicative only.

Syntax

ctperf [-h] [-b<bytes>] [-c] [-C<curve_name] [-e] [-i<count>] [-k] [-m<bits>] [-n<mechanism>] [-o<mechanism>] [-p] [-q] [-r] [-R] [-s<slot>] [t<seconds>] [-v] [-x] [-z<name>]

Options

Option

Description

-b<bytes>

--block-size=<bytes>

Specify the block size to use for the symmetric cipher tests. For example, -b8 specifies 8 bytes, -b8k specifies 8 kilobytes. Default size is 4 kilobytes.

-c

--strict

Strict PKCS #11.

-C<curve_name>

--curve-name=<label>

Specifies which curve to use. Valid values are:

>brainpoolP160r1

>brainpoolP160t1

>brainpoolP192r1

>brainpoolP192t1

>brainpoolP224r1

>brainpoolP224t1

>brainpoolP256r1

>brainpoolP256t1

>brainpoolP320r1

>brainpoolP320t1

>brainpoolP384r1

>brainpoolP384t1

>brainpoolP512r1

>brainpoolP512t1

>c2tnb191v1

>c2tnb191v1e

>curve25519

>ed25519

>P-192 (also known as prime192v1 and secp192r1)

>P-224 (also known as secp224r1)

>P-224K1 (also known as secp224k1)

>P-256 (also known as prime256v1 and secp256r1)

>P-384 (also known as secp384r1)

>P-521 (also known as secp521r1)

>secp256k1

>or any valid Domain Parameters object label

If a curve name is not specified, the default P-192 is used.

-e

--EMC

Runs tests suitable for EMC testing purposes.

-h,-?

--help

Display usage information.

-i<count>

--iterations=<count>

The number of iterations of the performance tests to run. Default is 1, use -1 to specify an infinite count.

-k

--keygen

Generation random keys (default uses fixed keys).

-m<bits>

--modulus=<bits>

Modulus bit length.

-n<mechanism>

--exc-mechanism=<mechanism>

Mechanisms to exclude from the test. This option may be repeated with additional mechanisms to specify more than one. See the -o option for a list of mechanisms. Default is no mechanisms.

-o<mechanism>

--inc-mechanism=<mechanism>

Mechanisms to include in the test. This option may be repeated with additional mechanisms to specify more than one. Default is all mechanisms. (For details and a listing of ProtectToolkit-C supported mechanisms please refer to the ProtectToolkit-C Programmer's Guide.)

The following mechanism tests are supported:

-o sha1	SHA-1 mechanism
-o sha224	SHA-224 mechanism
-o sha256	SHA-256 mechanism
-o sha384	SHA-384 mechanism
-o sha512	SHA-512 mechanism
-o md	all Message Digest mechanisms
-o md5	MD-5 mechanism
-o rmd128	RMD-128 mechanism
-o rmd160	RMD-160 mechanism
-o aes	all AES mechanisms
-o aes_ecb	AES ECB mechanism
-o aes_cbc	AES CBC mechanism
-o aes_mac	AES MAC mechanism
-o des_all	all DES mechanisms
-o des_ecb64	DES ECB with fixed buffer size of 54 bytes
-o des	all single DES mechanisms
-o des_ecb	single DES-ECB mechanism
-o des_cbc	single DES-CBC mechanism
-o des_mac	single DES-MAC mechanism
-o des3	all triple-DES mechanisms
-o des3_ecb	triple DES-ECB mechanism
-o des3_ecb64	triple DES-ECB mechanism with fixed length 64 byte buffer
-o des3_cbc	triple DES-CBC mechanism
-o des3_mac	triple DES-MAC mechanism
-o idea	all IDEA mechanisms
-o idea_ecb	IDEA-ECB mechanism
-o idea_cbc	IDEA-CBC mechanism
-o idea_mac	IDEA-MAC mechanism
-o cast	all CAST mechanisms
-o cast_ecb	CAST ECB mechanism
-o cast_cbc	CAST CBC mechanism
-o cast_mac	CAST MAC mechanism
-o seed	all SEED mechanisms
-o seed_ecb	SEED ECB mechanism
-o seed_cbc	SEED CBC mechanism
-o seed_mac	SEED MAC mechanism
-o rc2	all RC2 mechanisms
-o rc2_ecb	RC2-ECB mechanism
-o rc2_cbc	RC2-CBC mechanism
-o rc4	RC4 mechanism
-o rsa_kg	RSA PKCS key generation mechanism
-o rsa_kg_x931	RSA C931 key generation mechanism
-o rsa	most RSA mechanisms
-o rsa_raw_enc	basic RSA public key transform
-o rsa_pkcs_enc	RSA public key enc with PKCS padding
-o rsa_pkcs_ver	RSA private key verify with PKCS padding
-o rsa_raw_dec	basic RSA private key transform
-o rsa_pkcs_dec	RSA private key decrypt with PKCS padding
-o rsa_9796_sign	RSA sign with ISO9796 padding
-o rsa_raw_dec_crt	RSA private key primitive with CRT key
-o rsa_9796_sign_crt	RSA ISO9796 sign, CRT key
-o rsa_ncrt	all RSA mechanisms using non CRT keys
-o dsa_kg	all DSA key generation mechanisms
-o dsa	all DSA mechanisms. That is: >dsa_verify >dsa_sign
-o sym	all symmetric algorithm mechanisms
-o asym	all asymmetric algorithm mechanisms
-o ec	all EC DSA operations. That is: >ecdsa_kgecdsa_sign >ecdsa_verify >ecdsa_sha1_sign >ecdsa_sha1_verify
-o cert gen	invokes certificate-generation and signing tests
-o dh_kg	Diffie-Hellmann key generation mechanism
-o rng	the random number generation mechanism
-o extra	the following: >des3_ses_kg: DES3 Session Key Generation/Destruction >des3_tok_kg: DES3 Token Key Generation/Destruction >des3_kw: DES3 Key Wrap >cert_gen: Certificate Generation/Destruction >ses: Session Open/Close >obj: Object Creation/Search/Destroy >login: Login / Logout >xor_dk: XOR Derive Key
-o mc	reading of the monotonic counter object

-p

--dsa-params

Parameters generated for DSA.

-q

--quick

Quick Keygen (key generation tests not performed).

-r

--random

Execute a random selection of the performance tests.

-R

--Random

Seed the random number generator. This option should be used with the -r option to generate a unique sequence of tests, otherwise the same pseudo random sequence will be repeated.

-s<slot>

--slot-num=<slot>

Specify the slot number to perform test on.

-t<seconds>

--time-period=<seconds>

Specify the measurement period. Default is 5 seconds.

-v

--verbose

Verbose (provide more information).

-x

--csv

Create a CSV (comma-separated variable) file.

-z<name>

--cryptoki-module=<name>

Optionally, specify a different cryptoki module to use. May include full path.