CTPERF

Reports on the performance of PKCS #11 cryptographic operations.

NOTE This performance measurement is application-dependent, therefore the results are indicative only.

Syntax

ctperf [–h] [–b<bytes>] [–c] [–C<curve_name] [–e] [–i<count>] [–k] [–m<bits>] [–n<mechanism>] [–o<mechanism>] [–p] [–q] [–r] [–R] [–s<slot>] [t<seconds>] [–v] [–x] [–z<name>]

Options

Option

Description

–b<bytes>

––block–size=<bytes>

Specify the block size to use for the symmetric cipher tests. For example, –b8 specifies 8 bytes, –b8k specifies 8 kilobytes. Default size is 4 kilobytes.

–c

––strict

Strict PKCS #11.

–C<curve_name>

––curve–name=<label>

Specifies which curve to use. Valid values are:

>brainpoolP160r1

>brainpoolP160t1

>brainpoolP192r1

>brainpoolP192t1

>brainpoolP224r1

>brainpoolP224t1

>brainpoolP256r1

>brainpoolP256t1

>brainpoolP320r1

>brainpoolP320t1

>brainpoolP384r1

>brainpoolP384t1

>brainpoolP512r1

>brainpoolP512t1

>c2tnb191v1

>c2tnb191v1e

>curve25519

>ed25519

>P–192 (also known as prime192v1 and secp192r1)

>P–224 (also known as secp224r1)

>P–224K1 (also known as secp224k1)

>P–256 (also known as prime256v1 and secp256r1)

>P–384 (also known as secp384r1)

>P–521 (also known as secp521r1)

>secp256k1

>or any valid Domain Parameters object label

If a curve name is not specified, the default P-192 is used.

–e

––EMC

Runs tests suitable for EMC testing purposes.

–h,–?

––help

Display usage information.

–i<count>

––iterations=<count>

The number of iterations of the performance tests to run. Default is 1, use –1 to specify an infinite count.

–k

––keygen

Generation random keys (default uses fixed keys).

–m<bits>

––modulus=<bits>

Modulus bit length.

–n<mechanism>

––exc–mechanism=<mechanism>

Mechanisms to exclude from the test. This option may be repeated with additional mechanisms to specify more than one. See the –o option for a list of mechanisms. Default is no mechanisms.

–o<mechanism>

––inc–mechanism=<mechanism>

Mechanisms to include in the test. This option may be repeated with additional mechanisms to specify more than one. Default is all mechanisms. (For details and a listing of SafeNet ProtectToolkit-C supported mechanisms please refer to the SafeNet ProtectToolkit-C Programmer's Guide.)

The following mechanism tests are supported:

–o sha1	SHA-1 mechanism
–o sha224	SHA-224 mechanism
–o sha256	SHA-256 mechanism
–o sha384	SHA-384 mechanism
–o sha512	SHA-512 mechanism
–o md	all Message Digest mechanisms
–o md5	MD-5 mechanism
–o rmd128	RMD-128 mechanism
–o rmd160	RMD-160 mechanism
–o aes	all AES mechanisms
–o aes_ecb	AES ECB mechanism
–o aes_cbc	AES CBC mechanism
–o aes_mac	AES MAC mechanism
–o des_all	all DES mechanisms
–o des_ecb64	DES ECB with fixed buffer size of 54 bytes
–o des	all single DES mechanisms
–o des_ecb	single DES-ECB mechanism
–o des_cbc	single DES-CBC mechanism
–o des_mac	single DES-MAC mechanism
–o des3	all triple-DES mechanisms
–o des3_ecb	triple DES-ECB mechanism
–o des3_ecb64	triple DES-ECB mechanism with fixed length 64 byte buffer
–o des3_cbc	triple DES-CBC mechanism
–o des3_mac	triple DES-MAC mechanism
–o idea	all IDEA mechanisms
–o idea_ecb	IDEA-ECB mechanism
–o idea_cbc	IDEA-CBC mechanism
–o idea_mac	IDEA-MAC mechanism
–o cast	all CAST mechanisms
–o cast_ecb	CAST ECB mechanism
–o cast_cbc	CAST CBC mechanism
–o cast_mac	CAST MAC mechanism
–o seed	all SEED mechanisms
–o seed_ecb	SEED ECB mechanism
–o seed_cbc	SEED CBC mechanism
–o seed_mac	SEED MAC mechanism
–o rc2	all RC2 mechanisms
–o rc2_ecb	RC2-ECB mechanism
–o rc2_cbc	RC2-CBC mechanism
–o rc4	RC4 mechanism
–o rsa_kg	RSA PKCS key generation mechanism
–o rsa_kg_x931	RSA C931 key generation mechanism
–o rsa	most RSA mechanisms
–o rsa_raw_enc	basic RSA public key transform
–o rsa_pkcs_enc	RSA public key enc with PKCS padding
–o rsa_pkcs_ver	RSA private key verify with PKCS padding
–o rsa_raw_dec	basic RSA private key transform
–o rsa_pkcs_dec	RSA private key decrypt with PKCS padding
–o rsa_9796_sign	RSA sign with ISO9796 padding
–o rsa_raw_dec_crt	RSA private key primitive with CRT key
–o rsa_9796_sign_crt	RSA ISO9796 sign, CRT key
–o rsa_ncrt	all RSA mechanisms using non CRT keys
–o dsa_kg	all DSA key generation mechanisms
–o dsa	all DSA mechanisms. That is: >dsa_verify >dsa_sign
–o sym	all symmetric algorithm mechanisms
–o asym	all asymmetric algorithm mechanisms
–o ec	all EC DSA operations. That is: >ecdsa_kgecdsa_sign >ecdsa_verify >ecdsa_sha1_sign >ecdsa_sha1_verify
–o cert gen	invokes certificate-generation and signing tests
–o dh_kg	Diffie-Hellmann key generation mechanism
–o rng	the random number generation mechanism
–o extra	the following: >des3_ses_kg: DES3 Session Key Generation/Destruction >des3_tok_kg: DES3 Token Key Generation/Destruction >des3_kw: DES3 Key Wrap >cert_gen: Certificate Generation/Destruction >ses: Session Open/Close >obj: Object Creation/Search/Destroy >login: Login / Logout >xor_dk: XOR Derive Key
–o mc	reading of the monotonic counter object

–p

––dsa–params

Parameters generated for DSA.

–q

––quick

Quick Keygen (key generation tests not performed).

–r

––random

Execute a random selection of the performance tests.

–R

––Random

Seed the random number generator. This option should be used with the –r option to generate a unique sequence of tests, otherwise the same pseudo random sequence will be repeated.

–s<slot>

––slot–num=<slot>

Specify the slot number to perform test on.

–t<seconds>

––time–period=<seconds>

Specify the measurement period. Default is 5 seconds.

–v

––verbose

Verbose (provide more information).

–x

––csv

Create a CSV (comma-separated variable) file.

–z<name>

––cryptoki–module=<name>

Optionally, specify a different cryptoki module to use. May include full path.