CTPERF

Reports on the performance of PKCS #11 cryptographic operations.

NOTE   This performance measurement is application-dependent, therefore the results are indicative only.

Syntax

ctperf [–h] [–b<bytes>] [–c] [–C<curve_name] [–e] [–i<count>] [–k] [–m<bits>] [–n<mechanism>] [–o<mechanism>] [–p] [–q] [–r] [–R] [–s<slot>] [t<seconds>] [–v] [–x] [–z<name>]

Options

Option Description
–b<bytes>

––block–size=<bytes>

Specify the block size to use for the symmetric cipher tests. For example, –b8 specifies 8 bytes, –b8k specifies 8 kilobytes.  Default size is 4 kilobytes.

–c

––strict

Strict PKCS #11.

–C<curve_name>

––curve–name=<label>

Specifies which curve to use. Valid values are:

>brainpoolP160r1

>brainpoolP160t1

>brainpoolP192r1

>brainpoolP192t1

>brainpoolP224r1

>brainpoolP224t1

>brainpoolP256r1

>brainpoolP256t1

>brainpoolP320r1

>brainpoolP320t1

>brainpoolP384r1

>brainpoolP384t1

>brainpoolP512r1

>brainpoolP512t1

>c2tnb191v1

>c2tnb191v1e

>curve25519

>ed25519

>P–192 (also known as prime192v1 and secp192r1)

>P–224 (also known as secp224r1)

>P–224K1 (also known as secp224k1)

>P–256 (also known as prime256v1 and secp256r1)

>P–384 (also known as secp384r1)

>P–521 (also known as secp521r1)

>secp256k1

>or any valid Domain Parameters object label

If a curve name is not specified, the default P-192 is used.

–e

––EMC

Runs tests suitable for EMC testing purposes.

–h,–?

––help

Display usage information.

–i<count>

––iterations=<count>

The number of iterations of the performance tests to run.  Default is 1, use –1 to specify an infinite count.

–k

––keygen

Generation random keys (default uses fixed keys).

–m<bits>

––modulus=<bits>

Modulus bit length.

–n<mechanism>

––exc–mechanism=<mechanism>

Mechanisms to exclude from the test. This option may be repeated with additional mechanisms to specify more than one. See the –o option for a list of mechanisms. Default is no mechanisms.

–o<mechanism>

––inc–mechanism=<mechanism>

Mechanisms to include in the test. This option may be repeated with additional mechanisms to specify more than one. Default is all mechanisms. (For details and a listing of SafeNet ProtectToolkit-C supported mechanisms please refer to the SafeNet ProtectToolkit-C Programmer's Guide.)

The following mechanism tests are supported:

–o sha1 SHA-1 mechanism
–o sha224 SHA-224 mechanism
–o sha256 SHA-256 mechanism
–o sha384 SHA-384 mechanism
–o sha512 SHA-512 mechanism
–o md all Message Digest mechanisms
–o md5 MD-5 mechanism
–o rmd128 RMD-128 mechanism
–o rmd160 RMD-160 mechanism
–o aes all AES mechanisms
–o aes_ecb AES ECB mechanism
–o aes_cbc AES CBC mechanism
–o aes_mac AES MAC mechanism
–o des_all all DES mechanisms
–o des_ecb64 DES ECB with fixed buffer size of 54 bytes
–o des all single DES mechanisms
–o des_ecb single DES-ECB mechanism
–o des_cbc single DES-CBC mechanism
–o des_mac single DES-MAC mechanism
–o des3 all triple-DES mechanisms
–o des3_ecb triple DES-ECB mechanism
–o des3_ecb64 triple DES-ECB mechanism with fixed length 64 byte buffer
–o des3_cbc triple DES-CBC mechanism
–o des3_mac triple DES-MAC mechanism
–o idea all IDEA mechanisms
–o idea_ecb IDEA-ECB mechanism
–o idea_cbc IDEA-CBC mechanism
–o idea_mac IDEA-MAC mechanism
–o cast all CAST mechanisms
–o cast_ecb CAST ECB mechanism
–o cast_cbc CAST CBC mechanism
–o cast_mac CAST MAC mechanism
–o seed all SEED mechanisms
–o seed_ecb SEED ECB mechanism
–o seed_cbc SEED CBC mechanism
–o seed_mac SEED MAC mechanism
–o rc2 all RC2 mechanisms
–o rc2_ecb RC2-ECB mechanism
–o rc2_cbc RC2-CBC mechanism
–o rc4 RC4 mechanism
–o rsa_kg RSA PKCS key generation mechanism
–o rsa_kg_x931 RSA C931 key generation mechanism
–o rsa most RSA mechanisms
–o rsa_raw_enc basic RSA public key transform
–o rsa_pkcs_enc RSA public key enc with PKCS padding
–o rsa_pkcs_ver RSA private key verify with PKCS padding
–o rsa_raw_dec basic RSA private key transform
–o rsa_pkcs_dec RSA private key decrypt with PKCS padding
–o rsa_9796_sign RSA sign with ISO9796 padding
–o rsa_raw_dec_crt RSA private key primitive with CRT key
–o rsa_9796_sign_crt RSA ISO9796 sign, CRT key
–o rsa_ncrt all RSA mechanisms using non CRT keys
–o dsa_kg all DSA key generation mechanisms
–o dsa

all DSA mechanisms. That is:

>dsa_verify

>dsa_sign

–o sym all symmetric algorithm mechanisms
–o asym all asymmetric algorithm mechanisms
–o ec all EC DSA operations. That is:

>ecdsa_kgecdsa_sign

>ecdsa_verify

>ecdsa_sha1_sign

>ecdsa_sha1_verify

–o cert gen invokes certificate-generation and signing tests
–o dh_kg Diffie-Hellmann key generation mechanism
–o rng the random number generation mechanism
–o extra

the following:

>des3_ses_kg: DES3 Session Key Generation/Destruction

>des3_tok_kg: DES3 Token Key Generation/Destruction

>des3_kw: DES3 Key Wrap

>cert_gen: Certificate Generation/Destruction

>ses: Session Open/Close

>obj: Object Creation/Search/Destroy

>login: Login / Logout

>xor_dk: XOR Derive Key

–o mc reading of the monotonic counter object
–p

––dsa–params

Parameters generated for DSA.

–q

––quick

Quick Keygen (key generation tests not performed).

–r

––random

Execute a random selection of the performance tests.

–R

––Random

Seed the random number generator. This option should be used with the –r option to generate a unique sequence of tests, otherwise the same pseudo random sequence will be repeated.

–s<slot>

––slot–num=<slot>

Specify the slot number to perform test on.

–t<seconds>

––time–period=<seconds>

Specify the measurement period. Default is 5 seconds.

–v

––verbose

Verbose (provide more information).

–x

––csv

Create a CSV (comma-separated variable) file.

–z<name>

––cryptoki–module=<name>

Optionally, specify a different cryptoki module to use. May include full path.