diff --git a/JenkinsfilePerformance b/JenkinsfilePerformance index 0554ecab3..0f10905c3 100644 --- a/JenkinsfilePerformance +++ b/JenkinsfilePerformance @@ -398,7 +398,7 @@ pipeline { Specify the performance benchmark you would like to run.') booleanParam(name: 'OpenJCEPlus', defaultValue: true, description: '\ Run benchmarks with OpenJCEPlus provider') - booleanParam(name: 'OpenJCEPlusFIPS', defaultValue: true, description: '\ + booleanParam(name: 'OpenJCEPlusFIPS', defaultValue: false, description: '\ Run benchmarks with OpenJCEPlusFIPS provider') booleanParam(name: 'Sun', defaultValue: true, description: '\ Run benchmarks with all Sun providers') diff --git a/src/test/java/ibm/jceplus/jmh/AESCipherBenchmark.java b/src/test/java/ibm/jceplus/jmh/AESCipherBenchmark.java index 60095ed92..230d7a267 100644 --- a/src/test/java/ibm/jceplus/jmh/AESCipherBenchmark.java +++ b/src/test/java/ibm/jceplus/jmh/AESCipherBenchmark.java @@ -42,7 +42,7 @@ public class AESCipherBenchmark extends SymmetricCipherBase { @Param({"1024", "32768"}) private int payloadSize; - @Param({"OpenJCEPlus", "SunJCE"}) + @Param({"OpenJCEPlus", "OpenJCEPlusFIPS", "SunJCE"}) private String provider; @Setup diff --git a/src/test/java/ibm/jceplus/jmh/AESKeyGeneratorBenchmark.java b/src/test/java/ibm/jceplus/jmh/AESKeyGeneratorBenchmark.java index f2df572d0..79d6f7325 100644 --- a/src/test/java/ibm/jceplus/jmh/AESKeyGeneratorBenchmark.java +++ b/src/test/java/ibm/jceplus/jmh/AESKeyGeneratorBenchmark.java @@ -32,7 +32,7 @@ @Measurement(iterations = 4, time = 30, timeUnit = TimeUnit.SECONDS) public class AESKeyGeneratorBenchmark extends JMHBase { - @Param({"OpenJCEPlus", "SunJCE"}) + @Param({"OpenJCEPlus", "OpenJCEPlusFIPS", "SunJCE"}) private String provider; private KeyGenerator aesKeyGenerator128 = null; diff --git a/src/test/java/ibm/jceplus/jmh/AESWrapBenchmark.java b/src/test/java/ibm/jceplus/jmh/AESWrapBenchmark.java index 1fe731395..fcf053af7 100644 --- a/src/test/java/ibm/jceplus/jmh/AESWrapBenchmark.java +++ b/src/test/java/ibm/jceplus/jmh/AESWrapBenchmark.java @@ -38,7 +38,7 @@ public class AESWrapBenchmark extends SymmetricCipherBase { @Param({"128", "192", "256"}) private int keySize; - @Param({"OpenJCEPlus", "SunJCE"}) + @Param({"OpenJCEPlus", "OpenJCEPlusFIPS", "SunJCE"}) private String provider; private byte[] wrappedKey; diff --git a/src/test/java/ibm/jceplus/jmh/DHKeyExchangeBenchmark.java b/src/test/java/ibm/jceplus/jmh/DHKeyExchangeBenchmark.java index 8ed9b9d72..8aaec06e6 100644 --- a/src/test/java/ibm/jceplus/jmh/DHKeyExchangeBenchmark.java +++ b/src/test/java/ibm/jceplus/jmh/DHKeyExchangeBenchmark.java @@ -33,10 +33,10 @@ @Measurement(iterations = 4, time = 30, timeUnit = TimeUnit.SECONDS) public class DHKeyExchangeBenchmark extends JMHBase { - @Param({"OpenJCEPlus", "SunJCE"}) + @Param({"OpenJCEPlus", "OpenJCEPlusFIPS", "SunJCE"}) private String provider; - @Param({"1024", "4096"}) + @Param({"2048", "4096"}) private int keySize; private KeyPairGenerator dhKeyPairGenerator; diff --git a/src/test/java/ibm/jceplus/jmh/DHKeyGeneratorBenchmark.java b/src/test/java/ibm/jceplus/jmh/DHKeyGeneratorBenchmark.java index 7ebb3773e..ac283d359 100644 --- a/src/test/java/ibm/jceplus/jmh/DHKeyGeneratorBenchmark.java +++ b/src/test/java/ibm/jceplus/jmh/DHKeyGeneratorBenchmark.java @@ -32,7 +32,7 @@ @Measurement(iterations = 4, time = 30, timeUnit = TimeUnit.SECONDS) public class DHKeyGeneratorBenchmark extends JMHBase { - @Param({"OpenJCEPlus", "SunJCE"}) + @Param({"OpenJCEPlus", "OpenJCEPlusFIPS", "SunJCE"}) private String provider; private KeyPairGenerator dhKeyPairGenerator1024 = null; diff --git a/src/test/java/ibm/jceplus/jmh/ECDHKeyExchangeBenchmark.java b/src/test/java/ibm/jceplus/jmh/ECDHKeyExchangeBenchmark.java index 21e2d8d41..37aad721f 100644 --- a/src/test/java/ibm/jceplus/jmh/ECDHKeyExchangeBenchmark.java +++ b/src/test/java/ibm/jceplus/jmh/ECDHKeyExchangeBenchmark.java @@ -34,7 +34,7 @@ @Measurement(iterations = 4, time = 30, timeUnit = TimeUnit.SECONDS) public class ECDHKeyExchangeBenchmark extends JMHBase { - @Param({"OpenJCEPlus", "SunEC"}) + @Param({"OpenJCEPlus", "OpenJCEPlusFIPS", "SunEC"}) private String provider; @Param({"secp256r1", "secp384r1", "secp521r1"}) diff --git a/src/test/java/ibm/jceplus/jmh/ECKeyGeneratorBenchmark.java b/src/test/java/ibm/jceplus/jmh/ECKeyGeneratorBenchmark.java index 25d6a9ee4..47d885df4 100644 --- a/src/test/java/ibm/jceplus/jmh/ECKeyGeneratorBenchmark.java +++ b/src/test/java/ibm/jceplus/jmh/ECKeyGeneratorBenchmark.java @@ -33,7 +33,7 @@ @Measurement(iterations = 4, time = 30, timeUnit = TimeUnit.SECONDS) public class ECKeyGeneratorBenchmark extends JMHBase { - @Param({"OpenJCEPlus", "SunEC"}) + @Param({"OpenJCEPlus", "OpenJCEPlusFIPS", "SunEC"}) private String provider; private KeyPairGenerator ecKeyPairGeneratorP256 = null; diff --git a/src/test/java/ibm/jceplus/jmh/ECSignatureBenchmark.java b/src/test/java/ibm/jceplus/jmh/ECSignatureBenchmark.java index c966c74b1..41781f3b0 100644 --- a/src/test/java/ibm/jceplus/jmh/ECSignatureBenchmark.java +++ b/src/test/java/ibm/jceplus/jmh/ECSignatureBenchmark.java @@ -37,7 +37,7 @@ public class ECSignatureBenchmark extends JMHBase { @Param({"2048", "32768"}) private int payloadSize; - @Param({"OpenJCEPlus", "SunEC"}) + @Param({"OpenJCEPlus", "OpenJCEPlusFIPS", "SunEC"}) private String provider; /** diff --git a/src/test/java/ibm/jceplus/jmh/HMACKeyGeneratorBenchmark.java b/src/test/java/ibm/jceplus/jmh/HMACKeyGeneratorBenchmark.java index 9c72394b7..5243c32b5 100644 --- a/src/test/java/ibm/jceplus/jmh/HMACKeyGeneratorBenchmark.java +++ b/src/test/java/ibm/jceplus/jmh/HMACKeyGeneratorBenchmark.java @@ -21,6 +21,7 @@ import org.openjdk.jmh.annotations.Setup; import org.openjdk.jmh.annotations.State; import org.openjdk.jmh.annotations.Warmup; +import org.openjdk.jmh.infra.Blackhole; import org.openjdk.jmh.runner.Runner; import org.openjdk.jmh.runner.RunnerException; import org.openjdk.jmh.runner.options.Options; @@ -32,7 +33,7 @@ @Measurement(iterations = 4, time = 30, timeUnit = TimeUnit.SECONDS) public class HMACKeyGeneratorBenchmark extends JMHBase { - @Param({"OpenJCEPlus", "SunJCE"}) + @Param({"OpenJCEPlus", "OpenJCEPlusFIPS", "SunJCE"}) private String provider; private KeyGenerator hmacSha1KeyGenerator = null; @@ -44,14 +45,21 @@ public class HMACKeyGeneratorBenchmark extends JMHBase { public void setup() throws Exception { super.setup(provider); - hmacSha1KeyGenerator = KeyGenerator.getInstance("HmacSHA1", provider); + // Skip HmacSHA1 initialization for FIPS provider as it's not FIPS-approved + if (!provider.equalsIgnoreCase("OpenJCEPlusFIPS")) { + hmacSha1KeyGenerator = KeyGenerator.getInstance("HmacSHA1", provider); + } hmacSha256KeyGenerator = KeyGenerator.getInstance("HmacSHA256", provider); hmacSha384KeyGenerator = KeyGenerator.getInstance("HmacSHA384", provider); hmacSha512KeyGenerator = KeyGenerator.getInstance("HmacSHA512", provider); } @Benchmark - public SecretKey hmacSha1KeyGeneration() throws Exception { + public SecretKey hmacSha1KeyGeneration(Blackhole blackhole) throws Exception { + // Skip HmacSHA1 for FIPS provider as it's not FIPS-approved + if (provider.equalsIgnoreCase("OpenJCEPlusFIPS")) { + throw new RunnerException("Skipping HmacSHA1 for FIPS provider"); + } return hmacSha1KeyGenerator.generateKey(); } diff --git a/src/test/java/ibm/jceplus/jmh/HmacBenchmark.java b/src/test/java/ibm/jceplus/jmh/HmacBenchmark.java index d1bf601de..f45c9ccdf 100644 --- a/src/test/java/ibm/jceplus/jmh/HmacBenchmark.java +++ b/src/test/java/ibm/jceplus/jmh/HmacBenchmark.java @@ -42,7 +42,7 @@ public class HmacBenchmark extends JMHBase { @Param({"16", "2048", "32768"}) private int payloadSize; - @Param({"OpenJCEPlus", "SunJCE"}) + @Param({"OpenJCEPlus", "OpenJCEPlusFIPS", "SunJCE"}) private String provider; private Mac mac; diff --git a/src/test/java/ibm/jceplus/jmh/MessageDigestBenchmark.java b/src/test/java/ibm/jceplus/jmh/MessageDigestBenchmark.java index d0a73fd8b..d6ed09bbf 100644 --- a/src/test/java/ibm/jceplus/jmh/MessageDigestBenchmark.java +++ b/src/test/java/ibm/jceplus/jmh/MessageDigestBenchmark.java @@ -35,7 +35,7 @@ public class MessageDigestBenchmark extends JMHBase { @Param({"16", "2048", "32768"}) private int payloadSize; - @Param({"OpenJCEPlus", "SUN"}) + @Param({"OpenJCEPlus", "OpenJCEPlusFIPS", "SUN"}) private String provider; private MessageDigest messageDigestSHA512; diff --git a/src/test/java/ibm/jceplus/jmh/MessageDigestInstanceBenchmark.java b/src/test/java/ibm/jceplus/jmh/MessageDigestInstanceBenchmark.java index 660651b1c..495ae06bf 100644 --- a/src/test/java/ibm/jceplus/jmh/MessageDigestInstanceBenchmark.java +++ b/src/test/java/ibm/jceplus/jmh/MessageDigestInstanceBenchmark.java @@ -35,7 +35,7 @@ public class MessageDigestInstanceBenchmark extends JMHBase { @Param({"1"}) private int payloadSize; - @Param({"OpenJCEPlus", "SUN"}) + @Param({"OpenJCEPlus", "OpenJCEPlusFIPS", "SUN"}) private String provider; private MessageDigest messageDigestSHA512; diff --git a/src/test/java/ibm/jceplus/jmh/PBKDF2Benchmark.java b/src/test/java/ibm/jceplus/jmh/PBKDF2Benchmark.java index 723926501..f9efbe481 100644 --- a/src/test/java/ibm/jceplus/jmh/PBKDF2Benchmark.java +++ b/src/test/java/ibm/jceplus/jmh/PBKDF2Benchmark.java @@ -23,6 +23,7 @@ import org.openjdk.jmh.annotations.Setup; import org.openjdk.jmh.annotations.State; import org.openjdk.jmh.annotations.Warmup; +import org.openjdk.jmh.infra.Blackhole; import org.openjdk.jmh.runner.Runner; import org.openjdk.jmh.runner.RunnerException; import org.openjdk.jmh.runner.options.Options; @@ -42,14 +43,17 @@ public class PBKDF2Benchmark extends JMHBase { private byte[] salt = new byte[16]; private SecureRandom random = new SecureRandom(); - @Param({"OpenJCEPlus", "SunJCE"}) + @Param({"OpenJCEPlus", "OpenJCEPlusFIPS", "SunJCE"}) private String provider; @Setup public void setup() throws Exception { super.setup(provider); - pbkdf2Sha1Factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1", provider); + // Skip PBKDF2WithHmacSHA1 initialization for FIPS provider as it's not FIPS-approved + if (!provider.equalsIgnoreCase("OpenJCEPlusFIPS")) { + pbkdf2Sha1Factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1", provider); + } pbkdf2Sha256Factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256", provider); pbkdf2Sha512Factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512", provider); pbkdf2Sha512_224Factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512/224", provider); @@ -59,13 +63,21 @@ public void setup() throws Exception { } @Benchmark - public byte[] pbkdf2Sha11000Iter() throws InvalidKeySpecException { + public byte[] pbkdf2Sha11000Iter(Blackhole blackhole) throws Exception { + // Skip PBKDF2WithHmacSHA1 for FIPS provider as it's not FIPS-approved + if (provider.equalsIgnoreCase("OpenJCEPlusFIPS")) { + throw new RunnerException("Skipping PBKDF2WithHmacSHA1 for FIPS provider"); + } return pbkdf2Sha1Factory.generateSecret(new PBEKeySpec(password, salt, 1000, 256)) .getEncoded(); } @Benchmark - public byte[] pbkdf2Sha1300000Iter() throws InvalidKeySpecException { + public byte[] pbkdf2Sha1300000Iter(Blackhole blackhole) throws Exception { + // Skip PBKDF2WithHmacSHA1 for FIPS provider as it's not FIPS-approved + if (provider.equalsIgnoreCase("OpenJCEPlusFIPS")) { + throw new RunnerException("Skipping PBKDF2WithHmacSHA1 for FIPS provider"); + } return pbkdf2Sha1Factory.generateSecret(new PBEKeySpec(password, salt, 300000, 256)) .getEncoded(); } diff --git a/src/test/java/ibm/jceplus/jmh/RSACipherBenchmark.java b/src/test/java/ibm/jceplus/jmh/RSACipherBenchmark.java index bcae2ab02..3954cbd9e 100644 --- a/src/test/java/ibm/jceplus/jmh/RSACipherBenchmark.java +++ b/src/test/java/ibm/jceplus/jmh/RSACipherBenchmark.java @@ -23,6 +23,7 @@ import org.openjdk.jmh.annotations.Setup; import org.openjdk.jmh.annotations.State; import org.openjdk.jmh.annotations.Warmup; +import org.openjdk.jmh.infra.Blackhole; import org.openjdk.jmh.runner.Runner; import org.openjdk.jmh.runner.RunnerException; import org.openjdk.jmh.runner.options.Options; @@ -43,7 +44,7 @@ public class RSACipherBenchmark extends AsymmetricCipherBase { @Param({"2048"}) private int keySize; - @Param({"OpenJCEPlus", "SunJCE"}) + @Param({"OpenJCEPlus", "OpenJCEPlusFIPS", "SunJCE"}) private String provider; @Setup @@ -51,8 +52,12 @@ public void setup() throws Exception { super.setup(keySize, "RSA", provider); Map paddings = new HashMap<>(); - paddings.put("NoPadding", 1); - paddings.put("PKCS1Padding", 11); + // Skip NoPadding and PKCS1Padding for FIPS provider as they are not FIPS-approved + boolean isFIPS = provider.equalsIgnoreCase("OpenJCEPlusFIPS"); + if (!isFIPS) { + paddings.put("NoPadding", 1); + paddings.put("PKCS1Padding", 11); + } paddings.put("OAEPPadding", (2 * 20 + 2)); // SHA-1 size is 20 bytes paddings.put("OAEPWithSHA-256AndMGF1Padding", (2 * 32 + 2)); // SHA-256 size is 32 bytes paddings.put("OAEPWithSHA-512AndMGF1Padding", (2 * 64 + 2)); // SHA-512 size is 64 bytes @@ -82,22 +87,38 @@ public void setup() throws Exception { } @Benchmark - public byte[] benchmarkEncryption_NoPadding() throws Exception { + public byte[] benchmarkEncryption_NoPadding(Blackhole blackhole) throws Exception { + // Skip NoPadding for FIPS provider as it's not FIPS-approved + if (provider.equalsIgnoreCase("OpenJCEPlusFIPS")) { + throw new RunnerException("Skipping NoPadding for FIPS provider"); + } return encryptCiphers.get("NoPadding").doFinal(plaintexts.get("NoPadding")); } @Benchmark - public byte[] benchmarkDecryption_NoPadding() throws Exception { + public byte[] benchmarkDecryption_NoPadding(Blackhole blackhole) throws Exception { + // Skip NoPadding for FIPS provider as it's not FIPS-approved + if (provider.equalsIgnoreCase("OpenJCEPlusFIPS")) { + throw new RunnerException("Skipping NoPadding for FIPS provider"); + } return decryptCiphers.get("NoPadding").doFinal(ciphertexts.get("NoPadding")); } @Benchmark - public byte[] benchmarkEncryption_PKCS1Padding() throws Exception { + public byte[] benchmarkEncryption_PKCS1Padding(Blackhole blackhole) throws Exception { + // Skip PKCS1Padding for FIPS provider as it's not FIPS-approved + if (provider.equalsIgnoreCase("OpenJCEPlusFIPS")) { + throw new RunnerException("Skipping PKCS1Padding for FIPS provider"); + } return encryptCiphers.get("PKCS1Padding").doFinal(plaintexts.get("PKCS1Padding")); } @Benchmark - public byte[] benchmarkDecryption_PKCS1Padding() throws Exception { + public byte[] benchmarkDecryption_PKCS1Padding(Blackhole blackhole) throws Exception { + // Skip PKCS1Padding for FIPS provider as it's not FIPS-approved + if (provider.equalsIgnoreCase("OpenJCEPlusFIPS")) { + throw new RunnerException("Skipping PKCS1Padding for FIPS provider"); + } return decryptCiphers.get("PKCS1Padding").doFinal(ciphertexts.get("PKCS1Padding")); } diff --git a/src/test/java/ibm/jceplus/jmh/RSAKeyGeneratorBenchmark.java b/src/test/java/ibm/jceplus/jmh/RSAKeyGeneratorBenchmark.java index 3dee8dfee..1df15b252 100644 --- a/src/test/java/ibm/jceplus/jmh/RSAKeyGeneratorBenchmark.java +++ b/src/test/java/ibm/jceplus/jmh/RSAKeyGeneratorBenchmark.java @@ -21,6 +21,7 @@ import org.openjdk.jmh.annotations.Setup; import org.openjdk.jmh.annotations.State; import org.openjdk.jmh.annotations.Warmup; +import org.openjdk.jmh.infra.Blackhole; import org.openjdk.jmh.runner.Runner; import org.openjdk.jmh.runner.RunnerException; import org.openjdk.jmh.runner.options.Options; @@ -32,7 +33,7 @@ @Measurement(iterations = 4, time = 30, timeUnit = TimeUnit.SECONDS) public class RSAKeyGeneratorBenchmark extends JMHBase { - @Param({"OpenJCEPlus", "SunRsaSign"}) + @Param({"OpenJCEPlus", "OpenJCEPlusFIPS", "SunRsaSign"}) private String provider; private KeyPairGenerator rsaKeyPairGenerator1024 = null; @@ -43,8 +44,11 @@ public class RSAKeyGeneratorBenchmark extends JMHBase { public void setup() throws Exception { super.setup(provider); - rsaKeyPairGenerator1024 = KeyPairGenerator.getInstance("RSA", provider); - rsaKeyPairGenerator1024.initialize(1024); + // Skip 1024-bit RSA key generation for FIPS provider as it's not FIPS-approved + if (!provider.equalsIgnoreCase("OpenJCEPlusFIPS")) { + rsaKeyPairGenerator1024 = KeyPairGenerator.getInstance("RSA", provider); + rsaKeyPairGenerator1024.initialize(1024); + } rsaKeyPairGenerator2048 = KeyPairGenerator.getInstance("RSA", provider); rsaKeyPairGenerator2048.initialize(2048); rsaKeyPairGenerator4096 = KeyPairGenerator.getInstance("RSA", provider); @@ -52,7 +56,11 @@ public void setup() throws Exception { } @Benchmark - public KeyPair rsa1024KeyGeneration() throws Exception { + public KeyPair rsa1024KeyGeneration(Blackhole blackhole) throws Exception { + // Skip 1024-bit RSA key generation for FIPS provider as it's not FIPS-approved + if (provider.equalsIgnoreCase("OpenJCEPlusFIPS")) { + throw new RunnerException("Skipping 1024-bit RSA key generation for FIPS provider"); + } return rsaKeyPairGenerator1024.generateKeyPair(); } diff --git a/src/test/java/ibm/jceplus/jmh/RSASignatureBenchmark.java b/src/test/java/ibm/jceplus/jmh/RSASignatureBenchmark.java index ceae1828f..dcfabe41d 100644 --- a/src/test/java/ibm/jceplus/jmh/RSASignatureBenchmark.java +++ b/src/test/java/ibm/jceplus/jmh/RSASignatureBenchmark.java @@ -37,7 +37,7 @@ public class RSASignatureBenchmark extends JMHBase { @Param({"2048", "32768"}) private int payloadSize; - @Param({"OpenJCEPlus", "SunRsaSign"}) + @Param({"OpenJCEPlus", "OpenJCEPlusFIPS", "SunRsaSign"}) private String provider; @Param({"2048", "4096"}) diff --git a/src/test/java/ibm/jceplus/jmh/TLSHandshakeBenchmark.java b/src/test/java/ibm/jceplus/jmh/TLSHandshakeBenchmark.java index c843363b8..9dcc3267f 100644 --- a/src/test/java/ibm/jceplus/jmh/TLSHandshakeBenchmark.java +++ b/src/test/java/ibm/jceplus/jmh/TLSHandshakeBenchmark.java @@ -101,7 +101,7 @@ public class TLSHandshakeBenchmark extends JMHBase { @Param({"cached", "non-cached"}) public String useCache; - @Param({"OpenJCEPlus", "SunJCE"}) + @Param({"OpenJCEPlus", "OpenJCEPlusFIPS", "SunJCE"}) private String provider; private SSLServerSocket serverSocket;