From e78d45a060519e98aa9043a0757f2ab710cdf38c Mon Sep 17 00:00:00 2001
From: Mariano Cano <mariano.cano@gmail.com>
Date: Thu, 28 Jan 2021 19:46:48 -0800
Subject: [PATCH] Add benchmarks for signing operations.

---
 kms/pkcs11/benchmark_test.go | 82 ++++++++++++++++++++++++++++++++++++
 1 file changed, 82 insertions(+)
 create mode 100644 kms/pkcs11/benchmark_test.go

diff --git a/kms/pkcs11/benchmark_test.go b/kms/pkcs11/benchmark_test.go
new file mode 100644
index 00000000..30e21117
--- /dev/null
+++ b/kms/pkcs11/benchmark_test.go
@@ -0,0 +1,82 @@
+// +build cgo
+
+package pkcs11
+
+import (
+	"crypto"
+	"crypto/rand"
+	"crypto/rsa"
+	"testing"
+
+	"github.com/smallstep/certificates/kms/apiv1"
+)
+
+func benchmarkSign(b *testing.B, signer crypto.Signer, opts crypto.SignerOpts) {
+	hash := opts.HashFunc()
+	h := hash.New()
+	h.Write([]byte("buggy-coheir-RUBRIC-rabbet-liberal-eaglet-khartoum-stagger"))
+	digest := h.Sum(nil)
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		signer.Sign(rand.Reader, digest, opts)
+	}
+	b.StopTimer()
+}
+
+func BenchmarkSignRSA(b *testing.B) {
+	k := setupPKCS11(b)
+	signer, err := k.CreateSigner(&apiv1.CreateSignerRequest{
+		SigningKey: "pkcs11:id=7371;object=rsa-key",
+	})
+	if err != nil {
+		b.Fatalf("PKCS11.CreateSigner() error = %v", err)
+	}
+	benchmarkSign(b, signer, crypto.SHA256)
+}
+
+func BenchmarkSignRSAPSS(b *testing.B) {
+	k := setupPKCS11(b)
+	signer, err := k.CreateSigner(&apiv1.CreateSignerRequest{
+		SigningKey: "pkcs11:id=7372;object=rsa-pss-key",
+	})
+	if err != nil {
+		b.Fatalf("PKCS11.CreateSigner() error = %v", err)
+	}
+	benchmarkSign(b, signer, &rsa.PSSOptions{
+		SaltLength: rsa.PSSSaltLengthEqualsHash,
+		Hash:       crypto.SHA256,
+	})
+}
+
+func BenchmarkSignP256(b *testing.B) {
+	k := setupPKCS11(b)
+	signer, err := k.CreateSigner(&apiv1.CreateSignerRequest{
+		SigningKey: "pkcs11:id=7373;object=ecdsa-p256-key",
+	})
+	if err != nil {
+		b.Fatalf("PKCS11.CreateSigner() error = %v", err)
+	}
+	benchmarkSign(b, signer, crypto.SHA256)
+}
+
+func BenchmarkSignP384(b *testing.B) {
+	k := setupPKCS11(b)
+	signer, err := k.CreateSigner(&apiv1.CreateSignerRequest{
+		SigningKey: "pkcs11:id=7374;object=ecdsa-p384-key",
+	})
+	if err != nil {
+		b.Fatalf("PKCS11.CreateSigner() error = %v", err)
+	}
+	benchmarkSign(b, signer, crypto.SHA384)
+}
+
+func BenchmarkSignP521(b *testing.B) {
+	k := setupPKCS11(b)
+	signer, err := k.CreateSigner(&apiv1.CreateSignerRequest{
+		SigningKey: "pkcs11:id=7375;object=ecdsa-p521-key",
+	})
+	if err != nil {
+		b.Fatalf("PKCS11.CreateSigner() error = %v", err)
+	}
+	benchmarkSign(b, signer, crypto.SHA512)
+}