wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 19:24:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Benchmarking the supported groups.

Browse Source
This commit is contained in:
Anthony Hu
2021-10-01 15:38:07 -04:00
parent 774bc36603
commit 2fa0114d54
1 changed files with 270 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

187
examples/benchmark/tls_bench.c
View File

@@ -243,6 +243,64 @@ static const unsigned char dhg[] =
#endif /* !NO_WOLFSSL_SERVER */ #endif /* !NO_WOLFSSL_SERVER */
#endif /* !NO_DH */ #endif /* !NO_DH */
struct group_info {
word16 group;
const char *name;
};
static struct group_info groups[] = {
{ WOLFSSL_ECC_SECP160K1, "ECC_SECP160K1" },
{ WOLFSSL_ECC_SECP160R1, "ECC_SECP160R1" },
{ WOLFSSL_ECC_SECP160R2, "ECC_SECP160R2" },
{ WOLFSSL_ECC_SECP192K1, "ECC_SECP192K1" },
{ WOLFSSL_ECC_SECP192R1, "ECC_SECP192R1" },
{ WOLFSSL_ECC_SECP224K1, "ECC_SECP224K1" },
{ WOLFSSL_ECC_SECP224R1, "ECC_SECP224R1" },
{ WOLFSSL_ECC_SECP256K1, "ECC_SECP256K1" },
{ WOLFSSL_ECC_SECP256R1, "ECC_SECP256R1" },
{ WOLFSSL_ECC_SECP384R1, "ECC_SECP384R1" },
{ WOLFSSL_ECC_SECP521R1, "ECC_SECP521R1" },
{ WOLFSSL_ECC_BRAINPOOLP256R1, "ECC_BRAINPOOLP256R1" },
{ WOLFSSL_ECC_BRAINPOOLP384R1, "ECC_BRAINPOOLP384R1" },
{ WOLFSSL_ECC_BRAINPOOLP512R1, "ECC_BRAINPOOLP512R1" },
{ WOLFSSL_ECC_X25519, "ECC_X25519" },
{ WOLFSSL_ECC_X448, "ECC_X448" },
{ WOLFSSL_FFDHE_2048, "FFDHE_2048" },
{ WOLFSSL_FFDHE_3072, "FFDHE_3072" },
{ WOLFSSL_FFDHE_4096, "FFDHE_4096" },
{ WOLFSSL_FFDHE_6144, "FFDHE_6144" },
{ WOLFSSL_FFDHE_8192, "FFDHE_8192" },
#ifdef HAVE_LIBOQS
{ WOLFSSL_NTRU_HPS_LEVEL1, "NTRU_HPS_LEVEL1" },
{ WOLFSSL_NTRU_HPS_LEVEL3, "NTRU_HPS_LEVEL3" },
{ WOLFSSL_NTRU_HPS_LEVEL5, "NTRU_HPS_LEVEL5" },
{ WOLFSSL_NTRU_HRSS_LEVEL3, "NTRU_HRSS_LEVEL3" },
{ WOLFSSL_SABER_LEVEL1, "SABER_LEVEL1" },
{ WOLFSSL_SABER_LEVEL3, "SABER_LEVEL3" },
{ WOLFSSL_SABER_LEVEL5, "SABER_LEVEL5" },
{ WOLFSSL_KYBER_LEVEL1, "KYBER_LEVEL1" },
{ WOLFSSL_KYBER_LEVEL3, "KYBER_LEVEL3" },
{ WOLFSSL_KYBER_LEVEL5, "KYBER_LEVEL5" },
{ WOLFSSL_KYBER_90S_LEVEL1, "KYBER_90S_LEVEL1" },
{ WOLFSSL_KYBER_90S_LEVEL3, "KYBER_90S_LEVEL3" },
{ WOLFSSL_KYBER_90S_LEVEL5, "KYBER_90S_LEVEL5" },
{ WOLFSSL_P256_NTRU_HPS_LEVEL1, "P256_NTRU_HPS_LEVEL1" },
{ WOLFSSL_P384_NTRU_HPS_LEVEL3, "P384_NTRU_HPS_LEVEL3" },
{ WOLFSSL_P521_NTRU_HPS_LEVEL5, "P521_NTRU_HPS_LEVEL5" },
{ WOLFSSL_P384_NTRU_HRSS_LEVEL3, "P384_NTRU_HRSS_LEVEL3" },
{ WOLFSSL_P256_SABER_LEVEL1, "P256_SABER_LEVEL1" },
{ WOLFSSL_P384_SABER_LEVEL3, "P384_SABER_LEVEL3" },
{ WOLFSSL_P521_SABER_LEVEL5, "P521_SABER_LEVEL5" },
{ WOLFSSL_P256_KYBER_LEVEL1, "P256_KYBER_LEVEL1" },
{ WOLFSSL_P384_KYBER_LEVEL3, "P384_KYBER_LEVEL3" },
{ WOLFSSL_P521_KYBER_LEVEL5, "P521_KYBER_LEVEL5" },
{ WOLFSSL_P256_KYBER_90S_LEVEL1, "P256_KYBER_90S_LEVEL1" },
{ WOLFSSL_P384_KYBER_90S_LEVEL3, "P384_KYBER_90S_LEVEL3" },
{ WOLFSSL_P521_KYBER_90S_LEVEL5, "P521_KYBER_90S_LEVEL5" },
#endif
{ 0, NULL }
};
#ifdef HAVE_PTHREAD #ifdef HAVE_PTHREAD
typedef struct { typedef struct {
unsigned char buf[MEM_BUFFER_SZ]; unsigned char buf[MEM_BUFFER_SZ];
@@ -276,6 +334,7 @@ typedef struct {
typedef struct { typedef struct {
const char* cipher; const char* cipher;
word16 group;
const char* host; const char* host;
word32 port; word32 port;
int packetSize; /* The data payload size in the packet */ int packetSize; /* The data payload size in the packet */
@@ -904,6 +963,14 @@ static int bench_tls_client(info_t* info)
goto exit; goto exit;
} }
if (info->group != 0) {
ret = wolfSSL_UseKeyShare(cli_ssl, info->group);
if (ret != WOLFSSL_SUCCESS) {
fprintf(stderr, "error setting client key share.\n");
goto exit;
}
}
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (info->doDTLS) { if (info->doDTLS) {
ret = wolfSSL_dtls_set_peer(cli_ssl, &info->serverAddr, ret = wolfSSL_dtls_set_peer(cli_ssl, &info->serverAddr,
@@ -1319,6 +1386,15 @@ static int bench_tls_server(info_t* info)
fprintf(stderr, "error creating server object\n"); fprintf(stderr, "error creating server object\n");
ret = MEMORY_E; goto exit; ret = MEMORY_E; goto exit;
} }
if (info->group != 0) {
ret = wolfSSL_UseKeyShare(srv_ssl, info->group);
if (ret != WOLFSSL_SUCCESS) {
fprintf(stderr, "error setting server key share.\n");
goto exit;
}
}
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (info->doDTLS) { if (info->doDTLS) {
ret = wolfSSL_dtls_set_peer(srv_ssl, &info->clientAddr, ret = wolfSSL_dtls_set_peer(srv_ssl, &info->clientAddr,
@@ -1485,12 +1561,12 @@ static void* server_thread(void* args)
#pragma GCC diagnostic push #pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wformat-nonliteral" #pragma GCC diagnostic ignored "-Wformat-nonliteral"
#endif #endif
static void print_stats(stats_t* wcStat, const char* desc, const char* cipher, int verbose) static void print_stats(stats_t* wcStat, const char* desc, const char* cipher, const char *group, int verbose)
{ {
const char* formatStr; const char* formatStr;
if (verbose) { if (verbose) {
formatStr = "wolfSSL %s Benchmark on %s:\n" formatStr = "wolfSSL %s Benchmark on %s with group %s:\n"
"\tTotal : %9d bytes\n" "\tTotal : %9d bytes\n"
"\tNum Conns : %9d\n" "\tNum Conns : %9d\n"
"\tRx Total : %9.3f ms\n" "\tRx Total : %9.3f ms\n"
@@ -1501,12 +1577,13 @@ static void print_stats(stats_t* wcStat, const char* desc, const char* cipher, i
"\tConnect Avg : %9.3f ms\n"; "\tConnect Avg : %9.3f ms\n";
} }
else { else {
formatStr = "%-6s %-33s %11d %9d %9.3f %9.3f %9.3f %9.3f %17.3f %15.3f\n"; formatStr = "%-6s %-33s %-25s %11d %9d %9.3f %9.3f %9.3f %9.3f %17.3f %15.3f\n";
} }
fprintf(stderr, formatStr, fprintf(stderr, formatStr,
desc, desc,
cipher, cipher,
group,
wcStat->txTotal + wcStat->rxTotal, wcStat->txTotal + wcStat->rxTotal,
wcStat->connCount, wcStat->connCount,
wcStat->rxTime * 1000, wcStat->rxTime * 1000,
@@ -1528,6 +1605,7 @@ static void Usage(void)
fprintf(stderr, "-P Port (default %d)\n", BENCH_DEFAULT_PORT); fprintf(stderr, "-P Port (default %d)\n", BENCH_DEFAULT_PORT);
fprintf(stderr, "-e List Every cipher suite available\n"); fprintf(stderr, "-e List Every cipher suite available\n");
fprintf(stderr, "-i Show peer info\n"); fprintf(stderr, "-i Show peer info\n");
fprintf(stderr, "-g Run through each of the TLS 1.3 groups that are available\n");
fprintf(stderr, "-l <str> Cipher suite list (: delimited)\n"); fprintf(stderr, "-l <str> Cipher suite list (: delimited)\n");
fprintf(stderr, "-t <num> Time <num> (seconds) to run each test (default %d)\n", BENCH_RUNTIME_SEC); fprintf(stderr, "-t <num> Time <num> (seconds) to run each test (default %d)\n", BENCH_RUNTIME_SEC);
fprintf(stderr, "-p <num> The packet size <num> in bytes [1-16kB] (default %d)\n", TEST_PACKET_SIZE); fprintf(stderr, "-p <num> The packet size <num> in bytes [1-16kB] (default %d)\n", TEST_PACKET_SIZE);
@@ -1558,6 +1636,54 @@ static void ShowCiphers(void)
fprintf(stderr, "%s\n", ciphers); fprintf(stderr, "%s\n", ciphers);
} }
static int SetupSupportedGroups(int verbose) {
int i;
WOLFSSL_CTX* ctx = NULL;
WOLFSSL* ssl = NULL;
int ret = 0;
if (ret == 0) {
ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
if (ctx == NULL) {
ret = -1;
}
}
if (ret == 0) {
ssl = wolfSSL_new(ctx);
if (ssl == NULL) {
ret = -1;
}
}
/* Determine which groups are actually supported. */
for (i = 0; groups[i].name != NULL; i++) {
if (ret == 0) {
int uks_ret = wolfSSL_UseKeyShare(ssl, groups[i].group);
if (uks_ret == WOLFSSL_SUCCESS) {
if (verbose) {
printf("Will benchmark the following group; %s\n",
groups[i].name);
}
} else if (uks_ret == BAD_FUNC_ARG || uks_ret == NOT_COMPILED_IN) {
groups[i].group = 0;
if (verbose) {
printf("Will NOT benchmark the following group; %s\n",
groups[i].name);
}
} else {
ret = -1;
}
}
}
if (ssl != NULL)
wolfSSL_free(ssl);
if (ctx != NULL)
wolfSSL_CTX_free(ctx);
return ret;
}
#ifdef __GNUC__ #ifdef __GNUC__
#pragma GCC diagnostic pop #pragma GCC diagnostic pop
#endif #endif
@@ -1568,6 +1694,7 @@ int bench_tls(void* args)
info_t *theadInfo = NULL, *info; info_t *theadInfo = NULL, *info;
stats_t cli_comb, srv_comb; stats_t cli_comb, srv_comb;
int i; int i;
int group_index;
char *cipher, *next_cipher, *ciphers = NULL; char *cipher, *next_cipher, *ciphers = NULL;
int argc = 0; int argc = 0;
char** argv = NULL; char** argv = NULL;
@@ -1598,6 +1725,8 @@ int bench_tls(void* args)
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
int doDTLS = 0; int doDTLS = 0;
#endif #endif
int argDoGroups = 0;
if (args != NULL) { if (args != NULL) {
argc = ((func_args*)args)->argc; argc = ((func_args*)args)->argc;
argv = ((func_args*)args)->argv; argv = ((func_args*)args)->argv;
@@ -1608,7 +1737,7 @@ int bench_tls(void* args)
wolfSSL_Init(); wolfSSL_Init();
/* Parse command line arguments */ /* Parse command line arguments */
while ((ch = mygetopt(argc, argv, "?" "udeil:p:t:vT:sch:P:mS:")) != -1) { while ((ch = mygetopt(argc, argv, "?" "udeil:p:t:vT:sch:P:mS:g")) != -1) {
switch (ch) { switch (ch) {
case '?' : case '?' :
Usage(); Usage();
@@ -1640,6 +1769,10 @@ int bench_tls(void* args)
ShowCiphers(); ShowCiphers();
goto exit; goto exit;
case 'g' :
argDoGroups = 1;
break;
case 'i' : case 'i' :
argShowPeerInfo = 1; argShowPeerInfo = 1;
break; break;
@@ -1717,6 +1850,12 @@ int bench_tls(void* args)
cipher = ciphers; cipher = ciphers;
} }
if (argDoGroups) {
if (SetupSupportedGroups(argShowVerbose) != 0) {
goto exit;
}
}
/* for server or client side only, only 1 thread is allowed */ /* for server or client side only, only 1 thread is allowed */
if (argServerOnly || argClientOnly) { if (argServerOnly || argClientOnly) {
argThreadPairs = 1; argThreadPairs = 1;
@@ -1780,6 +1919,13 @@ int bench_tls(void* args)
fprintf(stderr, "Cipher: %s\n", cipher); fprintf(stderr, "Cipher: %s\n", cipher);
} }
for (group_index = 0; groups[group_index].name != NULL; group_index++) {
if (argDoGroups && groups[group_index].group == 0) {
/* Skip unsupported group. */
continue;
}
for (i=0; i<argThreadPairs; i++) { for (i=0; i<argThreadPairs; i++) {
info = &theadInfo[i]; info = &theadInfo[i];
XMEMSET(info, 0, sizeof(info_t)); XMEMSET(info, 0, sizeof(info_t));
@@ -1787,6 +1933,12 @@ int bench_tls(void* args)
info->host = argHost; info->host = argHost;
info->port = argPort + i; /* threads must have separate ports */ info->port = argPort + i; /* threads must have separate ports */
info->cipher = cipher; info->cipher = cipher;
if (argDoGroups && XSTRNCMP(theadInfo[0].cipher, "TLS13", 5) == 0)
info->group = groups[group_index].group;
else
info->group = 0;
info->packetSize = argTestPacketSize; info->packetSize = argTestPacketSize;
info->runTimeSec = argRuntimeSec; info->runTimeSec = argRuntimeSec;
@@ -1830,8 +1982,10 @@ int bench_tls(void* args)
pthread_cond_init(&info->to_server.cond, NULL); pthread_cond_init(&info->to_server.cond, NULL);
pthread_cond_init(&info->to_client.cond, NULL); pthread_cond_init(&info->to_client.cond, NULL);
pthread_create(&info->to_server.tid, NULL, server_thread, info); pthread_create(&info->to_server.tid, NULL, server_thread,
pthread_create(&info->to_client.tid, NULL, client_thread, info); info);
pthread_create(&info->to_client.tid, NULL, client_thread,
info);
/* State that we won't be joining this thread */ /* State that we won't be joining this thread */
pthread_detach(info->to_server.tid); pthread_detach(info->to_server.tid);
@@ -1862,6 +2016,8 @@ int bench_tls(void* args)
} }
#endif /* HAVE_PTHREAD */ #endif /* HAVE_PTHREAD */
const char *gname = theadInfo[0].group == 0 ?
"N/A" : groups[group_index].name;
if (argShowVerbose) { if (argShowVerbose) {
/* print results */ /* print results */
for (i = 0; i < argThreadPairs; ++i) { for (i = 0; i < argThreadPairs; ++i) {
@@ -1870,11 +2026,11 @@ int bench_tls(void* args)
fprintf(stderr, "\nThread %d\n", i); fprintf(stderr, "\nThread %d\n", i);
#ifndef NO_WOLFSSL_SERVER #ifndef NO_WOLFSSL_SERVER
if (!argClientOnly) if (!argClientOnly)
print_stats(&info->server_stats, "Server", info->cipher, 1); print_stats(&info->server_stats, "Server", info->cipher, gname, 1);
#endif #endif
#ifndef NO_WOLFSSL_CLIENT #ifndef NO_WOLFSSL_CLIENT
if (!argServerOnly) if (!argServerOnly)
print_stats(&info->client_stats, "Client", info->cipher, 1); print_stats(&info->client_stats, "Client", info->cipher, gname, 1);
#endif #endif
} }
} }
@@ -1909,19 +2065,26 @@ int bench_tls(void* args)
fprintf(stderr, "Totals for %d Threads\n", argThreadPairs); fprintf(stderr, "Totals for %d Threads\n", argThreadPairs);
} }
else { else {
fprintf(stderr, "%-6s %-33s %11s %9s %9s %9s %9s %9s %17s %15s\n", fprintf(stderr, "%-6s %-33s %-25s %11s %9s %9s %9s %9s %9s %17s %15s\n",
"Side", "Cipher", "Total Bytes", "Num Conns", "Rx ms", "Tx ms", "Side", "Cipher", "Group", "Total Bytes", "Num Conns", "Rx ms", "Tx ms",
"Rx MB/s", "Tx MB/s", "Connect Total ms", "Connect Avg ms"); "Rx MB/s", "Tx MB/s", "Connect Total ms", "Connect Avg ms");
#ifndef NO_WOLFSSL_SERVER #ifndef NO_WOLFSSL_SERVER
if (!argClientOnly) if (!argClientOnly)
print_stats(&srv_comb, "Server", theadInfo[0].cipher, 0); print_stats(&srv_comb, "Server", theadInfo[0].cipher, gname, 0);
#endif #endif
#ifndef NO_WOLFSSL_CLIENT #ifndef NO_WOLFSSL_CLIENT
if (!argServerOnly) if (!argServerOnly)
print_stats(&cli_comb, "Client", theadInfo[0].cipher, 0); print_stats(&cli_comb, "Client", theadInfo[0].cipher, gname, 0);
#endif #endif
} }
if (!argDoGroups || theadInfo[0].group == 0) {
/* We only needed to do this once because they don't want to
* benchmarks groups or this isn't a TLS 1.3 cipher. */
break;
}
}
/* target next cipher */ /* target next cipher */
cipher = (next_cipher != NULL) ? (next_cipher + 1) : NULL; cipher = (next_cipher != NULL) ? (next_cipher + 1) : NULL;
} /* while */ } /* while */