wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 19:24:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Benchmarking the supported groups.

Browse Source
This commit is contained in:
Anthony Hu
2021-10-01 15:38:07 -04:00
parent 774bc36603
commit 2fa0114d54
1 changed files with 270 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

377
examples/benchmark/tls_bench.c
View File

@@ -243,6 +243,64 @@ static const unsigned char dhg[] =
#endif /* !NO_WOLFSSL_SERVER */ #endif /* !NO_WOLFSSL_SERVER */
#endif /* !NO_DH */ #endif /* !NO_DH */
struct group_info {
word16 group;
const char *name;
};
static struct group_info groups[] = {
{ WOLFSSL_ECC_SECP160K1, "ECC_SECP160K1" },
{ WOLFSSL_ECC_SECP160R1, "ECC_SECP160R1" },
{ WOLFSSL_ECC_SECP160R2, "ECC_SECP160R2" },
{ WOLFSSL_ECC_SECP192K1, "ECC_SECP192K1" },
{ WOLFSSL_ECC_SECP192R1, "ECC_SECP192R1" },
{ WOLFSSL_ECC_SECP224K1, "ECC_SECP224K1" },
{ WOLFSSL_ECC_SECP224R1, "ECC_SECP224R1" },
{ WOLFSSL_ECC_SECP256K1, "ECC_SECP256K1" },
{ WOLFSSL_ECC_SECP256R1, "ECC_SECP256R1" },
{ WOLFSSL_ECC_SECP384R1, "ECC_SECP384R1" },
{ WOLFSSL_ECC_SECP521R1, "ECC_SECP521R1" },
{ WOLFSSL_ECC_BRAINPOOLP256R1, "ECC_BRAINPOOLP256R1" },
{ WOLFSSL_ECC_BRAINPOOLP384R1, "ECC_BRAINPOOLP384R1" },
{ WOLFSSL_ECC_BRAINPOOLP512R1, "ECC_BRAINPOOLP512R1" },
{ WOLFSSL_ECC_X25519, "ECC_X25519" },
{ WOLFSSL_ECC_X448, "ECC_X448" },
{ WOLFSSL_FFDHE_2048, "FFDHE_2048" },
{ WOLFSSL_FFDHE_3072, "FFDHE_3072" },
{ WOLFSSL_FFDHE_4096, "FFDHE_4096" },
{ WOLFSSL_FFDHE_6144, "FFDHE_6144" },
{ WOLFSSL_FFDHE_8192, "FFDHE_8192" },
#ifdef HAVE_LIBOQS
{ WOLFSSL_NTRU_HPS_LEVEL1, "NTRU_HPS_LEVEL1" },
{ WOLFSSL_NTRU_HPS_LEVEL3, "NTRU_HPS_LEVEL3" },
{ WOLFSSL_NTRU_HPS_LEVEL5, "NTRU_HPS_LEVEL5" },
{ WOLFSSL_NTRU_HRSS_LEVEL3, "NTRU_HRSS_LEVEL3" },
{ WOLFSSL_SABER_LEVEL1, "SABER_LEVEL1" },
{ WOLFSSL_SABER_LEVEL3, "SABER_LEVEL3" },
{ WOLFSSL_SABER_LEVEL5, "SABER_LEVEL5" },
{ WOLFSSL_KYBER_LEVEL1, "KYBER_LEVEL1" },
{ WOLFSSL_KYBER_LEVEL3, "KYBER_LEVEL3" },
{ WOLFSSL_KYBER_LEVEL5, "KYBER_LEVEL5" },
{ WOLFSSL_KYBER_90S_LEVEL1, "KYBER_90S_LEVEL1" },
{ WOLFSSL_KYBER_90S_LEVEL3, "KYBER_90S_LEVEL3" },
{ WOLFSSL_KYBER_90S_LEVEL5, "KYBER_90S_LEVEL5" },
{ WOLFSSL_P256_NTRU_HPS_LEVEL1, "P256_NTRU_HPS_LEVEL1" },
{ WOLFSSL_P384_NTRU_HPS_LEVEL3, "P384_NTRU_HPS_LEVEL3" },
{ WOLFSSL_P521_NTRU_HPS_LEVEL5, "P521_NTRU_HPS_LEVEL5" },
{ WOLFSSL_P384_NTRU_HRSS_LEVEL3, "P384_NTRU_HRSS_LEVEL3" },
{ WOLFSSL_P256_SABER_LEVEL1, "P256_SABER_LEVEL1" },
{ WOLFSSL_P384_SABER_LEVEL3, "P384_SABER_LEVEL3" },
{ WOLFSSL_P521_SABER_LEVEL5, "P521_SABER_LEVEL5" },
{ WOLFSSL_P256_KYBER_LEVEL1, "P256_KYBER_LEVEL1" },
{ WOLFSSL_P384_KYBER_LEVEL3, "P384_KYBER_LEVEL3" },
{ WOLFSSL_P521_KYBER_LEVEL5, "P521_KYBER_LEVEL5" },
{ WOLFSSL_P256_KYBER_90S_LEVEL1, "P256_KYBER_90S_LEVEL1" },
{ WOLFSSL_P384_KYBER_90S_LEVEL3, "P384_KYBER_90S_LEVEL3" },
{ WOLFSSL_P521_KYBER_90S_LEVEL5, "P521_KYBER_90S_LEVEL5" },
#endif
{ 0, NULL }
};
#ifdef HAVE_PTHREAD #ifdef HAVE_PTHREAD
typedef struct { typedef struct {
unsigned char buf[MEM_BUFFER_SZ]; unsigned char buf[MEM_BUFFER_SZ];
@@ -276,6 +334,7 @@ typedef struct {
typedef struct { typedef struct {
const char* cipher; const char* cipher;
word16 group;
const char* host; const char* host;
word32 port; word32 port;
int packetSize; /* The data payload size in the packet */ int packetSize; /* The data payload size in the packet */
@@ -904,6 +963,14 @@ static int bench_tls_client(info_t* info)
goto exit; goto exit;
} }
if (info->group != 0) {
ret = wolfSSL_UseKeyShare(cli_ssl, info->group);
if (ret != WOLFSSL_SUCCESS) {
fprintf(stderr, "error setting client key share.\n");
goto exit;
}
}
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (info->doDTLS) { if (info->doDTLS) {
ret = wolfSSL_dtls_set_peer(cli_ssl, &info->serverAddr, ret = wolfSSL_dtls_set_peer(cli_ssl, &info->serverAddr,
@@ -1319,6 +1386,15 @@ static int bench_tls_server(info_t* info)
fprintf(stderr, "error creating server object\n"); fprintf(stderr, "error creating server object\n");
ret = MEMORY_E; goto exit; ret = MEMORY_E; goto exit;
} }
if (info->group != 0) {
ret = wolfSSL_UseKeyShare(srv_ssl, info->group);
if (ret != WOLFSSL_SUCCESS) {
fprintf(stderr, "error setting server key share.\n");
goto exit;
}
}
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (info->doDTLS) { if (info->doDTLS) {
ret = wolfSSL_dtls_set_peer(srv_ssl, &info->clientAddr, ret = wolfSSL_dtls_set_peer(srv_ssl, &info->clientAddr,
@@ -1485,12 +1561,12 @@ static void* server_thread(void* args)
#pragma GCC diagnostic push #pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wformat-nonliteral" #pragma GCC diagnostic ignored "-Wformat-nonliteral"
#endif #endif
static void print_stats(stats_t* wcStat, const char* desc, const char* cipher, int verbose) static void print_stats(stats_t* wcStat, const char* desc, const char* cipher, const char *group, int verbose)
{ {
const char* formatStr; const char* formatStr;
if (verbose) { if (verbose) {
formatStr = "wolfSSL %s Benchmark on %s:\n" formatStr = "wolfSSL %s Benchmark on %s with group %s:\n"
"\tTotal : %9d bytes\n" "\tTotal : %9d bytes\n"
"\tNum Conns : %9d\n" "\tNum Conns : %9d\n"
"\tRx Total : %9.3f ms\n" "\tRx Total : %9.3f ms\n"
@@ -1501,12 +1577,13 @@ static void print_stats(stats_t* wcStat, const char* desc, const char* cipher, i
"\tConnect Avg : %9.3f ms\n"; "\tConnect Avg : %9.3f ms\n";
} }
else { else {
formatStr = "%-6s %-33s %11d %9d %9.3f %9.3f %9.3f %9.3f %17.3f %15.3f\n"; formatStr = "%-6s %-33s %-25s %11d %9d %9.3f %9.3f %9.3f %9.3f %17.3f %15.3f\n";
} }
fprintf(stderr, formatStr, fprintf(stderr, formatStr,
desc, desc,
cipher, cipher,
group,
wcStat->txTotal + wcStat->rxTotal, wcStat->txTotal + wcStat->rxTotal,
wcStat->connCount, wcStat->connCount,
wcStat->rxTime * 1000, wcStat->rxTime * 1000,
@@ -1528,6 +1605,7 @@ static void Usage(void)
fprintf(stderr, "-P Port (default %d)\n", BENCH_DEFAULT_PORT); fprintf(stderr, "-P Port (default %d)\n", BENCH_DEFAULT_PORT);
fprintf(stderr, "-e List Every cipher suite available\n"); fprintf(stderr, "-e List Every cipher suite available\n");
fprintf(stderr, "-i Show peer info\n"); fprintf(stderr, "-i Show peer info\n");
fprintf(stderr, "-g Run through each of the TLS 1.3 groups that are available\n");
fprintf(stderr, "-l <str> Cipher suite list (: delimited)\n"); fprintf(stderr, "-l <str> Cipher suite list (: delimited)\n");
fprintf(stderr, "-t <num> Time <num> (seconds) to run each test (default %d)\n", BENCH_RUNTIME_SEC); fprintf(stderr, "-t <num> Time <num> (seconds) to run each test (default %d)\n", BENCH_RUNTIME_SEC);
fprintf(stderr, "-p <num> The packet size <num> in bytes [1-16kB] (default %d)\n", TEST_PACKET_SIZE); fprintf(stderr, "-p <num> The packet size <num> in bytes [1-16kB] (default %d)\n", TEST_PACKET_SIZE);
@@ -1558,6 +1636,54 @@ static void ShowCiphers(void)
fprintf(stderr, "%s\n", ciphers); fprintf(stderr, "%s\n", ciphers);
} }
static int SetupSupportedGroups(int verbose) {
int i;
WOLFSSL_CTX* ctx = NULL;
WOLFSSL* ssl = NULL;
int ret = 0;
if (ret == 0) {
ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
if (ctx == NULL) {
ret = -1;
}
}
if (ret == 0) {
ssl = wolfSSL_new(ctx);
if (ssl == NULL) {
ret = -1;
}
}
/* Determine which groups are actually supported. */
for (i = 0; groups[i].name != NULL; i++) {
if (ret == 0) {
int uks_ret = wolfSSL_UseKeyShare(ssl, groups[i].group);
if (uks_ret == WOLFSSL_SUCCESS) {
if (verbose) {
printf("Will benchmark the following group; %s\n",
groups[i].name);
}
} else if (uks_ret == BAD_FUNC_ARG || uks_ret == NOT_COMPILED_IN) {
groups[i].group = 0;
if (verbose) {
printf("Will NOT benchmark the following group; %s\n",
groups[i].name);
}
} else {
ret = -1;
}
}
}
if (ssl != NULL)
wolfSSL_free(ssl);
if (ctx != NULL)
wolfSSL_CTX_free(ctx);
return ret;
}
#ifdef __GNUC__ #ifdef __GNUC__
#pragma GCC diagnostic pop #pragma GCC diagnostic pop
#endif #endif
@@ -1568,6 +1694,7 @@ int bench_tls(void* args)
info_t *theadInfo = NULL, *info; info_t *theadInfo = NULL, *info;
stats_t cli_comb, srv_comb; stats_t cli_comb, srv_comb;
int i; int i;
int group_index;
char *cipher, *next_cipher, *ciphers = NULL; char *cipher, *next_cipher, *ciphers = NULL;
int argc = 0; int argc = 0;
char** argv = NULL; char** argv = NULL;
@@ -1598,6 +1725,8 @@ int bench_tls(void* args)
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
int doDTLS = 0; int doDTLS = 0;
#endif #endif
int argDoGroups = 0;
if (args != NULL) { if (args != NULL) {
argc = ((func_args*)args)->argc; argc = ((func_args*)args)->argc;
argv = ((func_args*)args)->argv; argv = ((func_args*)args)->argv;
@@ -1608,7 +1737,7 @@ int bench_tls(void* args)
wolfSSL_Init(); wolfSSL_Init();
/* Parse command line arguments */ /* Parse command line arguments */
while ((ch = mygetopt(argc, argv, "?" "udeil:p:t:vT:sch:P:mS:")) != -1) { while ((ch = mygetopt(argc, argv, "?" "udeil:p:t:vT:sch:P:mS:g")) != -1) {
switch (ch) { switch (ch) {
case '?' : case '?' :
Usage(); Usage();
@@ -1640,6 +1769,10 @@ int bench_tls(void* args)
ShowCiphers(); ShowCiphers();
goto exit; goto exit;
case 'g' :
argDoGroups = 1;
break;
case 'i' : case 'i' :
argShowPeerInfo = 1; argShowPeerInfo = 1;
break; break;
@@ -1717,6 +1850,12 @@ int bench_tls(void* args)
cipher = ciphers; cipher = ciphers;
} }
if (argDoGroups) {
if (SetupSupportedGroups(argShowVerbose) != 0) {
goto exit;
}
}
/* for server or client side only, only 1 thread is allowed */ /* for server or client side only, only 1 thread is allowed */
if (argServerOnly || argClientOnly) { if (argServerOnly || argClientOnly) {
argThreadPairs = 1; argThreadPairs = 1;
@@ -1780,146 +1919,170 @@ int bench_tls(void* args)
fprintf(stderr, "Cipher: %s\n", cipher); fprintf(stderr, "Cipher: %s\n", cipher);
} }
for (i=0; i<argThreadPairs; i++) { for (group_index = 0; groups[group_index].name != NULL; group_index++) {
info = &theadInfo[i];
XMEMSET(info, 0, sizeof(info_t));
info->host = argHost; if (argDoGroups && groups[group_index].group == 0) {
info->port = argPort + i; /* threads must have separate ports */ /* Skip unsupported group. */
info->cipher = cipher; continue;
info->packetSize = argTestPacketSize; }
info->runTimeSec = argRuntimeSec; for (i=0; i<argThreadPairs; i++) {
info->maxSize = argTestMaxSize; info = &theadInfo[i];
info->showPeerInfo = argShowPeerInfo; XMEMSET(info, 0, sizeof(info_t));
info->showVerbose = argShowVerbose;
info->host = argHost;
info->port = argPort + i; /* threads must have separate ports */
info->cipher = cipher;
if (argDoGroups && XSTRNCMP(theadInfo[0].cipher, "TLS13", 5) == 0)
info->group = groups[group_index].group;
else
info->group = 0;
info->packetSize = argTestPacketSize;
info->runTimeSec = argRuntimeSec;
info->maxSize = argTestMaxSize;
info->showPeerInfo = argShowPeerInfo;
info->showVerbose = argShowVerbose;
#ifndef NO_WOLFSSL_SERVER #ifndef NO_WOLFSSL_SERVER
info->listenFd = listenFd; info->listenFd = listenFd;
#endif #endif
info->client.sockFd = -1; info->client.sockFd = -1;
info->server.sockFd = -1; info->server.sockFd = -1;
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
info->doDTLS = doDTLS; info->doDTLS = doDTLS;
#ifdef HAVE_PTHREAD #ifdef HAVE_PTHREAD
info->serverReady = 0; info->serverReady = 0;
if (argServerOnly || argClientOnly) { if (argServerOnly || argClientOnly) {
info->clientOrserverOnly = 1; info->clientOrserverOnly = 1;
} }
#endif #endif
#endif #endif
if (argClientOnly) { if (argClientOnly) {
#ifndef NO_WOLFSSL_CLIENT #ifndef NO_WOLFSSL_CLIENT
ret = bench_tls_client(info); ret = bench_tls_client(info);
#endif #endif
} }
else if (argServerOnly) { else if (argServerOnly) {
#ifndef NO_WOLFSSL_SERVER #ifndef NO_WOLFSSL_SERVER
ret = bench_tls_server(info); ret = bench_tls_server(info);
#endif #endif
} }
else { else {
#ifdef HAVE_PTHREAD #ifdef HAVE_PTHREAD
info->useLocalMem = argLocalMem; info->useLocalMem = argLocalMem;
pthread_mutex_init(&info->to_server.mutex, NULL); pthread_mutex_init(&info->to_server.mutex, NULL);
pthread_mutex_init(&info->to_client.mutex, NULL); pthread_mutex_init(&info->to_client.mutex, NULL);
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
pthread_mutex_init(&info->dtls_mutex, NULL); pthread_mutex_init(&info->dtls_mutex, NULL);
pthread_cond_init(&info->dtls_cond, NULL); pthread_cond_init(&info->dtls_cond, NULL);
#endif #endif
pthread_cond_init(&info->to_server.cond, NULL); pthread_cond_init(&info->to_server.cond, NULL);
pthread_cond_init(&info->to_client.cond, NULL); pthread_cond_init(&info->to_client.cond, NULL);
pthread_create(&info->to_server.tid, NULL, server_thread, info); pthread_create(&info->to_server.tid, NULL, server_thread,
pthread_create(&info->to_client.tid, NULL, client_thread, info); info);
pthread_create(&info->to_client.tid, NULL, client_thread,
info);
/* State that we won't be joining this thread */ /* State that we won't be joining this thread */
pthread_detach(info->to_server.tid); pthread_detach(info->to_server.tid);
pthread_detach(info->to_client.tid); pthread_detach(info->to_client.tid);
#endif #endif
}
} }
}
#ifdef HAVE_PTHREAD #ifdef HAVE_PTHREAD
/* For threading, wait for completion */ /* For threading, wait for completion */
if (!argClientOnly && !argServerOnly) { if (!argClientOnly && !argServerOnly) {
/* Wait until threads are marked done */ /* Wait until threads are marked done */
do { do {
doShutdown = 1; doShutdown = 1;
for (i = 0; i < argThreadPairs; ++i) {
info = &theadInfo[i];
if (!info->to_client.done || !info->to_server.done) {
doShutdown = 0;
XSLEEP_MS(1000); /* Allow other threads to run */
}
for (i = 0; i < argThreadPairs; ++i) {
info = &theadInfo[i];
if (!info->to_client.done || !info->to_server.done) {
doShutdown = 0;
XSLEEP_MS(1000); /* Allow other threads to run */
} }
} while (!doShutdown);
if (argShowVerbose) {
fprintf(stderr, "Shutdown complete\n");
} }
} while (!doShutdown);
if (argShowVerbose) {
fprintf(stderr, "Shutdown complete\n");
} }
}
#endif /* HAVE_PTHREAD */ #endif /* HAVE_PTHREAD */
if (argShowVerbose) { const char *gname = theadInfo[0].group == 0 ?
/* print results */ "N/A" : groups[group_index].name;
if (argShowVerbose) {
/* print results */
for (i = 0; i < argThreadPairs; ++i) {
info = &theadInfo[i];
fprintf(stderr, "\nThread %d\n", i);
#ifndef NO_WOLFSSL_SERVER
if (!argClientOnly)
print_stats(&info->server_stats, "Server", info->cipher, gname, 1);
#endif
#ifndef NO_WOLFSSL_CLIENT
if (!argServerOnly)
print_stats(&info->client_stats, "Client", info->cipher, gname, 1);
#endif
}
}
/* print combined results for more than one thread */
XMEMSET(&cli_comb, 0, sizeof(cli_comb));
XMEMSET(&srv_comb, 0, sizeof(srv_comb));
for (i = 0; i < argThreadPairs; ++i) { for (i = 0; i < argThreadPairs; ++i) {
info = &theadInfo[i]; info = &theadInfo[i];
fprintf(stderr, "\nThread %d\n", i); cli_comb.connCount += info->client_stats.connCount;
#ifndef NO_WOLFSSL_SERVER srv_comb.connCount += info->server_stats.connCount;
if (!argClientOnly)
print_stats(&info->server_stats, "Server", info->cipher, 1); cli_comb.connTime += info->client_stats.connTime;
#endif srv_comb.connTime += info->server_stats.connTime;
#ifndef NO_WOLFSSL_CLIENT
if (!argServerOnly) cli_comb.rxTotal += info->client_stats.rxTotal;
print_stats(&info->client_stats, "Client", info->cipher, 1); srv_comb.rxTotal += info->server_stats.rxTotal;
#endif
cli_comb.rxTime += info->client_stats.rxTime;
srv_comb.rxTime += info->server_stats.rxTime;
cli_comb.txTotal += info->client_stats.txTotal;
srv_comb.txTotal += info->server_stats.txTotal;
cli_comb.txTime += info->client_stats.txTime;
srv_comb.txTime += info->server_stats.txTime;
} }
}
/* print combined results for more than one thread */ if (argShowVerbose) {
XMEMSET(&cli_comb, 0, sizeof(cli_comb)); fprintf(stderr, "Totals for %d Threads\n", argThreadPairs);
XMEMSET(&srv_comb, 0, sizeof(srv_comb)); }
else {
for (i = 0; i < argThreadPairs; ++i) { fprintf(stderr, "%-6s %-33s %-25s %11s %9s %9s %9s %9s %9s %17s %15s\n",
info = &theadInfo[i]; "Side", "Cipher", "Group", "Total Bytes", "Num Conns", "Rx ms", "Tx ms",
"Rx MB/s", "Tx MB/s", "Connect Total ms", "Connect Avg ms");
cli_comb.connCount += info->client_stats.connCount;
srv_comb.connCount += info->server_stats.connCount;
cli_comb.connTime += info->client_stats.connTime;
srv_comb.connTime += info->server_stats.connTime;
cli_comb.rxTotal += info->client_stats.rxTotal;
srv_comb.rxTotal += info->server_stats.rxTotal;
cli_comb.rxTime += info->client_stats.rxTime;
srv_comb.rxTime += info->server_stats.rxTime;
cli_comb.txTotal += info->client_stats.txTotal;
srv_comb.txTotal += info->server_stats.txTotal;
cli_comb.txTime += info->client_stats.txTime;
srv_comb.txTime += info->server_stats.txTime;
}
if (argShowVerbose) {
fprintf(stderr, "Totals for %d Threads\n", argThreadPairs);
}
else {
fprintf(stderr, "%-6s %-33s %11s %9s %9s %9s %9s %9s %17s %15s\n",
"Side", "Cipher", "Total Bytes", "Num Conns", "Rx ms", "Tx ms",
"Rx MB/s", "Tx MB/s", "Connect Total ms", "Connect Avg ms");
#ifndef NO_WOLFSSL_SERVER #ifndef NO_WOLFSSL_SERVER
if (!argClientOnly) if (!argClientOnly)
print_stats(&srv_comb, "Server", theadInfo[0].cipher, 0); print_stats(&srv_comb, "Server", theadInfo[0].cipher, gname, 0);
#endif #endif
#ifndef NO_WOLFSSL_CLIENT #ifndef NO_WOLFSSL_CLIENT
if (!argServerOnly) if (!argServerOnly)
print_stats(&cli_comb, "Client", theadInfo[0].cipher, 0); print_stats(&cli_comb, "Client", theadInfo[0].cipher, gname, 0);
#endif #endif
}
if (!argDoGroups || theadInfo[0].group == 0) {
/* We only needed to do this once because they don't want to
* benchmarks groups or this isn't a TLS 1.3 cipher. */
break;
}
} }
/* target next cipher */ /* target next cipher */