wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 20:54:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4444 from anhu/pq_bench

Browse Source 
Benchmarking the supported groups.
This commit is contained in:
David Garske
2021-10-05 09:52:51 -07:00
committed by GitHub
parent 43ffe26133 41b9b14cfb
commit da15356c2a
1 changed files with 297 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

213
examples/benchmark/tls_bench.c
View File

@@ -243,6 +243,64 @@ static const unsigned char dhg[] =
#endif /* !NO_WOLFSSL_SERVER */
#endif /* !NO_DH */
struct group_info {
word16 group;
const char *name;
};
static struct group_info groups[] = {
{ WOLFSSL_ECC_SECP160K1, "ECC_SECP160K1" },
{ WOLFSSL_ECC_SECP160R1, "ECC_SECP160R1" },
{ WOLFSSL_ECC_SECP160R2, "ECC_SECP160R2" },
{ WOLFSSL_ECC_SECP192K1, "ECC_SECP192K1" },
{ WOLFSSL_ECC_SECP192R1, "ECC_SECP192R1" },
{ WOLFSSL_ECC_SECP224K1, "ECC_SECP224K1" },
{ WOLFSSL_ECC_SECP224R1, "ECC_SECP224R1" },
{ WOLFSSL_ECC_SECP256K1, "ECC_SECP256K1" },
{ WOLFSSL_ECC_SECP256R1, "ECC_SECP256R1" },
{ WOLFSSL_ECC_SECP384R1, "ECC_SECP384R1" },
{ WOLFSSL_ECC_SECP521R1, "ECC_SECP521R1" },
{ WOLFSSL_ECC_BRAINPOOLP256R1, "ECC_BRAINPOOLP256R1" },
{ WOLFSSL_ECC_BRAINPOOLP384R1, "ECC_BRAINPOOLP384R1" },
{ WOLFSSL_ECC_BRAINPOOLP512R1, "ECC_BRAINPOOLP512R1" },
{ WOLFSSL_ECC_X25519, "ECC_X25519" },
{ WOLFSSL_ECC_X448, "ECC_X448" },
{ WOLFSSL_FFDHE_2048, "FFDHE_2048" },
{ WOLFSSL_FFDHE_3072, "FFDHE_3072" },
{ WOLFSSL_FFDHE_4096, "FFDHE_4096" },
{ WOLFSSL_FFDHE_6144, "FFDHE_6144" },
{ WOLFSSL_FFDHE_8192, "FFDHE_8192" },
#ifdef HAVE_LIBOQS
{ WOLFSSL_NTRU_HPS_LEVEL1, "NTRU_HPS_LEVEL1" },
{ WOLFSSL_NTRU_HPS_LEVEL3, "NTRU_HPS_LEVEL3" },
{ WOLFSSL_NTRU_HPS_LEVEL5, "NTRU_HPS_LEVEL5" },
{ WOLFSSL_NTRU_HRSS_LEVEL3, "NTRU_HRSS_LEVEL3" },
{ WOLFSSL_SABER_LEVEL1, "SABER_LEVEL1" },
{ WOLFSSL_SABER_LEVEL3, "SABER_LEVEL3" },
{ WOLFSSL_SABER_LEVEL5, "SABER_LEVEL5" },
{ WOLFSSL_KYBER_LEVEL1, "KYBER_LEVEL1" },
{ WOLFSSL_KYBER_LEVEL3, "KYBER_LEVEL3" },
{ WOLFSSL_KYBER_LEVEL5, "KYBER_LEVEL5" },
{ WOLFSSL_KYBER_90S_LEVEL1, "KYBER_90S_LEVEL1" },
{ WOLFSSL_KYBER_90S_LEVEL3, "KYBER_90S_LEVEL3" },
{ WOLFSSL_KYBER_90S_LEVEL5, "KYBER_90S_LEVEL5" },
{ WOLFSSL_P256_NTRU_HPS_LEVEL1, "P256_NTRU_HPS_LEVEL1" },
{ WOLFSSL_P384_NTRU_HPS_LEVEL3, "P384_NTRU_HPS_LEVEL3" },
{ WOLFSSL_P521_NTRU_HPS_LEVEL5, "P521_NTRU_HPS_LEVEL5" },
{ WOLFSSL_P384_NTRU_HRSS_LEVEL3, "P384_NTRU_HRSS_LEVEL3" },
{ WOLFSSL_P256_SABER_LEVEL1, "P256_SABER_LEVEL1" },
{ WOLFSSL_P384_SABER_LEVEL3, "P384_SABER_LEVEL3" },
{ WOLFSSL_P521_SABER_LEVEL5, "P521_SABER_LEVEL5" },
{ WOLFSSL_P256_KYBER_LEVEL1, "P256_KYBER_LEVEL1" },
{ WOLFSSL_P384_KYBER_LEVEL3, "P384_KYBER_LEVEL3" },
{ WOLFSSL_P521_KYBER_LEVEL5, "P521_KYBER_LEVEL5" },
{ WOLFSSL_P256_KYBER_90S_LEVEL1, "P256_KYBER_90S_LEVEL1" },
{ WOLFSSL_P384_KYBER_90S_LEVEL3, "P384_KYBER_90S_LEVEL3" },
{ WOLFSSL_P521_KYBER_90S_LEVEL5, "P521_KYBER_90S_LEVEL5" },
#endif
{ 0, NULL }
};
#ifdef HAVE_PTHREAD
typedef struct {
unsigned char buf[MEM_BUFFER_SZ];
@@ -276,6 +334,7 @@ typedef struct {
typedef struct {
const char* cipher;
word16 group;
const char* host;
word32 port;
int packetSize; /* The data payload size in the packet */
@@ -904,6 +963,16 @@ static int bench_tls_client(info_t* info)
goto exit;
}
#ifdef WOLFSSL_TLS13
if (info->group != 0) {
ret = wolfSSL_UseKeyShare(cli_ssl, info->group);
if (ret != WOLFSSL_SUCCESS) {
fprintf(stderr, "error setting client key share.\n");
goto exit;
}
}
#endif
#ifdef WOLFSSL_DTLS
if (info->doDTLS) {
ret = wolfSSL_dtls_set_peer(cli_ssl, &info->serverAddr,
@@ -1319,6 +1388,17 @@ static int bench_tls_server(info_t* info)
fprintf(stderr, "error creating server object\n");
ret = MEMORY_E; goto exit;
}
#ifdef WOLFSSL_TLS13
if (info->group != 0) {
ret = wolfSSL_UseKeyShare(srv_ssl, info->group);
if (ret != WOLFSSL_SUCCESS) {
fprintf(stderr, "error setting server key share.\n");
goto exit;
}
}
#endif
#ifdef WOLFSSL_DTLS
if (info->doDTLS) {
ret = wolfSSL_dtls_set_peer(srv_ssl, &info->clientAddr,
@@ -1485,12 +1565,12 @@ static void* server_thread(void* args)
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wformat-nonliteral"
#endif
static void print_stats(stats_t* wcStat, const char* desc, const char* cipher, int verbose)
static void print_stats(stats_t* wcStat, const char* desc, const char* cipher, const char *group, int verbose)
{
const char* formatStr;
if (verbose) {
formatStr = "wolfSSL %s Benchmark on %s:\n"
formatStr = "wolfSSL %s Benchmark on %s with group %s:\n"
"\tTotal : %9d bytes\n"
"\tNum Conns : %9d\n"
"\tRx Total : %9.3f ms\n"
@@ -1501,12 +1581,13 @@ static void print_stats(stats_t* wcStat, const char* desc, const char* cipher, i
"\tConnect Avg : %9.3f ms\n";
}
else {
formatStr = "%-6s %-33s %11d %9d %9.3f %9.3f %9.3f %9.3f %17.3f %15.3f\n";
formatStr = "%-6s %-33s %-25s %11d %9d %9.3f %9.3f %9.3f %9.3f %17.3f %15.3f\n";
}
fprintf(stderr, formatStr,
desc,
cipher,
group,
wcStat->txTotal + wcStat->rxTotal,
wcStat->connCount,
wcStat->rxTime * 1000,
@@ -1528,6 +1609,9 @@ static void Usage(void)
fprintf(stderr, "-P Port (default %d)\n", BENCH_DEFAULT_PORT);
fprintf(stderr, "-e List Every cipher suite available\n");
fprintf(stderr, "-i Show peer info\n");
#ifdef WOLFSSL_TLS13
fprintf(stderr, "-g Run through each of the TLS 1.3 groups that are available\n");
#endif
fprintf(stderr, "-l <str> Cipher suite list (: delimited)\n");
fprintf(stderr, "-t <num> Time <num> (seconds) to run each test (default %d)\n", BENCH_RUNTIME_SEC);
fprintf(stderr, "-p <num> The packet size <num> in bytes [1-16kB] (default %d)\n", TEST_PACKET_SIZE);
@@ -1558,6 +1642,61 @@ static void ShowCiphers(void)
fprintf(stderr, "%s\n", ciphers);
}
#ifdef WOLFSSL_TLS13
static int SetupSupportedGroups(int verbose)
{
int i;
WOLFSSL_CTX* ctx = NULL;
WOLFSSL* ssl = NULL;
int ret = 0;
if (ret == 0) {
#ifdef NO_WOLFSSL_CLIENT
ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method());
#else
ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
#endif
if (ctx == NULL) {
ret = -1;
}
}
if (ret == 0) {
ssl = wolfSSL_new(ctx);
if (ssl == NULL) {
ret = -1;
}
}
/* Determine which groups are actually supported. */
for (i = 0; groups[i].name != NULL; i++) {
if (ret == 0) {
int uks_ret = wolfSSL_UseKeyShare(ssl, groups[i].group);
if (uks_ret == WOLFSSL_SUCCESS) {
if (verbose) {
printf("Will benchmark the following group: %s\n",
groups[i].name);
}
} else if (uks_ret == BAD_FUNC_ARG || uks_ret == NOT_COMPILED_IN) {
groups[i].group = 0;
if (verbose) {
printf("Will NOT benchmark the following group: %s\n",
groups[i].name);
}
} else {
ret = -1;
}
}
}
if (ssl != NULL)
wolfSSL_free(ssl);
if (ctx != NULL)
wolfSSL_CTX_free(ctx);
return ret;
}
#endif
#ifdef __GNUC__
#pragma GCC diagnostic pop
#endif
@@ -1568,6 +1707,7 @@ int bench_tls(void* args)
info_t *theadInfo = NULL, *info;
stats_t cli_comb, srv_comb;
int i;
int group_index;
char *cipher, *next_cipher, *ciphers = NULL;
int argc = 0;
char** argv = NULL;
@@ -1598,6 +1738,10 @@ int bench_tls(void* args)
#ifdef WOLFSSL_DTLS
int doDTLS = 0;
#endif
#ifdef WOLFSSL_TLS13
int argDoGroups = 0;
#endif
if (args != NULL) {
argc = ((func_args*)args)->argc;
argv = ((func_args*)args)->argv;
@@ -1608,7 +1752,7 @@ int bench_tls(void* args)
wolfSSL_Init();
/* Parse command line arguments */
while ((ch = mygetopt(argc, argv, "?" "udeil:p:t:vT:sch:P:mS:")) != -1) {
while ((ch = mygetopt(argc, argv, "?" "udeil:p:t:vT:sch:P:mS:g")) != -1) {
switch (ch) {
case '?' :
Usage();
@@ -1640,6 +1784,15 @@ int bench_tls(void* args)
ShowCiphers();
goto exit;
case 'g' :
#ifdef WOLFSSL_TLS13
argDoGroups = 1;
break;
#else
fprintf(stderr, "There are only groups in TLS 1.3\n");
Usage();
ret = MY_EX_USAGE; goto exit;
#endif
case 'i' :
argShowPeerInfo = 1;
break;
@@ -1717,6 +1870,14 @@ int bench_tls(void* args)
cipher = ciphers;
}
#ifdef WOLFSSL_TLS13
if (argDoGroups) {
if (SetupSupportedGroups(argShowVerbose) != 0) {
goto exit;
}
}
#endif
/* for server or client side only, only 1 thread is allowed */
if (argServerOnly || argClientOnly) {
argThreadPairs = 1;
@@ -1780,6 +1941,14 @@ int bench_tls(void* args)
fprintf(stderr, "Cipher: %s\n", cipher);
}
#ifdef WOLFSSL_TLS13
for (group_index = 0; groups[group_index].name != NULL; group_index++) {
if (argDoGroups && groups[group_index].group == 0) {
/* Skip unsupported group. */
continue;
}
#endif
for (i=0; i<argThreadPairs; i++) {
info = &theadInfo[i];
XMEMSET(info, 0, sizeof(info_t));
@@ -1787,6 +1956,14 @@ int bench_tls(void* args)
info->host = argHost;
info->port = argPort + i; /* threads must have separate ports */
info->cipher = cipher;
#ifdef WOLFSSL_TLS13
if (argDoGroups && XSTRNCMP(theadInfo[0].cipher, "TLS13", 5) == 0)
info->group = groups[group_index].group;
else
#endif
info->group = 0;
info->packetSize = argTestPacketSize;
info->runTimeSec = argRuntimeSec;
@@ -1830,8 +2007,10 @@ int bench_tls(void* args)
pthread_cond_init(&info->to_server.cond, NULL);
pthread_cond_init(&info->to_client.cond, NULL);
pthread_create(&info->to_server.tid, NULL, server_thread, info);
pthread_create(&info->to_client.tid, NULL, client_thread, info);
pthread_create(&info->to_server.tid, NULL, server_thread,
info);
pthread_create(&info->to_client.tid, NULL, client_thread,
info);
/* State that we won't be joining this thread */
pthread_detach(info->to_server.tid);
@@ -1862,6 +2041,8 @@ int bench_tls(void* args)
}
#endif /* HAVE_PTHREAD */
const char *gname = theadInfo[0].group == 0 ?
"N/A" : groups[group_index].name;
if (argShowVerbose) {
/* print results */
for (i = 0; i < argThreadPairs; ++i) {
@@ -1870,11 +2051,11 @@ int bench_tls(void* args)
fprintf(stderr, "\nThread %d\n", i);
#ifndef NO_WOLFSSL_SERVER
if (!argClientOnly)
print_stats(&info->server_stats, "Server", info->cipher, 1);
print_stats(&info->server_stats, "Server", info->cipher, gname, 1);
#endif
#ifndef NO_WOLFSSL_CLIENT
if (!argServerOnly)
print_stats(&info->client_stats, "Client", info->cipher, 1);
print_stats(&info->client_stats, "Client", info->cipher, gname, 1);
#endif
}
}
@@ -1909,19 +2090,27 @@ int bench_tls(void* args)
fprintf(stderr, "Totals for %d Threads\n", argThreadPairs);
}
else {
fprintf(stderr, "%-6s %-33s %11s %9s %9s %9s %9s %9s %17s %15s\n",
"Side", "Cipher", "Total Bytes", "Num Conns", "Rx ms", "Tx ms",
fprintf(stderr, "%-6s %-33s %-25s %11s %9s %9s %9s %9s %9s %17s %15s\n",
"Side", "Cipher", "Group", "Total Bytes", "Num Conns", "Rx ms", "Tx ms",
"Rx MB/s", "Tx MB/s", "Connect Total ms", "Connect Avg ms");
#ifndef NO_WOLFSSL_SERVER
if (!argClientOnly)
print_stats(&srv_comb, "Server", theadInfo[0].cipher, 0);
print_stats(&srv_comb, "Server", theadInfo[0].cipher, gname, 0);
#endif
#ifndef NO_WOLFSSL_CLIENT
if (!argServerOnly)
print_stats(&cli_comb, "Client", theadInfo[0].cipher, 0);
print_stats(&cli_comb, "Client", theadInfo[0].cipher, gname, 0);
#endif
}
#ifdef WOLFSSL_TLS13
if (!argDoGroups || theadInfo[0].group == 0) {
/* We only needed to do this once because they don't want to
* benchmarks groups or this isn't a TLS 1.3 cipher. */
break;
}
}
#endif
/* target next cipher */
cipher = (next_cipher != NULL) ? (next_cipher + 1) : NULL;
} /* while */