[apple/security.git] / SecurityTests / clxutils / sslThroughput / sslThroughput.cpp

/*
 * Measure performance of SecureTransport - setup and sustained data
 * throughput. Single process version, no sockets - all data transfer
 * between client and server is via local memory shared between two 
 * threads.  
 *
 * Written by Doug Mitchell. 
 */
#include <Security/SecureTransport.h>
#include <clAppUtils/sslAppUtils.h>
#include <utilLib/fileIo.h>
#include <utilLib/common.h>
#include <clAppUtils/ringBufferIo.h>
#include <clAppUtils/sslRingBufferThreads.h>

#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <ctype.h>
#include <sys/param.h>
#include <CoreFoundation/CoreFoundation.h>
#include <security_utilities/devrandom.h>

#define DEFAULT_KC		"localcert"			/* default keychain */
#define DEFAULT_XFER	(1024 * 1024 * 20)	/* total xfer size in bytes */

/* we might make these user-tweakable */
#define DEFAULT_NUM_BUFS	16
#define DEFAULT_BUF_SIZE	2048		/* in the ring buffers */
#define DEFAULT_CHUNK		1024		/* bytes to write per SSLWrite() */

static void usage(char **argv)
{
    printf("Usage: %s [option ...]\n", argv[0]);
    printf("Options:\n");
	printf("   -k keychain (default = %s)\n", DEFAULT_KC);
	printf("   -x transferSize (default=%d; 0=forever)\n", DEFAULT_XFER);
	printf("   -c cipher (default = RSA/AES128\n");
	printf("      ciphers: a=RSA/AES128; r=RSA/RC4; d=RSA/DES; D=RSA/3DES;\n");
	printf("               h=DHA/RC4; H=DH/DSS/DES; A=AES256\n");
	printf("   -v version (t|2|3; default = t(TLS1)\n");
	printf("   -w password  (unlock server keychain with password)\n");
	printf("   -a (enable client authentication)\n");
	printf("   -p (pause on error)\n");
	printf("   -m (pause for malloc debug)\n");
    exit(1);
}

int main(int argc, char **argv)
{
	RingBuffer		serverToClientRing;
	RingBuffer		clientToServerRing;
	unsigned		numBufs = DEFAULT_NUM_BUFS;
	unsigned		bufSize = DEFAULT_BUF_SIZE;
	unsigned		chunkSize = DEFAULT_CHUNK;
	unsigned char	clientBuf[DEFAULT_CHUNK];
	unsigned char	serverBuf[DEFAULT_CHUNK];
	CFArrayRef		idArray;					/* for SSLSetCertificate */
	CFArrayRef		anchorArray;				/* trusted roots */
	SslRingBufferArgs clientArgs;
	SslRingBufferArgs serverArgs;
	SecKeychainRef	kcRef = NULL;
	SecCertificateRef anchorCert = NULL;
	SecIdentityRef	idRef = NULL;
	bool			abortFlag = false;
	pthread_t		client_thread = NULL;
	int				result;
	bool			diffieHellman = true;		/* FIXME needs work */
	OSStatus		ortn;
	
	/* user-spec'd variables */
	char 			*kcName = DEFAULT_KC;
	unsigned 		xferSize = DEFAULT_XFER;
	SSLCipherSuite 	cipherSuite = TLS_RSA_WITH_AES_128_CBC_SHA;
	SSLProtocol 	prot = kTLSProtocol1;
	char 			password[200];
	bool 			clientAuthEnable = false;
	bool			pauseOnError = false;
	bool			runForever = false;
	bool			mallocPause = false;
	
	password[0] = 0;

	extern int optind;
	extern char *optarg;
	int arg;
	optind = 1;
	while ((arg = getopt(argc, argv, "k:x:c:v:w:aBpm")) != -1) {
		switch (arg) {
			case 'k':
				kcName = optarg;
				break;
			case 'x':
			{
				unsigned xsize = atoi(optarg);
				if(xsize == 0) {
					runForever = true;
					/* and leave xferSize alone */
				}
				else {
					xferSize = xsize;
				}
				break;
			}
			case 'c':
				switch(optarg[0]) {
					case 'a':
						cipherSuite = TLS_RSA_WITH_AES_128_CBC_SHA;
						break;
					case 'r':
						cipherSuite = SSL_RSA_WITH_RC4_128_SHA;
						break;
					case 'd':
						cipherSuite = SSL_RSA_WITH_DES_CBC_SHA;
						break;
					case 'D':
						cipherSuite = SSL_RSA_WITH_3DES_EDE_CBC_SHA;
						break;
					case 'h':
						cipherSuite = SSL_DH_anon_WITH_RC4_128_MD5;
						diffieHellman = true;
						break;
					case 'H':
						cipherSuite = SSL_DHE_DSS_WITH_DES_CBC_SHA;
						diffieHellman = true;
						break;
					case 'A':
						cipherSuite = TLS_RSA_WITH_AES_256_CBC_SHA;
						break;
					default:
						usage(argv);
				}
				break;
			case 'v':
				switch(optarg[0]) {
					case 't':
						prot = kTLSProtocol1;
						break;
					case '2':
						prot = kSSLProtocol2;
						break;
					case '3':
						prot = kSSLProtocol3;
						break;
					default:
						usage(argv);
				}
				break;
			case 'w':
				strcpy(password, optarg);
				break;
			case 'a':
				clientAuthEnable = true;
				break;
			case 'p':
				pauseOnError = true;
				break;
			case 'm':
				mallocPause = true;
				break;
			default:
				usage(argv);
		}
	}
	if(optind != argc) {
		usage(argv);
	}
	
	/* set up ring buffers */
	ringBufSetup(&serverToClientRing, "serveToClient", numBufs, bufSize);
	ringBufSetup(&clientToServerRing, "clientToServe", numBufs, bufSize);
	
	/* get server SecIdentity */
	idArray = getSslCerts(kcName, 
		CSSM_FALSE,		/* encryptOnly */
		CSSM_FALSE,		/* completeCertChain */
		NULL,			/* anchorFile */
		&kcRef);
	if(idArray == NULL) {
		printf("***Can't get signing cert from %s\n", kcName);
		exit(1);
	}
	idRef = (SecIdentityRef)CFArrayGetValueAtIndex(idArray, 0);
	ortn = SecIdentityCopyCertificate(idRef, &anchorCert);
	if(ortn) {
		cssmPerror("SecIdentityCopyCertificate", ortn);
		exit(1);
	}
	anchorArray = CFArrayCreate(NULL, (const void **)&anchorCert,
			1, &kCFTypeArrayCallBacks);

	/* unlock keychain? */
	if(password[0]) {
		ortn = SecKeychainUnlock(kcRef, strlen(password), password, true);
		if(ortn) {
			cssmPerror("SecKeychainUnlock", ortn);
			/* oh well */
		}
	}
	CFRelease(kcRef);

	if(mallocPause) {
		fpurge(stdin);
		printf("Pausing for MallocDebug setup. CR to proceed: ");
		getchar();
	}
	
	/* set up server side */
	memset(&serverArgs, 0, sizeof(serverArgs));
	serverArgs.idArray = idArray;
	serverArgs.trustedRoots = anchorArray;
	serverArgs.xferSize = xferSize;
	serverArgs.xferBuf = serverBuf;
	serverArgs.chunkSize = chunkSize;
	serverArgs.runForever = runForever;
	serverArgs.cipherSuite = cipherSuite;
	serverArgs.prot = prot;
	serverArgs.ringWrite = &serverToClientRing;
	serverArgs.ringRead = &clientToServerRing;
	serverArgs.goFlag = &clientArgs.iAmReady;
	serverArgs.abortFlag = &abortFlag;
	serverArgs.pauseOnError = pauseOnError;

	/* set up client side */
	memset(&clientArgs, 0, sizeof(clientArgs));
	clientArgs.idArray = NULL;		/* until we do client auth */
	clientArgs.trustedRoots = anchorArray;
	clientArgs.xferSize = xferSize;
	clientArgs.xferBuf = clientBuf;
	clientArgs.chunkSize = chunkSize;
	clientArgs.runForever = runForever;
	clientArgs.cipherSuite = cipherSuite;
	clientArgs.prot = prot;
	clientArgs.ringWrite = &clientToServerRing;
	clientArgs.ringRead = &serverToClientRing;
	clientArgs.goFlag = &serverArgs.iAmReady;
	clientArgs.abortFlag = &abortFlag;
	clientArgs.pauseOnError = pauseOnError;
	
	/* fire up client thread */
	result = pthread_create(&client_thread, NULL, 
			sslRbClientThread, &clientArgs);
	if(result) {
		printf("***pthread_create returned %d, aborting\n", result);
		exit(1);
	}
	
	/* 
	 * And the server pseudo thread. This returns when all data has been transferred. 
	 */
	ortn = sslRbServerThread(&serverArgs);
	
	if(abortFlag) {
		printf("***Test aborted.\n");
		exit(1);
	}
	
	printf("\n");

	if(mallocPause) {
		fpurge(stdin);
		printf("End of test. Pausing for MallocDebug analysis. CR to proceed: ");
		getchar();
	}
	
	printf("SSL Protocol Version : %s\n",
		sslGetProtocolVersionString(serverArgs.negotiatedProt));
	printf("SSL Cipher           : %s\n",
		sslGetCipherSuiteString(serverArgs.negotiatedCipher));
		
	printf("SSL Handshake        : %f s\n", 
		serverArgs.startData - serverArgs.startHandshake);
	printf("Data Transfer        : %u bytes in %f s\n", (unsigned)xferSize, 
		serverArgs.endData - serverArgs.startHandshake);
	printf("                     : %.1f Kbytes/s\n", 
			xferSize / (serverArgs.endData - serverArgs.startHandshake) / 1024.0);
	return 0;
}
Commit	Line	Data
d8f41ccd A	1	/*
	2	* Measure performance of SecureTransport - setup and sustained data
	3	* throughput. Single process version, no sockets - all data transfer
	4	* between client and server is via local memory shared between two
	5	* threads.
	6	*
	7	* Written by Doug Mitchell.
	8	*/
	9	#include <Security/SecureTransport.h>
	10	#include <clAppUtils/sslAppUtils.h>
	11	#include <utilLib/fileIo.h>
	12	#include <utilLib/common.h>
	13	#include <clAppUtils/ringBufferIo.h>
	14	#include <clAppUtils/sslRingBufferThreads.h>
	15
	16	#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
	17	#include <stdio.h>
	18	#include <stdlib.h>
	19	#include <string.h>
	20	#include <time.h>
	21	#include <ctype.h>
	22	#include <sys/param.h>
	23	#include <CoreFoundation/CoreFoundation.h>
	24	#include <security_utilities/devrandom.h>
	25
	26	#define DEFAULT_KC "localcert" /* default keychain */
	27	#define DEFAULT_XFER (1024 * 1024 * 20) /* total xfer size in bytes */
	28
	29	/* we might make these user-tweakable */
	30	#define DEFAULT_NUM_BUFS 16
	31	#define DEFAULT_BUF_SIZE 2048 /* in the ring buffers */
	32	#define DEFAULT_CHUNK 1024 /* bytes to write per SSLWrite() */
	33
	34	static void usage(char **argv)
	35	{
	36	printf("Usage: %s [option ...]\n", argv[0]);
	37	printf("Options:\n");
	38	printf(" -k keychain (default = %s)\n", DEFAULT_KC);
	39	printf(" -x transferSize (default=%d; 0=forever)\n", DEFAULT_XFER);
	40	printf(" -c cipher (default = RSA/AES128\n");
	41	printf(" ciphers: a=RSA/AES128; r=RSA/RC4; d=RSA/DES; D=RSA/3DES;\n");
	42	printf(" h=DHA/RC4; H=DH/DSS/DES; A=AES256\n");
	43	printf(" -v version (t\|2\|3; default = t(TLS1)\n");
	44	printf(" -w password (unlock server keychain with password)\n");
	45	printf(" -a (enable client authentication)\n");
	46	printf(" -p (pause on error)\n");
	47	printf(" -m (pause for malloc debug)\n");
	48	exit(1);
	49	}
	50
	51	int main(int argc, char **argv)
	52	{
	53	RingBuffer serverToClientRing;
	54	RingBuffer clientToServerRing;
	55	unsigned numBufs = DEFAULT_NUM_BUFS;
	56	unsigned bufSize = DEFAULT_BUF_SIZE;
	57	unsigned chunkSize = DEFAULT_CHUNK;
	58	unsigned char clientBuf[DEFAULT_CHUNK];
	59	unsigned char serverBuf[DEFAULT_CHUNK];
	60	CFArrayRef idArray; /* for SSLSetCertificate */
	61	CFArrayRef anchorArray; /* trusted roots */
	62	SslRingBufferArgs clientArgs;
	63	SslRingBufferArgs serverArgs;
	64	SecKeychainRef kcRef = NULL;
65	SecCertificateRef anchorCert = NULL;
66	SecIdentityRef idRef = NULL;
67	bool abortFlag = false;
68	pthread_t client_thread = NULL;
69	int result;
70	bool diffieHellman = true; /* FIXME needs work */
71	OSStatus ortn;
72
73	/* user-spec'd variables */
74	char *kcName = DEFAULT_KC;
75	unsigned xferSize = DEFAULT_XFER;
76	SSLCipherSuite cipherSuite = TLS_RSA_WITH_AES_128_CBC_SHA;
77	SSLProtocol prot = kTLSProtocol1;
78	char password[200];
79	bool clientAuthEnable = false;
80	bool pauseOnError = false;
81	bool runForever = false;
82	bool mallocPause = false;
83
84	password[0] = 0;
85
86	extern int optind;
87	extern char *optarg;
88	int arg;
89	optind = 1;
90	while ((arg = getopt(argc, argv, "k:x:c:v:w:aBpm")) != -1) {
91	switch (arg) {
92	case 'k':
93	kcName = optarg;
94	break;
95	case 'x':
96	{
97	unsigned xsize = atoi(optarg);
98	if(xsize == 0) {
99	runForever = true;
100	/* and leave xferSize alone */
101	}
102	else {
103	xferSize = xsize;
104	}
105	break;
106	}
107	case 'c':
108	switch(optarg[0]) {
109	case 'a':
110	cipherSuite = TLS_RSA_WITH_AES_128_CBC_SHA;
111	break;
112	case 'r':
113	cipherSuite = SSL_RSA_WITH_RC4_128_SHA;
114	break;
115	case 'd':
116	cipherSuite = SSL_RSA_WITH_DES_CBC_SHA;
117	break;
118	case 'D':
119	cipherSuite = SSL_RSA_WITH_3DES_EDE_CBC_SHA;
120	break;
121	case 'h':
122	cipherSuite = SSL_DH_anon_WITH_RC4_128_MD5;
123	diffieHellman = true;
124	break;
125	case 'H':
126	cipherSuite = SSL_DHE_DSS_WITH_DES_CBC_SHA;
127	diffieHellman = true;
128	break;
129	case 'A':
130	cipherSuite = TLS_RSA_WITH_AES_256_CBC_SHA;
131	break;
132	default:
133	usage(argv);
134	}
135	break;
136	case 'v':
137	switch(optarg[0]) {
138	case 't':
139	prot = kTLSProtocol1;
140	break;
141	case '2':
142	prot = kSSLProtocol2;
143	break;
144	case '3':
145	prot = kSSLProtocol3;
146	break;
147	default:
148	usage(argv);
149	}
150	break;
151	case 'w':
152	strcpy(password, optarg);
153	break;
154	case 'a':
155	clientAuthEnable = true;
156	break;
157	case 'p':
158	pauseOnError = true;
159	break;
160	case 'm':
161	mallocPause = true;
162	break;
163	default:
164	usage(argv);
165	}
166	}
167	if(optind != argc) {
168	usage(argv);
169	}
170
171	/* set up ring buffers */
172	ringBufSetup(&serverToClientRing, "serveToClient", numBufs, bufSize);
173	ringBufSetup(&clientToServerRing, "clientToServe", numBufs, bufSize);
174
175	/* get server SecIdentity */
176	idArray = getSslCerts(kcName,
177	CSSM_FALSE, /* encryptOnly */
178	CSSM_FALSE, /* completeCertChain */
179	NULL, /* anchorFile */
180	&kcRef);
181	if(idArray == NULL) {
182	printf("***Can't get signing cert from %s\n", kcName);
183	exit(1);
184	}
185	idRef = (SecIdentityRef)CFArrayGetValueAtIndex(idArray, 0);
186	ortn = SecIdentityCopyCertificate(idRef, &anchorCert);
187	if(ortn) {
188	cssmPerror("SecIdentityCopyCertificate", ortn);
189	exit(1);
190	}
191	anchorArray = CFArrayCreate(NULL, (const void **)&anchorCert,
192	1, &kCFTypeArrayCallBacks);
193
194	/* unlock keychain? */
195	if(password[0]) {
196	ortn = SecKeychainUnlock(kcRef, strlen(password), password, true);
197	if(ortn) {
198	cssmPerror("SecKeychainUnlock", ortn);
199	/* oh well */
200	}
201	}
202	CFRelease(kcRef);
203
204	if(mallocPause) {
205	fpurge(stdin);
206	printf("Pausing for MallocDebug setup. CR to proceed: ");
207	getchar();
208	}
209
210	/* set up server side */
211	memset(&serverArgs, 0, sizeof(serverArgs));
212	serverArgs.idArray = idArray;
213	serverArgs.trustedRoots = anchorArray;
214	serverArgs.xferSize = xferSize;
215	serverArgs.xferBuf = serverBuf;
216	serverArgs.chunkSize = chunkSize;
217	serverArgs.runForever = runForever;
218	serverArgs.cipherSuite = cipherSuite;
219	serverArgs.prot = prot;
220	serverArgs.ringWrite = &serverToClientRing;
221	serverArgs.ringRead = &clientToServerRing;
222	serverArgs.goFlag = &clientArgs.iAmReady;
223	serverArgs.abortFlag = &abortFlag;
224	serverArgs.pauseOnError = pauseOnError;
225
226	/* set up client side */
227	memset(&clientArgs, 0, sizeof(clientArgs));
228	clientArgs.idArray = NULL; /* until we do client auth */
229	clientArgs.trustedRoots = anchorArray;
230	clientArgs.xferSize = xferSize;
231	clientArgs.xferBuf = clientBuf;
232	clientArgs.chunkSize = chunkSize;
233	clientArgs.runForever = runForever;
234	clientArgs.cipherSuite = cipherSuite;
235	clientArgs.prot = prot;
236	clientArgs.ringWrite = &clientToServerRing;
237	clientArgs.ringRead = &serverToClientRing;
238	clientArgs.goFlag = &serverArgs.iAmReady;
239	clientArgs.abortFlag = &abortFlag;
240	clientArgs.pauseOnError = pauseOnError;
241
242	/* fire up client thread */
243	result = pthread_create(&client_thread, NULL,
244	sslRbClientThread, &clientArgs);
245	if(result) {
246	printf("***pthread_create returned %d, aborting\n", result);
247	exit(1);
248	}
249
250	/*
251	* And the server pseudo thread. This returns when all data has been transferred.
252	*/
253	ortn = sslRbServerThread(&serverArgs);
254
255	if(abortFlag) {
256	printf("***Test aborted.\n");
257	exit(1);
258	}
259
260	printf("\n");
261
262	if(mallocPause) {
263	fpurge(stdin);
264	printf("End of test. Pausing for MallocDebug analysis. CR to proceed: ");
265	getchar();
266	}
267
268	printf("SSL Protocol Version : %s\n",
269	sslGetProtocolVersionString(serverArgs.negotiatedProt));
270	printf("SSL Cipher : %s\n",
271	sslGetCipherSuiteString(serverArgs.negotiatedCipher));
272
273	printf("SSL Handshake : %f s\n",
274	serverArgs.startData - serverArgs.startHandshake);
275	printf("Data Transfer : %u bytes in %f s\n", (unsigned)xferSize,
276	serverArgs.endData - serverArgs.startHandshake);
277	printf(" : %.1f Kbytes/s\n",
278	xferSize / (serverArgs.endData - serverArgs.startHandshake) / 1024.0);
279	return 0;
280	}
281
282
283