[apple/security.git] / SecurityTests / clxutils / sslHandshakeTimeRB / sslHandshakeTimeRB.cpp

/*
 * sslHandshakeTimeRB - measure SSL handshake timing, RingBuffer version (no
 *						socket I/O).
 *
 * Written by Doug Mitchell. 
 */
#include <Security/SecureTransport.h>
#include <clAppUtils/sslAppUtils.h>
#include <utilLib/common.h>
#include <clAppUtils/ringBufferIo.h>
#include <clAppUtils/sslRingBufferThreads.h>

#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <ctype.h>
#include <sys/param.h>
#include <CoreFoundation/CoreFoundation.h>
#include <security_utilities/devrandom.h>

#define DEFAULT_KC		"localcert"			/* default keychain */

/* we might make these user-tweakable */
#define DEFAULT_NUM_BUFS	16
#define DEFAULT_BUF_SIZE	1024		/* in the ring buffers */
#define LOOPS_DEF			20

static void usage(char **argv)
{
    printf("Usage: %s [option ...]\n", argv[0]);
    printf("Options:\n");
	printf("   -l loops (default= %d)\n", LOOPS_DEF);
	printf("   -k keychain (default = %s)\n", DEFAULT_KC);
	printf("   -c cipher (default = RSA/AES128\n");
	printf("      ciphers: a=RSA/AES128; r=RSA/RC4; d=RSA/DES; D=RSA/3DES;\n");
	printf("               h=DHA/RC4; H=DH/DSS/DES; A=AES256\n");
	printf("   -v version (t|2|3; default = t(TLS1)\n");
	printf("   -a (enable client authentication)\n");
    exit(1);
}

static int doTest(
	SslRingBufferArgs	*clientArgs,
	SslRingBufferArgs	*serverArgs,
	unsigned			loops,
	CFAbsoluteTime		*totalElapsedClient,	/* RETURNED */
	CFAbsoluteTime		*totalElapsedServer)	/* RETURNED */
{
	CFAbsoluteTime elapsedClient = 0.0;
	CFAbsoluteTime elapsedServer = 0.0;
	int result;
	pthread_t client_thread = NULL;
	unsigned dex;
	void *status;
	
	for(dex=0; dex<loops; dex++) {
		
		ringBufferReset(clientArgs->ringWrite);
		ringBufferReset(clientArgs->ringRead);
		clientArgs->iAmReady = false;
		serverArgs->iAmReady = false;
	
		/* fire up client thread */
		result = pthread_create(&client_thread, NULL, 
				sslRbClientThread, clientArgs);
		if(result) {
			printf("***pthread_create returned %d, aborting\n", result);
			return -1;
		}
		
		/* 
		 * And the server pseudo thread. This returns when all data has been transferred. 
		 */
		OSStatus ortn = sslRbServerThread(serverArgs);
		if(*serverArgs->abortFlag || ortn) {
			printf("***Test aborted (1).\n");
			return -1;
		}
		
		/* now wait for client */
		result = pthread_join(client_thread, &status);
		if(result || *clientArgs->abortFlag) {
			printf("***Test aborted (2).\n");
			return -1;
		}
		elapsedClient += (clientArgs->startData - clientArgs->startHandshake);
		elapsedServer += (serverArgs->startData - serverArgs->startHandshake);
	}
	*totalElapsedClient = elapsedClient;
	*totalElapsedServer = elapsedServer;
	return 0;
}

int main(int argc, char **argv)
{
	RingBuffer		serverToClientRing;
	RingBuffer		clientToServerRing;
	unsigned		numBufs = DEFAULT_NUM_BUFS;
	unsigned		bufSize = DEFAULT_BUF_SIZE;
	CFArrayRef		idArray;					/* for SSLSetCertificate */
	CFArrayRef		anchorArray;				/* trusted roots */
	SslRingBufferArgs clientArgs;
	SslRingBufferArgs serverArgs;
	SecKeychainRef	kcRef = NULL;
	SecCertificateRef anchorCert = NULL;
	SecIdentityRef	idRef = NULL;
	bool			abortFlag = false;
	bool			diffieHellman = true;		/* FIXME needs work */
	OSStatus		ortn;
	CFAbsoluteTime	clientFirst;
	CFAbsoluteTime	serverFirst;
	CFAbsoluteTime	clientTotal;
	CFAbsoluteTime	serverTotal;
	
	/* user-spec'd variables */
	char 			*kcName = DEFAULT_KC;
	SSLCipherSuite 	cipherSuite = TLS_RSA_WITH_AES_128_CBC_SHA;
	SSLProtocol 	prot = kTLSProtocol1;
	bool 			clientAuthEnable = false;
	unsigned		loops = LOOPS_DEF;
	
	extern int optind;
	extern char *optarg;
	int arg;
	optind = 1;
	while ((arg = getopt(argc, argv, "l:k:x:c:v:w:aB")) != -1) {
		switch (arg) {
			case 'l':
				loops = atoi(optarg);
				break;
			case 'k':
				kcName = optarg;
				break;
			case 'c':
				switch(optarg[0]) {
					case 'a':
						cipherSuite = TLS_RSA_WITH_AES_128_CBC_SHA;
						break;
					case 'r':
						cipherSuite = SSL_RSA_WITH_RC4_128_SHA;
						break;
					case 'd':
						cipherSuite = SSL_RSA_WITH_DES_CBC_SHA;
						break;
					case 'D':
						cipherSuite = SSL_RSA_WITH_3DES_EDE_CBC_SHA;
						break;
					case 'h':
						cipherSuite = SSL_DH_anon_WITH_RC4_128_MD5;
						diffieHellman = true;
						break;
					case 'H':
						cipherSuite = SSL_DHE_DSS_WITH_DES_CBC_SHA;
						diffieHellman = true;
						break;
					case 'A':
						cipherSuite = TLS_RSA_WITH_AES_256_CBC_SHA;
						break;
					default:
						usage(argv);
				}
				break;
			case 'v':
				switch(optarg[0]) {
					case 't':
						prot = kTLSProtocol1;
						break;
					case '2':
						prot = kSSLProtocol2;
						break;
					case '3':
						prot = kSSLProtocol3;
						break;
					default:
						usage(argv);
				}
				break;
			case 'a':
				clientAuthEnable = true;
				break;
			default:
				usage(argv);
		}
	}
	if(optind != argc) {
		usage(argv);
	}
	
	/* set up ring buffers */
	ringBufSetup(&serverToClientRing, "serveToClient", numBufs, bufSize);
	ringBufSetup(&clientToServerRing, "clientToServe", numBufs, bufSize);
	
	/* get server SecIdentity */
	idArray = getSslCerts(kcName, 
		CSSM_FALSE,		/* encryptOnly */
		CSSM_FALSE,		/* completeCertChain */
		NULL,			/* anchorFile */
		&kcRef);
	if(idArray == NULL) {
		printf("***Can't get signing cert from %s\n", kcName);
		exit(1);
	}
	idRef = (SecIdentityRef)CFArrayGetValueAtIndex(idArray, 0);
	ortn = SecIdentityCopyCertificate(idRef, &anchorCert);
	if(ortn) {
		cssmPerror("SecIdentityCopyCertificate", ortn);
		exit(1);
	}
	anchorArray = CFArrayCreate(NULL, (const void **)&anchorCert,
			1, &kCFTypeArrayCallBacks);

	CFRelease(kcRef);

	/* set up server side */
	memset(&serverArgs, 0, sizeof(serverArgs));
	serverArgs.idArray = idArray;
	serverArgs.trustedRoots = anchorArray;
	serverArgs.xferSize = 0;
	serverArgs.xferBuf = NULL;
	serverArgs.chunkSize = 0;
	serverArgs.cipherSuite = cipherSuite;
	serverArgs.prot = prot;
	serverArgs.ringWrite = &serverToClientRing;
	serverArgs.ringRead = &clientToServerRing;
	serverArgs.goFlag = &clientArgs.iAmReady;
	serverArgs.abortFlag = &abortFlag;

	/* set up client side */
	memset(&clientArgs, 0, sizeof(clientArgs));
	clientArgs.idArray = NULL;		/* until we do client auth */
	clientArgs.trustedRoots = anchorArray;
	clientArgs.xferSize = 0;
	clientArgs.xferBuf = NULL;
	clientArgs.chunkSize = 0;
	clientArgs.cipherSuite = cipherSuite;
	clientArgs.prot = prot;
	clientArgs.ringWrite = &clientToServerRing;
	clientArgs.ringRead = &serverToClientRing;
	clientArgs.goFlag = &serverArgs.iAmReady;
	clientArgs.abortFlag = &abortFlag;

	/* cold start, one loop */
	if(doTest(&clientArgs, &serverArgs, 1, &clientFirst, &serverFirst)) {
		exit(1);
	}
	
	/* now the real test */
	if(doTest(&clientArgs, &serverArgs, loops, &clientTotal, &serverTotal)) {
		exit(1);
	}
	
	printf("\n");
	
	printf("SSL Protocol Version : %s\n",
		sslGetProtocolVersionString(serverArgs.negotiatedProt));
	printf("SSL Cipher           : %s\n",
		sslGetCipherSuiteString(serverArgs.negotiatedCipher));
		
	printf("Client Handshake 1st : %f ms\n", clientFirst * 1000.0);
	printf("Server Handshake 1st : %f ms\n", serverFirst * 1000.0);
	printf("Client Handshake     : %f s in %u loops\n", clientTotal, loops);
	printf("                       %f ms per handshake\n", 
		(clientTotal * 1000.0) / loops);
	printf("Server Handshake     : %f s in %u loops\n", serverTotal, loops);
	printf("                       %f ms per handshake\n", 
		(serverTotal * 1000.0) / loops);

	return 0;
}
Commit	Line	Data
d8f41ccd A	1	/*
	2	* sslHandshakeTimeRB - measure SSL handshake timing, RingBuffer version (no
	3	* socket I/O).
	4	*
	5	* Written by Doug Mitchell.
	6	*/
	7	#include <Security/SecureTransport.h>
	8	#include <clAppUtils/sslAppUtils.h>
	9	#include <utilLib/common.h>
	10	#include <clAppUtils/ringBufferIo.h>
	11	#include <clAppUtils/sslRingBufferThreads.h>
	12
	13	#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
	14	#include <stdio.h>
	15	#include <stdlib.h>
	16	#include <string.h>
	17	#include <time.h>
	18	#include <ctype.h>
	19	#include <sys/param.h>
	20	#include <CoreFoundation/CoreFoundation.h>
	21	#include <security_utilities/devrandom.h>
	22
	23	#define DEFAULT_KC "localcert" /* default keychain */
	24
	25	/* we might make these user-tweakable */
	26	#define DEFAULT_NUM_BUFS 16
	27	#define DEFAULT_BUF_SIZE 1024 /* in the ring buffers */
	28	#define LOOPS_DEF 20
	29
	30	static void usage(char **argv)
	31	{
	32	printf("Usage: %s [option ...]\n", argv[0]);
	33	printf("Options:\n");
	34	printf(" -l loops (default= %d)\n", LOOPS_DEF);
	35	printf(" -k keychain (default = %s)\n", DEFAULT_KC);
	36	printf(" -c cipher (default = RSA/AES128\n");
	37	printf(" ciphers: a=RSA/AES128; r=RSA/RC4; d=RSA/DES; D=RSA/3DES;\n");
	38	printf(" h=DHA/RC4; H=DH/DSS/DES; A=AES256\n");
	39	printf(" -v version (t\|2\|3; default = t(TLS1)\n");
	40	printf(" -a (enable client authentication)\n");
	41	exit(1);
	42	}
	43
	44	static int doTest(
	45	SslRingBufferArgs *clientArgs,
	46	SslRingBufferArgs *serverArgs,
	47	unsigned loops,
	48	CFAbsoluteTime totalElapsedClient, / RETURNED */
	49	CFAbsoluteTime totalElapsedServer) / RETURNED */
	50	{
	51	CFAbsoluteTime elapsedClient = 0.0;
	52	CFAbsoluteTime elapsedServer = 0.0;
	53	int result;
	54	pthread_t client_thread = NULL;
	55	unsigned dex;
	56	void *status;
	57
	58	for(dex=0; dex<loops; dex++) {
	59
	60	ringBufferReset(clientArgs->ringWrite);
	61	ringBufferReset(clientArgs->ringRead);
	62	clientArgs->iAmReady = false;
	63	serverArgs->iAmReady = false;
	64
65	/* fire up client thread */
66	result = pthread_create(&client_thread, NULL,
67	sslRbClientThread, clientArgs);
68	if(result) {
69	printf("***pthread_create returned %d, aborting\n", result);
70	return -1;
71	}
72
73	/*
74	* And the server pseudo thread. This returns when all data has been transferred.
75	*/
76	OSStatus ortn = sslRbServerThread(serverArgs);
77	if(*serverArgs->abortFlag \|\| ortn) {
78	printf("***Test aborted (1).\n");
79	return -1;
80	}
81
82	/* now wait for client */
83	result = pthread_join(client_thread, &status);
84	if(result \|\| *clientArgs->abortFlag) {
85	printf("***Test aborted (2).\n");
86	return -1;
87	}
88	elapsedClient += (clientArgs->startData - clientArgs->startHandshake);
89	elapsedServer += (serverArgs->startData - serverArgs->startHandshake);
90	}
91	*totalElapsedClient = elapsedClient;
92	*totalElapsedServer = elapsedServer;
93	return 0;
94	}
95
96	int main(int argc, char **argv)
97	{
98	RingBuffer serverToClientRing;
99	RingBuffer clientToServerRing;
100	unsigned numBufs = DEFAULT_NUM_BUFS;
101	unsigned bufSize = DEFAULT_BUF_SIZE;
102	CFArrayRef idArray; /* for SSLSetCertificate */
103	CFArrayRef anchorArray; /* trusted roots */
104	SslRingBufferArgs clientArgs;
105	SslRingBufferArgs serverArgs;
106	SecKeychainRef kcRef = NULL;
107	SecCertificateRef anchorCert = NULL;
108	SecIdentityRef idRef = NULL;
109	bool abortFlag = false;
110	bool diffieHellman = true; /* FIXME needs work */
111	OSStatus ortn;
112	CFAbsoluteTime clientFirst;
113	CFAbsoluteTime serverFirst;
114	CFAbsoluteTime clientTotal;
115	CFAbsoluteTime serverTotal;
116
117	/* user-spec'd variables */
118	char *kcName = DEFAULT_KC;
119	SSLCipherSuite cipherSuite = TLS_RSA_WITH_AES_128_CBC_SHA;
120	SSLProtocol prot = kTLSProtocol1;
121	bool clientAuthEnable = false;
122	unsigned loops = LOOPS_DEF;
123
124	extern int optind;
125	extern char *optarg;
126	int arg;
127	optind = 1;
128	while ((arg = getopt(argc, argv, "l:k:x:c:v:w:aB")) != -1) {
129	switch (arg) {
130	case 'l':
131	loops = atoi(optarg);
132	break;
133	case 'k':
134	kcName = optarg;
135	break;
136	case 'c':
137	switch(optarg[0]) {
138	case 'a':
139	cipherSuite = TLS_RSA_WITH_AES_128_CBC_SHA;
140	break;
141	case 'r':
142	cipherSuite = SSL_RSA_WITH_RC4_128_SHA;
143	break;
144	case 'd':
145	cipherSuite = SSL_RSA_WITH_DES_CBC_SHA;
146	break;
147	case 'D':
148	cipherSuite = SSL_RSA_WITH_3DES_EDE_CBC_SHA;
149	break;
150	case 'h':
151	cipherSuite = SSL_DH_anon_WITH_RC4_128_MD5;
152	diffieHellman = true;
153	break;
154	case 'H':
155	cipherSuite = SSL_DHE_DSS_WITH_DES_CBC_SHA;
156	diffieHellman = true;
157	break;
158	case 'A':
159	cipherSuite = TLS_RSA_WITH_AES_256_CBC_SHA;
160	break;
161	default:
162	usage(argv);
163	}
164	break;
165	case 'v':
166	switch(optarg[0]) {
167	case 't':
168	prot = kTLSProtocol1;
169	break;
170	case '2':
171	prot = kSSLProtocol2;
172	break;
173	case '3':
174	prot = kSSLProtocol3;
175	break;
176	default:
177	usage(argv);
178	}
179	break;
180	case 'a':
181	clientAuthEnable = true;
182	break;
183	default:
184	usage(argv);
185	}
186	}
187	if(optind != argc) {
188	usage(argv);
189	}
190
191	/* set up ring buffers */
192	ringBufSetup(&serverToClientRing, "serveToClient", numBufs, bufSize);
193	ringBufSetup(&clientToServerRing, "clientToServe", numBufs, bufSize);
194
195	/* get server SecIdentity */
196	idArray = getSslCerts(kcName,
197	CSSM_FALSE, /* encryptOnly */
198	CSSM_FALSE, /* completeCertChain */
199	NULL, /* anchorFile */
200	&kcRef);
201	if(idArray == NULL) {
202	printf("***Can't get signing cert from %s\n", kcName);
203	exit(1);
204	}
205	idRef = (SecIdentityRef)CFArrayGetValueAtIndex(idArray, 0);
206	ortn = SecIdentityCopyCertificate(idRef, &anchorCert);
207	if(ortn) {
208	cssmPerror("SecIdentityCopyCertificate", ortn);
209	exit(1);
210	}
211	anchorArray = CFArrayCreate(NULL, (const void **)&anchorCert,
212	1, &kCFTypeArrayCallBacks);
213
214	CFRelease(kcRef);
215
216	/* set up server side */
217	memset(&serverArgs, 0, sizeof(serverArgs));
218	serverArgs.idArray = idArray;
219	serverArgs.trustedRoots = anchorArray;
220	serverArgs.xferSize = 0;
221	serverArgs.xferBuf = NULL;
222	serverArgs.chunkSize = 0;
223	serverArgs.cipherSuite = cipherSuite;
224	serverArgs.prot = prot;
225	serverArgs.ringWrite = &serverToClientRing;
226	serverArgs.ringRead = &clientToServerRing;
227	serverArgs.goFlag = &clientArgs.iAmReady;
228	serverArgs.abortFlag = &abortFlag;
229
230	/* set up client side */
231	memset(&clientArgs, 0, sizeof(clientArgs));
232	clientArgs.idArray = NULL; /* until we do client auth */
233	clientArgs.trustedRoots = anchorArray;
234	clientArgs.xferSize = 0;
235	clientArgs.xferBuf = NULL;
236	clientArgs.chunkSize = 0;
237	clientArgs.cipherSuite = cipherSuite;
238	clientArgs.prot = prot;
239	clientArgs.ringWrite = &clientToServerRing;
240	clientArgs.ringRead = &serverToClientRing;
241	clientArgs.goFlag = &serverArgs.iAmReady;
242	clientArgs.abortFlag = &abortFlag;
243
244	/* cold start, one loop */
245	if(doTest(&clientArgs, &serverArgs, 1, &clientFirst, &serverFirst)) {
246	exit(1);
247	}
248
249	/* now the real test */
250	if(doTest(&clientArgs, &serverArgs, loops, &clientTotal, &serverTotal)) {
251	exit(1);
252	}
253
254	printf("\n");
255
256	printf("SSL Protocol Version : %s\n",
257	sslGetProtocolVersionString(serverArgs.negotiatedProt));
258	printf("SSL Cipher : %s\n",
259	sslGetCipherSuiteString(serverArgs.negotiatedCipher));
260
261	printf("Client Handshake 1st : %f ms\n", clientFirst * 1000.0);
262	printf("Server Handshake 1st : %f ms\n", serverFirst * 1000.0);
263	printf("Client Handshake : %f s in %u loops\n", clientTotal, loops);
264	printf(" %f ms per handshake\n",
265	(clientTotal * 1000.0) / loops);
266	printf("Server Handshake : %f s in %u loops\n", serverTotal, loops);
267	printf(" %f ms per handshake\n",
268	(serverTotal * 1000.0) / loops);
269
270	return 0;
271	}
272
273
274