--- /dev/null
+/*
+ * sslHandshakeTimeRB - measure SSL handshake timing, RingBuffer version (no
+ * socket I/O).
+ *
+ * Written by Doug Mitchell.
+ */
+#include <Security/SecureTransport.h>
+#include <clAppUtils/sslAppUtils.h>
+#include <utilLib/common.h>
+#include <clAppUtils/ringBufferIo.h>
+#include <clAppUtils/sslRingBufferThreads.h>
+
+#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <ctype.h>
+#include <sys/param.h>
+#include <CoreFoundation/CoreFoundation.h>
+#include <security_utilities/devrandom.h>
+
+#define DEFAULT_KC "localcert" /* default keychain */
+
+/* we might make these user-tweakable */
+#define DEFAULT_NUM_BUFS 16
+#define DEFAULT_BUF_SIZE 1024 /* in the ring buffers */
+#define LOOPS_DEF 20
+
+static void usage(char **argv)
+{
+ printf("Usage: %s [option ...]\n", argv[0]);
+ printf("Options:\n");
+ printf(" -l loops (default= %d)\n", LOOPS_DEF);
+ printf(" -k keychain (default = %s)\n", DEFAULT_KC);
+ printf(" -c cipher (default = RSA/AES128\n");
+ printf(" ciphers: a=RSA/AES128; r=RSA/RC4; d=RSA/DES; D=RSA/3DES;\n");
+ printf(" h=DHA/RC4; H=DH/DSS/DES; A=AES256\n");
+ printf(" -v version (t|2|3; default = t(TLS1)\n");
+ printf(" -a (enable client authentication)\n");
+ exit(1);
+}
+
+static int doTest(
+ SslRingBufferArgs *clientArgs,
+ SslRingBufferArgs *serverArgs,
+ unsigned loops,
+ CFAbsoluteTime *totalElapsedClient, /* RETURNED */
+ CFAbsoluteTime *totalElapsedServer) /* RETURNED */
+{
+ CFAbsoluteTime elapsedClient = 0.0;
+ CFAbsoluteTime elapsedServer = 0.0;
+ int result;
+ pthread_t client_thread = NULL;
+ unsigned dex;
+ void *status;
+
+ for(dex=0; dex<loops; dex++) {
+
+ ringBufferReset(clientArgs->ringWrite);
+ ringBufferReset(clientArgs->ringRead);
+ clientArgs->iAmReady = false;
+ serverArgs->iAmReady = false;
+
+ /* fire up client thread */
+ result = pthread_create(&client_thread, NULL,
+ sslRbClientThread, clientArgs);
+ if(result) {
+ printf("***pthread_create returned %d, aborting\n", result);
+ return -1;
+ }
+
+ /*
+ * And the server pseudo thread. This returns when all data has been transferred.
+ */
+ OSStatus ortn = sslRbServerThread(serverArgs);
+ if(*serverArgs->abortFlag || ortn) {
+ printf("***Test aborted (1).\n");
+ return -1;
+ }
+
+ /* now wait for client */
+ result = pthread_join(client_thread, &status);
+ if(result || *clientArgs->abortFlag) {
+ printf("***Test aborted (2).\n");
+ return -1;
+ }
+ elapsedClient += (clientArgs->startData - clientArgs->startHandshake);
+ elapsedServer += (serverArgs->startData - serverArgs->startHandshake);
+ }
+ *totalElapsedClient = elapsedClient;
+ *totalElapsedServer = elapsedServer;
+ return 0;
+}
+
+int main(int argc, char **argv)
+{
+ RingBuffer serverToClientRing;
+ RingBuffer clientToServerRing;
+ unsigned numBufs = DEFAULT_NUM_BUFS;
+ unsigned bufSize = DEFAULT_BUF_SIZE;
+ CFArrayRef idArray; /* for SSLSetCertificate */
+ CFArrayRef anchorArray; /* trusted roots */
+ SslRingBufferArgs clientArgs;
+ SslRingBufferArgs serverArgs;
+ SecKeychainRef kcRef = NULL;
+ SecCertificateRef anchorCert = NULL;
+ SecIdentityRef idRef = NULL;
+ bool abortFlag = false;
+ bool diffieHellman = true; /* FIXME needs work */
+ OSStatus ortn;
+ CFAbsoluteTime clientFirst;
+ CFAbsoluteTime serverFirst;
+ CFAbsoluteTime clientTotal;
+ CFAbsoluteTime serverTotal;
+
+ /* user-spec'd variables */
+ char *kcName = DEFAULT_KC;
+ SSLCipherSuite cipherSuite = TLS_RSA_WITH_AES_128_CBC_SHA;
+ SSLProtocol prot = kTLSProtocol1;
+ bool clientAuthEnable = false;
+ unsigned loops = LOOPS_DEF;
+
+ extern int optind;
+ extern char *optarg;
+ int arg;
+ optind = 1;
+ while ((arg = getopt(argc, argv, "l:k:x:c:v:w:aB")) != -1) {
+ switch (arg) {
+ case 'l':
+ loops = atoi(optarg);
+ break;
+ case 'k':
+ kcName = optarg;
+ break;
+ case 'c':
+ switch(optarg[0]) {
+ case 'a':
+ cipherSuite = TLS_RSA_WITH_AES_128_CBC_SHA;
+ break;
+ case 'r':
+ cipherSuite = SSL_RSA_WITH_RC4_128_SHA;
+ break;
+ case 'd':
+ cipherSuite = SSL_RSA_WITH_DES_CBC_SHA;
+ break;
+ case 'D':
+ cipherSuite = SSL_RSA_WITH_3DES_EDE_CBC_SHA;
+ break;
+ case 'h':
+ cipherSuite = SSL_DH_anon_WITH_RC4_128_MD5;
+ diffieHellman = true;
+ break;
+ case 'H':
+ cipherSuite = SSL_DHE_DSS_WITH_DES_CBC_SHA;
+ diffieHellman = true;
+ break;
+ case 'A':
+ cipherSuite = TLS_RSA_WITH_AES_256_CBC_SHA;
+ break;
+ default:
+ usage(argv);
+ }
+ break;
+ case 'v':
+ switch(optarg[0]) {
+ case 't':
+ prot = kTLSProtocol1;
+ break;
+ case '2':
+ prot = kSSLProtocol2;
+ break;
+ case '3':
+ prot = kSSLProtocol3;
+ break;
+ default:
+ usage(argv);
+ }
+ break;
+ case 'a':
+ clientAuthEnable = true;
+ break;
+ default:
+ usage(argv);
+ }
+ }
+ if(optind != argc) {
+ usage(argv);
+ }
+
+ /* set up ring buffers */
+ ringBufSetup(&serverToClientRing, "serveToClient", numBufs, bufSize);
+ ringBufSetup(&clientToServerRing, "clientToServe", numBufs, bufSize);
+
+ /* get server SecIdentity */
+ idArray = getSslCerts(kcName,
+ CSSM_FALSE, /* encryptOnly */
+ CSSM_FALSE, /* completeCertChain */
+ NULL, /* anchorFile */
+ &kcRef);
+ if(idArray == NULL) {
+ printf("***Can't get signing cert from %s\n", kcName);
+ exit(1);
+ }
+ idRef = (SecIdentityRef)CFArrayGetValueAtIndex(idArray, 0);
+ ortn = SecIdentityCopyCertificate(idRef, &anchorCert);
+ if(ortn) {
+ cssmPerror("SecIdentityCopyCertificate", ortn);
+ exit(1);
+ }
+ anchorArray = CFArrayCreate(NULL, (const void **)&anchorCert,
+ 1, &kCFTypeArrayCallBacks);
+
+ CFRelease(kcRef);
+
+ /* set up server side */
+ memset(&serverArgs, 0, sizeof(serverArgs));
+ serverArgs.idArray = idArray;
+ serverArgs.trustedRoots = anchorArray;
+ serverArgs.xferSize = 0;
+ serverArgs.xferBuf = NULL;
+ serverArgs.chunkSize = 0;
+ serverArgs.cipherSuite = cipherSuite;
+ serverArgs.prot = prot;
+ serverArgs.ringWrite = &serverToClientRing;
+ serverArgs.ringRead = &clientToServerRing;
+ serverArgs.goFlag = &clientArgs.iAmReady;
+ serverArgs.abortFlag = &abortFlag;
+
+ /* set up client side */
+ memset(&clientArgs, 0, sizeof(clientArgs));
+ clientArgs.idArray = NULL; /* until we do client auth */
+ clientArgs.trustedRoots = anchorArray;
+ clientArgs.xferSize = 0;
+ clientArgs.xferBuf = NULL;
+ clientArgs.chunkSize = 0;
+ clientArgs.cipherSuite = cipherSuite;
+ clientArgs.prot = prot;
+ clientArgs.ringWrite = &clientToServerRing;
+ clientArgs.ringRead = &serverToClientRing;
+ clientArgs.goFlag = &serverArgs.iAmReady;
+ clientArgs.abortFlag = &abortFlag;
+
+ /* cold start, one loop */
+ if(doTest(&clientArgs, &serverArgs, 1, &clientFirst, &serverFirst)) {
+ exit(1);
+ }
+
+ /* now the real test */
+ if(doTest(&clientArgs, &serverArgs, loops, &clientTotal, &serverTotal)) {
+ exit(1);
+ }
+
+ printf("\n");
+
+ printf("SSL Protocol Version : %s\n",
+ sslGetProtocolVersionString(serverArgs.negotiatedProt));
+ printf("SSL Cipher : %s\n",
+ sslGetCipherSuiteString(serverArgs.negotiatedCipher));
+
+ printf("Client Handshake 1st : %f ms\n", clientFirst * 1000.0);
+ printf("Server Handshake 1st : %f ms\n", serverFirst * 1000.0);
+ printf("Client Handshake : %f s in %u loops\n", clientTotal, loops);
+ printf(" %f ms per handshake\n",
+ (clientTotal * 1000.0) / loops);
+ printf("Server Handshake : %f s in %u loops\n", serverTotal, loops);
+ printf(" %f ms per handshake\n",
+ (serverTotal * 1000.0) / loops);
+
+ return 0;
+}
+
+
+
projects / apple / security.git / blobdiff