eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Batch cipher translations to go faster

Browse source 
Python has a high startup cost, so go back to invoking it only once per
server start, rather than once per client start. This is a measurable
performance improvement (running time ~*0.5 with PSK, less dramatic with
asymmetric crypto).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2023-01-26 21:16:34 +01:00
parent 292cd6f4e5
commit 47aab850da
2 changed files with 27 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

49
tests/compat.sh
View file

@ -239,9 +239,14 @@ reset_ciphersuites()
G_CIPHERS="" G_CIPHERS=""
} }
check_translation() # translate_ciphers {g|m|o} {STANDARD_CIPHER_SUITE_NAME...}
# Set $ciphers to the cipher suite name translations for the specified
# program (gnutls, mbedtls or openssl). $ciphers is a space-separated
# list of entries of the form "STANDARD_NAME=PROGRAM_NAME".
translate_ciphers()
{ {
if [ $1 -ne 0 ]; then ciphers=$(scripts/translate_ciphers.py "$@")
if [ $? -ne 0 ]; then
echo "translate_ciphers.py failed with exit code $1" >&2 echo "translate_ciphers.py failed with exit code $1" >&2
echo "$2" >&2 echo "$2" >&2
exit 1 exit 1
@ -789,7 +794,7 @@ wait_client_done() {
echo "EXIT: $EXIT" >> $CLI_OUT echo "EXIT: $EXIT" >> $CLI_OUT
} }
# run_client <name> <cipher> # run_client PROGRAM_NAME STANDARD_CIPHER_SUITE PROGRAM_CIPHER_SUITE
run_client() { run_client() {
# announce what we're going to do # announce what we're going to do
TESTS=$(( $TESTS + 1 )) TESTS=$(( $TESTS + 1 ))
@ -800,13 +805,6 @@ run_client() {
LEN=$(( 72 - `echo "$TITLE" | wc -c` )) LEN=$(( 72 - `echo "$TITLE" | wc -c` ))
for i in `seq 1 $LEN`; do printf '.'; done; printf ' ' for i in `seq 1 $LEN`; do printf '.'; done; printf ' '
# Calculate the argument $c to pass to translate_ciphers.py
client=$(echo $1 | head -c1)
c=$(echo $client | tr '[:upper:]' '[:lower:]')
# Translate ciphersuite names based on client's naming convention
t_cipher=$(./scripts/translate_ciphers.py $c $2)
check_translation $? "$t_cipher"
# should we skip? # should we skip?
if [ "X$SKIP_NEXT" = "XYES" ]; then if [ "X$SKIP_NEXT" = "XYES" ]; then
SKIP_NEXT="NO" SKIP_NEXT="NO"
@ -818,7 +816,7 @@ run_client() {
# run the command and interpret result # run the command and interpret result
case $1 in case $1 in
[Oo]pen*) [Oo]pen*)
CLIENT_CMD="$OPENSSL s_client $O_CLIENT_ARGS -cipher $t_cipher" CLIENT_CMD="$OPENSSL s_client $O_CLIENT_ARGS -cipher $3"
log "$CLIENT_CMD" log "$CLIENT_CMD"
echo "$CLIENT_CMD" > $CLI_OUT echo "$CLIENT_CMD" > $CLI_OUT
printf 'GET HTTP/1.0\r\n\r\n' | $CLIENT_CMD >> $CLI_OUT 2>&1 & printf 'GET HTTP/1.0\r\n\r\n' | $CLIENT_CMD >> $CLI_OUT 2>&1 &
@ -843,7 +841,7 @@ run_client() {
else else
G_HOST="localhost" G_HOST="localhost"
fi fi
CLIENT_CMD="$GNUTLS_CLI $G_CLIENT_ARGS --priority $G_PRIO_MODE:$t_cipher $G_HOST" CLIENT_CMD="$GNUTLS_CLI $G_CLIENT_ARGS --priority $G_PRIO_MODE:$3 $G_HOST"
log "$CLIENT_CMD" log "$CLIENT_CMD"
echo "$CLIENT_CMD" > $CLI_OUT echo "$CLIENT_CMD" > $CLI_OUT
printf 'GET HTTP/1.0\r\n\r\n' | $CLIENT_CMD >> $CLI_OUT 2>&1 & printf 'GET HTTP/1.0\r\n\r\n' | $CLIENT_CMD >> $CLI_OUT 2>&1 &
@ -865,7 +863,7 @@ run_client() {
;; ;;
mbed*) mbed*)
CLIENT_CMD="$M_CLI $M_CLIENT_ARGS force_ciphersuite=$t_cipher" CLIENT_CMD="$M_CLI $M_CLIENT_ARGS force_ciphersuite=$3"
if [ "$MEMCHECK" -gt 0 ]; then if [ "$MEMCHECK" -gt 0 ]; then
CLIENT_CMD="valgrind --leak-check=full $CLIENT_CMD" CLIENT_CMD="valgrind --leak-check=full $CLIENT_CMD"
fi fi
@ -1028,17 +1026,19 @@ for VERIFY in $VERIFIES; do
if [ "X" != "X$M_CIPHERS" ]; then if [ "X" != "X$M_CIPHERS" ]; then
start_server "OpenSSL" start_server "OpenSSL"
for i in $M_CIPHERS; do translate_ciphers m $M_CIPHERS
for i in $ciphers; do
check_openssl_server_bug check_openssl_server_bug
run_client mbedTLS $i run_client mbedTLS ${i%%=*} ${i#*=}
done done
stop_server stop_server
fi fi
if [ "X" != "X$O_CIPHERS" ]; then if [ "X" != "X$O_CIPHERS" ]; then
start_server "mbedTLS" start_server "mbedTLS"
for i in $O_CIPHERS; do translate_ciphers o $O_CIPHERS
run_client OpenSSL $i for i in $ciphers; do
run_client OpenSSL ${i%%=*} ${i#*=}
done done
stop_server stop_server
fi fi
@ -1054,16 +1054,18 @@ for VERIFY in $VERIFIES; do
if [ "X" != "X$M_CIPHERS" ]; then if [ "X" != "X$M_CIPHERS" ]; then
start_server "GnuTLS" start_server "GnuTLS"
for i in $M_CIPHERS; do translate_ciphers m $M_CIPHERS
run_client mbedTLS $i for i in $ciphers; do
run_client mbedTLS ${i%%=*} ${i#*=}
done done
stop_server stop_server
fi fi
if [ "X" != "X$G_CIPHERS" ]; then if [ "X" != "X$G_CIPHERS" ]; then
start_server "mbedTLS" start_server "mbedTLS"
for i in $G_CIPHERS; do translate_ciphers g $G_CIPHERS
run_client GnuTLS $i for i in $ciphers; do
run_client GnuTLS ${i%%=*} ${i#*=}
done done
stop_server stop_server
fi fi
@ -1081,8 +1083,9 @@ for VERIFY in $VERIFIES; do
if [ "X" != "X$M_CIPHERS" ]; then if [ "X" != "X$M_CIPHERS" ]; then
start_server "mbedTLS" start_server "mbedTLS"
for i in $M_CIPHERS; do translate_ciphers m $M_CIPHERS
run_client mbedTLS $i for i in $ciphers; do
run_client mbedTLS ${i%%=*} ${i#*=}
done done
stop_server stop_server
fi fi

2
tests/scripts/translate_ciphers.py
View file

@ -179,7 +179,7 @@ def format_ciphersuite_names(mode, names):
"o": translate_ossl, "o": translate_ossl,
"m": translate_mbedtls "m": translate_mbedtls
}[mode] }[mode]
return " ".join(t(c) for c in names) return " ".join(c + '=' + t(c) for c in names)
def main(target, names): def main(target, names):
print(format_ciphersuite_names(target, names)) print(format_ciphersuite_names(target, names))