a28ab7b62a
Reviewed-by: ecaspole, hchao, rriggs
185 lines
6.4 KiB
Java
185 lines
6.4 KiB
Java
/*
|
|
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
|
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
*
|
|
* This code is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License version 2 only, as
|
|
* published by the Free Software Foundation.
|
|
*
|
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
* version 2 for more details (a copy is included in the LICENSE file that
|
|
* accompanied this code).
|
|
*
|
|
* You should have received a copy of the GNU General Public License version
|
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
*
|
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
* or visit www.oracle.com if you need additional information or have any
|
|
* questions.
|
|
*/
|
|
|
|
package org.openjdk.bench.java.security;
|
|
|
|
import org.openjdk.jmh.annotations.Benchmark;
|
|
import org.openjdk.jmh.annotations.BenchmarkMode;
|
|
import org.openjdk.jmh.annotations.Fork;
|
|
import org.openjdk.jmh.annotations.Level;
|
|
import org.openjdk.jmh.annotations.Measurement;
|
|
import org.openjdk.jmh.annotations.Mode;
|
|
import org.openjdk.jmh.annotations.OutputTimeUnit;
|
|
import org.openjdk.jmh.annotations.Param;
|
|
import org.openjdk.jmh.annotations.Scope;
|
|
import org.openjdk.jmh.annotations.Setup;
|
|
import org.openjdk.jmh.annotations.State;
|
|
import org.openjdk.jmh.annotations.TearDown;
|
|
import org.openjdk.jmh.annotations.Warmup;
|
|
|
|
import java.nio.ByteBuffer;
|
|
import java.security.KeyStore;
|
|
import java.util.concurrent.TimeUnit;
|
|
import javax.net.ssl.KeyManagerFactory;
|
|
import javax.net.ssl.SSLContext;
|
|
import javax.net.ssl.SSLEngine;
|
|
import javax.net.ssl.SSLEngineResult;
|
|
import javax.net.ssl.SSLEngineResult.HandshakeStatus;
|
|
import javax.net.ssl.SSLSession;
|
|
import javax.net.ssl.TrustManagerFactory;
|
|
|
|
@BenchmarkMode(Mode.Throughput)
|
|
@OutputTimeUnit(TimeUnit.SECONDS)
|
|
@State(Scope.Benchmark)
|
|
@Warmup(iterations = 5, time = 5)
|
|
@Measurement(iterations = 5, time = 5)
|
|
@Fork(value = 3)
|
|
public class SSLHandshake {
|
|
|
|
private SSLContext sslc;
|
|
|
|
private SSLEngine clientEngine;
|
|
private ByteBuffer clientOut = ByteBuffer.allocate(5);
|
|
private ByteBuffer clientIn = ByteBuffer.allocate(1 << 15);
|
|
|
|
private SSLEngine serverEngine;
|
|
private ByteBuffer serverOut = ByteBuffer.allocate(5);
|
|
private ByteBuffer serverIn = ByteBuffer.allocate(1 << 15);
|
|
|
|
private ByteBuffer cTOs = ByteBuffer.allocateDirect(1 << 16);
|
|
private ByteBuffer sTOc = ByteBuffer.allocateDirect(1 << 16);
|
|
|
|
@Param({"true", "false"})
|
|
boolean resume;
|
|
|
|
@Param({"TLSv1.2", "TLS"})
|
|
String tlsVersion;
|
|
|
|
@Setup(Level.Trial)
|
|
public void init() throws Exception {
|
|
KeyStore ks = TestCertificates.getKeyStore();
|
|
KeyStore ts = TestCertificates.getTrustStore();
|
|
|
|
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
|
|
kmf.init(ks, new char[0]);
|
|
|
|
TrustManagerFactory tmf =
|
|
TrustManagerFactory.getInstance("SunX509");
|
|
tmf.init(ts);
|
|
|
|
SSLContext sslCtx = SSLContext.getInstance(tlsVersion);
|
|
sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
|
|
sslc = sslCtx;
|
|
}
|
|
|
|
private HandshakeStatus checkResult(SSLEngine engine, SSLEngineResult result) {
|
|
|
|
HandshakeStatus hsStatus = result.getHandshakeStatus();
|
|
|
|
if (hsStatus == HandshakeStatus.NEED_TASK) {
|
|
Runnable runnable;
|
|
while ((runnable = engine.getDelegatedTask()) != null) {
|
|
runnable.run();
|
|
}
|
|
hsStatus = engine.getHandshakeStatus();
|
|
}
|
|
return hsStatus;
|
|
}
|
|
|
|
/**
|
|
* This benchmark measures the time needed to perform a TLS handshake.
|
|
* Data is exchanged using a pair of ByteBuffers.
|
|
* The client and the server both operate on the same thread.
|
|
*/
|
|
@Benchmark
|
|
public SSLSession doHandshake() throws Exception {
|
|
|
|
createSSLEngines();
|
|
boolean isCtoS = true;
|
|
for (;;) {
|
|
HandshakeStatus result;
|
|
if (isCtoS) {
|
|
result = checkResult(clientEngine,
|
|
clientEngine.wrap(clientOut, cTOs)
|
|
);
|
|
cTOs.flip();
|
|
checkResult(serverEngine,
|
|
serverEngine.unwrap(cTOs, serverIn)
|
|
);
|
|
cTOs.compact();
|
|
if (result == HandshakeStatus.NEED_UNWRAP) {
|
|
isCtoS = false;
|
|
} else if (result == HandshakeStatus.FINISHED) {
|
|
break;
|
|
} else if (result != HandshakeStatus.NEED_WRAP) {
|
|
throw new Exception("Unexpected result "+result);
|
|
}
|
|
} else {
|
|
result = checkResult(serverEngine,
|
|
serverEngine.wrap(serverOut, sTOc)
|
|
);
|
|
sTOc.flip();
|
|
checkResult(clientEngine,
|
|
clientEngine.unwrap(sTOc, clientIn)
|
|
);
|
|
sTOc.compact();
|
|
if (result == HandshakeStatus.NEED_UNWRAP) {
|
|
isCtoS = true;
|
|
} else if (result == HandshakeStatus.FINISHED) {
|
|
break;
|
|
} else if (result != HandshakeStatus.NEED_WRAP) {
|
|
throw new Exception("Unexpected result "+result);
|
|
}
|
|
}
|
|
}
|
|
|
|
SSLSession session = clientEngine.getSession();
|
|
if (resume) {
|
|
// TLS 1.3 needs another wrap/unwrap to deliver a session ticket
|
|
serverEngine.wrap(serverOut, sTOc);
|
|
sTOc.flip();
|
|
clientEngine.unwrap(sTOc, clientIn);
|
|
sTOc.compact();
|
|
} else {
|
|
// invalidate TLS1.2 session. TLS 1.3 doesn't care
|
|
session.invalidate();
|
|
}
|
|
return session;
|
|
}
|
|
|
|
private void createSSLEngines() {
|
|
/*
|
|
* Configure the serverEngine to act as a server in the SSL/TLS
|
|
* handshake.
|
|
*/
|
|
serverEngine = sslc.createSSLEngine();
|
|
serverEngine.setUseClientMode(false);
|
|
|
|
/*
|
|
* Similar to above, but using client mode instead.
|
|
*/
|
|
clientEngine = sslc.createSSLEngine("client", 80);
|
|
clientEngine.setUseClientMode(true);
|
|
}
|
|
}
|