No description, website, or topics provided.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
src
CODE_OF_CONDUCT.md
LICENSE
README.md
dependency-reduced-pom.xml
pom.xml
testbench.sh

README.md

SDKMS Rest Performance Test Bench


Overview

Performance test bench for SDKMS using REST API interface. It generates reports in HTML and CSV format. SDKMS REST performance test bench dynamically generates the JMeter JMX file and provides configurable way to specify thread count and time duration to run the operation.

Performance Test Bench has been tested on Ubuntu 16.04 server.

For more information on SDKMS visit SDKMS Site .

Prerequisites

  • JDK

  • maven

  • Following environment variables need to be set:

    SDKMS_API_KEY=<SDKMS API KEY>

    [Optional] SDKMS_API_ENDPOINT=<SDKMS URL>

    [Optional] SDKMS_SSL_TRUST_STORE=

    Example:

      export SDKMS_API_KEY="OS00ZDQN2UwZjJhOGItNDdk2LWJhMjctNmJiNTkwODZjNjczOmJSRkhpTXpjcHRtT2ZhY2ZDMW1lY2JGZ0ZNamhQVEN0bGgxbXZCb3BxRkJObV9OTVp6T2NdUTFlrMWRSV1VhVkFtajV0dU1BXaWdZVnp4UVBSX2JSWE"
      export SDKMS_API_ENDPOINT="https://sdkms.fortanix.com"
    

    SDKMS_API_ENDPOINT is optional and default to https://apps.sdkms.fortanix.com . SDKMS_SSL_TRUST_STORE is needed only for on-premises deployments.

Setup performance Test bench

Build

  • Clone the repository or download the zip.

  • Execute.

    #./test-bench.sh build

    For more information execute

    #./test-bench.sh --help

    #./test-bench.sh run --help

Clean up

To delete the generated artifacts, execute below command:

#./test-bench.sh clean

Supported Operation

AES Key Generation

Supported key sizes are 128, 192 and 256.

Example:
# test-bench.sh run keygen --algorithm AES --keysize 128 --transient=true

RSA Key Generation

Supported key sizes are between 1024 to 8192.

Example:
# test-bench.sh run keygen --algorithm RSA --keysize 1024 --transient=true

EC Key Generation

For EC key --keysize are SecP192K1, SecP224K1, SecP256K1, NistP192, NistP224, NistP256, NistP384 and NistP521.

Example:
# test-bench.sh run keygen --algorithm EC --transient=true

AES CBC Encryption

AES encryption is supported for all key sizes (128, 192 and 256) and supported modes are CBC and GCM.

Example:
# test-bench.sh run encryption --algorithm AES --keysize 128 --mode GCM --filepath filepath

The final metrics shows sample time for encryption.

AES CBC Decryption

AES decryption is supported for all key sizes (128, 192 and 256) and supported modes are CBC and GCM.

Example:
# test-bench.sh run decryption --algorithm AES --keysize 128 --mode GCM --filepath filepath

The final metrics shows sample time for decryption.

RSA Encryption

RSA encryption is supported for all key sizes (1024 to 8192).

Example:
# test-bench.sh run encryption --algorithm RSA --keysize 2048 --mode GSM --filepath filepath

The final metrics shows sample time for encryption.

RSA Decryption

RSA decryption is supported for all key sizes (1024 to 8192).

Example:
# test-bench.sh run encryption --algorithm RSA --keysize 2048

The final metrics shows sample time for decryption.

RSA Sign and Verification

RSA signing and verification is supported for all key sizes.

Example:
# test-bench.sh run sign --algorithm RSA --keysize 2048
# test-bench.sh run verify --algorithm RSA --keysize 2048

EC Sign and Verification

We can capture EC sign and verify performance metrics as below:

Example:
# test-bench.sh run sign --algorithm EC
# test-bench.sh run verify --algorithm EC

All above operation run by default with 50 thread for 5 minutes. All above operation support --threadcount and --time to overwrite the default thread count and duration.

Key generated during operation get deleted at the end of operation.

Report Location

Let's assume we have cloned the repo at /opt/rest-api.

  • HTML

    /opt/rest-api/target/jmeter/reports/

  • CSV

    /opt/rest-api/target/jmeter/results/

Sample Output

| operation | threads | duration(sec) | total operations | average latency(ms) | p90 latency(ms) | p99 latency(ms) | min latency (ms) | max latency (ms) | Error % | Throughput per sec | capacity (kb/s) | SDKMS Signature Generation | 1 | 300 | 16020 | 13 | 21 | 26 | 6 | 154 | 0.00% | 53.4 | NA

  • capacity columns is only supported for AES Encryption/Decryption with provided filepath.

Contributing

We gratefully accept bug reports and contributions from the community. By participating in this community, you agree to abide by Code of Conduct. All contributions are covered under the Developer's Certificate of Origin (DCO).

Developer's Certificate of Origin 1.1

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or

(b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or

(c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it.

(d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved.

License

This project is primarily distributed under the terms of the Mozilla Public License (MPL) 2.0, see LICENSE for details.