From 6ba84cf21e0d8a382dbedef8c00e9e7f0fa85157 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alex=20Fern=C3=A1ndez?= Date: Fri, 27 Apr 2018 17:18:29 +0200 Subject: [PATCH 1/4] benchmark: (tls) add benchmark for legacy TLS secure pair Refs: #20263 --- benchmark/tls/secure-pair.js | 105 +++++++++++++++++++++++++++++++++++ 1 file changed, 105 insertions(+) create mode 100644 benchmark/tls/secure-pair.js diff --git a/benchmark/tls/secure-pair.js b/benchmark/tls/secure-pair.js new file mode 100644 index 00000000000000..515411eb352ef7 --- /dev/null +++ b/benchmark/tls/secure-pair.js @@ -0,0 +1,105 @@ +'use strict'; +const common = require('../common.js'); +const bench = common.createBenchmark(main, { + dur: [5], + securing: ['SecurePair', 'TLSSocket'], + size: [2, 1024, 1024 * 1024] +}); + +const fs = require('fs'); +const tls = require('tls'); +const net = require('net'); +const path = require('path'); + +const cert_dir = path.resolve(__dirname, '../../test/fixtures'); +const REDIRECT_PORT = 28347; + +function main({ dur, size, securing }) { + const chunk = Buffer.alloc(size, 'b'); + + const options = { + key: fs.readFileSync(`${cert_dir}/test_key.pem`), + cert: fs.readFileSync(`${cert_dir}/test_cert.pem`), + ca: [ fs.readFileSync(`${cert_dir}/test_ca.pem`) ], + ciphers: 'AES256-GCM-SHA384', + isServer: true, + requestCert: true, + rejectUnauthorized: true, + }; + + const server = net.createServer(onRedirectConnection); + server.listen(REDIRECT_PORT, () => { + const proxy = net.createServer(onProxyConnection); + proxy.listen(common.PORT, () => { + const clientOptions = { + port: common.PORT, + ca: options.ca, + key: options.key, + cert: options.cert, + isServer: false, + rejectUnauthorized: false, + }; + const conn = tls.connect(clientOptions, () => { + setTimeout(() => { + const mbits = (received * 8) / (1024 * 1024); + bench.end(mbits); + if (conn) + conn.destroy(); + server.close(); + proxy.close(); + }, dur * 1000); + bench.start(); + conn.on('drain', write); + write(); + }); + conn.on('error', (e) => { + throw new Error('Client error: ' + e); + }); + + function write() { + while (false !== conn.write(chunk)); + } + }); + }); + + function onProxyConnection(conn) { + const client = net.connect(REDIRECT_PORT, () => { + switch (securing) { + case 'SecurePair': + securePair(conn, client); + break; + case 'TLSSocket': + secureTLSSocket(conn, client); + break; + default: + throw new Error('Invalid securing method'); + } + }); + } + + function securePair(conn, client) { + const serverCtxt = tls.createSecureContext(options); + const serverPair = tls.createSecurePair(serverCtxt, true, true, false); + conn.pipe(serverPair.encrypted); + serverPair.encrypted.pipe(conn); + serverPair.on('error', (error) => { + throw new Error('Pair error: ' + error); + }); + serverPair.cleartext.pipe(client); + } + + function secureTLSSocket(conn, client) { + const serverSocket = new tls.TLSSocket(conn, options); + serverSocket.on('error', (e) => { + throw new Error('Socket error: ' + e); + }); + serverSocket.pipe(client); + } + + let received = 0; + function onRedirectConnection(conn) { + conn.on('data', (chunk) => { + received += chunk.length; + }); + } +} From 487a32797b06030afc7863d02ef7f30bd0ae337a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alex=20Fern=C3=A1ndez?= Date: Mon, 30 Apr 2018 09:57:54 +0000 Subject: [PATCH 2/4] Add securing=securePair to benchmark options. --- test/sequential/test-benchmark-tls.js | 1 + 1 file changed, 1 insertion(+) diff --git a/test/sequential/test-benchmark-tls.js b/test/sequential/test-benchmark-tls.js index 3545955e3ab5b0..40c14af8302bdb 100644 --- a/test/sequential/test-benchmark-tls.js +++ b/test/sequential/test-benchmark-tls.js @@ -20,6 +20,7 @@ runBenchmark('tls', 'dur=0.1', 'n=1', 'size=2', + 'securing=SecurePair', 'type=asc' ], { From c17c783dc39dbb10b825794e539bec399b3371a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alex=20Fern=C3=A1ndez?= Date: Sat, 5 May 2018 17:51:48 +0200 Subject: [PATCH 3/4] Use template literals. --- benchmark/tls/secure-pair.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/benchmark/tls/secure-pair.js b/benchmark/tls/secure-pair.js index 515411eb352ef7..c1271a3c839aa3 100644 --- a/benchmark/tls/secure-pair.js +++ b/benchmark/tls/secure-pair.js @@ -53,7 +53,7 @@ function main({ dur, size, securing }) { write(); }); conn.on('error', (e) => { - throw new Error('Client error: ' + e); + throw new Error(`Client error: ${e}`); }); function write() { @@ -83,7 +83,7 @@ function main({ dur, size, securing }) { conn.pipe(serverPair.encrypted); serverPair.encrypted.pipe(conn); serverPair.on('error', (error) => { - throw new Error('Pair error: ' + error); + throw new Error(`Pair error: ${error}`); }); serverPair.cleartext.pipe(client); } @@ -91,7 +91,7 @@ function main({ dur, size, securing }) { function secureTLSSocket(conn, client) { const serverSocket = new tls.TLSSocket(conn, options); serverSocket.on('error', (e) => { - throw new Error('Socket error: ' + e); + throw new Error(`Socket error: ${e}`); }); serverSocket.pipe(client); } From 53cd71f455ff3c012edc76a696a3bae89102cd67 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alex=20Fern=C3=A1ndez?= Date: Sat, 5 May 2018 17:52:38 +0200 Subject: [PATCH 4/4] Use serverCtx for consistency. --- benchmark/tls/secure-pair.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/benchmark/tls/secure-pair.js b/benchmark/tls/secure-pair.js index c1271a3c839aa3..ed678b9060983e 100644 --- a/benchmark/tls/secure-pair.js +++ b/benchmark/tls/secure-pair.js @@ -78,8 +78,8 @@ function main({ dur, size, securing }) { } function securePair(conn, client) { - const serverCtxt = tls.createSecureContext(options); - const serverPair = tls.createSecurePair(serverCtxt, true, true, false); + const serverCtx = tls.createSecureContext(options); + const serverPair = tls.createSecurePair(serverCtx, true, true, false); conn.pipe(serverPair.encrypted); serverPair.encrypted.pipe(conn); serverPair.on('error', (error) => {