Automated TLS Performance Scripts - crt26/pqc-evaluation-tools GitHub Wiki

Performance Testing Scripts Overview

The PQC TLS performance testing suite relies on several scripts to carry out TLS benchmarking, including:

  • pqc_tls_performance_test.sh
  • tls_handshake_test_server.sh (Internal Script)
  • tls_handshake_test_client.sh (Internal Script)
  • tls_speed_test.sh (Internal Script)
  • tls_generate_keys.sh

Testing scripts are stored in the scripts/testing_scripts directory, whilst internal scripts are stored in the scripts/testing_scripts/internal_scripts directory. Internal scripts are intended to be called by the main testing scripts and do not support being called in isolation.

pqc_tls_performance_test.sh

This is the main controller script for executing the full TLS performance benchmarking suite. It performs both TLS handshake and cryptographic speed testing for PQC, Hybrid-PQC, and classical algorithms supported by OpenSSL 3.5.0 and the OQS-Provider. The script coordinates all required test operations by invoking subordinate scripts (tls_handshake_test_server.sh, tls_handshake_test_client.sh, and tls_speed_test.sh) and ensures that results are stored correctly under the appropriate machine directory based on the assigned Machine ID. Designed to run on both client and server machines, the script prompts the user for necessary parameters such as machine role, IP addresses, test duration, and number of runs. When run on the client, it configures both the handshake and speed benchmarking parameters accordingly.

It is important to note that when conducting testing, the pqc_tls_performance_test.sh script will prompt the user for parameters regarding the handling of storing and managing test results if the machine or current shell has been designated as the client (depending on whether single machine or separate machine testing is being performed).

The script accepts the passing of various command-line arguments when called, which allows the user to configure components of the automated testing functionality. Please refer to the Advanced TLS Testing Customisation page for further information on their usage.

Accepted Script Arguments:

Flag Description
--server-control-port=<PORT> Set the server control port (1024-65535)
--client-control-port=<PORT> Set the client control port (1024-65535)
--s-server-port=<PORT> Set the OpenSSL S_Server port (1024-65535)
--control-sleep-time=<TIME> Set the control sleep time in seconds (integer or float)
--disable-control-sleep Disable the control signal sleep time

tls_handshake_test_server.sh

This script handles the server-side operations for the automated TLS handshake performance testing. It performs tests across various combinations of PQC and Hybrid-PQC digital signature and KEM algorithms, as well as classical-only handshakes. The script includes error handling and will coordinate with the client to retry failed tests using control signalling. This script is intended to be called only by the pqc_tls_performance_test.sh script and cannot be run manually.

tls_handshake_test_client.sh

This script handles the client-side operations for the automated TLS handshake performance testing. It performs tests across various combinations of PQC and Hybrid-PQC digital signature and KEM algorithms, as well as classical-only handshakes. The script includes error handling and will coordinate with the client to retry failed tests using control signalling. This script is intended to be called only by the pqc_tls_performance_test.sh script and cannot be run manually.

tls_speed_test.sh

This script performs TLS cryptographic operation benchmarking. It tests the CPU performance of PQC, Hybrid-PQC, and classical digital signature and KEM operations implemented within OpenSSL (natively or via OQS-Provider). This script is intended to be called only by the pqc_tls_performance_test.sh script and cannot be run manually. It is only called if the machine or current shell has been designated as the client (depending on whether single-machine or separate-machine testing is performed).

tls_generate_keys.sh

This script generates all the certificates and private keys needed for TLS handshake performance testing. It creates a certificate authority (CA) and server certificate for each PQC, Hybrid-PQC, and classical digital signature algorithm and KEM used in the tests. The generated keys must be copied to the client machine before running handshake tests so both machines can access the required certificates. This is particularly relevant if conducting testing between two machines over a physical/virtual network.

This script must be called before conducting the automated TLS handshake performance testing.

⚠️ **GitHub.com Fallback** ⚠️