Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/thalesgroup/luna-ha-bench

A test bench to perform performance measures on a Luna HSM HA group
https://github.com/thalesgroup/luna-ha-bench

5g cryptographic-software cryptography-tools hsm luna performance-test performance-testing thales

Last synced: 2 months ago
JSON representation

A test bench to perform performance measures on a Luna HSM HA group

Awesome Lists containing this project

README 

        

# Luna HA-Bench



This project is part of the [Luna General Purpose HSMs](https://cpl.thalesgroup.com/encryption/hardware-security-modules/general-purpose-hsms) products suite, and more specifically of the [Luna Network HSM](https://cpl.thalesgroup.com/encryption/hardware-security-modules/network-hsms) product. 



## Introduction



Luna HA-Bench allows to



- Run basic cryptographic scenarii (typically: 5G authentication operations) on a [Luna HA-group](https://www.thalesdocs.com/gphsm/luna/7/docs/network/Content/admin_partition/ha/ha.htm),



- Measure performances in terms of transactions per second.



Luna HA-Bench can run several scenarii concurrently within the same process, each of these scenarii running its own set of tests in separate threads (1 thread per test). Typically, Luna HA-Bench can run COMP-128, Milenage and TUAK authentications concurrently in the same process, along with SUCI deconcealment operations.



Each scenario instance can be configured using flags controlling basic behaviors of the scenario. For more information on these flags, see the usage documentation provided by the HA-Bench binary.



HA-Bench can be multi-instanciated on the same machine or on several hosts sharing the same HA-group to simulate more complex configurations, and study possible side effects of resource sharing algorithms.



Each instance of a scenario (COMP-128/Milenage/TUAK authentication, SUCI deconcealment...) can use its own objects (i.e. objects uniquely created for this instance) or share objects with other instances of the same scenario running within the same process or in other processes.



Scenario objects can be session objects (non persistent) or token objects (persistent).



## Build



The HA-Bench binary can be built using the provided Makefile on a Linux machine (typically a CentOS 7.9 one), with a pre-installed Luna Client SDK.



The provided Makefile use a default configuration that enforces some optimizations at compilation time, as well as the use of typical security measures that are intended to reflect a real operational usage. This configuration can be enhanced with additional features, typically to use sanitization functions or debugging features.



Debugging can be helped using the 'verbose' and 'debug' variables in the main function of Luna HA-Bench.



## Run



Refer to the usage documentation provided by the tool (running it without any parameter).



Typical examples:



| Command  | Description | Typical Results (Mean) |

| -------- | ----------- | ---------------------- |

| ha-bench 0 co-password time-limited 20 share Milenagex01011x80 | Run Milenage authentication on slot 0, for 20 seconds, with: 
     
  • A non default RC value (pre-loaded on the HSM as a token object)
    •  
  • An OP value (pre-loaded on the HSM as a token object)
    •  
  •  80 threads
    •  
 ... and share the pre-loaded objects with other instances of the scenario | 
     
  •  With a single HA-Bench instance: 
       
    •  ~6200 TpS/appliance with 2xLNHs 
      •  
    •  ~5700 TpS/appliance with 16xLNHs 
      •  
     
    •  
  •  With two HA-Bench instances: 
       
    •  ~7000 TpS/appliance with 2xLNHs 
      •  
    •  ~6300 TpS/appliance with 16xLNHs 
      •  
     
    •  
  •  With six HA-Bench instances: 
       
    •  ~7200 TpS/appliance with 2xLNHs 
      •  
    •  ~6700 TpS/appliance with 16xLNHs 
      •  
     
    •  
 |

| ha-bench 0 co-password time-limited 20 share Milenagex00101x80 | Run Milenage authentication on slot 0, for 10 seconds, with: 
     
  • A non default RC value (pre-loaded on the HSM as a token object)
    •  
  • An eOPc value (provided with each request)
    •  
  •  80 threads
    •  
 ... and share the pre-loaded objects with other instances of the scenario            | 
     
  •  With a single HA-Bench instance: 
       
    •  ~6000 TpS/appliance with 2xLNHs 
      •  
    •  ~5600 TpS/appliance with 16xLNHs 
      •  
     
    •  
  •  With two HA-Bench instances: 
       
    •  ~6800 TpS/appliance with 2xLNHs 
      •  
    •  ~6100 TpS/appliance with 16xLNHs 
      •  
     
    •  
  •  With six HA-Bench instances: 
       
    •  ~6900 TpS/appliance with 2xLNHs 
      •  
    •  ~6400 TpS/appliance with 16xLNHs 
      •  
     
    •  
 |



## Test



HA-Bench can run:



- Time-limited tests that are executed for a limited period of time,



- Request-limited tests that have to submit a specific number of requests before to stop.



It is recommended to run time-limited tests to get more accurate and reproducible results.



Concurrent tests can be run using the following kind of command:



```console

for client in 1 2 3 4 5 6; do ./ha-bench 0 co-password time-limited 5 share milenagex01011x80 & done | grep 'Total   Requests Count' | cut -d'=' -f 2 | paste -sd+ - | bc

```



## Contributing



If you are interested in contributing to this project, please read the [Contributing guide](CONTRIBUTING.md).



## License



This software is provided under a [permissive license](LICENSE).