diff --git a/performance_tests/src/aws_encryption_sdk_performance_tests/keyrings/hierarchy_keyring.py b/performance_tests/src/aws_encryption_sdk_performance_tests/keyrings/hierarchy_keyring.py new file mode 100644 index 000000000..b1bdc6913 --- /dev/null +++ b/performance_tests/src/aws_encryption_sdk_performance_tests/keyrings/hierarchy_keyring.py @@ -0,0 +1,128 @@ +# Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +"""Performance tests for the hierarchy keyring.""" + +import aws_encryption_sdk +import boto3 +from aws_cryptographic_materialproviders.keystore import KeyStore +from aws_cryptographic_materialproviders.keystore.config import KeyStoreConfig +from aws_cryptographic_materialproviders.keystore.models import KMSConfigurationKmsKeyArn +from aws_cryptographic_materialproviders.mpl import AwsCryptographicMaterialProviders +from aws_cryptographic_materialproviders.mpl.config import MaterialProvidersConfig +from aws_cryptographic_materialproviders.mpl.models import ( + CacheTypeDefault, + CreateAwsKmsHierarchicalKeyringInput, + DefaultCache, +) +from aws_cryptographic_materialproviders.mpl.references import IKeyring + +from ..utils.util import PerfTestUtils + + +def create_keyring( + key_store_table_name: str, + logical_key_store_name: str, + kms_key_id: str, + branch_key_id: str = PerfTestUtils.DEFAULT_BRANCH_KEY_ID +): + """Demonstrate how to create a hierarchy keyring. + + Usage: create_keyring(key_store_table_name, logical_key_store_name, kms_key_id, branch_key_id) + :param key_store_table_name: Name of the KeyStore DynamoDB table. + :type key_store_table_name: string + :param logical_key_store_name: Logical name of the KeyStore. + :type logical_key_store_name: string + :param kms_key_id: KMS Key identifier for the KMS key you want to use. + :type kms_key_id: string + :param branch_key_id: Branch key you want to use for the hierarchy keyring. + :type branch_key_id: string + + For more information on KMS Key identifiers, see + https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id + """ + # Create boto3 clients for DynamoDB and KMS. + ddb_client = boto3.client('dynamodb', region_name="us-west-2") + kms_client = boto3.client('kms', region_name="us-west-2") + + # Configure your KeyStore resource. + # This SHOULD be the same configuration that you used + # to initially create and populate your KeyStore. + keystore: KeyStore = KeyStore( + config=KeyStoreConfig( + ddb_client=ddb_client, + ddb_table_name=key_store_table_name, + logical_key_store_name=logical_key_store_name, + kms_client=kms_client, + kms_configuration=KMSConfigurationKmsKeyArn( + value=kms_key_id + ), + ) + ) + + # Create the Hierarchical Keyring. + mat_prov: AwsCryptographicMaterialProviders = AwsCryptographicMaterialProviders( + config=MaterialProvidersConfig() + ) + + keyring_input: CreateAwsKmsHierarchicalKeyringInput = CreateAwsKmsHierarchicalKeyringInput( + key_store=keystore, + branch_key_id=branch_key_id, + ttl_seconds=600, + cache=CacheTypeDefault( + value=DefaultCache( + entry_capacity=100 + ) + ), + ) + + keyring: IKeyring = mat_prov.create_aws_kms_hierarchical_keyring( + input=keyring_input + ) + + return keyring + + +def encrypt_using_keyring( + plaintext_data: bytes, + keyring: IKeyring +): + """Demonstrate how to encrypt plaintext data using a hierarchy keyring. + + Usage: encrypt_using_keyring(plaintext_data, keyring) + :param plaintext_data: plaintext data you want to encrypt + :type: bytes + :param keyring: Keyring to use for encryption. + :type keyring: IKeyring + """ + client = aws_encryption_sdk.EncryptionSDKClient() + + ciphertext_data, _ = client.encrypt( + source=plaintext_data, + keyring=keyring, + encryption_context=PerfTestUtils.DEFAULT_ENCRYPTION_CONTEXT + ) + + return ciphertext_data + + +def decrypt_using_keyring( + ciphertext_data: bytes, + keyring: IKeyring +): + """Demonstrate how to decrypt ciphertext data using a hierarchy keyring. + + Usage: decrypt_using_keyring(ciphertext_data, keyring) + :param ciphertext_data: ciphertext data you want to decrypt + :type: bytes + :param keyring: Keyring to use for decryption. + :type keyring: IKeyring + """ + client = aws_encryption_sdk.EncryptionSDKClient() + + decrypted_plaintext_data, _ = client.decrypt( + source=ciphertext_data, + keyring=keyring, + encryption_context=PerfTestUtils.DEFAULT_ENCRYPTION_CONTEXT + ) + + return decrypted_plaintext_data diff --git a/performance_tests/src/aws_encryption_sdk_performance_tests/keyrings/raw_aes_keyring.py b/performance_tests/src/aws_encryption_sdk_performance_tests/keyrings/raw_aes_keyring.py index a849b1a7f..a2a3c9ab1 100644 --- a/performance_tests/src/aws_encryption_sdk_performance_tests/keyrings/raw_aes_keyring.py +++ b/performance_tests/src/aws_encryption_sdk_performance_tests/keyrings/raw_aes_keyring.py @@ -19,7 +19,6 @@ def create_keyring(): key_name_space = "Some managed raw keys" key_name = "My 256-bit AES wrapping key" - # Here, the input to secrets.token_bytes() = 32 bytes = 256 bits # We fix the static key in order to make the test deterministic static_key = PerfTestUtils.DEFAULT_AES_256_STATIC_KEY diff --git a/performance_tests/src/aws_encryption_sdk_performance_tests/master_key_providers/aws_kms_master_key_provider.py b/performance_tests/src/aws_encryption_sdk_performance_tests/master_key_providers/aws_kms_master_key_provider.py index c3136a5c7..023cd5942 100644 --- a/performance_tests/src/aws_encryption_sdk_performance_tests/master_key_providers/aws_kms_master_key_provider.py +++ b/performance_tests/src/aws_encryption_sdk_performance_tests/master_key_providers/aws_kms_master_key_provider.py @@ -8,7 +8,7 @@ def create_key_provider( kms_key_id: str ): - """Demonstrate how to create an AWS KMS master key-provider. + """Demonstrate how to create an AWS KMS master key provider. Usage: create_key_provider(kms_key_id) :param kms_key_id: KMS Key identifier for the KMS key you want to use. @@ -17,7 +17,7 @@ def create_key_provider( For more information on KMS Key identifiers, see https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id """ - # Create a KMS master key-provider. + # Create a KMS master key provider. key_provider = aws_encryption_sdk.StrictAwsKmsMasterKeyProvider(key_ids=[ kms_key_id, ]) @@ -29,7 +29,7 @@ def encrypt_using_key_provider( plaintext_data: bytes, key_provider: aws_encryption_sdk.key_providers.base.MasterKeyProvider ): - """Demonstrate how to encrypt plaintext data using an AWS KMS master key-provider. + """Demonstrate how to encrypt plaintext data using an AWS KMS master key provider. Usage: encrypt_using_key_provider(plaintext_data, key_provider) :param plaintext_data: plaintext data you want to encrypt @@ -51,7 +51,7 @@ def decrypt_using_key_provider( ciphertext_data: bytes, key_provider: aws_encryption_sdk.key_providers.base.MasterKeyProvider ): - """Demonstrate how to decrypt ciphertext data using an AWS KMS master key-provider. + """Demonstrate how to decrypt ciphertext data using an AWS KMS master key provider. Usage: decrypt_using_key_provider(ciphertext_data, key_provider) :param ciphertext_data: ciphertext data you want to decrypt diff --git a/performance_tests/src/aws_encryption_sdk_performance_tests/master_key_providers/caching_cmm.py b/performance_tests/src/aws_encryption_sdk_performance_tests/master_key_providers/caching_cmm.py new file mode 100644 index 000000000..7199c50bf --- /dev/null +++ b/performance_tests/src/aws_encryption_sdk_performance_tests/master_key_providers/caching_cmm.py @@ -0,0 +1,85 @@ +# Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +"""Performance tests for the Caching Cryptographic Materials Manager (CMM) with KMS Master Key Provider.""" + +import aws_encryption_sdk + + +def create_cmm( + kms_key_id: str, + max_age_in_cache: float, + cache_capacity: int +): + """Demonstrate how to create a Caching CMM. + + Usage: create_cmm(kms_key_id, max_age_in_cache, cache_capacity) + :param kms_key_id: Amazon Resource Name (ARN) of the KMS customer master key + :type kms_key_id: str + :param max_age_in_cache: Maximum time in seconds that a cached entry can be used + :type max_age_in_cache: float + :param cache_capacity: Maximum number of entries to retain in cache at once + :type cache_capacity: int + """ + # Security thresholds + # Max messages (or max bytes per) data key are optional + max_messages_encrypted = 100 + + # Create a master key provider for the KMS customer master key (CMK) + key_provider = aws_encryption_sdk.StrictAwsKmsMasterKeyProvider(key_ids=[kms_key_id]) + + # Create a local cache + cache = aws_encryption_sdk.LocalCryptoMaterialsCache(cache_capacity) + + # Create a caching CMM + caching_cmm = aws_encryption_sdk.CachingCryptoMaterialsManager( + master_key_provider=key_provider, + cache=cache, + max_age=max_age_in_cache, + max_messages_encrypted=max_messages_encrypted, + ) + + return caching_cmm + + +def encrypt_using_cmm( + plaintext_data: bytes, + caching_cmm: aws_encryption_sdk.materials_managers.base.CryptoMaterialsManager +): + """Demonstrate how to encrypt plaintext data using a Caching CMM. + + Usage: encrypt_using_cmm(plaintext_data, caching_cmm) + :param plaintext_data: plaintext data you want to encrypt + :type: bytes + :param caching_cmm: Crypto Materials Manager to use for encryption. + :type caching_cmm: aws_encryption_sdk.materials_managers.base.CryptoMaterialsManager + """ + client = aws_encryption_sdk.EncryptionSDKClient() + + ciphertext_data, _ = client.encrypt( + source=plaintext_data, + materials_manager=caching_cmm + ) + + return ciphertext_data + + +def decrypt_using_cmm( + ciphertext_data: bytes, + caching_cmm: aws_encryption_sdk.materials_managers.base.CryptoMaterialsManager +): + """Demonstrate how to decrypt ciphertext data using a Caching CMM. + + Usage: decrypt_using_cmm(ciphertext_data, caching_cmm) + :param ciphertext_data: ciphertext data you want to decrypt + :type: bytes + :param caching_cmm: Crypto Materials Manager to use for encryption. + :type caching_cmm: aws_encryption_sdk.materials_managers.base.CryptoMaterialsManager + """ + client = aws_encryption_sdk.EncryptionSDKClient() + + decrypted_plaintext_data, _ = client.decrypt( + source=ciphertext_data, + materials_manager=caching_cmm + ) + + return decrypted_plaintext_data diff --git a/performance_tests/src/aws_encryption_sdk_performance_tests/master_key_providers/raw_aes_master_key_provider.py b/performance_tests/src/aws_encryption_sdk_performance_tests/master_key_providers/raw_aes_master_key_provider.py index 42d071dcf..de0188c5e 100644 --- a/performance_tests/src/aws_encryption_sdk_performance_tests/master_key_providers/raw_aes_master_key_provider.py +++ b/performance_tests/src/aws_encryption_sdk_performance_tests/master_key_providers/raw_aes_master_key_provider.py @@ -43,13 +43,13 @@ def _get_raw_key(self, key_id): def create_key_provider(): - """Demonstrate how to create a Raw AES master key-provider. + """Demonstrate how to create a Raw AES master key provider. Usage: create_key_provider() """ - # Create a Raw AES master key-provider. + # Create a Raw AES master key provider. - # The Key ID field in the JceMasterKey and RawMasterKey is equivalent to key name in the Raw keyrings + # The Key ID field in the JceMasterKey and RawMasterKey is equivalent to key name in the Raw keyrings key_id = "My 256-bit AES wrapping key" key_provider = StaticRandomMasterKeyProvider() key_provider.add_master_key(key_id) @@ -61,7 +61,7 @@ def encrypt_using_key_provider( plaintext_data: bytes, key_provider: aws_encryption_sdk.key_providers.base.MasterKeyProvider ): - """Demonstrate how to encrypt plaintext data using a Raw AES master key-provider. + """Demonstrate how to encrypt plaintext data using a Raw AES master key provider. Usage: encrypt_using_key_provider(plaintext_data, key_provider) :param plaintext_data: plaintext data you want to encrypt @@ -83,7 +83,7 @@ def decrypt_using_key_provider( ciphertext_data: bytes, key_provider: aws_encryption_sdk.key_providers.base.MasterKeyProvider ): - """Demonstrate how to decrypt ciphertext data using a Raw AES master key-provider. + """Demonstrate how to decrypt ciphertext data using a Raw AES master key provider. Usage: decrypt_using_key_provider(ciphertext_data, key_provider) :param ciphertext_data: ciphertext data you want to decrypt diff --git a/performance_tests/src/aws_encryption_sdk_performance_tests/master_key_providers/raw_rsa_master_key_provider.py b/performance_tests/src/aws_encryption_sdk_performance_tests/master_key_providers/raw_rsa_master_key_provider.py index b52b78735..cdbe24110 100644 --- a/performance_tests/src/aws_encryption_sdk_performance_tests/master_key_providers/raw_rsa_master_key_provider.py +++ b/performance_tests/src/aws_encryption_sdk_performance_tests/master_key_providers/raw_rsa_master_key_provider.py @@ -43,13 +43,13 @@ def _get_raw_key(self, key_id): def create_key_provider(): - """Demonstrate how to create a Raw RSA master key-provider. + """Demonstrate how to create a Raw RSA master key provider. Usage: create_key_provider() """ - # Create a Raw RSA master key-provider. + # Create a Raw RSA master key provider. - # The Key ID field in the JceMasterKey and RawMasterKey is equivalent to key name in the Raw keyrings + # The Key ID field in the JceMasterKey and RawMasterKey is equivalent to key name in the Raw keyrings key_id = "My 4096-bit RSA wrapping key" key_provider = StaticRandomMasterKeyProvider() key_provider.add_master_key(key_id) @@ -61,7 +61,7 @@ def encrypt_using_key_provider( plaintext_data: bytes, key_provider: aws_encryption_sdk.key_providers.base.MasterKeyProvider ): - """Demonstrate how to encrypt plaintext data using a Raw RSA master key-provider. + """Demonstrate how to encrypt plaintext data using a Raw RSA master key provider. Usage: encrypt_using_key_provider(plaintext_data, key_provider) :param plaintext_data: plaintext data you want to encrypt @@ -83,7 +83,7 @@ def decrypt_using_key_provider( ciphertext_data: bytes, key_provider: aws_encryption_sdk.key_providers.base.MasterKeyProvider ): - """Demonstrate how to decrypt ciphertext data using a Raw RSA master key-provider. + """Demonstrate how to decrypt ciphertext data using a Raw RSA master key provider. Usage: decrypt_using_key_provider(ciphertext_data, key_provider) :param ciphertext_data: ciphertext data you want to decrypt diff --git a/performance_tests/src/aws_encryption_sdk_performance_tests/utils/util.py b/performance_tests/src/aws_encryption_sdk_performance_tests/utils/util.py index 52914b76a..9100ef12e 100644 --- a/performance_tests/src/aws_encryption_sdk_performance_tests/utils/util.py +++ b/performance_tests/src/aws_encryption_sdk_performance_tests/utils/util.py @@ -87,9 +87,7 @@ class PerfTestUtils: "the data you are handling": "is what you think it is", } - DEFAULT_BRANCH_KEY_ID_A = 'a52dfaad-7dbd-4430-a1fd-abaa5299da07' - - DEFAULT_BRANCH_KEY_ID_B = '8ba79cef-581c-4125-9292-b057a29d42d7' + DEFAULT_BRANCH_KEY_ID = 'a52dfaad-7dbd-4430-a1fd-abaa5299da07' @staticmethod def read_file(filename): diff --git a/performance_tests/test/keyrings/test_hierarchy_keyring.py b/performance_tests/test/keyrings/test_hierarchy_keyring.py new file mode 100644 index 000000000..e890c2a18 --- /dev/null +++ b/performance_tests/test/keyrings/test_hierarchy_keyring.py @@ -0,0 +1,174 @@ +# Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +"""This is a performance test for creating the hierarchy keyring.""" + +import os +import time + +import click +import click.testing +import pytest +from tqdm import tqdm + +from aws_encryption_sdk_performance_tests.keyrings.hierarchy_keyring import ( + create_keyring, + decrypt_using_keyring, + encrypt_using_keyring, +) +from aws_encryption_sdk_performance_tests.utils.util import PerfTestUtils + +MODULE_ABS_PATH = os.path.abspath(__file__) + + +@click.group() +def create_hierarchy_keyring(): + """Click group helper function""" + + +@create_hierarchy_keyring.command() +@click.option('--key_store_table_name', + default='KeyStoreDdbTable') +@click.option('--kms_key_id', + default='arn:aws:kms:us-west-2:370957321024:key/9d989aa2-2f9c-438c-a745-cc57d3ad0126') +@click.option('--n_iters', + default=PerfTestUtils.DEFAULT_N_ITERS) +@click.option('--output_file', + default='/'.join(MODULE_ABS_PATH.split("/")[:-3]) + '/results/hierarchy_keyring_create') +def create( + key_store_table_name: str, + kms_key_id: str, + n_iters: int, + output_file: str +): + """Performance test for the create_keyring function.""" + time_list = [] + for _ in tqdm(range(n_iters)): + curr_time = time.time() + + create_keyring(key_store_table_name, key_store_table_name, kms_key_id) + + # calculate elapsed time in milliseconds + elapsed_time = (time.time() - curr_time) * 1000 + time_list.append(elapsed_time) + + PerfTestUtils.write_time_list_to_csv(time_list, output_file) + + +@click.group() +def encrypt_hierarchy_keyring(): + """Click group helper function""" + + +@encrypt_hierarchy_keyring.command() +@click.option('--plaintext_data_filename', + default='/'.join(MODULE_ABS_PATH.split("/")[:-2]) + '/resources/plaintext/plaintext-data-' + + PerfTestUtils.DEFAULT_FILE_SIZE + '.dat') +@click.option('--key_store_table_name', + default='KeyStoreDdbTable') +@click.option('--kms_key_id', + default='arn:aws:kms:us-west-2:370957321024:key/9d989aa2-2f9c-438c-a745-cc57d3ad0126') +@click.option('--n_iters', + default=PerfTestUtils.DEFAULT_N_ITERS) +@click.option('--output_file', + default='/'.join(MODULE_ABS_PATH.split("/")[:-3]) + '/results/hierarchy_keyring_encrypt') +def encrypt( + plaintext_data_filename: str, + key_store_table_name: str, + kms_key_id: str, + n_iters: int, + output_file: str +): + """Performance test for the encrypt_using_keyring function.""" + plaintext_data = PerfTestUtils.read_file(plaintext_data_filename) + + keyring = create_keyring(key_store_table_name, key_store_table_name, kms_key_id) + time_list = [] + + for _ in tqdm(range(n_iters)): + curr_time = time.time() + + encrypt_using_keyring(plaintext_data, keyring) + + # calculate elapsed time in milliseconds + elapsed_time = (time.time() - curr_time) * 1000 + time_list.append(elapsed_time) + + PerfTestUtils.write_time_list_to_csv(time_list, output_file) + + +@click.group() +def decrypt_hierarchy_keyring(): + """Click group helper function""" + + +@decrypt_hierarchy_keyring.command() +@click.option('--ciphertext_data_filename', + default='/'.join(MODULE_ABS_PATH.split("/")[:-2]) + '/resources/ciphertext/hierarchy/ciphertext-data-' + + PerfTestUtils.DEFAULT_FILE_SIZE + '.ct') +@click.option('--key_store_table_name', + default='KeyStoreDdbTable') +@click.option('--kms_key_id', + default='arn:aws:kms:us-west-2:370957321024:key/9d989aa2-2f9c-438c-a745-cc57d3ad0126') +@click.option('--n_iters', + default=PerfTestUtils.DEFAULT_N_ITERS) +@click.option('--output_file', + default='/'.join(MODULE_ABS_PATH.split("/")[:-3]) + '/results/hierarchy_keyring_decrypt') +def decrypt( + ciphertext_data_filename: str, + key_store_table_name: str, + kms_key_id: str, + n_iters: int, + output_file: str +): + """Performance test for the decrypt_using_keyring function.""" + ciphertext_data = PerfTestUtils.read_file(ciphertext_data_filename) + + keyring = create_keyring(key_store_table_name, key_store_table_name, kms_key_id) + time_list = [] + + for _ in tqdm(range(n_iters)): + curr_time = time.time() + + decrypt_using_keyring(ciphertext_data, keyring) + + # calculate elapsed time in milliseconds + elapsed_time = (time.time() - curr_time) * 1000 + time_list.append(elapsed_time) + + PerfTestUtils.write_time_list_to_csv(time_list, output_file) + + +hierarchy_keyring_test = click.CommandCollection(sources=[create_hierarchy_keyring, + encrypt_hierarchy_keyring, + decrypt_hierarchy_keyring]) + + +@pytest.fixture +def runner(): + """Click runner""" + return click.testing.CliRunner() + + +def test_create(runner): + """Test the create_keyring function""" + result = runner.invoke(create_hierarchy_keyring.commands['create'], + ['--n_iters', PerfTestUtils.DEFAULT_TESTING_N_ITERS]) + assert result.exit_code == 0 + + +def test_encrypt(runner): + """Test the encrypt_using_keyring function""" + result = runner.invoke(encrypt_hierarchy_keyring.commands['encrypt'], + ['--n_iters', PerfTestUtils.DEFAULT_TESTING_N_ITERS]) + assert result.exit_code == 0 + + +def test_decrypt(runner): + """Test the decrypt_using_keyring function""" + result = runner.invoke(decrypt_hierarchy_keyring.commands['decrypt'], + ['--n_iters', PerfTestUtils.DEFAULT_TESTING_N_ITERS]) + assert result.exit_code == 0 + + +if __name__ == "__main__": + hierarchy_keyring_test() diff --git a/performance_tests/test/master_key_providers/test_aws_kms_master_key_provider.py b/performance_tests/test/master_key_providers/test_aws_kms_master_key_provider.py index b869245b5..c7b665857 100644 --- a/performance_tests/test/master_key_providers/test_aws_kms_master_key_provider.py +++ b/performance_tests/test/master_key_providers/test_aws_kms_master_key_provider.py @@ -1,6 +1,6 @@ # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 -"""This is a performance test for creating the AWS KMS Master key-provider.""" +"""This is a performance test for creating the AWS KMS Master key provider.""" import os import time diff --git a/performance_tests/test/master_key_providers/test_caching_cmm.py b/performance_tests/test/master_key_providers/test_caching_cmm.py new file mode 100644 index 000000000..f8552f96e --- /dev/null +++ b/performance_tests/test/master_key_providers/test_caching_cmm.py @@ -0,0 +1,183 @@ +# Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +"""This is a performance test for creating a Caching CMM.""" + +import os +import time + +import click +import click.testing +import pytest +from tqdm import tqdm + +from aws_encryption_sdk_performance_tests.master_key_providers.caching_cmm import ( + create_cmm, + decrypt_using_cmm, + encrypt_using_cmm, +) +from aws_encryption_sdk_performance_tests.utils.util import PerfTestUtils + +MODULE_ABS_PATH = os.path.abspath(__file__) + + +@click.group() +def create_caching_cmm(): + """Click group helper function""" + + +@create_caching_cmm.command() +@click.option('--kms_key_id', + default='arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f') +@click.option('--max_age_in_cache', + default=10.0) +@click.option('--cache_capacity', + default=10) +@click.option('--n_iters', + default=PerfTestUtils.DEFAULT_N_ITERS) +@click.option('--output_file', + default='/'.join(MODULE_ABS_PATH.split("/")[:-3]) + '/results/caching_cmm_create') +def create( + kms_key_id: str, + max_age_in_cache: float, + cache_capacity: int, + n_iters: int, + output_file: str +): + """Performance test for the create_cmm function.""" + time_list = [] + for _ in tqdm(range(n_iters)): + curr_time = time.time() + + create_cmm(kms_key_id, max_age_in_cache, cache_capacity) + + # calculate elapsed time in milliseconds + elapsed_time = (time.time() - curr_time) * 1000 + time_list.append(elapsed_time) + + PerfTestUtils.write_time_list_to_csv(time_list, output_file) + + +@click.group() +def encrypt_caching_cmm(): + """Click group helper function""" + + +@encrypt_caching_cmm.command() +@click.option('--plaintext_data_filename', + default='/'.join(MODULE_ABS_PATH.split("/")[:-2]) + '/resources/plaintext/plaintext-data-' + + PerfTestUtils.DEFAULT_FILE_SIZE + '.dat') +@click.option('--kms_key_id', + default='arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f') +@click.option('--max_age_in_cache', + default=10.0) +@click.option('--cache_capacity', + default=10) +@click.option('--n_iters', + default=PerfTestUtils.DEFAULT_N_ITERS) +@click.option('--output_file', + default='/'.join(MODULE_ABS_PATH.split("/")[:-3]) + '/results/caching_cmm_encrypt') +def encrypt( + plaintext_data_filename: str, + kms_key_id: str, + max_age_in_cache: float, + cache_capacity: int, + n_iters: int, + output_file: str +): + """Performance test for the encrypt_using_cmm function.""" + plaintext_data = PerfTestUtils.read_file(plaintext_data_filename) + + caching_cmm = create_cmm(kms_key_id, max_age_in_cache, cache_capacity) + time_list = [] + + for _ in tqdm(range(n_iters)): + curr_time = time.time() + + encrypt_using_cmm(plaintext_data, caching_cmm) + + # calculate elapsed time in milliseconds + elapsed_time = (time.time() - curr_time) * 1000 + time_list.append(elapsed_time) + + PerfTestUtils.write_time_list_to_csv(time_list, output_file) + + +@click.group() +def decrypt_caching_cmm(): + """Click group helper function""" + + +@decrypt_caching_cmm.command() +@click.option('--ciphertext_data_filename', + default='/'.join(MODULE_ABS_PATH.split("/")[:-2]) + '/resources/ciphertext/caching_cmm/ciphertext-data-' + + PerfTestUtils.DEFAULT_FILE_SIZE + '.ct') +@click.option('--kms_key_id', + default='arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f') +@click.option('--max_age_in_cache', + default=10.0) +@click.option('--cache_capacity', + default=10) +@click.option('--n_iters', + default=PerfTestUtils.DEFAULT_N_ITERS) +@click.option('--output_file', + default='/'.join(MODULE_ABS_PATH.split("/")[:-3]) + '/results/caching_cmm_decrypt') +def decrypt( + ciphertext_data_filename: str, + kms_key_id: str, + max_age_in_cache: float, + cache_capacity: int, + n_iters: int, + output_file: str +): + """Performance test for the decrypt_using_cmm function.""" + ciphertext_data = PerfTestUtils.read_file(ciphertext_data_filename) + + caching_cmm = create_cmm(kms_key_id, max_age_in_cache, cache_capacity) + time_list = [] + + for _ in tqdm(range(n_iters)): + curr_time = time.time() + + decrypt_using_cmm(ciphertext_data, caching_cmm) + + # calculate elapsed time in milliseconds + elapsed_time = (time.time() - curr_time) * 1000 + time_list.append(elapsed_time) + + PerfTestUtils.write_time_list_to_csv(time_list, output_file) + + +caching_cmm_test = click.CommandCollection(sources=[create_caching_cmm, + encrypt_caching_cmm, + decrypt_caching_cmm]) + + +@pytest.fixture +def runner(): + """Click runner""" + return click.testing.CliRunner() + + +def test_create(runner): + """Test the create_cmm function""" + result = runner.invoke(create_caching_cmm.commands['create'], + ['--n_iters', PerfTestUtils.DEFAULT_TESTING_N_ITERS]) + assert result.exit_code == 0 + + +def test_encrypt(runner): + """Test the encrypt_using_cmm function""" + result = runner.invoke(encrypt_caching_cmm.commands['encrypt'], + ['--n_iters', PerfTestUtils.DEFAULT_TESTING_N_ITERS]) + assert result.exit_code == 0 + + +def test_decrypt(runner): + """Test the decrypt_using_cmm function""" + result = runner.invoke(decrypt_caching_cmm.commands['decrypt'], + ['--n_iters', PerfTestUtils.DEFAULT_TESTING_N_ITERS]) + assert result.exit_code == 0 + + +if __name__ == "__main__": + caching_cmm_test() diff --git a/performance_tests/test/master_key_providers/test_raw_aes_master_key_provider.py b/performance_tests/test/master_key_providers/test_raw_aes_master_key_provider.py index 375eca2ef..cf39963bf 100644 --- a/performance_tests/test/master_key_providers/test_raw_aes_master_key_provider.py +++ b/performance_tests/test/master_key_providers/test_raw_aes_master_key_provider.py @@ -1,6 +1,6 @@ # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 -"""This is a performance test for creating the Raw AES Master key-provider.""" +"""This is a performance test for creating the Raw AES Master key provider.""" import os import time diff --git a/performance_tests/test/master_key_providers/test_raw_rsa_master_key_provider.py b/performance_tests/test/master_key_providers/test_raw_rsa_master_key_provider.py index 5d6db861a..63b00a0e3 100644 --- a/performance_tests/test/master_key_providers/test_raw_rsa_master_key_provider.py +++ b/performance_tests/test/master_key_providers/test_raw_rsa_master_key_provider.py @@ -1,6 +1,6 @@ # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 -"""This is a performance test for creating the Raw RSA Master key-provider.""" +"""This is a performance test for creating the Raw RSA Master key provider.""" import os import time diff --git a/performance_tests/test/resources/ciphertext/caching_cmm/ciphertext-data-empty.ct b/performance_tests/test/resources/ciphertext/caching_cmm/ciphertext-data-empty.ct new file mode 100644 index 000000000..5bfb39a4e Binary files /dev/null and b/performance_tests/test/resources/ciphertext/caching_cmm/ciphertext-data-empty.ct differ diff --git a/performance_tests/test/resources/ciphertext/caching_cmm/ciphertext-data-large.ct b/performance_tests/test/resources/ciphertext/caching_cmm/ciphertext-data-large.ct new file mode 100644 index 000000000..a9204fba3 Binary files /dev/null and b/performance_tests/test/resources/ciphertext/caching_cmm/ciphertext-data-large.ct differ diff --git a/performance_tests/test/resources/ciphertext/caching_cmm/ciphertext-data-medium.ct b/performance_tests/test/resources/ciphertext/caching_cmm/ciphertext-data-medium.ct new file mode 100644 index 000000000..bf8ce38e8 Binary files /dev/null and b/performance_tests/test/resources/ciphertext/caching_cmm/ciphertext-data-medium.ct differ diff --git a/performance_tests/test/resources/ciphertext/caching_cmm/ciphertext-data-small.ct b/performance_tests/test/resources/ciphertext/caching_cmm/ciphertext-data-small.ct new file mode 100644 index 000000000..63dac90b7 Binary files /dev/null and b/performance_tests/test/resources/ciphertext/caching_cmm/ciphertext-data-small.ct differ diff --git a/performance_tests/test/resources/ciphertext/hierarchy/ciphertext-data-empty.ct b/performance_tests/test/resources/ciphertext/hierarchy/ciphertext-data-empty.ct new file mode 100644 index 000000000..df4279720 Binary files /dev/null and b/performance_tests/test/resources/ciphertext/hierarchy/ciphertext-data-empty.ct differ diff --git a/performance_tests/test/resources/ciphertext/hierarchy/ciphertext-data-large.ct b/performance_tests/test/resources/ciphertext/hierarchy/ciphertext-data-large.ct new file mode 100644 index 000000000..97f71fca7 Binary files /dev/null and b/performance_tests/test/resources/ciphertext/hierarchy/ciphertext-data-large.ct differ diff --git a/performance_tests/test/resources/ciphertext/hierarchy/ciphertext-data-medium.ct b/performance_tests/test/resources/ciphertext/hierarchy/ciphertext-data-medium.ct new file mode 100644 index 000000000..dbb9ea9c0 Binary files /dev/null and b/performance_tests/test/resources/ciphertext/hierarchy/ciphertext-data-medium.ct differ diff --git a/performance_tests/test/resources/ciphertext/hierarchy/ciphertext-data-small.ct b/performance_tests/test/resources/ciphertext/hierarchy/ciphertext-data-small.ct new file mode 100644 index 000000000..ae53e0787 Binary files /dev/null and b/performance_tests/test/resources/ciphertext/hierarchy/ciphertext-data-small.ct differ