fixes, TLS1.2
This commit is contained in:
parent
ac56eb5b82
commit
08fd52eedb
3 changed files with 105 additions and 41 deletions
54
exp.py
54
exp.py
|
|
@ -15,7 +15,7 @@ CONFIGS = {
|
|||
"server-local",
|
||||
],
|
||||
"records": [
|
||||
{ "filename": "wikipedia", "repeat": 1 },
|
||||
{ "filename": "youtube", "repeat": 1 },
|
||||
],
|
||||
"repodir": "/home/tuxmain/reps/tlsbench",
|
||||
"expdir": "/dev/shm/exp",
|
||||
|
|
@ -74,7 +74,7 @@ CONFIGS = {
|
|||
"server",
|
||||
],
|
||||
"records": [
|
||||
{ "filename": "wikipedia", "repeat": 500 },
|
||||
{ "filename": "wikipedia", "repeat": 400 },
|
||||
],
|
||||
"repodir": "/home/tuxmain/reps/tlsbench",
|
||||
"expdir": "/dev/shm/exp",
|
||||
|
|
@ -184,8 +184,9 @@ CONFIGS = {
|
|||
"i5": {
|
||||
"experiments": [
|
||||
"impl-cipher-ver",
|
||||
#"impl-cert-ver",
|
||||
#"impl-kex-ver",
|
||||
"impl-cert-ver",
|
||||
"impl-kex-ver",
|
||||
"zrtt",
|
||||
],
|
||||
"setups": [
|
||||
"none",
|
||||
|
|
@ -301,11 +302,11 @@ CERT_SIGN_ALGS = [
|
|||
]
|
||||
IMPLS = [
|
||||
"aws_lc", # Amazon's Rust crypto widely used in Rust stuff
|
||||
#"boring", # Google's fork of OpenSSL used in Chrome and Android
|
||||
#"graviola", # New crypto in Rust
|
||||
#"openssl", # widely used
|
||||
#"ring", # used in most Rust stuff
|
||||
#"symcrypt", # Microsoft's crypto
|
||||
"boring", # Google's fork of OpenSSL used in Chrome and Android
|
||||
"graviola", # New crypto in Rust
|
||||
"openssl", # widely used
|
||||
"ring", # used in most Rust stuff
|
||||
"symcrypt", # Microsoft's crypto
|
||||
#"wolfcrypt" # used in embedded (won't build with rpxy for now)
|
||||
]
|
||||
# Symmetric ciphers
|
||||
|
|
@ -340,9 +341,9 @@ EXPERIMENTS = {
|
|||
"AES_128_GCM_SHA256",
|
||||
"AES_256_GCM_SHA384",
|
||||
"CHACHA20_POLY1305_SHA256",
|
||||
#"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
||||
#"ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,ECDHE_RSA_WITH_AES_256_GCM_SHA384",
|
||||
#"ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
|
||||
"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
||||
"ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,ECDHE_RSA_WITH_AES_256_GCM_SHA384",
|
||||
"ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
|
||||
],
|
||||
"kexes": ["X25519"],
|
||||
"cert": ["prime256v1"],
|
||||
|
|
@ -353,7 +354,7 @@ EXPERIMENTS = {
|
|||
"impls": IMPLS,
|
||||
"ciphers": [
|
||||
"AES_128_GCM_SHA256",
|
||||
#"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
||||
"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
||||
],
|
||||
"kexes": ["X25519"],
|
||||
"cert": [
|
||||
|
|
@ -370,7 +371,7 @@ EXPERIMENTS = {
|
|||
"impls": IMPLS,
|
||||
"ciphers": [
|
||||
"AES_128_GCM_SHA256",
|
||||
#"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
||||
"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
||||
],
|
||||
"kexes": [
|
||||
"X25519",
|
||||
|
|
@ -385,17 +386,11 @@ EXPERIMENTS = {
|
|||
},
|
||||
# Compare 0-RTT with no early data
|
||||
"zrtt": {
|
||||
"impls": [
|
||||
"aws_lc",
|
||||
#"ring"
|
||||
],
|
||||
"impls": IMPLS,
|
||||
"ciphers": [
|
||||
"AES_128_GCM_SHA256",
|
||||
#"AES_256_GCM_SHA384",
|
||||
#"CHACHA20_POLY1305_SHA256",
|
||||
#"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
||||
#"ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,ECDHE_RSA_WITH_AES_256_GCM_SHA384",
|
||||
#"ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
|
||||
],
|
||||
"kexes": ["X25519"],
|
||||
"cert": ["prime256v1"],
|
||||
|
|
@ -415,6 +410,9 @@ EXPERIMENTS = {
|
|||
|
||||
# Some algorithms are not available in all implementations
|
||||
def alg_filter(kex, cert, cipher, impl):
|
||||
if "MLKEM" in kex and "WITH" in cipher:
|
||||
# WITH means TLS1.2
|
||||
return False
|
||||
if "MLKEM" in kex and impl != "openssl" and impl != "aws_lc" and impl != "graviola":
|
||||
return False
|
||||
if kex == "SECP256R1MLKEM768" and impl == "openssl":
|
||||
|
|
@ -425,6 +423,8 @@ def alg_filter(kex, cert, cipher, impl):
|
|||
return False
|
||||
if kex == "MLKEM768" and impl == "graviola":
|
||||
return False
|
||||
#if cipher == "ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,ECDHE_RSA_WITH_AES_256_GCM_SHA384" and impl == "openssl":
|
||||
# return False
|
||||
return True
|
||||
|
||||
DOMAINS = []
|
||||
|
|
@ -533,6 +533,7 @@ def make_certs(outdir, domains, alg, make_ca):
|
|||
make_cert(outdir+root+".crt", outdir+root+".key", outdir+"ca.crt", outdir+"ca.key", root, roots[root])
|
||||
|
||||
# Make a cert for all domains because choosing a certificate as a proxy is a real pain
|
||||
# It is used by netreplay when recording. Rpxy will use specific certs.
|
||||
make_sk(outdir+"all.key", alg)
|
||||
make_cert(outdir+"all.crt", outdir+"all.key", outdir+"ca.crt", outdir+"ca.key", "wikipedia.org", domains)
|
||||
|
||||
|
|
@ -688,7 +689,7 @@ def choose_impl(expdir, p, impl):
|
|||
expdir += "/"
|
||||
os.symlink(os.getcwd()+"/rpxy_rustls_"+impl, expdir+str(p)+"_rpxy", False)
|
||||
|
||||
def run_netreplay(expdir, repodir, record, p2_addr, p2_port, listen_port, tls_mode, only_record=None, ciphers=None, kexes=None, earlydata="0"):
|
||||
def run_netreplay(expdir, repodir, record, p2_addr, p2_port, listen_port, tls_mode, only_record=None, ciphers=None, kexes=None, earlydata="0", debug=False):
|
||||
if expdir[-1] != "/":
|
||||
expdir += "/"
|
||||
repodir = repodir.removesuffix("/")
|
||||
|
|
@ -700,6 +701,8 @@ def run_netreplay(expdir, repodir, record, p2_addr, p2_port, listen_port, tls_mo
|
|||
cmd = [repodir+"/netreplay", repodir+"/records/"+record["filename"], "play", p2_addr, str(p2_port), str(listen_port), expdir+"current_certs", tls_mode, "-r", str(record["repeat"]),
|
||||
#"--record", "21"
|
||||
]
|
||||
if debug:
|
||||
cmd.append("-d")
|
||||
if only_record != None:
|
||||
cmd += ["--record", only_record]
|
||||
print(" ".join(cmd))
|
||||
|
|
@ -754,7 +757,7 @@ def get_rapl_energy(ssh, repodir):
|
|||
energy += int(item)
|
||||
return energy
|
||||
|
||||
def run_exp(config, only_record=None, idle=False, shutdown=False):
|
||||
def run_exp(config, only_record=None, idle=False, shutdown=False, debug=False):
|
||||
ssh = None
|
||||
if "p2_ssh" in config:
|
||||
ssh = connect_ssh(config)
|
||||
|
|
@ -899,6 +902,7 @@ def run_exp(config, only_record=None, idle=False, shutdown=False):
|
|||
ciphers=cipher,
|
||||
kexes=kex,
|
||||
earlydata=earlydata,
|
||||
debug=debug,
|
||||
)
|
||||
|
||||
# TODO detect when netreplay has finished
|
||||
|
|
@ -1032,6 +1036,7 @@ Run options:
|
|||
--record <id> Only play this record
|
||||
--idle Also measure when idle
|
||||
--shutdown Shutdown host and target when finished
|
||||
--debug Print netreplay's debug
|
||||
""".format(
|
||||
sig_algs = " ".join(CERT_SIGN_ALGS),
|
||||
configs = " ".join([i for i in CONFIGS]),
|
||||
|
|
@ -1092,7 +1097,8 @@ Run options:
|
|||
print("Cannot power off")
|
||||
exit(1)
|
||||
|
||||
run_exp(config, only_record=getargv("--record", None), idle="--idle" in sys.argv, shutdown=shutdown)
|
||||
debug = "--debug" in sys.argv
|
||||
run_exp(config, only_record=getargv("--record", None), idle="--idle" in sys.argv, shutdown=shutdown, debug=debug)
|
||||
|
||||
if shutdown:
|
||||
bus_proxy.PowerOff(False)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue