Client uses userland certs
This commit is contained in:
parent
e184b429ed
commit
a159ecdd10
3 changed files with 37 additions and 14 deletions
|
|
@ -375,7 +375,7 @@ oarsub -q default -l host=2,walltime=2 -I
|
||||||
# Let's call them p1 and p2
|
# Let's call them p1 and p2
|
||||||
ping p2
|
ping p2
|
||||||
# Note p2 addr to exp.py
|
# Note p2 addr to exp.py
|
||||||
pip3 install fabric
|
pip3 install fabric --break-system-packages
|
||||||
python exp.py make g5k -c
|
python exp.py make g5k -c
|
||||||
python exp.py send g5k
|
python exp.py send g5k
|
||||||
|
|
||||||
|
|
|
||||||
33
crawler.py
33
crawler.py
|
|
@ -8,7 +8,8 @@ CAPTURES = {
|
||||||
"written_bytes": "SSL handshake has read \\d+ bytes and written (\\d+) bytes\n",
|
"written_bytes": "SSL handshake has read \\d+ bytes and written (\\d+) bytes\n",
|
||||||
"cert_sig": "Peer signature type: ([a-zA-Z0-9_.-]+)\n",
|
"cert_sig": "Peer signature type: ([a-zA-Z0-9_.-]+)\n",
|
||||||
"cert_pk_size": "Server public key is (\\d+) bit\n",
|
"cert_pk_size": "Server public key is (\\d+) bit\n",
|
||||||
"kx": "(?:Negotiated TLS1\\.3 group|Peer Temp Key): ([a-zA-Z0-9_.-]+)(?:\n|,)",
|
#"kx": "(?:Negotiated TLS1\\.3 group|Peer Temp Key): ([a-zA-Z0-9_.-]+)(?:\n|,)",
|
||||||
|
"kx": "(?:Negotiated TLS1\\.3 group|Peer Temp Key): ([a-zA-Z0-9_., -]+)\n",
|
||||||
"cipher": "Cipher is ([a-zA-Z0-9_.-]+)\n",
|
"cipher": "Cipher is ([a-zA-Z0-9_.-]+)\n",
|
||||||
"protocol": "Protocol: ([a-zA-Z0-9_.-]+)\n",
|
"protocol": "Protocol: ([a-zA-Z0-9_.-]+)\n",
|
||||||
}
|
}
|
||||||
|
|
@ -106,7 +107,12 @@ if __name__ == "__main__":
|
||||||
"none": 0,
|
"none": 0,
|
||||||
"x25519mlkem768": 0,
|
"x25519mlkem768": 0,
|
||||||
"x25519": 0,
|
"x25519": 0,
|
||||||
"rsa": 0,
|
"rsa2048": 0,
|
||||||
|
"rsa3072": 0,
|
||||||
|
"rsa4096": 0,
|
||||||
|
"secp256r1": 0,
|
||||||
|
"secp384r1": 0,
|
||||||
|
"secp521r1": 0,
|
||||||
},
|
},
|
||||||
"version": {
|
"version": {
|
||||||
"none": 0,
|
"none": 0,
|
||||||
|
|
@ -134,6 +140,7 @@ if __name__ == "__main__":
|
||||||
except StopIteration:
|
except StopIteration:
|
||||||
pass
|
pass
|
||||||
#print("Not found:", line, r)
|
#print("Not found:", line, r)
|
||||||
|
|
||||||
if "cert_sig" not in domain_stats:
|
if "cert_sig" not in domain_stats:
|
||||||
summary["cert"]["none"] += 1
|
summary["cert"]["none"] += 1
|
||||||
elif domain_stats["cert_sig"] == "ecdsa_secp256r1_sha256":
|
elif domain_stats["cert_sig"] == "ecdsa_secp256r1_sha256":
|
||||||
|
|
@ -144,6 +151,7 @@ if __name__ == "__main__":
|
||||||
summary["cert"]["secp521r1"] += 1
|
summary["cert"]["secp521r1"] += 1
|
||||||
elif "rsa" in domain_stats["cert_sig"]:
|
elif "rsa" in domain_stats["cert_sig"]:
|
||||||
summary["cert"]["rsa{}".format(domain_stats["cert_pk_size"])] += 1
|
summary["cert"]["rsa{}".format(domain_stats["cert_pk_size"])] += 1
|
||||||
|
|
||||||
if "cipher" not in domain_stats:
|
if "cipher" not in domain_stats:
|
||||||
summary["cipher"]["none"] += 1
|
summary["cipher"]["none"] += 1
|
||||||
elif "AES_128" in domain_stats["cipher"] or "AES128" in domain_stats["cipher"]:
|
elif "AES_128" in domain_stats["cipher"] or "AES128" in domain_stats["cipher"]:
|
||||||
|
|
@ -152,21 +160,34 @@ if __name__ == "__main__":
|
||||||
summary["cipher"]["aes256"] += 1
|
summary["cipher"]["aes256"] += 1
|
||||||
elif "CHACHA20" in domain_stats["cipher"]:
|
elif "CHACHA20" in domain_stats["cipher"]:
|
||||||
summary["cipher"]["chacha20"] += 1
|
summary["cipher"]["chacha20"] += 1
|
||||||
|
|
||||||
if "kx" not in domain_stats:
|
if "kx" not in domain_stats:
|
||||||
summary["kx"]["none"] += 1
|
summary["kx"]["none"] += 1
|
||||||
elif domain_stats["kx"] == "X25519MLKEM768":
|
elif domain_stats["kx"] == "X25519MLKEM768":
|
||||||
summary["kx"]["x25519mlkem768"] += 1
|
summary["kx"]["x25519mlkem768"] += 1
|
||||||
elif domain_stats["kx"] == "X25519" or domain_stats["kx"] == "ECDH":
|
elif domain_stats["kx"] == "X25519, 253 bits":
|
||||||
summary["kx"]["x25519"] += 1
|
summary["kx"]["x25519"] += 1
|
||||||
elif domain_stats["kx"] == "DH":
|
elif domain_stats["kx"] == "DH, 2048 bits":
|
||||||
summary["kx"]["rsa"] += 1
|
summary["kx"]["rsa2048"] += 1
|
||||||
|
elif domain_stats["kx"] == "DH, 3072 bits":
|
||||||
|
summary["kx"]["rsa3072"] += 1
|
||||||
|
elif domain_stats["kx"] == "DH, 4096 bits":
|
||||||
|
summary["kx"]["rsa4096"] += 1
|
||||||
|
elif domain_stats["kx"] == "ECDH, prime256v1, 256 bits":
|
||||||
|
summary["kx"]["secp256r1"] += 1
|
||||||
|
elif domain_stats["kx"] == "ECDH, secp384r1, 384 bits":
|
||||||
|
summary["kx"]["secp384r1"] += 1
|
||||||
|
elif domain_stats["kx"] == "ECDH, secp521r1, 521 bits":
|
||||||
|
summary["kx"]["secp521r1"] += 1
|
||||||
|
|
||||||
if "protocol" not in domain_stats:
|
if "protocol" not in domain_stats:
|
||||||
summary["version"]["none"] += 1
|
summary["version"]["none"] += 1
|
||||||
elif domain_stats["protocol"] == "TLSv1.3":
|
elif domain_stats["protocol"] == "TLSv1.3":
|
||||||
summary["version"]["1.3"] += 1
|
summary["version"]["1.3"] += 1
|
||||||
elif domain_stats["protocol"] == "TLSv1.2":
|
elif domain_stats["protocol"] == "TLSv1.2":
|
||||||
summary["version"]["1.2"] += 1
|
summary["version"]["1.2"] += 1
|
||||||
#if "kx" in domain_stats and domain_stats["kx"] == "DH":
|
|
||||||
|
#if "kx" in domain_stats and domain_stats["kx"] == "ECDH":
|
||||||
# print(c[domain])
|
# print(c[domain])
|
||||||
# exit(0)
|
# exit(0)
|
||||||
if "-t" in sys.argv: # text output
|
if "-t" in sys.argv: # text output
|
||||||
|
|
|
||||||
16
exp.py
16
exp.py
|
|
@ -390,9 +390,9 @@ EXPERIMENTS = {
|
||||||
"AES_128_GCM_SHA256",
|
"AES_128_GCM_SHA256",
|
||||||
"AES_256_GCM_SHA384",
|
"AES_256_GCM_SHA384",
|
||||||
"CHACHA20_POLY1305_SHA256",
|
"CHACHA20_POLY1305_SHA256",
|
||||||
"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
#"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
||||||
"ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,ECDHE_RSA_WITH_AES_256_GCM_SHA384",
|
#"ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,ECDHE_RSA_WITH_AES_256_GCM_SHA384",
|
||||||
"ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
|
#"ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
|
||||||
],
|
],
|
||||||
"kexes": ["X25519"],
|
"kexes": ["X25519"],
|
||||||
"cert": ["prime256v1"],
|
"cert": ["prime256v1"],
|
||||||
|
|
@ -403,7 +403,7 @@ EXPERIMENTS = {
|
||||||
"impls": IMPLS,
|
"impls": IMPLS,
|
||||||
"ciphers": [
|
"ciphers": [
|
||||||
"AES_128_GCM_SHA256",
|
"AES_128_GCM_SHA256",
|
||||||
"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
#"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
||||||
],
|
],
|
||||||
"kexes": ["X25519"],
|
"kexes": ["X25519"],
|
||||||
"cert": [
|
"cert": [
|
||||||
|
|
@ -420,7 +420,7 @@ EXPERIMENTS = {
|
||||||
"impls": IMPLS,
|
"impls": IMPLS,
|
||||||
"ciphers": [
|
"ciphers": [
|
||||||
"AES_128_GCM_SHA256",
|
"AES_128_GCM_SHA256",
|
||||||
"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
#"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
||||||
],
|
],
|
||||||
"kexes": [
|
"kexes": [
|
||||||
"X25519",
|
"X25519",
|
||||||
|
|
@ -640,7 +640,7 @@ def run_netreplay_server(ssh, exp_dir, repo_dir, record, listen_addr, listen_por
|
||||||
print(cmdline)
|
print(cmdline)
|
||||||
return ssh_run_bg(ssh, cmdline, env)
|
return ssh_run_bg(ssh, cmdline, env)
|
||||||
|
|
||||||
def run_netreplay_client(ssh, exp_dir, repo_dir, record, remote_addr, remote_port, tls, impl, only_record=None, ciphers=None, kexes=None, earlydata="0", debug=False, notify_addr=None):
|
def run_netreplay_client(ssh, exp_dir, repo_dir, record, remote_addr, remote_port, tls, impl, certs_dir, only_record=None, ciphers=None, kexes=None, earlydata="0", debug=False, notify_addr=None):
|
||||||
if exp_dir[-1] != "/":
|
if exp_dir[-1] != "/":
|
||||||
exp_dir += "/"
|
exp_dir += "/"
|
||||||
repo_dir = repo_dir.removesuffix("/")
|
repo_dir = repo_dir.removesuffix("/")
|
||||||
|
|
@ -649,7 +649,7 @@ def run_netreplay_client(ssh, exp_dir, repo_dir, record, remote_addr, remote_por
|
||||||
env["CIPHERS"] = ciphers
|
env["CIPHERS"] = ciphers
|
||||||
if kexes:
|
if kexes:
|
||||||
env["KEXES"] = kexes
|
env["KEXES"] = kexes
|
||||||
cmd = [repo_dir+"/netreplay"+("" if impl == None else ("-"+impl)), repo_dir+"/records/"+record["filename"], "client", remote_addr, str(remote_port), "-r", str(record["repeat"])]
|
cmd = [repo_dir+"/netreplay"+("" if impl == None else ("-"+impl)), repo_dir+"/records/"+record["filename"], "client", remote_addr, str(remote_port), "-r", str(record["repeat"]), "--certs", certs_dir]
|
||||||
if debug:
|
if debug:
|
||||||
cmd.append("-d")
|
cmd.append("-d")
|
||||||
if tls:
|
if tls:
|
||||||
|
|
@ -864,6 +864,7 @@ def run_exp(config, only_record=None, idle=False, shutdown=False, debug=False):
|
||||||
config["listen_port"],
|
config["listen_port"],
|
||||||
tls,
|
tls,
|
||||||
impl,
|
impl,
|
||||||
|
certs_dir,
|
||||||
only_record=only_record,
|
only_record=only_record,
|
||||||
ciphers=cipher,
|
ciphers=cipher,
|
||||||
kexes=kex,
|
kexes=kex,
|
||||||
|
|
@ -896,6 +897,7 @@ def run_exp(config, only_record=None, idle=False, shutdown=False, debug=False):
|
||||||
config["listen_port"],
|
config["listen_port"],
|
||||||
tls,
|
tls,
|
||||||
None,
|
None,
|
||||||
|
certs_dir,
|
||||||
only_record=only_record,
|
only_record=only_record,
|
||||||
ciphers=cipher,
|
ciphers=cipher,
|
||||||
kexes=kex,
|
kexes=kex,
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue