tuxmain/tlsbench
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Reproduce certs, fixes

Browse source
This commit is contained in:
Pascal Engélibert 2026-02-13 15:58:21 +01:00
commit aa3bb124fc
5 changed files with 266 additions and 56 deletions
Download patch file Download diff file Expand all files Collapse all files

96
exp.py
View file

@ -1,5 +1,5 @@
#!/usr/bin/python3
import os, sys, subprocess, socket
import os, sys, subprocess, socket, signal
CONFIGS = {
"debug": {
@ -47,11 +47,11 @@ CONFIGS = {
"server",
],
"tls": [
False,
#False,
True,
],
"records": [
{ "filename": "wikipedia", "repeat": 1 },
{ "filename": "wikipedia", "repeat": 10 },
],
"repo_dir": "/home/tuxmain/reps/tlsbench",
"exp_dir": "/dev/shm/exp",
@ -60,7 +60,7 @@ CONFIGS = {
"remote_addr": "127.0.0.1",
"remote_repo_dir": "/home/tuxmain/reps/tlsbench",
"wattmeter": False,
"perf": False,
"perf": True,
"rapl": False,
"perf_dir": "/home/tuxmain/.cache/exp",
"listen_port": 8080,
@ -70,21 +70,21 @@ CONFIGS = {
# i7-4790 -> pi3
"pi3": {
"experiments": [
#"impl-cipher-ver",
"impl-cipher-ver",
"impl-cert-ver",
#"impl-kex-ver",
#"zrtt"
"impl-kex-ver",
"zrtt"
],
"sides": [
"client",
#"server",
"server",
],
"tls": [
#False,
False,
True,
],
"records": [
{ "filename": "wikipedia", "repeat": 400 },
{ "filename": "wikipedia", "repeat": 1000 },
],
"repo_dir": "/home/tuxmain/reps/tlsbench",
"exp_dir": "/dev/shm/exp",
@ -98,7 +98,7 @@ CONFIGS = {
"perf": False,
"rapl": False,
"listen_port": 8080,
"idle": "idle - - - - - - - - 600.000081539154 0.0 896 4792 0.5399999999999991 0 -",
"idle": "idle - - - - - - - - - 600.000081539154 0.0 896 4792 0.5399999999999991 0 -",
"notify_listen": ("0.0.0.0", 8090),
"notify_addr": "192.168.3.1:8090",
},
@ -164,7 +164,7 @@ CONFIGS = {
"perf": False,
"rapl": False,
"listen_port": 8080,
"idle": "idle - - - - - - - - 600.0001013278961 0.0 735 4942 1.7759999999999962 0 -",
"idle": "idle - - - - - - - - - 600.0001013278961 0.0 735 4942 1.7759999999999962 0 -",
"notify_listen": ("0.0.0.0", 8090),
"notify_addr": "192.168.3.1:8090",
},
@ -228,7 +228,7 @@ CONFIGS = {
"perf": False,
"rapl": True,
"listen_port": 8080,
"idle": "idle - - - - - - - - 600.000194311142 0.0 1822 6541 1.3880000000000052 304283035 -",
"idle": "idle - - - - - - - - - 600.000194311142 0.0 1822 6541 1.3880000000000052 304283035 -",
"notify_listen": ("0.0.0.0", 8090),
"notify_addr": "192.168.3.1:8090",
},
@ -291,7 +291,7 @@ CONFIGS = {
"perf": False,
"rapl": False,
"listen_port": 8080,
"idle": "idle - - - - - - - - 600.000194311142 0.0 1822 6541 1.3880000000000052 304283035 -",#TODO
"idle": "idle - - - - - - - - - 600.000194311142 0.0 1822 6541 1.3880000000000052 304283035 -",#TODO
"notify_listen": ("0.0.0.0", 8090),
"notify_addr": "TODO:8090",
},
@ -348,11 +348,11 @@ CERT_SIGN_ALGS = [
"rsa2048", "rsa3072", "rsa4096", # widely used
]
IMPLS = [
"aws-lc", # Amazon's Rust crypto widely used in Rust stuff
#"boring", # Google's fork of OpenSSL used in Chrome and Android
"aws-lc", # Amazon's crypto widely used in Rust stuff
"boring", # Google's fork of OpenSSL used in Chrome and Android
#"graviola", # New crypto in Rust
#"openssl", # widely used
#"ring", # used in most Rust stuff
"openssl", # widely used
"ring", # used in most Rust stuff
#"symcrypt", # Microsoft's crypto
#"wolfcrypt" # used in embedded (won't build with rpxy for now)
]
@ -388,9 +388,9 @@ EXPERIMENTS = {
"AES_128_GCM_SHA256",
"AES_256_GCM_SHA384",
"CHACHA20_POLY1305_SHA256",
"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
#"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256",
#"ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,ECDHE_RSA_WITH_AES_256_GCM_SHA384",
#"ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
],
"kexes": ["X25519"],
"cert": ["prime256v1"],
@ -401,7 +401,7 @@ EXPERIMENTS = {
"impls": IMPLS,
"ciphers": [
"AES_128_GCM_SHA256",
"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256",
#"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256",
],
"kexes": ["X25519"],
"cert": [
@ -418,7 +418,7 @@ EXPERIMENTS = {
"impls": IMPLS,
"ciphers": [
"AES_128_GCM_SHA256",
"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256",
#"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256",
],
"kexes": [
"X25519",
@ -436,8 +436,8 @@ EXPERIMENTS = {
"impls": IMPLS,
"ciphers": [
"AES_128_GCM_SHA256",
#"AES_256_GCM_SHA384",
#"CHACHA20_POLY1305_SHA256",
"AES_256_GCM_SHA384",
"CHACHA20_POLY1305_SHA256",
],
"kexes": ["X25519"],
"cert": ["prime256v1"],
@ -659,12 +659,14 @@ def ssh_run_bg(ssh, cmd, env={}, **kwargs):
strvars += "export "+var+"="+env[var].replace(" ", "\\ ")+" && "
return ssh.run(f"{strvars}dtach -n `mktemp -u /tmp/dtach.XXXX` {cmd}", **kwargs)
def get_cpu_stat(ssh):
def get_cpu_stat(ssh, process_names):
res = ssh_run(ssh, "/sbin/sa --list-all-names", hide=True)
s = 0.0
for line in res.split("\n"):
if "rpxy" in line:
return float(re.finditer("\\s(\\d+\\.\\d+)cp\\s", line).__next__().group(1))
return 0.0
for process_name in process_names:
if process_name[:15] in line:
s += float(re.finditer("\\s(\\d+\\.\\d+)cp\\s", line).__next__().group(1))
return s
def get_net_stat(ssh):
res = ssh_run(ssh, "cat /proc/net/netstat", hide=True)
@ -682,6 +684,14 @@ def get_rapl_energy(ssh, repo_dir):
energy += int(item)
return energy
class Timeout(Exception):
pass
def timeout_handler(signum, frame):
raise Timeout
signal.signal(signal.SIGALRM, timeout_handler)
def run_exp(config, only_record=None, idle=False, shutdown=False, debug=False):
ssh = None
if "remote_ssh" in config:
@ -715,7 +725,7 @@ def run_exp(config, only_record=None, idle=False, shutdown=False, debug=False):
logfile_name = "log-"+timestr
logfile_path = exp_dir+"/"+logfile_name
logfile = open(logfile_path, "w")
logfile.write("exp impl alg kex cipher ed side tls record time cpu bytes_in bytes_out Wh Wh_rapl prof\n")
logfile.write("exp impl alg kex cipher ed side tls record n time cpu bytes_in bytes_out Wh Wh_rapl prof\n")
logfile.close()
perf_dir = ""
@ -725,7 +735,6 @@ def run_exp(config, only_record=None, idle=False, shutdown=False, debug=False):
if idle:
print("Measuring idle...")
rpxy_cpu = get_cpu_stat(ssh)
remote_bytes_in, remote_bytes_out = get_net_stat(ssh)
energy = 0
energy_rapl = 0
@ -735,7 +744,7 @@ def run_exp(config, only_record=None, idle=False, shutdown=False, debug=False):
energy_rapl = get_rapl_energy(ssh, remote_path)
start = time.time()
time.sleep(600)
time.sleep(1200)
end = time.time()
new_energy = 0
@ -745,8 +754,6 @@ def run_exp(config, only_record=None, idle=False, shutdown=False, debug=False):
if config["rapl"]:
new_energy_rapl = get_rapl_energy(ssh, remote_path)
new_remote_bytes_in, new_remote_bytes_out = get_net_stat(ssh)
new_rpxy_cpu = get_cpu_stat(ssh)
rpxy_cpu_diff = new_rpxy_cpu - rpxy_cpu
remote_bytes_in_diff = new_remote_bytes_in - remote_bytes_in
remote_bytes_out_diff = new_remote_bytes_out - remote_bytes_out
energy_diff = new_energy - energy
@ -755,7 +762,7 @@ def run_exp(config, only_record=None, idle=False, shutdown=False, debug=False):
while True:
try:
with open(logfile_path, "a") as logfile:
logfile.write(f"idle - - - - - - - - {time_diff} {rpxy_cpu_diff} {remote_bytes_in_diff} {remote_bytes_out_diff} {energy_diff} {energy_rapl_diff} -\n")
logfile.write(f"idle - - - - - - - - - {time_diff} 0 {remote_bytes_in_diff} {remote_bytes_out_diff} {energy_diff} {energy_rapl_diff} -\n")
logfile.close()
break
except Exception as e:
@ -871,11 +878,11 @@ def run_exp(config, only_record=None, idle=False, shutdown=False, debug=False):
prof_filename = "-"
if config["perf"]:
prof_filename = f"{perf_dir}/perf-{timestr}-{run_id}.data"
process_pid = ssh_run(ssh, "pidof netreplay"+("" if side == "server" else ("-"+impl))).removesuffix("\n")
ssh_run_bg(ssh, f"perf record -F 997 --call-graph dwarf,64000 -g -o {prof_filename} -p {rpxy_pid}")
process_pid = ssh_run(ssh, "pidof netreplay-"+impl).removesuffix("\n")
ssh_run_bg(ssh, f"perf record -F 997 --call-graph dwarf,64000 -g -o {prof_filename} -p {process_pid}")
# Measure
cpu = get_cpu_stat(ssh)
cpu = get_cpu_stat(ssh, ["netreplay-"+impl, "tokio-runtime-w"])
remote_bytes_in, remote_bytes_out = get_net_stat(ssh)
energy = 0
energy_rapl = 0
@ -886,7 +893,11 @@ def run_exp(config, only_record=None, idle=False, shutdown=False, debug=False):
start = time.time()
# Wait for the client to terminate
notify_socket.recv(4)
signal.alarm(600)
try:
notify_socket.recv(4)
except Timeout:
print("TIMEOUT: stop")
# Measure
end = time.time()
@ -897,7 +908,6 @@ def run_exp(config, only_record=None, idle=False, shutdown=False, debug=False):
if config["rapl"]:
new_energy_rapl = get_rapl_energy(ssh, remote_path)
new_remote_bytes_in, new_remote_bytes_out = get_net_stat(ssh)
new_cpu = get_cpu_stat(ssh)
# Kill server
if side == "client":
@ -910,6 +920,9 @@ def run_exp(config, only_record=None, idle=False, shutdown=False, debug=False):
ssh_run(ssh, "killall netreplay-"+impl)
except invoke.exceptions.UnexpectedExit as e:
pass
# Measure CPU after (as it may update only after the process is killed)
new_cpu = get_cpu_stat(ssh, ["netreplay-"+impl, "tokio-runtime-w"])
record_filename = record["filename"]
cpu_diff = new_cpu - cpu
@ -918,10 +931,11 @@ def run_exp(config, only_record=None, idle=False, shutdown=False, debug=False):
energy_diff = new_energy - energy
energy_rapl_diff = new_energy_rapl - energy_rapl
time_diff = end - start
repeats = record["repeat"]
while True:
try:
with open(logfile_path, "a") as logfile:
logfile.write(f"{expname} {impl} {alg} {kex} {cipher} {earlydata} {side} {tls_int} {record_filename} {time_diff} {cpu_diff} {remote_bytes_in_diff} {remote_bytes_out_diff} {energy_diff} {energy_rapl_diff} {prof_filename}\n")
logfile.write(f"{expname} {impl} {alg} {kex} {cipher} {earlydata} {side} {tls_int} {record_filename} {repeats} {time_diff} {cpu_diff} {remote_bytes_in_diff} {remote_bytes_out_diff} {energy_diff} {energy_rapl_diff} {prof_filename}\n")
logfile.close()
break
except Exception as e: