tuxmain/tlsbench
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix profile extraction

Browse source
This commit is contained in:
Pascal Engélibert 2025-12-03 13:27:15 +01:00
commit f4ce4bd3fc
3 changed files with 28 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

18
exp.py
View file

@ -76,9 +76,9 @@ DOMAINS_ = [
]
RECORDS = [
{ "filename": "youtube", "repeat": 10 },
#{ "filename": "youtube", "repeat": 100 },
#{ "filename": "peertube", "repeat": 10 },
#{ "filename": "wikipedia", "repeat": 1 },
{ "filename": "wikipedia", "repeat": 100 },
#{ "filename": "apple", "repeat": 1000 },
#{ "filename": "google", "repeat": 1000 },
]
@ -90,10 +90,10 @@ CERT_SIGN_ALGS = [
]
IMPLS = [
"aws_lc_rs", # Amazon's Rust crypto widely used in Rust stuff
#"boring", # Google's fork of OpenSSL used in Chrome and Android
"boring", # Google's fork of OpenSSL used in Chrome and Android
"openssl", # widely used
"ring", # used in most Rust stuff
#"symcrypt", # Microsoft's crypto
"symcrypt", # Microsoft's crypto
#"wolfcrypt" # used in embedded (won't build with rpxy for now)
]
# Symmetric ciphers
@ -145,9 +145,10 @@ EXPERIMENTS = {
"kexes": ["X25519"],
"cert": [
"prime256v1",
#"secp384r1",
"secp384r1",
"rsa2048",
"rsa3072", "rsa4096"
"rsa3072",
"rsa4096",
],
},
# Compare key exchange groups among implementations and TLS versions
@ -629,7 +630,7 @@ def run_exp(expdir, config, only_record=None, idle=False):
#time.sleep(30)
#sh("killall netreplay")
try:
#ssh_run(ssh, f"rm /dev/shm/access.log /dev/shm/rpxy.log")
ssh_run(ssh, f"rm /dev/shm/access.log /dev/shm/rpxy.log")
pass
except invoke.exceptions.UnexpectedExit as e:
pass
@ -669,7 +670,8 @@ def run_exp(expdir, config, only_record=None, idle=False):
YAPI.FreeAPI()
def update_certs():
dist = platform.freedesktop_os_release()["ID"]
info = platform.freedesktop_os_release()
dist = info.get("ID_LIKE", info["ID"])
if dist == "debian":
for alg in CERT_SIGN_ALGS:
sh([

1
plots.py
View file

@ -10,6 +10,7 @@ ALG_LABEL = {
"ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,ECDHE_RSA_WITH_AES_256_GCM_SHA384": "AES256",
"ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256": "CHACHA20",
"prime256v1": "prime256v1",
"secp384r1": "secp384r1",
"rsa2048": "rsa2048",
"rsa3072": "rsa3072",
"rsa4096": "rsa4096",

34
profile.py
View file

@ -5,35 +5,35 @@ import re, sys
FUNCTIONS = {
"rustls::record_layer::RecordLayer::decrypt_incoming": "decrypt",
"<[a-zA-Z0-9_:]+ as rustls::crypto::cipher::MessageEncrypter>::encrypt": "encrypt",
"<[a-zA-Z0-9_:<>]+ as rustls::crypto::cipher::MessageEncrypter>::encrypt": "encrypt",
"<[a-zA-Z0-9_:]+ as rustls::crypto::tls13::Hkdf>::expander_for_okm": "hkdf",
"<[a-zA-Z0-9_:<>]+ as rustls::crypto::tls13::Hkdf>::expander_for_okm": "hkdf",
"<[a-zA-Z0-9_:]+ as rustls::crypto::SecureRandom>::fill": "rand",
"<[a-zA-Z0-9_:<>]+ as rustls::crypto::SecureRandom>::fill": "rand",
"<[a-zA-Z0-9_:]+ as rustls::crypto::SupportedKxGroup>::start": "kx",
"<[a-zA-Z0-9_:<>]+ as rustls::crypto::SupportedKxGroup>::start": "kx",
"<[a-zA-Z0-9_:]+ as rustls::crypto::hash::Hash>::start": "hash",
"<[a-zA-Z0-9_:]+ as rustls::crypto::hash::Context>::finish": "hash",
"<[a-zA-Z0-9_:]+ as rustls::crypto::hash::Context>::update": "hash",
"<[a-zA-Z0-9_:]+ as rustls::crypto::hash::Context>::fork_finish": "hash",
"<[a-zA-Z0-9_:<>]+ as rustls::crypto::hash::Hash>::start": "hash",
"<[a-zA-Z0-9_:<>]+ as rustls::crypto::hash::Context>::finish": "hash",
"<[a-zA-Z0-9_:<>]+ as rustls::crypto::hash::Context>::update": "hash",
"<[a-zA-Z0-9_:<>]+ as rustls::crypto::hash::Context>::fork_finish": "hash",
"<[a-zA-Z0-9_:]+ as rustls::crypto::tls13::Hkdf>::extract_from_secret": "hkdf",
"<[a-zA-Z0-9_:<>]+ as rustls::crypto::tls13::Hkdf>::extract_from_secret": "hkdf",
"<[a-zA-Z0-9_:]+ as rustls::crypto::ActiveKeyExchange>::complete": "kx",
"<[a-zA-Z0-9_:<>]+ as rustls::crypto::ActiveKeyExchange>::complete": "kx",
"<[a-zA-Z0-9_:]+ as rustls::crypto::tls13::HkdfExpander>::hash_len": "hkdf",
"<[a-zA-Z0-9_:]+ as rustls::crypto::tls13::HkdfExpander>::expand_slice": "hkdf",
"<[a-zA-Z0-9_:]+ as rustls::crypto::tls13::Hkdf>::extract_from_secret": "hkdf",
"<[a-zA-Z0-9_:]+ as rustls::crypto::tls13::Hkdf>::hmac_sign": "hkdf",
"<[a-zA-Z0-9_:<>]+ as rustls::crypto::tls13::HkdfExpander>::hash_len": "hkdf",
"<[a-zA-Z0-9_:<>]+ as rustls::crypto::tls13::HkdfExpander>::expand_slice": "hkdf",
"<[a-zA-Z0-9_:<>]+ as rustls::crypto::tls13::Hkdf>::extract_from_secret": "hkdf",
"<[a-zA-Z0-9_:<>]+ as rustls::crypto::tls13::Hkdf>::hmac_sign": "hkdf",
"ring::hkdf::fill_okm": "hkdf",
"aws_lc_0_32_2_HKDF": "hkdf",
"rustls_openssl::tls13::<impl rustls::crypto::cipher::Tls13AeadAlgorithm for rustls_openssl::aead::Algorithm>::encrypter": "encrypt",
"rustls::crypto::aws_lc_rs::tls13::AeadAlgorithm::encrypter": "encrypt",
#"rustls_openssl::tls13::<impl rustls::crypto::cipher::Tls13AeadAlgorithm for rustls_openssl::aead::Algorithm>::encrypter": "encrypt",
#"rustls::crypto::aws_lc_rs::tls13::AeadAlgorithm::encrypter": "encrypt",
"rustls::crypto::aws_lc_rs::tls13::AeadAlgorithm::decrypter": "decrypt",
#"rustls::crypto::aws_lc_rs::tls13::AeadAlgorithm::decrypter": "decrypt",
# Emit TLS CertVerify (sign headers using certificate's secret key)
"rustls::server::tls13::client_hello::emit_certificate_verify_tls13": "certVerify",