crawl, fixes

2025-12-19 16:50:56 +01:00 · 2025-12-19 16:50:56 +01:00 · f5145f80ea
commit f5145f80ea
parent 68435037e7
7 changed files with 326 additions and 58 deletions
--- a/exp.py
+++ b/exp.py
@ -2,18 +2,49 @@
 import os, sys, subprocess

 CONFIGS = {
-	# placid -> pi3
-	"pi": {
+	# i7-4790 local
+	"local": {
 		"experiments": [
 			"impl-cipher-ver",
 			"impl-cert-ver",
 			"impl-kex-ver",
 		],
+		"setups": [
+			"none-local",
+			"client-local",
+			"server-local",
+		],
+		"records": [
+			{ "filename": "youtube", "repeat": 1 },
+		],
+		"repodir": "/home/tuxmain/reps/tlsbench",
+		"expdir": "/dev/shm/exp",
+		"log_backup_dir": "/home/tuxmain",
+		"p2_hostname": "localhost",
+		"p2_addr": "127.0.0.1",
+		"p2_repodir": "/home/tuxmain/reps/tlsbench",
+		"wattmeter": False,
+		"perf": True,
+		"perf_dir": "/home/tuxmain/.cache/exp",
+		"p3_suffix": ".localhost",
+		"p3_port_plain": 8080,
+		"p3_port_tls": 8443,
+	},
+	# i7-4790 -> pi3
+	"pi3": {
+		"experiments": [
+			#"impl-cipher-ver",
+			"impl-cert-ver",
+			#"impl-kex-ver",
+		],
 		"setups": [
 			"none",
 			"client",
 			"server",
 		],
+		"records": [
+			{ "filename": "youtube", "repeat": 100 },
+		],
 		"repodir": "/home/tuxmain/reps/tlsbench",
 		"expdir": "/dev/shm/exp",
 		"log_backup_dir": "/home/tuxmain",
@ -29,8 +60,7 @@ CONFIGS = {
 		"p3_port_tls": 443,
 		"idle": "idle - - - - - - 600.000081539154 0.0 896 4792 0.5399999999999991 -",
 	},
-	# placid local
-	"local": {
+	"pi3-local": {
 		"experiments": [
 			"impl-cipher-ver",
 			"impl-cert-ver",
@ -41,21 +71,24 @@ CONFIGS = {
 			"client-local",
 			"server-local",
 		],
-		"repodir": "/home/tuxmain/reps/tlsbench",
+		"records": [
+			{ "filename": "wikipedia", "repeat": 5 },
+		],
+		"repodir": "/home/exp/exp",
 		"expdir": "/dev/shm/exp",
-		"log_backup_dir": "/home/tuxmain",
+		"log_backup_dir": "/home/exp",
 		"p2_hostname": "localhost",
 		"p2_addr": "127.0.0.1",
-		"p2_repodir": "/home/tuxmain/reps/tlsbench",
+		"p2_repodir": "/home/exp/exp",
 		"wattmeter": False,
 		"perf": True,
-		"perf_dir": "/home/tuxmain/.cache/exp",
+		"perf_dir": "/home/exp/.cache/exp",
 		"p3_suffix": ".localhost",
 		"p3_port_plain": 8080,
 		"p3_port_tls": 8443,
 	},
-	# placid -> pifou
-	"pifou": {
+	# i7-4790 -> core2
+	"core2": {
 		"experiments": [
 			"impl-cipher-ver",
 			"impl-cert-ver",
@ -66,13 +99,17 @@ CONFIGS = {
 			"client",
 			"server",
 		],
+		"records": [
+			{ "filename": "wikipedia", "repeat": 400 },
+			{ "filename": "youtube", "repeat": 100 },
+		],
 		"repodir": "/home/tuxmain/reps/tlsbench",
 		"expdir": "/dev/shm/exp",
 		"log_backup_dir": "/home/tuxmain",
 		"p2_hostname": "192.168.3.3",
 		"p2_addr": "192.168.3.3",
 		"p2_ssh": "exp@192.168.3.3",
-		"p2_psw": "exp",
+		"p2_psw": None,
 		"p2_repodir": "/home/exp/exp",
 		"wattmeter": True,
 		"perf": False,
@ -81,8 +118,7 @@ CONFIGS = {
 		"p3_port_tls": 443,
 		"idle": "idle - - - - - - 600.0001013278961 0.0 735 4942 1.7759999999999962 -",
 	},
-	# placid local
-	"pifou-local": {
+	"core2-local": {
 		"experiments": [
 			"impl-cipher-ver",
 			"impl-cert-ver",
@ -93,6 +129,9 @@ CONFIGS = {
 			"client-local",
 			"server-local",
 		],
+		"records": [
+			{ "filename": "wikipedia", "repeat": 10 },
+		],
 		"repodir": "/home/exp/exp",
 		"expdir": "/dev/shm/exp",
 		"log_backup_dir": "/home/exp",
@ -132,13 +171,6 @@ DOMAINS_ = [
 	"videos.domainepublic.net",
 ]

-RECORDS = [
-	#{ "filename": "youtube", "repeat": 100 },
-	#{ "filename": "peertube", "repeat": 10 },
-	{ "filename": "wikipedia", "repeat": 400 },
-	#{ "filename": "apple", "repeat": 1000 },
-	#{ "filename": "google", "repeat": 1000 },
-]
 CERT_SIGN_ALGS = [
 	"prime256v1", # widely used
 	"secp384r1", # rarely used but supported by browsers because it's NIST standard
@ -146,7 +178,7 @@ CERT_SIGN_ALGS = [
 	"rsa2048", "rsa3072", "rsa4096", # widely used
 ]
 IMPLS = [
-	"aws_lc_rs", # Amazon's Rust crypto widely used in Rust stuff
+	"aws_lc", # Amazon's Rust crypto widely used in Rust stuff
 	"boring", # Google's fork of OpenSSL used in Chrome and Android
 	"openssl", # widely used
 	"ring", # used in most Rust stuff
@ -171,6 +203,9 @@ KEXES = [
 	"X25519",
 	"SECP256R1",
 	"SECP384R1",
+	"X25519MLKEM768",
+	"SECP256R1MLKEM768",
+	"MLKEM768",
 ]

 # Testing all combinations would be too much. Instead we isolate independent parts.
@ -178,7 +213,6 @@ EXPERIMENTS = {
 	# Compare ciphers among implementations and TLS versions
 	"impl-cipher-ver": {
 		"impls": IMPLS,
-		"records": RECORDS,
 		"ciphers": [
 			"AES_128_GCM_SHA256",
 			"AES_256_GCM_SHA384",
@ -193,7 +227,6 @@ EXPERIMENTS = {
 	# Compare signatures among implementations and TLS versions
 	"impl-cert-ver": {
 		"impls": IMPLS,
-		"records": RECORDS,
 		"ciphers": [
 			"AES_128_GCM_SHA256",
 			#"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256",
@ -210,17 +243,22 @@ EXPERIMENTS = {
 	# Compare key exchange groups among implementations and TLS versions
 	"impl-kex-ver": {
 		"impls": IMPLS,
-		"records": RECORDS,
 		"ciphers": [
 			"AES_128_GCM_SHA256",
 			#"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256",
 		],
-		"kexes": ["X25519", "SECP256R1", "SECP384R1"],
+		"kexes": [
+			"X25519",
+			"SECP256R1",
+			"SECP384R1",
+			"X25519MLKEM768",
+			"SECP256R1MLKEM768",
+			"MLKEM768",
+		],
 		"cert": ["prime256v1"],
 	},
 	"debug": {
 		"impls": IMPLS,
-		"records": RECORDS,
 		"ciphers": [
 			"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_RSA_WITH_AES_128_GCM_SHA256",
 			#"ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
@ -230,6 +268,16 @@ EXPERIMENTS = {
 	},
 }

+# Some algorithms are not available in all implementations
+def alg_filter(kex, cert, cipher, impl):
+	if "MLKEM" in kex and impl != "openssl" and impl != "aws_lc":
+		return False
+	if kex == "SECP256R1MLKEM768" and impl == "openssl":
+		return False
+	if cert == "secp384r1" and impl == "boring":
+		return False
+	return True
+
 DOMAINS = []
 for domain in DOMAINS_:
 	if not domain in DOMAINS:
@ -644,11 +692,13 @@ def run_exp(config, only_record=None, idle=False):
 				ssh_run(ssh, f"python {p2_path}/exp.py cert {config_name} {alg}")
 				for kex in exp["kexes"]:
 					for cipher in exp["ciphers"]:
+						if not alg_filter(kex, alg, cipher, impl):
+							continue
 						for setup in config["setups"]:
 							if SETUPS[setup]["tls_invariant"] and not first_set:
 								continue
 							setupdir = expdir+"setups/"+setup
-							for record in exp["records"]:
+							for record in config["records"]:
 								print(f"EXPERIMENT {expname}: {impl} {alg} {kex} {cipher} {setup}")
 								p2_rpxy_config = SETUPS[setup]["rpxy_config"]
 								vars = {"CIPHERS": cipher, "KEXES": kex, "RUST_LOG": "warning"}
@ -703,7 +753,7 @@ def run_exp(config, only_record=None, idle=False):
 								#time.sleep(30)
 								#sh("killall netreplay")
 								try:
-									ssh_run(ssh, f"rm /dev/shm/access.log /dev/shm/rpxy.log")
+									#ssh_run(ssh, f"rm /dev/shm/access.log /dev/shm/rpxy.log")
 									pass
 								except invoke.exceptions.UnexpectedExit as e:
 									pass
@ -841,14 +891,15 @@ Run options:
 			exps = 0
 			for expname in config["experiments"]:
 				exp = config["experiments"][expname]
-				exps += len(exp["impls"]) * len(exp["cert"]) * len(exp["kexes"]) * len(exp["ciphers"]) * len(exp["records"])
+				exps += len(exp["impls"]) * len(exp["cert"]) * len(exp["kexes"]) * len(exp["ciphers"]) * len(config["records"])
 			print("Experiments to make:", exps * len(config["setups"]))
 			exit(0)
 		
 		import time
-		import invoke
 		import re
-		import fabric
+		if "p2_ssh" in config:
+			import invoke
+			import fabric
 		
 		if config["wattmeter"]:
 			import yoctopuce