Skip to content
Snippets Groups Projects
Commit 9e6ec8b5 authored by Bartolomeo Berend Müller's avatar Bartolomeo Berend Müller
Browse files

Adapt initial sizes of quic_s_timer and cquiche_s_timer to the same size

parent dac7a921
No related branches found
No related tags found
No related merge requests found
......@@ -187,11 +187,11 @@ fn prepare_handshake(
config.set_initial_max_streams_uni(100);
// config.set_disable_active_migration(true);
// Generate a random source connection ID for the connection.
let mut scid = [0; quiche::MAX_CONN_ID_LEN];
SystemRandom::new().fill(&mut scid[..]).unwrap();
let scid = quiche::ConnectionId::from_ref(&scid);
// // Generate a random source connection ID for the connection.
// let mut scid = [0; quiche::MAX_CONN_ID_LEN];
// SystemRandom::new().fill(&mut scid[..]).unwrap();
// let scid = quiche::ConnectionId::from_ref(&scid);
let scid = quiche::ConnectionId::from_ref(&[]); // empty like for quic_s_timer
// Get local address.
let local_addr = socket.local_addr().unwrap();
......
......@@ -113,11 +113,11 @@ echo "Openssl seems to be installed correctly"
(
cd quiche
# give cargo the context of the custom openssl (the pkgconfig file), so that it can find the correct libs
PKG_CONFIG_PATH=${QUICTLS_OPENSSL_INSTALL}/lib64/pkgconfig cargo build --features=openssl
patch ${ROOT}/quiche/quiche/src/lib.rs < ${ROOT}/../patches/cquiche/lib.rs.diff
patch ${ROOT}/quiche/quiche/src/tls/mod.rs < ${ROOT}/../patches/cquiche/mod.rs.diff
# give cargo the context of the custom openssl (the pkgconfig file), so that it can find the correct libs
PKG_CONFIG_PATH=${QUICTLS_OPENSSL_INSTALL}/lib64/pkgconfig cargo build --features=openssl
)
# apply patches to nginx source
......
......@@ -41,6 +41,12 @@ clean:
_open_wireshark_with_sslkeylogfile:
wireshark -o tls.keylog_file:saved/captures/for_packet_analyzation/sslkeylogfile_20240830153007.log saved/captures/for_packet_analyzation/capture_20240830153007.pcap
# has to be built before
_open_oqs_demos_docker_wireshark:
docker run --rm -it --net=host -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix -v /home/bebbo/own/master/benchmarking-pqc-in-quic/pq-tls-benchmark-framework/emulation-exp/code/kex/saved/captures:/home/ubuntu oqs-wireshark
# does not work directly opening a file :(
# docker run --rm -it --net=host -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix -v /home/bebbo/own/master/benchmarking-pqc-in-quic/pq-tls-benchmark-framework/emulation-exp/code/kex/saved/captures:/home/ubuntu oqs-wireshark sh -c wireshark -o tls.keylog_file:/home/ubuntu/new_for_packet_analyzation/sslkeylogfile_20250220235359.log /home/ubuntu/new_for_packet_analyzation/capture_20250220235359.pcap
_copy_plots_to_thesis:
rm -rf ../../../../../master-thesis-bartolomeo-mueller/gfx/plots/
cp -rf plots ../../../../../master-thesis-bartolomeo-mueller/gfx/plots/
......
......@@ -69,6 +69,25 @@ static SSL_CTX *new_ssl_ctx_builder(const char *kex_alg)
goto ossl_error;
}
// Add as many signature algorithms as needed to be comparable with cquiche_s_timer
// -> so that both use 114/115 byte padding for x25519_mlkem512
// :p256_falconpadded512:rsa3072_falconpadded512:falcon1024:p521_falcon1024:falconpadded1024:p521_falconpadded1024
// :sphincssha2128fsimple:p256_sphincssha2128fsimple:rsa3072_sphincssha2128fsimple:sphincssha2128ssimple
// :p256_sphincssha2128ssimple:rsa3072_sphincssha2128ssimple:sphincssha2192fsimple:p384_sphincssha2192fsimple
// :sphincsshake128fsimple:p256_sphincsshake128fsimple:rsa3072_sphincsshake128fsimple:mayo1:p256_mayo1:mayo2
// :p256_mayo2:mayo3:p384_mayo3:mayo5:p521_mayo5:CROSSrsdp128balanced
const char *sigalgs = "ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512"
":RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512"
":dilithium2:p256_dilithium2:rsa3072_dilithium2:dilithium3:p384_dilithium3:dilithium5:p521_dilithium5"
":mldsa44:p256_mldsa44"; //:rsa3072_mldsa44:mldsa44_pss2048:mldsa44_rsa2048:mldsa44_ed25519:mldsa44_p256:mldsa44_bp256"
// ":mldsa65:p384_mldsa65:mldsa65_pss3072:mldsa65_rsa3072:mldsa65_p256:mldsa65_bp256:mldsa65_ed25519"
// ":mldsa87:p521_mldsa87:mldsa87_p384:mldsa87_bp384:mldsa87_ed448"
// ":falcon512:p256_falcon512:rsa3072_falcon512:falconpadded512";
if (SSL_CTX_set1_sigalgs_list(ssl_ctx, sigalgs) != 1) {
fprintf(stderr, "Could not set the signature algorithms.\n");
goto ossl_error;
}
if (SSL_CTX_load_verify_locations(ssl_ctx, SSL_VERIFY_LOCATION, 0) != 1)
{
fprintf(stderr, "Could not load the verify location.\n");
......
......@@ -14,3 +14,13 @@
fn with_tls_ctx(version: u32, tls_ctx: tls::Context) -> Result<Config> {
if !is_reserved_version(version) && !version_is_supported(version) {
return Err(Error::UnknownVersion);
@@ -2032,7 +2039,7 @@
// Derive initial secrets for the client. We can do this here because
// we already generated the random destination connection ID.
if !is_server {
- let mut dcid = [0; 16];
+ let mut dcid = [0; 11]; // change to be the same as the length of openssls generated initial dcid minus too long packet number encoding
rand::rand_bytes(&mut dcid[..]);
let (aead_open, aead_seal) = crypto::derive_initial_key_material(
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment