-
Notifications
You must be signed in to change notification settings - Fork 88
Adding Locust as performance OQS tool #304
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from 9 commits
Commits
Show all changes
11 commits
Select commit
Hold shift + click to select a range
63fdf42
First commit
davidgca ce14441
Add contributors
davidgca 11b598b
Add contributor in oqs-demo README
davidgca dba51dc
Modify USAGE.md to add a basic Locust exmaple
davidgca 878d72a
Some styles modifications
davidgca bebdef1
Little style modification
davidgca 042df20
Changes some version numbers as suggested by @ajbozarth and style cha…
davidgca 1c02639
Fix typo in a comment
davidgca ab1d2f4
Refactor env variable from curve to group and typos in README
davidgca f35b0fa
Refactor curve to group
davidgca ad09335
Moved CI DockerHub image push to a future PR
davidgca File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,115 @@ | ||
| # define the liboqs tag to be used | ||
| ARG LIBOQS_TAG=0.11.0 | ||
|
|
||
| # define the oqsprovider tag to be used | ||
| ARG OQSPROVIDER_TAG=0.7.0 | ||
|
|
||
| # define the openssl version to be baked in | ||
| ARG OPENSSL_BRANCH=openssl-3.3.2 | ||
|
|
||
| # Default location where all binaries wind up: | ||
| ARG INSTALLDIR=/opt/oqssa | ||
|
|
||
| # Default Python version to be used | ||
| ARG PYTHON_VERSION=3.12.6 | ||
|
|
||
| # liboqs build type variant; maximum portability of image: | ||
| ARG LIBOQS_BUILD_DEFINES="-DOQS_DIST_BUILD=ON" | ||
|
|
||
| # Default root CA signature algorithm; can be set to any listed at https://github.com/open-quantum-safe/oqs-provider#algorithms | ||
| ARG SIG_ALG="dilithium3" | ||
|
|
||
| # Default KEM algorithms; can be set to any listed at https://github.com/open-quantum-safe/oqs-provider#algorithms | ||
| ARG DEFAULT_GROUPS="x25519:x448:kyber512:p256_kyber512:kyber768:p384_kyber768:kyber1024:p521_kyber1024" | ||
|
|
||
| # Define the degree of parallelism when building the image; leave the number away only if you know what you are doing | ||
| ARG MAKE_DEFINES="-j 16" | ||
|
|
||
| # Define the Alpine version to be used | ||
| ARG ALPINE_VERSION=3.20.3 | ||
|
|
||
| FROM alpine:${ALPINE_VERSION} | ||
| # Take in all global args | ||
| ARG LIBOQS_TAG | ||
| ARG OQSPROVIDER_TAG | ||
| ARG INSTALLDIR | ||
| ARG LIBOQS_BUILD_DEFINES | ||
| ARG SIG_ALG | ||
| ARG DEFAULT_GROUPS | ||
| ARG MAKE_DEFINES | ||
| ARG PYTHON_VERSION | ||
| ARG OPENSSL_BRANCH | ||
|
|
||
| LABEL version="1" | ||
|
|
||
| ENV DEBIAN_FRONTEND noninteractive | ||
| ENV LD_LIBRARY_PATH=${INSTALLDIR}/lib | ||
|
|
||
| RUN apk update && apk upgrade | ||
|
|
||
| # Get all software packages required for builing all components: | ||
| RUN apk add build-base linux-headers \ | ||
| libtool automake autoconf cmake ninja \ | ||
| make \ | ||
| git wget vim nano zlib-dev py3-pip tcpdump python3-dev | ||
|
|
||
| # get all sources | ||
| WORKDIR /opt | ||
| RUN git clone --depth 1 --branch ${LIBOQS_TAG} https://github.com/open-quantum-safe/liboqs && \ | ||
| git clone --depth 1 --branch ${OPENSSL_BRANCH} https://github.com/openssl/openssl.git && \ | ||
| git clone --depth 1 --branch ${OQSPROVIDER_TAG} https://github.com/open-quantum-safe/oqs-provider.git | ||
|
|
||
| # build OpenSSL3 | ||
| WORKDIR /opt/openssl | ||
| RUN LDFLAGS="-Wl,-rpath -Wl,${INSTALLDIR}/lib64" ./config shared enable-zlib no-comp --prefix=${INSTALLDIR} && \ | ||
| make ${MAKE_DEFINES} && make install_sw install_ssldirs install_dev && \ | ||
| if [ -d ${INSTALLDIR}/lib64 ]; then ln -s ${INSTALLDIR}/lib64 ${INSTALLDIR}/lib; fi && \ | ||
| if [ -d ${INSTALLDIR}/lib ]; then ln -s ${INSTALLDIR}/lib ${INSTALLDIR}/lib64; fi | ||
|
|
||
|
|
||
| # build liboqs | ||
| WORKDIR /opt/liboqs | ||
| RUN mkdir build && \ | ||
| cd build && \ | ||
| cmake -G"Ninja" .. ${LIBOQS_BUILD_DEFINES} -DCMAKE_INSTALL_PREFIX=${INSTALLDIR} && \ | ||
| ninja install | ||
|
|
||
| # set path to use 'new' openssl. Dyn libs have been properly linked in to match | ||
| ENV PATH="${INSTALLDIR}/bin:${PATH}" | ||
| ENV LD_LIBRARY_PATH=${INSTALLDIR}/lib | ||
|
|
||
| # build & install provider (and activate by default) | ||
| WORKDIR /opt/oqs-provider | ||
| RUN ln -s ../openssl . && \ | ||
| cmake -DOPENSSL_ROOT_DIR=${INSTALLDIR} -DCMAKE_BUILD_TYPE=Release -DCMAKE_PREFIX_PATH=${INSTALLDIR} -S . -B _build && \ | ||
| cmake --build _build && \ | ||
| cp _build/lib/oqsprovider.so ${INSTALLDIR}/lib64/ossl-modules && \ | ||
| sed -i "s/default = default_sect/default = default_sect\noqsprovider = oqsprovider_sect/g" /opt/oqssa/ssl/openssl.cnf && \ | ||
| sed -i "s/\[default_sect\]/\[default_sect\]\nactivate = 1\n\[oqsprovider_sect\]\nactivate = 1\n/g" /opt/oqssa/ssl/openssl.cnf && \ | ||
| sed -i "s/providers = provider_sect/providers = provider_sect\nssl_conf = ssl_sect\n\n\[ssl_sect\]\nsystem_default = system_default_sect\n\n\[system_default_sect\]\nGroups = \$ENV\:\:DEFAULT_GROUPS\n/g" /opt/oqssa/ssl/openssl.cnf && \ | ||
| sed -i "s/\# Use this in order to automatically load providers/\# Set default KEM groups if not set via environment variable\nKDEFAULT_GROUPS = $DEFAULT_GROUPS\n\n# Use this in order to automatically load providers/g" /opt/oqssa/ssl/openssl.cnf && \ | ||
| sed -i "s/HOME\t\t\t= ./HOME\t\t= .\nDEFAULT_GROUPS\t= ${DEFAULT_GROUPS}/g" /opt/oqssa/ssl/openssl.cnf | ||
|
|
||
| # generate certificates for openssl s_server | ||
| ENV OPENSSL=${INSTALLDIR}/bin/openssl | ||
| ENV OPENSSL_CNF=${INSTALLDIR}/ssl/openssl.cnf | ||
|
|
||
| WORKDIR ${INSTALLDIR}/bin | ||
| # generate CA key and cert | ||
| RUN set -x; \ | ||
| ${OPENSSL} req -x509 -new -newkey ${SIG_ALG} -keyout CA.key -out CA.crt -nodes -subj "/CN=oqstest CA" -days 365 -config ${OPENSSL_CNF} | ||
|
|
||
| # Download current test.openquantumsafe.org test CA cert | ||
| WORKDIR ${INSTALLDIR} | ||
| RUN wget --no-check-certificate https://test.openquantumsafe.org/CA.crt && \ | ||
| mv CA.crt oqs-testca.pem | ||
|
|
||
| # Install Locust | ||
| RUN mkdir /home/locust && cd /home/locust | ||
| ENV CFLAGS="-I/opt/python-${PYTHON_VERSION}-custom/include/${PYTHON_VERSION}" | ||
| ENV LDFLAGS="-L/opt/python-${PYTHON_VERSION}-custom/lib" | ||
| COPY requirements.txt /home/locust | ||
| RUN pip3 install --break-system-packages --upgrade pip | ||
| RUN pip3 install --break-system-packages -r /home/locust/requirements.txt | ||
| ADD / /mnt/locust | ||
|
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| ## Purpose | ||
| This directory contains a Dockerfile that builds Locust using OpenSSL v3 using the [OQS provider](https://github.com/open-quantum-safe/oqs-provider) and Python3, which allows `Locust` to negotiate quantum-safe keys and use quantum-safe authentication in TLS 1.3. | ||
|
|
||
| For more information on `Locust`, see the [official Locust project](https://github.com/locustio/locust). | ||
|
|
||
| ## Quick start | ||
|
|
||
| 1) Be sure to have [docker installed](https://docs.docker.com/install). | ||
| 2) Run `docker build -t oqs-locust:0.0.1 .` to create a post quantum-enabled Locust docker image. | ||
| 3) In order to configure endpoints and their weight, modify the file [scenarios/locustfile.py](scenarios/locustfile.py), more information can be found in [USAGE.md](USAGE.md) | ||
| 4) To verify all components perform quantum-safe operations, first start the container with docker compose | ||
|
|
||
| ``` | ||
| LOGGER_LEVEL=DEBUG HOST=https://YOUR_QS_HOST:4433 docker compose up --scale worker=8 | ||
| ``` | ||
| 4) Connect to the locust web interface at `http://localhost:8189` and start a load test. | ||
|
|
||
|
|
||
| ## Notes on this Version: | ||
|
|
||
| In this version, we utilize the subprocess module to execute the oqs-openssl command within Locust. Ideally, the objective should be to leverage native Python libraries. However, as of now, there are no Python libraries that support quantum-safe (QS) group for TLS 1.3. Once such libraries become available, we should prioritize recompiling Python (for add the OQS-openssl version) and using the appropriate Python libraries for this functionality. | ||
|
|
||
| For further reference on the Locust API, please refer to the official documentation [here](https://docs.locust.io/en/stable/). | ||
|
|
||
| ## Usage | ||
|
|
||
| Information how to use locust: [available in the separate file USAGE.md](USAGE.md). | ||
|
|
||
| ## Disclaimer | ||
|
|
||
| [THIS IS NOT FIT FOR PRODUCTION USE] | ||
|
|
davidgca marked this conversation as resolved.
Show resolved
Hide resolved
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| ## Purpose | ||
| This directory contains a Dockerfile that builds the [OpenSSL v3](https://github.com/openssl/openssl) [OQS provider](https://github.com/open-quantum-safe/oqs-provider), and Python3 which allows locust to negotiate quantum-safe keys in TLS 1.3. | ||
|
|
||
| ## Start | ||
| 1) Run `docker build -t oqs-locust:0.0.1 .` to create a post quantum-enabled Locust docker image. | ||
| 2) To verify all components perform quantum-safe operations, first start the container with docker compose, setting all environment variables as needed. For example: | ||
| ``` | ||
| LOGGER_LEVEL=DEBUG HOST=https://YOUR_QS_HOST:4433 GROUP=kyber1024 docker compose up --scale worker=8 | ||
| ``` | ||
| 3) Connect to the locust web interface at `http://localhost:8189` and start a load test. | ||
|
|
||
| By default, Locust supports all algorithms supported by the OQS openssl. | ||
|
|
||
| Some environments variables you need to know | ||
| - LOGGER_LEVEL: Set the log level for the locust master and worker. Default is ERROR. | ||
| - HOST: Set the host to test. Default is https://test:4433 | ||
| - WORKERS: Set the number of workers. Default is 8. Ideally, the number of workers should be the same as the number of cores in the machine. | ||
| - MASTER_PORT: Set the port for the master. Default is 8189. | ||
| - GROUP: Set the key exchange scheme for openssl. Default is kyber768. | ||
|
|
||
| In Locust web server, you need to set 2 variables: | ||
| - Number of users to simulate: The number of users to simulate that will hit the server. | ||
| - Hatch rate: The rate per second in which users are spawned. | ||
|
|
||
| After that, you can start the test: | ||
|
|
||
| STATISTICS | ||
|  | ||
|
|
||
| CHARTS | ||
|  | ||
|
|
||
| ### HOW TO CREATE A PERFORMANCE SCENARIO IN LOCUST | ||
|
|
||
| Using Locust, you can configure a performance scenario. For this, you can use the following structure. Note: This is just a basic example, and the real implementation might use subprocess and openssl to handle post-quantum cryptographic curves, as in the actual [locustfile.py](scenarios/locustfile.py). | ||
|
|
||
| ```python | ||
| from locust import HttpUser, TaskSet, task, between | ||
| class UserBehavior(TaskSet): | ||
| # on_start is called when a Locust starts, before any task is scheduled | ||
| def on_start(self): | ||
| self.index() | ||
| self.about() | ||
|
|
||
| # tasks is a list of tasks that a Locust will choose from to execute | ||
| # tasks are chosen with the weighted_task_set attribute | ||
| @task(1) | ||
| def index(self): | ||
| self.client.get("/") | ||
|
|
||
| # in this case the about task is twice as likely to be chosen as the index task | ||
| @task(2) | ||
| def about(self): | ||
| self.client.get("/about/") | ||
|
|
||
|
|
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.