Automated TLS Performance Scripts - crt26/pqc-evaluation-tools GitHub Wiki
The Full PQC TLS Test tool uses several scripts to perform the TLS handshake tests. These include:
- full-oqs-provider-test.sh
- oqsprovider-test-server.sh
- oqsprovider-test-client.sh
- oqsprovider-test-speed.sh
- oqsprovider-generate-keys.sh
This script is the main controller for executing the full TLS performance test suite using the OQS-Provider integration with OpenSSL. It is designed to be run on both the client and server machines and prompts the user for required parameters such as machine role, IP addresses, test duration, and number of runs. It coordinates the execution of all relevant test scripts (oqsprovider-test-server.sh, oqsprovider-test-client.sh, and oqsprovider-test-speed.sh). It ensures the results are stored correctly based on the assigned machine ID. When running on the client, it configures the TLS handshake and speed benchmarking test parameters.
It is important to note that when conducting testing, the full-oqs-provider.sh script will prompt the user for parameters regarding the handling of storing and managing test results if the machine or current shell has been designated as the client (depending on whether single machine or separate machine testing is being performed).
The script accepts the passing of various arguments when called, which allows the user to configure components of the automated testing functionality. For further information on their usage, please refer to the TLS Performance Testing Instructions documentation file.
Accepted Script Arguments:
--server-control-port=<PORT> Set the server control port (1024-65535)
--client-control-port=<PORT> Set the client control port (1024-65535)
--s-server-port=<PORT> Set the OpenSSL S_Server port (1024-65535)
--control-sleep-time=<TIME> Set the control sleep time in seconds (integer or float)
--disable-control-sleep Disable the control signal sleep time
This script handles the server-side operations for the automated TLS handshake performance testing. It performs tests across various combinations of PQC and Hybrid-PQC digital signature and KEM algorithms, as well as classical-only handshakes. The script includes error handling and will coordinate with the client to retry failed tests using control signalling. This script is intended to be called only by the full-oqs-provider.sh script and cannot be run manually.
This script handles the client-side operations for the automated TLS handshake performance testing. It performs tests across various combinations of PQC and Hybrid-PQC digital signature and KEM algorithms, as well as classical-only handshakes. The script includes error handling and will coordinate with the client to retry failed tests using control signalling. This script is intended to be called only by the full-oqs-provider.sh script and cannot be run manually.
This script handles the TLS computational performance testing when PQC and Hybrid-PQC algorithms are implemented into the OpenSSL library via OQS-Provider. It will gather CPU cycles data for the various cryptographic operations of the digital signature and KEM algorithms and store the results for later parsing. This script is intended to be called only by the full-oqs-provider.sh script and cannot be run manually. It is only called if the machine or current shell has been designated as the client (depending on whether single machine or separate machine testing is performed).
This script generates all the certificates and private keys needed for TLS handshake performance testing. It creates a certificate authority (CA) and server certificate for each PQC, Hybrid-PQC, and classical digital signature algorithm and KEM used in the tests. The generated keys must be copied to the client machine before running handshake tests so both machines can access the required certificates. This is particularly relevant if conducting testing between two machines over a physical/virtual network.
This script must be called before conducting the automated TLS handshake performance testing.