-
Notifications
You must be signed in to change notification settings - Fork 69
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding Locust as performance OQS tool #304
base: main
Are you sure you want to change the base?
Conversation
Thanks for the PR, @davidgca! Would you be willing to list yourself as a maintainer of this new demo in the README? Also, please feel free to add yourself to the list of contributors in the same file :) |
I assume you say adding directly to README for OQS Demo? I also add a new line for the new tool in the table |
f"User-Agent: {http_headers}\r\n" | ||
f"Connection: close\r\n\r\n", | ||
capture_output=True, text=True | ||
) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As I comment briefly in the README, I decided to use subprocess with openssl s_client in this implementation to handle post-quantum cryptographic curves. The reason for this approach is that current Python libraries, such as urllib and gevent, do not yet support these cryptographic standards.
By invoking openssl through subprocess, we can leverage its built-in support for post-quantum curves and ensure secure communication during our performance tests. This allows us to test the behavior of our endpoints with these security protocols, without waiting for native support in Python libraries.
I also performed a test by recompiling Python with the OQS (Open Quantum Safe) version of OpenSSL to enable the necessary post-quantum curves. However, even as Python libraries evolve to support these curves, they will still rely on an underlying version of OpenSSL that supports post-quantum cryptography. So, even when native Python support is available, it will still be essential to ensure that the system's OpenSSL version has the required cryptographic capabilities.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @davidgca, thanks for the updates. I left a few style-related comments/questions.
I also followed the instructions in locust/README.md but got a 100% error rate. Not sure if this is expected?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is quite a bit of duplication between this file and locust/README.md. Could they be restructured to avoid this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done in this commit
locust/USAGE.md
Outdated
Assuming Docker is [installed](https://docs.docker.com/install) the following command | ||
|
||
2) Run `docker build -t oqs-locust:0.0.1 .` to create a post quantum-enabled Locust docker image. | ||
3) To verify all components perform quantum-safe operations, first start the container with docker compose `LOGGER_LEVEL=DEBUG HOST=https://qsc-nginx.discovery.hi.inet:4433 docker compose up --scale master=1 --scale worker=8`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Where does this host URL come from?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is my internal OQS host URL, Fix in this commit
|
Not at all, 100% error not sounds good!. The first step (and most important) is build the docker image: |
Purpose:
The primary goal of this contribution is to enable Locust to perform quantum-safe load testing scenarios, utilizing quantum-safe cryptographic algorithms in TLS 1.3. This is achieved by building a Docker image that incorporates the OQS provider into the OpenSSL library used by Locust.
Key Changes:
An example: