Merge branch 'master' of git.amongbytes.com:kris/qrtesting

README.md

@@ -1,14 +1,24 @@
-# TLS testing
+# Servers
 
-## Servers
+## Quantum-resistant key exchange
 
-### Quantum-resistant key exchange
+### golang based
 
-* ``pq-t1.amongbytes.com``: SIDH tests
-* ``pq-t2.amongbytes.com``: SIDH tests - TLS 1.3 only is supported
+* ``pq.amongbytes.com``: SIDH/P503-x25519, SIDH/751-x448
+* ``pq-t1.amongbytes.com``: SIDH tests: Test phase 1. Allowed to be broken
 
-### TLS-TRIS 
-* ``gotls13-t1.amongbytes.com``: Testing branch of tls-tris. It supports only TLS 1.3 (0x0304)
+### BoringSSL based (SIDH/P503-X25519 only - mainly for toure/interoperability testing)
+| domain | SNI | desc |
+|--------|-----|------|
+| pq.amongbytes.com | pq-clang.amongbytes.com | Clang on X64_64 with all optims |
+| pq.amongbytes.com | pq-clang-san.amongbytes.com | Clang with sanitizers on x86_64 with optims |
+| pq.amongbytes.com | pq-gcc.amongbytes.com | GCC with all optims on x86_64 |
+| pq.amongbytes.com | pq-gcc-nop.amongbytes.com | GCC without optims on x86_64 |
+| pq.amongbytes.com | pq-arm8.amongbytes.com | ARMv8 with optims and out of order execution |
+| pq.amongbytes.com | pq-arm8-nop.amongbytes.com | aarch64 without optims out of order execution  |
+| pq.amongbytes.com | pq-arm8-noo.amongbytes.com | aarch64 without optims without OoO|
+| pq.amongbytes.com | pq-arm7.amongbytes.com | armv7 without optims without OoO|
+
+
+## TLS-TRIS 
 * ``gotls13.amongbytes.com``: Currently alias to gotls13-p1 (referenced at https://github.com/tlswg/tls13-spec/wiki/Implementations)
-* ``gotls13-p1.amongbytes.com``: Testing branch of tls-tris - master branch
-* ``gotls13-r1.amongbytes.com``: Testing branch of tls-tris - latest release

images/pq-connect-amd64-gcc/Dockerfile

@@ -0,0 +1,8 @@
+FROM buildpack-deps
+
+EXPOSE 443
+
+ADD bin/bssl /bin
+ADD bin/bssl_client /
+ADD req.txt /
+CMD [ "/bssl_client" ]

images/pq-connect-amd64-gcc/Makefile

@@ -0,0 +1,8 @@
+NAME=pq-gcc-amd64-client
+build:
+	docker build -t ${NAME} .
+run:
+	docker run --detach --restart always --name ${NAME} ${NAME}
+
+restart:
+	docker restart ${NAME}

images/pq-connect-amd64-gcc/bin/bssl_client

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+COUNT=0
+while [ 1 ]; do
+	bssl client -curves CECPQ2 -connect www.cloudflare.com -server-name www.cloudflare.com < /req.txt
+	bssl client -curves X25519-SIDHp503 -connect www.cloudflare.com -server-name www.cloudflare.com < /req.txt
+	bssl client -curves P-521 -connect www.cloudflare.com -server-name www.cloudflare.com < /req.txt
+	COUNT=$((COUNT + 1))
+	if [ $COUNT -eq 1000 ]; then
+		COUNT=0
+		echo "SLEEPING"
+		sleep 1
+	fi
+done
+

images/pq-connect-amd64-gcc/req.txt

@@ -0,0 +1,4 @@
+GET / HTTP/1.0
+Host: www.cloudflare.com
+
+

images/pq-gcc/Dockerfile

@@ -3,4 +3,7 @@ FROM buildpack-deps
 EXPOSE 443
 
 ADD bin/bssl /
-CMD [ "./bssl", "server", "-curves", "X25519:P-256:X25519-SIDHp503", "-accept", "443", "-loop", "-www" ]
+CMD mkdir certs
+ADD certs/privkey.pem certs/
+ADD certs/fullchain.pem certs/
+CMD [ "./bssl", "server", "-curves", "CECPQ2:X25519-SIDHp503:X25519:P-256:P-384:P-224:P-521", "-accept", "443", "-loop", "-www", "-cert", "certs/fullchain.pem", "-key", "certs/privkey.pem" ]

images/pq-gcc/Makefile

@@ -1,6 +1,9 @@
 NAME=pq-gcc-amd64
 PORT=50601
 build:
+	mkdir -p certs
+	cp ../../cert/fullchain.pem certs/
+	cp ../../cert/privkey.pem certs/
 	docker build -t ${NAME} .
 run:
 	docker run --detach --restart always --name ${NAME} -p ${PORT}:443 ${NAME}