search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
texinfo documentation is similar to the printed manual.
[gnutls.git] / src / benchmark-tls.c
blob10bcf6372fc96e0f304eff919f3fe7163f91c864
1 /*
2 * Copyright (C) 2011-2012 Free Software Foundation, Inc.
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GnuTLS.
7 *
8 * GnuTLS is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
12 *
13 * GnuTLS is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with GnuTLS; if not, write to the Free Software Foundation,
20 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
21 */
22
23 #ifdef HAVE_CONFIG_H
24 #include <config.h>
25 #endif
26
27 #include <stdio.h>
28 #include <stdlib.h>
29 #include <string.h>
30 #include <errno.h>
31 #include <gnutls/gnutls.h>
32 #include <gnutls/crypto.h>
33
34 #define fail(...) \
35 { \
36 fprintf(stderr, __VA_ARGS__); \
37 exit(1); \
38 }
39
40 #include "../tests/eagain-common.h"
41 #include "benchmark.h"
42
43 const char* side = "";
44
45 #define PRIO_DH "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+DHE-RSA"
46 #define PRIO_ECDH "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+ECDHE-RSA:+CURVE-SECP192R1"
47 #define PRIO_ECDHE_ECDSA "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+ECDHE-ECDSA:+CURVE-SECP192R1"
48 #define PRIO_RSA "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA"
49
50 #define PRIO_AES_CBC_SHA1 "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+ANON-DH"
51 #define PRIO_ARCFOUR_128_MD5 "NONE:+VERS-TLS1.0:+ARCFOUR-128:+MD5:+SIGN-ALL:+COMP-NULL:+ANON-DH"
52 #define PRIO_AES_GCM "NONE:+VERS-TLS1.2:+AES-128-GCM:+AEAD:+SIGN-ALL:+COMP-NULL:+ANON-DH"
53 #define PRIO_CAMELLIA_CBC_SHA1 "NONE:+VERS-TLS1.0:+CAMELLIA-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+ANON-DH"
54
55 // #define PARAMS_1024
56
57 #ifdef PARAMS_1024
58
59 static const int rsa_bits = 1024, ec_bits = 192;
60
61 const char *pkcs3 =
62 "-----BEGIN DH PARAMETERS-----\n"
63 "MIIBCwKBgQCsIrA9BK23OUVIwrC4c65YJ2t8bqoGpJpuISjO07lAbWHWa47Kf9/t\n"
64 "F9ckO2AF6Yj1Y7xS+FSCDeoIZsp0LCq3nAP9Ls25fgHrKSMPQBJt2vd5mUdm90Wr\n"
65 "wCK2YjogQ7YVQlovVHsnJWC6Kf0P+OQ4hrihoBCGSj9sGK3wH57m+wKBgH5xlPNR\n"
66 "pI8E2WBNqB6y4sV3eMGRvygScbbFUFFO1ccmNJl5Y5L/O+fP0ZXtmUJVsSvlY0fp\n"
67 "Kcl6k5WCWMY8h6iHlJ9teHmC4s2jifXtaV759kJXdqrGEjRPEku50y3ANzDLzklW\n"
68 "8R7HcSO397vIdouaUt38FbQESnIWOIZqDtq6AgIAnw==\n"
69 "-----END DH PARAMETERS-----\n";
70
71 /* RSA key of 1024 bits */
72 static unsigned char server_cert_pem[] =
73 "-----BEGIN CERTIFICATE-----\n"
74 "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
75 "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
76 "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
77 "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
78 "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
79 "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
80 "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
81 "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
82 "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
83 "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
84 "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
85 "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
86 "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
87 static unsigned char server_key_pem[] =
88 "-----BEGIN RSA PRIVATE KEY-----\n"
89 "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
90 "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
91 "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
92 "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
93 "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
94 "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
95 "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
96 "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
97 "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
98 "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
99 "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
100 "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
101 "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
102 "-----END RSA PRIVATE KEY-----\n";
103
104 #else
105
106 static const int rsa_bits = 1840, ec_bits = 192;
107
108 /* DH of 1840 bits that is pretty close equivalent to 192 bits of ECDH.
109 */
110 const char *pkcs3 =
111 "-----BEGIN DH PARAMETERS-----\n"
112 "MIIB1gKB5kX/Dun+gVTZ1WXWxpS5efQUQY8XNGxi2V0IYHSqKMkrt8UGruv4Gqop\n"
113 "vAoG/+llD/t84cIdUxNwHtLd5y/ae7lFOKFNhP+glvK/GsCfTcACRy9OFKphWi6E\n"
114 "NDMyWV0miiZgIc/LrXgC4RcDMlmxRR3UW/+eVu1ti6PLMLYSooMwn60K6CWmgaM6\n"
115 "VZaiD++gQtsgJdJv2+eNiVotodBPItJ5KcaPNVEdP1D8MzljO98UIOBR3YnalIAW\n"
116 "oyTjWMcX5oxwIR4eSywPeUQokMFFAKxZfo6/IUv05sQ9semagqAilg52Q5CfAoHm\n"
117 "RL1euKirrpaXqUtrV8r0l962oVFlLD92ReJOcjHFni8FY26qZ4IZba1lLP2Q4DTX\n"
118 "ovR7HPMaa6Ss6EdR2hba8Q1LAiCCUFH5jiKjMU8bSM2Zi23GOdoHqYpHMbcSKkpX\n"
119 "IQpbHHNap53/VxcPj4PK9SbQLt0KWe/253l8Ib5zivb6jKSOY/KzwoXO+MiPae01\n"
120 "BdQhrMtsdntRWo5jChSBUidGP7orra3gPBOXhWdNeeTTshc0AZdSWP3NicokW/q7\n"
121 "jHBuaadmhVv3yd6BvFkSePhVWcSKXXG27K9d3RNsXmaBasNYIhsCAgDf\n"
122 "-----END DH PARAMETERS-----\n";
123
124 static unsigned char server_cert_pem[] =
125 "-----BEGIN CERTIFICATE-----\n"
126 "MIIC3TCCAeCgAwIBAgIETwIyNzANBgkqhkiG9w0BAQsFADAhMQswCQYDVQQGEwJH\n"
127 "UjESMBAGA1UEAxMJbG9jYWxob3N0MB4XDTEyMDEwMjIyMzk1MloXDTE3MDYwNjIy\n"
128 "Mzk1NlowITELMAkGA1UEBhMCR1IxEjAQBgNVBAMTCWxvY2FsaG9zdDCCAQUwDQYJ\n"
129 "KoZIhvcNAQEBBQADgfMAMIHvAoHnAMnMTaYe76aNxyhPDDZ1YWuj8SQh9PC7PRDD\n"
130 "8qL+G8se+DwiJOL3fjRCXi2R1zt6gUrJmycmW+1xc9GdVST6oO09ZG6NQ8CRvU+K\n"
131 "EcaDRQojUFM9QLmkDO1MyEZDMuXBpM+9TFkyDWgrsgYgcNU+Y9FN9Y45OT780+kl\n"
132 "DjZItjl1jnD3tfWaYORQE//Xy4i2HrxTgikP26PB+3ynI+SDj7Sdt4oasgUo1Fpd\n"
133 "OWDQ0hYQ6sn51mOYUnhYZax5y4lI6Cm4KOQc1NMn3iaX5+nS5YGcFhS/Usb8KsX1\n"
134 "fHGsvePSyS/oxTMlAgMBAAGjVTBTMAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYI\n"
135 "KwYBBQUHAwEwDwYDVR0PAQH/BAUDAwegADAdBgNVHQ4EFgQUgQI1pnj7olEUcUu3\n"
136 "SVCbJwYyuF4wDQYJKoZIhvcNAQELBQADgecAs2veVEtkSIlj2nEy1NI/lr0Wf51K\n"
137 "0E2/oAeZJGoGo4wK5HUDfW2HlO+UVTkPei2Zk5Kjl/hpd9zG4BhTurL5mncPntXx\n"
138 "Q6F3FMklBld4AYKeq5SSl+GG/PoEDzEJjazABCWgLa/U3EYjuwSXZj9RMibB6NQX\n"
139 "bKCaj4cjRZSa1UmdLl2KTgRfG1ZDU4EBObagkdaOGD0XJ8EEZaBRktMtT8byxM8A\n"
140 "m2pRMdwPvbxENmMhLXcIPQTaPaEYZyq9LA8Pee5wJosN66l8JVlsz2XEcH35DcG0\n"
141 "bSUX8CSDmUPyHRyzVNeEcHc=\n"
142 "-----END CERTIFICATE-----\n";
143
144 static unsigned char server_key_pem[] =
145 "-----BEGIN RSA PRIVATE KEY-----\n"
146 "MIIEKQIBAAKB5wDJzE2mHu+mjccoTww2dWFro/EkIfTwuz0Qw/Ki/hvLHvg8IiTi\n"
147 "9340Ql4tkdc7eoFKyZsnJlvtcXPRnVUk+qDtPWRujUPAkb1PihHGg0UKI1BTPUC5\n"
148 "pAztTMhGQzLlwaTPvUxZMg1oK7IGIHDVPmPRTfWOOTk+/NPpJQ42SLY5dY5w97X1\n"
149 "mmDkUBP/18uIth68U4IpD9ujwft8pyPkg4+0nbeKGrIFKNRaXTlg0NIWEOrJ+dZj\n"
150 "mFJ4WGWsecuJSOgpuCjkHNTTJ94ml+fp0uWBnBYUv1LG/CrF9XxxrL3j0skv6MUz\n"
151 "JQIDAQABAoHnALSPqarKY4STt2/JyxOvU8wMlOfPumrsHmex7JkK5bOJsnOb2YV8\n"
152 "DeCUwc/kfsEpjCZu3fTZzcdXjFoyfMzptLSSChshK05TGSDiWaVWL6AymNziIdf5\n"
153 "gdeSrGCyIAiUi/OVXYsxze03q8LvpAYqHQZayysto69IOe6P5Qt17xYPgsRIA6k9\n"
154 "LAgBIjCN2ukgR/fWERGSn2jC/aBlO3jwmG80LsdPNaQ6+esQcwjwMjFajkf5A1XE\n"
155 "OiYlIdmUS2liuWnUQK+D76WSUTrlwKKjxQiB0A9wugCN43BWHfV/Kf6ohIM1kIAB\n"
156 "AnQA/g8rrF0cTe6ZsiZU0m7nyIQkmATENlLhu37DtcsdqTAwV3+UqzLIh46sHiRa\n"
157 "D3SKlhhNs6iTqw/Wv02ZHy+//pxCmWWNAxhhwPCM6/OO6i5oEYU4uH+llEcu5Flh\n"
158 "udFt7fMy/tzpwPsZRFpXaO1wScU2AQJ0AMtW7rsVrdqZqOdVGNI7vRsLC1SM26j4\n"
159 "2bouNvKPuaLOsLBSlFopSpFRDgOxe+OOqk9Reg6RzO/q+496bEOqixofCE5Gfc/I\n"
160 "pwlwwRGTP7sA0w6Y+Vo+qiATht/YaruscXL3AdQ3BulaqunAzsKN0Iz2ZSUCdACu\n"
161 "bTX74fVj4BPvxvdnfrNt7KO/J06bSW4nr1GpB6n2ldoqyLIGlBgvUZoEG8slX0si\n"
162 "387BMVUpFffHYfxl9/+mTBxBewJEhMHgmIb4HEEbsP7MQJ3/tcu1sOWV63P4Aryp\n"
163 "qNZzOrLWRs9DKY9nv9TfISIBAnMFNzCeadrwvXpAnMUrN08Nb4YV4BsORXvIM8FD\n"
164 "DX60d1q+2w9lFKQOACc83wOPfaxOpodb8k9wY/WZ44j9X1V8EQm0gEhf2QS30EWT\n"
165 "ftRmponDWRckQnE4q2eNPE7Yi37JdR594/9wYtv5bPGgueR8iSFlAnQAjinshgPe\n"
166 "kfAYhgSBbyJJvmCCp3jSra5JzoBnmMy2JyEJT+trCs9pmaP79GP/6BjPXHImnN0w\n"
167 "PsTvmNPD3U2BqsGRuu6OGg9VRP/LDLpPGmV7j8nTraVJCkc4w/n/gazAbPydZZbz\n"
168 "qRP/3et96JUHZnmn6g==\n"
169 "-----END RSA PRIVATE KEY-----\n";
170 #endif
171
172 static unsigned char server_ecc_key_pem[] =
173 "-----BEGIN EC PRIVATE KEY-----\n"
174 "MGACAQEEGQCovzs4UsfRncfJXO3WOZUe/Zf+usKzEcWgCgYIKoZIzj0DAQGhNAMy\n"
175 "AAREwuCcUHKNWyetsymkAaqA0GCgksI2AjewpOWsraGrfea3GPw1uuyOQRMR7kka\n"
176 "v6s=\n"
177 "-----END EC PRIVATE KEY-----\n";
178
179 static unsigned char server_ecc_cert_pem[] =
180 "-----BEGIN CERTIFICATE-----\n"
181 "MIIBYDCCARWgAwIBAgIETuILrDAKBggqhkjOPQQDAjAcMQswCQYDVQQGEwJCRTEN\n"
182 "MAsGA1UEChMEVGVzdDAeFw0xMTEyMDkxMzIyNTJaFw0xNzA4MTExMzIyNTlaMBwx\n"
183 "CzAJBgNVBAYTAkJFMQ0wCwYDVQQKEwRUZXN0MEkwEwYHKoZIzj0CAQYIKoZIzj0D\n"
184 "AQEDMgAERMLgnFByjVsnrbMppAGqgNBgoJLCNgI3sKTlrK2hq33mtxj8NbrsjkET\n"
185 "Ee5JGr+ro1UwUzAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8G\n"
186 "A1UdDwEB/wQFAwMHgAAwHQYDVR0OBBYEFKeR27mtYWFaH43U2zEvjd28Zf+CMAoG\n"
187 "CCqGSM49BAMCAzkAMDYCGQD7WWWiFV+ddI7tIyMFepKFA1dX4nlc/+ICGQCCPdHc\n"
188 "gMyHv2XyfOGHLhq0HmDTOOiwfC4=\n"
189 "-----END CERTIFICATE-----\n";
190
191 const gnutls_datum_t server_cert = { server_cert_pem,
192 sizeof (server_cert_pem)
193 };
194
195 const gnutls_datum_t server_key = { server_key_pem,
196 sizeof (server_key_pem)
197 };
198
199 const gnutls_datum_t server_ecc_cert = { server_ecc_cert_pem,
200 sizeof (server_ecc_cert_pem)
201 };
202
203 const gnutls_datum_t server_ecc_key = { server_ecc_key_pem,
204 sizeof (server_ecc_key_pem)
205 };
206
207 char buffer[64 * 1024];
208
209 static void tls_log_func(int level, const char *str)
210 {
211 fprintf(stderr, "%s|<%d>| %s", side, level, str);
212 }
213
214 static void test_ciphersuite(const char *cipher_prio, int size)
215 {
216 /* Server stuff. */
217 gnutls_anon_server_credentials_t s_anoncred;
218 const gnutls_datum_t p3 = { (void*) pkcs3, strlen(pkcs3) };
219 static gnutls_dh_params_t dh_params;
220 gnutls_session_t server;
221 int sret, cret;
222 const char *str;
223 /* Client stuff. */
224 gnutls_anon_client_credentials_t c_anoncred;
225 gnutls_session_t client;
226 /* Need to enable anonymous KX specifically. */
227 int ret;
228 struct benchmark_st st;
229
230 /* Init server */
231 gnutls_anon_allocate_server_credentials(&s_anoncred);
232 gnutls_dh_params_init(&dh_params);
233 gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM);
234 gnutls_anon_set_server_dh_params(s_anoncred, dh_params);
235 gnutls_init(&server, GNUTLS_SERVER);
236 ret = gnutls_priority_set_direct(server, cipher_prio, &str);
237 if (ret < 0) {
238 fprintf(stderr, "Error in %s\n", str);
239 exit(1);
240 }
241 gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred);
242 gnutls_dh_set_prime_bits(server, 1024);
243 gnutls_transport_set_push_function(server, server_push);
244 gnutls_transport_set_pull_function(server, server_pull);
245 gnutls_transport_set_ptr(server, (gnutls_transport_ptr_t) server);
246 reset_buffers();
247
248 /* Init client */
249 gnutls_anon_allocate_client_credentials(&c_anoncred);
250 gnutls_init(&client, GNUTLS_CLIENT);
251
252 ret = gnutls_priority_set_direct(client, cipher_prio, &str);
253 if (ret < 0) {
254 fprintf(stderr, "Error in %s\n", str);
255 exit(1);
256 }
257 gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred);
258 gnutls_transport_set_push_function(client, client_push);
259 gnutls_transport_set_pull_function(client, client_pull);
260 gnutls_transport_set_ptr(client, (gnutls_transport_ptr_t) client);
261
262 HANDSHAKE(client, server);
263
264 fprintf(stdout, "Testing %s with %d packet size: ",
265 gnutls_cipher_suite_get_name(gnutls_kx_get(server),
266 gnutls_cipher_get(server),
267 gnutls_mac_get(server)), size);
268 fflush(stdout);
269
270 gnutls_rnd(GNUTLS_RND_NONCE, buffer, sizeof(buffer));
271
272 start_benchmark(&st);
273
274 do {
275 do {
276 ret = gnutls_record_send(client, buffer, size);
277 }
278 while (ret == GNUTLS_E_AGAIN);
279
280 if (ret < 0) {
281 fprintf(stderr, "Failed sending to server\n");
282 exit(1);
283 }
284
285 do {
286 ret = gnutls_record_recv(server, buffer, sizeof(buffer));
287 }
288 while (ret == GNUTLS_E_AGAIN);
289
290 if (ret < 0) {
291 fprintf(stderr, "Failed receiving from client\n");
292 exit(1);
293 }
294
295 st.size += size;
296 }
297 while (benchmark_must_finish == 0);
298
299 stop_benchmark(&st, NULL);
300
301 gnutls_bye(client, GNUTLS_SHUT_WR);
302 gnutls_bye(server, GNUTLS_SHUT_WR);
303
304 gnutls_deinit(client);
305 gnutls_deinit(server);
306
307 gnutls_anon_free_client_credentials(c_anoncred);
308 gnutls_anon_free_server_credentials(s_anoncred);
309
310 gnutls_dh_params_deinit(dh_params);
311
312 }
313
314 static void test_ciphersuite_kx(const char *cipher_prio)
315 {
316 /* Server stuff. */
317 gnutls_anon_server_credentials_t s_anoncred;
318 const gnutls_datum_t p3 = { (void*) pkcs3, strlen(pkcs3) };
319 static gnutls_dh_params_t dh_params;
320 gnutls_session_t server;
321 int sret, cret;
322 const char *str;
323 const char *suite = NULL;
324 /* Client stuff. */
325 gnutls_anon_client_credentials_t c_anoncred;
326 gnutls_certificate_credentials_t c_certcred, s_certcred;
327 gnutls_session_t client;
328 /* Need to enable anonymous KX specifically. */
329 int ret;
330 struct benchmark_st st;
331
332 /* Init server */
333 gnutls_certificate_allocate_credentials(&s_certcred);
334 gnutls_anon_allocate_server_credentials(&s_anoncred);
335 gnutls_dh_params_init(&dh_params);
336 if ((ret=gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM)) < 0) {
337 fprintf(stderr, "Error importing the PKCS #3 params: %s\n", gnutls_strerror(ret));
338 exit(1);
339 }
340 gnutls_anon_set_server_dh_params(s_anoncred, dh_params);
341 gnutls_certificate_set_dh_params(s_certcred, dh_params);
342
343 gnutls_certificate_set_x509_key_mem (s_certcred, &server_cert, &server_key,
344 GNUTLS_X509_FMT_PEM);
345 gnutls_certificate_set_x509_key_mem (s_certcred, &server_ecc_cert, &server_ecc_key,
346 GNUTLS_X509_FMT_PEM);
347
348 start_benchmark(&st);
349
350 do {
351 gnutls_init(&server, GNUTLS_SERVER);
352 ret = gnutls_priority_set_direct(server, cipher_prio, &str);
353 if (ret < 0) {
354 fprintf(stderr, "Error in %s\n", str);
355 exit(1);
356 }
357 gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred);
358 gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, s_certcred);
359 gnutls_transport_set_push_function(server, server_push);
360 gnutls_transport_set_pull_function(server, server_pull);
361 gnutls_transport_set_ptr(server, (gnutls_transport_ptr_t) server);
362 reset_buffers();
363
364 /* Init client */
365 gnutls_anon_allocate_client_credentials(&c_anoncred);
366 gnutls_certificate_allocate_credentials(&c_certcred);
367
368 gnutls_init(&client, GNUTLS_CLIENT);
369
370 ret = gnutls_priority_set_direct(client, cipher_prio, &str);
371 if (ret < 0) {
372 fprintf(stderr, "Error in %s\n", str);
373 exit(1);
374 }
375 gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred);
376 gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, c_certcred);
377
378 gnutls_transport_set_push_function(client, client_push);
379 gnutls_transport_set_pull_function(client, client_pull);
380 gnutls_transport_set_ptr(client, (gnutls_transport_ptr_t) client);
381
382 HANDSHAKE(client, server);
383
384 if (suite == NULL)
385 suite = gnutls_cipher_suite_get_name(gnutls_kx_get(server),
386 gnutls_cipher_get(server),
387 gnutls_mac_get(server));
388
389 gnutls_deinit(client);
390 gnutls_deinit(server);
391
392 st.size += 1;
393 }
394 while (benchmark_must_finish == 0);
395
396 fprintf(stdout, "Tested %s: ", suite);
397 stop_benchmark(&st, "transactions");
398
399 gnutls_anon_free_client_credentials(c_anoncred);
400 gnutls_anon_free_server_credentials(s_anoncred);
401
402 gnutls_dh_params_deinit(dh_params);
403
404 }
405
406 void benchmark_tls(int debug_level)
407 {
408 gnutls_global_set_log_function(tls_log_func);
409 gnutls_global_set_log_level(debug_level);
410 gnutls_global_init();
411
412 printf("Testing throughput in cipher/MAC combinations:\n");
413
414 test_ciphersuite(PRIO_ARCFOUR_128_MD5, 1024);
415 test_ciphersuite(PRIO_ARCFOUR_128_MD5, 4096);
416 test_ciphersuite(PRIO_ARCFOUR_128_MD5, 8 * 1024);
417 test_ciphersuite(PRIO_ARCFOUR_128_MD5, 15 * 1024);
418
419 test_ciphersuite(PRIO_AES_GCM, 1024);
420 test_ciphersuite(PRIO_AES_GCM, 4096);
421 test_ciphersuite(PRIO_AES_GCM, 8 * 1024);
422 test_ciphersuite(PRIO_AES_GCM, 15 * 1024);
423
424 test_ciphersuite(PRIO_AES_CBC_SHA1, 1024);
425 test_ciphersuite(PRIO_AES_CBC_SHA1, 4096);
426 test_ciphersuite(PRIO_AES_CBC_SHA1, 8 * 1024);
427 test_ciphersuite(PRIO_AES_CBC_SHA1, 15 * 1024);
428
429 test_ciphersuite(PRIO_CAMELLIA_CBC_SHA1, 1024);
430 test_ciphersuite(PRIO_CAMELLIA_CBC_SHA1, 4096);
431 test_ciphersuite(PRIO_CAMELLIA_CBC_SHA1, 8 * 1024);
432 test_ciphersuite(PRIO_CAMELLIA_CBC_SHA1, 15 * 1024);
433
434 printf("\nTesting key exchanges (RSA/DH bits: %d, EC bits: %d):\n", rsa_bits, ec_bits);
435 test_ciphersuite_kx(PRIO_DH);
436 test_ciphersuite_kx(PRIO_ECDH);
437 test_ciphersuite_kx(PRIO_ECDHE_ECDSA);
438 test_ciphersuite_kx(PRIO_RSA);
439
440 gnutls_global_deinit();
441
442 }
Implementation of the SSL/TLS protocol