projects / platform / upstream / gnutls.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Imported Upstream version 3.4.11
[platform/upstream/gnutls.git] / src / benchmark-tls.c
1 /*
2  * Copyright (C) 2011-2012 Free Software Foundation, Inc.
3  *
4  * Author: Nikos Mavrogiannopoulos
5  *
6  * This file is part of GnuTLS.
7  *
8  * GnuTLS is free software; you can redistribute it and/or modify it
9  * under the terms of the GNU General Public License as published by
10  * the Free Software Foundation; either version 3 of the License, or
11  * (at your option) any later version.
12  *
13  * GnuTLS is distributed in the hope that it will be useful, but
14  * WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
16  * General Public License for more details.
17  *
18  * You should have received a copy of the GNU General Public License
19  * along with GnuTLS; if not, write to the Free Software Foundation,
20  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
21  */
22
23 #ifdef HAVE_CONFIG_H
24 #include <config.h>
25 #endif
26
27 #include <stdio.h>
28 #include <stdlib.h>
29 #include <string.h>
30 #include <errno.h>
31 #include <gnutls/gnutls.h>
32 #include <gnutls/crypto.h>
33 #include <math.h>
34
35 #define fail(...) \
36         { \
37                 fprintf(stderr, __VA_ARGS__); \
38                 exit(1); \
39         }
40
41 #include "../tests/eagain-common.h"
42 #include "benchmark.h"
43
44 const char *side = "";
45
46 #define PRIO_DH "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+DHE-RSA"
47 #define PRIO_ECDH "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+ECDHE-RSA:+CURVE-SECP256R1"
48 #define PRIO_ECDHE_ECDSA "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+ECDHE-ECDSA:+CURVE-SECP256R1"
49 #define PRIO_RSA "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA"
50
51 #define PRIO_ARCFOUR_128_SHA1 "NONE:+VERS-TLS1.0:+ARCFOUR-128:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA"
52
53 #define PRIO_AES_CBC_SHA1 "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA"
54 #define PRIO_ARCFOUR_128_MD5 "NONE:+VERS-TLS1.0:+ARCFOUR-128:+MD5:+SIGN-ALL:+COMP-NULL:+RSA"
55 #define PRIO_AES_GCM "NONE:+VERS-TLS1.2:+AES-128-GCM:+AEAD:+SIGN-ALL:+COMP-NULL:+RSA"
56 #define PRIO_AES_CCM "NONE:+VERS-TLS1.2:+AES-128-CCM:+AEAD:+SIGN-ALL:+COMP-NULL:+RSA"
57 #define PRIO_CHACHA_POLY1305 "NONE:+VERS-TLS1.2:+CHACHA20-POLY1305:+AEAD:+SIGN-ALL:+COMP-NULL:+ECDHE-RSA:+CURVE-ALL"
58 #define PRIO_CAMELLIA_CBC_SHA1 "NONE:+VERS-TLS1.0:+CAMELLIA-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA"
59
60 static const int rsa_bits = 3072, ec_bits = 256;
61
62 /* DH of 3072 bits that is pretty close equivalent to 256 bits of ECDH.
63  */
64 const char *pkcs3 =
65     "-----BEGIN DH PARAMETERS-----\n"
66     "MIIDDQKCAYEAtnlQsMzw6EdzVgv59IvDCNXDz+V5F6S95ies6VuP2najcePLCPa4\n"
67     "yLCcQabhjV+rSpYxvqEo1hHMhAZPPsrHP3CCzFlqkSY2mmryC5LfWnoJnJCA5RSs\n"
68     "kWNlxyJ/fkXWseFKDm+E3W/yZXxBJxf3BevlcF7hMXuOrv5tGOdiltWsCrZglEMC\n"
69     "IO3NcvEwLp7Y/OuHk4J2upJSLJqL2mUoYgOUAwhoM9oh6ucjPJ0Ha/HqNRe0zdup\n"
70     "0wnwSbjBR0xa2HdHv5hr0OPk6sma0Zj1cVNi3u5xlMeiirbtEBuRPfM4mrMkhK8F\n"
71     "YBhVV7YRf+WMw8v9VhfeX+GYuE4oMdv6tJBwWoj0RdhgpD6BMG7uHwM7WOn5ZukA\n"
72     "sn9eGsXRog2gCmckUfOGn5oQWXRk1sv2myeu75GAaIPIsXMWBsJNCfxVBbi7pEU9\n"
73     "IQgi6JoLlRnvXVa2GaoVEdAuH0dl6QSIRmNeZ3VKa0ZCx1DHn/WVIt2ooMec5lCY\n"
74     "JGCqIT3tQUUzAoIBgFYzCrFBoleurEimohHxnFKMY0E0feGA0qLPDUa+Ys/4wsr6\n"
75     "SabuE9X69EHVDu4xGlbS4w9k5sMfXTqgVGIN43jbWuoN1FAdPp8YdbXACB3k+IoN\n"
76     "cCj/Ju90Tc/NOTwHN/4Axsy0LpeP+eknb48eQw6mYsHCvN9ytmLqC8AG11G+aTrF\n"
77     "boVeI7pCbfuls/cRNl4POuSyv+R12Evs1qXLoSW4crPEDvVpbIrgirjQNJbosfZY\n"
78     "5Pxf2Ofpidy1slINQqx8zhILTikl0AdfYAlnBVFEOKg1HF+EnvNbcXW0QDxxnFF/\n"
79     "W+Yv0xQpFw9UDa+hdwEVvdrDopqvuvg9BCwCfxT3vGN300RDqWAVGJUknXN4T5MZ\n"
80     "+fZrtZMhbWDCsOHMcVcUPqul7V5uQX7EAhUnfBKxE1I5NK9J8wtHeUEYioI8f7XY\n"
81     "Be6/w7WHHspV4fwIOfWUD5G0c++NxED+JwDyc8aU/qVOXVikOXwVTB/2oyatkoBX\n"
82     "r8Y+1FUiZGhRCT9dbgICAQA=\n"
83     "-----END DH PARAMETERS-----\n";
84
85 static unsigned char server_cert_pem[] =
86     "-----BEGIN CERTIFICATE-----\n"
87     "MIIEOjCCAqKgAwIBAgIMU+I+KjQZpH+ZdjOlMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n"
88     "BgNVBAMTBENBLTAwIhgPMjAxNDA4MDYxNDM5MzhaGA85OTk5MTIzMTIzNTk1OVow\n"
89     "EzERMA8GA1UEAxMIc2VydmVyLTEwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGK\n"
90     "AoIBgQDswF+JIWGcyu+JfjTcM8UDRKaxOuLVY0SODV1uaXPB5ZW9nEX/FFYIG+ld\n"
91     "SKCyz5JF5ThrdvwqO+GVByuvETJdM7N4i8fzGHU8WIsj/CABAV+SaDT/xb+h1ar9\n"
92     "dIehKelBmXQADVFX+xvu9OM5Ft3P/wyO9gWWrR7e/MU/SVzWzMT69+5YoE4QkrYY\n"
93     "CuEBtlVHDo2mmNWGSQ5tUVIWARgXbqsmj4voWkutE/CiT0+g6GQilMARkROElIhO\n"
94     "5NH+u3/Lt2wRQO5tEP1JmSoqvrMOmF16txze8qMzvKg1Eafijv9DR4NcCc6s8+g+\n"
95     "CZbyODSdAybiyKsC7JCIrQjsnAjgPKKBLuZ1NTmu5liuXO05XsdcBoKDbKNAQdJC\n"
96     "z4uxfqTr4CGFgHQk48Nhmq01EGmpwAeA/BOCB5qsWzqURtMX8EVB1Zdo3LD5Vwz1\n"
97     "8mm+ZdeLPlYy3L/FBpVPDbYoZlFgINUNCQvGgvzqGJAQrKR4w8X/Y6HH9R8sv+U8\n"
98     "kNtQI90CAwEAAaOBjTCBijAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2Fs\n"
99     "aG9zdDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1Ud\n"
100     "DgQWBBTVObJSuRlmfjIx/hqxXk4qrxtnWDAfBgNVHSMEGDAWgBQ5vvRl/1WhIqpf\n"
101     "ZFiHs89kf3N3OTANBgkqhkiG9w0BAQsFAAOCAYEAC0KQNPASZ7adSMMM3qx0Ny8Z\n"
102     "AkcVAtohkjlwCwhoutcavZVyTjdpGydte6nfyTWOjs6ATBV2GhpyH+nvRJaYQFAh\n"
103     "7uksjJxptSlaQuJqUI12urzx6BX0kenwh7nNwnLOngSBRqYwQqQdbnZf0w1DAdac\n"
104     "vSa/Y1PrDpcXyPHpk7pDrtI9Mj24rIbvjeWM1RfgkNQYLPkZBDQqKkc5UrCA5y3v\n"
105     "3motWyTdfvVYL7KWcEmGeKsWaTDkahd8Xhx29WvE4P740AOvXm/nkrE+PkHODbXi\n"
106     "iD0a4cO2FPjjVt5ji+iaJTaXBEd9GHklKE6ZTZhj5az9ygQj1m6HZ2i3shWtG2ks\n"
107     "AjgnGzsA8Wm/5X6YyR8UND41rS/lAc9yx8Az9Hqzfg8aOyvixYVPNKoTEPAMmypA\n"
108     "oQT6g4b989lZFcjrwnLCrwz83jPD683p5IenCnRI5yhuFoQauy2tgHIbC1FRgs0C\n"
109     "dyiOeDh80u1fekMVjRztIAwavuwxI6XgRzPSHhWR\n"
110     "-----END CERTIFICATE-----\n";
111
112 static unsigned char server_key_pem[] =
113     "-----BEGIN RSA PRIVATE KEY-----\n"
114     "MIIG5gIBAAKCAYEA7MBfiSFhnMrviX403DPFA0SmsTri1WNEjg1dbmlzweWVvZxF\n"
115     "/xRWCBvpXUigss+SReU4a3b8KjvhlQcrrxEyXTOzeIvH8xh1PFiLI/wgAQFfkmg0\n"
116     "/8W/odWq/XSHoSnpQZl0AA1RV/sb7vTjORbdz/8MjvYFlq0e3vzFP0lc1szE+vfu\n"
117     "WKBOEJK2GArhAbZVRw6NppjVhkkObVFSFgEYF26rJo+L6FpLrRPwok9PoOhkIpTA\n"
118     "EZEThJSITuTR/rt/y7dsEUDubRD9SZkqKr6zDphdercc3vKjM7yoNRGn4o7/Q0eD\n"
119     "XAnOrPPoPgmW8jg0nQMm4sirAuyQiK0I7JwI4DyigS7mdTU5ruZYrlztOV7HXAaC\n"
120     "g2yjQEHSQs+LsX6k6+AhhYB0JOPDYZqtNRBpqcAHgPwTggearFs6lEbTF/BFQdWX\n"
121     "aNyw+VcM9fJpvmXXiz5WMty/xQaVTw22KGZRYCDVDQkLxoL86hiQEKykeMPF/2Oh\n"
122     "x/UfLL/lPJDbUCPdAgMBAAECggGBAOZzh0sjbDHENBBhAjFKTz6UJ7IigMR3oTao\n"
123     "+cZM7XnS8cQkhtn5wJiaGrlLxejoNhjFO/sXUfQGX9nBphr+IUkp10vCvHn717pK\n"
124     "8f2wILL51D7eIqDJq3RrWMroEFGnSz8okQqv6/s5GgKq6zcZ9AXP3TiXb+8wSvmB\n"
125     "kLq+vZj0r9UfWyl3uSVWuduDU2xoQHAvUWDWKhpRqLJuUvnKTNoaRoz9c5FTu5AY\n"
126     "9cX4b6lQLJCgvKkcz6PhNSGeiG5tsONi89sNuF3MYO+a4JBpD3l/lj1inHDEhlpd\n"
127     "xHdbXNv4vw2rJECt5O8Ff3aT3g3voenP0xbfrQ5m6dIrEscU1KMkYIg+wCVV+oNj\n"
128     "4OhmBvdN/mXKEFpxKNk6C78feA1+ZygNWeBhgY0hiA98oI77H9kN8iuKaOaxYbEG\n"
129     "qCwHrPbL+fVcLKouN6i3E3kpDIp5HMx4bYWyzotXXrpAWj7D/5saBCdErH0ab4Sb\n"
130     "2I3tZ49qDIfcKl0bdpTiidbGKasL/QKBwQD+Qlo4m2aZLYSfBxygqiLv42vpeZAB\n"
131     "4//MeAFnxFcdF+JL6Lo3gfzP3bJ8EEq2b+psmk5yofiNDVaHTb4iOS3DX/JCmnmj\n"
132     "+zAEfMCVLljYJlACVnyPb+8h+T0UEsQWMiFWZxsv+AbHs/cnpVtdnvO0Hg8VRrHu\n"
133     "dpKOauuhPkpFxtbbkxJWIapvYr/jqD8m+fDSMWJuxMGKmgKiefy+pS2N7hrbNZF4\n"
134     "OD/TdCim5qDVuSwj/g2Y7WOTf3UJ5Jo4CmMCgcEA7l9VnhEb3UrAHhGe7bAgZ4Wm\n"
135     "1ncFVOWc9X/tju3QUpNEow6I0skav2i3A/ZA36Iy/w4Sf8RAQC+77NzBEIKyLjK1\n"
136     "PfwXPoH2hrtD3WSQlAFG4u8DsRWt4GZY3OAzmqWenhQcUoJ1zgTyRwOFfX1R38NF\n"
137     "8QeHck5KUUNoi56Vc7BCo/ypacz33RqzVEj6z5ScogTqC8nNn1a+/rfpTKzotJqc\n"
138     "PJHMXTduAB6x4QHerpzGJQYucAJSD1VJbFwEWUy/AoHBAIvKb1AwIHiXThMhFdw/\n"
139     "rnW1097JtyNS95CzahJjIIIeX4zcp4VdMmIWwcr0Kh+j6H9NV1QvOThT3P8G/0JR\n"
140     "rZd9aPS1eaturzfIXxmmIbK1XcfrRRCXuiIzpiEjMCwD49BdX9U/yHqDt59Uiqcu\n"
141     "fU7KOAC6nZk+F9W1c1dzp+I1MGwIsEwqtkoHQPkpx47mXEE0ZaoBA2fwxQIPj6ZB\n"
142     "qooeHyXmjdRLGMxpUPByXHslE9+2DkPGQLkXmoGV7jRhgQKBwQDL+LnbgwpT5pXU\n"
143     "ZQGYpABmdQAZPklKpxwTGr+dcTO0pR2zZUmBDOKdbS5F7p7+fd2jUFhWCglsoyvs\n"
144     "d82goiVz0KI0AxWkwDLCgVWGCXqJmzocD6gaDNH3VbyubA7cQuIipFTD6ayCeMsU\n"
145     "JxhAFE9N6NtdbzLghcukE8lOx4ldMDMl/Zq91M033pQbCEPOAn2xSgE3yxvvP5w5\n"
146     "fAffO4n4mOAeGChGj5rJ8XoGbsIsqiwHHG36HJI5WqJ0XZy/CSMCgcEA4M05digH\n"
147     "VZE5T/eKLFNEnUB1W9tWAzj+BAqmR1rlwQt5O3fC8F7XqkSowhcRTDHUdoOkdVz/\n"
148     "jMgRqGs0O+cl8tLImD6d1mFR6Yxu0PHwXUwQVklW8txGGOKv0+2MFMlkFjuwCbNN\n"
149     "XZ2rmZq/JywCJmVAH0wToXZyEqhilLZ9TLs6m2d2+2hlxJM6XmXjc7A/fC089bSX\n"
150     "W+lG+lHYAA3tjkBWvb7YAPriahcFrRBvQb5zx4L4NXMHlXMUnA/KlMW2\n"
151     "-----END RSA PRIVATE KEY-----\n";
152
153 static unsigned char server_ecc_key_pem[] =
154     "-----BEGIN EC PRIVATE KEY-----\n"
155     "MHgCAQEEIQDrAKCAbdMKPngHu4zdSQ2Pghob8PhyrbUpWAR8V07E+qAKBggqhkjO\n"
156     "PQMBB6FEA0IABDfo4YLPkO4pBpQamtObIV3J6l92vI+RkyNtaQ9gtSWDj20w/aBC\n"
157     "WlbcTsRZ2itEpJ6GdLsGOW4RRfmiubzC9JU=\n"
158     "-----END EC PRIVATE KEY-----\n";
159
160 static unsigned char server_ecc_cert_pem[] =
161     "-----BEGIN CERTIFICATE-----\n"
162     "MIIBrjCCAVSgAwIBAgIMU+I+axGZmBD/YL96MAoGCCqGSM49BAMCMA8xDTALBgNV\n"
163     "BAMTBENBLTAwIhgPMjAxNDA4MDYxNDQwNDNaGA85OTk5MTIzMTIzNTk1OVowEzER\n"
164     "MA8GA1UEAxMIc2VydmVyLTEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ36OGC\n"
165     "z5DuKQaUGprTmyFdyepfdryPkZMjbWkPYLUlg49tMP2gQlpW3E7EWdorRKSehnS7\n"
166     "BjluEUX5orm8wvSVo4GNMIGKMAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9j\n"
167     "YWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdDwEB/wQFAwMHgAAwHQYD\n"
168     "VR0OBBYEFOuSntH2To0gJLH79Ow4wNpBuhmEMB8GA1UdIwQYMBaAFMZ1miRvZAYr\n"
169     "nBEymOtPjbfTrnblMAoGCCqGSM49BAMCA0gAMEUCIQCMP3aBcCxSPbCUhihOsUmH\n"
170     "G04AgT1PKw8z4LgZ4VGTVAIgYw3IFwS5sSYEAHRZAH8eaTXTz7XFmWmnkve9EBkN\n"
171     "cBE=\n"
172     "-----END CERTIFICATE-----\n";
173
174 const gnutls_datum_t server_cert = { server_cert_pem,
175         sizeof(server_cert_pem)
176 };
177
178 const gnutls_datum_t server_key = { server_key_pem,
179         sizeof(server_key_pem)
180 };
181
182 const gnutls_datum_t server_ecc_cert = { server_ecc_cert_pem,
183         sizeof(server_ecc_cert_pem)
184 };
185
186 const gnutls_datum_t server_ecc_key = { server_ecc_key_pem,
187         sizeof(server_ecc_key_pem)
188 };
189
190 char buffer[64 * 1024];
191
192 static void tls_log_func(int level, const char *str)
193 {
194         fprintf(stderr, "%s|<%d>| %s", side, level, str);
195 }
196
197 static void test_ciphersuite(const char *cipher_prio, int size)
198 {
199         /* Server stuff. */
200         gnutls_anon_server_credentials_t s_anoncred;
201         gnutls_certificate_credentials_t c_certcred, s_certcred;
202         const gnutls_datum_t p3 = { (void *) pkcs3, strlen(pkcs3) };
203         static gnutls_dh_params_t dh_params;
204         gnutls_session_t server;
205         int sret, cret;
206         const char *str;
207         /* Client stuff. */
208         gnutls_anon_client_credentials_t c_anoncred;
209         gnutls_session_t client;
210         /* Need to enable anonymous KX specifically. */
211         int ret;
212         struct benchmark_st st;
213         gnutls_packet_t packet;
214
215         /* Init server */
216         gnutls_anon_allocate_server_credentials(&s_anoncred);
217         gnutls_dh_params_init(&dh_params);
218         gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM);
219         gnutls_anon_set_server_dh_params(s_anoncred, dh_params);
220
221         gnutls_certificate_allocate_credentials(&s_certcred);
222         gnutls_certificate_set_dh_params(s_certcred, dh_params);
223
224         gnutls_certificate_set_x509_key_mem(s_certcred, &server_cert,
225                                             &server_key,
226                                             GNUTLS_X509_FMT_PEM);
227         gnutls_certificate_set_x509_key_mem(s_certcred, &server_ecc_cert,
228                                             &server_ecc_key,
229                                             GNUTLS_X509_FMT_PEM);
230
231         gnutls_init(&server, GNUTLS_SERVER);
232         ret = gnutls_priority_set_direct(server, cipher_prio, &str);
233         if (ret < 0) {
234                 fprintf(stderr, "Error in %s\n", str);
235                 exit(1);
236         }
237         gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred);
238         gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, s_certcred);
239         gnutls_transport_set_push_function(server, server_push);
240         gnutls_transport_set_pull_function(server, server_pull);
241         gnutls_transport_set_ptr(server, (gnutls_transport_ptr_t) server);
242         reset_buffers();
243
244         /* Init client */
245         gnutls_anon_allocate_client_credentials(&c_anoncred);
246         gnutls_certificate_allocate_credentials(&c_certcred);
247         gnutls_init(&client, GNUTLS_CLIENT);
248
249         ret = gnutls_priority_set_direct(client, cipher_prio, &str);
250         if (ret < 0) {
251                 fprintf(stderr, "Error in %s\n", str);
252                 exit(1);
253         }
254         gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred);
255         gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, c_certcred);
256         gnutls_transport_set_push_function(client, client_push);
257         gnutls_transport_set_pull_function(client, client_pull);
258         gnutls_transport_set_ptr(client, (gnutls_transport_ptr_t) client);
259
260         HANDSHAKE(client, server);
261
262         fprintf(stdout, "%38s  ",
263                 gnutls_cipher_suite_get_name(gnutls_kx_get(server),
264                                              gnutls_cipher_get(server),
265                                              gnutls_mac_get(server)));
266         fflush(stdout);
267
268         gnutls_rnd(GNUTLS_RND_NONCE, buffer, sizeof(buffer));
269
270         start_benchmark(&st);
271
272         do {
273                 do {
274                         ret = gnutls_record_send(client, buffer, size);
275                 }
276                 while (ret == GNUTLS_E_AGAIN);
277
278                 if (ret < 0) {
279                         fprintf(stderr, "Failed sending to server\n");
280                         exit(1);
281                 }
282
283                 do {
284                         ret =
285                             gnutls_record_recv_packet(server, &packet);
286                 }
287                 while (ret == GNUTLS_E_AGAIN);
288
289                 if (ret < 0) {
290                         fprintf(stderr, "Failed receiving from client: %s\n", gnutls_strerror(ret));
291                         exit(1);
292                 }
293
294                 st.size += size;
295                 gnutls_packet_deinit(packet);
296         }
297         while (benchmark_must_finish == 0);
298
299         stop_benchmark(&st, NULL, 1);
300
301         gnutls_bye(client, GNUTLS_SHUT_WR);
302         gnutls_bye(server, GNUTLS_SHUT_WR);
303
304         gnutls_deinit(client);
305         gnutls_deinit(server);
306
307         gnutls_anon_free_client_credentials(c_anoncred);
308         gnutls_anon_free_server_credentials(s_anoncred);
309
310         gnutls_dh_params_deinit(dh_params);
311
312 }
313
314 static
315 double calc_avg(unsigned int *diffs, unsigned int diffs_size)
316 {
317         double avg = 0;
318         unsigned int i;
319
320         for (i = 0; i < diffs_size; i++)
321                 avg += diffs[i];
322
323         avg /= diffs_size;
324
325         return avg;
326 }
327
328 static
329 double calc_sstdev(unsigned int *diffs, unsigned int diffs_size,
330                    double avg)
331 {
332         double sum = 0, d;
333         unsigned int i;
334
335         for (i = 0; i < diffs_size; i++) {
336                 d = ((double) diffs[i] - avg);
337                 d *= d;
338
339                 sum += d;
340         }
341         sum /= diffs_size - 1;
342
343         return sum;
344 }
345
346
347 unsigned int diffs[32 * 1024];
348 unsigned int diffs_size = 0;
349
350 static void test_ciphersuite_kx(const char *cipher_prio)
351 {
352         /* Server stuff. */
353         gnutls_anon_server_credentials_t s_anoncred;
354         const gnutls_datum_t p3 = { (void *) pkcs3, strlen(pkcs3) };
355         static gnutls_dh_params_t dh_params;
356         gnutls_session_t server;
357         int sret, cret;
358         const char *str;
359         const char *suite = NULL;
360         /* Client stuff. */
361         gnutls_anon_client_credentials_t c_anoncred;
362         gnutls_certificate_credentials_t c_certcred, s_certcred;
363         gnutls_session_t client;
364         /* Need to enable anonymous KX specifically. */
365         int ret;
366         struct benchmark_st st;
367         struct timespec tr_start, tr_stop;
368         double avg, sstddev;
369
370         diffs_size = 0;
371
372         /* Init server */
373         gnutls_certificate_allocate_credentials(&s_certcred);
374         gnutls_anon_allocate_server_credentials(&s_anoncred);
375         gnutls_dh_params_init(&dh_params);
376
377         ret =
378              gnutls_dh_params_import_pkcs3(dh_params, &p3,
379                                            GNUTLS_X509_FMT_PEM);
380         if (ret < 0) {
381                 fprintf(stderr, "Error importing the PKCS #3 params: %s\n",
382                         gnutls_strerror(ret));
383                 exit(1);
384         }
385
386         gnutls_anon_set_server_dh_params(s_anoncred, dh_params);
387         gnutls_certificate_set_dh_params(s_certcred, dh_params);
388
389         ret = gnutls_certificate_set_x509_key_mem(s_certcred, &server_cert,
390                                             &server_key,
391                                             GNUTLS_X509_FMT_PEM);
392         if (ret < 0) {
393                 fprintf(stderr, "Error in %d: %s\n", __LINE__,
394                         gnutls_strerror(ret));
395                 exit(1);
396         }
397
398         ret = gnutls_certificate_set_x509_key_mem(s_certcred, &server_ecc_cert,
399                                             &server_ecc_key,
400                                             GNUTLS_X509_FMT_PEM);
401         if (ret < 0) {
402                 fprintf(stderr, "Error in %d: %s\n", __LINE__,
403                         gnutls_strerror(ret));
404                 exit(1);
405         }
406
407         /* Init client */
408         gnutls_anon_allocate_client_credentials(&c_anoncred);
409         gnutls_certificate_allocate_credentials(&c_certcred);
410
411         start_benchmark(&st);
412
413         do {
414
415                 gnutls_init(&server, GNUTLS_SERVER);
416                 ret =
417                     gnutls_priority_set_direct(server, cipher_prio, &str);
418                 if (ret < 0) {
419                         fprintf(stderr, "Error in %s\n", str);
420                         exit(1);
421                 }
422                 gnutls_credentials_set(server, GNUTLS_CRD_ANON,
423                                        s_anoncred);
424                 gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
425                                        s_certcred);
426                 gnutls_transport_set_push_function(server, server_push);
427                 gnutls_transport_set_pull_function(server, server_pull);
428                 gnutls_transport_set_ptr(server,
429                                          (gnutls_transport_ptr_t) server);
430                 reset_buffers();
431
432                 gnutls_init(&client, GNUTLS_CLIENT);
433
434                 ret =
435                     gnutls_priority_set_direct(client, cipher_prio, &str);
436                 if (ret < 0) {
437                         fprintf(stderr, "Error in %s\n", str);
438                         exit(1);
439                 }
440                 gnutls_credentials_set(client, GNUTLS_CRD_ANON,
441                                        c_anoncred);
442                 gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
443                                        c_certcred);
444
445                 gnutls_transport_set_push_function(client, client_push);
446                 gnutls_transport_set_pull_function(client, client_pull);
447                 gnutls_transport_set_ptr(client,
448                                          (gnutls_transport_ptr_t) client);
449
450                 gettime(&tr_start);
451
452                 HANDSHAKE(client, server);
453
454                 gettime(&tr_stop);
455
456                 if (suite == NULL)
457                         suite =
458                             gnutls_cipher_suite_get_name(gnutls_kx_get
459                                                          (server),
460                                                          gnutls_cipher_get
461                                                          (server),
462                                                          gnutls_mac_get
463                                                          (server));
464
465                 gnutls_deinit(client);
466                 gnutls_deinit(server);
467
468                 diffs[diffs_size++] = timespec_sub_ms(&tr_stop, &tr_start);
469                 if (diffs_size > sizeof(diffs))
470                         abort();
471
472                 st.size += 1;
473         }
474         while (benchmark_must_finish == 0);
475
476         fprintf(stdout, "%38s  ", suite);
477         stop_benchmark(&st, "transactions", 1);
478
479         avg = calc_avg(diffs, diffs_size);
480         sstddev = calc_sstdev(diffs, diffs_size, avg);
481
482         printf("%32s %.2f ms, sample variance: %.2f)\n",
483                "(avg. handshake time:", avg, sstddev);
484
485         gnutls_anon_free_client_credentials(c_anoncred);
486         gnutls_anon_free_server_credentials(s_anoncred);
487
488         gnutls_dh_params_deinit(dh_params);
489
490 }
491
492 void benchmark_tls(int debug_level, int ciphers)
493 {
494         int size;
495
496         gnutls_global_set_log_function(tls_log_func);
497         gnutls_global_set_log_level(debug_level);
498         gnutls_global_init();
499
500         if (ciphers != 0) {
501                 size = 1400;
502                 printf
503                     ("Testing throughput in cipher/MAC combinations (payload: %d bytes)\n",
504                      size);
505
506                 test_ciphersuite(PRIO_ARCFOUR_128_SHA1, size);
507                 test_ciphersuite(PRIO_ARCFOUR_128_MD5, size);
508                 test_ciphersuite(PRIO_AES_GCM, size);
509                 test_ciphersuite(PRIO_AES_CCM, size);
510                 test_ciphersuite(PRIO_CHACHA_POLY1305, size);
511                 test_ciphersuite(PRIO_AES_CBC_SHA1, size);
512                 test_ciphersuite(PRIO_CAMELLIA_CBC_SHA1, size);
513
514                 size = 15 * 1024;
515                 printf
516                     ("\nTesting throughput in cipher/MAC combinations (payload: %d bytes)\n",
517                      size);
518                 test_ciphersuite(PRIO_ARCFOUR_128_SHA1, size);
519                 test_ciphersuite(PRIO_ARCFOUR_128_MD5, size);
520                 test_ciphersuite(PRIO_AES_GCM, size);
521                 test_ciphersuite(PRIO_AES_CCM, size);
522                 test_ciphersuite(PRIO_CHACHA_POLY1305, size);
523                 test_ciphersuite(PRIO_AES_CBC_SHA1, size);
524                 test_ciphersuite(PRIO_CAMELLIA_CBC_SHA1, size);
525         } else {
526                 printf
527                     ("Testing key exchanges (RSA/DH bits: %d, EC bits: %d)\n",
528                      rsa_bits, ec_bits);
529                 test_ciphersuite_kx(PRIO_DH);
530                 test_ciphersuite_kx(PRIO_ECDH);
531                 test_ciphersuite_kx(PRIO_ECDHE_ECDSA);
532                 test_ciphersuite_kx(PRIO_RSA);
533         }
534
535         gnutls_global_deinit();
536
537 }
Domain: Security / Utilities;