diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-06-06 10:42:58 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-07-17 17:08:01 +0200 |
commit | 1894f047cb8d87ef0ce68c5f0fda3ab62d79e529 (patch) | |
tree | 66f8f100e2adce3559552c28b44a807faf3fc3d3 | |
parent | 96573d79e159a9a5748e2c525618700c44d9787c (diff) | |
download | gnutls-1894f047cb8d87ef0ce68c5f0fda3ab62d79e529.tar.gz |
gnutls-cli: added benchmark on X25519-Ed25519 key exchange
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | src/benchmark-tls.c | 62 |
1 files changed, 49 insertions, 13 deletions
diff --git a/src/benchmark-tls.c b/src/benchmark-tls.c index 1e2b6de6ea..8fd25848f0 100644 --- a/src/benchmark-tls.c +++ b/src/benchmark-tls.c @@ -1,5 +1,6 @@ /* * Copyright (C) 2011-2012 Free Software Foundation, Inc. + * Copyright (C) 2017 Red Hat, Inc. * * Author: Nikos Mavrogiannopoulos * @@ -45,9 +46,10 @@ const char *side = ""; #define PRIO_DH "NONE:+VERS-TLS1.2:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+DHE-RSA" #define PRIO_ECDH "NONE:+VERS-TLS1.2:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+ECDHE-RSA:+CURVE-SECP256R1" -#define PRIO_ECDHX "NONE:+VERS-TLS1.2:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+ECDHE-RSA:+CURVE-X25519" +#define PRIO_ECDH_X25519 "NONE:+VERS-TLS1.2:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+ECDHE-RSA:+CURVE-X25519" #define PRIO_ECDHE_ECDSA "NONE:+VERS-TLS1.2:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+ECDHE-ECDSA:+CURVE-SECP256R1" -#define PRIO_ECDHX_ECDSA "NONE:+VERS-TLS1.2:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+ECDHE-ECDSA:+CURVE-X25519" +#define PRIO_ECDH_X25519_ECDSA "NONE:+VERS-TLS1.2:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+ECDHE-ECDSA:+CURVE-X25519" +#define PRIO_ECDH_X25519_EDDSA "NONE:+VERS-TLS1.2:+AES-128-GCM:+AEAD:+SIGN-EDDSA-ED25519:+COMP-NULL:+ECDHE-ECDSA:+CURVE-X25519" #define PRIO_RSA "NONE:+VERS-TLS1.2:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA" @@ -171,6 +173,25 @@ static unsigned char server_ecc_cert_pem[] = "cBE=\n" "-----END CERTIFICATE-----\n"; +static unsigned char server_ed25519_key_pem[] = + "-----BEGIN PRIVATE KEY-----\n" + "MC4CAQAwBQYDK2VwBCIEIOXDJXOU6J6XdXx4WfcyPILPYJDH5bRfm9em+DYMkllw\n" + "-----END PRIVATE KEY-----\n"; + +static unsigned char server_ed25519_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIBwTCCAWagAwIBAgIIWTZasQWGNVEwCgYIKoZIzj0EAwIwfTELMAkGA1UEBhMC\n" + "QkUxDzANBgNVBAoTBkdudVRMUzElMCMGA1UECxMcR251VExTIGNlcnRpZmljYXRl\n" + "IGF1dGhvcml0eTEPMA0GA1UECBMGTGV1dmVuMSUwIwYDVQQDExxHbnVUTFMgY2Vy\n" + "dGlmaWNhdGUgYXV0aG9yaXR5MCAXDTE3MDYwNjA3MzMwNVoYDzk5OTkxMjMxMjM1\n" + "OTU5WjAZMRcwFQYDVQQDEw5FZDI1NTE5IHNpZ25lcjAqMAUGAytlcAMhAPMF++lz\n" + "LIzfyCX0v0B7LIabZWZ/dePW9HexIbW3tYmHo2EwXzAMBgNVHRMBAf8EAjAAMA8G\n" + "A1UdDwEB/wQFAwMHgAAwHQYDVR0OBBYEFONSSnOdGLzpv3xNcci8ZiKKqzyqMB8G\n" + "A1UdIwQYMBaAFPC0gf6YEr+1KLlkQAPLzB9mTigDMAoGCCqGSM49BAMCA0kAMEYC\n" + "IQDHGfSgM44DVZfrP5CF8LSNlFN55ti3Z69YJ0SK8Fy9eQIhAN2UKeX3l8A9Ckcm\n" + "7barRoh+qx7ZVYpe+5w3JYuxy16w\n" + "-----END CERTIFICATE-----\n"; + const gnutls_datum_t server_cert = { server_cert_pem, sizeof(server_cert_pem) }; @@ -187,6 +208,14 @@ const gnutls_datum_t server_ecc_key = { server_ecc_key_pem, sizeof(server_ecc_key_pem) }; +const gnutls_datum_t server_ed25519_cert = { server_ed25519_cert_pem, + sizeof(server_ed25519_cert_pem) +}; + +const gnutls_datum_t server_ed25519_key = { server_ed25519_key_pem, + sizeof(server_ed25519_key_pem) +}; + char buffer[64 * 1024]; static void tls_log_func(int level, const char *str) @@ -347,7 +376,7 @@ double calc_sstdev(unsigned int *diffs, unsigned int diffs_size, unsigned int diffs[32 * 1024]; unsigned int diffs_size = 0; -static void test_ciphersuite_kx(const char *cipher_prio) +static void test_ciphersuite_kx(const char *cipher_prio, unsigned pk) { /* Server stuff. */ gnutls_anon_server_credentials_t s_anoncred; @@ -395,9 +424,15 @@ static void test_ciphersuite_kx(const char *cipher_prio) exit(1); } - ret = gnutls_certificate_set_x509_key_mem(s_certcred, &server_ecc_cert, - &server_ecc_key, - GNUTLS_X509_FMT_PEM); + ret = 0; + if (pk == GNUTLS_PK_ECDSA) + ret = gnutls_certificate_set_x509_key_mem(s_certcred, &server_ecc_cert, + &server_ecc_key, + GNUTLS_X509_FMT_PEM); + else if (pk == GNUTLS_PK_EDDSA_ED25519) + ret = gnutls_certificate_set_x509_key_mem(s_certcred, &server_ed25519_cert, + &server_ed25519_key, + GNUTLS_X509_FMT_PEM); if (ret < 0) { fprintf(stderr, "Error in %d: %s\n", __LINE__, gnutls_strerror(ret)); @@ -516,14 +551,15 @@ void benchmark_tls(int debug_level, int ciphers) test_ciphersuite(PRIO_CAMELLIA_CBC_SHA1, size); } else { printf - ("Testing key exchanges (RSA/DH bits: %d, EC bits: %d)\n", + ("Testing key exchanges (RSA/DH bits: %d, EC bits: %d)\n\n", rsa_bits, ec_bits); - test_ciphersuite_kx(PRIO_DH); - test_ciphersuite_kx(PRIO_ECDH); - test_ciphersuite_kx(PRIO_ECDHX); - test_ciphersuite_kx(PRIO_ECDHE_ECDSA); - test_ciphersuite_kx(PRIO_ECDHX_ECDSA); - test_ciphersuite_kx(PRIO_RSA); + test_ciphersuite_kx(PRIO_DH, GNUTLS_PK_UNKNOWN); + test_ciphersuite_kx(PRIO_ECDH, GNUTLS_PK_UNKNOWN); + test_ciphersuite_kx(PRIO_ECDH_X25519, GNUTLS_PK_UNKNOWN); + test_ciphersuite_kx(PRIO_ECDHE_ECDSA, GNUTLS_PK_ECC); + test_ciphersuite_kx(PRIO_ECDH_X25519_ECDSA, GNUTLS_PK_ECC); + test_ciphersuite_kx(PRIO_ECDH_X25519_EDDSA, GNUTLS_PK_EDDSA_ED25519); + test_ciphersuite_kx(PRIO_RSA, GNUTLS_PK_RSA); } gnutls_global_deinit(); |