gnutls-cli: use FFDHE3072 parameters for benchmarking

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-07-18 08:13:00 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-08-02 12:39:05 +0200
commit: b415c01208508722624814e836213df4bda271cd (patch)
tree: ef9206061e1f1d85d4a664015067cf88863c0796 /src
parent: e98e682a48d1431246d42352749d42e6ea744e92 (diff)
download: gnutls-b415c01208508722624814e836213df4bda271cd.tar.gz
1 files changed, 2 insertions, 54 deletions
diff --git a/src/benchmark-tls.c b/src/benchmark-tls.c
index a02f3a16a5..82aefefe2a 100644
--- a/src/benchmark-tls.c
+++ b/src/benchmark-tls.c
@@ -17,8 +17,7 @@
  * General Public License for more details.
  *
  * You should have received a copy of the GNU General Public License
- * along with GnuTLS; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
 #ifdef HAVE_CONFIG_H
@@ -44,7 +43,7 @@
 
 const char *side = "";
 
-#define PRIO_DHE_RSA "NONE:+VERS-TLS1.2:+AES-128-GCM:+AEAD:+SIGN-ALL:+COMP-NULL:+DHE-RSA"
+#define PRIO_DHE_RSA "NONE:+VERS-TLS1.2:+AES-128-GCM:+AEAD:+SIGN-ALL:+COMP-NULL:+DHE-RSA:+GROUP-FFDHE3072"
 #define PRIO_ECDH "NONE:+VERS-TLS1.2:+AES-128-GCM:+AEAD:+SIGN-ALL:+COMP-NULL:+ECDHE-RSA:+CURVE-SECP256R1"
 #define PRIO_ECDH_X25519 "NONE:+VERS-TLS1.2:+AES-128-GCM:+AEAD:+SIGN-ALL:+COMP-NULL:+ECDHE-RSA:+CURVE-X25519"
 #define PRIO_ECDHE_ECDSA "NONE:+VERS-TLS1.2:+AES-128-GCM:+AEAD:+SIGN-ALL:+COMP-NULL:+ECDHE-ECDSA:+CURVE-SECP256R1"
@@ -62,29 +61,6 @@ const char *side = "";
 
 static const int rsa_bits = 3072, ec_bits = 256;
 
-/* DH of 3072 bits that is pretty close equivalent to 256 bits of ECDH.
- */
-const char *pkcs3 =
-    "-----BEGIN DH PARAMETERS-----\n"
-    "MIIDDQKCAYEAtnlQsMzw6EdzVgv59IvDCNXDz+V5F6S95ies6VuP2najcePLCPa4\n"
-    "yLCcQabhjV+rSpYxvqEo1hHMhAZPPsrHP3CCzFlqkSY2mmryC5LfWnoJnJCA5RSs\n"
-    "kWNlxyJ/fkXWseFKDm+E3W/yZXxBJxf3BevlcF7hMXuOrv5tGOdiltWsCrZglEMC\n"
-    "IO3NcvEwLp7Y/OuHk4J2upJSLJqL2mUoYgOUAwhoM9oh6ucjPJ0Ha/HqNRe0zdup\n"
-    "0wnwSbjBR0xa2HdHv5hr0OPk6sma0Zj1cVNi3u5xlMeiirbtEBuRPfM4mrMkhK8F\n"
-    "YBhVV7YRf+WMw8v9VhfeX+GYuE4oMdv6tJBwWoj0RdhgpD6BMG7uHwM7WOn5ZukA\n"
-    "sn9eGsXRog2gCmckUfOGn5oQWXRk1sv2myeu75GAaIPIsXMWBsJNCfxVBbi7pEU9\n"
-    "IQgi6JoLlRnvXVa2GaoVEdAuH0dl6QSIRmNeZ3VKa0ZCx1DHn/WVIt2ooMec5lCY\n"
-    "JGCqIT3tQUUzAoIBgFYzCrFBoleurEimohHxnFKMY0E0feGA0qLPDUa+Ys/4wsr6\n"
-    "SabuE9X69EHVDu4xGlbS4w9k5sMfXTqgVGIN43jbWuoN1FAdPp8YdbXACB3k+IoN\n"
-    "cCj/Ju90Tc/NOTwHN/4Axsy0LpeP+eknb48eQw6mYsHCvN9ytmLqC8AG11G+aTrF\n"
-    "boVeI7pCbfuls/cRNl4POuSyv+R12Evs1qXLoSW4crPEDvVpbIrgirjQNJbosfZY\n"
-    "5Pxf2Ofpidy1slINQqx8zhILTikl0AdfYAlnBVFEOKg1HF+EnvNbcXW0QDxxnFF/\n"
-    "W+Yv0xQpFw9UDa+hdwEVvdrDopqvuvg9BCwCfxT3vGN300RDqWAVGJUknXN4T5MZ\n"
-    "+fZrtZMhbWDCsOHMcVcUPqul7V5uQX7EAhUnfBKxE1I5NK9J8wtHeUEYioI8f7XY\n"
-    "Be6/w7WHHspV4fwIOfWUD5G0c++NxED+JwDyc8aU/qVOXVikOXwVTB/2oyatkoBX\n"
-    "r8Y+1FUiZGhRCT9dbgICAQA=\n"
-    "-----END DH PARAMETERS-----\n";
-
 static unsigned char server_rsa_pss_cert_pem[] =
 	"-----BEGIN CERTIFICATE-----\n"
 	"MIIErTCCAuWgAwIBAgIIWTZrqjOeCfIwPQYJKoZIhvcNAQEKMDCgDTALBglghkgB\n"
@@ -263,8 +239,6 @@ static void test_ciphersuite(const char *cipher_prio, int size)
 	/* Server stuff. */
 	gnutls_anon_server_credentials_t s_anoncred;
 	gnutls_certificate_credentials_t c_certcred, s_certcred;
-	const gnutls_datum_t p3 = { (void *) pkcs3, strlen(pkcs3) };
-	static gnutls_dh_params_t dh_params;
 	gnutls_session_t server;
 	int sret, cret;
 	const char *str;
@@ -278,12 +252,7 @@ static void test_ciphersuite(const char *cipher_prio, int size)
 
 	/* Init server */
 	gnutls_anon_allocate_server_credentials(&s_anoncred);
-	gnutls_dh_params_init(&dh_params);
-	gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM);
-	gnutls_anon_set_server_dh_params(s_anoncred, dh_params);
-
 	gnutls_certificate_allocate_credentials(&s_certcred);
-	gnutls_certificate_set_dh_params(s_certcred, dh_params);
 
 	gnutls_certificate_set_x509_key_mem(s_certcred, &server_cert,
 					    &server_key,
@@ -370,9 +339,6 @@ static void test_ciphersuite(const char *cipher_prio, int size)
 
 	gnutls_anon_free_client_credentials(c_anoncred);
 	gnutls_anon_free_server_credentials(s_anoncred);
-
-	gnutls_dh_params_deinit(dh_params);
-
 }
 
 static
@@ -415,8 +381,6 @@ static void test_ciphersuite_kx(const char *cipher_prio, unsigned pk)
 {
 	/* Server stuff. */
 	gnutls_anon_server_credentials_t s_anoncred;
-	const gnutls_datum_t p3 = { (void *) pkcs3, strlen(pkcs3) };
-	static gnutls_dh_params_t dh_params;
 	gnutls_session_t server;
 	int sret, cret;
 	const char *str;
@@ -437,19 +401,6 @@ static void test_ciphersuite_kx(const char *cipher_prio, unsigned pk)
 	/* Init server */
 	gnutls_certificate_allocate_credentials(&s_certcred);
 	gnutls_anon_allocate_server_credentials(&s_anoncred);
-	gnutls_dh_params_init(&dh_params);
-
-	ret =
-	     gnutls_dh_params_import_pkcs3(dh_params, &p3,
-					   GNUTLS_X509_FMT_PEM);
-	if (ret < 0) {
-		fprintf(stderr, "Error importing the PKCS #3 params: %s\n",
-			gnutls_strerror(ret));
-		exit(1);
-	}
-
-	gnutls_anon_set_server_dh_params(s_anoncred, dh_params);
-	gnutls_certificate_set_dh_params(s_certcred, dh_params);
 
 	ret = 0;
 	if (pk == GNUTLS_PK_RSA_PSS)
@@ -564,9 +515,6 @@ static void test_ciphersuite_kx(const char *cipher_prio, unsigned pk)
 
 	gnutls_anon_free_client_credentials(c_anoncred);
 	gnutls_anon_free_server_credentials(s_anoncred);
-
-	gnutls_dh_params_deinit(dh_params);
-
 }
 
 void benchmark_tls(int debug_level, int ciphers)
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-07-18 08:13:00 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-08-02 12:39:05 +0200
commit	b415c01208508722624814e836213df4bda271cd (patch)
tree	ef9206061e1f1d85d4a664015067cf88863c0796 /src
parent	e98e682a48d1431246d42352749d42e6ea744e92 (diff)
download	gnutls-b415c01208508722624814e836213df4bda271cd.tar.gz