summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--NEWS3
-rw-r--r--src/Makefile.am11
-rw-r--r--src/benchmark-cipher.c10
-rw-r--r--src/benchmark-tls.c407
-rw-r--r--src/benchmark.h3
-rw-r--r--src/cli-gaa.c213
-rw-r--r--src/cli-gaa.h60
-rw-r--r--src/cli.gaa4
8 files changed, 353 insertions, 358 deletions
diff --git a/NEWS b/NEWS
index 2e934cc756..a184ec929b 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,9 @@ See the end for copying conditions.
* Version 3.0.2 (unreleased)
+** gnutls-cli: Benchmark applications were incorporated
+with it.
+
** libgnutls: Corrected parsing of XMPP subject
alternative names.
diff --git a/src/Makefile.am b/src/Makefile.am
index 10813cf1e3..9e6a0dd81f 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -32,7 +32,6 @@ AM_CPPFLAGS = \
-I$(srcdir)/../libextra/includes \
-I$(srcdir)/cfg
-noinst_PROGRAMS = benchmark-cipher benchmark-tls
bin_PROGRAMS = gnutls-serv gnutls-cli psktool gnutls-cli-debug
if ENABLE_PKI
bin_PROGRAMS += certtool
@@ -77,16 +76,12 @@ noinst_LTLIBRARIES += libcmd-psk.la
libcmd_psk_la_CFLAGS =
libcmd_psk_la_SOURCES = psk.gaa psk-gaa.h psk-gaa.c
-benchmark_cipher_SOURCES = benchmark-cipher.c benchmark.c benchmark.h
-benchmark_cipher_LDADD = ../lib/libgnutls.la ../gl/libgnu.la $(LIB_CLOCK_GETTIME)
+BENCHMARK_SRCS = benchmark-cipher.c benchmark.c benchmark.h benchmark-tls.c
-benchmark_tls_SOURCES = benchmark-tls.c benchmark.c benchmark.h
-benchmark_tls_LDADD = ../lib/libgnutls.la ../gl/libgnu.la $(LIB_CLOCK_GETTIME)
-
-gnutls_cli_SOURCES = cli.c common.h common.c $(PKCS11_SRCS)
+gnutls_cli_SOURCES = cli.c common.h common.c $(PKCS11_SRCS) $(BENCHMARK_SRCS)
gnutls_cli_LDADD = ../lib/libgnutls.la ../libextra/libgnutls-extra.la
gnutls_cli_LDADD += libcmd-cli.la ../gl/libgnu.la
-gnutls_cli_LDADD += $(LTLIBGCRYPT) $(LIBSOCKET) $(GETADDRINFO_LIB)
+gnutls_cli_LDADD += $(LTLIBGCRYPT) $(LIBSOCKET) $(GETADDRINFO_LIB) $(LIB_CLOCK_GETTIME)
noinst_LTLIBRARIES += libcmd-cli.la
libcmd_cli_la_CFLAGS =
libcmd_cli_la_SOURCES = cli.gaa cli-gaa.h cli-gaa.c
diff --git a/src/benchmark-cipher.c b/src/benchmark-cipher.c
index f23c8990d8..d43bc0cd1f 100644
--- a/src/benchmark-cipher.c
+++ b/src/benchmark-cipher.c
@@ -202,14 +202,8 @@ mac_bench (int algo, int size)
free (_key);
}
-int
-main (int argc, char **argv)
+void benchmark_cipher (int debug_level)
{
- int debug_level = 0;
-
- if (argc > 1)
- debug_level = 2;
-
gnutls_global_set_log_function (tls_log_func);
gnutls_global_set_log_level (debug_level);
gnutls_global_init ();
@@ -230,5 +224,5 @@ main (int argc, char **argv)
cipher_bench (GNUTLS_CIPHER_ARCFOUR, 16, 0);
- return 0;
+ gnutls_global_deinit();
}
diff --git a/src/benchmark-tls.c b/src/benchmark-tls.c
index 91117b228f..81b236b594 100644
--- a/src/benchmark-tls.c
+++ b/src/benchmark-tls.c
@@ -51,265 +51,238 @@
/* DH of 2432 bits that is pretty equivalent to 224 bits of ECDH.
*/
const char *pkcs3 =
-"-----BEGIN DH PARAMETERS-----\n"
-"MIICagKCATEBWS7COZB/f58zwMlPUWBEoRwPjS8W0vMl2bGvnbCBYuUkgk0T5uUz\n"
-"bLOV6vMNWxkO/jNLyR06T3nHiqr0j+pYkpGv3PXy0IcIG4CsXySicqCAn/9zmiVO\n"
-"GTkqAZfMskByWZRkSRU9lW8ca7po+PpJ9id2I0SlhDwgcpjw4f47ajXOBeil0uXs\n"
-"NWtQZlcd1NFjTDaToAnmN6x+pS6BXZ2It0/sPPGNdTsvF7Ym0fWWMV6JbZlXDODL\n"
-"kaT81cCdygUvaPEOUAcm/TXcelaTiBMlU2uBtfFjuI45+kzEWkNCNENvULyCoqZ+\n"
-"AH/dqer/DqnliJX7tnnlQLsuT7EIIyXtfM0F7XMLGU3WlKxpgWmWDdhpGHcM5xfv\n"
-"trUZWr/DWfeWyhwDDYashpYXcrYHf7iP3wKCATEA4nwYa0AFL3i1+4DNvZr0O47x\n"
-"pRf7dMK29Nh/WDdhIvl51c532I/2vBSUH4Mjd+Ao+rBxYAutRcz3kF+YhQjcdCMf\n"
-"/aKnbtepJ9Lz5xOKfqZdFfR2ANw7I+rNNd0LKHnzpm12xTZcAX7IT4eoIxrB2FYw\n"
-"vcQ6K2Soaan0clq8iCPuPx1HBPDNpFvQ7H+kF7o9Z0+7W7jFLpsdc2+x1mlo5/iT\n"
-"hw0yjuqm4rNX7VU/Vw1H1m/OIXarzURSE2C70uXBQaaDbOTDb+LZOExR1tGS16ZM\n"
-"PreiK1pH8v64OAbihB+OYd/QLU2y6YBjGPHxJQ/bAYFCnsEslkkgOot6bv81iktB\n"
-"mPny0He9Qafb1DaNMcXBBG9tZVMJD7HwobjciAQJx+bz9Ckb0EvkyD5N2t5ovw==\n"
-"-----END DH PARAMETERS-----\n"
-"\n";
+ "-----BEGIN DH PARAMETERS-----\n"
+ "MIICagKCATEBWS7COZB/f58zwMlPUWBEoRwPjS8W0vMl2bGvnbCBYuUkgk0T5uUz\n"
+ "bLOV6vMNWxkO/jNLyR06T3nHiqr0j+pYkpGv3PXy0IcIG4CsXySicqCAn/9zmiVO\n"
+ "GTkqAZfMskByWZRkSRU9lW8ca7po+PpJ9id2I0SlhDwgcpjw4f47ajXOBeil0uXs\n"
+ "NWtQZlcd1NFjTDaToAnmN6x+pS6BXZ2It0/sPPGNdTsvF7Ym0fWWMV6JbZlXDODL\n"
+ "kaT81cCdygUvaPEOUAcm/TXcelaTiBMlU2uBtfFjuI45+kzEWkNCNENvULyCoqZ+\n"
+ "AH/dqer/DqnliJX7tnnlQLsuT7EIIyXtfM0F7XMLGU3WlKxpgWmWDdhpGHcM5xfv\n"
+ "trUZWr/DWfeWyhwDDYashpYXcrYHf7iP3wKCATEA4nwYa0AFL3i1+4DNvZr0O47x\n"
+ "pRf7dMK29Nh/WDdhIvl51c532I/2vBSUH4Mjd+Ao+rBxYAutRcz3kF+YhQjcdCMf\n"
+ "/aKnbtepJ9Lz5xOKfqZdFfR2ANw7I+rNNd0LKHnzpm12xTZcAX7IT4eoIxrB2FYw\n"
+ "vcQ6K2Soaan0clq8iCPuPx1HBPDNpFvQ7H+kF7o9Z0+7W7jFLpsdc2+x1mlo5/iT\n"
+ "hw0yjuqm4rNX7VU/Vw1H1m/OIXarzURSE2C70uXBQaaDbOTDb+LZOExR1tGS16ZM\n"
+ "PreiK1pH8v64OAbihB+OYd/QLU2y6YBjGPHxJQ/bAYFCnsEslkkgOot6bv81iktB\n"
+ "mPny0He9Qafb1DaNMcXBBG9tZVMJD7HwobjciAQJx+bz9Ckb0EvkyD5N2t5ovw==\n"
+ "-----END DH PARAMETERS-----\n" "\n";
char buffer[64 * 1024];
-static void
-tls_log_func (int level, const char *str)
+static void tls_log_func(int level, const char *str)
{
- fprintf (stderr, "|<%d>| %s", level, str);
+ fprintf(stderr, "|<%d>| %s", level, str);
}
-static void
-test_ciphersuite (const char* cipher_prio, int size)
+static void test_ciphersuite(const char *cipher_prio, int size)
{
- /* Server stuff. */
- gnutls_anon_server_credentials_t s_anoncred;
- const gnutls_datum_t p3 = { (char *) pkcs3, strlen (pkcs3) };
- static gnutls_dh_params_t dh_params;
- gnutls_session_t server;
- int sret, cret;
- const char *str;
- /* Client stuff. */
- gnutls_anon_client_credentials_t c_anoncred;
- gnutls_session_t client;
- /* Need to enable anonymous KX specifically. */
- int ret;
- struct benchmark_st st;
-
- /* Init server */
- gnutls_anon_allocate_server_credentials (&s_anoncred);
- gnutls_dh_params_init (&dh_params);
- gnutls_dh_params_import_pkcs3 (dh_params, &p3, GNUTLS_X509_FMT_PEM);
- gnutls_anon_set_server_dh_params (s_anoncred, dh_params);
- gnutls_init (&server, GNUTLS_SERVER);
- ret = gnutls_priority_set_direct (server, cipher_prio, &str);
- if (ret < 0)
- {
- fprintf (stderr, "Error in %s\n", str);
- exit (1);
+ /* Server stuff. */
+ gnutls_anon_server_credentials_t s_anoncred;
+ const gnutls_datum_t p3 = { (char *) pkcs3, strlen(pkcs3) };
+ static gnutls_dh_params_t dh_params;
+ gnutls_session_t server;
+ int sret, cret;
+ const char *str;
+ /* Client stuff. */
+ gnutls_anon_client_credentials_t c_anoncred;
+ gnutls_session_t client;
+ /* Need to enable anonymous KX specifically. */
+ int ret;
+ struct benchmark_st st;
+
+ /* Init server */
+ gnutls_anon_allocate_server_credentials(&s_anoncred);
+ gnutls_dh_params_init(&dh_params);
+ gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM);
+ gnutls_anon_set_server_dh_params(s_anoncred, dh_params);
+ gnutls_init(&server, GNUTLS_SERVER);
+ ret = gnutls_priority_set_direct(server, cipher_prio, &str);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s\n", str);
+ exit(1);
}
- gnutls_credentials_set (server, GNUTLS_CRD_ANON, s_anoncred);
- gnutls_dh_set_prime_bits (server, 1024);
- gnutls_transport_set_push_function (server, server_push);
- gnutls_transport_set_pull_function (server, server_pull);
- gnutls_transport_set_ptr (server, (gnutls_transport_ptr_t) server);
- reset_buffers();
-
- /* Init client */
- gnutls_anon_allocate_client_credentials (&c_anoncred);
- gnutls_init (&client, GNUTLS_CLIENT);
-
- ret = gnutls_priority_set_direct (client, cipher_prio, &str);
- if (ret < 0)
- {
- fprintf (stderr, "Error in %s\n", str);
- exit (1);
+ gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred);
+ gnutls_dh_set_prime_bits(server, 1024);
+ gnutls_transport_set_push_function(server, server_push);
+ gnutls_transport_set_pull_function(server, server_pull);
+ gnutls_transport_set_ptr(server, (gnutls_transport_ptr_t) server);
+ reset_buffers();
+
+ /* Init client */
+ gnutls_anon_allocate_client_credentials(&c_anoncred);
+ gnutls_init(&client, GNUTLS_CLIENT);
+
+ ret = gnutls_priority_set_direct(client, cipher_prio, &str);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s\n", str);
+ exit(1);
}
- gnutls_credentials_set (client, GNUTLS_CRD_ANON, c_anoncred);
- gnutls_transport_set_push_function (client, client_push);
- gnutls_transport_set_pull_function (client, client_pull);
- gnutls_transport_set_ptr (client, (gnutls_transport_ptr_t) client);
+ gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred);
+ gnutls_transport_set_push_function(client, client_push);
+ gnutls_transport_set_pull_function(client, client_pull);
+ gnutls_transport_set_ptr(client, (gnutls_transport_ptr_t) client);
- HANDSHAKE (client, server);
+ HANDSHAKE(client, server);
- fprintf (stdout, "Testing %s with %d packet size: ",
- gnutls_cipher_suite_get_name(gnutls_kx_get(server),
- gnutls_cipher_get(server), gnutls_mac_get(server)), size);
- fflush (stdout);
+ fprintf(stdout, "Testing %s with %d packet size: ",
+ gnutls_cipher_suite_get_name(gnutls_kx_get(server),
+ gnutls_cipher_get(server),
+ gnutls_mac_get(server)), size);
+ fflush(stdout);
- gnutls_rnd (GNUTLS_RND_NONCE, buffer, sizeof (buffer));
+ gnutls_rnd(GNUTLS_RND_NONCE, buffer, sizeof(buffer));
- start_benchmark (&st);
+ start_benchmark(&st);
- do
- {
- do
- {
- ret = gnutls_record_send (client, buffer, size);
+ do {
+ do {
+ ret = gnutls_record_send(client, buffer, size);
}
- while (ret == GNUTLS_E_AGAIN);
+ while (ret == GNUTLS_E_AGAIN);
- if (ret < 0)
- {
- fprintf (stderr, "Failed sending to server\n");
- exit (1);
+ if (ret < 0) {
+ fprintf(stderr, "Failed sending to server\n");
+ exit(1);
}
- do
- {
- ret = gnutls_record_recv (server, buffer, sizeof (buffer));
+ do {
+ ret = gnutls_record_recv(server, buffer, sizeof(buffer));
}
- while (ret == GNUTLS_E_AGAIN);
+ while (ret == GNUTLS_E_AGAIN);
- if (ret < 0)
- {
- fprintf (stderr, "Failed receiving from client\n");
- exit (1);
+ if (ret < 0) {
+ fprintf(stderr, "Failed receiving from client\n");
+ exit(1);
}
- st.size += size;
+ st.size += size;
}
- while (benchmark_must_finish == 0);
+ while (benchmark_must_finish == 0);
- stop_benchmark (&st, NULL);
+ stop_benchmark(&st, NULL);
- gnutls_bye (client, GNUTLS_SHUT_WR);
- gnutls_bye (server, GNUTLS_SHUT_WR);
+ gnutls_bye(client, GNUTLS_SHUT_WR);
+ gnutls_bye(server, GNUTLS_SHUT_WR);
- gnutls_deinit (client);
- gnutls_deinit (server);
+ gnutls_deinit(client);
+ gnutls_deinit(server);
- gnutls_anon_free_client_credentials (c_anoncred);
- gnutls_anon_free_server_credentials (s_anoncred);
+ gnutls_anon_free_client_credentials(c_anoncred);
+ gnutls_anon_free_server_credentials(s_anoncred);
- gnutls_dh_params_deinit (dh_params);
+ gnutls_dh_params_deinit(dh_params);
}
-static void
-test_ciphersuite_kx (const char* cipher_prio)
+static void test_ciphersuite_kx(const char *cipher_prio)
{
- /* Server stuff. */
- gnutls_anon_server_credentials_t s_anoncred;
- const gnutls_datum_t p3 = { (char *) pkcs3, strlen (pkcs3) };
- static gnutls_dh_params_t dh_params;
- gnutls_session_t server;
- int sret, cret;
- const char *str;
- const char* suite=NULL;
- /* Client stuff. */
- gnutls_anon_client_credentials_t c_anoncred;
- gnutls_session_t client;
- /* Need to enable anonymous KX specifically. */
- int ret;
- struct benchmark_st st;
-
- /* Init server */
- gnutls_anon_allocate_server_credentials (&s_anoncred);
- gnutls_dh_params_init (&dh_params);
- gnutls_dh_params_import_pkcs3 (dh_params, &p3, GNUTLS_X509_FMT_PEM);
- gnutls_anon_set_server_dh_params (s_anoncred, dh_params);
-
- start_benchmark (&st);
-
- do
- {
- gnutls_init (&server, GNUTLS_SERVER);
- ret = gnutls_priority_set_direct (server, cipher_prio, &str);
- if (ret < 0)
- {
- fprintf (stderr, "Error in %s\n", str);
- exit (1);
- }
- gnutls_credentials_set (server, GNUTLS_CRD_ANON, s_anoncred);
- gnutls_transport_set_push_function (server, server_push);
- gnutls_transport_set_pull_function (server, server_pull);
- gnutls_transport_set_ptr (server, (gnutls_transport_ptr_t) server);
- reset_buffers();
-
- /* Init client */
- gnutls_anon_allocate_client_credentials (&c_anoncred);
- gnutls_init (&client, GNUTLS_CLIENT);
-
- ret = gnutls_priority_set_direct (client, cipher_prio, &str);
- if (ret < 0)
- {
- fprintf (stderr, "Error in %s\n", str);
- exit (1);
- }
- gnutls_credentials_set (client, GNUTLS_CRD_ANON, c_anoncred);
- gnutls_transport_set_push_function (client, client_push);
- gnutls_transport_set_pull_function (client, client_pull);
- gnutls_transport_set_ptr (client, (gnutls_transport_ptr_t) client);
+ /* Server stuff. */
+ gnutls_anon_server_credentials_t s_anoncred;
+ const gnutls_datum_t p3 = { (char *) pkcs3, strlen(pkcs3) };
+ static gnutls_dh_params_t dh_params;
+ gnutls_session_t server;
+ int sret, cret;
+ const char *str;
+ const char *suite = NULL;
+ /* Client stuff. */
+ gnutls_anon_client_credentials_t c_anoncred;
+ gnutls_session_t client;
+ /* Need to enable anonymous KX specifically. */
+ int ret;
+ struct benchmark_st st;
+
+ /* Init server */
+ gnutls_anon_allocate_server_credentials(&s_anoncred);
+ gnutls_dh_params_init(&dh_params);
+ gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM);
+ gnutls_anon_set_server_dh_params(s_anoncred, dh_params);
+
+ start_benchmark(&st);
+
+ do {
+ gnutls_init(&server, GNUTLS_SERVER);
+ ret = gnutls_priority_set_direct(server, cipher_prio, &str);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s\n", str);
+ exit(1);
+ }
+ gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred);
+ gnutls_transport_set_push_function(server, server_push);
+ gnutls_transport_set_pull_function(server, server_pull);
+ gnutls_transport_set_ptr(server, (gnutls_transport_ptr_t) server);
+ reset_buffers();
+
+ /* Init client */
+ gnutls_anon_allocate_client_credentials(&c_anoncred);
+ gnutls_init(&client, GNUTLS_CLIENT);
+
+ ret = gnutls_priority_set_direct(client, cipher_prio, &str);
+ if (ret < 0) {
+ fprintf(stderr, "Error in %s\n", str);
+ exit(1);
+ }
+ gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred);
+ gnutls_transport_set_push_function(client, client_push);
+ gnutls_transport_set_pull_function(client, client_pull);
+ gnutls_transport_set_ptr(client, (gnutls_transport_ptr_t) client);
- HANDSHAKE (client, server);
+ HANDSHAKE(client, server);
- if (suite==NULL)
- suite = gnutls_cipher_suite_get_name(gnutls_kx_get(server),
- gnutls_cipher_get(server), gnutls_mac_get(server));
+ if (suite == NULL)
+ suite = gnutls_cipher_suite_get_name(gnutls_kx_get(server),
+ gnutls_cipher_get(server),
+ gnutls_mac_get(server));
- gnutls_deinit (client);
- gnutls_deinit (server);
+ gnutls_deinit(client);
+ gnutls_deinit(server);
- st.size += 1;
+ st.size += 1;
}
- while (benchmark_must_finish == 0);
+ while (benchmark_must_finish == 0);
- fprintf (stdout, "Tested %s: ", suite);
- stop_benchmark (&st, "transactions");
+ fprintf(stdout, "Tested %s: ", suite);
+ stop_benchmark(&st, "transactions");
- gnutls_anon_free_client_credentials (c_anoncred);
- gnutls_anon_free_server_credentials (s_anoncred);
+ gnutls_anon_free_client_credentials(c_anoncred);
+ gnutls_anon_free_server_credentials(s_anoncred);
- gnutls_dh_params_deinit (dh_params);
+ gnutls_dh_params_deinit(dh_params);
}
-int
-main (int argc, char **argv)
+void benchmark_tls(int debug_level)
{
-int ciphers = 1;
-
- if (argc > 1)
- {
- if (strcmp(argv[1], "--kx")==0)
- {
- ciphers = 0;
- }
- else if (strcmp(argv[1], "-v")==0)
- {
- gnutls_global_set_log_function (tls_log_func);
- gnutls_global_set_log_level (2);
- }
- }
- gnutls_global_init ();
-
- if (ciphers != 0)
- {
- printf("Testing throughput in cipher/MAC combinations:\n");
- test_ciphersuite (PRIO_ARCFOUR_128_MD5, 1024);
- test_ciphersuite (PRIO_ARCFOUR_128_MD5, 4096);
- test_ciphersuite (PRIO_ARCFOUR_128_MD5, 8*1024);
- test_ciphersuite (PRIO_ARCFOUR_128_MD5, 15*1024);
-
- test_ciphersuite (PRIO_AES_GCM, 1024);
- test_ciphersuite (PRIO_AES_GCM, 4096);
- test_ciphersuite (PRIO_AES_GCM, 8*1024);
- test_ciphersuite (PRIO_AES_GCM, 15*1024);
-
- test_ciphersuite (PRIO_AES_CBC_SHA1, 1024);
- test_ciphersuite (PRIO_AES_CBC_SHA1, 4096);
- test_ciphersuite (PRIO_AES_CBC_SHA1, 8*1024);
- test_ciphersuite (PRIO_AES_CBC_SHA1, 15*1024);
-
- test_ciphersuite (PRIO_CAMELLIA_CBC_SHA1, 1024);
- test_ciphersuite (PRIO_CAMELLIA_CBC_SHA1, 4096);
- test_ciphersuite (PRIO_CAMELLIA_CBC_SHA1, 8*1024);
- test_ciphersuite (PRIO_CAMELLIA_CBC_SHA1, 15*1024);
- printf("\n");
- }
-
- printf("Testing key exchanges:\n");
- test_ciphersuite_kx (PRIO_DH);
- test_ciphersuite_kx (PRIO_ECDH);
-
-
- gnutls_global_deinit ();
+ gnutls_global_set_log_function(tls_log_func);
+ gnutls_global_set_log_level(debug_level);
+ gnutls_global_init();
+
+ printf("Testing throughput in cipher/MAC combinations:\n");
+ test_ciphersuite(PRIO_ARCFOUR_128_MD5, 1024);
+ test_ciphersuite(PRIO_ARCFOUR_128_MD5, 4096);
+ test_ciphersuite(PRIO_ARCFOUR_128_MD5, 8 * 1024);
+ test_ciphersuite(PRIO_ARCFOUR_128_MD5, 15 * 1024);
+
+ test_ciphersuite(PRIO_AES_GCM, 1024);
+ test_ciphersuite(PRIO_AES_GCM, 4096);
+ test_ciphersuite(PRIO_AES_GCM, 8 * 1024);
+ test_ciphersuite(PRIO_AES_GCM, 15 * 1024);
+
+ test_ciphersuite(PRIO_AES_CBC_SHA1, 1024);
+ test_ciphersuite(PRIO_AES_CBC_SHA1, 4096);
+ test_ciphersuite(PRIO_AES_CBC_SHA1, 8 * 1024);
+ test_ciphersuite(PRIO_AES_CBC_SHA1, 15 * 1024);
+
+ test_ciphersuite(PRIO_CAMELLIA_CBC_SHA1, 1024);
+ test_ciphersuite(PRIO_CAMELLIA_CBC_SHA1, 4096);
+ test_ciphersuite(PRIO_CAMELLIA_CBC_SHA1, 8 * 1024);
+ test_ciphersuite(PRIO_CAMELLIA_CBC_SHA1, 15 * 1024);
+ printf("\n");
+
+ printf("Testing key exchanges:\n");
+ test_ciphersuite_kx(PRIO_DH);
+ test_ciphersuite_kx(PRIO_ECDH);
+
+
+ gnutls_global_deinit();
+
}
diff --git a/src/benchmark.h b/src/benchmark.h
index b5a7f86a4f..1485a034ec 100644
--- a/src/benchmark.h
+++ b/src/benchmark.h
@@ -5,6 +5,9 @@
typedef void (*sighandler_t)(int);
+void benchmark_cipher (int debug_level);
+void benchmark_tls (int debug_level);
+
struct benchmark_st
{
struct timespec start;
diff --git a/src/cli-gaa.c b/src/cli-gaa.c
index fc0f53fbd2..7c86e2b569 100644
--- a/src/cli-gaa.c
+++ b/src/cli-gaa.c
@@ -8,6 +8,7 @@
#include <config.h>
#include <common.h>
+#include <benchmark.h>
void cli_version(void);
@@ -156,6 +157,8 @@ void gaa_help(void)
__gaa_helpsingle(0, "pskkey", "KEY ", "PSK key (in hex) to use.");
__gaa_helpsingle('p', "port", "PORT ", "The port to connect to.");
__gaa_helpsingle(0, "insecure", "", "Don't abort program if server certificate can't be validated.");
+ __gaa_helpsingle(0, "benchmark-ciphers", "", "Benchmark individual ciphers.");
+ __gaa_helpsingle(0, "benchmark-tls", "", "Benchmark ciphers and key exchange methods in TLS.");
__gaa_helpsingle('l', "list", "", "Print a list of the supported algorithms and modes.");
__gaa_helpsingle('h', "help", "", "prints this help");
__gaa_helpsingle('v', "version", "", "prints the program's version number");
@@ -173,65 +176,65 @@ typedef struct _gaainfo gaainfo;
struct _gaainfo
{
-#line 106 "cli.gaa"
+#line 110 "cli.gaa"
char *rest_args;
-#line 98 "cli.gaa"
+#line 99 "cli.gaa"
int insecure;
-#line 95 "cli.gaa"
+#line 96 "cli.gaa"
char *port;
-#line 92 "cli.gaa"
+#line 93 "cli.gaa"
char *psk_key;
-#line 89 "cli.gaa"
+#line 90 "cli.gaa"
char *psk_username;
-#line 86 "cli.gaa"
+#line 87 "cli.gaa"
char *srp_passwd;
-#line 83 "cli.gaa"
+#line 84 "cli.gaa"
char *srp_username;
-#line 80 "cli.gaa"
+#line 81 "cli.gaa"
char *x509_certfile;
-#line 77 "cli.gaa"
+#line 78 "cli.gaa"
char *x509_keyfile;
-#line 74 "cli.gaa"
+#line 75 "cli.gaa"
char *pgp_subkey;
-#line 71 "cli.gaa"
+#line 72 "cli.gaa"
char *pgp_certfile;
-#line 68 "cli.gaa"
+#line 69 "cli.gaa"
char *pgp_keyring;
-#line 65 "cli.gaa"
+#line 66 "cli.gaa"
char *pgp_keyfile;
-#line 62 "cli.gaa"
+#line 63 "cli.gaa"
char *x509_crlfile;
-#line 59 "cli.gaa"
+#line 60 "cli.gaa"
char *x509_cafile;
-#line 56 "cli.gaa"
+#line 57 "cli.gaa"
char *priorities;
-#line 53 "cli.gaa"
+#line 54 "cli.gaa"
int verbose;
-#line 50 "cli.gaa"
+#line 51 "cli.gaa"
int record_size;
-#line 47 "cli.gaa"
+#line 48 "cli.gaa"
int print_cert;
-#line 44 "cli.gaa"
+#line 45 "cli.gaa"
int disable_extensions;
-#line 41 "cli.gaa"
+#line 42 "cli.gaa"
int fingerprint;
-#line 38 "cli.gaa"
+#line 39 "cli.gaa"
int fmtder;
-#line 35 "cli.gaa"
+#line 36 "cli.gaa"
int crlf;
-#line 32 "cli.gaa"
+#line 33 "cli.gaa"
int mtu;
-#line 29 "cli.gaa"
+#line 30 "cli.gaa"
int udp;
-#line 26 "cli.gaa"
+#line 27 "cli.gaa"
int starttls;
-#line 23 "cli.gaa"
+#line 24 "cli.gaa"
int noticket;
-#line 20 "cli.gaa"
+#line 21 "cli.gaa"
int rehandshake;
-#line 17 "cli.gaa"
+#line 18 "cli.gaa"
int resume;
-#line 14 "cli.gaa"
+#line 15 "cli.gaa"
int debug;
#line 114 "gaa.skel"
@@ -287,39 +290,41 @@ static int gaa_error = 0;
#define GAA_MULTIPLE_OPTION 3
#define GAA_REST 0
-#define GAA_NB_OPTION 32
+#define GAA_NB_OPTION 34
#define GAAOPTID_version 1
#define GAAOPTID_help 2
#define GAAOPTID_list 3
-#define GAAOPTID_insecure 4
-#define GAAOPTID_port 5
-#define GAAOPTID_pskkey 6
-#define GAAOPTID_pskusername 7
-#define GAAOPTID_srppasswd 8
-#define GAAOPTID_srpusername 9
-#define GAAOPTID_x509certfile 10
-#define GAAOPTID_x509keyfile 11
-#define GAAOPTID_pgpsubkey 12
-#define GAAOPTID_pgpcertfile 13
-#define GAAOPTID_pgpkeyring 14
-#define GAAOPTID_pgpkeyfile 15
-#define GAAOPTID_x509crlfile 16
-#define GAAOPTID_x509cafile 17
-#define GAAOPTID_priority 18
-#define GAAOPTID_verbose 19
-#define GAAOPTID_recordsize 20
-#define GAAOPTID_print_cert 21
-#define GAAOPTID_disable_extensions 22
-#define GAAOPTID_fingerprint 23
-#define GAAOPTID_x509fmtder 24
-#define GAAOPTID_crlf 25
-#define GAAOPTID_mtu 26
-#define GAAOPTID_udp 27
-#define GAAOPTID_starttls 28
-#define GAAOPTID_noticket 29
-#define GAAOPTID_rehandshake 30
-#define GAAOPTID_resume 31
-#define GAAOPTID_debug 32
+#define GAAOPTID_benchmark_tls 4
+#define GAAOPTID_benchmark_ciphers 5
+#define GAAOPTID_insecure 6
+#define GAAOPTID_port 7
+#define GAAOPTID_pskkey 8
+#define GAAOPTID_pskusername 9
+#define GAAOPTID_srppasswd 10
+#define GAAOPTID_srpusername 11
+#define GAAOPTID_x509certfile 12
+#define GAAOPTID_x509keyfile 13
+#define GAAOPTID_pgpsubkey 14
+#define GAAOPTID_pgpcertfile 15
+#define GAAOPTID_pgpkeyring 16
+#define GAAOPTID_pgpkeyfile 17
+#define GAAOPTID_x509crlfile 18
+#define GAAOPTID_x509cafile 19
+#define GAAOPTID_priority 20
+#define GAAOPTID_verbose 21
+#define GAAOPTID_recordsize 22
+#define GAAOPTID_print_cert 23
+#define GAAOPTID_disable_extensions 24
+#define GAAOPTID_fingerprint 25
+#define GAAOPTID_x509fmtder 26
+#define GAAOPTID_crlf 27
+#define GAAOPTID_mtu 28
+#define GAAOPTID_udp 29
+#define GAAOPTID_starttls 30
+#define GAAOPTID_noticket 31
+#define GAAOPTID_rehandshake 32
+#define GAAOPTID_resume 33
+#define GAAOPTID_debug 34
#line 168 "gaa.skel"
@@ -666,6 +671,8 @@ static int gaa_get_option_num(char *str, int status)
GAA_CHECK1STR("v", GAAOPTID_version);
GAA_CHECK1STR("h", GAAOPTID_help);
GAA_CHECK1STR("l", GAAOPTID_list);
+ GAA_CHECK1STR("", GAAOPTID_benchmark_tls);
+ GAA_CHECK1STR("", GAAOPTID_benchmark_ciphers);
GAA_CHECK1STR("", GAAOPTID_insecure);
GAA_CHECK1STR("V", GAAOPTID_verbose);
GAA_CHECK1STR("", GAAOPTID_print_cert);
@@ -685,6 +692,8 @@ static int gaa_get_option_num(char *str, int status)
GAA_CHECKSTR("version", GAAOPTID_version);
GAA_CHECKSTR("help", GAAOPTID_help);
GAA_CHECKSTR("list", GAAOPTID_list);
+ GAA_CHECKSTR("benchmark-tls", GAAOPTID_benchmark_tls);
+ GAA_CHECKSTR("benchmark-ciphers", GAAOPTID_benchmark_ciphers);
GAA_CHECKSTR("insecure", GAAOPTID_insecure);
GAA_CHECKSTR("port", GAAOPTID_port);
GAA_CHECKSTR("pskkey", GAAOPTID_pskkey);
@@ -765,28 +774,42 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
{
case GAAOPTID_version:
OK = 0;
-#line 104 "cli.gaa"
+#line 108 "cli.gaa"
{ cli_version(); exit(0); ;};
return GAA_OK;
break;
case GAAOPTID_help:
OK = 0;
-#line 102 "cli.gaa"
+#line 106 "cli.gaa"
{ gaa_help(); exit(0); ;};
return GAA_OK;
break;
case GAAOPTID_list:
OK = 0;
-#line 101 "cli.gaa"
+#line 105 "cli.gaa"
{ print_list(gaaval->verbose); exit(0); ;};
return GAA_OK;
break;
+ case GAAOPTID_benchmark_tls:
+ OK = 0;
+#line 103 "cli.gaa"
+{ benchmark_tls(gaaval->debug); exit(0) ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_benchmark_ciphers:
+ OK = 0;
+#line 102 "cli.gaa"
+{ benchmark_cipher(gaaval->debug); exit(0) ;};
+
+ return GAA_OK;
+ break;
case GAAOPTID_insecure:
OK = 0;
-#line 99 "cli.gaa"
+#line 100 "cli.gaa"
{ gaaval->insecure = 1 ;};
return GAA_OK;
@@ -796,7 +819,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_port.arg1, gaa_getstr, GAATMP_port.size1);
gaa_index++;
-#line 96 "cli.gaa"
+#line 97 "cli.gaa"
{ gaaval->port = GAATMP_port.arg1 ;};
return GAA_OK;
@@ -806,7 +829,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_pskkey.arg1, gaa_getstr, GAATMP_pskkey.size1);
gaa_index++;
-#line 93 "cli.gaa"
+#line 94 "cli.gaa"
{ gaaval->psk_key = GAATMP_pskkey.arg1 ;};
return GAA_OK;
@@ -816,7 +839,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_pskusername.arg1, gaa_getstr, GAATMP_pskusername.size1);
gaa_index++;
-#line 90 "cli.gaa"
+#line 91 "cli.gaa"
{ gaaval->psk_username = GAATMP_pskusername.arg1 ;};
return GAA_OK;
@@ -826,7 +849,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_srppasswd.arg1, gaa_getstr, GAATMP_srppasswd.size1);
gaa_index++;
-#line 87 "cli.gaa"
+#line 88 "cli.gaa"
{ gaaval->srp_passwd = GAATMP_srppasswd.arg1 ;};
return GAA_OK;
@@ -836,7 +859,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_srpusername.arg1, gaa_getstr, GAATMP_srpusername.size1);
gaa_index++;
-#line 84 "cli.gaa"
+#line 85 "cli.gaa"
{ gaaval->srp_username = GAATMP_srpusername.arg1 ;};
return GAA_OK;
@@ -846,7 +869,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_x509certfile.arg1, gaa_getstr, GAATMP_x509certfile.size1);
gaa_index++;
-#line 81 "cli.gaa"
+#line 82 "cli.gaa"
{ gaaval->x509_certfile = GAATMP_x509certfile.arg1 ;};
return GAA_OK;
@@ -856,7 +879,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_x509keyfile.arg1, gaa_getstr, GAATMP_x509keyfile.size1);
gaa_index++;
-#line 78 "cli.gaa"
+#line 79 "cli.gaa"
{ gaaval->x509_keyfile = GAATMP_x509keyfile.arg1 ;};
return GAA_OK;
@@ -866,7 +889,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_pgpsubkey.arg1, gaa_getstr, GAATMP_pgpsubkey.size1);
gaa_index++;
-#line 75 "cli.gaa"
+#line 76 "cli.gaa"
{ gaaval->pgp_subkey = GAATMP_pgpsubkey.arg1 ;};
return GAA_OK;
@@ -876,7 +899,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_pgpcertfile.arg1, gaa_getstr, GAATMP_pgpcertfile.size1);
gaa_index++;
-#line 72 "cli.gaa"
+#line 73 "cli.gaa"
{ gaaval->pgp_certfile = GAATMP_pgpcertfile.arg1 ;};
return GAA_OK;
@@ -886,7 +909,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_pgpkeyring.arg1, gaa_getstr, GAATMP_pgpkeyring.size1);
gaa_index++;
-#line 69 "cli.gaa"
+#line 70 "cli.gaa"
{ gaaval->pgp_keyring = GAATMP_pgpkeyring.arg1 ;};
return GAA_OK;
@@ -896,7 +919,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_pgpkeyfile.arg1, gaa_getstr, GAATMP_pgpkeyfile.size1);
gaa_index++;
-#line 66 "cli.gaa"
+#line 67 "cli.gaa"
{ gaaval->pgp_keyfile = GAATMP_pgpkeyfile.arg1 ;};
return GAA_OK;
@@ -906,7 +929,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_x509crlfile.arg1, gaa_getstr, GAATMP_x509crlfile.size1);
gaa_index++;
-#line 63 "cli.gaa"
+#line 64 "cli.gaa"
{ gaaval->x509_crlfile = GAATMP_x509crlfile.arg1 ;};
return GAA_OK;
@@ -916,7 +939,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_x509cafile.arg1, gaa_getstr, GAATMP_x509cafile.size1);
gaa_index++;
-#line 60 "cli.gaa"
+#line 61 "cli.gaa"
{ gaaval->x509_cafile = GAATMP_x509cafile.arg1 ;};
return GAA_OK;
@@ -926,14 +949,14 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_priority.arg1, gaa_getstr, GAATMP_priority.size1);
gaa_index++;
-#line 57 "cli.gaa"
+#line 58 "cli.gaa"
{ gaaval->priorities = GAATMP_priority.arg1 ;};
return GAA_OK;
break;
case GAAOPTID_verbose:
OK = 0;
-#line 54 "cli.gaa"
+#line 55 "cli.gaa"
{ gaaval->verbose = 1 ;};
return GAA_OK;
@@ -943,42 +966,42 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_recordsize.arg1, gaa_getint, GAATMP_recordsize.size1);
gaa_index++;
-#line 51 "cli.gaa"
+#line 52 "cli.gaa"
{ gaaval->record_size = GAATMP_recordsize.arg1 ;};
return GAA_OK;
break;
case GAAOPTID_print_cert:
OK = 0;
-#line 48 "cli.gaa"
+#line 49 "cli.gaa"
{ gaaval->print_cert = 1 ;};
return GAA_OK;
break;
case GAAOPTID_disable_extensions:
OK = 0;
-#line 45 "cli.gaa"
+#line 46 "cli.gaa"
{ gaaval->disable_extensions = 1 ;};
return GAA_OK;
break;
case GAAOPTID_fingerprint:
OK = 0;
-#line 42 "cli.gaa"
+#line 43 "cli.gaa"
{ gaaval->fingerprint = 1 ;};
return GAA_OK;
break;
case GAAOPTID_x509fmtder:
OK = 0;
-#line 39 "cli.gaa"
+#line 40 "cli.gaa"
{ gaaval->fmtder = 1 ;};
return GAA_OK;
break;
case GAAOPTID_crlf:
OK = 0;
-#line 36 "cli.gaa"
+#line 37 "cli.gaa"
{ gaaval->crlf = 1 ;};
return GAA_OK;
@@ -988,42 +1011,42 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_mtu.arg1, gaa_getint, GAATMP_mtu.size1);
gaa_index++;
-#line 33 "cli.gaa"
+#line 34 "cli.gaa"
{ gaaval->mtu = GAATMP_mtu.arg1 ;};
return GAA_OK;
break;
case GAAOPTID_udp:
OK = 0;
-#line 30 "cli.gaa"
+#line 31 "cli.gaa"
{ gaaval->udp = 1 ;};
return GAA_OK;
break;
case GAAOPTID_starttls:
OK = 0;
-#line 27 "cli.gaa"
+#line 28 "cli.gaa"
{ gaaval->starttls = 1 ;};
return GAA_OK;
break;
case GAAOPTID_noticket:
OK = 0;
-#line 24 "cli.gaa"
+#line 25 "cli.gaa"
{ gaaval->noticket = 1 ;};
return GAA_OK;
break;
case GAAOPTID_rehandshake:
OK = 0;
-#line 21 "cli.gaa"
+#line 22 "cli.gaa"
{ gaaval->rehandshake = 1 ;};
return GAA_OK;
break;
case GAAOPTID_resume:
OK = 0;
-#line 18 "cli.gaa"
+#line 19 "cli.gaa"
{ gaaval->resume = 1 ;};
return GAA_OK;
@@ -1033,7 +1056,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_debug.arg1, gaa_getint, GAATMP_debug.size1);
gaa_index++;
-#line 15 "cli.gaa"
+#line 16 "cli.gaa"
{ gaaval->debug = GAATMP_debug.arg1 ;};
return GAA_OK;
@@ -1042,7 +1065,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAAREST_tmp.arg1, gaa_getstr, GAAREST_tmp.size1);
gaa_index++;
-#line 107 "cli.gaa"
+#line 111 "cli.gaa"
{ gaaval->rest_args = GAAREST_tmp.arg1; ;};
return GAA_OK;
@@ -1071,7 +1094,7 @@ int gaa(int argc, char **argv, gaainfo *gaaval)
if(inited == 0)
{
-#line 109 "cli.gaa"
+#line 113 "cli.gaa"
{ gaaval->resume=0; gaaval->noticket=0; gaaval->port="443"; gaaval->rest_args=NULL;
gaaval->record_size=0;
gaaval->fingerprint=0; gaaval->pgp_keyring=NULL; gaaval->x509_crlfile = NULL;
@@ -1228,7 +1251,7 @@ static int gaa_internal_get_next_str(FILE *file, gaa_str_node *tmp_str, int argc
len++;
a = fgetc( file);
- if(a==EOF) return 0; //a = ' ';
+ if(a==EOF) return 0;
}
len += 1;
diff --git a/src/cli-gaa.h b/src/cli-gaa.h
index bebca5f10e..d4a5188b75 100644
--- a/src/cli-gaa.h
+++ b/src/cli-gaa.h
@@ -8,65 +8,65 @@ typedef struct _gaainfo gaainfo;
struct _gaainfo
{
-#line 106 "cli.gaa"
+#line 110 "cli.gaa"
char *rest_args;
-#line 98 "cli.gaa"
+#line 99 "cli.gaa"
int insecure;
-#line 95 "cli.gaa"
+#line 96 "cli.gaa"
char *port;
-#line 92 "cli.gaa"
+#line 93 "cli.gaa"
char *psk_key;
-#line 89 "cli.gaa"
+#line 90 "cli.gaa"
char *psk_username;
-#line 86 "cli.gaa"
+#line 87 "cli.gaa"
char *srp_passwd;
-#line 83 "cli.gaa"
+#line 84 "cli.gaa"
char *srp_username;
-#line 80 "cli.gaa"
+#line 81 "cli.gaa"
char *x509_certfile;
-#line 77 "cli.gaa"
+#line 78 "cli.gaa"
char *x509_keyfile;
-#line 74 "cli.gaa"
+#line 75 "cli.gaa"
char *pgp_subkey;
-#line 71 "cli.gaa"
+#line 72 "cli.gaa"
char *pgp_certfile;
-#line 68 "cli.gaa"
+#line 69 "cli.gaa"
char *pgp_keyring;
-#line 65 "cli.gaa"
+#line 66 "cli.gaa"
char *pgp_keyfile;
-#line 62 "cli.gaa"
+#line 63 "cli.gaa"
char *x509_crlfile;
-#line 59 "cli.gaa"
+#line 60 "cli.gaa"
char *x509_cafile;
-#line 56 "cli.gaa"
+#line 57 "cli.gaa"
char *priorities;
-#line 53 "cli.gaa"
+#line 54 "cli.gaa"
int verbose;
-#line 50 "cli.gaa"
+#line 51 "cli.gaa"
int record_size;
-#line 47 "cli.gaa"
+#line 48 "cli.gaa"
int print_cert;
-#line 44 "cli.gaa"
+#line 45 "cli.gaa"
int disable_extensions;
-#line 41 "cli.gaa"
+#line 42 "cli.gaa"
int fingerprint;
-#line 38 "cli.gaa"
+#line 39 "cli.gaa"
int fmtder;
-#line 35 "cli.gaa"
+#line 36 "cli.gaa"
int crlf;
-#line 32 "cli.gaa"
+#line 33 "cli.gaa"
int mtu;
-#line 29 "cli.gaa"
+#line 30 "cli.gaa"
int udp;
-#line 26 "cli.gaa"
+#line 27 "cli.gaa"
int starttls;
-#line 23 "cli.gaa"
+#line 24 "cli.gaa"
int noticket;
-#line 20 "cli.gaa"
+#line 21 "cli.gaa"
int rehandshake;
-#line 17 "cli.gaa"
+#line 18 "cli.gaa"
int resume;
-#line 14 "cli.gaa"
+#line 15 "cli.gaa"
int debug;
#line 114 "gaa.skel"
diff --git a/src/cli.gaa b/src/cli.gaa
index 0576d5ffd3..1d1c74f7d1 100644
--- a/src/cli.gaa
+++ b/src/cli.gaa
@@ -4,6 +4,7 @@
#include <config.h>
#include <common.h>
+#include <benchmark.h>
void cli_version(void);
@@ -98,6 +99,9 @@ option (p, port) STR "PORT" { $port = $1 } "The port to connect to."
#int insecure;
option (insecure) { $insecure = 1 } "Don't abort program if server certificate can't be validated."
+option ( benchmark-ciphers) { benchmark_cipher($debug); exit(0) } "Benchmark individual ciphers."
+option ( benchmark-tls) { benchmark_tls($debug); exit(0) } "Benchmark ciphers and key exchange methods in TLS."
+
option (l, list) { print_list($verbose); exit(0); } "Print a list of the supported algorithms and modes."
option (h, help) { gaa_help(); exit(0); } "prints this help"