From 1babf0c5834fb39c5c1064b59180adaf386c6e01 Mon Sep 17 00:00:00 2001
From: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Date: Tue, 24 Dec 2019 16:26:27 +0300
Subject: benchmark: enable benchmarking of GOST CNT ciphersuite/KX

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
---
 src/benchmark-tls.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)

diff --git a/src/benchmark-tls.c b/src/benchmark-tls.c
index 9df0102cfe..14a3d190cc 100644
--- a/src/benchmark-tls.c
+++ b/src/benchmark-tls.c
@@ -61,6 +61,7 @@ const char *side = "";
 #define PRIO_TLS12_CHACHA_POLY1305 "NONE:+VERS-TLS1.2:+CHACHA20-POLY1305:+AEAD:+SIGN-ALL:+COMP-NULL:+ECDHE-RSA:+CURVE-ALL"
 #define PRIO_CHACHA_POLY1305 "NONE:+VERS-TLS1.3:+CHACHA20-POLY1305:+AEAD:+SIGN-ALL:+COMP-NULL:+ECDHE-RSA:+CURVE-ALL"
 #define PRIO_CAMELLIA_CBC_SHA1 "NONE:+VERS-TLS1.0:+CAMELLIA-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA"
+#define PRIO_GOST_CNT "NONE:+VERS-TLS1.2:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-ALL:+SIGN-GOSTR341012-256:+COMP-NULL:+VKO-GOST-12:+GROUP-GOST-ALL"
 
 static const int rsa_bits = 3072, ec_bits = 256;
 
@@ -202,6 +203,42 @@ static unsigned char server_ed25519_cert_pem[] =
 	"7barRoh+qx7ZVYpe+5w3JYuxy16w\n"
 	"-----END CERTIFICATE-----\n";
 
+#ifdef ENABLE_GOST
+static unsigned char server_gost12_256_key_pem[] =
+	"-----BEGIN PRIVATE KEY-----\n"
+	"MEgCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIkAAYIKoUDBwEBAgIEIgQg0+JttJEV\n"
+	"Ud+XBzX9q13ByKK+j2b+mEmNIo1yB0wGleo=\n"
+	"-----END PRIVATE KEY-----\n";
+
+static unsigned char server_gost12_256_cert_pem[] =
+	"-----BEGIN CERTIFICATE-----\n"
+	"MIIC8DCCAVigAwIBAgIIWcZKgxkCMvcwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UE\n"
+	"AxMEQ0EtMzAgFw0xOTEwMDgxMDQ4MTZaGA85OTk5MTIzMTIzNTk1OVowDTELMAkG\n"
+	"A1UEAxMCR1IwZjAfBggqhQMHAQEBATATBgcqhQMCAiQABggqhQMHAQECAgNDAARA\n"
+	"J9sMEEx0JW9QsT5bDqyc0TNcjVg9ZSdp4GkMtShM+OOgyBGrWK3zLP5IzHYSXja8\n"
+	"373QrJOUvdX7T7TUk5yU5aOBjTCBijAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuC\n"
+	"CWxvY2FsaG9zdDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB4AA\n"
+	"MB0GA1UdDgQWBBQYSEtdwsYrtnOq6Ya3nt8DgFPCQjAfBgNVHSMEGDAWgBT5qIYZ\n"
+	"Y7akFBNgdg8BmjU27/G0rzANBgkqhkiG9w0BAQsFAAOCAYEAR0xtx7MWEP1KyIzM\n"
+	"4lXKdTyU4Nve5RcgqF82yR/0odqT5MPoaZDvLuRWEcQryztZD3kmRUmPmn1ujSfc\n"
+	"BbPfRnSutDXcf6imq0/U1/TV/BF3vpS1plltzetvibf8MYetHVFQHUBJDZJHh9h7\n"
+	"PGwA9SnmnGKFIxFdV6bVOLkPR54Gob9zN3E17KslL19lNtht1pxk9pshwTn35oRY\n"
+	"uOdxof9F4XjpI/4WbC8kp15QeG8XyZd5JWSl+niNOqYK31+ilQdVBr4RiZSDIcAg\n"
+	"twS5yV9Ap+R8rM8TLbeT2io4rhdUgmDllUf49zV3t6AbVvbsQfkqXmHXW8uW2WBu\n"
+	"A8FiXEbIIOb+QIW0ZGwk3BVQ7wdiw1M5w6kYtz5kBtNPxBmc+eu1+e6EAfYbFNr3\n"
+	"pkxtMk3veYWHb5s3dHZ4/t2Rn85hWqh03CWwCkKTN3qmEs4/XpybbXE/UE49e7u1\n"
+	"FkpM1bT/0gUNsNt5h3pyUzQZdiB0XbdGGFta3tB3+inIO45h\n"
+	"-----END CERTIFICATE-----\n";
+
+static const gnutls_datum_t server_gost12_256_key = { server_gost12_256_key_pem,
+	sizeof(server_gost12_256_key_pem)-1
+};
+
+static const gnutls_datum_t server_gost12_256_cert = { server_gost12_256_cert_pem,
+	sizeof(server_gost12_256_cert_pem)-1
+};
+#endif
+
 const gnutls_datum_t server_cert = { server_cert_pem,
 	sizeof(server_cert_pem)
 };
@@ -264,6 +301,11 @@ static void test_ciphersuite(const char *cipher_prio, int size)
 	gnutls_certificate_set_x509_key_mem(s_certcred, &server_ecc_cert,
 					    &server_ecc_key,
 					    GNUTLS_X509_FMT_PEM);
+#ifdef ENABLE_GOST
+	gnutls_certificate_set_x509_key_mem(s_certcred, &server_gost12_256_cert,
+					    &server_gost12_256_key,
+					    GNUTLS_X509_FMT_PEM);
+#endif
 
 	gnutls_init(&server, GNUTLS_SERVER);
 	ret = gnutls_priority_set_direct(server, cipher_prio, &str);
@@ -432,6 +474,10 @@ static void test_ciphersuite_kx(const char *cipher_prio, unsigned pk)
 		ret = gnutls_certificate_set_x509_key_mem(s_certcred, &server_ed25519_cert,
 						    &server_ed25519_key,
 						    GNUTLS_X509_FMT_PEM);
+	else if (pk == GNUTLS_PK_GOST_12_256)
+		ret = gnutls_certificate_set_x509_key_mem(s_certcred, &server_gost12_256_cert,
+						    &server_gost12_256_key,
+						    GNUTLS_X509_FMT_PEM);
 	if (ret < 0) {
 		fprintf(stderr, "Error in %d: %s\n", __LINE__,
 			gnutls_strerror(ret));
@@ -560,6 +606,9 @@ void benchmark_tls(int debug_level, int ciphers)
 		test_ciphersuite(PRIO_CHACHA_POLY1305, size);
 		test_ciphersuite(PRIO_AES_CBC_SHA1, size);
 		test_ciphersuite(PRIO_CAMELLIA_CBC_SHA1, size);
+#ifdef ENABLE_GOST
+		test_ciphersuite(PRIO_GOST_CNT, size);
+#endif
 
 		size = 16 * 1024;
 		printf
@@ -573,6 +622,9 @@ void benchmark_tls(int debug_level, int ciphers)
 		test_ciphersuite(PRIO_CHACHA_POLY1305, size);
 		test_ciphersuite(PRIO_AES_CBC_SHA1, size);
 		test_ciphersuite(PRIO_CAMELLIA_CBC_SHA1, size);
+#ifdef ENABLE_GOST
+		test_ciphersuite(PRIO_GOST_CNT, size);
+#endif
 	} else {
 		printf
 		    ("Testing key exchanges (RSA/DH bits: %d, EC bits: %d)\n\n",
@@ -585,6 +637,9 @@ void benchmark_tls(int debug_level, int ciphers)
 		test_ciphersuite_kx(PRIO_ECDH_X25519_ECDSA, GNUTLS_PK_ECC);
 		test_ciphersuite_kx(PRIO_ECDH_X25519_EDDSA, GNUTLS_PK_EDDSA_ED25519);
 		test_ciphersuite_kx(PRIO_RSA, GNUTLS_PK_RSA);
+#ifdef ENABLE_GOST
+		test_ciphersuite_kx(PRIO_GOST_CNT, GNUTLS_PK_GOST_12_256);
+#endif
 	}
 
 	gnutls_global_deinit();
-- 
cgit v1.2.1