mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-30 15:43:32 +01:00
r9449@Kushana: nickm | 2006-10-31 00:12:02 -0500
Dump breakdown of PK operations when we get a USR2 signal. This should help us figure out of we are doing some of them for stupid reasons. svn:r8881
This commit is contained in:
parent
058ae90539
commit
1bf1f9d2fc
@ -1,3 +1,8 @@
|
|||||||
|
Changes in version 0.1.2.4-alpha - 2006-11-??
|
||||||
|
o Minor Features
|
||||||
|
- Add breakdown of public key operations to dumped statistics.
|
||||||
|
|
||||||
|
|
||||||
Changes in version 0.1.2.3-alpha - 2006-10-29
|
Changes in version 0.1.2.3-alpha - 2006-10-29
|
||||||
o Minor features:
|
o Minor features:
|
||||||
- Prepare for servers to publish descriptors less often: never
|
- Prepare for servers to publish descriptors less often: never
|
||||||
|
@ -488,6 +488,8 @@ connection_tls_start_handshake(or_connection_t *conn, int receiving)
|
|||||||
}
|
}
|
||||||
connection_start_reading(TO_CONN(conn));
|
connection_start_reading(TO_CONN(conn));
|
||||||
log_debug(LD_OR,"starting TLS handshake on fd %d", conn->_base.s);
|
log_debug(LD_OR,"starting TLS handshake on fd %d", conn->_base.s);
|
||||||
|
note_crypto_pk_op(receiving ? TLS_HANDSHAKE_S : TLS_HANDSHAKE_C);
|
||||||
|
|
||||||
if (connection_tls_continue_handshake(conn) < 0) {
|
if (connection_tls_continue_handshake(conn) < 0) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
@ -904,6 +904,7 @@ dirserv_dump_directory_to_string(char **dir_out,
|
|||||||
tor_free(buf);
|
tor_free(buf);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
note_crypto_pk_op(SIGN_DIR);
|
||||||
if (router_append_dirobj_signature(buf,buf_len,digest,private_key)<0) {
|
if (router_append_dirobj_signature(buf,buf_len,digest,private_key)<0) {
|
||||||
tor_free(buf);
|
tor_free(buf);
|
||||||
return -1;
|
return -1;
|
||||||
@ -1235,6 +1236,7 @@ generate_runningrouters(void)
|
|||||||
log_warn(LD_BUG,"couldn't compute digest");
|
log_warn(LD_BUG,"couldn't compute digest");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
note_crypto_pk_op(SIGN_DIR);
|
||||||
if (router_append_dirobj_signature(s, len, digest, private_key)<0)
|
if (router_append_dirobj_signature(s, len, digest, private_key)<0)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
@ -1544,6 +1546,7 @@ generate_v2_networkstatus(void)
|
|||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
note_crypto_pk_op(SIGN_DIR);
|
||||||
if (router_append_dirobj_signature(outp,endp-outp,digest,private_key)<0) {
|
if (router_append_dirobj_signature(outp,endp-outp,digest,private_key)<0) {
|
||||||
log_warn(LD_BUG, "Unable to sign router status.");
|
log_warn(LD_BUG, "Unable to sign router status.");
|
||||||
goto done;
|
goto done;
|
||||||
|
@ -1435,6 +1435,7 @@ dumpstats(int severity)
|
|||||||
|
|
||||||
rep_hist_dump_stats(now,severity);
|
rep_hist_dump_stats(now,severity);
|
||||||
rend_service_dump_stats(severity);
|
rend_service_dump_stats(severity);
|
||||||
|
dump_pk_ops(severity);
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Called by exit() as we shut down the process.
|
/** Called by exit() as we shut down the process.
|
||||||
|
@ -196,6 +196,8 @@ onion_skin_create(crypto_pk_env_t *dest_router_key,
|
|||||||
puts("");
|
puts("");
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
note_crypto_pk_op(ENC_ONIONSKIN);
|
||||||
|
|
||||||
/* set meeting point, meeting cookie, etc here. Leave zero for now. */
|
/* set meeting point, meeting cookie, etc here. Leave zero for now. */
|
||||||
if (crypto_pk_public_hybrid_encrypt(dest_router_key, onion_skin_out,
|
if (crypto_pk_public_hybrid_encrypt(dest_router_key, onion_skin_out,
|
||||||
challenge, DH_KEY_LEN,
|
challenge, DH_KEY_LEN,
|
||||||
@ -237,6 +239,7 @@ onion_skin_server_handshake(const char *onion_skin, /*ONIONSKIN_CHALLENGE_LEN*/
|
|||||||
k = i==0?private_key:prev_private_key;
|
k = i==0?private_key:prev_private_key;
|
||||||
if (!k)
|
if (!k)
|
||||||
break;
|
break;
|
||||||
|
note_crypto_pk_op(DEC_ONIONSKIN);
|
||||||
len = crypto_pk_private_hybrid_decrypt(k, challenge,
|
len = crypto_pk_private_hybrid_decrypt(k, challenge,
|
||||||
onion_skin, ONIONSKIN_CHALLENGE_LEN,
|
onion_skin, ONIONSKIN_CHALLENGE_LEN,
|
||||||
PK_PKCS1_OAEP_PADDING,0);
|
PK_PKCS1_OAEP_PADDING,0);
|
||||||
|
10
src/or/or.h
10
src/or/or.h
@ -2408,6 +2408,16 @@ int rep_hist_get_predicted_internal(time_t now, int *need_uptime,
|
|||||||
int any_predicted_circuits(time_t now);
|
int any_predicted_circuits(time_t now);
|
||||||
int rep_hist_circbuilding_dormant(time_t now);
|
int rep_hist_circbuilding_dormant(time_t now);
|
||||||
|
|
||||||
|
typedef enum {
|
||||||
|
SIGN_DIR, SIGN_RTR,
|
||||||
|
VERIFY_DIR, VERIFY_RTR,
|
||||||
|
ENC_ONIONSKIN, DEC_ONIONSKIN,
|
||||||
|
TLS_HANDSHAKE_C, TLS_HANDSHAKE_S,
|
||||||
|
REND_CLIENT, REND_MID, REND_SERVER,
|
||||||
|
} pk_op_t;
|
||||||
|
void note_crypto_pk_op(pk_op_t operation);
|
||||||
|
void dump_pk_ops(int severity);
|
||||||
|
|
||||||
void rep_hist_free_all(void);
|
void rep_hist_free_all(void);
|
||||||
|
|
||||||
/********************************* rendclient.c ***************************/
|
/********************************* rendclient.c ***************************/
|
||||||
|
@ -129,6 +129,7 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
|
|||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
note_crypto_pk_op(REND_CLIENT);
|
||||||
/*XXX maybe give crypto_pk_public_hybrid_encrypt a max_len arg,
|
/*XXX maybe give crypto_pk_public_hybrid_encrypt a max_len arg,
|
||||||
* to avoid buffer overflows? */
|
* to avoid buffer overflows? */
|
||||||
r = crypto_pk_public_hybrid_encrypt(entry->parsed->pk, payload+DIGEST_LEN,
|
r = crypto_pk_public_hybrid_encrypt(entry->parsed->pk, payload+DIGEST_LEN,
|
||||||
|
@ -97,6 +97,7 @@ rend_encode_service_descriptor(rend_service_descriptor_t *desc,
|
|||||||
cp += 6+DIGEST_LEN+2+klen;
|
cp += 6+DIGEST_LEN+2+klen;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
note_crypto_pk_op(REND_SERVER);
|
||||||
i = crypto_pk_private_sign_digest(key, cp, *str_out, cp-*str_out);
|
i = crypto_pk_private_sign_digest(key, cp, *str_out, cp-*str_out);
|
||||||
if (i<0) {
|
if (i<0) {
|
||||||
tor_free(*str_out);
|
tor_free(*str_out);
|
||||||
@ -198,6 +199,7 @@ rend_parse_service_descriptor(const char *str, size_t len)
|
|||||||
(int)((size_t)(end-cp) - keylen));
|
(int)((size_t)(end-cp) - keylen));
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
note_crypto_pk_op(REND_CLIENT);
|
||||||
if (crypto_pk_public_checksig_digest(result->pk,
|
if (crypto_pk_public_checksig_digest(result->pk,
|
||||||
(char*)str,cp-str, /* data */
|
(char*)str,cp-str, /* data */
|
||||||
(char*)cp,end-cp /* signature*/
|
(char*)cp,end-cp /* signature*/
|
||||||
|
@ -65,6 +65,7 @@ rend_mid_establish_intro(or_circuit_t *circ, const char *request,
|
|||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
/* Rest of body: signature of previous data */
|
/* Rest of body: signature of previous data */
|
||||||
|
note_crypto_pk_op(REND_MID);
|
||||||
if (crypto_pk_public_checksig_digest(pk, request, 2+asn1len+DIGEST_LEN,
|
if (crypto_pk_public_checksig_digest(pk, request, 2+asn1len+DIGEST_LEN,
|
||||||
request+2+DIGEST_LEN+asn1len,
|
request+2+DIGEST_LEN+asn1len,
|
||||||
request_len-(2+DIGEST_LEN+asn1len))<0) {
|
request_len-(2+DIGEST_LEN+asn1len))<0) {
|
||||||
|
@ -471,6 +471,7 @@ rend_service_introduce(origin_circuit_t *circuit, const char *request,
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
/* Next N bytes is encrypted with service key */
|
/* Next N bytes is encrypted with service key */
|
||||||
|
note_crypto_pk_op(REND_SERVER);
|
||||||
r = crypto_pk_private_hybrid_decrypt(
|
r = crypto_pk_private_hybrid_decrypt(
|
||||||
service->private_key,buf,request+DIGEST_LEN,request_len-DIGEST_LEN,
|
service->private_key,buf,request+DIGEST_LEN,request_len-DIGEST_LEN,
|
||||||
PK_PKCS1_OAEP_PADDING,1);
|
PK_PKCS1_OAEP_PADDING,1);
|
||||||
@ -756,6 +757,7 @@ rend_service_intro_has_opened(origin_circuit_t *circuit)
|
|||||||
if (crypto_digest(buf+len, auth, DIGEST_LEN+9))
|
if (crypto_digest(buf+len, auth, DIGEST_LEN+9))
|
||||||
goto err;
|
goto err;
|
||||||
len += 20;
|
len += 20;
|
||||||
|
note_crypto_pk_op(REND_SERVER);
|
||||||
r = crypto_pk_private_sign_digest(service->private_key, buf+len, buf, len);
|
r = crypto_pk_private_sign_digest(service->private_key, buf+len, buf, len);
|
||||||
if (r<0) {
|
if (r<0) {
|
||||||
log_warn(LD_BUG, "Internal error: couldn't sign introduction request.");
|
log_warn(LD_BUG, "Internal error: couldn't sign introduction request.");
|
||||||
|
@ -934,6 +934,89 @@ rep_hist_circbuilding_dormant(time_t now)
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static uint32_t n_signed_dir_objs = 0;
|
||||||
|
static uint32_t n_signed_routerdescs = 0;
|
||||||
|
static uint32_t n_verified_dir_objs = 0;
|
||||||
|
static uint32_t n_verified_routerdescs = 0;
|
||||||
|
static uint32_t n_onionskins_encrypted = 0;
|
||||||
|
static uint32_t n_onionskins_decrypted = 0;
|
||||||
|
static uint32_t n_tls_client_handshakes = 0;
|
||||||
|
static uint32_t n_tls_server_handshakes = 0;
|
||||||
|
static uint32_t n_rend_client_ops = 0;
|
||||||
|
static uint32_t n_rend_mid_ops = 0;
|
||||||
|
static uint32_t n_rend_server_ops = 0;
|
||||||
|
|
||||||
|
void
|
||||||
|
note_crypto_pk_op(pk_op_t operation)
|
||||||
|
{
|
||||||
|
switch (operation)
|
||||||
|
{
|
||||||
|
case SIGN_DIR:
|
||||||
|
n_signed_dir_objs++;
|
||||||
|
break;
|
||||||
|
case SIGN_RTR:
|
||||||
|
n_signed_routerdescs++;
|
||||||
|
break;
|
||||||
|
case VERIFY_DIR:
|
||||||
|
n_verified_dir_objs++;
|
||||||
|
break;
|
||||||
|
case VERIFY_RTR:
|
||||||
|
n_verified_routerdescs++;
|
||||||
|
break;
|
||||||
|
case ENC_ONIONSKIN:
|
||||||
|
n_onionskins_encrypted++;
|
||||||
|
break;
|
||||||
|
case DEC_ONIONSKIN:
|
||||||
|
n_onionskins_decrypted++;
|
||||||
|
break;
|
||||||
|
case TLS_HANDSHAKE_C:
|
||||||
|
n_tls_client_handshakes++;
|
||||||
|
break;
|
||||||
|
case TLS_HANDSHAKE_S:
|
||||||
|
n_tls_client_handshakes++;
|
||||||
|
break;
|
||||||
|
case REND_CLIENT:
|
||||||
|
n_rend_client_ops++;
|
||||||
|
break;
|
||||||
|
case REND_MID:
|
||||||
|
n_rend_mid_ops++;
|
||||||
|
break;
|
||||||
|
case REND_SERVER:
|
||||||
|
n_rend_server_ops++;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
log_warn(LD_BUG, "Unknown pk operation %d", operation);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
dump_pk_ops(int severity)
|
||||||
|
{
|
||||||
|
log(severity, LD_GENERAL,
|
||||||
|
"PK operations: %lu directory objects signed, "
|
||||||
|
"%lu directory objects verified, "
|
||||||
|
"%lu routerdescs signed, "
|
||||||
|
"%lu routerdescs verified, "
|
||||||
|
"%lu onionskins encrypted, "
|
||||||
|
"%lu onionskins decrypted, "
|
||||||
|
"%lu client-side TLS handshakes, "
|
||||||
|
"%lu server-side TLS handshakes, "
|
||||||
|
"%lu rendezvous client operations, "
|
||||||
|
"%lu rendezvous middle operations, "
|
||||||
|
"%lu rendezvous server operations.",
|
||||||
|
(unsigned long) n_signed_dir_objs,
|
||||||
|
(unsigned long) n_verified_dir_objs,
|
||||||
|
(unsigned long) n_signed_routerdescs,
|
||||||
|
(unsigned long) n_verified_routerdescs,
|
||||||
|
(unsigned long) n_onionskins_encrypted,
|
||||||
|
(unsigned long) n_onionskins_decrypted,
|
||||||
|
(unsigned long) n_tls_client_handshakes,
|
||||||
|
(unsigned long) n_tls_server_handshakes,
|
||||||
|
(unsigned long) n_rend_client_ops,
|
||||||
|
(unsigned long) n_rend_mid_ops,
|
||||||
|
(unsigned long) n_rend_server_ops);
|
||||||
|
}
|
||||||
|
|
||||||
/** Free all storage held by the OR/link history caches, by the
|
/** Free all storage held by the OR/link history caches, by the
|
||||||
* bandwidth history arrays, or by the port history. */
|
* bandwidth history arrays, or by the port history. */
|
||||||
void
|
void
|
||||||
|
@ -1247,6 +1247,7 @@ router_dump_router_to_string(char *s, size_t maxlen, routerinfo_t *router,
|
|||||||
if (router_get_router_hash(s, digest) < 0)
|
if (router_get_router_hash(s, digest) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
|
note_crypto_pk_op(SIGN_RTR);
|
||||||
if (router_append_dirobj_signature(s+written,maxlen-written,
|
if (router_append_dirobj_signature(s+written,maxlen-written,
|
||||||
digest,ident_key)<0) {
|
digest,ident_key)<0) {
|
||||||
log_warn(LD_BUG, "Couldn't sign router descriptor");
|
log_warn(LD_BUG, "Couldn't sign router descriptor");
|
||||||
|
@ -396,6 +396,7 @@ router_parse_directory(const char *str)
|
|||||||
log_warn(LD_DIR,"Expected a single directory signature"); goto err;
|
log_warn(LD_DIR,"Expected a single directory signature"); goto err;
|
||||||
}
|
}
|
||||||
declared_key = find_dir_signing_key(str);
|
declared_key = find_dir_signing_key(str);
|
||||||
|
note_crypto_pk_op(VERIFY_DIR);
|
||||||
if (check_directory_signature(digest, tok, NULL, declared_key, 1)<0)
|
if (check_directory_signature(digest, tok, NULL, declared_key, 1)<0)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
@ -490,6 +491,7 @@ router_parse_runningrouters(const char *str)
|
|||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
declared_key = find_dir_signing_key(str);
|
declared_key = find_dir_signing_key(str);
|
||||||
|
note_crypto_pk_op(VERIFY_DIR);
|
||||||
if (check_directory_signature(digest, tok, NULL, declared_key, 1) < 0)
|
if (check_directory_signature(digest, tok, NULL, declared_key, 1) < 0)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
@ -910,6 +912,7 @@ router_parse_entry_from_string(const char *s, const char *end,
|
|||||||
log_warn(LD_DIR, "Bad object type or length on router signature");
|
log_warn(LD_DIR, "Bad object type or length on router signature");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
note_crypto_pk_op(VERIFY_RTR);
|
||||||
if ((t=crypto_pk_public_checksig(router->identity_pkey, signed_digest,
|
if ((t=crypto_pk_public_checksig(router->identity_pkey, signed_digest,
|
||||||
tok->object_body, 128)) != 20) {
|
tok->object_body, 128)) != 20) {
|
||||||
log_warn(LD_DIR, "Invalid signature %d",t);
|
log_warn(LD_DIR, "Invalid signature %d",t);
|
||||||
@ -1264,6 +1267,7 @@ networkstatus_parse_from_string(const char *s)
|
|||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
note_crypto_pk_op(VERIFY_DIR);
|
||||||
if (check_directory_signature(ns_digest, tok, NULL, ns->signing_key, 0))
|
if (check_directory_signature(ns_digest, tok, NULL, ns->signing_key, 0))
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user