r9449@Kushana: nickm | 2006-10-31 00:12:02 -0500

Dump breakdown of PK operations when we get a USR2 signal.  This should help us figure out of we are doing some of them for stupid reasons.


svn:r8881
This commit is contained in:
Nick Mathewson 2006-10-31 19:17:07 +00:00
parent 058ae90539
commit 1bf1f9d2fc
13 changed files with 118 additions and 0 deletions

View File

@ -1,3 +1,8 @@
Changes in version 0.1.2.4-alpha - 2006-11-??
o Minor Features
- Add breakdown of public key operations to dumped statistics.
Changes in version 0.1.2.3-alpha - 2006-10-29 Changes in version 0.1.2.3-alpha - 2006-10-29
o Minor features: o Minor features:
- Prepare for servers to publish descriptors less often: never - Prepare for servers to publish descriptors less often: never

View File

@ -488,6 +488,8 @@ connection_tls_start_handshake(or_connection_t *conn, int receiving)
} }
connection_start_reading(TO_CONN(conn)); connection_start_reading(TO_CONN(conn));
log_debug(LD_OR,"starting TLS handshake on fd %d", conn->_base.s); log_debug(LD_OR,"starting TLS handshake on fd %d", conn->_base.s);
note_crypto_pk_op(receiving ? TLS_HANDSHAKE_S : TLS_HANDSHAKE_C);
if (connection_tls_continue_handshake(conn) < 0) { if (connection_tls_continue_handshake(conn) < 0) {
return -1; return -1;
} }

View File

@ -904,6 +904,7 @@ dirserv_dump_directory_to_string(char **dir_out,
tor_free(buf); tor_free(buf);
return -1; return -1;
} }
note_crypto_pk_op(SIGN_DIR);
if (router_append_dirobj_signature(buf,buf_len,digest,private_key)<0) { if (router_append_dirobj_signature(buf,buf_len,digest,private_key)<0) {
tor_free(buf); tor_free(buf);
return -1; return -1;
@ -1235,6 +1236,7 @@ generate_runningrouters(void)
log_warn(LD_BUG,"couldn't compute digest"); log_warn(LD_BUG,"couldn't compute digest");
goto err; goto err;
} }
note_crypto_pk_op(SIGN_DIR);
if (router_append_dirobj_signature(s, len, digest, private_key)<0) if (router_append_dirobj_signature(s, len, digest, private_key)<0)
goto err; goto err;
@ -1544,6 +1546,7 @@ generate_v2_networkstatus(void)
goto done; goto done;
} }
note_crypto_pk_op(SIGN_DIR);
if (router_append_dirobj_signature(outp,endp-outp,digest,private_key)<0) { if (router_append_dirobj_signature(outp,endp-outp,digest,private_key)<0) {
log_warn(LD_BUG, "Unable to sign router status."); log_warn(LD_BUG, "Unable to sign router status.");
goto done; goto done;

View File

@ -1435,6 +1435,7 @@ dumpstats(int severity)
rep_hist_dump_stats(now,severity); rep_hist_dump_stats(now,severity);
rend_service_dump_stats(severity); rend_service_dump_stats(severity);
dump_pk_ops(severity);
} }
/** Called by exit() as we shut down the process. /** Called by exit() as we shut down the process.

View File

@ -196,6 +196,8 @@ onion_skin_create(crypto_pk_env_t *dest_router_key,
puts(""); puts("");
#endif #endif
note_crypto_pk_op(ENC_ONIONSKIN);
/* set meeting point, meeting cookie, etc here. Leave zero for now. */ /* set meeting point, meeting cookie, etc here. Leave zero for now. */
if (crypto_pk_public_hybrid_encrypt(dest_router_key, onion_skin_out, if (crypto_pk_public_hybrid_encrypt(dest_router_key, onion_skin_out,
challenge, DH_KEY_LEN, challenge, DH_KEY_LEN,
@ -237,6 +239,7 @@ onion_skin_server_handshake(const char *onion_skin, /*ONIONSKIN_CHALLENGE_LEN*/
k = i==0?private_key:prev_private_key; k = i==0?private_key:prev_private_key;
if (!k) if (!k)
break; break;
note_crypto_pk_op(DEC_ONIONSKIN);
len = crypto_pk_private_hybrid_decrypt(k, challenge, len = crypto_pk_private_hybrid_decrypt(k, challenge,
onion_skin, ONIONSKIN_CHALLENGE_LEN, onion_skin, ONIONSKIN_CHALLENGE_LEN,
PK_PKCS1_OAEP_PADDING,0); PK_PKCS1_OAEP_PADDING,0);

View File

@ -2408,6 +2408,16 @@ int rep_hist_get_predicted_internal(time_t now, int *need_uptime,
int any_predicted_circuits(time_t now); int any_predicted_circuits(time_t now);
int rep_hist_circbuilding_dormant(time_t now); int rep_hist_circbuilding_dormant(time_t now);
typedef enum {
SIGN_DIR, SIGN_RTR,
VERIFY_DIR, VERIFY_RTR,
ENC_ONIONSKIN, DEC_ONIONSKIN,
TLS_HANDSHAKE_C, TLS_HANDSHAKE_S,
REND_CLIENT, REND_MID, REND_SERVER,
} pk_op_t;
void note_crypto_pk_op(pk_op_t operation);
void dump_pk_ops(int severity);
void rep_hist_free_all(void); void rep_hist_free_all(void);
/********************************* rendclient.c ***************************/ /********************************* rendclient.c ***************************/

View File

@ -129,6 +129,7 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
goto err; goto err;
} }
note_crypto_pk_op(REND_CLIENT);
/*XXX maybe give crypto_pk_public_hybrid_encrypt a max_len arg, /*XXX maybe give crypto_pk_public_hybrid_encrypt a max_len arg,
* to avoid buffer overflows? */ * to avoid buffer overflows? */
r = crypto_pk_public_hybrid_encrypt(entry->parsed->pk, payload+DIGEST_LEN, r = crypto_pk_public_hybrid_encrypt(entry->parsed->pk, payload+DIGEST_LEN,

View File

@ -97,6 +97,7 @@ rend_encode_service_descriptor(rend_service_descriptor_t *desc,
cp += 6+DIGEST_LEN+2+klen; cp += 6+DIGEST_LEN+2+klen;
} }
} }
note_crypto_pk_op(REND_SERVER);
i = crypto_pk_private_sign_digest(key, cp, *str_out, cp-*str_out); i = crypto_pk_private_sign_digest(key, cp, *str_out, cp-*str_out);
if (i<0) { if (i<0) {
tor_free(*str_out); tor_free(*str_out);
@ -198,6 +199,7 @@ rend_parse_service_descriptor(const char *str, size_t len)
(int)((size_t)(end-cp) - keylen)); (int)((size_t)(end-cp) - keylen));
goto error; goto error;
} }
note_crypto_pk_op(REND_CLIENT);
if (crypto_pk_public_checksig_digest(result->pk, if (crypto_pk_public_checksig_digest(result->pk,
(char*)str,cp-str, /* data */ (char*)str,cp-str, /* data */
(char*)cp,end-cp /* signature*/ (char*)cp,end-cp /* signature*/

View File

@ -65,6 +65,7 @@ rend_mid_establish_intro(or_circuit_t *circ, const char *request,
goto err; goto err;
} }
/* Rest of body: signature of previous data */ /* Rest of body: signature of previous data */
note_crypto_pk_op(REND_MID);
if (crypto_pk_public_checksig_digest(pk, request, 2+asn1len+DIGEST_LEN, if (crypto_pk_public_checksig_digest(pk, request, 2+asn1len+DIGEST_LEN,
request+2+DIGEST_LEN+asn1len, request+2+DIGEST_LEN+asn1len,
request_len-(2+DIGEST_LEN+asn1len))<0) { request_len-(2+DIGEST_LEN+asn1len))<0) {

View File

@ -471,6 +471,7 @@ rend_service_introduce(origin_circuit_t *circuit, const char *request,
return -1; return -1;
} }
/* Next N bytes is encrypted with service key */ /* Next N bytes is encrypted with service key */
note_crypto_pk_op(REND_SERVER);
r = crypto_pk_private_hybrid_decrypt( r = crypto_pk_private_hybrid_decrypt(
service->private_key,buf,request+DIGEST_LEN,request_len-DIGEST_LEN, service->private_key,buf,request+DIGEST_LEN,request_len-DIGEST_LEN,
PK_PKCS1_OAEP_PADDING,1); PK_PKCS1_OAEP_PADDING,1);
@ -756,6 +757,7 @@ rend_service_intro_has_opened(origin_circuit_t *circuit)
if (crypto_digest(buf+len, auth, DIGEST_LEN+9)) if (crypto_digest(buf+len, auth, DIGEST_LEN+9))
goto err; goto err;
len += 20; len += 20;
note_crypto_pk_op(REND_SERVER);
r = crypto_pk_private_sign_digest(service->private_key, buf+len, buf, len); r = crypto_pk_private_sign_digest(service->private_key, buf+len, buf, len);
if (r<0) { if (r<0) {
log_warn(LD_BUG, "Internal error: couldn't sign introduction request."); log_warn(LD_BUG, "Internal error: couldn't sign introduction request.");

View File

@ -934,6 +934,89 @@ rep_hist_circbuilding_dormant(time_t now)
return 1; return 1;
} }
static uint32_t n_signed_dir_objs = 0;
static uint32_t n_signed_routerdescs = 0;
static uint32_t n_verified_dir_objs = 0;
static uint32_t n_verified_routerdescs = 0;
static uint32_t n_onionskins_encrypted = 0;
static uint32_t n_onionskins_decrypted = 0;
static uint32_t n_tls_client_handshakes = 0;
static uint32_t n_tls_server_handshakes = 0;
static uint32_t n_rend_client_ops = 0;
static uint32_t n_rend_mid_ops = 0;
static uint32_t n_rend_server_ops = 0;
void
note_crypto_pk_op(pk_op_t operation)
{
switch (operation)
{
case SIGN_DIR:
n_signed_dir_objs++;
break;
case SIGN_RTR:
n_signed_routerdescs++;
break;
case VERIFY_DIR:
n_verified_dir_objs++;
break;
case VERIFY_RTR:
n_verified_routerdescs++;
break;
case ENC_ONIONSKIN:
n_onionskins_encrypted++;
break;
case DEC_ONIONSKIN:
n_onionskins_decrypted++;
break;
case TLS_HANDSHAKE_C:
n_tls_client_handshakes++;
break;
case TLS_HANDSHAKE_S:
n_tls_client_handshakes++;
break;
case REND_CLIENT:
n_rend_client_ops++;
break;
case REND_MID:
n_rend_mid_ops++;
break;
case REND_SERVER:
n_rend_server_ops++;
break;
default:
log_warn(LD_BUG, "Unknown pk operation %d", operation);
}
}
void
dump_pk_ops(int severity)
{
log(severity, LD_GENERAL,
"PK operations: %lu directory objects signed, "
"%lu directory objects verified, "
"%lu routerdescs signed, "
"%lu routerdescs verified, "
"%lu onionskins encrypted, "
"%lu onionskins decrypted, "
"%lu client-side TLS handshakes, "
"%lu server-side TLS handshakes, "
"%lu rendezvous client operations, "
"%lu rendezvous middle operations, "
"%lu rendezvous server operations.",
(unsigned long) n_signed_dir_objs,
(unsigned long) n_verified_dir_objs,
(unsigned long) n_signed_routerdescs,
(unsigned long) n_verified_routerdescs,
(unsigned long) n_onionskins_encrypted,
(unsigned long) n_onionskins_decrypted,
(unsigned long) n_tls_client_handshakes,
(unsigned long) n_tls_server_handshakes,
(unsigned long) n_rend_client_ops,
(unsigned long) n_rend_mid_ops,
(unsigned long) n_rend_server_ops);
}
/** Free all storage held by the OR/link history caches, by the /** Free all storage held by the OR/link history caches, by the
* bandwidth history arrays, or by the port history. */ * bandwidth history arrays, or by the port history. */
void void

View File

@ -1247,6 +1247,7 @@ router_dump_router_to_string(char *s, size_t maxlen, routerinfo_t *router,
if (router_get_router_hash(s, digest) < 0) if (router_get_router_hash(s, digest) < 0)
return -1; return -1;
note_crypto_pk_op(SIGN_RTR);
if (router_append_dirobj_signature(s+written,maxlen-written, if (router_append_dirobj_signature(s+written,maxlen-written,
digest,ident_key)<0) { digest,ident_key)<0) {
log_warn(LD_BUG, "Couldn't sign router descriptor"); log_warn(LD_BUG, "Couldn't sign router descriptor");

View File

@ -396,6 +396,7 @@ router_parse_directory(const char *str)
log_warn(LD_DIR,"Expected a single directory signature"); goto err; log_warn(LD_DIR,"Expected a single directory signature"); goto err;
} }
declared_key = find_dir_signing_key(str); declared_key = find_dir_signing_key(str);
note_crypto_pk_op(VERIFY_DIR);
if (check_directory_signature(digest, tok, NULL, declared_key, 1)<0) if (check_directory_signature(digest, tok, NULL, declared_key, 1)<0)
goto err; goto err;
@ -490,6 +491,7 @@ router_parse_runningrouters(const char *str)
goto err; goto err;
} }
declared_key = find_dir_signing_key(str); declared_key = find_dir_signing_key(str);
note_crypto_pk_op(VERIFY_DIR);
if (check_directory_signature(digest, tok, NULL, declared_key, 1) < 0) if (check_directory_signature(digest, tok, NULL, declared_key, 1) < 0)
goto err; goto err;
@ -910,6 +912,7 @@ router_parse_entry_from_string(const char *s, const char *end,
log_warn(LD_DIR, "Bad object type or length on router signature"); log_warn(LD_DIR, "Bad object type or length on router signature");
goto err; goto err;
} }
note_crypto_pk_op(VERIFY_RTR);
if ((t=crypto_pk_public_checksig(router->identity_pkey, signed_digest, if ((t=crypto_pk_public_checksig(router->identity_pkey, signed_digest,
tok->object_body, 128)) != 20) { tok->object_body, 128)) != 20) {
log_warn(LD_DIR, "Invalid signature %d",t); log_warn(LD_DIR, "Invalid signature %d",t);
@ -1264,6 +1267,7 @@ networkstatus_parse_from_string(const char *s)
goto err; goto err;
} }
note_crypto_pk_op(VERIFY_DIR);
if (check_directory_signature(ns_digest, tok, NULL, ns->signing_key, 0)) if (check_directory_signature(ns_digest, tok, NULL, ns->signing_key, 0))
goto err; goto err;