[or-cvs] r8881: Dump breakdown of PK operations when we get a USR2 signal. T (in tor/trunk: . src/or)
nickm at seul.org
nickm at seul.org
Tue Oct 31 19:17:10 UTC 2006
Author: nickm
Date: 2006-10-31 14:17:07 -0500 (Tue, 31 Oct 2006)
New Revision: 8881
Modified:
tor/trunk/
tor/trunk/ChangeLog
tor/trunk/src/or/connection_or.c
tor/trunk/src/or/dirserv.c
tor/trunk/src/or/main.c
tor/trunk/src/or/onion.c
tor/trunk/src/or/or.h
tor/trunk/src/or/rendclient.c
tor/trunk/src/or/rendcommon.c
tor/trunk/src/or/rendmid.c
tor/trunk/src/or/rendservice.c
tor/trunk/src/or/rephist.c
tor/trunk/src/or/router.c
tor/trunk/src/or/routerparse.c
Log:
r9449 at Kushana: nickm | 2006-10-31 00:12:02 -0500
Dump breakdown of PK operations when we get a USR2 signal. This should help us figure out of we are doing some of them for stupid reasons.
Property changes on: tor/trunk
___________________________________________________________________
svk:merge ticket from /tor/trunk [r9449] on c95137ef-5f19-0410-b913-86e773d04f59
Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog 2006-10-31 04:30:26 UTC (rev 8880)
+++ tor/trunk/ChangeLog 2006-10-31 19:17:07 UTC (rev 8881)
@@ -1,3 +1,8 @@
+Changes in version 0.1.2.4-alpha - 2006-11-??
+ o Minor Features
+ - Add breakdown of public key operations to dumped statistics.
+
+
Changes in version 0.1.2.3-alpha - 2006-10-29
o Minor features:
- Prepare for servers to publish descriptors less often: never
Modified: tor/trunk/src/or/connection_or.c
===================================================================
--- tor/trunk/src/or/connection_or.c 2006-10-31 04:30:26 UTC (rev 8880)
+++ tor/trunk/src/or/connection_or.c 2006-10-31 19:17:07 UTC (rev 8881)
@@ -488,6 +488,8 @@
}
connection_start_reading(TO_CONN(conn));
log_debug(LD_OR,"starting TLS handshake on fd %d", conn->_base.s);
+ note_crypto_pk_op(receiving ? TLS_HANDSHAKE_S : TLS_HANDSHAKE_C);
+
if (connection_tls_continue_handshake(conn) < 0) {
return -1;
}
Modified: tor/trunk/src/or/dirserv.c
===================================================================
--- tor/trunk/src/or/dirserv.c 2006-10-31 04:30:26 UTC (rev 8880)
+++ tor/trunk/src/or/dirserv.c 2006-10-31 19:17:07 UTC (rev 8881)
@@ -904,6 +904,7 @@
tor_free(buf);
return -1;
}
+ note_crypto_pk_op(SIGN_DIR);
if (router_append_dirobj_signature(buf,buf_len,digest,private_key)<0) {
tor_free(buf);
return -1;
@@ -1235,6 +1236,7 @@
log_warn(LD_BUG,"couldn't compute digest");
goto err;
}
+ note_crypto_pk_op(SIGN_DIR);
if (router_append_dirobj_signature(s, len, digest, private_key)<0)
goto err;
@@ -1544,6 +1546,7 @@
goto done;
}
+ note_crypto_pk_op(SIGN_DIR);
if (router_append_dirobj_signature(outp,endp-outp,digest,private_key)<0) {
log_warn(LD_BUG, "Unable to sign router status.");
goto done;
Modified: tor/trunk/src/or/main.c
===================================================================
--- tor/trunk/src/or/main.c 2006-10-31 04:30:26 UTC (rev 8880)
+++ tor/trunk/src/or/main.c 2006-10-31 19:17:07 UTC (rev 8881)
@@ -1435,6 +1435,7 @@
rep_hist_dump_stats(now,severity);
rend_service_dump_stats(severity);
+ dump_pk_ops(severity);
}
/** Called by exit() as we shut down the process.
Modified: tor/trunk/src/or/onion.c
===================================================================
--- tor/trunk/src/or/onion.c 2006-10-31 04:30:26 UTC (rev 8880)
+++ tor/trunk/src/or/onion.c 2006-10-31 19:17:07 UTC (rev 8881)
@@ -196,6 +196,8 @@
puts("");
#endif
+ note_crypto_pk_op(ENC_ONIONSKIN);
+
/* set meeting point, meeting cookie, etc here. Leave zero for now. */
if (crypto_pk_public_hybrid_encrypt(dest_router_key, onion_skin_out,
challenge, DH_KEY_LEN,
@@ -237,6 +239,7 @@
k = i==0?private_key:prev_private_key;
if (!k)
break;
+ note_crypto_pk_op(DEC_ONIONSKIN);
len = crypto_pk_private_hybrid_decrypt(k, challenge,
onion_skin, ONIONSKIN_CHALLENGE_LEN,
PK_PKCS1_OAEP_PADDING,0);
Modified: tor/trunk/src/or/or.h
===================================================================
--- tor/trunk/src/or/or.h 2006-10-31 04:30:26 UTC (rev 8880)
+++ tor/trunk/src/or/or.h 2006-10-31 19:17:07 UTC (rev 8881)
@@ -2408,6 +2408,16 @@
int any_predicted_circuits(time_t now);
int rep_hist_circbuilding_dormant(time_t now);
+typedef enum {
+ SIGN_DIR, SIGN_RTR,
+ VERIFY_DIR, VERIFY_RTR,
+ ENC_ONIONSKIN, DEC_ONIONSKIN,
+ TLS_HANDSHAKE_C, TLS_HANDSHAKE_S,
+ REND_CLIENT, REND_MID, REND_SERVER,
+} pk_op_t;
+void note_crypto_pk_op(pk_op_t operation);
+void dump_pk_ops(int severity);
+
void rep_hist_free_all(void);
/********************************* rendclient.c ***************************/
Modified: tor/trunk/src/or/rendclient.c
===================================================================
--- tor/trunk/src/or/rendclient.c 2006-10-31 04:30:26 UTC (rev 8880)
+++ tor/trunk/src/or/rendclient.c 2006-10-31 19:17:07 UTC (rev 8881)
@@ -129,6 +129,7 @@
goto err;
}
+ note_crypto_pk_op(REND_CLIENT);
/*XXX maybe give crypto_pk_public_hybrid_encrypt a max_len arg,
* to avoid buffer overflows? */
r = crypto_pk_public_hybrid_encrypt(entry->parsed->pk, payload+DIGEST_LEN,
Modified: tor/trunk/src/or/rendcommon.c
===================================================================
--- tor/trunk/src/or/rendcommon.c 2006-10-31 04:30:26 UTC (rev 8880)
+++ tor/trunk/src/or/rendcommon.c 2006-10-31 19:17:07 UTC (rev 8881)
@@ -97,6 +97,7 @@
cp += 6+DIGEST_LEN+2+klen;
}
}
+ note_crypto_pk_op(REND_SERVER);
i = crypto_pk_private_sign_digest(key, cp, *str_out, cp-*str_out);
if (i<0) {
tor_free(*str_out);
@@ -198,6 +199,7 @@
(int)((size_t)(end-cp) - keylen));
goto error;
}
+ note_crypto_pk_op(REND_CLIENT);
if (crypto_pk_public_checksig_digest(result->pk,
(char*)str,cp-str, /* data */
(char*)cp,end-cp /* signature*/
Modified: tor/trunk/src/or/rendmid.c
===================================================================
--- tor/trunk/src/or/rendmid.c 2006-10-31 04:30:26 UTC (rev 8880)
+++ tor/trunk/src/or/rendmid.c 2006-10-31 19:17:07 UTC (rev 8881)
@@ -65,6 +65,7 @@
goto err;
}
/* Rest of body: signature of previous data */
+ note_crypto_pk_op(REND_MID);
if (crypto_pk_public_checksig_digest(pk, request, 2+asn1len+DIGEST_LEN,
request+2+DIGEST_LEN+asn1len,
request_len-(2+DIGEST_LEN+asn1len))<0) {
Modified: tor/trunk/src/or/rendservice.c
===================================================================
--- tor/trunk/src/or/rendservice.c 2006-10-31 04:30:26 UTC (rev 8880)
+++ tor/trunk/src/or/rendservice.c 2006-10-31 19:17:07 UTC (rev 8881)
@@ -471,6 +471,7 @@
return -1;
}
/* Next N bytes is encrypted with service key */
+ note_crypto_pk_op(REND_SERVER);
r = crypto_pk_private_hybrid_decrypt(
service->private_key,buf,request+DIGEST_LEN,request_len-DIGEST_LEN,
PK_PKCS1_OAEP_PADDING,1);
@@ -756,6 +757,7 @@
if (crypto_digest(buf+len, auth, DIGEST_LEN+9))
goto err;
len += 20;
+ note_crypto_pk_op(REND_SERVER);
r = crypto_pk_private_sign_digest(service->private_key, buf+len, buf, len);
if (r<0) {
log_warn(LD_BUG, "Internal error: couldn't sign introduction request.");
Modified: tor/trunk/src/or/rephist.c
===================================================================
--- tor/trunk/src/or/rephist.c 2006-10-31 04:30:26 UTC (rev 8880)
+++ tor/trunk/src/or/rephist.c 2006-10-31 19:17:07 UTC (rev 8881)
@@ -934,6 +934,89 @@
return 1;
}
+static uint32_t n_signed_dir_objs = 0;
+static uint32_t n_signed_routerdescs = 0;
+static uint32_t n_verified_dir_objs = 0;
+static uint32_t n_verified_routerdescs = 0;
+static uint32_t n_onionskins_encrypted = 0;
+static uint32_t n_onionskins_decrypted = 0;
+static uint32_t n_tls_client_handshakes = 0;
+static uint32_t n_tls_server_handshakes = 0;
+static uint32_t n_rend_client_ops = 0;
+static uint32_t n_rend_mid_ops = 0;
+static uint32_t n_rend_server_ops = 0;
+
+void
+note_crypto_pk_op(pk_op_t operation)
+{
+ switch (operation)
+ {
+ case SIGN_DIR:
+ n_signed_dir_objs++;
+ break;
+ case SIGN_RTR:
+ n_signed_routerdescs++;
+ break;
+ case VERIFY_DIR:
+ n_verified_dir_objs++;
+ break;
+ case VERIFY_RTR:
+ n_verified_routerdescs++;
+ break;
+ case ENC_ONIONSKIN:
+ n_onionskins_encrypted++;
+ break;
+ case DEC_ONIONSKIN:
+ n_onionskins_decrypted++;
+ break;
+ case TLS_HANDSHAKE_C:
+ n_tls_client_handshakes++;
+ break;
+ case TLS_HANDSHAKE_S:
+ n_tls_client_handshakes++;
+ break;
+ case REND_CLIENT:
+ n_rend_client_ops++;
+ break;
+ case REND_MID:
+ n_rend_mid_ops++;
+ break;
+ case REND_SERVER:
+ n_rend_server_ops++;
+ break;
+ default:
+ log_warn(LD_BUG, "Unknown pk operation %d", operation);
+ }
+}
+
+void
+dump_pk_ops(int severity)
+{
+ log(severity, LD_GENERAL,
+ "PK operations: %lu directory objects signed, "
+ "%lu directory objects verified, "
+ "%lu routerdescs signed, "
+ "%lu routerdescs verified, "
+ "%lu onionskins encrypted, "
+ "%lu onionskins decrypted, "
+ "%lu client-side TLS handshakes, "
+ "%lu server-side TLS handshakes, "
+ "%lu rendezvous client operations, "
+ "%lu rendezvous middle operations, "
+ "%lu rendezvous server operations.",
+ (unsigned long) n_signed_dir_objs,
+ (unsigned long) n_verified_dir_objs,
+ (unsigned long) n_signed_routerdescs,
+ (unsigned long) n_verified_routerdescs,
+ (unsigned long) n_onionskins_encrypted,
+ (unsigned long) n_onionskins_decrypted,
+ (unsigned long) n_tls_client_handshakes,
+ (unsigned long) n_tls_server_handshakes,
+ (unsigned long) n_rend_client_ops,
+ (unsigned long) n_rend_mid_ops,
+ (unsigned long) n_rend_server_ops);
+}
+
/** Free all storage held by the OR/link history caches, by the
* bandwidth history arrays, or by the port history. */
void
Modified: tor/trunk/src/or/router.c
===================================================================
--- tor/trunk/src/or/router.c 2006-10-31 04:30:26 UTC (rev 8880)
+++ tor/trunk/src/or/router.c 2006-10-31 19:17:07 UTC (rev 8881)
@@ -1247,6 +1247,7 @@
if (router_get_router_hash(s, digest) < 0)
return -1;
+ note_crypto_pk_op(SIGN_RTR);
if (router_append_dirobj_signature(s+written,maxlen-written,
digest,ident_key)<0) {
log_warn(LD_BUG, "Couldn't sign router descriptor");
Modified: tor/trunk/src/or/routerparse.c
===================================================================
--- tor/trunk/src/or/routerparse.c 2006-10-31 04:30:26 UTC (rev 8880)
+++ tor/trunk/src/or/routerparse.c 2006-10-31 19:17:07 UTC (rev 8881)
@@ -396,6 +396,7 @@
log_warn(LD_DIR,"Expected a single directory signature"); goto err;
}
declared_key = find_dir_signing_key(str);
+ note_crypto_pk_op(VERIFY_DIR);
if (check_directory_signature(digest, tok, NULL, declared_key, 1)<0)
goto err;
@@ -490,6 +491,7 @@
goto err;
}
declared_key = find_dir_signing_key(str);
+ note_crypto_pk_op(VERIFY_DIR);
if (check_directory_signature(digest, tok, NULL, declared_key, 1) < 0)
goto err;
@@ -910,6 +912,7 @@
log_warn(LD_DIR, "Bad object type or length on router signature");
goto err;
}
+ note_crypto_pk_op(VERIFY_RTR);
if ((t=crypto_pk_public_checksig(router->identity_pkey, signed_digest,
tok->object_body, 128)) != 20) {
log_warn(LD_DIR, "Invalid signature %d",t);
@@ -1264,6 +1267,7 @@
goto err;
}
+ note_crypto_pk_op(VERIFY_DIR);
if (check_directory_signature(ns_digest, tok, NULL, ns->signing_key, 0))
goto err;
More information about the tor-commits
mailing list