[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r8881: Dump breakdown of PK operations when we get a USR2 signal. T (in tor/trunk: . src/or)



Author: nickm
Date: 2006-10-31 14:17:07 -0500 (Tue, 31 Oct 2006)
New Revision: 8881

Modified:
   tor/trunk/
   tor/trunk/ChangeLog
   tor/trunk/src/or/connection_or.c
   tor/trunk/src/or/dirserv.c
   tor/trunk/src/or/main.c
   tor/trunk/src/or/onion.c
   tor/trunk/src/or/or.h
   tor/trunk/src/or/rendclient.c
   tor/trunk/src/or/rendcommon.c
   tor/trunk/src/or/rendmid.c
   tor/trunk/src/or/rendservice.c
   tor/trunk/src/or/rephist.c
   tor/trunk/src/or/router.c
   tor/trunk/src/or/routerparse.c
Log:
 r9449@Kushana:  nickm | 2006-10-31 00:12:02 -0500
 Dump breakdown of PK operations when we get a USR2 signal.  This should help us figure out of we are doing some of them for stupid reasons.



Property changes on: tor/trunk
___________________________________________________________________
 svk:merge ticket from /tor/trunk [r9449] on c95137ef-5f19-0410-b913-86e773d04f59

Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog	2006-10-31 04:30:26 UTC (rev 8880)
+++ tor/trunk/ChangeLog	2006-10-31 19:17:07 UTC (rev 8881)
@@ -1,3 +1,8 @@
+Changes in version 0.1.2.4-alpha - 2006-11-??
+  o Minor Features
+    - Add breakdown of public key operations to dumped statistics.
+
+
 Changes in version 0.1.2.3-alpha - 2006-10-29
   o Minor features:
     - Prepare for servers to publish descriptors less often: never

Modified: tor/trunk/src/or/connection_or.c
===================================================================
--- tor/trunk/src/or/connection_or.c	2006-10-31 04:30:26 UTC (rev 8880)
+++ tor/trunk/src/or/connection_or.c	2006-10-31 19:17:07 UTC (rev 8881)
@@ -488,6 +488,8 @@
   }
   connection_start_reading(TO_CONN(conn));
   log_debug(LD_OR,"starting TLS handshake on fd %d", conn->_base.s);
+  note_crypto_pk_op(receiving ? TLS_HANDSHAKE_S : TLS_HANDSHAKE_C);
+
   if (connection_tls_continue_handshake(conn) < 0) {
     return -1;
   }

Modified: tor/trunk/src/or/dirserv.c
===================================================================
--- tor/trunk/src/or/dirserv.c	2006-10-31 04:30:26 UTC (rev 8880)
+++ tor/trunk/src/or/dirserv.c	2006-10-31 19:17:07 UTC (rev 8881)
@@ -904,6 +904,7 @@
     tor_free(buf);
     return -1;
   }
+  note_crypto_pk_op(SIGN_DIR);
   if (router_append_dirobj_signature(buf,buf_len,digest,private_key)<0) {
     tor_free(buf);
     return -1;
@@ -1235,6 +1236,7 @@
     log_warn(LD_BUG,"couldn't compute digest");
     goto err;
   }
+  note_crypto_pk_op(SIGN_DIR);
   if (router_append_dirobj_signature(s, len, digest, private_key)<0)
     goto err;
 
@@ -1544,6 +1546,7 @@
     goto done;
   }
 
+  note_crypto_pk_op(SIGN_DIR);
   if (router_append_dirobj_signature(outp,endp-outp,digest,private_key)<0) {
     log_warn(LD_BUG, "Unable to sign router status.");
     goto done;

Modified: tor/trunk/src/or/main.c
===================================================================
--- tor/trunk/src/or/main.c	2006-10-31 04:30:26 UTC (rev 8880)
+++ tor/trunk/src/or/main.c	2006-10-31 19:17:07 UTC (rev 8881)
@@ -1435,6 +1435,7 @@
 
   rep_hist_dump_stats(now,severity);
   rend_service_dump_stats(severity);
+  dump_pk_ops(severity);
 }
 
 /** Called by exit() as we shut down the process.

Modified: tor/trunk/src/or/onion.c
===================================================================
--- tor/trunk/src/or/onion.c	2006-10-31 04:30:26 UTC (rev 8880)
+++ tor/trunk/src/or/onion.c	2006-10-31 19:17:07 UTC (rev 8881)
@@ -196,6 +196,8 @@
   puts("");
 #endif
 
+  note_crypto_pk_op(ENC_ONIONSKIN);
+
   /* set meeting point, meeting cookie, etc here. Leave zero for now. */
   if (crypto_pk_public_hybrid_encrypt(dest_router_key, onion_skin_out,
                                       challenge, DH_KEY_LEN,
@@ -237,6 +239,7 @@
     k = i==0?private_key:prev_private_key;
     if (!k)
       break;
+    note_crypto_pk_op(DEC_ONIONSKIN);
     len = crypto_pk_private_hybrid_decrypt(k, challenge,
                                            onion_skin, ONIONSKIN_CHALLENGE_LEN,
                                            PK_PKCS1_OAEP_PADDING,0);

Modified: tor/trunk/src/or/or.h
===================================================================
--- tor/trunk/src/or/or.h	2006-10-31 04:30:26 UTC (rev 8880)
+++ tor/trunk/src/or/or.h	2006-10-31 19:17:07 UTC (rev 8881)
@@ -2408,6 +2408,16 @@
 int any_predicted_circuits(time_t now);
 int rep_hist_circbuilding_dormant(time_t now);
 
+typedef enum {
+  SIGN_DIR, SIGN_RTR,
+  VERIFY_DIR, VERIFY_RTR,
+  ENC_ONIONSKIN, DEC_ONIONSKIN,
+  TLS_HANDSHAKE_C, TLS_HANDSHAKE_S,
+  REND_CLIENT, REND_MID, REND_SERVER,
+} pk_op_t;
+void note_crypto_pk_op(pk_op_t operation);
+void dump_pk_ops(int severity);
+
 void rep_hist_free_all(void);
 
 /********************************* rendclient.c ***************************/

Modified: tor/trunk/src/or/rendclient.c
===================================================================
--- tor/trunk/src/or/rendclient.c	2006-10-31 04:30:26 UTC (rev 8880)
+++ tor/trunk/src/or/rendclient.c	2006-10-31 19:17:07 UTC (rev 8881)
@@ -129,6 +129,7 @@
     goto err;
   }
 
+  note_crypto_pk_op(REND_CLIENT);
   /*XXX maybe give crypto_pk_public_hybrid_encrypt a max_len arg,
    * to avoid buffer overflows? */
   r = crypto_pk_public_hybrid_encrypt(entry->parsed->pk, payload+DIGEST_LEN,

Modified: tor/trunk/src/or/rendcommon.c
===================================================================
--- tor/trunk/src/or/rendcommon.c	2006-10-31 04:30:26 UTC (rev 8880)
+++ tor/trunk/src/or/rendcommon.c	2006-10-31 19:17:07 UTC (rev 8881)
@@ -97,6 +97,7 @@
       cp += 6+DIGEST_LEN+2+klen;
     }
   }
+  note_crypto_pk_op(REND_SERVER);
   i = crypto_pk_private_sign_digest(key, cp, *str_out, cp-*str_out);
   if (i<0) {
     tor_free(*str_out);
@@ -198,6 +199,7 @@
              (int)((size_t)(end-cp) - keylen));
     goto error;
   }
+  note_crypto_pk_op(REND_CLIENT);
   if (crypto_pk_public_checksig_digest(result->pk,
                                        (char*)str,cp-str, /* data */
                                        (char*)cp,end-cp  /* signature*/

Modified: tor/trunk/src/or/rendmid.c
===================================================================
--- tor/trunk/src/or/rendmid.c	2006-10-31 04:30:26 UTC (rev 8880)
+++ tor/trunk/src/or/rendmid.c	2006-10-31 19:17:07 UTC (rev 8881)
@@ -65,6 +65,7 @@
     goto err;
   }
   /* Rest of body: signature of previous data */
+  note_crypto_pk_op(REND_MID);
   if (crypto_pk_public_checksig_digest(pk, request, 2+asn1len+DIGEST_LEN,
                                        request+2+DIGEST_LEN+asn1len,
                                        request_len-(2+DIGEST_LEN+asn1len))<0) {

Modified: tor/trunk/src/or/rendservice.c
===================================================================
--- tor/trunk/src/or/rendservice.c	2006-10-31 04:30:26 UTC (rev 8880)
+++ tor/trunk/src/or/rendservice.c	2006-10-31 19:17:07 UTC (rev 8881)
@@ -471,6 +471,7 @@
     return -1;
   }
   /* Next N bytes is encrypted with service key */
+  note_crypto_pk_op(REND_SERVER);
   r = crypto_pk_private_hybrid_decrypt(
        service->private_key,buf,request+DIGEST_LEN,request_len-DIGEST_LEN,
        PK_PKCS1_OAEP_PADDING,1);
@@ -756,6 +757,7 @@
   if (crypto_digest(buf+len, auth, DIGEST_LEN+9))
     goto err;
   len += 20;
+  note_crypto_pk_op(REND_SERVER);
   r = crypto_pk_private_sign_digest(service->private_key, buf+len, buf, len);
   if (r<0) {
     log_warn(LD_BUG, "Internal error: couldn't sign introduction request.");

Modified: tor/trunk/src/or/rephist.c
===================================================================
--- tor/trunk/src/or/rephist.c	2006-10-31 04:30:26 UTC (rev 8880)
+++ tor/trunk/src/or/rephist.c	2006-10-31 19:17:07 UTC (rev 8881)
@@ -934,6 +934,89 @@
   return 1;
 }
 
+static uint32_t n_signed_dir_objs = 0;
+static uint32_t n_signed_routerdescs = 0;
+static uint32_t n_verified_dir_objs = 0;
+static uint32_t n_verified_routerdescs = 0;
+static uint32_t n_onionskins_encrypted = 0;
+static uint32_t n_onionskins_decrypted = 0;
+static uint32_t n_tls_client_handshakes = 0;
+static uint32_t n_tls_server_handshakes = 0;
+static uint32_t n_rend_client_ops = 0;
+static uint32_t n_rend_mid_ops = 0;
+static uint32_t n_rend_server_ops = 0;
+
+void
+note_crypto_pk_op(pk_op_t operation)
+{
+  switch (operation)
+    {
+    case SIGN_DIR:
+      n_signed_dir_objs++;
+      break;
+    case SIGN_RTR:
+      n_signed_routerdescs++;
+      break;
+    case VERIFY_DIR:
+      n_verified_dir_objs++;
+      break;
+    case VERIFY_RTR:
+      n_verified_routerdescs++;
+      break;
+    case ENC_ONIONSKIN:
+      n_onionskins_encrypted++;
+      break;
+    case DEC_ONIONSKIN:
+      n_onionskins_decrypted++;
+      break;
+    case TLS_HANDSHAKE_C:
+      n_tls_client_handshakes++;
+      break;
+    case TLS_HANDSHAKE_S:
+      n_tls_client_handshakes++;
+      break;
+    case REND_CLIENT:
+      n_rend_client_ops++;
+      break;
+    case REND_MID:
+      n_rend_mid_ops++;
+      break;
+    case REND_SERVER:
+      n_rend_server_ops++;
+      break;
+    default:
+      log_warn(LD_BUG, "Unknown pk operation %d", operation);
+  }
+}
+
+void
+dump_pk_ops(int severity)
+{
+  log(severity, LD_GENERAL,
+      "PK operations: %lu directory objects signed, "
+      "%lu directory objects verified, "
+      "%lu routerdescs signed, "
+      "%lu routerdescs verified, "
+      "%lu onionskins encrypted, "
+      "%lu onionskins decrypted, "
+      "%lu client-side TLS handshakes, "
+      "%lu server-side TLS handshakes, "
+      "%lu rendezvous client operations, "
+      "%lu rendezvous middle operations, "
+      "%lu rendezvous server operations.",
+      (unsigned long) n_signed_dir_objs,
+      (unsigned long) n_verified_dir_objs,
+      (unsigned long) n_signed_routerdescs,
+      (unsigned long) n_verified_routerdescs,
+      (unsigned long) n_onionskins_encrypted,
+      (unsigned long) n_onionskins_decrypted,
+      (unsigned long) n_tls_client_handshakes,
+      (unsigned long) n_tls_server_handshakes,
+      (unsigned long) n_rend_client_ops,
+      (unsigned long) n_rend_mid_ops,
+      (unsigned long) n_rend_server_ops);
+}
+
 /** Free all storage held by the OR/link history caches, by the
  * bandwidth history arrays, or by the port history. */
 void

Modified: tor/trunk/src/or/router.c
===================================================================
--- tor/trunk/src/or/router.c	2006-10-31 04:30:26 UTC (rev 8880)
+++ tor/trunk/src/or/router.c	2006-10-31 19:17:07 UTC (rev 8881)
@@ -1247,6 +1247,7 @@
   if (router_get_router_hash(s, digest) < 0)
     return -1;
 
+  note_crypto_pk_op(SIGN_RTR);
   if (router_append_dirobj_signature(s+written,maxlen-written,
                                      digest,ident_key)<0) {
     log_warn(LD_BUG, "Couldn't sign router descriptor");

Modified: tor/trunk/src/or/routerparse.c
===================================================================
--- tor/trunk/src/or/routerparse.c	2006-10-31 04:30:26 UTC (rev 8880)
+++ tor/trunk/src/or/routerparse.c	2006-10-31 19:17:07 UTC (rev 8881)
@@ -396,6 +396,7 @@
     log_warn(LD_DIR,"Expected a single directory signature"); goto err;
   }
   declared_key = find_dir_signing_key(str);
+  note_crypto_pk_op(VERIFY_DIR);
   if (check_directory_signature(digest, tok, NULL, declared_key, 1)<0)
     goto err;
 
@@ -490,6 +491,7 @@
     goto err;
   }
   declared_key = find_dir_signing_key(str);
+  note_crypto_pk_op(VERIFY_DIR);
   if (check_directory_signature(digest, tok, NULL, declared_key, 1) < 0)
     goto err;
 
@@ -910,6 +912,7 @@
     log_warn(LD_DIR, "Bad object type or length on router signature");
     goto err;
   }
+  note_crypto_pk_op(VERIFY_RTR);
   if ((t=crypto_pk_public_checksig(router->identity_pkey, signed_digest,
                                    tok->object_body, 128)) != 20) {
     log_warn(LD_DIR, "Invalid signature %d",t);
@@ -1264,6 +1267,7 @@
     goto err;
   }
 
+  note_crypto_pk_op(VERIFY_DIR);
   if (check_directory_signature(ns_digest, tok, NULL, ns->signing_key, 0))
     goto err;