2 измењених фајлова са 34 додато и 20 уклоњено
Један поглед
Diff Options
-
+2 -2bssl_perf/src/common.h
-
+32 -18bssl_perf/src/server.c
+ 2
- 2
bssl_perf/src/common.h
Прегледај датотеку
| @@ -10,8 +10,8 @@ | |||||
| #endif | #endif | ||||
| #define PORT 1443 | #define PORT 1443 | ||||
| #define SSL_CONN_DATA 0x01 | |||||
| #define SSL_DEF_CB 0x02 | |||||
| #define SSL_CONN_DATA 0x01 | |||||
| #define SSL_DEF_CB 0x02 | |||||
| #define SERVER "localhost" | #define SERVER "localhost" | ||||
| #define CLIENT "localhost" | #define CLIENT "localhost" | ||||
| #define CACERT "etc/ca/ca.cert.pem" | #define CACERT "etc/ca/ca.cert.pem" | ||||
+ 32
- 18
bssl_perf/src/server.c
Прегледај датотеку
| @@ -18,6 +18,7 @@ | |||||
| // Enforce this protocol version | // Enforce this protocol version | ||||
| #define TLS_PROT_VERSION TLS1_3_VERSION | #define TLS_PROT_VERSION TLS1_3_VERSION | ||||
| static const int Curves[3] = {NID_CECPQ2, NID_CECPQ2b, NID_X25519}; | static const int Curves[3] = {NID_CECPQ2, NID_CECPQ2b, NID_X25519}; | ||||
| int ssl_data_idx_def_cb = -1; | |||||
| static const struct CertDesc_t { | static const struct CertDesc_t { | ||||
| const char* arg; | const char* arg; | ||||
| @@ -104,7 +105,8 @@ static int accept_once(void) { | |||||
| } | } | ||||
| struct st_t { | struct st_t { | ||||
| uint64_t duration; | |||||
| uint64_t start; | |||||
| uint64_t stop; | |||||
| }; | }; | ||||
| static uint64_t time_now() { | static uint64_t time_now() { | ||||
| @@ -122,7 +124,7 @@ static void chained_cb(const SSL *ssl, int type, int value) { | |||||
| //printf("CHAINED > \n"); | //printf("CHAINED > \n"); | ||||
| ngx_default_info_cb_t cb = | ngx_default_info_cb_t cb = | ||||
| SSL_CTX_get_ex_data( | SSL_CTX_get_ex_data( | ||||
| SSL_get_SSL_CTX(ssl), SSL_DEF_CB); | |||||
| SSL_get_SSL_CTX(ssl), ssl_data_idx_def_cb); | |||||
| if (cb) { | if (cb) { | ||||
| cb(ssl,type,value); | cb(ssl,type,value); | ||||
| @@ -131,24 +133,35 @@ static void chained_cb(const SSL *ssl, int type, int value) { | |||||
| static void after_keygen_handshake_time(const SSL *ssl, int type, int value) { | static void after_keygen_handshake_time(const SSL *ssl, int type, int value) { | ||||
| static const char* ss_exp = "send_server_hello"; | |||||
| static const size_t ss_exp_len = 17; | |||||
| static const char ss1_exp[] = "send_server_hello"; | |||||
| static const char rr1_exp[] = "read_second_client_flight"; | |||||
| static const char rr2_exp[] = "read_client_finished"; | |||||
| #define IS_STATE(exp) ( \ | |||||
| (ss_len >= (ARRAY_SIZE(exp)-1)) \ | |||||
| && (!memcmp(exp, &ss[ss_len - (ARRAY_SIZE(exp) - 1)], ARRAY_SIZE(exp)-1))) | |||||
| struct st_t *data = | |||||
| (struct st_t*) SSL_get_ex_data(ssl, SSL_CONN_DATA); | |||||
| if (!data) { | |||||
| return; | |||||
| } | |||||
| switch (type) { | switch (type) { | ||||
| case SSL_CB_ACCEPT_LOOP: { | case SSL_CB_ACCEPT_LOOP: { | ||||
| const char* ss = SSL_state_string_long(ssl); | const char* ss = SSL_state_string_long(ssl); | ||||
| size_t ss_len = strlen(ss); | size_t ss_len = strlen(ss); | ||||
| // OZAPTF: jak to zrobic to porzadnie? | |||||
| if ((ss_len >= strlen(ss_exp)) && | |||||
| !memcmp(ss_exp, &ss[ss_len-ss_exp_len], ss_exp_len)) { | |||||
| if (IS_STATE(ss1_exp)) { | |||||
| struct st_t *data = | struct st_t *data = | ||||
| (struct st_t*) SSL_get_ex_data(ssl, SSL_CONN_DATA); | (struct st_t*) SSL_get_ex_data(ssl, SSL_CONN_DATA); | ||||
| if (!data) { | |||||
| data->start = time_now(); | |||||
| } else if (!data->stop && (IS_STATE(rr1_exp) || IS_STATE(rr2_exp))) { | |||||
| if (!data->start) { | |||||
| // if initial time not set, then do not report | |||||
| assert(0); | |||||
| return; | return; | ||||
| } | } | ||||
| data->duration = time_now(); | |||||
| data->stop = time_now(); | |||||
| } | } | ||||
| break; | break; | ||||
| } | } | ||||
| @@ -156,17 +169,16 @@ static void after_keygen_handshake_time(const SSL *ssl, int type, int value) { | |||||
| struct st_t *data = | struct st_t *data = | ||||
| (struct st_t*) SSL_get_ex_data(ssl, SSL_CONN_DATA); | (struct st_t*) SSL_get_ex_data(ssl, SSL_CONN_DATA); | ||||
| if (!data->duration) { | |||||
| if (!data->start || !data->stop) { | |||||
| // if initial time not set, then do not report | // if initial time not set, then do not report | ||||
| assert(0); | |||||
| return; | return; | ||||
| } | } | ||||
| printf("SH to FIN duration [%s]> %lu\n", | |||||
| SSL_get_curve_name(SSL_get_curve_id(ssl)), | |||||
| time_now() - data->duration); | |||||
| printf("SH to FIN duration; %lu\n", data->stop - data->start); | |||||
| } | } | ||||
| default: ;; | default: ;; | ||||
| } | } | ||||
| #undef IS_STATE | |||||
| } | } | ||||
| static SSL_CTX* setup_server_ctx(const char* cert_name) { | static SSL_CTX* setup_server_ctx(const char* cert_name) { | ||||
| @@ -185,7 +197,7 @@ static SSL_CTX* setup_server_ctx(const char* cert_name) { | |||||
| ERR("Error setting cipher list"); | ERR("Error setting cipher list"); | ||||
| } | } | ||||
| if (!SSL_CTX_set1_curves(ctx, c->curves, 3)) { | |||||
| if (!SSL_CTX_set1_curves(ctx, c->curves, ARRAY_SIZE(Curves))) { | |||||
| ERR("Enforcing curve"); | ERR("Enforcing curve"); | ||||
| } | } | ||||
| @@ -194,9 +206,11 @@ static SSL_CTX* setup_server_ctx(const char* cert_name) { | |||||
| ERR("Enforcing protocol to TLSv1.2"); | ERR("Enforcing protocol to TLSv1.2"); | ||||
| } | } | ||||
| ssl_data_idx_def_cb = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); | |||||
| SSL_CTX_set_info_callback(ctx, after_keygen_handshake_time); | SSL_CTX_set_info_callback(ctx, after_keygen_handshake_time); | ||||
| ngx_default_info_cb_t cb = SSL_CTX_get_info_callback(ctx); | ngx_default_info_cb_t cb = SSL_CTX_get_info_callback(ctx); | ||||
| SSL_CTX_set_ex_data(ctx, SSL_DEF_CB, (void*)cb); | |||||
| SSL_CTX_set_ex_data(ctx, ssl_data_idx_def_cb, (void*)cb); | |||||
| SSL_CTX_set_info_callback(ctx, chained_cb); | SSL_CTX_set_info_callback(ctx, chained_cb); | ||||
| return ctx; | return ctx; | ||||
| } | } | ||||