From c78bc6101d1fdecd6ff4ada83b183ab722fe845e Mon Sep 17 00:00:00 2001 From: Henry Case Date: Tue, 20 Aug 2019 11:24:26 +0100 Subject: [PATCH] Implement SH to FIN duration --- bssl_perf/Makefile | 2 +- bssl_perf/src/client.c | 23 ++++++++++++++++ bssl_perf/src/common.h | 1 + bssl_perf/src/server.c | 60 ++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 85 insertions(+), 1 deletion(-) diff --git a/bssl_perf/Makefile b/bssl_perf/Makefile index 70a14c0..a31cef6 100644 --- a/bssl_perf/Makefile +++ b/bssl_perf/Makefile @@ -12,7 +12,7 @@ else DEBUG = -O3 -g endif -CFLAGS = -std=c99 +CFLAGS = -std=c99 -D_POSIX_C_SOURCE=199309L CFLAGS+= $(DEBUG) CFLAGS+= -I$(BORINGSSL_DIR)/ -I$(BORINGSSL_DIR)/include diff --git a/bssl_perf/src/client.c b/bssl_perf/src/client.c index 5eacadf..687f2ea 100644 --- a/bssl_perf/src/client.c +++ b/bssl_perf/src/client.c @@ -10,6 +10,28 @@ unsigned char rw_buf[BUFFER_SIZE]; static const char* DefaultCurves = "CECPQ2b:CECPQ2:X25519"; static const uint16_t TLS_PROT_VERSION = TLS1_3_VERSION; +// This is just for testing server hello duration +static void after_keygen_handshake_time(const SSL *ssl, int type, int value) { + + static const char* ss_exp = "TLS 1.3 client read_server_hello"; + // OZAPTF: should be static + const size_t ss_exp_len = strlen(ss_exp); + + switch (type) { + case SSL_CB_CONNECT_LOOP: { + const char* ss = SSL_state_string_long(ssl); + size_t ss_len = strlen(ss); + // OZAPTF: jak to zrobic to porzadnie? + if ((ss_len >= strlen(ss_exp)) && + !memcmp(ss_exp, &ss[ss_len-ss_exp_len], ss_exp_len)) { + printf("%s\n", SSL_state_string_long(ssl)); + getchar(); + } + break; + } + default: ;; + } +} SSL_CTX *setup_client_ctx(const char* curves) { SSL_CTX* ctx = NULL; @@ -31,6 +53,7 @@ SSL_CTX *setup_client_ctx(const char* curves) } SSL_CTX_enable_pq_experiment_signal(ctx); + //SSL_CTX_set_info_callback(ctx, after_keygen_handshake_time); return ctx; } diff --git a/bssl_perf/src/common.h b/bssl_perf/src/common.h index 48842cd..34c4145 100644 --- a/bssl_perf/src/common.h +++ b/bssl_perf/src/common.h @@ -10,6 +10,7 @@ #endif #define PORT 1443 +#define SSL_CONN_DATA 0x01 #define SERVER "localhost" #define CLIENT "localhost" #define CACERT "etc/ca/ca.cert.pem" diff --git a/bssl_perf/src/server.c b/bssl_perf/src/server.c index e7c993c..45b31a0 100644 --- a/bssl_perf/src/server.c +++ b/bssl_perf/src/server.c @@ -1,7 +1,12 @@ +#include +#include + #include #include #include +#include + // include/ path is here for a reason - to make sure we compile against boringssl (temporary solution) #include #include @@ -98,6 +103,58 @@ static int accept_once(void) { return client; } +struct st_t { + uint64_t duration; +}; + +static uint64_t time_now() { + struct timespec ts; + clock_gettime(CLOCK_MONOTONIC, &ts); + return ts.tv_sec * 1000000000 + ts.tv_nsec; +} + +// Starts counting time after key has been generated on client side +static void after_keygen_handshake_time(const SSL *ssl, int type, int value) { + + static const char* ss_exp = "send_server_hello"; + // OZAPTF: should be static + const size_t ss_exp_len = strlen(ss_exp); + + switch (type) { + case SSL_CB_ACCEPT_LOOP: { + const char* ss = SSL_state_string_long(ssl); + size_t ss_len = strlen(ss); + // OZAPTF: jak to zrobic to porzadnie? + if ((ss_len >= strlen(ss_exp)) && + !memcmp(ss_exp, &ss[ss_len-ss_exp_len], ss_exp_len)) { + + + struct st_t *data = + (struct st_t*) SSL_get_ex_data(ssl, SSL_CONN_DATA); + if (!data) { + return; + } + data->duration = time_now(); + } + break; + } + case SSL_CB_HANDSHAKE_DONE: { + struct st_t *data = + (struct st_t*) SSL_get_ex_data(ssl, SSL_CONN_DATA); + + if (!data->duration) { + // if initial time not set, then do not report + return; + } + + printf("SH to FIN duration [%s]> %lu\n", + SSL_get_curve_name(SSL_get_curve_id(ssl)), + time_now() - data->duration); + } + default: ;; + } +} + static SSL_CTX* setup_server_ctx(const char* cert_name) { SSL_CTX* ctx = SSL_CTX_new(TLS_method()); assert(ctx); @@ -123,6 +180,7 @@ static SSL_CTX* setup_server_ctx(const char* cert_name) { ERR("Enforcing protocol to TLSv1.2"); } + SSL_CTX_set_info_callback(ctx, after_keygen_handshake_time); return ctx; } @@ -211,6 +269,8 @@ int main(int argc, char *argv[]) DBG("Error creating SSL context"); } + struct st_t data = {0}; + SSL_set_ex_data(ssl, SSL_CONN_DATA, (void*)&data); SSL_set_fd(ssl, fd); ret = SSL_accept(ssl); if (ret<=0) {