|
@@ -1,7 +1,12 @@ |
|
|
|
|
|
#include <unistd.h> |
|
|
|
|
|
#include <string.h> |
|
|
|
|
|
|
|
|
#include <netinet/tcp.h> |
|
|
#include <netinet/tcp.h> |
|
|
#include <sys/socket.h> |
|
|
#include <sys/socket.h> |
|
|
#include <arpa/inet.h> |
|
|
#include <arpa/inet.h> |
|
|
|
|
|
|
|
|
|
|
|
#include <time.h> |
|
|
|
|
|
|
|
|
// include/ path is here for a reason - to make sure we compile against boringssl (temporary solution) |
|
|
// include/ path is here for a reason - to make sure we compile against boringssl (temporary solution) |
|
|
#include <include/openssl/rand.h> |
|
|
#include <include/openssl/rand.h> |
|
|
#include <include/openssl/ssl.h> |
|
|
#include <include/openssl/ssl.h> |
|
@@ -98,6 +103,58 @@ static int accept_once(void) { |
|
|
return client; |
|
|
return client; |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
struct st_t { |
|
|
|
|
|
uint64_t duration; |
|
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
|
|
static uint64_t time_now() { |
|
|
|
|
|
struct timespec ts; |
|
|
|
|
|
clock_gettime(CLOCK_MONOTONIC, &ts); |
|
|
|
|
|
return ts.tv_sec * 1000000000 + ts.tv_nsec; |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// Starts counting time after key has been generated on client side |
|
|
|
|
|
static void after_keygen_handshake_time(const SSL *ssl, int type, int value) { |
|
|
|
|
|
|
|
|
|
|
|
static const char* ss_exp = "send_server_hello"; |
|
|
|
|
|
// OZAPTF: should be static |
|
|
|
|
|
const size_t ss_exp_len = strlen(ss_exp); |
|
|
|
|
|
|
|
|
|
|
|
switch (type) { |
|
|
|
|
|
case SSL_CB_ACCEPT_LOOP: { |
|
|
|
|
|
const char* ss = SSL_state_string_long(ssl); |
|
|
|
|
|
size_t ss_len = strlen(ss); |
|
|
|
|
|
// OZAPTF: jak to zrobic to porzadnie? |
|
|
|
|
|
if ((ss_len >= strlen(ss_exp)) && |
|
|
|
|
|
!memcmp(ss_exp, &ss[ss_len-ss_exp_len], ss_exp_len)) { |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
struct st_t *data = |
|
|
|
|
|
(struct st_t*) SSL_get_ex_data(ssl, SSL_CONN_DATA); |
|
|
|
|
|
if (!data) { |
|
|
|
|
|
return; |
|
|
|
|
|
} |
|
|
|
|
|
data->duration = time_now(); |
|
|
|
|
|
} |
|
|
|
|
|
break; |
|
|
|
|
|
} |
|
|
|
|
|
case SSL_CB_HANDSHAKE_DONE: { |
|
|
|
|
|
struct st_t *data = |
|
|
|
|
|
(struct st_t*) SSL_get_ex_data(ssl, SSL_CONN_DATA); |
|
|
|
|
|
|
|
|
|
|
|
if (!data->duration) { |
|
|
|
|
|
// if initial time not set, then do not report |
|
|
|
|
|
return; |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
printf("SH to FIN duration [%s]> %lu\n", |
|
|
|
|
|
SSL_get_curve_name(SSL_get_curve_id(ssl)), |
|
|
|
|
|
time_now() - data->duration); |
|
|
|
|
|
} |
|
|
|
|
|
default: ;; |
|
|
|
|
|
} |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
static SSL_CTX* setup_server_ctx(const char* cert_name) { |
|
|
static SSL_CTX* setup_server_ctx(const char* cert_name) { |
|
|
SSL_CTX* ctx = SSL_CTX_new(TLS_method()); |
|
|
SSL_CTX* ctx = SSL_CTX_new(TLS_method()); |
|
|
assert(ctx); |
|
|
assert(ctx); |
|
@@ -123,6 +180,7 @@ static SSL_CTX* setup_server_ctx(const char* cert_name) { |
|
|
ERR("Enforcing protocol to TLSv1.2"); |
|
|
ERR("Enforcing protocol to TLSv1.2"); |
|
|
|
|
|
|
|
|
} |
|
|
} |
|
|
|
|
|
SSL_CTX_set_info_callback(ctx, after_keygen_handshake_time); |
|
|
return ctx; |
|
|
return ctx; |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
@@ -211,6 +269,8 @@ int main(int argc, char *argv[]) |
|
|
DBG("Error creating SSL context"); |
|
|
DBG("Error creating SSL context"); |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
struct st_t data = {0}; |
|
|
|
|
|
SSL_set_ex_data(ssl, SSL_CONN_DATA, (void*)&data); |
|
|
SSL_set_fd(ssl, fd); |
|
|
SSL_set_fd(ssl, fd); |
|
|
ret = SSL_accept(ssl); |
|
|
ret = SSL_accept(ssl); |
|
|
if (ret<=0) { |
|
|
if (ret<=0) { |
|
|