EldoS | Feel safer!

Software components for data protection, secure storage and transfer

CPU usage

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
#8212
Posted: 11/17/2008 23:34:49
by Scratch  (Standard support level)
Joined: 02/07/2008
Posts: 34

Hi, i have a question about percentage of cpu loading, while using ssl sockets with client certificate validation. I am pretty shure that using cryptography anyway will produce significant cpu consumption, but i want to know your opinion according to this statement
this is my server-side code (c#)

Code
/*initialization */
client.Versions = SBConstants.Unit.sbTLS1 | SBConstants.Unit.sbTLS11 | SBConstants.Unit.sbTLS12;
client.ClientAuthentication = true;

/*validation callback*/
private void sslServer_CertificateValidate(object Sender,
            TElX509Certificate X509Certificate, ref bool Validate)
        {
            int reason = 0;
            Validate = client.CertStorage.Validate(X509Certificate, ref reason, false, DateTime.Now) == TSBCertificateValidity.cvOk;
            if (!Validate) client.Close(true);
            FingerPrint = SBUtils.Unit.DigestToStr160(X509Certificate.GetHashSHA1(), false);
        }

then i make an infinite loop of client requests (client is written in c#, with using of standart .net libraries), that are made sequentally (from one thread),
as i have known, .net allows usage of rc4 with md5 suite The time of request processing is something about 120+ milliseconds, that is pretty normal for me, and the average cpu loading is about 13%. The algorithm of client request processing doesnt have any code that can lead to it, so a can made a conclusion, that the reason is cryptography. Nevertheless it is not a bad thing, but i want to know- can i make it better?
i have CPU C2D 2.2 GHz, 2 GB RAM, Windows XP SP3 SecureBlackbox - version 6.0.144
#8213
Posted: 11/18/2008 03:42:20
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

Are you using RSA or DSA client certificates? DSA signature validation is 5-10 times slower than RSA validation. It's the first time consuming method, and the second is generation of signature by the server. In this case you'd better use DSA server certificate, because DSA signature generation is faster 2-4 times than RSA.
And other cryptography methods (key expansion and so) will also require some time.
#8214
Posted: 11/18/2008 09:42:42
by Eugene Mayevski (EldoS Corp.)

When we measured speed in VCL edition (native Windows code), handshake took about 35-40 ms. So the slower speed might be also caused by managed code.


Sincerely yours
Eugene Mayevski
#8233
Posted: 11/21/2008 05:18:25
by Scratch  (Standard support level)
Joined: 02/07/2008
Posts: 34

Thanks for the help. I've tried DSA but it was even worse. Decided to keep using RSA-1024 until ECC will be available )
#8297
Posted: 11/27/2008 23:18:40
by Scratch  (Standard support level)
Joined: 02/07/2008
Posts: 34

Hi again I have tried to apply your advices, but the result,in general, was the same. So, i have made an upgrade to you latest (6.1.149) version of SBB, and behaviour of CPU loading has changed greatly - now i can see a significant deviations - my cpu loading value is jumping randomly.. for example from 2% to 33% (decreasing is also possible ) So i am a bit confused about it (in general, i have appreciated it as a mark of instability(?)
) What can it be? And one more problem- a have made 22 clients continiously sending requests to my server, and when each of them have made something about 1.3K requests (request serving time is about 1-2 second, and it is a normal value for the task which server is supposed to process) a have faced with a SystemAccessViolationException
StackTrace :
" System.Array.IndexOf(Array array, Object value, Int32 startIndex, Int32 count) at System.Collections.ArrayList.IndexOf(Object value) at SBCryptoProvBuiltIn.TElBuiltInCryptoProvider.ReleaseKey(TElCustomCryptoKey& Key) at SBPublicKeyCrypto.TElPublicKeyMaterial.Dispose(Boolean Disposing) at SBPublicKeyCrypto.TElRSAKeyMaterial.Dispose(Boolean Disposing) at SBUtils.TSBDisposableBase.Dispose() at SBUtils.__Global.FreeAndNil(Object& Obj) at SBX509.TElX509Certificate.ClearData() at SBX509.TElX509Certificate.Dispose(Boolean Disposing) at System.ComponentModel.Component.Dispose() at SBUtils.TSBDisposableObjectList.Clear() at SBUtils.__Global.FreeAndNil(Object& Obj) at SBCustomCertStorage.TElMemoryCertStorage.Dispose(Boolean Disposing) at System.ComponentModel.Component.Dispose() at SBUtils.__Global.FreeAndNil(Object& Obj) at SBServer.TElSecureServer.Dispose(Boolean Disposing) at System.ComponentModel.Component.Dispose() at SecureBlackbox.SSLSocket.Server.ElServerSSLSocket.Dispose(Boolean Disposing) at SecureBlackbox.SSLSocket.Server.ElServerSSLSocket.Finalize()"
Any suggestions will be appreciated.
#8298
Posted: 11/28/2008 01:00:14
by Ken Ivanov (EldoS Corp.)

Quote
my cpu loading value is jumping randomly.

SSL handshake consists of both CPU-consuming and non-CPU-consuming operations, so CPU load might jump. Besides, it is possible that JIT compiler performs some run-time optimizations too.

Quote
have faced with a SystemAccessViolationException

Thank you for reporting this. We will try to reproduce the issue in our conditions.

BTW, don't you have a small project that could help to reproduce the issue?
#8353
Posted: 12/03/2008 05:13:29
by Scratch  (Standard support level)
Joined: 02/07/2008
Posts: 34

Hi, i have a couple of questions about ElServerSSLSocket.
1) Should i call ElServerSSLSocket.Socket.Shutdown() method, before calling ElServerSSLSocket.Close(true), or calling only the second method is enough?
2) If i am using BeginXXX/EndXXX async methods - are they processed using IO Completion Ports threads? I know that .net Sockets internally using IOCP threads ,while using them in async manner
p.s. I have tried to reproduce my problem, i have googled for many hours, but, i still cant offer you something in order to reproduce my issue. But google told me, that this kind of exception (in a socket-based apps) can raise due to improper socket usage, also different versions of system windows dlls can have different behaviour and much more..
#8367
Posted: 12/04/2008 03:52:27
by Ken Ivanov (EldoS Corp.)

Quote
1) Should i call ElServerSSLSocket.Socket.Shutdown() method, before calling ElServerSSLSocket.Close(true), or calling only the second method is enough?

Silent closure does not invoke Shutdown() internally, so you have to call it yourself in this case. You can use ElServerSSLSocket.Shutdown() method as well.

Quote
2) If i am using BeginXXX/EndXXX async methods - are they processed using IO Completion Ports threads? I know that .net Sockets internally using IOCP threads ,while using them in async manner

ElSSLSocket, when used in asynchronous mode, uses asynchronous methods of .NET Socket class internally, so IOCP threads are also used in this case.
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.

Reply

Statistics

Topic viewed 2162 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!