記得之前,部門某款游戲陸陸續續收到一些玩家反饋,抱怨在登錄游戲時會等待很久。初步排查后基本斷定可能是此游戲的登錄服務器程序某塊代碼有問題,於是即安排了服務器同事作排查分析但一直無果。
之后我時間有了空余,開始協助排查調試。簡單了解了此登錄服務器的邏輯處理流程后(接收到經過加密的 HTTP 登陸請求-->解密數據包-->去數據庫查詢對應的玩家信息並作驗證),一開始我簡單認為瓶頸估計出現在“去數據庫查詢對應的玩家信息”這步,畢竟磁盤 IO 明顯比較耗時,於是未作更多考慮,將每次登陸驗證都去數據庫查詢的操作改為維護一個哈希表存儲玩家信息,並在程序啟動時載入近幾日登陸過游戲的玩家信息至此哈希表中,且當從數據庫查詢出尚未緩存的玩家信息后即也存入哈希表以保證最多只有一次而非每次都要作磁盤 IO。本以為經過改進后的登錄服務器已解決了問題,但內部壓測表明,登陸耗時較長問題依舊存在,改進版本的登錄服務器程序幾無效果!
打臉之下,好奇心大起,於是再認真研究了登陸驗證處理流程,之后分別在可能的瓶頸代碼前后加上耗時打印(多么簡單老土的做法:)),很快有了“重大”發現:處理 RSA 解密的代碼,在 64 位四核 CentOS 上每次解密處理耗時約需 50ms 左右!
印象里非對稱加解密比較慢,但如此不正常的慢,似乎有違常理,當時即用 Golang 擼了個一樣的 RSA 解密程序,對比之下,耗時大大減少,於是很明顯,基本可以斷定,此游戲的登錄服務器程序的 RSA 解密模塊有較大的性能問題。
注:此游戲的服務器端程序基於 Pomelo 框架,完全由 Node.js 開發(也正因此,常見的性能分析等工具如 AQTime 等派不上用場)。
啰嗦了這么多,其實只想說兩點:
- 可能吧,Node.js 雖然三方庫大把,但不少庫的質量恐怕...當然,網上似乎早已有類似告誡
- CPU 密集型操作,靜態語言可能更適合(雖然譬如 Node.js,網絡性能方面粗測很不錯)
所以最近,趁着對 Lua 還有點印象,在參考研究了一些網上資源后,搞了套簡單的在 Lua 中通過 ffi 方式調用由 C 實現的 RSA 加解密例程的方案,如下(編譯后的 so 文件及源代碼等壓縮包可從這里下載)。
純 C 實現的 RSA 加解密程序(通過 OpenSSL 調用):
/******************************************************************************************* * * Copyright (C) Ravishanker Kusuma / ecofast. All Rights Reserved. * * File: rsautils.c * Date: 2017/12/01 * Desc: RSA Encryption & Decryption utils with OpenSSL in C * * Thks: http://hayageek.com/rsa-encryption-decryption-openssl-c/ * * Compilation Command: gcc rsautils.c -fPIC -shared -lssl -lcrypto -o librsa.so *******************************************************************************************/ #include <openssl/pem.h> #include <openssl/ssl.h> #include <openssl/rsa.h> #include <openssl/evp.h> #include <openssl/bio.h> const int padding = RSA_PKCS1_OAEP_PADDING; int public_encrypt(unsigned char* data, int data_len, unsigned char* key, unsigned char* encrypted) { int ret = -1; BIO* keybio = BIO_new_mem_buf(key, -1); if (keybio != NULL) { RSA* rsa = NULL; rsa = PEM_read_bio_RSA_PUBKEY(keybio, &rsa, NULL, NULL); if (rsa != NULL) { ret = RSA_public_encrypt(data_len, data, encrypted, rsa, padding); RSA_free(rsa); } BIO_free_all(keybio); } return ret; } int private_decrypt(unsigned char* enc_data, int data_len, unsigned char* key, unsigned char* decrypted) { int ret = -1; BIO* keybio = BIO_new_mem_buf(key, -1); if (keybio != NULL) { RSA* rsa = NULL; rsa = PEM_read_bio_RSAPrivateKey(keybio, &rsa, NULL, NULL); if (rsa != NULL) { ret = RSA_private_decrypt(data_len, enc_data, decrypted, rsa, padding); RSA_free(rsa); } BIO_free_all(keybio); } return ret; }
而 HTTP 傳輸,base64 編碼自然少不了(源自 這里):
local function divide_string( str, max, fillChar ) fillChar = fillChar or "" local result = {} local start = 1 for i = 1, #str do if i % max == 0 then table.insert( result, str:sub( start, i ) ) start = i + 1 elseif i == #str then table.insert( result, str:sub( start, i ) ) end end return result end local function number_to_bit( num, length ) local bits = {} while num > 0 do local rest = math.floor( math.fmod( num, 2 ) ) table.insert( bits, rest ) num = ( num - rest ) / 2 end while #bits < length do table.insert( bits, "0" ) end return string.reverse( table.concat( bits ) ) end local function ignore_set( str, set ) if set then str = str:gsub( "["..set.."]", "" ) end return str end local function pure_from_bit( str ) return ( str:gsub( '........', function ( cc ) return string.char( tonumber( cc, 2 ) ) end ) ) end local function unexpected_char_error( str, pos ) local c = string.sub( str, pos, pos ) return string.format( "unexpected character at position %d: '%s'", pos, c ) end -------------------------------------------------------------------------------- local basexx = {} -------------------------------------------------------------------------------- -- base2(bitfield) decode and encode function -------------------------------------------------------------------------------- local bitMap = { o = "0", i = "1", l = "1" } function basexx.from_bit( str, ignore ) str = ignore_set( str, ignore ) str = string.lower( str ) str = str:gsub( '[ilo]', function( c ) return bitMap[ c ] end ) local pos = string.find( str, "[^01]" ) if pos then return nil, unexpected_char_error( str, pos ) end return pure_from_bit( str ) end function basexx.to_bit( str ) return ( str:gsub( '.', function ( c ) local byte = string.byte( c ) local bits = {} for i = 1,8 do table.insert( bits, byte % 2 ) byte = math.floor( byte / 2 ) end return table.concat( bits ):reverse() end ) ) end -------------------------------------------------------------------------------- -- base16(hex) decode and encode function -------------------------------------------------------------------------------- function basexx.from_hex( str, ignore ) str = ignore_set( str, ignore ) local pos = string.find( str, "[^%x]" ) if pos then return nil, unexpected_char_error( str, pos ) end return ( str:gsub( '..', function ( cc ) return string.char( tonumber( cc, 16 ) ) end ) ) end function basexx.to_hex( str ) return ( str:gsub( '.', function ( c ) return string.format('%02X', string.byte( c ) ) end ) ) end -------------------------------------------------------------------------------- -- generic function to decode and encode base32/base64 -------------------------------------------------------------------------------- local function from_basexx( str, alphabet, bits ) local result = {} for i = 1, #str do local c = string.sub( str, i, i ) if c ~= '=' then local index = string.find( alphabet, c, 1, true ) if not index then return nil, unexpected_char_error( str, i ) end table.insert( result, number_to_bit( index - 1, bits ) ) end end local value = table.concat( result ) local pad = #value % 8 return pure_from_bit( string.sub( value, 1, #value - pad ) ) end local function to_basexx( str, alphabet, bits, pad ) local bitString = basexx.to_bit( str ) local chunks = divide_string( bitString, bits ) local result = {} for key,value in ipairs( chunks ) do if ( #value < bits ) then value = value .. string.rep( '0', bits - #value ) end local pos = tonumber( value, 2 ) + 1 table.insert( result, alphabet:sub( pos, pos ) ) end table.insert( result, pad ) return table.concat( result ) end -------------------------------------------------------------------------------- -- rfc 3548: http://www.rfc-editor.org/rfc/rfc3548.txt -------------------------------------------------------------------------------- local base32Alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567" local base32PadMap = { "", "======", "====", "===", "=" } function basexx.from_base32( str, ignore ) str = ignore_set( str, ignore ) return from_basexx( string.upper( str ), base32Alphabet, 5 ) end function basexx.to_base32( str ) return to_basexx( str, base32Alphabet, 5, base32PadMap[ #str % 5 + 1 ] ) end -------------------------------------------------------------------------------- -- crockford: http://www.crockford.com/wrmg/base32.html -------------------------------------------------------------------------------- local crockfordAlphabet = "0123456789ABCDEFGHJKMNPQRSTVWXYZ" local crockfordMap = { O = "0", I = "1", L = "1" } function basexx.from_crockford( str, ignore ) str = ignore_set( str, ignore ) str = string.upper( str ) str = str:gsub( '[ILOU]', function( c ) return crockfordMap[ c ] end ) return from_basexx( str, crockfordAlphabet, 5 ) end function basexx.to_crockford( str ) return to_basexx( str, crockfordAlphabet, 5, "" ) end -------------------------------------------------------------------------------- -- base64 decode and encode function -------------------------------------------------------------------------------- local base64Alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ".. "abcdefghijklmnopqrstuvwxyz".. "0123456789+/" local base64PadMap = { "", "==", "=" } function basexx.from_base64( str, ignore ) str = ignore_set( str, ignore ) return from_basexx( str, base64Alphabet, 6 ) end function basexx.to_base64( str ) return to_basexx( str, base64Alphabet, 6, base64PadMap[ #str % 3 + 1 ] ) end -------------------------------------------------------------------------------- -- URL safe base64 decode and encode function -------------------------------------------------------------------------------- local url64Alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ".. "abcdefghijklmnopqrstuvwxyz".. "0123456789-_" function basexx.from_url64( str, ignore ) str = ignore_set( str, ignore ) return from_basexx( str, url64Alphabet, 6 ) end function basexx.to_url64( str ) return to_basexx( str, url64Alphabet, 6, "" ) end -------------------------------------------------------------------------------- -- -------------------------------------------------------------------------------- local function length_error( len, d ) return string.format( "invalid length: %d - must be a multiple of %d", len, d ) end local z85Decoder = { 0x00, 0x44, 0x00, 0x54, 0x53, 0x52, 0x48, 0x00, 0x4B, 0x4C, 0x46, 0x41, 0x00, 0x3F, 0x3E, 0x45, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x40, 0x00, 0x49, 0x42, 0x4A, 0x47, 0x51, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0x4D, 0x00, 0x4E, 0x43, 0x00, 0x00, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x4F, 0x00, 0x50, 0x00, 0x00 } function basexx.from_z85( str, ignore ) str = ignore_set( str, ignore ) if ( #str % 5 ) ~= 0 then return nil, length_error( #str, 5 ) end local result = {} local value = 0 for i = 1, #str do local index = string.byte( str, i ) - 31 if index < 1 or index >= #z85Decoder then return nil, unexpected_char_error( str, i ) end value = ( value * 85 ) + z85Decoder[ index ] if ( i % 5 ) == 0 then local divisor = 256 * 256 * 256 while divisor ~= 0 do local b = math.floor( value / divisor ) % 256 table.insert( result, string.char( b ) ) divisor = math.floor( divisor / 256 ) end value = 0 end end return table.concat( result ) end local z85Encoder = "0123456789".. "abcdefghijklmnopqrstuvwxyz".. "ABCDEFGHIJKLMNOPQRSTUVWXYZ".. ".-:+=^!/*?&<>()[]{}@%$#" function basexx.to_z85( str ) if ( #str % 4 ) ~= 0 then return nil, length_error( #str, 4 ) end local result = {} local value = 0 for i = 1, #str do local b = string.byte( str, i ) value = ( value * 256 ) + b if ( i % 4 ) == 0 then local divisor = 85 * 85 * 85 * 85 while divisor ~= 0 do local index = ( math.floor( value / divisor ) % 85 ) + 1 table.insert( result, z85Encoder:sub( index, index ) ) divisor = math.floor( divisor / 85 ) end value = 0 end end return table.concat( result ) end return basexx
兼容 LuaJIT 接口的 ffi 實現,源自 這里,我直接編譯得到了 so 文件(見壓縮包里的 ffi.so)。
然后是 rsautils.lua:
local ffi = require('ffi') local rsa = ffi.load('./librsa') local basexx = require('basexx') local _M = {} ffi.cdef[[ int public_encrypt(unsigned char * data,int data_len,unsigned char * key, unsigned char *encrypted); int private_decrypt(unsigned char * enc_data,int data_len,unsigned char * key, unsigned char *decrypted); int private_encrypt(unsigned char * data,int data_len,unsigned char * key, unsigned char *encrypted); int public_decrypt(unsigned char * enc_data,int data_len,unsigned char * key, unsigned char *decrypted); ]] local RSA_PUBLIC_KEY = [[-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3bTBJNQJjY6u7Y5b2eOWws0yW CGuWPm6MGOSVan65wCrJa5p3q3sodQUDVPotjsknjLlje9E1F7Bx94ZuqTwkvAr6 ieLkgbbeqTCzeJ0AryUXiF3auxFSPdpBoD6nxtEeN8bZwfa/IYzdKyKlbhiQbUMN qWgmxiPVwupwAML7RQIDAQAB -----END PUBLIC KEY-----]] local RSA_PRIV_KEY = [[-----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQC3bTBJNQJjY6u7Y5b2eOWws0yWCGuWPm6MGOSVan65wCrJa5p3 q3sodQUDVPotjsknjLlje9E1F7Bx94ZuqTwkvAr6ieLkgbbeqTCzeJ0AryUXiF3a uxFSPdpBoD6nxtEeN8bZwfa/IYzdKyKlbhiQbUMNqWgmxiPVwupwAML7RQIDAQAB AoGAc4NXvUKc1mqWY9Q75cwNGlJQEMwMtPlsNN4YVeBTHjdeuqoBBQwA62GGXqrN QpOBKl79ASGghob8n0j6aAY70PQqHSU4c06c7UlkeEvxJKlyUTO2UgnjjIHb2flR uW8y3xmjpXAfwe50eAVMNhCon7DBc+XMF/paSVwiG8V+GAECQQDvosVLImUkIXGf I2AJ2iSOUF8W1UZ5Ru68E8hJoVkNehk14RUFzTkwhoPHYDseZyEhSunFQbXCotlL Ar5+O+lBAkEAw/PJXvi3S557ihDjYjKnj/2XtIa1GwBJxOliVM4eVjfRX15OXPR2 6shID4ZNWfkWN3fjVm4CnUS41+bzHNctBQJAGCeiF3a6FzA/0bixH40bjjTPwO9y kRrzSYX89F8NKOybyfCMO+95ykhk1B4BF4lxr3drpPSAq8Paf1MhfHvxgQJBAJUB 0WNy5o+OWItJBGAr/Ne2E6KnvRhnQ7GFd8zdYJxXndNTt2tgSv2Gh6WmjzOYApjz heC3jy1gkN89NCn+RrECQBTvoqFHfyAlwOGC9ulcAcQDqj/EgCRVkVe1IsQZenAe rKCWlUaeIKeVkRz/wzb1zy9AVsPC7Zbnf4nrOxJ23mI= -----END RSA PRIVATE KEY-----]] function _M.rsa_encrypt(plainText) local c_str = ffi.new("char[?]", 1024 / 8) ffi.copy(c_str, plainText) local pub = ffi.new("char[?]", #RSA_PUBLIC_KEY) ffi.copy(pub, RSA_PUBLIC_KEY) local cipherText = ffi.new("char[?]", 2048) local cipherLen = rsa.public_encrypt(c_str, #plainText, pub, cipherText) if cipherLen == -1 then return -1, nil end return cipherLen, basexx.to_base64(ffi.string(cipherText, cipherLen)) end function _M.rsa_decrypt(cipherLen, b64cipherText) local c_str = ffi.new("char[?]", cipherLen + 1) ffi.copy(c_str, basexx.from_base64(b64cipherText)) local pri = ffi.new("char[?]", #RSA_PRIV_KEY) ffi.copy(pri, RSA_PRIV_KEY) local plainText = ffi.new("char[?]", 2048) local plainLen = rsa.private_decrypt(c_str, cipherLen, pri, plainText) if plainLen == -1 then return nil end return ffi.string(plainText, plainLen) end return _M
簡單測試:
local rsautils = require('rsautils') local src_str = "my name is ecofast小0胡!!" local cipherLen, cipher = rsautils.rsa_encrypt(src_str) if cipherLen ~= -1 then local plain = rsautils.rsa_decrypt(cipherLen, cipher) print("src text:", plain) print("=========================") local txt2 = rsautils.rsa_decrypt(128, "aeMIl3wyPP/DIJLudq49k1YeK9o6QhrScyjy2JHcJ7CmFOpQAmbwLxOe/rWigSYeWbAMUw2MB1KTIsool9zEuOSaoiZtgjfpDvf5g/MZUjPAmDofKVutG9xJNonVoK6usHKVcR7wozq/tJ8h/CUWyKGHnLgkxvU3ObbhLPm/wwI=") print("src text2:", txt2) end
后記:或許在某個合適的時候,再寫一篇關於(大規模)使用腳本如 Lua、Node.js 等作(游戲)開發的思考,或反思吧。個人而言,非常不傾向較大規模地使用腳本語言作開發。至少,用合適的工具做合適的事——而我們都知道,腳本語言,又名膠水語言。