crypto: reconcile oneshot sign/verify sync and async implementations

PR-URL: #37816 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
nodejs · Apr 8, 2021 · e8cb644 · e8cb644
1 parent d861324
commit e8cb644
Show file tree

Hide file tree

Showing 9 changed files with 270 additions and 255 deletions.
diff --git a/benchmark/crypto/oneshot-sign-verify.js b/benchmark/crypto/oneshot-sign-verify.js
@@ -0,0 +1,141 @@
+'use strict';
+
+const common = require('../common.js');
+const crypto = require('crypto');
+const fs = require('fs');
+const path = require('path');
+const fixtures_keydir = path.resolve(__dirname, '../../test/fixtures/keys/');
+const keyFixtures = {
+  publicKey: fs.readFileSync(`${fixtures_keydir}/ec_p256_public.pem`)
+    .toString(),
+  privateKey: fs.readFileSync(`${fixtures_keydir}/ec_p256_private.pem`)
+    .toString()
+};
+
+const data = crypto.randomBytes(256);
+
+let pems;
+let keyObjects;
+
+function getKeyObject({ privateKey, publicKey }) {
+  return {
+    privateKey: crypto.createPrivateKey(privateKey),
+    publicKey: crypto.createPublicKey(publicKey)
+  };
+}
+
+const bench = common.createBenchmark(main, {
+  mode: ['sync', 'async-serial', 'async-parallel'],
+  keyFormat: ['pem', 'keyObject', 'pem.unique', 'keyObject.unique'],
+  n: [1e3],
+});
+
+function measureSync(n, privateKey, publicKey, keys) {
+  bench.start();
+  for (let i = 0; i < n; ++i) {
+    crypto.verify(
+      'sha256',
+      data,
+      { key: publicKey || keys[i].publicKey, dsaEncoding: 'ieee-p1363' },
+      crypto.sign(
+        'sha256',
+        data,
+        { key: privateKey || keys[i].privateKey, dsaEncoding: 'ieee-p1363' }));
+  }
+  bench.end(n);
+}
+
+function measureAsyncSerial(n, privateKey, publicKey, keys) {
+  let remaining = n;
+  function done() {
+    if (--remaining === 0)
+      bench.end(n);
+    else
+      one();
+  }
+
+  function one() {
+    crypto.sign(
+      'sha256',
+      data,
+      {
+        key: privateKey || keys[n - remaining].privateKey,
+        dsaEncoding: 'ieee-p1363'
+      },
+      (err, signature) => {
+        crypto.verify(
+          'sha256',
+          data,
+          {
+            key: publicKey || keys[n - remaining].publicKey,
+            dsaEncoding: 'ieee-p1363'
+          },
+          signature,
+          done);
+      });
+  }
+  bench.start();
+  one();
+}
+
+function measureAsyncParallel(n, privateKey, publicKey, keys) {
+  let remaining = n;
+  function done() {
+    if (--remaining === 0)
+      bench.end(n);
+  }
+  bench.start();
+  for (let i = 0; i < n; ++i) {
+    crypto.sign(
+      'sha256',
+      data,
+      { key: privateKey || keys[i].privateKey, dsaEncoding: 'ieee-p1363' },
+      (err, signature) => {
+        crypto.verify(
+          'sha256',
+          data,
+          { key: publicKey || keys[i].publicKey, dsaEncoding: 'ieee-p1363' },
+          signature,
+          done);
+      });
+  }
+}
+
+function main({ n, mode, keyFormat }) {
+  pems ||= [...Buffer.alloc(n)].map(() => ({
+    privateKey: keyFixtures.privateKey,
+    publicKey: keyFixtures.publicKey
+  }));
+  keyObjects ||= pems.map(getKeyObject);
+
+  let privateKey, publicKey, keys;
+
+  switch (keyFormat) {
+    case 'keyObject':
+      ({ publicKey, privateKey } = keyObjects[0]);
+      break;
+    case 'pem':
+      ({ publicKey, privateKey } = pems[0]);
+      break;
+    case 'pem.unique':
+      keys = pems;
+      break;
+    case 'keyObject.unique':
+      keys = keyObjects;
+      break;
+    default:
+      throw new Error('not implemented');
+  }
+
+  switch (mode) {
+    case 'sync':
+      measureSync(n, privateKey, publicKey, keys);
+      break;
+    case 'async-serial':
+      measureAsyncSerial(n, privateKey, publicKey, keys);
+      break;
+    case 'async-parallel':
+      measureAsyncParallel(n, privateKey, publicKey, keys);
+      break;
+  }
+}
diff --git a/lib/internal/crypto/dsa.js b/lib/internal/crypto/dsa.js
@@ -251,12 +251,15 @@ function dsaSignVerify(key, data, algorithm, signature) {
     kCryptoJobAsync,
     signature === undefined ? kSignJobModeSign : kSignJobModeVerify,
     key[kKeyObject][kHandle],
+    undefined,
+    undefined,
+    undefined,
     data,
     normalizeHashName(key.algorithm.hash.name),
     undefined,  // Salt-length is not used in DSA
     undefined,  // Padding is not used in DSA
-    signature,
-    kSigEncDER));
+    kSigEncDER,
+    signature));
 }
 
 module.exports = {

diff --git a/lib/internal/crypto/ec.js b/lib/internal/crypto/ec.js
@@ -467,12 +467,15 @@ function ecdsaSignVerify(key, data, { name, hash }, signature) {
     kCryptoJobAsync,
     mode,
     key[kKeyObject][kHandle],
+    undefined,
+    undefined,
+    undefined,
     data,
     hashname,
     undefined,  // Salt length, not used with ECDSA
     undefined,  // PSS Padding, not used with ECDSA
-    signature,
-    kSigEncP1363));
+    kSigEncP1363,
+    signature));
 }
 
 module.exports = {

diff --git a/lib/internal/crypto/rsa.js b/lib/internal/crypto/rsa.js
@@ -356,10 +356,14 @@ function rsaSignVerify(key, data, { saltLength }, signature) {
     kCryptoJobAsync,
     signature === undefined ? kSignJobModeSign : kSignJobModeVerify,
     key[kKeyObject][kHandle],
+    undefined,
+    undefined,
+    undefined,
     data,
     normalizeHashName(key.algorithm.hash.name),
     saltLength,
     padding,
+    undefined,
     signature));
 }
 

diff --git a/lib/internal/crypto/sig.js b/lib/internal/crypto/sig.js
@@ -24,9 +24,8 @@ const {
   Sign: _Sign,
   SignJob,
   Verify: _Verify,
-  signOneShot: _signOneShot,
-  verifyOneShot: _verifyOneShot,
   kCryptoJobAsync,
+  kCryptoJobSync,
   kSigEncDER,
   kSigEncP1363,
   kSignJobModeSign,
@@ -40,10 +39,6 @@ const {
 } = require('internal/crypto/util');
 
 const {
-  createPrivateKey,
-  createPublicKey,
-  isCryptoKey,
-  isKeyObject,
   preparePrivateKey,
   preparePublicOrPrivateKey,
 } = require('internal/crypto/keys');
@@ -162,38 +157,34 @@ function signOneShot(algorithm, data, key, callback) {
   // Options specific to (EC)DSA
   const dsaSigEnc = getDSASignatureEncoding(key);
 
-  if (!callback) {
-    const {
-      data: keyData,
-      format: keyFormat,
-      type: keyType,
-      passphrase: keyPassphrase
-    } = preparePrivateKey(key);
-
-    return _signOneShot(keyData, keyFormat, keyType, keyPassphrase, data,
-                        algorithm, rsaPadding, pssSaltLength, dsaSigEnc);
-  }
-
-  let keyData;
-  if (isKeyObject(key) || isCryptoKey(key)) {
-    ({ data: keyData } = preparePrivateKey(key));
-  } else if (isKeyObject(key.key) || isCryptoKey(key.key)) {
-    ({ data: keyData } = preparePrivateKey(key.key));
-  } else {
-    keyData = createPrivateKey(key)[kHandle];
-  }
+  const {
+    data: keyData,
+    format: keyFormat,
+    type: keyType,
+    passphrase: keyPassphrase
+  } = preparePrivateKey(key);
 
   const job = new SignJob(
-    kCryptoJobAsync,
+    callback ? kCryptoJobAsync : kCryptoJobSync,
     kSignJobModeSign,
     keyData,
+    keyFormat,
+    keyType,
+    keyPassphrase,
     data,
     algorithm,
     pssSaltLength,
     rsaPadding,
-    undefined,
     dsaSigEnc);
 
+  if (!callback) {
+    const { 0: err, 1: signature } = job.run();
+    if (err !== undefined)
+      throw err;
+
+    return Buffer.from(signature);
+  }
+
   job.ondone = (error, signature) => {
     if (error) return FunctionPrototypeCall(callback, job, error);
     FunctionPrototypeCall(callback, job, null, Buffer.from(signature));
@@ -272,38 +263,34 @@ function verifyOneShot(algorithm, data, key, signature, callback) {
     );
   }
 
-  if (!callback) {
-    const {
-      data: keyData,
-      format: keyFormat,
-      type: keyType,
-      passphrase: keyPassphrase
-    } = preparePublicOrPrivateKey(key);
-
-    return _verifyOneShot(keyData, keyFormat, keyType, keyPassphrase,
-                          signature, data, algorithm, rsaPadding,
-                          pssSaltLength, dsaSigEnc);
-  }
-
-  let keyData;
-  if (isKeyObject(key) || isCryptoKey(key)) {
-    ({ data: keyData } = preparePublicOrPrivateKey(key));
-  } else if (key != null && (isKeyObject(key.key) || isCryptoKey(key.key))) {
-    ({ data: keyData } = preparePublicOrPrivateKey(key.key));
-  } else {
-    keyData = createPublicKey(key)[kHandle];
-  }
+  const {
+    data: keyData,
+    format: keyFormat,
+    type: keyType,
+    passphrase: keyPassphrase
+  } = preparePublicOrPrivateKey(key);
 
   const job = new SignJob(
-    kCryptoJobAsync,
+    callback ? kCryptoJobAsync : kCryptoJobSync,
     kSignJobModeVerify,
     keyData,
+    keyFormat,
+    keyType,
+    keyPassphrase,
     data,
     algorithm,
     pssSaltLength,
     rsaPadding,
-    signature,
-    dsaSigEnc);
+    dsaSigEnc,
+    signature);
+
+  if (!callback) {
+    const { 0: err, 1: result } = job.run();
+    if (err !== undefined)
+      throw err;
+
+    return result;
+  }
 
   job.ondone = (error, result) => {
     if (error) return FunctionPrototypeCall(callback, job, error);