-
Notifications
You must be signed in to change notification settings - Fork 15
Initial work to support RSA signing #7
base: master
Are you sure you want to change the base?
Conversation
Closes #6 |
We benchmarked this technique vs using Node 12 worker threads. We got better CPU and memory performance with crypto-async. |
Thank you @ChadKillingsworth this is great work. I like how you have stuck to the conventions and nailed almost everything across the code base. Are you comfortable adding to the fuzz test and benchmark? |
Also, it would be great to change the design slightly, so as to make the See how the |
I'd be happy to make these changes. The fuzzing / tests are a bit overwhelming. At a high level I understand what they are doing, but it's not very clear what I need to add for signing. As for making a common sign/verify method - that sounds like a grand idea. Any suggestions as to what it should be called? |
@jorangreef this might be slightly offtopic but, does anything in this PR jump out at you as "memory leak worthy"? |
- Add key method to pre-generate the RSA key - Rename method to "signature" to account for both signing and verification
I settled on the name With a 2048 bit key, creating the signatures, 50,000 iterations:
Making a separate key function was definitely worth it. The only part that's a little odd is that verifying a signature returns a boolean where as creating one returns a buffer. |
I've now tested this successfully with both RSA and ECDSA keys (public and private). |
@jorangreef What needs to be done to finish up this PR? |
Thanks for all the work on this @ChadKillingsworth. I am happy to take it from here to make a few small changes and update the test and benchmark. I hope to get to this in a few days. |
The test needs to verify that all possible exceptions are thrown for invalid arguments, to test the interface in the negative. And the test also needs to verify that outputs are correct for a few thousand randomly generated inputs, to test the interface in the positive. You can see how the tests for cipher, hash etc. work. But don't worry, I will do this. Just thought you might appreciate the explanation. |
Thanks - I hate leaving others with work but I'm having a hard time wrapping my head around what needs to be done with those tests. We've been running this code in production for a couple of weeks now and there are no memory leaks. |
@jorangreef Are you able to help get this merged? :) |
Thanks @brandonros, yes and I would like to. I will be able to get to this in 2 or 3 months. I am sorry for the delay. |
I didn't really like any of the existing options to offload JWT signing from the main thread. Utilizing https://gist.github.com/irbull/08339ddcd5686f509e9826964b17bb59 as a guide, this is a very basic start to add signing.
I was able to test that the signatures are equal with:
Fair warning: it's been a LONG time since I've written C code. I'm willing to do the work needed to get this in a fully mergeable state, but I'm also perfectly happy if someone else wants to help contribute as well.