crypto: reconcile oneshot sign/verify sync and async implementations

PR-URL: #37816 Reviewed-By: Daniel Bevenius <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Matteo Collina <[email protected]>

Author: panva

benchmark/crypto/oneshot-sign-verify.js

@@ -0,0 +1,141 @@
+'use strict';
+
+constcommon=require('../common.js');
+constcrypto=require('crypto');
+constfs=require('fs');
+constpath=require('path');
+constfixtures_keydir=path.resolve(__dirname,'../../test/fixtures/keys/');
+constkeyFixtures={
+publicKey: fs.readFileSync(`${fixtures_keydir}/ec_p256_public.pem`)
+.toString(),
+privateKey: fs.readFileSync(`${fixtures_keydir}/ec_p256_private.pem`)
+.toString()
+};
+
+constdata=crypto.randomBytes(256);
+
+letpems;
+letkeyObjects;
+
+functiongetKeyObject({ privateKey, publicKey }){
+return{
+privateKey: crypto.createPrivateKey(privateKey),
+publicKey: crypto.createPublicKey(publicKey)
+};
+}
+
+constbench=common.createBenchmark(main,{
+mode: ['sync','async-serial','async-parallel'],
+keyFormat: ['pem','keyObject','pem.unique','keyObject.unique'],
+n: [1e3],
+});
+
+functionmeasureSync(n,privateKey,publicKey,keys){
+bench.start();
+for(leti=0;i<n;++i){
+crypto.verify(
+'sha256',
+data,
+{key: publicKey||keys[i].publicKey,dsaEncoding: 'ieee-p1363'},
+crypto.sign(
+'sha256',
+data,
+{key: privateKey||keys[i].privateKey,dsaEncoding: 'ieee-p1363'}));
+}
+bench.end(n);
+}
+
+functionmeasureAsyncSerial(n,privateKey,publicKey,keys){
+letremaining=n;
+functiondone(){
+if(--remaining===0)
+bench.end(n);
+else
+one();
+}
+
+functionone(){
+crypto.sign(
+'sha256',
+data,
+{
+key: privateKey||keys[n-remaining].privateKey,
+dsaEncoding: 'ieee-p1363'
+},
+(err,signature)=>{
+crypto.verify(
+'sha256',
+data,
+{
+key: publicKey||keys[n-remaining].publicKey,
+dsaEncoding: 'ieee-p1363'
+},
+signature,
+done);
+});
+}
+bench.start();
+one();
+}
+
+functionmeasureAsyncParallel(n,privateKey,publicKey,keys){
+letremaining=n;
+functiondone(){
+if(--remaining===0)
+bench.end(n);
+}
+bench.start();
+for(leti=0;i<n;++i){
+crypto.sign(
+'sha256',
+data,
+{key: privateKey||keys[i].privateKey,dsaEncoding: 'ieee-p1363'},
+(err,signature)=>{
+crypto.verify(
+'sha256',
+data,
+{key: publicKey||keys[i].publicKey,dsaEncoding: 'ieee-p1363'},
+signature,
+done);
+});
+}
+}
+
+functionmain({ n, mode, keyFormat }){
+pems||=[...Buffer.alloc(n)].map(()=>({
+privateKey: keyFixtures.privateKey,
+publicKey: keyFixtures.publicKey
+}));
+keyObjects||=pems.map(getKeyObject);
+
+letprivateKey,publicKey,keys;
+
+switch(keyFormat){
+case'keyObject':
+({ publicKey, privateKey }=keyObjects[0]);
+break;
+case'pem':
+({ publicKey, privateKey }=pems[0]);
+break;
+case'pem.unique':
+keys=pems;
+break;
+case'keyObject.unique':
+keys=keyObjects;
+break;
+default:
+thrownewError('not implemented');
+}
+
+switch(mode){
+case'sync':
+measureSync(n,privateKey,publicKey,keys);
+break;
+case'async-serial':
+measureAsyncSerial(n,privateKey,publicKey,keys);
+break;
+case'async-parallel':
+measureAsyncParallel(n,privateKey,publicKey,keys);
+break;
+}
+}

lib/internal/crypto/dsa.js

@@ -251,12 +251,15 @@ function dsaSignVerify(key, data, algorithm, signature){
 kCryptoJobAsync,
 signature===undefined ? kSignJobModeSign : kSignJobModeVerify,
 key[kKeyObject][kHandle],
+undefined,
+undefined,
+undefined,
 data,
 normalizeHashName(key.algorithm.hash.name),
 undefined,// Salt-length is not used in DSA
 undefined,// Padding is not used in DSA
-signature,
-kSigEncDER));
+kSigEncDER,
+signature));
 }
 
 module.exports={

lib/internal/crypto/ec.js

@@ -467,12 +467,15 @@ function ecdsaSignVerify(key, data,{name, hash }, signature){
 kCryptoJobAsync,
 mode,
 key[kKeyObject][kHandle],
+undefined,
+undefined,
+undefined,
 data,
 hashname,
 undefined,// Salt length, not used with ECDSA
 undefined,// PSS Padding, not used with ECDSA
-signature,
-kSigEncP1363));
+kSigEncP1363,
+signature));
 }
 
 module.exports={

lib/internal/crypto/rsa.js

@@ -356,10 +356,14 @@ function rsaSignVerify(key, data,{saltLength }, signature){
 kCryptoJobAsync,
 signature===undefined ? kSignJobModeSign : kSignJobModeVerify,
 key[kKeyObject][kHandle],
+undefined,
+undefined,
+undefined,
 data,
 normalizeHashName(key.algorithm.hash.name),
 saltLength,
 padding,
+undefined,
 signature));
 }
 

lib/internal/crypto/sig.js

@@ -24,9 +24,8 @@ const{
 Sign: _Sign,
  SignJob,
 Verify: _Verify,
-signOneShot: _signOneShot,
-verifyOneShot: _verifyOneShot,
  kCryptoJobAsync,
+ kCryptoJobSync,
  kSigEncDER,
  kSigEncP1363,
  kSignJobModeSign,
@@ -40,10 +39,6 @@ const{
 }=require('internal/crypto/util');
 
 const{
- createPrivateKey,
- createPublicKey,
- isCryptoKey,
- isKeyObject,
  preparePrivateKey,
  preparePublicOrPrivateKey,
 }=require('internal/crypto/keys');
@@ -162,38 +157,34 @@ function signOneShot(algorithm, data, key, callback){
 // Options specific to (EC)DSA
 constdsaSigEnc=getDSASignatureEncoding(key);
 
-if(!callback){
-const{
-data: keyData,
-format: keyFormat,
-type: keyType,
-passphrase: keyPassphrase
-}=preparePrivateKey(key);
-
-return_signOneShot(keyData,keyFormat,keyType,keyPassphrase,data,
-algorithm,rsaPadding,pssSaltLength,dsaSigEnc);
-}
-
-letkeyData;
-if(isKeyObject(key)||isCryptoKey(key)){
-({data: keyData}=preparePrivateKey(key));
-}elseif(isKeyObject(key.key)||isCryptoKey(key.key)){
-({data: keyData}=preparePrivateKey(key.key));
-}else{
-keyData=createPrivateKey(key)[kHandle];
-}
+const{
+data: keyData,
+format: keyFormat,
+type: keyType,
+passphrase: keyPassphrase
+}=preparePrivateKey(key);
 
 constjob=newSignJob(
-kCryptoJobAsync,
+callback ? kCryptoJobAsync : kCryptoJobSync,
 kSignJobModeSign,
 keyData,
+keyFormat,
+keyType,
+keyPassphrase,
 data,
 algorithm,
 pssSaltLength,
 rsaPadding,
-undefined,
 dsaSigEnc);
 
+if(!callback){
+const{0: err,1: signature}=job.run();
+if(err!==undefined)
+throwerr;
+
+returnBuffer.from(signature);
+}
+
 job.ondone=(error,signature)=>{
 if(error)returnFunctionPrototypeCall(callback,job,error);
 FunctionPrototypeCall(callback,job,null,Buffer.from(signature));
@@ -272,38 +263,34 @@ function verifyOneShot(algorithm, data, key, signature, callback){
 );
 }
 
-if(!callback){
-const{
-data: keyData,
-format: keyFormat,
-type: keyType,
-passphrase: keyPassphrase
-}=preparePublicOrPrivateKey(key);
-
-return_verifyOneShot(keyData,keyFormat,keyType,keyPassphrase,
-signature,data,algorithm,rsaPadding,
-pssSaltLength,dsaSigEnc);
-}
-
-letkeyData;
-if(isKeyObject(key)||isCryptoKey(key)){
-({data: keyData}=preparePublicOrPrivateKey(key));
-}elseif(key!=null&&(isKeyObject(key.key)||isCryptoKey(key.key))){
-({data: keyData}=preparePublicOrPrivateKey(key.key));
-}else{
-keyData=createPublicKey(key)[kHandle];
-}
+const{
+data: keyData,
+format: keyFormat,
+type: keyType,
+passphrase: keyPassphrase
+}=preparePublicOrPrivateKey(key);
 
 constjob=newSignJob(
-kCryptoJobAsync,
+callback ? kCryptoJobAsync : kCryptoJobSync,
 kSignJobModeVerify,
 keyData,
+keyFormat,
+keyType,
+keyPassphrase,
 data,
 algorithm,
 pssSaltLength,
 rsaPadding,
-signature,
-dsaSigEnc);
+dsaSigEnc,
+signature);
+
+if(!callback){
+const{0: err,1: result}=job.run();
+if(err!==undefined)
+throwerr;
+
+returnresult;
+}
 
 job.ondone=(error,result)=>{
 if(error)returnFunctionPrototypeCall(callback,job,error);