crypto: reconcile oneshot sign/verify sync and async implementations

Author: panva

benchmark/crypto/oneshot-sign-verify.js

@@ -0,0 +1,132 @@
+'use strict';
+
+const common = require('../common.js');
+const crypto = require('crypto');
+
+const data = crypto.randomBytes(256);
+
+let pems;
+let keyObjects;
+
+function generateKeyPair() {
+  return crypto.generateKeyPairSync('ed25519', {
+    privateKeyEncoding: { format: 'pem', type: 'pkcs8' },
+    publicKeyEncoding: { format: 'pem', type: 'spki' }
+  });
+}
+
+function getKeyObject({ privateKey, publicKey }) {
+  return {
+    privateKey: crypto.createPrivateKey(privateKey),
+    publicKey: crypto.createPublicKey(publicKey)
+  };
+}
+
+const bench = common.createBenchmark(main, {
+  mode: ['sync', 'async-serial', 'async-parallel'],
+  keyFormat: ['pem', 'keyObject', 'pem.unique', 'keyObject.unique'],
+  n: [1e3],
+});
+
+function measureSync(n, privateKey, publicKey, keys) {
+  bench.start();
+  for (let i = 0; i < n; ++i) {
+    crypto.verify(
+      null,
+      data,
+      publicKey || keys[i].publicKey,
+      crypto.sign(
+        null,
+        data,
+        privateKey || keys[i].privateKey));
+  }
+  bench.end(n);
+}
+
+function measureAsyncSerial(n, privateKey, publicKey, keys) {
+  let remaining = n;
+  function done() {
+    if (--remaining === 0)
+      bench.end(n);
+    else
+      one();
+  }
+
+  function one() {
+    crypto.sign(
+      null,
+      data,
+      privateKey || keys[n - remaining].privateKey,
+      (err, signature) => {
+        crypto.verify(
+          null,
+          data,
+          publicKey || keys[n - remaining].publicKey,
+          signature,
+          done);
+      });
+  }
+  bench.start();
+  one();
+}
+
+function measureAsyncParallel(n, privateKey, publicKey, keys) {
+  let remaining = n;
+  function done() {
+    if (--remaining === 0)
+      bench.end(n);
+  }
+  bench.start();
+  for (let i = 0; i < n; ++i) {
+    crypto.sign(
+      null,
+      data,
+      privateKey || keys[i].privateKey,
+      (err, signature) => {
+        crypto.verify(
+          null,
+          data,
+          publicKey || keys[i].publicKey,
+          signature,
+          done);
+      });
+  }
+}
+
+function main({ n, mode, keyFormat }) {
+  pems ||= [...Buffer.alloc(n)].map(generateKeyPair);
+  keyObjects ||= pems.map(getKeyObject);
+
+  let privateKey, publicKey, keys;
+
+  switch (keyFormat) {
+    case 'keyObject':
+      publicKey = keyObjects[0].publicKey;
+      privateKey = keyObjects[0].privateKey;
+      break;
+    case 'pem':
+      publicKey = pems[0].publicKey;
+      privateKey = pems[0].privateKey;
+      break;
+    case 'pem.unique':
+      keys = pems;
+      break;
+    case 'keyObject.unique':
+      keys = keyObjects;
+      break;
+    default:
+      throw new Error('not implemented');
+  }
+
+  switch (mode) {
+    case 'sync':
+      measureSync(n, privateKey, publicKey, keys);
+      break;
+    case 'async-serial':
+      measureAsyncSerial(n, privateKey, publicKey, keys);
+      break;
+    case 'async-parallel':
+      measureAsyncParallel(n, privateKey, publicKey, keys);
+      break;
+  }
+}

lib/internal/crypto/dsa.js

@@ -251,12 +251,15 @@ function dsaSignVerify(key, data, algorithm, signature) {
     kCryptoJobAsync,
     signature === undefined ? kSignJobModeSign : kSignJobModeVerify,
     key[kKeyObject][kHandle],
+    undefined,
+    undefined,
+    undefined,
     data,
     normalizeHashName(key.algorithm.hash.name),
     undefined,  // Salt-length is not used in DSA
     undefined,  // Padding is not used in DSA
-    signature,
-    kSigEncDER));
+    kSigEncDER,
+    signature));
 }
 
 module.exports = {

lib/internal/crypto/ec.js

@@ -467,12 +467,15 @@ function ecdsaSignVerify(key, data, { name, hash }, signature) {
     kCryptoJobAsync,
     mode,
     key[kKeyObject][kHandle],
+    undefined,
+    undefined,
+    undefined,
     data,
     hashname,
     undefined,  // Salt length, not used with ECDSA
     undefined,  // PSS Padding, not used with ECDSA
-    signature,
-    kSigEncP1363));
+    kSigEncP1363,
+    signature));
 }
 
 module.exports = {

lib/internal/crypto/rsa.js

@@ -356,10 +356,14 @@ function rsaSignVerify(key, data, { saltLength }, signature) {
     kCryptoJobAsync,
     signature === undefined ? kSignJobModeSign : kSignJobModeVerify,
     key[kKeyObject][kHandle],
+    undefined,
+    undefined,
+    undefined,
     data,
     normalizeHashName(key.algorithm.hash.name),
     saltLength,
     padding,
+    undefined,
     signature));
 }
 

lib/internal/crypto/sig.js

@@ -24,9 +24,8 @@ const {
   Sign: _Sign,
   SignJob,
   Verify: _Verify,
-  signOneShot: _signOneShot,
-  verifyOneShot: _verifyOneShot,
   kCryptoJobAsync,
+  kCryptoJobSync,
   kSigEncDER,
   kSigEncP1363,
   kSignJobModeSign,
@@ -40,10 +39,6 @@ const {
 } = require('internal/crypto/util');
 
 const {
-  createPrivateKey,
-  createPublicKey,
-  isCryptoKey,
-  isKeyObject,
   preparePrivateKey,
   preparePublicOrPrivateKey,
 } = require('internal/crypto/keys');
@@ -162,38 +157,34 @@ function signOneShot(algorithm, data, key, callback) {
   // Options specific to (EC)DSA
   const dsaSigEnc = getDSASignatureEncoding(key);
 
-  if (!callback) {
-    const {
-      data: keyData,
-      format: keyFormat,
-      type: keyType,
-      passphrase: keyPassphrase
-    } = preparePrivateKey(key);
-
-    return _signOneShot(keyData, keyFormat, keyType, keyPassphrase, data,
-                        algorithm, rsaPadding, pssSaltLength, dsaSigEnc);
-  }
-
-  let keyData;
-  if (isKeyObject(key) || isCryptoKey(key)) {
-    ({ data: keyData } = preparePrivateKey(key));
-  } else if (key != null && (isKeyObject(key.key) || isCryptoKey(key.key))) {
-    ({ data: keyData } = preparePrivateKey(key.key));
-  } else {
-    keyData = createPrivateKey(key)[kHandle];
-  }
+  const {
+    data: keyData,
+    format: keyFormat,
+    type: keyType,
+    passphrase: keyPassphrase
+  } = preparePrivateKey(key);
 
   const job = new SignJob(
-    kCryptoJobAsync,
+    callback ? kCryptoJobAsync : kCryptoJobSync,
     kSignJobModeSign,
     keyData,
+    keyFormat,
+    keyType,
+    keyPassphrase,
     data,
     algorithm,
     pssSaltLength,
     rsaPadding,
-    undefined,
     dsaSigEnc);
 
+  if (!callback) {
+    const { 0: err, 1: signature } = job.run();
+    if (err !== undefined)
+      throw err;
+
+    return Buffer.from(signature);
+  }
+
   job.ondone = (error, signature) => {
     if (error) return FunctionPrototypeCall(callback, job, error);
     FunctionPrototypeCall(callback, job, null, Buffer.from(signature));
@@ -272,38 +263,34 @@ function verifyOneShot(algorithm, data, key, signature, callback) {
     );
   }
 
-  if (!callback) {
-    const {
-      data: keyData,
-      format: keyFormat,
-      type: keyType,
-      passphrase: keyPassphrase
-    } = preparePublicOrPrivateKey(key);
-
-    return _verifyOneShot(keyData, keyFormat, keyType, keyPassphrase,
-                          signature, data, algorithm, rsaPadding,
-                          pssSaltLength, dsaSigEnc);
-  }
-
-  let keyData;
-  if (isKeyObject(key) || isCryptoKey(key)) {
-    ({ data: keyData } = preparePublicOrPrivateKey(key));
-  } else if (key != null && (isKeyObject(key.key) || isCryptoKey(key.key))) {
-    ({ data: keyData } = preparePublicOrPrivateKey(key.key));
-  } else {
-    keyData = createPublicKey(key)[kHandle];
-  }
+  const {
+    data: keyData,
+    format: keyFormat,
+    type: keyType,
+    passphrase: keyPassphrase
+  } = preparePublicOrPrivateKey(key);
 
   const job = new SignJob(
-    kCryptoJobAsync,
+    callback ? kCryptoJobAsync : kCryptoJobSync,
     kSignJobModeVerify,
     keyData,
+    keyFormat,
+    keyType,
+    keyPassphrase,
     data,
     algorithm,
     pssSaltLength,
     rsaPadding,
-    signature,
-    dsaSigEnc);
+    dsaSigEnc,
+    signature);
+
+  if (!callback) {
+    const { 0: err, 1: result } = job.run();
+    if (err !== undefined)
+      throw err;
+
+    return result;
+  }
 
   job.ondone = (error, result) => {
     if (error) return FunctionPrototypeCall(callback, job, error);