Merge pull request #31 from nspcc-dev/optimize-sign-verify-request-headers

service: Use sync pool for Sign/Verify request headers
This commit is contained in:
Evgeniy Kulikov 2019-12-21 12:12:11 +03:00 committed by GitHub
commit c671e9b568
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 84 additions and 5 deletions

3
go.mod
View file

@ -18,3 +18,6 @@ require (
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550
google.golang.org/grpc v1.24.0
)
// Used for debug reasons
// replace github.com/nspcc-dev/neofs-crypto => ../neofs-crypto

View file

@ -2,6 +2,7 @@ package service
import (
"crypto/ecdsa"
"sync"
crypto "github.com/nspcc-dev/neofs-crypto"
"github.com/nspcc-dev/neofs-proto/internal"
@ -12,7 +13,8 @@ import (
type (
// VerifiableRequest adds possibility to sign and verify request header.
VerifiableRequest interface {
Marshal() ([]byte, error)
Size() int
MarshalTo([]byte) (int, error)
AddSignature(*RequestVerificationHeader_Signature)
GetSignatures() []*RequestVerificationHeader_Signature
SetSignatures([]*RequestVerificationHeader_Signature)
@ -133,6 +135,10 @@ func newSignature(key *ecdsa.PrivateKey, data []byte) (*RequestVerificationHeade
}, nil
}
var bytesPool = sync.Pool{New: func() interface{} {
return make([]byte, 4.5*1024*1024) // 4.5MB
}}
// SignRequestHeader receives private key and request with RequestVerificationHeader,
// tries to marshal and sign request with passed PrivateKey, after that adds
// new signature to headers. If something went wrong, returns error.
@ -146,12 +152,23 @@ func SignRequestHeader(key *ecdsa.PrivateKey, msg VerifiableRequest) error {
}()
}
data, err := msg.Marshal()
data := bytesPool.Get().([]byte)
defer func() {
bytesPool.Put(data)
}()
if size := msg.Size(); size <= cap(data) {
data = data[:size]
} else {
data = make([]byte, size)
}
size, err := msg.MarshalTo(data)
if err != nil {
return err
}
signature, err := newSignature(key, data)
signature, err := newSignature(key, data[:size])
if err != nil {
return err
}
@ -174,8 +191,10 @@ func VerifyRequestHeader(msg VerifiableRequest) error {
}()
}
data := bytesPool.Get().([]byte)
signatures := msg.GetSignatures()
defer func() {
bytesPool.Put(data)
msg.SetSignatures(signatures)
}()
@ -189,9 +208,15 @@ func VerifyRequestHeader(msg VerifiableRequest) error {
return errors.Wrapf(ErrCannotLoadPublicKey, "%d: %02x", i, peer)
}
if data, err := msg.Marshal(); err != nil {
if size := msg.Size(); size <= cap(data) {
data = data[:size]
} else {
data = make([]byte, size)
}
if size, err := msg.MarshalTo(data); err != nil {
return errors.Wrapf(err, "%d: %02x", i, peer)
} else if err := crypto.Verify(key, data, sign); err != nil {
} else if err := crypto.Verify(key, data[:size], sign); err != nil {
return errors.Wrapf(err, "%d: %02x", i, peer)
}
}

View file

@ -14,6 +14,57 @@ import (
"github.com/stretchr/testify/require"
)
func BenchmarkSignRequestHeader(b *testing.B) {
key := test.DecodeKey(0)
custom := testCustomField{1, 2, 3, 4, 5, 6, 7, 8}
some := &TestRequest{
IntField: math.MaxInt32,
StringField: "TestRequestStringField",
BytesField: make([]byte, 1<<22),
CustomField: &custom,
RequestMetaHeader: RequestMetaHeader{
TTL: math.MaxInt32 - 8,
Epoch: math.MaxInt64 - 12,
},
}
b.ResetTimer()
b.ReportAllocs()
for i := 0; i < b.N; i++ {
require.NoError(b, SignRequestHeader(key, some))
}
}
func BenchmarkVerifyRequestHeader(b *testing.B) {
custom := testCustomField{1, 2, 3, 4, 5, 6, 7, 8}
some := &TestRequest{
IntField: math.MaxInt32,
StringField: "TestRequestStringField",
BytesField: make([]byte, 1<<22),
CustomField: &custom,
RequestMetaHeader: RequestMetaHeader{
TTL: math.MaxInt32 - 8,
Epoch: math.MaxInt64 - 12,
},
}
for i := 0; i < 10; i++ {
key := test.DecodeKey(i)
require.NoError(b, SignRequestHeader(key, some))
}
b.ResetTimer()
b.ReportAllocs()
for i := 0; i < b.N; i++ {
require.NoError(b, VerifyRequestHeader(some))
}
}
func TestSignRequestHeader(t *testing.T) {
req := &TestRequest{
IntField: math.MaxInt32,