dstepanov-yadro/frostfs-api-go
1
0
Fork 0
forked from TrueCloudLab/frostfs-api-go
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #31 from nspcc-dev/optimize-sign-verify-request-headers

Browse source 
service: Use sync pool for Sign/Verify request headers
This commit is contained in:
Evgeniy Kulikov 2019-12-21 12:12:11 +03:00 committed by GitHub
commit c671e9b568
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 84 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
go.mod
View file

@ -18,3 +18,6 @@ require (
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550
google.golang.org/grpc v1.24.0 google.golang.org/grpc v1.24.0
) )
// Used for debug reasons
// replace github.com/nspcc-dev/neofs-crypto => ../neofs-crypto

35
service/verify.go
View file

@ -2,6 +2,7 @@ package service
import ( import (
"crypto/ecdsa" "crypto/ecdsa"
"sync"
crypto "github.com/nspcc-dev/neofs-crypto" crypto "github.com/nspcc-dev/neofs-crypto"
"github.com/nspcc-dev/neofs-proto/internal" "github.com/nspcc-dev/neofs-proto/internal"
@ -12,7 +13,8 @@ import (
type ( type (
// VerifiableRequest adds possibility to sign and verify request header. // VerifiableRequest adds possibility to sign and verify request header.
VerifiableRequest interface { VerifiableRequest interface {
Marshal() ([]byte, error) Size() int
MarshalTo([]byte) (int, error)
AddSignature(*RequestVerificationHeader_Signature) AddSignature(*RequestVerificationHeader_Signature)
GetSignatures() []*RequestVerificationHeader_Signature GetSignatures() []*RequestVerificationHeader_Signature
SetSignatures([]*RequestVerificationHeader_Signature) SetSignatures([]*RequestVerificationHeader_Signature)
@ -133,6 +135,10 @@ func newSignature(key *ecdsa.PrivateKey, data []byte) (*RequestVerificationHeade
}, nil }, nil
} }
var bytesPool = sync.Pool{New: func() interface{} {
return make([]byte, 4.5*1024*1024) // 4.5MB
}}
// SignRequestHeader receives private key and request with RequestVerificationHeader, // SignRequestHeader receives private key and request with RequestVerificationHeader,
// tries to marshal and sign request with passed PrivateKey, after that adds // tries to marshal and sign request with passed PrivateKey, after that adds
// new signature to headers. If something went wrong, returns error. // new signature to headers. If something went wrong, returns error.
@ -146,12 +152,23 @@ func SignRequestHeader(key *ecdsa.PrivateKey, msg VerifiableRequest) error {
}() }()
} }
data, err := msg.Marshal() data := bytesPool.Get().([]byte)
defer func() {
bytesPool.Put(data)
}()
if size := msg.Size(); size <= cap(data) {
data = data[:size]
} else {
data = make([]byte, size)
}
size, err := msg.MarshalTo(data)
if err != nil { if err != nil {
return err return err
} }
signature, err := newSignature(key, data) signature, err := newSignature(key, data[:size])
if err != nil { if err != nil {
return err return err
} }
@ -174,8 +191,10 @@ func VerifyRequestHeader(msg VerifiableRequest) error {
}() }()
} }
data := bytesPool.Get().([]byte)
signatures := msg.GetSignatures() signatures := msg.GetSignatures()
defer func() { defer func() {
bytesPool.Put(data)
msg.SetSignatures(signatures) msg.SetSignatures(signatures)
}() }()
@ -189,9 +208,15 @@ func VerifyRequestHeader(msg VerifiableRequest) error {
return errors.Wrapf(ErrCannotLoadPublicKey, "%d: %02x", i, peer) return errors.Wrapf(ErrCannotLoadPublicKey, "%d: %02x", i, peer)
} }
if data, err := msg.Marshal(); err != nil { if size := msg.Size(); size <= cap(data) {
data = data[:size]
} else {
data = make([]byte, size)
}
if size, err := msg.MarshalTo(data); err != nil {
return errors.Wrapf(err, "%d: %02x", i, peer) return errors.Wrapf(err, "%d: %02x", i, peer)
} else if err := crypto.Verify(key, data, sign); err != nil { } else if err := crypto.Verify(key, data[:size], sign); err != nil {
return errors.Wrapf(err, "%d: %02x", i, peer) return errors.Wrapf(err, "%d: %02x", i, peer)
} }
} }

51
service/verify_test.go
View file

@ -14,6 +14,57 @@ import (
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
) )
func BenchmarkSignRequestHeader(b *testing.B) {
key := test.DecodeKey(0)
custom := testCustomField{1, 2, 3, 4, 5, 6, 7, 8}
some := &TestRequest{
IntField: math.MaxInt32,
StringField: "TestRequestStringField",
BytesField: make([]byte, 1<<22),
CustomField: &custom,
RequestMetaHeader: RequestMetaHeader{
TTL: math.MaxInt32 - 8,
Epoch: math.MaxInt64 - 12,
},
}
b.ResetTimer()
b.ReportAllocs()
for i := 0; i < b.N; i++ {
require.NoError(b, SignRequestHeader(key, some))
}
}
func BenchmarkVerifyRequestHeader(b *testing.B) {
custom := testCustomField{1, 2, 3, 4, 5, 6, 7, 8}
some := &TestRequest{
IntField: math.MaxInt32,
StringField: "TestRequestStringField",
BytesField: make([]byte, 1<<22),
CustomField: &custom,
RequestMetaHeader: RequestMetaHeader{
TTL: math.MaxInt32 - 8,
Epoch: math.MaxInt64 - 12,
},
}
for i := 0; i < 10; i++ {
key := test.DecodeKey(i)
require.NoError(b, SignRequestHeader(key, some))
}
b.ResetTimer()
b.ReportAllocs()
for i := 0; i < b.N; i++ {
require.NoError(b, VerifyRequestHeader(some))
}
}
func TestSignRequestHeader(t *testing.T) { func TestSignRequestHeader(t *testing.T) {
req := &TestRequest{ req := &TestRequest{
IntField: math.MaxInt32, IntField: math.MaxInt32,