diff options
author | Christian Grothoff <christian@grothoff.org> | 2018-04-25 16:41:22 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2018-04-25 16:41:22 +0200 |
commit | 303334e67262bb6121dfbd245c66535f259d08af (patch) | |
tree | 1a92109915ffe63b7e2815edc6a6355f4065a48c /src/gnsrecord | |
parent | 3c62493eb1aaa74812bbb79431686d99652417f4 (diff) | |
download | gnunet-303334e67262bb6121dfbd245c66535f259d08af.tar.gz gnunet-303334e67262bb6121dfbd245c66535f259d08af.zip |
enable caching private->public key mapping in memory to improve CPU consumption for large zone insertions
Diffstat (limited to 'src/gnsrecord')
-rw-r--r-- | src/gnsrecord/gnsrecord_crypto.c | 108 |
1 files changed, 99 insertions, 9 deletions
diff --git a/src/gnsrecord/gnsrecord_crypto.c b/src/gnsrecord/gnsrecord_crypto.c index dd628ea76..27c83b90e 100644 --- a/src/gnsrecord/gnsrecord_crypto.c +++ b/src/gnsrecord/gnsrecord_crypto.c | |||
@@ -72,6 +72,7 @@ derive_block_aes_key (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, | |||
72 | * Sign name and records | 72 | * Sign name and records |
73 | * | 73 | * |
74 | * @param key the private key | 74 | * @param key the private key |
75 | * @param pkey associated public key | ||
75 | * @param expire block expiration | 76 | * @param expire block expiration |
76 | * @param label the name for the records | 77 | * @param label the name for the records |
77 | * @param rd record data | 78 | * @param rd record data |
@@ -79,17 +80,17 @@ derive_block_aes_key (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, | |||
79 | * @return NULL on error (block too large) | 80 | * @return NULL on error (block too large) |
80 | */ | 81 | */ |
81 | struct GNUNET_GNSRECORD_Block * | 82 | struct GNUNET_GNSRECORD_Block * |
82 | GNUNET_GNSRECORD_block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | 83 | block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, |
83 | struct GNUNET_TIME_Absolute expire, | 84 | const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey, |
84 | const char *label, | 85 | struct GNUNET_TIME_Absolute expire, |
85 | const struct GNUNET_GNSRECORD_Data *rd, | 86 | const char *label, |
86 | unsigned int rd_count) | 87 | const struct GNUNET_GNSRECORD_Data *rd, |
88 | unsigned int rd_count) | ||
87 | { | 89 | { |
88 | size_t payload_len = GNUNET_GNSRECORD_records_get_size (rd_count, | 90 | size_t payload_len = GNUNET_GNSRECORD_records_get_size (rd_count, |
89 | rd); | 91 | rd); |
90 | char payload[sizeof (uint32_t) + payload_len]; | 92 | char payload[sizeof (uint32_t) + payload_len]; |
91 | struct GNUNET_GNSRECORD_Block *block; | 93 | struct GNUNET_GNSRECORD_Block *block; |
92 | struct GNUNET_CRYPTO_EcdsaPublicKey pkey; | ||
93 | struct GNUNET_CRYPTO_EcdsaPrivateKey *dkey; | 94 | struct GNUNET_CRYPTO_EcdsaPrivateKey *dkey; |
94 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; | 95 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; |
95 | struct GNUNET_CRYPTO_SymmetricSessionKey skey; | 96 | struct GNUNET_CRYPTO_SymmetricSessionKey skey; |
@@ -139,12 +140,10 @@ GNUNET_GNSRECORD_block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | |||
139 | "gns"); | 140 | "gns"); |
140 | GNUNET_CRYPTO_ecdsa_key_get_public (dkey, | 141 | GNUNET_CRYPTO_ecdsa_key_get_public (dkey, |
141 | &block->derived_key); | 142 | &block->derived_key); |
142 | GNUNET_CRYPTO_ecdsa_key_get_public (key, | ||
143 | &pkey); | ||
144 | derive_block_aes_key (&iv, | 143 | derive_block_aes_key (&iv, |
145 | &skey, | 144 | &skey, |
146 | label, | 145 | label, |
147 | &pkey); | 146 | pkey); |
148 | GNUNET_break (payload_len + sizeof (uint32_t) == | 147 | GNUNET_break (payload_len + sizeof (uint32_t) == |
149 | GNUNET_CRYPTO_symmetric_encrypt (payload, | 148 | GNUNET_CRYPTO_symmetric_encrypt (payload, |
150 | payload_len + sizeof (uint32_t), | 149 | payload_len + sizeof (uint32_t), |
@@ -167,6 +166,97 @@ GNUNET_GNSRECORD_block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | |||
167 | 166 | ||
168 | 167 | ||
169 | /** | 168 | /** |
169 | * Sign name and records | ||
170 | * | ||
171 | * @param key the private key | ||
172 | * @param expire block expiration | ||
173 | * @param label the name for the records | ||
174 | * @param rd record data | ||
175 | * @param rd_count number of records | ||
176 | * @return NULL on error (block too large) | ||
177 | */ | ||
178 | struct GNUNET_GNSRECORD_Block * | ||
179 | GNUNET_GNSRECORD_block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | ||
180 | struct GNUNET_TIME_Absolute expire, | ||
181 | const char *label, | ||
182 | const struct GNUNET_GNSRECORD_Data *rd, | ||
183 | unsigned int rd_count) | ||
184 | { | ||
185 | struct GNUNET_CRYPTO_EcdsaPublicKey pkey; | ||
186 | |||
187 | GNUNET_CRYPTO_ecdsa_key_get_public (key, | ||
188 | &pkey); | ||
189 | return block_create (key, | ||
190 | &pkey, | ||
191 | expire, | ||
192 | label, | ||
193 | rd, | ||
194 | rd_count); | ||
195 | } | ||
196 | |||
197 | |||
198 | /** | ||
199 | * Line in cache mapping private keys to public keys. | ||
200 | */ | ||
201 | struct KeyCacheLine | ||
202 | { | ||
203 | /** | ||
204 | * A private key. | ||
205 | */ | ||
206 | struct GNUNET_CRYPTO_EcdsaPrivateKey key; | ||
207 | |||
208 | /** | ||
209 | * Associated public key. | ||
210 | */ | ||
211 | struct GNUNET_CRYPTO_EcdsaPublicKey pkey; | ||
212 | |||
213 | }; | ||
214 | |||
215 | |||
216 | /** | ||
217 | * Sign name and records, cache derived public key (also keeps the | ||
218 | * private key in static memory, so do not use this function if | ||
219 | * keeping the private key in the process'es RAM is a major issue). | ||
220 | * | ||
221 | * @param key the private key | ||
222 | * @param expire block expiration | ||
223 | * @param label the name for the records | ||
224 | * @param rd record data | ||
225 | * @param rd_count number of records | ||
226 | * @return NULL on error (block too large) | ||
227 | */ | ||
228 | struct GNUNET_GNSRECORD_Block * | ||
229 | GNUNET_GNSRECORD_block_create2 (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | ||
230 | struct GNUNET_TIME_Absolute expire, | ||
231 | const char *label, | ||
232 | const struct GNUNET_GNSRECORD_Data *rd, | ||
233 | unsigned int rd_count) | ||
234 | { | ||
235 | #define CSIZE 64 | ||
236 | static struct KeyCacheLine cache[CSIZE]; | ||
237 | struct KeyCacheLine *line; | ||
238 | |||
239 | line = &cache[(*(unsigned int *) key) ^ CSIZE]; | ||
240 | if (0 != memcmp (&line->key, | ||
241 | key, | ||
242 | sizeof (*key))) | ||
243 | { | ||
244 | /* cache miss, recompute */ | ||
245 | line->key = *key; | ||
246 | GNUNET_CRYPTO_ecdsa_key_get_public (key, | ||
247 | &line->pkey); | ||
248 | } | ||
249 | return block_create (key, | ||
250 | &line->pkey, | ||
251 | expire, | ||
252 | label, | ||
253 | rd, | ||
254 | rd_count); | ||
255 | } | ||
256 | |||
257 | |||
258 | |||
259 | /** | ||
170 | * Check if a signature is valid. This API is used by the GNS Block | 260 | * Check if a signature is valid. This API is used by the GNS Block |
171 | * to validate signatures received from the network. | 261 | * to validate signatures received from the network. |
172 | * | 262 | * |