git.ipfire.org Git - thirdparty/pdns.git/commit

author	Remi Gacogne <remi.gacogne@powerdns.com>
	Mon, 2 May 2022 09:46:38 +0000 (11:46 +0200)
committer	Remi Gacogne <remi.gacogne@powerdns.com>
	Thu, 12 Jan 2023 13:39:02 +0000 (14:39 +0100)
commit	ab5df14454e7830e446f2ed2ea15fc1750b0d8f3
tree	d6a4fd4cae52abefe639f75f8b871eec74d8e2c2	tree
parent	8b093b31a28c1928f5921a2cbb8900bc74870405	commit \| diff

auth: Speed up ECDSA and RSA signatures

For ECDSA, and likely for RSA, computing the public key is not a cheap
operation. So instead of computing it twice to get the lookup key for
our signatures cache, reuse the computed public key and only compute its
digest.
In addition, since ed* algorithms were already using the whole key instead
of a digest, place the cut off at public keys larger than 64 bytes, meaning
that only RSA ones (128+ bytes) will be hashed.
This provides an additional speedup for ECDSA keys (32 or 48 bytes) since
they no longer need to be hashed, and simplifies the signers code as the
hashing can be moved to the key cache now that it only depends on they key
size.
For reference the size of a SHA-1 digest is 20 bytes.

In my tests this reduces by 30% the cost of calling addRRSigs() for ECDSA
signatures when the signature is already present in the cache.

pdns/decafsigners.cc		diff \| blob \| blame \| history
pdns/dnssecinfra.hh		diff \| blob \| blame \| history
pdns/dnssecsigner.cc		diff \| blob \| blame \| history
pdns/opensslsigners.cc		diff \| blob \| blame \| history
pdns/pkcs11signers.cc		diff \| blob \| blame \| history
pdns/pkcs11signers.hh		diff \| blob \| blame \| history
pdns/sodiumsigners.cc		diff \| blob \| blame \| history
pdns/test-signers.cc		diff \| blob \| blame \| history