[Opendnssec-commits] [keihatsu.kirei.se/svn/dnssec] r5275 - in trunk/softHSM: . src/lib

Rickard Bellgrim rickard at opendnssec.org
Fri Jul 1 10:21:17 CEST 2011


Author: rb
Date: 2011-07-01 10:21:16 +0200 (Fri, 01 Jul 2011)
New Revision: 5275

Modified:
   trunk/softHSM/NEWS
   trunk/softHSM/src/lib/SoftSession.cpp
   trunk/softHSM/src/lib/SoftSession.h
   trunk/softHSM/src/lib/main.cpp
Log:
Better performance with this simple cache


Modified: trunk/softHSM/NEWS
===================================================================
--- trunk/softHSM/NEWS	2011-06-30 21:32:50 UTC (rev 5274)
+++ trunk/softHSM/NEWS	2011-07-01 08:21:16 UTC (rev 5275)
@@ -10,7 +10,9 @@
 * Updated backup instructions.
 * Only a Security Officer can set CKA_TRUSTED to true.
 * The softhsm tool can set the value of CKA_TRUSTED.
-* Support Botan 1.10.0
+* Support Botan 1.10.0.
+* Better signing performance with a single element cache for 
+  the PK_Signer object.
 
 Bugfixes:
 * API changes in Botan created a namespace collision.

Modified: trunk/softHSM/src/lib/SoftSession.cpp
===================================================================
--- trunk/softHSM/src/lib/SoftSession.cpp	2011-06-30 21:32:50 UTC (rev 5274)
+++ trunk/softHSM/src/lib/SoftSession.cpp	2011-07-01 08:21:16 UTC (rev 5275)
@@ -72,6 +72,8 @@
   signSinglePart = false;
   signSize = 0;
   signInitialized = false;
+  signMech = CKM_VENDOR_DEFINED;
+  signKey = CK_INVALID_HANDLE;
 
   pkVerifier = NULL_PTR;
   verifySinglePart = false;

Modified: trunk/softHSM/src/lib/SoftSession.h
===================================================================
--- trunk/softHSM/src/lib/SoftSession.h	2011-06-30 21:32:50 UTC (rev 5274)
+++ trunk/softHSM/src/lib/SoftSession.h	2011-07-01 08:21:16 UTC (rev 5275)
@@ -93,6 +93,8 @@
     bool signSinglePart;
     CK_ULONG signSize;
     bool signInitialized;
+    CK_MECHANISM_TYPE signMech;
+    CK_OBJECT_HANDLE signKey;
 
     // Verify
     Botan::PK_Verifier *pkVerifier;

Modified: trunk/softHSM/src/lib/main.cpp
===================================================================
--- trunk/softHSM/src/lib/main.cpp	2011-06-30 21:32:50 UTC (rev 5274)
+++ trunk/softHSM/src/lib/main.cpp	2011-07-01 08:21:16 UTC (rev 5275)
@@ -1569,107 +1569,118 @@
     return CKR_ARGUMENTS_BAD;
   }
 
-  session->signSinglePart = false;
+  // Check if we cannot reuse the old PK_Signer
+  if(!session->pkSigner || session->signMech != pMechanism->mechanism || session->signKey != hKey) {
+    if(session->pkSigner) {
+      delete session->pkSigner;
+      session->pkSigner = NULL;
+    }
+
+    session->signSinglePart = false;
 #ifdef BOTAN_PRE_1_9_4_FIX
-  Botan::EMSA *hashFunc = NULL_PTR;
+    Botan::EMSA *hashFunc = NULL_PTR;
 
-  // Selects the correct padding and hash algorithm.
-  switch(pMechanism->mechanism) {
-    case CKM_RSA_PKCS:
-      hashFunc = new Botan::EMSA3_Raw();
-      session->signSinglePart = true;
-      break;
-    case CKM_RSA_X_509:
-      hashFunc = new Botan::EMSA_Raw();
-      session->signSinglePart = true;
-      break;
-    case CKM_MD5_RSA_PKCS:
-      hashFunc = new Botan::EMSA3(new Botan::MD5);
-      break;
-    case CKM_RIPEMD160_RSA_PKCS:
-      hashFunc = new Botan::EMSA3(new Botan::RIPEMD_160);
-      break;
-    case CKM_SHA1_RSA_PKCS:
-      hashFunc = new Botan::EMSA3(new Botan::SHA_160);
-      break;
-    case CKM_SHA256_RSA_PKCS:
-      hashFunc = new Botan::EMSA3(new Botan::SHA_256);
-      break;
-    case CKM_SHA384_RSA_PKCS:
-      hashFunc = new Botan::EMSA3(new Botan::SHA_384);
-      break;
-    case CKM_SHA512_RSA_PKCS:
-      hashFunc = new Botan::EMSA3(new Botan::SHA_512);
-      break;
-    default:
-      DEBUG_MSG("C_SignInit", "The selected mechanism is not supported");
-      return CKR_MECHANISM_INVALID;
-      break;
-  }
+    // Selects the correct padding and hash algorithm.
+    switch(pMechanism->mechanism) {
+      case CKM_RSA_PKCS:
+        hashFunc = new Botan::EMSA3_Raw();
+        session->signSinglePart = true;
+        break;
+      case CKM_RSA_X_509:
+        hashFunc = new Botan::EMSA_Raw();
+        session->signSinglePart = true;
+        break;
+      case CKM_MD5_RSA_PKCS:
+        hashFunc = new Botan::EMSA3(new Botan::MD5);
+        break;
+      case CKM_RIPEMD160_RSA_PKCS:
+        hashFunc = new Botan::EMSA3(new Botan::RIPEMD_160);
+        break;
+      case CKM_SHA1_RSA_PKCS:
+        hashFunc = new Botan::EMSA3(new Botan::SHA_160);
+        break;
+      case CKM_SHA256_RSA_PKCS:
+        hashFunc = new Botan::EMSA3(new Botan::SHA_256);
+        break;
+      case CKM_SHA384_RSA_PKCS:
+        hashFunc = new Botan::EMSA3(new Botan::SHA_384);
+        break;
+      case CKM_SHA512_RSA_PKCS:
+        hashFunc = new Botan::EMSA3(new Botan::SHA_512);
+        break;
+      default:
+        DEBUG_MSG("C_SignInit", "The selected mechanism is not supported");
+        return CKR_MECHANISM_INVALID;
+        break;
+    }
 
-  if(hashFunc == NULL_PTR) {
-    ERROR_MSG("C_SignInit", "Could not create the hash function");
-    return CKR_DEVICE_MEMORY;
-  }
+    if(hashFunc == NULL_PTR) {
+      ERROR_MSG("C_SignInit", "Could not create the hash function");
+      return CKR_DEVICE_MEMORY;
+    }
 #else
-  std::string emsa;
+    std::string emsa;
 
-  // Selects the correct padding and hash algorithm.
-  switch(pMechanism->mechanism) {
-    case CKM_RSA_PKCS:
-      emsa = "EMSA3(Raw)";
-      session->signSinglePart = true;
-      break;
-    case CKM_RSA_X_509:
-      emsa = "Raw";
-      session->signSinglePart = true;
-      break;
-    case CKM_MD5_RSA_PKCS:
-      emsa = "EMSA3(MD5)";
-      break;
-    case CKM_RIPEMD160_RSA_PKCS:
-      emsa = "EMSA3(RIPEMD-160)";
-      break;
-    case CKM_SHA1_RSA_PKCS:
-      emsa = "EMSA3(SHA-160)";
-      break;
-    case CKM_SHA256_RSA_PKCS:
-      emsa = "EMSA3(SHA-256)";
-      break;
-    case CKM_SHA384_RSA_PKCS:
-      emsa = "EMSA3(SHA-384)";
-      break;
-    case CKM_SHA512_RSA_PKCS:
-      emsa = "EMSA3(SHA-512)";
-      break;
-    default:
-      DEBUG_MSG("C_SignInit", "The selected mechanism is not supported");
-      return CKR_MECHANISM_INVALID;
-      break;
-  }
+    // Selects the correct padding and hash algorithm.
+    switch(pMechanism->mechanism) {
+      case CKM_RSA_PKCS:
+        emsa = "EMSA3(Raw)";
+        session->signSinglePart = true;
+        break;
+      case CKM_RSA_X_509:
+        emsa = "Raw";
+        session->signSinglePart = true;
+        break;
+      case CKM_MD5_RSA_PKCS:
+        emsa = "EMSA3(MD5)";
+        break;
+      case CKM_RIPEMD160_RSA_PKCS:
+        emsa = "EMSA3(RIPEMD-160)";
+        break;
+      case CKM_SHA1_RSA_PKCS:
+        emsa = "EMSA3(SHA-160)";
+        break;
+      case CKM_SHA256_RSA_PKCS:
+        emsa = "EMSA3(SHA-256)";
+        break;
+      case CKM_SHA384_RSA_PKCS:
+        emsa = "EMSA3(SHA-384)";
+        break;
+      case CKM_SHA512_RSA_PKCS:
+        emsa = "EMSA3(SHA-512)";
+        break;
+      default:
+        DEBUG_MSG("C_SignInit", "The selected mechanism is not supported");
+        return CKR_MECHANISM_INVALID;
+        break;
+    }
 #endif
 
-  // Creates the signer with given key and mechanism.
-  try {
+    // Creates the signer with given key and mechanism.
+    try {
 #ifdef BOTAN_PRE_1_9_4_FIX
-    Botan::PK_Signing_Key *signKey = dynamic_cast<Botan::PK_Signing_Key*>(cryptoKey);
-    session->signSize = (cryptoKey->max_input_bits() + 8) / 8;
-    session->pkSigner = new Botan::PK_Signer(*signKey, &*hashFunc);
+      Botan::PK_Signing_Key *signKey = dynamic_cast<Botan::PK_Signing_Key*>(cryptoKey);
+      session->signSize = (cryptoKey->max_input_bits() + 8) / 8;
+      session->pkSigner = new Botan::PK_Signer(*signKey, &*hashFunc);
 #else
-    session->signSize = (cryptoKey->max_input_bits() + 8) / 8;
-    session->pkSigner = new Botan::PK_Signer(*dynamic_cast<Botan::Private_Key*>(cryptoKey), emsa);
+      session->signSize = (cryptoKey->max_input_bits() + 8) / 8;
+      session->pkSigner = new Botan::PK_Signer(*dynamic_cast<Botan::Private_Key*>(cryptoKey), emsa);
 #endif
-  }
-  catch(std::exception& e) {
-    char errorMsg[1024];
-    snprintf(errorMsg, sizeof(errorMsg), "Could not create the signing function: %s", e.what());
-    ERROR_MSG("C_SignInit", errorMsg);
-    return CKR_GENERAL_ERROR;
-  }
+    }
+    catch(std::exception& e) {
+      char errorMsg[1024];
+      snprintf(errorMsg, sizeof(errorMsg), "Could not create the signing function: %s", e.what());
+      ERROR_MSG("C_SignInit", errorMsg);
+      return CKR_GENERAL_ERROR;
+    }
 
-  if(!session->pkSigner) {
-    ERROR_MSG("C_SignInit", "Could not create the signing function");
-    return CKR_DEVICE_MEMORY;
+    if(!session->pkSigner) {
+      ERROR_MSG("C_SignInit", "Could not create the signing function");
+      return CKR_DEVICE_MEMORY;
+    }
+
+    session->signMech = pMechanism->mechanism;
+    session->signKey = hKey;
   }
 
   session->signInitialized = true;
@@ -1748,9 +1759,6 @@
   *pulSignatureLen = session->signSize;
 
   // Finalizing
-  session->signSize = 0;
-  delete session->pkSigner;
-  session->pkSigner = NULL_PTR;
   session->signInitialized = false;
 
   DEBUG_MSG("C_Sign", "OK");
@@ -1879,9 +1887,6 @@
   *pulSignatureLen = session->signSize;
 
   // Finalizing
-  session->signSize = 0;
-  delete session->pkSigner;
-  session->pkSigner = NULL_PTR;
   session->signInitialized = false;
 
   DEBUG_MSG("C_SignFinal", "OK");




More information about the Opendnssec-commits mailing list