Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

improve performance, improve typings #38

Merged
merged 8 commits into from
Jul 11, 2022
Merged

improve performance, improve typings #38

merged 8 commits into from
Jul 11, 2022

Conversation

Uzlopak
Copy link
Contributor

@Uzlopak Uzlopak commented Jul 10, 2022

This PR improves the overall performance of the csrf-package.

This is done by various strategies:

  • By using the base64url encoding instead of base64 encoding, it drops alot of unnecessary .replace-calls to achiev exactly that. base64url is supported since node 14.18.0, so for older versions, it fallbacks to base64 with string replacement.

  • to improve the verify()-method, I removed the double hmac equal time solution from the tsscmp-pakage with crypto.timingsafeequal call. Before crypto.timingssafeequal in node 6.6.0 existed the double hmac solution was proposed as a workaround. There were also attempts to implement crypto timingsafeequal with the double hmac solution approach. But that was denied by the node community and CRYPTO_memcmp of OpenSSL is since used for crypto.timingsafeequal implementation.
    The only critical point is when we compare the generated actual value with the expected value. timingsafeequal expect that both buffers have the same length. To avoid even exposing the information that actual and expected have different lengths, we do the timingsafeequal and at the end check that the lengths are equal. Thus making it truely timing safe.

  • to improve the performance of the create()-method, the salt generation is done by creating a salt generator function just in time and calling it, thus reducing some overhead.

etc.

before:

uzlopak@Battlestation:~/workspace/csrf$ node benchmark/
  node@16.14.2
  v8@9.4.146.24-node.20
  uv@1.43.0
  zlib@1.2.11
  brotli@1.0.9
  ares@1.18.1
  modules@93
  nghttp2@1.45.1
  napi@8
  llhttp@6.0.4
  openssl@1.1.1n+quic
  cldr@40.0
  icu@70.1
  tz@2021a3
  unicode@14.0
  ngtcp2@0.1.0-DEV
  nghttp3@0.1.0-DEV

> /home/uzlopak/.nvm/versions/node/v16.14.2/bin/node benchmark/create.js

  create

  1 test completed.

  create x 705,158 ops/sec ±0.21% (195 runs sampled)

> /home/uzlopak/.nvm/versions/node/v16.14.2/bin/node benchmark/secret.js

  secret

  3 tests completed.

  secretSync        x 480,648 ops/sec ±0.44% (187 runs sampled)
  secret - callback x 106,458 ops/sec ±0.99% (172 runs sampled)
  secret - promise  x 100,651 ops/sec ±1.07% (172 runs sampled)

> /home/uzlopak/.nvm/versions/node/v16.14.2/bin/node benchmark/verify.js

  verify

  2 tests completed.

  verify - valid   x 130,676 ops/sec ±0.59% (190 runs sampled)
  verify - invalid x 128,384 ops/sec ±0.69% (191 runs sampled)

after:

uzlopak@Battlestation:~/workspace/csrf$ node benchmark
  node@16.14.2
  v8@9.4.146.24-node.20
  uv@1.43.0
  zlib@1.2.11
  brotli@1.0.9
  ares@1.18.1
  modules@93
  nghttp2@1.45.1
  napi@8
  llhttp@6.0.4
  openssl@1.1.1n+quic
  cldr@40.0
  icu@70.1
  tz@2021a3
  unicode@14.0
  ngtcp2@0.1.0-DEV
  nghttp3@0.1.0-DEV

> /home/uzlopak/.nvm/versions/node/v16.14.2/bin/node benchmark/create.js

  create

  1 test completed.

  create x 928,047 ops/sec ±0.30% (191 runs sampled)

> /home/uzlopak/.nvm/versions/node/v16.14.2/bin/node benchmark/secret.js

  secret

  3 tests completed.

  secretSync        x 555,162 ops/sec ±0.50% (190 runs sampled)
  secret - callback x 113,889 ops/sec ±1.23% (172 runs sampled)
  secret - promise  x 109,406 ops/sec ±1.19% (176 runs sampled)

> /home/uzlopak/.nvm/versions/node/v16.14.2/bin/node benchmark/verify.js

  verify

  2 tests completed.

  verify - valid   x 588,397 ops/sec ±0.28% (194 runs sampled)
  verify - invalid x 595,054 ops/sec ±0.37% (193 runs sampled)

mcollina
mcollina approved these changes Jul 10, 2022
View reviewed changes
Copy link
Member

@mcollina mcollina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

mcollina
mcollina approved these changes Jul 10, 2022
View reviewed changes
Copy link
Member

@mcollina mcollina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@Uzlopak
Copy link
Contributor Author

Uzlopak commented Jul 10, 2022

@kibertoad
Maybe you also want to have a look? :)?

@kibertoad
Copy link
Member

@mcollina for some reason I can't merge, this repo not on fastify team?

@mcollina mcollina merged commit 8eb4a0b into fastify:master Jul 11, 2022
@Uzlopak Uzlopak deleted the perf branch July 11, 2022 08:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kibertoad kibertoad kibertoad approved these changes

@mcollina mcollina mcollina approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Uzlopak @kibertoad @mcollina