Remove byte[] allocation in VerifyRsa / VerifyECDsa #2589
Conversation
Calling HashAlgorithm.ComputeHash will always allocate and return a new byte array. On .NET 6+ we can instead use a temporary buffer (either on the stack for normal hashing, or use the array pool for hash algorithms that need more than 2k bits) to reduce the intermediate allocation.
| } | ||
|
|
||
| private bool VerifyUsingOffsetRsa(byte[] bytes, int offset, int count, byte[] signature) | ||
| { | ||
| #if NET6_0_OR_GREATER | ||
| return VerifyUsingSpan(isRSA: true, bytes.AsSpan(offset, count), signature); | ||
| #else | ||
| return RSA.VerifyHash(HashAlgorithm.ComputeHash(bytes, offset, count), signature, HashAlgorithmName, RSASignaturePadding); |
There was a problem hiding this comment.
Since you already have the HashAlgorithmName, why not just call VerifyData and let the framework do the hashing for you (which won't create a temporary array)?
There was a problem hiding this comment.
and let the framework do the hashing for you (which won't create a temporary array)?
This doesn't appear to be the case. When I step into it, I get:
Which allocates the byte[].
Here is my test code (on windows):
using System.Security.Cryptography;
RSA rSA = RSA.Create();
byte[] data = [0x1, 0x2, 0x3, 0x4];
byte[] signature = rSA.SignData(data, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
for (int i = 0; i < 1_000; i++)
{
rSA.VerifyData(data, signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
}
There was a problem hiding this comment.
Should I submit a similar PR to RSA and ECDsa in dotnet/runtime?
There was a problem hiding this comment.
It looks like VerifyData(ReadOnlySpan) uses span-hashing, but VerifyData(byte[]) uses array-hashing; because we never override public virtual bool VerifyData(byte[], int, int, byte[], HashAlgorithmName, RSASignaturePadding). So the change in dotnet/runtime to make everyone happier is probably to override that method on all N of our RSA types. (RSACryptoServiceProvider, RSACng, RSAOpenSsl, RSASecurityTransforms, RSAAndroid, and maybe up to double that from the "RSA.Create()" types). Which is going to involve a lot of copy/paste of the argument validation. Bleh.
Here, though, it means
return rsa.VerifyData(
#if NET5_OR_GREATER
bytes.AsSpan(offset, count),
#else
bytes, offset, count,
#endif
signature,
HashAlgorithmName,
RSASignaturePadding);should take your numbers down to 0 (for .NET5+)
There was a problem hiding this comment.
RSA is still allocating here:
HashData returns a new byte[].
Test Code:
using System.Security.Cryptography;
RSA algo = RSA.Create();
byte[] data = [0x1, 0x2, 0x3, 0x4];
byte[] signature = algo.SignData(data, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
for (int i = 0; i < 1_000; i++)
{
algo.VerifyData(data.AsSpan(), signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
}There was a problem hiding this comment.
Weird, since it should have hit the if (this is IRuntimeAlgorithm) above and bypassed the allocation routine. Must've missed a marker interface somewhere, too.
There was a problem hiding this comment.
In my case, this is an RSABCrypt, which doesn't implement that interface.
On Linux it looks like we get an RSAWrapper, which also doesn't implement it:
Calling HashAlgorithm.ComputeHash will always allocate and return a new byte array. On .NET 6+ we can instead use a temporary buffer (either on the stack for normal hashing, or use the array pool for hash algorithms that need more than 2k bits) to reduce the intermediate allocation.
cc @bartonjs - in case you want to take a look.