diff options
| author | Werner Koch <[email protected]> | 2013-01-08 13:44:49 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2013-01-08 13:46:06 +0000 |
| commit | 492792378dc7a79316ef742b2ffaa46c6cda282a (patch) | |
| tree | f4f965a930a06da81b90055d48280c38acd6e972 /g10/pubkey-enc.c | |
| parent | Make log_clock easier to read. (diff) | |
| download | gnupg-492792378dc7a79316ef742b2ffaa46c6cda282a.tar.gz gnupg-492792378dc7a79316ef742b2ffaa46c6cda282a.zip | |
gpg: Cache keybox searches.
* common/iobuf.c (iobuf_seek): Fix for temp streams.
* g10/pubkey-enc.c (get_session_key, get_it): Add some log_clock calls.
* g10/keydb.c (dump_search_desc): New.
(enum_keyblock_states, struct keyblock_cache): New.
(keyblock_cache_clear): New.
(keydb_get_keyblock, keydb_search): Implement a keyblock cache.
(keydb_update_keyblock, keydb_insert_keyblock, keydb_delete_keyblock)
(keydb_rebuild_caches, keydb_search_reset): Clear the cache.
--
Gpg uses the key database at several places without a central
coordination. This leads to several scans of the keybox for the same
key. To improve that we now use a simple cache to store a retrieved
keyblock in certain cases. In theory this caching could also be done
for old keyrings, but it is a bit more work and questionable whether
it is needed; the keybox scheme is anyway much faster than keyrings.
Using a keybox with 20000 384 bit ECDSA/ECHD keypairs and a 252 byte
sample text we get these values for encrypt and decrypt operations on
an Core i5 4*3.33Ghz system. The option --trust-model=always is used.
Times are given in milliseconds wall time.
| | enc | dec | dec,q |
|-----------+-----+-----+-------|
| key 1 | 48 | 96 | 70 |
| key 10000 | 60 | 98 | 80 |
| key 20000 | 69 | 106 | 88 |
| 10 keys | 540 | 290 | 70 |
The 10 keys test uses a mix of keys, the first one is used for
decryption but all keys are looked up so that information about are
printed. The last column gives decryption results w/o information
printing (--quiet).
The keybox is always scanned sequentially without using any index. By
adding an index to the keybox it will be possible to further reduce
the time required for keys stored to the end of the file.
Diffstat (limited to 'g10/pubkey-enc.c')
| -rw-r--r-- | g10/pubkey-enc.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index 254e81091..a69536e1d 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -77,6 +77,9 @@ get_session_key (PKT_pubkey_enc * k, DEK * dek) PKT_public_key *sk = NULL; int rc; + if (DBG_CLOCK) + log_clock ("get_session_key enter"); + rc = openpgp_pk_test_algo2 (k->pubkey_algo, PUBKEY_USAGE_ENC); if (rc) goto leave; @@ -129,6 +132,8 @@ get_session_key (PKT_pubkey_enc * k, DEK * dek) leave: free_public_key (sk); + if (DBG_CLOCK) + log_clock ("get_session_key leave"); return rc; } @@ -149,6 +154,9 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid) size_t fpn; const int pkalgo = map_pk_openpgp_to_gcry (sk->pubkey_algo); + if (DBG_CLOCK) + log_clock ("decryption start"); + /* Get the keygrip. */ err = hexkeygrip_from_pk (sk, &keygrip); if (err) @@ -321,6 +329,8 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid) err = gpg_error (GPG_ERR_WRONG_SECKEY); goto leave; } + if (DBG_CLOCK) + log_clock ("decryption ready"); if (DBG_CIPHER) log_printhex ("DEK is:", dek->key, dek->keylen); |