getSHA256Fingerprints: performance improvement for v6 keys (reuse k…

…ey fingerprint) v6 keys already include sha256 fingerprints so there is no need to recompute them.
ProtonMail · Jan 24, 2025 · dbee650 · dbee650
1 parent ea63a25
commit dbee650
Show file tree

Hide file tree

Showing 7 changed files with 159 additions and 15 deletions.
diff --git a/lib/key/utils.d.ts b/lib/key/utils.d.ts
@@ -33,8 +33,6 @@ export interface GenerateSessionKeyOptionsPmcrypto extends Omit<GenerateSessionK
 }
 export function generateSessionKey(options: GenerateSessionKeyOptionsPmcrypto): Promise<SessionKey>;
 
-export function getFingerprint(key: Key): string;
-
 export function isExpiredKey(key: Key, date?: Date): Promise<boolean>;
 export function isRevokedKey(key: Key, date?: Date): Promise<boolean>;
 

diff --git a/lib/key/utils.js b/lib/key/utils.js
@@ -90,14 +90,14 @@ export const canKeyEncrypt = async (publicKey, date = serverTime()) => {
     }
 };
 
-export function getFingerprint(key) {
-    return key.getFingerprint();
-}
-
 export const getSHA256Fingerprints = (key) => {
     return Promise.all(
-        key.getKeys().map(async ({ keyPacket }) => {
-            return arrayToHexString(await SHA256(keyPacket.writeForHash(keyPacket.version)));
+        key.getKeys().map(async (keyOrSubkey) => {
+            const { version } = keyOrSubkey.keyPacket;
+            const keyFingerprintIsSHA256 = version === 5 || version === 6;
+            return keyFingerprintIsSHA256 ?
+                keyOrSubkey.getFingerprint() :
+                arrayToHexString(await SHA256(keyOrSubkey.keyPacket.writeForHash(version)));
         })
     );
 };

diff --git a/lib/pmcrypto.d.ts b/lib/pmcrypto.d.ts
@@ -37,7 +37,7 @@ export {
     generateKey, reformatKey,
     generateSessionKey, generateSessionKeyForAlgorithm,
     isExpiredKey, isRevokedKey, canKeyEncrypt,
-    getFingerprint, getSHA256Fingerprints,
+    getSHA256Fingerprints,
     getMatchingKey
 } from './key/utils';
 

diff --git a/lib/pmcrypto.js b/lib/pmcrypto.js
@@ -30,7 +30,6 @@ export {
     isExpiredKey,
     isRevokedKey,
     canKeyEncrypt,
-    getFingerprint,
     getMatchingKey,
     getSHA256Fingerprints
 } from './key/utils';

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -40,6 +40,7 @@
         "@types/chai-as-promised": "^7.1.8",
         "@types/elliptic": "^6.4.18",
         "@types/mocha": "^9.1.1",
+        "@types/sinon": "^17.0.3",
         "@types/webpack-env": "^1.18.5",
         "@typescript-eslint/eslint-plugin": "^6.21.0",
         "@typescript-eslint/parser": "^6.21.0",
@@ -62,6 +63,7 @@
         "karma-webpack": "^5.0.1",
         "mocha": "^11.0.1",
         "playwright": "^1.48.2",
+        "sinon": "^19.0.2",
         "ts-loader": "^9.5.1",
         "typescript": "^5.6.3",
         "web-streams-polyfill": "^3.3.3",

diff --git a/test/key/utils.spec.ts b/test/key/utils.spec.ts
@@ -1,4 +1,5 @@
 import { expect } from 'chai';
+import { createSandbox as createSinonSandbox } from 'sinon';
 import { revokeKey, sign, createMessage, enums } from '../../lib/openpgp';
 import {
     isExpiredKey,
@@ -54,11 +55,19 @@ T/efFOC6BDkAAHcjAPwIPNHnR9bKmkVop6cE05dCIpZ/W8zXDGnjKYrrC4Hb
         const { publicKey } = await generateKey({ userIDs: [{}], passphrase: 'test', config: { v6Keys: true }, format: 'object' });
 
         const fingerprints = publicKey.getKeys().map((key) => key.getFingerprint());
-        const sha256Fingerprints = await getSHA256Fingerprints(publicKey);
-        expect(sha256Fingerprints.length).to.equal(fingerprints.length);
-        sha256Fingerprints.forEach((sha256Fingerprint, i) => {
-            expect(sha256Fingerprint).to.equal(fingerprints[i]);
-        });
+        const sinonSandbox = createSinonSandbox();
+        try {
+            const webcryptoHashSpy = sinonSandbox.spy(crypto.subtle, 'digest');
+            const sha256Fingerprints = await getSHA256Fingerprints(publicKey);
+            // ensure no hashing is done for v6 keys; the fingerprints stored in the key are expected to be returned.
+            expect(webcryptoHashSpy.called).to.be.false;
+            expect(sha256Fingerprints.length).to.equal(fingerprints.length);
+            sha256Fingerprints.forEach((sha256Fingerprint, i) => {
+                expect(sha256Fingerprint).to.equal(fingerprints[i]);
+            });
+        } finally {
+            sinonSandbox.restore();
+        }
     });
 
     it('generateKey - it has valid default creation time', async () => {