Bug 1297552 - Perform U2F hash operations more efficiently r=keeler
authorJ.C. Jones <jjones@mozilla.com>
Thu, 06 Oct 2016 13:07:17 -0700
changeset 363075 f824c01ff5ca54dfaf16d8a64110ef8ca2ddbac2
parent 363032 96d1b7238832ebf3e7e03053db19a8e557f6ca42
child 363076 bf9ddecd3f458234c1f85137b2263f40131b3d61
push id1369
push userjlorenzo@mozilla.com
push dateMon, 27 Feb 2017 14:59:41 +0000
treeherdermozilla-release@d75a1dba431f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler
bugs1297552
milestone52.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1297552 - Perform U2F hash operations more efficiently r=keeler Moves hash calculations to happen only once per JS-invoked Register/Sign operation. MozReview-Commit-ID: FuA95qCl1rG
dom/u2f/U2F.cpp
--- a/dom/u2f/U2F.cpp
+++ b/dom/u2f/U2F.cpp
@@ -171,16 +171,33 @@ U2FRegisterTask::Run()
 
       if (isCompatible && isRegistered) {
         ReturnError(ErrorCode::DEVICE_INELIGIBLE);
         return NS_OK;
       }
     }
   }
 
+  // Hash the AppID into the AppParam
+  SECStatus srv;
+  nsCString cAppId = NS_ConvertUTF16toUTF8(mAppId);
+  CryptoBuffer appParam;
+  if (!appParam.SetLength(SHA256_LENGTH, fallible)) {
+    ReturnError(ErrorCode::OTHER_ERROR);
+    return NS_ERROR_FAILURE;
+  }
+
+  srv = PK11_HashBuf(SEC_OID_SHA256, appParam.Elements(),
+                     reinterpret_cast<const uint8_t*>(cAppId.BeginReading()),
+                     cAppId.Length());
+  if (srv != SECSuccess) {
+    ReturnError(ErrorCode::OTHER_ERROR);
+    return NS_ERROR_FAILURE;
+  }
+
   // Search the requests in order for the first some token can fulfill
   for (size_t i = 0; i < mRegisterRequests.Length(); ++i) {
     RegisterRequest request(mRegisterRequests[i]);
 
     // Check for equired attributes
     if (!(request.mVersion.WasPassed() &&
         request.mChallenge.WasPassed())) {
       continue;
@@ -190,31 +207,19 @@ U2FRegisterTask::Run()
     nsresult rv = AssembleClientData(mOrigin, kFinishEnrollment,
                                      request.mChallenge.Value(),
                                      clientData);
     if (NS_WARN_IF(NS_FAILED(rv))) {
       ReturnError(ErrorCode::OTHER_ERROR);
       return NS_ERROR_FAILURE;
     }
 
-    // Hash the AppID and the ClientData into the AppParam and ChallengeParam
-    SECStatus srv;
-    nsCString cAppId = NS_ConvertUTF16toUTF8(mAppId);
-    CryptoBuffer appParam;
+    // Hash the ClientData into the ChallengeParam
     CryptoBuffer challengeParam;
-    if (!appParam.SetLength(SHA256_LENGTH, fallible) ||
-        !challengeParam.SetLength(SHA256_LENGTH, fallible)) {
-      ReturnError(ErrorCode::OTHER_ERROR);
-      return NS_ERROR_FAILURE;
-    }
-
-    srv = PK11_HashBuf(SEC_OID_SHA256, appParam.Elements(),
-                       reinterpret_cast<const uint8_t*>(cAppId.BeginReading()),
-                       cAppId.Length());
-    if (srv != SECSuccess) {
+    if (!challengeParam.SetLength(SHA256_LENGTH, fallible)) {
       ReturnError(ErrorCode::OTHER_ERROR);
       return NS_ERROR_FAILURE;
     }
 
     srv = PK11_HashBuf(SEC_OID_SHA256, challengeParam.Elements(),
                        clientData.Elements(), clientData.Length());
     if (srv != SECSuccess) {
       ReturnError(ErrorCode::OTHER_ERROR);
@@ -325,16 +330,33 @@ NS_IMETHODIMP
 U2FSignTask::Run()
 {
   nsNSSShutDownPreventionLock locker;
   if (isAlreadyShutDown()) {
     ReturnError(ErrorCode::OTHER_ERROR);
     return NS_ERROR_FAILURE;
   }
 
+  // Hash the AppID into the AppParam
+  SECStatus srv;
+  nsCString cAppId = NS_ConvertUTF16toUTF8(mAppId);
+  CryptoBuffer appParam;
+  if (!appParam.SetLength(SHA256_LENGTH, fallible)) {
+    ReturnError(ErrorCode::OTHER_ERROR);
+    return NS_ERROR_FAILURE;
+  }
+
+  srv = PK11_HashBuf(SEC_OID_SHA256, appParam.Elements(),
+                     reinterpret_cast<const uint8_t*>(cAppId.BeginReading()),
+                     cAppId.Length());
+  if (srv != SECSuccess) {
+    ReturnError(ErrorCode::OTHER_ERROR);
+    return NS_ERROR_FAILURE;
+  }
+
   // Search the requests for one a token can fulfill
   for (size_t i = 0; i < mRegisteredKeys.Length(); i += 1) {
     RegisteredKey request(mRegisteredKeys[i]);
 
     // Check for required attributes
     if (!(request.mVersion.WasPassed() &&
           request.mKeyHandle.WasPassed())) {
       continue;
@@ -349,31 +371,19 @@ U2FSignTask::Run()
     CryptoBuffer clientData;
     nsresult rv = AssembleClientData(mOrigin, kGetAssertion, mChallenge,
                                      clientData);
     if (NS_WARN_IF(NS_FAILED(rv))) {
       ReturnError(ErrorCode::OTHER_ERROR);
       return NS_ERROR_FAILURE;
     }
 
-    // Hash the AppID and the ClientData into the AppParam and ChallengeParam
-    SECStatus srv;
-    nsCString cAppId = NS_ConvertUTF16toUTF8(mAppId);
-    CryptoBuffer appParam;
+    // Hash the ClientData into the ChallengeParam
     CryptoBuffer challengeParam;
-    if (!appParam.SetLength(SHA256_LENGTH, fallible) ||
-        !challengeParam.SetLength(SHA256_LENGTH, fallible)) {
-      ReturnError(ErrorCode::OTHER_ERROR);
-      return NS_ERROR_FAILURE;
-    }
-
-    srv = PK11_HashBuf(SEC_OID_SHA256, appParam.Elements(),
-                       reinterpret_cast<const uint8_t*>(cAppId.BeginReading()),
-                       cAppId.Length());
-    if (srv != SECSuccess) {
+    if (!challengeParam.SetLength(SHA256_LENGTH, fallible)) {
       ReturnError(ErrorCode::OTHER_ERROR);
       return NS_ERROR_FAILURE;
     }
 
     srv = PK11_HashBuf(SEC_OID_SHA256, challengeParam.Elements(),
                        clientData.Elements(), clientData.Length());
     if (srv != SECSuccess) {
       ReturnError(ErrorCode::OTHER_ERROR);