PK11_VerifyWithMechanism spends half the time just verifying the passed in signature
Categories
(NSS :: Libraries, enhancement, P3)
Tracking
(Not tracked)
People
(Reporter: emilio, Unassigned)
References
Details
And there doesn't seem to be any great way to tell it "I know my signature is ok".
Profile: https://share.firefox.dev/3NykzQo
(presumably signature
was intended to be public key
)
Looking at PK11_VerifyWithMechanism
, if the key hasn't already been imported into softoken, it imports (and verifies) it. CryptoKey::PublicKeyValid
imports (and verifies) the key, but then deletes the imported copy (if I understand correctly). Perhaps it shouldn't be destroying the key, since it's probably about to be used? (this would avoid double-verifying it)
Comment 2•2 years ago
|
||
Emilio, did Dana's suggestion help? We can look into this further if you think we're performing redundant public key validation steps.
Reporter | ||
Comment 3•2 years ago
|
||
So, re-using the generated key (https://phabricator.services.mozilla.com/D147648) does avoid verifying it over and over, though we leak it. I implemented Dana's suggestion in https://phabricator.services.mozilla.com/D147650, and yeah that should avoid all extra work for the most part.
Signature verification performance is still not amazing, but with that most of the overhead is gone.
Updated•6 months ago
|
Description
•