Closed Bug 968567 Opened 11 years ago Closed 11 years ago

Expose the NSS implementation of PBKDF2 HMAC SHA256 from bug 974162 to chrome JS for use by FxAccounts

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INCOMPLETE
Project Flags:
tracking-b2g backlog

People

(Reporter: jedp, Assigned: spenrose)

References

Details

Needed for Firefox Accounts on b2g and desktop. The implementation in services/crypto/modules/utils.js (pbkdf2Generate) is too slow for our production needs. (1000 rounds on my 2.3GHz laptop takes 3.5 seconds.) We will need a way to call this from javascript. We will also need a way to return the computed DK to the caller.
Component: FxA → Firefox Sync: Backend
Product: Firefox → Mozilla Services
Component: Firefox Sync: Backend → Libraries
Product: Mozilla Services → NSS
Version: unspecified → trunk
Component: Libraries → Security: PSM
Product: NSS → Core
Version: trunk → Trunk
:bsmith, it turns out, it's ass slow the way we're doing it now. We'd like please.
No longer depends on: 554827
Hooray traction on Bug 554827!
(In reply to Richard Newman [:rnewman] from comment #2) > Hooray traction on Bug 554827! Yes, in a couple of weeks I will have time to work on this. If anybody wants to steal this from me, I believe that fixing bug 554827 is the starting point, and that it shouldn't be unintuitive. Steal away!
Whiteboard: [ETA: end of February]
If there's a path that would get this done by Feb 14, that would be fantastic.
Blocks: 955951
Hey Brian -- quick status ping. 13 days ago you said you'd have time to work on this in two weeks. I imagine you haven't started, which is fine, but FYI our code freeze date is March 17th, in 19 working days. Does getting this bug landed in that time frame look doable? Thanks, Sam
Flags: needinfo?(brian)
I'm confused as to why this is not just an instance of WebCrypto (Bug 865789). It doesn't seem like we should implement one API just for this bug, only to have it replaced by the full API. ETA for WebCrypto is still TBD, but could be as soon as March/April.
That is likely the right thing to do for the long run. But for now, a performant pbkdf2 hmac sha256 is required for Firefox Accounts usability on FirefoxOS 1.4, which must be code-complete in about 3.5 weeks.
(In reply to Richard Barnes [:rbarnes] from comment #7) > I'm confused as to why this is not just an instance of WebCrypto (Bug > 865789). It doesn't seem like we should implement one API just for this > bug, only to have it replaced by the full API. ETA for WebCrypto is still > TBD, but could be as soon as March/April. Richard, that would be the best way of doing it, except that this bug has to be fixed in Firefox 29, and we're not going to uplift WebCrypto to Firefox 29. The reason it is required for Firefox 29 is because we have a requirement that the Firefox Accounts feature be in Firefox 29. In that sense, this is not a normal bug.
(In reply to Sam Penrose from comment #6) > Hey Brian -- quick status ping. 13 days ago you said you'd have time to work > on this in two weeks. I imagine you haven't started, which is fine, but FYI > our code freeze date is March 17th, in 19 working days. Does getting this > bug landed in that time frame look doable? Thanks, Sam Hi Sam, as you can see in the status whiteboard, ETA for my part of this is end of February. I believe I will fix my part of this bug (getting the password into NSS, and getting the stretched password/key out of NSS) before then. However, I am not planning to implement the DOM parts of this bug. Please keep that in mind when you are tracking this. It may be a good idea for us to split this bug into two parts: the part I'm working on, and the DOM part that somebody else will do. In fact, I'm going to split this bug that way right now.
Flags: needinfo?(brian)
No longer blocks: 974162
Depends on: 974162
Sam, please find somebody who knows how to do DOM work to take this part of the bug. The NSS-related parts that I'm doing are now bug 974162.
Assignee: brian → nobody
tracking-firefox29: --- → ?
Component: Security: PSM → DOM: Apps
Flags: needinfo?(spenrose)
Summary: NSS implementation of PBKDF2 HMAC SHA256, exposed to JavaScript → Expose the NSS implementation of PBKDF2 HMAC SHA256 from bug 974162 to web content for use by FxAccounts
Target Milestone: --- → mozilla30
Whiteboard: [ETA: end of February]
Will do. Thanks very much Brian.
Flags: needinfo?(spenrose)
Can someone please explain what is requested here? Comment 0 kind of scares me...
Ehsan, I wrote "web content" but I think that is bad wording. Jed, do you need the PKBDF2 function exposed to *web* content, or to *xul* content? Ehsan, this is what your concern is, right?
Flags: needinfo?(jparsons)
(In reply to Brian Smith (:briansmith, was :bsmith; NEEDINFO? for response) from comment #14) > Ehsan, this is what your concern is, right? Exposing this to *web* content. Exposing it to chrome only code is fine.
(In reply to :Ehsan Akhgari (needinfo? me!) (slow responsiveness, emailapocalypse) from comment #15) > (In reply to Brian Smith (:briansmith, was :bsmith; NEEDINFO? for response) > from comment #14) > > Ehsan, this is what your concern is, right? > > Exposing this to *web* content. Exposing it to chrome only code is fine. I had the same concern. I found jedp on IRC, and he assured me that the need is only for chrome.
(In reply to comment #16) > (In reply to :Ehsan Akhgari (needinfo? me!) (slow responsiveness, > emailapocalypse) from comment #15) > > (In reply to Brian Smith (:briansmith, was :bsmith; NEEDINFO? for response) > > from comment #14) > > > Ehsan, this is what your concern is, right? > > > > Exposing this to *web* content. Exposing it to chrome only code is fine. > > I had the same concern. I found jedp on IRC, and he assured me that the need > is only for chrome. Thanks a lot, and sorry for the false alarm! Please carry on.
Changing the title to remove confusions.
Summary: Expose the NSS implementation of PBKDF2 HMAC SHA256 from bug 974162 to web content for use by FxAccounts → Expose the NSS implementation of PBKDF2 HMAC SHA256 from bug 974162 to chrome JS for use by FxAccounts
(In reply to Brian Smith (:briansmith, was :bsmith; NEEDINFO? for response) from comment #14) > Ehsan, I wrote "web content" but I think that is bad wording. > > Jed, do you need the PKBDF2 function exposed to *web* content, or to *xul* > content? > > Ehsan, this is what your concern is, right? This is correct. We would be calling this function from privileged chrome JS code, not content JS. Sorry about the confusion. Specifically, we want to replace services/crypto/modules/utils.js's pbkdf2Generate(). It would be ideal if the function signature of the replacement were similar. I.e., it would allow the caller to specify P, S, c, dkLen, and optionally the hmac alg and hmac length.
Flags: needinfo?(jparsons)
Assignee: nobody → brian
Component: DOM: Apps → Security: PSM
Target Milestone: mozilla30 → 1.4 S2 (28feb)
Backlog - FxAccounts doesn't hit the QC feature list & DSDS feature list, so this doesn't block.
blocking-b2g: 1.4? → backlog
Blocks: 974096
No longer blocks: 955951
Per Jason's flag edit, we do not need this by the 28th. We will let Brian know when we are blocked by this one.
Target Milestone: 1.4 S2 (28feb) → ---
Assignee: brian → nobody
Brian, I guess you won't ask for an uplift for this bug, right? If not, I am going to untrack it for 29. Thanks
Flags: needinfo?(brian)
(In reply to Sylvestre Ledru [:sylvestre] from comment #23) > Brian, I guess you won't ask for an uplift for this bug, right? If not, I am > going to untrack it for 29. Thanks Right.
tracking-firefox29: + → ---
Flags: needinfo?(brian)
Assignee: nobody → jparsons
Will meet with :rbarnes and :spenrose tomorrow to talk about how to go forward
Talked with :spenrose this afternoon. I will check with Wan-Teh on the status of Bug 554827, and make that closes. I'm glad to be a reviewer for this bug.
Assignee: jparsons → spenrose
No longer blocks: 974096, 943521
Jed, Q/A does not currently feel this performance issue is a priority. Are you comfortable with my closing this WONTFIX?
Flags: needinfo?(jparsons)
Suspect that INCOMPLETE is a better resolution, if any. WONTFIX kinda implies that we don't want it, which is the opposite of truth, no? :)
(In reply to Richard Newman [:rnewman] from comment #28) > Suspect that INCOMPLETE is a better resolution, if any. WONTFIX kinda > implies that we don't want it, which is the opposite of truth, no? :) Richard: a fair question, to which I believe the answer is more "no" than "yes". I believe strongly that performance is meaningless outside the context of systems. I believe strongly that some form of whole-system acceptance testing should determine whether we have a performance issue. Currently I believe this responsibility falls generally under Q/A. Jed saw problems months ago on his MBP. I feel strongly that, given anecdotal evidence that we do not have a problem on device today, we should not give the initial case any special weight at all. Conversely, if we do feel there is a performance problem on device (which to my knowledge we do not), we should look at it with fresh eyes, and not assume that it is related to the issue he singles out here. I don't know or much care which resolution status all of that maps to; I care very much that we not invest engineering effort into bugs just because they made sense in another context months ago.
rpappa or njpark, could you get wall clock time on Buri/Flame to submit username:password for signup/signin till the next screen appears. These numbers should drive the decision if performance is within out goals for FxOS. From my own experience signing in, I'm guessing we're at ~2-3s right now on a Buri.
Flags: needinfo?(npark)
In case it's helpful: Bug 998804 just landed, with WebCrypto support for SHA-256. It's currently only exposed to content, but if you could figure out how to expose it to chrome JS, it might let you at least optimize the inner loop of PBKDF2.
On Buri: From the username prompt to the next screen: 3.19 seconds From the password prompt to the next screen: 3.95 seconds On Flame: (on WiFi) From the username prompt to the next screen: 2.55 seconds From the password prompt to the next screen: 1.93 seconds
Flags: needinfo?(npark)
:njpark - thanks so much! I agree with the QA team, that current performance is within our goals. Ideally, product owners should sign off, but I'm OK marking this leave it open/incomplete/defer
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Resolution: FIXED → INCOMPLETE
Flags: needinfo?(jparsons)
blocking-b2g: backlog → ---
tracking-b2g: --- → backlog
You need to log in before you can comment on or make changes to this bug.