-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Re-write Android PBKDF2 one shot in Java #103016
Conversation
Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones |
/azp list |
This comment was marked as off-topic.
This comment was marked as off-topic.
/azp run runtime-androidemulator |
Azure Pipelines successfully started running 1 pipeline(s). |
...ative/libs/System.Security.Cryptography.Native.Android/net/dot/android/crypto/PalPbkdf2.java
Outdated
Show resolved
Hide resolved
...ative/libs/System.Security.Cryptography.Native.Android/net/dot/android/crypto/PalPbkdf2.java
Outdated
Show resolved
Hide resolved
...ative/libs/System.Security.Cryptography.Native.Android/net/dot/android/crypto/PalPbkdf2.java
Outdated
Show resolved
Hide resolved
/azp run runtime-androidemulator |
Azure Pipelines successfully started running 1 pipeline(s). |
/cc @simonrozsival |
If anyone with an Android focus wants to speak up before merge (including "please wait until [a specific deadline]"), please do so before noonishly tomorrow (Redmond time). So, consider this a 20 hour impending merge notice 😄 |
Context: dotnet/runtime#103016 Context: dotnet/runtime#103337 In dotnet/runtime we are adding a few more Java classes to assist with .NET crypto. One was added in dotnet/runtime#103016, and another may be added in dotnet/runtime#103337. This PR changes ProGuard to keep all of the classes in this package rather than individually adding them. Co-authored-by: Alexander Köplinger <alex.koeplinger@outlook.com>
This re-writes the
Pbkdf2
one shot from .NET primitives to Java to improve performance.PBKDF2 works by doing many HMAC calls, anywhere from thousands to hundreds of thousands or even millions. With the managed implementation, each HMAC invocation incurs small overhead, but with the number of them needed, it adds up.
SetByteArrayRegion
) and data out (GetByteArrayRegion
) between JNI and .NET.The Java VM itself is allocating potentially millions of byte arrays during this process.
Building off of #77386, now that we have the ability to write real Java, this re-writes the PBKDF2 implementation for Android in Java. This
doFinal
can write to an existing buffer. So instead of creating tons of small byte arrays and copying them in and out, the Java implementation only needs to allocate two buffers (u
andu-previous
in PBKDF2 terms) and a Java buffer of the final result to get the array back over to JNI.Performance improvements are favorable for small and large work factors.
For SHA-2-256 with a 64-byte output:
Closes #102406