Speed up KDF

2025-12-14 23:33:41 +00:00 · 2025-07-31 16:39:12 +02:00
parent 3132e09e21
commit 3ad308138e
7 changed files with 23 additions and 19 deletions
--- a/test/Api.IntegrationTest/AdminConsole/Controllers/OrganizationUsersControllerPerformanceTests.cs
+++ b/test/Api.IntegrationTest/AdminConsole/Controllers/OrganizationUsersControllerPerformanceTests.cs
@@ -1,7 +1,7 @@
 using System.Net;
 using System.Net.Http.Headers;
 using Bit.Api.IntegrationTest.Factories;
-using Bit.Infrastructure.EntityFramework.Models;
+using Bit.Core.Entities;
 using Bit.Seeder.Recipes;
 using Microsoft.AspNetCore.Identity;
 using Xunit;
@@ -11,7 +11,7 @@ namespace Bit.Api.IntegrationTest.AdminConsole.Controllers;

 public class OrganizationUsersControllerPerformanceTest(ITestOutputHelper testOutputHelper)
 {
-    [Theory()]
+    [Theory(Skip = "Performance test")]
    [InlineData(100)]
    [InlineData(60000)]
    public async Task GetAsync(int seats)
@@ -25,7 +25,7 @@ public class OrganizationUsersControllerPerformanceTest(ITestOutputHelper testOu

        var orgId = seeder.Seed("Org", seats, "large.test");

-        var tokens = await factory.LoginAsync("admin@large.test", "c55hlJ/cfdvTd4awTXUqow6X3cOQCfGwn11o3HblnPs=");
+        var tokens = await factory.LoginAsync("admin@large.test", "bSHqHVEoRiTtaKuHNQv7R3NR1RulppzZrwMO7E2YsEI=");
        client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token);

        var stopwatch = System.Diagnostics.Stopwatch.StartNew();
--- a/util/DbSeederUtility/Program.cs
+++ b/util/DbSeederUtility/Program.cs
@@ -1,4 +1,4 @@
-using Bit.Infrastructure.EntityFramework.Models;
+using Bit.Core.Entities;
 using Bit.Infrastructure.EntityFramework.Repositories;
 using Bit.Seeder.Recipes;
 using CommandDotNet;
--- a/util/RustSdk/RustSdk.csproj
+++ b/util/RustSdk/RustSdk.csproj
@@ -10,17 +10,17 @@
  </PropertyGroup>

  <ItemGroup>
-    <Content Include="rust/target/debug/libsdk.dylib">
+    <Content Include="rust/target/release/libsdk.dylib">
      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
      <PackageCopyToOutput>true</PackageCopyToOutput>
      <Link>runtimes/osx-arm64/native/libsdk.dylib</Link>
    </Content>
-    <Content Include="./rust/target/debug/libsdk.so">
+    <Content Include="./rust/target/release/libsdk.so">
      <PackageCopyToOutput>true</PackageCopyToOutput>
    </Content>
-    <Content Include="./rust/target/debug/libsdk.dll">
+    <Content Include="./rust/target/release/libsdk.dll">
      <PackageCopyToOutput>true</PackageCopyToOutput>
    </Content>
  </ItemGroup>

-</Project>
+</Project>
--- a/util/RustSdk/rust/Cargo.toml
+++ b/util/RustSdk/rust/Cargo.toml
@@ -20,3 +20,14 @@ serde_json = "=1.0.141"

 [build-dependencies]
 csbindgen = "=1.9.3"
+
+# Compile all dependencies with some optimizations when building this crate on debug
+# This slows down clean builds by about 50%, but the resulting binaries can be orders of magnitude faster
+# As clean builds won't occur very often, this won't slow down the development process
+[profile.dev.package."*"]
+opt-level = 2
+
+[profile.release]
+codegen-units = 1
+lto = true
+opt-level = 3
--- a/util/RustSdk/rust/src/lib.rs
+++ b/util/RustSdk/rust/src/lib.rs
@@ -11,11 +11,6 @@ use bitwarden_crypto::{
    SpkiPublicKeyBytes, SymmetricCryptoKey, UnsignedSharedKey, UserKey,
 };

-#[no_mangle]
-pub extern "C" fn my_add(x: i32, y: i32) -> i32 {
-    x + y
-}
-
 #[no_mangle]
 pub unsafe extern "C" fn generate_user_keys(
    email: *const c_char,
@@ -23,7 +18,7 @@ pub unsafe extern "C" fn generate_user_keys(
 ) -> *const c_char {
    // TODO: We might want to make KDF configurable in the future.
    let kdf = Kdf::PBKDF2 {
-        iterations: NonZeroU32::new(600_000).unwrap(),
+        iterations: NonZeroU32::new(5_000).unwrap(),
    };

    let email = CStr::from_ptr(email).to_str().unwrap();
--- a/util/Seeder/Factories/UserSeeder.cs
+++ b/util/Seeder/Factories/UserSeeder.cs
@@ -1,5 +1,4 @@
 using Bit.Core.Enums;
-using Bit.Core.Services;
 using Bit.Infrastructure.EntityFramework.Models;
 using Bit.RustSDK;
 using Microsoft.AspNetCore.Identity;
@@ -9,7 +8,7 @@ namespace Bit.Seeder.Factories;
 public class UserSeeder
 {

-    public static (User user, string userKey) CreateUser(IPasswordHasher<User> passwordHasher, string email)
+    public static (User user, string userKey) CreateUser(IPasswordHasher<Bit.Core.Entities.User> passwordHasher, string email)
    {
        var nativeService = RustSdkServiceFactory.CreateSingleton();
        var keys = nativeService.GenerateUserKeys(email, "asdfasdfasdf");
@@ -26,7 +25,7 @@ public class UserSeeder
            ApiKey = "7gp59kKHt9kMlks0BuNC4IjNXYkljR",

            Kdf = KdfType.PBKDF2_SHA256,
-            KdfIterations = 600_000,
+            KdfIterations = 5_000,
        };

        user.MasterPassword = passwordHasher.HashPassword(user, keys.MasterPasswordHash);
--- a/util/Seeder/Recipes/OrganizationWithUsersRecipe.cs
+++ b/util/Seeder/Recipes/OrganizationWithUsersRecipe.cs
@@ -1,5 +1,4 @@
-using Bit.Core.Services;
-using Bit.Infrastructure.EntityFramework.Models;
+using Bit.Core.Entities;
 using Bit.Infrastructure.EntityFramework.Repositories;
 using Bit.Seeder.Factories;
 using LinqToDB.EntityFrameworkCore;