soter: Support uncompressed EC keys #954
Conversation
I'm going to change things up soon, no longer possible to define private key size as public key size directly.
Due to hysterical raisins, Themis has an extra zero byte in exported private key representation. Currently, we enforce this and reject keys which do not have that byte. However, newer versions will be producing proper keys. Make sure those work, since those are good.
Similarly, Themis always produces compressed public keys, however the underlying implementation for OpenSSL and BoringSSL can accept uncompressed keys without any issues. Allow those as well.
Main user of EC keys are probably Secure Messages. Add a test there to ensure that uncompressed keys keep working. This brings the number of tests to 300.
ilammy
requested review from
vixentael,
Lagovas,
storojs72 and
ignatk
as code owners
I guess Clang wants these rectangles to be as filled as possible?
|
yay, when I saw |
That should be relatively easy to add as well. Update this line: themis/src/soter/openssl/soter_ec_key.c Lines 155 to 160 in 5d4a0b7 and a bunch of others for public key sizes, and the same thing for BoringSSL. Though, I dunno whether it's worth doing, since downstream projects might be hardcoding key sizes and they'd be in for a surprise if the layout changes. Well, they'd have to deal with it when migrating to Themis NG, but that sounds more justified than having to deal with it during run-of-the-mill 0.14 → 0.15 upgrade (if it ever happens, haha). I'm not particularly keen on redesigning key generation API to support this, but maybe some other option will do? Say, How badly do you want time savings from not having to decompress keys? I don't have numbers handy to copypaste them, but my benchmarks show that ECDH outstrips key decompression by quite a large margin. If anything, I'd rather fix Secure Message implementation to avoid doing ECDH twice, which would be much greater boost to performance than generating uncompressed keys – and with zero compatibility concerns. Opinions, @Lagovas, @vixentael? |
|
It was just opinion. I remember, that it is easy to do (same as you described). But not an idea to do as next step.
Yeah, I thought about that approach because it save backward compatibility but allows to turn on manually if you know what to do and what you want.
As I remember, it saved ~30% of time in secure message logic. The most complicated operations in secure message algorithm is decompressing point because deals with big numbers to calculate Y. You do to computation of shared key that uses big nums too. And then using symmetric encryption after KDF to encrypt data using with a shared key. And point decompression looks like expensive operation which can be avoided by spending more storage space. |
+1 to this approach. But I think that we should not change the default settings for the current Themis to avoid backwards compatibility issues, rather just to implement this option for our own needs & compatibility with Themis NG. |
Themis can accept uncompressed public keys already. But it also performs paranoid checks that keys have exactly the size they should have, with all implementation choices and quirks. Newer implementations of Themis avoid those quirks and use uncompressed format for efficiency. Make sure such keys are accepted by this Themis.
Note: Themis still produces compressed keys, as before. However, it is now able to read uncompressed keys produced... elsewhere.
Checklist
Benchmark results are attached(not important)