Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP] Uses libnettle as low-level crypto library #3576

Open
wants to merge 17 commits into
base: devel
Choose a base branch
from
Open

[WIP] Uses libnettle as low-level crypto library #3576

wants to merge 17 commits into from
+287 −232

Conversation

jblomer
Copy link
Member

@jblomer jblomer commented Apr 11, 2024
edited

Changes from OpenSSL/LibreSSL to libnettle for libcvmfs_crypto. Libnettle is taken from the system on Linux and vendored for macOS. This PR replaces hashing and symmetric crypto.

For the public-key crypto, it is likely best to still depend on OpenSSL for the I/O of (PEM-)keys and X.509 certificates. For these operations, we can take stock OpenSSL (does not require LibreSSL). The actual RSA operations can also move to nettle.

Add micro benchmarks for RipeMD160 and SHAKE-128 and HMAC-SHA256.

TODOs:

  • Add libnettle to build nodes
  • Add libnettle to build requirements
  • Use libnettle for public-key crypto in signature manager; depends on Overhaul signature manager #3007 and may be best done in a follow-up PR
  • Long-term: work on libnettle support for SHAKE-128 (currently only SHAKE-256 available). Edit: already merged

Based on #3558 (needs to be merged first for the CI to work)

Fixes #3555

@jblomer
Fix missing-libs handling when bootstrapping externals
8e13579 
When stripping existing library names from the "missing-libs" list, it's
bad to have a library called go, which is then stripped from, e.g.,
"googlebench". Rename to golang avoids the ambiguity.
@jblomer
update version of googlbench to 1.5.6
118461a
@jblomer
fix-up ubenchmarks to latest code state
6fa7d52
@jblomer
add micro benchmarks for rmd160 and shake128
c80f178
@jblomer
search for libnettle in cmake configure phase
7cf73d9
@jblomer
link against nettle in libcvmfs_crypto and ubenchmarks
a3efbe2
@jblomer
add micro benchmark for sha256
8fedf0f
@jblomer
add micro benchmark for HMAC-SHA256
930261e
@jblomer
use nettle for hashing
a74d21c
@jblomer
remove libcrypto dependency from ubenchmarks
c0ab3ed
@jblomer
add platform_getrandom()
f30ebce
@jblomer
replace RAND_bytes() by platform_getrandom()
c7ad4bd
@jblomer
remove OpenSSL include from shash
836eede
@jblomer
replace libcrypto by libnettle for symmetric encryption
47e5d9b
@jblomer
vendor libnettle
ff57546
@jblomer
use vendored libnettle if available
0e742b6
@jblomer jblomer requested a review from vvolkl April 11, 2024 11:56
@jblomer jblomer changed the title Uses libnettle as low-level crypto library [WIP] Uses libnettle as low-level crypto library Apr 11, 2024
@cernvm-bot
Copy link
Collaborator

linter finished with errors:

Done procestest/unittests/t_encrypt.cc:149:  At least two spaces is best between code and comments  [whitespace/comments] [2]

@vvolkl vvolkl mentioned this pull request May 21, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vvolkl vvolkl Awaiting requested review from vvolkl

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

libressl sha1 performance regression vs openssl.
2 participants
@jblomer @cernvm-bot