25519 support in openssl #46
Comments
|
Please take console and mobile platforms into consideration with these changes. I'm not sure what kind of restrictions they have over crypto but it may require using their crypto libraries? I do know they require it to varying degrees for basically all communication at this point. Edit: Oh, the next tab I opened: #45 👍 |
The basic change is that the base class will no longer store the raw key bytes in a buffer. Instead, we have virtual functions to get and set the raw bytes, with the storage being specific to the key type and crypto provider. The main purpose of these changes is to make it easier to get 25519 working in OpenSSL and bcrypt. NOTE: This broke libsodium support. We could fix it. But I'm not sure we want to support libsodium or not. If we support it, we should support it for all crypto needs, including per-packet encryption. And that means accepting the 12-byte IV and 16-byte tag. If that's what TLS does, there is some potential advantage to doing exactly what TLS does. At the same time, I don't add 12 bytes to every packet lightly. Reorganize 25519 files, made a placeholder for OpenSSL with a bunch of FIXMEs. (Working on issue #46.) Also, deleted RSA key support, since we don't need it for thiis project.
|
Refactored some stuff, should be much more straightforward to do this now. These functions would be relevant. This means we would require OpenSSL 1.1. (Or we could support older OpenSSL, using the existing Donna support? I kind of wanna delete all that code, though.) |
|
Welp, I implemented all the functions in crypto_25519_openssl.cpp, but it's not working. EVP_PKEY_get_raw_public_key is failing. I need to actually step into OpenSSL, and I don't want to go through the work to get all that setup right now. I need to go back to actually shipping this in Steam. If anybody else wants to poke at this, go for it! I'll come back to this later. |
|
This is now implemented! It will automatically use OpenSSL if available, and fall back to building with the reference implementations in src/external/ if not. |
We need to get openssl to be able to do the 25519 key exchange and signing and verification. This would enable us to delete our current custom code (which is fine, but not as fast as openssl or as closely scrutinized) and do everything with a single crypto provider.
If we use AES-GCM we could do everything with libsodium. That'd be fine, too. The main thing is to make it so that you can link with a single, standard crypto provider. (And not have any of our custom crypto code.). It might be easier to use libsodium for everything, including in steam. Upgrading openssl in the steam code is probably going to introduce a lot of complexities.
The text was updated successfully, but these errors were encountered: