Re: [PATCH v2 1-2/2] use ecdh/X25519 from openssl when possible (openssl-1.1.1+)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Suspect you'd get more traction by targeting libressl.  As that is what upstream uses.

Ben

Yuriy M. Kaminskiy wrote on 2/18/19 2:29 PM:
On 17.02.2019 15:46, Yuriy M. Kaminskiy wrote:
See attached:

(1) patch against 7.9p1, tested with openssl 1.1.0j and openssl
1.1.1a on linux/i386; passes regression test and connects to
unpatched sshd without problems;
As ed25519-from-openssl patch came out a bit less convoluted, I've
tried to do same with ecdh/x25519.

So, here are V2:
(1) use openssl-1.1.1a api,
(2) [optional] emulate openssl-1.1.1a api for openssl-1.1.0.

Unfortunately, it was a bit slower (as it needs to (de)serialize
private key):

I hacked a bit regress/unittests/kex, and benchmarked
     do_kex_with_key("curve25519-sha256@xxxxxxxxxx", KEY_ED25519, 256);
Before:
   0.3295s per call
After:>   0.2183s per call
openssl/1.1.0j, curve25519 + ecdsa-sha256 (openssh's builtin eddsa is too slow,
so difference between V1 and V2 is lost in noise, so I replaced ed25519
with ecdsa/p256 for this test)

ecdh/25519 V1:
    0.0185s per call
ecdh/25519 V2:
    0.0205s per call

openssl/1.1.1a, curve25519 + ed25519 (with ed25519 patch)
ecdh/25519 V1:
     0.0115s per call
ecdh/25519 V2:
     0.0131s per call (worse by 14%)

That is, 50% speedup; assuming ed25519 (added to openssl in 1.1.1)
takes about same time as ecdh/x25519, there are potential for total
200% speedup in KEX.

(2) rebased patch against git master; passes regression test;

I relied on presence of NID_X25519 for autodetection; probably it
makes sense to check if is actually working it autoconf; then again,
maybe not (it won't work when cross-compiling anyway).

P.S. given amount of feedback I received so far, it seems everyone
follows motto "it cannot be secure if it is not slow".


_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux