Skip to content

Use more RustCrypto #328

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Jul 2, 2021
Merged

Use more RustCrypto #328

merged 9 commits into from
Jul 2, 2021

Conversation

jrose-signal
Copy link
Contributor

@jrose-signal jrose-signal commented Jun 22, 2021
edited
Loading

Now that RustCrypto crates support runtime-detected ARMv8 and x86_64 crypto intrinsics, we don't need our own implementations of AES to get good performance.* We still have our own wrapper for AES-256-CTR, and we have a streaming version of AES-256-GCM, but overall this makes the signal-crypto crate a lot smaller.

This is a lot of changes for one PR, but that's because our PR tests ensure that Cargo doesn't include two incompatible versions of a dependency in the output binary. This means that in order to pick up the new version of the aead crate, I had to remove all uses of the old version.

* blocked on RustCrypto/utils#435 getting into a release done!

@jrose-signal jrose-signal force-pushed the jrose/use-more-RustCrypto branch from aa35f0e to 197f05a Compare June 22, 2021 17:18
@jrose-signal
Copy link
Contributor Author

Nice side benefit:

current build is -7% larger than v0.8.1 (current: 1870912 bytes, v0.8.1: 2030936 bytes)
       0.2.2: ************** (1382592 bytes)
       0.2.3: *************** (1489088 bytes)
       0.3.4: ******************* (1949016 bytes)
       0.4.0: ******************* (1973592 bytes)
       0.5.0: ******************* (1973592 bytes)
       0.5.1: ******************* (1969496 bytes)
       0.6.0: ******************** (1998168 bytes)
       0.7.0: ******************** (2030936 bytes)
       0.8.0: ******************** (2030936 bytes)
       0.8.1: ******************** (2030936 bytes)
     current: ****************** (1870912 bytes)

@jrose-signal jrose-signal mentioned this pull request Jun 22, 2021
Closed
@jrose-signal
Copy link
Contributor Author

Oh, looks like the benefit all came from bumping the toolchain version, and this actually increases the size a little (1,858,608 to 1,870,912). Oh well.

@jrose-signal
protocol: Use RustCrypto's AES-GCM-SIV instead of our own
1a05d5c 
Now that RustCrypto aes-gcm-siv supports runtime-detected ARMv8 and
x86_64 crypto intrinsics, we don't need our own implementation, which
will be removed from signal-crypto in a later commit.
@jrose-signal
Update aes and block_modes crates to match aes-gcm-siv's dependencies
59974cf 
Also turn on the AES crate's use of ARMv8 intrinsics
@jrose-signal
Bridge: expose RustCrypto's AES-GCM-SIV instead of our own
d72047a 
Same as before, but for the wrapper exposed to the app languages.
@jrose-signal
crypto: Remove AES-GCM-SIV implementation
05da19f
@jrose-signal
FFI: remove clone capability from AES bridge objects
7905bd7 
This was never exposed in Swift, so there's no effective change.
@jrose-signal
crypto: Use RustCrypto's AES and AES-CTR implementations
92a40ce 
The signal-crypto struct Aes256Ctr32 is still useful because we use a
different nonce size than RustCrypto's "full block", and we provide a
convenience constructor to specify an initial counter value.
@jrose-signal
crypto: Use RustCrypto's GHash as well
6a73e50
@jrose-signal
crypto: Remove unused dependencies
4394d74
@jrose-signal
FFI: Depend on cpufeatures 0.1.5 to ensure iOS gets optimized crypto
4519eb4
@jrose-signal jrose-signal force-pushed the jrose/use-more-RustCrypto branch from 8316a22 to 4519eb4 Compare July 1, 2021 20:49
jim-signal
jim-signal reviewed Jul 2, 2021
View reviewed changes
java/java/src/main/java/org/signal/internal/Native.java
@@ -86,7 +86,7 @@ private Native() {}

public static native byte[] Aes256GcmSiv_Decrypt(long aesGcmSiv, byte[] ctext, byte[] nonce, byte[] associatedData);
public static native void Aes256GcmSiv_Destroy(long handle);
public static native byte[] Aes256GcmSiv_Encrypt(long aesGcmSiv, byte[] ptext, byte[] nonce, byte[] associatedData);
public static native byte[] Aes256GcmSiv_Encrypt(long aesGcmSivObj, byte[] ptext, byte[] nonce, byte[] associatedData);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why the Obj naming here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It comes from the Rust source, which renamed a parameter named aes_gcm_siv so that it wouldn't shadow the package name.

@jrose-signal jrose-signal merged commit b00c2e3 into master Jul 2, 2021
@jrose-signal jrose-signal deleted the jrose/use-more-RustCrypto branch July 2, 2021 21:39
@jrose-signal jrose-signal mentioned this pull request Jul 3, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jim-signal jim-signal jim-signal approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jrose-signal @jim-signal