Expose and report EC curve field degrees#29539
Expose and report EC curve field degrees#29539vdukhovni wants to merge 1 commit intoopenssl:masterfrom
Conversation
github-actions
bot
added
severity: fips change
beldmit
added
branch: master
|
Do we need a similar change for EdDSA curves? |
|
Hi,
На 3.01.26 г. в 13:18, Viktor Dukhovni написа:
Instead of reporting the bit count of the group order, report the field degree (matching any size number in the curve's name) and the symmetric-equivalent security-bits (adjusted down the the standard numbers (80, 112, 128, 192, 256).
Also expose the field degree as a gettable parameter, and add a getter for the EC_GROUP security bits.
Fixes: #29532
[SNIP]
I would like to propose existing output lines to keep as is.
Long story, but "printed" information could be the only way to know details for "externally managed keys".
Please output new details on new line.
Perhaps "print" could write NIST security category(level) it is not in output yet. But this looks like general requirement for all key types.
Roumen
|
The original (now modified) output was a throw-away comment
That's a separate issue. There isn't presently a natural place to place such additional commentary, so a comment right after the key type is where it goes. It appears you're saying that this belongs across key types, that may be reasonable, but the |
| /* | ||
| * The following estimates are based on the values published | ||
| * in Table 2 of "NIST Special Publication 800-57 Part 1 Revision 4" | ||
| * at http://dx.doi.org/10.6028/NIST.SP.800-57pt1r4 . | ||
| * | ||
| * Note that the above reference explicitly categorizes algorithms in a | ||
| * discrete set of values {80, 112, 128, 192, 256}, and that it is | ||
| * relevant only for NIST approved Elliptic Curves, while OpenSSL | ||
| * applies the same logic also to other curves. | ||
| * | ||
| * Classifications produced by other standardazing bodies might differ, | ||
| * so the results provided for "bits of security" by this provider are | ||
| * to be considered merely indicative, and it is the users' | ||
| * responsibility to compare these values against the normative | ||
| * references that may be relevant for their intent and purposes. | ||
| */ |
There was a problem hiding this comment.
I would put the first paragraph of this comment into EC_GROUP_security_bits ... which is where the code is now moved to be in a single location ... a good cleanup - but the comment is useful (to me at least). I would drop the last paragraph however - that looks more like something for end user documentation rather than a code comment which is not going to be seen by any user of the capability ...
t-j-h
left a comment
t-j-h
left a comment
There was a problem hiding this comment.
The commit text should be adjusted to note it is adding a parameter to report the field degree (and then using it to change the text output).
Note I think the current output is not useful for users (it is not what the user would immediately think it might be and it is wrong more than it is right for user usage).
t-j-h
added
approval: done
|
Note I do not think this should be merged as yet even though it has the necessary approvals - but I am not placing any hold as this follows our current process (only two approvals required). There should be broader discussion on this change as we don't want to merge a change and then back it out if the consensus view differs. I suggest anyone interested in this carefully read through the summary of what the current output is and how it is not what the user would expect and it not particularly useful. This change returns something the user can related to (the degree which is in the name) and also the security bits which is an addition I think we should place in all of the output formats to encourage awareness and use of that value. |
Expose the EC field degree as a gettable parameter for both provided and legacy EC keys. In the latter case, drop a spurious assertion, since even in debug builds an application may try to get an unknown parameter, and this should return an error rather than abort. In the EC `TEXT` encoding format, instead of reporting the bit count of the group order, report the field degree (which matches the size number in the curve's name when present) and also the symmetric-equivalent security-bits (adjusted down the the standard numbers (80, 112, 128, 192, 256). Along the way, add a missing getter method for the EC_GROUP security bits.
vdukhovni
changed the title
t-j-h
left a comment
t-j-h
left a comment
There was a problem hiding this comment.
Still approved - changes are cosmetic only - so leaving approved.
mbroz
left a comment
mbroz
left a comment
There was a problem hiding this comment.
Just reading through the whole story...
Definitely it should avoid changing any existing value in output, so if current text output is explicitely changed to "%d bit field, %d bit security level" it is IMO the best option.
|
24 hours has passed since 'approval: done' was set, but as this PR has been updated in that time the label 'approval: ready to merge' is not being automatically set. Please review the updates and set the label manually. |
github-project-automation
bot
moved this from Waiting Review
to Waiting Merge
in Development Board
|
So I'm wondering if we should do the same for something like RSA keys. That currently returns something like: "Private-Key: (2048 bit, 2 primes)" |
paulidale
left a comment
paulidale
left a comment
There was a problem hiding this comment.
LGTM.
I'm okay with the output text change. It's breaking but that's what major versions are for and this is an improvement.
t8m
added
triaged: feature
|
I guess this can be set ready for merge as the last approval was a week ago. |
jogme
added
approval: ready to merge
Expose the EC field degree as a gettable parameter for both provided and legacy EC keys. In the latter case, drop a spurious assertion, since even in debug builds an application may try to get an unknown parameter, and this should return an error rather than abort. In the EC `TEXT` encoding format, instead of reporting the bit count of the group order, report the field degree (which matches the size number in the curve's name when present) and also the symmetric-equivalent security-bits (adjusted down the the standard numbers (80, 112, 128, 192, 256). Along the way, add a missing getter method for the EC_GROUP security bits. Reviewed-by: Kurt Roeckx <[email protected]> Reviewed-by: Tim Hudson <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> MergeDate: Thu Jan 15 16:10:26 2026 (Merged from #29539)
|
pushed to master branch as e57f7941af |
github-project-automation
bot
moved this from Waiting Merge
to Done
in Development Board
11 participants
Instead of reporting the bit count of the group order, report the field degree (matching any size number in the curve's name) and the symmetric-equivalent security-bits (adjusted down the the standard numbers (80, 112, 128, 192, 256).
Also expose the field degree as a gettable parameter, and add a getter for the EC_GROUP security bits.
Fixes: #29532
Checklist