Skip to content

HSMSigner: Use pre-hashing#548

Merged
lukpueh merged 1 commit intosecure-systems-lab:mainfrom
jku:softhsm-automation
Mar 23, 2023
Merged

HSMSigner: Use pre-hashing#548
lukpueh merged 1 commit intosecure-systems-lab:mainfrom
jku:softhsm-automation

Conversation

@jku
Copy link
Copy Markdown
Collaborator

@jku jku commented Mar 23, 2023
edited
Loading

This PR was previously only for SoftHSM, I have extended it so all signing now uses pre-hashing

Two benefits:

  • It's faster: devices like Yubikeys don't like being fed massive
    payloads. signing time for 100MB payload goes from 29 secs to
    0.4 secs on my USB A hardware key
  • Testing becomes simpler: SoftHSM only supports pre-hashing so the
    tests needed a mock patch to handle that specifically. This is a
    bit of a pain for applications.

So:

  • Use PyKCS11.CKM_ECDSA mechanism for both supported schemes
  • Hash the payload according to scheme, and feed HW the hash instead
    of the full payload
  • Remove the test patching

@jku jku marked this pull request as draft March 23, 2023 13:10
@jku jku force-pushed the softhsm-automation branch 2 times, most recently from 85adbc3 to c1aff18 Compare March 23, 2023 13:28
@jku
Copy link
Copy Markdown
Collaborator Author

jku commented Mar 23, 2023

I just tested the speed differences and the pre-hashing is so much faster that I'll expand this PR: let's pre-hash everything instead of just softhsm payloads

@jku jku force-pushed the softhsm-automation branch from c1aff18 to 99506e1 Compare March 23, 2023 14:11
@jku jku changed the title HSMSigner: Move the SoftHSM special case into the signer HSMSigner: Use pre-hashing Mar 23, 2023
@jku
HSMSigner: Use pre-hashing
159ab53 
Two benefits:
* It's faster: devices like Yubikeys don't like being fed massive
  payloads. signing time for 100MB payload goes from 29 secs to
  0.4 secs on my USB A hardware key
* Testing becomes simpler: SoftHSM only supports pre-hashing so the
  tests needed a mock patch to handle that specifically. This is a
  bit of a pain for applications.

So:
* Use PyKCS11.CKM_ECDSA mechanism for both supported schemes
* Hash the payload according to scheme, and feed HW the hash instead
  of the full payload
* Remove the test patching
@jku jku force-pushed the softhsm-automation branch from 99506e1 to 159ab53 Compare March 23, 2023 14:17
@jku
Copy link
Copy Markdown
Collaborator Author

jku commented Mar 23, 2023
edited
Loading

The potential impact of this is that we now expect hardware to support the pre-hashing mechanism whereas before we expected the hardware to support the two other mechanisms... I don't think we have a lot of insight into what actual devices out there support: Yubikey at least works both ways.

@jku jku marked this pull request as ready for review March 23, 2023 14:29
@jku jku requested a review from lukpueh March 23, 2023 14:29
@lukpueh
Copy link
Copy Markdown
Member

lukpueh commented Mar 23, 2023

The potential impact of this is that we now expect hardware to support the pre-hashing mechanism whereas before we expected the hardware to support the two other mechanisms... I don't think we have a lot of insight into what actual devices out there support: Yubikey at least works both ways.

Given the insight we have, this is is definitely an improvement. If we learn later that we need a fallback in either direction, we can start asking the devices for the mechanism they support and handle appropriately.

@lukpueh lukpueh merged commit 5e388f4 into secure-systems-lab:main Mar 23, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lukpueh lukpueh lukpueh approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jku @lukpueh