-
Notifications
You must be signed in to change notification settings - Fork 30.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
benchmark: replace deprecated cipher in cipher-stream.js #26612
Conversation
Be aware that any (valid) cipher name can be passed in, not just the two predefined ones currently in the benchmark file. |
I am not fully understand what's your meaning.Is this PR okay or should I do something ? Can you elaborate on this, thanks. |
@gengjiawen What happens when I pass in |
Can you be more specific how do I improve current code ? Or this change bring too much side effect ? |
I think we probably need some new crypto API exposed that gives useful cipher information like key and block sizes before we can easily modify this test. |
You can already access the key length of symmetric keys when wrapped into a
See e.g., #22304. We have had brief discussions about this before. Such APIs are difficult to design and there is very little need for them outside of our own tests. There is also a security risk involved: Adding such APIs allows people to use arbitrary ciphers interchangeably, at least that's what many will think. In fact, even minor changes can nullify the security of a cryptosystem. We could simply return whatever OpenSSL decided to use as default values. But even then, we will have to carefully design an API. Adding more and more functions to |
I disagree. Again, there are plenty of use cases where ciphers are variable/user-provided and needing to know technical details like key sizes and block lengths are important, especially since you need to know that information to avoid exceptions being thrown by node. If you get an invalid IV length exception for example for some arbitrary, valid cipher name provided by the user, what do you do? Keep passing different-sized IVs until the error goes away to find an acceptable length? That's not particularly user friendly. For example, in This has nothing at all to do with reduced security, it's merely about exposing information about ciphers that OpenSSL already knows. |
I agree with @mscdex 's comments above, and I have also built lookup tables, as he has, for crypto APIs that don't provide the info (albeit in other languages). Providing info on expected lengths doesn't prevent errors in API usage, but forcing people to build their own tables of cryptogragraphic constants sounds even more fraught with possibilities to make mistakes. |
@mscdex @sam-github I get your point. Let's carefully consider options to make this happen or at least easier. Here are some of my concerns:
I honestly don't know. If there is a single valid IV length, you are right, it should be determined automatically. But as I said before, sometimes, there is no single correct choice, many ciphers accept multiple IV lengths. In that case, I'd probably ask the user for the IV size; if they know enough about crypto to pick a cipher for a specific application, then they should also be able to supply its parameters. What would you do? For example, what should the IV size for AES-CCM be? pycryptodome, a popular crypto library, says 11 bytes, a reasonably strong choice. OpenSSL only uses 7 bytes, a much weaker choice, which has the advantage of permitting larger messages to be encrypted. Similar problems arise with authentication tag lengths etc. We would have to decide without knowing what the user is going to do with the cipher. Also, there are API differences for different ciphers. All of the following statements are true for some supported ciphers but not for all:
If you let users pick any valid cipher, you end up with an arbitrary subset of these attributes, and your application needs to somehow consider all of these points and their combinations. |
Not necessarily. I've never seen an end user program that allows you to specify ciphers also require the end user to specify an IV. |
8ae28ff
to
2935f72
Compare
This issue/PR was marked as stalled, it will be automatically closed in 30 days. If it should remain open, please leave a comment explaining why it should remain open. |
This might benefit from #35368. |
given the discussion and time this has been open, is this still something we'd want to consider pursuing? @tniessen @gengjiawen |
I am not quite confident in my crypto knowledge. @BridgeAR Can you help to review this ? Thanks.
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passes