Skip to content

Use output size helpers for cryptographic primitives #82800

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 6, 2023
Merged

Use output size helpers for cryptographic primitives #82800

merged 1 commit into from
Mar 6, 2023

Conversation

@vcsjones
Copy link
Member

This updates a few places that can use algorithm output size helpers.

Closes #67059

@ghost ghost added the area-System.Security label Feb 28, 2023
@ghost ghost assigned vcsjones Feb 28, 2023
@ghost
Copy link

ghost commented Feb 28, 2023

Tagging subscribers to this area: @dotnet/area-system-security, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

This updates a few places that can use algorithm output size helpers.

Closes #67059

Author: vcsjones
Assignees: -
Labels:

area-System.Security
Milestone: -

@vcsjones vcsjones marked this pull request as ready for review February 28, 2023 23:54
@build-analysis build-analysis bot mentioned this pull request Mar 1, 2023
Closed
adamsitnik
adamsitnik approved these changes Mar 1, 2023
View reviewed changes
Copy link
Member

@adamsitnik adamsitnik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thank you @vcsjones !

One day we need to discuss our benchmarks coverage:

https://github.com/dotnet/performance/tree/main/src/benchmarks/micro/libraries/System.Security.Cryptography.Primitives
https://github.com/dotnet/performance/tree/main/src/benchmarks/micro/libraries/System.Security.Cryptography.X509Certificates
https://github.com/dotnet/performance/tree/main/src/benchmarks/micro/libraries/System.Security.Cryptography

This was referenced Mar 1, 2023
Closed
Closed
This was referenced Mar 2, 2023
Open
Closed
stephentoub
stephentoub reviewed Mar 2, 2023
View reviewed changes
src/libraries/Common/src/System/Security/Cryptography/ECDsaCng.SignVerify.cs
// Since it isn't a fatal error to miscalculate the estimatedSize, don't throw an exception. Just truck along.
_ => KeySize / 4,
};
int estimatedSize = GetMaxSignatureSize(DSASignatureFormat.IeeeP1363FixedFieldConcatenation);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this more expensive? The implementation of the method isn't trivial, but maybe it doesn't matter?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe in a micro-benchmark, but ECDSA signing and verifying is going to dominate. For IeeeP1363FixedFieldConcatenation it basically boils down to AsymmetricAlgorithmHelpers.BitsToBytes(KeySize) * 2; Where BitsToBytes just does the "ceiling then divide by 8". I wouldn't be surprised if the JIT inlined BitsToBytes.

@jozkee
Copy link
Member

jozkee commented Mar 6, 2023

System.Net.Http.Json failure is #82918.
System.Net[.Http] failures are most likely instability.
System.Runtime.Tests failure on MacCatalystc says:

[15:00:42] fail: Application test run crashed
                 No test log file was produced

@jozkee jozkee merged commit ef71bb7 into dotnet:main Mar 6, 2023
@vcsjones vcsjones deleted the fix-67059 branch March 6, 2023 21:12
@ghost ghost locked as resolved and limited conversation to collaborators Apr 6, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@stephentoub stephentoub stephentoub left review comments

@adamsitnik adamsitnik adamsitnik approved these changes

@bartonjs bartonjs bartonjs approved these changes

@jozkee jozkee jozkee approved these changes

Assignees

@vcsjones vcsjones

Labels

area-System.Security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Estimated signature size calculation for ECDsa and RSA may be incorrect

5 participants

@vcsjones @jozkee @stephentoub @adamsitnik @bartonjs