[meta] Integrate verified cryptographic primitives into NSS from the HACL* library
Categories
(NSS :: Libraries, enhancement, P3)
Tracking
(firefox56 unaffected, firefox57 unaffected, firefox58 unaffected)
| Tracking | Status | |
|---|---|---|
| firefox56 | --- | unaffected |
| firefox57 | --- | unaffected |
| firefox58 | --- | unaffected |
People
(Reporter: jcj, Assigned: nkulatova)
References
(Depends on 7 open bugs, )
Details
(Keywords: meta)
|
||
Updated•7 years ago
|
|
|
||
Updated•7 years ago
|
|
|
||
Updated•7 years ago
|
|
|
||
Updated•7 years ago
|
|
Reporter | |
Comment 1•7 years ago
|
||
|
|
||
Updated•5 years ago
|
|
||
Updated•4 years ago
|
|
|
||
Updated•3 years ago
|
|
Assignee | |
Updated•3 years ago
|
|
||
Comment 2•3 years ago
|
||
Hi,
Hi,
I am from IBM and work with George Wilson. I see that bugzilla 1613236 (https://bugzilla.mozilla.org/show_bug.cgi?id=1613236) is dependent on this.
I am curious if the HaCL generated algorithm is good enough now to be pulled into NSS. Or is it pending on more development in hacl side ?
In general, What is the current status ?
Thanks & Regards,
- Nayna
|
|
||
Updated•3 years ago
|
|
|
Assignee | |
Comment 3•3 years ago
|
||
Hello,
Nice to meet you!
Answering your questions:
We consider indeed that the HACL* algorithms could compete with the existing libraries in terms of performance, at the same time providing extremely strong security guarantees. Part of the algorithms we are taking directly from their library (Curve25519, SHA3), whereas some of the code (P256, for instance) is an ongoing development.
In future, we plan to bring RSA-PSS as well. For even longer future, we would like to discuss the post-quantum algorithms, but for now it's an opened question.
Feel free to ping me if you have any other questions, I will be happy to answer (:
|
|
||
Comment 4•3 years ago
|
||
Hi,
Thanks for your response. Nice to meet you too.
Thanks for sharing the details. I do some more questions especially in context of powerpc support for the same.
Powerpc support in hacl-star got added last year - https://github.com/project-everest/hacl-star/blob/master/dist/gcc-compatible/libintvector.h
And if I look at freebl version of libintvector.h (assuming I am looking at right file) - https://hg.mozilla.org/projects/nss/file/tip/lib/freebl/verified/libintvector.h . It seems it is still not having the updated one from hacl-start for powerpc.
So, I am wondering on the plan/status for updating freebl to include hacl-star powerpc support both in context of bugzilla 1613236 (freebl: POWER poly1305 mac vector acceleration) and in general (if I understand right, it will be used for other algos also like ECC). Is it pending on something else to get libintvector.h powerpc support in FreeBL ?
Can you please share details in this context ?
Thanks & Regards,
- Nayna
|
|
Assignee | |
Comment 5•3 years ago
|
||
Yes, the plan is to update NSS the next month in order to support it.
|
|
||
Comment 6•2 years ago
|
||
Hi,
Looking at this file - https://github.com/nss-dev/nss/blob/master/lib/freebl/verified/libintvector.h . It still seems updated 16 months ago and doesn't have PowerPC support.
Is there any change in plan as I think it was going to get updated sometime in last two months ?
Thanks & Regards,
- Nayna
|
|
||
Comment 7•2 years ago
|
||
Hi,
Is there any update on this ?
Thanks & Regards,
- Nayna
|
|
Assignee | |
Updated•2 years ago
|
Description
•