[PATCH 0/2] Improve python-libscrypt speed

  • Done
  • quality assurance status badge
Details
2 participants
  • Ludovic Courtès
  • Nicolas Goaziou
Owner
unassigned
Submitted by
Nicolas Goaziou
Severity
normal
N
N
Nicolas Goaziou wrote on 27 Jun 2018 00:24
(address . guix-patches@gnu.org)(name . Nicolas Goaziou)(address . mail@nicolasgoaziou.fr)
20180626222409.3351-1-mail@nicolasgoaziou.fr
The following patches fix a bug in python-libscrypt, which fallbacks to a slow
implementation.

Feedback welcome.

Nicolas Goaziou (2):
gnu: Add libscrypt.
gnu: python-pylibscrypt: Improve speed.

gnu/packages/crypto.scm | 28 ++++++++++++++++++++++++++++
gnu/packages/python-crypto.scm | 21 ++++++++++++++++++---
2 files changed, 46 insertions(+), 3 deletions(-)

--
2.18.0
N
N
Nicolas Goaziou wrote on 27 Jun 2018 00:31
[PATCH 1/2] gnu: Add libscrypt.
(address . 31985@debbugs.gnu.org)(name . Nicolas Goaziou)(address . mail@nicolasgoaziou.fr)
20180626223116.3448-1-mail@nicolasgoaziou.fr
* gnu/packages/crypto.scm (libscrypt): New variable.
---
gnu/packages/crypto.scm | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)

Toggle diff (48 lines)
diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm
index 338db04f5..38befb838 100644
--- a/gnu/packages/crypto.scm
+++ b/gnu/packages/crypto.scm
@@ -9,6 +9,7 @@
;;; Copyright © 2017 Pierre Langlois <pierre.langlois@gmx.com>
;;; Copyright © 2018 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2018 Arun Isaac <arunisaac@systemreboot.net>
+;;; Copyright © 2018 Nicolas Goaziou <mail@nicolasgoaziou.fr>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -478,6 +479,33 @@ utility as a demonstration of the @code{scrypt} key derivation function.
attacks than alternative functions such as @code{PBKDF2} or @code{bcrypt}.")
(license license:bsd-2)))
+(define-public libscrypt
+ (package
+ (name "libscrypt")
+ (version "1.21")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/technion/libscrypt.git")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1d76ys6cp7fi4ng1w3mz2l0p9dbr7ljbk33dcywyimzjz8bahdng"))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:make-flags (list (string-append "PREFIX=" %output)
+ "CC=gcc")
+ #:phases
+ (modify-phases %standard-phases
+ (delete 'configure))))
+ (home-page "https://lolware.net/libscrypt.html")
+ (synopsis "Scrypt shared library")
+ (description "@code{libscrypt} implements @code{scrypt}
+functionality, a replacement for @code{bcrypt}.")
+ (license license:bsd-3)))
+
(define-public perl-math-random-isaac-xs
(package
(name "perl-math-random-isaac-xs")
--
2.18.0
N
N
Nicolas Goaziou wrote on 27 Jun 2018 00:31
[PATCH 2/2] gnu: python-pylibscrypt: Improve speed.
(address . 31985@debbugs.gnu.org)(name . Nicolas Goaziou)(address . mail@nicolasgoaziou.fr)
20180626223116.3448-2-mail@nicolasgoaziou.fr
* gnu/packages/python-crypto.scm (python-pylibscrypt): Use "libscrypt"
implementation instead of "openssl".

"hashlib.scrypt" requires Python 3.6+ and OpenSSL 1.1+. Since Python is built
with OpenSSL 1.0, the library is unavailable. "pylibscrypt" defaults to a slow
pure Python implementation. Instead, rely on the much faster "libscrypt".
---
gnu/packages/python-crypto.scm | 21 ++++++++++++++++++---
1 file changed, 18 insertions(+), 3 deletions(-)

Toggle diff (39 lines)
diff --git a/gnu/packages/python-crypto.scm b/gnu/packages/python-crypto.scm
index 6162fc835..779b86222 100644
--- a/gnu/packages/python-crypto.scm
+++ b/gnu/packages/python-crypto.scm
@@ -884,14 +884,29 @@ through the Engine interface.")
"1b3rgzl6dbzs08vhv41b6y4n5189wv7lr27acxn104hs45745abs"))))
(build-system python-build-system)
(arguments
- `(#:tests? #f)) ;FIXME: unable to find libraries
+ `(#:phases
+ (modify-phases %standard-phases
+ (add-before 'build 'hard-code-path-to-libscrypt
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let ((libscrypt (assoc-ref inputs "libscrypt")))
+ (substitute* "pylibscrypt/pylibscrypt.py"
+ (("find_library\\('scrypt'\\)")
+ (string-append "'" libscrypt "/lib/libscrypt.so'")))
+ #t))))
+ ;; The library can use various scrypt implementations and tests all of
+ ;; them. Since we only provide a single implementation, most tests
+ ;; fail. Simply skip them.
+ #:tests? #f))
+ ;; FIXME: Using "libscrypt" is the second best choice. The best one
+ ;; requires "hashlib.scrypt", provided by Python 3.6+ built with OpenSSL
+ ;; 1.1+. Use that as soon as Guix provides it.
(inputs
- `(("openssl" ,openssl)))
+ `(("libscrypt" ,libscrypt)))
(home-page "https://github.com/jvarho/pylibscrypt")
(synopsis "Scrypt for Python")
(description "There are a lot of different scrypt modules for Python, but
none of them have everything that I'd like, so here's one more. It uses
-hashlib.scrypt on Python 3.6 and OpenSSL 1.1.")
+@code{libscrypt}.")
(license license:isc)))
(define-public python-libnacl
--
2.18.0
L
L
Ludovic Courtès wrote on 2 Jul 2018 17:32
Re: [bug#31985] [PATCH 1/2] gnu: Add libscrypt.
(name . Nicolas Goaziou)(address . mail@nicolasgoaziou.fr)(address . 31985@debbugs.gnu.org)
874lhhfybm.fsf@gnu.org
Nicolas Goaziou <mail@nicolasgoaziou.fr> skribis:

Toggle quote (2 lines)
> * gnu/packages/crypto.scm (libscrypt): New variable.

[...]

Toggle quote (3 lines)
> + (synopsis "Scrypt shared library")

What about “Password hashing library”?

Toggle quote (3 lines)
> + (description "@code{libscrypt} implements @code{scrypt}
> +functionality, a replacement for @code{bcrypt}.")

Could you expound just a little bit?

OK with these changes, thanks!

Ludo’.
L
L
Ludovic Courtès wrote on 2 Jul 2018 17:33
Re: [bug#31985] [PATCH 2/2] gnu: python-pylibscrypt: Improve speed.
(name . Nicolas Goaziou)(address . mail@nicolasgoaziou.fr)(address . 31985@debbugs.gnu.org)
87zhz9ejpr.fsf@gnu.org
Nicolas Goaziou <mail@nicolasgoaziou.fr> skribis:

Toggle quote (7 lines)
> * gnu/packages/python-crypto.scm (python-pylibscrypt): Use "libscrypt"
> implementation instead of "openssl".
>
> "hashlib.scrypt" requires Python 3.6+ and OpenSSL 1.1+. Since Python is built
> with OpenSSL 1.0, the library is unavailable. "pylibscrypt" defaults to a slow
> pure Python implementation. Instead, rely on the much faster "libscrypt".

LGTM. Thanks!

Ludo'.
N
N
Nicolas Goaziou wrote on 2 Jul 2018 23:19
Re: [bug#31985] [PATCH 1/2] gnu: Add libscrypt.
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 31985@debbugs.gnu.org)
87sh51tjy3.fsf@nicolasgoaziou.fr
Hello,

ludo@gnu.org (Ludovic Courtès) writes:

Toggle quote (11 lines)
> Nicolas Goaziou <mail@nicolasgoaziou.fr> skribis:
>
>> * gnu/packages/crypto.scm (libscrypt): New variable.
>
> [...]
>
>> + (home-page "https://lolware.net/libscrypt.html")
>> + (synopsis "Scrypt shared library")
>
> What about “Password hashing library”?

OK.

Toggle quote (5 lines)
>> + (description "@code{libscrypt} implements @code{scrypt}
>> +functionality, a replacement for @code{bcrypt}.")
>
> Could you expound just a little bit?

OK. I used:

@code{libscrypt} implements @code{scrypt} key derivation function.
It is designed to be far more secure against hardware brute-force
attacks than alternative functions such as @code{PBKDF2} or
@code{bcrypt}.

Let me know if that isn't enough (though I wouldn't know what to say in
addition to the above).

Toggle quote (2 lines)
> OK with these changes, thanks!

Applied. Thank you.

Regards,

--
Nicolas Goaziou 0x80A93738
N
N
Nicolas Goaziou wrote on 2 Jul 2018 23:19
Re: [bug#31985] [PATCH 2/2] gnu: python-pylibscrypt: Improve speed.
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 31985-done@debbugs.gnu.org)
87o9fptjxf.fsf@nicolasgoaziou.fr
Hello,

ludo@gnu.org (Ludovic Courtès) writes:

Toggle quote (11 lines)
> Nicolas Goaziou <mail@nicolasgoaziou.fr> skribis:
>
>> * gnu/packages/python-crypto.scm (python-pylibscrypt): Use "libscrypt"
>> implementation instead of "openssl".
>>
>> "hashlib.scrypt" requires Python 3.6+ and OpenSSL 1.1+. Since Python is built
>> with OpenSSL 1.0, the library is unavailable. "pylibscrypt" defaults to a slow
>> pure Python implementation. Instead, rely on the much faster "libscrypt".
>
> LGTM. Thanks!

Applied. Thank you.

Regards,

--
Nicolas Goaziou 0x80A93738
Closed
L
L
Ludovic Courtès wrote on 3 Jul 2018 10:09
Re: [bug#31985] [PATCH 1/2] gnu: Add libscrypt.
(name . Nicolas Goaziou)(address . mail@nicolasgoaziou.fr)(address . 31985@debbugs.gnu.org)
87woucivut.fsf@gnu.org
Hello Nicolas,

Nicolas Goaziou <mail@nicolasgoaziou.fr> skribis:

Toggle quote (10 lines)
> OK. I used:
>
> @code{libscrypt} implements @code{scrypt} key derivation function.
> It is designed to be far more secure against hardware brute-force
> attacks than alternative functions such as @code{PBKDF2} or
> @code{bcrypt}.
>
> Let me know if that isn't enough (though I wouldn't know what to say in
> addition to the above).

LGTM! The guiding principle should be to give enough context to someone
who doesn’t know the package at all to get an idea of what this is
about (info "(guix) Synopses and Descriptions").

Thank you,
Ludo’.
?