-
Notifications
You must be signed in to change notification settings - Fork 625
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add function to verify CertifiedKey consistency #1954
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #1954 /- ##
=======================================
Coverage 94.28% 94.29%
=======================================
Files 97 97
Lines 21818 21841 23
=======================================
Hits 20572 20595 23
Misses 1246 1246 ☔ View full report in Codecov by Sentry. |
Realized I was reviewing at the same time as Ctz so I submitted my partial review :-) I agree with his feedback. |
Some (hopefully helpful) pointers for the failed CI tasks:
|
I'm converting this to a "ready for review" PR, as it's less of a draft now. Questions:
Also: I can tidy up the commits like we did over at rustls/webpki#253. I'll wait for reviews to settle first, though. |
Hmm, yeah, it does seem a little off that if Perhaps it would be better to formulate My thinking is that even when we implement |
@cpu, I took a stab at rewriting the As a dev, I'm unsure if I'd ever handle
I think the design should reflect whether or not this check will happen by default during the creation of a |
Thanks! That looks close to what I was thinking, but I was imagining it wouldn't be a
Yeah :-/ It is awkward throwing a third variant in the mix. If folks don't think my suggestion is a net improvement I'm not tied to it and open to alternatives. My main concern was avoiding a bad encoding error for the case where Maybe if the principle call-site we care about using that fn is going to turn it into an error anyway the default impl should be |
From #1918:
Is this actually what we're doing? Currently this PR actually just does a byte-for-byte comparison of the SPKI data, right? |
I think the core question is the intended behavior for crypto providers that don't implement this. I think in rustls 0.24 we might want to tighten this up to force crypto provider implementers to support this? If that's the case, I think probably it'd make sense to just yield |
Is that your preference? Without strong signal it seems better to follow the plan outlined by Ctz unless there's consensus it isn't the right approach. When that comment was posted I didn't understand the advantages (I'm still not sure I do with crystal clarity). I asked in the Discord thread and Ctz said:
|
Ahh, sorry for potentially derailing this discussion from an agreed upon plan. To be clear, doing this is definitely better than doing nothing. I just think "doing SPKI bytes comparison" is probably a weaker guarantee than if we could ask the crypto provider to do curve/group/whatever magic math thing to check that the keys are actually compatible. |
Agree. @cpu How do you guys feel about the following options to avoid this? Ordered from least to most drastic:
Also open to suggestions! |
@lvkv From my perspective I think Option 1 is probably the most agreeable. Option 2 and 3 will be breaking API changes to the exported |
Option 1 sounds good, maybe we should file an issue with a label to remind ourselves to remove the default impl for the next semver-breaking release? |
I was thinking originally we could call the new consistency API (a) means we can add those calls, and land this PR before writing the wedge of encoding conversion code that would be needed for the impls of SigningKey just in this crate. (b) I think is a tough sell, needing a lot of research. For example, can you get a public key given a windows The other option, of course, is that we don't insert those calls, and leave the API for others to call when they know or expect their |
Right, so I think this probably is the right direction still:
|
@lvkv Apologies, I think we lost some of the earlier momentum we had going here. Have you become busy (very reasonable!) or are there remaining points of uncertainty we should try and hash out to unblock progress? |
Thanks for checking in. I'll be much more available after a few days! (Apartment hunting moving in NYC) |
Coming back to this now! It's not clear to me, based on the discussion above, that there's a consensus yet on what the API for this should look like and why 🙂. One idea to unstick the conversation: how do we feel about merging what we have right now (after cleanup)? I've also just added a commit to bring code coverage up to 100%. The plan would be:
Edit: typo |
Benchmark resultsInstruction countsSignificant differencesThere are no significant instruction count differences Other differencesClick to expand
Wall-timeSignificant differencesClick to expand
Other differencesClick to expand
Additional informationCheckout details:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome! I had a couple suggestions for the commit order/content.
Cool, I'll add these in today |
9109308
to
cd7b3f6
Compare
Home stretch! This one felt a bit slow, so I'm down to increase the pace for whatever work follows this PR |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for all the work on this!
cd7b3f6
to
637f4d1
Compare
751d1da
to
e0ccb07
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice!
e0ccb07
to
c5590ae
Compare
c5590ae
to
1326247
Compare
Using the
subject_public_key_info()
function we added in rustls/webpki#253, this PR:trait SigningKey
that returns itsSubjectPublicKeyInfo
, but only if the implementer opts inCertifiedKey
that verifies the consistency of its public and private keys by comparing the SPKI values of its end-entity cert and its keyThe motivation behind this is to make it possible to verify consistency for public and private keys (#1918).