Skip to content

lib: Allow ID_CRED_I to be a value#267

Merged
geonnave merged 7 commits intolake-rs:mainfrom
chrysn-pull-requests:cred-by-value
May 15, 2024
Merged

lib: Allow ID_CRED_I to be a value#267
geonnave merged 7 commits intolake-rs:mainfrom
chrysn-pull-requests:cred-by-value

Conversation

@chrysn
Copy link
Copy Markdown
Member

@chrysn chrysn commented May 14, 2024

Currently, EDHOC panics when attempting to use use a credential by value in CRED_I.

This fixes this, mainly by copying code from the CRED_R case where that was already supported.

@chrysn chrysn marked this pull request as draft May 14, 2024 14:01
@chrysn chrysn marked this pull request as ready for review May 14, 2024 14:22
chrysn added 2 commits May 14, 2024 16:27
@chrysn
lib: Allow ID_CRED_I to be a value
18ff527
@chrysn
ID_CRED_x: refactor writing into message
f734a5a 
This converts corner cases that would have previously resulted in a
panic or garbled CBOR into EDHOC errors.
@chrysn
Copy link
Copy Markdown
Member Author

chrysn commented May 14, 2024

Note that this is not quite trivial to test because using the test vector credential by value (it is relatively long given we use p256 and not x25519, and on top of that has a serial number in it) exceeds the 256 default length by some bytes.

@chrysn
Copy link
Copy Markdown
Member Author

chrysn commented May 14, 2024
edited
Loading

I think this is showing a few cases where instead of doing CBOR encoding there is the tacit assumption that a byte value is just CBOR_MAJOR_BYTE_STRING ^ value :-/

    output.content[0] = CBOR_MAJOR_BYTE_STRING | (plaintext_3.len + AES_CCM_TAG_LEN) as u8; // FIXME if plaintext_3.len + AES_CCM_TAG_LEN > 23, then should use CBOR_BYTE_STRING

@chrysn
Copy link
Copy Markdown
Member Author

chrysn commented May 14, 2024

I've added a crude CBOR dissection for the message 3 lengths, and adjusted the Python tests so that different variations are run. I didn't quickly find where else we had that kind of CBOR processing -- refactoring would be welcome, but getting this out with the next release might be more urgent than doing this cleanly.

geonnave
geonnave reviewed May 15, 2024
View reviewed changes
geonnave
geonnave reviewed May 15, 2024
View reviewed changes
geonnave
geonnave reviewed May 15, 2024
View reviewed changes
geonnave
geonnave reviewed May 15, 2024
View reviewed changes
geonnave
geonnave reviewed May 15, 2024
View reviewed changes
@geonnave
Copy link
Copy Markdown
Collaborator

geonnave commented May 15, 2024

Thanks for the PR. Left a few comments.

I agree that the CBOR encoding could be improved.

@chrysn
Copy link
Copy Markdown
Member Author

chrysn commented May 15, 2024

Thanks for the review, I think all are addressed in some way or other.

@geonnave
Copy link
Copy Markdown
Collaborator

geonnave commented May 15, 2024

Yep good on my side. Merging as CI passes.

@geonnave geonnave merged commit 7c54187 into lake-rs:main May 15, 2024
@geonnave geonnave deleted the cred-by-value branch May 15, 2024 09:19
@geonnave geonnave restored the cred-by-value branch May 15, 2024 09:19
@chrysn chrysn deleted the cred-by-value branch May 15, 2024 09:20
This was referenced May 16, 2024
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@geonnave geonnave geonnave left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@chrysn @geonnave