Skip to content

Validate key sizes and allow signing with empty public keys#159

Merged
SteveLasker merged 3 commits intomainfrom
keyapiimpr
Jul 19, 2023
Merged

Validate key sizes and allow signing with empty public keys#159
SteveLasker merged 3 commits intomainfrom
keyapiimpr

Conversation

@qmuntal
Copy link
Copy Markdown
Member

@qmuntal qmuntal commented Jul 12, 2023

This PR adds the following features:

  • Validate that the x, y and d parameters for OKP and EC2 keys have the right size.
  • Recompute the x and y for OKP and EC in case they are omitted, which is allowed by the COSE spec.

@codecov
Copy link
Copy Markdown

codecov bot commented Jul 12, 2023
edited
Loading

Codecov Report

Merging #159 (fae3330) into main (bfe4717) will decrease coverage by 0.11%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             main     #159      +/-   ##
==========================================
- Coverage   93.48%   93.38%   -0.11%     
==========================================
  Files          11       11              
  Lines        1658     1678      +20     
==========================================
+ Hits         1550     1567      +17     
- Misses         75       78       +3     
  Partials       33       33
Impacted Files Coverage Δ
key.go 95.90% <100.00%> (+0.13%) ⬆️

... and 1 file with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

setrofim
setrofim approved these changes Jul 12, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@setrofim setrofim left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome!

thomas-fossati
thomas-fossati approved these changes Jul 13, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@thomas-fossati thomas-fossati left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Base automatically changed from keyapinew to main July 13, 2023 06:07
qmuntal added 2 commits July 13, 2023 08:57
@qmuntal
validate key sizes and allow empty public keys
377ee80 
Signed-off-by: qmuntal <qmuntaldiaz@microsoft.com>
@qmuntal
consolidate Key.validate errors
f02809a 
Signed-off-by: qmuntal <qmuntaldiaz@microsoft.com>
@OR13
Copy link
Copy Markdown
Contributor

OR13 commented Jul 14, 2023

I looked at this, I agree its important to do, seems to be done correctly, but I am not a reliable CR for golang.

@SteveLasker
Copy link
Copy Markdown
Contributor

SteveLasker commented Jul 14, 2023

@yogeshbdeshpande, @shizhMSFT can you PTAL

shizhMSFT
shizhMSFT reviewed Jul 17, 2023
View reviewed changes
key.go
// see https://www.rfc-editor.org/rfc/rfc8152#section-13.2
if len(x) == 0 {
return nil, ErrOKPNoPub
return ed25519.NewKeyFromSeed(d), nil
Copy link
Copy Markdown
Contributor

@shizhMSFT shizhMSFT Jul 17, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have a general question here: What does d mean for Ed25519 in terms of OKP? Is it private key or seed?

RFC 8152 13.2 says that

d: This contains the private key.

Copy link
Copy Markdown
Contributor

@OR13 OR13 Jul 17, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

d is a private key component of a crv, but my understanding of the specs is that it can be anything sufficiently random... so in the case that you derive a seed from a mnemonic or other details, you might use the seed as the private key... thats all super dangerous stuff... and I don't think any of it is relevant to COSE.

Copy link
Copy Markdown
Member Author

@qmuntal qmuntal Jul 18, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The function name is a little misleading. Its documentation is more interesting:

NewKeyFromSeed calculates a private key from a seed. It will panic if len(seed) is not SeedSize. This function is provided for interoperability with RFC 8032. RFC 8032's private keys correspond to seeds in this package.

RFC8152 8.2 says that EdDSA curves should be implemented following RFC8032, so my understanding is that it is safe to use NewKeyFromSeed here.

@qmuntal
set EC2 key x/y capacity when marshaling
fae3330 
Signed-off-by: qmuntal <qmuntaldiaz@microsoft.com>
yogeshbdeshpande
yogeshbdeshpande approved these changes Jul 19, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@yogeshbdeshpande yogeshbdeshpande left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@SteveLasker SteveLasker merged commit ec64bcb into main Jul 19, 2023
@qmuntal qmuntal deleted the keyapiimpr branch July 19, 2023 14:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@OR13 OR13 OR13 approved these changes

@shizhMSFT shizhMSFT shizhMSFT left review comments

@setrofim setrofim setrofim approved these changes

@thomas-fossati thomas-fossati thomas-fossati approved these changes

@yogeshbdeshpande yogeshbdeshpande yogeshbdeshpande approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@qmuntal @OR13 @SteveLasker @setrofim @thomas-fossati @yogeshbdeshpande @shizhMSFT