Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for compressed and X.509 public key format #498

Merged
merged 3 commits into from
Aug 22, 2024
Merged

Support for compressed and X.509 public key format #498

merged 3 commits into from
Aug 22, 2024

Conversation

skmcgrail
Copy link
Member

Description of changes:

  • Support for serializing ECDSA and ECDH keys in compressed and uncompressed EC point octet format, and support for X.509 SubjectPublicKeyInfo format.
  • Support for parsing ECDSA and ECDH keys that may be in compressed, uncompressed, or X.509 format. First attempting to parse as X.509, and then falling back to EC point format before failing the parse attempt.
  • X2559 supports X.509 as well, will follow up Ed2559 in a separate PR since that requires a bit more refactor work and wanted to simplify this PR a bit.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

@skmcgrail skmcgrail requested a review from a team as a code owner August 16, 2024 16:52
@codecov-commenter
Copy link

codecov-commenter commented Aug 16, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 89.47368% with 30 lines in your changes missing coverage. Please review.

Project coverage is 92.56%. Comparing base (c358484) to head (f9af638).
Report is 61 commits behind head on main.

Files Patch % Lines
aws-lc-rs/src/ec.rs 88.07% 5 Missing and 8 partials ⚠️
aws-lc-rs/src/agreement.rs 91.42% 7 Missing and 5 partials ⚠️
aws-lc-rs/src/agreement/ephemeral.rs 88.57% 4 Missing ⚠️
aws-lc-rs/src/ec/key_pair.rs 0.00% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #498      +/-   ##
==========================================
- Coverage   95.80%   92.56%   -3.24%     
==========================================
  Files          61       67       +6     
  Lines        8143     9136     +993     
  Branches        0     9136    +9136     
==========================================
+ Hits         7801     8457     +656     
- Misses        342      417      +75     
- Partials        0      262     +262

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@justsmth justsmth self-requested a review August 19, 2024 16:53
justsmth
justsmth reviewed Aug 19, 2024
View reviewed changes
aws-lc-rs/src/agreement.rs Outdated Show resolved Hide resolved
aws-lc-rs/src/agreement.rs Outdated Show resolved Hide resolved
aws-lc-rs/src/ec.rs Outdated Show resolved Hide resolved
aws-lc-rs/src/ec.rs Outdated Show resolved Hide resolved
@skmcgrail skmcgrail mentioned this pull request Aug 19, 2024
Merged
justsmth
justsmth reviewed Aug 19, 2024
View reviewed changes
aws-lc-rs/src/agreement.rs Outdated Show resolved Hide resolved
aws-lc-rs/src/agreement.rs Outdated Show resolved Hide resolved
aws-lc-rs/src/ec.rs Outdated Show resolved Hide resolved
@skmcgrail skmcgrail requested a review from justsmth August 19, 2024 19:06
justsmth
justsmth previously approved these changes Aug 19, 2024
View reviewed changes
@skmcgrail skmcgrail requested a review from justsmth August 21, 2024 20:18
@skmcgrail skmcgrail merged commit 396bcda into aws:main Aug 22, 2024
183 of 196 checks passed
@skmcgrail skmcgrail deleted the key-formats-redux branch August 22, 2024 21:49
@ctz
Copy link
Contributor

ctz commented Sep 7, 2024

I think ideally this would have been done with a separate API (eg, agreement::ECDH_P256_COMPRESSED, agreement:ECDH_P256_AUTODETECT, perhaps). As it is, this is not compatible with:

  • TLS1.3 (which outlaws all encodings other than uncompressed)
  • TLS1.2 (which separately negotiates the encoding, then must only accept the negotiated encoding.)
  • X.509 (which allows uncompressed and compressed and expects them to be self-describing, but obviously never should accept a SPKI recursively inside another id-ecPublicKey SPKI)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@justsmth justsmth justsmth approved these changes

@samuel40791765 samuel40791765 samuel40791765 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@skmcgrail @codecov-commenter @ctz @samuel40791765 @justsmth