Allow non-cert public keys #965
Conversation
|
Can one of the admins verify this patch? |
| if err != nil { | ||
| return "", fmt.Errorf("unable to parse pem encoded public key: %v", err) | ||
| } | ||
| _, ok := pub.(*ecdsa.PublicKey) |
There was a problem hiding this comment.
Use a type switch for clarity and ease of adding other key types in the future:
switch pub.(type) {
case *ecdsa.PublicKey:
return data.ECDSAKey, nil
case *rsa.PublicKey:
return data.RSAKey, nil
}
There was a problem hiding this comment.
Non-blocking: We seem to support ED25519 for ParsePEMPrivateKey, although I guess we concatenate the private and public parts. I don't think it violates any existing spec to PEM-encode the public key, although I know it's not not supported by openssl or other software. Would it make sense to either support that here, or remove support in ParsePEMPrivateKey?
There was a problem hiding this comment.
I'm for supporting it here as well - PEM's just a transport format.
There was a problem hiding this comment.
@endophage Also a good review note - not sure why I didn't do that originally.
| } | ||
| return "", fmt.Errorf("unkown public key format") |
There was a problem hiding this comment.
I think we probably have a relevant error type for this somewhere.
There was a problem hiding this comment.
I couldn't find one but I'm happy to switch it if you can point me to it.
There was a problem hiding this comment.
In tuf/signed/errors.go we have ErrInvalidKeyType which seems appropriate. It's used to indicate it the key type is invalid/unrecognized in the context of key types Notary accepts, not necessarily that the key is universally invalid.
| @@ -252,9 +252,31 @@ func ParsePEMPublicKey(pubKeyBytes []byte) (data.PublicKey, error) { | |||
| return nil, fmt.Errorf("invalid certificate: %v", err) | |||
| } | |||
| return CertToKey(cert), nil | |||
| case "PUBLIC KEY": | |||
| keyType, err := keyTypeForPublicKey(pemBlock.Bytes) | |||
There was a problem hiding this comment.
Would it make sense to move this entire case block into a new constructor for data.PublicKey objects that takes a []byte (in this case pemBlock.Bytes) and returns (PublicKey, error)?
There was a problem hiding this comment.
That seems like a good refactor to me; I assume the same for ParsePEMPrivateKey?
I was going to bring this up elsewhere but it seems relevant here: I think it's confusing that if you pass in a cert to ParsePEMPublicKey you get back a data.PublicKey object containing the cert bytes in the Public field instead of the parsed out public key bytes.
I was planning to read through a bit more before suggesting a change, but personally I like the idea of a flow like: certs get loaded/verified -> translated to plain keys -> tuf only deals with plain keys.
This seems like a very clean separation to me; the only issue would be that you would lose the property that certs get verified right before they're used every time. Perhaps it would make sense, after loading the certs into memory, to keep around a map of parsedKeys -> originatingCerts so that at various well-defined points during verification, you can do something like reverifyCerts(currentlyReleventKeyList) to find the certs you're using and check them again.
Just a couple of thoughts I've had on making the flow of notary easier to understand. I've just rambled a bit too much for an issue comment, so I'll pull this out into an issue later today...
There was a problem hiding this comment.
I agree it's a little messy and would be good to clean up. Let's discuss how to approach it in the issue you file.
| @@ -814,6 +814,52 @@ func generateRootKeyIDs(r *data.SignedRoot) { | |||
| } | |||
| } | |||
|
|
|||
| func TestParsePEMPublicKey(t *testing.T) { | |||
| gun := "notary" | |||
| pass := func(keyName, alias string, createNew bool, attempts int) (passphrase string, giveup bool, err error) { | |||
There was a problem hiding this comment.
Non-blocking: I think you can use passphrase.ConstantRetriever("password") for this, unless you don't want the extra import.
| if err != nil { | ||
| return "", fmt.Errorf("unable to parse pem encoded public key: %v", err) | ||
| } | ||
| _, ok := pub.(*ecdsa.PublicKey) |
There was a problem hiding this comment.
Non-blocking: We seem to support ED25519 for ParsePEMPrivateKey, although I guess we concatenate the private and public parts. I don't think it violates any existing spec to PEM-encode the public key, although I know it's not not supported by openssl or other software. Would it make sense to either support that here, or remove support in ParsePEMPrivateKey?
ecordell
force-pushed
the
non-cert
branch
3 times, most recently
from
bea9d25
to
3de4d9c
Compare
|
Addressed review comments. @endophage held off on public key refactoring because of #977 @cyli Didn't end up adding ed25519 support because the x509 library doesn't recognize it as a valid PEM public key type. If it's something that should be supported can always wrap the x509 lib and add ed25519 support. |
|
jenkins, test this please |
There was a problem hiding this comment.
Didn't end up adding ed25519 support because the x509 library doesn't recognize it as a valid PEM public key type. If it's something that should be supported can always wrap the x509 lib and add ed25519 support.
I think we use ED25519ToPrivateKey to unmarshal the private key - we do our own weird thing where basically the bytes are the public key bytes + the private key bytes, which is how we unmarshal the private key. I think the same thing can be done to parse out the public bytes (not using the x509 lib). This is non-blocking though - it's not like we supported importing ED25519 keys before. :)
I'm ok with addressing #977 in a separate PR - this LGTM aside from the one extra function that can be removed.
| @@ -1007,12 +1003,79 @@ func generateExpiredTestingCertificate(rootKey data.PrivateKey, gun string) (*x5 | |||
| return cryptoservice.GenerateCertificate(rootKey, gun, startTime, startTime.AddDate(1, 0, 0)) | |||
| } | |||
|
|
|||
| // Helper function for explicitly generating key IDs and unexported fields for equality testing | |||
| func generateRootKeyIDs(r *data.SignedRoot) { | |||
There was a problem hiding this comment.
I'm not sure if this function is still used anywhere - should it be removed? Although you do bring up a good point; it would be good to useful to have equality test functions for some of our data structures that have unexported fields at some point.
|
jenkins, test this please |
|
(Hmm... you can't edit the text of your previous review status comment :P sorry for the spam!) |
|
|
||
| // unsupported key type | ||
| unsupportedPemBytes := pem.EncodeToMemory(&pem.Block{ | ||
| Type: "UNSUPORTED KEY", |
There was a problem hiding this comment.
I think this case errors because pem.Decode fails, not because of the type-switch.
This case is great, but It would be awesome if we could add another test case with a valid type that ParsePEMPublicKey does not support, like CERTIFICATE REQUEST or PRIVATE KEY
Signed-off-by: Evan Cordell <cordell.evan@gmail.com>
|
jenkins, test this please |
|
thanks @ecordell for updating this, glad to have this feature :) |
This allows non-cert PEM encoded public keys to be loaded as delegation keys