Skip to content

Support the creation of a new mutable object with a pre-determined signature key #1245

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 28 commits into from
Jan 13, 2023
Merged

Support the creation of a new mutable object with a pre-determined signature key #1245

merged 28 commits into from
Jan 13, 2023

Conversation

@exarkun
Copy link
Member

@exarkun exarkun commented Jan 6, 2023

exarkun added 20 commits January 2, 2023 19:29
@exarkun
Add keypair to NodeMaker.create_mutable_file
15e22dc 
Previously `NodeMaker` always took responsibility for generating a keypair to
use.  Now the caller may supply one.
@exarkun
add some type annotations to allmydata.crypto.rsa
23f2d8b
@exarkun
Give slightly better error messages from rsa key validation failure
f6d9c33
@exarkun
Clean up some Python 2 remnants
6b58b66
@exarkun
Clean up some more Python 2 remnants
a58d8a5
@exarkun
Another Python 2 remnant cleanup
5bad92c
@exarkun
Factor some SSK "signature" key handling code into a more reusable shape
c7bb190 
This gives the test suite access to the derivation function so it can
re-derive certain values to use as expected results to compare against actual
results.
@exarkun
Expose the pre-constructed keypair functionality to the HTTP API
3423bfb
@exarkun
Move get_keypair to a shared location
e236cc9
@exarkun
expose the private-key feature in the tahoe put cli
3ff9c45
@exarkun
news fragment
1d125b7
@exarkun
important data file ...
e829b89
@exarkun
fix some errors reported by mypy
2dc6466
@exarkun
Merge remote-tracking branch 'origin/master' into 3962.pre-determined…
01b14fe 
…-rsa-keys
@exarkun
Fix some more mypy errors
a806b2f
@exarkun
we should always be able to get these
c9e23de 
and we always need overload now
@exarkun
load the right kind of key!
85234b0
@exarkun
fall back to *with* validation, not without
8c56cca
@exarkun
RSAPrivateKey certainly does have this method
e893d06 
I don't know why mypy fails to see it.
@exarkun
get Literal from somewhere it is more likely to be
3ce5ee6
@coveralls
Copy link
Collaborator

coveralls commented Jan 7, 2023
edited
Loading

Coverage Status

Coverage: 94.849%. Remained the same when pulling bdad577 on exarkun:3962.pre-determined-rsa-keys into d3a40b8 on tahoe-lafs:master.

@exarkun exarkun marked this pull request as ready for review January 7, 2023 14:32
exarkun
exarkun commented Jan 11, 2023
View reviewed changes
src/allmydata/crypto/rsa.py


def create_signing_keypair_from_string(private_key_der):
def create_signing_keypair_from_string(private_key_der: bytes) -> tuple[PrivateKey, PublicKey]:
Copy link
Member Author

@exarkun exarkun Jan 11, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There should be no change of behavior in this function. All of the changes are to fix complaints mypy has about this function now that it is annotated.

exarkun
exarkun commented Jan 11, 2023
View reviewed changes
src/allmydata/crypto/rsa.py
"""
_validate_private_key(private_key)
return private_key.private_bytes(
return private_key.private_bytes( # type: ignore[attr-defined]
Copy link
Member Author

@exarkun exarkun Jan 11, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Try as I might, I could not convince mypy that the private_bytes method exists.

itamarst
itamarst approved these changes Jan 12, 2023
View reviewed changes
Copy link
Collaborator

@itamarst itamarst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you, address and merge.

src/allmydata/web/common.py

T = TypeVar("T")

@overload
Copy link
Collaborator

@itamarst itamarst Jan 12, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TIL

Copy link
Collaborator

@itamarst itamarst Jan 12, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So this is saying:

  • If multiple is False, we return bytes
  • If multiple is True, we return tuple of bytes

But then the final version allows returning random other things, regardless of value of multiple. So how does that work?

Copy link
Member Author

@exarkun exarkun Jan 12, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are close. The key is that `Literal[False] doesn't mean "False". It means a statically detectable False. For example:

get_arg(..., multiple=False)

or

x = False
get_arg(..., multiple=x)

but probably not

get_arg(..., multiple=True if x else False)

I don't know the exact extent to which mypy can track this down.

So the first two cases are for statically detectable False or True and the third case covers those and the case where the value couldn't be determined.

Writing this out and reconsidering it, I'm not sure how much sense it makes. I think I got lost in making mypy happy and wasn't thinking carefully enough about the real meaning. A couple things occur to me now:

  • The T case is just as possible for the Literal[True] and Literal[False] cases as for the third case.
  • The None in the return type seems like nonsense. The only way to get None back is if that is the value given for default. It seems like T should cover this but maybe it doesn't because of some special cases applied to None?

sigh... I'll see if I can work this into something more coherent.

Copy link
Member Author

@exarkun exarkun Jan 12, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

2490f0f fwiw

@exarkun
Copy link
Member Author

exarkun commented Jan 13, 2023

Unclear what the integration test failures are but I see them on the most recent master build too so I guess they aren't a problem with this branch. :/

@exarkun exarkun merged commit 7b768fd into tahoe-lafs:master Jan 13, 2023
@exarkun exarkun deleted the 3962.pre-determined-rsa-keys branch January 13, 2023 17:28
@crwood crwood mentioned this pull request May 14, 2024
Merged
@crwood crwood mentioned this pull request Aug 25, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@itamarst itamarst itamarst approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@exarkun @coveralls @itamarst