Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Public key improvements #136

Merged
merged 3 commits into from
Feb 10, 2022
Merged

Public key improvements #136

merged 3 commits into from
Feb 10, 2022

Conversation

infinisil
Copy link
Member

While trying to fix #133, I noticed some other things that could be improved on the public key handling. For now only a draft, it will change a bunch still I think. The main reasons for doing this:

  • We want to have a smart constructor for public keys, one that verifies that the public key is actually a valid one. This would do the check from Check that the ECDSA point is on the curve #133, but it would also do checks for EdDSA and RSA keys. With this, the user can't ever create an invalid public key.
  • Avoid duplication of fields: Previously CosePublicKey was an inlined combination of CoseSignAlg and PublicKey, therefore it duplicated all the fields, which is kind of bad
  • Make verify only return an error when the error is caused by the signature or the message. Previously it would also return an error if the public key doesn't match the passed signature algorithm. This error therefore needs to be handled earlier.

@infinisil infinisil force-pushed the public-key-refactor branch 2 times, most recently from 471923e to 37124f6 Compare February 9, 2022 01:39
infinisil added a commit that referenced this pull request Feb 9, 2022
@infinisil
Add changelog for #136
44ff8dd
@infinisil infinisil marked this pull request as ready for review February 9, 2022 01:52
@infinisil
Copy link
Member Author

Best reviewed by just looking at the first commit

@infinisil infinisil mentioned this pull request Feb 9, 2022
Closed
@infinisil
Improved public key checking
a040f1d 
- Change `CosePublicKey` to just be a combination of `PublicKey` and `CoseSignAlg`, but using a smart constructor to ensure that the signature schemes of the two match. This allows removing the public key parameter duplication. Also introduces `PublicKeyWithSignAlg`, which `CosePublicKey` is actually aliased to.
- Use `PublicKeyWithSignAlg` as an input to the `verify` function, and
  use `PublicKeyWithSignAlg` in attestation format statements that need
  to call this function.
- Introduce `UncheckedPublicKey` and a smart "constructor"
  `checkPublicKey` to turn it into a `PublicKey`, which makes sure that
  only valid public keys can be used. For example this implements a
  check that for ECDSA keys, the point is on the curve.
- Use `Integer`s to represent ECDSA key coordinates. Previously this was
  not done because the spec said to persist leading zeroes. But we can
  just calculate the leading zeroes ourselves by looking at the number
  of bytes that the curve uses
@infinisil
Rename two Cose modules
3829845 
Renames Crypto.WebAuthn.Cose.{Key -> PublicKeyWithSignAlg}
Renames Crypto.WebAuthn.Cose.{Algorithm -> SignAlg}

This better reflects the types these modules define
@infinisil
Add changelog for #136
1183083
@infinisil infinisil changed the title Public key refactor Public key improvements Feb 10, 2022
@infinisil infinisil merged commit 11f1634 into master Feb 10, 2022
@infinisil infinisil deleted the public-key-refactor branch February 10, 2022 13:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ErinvanderVeen ErinvanderVeen ErinvanderVeen approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@infinisil @ErinvanderVeen