This repository has been archived by the owner on Jan 31, 2025. It is now read-only.
Extend cipher suite list #21
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
+ Fix the broken example scripts + Use real X.509 certificates in the examples (authentication keys are Ed25519) --> remove pickled dictionary with legacy credential store + remote_cred_cb takes a Callable that returns the remote credentials + the return value of remote_cred_cb should go through _parse_credentials to parse/verify the RPK/certificate and extract the remote public authentication key + Add a custom CBOR encoder to properly encode COSE header maps with COSE header attributes + remove dependency on asn1crypto (everything can be done with the X509 module of the cryptography package)
This will allow the verifier to rebuild a MAC in the next step.
The remote callback used to be evaluated lazily whenever one of the properties is first accessed; now it is evaluated as soon as all its input data are set (ie. when the ID_CRED_remote is set). That laziness currently *would* saved some calculation, but these savings go away as things are verified completely. The way this is done may later need to be changed again to accommodate asynchronous operation, either by making some parts async, or by altering how the library is used. Not evaluating the callback result also led to some usage patterns being untested. Resulting from these tests, *all* callback outputs are fed through _parse_credentials; this was previously done in only one code path.
The lambda wrapper represents a change already done earlier in "remote_cred_cb takes a Callable that returns the remote credentials" (just never hit the test cases). The cred_id[ri] setting is not so much done to have that available (it's not even stored currently), but to ensure that this step (that usually happens when parsing an incoming message) takes its side effects (of evaluating the credentials callback and storing remote cred and authkey) before these are used in the test evaluations.
Arguments may be had about whether this should be expanded even earlier, but at least now it's consistently accessible.
chrysn
changed the title
chrysn
changed the title
|
Suite 2 has been interoperated successfully today with Marco's implementation. Feeling bold and adding 4-5; these are untested so far (not even locally), but then again don't introduce anything conceptually new. A function has been added that, when not running with -O, goes through the classes at import time and checks their algorithms against the numbers shown in the EDHOC spec. |
Open
TimothyClaeys
approved these changes
May 18, 2021
|
I've opened an issue in TimothyClaeys/pycose#62 to remind me to add your suggested functionality so we can refactor the code here and remove the big if-else tree. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This depends on TimothyClaeys/pycose#57, and builds on #19 (this actual PR is just a single commit, the rest is noise GitHub fails to assign to the other PR).
I think there's a bit of refactoring possibilities in here, see the "is this a good criterion" comment -- but that also interacts with pycose in that curves could gain a
public_key_from_xconstructor or something like that that'd spare us the if tree here. (We have a curve and some expression of a point, let's let the object do its magic).