Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve SSlibKey validation in _verify #795

Merged
merged 1 commit into from
Apr 25, 2024
Merged

Improve SSlibKey validation in _verify #795

merged 1 commit into from
Apr 25, 2024

Conversation

lukpueh
Copy link
Member

@lukpueh lukpueh commented Apr 24, 2024

Added checks as requested in #766:

  • keytype matches scheme
  • scheme matches deserialized key type (only for pem formatted keyvals; for ed25519 the check happens implicitly on deserialization)
  • scheme matches deserialized key curve (only for ecdsa)

Note that this PR does not move the checks to the constructor as suggested in #766. This may or may not be addressed in a follow-up PR.

failing tests fixed in #794

lukpueh
lukpueh commented Apr 24, 2024
View reviewed changes
securesystemslib/signer/_key.py
@@ -341,9 +341,18 @@ def _verify_ed25519_fallback(self, signature: bytes, data: bytes) -> None:

def _verify(self, signature: bytes, data: bytes) -> None:
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The function has become a bit unwieldy. But I did resist the temptation to refactor anything, mostly because want this PR to be easy to review ... and also because I was unsure how to make it better. :)

One idea I had was to factor out the long deserialization if/else switch to something like a _to_crypto method: 504ffae

...

I'll think about this some more.

@lukpueh lukpueh force-pushed the sslibkey-validation branch from 5ec0e4c to b409d6b Compare April 24, 2024 14:04
@lukpueh lukpueh marked this pull request as draft April 24, 2024 14:05
jku
jku approved these changes Apr 25, 2024
View reviewed changes
Copy link
Collaborator

@jku jku left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. It's true that some things might make sense to do earlier but I think there is a good chance for mistakes in there so this feels right for now.

@lukpueh
Improve SSlibKey validation in _verify
3f70df5 
Added checks as requrested in secure-systems-lab#766:

- keytype matches scheme
- scheme matches deserialized key type (only for pem formatted keyvals;
  for ed25519 the check happens implicitly on deserialization)
- scheme matches deserialized key curve (only for ecdsa)

Note that this PR does not move the checks to the constructor as
suggested in secure-systems-lab#766. This may or may not be addressed in a follow-up PR.

failing tests fixed in secure-systems-lab#794

Signed-off-by: Lukas Puehringer <[email protected]>
@lukpueh lukpueh force-pushed the sslibkey-validation branch from b409d6b to 3f70df5 Compare April 25, 2024 12:06
@lukpueh lukpueh marked this pull request as ready for review April 25, 2024 12:06
@lukpueh
Copy link
Member Author

lukpueh commented Apr 25, 2024

rebase on main. tests should pass now.

@lukpueh lukpueh merged commit 5db8bf5 into secure-systems-lab:main Apr 25, 2024
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jku jku jku approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lukpueh @jku