Skip to content

SPKI: Generate public keys #3227

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 7, 2019
Merged

SPKI: Generate public keys #3227

merged 3 commits into from
Oct 7, 2019

Conversation

oncilla
Copy link
Contributor

@oncilla oncilla commented Oct 7, 2019
edited by kormat
Loading

Adds:

  • support for generating public keys for all available private keys.

Also:

  • fixes license in priv.go

This change is Reviewable

@oncilla
SPKI: Generate public keys
d0de7f9 
Adds:
- support for generating public keys for all available private keys.

Also:
- fixes license in priv.go
@oncilla oncilla marked this pull request as ready for review October 7, 2019 15:01
@oncilla oncilla requested a review from scrye October 7, 2019 15:02
@oncilla oncilla added c/CPPKI SCION Control-plane PKI c/tooling SCION network tools labels Oct 7, 2019
@oncilla oncilla added this to the Q4S1 milestone Oct 7, 2019
scrye
scrye suggested changes Oct 7, 2019
View reviewed changes
Copy link
Contributor

@scrye scrye left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 6 of 6 files at r1.
Reviewable status: all files reviewed, 4 unresolved discussions (waiting on @oncilla)

go/lib/scrypto/asym.go, line 82 at r1 (raw file):

		var privKeyFixed, pubKey [32]byte
		copy(privKeyFixed[:], privKey)
		curve25519.ScalarBaseMult(&pubKey, &privKeyFixed)

Is the endianness here correct when these values are loaded from files? I think we use little endian everywhere, but just want to double check it with you.

go/tools/scion-pki/internal/v2/keys/pub.go, line 61 at r1 (raw file):

				return nil, serrors.WrapStr("unable to load private keys for AS", err, "ia", ia)
			}
			if len(keys) > 0 {

Can drop the if, default val is nil if there are no keys.

go/tools/scion-pki/internal/v2/keys/pub.go, line 91 at r1 (raw file):

		var keys []keyconf.Key
		for _, privKey := range privKeys {
			key := privKey

This shallow copy is dangerous; if key.Bytes mutates prior to the assignment below, privKey.Bytes is also affected. I think implementing a proper Copy is safer (it also signals to someone reading the code that everything is safe; right now, I needed to go within keyconf.Key to reason what is copied by reference/pointer, and what is copied by value).

go/tools/scion-pki/internal/v2/keys/pub.go, line 131 at r1 (raw file):

		return keyconf.Key{}, serrors.WrapStr("unable to read file", err)
	}
	block, _ := pem.Decode(raw)

keyconf.KeyFromPEM would panic on block == nil, but that can be returned by pem.Decode if the input is garbage.

oncilla
oncilla commented Oct 7, 2019
View reviewed changes
Copy link
Contributor Author

@oncilla oncilla left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: all files reviewed, 4 unresolved discussions (waiting on @scrye)

go/lib/scrypto/asym.go, line 82 at r1 (raw file):

Previously, scrye (Sergiu Costea) wrote…

Is the endianness here correct when these values are loaded from files? I think we use little endian everywhere, but just want to double check it with you.

It is, yes.
But it is a bit awkward, I agree.

go/tools/scion-pki/internal/v2/keys/pub.go, line 61 at r1 (raw file):

Previously, scrye (Sergiu Costea) wrote…

Can drop the if, default val is nil if there are no keys.

True, but I wanted to avoid creating superfluous directories.

go/tools/scion-pki/internal/v2/keys/pub.go, line 91 at r1 (raw file):

Previously, scrye (Sergiu Costea) wrote…

This shallow copy is dangerous; if key.Bytes mutates prior to the assignment below, privKey.Bytes is also affected. I think implementing a proper Copy is safer (it also signals to someone reading the code that everything is safe; right now, I needed to go within keyconf.Key to reason what is copied by reference/pointer, and what is copied by value).

Done.

go/tools/scion-pki/internal/v2/keys/pub.go, line 131 at r1 (raw file):

Previously, scrye (Sergiu Costea) wrote…

keyconf.KeyFromPEM would panic on block == nil, but that can be returned by pem.Decode if the input is garbage.

Good catch!

scrye
scrye approved these changes Oct 7, 2019
View reviewed changes
Copy link
Contributor

@scrye scrye left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:lgtm:

Reviewed 1 of 1 files at r2.
Reviewable status: :shipit: complete! all files reviewed, all discussions resolved

@oncilla oncilla merged commit 5155cad into scionproto:master Oct 7, 2019
@oncilla oncilla deleted the pub-spki-pub branch August 7, 2020 12:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
1 more reviewer

@scrye scrye scrye approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
c/CPPKI SCION Control-plane PKI c/tooling SCION network tools
Projects
None yet
Milestone
Q4S1
Development

Successfully merging this pull request may close these issues.
2 participants
@oncilla @scrye