Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove RSA and use P256 everywhere #154

Merged
merged 30 commits into from
Nov 1, 2022
Merged

Remove RSA and use P256 everywhere #154

merged 30 commits into from
Nov 1, 2022

Conversation

emostov
Copy link
Contributor

@emostov emostov commented Oct 29, 2022
edited
Loading

  • Use p256 everywhere
  • For keys: in memory we always store as raw bytes, on disk we always store as hex
  • Replace all the mock keys to use the new p256 stuff
  • Remove the sample-app, this is mostly unrelated but I didn't want to deal with maintaining it through this refactor and we have no use for it

Follow ups:

@emostov emostov changed the title [WIP] Remove RSA and use P256 everywhere Remove RSA and use P256 everywhere Oct 31, 2022
jack-kearney
jack-kearney approved these changes Oct 31, 2022
View reviewed changes
Copy link
Contributor

@jack-kearney jack-kearney left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Base automatically changed from zeke-add-p256-authenticate to master October 31, 2022 18:23
mikelodder7
mikelodder7 reviewed Oct 31, 2022
View reviewed changes
Copy link
Contributor

@mikelodder7 mikelodder7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not a fan or all these unwraps and expects. In general, its good practice to return Result or Option in the lower levels and only unwrap or panic at the app level.

mikelodder7
mikelodder7 reviewed Oct 31, 2022
View reviewed changes
src/qos_attest/Cargo.toml Outdated
openssl = "0.10.40"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not seeing this used anywhere. Are you sure is still necessary?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ya, its used for x509 cert stuff in the attestation module. Working on ripping it out right now in another branch

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fwiw openssl will be completely removed once this PR & #156 are merged

mikelodder7
mikelodder7 reviewed Oct 31, 2022
View reviewed changes
src/qos_p256/src/lib.rs Outdated
const P256_ENCRYPT_DERIVE_PATH: &[u8] = b"qos_p256_encrypt";
const P256_SIGN_DERIVE_PATH: &[u8] = b"qos_p256_sign";

/// Length of the master seed.
pub const MASTER_SEED_LEN: usize = 64;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you really need 64 bytes? Seems overkill and adds nothing in terms of security. 32 bytes its more than enough.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

64 is a bit arbitrary, but was thinking it could give us more flexibility in the future? Tbh though that was just a guess so I am fine with switching to 32

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agree with @mikelodder7. Security limit is already 128b because of the use of p256. Recommend 128b = 32B here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, this is now switched to 32.

@emostov emostov mentioned this pull request Oct 31, 2022
Open
emostov
emostov commented Oct 31, 2022
View reviewed changes
src/qos_crypto/src/lib.rs Outdated Show resolved Hide resolved
ace0
ace0 approved these changes Oct 31, 2022
View reviewed changes
Copy link

@ace0 ace0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left an optional comment. Otherwise, lgtm.

@emostov emostov requested a review from mikelodder7 November 1, 2022 15:18
@emostov emostov merged commit a1c84e2 into master Nov 1, 2022
@emostov emostov deleted the zeke-p256-the-world branch November 1, 2022 17:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ace0 ace0 ace0 approved these changes

@jack-kearney jack-kearney jack-kearney approved these changes

@mikelodder7 mikelodder7 Awaiting requested review from mikelodder7

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@emostov @mikelodder7 @jack-kearney @ace0