Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

edhoc-hacspec: declassify numbers before return from parse #60

Closed
wants to merge 6 commits into from
Closed

edhoc-hacspec: declassify numbers before return from parse #60

wants to merge 6 commits into from

Conversation

geonnave
Copy link
Collaborator

Addressing #49.

@geonnave geonnave mentioned this pull request Apr 21, 2023
Closed
malishav
malishav reviewed Apr 24, 2023
View reviewed changes
Copy link
Contributor

@malishav malishav left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for hte PR! My main comment/question is whether we can homogenize the code such that declassify does not appear in top-level functions? With the current code, some parts are declassified and some are not, which is not ideal IMO

hacspec/out/Edhoc_hacspec.fst Outdated
@@ -0,0 +1,1129 @@
module Edhoc_hacspec
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is the .fst file part of this PR?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Committed it by mistake... removing.

hacspec/src/lib.rs Outdated
// Step 2: verify that the selected cipher suite is supported
if supported_suites[0u8].declassify() == EDHOC_SUPPORTED_SUITES[0u8].declassify() {
if supported_suites[0] == EDHOC_SUPPORTED_SUITES[0u8].declassify() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's homogenize this so declassify does not appear any more in *_process_message?

hacspec/src/lib.rs Outdated
@@ -220,7 +220,7 @@ pub fn r_process_message_3(
let (kid, mac_3) = decode_plaintext_3(&plaintext_3);

// compare the kid received with the kid expected in id_cred_i
if kid.declassify() == id_cred_i_expected[id_cred_i_expected.len() - 1].declassify() {
if kid == id_cred_i_expected[id_cred_i_expected.len() - 1].declassify() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same comment as above

hacspec/src/lib.rs Outdated
@@ -420,7 +420,7 @@ pub fn i_process_message_2(

// Check MAC before checking KID
if mac_2.declassify_eq(&expected_mac_2) {
if kid.declassify() == id_cred_r_expected[id_cred_r_expected.len() - 1].declassify() {
if kid == id_cred_r_expected[id_cred_r_expected.len() - 1].declassify() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see above

@geonnave geonnave force-pushed the declassify_numbers_in_parse_routine branch from 2675302 to caea2ad Compare April 24, 2023 09:21
@geonnave
Copy link
Collaborator Author

whether we can homogenize the code such that declassify does not appear in top-level functions? With the current code, some parts are declassified and some are not, which is not ideal IMO

I think it is a good idea to be more homogeneous. Just checking how we would do it:

  • update EDHOC_SUPPORTED_SUITES to not use secret integers (not sure if this makes sense)
  • modify id_cred_[ir]_expected to [u8; ID_CRED_LEN], in * _process_message_* (but then I would have to call from_public_slice before passing it to functions such as compute_mac_3.

@malishav
Copy link
Contributor

update EDHOC_SUPPORTED_SUITES to not use secret integers (not sure if this makes sense)

Why not? Is it used elsewhere? It seems the cleanest IMO

malishav
malishav reviewed Apr 24, 2023
View reviewed changes
hacspec/src/lib.rs
@@ -899,7 +900,10 @@ fn encode_kdf_context(
// encode context in line
// assumes ID_CRED_R and CRED_R are already CBOR-encoded
let mut output = BytesMaxContextBuffer::new();
output = output.update(0, id_cred);
for i in 0..id_cred.len() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why dont you use copy_from_slice here? also, remove the code that is commented out

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, I see why.. output is a hacspec type.. nevermind the comment

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

malishav
malishav reviewed Apr 24, 2023
View reviewed changes
hacspec/src/lib.rs
@@ -1292,7 +1297,7 @@ mod tests {
fn test_compute_mac_3() {
let prk_4e3m_tv = BytesHashLen::from_hex(PRK_4E3M_TV);
let th_3_tv = BytesHashLen::from_hex(TH_3_TV);
let id_cred_i_tv = BytesIdCred::from_hex(ID_CRED_I_TV);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why not use ID_CRED_I_TV directly in the call to compute_mac_3 below? i.e. you could remove line 1300

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you also update it ssimilarly for other occurences, noted with "same comment"

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh sure, done.

@geonnave
Copy link
Collaborator Author

geonnave commented Apr 25, 2023
edited
Loading

PR should be ready now, just need to be able to check that fstar generation is still working.

@geonnave geonnave added enhancement New feature or request cleanup and removed enhancement New feature or request labels Apr 25, 2023
malishav
malishav reviewed Apr 25, 2023
View reviewed changes
hacspec/src/lib.rs Outdated
@@ -1426,7 +1429,7 @@ mod tests {

#[test]
fn test_encode_plaintext_3() {
let id_cred_i_tv = BytesIdCred::from_hex(ID_CRED_I_TV);
let id_cred_i_tv = ID_CRED_I_TV;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same comment on using ID_CRED_I_TV directly applies

hacspec/src/lib.rs Outdated
@@ -1345,14 +1348,14 @@ mod tests {
0,
PLAINTEXT_2_TV.len() / 2,
);
let id_cred_r_tv = BytesIdCred::from_hex(ID_CRED_R_TV);
let id_cred_r_tv = ID_CRED_R_TV;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same comment applies

hacspec/src/lib.rs Outdated
@@ -1330,7 +1333,7 @@ mod tests {
#[test]
fn test_encode_plaintext_2() {
let plaintext_2_tv = BytesPlaintext2::from_hex(PLAINTEXT_2_TV);
let id_cred_r_tv = BytesIdCred::from_hex(ID_CRED_R_TV);
let id_cred_r_tv = ID_CRED_R_TV;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same comment

hacspec/src/lib.rs Outdated
@@ -1310,7 +1313,7 @@ mod tests {
#[test]
fn test_compute_and_verify_mac_2() {
let prk_3e2m_tv = BytesHashLen::from_hex(PRK_3E2M_TV);
let id_cred_r_tv = BytesIdCred::from_hex(ID_CRED_R_TV);
let id_cred_r_tv = ID_CRED_R_TV;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same comment

hacspec/src/lib.rs
@@ -1292,7 +1297,7 @@ mod tests {
fn test_compute_mac_3() {
let prk_4e3m_tv = BytesHashLen::from_hex(PRK_4E3M_TV);
let th_3_tv = BytesHashLen::from_hex(TH_3_TV);
let id_cred_i_tv = BytesIdCred::from_hex(ID_CRED_I_TV);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you also update it ssimilarly for other occurences, noted with "same comment"

@geonnave geonnave force-pushed the declassify_numbers_in_parse_routine branch from b393e38 to 838baf6 Compare April 25, 2023 13:32
@geonnave
Copy link
Collaborator Author

Still needed: test fstar generation after type changes.
Obstacle: cargo circus not working in my personal computer.
Solution: wait for a fix from the hacspec team, or go to Inria run the tests (maybe tomorrow).

@geonnave
Copy link
Collaborator Author

geonnave commented Oct 4, 2023

After the merge of #105 this is not applicable anymore.

@geonnave geonnave closed this Oct 4, 2023
@geonnave geonnave deleted the declassify_numbers_in_parse_routine branch November 23, 2023 09:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@malishav malishav malishav left review comments

Assignees
No one assigned
Labels
cleanup depends-on-third-party
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@geonnave @malishav