Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adopt TrustAnchorIdentifiers from v03 of MTC draft #5

Merged
merged 6 commits into from
Sep 17, 2024
Merged

Adopt TrustAnchorIdentifiers from v03 of MTC draft #5

merged 6 commits into from
Sep 17, 2024

Conversation

pohlm01
Copy link
Contributor

@pohlm01 pohlm01 commented Sep 11, 2024

This solves #3

@bwesterb bwesterb self-requested a review September 11, 2024 13:43
bwesterb
bwesterb requested changes Sep 11, 2024
View reviewed changes
Copy link
Owner

@bwesterb bwesterb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this!

ca/ca.go Outdated Show resolved Hide resolved
mtc.go Outdated Show resolved Hide resolved
mtc.go Outdated
type TrustAnchorIdentifier []byte

func (tai *TrustAnchorIdentifier) ProofType() ProofType {
// TODO make this dependent on the OID
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can't see it from the OID itself: we need some lookup. A caller will have a list of known CAs that include OID, public key, and proof type. The question is how to do this elegantly in the API. Perhaps we have a MTCContext struct, which when created can be passed with a CAStore interface that has a OID -> CAParams function.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've built a simple construction, such that the CA params essentially are the only entry in the 'root store'. Let me know if you would like something more elaborate, or feel free to change it yourself.

mtc.go Outdated Show resolved Hide resolved
mtc.go Outdated Show resolved Hide resolved
mtc.go Outdated Show resolved Hide resolved
mtc.go Outdated Show resolved Hide resolved
@pohlm01
Copy link
Contributor Author

pohlm01 commented Sep 12, 2024

Thanks a lot for this meaningful review! I'll add more commits and let you know when I think it might be in a mergeable state.

@pohlm01 pohlm01 marked this pull request as draft September 12, 2024 07:45
@pohlm01 pohlm01 marked this pull request as ready for review September 12, 2024 13:39
@pohlm01 pohlm01 requested a review from bwesterb September 12, 2024 13:39
bwesterb
bwesterb reviewed Sep 13, 2024
View reviewed changes
mtc.go Outdated Show resolved Hide resolved
bwesterb
bwesterb reviewed Sep 13, 2024
View reviewed changes
README.md Outdated Show resolved Hide resolved
bwesterb
bwesterb reviewed Sep 13, 2024
View reviewed changes
ca/ca.go Outdated Show resolved Hide resolved
bwesterb
bwesterb reviewed Sep 13, 2024
View reviewed changes
mtc.go
})

buf, err = c.Proof.TrustAnchorIdentifier().MarshalBinary()
b.AddBytes(buf)
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Length prefix is missing

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The MarshalBinary() method of the tai does encode the OID with the TLS style length prefix. From how I understand the I-D, there is no other, outer length encoding needed. See Section 5.5.3 and mct.go:1603 for reference.

Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The definition is

opaque TrustAnchorIdentifier<1..2^8-1>

As you can read from section 4.3 from RFC 5246, the angular brackets indicate a length prefixed value.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed. Maybe I'm just confusing something here, but in my mind, this is taken care of in mct.go:1603. Maybe it becomes more clear if I move this length prefix out of the TAI MarshalBinary() method?

Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, you're right. Now my complain becomes the opposite: there are a few places where a second length prefix is included.

bwesterb
bwesterb reviewed Sep 13, 2024
View reviewed changes
mtc.go Outdated Show resolved Hide resolved
@bwesterb
Copy link
Owner

Thanks a lot for this meaningful review! I'll add more commits and let you know when I think it might be in a mergeable state.

Good progress. There are still a couple of issues — see my comments, but they shouldn't be too hard to fix.

bwesterb
bwesterb reviewed Sep 15, 2024
View reviewed changes
cmd/mtc/main.go Outdated Show resolved Hide resolved
bwesterb
bwesterb reviewed Sep 15, 2024
View reviewed changes
mtc.go Show resolved Hide resolved
@bwesterb bwesterb self-requested a review September 15, 2024 16:07
bwesterb
bwesterb approved these changes Sep 15, 2024
View reviewed changes
Copy link
Owner

@bwesterb bwesterb left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! I'll merge when you're happy with final changes.

@bwesterb bwesterb merged commit 400c835 into bwesterb:main Sep 17, 2024
1 check passed
pohlm01 added a commit to pohlm01/mtc that referenced this pull request Sep 18, 2024
@pohlm01
Align Marshaling of RelativeOID with the one of TAI
9680bf4 
Relates to bwesterb#5
@pohlm01 pohlm01 mentioned this pull request Sep 18, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bwesterb bwesterb bwesterb approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pohlm01 @bwesterb