-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"Crypto as trait" experiments #103
"Crypto as trait" experiments #103
Conversation
This is currently running into a situation where get_random_byte is U8 in hacspec cases and u8 in others. While this could be resolved with associated types and whatnot, I guess this best waits for @geonnave's hacspec simplifications. |
10fd043
to
b965b4b
Compare
Hacspec simplifications merged on main! |
86a429a
to
0c14e76
Compare
Rebased onto main, and is also much simpler now. Some back-ends still need to be updated, but that's mainly a formality. So far I don't expect any trouble with hacspec; the real test will come when |
This is incomplete in two aspects: * it only adjusts the hacspec and psa crypto backends, and * it still goes through the edhoc-crypto crate to create import-based dispatch. It also does not do a full cargo-fmt, because this allows the delta of this commit to be small.
From CI not complaining about me having slumped around cc2538, I take it that platform is already on its way out? (Ignoring it for here unless it makes CI fail or I hear otherwise from you). |
Yeah, you can safely ignore cc2538 for now. |
This is likely not a final version, as it is terribly verbose. The verbosity would be mitigated if the functions were methods of their states, as then, it would be concentrated atop the impl blocks. It is also incomplete in that it merely shifts the cfg-switched Crypto implementation from being referenced in edhdoc.rs to being referenced in lib.rs, instead of making the latter generic as well.
This is deferred from the previous commit to maintain its "minimality"
0b51c40
to
2685ffd
Compare
The latest changeset also contains first steps toward being generic over the crypto backend. This is incredibly verbose because it is all standalone functions and not impls on a struct (where more typing would be grouped into one line). May make sense to pursue this if typestating goes ahead inside edhoc.rs. In parallel, it'd be worth considering whether to pass it as a type or a (usually ZST) instance of a type -- adding an argument for the Crypto backend would also help with the verbosity. I'd like that because it'd mean that, say, on platforms like PSA that AIU need some initialization, you can't pass an instance into EDHOC without having initialized it first. (But that's probably best explored when the code is in a more impl-block style). |
This is looking great, and the CI passes! Also I tested with |
Note that a big no-no in hacspec is any usage of mutable references. In fact, on a more historical note, we went a full circle: from the Crypto backend implemented as a Trait to the current state, and are now going back. Let's just make sure it is compatible with
I had a brief chat with @W95Psp who indicated traits and generics are now supported. |
I'm curious: What is hax's entry point? If it previously tried to prove any properties of a sequence of |
The CI just translates the Rust code into fstar. So yes, the actual verification happens once the fstar artifact is generated, and is, for now, a manual process. |
Here's a relevant question then: How about
when we (only for hacspec) limit this to Background: If we make the "crypto engine" an instance, that'd be a ZST that's creatable out of thin air for any software implementation, and thus is Clone, Copy, Send, Sync and what-so-not), but a HW crypto engine would either be busy-polling for the engine to be free, or use some OS's synchronization primitives (bye bye portability), or would be instanciated into a single ZST (or maybe pointer sized type to carry its hardware base addess), and by means of being an exclusive reference (pedants don't call |
CC @W95Psp to clarify |
To clarify about mutable references: they are forbidden everywhere but on function inputs.
So @chrysn, defining such a |
Thanks, that's good news. So we can have a Crypto usable through &mut, passed it that way into the low-level functions, and high-level structs can own a Crypto -- for the time being (with an option to have a storage form that outlives its Crypto to be added if ever a Crypto is not Clone and 'static).
|
…from crypto independent
To keep things managable I've marked this as ready-for-review -- I think that this is now standalone enough for review at the lower layers. Next steps would be pulling an implementation of Crypto into the high-level state. This has ergonomics downsides -- constructing a new EDHOC state now requires passing in the chosen crypto, and, IMO worse, helper functions such as Proposed way forward: Please give me a rough round of feedback on this one -- not for merging but just for the direction. If that's OK, I'd tackle pulling it through the rest (lib, c_wrappers, examples) so we can decide whether we're happy with the resulting API. In that stage, the current |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for providing this PR! Two comments:
- do we still need the intermediate
crypto
crate? i.e. can we merge thecrypto
crate withedhoc-crypto-trait
crate? - It would be great if the trait would include an
init()
function. Feel free to leave it empty for now on all backends and we can populate it in follow-up PRs.
@@ -1,13 +1,49 @@ | |||
//! Cryptography dispatch for the edhoc-rs crate |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can this file be merged with crypto/edhoc-crypto-trait/src/lib.rs
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It can't: The whole point of crypto-trait is that it will not depend on any concrete back-ends.
Eventually this should only be needed for things like tests where you want to switch around back-ends by the flick of a feature (as it makes for easy test matrices). It may make sense to rename that crate to edhoc-crypto-preferred-impl
-- but that crate would not make it to crates.io as long as it depends on a wide variety of not-on-crates optional dependencies.
pub use edhoc_crypto_cryptocell310::*; | ||
pub type Crypto = edhoc_crypto_cryptocell310::Crypto; | ||
|
||
#[cfg(any(feature = "cryptocell310", feature = "cryptocell310-rust"))] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cryptocell310-rust
does not exist any more, feel free to remove.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and same for psa-rust
@@ -12,6 +12,7 @@ hex = { version = "0.4.3", default-features = false } | |||
|
|||
hacspec-lib = { version = "0.1.0-beta.1", default-features = false, optional = true } | |||
edhoc-crypto = { path = "../crypto", default-features = false } | |||
edhoc-crypto-trait = { path = "../crypto/edhoc-crypto-trait" } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If edhoc-crypto-trait
and edhoc-crypto
were merged, this line should go away.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This line can only go away when the tests are moved out -- only then will lib work without depending on any concrete implementation.
I don't think that should be part of the trait, because its signature is not constant: For hacspec or any software impl, it'd be But the comments that are coming in are high-level enough that I can look into threading this through the rest, because this will give a better view of how it'd be applied in the end. |
This commit is not formatted to increase its readability.
This mostly changes the indentation of functions that moved from pure function to provided impls of a trait.
c93f352
to
3e9b45d
Compare
This has been replaced by #127 whcih is now merged. |
In this PR I'm experimenting with making the edhoc-crypto module not re-export items from different crates (whose interface is implicitly defined by the shared pub items), but define a type (ideally as
impl Trait
, but until TAIT is stable, as public reexports) that is accessed through a defined trait interface.Apart from cleaner separation of responsibilities, the longer goal here is to remove the need for one central and depending-on-everyone-depending-on-cfg edhoc-crypto crate, and to replace it with generics on the public structs and functions. While that could be used to run different back-ends in parallel (not sure why one would want that), its main goal is to sever the dependency from the library to the back-ends, making the library both easier to maintain and easier to upload to crates.io (#98). It'd then be up to the application to select its back-end, and propagate that through any intermediate crates that build on edhoc (which now don't have to pass on features any more, but can pass on types, which is also easier to maintain).
The first commit (after the ones from #102 that restore CI) only does this for hacspec -- this was tested locally, and I'm relying on CI to tell me where else changes are needed (while I'm still getting my bearings around the library).