New API for the headers function
#51
Conversation
Avoids moving `self`, extra hashing, and saves some allocation
There was a problem hiding this comment.
Thanks, and sorry for the delay in looking at this. What you're doing here broadly looks good to me. Please consider adding a basic test-case for completeness, just calling these methods with fixed data and checking that the expected headers come out as a result.
Avoid the use of HashMap that adds extra workload to the process
Can you say more about the "extra workload" aspect of this in practice? Does the Vec make it easier to integrate into calling code than using a HashMap?
| "dh={}", | ||
| base64::encode_config(&self.dh, base64::URL_SAFE_NO_PAD) | ||
| let dh = base64::encode_config(&self.dh, base64::URL_SAFE_NO_PAD); | ||
| let crypto_key = match vapid_public_key { |
There was a problem hiding this comment.
The use of an optional vapid key here makes sense to me. I'm tempted to suggest a more open-ended approach here, e.g. allowing the caller to specify arbitrary key-value pairs that get put into the header..but that's probably going to make more opportunities for things to go wrong, so special-casing this p256ecdsa field seems fine 👍
There was a problem hiding this comment.
The idea with this one is that the Crypto-Key field needs to be merged since there are several sub key-value pairs in its value (dh and p256ecdsa), one for Vapid and the other one being specific to the AESGCM scheme (this odd mix has been streamlined in AES128GCM, where the headers part is far easier to pull off). So allowing users to provide the entire key-pair would require them to effectively merge this Crypto-Key header themselves using the keys from their Vapid Signature and from the returned AESGCMEncryptedBlock, which I'm trying to avoid here.
Apart from this specific case, the function returns an owned Vec so it's pretty easy to push new key-value pairs in it if necessary, outside of the function itself.
I'm referring to the hashing algorithm that is used for hashing keys in Since correct headers are provided (including the special So the user experience should remain the same (or even slightly better since the I hope all that was clear enough 😅 |
|
Thanks, that makes sense :-) |
|
Whoops, sorry, I didn't notice that you'd move this out of "draft". Taking a look now. |
There was a problem hiding this comment.
Thanks again @tiesselune! I'm going to go ahead and merge this as I've got some other changes that I'll be working on shortly that I also expect to be a breaking change, we we might as well batch a few up for the next release.
This pull request addresses issue #50
This new API (⚠️ breaking change) is meant to:
selfinto the function since it is not necessary (currently, it forces a copy if we want both the headers and theciphertextbecause both require moving out of theAesGcmEncryptedBlock)&'static strs instead ofStrings for the keysHashMapthat adds extra workload to the processCrypto-Keyheader (thus removing the need to merge it, and allowing for the change from aHashMapto aVector)Use cases
headersandciphertextwithout having to copy one of them to avoid a double moveStringandHashMap. (e.g. 1 million users to notify individually in one go) Since the draft for the AESGCM scheme is not likely to change anymore and the AES128GCM scheme is handled separately, we can now assume keys for AESGCM headers will always be fixed and use&'static strs and a tupleVecinstead.