Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Made internal keyids consistent #453

Merged

Conversation

KOLANICH
Copy link
Contributor

Description of the changes being introduced by the pull request:

It was noticed that internal keyids for ECDSA keys get inconsistent when imported from PEM because hazmat either adds nonsignificant whitespaces or not. securesystemlib currently forms internal keyids by hashing PEM representations (which is IMHO incorrect), so the keyids are affected by nonsignificant changes. This PR just strips the PEM representations of trailing whitespaces. The proper solution to the problem is to generate the keyids from significant portions of keys only and to make them compatible to other impls, but it is not my job.

Please verify and check that the pull request fulfils the following requirements:

  • The code follows the Code Style Guidelines
  • Tests have been added for the bug fix or new feature - not my job, the lib was undertested initially
  • Docs have been added for the bug fix or new feature - not needed, no API changes

@jku jku mentioned this pull request Nov 2, 2022
3 tasks
@jku
Copy link
Collaborator

jku commented Nov 2, 2022

I think this looks ok. Can you confirm if this fixes a practical issue or if it's just a cosmetic fix: even if cryptography sometimes includes whitespace in the pem, why do we care? Does something break?

I think roughly everyone agrees that keyids are not ideal: IMO they should not be tied to key content at all and should be just identifiers. If I recall correctly TAP-12 is the attempt at making that the rule in TUF.

@KOLANICH
Copy link
Contributor Author

KOLANICH commented Nov 2, 2022

Can you confirm if this fixes a practical issue or if it's just a cosmetic fix: even if cryptography sometimes includes whitespace in the pem, why do we care? Does something break?

It breaks the tests for importing SSH keys. When one imports a public key to hazmat and exports them to PEM, and one imports a private key to hazmat, converts it to public one and exports to PEM, the PEM reprs differ by a line break character in the end. Currently securesystemslib computes keyids as hashes of PEM reprs.

@jku
Copy link
Collaborator

jku commented Nov 2, 2022

I see. The PR seems fine to me but my suggestion is that you should not expect the keyid to be reproducible like that: I don't think the implementation is very robust so things like modifying values in securesystemslib.settings will break that reproducibility...

@KOLANICH
Copy link
Contributor Author

KOLANICH commented Nov 2, 2022

The PR seems fine to me but my suggestion is that you should not expect the keyid to be reproducible like that

I know, for example base64 reprs of keys usually ignore line breaks, so changing the line wrap width will also break the keyids. Ideally the field should be immediately renamed into an internal_inconsistent_keyid to make it clear that people should not rely on them (and break the apps of those who relies), and then implement consistent keyids matching the ones external tools print and phase out the internal keyids completely.

So this PR just relieves some of the sympthoms.

@KOLANICH KOLANICH force-pushed the internal_keyid_consistency branch 2 times, most recently from 4e3f646 to acb823b Compare November 7, 2022 18:23
@jku jku mentioned this pull request Nov 14, 2022
3 tasks
@lukpueh
Copy link
Member

lukpueh commented Nov 17, 2022

Thanks for the patch, @KOLANICH! I think the patch makes sense, but I wonder if it is all that helpful, given the more substantial issues with keyids discussed above.

If this is currently only needed for #451, then I suggest to defer until we know how to proceed with #451. See #451 (comment)

@KOLANICH
Copy link
Contributor Author

If this is currently only needed for #451

It is, but I'm not sure that working around the lack of this patch via monkey-patching makes sense. Of course the keyids will be fixed somewhen and all the impls (including tuf) relying on them them will break. But this is inevitable (an alternative to keep compatibility to already broken and inconsistent keyid calculation IMHO makes no sense). When this happens I'd have to (and other repo owners, if there is any, it will likely not gain large popularity before the New Year, so OK) just regenerate the tuf repo for my tool from scratch and reimport the repos (should be easy, the tool currently uses ToFU trust model).

@KOLANICH KOLANICH force-pushed the internal_keyid_consistency branch from acb823b to 3ea7d4b Compare November 21, 2022 17:16
@KOLANICH
Copy link
Contributor Author

Worked around for 1 key type with monkey-patching.

https://github.com/KOLANICH/securesystemslib_KOLANICH.py

…e key imported from different sources because of internal usage of PEM serialization an usage of hashsum of such a serialization as an internal keyid.

This won't fix all the inconsistency issues, the way keys are hashed to obtain key ids should be completely reworked.
@KOLANICH KOLANICH force-pushed the internal_keyid_consistency branch from 378aa7f to 7c159c9 Compare November 29, 2022 14:32
Copy link
Collaborator

@jku jku left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think I agree with the commit message: No-one seems to be interested enough to actually implement the keyid generation (for all keytypes) in the way current TUF spec defines it -- in other words the spec should be changed to not have the strict requirements and just require that keyids are unique per delegating role. I think in future securesystemslib should make it clear that users should not expect the generated keyids to be any kind of "stable API": it's just a way to get hopefully unique identifiers.

That said, the actual patch seems fine: it only modifies the output from key generation, so should not break code? Let's either merge or not, and then close this PR.

@lukpueh lukpueh merged commit f41b2a9 into secure-systems-lab:master Feb 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants