From: Esi Y <esiy0676+proxmox@gmail.com>
To: pbs-devel@lists.proxmox.com
Subject: Re: [pbs-devel] [PATCH proxmox 01/12] auth-api: move signing into the private key
Date: Mon, 26 Feb 2024 20:22:44 +0000 [thread overview]
Message-ID: <ZdzzFIIXp9kR0Po0@tema539532> (raw)
In-Reply-To: <20240215152001.269490-2-s.sterz@proxmox.com>
This might be a bit nitpicky, but wouldn't this exactly be an opportunity to properly introduce traits, so that in the future on the same kind of swapout, it is more streamlined and less regression prone going forward? Just wondering ... if there was a reason not to, on such a rewrite.
On Thu, Feb 15, 2024 at 04:19:50PM +0100, Stefan Sterz wrote:
> this commit moves the current ticket signing code into the private key
> implementation. the upside is that the caller does not need to deal
> with openssl's `Signer` directly. it also simplifies and unifies the
> code by using the same helper for verifying a signature and creating it.
>
> also derive `Clone` on `PrivateKey` and `PublicKey`. as they are
> essentially thin wrappers around `openssl::pkey::PKey<Private>` and
> `openssl::pkey::PKey<Public>`, which can be cloned, deriving `Clone`
> just makes them easier to use.
>
> Signed-off-by: Stefan Sterz <s.sterz at proxmox.com>
> ---
> proxmox-auth-api/src/auth_key.rs | 26 ++++++++++++++++----------
> proxmox-auth-api/src/ticket.rs | 21 ++-------------------
> 2 files changed, 18 insertions(+), 29 deletions(-)
>
> diff --git a/proxmox-auth-api/src/auth_key.rs b/proxmox-auth-api/src/auth_key.rs
> index cec7360..32120a3 100644
> --- a/proxmox-auth-api/src/auth_key.rs
> +++ b/proxmox-auth-api/src/auth_key.rs
> @@ -9,11 +9,13 @@ use openssl::rsa::Rsa;
> use openssl::sign::{Signer, Verifier};
>
> /// A private auth key used for API ticket signing and verification.
> +#[derive(Clone)]
> pub struct PrivateKey {
> pub(crate) key: PKey<Private>,
> }
>
> /// A private auth key used for API ticket verification.
> +#[derive(Clone)]
> pub struct PublicKey {
> pub(crate) key: PKey<Public>,
> }
> @@ -88,6 +90,13 @@ impl PrivateKey {
> pub fn public_key(&self) -> Result<PublicKey, Error> {
> PublicKey::from_pem(&self.public_key_to_pem()?)
> }
> +
> + pub(self) fn sign(&self, digest: MessageDigest, data: &[u8]) -> Result<Vec<u8>, Error> {
> + Signer::new(digest, &self.key)
> + .map_err(|e| format_err!("could not create private key signer - {e}"))?
> + .sign_oneshot_to_vec(data)
> + .map_err(|e| format_err!("could not sign with private key - {e}"))
> + }
> }
>
> impl From<PKey<Private>> for PrivateKey {
> @@ -204,15 +213,12 @@ impl Keyring {
> Ok(false)
> }
>
> - pub(crate) fn signer(&self, digest: MessageDigest) -> Result<Signer, Error> {
> - Signer::new(
> - digest,
> - &self
> - .signing_key
> - .as_ref()
> - .ok_or_else(|| format_err!("no private key available for signing"))?
> - .key,
> - )
> - .map_err(|err| format_err!("failed to create openssl signer - {err}"))
> + pub(crate) fn sign(&self, digest: MessageDigest, data: &[u8]) -> Result<Vec<u8>, Error> {
> + let key = self
> + .signing_key
> + .as_ref()
> + .ok_or_else(|| format_err!("no private key available for signing"))?;
> +
> + key.sign(digest, data)
> }
> }
> diff --git a/proxmox-auth-api/src/ticket.rs b/proxmox-auth-api/src/ticket.rs
> index 1737912..81054f8 100644
> --- a/proxmox-auth-api/src/ticket.rs
> +++ b/proxmox-auth-api/src/ticket.rs
> @@ -116,27 +116,10 @@ where
> /// Sign the ticket.
> pub fn sign(&mut self, keyring: &Keyring, aad: Option<&str>) -> Result<String, Error> {
> let mut output = self.ticket_data();
> - let mut signer = keyring.signer(MessageDigest::sha256())?;
> -
> - signer
> - .update(output.as_bytes())
> - .map_err(Error::from)
> - .and_then(|()| {
> - if let Some(aad) = aad {
> - signer
> - .update(b":")
> - .and_then(|()| signer.update(aad.as_bytes()))
> - .map_err(Error::from)
> - } else {
> - Ok::<_, Error>(())
> - }
> - })
> + let signature = keyring
> + .sign(MessageDigest::sha256(), &self.verification_data(aad))
> .map_err(|err| format_err!("error signing ticket: {}", err))?;
>
> - let signature = signer
> - .sign_to_vec()
> - .map_err(|err| format_err!("error finishing ticket signature: {}", err))?;
> -
> use std::fmt::Write;
> write!(
> &mut output,
> --
> 2.39.2
>
>
>
next prev parent reply other threads:[~2024-02-26 20:29 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-15 15:19 [pbs-devel] [PATCH proxmox{, -backup} 00/12] authentication cleanup and Stefan Sterz
2024-02-15 15:19 ` [pbs-devel] [PATCH proxmox 01/12] auth-api: move signing into the private key Stefan Sterz
2024-02-26 20:22 ` Esi Y [this message]
2024-02-27 9:12 ` Stefan Sterz
2024-02-27 18:13 ` Esi Y
2024-02-29 16:07 ` Stefan Sterz
2024-02-15 15:19 ` [pbs-devel] [PATCH proxmox 02/12] auth-api: move to Ed25519 signatures Stefan Sterz
2024-02-15 15:19 ` [pbs-devel] [PATCH proxmox 03/12] auth-api: add ability to use hmac singing in keyring Stefan Sterz
2024-02-15 15:19 ` [pbs-devel] [PATCH proxmox 04/12] auth-api: move to hmac signing for csrf tokens Stefan Sterz
2024-02-19 16:02 ` Max Carrara
2024-02-20 12:54 ` Max Carrara
2024-02-23 9:26 ` Stefan Sterz
2024-02-23 10:48 ` Thomas Lamprecht
2024-02-23 10:52 ` Stefan Sterz
2024-02-23 13:06 ` Wolfgang Bumiller
2024-02-15 15:19 ` [pbs-devel] [PATCH proxmox 05/12] sys: crypt: move to yescrypt for password hashing Stefan Sterz
2024-02-15 15:19 ` [pbs-devel] [PATCH proxmox 06/12] sys: crypt: use constant time comparison for password verification Stefan Sterz
2024-02-19 16:11 ` Max Carrara
2024-02-23 9:26 ` Stefan Sterz
2024-02-15 15:19 ` [pbs-devel] [PATCH proxmox 07/12] sys: crypt: add helper to allow upgrading hashes Stefan Sterz
2024-02-19 18:50 ` Max Carrara
2024-02-23 9:26 ` Stefan Sterz
2024-02-15 15:19 ` [pbs-devel] [PATCH proxmox 08/12] auth-api: fix types `compilefail` test Stefan Sterz
2024-02-15 15:19 ` [pbs-devel] [PATCH proxmox-backup 09/12] auth: move to hmac keys for csrf tokens Stefan Sterz
2024-02-19 18:55 ` Max Carrara
2024-02-23 9:26 ` Stefan Sterz
2024-02-15 15:19 ` [pbs-devel] [PATCH proxmox-backup 10/12] auth: upgrade hashes on user log in Stefan Sterz
2024-02-19 18:58 ` Max Carrara
2024-02-23 9:26 ` Stefan Sterz
2024-02-15 15:20 ` [pbs-devel] [PATCH proxmox-backup 11/12] auth/manager: add manager command to upgrade hashes Stefan Sterz
2024-02-19 19:06 ` Max Carrara
2024-02-23 9:26 ` Stefan Sterz
2024-02-15 15:20 ` [pbs-devel] [PATCH proxmox-backup 12/12] auth: us ec keys as auth keys Stefan Sterz
2024-02-19 19:10 ` Max Carrara
2024-02-23 9:26 ` Stefan Sterz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZdzzFIIXp9kR0Po0@tema539532 \
--to=esiy0676+proxmox@gmail.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox