Implement revocation service from Python code #134
Conversation
|
Will fix format issues |
ashcrow
force-pushed
the
revocation
branch
3 times, most recently
from
2c21930 to
8da03b7
Compare
ashcrow
force-pushed
the
revocation
branch
6 times, most recently
from
c9dccd7 to
e3a2016
Compare
ashcrow
changed the title
ashcrow
changed the title
|
The code looks good to me. Would it take much to refactor into a The other thing would be some unit tests, but I am understanding this might not be easy with ZMQ and might be more suited to a functional / integration test. |
|
@lukehinds That's a good idea. I'll move it out into it's on file and have it utilized in |
|
Updated |
|
Updated based on @puiterwijk's review. |
src/revocation.rs
Outdated
| "Loading the revocation certificate from {}", | ||
| revocation_cert_path | ||
| ); | ||
| match crypto::rsa_import_pubkey(revocation_cert_path.clone()) { |
There was a problem hiding this comment.
If rsa_import_pubkey had accepted an &str, you wouldn't have needed to .clone() the path here. That's exactly why that is more idiomatic 😄
There was a problem hiding this comment.
Makes sense, thanks! I've updated the others but I'll leave this one be for now since it's in rsa_import_pubkey.
|
|
||
| // Verify the message and signature with our key | ||
| let mut verified = | ||
| crypto::rsa_verify(cert_key.clone(), message, signature); |
There was a problem hiding this comment.
Is there any chance cert_key could be given as a reference too (&...)? That would save us from having to clone() every time we get a message.
There was a problem hiding this comment.
We can make rsa_verify take a reference but once inside the function it seems like we need to clone for PKey::from_rsa though I may be wrong. Thoughts?
There was a problem hiding this comment.
I am good with this now, @puiterwijk if @ashcrow answer satisfies you, we can merge this
There was a problem hiding this comment.
Sure. Let's merge it like this and improve later.
ashcrow
force-pushed
the
revocation
branch
2 times, most recently
from
5e91178 to
6bd2da8
Compare
|
Rebased |
|
Will rebase shortly |
|
Rebased! |
|
Bump |
|
hey @puiterwijk this needs approval from you as well (changes requested)
|
|
@puiterwijk ,please ack if the review request is resolved, so we can merge this. I am sure we will revisit the code again once then parts are rigged together. |
|
Bah! Needs another rebase! |
Signed-off-by: Steve Milner <[email protected]>
Signed-off-by: Steve Milner <[email protected]>
Verify remote messages against signatures via rsa_verify Signed-off-by: Steve Milner <[email protected]>
ashcrow
force-pushed
the
revocation
branch
2 times, most recently
from
206e16e to
af64084
Compare
|
hey @ashcrow , keen to approve this for you. It seems all we have now are some redundant clones (see CI 'Fedora tests'). If you could make another quick commit I would like to merge this and start rigging up the revocation actions. |
Closes: keylime#92 Signed-off-by: Steve Milner <[email protected]>
Signed-off-by: Steve Milner <[email protected]>
Signed-off-by: Steve Milner <[email protected]>
|
Looks like this resolves #92 (hopefully this comment will link it) |
Adds:
rsa_verifyfunctionrun_revocation_serviceimplementationNote: Callback is not implemented here.
See: #92