Skip to content
This repository has been archived by the owner on Jun 3, 2020. It is now read-only.

Mark imported priv_validator keys as exportable #248

Merged
merged 1 commit into from
Apr 29, 2019
Merged

Mark imported priv_validator keys as exportable #248

merged 1 commit into from
Apr 29, 2019

Conversation

mdyring
Copy link
Contributor

@mdyring mdyring commented Apr 29, 2019

Fixes #245 for imported priv_validator keys.

tarcieri
tarcieri reviewed Apr 29, 2019
View reviewed changes
src/commands/yubihsm/keys/import.rs
@@ -190,7 +190,7 @@ impl ImportCommand {
key_id,
label,
DEFAULT_DOMAINS,
DEFAULT_CAPABILITIES,
DEFAULT_CAPABILITIES | yubihsm::Capability::EXPORTABLE_UNDER_WRAP,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps it'd make sense to just add EXPORTABLE_UNDER_WRAP to the DEFAULT_CAPABILITIES.

If we did that, this would need to be updated too:

https://github.com/tendermint/kms/blob/69157e4adddead46b31fed8b032276c25975b32b/src/commands/yubihsm/keys/generate.rs#L76

...but right now the logic there is oddly inverted anyway (silly me), so it would actually be more straightforward I think to remove the EXPORTABLE_UNDER_WRAP capability if the key is explicitly configured to be non-exportable.

@mdyring
Copy link
Contributor Author

mdyring commented Apr 29, 2019

Agree it would be nicer, unfortunately I am not fluent in Rust so my feeble attempt is failing so far:

error[E0015]: calls in constants are limited to constant functions, tuple structs and tuple variants
  --> src/commands/yubihsm/keys/mod.rs:20:55

20 | pub const DEFAULT_CAPABILITIES: yubihsm::Capability = yubihsm::Capability::SIGN_EDDSA | yubihsm::Capability::EXPORTABLE_UNDER_WRAP;

@tarcieri
Copy link
Contributor

@mdyring ok, in that case I think this is fine for now and I can try to submit a followup PR to do what I was describing later

@tarcieri tarcieri merged commit abd0e32 into tendermint:master Apr 29, 2019
@tarcieri tarcieri added the security Security-critical issues label Jul 25, 2019
@tarcieri tarcieri mentioned this pull request Jul 30, 2019
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@tarcieri tarcieri tarcieri left review comments

Assignees
No one assigned
Labels
security Security-critical issues
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

yubihsm export failing
2 participants
@mdyring @tarcieri