Skip to content

[stream] Use full transcript in dialer key confirmation #1188

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Jul 1, 2025
Merged

[stream] Use full transcript in dialer key confirmation #1188

merged 8 commits into from
Jul 1, 2025

Conversation

BrendanChou
Copy link
Collaborator

@BrendanChou BrendanChou commented Jul 1, 2025
edited
Loading

Fixes #1178

Technically only the first commit is needed, the other two clean up the code

Cleanup steps:

  • Removed create_handshake_transcript() function which duplicates the logic of commonware_utils::union
  • Removed ListenerResponse type and just use tuple instead. The codec already has default implementations for encoding/decoding tuples
  • Change from C: PublicKey to P: PublicKey where appropriate to match the rest of the codebase
  • Modified naming of handshake steps to be consistently 1) Hello and 2) Confirmation
  • For MY hello or confirmation used variable names like hello / confirmation. For the OTHER's hello or confirmation, used variable names like listener_* or dialer_*
  • When naming variables of the raw bytes, use _msg instead of _bytes for consistency (previously was using both for naming)

dnkolegov-ar
dnkolegov-ar reviewed Jul 1, 2025
View reviewed changes
stream/src/public_key/connection.rs Outdated

// Verify dialer's key confirmation proves they can derive the shared secret
// This uses the d2l_confirmation cipher with the handshake transcript as associated data
let transcript = union(&d2l_msg, &response_msg);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it not be simpler for understanding

let transcript = union(&transcript, confirmation.encode());

?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think some people might find it simpler or more complicated.

What's definitely true though is that it does more CPU work by doing additional encoding, and does the same amount of bytes copying. I'll leave it largely as-is for now but will try to clarify with better naming

patrick-ogrady
patrick-ogrady reviewed Jul 1, 2025
View reviewed changes
stream/src/public_key/connection.rs
// Create and send hello + confirmation (Message 2)
let cipher::Directional { l2d, d2l } = confirmation;
let confirmation = Confirmation::create(l2d, &hello_transcript)?;
let response_msg = (hello, confirmation).encode();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fancy 👀

@patrick-ogrady patrick-ogrady merged commit 8701cb8 into main Jul 1, 2025
31 checks passed
@patrick-ogrady patrick-ogrady deleted the bc/1178 branch July 1, 2025 21:03
@codecov Codecov
Copy link

codecov bot commented Jul 1, 2025

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 91.27%. Comparing base (89f2192) to head (5ab0e4e).
Report is 3 commits behind head on main.

@@            Coverage Diff             @@
##             main    #1188      +/-   ##
==========================================
+ Coverage   91.22%   91.27%   +0.04%     
==========================================
  Files         216      216              
  Lines       57982    58309     +327     
==========================================
+ Hits        52896    53223     +327     
  Misses       5086     5086
Files with missing lines Coverage Δ
stream/src/public_key/cipher.rs 99.49% <100.00%> (+0.02%) ⬆️
stream/src/public_key/connection.rs 99.36% <100.00%> (-0.02%) ⬇️
stream/src/public_key/handshake.rs 100.00% <100.00%> (ø)

... and 2 files with indirect coverage changes

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 89f2192...5ab0e4e. Read the comment docs.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@patrick-ogrady patrick-ogrady patrick-ogrady approved these changes

@dnkolegov-ar dnkolegov-ar dnkolegov-ar approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

No transcript update after sending key confirmation

3 participants

@BrendanChou @patrick-ogrady @dnkolegov-ar