Skip to content

crypto: require matching keys for CertifiedKey construction #2553

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 6 commits into
base: main
Choose a base branch
from
Draft

crypto: require matching keys for CertifiedKey construction #2553

wants to merge 6 commits into from

Conversation

djc
Copy link
Member

@djc djc commented Jul 11, 2025

One more part of #2119.

@djc
Make CertifiedKey non-exhaustive
b15b2d3 
This forces creation via one of the defined constructors.
@djc djc requested review from cpu and ctz July 11, 2025 08:52
@rustls-benchmarking Rustls Benchmarking
Copy link

rustls-benchmarking bot commented Jul 11, 2025
edited
Loading

Error running benchmarks

Cause:

`/tmp/.tmpMzj8Kj/target/release/rustls-ci-bench run-all --output-dir /home/ci-bench-runner/server/job-output/a7dd8779-3220-486d-b418-42b198de7e0d/candidate/results` exited with exit status Some(1)

Checkout details:

Logs

Candidate

command:

git init

cwd:

/tmp/.tmpMzj8Kj

stdout:

Initialized empty Git repository in /tmp/.tmpMzj8Kj/.git/

stderr:

hint: Using 'master' as the name for the initial branch. This default branch name
hint: is subject to change. To configure the initial branch name to use in all
hint: of your new repositories, which will suppress this warning, call:
hint: 
hint: 	git config --global init.defaultBranch <name>
hint: 
hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and
hint: 'development'. The just-created branch can be renamed via this command:
hint: 
hint: 	git branch -m <name>

command:

git remote add origin https://github.com/rustls/rustls.git

cwd:

/tmp/.tmpMzj8Kj

stdout: empty.

stderr: empty.

command:

git fetch origin fd69e8a101913e565efaaa8336a568ff47a7eb7c

cwd:

/tmp/.tmpMzj8Kj

stdout: empty.

stderr:

From https://github.com/rustls/rustls
 * branch              fd69e8a101913e565efaaa8336a568ff47a7eb7c -> FETCH_HEAD

command:

git checkout fd69e8a101913e565efaaa8336a568ff47a7eb7c

cwd:

/tmp/.tmpMzj8Kj

stdout: empty.

stderr:

Note: switching to 'fd69e8a101913e565efaaa8336a568ff47a7eb7c'.

You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by switching back to a branch.

If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -c with the switch command. Example:

  git switch -c <new-branch-name>

Or undo this operation with:

  git switch -

Turn off this advice by setting config variable advice.detachedHead to false

HEAD is now at fd69e8a1 crypto: require matching keys for CertifiedKey construction

command:

cargo build --locked --release

cwd:

/tmp/.tmpMzj8Kj/ci-bench

stdout: empty.

stderr:

   Compiling libc v0.2.172
   Compiling shlex v1.3.0
   Compiling fs_extra v1.3.0
   Compiling dunce v1.0.5
   Compiling proc-macro2 v1.0.95
   Compiling zeroize v1.8.1
   Compiling crossbeam-utils v0.8.21
   Compiling aws-lc-rs v1.13.1
   Compiling cfg-if v1.0.0
   Compiling unicode-ident v1.0.18
   Compiling untrusted v0.9.0
   Compiling rustls-pki-types v1.12.0
   Compiling utf8parse v0.2.2
   Compiling anstyle-parse v0.2.7
   Compiling anstyle v1.0.11
   Compiling jobserver v0.1.33
   Compiling getrandom v0.2.16
   Compiling quote v1.0.40
   Compiling crossbeam-epoch v0.9.18
   Compiling cc v1.2.26
   Compiling syn v2.0.101
   Compiling rayon-core v1.12.1
   Compiling anstyle-query v1.1.3
   Compiling once_cell v1.21.3
   Compiling is_terminal_polyfill v1.70.1
   Compiling log v0.4.27
   Compiling colorchoice v1.0.4
   Compiling subtle v2.6.1
   Compiling anstream v0.6.19
   Compiling crossbeam-deque v0.8.6
   Compiling heck v0.5.0
   Compiling anyhow v1.0.98
   Compiling clap_lex v0.7.4
   Compiling strsim v0.11.1
   Compiling either v1.15.0
   Compiling cmake v0.1.54
   Compiling clap_builder v4.5.39
   Compiling byteorder v1.5.0
   Compiling fxhash v0.2.1
   Compiling aws-lc-sys v0.29.0
   Compiling ring v0.17.14
   Compiling tikv-jemalloc-sys v0.6.0+5.3.0-1-ge13ca993e8ccb9ba9847cc330696e02839f328f7
   Compiling crabgrind v0.1.9
   Compiling rayon v1.10.0
   Compiling clap_derive v4.5.32
   Compiling clap v4.5.39
   Compiling async-trait v0.1.88
   Compiling itertools v0.14.0
   Compiling tikv-jemallocator v0.6.0
   Compiling rustls-webpki v0.103.4
   Compiling rustls v0.24.0-dev.0 (/tmp/.tmpMzj8Kj/rustls)
   Compiling rustls-test v0.1.0 (/tmp/.tmpMzj8Kj/rustls-test)
   Compiling rustls-fuzzing-provider v0.1.0 (/tmp/.tmpMzj8Kj/rustls-fuzzing-provider)
   Compiling rustls-ci-bench v0.0.1 (/tmp/.tmpMzj8Kj/ci-bench)
    Finished `release` profile [optimized] target(s) in 40.09s

command:

/tmp/.tmpMzj8Kj/target/release/rustls-ci-bench run-all --output-dir /home/ci-bench-runner/server/job-output/a7dd8779-3220-486d-b418-42b198de7e0d/candidate/results

cwd:

/tmp/.tmpMzj8Kj/ci-bench

stdout: empty.

stderr:


thread 'main' panicked at rustls-fuzzing-provider/src/lib.rs:65:83:
called `Result::unwrap()` on an `Err` value: InconsistentKeys
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
Error: handshake_no_resume_1.3_no_crypto crashed for client side

Caused by:
    Broken pipe (os error 32)

thread 'main' panicked at rustls-fuzzing-provider/src/lib.rs:65:83:
called `Result::unwrap()` on an `Err` value: InconsistentKeys
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
Error: handshake_session_id_1.3_no_crypto crashed for client side

Caused by:
    Broken pipe (os error 32)

thread 'main' panicked at rustls-fuzzing-provider/src/lib.rs:65:83:
called `Result::unwrap()` on an `Err` value: InconsistentKeys
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
Error: handshake_tickets_1.3_no_crypto crashed for client side

Caused by:
    Broken pipe (os error 32)

thread 'main' panicked at rustls-fuzzing-provider/src/lib.rs:65:83:
called `Result::unwrap()` on an `Err` value: InconsistentKeys
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
Error: transfer_no_resume_1.3_no_crypto crashed for client side

Caused by:
    Broken pipe (os error 32)

thread 'main' panicked at rustls-fuzzing-provider/src/lib.rs:65:83:
called `Result::unwrap()` on an `Err` value: InconsistentKeys
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
Error: handshake_no_resume_1.2_no_crypto crashed for client side

Caused by:
    failed to fill whole buffer

thread 'main' panicked at rustls-fuzzing-provider/src/lib.rs:65:83:
called `Result::unwrap()` on an `Err` value: InconsistentKeys
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
Error: handshake_tickets_1.2_no_crypto crashed for client side

Caused by:
    failed to fill whole buffer

thread 'main' panicked at rustls-fuzzing-provider/src/lib.rs:65:83:
called `Result::unwrap()` on an `Err` value: InconsistentKeys
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
Error: handshake_session_id_1.2_no_crypto crashed for client side

Caused by:
    failed to fill whole buffer

thread 'main' panicked at rustls-fuzzing-provider/src/lib.rs:65:83:
called `Result::unwrap()` on an `Err` value: InconsistentKeys
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
Error: transfer_no_resume_1.2_no_crypto crashed for client side

Caused by:
    Broken pipe (os error 32)
Error: One or more benchmarks crashed

Baseline

Not available

@djc djc force-pushed the checked-certified-keys branch from 4c123f9 to b7dae68 Compare July 11, 2025 09:03
@djc djc force-pushed the checked-certified-keys branch from b7dae68 to 5343fc9 Compare July 11, 2025 09:35
@djc djc force-pushed the checked-certified-keys branch from 5343fc9 to fd69e8a Compare July 11, 2025 10:05
@ctz
Copy link
Member

ctz commented Jul 11, 2025

Haven't reviewed this in detail, but I think we need to continue avoiding:

  • requiring integrators of secure elements, key store APIs, etc. to be able to output public keys for existing private ones, and format those public keys in a specific format. that is especially true when it comes to PKCS#11 which represents the relationship between private keys and their certificates in the API, so us doing that separately is a duplication of effort.
  • requiring that every certificate is parsable by the webpki crate -- so if we have a checking new() we'd need a new_unchecked()

ctz
ctz reviewed Jul 11, 2025
View reviewed changes
rustls/src/error.rs
Self::InconsistentKeys(why) => {
write!(f, "keys may not be consistent: {why:?}")
Self::InconsistentKeys => {
write!(f, "public key does not match private key")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
write!(f, "public key does not match private key")
write!(f, "public key in certificate does not match private key")

rustls/src/crypto/signer.rs
Comment on lines -70 to +71
fn public_key(&self) -> Option<SubjectPublicKeyInfoDer<'_>>;
fn public_key(&self) -> SubjectPublicKeyInfoDer<'_>;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Obsolete rustdoc comment above this.

@djc
Copy link
Member Author

djc commented Jul 11, 2025

Would be good to get these things mentioned/described in comments at least:

  • requiring integrators of secure elements, key store APIs, etc. to be able to output public keys for existing private ones, and format those public keys in a specific format. that is especially true when it comes to PKCS#11 which represents the relationship between private keys and their certificates in the API, so us doing that separately is a duplication of effort.

What specifically are the constraints here? Does this mean we can't even make the change to have SigningKey::public_key() return a non-optional value? What constraints does the TLS protocol conceptually impose on CertifiedKey values? Does the protocol not depend on getting the SPKI out of the certificates anyway?

  • requiring that every certificate is parsable by the webpki crate -- so if we have a checking new() we'd need a new_unchecked()

Why not?

@djc djc marked this pull request as draft July 11, 2025 11:47
@djc
Copy link
Member Author

djc commented Jul 11, 2025

Let's do

first.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ctz ctz ctz left review comments

@cpu cpu Awaiting requested review from cpu

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@djc @ctz
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy