Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Typestatification #128

Merged
merged 4 commits into from
Nov 10, 2023
Merged

Typestatification #128

merged 4 commits into from
Nov 10, 2023

Conversation

chrysn
Copy link
Collaborator

@chrysn chrysn commented Nov 5, 2023

(Please ignore the "Move crypto operations" commit, this is just based on #127).

In the high level API (edhoc.rs is left for later, turned out to work easily that way), passing the initiator by &mut is replaced by passing it by value, and receiving a new object with different APIs in return. This ensures at build time that functions are only called when suitable -- previously this would have the low-level implementation's checks at runtime. As a side effect, the Copy+Clone derives (that could easily be used to break EDHOC's security) could be removed, obsoleting #114 bit by bit.

This picks up discussion from around #99 (comment).

In order to make this practical, the C API is removed; it may later be reintroduced using higher level abstractions.

Current state: So far this only alters the initiator, not the responder. It also doesn't change API too much. Seeing whether this breaks anything that I did not test; next steps (maybe right in this PR) is typestating the responder.

@chrysn
remove: C API
4fef28a 
This is impeding the upcoming typestate-ification. When it is
re-introduced later at a higher level, files removed in this commit can
be reused as starting points.
@chrysn
feat!: Typestating of high-layer initiator
08d1649 
This is a rather minimal version in that the API is only altered as
necessary -- setting c_r is not deferred yet. Note that this already not
only reduces the size of the Done initiator, but also frees it from
lifetime constraints (because at that point it doesn't need to know the
setup details any more).
@geonnave
Copy link
Collaborator

geonnave commented Nov 5, 2023

Thanks for this PR! I went through and it looks good to me.

@chrysn chrysn force-pushed the typestatify branch 2 times, most recently from a6534ad to 3b833f4 Compare November 5, 2023 12:43
@chrysn chrysn mentioned this pull request Nov 6, 2023
Merged
@geonnave
Copy link
Collaborator

geonnave commented Nov 7, 2023

Same comment as here, just waiting for a hax build.

@geonnave
Copy link
Collaborator

geonnave commented Nov 8, 2023

Same as this comment, no issues with hax.

@geonnave
Copy link
Collaborator

geonnave commented Nov 8, 2023

@malishav I am ok with merging this. Do you wish to provide any input?

@geonnave geonnave merged commit 54470de into openwsn-berkeley:main Nov 10, 2023
24 checks passed
@chrysn chrysn deleted the typestatify branch November 10, 2023 10:10
@geonnave geonnave mentioned this pull request Jan 11, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
new feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@chrysn @geonnave