-
Notifications
You must be signed in to change notification settings - Fork 318
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CIP-0083 | confirm openssl behaviour, fix command line example #795
CIP-0083 | confirm openssl behaviour, fix command line example #795
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@paweljakubas thanks; we'll discuss with & tag the CIP-0083 authors & reviewers as per #409 - but first please remove the superfluous white space changes (probably from your code editor) so we can properly focus on the changes you are proposing. The code diff should look like this when done 🙏 https://github.com/cardano-foundation/CIPs/pull/795/files?w=1
thanks @rphair . I had automatic trailing whitespace removal. Now it should be ok. I will re-check |
@paweljakubas we have to be 100% sure about changing an Also: if these wallets have been padding to 16-byte blocks in practice, without CIP-0083 telling them to, certainly CIP-0083 should be updated to mention such a practice... which in turn suggests maybe a V2 of this protocol if some implementations are not padding the blocks. 😬 @gitmachtl @AndrewWestberg @Crypto2099 where does the trade practice stand on this issue? (The second issue of shell syntax seems absolutely straightforward and should be ready to change regardless: unless any objections about the command phrasing.) |
The changes seem minor and "default behavior" as defined, this is just explicitly stating what expected default behavior is. I'm good with adding this change as-written currently personally. |
Do the codesamples that accompany CIP-0083 add padding? |
@rphair @Crypto2099 @HeinrichApfelmus Last commit adjust |
No special things are taken into account about padding in the codesamples. |
@paweljakubas So not sure if this is really an issue, i guess we can edit it but it will not have an impact on the current implementation in the wallets, explorers, etc. IMO |
Whitespaces are valid data, before or after some text. So we have to be careful about that. But again, the content is json. So if openssl is automatically adding zero bytes to fill up the 16byte blocks, it does not impact the overall outcome of the json itself for further processing. |
@gitmachtl thanks for the comments! Indeed, when handling json objects extra newline might be not a problem as usually it undergoes further json parsing and it should end up with the same end content. Nevertheless, it is always good to have complete openssl interoperability and be surprise the least, especially if one works on the level of bytes. As I was when implementing this CIP and finding openSSL inconsistency as I was not appending newline. Only through debugging on byte level I realized the nature of the inconsistency. IMHO it would be also worth adding something about padding that is implicit in openSSL in this context. I am advocate of adding golden tests when implementing something according to standard/CIP/.. and here those two details are important to be in line. Of course, it is great you anticipate no problems due to that 👍 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm happy with this after @Crypto2099's confirmation (#795 (comment)) that it reflects trade practice, including:
- padding included & defined exactly as exhaustively documented and linked on the IETF web page;
- a more portable shell example (without the dubious
<<<
); - though newline likely "not a problem", not adding it does make the process seem more portable.
@gitmachtl it's already listed under So I think it's understood that further implementors don't have to be added to the text content or provide evidence for them in screenshots (cc @Crypto2099 @Ryun1 in case they disagree). |
@paweljakubas I've put this on the CIP Editors Meeting agenda in 5 days' time (https://hackmd.io/@cip-editors/87) since I think as soon as we can get the other editors to run through this, and also get whatever devs present to double-check, this could be merged at the next meeting or shortly afterward (if not already done in the meantime). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems to be low risk of breaking existing implementations, so this change is probably good.
Well received at this evening's CIP Editor meeting so just waiting for @Crypto2099 to also endorse this before merging. |
p.s. marking |
A. There is one under-specification that I found worth adding.
AES-256-CBC cipher as implemented in OpenSSL requires messages that are a multiple of 16-bytes. If the message does not fit then padding is used. In the current PR the padding technique is explicitly exhibited. It is very important information for those that implement this CIP - as I was in the context of cardano-wallet.
B. The second thing worth mentioning is the example specified, ie.
It is unfortunate as
<<<
is adding new line!Further proof:
Hence, I allowed myself to rewrite example using
echo -n
C. jq powered encryption example.
-j
option is missing (it instructs jq to not add newline). Illustrative example below (I used nosalt in order to be easily reproducible).It should be like that (not adding newline)
It is now :
After last commit and using
-j
we have perfect alignment withecho -n
: