-
Notifications
You must be signed in to change notification settings - Fork 134
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refactor: noise-sv2
crate
#1130
Comments
I noticed a few
We should propagate these errors instead of using |
they are inffalible, if you prefer you can use expect. I strongly suggest to not propagate error for impossible cases as we would only make the code harder to understand. |
Based on the discussion about using the multi-cipher (referenced here: #916 (comment)), we need to remove AES_256_GCM from our codebase and update the specs accordingly. |
Considering the comment by @plebhash here: #916 (comment), and the removal of |
Just so we know, the %rg aes_gcm -i -l
protocols/v2/noise-sv2/src/cipher_state.rs
protocols/v2/noise-sv2/src/aed_cipher.rs
protocols/v2/noise-sv2/src/responder.rs
protocols/v2/noise-sv2/src/handshake.rs
protocols/v2/noise-sv2/src/lib.rs
protocols/v2/noise-sv2/src/initiator.rs
protocols/v2/noise-sv2/src/error.rs
protocols/v2/noise-sv2/tmp.rs
utils/buffer/src/lib.rs
utils/buffer/src/buffer.rs
utils/buffer/src/buffer_pool/mod.rs |
The specs have been updated with this PR. |
potentially relevant here: stratum-mining/sv2-spec#65 |
Reminder: Add a unit test to the noise-sv2 module. See discussion: #1111 (comment) |
remove redundant unused code in module: #1111 (comment) |
The following may be unused imports in the
|
Perhaps |
Reminder that all imports should be at the top of the file, meaning we should never be calling |
Because docs on private modules are not rendered by cargo docs by default (will render if the Perhaps we make these modules public? Or perhaps when we publish the final documentation, we publish the private logic docs as well (if this is an option)? |
In Otherwise, if both are needed, we need to fix the grammatical error: |
In the |
Error variants that I cannot find uses of in the entire repo:
|
not agree if the code is infallibe unwrap or expect is a fare better solution that propoagate the error. We can put some assertion to be extrasafe. |
why? |
if not used better to remove them, remember to bump minor version if you do it, otherwise we will get compilation error on importers |
In general I agree with this approach but I think there are some exceptions. If you are using a module from |
I think IMO though, it is best to add the error variants and keep the code consistent without panics. |
if the code is provably safe (it could never panic under any circumstances), then it makes sense to use For example: let valid_from = std::time::SystemTime::now()
.duration_since(std::time::UNIX_EPOCH)
- .unwrap()
+ .expect("std::time::SystemTime::now() should always be later than std::time::UNIX_EPOCH")
.as_secs(); I'm against using
I don't think this makes sense. The only thing an assertion would do is to panic, which is exactly what would happen with the overall, my strong stance on this discussion is: we cannot ever have our libs doing panics for edge cases... a robust library has proper error handling and if we're making exceptions for cases we are 100% sure there will never be a panic, we should make that explicitly clear. |
@Fi3 ,
However, in our implementation, the |
Personally I find |
I would personally prefer the implementation to align more closely with the Noise NX protocol. We already have the |
nack for me is working well and I don't think that the code lack clarity. |
I think it is worth while to identify the difference between the Noise protocol specification and our current implementation. We should adhere as close to the specification as possible as this is a very important crate. @Shourya742 continue to identify the differences, then we can discuss these areas for potential refactor. |
I think stratum/protocols/v2/noise-sv2/src/lib.rs Lines 22 to 25 in ab0ddd6
edit: after we drop support for So I would suggest something like this: -pub struct NoiseCodec {
+pub struct NoiseEngine {
- encryptor: GenericCipher,
+ encryptor: Cipher<ChaCha20Poly1305>,
- decryptor: GenericCipher,
+ decryptor: Cipher<ChaCha20Poly1305>,
} |
based on my learnings around
for then this complexity can be abstracted away via |
replying to 3 comments by @rrybarczyk
if we remember we will drop support for |
Handshake is part of Noise. The crate already "follow" the spec as close as possible since it implement them. HandshakeOp and CipherState are traits if you just want to change the trait name is ok with me. But before refactoring noise keep in mind that:
|
for the reasons that I enumerated in my prev message I would be very careful here. Agree that NoiseCodec is bad name |
the and it seems it only exists under the assumption that more than one single cipher is supported but once so we should probably eliminate the if we choose to keep the however I'm not sure how realistic this use-case is |
|
maybe a future version of sv2? I'm not super happy to change code in this crate since is very hard to debug (and it works and it is fast), also leave it like it is is not really bad, probably would be better without the trait, but we still have a clean interface with the trait. |
this comment will probably be erased by #1111 but it is an indication that this function should probably be private, not public stratum/protocols/v2/noise-sv2/src/cipher_state.rs Lines 196 to 197 in 060131e
see #916 (comment) for more context |
Change |
we should evaluate visibility of all elements of the crate |
Interestingly, there is a |
I posed a question somewhere in this PR's conversation suggesting we remove |
I would remove it in the refactoring PRs, for now we should take note of that in the specific issue |
Agree. |
Why remove it entirely and not having tests in |
I think we should consider implementing |
that is a very good catch! adding some extra context that will be relevant when we tackle this: most for the crates that already support but then we noticed that was becoming a blocker for #985 (comment) so we made now we have #1230 that is proposing to invert this logic, making the opt-in feature flag to be |
I didn't had the historical point of view. Thanks to explaining it to me. #1230 is not proposing to have I run into lot of difficulties becasue many crate, even if having a #![cfg_attr(feature = "no_std", no_std)] For instance :
So before doing noise_sv2, I wanted to propose an uniform way of handling |
Background
This task is an outcome of the
protocols
Rust docs issues tracked in #845.While documenting
protocols::v2::noise-sv2
in #1013, areas of potential code debt were identified. This issue servers as a place to list out these items to then be addressed in an organized manner. The initial Rust documentation effort was an immediate action, while a refactoring (which implies breaking API changes) is not so urgent priority, so for now we should leave this in the backlog for an appropriate moment in the future.Identified Potential Code Debt
noise_sv2::cipher_state::GenericCipher
enum + associated logic to its ownnoise_sv2::generic_cipher
module. Or, perhaps given the comment in the #916 discussion and the removal of AES256GCM in this sv2-spec PR, we do not need theGenericCipher
at all? Do we plan so support anything other thanChaCha20Poly1305
in the future?noise_sv2::cipher_state::Cipher
struct and associated logic into its ownnoise_sv2::cipher
module.unwraps
in theimpl From<[u8; 74]> for SignatureNoiseMessage
from
method.Result
type alias around our customError
enum. Should add and use this everywhere we have astd::result::Result
type.handshake::HandshakeOp
trait public so users can callResponder::generate_key()
.The text was updated successfully, but these errors were encountered: