Refactoring to support future methods

[ElsaLopez133]

Refactoring current code to add additional methods in the future (PSK)

1. Added method-specific states (ProcessingM2StatStat, ProcessingM3StatStat), that diverge from PSK, to avoid using Option<> variables.
2. Included method in some states to be able to match on it.
3. Included helper functions to avoid Hax errors (DirectAndMut) (r_verify_message_3_statstat, i_verify_message_2_statsat)

[WilliamTakeshi]

Everything looks great to me.

Just a suggestion for the next PR (that you probably know). create a file for StatStat and one for PSK to organize it better the functions foo_statstat and foo_psk

Approved 🚀

[chrysn]

This makes all the state of ProcessingM2 & co dependent on the method, rather than (as in the last call) just the parts that differ in other methods. Which of those fields are actually different in PSK?

I'd have expected something more like

#[derive(Debug)]
pub struct ProcessingM2 {
    pub method_specifics: ProcessingM2MethodSpecifics,
    pub prk_2e: BytesHashLen,
    pub th_2: BytesHashLen,
    pub x: BytesP256ElemLen,
    pub g_y: BytesP256ElemLen,
    pub plaintext_2: BufferPlaintext2,
    pub c_r: ConnId,
    pub ead_2: EadItems,
    
}
pub enum ProcessingM2MethodSpecifics {
    StatStat {
        pub mac_2: BytesMac2,
        pub id_cred_r: IdCred,
    },
    // PSK, -- is empty, but in other stages it might have fields that StatStat has not.
}

so that the 90% of the code that would be duplicated can still reach for the common items.

[chrysn]

(I'm a bit sloppy in the review a bit on the C side, treating that as "if the test pass it will be fine", but I don't treat that as a high-priority feature.)

Doing the changes (including back-and-forth on how much is in the structs) and file-to-file moves makes this rather hard to review. Nothing sensible to be done here though -- these kinds of refactor are known to be hard, and there are no good generic solutions. (Moving things into different files only after all other changes are understood to be good would have helped, but that's hard to roll back again w/o starting over).

Not for other reviewers: --ignore-all-space is your friend.

[chrysn]

Most of these are actually method independent (ead_2 and c_r for sure, probably also th_2 and g_y) – AIU this does get changed back later in the same PR.

[chrysn]

This was a dead code struct, right? (No need to split it out, let's just confirm this so that if we wonder, we'll find our considerations.)

[ElsaLopez133]

yes, no longer there

[chrysn]

This shouldn't need to be pub. (Or if so, document why.).

[ElsaLopez133]

they are pub because now they are inside edhoc/statstat.rs, otherwise they are not accessible. Changed to pub(crate)

[chrysn]

Why pub?

[chrysn]

Why pub?

[chrysn]

Is this comment even still accurate? (And if so, it'll still belong to i_parse_message_2, and should be a more specific doc comment)

[ElsaLopez133]

old comment, will remove

[chrysn]

Now this is not statstat specific any more, as it does the switching internally just again.

(And r_verify_message_3 just forwards into here)

[ElsaLopez133]

True, I can directly pass the arguments in the r_verify_message_3 and do the match in the outer function, rather than doing it twice!

[chrysn]

That is not necessarily the error here: The error is "the details you provided do not match what we agreed on with the peer". This should at least be a comment here until we find a good plan.

[chrysn]

Why is this deviating from the method-enum path?

[ElsaLopez133]

Before message_1, the Responder does not yet know the selected EDHOC method, so it must carry identity material. For StatStat, that includes the private r key.
You’re right that using Option plus an identity enum is redundant (I did have the RepsonderIdentity enum). I’ll switch to carrying ResponderIdentity directly and derive method-specific details at prepare_message_2 (once state.method is known), which removes the extra Option adn keeps the enum style.

[chrysn]

EAD items will be in any message 2 details. (No need for a struct I think: they can be returned side by side in the multi-value return that returns PasedMessage2Details).

[WilliamTakeshi]

Heyyy, I really like how the code is shaping up. Just wrote some ocmments, the ones that are nitpick, feel free to skip them :))

[WilliamTakeshi]

I think here its supposed to be

#[derive(Debug)]
#[repr(C)]
pub enum ProcessingM2MethodSpecificsKindC {
    Pm2StatStat {
		pub mac_2: BytesMac2,
    	pub id_cred_r: IdCred,
	},
}

because mac2 and id_cred_r will only exists for the StatStat, right?

If not, then mac_2 and id_cred_r shouldn't be inside the method_specifics field.

maybe its different because is the C version? I dont know

[ElsaLopez133]

Yes, I am not sure how to do it in C. The problem is that in C there is no tagged enum with payload, as in Rust. Check commit 3e405f8 where i am trying to replicate it using the union + kind.

[WilliamTakeshi]

I only see ManuallyDrop::new, but no ManuallyDrop::drop. As far as I know, when using ManuallyDrop, the inner value must eventually be dropped manually (e.g., with ManuallyDrop::drop or ptr::drop_in_place); otherwise, it will leak.

[ElsaLopez133]

In this specific case, ProcessedM2StatStatC {} is an empty type with no destructor, so there is nothing to drop and no leak from that field. The reason why ManuallyDrop is used is that it's the safe way to put fields in a union, especially for future non-trivial payloads, as in PSK.

[WilliamTakeshi]

I am still not sure about using ManuallyDrop. In this case its fine because is a zero-sized field, but on the PSK will have to manually drop it, right?

I think the right path is to have something that derives Copy. @chrysn can you check this and these new changes? It would be great to have this (and the other one) merged soon.

[ElsaLopez133]

I think that if we want to have Copy then we need CredentialC to also implement Copy.
We could also avoid using the union, but I am not sure how to do the enum-style in C otherwise

[WilliamTakeshi]

I didn't take a look on the C code much, because I know there is some discussion if we pause the C bindings for now.

[chrysn]

We're converging in many areas, but I still think that the bulk move into edhoc/statstat.rs is excessive, especially seeing that it just leads to duplication later in #415.

Minimizing that duplication is not just something we should aim for because we strive for code quality, but because given that we're the first and AFAIK so far only implementation that has a method >3, will also help LAKE people become better at understanding what typical things that a method customizes are. We won't set those in stone, but our code is also a visual guideline for method developers for what methods such as 4 have changed so far.

Before you go on an editing spree, can we discuss (also possibly in chat or a video call, not sure yet when I'll be around) what good paths forward without too much disruption are? One option I'd consider is to acknowledge that a split-out refactoring step has served its purpose well, we've hashed out a lot in here, but in the interest of not making your processing needlessly complex (undoing some of the move-into-statstat would be hell of a rebase) we can continue on #415 (once we're sure not to lose anything from in here), refactor things back into a less duplicated state there, and then continue working on that view of the change as a whole.

[chrysn]

Continuing from https://github.com/lake-rs/lakers/pull/406/changes#r2888495250 so I can change the text here:

Suggested change

	// FIXME: it is not an error, but more a lack of agreement between peers.
	// FIXME: it is not a runtime error, but a programming error: The library user has seen
	// StatStat details in message 1 and still provided other details creating message 2.

[chrysn]

Suggested change

	Psk,
	// Psk,

[chrysn]

Suggested change

	Psk,
	// Psk,

[chrysn]

The functions in here IMO still do way more than they should, as evidenced by a diff between lib/src/edhoc/psk.rs and lib/src/edhoc/statstat.rs the in #415:

Those easily share 20 lines in a row in many of the functions, typically at the start and end. (Sometimes that's just masked by different choices of early return and thus indentation, eg. starting from compute prk_out in r_verify_message_3_*).