Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Optional serde support #73

Closed
robinhundt opened this issue Mar 25, 2024 · 3 comments · Fixed by #88
Closed

Optional serde support #73

robinhundt opened this issue Mar 25, 2024 · 3 comments · Fixed by #88

Comments

@robinhundt
Copy link

generic_array::GenericArray optionally implements serde's Serialize and Deserialize trait if the corresponding feature is enabled.

I tried to update my dependency on blake2 to the current pre-release, but am blocked on the missing serde implementations on Array.

Are these planned for the future?

@tarcieri
Copy link
Member

Here's the previous issue on serde support: RustCrypto/utils#979

We can add it, but unfortunately the serde data model lacks proper support for fixed-sized arrays, which is an issue I brought up on the other PR. This makes serializations of [u8; N] often suboptimal, depending on the format.

It might make sense to consider changing the blake2 crate's serde support to use serdect, our crate which wraps up serde impls in a consistent manner: https://github.com/RustCrypto/formats/tree/master/serdect

@robinhundt
Copy link
Author

Thanks for the context and the pointer to the serdect crate, I wasn't aware of it yet. The motivating paper on side-channel attacks on ser/de of keys also looks interesting.

We can add it, but unfortunately the serde data model lacks proper support for fixed-sized arrays, which is an issue I brought up on the other PR. This makes serializations of [u8; N] often suboptimal, depending on the format.

This sounds rather annoying :/

It might make sense to consider changing the blake2 crate's serde support to use serdect, our crate which wraps up serde impls in a consistent manner: https://github.com/RustCrypto/formats/tree/master/serdect

The latest pre-release version (0.11.0-pre.3) has no serde feature. Or did you mean the latest stable? But as I understand it, serdect could not be used either in the latest stable or pre-release of of blake2, as the Ser/De traits are needed on either GenericArray or hybrid_array::Array.

From my point of view, an optional serdect based serde support for hybrid-array sounds like the best option. While not ideal, it at least prevents otherwise easy to introduce side-channels. As hybrid-array aims to be a 'largely drop-in replacement for generic-array', I feel like this optional support would be better than no support.

@tarcieri
Copy link
Member

tarcieri commented Apr 12, 2024

But as I understand it, serdect could not be used either in the latest stable or pre-release of of blake2, as the Ser/De traits are needed on either GenericArray or hybrid_array::Array.

serdect can serialize [u8; N] or [u8], and what's more, since it uses Serializer::serialize_bytes, it supports a more compact serialization on formats which can't natively represent homogenously typed arrays/slices but do support a compact encoding specifically for bytestrings, such as MessagePack.

Generic serde support in hybrid-array needs to support [T; N] and thus can't take advantage of compact representations of bytestrings afforded by Serializer::serialize_bytes. So this support is not only needed for serdect, but if we tried to use it it would be suboptimal.

tarcieri added a commit that referenced this issue Sep 12, 2024
Support for serializing `Array<T, U>` as a serde tuple.

Unfortunately `serde` lacks first-class support for arrays, so this is
the best we can do other than a length-prefixed slice-like
serialization, which might also be worth considering.

This seems like the most sensible place to start, though.

Closes #73
@tarcieri tarcieri mentioned this issue Sep 12, 2024
tarcieri added a commit that referenced this issue Sep 12, 2024
Support for serializing `Array<T, U>` as a serde tuple.

Unfortunately `serde` lacks first-class support for arrays, so this is
the best we can do other than a length-prefixed slice-like
serialization, which might also be worth considering.

This seems like the most sensible place to start, though.

Closes #73
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants