Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

key deletion: delete first the faster volatile storage and test publicc keys first #168

Merged
merged 1 commit into from
Aug 5, 2024
Merged

key deletion: delete first the faster volatile storage and test publicc keys first #168

merged 1 commit into from
Aug 5, 2024

Conversation

sosthene-nitrokey
Copy link
Contributor

Most key deletions are for volatile public keys (temporary keys for FIDO pin protocol, PIN keys from trussed-auth etc...). In any cases, persistent keys are more rarely deleted, and volatile is the fastest storage, so it being first is overall a performance improvement.

I think long term (once we have the builder-pattern based syscall implementation maybe?) we should add optional location and secrecy arguments to the syscall. It is rare that the caller would not know the kind of key it is deleting.

Current order is:

  • Private
    • Internal
    • External
    • Volatile
  • Public
    • Internal
    • External
    • Volatile

This PR makes it:

  • Volatile
    • Public
    • Private
  • External
    • Public
    • Private
  • Internal
    • Public
    • Private

robin-nitrokey
robin-nitrokey approved these changes Aug 2, 2024
View reviewed changes
Copy link
Member

@robin-nitrokey robin-nitrokey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would assume that internal is faster than external. Why not Volatile / Internal / External?

src/store/keystore.rs Outdated
locations
.iter()
.any(|location| store::delete(self.store, *location, &path))
locations.iter().rev().any(|location| {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: changing the order in locations and secrecies would be more intuitive than reversing it

@sosthene-nitrokey
Copy link
Contributor Author

Yeah, and apps using internal storage are also probably more time-sensitive. I'll change the order.

@sosthene-nitrokey
key deletion: delete first the faster volatile storage and test publi…
4fae817 
…c keys first

Most key deletions are for volatile public keys (temporary keys for FIDO pin protocol, PIN keys from trussed-auth etc...).
In any cases, persistent keys are more rarely deleted, and volatile is the fastest storage,
so it being first is overall a performance improvement.

I think long term (once we have the builder-pattern based syscall implementation maybe?)
we should add optional location and secrecy arguments to the syscall. It is rare that the caller
would not know the kind of key it is deleting.
@sosthene-nitrokey sosthene-nitrokey merged commit 3e03100 into main Aug 5, 2024
2 checks passed
@sosthene-nitrokey sosthene-nitrokey deleted the delete-volatile-first branch August 5, 2024 12:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@robin-nitrokey robin-nitrokey robin-nitrokey approved these changes

@daringer daringer daringer approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sosthene-nitrokey @daringer @robin-nitrokey