Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add support for ecdsa signatures #108

Merged
merged 45 commits into from
Nov 20, 2024
Merged
Show file tree
Hide file tree
Changes from 42 commits
Commits
Show all changes
45 commits
Select commit Hold shift + click to select a range
ca5e60a
add a signature type
Geal Oct 11, 2022
863c723
helper methods
Geal Oct 11, 2022
b242be8
indicate the algorithm of the next private key
Geal Oct 11, 2022
92da6e8
cleanup
Geal Oct 11, 2022
13581cf
start the boilerplate around managing multiple types of keys
Geal Oct 11, 2022
be9e6a4
start support for p256 signatures
Geal Oct 11, 2022
d0113b3
p256 support
Geal Oct 14, 2022
36e7362
Merge branch 'master' into fipscuit
Geal Nov 5, 2022
ba0f80e
Merge branch 'main' into fipscuit
Geal Aug 24, 2023
ad56ade
reintroduce ed25519-dalek 2.0
Geal Aug 24, 2023
d0f335f
Merge branch 'main' into fipscuit
Geal Sep 1, 2023
b52b929
Merge branch 'main' into fipscuit
Geal Mar 26, 2024
60514db
fix testcases
Geal Mar 26, 2024
92f88f8
move impl
Geal Mar 26, 2024
9a8cd39
PEM support
Geal Mar 26, 2024
daa0bfd
Merge branch 'main' into fipscuit
Geal May 18, 2024
2985990
wip
Geal May 22, 2024
410340e
Merge branch 'v5' into fipscuit
Geal May 23, 2024
27da40e
update protobuf enum
Geal May 23, 2024
93c2aae
update serialization formats
Geal May 23, 2024
f104b65
remove unuse code
Geal May 23, 2024
047ded5
add samples
Geal May 23, 2024
3bd1d04
parsing and printing
Geal May 23, 2024
d9d68bc
Merge branch 'v5' into fipscuit
Geal May 23, 2024
5aeb701
fix sample file name
Geal May 23, 2024
0c97e37
Merge branch 'v5' into fipscuit
Geal May 25, 2024
ce02b60
specify the algorithm when creating a KeyPair
Geal May 25, 2024
8108420
capi fixes
Geal May 25, 2024
c7378ce
Merge branch 'v5' into fipscuit
Geal May 26, 2024
c88fff0
fix samples build
Geal May 26, 2024
346d4de
make the algorithm Copy
Geal Jun 15, 2024
d58d352
Merge branch 'v5' into fipscuit
Geal Oct 20, 2024
56fa6c3
Merge branch 'v5' into fipscuit
Geal Nov 3, 2024
69f58dd
update for bwk
Geal Nov 3, 2024
cfc7de7
Merge branch 'v5' into fipscuit
Geal Nov 19, 2024
86323c6
update bwk
Geal Nov 19, 2024
ae3d779
remove the Display implementation for public keys
Geal Nov 19, 2024
b0490ae
replace the Display implementation
Geal Nov 19, 2024
bdb8c74
From implementations
Geal Nov 19, 2024
da9dade
update p256
Geal Nov 19, 2024
1e080fb
add a test for ecdsa parsing
Geal Nov 19, 2024
caeaad9
Update biscuit-auth/src/token/mod.rs
Geal Nov 19, 2024
8ec8bba
Merge branch 'v5' into fipscuit
Geal Nov 19, 2024
50b6306
Merge branch 'v5' into fipscuit
Geal Nov 20, 2024
543d0f1
fix key_pair_new usage
Geal Nov 20, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion biscuit-auth/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ prost-types = "0.10"
regex = { version = "1.5", default-features = false, features = ["std"] }
nom = {version = "7", default-features = false, features = ["std"] }
hex = "0.4"
zeroize = { version = "1", default-features = false }
zeroize = { version = "1.5", default-features = false }
thiserror = "1"
rand = { version = "0.8" }
inline-c = { version = "0.1", optional = true }
Expand All @@ -50,6 +50,10 @@ biscuit-parser = { version = "0.1.2", path = "../biscuit-parser" }
biscuit-quote = { version = "0.2.2", optional = true, path = "../biscuit-quote" }
chrono = { version = "0.4.26", optional = true, default-features = false, features = ["serde"] }
serde_json = "1.0.117"
ecdsa = { version = "0.16.9", features = ["signing", "verifying", "pem", "alloc", "pkcs8", "serde"] }
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we feature-gate ecdsa support?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we can, but what would it bring? Reducing the number of dependencies?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, that’s what we’ve done for pem/der support iirc

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the API already exposes the algorithm in key creation everywhere, feature gating it after that would make it a little bit more annoying

p256 = "0.13.2"
pkcs8 = "0.9.0"
elliptic-curve = { version = "0.13.8", features = ["pkcs8"] }


[dev-dependencies]
Expand Down
70 changes: 35 additions & 35 deletions biscuit-auth/benches/token.rs
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ use rand::rngs::OsRng;

fn create_block_1(b: &mut Bencher) {
let mut rng = OsRng;
let root = KeyPair::new_with_rng(&mut rng);
let root = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it could be done in another PR, but adding benches for other signature algorithms would be nice (eg making the bench suite parametric on the algorithm, and running it for each supported algorithm)


let mut builder = Biscuit::builder();
builder.add_fact(fact("right", &[string("file1"), string("read")]));
Expand Down Expand Up @@ -40,8 +40,8 @@ fn create_block_1(b: &mut Bencher) {

fn append_block_2(b: &mut Bencher) {
let mut rng: OsRng = OsRng;
let root = KeyPair::new_with_rng(&mut rng);
let keypair2 = KeyPair::new_with_rng(&mut rng);
let root = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);
let keypair2 = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);

let mut builder = Biscuit::builder();
builder.add_fact(fact("right", &[string("file1"), string("read")]));
Expand Down Expand Up @@ -75,11 +75,11 @@ fn append_block_2(b: &mut Bencher) {

fn append_block_5(b: &mut Bencher) {
let mut rng: OsRng = OsRng;
let root = KeyPair::new_with_rng(&mut rng);
let keypair2 = KeyPair::new_with_rng(&mut rng);
let keypair3 = KeyPair::new_with_rng(&mut rng);
let keypair4 = KeyPair::new_with_rng(&mut rng);
let keypair5 = KeyPair::new_with_rng(&mut rng);
let root = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);
let keypair2 = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);
let keypair3 = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);
let keypair4 = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);
let keypair5 = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);

let mut builder = Biscuit::builder();
builder.add_fact(fact("right", &[string("file1"), string("read")]));
Expand Down Expand Up @@ -129,8 +129,8 @@ fn append_block_5(b: &mut Bencher) {

fn unverified_append_block_2(b: &mut Bencher) {
let mut rng: OsRng = OsRng;
let root = KeyPair::new_with_rng(&mut rng);
let keypair2 = KeyPair::new_with_rng(&mut rng);
let root = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);
let keypair2 = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);

let mut builder = Biscuit::builder();
builder.add_fact(fact("right", &[string("file1"), string("read")]));
Expand Down Expand Up @@ -164,11 +164,11 @@ fn unverified_append_block_2(b: &mut Bencher) {

fn unverified_append_block_5(b: &mut Bencher) {
let mut rng: OsRng = OsRng;
let root = KeyPair::new_with_rng(&mut rng);
let keypair2 = KeyPair::new_with_rng(&mut rng);
let keypair3 = KeyPair::new_with_rng(&mut rng);
let keypair4 = KeyPair::new_with_rng(&mut rng);
let keypair5 = KeyPair::new_with_rng(&mut rng);
let root = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);
let keypair2 = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);
let keypair3 = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);
let keypair4 = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);
let keypair5 = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);

let mut builder = Biscuit::builder();
builder.add_fact(fact("right", &[string("file1"), string("read")]));
Expand Down Expand Up @@ -218,8 +218,8 @@ fn unverified_append_block_5(b: &mut Bencher) {

fn verify_block_2(b: &mut Bencher) {
let mut rng: OsRng = OsRng;
let root = KeyPair::new_with_rng(&mut rng);
let keypair2 = KeyPair::new_with_rng(&mut rng);
let root = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);
let keypair2 = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);

let data = {
let mut builder = Biscuit::builder();
Expand Down Expand Up @@ -269,11 +269,11 @@ fn verify_block_2(b: &mut Bencher) {

fn verify_block_5(b: &mut Bencher) {
let mut rng: OsRng = OsRng;
let root = KeyPair::new_with_rng(&mut rng);
let keypair2 = KeyPair::new_with_rng(&mut rng);
let keypair3 = KeyPair::new_with_rng(&mut rng);
let keypair4 = KeyPair::new_with_rng(&mut rng);
let keypair5 = KeyPair::new_with_rng(&mut rng);
let root = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);
let keypair2 = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);
let keypair3 = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);
let keypair4 = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);
let keypair5 = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);

let data = {
let mut builder = Biscuit::builder();
Expand Down Expand Up @@ -348,8 +348,8 @@ fn verify_block_5(b: &mut Bencher) {

fn check_signature_2(b: &mut Bencher) {
let mut rng: OsRng = OsRng;
let root = KeyPair::new_with_rng(&mut rng);
let keypair2 = KeyPair::new_with_rng(&mut rng);
let root = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);
let keypair2 = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);

let data = {
let mut builder = Biscuit::builder();
Expand Down Expand Up @@ -390,11 +390,11 @@ fn check_signature_2(b: &mut Bencher) {

fn check_signature_5(b: &mut Bencher) {
let mut rng: OsRng = OsRng;
let root = KeyPair::new_with_rng(&mut rng);
let keypair2 = KeyPair::new_with_rng(&mut rng);
let keypair3 = KeyPair::new_with_rng(&mut rng);
let keypair4 = KeyPair::new_with_rng(&mut rng);
let keypair5 = KeyPair::new_with_rng(&mut rng);
let root = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);
let keypair2 = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);
let keypair3 = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);
let keypair4 = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);
let keypair5 = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);

let data = {
let mut builder = Biscuit::builder();
Expand Down Expand Up @@ -458,8 +458,8 @@ fn check_signature_5(b: &mut Bencher) {

fn checks_block_2(b: &mut Bencher) {
let mut rng: OsRng = OsRng;
let root = KeyPair::new_with_rng(&mut rng);
let keypair2 = KeyPair::new_with_rng(&mut rng);
let root = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);
let keypair2 = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);

let data = {
let mut builder = Biscuit::builder();
Expand Down Expand Up @@ -510,8 +510,8 @@ fn checks_block_2(b: &mut Bencher) {

fn checks_block_create_verifier2(b: &mut Bencher) {
let mut rng: OsRng = OsRng;
let root = KeyPair::new_with_rng(&mut rng);
let keypair2 = KeyPair::new_with_rng(&mut rng);
let root = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);
let keypair2 = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);

let data = {
let mut builder = Biscuit::builder();
Expand Down Expand Up @@ -553,8 +553,8 @@ fn checks_block_create_verifier2(b: &mut Bencher) {

fn checks_block_verify_only2(b: &mut Bencher) {
let mut rng: OsRng = OsRng;
let root = KeyPair::new_with_rng(&mut rng);
let keypair2 = KeyPair::new_with_rng(&mut rng);
let root = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);
let keypair2 = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);

let data = {
let mut builder = Biscuit::builder();
Expand Down
Loading
Loading