-
Notifications
You must be signed in to change notification settings - Fork 378
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): update btcec to the latest version #1329
chore(deps): update btcec to the latest version #1329
Conversation
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## master #1329 +/- ##
==========================================
+ Coverage 55.59% 55.95% +0.36%
==========================================
Files 420 420
Lines 65470 65481 +11
==========================================
+ Hits 36395 36642 +247
+ Misses 26222 25975 -247
- Partials 2853 2864 +11 ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 👍
(just a small question)
c834f11
to
8ad1b8d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for adding this fix 🙏
Time to make this rocket fly 🚀
5695493
to
d3e6922
Compare
✅ Deploy Preview for gno-docs2 canceled.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
This is crypto code so I'd like @moul to merge this.
I tested this PR against the issue #1063 and I have no compilation error 👍 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Blocked pending addition of golden tests to verify new library doesn't change anything in signature verification, etc.
Apart from taking care of security issues, it is slightly faster. Signed-off-by: Antonio Navarro <[email protected]>
Signed-off-by: Antonio Navarro <[email protected]>
Signed-off-by: Antonio Navarro <[email protected]>
Signed-off-by: Antonio Navarro <[email protected]>
Signed-off-by: Antonio Navarro <[email protected]>
Signed-off-by: Antonio Navarro <[email protected]>
Checked with previous version, it is working fine. Signed-off-by: Antonio Navarro Perez <[email protected]>
d3e6922
to
1ae6215
Compare
@thehowl added golden tests. Tested also with the previous btcec version |
Signed-off-by: Antonio Navarro Perez <[email protected]>
Signed-off-by: Antonio Navarro Perez <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. I would say we can merge after @moul's eventual approval
return &secp256k1.Signature{ | ||
R: new(big.Int).SetBytes(sigStr[:32]), | ||
S: new(big.Int).SetBytes(sigStr[32:64]), | ||
func signatureFromBytes(sigStr []byte) (*ecdsa.Signature, bool) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this safe to make the changes here?
@jaekwon can you also review this PR? In this PR, We directly call crypto APIs from Bitcoin, Decred's library, and Ethereum's signing mechanism. Typically, mixing crypto APIs requires thorough scrutiny for the underline implication. |
github.com/btcsuite/btcd v0.22.0-beta.0.20220111032746-97732e52810c/go.mod h1:tjmYdS6MLJ5/s0Fj4DbLgSbDHbEqLJrtnHecBFkdz5M= | ||
github.com/btcsuite/btcd/btcutil v1.0.0 h1:dB36qRTOucIh6NUe40UCieOS+axPhP6VNyRtYkTUKKk= | ||
github.com/btcsuite/btcd v0.23.0/go.mod h1:0QJIIN1wwIXF/3G/m87gIwGniDMDQqjVn4SZgnFpsYY= | ||
github.com/btcsuite/btcd/btcec/v2 v2.1.0/go.mod h1:2VzYrv4Gm4apmbVVsSq5bqf1Ec8v56E48Vt0Y/umPgA= |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can these be compressed into the latest one?
sigBER := btcec.Signature{R: sigDER.R, S: sigDER.S} | ||
return sigBER.Serialize(), nil | ||
|
||
return sigDER.Serialize(), nil |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
but there's no BER conversion?
What does that even mean?
Apart from taking care of security issues, it is slightly faster.
Some context:
After doing some profiling to be sure that the actual storage implementation was a bottleneck when executing Gno code, I found that signature verification is taking ~70% of the execution time. Updating the dependency makes it 68% faster and reduces by 3 the amount of bytes used per operation.
Benchmarks before and after:
BREAKING CHANGE: xxx
message was included in the description