Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(identity): allow importing and exporting ECDSA keys #3863

Merged
merged 40 commits into from
May 4, 2023

Conversation

drHuangMHT
Copy link
Contributor

@drHuangMHT drHuangMHT commented May 2, 2023

Description

Implement encoding to/decoding from DER-encoded secret key document for ecdsa::SecretKey.
Implement encoding to/decoding from protobuf format for ECDSA keys.
Bump dependency p256 from 0.12 to 0.13.
Bump dependency sec1 from 0.3.0 to 0.7

Related: #3681.

Notes & open questions

Attempt for decoding support failed because the returned error type pkcs8::error::Error does not implement std::error::Error(requires std feature on pkcs8, despite std is enabled on p256), which is required for DecodingError::failed_to_parse.

Change checklist

  • I have performed a self-review of my own code
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works
  • A changelog entry has been made in the appropriate crates

drHuangMHT and others added 23 commits March 13, 2023 19:06
Unreleased patch version 0.43.1 bumped. Added entry for PR 3606: Deriving 'Clone' for 'mdns::Event'
New unreleased minor version 0.44.0.
Co-authored-by: Thomas Eizinger <[email protected]>
@thomaseizinger
Copy link
Contributor

``(requires std feature on `pkcs8`, despite `std` is enabled on `p256`)

You can work around this by adding an explicit dependency for pkcs8 and activate the std feature there. I'd also recommend opening an upstream issue/PR that fixes this so we can eventually remove that dependency again!

Copy link
Contributor

@thomaseizinger thomaseizinger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome! Thank you for splitting this out.

I think we should integrate this into the Keypair::to_protobuf_encoding function.
Also, can you add a changelog entry?

@drHuangMHT
Copy link
Contributor Author

``(requires std feature on `pkcs8`, despite `std` is enabled on `p256`)

You can work around this by adding an explicit dependency for pkcs8 and activate the std feature there. I'd also recommend opening an upstream issue/PR that fixes this so we can eventually remove that dependency again!

Can be fixed by using p256 version 0.13

@thomaseizinger
Copy link
Contributor

thomaseizinger commented May 3, 2023

I forgot to create a new branch previously

Another way would be to simply branch off a different commit:

git checkout -b remove-sec1-dependency <COMMIT_HASH>

Where <COMMIT_HASH> is a commit before all your changes. Find one with git log.

thomaseizinger
thomaseizinger previously approved these changes May 3, 2023
Copy link
Contributor

@thomaseizinger thomaseizinger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Implementation looks good to me, CI failures need to be addressed :)

identity/CHANGELOG.md Outdated Show resolved Hide resolved
@thomaseizinger thomaseizinger changed the title feat(identity): ecdsa::SecretKey pkcs#8 en/decode support feat(identity): allow importing and exporting ECDSA keys May 3, 2023
Co-authored-by: Thomas Eizinger <[email protected]>
thomaseizinger
thomaseizinger previously approved these changes May 3, 2023
Copy link
Contributor

@thomaseizinger thomaseizinger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome, thank you!

Waiting with merge on the otherlibp2p implementations to check that we are doing the right thing:

See libp2p/specs#537.

@drHuangMHT
Copy link
Contributor Author

Um what's wrong with the hex value?

@thomaseizinger
Copy link
Contributor

We don't seem to be doing the correct encoding, can you look into that?

libp2p/specs#537 (comment)

@drHuangMHT
Copy link
Contributor Author

We don't seem to be doing the correct encoding, can you look into that?

libp2p/specs#537 (comment)

The key used for testing is generated using openssl. It was in pem so I told openssl to convert it to pkcs#8. The first integer is 0 by looking at the key on my machine. However, the key generated by our implementation also comes with the first integer being 0. p256 is a pure rust implementation right? So could it be p256? Still digging.

@drHuangMHT
Copy link
Contributor Author

Problem solved. However I don't see a convenient way to encode the key. Seems we need to implement it ourselves.

@thomaseizinger
Copy link
Contributor

Problem solved. However I don't see a convenient way to encode the key. Seems we need to implement it ourselves.

I haven't dug into the details but you mentioned RFC5915 in the specs repository. A crates.io search revealed the following: https://docs.rs/sec1/0.7.2/sec1/

Perhaps that is all we need?

@drHuangMHT
Copy link
Contributor Author

Problem solved. However I don't see a convenient way to encode the key. Seems we need to implement it ourselves.

I haven't dug into the details but you mentioned RFC5915 in the specs repository. A crates.io search revealed the following: https://docs.rs/sec1/0.7.2/sec1/

Perhaps that is all we need?

God we just wanted to drop that dependency, hilarious.

Copy link
Contributor

@thomaseizinger thomaseizinger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome, thanks for updating!

@mergify mergify bot merged commit 1eb929b into libp2p:master May 4, 2023
@drHuangMHT drHuangMHT deleted the ecdsa-impl branch May 5, 2023 13:22
mergify bot pushed a commit that referenced this pull request May 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants