Skip to content

Commit

Permalink
refactor(crypto): CRP-2536 use ic-crypto-ed25519 for basic sig key ge…
Browse files Browse the repository at this point in the history 
…neration and signing
  • Loading branch information
@fspreiss
fspreiss committed Jul 3, 2024
1 parent 4639713 commit cae2f79
Show file tree
Hide file tree
Showing 11 changed files with 25 additions and 29 deletions.
6 changes: 3 additions & 3 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion rs/crypto/BUILD.bazel
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,6 @@ DEPENDENCIES = [
"//rs/types/types",
"@crate_index//:bincode",
"@crate_index//:clap_3_2_25",
"@crate_index//:ed25519-consensus",
"@crate_index//:hex",
"@crate_index//:parking_lot",
"@crate_index//:rustls_0_21_12",
Expand Down Expand Up @@ -71,6 +70,7 @@ DEV_DEPENDENCIES = [
"//rs/crypto/node_key_generation",
"//rs/crypto/node_key_validation",
"//rs/crypto/sha2",
"//rs/crypto/ed25519",
"//rs/crypto/temp_crypto",
"//rs/crypto/test_utils",
"//rs/crypto/test_utils/tls",
Expand Down
2 changes: 1 addition & 1 deletion rs/crypto/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ documentation.workspace = true
async-trait = { workspace = true }
bincode = { workspace = true }
clap = { version = "3.2.25", features = ["derive"] }
ed25519-consensus = "2.0.1"
hex = { workspace = true }
ic-adapter-metrics-server = { path = "../monitoring/adapter_metrics/server" }
ic-async-utils = { path = "../async_utils" }
Expand Down Expand Up @@ -54,6 +53,7 @@ tokio = { workspace = true }
assert_matches = { workspace = true }
criterion = { workspace = true }
ic-certification-test-utils = { path = "../certification/test-utils" }
ic-crypto-ed25519 = { path = "ed25519" }
ic-crypto-for-verification-only = { path = "for_verification_only" }
ic-crypto-internal-basic-sig-der-utils = { path = "internal/crypto_lib/basic_sig/der_utils" }
ic-crypto-internal-basic-sig-ecdsa-secp256r1 = { path = "internal/crypto_lib/basic_sig/ecdsa_secp256r1" }
Expand Down
6 changes: 3 additions & 3 deletions rs/crypto/benches/basic_sig.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -244,9 +244,9 @@ fn signature_from_random_keypair<R: Rng + CryptoRng>(

let (signature_bytes, public_key_bytes) = match algorithm_id {
AlgorithmId::Ed25519 => {
let signing_key = ed25519_consensus::SigningKey::new(rng);
let signature_bytes = signing_key.sign(&bytes_to_sign).to_bytes().to_vec();
let public_key_bytes = signing_key.verification_key().to_bytes().to_vec();
let private_key = ic_crypto_ed25519::PrivateKey::generate_using_rng(rng);
let signature_bytes = private_key.sign_message(&bytes_to_sign).to_vec();
let public_key_bytes = private_key.public_key().serialize_raw().to_vec();
(signature_bytes, public_key_bytes)
}
AlgorithmId::EcdsaP256 => ecdsa_secp256r1_signature_and_public_key(&bytes_to_sign, rng),
Expand Down
1 change: 1 addition & 0 deletions rs/crypto/internal/crypto_lib/basic_sig/ed25519/BUILD.bazel
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
load("@rules_rust//rust:defs.bzl", "rust_library", "rust_test", "rust_test_suite")

DEPENDENCIES = [
"//rs/crypto/ed25519",
"//rs/crypto/internal/crypto_lib/basic_sig/der_utils",
"//rs/crypto/internal/crypto_lib/seed",
"//rs/crypto/internal/crypto_lib/types",
Expand Down
1 change: 1 addition & 0 deletions rs/crypto/internal/crypto_lib/basic_sig/ed25519/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ ed25519-consensus = "2.0.1"
hex = { workspace = true }
ic-crypto-secrets-containers = { path = "../../../../secrets_containers" }
ic-crypto-internal-seed = { path = "../../../crypto_lib/seed" }
ic-crypto-ed25519 = { path = "../../../../ed25519" }
ic-crypto-internal-types = { path = "../../../crypto_lib/types" }
ic-crypto-internal-basic-sig-der-utils = { path = "../der_utils" }
ic-protobuf = { path = "../../../../../protobuf" }
Expand Down
15 changes: 6 additions & 9 deletions rs/crypto/internal/crypto_lib/basic_sig/ed25519/src/api.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ use ic_crypto_secrets_containers::{SecretArray, SecretBytes};
use ic_types::crypto::{AlgorithmId, CryptoError, CryptoResult};
use rand::{CryptoRng, Rng};
use std::convert::TryFrom;
use zeroize::Zeroize;

#[cfg(test)]
mod tests;
Expand All @@ -15,12 +14,11 @@ mod tests;
pub fn keypair_from_rng<R: Rng + CryptoRng>(
csprng: &mut R,
) -> (types::SecretKeyBytes, types::PublicKeyBytes) {
let mut signing_key = ed25519_consensus::SigningKey::new(csprng);
let signing_key = ic_crypto_ed25519::PrivateKey::generate_using_rng(csprng);
let sk = types::SecretKeyBytes(SecretArray::new_and_dont_zeroize_argument(
signing_key.as_bytes(),
&signing_key.serialize_raw(),
));
let pk = types::PublicKeyBytes(signing_key.verification_key().to_bytes());
signing_key.zeroize();
let pk = types::PublicKeyBytes(signing_key.public_key().serialize_raw());
(sk, pk)
}

Expand Down Expand Up @@ -147,10 +145,9 @@ pub fn secret_key_to_pkcs8_v2_der(
/// # Errors
/// * `MalformedSecretKey` if the secret key is malformed
pub fn sign(msg: &[u8], sk: &types::SecretKeyBytes) -> CryptoResult<types::SignatureBytes> {
let mut signing_key = ed25519_consensus::SigningKey::from(*sk.0.expose_secret());
let signature = signing_key.sign(msg);
signing_key.zeroize();
Ok(types::SignatureBytes(signature.to_bytes()))
let signing_key = ic_crypto_ed25519::PrivateKey::deserialize_raw_32(sk.0.expose_secret());
let signature = signing_key.sign_message(msg);
Ok(types::SignatureBytes(signature))
}

/// Verifies a signature using an Ed25519 public key.
Expand Down
6 changes: 3 additions & 3 deletions rs/crypto/src/sign/tests.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -231,10 +231,10 @@ pub fn request_id_signature_and_public_key_with_domain_separator(
)
}
AlgorithmId::Ed25519 => {
let signing_key = ed25519_consensus::SigningKey::new(rng);
let signing_key = ic_crypto_ed25519::PrivateKey::generate_using_rng(rng);
(
signing_key.verification_key().to_bytes().to_vec(),
signing_key.sign(&bytes_to_sign).to_bytes().to_vec(),
signing_key.public_key().serialize_raw().to_vec(),
signing_key.sign_message(&bytes_to_sign).to_vec(),
)
}
_ => panic!["unexpected algorithm id {:?}", algorithm_id],
Expand Down
3 changes: 1 addition & 2 deletions rs/crypto/test_utils/BUILD.bazel
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,13 +14,12 @@ rust_library(
"//rs/validator/http_request_test_utils:__subpackages__",
],
deps = [
"//rs/crypto/ed25519",
"//rs/crypto/internal/csp_test_utils",
"//rs/interfaces/registry",
"//rs/registry/fake",
"//rs/registry/proto_data_provider",
"//rs/types/types",
"@crate_index//:ed25519-consensus",
"@crate_index//:rand",
"@crate_index//:rand_chacha",
],
)
3 changes: 1 addition & 2 deletions rs/crypto/test_utils/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,10 @@ description.workspace = true
documentation.workspace = true

[dependencies]
ic-crypto-ed25519 = { path = "../ed25519" }
ic-crypto-internal-csp-test-utils = { path = "../internal/csp_test_utils" }
ic-interfaces-registry = { path = "../../interfaces/registry" }
ic-registry-client-fake = { path = "../../registry/fake" }
ic-registry-proto-data-provider = { path = "../../registry/proto_data_provider" }
ic-types = { path = "../../types/types" }
ed25519-consensus = "2.0.1"
rand = { workspace = true }
rand_chacha = { workspace = true }
9 changes: 4 additions & 5 deletions rs/crypto/test_utils/src/ed25519_utils/mod.rs
View file
Original file line number Diff line number Diff line change
@@ -1,25 +1,24 @@
use ic_types::crypto::{AlgorithmId, BasicSig, BasicSigOf, UserPublicKey, DOMAIN_IC_REQUEST};
use ic_types::messages::MessageId;
use rand::{CryptoRng, Rng, SeedableRng};
use rand_chacha::ChaCha20Rng;
use rand::{CryptoRng, Rng};

pub fn ed25519_signature_and_public_key<R: Rng + CryptoRng>(
request_id: &MessageId,
rng: &mut R,
) -> (BasicSigOf<MessageId>, UserPublicKey) {
let signing_key = ed25519_consensus::SigningKey::new(ChaCha20Rng::from_seed(rng.gen()));
let signing_key = ic_crypto_ed25519::PrivateKey::generate_using_rng(rng);
let signature: BasicSigOf<MessageId> = {
let bytes_to_sign = {
let mut buf = vec![];
buf.extend_from_slice(DOMAIN_IC_REQUEST);
buf.extend_from_slice(request_id.as_bytes());
buf
};
let signature_bytes = signing_key.sign(&bytes_to_sign).to_bytes();
let signature_bytes = signing_key.sign_message(&bytes_to_sign);
BasicSigOf::new(BasicSig(signature_bytes.to_vec()))
};
let public_key = UserPublicKey {
key: signing_key.verification_key().to_bytes().to_vec(),
key: signing_key.public_key().serialize_raw().to_vec(),
algorithm_id: AlgorithmId::Ed25519,
};
(signature, public_key)
Expand Down

0 comments on commit cae2f79

Please sign in to comment.