Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove PassthroughDigest and update crypto dependencies #385

Merged
merged 10 commits into from
Oct 12, 2022
Merged

Remove PassthroughDigest and update crypto dependencies #385

merged 10 commits into from
Oct 12, 2022

Conversation

sbihel
Copy link
Member

@sbihel sbihel commented Jan 26, 2022
edited
Loading

Ran cargo hack test --each-feature --workspace --exclude-features "tor-tests" -- --test-threads=8

3 tests are failing, maybe from older changes

Update CI to run tests with cargo hack

@sbihel sbihel linked an issue Jan 26, 2022 that may be closed by this pull request
Update dependencies to reduce conflicts #384
Closed
@clehner clehner mentioned this pull request Jan 27, 2022
Closed
@clehner clehner mentioned this pull request Mar 24, 2022
Merged
@sbihel sbihel force-pushed the fix/remove-passthroughdigest branch from a430169 to 5a74c89 Compare June 1, 2022 13:30
@sbihel
Copy link
Member Author

sbihel commented Jun 1, 2022

Checked on this again, it seems the original issue is resolved, but now sequoia-opengpg is causing trouble because it relies on an old version of k256 (meaning old ecdsa > signature)

@sbihel sbihel mentioned this pull request Oct 6, 2022
Merged
@sbihel
Remove PassthroughDigest and update crypto dependencies
ab205fa 
Ran `cargo hack test --each-feature --workspace --exclude-features
"tor-tests" -- --test-threads=8`

3 tests are failing, maybe from older changes

Update CI to run tests with cargo hack
@sbihel sbihel force-pushed the fix/remove-passthroughdigest branch from 5a74c89 to ab205fa Compare October 10, 2022 09:53
@sbihel sbihel changed the title Remove PassthroughDigest Remove PassthroughDigest and update crypto dependencies Oct 10, 2022
@sbihel sbihel marked this pull request as ready for review October 10, 2022 09:54
chunningham
chunningham reviewed Oct 10, 2022
View reviewed changes
ssi-jws/src/error.rs
#[error("Curve not implemented: '{0}'")]
CurveNotImplemented(String),
/// Errors from p256, k256 and ed25519-dalek
#[cfg(feature = "k256")]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should these features be "secp256k1" and "secp256r1"?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was asking myself the same question -- I came to the conclusion that it doesn't matter as long as we make sure to always use features and never optional dependencies as features

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

never mind I forgot about dependencies being enabled by other crates

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've opened #472 to reduce the scope

chunningham
chunningham reviewed Oct 10, 2022
View reviewed changes
ssi-jws/src/lib.rs
let hash = openssl::hash::hash(digest, &data)?;
let sig = openssl::ecdsa::EcdsaSig::sign(&hash, &sk)?;
[sig.r().to_vec(), sig.s().to_vec()].concat()
#[cfg(feature = "p256")]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks like an oversight from #457, should this say "secp256r1"?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same as above

chunningham
chunningham reviewed Oct 10, 2022
View reviewed changes
ssi-vc/src/lib.rs Outdated
@@ -2925,7 +2925,9 @@ _:c14n0 <https://w3id.org/security#verificationMethod> <https://example.org/foo/
assert_eq!(n_proofs, 4);
}

// Can't deserialise the URIs as verification methods (?)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this relies on the testing flag for ssi-dids to be enabled (see ssi-dids/src/lib.rs#973)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cheers

chunningham
chunningham reviewed Oct 10, 2022
View reviewed changes
.github/workflows/build.yml Outdated

- name: Test DID Resolution HTTP(S) Binding
run: cargo test --manifest-path ssi-dids/Cargo.toml --features http
run: cargo hack test --each-feature --workspace --exclude-features "tor-tests" -- --test-threads=4
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we want to do --feature-powerset or --group-features instead of --each-feature? I think this may exclude some combinations and tests

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Depends if you want to run tests for 17,421 combinations -- I checked and there didn't seem to be obvious combination of features. I will double check on tests though, making sure e.g. secp256k1 tests run for both the secp256k1 and ring features

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added another step in the CI to run the tests with all features enabled, that should cover any build/test problem

chunningham
chunningham approved these changes Oct 10, 2022
View reviewed changes
Copy link
Member

@chunningham chunningham left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

big fan of these updates. does anything important change when using sequoia-pgp default features (apart from dynamic lib dependancies)? assuming no, LGTM

@sbihel
Copy link
Member Author

sbihel commented Oct 10, 2022

does anything important change when using sequoia-pgp default features (apart from dynamic lib dependancies)?

Ah my mistake, I thought it didn't do any crypto stuff (only decoding/parsing keys) as we are using ssi-jws but here's the default

default = ["compression", "crypto-nettle"]

nettle might be used for ssh-ing, and it makes the CI fail. I'll check whether it's really needed. (btw without the default features it's using an old version of p256 which is incompatible with the rest of ssi)

@chunningham chunningham mentioned this pull request Oct 10, 2022
Merged
@sbihel
Copy link
Member Author

sbihel commented Oct 10, 2022

I replaced the pgp library for one with more users and more recent versions of RustCrypto crates. Had to modify a tests assertions but the changes are valid, and tested with gpg.

@sbihel sbihel merged commit bd244df into main Oct 12, 2022
@sbihel sbihel deleted the fix/remove-passthroughdigest branch October 12, 2022 15:17
sbihel added a commit that referenced this pull request Oct 14, 2022
@sbihel
Fix VC test
7be0207 
This test was purely a regression test. k256 version change in #385
changed the recoverable/ethereum signatures generated (both variants
are valid and verify successfully).
Ref: RustCrypto/elliptic-curves#552
sbihel added a commit that referenced this pull request Oct 14, 2022
@sbihel
Fix VC test
983aad6 
This test was purely a regression test. k256 version change in #385
changed the recoverable/ethereum signatures generated (both variants
are valid and verify successfully).
Ref: RustCrypto/elliptic-curves#552
sbihel added a commit that referenced this pull request Oct 14, 2022
@sbihel
Fix VC test
e035af6 
This test was purely a regression test. k256 version change in #385
changed the recoverable/ethereum signatures generated (both variants
are valid and verify successfully).
Ref: RustCrypto/elliptic-curves#552
sbihel added a commit that referenced this pull request Oct 18, 2022
@sbihel
Fix VC test
1ff1c4f 
This test was purely a regression test. k256 version change in #385
changed the recoverable/ethereum signatures generated (both variants
are valid and verify successfully).
Ref: RustCrypto/elliptic-curves#552
sbihel added a commit that referenced this pull request Oct 18, 2022
@sbihel
Fix VC test
e066501 
This test was purely a regression test. k256 version change in #385
changed the recoverable/ethereum signatures generated (both variants
are valid and verify successfully).
Ref: RustCrypto/elliptic-curves#552
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chunningham chunningham chunningham approved these changes

@cobward cobward cobward approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Update dependencies to reduce conflicts
3 participants
@sbihel @chunningham @cobward