Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(wire): add ecdsa authentication to wire #51

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

feat(wire): add ecdsa authentication to wire #51

wants to merge 8 commits into from
+584 −14

Conversation

NhoxxKienn
Copy link
Contributor

Wire Identity Authentication

Description

This PR aims to add the ECDSA cryptographic authentication feature to the wire's implementation of perun-eth-backend. The cryptographic key pair is ECDSA, with a signature length of 65, taking inspiration from the wallet implementation of perun-eth-backend. This implementation must be in sync with the wire interface of go-perun 1.11.

Location: wire package

DragonDev1906
DragonDev1906 reviewed Mar 26, 2024
View reviewed changes
wire/address.go
hash := PrefixedHash(msg)
sigCopy := make([]byte, SigLen)
copy(sigCopy, sig)
if len(sigCopy) == SigLen && (sigCopy[SigLen-1] >= sigVSubtract) {
Copy link
Contributor

@DragonDev1906 DragonDev1906 Mar 26, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it intentional that we don't compare sig but we compare the length after we have copied? I don't think it's a problem, but it might be better if we have an early length check and return an error immediately if sig is not of length 65. Could also result in a nicer error message if the length doesn't match.

I think this implementation allows 65 byte signatures with arbitrary bytes after it, not sure if that's a problem.

From the copy() docs: minimum of len(src) and len(dst) (https://pkg.go.dev/builtin#copy)

For example, the following would be seen as valid by this function:

  • <65-bytes-valid-signature>
  • <65-bytes-valid-signature>

As said: I don't think it's problematic, but I think it would be cleaner if this function would only allow signatures of exactly 65 bytes.

wire/wire_test.go Show resolved Hide resolved
@NhoxxKienn
feat: add client wire test
73eef3a 
Signed-off-by: Minh Huy Tran <[email protected]>
@NhoxxKienn
chore: update go.mod
4c96443 
Signed-off-by: Minh Huy Tran <[email protected]>
@NhoxxKienn NhoxxKienn force-pushed the draft/egoistic-funding branch 2 times, most recently from 89961b9 to 5507b04 Compare July 2, 2024 11:21
@NhoxxKienn NhoxxKienn force-pushed the draft/egoistic-funding branch 3 times, most recently from 3f6ca74 to e360848 Compare July 2, 2024 12:13
@NhoxxKienn
Copy link
Contributor Author

Add a test to create go-perun client with the new wire/net/bus in client/client_net_test.go

DragonDev1906
DragonDev1906 requested changes Jul 17, 2024
View reviewed changes
client/test/setup.go

hosts := make([]string, len(names))
for i := 0; i < len(names); i++ {
port, err := findFreePort()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auf lange Sicht wird es vermutlich besser sein eine Funktion zum listener hinzuzufügen (wenn er nicht schon eine hat) um den Port zu bekommen. Einen tcp listener aufzumachen nur um den Port zu bekommen erscheint mir unnötig.

Also effektiv erst die listener erdstellen und dann für jeden listener den Port abfragen (wie es in findFreePorts gemacht wird) + evtl. kleine Anpassung am perun code um diese Funktionalität bereitzustellen.

wire/account.go
if err != nil {
return nil, errors.Wrap(err, "SignHash")
}
sig[64] += 27
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

wenn wir schon sigVSubtract als konstante haben sollten wir die hier auch verwenden. Evtl. ist sigVOffset ein passenderer Name.

wire/account.go
Comment on lines +66 to +68
log.Print("Generated new account with address ", crypto.PubkeyToAddress(privateKey.PublicKey).Hex())

addr := crypto.PubkeyToAddress(privateKey.PublicKey)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
log.Print("Generated new account with address ", crypto.PubkeyToAddress(privateKey.PublicKey).Hex())
addr := crypto.PubkeyToAddress(privateKey.PublicKey)
addr := crypto.PubkeyToAddress(privateKey.PublicKey)
log.Print("Generated new account with address ", addr.Hex())

client/test/tls.go
certPEMs := make([][]byte, numClients)
tlsCerts := make([]tls.Certificate, numClients)

for i := 0; i < numClients; i++ {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Soweit ich es sehe gibt es keinen Grund hier zwei loops zu haben. Stattdessen könnten wir die ganze Logik in eine funktion wie folgende packen, da wir bei der verarbeitung von [i] nichts von [x] x!=i brauchen. Die Funktion hier ruft die neue dann nur in einem loop auf.

// Returns (certPEM, tlsCert, err)
func GenerateSelfSignedCertConfig(commonName string, sans []string) ([]byte, *tls.Config, error)

Das würde den code hier leichter lesbar machen weil man sich nicht mehr Gedanken machen muss ob die richtigen indicies verwendet werden.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DragonDev1906 DragonDev1906 DragonDev1906 requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@NhoxxKienn @DragonDev1906