Support using P-256 keys for block and transaction signing #491
Conversation
Am I understanding correctly that verify-sys can be used to verify nist and k1 curves? |
Yes. Also brainpool and other more obscure curves. |
Any reason not to switch everything to this and delete verify-ec-sys? |
I haven't checked performance. secp256k1 is more optimized. |
| } | ||
| else if (key.service.str() == "verify-sys") | ||
| { | ||
| result = std::make_shared<OpenSSLProver>(key.service, key.rawData); |
There was a problem hiding this comment.
Shouldn't the key data be fracpacked?
There was a problem hiding this comment.
Why? It's already in a binary format.
There was a problem hiding this comment.
Just noticed that the k1 key is expected to be packed, why is it different?
There was a problem hiding this comment.
The k1 key is actually a variant<k1_key, r1_key>, so it needs additional encoding. The BER encoded key already contains a discriminator to identify the type of key. I don't see any reason to add another layer of wrapping.
| @@ -52,6 +52,7 @@ const ACCOUNTS: [AccountNumber; 27] = [ | |||
| account!("token-sys"), | |||
| transaction_sys::SERVICE, | |||
| account!("verifyec-sys"), | |||
| account!("verify-sys"), | |||
There was a problem hiding this comment.
The names are a bit misleading now, since nist curves are ec, but can only be verified with verify-sys. Maybe rename verifyec-sys to verifyk1-sys?
James-Mart
added
the
Node infra
- Botan requires a larger stack to initialize the oid tables - raw_hash needs to be available
- Change account-sys and common-sys to use auth-sys instead of auth-ec-sys and adjust key and signature formats
James-Mart
changed the title
James-Mart
changed the title
|
The current performance numbers don't look good. I'm going to check how much of that is global initialization.
|
Most of the cost appears to be in initializing tables for EC group operations. |
|
Tests are failing because binaryen 105 (from ubuntu 22.04) doesn't fully support v128. |
|
Can't we just change the 22.04 image to use the version of binaryen currently installed in 20.04? |
We could, but I'd rather minimize our dependence on non-system packages. I didn't see any significant performance difference for this service. We can reconsider minimum versions in six months when 24.04 ships. |
Limitations: - psibase chooses the auth service based on whether the key is base58 (auth-ec-sys) or PEM (auth-sys). Since it does not query the chain, there is no other way to deduce the auth service. - The PEM encoded keys must be put directly on the command line. Reading a file is not supported. - The private key always signs using a compressed public key, but the public keys are not normalized. This can lead to signatures not being recognized unless the user is careful about managing encodings.
Motivation
The NIST curves are much more widely supported than secp256k1. Adding them will give us better compatibility with third party software and hardware.
Data formats
PKCS #8Verify Service
The VerifySys service (
verify-sys) uses Botan. Botan supports picking out only the required components much better than openssl does and compiles to WASM with only minimal tweaks. The main patch I needed to make was to add a stub exception library that simply aborts when an exception is thrown. VerifySys supports both named curves and arbitrary curves with explicit domain parameters. However, only 256-bit curves are useful right now, because SHA256 is applied by native.Block Signing
Native block signing is supported using OpenSSL. Any private key supported by OpenSSL can be used to sign, however key generation is not configurable and always generates an r1 key. As with VerifySys, the use of SHA256 is hard-coded.
psibase command line support
All key command line arguments can be either base58 encoded keys as before or the name of a file containing a PEM or DER encoded key. A base58 key uses verifyec-sys/auth-ec-sys. ASN.1 encodings use verify-sys/auth-sys. Only k1 keys are supported right now. The public key must be in compressed form and must use the named curve representation of the parameters.
js frontend support
Keys can be either PEM or Base58 encoded. When creating an account, account-sys always uses auth-sys. When signing or importing keys, the auth service will be deduced by querying the chain.