Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[refactor]: Remove ursa dependency #3422

Closed
appetrosyan opened this issue Apr 25, 2023 · 0 comments
Closed

[refactor]: Remove ursa dependency #3422

appetrosyan opened this issue Apr 25, 2023 · 0 comments
Assignees
@DCNick3
Labels
api-changes Changes in the API for client libraries crypto Dead code iroha2-dev The re-implementation of a BFT hyperledger in RUST Security This issue asks for improved security

Comments

@appetrosyan
Copy link
Contributor

appetrosyan commented Apr 25, 2023
edited
Loading

Hyperledger Ursa is rightfully considered EOL. We have no incentive to use ursa over any library given that at this point we're also the only people maintaining it and also the only people using it.

Under these circumstances it is advised to remove the direct dependency on ursa and instead extract the code paths which are used in iroha_crypto. Ursa-specific implementations of cryptographic primitives should be added to iroha_crypto directly.
@appetrosyan appetrosyan added the iroha2-dev The re-implementation of a BFT hyperledger in RUST label Apr 25, 2023
@appetrosyan appetrosyan self-assigned this Apr 25, 2023
@appetrosyan appetrosyan added api-changes Changes in the API for client libraries Dead code Security This issue asks for improved security labels Apr 25, 2023
@QuentinI QuentinI mentioned this issue Apr 25, 2023
Open
5 tasks
@mversic mversic assigned DCNick3 and unassigned appetrosyan Oct 19, 2023
DCNick3 added a commit to DCNick3/iroha that referenced this issue Nov 9, 2023
@DCNick3
[refactor] hyperledger#3422: Use blake2 crate without going through ursa
34c4819 
Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit to DCNick3/iroha that referenced this issue Nov 9, 2023
@DCNick3
[refactor] hyperledger#3422: transplant BLS code from ursa, adapt to …
1a84b6e 
…iroha_crypto types

Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit to DCNick3/iroha that referenced this issue Nov 9, 2023
@DCNick3
[refactor] hyperledger#3422: transplant Ed25519 and Secp256k1 code fr…
3546a47 
…om ursa

Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit to DCNick3/iroha that referenced this issue Nov 9, 2023
@DCNick3
[refactor] hyperledger#3422: transplant X25519Sha256 and ChaCha20Poly…
fa8bc9d 
…1305 code from ursa, migrate iroha_p2p to use it

Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit to DCNick3/iroha that referenced this issue Nov 9, 2023
@DCNick3
[refactor] hyperledger#3422: remove ursa from dependencies 🎉
d80b803 
Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit to DCNick3/iroha that referenced this issue Nov 9, 2023
@DCNick3
[refactor] hyperledger#3422: bump iroha_crypto deps
d95e00d 
Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit to DCNick3/iroha that referenced this issue Nov 9, 2023
@DCNick3
[refactor] hyperledger#3422: remove unused code from secp256k1
2dde099 
Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit to DCNick3/iroha that referenced this issue Nov 9, 2023
@DCNick3
[refactor] hyperledger#3422: refactor bls to not use large macro blocks
64cd252 
This also removes bls signature aggregation and rogue key mitigation, as iroha does not and probably will not use aggregated signatures

Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit to DCNick3/iroha that referenced this issue Nov 9, 2023
@DCNick3
[refactor] hyperledger#3422: migrate iroha_crypto to use k256
ba9cdb9 
This makes all the dependency tree of iroha_crypto wasm-compatible (except `getrandom`, which either requires a "js" feature enabled when used from web, or a custom getrandom implementation in other cases)

Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit to DCNick3/iroha that referenced this issue Nov 9, 2023
@DCNick3
[refactor] hyperledger#3422: Clean up the API & resurrect ursa tests
c012d65 
Clean up the API a bit:
- hide the implementation details of signatures (they are only used through the PublicKey, PrivateKey and Signature types)
- remove even more unused API functions
- add missing documentation items

Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
This was referenced Nov 9, 2023
Closed
Closed
Merged
DCNick3 added a commit to DCNick3/iroha that referenced this issue Nov 10, 2023
@DCNick3
[refactor] hyperledger#3422: Use blake2 crate without going through ursa
cae815a 
Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit to DCNick3/iroha that referenced this issue Nov 10, 2023
@DCNick3
[refactor] hyperledger#3422: transplant BLS code from ursa, adapt to …
742385d 
…iroha_crypto types

Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit to DCNick3/iroha that referenced this issue Nov 10, 2023
@DCNick3
[refactor] hyperledger#3422: transplant Ed25519 and Secp256k1 code fr…
f5e00dc 
…om ursa

Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit to DCNick3/iroha that referenced this issue Nov 10, 2023
@DCNick3
[refactor] hyperledger#3422: transplant X25519Sha256 and ChaCha20Poly…
3b8bf16 
…1305 code from ursa, migrate iroha_p2p to use it

Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit to DCNick3/iroha that referenced this issue Nov 10, 2023
@DCNick3
[refactor] hyperledger#3422: remove ursa from dependencies 🎉
ae0b7dc 
Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit to DCNick3/iroha that referenced this issue Nov 10, 2023
@DCNick3
[refactor] hyperledger#3422: bump iroha_crypto deps
2611b4c 
Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit to DCNick3/iroha that referenced this issue Nov 10, 2023
@DCNick3
[refactor] hyperledger#3422: remove unused code from secp256k1
780dce3 
Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit to DCNick3/iroha that referenced this issue Nov 10, 2023
@DCNick3
[refactor] hyperledger#3422: refactor bls to not use large macro blocks
b56e70a 
This also removes bls signature aggregation and rogue key mitigation, as iroha does not and probably will not use aggregated signatures

Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit to DCNick3/iroha that referenced this issue Nov 10, 2023
@DCNick3
[refactor] hyperledger#3422: migrate iroha_crypto to use k256
817a17f 
This makes all the dependency tree of iroha_crypto wasm-compatible (except `getrandom`, which either requires a "js" feature enabled when used from web, or a custom getrandom implementation in other cases)

Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
mversic pushed a commit to DCNick3/iroha that referenced this issue Nov 20, 2023
@DCNick3 @mversic
[refactor] hyperledger#3422: clean up some ursa tests: remove redunda…
4c14361 
…nt result.is_ok() checks

Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
mversic pushed a commit to DCNick3/iroha that referenced this issue Nov 20, 2023
@DCNick3 @mversic
[refactor] hyperledger#3422: remove the misplaced openssl-sys depen…
ff89e85 
…dency from `iroha_crypto` and introduce configurable tls backends to `iroha_client`

openssl-sys was previously added to `iroh_crypto` to allow static builds of openssl with musl libc.

This was somewhat a kludge though, as `iroha_crypto` does not depend on `openssl` (or at least it stopped depending on it after removing `ursa` dependency).

It was used, however, in the client to allow connecting to iroha nodes via HTTPS.

This commit gives the user more freedom in choosing their TLS implementation by providing four features: `tls-native`, `tls-native-vendored`, `tls-rustls-native-roots` and `tls-rustls-webpki-roots`, which mirror corresponding features of `attohttpc` and `tokio-tungstenite`.

Unlike previously, none of the TLS implementations are enabled by default, which is a breaking change

Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit that referenced this issue Nov 20, 2023
@DCNick3
[refactor] #3422: Use blake2 crate without going through ursa
1fc7870 
Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit that referenced this issue Nov 20, 2023
@DCNick3
[refactor] #3422: transplant BLS code from ursa, adapt to iroha_crypt…
63e6658 
…o types

Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit that referenced this issue Nov 20, 2023
@DCNick3
[refactor] #3422: transplant Ed25519 and Secp256k1 code from ursa
a2ff61e 
Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit that referenced this issue Nov 20, 2023
@DCNick3
[refactor] #3422: transplant X25519Sha256 and ChaCha20Poly1305 code f…
746b5dd 
…rom ursa, migrate iroha_p2p to use it

Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit that referenced this issue Nov 20, 2023
@DCNick3
[refactor] #3422: remove ursa from dependencies 🎉
7fa950b 
Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit that referenced this issue Nov 20, 2023
@DCNick3
[refactor] #3422: bump iroha_crypto deps
cc70288 
Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit that referenced this issue Nov 20, 2023
@DCNick3
[refactor] #3422: remove unused code from secp256k1
fe3fc43 
Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit that referenced this issue Nov 20, 2023
@DCNick3
[refactor] #3422: refactor bls to not use large macro blocks
8292043 
This also removes bls signature aggregation and rogue key mitigation, as iroha does not and probably will not use aggregated signatures

Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit that referenced this issue Nov 20, 2023
@DCNick3
[refactor] #3422: migrate iroha_crypto to use k256
d57bffd 
This makes all the dependency tree of iroha_crypto wasm-compatible (except `getrandom`, which either requires a "js" feature enabled when used from web, or a custom getrandom implementation in other cases)

Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit that referenced this issue Nov 20, 2023
@DCNick3
[refactor] #3422: Clean up the API & resurrect ursa tests
304d7cc 
Clean up the API a bit:
- hide the implementation details of signatures (they are only used through the PublicKey, PrivateKey and Signature types)
- remove even more unused API functions
- add missing documentation items

Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit that referenced this issue Nov 20, 2023
@DCNick3
[refactor] #3422: do not leak error type from aead crate, allows re…
08e28dc 
…moving dep of iroha_p2p on aead. Also remove buffer-based API from iroha_crypto, it's not used anyways.

Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit that referenced this issue Nov 20, 2023
@DCNick3
[refactor] #3422: clean up some ursa tests: remove redundant result.i…
1f7bb71 
…s_ok() checks

Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit that referenced this issue Nov 20, 2023
@DCNick3
[refactor] #3422: remove the misplaced openssl-sys dependency from …
df41226 
…`iroha_crypto` and introduce configurable tls backends to `iroha_client`

openssl-sys was previously added to `iroh_crypto` to allow static builds of openssl with musl libc.

This was somewhat a kludge though, as `iroha_crypto` does not depend on `openssl` (or at least it stopped depending on it after removing `ursa` dependency).

It was used, however, in the client to allow connecting to iroha nodes via HTTPS.

This commit gives the user more freedom in choosing their TLS implementation by providing four features: `tls-native`, `tls-native-vendored`, `tls-rustls-native-roots` and `tls-rustls-webpki-roots`, which mirror corresponding features of `attohttpc` and `tokio-tungstenite`.

Unlike previously, none of the TLS implementations are enabled by default, which is a breaking change

Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit to DCNick3/iroha that referenced this issue Nov 22, 2023
@DCNick3
[refactor] hyperledger#3422: Use blake2 crate without going through ursa
79a5f68 
Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit to DCNick3/iroha that referenced this issue Nov 22, 2023
@DCNick3
[refactor] hyperledger#3422: transplant BLS code from ursa, adapt to …
45e8dcc 
…iroha_crypto types

Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit to DCNick3/iroha that referenced this issue Nov 22, 2023
@DCNick3
[refactor] hyperledger#3422: transplant Ed25519 and Secp256k1 code fr…
88009e6 
…om ursa

Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit to DCNick3/iroha that referenced this issue Nov 22, 2023
@DCNick3
[refactor] hyperledger#3422: transplant X25519Sha256 and ChaCha20Poly…
a37e566 
…1305 code from ursa, migrate iroha_p2p to use it

Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit to DCNick3/iroha that referenced this issue Nov 22, 2023
@DCNick3
[refactor] hyperledger#3422: remove ursa from dependencies 🎉
1a7f466 
Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit to DCNick3/iroha that referenced this issue Nov 22, 2023
@DCNick3
[refactor] hyperledger#3422: bump iroha_crypto deps
3d3bccf 
Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit to DCNick3/iroha that referenced this issue Nov 22, 2023
@DCNick3
[refactor] hyperledger#3422: remove unused code from secp256k1
6ac11bc 
Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit to DCNick3/iroha that referenced this issue Nov 22, 2023
@DCNick3
[refactor] hyperledger#3422: refactor bls to not use large macro blocks
f381f43 
This also removes bls signature aggregation and rogue key mitigation, as iroha does not and probably will not use aggregated signatures

Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit to DCNick3/iroha that referenced this issue Nov 22, 2023
@DCNick3
[refactor] hyperledger#3422: migrate iroha_crypto to use k256
cba0933 
This makes all the dependency tree of iroha_crypto wasm-compatible (except `getrandom`, which either requires a "js" feature enabled when used from web, or a custom getrandom implementation in other cases)

Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit to DCNick3/iroha that referenced this issue Nov 22, 2023
@DCNick3
[refactor] hyperledger#3422: Clean up the API & resurrect ursa tests
6ac8415 
Clean up the API a bit:
- hide the implementation details of signatures (they are only used through the PublicKey, PrivateKey and Signature types)
- remove even more unused API functions
- add missing documentation items

Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit to DCNick3/iroha that referenced this issue Nov 22, 2023
@DCNick3
[refactor] hyperledger#3422: do not leak error type from aead crate…
0559b59 
…, allows removing dep of iroha_p2p on aead. Also remove buffer-based API from iroha_crypto, it's not used anyways.

Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit to DCNick3/iroha that referenced this issue Nov 22, 2023
@DCNick3
[refactor] hyperledger#3422: clean up some ursa tests: remove redunda…
f8772b8 
…nt result.is_ok() checks

Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 added a commit to DCNick3/iroha that referenced this issue Nov 22, 2023
@DCNick3
[refactor] hyperledger#3422: remove the misplaced openssl-sys depen…
035a760 
…dency from `iroha_crypto` and introduce configurable tls backends to `iroha_client`

openssl-sys was previously added to `iroh_crypto` to allow static builds of openssl with musl libc.

This was somewhat a kludge though, as `iroha_crypto` does not depend on `openssl` (or at least it stopped depending on it after removing `ursa` dependency).

It was used, however, in the client to allow connecting to iroha nodes via HTTPS.

This commit gives the user more freedom in choosing their TLS implementation by providing four features: `tls-native`, `tls-native-vendored`, `tls-rustls-native-roots` and `tls-rustls-webpki-roots`, which mirror corresponding features of `attohttpc` and `tokio-tungstenite`.

Unlike previously, none of the TLS implementations are enabled by default, which is a breaking change

Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
@DCNick3 DCNick3 added the crypto label Jan 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DCNick3 DCNick3

Labels
api-changes Changes in the API for client libraries crypto Dead code iroha2-dev The re-implementation of a BFT hyperledger in RUST Security This issue asks for improved security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@DCNick3 @appetrosyan @dmitrivenger