Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(wire): add ecdsa authentication to wire #51

Open
wants to merge 8 commits into
base: main
Choose a base branch
from

Conversation

NhoxxKienn
Copy link
Contributor

Wire Identity Authentication

Description

This PR aims to add the ECDSA cryptographic authentication feature to the wire's implementation of perun-eth-backend. The cryptographic key pair is ECDSA, with a signature length of 65, taking inspiration from the wallet implementation of perun-eth-backend. This implementation must be in sync with the wire interface of go-perun 1.11.

Location: wire package

hash := PrefixedHash(msg)
sigCopy := make([]byte, SigLen)
copy(sigCopy, sig)
if len(sigCopy) == SigLen && (sigCopy[SigLen-1] >= sigVSubtract) {
Copy link
Contributor

@DragonDev1906 DragonDev1906 Mar 26, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it intentional that we don't compare sig but we compare the length after we have copied? I don't think it's a problem, but it might be better if we have an early length check and return an error immediately if sig is not of length 65. Could also result in a nicer error message if the length doesn't match.

I think this implementation allows 65 byte signatures with arbitrary bytes after it, not sure if that's a problem.

From the copy() docs: minimum of len(src) and len(dst) (https://pkg.go.dev/builtin#copy)

For example, the following would be seen as valid by this function:

  • <65-bytes-valid-signature>
  • <65-bytes-valid-signature>

As said: I don't think it's problematic, but I think it would be cleaner if this function would only allow signatures of exactly 65 bytes.

wire/wire_test.go Show resolved Hide resolved
Signed-off-by: Minh Huy Tran <[email protected]>
Signed-off-by: Minh Huy Tran <[email protected]>
@NhoxxKienn NhoxxKienn force-pushed the draft/egoistic-funding branch from c2a8f37 to 4c96443 Compare July 2, 2024 11:08
@NhoxxKienn NhoxxKienn force-pushed the draft/egoistic-funding branch 2 times, most recently from 89961b9 to 5507b04 Compare July 2, 2024 11:21
@NhoxxKienn NhoxxKienn force-pushed the draft/egoistic-funding branch 3 times, most recently from 3f6ca74 to e360848 Compare July 2, 2024 12:13
@NhoxxKienn NhoxxKienn force-pushed the draft/egoistic-funding branch from e360848 to 81b5fc8 Compare July 2, 2024 12:30
@NhoxxKienn NhoxxKienn requested a review from DragonDev1906 July 2, 2024 12:37
@NhoxxKienn
Copy link
Contributor Author

Add a test to create go-perun client with the new wire/net/bus in client/client_net_test.go


hosts := make([]string, len(names))
for i := 0; i < len(names); i++ {
port, err := findFreePort()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auf lange Sicht wird es vermutlich besser sein eine Funktion zum listener hinzuzufügen (wenn er nicht schon eine hat) um den Port zu bekommen. Einen tcp listener aufzumachen nur um den Port zu bekommen erscheint mir unnötig.

Also effektiv erst die listener erdstellen und dann für jeden listener den Port abfragen (wie es in findFreePorts gemacht wird) + evtl. kleine Anpassung am perun code um diese Funktionalität bereitzustellen.

if err != nil {
return nil, errors.Wrap(err, "SignHash")
}
sig[64] += 27
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

wenn wir schon sigVSubtract als konstante haben sollten wir die hier auch verwenden. Evtl. ist sigVOffset ein passenderer Name.

Comment on lines +66 to +68
log.Print("Generated new account with address ", crypto.PubkeyToAddress(privateKey.PublicKey).Hex())

addr := crypto.PubkeyToAddress(privateKey.PublicKey)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
log.Print("Generated new account with address ", crypto.PubkeyToAddress(privateKey.PublicKey).Hex())
addr := crypto.PubkeyToAddress(privateKey.PublicKey)
addr := crypto.PubkeyToAddress(privateKey.PublicKey)
log.Print("Generated new account with address ", addr.Hex())

certPEMs := make([][]byte, numClients)
tlsCerts := make([]tls.Certificate, numClients)

for i := 0; i < numClients; i++ {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Soweit ich es sehe gibt es keinen Grund hier zwei loops zu haben. Stattdessen könnten wir die ganze Logik in eine funktion wie folgende packen, da wir bei der verarbeitung von [i] nichts von [x] x!=i brauchen. Die Funktion hier ruft die neue dann nur in einem loop auf.

// Returns (certPEM, tlsCert, err)
func GenerateSelfSignedCertConfig(commonName string, sans []string) ([]byte, *tls.Config, error)

Das würde den code hier leichter lesbar machen weil man sich nicht mehr Gedanken machen muss ob die richtigen indicies verwendet werden.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants