Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ECDSA signatures over NIST-P256 to aptos-crypto #9594

Merged
merged 51 commits into from
Oct 18, 2023
Merged

Add ECDSA signatures over NIST-P256 to aptos-crypto #9594

merged 51 commits into from
Oct 18, 2023

Conversation

mstraka100
Copy link
Contributor

Description

This PR adds support for ECDSA signatures over NIST-P256, inside of the aptos-crypto crate. This is necessary for adding transaction authenticators that interact with popular implementations of the WebAuthn standard. The API for this signature scheme is identical to that of the already-implemented EdDSA over Ed25519 signature scheme. Signatures are guaranteed to be output in canonical form, and signatures not in this form are rejected by verification, to prevent malleability attacks.

Test Plan

Unit tests are included in crates/aptos-crypto/unit_tests/p256_test.rs. They can be run with cargo test in crates/aptos-crypto.

@mstraka100 mstraka100 requested a review from hariria August 10, 2023 14:42
@mstraka100 mstraka100 requested a review from alinush as a code owner August 10, 2023 14:42
@mstraka100 mstraka100 self-assigned this Aug 10, 2023
hariria
hariria reviewed Aug 10, 2023
View reviewed changes
Cargo.toml Outdated Show resolved Hide resolved
crates/aptos-crypto/Cargo.toml Outdated Show resolved Hide resolved
crates/aptos-crypto/src/p256/p256_keys.rs Outdated Show resolved Hide resolved
crates/aptos-crypto/src/p256/p256_keys.rs Outdated Show resolved Hide resolved
types/src/transaction/authenticator.rs Outdated Show resolved Hide resolved
@alinush alinush changed the title Add ECDSA Signature Scheme Over NIST-P256 Add ECDSA signatures over NIST-P256 to aptos-crypto Aug 10, 2023
mstraka100 and others added 4 commits August 10, 2023 17:08
@mstraka100
smaller Cargo.lock
b760539
@mstraka100
small edits
9ab4170
@mstraka100
Merge branch 'main' into michael/P256
82ec02c
@gedigi @ibalajiarun
Update workflows (#9650)
e9e1846 
* Update semgrep.yaml to also run daily

* update semgrep rule

* fix workflows

* Update .github/workflows/semgrep.yaml

Co-authored-by: Balaji Arun <[email protected]>

---------

Co-authored-by: Balaji Arun <[email protected]>
@ibalajiarun ibalajiarun requested review from a team as code owners August 14, 2023 20:28
@mstraka100 mstraka100 enabled auto-merge (squash) October 18, 2023 22:02
@github-actions

This comment has been minimized.

Sign in to view
@github-actions

This comment has been minimized.

Sign in to view
@github-actions

This comment has been minimized.

Sign in to view
@github-actions

This comment has been minimized.

Sign in to view
@github-actions

This comment has been minimized.

Sign in to view
@github-actions

This comment has been minimized.

Sign in to view
@github-actions
Copy link
Contributor

✅ Forge suite compat success on aptos-node-v1.6.2 ==> 9bc659698de608f84b6836e2e4ef8cfe0883b947

Compatibility test results for aptos-node-v1.6.2 ==> 9bc659698de608f84b6836e2e4ef8cfe0883b947 (PR)
1. Check liveness of validators at old version: aptos-node-v1.6.2
compatibility::simple-validator-upgrade::liveness-check : committed: 4153 txn/s, latency: 6985 ms, (p50: 6600 ms, p90: 9900 ms, p99: 13300 ms), latency samples: 174460
2. Upgrading first Validator to new version: 9bc659698de608f84b6836e2e4ef8cfe0883b947
compatibility::simple-validator-upgrade::single-validator-upgrade : committed: 1850 txn/s, latency: 15821 ms, (p50: 18400 ms, p90: 22200 ms, p99: 22500 ms), latency samples: 92540
3. Upgrading rest of first batch to new version: 9bc659698de608f84b6836e2e4ef8cfe0883b947
compatibility::simple-validator-upgrade::half-validator-upgrade : committed: 1780 txn/s, latency: 16271 ms, (p50: 19100 ms, p90: 22300 ms, p99: 22700 ms), latency samples: 92600
4. upgrading second batch to new version: 9bc659698de608f84b6836e2e4ef8cfe0883b947
compatibility::simple-validator-upgrade::rest-validator-upgrade : committed: 3457 txn/s, latency: 8883 ms, (p50: 9800 ms, p90: 11800 ms, p99: 12900 ms), latency samples: 145220
5. check swarm health
Compatibility test for aptos-node-v1.6.2 ==> 9bc659698de608f84b6836e2e4ef8cfe0883b947 passed
Test Ok

@github-actions
Copy link
Contributor

❌ Forge suite framework_upgrade failure on aptos-node-v1.5.1 ==> 9bc659698de608f84b6836e2e4ef8cfe0883b947

Compatibility test results for aptos-node-v1.5.1 ==> 9bc659698de608f84b6836e2e4ef8cfe0883b947 (PR)
Upgrade the nodes to version: 9bc659698de608f84b6836e2e4ef8cfe0883b947
Test Failed: API error: Unknown error error sending request for url (http://aptos-node-3-validator.forge-framework-upgrade-pr-9594.svc:8080/v1/accounts/0000000000000000000000000000000000000000000000000000000000000001/resource/0x1::block::BlockResource): error trying to connect: dns error: failed to lookup address information: Name or service not known

Stack backtrace:
   0: <core::result::Result<T,F> as core::ops::try_trait::FromResidual<core::result::Result<core::convert::Infallible,E>>>::from_residual
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/core/src/result.rs:1961:27
      aptos_release_builder::validate::NetworkConfig::increase_lockup::{{closure}}
             at ./aptos-move/aptos-release-builder/src/validate.rs:383:9
      aptos_release_builder::validate::execute_release::{{closure}}
             at ./aptos-move/aptos-release-builder/src/validate.rs:404:38
      aptos_release_builder::validate::validate_config_and_generate_release::{{closure}}
             at ./aptos-move/aptos-release-builder/src/validate.rs:493:6
      aptos_release_builder::validate::validate_config::{{closure}}
             at ./aptos-move/aptos-release-builder/src/validate.rs:479:80
      tokio::runtime::park::CachedParkThread::block_on::{{closure}}
             at /usr/local/cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.29.1/src/runtime/park.rs:283:63
      tokio::runtime::coop::with_budget
             at /usr/local/cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.29.1/src/runtime/coop.rs:107:5
      tokio::runtime::coop::budget
             at /usr/local/cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.29.1/src/runtime/coop.rs:73:5
      tokio::runtime::park::CachedParkThread::block_on
             at /usr/local/cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.29.1/src/runtime/park.rs:283:31
   1: tokio::runtime::context::blocking::BlockingRegionGuard::block_on
             at /usr/local/cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.29.1/src/runtime/context/blocking.rs:66:9
      tokio::runtime::scheduler::multi_thread::MultiThread::block_on::{{closure}}
             at /usr/local/cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.29.1/src/runtime/scheduler/multi_thread/mod.rs:87:13
      tokio::runtime::context::runtime::enter_runtime
             at /usr/local/cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.29.1/src/runtime/context/runtime.rs:65:16
   2: tokio::runtime::scheduler::multi_thread::MultiThread::block_on
             at /usr/local/cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.29.1/src/runtime/scheduler/multi_thread/mod.rs:86:9
      tokio::runtime::runtime::Runtime::block_on
             at /usr/local/cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.29.1/src/runtime/runtime.rs:313:50
   3: <aptos_testcases::framework_upgrade::FrameworkUpgrade as aptos_forge::interface::network::NetworkTest>::run
             at ./testsuite/testcases/src/framework_upgrade.rs:97:9
   4: aptos_forge::runner::Forge<F>::run::{{closure}}
             at ./testsuite/forge/src/runner.rs:598:42
      aptos_forge::runner::run_test
             at ./testsuite/forge/src/runner.rs:666:11
      aptos_forge::runner::Forge<F>::run
             at ./testsuite/forge/src/runner.rs:598:30
   5: forge::run_forge
             at ./testsuite/forge-cli/src/main.rs:414:11
      forge::main
             at ./testsuite/forge-cli/src/main.rs:340:21
   6: core::ops::function::FnOnce::call_once
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/core/src/ops/function.rs:250:5
      std::sys_common::backtrace::__rust_begin_short_backtrace
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/std/src/sys_common/backtrace.rs:135:18
   7: std::rt::lang_start::{{closure}}
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/std/src/rt.rs:166:18
   8: core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &F>::call_once
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/core/src/ops/function.rs:284:13
      std::panicking::try::do_call
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/std/src/panicking.rs:500:40
      std::panicking::try
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/std/src/panicking.rs:464:19
      std::panic::catch_unwind
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/std/src/panic.rs:142:14
      std::rt::lang_start_internal::{{closure}}
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/std/src/rt.rs:148:48
      std::panicking::try::do_call
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/std/src/panicking.rs:500:40
      std::panicking::try
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/std/src/panicking.rs:464:19
      std::panic::catch_unwind
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/std/src/panic.rs:142:14
      std::rt::lang_start_internal
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/std/src/rt.rs:148:20
   9: main
  10: __libc_start_main
  11: _start
Trailing Log Lines:
      std::panicking::try
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/std/src/panicking.rs:464:19
      std::panic::catch_unwind
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/std/src/panic.rs:142:14
      std::rt::lang_start_internal
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/std/src/rt.rs:148:20
   9: main
  10: __libc_start_main
  11: _start


Swarm logs can be found here: See fgi output for more information.
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: ApiError: namespaces "forge-framework-upgrade-pr-9594" not found: NotFound (ErrorResponse { status: "Failure", message: "namespaces \"forge-framework-upgrade-pr-9594\" not found", reason: "NotFound", code: 404 })

Caused by:
    namespaces "forge-framework-upgrade-pr-9594" not found: NotFound

Stack backtrace:
   0: <core::result::Result<T,F> as core::ops::try_trait::FromResidual<core::result::Result<core::convert::Infallible,E>>>::from_residual
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/core/src/result.rs:1961:27
      aptos_forge::backend::k8s::cluster_helper::delete_k8s_cluster::{{closure}}
             at ./testsuite/forge/src/backend/k8s/cluster_helper.rs:289:13
   1: aptos_forge::backend::k8s::cluster_helper::uninstall_testnet_resources::{{closure}}
             at ./testsuite/forge/src/backend/k8s/cluster_helper.rs:399:48
      tokio::runtime::park::CachedParkThread::block_on::{{closure}}
             at /usr/local/cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.29.1/src/runtime/park.rs:283:63
      tokio::runtime::coop::with_budget
             at /usr/local/cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.29.1/src/runtime/coop.rs:107:5
      tokio::runtime::coop::budget
             at /usr/local/cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.29.1/src/runtime/coop.rs:73:5
      tokio::runtime::park::CachedParkThread::block_on
             at /usr/local/cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.29.1/src/runtime/park.rs:283:31
   2: tokio::runtime::context::blocking::BlockingRegionGuard::block_on
             at /usr/local/cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.29.1/src/runtime/context/blocking.rs:66:9
      tokio::runtime::scheduler::multi_thread::MultiThread::block_on::{{closure}}
             at /usr/local/cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.29.1/src/runtime/scheduler/multi_thread/mod.rs:87:13
      tokio::runtime::context::runtime::enter_runtime
             at /usr/local/cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.29.1/src/runtime/context/runtime.rs:65:16
   3: tokio::runtime::scheduler::multi_thread::MultiThread::block_on
             at /usr/local/cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.29.1/src/runtime/scheduler/multi_thread/mod.rs:86:9
      tokio::runtime::runtime::Runtime::block_on
             at /usr/local/cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.29.1/src/runtime/runtime.rs:313:50
      <aptos_forge::backend::k8s::swarm::K8sSwarm as core::ops::drop::Drop>::drop
             at ./testsuite/forge/src/backend/k8s/swarm.rs:674:13
   4: core::ptr::drop_in_place<aptos_forge::backend::k8s::swarm::K8sSwarm>
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/core/src/ptr/mod.rs:497:1
   5: core::ptr::drop_in_place<alloc::boxed::Box<dyn aptos_forge::interface::swarm::Swarm>>
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/core/src/ptr/mod.rs:497:1
   6: aptos_forge::runner::Forge<F>::run
             at ./testsuite/forge/src/runner.rs:611:9
   7: forge::run_forge
             at ./testsuite/forge-cli/src/main.rs:414:11
      forge::main
             at ./testsuite/forge-cli/src/main.rs:340:21
   8: core::ops::function::FnOnce::call_once
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/core/src/ops/function.rs:250:5
      std::sys_common::backtrace::__rust_begin_short_backtrace
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/std/src/sys_common/backtrace.rs:135:18
   9: std::rt::lang_start::{{closure}}
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/std/src/rt.rs:166:18
  10: core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &F>::call_once
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/core/src/ops/function.rs:284:13
      std::panicking::try::do_call
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/std/src/panicking.rs:500:40
      std::panicking::try
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/std/src/panicking.rs:464:19
      std::panic::catch_unwind
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/std/src/panic.rs:142:14
      std::rt::lang_start_internal::{{closure}}
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/std/src/rt.rs:148:48
      std::panicking::try::do_call
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/std/src/panicking.rs:500:40
      std::panicking::try
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/std/src/panicking.rs:464:19
      std::panic::catch_unwind
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/std/src/panic.rs:142:14
      std::rt::lang_start_internal
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/std/src/rt.rs:148:20
  11: main
  12: __libc_start_main
  13: _start', testsuite/forge/src/backend/k8s/swarm.rs:676:18
stack backtrace:
   0: rust_begin_unwind
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/std/src/panicking.rs:593:5
   1: core::panicking::panic_fmt
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/core/src/panicking.rs:67:14
   2: core::result::unwrap_failed
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/core/src/result.rs:1651:5
   3: core::result::Result<T,E>::unwrap
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/core/src/result.rs:1076:23
   4: <aptos_forge::backend::k8s::swarm::K8sSwarm as core::ops::drop::Drop>::drop
             at ./testsuite/forge/src/backend/k8s/swarm.rs:674:13
   5: core::ptr::drop_in_place<aptos_forge::backend::k8s::swarm::K8sSwarm>
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/core/src/ptr/mod.rs:497:1
   6: core::ptr::drop_in_place<alloc::boxed::Box<dyn aptos_forge::interface::swarm::Swarm>>
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/core/src/ptr/mod.rs:497:1
   7: aptos_forge::runner::Forge<F>::run
             at ./testsuite/forge/src/runner.rs:611:9
   8: forge::run_forge
             at ./testsuite/forge-cli/src/main.rs:414:11
   9: forge::main
             at ./testsuite/forge-cli/src/main.rs:340:21
  10: core::ops::function::FnOnce::call_once
             at /rustc/d5c2e9c342b358556da91d61ed4133f6f50fc0c3/library/core/src/ops/function.rs:250:5
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
Debugging output:

@github-actions
Copy link
Contributor

✅ Forge suite realistic_env_max_load success on 9bc659698de608f84b6836e2e4ef8cfe0883b947

two traffics test: inner traffic : committed: 8307 txn/s, latency: 4727 ms, (p50: 4500 ms, p90: 5600 ms, p99: 10500 ms), latency samples: 3580660
two traffics test : committed: 100 txn/s, latency: 2270 ms, (p50: 2100 ms, p90: 2700 ms, p99: 5400 ms), latency samples: 1840
Latency breakdown for phase 0: ["QsBatchToPos: max: 0.210, avg: 0.199", "QsPosToProposal: max: 0.150, avg: 0.144", "ConsensusProposalToOrdered: max: 0.578, avg: 0.564", "ConsensusOrderedToCommit: max: 0.532, avg: 0.516", "ConsensusProposalToCommit: max: 1.102, avg: 1.080"]
Max round gap was 1 [limit 4] at version 1172222. Max no progress secs was 5.276887 [limit 10] at version 3637144.
Test Ok

@mstraka100 mstraka100 merged commit fa0e74f into main Oct 18, 2023
@mstraka100 mstraka100 deleted the michael/P256 branch October 18, 2023 22:56
alinush
alinush reviewed Oct 18, 2023
View reviewed changes
crates/aptos-crypto/src/p256_ecdsa/p256_keys.rs
let bignum = BigUint::from_bytes_be(&bytes[..]);
let order = BigUint::from_bytes_be(&ORDER);
let remainder = bignum.mod_floor(&order);
P256PrivateKey::from_bytes_unchecked(&remainder.to_bytes_be()).unwrap()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, documenting for posterity, I traced down the deserialization code to this line, which does indeed use BE.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alinush alinush alinush approved these changes

@hariria hariria hariria left review comments

@zjma zjma zjma approved these changes

@gedigi gedigi Awaiting requested review from gedigi

Assignees

@alinush alinush

@mstraka100 mstraka100

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@mstraka100 @alinush @zjma @gedigi @hariria