Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

runtime-sdk/src/modules/core: add "core.KeyManagerPublicKey" call #1996

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

runtime-sdk/src/modules/core: add "core.KeyManagerPublicKey" call #1996

wants to merge 1 commit into from

Conversation

CedarMist
Copy link
Member

@CedarMist CedarMist commented Sep 20, 2024
edited
Loading

Re: oasisprotocol/sapphire-paratime#366

Adds core.KeyManagerPublicKey which returns the runtime signing public key.

This key signs the ephemeral keys, one of which is the per-epoch call data public key, used for encrypting transaction data.

I have modified core.CallDataPublicKey to return both the Runtime ID and the Key Pair ID, both of these are necessary information to validate the signature. The remaining information (such as the checksum, expiration & epoch) are already returned by core.CallDataPublicKey

TODO

  • Validate calldatapublickey in JS client.
  • Return key_pair_id and runtime_id from core.CallDataPublicKey
  • Return only 32 byte runtime signing public key from core.KeyManagerPublicKey
  • Add tests to ensure coverage

Result is the 32 byte runtime signing public key.

@CedarMist CedarMist added enhancement New feature or request c:runtime-sdk Category: Runtime SDK rust labels Sep 20, 2024
@CedarMist CedarMist self-assigned this Sep 20, 2024
@netlify Netlify
Copy link

netlify bot commented Sep 20, 2024
edited
Loading

Deploy Preview for oasisprotocol-oasis-sdk canceled.

Name Link
🔨 Latest commit 50658ab
🔍 Latest deploy log https://app.netlify.com/sites/oasisprotocol-oasis-sdk/deploys/671b4fcf12e0100008bb3c09

@CedarMist CedarMist force-pushed the CedarMist/GetPublicKey branch 6 times, most recently from 665ad13 to 64c77d4 Compare September 21, 2024 01:07
@CedarMist CedarMist marked this pull request as ready for review September 21, 2024 01:15
@CedarMist CedarMist marked this pull request as draft September 21, 2024 01:16
@codecov Codecov
Copy link

codecov bot commented Sep 21, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 10.52632% with 17 lines in your changes missing coverage. Please review.

Project coverage is 59.10%. Comparing base (f735ef9) to head (3d06649).
Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
runtime-sdk/src/modules/core/mod.rs 10.52% 17 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1996      +/-   ##
==========================================
- Coverage   59.20%   59.10%   -0.10%     
==========================================
  Files         129      129              
  Lines        9592     9611      +19     
==========================================
+ Hits         5679     5681       +2     
- Misses       3913     3930      +17

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@CedarMist CedarMist force-pushed the CedarMist/GetPublicKey branch 2 times, most recently from 168b68e to 2e959ec Compare September 21, 2024 13:38
@CedarMist CedarMist changed the title runtime-sdk/src/modules/core: add "core.PublicKey" call runtime-sdk/src/modules/core: add "core.KeyManagerPublicKey" call Sep 21, 2024
@CedarMist
Copy link
Member Author

So, ran into some problems.

So secrets::get_public_ephemeral_key uses kdf.sign_pubic_key, which signs the key using kdf.inner.signer
But... I can't get the inner.signer public key through the keymanager API, and it's not the long term key pair (which I assumed had been signing the ephemeral keypairs) that I need - it's the signer
signer is derived from derive_signing_key with the master secret & runtime ID, and the ekiden-derive-signing-key namespace, whereas long-term keys are derived using ekiden-derive-runtime-secret namespace via get_or_create_longterm_keys

@CedarMist
Copy link
Member Author

Relies on oasisprotocol/oasis-core#5865 being merged into oasis-core, so we can use it in new oasis-sdk.

@kostko
Copy link
Member

kostko commented Oct 16, 2024
edited
Loading

This is now available in the main branch that uses Oasis Core 24.3.

The key manager trait now provides runtime_id and runtime_signing_key.

@kostko kostko removed the blocked label Oct 16, 2024
peternose
peternose reviewed Oct 24, 2024
View reviewed changes
runtime-sdk/src/modules/core/types.rs Outdated Show resolved Hide resolved
runtime-sdk/src/modules/core/types.rs Show resolved Hide resolved
runtime-sdk/src/modules/core/mod.rs Outdated Show resolved Hide resolved
@CedarMist CedarMist force-pushed the CedarMist/GetPublicKey branch 2 times, most recently from c61bd75 to 1061a46 Compare October 25, 2024 07:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@peternose peternose peternose left review comments

@kostko kostko Awaiting requested review from kostko kostko is a code owner

@pro-wh pro-wh Awaiting requested review from pro-wh pro-wh is a code owner

@ptrus ptrus Awaiting requested review from ptrus ptrus is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@CedarMist CedarMist

Labels
c:runtime-sdk Category: Runtime SDK enhancement New feature or request rust
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@CedarMist @kostko @peternose