Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update DID DHT Key Type to EdDSA #653

Merged
merged 18 commits into from
Jun 11, 2024
Merged

Update DID DHT Key Type to EdDSA #653

merged 18 commits into from
Jun 11, 2024

Conversation

nitro-neal
Copy link
Contributor

@nitro-neal nitro-neal commented May 31, 2024
edited
Loading

This bug fixes this issue and changes the index 0 key type from Ed25519 to EdDSA (pending change coming to did-dht.com)

image

Here was the issue that was happening which this pr fixes:

When creating a portable did with a jwk like this:

        privateKeys: [
          {
            crv : 'Ed25519',
            d   : 'hdSIwbQwVD-fNOVEgt-k3mMl44Ip1iPi58Ex6VDGxqY',
            kty : 'OKP',
            x   : 'VYKm2SCIV9Vz3BRy-v5R9GHz3EOJCPvZ1_gP1e3XiB0',
            kid : 'cyvOypa6k-4ffsRWcza37s5XVOh1kO9ICUeo1ZxHVM8',
            alg : 'EdDSA',
          }
        ]

(notice Alg is EdDSA)

the resolver gives:

    "verificationMethod": [
      {
        "id": "did:dht:ksbkpsjytbm7kh6hnt3xi91t6to98zndtrrxzsqz9y87m5qztyqo#0#0",
        "type": "JsonWebKey",
        "controller": "did:dht:ksbkpsjytbm7kh6hnt3xi91t6to98zndtrrxzsqz9y87m5qztyqo#0",
        "publicKeyJwk": {
          "kty": "OKP",
          "crv": "Ed25519",
          "x": "VYKm2SCIV9Vz3BRy-v5R9GHz3EOJCPvZ1_gP1e3XiB0",
          "kid": "cyvOypa6k-4ffsRWcza37s5XVOh1kO9ICUeo1ZxHVM8",
          "alg": "Ed25519"
        }
      }
    ],

(notice alg is Ed25519)

The solution was to change the actual did dht spec so that this does not happen and allows use to verify jwts with did dht

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented May 31, 2024
edited
Loading

🦋 Changeset detected

Latest commit: 62a0a73

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@web5/credentials Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

nitro-neal
nitro-neal commented May 31, 2024
View reviewed changes
pnpm-lock.yaml
specifier: 1.0.0
version: 1.0.0
specifier: 1.0.1
version: link:../common
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this fine?

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 31, 2024
edited
Loading

TBDocs Report

✅ No errors or warnings

@web5/api

  • Project entry file: packages/api/src/index.ts

@web5/crypto

  • Project entry file: packages/crypto/src/index.ts

@web5/crypto-aws-kms

  • Project entry file: packages/crypto-aws-kms/src/index.ts

@web5/dids

  • Project entry file: packages/dids/src/index.ts

@web5/credentials

  • Project entry file: packages/credentials/src/index.ts

TBDocs Report Updated at 2024-06-11T22:50:23Z 62a0a73

@codecov Codecov
Copy link

codecov bot commented May 31, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 90.90%. Comparing base (2fc32ba) to head (62a0a73).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #653      +/-   ##
==========================================
+ Coverage   90.81%   90.90%   +0.09%     
==========================================
  Files         119      119              
  Lines       30101    30106       +5     
  Branches     2243     2249       +6     
==========================================
+ Hits        27337    27369      +32     
+ Misses       2729     2702      -27     
  Partials       35       35
Components Coverage Δ
agent 80.85% <ø> (ø)
api 94.01% <ø> (ø)
common 98.68% <ø> (ø)
credentials 94.88% <ø> (ø)
crypto 93.81% <ø> (ø)
dids 97.77% <100.00%> (+0.44%) ⬆️
identity-agent 96.70% <ø> (ø)
crypto-aws-kms 100.00% <ø> (ø)
proxy-agent 96.70% <ø> (ø)
user-agent 96.70% <ø> (ø)

@nitro-neal nitro-neal changed the title updates to did dht spec Update DID DHT Key Type to EdDSA May 31, 2024
@nitro-neal nitro-neal marked this pull request as ready for review May 31, 2024 18:29
thehenrytsai
thehenrytsai reviewed May 31, 2024
View reviewed changes
packages/credentials/tests/jwt.spec.ts Outdated

it('successful verify with did:dht', async () => {
const hexString =
'0ab2b3386e22595e1271e7ef67fda70c37acf7d28b8c884a6fdcbb0ea739f341' +
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not a fan of opaque inputs to tests. Can you update and enable vector tests accordingly for the js implementation and call out in #638 that the kid changes must be reverted when 638 is fixed.

I think they should cover this change. Let me know if I am not making sense!

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This test tests the Jwt.sign / verify with did dht, (the reason we had to change the spec a bit in the first place)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Got it, assuming the main intent of this test is to test sign and verify, can we avoid using the opaque hex string in the test since it is besides the point?

@nitro-neal nitro-neal mentioned this pull request Jun 3, 2024
Closed
@nitro-neal
Copy link
Contributor Author

I have turned the test vectors back on, they can pass by either:

  1. what i've done here in the pr, changing the kid in the test vector
    OR
  2. I can add this line to our fromDnsPacket parsing:
          if(dnsRecordId === 'k0') {
            publicKey.kid = '0';
          }

image

Not sure which way is right at this point! but feel free to let me know which way we want to go

decentralgabe
decentralgabe previously approved these changes Jun 3, 2024
View reviewed changes
@nitro-neal
Copy link
Contributor Author

I have updated,

added this line:

   if(dnsRecordId === 'k0') {
     publicKey.kid = '0';
   }

And chnaged the test vectors to have kid as 0 again

decentralgabe
decentralgabe previously approved these changes Jun 6, 2024
View reviewed changes
thehenrytsai
thehenrytsai approved these changes Jun 11, 2024
View reviewed changes
Copy link
Member

@thehenrytsai thehenrytsai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀

@nitro-neal nitro-neal merged commit 65b577b into main Jun 11, 2024
35 checks passed
@nitro-neal nitro-neal deleted the did-dht-default-key branch June 11, 2024 23:19
@github-actions github-actions bot mentioned this pull request Jun 11, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thehenrytsai thehenrytsai thehenrytsai approved these changes

@decentralgabe decentralgabe decentralgabe left review comments

@csuwildcat csuwildcat Awaiting requested review from csuwildcat csuwildcat is a code owner

@diehuxx diehuxx Awaiting requested review from diehuxx

@LiranCohen LiranCohen Awaiting requested review from LiranCohen LiranCohen is a code owner

@shamilovtim shamilovtim Awaiting requested review from shamilovtim shamilovtim is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nitro-neal @decentralgabe @thehenrytsai