refactor(crypto): CRP-2462 Simplify dependencies of ic-crypto-utils-t…

…hreshold-sig-der

Cargo.toml

@@ -78,7 +78,6 @@ members = [
   "rs/crypto/internal/crypto_lib/sha2",
   "rs/crypto/secrets_containers",
   "rs/crypto/internal/crypto_lib/threshold_sig/bls12_381",
-  "rs/crypto/internal/crypto_lib/threshold_sig/bls12_381/der_utils",
   "rs/crypto/internal/crypto_lib/threshold_sig/tecdsa",
   "rs/crypto/internal/crypto_lib/threshold_sig/tecdsa/test_utils",
   "rs/crypto/internal/crypto_lib/tls",

rs/crypto/internal/crypto_lib/threshold_sig/bls12_381/BUILD.bazel

@@ -10,7 +10,6 @@ package(default_visibility = [
 DEPENDENCIES = [
     "//rs/crypto/internal/crypto_lib/bls12_381/type",
     "//rs/crypto/internal/crypto_lib/seed",
-    "//rs/crypto/internal/crypto_lib/threshold_sig/bls12_381/der_utils",
     "//rs/crypto/internal/crypto_lib/types",
     "//rs/crypto/secrets_containers",
     "//rs/crypto/sha2",

rs/crypto/internal/crypto_lib/threshold_sig/bls12_381/Cargo.toml

@@ -13,7 +13,6 @@ cached = { version = "0.41", default-features = false }
 parking_lot = "0.12.1"
 ic-crypto-internal-bls12-381-type = { path = "../../bls12_381/type" }
 ic-crypto-internal-seed = { path = "../../seed" }
-ic-crypto-internal-threshold-sig-bls12381-der = { path = "der_utils" }
 ic-crypto-secrets-containers = { path = "../../../../secrets_containers" }
 ic-crypto-internal-types = { path = "../../types" }
 ic-crypto-sha2 = { path = "../../../../sha2" }

rs/crypto/internal/crypto_lib/threshold_sig/bls12_381/src/api.rs

@@ -42,11 +42,10 @@ use crate::api::threshold_sign_error::ClibThresholdSignError;
 use crate::types::public_coefficients::conversions::pub_key_bytes_from_pub_coeff_bytes;
 use crate::types::PublicKey;
 use ic_crypto_internal_seed::Seed;
-use ic_crypto_internal_threshold_sig_bls12381_der as der;
 use ic_crypto_internal_types::sign::threshold_sig::ni_dkg::ni_dkg_groth20_bls12_381::PublicCoefficientsBytes;
 use ic_crypto_internal_types::sign::threshold_sig::public_key::bls12_381::PublicKeyBytes;
 use ic_types::{
-    crypto::{AlgorithmId, CryptoError, CryptoResult},
+    crypto::{CryptoError, CryptoResult},
     NodeIndex, NumberOfNodes,
 };
 use std::convert::{TryFrom, TryInto};
@@ -284,33 +283,3 @@ pub fn verify_combined_signature_with_cache(
 pub fn bls_signature_cache_statistics() -> crate::cache::SignatureCacheStatistics {
     crate::cache::SignatureCache::global().cache_statistics()
 }
-
-/// Converts public key bytes into its DER-encoded form.
-///
-/// See [the Interface Spec](https://sdk.dfinity.org/docs/interface-spec/index.html#_certificate) and [RFC 5480](https://tools.ietf.org/html/rfc5480).
-pub fn public_key_to_der(key: PublicKeyBytes) -> CryptoResult<Vec<u8>> {
-    der::public_key_to_der(&key.0).map_err(|e| CryptoError::MalformedPublicKey {
-        algorithm: AlgorithmId::ThresBls12_381,
-        key_bytes: Some(key.0.to_vec()),
-        internal_error: format!("Conversion to DER failed with error {}", e),
-    })
-}
-
-/// Parses a `PublicKeyBytes` from its DER-encoded form.
-///
-/// See [the Interface Spec](https://sdk.dfinity.org/docs/interface-spec/index.html#_certificate)
-/// and [RFC 5480](https://tools.ietf.org/html/rfc5480).
-///
-/// # Errors
-/// * `CryptoError::MalformedPublicKey` if the given `bytes` are not valid
-///   ASN.1, or include unexpected ASN.1 structures..
-pub fn public_key_from_der(bytes: &[u8]) -> CryptoResult<PublicKeyBytes> {
-    match der::public_key_from_der(bytes) {
-        Ok(key_bytes) => Ok(PublicKeyBytes(key_bytes)),
-        Err(internal_error) => Err(CryptoError::MalformedPublicKey {
-            algorithm: AlgorithmId::ThresBls12_381,
-            key_bytes: Some(bytes.to_vec()),
-            internal_error,
-        }),
-    }
-}

rs/crypto/internal/crypto_lib/threshold_sig/bls12_381/src/api/tests.rs

@@ -254,60 +254,6 @@ fn should_invalid_threshold_signatures_not_be_cached() {
     }
 }
 
-#[test]
-fn test_public_key_to_der() {
-    // Test vectors generated from Haskell as follows:
-    // ic-ref/impl $ cabal repl ic-ref
-    // …
-    // Ok, 35 modules loaded.
-    // *Main> import IC.Types (prettyBlob)
-    // *Main IC.Types> import qualified IC.Crypto.DER as DER
-    // *Main IC.Types DER> import qualified IC.Crypto.BLS as BLS
-    // *Main IC.Types DER BLS> :set -XOverloadedStrings
-    // *Main IC.Types DER BLS> let pk1 = BLS.toPublicKey (BLS.createKey "testseed1")
-    // *Main IC.Types DER BLS> putStrLn (prettyBlob pk1)
-    // 0xa7623a93cdb56c4d23d99c14216afaab3dfd6d4f9eb3db23d038280b6d5cb2caaee2a19dd92c9df7001dede23bf036bc0f33982dfb41e8fa9b8e96b5dc3e83d55ca4dd146c7eb2e8b6859cb5a5db815db86810b8d12cee1588b5dbf34a4dc9a5
-    // *Main IC.Types DER BLS> putStrLn (prettyBlob (DER.encode DER.BLS pk1))
-    // 0x308182301d060d2b0601040182dc7c0503010201060c2b0601040182dc7c05030201036100a7623a93cdb56c4d23d99c14216afaab3dfd6d4f9eb3db23d038280b6d5cb2caaee2a19dd92c9df7001dede23bf036bc0f33982dfb41e8fa9b8e96b5dc3e83d55ca4dd146c7eb2e8b6859cb5a5db815db86810b8d12cee1588b5dbf34a4dc9a5
-    // *Main IC.Types DER BLS> let pk2 = BLS.toPublicKey (BLS.createKey "testseed2")
-    // *Main IC.Types DER BLS> putStrLn (prettyBlob pk2)
-    // 0xb613303bda180e6b474bc15183870828c54999ee3a4797c9dd00cabe59ce78e307b212884878ec437ae9fd73f5c1f13d01f34edf1e746c192f7f6e9614bc950b705b5d2825d87499c9778db2b032955badb5b4eb103b46b0f4fa476b45b784ed
-    // *Main IC.Types DER BLS> putStrLn (prettyBlob (DER.encode DER.BLS pk2))
-    // 0x308182301d060d2b0601040182dc7c0503010201060c2b0601040182dc7c05030201036100b613303bda180e6b474bc15183870828c54999ee3a4797c9dd00cabe59ce78e307b212884878ec437ae9fd73f5c1f13d01f34edf1e746c192f7f6e9614bc950b705b5d2825d87499c9778db2b032955badb5b4eb103b46b0f4fa476b45b784edu
-    struct BlsPublicKey<'a> {
-        raw_hex: &'a str,
-        der_hex: &'a str,
-    }
-
-    let test_vectors = [
-        BlsPublicKey {
-            raw_hex: "a7623a93cdb56c4d23d99c14216afaab3dfd6d4f9eb3db23d038280b6d5cb2caaee2a19dd92c9df7001dede23bf036bc0f33982dfb41e8fa9b8e96b5dc3e83d55ca4dd146c7eb2e8b6859cb5a5db815db86810b8d12cee1588b5dbf34a4dc9a5",
-            der_hex: "308182301d060d2b0601040182dc7c0503010201060c2b0601040182dc7c05030201036100a7623a93cdb56c4d23d99c14216afaab3dfd6d4f9eb3db23d038280b6d5cb2caaee2a19dd92c9df7001dede23bf036bc0f33982dfb41e8fa9b8e96b5dc3e83d55ca4dd146c7eb2e8b6859cb5a5db815db86810b8d12cee1588b5dbf34a4dc9a5"
-        },
-        BlsPublicKey {
-            raw_hex: "b613303bda180e6b474bc15183870828c54999ee3a4797c9dd00cabe59ce78e307b212884878ec437ae9fd73f5c1f13d01f34edf1e746c192f7f6e9614bc950b705b5d2825d87499c9778db2b032955badb5b4eb103b46b0f4fa476b45b784ed",
-            der_hex: "308182301d060d2b0601040182dc7c0503010201060c2b0601040182dc7c05030201036100b613303bda180e6b474bc15183870828c54999ee3a4797c9dd00cabe59ce78e307b212884878ec437ae9fd73f5c1f13d01f34edf1e746c192f7f6e9614bc950b705b5d2825d87499c9778db2b032955badb5b4eb103b46b0f4fa476b45b784ed"
-        }
-    ];
-
-    for public_key in test_vectors.iter() {
-        let mut bytes = [0u8; PublicKeyBytes::SIZE];
-        bytes.copy_from_slice(&hex::decode(public_key.raw_hex).unwrap());
-        let public_key_raw = PublicKeyBytes(bytes);
-        let der = hex::decode(public_key.der_hex).unwrap();
-
-        assert_eq!(tsig::public_key_to_der(public_key_raw).unwrap(), der);
-        assert_eq!(public_key_raw, tsig::public_key_from_der(&der[..]).unwrap());
-
-        let mut buf = der.clone();
-        for i in 0..der.len() {
-            buf[i] = !buf[i];
-            assert_ne!(tsig::public_key_from_der(&buf), Ok(public_key_raw));
-            buf[i] = !buf[i];
-        }
-    }
-}
-
 proptest! {
         #![proptest_config(ProptestConfig {
             cases: 4,
@@ -327,11 +273,3 @@ proptest! {
             test_threshold_sig_api_and_core_match(Seed::from_bytes(&seed), NumberOfNodes::from(threshold + redundancy), NumberOfNodes::from(threshold), &message);
         }
 }
-
-#[test]
-fn should_use_correct_key_size_in_der_utils() {
-    assert_eq!(
-        ic_crypto_internal_threshold_sig_bls12381_der::PUBLIC_KEY_SIZE,
-        PublicKeyBytes::SIZE
-    );
-}

rs/crypto/utils/threshold_sig_der/BUILD.bazel

@@ -1,4 +1,4 @@
-load("@rules_rust//rust:defs.bzl", "rust_library", "rust_test")
+load("@rules_rust//rust:defs.bzl", "rust_library", "rust_test_suite")
 
 package(default_visibility = ["//visibility:public"])
 
@@ -8,18 +8,19 @@ rust_library(
     crate_name = "ic_crypto_utils_threshold_sig_der",
     version = "0.9.0",
     deps = [
-        "//rs/crypto/internal/crypto_lib/threshold_sig/bls12_381",
-        "//rs/crypto/internal/crypto_lib/threshold_sig/bls12_381/der_utils",
         "//rs/crypto/internal/crypto_lib/types",
         "//rs/types/types",
         "@crate_index//:base64",
+        "@crate_index//:simple_asn1",
     ],
 )
 
-rust_test(
-    name = "threshold_sig_der_test",
-    crate = ":threshold_sig_der",
+rust_test_suite(
+    name = "threshold_sig_der_integration",
+    srcs = glob(["tests/**/*.rs"]),
     deps = [
+        ":threshold_sig_der",
+        "//rs/crypto/internal/crypto_lib/types",
         "@crate_index//:hex",
         "@crate_index//:tempfile",
     ],

rs/crypto/utils/threshold_sig_der/Cargo.toml

@@ -8,14 +8,13 @@ documentation.workspace = true
 
 [dependencies]
 base64 = { workspace = true }
-ic-crypto-internal-threshold-sig-bls12381 = { path = "../../internal/crypto_lib/threshold_sig/bls12_381" }
-ic-crypto-internal-threshold-sig-bls12381-der = { path = "../../internal/crypto_lib/threshold_sig/bls12_381/der_utils" }
+simple_asn1 = { workspace = true }
 ic-crypto-internal-types = { path = "../../internal/crypto_lib/types/" }
 ic-types = { path = "../../../types/types" }
 
 # Note: keep this crate as light-weight as possible. In particular, do not add
 # dependencies that make this crate (e.g., transitively) dependent on
-# heavy-weight crates such as miracl_core.
+# heavy-weight crates such as bls12_381.
 
 [dev-dependencies]
 hex = "0.4.2"