-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
contract-sdk: Expose signature verification to wasm contracts #793
Conversation
Codecov Report
@@ Coverage Diff @@
## main #793 +/- ##
==========================================
- Coverage 73.14% 72.00% -1.14%
==========================================
Files 114 116 +2
Lines 8846 8987 +141
==========================================
+ Hits 6470 6471 +1
- Misses 2353 2493 +140
Partials 23 23
Continue to review full report at Codecov.
|
Per discussion: The batch verification stuff should just go away, because it's a giant pain. While I'm commenting on this: The Ed25519 signature verification in oasis-core/runtime/src/common/crypto exposes our flavor of Ed25519 (with our janky domain separation), and our idea how to handle certain edge cases. Is it ok that we are forcing this on end user code? I suppose that the circumstances that lead us to use something non-standard at the consensus side in the first place haven't really changed ("Ledger doesn't support Ed25519ctx/Ed25519ph"), but actual contract authors might want Ed25519pure (as opposed to Ed25519-prehashed-oasis-flavor-because-ledger). If we do want this, I would recommend using one of ZIP-215/FIPS 186-5/Oasis flavored Ed25519pure, which would require additional code (or pulling in a crate), with a slight preference towards one of the latter two. |
Yeah we should definitely not impose our domain separation scheme and we should expose Ed25519pure here, possibly the ZIP-215 one? |
a38245d
to
a3c7e04
Compare
I wish ZIP-215 was closer to the FIPS draft, though my preferred Ed25519 definition involves rejecting small-order-A. |
Since we're going to expose Ed25519pure, the only primitive where a domain separation context makes sense is sr25519. Should we nix the argument for now, or leave it? |
Dropping it would make the interface more consistent, but I guess it could be useful for sr25519? |
a99ebc5
to
d25eff3
Compare
d25eff3
to
2e1ee23
Compare
The new API looks ok to me. |
2e1ee23
to
9cc0a0e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should also add parameters for controlling maximum sizes of inputs and set them to some sensible defaults.
87a1aed
to
3d4597b
Compare
3d4597b
to
8eea938
Compare
Closes #368