Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add cost types for secp256r1 #178

Merged
merged 1 commit into from
Mar 29, 2024
Merged

Add cost types for secp256r1 #178

merged 1 commit into from
Mar 29, 2024

Conversation

jayz22
Copy link
Contributor

@jayz22 jayz22 commented Mar 25, 2024

XDR changes for stellar/rs-soroban-env#807

@jayz22 jayz22 marked this pull request as ready for review March 28, 2024 22:52
@jayz22 jayz22 mentioned this pull request Mar 28, 2024
Merged
@jayz22 jayz22 requested a review from graydon March 28, 2024 23:43
@dmkozh dmkozh enabled auto-merge (squash) March 28, 2024 23:55
@dmkozh dmkozh merged commit 9b19baf into stellar:next Mar 29, 2024
1 check passed
@jayz22 jayz22 mentioned this pull request Mar 29, 2024
Merged
github-merge-queue bot pushed a commit to stellar/rs-soroban-env that referenced this pull request Apr 3, 2024
@jayz22
Add secp256r1 host function for signature verification (#1376)
97168ab 
### What

Resolves #807 by adding
a new host function `verify_sig_ecdsa_secp256r1` for ECDSA signature
verification using secp256r1 curve. The function accepts following
inputs:
- `public_key: BytesObject` containing the 65-byte SEC-1 uncompressed
ECDSA public key
- `msg_digest: BytesObject` a 32-byte hash of the message
- `signature`: the 64-byte signature `(r, s)` serialized as fixed-width
big endian scalars

The function is gated behind protocol 21 (`min_supported_protocol =
21`).

PR with the associated XDR changes:
stellar/stellar-xdr#178,
stellar/rs-stellar-xdr#355

#### Metering and Calibration
Two new cost types have been newly added:
- `Sec1DecodePointUncompressed`: constant cost type representing the
cost to decode the `public_key`
- `VerifyEcdsaSecp256r1Sig` : constant cost type represent the cost of
ECDSA sig verification

A prevous cost type `ComputeEcdsaSecp256k1Sig` has been renamed to
`DecodeEcdsaCurve256Sig`, which represents the cost of deserializing
both the `secp256k1` and `secp256r1` signatures.

Calibration: 
- each new cost type mentioned above have been benchmarked and
calibrated.
- plus a few experimental types have been added to answer key questions
regarding the host interface (will provide a supplemental doc soon).

#### Testing

Unit tests have been added to test against various forms of invalid
inputs.

In addition, two set of test vectors has been added in integration test:
- [NIST test
vectors](https://csrc.nist.gov/groups/STM/cavp/documents/dss/186-3ecdsatestvectors.zip)
- Google's [wycheproof](https://github.com/C2SP/wycheproof) test vectors
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dmkozh dmkozh dmkozh approved these changes

@graydon graydon Awaiting requested review from graydon

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jayz22 @dmkozh