Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

runtime-sdk/src/modules/core: add "core.KeyManagerPublicKey" call #1996

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

CedarMist
Copy link
Member

@CedarMist CedarMist commented Sep 20, 2024

Re: oasisprotocol/sapphire-paratime#366

Adds core.KeyManagerPublicKey which returns the runtime signing public key.

This key signs the ephemeral keys, one of which is the per-epoch call data public key, used for encrypting transaction data.

I have modified core.CallDataPublicKey to return both the Runtime ID and the Key Pair ID, both of these are necessary information to validate the signature. The remaining information (such as the checksum, expiration & epoch) are already returned by core.CallDataPublicKey

TODO

  • Validate calldatapublickey in JS client.
  • Return key_pair_id and runtime_id from core.CallDataPublicKey
  • Return only 32 byte runtime signing public key from core.KeyManagerPublicKey
  • Add tests to ensure coverage

Result is the 32 byte runtime signing public key.

@CedarMist CedarMist added enhancement New feature or request c:runtime-sdk Category: Runtime SDK rust labels Sep 20, 2024
@CedarMist CedarMist self-assigned this Sep 20, 2024
Copy link

netlify bot commented Sep 20, 2024

Deploy Preview for oasisprotocol-oasis-sdk canceled.

Name Link
🔨 Latest commit 50658ab
🔍 Latest deploy log https://app.netlify.com/sites/oasisprotocol-oasis-sdk/deploys/671b4fcf12e0100008bb3c09

@CedarMist CedarMist force-pushed the CedarMist/GetPublicKey branch 6 times, most recently from 665ad13 to 64c77d4 Compare September 21, 2024 01:07
@CedarMist CedarMist marked this pull request as ready for review September 21, 2024 01:15
@CedarMist CedarMist marked this pull request as draft September 21, 2024 01:16
Copy link

codecov bot commented Sep 21, 2024

Codecov Report

Attention: Patch coverage is 10.52632% with 17 lines in your changes missing coverage. Please review.

Project coverage is 59.10%. Comparing base (f735ef9) to head (3d06649).
Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
runtime-sdk/src/modules/core/mod.rs 10.52% 17 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main    #1996      +/-   ##
==========================================
- Coverage   59.20%   59.10%   -0.10%     
==========================================
  Files         129      129              
  Lines        9592     9611      +19     
==========================================
+ Hits         5679     5681       +2     
- Misses       3913     3930      +17     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@CedarMist CedarMist force-pushed the CedarMist/GetPublicKey branch 2 times, most recently from 168b68e to 2e959ec Compare September 21, 2024 13:38
@CedarMist CedarMist changed the title runtime-sdk/src/modules/core: add "core.PublicKey" call runtime-sdk/src/modules/core: add "core.KeyManagerPublicKey" call Sep 21, 2024
@CedarMist
Copy link
Member Author

So, ran into some problems.

So secrets::get_public_ephemeral_key uses kdf.sign_pubic_key, which signs the key using kdf.inner.signer
But... I can't get the inner.signer public key through the keymanager API, and it's not the long term key pair (which I assumed had been signing the ephemeral keypairs) that I need - it's the signer
signer is derived from derive_signing_key with the master secret & runtime ID, and the ekiden-derive-signing-key namespace, whereas long-term keys are derived using ekiden-derive-runtime-secret namespace via get_or_create_longterm_keys

@CedarMist
Copy link
Member Author

Relies on oasisprotocol/oasis-core#5865 being merged into oasis-core, so we can use it in new oasis-sdk.

@kostko
Copy link
Member

kostko commented Oct 16, 2024

This is now available in the main branch that uses Oasis Core 24.3.

The key manager trait now provides runtime_id and runtime_signing_key.

@kostko kostko removed the blocked label Oct 16, 2024
@CedarMist CedarMist force-pushed the CedarMist/GetPublicKey branch from 2e959ec to 3d06649 Compare October 24, 2024 08:44
runtime-sdk/src/modules/core/types.rs Outdated Show resolved Hide resolved
runtime-sdk/src/modules/core/types.rs Show resolved Hide resolved
runtime-sdk/src/modules/core/mod.rs Outdated Show resolved Hide resolved
@CedarMist CedarMist force-pushed the CedarMist/GetPublicKey branch 2 times, most recently from c61bd75 to 1061a46 Compare October 25, 2024 07:54
@CedarMist CedarMist force-pushed the CedarMist/GetPublicKey branch from 1061a46 to 50658ab Compare October 25, 2024 07:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c:runtime-sdk Category: Runtime SDK enhancement New feature or request rust
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants