Skip to content

runtime-sdk/src/modules/core: add "core.KeyManagerPublicKey" call #1996

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
CedarMist wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

runtime-sdk/src/modules/core: add "core.KeyManagerPublicKey" call #1996

CedarMist wants to merge 1 commit into from

Conversation

@CedarMist
Copy link
Contributor

@CedarMist CedarMist commented Sep 20, 2024
edited
Loading

Re: oasisprotocol/sapphire-paratime#366

Adds core.KeyManagerPublicKey which returns the runtime signing public key.

This key signs the ephemeral keys, one of which is the per-epoch call data public key, used for encrypting transaction data.

I have modified core.CallDataPublicKey to return both the Runtime ID and the Key Pair ID, both of these are necessary information to validate the signature. The remaining information (such as the checksum, expiration & epoch) are already returned by core.CallDataPublicKey

TODO

  • Validate calldatapublickey in JS client.
  • Return key_pair_id and runtime_id from core.CallDataPublicKey
  • Return only 32 byte runtime signing public key from core.KeyManagerPublicKey
  • Add tests to ensure coverage

Result is the 32 byte runtime signing public key.

@CedarMist CedarMist added enhancement New feature or request c:runtime-sdk Category: Runtime SDK rust labels Sep 20, 2024
@CedarMist CedarMist self-assigned this Sep 20, 2024
@netlify
Copy link

netlify bot commented Sep 20, 2024
edited
Loading

Deploy Preview for oasisprotocol-oasis-sdk canceled.

Name Link
🔨 Latest commit 50658ab
🔍 Latest deploy log https://app.netlify.com/sites/oasisprotocol-oasis-sdk/deploys/671b4fcf12e0100008bb3c09

@CedarMist CedarMist force-pushed the CedarMist/GetPublicKey branch 6 times, most recently from 665ad13 to 64c77d4 Compare September 21, 2024 01:07
@CedarMist CedarMist marked this pull request as ready for review September 21, 2024 01:15
@CedarMist CedarMist marked this pull request as draft September 21, 2024 01:16
@codecov
Copy link

codecov bot commented Sep 21, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 10.52632% with 17 lines in your changes missing coverage. Please review.

Project coverage is 59.10%. Comparing base (f735ef9) to head (3d06649).
Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
runtime-sdk/src/modules/core/mod.rs 10.52% 17 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1996      +/-   ##
==========================================
- Coverage   59.20%   59.10%   -0.10%     
==========================================
  Files         129      129              
  Lines        9592     9611      +19     
==========================================
+ Hits         5679     5681       +2     
- Misses       3913     3930      +17

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@CedarMist CedarMist force-pushed the CedarMist/GetPublicKey branch 2 times, most recently from 168b68e to 2e959ec Compare September 21, 2024 13:38
@CedarMist CedarMist changed the title runtime-sdk/src/modules/core: add "core.PublicKey" call runtime-sdk/src/modules/core: add "core.KeyManagerPublicKey" call Sep 21, 2024
@CedarMist
Copy link
Contributor Author

CedarMist commented Sep 24, 2024

So, ran into some problems.

So secrets::get_public_ephemeral_key uses kdf.sign_pubic_key, which signs the key using kdf.inner.signer
But... I can't get the inner.signer public key through the keymanager API, and it's not the long term key pair (which I assumed had been signing the ephemeral keypairs) that I need - it's the signer
signer is derived from derive_signing_key with the master secret & runtime ID, and the ekiden-derive-signing-key namespace, whereas long-term keys are derived using ekiden-derive-runtime-secret namespace via get_or_create_longterm_keys

@CedarMist
Copy link
Contributor Author

CedarMist commented Sep 24, 2024

Relies on oasisprotocol/oasis-core#5865 being merged into oasis-core, so we can use it in new oasis-sdk.

@kostko
Copy link
Member

kostko commented Oct 16, 2024
edited
Loading

This is now available in the main branch that uses Oasis Core 24.3.

The key manager trait now provides runtime_id and runtime_signing_key.

@kostko kostko removed the blocked label Oct 16, 2024
@CedarMist CedarMist force-pushed the CedarMist/GetPublicKey branch from 2e959ec to 3d06649 Compare October 24, 2024 08:44
peternose
peternose reviewed Oct 24, 2024
View reviewed changes
@CedarMist CedarMist force-pushed the CedarMist/GetPublicKey branch 2 times, most recently from c61bd75 to 1061a46 Compare October 25, 2024 07:54
@CedarMist CedarMist force-pushed the CedarMist/GetPublicKey branch from 1061a46 to 50658ab Compare October 25, 2024 07:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@peternose peternose peternose left review comments

@kostko kostko Awaiting requested review from kostko kostko is a code owner

@pro-wh pro-wh Awaiting requested review from pro-wh

@ptrus ptrus Awaiting requested review from ptrus ptrus is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@CedarMist CedarMist

Labels

c:runtime-sdk Category: Runtime SDK enhancement New feature or request rust

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@CedarMist @kostko @peternose