-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for secp256k1 curve #66
Add support for secp256k1 curve #66
Conversation
@franziskuskiefer anything I can do here to help get this PR reviewed? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the contribution! (I just had to find the time to look at it ...)
It generally looks good to me. Only a few nits.
Add specifics about IANA value Co-authored-by: Franziskus Kiefer <franziskuskiefer@gmail.com>
@franziskuskiefer I've put all the k256 vectors in a single file and added a few of the auth vectors (while changing the init values so we get passing tests there). For now I've left the kat tests pointing to this k256.json file, but I'll merge these to the main test_vectors.json file when we're ready to merge. A few questions for you:
|
I think it would be nice to have everything covered by tests. Since we have the code already, this shouldn't be too much work to run for k256 as well I'd hope?
It shouldn't make a difference really, but it looks a little odd of course. If it's not a big hassle, having different keys would be nice. |
@franziskuskiefer I've just pushed an update with new test vectors (courtesy of DanGould) that include encryptions and exports. I'm still getting some odd behavior with them though.
I'd really appreciate if you could have a look at that and let me know if you think that's an issue with my changes to add k256 or if potentially it's an issue with the test vectors. |
Hm, when you enable the Can you post a run where all the intermediate values are printed (just like the test vector)? Then we should see where the discrepancy is and whether the code here or the test vector is wrong. |
I had another look. The key schedule context doesn't seem to be right. |
You're right @franziskuskiefer, the test vectors were not right. I generated new ones which seem to now pass on all 3 implementations I have available: the one here, my I've tested that this commit runs here in risking over communication for clarity: both the way I was deriving keys in my secp256k1 bindings implementation and the key_schedule_context test vector generation were wrong. Cross checking the 3 implementations I was able to find them and generate what I believe to be correct implementations and vectors. |
Great! @erskingardner can you update the PR and check if all the tests are passing now? |
@DanGould you're a legend! thanks! I'll have a look at this first thing tomorrow. |
Actually, I couldn't wait! :) I'm getting passing tests all around 🟢 If you run the tests with @franziskuskiefer I think this looks good. Super well done @DanGould 👏 So good to have a set of vectors that pass on three separate implementations. |
@erskingardner thanks for the quick turnaround. note that the original test_vectors.json are reproducible from the go-hpke repository which is why I originally committed it as a separate file. No problem combining them just noting the original rationale. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
note that the original test_vectors.json are reproducible from the go-hpke repository which is why I originally committed it as a separate file.
I agree, let's use two files.
Otherwise this looks good to me.
The fuzzer is failing, but that should be easy to fix.
Moved those tests back to individual files @franziskuskiefer and adjusted the test file to run both sets of vectors. I have no idea how the fuzzer works. Happy to try and fix it if you want to explain the basics of how to run it. |
fixed the fuzzer. |
CI was hanging. I hope it goes through now. Then we can get this merged. |
We need to update CI first in #69. Looks like we didn't update macos CI runners in a while. |
Nice! 👍 thanks for sticking through this one with me @franziskuskiefer |
👍🏻 let me know if you need a new release soonish. I plan to do one, but there's no timeline for it yet. |
No rush on the release from my side.
… On 4 Sep 2024, at 08:51, Franziskus Kiefer ***@***.***> wrote:
👍🏻 let me know if you need a new release soonish. I plan to do one, but there's no timeline for it yet.
—
Reply to this email directly, view it on GitHub <#66 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AABRRAHXKPCMCJTMVPUYV73ZU2UYBAVCNFSM6AAAAABKPGZS7CVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGMRYGA2TINJUHA>.
You are receiving this because you were mentioned.
|
This adds support for the secp256k1 curve.
The curve now has an official IANA HPKE KEM identifier.
p.s. I'm pretty new to Rust so any feedback is very welcome!