Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement ECDH-ES+A256KW for Storage encryption #867

Merged
merged 13 commits into from
Jun 13, 2022

Conversation

PhilippGackstatter
Copy link
Contributor

@PhilippGackstatter PhilippGackstatter commented Jun 3, 2022

Description of change

Implements ECDH-ES+A256KW in the Storage encryption API, for use in DIDComm.

Links to any relevant issues

Part of #841

Type of change

Add an x to the boxes that are relevant to your changes.

  • Bug fix (a non-breaking change which fixes an issue)
  • Enhancement (a non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation Fix

How the change has been tested

StorageTestSuite was modified to also test the newly added CekAlgorithm.

Change checklist

Add an x to the boxes that are relevant to your changes.

  • I have followed the contribution guidelines for this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes

@PhilippGackstatter PhilippGackstatter added Added A new feature that requires a minor release. Part of "Added" section in changelog Rust Related to the core Rust code. Becomes part of the Rust changelog. labels Jun 3, 2022
@PhilippGackstatter PhilippGackstatter added this to the Actor milestone Jun 3, 2022
@PhilippGackstatter PhilippGackstatter marked this pull request as ready for review June 7, 2022 06:55
Copy link
Contributor

@cycraig cycraig left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor comments, only one serious issue (encrypted_cek potential panic).

The Wasm bindings structs CekAlgorithm, EncryptionAlgorithm should be updated with the new variants, despite not being implemented for the custom Wasm MemStore example yet.

Comment on lines 33 to 36
[dependencies.iota-crypto]
version = ">=0.7, <0.10"
default-features = false
features = ["hmac", "pbkdf", "sha", "std", "aes"]

[dependencies.iota_stronghold]
git = "https://github.com/iotaledger/stronghold.rs"
rev = "629466da83a677925904b2e733ef7bfad5a42864"
optional = true
features = ["hmac", "pbkdf", "sha", "std", "aes", "aes-kw"]
Copy link
Contributor

@cycraig cycraig Jun 7, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Aside: it would be nice to feature-gate the default MemStore implementation too, to cut down on dependencies for the Stronghold Napi bindings and those not using it. The Storage implementations (MemStore, Stronghold) could even be placed in sub-crates to better separate their dependencies and make deployment more difficult for us.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be nice, but that sounds a lot like something for another PR :).

identity-account-storage/Cargo.toml Outdated Show resolved Hide resolved
identity-account-storage/src/storage/memstore.rs Outdated Show resolved Hide resolved
identity-account-storage/src/storage/memstore.rs Outdated Show resolved Hide resolved
identity-account-storage/src/storage/stronghold.rs Outdated Show resolved Hide resolved
identity-account-storage/src/storage/test_suite.rs Outdated Show resolved Hide resolved
identity-account-storage/src/storage/test_suite.rs Outdated Show resolved Hide resolved
identity-account-storage/src/storage/test_suite.rs Outdated Show resolved Hide resolved
@cycraig
Copy link
Contributor

cycraig commented Jun 7, 2022

Still suffers from not being testable against fixed test vectors, see #868. Important to match existing implementations (as raised on Discord).

We would need to allow inputting the ephemeral key to test encryption. Not sure if we can even test it without fixing the nonce/s used too, however...

@cycraig cycraig mentioned this pull request Jun 13, 2022
10 tasks
@eike-hass eike-hass modified the milestones: Actor, v0.6 Features Jun 13, 2022
@PhilippGackstatter PhilippGackstatter added the Wasm Related to Wasm bindings. Becomes part of the Wasm changelog label Jun 13, 2022
@PhilippGackstatter PhilippGackstatter merged commit 9d02b52 into dev Jun 13, 2022
@PhilippGackstatter PhilippGackstatter deleted the feat/ECDH-ES+A256KW branch June 13, 2022 15:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Added A new feature that requires a minor release. Part of "Added" section in changelog Rust Related to the core Rust code. Becomes part of the Rust changelog. Wasm Related to Wasm bindings. Becomes part of the Wasm changelog
Projects
Development

Successfully merging this pull request may close these issues.

3 participants