Skip to content

chore(crypto): CRP-2436 Refactoring of ECDSA/Ed25519 related utility crates #8455

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
randombit wants to merge 11 commits into
base: master
Choose a base branch
from
Draft

chore(crypto): CRP-2436 Refactoring of ECDSA/Ed25519 related utility crates #8455

randombit wants to merge 11 commits into from

Conversation

@randombit
Copy link
Contributor

@randombit randombit commented Jan 21, 2026

CRP-2436 relates to removing the basic_sig crates for ECDSA/Ed25519 in preference for the utility crates in packages which were created later, and which the basic_sig crates these days depend on for their functionality.

This PR does not remove these crates. What it does is various refactorings such that there is next to no remaining logic within the basic_sig crates themselves, with changes such as

  • The basic_sig crates depended on der_utils only so that they could export the PKIX algorithm identifier. These functions in turn were used only by standalone-sig-verifier. I just moved the OID definitions to that crate.
  • Some tests in basic_sig are checking actual crypto functionality, and which might be worth keeping even after basic_sig crates are removed - move such tests to the relevant crate in packages
  • Move logic (somewhat similar to) der_encoding_from_xy_coordinates onto ic_secp256r1::PublicKey::deserialize_from_xy - however it turned out COSE does not need to support coordinates with leading zeros omitted, so I removed support for variable length encodings.
  • signature_from_der was used in two places: some COSE tests, and in the standalone validator. In the COSE test cases we just need to verify on the spot a DER encoded signature, so I added verify_signature_with_der_encoded_sig - for whatever reason there was already signature generation with DER encoding, just not verification....

With this, the basic_sig ECDSA/Ed25519 crates are effectively pure wrappers of the equivalent packages crate plus some error mapping onto CryptoError, and newtypes for signature and key encodings.

@randombit
chore(crypto): CRP-2436 Move algorithm_identifier to standalone-sig-v…
3835351 
…erifier
@randombit
Remove der_utils dep from ed25519 basic_sig
36a6c03
@randombit
Add DER-encoded verification to ic-secp256r1
769f753
@randombit
Remove signature_from_der from ecdsa_secp256r1 basic_sig crate
4aeb9cc 
This is only used in once place - the standalone-sig-verifier crate,
which just re exports the function with a different name. Just move
the logic to there.

It was also used for some COSE test cases; instead just use
ic_secp256r1 to check these test signatures.
@randombit
Move p256 from-xy encoding logic to packages/ic-secp256r1
1375095
@randombit
Move FIPS test vectors to packages/ic-secp256r1
a03c5ac
@randombit
Remove der_encoding_from_xy_coordinates
da18dc9 
Also tighten up the requirement - turns out COSE does happily require
that coordinates are zero-padded to the field length, so enforce that
generally.
@randombit
Use ic_ed25519 instead of dalek directly here
d7016b5
@github-actions github-actions bot added the chore label Jan 21, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

chore

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@randombit