Signing context may not be selected at runtime. #12
Comments
|
I have run into this issue when creating a wrapper for Schnorrkel in Python. |
|
Interesting, we could submit a pull request to merlin, not sure if they'd accept it, but hey.. dalek-cryptography/merlin#44 It's not afaik necessarily undefined behavior for foreign code to pass rust a
You could maybe manage some We could make There is a separate concern that merlin/strobe might not be the fastest hashing library, which sucks if people call Anyways.. There are a bunch of breaking changes in schnorrkel now, so we should resolve this hashing question before the schnorrkel audit finishes and substrate updates. |
Merlin requires `'static` protocol labels, which normally originate in Rust code for various reasons, ala session type. Yet, the label passwd to new could reasonably originate outside Rust code, due to protocols being designed to be composed. paritytech/schnorrkel-js#12 (comment)
|
We cannot expect merlin to be changed, so we should take another route, either abusing leaking, using empty labels, or just dumping or forking merlin. I like both merlin and strobe, but we cannot reject dynamic langues, so.. We should benchmark merlin vs. shake128 for our use case I think. And thanks for bringing this up in a timely fashion! |
|
No worries, and thanks. Let me know if there's anything we can do in the meantime. Somewhat time critical for us as well so hoping for speedy resolution. |
We ran into trouble using merlin with dynamic langauges: paritytech/schnorrkel-js#12 dalek-cryptography/merlin#44 We only benefit minimally if at all from using merlin here anyways, so just remove it entirely. Also merlin is not likely to adapt anything else we noticed as convenient: dalek-cryptography/merlin#37
|
I've taken the meaningless labels approach while adding our own domain separation in w3f/schnorrkel@fa0a6f7 We should still benchmark merlin vs shake128 though. I also removed merlin from our bls crate where it added nothing. |
We ran into trouble using merlin with dynamic langauges: paritytech/schnorrkel-js#12 dalek-cryptography/merlin#44 This is the easiest solution.
|
Wonderful news, in that case we're close to a solution. The verify methods still have a static lifetime requirement, for example: https://github.com/w3f/schnorrkel/blob/fee6fdf0b5fd087d9531825c7165abe29f2fe21d/src/sign.rs#L213 |
|
Please review w3f/schnorrkel#40 |
|
Merged. We require 0.6.1 now since I got overzealous and yanked 0.6.0 |
|
We've an audit starting this week, so expect a breaking 0.7 before August. |
|
Cheers Jeff, will test in the morning and close if resolved. Appreciate the heads up re 0.7.
…________________________________
From: Jeff Burdges <[email protected]>
Sent: Monday, July 8, 2019 8:04:44 PM
To: paritytech/schnorrkel-js
Cc: Wilfred Godfrey; Author
Subject: Re: [paritytech/schnorrkel-js] Signing context may not be selected at runtime. (#12)
We've an audit starting this week, so expect a breaking 0.7 before August.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub<#12?email_source=notifications&email_token=AKH72S5QFZ3URW7PZECXL7LP6LYJZA5CNFSM4H4XDLV2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODZMJSNY#issuecomment-509122871>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AKH72SYFIMC4PG6FW66GPGDP6LYJZANCNFSM4H4XDLVQ>.
|
|
Please review #13 |
In an ideal world there would be sign and verify methods able to take a signing context from JS at runtime.
We've been scratching our heads over the current situation. The context is fixed to
substrate, and the requirement seems to be that any signing context is defined at build time. Besides forking this repo and publishing a package with the signing contexts cennznet needs, are there any other methods that might work for us?The underlying cause of the issue is a static lifetime requirement on the signing context that comes from the
merlincrate, which is used by w3f'sschnorrkel.The text was updated successfully, but these errors were encountered: