Conversation
|
|
||
| def validate_keystore_password(password: str) -> List: | ||
| """ | ||
| NOTICE: Do not raise inside this function. |
There was a problem hiding this comment.
Could you expand on this comment a bit? Why we'd like to be careful here, to avoid leaking the password?
There was a problem hiding this comment.
This is a fairly dated comment now, but it's still meant to describe two cases:
- (Yes) Logging of the local scope's context to sentry, which includes the password.
- Usage as a
clickinteractive prompt validator which requires a boolean response.
There was a problem hiding this comment.
Logging of the local scope's context to sentry, which includes the password.
Would it make sense to pass around the password in a container class with redefined str/repr, unpacking only right before usage? Or is it an overcomplication?
There was a problem hiding this comment.
Would it make sense to pass around the password in a container class with redefined
Hmm not a bad idea, I wonder if this can effectively prevent unintentional transmission... Sounds like something that belongs in the passwords.py module from your recent PR, but perhaps in a follow-up. I'll open an issue about this after the review process advances a bit.
| :return: bytes | ||
| """ | ||
| # TODO: Should we just use os.urandom or avoid the import w/ this? | ||
| return SYSTEM_RAND.getrandbits(num_bytes * 8).to_bytes(num_bytes, byteorder='big') |
There was a problem hiding this comment.
os.random would be a bit more concise. For reference, SystemRandom is using os.urandom underneath, and both of those methods are not cross-platform compatible.
There was a problem hiding this comment.
I'm somewhat compelled to use the secrets module as a source of randomness for added paranoia. https://docs.python.org/3/library/secrets.html
There was a problem hiding this comment.
Switched to the secrets version of SystemRandom.
97e3187 to
b2518e2
Compare
nucypher/crypto/utils.py
Outdated
| return canonical_address | ||
|
|
||
|
|
||
| def get_coordinates_as_bytes(point: Union[Point, UmbralPublicKey, SignatureStamp], |
There was a problem hiding this comment.
Hmm, it looks like the function above (canonical_address_from_umbral_key) which uses this function still has calls ans references. Perhaps it's not completely removed in main yet?
There was a problem hiding this comment.
canonical_address_from_umbral_key() is also modified to not require it. In fact, in #2612 crypto/utils.py got pretty small. See https://github.com/fjarri/nucypher/blob/7f36abde216d5b1e751e10a95d6f382d7e296474/nucypher/crypto/utils.py
nucypher/crypto/utils.py
Outdated
| return digest | ||
|
|
||
|
|
||
| def ecdsa_sign(message: bytes, |
There was a problem hiding this comment.
Note: it's being removed in #2612. If I'm not mistaken, it does the same as umbral's signing/verifying functions.
…word enviorment variable.
|
Rebased over cc578d9 |
| if new_configuration.keyring != NO_KEYRING_ATTACHED: | ||
| maybe_public_key = bytes(new_configuration.keyring.signing_public_key).hex() | ||
| if new_configuration.keystore != NO_KEYSTORE_ATTACHED: | ||
| maybe_public_key = new_configuration.keystore.id |
There was a problem hiding this comment.
Seems that now it's not a public key at all.
There was a problem hiding this comment.
I admit the naming is a bit misleading here, but the Keystore's ID is set to the stamp's hex.
nucypher/crypto/utils.py
Outdated
| return signature_is_valid | ||
|
|
||
|
|
||
| def verify_ecdsa(message: bytes, |
There was a problem hiding this comment.
What's the difference between this function and Signature.verify()?
nucypher/network/nodes.py
Outdated
| from nucypher.network.middleware import RestMiddleware | ||
| from nucypher.network.protocols import SuspiciousActivity | ||
| from nucypher.utilities.logging import Logger | ||
| from umbral.signing import Signature |
There was a problem hiding this comment.
Rebase artefact? Should be imported from umbral_adapter.
There was a problem hiding this comment.
Thanks. I think I rebased this PR before realizing that I needed to import from umbral adapter. I'll make an update.
nucypher/policy/collections.py
Outdated
| from cryptography.hazmat.primitives import hashes | ||
| from eth_utils import to_canonical_address, to_checksum_address | ||
| from typing import Optional, Tuple | ||
| from umbral.signing import Signature |
There was a problem hiding this comment.
Again, needs umbral_adapter here
tests/mock/performance_mocks.py
Outdated
|
|
||
| class NotAPrivateKey: | ||
|
|
||
| fake_signature = Signature.from_bytes( |
There was a problem hiding this comment.
Is it a rebase thing, or it's actually used somewhere?
nucypher/crypto/utils.py
Outdated
| from eth_keys import KeyAPI as EthKeyAPI | ||
| from typing import Any, Union | ||
| from eth_utils.address import to_checksum_address | ||
| from umbral.signing import Signature |
cygnusv
left a comment
There was a problem hiding this comment.
Some preliminary comments, so far looking good!
| @@ -1,219 +0,0 @@ | |||
| """ | |||
There was a problem hiding this comment.
Thank goodness, the crypto.api module was too old and unspecific
nucypher/crypto/keystore.py
Outdated
| __HKDF_HASH_ALGORITHM = BLAKE2B | ||
| __INFO_BASE = b'NuCypher/' | ||
| _VERIFYING_INFO = __INFO_BASE + b'verify' | ||
| _DECRYPTING_INFO = __INFO_BASE + b'encrypt' |
There was a problem hiding this comment.
| _DECRYPTING_INFO = __INFO_BASE + b'encrypt' | |
| _DECRYPTING_INFO = __INFO_BASE + b'decrypt' |
nucypher/crypto/keystore.py
Outdated
| # HKDF | ||
| __HKDF_HASH_ALGORITHM = BLAKE2B | ||
| __INFO_BASE = b'NuCypher/' | ||
| _VERIFYING_INFO = __INFO_BASE + b'verify' |
There was a problem hiding this comment.
Rather than verifying, the angle here should be "signing". This is also more consistent with the Powers namespace (see line 268).
nucypher/crypto/keystore.py
Outdated
| if not salt and not info: | ||
| raise ValueError('Info or salt must be provided.') | ||
| info = info or bytes() | ||
| salt = salt or bytes() |
There was a problem hiding this comment.
These 2 lines should be dropped. The first one is simply redundant, but the second is explicitly deviating us from the standard. I doubt this poses any security problem, but it's unnecessarily making future interoperability more difficult.
If info or salt are None, simply let HKDF handle that according to the specification.
(Update: it seems this method was dropped anyway in the yesterday's commit, so nothing to see here)
KPrasch
left a comment
There was a problem hiding this comment.
This PR has three approvals - Feel free to continue reviewing but any additional RFCs will be completed in a follow-up PR.
Type of PR:
Feature & Rework
Required reviews:
3
What this does:
NuCypher Keystore
ursula init&ursula recover, additional follow-up in Backup and restore Ursula config #2682)TLS
Rename and reorg
NucyperKeyringtoKeystorenucypher.crypto.keystorenucypher.crypto.tlsnucypher.crypto.api(moves contents tonuycpher.crypto.utilsandnucypher.crypto.tls)checksum_address->worker_addressMisc.
Issues fixed/closed:
Notes for reviewers
The new version of keyring (now "keystore") is not presently backwards compatible with older versions of nucypher. If we need to preserve existing private keys, we can first expand the functionality of this PR by resolving #2655 and building a migration utility that implements it. However, given the volume of policies and the standing probationary period, I do not see much added value and suggest that we require all nodes to "re-init" thier nodes generating a fresh keystore and mnemonic.
Why it's needed: