From 4c76318702fa2bedad78d2d21758deacd57cb4d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patryk=20B=C4=99za?= Date: Mon, 1 Jul 2024 13:55:32 +0200 Subject: [PATCH] Replace secp256k1 with k256 crate Rationale: we already have secp256k1 in our dependencies, as suggested by Igor: https://github.com/matter-labs/zksync-era/pull/2333#discussion_r1656531731 --- Cargo.lock | 21 ++++++++++++++++++++- Cargo.toml | 2 +- bin/tee-key-preexec/Cargo.toml | 2 +- bin/tee-key-preexec/src/main.rs | 15 ++++++++------- 4 files changed, 30 insertions(+), 10 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 1309b10..fef41f7 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2308,6 +2308,25 @@ dependencies = [ "zeroize", ] +[[package]] +name = "secp256k1" +version = "0.29.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0e0cc0f1cf93f4969faf3ea1c7d8a9faed25918d96affa959720823dfe86d4f3" +dependencies = [ + "rand", + "secp256k1-sys", +] + +[[package]] +name = "secp256k1-sys" +version = "0.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1433bd67156263443f14d603720b082dd3121779323fce20cba2aa07b874bc1b" +dependencies = [ + "cc", +] + [[package]] name = "semver" version = "1.0.23" @@ -2538,8 +2557,8 @@ name = "tee-key-preexec" version = "0.1.2-alpha.1" dependencies = [ "anyhow", - "k256", "rand", + "secp256k1", "teepot", "tracing", "tracing-log", diff --git a/Cargo.toml b/Cargo.toml index 9965f69..144c2c3 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -34,7 +34,7 @@ getrandom = "0.2.14" hex = { version = "0.4.3", features = ["std"], default-features = false } intel-tee-quote-verification-rs = { package = "teepot-tee-quote-verification-rs", path = "crates/teepot-tee-quote-verification-rs", version = "0.2.3-alpha.1" } intel-tee-quote-verification-sys = { version = "0.2.1" } -k256 = "0.13" +secp256k1 = { version = "0.29", features = ["rand-std"] } log = "0.4" num-integer = "0.1.46" num-traits = "0.2.18" diff --git a/bin/tee-key-preexec/Cargo.toml b/bin/tee-key-preexec/Cargo.toml index 907ff7c..809e1b7 100644 --- a/bin/tee-key-preexec/Cargo.toml +++ b/bin/tee-key-preexec/Cargo.toml @@ -10,8 +10,8 @@ repository.workspace = true [dependencies] anyhow.workspace = true -k256.workspace = true rand.workspace = true +secp256k1.workspace = true teepot.workspace = true tracing.workspace = true tracing-log.workspace = true diff --git a/bin/tee-key-preexec/src/main.rs b/bin/tee-key-preexec/src/main.rs index 13a0697..0d3b769 100644 --- a/bin/tee-key-preexec/src/main.rs +++ b/bin/tee-key-preexec/src/main.rs @@ -7,8 +7,7 @@ #![deny(clippy::all)] use anyhow::{Context, Result}; -use k256::ecdsa::SigningKey; -use k256::pkcs8::{EncodePrivateKey, LineEnding}; +use secp256k1::{rand, Keypair, PublicKey, Secp256k1, SecretKey}; use std::env; use std::os::unix::process::CommandExt; @@ -38,10 +37,12 @@ fn main_with_error() -> Result<()> { } let mut rng = rand::thread_rng(); - let signing_key = SigningKey::random(&mut rng); - let verifying_key_bytes = signing_key.verifying_key().to_sec1_bytes(); - let signing_key_string = signing_key.to_pkcs8_pem(LineEnding::LF)?; - let tee_type = match get_quote(&verifying_key_bytes) { + let secp = Secp256k1::new(); + let keypair = Keypair::new(&secp, &mut rng); + let signing_key = SecretKey::from_keypair(&keypair); + let verifying_key = PublicKey::from_keypair(&keypair); + let verifying_key_bytes = verifying_key.serialize(); + let tee_type = match get_quote(verifying_key_bytes.as_ref()) { Ok(quote) => { // save quote to file std::fs::write(TEE_QUOTE_FILE, quote)?; @@ -56,7 +57,7 @@ fn main_with_error() -> Result<()> { let err = Command::new(&args[1]) .args(&args[2..]) - .env("TEE_SIGNING_KEY", signing_key_string) + .env("TEE_SIGNING_KEY", signing_key.display_secret().to_string()) .env("TEE_QUOTE_FILE", TEE_QUOTE_FILE) .env("TEE_TYPE", tee_type) .exec();