search

nsmithuk / local-kms

A mock version of AWS' Key Management Service, for local development and testing.
MIT License
198 stars 34 forks source link

Implement ECC_SECG_P256K1 #29

Closed eupn closed 2 years ago

eupn commented 3 years ago

I have to admit that I did cut some corners here and there, but hey, it works. Better than nothing.

nsmithuk commented 3 years ago

Hi @eupn. Thank you for the PR. I'll try and take a look at it over the next few days.

One initial question though - do you happen to know how Go handles the including of the C liberties? Do they end up being built into the final binary? Or would this need external dependencies present at runtime?

eupn commented 3 years ago

@nsmithuk

Hey Neil, sure, let me know if you get any issues.

On using external C libraries, I'm not sure in general but I think in case of secp256k1 library, it gets statically linked to the Go binary resulting in the library being "built in" and not requiring runtime dependencies. Maybe it's worth looking at how CGO works.

nsmithuk commented 3 years ago

Hey @eupn. Just to let you know I haven't forgotten about this. I'm doing a couple of things with it:

1 - I'm adding some functional tests in and getting them working against AWS in the first instance.

2 - We need to add ECC_SECG_P256K1 here: https://github.com/eupn/local-kms/blob/add-ecc-secp256k1/src/handler/generate_data_key_pair.go#L103

Generating the key is straight forward, but it falls over at the marshal stage at the moment - Go's x509 library doesn't seem to support the curve. I'm getting x509: unsupported elliptic curve back.

3 - At the moment all builds (darwin/linux/alpine-linux on amd64/arm64) are all built on linux[-alpine]-amd64 in the pipeline. I need to sense check that they still works. If not I can look at building the binaries on their destination platform / chipset.

nsmithuk commented 2 years ago

Hello. I've really struggled getting this working with github.com/ethereum/go-ethereum, especially getting it working on all darwin/linux/alpine-linux on amd64/arm64 combinations. I have finally managed it using github.com/btcsuite/btcd/btcec, which is fully Go implementation of the curve. So master now supports ECC_SECG_P256K1. It's currently out being tested by a few people; as soon as that's all done I'll get it tagged into the next release.

Thank you for your input on this.

eupn commented 2 years ago

@nsmithuk that's great to hear!