Skip to content

Implement encryptor in keystore library #1587

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 23 commits into
base: main
Choose a base branch
from
Open

Implement encryptor in keystore library #1587

wants to merge 23 commits into from

Conversation

connorwstein
Copy link
Contributor

@connorwstein connorwstein commented Oct 6, 2025
edited
Loading

Note signer impl already reviewed.

@connorwstein connorwstein changed the title Wip encryptor Implement encryptor in keystore library Oct 6, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 6, 2025
edited
Loading

✅ API Diff Results - No breaking changes

📄 View full apidiff report | 📚 Learn about apidiff

jmank88
jmank88 reviewed Oct 6, 2025
View reviewed changes
pavel-raykov
pavel-raykov previously approved these changes Oct 9, 2025
View reviewed changes
jmank88
jmank88 reviewed Oct 9, 2025
View reviewed changes
keystore/encryptor.go
}
return EncryptResponse{EncryptedData: encrypted}, nil
default:
return EncryptResponse{}, ErrEncryptionFailed
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should these ErrEncryptionFailed errors be wrapped with more context? Currently there is no difference between too long, unknown type, name not found, etc.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah thats intentional - most encrypt/decrypt libs operate that way since sometimes leaking info like "bad padding" can lead to attacks. That being said probably less important if the code is OS, not sure can ask sec what they think

jmank88
jmank88 reviewed Oct 9, 2025
View reviewed changes
keystore/encryptor.go
}
sharedSecret, err := curve25519.X25519(internal.Bytes(key.privateKey), req.RemotePubKey)
if err != nil {
return DeriveSharedSecretResponse{}, ErrSharedSecretFailed
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should include the original error, no? Or at least log it if we don't want to expose something?

@connorwstein connorwstein enabled auto-merge (squash) October 10, 2025 15:59
@connorwstein
Keystore signer impl (#1598)
ac08a79 
* Wip

* Basic signer test

* Errors new

* Fix merge

* Remove unnecessary lock
cedric-cordenier
cedric-cordenier reviewed Oct 10, 2025
View reviewed changes
keystore/encryptor.go
const (
// Maximum payload size for encrypt/decrypt operations (100kb)
// Note just an initial limit, we may want to increase this in the future.
MaxEncryptionPayloadSize = 100 * 1024
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we allow users to pass in a limit when creating the keystore? Agree this is fine for now, but since we're going to be trusting clients to use this correctly, it would make sense for them to be able to provide the limit. (Maybe we can follow the OCR model of having a MaxMax limit)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't yet but yep we can add a user facing limit with an underlying MaxMax

cedric-cordenier
cedric-cordenier reviewed Oct 10, 2025
View reviewed changes
keystore/encryptor.go
k.mu.RLock()
defer k.mu.RUnlock()

if len(req.EncryptedData) == 0 || len(req.EncryptedData) > MaxEncryptionPayloadSize*2 {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this potentially brittle? Can we document how we got to this number and under what circumstances it would change

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah I think it'd be possible in principle that we introduce some new scheme which has enormous overhead/envelope size (more than 2x), but exceedingly unlikely. Perhaps better to have explicit envelope sizes per type (at least the existing ones so far are fixed so we can start with that). Can do in a follow up

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jmank88 jmank88 jmank88 left review comments

@cedric-cordenier cedric-cordenier cedric-cordenier approved these changes

@pavel-raykov pavel-raykov pavel-raykov left review comments

@gtklocker gtklocker Awaiting requested review from gtklocker

@timweri timweri Awaiting requested review from timweri

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@connorwstein @jmank88 @cedric-cordenier @pavel-raykov @EasterTheBunny