From b9b0ca1258bbca26779d5532d855f55cb42922d4 Mon Sep 17 00:00:00 2001 From: Anson Date: Thu, 10 Oct 2024 18:07:42 +0100 Subject: [PATCH 1/3] doc(bls-encrypt): better comment on G2/G1 points usage --- packages/crypto/src/lib/crypto.ts | 36 +++++++++++++++++++++++++------ 1 file changed, 30 insertions(+), 6 deletions(-) diff --git a/packages/crypto/src/lib/crypto.ts b/packages/crypto/src/lib/crypto.ts index 95a4984506..373ce32ee0 100644 --- a/packages/crypto/src/lib/crypto.ts +++ b/packages/crypto/src/lib/crypto.ts @@ -104,6 +104,7 @@ export const unloadModules = () => { /** * Encrypt data with a BLS public key. + * We are using G1 for encryption and G2 for signatures * * @param publicKey hex-encoded string of the BLS public key to encrypt with * @param data Uint8Array of the data to encrypt @@ -114,12 +115,35 @@ export const encrypt = ( publicKey: string, data: Uint8Array, identity: Uint8Array -): string => { - return blsSdk.encrypt( - publicKey, - uint8arrayToString(data, 'base64'), - uint8arrayToString(identity, 'base64') - ); +): Promise => { + + const publicKey = Buffer.from(publicKeyHex, 'hex'); + + /** + * Our system uses BLS12-381 on the G1 curve for encryption. + * However, on the SDK side (this function), we expect the public key + * to use the G2 curve for signature purposes, hence the switch on public key length. + * + * The G2 curve, `Bls12381G2`, is typically associated with signature generation/verification, + * while G1 is associated with encryption. Here, the length of the public key determines how + * we handle the encryption and the format of the returned encrypted message. + */ + switch (publicKeyHex.replace('0x', '').length) { + + /** + * @deprecated - not sure if this is still used/needed + */ + case 218: + return Buffer.from( + await blsEncrypt('Bls12381G2', publicKey, message, identity) + ).toString('hex'); + case 96: + return Buffer.from( + await blsEncrypt('Bls12381G2', publicKey, message, identity) + ).toString('base64'); + default: + return ''; + } }; /** From 407682a7cb8f455bc37d1916e5f762d409436ab1 Mon Sep 17 00:00:00 2001 From: Anson Date: Thu, 10 Oct 2024 18:10:05 +0100 Subject: [PATCH 2/3] feat(bls): remove case 218 as we don't use it --- packages/crypto/src/lib/crypto.ts | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/packages/crypto/src/lib/crypto.ts b/packages/crypto/src/lib/crypto.ts index 373ce32ee0..3beafee651 100644 --- a/packages/crypto/src/lib/crypto.ts +++ b/packages/crypto/src/lib/crypto.ts @@ -128,22 +128,21 @@ export const encrypt = ( * while G1 is associated with encryption. Here, the length of the public key determines how * we handle the encryption and the format of the returned encrypted message. */ - switch (publicKeyHex.replace('0x', '').length) { - - /** - * @deprecated - not sure if this is still used/needed - */ - case 218: - return Buffer.from( - await blsEncrypt('Bls12381G2', publicKey, message, identity) - ).toString('hex'); - case 96: - return Buffer.from( - await blsEncrypt('Bls12381G2', publicKey, message, identity) - ).toString('base64'); - default: - return ''; + + if (publicKeyHex.replace('0x', '').length !== 96) { + throw new InvalidParamType( + { + info: { + publicKeyHex, + }, + }, + `Invalid public key length. Expecting 96 characters, got ${publicKeyHex.replace('0x', '').length} instead.` + ); } + return Buffer.from( + await blsEncrypt('Bls12381G2', publicKey, message, identity) + ).toString('base64'); + }; /** From 6d2f502fcc94e4c50884777e6e323a515142eb5d Mon Sep 17 00:00:00 2001 From: Anson Date: Thu, 10 Oct 2024 19:48:07 +0100 Subject: [PATCH 3/3] fmt --- packages/crypto/src/lib/crypto.ts | 26 +++++++++++--------------- 1 file changed, 11 insertions(+), 15 deletions(-) diff --git a/packages/crypto/src/lib/crypto.ts b/packages/crypto/src/lib/crypto.ts index 3beafee651..834d4c75f5 100644 --- a/packages/crypto/src/lib/crypto.ts +++ b/packages/crypto/src/lib/crypto.ts @@ -43,8 +43,7 @@ export const loadModules = (): Promise => { if (!globalThis.jestTesting) { log( - `✅ [BLS SDK] wasmExports loaded. ${ - Object.keys(exports).length + `✅ [BLS SDK] wasmExports loaded. ${Object.keys(exports).length } functions available. Run 'wasmExports' in the console to see them.` ); } @@ -66,8 +65,7 @@ export const loadModules = (): Promise => { if (!globalThis.jestTesting) { log( - `✅ [ECDSA SDK ${env}] wasmECDSA loaded. ${ - Object.keys(wasmECDSA).length + `✅ [ECDSA SDK ${env}] wasmECDSA loaded. ${Object.keys(wasmECDSA).length } functions available. Run 'wasmECDSA' in the console to see them.` ); } @@ -80,8 +78,7 @@ export const loadModules = (): Promise => { if (!globalThis.jestTesting) { log( - `✅ [SEV SNP Utils SDK] wasmSevSnpUtils loaded. ${ - Object.keys(exports).length + `✅ [SEV SNP Utils SDK] wasmSevSnpUtils loaded. ${Object.keys(exports).length } functions available. Run 'wasmSevSnpUtils' in the console to see them.` ); } @@ -120,15 +117,14 @@ export const encrypt = ( const publicKey = Buffer.from(publicKeyHex, 'hex'); /** - * Our system uses BLS12-381 on the G1 curve for encryption. - * However, on the SDK side (this function), we expect the public key - * to use the G2 curve for signature purposes, hence the switch on public key length. - * - * The G2 curve, `Bls12381G2`, is typically associated with signature generation/verification, - * while G1 is associated with encryption. Here, the length of the public key determines how - * we handle the encryption and the format of the returned encrypted message. - */ - + * Our system uses BLS12-381 on the G1 curve for encryption. + * However, on the SDK side (this function), we expect the public key + * to use the G2 curve for signature purposes, hence the switch on public key length. + * + * The G2 curve, `Bls12381G2`, is typically associated with signature generation/verification, + * while G1 is associated with encryption. Here, the length of the public key determines how + * we handle the encryption and the format of the returned encrypted message. + */ if (publicKeyHex.replace('0x', '').length !== 96) { throw new InvalidParamType( {