-
Notifications
You must be signed in to change notification settings - Fork 97
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: pure JS BLS verification #817
Conversation
size-limit report 📦
|
After investigating, I confirmed that this commit broke the noble curves short signature implementation shortly before the release. If we fix the issue, this PR should be ready to ship once the next version of |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't see any new tests added. Are we reasonably confident the noble/curves implementation is secure and provides parity with the existing?
@randombit added support for the library, and also authored the latest patch that restored functionality - paulmillr/noble-curves#124 The existing tests, including tests against mainnet, should be adequate. Happy to wait for prodsec to review, however. Additionally, we could pin the version for key crypto dependencies like this, and require manual bumping for any changes, including patches |
@@ -122,7 +122,7 @@ function isBufferEqual(a: ArrayBuffer, b: ArrayBuffer): boolean { | |||
return true; | |||
} | |||
|
|||
type VerifyFunc = (pk: Uint8Array, sig: Uint8Array, msg: Uint8Array) => Promise<boolean>; | |||
type VerifyFunc = (pk: Uint8Array, sig: Uint8Array, msg: Uint8Array) => Promise<boolean> | boolean; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this (=> Promise<boolean> | boolean
) for backwards compatibility? An approach I've seen elsewhere is to return a completed future in cases like this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's to allow an interface to have the option to make a call synchronously. The new library is synchronous, and the Promise is the backwards compatibility. There's no harm in supporting both interfaces, apart from the slight increase in type verbosity
Description
Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context.
Fixes # (issue)
How Has This Been Tested?
Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration.
Checklist: