Ed (edwards curve), EdDSA (Ed25519/Ed448) and XDH (X25519/X448) #105
Conversation
…and XDH (X25519/X448) interfaces
There was a problem hiding this comment.
Nice! Thanks for the PR! I've performed first round of review and left quite a lot of comments. Hope that most of them could be easily solved!
P.S. I'm quite curious, was any AI tool used to implement any part of the PR? There is no problem with it, just curiocity :)
cryptography-providers/jdk/src/jvmMain/kotlin/algorithms/JdkEdDSA.kt
Outdated
Show resolved
Hide resolved
cryptography-providers/cryptokit/src/commonMain/kotlin/algorithms/CryptoKitEdDSA.kt
Outdated
Show resolved
Hide resolved
cryptography-providers/cryptokit/src/commonMain/kotlin/algorithms/CryptoKitEdDSA.kt
Show resolved
Hide resolved
cryptography-providers/cryptokit/src/commonMain/kotlin/algorithms/CryptoKitXDH.kt
Outdated
Show resolved
Hide resolved
cryptography-providers/cryptokit/src/commonMain/kotlin/algorithms/CryptoKitEdDSA.kt
Outdated
Show resolved
Hide resolved
- Docs: remove duplicated EdDSA/XDH sections (JDK/OpenSSL3); fix CryptoKit notes; clarify WebCrypto availability wording and remove opt-in flag. - WebCrypto: drop engine gating + experimental flag; pass key.algorithm to EdDSA ops; fix private key JWK/RAW mapping; use KeyDeriveAlgorithm for ECDH. - JDK EdDSA: support RAW via PKCS8/SPKI wrap/unwrap. - OpenSSL3 EdDSA/XDH: add RAW key format via DER wrap/unwrap; pass curve through wrappers; extract shared derive to operations. - Tests: remove WebCrypto skips; align JDK EdDSA gating to JDK<11; add EdDSA/XDH compatibility tests; include in generator.
…ers; Compatibility tests: include JWK for WebCrypto in EdDSA/XDH
…ot path); JDK: unify RAW SPKI/PKCS#8 unwrap via helper; wire OID constants
… fix curve param decoding for EdDSA/XDH compat tests; adjust ASN.1 AlgorithmIdentifier to allow missing parameters (RFC 8410).
… Tests: use context.provider.isCryptoKit in EdDSA/XDH default tests\n- Compatibility: skip Ed448/X448 for CryptoKit to match capabilities\n- ASN.1: tolerate absent/NULL AlgorithmIdentifier parameters (RFC 8410)\n- SwiftInterop: generate SPM platforms with .vN style; prefer OS runtime\n\nAlso includes current local changes in support files and providers.
…t EdDSA\n\n- Extract accumulating signature update logic to provider-base\n- Replace CryptoKit EdDSA local functions with shared base impls
…dDSA (RFC 8032) and XDH (RFC 7748)
|
Thanks for the review @whyoleg ! All the comments should be addressed now. To answer your question regarding AI: yes, OpenAI's Codex CLI with GPT-5 (high reasoning) was used for the entirety of this PR. Highlights of changes since your review:
|
There was a problem hiding this comment.
The PR is really big so reviewing it becoming a bit hard, but here is the second round of review.
If the whole PR is done via AI - I will probably need some time more to review it locally and perform some additional manual changes, to split commits/changes, so that the history will be nicer. Or you can do it if you like :)
Depending on your answer, I will provide more instructions
| @@ -8,6 +8,7 @@ For supported targets and algorithms, please consult [Supported primitives secti | |||
|
|
|||
| * KeyFormat: doesn't support `JWK` key format yet | |||
| * AES.GCM supports only a default tag size of 96 bits | |||
| * EdDSA/XDH: CryptoKit supports only Ed25519 and X25519. DER/PEM and RAW key encodings are available via the provider APIs. | |||
There was a problem hiding this comment.
| * EdDSA/XDH: CryptoKit supports only Ed25519 and X25519. DER/PEM and RAW key encodings are available via the provider APIs. | |
| * EdDSA/XDH: supports only Ed25519 and X25519 |
| @@ -21,6 +21,7 @@ For supported targets and algorithms, please consult [Supported primitives secti | |||
|
|
|||
| * KeyFormat: doesn't support `JWK` key format yet | |||
|
|
|||
|
|
|||
| @@ -9,10 +9,12 @@ For supported targets and algorithms, please consult [Supported primitives secti | |||
| * only `suspend` functions are supported, because `WebCrypto` API is async by default | |||
| * AES.* (browser only): may not support `192 bit` keys | |||
| * AES.CBC: only `padding=true` is supported | |||
| * EdDSA/XDH: These algorithms were added later to WebCrypto and might not be available in all engines/browsers yet (see [RFC 8032] and [RFC 7748]). If unsupported, operations will fail at runtime with an error from the underlying engine. | |||
There was a problem hiding this comment.
| * EdDSA/XDH: These algorithms were added later to WebCrypto and might not be available in all engines/browsers yet (see [RFC 8032] and [RFC 7748]). If unsupported, operations will fail at runtime with an error from the underlying engine. | |
| * EdDSA/XDH were added later to WebCrypto and might not be available in all browsers (https://github.com/w3c/webcrypto/pull/362) |
|
|
||
| ## Example | ||
|
|
||
| ```kotlin | ||
| // default provider |
There was a problem hiding this comment.
| // default provider |
|
|
||
| [RFC 8032]: https://www.rfc-editor.org/rfc/rfc8032 | ||
| [RFC 7748]: https://www.rfc-editor.org/rfc/rfc7748 |
There was a problem hiding this comment.
| [RFC 8032]: https://www.rfc-editor.org/rfc/rfc8032 | |
| [RFC 7748]: https://www.rfc-editor.org/rfc/rfc7748 |
| @@ -44,11 +44,12 @@ abstract class GenerateSwiftPackageDefinitionTask : DefaultTask() { | |||
| outputDirectory.get().asFile.recreateDirectories() | |||
|
|
|||
| val swiftinteropModuleName = swiftinteropModuleName.get() | |||
| fun ver(v: String) = ".v$v" | |||
There was a problem hiding this comment.
those changes are most likely unrelated and should be reverted, why are they needed?
There was a problem hiding this comment.
These changes were made to address linker/compiler issues on macOS 26 beta / Xcode 26.
| @@ -69,7 +70,11 @@ abstract class GenerateSwiftPackageDefinitionTask : DefaultTask() { | |||
| dependencies: [], | |||
| targets: [ | |||
| .target( | |||
| name: "$swiftinteropModuleName" | |||
| name: "$swiftinteropModuleName", | |||
| swiftSettings: [ | |||
There was a problem hiding this comment.
those changes are most likely unrelated and should be reverted, why are they needed?
There was a problem hiding this comment.
These changes were made to address linker/compiler issues on macOS 26 beta / Xcode 26.
| @@ -45,13 +45,19 @@ abstract class XcodebuildBuildTask : DefaultTask() { | |||
|
|
|||
| exec.exec { | |||
| it.workingDir(temporaryDir) | |||
| it.commandLine( | |||
| val developerDir = System.getenv("DEVELOPER_DIR") ?: "" | |||
There was a problem hiding this comment.
those changes are most likely unrelated and should be reverted, why are they needed?
There was a problem hiding this comment.
These changes were made to address linker/compiler issues on macOS 26 beta / Xcode 26.
| val parameters = decodeParameters(algorithm) | ||
| check(decodeElementIndex(descriptor) == CompositeDecoder.DECODE_DONE) | ||
| parameters | ||
| when (val idx = decodeElementIndex(descriptor)) { |
There was a problem hiding this comment.
It would be nice to implement those changes in a separate PR/commit with additional tests
| @@ -26,8 +26,10 @@ internal object KeyAlgorithmIdentifierSerializer : AlgorithmIdentifierSerializer | |||
| } | |||
| ObjectIdentifier.EC -> EcKeyAlgorithmIdentifier(decodeParameters(EcParameters.serializer())) | |||
| else -> { | |||
| // TODO: somehow we should ignore parameters here | |||
| // For algorithms like Ed25519/Ed448/X25519/X448 (RFC 8410), parameters MUST be absent. | |||
There was a problem hiding this comment.
without tests it's not clear, why are those needed
|
Thanks for the second review @whyoleg - let me see what I can do for breaking this up into more smaller commits/PRs |
Split PRs Overview: EdDSA/XDH SeriesBelow is a concise list of the new PRs that split the original combined work, with links, scope, and dependencies. All target Merge Order (high level)
Foundation
Providers
Tests
Notes
|
|
Thanks for the split! |
|
I don't mind at all, please do! |
This is a rebased version of #61 that also addresses the outstanding comments on the original PR, and adds Apple providers.