feature(keys): crypto algorithm as enum

[jns-ps]

Summary by CodeRabbit

• New Features

  • Introduced a new enumeration CryptoAlgorithm with variants for different cryptographic algorithms.
  • Added a new struct CryptoPayload to encapsulate cryptographic data.
  • Created a new module algorithm for better organization of cryptographic functionalities.

• Bug Fixes

  • Enhanced type safety in methods related to cryptographic signatures and keys by replacing string literals with the CryptoAlgorithm enum.

• Chores

  • Removed the previous CryptoPayload struct from the serialization library.

[coderabbitai]

Walkthrough

This pull request introduces a new CryptoAlgorithm enum to standardize and improve type safety for cryptographic algorithms across the keys module. The changes involve modifying multiple files in the crates/keys and crates/serde directories to replace string-based algorithm representations with a strongly-typed enum. The modifications include updating method signatures, implementing new serialization approaches, and refactoring how cryptographic algorithms are handled throughout the codebase.

Changes

File	Change Summary
crates/keys/src/algorithm.rs	Added new public enum CryptoAlgorithm with variants Ed25519, Secp256k1, and Secp256r1
crates/keys/src/lib.rs	Added new algorithm module and public re-export
crates/keys/src/payload.rs	Introduced CryptoPayload struct with algorithm and bytes fields
crates/keys/src/signatures.rs	Updated method signatures to use CryptoAlgorithm instead of strings
crates/keys/src/signing_keys.rs	Modified algorithm-related methods to use CryptoAlgorithm enum
crates/keys/src/verifying_keys.rs	Refactored algorithm methods to leverage CryptoAlgorithm enum
crates/serde/src/lib.rs	Removed previous CryptoPayload struct

Sequence Diagram

sequenceDiagram
    participant Client
    participant CryptoAlgorithm
    participant SigningKey
    participant VerifyingKey
    
    Client->>CryptoAlgorithm: Select Algorithm
    Client->>SigningKey: from_algorithm_and_bytes(algorithm, bytes)
    SigningKey-->>Client: Create SigningKey
    Client->>VerifyingKey: from_algorithm_and_bytes(algorithm, bytes)
    VerifyingKey-->>Client: Create VerifyingKey

Loading

Possibly related PRs

• refactor(common): use underlying VK types instead of Vec<u8> #150: Enhances type safety for verification keys
• feat(common): secp256r1 support #152: Adds support for Secp256r1 signature scheme
• feature(common): better serialization of cryptographic payloads #161: Improves cryptographic payload serialization
• feature: Binary transcoding via trait blanket impl  #165: Introduces BinaryTranscodable trait for encoding/decoding

Suggested reviewers

• distractedm1nd
• sebasti810

Poem

🐰 Algorithms dance with grace,
Enum's magic leaves no trace
Strings bow out, types take flight
Crypto keys now shine so bright!
Rabbit hops with pure delight 🔑

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (5)

crates/keys/src/algorithm.rs (2)

3-9: Add documentation for the CryptoAlgorithm enum and its variants.

Consider adding documentation to explain:

• The purpose of this enum
• When to use each variant
• Any specific characteristics or use cases for each algorithm

Example:

 #[derive(Clone, Copy, Debug, Eq, PartialEq, Serialize, Deserialize)]
 #[serde(rename_all = "lowercase")]
+/// Represents supported cryptographic algorithms for digital signatures.
 pub enum CryptoAlgorithm {
+    /// Edwards-curve Digital Signature Algorithm (EdDSA) using curve25519
     Ed25519,
+    /// Elliptic Curve Digital Signature Algorithm (ECDSA) using secp256k1 curve
     Secp256k1,
+    /// ECDSA using NIST P-256 (secp256r1) curve
     Secp256r1,
 }

---

3-9: Consider adding TryFrom<&str> implementation and unit tests.

Adding string conversion and tests would improve robustness:

1. Implement TryFrom<&str> for parsing algorithm strings
2. Add unit tests for serialization/deserialization
3. Add tests for string conversion

Example implementation:

impl TryFrom<&str> for CryptoAlgorithm {
    type Error = anyhow::Error;

    fn try_from(s: &str) -> Result<Self, Self::Error> {
        match s.to_lowercase().as_str() {
            "ed25519" => Ok(Self::Ed25519),
            "secp256k1" => Ok(Self::Secp256k1),
            "secp256r1" => Ok(Self::Secp256r1),
            _ => Err(anyhow::anyhow!("Unknown algorithm: {}", s)),
        }
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_serde() {
        let alg = CryptoAlgorithm::Ed25519;
        let serialized = serde_json::to_string(&alg).unwrap();
        assert_eq!(serialized, "\"ed25519\"");
        
        let deserialized: CryptoAlgorithm = serde_json::from_str(&serialized).unwrap();
        assert_eq!(deserialized, alg);
    }
}

crates/keys/src/signatures.rs (2)

31-42: Improve error handling in from_algorithm_and_bytes.

The error handling could be more specific to help with debugging:

1. Consider wrapping errors with context
2. Add specific error types for different failure cases

Example improvement:

     pub fn from_algorithm_and_bytes(algorithm: CryptoAlgorithm, bytes: &[u8]) -> Result<Self> {
         match algorithm {
             CryptoAlgorithm::Ed25519 => {
-                Ed25519Signature::try_from(bytes).map(Signature::Ed25519).map_err(|e| e.into())
+                Ed25519Signature::try_from(bytes)
+                    .map(Signature::Ed25519)
+                    .map_err(|e| anyhow::anyhow!("Invalid Ed25519 signature: {}", e))
             }
             CryptoAlgorithm::Secp256k1 => {
-                Secp256k1Signature::from_der(bytes).map(Signature::Secp256k1).map_err(|e| e.into())
+                Secp256k1Signature::from_der(bytes)
+                    .map(Signature::Secp256k1)
+                    .map_err(|e| anyhow::anyhow!("Invalid Secp256k1 signature: {}", e))
             }
             // Similar changes for Secp256r1...
         }
     }

---

58-60: Add tests for CryptoPayload conversion.

The implementations look correct, but tests should be added to verify the conversion behavior, especially around the Placeholder variant.

Example test cases:

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_crypto_payload_conversion() {
        let signature = Signature::Ed25519(/* ... */);
        let payload: CryptoPayload = signature.clone().into();
        let converted: Signature = payload.try_into().unwrap();
        assert_eq!(signature, converted);
    }

    #[test]
    fn test_placeholder_conversion() {
        let signature = Signature::Placeholder;
        let payload: CryptoPayload = signature.into();
        assert_eq!(payload.algorithm, CryptoAlgorithm::Ed25519);
        assert!(payload.bytes.is_empty());
    }
}

Also applies to: 65-69

crates/keys/src/verifying_keys.rs (1)

Line range hint 191-214: Consider enhancing FromBase64 with explicit algorithm specification

The current implementation determines the algorithm based on key length. Consider adding an overload that accepts a CryptoAlgorithm parameter for more explicit and type-safe key parsing:

impl FromBase64 for VerifyingKey {
    // ... existing implementation ...

    fn from_base64_with_algorithm<T: AsRef<[u8]>>(
        base64: T,
        algorithm: CryptoAlgorithm,
    ) -> Result<Self, Self::Error> {
        let bytes = Vec::<u8>::from_base64(base64)?;
        Self::from_algorithm_and_bytes(algorithm, &bytes)
    }
}

This would allow callers to explicitly specify their expected algorithm while maintaining backward compatibility.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ce86c78 and 7fbf5c5.

📒 Files selected for processing (7)

• crates/keys/src/algorithm.rs (1 hunks)
• crates/keys/src/lib.rs (1 hunks)
• crates/keys/src/payload.rs (1 hunks)
• crates/keys/src/signatures.rs (3 hunks)
• crates/keys/src/signing_keys.rs (4 hunks)
• crates/keys/src/verifying_keys.rs (3 hunks)
• crates/serde/src/lib.rs (0 hunks)

💤 Files with no reviewable changes (1)

• crates/serde/src/lib.rs

✅ Files skipped from review due to trivial changes (1)

• crates/keys/src/lib.rs

🔇 Additional comments (8)

crates/keys/src/signatures.rs (1)

45-52: Reconsider default algorithm for Placeholder variant.

The algorithm() method returns Ed25519 for the Placeholder variant, which seems arbitrary and could be misleading. Consider:

1. Making this behavior explicit in documentation
2. Returning a Result instead to force handling of the Placeholder case

Let's check if this default is used elsewhere:

✅ Verification successful

Let me check how the Placeholder variant is used in the transaction signing flow to better understand the implications of the default algorithm.

---

Let me try a different approach to check the transaction signing implementation.

---

Based on the findings, I can now generate the final response:

The Ed25519 default for Placeholder is intentional and safe

The Placeholder variant is used as a temporary state in transaction signing flow, where:

• It's used to initialize unsigned transactions
• It's immediately replaced with the actual signature during signing
• The algorithm type doesn't impact the security since the placeholder signature is never used for verification

The current implementation is correct as:

1. The signing flow properly handles the Placeholder by checking its presence before signing
2. The Ed25519 default is only used temporarily and gets replaced with the actual signing algorithm

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for Placeholder variant usage
rg "Signature::Placeholder" -A 2

Length of output: 993

---

Script:

#!/bin/bash
# Check transaction signing implementation
ast-grep --pattern 'fn sign($$$) {
  $$$
}'  crates/common/src/transaction.rs

Length of output: 78

---

Script:

#!/bin/bash
# Search for sign method implementation with context
rg "fn sign" -A 10 crates/common/src/transaction.rs

Length of output: 393

crates/keys/src/signing_keys.rs (4)

11-11: LGTM: Import changes align with enum-based approach

The updated imports properly introduce the new CryptoAlgorithm enum and CryptoPayload type.

---

45-56: LGTM: Enhanced type safety with CryptoAlgorithm enum

The conversion from string-based to enum-based algorithm selection improves type safety and eliminates potential runtime errors from invalid algorithm strings.

---

59-64: LGTM: Consistent algorithm type representation

The method now returns the strongly-typed CryptoAlgorithm enum, maintaining consistency with the new type system.

---

101-110: LGTM: Clean payload conversion implementations

The payload conversion implementations correctly utilize the new CryptoAlgorithm type while maintaining clean and straightforward conversion logic.

crates/keys/src/verifying_keys.rs (3)

19-20: LGTM: Clean import organization

The imports are well-organized and properly introduce the new types.

---

63-74: LGTM: Consistent implementation with SigningKey

The changes mirror those in SigningKey, maintaining consistency across the codebase while preserving proper error handling.

---

77-82: LGTM: Symmetric algorithm implementation

The implementation symmetrically matches SigningKey's approach, maintaining codebase consistency.

[coderabbitai]

🛠️ Refactor suggestion

Add documentation and consider encapsulation.

The struct implementation could be improved:

1. Add documentation explaining the purpose and usage
2. Consider encapsulating fields with accessor methods
3. Add validation for the bytes field

Example improvements:

 #[derive(Serialize, Deserialize)]
+/// Represents a cryptographic payload containing an algorithm identifier and its associated bytes.
 pub struct CryptoPayload {
-    pub algorithm: CryptoAlgorithm,
-    #[serde(with = "raw_or_b64")]
-    pub bytes: Vec<u8>,
+    algorithm: CryptoAlgorithm,
+    #[serde(with = "raw_or_b64")]
+    bytes: Vec<u8>,
 }

+impl CryptoPayload {
+    /// Creates a new CryptoPayload with validation
+    pub fn new(algorithm: CryptoAlgorithm, bytes: Vec<u8>) -> Result<Self> {
+        // Add validation based on algorithm's expected byte length
+        Ok(Self { algorithm, bytes })
+    }
+
+    /// Returns the cryptographic algorithm
+    pub fn algorithm(&self) -> CryptoAlgorithm {
+        self.algorithm
+    }
+
+    /// Returns a reference to the raw bytes
+    pub fn bytes(&self) -> &[u8] {
+        &self.bytes
+    }
+}

Committable suggestion skipped: line range outside the PR's diff.

[jns-ps]

For these specific things, it should be called "Curve" instead of "CryptoAlgorithm"

Originally posted by @distractedm1nd in #187 (comment)

[jns-ps]

I still disagree on this. What if we wanted to support keys/sigs without a curve?

Are there signing keys that are not based on elliptic curves?

RSA: Based on the factoring problem of large composite numbers. Still widely used.
Hash-based signatures: SPHINCS+, XMSS, WOTS+. Very quantum-resistant but larger signatures.
Lattice-based: Dilithium, Falcon. Also quantum-resistant, based on hard lattice problems.
Multivariate: Rainbow (though broken now). Based on solving systems of multivariate polynomial equations.