sonr/crypto/core/commit.go

//
// Copyright Coinbase, Inc. All Rights Reserved.
//
// SPDX-License-Identifier: Apache-2.0
//

package core

import (
	"crypto/hmac"
	crand "crypto/rand"
	"crypto/sha256"
	"crypto/subtle"
	"encoding/json"
	"fmt"
	"hash"
)

// Size of random values and hash outputs are determined by our hash function
const Size = sha256.Size

type (
	// Commitment to a given message which can be later revealed.
	// This is sent to and held by a verifier until the corresponding
	// witness is provided.
	Commitment []byte

	// Witness is sent to and opened by the verifier. This proves that
	// committed message hasn't been altered by later information.
	Witness struct {
		Msg []byte
		r   [Size]byte
	}

	// witnessJSON is used for un/marshaling.
	witnessJSON struct {
		Msg []byte
		R   [Size]byte
	}
)

// MarshalJSON encodes Witness in JSON
func (w Witness) MarshalJSON() ([]byte, error) {
	return json.Marshal(witnessJSON{w.Msg, w.r})
}

// UnmarshalJSON decodes JSON into a Witness struct
func (w *Witness) UnmarshalJSON(data []byte) error {
	witness := &witnessJSON{}
	err := json.Unmarshal(data, witness)
	if err != nil {
		return err
	}
	w.Msg = witness.Msg
	w.r = witness.R
	return nil
}

// Commit to a given message. Uses SHA256 as the hash function.
func Commit(msg []byte) (Commitment, *Witness, error) {
	// Initialize our decommitment
	d := Witness{msg, [Size]byte{}}

	// Generate a random nonce of the required length
	n, err := crand.Read(d.r[:])
	// Ensure no errors retrieving nonce
	if err != nil {
		return nil, nil, err
	}

	// Ensure we read all the bytes expected
	if n != Size {
		return nil, nil, fmt.Errorf("failed to read %v bytes from crypto/rand: received %v bytes", Size, n)
	}
	// Compute the commitment: HMAC(Sha2, msg, key)
	c, err := ComputeHMAC(sha256.New, msg, d.r[:])
	if err != nil {
		return nil, nil, err
	}
	return c, &d, nil
}

// Open a commitment and return true if the commitment/decommitment pair are valid.
// reference: spec.§2.4: Commitment Scheme
func Open(c Commitment, d Witness) (bool, error) {
	// Ensure commitment is well-formed.
	if len(c) != Size {
		return false, fmt.Errorf("invalid commitment, wrong length. %v != %v", len(c), Size)
	}

	// Re-compute the commitment: HMAC(Sha2, msg, key)
	cʹ, err := ComputeHMAC(sha256.New, d.Msg, d.r[:])
	if err != nil {
		return false, err
	}
	return subtle.ConstantTimeCompare(cʹ, c) == 1, nil
}

// ComputeHMAC computes HMAC(hash_fn, msg, key)
// Takes in a hash function to use for HMAC
func ComputeHMAC(f func() hash.Hash, msg []byte, k []byte) ([]byte, error) {
	if f == nil {
		return nil, fmt.Errorf("hash function cannot be nil")
	}

	mac := hmac.New(f, k)
	w, err := mac.Write(msg)

	if w != len(msg) {
		return nil, fmt.Errorf("bytes written to hash doesn't match expected: %v != %v", w, len(msg))
	} else if err != nil {
		return nil, err
	}
	return mac.Sum(nil), nil
}
-												feature/1114 implement account interface (#1167)

      - **refactor: move session-related code to middleware package**
- **refactor: update PKL build process and adjust related
configurations**
- **feat: integrate base.cosmos.v1 Genesis module**
- **refactor: pass session context to modal rendering functions**
- **refactor: move nebula package to app directory and update templ
version**
- **refactor: Move home section video view to dedicated directory**
- **refactor: remove unused views file**
- **refactor: move styles and UI components to global scope**
- **refactor: Rename images.go to cdn.go**
- **feat: Add Empty State Illustrations**
- **refactor: Consolidate Vault Index Logic**
- **fix: References to App.wasm and remove Vault Directory embedded CDN
files**
- **refactor: Move CDN types to Models**
- **fix: Correct line numbers in templ error messages for
arch_templ.go**
- **refactor: use common types for peer roles**
- **refactor: move common types and ORM to a shared package**
- **fix: Config import dwn**
- **refactor: move nebula directory to app**
- **feat: Rebuild nebula**
- **fix: correct file paths in panels templates**
- **feat: Remove duplicate types**
- **refactor: Move dwn to pkg/core**
- **refactor: Binary Structure**
- **feat: Introduce Crypto Pkg**
- **fix: Broken Process Start**
- **feat: Update pkg/* structure**
- **feat: Refactor PKL Structure**
- **build: update pkl build process**
- **chore: Remove Empty Files**
- **refactor: remove unused macaroon package**
- **feat: Add WebAwesome Components**
- **refactor: consolidate build and generation tasks into a single
taskfile, remove redundant makefile targets**
- **refactor: refactor server and move components to pkg/core/dwn**
- **build: update go modules**
- **refactor: move gateway logic into dedicated hway command**
- **feat: Add KSS (Krawczyk-Song-Song) MPC cryptography module**
- **feat: Implement MPC-based JWT signing and UCAN token generation**
- **feat: add support for MPC-based JWT signing**
- **feat: Implement MPC-based UCAN capabilities for smart accounts**
- **feat: add address field to keyshareSource**
- **feat: Add comprehensive MPC test suite for keyshares, UCAN tokens,
and token attenuations**
- **refactor: improve MPC keyshare management and signing process**
- **feat: enhance MPC capability hierarchy documentation**
- **refactor: rename GenerateKeyshares function to NewKeyshareSource for
clarity**
- **refactor: remove unused Ethereum address computation**
- **feat: Add HasHandle and IsAuthenticated methods to HTTPContext**
- **refactor: Add context.Context support to session HTTPContext**
- **refactor: Resolve context interface conflicts in HTTPContext**
- **feat: Add session ID context key and helper functions**
- **feat: Update WebApp Page Rendering**
- **refactor: Simplify context management by using single HTTPContext
key**
- **refactor: Simplify HTTPContext creation and context management in
session middleware**
- **refactor: refactor session middleware to use a single data
structure**
- **refactor: Simplify HTTPContext implementation and session data
handling**
- **refactor: Improve session context handling and prevent nil pointer
errors**
- **refactor: Improve session context handling with nil safety and type
support**
- **refactor: improve session data injection**
- **feat: add full-screen modal component and update registration flow**
- **chore: add .air.toml to .gitignore**
- **feat: add Air to devbox and update dependencies**
  
											
										
										
											2024-11-23 01:28:58 -05:00
+								//
 								// Copyright Coinbase, Inc. All Rights Reserved.
 								//
 								// SPDX-License-Identifier: Apache-2.0
 								//
 								package core
 								import (
 									"crypto/hmac"
 									crand "crypto/rand"
 									"crypto/sha256"
 									"crypto/subtle"
 									"encoding/json"
 									"fmt"
 									"hash"
 								)
 								// Size of random values and hash outputs are determined by our hash function
 								const Size = sha256.Size
 								type (
 									// Commitment to a given message which can be later revealed.
 									// This is sent to and held by a verifier until the corresponding
 									// witness is provided.
 									Commitment []byte
 									// Witness is sent to and opened by the verifier. This proves that
 									// committed message hasn't been altered by later information.
 									Witness struct {
 										Msg []byte
 										r   [Size]byte
 									}
 									// witnessJSON is used for un/marshaling.
 									witnessJSON struct {
 										Msg []byte
 										R   [Size]byte
 									}
 								)
 								// MarshalJSON encodes Witness in JSON
 								func (w Witness) MarshalJSON() ([]byte, error) {
 									return json.Marshal(witnessJSON{w.Msg, w.r})
 								}
 								// UnmarshalJSON decodes JSON into a Witness struct
 								func (w *Witness) UnmarshalJSON(data []byte) error {
 									witness := &witnessJSON{}
 									err := json.Unmarshal(data, witness)
 									if err != nil {
 										return err
 									}
 									w.Msg = witness.Msg
 									w.r = witness.R
 									return nil
 								}
 								// Commit to a given message. Uses SHA256 as the hash function.
 								func Commit(msg []byte) (Commitment, *Witness, error) {
 									// Initialize our decommitment
 									d := Witness{msg, [Size]byte{}}
 									// Generate a random nonce of the required length
 									n, err := crand.Read(d.r[:])
 									// Ensure no errors retrieving nonce
 									if err != nil {
 										return nil, nil, err
 									}
 									// Ensure we read all the bytes expected
 									if n != Size {
 										return nil, nil, fmt.Errorf("failed to read %v bytes from crypto/rand: received %v bytes", Size, n)
 									}
 									// Compute the commitment: HMAC(Sha2, msg, key)
 									c, err := ComputeHMAC(sha256.New, msg, d.r[:])
 									if err != nil {
 										return nil, nil, err
 									}
 									return c, &d, nil
 								}
 								// Open a commitment and return true if the commitment/decommitment pair are valid.
 								// reference: spec.§2.4: Commitment Scheme
 								func Open(c Commitment, d Witness) (bool, error) {
 									// Ensure commitment is well-formed.
 									if len(c) != Size {
 										return false, fmt.Errorf("invalid commitment, wrong length. %v != %v", len(c), Size)
 									}
 									// Re-compute the commitment: HMAC(Sha2, msg, key)
 									cʹ, err := ComputeHMAC(sha256.New, d.Msg, d.r[:])
 									if err != nil {
 										return false, err
 									}
 									return subtle.ConstantTimeCompare(cʹ, c) == 1, nil
 								}
 								// ComputeHMAC computes HMAC(hash_fn, msg, key)
 								// Takes in a hash function to use for HMAC
 								func ComputeHMAC(f func() hash.Hash, msg []byte, k []byte) ([]byte, error) {
 									if f == nil {
 										return nil, fmt.Errorf("hash function cannot be nil")
 									}
 									mac := hmac.New(f, k)
 									w, err := mac.Write(msg)
 									if w != len(msg) {
 										return nil, fmt.Errorf("bytes written to hash doesn't match expected: %v != %v", w, len(msg))
 									} else if err != nil {
 										return nil, err
 									}
 									return mac.Sum(nil), nil
 								}