sonr/crypto/core/mod.go

//
// Copyright Coinbase, Inc. All Rights Reserved.
//
// SPDX-License-Identifier: Apache-2.0
//
// Package core contains convenience functions for modular arithmetic.

// Package core contains a set of primitives, including but not limited to various
// elliptic curves, hashes, and commitment schemes. These primitives are used internally
// and can also be used independently on their own externally.
package core

import (
	crand "crypto/rand"
	"crypto/subtle"
	"fmt"
	"math/big"

	"github.com/onsonr/sonr/crypto/internal"
)

var (
	// Zero is additive identity in the set of integers
	Zero = big.NewInt(0)

	// One is the multiplicative identity in the set of integers
	One = big.NewInt(1)

	// Two is the odd prime
	Two = big.NewInt(2)
)

// ConstantTimeEqByte determines if a, b have identical byte serialization
// and signs. It uses the crypto/subtle package to get a constant time comparison
// over byte representations. Return value is a byte which may be
// useful in bitwise operations. Returns 0x1 if the two values have the
// identical sign and byte representation; 0x0 otherwise.
func ConstantTimeEqByte(a, b *big.Int) byte {
	if a == nil && a == b {
		return 1
	}
	if a == nil || b == nil {
		return 0
	}
	// Determine if the byte representations are the same
	var sameBytes byte
	if subtle.ConstantTimeCompare(a.Bytes(), b.Bytes()) == 1 {
		sameBytes = 1
	} else {
		sameBytes = 0
	}

	// Determine if the signs are the same
	var sameSign byte
	if a.Sign() == b.Sign() {
		sameSign = 1
	} else {
		sameSign = 0
	}

	// Report the conjunction
	return sameBytes & sameSign
}

// ConstantTimeEq determines if a, b have identical byte serialization
// and uses the crypto/subtle package to get a constant time comparison
// over byte representations.
func ConstantTimeEq(a, b *big.Int) bool {
	return ConstantTimeEqByte(a, b) == 1
}

// In determines ring membership before modular reduction: x ∈ Z_m
// returns nil if 0 ≤ x < m
func In(x, m *big.Int) error {
	if AnyNil(x, m) {
		return internal.ErrNilArguments
	}
	// subtle doesn't support constant time big.Int compare
	// just use big.Cmp for now
	// x ∈ Z_m ⇔ 0 ≤ x < m
	if x.Cmp(Zero) != -1 && x.Cmp(m) == -1 {
		return nil
	}
	return internal.ErrZmMembership
}

// Add (modular addition): z = x+y (modulo m)
func Add(x, y, m *big.Int) (*big.Int, error) {
	if AnyNil(x, y) {
		return nil, internal.ErrNilArguments
	}
	z := new(big.Int).Add(x, y)
	// Compute the residue if one is specified, otherwise
	// we leave the value as an unbound integer
	if m != nil {
		z.Mod(z, m)
	}
	return z, nil
}

// Mul (modular multiplication): z = x*y (modulo m)
func Mul(x, y, m *big.Int) (*big.Int, error) {
	if AnyNil(x, y) {
		return nil, internal.ErrNilArguments
	}
	z := new(big.Int).Mul(x, y)

	// Compute the residue if one is specified, otherwise
	// we leave the value as an unbound integer
	if m != nil {
		z.Mod(z, m)
	}
	return z, nil
}

// Exp (modular exponentiation): z = x^y (modulo m)
func Exp(x, y, m *big.Int) (*big.Int, error) {
	if AnyNil(x, y) {
		return nil, internal.ErrNilArguments
	}
	// This wrapper looks silly, but it makes the calling code read more consistently.
	return new(big.Int).Exp(x, y, m), nil
}

// Neg (modular negation): z = -x (modulo m)
func Neg(x, m *big.Int) (*big.Int, error) {
	if AnyNil(x, m) {
		return nil, internal.ErrNilArguments
	}
	z := new(big.Int).Neg(x)
	z.Mod(z, m)
	return z, nil
}

// Inv (modular inverse): returns y such that xy = 1 (modulo m).
func Inv(x, m *big.Int) (*big.Int, error) {
	if AnyNil(x, m) {
		return nil, internal.ErrNilArguments
	}
	z := new(big.Int).ModInverse(x, m)
	if z == nil {
		return nil, fmt.Errorf("cannot compute the multiplicative inverse")
	}
	return z, nil
}

// Rand generates a cryptographically secure random integer in the range: 1 < r < m.
func Rand(m *big.Int) (*big.Int, error) {
	if m == nil {
		return nil, internal.ErrNilArguments
	}

	// Select a random element, but not zero or one
	// The reason is the random element may be used as a Scalar or an exponent.
	// An exponent of 1 is generally acceptable because the generator can't be
	// 1. If a Scalar is combined with another Scalar like in fiat-shamir, it
	// offers no hiding properties when multiplied.
	for {
		result, err := crand.Int(crand.Reader, m)
		if err != nil {
			return nil, err
		}

		if result.Cmp(One) == 1 { // result > 1
			return result, nil
		}
	}
}

// AnyNil determines if any of values are nil
func AnyNil(values ...*big.Int) bool {
	for _, x := range values {
		if x == nil {
			return true
		}
	}
	return false
}
feature/1114 implement account interface (#1167) - refactor: move session-related code to middleware package - refactor: update PKL build process and adjust related configurations - feat: integrate base.cosmos.v1 Genesis module - refactor: pass session context to modal rendering functions - refactor: move nebula package to app directory and update templ version - refactor: Move home section video view to dedicated directory - refactor: remove unused views file - refactor: move styles and UI components to global scope - refactor: Rename images.go to cdn.go - feat: Add Empty State Illustrations - refactor: Consolidate Vault Index Logic - fix: References to App.wasm and remove Vault Directory embedded CDN files - refactor: Move CDN types to Models - fix: Correct line numbers in templ error messages for arch_templ.go - refactor: use common types for peer roles - refactor: move common types and ORM to a shared package - fix: Config import dwn - refactor: move nebula directory to app - feat: Rebuild nebula - fix: correct file paths in panels templates - feat: Remove duplicate types - refactor: Move dwn to pkg/core - refactor: Binary Structure - feat: Introduce Crypto Pkg - fix: Broken Process Start - *feat: Update pkg/ structure - feat: Refactor PKL Structure - build: update pkl build process - chore: Remove Empty Files - refactor: remove unused macaroon package - feat: Add WebAwesome Components - refactor: consolidate build and generation tasks into a single taskfile, remove redundant makefile targets - refactor: refactor server and move components to pkg/core/dwn - build: update go modules - refactor: move gateway logic into dedicated hway command - feat: Add KSS (Krawczyk-Song-Song) MPC cryptography module - feat: Implement MPC-based JWT signing and UCAN token generation - feat: add support for MPC-based JWT signing - feat: Implement MPC-based UCAN capabilities for smart accounts - feat: add address field to keyshareSource - feat: Add comprehensive MPC test suite for keyshares, UCAN tokens, and token attenuations - refactor: improve MPC keyshare management and signing process - feat: enhance MPC capability hierarchy documentation - refactor: rename GenerateKeyshares function to NewKeyshareSource for clarity - refactor: remove unused Ethereum address computation - feat: Add HasHandle and IsAuthenticated methods to HTTPContext - refactor: Add context.Context support to session HTTPContext - refactor: Resolve context interface conflicts in HTTPContext - feat: Add session ID context key and helper functions - feat: Update WebApp Page Rendering - refactor: Simplify context management by using single HTTPContext key - refactor: Simplify HTTPContext creation and context management in session middleware - refactor: refactor session middleware to use a single data structure - refactor: Simplify HTTPContext implementation and session data handling - refactor: Improve session context handling and prevent nil pointer errors - refactor: Improve session context handling with nil safety and type support - refactor: improve session data injection - feat: add full-screen modal component and update registration flow - chore: add .air.toml to .gitignore - feat: add Air to devbox and update dependencies** 2024-11-23 01:28:58 -05:00			`//`
			`// Copyright Coinbase, Inc. All Rights Reserved.`
			`//`
			`// SPDX-License-Identifier: Apache-2.0`
			`//`
			`// Package core contains convenience functions for modular arithmetic.`

			`// Package core contains a set of primitives, including but not limited to various`
			`// elliptic curves, hashes, and commitment schemes. These primitives are used internally`
			`// and can also be used independently on their own externally.`
			`package core`

			`import (`
			`crand "crypto/rand"`
			`"crypto/subtle"`
			`"fmt"`
			`"math/big"`

feature/1220 origin handle exists method (#1241) * feat: add docs and CI workflow for publishing to onsonr.dev * (refactor): Move hway,motr executables to their own repos * feat: simplify devnet and testnet configurations * refactor: update import path for didcrypto package * docs(networks): Add README with project overview, architecture, and community links * refactor: Move network configurations to deploy directory * build: update golang version to 1.23 * refactor: move logger interface to appropriate package * refactor: Move devnet configuration to networks/devnet * chore: improve release process with date variable * (chore): Move Crypto Library * refactor: improve code structure and readability in DID module * feat: integrate Trunk CI checks * ci: optimize CI workflow by removing redundant build jobs --------- Co-authored-by: Darp Alakun <i@prad.nu> 2025-01-06 12:06:10 -05:00			`"github.com/onsonr/sonr/crypto/internal"`
feature/1114 implement account interface (#1167) - refactor: move session-related code to middleware package - refactor: update PKL build process and adjust related configurations - feat: integrate base.cosmos.v1 Genesis module - refactor: pass session context to modal rendering functions - refactor: move nebula package to app directory and update templ version - refactor: Move home section video view to dedicated directory - refactor: remove unused views file - refactor: move styles and UI components to global scope - refactor: Rename images.go to cdn.go - feat: Add Empty State Illustrations - refactor: Consolidate Vault Index Logic - fix: References to App.wasm and remove Vault Directory embedded CDN files - refactor: Move CDN types to Models - fix: Correct line numbers in templ error messages for arch_templ.go - refactor: use common types for peer roles - refactor: move common types and ORM to a shared package - fix: Config import dwn - refactor: move nebula directory to app - feat: Rebuild nebula - fix: correct file paths in panels templates - feat: Remove duplicate types - refactor: Move dwn to pkg/core - refactor: Binary Structure - feat: Introduce Crypto Pkg - fix: Broken Process Start - *feat: Update pkg/ structure - feat: Refactor PKL Structure - build: update pkl build process - chore: Remove Empty Files - refactor: remove unused macaroon package - feat: Add WebAwesome Components - refactor: consolidate build and generation tasks into a single taskfile, remove redundant makefile targets - refactor: refactor server and move components to pkg/core/dwn - build: update go modules - refactor: move gateway logic into dedicated hway command - feat: Add KSS (Krawczyk-Song-Song) MPC cryptography module - feat: Implement MPC-based JWT signing and UCAN token generation - feat: add support for MPC-based JWT signing - feat: Implement MPC-based UCAN capabilities for smart accounts - feat: add address field to keyshareSource - feat: Add comprehensive MPC test suite for keyshares, UCAN tokens, and token attenuations - refactor: improve MPC keyshare management and signing process - feat: enhance MPC capability hierarchy documentation - refactor: rename GenerateKeyshares function to NewKeyshareSource for clarity - refactor: remove unused Ethereum address computation - feat: Add HasHandle and IsAuthenticated methods to HTTPContext - refactor: Add context.Context support to session HTTPContext - refactor: Resolve context interface conflicts in HTTPContext - feat: Add session ID context key and helper functions - feat: Update WebApp Page Rendering - refactor: Simplify context management by using single HTTPContext key - refactor: Simplify HTTPContext creation and context management in session middleware - refactor: refactor session middleware to use a single data structure - refactor: Simplify HTTPContext implementation and session data handling - refactor: Improve session context handling and prevent nil pointer errors - refactor: Improve session context handling with nil safety and type support - refactor: improve session data injection - feat: add full-screen modal component and update registration flow - chore: add .air.toml to .gitignore - feat: add Air to devbox and update dependencies** 2024-11-23 01:28:58 -05:00			`)`

			`var (`
			`// Zero is additive identity in the set of integers`
			`Zero = big.NewInt(0)`

			`// One is the multiplicative identity in the set of integers`
			`One = big.NewInt(1)`

			`// Two is the odd prime`
			`Two = big.NewInt(2)`
			`)`

			`// ConstantTimeEqByte determines if a, b have identical byte serialization`
			`// and signs. It uses the crypto/subtle package to get a constant time comparison`
			`// over byte representations. Return value is a byte which may be`
			`// useful in bitwise operations. Returns 0x1 if the two values have the`
			`// identical sign and byte representation; 0x0 otherwise.`
			`func ConstantTimeEqByte(a, b *big.Int) byte {`
			`if a == nil && a == b {`
			`return 1`
			`}`
			`if a == nil \|\| b == nil {`
			`return 0`
			`}`
			`// Determine if the byte representations are the same`
			`var sameBytes byte`
			`if subtle.ConstantTimeCompare(a.Bytes(), b.Bytes()) == 1 {`
			`sameBytes = 1`
			`} else {`
			`sameBytes = 0`
			`}`

			`// Determine if the signs are the same`
			`var sameSign byte`
			`if a.Sign() == b.Sign() {`
			`sameSign = 1`
			`} else {`
			`sameSign = 0`
			`}`

			`// Report the conjunction`
			`return sameBytes & sameSign`
			`}`

			`// ConstantTimeEq determines if a, b have identical byte serialization`
			`// and uses the crypto/subtle package to get a constant time comparison`
			`// over byte representations.`
			`func ConstantTimeEq(a, b *big.Int) bool {`
			`return ConstantTimeEqByte(a, b) == 1`
			`}`

			`// In determines ring membership before modular reduction: x ∈ Z_m`
			`// returns nil if 0 ≤ x < m`
			`func In(x, m *big.Int) error {`
			`if AnyNil(x, m) {`
			`return internal.ErrNilArguments`
			`}`
			`// subtle doesn't support constant time big.Int compare`
			`// just use big.Cmp for now`
			`// x ∈ Z_m ⇔ 0 ≤ x < m`
			`if x.Cmp(Zero) != -1 && x.Cmp(m) == -1 {`
			`return nil`
			`}`
			`return internal.ErrZmMembership`
			`}`

			`// Add (modular addition): z = x+y (modulo m)`
			`func Add(x, y, m big.Int) (big.Int, error) {`
			`if AnyNil(x, y) {`
			`return nil, internal.ErrNilArguments`
			`}`
			`z := new(big.Int).Add(x, y)`
			`// Compute the residue if one is specified, otherwise`
			`// we leave the value as an unbound integer`
			`if m != nil {`
			`z.Mod(z, m)`
			`}`
			`return z, nil`
			`}`

			`// Mul (modular multiplication): z = x*y (modulo m)`
			`func Mul(x, y, m big.Int) (big.Int, error) {`
			`if AnyNil(x, y) {`
			`return nil, internal.ErrNilArguments`
			`}`
			`z := new(big.Int).Mul(x, y)`

			`// Compute the residue if one is specified, otherwise`
			`// we leave the value as an unbound integer`
			`if m != nil {`
			`z.Mod(z, m)`
			`}`
			`return z, nil`
			`}`

			`// Exp (modular exponentiation): z = x^y (modulo m)`
			`func Exp(x, y, m big.Int) (big.Int, error) {`
			`if AnyNil(x, y) {`
			`return nil, internal.ErrNilArguments`
			`}`
			`// This wrapper looks silly, but it makes the calling code read more consistently.`
			`return new(big.Int).Exp(x, y, m), nil`
			`}`

			`// Neg (modular negation): z = -x (modulo m)`
			`func Neg(x, m big.Int) (big.Int, error) {`
			`if AnyNil(x, m) {`
			`return nil, internal.ErrNilArguments`
			`}`
			`z := new(big.Int).Neg(x)`
			`z.Mod(z, m)`
			`return z, nil`
			`}`

			`// Inv (modular inverse): returns y such that xy = 1 (modulo m).`
			`func Inv(x, m big.Int) (big.Int, error) {`
			`if AnyNil(x, m) {`
			`return nil, internal.ErrNilArguments`
			`}`
			`z := new(big.Int).ModInverse(x, m)`
			`if z == nil {`
			`return nil, fmt.Errorf("cannot compute the multiplicative inverse")`
			`}`
			`return z, nil`
			`}`

			`// Rand generates a cryptographically secure random integer in the range: 1 < r < m.`
			`func Rand(m big.Int) (big.Int, error) {`
			`if m == nil {`
			`return nil, internal.ErrNilArguments`
			`}`

			`// Select a random element, but not zero or one`
			`// The reason is the random element may be used as a Scalar or an exponent.`
			`// An exponent of 1 is generally acceptable because the generator can't be`
			`// 1. If a Scalar is combined with another Scalar like in fiat-shamir, it`
			`// offers no hiding properties when multiplied.`
			`for {`
			`result, err := crand.Int(crand.Reader, m)`
			`if err != nil {`
			`return nil, err`
			`}`

			`if result.Cmp(One) == 1 { // result > 1`
			`return result, nil`
			`}`
			`}`
			`}`

			`// AnyNil determines if any of values are nil`
			`func AnyNil(values ...*big.Int) bool {`
			`for _, x := range values {`
			`if x == nil {`
			`return true`
			`}`
			`}`
			`return false`
			`}`