go/sonr
go/sonr
1
1
Fork 0
mirror of https://github.com/onsonr/sonr.git synced 2025-03-10 21:09:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
sonr/crypto/core/hash.go

273 lines
6.1 KiB
Go
Raw Normal View History

feature/1114 implement account interface (#1167) - **refactor: move session-related code to middleware package** - **refactor: update PKL build process and adjust related configurations** - **feat: integrate base.cosmos.v1 Genesis module** - **refactor: pass session context to modal rendering functions** - **refactor: move nebula package to app directory and update templ version** - **refactor: Move home section video view to dedicated directory** - **refactor: remove unused views file** - **refactor: move styles and UI components to global scope** - **refactor: Rename images.go to cdn.go** - **feat: Add Empty State Illustrations** - **refactor: Consolidate Vault Index Logic** - **fix: References to App.wasm and remove Vault Directory embedded CDN files** - **refactor: Move CDN types to Models** - **fix: Correct line numbers in templ error messages for arch_templ.go** - **refactor: use common types for peer roles** - **refactor: move common types and ORM to a shared package** - **fix: Config import dwn** - **refactor: move nebula directory to app** - **feat: Rebuild nebula** - **fix: correct file paths in panels templates** - **feat: Remove duplicate types** - **refactor: Move dwn to pkg/core** - **refactor: Binary Structure** - **feat: Introduce Crypto Pkg** - **fix: Broken Process Start** - **feat: Update pkg/* structure** - **feat: Refactor PKL Structure** - **build: update pkl build process** - **chore: Remove Empty Files** - **refactor: remove unused macaroon package** - **feat: Add WebAwesome Components** - **refactor: consolidate build and generation tasks into a single taskfile, remove redundant makefile targets** - **refactor: refactor server and move components to pkg/core/dwn** - **build: update go modules** - **refactor: move gateway logic into dedicated hway command** - **feat: Add KSS (Krawczyk-Song-Song) MPC cryptography module** - **feat: Implement MPC-based JWT signing and UCAN token generation** - **feat: add support for MPC-based JWT signing** - **feat: Implement MPC-based UCAN capabilities for smart accounts** - **feat: add address field to keyshareSource** - **feat: Add comprehensive MPC test suite for keyshares, UCAN tokens, and token attenuations** - **refactor: improve MPC keyshare management and signing process** - **feat: enhance MPC capability hierarchy documentation** - **refactor: rename GenerateKeyshares function to NewKeyshareSource for clarity** - **refactor: remove unused Ethereum address computation** - **feat: Add HasHandle and IsAuthenticated methods to HTTPContext** - **refactor: Add context.Context support to session HTTPContext** - **refactor: Resolve context interface conflicts in HTTPContext** - **feat: Add session ID context key and helper functions** - **feat: Update WebApp Page Rendering** - **refactor: Simplify context management by using single HTTPContext key** - **refactor: Simplify HTTPContext creation and context management in session middleware** - **refactor: refactor session middleware to use a single data structure** - **refactor: Simplify HTTPContext implementation and session data handling** - **refactor: Improve session context handling and prevent nil pointer errors** - **refactor: Improve session context handling with nil safety and type support** - **refactor: improve session data injection** - **feat: add full-screen modal component and update registration flow** - **chore: add .air.toml to .gitignore** - **feat: add Air to devbox and update dependencies**
2024-11-23 01:28:58 -05:00
//
// Copyright Coinbase, Inc. All Rights Reserved.
//
// SPDX-License-Identifier: Apache-2.0
//
package core
import (
"bytes"
"crypto/elliptic"
"crypto/sha256"
"fmt"
"hash"
"math"
"math/big"
"github.com/btcsuite/btcd/btcec/v2"
"golang.org/x/crypto/hkdf"
feature/1121 implement ucan validation (#1176) - **refactor: remove unused auth components** - **refactor: improve devbox configuration and deployment process** - **refactor: improve devnet and testnet setup** - **fix: update templ version to v0.2.778** - **refactor: rename pkl/net.matrix to pkl/matrix.net** - **refactor: migrate webapp components to nebula** - **refactor: protobuf types** - **chore: update dependencies for improved security and stability** - **feat: implement landing page and vault gateway servers** - **refactor: Migrate data models to new module structure and update related files** - **feature/1121-implement-ucan-validation** - **refactor: Replace hardcoded constants with model types in attns.go** - **feature/1121-implement-ucan-validation** - **chore: add origin Host struct and update main function to handle multiple hosts** - **build: remove unused static files from dwn module** - **build: remove unused static files from dwn module** - **refactor: Move DWN models to common package** - **refactor: move models to pkg/common** - **refactor: move vault web app assets to embed module** - **refactor: update session middleware import path** - **chore: configure port labels and auto-forwarding behavior** - **feat: enhance devcontainer configuration** - **feat: Add UCAN middleware for Echo with flexible token validation** - **feat: add JWT middleware for UCAN authentication** - **refactor: update package URI and versioning in PklProject files** - **fix: correct sonr.pkl import path** - **refactor: move JWT related code to auth package** - **feat: introduce vault configuration retrieval and management** - **refactor: Move vault components to gateway module and update file paths** - **refactor: remove Dexie and SQLite database implementations** - **feat: enhance frontend with PWA features and WASM integration** - **feat: add Devbox features and streamline Dockerfile** - **chore: update dependencies to include TigerBeetle** - **chore(deps): update go version to 1.23** - **feat: enhance devnet setup with PATH environment variable and updated PWA manifest** - **fix: upgrade tigerbeetle-go dependency and remove indirect dependency** - **feat: add PostgreSQL support to devnet and testnet deployments** - **refactor: rename keyshare cookie to token cookie** - **feat: upgrade Go version to 1.23.3 and update dependencies** - **refactor: update devnet and testnet configurations** - **feat: add IPFS configuration for devnet** - **I'll help you update the ipfs.config.pkl to include all the peers from the shell script. Here's the updated configuration:** - **refactor: move mpc package to crypto directory** - **feat: add BIP32 support for various cryptocurrencies** - **feat: enhance ATN.pkl with additional capabilities** - **refactor: simplify smart account and vault attenuation creation** - **feat: add new capabilities to the Attenuation type** - **refactor: Rename MPC files for clarity and consistency** - **feat: add DIDKey support for cryptographic operations** - **feat: add devnet and testnet deployment configurations** - **fix: correct key derivation in bip32 package** - **refactor: rename crypto/bip32 package to crypto/accaddr** - **fix: remove duplicate indirect dependency** - **refactor: move vault package to root directory** - **refactor: update routes for gateway and vault** - **refactor: remove obsolete web configuration file** - **refactor: remove unused TigerBeetle imports and update host configuration** - **refactor: adjust styles directory path** - **feat: add broadcastTx and simulateTx functions to gateway** - **feat: add PinVault handler**
2024-12-02 14:27:18 -05:00
"github.com/onsonr/sonr/crypto/internal"
feature/1114 implement account interface (#1167) - **refactor: move session-related code to middleware package** - **refactor: update PKL build process and adjust related configurations** - **feat: integrate base.cosmos.v1 Genesis module** - **refactor: pass session context to modal rendering functions** - **refactor: move nebula package to app directory and update templ version** - **refactor: Move home section video view to dedicated directory** - **refactor: remove unused views file** - **refactor: move styles and UI components to global scope** - **refactor: Rename images.go to cdn.go** - **feat: Add Empty State Illustrations** - **refactor: Consolidate Vault Index Logic** - **fix: References to App.wasm and remove Vault Directory embedded CDN files** - **refactor: Move CDN types to Models** - **fix: Correct line numbers in templ error messages for arch_templ.go** - **refactor: use common types for peer roles** - **refactor: move common types and ORM to a shared package** - **fix: Config import dwn** - **refactor: move nebula directory to app** - **feat: Rebuild nebula** - **fix: correct file paths in panels templates** - **feat: Remove duplicate types** - **refactor: Move dwn to pkg/core** - **refactor: Binary Structure** - **feat: Introduce Crypto Pkg** - **fix: Broken Process Start** - **feat: Update pkg/* structure** - **feat: Refactor PKL Structure** - **build: update pkl build process** - **chore: Remove Empty Files** - **refactor: remove unused macaroon package** - **feat: Add WebAwesome Components** - **refactor: consolidate build and generation tasks into a single taskfile, remove redundant makefile targets** - **refactor: refactor server and move components to pkg/core/dwn** - **build: update go modules** - **refactor: move gateway logic into dedicated hway command** - **feat: Add KSS (Krawczyk-Song-Song) MPC cryptography module** - **feat: Implement MPC-based JWT signing and UCAN token generation** - **feat: add support for MPC-based JWT signing** - **feat: Implement MPC-based UCAN capabilities for smart accounts** - **feat: add address field to keyshareSource** - **feat: Add comprehensive MPC test suite for keyshares, UCAN tokens, and token attenuations** - **refactor: improve MPC keyshare management and signing process** - **feat: enhance MPC capability hierarchy documentation** - **refactor: rename GenerateKeyshares function to NewKeyshareSource for clarity** - **refactor: remove unused Ethereum address computation** - **feat: Add HasHandle and IsAuthenticated methods to HTTPContext** - **refactor: Add context.Context support to session HTTPContext** - **refactor: Resolve context interface conflicts in HTTPContext** - **feat: Add session ID context key and helper functions** - **feat: Update WebApp Page Rendering** - **refactor: Simplify context management by using single HTTPContext key** - **refactor: Simplify HTTPContext creation and context management in session middleware** - **refactor: refactor session middleware to use a single data structure** - **refactor: Simplify HTTPContext implementation and session data handling** - **refactor: Improve session context handling and prevent nil pointer errors** - **refactor: Improve session context handling with nil safety and type support** - **refactor: improve session data injection** - **feat: add full-screen modal component and update registration flow** - **chore: add .air.toml to .gitignore** - **feat: add Air to devbox and update dependencies**
2024-11-23 01:28:58 -05:00
)
type HashField struct {
// F_p^k
Order *big.Int // p^k
Characteristic *big.Int // p
ExtensionDegree *big.Int // k
}
type Params struct {
F *HashField
SecurityParameter int
Hash func() hash.Hash
L int
}
func getParams(curve elliptic.Curve) (*Params, error) {
switch curve.Params().Name {
case btcec.S256().Name, elliptic.P256().Params().Name:
return &Params{
F: &HashField{
Order: curve.Params().P,
Characteristic: curve.Params().P,
ExtensionDegree: new(big.Int).SetInt64(1),
},
SecurityParameter: 128,
Hash: sha256.New,
L: 48,
}, nil
case "Bls12381G1":
return &Params{
F: &HashField{
Order: curve.Params().P,
Characteristic: curve.Params().P,
ExtensionDegree: new(big.Int).SetInt64(1),
},
SecurityParameter: 128,
Hash: sha256.New,
L: 48,
}, nil
case "ed25519":
return &Params{
F: &HashField{
Order: curve.Params().P,
Characteristic: curve.Params().P,
ExtensionDegree: new(big.Int).SetInt64(1),
},
SecurityParameter: 128,
Hash: sha256.New,
L: 48,
}, nil
default:
return nil, fmt.Errorf("not implemented: %s", curve.Params().Name)
}
}
func I2OSP(b, n int) []byte {
os := new(big.Int).SetInt64(int64(b)).Bytes()
if n > len(os) {
var buf bytes.Buffer
buf.Write(make([]byte, n-len(os)))
buf.Write(os)
return buf.Bytes()
}
return os[:n]
}
func OS2IP(os []byte) *big.Int {
return new(big.Int).SetBytes(os)
}
func hashThis(f func() hash.Hash, this []byte) ([]byte, error) {
h := f()
w, err := h.Write(this)
if w != len(this) {
return nil, fmt.Errorf("bytes written to hash doesn't match expected")
} else if err != nil {
return nil, err
}
v := h.Sum(nil)
return v, nil
}
func concat(xs ...[]byte) []byte {
var result []byte
for _, x := range xs {
result = append(result, x...)
}
return result
}
func xor(b1, b2 []byte) []byte {
// b1 and b2 must be same length
result := make([]byte, len(b1))
for i := range b1 {
result[i] = b1[i] ^ b2[i]
}
return result
}
func ExpandMessageXmd(f func() hash.Hash, msg, DST []byte, lenInBytes int) ([]byte, error) {
// https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-10#section-5.4.1
// step 1
ell := int(math.Ceil(float64(lenInBytes) / float64(f().Size())))
// step 2
if ell > 255 {
return nil, fmt.Errorf("ell > 255")
}
// step 3
dstPrime := append(DST, I2OSP(len(DST), 1)...)
// step 4
zPad := I2OSP(0, f().BlockSize())
// step 5 & 6
msgPrime := concat(zPad, msg, I2OSP(lenInBytes, 2), I2OSP(0, 1), dstPrime)
var err error
b := make([][]byte, ell+1)
// step 7
b[0], err = hashThis(f, msgPrime)
if err != nil {
return nil, err
}
// step 8
b[1], err = hashThis(f, concat(b[0], I2OSP(1, 1), dstPrime))
if err != nil {
return nil, err
}
// step 9
for i := 2; i <= ell; i++ {
// step 10
b[i], err = hashThis(f, concat(xor(b[0], b[i-1]), I2OSP(i, 1), dstPrime))
if err != nil {
return nil, err
}
}
// step 11
uniformBytes := concat(b[1:]...)
// step 12
return uniformBytes[:lenInBytes], nil
}
func hashToField(msg []byte, count int, curve elliptic.Curve) ([][]*big.Int, error) {
// https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-10#section-5.3
parameters, err := getParams(curve)
if err != nil {
return nil, err
}
f := parameters.Hash
DST := []byte("Coinbase_tECDSA")
m := int(parameters.F.ExtensionDegree.Int64())
L := parameters.L
// step 1
lenInBytes := count * m * L
// step 2
uniformBytes, err := ExpandMessageXmd(f, msg, DST, lenInBytes)
if err != nil {
return nil, err
}
u := make([][]*big.Int, count)
// step 3
for i := 0; i < count; i++ {
e := make([]*big.Int, m)
// step 4
for j := 0; j < m; j++ {
// step 5
elmOffset := L * (j + i*m)
// step 6
tv := uniformBytes[elmOffset : elmOffset+L]
// step 7
e[j] = new(big.Int).Mod(OS2IP(tv), parameters.F.Characteristic)
}
// step 8
u[i] = e
}
// step 9
return u, nil
}
func Hash(msg []byte, curve elliptic.Curve) (*big.Int, error) {
u, err := hashToField(msg, 1, curve)
if err != nil {
return nil, err
}
return u[0][0], nil
}
// fiatShamir computes the HKDF over many values
// iteratively such that each value is hashed separately
// and based on preceding values
//
// The first value is computed as okm_0 = KDF(f || value) where
// f is a byte slice of 32 0xFF
// salt is zero-filled byte slice with length equal to the hash output length
// info is the protocol name
// okm is the 32 byte output
//
// The each subsequent iteration is computed by as okm_i = KDF(f_i || value || okm_{i-1})
// where f_i = 2^b - 1 - i such that there are 0xFF bytes prior to the value.
// f_1 changes the first byte to 0xFE, f_2 to 0xFD. The previous okm is appended to the value
// to provide cryptographic domain separation.
// See https://signal.org/docs/specifications/x3dh/#cryptographic-notation
// and https://signal.org/docs/specifications/xeddsa/#hash-functions
// for more details.
// This uses the KDF function similar to X3DH for each `value`
// But changes the key just like XEdDSA where the prefix bytes change by a single bit
func FiatShamir(values ...*big.Int) ([]byte, error) {
// Don't accept any nil arguments
if AnyNil(values...) {
return nil, internal.ErrNilArguments
}
info := []byte("Coinbase tECDSA 1.0")
salt := make([]byte, 32)
okm := make([]byte, 32)
f := bytes.Repeat([]byte{0xFF}, 32)
for _, b := range values {
ikm := append(f, b.Bytes()...)
ikm = append(ikm, okm...)
kdf := hkdf.New(sha256.New, ikm, salt, info)
n, err := kdf.Read(okm)
if err != nil {
return nil, err
}
if n != len(okm) {
return nil, fmt.Errorf("unable to read expected number of bytes want=%v got=%v", len(okm), n)
}
internal.ByteSub(f)
}
return okm, nil
}
Reference in New Issue Copy Permalink