go/sonr
go/sonr
1
1
Fork 0
mirror of https://github.com/onsonr/sonr.git synced 2025-03-10 21:09:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
sonr/crypto/signatures/schnorr/nem/ed25519_keccak.go
Prad Nukala 31bcc21c35
feature/1121 implement ucan validation (#1176) 
- **refactor: remove unused auth components**
- **refactor: improve devbox configuration and deployment process**
- **refactor: improve devnet and testnet setup**
- **fix: update templ version to v0.2.778**
- **refactor: rename pkl/net.matrix to pkl/matrix.net**
- **refactor: migrate webapp components to nebula**
- **refactor: protobuf types**
- **chore: update dependencies for improved security and stability**
- **feat: implement landing page and vault gateway servers**
- **refactor: Migrate data models to new module structure and update
related files**
- **feature/1121-implement-ucan-validation**
- **refactor: Replace hardcoded constants with model types in attns.go**
- **feature/1121-implement-ucan-validation**
- **chore: add origin Host struct and update main function to handle
multiple hosts**
- **build: remove unused static files from dwn module**
- **build: remove unused static files from dwn module**
- **refactor: Move DWN models to common package**
- **refactor: move models to pkg/common**
- **refactor: move vault web app assets to embed module**
- **refactor: update session middleware import path**
- **chore: configure port labels and auto-forwarding behavior**
- **feat: enhance devcontainer configuration**
- **feat: Add UCAN middleware for Echo with flexible token validation**
- **feat: add JWT middleware for UCAN authentication**
- **refactor: update package URI and versioning in PklProject files**
- **fix: correct sonr.pkl import path**
- **refactor: move JWT related code to auth package**
- **feat: introduce vault configuration retrieval and management**
- **refactor: Move vault components to gateway module and update file
paths**
- **refactor: remove Dexie and SQLite database implementations**
- **feat: enhance frontend with PWA features and WASM integration**
- **feat: add Devbox features and streamline Dockerfile**
- **chore: update dependencies to include TigerBeetle**
- **chore(deps): update go version to 1.23**
- **feat: enhance devnet setup with PATH environment variable and
updated PWA manifest**
- **fix: upgrade tigerbeetle-go dependency and remove indirect
dependency**
- **feat: add PostgreSQL support to devnet and testnet deployments**
- **refactor: rename keyshare cookie to token cookie**
- **feat: upgrade Go version to 1.23.3 and update dependencies**
- **refactor: update devnet and testnet configurations**
- **feat: add IPFS configuration for devnet**
- **I'll help you update the ipfs.config.pkl to include all the peers
from the shell script. Here's the updated configuration:**
- **refactor: move mpc package to crypto directory**
- **feat: add BIP32 support for various cryptocurrencies**
- **feat: enhance ATN.pkl with additional capabilities**
- **refactor: simplify smart account and vault attenuation creation**
- **feat: add new capabilities to the Attenuation type**
- **refactor: Rename MPC files for clarity and consistency**
- **feat: add DIDKey support for cryptographic operations**
- **feat: add devnet and testnet deployment configurations**
- **fix: correct key derivation in bip32 package**
- **refactor: rename crypto/bip32 package to crypto/accaddr**
- **fix: remove duplicate indirect dependency**
- **refactor: move vault package to root directory**
- **refactor: update routes for gateway and vault**
- **refactor: remove obsolete web configuration file**
- **refactor: remove unused TigerBeetle imports and update host
configuration**
- **refactor: adjust styles directory path**
- **feat: add broadcastTx and simulateTx functions to gateway**
- **feat: add PinVault handler**
2024-12-02 14:27:18 -05:00

321 lines
8.2 KiB
Go
Executable File
Raw Blame History

//
// Copyright Coinbase, Inc. All Rights Reserved.
//
// SPDX-License-Identifier: Apache-2.0
//
// This file implements the Ed25519 signature algorithm. See
// https://ed25519.cr.yp.to/.
//
// These functions are also compatible with the “Ed25519” function defined in
// RFC 8032. However, unlike RFC 8032's formulation, this package's private key
// representation includes a public key suffix to make multiple signing
// operations with the same key more efficient. This package refers to the RFC
// 8032 private key as the “seed”.
// This code is a port of the public domain, “ref10” implementation of ed25519
// from SUPERCOP.
package nem
import (
"bytes"
"crypto"
cryptorand "crypto/rand"
"fmt"
"io"
"strconv"
"filippo.io/edwards25519"
"golang.org/x/crypto/sha3"
"github.com/onsonr/sonr/crypto/internal"
)
const (
// PublicKeySize is the size, in bytes, of public keys as used in this package.
PublicKeySize = 32
// PrivateKeySize is the size, in bytes, of private keys as used in this package.
PrivateKeySize = 64
// SignatureSize is the size, in bytes, of signatures generated and verified by this package.
SignatureSize = 64
// SeedSize is the size, in bytes, of private key seeds. These are the private key representations used by RFC 8032.
SeedSize = 32
)
// PublicKey is the type of Ed25519 public keys.
type PublicKey []byte
// PrivateKey is the type of Ed25519 private keys. It implements crypto.Signer.
type PrivateKey []byte
// Bytes returns the publicKey in byte array
func (p PublicKey) Bytes() []byte {
return p
}
// Public returns the PublicKey corresponding to priv.
func (priv PrivateKey) Public() crypto.PublicKey {
publicKey := make([]byte, PublicKeySize)
copy(publicKey, priv[32:])
return PublicKey(publicKey)
}
func Keccak512(data []byte) ([]byte, error) {
k512 := sha3.NewLegacyKeccak512()
_, err := k512.Write(data)
if err != nil {
return nil, err
}
return k512.Sum(nil), nil
}
// Seed returns the private key seed corresponding to priv. It is provided for
// interoperability with RFC 8032. RFC 8032's private keys correspond to seeds
// in this package.
func (priv PrivateKey) Seed() []byte {
seed := make([]byte, SeedSize)
copy(seed, priv[:32])
return seed
}
// Sign signs the given message with priv.
// Ed25519 performs two passes over messages to be signed and therefore cannot
// handle pre-hashed messages. Thus opts.HashFunc() must return zero to
// indicate the message hasn't been hashed. This can be achieved by passing
// crypto.Hash(0) as the value for opts.
func (priv PrivateKey) Sign(rand io.Reader, message []byte, opts crypto.SignerOpts) (signature []byte, err error) {
if opts.HashFunc() != crypto.Hash(0) {
return nil, fmt.Errorf("ed25519: cannot sign hashed message")
}
sig, err := Sign(priv, message)
if err != nil {
return nil, err
}
return sig, nil
}
// GenerateKey generates a public/private key pair using entropy from rand.
// If rand is nil, crypto/rand.Reader will be used.
func GenerateKey(rand io.Reader) (PublicKey, PrivateKey, error) {
if rand == nil {
rand = cryptorand.Reader
}
seed := make([]byte, SeedSize)
if _, err := io.ReadFull(rand, seed); err != nil {
return nil, nil, err
}
privateKey, err := NewKeyFromSeed(seed)
if err != nil {
return nil, nil, err
}
publicKey := make([]byte, PublicKeySize)
copy(publicKey, privateKey[32:])
return publicKey, privateKey, nil
}
// NewKeyFromSeed calculates a private key from a seed. It will panic if
// len(seed) is not SeedSize. This function is provided for interoperability
// with RFC 8032. RFC 8032's private keys correspond to seeds in this
// package.
func NewKeyFromSeed(seed []byte) (PrivateKey, error) {
// Outline the function body so that the returned key can be stack-allocated.
privateKey := make([]byte, PrivateKeySize)
err := newKeyFromSeed(privateKey, seed)
if err != nil {
return nil, err
}
return privateKey, nil
}
func newKeyFromSeed(privateKey, seed []byte) error {
if l := len(seed); l != SeedSize {
return fmt.Errorf("ed25519: bad seed length: " + strconv.Itoa(l))
}
// Weird required step to get compatibility with the NEM test vectors
// Have to reverse the bytes from the given seed
digest, err := Keccak512(internal.ReverseScalarBytes(seed))
if err != nil {
return err
}
sc, err := edwards25519.NewScalar().SetBytesWithClamping(digest[:32])
if err != nil {
return err
}
A := edwards25519.Point{}
A.ScalarBaseMult(sc)
publicKeyBytes := A.Bytes()
copy(privateKey, seed)
copy(privateKey[32:], publicKeyBytes[:])
return nil
}
// Sign signs the message with privateKey and returns a signature. It will
// panic if len(privateKey) is not PrivateKeySize.
func Sign(privateKey PrivateKey, message []byte) ([]byte, error) {
// Outline the function body so that the returned signature can be
// stack-allocated.
signature := make([]byte, SignatureSize)
err := sign(signature, privateKey, message)
if err != nil {
return nil, err
}
return signature, nil
}
func sign(signature, privateKey, message []byte) error {
if l := len(privateKey); l != PrivateKeySize {
return fmt.Errorf("ed25519: bad private key length: " + strconv.Itoa(l))
}
seed := privateKey[:32]
digest, err := Keccak512(internal.ReverseScalarBytes(seed))
if err != nil {
return err
}
// H(seed) ie. privkey
expandedSecretKey := digest[:32]
sc, err := edwards25519.NewScalar().SetBytesWithClamping(expandedSecretKey)
if err != nil {
return err
}
// r = H(H(seed) + msg)
hEngine := sha3.NewLegacyKeccak512()
_, err = hEngine.Write(digest[32:])
if err != nil {
return err
}
_, err = hEngine.Write(message)
if err != nil {
return err
}
var hOut1 [64]byte
hEngine.Sum(hOut1[:0])
// hash output -> scalar
// Take 64 byte output from keccak512 so need to set bytes as long
r, err := edwards25519.NewScalar().SetUniformBytes(hOut1[:])
if err != nil {
return err
}
// R = r*G
R := edwards25519.Point{}
R.ScalarBaseMult(r)
RBytes := R.Bytes()
// s = H(R + pubkey + msg)
hEngine.Reset()
_, err = hEngine.Write(RBytes)
if err != nil {
return err
}
_, err = hEngine.Write(privateKey[32:])
if err != nil {
return err
}
_, err = hEngine.Write(message)
if err != nil {
return err
}
var hOut2 [64]byte
hEngine.Sum(hOut2[:0])
// hash output -> scalar
// Take 64 byte output from keccak512 so need to set bytes as long
h, err := edwards25519.NewScalar().SetUniformBytes(hOut2[:])
if err != nil {
return err
}
// s = (r + h * privKey)
s := edwards25519.NewScalar().MultiplyAdd(h, sc, r)
copy(signature[:], RBytes)
copy(signature[32:], s.Bytes())
return nil
}
// Verify reports whether sig is a valid signature of message by publicKey. It
// will panic if len(publicKey) is not PublicKeySize.
// Previously publicKey is of type PublicKey
func Verify(publicKey PublicKey, message, sig []byte) (bool, error) {
if l := len(publicKey); l != PublicKeySize {
return false, fmt.Errorf("ed25519: bad public key length: " + strconv.Itoa(l))
}
if len(sig) != SignatureSize || sig[63]&224 != 0 {
return false, fmt.Errorf("ed25519: bad signature size: " + strconv.Itoa(len(sig)))
}
RBytes := sig[:32]
sBytes := sig[32:]
var publicKeyBytes [32]byte
copy(publicKeyBytes[:], publicKey)
A := edwards25519.Point{}
_, err := A.SetBytes(publicKeyBytes[:])
if err != nil {
return false, err
}
negA := edwards25519.Point{}
negA.Negate(&A)
// h = H(R + pubkey + msg)
hEngine := sha3.NewLegacyKeccak512()
_, err = hEngine.Write(RBytes)
if err != nil {
return false, err
}
_, err = hEngine.Write(publicKeyBytes[:])
if err != nil {
return false, err
}
_, err = hEngine.Write(message)
if err != nil {
return false, err
}
var hOut1 [64]byte
hEngine.Sum(hOut1[:0])
// hash output -> scalar
// Take 64 byte output from keccak512 so need to set bytes as long
h, err := edwards25519.NewScalar().SetUniformBytes(hOut1[:])
if err != nil {
return false, err
}
// s was generated in sign so can set as canonical
s, err := edwards25519.NewScalar().SetCanonicalBytes(sBytes)
if err != nil {
return false, err
}
// R' = s*G - h*Pubkey = h*negPubkey + s*G
RPrime := edwards25519.Point{}
RPrime.VarTimeDoubleScalarBaseMult(h, &negA, s)
RPrimeBytes := RPrime.Bytes()
// Check R == R'
return bytes.Equal(RBytes, RPrimeBytes), nil
}
Reference in New Issue View Git Blame Copy Permalink