mirror of
https://github.com/onsonr/sonr.git
synced 2025-03-10 13:07:09 +00:00
Prad Nukala
7c4586ce90
* feat: enable DID auth middleware * feat: implement passkey creation flow * feat: persist user address in cookie and retrieve user profile using address cookie * feat: implement human verification challenge during session initialization * refactor: remove unnecessary random number generation in profile creation * refactor: rename credential validation handler and update related routes * feat: improve profile validation and user experience * feat: add page rendering for profile and passkey creation * refactor: remove unused register handler and update routes * refactor: remove unused imports and simplify credential validation * fix: Correct insecure gRPC client connection * refactor: rename models files for better organization * refactor: refactor grpc client creation and management * refactor: refactor common clients package * <no value> * feat: add CapAccount, CapInterchain, CapVault enums * feat: add ChainId to ResAccount and ResInterchain * feat: add asset code to resource account enumeration * refactor: rename services package to providers * feat: implement gateway database interactions * refactor: move gateway repository to internal/gateway * refactor: Migrate database provider to use sqlx * refactor: Rename Vaults to VaultProvider in HTTPContext struct * refactor: Migrate from GORM to sqlc Queries in database context methods * refactor: Replace GORM with standard SQL and simplify database initialization * refactor: Migrate session management from GORM to sqlc with type conversion * refactor: Update import paths and model references in context package * fix: Resolve session type conversion and middleware issues * refactor: Migrate database from GORM to sqlx * refactor: Move models to pkg/common, improve code structure * refactor: move repository package to internal directory * refactor: move gateway internal packages to context directory * refactor: migrate database provider to use sqlx queries * feat: add session ID to HTTP context and use it to load session data * feat: implement vault creation API endpoint * feat: add DIDKey generation from PubKey * refactor: remove unused DIDAuth components * refactor: move DID auth controller to vault context * chore: remove unused DIDAuth package * refactor: improve clarity of enclave refresh function * feat: implement nonce-based key encryption for improved security * feat: Add Export and Import methods with comprehensive tests for Enclave * fix: Validate AES key length in keyshare encryption and decryption * fix: Resolve key length validation by hashing input keys * refactor: Update keyshare import to use protocol decoding * feat: Refactor enclave encryption to support full enclave export/import * refactor: Simplify Enclave interface methods by removing role parameter * refactor: remove unnecessary serialization from enclave interface * refactor: rename models package in gateway context * refactor: rename keystore vault constants * refactor: remove context parameter from Resolver methods * feat: add CurrentBlock context function and update related components * refactor: rename resolver.go to resolvers.go * feat: Add SQLite random() generation for session and profile initialization * refactor: Update SQL queries to use SQLite-style parameter placeholders * refactor: Replace '?' placeholders with '$n' PostgreSQL parameter syntax * <no value> * refactor: refactor gateway to use middleware for database interactions and improve modularity * feat: implement gateway for Sonr highway * refactor: Remove unused gateway context and refactor cookie/header handling * refactor: improve server initialization and middleware handling * feat: implement human verification for profile creation * feat: implement session management middleware * refactor: refactor common models and config to internal package * refactor: move env config to internal/config * refactor: move database-related code to directory * refactor: move IPFS client to common package and improve code structure * refactor: move querier to common package and rename to chain_query * refactor: move webworker model to internal/models * feat: add initial view template for Sonr.ID * docs(concepts): Add documentation for cosmos-proto * docs: move IBC transfer documentation to tools section * refactor: rename initpkl.go to pkl_init.go for better naming consistency * docs(theme): update dark mode toggle icons * refactor: update sqlite3 driver to ncruces/go-sqlite3 * feat: add Vault model and database interactions * refactor: Improve SQLite schema with better constraints and indexes * chore: update project dependencies * fix: use grpc.WithInsecure() for gRPC connection * config: set localhost as default Sonr gRPC URL * refactor: improve gateway middleware and refactor server initialization * refactor: Remove foreign key pragma from schema SQL * refactor: Remove foreign key constraints from database schema * refactor: Convert primary key columns from INTEGER to TEXT * refactor: Remove unnecessary redirect in error handling
171 lines
4.1 KiB
Go
171 lines
4.1 KiB
Go
package mpc
|
|
|
|
import (
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"errors"
|
|
"fmt"
|
|
"math/big"
|
|
|
|
"github.com/cosmos/cosmos-sdk/types/bech32"
|
|
"github.com/onsonr/sonr/crypto/core/curves"
|
|
"github.com/onsonr/sonr/crypto/core/protocol"
|
|
"github.com/onsonr/sonr/crypto/tecdsa/dklsv1"
|
|
"golang.org/x/crypto/sha3"
|
|
)
|
|
|
|
func checkIteratedErrors(aErr, bErr error) error {
|
|
if aErr == protocol.ErrProtocolFinished && bErr == protocol.ErrProtocolFinished {
|
|
return nil
|
|
}
|
|
if aErr != protocol.ErrProtocolFinished {
|
|
return aErr
|
|
}
|
|
if bErr != protocol.ErrProtocolFinished {
|
|
return bErr
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func computeSonrAddr(pp Point) (string, error) {
|
|
pk := pp.ToAffineCompressed()
|
|
sonrAddr, err := bech32.ConvertAndEncode("idx", pk)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
return sonrAddr, nil
|
|
}
|
|
|
|
func hashKey(key []byte) []byte {
|
|
hash := sha3.New256()
|
|
hash.Write(key)
|
|
return hash.Sum(nil)[:32] // Use first 32 bytes of hash
|
|
}
|
|
|
|
func decryptKeyshare(msg []byte, key []byte, nonce []byte) ([]byte, error) {
|
|
hashedKey := hashKey(key)
|
|
block, err := aes.NewCipher(hashedKey)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
aesgcm, err := cipher.NewGCM(block)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
plaintext, err := aesgcm.Open(nil, nonce, msg, nil)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return plaintext, nil
|
|
}
|
|
|
|
func encryptKeyshare(msg Message, key []byte, nonce []byte) ([]byte, error) {
|
|
hashedKey := hashKey(key)
|
|
msgBytes, err := protocol.EncodeMessage(msg)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
block, err := aes.NewCipher(hashedKey)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
aesgcm, err := cipher.NewGCM(block)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
ciphertext := aesgcm.Seal(nil, nonce, []byte(msgBytes), nil)
|
|
return ciphertext, nil
|
|
}
|
|
|
|
func getAliceOut(msg *protocol.Message) (AliceOut, error) {
|
|
return dklsv1.DecodeAliceDkgResult(msg)
|
|
}
|
|
|
|
func getAlicePubPoint(msg *protocol.Message) (Point, error) {
|
|
out, err := dklsv1.DecodeAliceDkgResult(msg)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return out.PublicKey, nil
|
|
}
|
|
|
|
func getBobOut(msg *protocol.Message) (BobOut, error) {
|
|
return dklsv1.DecodeBobDkgResult(msg)
|
|
}
|
|
|
|
func getBobPubPoint(msg *protocol.Message) (Point, error) {
|
|
out, err := dklsv1.DecodeBobDkgResult(msg)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return out.PublicKey, nil
|
|
}
|
|
|
|
// getEcdsaPoint builds an elliptic curve point from a compressed byte slice
|
|
func getEcdsaPoint(pubKey []byte) (*curves.EcPoint, error) {
|
|
crv := curves.K256()
|
|
x := new(big.Int).SetBytes(pubKey[1:33])
|
|
y := new(big.Int).SetBytes(pubKey[33:])
|
|
ecCurve, err := crv.ToEllipticCurve()
|
|
if err != nil {
|
|
return nil, fmt.Errorf("error converting curve: %v", err)
|
|
}
|
|
return &curves.EcPoint{X: x, Y: y, Curve: ecCurve}, nil
|
|
}
|
|
|
|
func serializeSignature(sig *curves.EcdsaSignature) ([]byte, error) {
|
|
if sig == nil {
|
|
return nil, errors.New("nil signature")
|
|
}
|
|
|
|
rBytes := sig.R.Bytes()
|
|
sBytes := sig.S.Bytes()
|
|
|
|
// Ensure both components are 32 bytes
|
|
rPadded := make([]byte, 32)
|
|
sPadded := make([]byte, 32)
|
|
copy(rPadded[32-len(rBytes):], rBytes)
|
|
copy(sPadded[32-len(sBytes):], sBytes)
|
|
|
|
// Concatenate R and S
|
|
result := make([]byte, 64)
|
|
copy(result[0:32], rPadded)
|
|
copy(result[32:64], sPadded)
|
|
|
|
return result, nil
|
|
}
|
|
|
|
func deserializeSignature(sigBytes []byte) (*curves.EcdsaSignature, error) {
|
|
if len(sigBytes) != 64 {
|
|
return nil, fmt.Errorf("invalid signature length: expected 64 bytes, got %d", len(sigBytes))
|
|
}
|
|
|
|
r := new(big.Int).SetBytes(sigBytes[:32])
|
|
s := new(big.Int).SetBytes(sigBytes[32:])
|
|
|
|
return &curves.EcdsaSignature{
|
|
R: r,
|
|
S: s,
|
|
}, nil
|
|
}
|
|
|
|
func userSignFunc(k *keyEnclave, bz []byte) (SignFunc, error) {
|
|
curve := curves.K256()
|
|
return dklsv1.NewBobSign(curve, sha3.New256(), bz, k.UserShare, protocol.Version1)
|
|
}
|
|
|
|
func userRefreshFunc(k *keyEnclave) (RefreshFunc, error) {
|
|
curve := curves.K256()
|
|
return dklsv1.NewBobRefresh(curve, k.UserShare, protocol.Version1)
|
|
}
|
|
|
|
func valSignFunc(k *keyEnclave, bz []byte) (SignFunc, error) {
|
|
curve := curves.K256()
|
|
return dklsv1.NewAliceSign(curve, sha3.New256(), bz, k.ValShare, protocol.Version1)
|
|
}
|
|
|
|
func valRefreshFunc(k *keyEnclave) (RefreshFunc, error) {
|
|
curve := curves.K256()
|
|
return dklsv1.NewAliceRefresh(curve, k.ValShare, protocol.Version1)
|
|
}
|