Merge pull request #299 from getamis/addSelfEd25519AndMethod-2

Fix edwards cruve CompressedPublicKey

Author: markya0616

.gitignore

@@ -19,6 +19,7 @@ profile.out
 
 /tools/*
 !/tools/*.mk
+!/tools/tools.go
 
 # Exclude example binaries
 example/example

.travis.yml

@@ -28,7 +28,7 @@ notifications:
 # .golangci.yml file at the top level of your repo.
 script:
   - make tss-example || travis_terminate 1; # Build tss-example to make sure example is executable.
-  - make lint || travis_terminate 1;        # Run a bunch of code checkers/linters in parallel.
+  - make install-golinter || make lint || travis_terminate 1;        # Run a bunch of code checkers/linters in parallel.
   - make unit-test || travis_terminate 1;   # Run all the tests with the race detector enabled.
 
 after_success:

crypto/binaryquadraticform/interface.go

@@ -18,7 +18,7 @@ import (
 	"math/big"
 )
 
-//go:generate mockery --name Exper
+//go:generate go run github.com/vektra/mockery/v2 --name Exper
 type Exper interface {
 	Exp(power *big.Int) (*BQuadraticForm, error)
 	ToMessage() *BQForm

crypto/binaryquadraticform/mocks/Exper.go

@@ -16,20 +16,23 @@ package elliptic
 
 import (
 	"crypto/elliptic"
+	"crypto/sha512"
 	"math/big"
 
-	ED25519 "crypto/ed25519"
+	"filippo.io/edwards25519"
 
-	"github.com/decred/dcrd/dcrec/edwards"
+	edwards "github.com/decred/dcrd/dcrec/edwards"
+)
+
+const (
+	CurveTypeEd25519 CurveType = "ed25519"
 )
 
 var (
 	big1         = big.NewInt(1)
 	ed25519Curve = &ed25519{
 		Curve: edwards.Edwards(),
 	}
-
-	BIP32ED25519 = "bip32"
 )
 
 type ed25519 struct {
@@ -46,20 +49,27 @@ func (ed *ed25519) Neg(x, y *big.Int) (*big.Int, *big.Int) {
 	return negativeX.Mod(negativeX, ed.Params().P), new(big.Int).Set(y)
 }
 
-func (ed *ed25519) Type() string {
-	return "ed25519"
+func (ed *ed25519) Type() CurveType {
+	return CurveTypeEd25519
 }
 
 func (ed *ed25519) Slip10SeedList() []byte {
 	return []byte("ed25519 seed")
 }
 
-func (ed *ed25519) CompressedPublicKey(secret *big.Int, method string) []byte {
-	if method == BIP32ED25519 {
-		x, y := edwards.Edwards().ScalarBaseMult(secret.Bytes()[:32])
-		return edwards.BigIntPointToEncodedBytes(x, y)[:]
-	} else {
-		privateKey := ED25519.NewKeyFromSeed(secret.Bytes()[:32])
-		return privateKey[32:]
+func (ed *ed25519) CompressedPoint(s *big.Int, isHash bool) []byte {
+	if isHash {
+		sha512 := sha512.New()
+		sha512.Write(s.Bytes()[:32])
+		h := sha512.Sum(nil)
+		return pubKeyRFC8032Compression(h[:32])
 	}
+	return pubKeyRFC8032Compression(s.Bytes()[:32])
+}
+
+func pubKeyRFC8032Compression(secret []byte) []byte {
+	s := edwards25519.NewScalar()
+	s, _ = s.SetBytesWithClamping(secret)
+	v := edwards25519.NewGeneratorPoint().ScalarMult(s, edwards25519.NewGeneratorPoint())
+	return v.Bytes()
 }

crypto/elliptic/ed25519.go

@@ -34,12 +34,16 @@ var _ = Describe("ed25519", func() {
 		})
 	})
 	// Test vectors : https://asecuritysite.com/ecc/eddsa4
-	DescribeTable("Compressed PubKey", func(secrethex string, expected string) {
+	DescribeTable("Compressed Point", func(secrethex string, expected string, isHash bool) {
 		secret, _ := new(big.Int).SetString(secrethex, 16)
-		Expect(hex.EncodeToString(Ed25519().CompressedPublicKey(secret, "test")) == expected).Should(BeTrue())
+		pubKey := Ed25519().CompressedPoint(secret, isHash)
+		Expect(hex.EncodeToString(pubKey) == expected).Should(BeTrue())
 	},
-		Entry("case1:", "9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60", "d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a"),
-		Entry("case2:", "4ccd089b28ff96da9db6c346ec114e0f5b8a319f35aba624da8cf6ed4fb8a6fb", "3d4017c3e843895a92b70aa74d1b7ebc9c982ccf2ec4968cc0cd55f12af4660c"),
-		Entry("case3:", "c5aa8df43f9f837bedb7442f31dcb7b166d38535076f094b85ce3a2e0b4458f7", "fc51cd8e6218a1a38da47ed00230f0580816ed13ba3303ac5deb911548908025"),
+		Entry("case1:", "9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60", "d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a", true),
+		Entry("case2:", "4ccd089b28ff96da9db6c346ec114e0f5b8a319f35aba624da8cf6ed4fb8a6fb", "3d4017c3e843895a92b70aa74d1b7ebc9c982ccf2ec4968cc0cd55f12af4660c", true),
+		Entry("case3:", "c5aa8df43f9f837bedb7442f31dcb7b166d38535076f094b85ce3a2e0b4458f7", "fc51cd8e6218a1a38da47ed00230f0580816ed13ba3303ac5deb911548908025", true),
+		Entry("case4:", "f8c5fe7ef12d7a7f787aa7c3ba107b07f15b9de49528b681f3229f5cb62e725f", "78701ff87a9da875b1aca15421a7974ab753df5f1dd8abff20aa1cca0eca32ab", false),
+		Entry("case5:", "c08190be7808e5a48713eef997775fa5c4ecc8beb3c6ea4c8800ea66b82e725f", "a1ab9daf42b069c127c76a9c9ba18351abc6e88b427f988b372db6f63c67bc9f", false),
+		Entry("case6:", "18e0793579b9a9e4bdda1b6080af8afacf4ced61c6da7d2c54d25175bf2e725f", "8d6929446ef260a556a8a5a4f7f7349611b34b49888abce2a1f2e24634783022", false),
 	)
 })

crypto/elliptic/ed25519_test.go

@@ -29,35 +29,18 @@ func (c *ellipticCurve) Neg(x, y *big.Int) (*big.Int, *big.Int) {
 	return new(big.Int).Set(x), NegY.Mod(NegY, c.Curve.Params().P)
 }
 
-func (c *ellipticCurve) Type() string {
-	if c.Params().N.Cmp(p256Curve.Params().N) == 0 {
-		return "P256"
-	}
-	if c.Params().N.Cmp(secp256k1Curve.Params().N) == 0 {
-		return "secp256k1"
-	}
-	return "None"
-}
-
-func (c *ellipticCurve) Slip10SeedList() []byte {
-	if c.Params().N.Cmp(p256Curve.Params().N) == 0 {
-		return []byte("Bitcoin seed")
-	}
-	if c.Params().N.Cmp(secp256k1Curve.Params().N) == 0 {
-		return []byte("Bitcoin seed")
-	}
-	return []byte("None")
-}
-
 // WARN: Only support P256 and Secp256k1
-func (c *ellipticCurve) CompressedPublicKey(secret *big.Int, method string) []byte {
+func (c *ellipticCurve) CompressedPoint(s *big.Int, isHash bool) []byte {
+	if isHash {
+		panic("Not implemented")
+	}
 	/* Returns the compressed bytes for this point.
 	   If pt.y is odd, 0x03 is pre-pended to pt.x.
 	   If pt.y is even, 0x02 is pre-pended to pt.x.
 	   Returns:
 	       bytes: Compressed byte representation.
 	*/
-	x, y := c.ScalarBaseMult(secret.Bytes())
+	x, y := c.ScalarBaseMult(s.Bytes())
 	xBytePadding := x.Bytes()
 	if len(x.Bytes()) < 32 {
 		padding := make([]byte, 32-len(x.Bytes()))

crypto/elliptic/elliptic_curve.go

@@ -19,11 +19,13 @@ import (
 	"math/big"
 )
 
+type CurveType string
+
 type Curve interface {
 	elliptic.Curve
 
 	Neg(x1, y1 *big.Int) (x, y *big.Int)
-	Type() string
+	Type() CurveType
 	Slip10SeedList() []byte
-	CompressedPublicKey(secret *big.Int, method string) []byte
+	CompressedPoint(s *big.Int, isHash bool) []byte
 }

crypto/elliptic/interface.go

@@ -18,12 +18,30 @@ import (
 	"crypto/elliptic"
 )
 
+const (
+	CurveTypeP256 CurveType = "p256"
+)
+
 var (
-	p256Curve = &ellipticCurve{
-		Curve: elliptic.P256(),
+	p256Curve = &p256{
+		ellipticCurve: &ellipticCurve{
+			Curve: elliptic.P256(),
+		},
 	}
 )
 
-func P256() *ellipticCurve {
+func P256() *p256 {
 	return p256Curve
 }
+
+type p256 struct {
+	*ellipticCurve
+}
+
+func (c *p256) Type() CurveType {
+	return CurveTypeP256
+}
+
+func (c *p256) Slip10SeedList() []byte {
+	return []byte("Bitcoin seed")
+}

crypto/elliptic/p256.go

@@ -18,12 +18,30 @@ import (
 	"github.com/btcsuite/btcd/btcec/v2"
 )
 
+const (
+	CurveTypeSecp256k1 CurveType = "secp256k1"
+)
+
 var (
-	secp256k1Curve = &ellipticCurve{
-		Curve: btcec.S256(),
+	secp256k1Curve = &secp256k1{
+		ellipticCurve: &ellipticCurve{
+			Curve: btcec.S256(),
+		},
 	}
 )
 
-func Secp256k1() *ellipticCurve {
+func Secp256k1() *secp256k1 {
 	return secp256k1Curve
 }
+
+type secp256k1 struct {
+	*ellipticCurve
+}
+
+func (c *secp256k1) Type() CurveType {
+	return CurveTypeSecp256k1
+}
+
+func (c *secp256k1) Slip10SeedList() []byte {
+	return []byte("Bitcoin seed")
+}

crypto/elliptic/secp256k1.go

@@ -35,9 +35,10 @@ var _ = Describe("secp256k1", func() {
 		})
 	})
 
-	DescribeTable("Compressed PubKey", func(secrethex string, expected string) {
+	DescribeTable("Compressed Point", func(secrethex string, expected string) {
 		secret, _ := new(big.Int).SetString(secrethex, 16)
-		Expect(hex.EncodeToString(Secp256k1().CompressedPublicKey(secret, "test")) == expected).Should(BeTrue())
+		pubKey := Secp256k1().CompressedPoint(secret, false)
+		Expect(hex.EncodeToString(pubKey) == expected).Should(BeTrue())
 	},
 		Entry("case1:", "f91d8f3a49805fff9289769247e984b355939679f3080156fe295229e00f25af", "0252972572d465d016d4c501887b8df303eee3ed602c056b1eb09260dfa0da0ab2"),
 		Entry("case2:", "ac609e0cc9681f8cb63e968be20e0f19721751561944f5b4e52d54d5f27ec57b", "0318ed2e1ec629e2d3dae7be1103d4f911c24e0c80e70038f5eb5548245c475f50"),

crypto/elliptic/secp256k1_test.go

@@ -22,7 +22,7 @@ import (
 	pt "github.com/getamis/alice/crypto/ecpointgrouplaw"
 )
 
-//go:generate mockery --name Pubkey
+//go:generate go run github.com/vektra/mockery/v2 --name Pubkey
 type Pubkey interface {
 	GetMessageRange(fieldOrder *big.Int) *big.Int
 	Encrypt(m []byte) ([]byte, error)
@@ -32,7 +32,7 @@ type Pubkey interface {
 	ToPubKeyBytes() []byte
 }
 
-//go:generate mockery --name Crypto
+//go:generate go run github.com/vektra/mockery/v2 --name Crypto
 type Crypto interface {
 	Pubkey
 	Decrypt(c []byte) ([]byte, error)