feat: Tezos

Co-authored-by: alexvelicu <[email protected]>
Co-authored-by: Alexandru Velicu <[email protected]>
Co-authored-by: Oleksii <[email protected]>
Co-authored-by: Antonio Ivanovski <[email protected]>
Co-authored-by: Zubeyir OZTURK <[email protected]>
Co-authored-by: Tim Boeckmann <[email protected]>
Co-authored-by: Antonio <[email protected]>
GitOrigin-RevId: 6f51ed90a9107a19ab91000435c4c9a0dec622ac

Author: 8 people

keys.go

@@ -3,6 +3,8 @@ package crypto
 const (
 	// KindSECP256K1 string identifier for secp256k1 keys.
 	KindSECP256K1 = "secp256k1"
+	// KindSECP256R1 string identifier for secp256r1 keys.
+	KindSECP256R1 = "secp256r1"
 	// KindED25519 string identifier for ed25519 keys.
 	KindED25519 = "ed25519"
 	// KindSR25519 string identifier for sr25519 keys.
@@ -18,6 +20,8 @@ const (
 	IDED25519 = 0xe2
 	// IDSR25519 byte identifier for sr25519 keys.
 	IDSR25519 = 0xe3
+	// IDSECP256R1 Id identifier for secp256r1 keys.
+	IDSECP256R1 = 0xe4
 	// IDNonSpecified Id identifier for non specified secret keys.
 	IDNonSpecified = 0xee
 )
@@ -26,6 +30,7 @@ var CurveKindIDMapping = map[string]byte{ //nolint:gochecknoglobals
 	KindSECP256K1: IDSECP256K1,
 	KindED25519:   IDED25519,
 	KindSR25519:   IDSR25519,
+	KindSECP256R1: IDSECP256R1,
 }
 
 // KeyTypes available key types.
@@ -34,5 +39,6 @@ func KeyTypes() map[string]bool {
 		KindSECP256K1: true,
 		KindED25519:   true,
 		KindSR25519:   true,
+		KindSECP256R1: true,
 	}
 }

multikey/ids.go

@@ -6,6 +6,7 @@ import (
 	"github.com/mailchain/go-crypto"
 	"github.com/mailchain/go-crypto/ed25519"
 	"github.com/mailchain/go-crypto/secp256k1"
+	"github.com/mailchain/go-crypto/secp256r1"
 	"github.com/mailchain/go-crypto/sr25519"
 )
 
@@ -15,6 +16,8 @@ func IDFromPublicKey(key crypto.PublicKey) (byte, error) {
 		return crypto.IDED25519, nil
 	case *secp256k1.PublicKey, secp256k1.PublicKey:
 		return crypto.IDSECP256K1, nil
+	case *secp256r1.PublicKey, secp256r1.PublicKey:
+		return crypto.IDSECP256R1, nil
 	case *sr25519.PublicKey, sr25519.PublicKey:
 		return crypto.IDSR25519, nil
 	default:
@@ -28,6 +31,8 @@ func IDFromPrivateKey(key crypto.PrivateKey) (byte, error) {
 		return crypto.IDED25519, nil
 	case *secp256k1.PrivateKey, secp256k1.PrivateKey:
 		return crypto.IDSECP256K1, nil
+	case *secp256r1.PrivateKey, secp256r1.PrivateKey:
+		return crypto.IDSECP256R1, nil
 	case *sr25519.PrivateKey, sr25519.PrivateKey:
 		return crypto.IDSR25519, nil
 	default:

multikey/names.go

@@ -6,6 +6,7 @@ import (
 	"github.com/mailchain/go-crypto"
 	"github.com/mailchain/go-crypto/ed25519"
 	"github.com/mailchain/go-crypto/secp256k1"
+	"github.com/mailchain/go-crypto/secp256r1"
 	"github.com/mailchain/go-crypto/sr25519"
 )
 
@@ -17,6 +18,8 @@ func KindFromPublicKey(key crypto.PublicKey) (string, error) {
 		return crypto.KindSECP256K1, nil
 	case *sr25519.PublicKey, sr25519.PublicKey:
 		return crypto.KindSR25519, nil
+	case *secp256r1.PublicKey, secp256r1.PublicKey:
+		return crypto.KindSECP256R1, nil
 	default:
 		return "", errors.New("unknown public key type")
 	}
@@ -30,6 +33,8 @@ func KindFromPrivateKey(key crypto.PrivateKey) (string, error) {
 		return crypto.KindSECP256K1, nil
 	case *sr25519.PrivateKey, sr25519.PrivateKey:
 		return crypto.KindSR25519, nil
+	case *secp256r1.PrivateKey, secp256r1.PrivateKey:
+		return crypto.KindSECP256R1, nil
 	default:
 		return "", errors.New("unknown private key type")
 	}

multikey/private.go

@@ -6,6 +6,7 @@ import (
 	"github.com/mailchain/go-crypto"
 	"github.com/mailchain/go-crypto/ed25519"
 	"github.com/mailchain/go-crypto/secp256k1"
+	"github.com/mailchain/go-crypto/secp256r1"
 	"github.com/mailchain/go-crypto/sr25519"
 )
 
@@ -21,6 +22,8 @@ func PrivateKeyFromBytes(keyType string, data []byte) (crypto.PrivateKey, error)
 		return ed25519.PrivateKeyFromBytes(data)
 	case crypto.KindSR25519:
 		return sr25519.PrivateKeyFromBytes(data)
+	case crypto.KindSECP256R1:
+		return secp256r1.PrivateKeyFromBytes(data)
 	default:
 		return nil, fmt.Errorf("unsupported key type: %q", keyType)
 	}

multikey/public.go

@@ -7,6 +7,7 @@ import (
 	"github.com/mailchain/go-crypto"
 	"github.com/mailchain/go-crypto/ed25519"
 	"github.com/mailchain/go-crypto/secp256k1"
+	"github.com/mailchain/go-crypto/secp256r1"
 	"github.com/mailchain/go-crypto/sr25519"
 	"github.com/mailchain/go-encoding"
 )
@@ -20,6 +21,8 @@ func PublicKeyFromBytes(keyType string, data []byte) (crypto.PublicKey, error) {
 		return ed25519.PublicKeyFromBytes(data)
 	case crypto.KindSR25519:
 		return sr25519.PublicKeyFromBytes(data)
+	case crypto.KindSECP256R1:
+		return secp256r1.PublicKeyFromBytes(data)
 	default:
 		return nil, fmt.Errorf("unsupported curve type")
 	}
@@ -49,6 +52,8 @@ func DescriptivePublicKeyFromBytes(in []byte) (crypto.PublicKey, error) {
 		return ed25519.PublicKeyFromBytes(data)
 	case crypto.IDSR25519:
 		return sr25519.PublicKeyFromBytes(data)
+	case crypto.IDSECP256R1:
+		return secp256r1.PublicKeyFromBytes(data)
 	default:
 		return nil, fmt.Errorf("first byte must identity key curve")
 	}

secp256r1/keys_test.go

@@ -0,0 +1,95 @@
+package secp256r1
+
+import (
+	"crypto/ecdsa"
+	"log"
+
+	"github.com/mailchain/go-encoding/encodingtest"
+)
+
+var (
+	aliceSECP256R1PrivateKey = func() PrivateKey {
+		k, err := PrivateKeyFromBytes(aliceSECP256R1PrivateKeyBytes)
+		if err != nil {
+			log.Fatal(err)
+		}
+		return *k
+	}() //nolint: lll
+
+	aliceSECP256R1PrivateKeyBytes = encodingtest.MustDecodeHex("3cdee0ff28337463455cd1cc43d29b1bf749d9615576525853ccc02b83c8b433")
+
+	aliceSECP256R1PrivateECDSA = func() ecdsa.PrivateKey {
+		key, err := toECDSA(aliceSECP256R1PrivateKeyBytes)
+		if err != nil {
+			log.Fatal(err)
+		}
+		return *key
+	}
+
+	aliceSECP256R1PublicKey = func() PublicKey {
+		k, err := PublicKeyFromBytes(aliceSECP256R1PublicKeyBytes)
+		if err != nil {
+			log.Fatal(err)
+		}
+
+		return *k.(*PublicKey)
+	}()
+	aliceSECP256R1PublicKeyBytes = encodingtest.MustDecodeHex("0330ef59d5da4547c684aa0d5b7d8c1527fceab462cfd8d4a3529319c469b0d4d7")
+)
+
+var (
+	bobSECP256R1PrivateKey = func() PrivateKey {
+		k, err := PrivateKeyFromBytes(bobSECP256R1PrivateKeyBytes)
+		if err != nil {
+			log.Fatal(err)
+		}
+		return *k
+	}() //nolint: lll
+
+	bobSECP256R1PrivateKeyBytes = encodingtest.MustDecodeHex("a1e65c4677435cea57950b39379a9ec7ec0c64edc97efe36cdaae3c386fe2b71")
+
+	bobSECP256R1PrivateECDSA = func() ecdsa.PrivateKey {
+		key, err := toECDSA(bobSECP256R1PrivateKeyBytes)
+		if err != nil {
+			log.Fatal(err)
+		}
+		return *key
+	}
+	bobSECP256R1PublicKey = func() PublicKey {
+		k, err := PublicKeyFromBytes(bobSECP256R1PublicKeyBytes)
+		if err != nil {
+			log.Fatal(err)
+		}
+
+		return *k.(*PublicKey)
+	}()
+	bobSECP256R1PublicKeyBytes = encodingtest.MustDecodeHex("032da43f4b992968e53c68c894933e8ba22a7905bf9cdc903fd96d4f38ff49e115")
+)
+
+var (
+	carlosSECP256R1PrivateKey = func() PrivateKey {
+		k, err := PrivateKeyFromBytes(carlosSECP256R1PrivateKeyBytes)
+		if err != nil {
+			log.Fatal(err)
+		}
+		return *k
+	}() //nolint: lll
+
+	carlosSECP256R1PrivateKeyBytes = encodingtest.MustDecodeHex("7198ec54092518b49b2c66468a058f1fdbf0fdf0b1e281a027c692bb0ee1d1ed")
+	carlosSECP256R1PrivateECDSA    = func() ecdsa.PrivateKey {
+		key, err := toECDSA(carlosSECP256R1PrivateKeyBytes)
+		if err != nil {
+			log.Fatal(err)
+		}
+		return *key
+	}
+	carlosSECP256R1PublicKey = func() PublicKey {
+		k, err := PublicKeyFromBytes(carlosSECP256R1PublicKeyBytes)
+		if err != nil {
+			log.Fatal(err)
+		}
+
+		return *k.(*PublicKey)
+	}()
+	carlosSECP256R1PublicKeyBytes = encodingtest.MustDecodeHex("02c48a6a32004a6ec31b78c05c9ea9d6bee0904f7f7a13f384c6f2a25c86fcb0e6")
+)

secp256r1/private.go

@@ -0,0 +1,110 @@
+package secp256r1
+
+import (
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rand"
+	"fmt"
+	"io"
+	"math/big"
+
+	ethcrypto "github.com/ethereum/go-ethereum/crypto"
+	"github.com/mailchain/go-crypto"
+)
+
+// PrivateKey based on the p256 curve
+type PrivateKey struct {
+	key  ecdsa.PrivateKey
+	rand io.Reader
+}
+
+// Bytes returns the byte representation of the private key
+func (pk PrivateKey) Bytes() []byte {
+	return ethcrypto.FromECDSA(&pk.key)
+}
+
+// Sign signs the message with the private key and returns the signature.
+func (pk PrivateKey) Sign(message []byte) (signature []byte, err error) {
+	r, s, err := ecdsa.Sign(pk.rand, &pk.key, message)
+	if err != nil {
+		return nil, err
+	}
+
+	// normalize
+	r, s = ecNormalizeSignature(r, s, pk.key.Curve)
+	// serialize
+	buf := make([]byte, 64)
+	r.FillBytes(buf[:32])
+	s.FillBytes(buf[32:])
+	return buf, nil
+}
+
+// PublicKey return the public key that is derived from the private key
+func (pk PrivateKey) PublicKey() crypto.PublicKey {
+	return &PublicKey{Key: pk.key.PublicKey}
+}
+
+// PrivateKeyFromBytes get a private key from seed []byte
+func PrivateKeyFromBytes(privKey []byte) (*PrivateKey, error) {
+	ecdsaPrivateKey, err := toECDSA(privKey)
+	if err != nil {
+		return nil, err
+	}
+
+	return &PrivateKey{key: *ecdsaPrivateKey, rand: rand.Reader}, nil
+}
+
+func GenerateKey(rand io.Reader) (*PrivateKey, error) {
+	key, err := ecdsa.GenerateKey(elliptic.P256(), rand)
+	if err != nil {
+		return nil, err
+	}
+	return &PrivateKey{key: *key, rand: rand}, nil
+}
+
+// ecNormalizeSignature ensures strict compliance with the EC spec by returning
+// S mod n for the appropriate keys curve.
+//
+// Details:
+//
+//	Step #6 of the ECDSA algorithm [x] defines an `S` value mod n[0],
+//	but most signers (OpenSSL, SoftHSM, YubiHSM) don't return a strict modulo.
+//	This variability was exploited with transaction malleability in Bitcoin,
+//	leading to BIP#62.  BIP#62 Rule #5[1] requires that signatures return a
+//	strict S = ... mod n which this function forces implemented in btcd here [2]
+//	[0]: https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm
+//	[1]: https://github.com/bitcoin/bips/blob/master/bip-0062.mediawiki#new-rules
+//	[2]: https://github.com/btcsuite/btcd/blob/master/btcec/signature.go#L49
+//
+// See also Ecadlabs Signatory:
+// https://github.com/ecadlabs/signatory/blob/f57871c2300cb5a53236ea5fcb4f203012b4fe41/pkg/cryptoutils/crypto.go#L17
+func ecNormalizeSignature(r, s *big.Int, c elliptic.Curve) (*big.Int, *big.Int) {
+	r = new(big.Int).Set(r)
+	s = new(big.Int).Set(s)
+
+	order := c.Params().N
+	quo := new(big.Int).Quo(order, new(big.Int).SetInt64(2))
+	if s.Cmp(quo) > 0 {
+		s = s.Sub(order, s)
+	}
+	return r, s
+}
+
+func toECDSA(pkBytes []byte) (*ecdsa.PrivateKey, error) {
+	k := new(big.Int).SetBytes(pkBytes)
+	curveOrder := elliptic.P256().Params().N
+	if k.Cmp(curveOrder) >= 0 {
+		return nil, fmt.Errorf("invalid private key for curve Nist P256")
+	}
+
+	priv := ecdsa.PrivateKey{
+		PublicKey: ecdsa.PublicKey{
+			Curve: elliptic.P256(),
+		},
+		D: k,
+	}
+
+	// https://cs.opensource.google/go/go/+/refs/tags/go1.17.5:src/crypto/ecdsa/ecdsa.go;l=149
+	priv.PublicKey.X, priv.PublicKey.Y = elliptic.P256().ScalarBaseMult(k.Bytes())
+	return &priv, nil
+}