-
Notifications
You must be signed in to change notification settings - Fork 28
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
7 changed files
with
298 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,143 @@ | ||
package bls | ||
|
||
import ( | ||
"bytes" | ||
"crypto/subtle" | ||
"fmt" | ||
|
||
"github.com/herumi/bls-eth-go-binary/bls" | ||
amino "github.com/tendermint/go-amino" | ||
"github.com/tendermint/tendermint/crypto" | ||
"github.com/tendermint/tendermint/crypto/tmhash" | ||
) | ||
|
||
var _ crypto.PrivKey = PrivKeyBLS12{} | ||
|
||
const ( | ||
PrivKeyAminoName = "tendermint/PrivKeyBLS12" | ||
PubKeyAminoName = "tendermint/PubKeyBLS12" | ||
PrivKeyBLS12Size = 32 | ||
PubKeyBLS12Size = 48 | ||
SignatureSize = 96 | ||
) | ||
|
||
var cdc = amino.NewCodec() | ||
|
||
func init() { | ||
cdc.RegisterInterface((*crypto.PubKey)(nil), nil) | ||
cdc.RegisterConcrete(PubKeyBLS12{}, | ||
PubKeyAminoName, nil) | ||
|
||
cdc.RegisterInterface((*crypto.PrivKey)(nil), nil) | ||
cdc.RegisterConcrete(PrivKeyBLS12{}, | ||
PrivKeyAminoName, nil) | ||
|
||
err := bls.Init(bls.BLS12_381) | ||
if err != nil { | ||
panic(fmt.Sprintf("ERROR: %s", err)) | ||
} | ||
err = bls.SetETHmode(bls.EthModeLatest) | ||
if err != nil { | ||
panic(fmt.Sprintf("ERROR: %s", err)) | ||
} | ||
} | ||
|
||
// PrivKeyBLS12 implements crypto.PrivKey. | ||
type PrivKeyBLS12 [PrivKeyBLS12Size]byte | ||
|
||
// GenPrivKey generates a new BLS12-381 private key. | ||
func GenPrivKey() PrivKeyBLS12 { | ||
sigKey := bls.SecretKey{} | ||
sigKey.SetByCSPRNG() | ||
sigKeyBinary := PrivKeyBLS12{} | ||
copy(sigKeyBinary[:], sigKey.Serialize()) | ||
return sigKeyBinary | ||
} | ||
|
||
// Bytes marshals the privkey using amino encoding. | ||
func (privKey PrivKeyBLS12) Bytes() []byte { | ||
return cdc.MustMarshalBinaryBare(privKey) | ||
} | ||
|
||
// Sign produces a signature on the provided message. | ||
func (privKey PrivKeyBLS12) Sign(msg []byte) ([]byte, error) { | ||
blsKey := bls.SecretKey{} | ||
err := blsKey.Deserialize(privKey[:]) | ||
if err != nil { | ||
return nil, err | ||
} | ||
sign := blsKey.SignByte(msg) | ||
return sign.Serialize(), nil | ||
} | ||
|
||
// PubKey gets the corresponding public key from the private key. | ||
func (privKey PrivKeyBLS12) PubKey() crypto.PubKey { | ||
blsKey := bls.SecretKey{} | ||
err := blsKey.Deserialize(privKey[:]) | ||
if err != nil { | ||
panic(fmt.Sprintf("Not a BLS12-381 private key: %X", privKey[:])) | ||
} | ||
pubKey := blsKey.GetPublicKey() | ||
pubKeyBinary := PubKeyBLS12{} | ||
copy(pubKeyBinary[:], pubKey.Serialize()) | ||
return pubKeyBinary | ||
} | ||
|
||
// Equals - you probably don't need to use this. | ||
// Runs in constant time based on length of the keys. | ||
func (privKey PrivKeyBLS12) Equals(other crypto.PrivKey) bool { | ||
if otherEd, ok := other.(PrivKeyBLS12); ok { | ||
return subtle.ConstantTimeCompare(privKey[:], otherEd[:]) == 1 | ||
} | ||
return false | ||
} | ||
|
||
var _ crypto.PubKey = PubKeyBLS12{} | ||
|
||
// PubKeyBLS12 implements crypto.PubKey for the BLS12-381 signature scheme. | ||
type PubKeyBLS12 [PubKeyBLS12Size]byte | ||
|
||
// Address is the SHA256-20 of the raw pubkey bytes. | ||
func (pubKey PubKeyBLS12) Address() crypto.Address { | ||
return tmhash.SumTruncated(pubKey[:]) | ||
} | ||
|
||
// Bytes marshals the PubKey using amino encoding. | ||
func (pubKey PubKeyBLS12) Bytes() []byte { | ||
bz, err := cdc.MarshalBinaryBare(pubKey) | ||
if err != nil { | ||
panic(err) | ||
} | ||
return bz | ||
} | ||
|
||
func (pubKey PubKeyBLS12) VerifyBytes(msg []byte, sig []byte) bool { | ||
// make sure we use the same algorithm to sign | ||
if len(sig) != SignatureSize { | ||
return false | ||
} | ||
blsPubKey := bls.PublicKey{} | ||
err := blsPubKey.Deserialize(pubKey[:]) | ||
if err != nil { | ||
return false | ||
} | ||
blsSign := bls.Sign{} | ||
err = blsSign.Deserialize(sig) | ||
if err != nil { | ||
fmt.Printf("Signature Deserialize failed: %s", err) | ||
return false | ||
} | ||
return blsSign.VerifyByte(&blsPubKey, msg) | ||
} | ||
|
||
func (pubKey PubKeyBLS12) String() string { | ||
return fmt.Sprintf("PubKeyBLS12{%X}", pubKey[:]) | ||
} | ||
|
||
// nolint: golint | ||
func (pubKey PubKeyBLS12) Equals(other crypto.PubKey) bool { | ||
if otherEd, ok := other.(PubKeyBLS12); ok { | ||
return bytes.Equal(pubKey[:], otherEd[:]) | ||
} | ||
return false | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,127 @@ | ||
package bls_test | ||
|
||
import ( | ||
"bytes" | ||
"fmt" | ||
"testing" | ||
|
||
b "github.com/herumi/bls-eth-go-binary/bls" | ||
|
||
"github.com/stretchr/testify/assert" | ||
"github.com/stretchr/testify/require" | ||
"github.com/tendermint/tendermint/crypto" | ||
"github.com/tendermint/tendermint/crypto/bls" | ||
) | ||
|
||
func TestBasicSignatureFunctions(t *testing.T) { | ||
privateKey := b.SecretKey{} | ||
privateKey.SetByCSPRNG() | ||
publicKey := privateKey.GetPublicKey() | ||
|
||
duplicatedPrivateKey := b.SecretKey{} | ||
err := duplicatedPrivateKey.Deserialize(privateKey.Serialize()) | ||
if err != nil { | ||
t.Fatalf("Private key deserialization failed.") | ||
} | ||
|
||
if len(privateKey.Serialize()) != bls.PrivKeyBLS12Size { | ||
t.Fatalf("The constant size %d of the private key is different from the actual size %d.", | ||
bls.PrivKeyBLS12Size, len(privateKey.Serialize())) | ||
} | ||
|
||
duplicatedPublicKey := b.PublicKey{} | ||
err = duplicatedPublicKey.Deserialize(publicKey.Serialize()) | ||
if err != nil { | ||
t.Fatalf("Public key deserialization failed.") | ||
} | ||
|
||
if len(publicKey.Serialize()) != bls.PubKeyBLS12Size { | ||
t.Fatalf("The constant size %d of the public key is different from the actual size %d.", | ||
bls.PubKeyBLS12Size, len(publicKey.Serialize())) | ||
} | ||
|
||
duplicatedSignature := func(sig *b.Sign) *b.Sign { | ||
duplicatedSign := b.Sign{} | ||
err := duplicatedSign.Deserialize(sig.Serialize()) | ||
if err != nil { | ||
t.Fatalf("Signature deserialization failed.") | ||
} | ||
|
||
if len(sig.Serialize()) != bls.SignatureSize { | ||
t.Fatalf("The constant size %d of the signature is different from the actual size %d.", | ||
bls.SignatureSize, len(sig.Serialize())) | ||
} | ||
return &duplicatedSign | ||
} | ||
|
||
msg := []byte("hello, world") | ||
for _, privKey := range []b.SecretKey{privateKey, duplicatedPrivateKey} { | ||
for _, pubKey := range []*b.PublicKey{publicKey, &duplicatedPublicKey} { | ||
signature := privKey.SignByte(msg) | ||
if !signature.VerifyByte(pubKey, msg) { | ||
t.Errorf("Signature verification failed.") | ||
} | ||
|
||
if !duplicatedSignature(signature).VerifyByte(pubKey, msg) { | ||
t.Errorf("Signature verification failed.") | ||
} | ||
|
||
for i := 0; i < len(msg); i++ { | ||
for j := 0; j < 8; j++ { | ||
garbled := make([]byte, len(msg)) | ||
copy(garbled, msg) | ||
garbled[i] ^= 1 << (8 - j - 1) | ||
if bytes.Equal(msg, garbled) { | ||
t.Fatalf("Not a barbled message") | ||
} | ||
if signature.VerifyByte(pubKey, garbled) { | ||
t.Errorf("Signature verification was successful against a garbled byte sequence.") | ||
} | ||
if duplicatedSignature(signature).VerifyByte(pubKey, garbled) { | ||
t.Errorf("Signature verification was successful against a garbled byte sequence.") | ||
} | ||
} | ||
} | ||
} | ||
} | ||
} | ||
|
||
func TestSignatureAggregation(t *testing.T) { | ||
publicKeys := make([]b.PublicKey, 25) | ||
aggregatedSignature := b.Sign{} | ||
aggregatedPublicKey := b.PublicKey{} | ||
msg := []byte("hello, world") | ||
for i := 0; i < len(publicKeys); i++ { | ||
privateKey := b.SecretKey{} | ||
privateKey.SetByCSPRNG() | ||
publicKeys[i] = *privateKey.GetPublicKey() | ||
aggregatedSignature.Add(privateKey.SignByte(msg)) | ||
aggregatedPublicKey.Add(&publicKeys[i]) | ||
} | ||
|
||
if !aggregatedSignature.FastAggregateVerify(publicKeys, msg) { | ||
t.Errorf("Aggregated signature verification failed.") | ||
} | ||
if !aggregatedSignature.VerifyByte(&aggregatedPublicKey, msg) { | ||
t.Errorf("Aggregated signature verification failed.") | ||
} | ||
} | ||
|
||
func TestSignAndValidateBLS12(t *testing.T) { | ||
privKey := bls.GenPrivKey() | ||
pubKey := privKey.PubKey() | ||
|
||
msg := crypto.CRandBytes(128) | ||
sig, err := privKey.Sign(msg) | ||
require.Nil(t, err) | ||
fmt.Printf("restoring signature: %x\n", sig) | ||
|
||
// Test the signature | ||
assert.True(t, pubKey.VerifyBytes(msg, sig)) | ||
|
||
// Mutate the signature, just one bit. | ||
// TODO: Replace this with a much better fuzzer, tendermint/ed25519/issues/10 | ||
sig[7] ^= byte(0x01) | ||
|
||
assert.False(t, pubKey.VerifyBytes(msg, sig)) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.