diff --git a/CHANGELOG.md b/CHANGELOG.md index d8e4e2007d0b..77651cc69cd0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -36,6 +36,10 @@ Ref: https://keepachangelog.com/en/1.0.0/ ## [Unreleased] +## Features + +* [\#8559](https://github.com/cosmos/cosmos-sdk/pull/8559) Adding Protobuf compatible secp256r1 ECDSA signatures. + ### Client Breaking Changes * [\#8363](https://github.com/cosmos/cosmos-sdk/pull/8363) Addresses no longer have a fixed 20-byte length. From the SDK modules' point of view, any 1-255 bytes-long byte array is a valid address. @@ -137,7 +141,7 @@ he Cosmos Hub) should not use this release or any release in the v0.41.x series. ### State Machine Breaking * (x/ibc) [\#8266](https://github.com/cosmos/cosmos-sdk/issues/8266) Add amino JSON support for IBC MsgTransfer in order to support Ledger text signing transfer transactions. -* (x/ibc) [\#8404](https://github.com/cosmos/cosmos-sdk/pull/8404) Reorder IBC `ChanOpenAck` and `ChanOpenConfirm` handler execution to perform core handler first, followed by application callbacks. +* (x/ibc) [\#8404](https://github.com/cosmos/cosmos-sdk/pull/8404) Reorder IBC `ChanOpenAck` and `ChanOpenConfirm` handler execution to perform core handler first, followed by application callbacks. ### Bug Fixes diff --git a/codec/types/any.pb.go b/codec/types/any.pb.go index 97d9f1c2aa64..94cf80216287 100644 --- a/codec/types/any.pb.go +++ b/codec/types/any.pb.go @@ -476,10 +476,7 @@ func (m *Any) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthAny - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthAny } if (iNdEx + skippy) > l { diff --git a/crypto/codec/proto.go b/crypto/codec/proto.go index 9c07ca110596..7f38dee61433 100644 --- a/crypto/codec/proto.go +++ b/crypto/codec/proto.go @@ -5,13 +5,16 @@ import ( "github.com/cosmos/cosmos-sdk/crypto/keys/ed25519" "github.com/cosmos/cosmos-sdk/crypto/keys/multisig" "github.com/cosmos/cosmos-sdk/crypto/keys/secp256k1" + "github.com/cosmos/cosmos-sdk/crypto/keys/secp256r1" cryptotypes "github.com/cosmos/cosmos-sdk/crypto/types" ) // RegisterInterfaces registers the sdk.Tx interface. func RegisterInterfaces(registry codectypes.InterfaceRegistry) { - registry.RegisterInterface("cosmos.crypto.PubKey", (*cryptotypes.PubKey)(nil)) - registry.RegisterImplementations((*cryptotypes.PubKey)(nil), &ed25519.PubKey{}) - registry.RegisterImplementations((*cryptotypes.PubKey)(nil), &secp256k1.PubKey{}) - registry.RegisterImplementations((*cryptotypes.PubKey)(nil), &multisig.LegacyAminoPubKey{}) + var pk *cryptotypes.PubKey + registry.RegisterInterface("cosmos.crypto.PubKey", pk) + registry.RegisterImplementations(pk, &ed25519.PubKey{}) + registry.RegisterImplementations(pk, &secp256k1.PubKey{}) + registry.RegisterImplementations(pk, &multisig.LegacyAminoPubKey{}) + secp256r1.RegisterInterfaces(registry) } diff --git a/crypto/keys/internal/ecdsa/doc.go b/crypto/keys/internal/ecdsa/doc.go new file mode 100644 index 000000000000..a27b9caf9a8e --- /dev/null +++ b/crypto/keys/internal/ecdsa/doc.go @@ -0,0 +1,3 @@ +// Package ECDSA implements Cosmos-SDK compatible ECDSA public and private key. The keys +// can be serialized. +package ecdsa diff --git a/crypto/keys/internal/ecdsa/privkey.go b/crypto/keys/internal/ecdsa/privkey.go new file mode 100644 index 000000000000..0930285b04a1 --- /dev/null +++ b/crypto/keys/internal/ecdsa/privkey.go @@ -0,0 +1,69 @@ +package ecdsa + +import ( + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "crypto/sha256" + "fmt" + "math/big" +) + +// GenPrivKey generates a new secp256r1 private key. It uses operating system randomness. +func GenPrivKey(curve elliptic.Curve) (PrivKey, error) { + key, err := ecdsa.GenerateKey(curve, rand.Reader) + if err != nil { + return PrivKey{}, err + } + return PrivKey{*key}, nil +} + +type PrivKey struct { + ecdsa.PrivateKey +} + +// PubKey returns ECDSA public key associated with this private key. +func (sk *PrivKey) PubKey() PubKey { + return PubKey{sk.PublicKey, nil} +} + +// Bytes serialize the private key using big-endian. +func (sk *PrivKey) Bytes() []byte { + if sk == nil { + return nil + } + fieldSize := (sk.Curve.Params().BitSize + 7) / 8 + bz := make([]byte, fieldSize) + sk.D.FillBytes(bz) + return bz +} + +// Sign hashes and signs the message usign ECDSA. Implements SDK PrivKey interface. +func (sk *PrivKey) Sign(msg []byte) ([]byte, error) { + digest := sha256.Sum256(msg) + return sk.PrivateKey.Sign(rand.Reader, digest[:], nil) +} + +// String returns a string representation of the public key based on the curveName. +func (sk *PrivKey) String(name string) string { + return name + "{-}" +} + +// MarshalTo implements proto.Marshaler interface. +func (sk *PrivKey) MarshalTo(dAtA []byte) (int, error) { + bz := sk.Bytes() + copy(dAtA, bz) + return len(bz), nil +} + +// Unmarshal implements proto.Marshaler interface. +func (sk *PrivKey) Unmarshal(bz []byte, curve elliptic.Curve, expectedSize int) error { + if len(bz) != expectedSize { + return fmt.Errorf("wrong ECDSA SK bytes, expecting %d bytes", expectedSize) + } + + sk.Curve = curve + sk.D = new(big.Int).SetBytes(bz) + sk.X, sk.Y = curve.ScalarBaseMult(bz) + return nil +} diff --git a/crypto/keys/internal/ecdsa/privkey_internal_test.go b/crypto/keys/internal/ecdsa/privkey_internal_test.go new file mode 100644 index 000000000000..095e593656d7 --- /dev/null +++ b/crypto/keys/internal/ecdsa/privkey_internal_test.go @@ -0,0 +1,66 @@ +package ecdsa + +import ( + "testing" + + "github.com/tendermint/tendermint/crypto" + + "github.com/stretchr/testify/suite" +) + +func TestSKSuite(t *testing.T) { + suite.Run(t, new(SKSuite)) +} + +type SKSuite struct{ CommonSuite } + +func (suite *SKSuite) TestString() { + const prefix = "abc" + suite.Require().Equal(prefix+"{-}", suite.sk.String(prefix)) +} + +func (suite *SKSuite) TestPubKey() { + pk := suite.sk.PubKey() + suite.True(suite.sk.PublicKey.Equal(&pk.PublicKey)) +} + +func (suite *SKSuite) Bytes() { + bz := suite.sk.Bytes() + suite.Len(bz, 32) + var sk *PrivKey + suite.Nil(sk.Bytes()) +} + +func (suite *SKSuite) TestMarshal() { + require := suite.Require() + const size = 32 + + var buffer = make([]byte, size) + suite.sk.MarshalTo(buffer) + + var sk = new(PrivKey) + err := sk.Unmarshal(buffer, secp256r1, size) + require.NoError(err) + require.True(sk.Equal(&suite.sk.PrivateKey)) +} + +func (suite *SKSuite) TestSign() { + require := suite.Require() + + msg := crypto.CRandBytes(1000) + sig, err := suite.sk.Sign(msg) + require.NoError(err) + sigCpy := make([]byte, len(sig)) + copy(sigCpy, sig) + require.True(suite.pk.VerifySignature(msg, sigCpy)) + + // Mutate the signature + for i := range sig { + sigCpy[i] ^= byte(i + 1) + require.False(suite.pk.VerifySignature(msg, sigCpy)) + } + + // Mutate the message + msg[1] ^= byte(2) + require.False(suite.pk.VerifySignature(msg, sig)) +} diff --git a/crypto/keys/internal/ecdsa/pubkey.go b/crypto/keys/internal/ecdsa/pubkey.go new file mode 100644 index 000000000000..4c9b493a6b5f --- /dev/null +++ b/crypto/keys/internal/ecdsa/pubkey.go @@ -0,0 +1,83 @@ +package ecdsa + +import ( + "crypto/ecdsa" + "crypto/elliptic" + "crypto/sha256" + "encoding/asn1" + "fmt" + "math/big" + + tmcrypto "github.com/tendermint/tendermint/crypto" + + "github.com/cosmos/cosmos-sdk/types/address" + "github.com/cosmos/cosmos-sdk/types/errors" +) + +// signature holds the r and s values of an ECDSA signature. +type signature struct { + R, S *big.Int +} + +type PubKey struct { + ecdsa.PublicKey + + // cache + address tmcrypto.Address +} + +// Address creates an ADR-28 address for ECDSA keys. protoName is a concrete proto structure id. +func (pk *PubKey) Address(protoName string) tmcrypto.Address { + if pk.address == nil { + pk.address = address.Hash(protoName, pk.Bytes()) + } + return pk.address +} + +// Bytes returns the byte representation of the public key using a compressed form +// specified in section 4.3.6 of ANSI X9.62 with first byte being the curve type. +func (pk *PubKey) Bytes() []byte { + if pk == nil { + return nil + } + return elliptic.MarshalCompressed(pk.Curve, pk.X, pk.Y) +} + +// VerifySignature checks if sig is a valid ECDSA signature for msg. +func (pk *PubKey) VerifySignature(msg []byte, sig []byte) bool { + s := new(signature) + if _, err := asn1.Unmarshal(sig, s); err != nil || s == nil { + return false + } + + h := sha256.Sum256(msg) + return ecdsa.Verify(&pk.PublicKey, h[:], s.R, s.S) +} + +// String returns a string representation of the public key based on the curveName. +func (pk *PubKey) String(curveName string) string { + return fmt.Sprintf("%s{%X}", curveName, pk.Bytes()) +} + +// **** Proto Marshaler **** + +// MarshalTo implements proto.Marshaler interface. +func (pk *PubKey) MarshalTo(dAtA []byte) (int, error) { + bz := pk.Bytes() + copy(dAtA, bz) + return len(bz), nil +} + +// Unmarshal implements proto.Marshaler interface. +func (pk *PubKey) Unmarshal(bz []byte, curve elliptic.Curve, expectedSize int) error { + if len(bz) != expectedSize { + return errors.Wrapf(errors.ErrInvalidPubKey, "wrong ECDSA PK bytes, expecting %d bytes, got %d", expectedSize, len(bz)) + } + cpk := ecdsa.PublicKey{Curve: curve} + cpk.X, cpk.Y = elliptic.UnmarshalCompressed(curve, bz) + if cpk.X == nil || cpk.Y == nil { + return errors.Wrapf(errors.ErrInvalidPubKey, "wrong ECDSA PK bytes, unknown curve type: %d", bz[0]) + } + pk.PublicKey = cpk + return nil +} diff --git a/crypto/keys/internal/ecdsa/pubkey_internal_test.go b/crypto/keys/internal/ecdsa/pubkey_internal_test.go new file mode 100644 index 000000000000..2a46bdff39d7 --- /dev/null +++ b/crypto/keys/internal/ecdsa/pubkey_internal_test.go @@ -0,0 +1,69 @@ +package ecdsa + +import ( + "crypto/elliptic" + "encoding/hex" + "testing" + + "github.com/stretchr/testify/suite" +) + +var secp256r1 = elliptic.P256() + +func GenSecp256r1() (PrivKey, error) { + return GenPrivKey(secp256r1) +} + +func TestPKSuite(t *testing.T) { + suite.Run(t, new(PKSuite)) +} + +type CommonSuite struct { + suite.Suite + pk PubKey + sk PrivKey +} + +func (suite *CommonSuite) SetupSuite() { + sk, err := GenSecp256r1() + suite.Require().NoError(err) + suite.sk = sk + suite.pk = sk.PubKey() +} + +type PKSuite struct{ CommonSuite } + +func (suite *PKSuite) TestString() { + assert := suite.Assert() + require := suite.Require() + + prefix := "abc" + pkStr := suite.pk.String(prefix) + assert.Equal(prefix+"{", pkStr[:len(prefix)+1]) + assert.EqualValues('}', pkStr[len(pkStr)-1]) + + bz, err := hex.DecodeString(pkStr[len(prefix)+1 : len(pkStr)-1]) + require.NoError(err) + assert.EqualValues(suite.pk.Bytes(), bz) +} + +func (suite *PKSuite) TestBytes() { + require := suite.Require() + var pk *PubKey + require.Nil(pk.Bytes()) +} + +func (suite *PKSuite) TestMarshal() { + require := suite.Require() + const size = 33 // secp256r1 size + + var buffer = make([]byte, size) + n, err := suite.pk.MarshalTo(buffer) + require.NoError(err) + require.Equal(size, n) + + var pk = new(PubKey) + err = pk.Unmarshal(buffer, secp256r1, size) + require.NoError(err) + require.True(pk.PublicKey.Equal(&suite.pk.PublicKey)) +} diff --git a/crypto/keys/secp256r1/doc.go b/crypto/keys/secp256r1/doc.go new file mode 100644 index 000000000000..be938dc77f97 --- /dev/null +++ b/crypto/keys/secp256r1/doc.go @@ -0,0 +1,35 @@ +// Package secp256r1 implements Cosmos-SDK compatible ECDSA public and private key. The keys +// can be protobuf serialized and packed in Any. +package secp256r1 + +import ( + "crypto/elliptic" + "fmt" + + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + cryptotypes "github.com/cosmos/cosmos-sdk/crypto/types" +) + +const ( + // fieldSize is the curve domain size. + fieldSize = 32 + pubKeySize = fieldSize + 1 + + name = "secp256r1" +) + +var secp256r1 elliptic.Curve + +func init() { + secp256r1 = elliptic.P256() + // pubKeySize is ceil of field bit size + 1 for the sign + expected := (secp256r1.Params().BitSize + 7) / 8 + if expected != fieldSize { + panic(fmt.Sprintf("Wrong secp256r1 curve fieldSize=%d, expecting=%d", fieldSize, expected)) + } +} + +// RegisterInterfaces adds secp256r1 PubKey to pubkey registry +func RegisterInterfaces(registry codectypes.InterfaceRegistry) { + registry.RegisterImplementations((*cryptotypes.PubKey)(nil), &PubKey{}) +} diff --git a/crypto/keys/secp256r1/keys.pb.go b/crypto/keys/secp256r1/keys.pb.go new file mode 100644 index 000000000000..898daa499b11 --- /dev/null +++ b/crypto/keys/secp256r1/keys.pb.go @@ -0,0 +1,503 @@ +// Code generated by protoc-gen-gogo. DO NOT EDIT. +// source: cosmos/crypto/secp256r1/keys.proto + +package secp256r1 + +import ( + fmt "fmt" + _ "github.com/gogo/protobuf/gogoproto" + proto "github.com/gogo/protobuf/proto" + io "io" + math "math" + math_bits "math/bits" +) + +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the proto package it is being compiled against. +// A compilation error at this line likely means your copy of the +// proto package needs to be updated. +const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package + +// PubKey defines a secp256r1 ECDSA public key. +type PubKey struct { + // Point on secp256r1 curve in a compressed representation as specified in section + // 4.3.6 of ANSI X9.62. + Key *ecdsaPK `protobuf:"bytes,1,opt,name=key,proto3,customtype=ecdsaPK" json:"key,omitempty"` +} + +func (m *PubKey) Reset() { *m = PubKey{} } +func (*PubKey) ProtoMessage() {} +func (*PubKey) Descriptor() ([]byte, []int) { + return fileDescriptor_b90c18415095c0c3, []int{0} +} +func (m *PubKey) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *PubKey) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_PubKey.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *PubKey) XXX_Merge(src proto.Message) { + xxx_messageInfo_PubKey.Merge(m, src) +} +func (m *PubKey) XXX_Size() int { + return m.Size() +} +func (m *PubKey) XXX_DiscardUnknown() { + xxx_messageInfo_PubKey.DiscardUnknown(m) +} + +var xxx_messageInfo_PubKey proto.InternalMessageInfo + +func (*PubKey) XXX_MessageName() string { + return "cosmos.crypto.secp256r1.PubKey" +} + +// PrivKey defines a secp256r1 ECDSA private key. +type PrivKey struct { + // secret number serialized using big-endian encoding + Secret *ecdsaSK `protobuf:"bytes,1,opt,name=secret,proto3,customtype=ecdsaSK" json:"secret,omitempty"` +} + +func (m *PrivKey) Reset() { *m = PrivKey{} } +func (*PrivKey) ProtoMessage() {} +func (*PrivKey) Descriptor() ([]byte, []int) { + return fileDescriptor_b90c18415095c0c3, []int{1} +} +func (m *PrivKey) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *PrivKey) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_PrivKey.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *PrivKey) XXX_Merge(src proto.Message) { + xxx_messageInfo_PrivKey.Merge(m, src) +} +func (m *PrivKey) XXX_Size() int { + return m.Size() +} +func (m *PrivKey) XXX_DiscardUnknown() { + xxx_messageInfo_PrivKey.DiscardUnknown(m) +} + +var xxx_messageInfo_PrivKey proto.InternalMessageInfo + +func (*PrivKey) XXX_MessageName() string { + return "cosmos.crypto.secp256r1.PrivKey" +} +func init() { + proto.RegisterType((*PubKey)(nil), "cosmos.crypto.secp256r1.PubKey") + proto.RegisterType((*PrivKey)(nil), "cosmos.crypto.secp256r1.PrivKey") +} + +func init() { + proto.RegisterFile("cosmos/crypto/secp256r1/keys.proto", fileDescriptor_b90c18415095c0c3) +} + +var fileDescriptor_b90c18415095c0c3 = []byte{ + // 221 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x52, 0x4a, 0xce, 0x2f, 0xce, + 0xcd, 0x2f, 0xd6, 0x4f, 0x2e, 0xaa, 0x2c, 0x28, 0xc9, 0xd7, 0x2f, 0x4e, 0x4d, 0x2e, 0x30, 0x32, + 0x35, 0x2b, 0x32, 0xd4, 0xcf, 0x4e, 0xad, 0x2c, 0xd6, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x12, + 0x87, 0xa8, 0xd1, 0x83, 0xa8, 0xd1, 0x83, 0xab, 0x91, 0x12, 0x49, 0xcf, 0x4f, 0xcf, 0x07, 0xab, + 0xd1, 0x07, 0xb1, 0x20, 0xca, 0x95, 0xd4, 0xb9, 0xd8, 0x02, 0x4a, 0x93, 0xbc, 0x53, 0x2b, 0x85, + 0x64, 0xb9, 0x98, 0xb3, 0x53, 0x2b, 0x25, 0x18, 0x15, 0x18, 0x35, 0x78, 0x9c, 0xb8, 0x6f, 0xdd, + 0x93, 0x67, 0x4f, 0x4d, 0x4e, 0x29, 0x4e, 0x0c, 0xf0, 0x0e, 0x02, 0x89, 0x2b, 0xe9, 0x71, 0xb1, + 0x07, 0x14, 0x65, 0x96, 0x81, 0x54, 0x2a, 0x73, 0xb1, 0x15, 0xa7, 0x26, 0x17, 0xa5, 0x96, 0x60, + 0x28, 0x0e, 0xf6, 0x0e, 0x82, 0x4a, 0x39, 0x45, 0x9c, 0x78, 0x28, 0xc7, 0x70, 0xe3, 0xa1, 0x1c, + 0xc3, 0x89, 0x47, 0x72, 0x8c, 0x17, 0x1e, 0xc9, 0x31, 0x3e, 0x78, 0x24, 0xc7, 0x38, 0xe1, 0xb1, + 0x1c, 0xc3, 0x89, 0xc7, 0x72, 0x8c, 0x17, 0x1e, 0xcb, 0x31, 0xdc, 0x78, 0x2c, 0xc7, 0x10, 0x65, + 0x94, 0x9e, 0x59, 0x92, 0x51, 0x9a, 0xa4, 0x97, 0x9c, 0x9f, 0xab, 0x0f, 0xf3, 0x1c, 0x98, 0xd2, + 0x2d, 0x4e, 0xc9, 0x86, 0xf9, 0x13, 0xe4, 0x3b, 0x84, 0x67, 0x93, 0xd8, 0xc0, 0x2e, 0x37, 0x06, + 0x04, 0x00, 0x00, 0xff, 0xff, 0xe0, 0x65, 0x08, 0x5c, 0x0e, 0x01, 0x00, 0x00, +} + +func (m *PubKey) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *PubKey) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *PubKey) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.Key != nil { + { + size := m.Key.Size() + i -= size + if _, err := m.Key.MarshalTo(dAtA[i:]); err != nil { + return 0, err + } + i = encodeVarintKeys(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *PrivKey) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *PrivKey) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *PrivKey) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.Secret != nil { + { + size := m.Secret.Size() + i -= size + if _, err := m.Secret.MarshalTo(dAtA[i:]); err != nil { + return 0, err + } + i = encodeVarintKeys(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func encodeVarintKeys(dAtA []byte, offset int, v uint64) int { + offset -= sovKeys(v) + base := offset + for v >= 1<<7 { + dAtA[offset] = uint8(v&0x7f | 0x80) + v >>= 7 + offset++ + } + dAtA[offset] = uint8(v) + return base +} +func (m *PubKey) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.Key != nil { + l = m.Key.Size() + n += 1 + l + sovKeys(uint64(l)) + } + return n +} + +func (m *PrivKey) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.Secret != nil { + l = m.Secret.Size() + n += 1 + l + sovKeys(uint64(l)) + } + return n +} + +func sovKeys(x uint64) (n int) { + return (math_bits.Len64(x|1) + 6) / 7 +} +func sozKeys(x uint64) (n int) { + return sovKeys(uint64((x << 1) ^ uint64((int64(x) >> 63)))) +} +func (m *PubKey) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowKeys + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: PubKey: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: PubKey: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Key", wireType) + } + var byteLen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowKeys + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + byteLen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if byteLen < 0 { + return ErrInvalidLengthKeys + } + postIndex := iNdEx + byteLen + if postIndex < 0 { + return ErrInvalidLengthKeys + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + var v ecdsaPK + m.Key = &v + if err := m.Key.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipKeys(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthKeys + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *PrivKey) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowKeys + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: PrivKey: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: PrivKey: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Secret", wireType) + } + var byteLen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowKeys + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + byteLen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if byteLen < 0 { + return ErrInvalidLengthKeys + } + postIndex := iNdEx + byteLen + if postIndex < 0 { + return ErrInvalidLengthKeys + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + var v ecdsaSK + m.Secret = &v + if err := m.Secret.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipKeys(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthKeys + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func skipKeys(dAtA []byte) (n int, err error) { + l := len(dAtA) + iNdEx := 0 + depth := 0 + for iNdEx < l { + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowKeys + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + wireType := int(wire & 0x7) + switch wireType { + case 0: + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowKeys + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + iNdEx++ + if dAtA[iNdEx-1] < 0x80 { + break + } + } + case 1: + iNdEx += 8 + case 2: + var length int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowKeys + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + length |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if length < 0 { + return 0, ErrInvalidLengthKeys + } + iNdEx += length + case 3: + depth++ + case 4: + if depth == 0 { + return 0, ErrUnexpectedEndOfGroupKeys + } + depth-- + case 5: + iNdEx += 4 + default: + return 0, fmt.Errorf("proto: illegal wireType %d", wireType) + } + if iNdEx < 0 { + return 0, ErrInvalidLengthKeys + } + if depth == 0 { + return iNdEx, nil + } + } + return 0, io.ErrUnexpectedEOF +} + +var ( + ErrInvalidLengthKeys = fmt.Errorf("proto: negative length found during unmarshaling") + ErrIntOverflowKeys = fmt.Errorf("proto: integer overflow") + ErrUnexpectedEndOfGroupKeys = fmt.Errorf("proto: unexpected end of group") +) diff --git a/crypto/keys/secp256r1/privkey.go b/crypto/keys/secp256r1/privkey.go new file mode 100644 index 000000000000..8ca725420ff8 --- /dev/null +++ b/crypto/keys/secp256r1/privkey.go @@ -0,0 +1,63 @@ +package secp256r1 + +import ( + "github.com/cosmos/cosmos-sdk/crypto/keys/internal/ecdsa" + cryptotypes "github.com/cosmos/cosmos-sdk/crypto/types" +) + +// GenPrivKey generates a new secp256r1 private key. It uses operating system randomness. +func GenPrivKey() (*PrivKey, error) { + key, err := ecdsa.GenPrivKey(secp256r1) + return &PrivKey{&ecdsaSK{key}}, err +} + +// PubKey implements SDK PrivKey interface. +func (m *PrivKey) PubKey() cryptotypes.PubKey { + return &PubKey{&ecdsaPK{m.Secret.PubKey()}} +} + +// String implements SDK proto.Message interface. +func (m *PrivKey) String() string { + return m.Secret.String(name) +} + +// Type returns key type name. Implements SDK PrivKey interface. +func (m *PrivKey) Type() string { + return name +} + +// Sign hashes and signs the message usign ECDSA. Implements sdk.PrivKey interface. +func (m *PrivKey) Sign(msg []byte) ([]byte, error) { + return m.Secret.Sign(msg) +} + +// Bytes serialize the private key. +func (m *PrivKey) Bytes() []byte { + return m.Secret.Bytes() +} + +// Equals implements SDK PrivKey interface. +func (m *PrivKey) Equals(other cryptotypes.LedgerPrivKey) bool { + sk2, ok := other.(*PrivKey) + if !ok { + return false + } + return m.Secret.Equal(&sk2.Secret.PrivateKey) +} + +type ecdsaSK struct { + ecdsa.PrivKey +} + +// Size implements proto.Marshaler interface +func (sk *ecdsaSK) Size() int { + if sk == nil { + return 0 + } + return fieldSize +} + +// Unmarshal implements proto.Marshaler interface +func (sk *ecdsaSK) Unmarshal(bz []byte) error { + return sk.PrivKey.Unmarshal(bz, secp256r1, fieldSize) +} diff --git a/crypto/keys/secp256r1/privkey_internal_test.go b/crypto/keys/secp256r1/privkey_internal_test.go new file mode 100644 index 000000000000..ae48b47e3d68 --- /dev/null +++ b/crypto/keys/secp256r1/privkey_internal_test.go @@ -0,0 +1,115 @@ +package secp256r1 + +import ( + "testing" + + "github.com/tendermint/tendermint/crypto" + + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/codec/types" + cryptotypes "github.com/cosmos/cosmos-sdk/crypto/types" + proto "github.com/gogo/protobuf/proto" + "github.com/stretchr/testify/suite" +) + +var _ cryptotypes.PrivKey = &PrivKey{} + +func TestSKSuite(t *testing.T) { + suite.Run(t, new(SKSuite)) +} + +type SKSuite struct{ CommonSuite } + +func (suite *SKSuite) TestString() { + suite.Require().Equal("secp256r1{-}", suite.sk.String()) +} + +func (suite *SKSuite) TestEquals() { + require := suite.Require() + + skOther, err := GenPrivKey() + require.NoError(err) + require.False(suite.sk.Equals(skOther)) + + skOther2 := &PrivKey{skOther.Secret} + require.True(skOther.Equals(skOther2)) + require.True(skOther2.Equals(skOther), "Equals must be reflexive") +} + +func (suite *SKSuite) TestPubKey() { + pk := suite.sk.PubKey() + suite.True(suite.sk.(*PrivKey).Secret.PublicKey.Equal(&pk.(*PubKey).Key.PublicKey)) +} + +func (suite *SKSuite) Bytes() { + bz := suite.sk.Bytes() + suite.Len(bz, fieldSize) + var sk *PrivKey + suite.Nil(sk.Bytes()) +} + +func (suite *SKSuite) TestMarshalProto() { + require := suite.Require() + + /**** test structure marshalling ****/ + + var sk PrivKey + bz, err := proto.Marshal(suite.sk) + require.NoError(err) + require.NoError(proto.Unmarshal(bz, &sk)) + require.True(sk.Equals(suite.sk)) + + /**** test structure marshalling with codec ****/ + + sk = PrivKey{} + registry := types.NewInterfaceRegistry() + cdc := codec.NewProtoCodec(registry) + bz, err = cdc.MarshalBinaryBare(suite.sk.(*PrivKey)) + require.NoError(err) + require.NoError(cdc.UnmarshalBinaryBare(bz, &sk)) + require.True(sk.Equals(suite.sk)) + + const bufSize = 100 + bz2 := make([]byte, bufSize) + skCpy := suite.sk.(*PrivKey) + _, err = skCpy.MarshalTo(bz2) + require.NoError(err) + require.Len(bz2, bufSize) + require.Equal(bz, bz2[:sk.Size()]) + + bz2 = make([]byte, bufSize) + _, err = skCpy.MarshalToSizedBuffer(bz2) + require.NoError(err) + require.Len(bz2, bufSize) + require.Equal(bz, bz2[(bufSize-sk.Size()):]) +} + +func (suite *SKSuite) TestSign() { + require := suite.Require() + + msg := crypto.CRandBytes(1000) + sig, err := suite.sk.Sign(msg) + require.NoError(err) + sigCpy := make([]byte, len(sig)) + copy(sigCpy, sig) + require.True(suite.pk.VerifySignature(msg, sigCpy)) + + // Mutate the signature + for i := range sig { + sigCpy[i] ^= byte(i + 1) + require.False(suite.pk.VerifySignature(msg, sigCpy)) + } + + // Mutate the message + msg[1] ^= byte(2) + require.False(suite.pk.VerifySignature(msg, sig)) +} + +func (suite *SKSuite) TestSize() { + require := suite.Require() + var pk ecdsaSK + require.Equal(pk.Size(), len(suite.sk.Bytes())) + + var nilPk *ecdsaSK + require.Equal(0, nilPk.Size(), "nil value must have zero size") +} diff --git a/crypto/keys/secp256r1/pubkey.go b/crypto/keys/secp256r1/pubkey.go new file mode 100644 index 000000000000..d75c0f5298b7 --- /dev/null +++ b/crypto/keys/secp256r1/pubkey.go @@ -0,0 +1,60 @@ +package secp256r1 + +import ( + "github.com/gogo/protobuf/proto" + tmcrypto "github.com/tendermint/tendermint/crypto" + + ecdsa "github.com/cosmos/cosmos-sdk/crypto/keys/internal/ecdsa" + cryptotypes "github.com/cosmos/cosmos-sdk/crypto/types" +) + +// String implements proto.Message interface. +func (m *PubKey) String() string { + return m.Key.String(name) +} + +// Bytes implements SDK PubKey interface. +func (m *PubKey) Bytes() []byte { + return m.Key.Bytes() +} + +// Equals implements SDK PubKey interface. +func (m *PubKey) Equals(other cryptotypes.PubKey) bool { + pk2, ok := other.(*PubKey) + if !ok { + return false + } + return m.Key.Equal(&pk2.Key.PublicKey) +} + +// Address implements SDK PubKey interface. +func (m *PubKey) Address() tmcrypto.Address { + return m.Key.Address(proto.MessageName(m)) +} + +// Type returns key type name. Implements SDK PubKey interface. +func (m *PubKey) Type() string { + return name +} + +// VerifySignature implements SDK PubKey interface. +func (m *PubKey) VerifySignature(msg []byte, sig []byte) bool { + return m.Key.VerifySignature(msg, sig) +} + +type ecdsaPK struct { + ecdsa.PubKey +} + +// Size implements proto.Marshaler interface +func (pk *ecdsaPK) Size() int { + if pk == nil { + return 0 + } + return pubKeySize +} + +// Unmarshal implements proto.Marshaler interface +func (pk *ecdsaPK) Unmarshal(bz []byte) error { + return pk.PubKey.Unmarshal(bz, secp256r1, pubKeySize) +} diff --git a/crypto/keys/secp256r1/pubkey_internal_test.go b/crypto/keys/secp256r1/pubkey_internal_test.go new file mode 100644 index 000000000000..84b587d0c63b --- /dev/null +++ b/crypto/keys/secp256r1/pubkey_internal_test.go @@ -0,0 +1,118 @@ +package secp256r1 + +import ( + "testing" + + proto "github.com/gogo/protobuf/proto" + "github.com/stretchr/testify/suite" + + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/codec/types" + cryptotypes "github.com/cosmos/cosmos-sdk/crypto/types" +) + +var _ cryptotypes.PubKey = (*PubKey)(nil) + +func TestPKSuite(t *testing.T) { + suite.Run(t, new(PKSuite)) +} + +type CommonSuite struct { + suite.Suite + pk *PubKey // cryptotypes.PubKey + sk cryptotypes.PrivKey +} + +func (suite *CommonSuite) SetupSuite() { + sk, err := GenPrivKey() + suite.Require().NoError(err) + suite.sk = sk + suite.pk = sk.PubKey().(*PubKey) +} + +type PKSuite struct{ CommonSuite } + +func (suite *PKSuite) TestString() { + require := suite.Require() + + pkStr := suite.pk.String() + prefix := "secp256r1{" + require.Equal(prefix, pkStr[:len(prefix)]) +} + +func (suite *PKSuite) TestType() { + suite.Require().Equal(name, suite.pk.Type()) +} + +func (suite *PKSuite) TestEquals() { + require := suite.Require() + + skOther, err := GenPrivKey() + require.NoError(err) + pkOther := skOther.PubKey() + pkOther2 := &PubKey{&ecdsaPK{skOther.Secret.PubKey()}} + + require.False(suite.pk.Equals(pkOther)) + require.True(pkOther.Equals(pkOther2)) + require.True(pkOther2.Equals(pkOther)) + require.True(pkOther.Equals(pkOther), "Equals must be reflexive") +} + +func (suite *PKSuite) TestMarshalProto() { + require := suite.Require() + + /**** test structure marshalling ****/ + + var pk PubKey + bz, err := proto.Marshal(suite.pk) + require.NoError(err) + require.NoError(proto.Unmarshal(bz, &pk)) + require.True(pk.Equals(suite.pk)) + + /**** test structure marshalling with codec ****/ + + pk = PubKey{} + registry := types.NewInterfaceRegistry() + cdc := codec.NewProtoCodec(registry) + bz, err = cdc.MarshalBinaryBare(suite.pk) + require.NoError(err) + require.NoError(cdc.UnmarshalBinaryBare(bz, &pk)) + require.True(pk.Equals(suite.pk)) + + const bufSize = 100 + bz2 := make([]byte, bufSize) + pkCpy := suite.pk + _, err = pkCpy.MarshalTo(bz2) + require.NoError(err) + require.Len(bz2, bufSize) + require.Equal(bz, bz2[:pk.Size()]) + + bz2 = make([]byte, bufSize) + _, err = pkCpy.MarshalToSizedBuffer(bz2) + require.NoError(err) + require.Len(bz2, bufSize) + require.Equal(bz, bz2[(bufSize-pk.Size()):]) + + /**** test interface marshalling ****/ + bz, err = cdc.MarshalInterface(suite.pk) + require.NoError(err) + var pkI cryptotypes.PubKey + err = cdc.UnmarshalInterface(bz, &pkI) + require.EqualError(err, "no registered implementations of type types.PubKey") + + RegisterInterfaces(registry) + require.NoError(cdc.UnmarshalInterface(bz, &pkI)) + require.True(pkI.Equals(suite.pk)) + + cdc.UnmarshalInterface(bz, nil) + require.Error(err, "nil should fail") +} + +func (suite *PKSuite) TestSize() { + require := suite.Require() + var pk ecdsaPK + require.Equal(pk.Size(), len(suite.pk.Bytes())) + + var nilPk *ecdsaPK + require.Equal(0, nilPk.Size(), "nil value must have zero size") +} diff --git a/docs/core/proto-docs.md b/docs/core/proto-docs.md index 9c1f7110adc6..a9d2152f32d6 100644 --- a/docs/core/proto-docs.md +++ b/docs/core/proto-docs.md @@ -190,6 +190,10 @@ - [PrivKey](#cosmos.crypto.secp256k1.PrivKey) - [PubKey](#cosmos.crypto.secp256k1.PubKey) +- [cosmos/crypto/secp256r1/keys.proto](#cosmos/crypto/secp256r1/keys.proto) + - [PrivKey](#cosmos.crypto.secp256r1.PrivKey) + - [PubKey](#cosmos.crypto.secp256r1.PubKey) + - [cosmos/distribution/v1beta1/distribution.proto](#cosmos/distribution/v1beta1/distribution.proto) - [CommunityPoolSpendProposal](#cosmos.distribution.v1beta1.CommunityPoolSpendProposal) - [CommunityPoolSpendProposalWithDeposit](#cosmos.distribution.v1beta1.CommunityPoolSpendProposalWithDeposit) @@ -3115,6 +3119,52 @@ This prefix is followed with the x-coordinate. + + + + + + + + + + + +

Top

+ +## cosmos/crypto/secp256r1/keys.proto + + + + + +### PrivKey +PrivKey defines a secp256r1 ECDSA private key. + + +| Field | Type | Label | Description | +| ----- | ---- | ----- | ----------- | +| `secret` | [bytes](#bytes) | | secret number serialized using big-endian encoding | + + + + + + + + +### PubKey +PubKey defines a secp256r1 ECDSA public key. + + +| Field | Type | Label | Description | +| ----- | ---- | ----- | ----------- | +| `key` | [bytes](#bytes) | | Point on secp256r1 curve in a compressed representation as specified in section 4.3.6 of ANSI X9.62. | + + + + + diff --git a/proto/cosmos/crypto/secp256r1/keys.proto b/proto/cosmos/crypto/secp256r1/keys.proto new file mode 100644 index 000000000000..800b817e9495 --- /dev/null +++ b/proto/cosmos/crypto/secp256r1/keys.proto @@ -0,0 +1,22 @@ +syntax = "proto3"; +package cosmos.crypto.secp256r1; + +import "gogoproto/gogo.proto"; + +option go_package = "github.com/cosmos/cosmos-sdk/crypto/keys/secp256r1"; +option (gogoproto.messagename_all) = true; +option (gogoproto.goproto_stringer_all) = false; +option (gogoproto.goproto_getters_all) = false; + +// PubKey defines a secp256r1 ECDSA public key. +message PubKey { + // Point on secp256r1 curve in a compressed representation as specified in section + // 4.3.6 of ANSI X9.62: https://webstore.ansi.org/standards/ascx9/ansix9621998 + bytes key = 1 [(gogoproto.customtype) = "ecdsaPK"]; +} + +// PrivKey defines a secp256r1 ECDSA private key. +message PrivKey { + // secret number serialized using big-endian encoding + bytes secret = 1 [(gogoproto.customtype) = "ecdsaSK"]; +}