mirror of
https://github.com/status-im/status-go.git
synced 2025-01-10 06:36:32 +00:00
c8f9dad554
## What has changed? I've introduced to the public binding functionality that will compress and decompress public keys of a variety of encoding and key types. This functionality supports all major byte encoding formats and the following EC public key types: - `secp256k1` pks - `bls12-381 g1` pks - `bls12-381 g2` pks ## Why make the change? We want shorter public (chat) keys and we want to be future proof and encoding agnostic. See the issue here https://github.com/status-im/status-go/issues/1937 --- * Added basic signature for compresspk and uncompresspk * Added basic encoding information * make vendor * formatted imports for the linter * Reformatted imports hoping linter likes it * This linter is capricious * Added check that the secp256k1 key is valid * Added test for valid key * Added multiformat/go-varint dep * Added public key type handling * Added key decompression with key type handling * Added handling for '0x' type indentifying * Added more robust testing * Less lint for the linting gods * make vendor for bls12_381 * Added bls12-381 compression tests * Added decompress key expected results * Refactor of typed and untyped keys in tests * Lint god appeasment * Refactor of sample public keys * Implemented bls12-381 decompression * gofmt * Renamed decode/encode funcs to be more descriptive * Added binary bindings for key de/compression * Refactor of func parameters gomobile is a bit tempermental using raw bytes as a parameter, so I've decided to use string only inputs and outputs * gofmt * Added function documentation * Moved multiformat de/compression into api/multiformat ns * Moved multiformat de/compression into api/multiformat ns * Changed compress to serialize on API
71 lines
1.7 KiB
Go
71 lines
1.7 KiB
Go
package bls12381
|
|
|
|
import (
|
|
"crypto/sha256"
|
|
"errors"
|
|
)
|
|
|
|
func hashToFpXMDSHA256(msg []byte, domain []byte, count int) ([]*fe, error) {
|
|
randBytes, err := expandMsgSHA256XMD(msg, domain, count*64)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
els := make([]*fe, count)
|
|
for i := 0; i < count; i++ {
|
|
els[i], err = from64Bytes(randBytes[i*64 : (i+1)*64])
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
return els, nil
|
|
}
|
|
|
|
func expandMsgSHA256XMD(msg []byte, domain []byte, outLen int) ([]byte, error) {
|
|
h := sha256.New()
|
|
domainLen := uint8(len(domain))
|
|
if domainLen > 255 {
|
|
return nil, errors.New("invalid domain length")
|
|
}
|
|
// DST_prime = DST || I2OSP(len(DST), 1)
|
|
// b_0 = H(Z_pad || msg || l_i_b_str || I2OSP(0, 1) || DST_prime)
|
|
_, _ = h.Write(make([]byte, h.BlockSize()))
|
|
_, _ = h.Write(msg)
|
|
_, _ = h.Write([]byte{uint8(outLen >> 8), uint8(outLen)})
|
|
_, _ = h.Write([]byte{0})
|
|
_, _ = h.Write(domain)
|
|
_, _ = h.Write([]byte{domainLen})
|
|
b0 := h.Sum(nil)
|
|
|
|
// b_1 = H(b_0 || I2OSP(1, 1) || DST_prime)
|
|
h.Reset()
|
|
_, _ = h.Write(b0)
|
|
_, _ = h.Write([]byte{1})
|
|
_, _ = h.Write(domain)
|
|
_, _ = h.Write([]byte{domainLen})
|
|
b1 := h.Sum(nil)
|
|
|
|
// b_i = H(strxor(b_0, b_(i - 1)) || I2OSP(i, 1) || DST_prime)
|
|
ell := (outLen + h.Size() - 1) / h.Size()
|
|
bi := b1
|
|
out := make([]byte, outLen)
|
|
for i := 1; i < ell; i++ {
|
|
h.Reset()
|
|
// b_i = H(strxor(b_0, b_(i - 1)) || I2OSP(i, 1) || DST_prime)
|
|
tmp := make([]byte, h.Size())
|
|
for j := 0; j < h.Size(); j++ {
|
|
tmp[j] = b0[j] ^ bi[j]
|
|
}
|
|
_, _ = h.Write(tmp)
|
|
_, _ = h.Write([]byte{1 + uint8(i)})
|
|
_, _ = h.Write(domain)
|
|
_, _ = h.Write([]byte{domainLen})
|
|
|
|
// b_1 || ... || b_(ell - 1)
|
|
copy(out[(i-1)*h.Size():i*h.Size()], bi[:])
|
|
bi = h.Sum(nil)
|
|
}
|
|
// b_ell
|
|
copy(out[(ell-1)*h.Size():], bi[:])
|
|
return out[:outLen], nil
|
|
}
|