Feature/secp256k1 recovery pubkey (#160)

Signed-off-by: Alexey-N-Chernyshov <[email protected]>

Author: Alexey-N-Chernyshov

.gitmodules

@@ -7,3 +7,6 @@
 [submodule "test/core/serialization/serialization_vectors"]
 	path = test/core/serialization/serialization_vectors
 	url = https://github.com/filecoin-project/serialization-vectors.git
+[submodule "deps/libsecp256k1"]
+	path = deps/libsecp256k1
+	url = https://github.com/Alexey-N-Chernyshov/libsecp256k1.git

CMakeLists.txt

@@ -114,6 +114,7 @@ include_directories(
     SYSTEM
     # system includes
     deps/tinycbor/src
+    deps/libsecp256k1/include
 )
 
 add_subdirectory(core)

core/blockchain/block_validator/impl/block_validator_impl.cpp

@@ -87,9 +87,9 @@ namespace fc::blockchain::block_validator {
         },
         [&block_signature, &block_bytes, *this](
             const SecpPubKey &public_key) -> outcome::result<void> {
-          libp2p::crypto::secp256k1::PublicKey secp_public_key;
+          crypto::secp256k1::PublicKey secp_public_key;
           auto secp_signature =
-              boost::get<libp2p::crypto::secp256k1::Signature>(block_signature);
+              boost::get<crypto::secp256k1::Signature>(block_signature);
           std::copy_n(public_key.begin(),
                       secp_public_key.size(),
                       secp_public_key.begin());

core/blockchain/block_validator/impl/block_validator_impl.hpp

@@ -32,7 +32,7 @@ namespace fc::blockchain::block_validator {
     using WeightCalculator = blockchain::weight::WeightCalculator;
     using PowerTable = power::PowerTable;
     using BlsProvider = crypto::bls::BlsProvider;
-    using SecpProvider = libp2p::crypto::secp256k1::Secp256k1Provider;
+    using SecpProvider = crypto::secp256k1::Secp256k1ProviderDefault;
     using Interpreter = vm::interpreter::Interpreter;
     using Tipset = primitives::tipset::Tipset;
 

core/crypto/CMakeLists.txt

@@ -9,4 +9,5 @@ add_subdirectory(hasher)
 add_subdirectory(murmur)
 add_subdirectory(randomness)
 add_subdirectory(vrf)
+add_subdirectory(secp256k1)
 add_subdirectory(signature)

core/crypto/secp256k1/CMakeLists.txt

@@ -0,0 +1,12 @@
+# Copyright Soramitsu Co., Ltd. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+add_library(secp256k1_provider
+    impl/secp256k1_provider_impl.cpp
+    impl/secp256k1_sha256_provider_impl.cpp
+    impl/secp256k1_error.cpp
+    )
+target_link_libraries(secp256k1_provider
+    libsecp256k1
+    outcome
+    )

core/crypto/secp256k1/README.md

@@ -0,0 +1,11 @@
+Reference implementation is 
+https://github.com/ipsn/go-secp256k1/blob/master/secp256.go
+(commit
+43bfef0653c5a154ac1fff973f03b2664b394d3c).
+
+It is a standalone clone of of `secp256k1` from https://github.com/ethereum/go-ethereum repository.
+
+It uses as default:
+ - SHA256 as digest algorithm
+ - Uncompressed form of `PublicKey`
+ - compact form of `Signature`

core/crypto/secp256k1/impl/secp256k1_error.cpp

@@ -0,0 +1,29 @@
+/**
+ * Copyright Soramitsu Co., Ltd. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#include "crypto/secp256k1/secp256k1_error.hpp"
+
+OUTCOME_CPP_DEFINE_CATEGORY(fc::crypto::secp256k1, Secp256k1Error, e) {
+  using fc::crypto::secp256k1::Secp256k1Error;
+  switch (e) {
+    case Secp256k1Error::KEY_GENERATION_FAILED:
+      return "Secp256k1ProviderError: generation failed";
+    case Secp256k1Error::SIGNATURE_PARSE_ERROR:
+      return "Secp256k1ProviderError: signature parsing error";
+    case Secp256k1Error::SIGNATURE_SERIALIZATION_ERROR:
+      return "Secp256k1ProviderError: signature serialization error";
+    case Secp256k1Error::CANNOT_SIGN_ERROR:
+      return "Secp256k1ProviderError: error when signing";
+    case Secp256k1Error::PUBKEY_PARSE_ERROR:
+      return "Secp256k1ProviderError: public key parse error";
+    case Secp256k1Error::PUBKEY_SERIALIZATION_ERROR:
+      return "Secp256k1ProviderError: public key serialization error";
+    case Secp256k1Error::RECOVER_ERROR:
+      return "Secp256k1ProviderError: recover error";
+
+    default:
+      return "Secp256k1ProviderError: unknown error";
+  }
+}

core/crypto/secp256k1/impl/secp256k1_provider_impl.cpp

@@ -0,0 +1,146 @@
+/**
+ * Copyright Soramitsu Co., Ltd. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#include "crypto/secp256k1/impl/secp256k1_provider_impl.hpp"
+
+#include <openssl/bn.h>
+#include <openssl/ec.h>
+#include <openssl/obj_mac.h>
+#include "crypto/secp256k1/secp256k1_error.hpp"
+#include "secp256k1_recovery.h"
+
+namespace fc::crypto::secp256k1 {
+
+  Secp256k1ProviderImpl::Secp256k1ProviderImpl()
+      : context_(secp256k1_context_create(SECP256K1_CONTEXT_SIGN
+                                          | SECP256K1_CONTEXT_VERIFY),
+                 secp256k1_context_destroy) {}
+
+  outcome::result<KeyPair> Secp256k1ProviderImpl::generate() const {
+    PublicKeyUncompressed public_key{};
+    PrivateKey private_key{};
+    std::shared_ptr<EC_KEY> key{EC_KEY_new_by_curve_name(NID_secp256k1),
+                                EC_KEY_free};
+    if (EC_KEY_generate_key(key.get()) != 1) {
+      return Secp256k1Error::KEY_GENERATION_FAILED;
+    }
+    const BIGNUM *privateNum = EC_KEY_get0_private_key(key.get());
+    if (BN_bn2binpad(privateNum, private_key.data(), private_key.size()) < 0) {
+      return Secp256k1Error::KEY_GENERATION_FAILED;
+    }
+    EC_KEY_set_conv_form(key.get(), POINT_CONVERSION_UNCOMPRESSED);
+    auto public_key_length = i2o_ECPublicKey(key.get(), nullptr);
+    if (public_key_length != public_key.size()) {
+      return Secp256k1Error::KEY_GENERATION_FAILED;
+    }
+    uint8_t *public_key_ptr = public_key.data();
+    if (i2o_ECPublicKey(key.get(), &public_key_ptr) != public_key_length) {
+      return Secp256k1Error::KEY_GENERATION_FAILED;
+    }
+    return KeyPair{private_key, public_key};
+  }
+
+  outcome::result<PublicKeyUncompressed> Secp256k1ProviderImpl::derive(
+      const PrivateKey &key) const {
+    secp256k1_pubkey pubkey;
+
+    if (!secp256k1_ec_pubkey_create(context_.get(), &pubkey, key.data())) {
+      return Secp256k1Error::KEY_GENERATION_FAILED;
+    }
+
+    PublicKeyUncompressed public_key{};
+    size_t outputlen = kPublicKeyUncompressedLength;
+    if (!secp256k1_ec_pubkey_serialize(context_.get(),
+                                       public_key.data(),
+                                       &outputlen,
+                                       &pubkey,
+                                       SECP256K1_EC_UNCOMPRESSED)) {
+      return Secp256k1Error::PUBKEY_SERIALIZATION_ERROR;
+    }
+
+    return public_key;
+  }
+
+  outcome::result<PublicKeyUncompressed> Secp256k1ProviderImpl::sign(
+      gsl::span<const uint8_t> message, const PrivateKey &key) const {
+    secp256k1_ecdsa_recoverable_signature sig_struct;
+    if (!secp256k1_ecdsa_sign_recoverable(context_.get(),
+                                          &sig_struct,
+                                          message.data(),
+                                          key.cbegin(),
+                                          secp256k1_nonce_function_rfc6979,
+                                          nullptr)) {
+      return Secp256k1Error::CANNOT_SIGN_ERROR;
+    }
+    SignatureCompact signature{};
+    int recid = 0;
+    if (!secp256k1_ecdsa_recoverable_signature_serialize_compact(
+            context_.get(), signature.data(), &recid, &sig_struct)) {
+      return Secp256k1Error::SIGNATURE_SERIALIZATION_ERROR;
+    }
+    signature[64] = (uint8_t)recid;
+    return signature;
+  }
+
+  outcome::result<bool> Secp256k1ProviderImpl::verify(
+      gsl::span<const uint8_t> message,
+      const SignatureCompact &signature,
+      const PublicKeyUncompressed &key) const {
+    OUTCOME_TRY(checkSignature(signature));
+
+    secp256k1_ecdsa_signature sig;
+    secp256k1_pubkey pubkey;
+
+    if (!secp256k1_ecdsa_signature_parse_compact(
+            context_.get(), &sig, signature.data())) {
+      return Secp256k1Error::SIGNATURE_PARSE_ERROR;
+    }
+    if (!secp256k1_ec_pubkey_parse(
+            context_.get(), &pubkey, key.data(), key.size())) {
+      return Secp256k1Error::PUBKEY_PARSE_ERROR;
+    }
+    return (secp256k1_ecdsa_verify(
+        context_.get(), &sig, message.data(), &pubkey) == 1);
+  }
+
+  outcome::result<PublicKeyUncompressed>
+  Secp256k1ProviderImpl::recoverPublicKey(
+      gsl::span<const uint8_t> message,
+      const SignatureCompact &signature) const {
+    OUTCOME_TRY(checkSignature(signature));
+
+    secp256k1_ecdsa_recoverable_signature sig_rec;
+    secp256k1_pubkey pubkey;
+
+    if (!secp256k1_ecdsa_recoverable_signature_parse_compact(
+            context_.get(), &sig_rec, signature.data(), (int)signature[64])) {
+      return Secp256k1Error::SIGNATURE_PARSE_ERROR;
+    }
+    if (!secp256k1_ecdsa_recover(
+            context_.get(), &pubkey, &sig_rec, message.data())) {
+      return Secp256k1Error::RECOVER_ERROR;
+    }
+    PublicKeyUncompressed pubkey_out;
+    size_t outputlen = kPublicKeyUncompressedLength;
+    if (!secp256k1_ec_pubkey_serialize(context_.get(),
+                                       pubkey_out.data(),
+                                       &outputlen,
+                                       &pubkey,
+                                       SECP256K1_EC_UNCOMPRESSED)) {
+      return Secp256k1Error::PUBKEY_SERIALIZATION_ERROR;
+    }
+
+    return pubkey_out;
+  }
+
+  outcome::result<void> Secp256k1ProviderImpl::checkSignature(
+      const SignatureCompact &signature) const {
+    if (signature[64] > 3) {
+      return Secp256k1Error::SIGNATURE_PARSE_ERROR;
+    }
+    return outcome::success();
+  }
+
+}  // namespace fc::crypto::secp256k1

core/crypto/secp256k1/impl/secp256k1_provider_impl.hpp

@@ -0,0 +1,51 @@
+/**
+ * Copyright Soramitsu Co., Ltd. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#ifndef CPP_FILECOIN_CORE_CRYPTO_SECP256K1_SECP256K1_PROVIDER_RECOVER_HPP
+#define CPP_FILECOIN_CORE_CRYPTO_SECP256K1_SECP256K1_PROVIDER_RECOVER_HPP
+
+#include "crypto/secp256k1/secp256k1_provider.hpp"
+#include "crypto/secp256k1/secp256k1_types.hpp"
+#include "secp256k1.h"
+
+namespace fc::crypto::secp256k1 {
+
+  /**
+   * Implemetation of Secp256k1 provider with
+   * - public key in uncompressed form
+   * - signature in compact form
+   * - NO digest function
+   */
+  class Secp256k1ProviderImpl : public Secp256k1ProviderDefault {
+   public:
+    Secp256k1ProviderImpl();
+
+    outcome::result<KeyPair> generate() const override;
+
+    outcome::result<PublicKeyUncompressed> derive(
+        const PrivateKey &key) const override;
+
+    outcome::result<SignatureCompact> sign(
+        gsl::span<const uint8_t> message, const PrivateKey &key) const override;
+
+    outcome::result<bool> verify(
+        gsl::span<const uint8_t> message,
+        const SignatureCompact &signature,
+        const PublicKeyUncompressed &key) const override;
+
+    outcome::result<PublicKeyUncompressed> recoverPublicKey(
+        gsl::span<const uint8_t> message,
+        const SignatureCompact &signature) const override;
+
+   private:
+    std::unique_ptr<secp256k1_context, void (*)(secp256k1_context *)> context_;
+
+    outcome::result<void> checkSignature(
+        const SignatureCompact &signature) const;
+  };
+
+}  // namespace fc::crypto::secp256k1
+
+#endif  // CPP_FILECOIN_CORE_CRYPTO_SECP256K1_SECP256K1_PROVIDER_RECOVER_HPP

core/crypto/secp256k1/impl/secp256k1_sha256_provider_impl.cpp

@@ -0,0 +1,38 @@
+/**
+ * Copyright Soramitsu Co., Ltd. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#include "crypto/secp256k1/impl/secp256k1_sha256_provider_impl.hpp"
+
+#include <libp2p/common/types.hpp>
+#include <libp2p/crypto/sha/sha256.hpp>
+
+namespace fc::crypto::secp256k1 {
+
+  using libp2p::common::Hash256;
+  using libp2p::crypto::sha256;
+
+  outcome::result<SignatureCompact> Secp256k1Sha256ProviderImpl::sign(
+      gsl::span<const uint8_t> message, const PrivateKey &key) const {
+    Hash256 digest = sha256(message);
+    return Secp256k1ProviderImpl::sign(digest, key);
+  }
+
+  outcome::result<bool> Secp256k1Sha256ProviderImpl::verify(
+      gsl::span<const uint8_t> message,
+      const SignatureCompact &signature,
+      const PublicKeyUncompressed &key) const {
+    Hash256 digest = sha256(message);
+    return Secp256k1ProviderImpl::verify(digest, signature, key);
+  }
+
+  outcome::result<PublicKeyUncompressed>
+  Secp256k1Sha256ProviderImpl::recoverPublicKey(
+      gsl::span<const uint8_t> message,
+      const SignatureCompact &signature) const {
+    Hash256 digest = sha256(message);
+    return Secp256k1ProviderImpl::recoverPublicKey(digest, signature);
+  }
+
+}  // namespace fc::crypto::secp256k1

core/crypto/secp256k1/impl/secp256k1_sha256_provider_impl.hpp

@@ -0,0 +1,33 @@
+/**
+ * Copyright Soramitsu Co., Ltd. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#ifndef CPP_FILECOIN_CORE_CRYPTO_SECP256K1_IMPL_SECP_256_K_1_SHA_256_PROVIDER_IMPL_HPP
+#define CPP_FILECOIN_CORE_CRYPTO_SECP256K1_IMPL_SECP_256_K_1_SHA_256_PROVIDER_IMPL_HPP
+
+#include "crypto/secp256k1/impl/secp256k1_provider_impl.hpp"
+
+namespace fc::crypto::secp256k1 {
+
+  /**
+   * Implementation of secp256k1 provider with sha256 digest function
+   */
+  class Secp256k1Sha256ProviderImpl : public Secp256k1ProviderImpl {
+   public:
+    outcome::result<SignatureCompact> sign(
+        gsl::span<const uint8_t> message, const PrivateKey &key) const override;
+
+    outcome::result<bool> verify(
+        gsl::span<const uint8_t> message,
+        const SignatureCompact &signature,
+        const PublicKeyUncompressed &key) const override;
+
+    outcome::result<PublicKeyUncompressed> recoverPublicKey(
+        gsl::span<const uint8_t> message,
+        const SignatureCompact &signature) const override;
+  };
+
+}  // namespace fc::crypto::secp256k1
+
+#endif  // CPP_FILECOIN_CORE_CRYPTO_SECP256K1_IMPL_SECP_256_K_1_SHA_256_PROVIDER_IMPL_HPP

core/crypto/secp256k1/secp256k1_error.hpp

@@ -0,0 +1,28 @@
+/**
+ * Copyright Soramitsu Co., Ltd. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#ifndef CPP_FILECOIN_CORE_CRYPTO_SECP256K1_SECP256K1_ERROR_HPP
+#define CPP_FILECOIN_CORE_CRYPTO_SECP256K1_SECP256K1_ERROR_HPP
+
+#include "common/outcome.hpp"
+
+namespace fc::crypto::secp256k1 {
+
+  enum class Secp256k1Error {
+    KEY_GENERATION_FAILED = 1,
+    SIGNATURE_PARSE_ERROR,
+    SIGNATURE_SERIALIZATION_ERROR,
+    CANNOT_SIGN_ERROR,
+    PUBKEY_PARSE_ERROR,
+    PUBKEY_SERIALIZATION_ERROR,
+    RECOVER_ERROR,
+    UNKNOWN_ERROR
+  };
+
+}
+
+OUTCOME_HPP_DECLARE_ERROR(fc::crypto::secp256k1, Secp256k1Error);
+
+#endif  // CPP_FILECOIN_CORE_CRYPTO_SECP256K1_SECP256K1_ERROR_HPP