zolfa
/
tendermint
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 221 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8928 Commits
183 Branches
291 MiB
Tree: c5cc3c8d3f
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c5cc3c8d3f'
${ noResults }
tendermint/crypto/ed25519/ed25519.go

227 lines
6.1 KiB
Raw Normal View History

crypto: Refactor to move files out of the top level directory Currently the top level directory contains basically all of the code for the crypto package. This PR moves the crypto code into submodules in a similar manner to what `golang/x/crypto` does. This improves code organization. Ref discussion: https://github.com/tendermint/tendermint/pull/1966 Closes #1956
6 years ago
crypto: ed25519 & sr25519 batch verification (#6120) Co-authored-by: Aleksandr Bezobchuk <alexanderbez@users.noreply.github.com> Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
3 years ago
crypto: Refactor to move files out of the top level directory Currently the top level directory contains basically all of the code for the crypto package. This PR moves the crypto code into submodules in a similar manner to what `golang/x/crypto` does. This improves code organization. Ref discussion: https://github.com/tendermint/tendermint/pull/1966 Closes #1956
6 years ago
crypto: Add benchmarking code for signature schemes (#2061) * crypto: Add benchmarking code for signature schemes This does a slight refactor for the key generation code. It now calls a seperate unexported method to allow generation from a reader. I think this will actually reduce time in generation, due to no longer initializing an extra slice. This was needed in order to enable benchmarking. This uses an internal package for the benchmarking code, so that this can be standardized without being exported in the public API. The benchmarking code is derived from agl/ed25519's benchmarking code, and has copied the license over. Closes #1984
6 years ago
crypto: Refactor to move files out of the top level directory Currently the top level directory contains basically all of the code for the crypto package. This PR moves the crypto code into submodules in a similar manner to what `golang/x/crypto` does. This improves code organization. Ref discussion: https://github.com/tendermint/tendermint/pull/1966 Closes #1956
6 years ago
crypto: Use a different library for ed25519/sr25519 (#6526) At Oasis we have spend some time writing a new Ed25519/X25519/sr25519 implementation called curve25519-voi. This PR switches the import from ed25519consensus/go-schnorrkel, which should lead to performance gains on most systems. Summary of changes: * curve25519-voi is now used for Ed25519 operations, following the existing ZIP-215 semantics. * curve25519-voi's public key cache is enabled (hardcoded size of 4096 entries, should be tuned, see the code comment) to accelerate repeated Ed25519 verification with the same public key(s). * (BREAKING) curve25519-voi is now used for sr25519 operations. This is a breaking change as the current sr25519 support does something decidedly non-standard when going from a MiniSecretKey to a SecretKey and or PublicKey (The expansion routine is called twice). While I believe the new behavior (that expands once and only once) to be more "correct", this changes the semantics as implemented. * curve25519-voi is now used for merlin since the included STROBE implementation produces much less garbage on the heap. Side issues fixed: * The version of go-schnorrkel that is currently imported by tendermint has a badly broken batch verification implementation. Upstream has fixed the issue after I reported it, so the version should be bumped in the interim. Open design questions/issues: * As noted, the public key cache size should be tuned. It is currently backed by a trivial thread-safe LRU cache, which is not scan-resistant, but replacing it with something better is a matter of implementing an interface. * As far as I can tell, the only reason why serial verification on batch failure is necessary is to provide more detailed error messages (that are only used in some unit tests). If you trust the batch verification to be consistent with serial verification then the fallback can be eliminated entirely (the BatchVerifier provided by the new library supports an option that omits the fallback if this is chosen as the way forward). * curve25519-voi's sr25519 support could use more optimization and more eyes on the code. The algorithm unfortunately is woefully under-specified, and the implementation was done primarily because I got really sad when I actually looked at go-schnorrkel, and we do not use the algorithm at this time.
3 years ago
ci: remove `add-path` (#5674)
4 years ago
crypto: Refactor to move files out of the top level directory Currently the top level directory contains basically all of the code for the crypto package. This PR moves the crypto code into submodules in a similar manner to what `golang/x/crypto` does. This improves code organization. Ref discussion: https://github.com/tendermint/tendermint/pull/1966 Closes #1956
6 years ago
rpc: replace Amino with new JSON encoder (#4968) Migrates the `rpc` package to use new JSON encoder in #4955. Branched off of that PR. Tests pass, but I haven't done any manual testing beyond that. This should be handled as part of broader 0.34 testing.
4 years ago
crypto: Refactor to move files out of the top level directory Currently the top level directory contains basically all of the code for the crypto package. This PR moves the crypto code into submodules in a similar manner to what `golang/x/crypto` does. This improves code organization. Ref discussion: https://github.com/tendermint/tendermint/pull/1966 Closes #1956
6 years ago
crypto: Use a different library for ed25519/sr25519 (#6526) At Oasis we have spend some time writing a new Ed25519/X25519/sr25519 implementation called curve25519-voi. This PR switches the import from ed25519consensus/go-schnorrkel, which should lead to performance gains on most systems. Summary of changes: * curve25519-voi is now used for Ed25519 operations, following the existing ZIP-215 semantics. * curve25519-voi's public key cache is enabled (hardcoded size of 4096 entries, should be tuned, see the code comment) to accelerate repeated Ed25519 verification with the same public key(s). * (BREAKING) curve25519-voi is now used for sr25519 operations. This is a breaking change as the current sr25519 support does something decidedly non-standard when going from a MiniSecretKey to a SecretKey and or PublicKey (The expansion routine is called twice). While I believe the new behavior (that expands once and only once) to be more "correct", this changes the semantics as implemented. * curve25519-voi is now used for merlin since the included STROBE implementation produces much less garbage on the heap. Side issues fixed: * The version of go-schnorrkel that is currently imported by tendermint has a badly broken batch verification implementation. Upstream has fixed the issue after I reported it, so the version should be bumped in the interim. Open design questions/issues: * As noted, the public key cache size should be tuned. It is currently backed by a trivial thread-safe LRU cache, which is not scan-resistant, but replacing it with something better is a matter of implementing an interface. * As far as I can tell, the only reason why serial verification on batch failure is necessary is to provide more detailed error messages (that are only used in some unit tests). If you trust the batch verification to be consistent with serial verification then the fallback can be eliminated entirely (the BatchVerifier provided by the new library supports an option that omits the fallback if this is chosen as the way forward). * curve25519-voi's sr25519 support could use more optimization and more eyes on the code. The algorithm unfortunately is woefully under-specified, and the implementation was done primarily because I got really sad when I actually looked at go-schnorrkel, and we do not use the algorithm at this time.
3 years ago
crypto: Refactor to move files out of the top level directory Currently the top level directory contains basically all of the code for the crypto package. This PR moves the crypto code into submodules in a similar manner to what `golang/x/crypto` does. This improves code organization. Ref discussion: https://github.com/tendermint/tendermint/pull/1966 Closes #1956
6 years ago
proto: leftover amino (#4986)
4 years ago
keys: change to []bytes (#4950)
4 years ago
crypto: Remove interface from crypto.Signature Signatures are now []byte, which saves on the number of bytes after amino encoding (squash this) address Ismail's comment
6 years ago
crypto: Remove unnecessary prefixes from amino route variable names (#2205) * crypto: Remove unnecessary ed25519 and secp256k1 prefixes from amino routes. * (squash this) add changelog * (squash this) multisig amino fixes * (squash this) fix build error
6 years ago
keys: change to []bytes (#4950)
4 years ago
proto: move keys to oneof (#4983)
4 years ago
crypto: add in secp256k1 support (#5500) Secp256k1 was removed in the protobuf migration, this pr adds it back in order to provide this functionality for users (band) Closes: #5495
4 years ago
crypto: Use a different library for ed25519/sr25519 (#6526) At Oasis we have spend some time writing a new Ed25519/X25519/sr25519 implementation called curve25519-voi. This PR switches the import from ed25519consensus/go-schnorrkel, which should lead to performance gains on most systems. Summary of changes: * curve25519-voi is now used for Ed25519 operations, following the existing ZIP-215 semantics. * curve25519-voi's public key cache is enabled (hardcoded size of 4096 entries, should be tuned, see the code comment) to accelerate repeated Ed25519 verification with the same public key(s). * (BREAKING) curve25519-voi is now used for sr25519 operations. This is a breaking change as the current sr25519 support does something decidedly non-standard when going from a MiniSecretKey to a SecretKey and or PublicKey (The expansion routine is called twice). While I believe the new behavior (that expands once and only once) to be more "correct", this changes the semantics as implemented. * curve25519-voi is now used for merlin since the included STROBE implementation produces much less garbage on the heap. Side issues fixed: * The version of go-schnorrkel that is currently imported by tendermint has a badly broken batch verification implementation. Upstream has fixed the issue after I reported it, so the version should be bumped in the interim. Open design questions/issues: * As noted, the public key cache size should be tuned. It is currently backed by a trivial thread-safe LRU cache, which is not scan-resistant, but replacing it with something better is a matter of implementing an interface. * As far as I can tell, the only reason why serial verification on batch failure is necessary is to provide more detailed error messages (that are only used in some unit tests). If you trust the batch verification to be consistent with serial verification then the fallback can be eliminated entirely (the BatchVerifier provided by the new library supports an option that omits the fallback if this is chosen as the way forward). * curve25519-voi's sr25519 support could use more optimization and more eyes on the code. The algorithm unfortunately is woefully under-specified, and the implementation was done primarily because I got really sad when I actually looked at go-schnorrkel, and we do not use the algorithm at this time.
3 years ago
crypto: Refactor to move files out of the top level directory Currently the top level directory contains basically all of the code for the crypto package. This PR moves the crypto code into submodules in a similar manner to what `golang/x/crypto` does. This improves code organization. Ref discussion: https://github.com/tendermint/tendermint/pull/1966 Closes #1956
6 years ago
rpc: replace Amino with new JSON encoder (#4968) Migrates the `rpc` package to use new JSON encoder in #4955. Branched off of that PR. Tests pass, but I haven't done any manual testing beyond that. This should be handled as part of broader 0.34 testing.
4 years ago
proto: leftover amino (#4986)
4 years ago
rpc: replace Amino with new JSON encoder (#4968) Migrates the `rpc` package to use new JSON encoder in #4955. Branched off of that PR. Tests pass, but I haven't done any manual testing beyond that. This should be handled as part of broader 0.34 testing.
4 years ago
crypto: remove key suffixes (#4941) ## Description - remove keyname suffix from keys Closes: #2228
4 years ago
keys: change to []bytes (#4950)
4 years ago
crypto: Refactor to move files out of the top level directory Currently the top level directory contains basically all of the code for the crypto package. This PR moves the crypto code into submodules in a similar manner to what `golang/x/crypto` does. This improves code organization. Ref discussion: https://github.com/tendermint/tendermint/pull/1966 Closes #1956
6 years ago
keys: change to []bytes (#4950)
4 years ago
crypto: remove key suffixes (#4941) ## Description - remove keyname suffix from keys Closes: #2228
4 years ago
keys: change to []bytes (#4950)
4 years ago
crypto: Refactor to move files out of the top level directory Currently the top level directory contains basically all of the code for the crypto package. This PR moves the crypto code into submodules in a similar manner to what `golang/x/crypto` does. This improves code organization. Ref discussion: https://github.com/tendermint/tendermint/pull/1966 Closes #1956
6 years ago
crypto/ed25519: Update the godocs (#2002) This commit updates the godocs for the package, and adds an optimization to the privkey.Pubkey() method. The optimization is that in golang, the private key (due to interface compatibility reasons) has a copy of the public key stored inside of it. Therefore if this copy has already been computed, there is no need to recompute it.
6 years ago
Comment about ed25519 private key format on Sign (#2632) Closes #2001
6 years ago
crypto: remove key suffixes (#4941) ## Description - remove keyname suffix from keys Closes: #2228
4 years ago
keys: change to []bytes (#4950)
4 years ago
gocritic (1/2) (#3836) Add gocritic as a linter The linting is not complete, but should i complete in this PR or in a following. 23 files have been touched so it may be better to do in a following PR Commits: * Add gocritic to linting - Added gocritic to linting Signed-off-by: Marko Baricevic <marbar3778@yahoo.com> * gocritic * pr comments * remove switch in cmdBatch
5 years ago
crypto: Refactor to move files out of the top level directory Currently the top level directory contains basically all of the code for the crypto package. This PR moves the crypto code into submodules in a similar manner to what `golang/x/crypto` does. This improves code organization. Ref discussion: https://github.com/tendermint/tendermint/pull/1966 Closes #1956
6 years ago
crypto/ed25519: Update the godocs (#2002) This commit updates the godocs for the package, and adds an optimization to the privkey.Pubkey() method. The optimization is that in golang, the private key (due to interface compatibility reasons) has a copy of the public key stored inside of it. Therefore if this copy has already been computed, there is no need to recompute it.
6 years ago
keys: change to []bytes (#4950)
4 years ago
crypto: remove key suffixes (#4941) ## Description - remove keyname suffix from keys Closes: #2228
4 years ago
keys: change to []bytes (#4950)
4 years ago
crypto/ed25519: Update the godocs (#2002) This commit updates the godocs for the package, and adds an optimization to the privkey.Pubkey() method. The optimization is that in golang, the private key (due to interface compatibility reasons) has a copy of the public key stored inside of it. Therefore if this copy has already been computed, there is no need to recompute it.
6 years ago
keys: change to []bytes (#4950)
4 years ago
crypto/ed25519: Update the godocs (#2002) This commit updates the godocs for the package, and adds an optimization to the privkey.Pubkey() method. The optimization is that in golang, the private key (due to interface compatibility reasons) has a copy of the public key stored inside of it. Therefore if this copy has already been computed, there is no need to recompute it.
6 years ago
ed25519: use golang/x/crypto fork (#2558) * ed25519: use golang/x/crypto fork * changelog * gix GenerateFromPassword * fixes from review
6 years ago
crypto: remove key suffixes (#4941) ## Description - remove keyname suffix from keys Closes: #2228
4 years ago
crypto/ed25519: Update the godocs (#2002) This commit updates the godocs for the package, and adds an optimization to the privkey.Pubkey() method. The optimization is that in golang, the private key (due to interface compatibility reasons) has a copy of the public key stored inside of it. Therefore if this copy has already been computed, there is no need to recompute it.
6 years ago
keys: change to []bytes (#4950)
4 years ago
crypto: remove key suffixes (#4941) ## Description - remove keyname suffix from keys Closes: #2228
4 years ago
crypto: Refactor to move files out of the top level directory Currently the top level directory contains basically all of the code for the crypto package. This PR moves the crypto code into submodules in a similar manner to what `golang/x/crypto` does. This improves code organization. Ref discussion: https://github.com/tendermint/tendermint/pull/1966 Closes #1956
6 years ago
crypto: remove key suffixes (#4941) ## Description - remove keyname suffix from keys Closes: #2228
4 years ago
crypto: Refactor to move files out of the top level directory Currently the top level directory contains basically all of the code for the crypto package. This PR moves the crypto code into submodules in a similar manner to what `golang/x/crypto` does. This improves code organization. Ref discussion: https://github.com/tendermint/tendermint/pull/1966 Closes #1956
6 years ago
lint: Enable Golint (#4212) * Fix many golint errors * Fix golint errors in the 'lite' package * Don't export Pool.store * Fix typo * Revert unwanted changes * Fix errors in counter package * Fix linter errors in kvstore package * Fix linter error in example package * Fix error in tests package * Fix linter errors in v2 package * Fix linter errors in consensus package * Fix linter errors in evidence package * Fix linter error in fail package * Fix linter errors in query package * Fix linter errors in core package * Fix linter errors in node package * Fix linter errors in mempool package * Fix linter error in conn package * Fix linter errors in pex package * Rename PEXReactor export to Reactor * Fix linter errors in trust package * Fix linter errors in upnp package * Fix linter errors in p2p package * Fix linter errors in proxy package * Fix linter errors in mock_test package * Fix linter error in client_test package * Fix linter errors in coretypes package * Fix linter errors in coregrpc package * Fix linter errors in rpcserver package * Fix linter errors in rpctypes package * Fix linter errors in rpctest package * Fix linter error in json2wal script * Fix linter error in wal2json script * Fix linter errors in kv package * Fix linter error in state package * Fix linter error in grpc_client * Fix linter errors in types package * Fix linter error in version package * Fix remaining errors * Address review comments * Fix broken tests * Reconcile package coregrpc * Fix golangci bot error * Fix new golint errors * Fix broken reference * Enable golint linter * minor changes to bring golint into line * fix failing test * fix pex reactor naming * address PR comments
5 years ago
crypto: Refactor to move files out of the top level directory Currently the top level directory contains basically all of the code for the crypto package. This PR moves the crypto code into submodules in a similar manner to what `golang/x/crypto` does. This improves code organization. Ref discussion: https://github.com/tendermint/tendermint/pull/1966 Closes #1956
6 years ago
proto: move keys to oneof (#4983)
4 years ago
crypto: add in secp256k1 support (#5500) Secp256k1 was removed in the protobuf migration, this pr adds it back in order to provide this functionality for users (band) Closes: #5495
4 years ago
proto: move keys to oneof (#4983)
4 years ago
crypto: Remove Ed25519 and Secp256k1 suffix on GenPrivKey
6 years ago
crypto/ed25519: Update the godocs (#2002) This commit updates the godocs for the package, and adds an optimization to the privkey.Pubkey() method. The optimization is that in golang, the private key (due to interface compatibility reasons) has a copy of the public key stored inside of it. Therefore if this copy has already been computed, there is no need to recompute it.
6 years ago
crypto: remove key suffixes (#4941) ## Description - remove keyname suffix from keys Closes: #2228
4 years ago
crypto: Add benchmarking code for signature schemes (#2061) * crypto: Add benchmarking code for signature schemes This does a slight refactor for the key generation code. It now calls a seperate unexported method to allow generation from a reader. I think this will actually reduce time in generation, due to no longer initializing an extra slice. This was needed in order to enable benchmarking. This uses an internal package for the benchmarking code, so that this can be standardized without being exported in the public API. The benchmarking code is derived from agl/ed25519's benchmarking code, and has copied the license over. Closes #1984
6 years ago
crypto: remove key suffixes (#4941) ## Description - remove keyname suffix from keys Closes: #2228
4 years ago
crypto: Use a different library for ed25519/sr25519 (#6526) At Oasis we have spend some time writing a new Ed25519/X25519/sr25519 implementation called curve25519-voi. This PR switches the import from ed25519consensus/go-schnorrkel, which should lead to performance gains on most systems. Summary of changes: * curve25519-voi is now used for Ed25519 operations, following the existing ZIP-215 semantics. * curve25519-voi's public key cache is enabled (hardcoded size of 4096 entries, should be tuned, see the code comment) to accelerate repeated Ed25519 verification with the same public key(s). * (BREAKING) curve25519-voi is now used for sr25519 operations. This is a breaking change as the current sr25519 support does something decidedly non-standard when going from a MiniSecretKey to a SecretKey and or PublicKey (The expansion routine is called twice). While I believe the new behavior (that expands once and only once) to be more "correct", this changes the semantics as implemented. * curve25519-voi is now used for merlin since the included STROBE implementation produces much less garbage on the heap. Side issues fixed: * The version of go-schnorrkel that is currently imported by tendermint has a badly broken batch verification implementation. Upstream has fixed the issue after I reported it, so the version should be bumped in the interim. Open design questions/issues: * As noted, the public key cache size should be tuned. It is currently backed by a trivial thread-safe LRU cache, which is not scan-resistant, but replacing it with something better is a matter of implementing an interface. * As far as I can tell, the only reason why serial verification on batch failure is necessary is to provide more detailed error messages (that are only used in some unit tests). If you trust the batch verification to be consistent with serial verification then the fallback can be eliminated entirely (the BatchVerifier provided by the new library supports an option that omits the fallback if this is chosen as the way forward). * curve25519-voi's sr25519 support could use more optimization and more eyes on the code. The algorithm unfortunately is woefully under-specified, and the implementation was done primarily because I got really sad when I actually looked at go-schnorrkel, and we do not use the algorithm at this time.
3 years ago
crypto: Add benchmarking code for signature schemes (#2061) * crypto: Add benchmarking code for signature schemes This does a slight refactor for the key generation code. It now calls a seperate unexported method to allow generation from a reader. I think this will actually reduce time in generation, due to no longer initializing an extra slice. This was needed in order to enable benchmarking. This uses an internal package for the benchmarking code, so that this can be standardized without being exported in the public API. The benchmarking code is derived from agl/ed25519's benchmarking code, and has copied the license over. Closes #1984
6 years ago
ed25519: use golang/x/crypto fork (#2558) * ed25519: use golang/x/crypto fork * changelog * gix GenerateFromPassword * fixes from review
6 years ago
crypto: Use a different library for ed25519/sr25519 (#6526) At Oasis we have spend some time writing a new Ed25519/X25519/sr25519 implementation called curve25519-voi. This PR switches the import from ed25519consensus/go-schnorrkel, which should lead to performance gains on most systems. Summary of changes: * curve25519-voi is now used for Ed25519 operations, following the existing ZIP-215 semantics. * curve25519-voi's public key cache is enabled (hardcoded size of 4096 entries, should be tuned, see the code comment) to accelerate repeated Ed25519 verification with the same public key(s). * (BREAKING) curve25519-voi is now used for sr25519 operations. This is a breaking change as the current sr25519 support does something decidedly non-standard when going from a MiniSecretKey to a SecretKey and or PublicKey (The expansion routine is called twice). While I believe the new behavior (that expands once and only once) to be more "correct", this changes the semantics as implemented. * curve25519-voi is now used for merlin since the included STROBE implementation produces much less garbage on the heap. Side issues fixed: * The version of go-schnorrkel that is currently imported by tendermint has a badly broken batch verification implementation. Upstream has fixed the issue after I reported it, so the version should be bumped in the interim. Open design questions/issues: * As noted, the public key cache size should be tuned. It is currently backed by a trivial thread-safe LRU cache, which is not scan-resistant, but replacing it with something better is a matter of implementing an interface. * As far as I can tell, the only reason why serial verification on batch failure is necessary is to provide more detailed error messages (that are only used in some unit tests). If you trust the batch verification to be consistent with serial verification then the fallback can be eliminated entirely (the BatchVerifier provided by the new library supports an option that omits the fallback if this is chosen as the way forward). * curve25519-voi's sr25519 support could use more optimization and more eyes on the code. The algorithm unfortunately is woefully under-specified, and the implementation was done primarily because I got really sad when I actually looked at go-schnorrkel, and we do not use the algorithm at this time.
3 years ago
crypto: Refactor to move files out of the top level directory Currently the top level directory contains basically all of the code for the crypto package. This PR moves the crypto code into submodules in a similar manner to what `golang/x/crypto` does. This improves code organization. Ref discussion: https://github.com/tendermint/tendermint/pull/1966 Closes #1956
6 years ago
crypto: Remove Ed25519 and Secp256k1 suffix on GenPrivKey
6 years ago
crypto/ed25519: Update the godocs (#2002) This commit updates the godocs for the package, and adds an optimization to the privkey.Pubkey() method. The optimization is that in golang, the private key (due to interface compatibility reasons) has a copy of the public key stored inside of it. Therefore if this copy has already been computed, there is no need to recompute it.
6 years ago
crypto: Refactor to move files out of the top level directory Currently the top level directory contains basically all of the code for the crypto package. This PR moves the crypto code into submodules in a similar manner to what `golang/x/crypto` does. This improves code organization. Ref discussion: https://github.com/tendermint/tendermint/pull/1966 Closes #1956
6 years ago
crypto: remove key suffixes (#4941) ## Description - remove keyname suffix from keys Closes: #2228
4 years ago
ed25519: use golang/x/crypto fork (#2558) * ed25519: use golang/x/crypto fork * changelog * gix GenerateFromPassword * fixes from review
6 years ago
keys: change to []bytes (#4950)
4 years ago
crypto: Refactor to move files out of the top level directory Currently the top level directory contains basically all of the code for the crypto package. This PR moves the crypto code into submodules in a similar manner to what `golang/x/crypto` does. This improves code organization. Ref discussion: https://github.com/tendermint/tendermint/pull/1966 Closes #1956
6 years ago
crypto: remove key suffixes (#4941) ## Description - remove keyname suffix from keys Closes: #2228
4 years ago
crypto: Refactor to move files out of the top level directory Currently the top level directory contains basically all of the code for the crypto package. This PR moves the crypto code into submodules in a similar manner to what `golang/x/crypto` does. This improves code organization. Ref discussion: https://github.com/tendermint/tendermint/pull/1966 Closes #1956
6 years ago
keys: change to []bytes (#4950)
4 years ago
crypto: Refactor to move files out of the top level directory Currently the top level directory contains basically all of the code for the crypto package. This PR moves the crypto code into submodules in a similar manner to what `golang/x/crypto` does. This improves code organization. Ref discussion: https://github.com/tendermint/tendermint/pull/1966 Closes #1956
6 years ago
crypto: remove key suffixes (#4941) ## Description - remove keyname suffix from keys Closes: #2228
4 years ago
keys: change to []bytes (#4950)
4 years ago
crypto: Refactor to move files out of the top level directory Currently the top level directory contains basically all of the code for the crypto package. This PR moves the crypto code into submodules in a similar manner to what `golang/x/crypto` does. This improves code organization. Ref discussion: https://github.com/tendermint/tendermint/pull/1966 Closes #1956
6 years ago
keys: change to []bytes (#4950)
4 years ago
crypto: remove key suffixes (#4941) ## Description - remove keyname suffix from keys Closes: #2228
4 years ago
keys: change to []bytes (#4950)
4 years ago
crypto: Refactor to move files out of the top level directory Currently the top level directory contains basically all of the code for the crypto package. This PR moves the crypto code into submodules in a similar manner to what `golang/x/crypto` does. This improves code organization. Ref discussion: https://github.com/tendermint/tendermint/pull/1966 Closes #1956
6 years ago
crypto: API modifications (#5236) ## Description This PR aims to make the crypto.PubKey interface more intuitive. Changes: - `VerfiyBytes` -> `VerifySignature` Before `Bytes()` was amino encoded, now since it is the byte representation should we get rid of it entirely? EDIT: decided to keep `Bytes()` as it is useful if you are using the interface instead of the concrete key Closes: #XXX
4 years ago
crypto: Refactor to move files out of the top level directory Currently the top level directory contains basically all of the code for the crypto package. This PR moves the crypto code into submodules in a similar manner to what `golang/x/crypto` does. This improves code organization. Ref discussion: https://github.com/tendermint/tendermint/pull/1966 Closes #1956
6 years ago
ed25519: use golang/x/crypto fork (#2558) * ed25519: use golang/x/crypto fork * changelog * gix GenerateFromPassword * fixes from review
6 years ago
crypto: Refactor to move files out of the top level directory Currently the top level directory contains basically all of the code for the crypto package. This PR moves the crypto code into submodules in a similar manner to what `golang/x/crypto` does. This improves code organization. Ref discussion: https://github.com/tendermint/tendermint/pull/1966 Closes #1956
6 years ago
privval: migrate to protobuf (#4985)
4 years ago
crypto: Use a different library for ed25519/sr25519 (#6526) At Oasis we have spend some time writing a new Ed25519/X25519/sr25519 implementation called curve25519-voi. This PR switches the import from ed25519consensus/go-schnorrkel, which should lead to performance gains on most systems. Summary of changes: * curve25519-voi is now used for Ed25519 operations, following the existing ZIP-215 semantics. * curve25519-voi's public key cache is enabled (hardcoded size of 4096 entries, should be tuned, see the code comment) to accelerate repeated Ed25519 verification with the same public key(s). * (BREAKING) curve25519-voi is now used for sr25519 operations. This is a breaking change as the current sr25519 support does something decidedly non-standard when going from a MiniSecretKey to a SecretKey and or PublicKey (The expansion routine is called twice). While I believe the new behavior (that expands once and only once) to be more "correct", this changes the semantics as implemented. * curve25519-voi is now used for merlin since the included STROBE implementation produces much less garbage on the heap. Side issues fixed: * The version of go-schnorrkel that is currently imported by tendermint has a badly broken batch verification implementation. Upstream has fixed the issue after I reported it, so the version should be bumped in the interim. Open design questions/issues: * As noted, the public key cache size should be tuned. It is currently backed by a trivial thread-safe LRU cache, which is not scan-resistant, but replacing it with something better is a matter of implementing an interface. * As far as I can tell, the only reason why serial verification on batch failure is necessary is to provide more detailed error messages (that are only used in some unit tests). If you trust the batch verification to be consistent with serial verification then the fallback can be eliminated entirely (the BatchVerifier provided by the new library supports an option that omits the fallback if this is chosen as the way forward). * curve25519-voi's sr25519 support could use more optimization and more eyes on the code. The algorithm unfortunately is woefully under-specified, and the implementation was done primarily because I got really sad when I actually looked at go-schnorrkel, and we do not use the algorithm at this time.
3 years ago
crypto: Refactor to move files out of the top level directory Currently the top level directory contains basically all of the code for the crypto package. This PR moves the crypto code into submodules in a similar manner to what `golang/x/crypto` does. This improves code organization. Ref discussion: https://github.com/tendermint/tendermint/pull/1966 Closes #1956
6 years ago
crypto: remove key suffixes (#4941) ## Description - remove keyname suffix from keys Closes: #2228
4 years ago
keys: change to []bytes (#4950)
4 years ago
crypto: Refactor to move files out of the top level directory Currently the top level directory contains basically all of the code for the crypto package. This PR moves the crypto code into submodules in a similar manner to what `golang/x/crypto` does. This improves code organization. Ref discussion: https://github.com/tendermint/tendermint/pull/1966 Closes #1956
6 years ago
proto: move keys to oneof (#4983)
4 years ago
crypto: add in secp256k1 support (#5500) Secp256k1 was removed in the protobuf migration, this pr adds it back in order to provide this functionality for users (band) Closes: #5495
4 years ago
proto: move keys to oneof (#4983)
4 years ago
crypto: remove key suffixes (#4941) ## Description - remove keyname suffix from keys Closes: #2228
4 years ago
crypto: Refactor to move files out of the top level directory Currently the top level directory contains basically all of the code for the crypto package. This PR moves the crypto code into submodules in a similar manner to what `golang/x/crypto` does. This improves code organization. Ref discussion: https://github.com/tendermint/tendermint/pull/1966 Closes #1956
6 years ago
lint: Enable Golint (#4212) * Fix many golint errors * Fix golint errors in the 'lite' package * Don't export Pool.store * Fix typo * Revert unwanted changes * Fix errors in counter package * Fix linter errors in kvstore package * Fix linter error in example package * Fix error in tests package * Fix linter errors in v2 package * Fix linter errors in consensus package * Fix linter errors in evidence package * Fix linter error in fail package * Fix linter errors in query package * Fix linter errors in core package * Fix linter errors in node package * Fix linter errors in mempool package * Fix linter error in conn package * Fix linter errors in pex package * Rename PEXReactor export to Reactor * Fix linter errors in trust package * Fix linter errors in upnp package * Fix linter errors in p2p package * Fix linter errors in proxy package * Fix linter errors in mock_test package * Fix linter error in client_test package * Fix linter errors in coretypes package * Fix linter errors in coregrpc package * Fix linter errors in rpcserver package * Fix linter errors in rpctypes package * Fix linter errors in rpctest package * Fix linter error in json2wal script * Fix linter error in wal2json script * Fix linter errors in kv package * Fix linter error in state package * Fix linter error in grpc_client * Fix linter errors in types package * Fix linter error in version package * Fix remaining errors * Address review comments * Fix broken tests * Reconcile package coregrpc * Fix golangci bot error * Fix new golint errors * Fix broken reference * Enable golint linter * minor changes to bring golint into line * fix failing test * fix pex reactor naming * address PR comments
5 years ago
crypto: Refactor to move files out of the top level directory Currently the top level directory contains basically all of the code for the crypto package. This PR moves the crypto code into submodules in a similar manner to what `golang/x/crypto` does. This improves code organization. Ref discussion: https://github.com/tendermint/tendermint/pull/1966 Closes #1956
6 years ago
crypto: ed25519 & sr25519 batch verification (#6120) Co-authored-by: Aleksandr Bezobchuk <alexanderbez@users.noreply.github.com> Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
3 years ago
crypto: Use a different library for ed25519/sr25519 (#6526) At Oasis we have spend some time writing a new Ed25519/X25519/sr25519 implementation called curve25519-voi. This PR switches the import from ed25519consensus/go-schnorrkel, which should lead to performance gains on most systems. Summary of changes: * curve25519-voi is now used for Ed25519 operations, following the existing ZIP-215 semantics. * curve25519-voi's public key cache is enabled (hardcoded size of 4096 entries, should be tuned, see the code comment) to accelerate repeated Ed25519 verification with the same public key(s). * (BREAKING) curve25519-voi is now used for sr25519 operations. This is a breaking change as the current sr25519 support does something decidedly non-standard when going from a MiniSecretKey to a SecretKey and or PublicKey (The expansion routine is called twice). While I believe the new behavior (that expands once and only once) to be more "correct", this changes the semantics as implemented. * curve25519-voi is now used for merlin since the included STROBE implementation produces much less garbage on the heap. Side issues fixed: * The version of go-schnorrkel that is currently imported by tendermint has a badly broken batch verification implementation. Upstream has fixed the issue after I reported it, so the version should be bumped in the interim. Open design questions/issues: * As noted, the public key cache size should be tuned. It is currently backed by a trivial thread-safe LRU cache, which is not scan-resistant, but replacing it with something better is a matter of implementing an interface. * As far as I can tell, the only reason why serial verification on batch failure is necessary is to provide more detailed error messages (that are only used in some unit tests). If you trust the batch verification to be consistent with serial verification then the fallback can be eliminated entirely (the BatchVerifier provided by the new library supports an option that omits the fallback if this is chosen as the way forward). * curve25519-voi's sr25519 support could use more optimization and more eyes on the code. The algorithm unfortunately is woefully under-specified, and the implementation was done primarily because I got really sad when I actually looked at go-schnorrkel, and we do not use the algorithm at this time.
3 years ago
crypto: ed25519 & sr25519 batch verification (#6120) Co-authored-by: Aleksandr Bezobchuk <alexanderbez@users.noreply.github.com> Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
3 years ago
crypto: Use a different library for ed25519/sr25519 (#6526) At Oasis we have spend some time writing a new Ed25519/X25519/sr25519 implementation called curve25519-voi. This PR switches the import from ed25519consensus/go-schnorrkel, which should lead to performance gains on most systems. Summary of changes: * curve25519-voi is now used for Ed25519 operations, following the existing ZIP-215 semantics. * curve25519-voi's public key cache is enabled (hardcoded size of 4096 entries, should be tuned, see the code comment) to accelerate repeated Ed25519 verification with the same public key(s). * (BREAKING) curve25519-voi is now used for sr25519 operations. This is a breaking change as the current sr25519 support does something decidedly non-standard when going from a MiniSecretKey to a SecretKey and or PublicKey (The expansion routine is called twice). While I believe the new behavior (that expands once and only once) to be more "correct", this changes the semantics as implemented. * curve25519-voi is now used for merlin since the included STROBE implementation produces much less garbage on the heap. Side issues fixed: * The version of go-schnorrkel that is currently imported by tendermint has a badly broken batch verification implementation. Upstream has fixed the issue after I reported it, so the version should be bumped in the interim. Open design questions/issues: * As noted, the public key cache size should be tuned. It is currently backed by a trivial thread-safe LRU cache, which is not scan-resistant, but replacing it with something better is a matter of implementing an interface. * As far as I can tell, the only reason why serial verification on batch failure is necessary is to provide more detailed error messages (that are only used in some unit tests). If you trust the batch verification to be consistent with serial verification then the fallback can be eliminated entirely (the BatchVerifier provided by the new library supports an option that omits the fallback if this is chosen as the way forward). * curve25519-voi's sr25519 support could use more optimization and more eyes on the code. The algorithm unfortunately is woefully under-specified, and the implementation was done primarily because I got really sad when I actually looked at go-schnorrkel, and we do not use the algorithm at this time.
3 years ago
crypto: ed25519 & sr25519 batch verification (#6120) Co-authored-by: Aleksandr Bezobchuk <alexanderbez@users.noreply.github.com> Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
3 years ago
crypto: Use a different library for ed25519/sr25519 (#6526) At Oasis we have spend some time writing a new Ed25519/X25519/sr25519 implementation called curve25519-voi. This PR switches the import from ed25519consensus/go-schnorrkel, which should lead to performance gains on most systems. Summary of changes: * curve25519-voi is now used for Ed25519 operations, following the existing ZIP-215 semantics. * curve25519-voi's public key cache is enabled (hardcoded size of 4096 entries, should be tuned, see the code comment) to accelerate repeated Ed25519 verification with the same public key(s). * (BREAKING) curve25519-voi is now used for sr25519 operations. This is a breaking change as the current sr25519 support does something decidedly non-standard when going from a MiniSecretKey to a SecretKey and or PublicKey (The expansion routine is called twice). While I believe the new behavior (that expands once and only once) to be more "correct", this changes the semantics as implemented. * curve25519-voi is now used for merlin since the included STROBE implementation produces much less garbage on the heap. Side issues fixed: * The version of go-schnorrkel that is currently imported by tendermint has a badly broken batch verification implementation. Upstream has fixed the issue after I reported it, so the version should be bumped in the interim. Open design questions/issues: * As noted, the public key cache size should be tuned. It is currently backed by a trivial thread-safe LRU cache, which is not scan-resistant, but replacing it with something better is a matter of implementing an interface. * As far as I can tell, the only reason why serial verification on batch failure is necessary is to provide more detailed error messages (that are only used in some unit tests). If you trust the batch verification to be consistent with serial verification then the fallback can be eliminated entirely (the BatchVerifier provided by the new library supports an option that omits the fallback if this is chosen as the way forward). * curve25519-voi's sr25519 support could use more optimization and more eyes on the code. The algorithm unfortunately is woefully under-specified, and the implementation was done primarily because I got really sad when I actually looked at go-schnorrkel, and we do not use the algorithm at this time.
3 years ago
crypto: ed25519 & sr25519 batch verification (#6120) Co-authored-by: Aleksandr Bezobchuk <alexanderbez@users.noreply.github.com> Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
3 years ago
crypto: Use a different library for ed25519/sr25519 (#6526) At Oasis we have spend some time writing a new Ed25519/X25519/sr25519 implementation called curve25519-voi. This PR switches the import from ed25519consensus/go-schnorrkel, which should lead to performance gains on most systems. Summary of changes: * curve25519-voi is now used for Ed25519 operations, following the existing ZIP-215 semantics. * curve25519-voi's public key cache is enabled (hardcoded size of 4096 entries, should be tuned, see the code comment) to accelerate repeated Ed25519 verification with the same public key(s). * (BREAKING) curve25519-voi is now used for sr25519 operations. This is a breaking change as the current sr25519 support does something decidedly non-standard when going from a MiniSecretKey to a SecretKey and or PublicKey (The expansion routine is called twice). While I believe the new behavior (that expands once and only once) to be more "correct", this changes the semantics as implemented. * curve25519-voi is now used for merlin since the included STROBE implementation produces much less garbage on the heap. Side issues fixed: * The version of go-schnorrkel that is currently imported by tendermint has a badly broken batch verification implementation. Upstream has fixed the issue after I reported it, so the version should be bumped in the interim. Open design questions/issues: * As noted, the public key cache size should be tuned. It is currently backed by a trivial thread-safe LRU cache, which is not scan-resistant, but replacing it with something better is a matter of implementing an interface. * As far as I can tell, the only reason why serial verification on batch failure is necessary is to provide more detailed error messages (that are only used in some unit tests). If you trust the batch verification to be consistent with serial verification then the fallback can be eliminated entirely (the BatchVerifier provided by the new library supports an option that omits the fallback if this is chosen as the way forward). * curve25519-voi's sr25519 support could use more optimization and more eyes on the code. The algorithm unfortunately is woefully under-specified, and the implementation was done primarily because I got really sad when I actually looked at go-schnorrkel, and we do not use the algorithm at this time.
3 years ago
crypto: ed25519 & sr25519 batch verification (#6120) Co-authored-by: Aleksandr Bezobchuk <alexanderbez@users.noreply.github.com> Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
3 years ago
crypto: Use a different library for ed25519/sr25519 (#6526) At Oasis we have spend some time writing a new Ed25519/X25519/sr25519 implementation called curve25519-voi. This PR switches the import from ed25519consensus/go-schnorrkel, which should lead to performance gains on most systems. Summary of changes: * curve25519-voi is now used for Ed25519 operations, following the existing ZIP-215 semantics. * curve25519-voi's public key cache is enabled (hardcoded size of 4096 entries, should be tuned, see the code comment) to accelerate repeated Ed25519 verification with the same public key(s). * (BREAKING) curve25519-voi is now used for sr25519 operations. This is a breaking change as the current sr25519 support does something decidedly non-standard when going from a MiniSecretKey to a SecretKey and or PublicKey (The expansion routine is called twice). While I believe the new behavior (that expands once and only once) to be more "correct", this changes the semantics as implemented. * curve25519-voi is now used for merlin since the included STROBE implementation produces much less garbage on the heap. Side issues fixed: * The version of go-schnorrkel that is currently imported by tendermint has a badly broken batch verification implementation. Upstream has fixed the issue after I reported it, so the version should be bumped in the interim. Open design questions/issues: * As noted, the public key cache size should be tuned. It is currently backed by a trivial thread-safe LRU cache, which is not scan-resistant, but replacing it with something better is a matter of implementing an interface. * As far as I can tell, the only reason why serial verification on batch failure is necessary is to provide more detailed error messages (that are only used in some unit tests). If you trust the batch verification to be consistent with serial verification then the fallback can be eliminated entirely (the BatchVerifier provided by the new library supports an option that omits the fallback if this is chosen as the way forward). * curve25519-voi's sr25519 support could use more optimization and more eyes on the code. The algorithm unfortunately is woefully under-specified, and the implementation was done primarily because I got really sad when I actually looked at go-schnorrkel, and we do not use the algorithm at this time.
3 years ago
crypto: ed25519 & sr25519 batch verification (#6120) Co-authored-by: Aleksandr Bezobchuk <alexanderbez@users.noreply.github.com> Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
3 years ago
crypto: Use a different library for ed25519/sr25519 (#6526) At Oasis we have spend some time writing a new Ed25519/X25519/sr25519 implementation called curve25519-voi. This PR switches the import from ed25519consensus/go-schnorrkel, which should lead to performance gains on most systems. Summary of changes: * curve25519-voi is now used for Ed25519 operations, following the existing ZIP-215 semantics. * curve25519-voi's public key cache is enabled (hardcoded size of 4096 entries, should be tuned, see the code comment) to accelerate repeated Ed25519 verification with the same public key(s). * (BREAKING) curve25519-voi is now used for sr25519 operations. This is a breaking change as the current sr25519 support does something decidedly non-standard when going from a MiniSecretKey to a SecretKey and or PublicKey (The expansion routine is called twice). While I believe the new behavior (that expands once and only once) to be more "correct", this changes the semantics as implemented. * curve25519-voi is now used for merlin since the included STROBE implementation produces much less garbage on the heap. Side issues fixed: * The version of go-schnorrkel that is currently imported by tendermint has a badly broken batch verification implementation. Upstream has fixed the issue after I reported it, so the version should be bumped in the interim. Open design questions/issues: * As noted, the public key cache size should be tuned. It is currently backed by a trivial thread-safe LRU cache, which is not scan-resistant, but replacing it with something better is a matter of implementing an interface. * As far as I can tell, the only reason why serial verification on batch failure is necessary is to provide more detailed error messages (that are only used in some unit tests). If you trust the batch verification to be consistent with serial verification then the fallback can be eliminated entirely (the BatchVerifier provided by the new library supports an option that omits the fallback if this is chosen as the way forward). * curve25519-voi's sr25519 support could use more optimization and more eyes on the code. The algorithm unfortunately is woefully under-specified, and the implementation was done primarily because I got really sad when I actually looked at go-schnorrkel, and we do not use the algorithm at this time.
3 years ago
crypto: ed25519 & sr25519 batch verification (#6120) Co-authored-by: Aleksandr Bezobchuk <alexanderbez@users.noreply.github.com> Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
3 years ago
 
  1. package ed25519
  2. 

  3. import (
  4. 	"bytes"
  5. 	"crypto/subtle"
  6. 	"errors"
  7. 	"fmt"
  8. 	"io"
  9. 

  10. 	"github.com/oasisprotocol/curve25519-voi/primitives/ed25519"
  11. 	"github.com/oasisprotocol/curve25519-voi/primitives/ed25519/extra/cache"
  12. 

  13. 	"github.com/tendermint/tendermint/crypto"
  14. 	"github.com/tendermint/tendermint/crypto/tmhash"
  15. 	tmjson "github.com/tendermint/tendermint/libs/json"
  16. )
  17. 

  18. //-------------------------------------

  19. 

  20. var (
  21. 	_ crypto.PrivKey = PrivKey{}
  22. 

  23. 	// curve25519-voi's Ed25519 implementation supports configurable

  24. 	// verification behavior, and tendermint uses the ZIP-215 verification

  25. 	// semantics.

  26. 	verifyOptions = &ed25519.Options{
  27. 		Verify: ed25519.VerifyOptionsZIP_215,
  28. 	}
  29. 

  30. 	cachingVerifier = cache.NewVerifier(cache.NewLRUCache(cacheSize))
  31. )
  32. 

  33. const (
  34. 	PrivKeyName = "tendermint/PrivKeyEd25519"
  35. 	PubKeyName  = "tendermint/PubKeyEd25519"
  36. 	// PubKeySize is is the size, in bytes, of public keys as used in this package.

  37. 	PubKeySize = 32
  38. 	// PrivateKeySize is the size, in bytes, of private keys as used in this package.

  39. 	PrivateKeySize = 64
  40. 	// Size of an Edwards25519 signature. Namely the size of a compressed

  41. 	// Edwards25519 point, and a field element. Both of which are 32 bytes.

  42. 	SignatureSize = 64
  43. 	// SeedSize is the size, in bytes, of private key seeds. These are the

  44. 	// private key representations used by RFC 8032.

  45. 	SeedSize = 32
  46. 

  47. 	KeyType = "ed25519"
  48. 

  49. 	// cacheSize is the number of public keys that will be cached in

  50. 	// an expanded format for repeated signature verification.

  51. 	//

  52. 	// TODO/perf: Either this should exclude single verification, or be

  53. 	// tuned to `> validatorSize + maxTxnsPerBlock` to avoid cache

  54. 	// thrashing.

  55. 	cacheSize = 4096
  56. )
  57. 

  58. func init() {
  59. 	tmjson.RegisterType(PubKey{}, PubKeyName)
  60. 	tmjson.RegisterType(PrivKey{}, PrivKeyName)
  61. }
  62. 

  63. // PrivKey implements crypto.PrivKey.

  64. type PrivKey []byte
  65. 

  66. // Bytes returns the privkey byte format.

  67. func (privKey PrivKey) Bytes() []byte {
  68. 	return []byte(privKey)
  69. }
  70. 

  71. // Sign produces a signature on the provided message.

  72. // This assumes the privkey is wellformed in the golang format.

  73. // The first 32 bytes should be random,

  74. // corresponding to the normal ed25519 private key.

  75. // The latter 32 bytes should be the compressed public key.

  76. // If these conditions aren't met, Sign will panic or produce an

  77. // incorrect signature.

  78. func (privKey PrivKey) Sign(msg []byte) ([]byte, error) {
  79. 	signatureBytes := ed25519.Sign(ed25519.PrivateKey(privKey), msg)
  80. 	return signatureBytes, nil
  81. }
  82. 

  83. // PubKey gets the corresponding public key from the private key.

  84. //

  85. // Panics if the private key is not initialized.

  86. func (privKey PrivKey) PubKey() crypto.PubKey {
  87. 	// If the latter 32 bytes of the privkey are all zero, privkey is not

  88. 	// initialized.

  89. 	initialized := false
  90. 	for _, v := range privKey[32:] {
  91. 		if v != 0 {
  92. 			initialized = true
  93. 			break
  94. 		}
  95. 	}
  96. 

  97. 	if !initialized {
  98. 		panic("Expected ed25519 PrivKey to include concatenated pubkey bytes")
  99. 	}
  100. 

  101. 	pubkeyBytes := make([]byte, PubKeySize)
  102. 	copy(pubkeyBytes, privKey[32:])
  103. 	return PubKey(pubkeyBytes)
  104. }
  105. 

  106. // Equals - you probably don't need to use this.

  107. // Runs in constant time based on length of the keys.

  108. func (privKey PrivKey) Equals(other crypto.PrivKey) bool {
  109. 	if otherEd, ok := other.(PrivKey); ok {
  110. 		return subtle.ConstantTimeCompare(privKey[:], otherEd[:]) == 1
  111. 	}
  112. 

  113. 	return false
  114. }
  115. 

  116. func (privKey PrivKey) Type() string {
  117. 	return KeyType
  118. }
  119. 

  120. // GenPrivKey generates a new ed25519 private key.

  121. // It uses OS randomness in conjunction with the current global random seed

  122. // in tendermint/libs/common to generate the private key.

  123. func GenPrivKey() PrivKey {
  124. 	return genPrivKey(crypto.CReader())
  125. }
  126. 

  127. // genPrivKey generates a new ed25519 private key using the provided reader.

  128. func genPrivKey(rand io.Reader) PrivKey {
  129. 	_, priv, err := ed25519.GenerateKey(rand)
  130. 	if err != nil {
  131. 		panic(err)
  132. 	}
  133. 

  134. 	return PrivKey(priv)
  135. }
  136. 

  137. // GenPrivKeyFromSecret hashes the secret with SHA2, and uses

  138. // that 32 byte output to create the private key.

  139. // NOTE: secret should be the output of a KDF like bcrypt,

  140. // if it's derived from user input.

  141. func GenPrivKeyFromSecret(secret []byte) PrivKey {
  142. 	seed := crypto.Sha256(secret) // Not Ripemd160 because we want 32 bytes.

  143. 

  144. 	return PrivKey(ed25519.NewKeyFromSeed(seed))
  145. }
  146. 

  147. //-------------------------------------

  148. 

  149. var _ crypto.PubKey = PubKey{}
  150. 

  151. // PubKeyEd25519 implements crypto.PubKey for the Ed25519 signature scheme.

  152. type PubKey []byte
  153. 

  154. // Address is the SHA256-20 of the raw pubkey bytes.

  155. func (pubKey PubKey) Address() crypto.Address {
  156. 	if len(pubKey) != PubKeySize {
  157. 		panic("pubkey is incorrect size")
  158. 	}
  159. 	return crypto.Address(tmhash.SumTruncated(pubKey))
  160. }
  161. 

  162. // Bytes returns the PubKey byte format.

  163. func (pubKey PubKey) Bytes() []byte {
  164. 	return []byte(pubKey)
  165. }
  166. 

  167. func (pubKey PubKey) VerifySignature(msg []byte, sig []byte) bool {
  168. 	// make sure we use the same algorithm to sign

  169. 	if len(sig) != SignatureSize {
  170. 		return false
  171. 	}
  172. 

  173. 	return cachingVerifier.VerifyWithOptions(ed25519.PublicKey(pubKey), msg, sig, verifyOptions)
  174. }
  175. 

  176. func (pubKey PubKey) String() string {
  177. 	return fmt.Sprintf("PubKeyEd25519{%X}", []byte(pubKey))
  178. }
  179. 

  180. func (pubKey PubKey) Type() string {
  181. 	return KeyType
  182. }
  183. 

  184. func (pubKey PubKey) Equals(other crypto.PubKey) bool {
  185. 	if otherEd, ok := other.(PubKey); ok {
  186. 		return bytes.Equal(pubKey[:], otherEd[:])
  187. 	}
  188. 

  189. 	return false
  190. }
  191. 

  192. var _ crypto.BatchVerifier = &BatchVerifier{}
  193. 

  194. // BatchVerifier implements batch verification for ed25519.

  195. type BatchVerifier struct {
  196. 	*ed25519.BatchVerifier
  197. }
  198. 

  199. func NewBatchVerifier() crypto.BatchVerifier {
  200. 	return &BatchVerifier{ed25519.NewBatchVerifier()}
  201. }
  202. 

  203. func (b *BatchVerifier) Add(key crypto.PubKey, msg, signature []byte) error {
  204. 	pkEd, ok := key.(PubKey)
  205. 	if !ok {
  206. 		return fmt.Errorf("pubkey is not Ed25519")
  207. 	}
  208. 

  209. 	pkBytes := pkEd.Bytes()
  210. 

  211. 	if l := len(pkBytes); l != PubKeySize {
  212. 		return fmt.Errorf("pubkey size is incorrect; expected: %d, got %d", PubKeySize, l)
  213. 	}
  214. 

  215. 	// check that the signature is the correct length

  216. 	if len(signature) != SignatureSize {
  217. 		return errors.New("invalid signature")
  218. 	}
  219. 

  220. 	cachingVerifier.AddWithOptions(b.BatchVerifier, ed25519.PublicKey(pkBytes), msg, signature, verifyOptions)
  221. 

  222. 	return nil
  223. }
  224. 

  225. func (b *BatchVerifier) Verify() (bool, []bool) {
  226. 	return b.BatchVerifier.Verify(crypto.CReader())
  227. }