Darc ECDSA

calypso/api_test.go

@@ -2,11 +2,11 @@ package calypso
 
 import (
 	"encoding/binary"
-	"go.dedis.ch/kyber/v3/util/key"
 	"testing"
 	"time"
 
 	"go.dedis.ch/kyber/v3/sign/schnorr"
+	"go.dedis.ch/kyber/v3/util/key"
 
 	"github.com/stretchr/testify/require"
 	"go.dedis.ch/cothority/v3"
@@ -167,7 +167,6 @@ func TestClient_Calypso(t *testing.T) {
 	_, err = calypsoClient.SpawnDarc(admin, adminCt, gDarc, *darc2, 10)
 	adminCt++
 	require.NoError(t, err)
-
 	//Create a secret key
 	key1 := []byte("secret key 1")
 	//Create a Write instance

calypso/contracts.go

@@ -8,6 +8,7 @@ import (
 	"go.dedis.ch/cothority/v3"
 	"go.dedis.ch/cothority/v3/byzcoin"
 	"go.dedis.ch/cothority/v3/darc"
+	"go.dedis.ch/kyber/v3"
 	"go.dedis.ch/onet/v3"
 	"go.dedis.ch/onet/v3/log"
 	"go.dedis.ch/onet/v3/network"

calypso/protocol/ocs_test.go

@@ -252,7 +252,7 @@ func DecodeKey(suite kyber.Group, X kyber.Point, Cs []kyber.Point, XhatEnc kyber
 		}
 		key = append(key, keyPart...)
 	}
-	return
+	return 
 }
 
 // starts a new service. No function needed.

calypso/struct.go

@@ -6,6 +6,8 @@ import (
 	"crypto/rand"
 	"crypto/sha256"
 	"fmt"
+	"io"
+
 	"go.dedis.ch/cothority/v3"
 	"go.dedis.ch/cothority/v3/byzcoin"
 	"go.dedis.ch/cothority/v3/darc"
@@ -15,7 +17,6 @@ import (
 	"go.dedis.ch/kyber/v3/xof/keccak"
 	"go.dedis.ch/onet/v3/network"
 	"golang.org/x/xerrors"
-	"io"
 )
 
 func init() {

darc/darc.go

@@ -33,6 +33,7 @@ package darc
 import (
 	"bytes"
 	"crypto/ecdsa"
+	"crypto/elliptic"
 	"crypto/sha256"
 	"crypto/sha512"
 	"crypto/x509"
@@ -773,6 +774,8 @@ func (s Signer) Type() int {
 		return 3
 	case s.EvmContract != nil:
 		return 4
+	case s.ECDSA != nil:
+		return 5
 	default:
 		return -1
 	}
@@ -790,6 +793,8 @@ func (s Signer) Identity() Identity {
 		return NewIdentityProxy(s.Proxy)
 	case 4:
 		return NewIdentityEvmContract(s.EvmContract)
+	case 5:
+		return NewIdentityECDSA(s.ECDSA.PublicKey)
 	default:
 		return Identity{}
 	}
@@ -863,6 +868,8 @@ func (id Identity) Type() int {
 		return 3
 	case id.EvmContract != nil:
 		return 4
+	case id.ECDSA != nil:
+		return 5
 	}
 	return -1
 }
@@ -937,6 +944,8 @@ func (id Identity) Verify(msg, sig []byte) error {
 		return id.Proxy.Verify(msg, sig)
 	case 4:
 		return id.EvmContract.Verify(msg, sig)
+	case 5:
+		return id.ECDSA.Verify(msg, sig)
 	default:
 		return errors.New("unknown identity")
 	}
@@ -964,6 +973,10 @@ func (id Identity) GetPublicBytes() []byte {
 		return buf
 	case 4:
 		return id.EvmContract.Address[:]
+	case 5:
+		buf := elliptic.Marshal(id.ECDSA.PublicKey.Curve, id.ECDSA.PublicKey.X, id.ECDSA.PublicKey.Y)
+		//TODO: add error check here?
+		return buf
 	default:
 		return nil
 	}
@@ -1012,6 +1025,25 @@ func NewIdentityX509EC(public []byte) Identity {
 	}
 }
 
+// NewIdentityECDSA creates a new ECDSA identity struct given a public key
+func NewIdentityECDSA(publicKey ecdsa.PublicKey) Identity {
+	return Identity{
+		ECDSA: &IdentityECDSA{
+			PublicKey: publicKey,
+		},
+	}
+}
+
+//TODO make calls to tsm  available
+func (ide IdentityECDSA) Verify(msg []byte, sig []byte) error {
+	hashMsg := sha256.Sum256(msg)
+	valid := ecdsa.VerifyASN1(&ide.PublicKey, hashMsg[:], sig)
+	if !valid {
+		return errors.New("Signature failed to verify")
+	}
+	return nil
+}
+
 // NewIdentityProxy creates a new OpenID Connect identity struct.
 func NewIdentityProxy(s *SignerProxy) Identity {
 	return Identity{
@@ -1120,6 +1152,8 @@ func ParseIdentity(in string) (Identity, error) {
 		return parseIDProxy(fields[1])
 	case "evm_contract":
 		return parseIDEvmContract(fields[1])
+	case "secp256k1":
+		return parseIDECDSA(fields[1])
 	default:
 		return Identity{}, fmt.Errorf("unknown identity type %v", fields[0])
 	}
@@ -1142,6 +1176,25 @@ func parseIDX509ec(in string) (Identity, error) {
 	return Identity{X509EC: &IdentityX509EC{Public: id}}, nil
 }
 
+//necessary function, needs to be refactored only supports elliptic.P256 curve
+//needs to be tested Unmarshal might not work
+func parseIDECDSA(in string) (Identity, error) {
+	id := make([]byte, hex.DecodedLen(len(in)))
+	_, err := hex.Decode(id, []byte(in))
+
+	x, y := elliptic.Unmarshal(elliptic.P256(), id)
+
+	pubkey := ecdsa.PublicKey{
+		Curve: elliptic.P256(),
+		X:     x,
+		Y:     y,
+	}
+	if err != nil {
+		return Identity{}, err
+	}
+	return Identity{ECDSA: &IdentityECDSA{PublicKey: pubkey}}, nil
+}
+
 func parseIDDarc(in string) (Identity, error) {
 	id := make([]byte, hex.DecodedLen(len(in)))
 	_, err := hex.Decode(id, []byte(in))
@@ -1447,6 +1500,22 @@ func (kcs SignerX509EC) Sign(msg []byte) ([]byte, error) {
 	return nil, errors.New("not yet implemented")
 }
 
+// new signer creates a signer only with a public key used to verify signatures
+func NewSignerECDSA(public ecdsa.PublicKey) Signer {
+	if public.X == nil {
+		return Signer{}
+	}
+	return Signer{ECDSA: &SignerECDSA{
+		PublicKey: public,
+	}}
+}
+
+//TODO
+func (kcs SignerECDSA) Sign(msg []byte) ([]byte, error) {
+	//call tsm to sign
+	return nil, errors.New("not yet implemented")
+}
+
 // NewSignerProxy creates a new SignerProxy. When Sign is called, the getSignature
 // callback will be called, so that the caller can use the appropriate mechanism
 // to retrieve and/or construct the signature.

darc/darc_test.go

@@ -1,8 +1,12 @@
 package darc
 
 import (
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"encoding/hex"
 	"errors"
 	"fmt"
+	"math/big"
 	"net/url"
 	"strings"
 	"testing"
@@ -750,17 +754,25 @@ func TestParseIdentity(t *testing.T) {
 }
 
 // Test any identity
-func testIdentity(t *testing.T, sig Signer) {
-	msg := []byte("something secret")
-	signed, err := sig.Sign(msg)
-	require.NoError(t, err)
+func testIdentity(t *testing.T, id Identity) {
+	msg := []byte(`Hello World`)
+
+	//Signature from code example go-tsm-sdk corresponding to ecdsa public key example
+	signed, _ := hex.DecodeString("304402204f0b20a44efacec7b0514683233a79552026fe80e468078f6fed6cfe3f3e8a0402201eb12db7f6fe0828cafe8b0a032a37ff377b342799cfe77cfbac40c8ec1fa9e8")
 
-	id := sig.Identity()
 	require.NoError(t, id.Verify(msg, signed))
 	require.Error(t, id.Verify([]byte("wrong message"), signed))
 }
 
 // Test the different identities available - currently only Ed25519.
 func TestIdentities(t *testing.T) {
-	testIdentity(t, NewSignerEd25519(nil, nil))
+	//Ecdsa public key example
+	var x, _ = new(big.Int).SetString("25613385885653880697990944418179706546134037329992108968315147853972798913688", 10)
+	var y, _ = new(big.Int).SetString("74946767262888349555270609195205284686604880870734462312238891495596941025713", 10)
+	pk := ecdsa.PublicKey{
+		Curve: elliptic.P256(),
+		X:     x,
+		Y:     y,
+	}
+	testIdentity(t, NewIdentityECDSA(pk))
 }

darc/proto.go

@@ -1,6 +1,8 @@
 package darc
 
 import (
+	"crypto/ecdsa"
+
 	"go.dedis.ch/cothority/v3/darc/expression"
 	"go.dedis.ch/kyber/v3"
 	"go.dedis.ch/onet/v3/network"
@@ -71,13 +73,20 @@ type Identity struct {
 	EvmContract *IdentityEvmContract
 	// A claim signed by one of the keys in a DID Doc
 	DID *IdentityDID
+	// Publik-key identity from an ECDSA key
+	ECDSA *IdentityECDSA
 }
 
 // IdentityEd25519 holds a Ed25519 public key (Point)
 type IdentityEd25519 struct {
 	Point kyber.Point
 }
 
+// IdentityECDSA holds a secp256k1 key (array of bytes)
+type IdentityECDSA struct {
+	PublicKey ecdsa.PublicKey
+}
+
 // IdentityX509EC holds a public key from a X509EC
 type IdentityX509EC struct {
 	Public []byte
@@ -159,6 +168,7 @@ type Signer struct {
 	Proxy       *SignerProxy
 	EvmContract *SignerEvmContract
 	DID         *SignerDID
+	ECDSA       *SignerECDSA
 }
 
 // SignerEd25519 holds a public and private keys necessary to sign Darcs
@@ -174,6 +184,13 @@ type SignerX509EC struct {
 	secret []byte
 }
 
+// SignerECDSA holds a public and private keys necessary to sign Darcs,
+// but the private key will not be given out.
+type SignerECDSA struct {
+	PublicKey  ecdsa.PublicKey
+	PrivateKey ecdsa.PrivateKey
+}
+
 // SignerProxy holds the information necessary to verify claims
 // coming from external authentication systems via Authentication Proxies.
 type SignerProxy struct {