mirror of
https://github.com/mainflux/mainflux.git
synced 2025-04-29 13:49:28 +08:00
55e09c1921
* Move Things and Users to Clients Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * NOISSUE - Update Add and Delete Policies (#1792) * Remove Policy Action Ranks Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Rebase Issues Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix CI Test Errors Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Adding Check on Subject For Clients Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Remove Check Client Exists Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Check When Sharing Clients Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Only Add User to Group When Sharing Things Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Remove clientType Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Minor Fix on ShareClient and Fix Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Policies Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Clean Up Things Authorization Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Tests on RetrieveAll Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Test ShareThing Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Merge Conflicts Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Remove Adding Policies. Only Use Ownership Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Check If Subject is same as Object Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Move Back To Union As Sometimes Policy is Empty and Fails to Evaluate on Ownership Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Entity Type For Failing Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix BUG in policy evaluation Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Comments Regarding checkAdmin Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Tests On Rebase Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Combine Authorize For Things and Users Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Tests On Rebase Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Error on Things SVC `unsupported protocol scheme` Signed-off-by: rodneyosodo <blackd0t@protonmail.com> --------- Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * Fix Bug on Things Authorization Cache (#1810) Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * Use Password instead of username in MQTT handler Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * Simplify MQTT authorization Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * Fix MQTT tests Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * NOISSUE - Add More Functions to SDK (#1811) * Add More Functions to SDK Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Examples to GoDoc Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Update Unassign Interface Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Pass Subject as ID and Not Token on List Channels By Thing Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Bootstrap Errors For Element Check Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add empty line Before Return Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Reorder URLS in things mux Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Listing Things Policies Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Share Thing Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Examples to CLI Docs Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Update Identity To Update Another User Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Identify an Update Policies on Things Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Update Things Policies Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix GoDocs on Disconnect Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Change Authorize To Use AccessRequest Signed-off-by: rodneyosodo <blackd0t@protonmail.com> --------- Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * For Evaluate Policy Use AccessRequest (#1814) Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * NOISSUE - Add SDK Tests (#1812) * Add Things Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Channel Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Certs Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Consumer Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Enrich Group Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Tests For Health Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Tests For Tokens Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Rename SDK for Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Policies Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Linter Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Make Variable Defination Inline Signed-off-by: rodneyosodo <blackd0t@protonmail.com> --------- Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * NOISSUE - Make Cache Key Duration Configurable (#1815) * Make Cache Key Duration Configurable Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Rename ENV Var Signed-off-by: rodneyosodo <blackd0t@protonmail.com> --------- Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * NOISSUE - Update GoDocs (#1816) * Add GoDocs Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Missing GoDoc Files Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Enable godot Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add License Information Signed-off-by: rodneyosodo <blackd0t@protonmail.com> --------- Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * NOISSUE - Add Call Home Client to Mainflux services (#1751) * Move Things and Users to Clients Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: SammyOina <sammyoina@gmail.com> * collect and send data package Signed-off-by: SammyOina <sammyoina@gmail.com> * create telemetry migrations Signed-off-by: SammyOina <sammyoina@gmail.com> * add telemetry endpoints Signed-off-by: SammyOina <sammyoina@gmail.com> * add transport Signed-off-by: SammyOina <sammyoina@gmail.com> * create service Signed-off-by: SammyOina <sammyoina@gmail.com> * remove homing server Signed-off-by: SammyOina <sammyoina@gmail.com> * add call home to adapters Signed-off-by: SammyOina <sammyoina@gmail.com> * add last seen Signed-off-by: SammyOina <sammyoina@gmail.com> * rename logger Signed-off-by: SammyOina <sammyoina@gmail.com> * remove homing client Signed-off-by: SammyOina <sammyoina@gmail.com> * use unmerged repo Signed-off-by: SammyOina <sammyoina@gmail.com> * use renamed module Signed-off-by: SammyOina <sammyoina@gmail.com> * update call home version Signed-off-by: SammyOina <sammyoina@gmail.com> * edit documentation Signed-off-by: SammyOina <sammyoina@gmail.com> * align table Signed-off-by: SammyOina <sammyoina@gmail.com> * use alias for call home client Signed-off-by: SammyOina <sammyoina@gmail.com> * update callhome Signed-off-by: SammyOina <sammyoina@gmail.com> * update call home pkg Signed-off-by: SammyOina <sammyoina@gmail.com> * update call home Signed-off-by: SammyOina <sammyoina@gmail.com> * fix modules Signed-off-by: SammyOina <sammyoina@gmail.com> * use mf build version Signed-off-by: SammyOina <sammyoina@gmail.com> * use mf build version Signed-off-by: SammyOina <sammyoina@gmail.com> * restore default Signed-off-by: SammyOina <sammyoina@gmail.com> * add call home for users and things Signed-off-by: SammyOina <sammyoina@gmail.com> * enable opting on call home Signed-off-by: SammyOina <sammyoina@gmail.com> * remove full stops Signed-off-by: SammyOina <sammyoina@gmail.com> * update callhome client Signed-off-by: SammyOina <sammyoina@gmail.com> * add call home to all services Signed-off-by: SammyOina <sammyoina@gmail.com> * fix build Signed-off-by: SammyOina <sammyoina@gmail.com> * restore sdk tests Signed-off-by: SammyOina <sammyoina@gmail.com> * remove unnecessary changes Signed-off-by: SammyOina <sammyoina@gmail.com> * restore health_test.go Signed-off-by: SammyOina <sammyoina@gmail.com> --------- Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: SammyOina <sammyoina@gmail.com> Co-authored-by: b1ackd0t <blackd0t@protonmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> --------- Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: SammyOina <sammyoina@gmail.com> Co-authored-by: b1ackd0t <blackd0t@protonmail.com> Co-authored-by: Sammy Kerata Oina <44265300+SammyOina@users.noreply.github.com>
238 lines
8.4 KiB
Go
238 lines
8.4 KiB
Go
// Copyright (c) 2013-2014 The btcsuite developers
|
|
// Copyright (c) 2015-2022 The Decred developers
|
|
// Use of this source code is governed by an ISC
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package secp256k1
|
|
|
|
// References:
|
|
// [SEC1] Elliptic Curve Cryptography
|
|
// https://www.secg.org/sec1-v2.pdf
|
|
//
|
|
// [SEC2] Recommended Elliptic Curve Domain Parameters
|
|
// https://www.secg.org/sec2-v2.pdf
|
|
//
|
|
// [ANSI X9.62-1998] Public Key Cryptography For The Financial Services
|
|
// Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA)
|
|
|
|
import (
|
|
"fmt"
|
|
)
|
|
|
|
const (
|
|
// PubKeyBytesLenCompressed is the number of bytes of a serialized
|
|
// compressed public key.
|
|
PubKeyBytesLenCompressed = 33
|
|
|
|
// PubKeyBytesLenUncompressed is the number of bytes of a serialized
|
|
// uncompressed public key.
|
|
PubKeyBytesLenUncompressed = 65
|
|
|
|
// PubKeyFormatCompressedEven is the identifier prefix byte for a public key
|
|
// whose Y coordinate is even when serialized in the compressed format per
|
|
// section 2.3.4 of [SEC1](https://secg.org/sec1-v2.pdf#subsubsection.2.3.4).
|
|
PubKeyFormatCompressedEven byte = 0x02
|
|
|
|
// PubKeyFormatCompressedOdd is the identifier prefix byte for a public key
|
|
// whose Y coordinate is odd when serialized in the compressed format per
|
|
// section 2.3.4 of [SEC1](https://secg.org/sec1-v2.pdf#subsubsection.2.3.4).
|
|
PubKeyFormatCompressedOdd byte = 0x03
|
|
|
|
// PubKeyFormatUncompressed is the identifier prefix byte for a public key
|
|
// when serialized according in the uncompressed format per section 2.3.3 of
|
|
// [SEC1](https://secg.org/sec1-v2.pdf#subsubsection.2.3.3).
|
|
PubKeyFormatUncompressed byte = 0x04
|
|
|
|
// PubKeyFormatHybridEven is the identifier prefix byte for a public key
|
|
// whose Y coordinate is even when serialized according to the hybrid format
|
|
// per section 4.3.6 of [ANSI X9.62-1998].
|
|
//
|
|
// NOTE: This format makes little sense in practice an therefore this
|
|
// package will not produce public keys serialized in this format. However,
|
|
// it will parse them since they exist in the wild.
|
|
PubKeyFormatHybridEven byte = 0x06
|
|
|
|
// PubKeyFormatHybridOdd is the identifier prefix byte for a public key
|
|
// whose Y coordingate is odd when serialized according to the hybrid format
|
|
// per section 4.3.6 of [ANSI X9.62-1998].
|
|
//
|
|
// NOTE: This format makes little sense in practice an therefore this
|
|
// package will not produce public keys serialized in this format. However,
|
|
// it will parse them since they exist in the wild.
|
|
PubKeyFormatHybridOdd byte = 0x07
|
|
)
|
|
|
|
// PublicKey provides facilities for efficiently working with secp256k1 public
|
|
// keys within this package and includes functions to serialize in both
|
|
// uncompressed and compressed SEC (Standards for Efficient Cryptography)
|
|
// formats.
|
|
type PublicKey struct {
|
|
x FieldVal
|
|
y FieldVal
|
|
}
|
|
|
|
// NewPublicKey instantiates a new public key with the given x and y
|
|
// coordinates.
|
|
//
|
|
// It should be noted that, unlike ParsePubKey, since this accepts arbitrary x
|
|
// and y coordinates, it allows creation of public keys that are not valid
|
|
// points on the secp256k1 curve. The IsOnCurve method of the returned instance
|
|
// can be used to determine validity.
|
|
func NewPublicKey(x, y *FieldVal) *PublicKey {
|
|
var pubKey PublicKey
|
|
pubKey.x.Set(x)
|
|
pubKey.y.Set(y)
|
|
return &pubKey
|
|
}
|
|
|
|
// ParsePubKey parses a secp256k1 public key encoded according to the format
|
|
// specified by ANSI X9.62-1998, which means it is also compatible with the
|
|
// SEC (Standards for Efficient Cryptography) specification which is a subset of
|
|
// the former. In other words, it supports the uncompressed, compressed, and
|
|
// hybrid formats as follows:
|
|
//
|
|
// Compressed:
|
|
//
|
|
// <format byte = 0x02/0x03><32-byte X coordinate>
|
|
//
|
|
// Uncompressed:
|
|
//
|
|
// <format byte = 0x04><32-byte X coordinate><32-byte Y coordinate>
|
|
//
|
|
// Hybrid:
|
|
//
|
|
// <format byte = 0x05/0x06><32-byte X coordinate><32-byte Y coordinate>
|
|
//
|
|
// NOTE: The hybrid format makes little sense in practice an therefore this
|
|
// package will not produce public keys serialized in this format. However,
|
|
// this function will properly parse them since they exist in the wild.
|
|
func ParsePubKey(serialized []byte) (key *PublicKey, err error) {
|
|
var x, y FieldVal
|
|
switch len(serialized) {
|
|
case PubKeyBytesLenUncompressed:
|
|
// Reject unsupported public key formats for the given length.
|
|
format := serialized[0]
|
|
switch format {
|
|
case PubKeyFormatUncompressed:
|
|
case PubKeyFormatHybridEven, PubKeyFormatHybridOdd:
|
|
default:
|
|
str := fmt.Sprintf("invalid public key: unsupported format: %x",
|
|
format)
|
|
return nil, makeError(ErrPubKeyInvalidFormat, str)
|
|
}
|
|
|
|
// Parse the x and y coordinates while ensuring that they are in the
|
|
// allowed range.
|
|
if overflow := x.SetByteSlice(serialized[1:33]); overflow {
|
|
str := "invalid public key: x >= field prime"
|
|
return nil, makeError(ErrPubKeyXTooBig, str)
|
|
}
|
|
if overflow := y.SetByteSlice(serialized[33:]); overflow {
|
|
str := "invalid public key: y >= field prime"
|
|
return nil, makeError(ErrPubKeyYTooBig, str)
|
|
}
|
|
|
|
// Ensure the oddness of the y coordinate matches the specified format
|
|
// for hybrid public keys.
|
|
if format == PubKeyFormatHybridEven || format == PubKeyFormatHybridOdd {
|
|
wantOddY := format == PubKeyFormatHybridOdd
|
|
if y.IsOdd() != wantOddY {
|
|
str := fmt.Sprintf("invalid public key: y oddness does not "+
|
|
"match specified value of %v", wantOddY)
|
|
return nil, makeError(ErrPubKeyMismatchedOddness, str)
|
|
}
|
|
}
|
|
|
|
// Reject public keys that are not on the secp256k1 curve.
|
|
if !isOnCurve(&x, &y) {
|
|
str := fmt.Sprintf("invalid public key: [%v,%v] not on secp256k1 "+
|
|
"curve", x, y)
|
|
return nil, makeError(ErrPubKeyNotOnCurve, str)
|
|
}
|
|
|
|
case PubKeyBytesLenCompressed:
|
|
// Reject unsupported public key formats for the given length.
|
|
format := serialized[0]
|
|
switch format {
|
|
case PubKeyFormatCompressedEven, PubKeyFormatCompressedOdd:
|
|
default:
|
|
str := fmt.Sprintf("invalid public key: unsupported format: %x",
|
|
format)
|
|
return nil, makeError(ErrPubKeyInvalidFormat, str)
|
|
}
|
|
|
|
// Parse the x coordinate while ensuring that it is in the allowed
|
|
// range.
|
|
if overflow := x.SetByteSlice(serialized[1:33]); overflow {
|
|
str := "invalid public key: x >= field prime"
|
|
return nil, makeError(ErrPubKeyXTooBig, str)
|
|
}
|
|
|
|
// Attempt to calculate the y coordinate for the given x coordinate such
|
|
// that the result pair is a point on the secp256k1 curve and the
|
|
// solution with desired oddness is chosen.
|
|
wantOddY := format == PubKeyFormatCompressedOdd
|
|
if !DecompressY(&x, wantOddY, &y) {
|
|
str := fmt.Sprintf("invalid public key: x coordinate %v is not on "+
|
|
"the secp256k1 curve", x)
|
|
return nil, makeError(ErrPubKeyNotOnCurve, str)
|
|
}
|
|
y.Normalize()
|
|
|
|
default:
|
|
str := fmt.Sprintf("malformed public key: invalid length: %d",
|
|
len(serialized))
|
|
return nil, makeError(ErrPubKeyInvalidLen, str)
|
|
}
|
|
|
|
return NewPublicKey(&x, &y), nil
|
|
}
|
|
|
|
// SerializeUncompressed serializes a public key in the 65-byte uncompressed
|
|
// format.
|
|
func (p PublicKey) SerializeUncompressed() []byte {
|
|
// 0x04 || 32-byte x coordinate || 32-byte y coordinate
|
|
var b [PubKeyBytesLenUncompressed]byte
|
|
b[0] = PubKeyFormatUncompressed
|
|
p.x.PutBytesUnchecked(b[1:33])
|
|
p.y.PutBytesUnchecked(b[33:65])
|
|
return b[:]
|
|
}
|
|
|
|
// SerializeCompressed serializes a public key in the 33-byte compressed format.
|
|
func (p PublicKey) SerializeCompressed() []byte {
|
|
// Choose the format byte depending on the oddness of the Y coordinate.
|
|
format := PubKeyFormatCompressedEven
|
|
if p.y.IsOdd() {
|
|
format = PubKeyFormatCompressedOdd
|
|
}
|
|
|
|
// 0x02 or 0x03 || 32-byte x coordinate
|
|
var b [PubKeyBytesLenCompressed]byte
|
|
b[0] = format
|
|
p.x.PutBytesUnchecked(b[1:33])
|
|
return b[:]
|
|
}
|
|
|
|
// IsEqual compares this public key instance to the one passed, returning true
|
|
// if both public keys are equivalent. A public key is equivalent to another,
|
|
// if they both have the same X and Y coordinates.
|
|
func (p *PublicKey) IsEqual(otherPubKey *PublicKey) bool {
|
|
return p.x.Equals(&otherPubKey.x) && p.y.Equals(&otherPubKey.y)
|
|
}
|
|
|
|
// AsJacobian converts the public key into a Jacobian point with Z=1 and stores
|
|
// the result in the provided result param. This allows the public key to be
|
|
// treated a Jacobian point in the secp256k1 group in calculations.
|
|
func (p *PublicKey) AsJacobian(result *JacobianPoint) {
|
|
result.X.Set(&p.x)
|
|
result.Y.Set(&p.y)
|
|
result.Z.SetInt(1)
|
|
}
|
|
|
|
// IsOnCurve returns whether or not the public key represents a point on the
|
|
// secp256k1 curve.
|
|
func (p *PublicKey) IsOnCurve() bool {
|
|
return isOnCurve(&p.x, &p.y)
|
|
}
|