ETCM-167: Testing the SigAlg methods.

Author: aakoshh

src/main/scala/io/iohk/ethereum/crypto/ECDSASignature.scala

@@ -15,8 +15,11 @@ object ECDSASignature {
   val RLength = 32
   val VLength = 1
   val EncodedLength: Int = RLength + SLength + VLength
+
   //byte value that indicates that bytes representing ECC point are in uncompressed format, and should be decoded properly
-  val uncompressedIndicator: Byte = 0x04
+  val UncompressedIndicator: Byte = 0x04
+  val CompressedEvenIndicator: Byte = 0x02
+  val CompressedOddIndicator: Byte = 0x03
 
   //only naming convention
   val negativePointSign: Byte = 27
@@ -158,7 +161,7 @@ case class ECDSASignature(r: BigInt, s: BigInt, v: Byte) {
     import ECDSASignature.RLength
 
     def bigInt2Bytes(b: BigInt) =
-      ByteUtils.padLeft(ByteString(b.toByteArray).takeRight(RLength), RLength, 0)
+      ByteString(ByteUtils.bigIntToBytes(b, RLength))
 
     bigInt2Bytes(r) ++ bigInt2Bytes(s) :+ v
   }

src/main/scala/io/iohk/ethereum/crypto/package.scala

@@ -4,6 +4,7 @@ import java.nio.charset.StandardCharsets
 import java.security.SecureRandom
 
 import akka.util.ByteString
+import io.iohk.ethereum.utils.ByteUtils
 import org.bouncycastle.asn1.sec.SECNamedCurves
 import org.bouncycastle.asn1.x9.X9ECParameters
 import org.bouncycastle.crypto.AsymmetricCipherKeyPair
@@ -62,9 +63,11 @@ package object crypto {
     bytes
   }
 
-  /** @return (privateKey, publicKey) pair */
+  /** @return (privateKey, publicKey) pair.
+    * The public key will be uncompressed and have its prefix dropped.
+    */
   def keyPairToByteArrays(keyPair: AsymmetricCipherKeyPair): (Array[Byte], Array[Byte]) = {
-    val prvKey = keyPair.getPrivate.asInstanceOf[ECPrivateKeyParameters].getD.toByteArray
+    val prvKey = ByteUtils.bigIntegerToBytes(keyPair.getPrivate.asInstanceOf[ECPrivateKeyParameters].getD, 32)
     val pubKey = keyPair.getPublic.asInstanceOf[ECPublicKeyParameters].getQ.getEncoded(false).tail
     (prvKey, pubKey)
   }

src/main/scala/io/iohk/ethereum/network/discovery/crypto/Secp256k1SigAlg.scala

@@ -0,0 +1,132 @@
+package io.iohk.ethereum.network.discovery.crypto
+
+import io.iohk.ethereum.crypto
+import io.iohk.ethereum.crypto.ECDSASignature
+import io.iohk.ethereum.nodebuilder.SecureRandomBuilder
+import io.iohk.scalanet.discovery.crypto.{SigAlg, PublicKey, PrivateKey, Signature}
+import scodec.bits.BitVector
+import scodec.Attempt
+import scodec.bits.BitVector
+import akka.util.ByteString
+
+object Secp256k1SigAlg extends SigAlg with SecureRandomBuilder {
+  override val name = "secp256k1"
+
+  override val PrivateKeyBytesSize = 32
+
+  // A Secp256k1 public key is 32 bytes compressed or 64 bytes uncompressed,
+  // with a 1 byte prefix showing which version it is.
+  // See https://davidederosa.com/basic-blockchain-programming/elliptic-curve-keys
+  //
+  // However in the discovery v4 protocol the prefix is omitted.
+  override val PublicKeyBytesSize = 64
+
+  // A normal Secp256k1 signature consists of 2 bigints `r` and `s` followed by a recovery ID `v`,
+  // but it can be just 64 bytes if that's omitted, like in the ENR.
+  override val SignatureBytesSize = 65
+
+  val SignatureWithoutRecoveryBytesSize = 64
+  val PublicKeyCompressedBytesSize = 33
+
+  override def newKeyPair: (PublicKey, PrivateKey) = {
+    val keyPair = crypto.generateKeyPair(secureRandom)
+    val (privateKeyBytes, publicKeyBytes) = crypto.keyPairToByteArrays(keyPair)
+
+    val publicKey = toPublicKey(publicKeyBytes)
+    val privateKey = toPrivateKey(privateKeyBytes)
+
+    publicKey -> privateKey
+  }
+
+  override def sign(privateKey: PrivateKey, data: BitVector): Signature = {
+    val keyPair = crypto.keyPairFromPrvKey(privateKey.toByteArray)
+    val sig = ECDSASignature.sign(data.toByteArray, keyPair)
+    toSignature(sig)
+  }
+
+  // ENR wants the signature without recovery ID, just 64 bytes.
+  // The Packet on the other hand has the full 65 bytes.
+  override def removeRecoveryId(signature: Signature): Signature = {
+    signature.size / 8 match {
+      case SignatureBytesSize =>
+        Signature(signature.dropRight(8))
+      case SignatureWithoutRecoveryBytesSize =>
+        signature
+      case other =>
+        throw new IllegalArgumentException(s"Unexpected signature size: $other bytes")
+    }
+  }
+
+  override def compressPublicKey(publicKey: PublicKey): PublicKey = {
+    publicKey.size / 8 match {
+      case PublicKeyBytesSize =>
+        // This is a public key without the prefix, it consists of an x and y bigint.
+        // To compress we drop y, and the first byte becomes 02 for even values of y and 03 for odd values.
+        val (xbs, ybs) = publicKey.splitAt(publicKey.length / 2)
+        val y = BigInt(1, ybs.toByteArray)
+        val prefix: Byte =
+          if (y.mod(2) == 0) ECDSASignature.CompressedEvenIndicator
+          else ECDSASignature.CompressedOddIndicator
+        val compressed = PublicKey(BitVector(prefix) ++ xbs)
+        assert(compressed.size == PublicKeyCompressedBytesSize * 8)
+        compressed
+
+      case PublicKeyCompressedBytesSize =>
+        publicKey
+
+      case other =>
+        throw new IllegalArgumentException(s"Unexpected public key size: $other bytes")
+    }
+  }
+
+  override def verify(publicKey: PublicKey, signature: Signature, data: BitVector): Boolean = ???
+
+  override def recoverPublicKey(signature: Signature, data: BitVector): Attempt[PublicKey] = ???
+
+  override def toPublicKey(privateKey: PrivateKey): PublicKey = {
+    val publicKeyBytes = crypto.pubKeyFromPrvKey(privateKey.toByteArray)
+    toPublicKey(publicKeyBytes)
+  }
+
+  private def toPublicKey(publicKeyBytes: Array[Byte]): PublicKey = {
+    // Discovery uses 64 byte keys, without the prefix.
+    val publicKey = PublicKey(BitVector(publicKeyBytes))
+    assert(publicKey.size == PublicKeyBytesSize * 8, s"Unexpected public key size: ${publicKey.size / 8} bytes")
+    publicKey
+  }
+
+  private def toPrivateKey(privateKeyBytes: Array[Byte]): PrivateKey = {
+    val privateKey = PrivateKey(BitVector(privateKeyBytes))
+    assert(privateKey.size == PrivateKeyBytesSize * 8, s"Unexpected private key size: ${privateKey.size / 8} bytes")
+    privateKey
+  }
+
+  private def toSignature(sig: ECDSASignature): Signature = {
+    val signatureBytes = sig.toBytes.toArray[Byte]
+    assert(signatureBytes.size == SignatureBytesSize)
+
+    // Apparently the `v` has to adjusted by 27.
+    val adjusted = signatureBytes.take(SignatureBytesSize - 1) :+ (signatureBytes.last - 27).toByte
+
+    Signature(BitVector(adjusted))
+  }
+
+  private def toECDSASignature(signature: Signature): ECDSASignature = {
+    signature.size / 8 match {
+      case SignatureBytesSize =>
+        // Undo the adjustment of `v`.
+        val signatureBytes = signature.toByteArray
+        val unadjusted = signatureBytes.take(SignatureBytesSize - 1) :+ (signatureBytes.last + 27).toByte
+
+        ECDSASignature.fromBytes(ByteString(unadjusted)) getOrElse {
+          throw new IllegalArgumentException(s"Could not convert to ECDSA signature.")
+        }
+
+      case SignatureWithoutRecoveryBytesSize =>
+        ???
+
+      case other =>
+        throw new IllegalArgumentException(s"Unexpected signature size: $other bytes")
+    }
+  }
+}

src/main/scala/io/iohk/ethereum/network/package.scala

@@ -3,7 +3,6 @@ package io.iohk.ethereum
 import java.io.{File, PrintWriter}
 import java.net.{Inet6Address, InetAddress}
 import java.security.SecureRandom
-
 import io.iohk.ethereum.crypto._
 import org.bouncycastle.crypto.AsymmetricCipherKeyPair
 import org.bouncycastle.crypto.params.ECPublicKeyParameters
@@ -26,7 +25,7 @@ package object network {
   }
 
   def publicKeyFromNodeId(nodeId: String): ECPoint = {
-    val bytes = ECDSASignature.uncompressedIndicator +: Hex.decode(nodeId)
+    val bytes = ECDSASignature.UncompressedIndicator +: Hex.decode(nodeId)
     curve.getCurve.decodePoint(bytes)
   }
 

src/main/scala/io/iohk/ethereum/network/rlpx/AuthHandshaker.scala

@@ -161,7 +161,7 @@ case class AuthHandshaker(
 
     val signaturePubBytes = signature.publicKey(signed).get
 
-    curve.getCurve.decodePoint(ECDSASignature.uncompressedIndicator +: signaturePubBytes)
+    curve.getCurve.decodePoint(ECDSASignature.UncompressedIndicator +: signaturePubBytes)
   }
 
   private def createAuthInitiateMessageV4(remotePubKey: ECPoint) = {

src/main/scala/io/iohk/ethereum/network/rlpx/AuthInitiateMessage.scala

@@ -21,7 +21,7 @@ object AuthInitiateMessage extends AuthInitiateEcdsaCodec {
       signature = decodeECDSA(input.take(ECDSASignature.EncodedLength)),
       ephemeralPublicHash = ByteString(input.slice(ECDSASignature.EncodedLength, publicKeyIndex)),
       publicKey =
-        curve.getCurve.decodePoint(ECDSASignature.uncompressedIndicator +: input.slice(publicKeyIndex, nonceIndex)),
+        curve.getCurve.decodePoint(ECDSASignature.UncompressedIndicator +: input.slice(publicKeyIndex, nonceIndex)),
       nonce = ByteString(input.slice(nonceIndex, knownPeerIndex)),
       knownPeer = input(knownPeerIndex) == 1
     )

src/main/scala/io/iohk/ethereum/network/rlpx/AuthInitiateMessageV4.scala

@@ -22,7 +22,7 @@ object AuthInitiateMessageV4 extends AuthInitiateEcdsaCodec {
       case RLPList(signatureBytes, publicKeyBytes, nonce, version, _*) =>
         val signature = decodeECDSA(signatureBytes)
         val publicKey =
-          curve.getCurve.decodePoint(ECDSASignature.uncompressedIndicator +: (publicKeyBytes: Array[Byte]))
+          curve.getCurve.decodePoint(ECDSASignature.UncompressedIndicator +: (publicKeyBytes: Array[Byte]))
         AuthInitiateMessageV4(signature, publicKey, ByteString(nonce: Array[Byte]), version)
       case _ => throw new RuntimeException("Cannot decode auth initiate message")
     }

src/main/scala/io/iohk/ethereum/network/rlpx/AuthResponseMessage.scala

@@ -15,7 +15,7 @@ object AuthResponseMessage {
   def decode(input: Array[Byte]): AuthResponseMessage = {
     AuthResponseMessage(
       ephemeralPublicKey =
-        curve.getCurve.decodePoint(ECDSASignature.uncompressedIndicator +: input.take(PublicKeyLength)),
+        curve.getCurve.decodePoint(ECDSASignature.UncompressedIndicator +: input.take(PublicKeyLength)),
       nonce = ByteString(input.slice(PublicKeyLength, PublicKeyLength + NonceLength)),
       knownPeer = input(PublicKeyLength + NonceLength) == 1
     )

src/main/scala/io/iohk/ethereum/network/rlpx/AuthResponseMessageV4.scala

@@ -19,7 +19,7 @@ object AuthResponseMessageV4 {
     override def decode(rlp: RLPEncodeable): AuthResponseMessageV4 = rlp match {
       case RLPList(ephemeralPublicKeyBytes, nonce, version, _*) =>
         val ephemeralPublicKey =
-          curve.getCurve.decodePoint(ECDSASignature.uncompressedIndicator +: (ephemeralPublicKeyBytes: Array[Byte]))
+          curve.getCurve.decodePoint(ECDSASignature.UncompressedIndicator +: (ephemeralPublicKeyBytes: Array[Byte]))
         AuthResponseMessageV4(ephemeralPublicKey, ByteString(nonce: Array[Byte]), version)
       case _ => throw new RuntimeException("Cannot decode auth response message")
     }

src/main/scala/io/iohk/ethereum/rlp/RLP.scala

@@ -175,7 +175,7 @@ private[rlp] object RLP {
       case 3 => ((bytes(0) & 0xff) << 16) + ((bytes(1) & 0xff) << 8) + (bytes(2) & 0xff)
       case Integer.BYTES =>
         ((bytes(0) & 0xff) << 24) + ((bytes(1) & 0xff) << 16) + ((bytes(2) & 0xff) << 8) + (bytes(3) & 0xff)
-      case _ => throw new RLPException("Bytes don't represent an int")
+      case _ => throw RLPException("Bytes don't represent an int")
     }
   }
 
@@ -197,7 +197,7 @@ private[rlp] object RLP {
       val binaryLength: Array[Byte] = intToBytesNoLeadZeroes(length)
       (binaryLength.length + offset + SizeThreshold - 1).toByte +: binaryLength
     } else if (length < MaxItemLength && length <= 0xff) Array((1 + offset + SizeThreshold - 1).toByte, length.toByte)
-    else throw new RLPException("Input too long")
+    else throw RLPException("Input too long")
   }
 
   /**
@@ -209,7 +209,7 @@ private[rlp] object RLP {
     * @see [[io.iohk.ethereum.rlp.ItemBounds]]
     */
   private[rlp] def getItemBounds(data: Array[Byte], pos: Int): ItemBounds = {
-    if (data.isEmpty) throw new RLPException("Empty Data")
+    if (data.isEmpty) throw RLPException("Empty Data")
     else {
       val prefix: Int = data(pos) & 0xff
       if (prefix == OffsetShortItem) {
@@ -239,7 +239,7 @@ private[rlp] object RLP {
   }
 
   private def decodeWithPos(data: Array[Byte], pos: Int): (RLPEncodeable, Int) =
-    if (data.isEmpty) throw new RLPException("data is too short")
+    if (data.isEmpty) throw RLPException("data is too short")
     else {
       getItemBounds(data, pos) match {
         case ItemBounds(start, end, false, isEmpty) =>

src/main/scala/io/iohk/ethereum/utils/ByteUtils.scala

@@ -34,6 +34,9 @@ object ByteUtils {
     bytes
   }
 
+  def bigIntToBytes(b: BigInt, numBytes: Int): Array[Byte] =
+    bigIntegerToBytes(b.bigInteger, numBytes)
+
   def toBigInt(bytes: ByteString): BigInt =
     bytes.foldLeft(BigInt(0)) { (n, b) => (n << 8) + (b & 0xff) }
 

src/test/scala/io/iohk/ethereum/crypto/ECDSASignatureSpec.scala

@@ -45,7 +45,7 @@ class ECDSASignatureSpec extends AnyFlatSpec with Matchers with ScalaCheckProper
         val recPubKey = signature.publicKey(msg)
 
         val result = recPubKey
-          .map(a => ECDSASignature.uncompressedIndicator +: a)
+          .map(a => ECDSASignature.UncompressedIndicator +: a)
           .map(curve.getCurve.decodePoint)
           .map(_.getEncoded(true))
           .map(ByteString(_))

src/test/scala/io/iohk/ethereum/network/discovery/codecs/RLPCodecsSpec.scala

@@ -1,6 +1,6 @@
 package io.iohk.ethereum.network.discovery.codecs
 
-import org.scalatest.matchers.should.Matchers._
+import org.scalatest.matchers.should.Matchers
 import org.scalatest.flatspec.AnyFlatSpec
 import io.iohk.scalanet.discovery.ethereum.Node
 import io.iohk.scalanet.discovery.ethereum.v4.{Packet, Payload}
@@ -13,7 +13,7 @@ import io.iohk.ethereum.rlp.RLPValue
 import io.iohk.ethereum.rlp.RLPDecoder
 import org.scalatest.compatible.Assertion
 
-class RLPCodecsSpec extends AnyFlatSpec {
+class RLPCodecsSpec extends AnyFlatSpec with Matchers {
 
   import RLPCodecs._
 

src/test/scala/io/iohk/ethereum/network/discovery/crypto/Secp256k1SigAlgSpec.scala

@@ -0,0 +1,52 @@
+package io.iohk.ethereum.network.discovery.crypto
+
+import org.scalatest.flatspec.AnyFlatSpec
+import org.scalatest.matchers.should.Matchers
+import scodec.bits.BitVector
+import scala.util.Random
+import io.iohk.ethereum.crypto
+import io.iohk.ethereum.nodebuilder.SecureRandomBuilder
+
+class Secp256k1SigAlgSpec extends AnyFlatSpec with Matchers with SecureRandomBuilder {
+  behavior of "Secp256k1SigAlg"
+
+  def randomData: BitVector = {
+    val size = Random.nextInt(1000)
+    val bytes = Array.ofDim[Byte](size)
+    Random.nextBytes(bytes)
+    BitVector(bytes)
+  }
+
+  it should "generate new keypairs" in {
+    val (publicKey, privateKey) = Secp256k1SigAlg.newKeyPair
+    publicKey.toByteVector should have size 64
+    privateKey.toByteVector should have size 32
+  }
+
+  it should "compress a public key" in {
+    val (publicKey, _) = Secp256k1SigAlg.newKeyPair
+    val compressedPublicKey = Secp256k1SigAlg.compressPublicKey(publicKey)
+    compressedPublicKey.toByteVector should have size 33
+
+    Secp256k1SigAlg.compressPublicKey(compressedPublicKey) shouldBe compressedPublicKey
+  }
+
+  it should "turn a private key into a public key" in {
+    val (publicKey, privateKey) = Secp256k1SigAlg.newKeyPair
+    Secp256k1SigAlg.toPublicKey(privateKey) shouldBe publicKey
+  }
+
+  it should "sign some data" in {
+    val (_, privateKey) = Secp256k1SigAlg.newKeyPair
+    val data = randomData
+    val signature = Secp256k1SigAlg.sign(privateKey, data)
+
+    signature.toByteVector should have size 65
+  }
+
+  it should "sign some data with ECDSA" in {
+    val keyPair = crypto.generateKeyPair(secureRandom)
+    val data = randomData
+    val signature = crypto.ECDSASignature.sign(data.toByteArray, keyPair)
+  }
+}