From d29d7f9c3e8d6b6c14161af210e8aa1fa85bf36f Mon Sep 17 00:00:00 2001 From: fyrchik Date: Mon, 15 Aug 2022 14:49:39 +0300 Subject: [PATCH] Fix tests on go1.19 (#16) * [#15] ecdsa: Fix signature marshaling with go1.19 Signed-off-by: Evgenii Stratonikov * [#15] go.mod: Update go version to 1.16 Signed-off-by: Evgenii Stratonikov * [#15] go.mod: Drop `pkg/errors` dependency Signed-off-by: Evgenii Stratonikov * [#15] *: Perform `goimports -w` Signed-off-by: Evgenii Stratonikov Signed-off-by: Evgenii Stratonikov Co-authored-by: Evgenii Stratonikov --- ecdsa.go | 45 ++++++++++++++++++++---- ecdsa_go1.15.go | 34 ------------------ ecdsa_older_go.go | 79 ------------------------------------------ ecdsa_older_go_test.go | 28 --------------- ecdsa_test.go | 8 ++--- go.mod | 3 +- go.sum | 10 ------ load.go | 9 +++-- rfc6979.go | 5 +-- wif.go | 6 ++-- wif_test.go | 5 ++- 11 files changed, 55 insertions(+), 177 deletions(-) delete mode 100644 ecdsa_go1.15.go delete mode 100644 ecdsa_older_go.go delete mode 100644 ecdsa_older_go_test.go diff --git a/ecdsa.go b/ecdsa.go index e392a8b..58049f5 100644 --- a/ecdsa.go +++ b/ecdsa.go @@ -6,10 +6,10 @@ import ( "crypto/rand" "crypto/sha512" "crypto/x509" + "fmt" "math/big" "github.com/nspcc-dev/neofs-crypto/internal" - "github.com/pkg/errors" ) const ( @@ -39,9 +39,18 @@ const ( // P256 is base elliptic curve. var curve = elliptic.P256() -// Marshal converts a points into the uncompressed form specified in section 4.3.6 of ANSI X9.62. -func marshalXY(x, y *big.Int) []byte { - return elliptic.Marshal(curve, x, y) +// marshalXY converts points into the uncompressed form specified in section 4.3.6 of ANSI X9.62. +// It is also used to marshal signature, for backwards compatibility. +func marshalXY(curve elliptic.Curve, x, y *big.Int) []byte { + params := curve.Params() + curveOrderByteSize := params.P.BitLen() / 8 + buf := make([]byte, 1+curveOrderByteSize*2) + // r and s are not on curve at all, leave for backwards compatibility + buf[0] = 4 + _ = x.FillBytes(buf[1 : 1+curveOrderByteSize]) + _ = y.FillBytes(buf[1+curveOrderByteSize:]) + + return buf } // unmarshalXY converts a point, serialized by Marshal, into an x, y pair. @@ -76,7 +85,7 @@ func MarshalPublicKey(key *ecdsa.PublicKey) []byte { return nil } - return encodePoint(key.X, key.Y) + return elliptic.MarshalCompressed(curve, key.X, key.Y) } // UnmarshalPublicKey from bytes. @@ -92,6 +101,28 @@ func UnmarshalPublicKey(data []byte) *ecdsa.PublicKey { return nil } +func decodePoint(data []byte) (x *big.Int, y *big.Int) { + // empty data + if len(data) == 0 { + return + } + + // tries to unmarshal compressed form + // returns (nil, nil) when: + // - wrong len(data) + // - data[0] != 2 && data[0] != 3 + if x, y = elliptic.UnmarshalCompressed(curve, data); x != nil && y != nil { + return x, y + } + + // tries to unmarshal uncompressed form and check that points on curve + if x, y = unmarshalXY(data); x == nil || y == nil || !curve.IsOnCurve(x, y) { + x, y = nil, nil + } + + return x, y +} + // UnmarshalPrivateKey from bytes. // It is similar to `ecdsa.Generate()` but uses pre-defined big.Int and // curve for NEO Blockchain (elliptic.P256) @@ -135,7 +166,7 @@ func VerifyHash(pub *ecdsa.PublicKey, msgHash, sig []byte) error { } else if r, s := unmarshalXY(sig); r == nil || s == nil { return ErrCannotUnmarshal } else if !ecdsa.Verify(pub, msgHash, r, s) { - return errors.Wrapf(ErrInvalidSignature, "%0x : %0x", r, s) + return fmt.Errorf("%w: %0x : %0x", ErrInvalidSignature, r, s) } return nil @@ -156,5 +187,5 @@ func SignHash(key *ecdsa.PrivateKey, msgHash []byte) ([]byte, error) { return nil, err } - return marshalXY(x, y), nil + return marshalXY(key.Curve, x, y), nil } diff --git a/ecdsa_go1.15.go b/ecdsa_go1.15.go deleted file mode 100644 index 9f640f2..0000000 --- a/ecdsa_go1.15.go +++ /dev/null @@ -1,34 +0,0 @@ -// +build go1.15 - -package crypto - -import ( - "crypto/elliptic" - "math/big" -) - -func encodePoint(x, y *big.Int) []byte { - return elliptic.MarshalCompressed(curve, x, y) -} - -func decodePoint(data []byte) (x *big.Int, y *big.Int) { - // empty data - if len(data) == 0 { - return - } - - // tries to unmarshal compressed form - // returns (nil, nil) when: - // - wrong len(data) - // - data[0] != 2 && data[0] != 3 - if x, y = elliptic.UnmarshalCompressed(curve, data); x != nil && y != nil { - return x, y - } - - // tries to unmarshal uncompressed form and check that points on curve - if x, y = unmarshalXY(data); x == nil || y == nil || !curve.IsOnCurve(x, y) { - x, y = nil, nil - } - - return x, y -} diff --git a/ecdsa_older_go.go b/ecdsa_older_go.go deleted file mode 100644 index a841ff2..0000000 --- a/ecdsa_older_go.go +++ /dev/null @@ -1,79 +0,0 @@ -// +build !go1.15 - -package crypto - -import "math/big" - -// decompressPoints using formula y² = x³ - 3x + b -// crypto/elliptic/elliptic.go:55 -func decompressPoints(x *big.Int, yBit uint) (*big.Int, *big.Int) { - params := curve.Params() - - x3 := new(big.Int).Mul(x, x) - x3.Mul(x3, x) - - threeX := new(big.Int).Lsh(x, 1) - threeX.Add(threeX, x) - - x3.Sub(x3, threeX) - x3.Add(x3, params.B) - x3.Mod(x3, params.P) - - // y = √(x³ - 3x + b) mod p - y := new(big.Int).ModSqrt(x3, params.P) - - // big.Int.Jacobi(a, b) can return nil - if y == nil { - return nil, nil - } - - if y.Bit(0) != (yBit & 0x1) { - y.Neg(y) - y.Mod(y, params.P) - } - - return x, y -} - -func encodePoint(x, y *big.Int) []byte { - data := make([]byte, PublicKeyCompressedSize) - i := PublicKeyCompressedSize - len(x.Bytes()) - copy(data[i:], x.Bytes()) - - if y.Bit(0) == 0x1 { - data[0] = 0x3 - } else { - data[0] = 0x2 - } - - return data -} - -func decodePoint(data []byte) (x *big.Int, y *big.Int) { - // empty data - if len(data) == 0 { - return - } - - switch prefix := data[0]; prefix { - case 0x02, 0x03: // compressed key - // Incorrect length for compressed encoding - if len(data) != PublicKeyCompressedSize { - return nil, nil - } - - x, y = decompressPoints(new(big.Int).SetBytes(data[1:]), uint(prefix)) - case 0x04: // uncompressed key - // To get the public key, besides getting it from the data and checking, - // we also must to check that the points are on an elliptic curve - x, y = unmarshalXY(data) - default: // unknown type - return - } - - if x == nil || y == nil || !curve.IsOnCurve(x, y) { - x, y = nil, nil - } - - return -} diff --git a/ecdsa_older_go_test.go b/ecdsa_older_go_test.go deleted file mode 100644 index 18769ea..0000000 --- a/ecdsa_older_go_test.go +++ /dev/null @@ -1,28 +0,0 @@ -// +build !go1.15 - -package crypto - -import ( - "crypto/ecdsa" - "encoding/hex" - "math/big" - "testing" - - "github.com/stretchr/testify/require" -) - -func Test_decompressPoints(t *testing.T) { - t.Run("prepared public keys: decompressPoints", func(t *testing.T) { - for i := range testKeys { - bytes, err := hex.DecodeString(testKeys[i]) - require.NoErrorf(t, err, testKeys[i]) - - x, y := decompressPoints(new(big.Int).SetBytes(bytes[1:]), uint(bytes[0])) - require.NotNil(t, x) - require.NotNil(t, y) - - res := MarshalPublicKey(&ecdsa.PublicKey{Curve: curve, X: x, Y: y}) - require.Equal(t, testKeys[i], hex.EncodeToString(res)) - } - }) -} diff --git a/ecdsa_test.go b/ecdsa_test.go index cd8d7fa..60f55a3 100644 --- a/ecdsa_test.go +++ b/ecdsa_test.go @@ -115,12 +115,12 @@ func TestSignVerify(t *testing.T) { r1, s1, err := ecdsa.Sign(rand.Reader, key, hashBytes(data)) require.NoError(t, err) - sign := marshalXY(r1, s1) + sign := marshalXY(key.Curve, r1, s1) UnmarshalPublicKey(sign) } { // 3. bad big.Ints - sign := marshalXY(big.NewInt(0), big.NewInt(1)) + sign := marshalXY(elliptic.P256(), big.NewInt(0), big.NewInt(1)) UnmarshalPublicKey(sign) } }) @@ -129,7 +129,7 @@ func TestSignVerify(t *testing.T) { t.Run("using prepared hash", func(t *testing.T) { var ( data = []byte("Hello world") - sum = sha512.Sum512(data) + sum = sha512.Sum512(data) key = test.DecodeKey(0) ) sig, err := SignHash(key, sum[:]) @@ -148,7 +148,7 @@ func TestSignVerify(t *testing.T) { hashBytes(data)) require.NoError(t, err) - sign := marshalXY(r1, s1) + sign := marshalXY(key.Curve, r1, s1) { // This is just to validate, that we are on right way.. try to unmarshal R/S from sign // validate bytes length diff --git a/go.mod b/go.mod index e67ecdd..79b5758 100644 --- a/go.mod +++ b/go.mod @@ -1,10 +1,9 @@ module github.com/nspcc-dev/neofs-crypto -go 1.13 +go 1.16 require ( github.com/mr-tron/base58 v1.2.0 github.com/nspcc-dev/rfc6979 v0.2.0 - github.com/pkg/errors v0.9.1 github.com/stretchr/testify v1.7.0 ) diff --git a/go.sum b/go.sum index 3e76904..4ad6ddb 100644 --- a/go.sum +++ b/go.sum @@ -1,25 +1,15 @@ github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/mr-tron/base58 v1.1.2 h1:ZEw4I2EgPKDJ2iEw0cNmLB3ROrEmkOtXIkaG7wZg+78= -github.com/mr-tron/base58 v1.1.2/go.mod h1:BinMc/sQntlIE1frQmRFPUoPA1Zkr8VRgBdjWI2mNwc= github.com/mr-tron/base58 v1.2.0 h1:T/HDJBh4ZCPbU39/+c3rRvE0uKBQlU27+QI8LJ4t64o= github.com/mr-tron/base58 v1.2.0/go.mod h1:BinMc/sQntlIE1frQmRFPUoPA1Zkr8VRgBdjWI2mNwc= github.com/nspcc-dev/rfc6979 v0.2.0 h1:3e1WNxrN60/6N0DW7+UYisLeZJyfqZTNOjeV/toYvOE= github.com/nspcc-dev/rfc6979 v0.2.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso= -github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I= -github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= -github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= -github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/load.go b/load.go index 7c61277..09b561a 100644 --- a/load.go +++ b/load.go @@ -3,9 +3,8 @@ package crypto import ( "crypto/ecdsa" "encoding/hex" - "io/ioutil" - - "github.com/pkg/errors" + "fmt" + "os" ) // LoadPrivateKey allows to load private key from various formats: @@ -13,7 +12,7 @@ import ( // - hex string // - file path (D-bytes or SEC 1 / ASN.1 DER form) func LoadPrivateKey(val string) (*ecdsa.PrivateKey, error) { - if data, err := ioutil.ReadFile(val); err == nil { + if data, err := os.ReadFile(val); err == nil { return UnmarshalPrivateKey(data) } else if data, err = hex.DecodeString(val); err == nil { return UnmarshalPrivateKey(data) @@ -21,5 +20,5 @@ func LoadPrivateKey(val string) (*ecdsa.PrivateKey, error) { return key, nil } - return nil, errors.Errorf("unknown key format (%q), expect: hex-string, wif or file-path", val) + return nil, fmt.Errorf("unknown key format (%q), expect: hex-string, wif or file-path", val) } diff --git a/rfc6979.go b/rfc6979.go index e62284e..91055b4 100644 --- a/rfc6979.go +++ b/rfc6979.go @@ -3,11 +3,11 @@ package crypto import ( "crypto/ecdsa" "crypto/sha256" + "fmt" "math/big" "github.com/nspcc-dev/neofs-crypto/internal" "github.com/nspcc-dev/rfc6979" - "github.com/pkg/errors" ) const ( @@ -60,7 +60,8 @@ func SignRFC6979Hash(key *ecdsa.PrivateKey, msgHash []byte) ([]byte, error) { func decodeSignature(sig []byte) (*big.Int, *big.Int, error) { if ln := len(sig); ln != RFC6979SignatureSize { - return nil, nil, errors.Wrapf(ErrWrongHashSize, "actual=%d, expect=%d", ln, RFC6979SignatureSize) + return nil, nil, fmt.Errorf("%w: actual=%d, expect=%d", + ErrWrongHashSize, ln, RFC6979SignatureSize) } return new(big.Int).SetBytes(sig[:32]), new(big.Int).SetBytes(sig[32:]), nil diff --git a/wif.go b/wif.go index 8c3a407..877d776 100644 --- a/wif.go +++ b/wif.go @@ -4,10 +4,10 @@ import ( "bytes" "crypto/ecdsa" "crypto/sha256" + "fmt" "github.com/mr-tron/base58" "github.com/nspcc-dev/neofs-crypto/internal" - "github.com/pkg/errors" ) const ( @@ -51,9 +51,9 @@ func WIFEncode(key *ecdsa.PrivateKey) (string, error) { func WIFDecode(wif string) (*ecdsa.PrivateKey, error) { data, err := base58.Decode(wif) if err != nil { - return nil, errors.Wrap(ErrBadWIF, err.Error()) + return nil, fmt.Errorf("%w: %v", ErrBadWIF, err) } else if actual := len(data); actual != WIFLength { - return nil, errors.Wrapf(ErrBadWIF, "expect: %d, actual: %d", WIFLength, actual) + return nil, fmt.Errorf("%w: expect: %d, actual: %d", ErrBadWIF, WIFLength, actual) } else if sum := wifCheckSum(data[:34]); !bytes.Equal(data[34:], sum) { return nil, ErrBadChecksum } diff --git a/wif_test.go b/wif_test.go index e8c8240..ca18d0c 100644 --- a/wif_test.go +++ b/wif_test.go @@ -6,7 +6,6 @@ import ( "testing" "github.com/nspcc-dev/neofs-crypto/test" - "github.com/pkg/errors" "github.com/stretchr/testify/require" ) @@ -82,7 +81,7 @@ func TestWIF(t *testing.T) { require.NoError(t, err) require.Equal(t, current.WIF, actual) default: - require.EqualError(t, errors.Cause(err), current.Error.Error()) + require.ErrorIs(t, err, current.Error) } }) } @@ -136,7 +135,7 @@ func TestWIF(t *testing.T) { require.NoError(t, err) require.Equal(t, current.Key, actual) default: - require.EqualError(t, errors.Cause(err), current.Error.Error()) + require.ErrorIs(t, err, current.Error) } }) }