futur.blue / pegasus
objective categorical abstract machine language personal data server
65
fork

Configure Feed

Select the types of activity you want to include in your feed.

More cryptography methods

futurGH ac346b72 ace4a45f

+152 -5
+1 -1
kleidos/dune
··· 1 1 (library 2 2 (name kleidos) 3 - (libraries hacl-star)) 3 + (libraries hacl-star multibase))
+151 -4
kleidos/kleidos.ml
··· 1 - module K256 = struct 1 + open struct 2 + let to_multikey key ~prefix : string = 3 + match 4 + Multibase.encode_t `Base58btc (Bytes.to_string @@ Bytes.cat prefix key) 5 + with 6 + | Ok multikey -> 7 + multikey 8 + | Error (`Msg msg) -> 9 + failwith (Format.sprintf "failed to encode key as multikey: %s" msg) 10 + 11 + let bytes_of_multikey multikey : bytes = 12 + match Multibase.decode multikey with 13 + | Ok (_, k) -> 14 + Bytes.of_string k 15 + | Error (`Msg msg) -> 16 + failwith msg 17 + | Error (`Unsupported e) -> 18 + failwith 19 + ( "unsupported key multibase encoding " 20 + ^ Multibase.Encoding.to_string e ) 21 + end 22 + 23 + module type CURVE = sig 24 + val public_prefix : bytes 25 + 26 + val private_prefix : bytes 27 + 28 + val normalize_pubkey_to_raw : bytes -> bytes 29 + 30 + val sign : privkey:bytes -> msg:bytes -> bytes 31 + 32 + val verify : pubkey:bytes -> msg:bytes -> signature:bytes -> bool 33 + 34 + val is_valid_privkey : bytes -> bool 35 + 36 + val derive_pubkey : privkey:bytes -> bytes 37 + 38 + val privkey_to_multikey : bytes -> string 39 + 40 + val pubkey_to_multikey : bytes -> string 41 + end 42 + 43 + module K256 : CURVE = struct 2 44 open Hacl_star.Hacl 3 45 46 + let public_prefix = Bytes.of_string "\xe7\x01" 47 + 48 + let private_prefix = Bytes.of_string "\x81\x26" 49 + 50 + let normalize_pubkey_to_raw key : bytes = 51 + match Bytes.length key with 52 + | 64 | 32 -> 53 + key 54 + | 65 -> ( 55 + match K256.uncompressed_to_raw key with 56 + | Some raw -> 57 + raw 58 + | None -> 59 + failwith "invalid uncompressed key" ) 60 + | 33 -> ( 61 + match K256.compressed_to_raw key with 62 + | Some raw -> 63 + raw 64 + | None -> 65 + failwith "invalid compressed key" ) 66 + | len -> 67 + failwith ("invalid key length: " ^ string_of_int len) 68 + 4 69 let sign ~privkey ~msg : bytes = 5 70 let hashed = SHA2_256.hash msg in 6 71 let k = Rfc6979.k_for_k256 ~privkey ~msg in ··· 12 77 13 78 let verify ~pubkey ~msg ~signature : bool = 14 79 let hashed = SHA2_256.hash msg in 15 - K256.Libsecp256k1.verify ~pk:pubkey ~msg:hashed ~signature 80 + let pk = normalize_pubkey_to_raw pubkey in 81 + K256.Libsecp256k1.verify ~pk ~msg:hashed ~signature 82 + 83 + let is_valid_privkey privkey : bool = K256.valid_sk ~sk:privkey 84 + 85 + let derive_pubkey ~privkey : bytes = 86 + if not (is_valid_privkey privkey) then failwith "invalid p256 private key" ; 87 + match K256.secret_to_public ~sk:privkey with 88 + | Some pubkey -> 89 + K256.raw_to_compressed pubkey 90 + | None -> 91 + failwith "failed to derive public key" 92 + 93 + let pubkey_to_multikey pubkey : string = 94 + to_multikey pubkey ~prefix:public_prefix 95 + 96 + let privkey_to_multikey privkey : string = 97 + to_multikey privkey ~prefix:private_prefix 16 98 end 17 99 18 - module P256 = struct 100 + module P256 : CURVE = struct 19 101 open Hacl_star.Hacl 20 102 103 + let public_prefix = Bytes.of_string "\x80\x24" 104 + 105 + let private_prefix = Bytes.of_string "\x86\x26" 106 + 107 + let normalize_pubkey_to_raw key : bytes = 108 + match Bytes.length key with 109 + | 64 | 32 -> 110 + key 111 + | 65 -> ( 112 + match P256.uncompressed_to_raw key with 113 + | Some raw -> 114 + raw 115 + | None -> 116 + failwith "invalid uncompressed key" ) 117 + | 33 -> ( 118 + match P256.compressed_to_raw key with 119 + | Some raw -> 120 + raw 121 + | None -> 122 + failwith "invalid compressed key" ) 123 + | len -> 124 + failwith ("invalid key length: " ^ string_of_int len) 125 + 21 126 let sign ~privkey ~msg : bytes = 22 127 let hashed = SHA2_256.hash msg in 23 128 let k = Rfc6979.k_for_p256 ~privkey ~msg in ··· 29 134 30 135 let verify ~pubkey ~msg ~signature : bool = 31 136 let hashed = SHA2_256.hash msg in 32 - P256.verify ~pk:pubkey ~msg:hashed ~signature 137 + let pk = normalize_pubkey_to_raw pubkey in 138 + P256.verify ~pk ~msg:hashed ~signature 139 + 140 + let is_valid_privkey privkey : bool = P256.valid_sk ~sk:privkey 141 + 142 + let derive_pubkey ~privkey : bytes = 143 + if not (is_valid_privkey privkey) then failwith "invalid p256 private key" ; 144 + match P256.dh_initiator ~sk:privkey with 145 + | Some pubkey -> 146 + P256.raw_to_compressed pubkey 147 + | None -> 148 + failwith "failed to derive public key" 149 + 150 + let pubkey_to_multikey pubkey : string = 151 + to_multikey pubkey ~prefix:public_prefix 152 + 153 + let privkey_to_multikey privkey : string = 154 + to_multikey privkey ~prefix:private_prefix 33 155 end 156 + 157 + let parse_multikey_bytes bytes : bytes * (module CURVE) = 158 + if Bytes.length bytes < 3 then failwith "multikey too short" ; 159 + let b0 = int_of_char (Bytes.get bytes 0) in 160 + let b1 = int_of_char (Bytes.get bytes 1) in 161 + let type_code = (b0 lsl 8) lor b1 in 162 + let key = Bytes.sub bytes 2 (Bytes.length bytes - 2) in 163 + match type_code with 164 + | 0x8626 -> 165 + (* p256 privkey *) 166 + (key, (module P256 : CURVE)) 167 + | 0x8024 -> 168 + (* p256 pubkey *) 169 + (key, (module P256 : CURVE)) 170 + | 0x8126 -> 171 + (* k256 privkey *) 172 + (key, (module K256 : CURVE)) 173 + | 0xe701 -> 174 + (* k256 pubkey *) 175 + (key, (module K256 : CURVE)) 176 + | _ -> 177 + failwith (Printf.sprintf "invalid key type 0x%04x" type_code) 178 + 179 + let parse_multikey_str multikey : bytes * (module CURVE) = 180 + multikey |> bytes_of_multikey |> parse_multikey_bytes