1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127

use std::fmt::{Display, Formatter};
use std::error::Error;

use ring::digest;
use curve25519_dalek::scalar::Scalar as InternalDalekScalar;
use serde::{Serialize, Deserialize};
use num_bigint::BigUint;
use crate::curve::to_scalar;

type DalekScalar = InternalDalekScalar;

#[derive(Copy, Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct Scalar(DalekScalar);

impl Scalar {
    pub fn as_base64(&self) -> String {
        base64::encode(self.as_bytes())
    }

    pub fn as_bytes(&self) -> &[u8; 32] {
        self.0.as_bytes()
    }

    pub fn to_bytes(self) -> [u8; 32] {
        self.0.to_bytes()
    }

    pub fn max_size_bytes() -> usize {
        curve::scalar_max_size_bytes()
    }

    pub fn truncated(&self) -> Self {
        let mut vec = self.0.as_bytes().to_vec();
        vec.truncate(Scalar::max_size_bytes());
        to_scalar(BigUint::from_bytes_le(&vec))
    }
}

impl From<u32> for Scalar {
    fn from(n: u32) -> Self {
        Self(n.into())
    }
}

impl From<[u8; 32]> for Scalar {
    fn from(bytes: [u8; 32]) -> Self {
        Self(DalekScalar::from_bytes_mod_order(bytes).reduce())
    }
}

pub struct Hasher(digest::Context);

impl Hasher {
    pub fn sha_256() -> Self {
        Self(digest::Context::new(&digest::SHA256))
    }

    pub fn sha_512() -> Self {
        Self(digest::Context::new(&digest::SHA512))
    }

    pub fn update(mut self, data: &[u8]) -> Self {
        self.0.update(&data);
        self
    }

    pub fn finish(self) -> Digest {
        self.0.finish()
    }

    // NOTE: this will truncate the bytes of the hash. Use with care.
    pub fn finish_scalar(self) -> Scalar {
        let mut bytes = self.finish_vec();
        bytes.truncate(Scalar::max_size_bytes());
        curve::try_to_scalar(&bytes).unwrap()
    }

    pub fn finish_vec(self) -> Vec<u8> {
        self.finish().as_ref().to_vec()
    }
}

pub type Digest = digest::Digest;

#[derive(Clone, Copy, Debug)]
pub enum CryptoError {
    Unspecified(ring::error::Unspecified),
    KeyRejected(ring::error::KeyRejected),
    Encoding,
    Decoding,
    Misc,
    InvalidId,
    CommitmentDuplicated,
    CommitmentMissing,
    CommitmentPartMissing,
    ShareDuplicated,
    ShareRejected,
    KeygenMissing,
    AuthTagRejected,
}

impl Display for CryptoError {
    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
        write!(f, "{:?}", self)
    }
}

impl Error for CryptoError {}

pub mod elgamal;
mod curve;
pub mod zkp;
pub mod threshold;

#[cfg(test)]
mod tests {
    use crate::Hasher;
    use crate::curve::CurveElem;
    use std::convert::TryFrom;

    #[test]
    fn test_hash_encoding() {
        let msg = b"hello world";
        let scalar = Hasher::sha_256().update(msg).finish_scalar();
        CurveElem::try_from(scalar.truncated()).unwrap();
    }
}