Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Import libsodium (Algorand's VRF lib) into Tendermint #12

Merged
merged 3 commits into from
Jan 14, 2020
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
93 changes: 53 additions & 40 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,14 @@ executors:
AWS_REGION: us-east-1

commands:
checkout_with_submodules:
steps:
- checkout
- run:
name: "Pull Submodules"
command: |
git submodule init
git submodule update
run_test:
parameters:
script_path:
Expand All @@ -27,7 +35,7 @@ commands:
name: "Restore source code cache"
keys:
- go-src-v1-{{ .Revision }}
- checkout
- checkout_with_submodules
- restore_cache:
name: "Restore go modules cache"
keys:
Expand All @@ -41,7 +49,7 @@ jobs:
setup_dependencies:
executor: golang
steps:
- checkout
- checkout_with_submodules
- restore_cache:
name: "Restore go modules cache"
keys:
Expand Down Expand Up @@ -107,18 +115,23 @@ jobs:
name: "Restore source code cache"
keys:
- go-src-v1-{{ .Revision }}
- checkout
- checkout_with_submodules
- restore_cache:
name: "Restore go module cache"
keys:
- go-mod-v2-{{ checksum "go.sum" }}
- run:
name: "Build and install libsodium"
command: |
sudo apt-get update && sudo apt-get -y install libtool
make libsodium
- run:
name: "Run tests"
command: |
export VERSION="$(git describe --tags --long | sed 's/v\(.*\)/\1/')"
export GO111MODULE=on
mkdir -p /tmp/logs /tmp/workspace/profiles
for pkg in $(go list github.com/tendermint/tendermint/... | circleci tests split --split-by=timings); do
for pkg in $(go list ./... | circleci tests split --split-by=timings); do
id=$(basename "$pkg")
go test -v -timeout 5m -mod=readonly -race -coverprofile=/tmp/workspace/profiles/$id.out -covermode=atomic "$pkg" | tee "/tmp/logs/$id-$RANDOM.log"
done
Expand All @@ -140,7 +153,7 @@ jobs:
GOARCH: amd64
parallelism: 1
steps:
- checkout
- checkout_with_submodules
- run:
name: run localnet and exit on failure
command: |
Expand All @@ -156,42 +169,42 @@ jobs:
machine:
image: circleci/classic:latest
steps:
- checkout
- checkout_with_submodules
- run: mkdir -p $GOPATH/src/github.com/tendermint
- run: ln -sf /home/circleci/project $GOPATH/src/github.com/tendermint/tendermint
- run: bash test/p2p/circleci.sh
- store_artifacts:
path: /home/circleci/project/test/p2p/logs

upload_coverage:
executor: golang
steps:
- attach_workspace:
at: /tmp/workspace
- restore_cache:
name: "Restore source code cache"
keys:
- go-src-v1-{{ .Revision }}
- checkout
- restore_cache:
name: "Restore go module cache"
keys:
- go-mod-v2-{{ checksum "go.sum" }}
- run:
name: gather
command: |
echo "mode: atomic" > coverage.txt
for prof in $(ls /tmp/workspace/profiles/); do
tail -n +2 /tmp/workspace/profiles/"$prof" >> coverage.txt
done
- run:
name: upload
command: bash .circleci/codecov.sh -f coverage.txt
# upload_coverage:
# executor: golang
# steps:
# - attach_workspace:
# at: /tmp/workspace
# - restore_cache:
# name: "Restore source code cache"
# keys:
# - go-src-v1-{{ .Revision }}
# - checkout
# - restore_cache:
# name: "Restore go module cache"
# keys:
# - go-mod-v2-{{ checksum "go.sum" }}
# - run:
# name: gather
# command: |
# echo "mode: atomic" > coverage.txt
# for prof in $(ls /tmp/workspace/profiles/); do
# tail -n +2 /tmp/workspace/profiles/"$prof" >> coverage.txt
# done
# - run:
# name: upload
# command: bash .circleci/codecov.sh -f coverage.txt

deploy_docs:
executor: docs
steps:
- checkout
- checkout_with_submodules
- run:
name: "Build docs"
command: make build-docs
Expand All @@ -206,7 +219,7 @@ jobs:
name: "Restore source code cache"
keys:
- go-src-v1-{{ .Revision }}
- checkout
- checkout_with_submodules
- run:
name: Get next release number
command: |
Expand Down Expand Up @@ -239,7 +252,7 @@ jobs:
name: "Restore source code cache"
keys:
- go-src-v1-{{ .Revision }}
- checkout
- checkout_with_submodules
- restore_cache:
name: "Restore release dependencies cache"
keys:
Expand Down Expand Up @@ -268,7 +281,7 @@ jobs:
name: "Restore source code cache"
keys:
- go-src-v1-{{ .Revision }}
- checkout
- checkout_with_submodules
- attach_workspace:
at: /tmp/workspace
- run:
Expand Down Expand Up @@ -297,7 +310,7 @@ jobs:
machine:
image: ubuntu-1604:201903-01
steps:
- checkout
- checkout_with_submodules
- attach_workspace:
at: /tmp/workspace
- run:
Expand All @@ -316,7 +329,7 @@ jobs:
steps:
- attach_workspace:
at: /tmp/workspace
- checkout
- checkout_with_submodules
- setup_remote_docker:
docker_layer_caching: true
- run:
Expand Down Expand Up @@ -351,7 +364,7 @@ jobs:
GOARCH: amd64
parallelism: 1
steps:
- checkout
- checkout_with_submodules
- run:
name: Test RPC endpoints against swagger documentation
command: |
Expand Down Expand Up @@ -407,9 +420,9 @@ workflows:
requires:
- setup_dependencies
- test_p2p
- upload_coverage:
requires:
- test_cover
# - upload_coverage:
# requires:
# - test_cover
- reproducible_builds:
filters:
branches:
Expand Down
3 changes: 3 additions & 0 deletions .gitmodules
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
[submodule "crypto/vrf/internal/vrf/libsodium"]
path = crypto/vrf/internal/vrf/libsodium
url = https://github.com/algorand/libsodium.git
11 changes: 11 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ GOTOOLS = \
github.com/square/certstrap
GOBIN?=${GOPATH}/bin
PACKAGES=$(shell go list ./...)
SRCPATH=$(shell pwd)
OUTPUT?=build/tendermint

INCLUDE = -I=. -I=${GOPATH}/src -I=${GOPATH}/src/github.com/gogo/protobuf/protobuf
Expand Down Expand Up @@ -63,6 +64,16 @@ build_abci:
install_abci:
@go install -mod=readonly ./abci/cmd/...

########################################
### libsodium

libsodium:
cd $(SRCPATH)/crypto/vrf/internal/vrf/libsodium && \
./autogen.sh && \
./configure --disable-shared --prefix="$(SRCPATH)/crypto/vrf/internal/vrf/" && \
$(MAKE) && \
$(MAKE) install

########################################
### Distribution

Expand Down
1 change: 1 addition & 0 deletions crypto/vrf/internal/vrf/libsodium
Submodule libsodium added at 004952
125 changes: 125 additions & 0 deletions crypto/vrf/internal/vrf/vrf.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,125 @@
// This vrf package makes the VRF API in Algorand's libsodium C library available to golang.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about adding our license comment?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Then we need to decide on a license declaration for our new files. I'll save it as another discussion ticket.

package vrf

/*
#cgo CFLAGS: -Wall -std=c99
#cgo CFLAGS: -I./include/
#cgo LDFLAGS: -L./lib -lsodium
#include "sodium.h"
*/
import "C"
import (
"encoding/hex"
"errors"
"fmt"
"unsafe"
)

const PUBLICKEYBYTES = uint32(C.crypto_vrf_PUBLICKEYBYTES)

const SECRETKEYBYTES = uint32(C.crypto_vrf_SECRETKEYBYTES)

const SEEDBYTES = uint32(C.crypto_vrf_SEEDBYTES)

const PROOFBYTES = uint32(C.crypto_vrf_PROOFBYTES)

const OUTPUTBYTES = uint32(C.crypto_vrf_OUTPUTBYTES)

const PRIMITIVE = C.crypto_vrf_PRIMITIVE
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about collecting all similar constant values like below?

const (
	PUBLICKEYBYTES = uint32(C.crypto_vrf_PUBLICKEYBYTES)
	SECRETKEYBYTES = uint32(C.crypto_vrf_SECRETKEYBYTES)
	SEEDBYTES = uint32(C.crypto_vrf_SEEDBYTES)
	PROOFBYTES = uint32(C.crypto_vrf_PROOFBYTES)
	OUTPUTBYTES = uint32(C.crypto_vrf_OUTPUTBYTES)
	PRIMITIVE = C.crypto_vrf_PRIMITIVE
)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, it seems better readability. I'll fix it.


// Generate an Ed25519 key pair for use with VRF.
func KeyPair() (*[PUBLICKEYBYTES]byte, *[SECRETKEYBYTES]byte) {
publicKey := [PUBLICKEYBYTES]byte{}
privateKey := [SECRETKEYBYTES]byte{}
publicKeyPtr := (*C.uchar)(unsafe.Pointer(&publicKey))
privateKeyPtr := (*C.uchar)(unsafe.Pointer(&privateKey))
C.crypto_vrf_keypair(publicKeyPtr, privateKeyPtr)
return &publicKey, &privateKey
}

// Generate an Ed25519 key pair for use with VRF. Parameter `seed` means the cofactor in Curve25519 and EdDSA.
func KeyPairFromSeed(seed *[SEEDBYTES]byte) (*[PUBLICKEYBYTES]byte, *[SECRETKEYBYTES]byte) {
publicKey := [PUBLICKEYBYTES]byte{}
privateKey := [SECRETKEYBYTES]byte{}
publicKeyPtr := (*C.uchar)(unsafe.Pointer(&publicKey))
privateKeyPtr := (*C.uchar)(unsafe.Pointer(&privateKey))
seedPtr := (*C.uchar)(unsafe.Pointer(seed))
C.crypto_vrf_keypair_from_seed(publicKeyPtr, privateKeyPtr, seedPtr)
return &publicKey, &privateKey
}

// Verifies that the specified public key is valid.
func IsValidKey(publicKey *[PUBLICKEYBYTES]byte) bool {
publicKeyPtr := (*C.uchar)(unsafe.Pointer(publicKey))
return C.crypto_vrf_is_valid_key(publicKeyPtr) != 0
}

// Construct a VRF proof from given secret key and message.
func Prove(privateKey *[SECRETKEYBYTES]byte, message []byte) (*[PROOFBYTES]byte, error) {
proof := [PROOFBYTES]byte{}
proofPtr := (*C.uchar)(unsafe.Pointer(&proof))
privateKeyPtr := (*C.uchar)(unsafe.Pointer(privateKey))
messagePtr := bytesToUnsignedCharPointer(message)
messageLen := (C.ulonglong)(len(message))
if C.crypto_vrf_prove(proofPtr, privateKeyPtr, messagePtr, messageLen) != 0 {
return nil, errors.New(fmt.Sprintf("unable to decode the given privateKey"))
}
return &proof, nil
}

// Verifies that proof was legitimately generated by private key for the given public key, and stores the
// VRF hash in output. Note that VRF "verify()" means the process of generating output from public key,
// proof, and message.
// https://tools.ietf.org/html/draft-irtf-cfrg-vrf-04#section-5.3
func Verify(publicKey *[PUBLICKEYBYTES]byte, proof *[PROOFBYTES]byte, message []byte) (*[OUTPUTBYTES]byte, error) {
output := [OUTPUTBYTES]byte{}
outputPtr := (*C.uchar)(unsafe.Pointer(&output))
publicKeyPtr := (*C.uchar)(unsafe.Pointer(publicKey))
proofPtr := (*C.uchar)(unsafe.Pointer(proof))
messagePtr := bytesToUnsignedCharPointer(message)
messageLen := (C.ulonglong)(len(message))
if C.crypto_vrf_verify(outputPtr, publicKeyPtr, proofPtr, messagePtr, messageLen) != 0 {
return nil, errors.New(fmt.Sprintf(
"given public key is invalid, or the proof isn't legitimately generated for the message:"+
" public_key=%s, proof=%s, message=%s",
hex.EncodeToString(publicKey[:]), hex.EncodeToString(proof[:]), hex.EncodeToString(message[:])))
}
return &output, nil
}

// Calculate the output (hash value) from the specified proof.
// In essence, this function returns a valid value if given proof is any point on the finite field. Otherwise,
// this will return an error.
func ProofToHash(proof *[PROOFBYTES]byte) (*[OUTPUTBYTES]byte, error) {
output := [OUTPUTBYTES]byte{}
outputPtr := (*C.uchar)(unsafe.Pointer(&output))
proofPtr := (*C.uchar)(unsafe.Pointer(proof))
if C.crypto_vrf_proof_to_hash(outputPtr, proofPtr) != 0 {
return nil, errors.New(fmt.Sprintf(
"given proof isn't legitimately generated: proof=%s", hex.EncodeToString(proof[:])))
}
return &output, nil
}

func SkToPk(privateKey *[SECRETKEYBYTES]byte) *[PUBLICKEYBYTES]byte {
publicKey := [PUBLICKEYBYTES]byte{}
publicKeyPtr := (*C.uchar)(unsafe.Pointer(&publicKey))
privateKeyPtr := (*C.uchar)(unsafe.Pointer(privateKey))
C.crypto_vrf_sk_to_pk(publicKeyPtr, privateKeyPtr) // void
return &publicKey
}

func SkToSeed(privateKey *[SECRETKEYBYTES]byte) *[SEEDBYTES]byte {
seed := [SEEDBYTES]byte{}
seedPtr := (*C.uchar)(unsafe.Pointer(&seed))
privateKeyPtr := (*C.uchar)(unsafe.Pointer(privateKey))
C.crypto_vrf_sk_to_seed(seedPtr, privateKeyPtr) // void
return &seed
}

func bytesToUnsignedCharPointer(msg []byte) *C.uchar {
if len(msg) == 0 {
return (*C.uchar)(C.NULL)
}
return (*C.uchar)(unsafe.Pointer(&msg[0]))
}
Loading