reddsa/src/secret_key.rs

use std::{convert::TryFrom, marker::PhantomData};

use crate::{
    Binding, Error, PublicKey, PublicKeyBytes, Randomizer, Scalar, SigType, Signature, SpendAuth,
};

use rand_core::{CryptoRng, RngCore};

/// A RedJubJub secret key.
#[derive(Copy, Clone, Debug)]
pub struct SecretKey<T: SigType> {
    sk: Scalar,
    pk: PublicKey<T>,
}

impl<T: SigType> From<SecretKey<T>> for [u8; 32] {
    fn from(sk: SecretKey<T>) -> [u8; 32] {
        sk.sk.to_bytes()
    }
}

impl<T: SigType> From<[u8; 32]> for SecretKey<T> {
    fn from(bytes: [u8; 32]) -> Self {
        let sk = {
            // XXX-jubjub: would be nice to unconditionally deser
            // This incantation ensures deserialization is infallible.
            let mut wide = [0; 64];
            wide[0..32].copy_from_slice(&bytes);
            Scalar::from_bytes_wide(&wide)
        };
        let pk = PublicKey::from_secret(&sk);
        SecretKey { sk, pk }
    }
}

impl<T: SigType> SecretKey<T> {
    /// Generate a new secret key.
    pub fn new<R: RngCore + CryptoRng>(mut rng: R) -> SecretKey<T> {
        let sk = {
            let mut bytes = [0; 64];
            rng.fill_bytes(&mut bytes);
            Scalar::from_bytes_wide(&bytes)
        };
        let pk = PublicKey::from_secret(&sk);
        SecretKey { sk, pk }
    }

    /// Randomize this public key with the given `randomizer`.
    pub fn randomize(&self, randomizer: Randomizer) -> PublicKey<T> {
        unimplemented!();
    }
}

impl SecretKey<Binding> {
    /// Create a Zcash `BindingSig` on `msg` using this `SecretKey`.
    // Similar to signature::Signer but without boxed errors.
    pub fn sign(&self, msg: &[u8]) -> Signature<Binding> {
        // could use sign_inner
        unimplemented!();
    }
}

impl SecretKey<SpendAuth> {
    /// Create a Zcash `SpendAuthSig` on `msg` using this `SecretKey`.
    // Similar to signature::Signer but without boxed errors.
    pub fn sign(&self, msg: &[u8]) -> Signature<SpendAuth> {
        // could use sign_inner
        unimplemented!();
    }
}
Make the signature type be a type parameter. This means that using a BindingSig as a SpendAuthSig or vice versa becomes a compile error. Internally, we can share implementations, but having type parameters and specialized impls means that the correct parameters can be substituted in to whatever inner functions exist. 2019-12-03 12:22:35 -08:00			`use std::{convert::TryFrom, marker::PhantomData};`
Define main types for the library. 2019-12-02 21:58:19 -08:00
Reorganize data types. 2019-12-03 15:59:24 -08:00			`use crate::{`
			`Binding, Error, PublicKey, PublicKeyBytes, Randomizer, Scalar, SigType, Signature, SpendAuth,`
			`};`
Define main types for the library. 2019-12-02 21:58:19 -08:00
Add keygen. 2019-12-03 15:39:55 -08:00			`use rand_core::{CryptoRng, RngCore};`

Define main types for the library. 2019-12-02 21:58:19 -08:00			`/// A RedJubJub secret key.`
			`#[derive(Copy, Clone, Debug)]`
Make the signature type be a type parameter. This means that using a BindingSig as a SpendAuthSig or vice versa becomes a compile error. Internally, we can share implementations, but having type parameters and specialized impls means that the correct parameters can be substituted in to whatever inner functions exist. 2019-12-03 12:22:35 -08:00			`pub struct SecretKey<T: SigType> {`
Serialize PublicKey, SecretKey 2019-12-03 14:51:38 -08:00			`sk: Scalar,`
Add methods to the Sealed trait, simplifying types. The motivation is as follows. The sealed trait pattern allows creating a type-level equivalent of an enum: the trait corresponds to the enum type and its implementors correspond to the enum variants; the `Sealed` restriction ensures that there is a fixed set of enum variants. In this picture, adding methods to the public trait corresponds to a public method on an enum, while adding methods to the private trait corresponds to a private method on an enum. This means that we can add a method to get the basepoint (whose possible choices are enumerated by SigType) and avoid having to do specialized impls. 2019-12-03 18:20:45 -08:00			`pk: PublicKey<T>,`
Define main types for the library. 2019-12-02 21:58:19 -08:00			`}`

Reorganize data types. 2019-12-03 15:59:24 -08:00			`impl<T: SigType> From<SecretKey<T>> for [u8; 32] {`
			`fn from(sk: SecretKey<T>) -> [u8; 32] {`
			`sk.sk.to_bytes()`
Define main types for the library. 2019-12-02 21:58:19 -08:00			`}`
			`}`

Add methods to the Sealed trait, simplifying types. The motivation is as follows. The sealed trait pattern allows creating a type-level equivalent of an enum: the trait corresponds to the enum type and its implementors correspond to the enum variants; the `Sealed` restriction ensures that there is a fixed set of enum variants. In this picture, adding methods to the public trait corresponds to a public method on an enum, while adding methods to the private trait corresponds to a private method on an enum. This means that we can add a method to get the basepoint (whose possible choices are enumerated by SigType) and avoid having to do specialized impls. 2019-12-03 18:20:45 -08:00			`impl<T: SigType> From<[u8; 32]> for SecretKey<T> {`
			`fn from(bytes: [u8; 32]) -> Self {`
			`let sk = {`
			`// XXX-jubjub: would be nice to unconditionally deser`
			`// This incantation ensures deserialization is infallible.`
			`let mut wide = [0; 64];`
			`wide[0..32].copy_from_slice(&bytes);`
			`Scalar::from_bytes_wide(&wide)`
			`};`
			`let pk = PublicKey::from_secret(&sk);`
			`SecretKey { sk, pk }`
Serialize PublicKey, SecretKey 2019-12-03 14:51:38 -08:00			`}`
			`}`

Unfortunately keygen can't be a From impl because coherence rules. 2019-12-03 19:03:44 -08:00			`impl<T: SigType> SecretKey<T> {`
			`/// Generate a new secret key.`
			`pub fn new<R: RngCore + CryptoRng>(mut rng: R) -> SecretKey<T> {`
			`let sk = {`
			`let mut bytes = [0; 64];`
			`rng.fill_bytes(&mut bytes);`
			`Scalar::from_bytes_wide(&bytes)`
			`};`
			`let pk = PublicKey::from_secret(&sk);`
			`SecretKey { sk, pk }`
Add keygen. 2019-12-03 15:39:55 -08:00			`}`

Add rerandomization stub API. 2019-12-02 22:32:55 -08:00			/// Randomize this public key with the given `randomizer`.
Make the signature type be a type parameter. This means that using a BindingSig as a SpendAuthSig or vice versa becomes a compile error. Internally, we can share implementations, but having type parameters and specialized impls means that the correct parameters can be substituted in to whatever inner functions exist. 2019-12-03 12:22:35 -08:00			`pub fn randomize(&self, randomizer: Randomizer) -> PublicKey<T> {`
Add rerandomization stub API. 2019-12-02 22:32:55 -08:00			`unimplemented!();`
			`}`
Make the signature type be a type parameter. This means that using a BindingSig as a SpendAuthSig or vice versa becomes a compile error. Internally, we can share implementations, but having type parameters and specialized impls means that the correct parameters can be substituted in to whatever inner functions exist. 2019-12-03 12:22:35 -08:00			`}`

			`impl SecretKey<Binding> {`
			/// Create a Zcash `BindingSig` on `msg` using this `SecretKey`.
			`// Similar to signature::Signer but without boxed errors.`
			`pub fn sign(&self, msg: &[u8]) -> Signature<Binding> {`
			`// could use sign_inner`
			`unimplemented!();`
			`}`
			`}`
Add rerandomization stub API. 2019-12-02 22:32:55 -08:00
Make the signature type be a type parameter. This means that using a BindingSig as a SpendAuthSig or vice versa becomes a compile error. Internally, we can share implementations, but having type parameters and specialized impls means that the correct parameters can be substituted in to whatever inner functions exist. 2019-12-03 12:22:35 -08:00			`impl SecretKey<SpendAuth> {`
			/// Create a Zcash `SpendAuthSig` on `msg` using this `SecretKey`.
Add rerandomization stub API. 2019-12-02 22:32:55 -08:00			`// Similar to signature::Signer but without boxed errors.`
Make the signature type be a type parameter. This means that using a BindingSig as a SpendAuthSig or vice versa becomes a compile error. Internally, we can share implementations, but having type parameters and specialized impls means that the correct parameters can be substituted in to whatever inner functions exist. 2019-12-03 12:22:35 -08:00			`pub fn sign(&self, msg: &[u8]) -> Signature<SpendAuth> {`
			`// could use sign_inner`
Stub out the sign/verify API. 2019-12-02 22:20:21 -08:00			`unimplemented!();`
			`}`
			`}`