From 53384cf5270b0409e6245fc2c1cfd1e77ab14975 Mon Sep 17 00:00:00 2001
From: Ethan Buchman <ethan@coinculture.info>
Date: Fri, 5 Oct 2018 22:30:38 -0400
Subject: [PATCH] ed25519: use golang/x/crypto fork

---
 Gopkg.lock                | 23 +++--------
 Gopkg.toml                |  5 +++
 crypto/ed25519/ed25519.go | 82 ++++++++++++---------------------------
 3 files changed, 36 insertions(+), 74 deletions(-)

diff --git a/Gopkg.lock b/Gopkg.lock
index 8deb0637..0f70bb2f 100644
--- a/Gopkg.lock
+++ b/Gopkg.lock
@@ -364,18 +364,6 @@
   pruneopts = "UT"
   revision = "e5840949ff4fff0c56f9b6a541e22b63581ea9df"
 
-[[projects]]
-  branch = "master"
-  digest = "1:087aaa7920e5d0bf79586feb57ce01c35c830396ab4392798112e8aae8c47722"
-  name = "github.com/tendermint/ed25519"
-  packages = [
-    ".",
-    "edwards25519",
-    "extra25519",
-  ]
-  pruneopts = "UT"
-  revision = "d8387025d2b9d158cf4efb07e7ebf814bcce2057"
-
 [[projects]]
   digest = "1:e0a2a4be1e20c305badc2b0a7a9ab7fef6da500763bec23ab81df3b5f9eec9ee"
   name = "github.com/tendermint/go-amino"
@@ -385,14 +373,15 @@
   version = "v0.12.0-rc0"
 
 [[projects]]
-  branch = "master"
-  digest = "1:c31a37cafc12315b8bd745c8ad6a006ac25350472488162a821e557b3e739d67"
+  digest = "1:72b71e3a29775e5752ed7a8012052a3dee165e27ec18cedddae5288058f09acf"
   name = "golang.org/x/crypto"
   packages = [
     "bcrypt",
     "blowfish",
     "chacha20poly1305",
     "curve25519",
+    "ed25519",
+    "ed25519/internal/edwards25519",
     "hkdf",
     "internal/chacha20",
     "internal/subtle",
@@ -405,7 +394,8 @@
     "salsa20/salsa",
   ]
   pruneopts = "UT"
-  revision = "56440b844dfe139a8ac053f4ecac0b20b79058f4"
+  revision = "3764759f34a542a3aef74d6b02e35be7ab893bba"
+  source = "github.com/tendermint/crypto"
 
 [[projects]]
   digest = "1:d36f55a999540d29b6ea3c2ea29d71c76b1d9853fdcd3e5c5cb4836f2ba118f1"
@@ -543,12 +533,11 @@
     "github.com/syndtr/goleveldb/leveldb/iterator",
     "github.com/syndtr/goleveldb/leveldb/opt",
     "github.com/tendermint/btcd/btcec",
-    "github.com/tendermint/ed25519",
-    "github.com/tendermint/ed25519/extra25519",
     "github.com/tendermint/go-amino",
     "golang.org/x/crypto/bcrypt",
     "golang.org/x/crypto/chacha20poly1305",
     "golang.org/x/crypto/curve25519",
+    "golang.org/x/crypto/ed25519",
     "golang.org/x/crypto/hkdf",
     "golang.org/x/crypto/nacl/box",
     "golang.org/x/crypto/nacl/secretbox",
diff --git a/Gopkg.toml b/Gopkg.toml
index d3bca19e..07ff3c53 100644
--- a/Gopkg.toml
+++ b/Gopkg.toml
@@ -72,6 +72,11 @@
 ## Some repos dont have releases.
 ## Pin to revision
 
+[[constraint]]
+  name = "golang.org/x/crypto"
+  source = "github.com/tendermint/crypto"
+  revision = "3764759f34a542a3aef74d6b02e35be7ab893bba"
+
 [[override]]
   name = "github.com/jmhodges/levigo"
   revision = "c42d9e0ca023e2198120196f842701bb4c55d7b9"
diff --git a/crypto/ed25519/ed25519.go b/crypto/ed25519/ed25519.go
index c55b3588..a84a1724 100644
--- a/crypto/ed25519/ed25519.go
+++ b/crypto/ed25519/ed25519.go
@@ -6,9 +6,9 @@ import (
 	"fmt"
 	"io"
 
-	"github.com/tendermint/ed25519"
-	"github.com/tendermint/ed25519/extra25519"
 	amino "github.com/tendermint/go-amino"
+	"golang.org/x/crypto/ed25519"
+
 	"github.com/tendermint/tendermint/crypto"
 	"github.com/tendermint/tendermint/crypto/tmhash"
 )
@@ -47,8 +47,7 @@ func (privKey PrivKeyEd25519) Bytes() []byte {
 
 // Sign produces a signature on the provided message.
 func (privKey PrivKeyEd25519) Sign(msg []byte) ([]byte, error) {
-	privKeyBytes := [64]byte(privKey)
-	signatureBytes := ed25519.Sign(&privKeyBytes, msg)
+	signatureBytes := ed25519.Sign(privKey[:], msg)
 	return signatureBytes[:], nil
 }
 
@@ -65,14 +64,14 @@ func (privKey PrivKeyEd25519) PubKey() crypto.PubKey {
 			break
 		}
 	}
-	if initialized {
-		var pubkeyBytes [PubKeyEd25519Size]byte
-		copy(pubkeyBytes[:], privKeyBytes[32:])
-		return PubKeyEd25519(pubkeyBytes)
+
+	if !initialized {
+		panic("pubkey bytes should always be initialized!")
 	}
 
-	pubBytes := *ed25519.MakePublicKey(&privKeyBytes)
-	return PubKeyEd25519(pubBytes)
+	var pubkeyBytes [PubKeyEd25519Size]byte
+	copy(pubkeyBytes[:], privKeyBytes[32:])
+	return PubKeyEd25519(pubkeyBytes)
 }
 
 // Equals - you probably don't need to use this.
@@ -85,17 +84,6 @@ func (privKey PrivKeyEd25519) Equals(other crypto.PrivKey) bool {
 	}
 }
 
-// ToCurve25519 takes a private key and returns its representation on
-// Curve25519. Curve25519 is birationally equivalent to Edwards25519,
-// which Ed25519 uses internally. This method is intended for use in
-// an X25519 Diffie Hellman key exchange.
-func (privKey PrivKeyEd25519) ToCurve25519() *[PubKeyEd25519Size]byte {
-	keyCurve25519 := new([32]byte)
-	privKeyBytes := [64]byte(privKey)
-	extra25519.PrivateKeyToCurve25519(keyCurve25519, &privKeyBytes)
-	return keyCurve25519
-}
-
 // GenPrivKey generates a new ed25519 private key.
 // It uses OS randomness in conjunction with the current global random seed
 // in tendermint/libs/common to generate the private key.
@@ -105,16 +93,16 @@ func GenPrivKey() PrivKeyEd25519 {
 
 // genPrivKey generates a new ed25519 private key using the provided reader.
 func genPrivKey(rand io.Reader) PrivKeyEd25519 {
-	privKey := new([64]byte)
-	_, err := io.ReadFull(rand, privKey[:32])
+	seed := make([]byte, 32)
+	_, err := io.ReadFull(rand, seed[:])
 	if err != nil {
 		panic(err)
 	}
-	// ed25519.MakePublicKey(privKey) alters the last 32 bytes of privKey.
-	// It places the pubkey in the last 32 bytes of privKey, and returns the
-	// public key.
-	ed25519.MakePublicKey(privKey)
-	return PrivKeyEd25519(*privKey)
+
+	privKey := ed25519.NewKeyFromSeed(seed)
+	var privKeyEd PrivKeyEd25519
+	copy(privKeyEd[:], privKey)
+	return privKeyEd
 }
 
 // GenPrivKeyFromSecret hashes the secret with SHA2, and uses
@@ -122,14 +110,12 @@ func genPrivKey(rand io.Reader) PrivKeyEd25519 {
 // NOTE: secret should be the output of a KDF like bcrypt,
 // if it's derived from user input.
 func GenPrivKeyFromSecret(secret []byte) PrivKeyEd25519 {
-	privKey32 := crypto.Sha256(secret) // Not Ripemd160 because we want 32 bytes.
-	privKey := new([64]byte)
-	copy(privKey[:32], privKey32)
-	// ed25519.MakePublicKey(privKey) alters the last 32 bytes of privKey.
-	// It places the pubkey in the last 32 bytes of privKey, and returns the
-	// public key.
-	ed25519.MakePublicKey(privKey)
-	return PrivKeyEd25519(*privKey)
+	seed := crypto.Sha256(secret) // Not Ripemd160 because we want 32 bytes.
+
+	privKey := ed25519.NewKeyFromSeed(seed)
+	var privKeyEd PrivKeyEd25519
+	copy(privKeyEd[:], privKey)
+	return privKeyEd
 }
 
 //-------------------------------------
@@ -156,30 +142,12 @@ func (pubKey PubKeyEd25519) Bytes() []byte {
 	return bz
 }
 
-func (pubKey PubKeyEd25519) VerifyBytes(msg []byte, sig_ []byte) bool {
+func (pubKey PubKeyEd25519) VerifyBytes(msg []byte, sig []byte) bool {
 	// make sure we use the same algorithm to sign
-	if len(sig_) != SignatureSize {
+	if len(sig) != SignatureSize {
 		return false
 	}
-	sig := new([SignatureSize]byte)
-	copy(sig[:], sig_)
-	pubKeyBytes := [PubKeyEd25519Size]byte(pubKey)
-	return ed25519.Verify(&pubKeyBytes, msg, sig)
-}
-
-// ToCurve25519 takes a public key and returns its representation on
-// Curve25519. Curve25519 is birationally equivalent to Edwards25519,
-// which Ed25519 uses internally. This method is intended for use in
-// an X25519 Diffie Hellman key exchange.
-//
-// If there is an error, then this function returns nil.
-func (pubKey PubKeyEd25519) ToCurve25519() *[PubKeyEd25519Size]byte {
-	keyCurve25519, pubKeyBytes := new([PubKeyEd25519Size]byte), [PubKeyEd25519Size]byte(pubKey)
-	ok := extra25519.PublicKeyToCurve25519(keyCurve25519, &pubKeyBytes)
-	if !ok {
-		return nil
-	}
-	return keyCurve25519
+	return ed25519.Verify(pubKey[:], msg, sig)
 }
 
 func (pubKey PubKeyEd25519) String() string {