* crypto/secp256k1: Fix signature malleability, adopt more efficient encoding
This removes signature malleability per ADR 14, and makes secp match
the encoding in ADR 15.
* (squash this) add lock
hkdfchachapoly was a construction we came up with. There is no longer any
reason to use it. We should instead just use xchacha for the remaining use
cases we have. (Symmetrically encrypting the keys in the sdk keys package)
* crypto: Add benchmarking code for signature schemes
This does a slight refactor for the key generation code. It now calls a
seperate unexported method to allow generation from a reader. I think this
will actually reduce time in generation, due to no longer initializing an
extra slice. This was needed in order to enable benchmarking.
This uses an internal package for the benchmarking code, so that this can
be standardized without being exported in the public API. The benchmarking
code is derived from agl/ed25519's benchmarking code, and has copied the
license over.
Closes#1984
The privkey.Generate method here was a custom-made method for deriving
a private key from another private key. This function is currently
not used anywhere in our codebase, and has not been reviewed enough
that it would be secure to use. This removes that method. We should
adopt the official ed25519 HD derivation once that has been standardized,
in order to fulfill this need.
closes#2000
* crypto/secp256k1: Add godocs, remove indirection in privkeys
The following was previously done for creating secp256k1 private keys:
First obtain privkey bytes. Then create a private key in the
underlying library, with scalar exponent equal to privKeyBytes.
(The method called was secp256k1.PrivKeyFromBytes,
fb90c334df/btcec/privkey.go (L21))
Then the private key was serialized using the underlying library, which just
returns back the bytes that comprised the scalar exponent, but padded to be
exactly 32 bytes.
fb90c334df/btcec/privkey.go (L70)
Thus the entire indirection of calling the underlying library can be avoided
by just ensuring that we pass in a 32 byte value. A test case has even be written
to show this more clearly in review.
* crypto/secp256k1: Address PR comments
Squash this commit
* crypto: Remove note about re-registering amino paths when unnecessary.
This commit should be squashed.
This commit updates the godocs for the package, and adds an optimization
to the privkey.Pubkey() method.
The optimization is that in golang, the private key (due to interface
compatibility reasons) has a copy of the public key stored inside of it.
Therefore if this copy has already been computed, there is no need to
recompute it.
Currently the top level directory contains basically all of the code
for the crypto package. This PR moves the crypto code into submodules
in a similar manner to what `golang/x/crypto` does. This improves code
organization.
Ref discussion: https://github.com/tendermint/tendermint/pull/1966Closes#1956
except now we calculate the max size using the maxPacketMsgSize()
function, which frees developers from having to know amino encoding
details.
plus, 10 additional bytes are added to leave the room for amino upgrades
(both making it more efficient / less efficient)
* crypto: Abstract pubkey / signature size when known to constants
* Created PubKeyEd25519Size as 32
* Created PubkeySecp256k1Size as 33
* Created SignatureEd25519Size as 64
* Remove extraneous message from changelog
Dev Ojha
Ethan Buchman
ValarDragon
Zach
Anton Kaliaev
Alexander Simmerl
Liamsi
Jae Kwon