Fixing secretstore TODOs - part 1 (#5386)

* ECDKG protocol prototype

* added test for enc/dec math

* get rid of decryption_session

* added licenses

* fix after merge

* get rid of unused serde dependency

* doc

* decryption session [without commutative enc]

* failed_dec_session

* fixed tests

* added commen

* added more decryption session tests

* helper to localize an issue

* more computations to localize error

* decryption_session::SessionParams

* added tests for EC math to localize problem

* secretstore network transport

* encryption_session_works_over_network

* network errors processing

* connecting to KeyServer

* licenses

* get rid of debug println-s

* fixed secretstore args

* encryption results are stored in KS database

* decryption protocol works over network

* enc/dec Session traits

* fixing warnings

* fix after merge

* on-chain ACL checker proto

* fixed compilation

* fixed compilation

* finally fixed <odd>-of-N-scheme

* temporary commented test

* 1-of-N works in math

* scheme 1-of-N works

* updated AclStorage with real contract ABI

* remove unnecessary unsafety

* fixed grumbles

* wakeup on access denied

* encrypt secretstore messages

* 'shadow' decryption

* fix grumbles

* lost files

* secretstore cli-options

* decryption seccion when ACL check failed on master

* disallow regenerating key for existing document

* removed obsolete TODO

* fix after merge

* switched to tokio_io

* fix after merge

* fix after merge

* fix after merge

* fix after merge

* fix after merge

* fixed test

* fix after merge

ethkey/src/extended.rs

@@ -214,10 +214,10 @@ mod derivation {
 	use rcrypto::sha2::Sha512;
 	use bigint::hash::{H512, H256};
 	use bigint::prelude::{U256, U512, Uint};
-	use secp256k1;
 	use secp256k1::key::{SecretKey, PublicKey};
 	use SECP256K1;
 	use keccak;
+	use math::curve_order;
 	use super::{Label, Derivation};
 
 	#[derive(Debug)]
@@ -233,7 +233,7 @@ mod derivation {
 	// For hardened derivation, pass u32 index at least 2^31 or custom Derivation::Hard(T) enum
 	//
 	// Can panic if passed `private_key` is not a valid secp256k1 private key
-	// (outside of (0..curve_n()]) field
+	// (outside of (0..curve_order()]) field
 	pub fn private<T>(private_key: H256, chain_code: H256, index: Derivation<T>) -> (H256, H256) where T: Label {
 		match index {
 			Derivation::Soft(index) => private_soft(private_key, chain_code, index),
@@ -260,7 +260,7 @@ mod derivation {
 	}
 
 	// Can panic if passed `private_key` is not a valid secp256k1 private key
-	// (outside of (0..curve_n()]) field
+	// (outside of (0..curve_order()]) field
 	fn private_soft<T>(private_key: H256, chain_code: H256, index: T) -> (H256, H256) where T: Label {
 		let mut data = vec![0u8; 33 + T::len()];
 
@@ -295,7 +295,7 @@ mod derivation {
 
 	fn private_add(k1: U256, k2: U256) -> U256 {
 		let sum = U512::from(k1) + U512::from(k2);
-		modulo(sum, curve_n())
+		modulo(sum, curve_order())
 	}
 
 	// todo: surely can be optimized
@@ -305,12 +305,6 @@ mod derivation {
 		md.into()
 	}
 
-	// returns n (for mod(n)) for the secp256k1 elliptic curve
-	// todo: maybe lazy static
-	fn curve_n() -> U256 {
-		H256::from_slice(&secp256k1::constants::CURVE_ORDER).into()
-	}
-
 	pub fn public<T>(public_key: H512, chain_code: H256, derivation: Derivation<T>) -> Result<(H512, H256), Error> where T: Label {
 		let index = match derivation {
 			Derivation::Soft(index) => index,
@@ -339,7 +333,7 @@ mod derivation {
 		let new_chain_code = H256::from(&i_512[32..64]);
 
 		// Generated private key can (extremely rarely) be out of secp256k1 key field
-		if curve_n() <= new_private.clone().into() { return Err(Error::MissingIndex); }
+		if curve_order() <= new_private.clone().into() { return Err(Error::MissingIndex); }
 		let new_private_sec = SecretKey::from_slice(&SECP256K1, &*new_private)
 			.expect("Private key belongs to the field [0..CURVE_ORDER) (checked above); So initializing can never fail; qed");
 		let mut new_public = PublicKey::from_secret_key(&SECP256K1, &new_private_sec)

ethkey/src/keypair.rs

@@ -27,7 +27,7 @@ pub fn public_to_address(public: &Public) -> Address {
 	result
 }
 
-#[derive(Clone)]
+#[derive(Debug, Clone, PartialEq)]
 /// secp256k1 key pair
 pub struct KeyPair {
 	secret: Secret,

ethkey/src/math.rs

@@ -16,7 +16,9 @@
 
 use super::{SECP256K1, Public, Secret, Error};
 use secp256k1::key;
-use secp256k1::constants::{GENERATOR_X, GENERATOR_Y};
+use secp256k1::constants::{GENERATOR_X, GENERATOR_Y, CURVE_ORDER};
+use bigint::prelude::U256;
+use bigint::hash::H256;
 
 /// Inplace multiply public key by secret key (EC point * scalar)
 pub fn public_mul_secret(public: &mut Public, secret: &Secret) -> Result<(), Error> {
@@ -47,6 +49,14 @@ pub fn public_sub(public: &mut Public, other: &Public) -> Result<(), Error> {
 	Ok(())
 }
 
+/// Replace public key with its negation (EC point = - EC point)
+pub fn public_negate(public: &mut Public) -> Result<(), Error> {
+	let mut key_public = to_secp256k1_public(public)?;
+	key_public.mul_assign(&SECP256K1, &key::MINUS_ONE_KEY)?;
+	set_public(public, &key_public);
+	Ok(())
+}
+
 /// Return base point of secp256k1
 pub fn generation_point() -> Public {
 	let mut public_sec_raw = [0u8; 65];
@@ -61,6 +71,11 @@ pub fn generation_point() -> Public {
 	public
 }
 
+/// Return secp256k1 elliptic curve order
+pub fn curve_order() -> U256 {
+	H256::from_slice(&CURVE_ORDER).into()
+}
+
 fn to_secp256k1_public(public: &Public) -> Result<key::PublicKey, Error> {
 	let public_data = {
 		let mut temp = [4u8; 65];

ethkey/src/secret.rs

@@ -67,6 +67,15 @@ impl Secret {
 		Ok(())
 	}
 
+	/// Inplace decrease secret key (scalar - 1)
+	pub fn dec(&mut self) -> Result<(), Error> {
+		let mut key_secret = self.to_secp256k1_secret()?;
+		key_secret.add_assign(&SECP256K1, &key::MINUS_ONE_KEY)?;
+
+		*self = key_secret.into();
+		Ok(())
+	}
+
 	/// Inplace multiply one secret key to another (scalar * scalar)
 	pub fn mul(&mut self, other: &Secret) -> Result<(), Error> {
 		let mut key_secret = self.to_secp256k1_secret()?;