Merge pull request #33 from elnosh/nut11

wallet: NUT-11 P2PK
elnosh · Jul 9, 2024 · c2922c8 · c2922c8
2 parents abd55b0 + a75d5a6
commit c2922c8
Show file tree

Hide file tree

Showing 11 changed files with 897 additions and 95 deletions.
diff --git a/cashu/cashu.go b/cashu/cashu.go
@@ -4,22 +4,52 @@ package cashu
 
 import (
 	"encoding/base64"
+	"encoding/hex"
 	"encoding/json"
 	"errors"
 	"fmt"
+
+	"github.com/decred/dcrd/dcrec/secp256k1/v4"
+)
+
+type SecretKind int
+
+const (
+	Random SecretKind = iota
+	P2PK
 )
 
 // Cashu BlindedMessage. See https://github.com/cashubtc/nuts/blob/main/00.md#blindedmessage
 type BlindedMessage struct {
-	Amount uint64 `json:"amount"`
-	B_     string `json:"B_"`
-	Id     string `json:"id"`
-
-	// including Witness field for now to avoid throwing error when parsing json
-	// from clients that include this field even when mint does not support it.
+	Amount  uint64 `json:"amount"`
+	B_      string `json:"B_"`
+	Id      string `json:"id"`
 	Witness string `json:"witness,omitempty"`
 }
 
+func NewBlindedMessage(id string, amount uint64, B_ *secp256k1.PublicKey) BlindedMessage {
+	B_str := hex.EncodeToString(B_.SerializeCompressed())
+	return BlindedMessage{Amount: amount, B_: B_str, Id: id}
+}
+
+func SortBlindedMessages(blindedMessages BlindedMessages, secrets []string, rs []*secp256k1.PrivateKey) {
+	// sort messages, secrets and rs
+	for i := 0; i < len(blindedMessages)-1; i++ {
+		for j := i + 1; j < len(blindedMessages); j++ {
+			if blindedMessages[i].Amount > blindedMessages[j].Amount {
+				// Swap blinded messages
+				blindedMessages[i], blindedMessages[j] = blindedMessages[j], blindedMessages[i]
+
+				// Swap secrets
+				secrets[i], secrets[j] = secrets[j], secrets[i]
+
+				// Swap rs
+				rs[i], rs[j] = rs[j], rs[i]
+			}
+		}
+	}
+}
+
 type BlindedMessages []BlindedMessage
 
 func (bm BlindedMessages) Amount() uint64 {
@@ -41,16 +71,50 @@ type BlindedSignatures []BlindedSignature
 
 // Cashu Proof. See https://github.com/cashubtc/nuts/blob/main/00.md#proof
 type Proof struct {
-	Amount uint64 `json:"amount"`
-	Id     string `json:"id"`
-	Secret string `json:"secret"`
-	C      string `json:"C"`
-
-	// including Witness field for now to avoid throwing error when parsing json
-	// from clients that include this field even when mint does not support it.
+	Amount  uint64 `json:"amount"`
+	Id      string `json:"id"`
+	Secret  string `json:"secret"`
+	C       string `json:"C"`
 	Witness string `json:"witness,omitempty"`
 }
 
+func (p Proof) IsSecretP2PK() bool {
+	return p.SecretType() == P2PK
+}
+
+func (p Proof) SecretType() SecretKind {
+	var rawJsonSecret []json.RawMessage
+	// if not valid json, assume it is random secret
+	if err := json.Unmarshal([]byte(p.Secret), &rawJsonSecret); err != nil {
+		return Random
+	}
+
+	// Well-known secret should have a length of at least 2
+	if len(rawJsonSecret) < 2 {
+		return Random
+	}
+
+	var kind string
+	if err := json.Unmarshal(rawJsonSecret[0], &kind); err != nil {
+		return Random
+	}
+
+	if kind == "P2PK" {
+		return P2PK
+	}
+
+	return Random
+}
+
+func (kind SecretKind) String() string {
+	switch kind {
+	case P2PK:
+		return "P2PK"
+	default:
+		return "random"
+	}
+}
+
 type Proofs []Proof
 
 // Amount returns the total amount from

diff --git a/cashu/cashu_test.go b/cashu/cashu_test.go
@@ -113,3 +113,41 @@ func TestTokenToString(t *testing.T) {
 		}
 	}
 }
+
+func TestSecretType(t *testing.T) {
+	tests := []struct {
+		proof          Proof
+		expectedKind   SecretKind
+		expectedIsP2PK bool
+	}{
+		{
+			proof:          Proof{Secret: `["P2PK", {"nonce":"da62796403af76c80cd6ce9153ed3746","data":"033281c37677ea273eb7183b783067f5244933ef78d8c3f15b1a77cb246099c26e","tags":[["sigflag","SIG_ALL"]]}]`},
+			expectedKind:   P2PK,
+			expectedIsP2PK: true,
+		},
+
+		{
+			proof:          Proof{Secret: `["DIFFERENT", {"nonce":"da62796403af76c80cd6ce9153ed3746","data":"033281c37677ea273eb7183b783067f5244933ef78d8c3f15b1a77cb246099c26e","tags":[]}]`},
+			expectedKind:   Random,
+			expectedIsP2PK: false,
+		},
+
+		{
+			proof:          Proof{Secret: `someranadomsecret`},
+			expectedKind:   Random,
+			expectedIsP2PK: false,
+		},
+	}
+
+	for _, test := range tests {
+		kind := test.proof.SecretType()
+		if kind != test.expectedKind {
+			t.Fatalf("expected '%v' but got '%v' instead", test.expectedKind.String(), kind.String())
+		}
+
+		isP2PK := test.proof.IsSecretP2PK()
+		if isP2PK != test.expectedIsP2PK {
+			t.Fatalf("expected '%v' but got '%v' instead", test.expectedIsP2PK, isP2PK)
+		}
+	}
+}
diff --git a/cashu/nuts/nut10/nut10.go b/cashu/nuts/nut10/nut10.go
@@ -0,0 +1,53 @@
+package nut10
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+
+	"github.com/elnosh/gonuts/cashu"
+)
+
+type WellKnownSecret struct {
+	Nonce string     `json:"nonce"`
+	Data  string     `json:"data"`
+	Tags  [][]string `json:"tags"`
+}
+
+// SerializeSecret returns the json string to be put in the secret field of a proof
+func SerializeSecret(kind cashu.SecretKind, secretData WellKnownSecret) (string, error) {
+	jsonSecret, err := json.Marshal(secretData)
+	if err != nil {
+		return "", err
+	}
+
+	secretKind := kind.String()
+	secret := fmt.Sprintf("[\"%s\", %v]", secretKind, string(jsonSecret))
+	return secret, nil
+}
+
+// DeserializeSecret returns Well-known secret struct.
+// It returns error if it's not valid according to NUT-10
+func DeserializeSecret(secret string) (WellKnownSecret, error) {
+	var rawJsonSecret []json.RawMessage
+	if err := json.Unmarshal([]byte(secret), &rawJsonSecret); err != nil {
+		return WellKnownSecret{}, err
+	}
+
+	// Well-known secret should have a length of at least 2
+	if len(rawJsonSecret) < 2 {
+		return WellKnownSecret{}, errors.New("invalid secret: length < 2")
+	}
+
+	var kind string
+	if err := json.Unmarshal(rawJsonSecret[0], &kind); err != nil {
+		return WellKnownSecret{}, errors.New("invalid kind for secret")
+	}
+
+	var secretData WellKnownSecret
+	if err := json.Unmarshal(rawJsonSecret[1], &secretData); err != nil {
+		return WellKnownSecret{}, fmt.Errorf("invalid secret: %v", err)
+	}
+
+	return secretData, nil
+}
diff --git a/cashu/nuts/nut10/nut10_test.go b/cashu/nuts/nut10/nut10_test.go
@@ -0,0 +1,54 @@
+package nut10
+
+import (
+	"reflect"
+	"testing"
+
+	"github.com/elnosh/gonuts/cashu"
+)
+
+func TestSerializeSecret(t *testing.T) {
+	secretData := WellKnownSecret{
+		Nonce: "da62796403af76c80cd6ce9153ed3746",
+		Data:  "033281c37677ea273eb7183b783067f5244933ef78d8c3f15b1a77cb246099c26e",
+		Tags: [][]string{
+			{"sigflag", "SIG_ALL"},
+		},
+	}
+
+	serialized, err := SerializeSecret(cashu.P2PK, secretData)
+	if err != nil {
+		t.Fatalf("got unexpected error: %v", err)
+	}
+
+	expected := `["P2PK", {"nonce":"da62796403af76c80cd6ce9153ed3746","data":"033281c37677ea273eb7183b783067f5244933ef78d8c3f15b1a77cb246099c26e","tags":[["sigflag","SIG_ALL"]]}]`
+
+	if serialized != expected {
+		t.Fatalf("expected secret:\n%v\n\n but got:\n%v", expected, serialized)
+	}
+}
+
+func TestDeserializeSecret(t *testing.T) {
+	secret := `["P2PK", {"nonce":"da62796403af76c80cd6ce9153ed3746","data":"033281c37677ea273eb7183b783067f5244933ef78d8c3f15b1a77cb246099c26e","tags":[["sigflag","SIG_ALL"]]}]`
+	secretData, err := DeserializeSecret(secret)
+	if err != nil {
+		t.Fatalf("got unexpected error: %v", err)
+	}
+
+	expectedNonce := "da62796403af76c80cd6ce9153ed3746"
+	if secretData.Nonce != expectedNonce {
+		t.Fatalf("expected nonce '%v' but got '%v' instead", expectedNonce, secretData.Nonce)
+	}
+
+	expectedData := "033281c37677ea273eb7183b783067f5244933ef78d8c3f15b1a77cb246099c26e"
+	if secretData.Data != expectedData {
+		t.Fatalf("expected data '%v' but got '%v' instead", expectedData, secretData.Data)
+	}
+
+	expectedTags := [][]string{
+		{"sigflag", "SIG_ALL"},
+	}
+	if !reflect.DeepEqual(secretData.Tags, expectedTags) {
+		t.Fatalf("expected tags '%v' but got '%v' instead", expectedTags, secretData.Tags)
+	}
+}
diff --git a/cashu/nuts/nut11/nut11.go b/cashu/nuts/nut11/nut11.go
@@ -0,0 +1,129 @@
+package nut11
+
+import (
+	"crypto/rand"
+	"crypto/sha256"
+	"encoding/hex"
+	"encoding/json"
+	"reflect"
+
+	"github.com/btcsuite/btcd/btcec/v2"
+	"github.com/btcsuite/btcd/btcec/v2/schnorr"
+	"github.com/decred/dcrd/dcrec/secp256k1/v4"
+	"github.com/elnosh/gonuts/cashu"
+	"github.com/elnosh/gonuts/cashu/nuts/nut10"
+)
+
+type P2PKWitness struct {
+	Signatures []string `json:"signatures"`
+}
+
+// P2PKSecret returns a secret with a spending condition
+// that will lock ecash to a public key
+func P2PKSecret(pubkey string) (string, error) {
+	// generate random nonce
+	nonceBytes := make([]byte, 32)
+	_, err := rand.Read(nonceBytes)
+	if err != nil {
+		return "", err
+	}
+	nonce := hex.EncodeToString(nonceBytes)
+
+	secretData := nut10.WellKnownSecret{
+		Nonce: nonce,
+		Data:  pubkey,
+	}
+
+	secret, err := nut10.SerializeSecret(cashu.P2PK, secretData)
+	if err != nil {
+		return "", err
+	}
+
+	return secret, nil
+}
+
+func AddSignatureToInputs(inputs cashu.Proofs, signingKey *btcec.PrivateKey) (cashu.Proofs, error) {
+	for i, proof := range inputs {
+		hash := sha256.Sum256([]byte(proof.Secret))
+		signature, err := schnorr.Sign(signingKey, hash[:])
+		if err != nil {
+			return nil, err
+		}
+		signatureBytes := signature.Serialize()
+
+		p2pkWitness := P2PKWitness{
+			Signatures: []string{hex.EncodeToString(signatureBytes)},
+		}
+
+		witness, err := json.Marshal(p2pkWitness)
+		if err != nil {
+			return nil, err
+		}
+		proof.Witness = string(witness)
+		inputs[i] = proof
+	}
+
+	return inputs, nil
+}
+
+func AddSignatureToOutputs(
+	outputs cashu.BlindedMessages,
+	signingKey *btcec.PrivateKey,
+) (cashu.BlindedMessages, error) {
+	for i, output := range outputs {
+		msgToSign, err := hex.DecodeString(output.B_)
+		if err != nil {
+			return nil, err
+		}
+
+		hash := sha256.Sum256(msgToSign)
+		signature, err := schnorr.Sign(signingKey, hash[:])
+		if err != nil {
+			return nil, err
+		}
+		signatureBytes := signature.Serialize()
+
+		p2pkWitness := P2PKWitness{
+			Signatures: []string{hex.EncodeToString(signatureBytes)},
+		}
+
+		witness, err := json.Marshal(p2pkWitness)
+		if err != nil {
+			return nil, err
+		}
+		output.Witness = string(witness)
+		outputs[i] = output
+	}
+
+	return outputs, nil
+}
+
+func IsSigAll(secret nut10.WellKnownSecret) bool {
+	for _, tag := range secret.Tags {
+		if len(tag) == 2 {
+			if tag[0] == "sigflag" && tag[1] == "SIG_ALL" {
+				return true
+			}
+		}
+	}
+
+	return false
+}
+
+func CanSign(secret nut10.WellKnownSecret, key *btcec.PrivateKey) bool {
+	secretData, err := hex.DecodeString(secret.Data)
+	if err != nil {
+		return false
+	}
+
+	publicKey, err := secp256k1.ParsePubKey(secretData)
+	if err != nil {
+		return false
+	}
+
+	if reflect.DeepEqual(publicKey.SerializeCompressed(), key.PubKey().SerializeCompressed()) {
+		return true
+	}
+
+	return false
+}