Refactor CryptoUtils class

This commit re-organizes and renames methods for better use

Author: EzequielPostan

node/src/main/scala/io/iohk/atala/prism/node/auth/AuthenticatorF.scala

@@ -12,7 +12,7 @@ import io.iohk.atala.prism.node.auth.errors._
 import io.iohk.atala.prism.node.identity.{PrismDid => DID}
 import io.iohk.atala.prism.node.auth.grpc.GrpcAuthenticationHeader
 import io.iohk.atala.prism.node.auth.utils.DIDUtils
-import io.iohk.atala.prism.node.crypto.CryptoUtils.{SecpECDSASignature, SecpPublicKey}
+import io.iohk.atala.prism.node.crypto.CryptoUtils.{SecpECDSA, SecpECDSASignature, SecpPublicKey}
 import io.iohk.atala.prism.protos.node_api
 import scalapb.GeneratedMessage
 import tofu.Execute
@@ -141,7 +141,7 @@ private[auth] class WhitelistedAuthenticatorFImpl[F[_]: Monad](burnAuth: Whiteli
       signature: SecpECDSASignature
   ): F[Either[AuthError, Unit]] = {
     val payload = requestNonce.mergeWith(request).toArray
-    val isVerified = Try(SecpPublicKey.checkECDSASignature(payload, signature.bytes, publicKey)).getOrElse(false)
+    val isVerified = Try(SecpECDSA.checkECDSASignature(payload, signature.bytes, publicKey)).getOrElse(false)
     Applicative[F].pure(
       Either
         .cond[AuthError, Unit](

node/src/main/scala/io/iohk/atala/prism/node/auth/grpc/GrpcAuthenticationContext.scala

@@ -131,7 +131,7 @@ private[grpc] object GrpcAuthenticationContext {
       ctx.getOpt(PublicKeyKeys)
     ) match {
       case (Some(requestNonce), Some(signature), Some(encodedPublicKey)) =>
-        val publicKey = SecpPublicKey.unsafetoPublicKeyFromUncompressed(encodedPublicKey)
+        val publicKey = SecpPublicKey.unsafeFromUncompressed(encodedPublicKey)
         val header = GrpcAuthenticationHeader.PublicKeyBased(
           requestNonce = RequestNonce(requestNonce.toVector),
           publicKey = publicKey,

node/src/main/scala/io/iohk/atala/prism/node/auth/utils/DIDUtils.scala

@@ -2,7 +2,6 @@ package io.iohk.atala.prism.node.auth.utils
 
 import io.iohk.atala.prism.node.auth.errors._
 import io.iohk.atala.prism.node.identity.{LongFormPrismDid, PrismDid => DID}
-import io.iohk.atala.prism.node.crypto.CryptoUtils
 import io.iohk.atala.prism.node.crypto.CryptoUtils.SecpPublicKey
 import io.iohk.atala.prism.node.utils.FutureEither
 import io.iohk.atala.prism.protos.node_models.AtalaOperation.Operation.CreateDid
@@ -55,7 +54,7 @@ object DIDUtils {
       publicKey: SecpPublicKey
   ): Option[SecpPublicKey] =
     Option.when(
-      publicKey.curveName == curve && CryptoUtils.isSecp256k1(publicKey)
+      publicKey.curveName == curve && SecpPublicKey.isSecp256k1(publicKey)
     )(publicKey)
 
   def findPublicKey(didData: node_models.DIDData, keyId: String)(implicit
@@ -73,20 +72,20 @@ object DIDUtils {
             if (data.x.size() > 32)
               verifyPublicKey(
                 data.curve,
-                SecpPublicKey.unsafeToSecpPublicKeyFromCompressed(data.x.toByteArray.toVector)
+                SecpPublicKey.unsafeFromCompressed(data.x.toByteArray.toVector)
               )
             else
               verifyPublicKey(
                 data.curve,
-                SecpPublicKey.unsafeToSecpPublicKeyFromByteCoordinates(
+                SecpPublicKey.unsafeFromByteCoordinates(
                   data.x.toByteArray,
                   data.y.toByteArray
                 )
               )
           case CompressedEcKeyData(data) =>
             verifyPublicKey(
               data.curve,
-              SecpPublicKey.unsafeToSecpPublicKeyFromCompressed(data.data.toByteArray.toVector)
+              SecpPublicKey.unsafeFromCompressed(data.data.toByteArray.toVector)
             )
           case Empty => None
         }
@@ -108,20 +107,20 @@ object DIDUtils {
           if (data.x.size() > 32)
             verifyPublicKey(
               data.curve,
-              SecpPublicKey.unsafeToSecpPublicKeyFromCompressed(data.x.toByteArray.toVector)
+              SecpPublicKey.unsafeFromCompressed(data.x.toByteArray.toVector)
             )
           else
             verifyPublicKey(
               data.curve,
-              SecpPublicKey.unsafeToSecpPublicKeyFromByteCoordinates(
+              SecpPublicKey.unsafeFromByteCoordinates(
                 data.x.toByteArray,
                 data.y.toByteArray
               )
             )
         case CompressedEcKeyData(data) =>
           verifyPublicKey(
             data.curve,
-            SecpPublicKey.unsafeToSecpPublicKeyFromCompressed(data.data.toByteArray.toVector)
+            SecpPublicKey.unsafeFromCompressed(data.data.toByteArray.toVector)
           )
         case Empty => None
       }

node/src/main/scala/io/iohk/atala/prism/node/crypto/CryptoUtils.scala

@@ -15,21 +15,15 @@ import scala.util.Try
 
 object CryptoUtils {
 
+  private val provider = new BouncyCastleProvider()
+  Security.addProvider(provider)
+
   implicit class SecpPublicKeyOps(pubKey: SecpPublicKey) {
     def toProto: CompressedECKeyData =
       CompressedECKeyData(curve = ProtocolConstants.secpCurveName, data = ByteString.copyFrom(pubKey.compressed))
   }
 
-  def isSecp256k1(key: SecpPublicKey): Boolean = {
-    val params = ECNamedCurveTable.getParameterSpec("secp256k1")
-    val curve = params.getCurve
-    val x = new BigInteger(1, key.x)
-    val y = new BigInteger(1, key.y)
-    Try(curve.validatePoint(x, y)).isSuccess
-
-  }
-
-  trait SecpPublicKey {
+  sealed trait SecpPublicKey {
     private[crypto] def publicKey: PublicKey
     def curveName: String = ProtocolConstants.secpCurveName
     def compressed: Array[Byte] = publicKey
@@ -47,73 +41,11 @@ object CryptoUtils {
     override private[crypto] def publicKey: PublicKey = pubKey
   }
 
-  trait SecpECDSASignature {
-    def bytes: Array[Byte]
-  }
-  private[crypto] case class SecpECDSASignatureImpl(bytes: Array[Byte]) extends SecpECDSASignature
-
-  object SecpECDSASignature {
-    def fromBytes(bytes: Array[Byte]): SecpECDSASignature = SecpECDSASignatureImpl(bytes)
-  }
-
-  object SecpPrivateKey {
-    def unsafefromBytesCompressed(bytes: Array[Byte]): SecpPrivateKey = SecpPrivateKeyImpl(bytes)
-  }
-
-  trait SecpPrivateKey {
-    private[crypto] def bytes: Array[Byte]
-    private[crypto] def privateKey: PrivateKey
-    def getEncoded: Array[Byte]
-  }
-  private[crypto] case class SecpPrivateKeyImpl(bytes: Array[Byte]) extends SecpPrivateKey {
-    override def getEncoded: Array[Byte] = {
-      privateKey
-        .asInstanceOf[ECPrivateKey]
-        .getD
-        .toByteArray
-        .dropWhile(_ == 0)
-    }
-
-    override def privateKey: PrivateKey = {
-      val ecParameterSpec = ECNamedCurveTable.getParameterSpec("secp256k1")
-      val ecNamedCurveSpec: ECParameterSpec = new ECNamedCurveSpec(
-        ecParameterSpec.getName,
-        ecParameterSpec.getCurve,
-        ecParameterSpec.getG,
-        ecParameterSpec.getN
-      )
-      val bigInt = new BigInteger(1, bytes)
-      val spec = new ECPrivateKeySpec(bigInt, ecNamedCurveSpec)
-      val keyFactory = KeyFactory.getInstance("EC", provider)
-      keyFactory.generatePrivate(spec)
-    }
-  }
-
-  object SecpECDSA {
-    def signBytes(msg: Array[Byte], privateKey: SecpPrivateKey): SecpECDSASignature = {
-      val signer = Signature.getInstance("SHA256withECDSA", provider)
-      signer.initSign(privateKey.privateKey)
-      signer.update(msg)
-      SecpECDSASignatureImpl(signer.sign())
-    }
-  }
-
-  // We define the constructor to SecpKeys private so that the only way to generate
-  // these keys is by using the methods unsafeToPublicKeyFromByteCoordinates and
-  // unsafeToPublicKeyFromCompressed.
   object SecpPublicKey {
 
     private[crypto] def fromPublicKey(key: PublicKey): SecpPublicKey = new SecpPublicKeyImpl(key)
 
-    // move to SecpECDSA object
-    def checkECDSASignature(msg: Array[Byte], sig: Array[Byte], pubKey: SecpPublicKey): Boolean = {
-      val ecdsaVerify = Signature.getInstance("SHA256withECDSA", provider)
-      ecdsaVerify.initVerify(pubKey.publicKey)
-      ecdsaVerify.update(msg)
-      ecdsaVerify.verify(sig)
-    }
-
-    def unsafeToSecpPublicKeyFromCompressed(com: Vector[Byte]): SecpPublicKey = {
+    def unsafeFromCompressed(com: Vector[Byte]): SecpPublicKey = {
       val params = ECNamedCurveTable.getParameterSpec("secp256k1")
       val fact = KeyFactory.getInstance("ECDSA", provider)
       val curve = params.getCurve
@@ -124,12 +56,13 @@ object CryptoUtils {
       SecpPublicKey.fromPublicKey(fact.generatePublic(keySpec))
     }
 
-    def unsafeToSecpPublicKeyFromByteCoordinates(x: Array[Byte], y: Array[Byte]): SecpPublicKey = {
+    def unsafeFromByteCoordinates(x: Array[Byte], y: Array[Byte]): SecpPublicKey = {
+      val PUBLIC_KEY_COORDINATE_BYTE_SIZE: Int = 32
       def trimLeadingZeroes(arr: Array[Byte], c: String): Array[Byte] = {
         val trimmed = arr.dropWhile(_ == 0.toByte)
         require(
           trimmed.length <= PUBLIC_KEY_COORDINATE_BYTE_SIZE,
-          s"Expected $c coordinate byte length to be less than or equal ${PUBLIC_KEY_COORDINATE_BYTE_SIZE}, but got ${trimmed.length} bytes"
+          s"Expected $c coordinate byte length to be less than or equal $PUBLIC_KEY_COORDINATE_BYTE_SIZE, but got ${trimmed.length} bytes"
         )
         trimmed
       }
@@ -138,10 +71,10 @@ object CryptoUtils {
       val yTrimmed = trimLeadingZeroes(y, "y")
       val xInteger = BigInt(1, xTrimmed)
       val yInteger = BigInt(1, yTrimmed)
-      SecpPublicKey.unsafeToSecpPublicKeyFromBigIntegerCoordinates(xInteger, yInteger)
+      SecpPublicKey.unsafeFromBigIntegerCoordinates(xInteger, yInteger)
     }
 
-    def unsafeToSecpPublicKeyFromBigIntegerCoordinates(x: BigInt, y: BigInt): SecpPublicKey = {
+    private def unsafeFromBigIntegerCoordinates(x: BigInt, y: BigInt): SecpPublicKey = {
       val params = ECNamedCurveTable.getParameterSpec("secp256k1")
       val fact = KeyFactory.getInstance("ECDSA", provider)
       val curve = params.getCurve
@@ -152,7 +85,7 @@ object CryptoUtils {
       SecpPublicKey.fromPublicKey(fact.generatePublic(keySpec))
     }
 
-    def unsafetoPublicKeyFromUncompressed(bytes: Array[Byte]): SecpPublicKey = {
+    def unsafeFromUncompressed(bytes: Array[Byte]): SecpPublicKey = {
       val PRIVATE_KEY_BYTE_SIZE: Int = 32
       val pointSize = PRIVATE_KEY_BYTE_SIZE * 2 + 1
       require(bytes.length == pointSize, s"Invalid public key bytes length, ${bytes.length}")
@@ -165,18 +98,83 @@ object CryptoUtils {
 
       val x = new BigInteger(1, xBytes)
       val y = new BigInteger(1, yBytes)
-      unsafeToSecpPublicKeyFromBigIntegerCoordinates(x, y)
+      unsafeFromBigIntegerCoordinates(x, y)
+    }
+
+    def isSecp256k1(key: SecpPublicKey): Boolean = {
+      val params = ECNamedCurveTable.getParameterSpec("secp256k1")
+      val curve = params.getCurve
+      val x = new BigInteger(1, key.x)
+      val y = new BigInteger(1, key.y)
+      Try(curve.validatePoint(x, y)).isSuccess
     }
   }
 
-  private val provider = new BouncyCastleProvider()
-  private val PUBLIC_KEY_COORDINATE_BYTE_SIZE: Int = 32
+  sealed trait SecpECDSASignature {
+    def bytes: Array[Byte]
+  }
 
-  Security.addProvider(provider)
+  private[crypto] case class SecpECDSASignatureImpl(bytes: Array[Byte]) extends SecpECDSASignature
+
+  object SecpECDSASignature {
+    def fromBytes(bytes: Array[Byte]): SecpECDSASignature = SecpECDSASignatureImpl(bytes)
+  }
+
+  sealed trait SecpPrivateKey {
+    private[crypto] def bytes: Array[Byte]
+    private[crypto] def privateKey: PrivateKey
+    def getEncoded: Array[Byte]
+  }
+
+  private[crypto] case class SecpPrivateKeyImpl(bytes: Array[Byte]) extends SecpPrivateKey {
+    override def getEncoded: Array[Byte] = {
+      privateKey
+        .asInstanceOf[ECPrivateKey]
+        .getD
+        .toByteArray
+        .dropWhile(_ == 0)
+    }
 
-  trait Sha256Hash {
+    override def privateKey: PrivateKey = {
+      val ecParameterSpec = ECNamedCurveTable.getParameterSpec("secp256k1")
+      val ecNamedCurveSpec: ECParameterSpec = new ECNamedCurveSpec(
+        ecParameterSpec.getName,
+        ecParameterSpec.getCurve,
+        ecParameterSpec.getG,
+        ecParameterSpec.getN
+      )
+      val bigInt = new BigInteger(1, bytes)
+      val spec = new ECPrivateKeySpec(bigInt, ecNamedCurveSpec)
+      val keyFactory = KeyFactory.getInstance("EC", provider)
+      keyFactory.generatePrivate(spec)
+    }
+  }
+
+  object SecpPrivateKey {
+    def unsafeFromBytesCompressed(bytes: Array[Byte]): SecpPrivateKey = SecpPrivateKeyImpl(bytes)
+  }
+
+  object SecpECDSA {
+    def signBytes(msg: Array[Byte], privateKey: SecpPrivateKey): SecpECDSASignature = {
+      val signer = Signature.getInstance("SHA256withECDSA", provider)
+      signer.initSign(privateKey.privateKey)
+      signer.update(msg)
+      SecpECDSASignatureImpl(signer.sign())
+    }
+
+    def checkECDSASignature(msg: Array[Byte], sig: Array[Byte], pubKey: SecpPublicKey): Boolean = {
+      val ecdsaVerify = Signature.getInstance("SHA256withECDSA", provider)
+      ecdsaVerify.initVerify(pubKey.publicKey)
+      ecdsaVerify.update(msg)
+      ecdsaVerify.verify(sig)
+    }
+  }
+
+  sealed trait Sha256Hash {
     def bytes: Vector[Byte]
-    def hexEncoded: String = bytesToHex(bytes)
+    def hexEncoded: String = {
+      bytes.map(byte => f"${byte & 0xff}%02x").mkString
+    }
 
     override def equals(obj: Any): Boolean = obj match {
       case other: Sha256Hash => bytes == other.bytes
@@ -211,19 +209,15 @@ object CryptoUtils {
           "The given hex string doesn't correspond to a valid SHA-256 hash encoded as string"
         )
     }
-  }
 
-  def bytesToHex(bytes: Vector[Byte]): String = {
-    bytes.map(byte => f"${byte & 0xff}%02x").mkString
-  }
-
-  def hexToBytes(hex: String): Vector[Byte] = {
-    val HEX_ARRAY = "0123456789abcdef".toCharArray
-    for {
-      pair <- hex.grouped(2).toVector
-      firstIndex = HEX_ARRAY.indexOf(pair(0))
-      secondIndex = HEX_ARRAY.indexOf(pair(1))
-      octet = firstIndex << 4 | secondIndex
-    } yield octet.toByte
+    private def hexToBytes(hex: String): Vector[Byte] = {
+      val HEX_ARRAY = "0123456789abcdef".toCharArray
+      for {
+        pair <- hex.grouped(2).toVector
+        firstIndex = HEX_ARRAY.indexOf(pair(0))
+        secondIndex = HEX_ARRAY.indexOf(pair(1))
+        octet = firstIndex << 4 | secondIndex
+      } yield octet.toByte
+    }
   }
 }

node/src/main/scala/io/iohk/atala/prism/node/grpc/ProtoCodecs.scala

@@ -134,7 +134,7 @@ object ProtoCodecs {
     for {
       maybeX <- protoKey.keyData.ecKeyData
       maybeY <- protoKey.keyData.ecKeyData
-    } yield SecpPublicKey.unsafeToSecpPublicKeyFromByteCoordinates(
+    } yield SecpPublicKey.unsafeFromByteCoordinates(
       maybeX.x.toByteArray,
       maybeY.y.toByteArray
     )

node/src/main/scala/io/iohk/atala/prism/node/operations/CreateDIDOperation.scala

@@ -39,7 +39,7 @@ case class CreateDIDOperation(
       }
       secpKey <- EitherT.fromEither[ConnectionIO] {
         val tryKey = Try {
-          SecpPublicKey.unsafeToSecpPublicKeyFromCompressed(key.key.compressedKey)
+          SecpPublicKey.unsafeFromCompressed(key.key.compressedKey)
         }
         tryKey.toOption
           .toRight(IllegalSecp256k1Key(key.keyId))

node/src/main/scala/io/iohk/atala/prism/node/operations/DeactivateDIDOperation.scala

@@ -58,7 +58,7 @@ case class DeactivateDIDOperation(
       }.map(_.key)
       secpKey <- EitherT.fromEither[ConnectionIO] {
         val tryKey = Try {
-          SecpPublicKey.unsafeToSecpPublicKeyFromCompressed(keyData.compressedKey)
+          SecpPublicKey.unsafeFromCompressed(keyData.compressedKey)
         }
         tryKey.toOption
           .toRight(IllegalSecp256k1Key(keyId): StateError)

node/src/main/scala/io/iohk/atala/prism/node/operations/ParsingUtils.scala

@@ -46,7 +46,7 @@ object ParsingUtils {
       Left(ecData.child(_.curve, "y").missing())
     } else {
       Try {
-        val key = SecpPublicKey.unsafeToSecpPublicKeyFromByteCoordinates(
+        val key = SecpPublicKey.unsafeFromByteCoordinates(
           ecData(_.x.toByteArray),
           ecData(_.y.toByteArray)
         )

node/src/main/scala/io/iohk/atala/prism/node/operations/ProtocolVersionUpdateOperation.scala

@@ -39,7 +39,7 @@ case class ProtocolVersionUpdateOperation(
 
       secpKey <- EitherT.fromEither[ConnectionIO] {
         val tryKey = Try {
-          SecpPublicKey.unsafeToSecpPublicKeyFromCompressed(keyState.key.compressedKey)
+          SecpPublicKey.unsafeFromCompressed(keyState.key.compressedKey)
         }
         tryKey.toOption
           .toRight(IllegalSecp256k1Key(keyId))