From 2c98947948fc8dabc14a82a122a29f3df5f377a6 Mon Sep 17 00:00:00 2001
From: Ola Bini <ola@olabini.se>
Date: Wed, 22 Aug 2018 09:32:46 -0500
Subject: [PATCH] Refactor and extract ring signature functionality to gotrax

---
 constants.go           | 17 +++++++++++++++++
 kdf.go                 |  2 ++
 keys_serialize.go      | 10 ++++++++++
 keys_serialize_test.go | 16 ++++++++++++++++
 4 files changed, 45 insertions(+)

diff --git a/constants.go b/constants.go
index 6cb6cf0..be4b91b 100644
--- a/constants.go
+++ b/constants.go
@@ -30,4 +30,21 @@ var kdfPrefix = []byte("OTRv4")
 const (
 	usageFingerprint = byte(0x00)
 	usageBraceKey    = byte(0x02)
+	usageAuth        = byte(0x11)
 )
+
+var basePointBytesDup = []byte{
+	0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
+	0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
+	0x66, 0x66, 0x66, 0x66, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33,
+	0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33,
+	0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x00,
+}
+
+var primeOrderBytesDup = []byte{
+	0x3f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xff, 0xff, 0xff, 0xff, 0x7c, 0xca, 0x23, 0xe9, 0xc4, 0x4e, 0xdb, 0x49,
+	0xae, 0xd6, 0x36, 0x90, 0x21, 0x6c, 0xc2, 0x72, 0x8d, 0xc5, 0x8f, 0x55,
+	0x23, 0x78, 0xc2, 0x92, 0xab, 0x58, 0x44, 0xf3,
+}
diff --git a/kdf.go b/kdf.go
index 0bf9638..79b0a40 100644
--- a/kdf.go
+++ b/kdf.go
@@ -2,6 +2,8 @@ package gotrax
 
 import "golang.org/x/crypto/sha3"
 
+type KdfFunc func(uint8, uint16, ...[]byte) []byte
+
 func KdfPrekeyServer(usageID uint8, size uint16, values ...[]byte) []byte {
 	buf := make([]byte, size)
 	KdfxPrekeyServer(usageID, buf, values...)
diff --git a/keys_serialize.go b/keys_serialize.go
index 6e4c0ce..7bb835d 100644
--- a/keys_serialize.go
+++ b/keys_serialize.go
@@ -48,6 +48,16 @@ func DeserializePoint(buf []byte) ([]byte, ed448.Point, bool) {
 	return buf[57:], tp, true
 }
 
+func DeserializeScalar(buf []byte) ([]byte, ed448.Scalar, bool) {
+	if len(buf) < 56 {
+		return nil, nil, false
+	}
+	ts := ed448.NewScalar()
+	ts.Decode(buf[0:56])
+	return buf[56:], ts, true
+
+}
+
 func (p *PublicKey) Deserialize(buf []byte) ([]byte, bool) {
 	var ok bool
 	pubKeyType := uint16(0)
diff --git a/keys_serialize_test.go b/keys_serialize_test.go
index 08988b3..440ebd0 100644
--- a/keys_serialize_test.go
+++ b/keys_serialize_test.go
@@ -94,6 +94,22 @@ func (s *GotraxSuite) Test_EddsaSignature_deserializesCorrectly(c *C) {
 	c.Assert(r, DeepEquals, []byte{0x42})
 }
 
+func (s *GotraxSuite) Test_DeserializeScalar_failsOnShortBuffer(c *C) {
+	ser := []byte{
+		0x12, 0x34, 0x55, 0x00, 0x00, 0x00, 0x00, 0x0,
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0,
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0,
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0,
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0,
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0,
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	}
+
+	b, _, ok := DeserializeScalar(ser)
+	c.Assert(b, IsNil)
+	c.Assert(ok, Equals, false)
+}
+
 func (s *GotraxSuite) Test_EddsaSignature_failsOnShortDeserialize(c *C) {
 	ser := []byte{
 		0x12, 0x34, 0x55, 0x00, 0x00, 0x00, 0x00, 0x0,