zolfa
/
tendermint
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 221 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9580 Commits
183 Branches
291 MiB
Tree: 60f09840dd
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '60f09840dd'
${ noResults }
tendermint/crypto/secp256k1/secp256k1_nocgo.go

76 lines
2.3 KiB
Raw Normal View History

p2p: rename pexV2 to pex (#7088)
3 years ago
crypto: add in secp256k1 support (#5500) Secp256k1 was removed in the protobuf migration, this pr adds it back in order to provide this functionality for users (band) Closes: #5495
4 years ago
 
  1. //go:build !libsecp256k1

  2. // +build !libsecp256k1

  3. 

  4. package secp256k1
  5. 

  6. import (
  7. 	"math/big"
  8. 

  9. 	secp256k1 "github.com/btcsuite/btcd/btcec"
  10. 

  11. 	"github.com/tendermint/tendermint/crypto"
  12. )
  13. 

  14. // used to reject malleable signatures

  15. // see:

  16. //  - https://github.com/ethereum/go-ethereum/blob/f9401ae011ddf7f8d2d95020b7446c17f8d98dc1/crypto/signature_nocgo.go#L90-L93

  17. //  - https://github.com/ethereum/go-ethereum/blob/f9401ae011ddf7f8d2d95020b7446c17f8d98dc1/crypto/crypto.go#L39

  18. var secp256k1halfN = new(big.Int).Rsh(secp256k1.S256().N, 1)
  19. 

  20. // Sign creates an ECDSA signature on curve Secp256k1, using SHA256 on the msg.

  21. // The returned signature will be of the form R || S (in lower-S form).

  22. func (privKey PrivKey) Sign(msg []byte) ([]byte, error) {
  23. 	priv, _ := secp256k1.PrivKeyFromBytes(secp256k1.S256(), privKey)
  24. 

  25. 	sig, err := priv.Sign(crypto.Sha256(msg))
  26. 	if err != nil {
  27. 		return nil, err
  28. 	}
  29. 

  30. 	sigBytes := serializeSig(sig)
  31. 	return sigBytes, nil
  32. }
  33. 

  34. // VerifySignature verifies a signature of the form R || S.

  35. // It rejects signatures which are not in lower-S form.

  36. func (pubKey PubKey) VerifySignature(msg []byte, sigStr []byte) bool {
  37. 	if len(sigStr) != 64 {
  38. 		return false
  39. 	}
  40. 

  41. 	pub, err := secp256k1.ParsePubKey(pubKey, secp256k1.S256())
  42. 	if err != nil {
  43. 		return false
  44. 	}
  45. 

  46. 	// parse the signature:

  47. 	signature := signatureFromBytes(sigStr)
  48. 	// Reject malleable signatures. libsecp256k1 does this check but btcec doesn't.

  49. 	// see: https://github.com/ethereum/go-ethereum/blob/f9401ae011ddf7f8d2d95020b7446c17f8d98dc1/crypto/signature_nocgo.go#L90-L93

  50. 	if signature.S.Cmp(secp256k1halfN) > 0 {
  51. 		return false
  52. 	}
  53. 

  54. 	return signature.Verify(crypto.Sha256(msg), pub)
  55. }
  56. 

  57. // Read Signature struct from R || S. Caller needs to ensure

  58. // that len(sigStr) == 64.

  59. func signatureFromBytes(sigStr []byte) *secp256k1.Signature {
  60. 	return &secp256k1.Signature{
  61. 		R: new(big.Int).SetBytes(sigStr[:32]),
  62. 		S: new(big.Int).SetBytes(sigStr[32:64]),
  63. 	}
  64. }
  65. 

  66. // Serialize signature to R || S.

  67. // R, S are padded to 32 bytes respectively.

  68. func serializeSig(sig *secp256k1.Signature) []byte {
  69. 	rBytes := sig.R.Bytes()
  70. 	sBytes := sig.S.Bytes()
  71. 	sigBytes := make([]byte, 64)
  72. 	// 0 pad the byte arrays from the left if they aren't big enough.

  73. 	copy(sigBytes[32-len(rBytes):32], rBytes)
  74. 	copy(sigBytes[64-len(sBytes):64], sBytes)
  75. 	return sigBytes
  76. }