- package ed25519
-
- import (
- "bytes"
- "crypto/subtle"
- "fmt"
- "io"
-
- amino "github.com/tendermint/go-amino"
- "golang.org/x/crypto/ed25519"
-
- "github.com/tendermint/tendermint/crypto"
- "github.com/tendermint/tendermint/crypto/tmhash"
- )
-
- //-------------------------------------
-
- var _ crypto.PrivKey = PrivKeyEd25519{}
-
- const (
- PrivKeyAminoRoute = "tendermint/PrivKeyEd25519"
- PubKeyAminoRoute = "tendermint/PubKeyEd25519"
- // Size of an Edwards25519 signature. Namely the size of a compressed
- // Edwards25519 point, and a field element. Both of which are 32 bytes.
- SignatureSize = 64
- )
-
- var cdc = amino.NewCodec()
-
- func init() {
- cdc.RegisterInterface((*crypto.PubKey)(nil), nil)
- cdc.RegisterConcrete(PubKeyEd25519{},
- PubKeyAminoRoute, nil)
-
- cdc.RegisterInterface((*crypto.PrivKey)(nil), nil)
- cdc.RegisterConcrete(PrivKeyEd25519{},
- PrivKeyAminoRoute, nil)
- }
-
- // PrivKeyEd25519 implements crypto.PrivKey.
- type PrivKeyEd25519 [64]byte
-
- // Bytes marshals the privkey using amino encoding.
- func (privKey PrivKeyEd25519) Bytes() []byte {
- return cdc.MustMarshalBinaryBare(privKey)
- }
-
- // Sign produces a signature on the provided message.
- // This assumes the privkey is wellformed in the golang format.
- // The first 32 bytes should be random,
- // corresponding to the normal ed25519 private key.
- // The latter 32 bytes should be the compressed public key.
- // If these conditions aren't met, Sign will panic or produce an
- // incorrect signature.
- func (privKey PrivKeyEd25519) Sign(msg []byte) ([]byte, error) {
- signatureBytes := ed25519.Sign(privKey[:], msg)
- return signatureBytes[:], nil
- }
-
- // PubKey gets the corresponding public key from the private key.
- func (privKey PrivKeyEd25519) PubKey() crypto.PubKey {
- privKeyBytes := [64]byte(privKey)
- initialized := false
- // If the latter 32 bytes of the privkey are all zero, compute the pubkey
- // otherwise privkey is initialized and we can use the cached value inside
- // of the private key.
- for _, v := range privKeyBytes[32:] {
- if v != 0 {
- initialized = true
- break
- }
- }
-
- if !initialized {
- panic("Expected PrivKeyEd25519 to include concatenated pubkey bytes")
- }
-
- var pubkeyBytes [PubKeyEd25519Size]byte
- copy(pubkeyBytes[:], privKeyBytes[32:])
- return PubKeyEd25519(pubkeyBytes)
- }
-
- // Equals - you probably don't need to use this.
- // Runs in constant time based on length of the keys.
- func (privKey PrivKeyEd25519) Equals(other crypto.PrivKey) bool {
- if otherEd, ok := other.(PrivKeyEd25519); ok {
- return subtle.ConstantTimeCompare(privKey[:], otherEd[:]) == 1
- } else {
- return false
- }
- }
-
- // GenPrivKey generates a new ed25519 private key.
- // It uses OS randomness in conjunction with the current global random seed
- // in tendermint/libs/common to generate the private key.
- func GenPrivKey() PrivKeyEd25519 {
- return genPrivKey(crypto.CReader())
- }
-
- // genPrivKey generates a new ed25519 private key using the provided reader.
- func genPrivKey(rand io.Reader) PrivKeyEd25519 {
- seed := make([]byte, 32)
- _, err := io.ReadFull(rand, seed[:])
- if err != nil {
- panic(err)
- }
-
- privKey := ed25519.NewKeyFromSeed(seed)
- var privKeyEd PrivKeyEd25519
- copy(privKeyEd[:], privKey)
- return privKeyEd
- }
-
- // GenPrivKeyFromSecret hashes the secret with SHA2, and uses
- // that 32 byte output to create the private key.
- // NOTE: secret should be the output of a KDF like bcrypt,
- // if it's derived from user input.
- func GenPrivKeyFromSecret(secret []byte) PrivKeyEd25519 {
- seed := crypto.Sha256(secret) // Not Ripemd160 because we want 32 bytes.
-
- privKey := ed25519.NewKeyFromSeed(seed)
- var privKeyEd PrivKeyEd25519
- copy(privKeyEd[:], privKey)
- return privKeyEd
- }
-
- //-------------------------------------
-
- var _ crypto.PubKey = PubKeyEd25519{}
-
- // PubKeyEd25519Size is the number of bytes in an Ed25519 signature.
- const PubKeyEd25519Size = 32
-
- // PubKeyEd25519 implements crypto.PubKey for the Ed25519 signature scheme.
- type PubKeyEd25519 [PubKeyEd25519Size]byte
-
- // Address is the SHA256-20 of the raw pubkey bytes.
- func (pubKey PubKeyEd25519) Address() crypto.Address {
- return crypto.Address(tmhash.SumTruncated(pubKey[:]))
- }
-
- // Bytes marshals the PubKey using amino encoding.
- func (pubKey PubKeyEd25519) Bytes() []byte {
- bz, err := cdc.MarshalBinaryBare(pubKey)
- if err != nil {
- panic(err)
- }
- return bz
- }
-
- func (pubKey PubKeyEd25519) VerifyBytes(msg []byte, sig []byte) bool {
- // make sure we use the same algorithm to sign
- if len(sig) != SignatureSize {
- return false
- }
- return ed25519.Verify(pubKey[:], msg, sig)
- }
-
- func (pubKey PubKeyEd25519) String() string {
- return fmt.Sprintf("PubKeyEd25519{%X}", pubKey[:])
- }
-
- // nolint: golint
- func (pubKey PubKeyEd25519) Equals(other crypto.PubKey) bool {
- if otherEd, ok := other.(PubKeyEd25519); ok {
- return bytes.Equal(pubKey[:], otherEd[:])
- } else {
- return false
- }
- }
|