You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
198 lines
5.9 KiB
198 lines
5.9 KiB
package secp256k1
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/sha256"
|
|
"crypto/subtle"
|
|
"fmt"
|
|
|
|
secp256k1 "github.com/btcsuite/btcd/btcec"
|
|
amino "github.com/tendermint/go-amino"
|
|
"github.com/tendermint/tendermint/crypto"
|
|
"github.com/tendermint/tendermint/libs/common"
|
|
"golang.org/x/crypto/ripemd160"
|
|
)
|
|
|
|
//-------------------------------------
|
|
const (
|
|
Secp256k1PrivKeyAminoRoute = "tendermint/PrivKeySecp256k1"
|
|
Secp256k1PubKeyAminoRoute = "tendermint/PubKeySecp256k1"
|
|
Secp256k1SignatureAminoRoute = "tendermint/SignatureSecp256k1"
|
|
)
|
|
|
|
var cdc = amino.NewCodec()
|
|
|
|
func init() {
|
|
cdc.RegisterInterface((*crypto.PubKey)(nil), nil)
|
|
cdc.RegisterConcrete(PubKeySecp256k1{},
|
|
Secp256k1PubKeyAminoRoute, nil)
|
|
|
|
cdc.RegisterInterface((*crypto.PrivKey)(nil), nil)
|
|
cdc.RegisterConcrete(PrivKeySecp256k1{},
|
|
Secp256k1PrivKeyAminoRoute, nil)
|
|
|
|
cdc.RegisterInterface((*crypto.Signature)(nil), nil)
|
|
cdc.RegisterConcrete(SignatureSecp256k1{},
|
|
Secp256k1SignatureAminoRoute, nil)
|
|
}
|
|
|
|
//-------------------------------------
|
|
|
|
var _ crypto.PrivKey = PrivKeySecp256k1{}
|
|
|
|
// PrivKeySecp256k1 implements PrivKey.
|
|
type PrivKeySecp256k1 [32]byte
|
|
|
|
// Bytes marshalls the private key using amino encoding.
|
|
func (privKey PrivKeySecp256k1) Bytes() []byte {
|
|
return cdc.MustMarshalBinaryBare(privKey)
|
|
}
|
|
|
|
// Sign creates an ECDSA signature on curve Secp256k1, using SHA256 on the msg.
|
|
func (privKey PrivKeySecp256k1) Sign(msg []byte) (crypto.Signature, error) {
|
|
priv, _ := secp256k1.PrivKeyFromBytes(secp256k1.S256(), privKey[:])
|
|
sig, err := priv.Sign(crypto.Sha256(msg))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return SignatureSecp256k1(sig.Serialize()), nil
|
|
}
|
|
|
|
// PubKey performs the point-scalar multiplication from the privKey on the
|
|
// generator point to get the pubkey.
|
|
func (privKey PrivKeySecp256k1) PubKey() crypto.PubKey {
|
|
_, pubkeyObject := secp256k1.PrivKeyFromBytes(secp256k1.S256(), privKey[:])
|
|
var pubkeyBytes PubKeySecp256k1
|
|
copy(pubkeyBytes[:], pubkeyObject.SerializeCompressed())
|
|
return pubkeyBytes
|
|
}
|
|
|
|
// Equals - you probably don't need to use this.
|
|
// Runs in constant time based on length of the keys.
|
|
func (privKey PrivKeySecp256k1) Equals(other crypto.PrivKey) bool {
|
|
if otherSecp, ok := other.(PrivKeySecp256k1); ok {
|
|
return subtle.ConstantTimeCompare(privKey[:], otherSecp[:]) == 1
|
|
}
|
|
return false
|
|
}
|
|
|
|
// GenPrivKey generates a new ECDSA private key on curve secp256k1 private key.
|
|
// It uses OS randomness in conjunction with the current global random seed
|
|
// in tendermint/libs/common to generate the private key.
|
|
func GenPrivKey() PrivKeySecp256k1 {
|
|
privKeyBytes := [32]byte{}
|
|
copy(privKeyBytes[:], crypto.CRandBytes(32))
|
|
// crypto.CRandBytes is guaranteed to be 32 bytes long, so it can be
|
|
// casted to PrivKeySecp256k1.
|
|
return PrivKeySecp256k1(privKeyBytes)
|
|
}
|
|
|
|
// GenPrivKeySecp256k1 hashes the secret with SHA2, and uses
|
|
// that 32 byte output to create the private key.
|
|
// NOTE: secret should be the output of a KDF like bcrypt,
|
|
// if it's derived from user input.
|
|
func GenPrivKeySecp256k1(secret []byte) PrivKeySecp256k1 {
|
|
privKey32 := sha256.Sum256(secret)
|
|
// sha256.Sum256() is guaranteed to be 32 bytes long, so it can be
|
|
// casted to PrivKeySecp256k1.
|
|
return PrivKeySecp256k1(privKey32)
|
|
}
|
|
|
|
//-------------------------------------
|
|
|
|
var _ crypto.PubKey = PubKeySecp256k1{}
|
|
|
|
// PubKeySecp256k1Size is comprised of 32 bytes for one field element
|
|
// (the x-coordinate), plus one byte for the parity of the y-coordinate.
|
|
const PubKeySecp256k1Size = 33
|
|
|
|
// PubKeySecp256k1 implements crypto.PubKey.
|
|
// It is the compressed form of the pubkey. The first byte depends is a 0x02 byte
|
|
// if the y-coordinate is the lexicographically largest of the two associated with
|
|
// the x-coordinate. Otherwise the first byte is a 0x03.
|
|
// This prefix is followed with the x-coordinate.
|
|
type PubKeySecp256k1 [PubKeySecp256k1Size]byte
|
|
|
|
// Address returns a Bitcoin style addresses: RIPEMD160(SHA256(pubkey))
|
|
func (pubKey PubKeySecp256k1) Address() crypto.Address {
|
|
hasherSHA256 := sha256.New()
|
|
hasherSHA256.Write(pubKey[:]) // does not error
|
|
sha := hasherSHA256.Sum(nil)
|
|
|
|
hasherRIPEMD160 := ripemd160.New()
|
|
hasherRIPEMD160.Write(sha) // does not error
|
|
return crypto.Address(hasherRIPEMD160.Sum(nil))
|
|
}
|
|
|
|
// Bytes returns the pubkey marshalled with amino encoding.
|
|
func (pubKey PubKeySecp256k1) Bytes() []byte {
|
|
bz, err := cdc.MarshalBinaryBare(pubKey)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
return bz
|
|
}
|
|
|
|
func (pubKey PubKeySecp256k1) VerifyBytes(msg []byte, interfaceSig crypto.Signature) bool {
|
|
// and assert same algorithm to sign and verify
|
|
sig, ok := interfaceSig.(SignatureSecp256k1)
|
|
if !ok {
|
|
return false
|
|
}
|
|
|
|
pub, err := secp256k1.ParsePubKey(pubKey[:], secp256k1.S256())
|
|
if err != nil {
|
|
return false
|
|
}
|
|
parsedSig, err := secp256k1.ParseDERSignature(sig[:], secp256k1.S256())
|
|
if err != nil {
|
|
return false
|
|
}
|
|
return parsedSig.Verify(crypto.Sha256(msg), pub)
|
|
}
|
|
|
|
func (pubKey PubKeySecp256k1) String() string {
|
|
return fmt.Sprintf("PubKeySecp256k1{%X}", pubKey[:])
|
|
}
|
|
|
|
func (pubKey PubKeySecp256k1) Equals(other crypto.PubKey) bool {
|
|
if otherSecp, ok := other.(PubKeySecp256k1); ok {
|
|
return bytes.Equal(pubKey[:], otherSecp[:])
|
|
}
|
|
return false
|
|
}
|
|
|
|
//-------------------------------------
|
|
|
|
var _ crypto.Signature = SignatureSecp256k1{}
|
|
|
|
// SignatureSecp256k1 implements crypto.Signature
|
|
type SignatureSecp256k1 []byte
|
|
|
|
func (sig SignatureSecp256k1) Bytes() []byte {
|
|
bz, err := cdc.MarshalBinaryBare(sig)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
return bz
|
|
}
|
|
|
|
func (sig SignatureSecp256k1) IsZero() bool { return len(sig) == 0 }
|
|
|
|
func (sig SignatureSecp256k1) String() string {
|
|
return fmt.Sprintf("/%X.../", common.Fingerprint(sig[:]))
|
|
}
|
|
|
|
func (sig SignatureSecp256k1) Equals(other crypto.Signature) bool {
|
|
if otherSecp, ok := other.(SignatureSecp256k1); ok {
|
|
return subtle.ConstantTimeCompare(sig[:], otherSecp[:]) == 1
|
|
} else {
|
|
return false
|
|
}
|
|
}
|
|
|
|
func SignatureSecp256k1FromBytes(data []byte) crypto.Signature {
|
|
sig := make(SignatureSecp256k1, len(data))
|
|
copy(sig[:], data)
|
|
return sig
|
|
}
|