zolfa
/
tendermint


								package secp256k1


								import (

									"bytes"

									"crypto/sha256"

									"crypto/subtle"

									"fmt"

									"io"

									"math/big"


									secp256k1 "github.com/btcsuite/btcd/btcec"

									"golang.org/x/crypto/ripemd160" // nolint: staticcheck // necessary for Bitcoin address format


									"github.com/tendermint/tendermint/crypto"

								)


								var _ crypto.PrivKey = PrivKey{}


								const (

									PrivKeySize = 32

									keyType     = "secp256k1"

								)


								// PrivKey implements PrivKey.

								type PrivKey []byte


								// Bytes returns the byte representation of the Private Key.

								func (privKey PrivKey) Bytes() []byte {

									return []byte(privKey)

								}


								// PubKey performs the point-scalar multiplication from the privKey on the

								// generator point to get the pubkey.

								func (privKey PrivKey) PubKey() crypto.PubKey {

									_, pubkeyObject := secp256k1.PrivKeyFromBytes(secp256k1.S256(), privKey)

									return PubKey(pubkeyObject.SerializeCompressed())

								}


								// Equals - you probably don't need to use this.

								// Runs in constant time based on length of the keys.

								func (privKey PrivKey) Equals(other crypto.PrivKey) bool {

									if otherSecp, ok := other.(PrivKey); ok {

										return subtle.ConstantTimeCompare(privKey[:], otherSecp[:]) == 1

									}

									return false

								}


								func (privKey PrivKey) Type() string {

									return keyType

								}


								// GenPrivKey generates a new ECDSA private key on curve secp256k1 private key.

								// It uses OS randomness to generate the private key.

								func GenPrivKey() PrivKey {

									return genPrivKey(crypto.CReader())

								}


								// genPrivKey generates a new secp256k1 private key using the provided reader.

								func genPrivKey(rand io.Reader) PrivKey {

									var privKeyBytes [PrivKeySize]byte

									d := new(big.Int)

									for {

										privKeyBytes = [PrivKeySize]byte{}

										_, err := io.ReadFull(rand, privKeyBytes[:])

										if err != nil {

											panic(err)

										}


										d.SetBytes(privKeyBytes[:])

										// break if we found a valid point (i.e. > 0 and < N == curverOrder)

										isValidFieldElement := 0 < d.Sign() && d.Cmp(secp256k1.S256().N) < 0

										if isValidFieldElement {

											break

										}

									}


									return PrivKey(privKeyBytes[:])

								}


								var one = new(big.Int).SetInt64(1)


								// GenPrivKeySecp256k1 hashes the secret with SHA2, and uses

								// that 32 byte output to create the private key.

								//

								// It makes sure the private key is a valid field element by setting:

								//

								// c = sha256(secret)

								// k = (c mod (n − 1)) + 1, where n = curve order.

								//

								// NOTE: secret should be the output of a KDF like bcrypt,

								// if it's derived from user input.

								func GenPrivKeySecp256k1(secret []byte) PrivKey {

									secHash := sha256.Sum256(secret)

									// to guarantee that we have a valid field element, we use the approach of:

									// "Suite B Implementer’s Guide to FIPS 186-3", A.2.1

									// https://apps.nsa.gov/iaarchive/library/ia-guidance/ia-solutions-for-classified/algorithm-guidance/suite-b-implementers-guide-to-fips-186-3-ecdsa.cfm

									// see also https://github.com/golang/go/blob/0380c9ad38843d523d9c9804fe300cb7edd7cd3c/src/crypto/ecdsa/ecdsa.go#L89-L101

									fe := new(big.Int).SetBytes(secHash[:])

									n := new(big.Int).Sub(secp256k1.S256().N, one)

									fe.Mod(fe, n)

									fe.Add(fe, one)


									feB := fe.Bytes()

									privKey32 := make([]byte, PrivKeySize)

									// copy feB over to fixed 32 byte privKey32 and pad (if necessary)

									copy(privKey32[32-len(feB):32], feB)


									return PrivKey(privKey32)

								}


								//-------------------------------------


								var _ crypto.PubKey = PubKey{}


								// PubKeySize is comprised of 32 bytes for one field element

								// (the x-coordinate), plus one byte for the parity of the y-coordinate.

								const PubKeySize = 33


								// PubKey implements crypto.PubKey.

								// It is the compressed form of the pubkey. The first byte depends is a 0x02 byte

								// if the y-coordinate is the lexicographically largest of the two associated with

								// the x-coordinate. Otherwise the first byte is a 0x03.

								// This prefix is followed with the x-coordinate.

								type PubKey []byte


								// Address returns a Bitcoin style addresses: RIPEMD160(SHA256(pubkey))

								func (pubKey PubKey) Address() crypto.Address {

									if len(pubKey) != PubKeySize {

										panic("length of pubkey is incorrect")

									}


									hasherSHA256 := sha256.New()

									hasherSHA256.Write(pubKey) // does not error

									sha := hasherSHA256.Sum(nil)


									hasherRIPEMD160 := ripemd160.New()

									hasherRIPEMD160.Write(sha) // does not error

									return crypto.Address(hasherRIPEMD160.Sum(nil))

								}


								// Bytes returns the pubkey byte format.

								func (pubKey PubKey) Bytes() []byte {

									return []byte(pubKey)

								}


								func (pubKey PubKey) String() string {

									return fmt.Sprintf("PubKeySecp256k1{%X}", []byte(pubKey))

								}


								func (pubKey PubKey) Type() string {

									return keyType

								}


								func (pubKey PubKey) Equals(other crypto.PubKey) bool {

									if otherSecp, ok := other.(PubKey); ok {

										return bytes.Equal(pubKey[:], otherSecp[:])

									}

									return false

								}