aboutsummaryrefslogblamecommitdiffstats
path: root/crypto/crypto.go
blob: ce45ebd3897745363c93b701ac0c725d92b7b7c8 (plain) (tree)
1
2
3
4
5
6
7
8
9
                                         
                                                
  
                                                                                  



                                                                              
                                                                             
                                                                 
                                                               


                                                                           
                                                                                  
 
              

        


                         
                       
             
            
                   
                  
            
 
                      
                
 
                                                
                                                      
                                                          
                                                     
                                             
                                       

 
                                       
                                


                                

                         
 
                                                    



                                
                    


                



                                                                           
                                                            

                                                                   
                                                          
 













                                    





                                                                           

                                                  
 
 

                                                      



                          
                                     
                                               
                                 
                                                                                 
                   

 
                                              


                          
                            

 



                                              
                                                         
                                                                    

 
                                                
                                                       

                          
                                                               

 












                                                                       
                                              
                                                        
                               







                                                       






                                                 

 

                                                                 
                                                          

                                                      

 
                                               
                                                               

 

                                                                               
                                                                          
                                                             

                            





                                                                       
                                                                                     

 



                                                           
         
 
                                                       
                                                                         

 
                                      
  
                                                                         
                                                                           
                                                                        

                                                                  
                                                                           


                                                                                                 

         

                                                                            
                                               

              
 

                                                                                          

 

                                                                

                                                     
 
                                                        
                                    
                                                                  
 





                              
// Copyright 2014 The go-ethereum Authors
// This file is part of the go-ethereum library.
//
// The go-ethereum library is free software: you can redistribute it and/or modify
// it under the terms of the GNU Lesser General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// The go-ethereum library is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.

package crypto

import (
    "crypto/ecdsa"
    "crypto/elliptic"
    "crypto/rand"
    "crypto/sha256"
    "fmt"
    "io"
    "io/ioutil"
    "math/big"
    "os"

    "encoding/hex"
    "errors"

    "github.com/ethereum/go-ethereum/common"
    "github.com/ethereum/go-ethereum/crypto/ecies"
    "github.com/ethereum/go-ethereum/crypto/secp256k1"
    "github.com/ethereum/go-ethereum/crypto/sha3"
    "github.com/ethereum/go-ethereum/rlp"
    "golang.org/x/crypto/ripemd160"
)

func Keccak256(data ...[]byte) []byte {
    d := sha3.NewKeccak256()
    for _, b := range data {
        d.Write(b)
    }
    return d.Sum(nil)
}

func Keccak256Hash(data ...[]byte) (h common.Hash) {
    d := sha3.NewKeccak256()
    for _, b := range data {
        d.Write(b)
    }
    d.Sum(h[:0])
    return h
}

// Deprecated: For backward compatibility as other packages depend on these
func Sha3(data ...[]byte) []byte          { return Keccak256(data...) }
func Sha3Hash(data ...[]byte) common.Hash { return Keccak256Hash(data...) }

// Creates an ethereum address given the bytes and the nonce
func CreateAddress(b common.Address, nonce uint64) common.Address {
    data, _ := rlp.EncodeToBytes([]interface{}{b, nonce})
    return common.BytesToAddress(Keccak256(data)[12:])
}

func Sha256(data []byte) []byte {
    hash := sha256.Sum256(data)

    return hash[:]
}

func Ripemd160(data []byte) []byte {
    ripemd := ripemd160.New()
    ripemd.Write(data)

    return ripemd.Sum(nil)
}

// Ecrecover returns the public key for the private key that was used to
// calculate the signature.
//
// Note: secp256k1 expects the recover id to be either 0, 1. Ethereum
// signatures have a recover id with an offset of 27. Callers must take
// this into account and if "recovering" from an Ethereum signature adjust.
func Ecrecover(hash, sig []byte) ([]byte, error) {
    return secp256k1.RecoverPubkey(hash, sig)
}

// New methods using proper ecdsa keys from the stdlib
func ToECDSA(prv []byte) *ecdsa.PrivateKey {
    if len(prv) == 0 {
        return nil
    }

    priv := new(ecdsa.PrivateKey)
    priv.PublicKey.Curve = secp256k1.S256()
    priv.D = common.BigD(prv)
    priv.PublicKey.X, priv.PublicKey.Y = secp256k1.S256().ScalarBaseMult(prv)
    return priv
}

func FromECDSA(prv *ecdsa.PrivateKey) []byte {
    if prv == nil {
        return nil
    }
    return prv.D.Bytes()
}

func ToECDSAPub(pub []byte) *ecdsa.PublicKey {
    if len(pub) == 0 {
        return nil
    }
    x, y := elliptic.Unmarshal(secp256k1.S256(), pub)
    return &ecdsa.PublicKey{Curve: secp256k1.S256(), X: x, Y: y}
}

func FromECDSAPub(pub *ecdsa.PublicKey) []byte {
    if pub == nil || pub.X == nil || pub.Y == nil {
        return nil
    }
    return elliptic.Marshal(secp256k1.S256(), pub.X, pub.Y)
}

// HexToECDSA parses a secp256k1 private key.
func HexToECDSA(hexkey string) (*ecdsa.PrivateKey, error) {
    b, err := hex.DecodeString(hexkey)
    if err != nil {
        return nil, errors.New("invalid hex string")
    }
    if len(b) != 32 {
        return nil, errors.New("invalid length, need 256 bits")
    }
    return ToECDSA(b), nil
}

// LoadECDSA loads a secp256k1 private key from the given file.
// The key data is expected to be hex-encoded.
func LoadECDSA(file string) (*ecdsa.PrivateKey, error) {
    buf := make([]byte, 64)
    fd, err := os.Open(file)
    if err != nil {
        return nil, err
    }
    defer fd.Close()
    if _, err := io.ReadFull(fd, buf); err != nil {
        return nil, err
    }

    key, err := hex.DecodeString(string(buf))
    if err != nil {
        return nil, err
    }

    return ToECDSA(key), nil
}

// SaveECDSA saves a secp256k1 private key to the given file with
// restrictive permissions. The key data is saved hex-encoded.
func SaveECDSA(file string, key *ecdsa.PrivateKey) error {
    k := hex.EncodeToString(FromECDSA(key))
    return ioutil.WriteFile(file, []byte(k), 0600)
}

func GenerateKey() (*ecdsa.PrivateKey, error) {
    return ecdsa.GenerateKey(secp256k1.S256(), rand.Reader)
}

// ValidateSignatureValues verifies whether the signature values are valid with
// the given chain rules. The v value is assumed to be either 0 or 1.
func ValidateSignatureValues(v byte, r, s *big.Int, homestead bool) bool {
    if r.Cmp(common.Big1) < 0 || s.Cmp(common.Big1) < 0 {
        return false
    }
    // reject upper range of s values (ECDSA malleability)
    // see discussion in secp256k1/libsecp256k1/include/secp256k1.h
    if homestead && s.Cmp(secp256k1.HalfN) > 0 {
        return false
    }
    // Frontier: allow s to be in full N range
    return r.Cmp(secp256k1.N) < 0 && s.Cmp(secp256k1.N) < 0 && (v == 0 || v == 1)
}

func SigToPub(hash, sig []byte) (*ecdsa.PublicKey, error) {
    s, err := Ecrecover(hash, sig)
    if err != nil {
        return nil, err
    }

    x, y := elliptic.Unmarshal(secp256k1.S256(), s)
    return &ecdsa.PublicKey{Curve: secp256k1.S256(), X: x, Y: y}, nil
}

// Sign calculates an ECDSA signature.
//
// This function is susceptible to chosen plaintext attacks that can leak
// information about the private key that is used for signing. Callers must
// be aware that the given hash cannot be chosen by an adversery. Common
// solution is to hash any input before calculating the signature.
//
// The produced signature is in the [R || S || V] format where V is 0 or 1.
func Sign(data []byte, prv *ecdsa.PrivateKey) (sig []byte, err error) {
    if len(data) != 32 {
        return nil, fmt.Errorf("hash is required to be exactly 32 bytes (%d)", len(data))
    }

    seckey := common.LeftPadBytes(prv.D.Bytes(), prv.Params().BitSize/8)
    defer zeroBytes(seckey)
    sig, err = secp256k1.Sign(data, seckey)
    return
}

func Encrypt(pub *ecdsa.PublicKey, message []byte) ([]byte, error) {
    return ecies.Encrypt(rand.Reader, ecies.ImportECDSAPublic(pub), message, nil, nil)
}

func Decrypt(prv *ecdsa.PrivateKey, ct []byte) ([]byte, error) {
    key := ecies.ImportECDSA(prv)
    return key.Decrypt(rand.Reader, ct, nil, nil)
}

func PubkeyToAddress(p ecdsa.PublicKey) common.Address {
    pubBytes := FromECDSAPub(&p)
    return common.BytesToAddress(Keccak256(pubBytes[1:])[12:])
}

func zeroBytes(bytes []byte) {
    for i := range bytes {
        bytes[i] = 0
    }
}