diff options
| author | Gustav Simonsson <gustav.simonsson@gmail.com> | 2015-09-28 17:19:23 +0800 |
|---|---|---|
| committer | Gustav Simonsson <gustav.simonsson@gmail.com> | 2015-10-09 20:47:55 +0800 |
| commit | f32fa075f14d2b3a1213098274e0ba88c7761283 (patch) | |
| tree | 6d198e22e34105f35a7e60a7b3376a97682f06ad /crypto/secp256k1/secp256.go | |
| parent | 1d20b0247c35f440d3fdc3d21de19b2d5256c3cf (diff) | |
| download | go-tangerine-f32fa075f14d2b3a1213098274e0ba88c7761283.tar go-tangerine-f32fa075f14d2b3a1213098274e0ba88c7761283.tar.gz go-tangerine-f32fa075f14d2b3a1213098274e0ba88c7761283.tar.bz2 go-tangerine-f32fa075f14d2b3a1213098274e0ba88c7761283.tar.lz go-tangerine-f32fa075f14d2b3a1213098274e0ba88c7761283.tar.xz go-tangerine-f32fa075f14d2b3a1213098274e0ba88c7761283.tar.zst go-tangerine-f32fa075f14d2b3a1213098274e0ba88c7761283.zip | |
core/secp256k1: update libsecp256k1 Go wrapper and tests
Diffstat (limited to 'crypto/secp256k1/secp256.go')
| -rw-r--r-- | crypto/secp256k1/secp256.go | 196 |
1 files changed, 109 insertions, 87 deletions
diff --git a/crypto/secp256k1/secp256.go b/crypto/secp256k1/secp256.go index 7baa456bf..88b43034f 100644 --- a/crypto/secp256k1/secp256.go +++ b/crypto/secp256k1/secp256.go @@ -19,7 +19,7 @@ package secp256k1 // TODO: set USE_SCALAR_4X64 depending on platform? /* -#cgo CFLAGS: -I./secp256k1 +#cgo CFLAGS: -I./libsecp256k1 #cgo darwin CFLAGS: -I/usr/local/include #cgo freebsd CFLAGS: -I/usr/local/include #cgo linux,arm CFLAGS: -I/usr/local/arm/include @@ -33,7 +33,8 @@ package secp256k1 #define USE_SCALAR_8X32 #define USE_SCALAR_INV_BUILTIN #define NDEBUG -#include "./secp256k1/src/secp256k1.c" +#include "./libsecp256k1/src/secp256k1.c" +#include "./libsecp256k1/src/modules/recovery/main_impl.h" */ import "C" @@ -48,48 +49,51 @@ import ( //#define USE_FIELD_5X64 /* - Todo: - > Centralize key management in module - > add pubkey/private key struct - > Dont let keys leave module; address keys as ints - + TODO: > store private keys in buffer and shuffle (deters persistance on swap disc) - > Byte permutation (changing) + > byte permutation (changing) > xor with chaning random block (to deter scanning memory for 0x63) (stream cipher?) - - On Disk - > Store keys in wallets - > use slow key derivation function for wallet encryption key (2 seconds) + > on disk: store keys in wallets */ -func init() { - //takes 10ms to 100ms - C.secp256k1_start(3) // SECP256K1_START_SIGN | SECP256K1_START_VERIFY -} +// holds ptr to secp256k1_context_struct (see secp256k1/include/secp256k1.h) +var context *C.secp256k1_context -func Stop() { - C.secp256k1_stop() +func init() { + // around 20 ms on a modern CPU. + context = C.secp256k1_context_create(3) // SECP256K1_START_SIGN | SECP256K1_START_VERIFY } func GenerateKeyPair() ([]byte, []byte) { - - pubkey_len := C.int(65) - const seckey_len = 32 - - var pubkey []byte = make([]byte, pubkey_len) - var seckey []byte = randentropy.GetEntropyCSPRNG(seckey_len) - - var pubkey_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&pubkey[0])) + var seckey []byte = randentropy.GetEntropyCSPRNG(32) var seckey_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&seckey[0])) + var pubkey64 []byte = make([]byte, 64) // secp256k1_pubkey + var pubkey65 []byte = make([]byte, 65) // 65 byte uncompressed pubkey + pubkey64_ptr := (*C.secp256k1_pubkey)(unsafe.Pointer(&pubkey64[0])) + pubkey65_ptr := (*C.uchar)(unsafe.Pointer(&pubkey65[0])) + ret := C.secp256k1_ec_pubkey_create( - pubkey_ptr, &pubkey_len, - seckey_ptr, 0) + context, + pubkey64_ptr, + seckey_ptr, + ) if ret != C.int(1) { - return GenerateKeyPair() //invalid secret, try again + return GenerateKeyPair() // invalid secret, try again } - return pubkey, seckey + + var output_len C.size_t + + C.secp256k1_ec_pubkey_serialize( // always returns 1 + context, + pubkey65_ptr, + &output_len, + pubkey64_ptr, + 0, // SECP256K1_EC_COMPRESSED + ) + + return pubkey65, seckey } func GeneratePubKey(seckey []byte) ([]byte, error) { @@ -97,17 +101,16 @@ func GeneratePubKey(seckey []byte) ([]byte, error) { return nil, err } - pubkey_len := C.int(65) - const seckey_len = 32 + var pubkey []byte = make([]byte, 64) + var pubkey_ptr *C.secp256k1_pubkey = (*C.secp256k1_pubkey)(unsafe.Pointer(&pubkey[0])) - var pubkey []byte = make([]byte, pubkey_len) - - var pubkey_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&pubkey[0])) var seckey_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&seckey[0])) ret := C.secp256k1_ec_pubkey_create( - pubkey_ptr, &pubkey_len, - seckey_ptr, 0) + context, + pubkey_ptr, + seckey_ptr, + ) if ret != C.int(1) { return nil, errors.New("Unable to generate pubkey from seckey") @@ -117,38 +120,48 @@ func GeneratePubKey(seckey []byte) ([]byte, error) { } func Sign(msg []byte, seckey []byte) ([]byte, error) { - nonce := randentropy.GetEntropyCSPRNG(32) + msg_ptr := (*C.uchar)(unsafe.Pointer(&msg[0])) + seckey_ptr := (*C.uchar)(unsafe.Pointer(&seckey[0])) - var sig []byte = make([]byte, 65) - var recid C.int + sig := make([]byte, 65) + sig_ptr := (*C.secp256k1_ecdsa_recoverable_signature)(unsafe.Pointer(&sig[0])) - var msg_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&msg[0])) - var sig_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&sig[0])) - var seckey_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&seckey[0])) + nonce := randentropy.GetEntropyCSPRNG(32) + ndata_ptr := unsafe.Pointer(&nonce[0]) - var noncefp_ptr = &(*C.secp256k1_nonce_function_default) - var ndata_ptr = unsafe.Pointer(&nonce[0]) + noncefp_ptr := &(*C.secp256k1_nonce_function_default) - if C.secp256k1_ec_seckey_verify(seckey_ptr) != C.int(1) { + if C.secp256k1_ec_seckey_verify(context, seckey_ptr) != C.int(1) { return nil, errors.New("Invalid secret key") } - ret := C.secp256k1_ecdsa_sign_compact( - msg_ptr, + ret := C.secp256k1_ecdsa_sign_recoverable( + context, sig_ptr, + msg_ptr, seckey_ptr, noncefp_ptr, ndata_ptr, - &recid) - - sig[64] = byte(int(recid)) + ) - if ret != C.int(1) { - // nonce invalid, retry - return Sign(msg, seckey) + if ret == C.int(0) { + return Sign(msg, seckey) //invalid secret, try again } - return sig, nil + sig_serialized := make([]byte, 65) + sig_serialized_ptr := (*C.uchar)(unsafe.Pointer(&sig_serialized[0])) + var recid C.int + + C.secp256k1_ecdsa_recoverable_signature_serialize_compact( + context, + sig_serialized_ptr, // 64 byte compact signature + &recid, + sig_ptr, // 65 byte "recoverable" signature + ) + + sig_serialized[64] = byte(int(recid)) // add back recid to get 65 bytes sig + + return sig_serialized, nil } @@ -157,26 +170,13 @@ func VerifySeckeyValidity(seckey []byte) error { return errors.New("priv key is not 32 bytes") } var seckey_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&seckey[0])) - ret := C.secp256k1_ec_seckey_verify(seckey_ptr) + ret := C.secp256k1_ec_seckey_verify(context, seckey_ptr) if int(ret) != 1 { return errors.New("invalid seckey") } return nil } -func VerifyPubkeyValidity(pubkey []byte) error { - if len(pubkey) != 65 { - return errors.New("pub key is not 65 bytes") - } - var pubkey_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&pubkey[0])) - ret := C.secp256k1_ec_pubkey_verify(pubkey_ptr, 65) - if int(ret) != 1 { - return errors.New("invalid pubkey") - } - - return nil -} - func VerifySignatureValidity(sig []byte) bool { //64+1 if len(sig) != 65 { @@ -231,36 +231,58 @@ func VerifySignature(msg []byte, sig []byte, pubkey1 []byte) error { return nil } -//recovers the public key from the signature -//recovery of pubkey means correct signature +// recovers a public key from the signature func RecoverPubkey(msg []byte, sig []byte) ([]byte, error) { if len(sig) != 65 { return nil, errors.New("Invalid signature length") } - var pubkey []byte = make([]byte, 65) - - var msg_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&msg[0])) - var sig_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&sig[0])) - var pubkey_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&pubkey[0])) + msg_ptr := (*C.uchar)(unsafe.Pointer(&msg[0])) + sig_ptr := (*C.uchar)(unsafe.Pointer(&sig[0])) + + pubkey := make([]byte, 64) + /* + this slice is used for both the recoverable signature and the + resulting serialized pubkey (both types in libsecp256k1 are 65 + bytes). this saves one allocation of 65 bytes, which is nice as + pubkey recovery is one bottleneck during load in Ethereum + */ + bytes65 := make([]byte, 65) + + pubkey_ptr := (*C.secp256k1_pubkey)(unsafe.Pointer(&pubkey[0])) + recoverable_sig_ptr := (*C.secp256k1_ecdsa_recoverable_signature)(unsafe.Pointer(&bytes65[0])) + + recid := C.int(sig[64]) + ret := C.secp256k1_ecdsa_recoverable_signature_parse_compact( + context, + recoverable_sig_ptr, + sig_ptr, + recid) - var pubkeylen C.int + if ret == C.int(0) { + return nil, errors.New("Failed to parse signature") + } - ret := C.secp256k1_ecdsa_recover_compact( - msg_ptr, - sig_ptr, + ret = C.secp256k1_ecdsa_recover( + context, pubkey_ptr, - &pubkeylen, - C.int(0), - C.int(sig[64]), + recoverable_sig_ptr, + msg_ptr, ) if ret == C.int(0) { return nil, errors.New("Failed to recover public key") - } else if pubkeylen != C.int(65) { - return nil, errors.New("Impossible Error: Invalid recovered public key length") } else { - return pubkey, nil + serialized_pubkey_ptr := (*C.uchar)(unsafe.Pointer(&bytes65[0])) + + var output_len C.size_t + C.secp256k1_ec_pubkey_serialize( // always returns 1 + context, + serialized_pubkey_ptr, + &output_len, + pubkey_ptr, + 0, // SECP256K1_EC_COMPRESSED + ) + return bytes65, nil } - return nil, errors.New("Impossible Error: func RecoverPubkey has reached an unreachable state") } |