github.com/DFWallet/tendermint-cosmos@v0.0.2/crypto/ed25519/ed25519.go (about) 1 package ed25519 2 3 import ( 4 "bytes" 5 "crypto/subtle" 6 "fmt" 7 "io" 8 9 "golang.org/x/crypto/ed25519" 10 11 "github.com/DFWallet/tendermint-cosmos/crypto" 12 "github.com/DFWallet/tendermint-cosmos/crypto/tmhash" 13 tmjson "github.com/DFWallet/tendermint-cosmos/libs/json" 14 ) 15 16 //------------------------------------- 17 18 var _ crypto.PrivKey = PrivKey{} 19 20 const ( 21 PrivKeyName = "tendermint/PrivKeyEd25519" 22 PubKeyName = "tendermint/PubKeyEd25519" 23 // PubKeySize is is the size, in bytes, of public keys as used in this package. 24 PubKeySize = 32 25 // PrivateKeySize is the size, in bytes, of private keys as used in this package. 26 PrivateKeySize = 64 27 // Size of an Edwards25519 signature. Namely the size of a compressed 28 // Edwards25519 point, and a field element. Both of which are 32 bytes. 29 SignatureSize = 64 30 // SeedSize is the size, in bytes, of private key seeds. These are the 31 // private key representations used by RFC 8032. 32 SeedSize = 32 33 34 KeyType = "ed25519" 35 ) 36 37 func init() { 38 tmjson.RegisterType(PubKey{}, PubKeyName) 39 tmjson.RegisterType(PrivKey{}, PrivKeyName) 40 } 41 42 // PrivKey implements crypto.PrivKey. 43 type PrivKey []byte 44 45 // Bytes returns the privkey byte format. 46 func (privKey PrivKey) Bytes() []byte { 47 return []byte(privKey) 48 } 49 50 // Sign produces a signature on the provided message. 51 // This assumes the privkey is wellformed in the golang format. 52 // The first 32 bytes should be random, 53 // corresponding to the normal ed25519 private key. 54 // The latter 32 bytes should be the compressed public key. 55 // If these conditions aren't met, Sign will panic or produce an 56 // incorrect signature. 57 func (privKey PrivKey) Sign(msg []byte) ([]byte, error) { 58 signatureBytes := ed25519.Sign(ed25519.PrivateKey(privKey), msg) 59 return signatureBytes, nil 60 } 61 62 // PubKey gets the corresponding public key from the private key. 63 // 64 // Panics if the private key is not initialized. 65 func (privKey PrivKey) PubKey() crypto.PubKey { 66 // If the latter 32 bytes of the privkey are all zero, privkey is not 67 // initialized. 68 initialized := false 69 for _, v := range privKey[32:] { 70 if v != 0 { 71 initialized = true 72 break 73 } 74 } 75 76 if !initialized { 77 panic("Expected ed25519 PrivKey to include concatenated pubkey bytes") 78 } 79 80 pubkeyBytes := make([]byte, PubKeySize) 81 copy(pubkeyBytes, privKey[32:]) 82 return PubKey(pubkeyBytes) 83 } 84 85 // Equals - you probably don't need to use this. 86 // Runs in constant time based on length of the keys. 87 func (privKey PrivKey) Equals(other crypto.PrivKey) bool { 88 if otherEd, ok := other.(PrivKey); ok { 89 return subtle.ConstantTimeCompare(privKey[:], otherEd[:]) == 1 90 } 91 92 return false 93 } 94 95 func (privKey PrivKey) Type() string { 96 return KeyType 97 } 98 99 // GenPrivKey generates a new ed25519 private key. 100 // It uses OS randomness in conjunction with the current global random seed 101 // in tendermint/libs/common to generate the private key. 102 func GenPrivKey() PrivKey { 103 return genPrivKey(crypto.CReader()) 104 } 105 106 // genPrivKey generates a new ed25519 private key using the provided reader. 107 func genPrivKey(rand io.Reader) PrivKey { 108 seed := make([]byte, SeedSize) 109 110 _, err := io.ReadFull(rand, seed) 111 if err != nil { 112 panic(err) 113 } 114 115 return PrivKey(ed25519.NewKeyFromSeed(seed)) 116 } 117 118 // GenPrivKeyFromSecret hashes the secret with SHA2, and uses 119 // that 32 byte output to create the private key. 120 // NOTE: secret should be the output of a KDF like bcrypt, 121 // if it's derived from user input. 122 func GenPrivKeyFromSecret(secret []byte) PrivKey { 123 seed := crypto.Sha256(secret) // Not Ripemd160 because we want 32 bytes. 124 125 return PrivKey(ed25519.NewKeyFromSeed(seed)) 126 } 127 128 //------------------------------------- 129 130 var _ crypto.PubKey = PubKey{} 131 132 // PubKeyEd25519 implements crypto.PubKey for the Ed25519 signature scheme. 133 type PubKey []byte 134 135 // Address is the SHA256-20 of the raw pubkey bytes. 136 func (pubKey PubKey) Address() crypto.Address { 137 if len(pubKey) != PubKeySize { 138 panic("pubkey is incorrect size") 139 } 140 return crypto.Address(tmhash.SumTruncated(pubKey)) 141 } 142 143 // Bytes returns the PubKey byte format. 144 func (pubKey PubKey) Bytes() []byte { 145 return []byte(pubKey) 146 } 147 148 func (pubKey PubKey) VerifySignature(msg []byte, sig []byte) bool { 149 // make sure we use the same algorithm to sign 150 if len(sig) != SignatureSize { 151 return false 152 } 153 154 return ed25519.Verify(ed25519.PublicKey(pubKey), msg, sig) 155 } 156 157 func (pubKey PubKey) String() string { 158 return fmt.Sprintf("PubKeyEd25519{%X}", []byte(pubKey)) 159 } 160 161 func (pubKey PubKey) Type() string { 162 return KeyType 163 } 164 165 func (pubKey PubKey) Equals(other crypto.PubKey) bool { 166 if otherEd, ok := other.(PubKey); ok { 167 return bytes.Equal(pubKey[:], otherEd[:]) 168 } 169 170 return false 171 }