github.com/DFWallet/tendermint-cosmos@v0.0.2/crypto/ed25519/ed25519.go (about)

     1  package ed25519
     2  
     3  import (
     4  	"bytes"
     5  	"crypto/subtle"
     6  	"fmt"
     7  	"io"
     8  
     9  	"golang.org/x/crypto/ed25519"
    10  
    11  	"github.com/DFWallet/tendermint-cosmos/crypto"
    12  	"github.com/DFWallet/tendermint-cosmos/crypto/tmhash"
    13  	tmjson "github.com/DFWallet/tendermint-cosmos/libs/json"
    14  )
    15  
    16  //-------------------------------------
    17  
    18  var _ crypto.PrivKey = PrivKey{}
    19  
    20  const (
    21  	PrivKeyName = "tendermint/PrivKeyEd25519"
    22  	PubKeyName  = "tendermint/PubKeyEd25519"
    23  	// PubKeySize is is the size, in bytes, of public keys as used in this package.
    24  	PubKeySize = 32
    25  	// PrivateKeySize is the size, in bytes, of private keys as used in this package.
    26  	PrivateKeySize = 64
    27  	// Size of an Edwards25519 signature. Namely the size of a compressed
    28  	// Edwards25519 point, and a field element. Both of which are 32 bytes.
    29  	SignatureSize = 64
    30  	// SeedSize is the size, in bytes, of private key seeds. These are the
    31  	// private key representations used by RFC 8032.
    32  	SeedSize = 32
    33  
    34  	KeyType = "ed25519"
    35  )
    36  
    37  func init() {
    38  	tmjson.RegisterType(PubKey{}, PubKeyName)
    39  	tmjson.RegisterType(PrivKey{}, PrivKeyName)
    40  }
    41  
    42  // PrivKey implements crypto.PrivKey.
    43  type PrivKey []byte
    44  
    45  // Bytes returns the privkey byte format.
    46  func (privKey PrivKey) Bytes() []byte {
    47  	return []byte(privKey)
    48  }
    49  
    50  // Sign produces a signature on the provided message.
    51  // This assumes the privkey is wellformed in the golang format.
    52  // The first 32 bytes should be random,
    53  // corresponding to the normal ed25519 private key.
    54  // The latter 32 bytes should be the compressed public key.
    55  // If these conditions aren't met, Sign will panic or produce an
    56  // incorrect signature.
    57  func (privKey PrivKey) Sign(msg []byte) ([]byte, error) {
    58  	signatureBytes := ed25519.Sign(ed25519.PrivateKey(privKey), msg)
    59  	return signatureBytes, nil
    60  }
    61  
    62  // PubKey gets the corresponding public key from the private key.
    63  //
    64  // Panics if the private key is not initialized.
    65  func (privKey PrivKey) PubKey() crypto.PubKey {
    66  	// If the latter 32 bytes of the privkey are all zero, privkey is not
    67  	// initialized.
    68  	initialized := false
    69  	for _, v := range privKey[32:] {
    70  		if v != 0 {
    71  			initialized = true
    72  			break
    73  		}
    74  	}
    75  
    76  	if !initialized {
    77  		panic("Expected ed25519 PrivKey to include concatenated pubkey bytes")
    78  	}
    79  
    80  	pubkeyBytes := make([]byte, PubKeySize)
    81  	copy(pubkeyBytes, privKey[32:])
    82  	return PubKey(pubkeyBytes)
    83  }
    84  
    85  // Equals - you probably don't need to use this.
    86  // Runs in constant time based on length of the keys.
    87  func (privKey PrivKey) Equals(other crypto.PrivKey) bool {
    88  	if otherEd, ok := other.(PrivKey); ok {
    89  		return subtle.ConstantTimeCompare(privKey[:], otherEd[:]) == 1
    90  	}
    91  
    92  	return false
    93  }
    94  
    95  func (privKey PrivKey) Type() string {
    96  	return KeyType
    97  }
    98  
    99  // GenPrivKey generates a new ed25519 private key.
   100  // It uses OS randomness in conjunction with the current global random seed
   101  // in tendermint/libs/common to generate the private key.
   102  func GenPrivKey() PrivKey {
   103  	return genPrivKey(crypto.CReader())
   104  }
   105  
   106  // genPrivKey generates a new ed25519 private key using the provided reader.
   107  func genPrivKey(rand io.Reader) PrivKey {
   108  	seed := make([]byte, SeedSize)
   109  
   110  	_, err := io.ReadFull(rand, seed)
   111  	if err != nil {
   112  		panic(err)
   113  	}
   114  
   115  	return PrivKey(ed25519.NewKeyFromSeed(seed))
   116  }
   117  
   118  // GenPrivKeyFromSecret hashes the secret with SHA2, and uses
   119  // that 32 byte output to create the private key.
   120  // NOTE: secret should be the output of a KDF like bcrypt,
   121  // if it's derived from user input.
   122  func GenPrivKeyFromSecret(secret []byte) PrivKey {
   123  	seed := crypto.Sha256(secret) // Not Ripemd160 because we want 32 bytes.
   124  
   125  	return PrivKey(ed25519.NewKeyFromSeed(seed))
   126  }
   127  
   128  //-------------------------------------
   129  
   130  var _ crypto.PubKey = PubKey{}
   131  
   132  // PubKeyEd25519 implements crypto.PubKey for the Ed25519 signature scheme.
   133  type PubKey []byte
   134  
   135  // Address is the SHA256-20 of the raw pubkey bytes.
   136  func (pubKey PubKey) Address() crypto.Address {
   137  	if len(pubKey) != PubKeySize {
   138  		panic("pubkey is incorrect size")
   139  	}
   140  	return crypto.Address(tmhash.SumTruncated(pubKey))
   141  }
   142  
   143  // Bytes returns the PubKey byte format.
   144  func (pubKey PubKey) Bytes() []byte {
   145  	return []byte(pubKey)
   146  }
   147  
   148  func (pubKey PubKey) VerifySignature(msg []byte, sig []byte) bool {
   149  	// make sure we use the same algorithm to sign
   150  	if len(sig) != SignatureSize {
   151  		return false
   152  	}
   153  
   154  	return ed25519.Verify(ed25519.PublicKey(pubKey), msg, sig)
   155  }
   156  
   157  func (pubKey PubKey) String() string {
   158  	return fmt.Sprintf("PubKeyEd25519{%X}", []byte(pubKey))
   159  }
   160  
   161  func (pubKey PubKey) Type() string {
   162  	return KeyType
   163  }
   164  
   165  func (pubKey PubKey) Equals(other crypto.PubKey) bool {
   166  	if otherEd, ok := other.(PubKey); ok {
   167  		return bytes.Equal(pubKey[:], otherEd[:])
   168  	}
   169  
   170  	return false
   171  }