github.com/SmartMeshFoundation/Spectrum@v0.0.0-20220621030607-452a266fee1e/crypto/crypto.go (about) 1 // Copyright 2014 The Spectrum Authors 2 // This file is part of the Spectrum library. 3 // 4 // The Spectrum library is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU Lesser General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // The Spectrum library is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU Lesser General Public License for more details. 13 // 14 // You should have received a copy of the GNU Lesser General Public License 15 // along with the Spectrum library. If not, see <http://www.gnu.org/licenses/>. 16 17 package crypto 18 19 import ( 20 "bytes" 21 "crypto/ecdsa" 22 "crypto/elliptic" 23 "crypto/rand" 24 "encoding/hex" 25 "errors" 26 "fmt" 27 "github.com/SmartMeshFoundation/Spectrum/crypto/vrf" 28 "io" 29 "io/ioutil" 30 "math/big" 31 "os" 32 33 "github.com/SmartMeshFoundation/Spectrum/common" 34 "github.com/SmartMeshFoundation/Spectrum/common/math" 35 "github.com/SmartMeshFoundation/Spectrum/crypto/sha3" 36 "github.com/SmartMeshFoundation/Spectrum/rlp" 37 ) 38 39 var ( 40 secp256k1_N, _ = new(big.Int).SetString("fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141", 16) 41 secp256k1_halfN = new(big.Int).Div(secp256k1_N, big.NewInt(2)) 42 ) 43 44 // Keccak256 calculates and returns the Keccak256 hash of the input data. 45 func Keccak256(data ...[]byte) []byte { 46 d := sha3.NewKeccak256() 47 for _, b := range data { 48 d.Write(b) 49 } 50 return d.Sum(nil) 51 } 52 53 // Keccak256Hash calculates and returns the Keccak256 hash of the input data, 54 // converting it to an internal Hash data structure. 55 func Keccak256Hash(data ...[]byte) (h common.Hash) { 56 d := sha3.NewKeccak256() 57 for _, b := range data { 58 d.Write(b) 59 } 60 d.Sum(h[:0]) 61 return h 62 } 63 64 // Keccak512 calculates and returns the Keccak512 hash of the input data. 65 func Keccak512(data ...[]byte) []byte { 66 d := sha3.NewKeccak512() 67 for _, b := range data { 68 d.Write(b) 69 } 70 return d.Sum(nil) 71 } 72 73 // Creates an ethereum address given the bytes and the nonce 74 func CreateAddress(b common.Address, nonce uint64) common.Address { 75 data, _ := rlp.EncodeToBytes([]interface{}{b, nonce}) 76 return common.BytesToAddress(Keccak256(data)[12:]) 77 } 78 79 // CreateAddress2 creates an ethereum address given the address bytes, initial 80 // contract code hash and a salt. 81 func CreateAddress2(b common.Address, salt [32]byte, inithash []byte) common.Address { 82 return common.BytesToAddress(Keccak256([]byte{0xff}, b.Bytes(), salt[:], inithash)[12:]) 83 } 84 85 // ToECDSA creates a private key with the given D value. 86 func ToECDSA(d []byte) (*ecdsa.PrivateKey, error) { 87 return toECDSA(d, true) 88 } 89 90 // ToECDSAUnsafe blindly converts a binary blob to a private key. It should almost 91 // never be used unless you are sure the input is valid and want to avoid hitting 92 // errors due to bad origin encoding (0 prefixes cut off). 93 func ToECDSAUnsafe(d []byte) *ecdsa.PrivateKey { 94 priv, _ := toECDSA(d, false) 95 return priv 96 } 97 98 // toECDSA creates a private key with the given D value. The strict parameter 99 // controls whether the key's length should be enforced at the curve size or 100 // it can also accept legacy encodings (0 prefixes). 101 func toECDSA(d []byte, strict bool) (*ecdsa.PrivateKey, error) { 102 priv := new(ecdsa.PrivateKey) 103 priv.PublicKey.Curve = S256() 104 if strict && 8*len(d) != priv.Params().BitSize { 105 return nil, fmt.Errorf("invalid length, need %d bits", priv.Params().BitSize) 106 } 107 priv.D = new(big.Int).SetBytes(d) 108 priv.PublicKey.X, priv.PublicKey.Y = priv.PublicKey.Curve.ScalarBaseMult(d) 109 if priv.PublicKey.X == nil { 110 return nil, errors.New("invalid private key") 111 } 112 return priv, nil 113 } 114 115 // FromECDSA exports a private key into a binary dump. 116 func FromECDSA(priv *ecdsa.PrivateKey) []byte { 117 if priv == nil { 118 return nil 119 } 120 return math.PaddedBigBytes(priv.D, priv.Params().BitSize/8) 121 } 122 123 func ToECDSAPub(pub []byte) *ecdsa.PublicKey { 124 if len(pub) == 0 { 125 return nil 126 } 127 x, y := elliptic.Unmarshal(S256(), pub) 128 return &ecdsa.PublicKey{Curve: S256(), X: x, Y: y} 129 } 130 131 func FromECDSAPub(pub *ecdsa.PublicKey) []byte { 132 if pub == nil || pub.X == nil || pub.Y == nil { 133 return nil 134 } 135 return elliptic.Marshal(S256(), pub.X, pub.Y) 136 } 137 138 // HexToECDSA parses a secp256k1 private key. 139 func HexToECDSA(hexkey string) (*ecdsa.PrivateKey, error) { 140 b, err := hex.DecodeString(hexkey) 141 if err != nil { 142 return nil, errors.New("invalid hex string") 143 } 144 return ToECDSA(b) 145 } 146 147 // LoadECDSA loads a secp256k1 private key from the given file. 148 func LoadECDSA(file string) (*ecdsa.PrivateKey, error) { 149 buf := make([]byte, 64) 150 fd, err := os.Open(file) 151 if err != nil { 152 return nil, err 153 } 154 defer fd.Close() 155 if _, err := io.ReadFull(fd, buf); err != nil { 156 return nil, err 157 } 158 159 key, err := hex.DecodeString(string(buf)) 160 if err != nil { 161 return nil, err 162 } 163 return ToECDSA(key) 164 } 165 166 // SaveECDSA saves a secp256k1 private key to the given file with 167 // restrictive permissions. The key data is saved hex-encoded. 168 func SaveECDSA(file string, key *ecdsa.PrivateKey) error { 169 k := hex.EncodeToString(FromECDSA(key)) 170 return ioutil.WriteFile(file, []byte(k), 0600) 171 } 172 173 func GenerateKey() (*ecdsa.PrivateKey, error) { 174 return ecdsa.GenerateKey(S256(), rand.Reader) 175 } 176 177 // ValidateSignatureValues verifies whether the signature values are valid with 178 // the given chain rules. The v value is assumed to be either 0 or 1. 179 func ValidateSignatureValues(v byte, r, s *big.Int, homestead bool) bool { 180 if r.Cmp(common.Big1) < 0 || s.Cmp(common.Big1) < 0 { 181 return false 182 } 183 // reject upper range of s values (ECDSA malleability) 184 // see discussion in secp256k1/libsecp256k1/include/secp256k1.h 185 if homestead && s.Cmp(secp256k1_halfN) > 0 { 186 return false 187 } 188 // Frontier: allow s to be in full N range 189 return r.Cmp(secp256k1_N) < 0 && s.Cmp(secp256k1_N) < 0 && (v == 0 || v == 1) 190 } 191 192 func PubkeyToAddress(p ecdsa.PublicKey) common.Address { 193 pubBytes := FromECDSAPub(&p) 194 return common.BytesToAddress(Keccak256(pubBytes[1:])[12:]) 195 } 196 197 func zeroBytes(bytes []byte) { 198 for i := range bytes { 199 bytes[i] = 0 200 } 201 } 202 203 // vrfnp == num + proof == byte[32] + byte[129] 204 func SimpleVRF2Bytes(prv *ecdsa.PrivateKey, msg []byte) (vrfnp []byte, err error) { 205 vrfPrv := vrf.PrivateKey{prv} 206 i, p := vrfPrv.Evaluate(msg) 207 vrfnp = append(vrfnp, i[:]...) 208 vrfnp = append(vrfnp, p[:]...) 209 return 210 } 211 212 func SimpleVRFVerify(pub *ecdsa.PublicKey, msg, vrfnp []byte) error { 213 if vrfnp == nil || pub == nil { 214 return errors.New("error params") 215 } 216 n := vrfnp[:32] 217 p := vrfnp[32:] 218 vrfPub := vrf.PublicKey{pub} 219 i, err := vrfPub.ProofToHash(msg, p) 220 if err != nil { 221 return err 222 } 223 if bytes.Equal(n[:], i[:]) { 224 return nil 225 } 226 return errors.New("vrf_verify_fail") 227 }