github.com/YoungNK/go-ethereum@v1.9.7/crypto/crypto.go (about) 1 // Copyright 2014 The go-ethereum Authors 2 // This file is part of the go-ethereum library. 3 // 4 // The go-ethereum library is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU Lesser General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // The go-ethereum library is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU Lesser General Public License for more details. 13 // 14 // You should have received a copy of the GNU Lesser General Public License 15 // along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>. 16 17 package crypto 18 19 import ( 20 "crypto/ecdsa" 21 "crypto/elliptic" 22 "crypto/rand" 23 "encoding/hex" 24 "errors" 25 "fmt" 26 "io" 27 "io/ioutil" 28 "math/big" 29 "os" 30 31 "github.com/ethereum/go-ethereum/common" 32 "github.com/ethereum/go-ethereum/common/math" 33 "github.com/ethereum/go-ethereum/rlp" 34 "golang.org/x/crypto/sha3" 35 ) 36 37 //SignatureLength indicates the byte length required to carry a signature with recovery id. 38 const SignatureLength = 64 + 1 // 64 bytes ECDSA signature + 1 byte recovery id 39 40 // RecoveryIDOffset points to the byte offset within the signature that contains the recovery id. 41 const RecoveryIDOffset = 64 42 43 // DigestLength sets the signature digest exact length 44 const DigestLength = 32 45 46 var ( 47 secp256k1N, _ = new(big.Int).SetString("fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141", 16) 48 secp256k1halfN = new(big.Int).Div(secp256k1N, big.NewInt(2)) 49 ) 50 51 var errInvalidPubkey = errors.New("invalid secp256k1 public key") 52 53 // Keccak256 calculates and returns the Keccak256 hash of the input data. 54 func Keccak256(data ...[]byte) []byte { 55 d := sha3.NewLegacyKeccak256() 56 for _, b := range data { 57 d.Write(b) 58 } 59 return d.Sum(nil) 60 } 61 62 // Keccak256Hash calculates and returns the Keccak256 hash of the input data, 63 // converting it to an internal Hash data structure. 64 func Keccak256Hash(data ...[]byte) (h common.Hash) { 65 d := sha3.NewLegacyKeccak256() 66 for _, b := range data { 67 d.Write(b) 68 } 69 d.Sum(h[:0]) 70 return h 71 } 72 73 // Keccak512 calculates and returns the Keccak512 hash of the input data. 74 func Keccak512(data ...[]byte) []byte { 75 d := sha3.NewLegacyKeccak512() 76 for _, b := range data { 77 d.Write(b) 78 } 79 return d.Sum(nil) 80 } 81 82 // CreateAddress creates an ethereum address given the bytes and the nonce 83 func CreateAddress(b common.Address, nonce uint64) common.Address { 84 data, _ := rlp.EncodeToBytes([]interface{}{b, nonce}) 85 return common.BytesToAddress(Keccak256(data)[12:]) 86 } 87 88 // CreateAddress2 creates an ethereum address given the address bytes, initial 89 // contract code hash and a salt. 90 func CreateAddress2(b common.Address, salt [32]byte, inithash []byte) common.Address { 91 return common.BytesToAddress(Keccak256([]byte{0xff}, b.Bytes(), salt[:], inithash)[12:]) 92 } 93 94 // ToECDSA creates a private key with the given D value. 95 func ToECDSA(d []byte) (*ecdsa.PrivateKey, error) { 96 return toECDSA(d, true) 97 } 98 99 // ToECDSAUnsafe blindly converts a binary blob to a private key. It should almost 100 // never be used unless you are sure the input is valid and want to avoid hitting 101 // errors due to bad origin encoding (0 prefixes cut off). 102 func ToECDSAUnsafe(d []byte) *ecdsa.PrivateKey { 103 priv, _ := toECDSA(d, false) 104 return priv 105 } 106 107 // toECDSA creates a private key with the given D value. The strict parameter 108 // controls whether the key's length should be enforced at the curve size or 109 // it can also accept legacy encodings (0 prefixes). 110 func toECDSA(d []byte, strict bool) (*ecdsa.PrivateKey, error) { 111 priv := new(ecdsa.PrivateKey) 112 priv.PublicKey.Curve = S256() 113 if strict && 8*len(d) != priv.Params().BitSize { 114 return nil, fmt.Errorf("invalid length, need %d bits", priv.Params().BitSize) 115 } 116 priv.D = new(big.Int).SetBytes(d) 117 118 // The priv.D must < N 119 if priv.D.Cmp(secp256k1N) >= 0 { 120 return nil, fmt.Errorf("invalid private key, >=N") 121 } 122 // The priv.D must not be zero or negative. 123 if priv.D.Sign() <= 0 { 124 return nil, fmt.Errorf("invalid private key, zero or negative") 125 } 126 127 priv.PublicKey.X, priv.PublicKey.Y = priv.PublicKey.Curve.ScalarBaseMult(d) 128 if priv.PublicKey.X == nil { 129 return nil, errors.New("invalid private key") 130 } 131 return priv, nil 132 } 133 134 // FromECDSA exports a private key into a binary dump. 135 func FromECDSA(priv *ecdsa.PrivateKey) []byte { 136 if priv == nil { 137 return nil 138 } 139 return math.PaddedBigBytes(priv.D, priv.Params().BitSize/8) 140 } 141 142 // UnmarshalPubkey converts bytes to a secp256k1 public key. 143 func UnmarshalPubkey(pub []byte) (*ecdsa.PublicKey, error) { 144 x, y := elliptic.Unmarshal(S256(), pub) 145 if x == nil { 146 return nil, errInvalidPubkey 147 } 148 return &ecdsa.PublicKey{Curve: S256(), X: x, Y: y}, nil 149 } 150 151 func FromECDSAPub(pub *ecdsa.PublicKey) []byte { 152 if pub == nil || pub.X == nil || pub.Y == nil { 153 return nil 154 } 155 return elliptic.Marshal(S256(), pub.X, pub.Y) 156 } 157 158 // HexToECDSA parses a secp256k1 private key. 159 func HexToECDSA(hexkey string) (*ecdsa.PrivateKey, error) { 160 b, err := hex.DecodeString(hexkey) 161 if err != nil { 162 return nil, errors.New("invalid hex string") 163 } 164 return ToECDSA(b) 165 } 166 167 // LoadECDSA loads a secp256k1 private key from the given file. 168 func LoadECDSA(file string) (*ecdsa.PrivateKey, error) { 169 buf := make([]byte, 64) 170 fd, err := os.Open(file) 171 if err != nil { 172 return nil, err 173 } 174 defer fd.Close() 175 if _, err := io.ReadFull(fd, buf); err != nil { 176 return nil, err 177 } 178 179 key, err := hex.DecodeString(string(buf)) 180 if err != nil { 181 return nil, err 182 } 183 return ToECDSA(key) 184 } 185 186 // SaveECDSA saves a secp256k1 private key to the given file with 187 // restrictive permissions. The key data is saved hex-encoded. 188 func SaveECDSA(file string, key *ecdsa.PrivateKey) error { 189 k := hex.EncodeToString(FromECDSA(key)) 190 return ioutil.WriteFile(file, []byte(k), 0600) 191 } 192 193 func GenerateKey() (*ecdsa.PrivateKey, error) { 194 return ecdsa.GenerateKey(S256(), rand.Reader) 195 } 196 197 // ValidateSignatureValues verifies whether the signature values are valid with 198 // the given chain rules. The v value is assumed to be either 0 or 1. 199 func ValidateSignatureValues(v byte, r, s *big.Int, homestead bool) bool { 200 if r.Cmp(common.Big1) < 0 || s.Cmp(common.Big1) < 0 { 201 return false 202 } 203 // reject upper range of s values (ECDSA malleability) 204 // see discussion in secp256k1/libsecp256k1/include/secp256k1.h 205 if homestead && s.Cmp(secp256k1halfN) > 0 { 206 return false 207 } 208 // Frontier: allow s to be in full N range 209 return r.Cmp(secp256k1N) < 0 && s.Cmp(secp256k1N) < 0 && (v == 0 || v == 1) 210 } 211 212 func PubkeyToAddress(p ecdsa.PublicKey) common.Address { 213 pubBytes := FromECDSAPub(&p) 214 return common.BytesToAddress(Keccak256(pubBytes[1:])[12:]) 215 } 216 217 func zeroBytes(bytes []byte) { 218 for i := range bytes { 219 bytes[i] = 0 220 } 221 }