github.com/amazechain/amc@v0.1.3/common/crypto/crypto.go (about) 1 // Copyright 2023 The AmazeChain Authors 2 // This file is part of the AmazeChain library. 3 // 4 // The AmazeChain library is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU Lesser General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // The AmazeChain library is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU Lesser General Public License for more details. 13 // 14 // You should have received a copy of the GNU Lesser General Public License 15 // along with the AmazeChain library. If not, see <http://www.gnu.org/licenses/>. 16 package crypto 17 18 import ( 19 "bufio" 20 "crypto/ecdsa" 21 "crypto/elliptic" 22 "crypto/rand" 23 "encoding/hex" 24 "errors" 25 "fmt" 26 "github.com/amazechain/amc/common/types" 27 "github.com/amazechain/amc/common/u256" 28 "math/big" 29 30 "github.com/amazechain/amc/common/hexutil" 31 "github.com/amazechain/amc/common/math" 32 "github.com/amazechain/amc/internal/avm/rlp" 33 "hash" 34 "io" 35 "os" 36 37 "github.com/holiman/uint256" 38 "golang.org/x/crypto/sha3" 39 ) 40 41 // SignatureLength indicates the byte length required to carry a signature with recovery id. 42 const SignatureLength = 64 + 1 // 64 bytes ECDSA signature + 1 byte recovery id 43 44 // RecoveryIDOffset points to the byte offset within the signature that contains the recovery id. 45 const RecoveryIDOffset = 64 46 47 // DigestLength sets the signature digest exact length 48 const DigestLength = 32 49 50 var ( 51 secp256k1N = new(uint256.Int).SetBytes(hexutil.MustDecode("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141")) 52 secp256k1NBig = secp256k1N.ToBig() 53 secp256k1halfN = new(uint256.Int).Div(secp256k1N, u256.Num2) 54 EmptyCodeHash = Keccak256Hash(nil) 55 ) 56 57 var errInvalidPubkey = errors.New("invalid secp256k1 public key") 58 59 // KeccakState wraps sha3.state. In addition to the usual hash methods, it also supports 60 // Read to get a variable amount of data from the hash state. Read is faster than Sum 61 // because it doesn't copy the internal state, but also modifies the internal state. 62 type KeccakState interface { 63 hash.Hash 64 Read([]byte) (int, error) 65 } 66 67 // NewKeccakState creates a new KeccakState 68 func NewKeccakState() KeccakState { 69 return sha3.NewLegacyKeccak256().(KeccakState) 70 } 71 72 // HashData hashes the provided data using the KeccakState and returns a 32 byte hash 73 func HashData(kh KeccakState, data []byte) (h types.Hash) { 74 kh.Reset() 75 //nolint:errcheck 76 kh.Write(data) 77 //nolint:errcheck 78 kh.Read(h[:]) 79 return h 80 } 81 82 // Keccak256 calculates and returns the Keccak256 hash of the input data. 83 func Keccak256(data ...[]byte) []byte { 84 b := make([]byte, 32) 85 d := NewKeccakState() 86 for _, b := range data { 87 d.Write(b) 88 } 89 d.Read(b) //nolint:errcheck 90 return b 91 } 92 93 // Keccak256Hash calculates and returns the Keccak256 hash of the input data, 94 // converting it to an internal Hash data structure. 95 func Keccak256Hash(data ...[]byte) (h types.Hash) { 96 d := NewKeccakState() 97 for _, b := range data { 98 d.Write(b) 99 } 100 d.Read(h[:]) //nolint:errcheck 101 return h 102 } 103 104 // Keccak512 calculates and returns the Keccak512 hash of the input data. 105 func Keccak512(data ...[]byte) []byte { 106 d := sha3.NewLegacyKeccak512() 107 for _, b := range data { 108 d.Write(b) 109 } 110 return d.Sum(nil) 111 } 112 113 // CreateAddress creates an ethereum address given the bytes and the nonce 114 // DESCRIBED: docs/programmers_guide/guide.md#address---identifier-of-an-account 115 func CreateAddress(b types.Address, nonce uint64) types.Address { 116 data, _ := rlp.EncodeToBytes([]interface{}{b, nonce}) 117 return types.BytesToAddress(Keccak256(data)[12:]) 118 } 119 120 // CreateAddress2 creates an ethereum address given the address bytes, initial 121 // contract code hash and a salt. 122 // DESCRIBED: docs/programmers_guide/guide.md#address---identifier-of-an-account 123 func CreateAddress2(b types.Address, salt [32]byte, inithash []byte) types.Address { 124 return types.BytesToAddress(Keccak256([]byte{0xff}, b.Bytes(), salt[:], inithash)[12:]) 125 } 126 127 // ToECDSA creates a private key with the given D value. 128 func ToECDSA(d []byte) (*ecdsa.PrivateKey, error) { 129 return toECDSA(d, true) 130 } 131 132 // ToECDSAUnsafe blindly converts a binary blob to a private key. It should almost 133 // never be used unless you are sure the input is valid and want to avoid hitting 134 // errors due to bad origin encoding (0 prefixes cut off). 135 func ToECDSAUnsafe(d []byte) *ecdsa.PrivateKey { 136 priv, _ := toECDSA(d, false) 137 return priv 138 } 139 140 // toECDSA creates a private key with the given D value. The strict parameter 141 // controls whether the key's length should be enforced at the curve size or 142 // it can also accept legacy encodings (0 prefixes). 143 func toECDSA(d []byte, strict bool) (*ecdsa.PrivateKey, error) { 144 priv := new(ecdsa.PrivateKey) 145 priv.PublicKey.Curve = S256() 146 if strict && 8*len(d) != priv.Params().BitSize { 147 return nil, fmt.Errorf("invalid length, need %d bits", priv.Params().BitSize) 148 } 149 priv.D = new(big.Int).SetBytes(d) 150 151 // The priv.D must < N 152 if priv.D.Cmp(secp256k1NBig) >= 0 { 153 return nil, fmt.Errorf("invalid private key, >=N") 154 } 155 // The priv.D must not be zero or negative. 156 if priv.D.Sign() <= 0 { 157 return nil, fmt.Errorf("invalid private key, zero or negative") 158 } 159 160 priv.PublicKey.X, priv.PublicKey.Y = priv.PublicKey.Curve.ScalarBaseMult(d) 161 if priv.PublicKey.X == nil { 162 return nil, errors.New("invalid private key") 163 } 164 return priv, nil 165 } 166 167 // FromECDSA exports a private key into a binary dump. 168 func FromECDSA(priv *ecdsa.PrivateKey) []byte { 169 if priv == nil { 170 return nil 171 } 172 return math.PaddedBigBytes(priv.D, priv.Params().BitSize/8) 173 } 174 175 // UnmarshalPubkey converts bytes to a secp256k1 public key. 176 func UnmarshalPubkey(pub []byte) (*ecdsa.PublicKey, error) { 177 x, y := elliptic.Unmarshal(S256(), pub) 178 if x == nil { 179 return nil, errInvalidPubkey 180 } 181 return &ecdsa.PublicKey{Curve: S256(), X: x, Y: y}, nil 182 } 183 184 func FromECDSAPub(pub *ecdsa.PublicKey) []byte { 185 if pub == nil || pub.X == nil || pub.Y == nil { 186 return nil 187 } 188 return elliptic.Marshal(S256(), pub.X, pub.Y) 189 } 190 191 // UnmarshalPubkeyStd parses a public key from the given bytes in the standard "uncompressed" format. 192 // The input slice must be 65 bytes long and have this format: [4, X..., Y...] 193 // See MarshalPubkeyStd. 194 func UnmarshalPubkeyStd(pub []byte) (*ecdsa.PublicKey, error) { 195 x, y := elliptic.Unmarshal(S256(), pub) 196 if x == nil { 197 return nil, errInvalidPubkey 198 } 199 return &ecdsa.PublicKey{Curve: S256(), X: x, Y: y}, nil 200 } 201 202 // MarshalPubkeyStd converts a public key into the standard "uncompressed" format. 203 // It returns a 65 bytes long slice that contains: [4, X..., Y...] 204 // Returns nil if the given public key is not initialized. 205 // See UnmarshalPubkeyStd. 206 func MarshalPubkeyStd(pub *ecdsa.PublicKey) []byte { 207 if pub == nil || pub.X == nil || pub.Y == nil { 208 return nil 209 } 210 return elliptic.Marshal(S256(), pub.X, pub.Y) 211 } 212 213 // UnmarshalPubkey parses a public key from the given bytes in the 64 bytes "uncompressed" format. 214 // The input slice must be 64 bytes long and have this format: [X..., Y...] 215 // See MarshalPubkey. 216 //func UnmarshalPubkey(keyBytes []byte) (*ecdsa.PublicKey, error) { 217 // keyBytes = append([]byte{0x4}, keyBytes...) 218 // return UnmarshalPubkeyStd(keyBytes) 219 //} 220 221 // MarshalPubkey converts a public key into a 64 bytes "uncompressed" format. 222 // It returns a 64 bytes long slice that contains: [X..., Y...] 223 // In the standard 65 bytes format the first byte is always constant (equal to 4), 224 // so it can be cut off and trivially recovered later. 225 // Returns nil if the given public key is not initialized. 226 // See UnmarshalPubkey. 227 func MarshalPubkey(pubkey *ecdsa.PublicKey) []byte { 228 keyBytes := MarshalPubkeyStd(pubkey) 229 if keyBytes == nil { 230 return nil 231 } 232 return keyBytes[1:] 233 } 234 235 // HexToECDSA parses a secp256k1 private key. 236 func HexToECDSA(hexkey string) (*ecdsa.PrivateKey, error) { 237 b, err := hex.DecodeString(hexkey) 238 if byteErr, ok := err.(hex.InvalidByteError); ok { 239 return nil, fmt.Errorf("invalid hex character %q in private key", byte(byteErr)) 240 } else if err != nil { 241 return nil, errors.New("invalid hex data for private key") 242 } 243 return ToECDSA(b) 244 } 245 246 // LoadECDSA loads a secp256k1 private key from the given file. 247 func LoadECDSA(file string) (*ecdsa.PrivateKey, error) { 248 fd, err := os.Open(file) 249 if err != nil { 250 return nil, err 251 } 252 defer fd.Close() 253 254 r := bufio.NewReader(fd) 255 buf := make([]byte, 64) 256 n, err := readASCII(buf, r) 257 if err != nil { 258 return nil, err 259 } else if n != len(buf) { 260 return nil, fmt.Errorf("key file too short, want 64 hex characters") 261 } 262 if err := checkKeyFileEnd(r); err != nil { 263 return nil, err 264 } 265 266 return HexToECDSA(string(buf)) 267 } 268 269 // readASCII reads into 'buf', stopping when the buffer is full or 270 // when a non-printable control character is encountered. 271 func readASCII(buf []byte, r *bufio.Reader) (n int, err error) { 272 for ; n < len(buf); n++ { 273 buf[n], err = r.ReadByte() 274 switch { 275 case errors.Is(err, io.EOF) || buf[n] < '!': 276 return n, nil 277 case err != nil: 278 return n, err 279 } 280 } 281 return n, nil 282 } 283 284 // checkKeyFileEnd skips over additional newlines at the end of a key file. 285 func checkKeyFileEnd(r *bufio.Reader) error { 286 for i := 0; ; i++ { 287 b, err := r.ReadByte() 288 switch { 289 case errors.Is(err, io.EOF): 290 return nil 291 case err != nil: 292 return err 293 case b != '\n' && b != '\r': 294 return fmt.Errorf("invalid character %q at end of key file", b) 295 case i >= 2: 296 return errors.New("key file too long, want 64 hex characters") 297 } 298 } 299 } 300 301 // SaveECDSA saves a secp256k1 private key to the given file with 302 // restrictive permissions. The key data is saved hex-encoded. 303 func SaveECDSA(file string, key *ecdsa.PrivateKey) error { 304 k := hex.EncodeToString(FromECDSA(key)) 305 return os.WriteFile(file, []byte(k), 0600) 306 } 307 308 // GenerateKey generates a new private key. 309 func GenerateKey() (*ecdsa.PrivateKey, error) { 310 return ecdsa.GenerateKey(S256(), rand.Reader) 311 } 312 313 // ValidateSignatureValues verifies whether the signature values are valid with 314 // the given chain rules. The v value is assumed to be either 0 or 1. 315 func ValidateSignatureValues(v byte, r, s *uint256.Int, homestead bool) bool { 316 if r.IsZero() || s.IsZero() { 317 return false 318 } 319 // reject upper range of s values (ECDSA malleability) 320 // see discussion in secp256k1/libsecp256k1/include/secp256k1.h 321 if homestead && s.Gt(secp256k1halfN) { 322 return false 323 } 324 // Frontier: allow s to be in full N range 325 return r.Lt(secp256k1N) && s.Lt(secp256k1N) && (v == 0 || v == 1) 326 } 327 328 // DESCRIBED: docs/programmers_guide/guide.md#address---identifier-of-an-account 329 func PubkeyToAddress(p ecdsa.PublicKey) types.Address { 330 pubBytes := MarshalPubkey(&p) 331 return types.BytesToAddress(Keccak256(pubBytes)[12:]) 332 } 333 334 func zeroBytes(bytes []byte) { 335 for i := range bytes { 336 bytes[i] = 0 337 } 338 }