github.com/devwanda/aphelion-staking@v0.33.9/crypto/ed25519/ed25519.go (about) 1 package ed25519 2 3 import ( 4 "bytes" 5 "crypto/subtle" 6 "fmt" 7 "io" 8 9 amino "github.com/evdatsion/go-amino" 10 "golang.org/x/crypto/ed25519" 11 12 "github.com/devwanda/aphelion-staking/crypto" 13 "github.com/devwanda/aphelion-staking/crypto/tmhash" 14 ) 15 16 //------------------------------------- 17 18 var _ crypto.PrivKey = PrivKeyEd25519{} 19 20 const ( 21 PrivKeyAminoName = "tendermint/PrivKeyEd25519" 22 PubKeyAminoName = "tendermint/PubKeyEd25519" 23 // Size of an Edwards25519 signature. Namely the size of a compressed 24 // Edwards25519 point, and a field element. Both of which are 32 bytes. 25 SignatureSize = 64 26 ) 27 28 var cdc = amino.NewCodec() 29 30 func init() { 31 cdc.RegisterInterface((*crypto.PubKey)(nil), nil) 32 cdc.RegisterConcrete(PubKeyEd25519{}, 33 PubKeyAminoName, nil) 34 35 cdc.RegisterInterface((*crypto.PrivKey)(nil), nil) 36 cdc.RegisterConcrete(PrivKeyEd25519{}, 37 PrivKeyAminoName, nil) 38 } 39 40 // PrivKeyEd25519 implements crypto.PrivKey. 41 type PrivKeyEd25519 [64]byte 42 43 // Bytes marshals the privkey using amino encoding. 44 func (privKey PrivKeyEd25519) Bytes() []byte { 45 return cdc.MustMarshalBinaryBare(privKey) 46 } 47 48 // Sign produces a signature on the provided message. 49 // This assumes the privkey is wellformed in the golang format. 50 // The first 32 bytes should be random, 51 // corresponding to the normal ed25519 private key. 52 // The latter 32 bytes should be the compressed public key. 53 // If these conditions aren't met, Sign will panic or produce an 54 // incorrect signature. 55 func (privKey PrivKeyEd25519) Sign(msg []byte) ([]byte, error) { 56 signatureBytes := ed25519.Sign(privKey[:], msg) 57 return signatureBytes, nil 58 } 59 60 // PubKey gets the corresponding public key from the private key. 61 func (privKey PrivKeyEd25519) PubKey() crypto.PubKey { 62 privKeyBytes := [64]byte(privKey) 63 initialized := false 64 // If the latter 32 bytes of the privkey are all zero, compute the pubkey 65 // otherwise privkey is initialized and we can use the cached value inside 66 // of the private key. 67 for _, v := range privKeyBytes[32:] { 68 if v != 0 { 69 initialized = true 70 break 71 } 72 } 73 74 if !initialized { 75 panic("Expected PrivKeyEd25519 to include concatenated pubkey bytes") 76 } 77 78 var pubkeyBytes [PubKeyEd25519Size]byte 79 copy(pubkeyBytes[:], privKeyBytes[32:]) 80 return PubKeyEd25519(pubkeyBytes) 81 } 82 83 // Equals - you probably don't need to use this. 84 // Runs in constant time based on length of the keys. 85 func (privKey PrivKeyEd25519) Equals(other crypto.PrivKey) bool { 86 if otherEd, ok := other.(PrivKeyEd25519); ok { 87 return subtle.ConstantTimeCompare(privKey[:], otherEd[:]) == 1 88 } 89 90 return false 91 } 92 93 // GenPrivKey generates a new ed25519 private key. 94 // It uses OS randomness in conjunction with the current global random seed 95 // in tendermint/libs/common to generate the private key. 96 func GenPrivKey() PrivKeyEd25519 { 97 return genPrivKey(crypto.CReader()) 98 } 99 100 // genPrivKey generates a new ed25519 private key using the provided reader. 101 func genPrivKey(rand io.Reader) PrivKeyEd25519 { 102 seed := make([]byte, 32) 103 _, err := io.ReadFull(rand, seed) 104 if err != nil { 105 panic(err) 106 } 107 108 privKey := ed25519.NewKeyFromSeed(seed) 109 var privKeyEd PrivKeyEd25519 110 copy(privKeyEd[:], privKey) 111 return privKeyEd 112 } 113 114 // GenPrivKeyFromSecret hashes the secret with SHA2, and uses 115 // that 32 byte output to create the private key. 116 // NOTE: secret should be the output of a KDF like bcrypt, 117 // if it's derived from user input. 118 func GenPrivKeyFromSecret(secret []byte) PrivKeyEd25519 { 119 seed := crypto.Sha256(secret) // Not Ripemd160 because we want 32 bytes. 120 121 privKey := ed25519.NewKeyFromSeed(seed) 122 var privKeyEd PrivKeyEd25519 123 copy(privKeyEd[:], privKey) 124 return privKeyEd 125 } 126 127 //------------------------------------- 128 129 var _ crypto.PubKey = PubKeyEd25519{} 130 131 // PubKeyEd25519Size is the number of bytes in an Ed25519 signature. 132 const PubKeyEd25519Size = 32 133 134 // PubKeyEd25519 implements crypto.PubKey for the Ed25519 signature scheme. 135 type PubKeyEd25519 [PubKeyEd25519Size]byte 136 137 // Address is the SHA256-20 of the raw pubkey bytes. 138 func (pubKey PubKeyEd25519) Address() crypto.Address { 139 return crypto.Address(tmhash.SumTruncated(pubKey[:])) 140 } 141 142 // Bytes marshals the PubKey using amino encoding. 143 func (pubKey PubKeyEd25519) Bytes() []byte { 144 bz, err := cdc.MarshalBinaryBare(pubKey) 145 if err != nil { 146 panic(err) 147 } 148 return bz 149 } 150 151 func (pubKey PubKeyEd25519) VerifyBytes(msg []byte, sig []byte) bool { 152 // make sure we use the same algorithm to sign 153 if len(sig) != SignatureSize { 154 return false 155 } 156 return ed25519.Verify(pubKey[:], msg, sig) 157 } 158 159 func (pubKey PubKeyEd25519) String() string { 160 return fmt.Sprintf("PubKeyEd25519{%X}", pubKey[:]) 161 } 162 163 // nolint: golint 164 func (pubKey PubKeyEd25519) Equals(other crypto.PubKey) bool { 165 if otherEd, ok := other.(PubKeyEd25519); ok { 166 return bytes.Equal(pubKey[:], otherEd[:]) 167 } 168 169 return false 170 }