github.com/gnolang/gno@v0.0.0-20240520182011-228e9d0192ce/tm2/pkg/crypto/ed25519/ed25519.go (about)

     1  package ed25519
     2  
     3  import (
     4  	"bytes"
     5  	"crypto/subtle"
     6  	"io"
     7  
     8  	"golang.org/x/crypto/ed25519"
     9  
    10  	"github.com/gnolang/gno/tm2/pkg/amino"
    11  	"github.com/gnolang/gno/tm2/pkg/crypto"
    12  	"github.com/gnolang/gno/tm2/pkg/crypto/tmhash"
    13  )
    14  
    15  // -------------------------------------
    16  
    17  var _ crypto.PrivKey = PrivKeyEd25519{}
    18  
    19  const (
    20  	// Size of an Edwards25519 signature. Namely the size of a compressed
    21  	// Edwards25519 point, and a field element. Both of which are 32 bytes.
    22  	SignatureSize = 64
    23  )
    24  
    25  // PrivKeyEd25519 implements crypto.PrivKey.
    26  type PrivKeyEd25519 [64]byte
    27  
    28  // Bytes marshals the privkey using amino encoding w/ type information.
    29  func (privKey PrivKeyEd25519) Bytes() []byte {
    30  	return amino.MustMarshalAny(privKey)
    31  }
    32  
    33  // Sign produces a signature on the provided message.
    34  // This assumes the privkey is wellformed in the golang format.
    35  // The first 32 bytes should be random,
    36  // corresponding to the normal ed25519 private key.
    37  // The latter 32 bytes should be the compressed public key.
    38  // If these conditions aren't met, Sign will panic or produce an
    39  // incorrect signature.
    40  func (privKey PrivKeyEd25519) Sign(msg []byte) ([]byte, error) {
    41  	signatureBytes := ed25519.Sign(privKey[:], msg)
    42  	return signatureBytes, nil
    43  }
    44  
    45  // PubKey gets the corresponding public key from the private key.
    46  func (privKey PrivKeyEd25519) PubKey() crypto.PubKey {
    47  	privKeyBytes := [64]byte(privKey)
    48  	initialized := false
    49  	// If the latter 32 bytes of the privkey are all zero, compute the pubkey
    50  	// otherwise privkey is initialized and we can use the cached value inside
    51  	// of the private key.
    52  	for _, v := range privKeyBytes[32:] {
    53  		if v != 0 {
    54  			initialized = true
    55  			break
    56  		}
    57  	}
    58  
    59  	if !initialized {
    60  		panic("Expected PrivKeyEd25519 to include concatenated pubkey bytes")
    61  	}
    62  
    63  	var pubkeyBytes [PubKeyEd25519Size]byte
    64  	copy(pubkeyBytes[:], privKeyBytes[32:])
    65  	return PubKeyEd25519(pubkeyBytes)
    66  }
    67  
    68  // Equals - you probably don't need to use this.
    69  // Runs in constant time based on length of the keys.
    70  func (privKey PrivKeyEd25519) Equals(other crypto.PrivKey) bool {
    71  	if otherEd, ok := other.(PrivKeyEd25519); ok {
    72  		return subtle.ConstantTimeCompare(privKey[:], otherEd[:]) == 1
    73  	} else {
    74  		return false
    75  	}
    76  }
    77  
    78  // GenPrivKey generates a new ed25519 private key.
    79  // It uses OS randomness in conjunction with the current global random seed
    80  // in tendermint/libs/common to generate the private key.
    81  func GenPrivKey() PrivKeyEd25519 {
    82  	return genPrivKey(crypto.CReader())
    83  }
    84  
    85  // genPrivKey generates a new ed25519 private key using the provided reader.
    86  func genPrivKey(rand io.Reader) PrivKeyEd25519 {
    87  	seed := make([]byte, 32)
    88  	_, err := io.ReadFull(rand, seed)
    89  	if err != nil {
    90  		panic(err)
    91  	}
    92  
    93  	privKey := ed25519.NewKeyFromSeed(seed)
    94  	var privKeyEd PrivKeyEd25519
    95  	copy(privKeyEd[:], privKey)
    96  	return privKeyEd
    97  }
    98  
    99  // GenPrivKeyFromSecret hashes the secret with SHA2, and uses
   100  // that 32 byte output to create the private key.
   101  // NOTE: secret should be the output of a KDF like bcrypt,
   102  // if it's derived from user input.
   103  func GenPrivKeyFromSecret(secret []byte) PrivKeyEd25519 {
   104  	seed := crypto.Sha256(secret) // Not Ripemd160 because we want 32 bytes.
   105  
   106  	privKey := ed25519.NewKeyFromSeed(seed)
   107  	var privKeyEd PrivKeyEd25519
   108  	copy(privKeyEd[:], privKey)
   109  	return privKeyEd
   110  }
   111  
   112  // -------------------------------------
   113  
   114  var _ crypto.PubKey = PubKeyEd25519{}
   115  
   116  // PubKeyEd25519Size is the number of bytes in an Ed25519 signature.
   117  const PubKeyEd25519Size = 32
   118  
   119  // PubKeyEd25519 implements crypto.PubKey for the Ed25519 signature scheme.
   120  type PubKeyEd25519 [PubKeyEd25519Size]byte
   121  
   122  // Address is the SHA256-20 of the raw pubkey bytes.
   123  func (pubKey PubKeyEd25519) Address() crypto.Address {
   124  	return crypto.AddressFromBytes(tmhash.SumTruncated(pubKey[:]))
   125  }
   126  
   127  // Bytes marshals the PubKey using amino encoding.
   128  func (pubKey PubKeyEd25519) Bytes() []byte {
   129  	return amino.MustMarshalAny(pubKey)
   130  }
   131  
   132  func (pubKey PubKeyEd25519) VerifyBytes(msg []byte, sig []byte) bool {
   133  	// make sure we use the same algorithm to sign
   134  	if len(sig) != SignatureSize {
   135  		return false
   136  	}
   137  	return ed25519.Verify(pubKey[:], msg, sig)
   138  }
   139  
   140  func (pubKey PubKeyEd25519) String() string {
   141  	return crypto.PubKeyToBech32(pubKey)
   142  }
   143  
   144  func (pubKey PubKeyEd25519) Equals(other crypto.PubKey) bool {
   145  	if otherEd, ok := other.(PubKeyEd25519); ok {
   146  		return bytes.Equal(pubKey[:], otherEd[:])
   147  	} else {
   148  		return false
   149  	}
   150  }