github.com/gochain-io/gochain@v2.2.26+incompatible/crypto/crypto.go (about)

     1  // Copyright 2014 The go-ethereum Authors
     2  // This file is part of the go-ethereum library.
     3  //
     4  // The go-ethereum library is free software: you can redistribute it and/or modify
     5  // it under the terms of the GNU Lesser General Public License as published by
     6  // the Free Software Foundation, either version 3 of the License, or
     7  // (at your option) any later version.
     8  //
     9  // The go-ethereum library is distributed in the hope that it will be useful,
    10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
    11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    12  // GNU Lesser General Public License for more details.
    13  //
    14  // You should have received a copy of the GNU Lesser General Public License
    15  // along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
    16  
    17  package crypto
    18  
    19  import (
    20  	"crypto/ecdsa"
    21  	"crypto/elliptic"
    22  	"crypto/rand"
    23  	"encoding/hex"
    24  	"errors"
    25  	"fmt"
    26  	"io"
    27  	"io/ioutil"
    28  	"math/big"
    29  	"os"
    30  
    31  	"github.com/gochain-io/gochain/common"
    32  	"github.com/gochain-io/gochain/common/math"
    33  	"github.com/gochain-io/gochain/crypto/sha3"
    34  	"github.com/gochain-io/gochain/rlp"
    35  )
    36  
    37  var (
    38  	secp256k1_N, _  = new(big.Int).SetString("fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141", 16)
    39  	secp256k1_halfN = new(big.Int).Div(secp256k1_N, big.NewInt(2))
    40  )
    41  
    42  // Keccak256 calculates and returns the Keccak256 hash of the input data.
    43  // Consider using sha3.Keccak256 directly instead.
    44  func Keccak256(data ...[]byte) []byte {
    45  	var h common.Hash
    46  	sha3.Keccak256(h[:], data...)
    47  	return h[:]
    48  }
    49  
    50  // Keccak256Hash calculates and returns the Keccak256 hash of the input data,
    51  // converting it to an internal Hash data structure.
    52  // Consider using sha3.Keccak256 directly instead.
    53  func Keccak256Hash(data ...[]byte) (h common.Hash) {
    54  	sha3.Keccak256(h[:], data...)
    55  	return h
    56  }
    57  
    58  // Creates an ethereum address given the bytes and the nonce
    59  func CreateAddress(b common.Address, nonce uint64) common.Address {
    60  	data, _ := rlp.EncodeToBytes([]interface{}{b, nonce})
    61  	var a common.Address
    62  	h := Keccak256Hash(data)
    63  	copy(a[:], h[12:])
    64  	return a
    65  }
    66  
    67  // CreateAddress2 creates an ethereum address given the address bytes, initial
    68  // contract code hash and a salt.
    69  func CreateAddress2(b common.Address, salt [32]byte, inithash []byte) common.Address {
    70  	return common.BytesToAddress(Keccak256([]byte{0xff}, b.Bytes(), salt[:], inithash)[12:])
    71  }
    72  
    73  // ToECDSA creates a private key with the given D value.
    74  func ToECDSA(d []byte) (*ecdsa.PrivateKey, error) {
    75  	return toECDSA(d, true)
    76  }
    77  
    78  // ToECDSAUnsafe blindly converts a binary blob to a private key. It should almost
    79  // never be used unless you are sure the input is valid and want to avoid hitting
    80  // errors due to bad origin encoding (0 prefixes cut off).
    81  func ToECDSAUnsafe(d []byte) *ecdsa.PrivateKey {
    82  	priv, _ := toECDSA(d, false)
    83  	return priv
    84  }
    85  
    86  // toECDSA creates a private key with the given D value. The strict parameter
    87  // controls whether the key's length should be enforced at the curve size or
    88  // it can also accept legacy encodings (0 prefixes).
    89  func toECDSA(d []byte, strict bool) (*ecdsa.PrivateKey, error) {
    90  	priv := new(ecdsa.PrivateKey)
    91  	priv.PublicKey.Curve = S256()
    92  	if strict && 8*len(d) != priv.Params().BitSize {
    93  		return nil, fmt.Errorf("invalid length, need %d bits", priv.Params().BitSize)
    94  	}
    95  	priv.D = new(big.Int).SetBytes(d)
    96  
    97  	// The priv.D must < N
    98  	if priv.D.Cmp(secp256k1_N) >= 0 {
    99  		return nil, fmt.Errorf("invalid private key, >=N")
   100  	}
   101  	// The priv.D must not be zero or negative.
   102  	if priv.D.Sign() <= 0 {
   103  		return nil, fmt.Errorf("invalid private key, zero or negative")
   104  	}
   105  
   106  	priv.PublicKey.X, priv.PublicKey.Y = priv.PublicKey.Curve.ScalarBaseMult(d)
   107  	if priv.PublicKey.X == nil {
   108  		return nil, errors.New("invalid private key")
   109  	}
   110  	return priv, nil
   111  }
   112  
   113  // FromECDSA exports a private key into a binary dump.
   114  func FromECDSA(priv *ecdsa.PrivateKey) []byte {
   115  	if priv == nil {
   116  		return nil
   117  	}
   118  	return math.PaddedBigBytes(priv.D, priv.Params().BitSize/8)
   119  }
   120  
   121  func ToECDSAPub(pub []byte) *ecdsa.PublicKey {
   122  	if len(pub) == 0 {
   123  		return nil
   124  	}
   125  	x, y := elliptic.Unmarshal(S256(), pub)
   126  	return &ecdsa.PublicKey{Curve: S256(), X: x, Y: y}
   127  }
   128  
   129  func FromECDSAPub(pub *ecdsa.PublicKey) []byte {
   130  	if pub == nil || pub.X == nil || pub.Y == nil {
   131  		return nil
   132  	}
   133  	return elliptic.Marshal(S256(), pub.X, pub.Y)
   134  }
   135  
   136  // HexToECDSA parses a secp256k1 private key.
   137  func HexToECDSA(hexkey string) (*ecdsa.PrivateKey, error) {
   138  	b, err := hex.DecodeString(hexkey)
   139  	if err != nil {
   140  		return nil, errors.New("invalid hex string")
   141  	}
   142  	return ToECDSA(b)
   143  }
   144  
   145  // LoadECDSA loads a secp256k1 private key from the given file.
   146  func LoadECDSA(file string) (*ecdsa.PrivateKey, error) {
   147  	buf := make([]byte, 64)
   148  	fd, err := os.Open(file)
   149  	if err != nil {
   150  		return nil, err
   151  	}
   152  	defer fd.Close()
   153  	if _, err := io.ReadFull(fd, buf); err != nil {
   154  		return nil, err
   155  	}
   156  
   157  	key, err := hex.DecodeString(string(buf))
   158  	if err != nil {
   159  		return nil, err
   160  	}
   161  	return ToECDSA(key)
   162  }
   163  
   164  // SaveECDSA saves a secp256k1 private key to the given file with
   165  // restrictive permissions. The key data is saved hex-encoded.
   166  func SaveECDSA(file string, key *ecdsa.PrivateKey) error {
   167  	k := hex.EncodeToString(FromECDSA(key))
   168  	return ioutil.WriteFile(file, []byte(k), 0600)
   169  }
   170  
   171  func GenerateKey() (*ecdsa.PrivateKey, error) {
   172  	return ecdsa.GenerateKey(S256(), rand.Reader)
   173  }
   174  
   175  // ValidateSignatureValues verifies whether the signature values are valid with
   176  // the given chain rules. The v value is assumed to be either 0 or 1.
   177  func ValidateSignatureValues(v byte, r, s *big.Int, homestead bool) bool {
   178  	if r.Cmp(common.Big1) < 0 || s.Cmp(common.Big1) < 0 {
   179  		return false
   180  	}
   181  	// reject upper range of s values (ECDSA malleability)
   182  	// see discussion in secp256k1/libsecp256k1/include/secp256k1.h
   183  	if homestead && s.Cmp(secp256k1_halfN) > 0 {
   184  		return false
   185  	}
   186  	// Frontier: allow s to be in full N range
   187  	return r.Cmp(secp256k1_N) < 0 && s.Cmp(secp256k1_N) < 0 && (v == 0 || v == 1)
   188  }
   189  
   190  func PubkeyToAddress(p ecdsa.PublicKey) common.Address {
   191  	pubBytes := FromECDSAPub(&p)
   192  	var a common.Address
   193  	h := Keccak256Hash(pubBytes[1:])
   194  	copy(a[:], h[12:])
   195  	return a
   196  }
   197  
   198  func zeroBytes(bytes []byte) {
   199  	for i := range bytes {
   200  		bytes[i] = 0
   201  	}
   202  }