github.com/n1ghtfa1l/go-vnt@v0.6.4-alpha.6/crypto/secp256k1/secp256.go

github.com/n1ghtfa1l/go-vnt@v0.6.4-alpha.6/crypto/secp256k1/secp256.go (about)

     1  // Copyright 2015 The go-ethereum Authors
     2  // This file is part of the go-ethereum library.
     3  //
     4  // The go-ethereum library is free software: you can redistribute it and/or modify
     5  // it under the terms of the GNU Lesser General Public License as published by
     6  // the Free Software Foundation, either version 3 of the License, or
     7  // (at your option) any later version.
     8  //
     9  // The go-ethereum library is distributed in the hope that it will be useful,
    10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
    11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    12  // GNU Lesser General Public License for more details.
    13  //
    14  // You should have received a copy of the GNU Lesser General Public License
    15  // along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
    16  
    17  // Package secp256k1 wraps the bitcoin secp256k1 C library.
    18  package secp256k1
    19  
    20  /*
    21  #cgo CFLAGS: -I./libsecp256k1
    22  #cgo CFLAGS: -I./libsecp256k1/src/
    23  #define USE_NUM_NONE
    24  #define USE_FIELD_10X26
    25  #define USE_FIELD_INV_BUILTIN
    26  #define USE_SCALAR_8X32
    27  #define USE_SCALAR_INV_BUILTIN
    28  #define NDEBUG
    29  #include "./libsecp256k1/src/secp256k1.c"
    30  #include "./libsecp256k1/src/modules/recovery/main_impl.h"
    31  #include "ext.h"
    32  
    33  typedef void (*callbackFunc) (const char* msg, void* data);
    34  extern void secp256k1GoPanicIllegal(const char* msg, void* data);
    35  extern void secp256k1GoPanicError(const char* msg, void* data);
    36  */
    37  import "C"
    38  
    39  import (
    40  	"errors"
    41  	// "fmt"
    42  	"math/big"
    43  	"unsafe"
    44  )
    45  
    46  var context *C.secp256k1_context
    47  
    48  func init() {
    49  	// around 20 ms on a modern CPU.
    50  	context = C.secp256k1_context_create_sign_verify()
    51  	C.secp256k1_context_set_illegal_callback(context, C.callbackFunc(C.secp256k1GoPanicIllegal), nil)
    52  	C.secp256k1_context_set_error_callback(context, C.callbackFunc(C.secp256k1GoPanicError), nil)
    53  }
    54  
    55  var (
    56  	ErrInvalidMsgLen       = errors.New("invalid message length, need 32 bytes")
    57  	ErrInvalidSignatureLen = errors.New("invalid signature length")
    58  	ErrInvalidRecoveryID   = errors.New("invalid signature recovery id")
    59  	ErrInvalidKey          = errors.New("invalid private key")
    60  	ErrInvalidPubkey       = errors.New("invalid public key")
    61  	ErrSignFailed          = errors.New("signing failed")
    62  	ErrRecoverFailed       = errors.New("recovery failed")
    63  )
    64  
    65  // Sign creates a recoverable ECDSA signature.
    66  // The produced signature is in the 65-byte [R || S || V] format where V is 0 or 1.
    67  //
    68  // The caller is responsible for ensuring that msg cannot be chosen
    69  // directly by an attacker. It is usually preferable to use a cryptographic
    70  // hash function on any input before handing it to this function.
    71  func Sign(msg []byte, seckey []byte) ([]byte, error) {
    72  	if len(msg) != 32 {
    73  		return nil, ErrInvalidMsgLen
    74  	}
    75  	if len(seckey) != 32 {
    76  		return nil, ErrInvalidKey
    77  	}
    78  	seckeydata := (*C.uchar)(unsafe.Pointer(&seckey[0]))
    79  	if C.secp256k1_ec_seckey_verify(context, seckeydata) != 1 {
    80  		return nil, ErrInvalidKey
    81  	}
    82  
    83  	var (
    84  		msgdata   = (*C.uchar)(unsafe.Pointer(&msg[0]))
    85  		noncefunc = C.secp256k1_nonce_function_rfc6979
    86  		sigstruct C.secp256k1_ecdsa_recoverable_signature
    87  	)
    88  	if C.secp256k1_ecdsa_sign_recoverable(context, &sigstruct, msgdata, seckeydata, noncefunc, nil) == 0 {
    89  		return nil, ErrSignFailed
    90  	}
    91  
    92  	var (
    93  		sig     = make([]byte, 65)
    94  		sigdata = (*C.uchar)(unsafe.Pointer(&sig[0]))
    95  		recid   C.int
    96  	)
    97  	C.secp256k1_ecdsa_recoverable_signature_serialize_compact(context, sigdata, &recid, &sigstruct)
    98  	sig[64] = byte(recid) // add back recid to get 65 bytes sig
    99  	return sig, nil
   100  }
   101  
   102  // RecoverPubkey returns the the public key of the signer.
   103  // msg must be the 32-byte hash of the message to be signed.
   104  // sig must be a 65-byte compact ECDSA signature containing the
   105  // recovery id as the last element.
   106  func RecoverPubkey(msg []byte, sig []byte) ([]byte, error) {
   107  	if len(msg) != 32 {
   108  		return nil, ErrInvalidMsgLen
   109  	}
   110  	if err := checkSignature(sig); err != nil {
   111  		return nil, err
   112  	}
   113  
   114  	var (
   115  		pubkey  = make([]byte, 65)
   116  		sigdata = (*C.uchar)(unsafe.Pointer(&sig[0]))
   117  		msgdata = (*C.uchar)(unsafe.Pointer(&msg[0]))
   118  	)
   119  	if C.secp256k1_ext_ecdsa_recover(context, (*C.uchar)(unsafe.Pointer(&pubkey[0])), sigdata, msgdata) == 0 {
   120  		return nil, ErrRecoverFailed
   121  	}
   122  	return pubkey, nil
   123  }
   124  
   125  // VerifySignature checks that the given pubkey created signature over message.
   126  // The signature should be in [R || S] format.
   127  func VerifySignature(pubkey, msg, signature []byte) bool {
   128  	// fmt.Println("msg: ", len(msg))
   129  	// fmt.Println("signature: ", len(signature))
   130  	if len(msg) != 32 || len(signature) != 64 || len(pubkey) == 0 {
   131  		return false
   132  	}
   133  	sigdata := (*C.uchar)(unsafe.Pointer(&signature[0]))
   134  	msgdata := (*C.uchar)(unsafe.Pointer(&msg[0]))
   135  	keydata := (*C.uchar)(unsafe.Pointer(&pubkey[0]))
   136  	return C.secp256k1_ext_ecdsa_verify(context, sigdata, msgdata, keydata, C.size_t(len(pubkey))) != 0
   137  }
   138  
   139  // DecompressPubkey parses a public key in the 33-byte compressed format.
   140  // It returns non-nil coordinates if the public key is valid.
   141  func DecompressPubkey(pubkey []byte) (x, y *big.Int) {
   142  	if len(pubkey) != 33 {
   143  		return nil, nil
   144  	}
   145  	var (
   146  		pubkeydata = (*C.uchar)(unsafe.Pointer(&pubkey[0]))
   147  		pubkeylen  = C.size_t(len(pubkey))
   148  		out        = make([]byte, 65)
   149  		outdata    = (*C.uchar)(unsafe.Pointer(&out[0]))
   150  		outlen     = C.size_t(len(out))
   151  	)
   152  	if C.secp256k1_ext_reencode_pubkey(context, outdata, outlen, pubkeydata, pubkeylen) == 0 {
   153  		return nil, nil
   154  	}
   155  	return new(big.Int).SetBytes(out[1:33]), new(big.Int).SetBytes(out[33:])
   156  }
   157  
   158  // CompressPubkey encodes a public key to 33-byte compressed format.
   159  func CompressPubkey(x, y *big.Int) []byte {
   160  	var (
   161  		pubkey     = S256().Marshal(x, y)
   162  		pubkeydata = (*C.uchar)(unsafe.Pointer(&pubkey[0]))
   163  		pubkeylen  = C.size_t(len(pubkey))
   164  		out        = make([]byte, 33)
   165  		outdata    = (*C.uchar)(unsafe.Pointer(&out[0]))
   166  		outlen     = C.size_t(len(out))
   167  	)
   168  	if C.secp256k1_ext_reencode_pubkey(context, outdata, outlen, pubkeydata, pubkeylen) == 0 {
   169  		panic("libsecp256k1 error")
   170  	}
   171  	return out
   172  }
   173  
   174  func checkSignature(sig []byte) error {
   175  	if len(sig) != 65 {
   176  		return ErrInvalidSignatureLen
   177  	}
   178  	if sig[64] >= 4 {
   179  		return ErrInvalidRecoveryID
   180  	}
   181  	return nil
   182  }