github.com/n1ghtfa1l/go-vnt@v0.6.4-alpha.6/crypto/secp256k1/secp256.go (about) 1 // Copyright 2015 The go-ethereum Authors 2 // This file is part of the go-ethereum library. 3 // 4 // The go-ethereum library is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU Lesser General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // The go-ethereum library is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU Lesser General Public License for more details. 13 // 14 // You should have received a copy of the GNU Lesser General Public License 15 // along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>. 16 17 // Package secp256k1 wraps the bitcoin secp256k1 C library. 18 package secp256k1 19 20 /* 21 #cgo CFLAGS: -I./libsecp256k1 22 #cgo CFLAGS: -I./libsecp256k1/src/ 23 #define USE_NUM_NONE 24 #define USE_FIELD_10X26 25 #define USE_FIELD_INV_BUILTIN 26 #define USE_SCALAR_8X32 27 #define USE_SCALAR_INV_BUILTIN 28 #define NDEBUG 29 #include "./libsecp256k1/src/secp256k1.c" 30 #include "./libsecp256k1/src/modules/recovery/main_impl.h" 31 #include "ext.h" 32 33 typedef void (*callbackFunc) (const char* msg, void* data); 34 extern void secp256k1GoPanicIllegal(const char* msg, void* data); 35 extern void secp256k1GoPanicError(const char* msg, void* data); 36 */ 37 import "C" 38 39 import ( 40 "errors" 41 // "fmt" 42 "math/big" 43 "unsafe" 44 ) 45 46 var context *C.secp256k1_context 47 48 func init() { 49 // around 20 ms on a modern CPU. 50 context = C.secp256k1_context_create_sign_verify() 51 C.secp256k1_context_set_illegal_callback(context, C.callbackFunc(C.secp256k1GoPanicIllegal), nil) 52 C.secp256k1_context_set_error_callback(context, C.callbackFunc(C.secp256k1GoPanicError), nil) 53 } 54 55 var ( 56 ErrInvalidMsgLen = errors.New("invalid message length, need 32 bytes") 57 ErrInvalidSignatureLen = errors.New("invalid signature length") 58 ErrInvalidRecoveryID = errors.New("invalid signature recovery id") 59 ErrInvalidKey = errors.New("invalid private key") 60 ErrInvalidPubkey = errors.New("invalid public key") 61 ErrSignFailed = errors.New("signing failed") 62 ErrRecoverFailed = errors.New("recovery failed") 63 ) 64 65 // Sign creates a recoverable ECDSA signature. 66 // The produced signature is in the 65-byte [R || S || V] format where V is 0 or 1. 67 // 68 // The caller is responsible for ensuring that msg cannot be chosen 69 // directly by an attacker. It is usually preferable to use a cryptographic 70 // hash function on any input before handing it to this function. 71 func Sign(msg []byte, seckey []byte) ([]byte, error) { 72 if len(msg) != 32 { 73 return nil, ErrInvalidMsgLen 74 } 75 if len(seckey) != 32 { 76 return nil, ErrInvalidKey 77 } 78 seckeydata := (*C.uchar)(unsafe.Pointer(&seckey[0])) 79 if C.secp256k1_ec_seckey_verify(context, seckeydata) != 1 { 80 return nil, ErrInvalidKey 81 } 82 83 var ( 84 msgdata = (*C.uchar)(unsafe.Pointer(&msg[0])) 85 noncefunc = C.secp256k1_nonce_function_rfc6979 86 sigstruct C.secp256k1_ecdsa_recoverable_signature 87 ) 88 if C.secp256k1_ecdsa_sign_recoverable(context, &sigstruct, msgdata, seckeydata, noncefunc, nil) == 0 { 89 return nil, ErrSignFailed 90 } 91 92 var ( 93 sig = make([]byte, 65) 94 sigdata = (*C.uchar)(unsafe.Pointer(&sig[0])) 95 recid C.int 96 ) 97 C.secp256k1_ecdsa_recoverable_signature_serialize_compact(context, sigdata, &recid, &sigstruct) 98 sig[64] = byte(recid) // add back recid to get 65 bytes sig 99 return sig, nil 100 } 101 102 // RecoverPubkey returns the the public key of the signer. 103 // msg must be the 32-byte hash of the message to be signed. 104 // sig must be a 65-byte compact ECDSA signature containing the 105 // recovery id as the last element. 106 func RecoverPubkey(msg []byte, sig []byte) ([]byte, error) { 107 if len(msg) != 32 { 108 return nil, ErrInvalidMsgLen 109 } 110 if err := checkSignature(sig); err != nil { 111 return nil, err 112 } 113 114 var ( 115 pubkey = make([]byte, 65) 116 sigdata = (*C.uchar)(unsafe.Pointer(&sig[0])) 117 msgdata = (*C.uchar)(unsafe.Pointer(&msg[0])) 118 ) 119 if C.secp256k1_ext_ecdsa_recover(context, (*C.uchar)(unsafe.Pointer(&pubkey[0])), sigdata, msgdata) == 0 { 120 return nil, ErrRecoverFailed 121 } 122 return pubkey, nil 123 } 124 125 // VerifySignature checks that the given pubkey created signature over message. 126 // The signature should be in [R || S] format. 127 func VerifySignature(pubkey, msg, signature []byte) bool { 128 // fmt.Println("msg: ", len(msg)) 129 // fmt.Println("signature: ", len(signature)) 130 if len(msg) != 32 || len(signature) != 64 || len(pubkey) == 0 { 131 return false 132 } 133 sigdata := (*C.uchar)(unsafe.Pointer(&signature[0])) 134 msgdata := (*C.uchar)(unsafe.Pointer(&msg[0])) 135 keydata := (*C.uchar)(unsafe.Pointer(&pubkey[0])) 136 return C.secp256k1_ext_ecdsa_verify(context, sigdata, msgdata, keydata, C.size_t(len(pubkey))) != 0 137 } 138 139 // DecompressPubkey parses a public key in the 33-byte compressed format. 140 // It returns non-nil coordinates if the public key is valid. 141 func DecompressPubkey(pubkey []byte) (x, y *big.Int) { 142 if len(pubkey) != 33 { 143 return nil, nil 144 } 145 var ( 146 pubkeydata = (*C.uchar)(unsafe.Pointer(&pubkey[0])) 147 pubkeylen = C.size_t(len(pubkey)) 148 out = make([]byte, 65) 149 outdata = (*C.uchar)(unsafe.Pointer(&out[0])) 150 outlen = C.size_t(len(out)) 151 ) 152 if C.secp256k1_ext_reencode_pubkey(context, outdata, outlen, pubkeydata, pubkeylen) == 0 { 153 return nil, nil 154 } 155 return new(big.Int).SetBytes(out[1:33]), new(big.Int).SetBytes(out[33:]) 156 } 157 158 // CompressPubkey encodes a public key to 33-byte compressed format. 159 func CompressPubkey(x, y *big.Int) []byte { 160 var ( 161 pubkey = S256().Marshal(x, y) 162 pubkeydata = (*C.uchar)(unsafe.Pointer(&pubkey[0])) 163 pubkeylen = C.size_t(len(pubkey)) 164 out = make([]byte, 33) 165 outdata = (*C.uchar)(unsafe.Pointer(&out[0])) 166 outlen = C.size_t(len(out)) 167 ) 168 if C.secp256k1_ext_reencode_pubkey(context, outdata, outlen, pubkeydata, pubkeylen) == 0 { 169 panic("libsecp256k1 error") 170 } 171 return out 172 } 173 174 func checkSignature(sig []byte) error { 175 if len(sig) != 65 { 176 return ErrInvalidSignatureLen 177 } 178 if sig[64] >= 4 { 179 return ErrInvalidRecoveryID 180 } 181 return nil 182 }