github.com/status-im/status-go@v1.1.0/eth-node/crypto/gethcrypto.go (about) 1 // Copyright 2014 The go-ethereum Authors 2 // This file is part of the go-ethereum library. 3 // 4 // The go-ethereum library is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU Lesser General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // The go-ethereum library is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU Lesser General Public License for more details. 13 // 14 // You should have received a copy of the GNU Lesser General Public License 15 // along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>. 16 17 package crypto 18 19 import ( 20 "crypto/ecdsa" 21 "crypto/elliptic" 22 "crypto/rand" 23 "encoding/hex" 24 "errors" 25 "fmt" 26 "io" 27 "io/ioutil" 28 "math/big" 29 "os" 30 31 "golang.org/x/crypto/sha3" 32 33 "github.com/ethereum/go-ethereum/common/math" 34 "github.com/ethereum/go-ethereum/crypto/secp256k1" 35 "github.com/ethereum/go-ethereum/rlp" 36 37 "github.com/status-im/status-go/eth-node/types" 38 ) 39 40 // SignatureLength indicates the byte length required to carry a signature with recovery id. 41 const SignatureLength = 64 + 1 // 64 bytes ECDSA signature + 1 byte recovery id 42 43 // RecoveryIDOffset points to the byte offset within the signature that contains the recovery id. 44 const RecoveryIDOffset = 64 45 46 // DigestLength sets the signature digest exact length 47 const DigestLength = 32 48 49 var ( 50 secp256k1N, _ = new(big.Int).SetString("fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141", 16) 51 ) 52 53 var errInvalidPubkey = errors.New("invalid secp256k1 public key") 54 55 // Keccak256 calculates and returns the Keccak256 hash of the input data. 56 func Keccak256(data ...[]byte) []byte { 57 d := sha3.NewLegacyKeccak256() 58 for _, b := range data { 59 _, _ = d.Write(b) 60 } 61 return d.Sum(nil) 62 } 63 64 // Keccak256Hash calculates and returns the Keccak256 hash of the input data, 65 // converting it to an internal Hash data structure. 66 func Keccak256Hash(data ...[]byte) (h types.Hash) { 67 d := sha3.NewLegacyKeccak256() 68 for _, b := range data { 69 _, _ = d.Write(b) 70 } 71 d.Sum(h[:0]) 72 return h 73 } 74 75 // Keccak512 calculates and returns the Keccak512 hash of the input data. 76 func Keccak512(data ...[]byte) []byte { 77 d := sha3.NewLegacyKeccak512() 78 for _, b := range data { 79 _, _ = d.Write(b) 80 } 81 return d.Sum(nil) 82 } 83 84 // CreateAddress creates an ethereum address given the bytes and the nonce 85 func CreateAddress(b types.Address, nonce uint64) types.Address { 86 data, _ := rlp.EncodeToBytes([]interface{}{b, nonce}) 87 return types.BytesToAddress(Keccak256(data)[12:]) 88 } 89 90 // CreateAddress2 creates an ethereum address given the address bytes, initial 91 // contract code hash and a salt. 92 func CreateAddress2(b types.Address, salt [32]byte, inithash []byte) types.Address { 93 return types.BytesToAddress(Keccak256([]byte{0xff}, b.Bytes(), salt[:], inithash)[12:]) 94 } 95 96 // ToECDSA creates a private key with the given D value. 97 func ToECDSA(d []byte) (*ecdsa.PrivateKey, error) { 98 return toECDSA(d, true) 99 } 100 101 // ToECDSAUnsafe blindly converts a binary blob to a private key. It should almost 102 // never be used unless you are sure the input is valid and want to avoid hitting 103 // errors due to bad origin encoding (0 prefixes cut off). 104 func ToECDSAUnsafe(d []byte) *ecdsa.PrivateKey { 105 priv, _ := toECDSA(d, false) 106 return priv 107 } 108 109 // toECDSA creates a private key with the given D value. The strict parameter 110 // controls whether the key's length should be enforced at the curve size or 111 // it can also accept legacy encodings (0 prefixes). 112 func toECDSA(d []byte, strict bool) (*ecdsa.PrivateKey, error) { 113 priv := new(ecdsa.PrivateKey) 114 priv.PublicKey.Curve = S256() 115 if strict && 8*len(d) != priv.Params().BitSize { 116 return nil, fmt.Errorf("invalid length, need %d bits", priv.Params().BitSize) 117 } 118 priv.D = new(big.Int).SetBytes(d) 119 120 // The priv.D must < N 121 if priv.D.Cmp(secp256k1N) >= 0 { 122 return nil, fmt.Errorf("invalid private key, >=N") 123 } 124 // The priv.D must not be zero or negative. 125 if priv.D.Sign() <= 0 { 126 return nil, fmt.Errorf("invalid private key, zero or negative") 127 } 128 129 priv.PublicKey.X, priv.PublicKey.Y = priv.PublicKey.Curve.ScalarBaseMult(d) 130 if priv.PublicKey.X == nil { 131 return nil, errors.New("invalid private key") 132 } 133 return priv, nil 134 } 135 136 // FromECDSA exports a private key into a binary dump. 137 func FromECDSA(priv *ecdsa.PrivateKey) []byte { 138 if priv == nil { 139 return nil 140 } 141 return math.PaddedBigBytes(priv.D, priv.Params().BitSize/8) 142 } 143 144 // UnmarshalPubkey converts bytes to a secp256k1 public key. 145 func UnmarshalPubkey(pub []byte) (*ecdsa.PublicKey, error) { 146 x, y := elliptic.Unmarshal(S256(), pub) 147 if x == nil { 148 return nil, errInvalidPubkey 149 } 150 return &ecdsa.PublicKey{Curve: S256(), X: x, Y: y}, nil 151 } 152 153 func FromECDSAPub(pub *ecdsa.PublicKey) []byte { 154 if pub == nil || pub.X == nil || pub.Y == nil { 155 return nil 156 } 157 return elliptic.Marshal(S256(), pub.X, pub.Y) 158 } 159 160 // HexToECDSA parses a secp256k1 private key. 161 func HexToECDSA(hexkey string) (*ecdsa.PrivateKey, error) { 162 b, err := hex.DecodeString(hexkey) 163 if err != nil { 164 return nil, errors.New("invalid hex string") 165 } 166 return ToECDSA(b) 167 } 168 169 // LoadECDSA loads a secp256k1 private key from the given file. 170 func LoadECDSA(file string) (*ecdsa.PrivateKey, error) { 171 buf := make([]byte, 64) 172 fd, err := os.Open(file) 173 if err != nil { 174 return nil, err 175 } 176 defer fd.Close() 177 if _, err := io.ReadFull(fd, buf); err != nil { 178 return nil, err 179 } 180 181 key, err := hex.DecodeString(string(buf)) 182 if err != nil { 183 return nil, err 184 } 185 return ToECDSA(key) 186 } 187 188 // SaveECDSA saves a secp256k1 private key to the given file with 189 // restrictive permissions. The key data is saved hex-encoded. 190 func SaveECDSA(file string, key *ecdsa.PrivateKey) error { 191 k := hex.EncodeToString(FromECDSA(key)) 192 return ioutil.WriteFile(file, []byte(k), 0600) 193 } 194 195 func GenerateKey() (*ecdsa.PrivateKey, error) { 196 return ecdsa.GenerateKey(S256(), rand.Reader) 197 } 198 199 func PubkeyToAddress(p ecdsa.PublicKey) types.Address { 200 pubBytes := FromECDSAPub(&p) 201 return types.BytesToAddress(Keccak256(pubBytes[1:])[12:]) 202 } 203 204 // Ecrecover returns the uncompressed public key that created the given signature. 205 func Ecrecover(hash, sig []byte) ([]byte, error) { 206 return secp256k1.RecoverPubkey(hash, sig) 207 } 208 209 // SigToPub returns the public key that created the given signature. 210 func SigToPub(hash, sig []byte) (*ecdsa.PublicKey, error) { 211 s, err := Ecrecover(hash, sig) 212 if err != nil { 213 return nil, err 214 } 215 216 x, y := elliptic.Unmarshal(S256(), s) 217 return &ecdsa.PublicKey{Curve: S256(), X: x, Y: y}, nil 218 } 219 220 // DecompressPubkey parses a public key in the 33-byte compressed format. 221 func DecompressPubkey(pubkey []byte) (*ecdsa.PublicKey, error) { 222 x, y := secp256k1.DecompressPubkey(pubkey) 223 if x == nil { 224 return nil, fmt.Errorf("invalid public key") 225 } 226 return &ecdsa.PublicKey{X: x, Y: y, Curve: S256()}, nil 227 } 228 229 // CompressPubkey encodes a public key to the 33-byte compressed format. 230 func CompressPubkey(pubkey *ecdsa.PublicKey) []byte { 231 return secp256k1.CompressPubkey(pubkey.X, pubkey.Y) 232 } 233 234 // S256 returns an instance of the secp256k1 curve. 235 func S256() elliptic.Curve { 236 return secp256k1.S256() 237 }