github.com/verovm/record-replay@v1.9.7/crypto/crypto.go (about)

     1  // Copyright 2014 The go-ethereum Authors
     2  // This file is part of the go-ethereum library.
     3  //
     4  // The go-ethereum library is free software: you can redistribute it and/or modify
     5  // it under the terms of the GNU Lesser General Public License as published by
     6  // the Free Software Foundation, either version 3 of the License, or
     7  // (at your option) any later version.
     8  //
     9  // The go-ethereum library is distributed in the hope that it will be useful,
    10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
    11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    12  // GNU Lesser General Public License for more details.
    13  //
    14  // You should have received a copy of the GNU Lesser General Public License
    15  // along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
    16  
    17  package crypto
    18  
    19  import (
    20  	"crypto/ecdsa"
    21  	"crypto/elliptic"
    22  	"crypto/rand"
    23  	"encoding/hex"
    24  	"errors"
    25  	"fmt"
    26  	"io"
    27  	"io/ioutil"
    28  	"math/big"
    29  	"os"
    30  
    31  	"github.com/ethereum/go-ethereum/common"
    32  	"github.com/ethereum/go-ethereum/common/math"
    33  	"github.com/ethereum/go-ethereum/rlp"
    34  	"golang.org/x/crypto/sha3"
    35  )
    36  
    37  //SignatureLength indicates the byte length required to carry a signature with recovery id.
    38  const SignatureLength = 64 + 1 // 64 bytes ECDSA signature + 1 byte recovery id
    39  
    40  // RecoveryIDOffset points to the byte offset within the signature that contains the recovery id.
    41  const RecoveryIDOffset = 64
    42  
    43  // DigestLength sets the signature digest exact length
    44  const DigestLength = 32
    45  
    46  var (
    47  	secp256k1N, _  = new(big.Int).SetString("fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141", 16)
    48  	secp256k1halfN = new(big.Int).Div(secp256k1N, big.NewInt(2))
    49  )
    50  
    51  var errInvalidPubkey = errors.New("invalid secp256k1 public key")
    52  
    53  // Keccak256 calculates and returns the Keccak256 hash of the input data.
    54  func Keccak256(data ...[]byte) []byte {
    55  	d := sha3.NewLegacyKeccak256()
    56  	for _, b := range data {
    57  		d.Write(b)
    58  	}
    59  	return d.Sum(nil)
    60  }
    61  
    62  // Keccak256Hash calculates and returns the Keccak256 hash of the input data,
    63  // converting it to an internal Hash data structure.
    64  func Keccak256Hash(data ...[]byte) (h common.Hash) {
    65  	d := sha3.NewLegacyKeccak256()
    66  	for _, b := range data {
    67  		d.Write(b)
    68  	}
    69  	d.Sum(h[:0])
    70  	return h
    71  }
    72  
    73  // Keccak512 calculates and returns the Keccak512 hash of the input data.
    74  func Keccak512(data ...[]byte) []byte {
    75  	d := sha3.NewLegacyKeccak512()
    76  	for _, b := range data {
    77  		d.Write(b)
    78  	}
    79  	return d.Sum(nil)
    80  }
    81  
    82  // CreateAddress creates an ethereum address given the bytes and the nonce
    83  func CreateAddress(b common.Address, nonce uint64) common.Address {
    84  	data, _ := rlp.EncodeToBytes([]interface{}{b, nonce})
    85  	return common.BytesToAddress(Keccak256(data)[12:])
    86  }
    87  
    88  // CreateAddress2 creates an ethereum address given the address bytes, initial
    89  // contract code hash and a salt.
    90  func CreateAddress2(b common.Address, salt [32]byte, inithash []byte) common.Address {
    91  	return common.BytesToAddress(Keccak256([]byte{0xff}, b.Bytes(), salt[:], inithash)[12:])
    92  }
    93  
    94  // ToECDSA creates a private key with the given D value.
    95  func ToECDSA(d []byte) (*ecdsa.PrivateKey, error) {
    96  	return toECDSA(d, true)
    97  }
    98  
    99  // ToECDSAUnsafe blindly converts a binary blob to a private key. It should almost
   100  // never be used unless you are sure the input is valid and want to avoid hitting
   101  // errors due to bad origin encoding (0 prefixes cut off).
   102  func ToECDSAUnsafe(d []byte) *ecdsa.PrivateKey {
   103  	priv, _ := toECDSA(d, false)
   104  	return priv
   105  }
   106  
   107  // toECDSA creates a private key with the given D value. The strict parameter
   108  // controls whether the key's length should be enforced at the curve size or
   109  // it can also accept legacy encodings (0 prefixes).
   110  func toECDSA(d []byte, strict bool) (*ecdsa.PrivateKey, error) {
   111  	priv := new(ecdsa.PrivateKey)
   112  	priv.PublicKey.Curve = S256()
   113  	if strict && 8*len(d) != priv.Params().BitSize {
   114  		return nil, fmt.Errorf("invalid length, need %d bits", priv.Params().BitSize)
   115  	}
   116  	priv.D = new(big.Int).SetBytes(d)
   117  
   118  	// The priv.D must < N
   119  	if priv.D.Cmp(secp256k1N) >= 0 {
   120  		return nil, fmt.Errorf("invalid private key, >=N")
   121  	}
   122  	// The priv.D must not be zero or negative.
   123  	if priv.D.Sign() <= 0 {
   124  		return nil, fmt.Errorf("invalid private key, zero or negative")
   125  	}
   126  
   127  	priv.PublicKey.X, priv.PublicKey.Y = priv.PublicKey.Curve.ScalarBaseMult(d)
   128  	if priv.PublicKey.X == nil {
   129  		return nil, errors.New("invalid private key")
   130  	}
   131  	return priv, nil
   132  }
   133  
   134  // FromECDSA exports a private key into a binary dump.
   135  func FromECDSA(priv *ecdsa.PrivateKey) []byte {
   136  	if priv == nil {
   137  		return nil
   138  	}
   139  	return math.PaddedBigBytes(priv.D, priv.Params().BitSize/8)
   140  }
   141  
   142  // UnmarshalPubkey converts bytes to a secp256k1 public key.
   143  func UnmarshalPubkey(pub []byte) (*ecdsa.PublicKey, error) {
   144  	x, y := elliptic.Unmarshal(S256(), pub)
   145  	if x == nil {
   146  		return nil, errInvalidPubkey
   147  	}
   148  	return &ecdsa.PublicKey{Curve: S256(), X: x, Y: y}, nil
   149  }
   150  
   151  func FromECDSAPub(pub *ecdsa.PublicKey) []byte {
   152  	if pub == nil || pub.X == nil || pub.Y == nil {
   153  		return nil
   154  	}
   155  	return elliptic.Marshal(S256(), pub.X, pub.Y)
   156  }
   157  
   158  // HexToECDSA parses a secp256k1 private key.
   159  func HexToECDSA(hexkey string) (*ecdsa.PrivateKey, error) {
   160  	b, err := hex.DecodeString(hexkey)
   161  	if err != nil {
   162  		return nil, errors.New("invalid hex string")
   163  	}
   164  	return ToECDSA(b)
   165  }
   166  
   167  // LoadECDSA loads a secp256k1 private key from the given file.
   168  func LoadECDSA(file string) (*ecdsa.PrivateKey, error) {
   169  	buf := make([]byte, 64)
   170  	fd, err := os.Open(file)
   171  	if err != nil {
   172  		return nil, err
   173  	}
   174  	defer fd.Close()
   175  	if _, err := io.ReadFull(fd, buf); err != nil {
   176  		return nil, err
   177  	}
   178  
   179  	key, err := hex.DecodeString(string(buf))
   180  	if err != nil {
   181  		return nil, err
   182  	}
   183  	return ToECDSA(key)
   184  }
   185  
   186  // SaveECDSA saves a secp256k1 private key to the given file with
   187  // restrictive permissions. The key data is saved hex-encoded.
   188  func SaveECDSA(file string, key *ecdsa.PrivateKey) error {
   189  	k := hex.EncodeToString(FromECDSA(key))
   190  	return ioutil.WriteFile(file, []byte(k), 0600)
   191  }
   192  
   193  func GenerateKey() (*ecdsa.PrivateKey, error) {
   194  	return ecdsa.GenerateKey(S256(), rand.Reader)
   195  }
   196  
   197  // ValidateSignatureValues verifies whether the signature values are valid with
   198  // the given chain rules. The v value is assumed to be either 0 or 1.
   199  func ValidateSignatureValues(v byte, r, s *big.Int, homestead bool) bool {
   200  	if r.Cmp(common.Big1) < 0 || s.Cmp(common.Big1) < 0 {
   201  		return false
   202  	}
   203  	// reject upper range of s values (ECDSA malleability)
   204  	// see discussion in secp256k1/libsecp256k1/include/secp256k1.h
   205  	if homestead && s.Cmp(secp256k1halfN) > 0 {
   206  		return false
   207  	}
   208  	// Frontier: allow s to be in full N range
   209  	return r.Cmp(secp256k1N) < 0 && s.Cmp(secp256k1N) < 0 && (v == 0 || v == 1)
   210  }
   211  
   212  func PubkeyToAddress(p ecdsa.PublicKey) common.Address {
   213  	pubBytes := FromECDSAPub(&p)
   214  	return common.BytesToAddress(Keccak256(pubBytes[1:])[12:])
   215  }
   216  
   217  func zeroBytes(bytes []byte) {
   218  	for i := range bytes {
   219  		bytes[i] = 0
   220  	}
   221  }