github.com/waltonchain/waltonchain_gwtc_src@v1.1.4-0.20201225072101-8a298c95a819/crypto/secp256k1/secp256.go

github.com/waltonchain/waltonchain_gwtc_src@v1.1.4-0.20201225072101-8a298c95a819/crypto/secp256k1/secp256.go (about)

     1  // Copyright 2015 The go-ethereum Authors
     2  // This file is part of the go-ethereum library.
     3  //
     4  // The go-wtc library is free software: you can redistribute it and/or modify
     5  // it under the terms of the GNU Lesser General Public License as published by
     6  // the Free Software Foundation, either version 3 of the License, or
     7  // (at your option) any later version.
     8  //
     9  // The go-wtc library is distributed in the hope that it will be useful,
    10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
    11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    12  // GNU Lesser General Public License for more details.
    13  //
    14  // You should have received a copy of the GNU Lesser General Public License
    15  // along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
    16  
    17  // Package secp256k1 wraps the bitcoin secp256k1 C library.
    18  package secp256k1
    19  
    20  /*
    21  #cgo CFLAGS: -I./libsecp256k1
    22  #cgo CFLAGS: -I./libsecp256k1/src/
    23  #define USE_NUM_NONE
    24  #define USE_FIELD_10X26
    25  #define USE_FIELD_INV_BUILTIN
    26  #define USE_SCALAR_8X32
    27  #define USE_SCALAR_INV_BUILTIN
    28  #define NDEBUG
    29  #include "./libsecp256k1/src/secp256k1.c"
    30  #include "./libsecp256k1/src/modules/recovery/main_impl.h"
    31  #include "ext.h"
    32  
    33  typedef void (*callbackFunc) (const char* msg, void* data);
    34  extern void secp256k1GoPanicIllegal(const char* msg, void* data);
    35  extern void secp256k1GoPanicError(const char* msg, void* data);
    36  */
    37  import "C"
    38  
    39  import (
    40  	"errors"
    41  	"unsafe"
    42  )
    43  
    44  var context *C.secp256k1_context
    45  
    46  func init() {
    47  	// around 20 ms on a modern CPU.
    48  	context = C.secp256k1_context_create_sign_verify()
    49  	C.secp256k1_context_set_illegal_callback(context, C.callbackFunc(C.secp256k1GoPanicIllegal), nil)
    50  	C.secp256k1_context_set_error_callback(context, C.callbackFunc(C.secp256k1GoPanicError), nil)
    51  }
    52  
    53  var (
    54  	ErrInvalidMsgLen       = errors.New("invalid message length, need 32 bytes")
    55  	ErrInvalidSignatureLen = errors.New("invalid signature length")
    56  	ErrInvalidRecoveryID   = errors.New("invalid signature recovery id")
    57  	ErrInvalidKey          = errors.New("invalid private key")
    58  	ErrSignFailed          = errors.New("signing failed")
    59  	ErrRecoverFailed       = errors.New("recovery failed")
    60  )
    61  
    62  // Sign creates a recoverable ECDSA signature.
    63  // The produced signature is in the 65-byte [R || S || V] format where V is 0 or 1.
    64  //
    65  // The caller is responsible for ensuring that msg cannot be chosen
    66  // directly by an attacker. It is usually preferable to use a cryptographic
    67  // hash function on any input before handing it to this function.
    68  func Sign(msg []byte, seckey []byte) ([]byte, error) {
    69  	if len(msg) != 32 {
    70  		return nil, ErrInvalidMsgLen
    71  	}
    72  	if len(seckey) != 32 {
    73  		return nil, ErrInvalidKey
    74  	}
    75  	seckeydata := (*C.uchar)(unsafe.Pointer(&seckey[0]))
    76  	if C.secp256k1_ec_seckey_verify(context, seckeydata) != 1 {
    77  		return nil, ErrInvalidKey
    78  	}
    79  
    80  	var (
    81  		msgdata   = (*C.uchar)(unsafe.Pointer(&msg[0]))
    82  		noncefunc = C.secp256k1_nonce_function_rfc6979
    83  		sigstruct C.secp256k1_ecdsa_recoverable_signature
    84  	)
    85  	if C.secp256k1_ecdsa_sign_recoverable(context, &sigstruct, msgdata, seckeydata, noncefunc, nil) == 0 {
    86  		return nil, ErrSignFailed
    87  	}
    88  
    89  	var (
    90  		sig     = make([]byte, 65)
    91  		sigdata = (*C.uchar)(unsafe.Pointer(&sig[0]))
    92  		recid   C.int
    93  	)
    94  	C.secp256k1_ecdsa_recoverable_signature_serialize_compact(context, sigdata, &recid, &sigstruct)
    95  	sig[64] = byte(recid) // add back recid to get 65 bytes sig
    96  	return sig, nil
    97  }
    98  
    99  // RecoverPubkey returns the the public key of the signer.
   100  // msg must be the 32-byte hash of the message to be signed.
   101  // sig must be a 65-byte compact ECDSA signature containing the
   102  // recovery id as the last element.
   103  func RecoverPubkey(msg []byte, sig []byte) ([]byte, error) {
   104  	if len(msg) != 32 {
   105  		return nil, ErrInvalidMsgLen
   106  	}
   107  	if err := checkSignature(sig); err != nil {
   108  		return nil, err
   109  	}
   110  
   111  	var (
   112  		pubkey  = make([]byte, 65)
   113  		sigdata = (*C.uchar)(unsafe.Pointer(&sig[0]))
   114  		msgdata = (*C.uchar)(unsafe.Pointer(&msg[0]))
   115  	)
   116  	if C.secp256k1_ecdsa_recover_pubkey(context, (*C.uchar)(unsafe.Pointer(&pubkey[0])), sigdata, msgdata) == 0 {
   117  		return nil, ErrRecoverFailed
   118  	}
   119  	return pubkey, nil
   120  }
   121  
   122  func checkSignature(sig []byte) error {
   123  	if len(sig) != 65 {
   124  		return ErrInvalidSignatureLen
   125  	}
   126  	if sig[64] >= 4 {
   127  		return ErrInvalidRecoveryID
   128  	}
   129  	return nil
   130  }