2020-03-18 09:41:09 +00:00
|
|
|
package crypto
|
|
|
|
|
|
|
|
import (
|
2020-07-13 09:59:41 +00:00
|
|
|
"crypto/elliptic"
|
2020-03-18 11:04:52 +00:00
|
|
|
"errors"
|
|
|
|
"fmt"
|
|
|
|
|
2020-07-13 09:59:41 +00:00
|
|
|
"github.com/btcsuite/btcd/btcec"
|
2020-03-18 09:41:09 +00:00
|
|
|
"github.com/nspcc-dev/neo-go/pkg/core/interop"
|
2020-04-13 10:43:36 +00:00
|
|
|
"github.com/nspcc-dev/neo-go/pkg/crypto"
|
2020-03-18 09:41:09 +00:00
|
|
|
"github.com/nspcc-dev/neo-go/pkg/crypto/hash"
|
|
|
|
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
2020-08-29 15:44:45 +00:00
|
|
|
"github.com/nspcc-dev/neo-go/pkg/util"
|
2020-03-18 09:41:09 +00:00
|
|
|
"github.com/nspcc-dev/neo-go/pkg/vm"
|
2020-06-03 12:55:06 +00:00
|
|
|
"github.com/nspcc-dev/neo-go/pkg/vm/stackitem"
|
2020-03-18 09:41:09 +00:00
|
|
|
)
|
|
|
|
|
2020-06-19 09:21:37 +00:00
|
|
|
// ECDSAVerifyPrice is a gas price of a single verification.
|
2020-12-11 12:22:49 +00:00
|
|
|
const ECDSAVerifyPrice = 1 << 15
|
2020-06-19 09:21:37 +00:00
|
|
|
|
2020-07-10 06:56:15 +00:00
|
|
|
// ECDSASecp256r1Verify checks ECDSA signature using Secp256r1 elliptic curve.
|
2020-08-07 11:37:49 +00:00
|
|
|
func ECDSASecp256r1Verify(ic *interop.Context) error {
|
|
|
|
return ecdsaVerify(ic, elliptic.P256())
|
2020-07-13 09:59:41 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// ECDSASecp256k1Verify checks ECDSA signature using Secp256k1 elliptic curve
|
2020-08-07 11:37:49 +00:00
|
|
|
func ECDSASecp256k1Verify(ic *interop.Context) error {
|
|
|
|
return ecdsaVerify(ic, btcec.S256())
|
2020-07-13 09:59:41 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// ecdsaVerify is internal representation of ECDSASecp256k1Verify and
|
|
|
|
// ECDSASecp256r1Verify.
|
2020-08-07 11:37:49 +00:00
|
|
|
func ecdsaVerify(ic *interop.Context, curve elliptic.Curve) error {
|
2020-08-29 15:44:45 +00:00
|
|
|
hashToCheck, err := getMessageHash(ic, ic.VM.Estack().Pop().Item())
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2020-08-07 11:37:49 +00:00
|
|
|
keyb := ic.VM.Estack().Pop().Bytes()
|
|
|
|
signature := ic.VM.Estack().Pop().Bytes()
|
2020-07-13 09:59:41 +00:00
|
|
|
pkey, err := keys.NewPublicKeyFromBytes(keyb, curve)
|
2020-03-18 09:41:09 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2020-08-29 15:44:45 +00:00
|
|
|
res := pkey.Verify(signature, hashToCheck.BytesBE())
|
2020-08-07 11:37:49 +00:00
|
|
|
ic.VM.Estack().PushVal(res)
|
2020-03-18 09:41:09 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2020-07-13 10:39:36 +00:00
|
|
|
// ECDSASecp256r1CheckMultisig checks multiple ECDSA signatures at once using
|
|
|
|
// Secp256r1 elliptic curve.
|
2020-08-07 11:37:49 +00:00
|
|
|
func ECDSASecp256r1CheckMultisig(ic *interop.Context) error {
|
|
|
|
return ecdsaCheckMultisig(ic, elliptic.P256())
|
2020-07-13 09:59:41 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// ECDSASecp256k1CheckMultisig checks multiple ECDSA signatures at once using
|
|
|
|
// Secp256k1 elliptic curve.
|
2020-08-07 11:37:49 +00:00
|
|
|
func ECDSASecp256k1CheckMultisig(ic *interop.Context) error {
|
|
|
|
return ecdsaCheckMultisig(ic, btcec.S256())
|
2020-07-13 09:59:41 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// ecdsaCheckMultisig is internal representation of ECDSASecp256r1CheckMultisig and
|
|
|
|
// ECDSASecp256k1CheckMultisig
|
2020-08-07 11:37:49 +00:00
|
|
|
func ecdsaCheckMultisig(ic *interop.Context, curve elliptic.Curve) error {
|
2020-08-29 15:44:45 +00:00
|
|
|
hashToCheck, err := getMessageHash(ic, ic.VM.Estack().Pop().Item())
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2020-08-07 11:37:49 +00:00
|
|
|
pkeys, err := ic.VM.Estack().PopSigElements()
|
2020-03-18 11:04:52 +00:00
|
|
|
if err != nil {
|
2020-08-06 16:09:57 +00:00
|
|
|
return fmt.Errorf("wrong parameters: %w", err)
|
2020-03-18 11:04:52 +00:00
|
|
|
}
|
2020-12-11 12:22:49 +00:00
|
|
|
if !ic.VM.AddGas(ic.BaseExecFee() * ECDSAVerifyPrice * int64(len(pkeys))) {
|
2020-06-19 09:21:37 +00:00
|
|
|
return errors.New("gas limit exceeded")
|
|
|
|
}
|
2020-08-07 11:37:49 +00:00
|
|
|
sigs, err := ic.VM.Estack().PopSigElements()
|
2020-03-18 11:04:52 +00:00
|
|
|
if err != nil {
|
2020-08-06 16:09:57 +00:00
|
|
|
return fmt.Errorf("wrong parameters: %w", err)
|
2020-03-18 11:04:52 +00:00
|
|
|
}
|
|
|
|
// It's ok to have more keys than there are signatures (it would
|
|
|
|
// just mean that some keys didn't sign), but not the other way around.
|
|
|
|
if len(pkeys) < len(sigs) {
|
|
|
|
return errors.New("more signatures than there are keys")
|
|
|
|
}
|
2020-08-29 15:44:45 +00:00
|
|
|
sigok := vm.CheckMultisigPar(ic.VM, curve, hashToCheck.BytesBE(), pkeys, sigs)
|
2020-08-07 11:37:49 +00:00
|
|
|
ic.VM.Estack().PushVal(sigok)
|
2020-03-18 11:04:52 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2020-08-29 15:44:45 +00:00
|
|
|
func getMessageHash(ic *interop.Context, item stackitem.Item) (util.Uint256, error) {
|
2020-04-13 10:43:36 +00:00
|
|
|
var msg []byte
|
|
|
|
switch val := item.(type) {
|
2020-06-03 12:55:06 +00:00
|
|
|
case *stackitem.Interop:
|
2020-08-29 15:44:45 +00:00
|
|
|
return val.Value().(crypto.Verifiable).GetSignedHash(), nil
|
2020-06-03 12:55:06 +00:00
|
|
|
case stackitem.Null:
|
2020-08-29 15:44:45 +00:00
|
|
|
return ic.Container.GetSignedHash(), nil
|
2020-04-13 10:43:36 +00:00
|
|
|
default:
|
|
|
|
var err error
|
|
|
|
if msg, err = val.TryBytes(); err != nil {
|
2020-08-29 15:44:45 +00:00
|
|
|
return util.Uint256{}, err
|
2020-04-13 10:43:36 +00:00
|
|
|
}
|
2020-03-18 09:41:09 +00:00
|
|
|
}
|
2020-08-29 15:44:45 +00:00
|
|
|
return hash.Sha256(msg), nil
|
2020-03-18 09:41:09 +00:00
|
|
|
}
|