keys: move from btcd/btcec to decred/secp256k1 package

There is a security issue found in github.com/btcsuite/btcd that we don't care
about (we're only using 256k1 implementation), but GitHub complains about
it. We could update to github.com/btcsuite/btcd/btcec/v2, but it's now just a
thin wrapper over github.com/decred/dcrd/dcrec/secp256k1/v4, so we better use
it directly.
This commit is contained in:
Roman Khimov 2022-11-08 17:59:59 +03:00
parent b590d4ca04
commit 8746d9877e
6 changed files with 35 additions and 43 deletions

4
go.mod
View file

@ -1,10 +1,10 @@
module github.com/nspcc-dev/neo-go module github.com/nspcc-dev/neo-go
require ( require (
github.com/btcsuite/btcd v0.22.0-beta
github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e
github.com/coreos/go-semver v0.3.0 github.com/coreos/go-semver v0.3.0
github.com/davecgh/go-spew v1.1.1 github.com/davecgh/go-spew v1.1.1
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1
github.com/google/uuid v1.2.0 github.com/google/uuid v1.2.0
github.com/gorilla/websocket v1.4.2 github.com/gorilla/websocket v1.4.2
github.com/hashicorp/golang-lru v0.5.4 github.com/hashicorp/golang-lru v0.5.4
@ -19,7 +19,7 @@ require (
github.com/pierrec/lz4 v2.6.1+incompatible github.com/pierrec/lz4 v2.6.1+incompatible
github.com/pmezard/go-difflib v1.0.0 github.com/pmezard/go-difflib v1.0.0
github.com/prometheus/client_golang v1.13.0 github.com/prometheus/client_golang v1.13.0
github.com/stretchr/testify v1.7.0 github.com/stretchr/testify v1.8.0
github.com/syndtr/goleveldb v1.0.1-0.20210305035536-64b5b1c73954 github.com/syndtr/goleveldb v1.0.1-0.20210305035536-64b5b1c73954
github.com/twmb/murmur3 v1.1.5 github.com/twmb/murmur3 v1.1.5
github.com/urfave/cli v1.22.5 github.com/urfave/cli v1.22.5

9
go.sum
View file

@ -58,7 +58,6 @@ github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+Ce
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
github.com/btcsuite/btcd v0.20.1-beta/go.mod h1:wVuoA8VJLEcwgqHBwHmzLRazpKxTv13Px/pDuV7OomQ= github.com/btcsuite/btcd v0.20.1-beta/go.mod h1:wVuoA8VJLEcwgqHBwHmzLRazpKxTv13Px/pDuV7OomQ=
github.com/btcsuite/btcd v0.22.0-beta h1:LTDpDKUM5EeOFBPM8IXpinEcmZ6FWfNZbE3lfrfdnWo=
github.com/btcsuite/btcd v0.22.0-beta/go.mod h1:9n5ntfhhHQBIhUvlhDvD3Qg6fRUj4jkN0VB8L8svzOA= github.com/btcsuite/btcd v0.22.0-beta/go.mod h1:9n5ntfhhHQBIhUvlhDvD3Qg6fRUj4jkN0VB8L8svzOA=
github.com/btcsuite/btclog v0.0.0-20170628155309-84c8d2346e9f/go.mod h1:TdznJufoqS23FtqVCzL0ZqgP5MqXbb4fg/WgDys70nA= github.com/btcsuite/btclog v0.0.0-20170628155309-84c8d2346e9f/go.mod h1:TdznJufoqS23FtqVCzL0ZqgP5MqXbb4fg/WgDys70nA=
github.com/btcsuite/btcutil v0.0.0-20190425235716-9e5f4b9a998d/go.mod h1:+5NJ2+qvTyV9exUAL/rxXi3DcLg2Ts+ymUAY5y4NvMg= github.com/btcsuite/btcutil v0.0.0-20190425235716-9e5f4b9a998d/go.mod h1:+5NJ2+qvTyV9exUAL/rxXi3DcLg2Ts+ymUAY5y4NvMg=
@ -94,6 +93,9 @@ github.com/davecgh/go-spew v0.0.0-20171005155431-ecdeabc65495/go.mod h1:J7Y8YcW2
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn47hh8kt6rqSlvmrXFAc=
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1 h1:YLtO71vCjJRCBcrPMtQ9nqBsqpA1m5sE92cU+pd5Mcc=
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1/go.mod h1:hyedUtir6IdtD/7lIxGeCxkaw7y45JueMRL4DIyJDKs=
github.com/decred/dcrd/lru v1.0.0/go.mod h1:mxKOwFd7lFjN2GZYsiz/ecgqR6kkYAl+0pz0tEMk218= github.com/decred/dcrd/lru v1.0.0/go.mod h1:mxKOwFd7lFjN2GZYsiz/ecgqR6kkYAl+0pz0tEMk218=
github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
@ -341,12 +343,15 @@ github.com/spaolacci/murmur3 v1.1.0 h1:7c1g84S4BPRrfL5Xrdp6fOJ206sU9y293DDHaoy0b
github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/syndtr/goleveldb v0.0.0-20180307113352-169b1b37be73/go.mod h1:Z4AUp2Km+PwemOoO/VB5AOx9XSsIItzFjoJlOSiYmn0= github.com/syndtr/goleveldb v0.0.0-20180307113352-169b1b37be73/go.mod h1:Z4AUp2Km+PwemOoO/VB5AOx9XSsIItzFjoJlOSiYmn0=
github.com/syndtr/goleveldb v1.0.1-0.20210305035536-64b5b1c73954 h1:xQdMZ1WLrgkkvOZ/LDQxjVxMLdby7osSh4ZEVa5sIjs= github.com/syndtr/goleveldb v1.0.1-0.20210305035536-64b5b1c73954 h1:xQdMZ1WLrgkkvOZ/LDQxjVxMLdby7osSh4ZEVa5sIjs=
github.com/syndtr/goleveldb v1.0.1-0.20210305035536-64b5b1c73954/go.mod h1:u2MKkTVTVJWe5D1rCvame8WqhBd88EuIwODJZ1VHCPM= github.com/syndtr/goleveldb v1.0.1-0.20210305035536-64b5b1c73954/go.mod h1:u2MKkTVTVJWe5D1rCvame8WqhBd88EuIwODJZ1VHCPM=

View file

@ -6,7 +6,7 @@ import (
"errors" "errors"
"fmt" "fmt"
"github.com/btcsuite/btcd/btcec" "github.com/decred/dcrd/dcrec/secp256k1/v4"
"github.com/nspcc-dev/neo-go/pkg/core/interop" "github.com/nspcc-dev/neo-go/pkg/core/interop"
"github.com/nspcc-dev/neo-go/pkg/core/native/nativenames" "github.com/nspcc-dev/neo-go/pkg/core/native/nativenames"
"github.com/nspcc-dev/neo-go/pkg/crypto/hash" "github.com/nspcc-dev/neo-go/pkg/crypto/hash"
@ -129,7 +129,7 @@ func curveFromStackitem(si stackitem.Item) (elliptic.Curve, error) {
c := curve.Int64() c := curve.Int64()
switch c { switch c {
case int64(Secp256k1): case int64(Secp256k1):
return btcec.S256(), nil return secp256k1.S256(), nil
case int64(Secp256r1): case int64(Secp256r1):
return elliptic.P256(), nil return elliptic.P256(), nil
default: default:

View file

@ -10,7 +10,7 @@ import (
"fmt" "fmt"
"math/big" "math/big"
"github.com/btcsuite/btcd/btcec" "github.com/decred/dcrd/dcrec/secp256k1/v4"
"github.com/nspcc-dev/neo-go/pkg/crypto/hash" "github.com/nspcc-dev/neo-go/pkg/crypto/hash"
"github.com/nspcc-dev/neo-go/pkg/util" "github.com/nspcc-dev/neo-go/pkg/util"
"github.com/nspcc-dev/neo-go/pkg/util/slice" "github.com/nspcc-dev/neo-go/pkg/util/slice"
@ -30,7 +30,7 @@ func NewPrivateKey() (*PrivateKey, error) {
// NewSecp256k1PrivateKey creates a new random Secp256k1 private key. // NewSecp256k1PrivateKey creates a new random Secp256k1 private key.
func NewSecp256k1PrivateKey() (*PrivateKey, error) { func NewSecp256k1PrivateKey() (*PrivateKey, error) {
return newPrivateKeyOnCurve(btcec.S256()) return newPrivateKeyOnCurve(secp256k1.S256())
} }
// newPrivateKeyOnCurve creates a new random private key using curve c. // newPrivateKeyOnCurve creates a new random private key using curve c.

View file

@ -10,7 +10,7 @@ import (
"fmt" "fmt"
"math/big" "math/big"
"github.com/btcsuite/btcd/btcec" "github.com/decred/dcrd/dcrec/secp256k1/v4"
lru "github.com/hashicorp/golang-lru" lru "github.com/hashicorp/golang-lru"
"github.com/nspcc-dev/neo-go/pkg/crypto/hash" "github.com/nspcc-dev/neo-go/pkg/crypto/hash"
"github.com/nspcc-dev/neo-go/pkg/encoding/address" "github.com/nspcc-dev/neo-go/pkg/encoding/address"
@ -204,7 +204,7 @@ func NewPublicKeyFromASN1(data []byte) (*PublicKey, error) {
func decodeCompressedY(x *big.Int, ylsb uint, curve elliptic.Curve) (*big.Int, error) { func decodeCompressedY(x *big.Int, ylsb uint, curve elliptic.Curve) (*big.Int, error) {
var a *big.Int var a *big.Int
switch curve.(type) { switch curve.(type) {
case *btcec.KoblitzCurve: case *secp256k1.KoblitzCurve:
a = big0 a = big0
default: default:
a = big3 a = big3

View file

@ -5,7 +5,7 @@ import (
"math/big" "math/big"
"testing" "testing"
"github.com/btcsuite/btcd/btcec" "github.com/decred/dcrd/dcrec/secp256k1/v4"
"github.com/nspcc-dev/neo-go/pkg/crypto/hash" "github.com/nspcc-dev/neo-go/pkg/crypto/hash"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
@ -17,26 +17,25 @@ func TestIssue1223(t *testing.T) {
x.SetString("56810139335762307690884151098712528235297095596167964448512639328424930082240", 10) x.SetString("56810139335762307690884151098712528235297095596167964448512639328424930082240", 10)
y.SetString("108055740278314806025442297642651169427004858252141003070998851291610422839293", 10) y.SetString("108055740278314806025442297642651169427004858252141003070998851291610422839293", 10)
privateKey := &btcec.PrivateKey{ privateKey := PrivateKey{
PublicKey: ecdsa.PublicKey{ PrivateKey: ecdsa.PrivateKey{
Curve: btcec.S256(), PublicKey: ecdsa.PublicKey{
X: &x, Curve: secp256k1.S256(),
Y: &y, X: &x,
Y: &y,
},
D: &d,
}, },
D: &d,
} }
pubKey := PublicKey(ecdsa.PublicKey{ pubKey := PublicKey(ecdsa.PublicKey{
Curve: btcec.S256(), Curve: secp256k1.S256(),
X: privateKey.X, X: privateKey.X,
Y: privateKey.Y, Y: privateKey.Y,
}) })
hashedData := hash.Sha256([]byte("sample")) hashedData := hash.Sha256([]byte("sample"))
signature, err := privateKey.Sign(hashedData.BytesBE()) signature := privateKey.SignHash(hashedData)
require.NoError(t, err) require.True(t, pubKey.Verify(signature, hashedData.BytesBE()))
signedData := getSignatureSlice(privateKey.Curve, signature.R, signature.S)
require.True(t, pubKey.Verify(signedData, hashedData.BytesBE()))
} }
func TestPubKeyVerify(t *testing.T) { func TestPubKeyVerify(t *testing.T) {
@ -60,19 +59,13 @@ func TestPubKeyVerify(t *testing.T) {
}) })
t.Run("Secp256k1", func(t *testing.T) { t.Run("Secp256k1", func(t *testing.T) {
privateKey, err := btcec.NewPrivateKey(btcec.S256()) privateKey, err := NewSecp256k1PrivateKey()
assert.Nil(t, err) assert.Nil(t, err)
signature, err := privateKey.Sign(hashedData.BytesBE()) signedData := privateKey.SignHash(hashedData)
require.NoError(t, err) pubKey := privateKey.PublicKey()
signedData := getSignatureSlice(privateKey.Curve, signature.R, signature.S)
pubKey := PublicKey(ecdsa.PublicKey{
Curve: btcec.S256(),
X: privateKey.X,
Y: privateKey.Y,
})
require.True(t, pubKey.Verify(signedData, hashedData.BytesBE())) require.True(t, pubKey.Verify(signedData, hashedData.BytesBE()))
pubKey = PublicKey{} pubKey = &PublicKey{}
assert.False(t, pubKey.Verify(signedData, hashedData.BytesBE())) assert.False(t, pubKey.Verify(signedData, hashedData.BytesBE()))
}) })
} }
@ -94,19 +87,13 @@ func TestWrongPubKey(t *testing.T) {
}) })
t.Run("Secp256k1", func(t *testing.T) { t.Run("Secp256k1", func(t *testing.T) {
privateKey, err := btcec.NewPrivateKey(btcec.S256()) privateKey, err := NewSecp256k1PrivateKey()
assert.Nil(t, err) assert.Nil(t, err)
signature, err := privateKey.Sign(hashedData.BytesBE()) signedData := privateKey.SignHash(hashedData)
assert.Nil(t, err)
signedData := getSignatureSlice(privateKey.Curve, signature.R, signature.S)
secondPrivKey, err := btcec.NewPrivateKey(btcec.S256()) secondPrivKey, err := NewSecp256k1PrivateKey()
assert.Nil(t, err) assert.Nil(t, err)
wrongPubKey := PublicKey(ecdsa.PublicKey{ wrongPubKey := secondPrivKey.PublicKey()
Curve: btcec.S256(),
X: secondPrivKey.X,
Y: secondPrivKey.Y,
})
assert.False(t, wrongPubKey.Verify(signedData, hashedData.BytesBE())) assert.False(t, wrongPubKey.Verify(signedData, hashedData.BytesBE()))
}) })