Merge pull request #352 from nspcc-dev/drop-bad-crypto-fix-245

Really simplifies our crypto library and fixes #245.

pkg/core/account_state_test.go

@@ -4,7 +4,6 @@ import (
 	"bytes"
 	"testing"
 
-	"github.com/CityOfZion/neo-go/pkg/crypto"
 	"github.com/CityOfZion/neo-go/pkg/crypto/keys"
 	"github.com/CityOfZion/neo-go/pkg/util"
 	"github.com/stretchr/testify/assert"
@@ -18,9 +17,9 @@ func TestDecodeEncodeAccountState(t *testing.T) {
 	)
 	for i := 0; i < n; i++ {
 		balances[randomUint256()] = util.Fixed8(int64(randomInt(1, 10000)))
-		votes[i] = &keys.PublicKey{
-			ECPoint: crypto.RandomECPoint(),
-		}
+		k, err := keys.NewPrivateKey()
+		assert.Nil(t, err)
+		votes[i] = k.PublicKey()
 	}
 
 	a := &AccountState{

pkg/crypto/elliptic_curve.go

@@ -1,274 +0,0 @@
-package crypto
-
-// Original work completed by @vsergeev: https://github.com/vsergeev/btckeygenie
-// Expanded and tweaked upon here under MIT license.
-
-import (
-	"bytes"
-	"crypto/rand"
-	"encoding/binary"
-	"encoding/hex"
-	"errors"
-	"fmt"
-	"io"
-	"math/big"
-
-	"github.com/CityOfZion/neo-go/pkg/util"
-)
-
-type (
-	// EllipticCurve represents the parameters of a short Weierstrass equation elliptic
-	// curve.
-	EllipticCurve struct {
-		A *big.Int
-		B *big.Int
-		P *big.Int
-		G ECPoint
-		N *big.Int
-		H *big.Int
-	}
-
-	// ECPoint represents a point on the EllipticCurve.
-	ECPoint struct {
-		X *big.Int
-		Y *big.Int
-	}
-)
-
-// NewEllipticCurve returns a ready to use EllipticCurve with preconfigured
-// fields for the NEO protocol.
-func NewEllipticCurve() EllipticCurve {
-	c := EllipticCurve{}
-
-	c.P, _ = new(big.Int).SetString(
-		"FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF", 16,
-	)
-	c.A, _ = new(big.Int).SetString(
-		"FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC", 16,
-	)
-	c.B, _ = new(big.Int).SetString(
-		"5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B", 16,
-	)
-	c.G.X, _ = new(big.Int).SetString(
-		"6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296", 16,
-	)
-	c.G.Y, _ = new(big.Int).SetString(
-		"4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5", 16,
-	)
-	c.N, _ = new(big.Int).SetString(
-		"FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551", 16,
-	)
-	c.H, _ = new(big.Int).SetString("01", 16)
-
-	return c
-}
-
-// RandomECPoint returns a random generated ECPoint, mostly used
-// for testing.
-func RandomECPoint() ECPoint {
-	c := NewEllipticCurve()
-	b := make([]byte, c.N.BitLen()/8+8)
-	if _, err := io.ReadFull(rand.Reader, b); err != nil {
-		return ECPoint{}
-	}
-
-	d := new(big.Int).SetBytes(b)
-	d.Mod(d, new(big.Int).Sub(c.N, big.NewInt(1)))
-	d.Add(d, big.NewInt(1))
-
-	q := new(big.Int).SetBytes(d.Bytes())
-	return c.ScalarBaseMult(q)
-}
-
-// ECPointFromReader return a new point from the given reader.
-// f == 4, 6 or 7 are not implemented.
-func ECPointFromReader(r io.Reader) (point ECPoint, err error) {
-	var f uint8
-	if err = binary.Read(r, binary.LittleEndian, &f); err != nil {
-		return
-	}
-
-	// Infinity
-	if f == 0 {
-		return ECPoint{
-			X: new(big.Int),
-			Y: new(big.Int),
-		}, nil
-	}
-
-	if f == 2 || f == 3 {
-		y := new(big.Int).SetBytes([]byte{f & 1})
-		data := make([]byte, 32)
-		if err = binary.Read(r, binary.LittleEndian, data); err != nil {
-			return
-		}
-		data = util.ArrayReverse(data)
-		data = append(data, byte(0x00))
-
-		return ECPoint{
-			X: new(big.Int).SetBytes(data),
-			Y: y,
-		}, nil
-	}
-	return
-}
-
-// EncodeBinary encodes the point to the given io.Writer.
-func (p ECPoint) EncodeBinary(w io.Writer) error {
-	bx := p.X.Bytes()
-	padded := append(
-		bytes.Repeat(
-			[]byte{0x00},
-			32-len(bx),
-		),
-		bx...,
-	)
-
-	prefix := byte(0x03)
-	if p.Y.Bit(0) == 0 {
-		prefix = byte(0x02)
-	}
-	buf := make([]byte, len(padded)+1)
-	buf[0] = prefix
-	copy(buf[1:], padded)
-
-	return binary.Write(w, binary.LittleEndian, buf)
-}
-
-// String implements the Stringer interface.
-func (p *ECPoint) String() string {
-	if p.IsInfinity() {
-		return "00"
-	}
-	bx := hex.EncodeToString(p.X.Bytes())
-	by := hex.EncodeToString(p.Y.Bytes())
-	return fmt.Sprintf("%s%s", bx, by)
-}
-
-// IsInfinity checks if point P is infinity on EllipticCurve ec.
-func (p *ECPoint) IsInfinity() bool {
-	return p.X == nil && p.Y == nil
-}
-
-// IsInfinity checks if point P is infinity on EllipticCurve ec.
-func (c *EllipticCurve) IsInfinity(P ECPoint) bool {
-	return P.X == nil && P.Y == nil
-}
-
-// IsOnCurve checks if point P is on EllipticCurve ec.
-func (c *EllipticCurve) IsOnCurve(P ECPoint) bool {
-	if c.IsInfinity(P) {
-		return false
-	}
-	lhs := mulMod(P.Y, P.Y, c.P)
-	rhs := addMod(
-		addMod(
-			expMod(P.X, big.NewInt(3), c.P),
-			mulMod(c.A, P.X, c.P), c.P),
-		c.B, c.P)
-
-	return lhs.Cmp(rhs) == 0
-}
-
-// Add computes R = P + Q on EllipticCurve ec.
-func (c *EllipticCurve) Add(P, Q ECPoint) (R ECPoint) {
-	// See rules 1-5 on SEC1 pg.7 http://www.secg.org/collateral/sec1_final.pdf
-	if c.IsInfinity(P) && c.IsInfinity(Q) {
-		R.X = nil
-		R.Y = nil
-	} else if c.IsInfinity(P) {
-		R.X = new(big.Int).Set(Q.X)
-		R.Y = new(big.Int).Set(Q.Y)
-	} else if c.IsInfinity(Q) {
-		R.X = new(big.Int).Set(P.X)
-		R.Y = new(big.Int).Set(P.Y)
-	} else if P.X.Cmp(Q.X) == 0 && addMod(P.Y, Q.Y, c.P).Sign() == 0 {
-		R.X = nil
-		R.Y = nil
-	} else if P.X.Cmp(Q.X) == 0 && P.Y.Cmp(Q.Y) == 0 && P.Y.Sign() != 0 {
-		num := addMod(
-			mulMod(big.NewInt(3),
-				mulMod(P.X, P.X, c.P), c.P),
-			c.A, c.P)
-		den := invMod(mulMod(big.NewInt(2), P.Y, c.P), c.P)
-		lambda := mulMod(num, den, c.P)
-		R.X = subMod(
-			mulMod(lambda, lambda, c.P),
-			mulMod(big.NewInt(2), P.X, c.P),
-			c.P)
-		R.Y = subMod(
-			mulMod(lambda, subMod(P.X, R.X, c.P), c.P),
-			P.Y, c.P)
-	} else if P.X.Cmp(Q.X) != 0 {
-		num := subMod(Q.Y, P.Y, c.P)
-		den := invMod(subMod(Q.X, P.X, c.P), c.P)
-		lambda := mulMod(num, den, c.P)
-		R.X = subMod(
-			subMod(
-				mulMod(lambda, lambda, c.P),
-				P.X, c.P),
-			Q.X, c.P)
-		R.Y = subMod(
-			mulMod(lambda,
-				subMod(P.X, R.X, c.P), c.P),
-			P.Y, c.P)
-	} else {
-		panic(fmt.Sprintf("Unsupported point addition: %v + %v", P, Q))
-	}
-
-	return R
-}
-
-// ScalarMult computes Q = k * P on EllipticCurve ec.
-func (c *EllipticCurve) ScalarMult(k *big.Int, P ECPoint) (Q ECPoint) {
-	// Implementation based on pseudocode here:
-	// https://en.wikipedia.org/wiki/Elliptic_curve_point_multiplication#Montgomery_ladder
-	var R0 ECPoint
-	var R1 ECPoint
-
-	R0.X = nil
-	R0.Y = nil
-	R1.X = new(big.Int).Set(P.X)
-	R1.Y = new(big.Int).Set(P.Y)
-
-	for i := c.N.BitLen() - 1; i >= 0; i-- {
-		if k.Bit(i) == 0 {
-			R1 = c.Add(R0, R1)
-			R0 = c.Add(R0, R0)
-		} else {
-			R0 = c.Add(R0, R1)
-			R1 = c.Add(R1, R1)
-		}
-	}
-	return R0
-}
-
-// ScalarBaseMult computes Q = k * G on EllipticCurve ec.
-func (c *EllipticCurve) ScalarBaseMult(k *big.Int) (Q ECPoint) {
-	return c.ScalarMult(k, c.G)
-}
-
-// Decompress decompresses coordinate x and ylsb (y's least significant bit) into a ECPoint P on EllipticCurve ec.
-func (c *EllipticCurve) Decompress(x *big.Int, ylsb uint) (P ECPoint, err error) {
-	/* y**2 = x**3 + a*x + b  % p */
-	rhs := addMod(
-		addMod(
-			expMod(x, big.NewInt(3), c.P),
-			mulMod(c.A, x, c.P),
-			c.P),
-		c.B, c.P)
-
-	y := sqrtMod(rhs, c.P)
-	if y.Bit(0) != (ylsb & 0x1) {
-		y = subMod(big.NewInt(0), y, c.P)
-	}
-
-	P.X = x
-	P.Y = y
-
-	if !c.IsOnCurve(P) {
-		return P, errors.New("compressed (x, ylsb) not on curve")
-	}
-
-	return P, nil
-}

pkg/crypto/keys/nep2.go

@@ -44,10 +44,7 @@ func NEP2ScryptParams() ScryptParams {
 // NEP2Encrypt encrypts a the PrivateKey using a given passphrase
 // under the NEP-2 standard.
 func NEP2Encrypt(priv *PrivateKey, passphrase string) (s string, err error) {
-	address, err := priv.Address()
-	if err != nil {
-		return s, err
-	}
+	address := priv.Address()
 
 	addrHash := hash.Checksum([]byte(address))
 	// Normalize the passphrase according to the NFC standard.
@@ -119,14 +116,11 @@ func NEP2Decrypt(key, passphrase string) (s string, err error) {
 		return s, errors.New("password mismatch")
 	}
 
-	return privKey.WIF()
+	return privKey.WIF(), nil
 }
 
 func compareAddressHash(priv *PrivateKey, inhash []byte) bool {
-	address, err := priv.Address()
-	if err != nil {
-		return false
-	}
+	address := priv.Address()
 	addrHash := hash.Checksum([]byte(address))
 	return bytes.Equal(addrHash, inhash)
 }

pkg/crypto/keys/nep2_test.go

@@ -31,12 +31,10 @@ func TestNEP2Decrypt(t *testing.T) {
 
 		assert.Equal(t, testCase.PrivateKey, privKey.String())
 
-		wif, err := privKey.WIF()
-		assert.Nil(t, err)
+		wif := privKey.WIF()
 		assert.Equal(t, testCase.Wif, wif)
 
-		address, err := privKey.Address()
-		assert.Nil(t, err)
+		address := privKey.Address()
 		assert.Equal(t, testCase.Address, address)
 	}
 }

pkg/crypto/keys/private_key.go

@@ -1,19 +1,15 @@
 package keys
 
 import (
-	"bytes"
 	"crypto/ecdsa"
 	"crypto/elliptic"
 	"crypto/rand"
 	"crypto/sha256"
 	"crypto/x509"
 	"encoding/hex"
-	"errors"
 	"fmt"
-	"io"
 	"math/big"
 
-	"github.com/CityOfZion/neo-go/pkg/crypto"
 	"github.com/nspcc-dev/rfc6979"
 )
 
@@ -24,18 +20,11 @@ type PrivateKey struct {
 
 // NewPrivateKey creates a new random private key.
 func NewPrivateKey() (*PrivateKey, error) {
-	c := crypto.NewEllipticCurve()
-	b := make([]byte, c.N.BitLen()/8+8)
-	if _, err := io.ReadFull(rand.Reader, b); err != nil {
+	priv, _, _, err := elliptic.GenerateKey(elliptic.P256(), rand.Reader)
+	if err != nil {
 		return nil, err
 	}
-
-	d := new(big.Int).SetBytes(b)
-	d.Mod(d, new(big.Int).Sub(c.N, big.NewInt(1)))
-	d.Add(d, big.NewInt(1))
-
-	p := &PrivateKey{b: d.Bytes()}
-	return p, nil
+	return &PrivateKey{b: priv}, nil
 }
 
 // NewPrivateKeyFromHex returns a PrivateKey created from the
@@ -68,38 +57,15 @@ func NewPrivateKeyFromRawBytes(b []byte) (*PrivateKey, error) {
 }
 
 // PublicKey derives the public key from the private key.
-func (p *PrivateKey) PublicKey() (*PublicKey, error) {
+func (p *PrivateKey) PublicKey() *PublicKey {
 	var (
-		err error
-		pk PublicKey
-		c = crypto.NewEllipticCurve()
+		c = elliptic.P256()
 		q = new(big.Int).SetBytes(p.b)
 	)
 
-	point := c.ScalarBaseMult(q)
-	if !c.IsOnCurve(point) {
-		return nil, errors.New("failed to derive public key using elliptic curve")
-	}
+	x, y := c.ScalarBaseMult(q.Bytes())
 
-	bx := point.X.Bytes()
-	padded := append(
-		bytes.Repeat(
-			[]byte{0x00},
-			32-len(bx),
-		),
-		bx...,
-	)
-
-	prefix := []byte{0x03}
-	if point.Y.Bit(0) == 0 {
-		prefix = []byte{0x02}
-	}
-	b := append(prefix, padded...)
-
-	if err = pk.DecodeBytes(b); err != nil {
-		return nil, err
-	}
-	return &pk, nil
+	return &PublicKey{X: x, Y: y}
 }
 
 // NewPrivateKeyFromWIF returns a NEO PrivateKey from the given
@@ -115,27 +81,27 @@ func NewPrivateKeyFromWIF(wif string) (*PrivateKey, error) {
 // WIF returns the (wallet import format) of the PrivateKey.
 // Good documentation about this process can be found here:
 // https://en.bitcoin.it/wiki/Wallet_import_format
-func (p *PrivateKey) WIF() (string, error) {
-	return WIFEncode(p.b, WIFVersion, true)
+func (p *PrivateKey) WIF() string {
+	w, err := WIFEncode(p.b, WIFVersion, true)
+	// The only way WIFEncode() can fail is if we're to give it a key of
+	// wrong size, but we have a proper key here, aren't we?
+	if err != nil {
+		panic(err)
+	}
+	return w
 }
 
 // Address derives the public NEO address that is coupled with the private key, and
 // returns it as a string.
-func (p *PrivateKey) Address() (string, error) {
-	pk, err := p.PublicKey()
-	if err != nil {
-		return "", err
-	}
-	return pk.Address(), nil
+func (p *PrivateKey) Address() string {
+	pk := p.PublicKey()
+	return pk.Address()
 }
 
 // Signature creates the signature using the private key.
-func (p *PrivateKey) Signature() ([]byte, error) {
-	pk, err := p.PublicKey()
-	if err != nil {
-		return nil, err
-	}
-	return pk.Signature(), nil
+func (p *PrivateKey) Signature() []byte {
+	pk := p.PublicKey()
+	return pk.Signature()
 }
 
 // Sign signs arbitrary length data using the private key.

pkg/crypto/keys/private_key_test.go

@@ -14,14 +14,12 @@ func TestPrivateKey(t *testing.T) {
 	for _, testCase := range keytestcases.Arr {
 		privKey, err := NewPrivateKeyFromHex(testCase.PrivateKey)
 		assert.Nil(t, err)
-		address, err := privKey.Address()
-		assert.Nil(t, err)
+		address := privKey.Address()
 		assert.Equal(t, testCase.Address, address)
 
-		wif, err := privKey.WIF()
-		assert.Nil(t, err)
+		wif := privKey.WIF()
 		assert.Equal(t, testCase.Wif, wif)
-		pubKey, _ := privKey.PublicKey()
+		pubKey := privKey.PublicKey()
 		assert.Equal(t, hex.EncodeToString(pubKey.Bytes()), testCase.PublicKey)
 	}
 }

pkg/crypto/keys/publickey.go

@@ -7,6 +7,7 @@ import (
 	"crypto/x509"
 	"encoding/binary"
 	"encoding/hex"
+	"fmt"
 	"io"
 	"math/big"
 
@@ -35,9 +36,10 @@ func (keys PublicKeys) Less(i, j int) bool {
 }
 
 // PublicKey represents a public key and provides a high level
-// API around the ECPoint.
+// API around the X/Y point.
 type PublicKey struct {
-	crypto.ECPoint
+	X *big.Int
+	Y *big.Int
 }
 
 // NewPublicKeyFromString return a public key created from the
@@ -58,7 +60,7 @@ func NewPublicKeyFromString(s string) (*PublicKey, error) {
 
 // Bytes returns the byte array representation of the public key.
 func (p *PublicKey) Bytes() []byte {
-	if p.IsInfinity() {
+	if p.isInfinity() {
 		return []byte{0x00}
 	}
 
@@ -89,78 +91,95 @@ func NewPublicKeyFromRawBytes(data []byte) (*PublicKey, error) {
 		return nil, errors.New("given bytes aren't ECDSA public key")
 	}
 	key := PublicKey{
-		crypto.ECPoint{
-			X: pk.X,
-			Y: pk.Y,
-		},
+		X: pk.X,
+		Y: pk.Y,
 	}
 	return &key, nil
 }
 
+// decodeCompressedY performs decompression of Y coordinate for given X and Y's least significant bit
+func decodeCompressedY(x *big.Int, ylsb uint) (*big.Int, error) {
+	c := elliptic.P256()
+	cp := c.Params()
+	three := big.NewInt(3)
+	/* y**2 = x**3 + a*x + b  % p */
+	xCubed := new(big.Int).Exp(x, three, cp.P)
+	threeX := new(big.Int).Mul(x, three)
+	threeX.Mod(threeX, cp.P)
+	ySquared := new(big.Int).Sub(xCubed, threeX)
+	ySquared.Add(ySquared, cp.B)
+	ySquared.Mod(ySquared, cp.P)
+	y := new(big.Int).ModSqrt(ySquared, cp.P)
+	if y == nil {
+		return nil, errors.New("error computing Y for compressed point")
+	}
+	if y.Bit(0) != ylsb {
+		y.Neg(y)
+		y.Mod(y, cp.P)
+	}
+	return y, nil
+}
+
 // DecodeBytes decodes a PublicKey from the given slice of bytes.
 func (p *PublicKey) DecodeBytes(data []byte) error {
-	l := len(data)
-
-	switch prefix := data[0]; prefix {
-	// Infinity
-	case 0x00:
-		p.ECPoint = crypto.ECPoint{}
-	// Compressed public keys
-	case 0x02, 0x03:
-		if l < 33 {
-			return errors.Errorf("bad binary size(%d)", l)
-		}
-
-		c := crypto.NewEllipticCurve()
-		var err error
-		p.ECPoint, err = c.Decompress(new(big.Int).SetBytes(data[1:]), uint(prefix&0x1))
-		if err != nil {
-			return err
-		}
-	case 0x04:
-		if l < 66 {
-			return errors.Errorf("bad binary size(%d)", l)
-		}
-		p.X = new(big.Int).SetBytes(data[2:34])
-		p.Y = new(big.Int).SetBytes(data[34:66])
-	default:
-		return errors.Errorf("invalid prefix %d", prefix)
-	}
-
-	return nil
+	var datab []byte
+	copy(datab, data)
+	b := bytes.NewBuffer(datab)
+	return p.DecodeBinary(b)
 }
 
 // DecodeBinary decodes a PublicKey from the given io.Reader.
 func (p *PublicKey) DecodeBinary(r io.Reader) error {
-	var prefix, size uint8
+	var prefix uint8
+	var x, y *big.Int
+	var err error
 
-	if err := binary.Read(r, binary.LittleEndian, &prefix); err != nil {
+	if err = binary.Read(r, binary.LittleEndian, &prefix); err != nil {
 		return err
 	}
 
 	// Infinity
 	switch prefix {
 	case 0x00:
-		p.ECPoint = crypto.ECPoint{}
+		// noop, initialized to nil
 		return nil
-	// Compressed public keys
 	case 0x02, 0x03:
-		size = 32
+		// Compressed public keys
+		xbytes := make([]byte, 32)
+		if _, err := io.ReadFull(r, xbytes); err != nil {
+			return err
+		}
+		x = new(big.Int).SetBytes(xbytes)
+		ylsb := uint(prefix&0x1)
+		y, err = decodeCompressedY(x, ylsb)
+		if err != nil {
+			return err
+		}
 	case 0x04:
-		size = 65
+		xbytes := make([]byte, 32)
+		ybytes := make([]byte, 32)
+		if _, err = io.ReadFull(r, xbytes); err != nil {
+			return err
+		}
+		if _, err = io.ReadFull(r, ybytes); err != nil {
+			return err
+		}
+		x = new(big.Int).SetBytes(xbytes)
+		y = new(big.Int).SetBytes(ybytes)
 	default:
 		return errors.Errorf("invalid prefix %d", prefix)
 	}
-
-	data := make([]byte, size+1) // prefix + size
-
-	if _, err := io.ReadFull(r, data[1:]); err != nil {
-		return err
+	c := elliptic.P256()
+	cp := c.Params()
+	if !c.IsOnCurve(x, y) {
+		return errors.New("enccoded point is not on the P256 curve")
 	}
+	if x.Cmp(cp.P) >= 0 || y.Cmp(cp.P) >= 0 {
+		return errors.New("enccoded point is not correct (X or Y is bigger than P")
+	}
+	p.X, p.Y = x, y
 
-	data[0] = prefix
-
-	return p.DecodeBytes(data)
+	return nil
 }
 
 // EncodeBinary encodes a PublicKey to the given io.Writer.
@@ -206,3 +225,18 @@ func (p *PublicKey) Verify(signature []byte, hash []byte) bool {
 	sBytes := new(big.Int).SetBytes(signature[32:64])
 	return ecdsa.Verify(publicKey, hash, rBytes, sBytes)
 }
+
+// isInfinity checks if point P is infinity on EllipticCurve ec.
+func (p *PublicKey) isInfinity() bool {
+	return p.X == nil && p.Y == nil
+}
+
+// String implements the Stringer interface.
+func (p *PublicKey) String() string {
+	if p.isInfinity() {
+		return "00"
+	}
+	bx := hex.EncodeToString(p.X.Bytes())
+	by := hex.EncodeToString(p.Y.Bytes())
+	return fmt.Sprintf("%s%s", bx, by)
+}

pkg/crypto/keys/publickey_test.go

@@ -5,12 +5,11 @@ import (
 	"encoding/hex"
 	"testing"
 
-	"github.com/CityOfZion/neo-go/pkg/crypto"
 	"github.com/stretchr/testify/assert"
 )
 
 func TestEncodeDecodeInfinity(t *testing.T) {
-	key := &PublicKey{crypto.ECPoint{}}
+	key := &PublicKey{}
 	buf := new(bytes.Buffer)
 	assert.Nil(t, key.EncodeBinary(buf))
 	assert.Equal(t, 1, buf.Len())
@@ -22,7 +21,9 @@ func TestEncodeDecodeInfinity(t *testing.T) {
 
 func TestEncodeDecodePublicKey(t *testing.T) {
 	for i := 0; i < 4; i++ {
-		p := &PublicKey{crypto.RandomECPoint()}
+		k, err := NewPrivateKey()
+		assert.Nil(t, err)
+		p := k.PublicKey()
 		buf := new(bytes.Buffer)
 		assert.Nil(t, p.EncodeBinary(buf))
 

pkg/crypto/keys/sign_verify_test.go

@@ -15,8 +15,7 @@ func TestPubKeyVerify(t *testing.T) {
 	assert.Nil(t, err)
 	signedData, err := privKey.Sign(data)
 	assert.Nil(t, err)
-	pubKey, err := privKey.PublicKey()
-	assert.Nil(t, err)
+	pubKey := privKey.PublicKey()
 	result := pubKey.Verify(signedData, hashedData.Bytes())
 	expected := true
 	assert.Equal(t, expected, result)
@@ -29,7 +28,7 @@ func TestWrongPubKey(t *testing.T) {
 	signedData, _ := privKey.Sign(sample)
 
 	secondPrivKey, _ := NewPrivateKey()
-	wrongPubKey, _ := secondPrivKey.PublicKey()
+	wrongPubKey := secondPrivKey.PublicKey()
 
 	actual := wrongPubKey.Verify(signedData, hashedData.Bytes())
 	expcted := false

pkg/crypto/keys/wif.go

@@ -92,7 +92,7 @@ func WIFDecode(wif string, version byte) (*WIF, error) {
 }
 
 // GetVerificationScript returns NEO VM bytecode with checksig command for the public key.
-func (wif WIF) GetVerificationScript() ([]byte, error) {
+func (wif WIF) GetVerificationScript() []byte {
 	const (
 		pushbytes33 = 0x21
 		checksig    = 0xac
@@ -101,11 +101,8 @@ func (wif WIF) GetVerificationScript() ([]byte, error) {
 		vScript []byte
 		pubkey *PublicKey
 	)
-	pubkey, err := wif.PrivateKey.PublicKey()
-	if err != nil {
-		return nil, err
-	}
+	pubkey = wif.PrivateKey.PublicKey()
 	vScript = append([]byte{pushbytes33}, pubkey.Bytes()...)
 	vScript = append(vScript, checksig)
-	return vScript, nil
+	return vScript
 }

pkg/crypto/modular_arithmetic.go

@@ -1,61 +0,0 @@
-package crypto
-
-import "math/big"
-
-// addMod computes z = (x + y) % p.
-func addMod(x *big.Int, y *big.Int, p *big.Int) (z *big.Int) {
-	z = new(big.Int).Add(x, y)
-	z.Mod(z, p)
-	return z
-}
-
-// subMod computes z = (x - y) % p.
-func subMod(x *big.Int, y *big.Int, p *big.Int) (z *big.Int) {
-	z = new(big.Int).Sub(x, y)
-	z.Mod(z, p)
-	return z
-}
-
-// mulMod computes z = (x * y) % p.
-func mulMod(x *big.Int, y *big.Int, p *big.Int) (z *big.Int) {
-	n := new(big.Int).Set(x)
-	z = big.NewInt(0)
-
-	for i := 0; i < y.BitLen(); i++ {
-		if y.Bit(i) == 1 {
-			z = addMod(z, n, p)
-		}
-		n = addMod(n, n, p)
-	}
-
-	return z
-}
-
-// invMod computes z = (1/x) % p.
-func invMod(x *big.Int, p *big.Int) (z *big.Int) {
-	z = new(big.Int).ModInverse(x, p)
-	return z
-}
-
-// expMod computes z = (x^e) % p.
-func expMod(x *big.Int, y *big.Int, p *big.Int) (z *big.Int) {
-	z = new(big.Int).Exp(x, y, p)
-	return z
-}
-
-// sqrtMod computes z = sqrt(x) % p.
-func sqrtMod(x *big.Int, p *big.Int) (z *big.Int) {
-	/* assert that p % 4 == 3 */
-	if new(big.Int).Mod(p, big.NewInt(4)).Cmp(big.NewInt(3)) != 0 {
-		panic("p is not equal to 3 mod 4!")
-	}
-
-	/* z = sqrt(x) % p = x^((p+1)/4) % p */
-
-	/* e = (p+1)/4 */
-	e := new(big.Int).Add(p, big.NewInt(1))
-	e = e.Rsh(e, 2)
-
-	z = expMod(x, e, p)
-	return z
-}

pkg/rpc/txBuilder.go

@@ -25,9 +25,7 @@ func CreateRawContractTransaction(params ContractTxParams) (*transaction.Transac
 		wif, assetID, address, amount, balancer = params.wif, params.assetID, params.address, params.value, params.balancer
 	)
 
-	if fromAddress, err = wif.PrivateKey.Address(); err != nil {
-		return nil, errs.Wrapf(err, "Failed to take address from WIF: %v", wif.S)
-	}
+	fromAddress = wif.PrivateKey.Address()
 
 	if fromAddressHash, err = crypto.Uint160DecodeAddress(fromAddress); err != nil {
 		return nil, errs.Wrapf(err, "Failed to take script hash from address: %v", fromAddress)
@@ -59,9 +57,7 @@ func CreateRawContractTransaction(params ContractTxParams) (*transaction.Transac
 	if witness.InvocationScript, err = GetInvocationScript(tx, wif); err != nil {
 		return nil, errs.Wrap(err, "Failed to create invocation script")
 	}
-	if witness.VerificationScript, err = wif.GetVerificationScript(); err != nil {
-		return nil, errs.Wrap(err, "Failed to create verification script")
-	}
+	witness.VerificationScript = wif.GetVerificationScript()
 	tx.Scripts = append(tx.Scripts, &witness)
 	tx.Hash()
 

pkg/wallet/account.go

@@ -57,7 +57,7 @@ func NewAccount() (*Account, error) {
 	if err != nil {
 		return nil, err
 	}
-	return newAccountFromPrivateKey(priv)
+	return newAccountFromPrivateKey(priv), nil
 }
 
 // DecryptAccount decrypt the encryptedWIF with the given passphrase and
@@ -87,23 +87,14 @@ func NewAccountFromWIF(wif string) (*Account, error) {
 	if err != nil {
 		return nil, err
 	}
-	return newAccountFromPrivateKey(privKey)
+	return newAccountFromPrivateKey(privKey), nil
 }
 
 // newAccountFromPrivateKey created a wallet from the given PrivateKey.
-func newAccountFromPrivateKey(p *keys.PrivateKey) (*Account, error) {
-	pubKey, err := p.PublicKey()
-	if err != nil {
-		return nil, err
-	}
-	pubAddr, err := p.Address()
-	if err != nil {
-		return nil, err
-	}
-	wif, err := p.WIF()
-	if err != nil {
-		return nil, err
-	}
+func newAccountFromPrivateKey(p *keys.PrivateKey) *Account {
+	pubKey := p.PublicKey()
+	pubAddr := p.Address()
+	wif := p.WIF()
 
 	a := &Account{
 		publicKey:  pubKey.Bytes(),
@@ -112,5 +103,5 @@ func newAccountFromPrivateKey(p *keys.PrivateKey) (*Account, error) {
 		wif:        wif,
 	}
 
-	return a, nil
+	return a
 }