forked from TrueCloudLab/neoneo-go
Merge pull request #352 from nspcc-dev/drop-bad-crypto-fix-245
Really simplifies our crypto library and fixes #245.
This commit is contained in:
commit
bcd81bcfb2
13 changed files with 134 additions and 496 deletions
|
@ -4,7 +4,6 @@ import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/CityOfZion/neo-go/pkg/crypto"
|
|
||||||
"github.com/CityOfZion/neo-go/pkg/crypto/keys"
|
"github.com/CityOfZion/neo-go/pkg/crypto/keys"
|
||||||
"github.com/CityOfZion/neo-go/pkg/util"
|
"github.com/CityOfZion/neo-go/pkg/util"
|
||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
|
@ -18,9 +17,9 @@ func TestDecodeEncodeAccountState(t *testing.T) {
|
||||||
)
|
)
|
||||||
for i := 0; i < n; i++ {
|
for i := 0; i < n; i++ {
|
||||||
balances[randomUint256()] = util.Fixed8(int64(randomInt(1, 10000)))
|
balances[randomUint256()] = util.Fixed8(int64(randomInt(1, 10000)))
|
||||||
votes[i] = &keys.PublicKey{
|
k, err := keys.NewPrivateKey()
|
||||||
ECPoint: crypto.RandomECPoint(),
|
assert.Nil(t, err)
|
||||||
}
|
votes[i] = k.PublicKey()
|
||||||
}
|
}
|
||||||
|
|
||||||
a := &AccountState{
|
a := &AccountState{
|
||||||
|
|
|
@ -1,274 +0,0 @@
|
||||||
package crypto
|
|
||||||
|
|
||||||
// Original work completed by @vsergeev: https://github.com/vsergeev/btckeygenie
|
|
||||||
// Expanded and tweaked upon here under MIT license.
|
|
||||||
|
|
||||||
import (
|
|
||||||
"bytes"
|
|
||||||
"crypto/rand"
|
|
||||||
"encoding/binary"
|
|
||||||
"encoding/hex"
|
|
||||||
"errors"
|
|
||||||
"fmt"
|
|
||||||
"io"
|
|
||||||
"math/big"
|
|
||||||
|
|
||||||
"github.com/CityOfZion/neo-go/pkg/util"
|
|
||||||
)
|
|
||||||
|
|
||||||
type (
|
|
||||||
// EllipticCurve represents the parameters of a short Weierstrass equation elliptic
|
|
||||||
// curve.
|
|
||||||
EllipticCurve struct {
|
|
||||||
A *big.Int
|
|
||||||
B *big.Int
|
|
||||||
P *big.Int
|
|
||||||
G ECPoint
|
|
||||||
N *big.Int
|
|
||||||
H *big.Int
|
|
||||||
}
|
|
||||||
|
|
||||||
// ECPoint represents a point on the EllipticCurve.
|
|
||||||
ECPoint struct {
|
|
||||||
X *big.Int
|
|
||||||
Y *big.Int
|
|
||||||
}
|
|
||||||
)
|
|
||||||
|
|
||||||
// NewEllipticCurve returns a ready to use EllipticCurve with preconfigured
|
|
||||||
// fields for the NEO protocol.
|
|
||||||
func NewEllipticCurve() EllipticCurve {
|
|
||||||
c := EllipticCurve{}
|
|
||||||
|
|
||||||
c.P, _ = new(big.Int).SetString(
|
|
||||||
"FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF", 16,
|
|
||||||
)
|
|
||||||
c.A, _ = new(big.Int).SetString(
|
|
||||||
"FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC", 16,
|
|
||||||
)
|
|
||||||
c.B, _ = new(big.Int).SetString(
|
|
||||||
"5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B", 16,
|
|
||||||
)
|
|
||||||
c.G.X, _ = new(big.Int).SetString(
|
|
||||||
"6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296", 16,
|
|
||||||
)
|
|
||||||
c.G.Y, _ = new(big.Int).SetString(
|
|
||||||
"4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5", 16,
|
|
||||||
)
|
|
||||||
c.N, _ = new(big.Int).SetString(
|
|
||||||
"FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551", 16,
|
|
||||||
)
|
|
||||||
c.H, _ = new(big.Int).SetString("01", 16)
|
|
||||||
|
|
||||||
return c
|
|
||||||
}
|
|
||||||
|
|
||||||
// RandomECPoint returns a random generated ECPoint, mostly used
|
|
||||||
// for testing.
|
|
||||||
func RandomECPoint() ECPoint {
|
|
||||||
c := NewEllipticCurve()
|
|
||||||
b := make([]byte, c.N.BitLen()/8+8)
|
|
||||||
if _, err := io.ReadFull(rand.Reader, b); err != nil {
|
|
||||||
return ECPoint{}
|
|
||||||
}
|
|
||||||
|
|
||||||
d := new(big.Int).SetBytes(b)
|
|
||||||
d.Mod(d, new(big.Int).Sub(c.N, big.NewInt(1)))
|
|
||||||
d.Add(d, big.NewInt(1))
|
|
||||||
|
|
||||||
q := new(big.Int).SetBytes(d.Bytes())
|
|
||||||
return c.ScalarBaseMult(q)
|
|
||||||
}
|
|
||||||
|
|
||||||
// ECPointFromReader return a new point from the given reader.
|
|
||||||
// f == 4, 6 or 7 are not implemented.
|
|
||||||
func ECPointFromReader(r io.Reader) (point ECPoint, err error) {
|
|
||||||
var f uint8
|
|
||||||
if err = binary.Read(r, binary.LittleEndian, &f); err != nil {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// Infinity
|
|
||||||
if f == 0 {
|
|
||||||
return ECPoint{
|
|
||||||
X: new(big.Int),
|
|
||||||
Y: new(big.Int),
|
|
||||||
}, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
if f == 2 || f == 3 {
|
|
||||||
y := new(big.Int).SetBytes([]byte{f & 1})
|
|
||||||
data := make([]byte, 32)
|
|
||||||
if err = binary.Read(r, binary.LittleEndian, data); err != nil {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
data = util.ArrayReverse(data)
|
|
||||||
data = append(data, byte(0x00))
|
|
||||||
|
|
||||||
return ECPoint{
|
|
||||||
X: new(big.Int).SetBytes(data),
|
|
||||||
Y: y,
|
|
||||||
}, nil
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// EncodeBinary encodes the point to the given io.Writer.
|
|
||||||
func (p ECPoint) EncodeBinary(w io.Writer) error {
|
|
||||||
bx := p.X.Bytes()
|
|
||||||
padded := append(
|
|
||||||
bytes.Repeat(
|
|
||||||
[]byte{0x00},
|
|
||||||
32-len(bx),
|
|
||||||
),
|
|
||||||
bx...,
|
|
||||||
)
|
|
||||||
|
|
||||||
prefix := byte(0x03)
|
|
||||||
if p.Y.Bit(0) == 0 {
|
|
||||||
prefix = byte(0x02)
|
|
||||||
}
|
|
||||||
buf := make([]byte, len(padded)+1)
|
|
||||||
buf[0] = prefix
|
|
||||||
copy(buf[1:], padded)
|
|
||||||
|
|
||||||
return binary.Write(w, binary.LittleEndian, buf)
|
|
||||||
}
|
|
||||||
|
|
||||||
// String implements the Stringer interface.
|
|
||||||
func (p *ECPoint) String() string {
|
|
||||||
if p.IsInfinity() {
|
|
||||||
return "00"
|
|
||||||
}
|
|
||||||
bx := hex.EncodeToString(p.X.Bytes())
|
|
||||||
by := hex.EncodeToString(p.Y.Bytes())
|
|
||||||
return fmt.Sprintf("%s%s", bx, by)
|
|
||||||
}
|
|
||||||
|
|
||||||
// IsInfinity checks if point P is infinity on EllipticCurve ec.
|
|
||||||
func (p *ECPoint) IsInfinity() bool {
|
|
||||||
return p.X == nil && p.Y == nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// IsInfinity checks if point P is infinity on EllipticCurve ec.
|
|
||||||
func (c *EllipticCurve) IsInfinity(P ECPoint) bool {
|
|
||||||
return P.X == nil && P.Y == nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// IsOnCurve checks if point P is on EllipticCurve ec.
|
|
||||||
func (c *EllipticCurve) IsOnCurve(P ECPoint) bool {
|
|
||||||
if c.IsInfinity(P) {
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
lhs := mulMod(P.Y, P.Y, c.P)
|
|
||||||
rhs := addMod(
|
|
||||||
addMod(
|
|
||||||
expMod(P.X, big.NewInt(3), c.P),
|
|
||||||
mulMod(c.A, P.X, c.P), c.P),
|
|
||||||
c.B, c.P)
|
|
||||||
|
|
||||||
return lhs.Cmp(rhs) == 0
|
|
||||||
}
|
|
||||||
|
|
||||||
// Add computes R = P + Q on EllipticCurve ec.
|
|
||||||
func (c *EllipticCurve) Add(P, Q ECPoint) (R ECPoint) {
|
|
||||||
// See rules 1-5 on SEC1 pg.7 http://www.secg.org/collateral/sec1_final.pdf
|
|
||||||
if c.IsInfinity(P) && c.IsInfinity(Q) {
|
|
||||||
R.X = nil
|
|
||||||
R.Y = nil
|
|
||||||
} else if c.IsInfinity(P) {
|
|
||||||
R.X = new(big.Int).Set(Q.X)
|
|
||||||
R.Y = new(big.Int).Set(Q.Y)
|
|
||||||
} else if c.IsInfinity(Q) {
|
|
||||||
R.X = new(big.Int).Set(P.X)
|
|
||||||
R.Y = new(big.Int).Set(P.Y)
|
|
||||||
} else if P.X.Cmp(Q.X) == 0 && addMod(P.Y, Q.Y, c.P).Sign() == 0 {
|
|
||||||
R.X = nil
|
|
||||||
R.Y = nil
|
|
||||||
} else if P.X.Cmp(Q.X) == 0 && P.Y.Cmp(Q.Y) == 0 && P.Y.Sign() != 0 {
|
|
||||||
num := addMod(
|
|
||||||
mulMod(big.NewInt(3),
|
|
||||||
mulMod(P.X, P.X, c.P), c.P),
|
|
||||||
c.A, c.P)
|
|
||||||
den := invMod(mulMod(big.NewInt(2), P.Y, c.P), c.P)
|
|
||||||
lambda := mulMod(num, den, c.P)
|
|
||||||
R.X = subMod(
|
|
||||||
mulMod(lambda, lambda, c.P),
|
|
||||||
mulMod(big.NewInt(2), P.X, c.P),
|
|
||||||
c.P)
|
|
||||||
R.Y = subMod(
|
|
||||||
mulMod(lambda, subMod(P.X, R.X, c.P), c.P),
|
|
||||||
P.Y, c.P)
|
|
||||||
} else if P.X.Cmp(Q.X) != 0 {
|
|
||||||
num := subMod(Q.Y, P.Y, c.P)
|
|
||||||
den := invMod(subMod(Q.X, P.X, c.P), c.P)
|
|
||||||
lambda := mulMod(num, den, c.P)
|
|
||||||
R.X = subMod(
|
|
||||||
subMod(
|
|
||||||
mulMod(lambda, lambda, c.P),
|
|
||||||
P.X, c.P),
|
|
||||||
Q.X, c.P)
|
|
||||||
R.Y = subMod(
|
|
||||||
mulMod(lambda,
|
|
||||||
subMod(P.X, R.X, c.P), c.P),
|
|
||||||
P.Y, c.P)
|
|
||||||
} else {
|
|
||||||
panic(fmt.Sprintf("Unsupported point addition: %v + %v", P, Q))
|
|
||||||
}
|
|
||||||
|
|
||||||
return R
|
|
||||||
}
|
|
||||||
|
|
||||||
// ScalarMult computes Q = k * P on EllipticCurve ec.
|
|
||||||
func (c *EllipticCurve) ScalarMult(k *big.Int, P ECPoint) (Q ECPoint) {
|
|
||||||
// Implementation based on pseudocode here:
|
|
||||||
// https://en.wikipedia.org/wiki/Elliptic_curve_point_multiplication#Montgomery_ladder
|
|
||||||
var R0 ECPoint
|
|
||||||
var R1 ECPoint
|
|
||||||
|
|
||||||
R0.X = nil
|
|
||||||
R0.Y = nil
|
|
||||||
R1.X = new(big.Int).Set(P.X)
|
|
||||||
R1.Y = new(big.Int).Set(P.Y)
|
|
||||||
|
|
||||||
for i := c.N.BitLen() - 1; i >= 0; i-- {
|
|
||||||
if k.Bit(i) == 0 {
|
|
||||||
R1 = c.Add(R0, R1)
|
|
||||||
R0 = c.Add(R0, R0)
|
|
||||||
} else {
|
|
||||||
R0 = c.Add(R0, R1)
|
|
||||||
R1 = c.Add(R1, R1)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return R0
|
|
||||||
}
|
|
||||||
|
|
||||||
// ScalarBaseMult computes Q = k * G on EllipticCurve ec.
|
|
||||||
func (c *EllipticCurve) ScalarBaseMult(k *big.Int) (Q ECPoint) {
|
|
||||||
return c.ScalarMult(k, c.G)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Decompress decompresses coordinate x and ylsb (y's least significant bit) into a ECPoint P on EllipticCurve ec.
|
|
||||||
func (c *EllipticCurve) Decompress(x *big.Int, ylsb uint) (P ECPoint, err error) {
|
|
||||||
/* y**2 = x**3 + a*x + b % p */
|
|
||||||
rhs := addMod(
|
|
||||||
addMod(
|
|
||||||
expMod(x, big.NewInt(3), c.P),
|
|
||||||
mulMod(c.A, x, c.P),
|
|
||||||
c.P),
|
|
||||||
c.B, c.P)
|
|
||||||
|
|
||||||
y := sqrtMod(rhs, c.P)
|
|
||||||
if y.Bit(0) != (ylsb & 0x1) {
|
|
||||||
y = subMod(big.NewInt(0), y, c.P)
|
|
||||||
}
|
|
||||||
|
|
||||||
P.X = x
|
|
||||||
P.Y = y
|
|
||||||
|
|
||||||
if !c.IsOnCurve(P) {
|
|
||||||
return P, errors.New("compressed (x, ylsb) not on curve")
|
|
||||||
}
|
|
||||||
|
|
||||||
return P, nil
|
|
||||||
}
|
|
|
@ -44,10 +44,7 @@ func NEP2ScryptParams() ScryptParams {
|
||||||
// NEP2Encrypt encrypts a the PrivateKey using a given passphrase
|
// NEP2Encrypt encrypts a the PrivateKey using a given passphrase
|
||||||
// under the NEP-2 standard.
|
// under the NEP-2 standard.
|
||||||
func NEP2Encrypt(priv *PrivateKey, passphrase string) (s string, err error) {
|
func NEP2Encrypt(priv *PrivateKey, passphrase string) (s string, err error) {
|
||||||
address, err := priv.Address()
|
address := priv.Address()
|
||||||
if err != nil {
|
|
||||||
return s, err
|
|
||||||
}
|
|
||||||
|
|
||||||
addrHash := hash.Checksum([]byte(address))
|
addrHash := hash.Checksum([]byte(address))
|
||||||
// Normalize the passphrase according to the NFC standard.
|
// Normalize the passphrase according to the NFC standard.
|
||||||
|
@ -119,14 +116,11 @@ func NEP2Decrypt(key, passphrase string) (s string, err error) {
|
||||||
return s, errors.New("password mismatch")
|
return s, errors.New("password mismatch")
|
||||||
}
|
}
|
||||||
|
|
||||||
return privKey.WIF()
|
return privKey.WIF(), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func compareAddressHash(priv *PrivateKey, inhash []byte) bool {
|
func compareAddressHash(priv *PrivateKey, inhash []byte) bool {
|
||||||
address, err := priv.Address()
|
address := priv.Address()
|
||||||
if err != nil {
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
addrHash := hash.Checksum([]byte(address))
|
addrHash := hash.Checksum([]byte(address))
|
||||||
return bytes.Equal(addrHash, inhash)
|
return bytes.Equal(addrHash, inhash)
|
||||||
}
|
}
|
||||||
|
|
|
@ -31,12 +31,10 @@ func TestNEP2Decrypt(t *testing.T) {
|
||||||
|
|
||||||
assert.Equal(t, testCase.PrivateKey, privKey.String())
|
assert.Equal(t, testCase.PrivateKey, privKey.String())
|
||||||
|
|
||||||
wif, err := privKey.WIF()
|
wif := privKey.WIF()
|
||||||
assert.Nil(t, err)
|
|
||||||
assert.Equal(t, testCase.Wif, wif)
|
assert.Equal(t, testCase.Wif, wif)
|
||||||
|
|
||||||
address, err := privKey.Address()
|
address := privKey.Address()
|
||||||
assert.Nil(t, err)
|
|
||||||
assert.Equal(t, testCase.Address, address)
|
assert.Equal(t, testCase.Address, address)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,19 +1,15 @@
|
||||||
package keys
|
package keys
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
|
||||||
"crypto/ecdsa"
|
"crypto/ecdsa"
|
||||||
"crypto/elliptic"
|
"crypto/elliptic"
|
||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
"crypto/sha256"
|
"crypto/sha256"
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
"encoding/hex"
|
"encoding/hex"
|
||||||
"errors"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
|
||||||
"math/big"
|
"math/big"
|
||||||
|
|
||||||
"github.com/CityOfZion/neo-go/pkg/crypto"
|
|
||||||
"github.com/nspcc-dev/rfc6979"
|
"github.com/nspcc-dev/rfc6979"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -24,18 +20,11 @@ type PrivateKey struct {
|
||||||
|
|
||||||
// NewPrivateKey creates a new random private key.
|
// NewPrivateKey creates a new random private key.
|
||||||
func NewPrivateKey() (*PrivateKey, error) {
|
func NewPrivateKey() (*PrivateKey, error) {
|
||||||
c := crypto.NewEllipticCurve()
|
priv, _, _, err := elliptic.GenerateKey(elliptic.P256(), rand.Reader)
|
||||||
b := make([]byte, c.N.BitLen()/8+8)
|
if err != nil {
|
||||||
if _, err := io.ReadFull(rand.Reader, b); err != nil {
|
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
return &PrivateKey{b: priv}, nil
|
||||||
d := new(big.Int).SetBytes(b)
|
|
||||||
d.Mod(d, new(big.Int).Sub(c.N, big.NewInt(1)))
|
|
||||||
d.Add(d, big.NewInt(1))
|
|
||||||
|
|
||||||
p := &PrivateKey{b: d.Bytes()}
|
|
||||||
return p, nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewPrivateKeyFromHex returns a PrivateKey created from the
|
// NewPrivateKeyFromHex returns a PrivateKey created from the
|
||||||
|
@ -68,38 +57,15 @@ func NewPrivateKeyFromRawBytes(b []byte) (*PrivateKey, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// PublicKey derives the public key from the private key.
|
// PublicKey derives the public key from the private key.
|
||||||
func (p *PrivateKey) PublicKey() (*PublicKey, error) {
|
func (p *PrivateKey) PublicKey() *PublicKey {
|
||||||
var (
|
var (
|
||||||
err error
|
c = elliptic.P256()
|
||||||
pk PublicKey
|
|
||||||
c = crypto.NewEllipticCurve()
|
|
||||||
q = new(big.Int).SetBytes(p.b)
|
q = new(big.Int).SetBytes(p.b)
|
||||||
)
|
)
|
||||||
|
|
||||||
point := c.ScalarBaseMult(q)
|
x, y := c.ScalarBaseMult(q.Bytes())
|
||||||
if !c.IsOnCurve(point) {
|
|
||||||
return nil, errors.New("failed to derive public key using elliptic curve")
|
|
||||||
}
|
|
||||||
|
|
||||||
bx := point.X.Bytes()
|
return &PublicKey{X: x, Y: y}
|
||||||
padded := append(
|
|
||||||
bytes.Repeat(
|
|
||||||
[]byte{0x00},
|
|
||||||
32-len(bx),
|
|
||||||
),
|
|
||||||
bx...,
|
|
||||||
)
|
|
||||||
|
|
||||||
prefix := []byte{0x03}
|
|
||||||
if point.Y.Bit(0) == 0 {
|
|
||||||
prefix = []byte{0x02}
|
|
||||||
}
|
|
||||||
b := append(prefix, padded...)
|
|
||||||
|
|
||||||
if err = pk.DecodeBytes(b); err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
return &pk, nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewPrivateKeyFromWIF returns a NEO PrivateKey from the given
|
// NewPrivateKeyFromWIF returns a NEO PrivateKey from the given
|
||||||
|
@ -115,27 +81,27 @@ func NewPrivateKeyFromWIF(wif string) (*PrivateKey, error) {
|
||||||
// WIF returns the (wallet import format) of the PrivateKey.
|
// WIF returns the (wallet import format) of the PrivateKey.
|
||||||
// Good documentation about this process can be found here:
|
// Good documentation about this process can be found here:
|
||||||
// https://en.bitcoin.it/wiki/Wallet_import_format
|
// https://en.bitcoin.it/wiki/Wallet_import_format
|
||||||
func (p *PrivateKey) WIF() (string, error) {
|
func (p *PrivateKey) WIF() string {
|
||||||
return WIFEncode(p.b, WIFVersion, true)
|
w, err := WIFEncode(p.b, WIFVersion, true)
|
||||||
|
// The only way WIFEncode() can fail is if we're to give it a key of
|
||||||
|
// wrong size, but we have a proper key here, aren't we?
|
||||||
|
if err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
return w
|
||||||
}
|
}
|
||||||
|
|
||||||
// Address derives the public NEO address that is coupled with the private key, and
|
// Address derives the public NEO address that is coupled with the private key, and
|
||||||
// returns it as a string.
|
// returns it as a string.
|
||||||
func (p *PrivateKey) Address() (string, error) {
|
func (p *PrivateKey) Address() string {
|
||||||
pk, err := p.PublicKey()
|
pk := p.PublicKey()
|
||||||
if err != nil {
|
return pk.Address()
|
||||||
return "", err
|
|
||||||
}
|
|
||||||
return pk.Address(), nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Signature creates the signature using the private key.
|
// Signature creates the signature using the private key.
|
||||||
func (p *PrivateKey) Signature() ([]byte, error) {
|
func (p *PrivateKey) Signature() []byte {
|
||||||
pk, err := p.PublicKey()
|
pk := p.PublicKey()
|
||||||
if err != nil {
|
return pk.Signature()
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
return pk.Signature(), nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Sign signs arbitrary length data using the private key.
|
// Sign signs arbitrary length data using the private key.
|
||||||
|
|
|
@ -14,14 +14,12 @@ func TestPrivateKey(t *testing.T) {
|
||||||
for _, testCase := range keytestcases.Arr {
|
for _, testCase := range keytestcases.Arr {
|
||||||
privKey, err := NewPrivateKeyFromHex(testCase.PrivateKey)
|
privKey, err := NewPrivateKeyFromHex(testCase.PrivateKey)
|
||||||
assert.Nil(t, err)
|
assert.Nil(t, err)
|
||||||
address, err := privKey.Address()
|
address := privKey.Address()
|
||||||
assert.Nil(t, err)
|
|
||||||
assert.Equal(t, testCase.Address, address)
|
assert.Equal(t, testCase.Address, address)
|
||||||
|
|
||||||
wif, err := privKey.WIF()
|
wif := privKey.WIF()
|
||||||
assert.Nil(t, err)
|
|
||||||
assert.Equal(t, testCase.Wif, wif)
|
assert.Equal(t, testCase.Wif, wif)
|
||||||
pubKey, _ := privKey.PublicKey()
|
pubKey := privKey.PublicKey()
|
||||||
assert.Equal(t, hex.EncodeToString(pubKey.Bytes()), testCase.PublicKey)
|
assert.Equal(t, hex.EncodeToString(pubKey.Bytes()), testCase.PublicKey)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,6 +7,7 @@ import (
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
"encoding/binary"
|
"encoding/binary"
|
||||||
"encoding/hex"
|
"encoding/hex"
|
||||||
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"math/big"
|
"math/big"
|
||||||
|
|
||||||
|
@ -35,9 +36,10 @@ func (keys PublicKeys) Less(i, j int) bool {
|
||||||
}
|
}
|
||||||
|
|
||||||
// PublicKey represents a public key and provides a high level
|
// PublicKey represents a public key and provides a high level
|
||||||
// API around the ECPoint.
|
// API around the X/Y point.
|
||||||
type PublicKey struct {
|
type PublicKey struct {
|
||||||
crypto.ECPoint
|
X *big.Int
|
||||||
|
Y *big.Int
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewPublicKeyFromString return a public key created from the
|
// NewPublicKeyFromString return a public key created from the
|
||||||
|
@ -58,7 +60,7 @@ func NewPublicKeyFromString(s string) (*PublicKey, error) {
|
||||||
|
|
||||||
// Bytes returns the byte array representation of the public key.
|
// Bytes returns the byte array representation of the public key.
|
||||||
func (p *PublicKey) Bytes() []byte {
|
func (p *PublicKey) Bytes() []byte {
|
||||||
if p.IsInfinity() {
|
if p.isInfinity() {
|
||||||
return []byte{0x00}
|
return []byte{0x00}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -89,78 +91,95 @@ func NewPublicKeyFromRawBytes(data []byte) (*PublicKey, error) {
|
||||||
return nil, errors.New("given bytes aren't ECDSA public key")
|
return nil, errors.New("given bytes aren't ECDSA public key")
|
||||||
}
|
}
|
||||||
key := PublicKey{
|
key := PublicKey{
|
||||||
crypto.ECPoint{
|
X: pk.X,
|
||||||
X: pk.X,
|
Y: pk.Y,
|
||||||
Y: pk.Y,
|
|
||||||
},
|
|
||||||
}
|
}
|
||||||
return &key, nil
|
return &key, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// decodeCompressedY performs decompression of Y coordinate for given X and Y's least significant bit
|
||||||
|
func decodeCompressedY(x *big.Int, ylsb uint) (*big.Int, error) {
|
||||||
|
c := elliptic.P256()
|
||||||
|
cp := c.Params()
|
||||||
|
three := big.NewInt(3)
|
||||||
|
/* y**2 = x**3 + a*x + b % p */
|
||||||
|
xCubed := new(big.Int).Exp(x, three, cp.P)
|
||||||
|
threeX := new(big.Int).Mul(x, three)
|
||||||
|
threeX.Mod(threeX, cp.P)
|
||||||
|
ySquared := new(big.Int).Sub(xCubed, threeX)
|
||||||
|
ySquared.Add(ySquared, cp.B)
|
||||||
|
ySquared.Mod(ySquared, cp.P)
|
||||||
|
y := new(big.Int).ModSqrt(ySquared, cp.P)
|
||||||
|
if y == nil {
|
||||||
|
return nil, errors.New("error computing Y for compressed point")
|
||||||
|
}
|
||||||
|
if y.Bit(0) != ylsb {
|
||||||
|
y.Neg(y)
|
||||||
|
y.Mod(y, cp.P)
|
||||||
|
}
|
||||||
|
return y, nil
|
||||||
|
}
|
||||||
|
|
||||||
// DecodeBytes decodes a PublicKey from the given slice of bytes.
|
// DecodeBytes decodes a PublicKey from the given slice of bytes.
|
||||||
func (p *PublicKey) DecodeBytes(data []byte) error {
|
func (p *PublicKey) DecodeBytes(data []byte) error {
|
||||||
l := len(data)
|
var datab []byte
|
||||||
|
copy(datab, data)
|
||||||
switch prefix := data[0]; prefix {
|
b := bytes.NewBuffer(datab)
|
||||||
// Infinity
|
return p.DecodeBinary(b)
|
||||||
case 0x00:
|
|
||||||
p.ECPoint = crypto.ECPoint{}
|
|
||||||
// Compressed public keys
|
|
||||||
case 0x02, 0x03:
|
|
||||||
if l < 33 {
|
|
||||||
return errors.Errorf("bad binary size(%d)", l)
|
|
||||||
}
|
|
||||||
|
|
||||||
c := crypto.NewEllipticCurve()
|
|
||||||
var err error
|
|
||||||
p.ECPoint, err = c.Decompress(new(big.Int).SetBytes(data[1:]), uint(prefix&0x1))
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
case 0x04:
|
|
||||||
if l < 66 {
|
|
||||||
return errors.Errorf("bad binary size(%d)", l)
|
|
||||||
}
|
|
||||||
p.X = new(big.Int).SetBytes(data[2:34])
|
|
||||||
p.Y = new(big.Int).SetBytes(data[34:66])
|
|
||||||
default:
|
|
||||||
return errors.Errorf("invalid prefix %d", prefix)
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// DecodeBinary decodes a PublicKey from the given io.Reader.
|
// DecodeBinary decodes a PublicKey from the given io.Reader.
|
||||||
func (p *PublicKey) DecodeBinary(r io.Reader) error {
|
func (p *PublicKey) DecodeBinary(r io.Reader) error {
|
||||||
var prefix, size uint8
|
var prefix uint8
|
||||||
|
var x, y *big.Int
|
||||||
|
var err error
|
||||||
|
|
||||||
if err := binary.Read(r, binary.LittleEndian, &prefix); err != nil {
|
if err = binary.Read(r, binary.LittleEndian, &prefix); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
// Infinity
|
// Infinity
|
||||||
switch prefix {
|
switch prefix {
|
||||||
case 0x00:
|
case 0x00:
|
||||||
p.ECPoint = crypto.ECPoint{}
|
// noop, initialized to nil
|
||||||
return nil
|
return nil
|
||||||
// Compressed public keys
|
|
||||||
case 0x02, 0x03:
|
case 0x02, 0x03:
|
||||||
size = 32
|
// Compressed public keys
|
||||||
|
xbytes := make([]byte, 32)
|
||||||
|
if _, err := io.ReadFull(r, xbytes); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
x = new(big.Int).SetBytes(xbytes)
|
||||||
|
ylsb := uint(prefix&0x1)
|
||||||
|
y, err = decodeCompressedY(x, ylsb)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
case 0x04:
|
case 0x04:
|
||||||
size = 65
|
xbytes := make([]byte, 32)
|
||||||
|
ybytes := make([]byte, 32)
|
||||||
|
if _, err = io.ReadFull(r, xbytes); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if _, err = io.ReadFull(r, ybytes); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
x = new(big.Int).SetBytes(xbytes)
|
||||||
|
y = new(big.Int).SetBytes(ybytes)
|
||||||
default:
|
default:
|
||||||
return errors.Errorf("invalid prefix %d", prefix)
|
return errors.Errorf("invalid prefix %d", prefix)
|
||||||
}
|
}
|
||||||
|
c := elliptic.P256()
|
||||||
data := make([]byte, size+1) // prefix + size
|
cp := c.Params()
|
||||||
|
if !c.IsOnCurve(x, y) {
|
||||||
if _, err := io.ReadFull(r, data[1:]); err != nil {
|
return errors.New("enccoded point is not on the P256 curve")
|
||||||
return err
|
|
||||||
}
|
}
|
||||||
|
if x.Cmp(cp.P) >= 0 || y.Cmp(cp.P) >= 0 {
|
||||||
|
return errors.New("enccoded point is not correct (X or Y is bigger than P")
|
||||||
|
}
|
||||||
|
p.X, p.Y = x, y
|
||||||
|
|
||||||
data[0] = prefix
|
return nil
|
||||||
|
|
||||||
return p.DecodeBytes(data)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// EncodeBinary encodes a PublicKey to the given io.Writer.
|
// EncodeBinary encodes a PublicKey to the given io.Writer.
|
||||||
|
@ -206,3 +225,18 @@ func (p *PublicKey) Verify(signature []byte, hash []byte) bool {
|
||||||
sBytes := new(big.Int).SetBytes(signature[32:64])
|
sBytes := new(big.Int).SetBytes(signature[32:64])
|
||||||
return ecdsa.Verify(publicKey, hash, rBytes, sBytes)
|
return ecdsa.Verify(publicKey, hash, rBytes, sBytes)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// isInfinity checks if point P is infinity on EllipticCurve ec.
|
||||||
|
func (p *PublicKey) isInfinity() bool {
|
||||||
|
return p.X == nil && p.Y == nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// String implements the Stringer interface.
|
||||||
|
func (p *PublicKey) String() string {
|
||||||
|
if p.isInfinity() {
|
||||||
|
return "00"
|
||||||
|
}
|
||||||
|
bx := hex.EncodeToString(p.X.Bytes())
|
||||||
|
by := hex.EncodeToString(p.Y.Bytes())
|
||||||
|
return fmt.Sprintf("%s%s", bx, by)
|
||||||
|
}
|
||||||
|
|
|
@ -5,12 +5,11 @@ import (
|
||||||
"encoding/hex"
|
"encoding/hex"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/CityOfZion/neo-go/pkg/crypto"
|
|
||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestEncodeDecodeInfinity(t *testing.T) {
|
func TestEncodeDecodeInfinity(t *testing.T) {
|
||||||
key := &PublicKey{crypto.ECPoint{}}
|
key := &PublicKey{}
|
||||||
buf := new(bytes.Buffer)
|
buf := new(bytes.Buffer)
|
||||||
assert.Nil(t, key.EncodeBinary(buf))
|
assert.Nil(t, key.EncodeBinary(buf))
|
||||||
assert.Equal(t, 1, buf.Len())
|
assert.Equal(t, 1, buf.Len())
|
||||||
|
@ -22,7 +21,9 @@ func TestEncodeDecodeInfinity(t *testing.T) {
|
||||||
|
|
||||||
func TestEncodeDecodePublicKey(t *testing.T) {
|
func TestEncodeDecodePublicKey(t *testing.T) {
|
||||||
for i := 0; i < 4; i++ {
|
for i := 0; i < 4; i++ {
|
||||||
p := &PublicKey{crypto.RandomECPoint()}
|
k, err := NewPrivateKey()
|
||||||
|
assert.Nil(t, err)
|
||||||
|
p := k.PublicKey()
|
||||||
buf := new(bytes.Buffer)
|
buf := new(bytes.Buffer)
|
||||||
assert.Nil(t, p.EncodeBinary(buf))
|
assert.Nil(t, p.EncodeBinary(buf))
|
||||||
|
|
||||||
|
|
|
@ -15,8 +15,7 @@ func TestPubKeyVerify(t *testing.T) {
|
||||||
assert.Nil(t, err)
|
assert.Nil(t, err)
|
||||||
signedData, err := privKey.Sign(data)
|
signedData, err := privKey.Sign(data)
|
||||||
assert.Nil(t, err)
|
assert.Nil(t, err)
|
||||||
pubKey, err := privKey.PublicKey()
|
pubKey := privKey.PublicKey()
|
||||||
assert.Nil(t, err)
|
|
||||||
result := pubKey.Verify(signedData, hashedData.Bytes())
|
result := pubKey.Verify(signedData, hashedData.Bytes())
|
||||||
expected := true
|
expected := true
|
||||||
assert.Equal(t, expected, result)
|
assert.Equal(t, expected, result)
|
||||||
|
@ -29,7 +28,7 @@ func TestWrongPubKey(t *testing.T) {
|
||||||
signedData, _ := privKey.Sign(sample)
|
signedData, _ := privKey.Sign(sample)
|
||||||
|
|
||||||
secondPrivKey, _ := NewPrivateKey()
|
secondPrivKey, _ := NewPrivateKey()
|
||||||
wrongPubKey, _ := secondPrivKey.PublicKey()
|
wrongPubKey := secondPrivKey.PublicKey()
|
||||||
|
|
||||||
actual := wrongPubKey.Verify(signedData, hashedData.Bytes())
|
actual := wrongPubKey.Verify(signedData, hashedData.Bytes())
|
||||||
expcted := false
|
expcted := false
|
||||||
|
|
|
@ -92,7 +92,7 @@ func WIFDecode(wif string, version byte) (*WIF, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetVerificationScript returns NEO VM bytecode with checksig command for the public key.
|
// GetVerificationScript returns NEO VM bytecode with checksig command for the public key.
|
||||||
func (wif WIF) GetVerificationScript() ([]byte, error) {
|
func (wif WIF) GetVerificationScript() []byte {
|
||||||
const (
|
const (
|
||||||
pushbytes33 = 0x21
|
pushbytes33 = 0x21
|
||||||
checksig = 0xac
|
checksig = 0xac
|
||||||
|
@ -101,11 +101,8 @@ func (wif WIF) GetVerificationScript() ([]byte, error) {
|
||||||
vScript []byte
|
vScript []byte
|
||||||
pubkey *PublicKey
|
pubkey *PublicKey
|
||||||
)
|
)
|
||||||
pubkey, err := wif.PrivateKey.PublicKey()
|
pubkey = wif.PrivateKey.PublicKey()
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
vScript = append([]byte{pushbytes33}, pubkey.Bytes()...)
|
vScript = append([]byte{pushbytes33}, pubkey.Bytes()...)
|
||||||
vScript = append(vScript, checksig)
|
vScript = append(vScript, checksig)
|
||||||
return vScript, nil
|
return vScript
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,61 +0,0 @@
|
||||||
package crypto
|
|
||||||
|
|
||||||
import "math/big"
|
|
||||||
|
|
||||||
// addMod computes z = (x + y) % p.
|
|
||||||
func addMod(x *big.Int, y *big.Int, p *big.Int) (z *big.Int) {
|
|
||||||
z = new(big.Int).Add(x, y)
|
|
||||||
z.Mod(z, p)
|
|
||||||
return z
|
|
||||||
}
|
|
||||||
|
|
||||||
// subMod computes z = (x - y) % p.
|
|
||||||
func subMod(x *big.Int, y *big.Int, p *big.Int) (z *big.Int) {
|
|
||||||
z = new(big.Int).Sub(x, y)
|
|
||||||
z.Mod(z, p)
|
|
||||||
return z
|
|
||||||
}
|
|
||||||
|
|
||||||
// mulMod computes z = (x * y) % p.
|
|
||||||
func mulMod(x *big.Int, y *big.Int, p *big.Int) (z *big.Int) {
|
|
||||||
n := new(big.Int).Set(x)
|
|
||||||
z = big.NewInt(0)
|
|
||||||
|
|
||||||
for i := 0; i < y.BitLen(); i++ {
|
|
||||||
if y.Bit(i) == 1 {
|
|
||||||
z = addMod(z, n, p)
|
|
||||||
}
|
|
||||||
n = addMod(n, n, p)
|
|
||||||
}
|
|
||||||
|
|
||||||
return z
|
|
||||||
}
|
|
||||||
|
|
||||||
// invMod computes z = (1/x) % p.
|
|
||||||
func invMod(x *big.Int, p *big.Int) (z *big.Int) {
|
|
||||||
z = new(big.Int).ModInverse(x, p)
|
|
||||||
return z
|
|
||||||
}
|
|
||||||
|
|
||||||
// expMod computes z = (x^e) % p.
|
|
||||||
func expMod(x *big.Int, y *big.Int, p *big.Int) (z *big.Int) {
|
|
||||||
z = new(big.Int).Exp(x, y, p)
|
|
||||||
return z
|
|
||||||
}
|
|
||||||
|
|
||||||
// sqrtMod computes z = sqrt(x) % p.
|
|
||||||
func sqrtMod(x *big.Int, p *big.Int) (z *big.Int) {
|
|
||||||
/* assert that p % 4 == 3 */
|
|
||||||
if new(big.Int).Mod(p, big.NewInt(4)).Cmp(big.NewInt(3)) != 0 {
|
|
||||||
panic("p is not equal to 3 mod 4!")
|
|
||||||
}
|
|
||||||
|
|
||||||
/* z = sqrt(x) % p = x^((p+1)/4) % p */
|
|
||||||
|
|
||||||
/* e = (p+1)/4 */
|
|
||||||
e := new(big.Int).Add(p, big.NewInt(1))
|
|
||||||
e = e.Rsh(e, 2)
|
|
||||||
|
|
||||||
z = expMod(x, e, p)
|
|
||||||
return z
|
|
||||||
}
|
|
|
@ -25,9 +25,7 @@ func CreateRawContractTransaction(params ContractTxParams) (*transaction.Transac
|
||||||
wif, assetID, address, amount, balancer = params.wif, params.assetID, params.address, params.value, params.balancer
|
wif, assetID, address, amount, balancer = params.wif, params.assetID, params.address, params.value, params.balancer
|
||||||
)
|
)
|
||||||
|
|
||||||
if fromAddress, err = wif.PrivateKey.Address(); err != nil {
|
fromAddress = wif.PrivateKey.Address()
|
||||||
return nil, errs.Wrapf(err, "Failed to take address from WIF: %v", wif.S)
|
|
||||||
}
|
|
||||||
|
|
||||||
if fromAddressHash, err = crypto.Uint160DecodeAddress(fromAddress); err != nil {
|
if fromAddressHash, err = crypto.Uint160DecodeAddress(fromAddress); err != nil {
|
||||||
return nil, errs.Wrapf(err, "Failed to take script hash from address: %v", fromAddress)
|
return nil, errs.Wrapf(err, "Failed to take script hash from address: %v", fromAddress)
|
||||||
|
@ -59,9 +57,7 @@ func CreateRawContractTransaction(params ContractTxParams) (*transaction.Transac
|
||||||
if witness.InvocationScript, err = GetInvocationScript(tx, wif); err != nil {
|
if witness.InvocationScript, err = GetInvocationScript(tx, wif); err != nil {
|
||||||
return nil, errs.Wrap(err, "Failed to create invocation script")
|
return nil, errs.Wrap(err, "Failed to create invocation script")
|
||||||
}
|
}
|
||||||
if witness.VerificationScript, err = wif.GetVerificationScript(); err != nil {
|
witness.VerificationScript = wif.GetVerificationScript()
|
||||||
return nil, errs.Wrap(err, "Failed to create verification script")
|
|
||||||
}
|
|
||||||
tx.Scripts = append(tx.Scripts, &witness)
|
tx.Scripts = append(tx.Scripts, &witness)
|
||||||
tx.Hash()
|
tx.Hash()
|
||||||
|
|
||||||
|
|
|
@ -57,7 +57,7 @@ func NewAccount() (*Account, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
return newAccountFromPrivateKey(priv)
|
return newAccountFromPrivateKey(priv), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// DecryptAccount decrypt the encryptedWIF with the given passphrase and
|
// DecryptAccount decrypt the encryptedWIF with the given passphrase and
|
||||||
|
@ -87,23 +87,14 @@ func NewAccountFromWIF(wif string) (*Account, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
return newAccountFromPrivateKey(privKey)
|
return newAccountFromPrivateKey(privKey), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// newAccountFromPrivateKey created a wallet from the given PrivateKey.
|
// newAccountFromPrivateKey created a wallet from the given PrivateKey.
|
||||||
func newAccountFromPrivateKey(p *keys.PrivateKey) (*Account, error) {
|
func newAccountFromPrivateKey(p *keys.PrivateKey) *Account {
|
||||||
pubKey, err := p.PublicKey()
|
pubKey := p.PublicKey()
|
||||||
if err != nil {
|
pubAddr := p.Address()
|
||||||
return nil, err
|
wif := p.WIF()
|
||||||
}
|
|
||||||
pubAddr, err := p.Address()
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
wif, err := p.WIF()
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
a := &Account{
|
a := &Account{
|
||||||
publicKey: pubKey.Bytes(),
|
publicKey: pubKey.Bytes(),
|
||||||
|
@ -112,5 +103,5 @@ func newAccountFromPrivateKey(p *keys.PrivateKey) (*Account, error) {
|
||||||
wif: wif,
|
wif: wif,
|
||||||
}
|
}
|
||||||
|
|
||||||
return a, nil
|
return a
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue