crypto.go 5.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204
  1. // Copyright 2014 The go-ethereum Authors
  2. // This file is part of the go-ethereum library.
  3. //
  4. // The go-ethereum library is free software: you can redistribute it and/or modify
  5. // it under the terms of the GNU Lesser General Public License as published by
  6. // the Free Software Foundation, either version 3 of the License, or
  7. // (at your option) any later version.
  8. //
  9. // The go-ethereum library is distributed in the hope that it will be useful,
  10. // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11. // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  12. // GNU Lesser General Public License for more details.
  13. //
  14. // You should have received a copy of the GNU Lesser General Public License
  15. // along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
  16. package crypto
  17. import (
  18. "crypto/ecdsa"
  19. "crypto/elliptic"
  20. "crypto/rand"
  21. "encoding/hex"
  22. "errors"
  23. "fmt"
  24. "io"
  25. "io/ioutil"
  26. "math/big"
  27. "os"
  28. "github.com/ethereum/go-ethereum/common"
  29. "github.com/ethereum/go-ethereum/common/math"
  30. "github.com/ethereum/go-ethereum/crypto/sha3"
  31. "github.com/ethereum/go-ethereum/rlp"
  32. )
  33. var (
  34. secp256k1N, _ = new(big.Int).SetString("fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141", 16)
  35. secp256k1halfN = new(big.Int).Div(secp256k1N, big.NewInt(2))
  36. )
  37. // Keccak256 calculates and returns the Keccak256 hash of the input data.
  38. func Keccak256(data ...[]byte) []byte {
  39. d := sha3.NewKeccak256()
  40. for _, b := range data {
  41. d.Write(b)
  42. }
  43. return d.Sum(nil)
  44. }
  45. // Keccak256Hash calculates and returns the Keccak256 hash of the input data,
  46. // converting it to an internal Hash data structure.
  47. func Keccak256Hash(data ...[]byte) (h common.Hash) {
  48. d := sha3.NewKeccak256()
  49. for _, b := range data {
  50. d.Write(b)
  51. }
  52. d.Sum(h[:0])
  53. return h
  54. }
  55. // Keccak512 calculates and returns the Keccak512 hash of the input data.
  56. func Keccak512(data ...[]byte) []byte {
  57. d := sha3.NewKeccak512()
  58. for _, b := range data {
  59. d.Write(b)
  60. }
  61. return d.Sum(nil)
  62. }
  63. // CreateAddress creates an ethereum address given the bytes and the nonce
  64. func CreateAddress(b common.Address, nonce uint64) common.Address {
  65. data, _ := rlp.EncodeToBytes([]interface{}{b, nonce})
  66. return common.BytesToAddress(Keccak256(data)[12:])
  67. }
  68. // ToECDSA creates a private key with the given D value.
  69. func ToECDSA(d []byte) (*ecdsa.PrivateKey, error) {
  70. return toECDSA(d, true)
  71. }
  72. // ToECDSAUnsafe blindly converts a binary blob to a private key. It should almost
  73. // never be used unless you are sure the input is valid and want to avoid hitting
  74. // errors due to bad origin encoding (0 prefixes cut off).
  75. func ToECDSAUnsafe(d []byte) *ecdsa.PrivateKey {
  76. priv, _ := toECDSA(d, false)
  77. return priv
  78. }
  79. // toECDSA creates a private key with the given D value. The strict parameter
  80. // controls whether the key's length should be enforced at the curve size or
  81. // it can also accept legacy encodings (0 prefixes).
  82. func toECDSA(d []byte, strict bool) (*ecdsa.PrivateKey, error) {
  83. priv := new(ecdsa.PrivateKey)
  84. priv.PublicKey.Curve = S256()
  85. if strict && 8*len(d) != priv.Params().BitSize {
  86. return nil, fmt.Errorf("invalid length, need %d bits", priv.Params().BitSize)
  87. }
  88. priv.D = new(big.Int).SetBytes(d)
  89. // The priv.D must < N
  90. if priv.D.Cmp(secp256k1N) >= 0 {
  91. return nil, fmt.Errorf("invalid private key, >=N")
  92. }
  93. // The priv.D must not be zero or negative.
  94. if priv.D.Sign() <= 0 {
  95. return nil, fmt.Errorf("invalid private key, zero or negative")
  96. }
  97. priv.PublicKey.X, priv.PublicKey.Y = priv.PublicKey.Curve.ScalarBaseMult(d)
  98. if priv.PublicKey.X == nil {
  99. return nil, errors.New("invalid private key")
  100. }
  101. return priv, nil
  102. }
  103. // FromECDSA exports a private key into a binary dump.
  104. func FromECDSA(priv *ecdsa.PrivateKey) []byte {
  105. if priv == nil {
  106. return nil
  107. }
  108. return math.PaddedBigBytes(priv.D, priv.Params().BitSize/8)
  109. }
  110. func ToECDSAPub(pub []byte) *ecdsa.PublicKey {
  111. if len(pub) == 0 {
  112. return nil
  113. }
  114. x, y := elliptic.Unmarshal(S256(), pub)
  115. return &ecdsa.PublicKey{Curve: S256(), X: x, Y: y}
  116. }
  117. func FromECDSAPub(pub *ecdsa.PublicKey) []byte {
  118. if pub == nil || pub.X == nil || pub.Y == nil {
  119. return nil
  120. }
  121. return elliptic.Marshal(S256(), pub.X, pub.Y)
  122. }
  123. // HexToECDSA parses a secp256k1 private key.
  124. func HexToECDSA(hexkey string) (*ecdsa.PrivateKey, error) {
  125. b, err := hex.DecodeString(hexkey)
  126. if err != nil {
  127. return nil, errors.New("invalid hex string")
  128. }
  129. return ToECDSA(b)
  130. }
  131. // LoadECDSA loads a secp256k1 private key from the given file.
  132. func LoadECDSA(file string) (*ecdsa.PrivateKey, error) {
  133. buf := make([]byte, 64)
  134. fd, err := os.Open(file)
  135. if err != nil {
  136. return nil, err
  137. }
  138. defer fd.Close()
  139. if _, err := io.ReadFull(fd, buf); err != nil {
  140. return nil, err
  141. }
  142. key, err := hex.DecodeString(string(buf))
  143. if err != nil {
  144. return nil, err
  145. }
  146. return ToECDSA(key)
  147. }
  148. // SaveECDSA saves a secp256k1 private key to the given file with
  149. // restrictive permissions. The key data is saved hex-encoded.
  150. func SaveECDSA(file string, key *ecdsa.PrivateKey) error {
  151. k := hex.EncodeToString(FromECDSA(key))
  152. return ioutil.WriteFile(file, []byte(k), 0600)
  153. }
  154. func GenerateKey() (*ecdsa.PrivateKey, error) {
  155. return ecdsa.GenerateKey(S256(), rand.Reader)
  156. }
  157. // ValidateSignatureValues verifies whether the signature values are valid with
  158. // the given chain rules. The v value is assumed to be either 0 or 1.
  159. func ValidateSignatureValues(v byte, r, s *big.Int, homestead bool) bool {
  160. if r.Cmp(common.Big1) < 0 || s.Cmp(common.Big1) < 0 {
  161. return false
  162. }
  163. // reject upper range of s values (ECDSA malleability)
  164. // see discussion in secp256k1/libsecp256k1/include/secp256k1.h
  165. if homestead && s.Cmp(secp256k1halfN) > 0 {
  166. return false
  167. }
  168. // Frontier: allow s to be in full N range
  169. return r.Cmp(secp256k1N) < 0 && s.Cmp(secp256k1N) < 0 && (v == 0 || v == 1)
  170. }
  171. func PubkeyToAddress(p ecdsa.PublicKey) common.Address {
  172. pubBytes := FromECDSAPub(&p)
  173. return common.BytesToAddress(Keccak256(pubBytes[1:])[12:])
  174. }
  175. func zeroBytes(bytes []byte) {
  176. for i := range bytes {
  177. bytes[i] = 0
  178. }
  179. }