|
|
|
// Copyright 2014 The go-ethereum Authors
|
|
|
|
// This file is part of the go-ethereum library.
|
|
|
|
//
|
|
|
|
// The go-ethereum library is free software: you can redistribute it and/or modify
|
|
|
|
// it under the terms of the GNU Lesser General Public License as published by
|
|
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
|
|
// (at your option) any later version.
|
|
|
|
//
|
|
|
|
// The go-ethereum library is distributed in the hope that it will be useful,
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
// GNU Lesser General Public License for more details.
|
|
|
|
//
|
|
|
|
// You should have received a copy of the GNU Lesser General Public License
|
|
|
|
// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
|
|
|
package crypto
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/ecdsa"
|
|
|
|
"crypto/elliptic"
|
|
|
|
"crypto/rand"
|
|
|
|
"encoding/hex"
|
|
|
|
"errors"
|
|
|
|
"io"
|
|
|
|
"io/ioutil"
|
|
|
|
"math/big"
|
|
|
|
"os"
|
|
|
|
|
|
|
|
"github.com/ethereum/go-ethereum/common"
|
|
|
|
"github.com/ethereum/go-ethereum/crypto/sha3"
|
|
|
|
"github.com/ethereum/go-ethereum/rlp"
|
|
|
|
)
|
|
|
|
|
|
|
|
var (
|
|
|
|
secp256k1_N, _ = new(big.Int).SetString("fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141", 16)
|
|
|
|
secp256k1_halfN = new(big.Int).Div(secp256k1_N, big.NewInt(2))
|
|
|
|
)
|
|
|
|
|
|
|
|
func Keccak256(data ...[]byte) []byte {
|
|
|
|
d := sha3.NewKeccak256()
|
|
|
|
for _, b := range data {
|
|
|
|
d.Write(b)
|
|
|
|
}
|
|
|
|
return d.Sum(nil)
|
|
|
|
}
|
|
|
|
|
|
|
|
func Keccak256Hash(data ...[]byte) (h common.Hash) {
|
|
|
|
d := sha3.NewKeccak256()
|
|
|
|
for _, b := range data {
|
|
|
|
d.Write(b)
|
|
|
|
}
|
|
|
|
d.Sum(h[:0])
|
|
|
|
return h
|
|
|
|
}
|
|
|
|
|
|
|
|
// Deprecated: For backward compatibility as other packages depend on these
|
|
|
|
func Sha3Hash(data ...[]byte) common.Hash { return Keccak256Hash(data...) }
|
|
|
|
|
|
|
|
// Creates an ethereum address given the bytes and the nonce
|
|
|
|
func CreateAddress(b common.Address, nonce uint64) common.Address {
|
|
|
|
data, _ := rlp.EncodeToBytes([]interface{}{b, nonce})
|
|
|
|
return common.BytesToAddress(Keccak256(data)[12:])
|
|
|
|
}
|
|
|
|
|
|
|
|
// ToECDSA creates a private key with the given D value.
|
|
|
|
func ToECDSA(prv []byte) *ecdsa.PrivateKey {
|
|
|
|
if len(prv) == 0 {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
priv := new(ecdsa.PrivateKey)
|
|
|
|
priv.PublicKey.Curve = S256()
|
common: move big integer math to common/math (#3699)
* common: remove CurrencyToString
Move denomination values to params instead.
* common: delete dead code
* common: move big integer operations to common/math
This commit consolidates all big integer operations into common/math and
adds tests and documentation.
There should be no change in semantics for BigPow, BigMin, BigMax, S256,
U256, Exp and their behaviour is now locked in by tests.
The BigD, BytesToBig and Bytes2Big functions don't provide additional
value, all uses are replaced by new(big.Int).SetBytes().
BigToBytes is now called PaddedBigBytes, its minimum output size
parameter is now specified as the number of bytes instead of bits. The
single use of this function is in the EVM's MSTORE instruction.
Big and String2Big are replaced by ParseBig, which is slightly stricter.
It previously accepted leading zeros for hexadecimal inputs but treated
decimal inputs as octal if a leading zero digit was present.
ParseUint64 is used in places where String2Big was used to decode a
uint64.
The new functions MustParseBig and MustParseUint64 are now used in many
places where parsing errors were previously ignored.
* common: delete unused big integer variables
* accounts/abi: replace uses of BytesToBig with use of encoding/binary
* common: remove BytesToBig
* common: remove Bytes2Big
* common: remove BigTrue
* cmd/utils: add BigFlag and use it for error-checked integer flags
While here, remove environment variable processing for DirectoryFlag
because we don't use it.
* core: add missing error checks in genesis block parser
* common: remove String2Big
* cmd/evm: use utils.BigFlag
* common/math: check for 256 bit overflow in ParseBig
This is supposed to prevent silent overflow/truncation of values in the
genesis block JSON. Without this check, a genesis block that set a
balance larger than 256 bits would lead to weird behaviour in the VM.
* cmd/utils: fixup import
8 years ago
|
|
|
priv.D = new(big.Int).SetBytes(prv)
|
|
|
|
priv.PublicKey.X, priv.PublicKey.Y = priv.PublicKey.Curve.ScalarBaseMult(prv)
|
|
|
|
return priv
|
|
|
|
}
|
|
|
|
|
|
|
|
func FromECDSA(prv *ecdsa.PrivateKey) []byte {
|
|
|
|
if prv == nil {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
return prv.D.Bytes()
|
|
|
|
}
|
|
|
|
|
|
|
|
func ToECDSAPub(pub []byte) *ecdsa.PublicKey {
|
|
|
|
if len(pub) == 0 {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
x, y := elliptic.Unmarshal(S256(), pub)
|
|
|
|
return &ecdsa.PublicKey{Curve: S256(), X: x, Y: y}
|
|
|
|
}
|
|
|
|
|
|
|
|
func FromECDSAPub(pub *ecdsa.PublicKey) []byte {
|
|
|
|
if pub == nil || pub.X == nil || pub.Y == nil {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
return elliptic.Marshal(S256(), pub.X, pub.Y)
|
|
|
|
}
|
|
|
|
|
|
|
|
// HexToECDSA parses a secp256k1 private key.
|
|
|
|
func HexToECDSA(hexkey string) (*ecdsa.PrivateKey, error) {
|
|
|
|
b, err := hex.DecodeString(hexkey)
|
|
|
|
if err != nil {
|
|
|
|
return nil, errors.New("invalid hex string")
|
|
|
|
}
|
|
|
|
if len(b) != 32 {
|
|
|
|
return nil, errors.New("invalid length, need 256 bits")
|
|
|
|
}
|
|
|
|
return ToECDSA(b), nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// LoadECDSA loads a secp256k1 private key from the given file.
|
|
|
|
// The key data is expected to be hex-encoded.
|
|
|
|
func LoadECDSA(file string) (*ecdsa.PrivateKey, error) {
|
|
|
|
buf := make([]byte, 64)
|
|
|
|
fd, err := os.Open(file)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
defer fd.Close()
|
|
|
|
if _, err := io.ReadFull(fd, buf); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
key, err := hex.DecodeString(string(buf))
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return ToECDSA(key), nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// SaveECDSA saves a secp256k1 private key to the given file with
|
|
|
|
// restrictive permissions. The key data is saved hex-encoded.
|
|
|
|
func SaveECDSA(file string, key *ecdsa.PrivateKey) error {
|
|
|
|
k := hex.EncodeToString(FromECDSA(key))
|
|
|
|
return ioutil.WriteFile(file, []byte(k), 0600)
|
|
|
|
}
|
|
|
|
|
|
|
|
func GenerateKey() (*ecdsa.PrivateKey, error) {
|
|
|
|
return ecdsa.GenerateKey(S256(), rand.Reader)
|
|
|
|
}
|
|
|
|
|
|
|
|
// ValidateSignatureValues verifies whether the signature values are valid with
|
|
|
|
// the given chain rules. The v value is assumed to be either 0 or 1.
|
|
|
|
func ValidateSignatureValues(v byte, r, s *big.Int, homestead bool) bool {
|
|
|
|
if r.Cmp(common.Big1) < 0 || s.Cmp(common.Big1) < 0 {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
// reject upper range of s values (ECDSA malleability)
|
|
|
|
// see discussion in secp256k1/libsecp256k1/include/secp256k1.h
|
|
|
|
if homestead && s.Cmp(secp256k1_halfN) > 0 {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
// Frontier: allow s to be in full N range
|
|
|
|
return r.Cmp(secp256k1_N) < 0 && s.Cmp(secp256k1_N) < 0 && (v == 0 || v == 1)
|
|
|
|
}
|
|
|
|
|
|
|
|
func PubkeyToAddress(p ecdsa.PublicKey) common.Address {
|
|
|
|
pubBytes := FromECDSAPub(&p)
|
|
|
|
return common.BytesToAddress(Keccak256(pubBytes[1:])[12:])
|
|
|
|
}
|
|
|
|
|
|
|
|
func zeroBytes(bytes []byte) {
|
|
|
|
for i := range bytes {
|
|
|
|
bytes[i] = 0
|
|
|
|
}
|
|
|
|
}
|