core/secp256k1: update libsecp256k1 Go wrapper and tests
This commit is contained in:
Gustav Simonsson
@ -19,7 +19,7 @@ package secp256k1
|
||||
// TODO: set USE_SCALAR_4X64 depending on platform?
|
||||
|
||||
/*
|
||||
#cgo CFLAGS: -I./secp256k1
|
||||
#cgo CFLAGS: -I./libsecp256k1
|
||||
#cgo darwin CFLAGS: -I/usr/local/include
|
||||
#cgo freebsd CFLAGS: -I/usr/local/include
|
||||
#cgo linux,arm CFLAGS: -I/usr/local/arm/include
|
||||
@ -33,7 +33,8 @@ package secp256k1
|
||||
#define USE_SCALAR_8X32
|
||||
#define USE_SCALAR_INV_BUILTIN
|
||||
#define NDEBUG
|
||||
#include "./secp256k1/src/secp256k1.c"
|
||||
#include "./libsecp256k1/src/secp256k1.c"
|
||||
#include "./libsecp256k1/src/modules/recovery/main_impl.h"
|
||||
*/
|
||||
import "C"
|
||||
|
||||
@ -48,48 +49,51 @@ import (
|
||||
//#define USE_FIELD_5X64
|
||||
|
||||
/*
|
||||
Todo:
|
||||
> Centralize key management in module
|
||||
> add pubkey/private key struct
|
||||
> Dont let keys leave module; address keys as ints
|
||||
|
||||
TODO:
|
||||
> store private keys in buffer and shuffle (deters persistance on swap disc)
|
||||
> Byte permutation (changing)
|
||||
> byte permutation (changing)
|
||||
> xor with chaning random block (to deter scanning memory for 0x63) (stream cipher?)
|
||||
|
||||
On Disk
|
||||
> Store keys in wallets
|
||||
> use slow key derivation function for wallet encryption key (2 seconds)
|
||||
> on disk: store keys in wallets
|
||||
*/
|
||||
|
||||
func init() {
|
||||
//takes 10ms to 100ms
|
||||
C.secp256k1_start(3) // SECP256K1_START_SIGN | SECP256K1_START_VERIFY
|
||||
}
|
||||
// holds ptr to secp256k1_context_struct (see secp256k1/include/secp256k1.h)
|
||||
var context *C.secp256k1_context
|
||||
|
||||
func Stop() {
|
||||
C.secp256k1_stop()
|
||||
func init() {
|
||||
// around 20 ms on a modern CPU.
|
||||
context = C.secp256k1_context_create(3) // SECP256K1_START_SIGN | SECP256K1_START_VERIFY
|
||||
}
|
||||
|
||||
func GenerateKeyPair() ([]byte, []byte) {
|
||||
|
||||
pubkey_len := C.int(65)
|
||||
const seckey_len = 32
|
||||
|
||||
var pubkey []byte = make([]byte, pubkey_len)
|
||||
var seckey []byte = randentropy.GetEntropyCSPRNG(seckey_len)
|
||||
|
||||
var pubkey_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&pubkey[0]))
|
||||
var seckey []byte = randentropy.GetEntropyCSPRNG(32)
|
||||
var seckey_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&seckey[0]))
|
||||
|
||||
var pubkey64 []byte = make([]byte, 64) // secp256k1_pubkey
|
||||
var pubkey65 []byte = make([]byte, 65) // 65 byte uncompressed pubkey
|
||||
pubkey64_ptr := (*C.secp256k1_pubkey)(unsafe.Pointer(&pubkey64[0]))
|
||||
pubkey65_ptr := (*C.uchar)(unsafe.Pointer(&pubkey65[0]))
|
||||
|
||||
ret := C.secp256k1_ec_pubkey_create(
|
||||
pubkey_ptr, &pubkey_len,
|
||||
seckey_ptr, 0)
|
||||
context,
|
||||
pubkey64_ptr,
|
||||
seckey_ptr,
|
||||
)
|
||||
|
||||
if ret != C.int(1) {
|
||||
return GenerateKeyPair() //invalid secret, try again
|
||||
return GenerateKeyPair() // invalid secret, try again
|
||||
}
|
||||
return pubkey, seckey
|
||||
|
||||
var output_len C.size_t
|
||||
|
||||
C.secp256k1_ec_pubkey_serialize( // always returns 1
|
||||
context,
|
||||
pubkey65_ptr,
|
||||
&output_len,
|
||||
pubkey64_ptr,
|
||||
0, // SECP256K1_EC_COMPRESSED
|
||||
)
|
||||
|
||||
return pubkey65, seckey
|
||||
}
|
||||
|
||||
func GeneratePubKey(seckey []byte) ([]byte, error) {
|
||||
@ -97,17 +101,16 @@ func GeneratePubKey(seckey []byte) ([]byte, error) {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
pubkey_len := C.int(65)
|
||||
const seckey_len = 32
|
||||
var pubkey []byte = make([]byte, 64)
|
||||
var pubkey_ptr *C.secp256k1_pubkey = (*C.secp256k1_pubkey)(unsafe.Pointer(&pubkey[0]))
|
||||
|
||||
var pubkey []byte = make([]byte, pubkey_len)
|
||||
|
||||
var pubkey_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&pubkey[0]))
|
||||
var seckey_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&seckey[0]))
|
||||
|
||||
ret := C.secp256k1_ec_pubkey_create(
|
||||
pubkey_ptr, &pubkey_len,
|
||||
seckey_ptr, 0)
|
||||
context,
|
||||
pubkey_ptr,
|
||||
seckey_ptr,
|
||||
)
|
||||
|
||||
if ret != C.int(1) {
|
||||
return nil, errors.New("Unable to generate pubkey from seckey")
|
||||
@ -117,38 +120,48 @@ func GeneratePubKey(seckey []byte) ([]byte, error) {
|
||||
}
|
||||
|
||||
func Sign(msg []byte, seckey []byte) ([]byte, error) {
|
||||
msg_ptr := (*C.uchar)(unsafe.Pointer(&msg[0]))
|
||||
seckey_ptr := (*C.uchar)(unsafe.Pointer(&seckey[0]))
|
||||
|
||||
sig := make([]byte, 65)
|
||||
sig_ptr := (*C.secp256k1_ecdsa_recoverable_signature)(unsafe.Pointer(&sig[0]))
|
||||
|
||||
nonce := randentropy.GetEntropyCSPRNG(32)
|
||||
ndata_ptr := unsafe.Pointer(&nonce[0])
|
||||
|
||||
var sig []byte = make([]byte, 65)
|
||||
var recid C.int
|
||||
noncefp_ptr := &(*C.secp256k1_nonce_function_default)
|
||||
|
||||
var msg_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&msg[0]))
|
||||
var sig_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&sig[0]))
|
||||
var seckey_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&seckey[0]))
|
||||
|
||||
var noncefp_ptr = &(*C.secp256k1_nonce_function_default)
|
||||
var ndata_ptr = unsafe.Pointer(&nonce[0])
|
||||
|
||||
if C.secp256k1_ec_seckey_verify(seckey_ptr) != C.int(1) {
|
||||
if C.secp256k1_ec_seckey_verify(context, seckey_ptr) != C.int(1) {
|
||||
return nil, errors.New("Invalid secret key")
|
||||
}
|
||||
|
||||
ret := C.secp256k1_ecdsa_sign_compact(
|
||||
msg_ptr,
|
||||
ret := C.secp256k1_ecdsa_sign_recoverable(
|
||||
context,
|
||||
sig_ptr,
|
||||
msg_ptr,
|
||||
seckey_ptr,
|
||||
noncefp_ptr,
|
||||
ndata_ptr,
|
||||
&recid)
|
||||
)
|
||||
|
||||
sig[64] = byte(int(recid))
|
||||
|
||||
if ret != C.int(1) {
|
||||
// nonce invalid, retry
|
||||
return Sign(msg, seckey)
|
||||
if ret == C.int(0) {
|
||||
return Sign(msg, seckey) //invalid secret, try again
|
||||
}
|
||||
|
||||
return sig, nil
|
||||
sig_serialized := make([]byte, 65)
|
||||
sig_serialized_ptr := (*C.uchar)(unsafe.Pointer(&sig_serialized[0]))
|
||||
var recid C.int
|
||||
|
||||
C.secp256k1_ecdsa_recoverable_signature_serialize_compact(
|
||||
context,
|
||||
sig_serialized_ptr, // 64 byte compact signature
|
||||
&recid,
|
||||
sig_ptr, // 65 byte "recoverable" signature
|
||||
)
|
||||
|
||||
sig_serialized[64] = byte(int(recid)) // add back recid to get 65 bytes sig
|
||||
|
||||
return sig_serialized, nil
|
||||
|
||||
}
|
||||
|
||||
@ -157,26 +170,13 @@ func VerifySeckeyValidity(seckey []byte) error {
|
||||
return errors.New("priv key is not 32 bytes")
|
||||
}
|
||||
var seckey_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&seckey[0]))
|
||||
ret := C.secp256k1_ec_seckey_verify(seckey_ptr)
|
||||
ret := C.secp256k1_ec_seckey_verify(context, seckey_ptr)
|
||||
if int(ret) != 1 {
|
||||
return errors.New("invalid seckey")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func VerifyPubkeyValidity(pubkey []byte) error {
|
||||
if len(pubkey) != 65 {
|
||||
return errors.New("pub key is not 65 bytes")
|
||||
}
|
||||
var pubkey_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&pubkey[0]))
|
||||
ret := C.secp256k1_ec_pubkey_verify(pubkey_ptr, 65)
|
||||
if int(ret) != 1 {
|
||||
return errors.New("invalid pubkey")
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func VerifySignatureValidity(sig []byte) bool {
|
||||
//64+1
|
||||
if len(sig) != 65 {
|
||||
@ -231,36 +231,58 @@ func VerifySignature(msg []byte, sig []byte, pubkey1 []byte) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
//recovers the public key from the signature
|
||||
//recovery of pubkey means correct signature
|
||||
// recovers a public key from the signature
|
||||
func RecoverPubkey(msg []byte, sig []byte) ([]byte, error) {
|
||||
if len(sig) != 65 {
|
||||
return nil, errors.New("Invalid signature length")
|
||||
}
|
||||
|
||||
var pubkey []byte = make([]byte, 65)
|
||||
msg_ptr := (*C.uchar)(unsafe.Pointer(&msg[0]))
|
||||
sig_ptr := (*C.uchar)(unsafe.Pointer(&sig[0]))
|
||||
|
||||
var msg_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&msg[0]))
|
||||
var sig_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&sig[0]))
|
||||
var pubkey_ptr *C.uchar = (*C.uchar)(unsafe.Pointer(&pubkey[0]))
|
||||
pubkey := make([]byte, 64)
|
||||
/*
|
||||
this slice is used for both the recoverable signature and the
|
||||
resulting serialized pubkey (both types in libsecp256k1 are 65
|
||||
bytes). this saves one allocation of 65 bytes, which is nice as
|
||||
pubkey recovery is one bottleneck during load in Ethereum
|
||||
*/
|
||||
bytes65 := make([]byte, 65)
|
||||
|
||||
var pubkeylen C.int
|
||||
pubkey_ptr := (*C.secp256k1_pubkey)(unsafe.Pointer(&pubkey[0]))
|
||||
recoverable_sig_ptr := (*C.secp256k1_ecdsa_recoverable_signature)(unsafe.Pointer(&bytes65[0]))
|
||||
|
||||
ret := C.secp256k1_ecdsa_recover_compact(
|
||||
msg_ptr,
|
||||
recid := C.int(sig[64])
|
||||
ret := C.secp256k1_ecdsa_recoverable_signature_parse_compact(
|
||||
context,
|
||||
recoverable_sig_ptr,
|
||||
sig_ptr,
|
||||
recid)
|
||||
|
||||
if ret == C.int(0) {
|
||||
return nil, errors.New("Failed to parse signature")
|
||||
}
|
||||
|
||||
ret = C.secp256k1_ecdsa_recover(
|
||||
context,
|
||||
pubkey_ptr,
|
||||
&pubkeylen,
|
||||
C.int(0),
|
||||
C.int(sig[64]),
|
||||
recoverable_sig_ptr,
|
||||
msg_ptr,
|
||||
)
|
||||
|
||||
if ret == C.int(0) {
|
||||
return nil, errors.New("Failed to recover public key")
|
||||
} else if pubkeylen != C.int(65) {
|
||||
return nil, errors.New("Impossible Error: Invalid recovered public key length")
|
||||
} else {
|
||||
return pubkey, nil
|
||||
serialized_pubkey_ptr := (*C.uchar)(unsafe.Pointer(&bytes65[0]))
|
||||
|
||||
var output_len C.size_t
|
||||
C.secp256k1_ec_pubkey_serialize( // always returns 1
|
||||
context,
|
||||
serialized_pubkey_ptr,
|
||||
&output_len,
|
||||
pubkey_ptr,
|
||||
0, // SECP256K1_EC_COMPRESSED
|
||||
)
|
||||
return bytes65, nil
|
||||
}
|
||||
return nil, errors.New("Impossible Error: func RecoverPubkey has reached an unreachable state")
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user