mirror of
https://github.com/ethereum/go-ethereum.git
synced 2026-07-18 02:40:45 +00:00
crypto: update to go version 1.22 (#28946)
This commit is contained in:
parent
97879c0ac5
commit
d0566e4165
5 changed files with 99 additions and 45 deletions
|
|
@ -51,6 +51,15 @@ var (
|
||||||
|
|
||||||
var errInvalidPubkey = errors.New("invalid secp256k1 public key")
|
var errInvalidPubkey = errors.New("invalid secp256k1 public key")
|
||||||
|
|
||||||
|
// EllipticCurve contains curve operations.
|
||||||
|
type EllipticCurve interface {
|
||||||
|
elliptic.Curve
|
||||||
|
|
||||||
|
// Point marshaling/unmarshaing.
|
||||||
|
Marshal(x, y *big.Int) []byte
|
||||||
|
Unmarshal(data []byte) (x, y *big.Int)
|
||||||
|
}
|
||||||
|
|
||||||
// KeccakState wraps sha3.state. In addition to the usual hash methods, it also supports
|
// KeccakState wraps sha3.state. In addition to the usual hash methods, it also supports
|
||||||
// Read to get a variable amount of data from the hash state. Read is faster than Sum
|
// Read to get a variable amount of data from the hash state. Read is faster than Sum
|
||||||
// because it doesn't copy the internal state, but also modifies the internal state.
|
// because it doesn't copy the internal state, but also modifies the internal state.
|
||||||
|
|
@ -148,7 +157,7 @@ func toECDSA(d []byte, strict bool) (*ecdsa.PrivateKey, error) {
|
||||||
return nil, errors.New("invalid private key, zero or negative")
|
return nil, errors.New("invalid private key, zero or negative")
|
||||||
}
|
}
|
||||||
|
|
||||||
priv.PublicKey.X, priv.PublicKey.Y = priv.PublicKey.Curve.ScalarBaseMult(d)
|
priv.PublicKey.X, priv.PublicKey.Y = S256().ScalarBaseMult(d)
|
||||||
if priv.PublicKey.X == nil {
|
if priv.PublicKey.X == nil {
|
||||||
return nil, errors.New("invalid private key")
|
return nil, errors.New("invalid private key")
|
||||||
}
|
}
|
||||||
|
|
@ -165,7 +174,7 @@ func FromECDSA(priv *ecdsa.PrivateKey) []byte {
|
||||||
|
|
||||||
// UnmarshalPubkey converts bytes to a secp256k1 public key.
|
// UnmarshalPubkey converts bytes to a secp256k1 public key.
|
||||||
func UnmarshalPubkey(pub []byte) (*ecdsa.PublicKey, error) {
|
func UnmarshalPubkey(pub []byte) (*ecdsa.PublicKey, error) {
|
||||||
x, y := elliptic.Unmarshal(S256(), pub)
|
x, y := S256().Unmarshal(pub)
|
||||||
if x == nil {
|
if x == nil {
|
||||||
return nil, errInvalidPubkey
|
return nil, errInvalidPubkey
|
||||||
}
|
}
|
||||||
|
|
@ -176,7 +185,7 @@ func FromECDSAPub(pub *ecdsa.PublicKey) []byte {
|
||||||
if pub == nil || pub.X == nil || pub.Y == nil {
|
if pub == nil || pub.X == nil || pub.Y == nil {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
return elliptic.Marshal(S256(), pub.X, pub.Y)
|
return S256().Marshal(pub.X, pub.Y)
|
||||||
}
|
}
|
||||||
|
|
||||||
// HexToECDSA parses a secp256k1 private key.
|
// HexToECDSA parses a secp256k1 private key.
|
||||||
|
|
|
||||||
|
|
@ -40,6 +40,8 @@ import (
|
||||||
"hash"
|
"hash"
|
||||||
"io"
|
"io"
|
||||||
"math/big"
|
"math/big"
|
||||||
|
|
||||||
|
"github.com/XinFinOrg/XDPoSChain/crypto"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
|
@ -95,15 +97,15 @@ func ImportECDSA(prv *ecdsa.PrivateKey) *PrivateKey {
|
||||||
// Generate an elliptic curve public / private keypair. If params is nil,
|
// Generate an elliptic curve public / private keypair. If params is nil,
|
||||||
// the recommended default parameters for the key will be chosen.
|
// the recommended default parameters for the key will be chosen.
|
||||||
func GenerateKey(rand io.Reader, curve elliptic.Curve, params *ECIESParams) (prv *PrivateKey, err error) {
|
func GenerateKey(rand io.Reader, curve elliptic.Curve, params *ECIESParams) (prv *PrivateKey, err error) {
|
||||||
pb, x, y, err := elliptic.GenerateKey(curve, rand)
|
sk, err := ecdsa.GenerateKey(curve, rand)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
prv = new(PrivateKey)
|
prv = new(PrivateKey)
|
||||||
prv.PublicKey.X = x
|
prv.PublicKey.X = sk.X
|
||||||
prv.PublicKey.Y = y
|
prv.PublicKey.Y = sk.Y
|
||||||
prv.PublicKey.Curve = curve
|
prv.PublicKey.Curve = curve
|
||||||
prv.D = new(big.Int).SetBytes(pb)
|
prv.D = new(big.Int).Set(sk.D)
|
||||||
if params == nil {
|
if params == nil {
|
||||||
params = ParamsFromCurve(curve)
|
params = ParamsFromCurve(curve)
|
||||||
}
|
}
|
||||||
|
|
@ -255,12 +257,15 @@ func Encrypt(rand io.Reader, pub *PublicKey, m, s1, s2 []byte) (ct []byte, err e
|
||||||
|
|
||||||
d := messageTag(params.Hash, Km, em, s2)
|
d := messageTag(params.Hash, Km, em, s2)
|
||||||
|
|
||||||
Rb := elliptic.Marshal(pub.Curve, R.PublicKey.X, R.PublicKey.Y)
|
if curve, ok := pub.Curve.(crypto.EllipticCurve); ok {
|
||||||
ct = make([]byte, len(Rb)+len(em)+len(d))
|
Rb := curve.Marshal(R.PublicKey.X, R.PublicKey.Y)
|
||||||
copy(ct, Rb)
|
ct = make([]byte, len(Rb)+len(em)+len(d))
|
||||||
copy(ct[len(Rb):], em)
|
copy(ct, Rb)
|
||||||
copy(ct[len(Rb)+len(em):], d)
|
copy(ct[len(Rb):], em)
|
||||||
return ct, nil
|
copy(ct[len(Rb)+len(em):], d)
|
||||||
|
return ct, nil
|
||||||
|
}
|
||||||
|
return nil, ErrInvalidCurve
|
||||||
}
|
}
|
||||||
|
|
||||||
// Decrypt decrypts an ECIES ciphertext.
|
// Decrypt decrypts an ECIES ciphertext.
|
||||||
|
|
@ -297,21 +302,24 @@ func (prv *PrivateKey) Decrypt(c, s1, s2 []byte) (m []byte, err error) {
|
||||||
|
|
||||||
R := new(PublicKey)
|
R := new(PublicKey)
|
||||||
R.Curve = prv.PublicKey.Curve
|
R.Curve = prv.PublicKey.Curve
|
||||||
R.X, R.Y = elliptic.Unmarshal(R.Curve, c[:rLen])
|
|
||||||
if R.X == nil {
|
|
||||||
return nil, ErrInvalidPublicKey
|
|
||||||
}
|
|
||||||
|
|
||||||
z, err := prv.GenerateShared(R, params.KeyLen, params.KeyLen)
|
if curve, ok := R.Curve.(crypto.EllipticCurve); ok {
|
||||||
if err != nil {
|
R.X, R.Y = curve.Unmarshal(c[:rLen])
|
||||||
return nil, err
|
if R.X == nil {
|
||||||
}
|
return nil, ErrInvalidPublicKey
|
||||||
Ke, Km := deriveKeys(hash, z, s1, params.KeyLen)
|
}
|
||||||
|
|
||||||
d := messageTag(params.Hash, Km, c[mStart:mEnd], s2)
|
z, err := prv.GenerateShared(R, params.KeyLen, params.KeyLen)
|
||||||
if subtle.ConstantTimeCompare(c[mEnd:], d) != 1 {
|
if err != nil {
|
||||||
return nil, ErrInvalidMessage
|
return nil, err
|
||||||
}
|
}
|
||||||
|
Ke, Km := deriveKeys(hash, z, s1, params.KeyLen)
|
||||||
|
|
||||||
return symDecrypt(params, Ke, c[mStart:mEnd])
|
d := messageTag(params.Hash, Km, c[mStart:mEnd], s2)
|
||||||
|
if subtle.ConstantTimeCompare(c[mEnd:], d) != 1 {
|
||||||
|
return nil, ErrInvalidMessage
|
||||||
|
}
|
||||||
|
return symDecrypt(params, Ke, c[mStart:mEnd])
|
||||||
|
}
|
||||||
|
return nil, ErrInvalidCurve
|
||||||
}
|
}
|
||||||
|
|
@ -10,7 +10,6 @@ package secp256k1
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"crypto/ecdsa"
|
"crypto/ecdsa"
|
||||||
"crypto/elliptic"
|
|
||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
"encoding/hex"
|
"encoding/hex"
|
||||||
"io"
|
"io"
|
||||||
|
|
@ -24,7 +23,7 @@ func generateKeyPair() (pubkey, privkey []byte) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
pubkey = elliptic.Marshal(S256(), key.X, key.Y)
|
pubkey = S256().Marshal(key.X, key.Y)
|
||||||
|
|
||||||
privkey = make([]byte, 32)
|
privkey = make([]byte, 32)
|
||||||
blob := key.D.Bytes()
|
blob := key.D.Bytes()
|
||||||
|
|
|
||||||
|
|
@ -21,7 +21,6 @@ package crypto
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/ecdsa"
|
"crypto/ecdsa"
|
||||||
"crypto/elliptic"
|
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
|
||||||
|
|
@ -40,9 +39,7 @@ func SigToPub(hash, sig []byte) (*ecdsa.PublicKey, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
return UnmarshalPubkey(s)
|
||||||
x, y := elliptic.Unmarshal(S256(), s)
|
|
||||||
return &ecdsa.PublicKey{Curve: S256(), X: x, Y: y}, nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Sign calculates an ECDSA signature.
|
// Sign calculates an ECDSA signature.
|
||||||
|
|
@ -84,6 +81,6 @@ func CompressPubkey(pubkey *ecdsa.PublicKey) []byte {
|
||||||
}
|
}
|
||||||
|
|
||||||
// S256 returns an instance of the secp256k1 curve.
|
// S256 returns an instance of the secp256k1 curve.
|
||||||
func S256() elliptic.Curve {
|
func S256() EllipticCurve {
|
||||||
return secp256k1.S256()
|
return secp256k1.S256()
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -21,9 +21,9 @@ package crypto
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/ecdsa"
|
"crypto/ecdsa"
|
||||||
"crypto/elliptic"
|
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"math/big"
|
||||||
|
|
||||||
"github.com/btcsuite/btcd/btcec/v2"
|
"github.com/btcsuite/btcd/btcec/v2"
|
||||||
btc_ecdsa "github.com/btcsuite/btcd/btcec/v2/ecdsa"
|
btc_ecdsa "github.com/btcsuite/btcd/btcec/v2/ecdsa"
|
||||||
|
|
@ -58,7 +58,13 @@ func SigToPub(hash, sig []byte) (*ecdsa.PublicKey, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
return pub.ToECDSA(), nil
|
// We need to explicitly set the curve here, because we're wrapping
|
||||||
|
// the original curve to add (un-)marshalling
|
||||||
|
return &ecdsa.PublicKey{
|
||||||
|
Curve: S256(),
|
||||||
|
X: pub.X(),
|
||||||
|
Y: pub.Y(),
|
||||||
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Sign calculates an ECDSA signature.
|
// Sign calculates an ECDSA signature.
|
||||||
|
|
@ -73,7 +79,7 @@ func Sign(hash []byte, prv *ecdsa.PrivateKey) ([]byte, error) {
|
||||||
if len(hash) != 32 {
|
if len(hash) != 32 {
|
||||||
return nil, fmt.Errorf("hash is required to be exactly 32 bytes (%d)", len(hash))
|
return nil, fmt.Errorf("hash is required to be exactly 32 bytes (%d)", len(hash))
|
||||||
}
|
}
|
||||||
if prv.Curve != btcec.S256() {
|
if prv.Curve != S256() {
|
||||||
return nil, errors.New("private key curve is not secp256k1")
|
return nil, errors.New("private key curve is not secp256k1")
|
||||||
}
|
}
|
||||||
// ecdsa.PrivateKey -> btcec.PrivateKey
|
// ecdsa.PrivateKey -> btcec.PrivateKey
|
||||||
|
|
@ -82,10 +88,7 @@ func Sign(hash []byte, prv *ecdsa.PrivateKey) ([]byte, error) {
|
||||||
return nil, errors.New("invalid private key")
|
return nil, errors.New("invalid private key")
|
||||||
}
|
}
|
||||||
defer priv.Zero()
|
defer priv.Zero()
|
||||||
sig, err := btc_ecdsa.SignCompact(&priv, hash, false) // ref uncompressed pubkey
|
sig := btc_ecdsa.SignCompact(&priv, hash, false) // ref uncompressed pubkey
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
// Convert to Ethereum signature format with 'recovery id' v at the end.
|
// Convert to Ethereum signature format with 'recovery id' v at the end.
|
||||||
v := sig[0] - 27
|
v := sig[0] - 27
|
||||||
copy(sig, sig[1:])
|
copy(sig, sig[1:])
|
||||||
|
|
@ -128,7 +131,13 @@ func DecompressPubkey(pubkey []byte) (*ecdsa.PublicKey, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
return key.ToECDSA(), nil
|
// We need to explicitly set the curve here, because we're wrapping
|
||||||
|
// the original curve to add (un-)marshalling
|
||||||
|
return &ecdsa.PublicKey{
|
||||||
|
Curve: S256(),
|
||||||
|
X: key.X(),
|
||||||
|
Y: key.Y(),
|
||||||
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// CompressPubkey encodes a public key to the 33-byte compressed format. The
|
// CompressPubkey encodes a public key to the 33-byte compressed format. The
|
||||||
|
|
@ -147,6 +156,38 @@ func CompressPubkey(pubkey *ecdsa.PublicKey) []byte {
|
||||||
}
|
}
|
||||||
|
|
||||||
// S256 returns an instance of the secp256k1 curve.
|
// S256 returns an instance of the secp256k1 curve.
|
||||||
func S256() elliptic.Curve {
|
func S256() EllipticCurve {
|
||||||
return btcec.S256()
|
return btCurve{btcec.S256()}
|
||||||
|
}
|
||||||
|
|
||||||
|
type btCurve struct {
|
||||||
|
*btcec.KoblitzCurve
|
||||||
|
}
|
||||||
|
|
||||||
|
// Marshall converts a point given as (x, y) into a byte slice.
|
||||||
|
func (curve btCurve) Marshal(x, y *big.Int) []byte {
|
||||||
|
byteLen := (curve.Params().BitSize + 7) / 8
|
||||||
|
|
||||||
|
ret := make([]byte, 1+2*byteLen)
|
||||||
|
ret[0] = 4 // uncompressed point
|
||||||
|
|
||||||
|
x.FillBytes(ret[1 : 1+byteLen])
|
||||||
|
y.FillBytes(ret[1+byteLen : 1+2*byteLen])
|
||||||
|
|
||||||
|
return ret
|
||||||
|
}
|
||||||
|
|
||||||
|
// Unmarshal converts a point, serialised by Marshal, into an x, y pair. On
|
||||||
|
// error, x = nil.
|
||||||
|
func (curve btCurve) Unmarshal(data []byte) (x, y *big.Int) {
|
||||||
|
byteLen := (curve.Params().BitSize + 7) / 8
|
||||||
|
if len(data) != 1+2*byteLen {
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
if data[0] != 4 { // uncompressed form
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
x = new(big.Int).SetBytes(data[1 : 1+byteLen])
|
||||||
|
y = new(big.Int).SetBytes(data[1+byteLen:])
|
||||||
|
return
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue