This repository has been archived by the owner on Jul 30, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 21
/
ecdsa.go
128 lines (112 loc) · 3.54 KB
/
ecdsa.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
// Copyright (C) 2018 MediBloc
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>
package secp256k1
import (
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"encoding/hex"
"errors"
"fmt"
"math/big"
"github.com/medibloc/go-medibloc/util/math"
)
var (
secp256k1N, _ = new(big.Int).SetString("fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141", 16)
secp256k1Halfn = new(big.Int).Div(secp256k1N, big.NewInt(2))
)
// NewECDSAPrivateKey generate a ecdsa private key
func NewECDSAPrivateKey() *ecdsa.PrivateKey {
var priv *ecdsa.PrivateKey
for {
priv, _ = ecdsa.GenerateKey(S256(), rand.Reader)
if SeckeyVerify(FromECDSAPrivateKey(priv)) {
break
}
}
return priv
}
// FromECDSAPrivateKey exports a private key into a binary dump.
func FromECDSAPrivateKey(priv *ecdsa.PrivateKey) []byte {
if priv == nil {
return nil
}
return math.PaddedBigBytes(priv.D, priv.Params().BitSize/8)
}
// HexToECDSA gets a private key from hex string.
func HexToECDSA(hexkey string) (*ecdsa.PrivateKey, error) {
b, err := hex.DecodeString(hexkey)
if err != nil {
return nil, errors.New("invalid hex string")
}
return ToECDSAPrivateKey(b)
}
// ToECDSAPrivateKey gets a private key from bytes.
func ToECDSAPrivateKey(d []byte) (*ecdsa.PrivateKey, error) {
return toECDSAPrivateKey(d, true)
}
// ToECDSAPrivateKeyUnsafe is ToECDSAPrivateKey's unsafe function.
func ToECDSAPrivateKeyUnsafe(d []byte) *ecdsa.PrivateKey {
priv, _ := toECDSAPrivateKey(d, false)
return priv
}
func toECDSAPrivateKey(d []byte, strict bool) (*ecdsa.PrivateKey, error) {
priv := new(ecdsa.PrivateKey)
priv.PublicKey.Curve = S256()
if strict && 8*len(d) != priv.Params().BitSize {
return nil, fmt.Errorf("invalid length, need %d bits", priv.Params().BitSize)
}
priv.D = new(big.Int).SetBytes(d)
// The priv.D must < N
if priv.D.Cmp(secp256k1N) >= 0 {
return nil, fmt.Errorf("invalid private key, >=N")
}
// The priv.D must not be zero or negative.
if priv.D.Sign() <= 0 {
return nil, fmt.Errorf("invalid private key, zero or negative")
}
priv.PublicKey.X, priv.PublicKey.Y = priv.PublicKey.Curve.ScalarBaseMult(d)
if priv.PublicKey.X == nil {
return nil, errors.New("invalid private key")
}
return priv, nil
}
// FromECDSAPublicKey exports a public key into a binary dump.
func FromECDSAPublicKey(pub *ecdsa.PublicKey) ([]byte, error) {
if pub == nil || pub.X == nil || pub.Y == nil {
return nil, errors.New("invalid public key input")
}
return elliptic.Marshal(S256(), pub.X, pub.Y), nil
}
// ToECDSAPublicKey creates a public key with the given data value.
func ToECDSAPublicKey(pub []byte) (*ecdsa.PublicKey, error) {
if len(pub) == 0 {
return nil, errors.New("invalid public key")
}
x, y := elliptic.Unmarshal(S256(), pub)
return &ecdsa.PublicKey{Curve: S256(), X: x, Y: y}, nil
}
// zeroKey zeroes the private key
func zeroKey(k *ecdsa.PrivateKey) {
b := k.D.Bits()
for i := range b {
b[i] = 0
}
}
func zeroBytes(bytes []byte) {
for i := range bytes {
bytes[i] = 0
}
}