2013-06-05 19:19:00 +00:00
|
|
|
#include <fc/crypto/elliptic.hpp>
|
2014-03-03 10:30:23 +00:00
|
|
|
|
|
|
|
|
#include <fc/crypto/base58.hpp>
|
|
|
|
|
#include <fc/crypto/openssl.hpp>
|
|
|
|
|
|
2013-06-05 19:19:00 +00:00
|
|
|
#include <fc/fwd_impl.hpp>
|
|
|
|
|
#include <fc/exception/exception.hpp>
|
|
|
|
|
#include <fc/log/logger.hpp>
|
2014-03-03 10:30:23 +00:00
|
|
|
|
2013-06-05 19:19:00 +00:00
|
|
|
#include <assert.h>
|
2015-03-07 13:48:45 +00:00
|
|
|
#include <secp256k1.h>
|
2013-06-05 19:19:00 +00:00
|
|
|
|
|
|
|
|
namespace fc { namespace ecc {
|
2014-12-12 00:16:02 +00:00
|
|
|
namespace detail
|
|
|
|
|
{
|
2015-03-07 13:48:45 +00:00
|
|
|
static void init_lib() {
|
|
|
|
|
static int init_s = 0;
|
|
|
|
|
static int init_o = init_openssl();
|
|
|
|
|
if (!init_s) {
|
|
|
|
|
secp256k1_start(SECP256K1_START_VERIFY | SECP256K1_START_SIGN);
|
|
|
|
|
init_s = 1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static public_key_data empty_key;
|
|
|
|
|
|
2013-06-05 19:19:00 +00:00
|
|
|
class public_key_impl
|
|
|
|
|
{
|
|
|
|
|
public:
|
|
|
|
|
public_key_impl()
|
|
|
|
|
{
|
2015-03-07 13:48:45 +00:00
|
|
|
init_lib();
|
2013-06-05 19:19:00 +00:00
|
|
|
}
|
2014-06-02 15:31:28 +00:00
|
|
|
|
2013-06-05 19:19:00 +00:00
|
|
|
public_key_impl( const public_key_impl& cpy )
|
|
|
|
|
{
|
2015-03-07 13:48:45 +00:00
|
|
|
_key = cpy._key;
|
2013-06-05 19:19:00 +00:00
|
|
|
}
|
2015-03-07 13:48:45 +00:00
|
|
|
public_key_data _key;
|
2013-06-05 19:19:00 +00:00
|
|
|
};
|
|
|
|
|
class private_key_impl
|
|
|
|
|
{
|
|
|
|
|
public:
|
|
|
|
|
private_key_impl()
|
|
|
|
|
{
|
2015-03-07 13:48:45 +00:00
|
|
|
init_lib();
|
2013-06-05 19:19:00 +00:00
|
|
|
}
|
|
|
|
|
private_key_impl( const private_key_impl& cpy )
|
|
|
|
|
{
|
2015-03-07 13:48:45 +00:00
|
|
|
_key = cpy._key;
|
2013-06-05 19:19:00 +00:00
|
|
|
}
|
2015-03-07 13:48:45 +00:00
|
|
|
private_key_secret _key;
|
2013-06-05 19:19:00 +00:00
|
|
|
};
|
|
|
|
|
}
|
2015-03-07 13:48:45 +00:00
|
|
|
// static void * ecies_key_derivation(const void *input, size_t ilen, void *output, size_t *olen)
|
|
|
|
|
// {
|
|
|
|
|
// if (*olen < SHA512_DIGEST_LENGTH) {
|
|
|
|
|
// return NULL;
|
|
|
|
|
// }
|
|
|
|
|
// *olen = SHA512_DIGEST_LENGTH;
|
|
|
|
|
// return (void*)SHA512((const unsigned char*)input, ilen, (unsigned char*)output);
|
|
|
|
|
// }
|
|
|
|
|
//
|
|
|
|
|
// // Perform ECDSA key recovery (see SEC1 4.1.6) for curves over (mod p)-fields
|
|
|
|
|
// // recid selects which key is recovered
|
|
|
|
|
// // if check is non-zero, additional checks are performed
|
|
|
|
|
// static int ECDSA_SIG_recover_key_GFp(EC_KEY *eckey, ECDSA_SIG *ecsig, const unsigned char *msg, int msglen, int recid, int check)
|
|
|
|
|
// {
|
|
|
|
|
// if (!eckey) FC_THROW_EXCEPTION( exception, "null key" );
|
|
|
|
|
//
|
|
|
|
|
// int ret = 0;
|
|
|
|
|
// BN_CTX *ctx = NULL;
|
|
|
|
|
//
|
|
|
|
|
// BIGNUM *x = NULL;
|
|
|
|
|
// BIGNUM *e = NULL;
|
|
|
|
|
// BIGNUM *order = NULL;
|
|
|
|
|
// BIGNUM *sor = NULL;
|
|
|
|
|
// BIGNUM *eor = NULL;
|
|
|
|
|
// BIGNUM *field = NULL;
|
|
|
|
|
// EC_POINT *R = NULL;
|
|
|
|
|
// EC_POINT *O = NULL;
|
|
|
|
|
// EC_POINT *Q = NULL;
|
|
|
|
|
// BIGNUM *rr = NULL;
|
|
|
|
|
// BIGNUM *zero = NULL;
|
|
|
|
|
// int n = 0;
|
|
|
|
|
// int i = recid / 2;
|
|
|
|
|
//
|
|
|
|
|
// const EC_GROUP *group = EC_KEY_get0_group(eckey);
|
|
|
|
|
// if ((ctx = BN_CTX_new()) == NULL) { ret = -1; goto err; }
|
|
|
|
|
// BN_CTX_start(ctx);
|
|
|
|
|
// order = BN_CTX_get(ctx);
|
|
|
|
|
// if (!EC_GROUP_get_order(group, order, ctx)) { ret = -2; goto err; }
|
|
|
|
|
// x = BN_CTX_get(ctx);
|
|
|
|
|
// if (!BN_copy(x, order)) { ret=-1; goto err; }
|
|
|
|
|
// if (!BN_mul_word(x, i)) { ret=-1; goto err; }
|
|
|
|
|
// if (!BN_add(x, x, ecsig->r)) { ret=-1; goto err; }
|
|
|
|
|
// field = BN_CTX_get(ctx);
|
|
|
|
|
// if (!EC_GROUP_get_curve_GFp(group, field, NULL, NULL, ctx)) { ret=-2; goto err; }
|
|
|
|
|
// if (BN_cmp(x, field) >= 0) { ret=0; goto err; }
|
|
|
|
|
// if ((R = EC_POINT_new(group)) == NULL) { ret = -2; goto err; }
|
|
|
|
|
// if (!EC_POINT_set_compressed_coordinates_GFp(group, R, x, recid % 2, ctx)) { ret=0; goto err; }
|
|
|
|
|
// if (check)
|
|
|
|
|
// {
|
|
|
|
|
// if ((O = EC_POINT_new(group)) == NULL) { ret = -2; goto err; }
|
|
|
|
|
// if (!EC_POINT_mul(group, O, NULL, R, order, ctx)) { ret=-2; goto err; }
|
|
|
|
|
// if (!EC_POINT_is_at_infinity(group, O)) { ret = 0; goto err; }
|
|
|
|
|
// }
|
|
|
|
|
// if ((Q = EC_POINT_new(group)) == NULL) { ret = -2; goto err; }
|
|
|
|
|
// n = EC_GROUP_get_degree(group);
|
|
|
|
|
// e = BN_CTX_get(ctx);
|
|
|
|
|
// if (!BN_bin2bn(msg, msglen, e)) { ret=-1; goto err; }
|
|
|
|
|
// if (8*msglen > n) BN_rshift(e, e, 8-(n & 7));
|
|
|
|
|
// zero = BN_CTX_get(ctx);
|
|
|
|
|
// if (!BN_zero(zero)) { ret=-1; goto err; }
|
|
|
|
|
// if (!BN_mod_sub(e, zero, e, order, ctx)) { ret=-1; goto err; }
|
|
|
|
|
// rr = BN_CTX_get(ctx);
|
|
|
|
|
// if (!BN_mod_inverse(rr, ecsig->r, order, ctx)) { ret=-1; goto err; }
|
|
|
|
|
// sor = BN_CTX_get(ctx);
|
|
|
|
|
// if (!BN_mod_mul(sor, ecsig->s, rr, order, ctx)) { ret=-1; goto err; }
|
|
|
|
|
// eor = BN_CTX_get(ctx);
|
|
|
|
|
// if (!BN_mod_mul(eor, e, rr, order, ctx)) { ret=-1; goto err; }
|
|
|
|
|
// if (!EC_POINT_mul(group, Q, eor, R, sor, ctx)) { ret=-2; goto err; }
|
|
|
|
|
// if (!EC_KEY_set_public_key(eckey, Q)) { ret=-2; goto err; }
|
|
|
|
|
//
|
|
|
|
|
// ret = 1;
|
|
|
|
|
//
|
|
|
|
|
// err:
|
|
|
|
|
// if (ctx) {
|
|
|
|
|
// BN_CTX_end(ctx);
|
|
|
|
|
// BN_CTX_free(ctx);
|
|
|
|
|
// }
|
|
|
|
|
// if (R != NULL) EC_POINT_free(R);
|
|
|
|
|
// if (O != NULL) EC_POINT_free(O);
|
|
|
|
|
// if (Q != NULL) EC_POINT_free(Q);
|
|
|
|
|
// return ret;
|
|
|
|
|
// }
|
|
|
|
|
//
|
|
|
|
|
//
|
|
|
|
|
// int static inline EC_KEY_regenerate_key(EC_KEY *eckey, const BIGNUM *priv_key)
|
|
|
|
|
// {
|
|
|
|
|
// int ok = 0;
|
|
|
|
|
// BN_CTX *ctx = NULL;
|
|
|
|
|
// EC_POINT *pub_key = NULL;
|
|
|
|
|
//
|
|
|
|
|
// if (!eckey) return 0;
|
|
|
|
|
//
|
|
|
|
|
// const EC_GROUP *group = EC_KEY_get0_group(eckey);
|
|
|
|
|
//
|
|
|
|
|
// if ((ctx = BN_CTX_new()) == NULL)
|
|
|
|
|
// goto err;
|
|
|
|
|
//
|
|
|
|
|
// pub_key = EC_POINT_new(group);
|
|
|
|
|
//
|
|
|
|
|
// if (pub_key == NULL)
|
|
|
|
|
// goto err;
|
|
|
|
|
//
|
|
|
|
|
// if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx))
|
|
|
|
|
// goto err;
|
|
|
|
|
//
|
|
|
|
|
// EC_KEY_set_private_key(eckey,priv_key);
|
|
|
|
|
// EC_KEY_set_public_key(eckey,pub_key);
|
|
|
|
|
//
|
|
|
|
|
// ok = 1;
|
|
|
|
|
//
|
|
|
|
|
// err:
|
|
|
|
|
//
|
|
|
|
|
// if (pub_key) EC_POINT_free(pub_key);
|
|
|
|
|
// if (ctx != NULL) BN_CTX_free(ctx);
|
|
|
|
|
//
|
|
|
|
|
// return(ok);
|
|
|
|
|
// }
|
|
|
|
|
|
|
|
|
|
public_key public_key::from_key_data( const public_key_data &data ) {
|
|
|
|
|
return public_key(data);
|
2013-06-05 19:19:00 +00:00
|
|
|
}
|
|
|
|
|
|
2015-03-07 13:48:45 +00:00
|
|
|
public_key public_key::mult( const fc::sha256& digest )const
|
2013-06-05 19:19:00 +00:00
|
|
|
{
|
2015-03-07 13:48:45 +00:00
|
|
|
public_key_data new_key;
|
|
|
|
|
memcpy( new_key.begin(), my->_key.begin(), new_key.size() );
|
|
|
|
|
FC_ASSERT( secp256k1_ec_pubkey_tweak_mul( (unsigned char*) new_key.begin(), new_key.size(), (unsigned char*) digest.data() ) );
|
|
|
|
|
return public_key( new_key );
|
2013-06-05 19:19:00 +00:00
|
|
|
}
|
2013-06-27 18:18:02 +00:00
|
|
|
|
2013-08-11 22:14:53 +00:00
|
|
|
bool public_key::valid()const
|
|
|
|
|
{
|
2015-03-07 13:48:45 +00:00
|
|
|
return my->_key != detail::empty_key;
|
2013-08-11 22:14:53 +00:00
|
|
|
}
|
2015-03-07 13:48:45 +00:00
|
|
|
|
2013-08-10 06:33:15 +00:00
|
|
|
public_key public_key::add( const fc::sha256& digest )const
|
|
|
|
|
{
|
2015-03-07 13:48:45 +00:00
|
|
|
public_key_data new_key;
|
|
|
|
|
memcpy( new_key.begin(), my->_key.begin(), new_key.size() );
|
|
|
|
|
FC_ASSERT( secp256k1_ec_pubkey_tweak_add( (unsigned char*) new_key.begin(), new_key.size(), (unsigned char*) digest.data() ) );
|
|
|
|
|
return public_key( new_key );
|
2013-08-10 06:33:15 +00:00
|
|
|
}
|
2013-06-27 18:18:02 +00:00
|
|
|
|
2014-03-03 10:30:23 +00:00
|
|
|
std::string public_key::to_base58() const
|
2014-03-27 23:53:40 +00:00
|
|
|
{
|
2015-03-07 13:48:45 +00:00
|
|
|
return to_base58( my->_key );
|
2014-03-27 23:53:40 +00:00
|
|
|
}
|
2014-03-03 10:30:23 +00:00
|
|
|
|
2013-06-05 19:19:00 +00:00
|
|
|
private_key::private_key()
|
|
|
|
|
{}
|
|
|
|
|
|
|
|
|
|
private_key private_key::regenerate( const fc::sha256& secret )
|
|
|
|
|
{
|
|
|
|
|
private_key self;
|
2015-03-07 13:48:45 +00:00
|
|
|
self.my->_key = secret;
|
2013-06-05 19:19:00 +00:00
|
|
|
return self;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fc::sha256 private_key::get_secret()const
|
|
|
|
|
{
|
2015-03-07 13:48:45 +00:00
|
|
|
return my->_key;
|
2013-06-05 19:19:00 +00:00
|
|
|
}
|
|
|
|
|
|
2015-03-07 13:48:45 +00:00
|
|
|
private_key::private_key( EC_KEY* k )
|
2013-06-05 19:19:00 +00:00
|
|
|
{
|
2015-03-07 13:48:45 +00:00
|
|
|
my->_key = get_secret( k );
|
2013-06-05 19:19:00 +00:00
|
|
|
EC_KEY_free(k);
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-07 00:37:04 +00:00
|
|
|
public_key_data public_key::serialize()const
|
2013-06-05 19:19:00 +00:00
|
|
|
{
|
2015-03-07 13:48:45 +00:00
|
|
|
return my->_key;
|
2013-06-05 19:19:00 +00:00
|
|
|
}
|
2013-12-10 03:25:59 +00:00
|
|
|
public_key_point_data public_key::serialize_ecc_point()const
|
|
|
|
|
{
|
|
|
|
|
public_key_point_data dat;
|
2015-03-07 13:48:45 +00:00
|
|
|
memcpy( dat.begin(), my->_key.begin(), my->_key.size() );
|
|
|
|
|
unsigned int pk_len = my->_key.size();
|
|
|
|
|
FC_ASSERT( secp256k1_ec_pubkey_decompress( (unsigned char *) dat.begin(), (int*) &pk_len ) );
|
|
|
|
|
FC_ASSERT( pk_len == dat.size() );
|
2013-12-10 03:25:59 +00:00
|
|
|
return dat;
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-05 19:19:00 +00:00
|
|
|
public_key::public_key()
|
|
|
|
|
{
|
|
|
|
|
}
|
2015-03-07 13:48:45 +00:00
|
|
|
|
2013-06-05 19:19:00 +00:00
|
|
|
public_key::~public_key()
|
|
|
|
|
{
|
|
|
|
|
}
|
2015-03-07 13:48:45 +00:00
|
|
|
|
|
|
|
|
// FIXME
|
2014-02-28 04:35:24 +00:00
|
|
|
public_key::public_key( const public_key_point_data& dat )
|
|
|
|
|
{
|
|
|
|
|
const char* front = &dat.data[0];
|
|
|
|
|
if( *front == 0 ){}
|
|
|
|
|
else
|
|
|
|
|
{
|
2015-03-07 13:48:45 +00:00
|
|
|
// my->_key = o2i_ECPublicKey( &my->_key, (const unsigned char**)&front, sizeof(dat) );
|
|
|
|
|
// if( !my->_key )
|
|
|
|
|
// {
|
|
|
|
|
// FC_THROW_EXCEPTION( exception, "error decoding public key", ("s", ERR_error_string( ERR_get_error(), nullptr) ) );
|
|
|
|
|
// }
|
2013-06-05 19:19:00 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-03-07 13:48:45 +00:00
|
|
|
public_key::public_key( const public_key_data& dat )
|
2013-06-05 19:19:00 +00:00
|
|
|
{
|
2015-03-07 13:48:45 +00:00
|
|
|
my->_key = dat;
|
2013-06-05 19:19:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public_key private_key::get_public_key()const
|
|
|
|
|
{
|
2014-12-12 00:16:02 +00:00
|
|
|
public_key pub;
|
2015-03-07 13:48:45 +00:00
|
|
|
unsigned int pk_len;
|
|
|
|
|
FC_ASSERT( secp256k1_ec_pubkey_create( (unsigned char*) pub.my->_key.begin(), (int*) &pk_len, (unsigned char*) my->_key.data(), 1 ) );
|
|
|
|
|
FC_ASSERT( pk_len == pub.my->_key.size() );
|
2013-06-05 19:19:00 +00:00
|
|
|
return pub;
|
|
|
|
|
}
|
|
|
|
|
|
2015-03-07 13:48:45 +00:00
|
|
|
// FIXME
|
2013-07-11 05:26:54 +00:00
|
|
|
fc::sha512 private_key::get_shared_secret( const public_key& other )const
|
2013-06-05 19:19:00 +00:00
|
|
|
{
|
2015-03-07 13:48:45 +00:00
|
|
|
// FC_ASSERT( my->_key != nullptr );
|
|
|
|
|
// FC_ASSERT( other.my->_key != nullptr );
|
2013-06-05 19:19:00 +00:00
|
|
|
fc::sha512 buf;
|
2015-03-07 13:48:45 +00:00
|
|
|
// ECDH_compute_key( (unsigned char*)&buf, sizeof(buf), EC_KEY_get0_public_key(other.my->_key), my->_key, ecies_key_derivation );
|
2013-06-05 19:19:00 +00:00
|
|
|
return buf;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private_key::~private_key()
|
|
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
|
2014-12-12 00:16:02 +00:00
|
|
|
public_key::public_key( const compact_signature& c, const fc::sha256& digest, bool check_canonical )
|
2013-06-05 19:19:00 +00:00
|
|
|
{
|
|
|
|
|
int nV = c.data[0];
|
|
|
|
|
if (nV<27 || nV>=35)
|
|
|
|
|
FC_THROW_EXCEPTION( exception, "unable to reconstruct public key from signature" );
|
|
|
|
|
|
2014-12-12 00:16:02 +00:00
|
|
|
if( check_canonical )
|
2014-12-11 06:43:37 +00:00
|
|
|
{
|
2015-03-07 13:48:45 +00:00
|
|
|
is_canonical( c );
|
2013-06-05 19:19:00 +00:00
|
|
|
}
|
|
|
|
|
|
2015-03-07 13:48:45 +00:00
|
|
|
unsigned int pk_len;
|
|
|
|
|
FC_ASSERT( secp256k1_ecdsa_recover_compact( (unsigned char*) digest.data(), (unsigned char*) c.begin() + 1, (unsigned char*) my->_key.begin(), (int*) &pk_len, 1, (*c.begin() - 27) & 3 ) );
|
|
|
|
|
FC_ASSERT( pk_len == my->_key.size() );
|
2013-06-05 19:19:00 +00:00
|
|
|
}
|
|
|
|
|
|
2013-06-27 18:18:02 +00:00
|
|
|
compact_signature private_key::sign_compact( const fc::sha256& digest )const
|
2013-06-05 19:19:00 +00:00
|
|
|
{
|
2015-03-07 13:48:45 +00:00
|
|
|
compact_signature result;
|
|
|
|
|
FC_ASSERT( secp256k1_ecdsa_sign_compact( (unsigned char*) digest.data(), (unsigned char*) result.begin(), (unsigned char*) my->_key.data(), NULL, NULL, NULL ));
|
|
|
|
|
return result;
|
2013-06-05 19:19:00 +00:00
|
|
|
}
|
|
|
|
|
|
2013-06-07 00:37:04 +00:00
|
|
|
private_key& private_key::operator=( private_key&& pk )
|
|
|
|
|
{
|
|
|
|
|
my->_key = pk.my->_key;
|
|
|
|
|
return *this;
|
|
|
|
|
}
|
|
|
|
|
public_key::public_key( const public_key& pk )
|
|
|
|
|
:my(pk.my)
|
|
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
public_key::public_key( public_key&& pk )
|
|
|
|
|
:my( fc::move( pk.my) )
|
|
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
private_key::private_key( const private_key& pk )
|
|
|
|
|
:my(pk.my)
|
|
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
private_key::private_key( private_key&& pk )
|
|
|
|
|
:my( fc::move( pk.my) )
|
|
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public_key& public_key::operator=( public_key&& pk )
|
|
|
|
|
{
|
|
|
|
|
my->_key = pk.my->_key;
|
|
|
|
|
return *this;
|
|
|
|
|
}
|
|
|
|
|
public_key& public_key::operator=( const public_key& pk )
|
|
|
|
|
{
|
2015-03-07 13:48:45 +00:00
|
|
|
my->_key = pk.my->_key;
|
2013-06-07 00:37:04 +00:00
|
|
|
return *this;
|
|
|
|
|
}
|
|
|
|
|
private_key& private_key::operator=( const private_key& pk )
|
|
|
|
|
{
|
2015-03-07 13:48:45 +00:00
|
|
|
my->_key = pk.my->_key;
|
2013-06-07 00:37:04 +00:00
|
|
|
return *this;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
