Peerplays_Blockchain/peerplays-fc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Much refactoring

Browse source 
Fixed Move semantics in openssl impl
Use in-place construction for secp256k1
Swapped implementations in mixed - sign with libsecp256k1, verify with openssl
This commit is contained in:
Peter Conrad 2015-03-13 18:47:31 +01:00
parent 10897adf1e
commit 05dee8669f
13 changed files with 863 additions and 800 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
CMakeLists.txt
View file

@ -38,8 +38,14 @@ LIST(APPEND BOOST_COMPONENTS thread date_time system filesystem program_options
SET( Boost_USE_STATIC_LIBS ON CACHE STRING "ON or OFF" )
IF( ECC_IMPL STREQUAL openssl )
SET( ECC_REST src/crypto/elliptic_impl_pub.cpp )
ELSE( ECC_IMPL STREQUAL openssl )
SET( ECC_LIB secp256k1 )
IF( ECC_IMPL STREQUAL mixed )
SET( ECC_REST src/crypto/elliptic_impl_priv.cpp src/crypto/elliptic_impl_pub.cpp )
ELSE( ECC_IMPL STREQUAL mixed )
SET( ECC_REST src/crypto/elliptic_impl_priv.cpp )
ENDIF( ECC_IMPL STREQUAL mixed )
ENDIF( ECC_IMPL STREQUAL openssl )
IF( WIN32 )
@ -156,6 +162,8 @@ set( fc_sources
src/crypto/sha512.cpp
src/crypto/dh.cpp
src/crypto/blowfish.cpp
src/crypto/elliptic_common.cpp
${ECC_REST}
src/crypto/elliptic_${ECC_IMPL}.cpp
src/crypto/rand.cpp
src/crypto/salsa20.cpp

4
include/fc/crypto/elliptic.hpp
View file

@ -72,7 +72,7 @@ namespace fc {
friend class private_key;
static public_key from_key_data( const public_key_data& v );
static bool is_canonical( const compact_signature& c );
fc::fwd<detail::public_key_impl,8> my;
fc::fwd<detail::public_key_impl,33> my;
};
/**
@ -132,7 +132,7 @@ namespace fc {
private:
private_key( EC_KEY* k );
static fc::sha256 get_secret( const EC_KEY * const k );
fc::fwd<detail::private_key_impl,8> my;
fc::fwd<detail::private_key_impl,32> my;
};
} // namespace ecc
void to_variant( const ecc::private_key& var, variant& vo );

107
src/crypto/_elliptic_impl.cpp
View file

@ -1,107 +0,0 @@
class public_key_impl
{
public:
public_key_impl() : _key(nullptr)
{
init_lib();
}
public_key_impl( const public_key_impl& cpy ) : _key(nullptr)
{
init_lib();
*this = cpy;
}
public_key_impl( public_key_impl&& cpy ) : _key(nullptr)
{
init_lib();
*this = cpy;
}
~public_key_impl()
{
free_key();
}
public_key_impl& operator=( const public_key_impl& pk )
{
if (pk._key == nullptr)
{
free_key();
} else if ( _key == nullptr ) {
_key = dup_key( pk._key );
} else {
copy_key( _key, pk._key );
}
return *this;
}
public_key_impl& operator=( public_key_impl&& pk )
{
free_key();
_key = pk._key;
pk._key = nullptr;
return *this;
}
pub_data_type* _key;
private:
void free_key();
pub_data_type* dup_key( const pub_data_type* cpy );
void copy_key( pub_data_type* to, const pub_data_type* from );
};
class private_key_impl
{
public:
private_key_impl() : _key(nullptr)
{
init_lib();
}
private_key_impl( const private_key_impl& cpy ) : _key(nullptr)
{
init_lib();
*this = cpy;
}
private_key_impl( private_key_impl&& cpy ) : _key(nullptr)
{
init_lib();
*this = cpy;
}
~private_key_impl()
{
free_key();
}
private_key_impl& operator=( const private_key_impl& pk )
{
if (pk._key == nullptr)
{
free_key();
} else if ( _key == nullptr ) {
_key = dup_key( pk._key );
} else {
copy_key( _key, pk._key );
}
return *this;
}
private_key_impl& operator=( private_key_impl&& pk )
{
free_key();
_key = pk._key;
pk._key = nullptr;
return *this;
}
priv_data_type* _key;
private:
void free_key();
priv_data_type* dup_key( const priv_data_type* cpy );
void copy_key( priv_data_type* to, const priv_data_type* from );
};

23
src/crypto/_elliptic_impl_priv.hpp Normal file
View file

@ -0,0 +1,23 @@
#pragma once
#include <fc/crypto/elliptic.hpp>
/* private_key_impl based on libsecp256k1
* used by mixed + secp256k1
*/
namespace fc { namespace ecc { namespace detail {
void _init_lib();
class private_key_impl
{
public:
private_key_impl() noexcept;
private_key_impl( const private_key_impl& cpy ) noexcept;
private_key_impl& operator=( const private_key_impl& pk ) noexcept;
private_key_secret _key;
};
}}}

32
src/crypto/_elliptic_impl_pub.hpp Normal file
View file

@ -0,0 +1,32 @@
#pragma once
#include <fc/crypto/elliptic.hpp>
/* public_key_impl implementation based on openssl
* used by mixed + openssl
*/
namespace fc { namespace ecc { namespace detail {
void _init_lib();
class public_key_impl
{
public:
public_key_impl() noexcept;
public_key_impl( const public_key_impl& cpy ) noexcept;
public_key_impl( public_key_impl&& cpy ) noexcept;
~public_key_impl() noexcept;
public_key_impl& operator=( const public_key_impl& pk ) noexcept;
public_key_impl& operator=( public_key_impl&& pk ) noexcept;
static int ECDSA_SIG_recover_key_GFp(EC_KEY *eckey, ECDSA_SIG *ecsig, const unsigned char *msg, int msglen, int recid, int check);
EC_KEY* _key = nullptr;
private:
void free_key() noexcept;
};
}}}

237
src/crypto/_elliptic_mixed_openssl.cpp
View file

@ -1,237 +0,0 @@
namespace detail
{
void private_key_impl::free_key()
{
if( _key != nullptr )
{
EC_KEY_free(_key);
_key = nullptr;
}
}
EC_KEY* private_key_impl::dup_key( const EC_KEY* cpy )
{
return EC_KEY_dup( cpy );
}
void private_key_impl::copy_key( EC_KEY* to, const EC_KEY* from )
{
EC_KEY_copy( to, from );
}
}
static void * ecies_key_derivation(const void *input, size_t ilen, void *output, size_t *olen)
{
if (*olen < SHA512_DIGEST_LENGTH) {
return NULL;
}
*olen = SHA512_DIGEST_LENGTH;
return (void*)SHA512((const unsigned char*)input, ilen, (unsigned char*)output);
}
// Perform ECDSA key recovery (see SEC1 4.1.6) for curves over (mod p)-fields
// recid selects which key is recovered
// if check is non-zero, additional checks are performed
static int ECDSA_SIG_recover_key_GFp(EC_KEY *eckey, ECDSA_SIG *ecsig, const unsigned char *msg, int msglen, int recid, int check)
{
if (!eckey) FC_THROW_EXCEPTION( exception, "null key" );
int ret = 0;
BN_CTX *ctx = NULL;
BIGNUM *x = NULL;
BIGNUM *e = NULL;
BIGNUM *order = NULL;
BIGNUM *sor = NULL;
BIGNUM *eor = NULL;
BIGNUM *field = NULL;
EC_POINT *R = NULL;
EC_POINT *O = NULL;
EC_POINT *Q = NULL;
BIGNUM *rr = NULL;
BIGNUM *zero = NULL;
int n = 0;
int i = recid / 2;
const EC_GROUP *group = EC_KEY_get0_group(eckey);
if ((ctx = BN_CTX_new()) == NULL) { ret = -1; goto err; }
BN_CTX_start(ctx);
order = BN_CTX_get(ctx);
if (!EC_GROUP_get_order(group, order, ctx)) { ret = -2; goto err; }
x = BN_CTX_get(ctx);
if (!BN_copy(x, order)) { ret=-1; goto err; }
if (!BN_mul_word(x, i)) { ret=-1; goto err; }
if (!BN_add(x, x, ecsig->r)) { ret=-1; goto err; }
field = BN_CTX_get(ctx);
if (!EC_GROUP_get_curve_GFp(group, field, NULL, NULL, ctx)) { ret=-2; goto err; }
if (BN_cmp(x, field) >= 0) { ret=0; goto err; }
if ((R = EC_POINT_new(group)) == NULL) { ret = -2; goto err; }
if (!EC_POINT_set_compressed_coordinates_GFp(group, R, x, recid % 2, ctx)) { ret=0; goto err; }
if (check)
{
if ((O = EC_POINT_new(group)) == NULL) { ret = -2; goto err; }
if (!EC_POINT_mul(group, O, NULL, R, order, ctx)) { ret=-2; goto err; }
if (!EC_POINT_is_at_infinity(group, O)) { ret = 0; goto err; }
}
if ((Q = EC_POINT_new(group)) == NULL) { ret = -2; goto err; }
n = EC_GROUP_get_degree(group);
e = BN_CTX_get(ctx);
if (!BN_bin2bn(msg, msglen, e)) { ret=-1; goto err; }
if (8*msglen > n) BN_rshift(e, e, 8-(n & 7));
zero = BN_CTX_get(ctx);
if (!BN_zero(zero)) { ret=-1; goto err; }
if (!BN_mod_sub(e, zero, e, order, ctx)) { ret=-1; goto err; }
rr = BN_CTX_get(ctx);
if (!BN_mod_inverse(rr, ecsig->r, order, ctx)) { ret=-1; goto err; }
sor = BN_CTX_get(ctx);
if (!BN_mod_mul(sor, ecsig->s, rr, order, ctx)) { ret=-1; goto err; }
eor = BN_CTX_get(ctx);
if (!BN_mod_mul(eor, e, rr, order, ctx)) { ret=-1; goto err; }
if (!EC_POINT_mul(group, Q, eor, R, sor, ctx)) { ret=-2; goto err; }
if (!EC_KEY_set_public_key(eckey, Q)) { ret=-2; goto err; }
ret = 1;
err:
if (ctx) {
BN_CTX_end(ctx);
BN_CTX_free(ctx);
}
if (R != NULL) EC_POINT_free(R);
if (O != NULL) EC_POINT_free(O);
if (Q != NULL) EC_POINT_free(Q);
return ret;
}
int static inline EC_KEY_regenerate_key(EC_KEY *eckey, const BIGNUM *priv_key)
{
int ok = 0;
BN_CTX *ctx = NULL;
EC_POINT *pub_key = NULL;
if (!eckey) return 0;
const EC_GROUP *group = EC_KEY_get0_group(eckey);
if ((ctx = BN_CTX_new()) == NULL)
goto err;
pub_key = EC_POINT_new(group);
if (pub_key == NULL)
goto err;
if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx))
goto err;
EC_KEY_set_private_key(eckey,priv_key);
EC_KEY_set_public_key(eckey,pub_key);
ok = 1;
err:
if (pub_key) EC_POINT_free(pub_key);
if (ctx != NULL) BN_CTX_free(ctx);
return(ok);
}
private_key private_key::regenerate( const fc::sha256& secret )
{
private_key self;
self.my->_key = EC_KEY_new_by_curve_name( NID_secp256k1 );
if( !self.my->_key ) FC_THROW_EXCEPTION( exception, "Unable to generate EC key" );
ssl_bignum bn;
BN_bin2bn( (const unsigned char*)&secret, 32, bn );
if( !EC_KEY_regenerate_key(self.my->_key,bn) )
{
FC_THROW_EXCEPTION( exception, "unable to regenerate key" );
}
return self;
}
fc::sha256 private_key::get_secret()const
{
return get_secret( my->_key );
}
private_key::private_key( EC_KEY* k )
{
my->_key = k;
}
compact_signature private_key::sign_compact( const fc::sha256& digest )const
{
try {
FC_ASSERT( my->_key != nullptr );
auto my_pub_key = get_public_key().serialize(); // just for good measure
//ECDSA_SIG *sig = ECDSA_do_sign((unsigned char*)&digest, sizeof(digest), my->_key);
public_key_data key_data;
while( true )
{
ecdsa_sig sig = ECDSA_do_sign((unsigned char*)&digest, sizeof(digest), my->_key);
if (sig==nullptr)
FC_THROW_EXCEPTION( exception, "Unable to sign" );
compact_signature csig;
// memset( csig.data, 0, sizeof(csig) );
int nBitsR = BN_num_bits(sig->r);
int nBitsS = BN_num_bits(sig->s);
if (nBitsR <= 256 && nBitsS <= 256)
{
int nRecId = -1;
EC_KEY* key = EC_KEY_new_by_curve_name( NID_secp256k1 );
FC_ASSERT( key );
EC_KEY_set_conv_form( key, POINT_CONVERSION_COMPRESSED );
for (int i=0; i<4; i++)
{
if (ECDSA_SIG_recover_key_GFp(key, sig, (unsigned char*)&digest, sizeof(digest), i, 1) == 1)
{
unsigned char* buffer = (unsigned char*) key_data.begin();
i2o_ECPublicKey( key, &buffer ); // FIXME: questionable memory handling
if ( key_data == my_pub_key )
{
nRecId = i;
break;
}
}
}
EC_KEY_free( key );
if (nRecId == -1)
{
FC_THROW_EXCEPTION( exception, "unable to construct recoverable key");
}
unsigned char* result = nullptr;
auto bytes = i2d_ECDSA_SIG( sig, &result );
auto lenR = result[3];
auto lenS = result[5+lenR];
//idump( (result[0])(result[1])(result[2])(result[3])(result[3+lenR])(result[4+lenR])(bytes)(lenR)(lenS) );
if( lenR != 32 ) { free(result); continue; }
if( lenS != 32 ) { free(result); continue; }
//idump( (33-(nBitsR+7)/8) );
//idump( (65-(nBitsS+7)/8) );
//idump( (sizeof(csig) ) );
memcpy( &csig.data[1], &result[4], lenR );
memcpy( &csig.data[33], &result[6+lenR], lenS );
//idump( (csig.data[33]) );
//idump( (csig.data[1]) );
free(result);
//idump( (nRecId) );
csig.data[0] = nRecId+27+4;//(fCompressedPubKey ? 4 : 0);
/*
idump( (csig) );
auto rlen = BN_bn2bin(sig->r,&csig.data[33-(nBitsR+7)/8]);
auto slen = BN_bn2bin(sig->s,&csig.data[65-(nBitsS+7)/8]);
idump( (rlen)(slen) );
*/
}
return csig;
} // while true
} FC_RETHROW_EXCEPTIONS( warn, "sign ${digest}", ("digest", digest)("private_key",*this) );
}

102
src/crypto/_elliptic_mixed_secp256k1.cpp
View file

@ -1,102 +0,0 @@
namespace detail
{
static int init_secp256k1() {
secp256k1_start(SECP256K1_START_VERIFY | SECP256K1_START_SIGN);
return 1;
}
static void init_lib() {
static int init_s = init_secp256k1();
static int init_o = init_openssl();
}
void public_key_impl::free_key()
{
if( _key != nullptr )
{
delete _key;
_key = nullptr;
}
}
public_key_data* public_key_impl::dup_key( const public_key_data* cpy )
{
return new public_key_data( *cpy );
}
void public_key_impl::copy_key( public_key_data* to, const public_key_data* from )
{
*to = *from;
}
}
public_key public_key::add( const fc::sha256& digest )const
{
FC_ASSERT( my->_key != nullptr );
public_key_data new_key;
memcpy( new_key.begin(), my->_key->begin(), new_key.size() );
FC_ASSERT( secp256k1_ec_pubkey_tweak_add( (unsigned char*) new_key.begin(), new_key.size(), (unsigned char*) digest.data() ) );
return public_key( new_key );
}
std::string public_key::to_base58() const
{
FC_ASSERT( my->_key != nullptr );
return to_base58( *my->_key );
}
public_key_data public_key::serialize()const
{
FC_ASSERT( my->_key != nullptr );
return *my->_key;
}
public_key_point_data public_key::serialize_ecc_point()const
{
FC_ASSERT( my->_key != nullptr );
public_key_point_data dat;
unsigned int pk_len = my->_key->size();
memcpy( dat.begin(), my->_key->begin(), pk_len );
FC_ASSERT( secp256k1_ec_pubkey_decompress( (unsigned char *) dat.begin(), (int*) &pk_len ) );
FC_ASSERT( pk_len == dat.size() );
return dat;
}
public_key::public_key( const public_key_point_data& dat )
{
const char* front = &dat.data[0];
if( *front == 0 ){}
else
{
EC_KEY *key = EC_KEY_new_by_curve_name( NID_secp256k1 );
key = o2i_ECPublicKey( &key, (const unsigned char**)&front, sizeof(dat) );
FC_ASSERT( key );
EC_KEY_set_conv_form( key, POINT_CONVERSION_COMPRESSED );
my->_key = new public_key_data();
unsigned char* buffer = (unsigned char*) my->_key->begin();
i2o_ECPublicKey( key, &buffer ); // FIXME: questionable memory handling
EC_KEY_free( key );
}
}
public_key::public_key( const public_key_data& dat )
{
my->_key = new public_key_data(dat);
}
public_key::public_key( const compact_signature& c, const fc::sha256& digest, bool check_canonical )
{
int nV = c.data[0];
if (nV<27 || nV>=35)
FC_THROW_EXCEPTION( exception, "unable to reconstruct public key from signature" );
if( check_canonical )
{
FC_ASSERT( is_canonical( c ), "signature is not canonical" );
}
my->_key = new public_key_data();
unsigned int pk_len;
FC_ASSERT( secp256k1_ecdsa_recover_compact( (unsigned char*) digest.data(), (unsigned char*) c.begin() + 1, (unsigned char*) my->_key->begin(), (int*) &pk_len, 1, (*c.begin() - 27) & 3 ) );
FC_ASSERT( pk_len == my->_key->size() );
}

49
src/crypto/_elliptic_common.cpp → src/crypto/elliptic_common.cpp
View file

@ -1,21 +1,14 @@
#include <fc/crypto/base58.hpp>
#include <fc/crypto/elliptic.hpp>
/* stuff common to all ecc implementations */
namespace fc { namespace ecc {
public_key::public_key() {}
public_key::~public_key() {}
public_key::public_key( const public_key& pk ) : my( pk.my ) {}
public_key::public_key( public_key&& pk ) : my( std::move(pk.my) ) {}
public_key public_key::from_key_data( const public_key_data &data ) {
return public_key(data);
}
bool public_key::valid()const
{
return my->_key != nullptr;
}
std::string public_key::to_base58( const public_key_data &key )
{
uint32_t check = (uint32_t)sha256::hash(key.data, sizeof(key))._hash[0];
@ -46,14 +39,6 @@ namespace fc { namespace ecc {
&& !(c.data[33] == 0 && !(c.data[34] & 0x80));
}
private_key::private_key() {}
private_key::~private_key() {}
private_key::private_key( const private_key& pk ) : my(pk.my) {}
private_key::private_key( private_key&& pk ) : my( std::move( pk.my) ) {}
private_key private_key::generate_from_seed( const fc::sha256& seed, const fc::sha256& offset )
{
ssl_bignum z;
@ -108,29 +93,6 @@ namespace fc { namespace ecc {
return private_key( k );
}
private_key& private_key::operator=( private_key&& pk )
{
my = std::move(pk.my);
return *this;
}
public_key& public_key::operator=( public_key&& pk )
{
my = std::move(pk.my);
return *this;
}
public_key& public_key::operator=( const public_key& pk )
{
my = pk.my;
return *this;
}
private_key& private_key::operator=( const private_key& pk )
{
my = pk.my;
return *this;
}
}
void to_variant( const ecc::private_key& var, variant& vo )
@ -156,4 +118,5 @@ void from_variant( const variant& var, ecc::public_key& vo )
from_variant( var, dat );
vo = ecc::public_key(dat);
}
}

102
src/crypto/elliptic_impl_priv.cpp Normal file
View file

@ -0,0 +1,102 @@
#include <fc/fwd_impl.hpp>
#include <secp256k1.h>
#include "_elliptic_impl_priv.hpp"
/* used by mixed + secp256k1 */
namespace fc { namespace ecc {
namespace detail {
private_key_impl::private_key_impl() noexcept
{
_init_lib();
}
private_key_impl::private_key_impl( const private_key_impl& cpy ) noexcept
{
_init_lib();
this->_key = cpy._key;
}
private_key_impl& private_key_impl::operator=( const private_key_impl& pk ) noexcept
{
_key = pk._key;
return *this;
}
}
static const private_key_secret empty_priv;
private_key::private_key() {}
private_key::private_key( const private_key& pk ) : my( pk.my ) {}
private_key::private_key( private_key&& pk ) : my( pk.my ) {}
private_key::~private_key() {}
private_key& private_key::operator=( private_key&& pk )
{
my = pk.my;
return *this;
}
private_key& private_key::operator=( const private_key& pk )
{
my = pk.my;
return *this;
}
private_key private_key::regenerate( const fc::sha256& secret )
{
private_key self;
self.my->_key = secret;
return self;
}
fc::sha256 private_key::get_secret()const
{
return my->_key;
}
private_key::private_key( EC_KEY* k )
{
my->_key = get_secret( k );
EC_KEY_free(k);
}
public_key private_key::get_public_key()const
{
FC_ASSERT( my->_key != empty_priv );
public_key_data pub;
unsigned int pk_len;
FC_ASSERT( secp256k1_ec_pubkey_create( (unsigned char*) pub.begin(), (int*) &pk_len, (unsigned char*) my->_key.data(), 1 ) );
FC_ASSERT( pk_len == pub.size() );
return public_key(pub);
}
static int extended_nonce_function( unsigned char *nonce32, const unsigned char *msg32,
const unsigned char *key32, unsigned int attempt,
const void *data ) {
unsigned int* extra = (unsigned int*) data;
(*extra)++;
return secp256k1_nonce_function_default( nonce32, msg32, key32, *extra, nullptr );
}
compact_signature private_key::sign_compact( const fc::sha256& digest )const
{
FC_ASSERT( my->_key != empty_priv );
compact_signature result;
int recid;
unsigned int counter = 0;
do
{
FC_ASSERT( secp256k1_ecdsa_sign_compact( (unsigned char*) digest.data(), (unsigned char*) result.begin() + 1, (unsigned char*) my->_key.data(), extended_nonce_function, &counter, &recid ));
} while( !public_key::is_canonical( result ) );
result.begin()[0] = 27 + 4 + recid;
return result;
}
}}

357
src/crypto/elliptic_impl_pub.cpp Normal file
View file

@ -0,0 +1,357 @@
#include <fc/fwd_impl.hpp>
#include "_elliptic_impl_pub.hpp"
/* used by mixed + openssl */
namespace fc { namespace ecc {
namespace detail {
public_key_impl::public_key_impl() noexcept
{
_init_lib();
}
public_key_impl::public_key_impl( const public_key_impl& cpy ) noexcept
{
_init_lib();
*this = cpy;
}
public_key_impl::public_key_impl( public_key_impl&& cpy ) noexcept
{
_init_lib();
*this = cpy;
}
public_key_impl::~public_key_impl() noexcept
{
free_key();
}
public_key_impl& public_key_impl::operator=( const public_key_impl& pk ) noexcept
{
if (pk._key == nullptr)
{
free_key();
} else if ( _key == nullptr ) {
_key = EC_KEY_dup( pk._key );
} else {
EC_KEY_copy( _key, pk._key );
}
return *this;
}
public_key_impl& public_key_impl::operator=( public_key_impl&& pk ) noexcept
{
if ( this != &pk ) {
free_key();
_key = pk._key;
pk._key = nullptr;
}
return *this;
}
void public_key_impl::free_key() noexcept
{
if( _key != nullptr )
{
EC_KEY_free(_key);
_key = nullptr;
}
}
// Perform ECDSA key recovery (see SEC1 4.1.6) for curves over (mod p)-fields
// recid selects which key is recovered
// if check is non-zero, additional checks are performed
int public_key_impl::ECDSA_SIG_recover_key_GFp(EC_KEY *eckey, ECDSA_SIG *ecsig,
const unsigned char *msg,
int msglen, int recid, int check)
{
if (!eckey) FC_THROW_EXCEPTION( exception, "null key" );
int ret = 0;
BN_CTX *ctx = NULL;
BIGNUM *x = NULL;
BIGNUM *e = NULL;
BIGNUM *order = NULL;
BIGNUM *sor = NULL;
BIGNUM *eor = NULL;
BIGNUM *field = NULL;
EC_POINT *R = NULL;
EC_POINT *O = NULL;
EC_POINT *Q = NULL;
BIGNUM *rr = NULL;
BIGNUM *zero = NULL;
int n = 0;
int i = recid / 2;
const EC_GROUP *group = EC_KEY_get0_group(eckey);
if ((ctx = BN_CTX_new()) == NULL) { ret = -1; goto err; }
BN_CTX_start(ctx);
order = BN_CTX_get(ctx);
if (!EC_GROUP_get_order(group, order, ctx)) { ret = -2; goto err; }
x = BN_CTX_get(ctx);
if (!BN_copy(x, order)) { ret=-1; goto err; }
if (!BN_mul_word(x, i)) { ret=-1; goto err; }
if (!BN_add(x, x, ecsig->r)) { ret=-1; goto err; }
field = BN_CTX_get(ctx);
if (!EC_GROUP_get_curve_GFp(group, field, NULL, NULL, ctx)) { ret=-2; goto err; }
if (BN_cmp(x, field) >= 0) { ret=0; goto err; }
if ((R = EC_POINT_new(group)) == NULL) { ret = -2; goto err; }
if (!EC_POINT_set_compressed_coordinates_GFp(group, R, x, recid % 2, ctx)) { ret=0; goto err; }
if (check)
{
if ((O = EC_POINT_new(group)) == NULL) { ret = -2; goto err; }
if (!EC_POINT_mul(group, O, NULL, R, order, ctx)) { ret=-2; goto err; }
if (!EC_POINT_is_at_infinity(group, O)) { ret = 0; goto err; }
}
if ((Q = EC_POINT_new(group)) == NULL) { ret = -2; goto err; }
n = EC_GROUP_get_degree(group);
e = BN_CTX_get(ctx);
if (!BN_bin2bn(msg, msglen, e)) { ret=-1; goto err; }
if (8*msglen > n) BN_rshift(e, e, 8-(n & 7));
zero = BN_CTX_get(ctx);
if (!BN_zero(zero)) { ret=-1; goto err; }
if (!BN_mod_sub(e, zero, e, order, ctx)) { ret=-1; goto err; }
rr = BN_CTX_get(ctx);
if (!BN_mod_inverse(rr, ecsig->r, order, ctx)) { ret=-1; goto err; }
sor = BN_CTX_get(ctx);
if (!BN_mod_mul(sor, ecsig->s, rr, order, ctx)) { ret=-1; goto err; }
eor = BN_CTX_get(ctx);
if (!BN_mod_mul(eor, e, rr, order, ctx)) { ret=-1; goto err; }
if (!EC_POINT_mul(group, Q, eor, R, sor, ctx)) { ret=-2; goto err; }
if (!EC_KEY_set_public_key(eckey, Q)) { ret=-2; goto err; }
ret = 1;
err:
if (ctx) {
BN_CTX_end(ctx);
BN_CTX_free(ctx);
}
if (R != NULL) EC_POINT_free(R);
if (O != NULL) EC_POINT_free(O);
if (Q != NULL) EC_POINT_free(Q);
return ret;
}
}
public_key::public_key() {}
public_key::public_key( const public_key& pk ) : my( pk.my ) {}
public_key::public_key( public_key&& pk ) : my( std::move( pk.my ) ) {}
public_key::~public_key() {}
public_key& public_key::operator=( public_key&& pk )
{
my = std::move(pk.my);
return *this;
}
public_key& public_key::operator=( const public_key& pk )
{
my = pk.my;
return *this;
}
bool public_key::valid()const
{
return my->_key != nullptr;
}
/* WARNING! This implementation is broken, it is actually equivalent to
* public_key::add()!
*/
// public_key public_key::mult( const fc::sha256& digest ) const
// {
// // get point from this public key
// const EC_POINT* master_pub = EC_KEY_get0_public_key( my->_key );
// ec_group group(EC_GROUP_new_by_curve_name(NID_secp256k1));
//
// ssl_bignum z;
// BN_bin2bn((unsigned char*)&digest, sizeof(digest), z);
//
// // multiply by digest
// ssl_bignum one;
// BN_one(one);
// bn_ctx ctx(BN_CTX_new());
//
// ec_point result(EC_POINT_new(group));
// EC_POINT_mul(group, result, z, master_pub, one, ctx);
//
// public_key rtn;
// rtn.my->_key = EC_KEY_new_by_curve_name( NID_secp256k1 );
// EC_KEY_set_public_key(rtn.my->_key,result);
//
// return rtn;
// }
public_key public_key::add( const fc::sha256& digest )const
{
try {
ec_group group(EC_GROUP_new_by_curve_name(NID_secp256k1));
bn_ctx ctx(BN_CTX_new());
fc::bigint digest_bi( (char*)&digest, sizeof(digest) );
ssl_bignum order;
EC_GROUP_get_order(group, order, ctx);
if( digest_bi > fc::bigint(order) )
{
FC_THROW_EXCEPTION( exception, "digest > group order" );
}
public_key digest_key = private_key::regenerate(digest).get_public_key();
const EC_POINT* digest_point = EC_KEY_get0_public_key( digest_key.my->_key );
// get point from this public key
const EC_POINT* master_pub = EC_KEY_get0_public_key( my->_key );
// ssl_bignum z;
// BN_bin2bn((unsigned char*)&digest, sizeof(digest), z);
// multiply by digest
// ssl_bignum one;
// BN_one(one);
ec_point result(EC_POINT_new(group));
EC_POINT_add(group, result, digest_point, master_pub, ctx);
if (EC_POINT_is_at_infinity(group, result))
{
FC_THROW_EXCEPTION( exception, "point at infinity" );
}
public_key rtn;
rtn.my->_key = EC_KEY_new_by_curve_name( NID_secp256k1 );
EC_KEY_set_public_key(rtn.my->_key,result);
return rtn;
} FC_RETHROW_EXCEPTIONS( debug, "digest: ${digest}", ("digest",digest) );
}
std::string public_key::to_base58() const
{
public_key_data key = serialize();
return to_base58( key );
}
// signature private_key::sign( const fc::sha256& digest )const
// {
// unsigned int buf_len = ECDSA_size(my->_key);
//// fprintf( stderr, "%d %d\n", buf_len, sizeof(sha256) );
// signature sig;
// assert( buf_len == sizeof(sig) );
//
// if( !ECDSA_sign( 0,
// (const unsigned char*)&digest, sizeof(digest),
// (unsigned char*)&sig, &buf_len, my->_key ) )
// {
// FC_THROW_EXCEPTION( exception, "signing error" );
// }
//
//
// return sig;
// }
// bool public_key::verify( const fc::sha256& digest, const fc::ecc::signature& sig )
// {
// return 1 == ECDSA_verify( 0, (unsigned char*)&digest, sizeof(digest), (unsigned char*)&sig, sizeof(sig), my->_key );
// }
public_key_data public_key::serialize()const
{
public_key_data dat;
if( !my->_key ) return dat;
EC_KEY_set_conv_form( my->_key, POINT_CONVERSION_COMPRESSED );
/*size_t nbytes = i2o_ECPublicKey( my->_key, nullptr ); */
/*assert( nbytes == 33 )*/
char* front = &dat.data[0];
i2o_ECPublicKey( my->_key, (unsigned char**)&front ); // FIXME: questionable memory handling
return dat;
/*
EC_POINT* pub = EC_KEY_get0_public_key( my->_key );
EC_GROUP* group = EC_KEY_get0_group( my->_key );
EC_POINT_get_affine_coordinates_GFp( group, pub, self.my->_pub_x.get(), self.my->_pub_y.get(), nullptr );
*/
}
public_key_point_data public_key::serialize_ecc_point()const
{
public_key_point_data dat;
if( !my->_key ) return dat;
EC_KEY_set_conv_form( my->_key, POINT_CONVERSION_UNCOMPRESSED );
char* front = &dat.data[0];
i2o_ECPublicKey( my->_key, (unsigned char**)&front ); // FIXME: questionable memory handling
return dat;
}
public_key::public_key( const public_key_point_data& dat )
{
const char* front = &dat.data[0];
if( *front == 0 ){}
else
{
my->_key = EC_KEY_new_by_curve_name( NID_secp256k1 );
my->_key = o2i_ECPublicKey( &my->_key, (const unsigned char**)&front, sizeof(dat) );
if( !my->_key )
{
FC_THROW_EXCEPTION( exception, "error decoding public key", ("s", ERR_error_string( ERR_get_error(), nullptr) ) );
}
}
}
public_key::public_key( const public_key_data& dat )
{
const char* front = &dat.data[0];
if( *front == 0 ){}
else
{
my->_key = EC_KEY_new_by_curve_name( NID_secp256k1 );
my->_key = o2i_ECPublicKey( &my->_key, (const unsigned char**)&front, sizeof(public_key_data) );
if( !my->_key )
{
FC_THROW_EXCEPTION( exception, "error decoding public key", ("s", ERR_error_string( ERR_get_error(), nullptr) ) );
}
}
}
// bool private_key::verify( const fc::sha256& digest, const fc::ecc::signature& sig )
// {
// return 1 == ECDSA_verify( 0, (unsigned char*)&digest, sizeof(digest), (unsigned char*)&sig, sizeof(sig), my->_key );
// }
public_key::public_key( const compact_signature& c, const fc::sha256& digest, bool check_canonical )
{
int nV = c.data[0];
if (nV<27 || nV>=35)
FC_THROW_EXCEPTION( exception, "unable to reconstruct public key from signature" );
ECDSA_SIG *sig = ECDSA_SIG_new();
BN_bin2bn(&c.data[1],32,sig->r);
BN_bin2bn(&c.data[33],32,sig->s);
if( check_canonical )
{
FC_ASSERT( is_canonical( c ), "signature is not canonical" );
}
my->_key = EC_KEY_new_by_curve_name(NID_secp256k1);
if (nV >= 31)
{
EC_KEY_set_conv_form( my->_key, POINT_CONVERSION_COMPRESSED );
nV -= 4;
// fprintf( stderr, "compressed\n" );
}
if (detail::public_key_impl::ECDSA_SIG_recover_key_GFp(my->_key, sig, (unsigned char*)&digest, sizeof(digest), nV - 27, 0) == 1)
{
ECDSA_SIG_free(sig);
return;
}
ECDSA_SIG_free(sig);
FC_THROW_EXCEPTION( exception, "unable to reconstruct public key from signature" );
}
}}

43
src/crypto/elliptic_mixed.cpp
View file

@ -10,42 +10,31 @@
#include <assert.h>
#include <secp256k1.h>
#include "_elliptic_impl_priv.hpp"
#include "_elliptic_impl_pub.hpp"
namespace fc { namespace ecc {
namespace detail
{
static void init_lib();
static int init_secp256k1() {
secp256k1_start(SECP256K1_START_VERIFY | SECP256K1_START_SIGN);
return 1;
}
typedef public_key_data pub_data_type;
typedef EC_KEY priv_data_type;
#include "_elliptic_impl.cpp"
}
#include "_elliptic_mixed_openssl.cpp"
public_key private_key::get_public_key()const
{
public_key_data data;
EC_KEY_set_conv_form( my->_key, POINT_CONVERSION_COMPRESSED );
unsigned char* buffer = (unsigned char*) data.begin();
i2o_ECPublicKey( my->_key, &buffer ); // FIXME: questionable memory handling
return public_key( data );
void _init_lib() {
static int init_s = init_secp256k1();
static int init_o = init_openssl();
}
}
static const private_key_secret empty_priv;
fc::sha512 private_key::get_shared_secret( const public_key& other )const
{
FC_ASSERT( my->_key != nullptr );
FC_ASSERT( my->_key != empty_priv );
FC_ASSERT( other.my->_key != nullptr );
fc::sha512 buf;
EC_KEY* key = EC_KEY_new_by_curve_name( NID_secp256k1 );
const unsigned char* buffer = (const unsigned char*) other.my->_key->begin();
o2i_ECPublicKey( &key, &buffer, sizeof(*other.my->_key) );
ECDH_compute_key( (unsigned char*)&buf, sizeof(buf), EC_KEY_get0_public_key(key), my->_key, ecies_key_derivation );
EC_KEY_free(key);
return buf;
public_key_data pub(other.serialize());
FC_ASSERT( secp256k1_ec_pubkey_tweak_mul( (unsigned char*) pub.begin(), pub.size(), (unsigned char*) my->_key.data() ) );
return fc::sha512::hash( pub.begin() + 1, pub.size() - 1 );
}
#include "_elliptic_mixed_secp256k1.cpp"
} }
#include "_elliptic_common.cpp"

413
src/crypto/elliptic_openssl.cpp
View file

@ -9,200 +9,165 @@
#include <assert.h>
#include "_elliptic_impl_pub.hpp"
namespace fc { namespace ecc {
namespace detail
{
static void init_lib()
{
static int init = init_openssl();
void _init_lib() {
static int init_o = init_openssl();
}
typedef EC_KEY pub_data_type;
typedef EC_KEY priv_data_type;
#include "_elliptic_impl.cpp"
void public_key_impl::free_key()
class private_key_impl
{
if( _key != nullptr )
{
EC_KEY_free(_key);
_key = nullptr;
}
}
public:
private_key_impl() noexcept
{
_init_lib();
}
EC_KEY* public_key_impl::dup_key( const EC_KEY* cpy )
private_key_impl( const private_key_impl& cpy ) noexcept
{
_init_lib();
*this = cpy;
}
private_key_impl( private_key_impl&& cpy ) noexcept
{
_init_lib();
*this = cpy;
}
~private_key_impl() noexcept
{
free_key();
}
private_key_impl& operator=( const private_key_impl& pk ) noexcept
{
if (pk._key == nullptr)
{
free_key();
} else if ( _key == nullptr ) {
_key = EC_KEY_dup( pk._key );
} else {
EC_KEY_copy( _key, pk._key );
}
return *this;
}
private_key_impl& operator=( private_key_impl&& pk ) noexcept
{
if ( this != &pk ) {
free_key();
_key = pk._key;
pk._key = nullptr;
}
return *this;
}
EC_KEY* _key = nullptr;
private:
void free_key() noexcept
{
if( _key != nullptr )
{
EC_KEY_free(_key);
_key = nullptr;
}
}
};
}
private_key::private_key() {}
private_key::private_key( const private_key& pk ) : my( pk.my ) {}
private_key::private_key( private_key&& pk ) : my( std::move( pk.my ) ) {}
private_key::~private_key() {}
private_key& private_key::operator=( private_key&& pk )
{
my = std::move(pk.my);
return *this;
}
private_key& private_key::operator=( const private_key& pk )
{
my = pk.my;
return *this;
}
static void * ecies_key_derivation(const void *input, size_t ilen, void *output, size_t *olen)
{
if (*olen < SHA512_DIGEST_LENGTH) {
return NULL;
}
*olen = SHA512_DIGEST_LENGTH;
return (void*)SHA512((const unsigned char*)input, ilen, (unsigned char*)output);
}
int static inline EC_KEY_regenerate_key(EC_KEY *eckey, const BIGNUM *priv_key)
{
int ok = 0;
BN_CTX *ctx = NULL;
EC_POINT *pub_key = NULL;
if (!eckey) return 0;
const EC_GROUP *group = EC_KEY_get0_group(eckey);
if ((ctx = BN_CTX_new()) == NULL)
goto err;
pub_key = EC_POINT_new(group);
if (pub_key == NULL)
goto err;
if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx))
goto err;
EC_KEY_set_private_key(eckey,priv_key);
EC_KEY_set_public_key(eckey,pub_key);
ok = 1;
err:
if (pub_key) EC_POINT_free(pub_key);
if (ctx != NULL) BN_CTX_free(ctx);
return(ok);
}
private_key private_key::regenerate( const fc::sha256& secret )
{
private_key self;
self.my->_key = EC_KEY_new_by_curve_name( NID_secp256k1 );
if( !self.my->_key ) FC_THROW_EXCEPTION( exception, "Unable to generate EC key" );
ssl_bignum bn;
BN_bin2bn( (const unsigned char*)&secret, 32, bn );
if( !EC_KEY_regenerate_key(self.my->_key,bn) )
{
return EC_KEY_dup( cpy );
}
void public_key_impl::copy_key( EC_KEY* to, const EC_KEY* from )
{
EC_KEY_copy( to, from );
FC_THROW_EXCEPTION( exception, "unable to regenerate key" );
}
return self;
}
#include "_elliptic_mixed_openssl.cpp"
/* WARNING! This implementation is broken, it is actually equivalent to
* public_key::add()!
*/
// public_key public_key::mult( const fc::sha256& digest ) const
// {
// // get point from this public key
// const EC_POINT* master_pub = EC_KEY_get0_public_key( my->_key );
// ec_group group(EC_GROUP_new_by_curve_name(NID_secp256k1));
//
// ssl_bignum z;
// BN_bin2bn((unsigned char*)&digest, sizeof(digest), z);
//
// // multiply by digest
// ssl_bignum one;
// BN_one(one);
// bn_ctx ctx(BN_CTX_new());
//
// ec_point result(EC_POINT_new(group));
// EC_POINT_mul(group, result, z, master_pub, one, ctx);
//
// public_key rtn;
// rtn.my->_key = EC_KEY_new_by_curve_name( NID_secp256k1 );
// EC_KEY_set_public_key(rtn.my->_key,result);
//
// return rtn;
// }
public_key public_key::add( const fc::sha256& digest )const
fc::sha256 private_key::get_secret()const
{
try {
ec_group group(EC_GROUP_new_by_curve_name(NID_secp256k1));
bn_ctx ctx(BN_CTX_new());
fc::bigint digest_bi( (char*)&digest, sizeof(digest) );
ssl_bignum order;
EC_GROUP_get_order(group, order, ctx);
if( digest_bi > fc::bigint(order) )
{
FC_THROW_EXCEPTION( exception, "digest > group order" );
}
public_key digest_key = private_key::regenerate(digest).get_public_key();
const EC_POINT* digest_point = EC_KEY_get0_public_key( digest_key.my->_key );
// get point from this public key
const EC_POINT* master_pub = EC_KEY_get0_public_key( my->_key );
// ssl_bignum z;
// BN_bin2bn((unsigned char*)&digest, sizeof(digest), z);
// multiply by digest
// ssl_bignum one;
// BN_one(one);
ec_point result(EC_POINT_new(group));
EC_POINT_add(group, result, digest_point, master_pub, ctx);
if (EC_POINT_is_at_infinity(group, result))
{
FC_THROW_EXCEPTION( exception, "point at infinity" );
}
public_key rtn;
rtn.my->_key = EC_KEY_new_by_curve_name( NID_secp256k1 );
EC_KEY_set_public_key(rtn.my->_key,result);
return rtn;
} FC_RETHROW_EXCEPTIONS( debug, "digest: ${digest}", ("digest",digest) );
return get_secret( my->_key );
}
std::string public_key::to_base58() const
private_key::private_key( EC_KEY* k )
{
public_key_data key = serialize();
return to_base58( key );
my->_key = k;
}
// signature private_key::sign( const fc::sha256& digest )const
// {
// unsigned int buf_len = ECDSA_size(my->_key);
//// fprintf( stderr, "%d %d\n", buf_len, sizeof(sha256) );
// signature sig;
// assert( buf_len == sizeof(sig) );
//
// if( !ECDSA_sign( 0,
// (const unsigned char*)&digest, sizeof(digest),
// (unsigned char*)&sig, &buf_len, my->_key ) )
// {
// FC_THROW_EXCEPTION( exception, "signing error" );
// }
//
//
// return sig;
// }
// bool public_key::verify( const fc::sha256& digest, const fc::ecc::signature& sig )
// {
// return 1 == ECDSA_verify( 0, (unsigned char*)&digest, sizeof(digest), (unsigned char*)&sig, sizeof(sig), my->_key );
// }
public_key_data public_key::serialize()const
{
public_key_data dat;
if( !my->_key ) return dat;
EC_KEY_set_conv_form( my->_key, POINT_CONVERSION_COMPRESSED );
/*size_t nbytes = i2o_ECPublicKey( my->_key, nullptr ); */
/*assert( nbytes == 33 )*/
char* front = &dat.data[0];
i2o_ECPublicKey( my->_key, (unsigned char**)&front ); // FIXME: questionable memory handling
return dat;
/*
EC_POINT* pub = EC_KEY_get0_public_key( my->_key );
EC_GROUP* group = EC_KEY_get0_group( my->_key );
EC_POINT_get_affine_coordinates_GFp( group, pub, self.my->_pub_x.get(), self.my->_pub_y.get(), nullptr );
*/
}
public_key_point_data public_key::serialize_ecc_point()const
{
public_key_point_data dat;
if( !my->_key ) return dat;
EC_KEY_set_conv_form( my->_key, POINT_CONVERSION_UNCOMPRESSED );
char* front = &dat.data[0];
i2o_ECPublicKey( my->_key, (unsigned char**)&front ); // FIXME: questionable memory handling
return dat;
}
public_key::public_key( const public_key_point_data& dat )
{
const char* front = &dat.data[0];
if( *front == 0 ){}
else
{
my->_key = EC_KEY_new_by_curve_name( NID_secp256k1 );
my->_key = o2i_ECPublicKey( &my->_key, (const unsigned char**)&front, sizeof(dat) );
if( !my->_key )
{
FC_THROW_EXCEPTION( exception, "error decoding public key", ("s", ERR_error_string( ERR_get_error(), nullptr) ) );
}
}
}
public_key::public_key( const public_key_data& dat )
{
const char* front = &dat.data[0];
if( *front == 0 ){}
else
{
my->_key = EC_KEY_new_by_curve_name( NID_secp256k1 );
my->_key = o2i_ECPublicKey( &my->_key, (const unsigned char**)&front, sizeof(public_key_data) );
if( !my->_key )
{
FC_THROW_EXCEPTION( exception, "error decoding public key", ("s", ERR_error_string( ERR_get_error(), nullptr) ) );
}
}
}
// bool private_key::verify( const fc::sha256& digest, const fc::ecc::signature& sig )
// {
// return 1 == ECDSA_verify( 0, (unsigned char*)&digest, sizeof(digest), (unsigned char*)&sig, sizeof(sig), my->_key );
// }
public_key private_key::get_public_key()const
{
public_key pub;
@ -221,38 +186,76 @@ namespace fc { namespace ecc {
return buf;
}
public_key::public_key( const compact_signature& c, const fc::sha256& digest, bool check_canonical )
compact_signature private_key::sign_compact( const fc::sha256& digest )const
{
int nV = c.data[0];
if (nV<27 || nV>=35)
FC_THROW_EXCEPTION( exception, "unable to reconstruct public key from signature" );
try {
FC_ASSERT( my->_key != nullptr );
auto my_pub_key = get_public_key().serialize(); // just for good measure
//ECDSA_SIG *sig = ECDSA_do_sign((unsigned char*)&digest, sizeof(digest), my->_key);
public_key_data key_data;
while( true )
{
ecdsa_sig sig = ECDSA_do_sign((unsigned char*)&digest, sizeof(digest), my->_key);
ECDSA_SIG *sig = ECDSA_SIG_new();
BN_bin2bn(&c.data[1],32,sig->r);
BN_bin2bn(&c.data[33],32,sig->s);
if (sig==nullptr)
FC_THROW_EXCEPTION( exception, "Unable to sign" );
if( check_canonical )
{
FC_ASSERT( is_canonical( c ), "signature is not canonical" );
}
compact_signature csig;
// memset( csig.data, 0, sizeof(csig) );
my->_key = EC_KEY_new_by_curve_name(NID_secp256k1);
int nBitsR = BN_num_bits(sig->r);
int nBitsS = BN_num_bits(sig->s);
if (nBitsR <= 256 && nBitsS <= 256)
{
int nRecId = -1;
EC_KEY* key = EC_KEY_new_by_curve_name( NID_secp256k1 );
FC_ASSERT( key );
EC_KEY_set_conv_form( key, POINT_CONVERSION_COMPRESSED );
for (int i=0; i<4; i++)
{
if (detail::public_key_impl::ECDSA_SIG_recover_key_GFp(key, sig, (unsigned char*)&digest, sizeof(digest), i, 1) == 1)
{
unsigned char* buffer = (unsigned char*) key_data.begin();
i2o_ECPublicKey( key, &buffer ); // FIXME: questionable memory handling
if ( key_data == my_pub_key )
{
nRecId = i;
break;
}
}
}
EC_KEY_free( key );
if (nV >= 31)
{
EC_KEY_set_conv_form( my->_key, POINT_CONVERSION_COMPRESSED );
nV -= 4;
// fprintf( stderr, "compressed\n" );
}
if (ECDSA_SIG_recover_key_GFp(my->_key, sig, (unsigned char*)&digest, sizeof(digest), nV - 27, 0) == 1)
{
ECDSA_SIG_free(sig);
return;
}
ECDSA_SIG_free(sig);
FC_THROW_EXCEPTION( exception, "unable to reconstruct public key from signature" );
if (nRecId == -1)
{
FC_THROW_EXCEPTION( exception, "unable to construct recoverable key");
}
unsigned char* result = nullptr;
auto bytes = i2d_ECDSA_SIG( sig, &result );
auto lenR = result[3];
auto lenS = result[5+lenR];
//idump( (result[0])(result[1])(result[2])(result[3])(result[3+lenR])(result[4+lenR])(bytes)(lenR)(lenS) );
if( lenR != 32 ) { free(result); continue; }
if( lenS != 32 ) { free(result); continue; }
//idump( (33-(nBitsR+7)/8) );
//idump( (65-(nBitsS+7)/8) );
//idump( (sizeof(csig) ) );
memcpy( &csig.data[1], &result[4], lenR );
memcpy( &csig.data[33], &result[6+lenR], lenS );
//idump( (csig.data[33]) );
//idump( (csig.data[1]) );
free(result);
//idump( (nRecId) );
csig.data[0] = nRecId+27+4;//(fCompressedPubKey ? 4 : 0);
/*
idump( (csig) );
auto rlen = BN_bn2bin(sig->r,&csig.data[33-(nBitsR+7)/8]);
auto slen = BN_bn2bin(sig->s,&csig.data[65-(nBitsS+7)/8]);
idump( (rlen)(slen) );
*/
}
return csig;
} // while true
} FC_RETHROW_EXCEPTIONS( warn, "sign ${digest}", ("digest", digest)("private_key",*this) );
}
} }
#include "_elliptic_common.cpp"

186
src/crypto/elliptic_secp256k1.cpp
View file

@ -10,102 +10,134 @@
#include <assert.h>
#include <secp256k1.h>
#include "_elliptic_impl_priv.hpp"
namespace fc { namespace ecc {
namespace detail
{
static void init_lib();
typedef public_key_data pub_data_type;
typedef private_key_secret priv_data_type;
#include "_elliptic_impl.cpp"
void private_key_impl::free_key()
{
if( _key != nullptr )
{
delete _key;
_key = nullptr;
}
static int init_secp256k1() {
secp256k1_start(SECP256K1_START_VERIFY | SECP256K1_START_SIGN);
return 1;
}
private_key_secret* private_key_impl::dup_key( const private_key_secret* cpy )
{
return new private_key_secret( *cpy );
void _init_lib() {
static int init_s = init_secp256k1();
static int init_o = init_openssl();
}
void private_key_impl::copy_key( private_key_secret* to, const private_key_secret* from )
class public_key_impl
{
*to = *from;
}
public:
public_key_impl() noexcept
{
_init_lib();
}
public_key_impl( const public_key_impl& cpy ) noexcept
: _key( cpy._key )
{
_init_lib();
}
public_key_data _key;
};
}
private_key private_key::regenerate( const fc::sha256& secret )
{
private_key self;
self.my->_key = new private_key_secret(secret);
return self;
}
fc::sha256 private_key::get_secret()const
{
if( !my->_key )
{
return fc::sha256();
}
return *my->_key;
}
private_key::private_key( EC_KEY* k )
{
my->_key = new private_key_secret( get_secret( k ) );
EC_KEY_free(k);
}
public_key private_key::get_public_key()const
{
FC_ASSERT( my->_key != nullptr );
public_key_data pub;
unsigned int pk_len;
FC_ASSERT( secp256k1_ec_pubkey_create( (unsigned char*) pub.begin(), (int*) &pk_len, (unsigned char*) my->_key->data(), 1 ) );
FC_ASSERT( pk_len == pub.size() );
return public_key(pub);
}
static const public_key_data empty_pub;
static const private_key_secret empty_priv;
fc::sha512 private_key::get_shared_secret( const public_key& other )const
{
FC_ASSERT( my->_key != nullptr );
FC_ASSERT( other.my->_key != nullptr );
public_key_data pub(*other.my->_key);
FC_ASSERT( secp256k1_ec_pubkey_tweak_mul( (unsigned char*) pub.begin(), pub.size(), (unsigned char*) my->_key->data() ) );
// ECDH_compute_key( (unsigned char*)&buf, sizeof(buf), EC_KEY_get0_public_key(other.my->_key), my->_key, ecies_key_derivation );
FC_ASSERT( my->_key != empty_priv );
FC_ASSERT( other.my->_key != empty_pub );
public_key_data pub(other.my->_key);
FC_ASSERT( secp256k1_ec_pubkey_tweak_mul( (unsigned char*) pub.begin(), pub.size(), (unsigned char*) my->_key.data() ) );
return fc::sha512::hash( pub.begin() + 1, pub.size() - 1 );
}
static int extended_nonce_function( unsigned char *nonce32, const unsigned char *msg32,
const unsigned char *key32, unsigned int attempt,
const void *data ) {
unsigned int* extra = (unsigned int*) data;
(*extra)++;
return secp256k1_nonce_function_default( nonce32, msg32, key32, *extra, nullptr );
}
compact_signature private_key::sign_compact( const fc::sha256& digest )const
public_key::~public_key() {}
public_key::public_key( public_key &&pk ) : my( std::move( pk.my ) ) {}
public_key& public_key::operator=( const public_key& pk )
{
FC_ASSERT( my->_key != nullptr );
compact_signature result;
int recid;
unsigned int counter = 0;
do
{
FC_ASSERT( secp256k1_ecdsa_sign_compact( (unsigned char*) digest.data(), (unsigned char*) result.begin() + 1, (unsigned char*) my->_key->data(), extended_nonce_function, &counter, &recid ));
} while( !public_key::is_canonical( result ) );
result.begin()[0] = 27 + 4 + recid;
return result;
my = pk.my;
return *this;
}
#include "_elliptic_mixed_secp256k1.cpp"
public_key& public_key::operator=( public_key&& pk )
{
my = pk.my;
return *this;
}
public_key public_key::add( const fc::sha256& digest )const
{
FC_ASSERT( my->_key != empty_pub );
public_key_data new_key;
memcpy( new_key.begin(), my->_key.begin(), new_key.size() );
FC_ASSERT( secp256k1_ec_pubkey_tweak_add( (unsigned char*) new_key.begin(), new_key.size(), (unsigned char*) digest.data() ) );
return public_key( new_key );
}
std::string public_key::to_base58() const
{
FC_ASSERT( my->_key != empty_pub );
return to_base58( my->_key );
}
public_key_data public_key::serialize()const
{
FC_ASSERT( my->_key != empty_pub );
return my->_key;
}
public_key_point_data public_key::serialize_ecc_point()const
{
FC_ASSERT( my->_key != empty_pub );
public_key_point_data dat;
unsigned int pk_len = my->_key.size();
memcpy( dat.begin(), my->_key.begin(), pk_len );
FC_ASSERT( secp256k1_ec_pubkey_decompress( (unsigned char *) dat.begin(), (int*) &pk_len ) );
FC_ASSERT( pk_len == dat.size() );
return dat;
}
public_key::public_key( const public_key_point_data& dat )
{
const char* front = &dat.data[0];
if( *front == 0 ){}
else
{
EC_KEY *key = EC_KEY_new_by_curve_name( NID_secp256k1 );
key = o2i_ECPublicKey( &key, (const unsigned char**)&front, sizeof(dat) );
FC_ASSERT( key );
EC_KEY_set_conv_form( key, POINT_CONVERSION_COMPRESSED );
unsigned char* buffer = (unsigned char*) my->_key.begin();
i2o_ECPublicKey( key, &buffer ); // FIXME: questionable memory handling
EC_KEY_free( key );
}
}
public_key::public_key( const public_key_data& dat )
{
my->_key = dat;
}
public_key::public_key( const compact_signature& c, const fc::sha256& digest, bool check_canonical )
{
int nV = c.data[0];
if (nV<27 || nV>=35)
FC_THROW_EXCEPTION( exception, "unable to reconstruct public key from signature" );
if( check_canonical )
{
FC_ASSERT( is_canonical( c ), "signature is not canonical" );
}
unsigned int pk_len;
FC_ASSERT( secp256k1_ecdsa_recover_compact( (unsigned char*) digest.data(), (unsigned char*) c.begin() + 1, (unsigned char*) my->_key.begin(), (int*) &pk_len, 1, (*c.begin() - 27) & 3 ) );
FC_ASSERT( pk_len == my->_key.size() );
}
} }
#include "_elliptic_common.cpp"