diff --git a/include/fc/crypto/elliptic.hpp b/include/fc/crypto/elliptic.hpp index 0cb99ca..7de417f 100644 --- a/include/fc/crypto/elliptic.hpp +++ b/include/fc/crypto/elliptic.hpp @@ -44,7 +44,10 @@ namespace fc { public_key( const compact_signature& c, const fc::sha256& digest, bool check_canonical = true ); bool valid()const; - public_key mult( const fc::sha256& offset )const; + /** Computes new pubkey = generator * offset + old pubkey ?! */ +// public_key mult( const fc::sha256& offset )const; + /** Computes new pubkey = regenerate(offset).pubkey + old pubkey + * = offset * G + 1 * old pubkey ?! */ public_key add( const fc::sha256& offset )const; public_key( public_key&& pk ); @@ -68,7 +71,7 @@ namespace fc { private: friend class private_key; static public_key from_key_data( const public_key_data& v ); - static void is_canonical( const compact_signature& c ); + static bool is_canonical( const compact_signature& c ); fc::fwd my; }; diff --git a/src/crypto/elliptic_common.cpp b/src/crypto/elliptic_common.cpp index e0c2659..66d19d7 100644 --- a/src/crypto/elliptic_common.cpp +++ b/src/crypto/elliptic_common.cpp @@ -33,11 +33,11 @@ namespace fc { namespace ecc { return from_key_data(key); } - void public_key::is_canonical( const compact_signature& c ) { - FC_ASSERT( !(c.data[1] & 0x80), "signature is not canonical" ); - FC_ASSERT( !(c.data[1] == 0 && !(c.data[2] & 0x80)), "signature is not canonical" ); - FC_ASSERT( !(c.data[33] & 0x80), "signature is not canonical" ); - FC_ASSERT( !(c.data[33] == 0 && !(c.data[34] & 0x80)), "signature is not canonical" ); + bool public_key::is_canonical( const compact_signature& c ) { + return !(c.data[1] & 0x80) + && !(c.data[1] == 0 && !(c.data[2] & 0x80)) + && !(c.data[33] & 0x80) + && !(c.data[33] == 0 && !(c.data[34] & 0x80)); } private_key private_key::generate_from_seed( const fc::sha256& seed, const fc::sha256& offset ) diff --git a/src/crypto/elliptic_openssl.cpp b/src/crypto/elliptic_openssl.cpp index e0a0d29..244372d 100644 --- a/src/crypto/elliptic_openssl.cpp +++ b/src/crypto/elliptic_openssl.cpp @@ -178,29 +178,32 @@ namespace fc { namespace ecc { return public_key(data); } - public_key public_key::mult( const fc::sha256& digest ) const - { - // get point from this public key - const EC_POINT* master_pub = EC_KEY_get0_public_key( my->_key ); - ec_group group(EC_GROUP_new_by_curve_name(NID_secp256k1)); - - ssl_bignum z; - BN_bin2bn((unsigned char*)&digest, sizeof(digest), z); - - // multiply by digest - ssl_bignum one; - BN_one(one); - bn_ctx ctx(BN_CTX_new()); - - ec_point result(EC_POINT_new(group)); - EC_POINT_mul(group, result, z, master_pub, one, ctx); - - public_key rtn; - rtn.my->_key = EC_KEY_new_by_curve_name( NID_secp256k1 ); - EC_KEY_set_public_key(rtn.my->_key,result); - - return rtn; - } + /* WARNING! This implementation is broken, it is actually equivalent to + * public_key::add()! + */ +// public_key public_key::mult( const fc::sha256& digest ) const +// { +// // get point from this public key +// const EC_POINT* master_pub = EC_KEY_get0_public_key( my->_key ); +// ec_group group(EC_GROUP_new_by_curve_name(NID_secp256k1)); +// +// ssl_bignum z; +// BN_bin2bn((unsigned char*)&digest, sizeof(digest), z); +// +// // multiply by digest +// ssl_bignum one; +// BN_one(one); +// bn_ctx ctx(BN_CTX_new()); +// +// ec_point result(EC_POINT_new(group)); +// EC_POINT_mul(group, result, z, master_pub, one, ctx); +// +// public_key rtn; +// rtn.my->_key = EC_KEY_new_by_curve_name( NID_secp256k1 ); +// EC_KEY_set_public_key(rtn.my->_key,result); +// +// return rtn; +// } bool public_key::valid()const { return my->_key != nullptr; @@ -227,12 +230,12 @@ namespace fc { namespace ecc { // get point from this public key const EC_POINT* master_pub = EC_KEY_get0_public_key( my->_key ); - ssl_bignum z; - BN_bin2bn((unsigned char*)&digest, sizeof(digest), z); +// ssl_bignum z; +// BN_bin2bn((unsigned char*)&digest, sizeof(digest), z); // multiply by digest - ssl_bignum one; - BN_one(one); +// ssl_bignum one; +// BN_one(one); ec_point result(EC_POINT_new(group)); EC_POINT_add(group, result, digest_point, master_pub, ctx); @@ -409,7 +412,7 @@ namespace fc { namespace ecc { if( check_canonical ) { - is_canonical( c ); + FC_ASSERT( is_canonical( c ), "signature is not canonical" ); } my->_key = EC_KEY_new_by_curve_name(NID_secp256k1); diff --git a/src/crypto/elliptic_secp256k1.cpp b/src/crypto/elliptic_secp256k1.cpp index a72eed6..1a5d8c5 100644 --- a/src/crypto/elliptic_secp256k1.cpp +++ b/src/crypto/elliptic_secp256k1.cpp @@ -27,29 +27,124 @@ namespace fc { namespace ecc { class public_key_impl { public: - public_key_impl() + public_key_impl() : _key(nullptr) { init_lib(); } public_key_impl( const public_key_impl& cpy ) { - _key = cpy._key; + init_lib(); + _key = nullptr; + *this = cpy; } - public_key_data _key; + + public_key_impl( public_key_impl&& cpy ) + { + init_lib(); + _key = nullptr; + *this = cpy; + } + + ~public_key_impl() + { + if( _key != nullptr ) + { + delete _key; + _key = nullptr; + } + } + + public_key_impl& operator=( const public_key_impl& pk ) + { + if (pk._key == nullptr) + { + if (_key != nullptr) + { + delete _key; + _key = nullptr; + } + } else if ( _key == nullptr ) { + _key = new public_key_data(*pk._key); + } else { + *_key = *pk._key; + } + return *this; + } + + public_key_impl& operator=( public_key_impl&& pk ) + { + if (_key != nullptr) + { + delete _key; + } + _key = pk._key; + pk._key = nullptr; + return *this; + } + + public_key_data *_key; }; class private_key_impl { public: - private_key_impl() + private_key_impl() : _key(nullptr) { init_lib(); } + private_key_impl( const private_key_impl& cpy ) { - _key = cpy._key; + init_lib(); + _key = nullptr; + *this = cpy; } - private_key_secret _key; + + private_key_impl( private_key_impl&& cpy ) + { + init_lib(); + _key = nullptr; + *this = cpy; + } + + ~private_key_impl() + { + if( _key != nullptr ) + { + delete _key; + _key = nullptr; + } + } + + private_key_impl& operator=( const private_key_impl& pk ) + { + if (pk._key == nullptr) + { + if (_key != nullptr) + { + delete _key; + _key = nullptr; + } + } else if ( _key == nullptr ) { + _key = new private_key_secret(*pk._key); + } else { + *_key = *pk._key; + } + return *this; + } + + private_key_impl& operator=( private_key_impl&& pk ) + { + if (_key != nullptr) + { + delete _key; + } + _key = pk._key; + pk._key = nullptr; + return *this; + } + + private_key_secret *_key; }; } // static void * ecies_key_derivation(const void *input, size_t ilen, void *output, size_t *olen) @@ -174,30 +269,33 @@ namespace fc { namespace ecc { return public_key(data); } - public_key public_key::mult( const fc::sha256& digest )const - { - public_key_data new_key; - memcpy( new_key.begin(), my->_key.begin(), new_key.size() ); - FC_ASSERT( secp256k1_ec_pubkey_tweak_mul( (unsigned char*) new_key.begin(), new_key.size(), (unsigned char*) digest.data() ) ); - return public_key( new_key ); - } +// public_key public_key::mult( const fc::sha256& digest )const +// { +// FC_ASSERT( my->_key != nullptr ); +// public_key_data new_key; +// memcpy( new_key.begin(), my->_key->begin(), new_key.size() ); +// FC_ASSERT( secp256k1_ec_pubkey_tweak_mul( (unsigned char*) new_key.begin(), new_key.size(), (unsigned char*) digest.data() ) ); +// return public_key( new_key ); +// } bool public_key::valid()const { - return my->_key != detail::empty_key; + return my->_key != nullptr; } public_key public_key::add( const fc::sha256& digest )const { + FC_ASSERT( my->_key != nullptr ); public_key_data new_key; - memcpy( new_key.begin(), my->_key.begin(), new_key.size() ); + memcpy( new_key.begin(), my->_key->begin(), new_key.size() ); FC_ASSERT( secp256k1_ec_pubkey_tweak_add( (unsigned char*) new_key.begin(), new_key.size(), (unsigned char*) digest.data() ) ); return public_key( new_key ); } std::string public_key::to_base58() const { - return to_base58( my->_key ); + FC_ASSERT( my->_key != nullptr ); + return to_base58( *my->_key ); } private_key::private_key() @@ -206,30 +304,33 @@ namespace fc { namespace ecc { private_key private_key::regenerate( const fc::sha256& secret ) { private_key self; - self.my->_key = secret; + self.my->_key = new private_key_secret(secret); return self; } fc::sha256 private_key::get_secret()const { - return my->_key; + FC_ASSERT( my->_key != nullptr ); + return *my->_key; } private_key::private_key( EC_KEY* k ) { - my->_key = get_secret( k ); + my->_key = new private_key_secret( get_secret( k ) ); EC_KEY_free(k); } public_key_data public_key::serialize()const { - return my->_key; + FC_ASSERT( my->_key != nullptr ); + return *my->_key; } public_key_point_data public_key::serialize_ecc_point()const { + FC_ASSERT( my->_key != nullptr ); public_key_point_data dat; - memcpy( dat.begin(), my->_key.begin(), my->_key.size() ); - unsigned int pk_len = my->_key.size(); + unsigned int pk_len = my->_key->size(); + memcpy( dat.begin(), my->_key->begin(), pk_len ); FC_ASSERT( secp256k1_ec_pubkey_decompress( (unsigned char *) dat.begin(), (int*) &pk_len ) ); FC_ASSERT( pk_len == dat.size() ); return dat; @@ -243,43 +344,44 @@ namespace fc { namespace ecc { { } - // FIXME public_key::public_key( const public_key_point_data& dat ) { const char* front = &dat.data[0]; if( *front == 0 ){} else { -// my->_key = o2i_ECPublicKey( &my->_key, (const unsigned char**)&front, sizeof(dat) ); -// if( !my->_key ) -// { -// FC_THROW_EXCEPTION( exception, "error decoding public key", ("s", ERR_error_string( ERR_get_error(), nullptr) ) ); -// } + EC_KEY *key = o2i_ECPublicKey( nullptr, (const unsigned char**)&front, sizeof(dat) ); + FC_ASSERT( key ); + EC_KEY_set_conv_form( key, POINT_CONVERSION_COMPRESSED ); + my->_key = new public_key_data(); + i2o_ECPublicKey( key, (unsigned char**)&my->_key->data ); + EC_KEY_free( key ); } } public_key::public_key( const public_key_data& dat ) { - my->_key = dat; + my->_key = new public_key_data(dat); } public_key private_key::get_public_key()const { - public_key pub; + FC_ASSERT( my->_key != nullptr ); + public_key_data pub; unsigned int pk_len; - FC_ASSERT( secp256k1_ec_pubkey_create( (unsigned char*) pub.my->_key.begin(), (int*) &pk_len, (unsigned char*) my->_key.data(), 1 ) ); - FC_ASSERT( pk_len == pub.my->_key.size() ); - return pub; + FC_ASSERT( secp256k1_ec_pubkey_create( (unsigned char*) pub.begin(), (int*) &pk_len, (unsigned char*) my->_key->data(), 1 ) ); + FC_ASSERT( pk_len == pub.size() ); + return public_key(pub); } - // FIXME fc::sha512 private_key::get_shared_secret( const public_key& other )const { -// FC_ASSERT( my->_key != nullptr ); -// FC_ASSERT( other.my->_key != nullptr ); - fc::sha512 buf; + FC_ASSERT( my->_key != nullptr ); + FC_ASSERT( other.my->_key != nullptr ); + public_key_data pub(*other.my->_key); + FC_ASSERT( secp256k1_ec_pubkey_tweak_mul( (unsigned char*) pub.begin(), pub.size(), (unsigned char*) my->_key->data() ) ); // ECDH_compute_key( (unsigned char*)&buf, sizeof(buf), EC_KEY_get0_public_key(other.my->_key), my->_key, ecies_key_derivation ); - return buf; + return fc::sha512::hash( pub.begin() + 1, pub.size() - 1 ); } private_key::~private_key() @@ -294,24 +396,31 @@ namespace fc { namespace ecc { if( check_canonical ) { - is_canonical( c ); + FC_ASSERT( is_canonical( c ), "signature is not canonical" ); } + my->_key = new public_key_data(); unsigned int pk_len; - FC_ASSERT( secp256k1_ecdsa_recover_compact( (unsigned char*) digest.data(), (unsigned char*) c.begin() + 1, (unsigned char*) my->_key.begin(), (int*) &pk_len, 1, (*c.begin() - 27) & 3 ) ); - FC_ASSERT( pk_len == my->_key.size() ); + FC_ASSERT( secp256k1_ecdsa_recover_compact( (unsigned char*) digest.data(), (unsigned char*) c.begin() + 1, (unsigned char*) my->_key->begin(), (int*) &pk_len, 1, (*c.begin() - 27) & 3 ) ); + FC_ASSERT( pk_len == my->_key->size() ); } compact_signature private_key::sign_compact( const fc::sha256& digest )const { + FC_ASSERT( my->_key != nullptr ); compact_signature result; - FC_ASSERT( secp256k1_ecdsa_sign_compact( (unsigned char*) digest.data(), (unsigned char*) result.begin(), (unsigned char*) my->_key.data(), NULL, NULL, NULL )); + int recid; + do + { + FC_ASSERT( secp256k1_ecdsa_sign_compact( (unsigned char*) digest.data(), (unsigned char*) result.begin() + 1, (unsigned char*) my->_key->data(), NULL, NULL, &recid )); + } while( !public_key::is_canonical( result ) ); + result.begin()[0] = 27 + 4 + recid; return result; } - private_key& private_key::operator=( private_key&& pk ) + private_key& private_key::operator=( private_key&& pk ) { - my->_key = pk.my->_key; + my = std::move(pk.my); return *this; } public_key::public_key( const public_key& pk ) @@ -319,7 +428,7 @@ namespace fc { namespace ecc { { } public_key::public_key( public_key&& pk ) - :my( fc::move( pk.my) ) + :my( std::move(pk.my) ) { } private_key::private_key( const private_key& pk ) @@ -327,23 +436,23 @@ namespace fc { namespace ecc { { } private_key::private_key( private_key&& pk ) - :my( fc::move( pk.my) ) + :my( std::move( pk.my) ) { } public_key& public_key::operator=( public_key&& pk ) { - my->_key = pk.my->_key; + my = std::move(pk.my); return *this; } public_key& public_key::operator=( const public_key& pk ) { - my->_key = pk.my->_key; + my = pk.my; return *this; } private_key& private_key::operator=( const private_key& pk ) { - my->_key = pk.my->_key; + my = pk.my; return *this; } } diff --git a/tests/ecc_test.cpp b/tests/ecc_test.cpp index 99c728f..5492d61 100644 --- a/tests/ecc_test.cpp +++ b/tests/ecc_test.cpp @@ -34,9 +34,13 @@ static void interop_do(const fc::ecc::public_key_point_data &data) { interop_do(data.begin(), data.size()); } -//static void interop_do(const fc::ecc::signature &data) { -// interop_do(data.begin(), data.size()); -//} +static void interop_do(const std::string &data) { + interop_do(data.c_str(), data.length()); +} + +static void interop_do(const fc::sha512 &data) { + interop_do(data.data(), 64); +} static void interop_do(fc::ecc::compact_signature &data) { if (write_mode) { @@ -79,12 +83,20 @@ int main( int argc, char** argv ) pass += "1"; fc::sha256 h2 = fc::sha256::hash( pass.c_str(), pass.size() ); - fc::ecc::public_key pub1 = pub.mult( h2 ); + fc::ecc::public_key pub1 = pub.add( h2 ); interop_do(pub1.serialize()); interop_do(pub1.serialize_ecc_point()); fc::ecc::private_key priv1 = fc::ecc::private_key::generate_from_seed(h, h2); interop_do(priv1.get_secret()); + std::string b58 = pub1.to_base58(); + interop_do(b58); + fc::ecc::public_key pub2 = fc::ecc::public_key::from_base58(b58); + FC_ASSERT( pub1 == pub2 ); + + fc::sha512 shared = priv1.get_shared_secret( pub ); + interop_do(shared); + auto sig = priv.sign_compact( h ); interop_do(sig); auto recover = fc::ecc::public_key( sig, h );