/
secp256k1_verifier.go
99 lines (87 loc) · 3.11 KB
/
secp256k1_verifier.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
package crypto
import (
"crypto"
"crypto/ecdsa"
"errors"
"fmt"
"github.com/alphabill-org/alphabill/crypto/canonicalizer"
"github.com/alphabill-org/alphabill/hash"
ethcrypto "github.com/ethereum/go-ethereum/crypto"
"github.com/ethereum/go-ethereum/crypto/secp256k1"
)
var (
ErrInvalidArgument = errors.New("invalid nil argument")
ErrVerificationFailed = errors.New("verification failed")
)
type (
verifierSecp256k1 struct {
pubKey []byte
}
)
// CompressedSecp256K1PublicKeySize is size of public key in compressed format
const CompressedSecp256K1PublicKeySize = 33
// NewVerifierSecp256k1 creates new verifier from an existing Secp256k1 compressed public key.
func NewVerifierSecp256k1(compressedPubKey []byte) (Verifier, error) {
if len(compressedPubKey) != CompressedSecp256K1PublicKeySize {
return nil, fmt.Errorf("pubkey must be %d bytes long, but is %d", CompressedSecp256K1PublicKeySize, len(compressedPubKey))
}
x, y := secp256k1.DecompressPubkey(compressedPubKey)
if x == nil && y == nil {
return nil, fmt.Errorf("public key decompress faield")
}
pubkey := secp256k1.S256().Marshal(x, y)
return &verifierSecp256k1{pubkey}, nil
}
// VerifyBytes hashes the data with SHA256 and verifies it using the public key of the verifier.
func (v *verifierSecp256k1) VerifyBytes(sig []byte, data []byte) error {
if v == nil || v.pubKey == nil || sig == nil || data == nil {
return ErrInvalidArgument
}
return v.VerifyHash(sig, hash.Sum256(data))
}
// VerifyHash verifies the hash against the signature, using the internal public key.
func (v *verifierSecp256k1) VerifyHash(sig []byte, hash []byte) error {
if v == nil || v.pubKey == nil || sig == nil || hash == nil {
return ErrInvalidArgument
}
if len(sig) == ethcrypto.SignatureLength {
// If signature contains recovery ID, then remove it.
sig = sig[:len(sig)-1]
}
if len(sig) != ethcrypto.RecoveryIDOffset {
return fmt.Errorf("signature length is %d b (expected %d b)", len(sig), ethcrypto.RecoveryIDOffset)
}
if secp256k1.VerifySignature(v.pubKey, hash, sig) {
return nil
}
return ErrVerificationFailed
}
// VerifyObject verifies the signature of canonicalizable object with public key.
func (v *verifierSecp256k1) VerifyObject(sig []byte, obj canonicalizer.Canonicalizer, opts ...canonicalizer.Option) error {
data, err := canonicalizer.Canonicalize(obj, opts...)
if err != nil {
return fmt.Errorf("canonicalize the object failed: %w", err)
}
return v.VerifyBytes(sig, data)
}
// MarshalPublicKey returns compressed public key, 33 bytes
func (v *verifierSecp256k1) MarshalPublicKey() ([]byte, error) {
pubkey, err := v.unmarshalPubKey()
if err != nil {
return nil, err
}
return secp256k1.CompressPubkey(pubkey.X, pubkey.Y), nil
}
func (v *verifierSecp256k1) UnmarshalPubKey() (crypto.PublicKey, error) {
return v.unmarshalPubKey()
}
func (v *verifierSecp256k1) unmarshalPubKey() (*ecdsa.PublicKey, error) {
if v == nil || v.pubKey == nil {
return nil, ErrInvalidArgument
}
pubkey, err := ethcrypto.UnmarshalPubkey(v.pubKey)
if err != nil {
return nil, fmt.Errorf("convert public key bytes to ECDSA public key failed: %w", err)
}
return pubkey, nil
}