forked from goat-systems/go-tezos
/
nistP256.go
91 lines (71 loc) · 2.19 KB
/
nistP256.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
package keys
import (
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"math/big"
"github.com/pkg/errors"
"golang.org/x/crypto/blake2b"
)
var _ iCurve = &nistP256Curve{}
type nistP256Curve struct{}
func (n *nistP256Curve) addressPrefix() []byte {
return []byte{6, 161, 164}
}
func (n *nistP256Curve) publicKeyPrefix() []byte {
return []byte{3, 178, 139, 127}
}
func (n *nistP256Curve) privateKeyPrefix() []byte {
return []byte{16, 81, 238, 189}
}
func (n *nistP256Curve) signaturePrefix() []byte {
return []byte{54, 240, 44, 52}
}
func (n *nistP256Curve) getECKind() ECKind {
return NistP256
}
func (n *nistP256Curve) getPrivateKey(v []byte) []byte {
return v[:32]
}
func (n *nistP256Curve) getPublicKey(privateKey []byte) ([]byte, error) {
var privKey ecdsa.PrivateKey
privKey.D = new(big.Int).SetBytes(privateKey)
privKey.PublicKey.Curve = elliptic.P256()
privKey.PublicKey.X, privKey.PublicKey.Y = privKey.PublicKey.Curve.ScalarBaseMult(privKey.D.Bytes())
var pref []byte
if privKey.PublicKey.Y.Bytes()[31]%2 == 0 {
pref = []byte{2}
} else {
pref = []byte{3}
}
// 32 padded 0's
pad := []byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
pad = append(pad, privKey.PublicKey.X.Bytes()...)
return append(pref, pad[len(pad)-32:]...), nil
}
func (n *nistP256Curve) sign(msg []byte, privateKey []byte) (Signature, error) {
hash, err := blake2b.New(32, []byte{})
if err != nil {
return Signature{}, err
}
i, err := hash.Write(msg)
if err != nil {
return Signature{}, errors.Wrap(err, "failed to sign operation bytes")
}
if i != len(msg) {
return Signature{}, errors.Errorf("failed to sign operation: generic hash length %d does not match bytes length %d", i, len(msg))
}
var privKey ecdsa.PrivateKey
privKey.D = new(big.Int).SetBytes(privateKey)
privKey.PublicKey.Curve = elliptic.P256()
privKey.PublicKey.X, privKey.PublicKey.Y = privKey.PublicKey.Curve.ScalarBaseMult(privKey.D.Bytes())
r, ss, err := ecdsa.Sign(rand.Reader, &privKey, hash.Sum([]byte{}))
if err != nil {
return Signature{}, err
}
signature := append(r.Bytes(), ss.Bytes()...)
return Signature{
Bytes: signature,
prefix: n.signaturePrefix(),
}, nil
}