/
privkey.go
165 lines (129 loc) · 3.59 KB
/
privkey.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
package sr25519
import (
"encoding/json"
"fmt"
"io"
"github.com/oasisprotocol/curve25519-voi/primitives/sr25519"
"github.com/tendermint/tendermint/crypto"
)
var (
_ crypto.PrivKey = PrivKey{}
signingCtx = sr25519.NewSigningContext([]byte{})
)
const (
// PrivKeySize is the size of a sr25519 signature in bytes.
PrivKeySize = sr25519.MiniSecretKeySize
KeyType = "sr25519"
)
// PrivKey implements crypto.PrivKey.
type PrivKey struct {
msk sr25519.MiniSecretKey
kp *sr25519.KeyPair
}
// Bytes returns the byte-encoded PrivKey.
func (privKey PrivKey) Bytes() []byte {
if privKey.kp == nil {
return nil
}
return privKey.msk[:]
}
// Sign produces a signature on the provided message.
func (privKey PrivKey) Sign(msg []byte) ([]byte, error) {
if privKey.kp == nil {
return nil, fmt.Errorf("sr25519: uninitialized private key")
}
st := signingCtx.NewTranscriptBytes(msg)
sig, err := privKey.kp.Sign(crypto.CReader(), st)
if err != nil {
return nil, fmt.Errorf("sr25519: failed to sign message: %w", err)
}
sigBytes, err := sig.MarshalBinary()
if err != nil {
return nil, fmt.Errorf("sr25519: failed to serialize signature: %w", err)
}
return sigBytes, nil
}
// PubKey gets the corresponding public key from the private key.
//
// Panics if the private key is not initialized.
func (privKey PrivKey) PubKey() crypto.PubKey {
if privKey.kp == nil {
panic("sr25519: uninitialized private key")
}
b, err := privKey.kp.PublicKey().MarshalBinary()
if err != nil {
panic("sr25519: failed to serialize public key: " + err.Error())
}
return PubKey(b)
}
// Equals - you probably don't need to use this.
// Runs in constant time based on length of the keys.
func (privKey PrivKey) Equals(other crypto.PrivKey) bool {
if otherSr, ok := other.(PrivKey); ok {
return privKey.msk.Equal(&otherSr.msk)
}
return false
}
func (privKey PrivKey) Type() string {
return KeyType
}
func (privKey PrivKey) MarshalJSON() ([]byte, error) {
var b []byte
// Handle uninitialized private keys gracefully.
if privKey.kp != nil {
b = privKey.Bytes()
}
return json.Marshal(b)
}
func (privKey *PrivKey) UnmarshalJSON(data []byte) error {
for i := range privKey.msk {
privKey.msk[i] = 0
}
privKey.kp = nil
var b []byte
if err := json.Unmarshal(data, &b); err != nil {
return fmt.Errorf("sr25519: failed to deserialize JSON: %w", err)
}
if len(b) == 0 {
return nil
}
msk, err := sr25519.NewMiniSecretKeyFromBytes(b)
if err != nil {
return err
}
sk := msk.ExpandEd25519()
privKey.msk = *msk
privKey.kp = sk.KeyPair()
return nil
}
// GenPrivKey generates a new sr25519 private key.
// It uses OS randomness in conjunction with the current global random seed
// in tendermint/libs/common to generate the private key.
func GenPrivKey() PrivKey {
return genPrivKey(crypto.CReader())
}
func genPrivKey(rng io.Reader) PrivKey {
msk, err := sr25519.GenerateMiniSecretKey(rng)
if err != nil {
panic("sr25519: failed to generate MiniSecretKey: " + err.Error())
}
sk := msk.ExpandEd25519()
return PrivKey{
msk: *msk,
kp: sk.KeyPair(),
}
}
// GenPrivKeyFromSecret hashes the secret with SHA2, and uses
// that 32 byte output to create the private key.
// NOTE: secret should be the output of a KDF like bcrypt,
// if it's derived from user input.
func GenPrivKeyFromSecret(secret []byte) PrivKey {
seed := crypto.Sha256(secret) // Not Ripemd160 because we want 32 bytes.
var privKey PrivKey
if err := privKey.msk.UnmarshalBinary(seed); err != nil {
panic("sr25519: failed to deserialize MiniSecretKey: " + err.Error())
}
sk := privKey.msk.ExpandEd25519()
privKey.kp = sk.KeyPair()
return privKey
}