wire-sysio/elliptic__em__impl__pub_8cpp_source.html

#include <fc/fwd_impl.hpp>

#include <boost/config.hpp>


#include "_elliptic_em_impl_pub.hpp"


/* used by mixed + openssl */


namespace fc { namespace em {

    namespace detail {


        public_key_impl::public_key_impl() BOOST_NOEXCEPT

        {

            _init_lib();

        }


        public_key_impl::public_key_impl( const public_key_impl& cpy ) BOOST_NOEXCEPT

        {

            _init_lib();

            *this = cpy;

        }


        public_key_impl::public_key_impl( public_key_impl&& cpy ) BOOST_NOEXCEPT

        {

            _init_lib();

            *this = cpy;

        }


        public_key_impl::~public_key_impl() BOOST_NOEXCEPT

        {

            free_key();

        }


        public_key_impl& public_key_impl::operator=( const public_key_impl& pk ) BOOST_NOEXCEPT

        {

            if (pk._key == nullptr)

            {

                free_key();

            } else if ( _key == nullptr ) {

                _key = EC_KEY_dup( pk._key );

            } else {

                EC_KEY_copy( _key, pk._key );

            }

            return *this;

        }


        public_key_impl& public_key_impl::operator=( public_key_impl&& pk ) BOOST_NOEXCEPT

        {

            if ( this != &pk ) {

                free_key();

                _key = pk._key;

                pk._key = nullptr;

            }

            return *this;

        }


        void public_key_impl::free_key() BOOST_NOEXCEPT

        {

            if( _key != nullptr )

            {

                EC_KEY_free(_key);

                _key = nullptr;

            }

        }


        // Perform ECDSA key recovery (see SEC1 4.1.6) for curves over (mod p)-fields

        // recid selects which key is recovered

        // if check is non-zero, additional checks are performed


        int public_key_impl::ECDSA_SIG_recover_key_GFp(EC_KEY *eckey, ECDSA_SIG *ecsig,

                                                       const unsigned char *msg,

                                                       int msglen, int recid, int check)

        {

            if (!eckey) FC_THROW_EXCEPTION( exception, "null key" );


            int ret = 0;

            BN_CTX *ctx = NULL;


            BIGNUM *x = NULL;

            BIGNUM *e = NULL;

            BIGNUM *order = NULL;

            BIGNUM *sor = NULL;

            BIGNUM *eor = NULL;

            BIGNUM *field = NULL;

            EC_POINT *R = NULL;

            EC_POINT *O = NULL;

            EC_POINT *Q = NULL;

            BIGNUM *rr = NULL;

            BIGNUM *zero = NULL;

            int n = 0;

            int i = recid / 2;


            const EC_GROUP *group = EC_KEY_get0_group(eckey);

            if ((ctx = BN_CTX_new()) == NULL) { ret = -1; goto err; }

            BN_CTX_start(ctx);

            order = BN_CTX_get(ctx);

            if (!EC_GROUP_get_order(group, order, ctx)) { ret = -2; goto err; }

            x = BN_CTX_get(ctx);

            if (!BN_copy(x, order)) { ret=-1; goto err; }

            if (!BN_mul_word(x, i)) { ret=-1; goto err; }

            if (!BN_add(x, x, ecsig->r)) { ret=-1; goto err; }

            field = BN_CTX_get(ctx);

            if (!EC_GROUP_get_curve_GFp(group, field, NULL, NULL, ctx)) { ret=-2; goto err; }

            if (BN_cmp(x, field) >= 0) { ret=0; goto err; }

            if ((R = EC_POINT_new(group)) == NULL) { ret = -2; goto err; }

            if (!EC_POINT_set_compressed_coordinates_GFp(group, R, x, recid % 2, ctx)) { ret=0; goto err; }

            if (check)

            {

                if ((O = EC_POINT_new(group)) == NULL) { ret = -2; goto err; }

                if (!EC_POINT_mul(group, O, NULL, R, order, ctx)) { ret=-2; goto err; }

                if (!EC_POINT_is_at_infinity(group, O)) { ret = 0; goto err; }

            }

            if ((Q = EC_POINT_new(group)) == NULL) { ret = -2; goto err; }

            n = EC_GROUP_get_degree(group);

            e = BN_CTX_get(ctx);

            if (!BN_bin2bn(msg, msglen, e)) { ret=-1; goto err; }

            if (8*msglen > n) BN_rshift(e, e, 8-(n & 7));

            zero = BN_CTX_get(ctx);

            if (!BN_zero(zero)) { ret=-1; goto err; }

            if (!BN_mod_sub(e, zero, e, order, ctx)) { ret=-1; goto err; }

            rr = BN_CTX_get(ctx);

            if (!BN_mod_inverse(rr, ecsig->r, order, ctx)) { ret=-1; goto err; }

            sor = BN_CTX_get(ctx);

            if (!BN_mod_mul(sor, ecsig->s, rr, order, ctx)) { ret=-1; goto err; }

            eor = BN_CTX_get(ctx);

            if (!BN_mod_mul(eor, e, rr, order, ctx)) { ret=-1; goto err; }

            if (!EC_POINT_mul(group, Q, eor, R, sor, ctx)) { ret=-2; goto err; }

            if (!EC_KEY_set_public_key(eckey, Q)) { ret=-2; goto err; }


            ret = 1;


        err:

            if (ctx) {

                BN_CTX_end(ctx);

                BN_CTX_free(ctx);

            }

            if (R != NULL) EC_POINT_free(R);

            if (O != NULL) EC_POINT_free(O);

            if (Q != NULL) EC_POINT_free(Q);

            return ret;

        }


    }


    public_key::public_key() {}


    public_key::public_key( const public_key& pk ) : my( pk.my ) {}


    public_key::public_key( public_key&& pk ) : my( std::move( pk.my ) ) {}


    public_key::~public_key() {}


    public_key& public_key::operator=( public_key&& pk )

    {

        my = std::move(pk.my);

        return *this;

    }


    public_key& public_key::operator=( const public_key& pk )

    {

        my = pk.my;

        return *this;

    }


    bool public_key::valid()const

    {

      return my->_key != nullptr;

    }


    /* WARNING! This implementation is broken, it is actually equivalent to

     * public_key::add()!

     */

//    public_key public_key::mult( const fc::sha256& digest ) const

//    {

//        // get point from this public key

//        const EC_POINT* master_pub   = EC_KEY_get0_public_key( my->_key );

//        ec_group group(EC_GROUP_new_by_curve_name(NID_secp256k1));

//

//        ssl_bignum z;

//        BN_bin2bn((unsigned char*)&digest, sizeof(digest), z);

//

//        // multiply by digest

//        ssl_bignum one;

//        BN_one(one);

//        bn_ctx ctx(BN_CTX_new());

//

//        ec_point result(EC_POINT_new(group));

//        EC_POINT_mul(group, result, z, master_pub, one, ctx);

//

//        public_key rtn;

//        rtn.my->_key = EC_KEY_new_by_curve_name( NID_secp256k1 );

//        EC_KEY_set_public_key(rtn.my->_key,result);

//

//        return rtn;

//    }


    public_key public_key::add( const fc::sha256& digest )const

    {

      try {

        ec_group group(EC_GROUP_new_by_curve_name(NID_secp256k1));

        bn_ctx ctx(BN_CTX_new());


        fc::bigint digest_bi( (char*)&digest, sizeof(digest) );


        ssl_bignum order;

        EC_GROUP_get_order(group, order, ctx);

        if( digest_bi > fc::bigint(order) )

        {

          FC_THROW_EXCEPTION( exception, "digest > group order" );

        }


        public_key digest_key = private_key::regenerate(digest).get_public_key();

        const EC_POINT* digest_point   = EC_KEY_get0_public_key( digest_key.my->_key );


        // get point from this public key

        const EC_POINT* master_pub   = EC_KEY_get0_public_key( my->_key );


//        ssl_bignum z;

//        BN_bin2bn((unsigned char*)&digest, sizeof(digest), z);


        // multiply by digest

//        ssl_bignum one;

//        BN_one(one);


        ec_point result(EC_POINT_new(group));

        EC_POINT_add(group, result, digest_point, master_pub, ctx);


        if (EC_POINT_is_at_infinity(group, result))

        {

          FC_THROW_EXCEPTION( exception, "point at  infinity" );

        }


        public_key rtn;

        rtn.my->_key = EC_KEY_new_by_curve_name( NID_secp256k1 );

        EC_KEY_set_public_key(rtn.my->_key,result);

        return rtn;

      } FC_RETHROW_EXCEPTIONS( debug, "digest: ${digest}", ("digest",digest) );

    }


    std::string public_key::to_base58() const

    {

      public_key_data key = serialize();

      return to_base58( key );

    }


//    signature private_key::sign( const fc::sha256& digest )const

//    {

//        unsigned int buf_len = ECDSA_size(my->_key);

//        signature sig;

//        assert( buf_len == sizeof(sig) );

//

//        if( !ECDSA_sign( 0,

//                    (const unsigned char*)&digest, sizeof(digest),

//                    (unsigned char*)&sig, &buf_len, my->_key ) )

//        {

//            FC_THROW_EXCEPTION( exception, "signing error" );

//        }

//

//

//        return sig;

//    }

//    bool       public_key::verify( const fc::sha256& digest, const fc::ecc::signature& sig )

//    {

//      return 1 == ECDSA_verify( 0, (unsigned char*)&digest, sizeof(digest), (unsigned char*)&sig, sizeof(sig), my->_key );

//    }


    public_key_data public_key::serialize()const

    {

      public_key_data dat;

      if( !my->_key ) return dat;

      EC_KEY_set_conv_form( my->_key, POINT_CONVERSION_COMPRESSED );

      /*size_t nbytes = i2o_ECPublicKey( my->_key, nullptr ); */

      /*assert( nbytes == 33 )*/

      char* front = &dat.data[0];

      i2o_ECPublicKey( my->_key, (unsigned char**)&front ); // FIXME: questionable memory handling

      return dat;

      /*

       EC_POINT* pub   = EC_KEY_get0_public_key( my->_key );

       EC_GROUP* group = EC_KEY_get0_group( my->_key );

       EC_POINT_get_affine_coordinates_GFp( group, pub, self.my->_pub_x.get(), self.my->_pub_y.get(), nullptr );

       */

    }


    public_key_point_data public_key::serialize_ecc_point()const

    {

      public_key_point_data dat;

      if( !my->_key ) return dat;

      EC_KEY_set_conv_form( my->_key, POINT_CONVERSION_UNCOMPRESSED );

      char* front = &dat.data[0];

      i2o_ECPublicKey( my->_key, (unsigned char**)&front ); // FIXME: questionable memory handling

      return dat;

    }


    public_key::public_key( const public_key_point_data& dat )

    {

      const char* front = &dat.data[0];

      if( *front == 0 ){}

      else

      {

         my->_key = EC_KEY_new_by_curve_name( NID_secp256k1 );

         my->_key = o2i_ECPublicKey( &my->_key, (const unsigned char**)&front, sizeof(dat)  );

         if( !my->_key )

         {

           FC_THROW_EXCEPTION( exception, "error decoding public key", ("s", ERR_error_string( ERR_get_error(), nullptr) ) );

         }

      }

    }

    public_key::public_key( const public_key_data& dat )

    {

      const char* front = &dat.data[0];

      if( *front == 0 ){}

      else

      {

         my->_key = EC_KEY_new_by_curve_name( NID_secp256k1 );

         my->_key = o2i_ECPublicKey( &my->_key, (const unsigned char**)&front, sizeof(public_key_data) );

         if( !my->_key )

         {

           FC_THROW_EXCEPTION( exception, "error decoding public key", ("s", ERR_error_string( ERR_get_error(), nullptr) ) );

         }

      }

    }


//    bool       private_key::verify( const fc::sha256& digest, const fc::ecc::signature& sig )

//    {

//      return 1 == ECDSA_verify( 0, (unsigned char*)&digest, sizeof(digest), (unsigned char*)&sig, sizeof(sig), my->_key );

//    }


    public_key::public_key( const compact_signature& c, const fc::sha256& digest, bool check_canonical )

    {

        int nV = c.data[0];

        if (nV<27 || nV>=35)

            FC_THROW_EXCEPTION( exception, "unable to reconstruct public key from signature" );


        ECDSA_SIG *sig = ECDSA_SIG_new();

        BN_bin2bn(&c.data[1],32,sig->r);

        BN_bin2bn(&c.data[33],32,sig->s);


        if( check_canonical )

        {

            FC_ASSERT( is_canonical( c ), "signature is not canonical" );

        }


        my->_key = EC_KEY_new_by_curve_name(NID_secp256k1);


        if (nV >= 31)

        {

            EC_KEY_set_conv_form( my->_key, POINT_CONVERSION_COMPRESSED );

            nV -= 4;

//            fprintf( stderr, "compressed\n" );

        }


        if (detail::public_key_impl::ECDSA_SIG_recover_key_GFp(my->_key, sig, (unsigned char*)&digest, sizeof(digest), nV - 27, 0) == 1)

        {

            ECDSA_SIG_free(sig);

            return;

        }

        ECDSA_SIG_free(sig);

        FC_THROW_EXCEPTION( exception, "unable to reconstruct public key from signature" );

    }

}}

_elliptic_em_impl_pub.hpp

fc::array< char, 33 >

fc::array::data
T data[N]
Definition array.hpp:37

fc::bigint
Definition bigint.hpp:10

fc::crypto::r1::public_key
contains only the public point of an elliptic curve key.
Definition elliptic_r1.hpp:33

fc::em::detail::public_key_impl
Definition elliptic_em.cpp:39

fc::em::detail::public_key_impl::operator=
public_key_impl & operator=(const public_key_impl &pk) BOOST_NOEXCEPT
Definition elliptic_em_impl_pub.cpp:33

fc::em::detail::public_key_impl::_key
EC_KEY * _key
Definition _elliptic_em_impl_pub.hpp:27

fc::em::detail::public_key_impl::ECDSA_SIG_recover_key_GFp
static int ECDSA_SIG_recover_key_GFp(EC_KEY *eckey, ECDSA_SIG *ecsig, const unsigned char *msg, int msglen, int recid, int check)
Definition elliptic_em_impl_pub.cpp:68

fc::em::detail::public_key_impl::~public_key_impl
~public_key_impl() BOOST_NOEXCEPT
Definition elliptic_em_impl_pub.cpp:28

fc::em::detail::public_key_impl::public_key_impl
public_key_impl() BOOST_NOEXCEPT
Definition elliptic_em_impl_pub.cpp:11

fc::em::private_key::get_public_key
public_key get_public_key() const
Definition elliptic_em_impl_priv.cpp:71

fc::em::private_key::regenerate
static private_key regenerate(const fc::sha256 &secret)
Definition elliptic_em_impl_priv.cpp:53

fc::em::public_key::valid
bool valid() const
Definition elliptic_em.cpp:103

fc::em::public_key::~public_key
~public_key()
Definition elliptic_em.cpp:89

fc::em::public_key::to_base58
std::string to_base58() const
Allows to convert current public key object into base58 number.
Definition elliptic_em.cpp:108

fc::em::public_key::operator=
public_key & operator=(public_key &&pk)
Definition elliptic_em.cpp:97

fc::em::public_key::public_key
public_key()
Definition elliptic_em.cpp:83

fc::em::public_key::serialize_ecc_point
public_key_point_data serialize_ecc_point() const
Definition elliptic_em_impl_pub.cpp:282

fc::em::public_key::serialize
public_key_data serialize() const
Definition elliptic_em.cpp:114

fc::exception
Used to generate a useful error report when an exception is thrown.
Definition exception.hpp:58

fc::public_key
Definition pke.hpp:20

fc::sha256
Definition sha256.hpp:12

debug
bool debug
Definition environment.hpp:17

FC_THROW_EXCEPTION
#define FC_THROW_EXCEPTION(EXCEPTION, FORMAT,...)
Definition exception.hpp:395

FC_ASSERT
#define FC_ASSERT(TEST,...)
Checks a condition and throws an assert_exception if the test is FALSE.
Definition exception.hpp:362

FC_RETHROW_EXCEPTIONS
#define FC_RETHROW_EXCEPTIONS(LOG_LEVEL, FORMAT,...)
Catchs all exception's, std::exceptions, and ... and rethrows them after appending the provided log m...
Definition exception.hpp:505

fwd_impl.hpp

field
ehm field
Definition hello_driver.cpp:80

BIGNUM
bignum_st BIGNUM
Definition bigint.hpp:7

detail
Definition main.cpp:23

fc::em::detail::_init_lib
void _init_lib()
Definition elliptic_em.cpp:33

fc::em::public_key_data
fc::array< char, 33 > public_key_data
Definition elliptic_em.hpp:24

fc::em::compact_signature
fc::array< unsigned char, 65 > compact_signature
Definition elliptic_em.hpp:28

fc
namespace sysio::chain
Definition authority.cpp:3

fc::to_base58
std::string to_base58(const char *d, size_t s, const fc::yield_function_t &yield)
Definition base58.cpp:618

fc::digest
fc::sha256 digest(const T &value)
Definition digest.hpp:9

std
Definition name.hpp:106

fc::ssl_bignum
Definition openssl.hpp:55

R
#define R

ret
CK_RV ret
Definition yubihsm_pkcs11.c:973