secp256k1

package module
Version: v1.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 7, 2019 License: ISC Imports: 4 Imported by: 81

README

secp256k1

Build Status ISC License GoDoc

Package dcrec implements elliptic curve cryptography needed for working with Decred (secp256k1 only for now). It is designed so that it may be used with the standard crypto/ecdsa packages provided with go. A comprehensive suite of test is provided to ensure proper functionality. Package dcrec was originally based on work from ThePiachu which is licensed under the same terms as Go, but it has signficantly diverged since then. The Decred developers original is licensed under the liberal ISC license.

Although this package was primarily written for dcrd, it has intentionally been designed so it can be used as a standalone package for any projects needing to use secp256k1 elliptic curve cryptography.

Installation and Updating

$ go get -u github.com/decred/dcrd/dcrec

Examples

  • Sign Message
    Demonstrates signing a message with a secp256k1 private key that is first parsed form raw bytes and serializing the generated signature.

  • Verify Signature
    Demonstrates verifying a secp256k1 signature against a public key that is first parsed from raw bytes. The signature is also parsed from raw bytes.

  • Encryption
    Demonstrates encrypting a message for a public key that is first parsed from raw bytes, then decrypting it using the corresponding private key.

  • Decryption
    Demonstrates decrypting a message using a private key that is first parsed from raw bytes.

License

Package dcrec is licensed under the copyfree ISC License except for dcrec.go and dcrec_test.go which is under the same license as Go.

Documentation

Overview

Package secp256k1 implements support for the elliptic curves needed for Decred.

Decred uses elliptic curve cryptography using koblitz curves (specifically secp256k1) for cryptographic functions. See http://www.secg.org/sec2-v2.pdf for details on the standard.

This package provides the data structures and functions implementing the crypto/elliptic Curve interface in order to permit using these curves with the standard crypto/ecdsa package provided with go. Helper functionality is provided to parse signatures and public keys from standard formats. It was designed for use with dcrd, but should be general enough for other uses of elliptic curve crypto. It was originally based on some initial work by ThePiachu, but has significantly diverged since then.

Example (DecryptMessage)

This example demonstrates decrypting a message using a private key that is first parsed from raw bytes.

package main

import (
	"encoding/hex"
	"fmt"

	"github.com/decred/dcrd/dcrec/secp256k1"
)

func main() {
	// Decode the hex-encoded private key.
	pkBytes, err := hex.DecodeString("a11b0a4e1a132305652ee7a8eb7848f6ad" +
		"5ea381e3ce20a2c086a2e388230811")
	if err != nil {
		fmt.Println(err)
		return
	}

	privKey, _ := secp256k1.PrivKeyFromBytes(pkBytes)

	ciphertext, err := hex.DecodeString("35f644fbfb208bc71e57684c3c8b437402ca" +
		"002047a2f1b38aa1a8f1d5121778378414f708fe13ebf7b4a7bb74407288c1958969" +
		"00207cf4ac6057406e40f79961c973309a892732ae7a74ee96cd89823913b8b8d650" +
		"a44166dc61ea1c419d47077b748a9c06b8d57af72deb2819d98a9d503efc59fc8307" +
		"d14174f8b83354fac3ff56075162")
	if err != nil {
		fmt.Println(err)
		return
	}

	// Try decrypting the message.
	plaintext, err := secp256k1.Decrypt(privKey, ciphertext)
	if err != nil {
		fmt.Println(err)
		return
	}

	fmt.Println(string(plaintext))

}
Output:

test message
Example (EncryptMessage)

This example demonstrates encrypting a message for a public key that is first parsed from raw bytes, then decrypting it using the corresponding private key.

package main

import (
	"encoding/hex"
	"fmt"

	"github.com/decred/dcrd/dcrec/secp256k1"
)

func main() {
	// Decode the hex-encoded pubkey of the recipient.
	pubKeyBytes, err := hex.DecodeString("04115c42e757b2efb7671c578530ec191a1" +
		"359381e6a71127a9d37c486fd30dae57e76dc58f693bd7e7010358ce6b165e483a29" +
		"21010db67ac11b1b51b651953d2") // uncompressed pubkey
	if err != nil {
		fmt.Println(err)
		return
	}
	pubKey, err := secp256k1.ParsePubKey(pubKeyBytes)
	if err != nil {
		fmt.Println(err)
		return
	}

	// Encrypt a message decryptable by the private key corresponding to pubKey
	message := "test message"
	ciphertext, err := secp256k1.Encrypt(pubKey, []byte(message))
	if err != nil {
		fmt.Println(err)
		return
	}

	// Decode the hex-encoded private key.
	pkBytes, err := hex.DecodeString("a11b0a4e1a132305652ee7a8eb7848f6ad" +
		"5ea381e3ce20a2c086a2e388230811")
	if err != nil {
		fmt.Println(err)
		return
	}
	// note that we already have corresponding pubKey
	privKey, _ := secp256k1.PrivKeyFromBytes(pkBytes)

	// Try decrypting and verify if it's the same message.
	plaintext, err := secp256k1.Decrypt(privKey, ciphertext)
	if err != nil {
		fmt.Println(err)
		return
	}

	fmt.Println(string(plaintext))

}
Output:

test message
Example (SignMessage)

This example demonstrates signing a message with a secp256k1 private key that is first parsed form raw bytes and serializing the generated signature.

package main

import (
	"encoding/hex"
	"fmt"

	"github.com/decred/dcrd/chaincfg/chainhash"
	"github.com/decred/dcrd/dcrec/secp256k1"
)

func main() {
	// Decode a hex-encoded private key.
	pkBytes, err := hex.DecodeString("22a47fa09a223f2aa079edf85a7c2d4f87" +
		"20ee63e502ee2869afab7de234b80c")
	if err != nil {
		fmt.Println(err)
		return
	}
	privKey, pubKey := secp256k1.PrivKeyFromBytes(pkBytes)

	// Sign a message using the private key.
	message := "test message"
	messageHash := chainhash.HashB([]byte(message))
	signature, err := privKey.Sign(messageHash)
	if err != nil {
		fmt.Println(err)
		return
	}

	// Serialize and display the signature.
	fmt.Printf("Serialized Signature: %x\n", signature.Serialize())

	// Verify the signature for the message using the public key.
	verified := signature.Verify(messageHash, pubKey)
	fmt.Printf("Signature Verified? %v\n", verified)

}
Output:

Serialized Signature: 3045022100fcc0a8768cfbcefcf2cadd7cfb0fb18ed08dd2e2ae84bef1a474a3d351b26f0302200fc1a350b45f46fa00101391302818d748c2b22615511a3ffd5bb638bd777207
Signature Verified? true
Example (VerifySignature)

This example demonstrates verifying a secp256k1 signature against a public key that is first parsed from raw bytes. The signature is also parsed from raw bytes.

package main

import (
	"encoding/hex"
	"fmt"

	"github.com/decred/dcrd/chaincfg/chainhash"
	"github.com/decred/dcrd/dcrec/secp256k1"
)

func main() {
	// Decode hex-encoded serialized public key.
	pubKeyBytes, err := hex.DecodeString("02a673638cb9587cb68ea08dbef685c" +
		"6f2d2a751a8b3c6f2a7e9a4999e6e4bfaf5")
	if err != nil {
		fmt.Println(err)
		return
	}
	pubKey, err := secp256k1.ParsePubKey(pubKeyBytes)
	if err != nil {
		fmt.Println(err)
		return
	}

	// Decode hex-encoded serialized signature.
	sigBytes, err := hex.DecodeString("3045022100fcc0a8768cfbcefcf2cadd7cfb0" +
		"fb18ed08dd2e2ae84bef1a474a3d351b26f0302200fc1a350b45f46fa0010139130" +
		"2818d748c2b22615511a3ffd5bb638bd777207")

	if err != nil {
		fmt.Println(err)
		return
	}
	signature, err := secp256k1.ParseDERSignature(sigBytes)
	if err != nil {
		fmt.Println(err)
		return
	}

	// Verify the signature for the message using the public key.
	message := "test message"
	messageHash := chainhash.HashB([]byte(message))
	verified := signature.Verify(messageHash, pubKey)
	fmt.Println("Signature Verified?", verified)

}
Output:

Signature Verified? true

Index

Examples

Constants

View Source
const (
	PubKeyBytesLenCompressed   = 33
	PubKeyBytesLenUncompressed = 65
)

These constants define the lengths of serialized public keys.

View Source
const PrivKeyBytesLen = 32

PrivKeyBytesLen defines the length in bytes of a serialized private key.

Variables

View Source
var (
	// ErrInvalidMAC occurs when Message Authentication Check (MAC) fails
	// during decryption. This happens because of either invalid private key or
	// corrupt ciphertext.
	ErrInvalidMAC = v2.ErrInvalidMAC
)

Functions

func Decrypt

func Decrypt(priv *PrivateKey, in []byte) ([]byte, error)

Decrypt decrypts data that was encrypted using the Encrypt function.

func Encrypt

func Encrypt(pubkey *PublicKey, in []byte) ([]byte, error)

Encrypt encrypts data for the target public key using AES-256-CBC. It also generates a private key (the pubkey of which is also in the output). The only supported curve is secp256k1. The `structure' that it encodes everything into is:

struct {
	// Initialization Vector used for AES-256-CBC
	IV [16]byte
	// Public Key: curve(2) + len_of_pubkeyX(2) + pubkeyX +
	// len_of_pubkeyY(2) + pubkeyY (curve = 714)
	PublicKey [70]byte
	// Cipher text
	Data []byte
	// HMAC-SHA-256 Message Authentication Code
	HMAC [32]byte
}

The primary aim is to ensure byte compatibility with Pyelliptic. Also, refer to section 5.8.1 of ANSI X9.63 for rationale on this format.

func GenerateKey

func GenerateKey(rand io.Reader) ([]byte, *big.Int, *big.Int, error)

GenerateKey generates a key using a random number generator, returning the private scalar and the corresponding public key points.

func GenerateSharedSecret

func GenerateSharedSecret(privkey *PrivateKey, pubkey *PublicKey) []byte

GenerateSharedSecret generates a shared secret based on a private key and a public key using Diffie-Hellman key exchange (ECDH) (RFC 4753). RFC5903 Section 9 states we should only return x.

func NAF

func NAF(k []byte) ([]byte, []byte)

NAF takes a positive integer k and returns the Non-Adjacent Form (NAF) as two byte slices. The first is where 1s will be. The second is where -1s will be. NAF is convenient in that on average, only 1/3rd of its values are non-zero. This is algorithm 3.30 from [GECC].

Essentially, this makes it possible to minimize the number of operations since the resulting ints returned will be at least 50% 0s.

func NonceRFC6979

func NonceRFC6979(privkey *big.Int, hash []byte, extra []byte, version []byte) *big.Int

NonceRFC6979 generates an ECDSA nonce (`k`) deterministically according to RFC 6979. It takes a 32-byte hash as an input and returns 32-byte nonce to be used in ECDSA algorithm.

func PrivKeyFromBytes

func PrivKeyFromBytes(pk []byte) (*PrivateKey, *PublicKey)

PrivKeyFromBytes returns a private and public key for `curve' based on the private key passed as an argument as a byte slice.

func PrivKeyFromScalar

func PrivKeyFromScalar(s []byte) (*PrivateKey, *PublicKey)

PrivKeyFromScalar is the same as PrivKeyFromBytes in secp256k1.

func SignCompact

func SignCompact(key *PrivateKey, hash []byte, isCompressedKey bool) ([]byte, error)

SignCompact produces a compact signature of the data in hash with the given private key on the given koblitz curve. The isCompressed parameter should be used to detail if the given signature should reference a compressed public key or not. If successful the bytes of the compact signature will be returned in the format: <(byte of 27+public key solution)+4 if compressed >< padded bytes for signature R><padded bytes for signature S> where the R and S parameters are padde up to the bitlengh of the curve.

Types

type KoblitzCurve

type KoblitzCurve = v2.KoblitzCurve

func S256

func S256() *KoblitzCurve

S256 returns a Curve which implements secp256k1.

type PrivateKey

type PrivateKey = v2.PrivateKey

PrivateKey wraps an ecdsa.PrivateKey as a convenience mainly for signing things with the the private key without having to directly import the ecdsa package.

func GeneratePrivateKey

func GeneratePrivateKey() (*PrivateKey, error)

GeneratePrivateKey is a wrapper for ecdsa.GenerateKey that returns a PrivateKey instead of the normal ecdsa.PrivateKey.

func NewPrivateKey

func NewPrivateKey(d *big.Int) *PrivateKey

NewPrivateKey instantiates a new private key from a scalar encoded as a big integer.

type PublicKey

type PublicKey = v2.PublicKey

PublicKey is an ecdsa.PublicKey with additional functions to serialize in uncompressed and compressed formats.

func NewPublicKey

func NewPublicKey(x *big.Int, y *big.Int) *PublicKey

NewPublicKey instantiates a new public key with the given X,Y coordinates.

func ParsePubKey

func ParsePubKey(pubKeyStr []byte) (key *PublicKey, err error)

ParsePubKey parses a public key for a koblitz curve from a bytestring into a ecdsa.Publickey, verifying that it is valid. It supports compressed and uncompressed signature formats, but not the hybrid format.

func RecoverCompact

func RecoverCompact(signature, hash []byte) (*PublicKey, bool, error)

RecoverCompact verifies the compact signature "signature" of "hash" for the Koblitz curve in "curve". If the signature matches then the recovered public key will be returned as well as a boolen if the original key was compressed or not, else an error will be returned.

type Signature

type Signature = v2.Signature

Signature is a type representing an ecdsa signature.

func NewSignature

func NewSignature(r, s *big.Int) *Signature

NewSignature instantiates a new signature given some R,S values.

func ParseDERSignature

func ParseDERSignature(sigStr []byte) (*Signature, error)

ParseDERSignature parses a signature in DER format for the curve type `curve` into a Signature type. If parsing according to the less strict BER format is needed, use ParseSignature.

func ParseSignature

func ParseSignature(sigStr []byte) (*Signature, error)

ParseSignature parses a signature in BER format for the curve type `curve' into a Signature type, perfoming some basic sanity checks. If parsing according to the more strict DER format is needed, use ParseDERSignature.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
t or T : Toggle theme light dark auto
y or Y : Canonical URL