ec

package
v0.0.0-...-c9cba37 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 10, 2018 License: Unlicense, ISC, Unlicense Imports: 21 Imported by: 0

Documentation

Overview

A library for working with the elliptic curves needed for bitcoin

Copyright 2010 The Go Authors. All rights reserved. Copyright 2011 ThePiachu. All rights reserved. Copyright 2013-2014 The btcsuite developers license that can be found in the LICENSE file.

+build gensecp256k1

Copyright 2015 The btcsuite developers license that can be found in the LICENSE file.

Copyright (c) 2015 The btcsuite developers license that can be found in the LICENSE file.

Example (DecryptMessage)

This example demonstrates decrypting a message using a private key that is first parsed from raw bytes. 

// Decode the hex-encoded private key.
pkBytes, err := hex.DecodeString("a11b0a4e1a132305652ee7a8eb7848f6ad" +
	"5ea381e3ce20a2c086a2e388230811")
if err != nil {
	fmt.Println(err)
	return
}
privKey, _ := btcec.PrivKeyFromBytes(btcec.S256(), pkBytes)
ciphertext, err := hex.DecodeString("35f644fbfb208bc71e57684c3c8b437402ca" +
	"002047a2f1b38aa1a8f1d5121778378414f708fe13ebf7b4a7bb74407288c1958969" +
	"00207cf4ac6057406e40f79961c973309a892732ae7a74ee96cd89823913b8b8d650" +
	"a44166dc61ea1c419d47077b748a9c06b8d57af72deb2819d98a9d503efc59fc8307" +
	"d14174f8b83354fac3ff56075162")
// Try decrypting the message.
plaintext, err := btcec.Decrypt(privKey, ciphertext)
if err != nil {
	fmt.Println(err)
	return
}
fmt.Println(string(plaintext))

Output:

test message
Example (EncryptMessage)

parsed from raw bytes, then decrypting it using the corresponding private key. 

// Decode the hex-encoded pubkey of the recipient.
pubKeyBytes, err := hex.DecodeString("04115c42e757b2efb7671c578530ec191a1" +
	"359381e6a71127a9d37c486fd30dae57e76dc58f693bd7e7010358ce6b165e483a29" +
	"21010db67ac11b1b51b651953d2") // uncompressed pubkey
if err != nil {
	fmt.Println(err)
	return
}
pubKey, err := btcec.ParsePubKey(pubKeyBytes, btcec.S256())
if err != nil {
	fmt.Println(err)
	return
}
// Encrypt a message decryptable by the private key corresponding to pubKey
message := "test message"
ciphertext, err := btcec.Encrypt(pubKey, []byte(message))
if err != nil {
	fmt.Println(err)
	return
}
// Decode the hex-encoded private key.
pkBytes, err := hex.DecodeString("a11b0a4e1a132305652ee7a8eb7848f6ad" +
	"5ea381e3ce20a2c086a2e388230811")
if err != nil {
	fmt.Println(err)
	return
}
// note that we already have corresponding pubKey
privKey, _ := btcec.PrivKeyFromBytes(btcec.S256(), pkBytes)
// Try decrypting and verify if it's the same message.
plaintext, err := btcec.Decrypt(privKey, ciphertext)
if err != nil {
	fmt.Println(err)
	return
}
fmt.Println(string(plaintext))

Output:

test message
Example (SignMessage)

This example demonstrates signing a message with a secp256k1 private key that 

// Decode a hex-encoded private key.
pkBytes, err := hex.DecodeString("22a47fa09a223f2aa079edf85a7c2d4f87" +
	"20ee63e502ee2869afab7de234b80c")
if err != nil {
	fmt.Println(err)
	return
}
privKey, pubKey := btcec.PrivKeyFromBytes(btcec.S256(), pkBytes)
// Sign a message using the private key.
message := "test message"
messageHash := chainhash.DoubleHashB([]byte(message))
signature, err := privKey.Sign(messageHash)
if err != nil {
	fmt.Println(err)
	return
}
// Serialize and display the signature.
fmt.Printf("Serialized Signature: %x\n", signature.Serialize())
// Verify the signature for the message using the public key.
verified := signature.Verify(messageHash, pubKey)
fmt.Printf("Signature Verified? %v\n", verified)

Output:

Serialized Signature: 304402201008e236fa8cd0f25df4482dddbb622e8a8b26ef0ba731719458de3ccd93805b022032f8ebe514ba5f672466eba334639282616bb3c2f0ab09998037513d1f9e3d6d
Signature Verified? true
Example (VerifySignature)

This example demonstrates verifying a secp256k1 signature against a public raw bytes. 

// Decode hex-encoded serialized public key.
pubKeyBytes, err := hex.DecodeString("02a673638cb9587cb68ea08dbef685c" +
	"6f2d2a751a8b3c6f2a7e9a4999e6e4bfaf5")
if err != nil {
	fmt.Println(err)
	return
}
pubKey, err := btcec.ParsePubKey(pubKeyBytes, btcec.S256())
if err != nil {
	fmt.Println(err)
	return
}
// Decode hex-encoded serialized signature.
sigBytes, err := hex.DecodeString("30450220090ebfb3690a0ff115bb1b38b" +
	"8b323a667b7653454f1bccb06d4bbdca42c2079022100ec95778b51e707" +
	"1cb1205f8bde9af6592fc978b0452dafe599481c46d6b2e479")
if err != nil {
	fmt.Println(err)
	return
}
signature, err := btcec.ParseSignature(sigBytes, btcec.S256())
if err != nil {
	fmt.Println(err)
	return
}
// Verify the signature for the message using the public key.
message := "test message"
messageHash := chainhash.DoubleHashB([]byte(message))
verified := signature.Verify(messageHash, pubKey)
fmt.Println("Signature Verified?", verified)

Output:

Signature Verified? true

Index

Examples

Constants

View Source 
const (
	PubKeyBytesLenCompressed   = 33
	PubKeyBytesLenUncompressed = 65
	PubKeyBytesLenHybrid       = 65
)

These constants define the lengths of serialized public keys.

View Source 
const PrivKeyBytesLen = 32

PrivKeyBytesLen defines the length in bytes of a serialized private key.

Variables

View Source 
var (
	// ErrInvalidMAC occurs when Message Authentication Check (MAC) fails
	// during decryption. This happens because of either invalid private key or
	// corrupt ciphertext.
	ErrInvalidMAC = errors.New("invalid mac hash")
)

Functions

func Decrypt 

func Decrypt(priv *PrivateKey, in []byte) ([]byte, error)

Decrypt decrypts data that was encrypted using the Encrypt function.

func Encrypt 

func Encrypt(pubkey *PublicKey, in []byte) ([]byte, error)

Encrypt encrypts data for the target public key using AES-256-CBC. It also is: 

struct {
	// Initialization Vector used for AES-256-CBC
	IV [16]byte
	// Public Key: curve(2) + len_of_pubkeyX(2) + pubkeyX +
	// len_of_pubkeyY(2) + pubkeyY (curve = 714)
	PublicKey [70]byte
	// Cipher text
	Data []byte
	// HMAC-SHA-256 Message Authentication Code
	HMAC [32]byte
}

to section 5.8.1 of ANSI X9.63 for rationale on this format.

func GenerateSharedSecret 

func GenerateSharedSecret(privkey *PrivateKey, pubkey *PublicKey) []byte

GenerateSharedSecret generates a shared secret based on a private key and a public key using Diffie-Hellman key exchange (ECDH) (RFC 4753). RFC5903 Section 9 states we should only return x.

func IsCompressedPubKey 

func IsCompressedPubKey(pubKey []byte) bool

IsCompressedPubKey returns true the the passed serialized public key has been encoded in compressed format, and false otherwise.

func NAF 

func NAF(k []byte) ([]byte, []byte)

NAF takes a positive integer k and returns the Non-Adjacent Form (NAF) as two

Essentially, this makes it possible to minimize the number of operations since the resulting ints returned will be at least 50% 0s.

func PrivKeyFromBytes 

func PrivKeyFromBytes(curve elliptic.Curve, pk []byte) (*PrivateKey,
	*PublicKey)

PrivKeyFromBytes returns a private and public key for `curve' based on the private key passed as an argument as a byte slice.

func SignCompact 

func SignCompact(curve *KoblitzCurve, key *PrivateKey,
	hash []byte, isCompressedKey bool) ([]byte, error)

SignCompact produces a compact signature of the data in hash with the given private key on the given koblitz curve. The isCompressed parameter should be used to detail if the given signature should reference a compressed public key or not. If successful the bytes of the compact signature will be returned in the format: <(byte of 27+public key solution)+4 if compressed >< padded bytes for signature R><padded bytes for signature S> where the R and S parameters are padde up to the bitlengh of the curve.

Types

type KoblitzCurve 

type KoblitzCurve struct {
	*elliptic.CurveParams

	H int // cofactor of the curve.
	// contains filtered or unexported fields
}

KoblitzCurve supports a koblitz curve implementation that fits the ECC Curve interface from crypto/elliptic.

func S256 

func S256() *KoblitzCurve

S256 returns a Curve which implements secp256k1.

func (*KoblitzCurve) Add 

func (curve *KoblitzCurve) Add(x1, y1, x2, y2 *big.Int) (*big.Int, *big.Int)

Add returns the sum of (x1,y1) and (x2,y2). Part of the elliptic.Curve interface.

func (*KoblitzCurve) Double 

func (curve *KoblitzCurve) Double(x1, y1 *big.Int) (*big.Int, *big.Int)

Double returns 2*(x1,y1). Part of the elliptic.Curve interface.

func (*KoblitzCurve) EndomorphismVectors 

func (curve *KoblitzCurve) EndomorphismVectors() (a1, b1, a2, b2 *big.Int)

EndomorphismVectors runs the first 3 steps of algorithm 3.74 from [GECC] to generate the linearly independent vectors needed to generate a balanced length-two representation of a multiplier such that k = k1 + k2λ (mod N) and returns them. Since the values will always be the same given the fact that N and λ are fixed, the final results can be accelerated by storing the precomputed values with the curve.

func (*KoblitzCurve) IsOnCurve 

func (curve *KoblitzCurve) IsOnCurve(x, y *big.Int) bool

Part of the elliptic.Curve interface. This function differs from the crypto/elliptic algorithm since a = 0 not -3.

func (*KoblitzCurve) Params 

func (curve *KoblitzCurve) Params() *elliptic.CurveParams

Params returns the parameters for the curve.

func (*KoblitzCurve) QPlus1Div4 

func (curve *KoblitzCurve) QPlus1Div4() *big.Int

QPlus1Div4 returns the Q+1/4 constant for the curve for use in calculating square roots via exponention.

func (*KoblitzCurve) ScalarBaseMult 

func (curve *KoblitzCurve) ScalarBaseMult(k []byte) (*big.Int, *big.Int)

big endian integer. Part of the elliptic.Curve interface.

func (*KoblitzCurve) ScalarMult 

func (curve *KoblitzCurve) ScalarMult(Bx, By *big.Int, k []byte) (*big.Int, *big.Int)

Part of the elliptic.Curve interface.

func (*KoblitzCurve) SerializedBytePoints 

func (curve *KoblitzCurve) SerializedBytePoints() []byte

SerializedBytePoints returns a serialized byte slice which contains all of secp256k1.go.

type PrivateKey 

type PrivateKey ecdsa.PrivateKey

PrivateKey wraps an ecdsa.PrivateKey as a convenience mainly for signing things with the the private key without having to directly import the ecdsa package.

func NewPrivateKey 

func NewPrivateKey(curve elliptic.Curve) (*PrivateKey, error)

instead of the normal ecdsa.PrivateKey.

func (*PrivateKey) PubKey 

func (p *PrivateKey) PubKey() *PublicKey

PubKey returns the PublicKey corresponding to this private key.

func (*PrivateKey) Serialize 

func (p *PrivateKey) Serialize() []byte

Serialize returns the private key number d as a big-endian binary-encoded number, padded to a length of 32 bytes.

func (*PrivateKey) Sign 

func (p *PrivateKey) Sign(hash []byte) (*Signature, error)

Sign generates an ECDSA signature for the provided hash (which should be the result of hashing a larger message) using the private key. Produced signature in accordance with RFC6979 and BIP0062.

func (*PrivateKey) ToECDSA 

func (p *PrivateKey) ToECDSA() *ecdsa.PrivateKey

ToECDSA returns the private key as a *ecdsa.PrivateKey.

type PublicKey 

type PublicKey ecdsa.PublicKey

serialize in uncompressed, compressed, and hybrid formats.

func ParsePubKey 

func ParsePubKey(pubKeyStr []byte, curve *KoblitzCurve) (key *PublicKey, err error)

ParsePubKey parses a public key for a koblitz curve from a bytestring into a uncompressed and hybrid signature formats.

func RecoverCompact 

func RecoverCompact(curve *KoblitzCurve, signature,
	hash []byte) (*PublicKey, bool, error)

RecoverCompact verifies the compact signature "signature" of "hash" for the Koblitz curve in "curve". If the signature matches then the recovered public key will be returned as well as a boolen if the original key was compressed or not, else an error will be returned.

func (*PublicKey) IsEqual 

func (p *PublicKey) IsEqual(otherPubKey *PublicKey) bool

IsEqual compares this PublicKey instance to the one passed, returning true if both have the same X and Y coordinate.

func (*PublicKey) SerializeCompressed 

func (p *PublicKey) SerializeCompressed() []byte

SerializeCompressed serializes a public key in a 33-byte compressed format.

func (*PublicKey) SerializeHybrid 

func (p *PublicKey) SerializeHybrid() []byte

SerializeHybrid serializes a public key in a 65-byte hybrid format.

func (*PublicKey) SerializeUncompressed 

func (p *PublicKey) SerializeUncompressed() []byte

SerializeUncompressed serializes a public key in a 65-byte uncompressed format.

func (*PublicKey) ToECDSA 

func (p *PublicKey) ToECDSA() *ecdsa.PublicKey

ToECDSA returns the public key as a *ecdsa.PublicKey.

type Signature 

type Signature struct {
	R *big.Int
	S *big.Int
}

func ParseDERSignature 

func ParseDERSignature(sigStr []byte, curve elliptic.Curve) (*Signature, error)

ParseDERSignature parses a signature in DER format for the curve type `curve` into a Signature type. If parsing according to the less strict

func ParseSignature 

func ParseSignature(sigStr []byte, curve elliptic.Curve) (*Signature, error)

ParseSignature parses a signature in BER format for the curve type `curve' into a Signature type, perfoming some basic sanity checks. If parsing

func (*Signature) IsEqual 

func (sig *Signature) IsEqual(otherSig *Signature) bool

IsEqual compares this Signature instance to the one passed, returning true they both have the same scalar value for R and S.

func (*Signature) Serialize 

func (sig *Signature) Serialize() []byte

Serialize returns the ECDSA signature in the more strict DER format. Note that the serialized bytes returned do not include the appended hash type used in Bitcoin signature scripts.

0x30 <length> 0x02 <length r> r 0x02 <length s> s

func (*Signature) Verify 

func (sig *Signature) Verify(hash []byte, pubKey *PublicKey) bool

Verify calls ecdsa.Verify to verify the signature of hash using the public

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.