Commit Graph

218 Commits

Author SHA1 Message Date
Alex Wu 6cd6b921ac crypto: ensure private keys are < N (#15745)
Fixes #15744
2018-01-02 10:55:03 +01:00
Felix Lange ce823c9f84 crypto: ensure that VerifySignature rejects malleable signatures (#15708)
* crypto: ensure that VerifySignature rejects malleable signatures

It already rejected them when using libsecp256k1, make sure the nocgo
version does the same thing.

* crypto: simplify check

* crypto: fix build
2017-12-20 14:30:00 +02:00
Felix Lange c6069a627c
crypto, crypto/secp256k1: add CompressPubkey (#15626)
This adds the inverse to DecompressPubkey and improves a few minor
details in crypto/secp256k1.
2017-12-15 10:40:09 +01:00
George Ornbo 7bb2a489b2
crypto: Fix comment typo 2017-12-14 21:55:18 +00:00
Felix Lange 1a32bdf92c
crypto: fix error check in toECDSA (#15632)
With this change,

    key, err := crypto.HexToECDSA("000000...")
    
returns nil key and an error instead of a non-nil key with nil X
and Y inside. Issue found by @guidovranken.
2017-12-11 22:49:09 +01:00
Felix Lange e85b68ef53
crypto: add DecompressPubkey, VerifySignature (#15615)
We need those operations for p2p/enr.

Also upgrade github.com/btcsuite/btcd/btcec to the latest version
and improve BenchmarkSha3. The benchmark printed extra output 
that confused tools like benchstat and ignored N.
2017-12-06 16:07:08 +01:00
Matthew Di Ferrante 80c6dfc19f crypto/bn256: fix generator on G1 (#15591)
Generator in the current lib uses -2 as the y point when doing
ScalarBaseMult, this makes it so that points/signatures generated
from libs like py_ecc don't match/validate as pretty much all
other libs (including libsnark) have (1, 2) as the standard
generator.

This does not affect consensus as the generator is never used in
the VM, points are always explicitly defined and there is not
ScalarBaseMult op - it only makes it so that doing "import
github.com/ethereum/go-ethereum/crypto/bn256" doesn't generate
bad points in userland tools.
2017-12-01 13:03:39 +01:00
Péter Szilágyi 1335a6cc8c
core/vm, crypto/bn256: fix bn256 use and pairing corner case 2017-08-17 16:46:46 +03:00
Egon Elbre 10ce8b0e3c crypto: fix megacheck warnings (#14917)
* crypto: fix megacheck warnings

* crypto/ecies: remove ASN.1 support
2017-08-08 13:58:22 +03:00
Péter Szilágyi 72dd51e25a
accounts/keystore, crypto: don't enforce key checks on existing keyfiles 2017-06-01 11:11:06 +03:00
Felix Lange ef25b826e6 Merge pull request #14502 from karalabe/mobile-import-ecdsa
Enforce 256 bit keys on raw import, support raw mobile imports
2017-05-24 22:30:47 +02:00
Felix Lange 069cb661c3 crypto/bn256: fix go vet false positive
Also add the package to the license tool ignore list.
2017-05-24 15:40:26 +02:00
Péter Szilágyi aa73420207
accounts/keystore, crypto: enforce 256 bit keys on import 2017-05-23 14:58:03 +03:00
Jeffrey Wilcke 10a57fc3d4 consensus, core/*, params: metropolis preparation refactor
This commit is a preparation for the upcoming metropolis hardfork. It
prepares the state, core and vm packages such that integration with
metropolis becomes less of a hassle.

* Difficulty calculation requires header instead of individual
  parameters
* statedb.StartRecord renamed to statedb.Prepare and added Finalise
  method required by metropolis, which removes unwanted accounts from
  the state (i.e. selfdestruct)
* State keeps record of destructed objects (in addition to dirty
  objects)
* core/vm pre-compiles may now return errors
* core/vm pre-compiles gas check now take the full byte slice as argument
  instead of just the size
* core/vm now keeps several hard-fork instruction tables instead of a
  single instruction table and removes the need for hard-fork checks in
  the instructions
* core/vm contains a empty restruction function which is added in
  preparation of metropolis write-only mode operations
* Adds the bn256 curve
* Adds and sets the metropolis chain config block parameters (2^64-1)
2017-05-18 09:05:58 +02:00
Felix Lange 0cc492f815 all: update license information 2017-04-14 10:29:00 +02:00
Péter Szilágyi 5c8fa6ae1a crypto, pow, vendor: hash optimizations, mmap ethash 2017-03-09 15:50:14 +01:00
Péter Szilágyi 3b00a77de5 crypto, pow: add pure Go implementation of ethash 2017-03-09 15:50:14 +01:00
Felix Lange 5f7826270c all: unify big.Int zero checks, use common/math in more places (#3716)
* common/math: optimize PaddedBigBytes, use it more

name              old time/op    new time/op    delta
PaddedBigBytes-8    71.1ns ± 5%    46.1ns ± 1%  -35.15%  (p=0.000 n=20+19)

name              old alloc/op   new alloc/op   delta
PaddedBigBytes-8     48.0B ± 0%     32.0B ± 0%  -33.33%  (p=0.000 n=20+20)

* all: unify big.Int zero checks

Various checks were in use. This commit replaces them all with Int.Sign,
which is cheaper and less code.

eg templates:

    func before(x *big.Int) bool { return x.BitLen() == 0 }
    func after(x *big.Int) bool  { return x.Sign() == 0 }

    func before(x *big.Int) bool { return x.BitLen() > 0 }
    func after(x *big.Int) bool  { return x.Sign() != 0 }

    func before(x *big.Int) int { return x.Cmp(common.Big0) }
    func after(x *big.Int) int  { return x.Sign() }

* common/math, crypto/secp256k1: make ReadBits public in package math
2017-02-28 15:09:11 +01:00
Felix Lange 5c8fe28b72 common: move big integer math to common/math (#3699)
* common: remove CurrencyToString

Move denomination values to params instead.

* common: delete dead code

* common: move big integer operations to common/math

This commit consolidates all big integer operations into common/math and
adds tests and documentation.

There should be no change in semantics for BigPow, BigMin, BigMax, S256,
U256, Exp and their behaviour is now locked in by tests.

The BigD, BytesToBig and Bytes2Big functions don't provide additional
value, all uses are replaced by new(big.Int).SetBytes().

BigToBytes is now called PaddedBigBytes, its minimum output size
parameter is now specified as the number of bytes instead of bits. The
single use of this function is in the EVM's MSTORE instruction.

Big and String2Big are replaced by ParseBig, which is slightly stricter.
It previously accepted leading zeros for hexadecimal inputs but treated
decimal inputs as octal if a leading zero digit was present.

ParseUint64 is used in places where String2Big was used to decode a
uint64.

The new functions MustParseBig and MustParseUint64 are now used in many
places where parsing errors were previously ignored.

* common: delete unused big integer variables

* accounts/abi: replace uses of BytesToBig with use of encoding/binary

* common: remove BytesToBig

* common: remove Bytes2Big

* common: remove BigTrue

* cmd/utils: add BigFlag and use it for error-checked integer flags

While here, remove environment variable processing for DirectoryFlag
because we don't use it.

* core: add missing error checks in genesis block parser

* common: remove String2Big

* cmd/evm: use utils.BigFlag

* common/math: check for 256 bit overflow in ParseBig

This is supposed to prevent silent overflow/truncation of values in the
genesis block JSON. Without this check, a genesis block that set a
balance larger than 256 bits would lead to weird behaviour in the VM.

* cmd/utils: fixup import
2017-02-26 22:21:51 +01:00
Felix Lange 9b0af51386 crypto: add btcec fallback for sign/recover without cgo (#3680)
* vendor: add github.com/btcsuite/btcd/btcec

* crypto: add btcec fallback for sign/recover without cgo

This commit adds a non-cgo fallback implementation of secp256k1
operations.

* crypto, core/vm: remove wrappers for sha256, ripemd160
2017-02-18 09:24:12 +01:00
Felix Lange 96778a1c21 crypto/secp256k1: sign with deterministic K (rfc6979) (#3561) 2017-01-22 23:28:47 +01:00
Felix Lange e0ceeab0d1 crypto/secp256k1: update to github.com/bitcoin-core/secp256k1 @ 9d560f9 (#3544)
- Use defined constants instead of hard-coding their integer value.
- Allocate secp256k1 structs on the C stack instead of converting []byte
- Remove dead code
2017-01-12 21:29:11 +01:00
Felix Lange b9b3efb09f all: fix ineffectual assignments and remove uses of crypto.Sha3
go get github.com/gordonklaus/ineffassign
ineffassign .
2017-01-09 16:24:42 +01:00
Péter Szilágyi 18c77744ff
all: fix spelling errors 2017-01-06 19:44:35 +02:00
Felix Lange f2da6581ba all: fix issues reported by honnef.co/go/simple/cmd/gosimple 2017-01-06 18:18:07 +01:00
Felix Lange 35a7dcb162 all: gofmt -w -s 2017-01-06 15:52:03 +01:00
Péter Szilágyi 08eea0f0e4 accounts, core, crypto, internal: use normalised V during signature handling (#3455)
To address increasing complexity in code that handles signatures, this PR
discards all notion of "different" signature types at the library level. Both
the crypto and accounts package is reduced to only be able to produce plain
canonical secp256k1 signatures. This makes the crpyto APIs much cleaner,
simpler and harder to abuse.
2017-01-05 11:35:23 +01:00
bas-vk b59c8399fb internal/ethapi: add personal_sign and fix eth_sign to hash message (#2940)
This commit includes several API changes:

- The behavior of eth_sign is changed. It now accepts an arbitrary
  message, prepends the well-known string

        \x19Ethereum Signed Message:\n<length of message>

  hashes the result using keccak256 and calculates the signature of
  the hash. This breaks backwards compatability!
  
- personal_sign(hash, address [, password]) is added. It has the same
  semantics as eth_sign but also accepts a password. The private key
  used to sign the hash is temporarily unlocked in the scope of the
  request.
  
- personal_recover(message, signature) is added and returns the
  address for the account that created a signature.
2016-10-28 21:25:49 +02:00
Felix Lange 54ea317375 crypto/sha3: update from golang.org/x/crypto/sha3 a 80b25ed4
This pulls in the assembly implementation of keccakf1600 for amd64.
2016-10-01 21:26:43 +02:00
Felix Lange 6fdd0893c3 all: fix go vet warnings 2016-04-15 11:17:27 +02:00
Felix Lange 85e6c40c00 accounts, crypto: move keystore to package accounts
The account management API was originally implemented as a thin layer
around crypto.KeyStore, on the grounds that several kinds of key stores
would be implemented later on. It turns out that this won't happen so
KeyStore is a superflous abstraction.

In this commit crypto.KeyStore and everything related to it moves to
package accounts and is unexported.
2016-04-12 15:56:49 +02:00
Felix Lange 83877a0f9d tests: remove eth, node, accounts dependencies
Unlocking the accounts in the test doesn't help with anything.
2016-04-12 15:34:39 +02:00
Péter Szilágyi 45d08a8aa7 crypto: expose key encryption method, add ping-pong test 2016-02-24 16:28:25 +02:00
Péter Szilágyi 0969b35eec crypto: code polish + ensure key file contents match with name 2016-02-24 16:27:32 +02:00
Péter Szilágyi cda91ee180 crypto: expose key decryption method to parse a string direclty 2016-02-24 16:27:32 +02:00
Ricardo Catalinas Jiménez 3d971c5a34 crypto: Remove dead code 2016-02-21 22:46:31 +00:00
Ricardo Catalinas Jiménez 0c6665558a crypto: Add backward compatible aliases for Sha3{,Hash}() 2016-02-21 22:46:31 +00:00
Ricardo Catalinas Jiménez 436fc8d76a all: Rename crypto.Sha3{,Hash}() to crypto.Keccak256{,Hash}()
As we aren't really using the standarized SHA-3
2016-02-21 22:34:34 +00:00
Ricardo Catalinas Jiménez c20d6e5e4e crypto/sha3: Export Keccak-256 hash function
This hash function is slightly different from the standarized NIST SHA-3
as both of them use different domain separation bits.
2016-02-21 22:34:34 +00:00
Ricardo Catalinas Jiménez 5387ad760f crypto/sha3: Remove import path checking from vendored code 2016-02-21 22:34:34 +00:00
Ricardo Catalinas Jiménez e4b138a593 crypto/sha3: Copy latest code from "golang.org/x/crypto/sha3"
Revision: 1f22c0103821b9390939b6776727195525381532
2016-02-21 22:34:34 +00:00
Ricardo Catalinas Jiménez 0a1da69fac crypto/sha3: Delete old copied code 2016-02-21 22:34:34 +00:00
Jeffrey Wilcke f8d98f7fcd Merge pull request #2116 from obscuren/homestead
core, core/vm: consensus changes necessary for the homestead release
2016-02-19 14:41:57 +01:00
Gustav Simonsson 371871d685 parmas, crypto, core, core/vm: homestead consensus protocol changes
* change gas cost for contract creating txs
* invalidate signature with s value greater than secp256k1 N / 2
* OOG contract creation if not enough gas to store code
* new difficulty adjustment algorithm
* new DELEGATECALL op code
2016-02-18 10:08:11 +01:00
Felix Lange fdb936ee95 crypto/ecies: make authenticated shared data work
The s2 parameter was not actually written to the MAC.
2016-02-12 09:49:18 +01:00
Jeffrey Wilcke 787d71d659 Merge pull request #2056 from fjl/fix-account-format
crypto: "Crypto" -> "crypto" in web3 key format
2015-12-10 10:45:00 +01:00
Felix Lange 032453b3e7 crypto: "Crypto" -> "crypto" in web3 key format 2015-12-07 17:01:29 +01:00
Felix Lange 02356b36d6 crypto/secp256k1: remove dependency on libgmp
Turns out we actually don't need it, USE_NUM_NONE works
because we also set USE_FIELD_INV_BUILTIN.
2015-12-03 21:12:13 +01:00
Gustav Simonsson c8ad64f33c crypto, crypto/ecies, crypto/secp256k1: libsecp256k1 scalar mult
thanks to Felix Lange (fjl) for help with design & impl
2015-11-30 13:43:32 +01:00
Gustav Simonsson 27a50c8f4b core/secp256k1: update libsecp256k1 Go wrapper and tests 2015-11-30 13:24:04 +01:00
Felix Lange e344e1d490 crypto/secp256k1: drop pkgsrc paths from CFLAGS
They cause compiler warnings for people who don't have these
directories. People with pkgsrc can add the directory through CGO_CFLAGS
instead.
2015-11-17 09:53:10 +01:00
Felix Lange 5159f8f649 crypto/secp256k1: raise internal errors as recoverable Go panic 2015-11-17 09:53:10 +01:00
Felix Lange 1b29aed128 crypto/secp256k1: verify recovery ID before calling libsecp256k1
The C library treats the recovery ID as trusted input and crashes
the process for invalid values, so it needs to be verified before
calling into C. This will inhibit the crash in #1983.

Also remove VerifySignature because we don't use it.
2015-11-17 09:51:59 +01:00
Felix Lange 16b0bc7c3b crypto/secp256k1: add C compiler flags for pkgsrc
pkgsrc is a cross-platform package manager that also
supports OS X.
2015-11-03 10:33:31 +01:00
Drake Burroughs 05ea8926c3 cmd/utils, crypto: add --lightkdf flag for lighter KDF 2015-10-28 18:46:39 +01:00
zelig 8b81ad1fc4 console:
* lines with leading space are ommitted from history
* exit processed even with whitespace around
* all whitespace lines (not only empty ones) are ignored

add 7 missing commands to admin api autocomplete

registrar: methods now return proper error if reg addresses are not set. fixes #1457

rpc/console: fix personal.newAccount() regression. Now all comms accept interactive password

registrar: add registrar tests for errors

crypto: catch AES decryption error on presale wallet import + fix error msg format. fixes #1580

CLI: improve error message when starting a second instance of geth. fixes #1564

cli/accounts: unlock multiple accounts. fixes #1785
* make unlocking multiple accounts work with inline <() fd
* passwdfile now correctly read only once
* improve logs
* fix CLI help text for unlocking

fix regression with docRoot / admin API
* docRoot/jspath passed to rpc/api ParseApis, which passes onto adminApi
* docRoot field for JS console in order to pass when RPC is (re)started
* improve flag desc for jspath

common/docserver: catch http errors from response

fix rpc/api tests

common/natspec: fix end to end test (skipped because takes 8s)

registrar: fix major regression:
* deploy registrars on frontier
* register HashsReg and UrlHint in GlobalRegistrar.
* set all 3 contract addresses in code
* zero out addresses first in tests
2015-10-22 00:22:39 +02:00
Jeffrey Wilcke f466243417 Merge pull request #1853 from Gustav-Simonsson/libsecp256k1_update
Update libsecp256k1, Go wrapper and tests
2015-10-15 10:46:57 -07:00
Jeffrey Wilcke 2f1f2e4811 Merge pull request #1887 from Gustav-Simonsson/icap
common, crypto: add ICAP functions
2015-10-15 10:32:05 -07:00
Gustav Simonsson 2db9798646 common, crypto: add ICAP functions 2015-10-13 17:44:14 +02:00
Gustav Simonsson f32fa075f1 core/secp256k1: update libsecp256k1 Go wrapper and tests 2015-10-09 14:47:55 +02:00
Gustav Simonsson 1d20b0247c Update libsecp256k1 2015-09-28 17:46:38 +02:00
Gustav Simonsson 3340b56593 crypto: correct sig validation, add more unit tests 2015-09-22 17:33:39 +02:00
Jeff R. Allen 0d40727775 Change go-uuid to use the current supported repository. 2015-09-12 16:49:24 +06:00
zelig d4da2f630e crypto: remove obsolete key files 2015-08-18 01:25:04 +02:00
Pavol Rusnak 3f07afbbd2 remove elliptic.P224 usage
Fedora/RedHat distros comply with US patent law and remove this curve,
which makes it impossible to run ethereum with distro provided Golang.

File crypto/ecies/README claims it is unsupported anyway.
2015-07-30 12:47:45 +02:00
Fynn 7065ebd2ed FreeBSD support 2015-07-28 19:16:16 -03:00
Jeffrey Wilcke 1fad8798ec Merge pull request #1515 from fjl/license-fixes
all: fix license headers one more time
2015-07-28 04:29:42 -07:00
Felix Lange 453d2c9ce1 crypto: fix build with Go 1.5 2015-07-27 19:13:45 +02:00
Felix Lange 67598d9d08 crypto/sha3: add full license headers 2015-07-24 12:32:58 +02:00
Felix Lange bfbcfbe4a9 all: fix license headers one more time
I forgot to update one instance of "go-ethereum" in commit 3f047be5a.
2015-07-23 18:35:11 +02:00
Felix Lange 3f047be5aa all: update license headers to distiguish GPL/LGPL
All code outside of cmd/ is licensed as LGPL. The headers
now reflect this by calling the whole work "the go-ethereum library".
2015-07-22 18:51:45 +02:00
Felix Lange f4acdea402 crypto: fix license of curve.go
crypto/curve.go is not our code and has its own license. This commit
excludes it in update-license.go and removes our GPL header.
2015-07-22 18:50:31 +02:00
Felix Lange 06d5898d6a crypto: remove debug print call after decrypting a key from disk 2015-07-20 18:04:23 +02:00
zelig 589f1c85b9 : colon => dash - in keyfile name - slight deviation from ISO8601 for WIN FS compatibility 2015-07-09 13:55:09 +01:00
Felix Lange 4fb28e0dab all: goimports -w 2015-07-07 14:12:45 +02:00
Felix Lange e813626ee1 all: remove @author comments 2015-07-07 14:12:44 +02:00
Felix Lange ea54283b30 all: update license information 2015-07-07 14:12:44 +02:00
zelig 1959346793 account update: migrate or change password
* account.Update
* KeyStore.Cleanup
* fix dir rm for old format deleteKey
2015-07-03 07:52:37 +01:00
zelig fc17a527bc fix account ordering
* chronological order of creation
* new naming scheme keystore/UTC--<created_at UTC ISO8601>-<address hex>
* KeyStore2 -> KeyStore
* backward compatibility
* refactor keyStore methods
2015-07-03 03:19:32 +01:00
zelig a4df9d74ea accounts order by keyfile ctime 2015-07-02 23:29:07 +01:00
Gustav Simonsson d23ec6c419 Change keystore to version 3
* Change password protection crypto in keystore to version 3
* Update KeyStoreTests/basic_tests.json
* Add support for PBKDF2 with HMAC-SHA256
* Change MAC and encryption key to avoid unnecessary hashing
* Add tests for test vectors in new wiki page defining version 3
* Add tests for new keystore tests in ethereum/tests repo
* Move JSON loading util to common for use in both tests and
  crypto packages
* Add backwards compatibility with key store version 1
2015-06-24 06:03:23 +02:00
obscuren 0f51ee6c88 crypto: return common.Address rather than raw bytes 2015-06-04 19:28:39 +02:00
Jeffrey Wilcke 02f785af70 Merge pull request #1166 from Gustav-Simonsson/add_ec_sig_validations
Add EC signature validations before call to libsecp256k1
2015-06-03 08:11:24 -07:00
Gustav Simonsson edbd902a1b Initialise curve N value in package init 2015-06-03 14:44:29 +02:00
Péter Szilágyi 14e7192d9c crypto/sha3: pull in latest keccak from go crypto (45% speed increase) 2015-06-03 12:00:39 +03:00
Gustav Simonsson 32e1b104f8 Add EC signature validations before call to libsecp256k1 2015-06-01 21:06:52 +02:00
Gustav Simonsson 56a5592ea0 Update keystore code comments 2015-05-13 18:33:31 +02:00
Gustav Simonsson e389585f1f Change default keystore dir 2015-05-12 18:33:04 +02:00
Gustav Simonsson 2c1b0ff17e Update key store to new spec but keep address field for now
* Also fix address types post-rebase
2015-05-12 17:22:17 +02:00
Gustav Simonsson f98e002d98 Address pull request comments; key header and hex encoding
* Remove key header from unencrypted key file format and replace
  it with a version field
* Change encoding of bytes in key files from base64 to hex
2015-05-12 17:22:17 +02:00
Gustav Simonsson 313eec33ad Revert "Add key header to unencrypted key file"
This reverts commit a94d4ba0b53c4558ab838aaed635a2ff66ddfa53.
2015-05-12 17:19:39 +02:00
Gustav Simonsson cd88295f5a Add key header to unencrypted key file 2015-05-12 17:19:39 +02:00
Gustav Simonsson 29a5a92d13 Add key header to encrypted keys
* Add key header containing key version, kdf and kdf params
* Store key header as JSON in the key file
* Read in KDF params from key header
* Include key header in MAC calculation and MAC verification
2015-05-12 17:19:39 +02:00
Gustav Simonsson da9fe951da Use common.Address type for accounts.Address 2015-05-12 17:19:39 +02:00
Gustav Simonsson 6b23094cff Improve key store passphrase crypto
* Change MAC-then-Encrypt to Encrypt-then-MAC
* Change AES256 to AES128
* Use first 16 bytes of KDF derived key for AES and
  remaining 16 for MAC
2015-05-12 17:18:30 +02:00
Gustav Simonsson 9918b6c84e Remove the awesome, ever misunderstood entropy mixing 2015-05-12 17:18:30 +02:00
Bas van Kervel b79dd188d9 replaced several path.* with filepath.* which is platform independent 2015-05-12 14:24:11 +02:00
Gustav Simonsson 34c94d5fcd Add loading of block test privkey if present 2015-04-27 20:30:26 +02:00
Gustav Simonsson b0bf12ec87 Remove unneeded allocation 2015-04-24 19:40:28 +02:00
Gustav Simonsson 4d1887093d Use make instead of new for allocation 2015-04-24 17:41:38 +02:00