├── .dockerignore
├── .gitignore
├── Dockerfile
├── LICENSE
├── README.md
├── bigquery
├── docker-compose.yaml
├── get-addresses.sh
├── main.go
└── vendor
├── github.com
├── btcsuite
│ └── btcd
│ │ ├── LICENSE
│ │ └── btcec
│ │ ├── README.md
│ │ ├── btcec.go
│ │ ├── ciphering.go
│ │ ├── doc.go
│ │ ├── field.go
│ │ ├── gensecp256k1.go
│ │ ├── precompute.go
│ │ ├── privkey.go
│ │ ├── pubkey.go
│ │ ├── secp256k1.go
│ │ └── signature.go
└── ethereum
│ └── go-ethereum
│ ├── COPYING
│ ├── COPYING.LESSER
│ ├── common
│ ├── big.go
│ ├── bytes.go
│ ├── debug.go
│ ├── format.go
│ ├── hexutil
│ │ ├── hexutil.go
│ │ └── json.go
│ ├── math
│ │ ├── big.go
│ │ └── integer.go
│ ├── path.go
│ ├── size.go
│ ├── test_utils.go
│ └── types.go
│ ├── crypto
│ ├── crypto.go
│ ├── secp256k1
│ │ ├── LICENSE
│ │ ├── curve.go
│ │ ├── ext.h
│ │ ├── libsecp256k1
│ │ │ ├── COPYING
│ │ │ ├── Makefile.am
│ │ │ ├── README.md
│ │ │ ├── TODO
│ │ │ ├── autogen.sh
│ │ │ ├── build-aux
│ │ │ │ └── m4
│ │ │ │ │ ├── ax_jni_include_dir.m4
│ │ │ │ │ ├── ax_prog_cc_for_build.m4
│ │ │ │ │ └── bitcoin_secp.m4
│ │ │ ├── configure.ac
│ │ │ ├── contrib
│ │ │ │ ├── lax_der_parsing.c
│ │ │ │ ├── lax_der_parsing.h
│ │ │ │ ├── lax_der_privatekey_parsing.c
│ │ │ │ └── lax_der_privatekey_parsing.h
│ │ │ ├── include
│ │ │ │ ├── secp256k1.h
│ │ │ │ ├── secp256k1_ecdh.h
│ │ │ │ └── secp256k1_recovery.h
│ │ │ ├── libsecp256k1.pc.in
│ │ │ ├── sage
│ │ │ │ ├── group_prover.sage
│ │ │ │ ├── secp256k1.sage
│ │ │ │ └── weierstrass_prover.sage
│ │ │ └── src
│ │ │ │ ├── asm
│ │ │ │ └── field_10x26_arm.s
│ │ │ │ ├── basic-config.h
│ │ │ │ ├── bench.h
│ │ │ │ ├── bench_ecdh.c
│ │ │ │ ├── bench_internal.c
│ │ │ │ ├── bench_recover.c
│ │ │ │ ├── bench_schnorr_verify.c
│ │ │ │ ├── bench_sign.c
│ │ │ │ ├── bench_verify.c
│ │ │ │ ├── ecdsa.h
│ │ │ │ ├── ecdsa_impl.h
│ │ │ │ ├── eckey.h
│ │ │ │ ├── eckey_impl.h
│ │ │ │ ├── ecmult.h
│ │ │ │ ├── ecmult_const.h
│ │ │ │ ├── ecmult_const_impl.h
│ │ │ │ ├── ecmult_gen.h
│ │ │ │ ├── ecmult_gen_impl.h
│ │ │ │ ├── ecmult_impl.h
│ │ │ │ ├── field.h
│ │ │ │ ├── field_10x26.h
│ │ │ │ ├── field_10x26_impl.h
│ │ │ │ ├── field_5x52.h
│ │ │ │ ├── field_5x52_asm_impl.h
│ │ │ │ ├── field_5x52_impl.h
│ │ │ │ ├── field_5x52_int128_impl.h
│ │ │ │ ├── field_impl.h
│ │ │ │ ├── gen_context.c
│ │ │ │ ├── group.h
│ │ │ │ ├── group_impl.h
│ │ │ │ ├── hash.h
│ │ │ │ ├── hash_impl.h
│ │ │ │ ├── java
│ │ │ │ ├── org
│ │ │ │ │ └── bitcoin
│ │ │ │ │ │ ├── NativeSecp256k1.java
│ │ │ │ │ │ ├── NativeSecp256k1Test.java
│ │ │ │ │ │ ├── NativeSecp256k1Util.java
│ │ │ │ │ │ └── Secp256k1Context.java
│ │ │ │ ├── org_bitcoin_NativeSecp256k1.c
│ │ │ │ ├── org_bitcoin_NativeSecp256k1.h
│ │ │ │ ├── org_bitcoin_Secp256k1Context.c
│ │ │ │ └── org_bitcoin_Secp256k1Context.h
│ │ │ │ ├── modules
│ │ │ │ ├── ecdh
│ │ │ │ │ ├── Makefile.am.include
│ │ │ │ │ ├── main_impl.h
│ │ │ │ │ └── tests_impl.h
│ │ │ │ └── recovery
│ │ │ │ │ ├── Makefile.am.include
│ │ │ │ │ ├── main_impl.h
│ │ │ │ │ └── tests_impl.h
│ │ │ │ ├── num.h
│ │ │ │ ├── num_gmp.h
│ │ │ │ ├── num_gmp_impl.h
│ │ │ │ ├── num_impl.h
│ │ │ │ ├── scalar.h
│ │ │ │ ├── scalar_4x64.h
│ │ │ │ ├── scalar_4x64_impl.h
│ │ │ │ ├── scalar_8x32.h
│ │ │ │ ├── scalar_8x32_impl.h
│ │ │ │ ├── scalar_impl.h
│ │ │ │ ├── scalar_low.h
│ │ │ │ ├── scalar_low_impl.h
│ │ │ │ ├── secp256k1.c
│ │ │ │ ├── testrand.h
│ │ │ │ ├── testrand_impl.h
│ │ │ │ ├── tests.c
│ │ │ │ ├── tests_exhaustive.c
│ │ │ │ └── util.h
│ │ ├── panic_cb.go
│ │ └── secp256.go
│ ├── signature_cgo.go
│ └── signature_nocgo.go
│ └── rlp
│ ├── decode.go
│ ├── doc.go
│ ├── encode.go
│ ├── raw.go
│ └── typecache.go
├── golang.org
└── x
│ └── crypto
│ ├── LICENSE
│ ├── PATENTS
│ └── sha3
│ ├── doc.go
│ ├── hashes.go
│ ├── hashes_generic.go
│ ├── keccakf.go
│ ├── keccakf_amd64.go
│ ├── keccakf_amd64.s
│ ├── register.go
│ ├── sha3.go
│ ├── sha3_s390x.go
│ ├── sha3_s390x.s
│ ├── shake.go
│ ├── shake_generic.go
│ ├── xor.go
│ ├── xor_generic.go
│ └── xor_unaligned.go
└── vendor.json
/.dockerignore:
--------------------------------------------------------------------------------
1 | addresses/
2 | .git/
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | addresses/
2 | .idea/
3 | .DS_Store
4 |
--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM golang
2 |
3 | WORKDIR /go/src/app
4 | COPY . .
5 |
6 | RUN go get -d -v ./...
7 | RUN go install -v ./...
8 |
9 | CMD ["app"]
10 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Copyright 2017 Andrew Donley
2 |
3 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
4 |
5 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
6 |
7 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | ethereum-brute-force
2 | ---
3 |
4 | A small go program to check random privatekeys for a balance and record if a used ethereum address is found.
5 |
6 | ### Setup
7 | Run the get addresses script to download all the ethereum addresses (this will take a while):
8 | ```
9 | ./get-addresses.sh
10 | ```
11 |
12 | ### Usage
13 | With golang installed;
14 | ```
15 | go run main.go
16 | ```
17 |
18 | The docker-compose is a work in progress (it's loading addresses too slow at the moment);
19 | ```
20 | docker-compose up
21 | ```
22 |
23 | ### About
24 |
25 | This is a proof of concept - the actual probability of finding a private key in use is about 90867014 / 115792089237316195423570985008687907853269984665640564039457584007913129639936. Even at millions of privatekeys a second, it will be a very long time before you will likely find anything. Though, I'll admit that there is some fun in leaving it running.
26 |
27 | Some things have changed since when I first wrote this. Google now has an open dataset containing the whole Ethereum block chain. This
28 | is what I used to get the addresses dataset. You can find the query I used in the file `bigquery` included in this project. The size
29 | of the addresses file is at least double. This will take 100% of the memory on my 16GB RAM linux machine. It's probably time to work toward
30 | a distributed solution.
31 |
32 | May number gods smile upon you.
33 |
34 | # License
35 |
36 | Copyright 2017 Andrew Donley
37 |
38 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
39 |
40 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
41 |
42 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
43 |
--------------------------------------------------------------------------------
/bigquery:
--------------------------------------------------------------------------------
1 | #standardSQL
2 | with double_entry_book as (
3 | select to_address as address
4 | from `bigquery-public-data.crypto_ethereum.traces`
5 | where to_address is not null
6 | and status = 1
7 | and (call_type not in ('delegatecall', 'callcode', 'staticcall') or call_type is null)
8 | union all
9 | select from_address as address
10 | from `bigquery-public-data.crypto_ethereum.traces`
11 | where from_address is not null
12 | and status = 1
13 | and (call_type not in ('delegatecall', 'callcode', 'staticcall') or call_type is null)
14 | union all
15 | select miner as address
16 | from `bigquery-public-data.crypto_ethereum.transactions` as transactions
17 | join `bigquery-public-data.crypto_ethereum.blocks` as blocks on blocks.number = transactions.block_number
18 | group by blocks.miner
19 | union all
20 | select from_address as address
21 | from `bigquery-public-data.crypto_ethereum.transactions`
22 | )
23 | select address
24 | from double_entry_book
--------------------------------------------------------------------------------
/docker-compose.yaml:
--------------------------------------------------------------------------------
1 | version: '3'
2 | services:
3 | worker:
4 | build: .
5 | volumes:
6 | - ./addresses:/addresses
--------------------------------------------------------------------------------
/get-addresses.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | main () {
4 | # Make addresses directory if it doesn't exist
5 | if [ ! -d "addresses" ]; then
6 | mkdir addresses;
7 | fi
8 |
9 | # Delete the addresses if it exists
10 | if [ -f "addresses/addresses.csv" ]; then
11 | rm addresses/addresses.csv;
12 | fi
13 |
14 | touch addresses/addresses.csv;
15 |
16 | # Download all the files that make up the addresses
17 | for i in {0..9}; do
18 | # Only download if doesn't exist
19 | if [ ! -f "addresses/part$i.gz" ]; then
20 | echo "Downloading part$i.gz";
21 | wget https://storage.googleapis.com/ethereum-addresses/addresses00000000000$i -O addresses/part$i.gz;
22 | fi
23 |
24 | # Unzip if doesn't exist
25 | if [ ! -f "addresses/part$i.csv" ]; then
26 | echo "Decompressing part$i.csv";
27 | gunzip -c addresses/part$i.gz > addresses/part$i.csv;
28 | fi
29 |
30 | tail -n +2 "addresses/part$i.csv" >> addresses/addresses.csv;
31 | rm "addresses/part$i.csv" "addresses/part$i.gz";
32 | done
33 |
34 | local LINES;
35 | LINES=$(wc -l < addresses/addresses.csv)
36 | printf "Done grabbing and parsing address files, %s addresses loaded.\n" "$LINES";
37 | }
38 |
39 | main;
40 |
--------------------------------------------------------------------------------
/main.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import (
4 | "bufio"
5 | "encoding/csv"
6 | "fmt"
7 | "github.com/ethereum/go-ethereum/crypto"
8 | "io"
9 | "log"
10 | "math/rand"
11 | "os"
12 | "runtime"
13 | "strings"
14 | "sync"
15 | "time"
16 | )
17 |
18 | type concurrentMap struct {
19 | sync.Mutex
20 | addresses map[string]bool
21 | }
22 |
23 | var path = "addresses"
24 | var partitions = 7
25 | var count int64
26 | var oldCount int64
27 | var addressesMap = concurrentMap{addresses: make(map[string]bool),}
28 |
29 | func main() {
30 | runtime.GOMAXPROCS(runtime.NumCPU())
31 |
32 | count = int64(0)
33 |
34 | loadAddresses()
35 |
36 | value, _ := time.ParseDuration("1s")
37 | checkTimer := time.NewTimer(value)
38 | go func() {
39 | for {
40 | select {
41 | case <-checkTimer.C:
42 | log.Printf("Checked: %d, Speed: %d per second", count, count-oldCount)
43 | oldCount = count
44 | checkTimer.Reset(value)
45 | }
46 | }
47 | }()
48 |
49 | var wg sync.WaitGroup
50 | for i := 0; i < partitions; i++ {
51 | wg.Add(1)
52 | addr := generateSeedAddress()
53 | log.Printf("Seed addr: %v\n", addr)
54 | go generateAddresses(addr)
55 | }
56 | wg.Wait()
57 | }
58 |
59 | func loadAddresses() {
60 | count := int64(0)
61 | addressPath := path + string(os.PathSeparator) + "addresses.csv"
62 | log.Printf("Loading addresses from '%s'\n", addressPath)
63 | c, _ := os.Open(addressPath)
64 | r := csv.NewReader(bufio.NewReader(c))
65 | for {
66 | record, err := r.Read()
67 | if err == io.EOF {
68 | break
69 | }
70 | count++
71 | if count % 1000000000 == 0 {
72 | log.Printf("Loaded %d\n", count)
73 | }
74 | addressesMap.addresses[record[0]] = true
75 | }
76 | if err := c.Close(); err != nil {
77 | log.Fatal(err)
78 | }
79 | log.Printf("Loaded %d addresses.\n", count)
80 | }
81 |
82 | func generateSeedAddress() []byte {
83 | rand.Seed(time.Now().UTC().UnixNano())
84 | privKey := make([]byte, 32)
85 | for i := 0; i < 32; i++ {
86 | privKey[i] = byte(rand.Intn(256))
87 | }
88 | return privKey
89 | }
90 |
91 | func generateAddresses(seedPrivKey []byte) {
92 | for ; ; {
93 | // Move backward through those bytes
94 | for i := 31; i > 0; i-- {
95 | if seedPrivKey[i]+1 == 255 {
96 | seedPrivKey[i] = 0
97 | } else {
98 | seedPrivKey[i] += 1
99 | break
100 | }
101 | }
102 |
103 | // If this could be more optimized, this is where we'd get the most speed-up
104 | priv := crypto.ToECDSAUnsafe(seedPrivKey)
105 | address := crypto.PubkeyToAddress(priv.PublicKey)
106 |
107 | addressesMap.Lock()
108 | // Check to see if we have an address with a balance --
109 | if ok := addressesMap.addresses[strings.ToLower(address.Hex())]; ok {
110 | log.Printf("Found address with ETH balance, priv: %s, addr: %s", priv.D, address.Hex())
111 | writeToFound(fmt.Sprintf("Private: %s, Address: %s\n", priv.D, address.Hex()))
112 | }
113 | addressesMap.Unlock()
114 | count++
115 | }
116 | }
117 |
118 | func writeToFound(text string) {
119 | // TODO: Again ENV variable of where to store? Would like this to be kubes compat
120 | foundFileName := path + string(os.PathSeparator) + "found.txt"
121 | if _, err := os.Stat(foundFileName); os.IsNotExist(err) {
122 | _, _ = os.Create(foundFileName)
123 | }
124 | f, err := os.OpenFile(foundFileName, os.O_APPEND|os.O_WRONLY, os.ModeAppend)
125 | defer f.Close()
126 | if err != nil {
127 | log.Printf(err.Error())
128 | }
129 | _, err = f.WriteString(text)
130 | if err != nil {
131 | log.Printf(err.Error())
132 | }
133 | }
134 |
--------------------------------------------------------------------------------
/vendor/github.com/btcsuite/btcd/LICENSE:
--------------------------------------------------------------------------------
1 | ISC License
2 |
3 | Copyright (c) 2013-2017 The btcsuite developers
4 | Copyright (c) 2015-2016 The Decred developers
5 |
6 | Permission to use, copy, modify, and distribute this software for any
7 | purpose with or without fee is hereby granted, provided that the above
8 | copyright notice and this permission notice appear in all copies.
9 |
10 | THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 | WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 | MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 | ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 | ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 |
--------------------------------------------------------------------------------
/vendor/github.com/btcsuite/btcd/btcec/README.md:
--------------------------------------------------------------------------------
1 | btcec
2 | =====
3 |
4 | [](https://travis-ci.org/btcsuite/btcec)
5 | [](http://copyfree.org)
6 | [](http://godoc.org/github.com/btcsuite/btcd/btcec)
7 |
8 | Package btcec implements elliptic curve cryptography needed for working with
9 | Bitcoin (secp256k1 only for now). It is designed so that it may be used with the
10 | standard crypto/ecdsa packages provided with go. A comprehensive suite of test
11 | is provided to ensure proper functionality. Package btcec was originally based
12 | on work from ThePiachu which is licensed under the same terms as Go, but it has
13 | signficantly diverged since then. The btcsuite developers original is licensed
14 | under the liberal ISC license.
15 |
16 | Although this package was primarily written for btcd, it has intentionally been
17 | designed so it can be used as a standalone package for any projects needing to
18 | use secp256k1 elliptic curve cryptography.
19 |
20 | ## Installation and Updating
21 |
22 | ```bash
23 | $ go get -u github.com/btcsuite/btcd/btcec
24 | ```
25 |
26 | ## Examples
27 |
28 | * [Sign Message](http://godoc.org/github.com/btcsuite/btcd/btcec#example-package--SignMessage)
29 | Demonstrates signing a message with a secp256k1 private key that is first
30 | parsed form raw bytes and serializing the generated signature.
31 |
32 | * [Verify Signature](http://godoc.org/github.com/btcsuite/btcd/btcec#example-package--VerifySignature)
33 | Demonstrates verifying a secp256k1 signature against a public key that is
34 | first parsed from raw bytes. The signature is also parsed from raw bytes.
35 |
36 | * [Encryption](http://godoc.org/github.com/btcsuite/btcd/btcec#example-package--EncryptMessage)
37 | Demonstrates encrypting a message for a public key that is first parsed from
38 | raw bytes, then decrypting it using the corresponding private key.
39 |
40 | * [Decryption](http://godoc.org/github.com/btcsuite/btcd/btcec#example-package--DecryptMessage)
41 | Demonstrates decrypting a message using a private key that is first parsed
42 | from raw bytes.
43 |
44 | ## GPG Verification Key
45 |
46 | All official release tags are signed by Conformal so users can ensure the code
47 | has not been tampered with and is coming from the btcsuite developers. To
48 | verify the signature perform the following:
49 |
50 | - Download the public key from the Conformal website at
51 | https://opensource.conformal.com/GIT-GPG-KEY-conformal.txt
52 |
53 | - Import the public key into your GPG keyring:
54 | ```bash
55 | gpg --import GIT-GPG-KEY-conformal.txt
56 | ```
57 |
58 | - Verify the release tag with the following command where `TAG_NAME` is a
59 | placeholder for the specific tag:
60 | ```bash
61 | git tag -v TAG_NAME
62 | ```
63 |
64 | ## License
65 |
66 | Package btcec is licensed under the [copyfree](http://copyfree.org) ISC License
67 | except for btcec.go and btcec_test.go which is under the same license as Go.
68 |
69 |
--------------------------------------------------------------------------------
/vendor/github.com/btcsuite/btcd/btcec/doc.go:
--------------------------------------------------------------------------------
1 | // Copyright (c) 2013-2014 The btcsuite developers
2 | // Use of this source code is governed by an ISC
3 | // license that can be found in the LICENSE file.
4 |
5 | /*
6 | Package btcec implements support for the elliptic curves needed for bitcoin.
7 |
8 | Bitcoin uses elliptic curve cryptography using koblitz curves
9 | (specifically secp256k1) for cryptographic functions. See
10 | http://www.secg.org/collateral/sec2_final.pdf for details on the
11 | standard.
12 |
13 | This package provides the data structures and functions implementing the
14 | crypto/elliptic Curve interface in order to permit using these curves
15 | with the standard crypto/ecdsa package provided with go. Helper
16 | functionality is provided to parse signatures and public keys from
17 | standard formats. It was designed for use with btcd, but should be
18 | general enough for other uses of elliptic curve crypto. It was originally based
19 | on some initial work by ThePiachu, but has significantly diverged since then.
20 | */
21 | package btcec
22 |
--------------------------------------------------------------------------------
/vendor/github.com/btcsuite/btcd/btcec/precompute.go:
--------------------------------------------------------------------------------
1 | // Copyright 2015 The btcsuite developers
2 | // Use of this source code is governed by an ISC
3 | // license that can be found in the LICENSE file.
4 |
5 | package btcec
6 |
7 | import (
8 | "compress/zlib"
9 | "encoding/base64"
10 | "encoding/binary"
11 | "io/ioutil"
12 | "strings"
13 | )
14 |
15 | //go:generate go run -tags gensecp256k1 genprecomps.go
16 |
17 | // loadS256BytePoints decompresses and deserializes the pre-computed byte points
18 | // used to accelerate scalar base multiplication for the secp256k1 curve. This
19 | // approach is used since it allows the compile to use significantly less ram
20 | // and be performed much faster than it is with hard-coding the final in-memory
21 | // data structure. At the same time, it is quite fast to generate the in-memory
22 | // data structure at init time with this approach versus computing the table.
23 | func loadS256BytePoints() error {
24 | // There will be no byte points to load when generating them.
25 | bp := secp256k1BytePoints
26 | if len(bp) == 0 {
27 | return nil
28 | }
29 |
30 | // Decompress the pre-computed table used to accelerate scalar base
31 | // multiplication.
32 | decoder := base64.NewDecoder(base64.StdEncoding, strings.NewReader(bp))
33 | r, err := zlib.NewReader(decoder)
34 | if err != nil {
35 | return err
36 | }
37 | serialized, err := ioutil.ReadAll(r)
38 | if err != nil {
39 | return err
40 | }
41 |
42 | // Deserialize the precomputed byte points and set the curve to them.
43 | offset := 0
44 | var bytePoints [32][256][3]fieldVal
45 | for byteNum := 0; byteNum < 32; byteNum++ {
46 | // All points in this window.
47 | for i := 0; i < 256; i++ {
48 | px := &bytePoints[byteNum][i][0]
49 | py := &bytePoints[byteNum][i][1]
50 | pz := &bytePoints[byteNum][i][2]
51 | for i := 0; i < 10; i++ {
52 | px.n[i] = binary.LittleEndian.Uint32(serialized[offset:])
53 | offset += 4
54 | }
55 | for i := 0; i < 10; i++ {
56 | py.n[i] = binary.LittleEndian.Uint32(serialized[offset:])
57 | offset += 4
58 | }
59 | for i := 0; i < 10; i++ {
60 | pz.n[i] = binary.LittleEndian.Uint32(serialized[offset:])
61 | offset += 4
62 | }
63 | }
64 | }
65 | secp256k1.bytePoints = &bytePoints
66 | return nil
67 | }
68 |
--------------------------------------------------------------------------------
/vendor/github.com/btcsuite/btcd/btcec/privkey.go:
--------------------------------------------------------------------------------
1 | // Copyright (c) 2013-2016 The btcsuite developers
2 | // Use of this source code is governed by an ISC
3 | // license that can be found in the LICENSE file.
4 |
5 | package btcec
6 |
7 | import (
8 | "crypto/ecdsa"
9 | "crypto/elliptic"
10 | "crypto/rand"
11 | "math/big"
12 | )
13 |
14 | // PrivateKey wraps an ecdsa.PrivateKey as a convenience mainly for signing
15 | // things with the the private key without having to directly import the ecdsa
16 | // package.
17 | type PrivateKey ecdsa.PrivateKey
18 |
19 | // PrivKeyFromBytes returns a private and public key for `curve' based on the
20 | // private key passed as an argument as a byte slice.
21 | func PrivKeyFromBytes(curve elliptic.Curve, pk []byte) (*PrivateKey,
22 | *PublicKey) {
23 | x, y := curve.ScalarBaseMult(pk)
24 |
25 | priv := &ecdsa.PrivateKey{
26 | PublicKey: ecdsa.PublicKey{
27 | Curve: curve,
28 | X: x,
29 | Y: y,
30 | },
31 | D: new(big.Int).SetBytes(pk),
32 | }
33 |
34 | return (*PrivateKey)(priv), (*PublicKey)(&priv.PublicKey)
35 | }
36 |
37 | // NewPrivateKey is a wrapper for ecdsa.GenerateKey that returns a PrivateKey
38 | // instead of the normal ecdsa.PrivateKey.
39 | func NewPrivateKey(curve elliptic.Curve) (*PrivateKey, error) {
40 | key, err := ecdsa.GenerateKey(curve, rand.Reader)
41 | if err != nil {
42 | return nil, err
43 | }
44 | return (*PrivateKey)(key), nil
45 | }
46 |
47 | // PubKey returns the PublicKey corresponding to this private key.
48 | func (p *PrivateKey) PubKey() *PublicKey {
49 | return (*PublicKey)(&p.PublicKey)
50 | }
51 |
52 | // ToECDSA returns the private key as a *ecdsa.PrivateKey.
53 | func (p *PrivateKey) ToECDSA() *ecdsa.PrivateKey {
54 | return (*ecdsa.PrivateKey)(p)
55 | }
56 |
57 | // Sign generates an ECDSA signature for the provided hash (which should be the result
58 | // of hashing a larger message) using the private key. Produced signature
59 | // is deterministic (same message and same key yield the same signature) and canonical
60 | // in accordance with RFC6979 and BIP0062.
61 | func (p *PrivateKey) Sign(hash []byte) (*Signature, error) {
62 | return signRFC6979(p, hash)
63 | }
64 |
65 | // PrivKeyBytesLen defines the length in bytes of a serialized private key.
66 | const PrivKeyBytesLen = 32
67 |
68 | // Serialize returns the private key number d as a big-endian binary-encoded
69 | // number, padded to a length of 32 bytes.
70 | func (p *PrivateKey) Serialize() []byte {
71 | b := make([]byte, 0, PrivKeyBytesLen)
72 | return paddedAppend(PrivKeyBytesLen, b, p.ToECDSA().D.Bytes())
73 | }
74 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/common/big.go:
--------------------------------------------------------------------------------
1 | // Copyright 2014 The go-ethereum Authors
2 | // This file is part of the go-ethereum library.
3 | //
4 | // The go-ethereum library is free software: you can redistribute it and/or modify
5 | // it under the terms of the GNU Lesser General Public License as published by
6 | // the Free Software Foundation, either version 3 of the License, or
7 | // (at your option) any later version.
8 | //
9 | // The go-ethereum library is distributed in the hope that it will be useful,
10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | // GNU Lesser General Public License for more details.
13 | //
14 | // You should have received a copy of the GNU Lesser General Public License
15 | // along with the go-ethereum library. If not, see .
16 |
17 | package common
18 |
19 | import "math/big"
20 |
21 | // Common big integers often used
22 | var (
23 | Big1 = big.NewInt(1)
24 | Big2 = big.NewInt(2)
25 | Big3 = big.NewInt(3)
26 | Big0 = big.NewInt(0)
27 | Big32 = big.NewInt(32)
28 | Big256 = big.NewInt(256)
29 | Big257 = big.NewInt(257)
30 | )
31 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/common/bytes.go:
--------------------------------------------------------------------------------
1 | // Copyright 2014 The go-ethereum Authors
2 | // This file is part of the go-ethereum library.
3 | //
4 | // The go-ethereum library is free software: you can redistribute it and/or modify
5 | // it under the terms of the GNU Lesser General Public License as published by
6 | // the Free Software Foundation, either version 3 of the License, or
7 | // (at your option) any later version.
8 | //
9 | // The go-ethereum library is distributed in the hope that it will be useful,
10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | // GNU Lesser General Public License for more details.
13 | //
14 | // You should have received a copy of the GNU Lesser General Public License
15 | // along with the go-ethereum library. If not, see .
16 |
17 | // Package common contains various helper functions.
18 | package common
19 |
20 | import "encoding/hex"
21 |
22 | // ToHex returns the hex representation of b, prefixed with '0x'.
23 | // For empty slices, the return value is "0x0".
24 | //
25 | // Deprecated: use hexutil.Encode instead.
26 | func ToHex(b []byte) string {
27 | hex := Bytes2Hex(b)
28 | if len(hex) == 0 {
29 | hex = "0"
30 | }
31 | return "0x" + hex
32 | }
33 |
34 | // ToHexArray creates a array of hex-string based on []byte
35 | func ToHexArray(b [][]byte) []string {
36 | r := make([]string, len(b))
37 | for i := range b {
38 | r[i] = ToHex(b[i])
39 | }
40 | return r
41 | }
42 |
43 | // FromHex returns the bytes represented by the hexadecimal string s.
44 | // s may be prefixed with "0x".
45 | func FromHex(s string) []byte {
46 | if len(s) > 1 {
47 | if s[0:2] == "0x" || s[0:2] == "0X" {
48 | s = s[2:]
49 | }
50 | }
51 | if len(s)%2 == 1 {
52 | s = "0" + s
53 | }
54 | return Hex2Bytes(s)
55 | }
56 |
57 | // CopyBytes returns an exact copy of the provided bytes.
58 | func CopyBytes(b []byte) (copiedBytes []byte) {
59 | if b == nil {
60 | return nil
61 | }
62 | copiedBytes = make([]byte, len(b))
63 | copy(copiedBytes, b)
64 |
65 | return
66 | }
67 |
68 | // hasHexPrefix validates str begins with '0x' or '0X'.
69 | func hasHexPrefix(str string) bool {
70 | return len(str) >= 2 && str[0] == '0' && (str[1] == 'x' || str[1] == 'X')
71 | }
72 |
73 | // isHexCharacter returns bool of c being a valid hexadecimal.
74 | func isHexCharacter(c byte) bool {
75 | return ('0' <= c && c <= '9') || ('a' <= c && c <= 'f') || ('A' <= c && c <= 'F')
76 | }
77 |
78 | // isHex validates whether each byte is valid hexadecimal string.
79 | func isHex(str string) bool {
80 | if len(str)%2 != 0 {
81 | return false
82 | }
83 | for _, c := range []byte(str) {
84 | if !isHexCharacter(c) {
85 | return false
86 | }
87 | }
88 | return true
89 | }
90 |
91 | // Bytes2Hex returns the hexadecimal encoding of d.
92 | func Bytes2Hex(d []byte) string {
93 | return hex.EncodeToString(d)
94 | }
95 |
96 | // Hex2Bytes returns the bytes represented by the hexadecimal string str.
97 | func Hex2Bytes(str string) []byte {
98 | h, _ := hex.DecodeString(str)
99 | return h
100 | }
101 |
102 | // Hex2BytesFixed returns bytes of a specified fixed length flen.
103 | func Hex2BytesFixed(str string, flen int) []byte {
104 | h, _ := hex.DecodeString(str)
105 | if len(h) == flen {
106 | return h
107 | }
108 | if len(h) > flen {
109 | return h[len(h)-flen:]
110 | }
111 | hh := make([]byte, flen)
112 | copy(hh[flen-len(h):flen], h)
113 | return hh
114 | }
115 |
116 | // RightPadBytes zero-pads slice to the right up to length l.
117 | func RightPadBytes(slice []byte, l int) []byte {
118 | if l <= len(slice) {
119 | return slice
120 | }
121 |
122 | padded := make([]byte, l)
123 | copy(padded, slice)
124 |
125 | return padded
126 | }
127 |
128 | // LeftPadBytes zero-pads slice to the left up to length l.
129 | func LeftPadBytes(slice []byte, l int) []byte {
130 | if l <= len(slice) {
131 | return slice
132 | }
133 |
134 | padded := make([]byte, l)
135 | copy(padded[l-len(slice):], slice)
136 |
137 | return padded
138 | }
139 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/common/debug.go:
--------------------------------------------------------------------------------
1 | // Copyright 2015 The go-ethereum Authors
2 | // This file is part of the go-ethereum library.
3 | //
4 | // The go-ethereum library is free software: you can redistribute it and/or modify
5 | // it under the terms of the GNU Lesser General Public License as published by
6 | // the Free Software Foundation, either version 3 of the License, or
7 | // (at your option) any later version.
8 | //
9 | // The go-ethereum library is distributed in the hope that it will be useful,
10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | // GNU Lesser General Public License for more details.
13 | //
14 | // You should have received a copy of the GNU Lesser General Public License
15 | // along with the go-ethereum library. If not, see .
16 |
17 | package common
18 |
19 | import (
20 | "fmt"
21 | "os"
22 | "runtime"
23 | "runtime/debug"
24 | "strings"
25 | )
26 |
27 | // Report gives off a warning requesting the user to submit an issue to the github tracker.
28 | func Report(extra ...interface{}) {
29 | fmt.Fprintln(os.Stderr, "You've encountered a sought after, hard to reproduce bug. Please report this to the developers <3 https://github.com/ethereum/go-ethereum/issues")
30 | fmt.Fprintln(os.Stderr, extra...)
31 |
32 | _, file, line, _ := runtime.Caller(1)
33 | fmt.Fprintf(os.Stderr, "%v:%v\n", file, line)
34 |
35 | debug.PrintStack()
36 |
37 | fmt.Fprintln(os.Stderr, "#### BUG! PLEASE REPORT ####")
38 | }
39 |
40 | // PrintDepricationWarning prinst the given string in a box using fmt.Println.
41 | func PrintDepricationWarning(str string) {
42 | line := strings.Repeat("#", len(str)+4)
43 | emptyLine := strings.Repeat(" ", len(str))
44 | fmt.Printf(`
45 | %s
46 | # %s #
47 | # %s #
48 | # %s #
49 | %s
50 |
51 | `, line, emptyLine, str, emptyLine, line)
52 | }
53 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/common/format.go:
--------------------------------------------------------------------------------
1 | // Copyright 2016 The go-ethereum Authors
2 | // This file is part of the go-ethereum library.
3 | //
4 | // The go-ethereum library is free software: you can redistribute it and/or modify
5 | // it under the terms of the GNU Lesser General Public License as published by
6 | // the Free Software Foundation, either version 3 of the License, or
7 | // (at your option) any later version.
8 | //
9 | // The go-ethereum library is distributed in the hope that it will be useful,
10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | // GNU Lesser General Public License for more details.
13 | //
14 | // You should have received a copy of the GNU Lesser General Public License
15 | // along with the go-ethereum library. If not, see .
16 |
17 | package common
18 |
19 | import (
20 | "fmt"
21 | "regexp"
22 | "strings"
23 | "time"
24 | )
25 |
26 | // PrettyDuration is a pretty printed version of a time.Duration value that cuts
27 | // the unnecessary precision off from the formatted textual representation.
28 | type PrettyDuration time.Duration
29 |
30 | var prettyDurationRe = regexp.MustCompile(`\.[0-9]+`)
31 |
32 | // String implements the Stringer interface, allowing pretty printing of duration
33 | // values rounded to three decimals.
34 | func (d PrettyDuration) String() string {
35 | label := fmt.Sprintf("%v", time.Duration(d))
36 | if match := prettyDurationRe.FindString(label); len(match) > 4 {
37 | label = strings.Replace(label, match, match[:4], 1)
38 | }
39 | return label
40 | }
41 |
42 | // PrettyAge is a pretty printed version of a time.Duration value that rounds
43 | // the values up to a single most significant unit, days/weeks/years included.
44 | type PrettyAge time.Time
45 |
46 | // ageUnits is a list of units the age pretty printing uses.
47 | var ageUnits = []struct {
48 | Size time.Duration
49 | Symbol string
50 | }{
51 | {12 * 30 * 24 * time.Hour, "y"},
52 | {30 * 24 * time.Hour, "mo"},
53 | {7 * 24 * time.Hour, "w"},
54 | {24 * time.Hour, "d"},
55 | {time.Hour, "h"},
56 | {time.Minute, "m"},
57 | {time.Second, "s"},
58 | }
59 |
60 | // String implements the Stringer interface, allowing pretty printing of duration
61 | // values rounded to the most significant time unit.
62 | func (t PrettyAge) String() string {
63 | // Calculate the time difference and handle the 0 cornercase
64 | diff := time.Since(time.Time(t))
65 | if diff < time.Second {
66 | return "0"
67 | }
68 | // Accumulate a precision of 3 components before returning
69 | result, prec := "", 0
70 |
71 | for _, unit := range ageUnits {
72 | if diff > unit.Size {
73 | result = fmt.Sprintf("%s%d%s", result, diff/unit.Size, unit.Symbol)
74 | diff %= unit.Size
75 |
76 | if prec += 1; prec >= 3 {
77 | break
78 | }
79 | }
80 | }
81 | return result
82 | }
83 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/common/math/integer.go:
--------------------------------------------------------------------------------
1 | // Copyright 2017 The go-ethereum Authors
2 | // This file is part of the go-ethereum library.
3 | //
4 | // The go-ethereum library is free software: you can redistribute it and/or modify
5 | // it under the terms of the GNU Lesser General Public License as published by
6 | // the Free Software Foundation, either version 3 of the License, or
7 | // (at your option) any later version.
8 | //
9 | // The go-ethereum library is distributed in the hope that it will be useful,
10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | // GNU Lesser General Public License for more details.
13 | //
14 | // You should have received a copy of the GNU Lesser General Public License
15 | // along with the go-ethereum library. If not, see .
16 |
17 | package math
18 |
19 | import (
20 | "fmt"
21 | "strconv"
22 | )
23 |
24 | // Integer limit values.
25 | const (
26 | MaxInt8 = 1<<7 - 1
27 | MinInt8 = -1 << 7
28 | MaxInt16 = 1<<15 - 1
29 | MinInt16 = -1 << 15
30 | MaxInt32 = 1<<31 - 1
31 | MinInt32 = -1 << 31
32 | MaxInt64 = 1<<63 - 1
33 | MinInt64 = -1 << 63
34 | MaxUint8 = 1<<8 - 1
35 | MaxUint16 = 1<<16 - 1
36 | MaxUint32 = 1<<32 - 1
37 | MaxUint64 = 1<<64 - 1
38 | )
39 |
40 | // HexOrDecimal64 marshals uint64 as hex or decimal.
41 | type HexOrDecimal64 uint64
42 |
43 | // UnmarshalText implements encoding.TextUnmarshaler.
44 | func (i *HexOrDecimal64) UnmarshalText(input []byte) error {
45 | int, ok := ParseUint64(string(input))
46 | if !ok {
47 | return fmt.Errorf("invalid hex or decimal integer %q", input)
48 | }
49 | *i = HexOrDecimal64(int)
50 | return nil
51 | }
52 |
53 | // MarshalText implements encoding.TextMarshaler.
54 | func (i HexOrDecimal64) MarshalText() ([]byte, error) {
55 | return []byte(fmt.Sprintf("%#x", uint64(i))), nil
56 | }
57 |
58 | // ParseUint64 parses s as an integer in decimal or hexadecimal syntax.
59 | // Leading zeros are accepted. The empty string parses as zero.
60 | func ParseUint64(s string) (uint64, bool) {
61 | if s == "" {
62 | return 0, true
63 | }
64 | if len(s) >= 2 && (s[:2] == "0x" || s[:2] == "0X") {
65 | v, err := strconv.ParseUint(s[2:], 16, 64)
66 | return v, err == nil
67 | }
68 | v, err := strconv.ParseUint(s, 10, 64)
69 | return v, err == nil
70 | }
71 |
72 | // MustParseUint64 parses s as an integer and panics if the string is invalid.
73 | func MustParseUint64(s string) uint64 {
74 | v, ok := ParseUint64(s)
75 | if !ok {
76 | panic("invalid unsigned 64 bit integer: " + s)
77 | }
78 | return v
79 | }
80 |
81 | // NOTE: The following methods need to be optimised using either bit checking or asm
82 |
83 | // SafeSub returns subtraction result and whether overflow occurred.
84 | func SafeSub(x, y uint64) (uint64, bool) {
85 | return x - y, x < y
86 | }
87 |
88 | // SafeAdd returns the result and whether overflow occurred.
89 | func SafeAdd(x, y uint64) (uint64, bool) {
90 | return x + y, y > MaxUint64-x
91 | }
92 |
93 | // SafeMul returns multiplication result and whether overflow occurred.
94 | func SafeMul(x, y uint64) (uint64, bool) {
95 | if x == 0 || y == 0 {
96 | return 0, false
97 | }
98 | return x * y, y > MaxUint64/x
99 | }
100 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/common/path.go:
--------------------------------------------------------------------------------
1 | // Copyright 2014 The go-ethereum Authors
2 | // This file is part of the go-ethereum library.
3 | //
4 | // The go-ethereum library is free software: you can redistribute it and/or modify
5 | // it under the terms of the GNU Lesser General Public License as published by
6 | // the Free Software Foundation, either version 3 of the License, or
7 | // (at your option) any later version.
8 | //
9 | // The go-ethereum library is distributed in the hope that it will be useful,
10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | // GNU Lesser General Public License for more details.
13 | //
14 | // You should have received a copy of the GNU Lesser General Public License
15 | // along with the go-ethereum library. If not, see .
16 |
17 | package common
18 |
19 | import (
20 | "fmt"
21 | "os"
22 | "path/filepath"
23 | "runtime"
24 | )
25 |
26 | // MakeName creates a node name that follows the ethereum convention
27 | // for such names. It adds the operation system name and Go runtime version
28 | // the name.
29 | func MakeName(name, version string) string {
30 | return fmt.Sprintf("%s/v%s/%s/%s", name, version, runtime.GOOS, runtime.Version())
31 | }
32 |
33 | // FileExist checks if a file exists at filePath.
34 | func FileExist(filePath string) bool {
35 | _, err := os.Stat(filePath)
36 | if err != nil && os.IsNotExist(err) {
37 | return false
38 | }
39 |
40 | return true
41 | }
42 |
43 | // AbsolutePath returns datadir + filename, or filename if it is absolute.
44 | func AbsolutePath(datadir string, filename string) string {
45 | if filepath.IsAbs(filename) {
46 | return filename
47 | }
48 | return filepath.Join(datadir, filename)
49 | }
50 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/common/size.go:
--------------------------------------------------------------------------------
1 | // Copyright 2014 The go-ethereum Authors
2 | // This file is part of the go-ethereum library.
3 | //
4 | // The go-ethereum library is free software: you can redistribute it and/or modify
5 | // it under the terms of the GNU Lesser General Public License as published by
6 | // the Free Software Foundation, either version 3 of the License, or
7 | // (at your option) any later version.
8 | //
9 | // The go-ethereum library is distributed in the hope that it will be useful,
10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | // GNU Lesser General Public License for more details.
13 | //
14 | // You should have received a copy of the GNU Lesser General Public License
15 | // along with the go-ethereum library. If not, see .
16 |
17 | package common
18 |
19 | import (
20 | "fmt"
21 | )
22 |
23 | // StorageSize is a wrapper around a float value that supports user friendly
24 | // formatting.
25 | type StorageSize float64
26 |
27 | // String implements the stringer interface.
28 | func (s StorageSize) String() string {
29 | if s > 1099511627776 {
30 | return fmt.Sprintf("%.2f TiB", s/1099511627776)
31 | } else if s > 1073741824 {
32 | return fmt.Sprintf("%.2f GiB", s/1073741824)
33 | } else if s > 1048576 {
34 | return fmt.Sprintf("%.2f MiB", s/1048576)
35 | } else if s > 1024 {
36 | return fmt.Sprintf("%.2f KiB", s/1024)
37 | } else {
38 | return fmt.Sprintf("%.2f B", s)
39 | }
40 | }
41 |
42 | // TerminalString implements log.TerminalStringer, formatting a string for console
43 | // output during logging.
44 | func (s StorageSize) TerminalString() string {
45 | if s > 1099511627776 {
46 | return fmt.Sprintf("%.2fTiB", s/1099511627776)
47 | } else if s > 1073741824 {
48 | return fmt.Sprintf("%.2fGiB", s/1073741824)
49 | } else if s > 1048576 {
50 | return fmt.Sprintf("%.2fMiB", s/1048576)
51 | } else if s > 1024 {
52 | return fmt.Sprintf("%.2fKiB", s/1024)
53 | } else {
54 | return fmt.Sprintf("%.2fB", s)
55 | }
56 | }
57 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/common/test_utils.go:
--------------------------------------------------------------------------------
1 | // Copyright 2015 The go-ethereum Authors
2 | // This file is part of the go-ethereum library.
3 | //
4 | // The go-ethereum library is free software: you can redistribute it and/or modify
5 | // it under the terms of the GNU Lesser General Public License as published by
6 | // the Free Software Foundation, either version 3 of the License, or
7 | // (at your option) any later version.
8 | //
9 | // The go-ethereum library is distributed in the hope that it will be useful,
10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | // GNU Lesser General Public License for more details.
13 | //
14 | // You should have received a copy of the GNU Lesser General Public License
15 | // along with the go-ethereum library. If not, see .
16 |
17 | package common
18 |
19 | import (
20 | "encoding/json"
21 | "fmt"
22 | "io/ioutil"
23 | )
24 |
25 | // LoadJSON reads the given file and unmarshals its content.
26 | func LoadJSON(file string, val interface{}) error {
27 | content, err := ioutil.ReadFile(file)
28 | if err != nil {
29 | return err
30 | }
31 | if err := json.Unmarshal(content, val); err != nil {
32 | if syntaxerr, ok := err.(*json.SyntaxError); ok {
33 | line := findLine(content, syntaxerr.Offset)
34 | return fmt.Errorf("JSON syntax error at %v:%v: %v", file, line, err)
35 | }
36 | return fmt.Errorf("JSON unmarshal error in %v: %v", file, err)
37 | }
38 | return nil
39 | }
40 |
41 | // findLine returns the line number for the given offset into data.
42 | func findLine(data []byte, offset int64) (line int) {
43 | line = 1
44 | for i, r := range string(data) {
45 | if int64(i) >= offset {
46 | return
47 | }
48 | if r == '\n' {
49 | line++
50 | }
51 | }
52 | return
53 | }
54 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/LICENSE:
--------------------------------------------------------------------------------
1 | Copyright (c) 2010 The Go Authors. All rights reserved.
2 | Copyright (c) 2011 ThePiachu. All rights reserved.
3 | Copyright (c) 2015 Jeffrey Wilcke. All rights reserved.
4 | Copyright (c) 2015 Felix Lange. All rights reserved.
5 | Copyright (c) 2015 Gustav Simonsson. All rights reserved.
6 |
7 | Redistribution and use in source and binary forms, with or without
8 | modification, are permitted provided that the following conditions are
9 | met:
10 |
11 | * Redistributions of source code must retain the above copyright
12 | notice, this list of conditions and the following disclaimer.
13 | * Redistributions in binary form must reproduce the above
14 | copyright notice, this list of conditions and the following disclaimer
15 | in the documentation and/or other materials provided with the
16 | distribution.
17 | * Neither the name of the copyright holder. nor the names of its
18 | contributors may be used to endorse or promote products derived from
19 | this software without specific prior written permission.
20 |
21 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
24 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
25 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
26 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
27 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/ext.h:
--------------------------------------------------------------------------------
1 | // Copyright 2015 Jeffrey Wilcke, Felix Lange, Gustav Simonsson. All rights reserved.
2 | // Use of this source code is governed by a BSD-style license that can be found in
3 | // the LICENSE file.
4 |
5 | // secp256k1_context_create_sign_verify creates a context for signing and signature verification.
6 | static secp256k1_context* secp256k1_context_create_sign_verify() {
7 | return secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY);
8 | }
9 |
10 | // secp256k1_ext_ecdsa_recover recovers the public key of an encoded compact signature.
11 | //
12 | // Returns: 1: recovery was successful
13 | // 0: recovery was not successful
14 | // Args: ctx: pointer to a context object (cannot be NULL)
15 | // Out: pubkey_out: the serialized 65-byte public key of the signer (cannot be NULL)
16 | // In: sigdata: pointer to a 65-byte signature with the recovery id at the end (cannot be NULL)
17 | // msgdata: pointer to a 32-byte message (cannot be NULL)
18 | static int secp256k1_ext_ecdsa_recover(
19 | const secp256k1_context* ctx,
20 | unsigned char *pubkey_out,
21 | const unsigned char *sigdata,
22 | const unsigned char *msgdata
23 | ) {
24 | secp256k1_ecdsa_recoverable_signature sig;
25 | secp256k1_pubkey pubkey;
26 |
27 | if (!secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &sig, sigdata, (int)sigdata[64])) {
28 | return 0;
29 | }
30 | if (!secp256k1_ecdsa_recover(ctx, &pubkey, &sig, msgdata)) {
31 | return 0;
32 | }
33 | size_t outputlen = 65;
34 | return secp256k1_ec_pubkey_serialize(ctx, pubkey_out, &outputlen, &pubkey, SECP256K1_EC_UNCOMPRESSED);
35 | }
36 |
37 | // secp256k1_ext_ecdsa_verify verifies an encoded compact signature.
38 | //
39 | // Returns: 1: signature is valid
40 | // 0: signature is invalid
41 | // Args: ctx: pointer to a context object (cannot be NULL)
42 | // In: sigdata: pointer to a 64-byte signature (cannot be NULL)
43 | // msgdata: pointer to a 32-byte message (cannot be NULL)
44 | // pubkeydata: pointer to public key data (cannot be NULL)
45 | // pubkeylen: length of pubkeydata
46 | static int secp256k1_ext_ecdsa_verify(
47 | const secp256k1_context* ctx,
48 | const unsigned char *sigdata,
49 | const unsigned char *msgdata,
50 | const unsigned char *pubkeydata,
51 | size_t pubkeylen
52 | ) {
53 | secp256k1_ecdsa_signature sig;
54 | secp256k1_pubkey pubkey;
55 |
56 | if (!secp256k1_ecdsa_signature_parse_compact(ctx, &sig, sigdata)) {
57 | return 0;
58 | }
59 | if (!secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeydata, pubkeylen)) {
60 | return 0;
61 | }
62 | return secp256k1_ecdsa_verify(ctx, &sig, msgdata, &pubkey);
63 | }
64 |
65 | // secp256k1_ext_reencode_pubkey decodes then encodes a public key. It can be used to
66 | // convert between public key formats. The input/output formats are chosen depending on the
67 | // length of the input/output buffers.
68 | //
69 | // Returns: 1: conversion successful
70 | // 0: conversion unsuccessful
71 | // Args: ctx: pointer to a context object (cannot be NULL)
72 | // Out: out: output buffer that will contain the reencoded key (cannot be NULL)
73 | // In: outlen: length of out (33 for compressed keys, 65 for uncompressed keys)
74 | // pubkeydata: the input public key (cannot be NULL)
75 | // pubkeylen: length of pubkeydata
76 | static int secp256k1_ext_reencode_pubkey(
77 | const secp256k1_context* ctx,
78 | unsigned char *out,
79 | size_t outlen,
80 | const unsigned char *pubkeydata,
81 | size_t pubkeylen
82 | ) {
83 | secp256k1_pubkey pubkey;
84 |
85 | if (!secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeydata, pubkeylen)) {
86 | return 0;
87 | }
88 | unsigned int flag = (outlen == 33) ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED;
89 | return secp256k1_ec_pubkey_serialize(ctx, out, &outlen, &pubkey, flag);
90 | }
91 |
92 | // secp256k1_ext_scalar_mul multiplies a point by a scalar in constant time.
93 | //
94 | // Returns: 1: multiplication was successful
95 | // 0: scalar was invalid (zero or overflow)
96 | // Args: ctx: pointer to a context object (cannot be NULL)
97 | // Out: point: the multiplied point (usually secret)
98 | // In: point: pointer to a 64-byte public point,
99 | // encoded as two 256bit big-endian numbers.
100 | // scalar: a 32-byte scalar with which to multiply the point
101 | int secp256k1_ext_scalar_mul(const secp256k1_context* ctx, unsigned char *point, const unsigned char *scalar) {
102 | int ret = 0;
103 | int overflow = 0;
104 | secp256k1_fe feX, feY;
105 | secp256k1_gej res;
106 | secp256k1_ge ge;
107 | secp256k1_scalar s;
108 | ARG_CHECK(point != NULL);
109 | ARG_CHECK(scalar != NULL);
110 | (void)ctx;
111 |
112 | secp256k1_fe_set_b32(&feX, point);
113 | secp256k1_fe_set_b32(&feY, point+32);
114 | secp256k1_ge_set_xy(&ge, &feX, &feY);
115 | secp256k1_scalar_set_b32(&s, scalar, &overflow);
116 | if (overflow || secp256k1_scalar_is_zero(&s)) {
117 | ret = 0;
118 | } else {
119 | secp256k1_ecmult_const(&res, &ge, &s);
120 | secp256k1_ge_set_gej(&ge, &res);
121 | /* Note: can't use secp256k1_pubkey_save here because it is not constant time. */
122 | secp256k1_fe_normalize(&ge.x);
123 | secp256k1_fe_normalize(&ge.y);
124 | secp256k1_fe_get_b32(point, &ge.x);
125 | secp256k1_fe_get_b32(point+32, &ge.y);
126 | ret = 1;
127 | }
128 | secp256k1_scalar_clear(&s);
129 | return ret;
130 | }
131 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/COPYING:
--------------------------------------------------------------------------------
1 | Copyright (c) 2013 Pieter Wuille
2 |
3 | Permission is hereby granted, free of charge, to any person obtaining a copy
4 | of this software and associated documentation files (the "Software"), to deal
5 | in the Software without restriction, including without limitation the rights
6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
7 | copies of the Software, and to permit persons to whom the Software is
8 | furnished to do so, subject to the following conditions:
9 |
10 | The above copyright notice and this permission notice shall be included in
11 | all copies or substantial portions of the Software.
12 |
13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
19 | THE SOFTWARE.
20 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/Makefile.am:
--------------------------------------------------------------------------------
1 | ACLOCAL_AMFLAGS = -I build-aux/m4
2 |
3 | lib_LTLIBRARIES = libsecp256k1.la
4 | if USE_JNI
5 | JNI_LIB = libsecp256k1_jni.la
6 | noinst_LTLIBRARIES = $(JNI_LIB)
7 | else
8 | JNI_LIB =
9 | endif
10 | include_HEADERS = include/secp256k1.h
11 | noinst_HEADERS =
12 | noinst_HEADERS += src/scalar.h
13 | noinst_HEADERS += src/scalar_4x64.h
14 | noinst_HEADERS += src/scalar_8x32.h
15 | noinst_HEADERS += src/scalar_low.h
16 | noinst_HEADERS += src/scalar_impl.h
17 | noinst_HEADERS += src/scalar_4x64_impl.h
18 | noinst_HEADERS += src/scalar_8x32_impl.h
19 | noinst_HEADERS += src/scalar_low_impl.h
20 | noinst_HEADERS += src/group.h
21 | noinst_HEADERS += src/group_impl.h
22 | noinst_HEADERS += src/num_gmp.h
23 | noinst_HEADERS += src/num_gmp_impl.h
24 | noinst_HEADERS += src/ecdsa.h
25 | noinst_HEADERS += src/ecdsa_impl.h
26 | noinst_HEADERS += src/eckey.h
27 | noinst_HEADERS += src/eckey_impl.h
28 | noinst_HEADERS += src/ecmult.h
29 | noinst_HEADERS += src/ecmult_impl.h
30 | noinst_HEADERS += src/ecmult_const.h
31 | noinst_HEADERS += src/ecmult_const_impl.h
32 | noinst_HEADERS += src/ecmult_gen.h
33 | noinst_HEADERS += src/ecmult_gen_impl.h
34 | noinst_HEADERS += src/num.h
35 | noinst_HEADERS += src/num_impl.h
36 | noinst_HEADERS += src/field_10x26.h
37 | noinst_HEADERS += src/field_10x26_impl.h
38 | noinst_HEADERS += src/field_5x52.h
39 | noinst_HEADERS += src/field_5x52_impl.h
40 | noinst_HEADERS += src/field_5x52_int128_impl.h
41 | noinst_HEADERS += src/field_5x52_asm_impl.h
42 | noinst_HEADERS += src/java/org_bitcoin_NativeSecp256k1.h
43 | noinst_HEADERS += src/java/org_bitcoin_Secp256k1Context.h
44 | noinst_HEADERS += src/util.h
45 | noinst_HEADERS += src/testrand.h
46 | noinst_HEADERS += src/testrand_impl.h
47 | noinst_HEADERS += src/hash.h
48 | noinst_HEADERS += src/hash_impl.h
49 | noinst_HEADERS += src/field.h
50 | noinst_HEADERS += src/field_impl.h
51 | noinst_HEADERS += src/bench.h
52 | noinst_HEADERS += contrib/lax_der_parsing.h
53 | noinst_HEADERS += contrib/lax_der_parsing.c
54 | noinst_HEADERS += contrib/lax_der_privatekey_parsing.h
55 | noinst_HEADERS += contrib/lax_der_privatekey_parsing.c
56 |
57 | if USE_EXTERNAL_ASM
58 | COMMON_LIB = libsecp256k1_common.la
59 | noinst_LTLIBRARIES = $(COMMON_LIB)
60 | else
61 | COMMON_LIB =
62 | endif
63 |
64 | pkgconfigdir = $(libdir)/pkgconfig
65 | pkgconfig_DATA = libsecp256k1.pc
66 |
67 | if USE_EXTERNAL_ASM
68 | if USE_ASM_ARM
69 | libsecp256k1_common_la_SOURCES = src/asm/field_10x26_arm.s
70 | endif
71 | endif
72 |
73 | libsecp256k1_la_SOURCES = src/secp256k1.c
74 | libsecp256k1_la_CPPFLAGS = -DSECP256K1_BUILD -I$(top_srcdir)/include -I$(top_srcdir)/src $(SECP_INCLUDES)
75 | libsecp256k1_la_LIBADD = $(JNI_LIB) $(SECP_LIBS) $(COMMON_LIB)
76 |
77 | libsecp256k1_jni_la_SOURCES = src/java/org_bitcoin_NativeSecp256k1.c src/java/org_bitcoin_Secp256k1Context.c
78 | libsecp256k1_jni_la_CPPFLAGS = -DSECP256K1_BUILD $(JNI_INCLUDES)
79 |
80 | noinst_PROGRAMS =
81 | if USE_BENCHMARK
82 | noinst_PROGRAMS += bench_verify bench_sign bench_internal
83 | bench_verify_SOURCES = src/bench_verify.c
84 | bench_verify_LDADD = libsecp256k1.la $(SECP_LIBS) $(SECP_TEST_LIBS) $(COMMON_LIB)
85 | bench_sign_SOURCES = src/bench_sign.c
86 | bench_sign_LDADD = libsecp256k1.la $(SECP_LIBS) $(SECP_TEST_LIBS) $(COMMON_LIB)
87 | bench_internal_SOURCES = src/bench_internal.c
88 | bench_internal_LDADD = $(SECP_LIBS) $(COMMON_LIB)
89 | bench_internal_CPPFLAGS = -DSECP256K1_BUILD $(SECP_INCLUDES)
90 | endif
91 |
92 | TESTS =
93 | if USE_TESTS
94 | noinst_PROGRAMS += tests
95 | tests_SOURCES = src/tests.c
96 | tests_CPPFLAGS = -DSECP256K1_BUILD -I$(top_srcdir)/src -I$(top_srcdir)/include $(SECP_INCLUDES) $(SECP_TEST_INCLUDES)
97 | if !ENABLE_COVERAGE
98 | tests_CPPFLAGS += -DVERIFY
99 | endif
100 | tests_LDADD = $(SECP_LIBS) $(SECP_TEST_LIBS) $(COMMON_LIB)
101 | tests_LDFLAGS = -static
102 | TESTS += tests
103 | endif
104 |
105 | if USE_EXHAUSTIVE_TESTS
106 | noinst_PROGRAMS += exhaustive_tests
107 | exhaustive_tests_SOURCES = src/tests_exhaustive.c
108 | exhaustive_tests_CPPFLAGS = -DSECP256K1_BUILD -I$(top_srcdir)/src $(SECP_INCLUDES)
109 | if !ENABLE_COVERAGE
110 | exhaustive_tests_CPPFLAGS += -DVERIFY
111 | endif
112 | exhaustive_tests_LDADD = $(SECP_LIBS)
113 | exhaustive_tests_LDFLAGS = -static
114 | TESTS += exhaustive_tests
115 | endif
116 |
117 | JAVAROOT=src/java
118 | JAVAORG=org/bitcoin
119 | JAVA_GUAVA=$(srcdir)/$(JAVAROOT)/guava/guava-18.0.jar
120 | CLASSPATH_ENV=CLASSPATH=$(JAVA_GUAVA)
121 | JAVA_FILES= \
122 | $(JAVAROOT)/$(JAVAORG)/NativeSecp256k1.java \
123 | $(JAVAROOT)/$(JAVAORG)/NativeSecp256k1Test.java \
124 | $(JAVAROOT)/$(JAVAORG)/NativeSecp256k1Util.java \
125 | $(JAVAROOT)/$(JAVAORG)/Secp256k1Context.java
126 |
127 | if USE_JNI
128 |
129 | $(JAVA_GUAVA):
130 | @echo Guava is missing. Fetch it via: \
131 | wget https://search.maven.org/remotecontent?filepath=com/google/guava/guava/18.0/guava-18.0.jar -O $(@)
132 | @false
133 |
134 | .stamp-java: $(JAVA_FILES)
135 | @echo Compiling $^
136 | $(AM_V_at)$(CLASSPATH_ENV) javac $^
137 | @touch $@
138 |
139 | if USE_TESTS
140 |
141 | check-java: libsecp256k1.la $(JAVA_GUAVA) .stamp-java
142 | $(AM_V_at)java -Djava.library.path="./:./src:./src/.libs:.libs/" -cp "$(JAVA_GUAVA):$(JAVAROOT)" $(JAVAORG)/NativeSecp256k1Test
143 |
144 | endif
145 | endif
146 |
147 | if USE_ECMULT_STATIC_PRECOMPUTATION
148 | CPPFLAGS_FOR_BUILD +=-I$(top_srcdir)
149 | CFLAGS_FOR_BUILD += -Wall -Wextra -Wno-unused-function
150 |
151 | gen_context_OBJECTS = gen_context.o
152 | gen_context_BIN = gen_context$(BUILD_EXEEXT)
153 | gen_%.o: src/gen_%.c
154 | $(CC_FOR_BUILD) $(CPPFLAGS_FOR_BUILD) $(CFLAGS_FOR_BUILD) -c $< -o $@
155 |
156 | $(gen_context_BIN): $(gen_context_OBJECTS)
157 | $(CC_FOR_BUILD) $^ -o $@
158 |
159 | $(libsecp256k1_la_OBJECTS): src/ecmult_static_context.h
160 | $(tests_OBJECTS): src/ecmult_static_context.h
161 | $(bench_internal_OBJECTS): src/ecmult_static_context.h
162 |
163 | src/ecmult_static_context.h: $(gen_context_BIN)
164 | ./$(gen_context_BIN)
165 |
166 | CLEANFILES = $(gen_context_BIN) src/ecmult_static_context.h $(JAVAROOT)/$(JAVAORG)/*.class .stamp-java
167 | endif
168 |
169 | EXTRA_DIST = autogen.sh src/gen_context.c src/basic-config.h $(JAVA_FILES)
170 |
171 | if ENABLE_MODULE_ECDH
172 | include src/modules/ecdh/Makefile.am.include
173 | endif
174 |
175 | if ENABLE_MODULE_RECOVERY
176 | include src/modules/recovery/Makefile.am.include
177 | endif
178 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/README.md:
--------------------------------------------------------------------------------
1 | libsecp256k1
2 | ============
3 |
4 | [](https://travis-ci.org/bitcoin-core/secp256k1)
5 |
6 | Optimized C library for EC operations on curve secp256k1.
7 |
8 | This library is a work in progress and is being used to research best practices. Use at your own risk.
9 |
10 | Features:
11 | * secp256k1 ECDSA signing/verification and key generation.
12 | * Adding/multiplying private/public keys.
13 | * Serialization/parsing of private keys, public keys, signatures.
14 | * Constant time, constant memory access signing and pubkey generation.
15 | * Derandomized DSA (via RFC6979 or with a caller provided function.)
16 | * Very efficient implementation.
17 |
18 | Implementation details
19 | ----------------------
20 |
21 | * General
22 | * No runtime heap allocation.
23 | * Extensive testing infrastructure.
24 | * Structured to facilitate review and analysis.
25 | * Intended to be portable to any system with a C89 compiler and uint64_t support.
26 | * Expose only higher level interfaces to minimize the API surface and improve application security. ("Be difficult to use insecurely.")
27 | * Field operations
28 | * Optimized implementation of arithmetic modulo the curve's field size (2^256 - 0x1000003D1).
29 | * Using 5 52-bit limbs (including hand-optimized assembly for x86_64, by Diederik Huys).
30 | * Using 10 26-bit limbs.
31 | * Field inverses and square roots using a sliding window over blocks of 1s (by Peter Dettman).
32 | * Scalar operations
33 | * Optimized implementation without data-dependent branches of arithmetic modulo the curve's order.
34 | * Using 4 64-bit limbs (relying on __int128 support in the compiler).
35 | * Using 8 32-bit limbs.
36 | * Group operations
37 | * Point addition formula specifically simplified for the curve equation (y^2 = x^3 + 7).
38 | * Use addition between points in Jacobian and affine coordinates where possible.
39 | * Use a unified addition/doubling formula where necessary to avoid data-dependent branches.
40 | * Point/x comparison without a field inversion by comparison in the Jacobian coordinate space.
41 | * Point multiplication for verification (a*P + b*G).
42 | * Use wNAF notation for point multiplicands.
43 | * Use a much larger window for multiples of G, using precomputed multiples.
44 | * Use Shamir's trick to do the multiplication with the public key and the generator simultaneously.
45 | * Optionally (off by default) use secp256k1's efficiently-computable endomorphism to split the P multiplicand into 2 half-sized ones.
46 | * Point multiplication for signing
47 | * Use a precomputed table of multiples of powers of 16 multiplied with the generator, so general multiplication becomes a series of additions.
48 | * Access the table with branch-free conditional moves so memory access is uniform.
49 | * No data-dependent branches
50 | * The precomputed tables add and eventually subtract points for which no known scalar (private key) is known, preventing even an attacker with control over the private key used to control the data internally.
51 |
52 | Build steps
53 | -----------
54 |
55 | libsecp256k1 is built using autotools:
56 |
57 | $ ./autogen.sh
58 | $ ./configure
59 | $ make
60 | $ ./tests
61 | $ sudo make install # optional
62 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/TODO:
--------------------------------------------------------------------------------
1 | * Unit tests for fieldelem/groupelem, including ones intended to
2 | trigger fieldelem's boundary cases.
3 | * Complete constant-time operations for signing/keygen
4 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/autogen.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | set -e
3 | autoreconf -if --warnings=all
4 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/build-aux/m4/ax_jni_include_dir.m4:
--------------------------------------------------------------------------------
1 | # ===========================================================================
2 | # http://www.gnu.org/software/autoconf-archive/ax_jni_include_dir.html
3 | # ===========================================================================
4 | #
5 | # SYNOPSIS
6 | #
7 | # AX_JNI_INCLUDE_DIR
8 | #
9 | # DESCRIPTION
10 | #
11 | # AX_JNI_INCLUDE_DIR finds include directories needed for compiling
12 | # programs using the JNI interface.
13 | #
14 | # JNI include directories are usually in the Java distribution. This is
15 | # deduced from the value of $JAVA_HOME, $JAVAC, or the path to "javac", in
16 | # that order. When this macro completes, a list of directories is left in
17 | # the variable JNI_INCLUDE_DIRS.
18 | #
19 | # Example usage follows:
20 | #
21 | # AX_JNI_INCLUDE_DIR
22 | #
23 | # for JNI_INCLUDE_DIR in $JNI_INCLUDE_DIRS
24 | # do
25 | # CPPFLAGS="$CPPFLAGS -I$JNI_INCLUDE_DIR"
26 | # done
27 | #
28 | # If you want to force a specific compiler:
29 | #
30 | # - at the configure.in level, set JAVAC=yourcompiler before calling
31 | # AX_JNI_INCLUDE_DIR
32 | #
33 | # - at the configure level, setenv JAVAC
34 | #
35 | # Note: This macro can work with the autoconf M4 macros for Java programs.
36 | # This particular macro is not part of the original set of macros.
37 | #
38 | # LICENSE
39 | #
40 | # Copyright (c) 2008 Don Anderson
41 | #
42 | # Copying and distribution of this file, with or without modification, are
43 | # permitted in any medium without royalty provided the copyright notice
44 | # and this notice are preserved. This file is offered as-is, without any
45 | # warranty.
46 |
47 | #serial 10
48 |
49 | AU_ALIAS([AC_JNI_INCLUDE_DIR], [AX_JNI_INCLUDE_DIR])
50 | AC_DEFUN([AX_JNI_INCLUDE_DIR],[
51 |
52 | JNI_INCLUDE_DIRS=""
53 |
54 | if test "x$JAVA_HOME" != x; then
55 | _JTOPDIR="$JAVA_HOME"
56 | else
57 | if test "x$JAVAC" = x; then
58 | JAVAC=javac
59 | fi
60 | AC_PATH_PROG([_ACJNI_JAVAC], [$JAVAC], [no])
61 | if test "x$_ACJNI_JAVAC" = xno; then
62 | AC_MSG_WARN([cannot find JDK; try setting \$JAVAC or \$JAVA_HOME])
63 | fi
64 | _ACJNI_FOLLOW_SYMLINKS("$_ACJNI_JAVAC")
65 | _JTOPDIR=`echo "$_ACJNI_FOLLOWED" | sed -e 's://*:/:g' -e 's:/[[^/]]*$::'`
66 | fi
67 |
68 | case "$host_os" in
69 | darwin*) _JTOPDIR=`echo "$_JTOPDIR" | sed -e 's:/[[^/]]*$::'`
70 | _JINC="$_JTOPDIR/Headers";;
71 | *) _JINC="$_JTOPDIR/include";;
72 | esac
73 | _AS_ECHO_LOG([_JTOPDIR=$_JTOPDIR])
74 | _AS_ECHO_LOG([_JINC=$_JINC])
75 |
76 | # On Mac OS X 10.6.4, jni.h is a symlink:
77 | # /System/Library/Frameworks/JavaVM.framework/Versions/Current/Headers/jni.h
78 | # -> ../../CurrentJDK/Headers/jni.h.
79 |
80 | AC_CACHE_CHECK(jni headers, ac_cv_jni_header_path,
81 | [
82 | if test -f "$_JINC/jni.h"; then
83 | ac_cv_jni_header_path="$_JINC"
84 | JNI_INCLUDE_DIRS="$JNI_INCLUDE_DIRS $ac_cv_jni_header_path"
85 | else
86 | _JTOPDIR=`echo "$_JTOPDIR" | sed -e 's:/[[^/]]*$::'`
87 | if test -f "$_JTOPDIR/include/jni.h"; then
88 | ac_cv_jni_header_path="$_JTOPDIR/include"
89 | JNI_INCLUDE_DIRS="$JNI_INCLUDE_DIRS $ac_cv_jni_header_path"
90 | else
91 | ac_cv_jni_header_path=none
92 | fi
93 | fi
94 | ])
95 |
96 |
97 |
98 | # get the likely subdirectories for system specific java includes
99 | case "$host_os" in
100 | bsdi*) _JNI_INC_SUBDIRS="bsdos";;
101 | darwin*) _JNI_INC_SUBDIRS="darwin";;
102 | freebsd*) _JNI_INC_SUBDIRS="freebsd";;
103 | linux*) _JNI_INC_SUBDIRS="linux genunix";;
104 | osf*) _JNI_INC_SUBDIRS="alpha";;
105 | solaris*) _JNI_INC_SUBDIRS="solaris";;
106 | mingw*) _JNI_INC_SUBDIRS="win32";;
107 | cygwin*) _JNI_INC_SUBDIRS="win32";;
108 | *) _JNI_INC_SUBDIRS="genunix";;
109 | esac
110 |
111 | if test "x$ac_cv_jni_header_path" != "xnone"; then
112 | # add any subdirectories that are present
113 | for JINCSUBDIR in $_JNI_INC_SUBDIRS
114 | do
115 | if test -d "$_JTOPDIR/include/$JINCSUBDIR"; then
116 | JNI_INCLUDE_DIRS="$JNI_INCLUDE_DIRS $_JTOPDIR/include/$JINCSUBDIR"
117 | fi
118 | done
119 | fi
120 | ])
121 |
122 | # _ACJNI_FOLLOW_SYMLINKS
123 | # Follows symbolic links on ,
124 | # finally setting variable _ACJNI_FOLLOWED
125 | # ----------------------------------------
126 | AC_DEFUN([_ACJNI_FOLLOW_SYMLINKS],[
127 | # find the include directory relative to the javac executable
128 | _cur="$1"
129 | while ls -ld "$_cur" 2>/dev/null | grep " -> " >/dev/null; do
130 | AC_MSG_CHECKING([symlink for $_cur])
131 | _slink=`ls -ld "$_cur" | sed 's/.* -> //'`
132 | case "$_slink" in
133 | /*) _cur="$_slink";;
134 | # 'X' avoids triggering unwanted echo options.
135 | *) _cur=`echo "X$_cur" | sed -e 's/^X//' -e 's:[[^/]]*$::'`"$_slink";;
136 | esac
137 | AC_MSG_RESULT([$_cur])
138 | done
139 | _ACJNI_FOLLOWED="$_cur"
140 | ])# _ACJNI
141 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/build-aux/m4/ax_prog_cc_for_build.m4:
--------------------------------------------------------------------------------
1 | # ===========================================================================
2 | # http://www.gnu.org/software/autoconf-archive/ax_prog_cc_for_build.html
3 | # ===========================================================================
4 | #
5 | # SYNOPSIS
6 | #
7 | # AX_PROG_CC_FOR_BUILD
8 | #
9 | # DESCRIPTION
10 | #
11 | # This macro searches for a C compiler that generates native executables,
12 | # that is a C compiler that surely is not a cross-compiler. This can be
13 | # useful if you have to generate source code at compile-time like for
14 | # example GCC does.
15 | #
16 | # The macro sets the CC_FOR_BUILD and CPP_FOR_BUILD macros to anything
17 | # needed to compile or link (CC_FOR_BUILD) and preprocess (CPP_FOR_BUILD).
18 | # The value of these variables can be overridden by the user by specifying
19 | # a compiler with an environment variable (like you do for standard CC).
20 | #
21 | # It also sets BUILD_EXEEXT and BUILD_OBJEXT to the executable and object
22 | # file extensions for the build platform, and GCC_FOR_BUILD to `yes' if
23 | # the compiler we found is GCC. All these variables but GCC_FOR_BUILD are
24 | # substituted in the Makefile.
25 | #
26 | # LICENSE
27 | #
28 | # Copyright (c) 2008 Paolo Bonzini
29 | #
30 | # Copying and distribution of this file, with or without modification, are
31 | # permitted in any medium without royalty provided the copyright notice
32 | # and this notice are preserved. This file is offered as-is, without any
33 | # warranty.
34 |
35 | #serial 8
36 |
37 | AU_ALIAS([AC_PROG_CC_FOR_BUILD], [AX_PROG_CC_FOR_BUILD])
38 | AC_DEFUN([AX_PROG_CC_FOR_BUILD], [dnl
39 | AC_REQUIRE([AC_PROG_CC])dnl
40 | AC_REQUIRE([AC_PROG_CPP])dnl
41 | AC_REQUIRE([AC_EXEEXT])dnl
42 | AC_REQUIRE([AC_CANONICAL_HOST])dnl
43 |
44 | dnl Use the standard macros, but make them use other variable names
45 | dnl
46 | pushdef([ac_cv_prog_CPP], ac_cv_build_prog_CPP)dnl
47 | pushdef([ac_cv_prog_gcc], ac_cv_build_prog_gcc)dnl
48 | pushdef([ac_cv_prog_cc_works], ac_cv_build_prog_cc_works)dnl
49 | pushdef([ac_cv_prog_cc_cross], ac_cv_build_prog_cc_cross)dnl
50 | pushdef([ac_cv_prog_cc_g], ac_cv_build_prog_cc_g)dnl
51 | pushdef([ac_cv_exeext], ac_cv_build_exeext)dnl
52 | pushdef([ac_cv_objext], ac_cv_build_objext)dnl
53 | pushdef([ac_exeext], ac_build_exeext)dnl
54 | pushdef([ac_objext], ac_build_objext)dnl
55 | pushdef([CC], CC_FOR_BUILD)dnl
56 | pushdef([CPP], CPP_FOR_BUILD)dnl
57 | pushdef([CFLAGS], CFLAGS_FOR_BUILD)dnl
58 | pushdef([CPPFLAGS], CPPFLAGS_FOR_BUILD)dnl
59 | pushdef([LDFLAGS], LDFLAGS_FOR_BUILD)dnl
60 | pushdef([host], build)dnl
61 | pushdef([host_alias], build_alias)dnl
62 | pushdef([host_cpu], build_cpu)dnl
63 | pushdef([host_vendor], build_vendor)dnl
64 | pushdef([host_os], build_os)dnl
65 | pushdef([ac_cv_host], ac_cv_build)dnl
66 | pushdef([ac_cv_host_alias], ac_cv_build_alias)dnl
67 | pushdef([ac_cv_host_cpu], ac_cv_build_cpu)dnl
68 | pushdef([ac_cv_host_vendor], ac_cv_build_vendor)dnl
69 | pushdef([ac_cv_host_os], ac_cv_build_os)dnl
70 | pushdef([ac_cpp], ac_build_cpp)dnl
71 | pushdef([ac_compile], ac_build_compile)dnl
72 | pushdef([ac_link], ac_build_link)dnl
73 |
74 | save_cross_compiling=$cross_compiling
75 | save_ac_tool_prefix=$ac_tool_prefix
76 | cross_compiling=no
77 | ac_tool_prefix=
78 |
79 | AC_PROG_CC
80 | AC_PROG_CPP
81 | AC_EXEEXT
82 |
83 | ac_tool_prefix=$save_ac_tool_prefix
84 | cross_compiling=$save_cross_compiling
85 |
86 | dnl Restore the old definitions
87 | dnl
88 | popdef([ac_link])dnl
89 | popdef([ac_compile])dnl
90 | popdef([ac_cpp])dnl
91 | popdef([ac_cv_host_os])dnl
92 | popdef([ac_cv_host_vendor])dnl
93 | popdef([ac_cv_host_cpu])dnl
94 | popdef([ac_cv_host_alias])dnl
95 | popdef([ac_cv_host])dnl
96 | popdef([host_os])dnl
97 | popdef([host_vendor])dnl
98 | popdef([host_cpu])dnl
99 | popdef([host_alias])dnl
100 | popdef([host])dnl
101 | popdef([LDFLAGS])dnl
102 | popdef([CPPFLAGS])dnl
103 | popdef([CFLAGS])dnl
104 | popdef([CPP])dnl
105 | popdef([CC])dnl
106 | popdef([ac_objext])dnl
107 | popdef([ac_exeext])dnl
108 | popdef([ac_cv_objext])dnl
109 | popdef([ac_cv_exeext])dnl
110 | popdef([ac_cv_prog_cc_g])dnl
111 | popdef([ac_cv_prog_cc_cross])dnl
112 | popdef([ac_cv_prog_cc_works])dnl
113 | popdef([ac_cv_prog_gcc])dnl
114 | popdef([ac_cv_prog_CPP])dnl
115 |
116 | dnl Finally, set Makefile variables
117 | dnl
118 | BUILD_EXEEXT=$ac_build_exeext
119 | BUILD_OBJEXT=$ac_build_objext
120 | AC_SUBST(BUILD_EXEEXT)dnl
121 | AC_SUBST(BUILD_OBJEXT)dnl
122 | AC_SUBST([CFLAGS_FOR_BUILD])dnl
123 | AC_SUBST([CPPFLAGS_FOR_BUILD])dnl
124 | AC_SUBST([LDFLAGS_FOR_BUILD])dnl
125 | ])
126 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/build-aux/m4/bitcoin_secp.m4:
--------------------------------------------------------------------------------
1 | dnl libsecp25k1 helper checks
2 | AC_DEFUN([SECP_INT128_CHECK],[
3 | has_int128=$ac_cv_type___int128
4 | ])
5 |
6 | dnl escape "$0x" below using the m4 quadrigaph @S|@, and escape it again with a \ for the shell.
7 | AC_DEFUN([SECP_64BIT_ASM_CHECK],[
8 | AC_MSG_CHECKING(for x86_64 assembly availability)
9 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
10 | #include ]],[[
11 | uint64_t a = 11, tmp;
12 | __asm__ __volatile__("movq \@S|@0x100000000,%1; mulq %%rsi" : "+a"(a) : "S"(tmp) : "cc", "%rdx");
13 | ]])],[has_64bit_asm=yes],[has_64bit_asm=no])
14 | AC_MSG_RESULT([$has_64bit_asm])
15 | ])
16 |
17 | dnl
18 | AC_DEFUN([SECP_OPENSSL_CHECK],[
19 | has_libcrypto=no
20 | m4_ifdef([PKG_CHECK_MODULES],[
21 | PKG_CHECK_MODULES([CRYPTO], [libcrypto], [has_libcrypto=yes],[has_libcrypto=no])
22 | if test x"$has_libcrypto" = x"yes"; then
23 | TEMP_LIBS="$LIBS"
24 | LIBS="$LIBS $CRYPTO_LIBS"
25 | AC_CHECK_LIB(crypto, main,[AC_DEFINE(HAVE_LIBCRYPTO,1,[Define this symbol if libcrypto is installed])],[has_libcrypto=no])
26 | LIBS="$TEMP_LIBS"
27 | fi
28 | ])
29 | if test x$has_libcrypto = xno; then
30 | AC_CHECK_HEADER(openssl/crypto.h,[
31 | AC_CHECK_LIB(crypto, main,[
32 | has_libcrypto=yes
33 | CRYPTO_LIBS=-lcrypto
34 | AC_DEFINE(HAVE_LIBCRYPTO,1,[Define this symbol if libcrypto is installed])
35 | ])
36 | ])
37 | LIBS=
38 | fi
39 | if test x"$has_libcrypto" = x"yes" && test x"$has_openssl_ec" = x; then
40 | AC_MSG_CHECKING(for EC functions in libcrypto)
41 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
42 | #include
43 | #include
44 | #include ]],[[
45 | EC_KEY *eckey = EC_KEY_new_by_curve_name(NID_secp256k1);
46 | ECDSA_sign(0, NULL, 0, NULL, NULL, eckey);
47 | ECDSA_verify(0, NULL, 0, NULL, 0, eckey);
48 | EC_KEY_free(eckey);
49 | ECDSA_SIG *sig_openssl;
50 | sig_openssl = ECDSA_SIG_new();
51 | (void)sig_openssl->r;
52 | ECDSA_SIG_free(sig_openssl);
53 | ]])],[has_openssl_ec=yes],[has_openssl_ec=no])
54 | AC_MSG_RESULT([$has_openssl_ec])
55 | fi
56 | ])
57 |
58 | dnl
59 | AC_DEFUN([SECP_GMP_CHECK],[
60 | if test x"$has_gmp" != x"yes"; then
61 | CPPFLAGS_TEMP="$CPPFLAGS"
62 | CPPFLAGS="$GMP_CPPFLAGS $CPPFLAGS"
63 | LIBS_TEMP="$LIBS"
64 | LIBS="$GMP_LIBS $LIBS"
65 | AC_CHECK_HEADER(gmp.h,[AC_CHECK_LIB(gmp, __gmpz_init,[has_gmp=yes; GMP_LIBS="$GMP_LIBS -lgmp"; AC_DEFINE(HAVE_LIBGMP,1,[Define this symbol if libgmp is installed])])])
66 | CPPFLAGS="$CPPFLAGS_TEMP"
67 | LIBS="$LIBS_TEMP"
68 | fi
69 | ])
70 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/contrib/lax_der_parsing.c:
--------------------------------------------------------------------------------
1 | /**********************************************************************
2 | * Copyright (c) 2015 Pieter Wuille *
3 | * Distributed under the MIT software license, see the accompanying *
4 | * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5 | **********************************************************************/
6 |
7 | #include
8 | #include
9 |
10 | #include "lax_der_parsing.h"
11 |
12 | int ecdsa_signature_parse_der_lax(const secp256k1_context* ctx, secp256k1_ecdsa_signature* sig, const unsigned char *input, size_t inputlen) {
13 | size_t rpos, rlen, spos, slen;
14 | size_t pos = 0;
15 | size_t lenbyte;
16 | unsigned char tmpsig[64] = {0};
17 | int overflow = 0;
18 |
19 | /* Hack to initialize sig with a correctly-parsed but invalid signature. */
20 | secp256k1_ecdsa_signature_parse_compact(ctx, sig, tmpsig);
21 |
22 | /* Sequence tag byte */
23 | if (pos == inputlen || input[pos] != 0x30) {
24 | return 0;
25 | }
26 | pos++;
27 |
28 | /* Sequence length bytes */
29 | if (pos == inputlen) {
30 | return 0;
31 | }
32 | lenbyte = input[pos++];
33 | if (lenbyte & 0x80) {
34 | lenbyte -= 0x80;
35 | if (pos + lenbyte > inputlen) {
36 | return 0;
37 | }
38 | pos += lenbyte;
39 | }
40 |
41 | /* Integer tag byte for R */
42 | if (pos == inputlen || input[pos] != 0x02) {
43 | return 0;
44 | }
45 | pos++;
46 |
47 | /* Integer length for R */
48 | if (pos == inputlen) {
49 | return 0;
50 | }
51 | lenbyte = input[pos++];
52 | if (lenbyte & 0x80) {
53 | lenbyte -= 0x80;
54 | if (pos + lenbyte > inputlen) {
55 | return 0;
56 | }
57 | while (lenbyte > 0 && input[pos] == 0) {
58 | pos++;
59 | lenbyte--;
60 | }
61 | if (lenbyte >= sizeof(size_t)) {
62 | return 0;
63 | }
64 | rlen = 0;
65 | while (lenbyte > 0) {
66 | rlen = (rlen << 8) + input[pos];
67 | pos++;
68 | lenbyte--;
69 | }
70 | } else {
71 | rlen = lenbyte;
72 | }
73 | if (rlen > inputlen - pos) {
74 | return 0;
75 | }
76 | rpos = pos;
77 | pos += rlen;
78 |
79 | /* Integer tag byte for S */
80 | if (pos == inputlen || input[pos] != 0x02) {
81 | return 0;
82 | }
83 | pos++;
84 |
85 | /* Integer length for S */
86 | if (pos == inputlen) {
87 | return 0;
88 | }
89 | lenbyte = input[pos++];
90 | if (lenbyte & 0x80) {
91 | lenbyte -= 0x80;
92 | if (pos + lenbyte > inputlen) {
93 | return 0;
94 | }
95 | while (lenbyte > 0 && input[pos] == 0) {
96 | pos++;
97 | lenbyte--;
98 | }
99 | if (lenbyte >= sizeof(size_t)) {
100 | return 0;
101 | }
102 | slen = 0;
103 | while (lenbyte > 0) {
104 | slen = (slen << 8) + input[pos];
105 | pos++;
106 | lenbyte--;
107 | }
108 | } else {
109 | slen = lenbyte;
110 | }
111 | if (slen > inputlen - pos) {
112 | return 0;
113 | }
114 | spos = pos;
115 | pos += slen;
116 |
117 | /* Ignore leading zeroes in R */
118 | while (rlen > 0 && input[rpos] == 0) {
119 | rlen--;
120 | rpos++;
121 | }
122 | /* Copy R value */
123 | if (rlen > 32) {
124 | overflow = 1;
125 | } else {
126 | memcpy(tmpsig + 32 - rlen, input + rpos, rlen);
127 | }
128 |
129 | /* Ignore leading zeroes in S */
130 | while (slen > 0 && input[spos] == 0) {
131 | slen--;
132 | spos++;
133 | }
134 | /* Copy S value */
135 | if (slen > 32) {
136 | overflow = 1;
137 | } else {
138 | memcpy(tmpsig + 64 - slen, input + spos, slen);
139 | }
140 |
141 | if (!overflow) {
142 | overflow = !secp256k1_ecdsa_signature_parse_compact(ctx, sig, tmpsig);
143 | }
144 | if (overflow) {
145 | memset(tmpsig, 0, 64);
146 | secp256k1_ecdsa_signature_parse_compact(ctx, sig, tmpsig);
147 | }
148 | return 1;
149 | }
150 |
151 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/contrib/lax_der_parsing.h:
--------------------------------------------------------------------------------
1 | /**********************************************************************
2 | * Copyright (c) 2015 Pieter Wuille *
3 | * Distributed under the MIT software license, see the accompanying *
4 | * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5 | **********************************************************************/
6 |
7 | /****
8 | * Please do not link this file directly. It is not part of the libsecp256k1
9 | * project and does not promise any stability in its API, functionality or
10 | * presence. Projects which use this code should instead copy this header
11 | * and its accompanying .c file directly into their codebase.
12 | ****/
13 |
14 | /* This file defines a function that parses DER with various errors and
15 | * violations. This is not a part of the library itself, because the allowed
16 | * violations are chosen arbitrarily and do not follow or establish any
17 | * standard.
18 | *
19 | * In many places it matters that different implementations do not only accept
20 | * the same set of valid signatures, but also reject the same set of signatures.
21 | * The only means to accomplish that is by strictly obeying a standard, and not
22 | * accepting anything else.
23 | *
24 | * Nonetheless, sometimes there is a need for compatibility with systems that
25 | * use signatures which do not strictly obey DER. The snippet below shows how
26 | * certain violations are easily supported. You may need to adapt it.
27 | *
28 | * Do not use this for new systems. Use well-defined DER or compact signatures
29 | * instead if you have the choice (see secp256k1_ecdsa_signature_parse_der and
30 | * secp256k1_ecdsa_signature_parse_compact).
31 | *
32 | * The supported violations are:
33 | * - All numbers are parsed as nonnegative integers, even though X.609-0207
34 | * section 8.3.3 specifies that integers are always encoded as two's
35 | * complement.
36 | * - Integers can have length 0, even though section 8.3.1 says they can't.
37 | * - Integers with overly long padding are accepted, violation section
38 | * 8.3.2.
39 | * - 127-byte long length descriptors are accepted, even though section
40 | * 8.1.3.5.c says that they are not.
41 | * - Trailing garbage data inside or after the signature is ignored.
42 | * - The length descriptor of the sequence is ignored.
43 | *
44 | * Compared to for example OpenSSL, many violations are NOT supported:
45 | * - Using overly long tag descriptors for the sequence or integers inside,
46 | * violating section 8.1.2.2.
47 | * - Encoding primitive integers as constructed values, violating section
48 | * 8.3.1.
49 | */
50 |
51 | #ifndef _SECP256K1_CONTRIB_LAX_DER_PARSING_H_
52 | #define _SECP256K1_CONTRIB_LAX_DER_PARSING_H_
53 |
54 | #include
55 |
56 | # ifdef __cplusplus
57 | extern "C" {
58 | # endif
59 |
60 | /** Parse a signature in "lax DER" format
61 | *
62 | * Returns: 1 when the signature could be parsed, 0 otherwise.
63 | * Args: ctx: a secp256k1 context object
64 | * Out: sig: a pointer to a signature object
65 | * In: input: a pointer to the signature to be parsed
66 | * inputlen: the length of the array pointed to be input
67 | *
68 | * This function will accept any valid DER encoded signature, even if the
69 | * encoded numbers are out of range. In addition, it will accept signatures
70 | * which violate the DER spec in various ways. Its purpose is to allow
71 | * validation of the Bitcoin blockchain, which includes non-DER signatures
72 | * from before the network rules were updated to enforce DER. Note that
73 | * the set of supported violations is a strict subset of what OpenSSL will
74 | * accept.
75 | *
76 | * After the call, sig will always be initialized. If parsing failed or the
77 | * encoded numbers are out of range, signature validation with it is
78 | * guaranteed to fail for every message and public key.
79 | */
80 | int ecdsa_signature_parse_der_lax(
81 | const secp256k1_context* ctx,
82 | secp256k1_ecdsa_signature* sig,
83 | const unsigned char *input,
84 | size_t inputlen
85 | ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
86 |
87 | #ifdef __cplusplus
88 | }
89 | #endif
90 |
91 | #endif
92 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/contrib/lax_der_privatekey_parsing.c:
--------------------------------------------------------------------------------
1 | /**********************************************************************
2 | * Copyright (c) 2014, 2015 Pieter Wuille *
3 | * Distributed under the MIT software license, see the accompanying *
4 | * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5 | **********************************************************************/
6 |
7 | #include
8 | #include
9 |
10 | #include "lax_der_privatekey_parsing.h"
11 |
12 | int ec_privkey_import_der(const secp256k1_context* ctx, unsigned char *out32, const unsigned char *privkey, size_t privkeylen) {
13 | const unsigned char *end = privkey + privkeylen;
14 | int lenb = 0;
15 | int len = 0;
16 | memset(out32, 0, 32);
17 | /* sequence header */
18 | if (end < privkey+1 || *privkey != 0x30) {
19 | return 0;
20 | }
21 | privkey++;
22 | /* sequence length constructor */
23 | if (end < privkey+1 || !(*privkey & 0x80)) {
24 | return 0;
25 | }
26 | lenb = *privkey & ~0x80; privkey++;
27 | if (lenb < 1 || lenb > 2) {
28 | return 0;
29 | }
30 | if (end < privkey+lenb) {
31 | return 0;
32 | }
33 | /* sequence length */
34 | len = privkey[lenb-1] | (lenb > 1 ? privkey[lenb-2] << 8 : 0);
35 | privkey += lenb;
36 | if (end < privkey+len) {
37 | return 0;
38 | }
39 | /* sequence element 0: version number (=1) */
40 | if (end < privkey+3 || privkey[0] != 0x02 || privkey[1] != 0x01 || privkey[2] != 0x01) {
41 | return 0;
42 | }
43 | privkey += 3;
44 | /* sequence element 1: octet string, up to 32 bytes */
45 | if (end < privkey+2 || privkey[0] != 0x04 || privkey[1] > 0x20 || end < privkey+2+privkey[1]) {
46 | return 0;
47 | }
48 | memcpy(out32 + 32 - privkey[1], privkey + 2, privkey[1]);
49 | if (!secp256k1_ec_seckey_verify(ctx, out32)) {
50 | memset(out32, 0, 32);
51 | return 0;
52 | }
53 | return 1;
54 | }
55 |
56 | int ec_privkey_export_der(const secp256k1_context *ctx, unsigned char *privkey, size_t *privkeylen, const unsigned char *key32, int compressed) {
57 | secp256k1_pubkey pubkey;
58 | size_t pubkeylen = 0;
59 | if (!secp256k1_ec_pubkey_create(ctx, &pubkey, key32)) {
60 | *privkeylen = 0;
61 | return 0;
62 | }
63 | if (compressed) {
64 | static const unsigned char begin[] = {
65 | 0x30,0x81,0xD3,0x02,0x01,0x01,0x04,0x20
66 | };
67 | static const unsigned char middle[] = {
68 | 0xA0,0x81,0x85,0x30,0x81,0x82,0x02,0x01,0x01,0x30,0x2C,0x06,0x07,0x2A,0x86,0x48,
69 | 0xCE,0x3D,0x01,0x01,0x02,0x21,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
70 | 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
71 | 0xFF,0xFF,0xFE,0xFF,0xFF,0xFC,0x2F,0x30,0x06,0x04,0x01,0x00,0x04,0x01,0x07,0x04,
72 | 0x21,0x02,0x79,0xBE,0x66,0x7E,0xF9,0xDC,0xBB,0xAC,0x55,0xA0,0x62,0x95,0xCE,0x87,
73 | 0x0B,0x07,0x02,0x9B,0xFC,0xDB,0x2D,0xCE,0x28,0xD9,0x59,0xF2,0x81,0x5B,0x16,0xF8,
74 | 0x17,0x98,0x02,0x21,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
75 | 0xFF,0xFF,0xFF,0xFF,0xFE,0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B,0xBF,0xD2,0x5E,
76 | 0x8C,0xD0,0x36,0x41,0x41,0x02,0x01,0x01,0xA1,0x24,0x03,0x22,0x00
77 | };
78 | unsigned char *ptr = privkey;
79 | memcpy(ptr, begin, sizeof(begin)); ptr += sizeof(begin);
80 | memcpy(ptr, key32, 32); ptr += 32;
81 | memcpy(ptr, middle, sizeof(middle)); ptr += sizeof(middle);
82 | pubkeylen = 33;
83 | secp256k1_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED);
84 | ptr += pubkeylen;
85 | *privkeylen = ptr - privkey;
86 | } else {
87 | static const unsigned char begin[] = {
88 | 0x30,0x82,0x01,0x13,0x02,0x01,0x01,0x04,0x20
89 | };
90 | static const unsigned char middle[] = {
91 | 0xA0,0x81,0xA5,0x30,0x81,0xA2,0x02,0x01,0x01,0x30,0x2C,0x06,0x07,0x2A,0x86,0x48,
92 | 0xCE,0x3D,0x01,0x01,0x02,0x21,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
93 | 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
94 | 0xFF,0xFF,0xFE,0xFF,0xFF,0xFC,0x2F,0x30,0x06,0x04,0x01,0x00,0x04,0x01,0x07,0x04,
95 | 0x41,0x04,0x79,0xBE,0x66,0x7E,0xF9,0xDC,0xBB,0xAC,0x55,0xA0,0x62,0x95,0xCE,0x87,
96 | 0x0B,0x07,0x02,0x9B,0xFC,0xDB,0x2D,0xCE,0x28,0xD9,0x59,0xF2,0x81,0x5B,0x16,0xF8,
97 | 0x17,0x98,0x48,0x3A,0xDA,0x77,0x26,0xA3,0xC4,0x65,0x5D,0xA4,0xFB,0xFC,0x0E,0x11,
98 | 0x08,0xA8,0xFD,0x17,0xB4,0x48,0xA6,0x85,0x54,0x19,0x9C,0x47,0xD0,0x8F,0xFB,0x10,
99 | 0xD4,0xB8,0x02,0x21,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
100 | 0xFF,0xFF,0xFF,0xFF,0xFE,0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B,0xBF,0xD2,0x5E,
101 | 0x8C,0xD0,0x36,0x41,0x41,0x02,0x01,0x01,0xA1,0x44,0x03,0x42,0x00
102 | };
103 | unsigned char *ptr = privkey;
104 | memcpy(ptr, begin, sizeof(begin)); ptr += sizeof(begin);
105 | memcpy(ptr, key32, 32); ptr += 32;
106 | memcpy(ptr, middle, sizeof(middle)); ptr += sizeof(middle);
107 | pubkeylen = 65;
108 | secp256k1_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey, SECP256K1_EC_UNCOMPRESSED);
109 | ptr += pubkeylen;
110 | *privkeylen = ptr - privkey;
111 | }
112 | return 1;
113 | }
114 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/contrib/lax_der_privatekey_parsing.h:
--------------------------------------------------------------------------------
1 | /**********************************************************************
2 | * Copyright (c) 2014, 2015 Pieter Wuille *
3 | * Distributed under the MIT software license, see the accompanying *
4 | * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5 | **********************************************************************/
6 |
7 | /****
8 | * Please do not link this file directly. It is not part of the libsecp256k1
9 | * project and does not promise any stability in its API, functionality or
10 | * presence. Projects which use this code should instead copy this header
11 | * and its accompanying .c file directly into their codebase.
12 | ****/
13 |
14 | /* This file contains code snippets that parse DER private keys with
15 | * various errors and violations. This is not a part of the library
16 | * itself, because the allowed violations are chosen arbitrarily and
17 | * do not follow or establish any standard.
18 | *
19 | * It also contains code to serialize private keys in a compatible
20 | * manner.
21 | *
22 | * These functions are meant for compatibility with applications
23 | * that require BER encoded keys. When working with secp256k1-specific
24 | * code, the simple 32-byte private keys normally used by the
25 | * library are sufficient.
26 | */
27 |
28 | #ifndef _SECP256K1_CONTRIB_BER_PRIVATEKEY_H_
29 | #define _SECP256K1_CONTRIB_BER_PRIVATEKEY_H_
30 |
31 | #include
32 |
33 | # ifdef __cplusplus
34 | extern "C" {
35 | # endif
36 |
37 | /** Export a private key in DER format.
38 | *
39 | * Returns: 1 if the private key was valid.
40 | * Args: ctx: pointer to a context object, initialized for signing (cannot
41 | * be NULL)
42 | * Out: privkey: pointer to an array for storing the private key in BER.
43 | * Should have space for 279 bytes, and cannot be NULL.
44 | * privkeylen: Pointer to an int where the length of the private key in
45 | * privkey will be stored.
46 | * In: seckey: pointer to a 32-byte secret key to export.
47 | * compressed: 1 if the key should be exported in
48 | * compressed format, 0 otherwise
49 | *
50 | * This function is purely meant for compatibility with applications that
51 | * require BER encoded keys. When working with secp256k1-specific code, the
52 | * simple 32-byte private keys are sufficient.
53 | *
54 | * Note that this function does not guarantee correct DER output. It is
55 | * guaranteed to be parsable by secp256k1_ec_privkey_import_der
56 | */
57 | SECP256K1_WARN_UNUSED_RESULT int ec_privkey_export_der(
58 | const secp256k1_context* ctx,
59 | unsigned char *privkey,
60 | size_t *privkeylen,
61 | const unsigned char *seckey,
62 | int compressed
63 | ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
64 |
65 | /** Import a private key in DER format.
66 | * Returns: 1 if a private key was extracted.
67 | * Args: ctx: pointer to a context object (cannot be NULL).
68 | * Out: seckey: pointer to a 32-byte array for storing the private key.
69 | * (cannot be NULL).
70 | * In: privkey: pointer to a private key in DER format (cannot be NULL).
71 | * privkeylen: length of the DER private key pointed to be privkey.
72 | *
73 | * This function will accept more than just strict DER, and even allow some BER
74 | * violations. The public key stored inside the DER-encoded private key is not
75 | * verified for correctness, nor are the curve parameters. Use this function
76 | * only if you know in advance it is supposed to contain a secp256k1 private
77 | * key.
78 | */
79 | SECP256K1_WARN_UNUSED_RESULT int ec_privkey_import_der(
80 | const secp256k1_context* ctx,
81 | unsigned char *seckey,
82 | const unsigned char *privkey,
83 | size_t privkeylen
84 | ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
85 |
86 | #ifdef __cplusplus
87 | }
88 | #endif
89 |
90 | #endif
91 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/include/secp256k1_ecdh.h:
--------------------------------------------------------------------------------
1 | #ifndef _SECP256K1_ECDH_
2 | # define _SECP256K1_ECDH_
3 |
4 | # include "secp256k1.h"
5 |
6 | # ifdef __cplusplus
7 | extern "C" {
8 | # endif
9 |
10 | /** Compute an EC Diffie-Hellman secret in constant time
11 | * Returns: 1: exponentiation was successful
12 | * 0: scalar was invalid (zero or overflow)
13 | * Args: ctx: pointer to a context object (cannot be NULL)
14 | * Out: result: a 32-byte array which will be populated by an ECDH
15 | * secret computed from the point and scalar
16 | * In: pubkey: a pointer to a secp256k1_pubkey containing an
17 | * initialized public key
18 | * privkey: a 32-byte scalar with which to multiply the point
19 | */
20 | SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdh(
21 | const secp256k1_context* ctx,
22 | unsigned char *result,
23 | const secp256k1_pubkey *pubkey,
24 | const unsigned char *privkey
25 | ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
26 |
27 | # ifdef __cplusplus
28 | }
29 | # endif
30 |
31 | #endif
32 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/include/secp256k1_recovery.h:
--------------------------------------------------------------------------------
1 | #ifndef _SECP256K1_RECOVERY_
2 | # define _SECP256K1_RECOVERY_
3 |
4 | # include "secp256k1.h"
5 |
6 | # ifdef __cplusplus
7 | extern "C" {
8 | # endif
9 |
10 | /** Opaque data structured that holds a parsed ECDSA signature,
11 | * supporting pubkey recovery.
12 | *
13 | * The exact representation of data inside is implementation defined and not
14 | * guaranteed to be portable between different platforms or versions. It is
15 | * however guaranteed to be 65 bytes in size, and can be safely copied/moved.
16 | * If you need to convert to a format suitable for storage or transmission, use
17 | * the secp256k1_ecdsa_signature_serialize_* and
18 | * secp256k1_ecdsa_signature_parse_* functions.
19 | *
20 | * Furthermore, it is guaranteed that identical signatures (including their
21 | * recoverability) will have identical representation, so they can be
22 | * memcmp'ed.
23 | */
24 | typedef struct {
25 | unsigned char data[65];
26 | } secp256k1_ecdsa_recoverable_signature;
27 |
28 | /** Parse a compact ECDSA signature (64 bytes + recovery id).
29 | *
30 | * Returns: 1 when the signature could be parsed, 0 otherwise
31 | * Args: ctx: a secp256k1 context object
32 | * Out: sig: a pointer to a signature object
33 | * In: input64: a pointer to a 64-byte compact signature
34 | * recid: the recovery id (0, 1, 2 or 3)
35 | */
36 | SECP256K1_API int secp256k1_ecdsa_recoverable_signature_parse_compact(
37 | const secp256k1_context* ctx,
38 | secp256k1_ecdsa_recoverable_signature* sig,
39 | const unsigned char *input64,
40 | int recid
41 | ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
42 |
43 | /** Convert a recoverable signature into a normal signature.
44 | *
45 | * Returns: 1
46 | * Out: sig: a pointer to a normal signature (cannot be NULL).
47 | * In: sigin: a pointer to a recoverable signature (cannot be NULL).
48 | */
49 | SECP256K1_API int secp256k1_ecdsa_recoverable_signature_convert(
50 | const secp256k1_context* ctx,
51 | secp256k1_ecdsa_signature* sig,
52 | const secp256k1_ecdsa_recoverable_signature* sigin
53 | ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
54 |
55 | /** Serialize an ECDSA signature in compact format (64 bytes + recovery id).
56 | *
57 | * Returns: 1
58 | * Args: ctx: a secp256k1 context object
59 | * Out: output64: a pointer to a 64-byte array of the compact signature (cannot be NULL)
60 | * recid: a pointer to an integer to hold the recovery id (can be NULL).
61 | * In: sig: a pointer to an initialized signature object (cannot be NULL)
62 | */
63 | SECP256K1_API int secp256k1_ecdsa_recoverable_signature_serialize_compact(
64 | const secp256k1_context* ctx,
65 | unsigned char *output64,
66 | int *recid,
67 | const secp256k1_ecdsa_recoverable_signature* sig
68 | ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
69 |
70 | /** Create a recoverable ECDSA signature.
71 | *
72 | * Returns: 1: signature created
73 | * 0: the nonce generation function failed, or the private key was invalid.
74 | * Args: ctx: pointer to a context object, initialized for signing (cannot be NULL)
75 | * Out: sig: pointer to an array where the signature will be placed (cannot be NULL)
76 | * In: msg32: the 32-byte message hash being signed (cannot be NULL)
77 | * seckey: pointer to a 32-byte secret key (cannot be NULL)
78 | * noncefp:pointer to a nonce generation function. If NULL, secp256k1_nonce_function_default is used
79 | * ndata: pointer to arbitrary data used by the nonce generation function (can be NULL)
80 | */
81 | SECP256K1_API int secp256k1_ecdsa_sign_recoverable(
82 | const secp256k1_context* ctx,
83 | secp256k1_ecdsa_recoverable_signature *sig,
84 | const unsigned char *msg32,
85 | const unsigned char *seckey,
86 | secp256k1_nonce_function noncefp,
87 | const void *ndata
88 | ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
89 |
90 | /** Recover an ECDSA public key from a signature.
91 | *
92 | * Returns: 1: public key successfully recovered (which guarantees a correct signature).
93 | * 0: otherwise.
94 | * Args: ctx: pointer to a context object, initialized for verification (cannot be NULL)
95 | * Out: pubkey: pointer to the recovered public key (cannot be NULL)
96 | * In: sig: pointer to initialized signature that supports pubkey recovery (cannot be NULL)
97 | * msg32: the 32-byte message hash assumed to be signed (cannot be NULL)
98 | */
99 | SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_recover(
100 | const secp256k1_context* ctx,
101 | secp256k1_pubkey *pubkey,
102 | const secp256k1_ecdsa_recoverable_signature *sig,
103 | const unsigned char *msg32
104 | ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
105 |
106 | # ifdef __cplusplus
107 | }
108 | # endif
109 |
110 | #endif
111 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/libsecp256k1.pc.in:
--------------------------------------------------------------------------------
1 | prefix=@prefix@
2 | exec_prefix=@exec_prefix@
3 | libdir=@libdir@
4 | includedir=@includedir@
5 |
6 | Name: libsecp256k1
7 | Description: Optimized C library for EC operations on curve secp256k1
8 | URL: https://github.com/bitcoin-core/secp256k1
9 | Version: @PACKAGE_VERSION@
10 | Cflags: -I${includedir}
11 | Libs.private: @SECP_LIBS@
12 | Libs: -L${libdir} -lsecp256k1
13 |
14 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/basic-config.h:
--------------------------------------------------------------------------------
1 | /**********************************************************************
2 | * Copyright (c) 2013, 2014 Pieter Wuille *
3 | * Distributed under the MIT software license, see the accompanying *
4 | * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5 | **********************************************************************/
6 |
7 | #ifndef _SECP256K1_BASIC_CONFIG_
8 | #define _SECP256K1_BASIC_CONFIG_
9 |
10 | #ifdef USE_BASIC_CONFIG
11 |
12 | #undef USE_ASM_X86_64
13 | #undef USE_ENDOMORPHISM
14 | #undef USE_FIELD_10X26
15 | #undef USE_FIELD_5X52
16 | #undef USE_FIELD_INV_BUILTIN
17 | #undef USE_FIELD_INV_NUM
18 | #undef USE_NUM_GMP
19 | #undef USE_NUM_NONE
20 | #undef USE_SCALAR_4X64
21 | #undef USE_SCALAR_8X32
22 | #undef USE_SCALAR_INV_BUILTIN
23 | #undef USE_SCALAR_INV_NUM
24 |
25 | #define USE_NUM_NONE 1
26 | #define USE_FIELD_INV_BUILTIN 1
27 | #define USE_SCALAR_INV_BUILTIN 1
28 | #define USE_FIELD_10X26 1
29 | #define USE_SCALAR_8X32 1
30 |
31 | #endif // USE_BASIC_CONFIG
32 | #endif // _SECP256K1_BASIC_CONFIG_
33 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/bench.h:
--------------------------------------------------------------------------------
1 | /**********************************************************************
2 | * Copyright (c) 2014 Pieter Wuille *
3 | * Distributed under the MIT software license, see the accompanying *
4 | * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5 | **********************************************************************/
6 |
7 | #ifndef _SECP256K1_BENCH_H_
8 | #define _SECP256K1_BENCH_H_
9 |
10 | #include
11 | #include
12 | #include "sys/time.h"
13 |
14 | static double gettimedouble(void) {
15 | struct timeval tv;
16 | gettimeofday(&tv, NULL);
17 | return tv.tv_usec * 0.000001 + tv.tv_sec;
18 | }
19 |
20 | void print_number(double x) {
21 | double y = x;
22 | int c = 0;
23 | if (y < 0.0) {
24 | y = -y;
25 | }
26 | while (y < 100.0) {
27 | y *= 10.0;
28 | c++;
29 | }
30 | printf("%.*f", c, x);
31 | }
32 |
33 | void run_benchmark(char *name, void (*benchmark)(void*), void (*setup)(void*), void (*teardown)(void*), void* data, int count, int iter) {
34 | int i;
35 | double min = HUGE_VAL;
36 | double sum = 0.0;
37 | double max = 0.0;
38 | for (i = 0; i < count; i++) {
39 | double begin, total;
40 | if (setup != NULL) {
41 | setup(data);
42 | }
43 | begin = gettimedouble();
44 | benchmark(data);
45 | total = gettimedouble() - begin;
46 | if (teardown != NULL) {
47 | teardown(data);
48 | }
49 | if (total < min) {
50 | min = total;
51 | }
52 | if (total > max) {
53 | max = total;
54 | }
55 | sum += total;
56 | }
57 | printf("%s: min ", name);
58 | print_number(min * 1000000.0 / iter);
59 | printf("us / avg ");
60 | print_number((sum / count) * 1000000.0 / iter);
61 | printf("us / max ");
62 | print_number(max * 1000000.0 / iter);
63 | printf("us\n");
64 | }
65 |
66 | #endif
67 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/bench_ecdh.c:
--------------------------------------------------------------------------------
1 | /**********************************************************************
2 | * Copyright (c) 2015 Pieter Wuille, Andrew Poelstra *
3 | * Distributed under the MIT software license, see the accompanying *
4 | * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5 | **********************************************************************/
6 |
7 | #include
8 |
9 | #include "include/secp256k1.h"
10 | #include "include/secp256k1_ecdh.h"
11 | #include "util.h"
12 | #include "bench.h"
13 |
14 | typedef struct {
15 | secp256k1_context *ctx;
16 | secp256k1_pubkey point;
17 | unsigned char scalar[32];
18 | } bench_ecdh_t;
19 |
20 | static void bench_ecdh_setup(void* arg) {
21 | int i;
22 | bench_ecdh_t *data = (bench_ecdh_t*)arg;
23 | const unsigned char point[] = {
24 | 0x03,
25 | 0x54, 0x94, 0xc1, 0x5d, 0x32, 0x09, 0x97, 0x06,
26 | 0xc2, 0x39, 0x5f, 0x94, 0x34, 0x87, 0x45, 0xfd,
27 | 0x75, 0x7c, 0xe3, 0x0e, 0x4e, 0x8c, 0x90, 0xfb,
28 | 0xa2, 0xba, 0xd1, 0x84, 0xf8, 0x83, 0xc6, 0x9f
29 | };
30 |
31 | /* create a context with no capabilities */
32 | data->ctx = secp256k1_context_create(SECP256K1_FLAGS_TYPE_CONTEXT);
33 | for (i = 0; i < 32; i++) {
34 | data->scalar[i] = i + 1;
35 | }
36 | CHECK(secp256k1_ec_pubkey_parse(data->ctx, &data->point, point, sizeof(point)) == 1);
37 | }
38 |
39 | static void bench_ecdh(void* arg) {
40 | int i;
41 | unsigned char res[32];
42 | bench_ecdh_t *data = (bench_ecdh_t*)arg;
43 |
44 | for (i = 0; i < 20000; i++) {
45 | CHECK(secp256k1_ecdh(data->ctx, res, &data->point, data->scalar) == 1);
46 | }
47 | }
48 |
49 | int main(void) {
50 | bench_ecdh_t data;
51 |
52 | run_benchmark("ecdh", bench_ecdh, bench_ecdh_setup, NULL, &data, 10, 20000);
53 | return 0;
54 | }
55 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/bench_recover.c:
--------------------------------------------------------------------------------
1 | /**********************************************************************
2 | * Copyright (c) 2014-2015 Pieter Wuille *
3 | * Distributed under the MIT software license, see the accompanying *
4 | * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5 | **********************************************************************/
6 |
7 | #include "include/secp256k1.h"
8 | #include "include/secp256k1_recovery.h"
9 | #include "util.h"
10 | #include "bench.h"
11 |
12 | typedef struct {
13 | secp256k1_context *ctx;
14 | unsigned char msg[32];
15 | unsigned char sig[64];
16 | } bench_recover_t;
17 |
18 | void bench_recover(void* arg) {
19 | int i;
20 | bench_recover_t *data = (bench_recover_t*)arg;
21 | secp256k1_pubkey pubkey;
22 | unsigned char pubkeyc[33];
23 |
24 | for (i = 0; i < 20000; i++) {
25 | int j;
26 | size_t pubkeylen = 33;
27 | secp256k1_ecdsa_recoverable_signature sig;
28 | CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(data->ctx, &sig, data->sig, i % 2));
29 | CHECK(secp256k1_ecdsa_recover(data->ctx, &pubkey, &sig, data->msg));
30 | CHECK(secp256k1_ec_pubkey_serialize(data->ctx, pubkeyc, &pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED));
31 | for (j = 0; j < 32; j++) {
32 | data->sig[j + 32] = data->msg[j]; /* Move former message to S. */
33 | data->msg[j] = data->sig[j]; /* Move former R to message. */
34 | data->sig[j] = pubkeyc[j + 1]; /* Move recovered pubkey X coordinate to R (which must be a valid X coordinate). */
35 | }
36 | }
37 | }
38 |
39 | void bench_recover_setup(void* arg) {
40 | int i;
41 | bench_recover_t *data = (bench_recover_t*)arg;
42 |
43 | for (i = 0; i < 32; i++) {
44 | data->msg[i] = 1 + i;
45 | }
46 | for (i = 0; i < 64; i++) {
47 | data->sig[i] = 65 + i;
48 | }
49 | }
50 |
51 | int main(void) {
52 | bench_recover_t data;
53 |
54 | data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_VERIFY);
55 |
56 | run_benchmark("ecdsa_recover", bench_recover, bench_recover_setup, NULL, &data, 10, 20000);
57 |
58 | secp256k1_context_destroy(data.ctx);
59 | return 0;
60 | }
61 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/bench_schnorr_verify.c:
--------------------------------------------------------------------------------
1 | /**********************************************************************
2 | * Copyright (c) 2014 Pieter Wuille *
3 | * Distributed under the MIT software license, see the accompanying *
4 | * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5 | **********************************************************************/
6 |
7 | #include
8 | #include
9 |
10 | #include "include/secp256k1.h"
11 | #include "include/secp256k1_schnorr.h"
12 | #include "util.h"
13 | #include "bench.h"
14 |
15 | typedef struct {
16 | unsigned char key[32];
17 | unsigned char sig[64];
18 | unsigned char pubkey[33];
19 | size_t pubkeylen;
20 | } benchmark_schnorr_sig_t;
21 |
22 | typedef struct {
23 | secp256k1_context *ctx;
24 | unsigned char msg[32];
25 | benchmark_schnorr_sig_t sigs[64];
26 | int numsigs;
27 | } benchmark_schnorr_verify_t;
28 |
29 | static void benchmark_schnorr_init(void* arg) {
30 | int i, k;
31 | benchmark_schnorr_verify_t* data = (benchmark_schnorr_verify_t*)arg;
32 |
33 | for (i = 0; i < 32; i++) {
34 | data->msg[i] = 1 + i;
35 | }
36 | for (k = 0; k < data->numsigs; k++) {
37 | secp256k1_pubkey pubkey;
38 | for (i = 0; i < 32; i++) {
39 | data->sigs[k].key[i] = 33 + i + k;
40 | }
41 | secp256k1_schnorr_sign(data->ctx, data->sigs[k].sig, data->msg, data->sigs[k].key, NULL, NULL);
42 | data->sigs[k].pubkeylen = 33;
43 | CHECK(secp256k1_ec_pubkey_create(data->ctx, &pubkey, data->sigs[k].key));
44 | CHECK(secp256k1_ec_pubkey_serialize(data->ctx, data->sigs[k].pubkey, &data->sigs[k].pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED));
45 | }
46 | }
47 |
48 | static void benchmark_schnorr_verify(void* arg) {
49 | int i;
50 | benchmark_schnorr_verify_t* data = (benchmark_schnorr_verify_t*)arg;
51 |
52 | for (i = 0; i < 20000 / data->numsigs; i++) {
53 | secp256k1_pubkey pubkey;
54 | data->sigs[0].sig[(i >> 8) % 64] ^= (i & 0xFF);
55 | CHECK(secp256k1_ec_pubkey_parse(data->ctx, &pubkey, data->sigs[0].pubkey, data->sigs[0].pubkeylen));
56 | CHECK(secp256k1_schnorr_verify(data->ctx, data->sigs[0].sig, data->msg, &pubkey) == ((i & 0xFF) == 0));
57 | data->sigs[0].sig[(i >> 8) % 64] ^= (i & 0xFF);
58 | }
59 | }
60 |
61 |
62 |
63 | int main(void) {
64 | benchmark_schnorr_verify_t data;
65 |
66 | data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY);
67 |
68 | data.numsigs = 1;
69 | run_benchmark("schnorr_verify", benchmark_schnorr_verify, benchmark_schnorr_init, NULL, &data, 10, 20000);
70 |
71 | secp256k1_context_destroy(data.ctx);
72 | return 0;
73 | }
74 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/bench_sign.c:
--------------------------------------------------------------------------------
1 | /**********************************************************************
2 | * Copyright (c) 2014 Pieter Wuille *
3 | * Distributed under the MIT software license, see the accompanying *
4 | * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5 | **********************************************************************/
6 |
7 | #include "include/secp256k1.h"
8 | #include "util.h"
9 | #include "bench.h"
10 |
11 | typedef struct {
12 | secp256k1_context* ctx;
13 | unsigned char msg[32];
14 | unsigned char key[32];
15 | } bench_sign_t;
16 |
17 | static void bench_sign_setup(void* arg) {
18 | int i;
19 | bench_sign_t *data = (bench_sign_t*)arg;
20 |
21 | for (i = 0; i < 32; i++) {
22 | data->msg[i] = i + 1;
23 | }
24 | for (i = 0; i < 32; i++) {
25 | data->key[i] = i + 65;
26 | }
27 | }
28 |
29 | static void bench_sign(void* arg) {
30 | int i;
31 | bench_sign_t *data = (bench_sign_t*)arg;
32 |
33 | unsigned char sig[74];
34 | for (i = 0; i < 20000; i++) {
35 | size_t siglen = 74;
36 | int j;
37 | secp256k1_ecdsa_signature signature;
38 | CHECK(secp256k1_ecdsa_sign(data->ctx, &signature, data->msg, data->key, NULL, NULL));
39 | CHECK(secp256k1_ecdsa_signature_serialize_der(data->ctx, sig, &siglen, &signature));
40 | for (j = 0; j < 32; j++) {
41 | data->msg[j] = sig[j];
42 | data->key[j] = sig[j + 32];
43 | }
44 | }
45 | }
46 |
47 | int main(void) {
48 | bench_sign_t data;
49 |
50 | data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN);
51 |
52 | run_benchmark("ecdsa_sign", bench_sign, bench_sign_setup, NULL, &data, 10, 20000);
53 |
54 | secp256k1_context_destroy(data.ctx);
55 | return 0;
56 | }
57 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/bench_verify.c:
--------------------------------------------------------------------------------
1 | /**********************************************************************
2 | * Copyright (c) 2014 Pieter Wuille *
3 | * Distributed under the MIT software license, see the accompanying *
4 | * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5 | **********************************************************************/
6 |
7 | #include
8 | #include
9 |
10 | #include "include/secp256k1.h"
11 | #include "util.h"
12 | #include "bench.h"
13 |
14 | #ifdef ENABLE_OPENSSL_TESTS
15 | #include
16 | #include
17 | #include
18 | #endif
19 |
20 | typedef struct {
21 | secp256k1_context *ctx;
22 | unsigned char msg[32];
23 | unsigned char key[32];
24 | unsigned char sig[72];
25 | size_t siglen;
26 | unsigned char pubkey[33];
27 | size_t pubkeylen;
28 | #ifdef ENABLE_OPENSSL_TESTS
29 | EC_GROUP* ec_group;
30 | #endif
31 | } benchmark_verify_t;
32 |
33 | static void benchmark_verify(void* arg) {
34 | int i;
35 | benchmark_verify_t* data = (benchmark_verify_t*)arg;
36 |
37 | for (i = 0; i < 20000; i++) {
38 | secp256k1_pubkey pubkey;
39 | secp256k1_ecdsa_signature sig;
40 | data->sig[data->siglen - 1] ^= (i & 0xFF);
41 | data->sig[data->siglen - 2] ^= ((i >> 8) & 0xFF);
42 | data->sig[data->siglen - 3] ^= ((i >> 16) & 0xFF);
43 | CHECK(secp256k1_ec_pubkey_parse(data->ctx, &pubkey, data->pubkey, data->pubkeylen) == 1);
44 | CHECK(secp256k1_ecdsa_signature_parse_der(data->ctx, &sig, data->sig, data->siglen) == 1);
45 | CHECK(secp256k1_ecdsa_verify(data->ctx, &sig, data->msg, &pubkey) == (i == 0));
46 | data->sig[data->siglen - 1] ^= (i & 0xFF);
47 | data->sig[data->siglen - 2] ^= ((i >> 8) & 0xFF);
48 | data->sig[data->siglen - 3] ^= ((i >> 16) & 0xFF);
49 | }
50 | }
51 |
52 | #ifdef ENABLE_OPENSSL_TESTS
53 | static void benchmark_verify_openssl(void* arg) {
54 | int i;
55 | benchmark_verify_t* data = (benchmark_verify_t*)arg;
56 |
57 | for (i = 0; i < 20000; i++) {
58 | data->sig[data->siglen - 1] ^= (i & 0xFF);
59 | data->sig[data->siglen - 2] ^= ((i >> 8) & 0xFF);
60 | data->sig[data->siglen - 3] ^= ((i >> 16) & 0xFF);
61 | {
62 | EC_KEY *pkey = EC_KEY_new();
63 | const unsigned char *pubkey = &data->pubkey[0];
64 | int result;
65 |
66 | CHECK(pkey != NULL);
67 | result = EC_KEY_set_group(pkey, data->ec_group);
68 | CHECK(result);
69 | result = (o2i_ECPublicKey(&pkey, &pubkey, data->pubkeylen)) != NULL;
70 | CHECK(result);
71 | result = ECDSA_verify(0, &data->msg[0], sizeof(data->msg), &data->sig[0], data->siglen, pkey) == (i == 0);
72 | CHECK(result);
73 | EC_KEY_free(pkey);
74 | }
75 | data->sig[data->siglen - 1] ^= (i & 0xFF);
76 | data->sig[data->siglen - 2] ^= ((i >> 8) & 0xFF);
77 | data->sig[data->siglen - 3] ^= ((i >> 16) & 0xFF);
78 | }
79 | }
80 | #endif
81 |
82 | int main(void) {
83 | int i;
84 | secp256k1_pubkey pubkey;
85 | secp256k1_ecdsa_signature sig;
86 | benchmark_verify_t data;
87 |
88 | data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY);
89 |
90 | for (i = 0; i < 32; i++) {
91 | data.msg[i] = 1 + i;
92 | }
93 | for (i = 0; i < 32; i++) {
94 | data.key[i] = 33 + i;
95 | }
96 | data.siglen = 72;
97 | CHECK(secp256k1_ecdsa_sign(data.ctx, &sig, data.msg, data.key, NULL, NULL));
98 | CHECK(secp256k1_ecdsa_signature_serialize_der(data.ctx, data.sig, &data.siglen, &sig));
99 | CHECK(secp256k1_ec_pubkey_create(data.ctx, &pubkey, data.key));
100 | data.pubkeylen = 33;
101 | CHECK(secp256k1_ec_pubkey_serialize(data.ctx, data.pubkey, &data.pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED) == 1);
102 |
103 | run_benchmark("ecdsa_verify", benchmark_verify, NULL, NULL, &data, 10, 20000);
104 | #ifdef ENABLE_OPENSSL_TESTS
105 | data.ec_group = EC_GROUP_new_by_curve_name(NID_secp256k1);
106 | run_benchmark("ecdsa_verify_openssl", benchmark_verify_openssl, NULL, NULL, &data, 10, 20000);
107 | EC_GROUP_free(data.ec_group);
108 | #endif
109 |
110 | secp256k1_context_destroy(data.ctx);
111 | return 0;
112 | }
113 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/ecdsa.h:
--------------------------------------------------------------------------------
1 | /**********************************************************************
2 | * Copyright (c) 2013, 2014 Pieter Wuille *
3 | * Distributed under the MIT software license, see the accompanying *
4 | * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5 | **********************************************************************/
6 |
7 | #ifndef _SECP256K1_ECDSA_
8 | #define _SECP256K1_ECDSA_
9 |
10 | #include
11 |
12 | #include "scalar.h"
13 | #include "group.h"
14 | #include "ecmult.h"
15 |
16 | static int secp256k1_ecdsa_sig_parse(secp256k1_scalar *r, secp256k1_scalar *s, const unsigned char *sig, size_t size);
17 | static int secp256k1_ecdsa_sig_serialize(unsigned char *sig, size_t *size, const secp256k1_scalar *r, const secp256k1_scalar *s);
18 | static int secp256k1_ecdsa_sig_verify(const secp256k1_ecmult_context *ctx, const secp256k1_scalar* r, const secp256k1_scalar* s, const secp256k1_ge *pubkey, const secp256k1_scalar *message);
19 | static int secp256k1_ecdsa_sig_sign(const secp256k1_ecmult_gen_context *ctx, secp256k1_scalar* r, secp256k1_scalar* s, const secp256k1_scalar *seckey, const secp256k1_scalar *message, const secp256k1_scalar *nonce, int *recid);
20 |
21 | #endif
22 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/eckey.h:
--------------------------------------------------------------------------------
1 | /**********************************************************************
2 | * Copyright (c) 2013, 2014 Pieter Wuille *
3 | * Distributed under the MIT software license, see the accompanying *
4 | * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5 | **********************************************************************/
6 |
7 | #ifndef _SECP256K1_ECKEY_
8 | #define _SECP256K1_ECKEY_
9 |
10 | #include
11 |
12 | #include "group.h"
13 | #include "scalar.h"
14 | #include "ecmult.h"
15 | #include "ecmult_gen.h"
16 |
17 | static int secp256k1_eckey_pubkey_parse(secp256k1_ge *elem, const unsigned char *pub, size_t size);
18 | static int secp256k1_eckey_pubkey_serialize(secp256k1_ge *elem, unsigned char *pub, size_t *size, int compressed);
19 |
20 | static int secp256k1_eckey_privkey_tweak_add(secp256k1_scalar *key, const secp256k1_scalar *tweak);
21 | static int secp256k1_eckey_pubkey_tweak_add(const secp256k1_ecmult_context *ctx, secp256k1_ge *key, const secp256k1_scalar *tweak);
22 | static int secp256k1_eckey_privkey_tweak_mul(secp256k1_scalar *key, const secp256k1_scalar *tweak);
23 | static int secp256k1_eckey_pubkey_tweak_mul(const secp256k1_ecmult_context *ctx, secp256k1_ge *key, const secp256k1_scalar *tweak);
24 |
25 | #endif
26 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/eckey_impl.h:
--------------------------------------------------------------------------------
1 | /**********************************************************************
2 | * Copyright (c) 2013, 2014 Pieter Wuille *
3 | * Distributed under the MIT software license, see the accompanying *
4 | * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5 | **********************************************************************/
6 |
7 | #ifndef _SECP256K1_ECKEY_IMPL_H_
8 | #define _SECP256K1_ECKEY_IMPL_H_
9 |
10 | #include "eckey.h"
11 |
12 | #include "scalar.h"
13 | #include "field.h"
14 | #include "group.h"
15 | #include "ecmult_gen.h"
16 |
17 | static int secp256k1_eckey_pubkey_parse(secp256k1_ge *elem, const unsigned char *pub, size_t size) {
18 | if (size == 33 && (pub[0] == 0x02 || pub[0] == 0x03)) {
19 | secp256k1_fe x;
20 | return secp256k1_fe_set_b32(&x, pub+1) && secp256k1_ge_set_xo_var(elem, &x, pub[0] == 0x03);
21 | } else if (size == 65 && (pub[0] == 0x04 || pub[0] == 0x06 || pub[0] == 0x07)) {
22 | secp256k1_fe x, y;
23 | if (!secp256k1_fe_set_b32(&x, pub+1) || !secp256k1_fe_set_b32(&y, pub+33)) {
24 | return 0;
25 | }
26 | secp256k1_ge_set_xy(elem, &x, &y);
27 | if ((pub[0] == 0x06 || pub[0] == 0x07) && secp256k1_fe_is_odd(&y) != (pub[0] == 0x07)) {
28 | return 0;
29 | }
30 | return secp256k1_ge_is_valid_var(elem);
31 | } else {
32 | return 0;
33 | }
34 | }
35 |
36 | static int secp256k1_eckey_pubkey_serialize(secp256k1_ge *elem, unsigned char *pub, size_t *size, int compressed) {
37 | if (secp256k1_ge_is_infinity(elem)) {
38 | return 0;
39 | }
40 | secp256k1_fe_normalize_var(&elem->x);
41 | secp256k1_fe_normalize_var(&elem->y);
42 | secp256k1_fe_get_b32(&pub[1], &elem->x);
43 | if (compressed) {
44 | *size = 33;
45 | pub[0] = 0x02 | (secp256k1_fe_is_odd(&elem->y) ? 0x01 : 0x00);
46 | } else {
47 | *size = 65;
48 | pub[0] = 0x04;
49 | secp256k1_fe_get_b32(&pub[33], &elem->y);
50 | }
51 | return 1;
52 | }
53 |
54 | static int secp256k1_eckey_privkey_tweak_add(secp256k1_scalar *key, const secp256k1_scalar *tweak) {
55 | secp256k1_scalar_add(key, key, tweak);
56 | if (secp256k1_scalar_is_zero(key)) {
57 | return 0;
58 | }
59 | return 1;
60 | }
61 |
62 | static int secp256k1_eckey_pubkey_tweak_add(const secp256k1_ecmult_context *ctx, secp256k1_ge *key, const secp256k1_scalar *tweak) {
63 | secp256k1_gej pt;
64 | secp256k1_scalar one;
65 | secp256k1_gej_set_ge(&pt, key);
66 | secp256k1_scalar_set_int(&one, 1);
67 | secp256k1_ecmult(ctx, &pt, &pt, &one, tweak);
68 |
69 | if (secp256k1_gej_is_infinity(&pt)) {
70 | return 0;
71 | }
72 | secp256k1_ge_set_gej(key, &pt);
73 | return 1;
74 | }
75 |
76 | static int secp256k1_eckey_privkey_tweak_mul(secp256k1_scalar *key, const secp256k1_scalar *tweak) {
77 | if (secp256k1_scalar_is_zero(tweak)) {
78 | return 0;
79 | }
80 |
81 | secp256k1_scalar_mul(key, key, tweak);
82 | return 1;
83 | }
84 |
85 | static int secp256k1_eckey_pubkey_tweak_mul(const secp256k1_ecmult_context *ctx, secp256k1_ge *key, const secp256k1_scalar *tweak) {
86 | secp256k1_scalar zero;
87 | secp256k1_gej pt;
88 | if (secp256k1_scalar_is_zero(tweak)) {
89 | return 0;
90 | }
91 |
92 | secp256k1_scalar_set_int(&zero, 0);
93 | secp256k1_gej_set_ge(&pt, key);
94 | secp256k1_ecmult(ctx, &pt, &pt, tweak, &zero);
95 | secp256k1_ge_set_gej(key, &pt);
96 | return 1;
97 | }
98 |
99 | #endif
100 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/ecmult.h:
--------------------------------------------------------------------------------
1 | /**********************************************************************
2 | * Copyright (c) 2013, 2014 Pieter Wuille *
3 | * Distributed under the MIT software license, see the accompanying *
4 | * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5 | **********************************************************************/
6 |
7 | #ifndef _SECP256K1_ECMULT_
8 | #define _SECP256K1_ECMULT_
9 |
10 | #include "num.h"
11 | #include "group.h"
12 |
13 | typedef struct {
14 | /* For accelerating the computation of a*P + b*G: */
15 | secp256k1_ge_storage (*pre_g)[]; /* odd multiples of the generator */
16 | #ifdef USE_ENDOMORPHISM
17 | secp256k1_ge_storage (*pre_g_128)[]; /* odd multiples of 2^128*generator */
18 | #endif
19 | } secp256k1_ecmult_context;
20 |
21 | static void secp256k1_ecmult_context_init(secp256k1_ecmult_context *ctx);
22 | static void secp256k1_ecmult_context_build(secp256k1_ecmult_context *ctx, const secp256k1_callback *cb);
23 | static void secp256k1_ecmult_context_clone(secp256k1_ecmult_context *dst,
24 | const secp256k1_ecmult_context *src, const secp256k1_callback *cb);
25 | static void secp256k1_ecmult_context_clear(secp256k1_ecmult_context *ctx);
26 | static int secp256k1_ecmult_context_is_built(const secp256k1_ecmult_context *ctx);
27 |
28 | /** Double multiply: R = na*A + ng*G */
29 | static void secp256k1_ecmult(const secp256k1_ecmult_context *ctx, secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_scalar *na, const secp256k1_scalar *ng);
30 |
31 | #endif
32 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/ecmult_const.h:
--------------------------------------------------------------------------------
1 | /**********************************************************************
2 | * Copyright (c) 2015 Andrew Poelstra *
3 | * Distributed under the MIT software license, see the accompanying *
4 | * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5 | **********************************************************************/
6 |
7 | #ifndef _SECP256K1_ECMULT_CONST_
8 | #define _SECP256K1_ECMULT_CONST_
9 |
10 | #include "scalar.h"
11 | #include "group.h"
12 |
13 | static void secp256k1_ecmult_const(secp256k1_gej *r, const secp256k1_ge *a, const secp256k1_scalar *q);
14 |
15 | #endif
16 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/ecmult_gen.h:
--------------------------------------------------------------------------------
1 | /**********************************************************************
2 | * Copyright (c) 2013, 2014 Pieter Wuille *
3 | * Distributed under the MIT software license, see the accompanying *
4 | * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5 | **********************************************************************/
6 |
7 | #ifndef _SECP256K1_ECMULT_GEN_
8 | #define _SECP256K1_ECMULT_GEN_
9 |
10 | #include "scalar.h"
11 | #include "group.h"
12 |
13 | typedef struct {
14 | /* For accelerating the computation of a*G:
15 | * To harden against timing attacks, use the following mechanism:
16 | * * Break up the multiplicand into groups of 4 bits, called n_0, n_1, n_2, ..., n_63.
17 | * * Compute sum(n_i * 16^i * G + U_i, i=0..63), where:
18 | * * U_i = U * 2^i (for i=0..62)
19 | * * U_i = U * (1-2^63) (for i=63)
20 | * where U is a point with no known corresponding scalar. Note that sum(U_i, i=0..63) = 0.
21 | * For each i, and each of the 16 possible values of n_i, (n_i * 16^i * G + U_i) is
22 | * precomputed (call it prec(i, n_i)). The formula now becomes sum(prec(i, n_i), i=0..63).
23 | * None of the resulting prec group elements have a known scalar, and neither do any of
24 | * the intermediate sums while computing a*G.
25 | */
26 | secp256k1_ge_storage (*prec)[64][16]; /* prec[j][i] = 16^j * i * G + U_i */
27 | secp256k1_scalar blind;
28 | secp256k1_gej initial;
29 | } secp256k1_ecmult_gen_context;
30 |
31 | static void secp256k1_ecmult_gen_context_init(secp256k1_ecmult_gen_context* ctx);
32 | static void secp256k1_ecmult_gen_context_build(secp256k1_ecmult_gen_context* ctx, const secp256k1_callback* cb);
33 | static void secp256k1_ecmult_gen_context_clone(secp256k1_ecmult_gen_context *dst,
34 | const secp256k1_ecmult_gen_context* src, const secp256k1_callback* cb);
35 | static void secp256k1_ecmult_gen_context_clear(secp256k1_ecmult_gen_context* ctx);
36 | static int secp256k1_ecmult_gen_context_is_built(const secp256k1_ecmult_gen_context* ctx);
37 |
38 | /** Multiply with the generator: R = a*G */
39 | static void secp256k1_ecmult_gen(const secp256k1_ecmult_gen_context* ctx, secp256k1_gej *r, const secp256k1_scalar *a);
40 |
41 | static void secp256k1_ecmult_gen_blind(secp256k1_ecmult_gen_context *ctx, const unsigned char *seed32);
42 |
43 | #endif
44 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/field_10x26.h:
--------------------------------------------------------------------------------
1 | /**********************************************************************
2 | * Copyright (c) 2013, 2014 Pieter Wuille *
3 | * Distributed under the MIT software license, see the accompanying *
4 | * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5 | **********************************************************************/
6 |
7 | #ifndef _SECP256K1_FIELD_REPR_
8 | #define _SECP256K1_FIELD_REPR_
9 |
10 | #include
11 |
12 | typedef struct {
13 | /* X = sum(i=0..9, elem[i]*2^26) mod n */
14 | uint32_t n[10];
15 | #ifdef VERIFY
16 | int magnitude;
17 | int normalized;
18 | #endif
19 | } secp256k1_fe;
20 |
21 | /* Unpacks a constant into a overlapping multi-limbed FE element. */
22 | #define SECP256K1_FE_CONST_INNER(d7, d6, d5, d4, d3, d2, d1, d0) { \
23 | (d0) & 0x3FFFFFFUL, \
24 | (((uint32_t)d0) >> 26) | (((uint32_t)(d1) & 0xFFFFFUL) << 6), \
25 | (((uint32_t)d1) >> 20) | (((uint32_t)(d2) & 0x3FFFUL) << 12), \
26 | (((uint32_t)d2) >> 14) | (((uint32_t)(d3) & 0xFFUL) << 18), \
27 | (((uint32_t)d3) >> 8) | (((uint32_t)(d4) & 0x3UL) << 24), \
28 | (((uint32_t)d4) >> 2) & 0x3FFFFFFUL, \
29 | (((uint32_t)d4) >> 28) | (((uint32_t)(d5) & 0x3FFFFFUL) << 4), \
30 | (((uint32_t)d5) >> 22) | (((uint32_t)(d6) & 0xFFFFUL) << 10), \
31 | (((uint32_t)d6) >> 16) | (((uint32_t)(d7) & 0x3FFUL) << 16), \
32 | (((uint32_t)d7) >> 10) \
33 | }
34 |
35 | #ifdef VERIFY
36 | #define SECP256K1_FE_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {SECP256K1_FE_CONST_INNER((d7), (d6), (d5), (d4), (d3), (d2), (d1), (d0)), 1, 1}
37 | #else
38 | #define SECP256K1_FE_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {SECP256K1_FE_CONST_INNER((d7), (d6), (d5), (d4), (d3), (d2), (d1), (d0))}
39 | #endif
40 |
41 | typedef struct {
42 | uint32_t n[8];
43 | } secp256k1_fe_storage;
44 |
45 | #define SECP256K1_FE_STORAGE_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {{ (d0), (d1), (d2), (d3), (d4), (d5), (d6), (d7) }}
46 | #define SECP256K1_FE_STORAGE_CONST_GET(d) d.n[7], d.n[6], d.n[5], d.n[4],d.n[3], d.n[2], d.n[1], d.n[0]
47 | #endif
48 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/field_5x52.h:
--------------------------------------------------------------------------------
1 | /**********************************************************************
2 | * Copyright (c) 2013, 2014 Pieter Wuille *
3 | * Distributed under the MIT software license, see the accompanying *
4 | * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5 | **********************************************************************/
6 |
7 | #ifndef _SECP256K1_FIELD_REPR_
8 | #define _SECP256K1_FIELD_REPR_
9 |
10 | #include
11 |
12 | typedef struct {
13 | /* X = sum(i=0..4, elem[i]*2^52) mod n */
14 | uint64_t n[5];
15 | #ifdef VERIFY
16 | int magnitude;
17 | int normalized;
18 | #endif
19 | } secp256k1_fe;
20 |
21 | /* Unpacks a constant into a overlapping multi-limbed FE element. */
22 | #define SECP256K1_FE_CONST_INNER(d7, d6, d5, d4, d3, d2, d1, d0) { \
23 | (d0) | (((uint64_t)(d1) & 0xFFFFFUL) << 32), \
24 | ((uint64_t)(d1) >> 20) | (((uint64_t)(d2)) << 12) | (((uint64_t)(d3) & 0xFFUL) << 44), \
25 | ((uint64_t)(d3) >> 8) | (((uint64_t)(d4) & 0xFFFFFFFUL) << 24), \
26 | ((uint64_t)(d4) >> 28) | (((uint64_t)(d5)) << 4) | (((uint64_t)(d6) & 0xFFFFUL) << 36), \
27 | ((uint64_t)(d6) >> 16) | (((uint64_t)(d7)) << 16) \
28 | }
29 |
30 | #ifdef VERIFY
31 | #define SECP256K1_FE_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {SECP256K1_FE_CONST_INNER((d7), (d6), (d5), (d4), (d3), (d2), (d1), (d0)), 1, 1}
32 | #else
33 | #define SECP256K1_FE_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {SECP256K1_FE_CONST_INNER((d7), (d6), (d5), (d4), (d3), (d2), (d1), (d0))}
34 | #endif
35 |
36 | typedef struct {
37 | uint64_t n[4];
38 | } secp256k1_fe_storage;
39 |
40 | #define SECP256K1_FE_STORAGE_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {{ \
41 | (d0) | (((uint64_t)(d1)) << 32), \
42 | (d2) | (((uint64_t)(d3)) << 32), \
43 | (d4) | (((uint64_t)(d5)) << 32), \
44 | (d6) | (((uint64_t)(d7)) << 32) \
45 | }}
46 |
47 | #endif
48 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/gen_context.c:
--------------------------------------------------------------------------------
1 | /**********************************************************************
2 | * Copyright (c) 2013, 2014, 2015 Thomas Daede, Cory Fields *
3 | * Distributed under the MIT software license, see the accompanying *
4 | * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5 | **********************************************************************/
6 |
7 | #define USE_BASIC_CONFIG 1
8 |
9 | #include "basic-config.h"
10 | #include "include/secp256k1.h"
11 | #include "field_impl.h"
12 | #include "scalar_impl.h"
13 | #include "group_impl.h"
14 | #include "ecmult_gen_impl.h"
15 |
16 | static void default_error_callback_fn(const char* str, void* data) {
17 | (void)data;
18 | fprintf(stderr, "[libsecp256k1] internal consistency check failed: %s\n", str);
19 | abort();
20 | }
21 |
22 | static const secp256k1_callback default_error_callback = {
23 | default_error_callback_fn,
24 | NULL
25 | };
26 |
27 | int main(int argc, char **argv) {
28 | secp256k1_ecmult_gen_context ctx;
29 | int inner;
30 | int outer;
31 | FILE* fp;
32 |
33 | (void)argc;
34 | (void)argv;
35 |
36 | fp = fopen("src/ecmult_static_context.h","w");
37 | if (fp == NULL) {
38 | fprintf(stderr, "Could not open src/ecmult_static_context.h for writing!\n");
39 | return -1;
40 | }
41 |
42 | fprintf(fp, "#ifndef _SECP256K1_ECMULT_STATIC_CONTEXT_\n");
43 | fprintf(fp, "#define _SECP256K1_ECMULT_STATIC_CONTEXT_\n");
44 | fprintf(fp, "#include \"group.h\"\n");
45 | fprintf(fp, "#define SC SECP256K1_GE_STORAGE_CONST\n");
46 | fprintf(fp, "static const secp256k1_ge_storage secp256k1_ecmult_static_context[64][16] = {\n");
47 |
48 | secp256k1_ecmult_gen_context_init(&ctx);
49 | secp256k1_ecmult_gen_context_build(&ctx, &default_error_callback);
50 | for(outer = 0; outer != 64; outer++) {
51 | fprintf(fp,"{\n");
52 | for(inner = 0; inner != 16; inner++) {
53 | fprintf(fp," SC(%uu, %uu, %uu, %uu, %uu, %uu, %uu, %uu, %uu, %uu, %uu, %uu, %uu, %uu, %uu, %uu)", SECP256K1_GE_STORAGE_CONST_GET((*ctx.prec)[outer][inner]));
54 | if (inner != 15) {
55 | fprintf(fp,",\n");
56 | } else {
57 | fprintf(fp,"\n");
58 | }
59 | }
60 | if (outer != 63) {
61 | fprintf(fp,"},\n");
62 | } else {
63 | fprintf(fp,"}\n");
64 | }
65 | }
66 | fprintf(fp,"};\n");
67 | secp256k1_ecmult_gen_context_clear(&ctx);
68 |
69 | fprintf(fp, "#undef SC\n");
70 | fprintf(fp, "#endif\n");
71 | fclose(fp);
72 |
73 | return 0;
74 | }
75 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/hash.h:
--------------------------------------------------------------------------------
1 | /**********************************************************************
2 | * Copyright (c) 2014 Pieter Wuille *
3 | * Distributed under the MIT software license, see the accompanying *
4 | * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5 | **********************************************************************/
6 |
7 | #ifndef _SECP256K1_HASH_
8 | #define _SECP256K1_HASH_
9 |
10 | #include
11 | #include
12 |
13 | typedef struct {
14 | uint32_t s[8];
15 | uint32_t buf[16]; /* In big endian */
16 | size_t bytes;
17 | } secp256k1_sha256_t;
18 |
19 | static void secp256k1_sha256_initialize(secp256k1_sha256_t *hash);
20 | static void secp256k1_sha256_write(secp256k1_sha256_t *hash, const unsigned char *data, size_t size);
21 | static void secp256k1_sha256_finalize(secp256k1_sha256_t *hash, unsigned char *out32);
22 |
23 | typedef struct {
24 | secp256k1_sha256_t inner, outer;
25 | } secp256k1_hmac_sha256_t;
26 |
27 | static void secp256k1_hmac_sha256_initialize(secp256k1_hmac_sha256_t *hash, const unsigned char *key, size_t size);
28 | static void secp256k1_hmac_sha256_write(secp256k1_hmac_sha256_t *hash, const unsigned char *data, size_t size);
29 | static void secp256k1_hmac_sha256_finalize(secp256k1_hmac_sha256_t *hash, unsigned char *out32);
30 |
31 | typedef struct {
32 | unsigned char v[32];
33 | unsigned char k[32];
34 | int retry;
35 | } secp256k1_rfc6979_hmac_sha256_t;
36 |
37 | static void secp256k1_rfc6979_hmac_sha256_initialize(secp256k1_rfc6979_hmac_sha256_t *rng, const unsigned char *key, size_t keylen);
38 | static void secp256k1_rfc6979_hmac_sha256_generate(secp256k1_rfc6979_hmac_sha256_t *rng, unsigned char *out, size_t outlen);
39 | static void secp256k1_rfc6979_hmac_sha256_finalize(secp256k1_rfc6979_hmac_sha256_t *rng);
40 |
41 | #endif
42 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/java/org/bitcoin/NativeSecp256k1Util.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2014-2016 the libsecp256k1 contributors
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | package org.bitcoin;
18 |
19 | public class NativeSecp256k1Util{
20 |
21 | public static void assertEquals( int val, int val2, String message ) throws AssertFailException{
22 | if( val != val2 )
23 | throw new AssertFailException("FAIL: " + message);
24 | }
25 |
26 | public static void assertEquals( boolean val, boolean val2, String message ) throws AssertFailException{
27 | if( val != val2 )
28 | throw new AssertFailException("FAIL: " + message);
29 | else
30 | System.out.println("PASS: " + message);
31 | }
32 |
33 | public static void assertEquals( String val, String val2, String message ) throws AssertFailException{
34 | if( !val.equals(val2) )
35 | throw new AssertFailException("FAIL: " + message);
36 | else
37 | System.out.println("PASS: " + message);
38 | }
39 |
40 | public static class AssertFailException extends Exception {
41 | public AssertFailException(String message) {
42 | super( message );
43 | }
44 | }
45 | }
46 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/java/org/bitcoin/Secp256k1Context.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2014-2016 the libsecp256k1 contributors
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | package org.bitcoin;
18 |
19 | /**
20 | * This class holds the context reference used in native methods
21 | * to handle ECDSA operations.
22 | */
23 | public class Secp256k1Context {
24 | private static final boolean enabled; //true if the library is loaded
25 | private static final long context; //ref to pointer to context obj
26 |
27 | static { //static initializer
28 | boolean isEnabled = true;
29 | long contextRef = -1;
30 | try {
31 | System.loadLibrary("secp256k1");
32 | contextRef = secp256k1_init_context();
33 | } catch (UnsatisfiedLinkError e) {
34 | System.out.println("UnsatisfiedLinkError: " + e.toString());
35 | isEnabled = false;
36 | }
37 | enabled = isEnabled;
38 | context = contextRef;
39 | }
40 |
41 | public static boolean isEnabled() {
42 | return enabled;
43 | }
44 |
45 | public static long getContext() {
46 | if(!enabled) return -1; //sanity check
47 | return context;
48 | }
49 |
50 | private static native long secp256k1_init_context();
51 | }
52 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/java/org_bitcoin_NativeSecp256k1.h:
--------------------------------------------------------------------------------
1 | /* DO NOT EDIT THIS FILE - it is machine generated */
2 | #include
3 | #include "include/secp256k1.h"
4 | /* Header for class org_bitcoin_NativeSecp256k1 */
5 |
6 | #ifndef _Included_org_bitcoin_NativeSecp256k1
7 | #define _Included_org_bitcoin_NativeSecp256k1
8 | #ifdef __cplusplus
9 | extern "C" {
10 | #endif
11 | /*
12 | * Class: org_bitcoin_NativeSecp256k1
13 | * Method: secp256k1_ctx_clone
14 | * Signature: (J)J
15 | */
16 | SECP256K1_API jlong JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1ctx_1clone
17 | (JNIEnv *, jclass, jlong);
18 |
19 | /*
20 | * Class: org_bitcoin_NativeSecp256k1
21 | * Method: secp256k1_context_randomize
22 | * Signature: (Ljava/nio/ByteBuffer;J)I
23 | */
24 | SECP256K1_API jint JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1context_1randomize
25 | (JNIEnv *, jclass, jobject, jlong);
26 |
27 | /*
28 | * Class: org_bitcoin_NativeSecp256k1
29 | * Method: secp256k1_privkey_tweak_add
30 | * Signature: (Ljava/nio/ByteBuffer;J)[[B
31 | */
32 | SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1privkey_1tweak_1add
33 | (JNIEnv *, jclass, jobject, jlong);
34 |
35 | /*
36 | * Class: org_bitcoin_NativeSecp256k1
37 | * Method: secp256k1_privkey_tweak_mul
38 | * Signature: (Ljava/nio/ByteBuffer;J)[[B
39 | */
40 | SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1privkey_1tweak_1mul
41 | (JNIEnv *, jclass, jobject, jlong);
42 |
43 | /*
44 | * Class: org_bitcoin_NativeSecp256k1
45 | * Method: secp256k1_pubkey_tweak_add
46 | * Signature: (Ljava/nio/ByteBuffer;JI)[[B
47 | */
48 | SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1pubkey_1tweak_1add
49 | (JNIEnv *, jclass, jobject, jlong, jint);
50 |
51 | /*
52 | * Class: org_bitcoin_NativeSecp256k1
53 | * Method: secp256k1_pubkey_tweak_mul
54 | * Signature: (Ljava/nio/ByteBuffer;JI)[[B
55 | */
56 | SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1pubkey_1tweak_1mul
57 | (JNIEnv *, jclass, jobject, jlong, jint);
58 |
59 | /*
60 | * Class: org_bitcoin_NativeSecp256k1
61 | * Method: secp256k1_destroy_context
62 | * Signature: (J)V
63 | */
64 | SECP256K1_API void JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1destroy_1context
65 | (JNIEnv *, jclass, jlong);
66 |
67 | /*
68 | * Class: org_bitcoin_NativeSecp256k1
69 | * Method: secp256k1_ecdsa_verify
70 | * Signature: (Ljava/nio/ByteBuffer;JII)I
71 | */
72 | SECP256K1_API jint JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1ecdsa_1verify
73 | (JNIEnv *, jclass, jobject, jlong, jint, jint);
74 |
75 | /*
76 | * Class: org_bitcoin_NativeSecp256k1
77 | * Method: secp256k1_ecdsa_sign
78 | * Signature: (Ljava/nio/ByteBuffer;J)[[B
79 | */
80 | SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1ecdsa_1sign
81 | (JNIEnv *, jclass, jobject, jlong);
82 |
83 | /*
84 | * Class: org_bitcoin_NativeSecp256k1
85 | * Method: secp256k1_ec_seckey_verify
86 | * Signature: (Ljava/nio/ByteBuffer;J)I
87 | */
88 | SECP256K1_API jint JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1ec_1seckey_1verify
89 | (JNIEnv *, jclass, jobject, jlong);
90 |
91 | /*
92 | * Class: org_bitcoin_NativeSecp256k1
93 | * Method: secp256k1_ec_pubkey_create
94 | * Signature: (Ljava/nio/ByteBuffer;J)[[B
95 | */
96 | SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1ec_1pubkey_1create
97 | (JNIEnv *, jclass, jobject, jlong);
98 |
99 | /*
100 | * Class: org_bitcoin_NativeSecp256k1
101 | * Method: secp256k1_ec_pubkey_parse
102 | * Signature: (Ljava/nio/ByteBuffer;JI)[[B
103 | */
104 | SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1ec_1pubkey_1parse
105 | (JNIEnv *, jclass, jobject, jlong, jint);
106 |
107 | /*
108 | * Class: org_bitcoin_NativeSecp256k1
109 | * Method: secp256k1_ecdh
110 | * Signature: (Ljava/nio/ByteBuffer;JI)[[B
111 | */
112 | SECP256K1_API jobjectArray JNICALL Java_org_bitcoin_NativeSecp256k1_secp256k1_1ecdh
113 | (JNIEnv* env, jclass classObject, jobject byteBufferObject, jlong ctx_l, jint publen);
114 |
115 |
116 | #ifdef __cplusplus
117 | }
118 | #endif
119 | #endif
120 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/java/org_bitcoin_Secp256k1Context.c:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include "org_bitcoin_Secp256k1Context.h"
4 | #include "include/secp256k1.h"
5 |
6 | SECP256K1_API jlong JNICALL Java_org_bitcoin_Secp256k1Context_secp256k1_1init_1context
7 | (JNIEnv* env, jclass classObject)
8 | {
9 | secp256k1_context *ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY);
10 |
11 | (void)classObject;(void)env;
12 |
13 | return (uintptr_t)ctx;
14 | }
15 |
16 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/java/org_bitcoin_Secp256k1Context.h:
--------------------------------------------------------------------------------
1 | /* DO NOT EDIT THIS FILE - it is machine generated */
2 | #include
3 | #include "include/secp256k1.h"
4 | /* Header for class org_bitcoin_Secp256k1Context */
5 |
6 | #ifndef _Included_org_bitcoin_Secp256k1Context
7 | #define _Included_org_bitcoin_Secp256k1Context
8 | #ifdef __cplusplus
9 | extern "C" {
10 | #endif
11 | /*
12 | * Class: org_bitcoin_Secp256k1Context
13 | * Method: secp256k1_init_context
14 | * Signature: ()J
15 | */
16 | SECP256K1_API jlong JNICALL Java_org_bitcoin_Secp256k1Context_secp256k1_1init_1context
17 | (JNIEnv *, jclass);
18 |
19 | #ifdef __cplusplus
20 | }
21 | #endif
22 | #endif
23 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/modules/ecdh/Makefile.am.include:
--------------------------------------------------------------------------------
1 | include_HEADERS += include/secp256k1_ecdh.h
2 | noinst_HEADERS += src/modules/ecdh/main_impl.h
3 | noinst_HEADERS += src/modules/ecdh/tests_impl.h
4 | if USE_BENCHMARK
5 | noinst_PROGRAMS += bench_ecdh
6 | bench_ecdh_SOURCES = src/bench_ecdh.c
7 | bench_ecdh_LDADD = libsecp256k1.la $(SECP_LIBS) $(COMMON_LIB)
8 | endif
9 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/modules/ecdh/main_impl.h:
--------------------------------------------------------------------------------
1 | /**********************************************************************
2 | * Copyright (c) 2015 Andrew Poelstra *
3 | * Distributed under the MIT software license, see the accompanying *
4 | * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5 | **********************************************************************/
6 |
7 | #ifndef _SECP256K1_MODULE_ECDH_MAIN_
8 | #define _SECP256K1_MODULE_ECDH_MAIN_
9 |
10 | #include "include/secp256k1_ecdh.h"
11 | #include "ecmult_const_impl.h"
12 |
13 | int secp256k1_ecdh(const secp256k1_context* ctx, unsigned char *result, const secp256k1_pubkey *point, const unsigned char *scalar) {
14 | int ret = 0;
15 | int overflow = 0;
16 | secp256k1_gej res;
17 | secp256k1_ge pt;
18 | secp256k1_scalar s;
19 | VERIFY_CHECK(ctx != NULL);
20 | ARG_CHECK(result != NULL);
21 | ARG_CHECK(point != NULL);
22 | ARG_CHECK(scalar != NULL);
23 |
24 | secp256k1_pubkey_load(ctx, &pt, point);
25 | secp256k1_scalar_set_b32(&s, scalar, &overflow);
26 | if (overflow || secp256k1_scalar_is_zero(&s)) {
27 | ret = 0;
28 | } else {
29 | unsigned char x[32];
30 | unsigned char y[1];
31 | secp256k1_sha256_t sha;
32 |
33 | secp256k1_ecmult_const(&res, &pt, &s);
34 | secp256k1_ge_set_gej(&pt, &res);
35 | /* Compute a hash of the point in compressed form
36 | * Note we cannot use secp256k1_eckey_pubkey_serialize here since it does not
37 | * expect its output to be secret and has a timing sidechannel. */
38 | secp256k1_fe_normalize(&pt.x);
39 | secp256k1_fe_normalize(&pt.y);
40 | secp256k1_fe_get_b32(x, &pt.x);
41 | y[0] = 0x02 | secp256k1_fe_is_odd(&pt.y);
42 |
43 | secp256k1_sha256_initialize(&sha);
44 | secp256k1_sha256_write(&sha, y, sizeof(y));
45 | secp256k1_sha256_write(&sha, x, sizeof(x));
46 | secp256k1_sha256_finalize(&sha, result);
47 | ret = 1;
48 | }
49 |
50 | secp256k1_scalar_clear(&s);
51 | return ret;
52 | }
53 |
54 | #endif
55 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/modules/ecdh/tests_impl.h:
--------------------------------------------------------------------------------
1 | /**********************************************************************
2 | * Copyright (c) 2015 Andrew Poelstra *
3 | * Distributed under the MIT software license, see the accompanying *
4 | * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5 | **********************************************************************/
6 |
7 | #ifndef _SECP256K1_MODULE_ECDH_TESTS_
8 | #define _SECP256K1_MODULE_ECDH_TESTS_
9 |
10 | void test_ecdh_api(void) {
11 | /* Setup context that just counts errors */
12 | secp256k1_context *tctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN);
13 | secp256k1_pubkey point;
14 | unsigned char res[32];
15 | unsigned char s_one[32] = { 0 };
16 | int32_t ecount = 0;
17 | s_one[31] = 1;
18 |
19 | secp256k1_context_set_error_callback(tctx, counting_illegal_callback_fn, &ecount);
20 | secp256k1_context_set_illegal_callback(tctx, counting_illegal_callback_fn, &ecount);
21 | CHECK(secp256k1_ec_pubkey_create(tctx, &point, s_one) == 1);
22 |
23 | /* Check all NULLs are detected */
24 | CHECK(secp256k1_ecdh(tctx, res, &point, s_one) == 1);
25 | CHECK(ecount == 0);
26 | CHECK(secp256k1_ecdh(tctx, NULL, &point, s_one) == 0);
27 | CHECK(ecount == 1);
28 | CHECK(secp256k1_ecdh(tctx, res, NULL, s_one) == 0);
29 | CHECK(ecount == 2);
30 | CHECK(secp256k1_ecdh(tctx, res, &point, NULL) == 0);
31 | CHECK(ecount == 3);
32 | CHECK(secp256k1_ecdh(tctx, res, &point, s_one) == 1);
33 | CHECK(ecount == 3);
34 |
35 | /* Cleanup */
36 | secp256k1_context_destroy(tctx);
37 | }
38 |
39 | void test_ecdh_generator_basepoint(void) {
40 | unsigned char s_one[32] = { 0 };
41 | secp256k1_pubkey point[2];
42 | int i;
43 |
44 | s_one[31] = 1;
45 | /* Check against pubkey creation when the basepoint is the generator */
46 | for (i = 0; i < 100; ++i) {
47 | secp256k1_sha256_t sha;
48 | unsigned char s_b32[32];
49 | unsigned char output_ecdh[32];
50 | unsigned char output_ser[32];
51 | unsigned char point_ser[33];
52 | size_t point_ser_len = sizeof(point_ser);
53 | secp256k1_scalar s;
54 |
55 | random_scalar_order(&s);
56 | secp256k1_scalar_get_b32(s_b32, &s);
57 |
58 | /* compute using ECDH function */
59 | CHECK(secp256k1_ec_pubkey_create(ctx, &point[0], s_one) == 1);
60 | CHECK(secp256k1_ecdh(ctx, output_ecdh, &point[0], s_b32) == 1);
61 | /* compute "explicitly" */
62 | CHECK(secp256k1_ec_pubkey_create(ctx, &point[1], s_b32) == 1);
63 | CHECK(secp256k1_ec_pubkey_serialize(ctx, point_ser, &point_ser_len, &point[1], SECP256K1_EC_COMPRESSED) == 1);
64 | CHECK(point_ser_len == sizeof(point_ser));
65 | secp256k1_sha256_initialize(&sha);
66 | secp256k1_sha256_write(&sha, point_ser, point_ser_len);
67 | secp256k1_sha256_finalize(&sha, output_ser);
68 | /* compare */
69 | CHECK(memcmp(output_ecdh, output_ser, sizeof(output_ser)) == 0);
70 | }
71 | }
72 |
73 | void test_bad_scalar(void) {
74 | unsigned char s_zero[32] = { 0 };
75 | unsigned char s_overflow[32] = {
76 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
77 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe,
78 | 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b,
79 | 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x41
80 | };
81 | unsigned char s_rand[32] = { 0 };
82 | unsigned char output[32];
83 | secp256k1_scalar rand;
84 | secp256k1_pubkey point;
85 |
86 | /* Create random point */
87 | random_scalar_order(&rand);
88 | secp256k1_scalar_get_b32(s_rand, &rand);
89 | CHECK(secp256k1_ec_pubkey_create(ctx, &point, s_rand) == 1);
90 |
91 | /* Try to multiply it by bad values */
92 | CHECK(secp256k1_ecdh(ctx, output, &point, s_zero) == 0);
93 | CHECK(secp256k1_ecdh(ctx, output, &point, s_overflow) == 0);
94 | /* ...and a good one */
95 | s_overflow[31] -= 1;
96 | CHECK(secp256k1_ecdh(ctx, output, &point, s_overflow) == 1);
97 | }
98 |
99 | void run_ecdh_tests(void) {
100 | test_ecdh_api();
101 | test_ecdh_generator_basepoint();
102 | test_bad_scalar();
103 | }
104 |
105 | #endif
106 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/modules/recovery/Makefile.am.include:
--------------------------------------------------------------------------------
1 | include_HEADERS += include/secp256k1_recovery.h
2 | noinst_HEADERS += src/modules/recovery/main_impl.h
3 | noinst_HEADERS += src/modules/recovery/tests_impl.h
4 | if USE_BENCHMARK
5 | noinst_PROGRAMS += bench_recover
6 | bench_recover_SOURCES = src/bench_recover.c
7 | bench_recover_LDADD = libsecp256k1.la $(SECP_LIBS) $(COMMON_LIB)
8 | endif
9 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/num.h:
--------------------------------------------------------------------------------
1 | /**********************************************************************
2 | * Copyright (c) 2013, 2014 Pieter Wuille *
3 | * Distributed under the MIT software license, see the accompanying *
4 | * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5 | **********************************************************************/
6 |
7 | #ifndef _SECP256K1_NUM_
8 | #define _SECP256K1_NUM_
9 |
10 | #ifndef USE_NUM_NONE
11 |
12 | #if defined HAVE_CONFIG_H
13 | #include "libsecp256k1-config.h"
14 | #endif
15 |
16 | #if defined(USE_NUM_GMP)
17 | #include "num_gmp.h"
18 | #else
19 | #error "Please select num implementation"
20 | #endif
21 |
22 | /** Copy a number. */
23 | static void secp256k1_num_copy(secp256k1_num *r, const secp256k1_num *a);
24 |
25 | /** Convert a number's absolute value to a binary big-endian string.
26 | * There must be enough place. */
27 | static void secp256k1_num_get_bin(unsigned char *r, unsigned int rlen, const secp256k1_num *a);
28 |
29 | /** Set a number to the value of a binary big-endian string. */
30 | static void secp256k1_num_set_bin(secp256k1_num *r, const unsigned char *a, unsigned int alen);
31 |
32 | /** Compute a modular inverse. The input must be less than the modulus. */
33 | static void secp256k1_num_mod_inverse(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *m);
34 |
35 | /** Compute the jacobi symbol (a|b). b must be positive and odd. */
36 | static int secp256k1_num_jacobi(const secp256k1_num *a, const secp256k1_num *b);
37 |
38 | /** Compare the absolute value of two numbers. */
39 | static int secp256k1_num_cmp(const secp256k1_num *a, const secp256k1_num *b);
40 |
41 | /** Test whether two number are equal (including sign). */
42 | static int secp256k1_num_eq(const secp256k1_num *a, const secp256k1_num *b);
43 |
44 | /** Add two (signed) numbers. */
45 | static void secp256k1_num_add(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *b);
46 |
47 | /** Subtract two (signed) numbers. */
48 | static void secp256k1_num_sub(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *b);
49 |
50 | /** Multiply two (signed) numbers. */
51 | static void secp256k1_num_mul(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *b);
52 |
53 | /** Replace a number by its remainder modulo m. M's sign is ignored. The result is a number between 0 and m-1,
54 | even if r was negative. */
55 | static void secp256k1_num_mod(secp256k1_num *r, const secp256k1_num *m);
56 |
57 | /** Right-shift the passed number by bits. */
58 | static void secp256k1_num_shift(secp256k1_num *r, int bits);
59 |
60 | /** Check whether a number is zero. */
61 | static int secp256k1_num_is_zero(const secp256k1_num *a);
62 |
63 | /** Check whether a number is one. */
64 | static int secp256k1_num_is_one(const secp256k1_num *a);
65 |
66 | /** Check whether a number is strictly negative. */
67 | static int secp256k1_num_is_neg(const secp256k1_num *a);
68 |
69 | /** Change a number's sign. */
70 | static void secp256k1_num_negate(secp256k1_num *r);
71 |
72 | #endif
73 |
74 | #endif
75 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/num_gmp.h:
--------------------------------------------------------------------------------
1 | /**********************************************************************
2 | * Copyright (c) 2013, 2014 Pieter Wuille *
3 | * Distributed under the MIT software license, see the accompanying *
4 | * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5 | **********************************************************************/
6 |
7 | #ifndef _SECP256K1_NUM_REPR_
8 | #define _SECP256K1_NUM_REPR_
9 |
10 | #include
11 |
12 | #define NUM_LIMBS ((256+GMP_NUMB_BITS-1)/GMP_NUMB_BITS)
13 |
14 | typedef struct {
15 | mp_limb_t data[2*NUM_LIMBS];
16 | int neg;
17 | int limbs;
18 | } secp256k1_num;
19 |
20 | #endif
21 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/num_impl.h:
--------------------------------------------------------------------------------
1 | /**********************************************************************
2 | * Copyright (c) 2013, 2014 Pieter Wuille *
3 | * Distributed under the MIT software license, see the accompanying *
4 | * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5 | **********************************************************************/
6 |
7 | #ifndef _SECP256K1_NUM_IMPL_H_
8 | #define _SECP256K1_NUM_IMPL_H_
9 |
10 | #if defined HAVE_CONFIG_H
11 | #include "libsecp256k1-config.h"
12 | #endif
13 |
14 | #include "num.h"
15 |
16 | #if defined(USE_NUM_GMP)
17 | #include "num_gmp_impl.h"
18 | #elif defined(USE_NUM_NONE)
19 | /* Nothing. */
20 | #else
21 | #error "Please select num implementation"
22 | #endif
23 |
24 | #endif
25 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/scalar.h:
--------------------------------------------------------------------------------
1 | /**********************************************************************
2 | * Copyright (c) 2014 Pieter Wuille *
3 | * Distributed under the MIT software license, see the accompanying *
4 | * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5 | **********************************************************************/
6 |
7 | #ifndef _SECP256K1_SCALAR_
8 | #define _SECP256K1_SCALAR_
9 |
10 | #include "num.h"
11 |
12 | #if defined HAVE_CONFIG_H
13 | #include "libsecp256k1-config.h"
14 | #endif
15 |
16 | #if defined(EXHAUSTIVE_TEST_ORDER)
17 | #include "scalar_low.h"
18 | #elif defined(USE_SCALAR_4X64)
19 | #include "scalar_4x64.h"
20 | #elif defined(USE_SCALAR_8X32)
21 | #include "scalar_8x32.h"
22 | #else
23 | #error "Please select scalar implementation"
24 | #endif
25 |
26 | /** Clear a scalar to prevent the leak of sensitive data. */
27 | static void secp256k1_scalar_clear(secp256k1_scalar *r);
28 |
29 | /** Access bits from a scalar. All requested bits must belong to the same 32-bit limb. */
30 | static unsigned int secp256k1_scalar_get_bits(const secp256k1_scalar *a, unsigned int offset, unsigned int count);
31 |
32 | /** Access bits from a scalar. Not constant time. */
33 | static unsigned int secp256k1_scalar_get_bits_var(const secp256k1_scalar *a, unsigned int offset, unsigned int count);
34 |
35 | /** Set a scalar from a big endian byte array. */
36 | static void secp256k1_scalar_set_b32(secp256k1_scalar *r, const unsigned char *bin, int *overflow);
37 |
38 | /** Set a scalar to an unsigned integer. */
39 | static void secp256k1_scalar_set_int(secp256k1_scalar *r, unsigned int v);
40 |
41 | /** Convert a scalar to a byte array. */
42 | static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar* a);
43 |
44 | /** Add two scalars together (modulo the group order). Returns whether it overflowed. */
45 | static int secp256k1_scalar_add(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b);
46 |
47 | /** Conditionally add a power of two to a scalar. The result is not allowed to overflow. */
48 | static void secp256k1_scalar_cadd_bit(secp256k1_scalar *r, unsigned int bit, int flag);
49 |
50 | /** Multiply two scalars (modulo the group order). */
51 | static void secp256k1_scalar_mul(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b);
52 |
53 | /** Shift a scalar right by some amount strictly between 0 and 16, returning
54 | * the low bits that were shifted off */
55 | static int secp256k1_scalar_shr_int(secp256k1_scalar *r, int n);
56 |
57 | /** Compute the square of a scalar (modulo the group order). */
58 | static void secp256k1_scalar_sqr(secp256k1_scalar *r, const secp256k1_scalar *a);
59 |
60 | /** Compute the inverse of a scalar (modulo the group order). */
61 | static void secp256k1_scalar_inverse(secp256k1_scalar *r, const secp256k1_scalar *a);
62 |
63 | /** Compute the inverse of a scalar (modulo the group order), without constant-time guarantee. */
64 | static void secp256k1_scalar_inverse_var(secp256k1_scalar *r, const secp256k1_scalar *a);
65 |
66 | /** Compute the complement of a scalar (modulo the group order). */
67 | static void secp256k1_scalar_negate(secp256k1_scalar *r, const secp256k1_scalar *a);
68 |
69 | /** Check whether a scalar equals zero. */
70 | static int secp256k1_scalar_is_zero(const secp256k1_scalar *a);
71 |
72 | /** Check whether a scalar equals one. */
73 | static int secp256k1_scalar_is_one(const secp256k1_scalar *a);
74 |
75 | /** Check whether a scalar, considered as an nonnegative integer, is even. */
76 | static int secp256k1_scalar_is_even(const secp256k1_scalar *a);
77 |
78 | /** Check whether a scalar is higher than the group order divided by 2. */
79 | static int secp256k1_scalar_is_high(const secp256k1_scalar *a);
80 |
81 | /** Conditionally negate a number, in constant time.
82 | * Returns -1 if the number was negated, 1 otherwise */
83 | static int secp256k1_scalar_cond_negate(secp256k1_scalar *a, int flag);
84 |
85 | #ifndef USE_NUM_NONE
86 | /** Convert a scalar to a number. */
87 | static void secp256k1_scalar_get_num(secp256k1_num *r, const secp256k1_scalar *a);
88 |
89 | /** Get the order of the group as a number. */
90 | static void secp256k1_scalar_order_get_num(secp256k1_num *r);
91 | #endif
92 |
93 | /** Compare two scalars. */
94 | static int secp256k1_scalar_eq(const secp256k1_scalar *a, const secp256k1_scalar *b);
95 |
96 | #ifdef USE_ENDOMORPHISM
97 | /** Find r1 and r2 such that r1+r2*2^128 = a. */
98 | static void secp256k1_scalar_split_128(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *a);
99 | /** Find r1 and r2 such that r1+r2*lambda = a, and r1 and r2 are maximum 128 bits long (see secp256k1_gej_mul_lambda). */
100 | static void secp256k1_scalar_split_lambda(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *a);
101 | #endif
102 |
103 | /** Multiply a and b (without taking the modulus!), divide by 2**shift, and round to the nearest integer. Shift must be at least 256. */
104 | static void secp256k1_scalar_mul_shift_var(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b, unsigned int shift);
105 |
106 | #endif
107 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/scalar_4x64.h:
--------------------------------------------------------------------------------
1 | /**********************************************************************
2 | * Copyright (c) 2014 Pieter Wuille *
3 | * Distributed under the MIT software license, see the accompanying *
4 | * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5 | **********************************************************************/
6 |
7 | #ifndef _SECP256K1_SCALAR_REPR_
8 | #define _SECP256K1_SCALAR_REPR_
9 |
10 | #include
11 |
12 | /** A scalar modulo the group order of the secp256k1 curve. */
13 | typedef struct {
14 | uint64_t d[4];
15 | } secp256k1_scalar;
16 |
17 | #define SECP256K1_SCALAR_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {{((uint64_t)(d1)) << 32 | (d0), ((uint64_t)(d3)) << 32 | (d2), ((uint64_t)(d5)) << 32 | (d4), ((uint64_t)(d7)) << 32 | (d6)}}
18 |
19 | #endif
20 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/scalar_8x32.h:
--------------------------------------------------------------------------------
1 | /**********************************************************************
2 | * Copyright (c) 2014 Pieter Wuille *
3 | * Distributed under the MIT software license, see the accompanying *
4 | * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5 | **********************************************************************/
6 |
7 | #ifndef _SECP256K1_SCALAR_REPR_
8 | #define _SECP256K1_SCALAR_REPR_
9 |
10 | #include
11 |
12 | /** A scalar modulo the group order of the secp256k1 curve. */
13 | typedef struct {
14 | uint32_t d[8];
15 | } secp256k1_scalar;
16 |
17 | #define SECP256K1_SCALAR_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {{(d0), (d1), (d2), (d3), (d4), (d5), (d6), (d7)}}
18 |
19 | #endif
20 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/scalar_low.h:
--------------------------------------------------------------------------------
1 | /**********************************************************************
2 | * Copyright (c) 2015 Andrew Poelstra *
3 | * Distributed under the MIT software license, see the accompanying *
4 | * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5 | **********************************************************************/
6 |
7 | #ifndef _SECP256K1_SCALAR_REPR_
8 | #define _SECP256K1_SCALAR_REPR_
9 |
10 | #include
11 |
12 | /** A scalar modulo the group order of the secp256k1 curve. */
13 | typedef uint32_t secp256k1_scalar;
14 |
15 | #endif
16 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/scalar_low_impl.h:
--------------------------------------------------------------------------------
1 | /**********************************************************************
2 | * Copyright (c) 2015 Andrew Poelstra *
3 | * Distributed under the MIT software license, see the accompanying *
4 | * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5 | **********************************************************************/
6 |
7 | #ifndef _SECP256K1_SCALAR_REPR_IMPL_H_
8 | #define _SECP256K1_SCALAR_REPR_IMPL_H_
9 |
10 | #include "scalar.h"
11 |
12 | #include
13 |
14 | SECP256K1_INLINE static int secp256k1_scalar_is_even(const secp256k1_scalar *a) {
15 | return !(*a & 1);
16 | }
17 |
18 | SECP256K1_INLINE static void secp256k1_scalar_clear(secp256k1_scalar *r) { *r = 0; }
19 | SECP256K1_INLINE static void secp256k1_scalar_set_int(secp256k1_scalar *r, unsigned int v) { *r = v; }
20 |
21 | SECP256K1_INLINE static unsigned int secp256k1_scalar_get_bits(const secp256k1_scalar *a, unsigned int offset, unsigned int count) {
22 | if (offset < 32)
23 | return ((*a >> offset) & ((((uint32_t)1) << count) - 1));
24 | else
25 | return 0;
26 | }
27 |
28 | SECP256K1_INLINE static unsigned int secp256k1_scalar_get_bits_var(const secp256k1_scalar *a, unsigned int offset, unsigned int count) {
29 | return secp256k1_scalar_get_bits(a, offset, count);
30 | }
31 |
32 | SECP256K1_INLINE static int secp256k1_scalar_check_overflow(const secp256k1_scalar *a) { return *a >= EXHAUSTIVE_TEST_ORDER; }
33 |
34 | static int secp256k1_scalar_add(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b) {
35 | *r = (*a + *b) % EXHAUSTIVE_TEST_ORDER;
36 | return *r < *b;
37 | }
38 |
39 | static void secp256k1_scalar_cadd_bit(secp256k1_scalar *r, unsigned int bit, int flag) {
40 | if (flag && bit < 32)
41 | *r += (1 << bit);
42 | #ifdef VERIFY
43 | VERIFY_CHECK(secp256k1_scalar_check_overflow(r) == 0);
44 | #endif
45 | }
46 |
47 | static void secp256k1_scalar_set_b32(secp256k1_scalar *r, const unsigned char *b32, int *overflow) {
48 | const int base = 0x100 % EXHAUSTIVE_TEST_ORDER;
49 | int i;
50 | *r = 0;
51 | for (i = 0; i < 32; i++) {
52 | *r = ((*r * base) + b32[i]) % EXHAUSTIVE_TEST_ORDER;
53 | }
54 | /* just deny overflow, it basically always happens */
55 | if (overflow) *overflow = 0;
56 | }
57 |
58 | static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar* a) {
59 | memset(bin, 0, 32);
60 | bin[28] = *a >> 24; bin[29] = *a >> 16; bin[30] = *a >> 8; bin[31] = *a;
61 | }
62 |
63 | SECP256K1_INLINE static int secp256k1_scalar_is_zero(const secp256k1_scalar *a) {
64 | return *a == 0;
65 | }
66 |
67 | static void secp256k1_scalar_negate(secp256k1_scalar *r, const secp256k1_scalar *a) {
68 | if (*a == 0) {
69 | *r = 0;
70 | } else {
71 | *r = EXHAUSTIVE_TEST_ORDER - *a;
72 | }
73 | }
74 |
75 | SECP256K1_INLINE static int secp256k1_scalar_is_one(const secp256k1_scalar *a) {
76 | return *a == 1;
77 | }
78 |
79 | static int secp256k1_scalar_is_high(const secp256k1_scalar *a) {
80 | return *a > EXHAUSTIVE_TEST_ORDER / 2;
81 | }
82 |
83 | static int secp256k1_scalar_cond_negate(secp256k1_scalar *r, int flag) {
84 | if (flag) secp256k1_scalar_negate(r, r);
85 | return flag ? -1 : 1;
86 | }
87 |
88 | static void secp256k1_scalar_mul(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b) {
89 | *r = (*a * *b) % EXHAUSTIVE_TEST_ORDER;
90 | }
91 |
92 | static int secp256k1_scalar_shr_int(secp256k1_scalar *r, int n) {
93 | int ret;
94 | VERIFY_CHECK(n > 0);
95 | VERIFY_CHECK(n < 16);
96 | ret = *r & ((1 << n) - 1);
97 | *r >>= n;
98 | return ret;
99 | }
100 |
101 | static void secp256k1_scalar_sqr(secp256k1_scalar *r, const secp256k1_scalar *a) {
102 | *r = (*a * *a) % EXHAUSTIVE_TEST_ORDER;
103 | }
104 |
105 | static void secp256k1_scalar_split_128(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *a) {
106 | *r1 = *a;
107 | *r2 = 0;
108 | }
109 |
110 | SECP256K1_INLINE static int secp256k1_scalar_eq(const secp256k1_scalar *a, const secp256k1_scalar *b) {
111 | return *a == *b;
112 | }
113 |
114 | #endif
115 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/testrand.h:
--------------------------------------------------------------------------------
1 | /**********************************************************************
2 | * Copyright (c) 2013, 2014 Pieter Wuille *
3 | * Distributed under the MIT software license, see the accompanying *
4 | * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5 | **********************************************************************/
6 |
7 | #ifndef _SECP256K1_TESTRAND_H_
8 | #define _SECP256K1_TESTRAND_H_
9 |
10 | #if defined HAVE_CONFIG_H
11 | #include "libsecp256k1-config.h"
12 | #endif
13 |
14 | /* A non-cryptographic RNG used only for test infrastructure. */
15 |
16 | /** Seed the pseudorandom number generator for testing. */
17 | SECP256K1_INLINE static void secp256k1_rand_seed(const unsigned char *seed16);
18 |
19 | /** Generate a pseudorandom number in the range [0..2**32-1]. */
20 | static uint32_t secp256k1_rand32(void);
21 |
22 | /** Generate a pseudorandom number in the range [0..2**bits-1]. Bits must be 1 or
23 | * more. */
24 | static uint32_t secp256k1_rand_bits(int bits);
25 |
26 | /** Generate a pseudorandom number in the range [0..range-1]. */
27 | static uint32_t secp256k1_rand_int(uint32_t range);
28 |
29 | /** Generate a pseudorandom 32-byte array. */
30 | static void secp256k1_rand256(unsigned char *b32);
31 |
32 | /** Generate a pseudorandom 32-byte array with long sequences of zero and one bits. */
33 | static void secp256k1_rand256_test(unsigned char *b32);
34 |
35 | /** Generate pseudorandom bytes with long sequences of zero and one bits. */
36 | static void secp256k1_rand_bytes_test(unsigned char *bytes, size_t len);
37 |
38 | #endif
39 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/testrand_impl.h:
--------------------------------------------------------------------------------
1 | /**********************************************************************
2 | * Copyright (c) 2013-2015 Pieter Wuille *
3 | * Distributed under the MIT software license, see the accompanying *
4 | * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5 | **********************************************************************/
6 |
7 | #ifndef _SECP256K1_TESTRAND_IMPL_H_
8 | #define _SECP256K1_TESTRAND_IMPL_H_
9 |
10 | #include
11 | #include
12 |
13 | #include "testrand.h"
14 | #include "hash.h"
15 |
16 | static secp256k1_rfc6979_hmac_sha256_t secp256k1_test_rng;
17 | static uint32_t secp256k1_test_rng_precomputed[8];
18 | static int secp256k1_test_rng_precomputed_used = 8;
19 | static uint64_t secp256k1_test_rng_integer;
20 | static int secp256k1_test_rng_integer_bits_left = 0;
21 |
22 | SECP256K1_INLINE static void secp256k1_rand_seed(const unsigned char *seed16) {
23 | secp256k1_rfc6979_hmac_sha256_initialize(&secp256k1_test_rng, seed16, 16);
24 | }
25 |
26 | SECP256K1_INLINE static uint32_t secp256k1_rand32(void) {
27 | if (secp256k1_test_rng_precomputed_used == 8) {
28 | secp256k1_rfc6979_hmac_sha256_generate(&secp256k1_test_rng, (unsigned char*)(&secp256k1_test_rng_precomputed[0]), sizeof(secp256k1_test_rng_precomputed));
29 | secp256k1_test_rng_precomputed_used = 0;
30 | }
31 | return secp256k1_test_rng_precomputed[secp256k1_test_rng_precomputed_used++];
32 | }
33 |
34 | static uint32_t secp256k1_rand_bits(int bits) {
35 | uint32_t ret;
36 | if (secp256k1_test_rng_integer_bits_left < bits) {
37 | secp256k1_test_rng_integer |= (((uint64_t)secp256k1_rand32()) << secp256k1_test_rng_integer_bits_left);
38 | secp256k1_test_rng_integer_bits_left += 32;
39 | }
40 | ret = secp256k1_test_rng_integer;
41 | secp256k1_test_rng_integer >>= bits;
42 | secp256k1_test_rng_integer_bits_left -= bits;
43 | ret &= ((~((uint32_t)0)) >> (32 - bits));
44 | return ret;
45 | }
46 |
47 | static uint32_t secp256k1_rand_int(uint32_t range) {
48 | /* We want a uniform integer between 0 and range-1, inclusive.
49 | * B is the smallest number such that range <= 2**B.
50 | * two mechanisms implemented here:
51 | * - generate B bits numbers until one below range is found, and return it
52 | * - find the largest multiple M of range that is <= 2**(B+A), generate B+A
53 | * bits numbers until one below M is found, and return it modulo range
54 | * The second mechanism consumes A more bits of entropy in every iteration,
55 | * but may need fewer iterations due to M being closer to 2**(B+A) then
56 | * range is to 2**B. The array below (indexed by B) contains a 0 when the
57 | * first mechanism is to be used, and the number A otherwise.
58 | */
59 | static const int addbits[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 2, 2, 2, 2, 2, 2, 2, 2, 2, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 1, 0};
60 | uint32_t trange, mult;
61 | int bits = 0;
62 | if (range <= 1) {
63 | return 0;
64 | }
65 | trange = range - 1;
66 | while (trange > 0) {
67 | trange >>= 1;
68 | bits++;
69 | }
70 | if (addbits[bits]) {
71 | bits = bits + addbits[bits];
72 | mult = ((~((uint32_t)0)) >> (32 - bits)) / range;
73 | trange = range * mult;
74 | } else {
75 | trange = range;
76 | mult = 1;
77 | }
78 | while(1) {
79 | uint32_t x = secp256k1_rand_bits(bits);
80 | if (x < trange) {
81 | return (mult == 1) ? x : (x % range);
82 | }
83 | }
84 | }
85 |
86 | static void secp256k1_rand256(unsigned char *b32) {
87 | secp256k1_rfc6979_hmac_sha256_generate(&secp256k1_test_rng, b32, 32);
88 | }
89 |
90 | static void secp256k1_rand_bytes_test(unsigned char *bytes, size_t len) {
91 | size_t bits = 0;
92 | memset(bytes, 0, len);
93 | while (bits < len * 8) {
94 | int now;
95 | uint32_t val;
96 | now = 1 + (secp256k1_rand_bits(6) * secp256k1_rand_bits(5) + 16) / 31;
97 | val = secp256k1_rand_bits(1);
98 | while (now > 0 && bits < len * 8) {
99 | bytes[bits / 8] |= val << (bits % 8);
100 | now--;
101 | bits++;
102 | }
103 | }
104 | }
105 |
106 | static void secp256k1_rand256_test(unsigned char *b32) {
107 | secp256k1_rand_bytes_test(b32, 32);
108 | }
109 |
110 | #endif
111 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/libsecp256k1/src/util.h:
--------------------------------------------------------------------------------
1 | /**********************************************************************
2 | * Copyright (c) 2013, 2014 Pieter Wuille *
3 | * Distributed under the MIT software license, see the accompanying *
4 | * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5 | **********************************************************************/
6 |
7 | #ifndef _SECP256K1_UTIL_H_
8 | #define _SECP256K1_UTIL_H_
9 |
10 | #if defined HAVE_CONFIG_H
11 | #include "libsecp256k1-config.h"
12 | #endif
13 |
14 | #include
15 | #include
16 | #include
17 |
18 | typedef struct {
19 | void (*fn)(const char *text, void* data);
20 | const void* data;
21 | } secp256k1_callback;
22 |
23 | static SECP256K1_INLINE void secp256k1_callback_call(const secp256k1_callback * const cb, const char * const text) {
24 | cb->fn(text, (void*)cb->data);
25 | }
26 |
27 | #ifdef DETERMINISTIC
28 | #define TEST_FAILURE(msg) do { \
29 | fprintf(stderr, "%s\n", msg); \
30 | abort(); \
31 | } while(0);
32 | #else
33 | #define TEST_FAILURE(msg) do { \
34 | fprintf(stderr, "%s:%d: %s\n", __FILE__, __LINE__, msg); \
35 | abort(); \
36 | } while(0)
37 | #endif
38 |
39 | #ifdef HAVE_BUILTIN_EXPECT
40 | #define EXPECT(x,c) __builtin_expect((x),(c))
41 | #else
42 | #define EXPECT(x,c) (x)
43 | #endif
44 |
45 | #ifdef DETERMINISTIC
46 | #define CHECK(cond) do { \
47 | if (EXPECT(!(cond), 0)) { \
48 | TEST_FAILURE("test condition failed"); \
49 | } \
50 | } while(0)
51 | #else
52 | #define CHECK(cond) do { \
53 | if (EXPECT(!(cond), 0)) { \
54 | TEST_FAILURE("test condition failed: " #cond); \
55 | } \
56 | } while(0)
57 | #endif
58 |
59 | /* Like assert(), but when VERIFY is defined, and side-effect safe. */
60 | #if defined(COVERAGE)
61 | #define VERIFY_CHECK(check)
62 | #define VERIFY_SETUP(stmt)
63 | #elif defined(VERIFY)
64 | #define VERIFY_CHECK CHECK
65 | #define VERIFY_SETUP(stmt) do { stmt; } while(0)
66 | #else
67 | #define VERIFY_CHECK(cond) do { (void)(cond); } while(0)
68 | #define VERIFY_SETUP(stmt)
69 | #endif
70 |
71 | static SECP256K1_INLINE void *checked_malloc(const secp256k1_callback* cb, size_t size) {
72 | void *ret = malloc(size);
73 | if (ret == NULL) {
74 | secp256k1_callback_call(cb, "Out of memory");
75 | }
76 | return ret;
77 | }
78 |
79 | /* Macro for restrict, when available and not in a VERIFY build. */
80 | #if defined(SECP256K1_BUILD) && defined(VERIFY)
81 | # define SECP256K1_RESTRICT
82 | #else
83 | # if (!defined(__STDC_VERSION__) || (__STDC_VERSION__ < 199901L) )
84 | # if SECP256K1_GNUC_PREREQ(3,0)
85 | # define SECP256K1_RESTRICT __restrict__
86 | # elif (defined(_MSC_VER) && _MSC_VER >= 1400)
87 | # define SECP256K1_RESTRICT __restrict
88 | # else
89 | # define SECP256K1_RESTRICT
90 | # endif
91 | # else
92 | # define SECP256K1_RESTRICT restrict
93 | # endif
94 | #endif
95 |
96 | #if defined(_WIN32)
97 | # define I64FORMAT "I64d"
98 | # define I64uFORMAT "I64u"
99 | #else
100 | # define I64FORMAT "lld"
101 | # define I64uFORMAT "llu"
102 | #endif
103 |
104 | #if defined(HAVE___INT128)
105 | # if defined(__GNUC__)
106 | # define SECP256K1_GNUC_EXT __extension__
107 | # else
108 | # define SECP256K1_GNUC_EXT
109 | # endif
110 | SECP256K1_GNUC_EXT typedef unsigned __int128 uint128_t;
111 | #endif
112 |
113 | #endif
114 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/panic_cb.go:
--------------------------------------------------------------------------------
1 | // Copyright 2015 Jeffrey Wilcke, Felix Lange, Gustav Simonsson. All rights reserved.
2 | // Use of this source code is governed by a BSD-style license that can be found in
3 | // the LICENSE file.
4 |
5 | package secp256k1
6 |
7 | import "C"
8 | import "unsafe"
9 |
10 | // Callbacks for converting libsecp256k1 internal faults into
11 | // recoverable Go panics.
12 |
13 | //export secp256k1GoPanicIllegal
14 | func secp256k1GoPanicIllegal(msg *C.char, data unsafe.Pointer) {
15 | panic("illegal argument: " + C.GoString(msg))
16 | }
17 |
18 | //export secp256k1GoPanicError
19 | func secp256k1GoPanicError(msg *C.char, data unsafe.Pointer) {
20 | panic("internal error: " + C.GoString(msg))
21 | }
22 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/secp256k1/secp256.go:
--------------------------------------------------------------------------------
1 | // Copyright 2015 Jeffrey Wilcke, Felix Lange, Gustav Simonsson. All rights reserved.
2 | // Use of this source code is governed by a BSD-style license that can be found in
3 | // the LICENSE file.
4 |
5 | // Package secp256k1 wraps the bitcoin secp256k1 C library.
6 | package secp256k1
7 |
8 | /*
9 | #cgo CFLAGS: -I./libsecp256k1
10 | #cgo CFLAGS: -I./libsecp256k1/src/
11 | #define USE_NUM_NONE
12 | #define USE_FIELD_10X26
13 | #define USE_FIELD_INV_BUILTIN
14 | #define USE_SCALAR_8X32
15 | #define USE_SCALAR_INV_BUILTIN
16 | #define NDEBUG
17 | #include "./libsecp256k1/src/secp256k1.c"
18 | #include "./libsecp256k1/src/modules/recovery/main_impl.h"
19 | #include "ext.h"
20 |
21 | typedef void (*callbackFunc) (const char* msg, void* data);
22 | extern void secp256k1GoPanicIllegal(const char* msg, void* data);
23 | extern void secp256k1GoPanicError(const char* msg, void* data);
24 | */
25 | import "C"
26 |
27 | import (
28 | "errors"
29 | "math/big"
30 | "unsafe"
31 | )
32 |
33 | var context *C.secp256k1_context
34 |
35 | func init() {
36 | // around 20 ms on a modern CPU.
37 | context = C.secp256k1_context_create_sign_verify()
38 | C.secp256k1_context_set_illegal_callback(context, C.callbackFunc(C.secp256k1GoPanicIllegal), nil)
39 | C.secp256k1_context_set_error_callback(context, C.callbackFunc(C.secp256k1GoPanicError), nil)
40 | }
41 |
42 | var (
43 | ErrInvalidMsgLen = errors.New("invalid message length, need 32 bytes")
44 | ErrInvalidSignatureLen = errors.New("invalid signature length")
45 | ErrInvalidRecoveryID = errors.New("invalid signature recovery id")
46 | ErrInvalidKey = errors.New("invalid private key")
47 | ErrInvalidPubkey = errors.New("invalid public key")
48 | ErrSignFailed = errors.New("signing failed")
49 | ErrRecoverFailed = errors.New("recovery failed")
50 | )
51 |
52 | // Sign creates a recoverable ECDSA signature.
53 | // The produced signature is in the 65-byte [R || S || V] format where V is 0 or 1.
54 | //
55 | // The caller is responsible for ensuring that msg cannot be chosen
56 | // directly by an attacker. It is usually preferable to use a cryptographic
57 | // hash function on any input before handing it to this function.
58 | func Sign(msg []byte, seckey []byte) ([]byte, error) {
59 | if len(msg) != 32 {
60 | return nil, ErrInvalidMsgLen
61 | }
62 | if len(seckey) != 32 {
63 | return nil, ErrInvalidKey
64 | }
65 | seckeydata := (*C.uchar)(unsafe.Pointer(&seckey[0]))
66 | if C.secp256k1_ec_seckey_verify(context, seckeydata) != 1 {
67 | return nil, ErrInvalidKey
68 | }
69 |
70 | var (
71 | msgdata = (*C.uchar)(unsafe.Pointer(&msg[0]))
72 | noncefunc = C.secp256k1_nonce_function_rfc6979
73 | sigstruct C.secp256k1_ecdsa_recoverable_signature
74 | )
75 | if C.secp256k1_ecdsa_sign_recoverable(context, &sigstruct, msgdata, seckeydata, noncefunc, nil) == 0 {
76 | return nil, ErrSignFailed
77 | }
78 |
79 | var (
80 | sig = make([]byte, 65)
81 | sigdata = (*C.uchar)(unsafe.Pointer(&sig[0]))
82 | recid C.int
83 | )
84 | C.secp256k1_ecdsa_recoverable_signature_serialize_compact(context, sigdata, &recid, &sigstruct)
85 | sig[64] = byte(recid) // add back recid to get 65 bytes sig
86 | return sig, nil
87 | }
88 |
89 | // RecoverPubkey returns the public key of the signer.
90 | // msg must be the 32-byte hash of the message to be signed.
91 | // sig must be a 65-byte compact ECDSA signature containing the
92 | // recovery id as the last element.
93 | func RecoverPubkey(msg []byte, sig []byte) ([]byte, error) {
94 | if len(msg) != 32 {
95 | return nil, ErrInvalidMsgLen
96 | }
97 | if err := checkSignature(sig); err != nil {
98 | return nil, err
99 | }
100 |
101 | var (
102 | pubkey = make([]byte, 65)
103 | sigdata = (*C.uchar)(unsafe.Pointer(&sig[0]))
104 | msgdata = (*C.uchar)(unsafe.Pointer(&msg[0]))
105 | )
106 | if C.secp256k1_ext_ecdsa_recover(context, (*C.uchar)(unsafe.Pointer(&pubkey[0])), sigdata, msgdata) == 0 {
107 | return nil, ErrRecoverFailed
108 | }
109 | return pubkey, nil
110 | }
111 |
112 | // VerifySignature checks that the given pubkey created signature over message.
113 | // The signature should be in [R || S] format.
114 | func VerifySignature(pubkey, msg, signature []byte) bool {
115 | if len(msg) != 32 || len(signature) != 64 || len(pubkey) == 0 {
116 | return false
117 | }
118 | sigdata := (*C.uchar)(unsafe.Pointer(&signature[0]))
119 | msgdata := (*C.uchar)(unsafe.Pointer(&msg[0]))
120 | keydata := (*C.uchar)(unsafe.Pointer(&pubkey[0]))
121 | return C.secp256k1_ext_ecdsa_verify(context, sigdata, msgdata, keydata, C.size_t(len(pubkey))) != 0
122 | }
123 |
124 | // DecompressPubkey parses a public key in the 33-byte compressed format.
125 | // It returns non-nil coordinates if the public key is valid.
126 | func DecompressPubkey(pubkey []byte) (x, y *big.Int) {
127 | if len(pubkey) != 33 {
128 | return nil, nil
129 | }
130 | var (
131 | pubkeydata = (*C.uchar)(unsafe.Pointer(&pubkey[0]))
132 | pubkeylen = C.size_t(len(pubkey))
133 | out = make([]byte, 65)
134 | outdata = (*C.uchar)(unsafe.Pointer(&out[0]))
135 | outlen = C.size_t(len(out))
136 | )
137 | if C.secp256k1_ext_reencode_pubkey(context, outdata, outlen, pubkeydata, pubkeylen) == 0 {
138 | return nil, nil
139 | }
140 | return new(big.Int).SetBytes(out[1:33]), new(big.Int).SetBytes(out[33:])
141 | }
142 |
143 | // CompressPubkey encodes a public key to 33-byte compressed format.
144 | func CompressPubkey(x, y *big.Int) []byte {
145 | var (
146 | pubkey = S256().Marshal(x, y)
147 | pubkeydata = (*C.uchar)(unsafe.Pointer(&pubkey[0]))
148 | pubkeylen = C.size_t(len(pubkey))
149 | out = make([]byte, 33)
150 | outdata = (*C.uchar)(unsafe.Pointer(&out[0]))
151 | outlen = C.size_t(len(out))
152 | )
153 | if C.secp256k1_ext_reencode_pubkey(context, outdata, outlen, pubkeydata, pubkeylen) == 0 {
154 | panic("libsecp256k1 error")
155 | }
156 | return out
157 | }
158 |
159 | func checkSignature(sig []byte) error {
160 | if len(sig) != 65 {
161 | return ErrInvalidSignatureLen
162 | }
163 | if sig[64] >= 4 {
164 | return ErrInvalidRecoveryID
165 | }
166 | return nil
167 | }
168 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/signature_cgo.go:
--------------------------------------------------------------------------------
1 | // Copyright 2017 The go-ethereum Authors
2 | // This file is part of the go-ethereum library.
3 | //
4 | // The go-ethereum library is free software: you can redistribute it and/or modify
5 | // it under the terms of the GNU Lesser General Public License as published by
6 | // the Free Software Foundation, either version 3 of the License, or
7 | // (at your option) any later version.
8 | //
9 | // The go-ethereum library is distributed in the hope that it will be useful,
10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | // GNU Lesser General Public License for more details.
13 | //
14 | // You should have received a copy of the GNU Lesser General Public License
15 | // along with the go-ethereum library. If not, see .
16 |
17 | // +build !nacl,!js,cgo
18 |
19 | package crypto
20 |
21 | import (
22 | "crypto/ecdsa"
23 | "crypto/elliptic"
24 | "fmt"
25 |
26 | "github.com/ethereum/go-ethereum/common/math"
27 | "github.com/ethereum/go-ethereum/crypto/secp256k1"
28 | )
29 |
30 | // Ecrecover returns the uncompressed public key that created the given signature.
31 | func Ecrecover(hash, sig []byte) ([]byte, error) {
32 | return secp256k1.RecoverPubkey(hash, sig)
33 | }
34 |
35 | // SigToPub returns the public key that created the given signature.
36 | func SigToPub(hash, sig []byte) (*ecdsa.PublicKey, error) {
37 | s, err := Ecrecover(hash, sig)
38 | if err != nil {
39 | return nil, err
40 | }
41 |
42 | x, y := elliptic.Unmarshal(S256(), s)
43 | return &ecdsa.PublicKey{Curve: S256(), X: x, Y: y}, nil
44 | }
45 |
46 | // Sign calculates an ECDSA signature.
47 | //
48 | // This function is susceptible to chosen plaintext attacks that can leak
49 | // information about the private key that is used for signing. Callers must
50 | // be aware that the given hash cannot be chosen by an adversery. Common
51 | // solution is to hash any input before calculating the signature.
52 | //
53 | // The produced signature is in the [R || S || V] format where V is 0 or 1.
54 | func Sign(hash []byte, prv *ecdsa.PrivateKey) (sig []byte, err error) {
55 | if len(hash) != 32 {
56 | return nil, fmt.Errorf("hash is required to be exactly 32 bytes (%d)", len(hash))
57 | }
58 | seckey := math.PaddedBigBytes(prv.D, prv.Params().BitSize/8)
59 | defer zeroBytes(seckey)
60 | return secp256k1.Sign(hash, seckey)
61 | }
62 |
63 | // VerifySignature checks that the given public key created signature over hash.
64 | // The public key should be in compressed (33 bytes) or uncompressed (65 bytes) format.
65 | // The signature should have the 64 byte [R || S] format.
66 | func VerifySignature(pubkey, hash, signature []byte) bool {
67 | return secp256k1.VerifySignature(pubkey, hash, signature)
68 | }
69 |
70 | // DecompressPubkey parses a public key in the 33-byte compressed format.
71 | func DecompressPubkey(pubkey []byte) (*ecdsa.PublicKey, error) {
72 | x, y := secp256k1.DecompressPubkey(pubkey)
73 | if x == nil {
74 | return nil, fmt.Errorf("invalid public key")
75 | }
76 | return &ecdsa.PublicKey{X: x, Y: y, Curve: S256()}, nil
77 | }
78 |
79 | // CompressPubkey encodes a public key to the 33-byte compressed format.
80 | func CompressPubkey(pubkey *ecdsa.PublicKey) []byte {
81 | return secp256k1.CompressPubkey(pubkey.X, pubkey.Y)
82 | }
83 |
84 | // S256 returns an instance of the secp256k1 curve.
85 | func S256() elliptic.Curve {
86 | return secp256k1.S256()
87 | }
88 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/crypto/signature_nocgo.go:
--------------------------------------------------------------------------------
1 | // Copyright 2017 The go-ethereum Authors
2 | // This file is part of the go-ethereum library.
3 | //
4 | // The go-ethereum library is free software: you can redistribute it and/or modify
5 | // it under the terms of the GNU Lesser General Public License as published by
6 | // the Free Software Foundation, either version 3 of the License, or
7 | // (at your option) any later version.
8 | //
9 | // The go-ethereum library is distributed in the hope that it will be useful,
10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | // GNU Lesser General Public License for more details.
13 | //
14 | // You should have received a copy of the GNU Lesser General Public License
15 | // along with the go-ethereum library. If not, see .
16 |
17 | // +build nacl js !cgo
18 |
19 | package crypto
20 |
21 | import (
22 | "crypto/ecdsa"
23 | "crypto/elliptic"
24 | "errors"
25 | "fmt"
26 | "math/big"
27 |
28 | "github.com/btcsuite/btcd/btcec"
29 | )
30 |
31 | // Ecrecover returns the uncompressed public key that created the given signature.
32 | func Ecrecover(hash, sig []byte) ([]byte, error) {
33 | pub, err := SigToPub(hash, sig)
34 | if err != nil {
35 | return nil, err
36 | }
37 | bytes := (*btcec.PublicKey)(pub).SerializeUncompressed()
38 | return bytes, err
39 | }
40 |
41 | // SigToPub returns the public key that created the given signature.
42 | func SigToPub(hash, sig []byte) (*ecdsa.PublicKey, error) {
43 | // Convert to btcec input format with 'recovery id' v at the beginning.
44 | btcsig := make([]byte, 65)
45 | btcsig[0] = sig[64] + 27
46 | copy(btcsig[1:], sig)
47 |
48 | pub, _, err := btcec.RecoverCompact(btcec.S256(), btcsig, hash)
49 | return (*ecdsa.PublicKey)(pub), err
50 | }
51 |
52 | // Sign calculates an ECDSA signature.
53 | //
54 | // This function is susceptible to chosen plaintext attacks that can leak
55 | // information about the private key that is used for signing. Callers must
56 | // be aware that the given hash cannot be chosen by an adversery. Common
57 | // solution is to hash any input before calculating the signature.
58 | //
59 | // The produced signature is in the [R || S || V] format where V is 0 or 1.
60 | func Sign(hash []byte, prv *ecdsa.PrivateKey) ([]byte, error) {
61 | if len(hash) != 32 {
62 | return nil, fmt.Errorf("hash is required to be exactly 32 bytes (%d)", len(hash))
63 | }
64 | if prv.Curve != btcec.S256() {
65 | return nil, fmt.Errorf("private key curve is not secp256k1")
66 | }
67 | sig, err := btcec.SignCompact(btcec.S256(), (*btcec.PrivateKey)(prv), hash, false)
68 | if err != nil {
69 | return nil, err
70 | }
71 | // Convert to Ethereum signature format with 'recovery id' v at the end.
72 | v := sig[0] - 27
73 | copy(sig, sig[1:])
74 | sig[64] = v
75 | return sig, nil
76 | }
77 |
78 | // VerifySignature checks that the given public key created signature over hash.
79 | // The public key should be in compressed (33 bytes) or uncompressed (65 bytes) format.
80 | // The signature should have the 64 byte [R || S] format.
81 | func VerifySignature(pubkey, hash, signature []byte) bool {
82 | if len(signature) != 64 {
83 | return false
84 | }
85 | sig := &btcec.Signature{R: new(big.Int).SetBytes(signature[:32]), S: new(big.Int).SetBytes(signature[32:])}
86 | key, err := btcec.ParsePubKey(pubkey, btcec.S256())
87 | if err != nil {
88 | return false
89 | }
90 | // Reject malleable signatures. libsecp256k1 does this check but btcec doesn't.
91 | if sig.S.Cmp(secp256k1halfN) > 0 {
92 | return false
93 | }
94 | return sig.Verify(hash, key)
95 | }
96 |
97 | // DecompressPubkey parses a public key in the 33-byte compressed format.
98 | func DecompressPubkey(pubkey []byte) (*ecdsa.PublicKey, error) {
99 | if len(pubkey) != 33 {
100 | return nil, errors.New("invalid compressed public key length")
101 | }
102 | key, err := btcec.ParsePubKey(pubkey, btcec.S256())
103 | if err != nil {
104 | return nil, err
105 | }
106 | return key.ToECDSA(), nil
107 | }
108 |
109 | // CompressPubkey encodes a public key to the 33-byte compressed format.
110 | func CompressPubkey(pubkey *ecdsa.PublicKey) []byte {
111 | return (*btcec.PublicKey)(pubkey).SerializeCompressed()
112 | }
113 |
114 | // S256 returns an instance of the secp256k1 curve.
115 | func S256() elliptic.Curve {
116 | return btcec.S256()
117 | }
118 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/rlp/doc.go:
--------------------------------------------------------------------------------
1 | // Copyright 2014 The go-ethereum Authors
2 | // This file is part of the go-ethereum library.
3 | //
4 | // The go-ethereum library is free software: you can redistribute it and/or modify
5 | // it under the terms of the GNU Lesser General Public License as published by
6 | // the Free Software Foundation, either version 3 of the License, or
7 | // (at your option) any later version.
8 | //
9 | // The go-ethereum library is distributed in the hope that it will be useful,
10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | // GNU Lesser General Public License for more details.
13 | //
14 | // You should have received a copy of the GNU Lesser General Public License
15 | // along with the go-ethereum library. If not, see .
16 |
17 | /*
18 | Package rlp implements the RLP serialization format.
19 |
20 | The purpose of RLP (Recursive Linear Prefix) is to encode arbitrarily
21 | nested arrays of binary data, and RLP is the main encoding method used
22 | to serialize objects in Ethereum. The only purpose of RLP is to encode
23 | structure; encoding specific atomic data types (eg. strings, ints,
24 | floats) is left up to higher-order protocols; in Ethereum integers
25 | must be represented in big endian binary form with no leading zeroes
26 | (thus making the integer value zero equivalent to the empty byte
27 | array).
28 |
29 | RLP values are distinguished by a type tag. The type tag precedes the
30 | value in the input stream and defines the size and kind of the bytes
31 | that follow.
32 | */
33 | package rlp
34 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/rlp/raw.go:
--------------------------------------------------------------------------------
1 | // Copyright 2015 The go-ethereum Authors
2 | // This file is part of the go-ethereum library.
3 | //
4 | // The go-ethereum library is free software: you can redistribute it and/or modify
5 | // it under the terms of the GNU Lesser General Public License as published by
6 | // the Free Software Foundation, either version 3 of the License, or
7 | // (at your option) any later version.
8 | //
9 | // The go-ethereum library is distributed in the hope that it will be useful,
10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | // GNU Lesser General Public License for more details.
13 | //
14 | // You should have received a copy of the GNU Lesser General Public License
15 | // along with the go-ethereum library. If not, see .
16 |
17 | package rlp
18 |
19 | import (
20 | "io"
21 | "reflect"
22 | )
23 |
24 | // RawValue represents an encoded RLP value and can be used to delay
25 | // RLP decoding or to precompute an encoding. Note that the decoder does
26 | // not verify whether the content of RawValues is valid RLP.
27 | type RawValue []byte
28 |
29 | var rawValueType = reflect.TypeOf(RawValue{})
30 |
31 | // ListSize returns the encoded size of an RLP list with the given
32 | // content size.
33 | func ListSize(contentSize uint64) uint64 {
34 | return uint64(headsize(contentSize)) + contentSize
35 | }
36 |
37 | // Split returns the content of first RLP value and any
38 | // bytes after the value as subslices of b.
39 | func Split(b []byte) (k Kind, content, rest []byte, err error) {
40 | k, ts, cs, err := readKind(b)
41 | if err != nil {
42 | return 0, nil, b, err
43 | }
44 | return k, b[ts : ts+cs], b[ts+cs:], nil
45 | }
46 |
47 | // SplitString splits b into the content of an RLP string
48 | // and any remaining bytes after the string.
49 | func SplitString(b []byte) (content, rest []byte, err error) {
50 | k, content, rest, err := Split(b)
51 | if err != nil {
52 | return nil, b, err
53 | }
54 | if k == List {
55 | return nil, b, ErrExpectedString
56 | }
57 | return content, rest, nil
58 | }
59 |
60 | // SplitList splits b into the content of a list and any remaining
61 | // bytes after the list.
62 | func SplitList(b []byte) (content, rest []byte, err error) {
63 | k, content, rest, err := Split(b)
64 | if err != nil {
65 | return nil, b, err
66 | }
67 | if k != List {
68 | return nil, b, ErrExpectedList
69 | }
70 | return content, rest, nil
71 | }
72 |
73 | // CountValues counts the number of encoded values in b.
74 | func CountValues(b []byte) (int, error) {
75 | i := 0
76 | for ; len(b) > 0; i++ {
77 | _, tagsize, size, err := readKind(b)
78 | if err != nil {
79 | return 0, err
80 | }
81 | b = b[tagsize+size:]
82 | }
83 | return i, nil
84 | }
85 |
86 | func readKind(buf []byte) (k Kind, tagsize, contentsize uint64, err error) {
87 | if len(buf) == 0 {
88 | return 0, 0, 0, io.ErrUnexpectedEOF
89 | }
90 | b := buf[0]
91 | switch {
92 | case b < 0x80:
93 | k = Byte
94 | tagsize = 0
95 | contentsize = 1
96 | case b < 0xB8:
97 | k = String
98 | tagsize = 1
99 | contentsize = uint64(b - 0x80)
100 | // Reject strings that should've been single bytes.
101 | if contentsize == 1 && len(buf) > 1 && buf[1] < 128 {
102 | return 0, 0, 0, ErrCanonSize
103 | }
104 | case b < 0xC0:
105 | k = String
106 | tagsize = uint64(b-0xB7) + 1
107 | contentsize, err = readSize(buf[1:], b-0xB7)
108 | case b < 0xF8:
109 | k = List
110 | tagsize = 1
111 | contentsize = uint64(b - 0xC0)
112 | default:
113 | k = List
114 | tagsize = uint64(b-0xF7) + 1
115 | contentsize, err = readSize(buf[1:], b-0xF7)
116 | }
117 | if err != nil {
118 | return 0, 0, 0, err
119 | }
120 | // Reject values larger than the input slice.
121 | if contentsize > uint64(len(buf))-tagsize {
122 | return 0, 0, 0, ErrValueTooLarge
123 | }
124 | return k, tagsize, contentsize, err
125 | }
126 |
127 | func readSize(b []byte, slen byte) (uint64, error) {
128 | if int(slen) > len(b) {
129 | return 0, io.ErrUnexpectedEOF
130 | }
131 | var s uint64
132 | switch slen {
133 | case 1:
134 | s = uint64(b[0])
135 | case 2:
136 | s = uint64(b[0])<<8 | uint64(b[1])
137 | case 3:
138 | s = uint64(b[0])<<16 | uint64(b[1])<<8 | uint64(b[2])
139 | case 4:
140 | s = uint64(b[0])<<24 | uint64(b[1])<<16 | uint64(b[2])<<8 | uint64(b[3])
141 | case 5:
142 | s = uint64(b[0])<<32 | uint64(b[1])<<24 | uint64(b[2])<<16 | uint64(b[3])<<8 | uint64(b[4])
143 | case 6:
144 | s = uint64(b[0])<<40 | uint64(b[1])<<32 | uint64(b[2])<<24 | uint64(b[3])<<16 | uint64(b[4])<<8 | uint64(b[5])
145 | case 7:
146 | s = uint64(b[0])<<48 | uint64(b[1])<<40 | uint64(b[2])<<32 | uint64(b[3])<<24 | uint64(b[4])<<16 | uint64(b[5])<<8 | uint64(b[6])
147 | case 8:
148 | s = uint64(b[0])<<56 | uint64(b[1])<<48 | uint64(b[2])<<40 | uint64(b[3])<<32 | uint64(b[4])<<24 | uint64(b[5])<<16 | uint64(b[6])<<8 | uint64(b[7])
149 | }
150 | // Reject sizes < 56 (shouldn't have separate size) and sizes with
151 | // leading zero bytes.
152 | if s < 56 || b[0] == 0 {
153 | return 0, ErrCanonSize
154 | }
155 | return s, nil
156 | }
157 |
--------------------------------------------------------------------------------
/vendor/github.com/ethereum/go-ethereum/rlp/typecache.go:
--------------------------------------------------------------------------------
1 | // Copyright 2014 The go-ethereum Authors
2 | // This file is part of the go-ethereum library.
3 | //
4 | // The go-ethereum library is free software: you can redistribute it and/or modify
5 | // it under the terms of the GNU Lesser General Public License as published by
6 | // the Free Software Foundation, either version 3 of the License, or
7 | // (at your option) any later version.
8 | //
9 | // The go-ethereum library is distributed in the hope that it will be useful,
10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | // GNU Lesser General Public License for more details.
13 | //
14 | // You should have received a copy of the GNU Lesser General Public License
15 | // along with the go-ethereum library. If not, see .
16 |
17 | package rlp
18 |
19 | import (
20 | "fmt"
21 | "reflect"
22 | "strings"
23 | "sync"
24 | )
25 |
26 | var (
27 | typeCacheMutex sync.RWMutex
28 | typeCache = make(map[typekey]*typeinfo)
29 | )
30 |
31 | type typeinfo struct {
32 | decoder decoder
33 | decoderErr error // error from makeDecoder
34 | writer writer
35 | writerErr error // error from makeWriter
36 | }
37 |
38 | // represents struct tags
39 | type tags struct {
40 | // rlp:"nil" controls whether empty input results in a nil pointer.
41 | nilOK bool
42 | // rlp:"tail" controls whether this field swallows additional list
43 | // elements. It can only be set for the last field, which must be
44 | // of slice type.
45 | tail bool
46 | // rlp:"-" ignores fields.
47 | ignored bool
48 | }
49 |
50 | type typekey struct {
51 | reflect.Type
52 | // the key must include the struct tags because they
53 | // might generate a different decoder.
54 | tags
55 | }
56 |
57 | type decoder func(*Stream, reflect.Value) error
58 |
59 | type writer func(reflect.Value, *encbuf) error
60 |
61 | func cachedDecoder(typ reflect.Type) (decoder, error) {
62 | info := cachedTypeInfo(typ, tags{})
63 | return info.decoder, info.decoderErr
64 | }
65 |
66 | func cachedWriter(typ reflect.Type) (writer, error) {
67 | info := cachedTypeInfo(typ, tags{})
68 | return info.writer, info.writerErr
69 | }
70 |
71 | func cachedTypeInfo(typ reflect.Type, tags tags) *typeinfo {
72 | typeCacheMutex.RLock()
73 | info := typeCache[typekey{typ, tags}]
74 | typeCacheMutex.RUnlock()
75 | if info != nil {
76 | return info
77 | }
78 | // not in the cache, need to generate info for this type.
79 | typeCacheMutex.Lock()
80 | defer typeCacheMutex.Unlock()
81 | return cachedTypeInfo1(typ, tags)
82 | }
83 |
84 | func cachedTypeInfo1(typ reflect.Type, tags tags) *typeinfo {
85 | key := typekey{typ, tags}
86 | info := typeCache[key]
87 | if info != nil {
88 | // another goroutine got the write lock first
89 | return info
90 | }
91 | // put a dummy value into the cache before generating.
92 | // if the generator tries to lookup itself, it will get
93 | // the dummy value and won't call itself recursively.
94 | info = new(typeinfo)
95 | typeCache[key] = info
96 | info.generate(typ, tags)
97 | return info
98 | }
99 |
100 | type field struct {
101 | index int
102 | info *typeinfo
103 | }
104 |
105 | func structFields(typ reflect.Type) (fields []field, err error) {
106 | lastPublic := lastPublicField(typ)
107 | for i := 0; i < typ.NumField(); i++ {
108 | if f := typ.Field(i); f.PkgPath == "" { // exported
109 | tags, err := parseStructTag(typ, i, lastPublic)
110 | if err != nil {
111 | return nil, err
112 | }
113 | if tags.ignored {
114 | continue
115 | }
116 | info := cachedTypeInfo1(f.Type, tags)
117 | fields = append(fields, field{i, info})
118 | }
119 | }
120 | return fields, nil
121 | }
122 |
123 | func parseStructTag(typ reflect.Type, fi, lastPublic int) (tags, error) {
124 | f := typ.Field(fi)
125 | var ts tags
126 | for _, t := range strings.Split(f.Tag.Get("rlp"), ",") {
127 | switch t = strings.TrimSpace(t); t {
128 | case "":
129 | case "-":
130 | ts.ignored = true
131 | case "nil":
132 | ts.nilOK = true
133 | case "tail":
134 | ts.tail = true
135 | if fi != lastPublic {
136 | return ts, fmt.Errorf(`rlp: invalid struct tag "tail" for %v.%s (must be on last field)`, typ, f.Name)
137 | }
138 | if f.Type.Kind() != reflect.Slice {
139 | return ts, fmt.Errorf(`rlp: invalid struct tag "tail" for %v.%s (field type is not slice)`, typ, f.Name)
140 | }
141 | default:
142 | return ts, fmt.Errorf("rlp: unknown struct tag %q on %v.%s", t, typ, f.Name)
143 | }
144 | }
145 | return ts, nil
146 | }
147 |
148 | func lastPublicField(typ reflect.Type) int {
149 | last := 0
150 | for i := 0; i < typ.NumField(); i++ {
151 | if typ.Field(i).PkgPath == "" {
152 | last = i
153 | }
154 | }
155 | return last
156 | }
157 |
158 | func (i *typeinfo) generate(typ reflect.Type, tags tags) {
159 | i.decoder, i.decoderErr = makeDecoder(typ, tags)
160 | i.writer, i.writerErr = makeWriter(typ, tags)
161 | }
162 |
163 | func isUint(k reflect.Kind) bool {
164 | return k >= reflect.Uint && k <= reflect.Uintptr
165 | }
166 |
--------------------------------------------------------------------------------
/vendor/golang.org/x/crypto/LICENSE:
--------------------------------------------------------------------------------
1 | Copyright (c) 2009 The Go Authors. All rights reserved.
2 |
3 | Redistribution and use in source and binary forms, with or without
4 | modification, are permitted provided that the following conditions are
5 | met:
6 |
7 | * Redistributions of source code must retain the above copyright
8 | notice, this list of conditions and the following disclaimer.
9 | * Redistributions in binary form must reproduce the above
10 | copyright notice, this list of conditions and the following disclaimer
11 | in the documentation and/or other materials provided with the
12 | distribution.
13 | * Neither the name of Google Inc. nor the names of its
14 | contributors may be used to endorse or promote products derived from
15 | this software without specific prior written permission.
16 |
17 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
18 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
19 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
20 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
21 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
22 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
23 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
27 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 |
--------------------------------------------------------------------------------
/vendor/golang.org/x/crypto/PATENTS:
--------------------------------------------------------------------------------
1 | Additional IP Rights Grant (Patents)
2 |
3 | "This implementation" means the copyrightable works distributed by
4 | Google as part of the Go project.
5 |
6 | Google hereby grants to You a perpetual, worldwide, non-exclusive,
7 | no-charge, royalty-free, irrevocable (except as stated in this section)
8 | patent license to make, have made, use, offer to sell, sell, import,
9 | transfer and otherwise run, modify and propagate the contents of this
10 | implementation of Go, where such license applies only to those patent
11 | claims, both currently owned or controlled by Google and acquired in
12 | the future, licensable by Google that are necessarily infringed by this
13 | implementation of Go. This grant does not include claims that would be
14 | infringed only as a consequence of further modification of this
15 | implementation. If you or your agent or exclusive licensee institute or
16 | order or agree to the institution of patent litigation against any
17 | entity (including a cross-claim or counterclaim in a lawsuit) alleging
18 | that this implementation of Go or any code incorporated within this
19 | implementation of Go constitutes direct or contributory patent
20 | infringement, or inducement of patent infringement, then any patent
21 | rights granted to you under this License for this implementation of Go
22 | shall terminate as of the date such litigation is filed.
23 |
--------------------------------------------------------------------------------
/vendor/golang.org/x/crypto/sha3/doc.go:
--------------------------------------------------------------------------------
1 | // Copyright 2014 The Go Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style
3 | // license that can be found in the LICENSE file.
4 |
5 | // Package sha3 implements the SHA-3 fixed-output-length hash functions and
6 | // the SHAKE variable-output-length hash functions defined by FIPS-202.
7 | //
8 | // Both types of hash function use the "sponge" construction and the Keccak
9 | // permutation. For a detailed specification see http://keccak.noekeon.org/
10 | //
11 | //
12 | // Guidance
13 | //
14 | // If you aren't sure what function you need, use SHAKE256 with at least 64
15 | // bytes of output. The SHAKE instances are faster than the SHA3 instances;
16 | // the latter have to allocate memory to conform to the hash.Hash interface.
17 | //
18 | // If you need a secret-key MAC (message authentication code), prepend the
19 | // secret key to the input, hash with SHAKE256 and read at least 32 bytes of
20 | // output.
21 | //
22 | //
23 | // Security strengths
24 | //
25 | // The SHA3-x (x equals 224, 256, 384, or 512) functions have a security
26 | // strength against preimage attacks of x bits. Since they only produce "x"
27 | // bits of output, their collision-resistance is only "x/2" bits.
28 | //
29 | // The SHAKE-256 and -128 functions have a generic security strength of 256 and
30 | // 128 bits against all attacks, provided that at least 2x bits of their output
31 | // is used. Requesting more than 64 or 32 bytes of output, respectively, does
32 | // not increase the collision-resistance of the SHAKE functions.
33 | //
34 | //
35 | // The sponge construction
36 | //
37 | // A sponge builds a pseudo-random function from a public pseudo-random
38 | // permutation, by applying the permutation to a state of "rate + capacity"
39 | // bytes, but hiding "capacity" of the bytes.
40 | //
41 | // A sponge starts out with a zero state. To hash an input using a sponge, up
42 | // to "rate" bytes of the input are XORed into the sponge's state. The sponge
43 | // is then "full" and the permutation is applied to "empty" it. This process is
44 | // repeated until all the input has been "absorbed". The input is then padded.
45 | // The digest is "squeezed" from the sponge in the same way, except that output
46 | // is copied out instead of input being XORed in.
47 | //
48 | // A sponge is parameterized by its generic security strength, which is equal
49 | // to half its capacity; capacity + rate is equal to the permutation's width.
50 | // Since the KeccakF-1600 permutation is 1600 bits (200 bytes) wide, this means
51 | // that the security strength of a sponge instance is equal to (1600 - bitrate) / 2.
52 | //
53 | //
54 | // Recommendations
55 | //
56 | // The SHAKE functions are recommended for most new uses. They can produce
57 | // output of arbitrary length. SHAKE256, with an output length of at least
58 | // 64 bytes, provides 256-bit security against all attacks. The Keccak team
59 | // recommends it for most applications upgrading from SHA2-512. (NIST chose a
60 | // much stronger, but much slower, sponge instance for SHA3-512.)
61 | //
62 | // The SHA-3 functions are "drop-in" replacements for the SHA-2 functions.
63 | // They produce output of the same length, with the same security strengths
64 | // against all attacks. This means, in particular, that SHA3-256 only has
65 | // 128-bit collision resistance, because its output length is 32 bytes.
66 | package sha3 // import "golang.org/x/crypto/sha3"
67 |
--------------------------------------------------------------------------------
/vendor/golang.org/x/crypto/sha3/hashes.go:
--------------------------------------------------------------------------------
1 | // Copyright 2014 The Go Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style
3 | // license that can be found in the LICENSE file.
4 |
5 | package sha3
6 |
7 | // This file provides functions for creating instances of the SHA-3
8 | // and SHAKE hash functions, as well as utility functions for hashing
9 | // bytes.
10 |
11 | import (
12 | "hash"
13 | )
14 |
15 | // New224 creates a new SHA3-224 hash.
16 | // Its generic security strength is 224 bits against preimage attacks,
17 | // and 112 bits against collision attacks.
18 | func New224() hash.Hash {
19 | if h := new224Asm(); h != nil {
20 | return h
21 | }
22 | return &state{rate: 144, outputLen: 28, dsbyte: 0x06}
23 | }
24 |
25 | // New256 creates a new SHA3-256 hash.
26 | // Its generic security strength is 256 bits against preimage attacks,
27 | // and 128 bits against collision attacks.
28 | func New256() hash.Hash {
29 | if h := new256Asm(); h != nil {
30 | return h
31 | }
32 | return &state{rate: 136, outputLen: 32, dsbyte: 0x06}
33 | }
34 |
35 | // New384 creates a new SHA3-384 hash.
36 | // Its generic security strength is 384 bits against preimage attacks,
37 | // and 192 bits against collision attacks.
38 | func New384() hash.Hash {
39 | if h := new384Asm(); h != nil {
40 | return h
41 | }
42 | return &state{rate: 104, outputLen: 48, dsbyte: 0x06}
43 | }
44 |
45 | // New512 creates a new SHA3-512 hash.
46 | // Its generic security strength is 512 bits against preimage attacks,
47 | // and 256 bits against collision attacks.
48 | func New512() hash.Hash {
49 | if h := new512Asm(); h != nil {
50 | return h
51 | }
52 | return &state{rate: 72, outputLen: 64, dsbyte: 0x06}
53 | }
54 |
55 | // NewLegacyKeccak256 creates a new Keccak-256 hash.
56 | //
57 | // Only use this function if you require compatibility with an existing cryptosystem
58 | // that uses non-standard padding. All other users should use New256 instead.
59 | func NewLegacyKeccak256() hash.Hash { return &state{rate: 136, outputLen: 32, dsbyte: 0x01} }
60 |
61 | // NewLegacyKeccak512 creates a new Keccak-512 hash.
62 | //
63 | // Only use this function if you require compatibility with an existing cryptosystem
64 | // that uses non-standard padding. All other users should use New512 instead.
65 | func NewLegacyKeccak512() hash.Hash { return &state{rate: 72, outputLen: 64, dsbyte: 0x01} }
66 |
67 | // Sum224 returns the SHA3-224 digest of the data.
68 | func Sum224(data []byte) (digest [28]byte) {
69 | h := New224()
70 | h.Write(data)
71 | h.Sum(digest[:0])
72 | return
73 | }
74 |
75 | // Sum256 returns the SHA3-256 digest of the data.
76 | func Sum256(data []byte) (digest [32]byte) {
77 | h := New256()
78 | h.Write(data)
79 | h.Sum(digest[:0])
80 | return
81 | }
82 |
83 | // Sum384 returns the SHA3-384 digest of the data.
84 | func Sum384(data []byte) (digest [48]byte) {
85 | h := New384()
86 | h.Write(data)
87 | h.Sum(digest[:0])
88 | return
89 | }
90 |
91 | // Sum512 returns the SHA3-512 digest of the data.
92 | func Sum512(data []byte) (digest [64]byte) {
93 | h := New512()
94 | h.Write(data)
95 | h.Sum(digest[:0])
96 | return
97 | }
98 |
--------------------------------------------------------------------------------
/vendor/golang.org/x/crypto/sha3/hashes_generic.go:
--------------------------------------------------------------------------------
1 | // Copyright 2017 The Go Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style
3 | // license that can be found in the LICENSE file.
4 |
5 | //+build gccgo appengine !s390x
6 |
7 | package sha3
8 |
9 | import (
10 | "hash"
11 | )
12 |
13 | // new224Asm returns an assembly implementation of SHA3-224 if available,
14 | // otherwise it returns nil.
15 | func new224Asm() hash.Hash { return nil }
16 |
17 | // new256Asm returns an assembly implementation of SHA3-256 if available,
18 | // otherwise it returns nil.
19 | func new256Asm() hash.Hash { return nil }
20 |
21 | // new384Asm returns an assembly implementation of SHA3-384 if available,
22 | // otherwise it returns nil.
23 | func new384Asm() hash.Hash { return nil }
24 |
25 | // new512Asm returns an assembly implementation of SHA3-512 if available,
26 | // otherwise it returns nil.
27 | func new512Asm() hash.Hash { return nil }
28 |
--------------------------------------------------------------------------------
/vendor/golang.org/x/crypto/sha3/keccakf_amd64.go:
--------------------------------------------------------------------------------
1 | // Copyright 2015 The Go Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style
3 | // license that can be found in the LICENSE file.
4 |
5 | // +build amd64,!appengine,!gccgo
6 |
7 | package sha3
8 |
9 | // This function is implemented in keccakf_amd64.s.
10 |
11 | //go:noescape
12 |
13 | func keccakF1600(a *[25]uint64)
14 |
--------------------------------------------------------------------------------
/vendor/golang.org/x/crypto/sha3/register.go:
--------------------------------------------------------------------------------
1 | // Copyright 2014 The Go Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style
3 | // license that can be found in the LICENSE file.
4 |
5 | // +build go1.4
6 |
7 | package sha3
8 |
9 | import (
10 | "crypto"
11 | )
12 |
13 | func init() {
14 | crypto.RegisterHash(crypto.SHA3_224, New224)
15 | crypto.RegisterHash(crypto.SHA3_256, New256)
16 | crypto.RegisterHash(crypto.SHA3_384, New384)
17 | crypto.RegisterHash(crypto.SHA3_512, New512)
18 | }
19 |
--------------------------------------------------------------------------------
/vendor/golang.org/x/crypto/sha3/sha3_s390x.s:
--------------------------------------------------------------------------------
1 | // Copyright 2017 The Go Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style
3 | // license that can be found in the LICENSE file.
4 |
5 | //+build !gccgo,!appengine
6 |
7 | #include "textflag.h"
8 |
9 | TEXT ·hasMSA6(SB), NOSPLIT, $16-1
10 | MOVD $0, R0 // KIMD-Query function code
11 | MOVD $tmp-16(SP), R1 // parameter block
12 | XC $16, (R1), (R1) // clear the parameter block
13 | WORD $0xB93E0002 // KIMD --, --
14 | WORD $0x91FC1004 // TM 4(R1), 0xFC (test bits [32-37])
15 | BVS yes
16 |
17 | no:
18 | MOVB $0, ret+0(FP)
19 | RET
20 |
21 | yes:
22 | MOVB $1, ret+0(FP)
23 | RET
24 |
25 | // func kimd(function code, params *[200]byte, src []byte)
26 | TEXT ·kimd(SB), NOFRAME|NOSPLIT, $0-40
27 | MOVD function+0(FP), R0
28 | MOVD params+8(FP), R1
29 | LMG src+16(FP), R2, R3 // R2=base, R3=len
30 |
31 | continue:
32 | WORD $0xB93E0002 // KIMD --, R2
33 | BVS continue // continue if interrupted
34 | MOVD $0, R0 // reset R0 for pre-go1.8 compilers
35 | RET
36 |
37 | // func klmd(function code, params *[200]byte, dst, src []byte)
38 | TEXT ·klmd(SB), NOFRAME|NOSPLIT, $0-64
39 | // TODO: SHAKE support
40 | MOVD function+0(FP), R0
41 | MOVD params+8(FP), R1
42 | LMG dst+16(FP), R2, R3 // R2=base, R3=len
43 | LMG src+40(FP), R4, R5 // R4=base, R5=len
44 |
45 | continue:
46 | WORD $0xB93F0024 // KLMD R2, R4
47 | BVS continue // continue if interrupted
48 | MOVD $0, R0 // reset R0 for pre-go1.8 compilers
49 | RET
50 |
--------------------------------------------------------------------------------
/vendor/golang.org/x/crypto/sha3/shake.go:
--------------------------------------------------------------------------------
1 | // Copyright 2014 The Go Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style
3 | // license that can be found in the LICENSE file.
4 |
5 | package sha3
6 |
7 | // This file defines the ShakeHash interface, and provides
8 | // functions for creating SHAKE instances, as well as utility
9 | // functions for hashing bytes to arbitrary-length output.
10 |
11 | import (
12 | "io"
13 | )
14 |
15 | // ShakeHash defines the interface to hash functions that
16 | // support arbitrary-length output.
17 | type ShakeHash interface {
18 | // Write absorbs more data into the hash's state. It panics if input is
19 | // written to it after output has been read from it.
20 | io.Writer
21 |
22 | // Read reads more output from the hash; reading affects the hash's
23 | // state. (ShakeHash.Read is thus very different from Hash.Sum)
24 | // It never returns an error.
25 | io.Reader
26 |
27 | // Clone returns a copy of the ShakeHash in its current state.
28 | Clone() ShakeHash
29 |
30 | // Reset resets the ShakeHash to its initial state.
31 | Reset()
32 | }
33 |
34 | func (d *state) Clone() ShakeHash {
35 | return d.clone()
36 | }
37 |
38 | // NewShake128 creates a new SHAKE128 variable-output-length ShakeHash.
39 | // Its generic security strength is 128 bits against all attacks if at
40 | // least 32 bytes of its output are used.
41 | func NewShake128() ShakeHash {
42 | if h := newShake128Asm(); h != nil {
43 | return h
44 | }
45 | return &state{rate: 168, dsbyte: 0x1f}
46 | }
47 |
48 | // NewShake256 creates a new SHAKE256 variable-output-length ShakeHash.
49 | // Its generic security strength is 256 bits against all attacks if
50 | // at least 64 bytes of its output are used.
51 | func NewShake256() ShakeHash {
52 | if h := newShake256Asm(); h != nil {
53 | return h
54 | }
55 | return &state{rate: 136, dsbyte: 0x1f}
56 | }
57 |
58 | // ShakeSum128 writes an arbitrary-length digest of data into hash.
59 | func ShakeSum128(hash, data []byte) {
60 | h := NewShake128()
61 | h.Write(data)
62 | h.Read(hash)
63 | }
64 |
65 | // ShakeSum256 writes an arbitrary-length digest of data into hash.
66 | func ShakeSum256(hash, data []byte) {
67 | h := NewShake256()
68 | h.Write(data)
69 | h.Read(hash)
70 | }
71 |
--------------------------------------------------------------------------------
/vendor/golang.org/x/crypto/sha3/shake_generic.go:
--------------------------------------------------------------------------------
1 | // Copyright 2017 The Go Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style
3 | // license that can be found in the LICENSE file.
4 |
5 | //+build gccgo appengine !s390x
6 |
7 | package sha3
8 |
9 | // newShake128Asm returns an assembly implementation of SHAKE-128 if available,
10 | // otherwise it returns nil.
11 | func newShake128Asm() ShakeHash {
12 | return nil
13 | }
14 |
15 | // newShake256Asm returns an assembly implementation of SHAKE-256 if available,
16 | // otherwise it returns nil.
17 | func newShake256Asm() ShakeHash {
18 | return nil
19 | }
20 |
--------------------------------------------------------------------------------
/vendor/golang.org/x/crypto/sha3/xor.go:
--------------------------------------------------------------------------------
1 | // Copyright 2015 The Go Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style
3 | // license that can be found in the LICENSE file.
4 |
5 | // +build !amd64,!386,!ppc64le appengine
6 |
7 | package sha3
8 |
9 | var (
10 | xorIn = xorInGeneric
11 | copyOut = copyOutGeneric
12 | xorInUnaligned = xorInGeneric
13 | copyOutUnaligned = copyOutGeneric
14 | )
15 |
16 | const xorImplementationUnaligned = "generic"
17 |
--------------------------------------------------------------------------------
/vendor/golang.org/x/crypto/sha3/xor_generic.go:
--------------------------------------------------------------------------------
1 | // Copyright 2015 The Go Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style
3 | // license that can be found in the LICENSE file.
4 |
5 | package sha3
6 |
7 | import "encoding/binary"
8 |
9 | // xorInGeneric xors the bytes in buf into the state; it
10 | // makes no non-portable assumptions about memory layout
11 | // or alignment.
12 | func xorInGeneric(d *state, buf []byte) {
13 | n := len(buf) / 8
14 |
15 | for i := 0; i < n; i++ {
16 | a := binary.LittleEndian.Uint64(buf)
17 | d.a[i] ^= a
18 | buf = buf[8:]
19 | }
20 | }
21 |
22 | // copyOutGeneric copies ulint64s to a byte buffer.
23 | func copyOutGeneric(d *state, b []byte) {
24 | for i := 0; len(b) >= 8; i++ {
25 | binary.LittleEndian.PutUint64(b, d.a[i])
26 | b = b[8:]
27 | }
28 | }
29 |
--------------------------------------------------------------------------------
/vendor/golang.org/x/crypto/sha3/xor_unaligned.go:
--------------------------------------------------------------------------------
1 | // Copyright 2015 The Go Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style
3 | // license that can be found in the LICENSE file.
4 |
5 | // +build amd64 386 ppc64le
6 | // +build !appengine
7 |
8 | package sha3
9 |
10 | import "unsafe"
11 |
12 | func xorInUnaligned(d *state, buf []byte) {
13 | bw := (*[maxRate / 8]uint64)(unsafe.Pointer(&buf[0]))
14 | n := len(buf)
15 | if n >= 72 {
16 | d.a[0] ^= bw[0]
17 | d.a[1] ^= bw[1]
18 | d.a[2] ^= bw[2]
19 | d.a[3] ^= bw[3]
20 | d.a[4] ^= bw[4]
21 | d.a[5] ^= bw[5]
22 | d.a[6] ^= bw[6]
23 | d.a[7] ^= bw[7]
24 | d.a[8] ^= bw[8]
25 | }
26 | if n >= 104 {
27 | d.a[9] ^= bw[9]
28 | d.a[10] ^= bw[10]
29 | d.a[11] ^= bw[11]
30 | d.a[12] ^= bw[12]
31 | }
32 | if n >= 136 {
33 | d.a[13] ^= bw[13]
34 | d.a[14] ^= bw[14]
35 | d.a[15] ^= bw[15]
36 | d.a[16] ^= bw[16]
37 | }
38 | if n >= 144 {
39 | d.a[17] ^= bw[17]
40 | }
41 | if n >= 168 {
42 | d.a[18] ^= bw[18]
43 | d.a[19] ^= bw[19]
44 | d.a[20] ^= bw[20]
45 | }
46 | }
47 |
48 | func copyOutUnaligned(d *state, buf []byte) {
49 | ab := (*[maxRate]uint8)(unsafe.Pointer(&d.a[0]))
50 | copy(buf, ab[:])
51 | }
52 |
53 | var (
54 | xorIn = xorInUnaligned
55 | copyOut = copyOutUnaligned
56 | )
57 |
58 | const xorImplementationUnaligned = "unaligned"
59 |
--------------------------------------------------------------------------------
/vendor/vendor.json:
--------------------------------------------------------------------------------
1 | {
2 | "comment": "",
3 | "ignore": "test",
4 | "package": [
5 | {
6 | "checksumSHA1": "gZQ6HheWahvZzIc3phBnOwoWHjE=",
7 | "origin": "github.com/ethereum/go-ethereum/vendor/github.com/btcsuite/btcd/btcec",
8 | "path": "github.com/btcsuite/btcd/btcec",
9 | "revision": "f34a3a68054eaad15d76c871eeabfa854df47dae",
10 | "revisionTime": "2019-07-25T11:46:42Z"
11 | },
12 | {
13 | "checksumSHA1": "dZshPS4Pesrg9ubQ+1jT/MAfF9o=",
14 | "path": "github.com/ethereum/go-ethereum/common",
15 | "revision": "f34a3a68054eaad15d76c871eeabfa854df47dae",
16 | "revisionTime": "2019-07-25T11:46:42Z"
17 | },
18 | {
19 | "checksumSHA1": "tvdkin+xdCuyH0IPqxbrHYGL1gc=",
20 | "path": "github.com/ethereum/go-ethereum/common/hexutil",
21 | "revision": "f34a3a68054eaad15d76c871eeabfa854df47dae",
22 | "revisionTime": "2019-07-25T11:46:42Z"
23 | },
24 | {
25 | "checksumSHA1": "DHETzc73aN40YHhMczku7MQV1iE=",
26 | "path": "github.com/ethereum/go-ethereum/common/math",
27 | "revision": "f34a3a68054eaad15d76c871eeabfa854df47dae",
28 | "revisionTime": "2019-07-25T11:46:42Z"
29 | },
30 | {
31 | "checksumSHA1": "PHB7umOzjEjzoTOd+8hHrR5zyN8=",
32 | "path": "github.com/ethereum/go-ethereum/crypto",
33 | "revision": "f34a3a68054eaad15d76c871eeabfa854df47dae",
34 | "revisionTime": "2019-07-25T11:46:42Z"
35 | },
36 | {
37 | "checksumSHA1": "P+uCDhT4BK3/uL5Gs3XwdUtlkmE=",
38 | "path": "github.com/ethereum/go-ethereum/crypto/secp256k1",
39 | "revision": "f34a3a68054eaad15d76c871eeabfa854df47dae",
40 | "revisionTime": "2019-07-25T11:46:42Z",
41 | "tree": true
42 | },
43 | {
44 | "checksumSHA1": "QNmhEac8r360UlJqrw8w9cJioVI=",
45 | "path": "github.com/ethereum/go-ethereum/rlp",
46 | "revision": "f34a3a68054eaad15d76c871eeabfa854df47dae",
47 | "revisionTime": "2019-07-25T11:46:42Z"
48 | },
49 | {
50 | "checksumSHA1": "hUsBzxJ8KTL4v0vpPT/mqvdJ46s=",
51 | "origin": "github.com/ethereum/go-ethereum/vendor/golang.org/x/crypto/sha3",
52 | "path": "golang.org/x/crypto/sha3",
53 | "revision": "f34a3a68054eaad15d76c871eeabfa854df47dae",
54 | "revisionTime": "2019-07-25T11:46:42Z"
55 | }
56 | ],
57 | "rootPath": "github.com/adonley/ethereum-brute-force"
58 | }
59 |
--------------------------------------------------------------------------------