// New methods using proper ecdsa keys from the stdlib
func ToECDSA(prv []byte) *ecdsa.PrivateKey {
if len(prv) == 0 {
return nil
}
priv := new(ecdsa.PrivateKey)
priv.PublicKey.Curve = secp256k1.S256()
priv.D = common.BigD(prv)
priv.PublicKey.X, priv.PublicKey.Y = secp256k1.S256().ScalarBaseMult(prv)
return priv
}
// Verify the secret key's range and if a test message signed with it verifies OK
// Returns nil if averything looks OK
func VerifyKeyPair(priv []byte, publ []byte) error {
const TestMessage = "Just some test message..."
hash := Sha2Sum([]byte(TestMessage))
pub_key, e := NewPublicKey(publ)
if e != nil {
return e
}
var key ecdsa.PrivateKey
key.D = new(big.Int).SetBytes(priv)
key.PublicKey = pub_key.PublicKey
if key.D.Cmp(big.NewInt(0)) == 0 {
return errors.New("pubkey value is zero")
}
if key.D.Cmp(secp256k1.N) != -1 {
return errors.New("pubkey value is too big")
}
r, s, err := ecdsa.Sign(rand.Reader, &key, hash[:])
if err != nil {
return errors.New("ecdsa.Sign failed: " + err.Error())
}
ok := ecdsa.Verify(&key.PublicKey, hash[:], r, s)
if !ok {
return errors.New("ecdsa.Sign Verify")
}
return nil
}
// parseECPrivateKey parses an ASN.1 Elliptic Curve Private Key Structure.
// The OID for the named curve may be provided from another source (such as
// the PKCS8 container) - if it is provided then use this instead of the OID
// that may exist in the EC private key structure.
func parseECPrivateKey(namedCurveOID *asn1.ObjectIdentifier, der []byte) (key *ecdsa.PrivateKey, err error) {
var privKey ecPrivateKey
if _, err := asn1.Unmarshal(der, &privKey); err != nil {
return nil, errors.New("x509: failed to parse EC private key: " + err.Error())
}
if privKey.Version != ecPrivKeyVersion {
return nil, fmt.Errorf("x509: unknown EC private key version %d", privKey.Version)
}
var curve elliptic.Curve
if namedCurveOID != nil {
curve = namedCurveFromOID(*namedCurveOID)
} else {
curve = namedCurveFromOID(privKey.NamedCurveOID)
}
if curve == nil {
return nil, errors.New("x509: unknown elliptic curve")
}
k := new(big.Int).SetBytes(privKey.PrivateKey)
if k.Cmp(curve.Params().N) >= 0 {
return nil, errors.New("x509: invalid elliptic curve private key value")
}
priv := new(ecdsa.PrivateKey)
priv.Curve = curve
priv.D = k
priv.X, priv.Y = curve.ScalarBaseMult(privKey.PrivateKey)
return priv, nil
}
// Signs a specified transaction input
func (tx *Tx) Sign(in int, pk_script []byte, hash_type byte, pubkey, priv_key []byte) error {
if in >= len(tx.TxIn) {
return errors.New("tx.Sign() - input index overflow")
}
pub_key, er := NewPublicKey(pubkey)
if er != nil {
return er
}
// Load the key (private and public)
var key ecdsa.PrivateKey
key.D = new(big.Int).SetBytes(priv_key)
key.PublicKey = pub_key.PublicKey
//Calculate proper transaction hash
h := tx.SignatureHash(pk_script, in, hash_type)
// Sign
r, s, er := EcdsaSign(&key, h)
if er != nil {
return er
}
rb := r.Bytes()
sb := s.Bytes()
if rb[0] >= 0x80 {
rb = append([]byte{0x00}, rb...)
}
if sb[0] >= 0x80 {
sb = append([]byte{0x00}, sb...)
}
// Output the signing result into a buffer, in format expected by bitcoin protocol
busig := new(bytes.Buffer)
busig.WriteByte(0x30)
busig.WriteByte(byte(4 + len(rb) + len(sb)))
busig.WriteByte(0x02)
busig.WriteByte(byte(len(rb)))
busig.Write(rb)
busig.WriteByte(0x02)
busig.WriteByte(byte(len(sb)))
busig.Write(sb)
busig.WriteByte(0x01) // hash type
// Output the signature and the public key into tx.ScriptSig
buscr := new(bytes.Buffer)
buscr.WriteByte(byte(busig.Len()))
buscr.Write(busig.Bytes())
buscr.WriteByte(byte(len(pubkey)))
buscr.Write(pubkey)
// assign sign script ot the tx:
tx.TxIn[in].ScriptSig = buscr.Bytes()
return nil // no error
}
func Sign(hash []byte, prv *ecdsa.PrivateKey) (sig []byte, err error) {
if len(hash) != 32 {
return nil, fmt.Errorf("hash is required to be exactly 32 bytes (%d)", len(hash))
}
sig, err = secp256k1.Sign(hash, common.LeftPadBytes(prv.D.Bytes(), prv.Params().BitSize/8))
return
}
// PublicPEM returns the PEM-encoded public key
func PublicPEM(key *ecdsa.PrivateKey) ([]byte, error) {
pubBytes, err := x509.MarshalPKIXPublicKey(key.Public())
if err != nil {
return nil, err
}
pubPEM := pem.EncodeToMemory(&pem.Block{
Type: "PUBLIC KEY",
Bytes: pubBytes,
})
return pubPEM, nil
}
func UnmarshalCertificate(data []byte) Certificate {
priv := new(big.Int).SetBytes(data[:28])
pub := UnmarshalPublicCertificate(data[28:])
cert := new(ecdsa.PrivateKey)
cert.D = priv
cert.PublicKey = *pub
return cert
}
func DecodeECDSAPrivateKey(b []byte) (*ecdsa.PrivateKey, error) {
var p []big.Int
buf := bytes.NewBuffer(b)
dec := gob.NewDecoder(buf)
err := dec.Decode(&p)
if err != nil {
return nil, err
}
privateKey := new(ecdsa.PrivateKey)
privateKey.PublicKey.Curve = btcec.S256()
privateKey.PublicKey.X = &p[0]
privateKey.PublicKey.Y = &p[1]
privateKey.D = &p[2]
return privateKey, nil
}
// parseECPrivateKey parses an ASN.1 Elliptic Curve Private Key Structure.
// The OID for the named curve may be provided from another source (such as
// the PKCS8 container) - if it is provided then use this instead of the OID
// that may exist in the EC private key structure.
func parseECPrivateKey(namedCurveOID *asn1.ObjectIdentifier, der []byte) (key *ecdsa.PrivateKey, err error) {
var privKey ecPrivateKey
if _, err := asn1.Unmarshal(der, &privKey); err != nil {
return nil, errors.New("x509: failed to parse EC private key: " + err.Error())
}
if privKey.Version != ecPrivKeyVersion {
return nil, fmt.Errorf("x509: unknown EC private key version %d", privKey.Version)
}
var curve elliptic.Curve
if namedCurveOID != nil {
curve = namedCurveFromOID(*namedCurveOID)
} else {
curve = namedCurveFromOID(privKey.NamedCurveOID)
}
if curve == nil {
return nil, errors.New("x509: unknown elliptic curve")
}
k := new(big.Int).SetBytes(privKey.PrivateKey)
curveOrder := curve.Params().N
if k.Cmp(curveOrder) >= 0 {
return nil, errors.New("x509: invalid elliptic curve private key value")
}
priv := new(ecdsa.PrivateKey)
priv.Curve = curve
priv.D = k
privateKey := make([]byte, (curveOrder.BitLen()+7)/8)
// Some private keys have leading zero padding. This is invalid
// according to [SEC1], but this code will ignore it.
for len(privKey.PrivateKey) > len(privateKey) {
if privKey.PrivateKey[0] != 0 {
return nil, errors.New("x509: invalid private key length")
}
privKey.PrivateKey = privKey.PrivateKey[1:]
}
// Some private keys remove all leading zeros, this is also invalid
// according to [SEC1] but since OpenSSL used to do this, we ignore
// this too.
copy(privateKey[len(privateKey)-len(privKey.PrivateKey):], privKey.PrivateKey)
priv.X, priv.Y = curve.ScalarBaseMult(privateKey)
return priv, nil
}
func newCert(key *ecdsa.PrivateKey) (cert *x509.Certificate, err error) {
template := &x509.Certificate{
SerialNumber: new(big.Int).SetInt64(time.Now().UnixNano()),
Subject: pkix.Name{
CommonName: "nutcracker",
},
NotBefore: time.Now().Add(-5 * time.Minute).UTC(),
NotAfter: time.Now().AddDate(1, 0, 0).UTC(),
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
SignatureAlgorithm: x509.ECDSAWithSHA256,
}
derBytes, err := x509.CreateCertificate(rand.Reader, template, template, key.Public(), key)
if err != nil {
return
}
return x509.ParseCertificate(derBytes)
}
func readPrivateKeyECDSA(m map[string]string) (PrivateKey, error) {
p := new(ecdsa.PrivateKey)
p.D = big.NewInt(0)
// TODO: validate that the required flags are present
for k, v := range m {
switch k {
case "privatekey":
v1, err := fromBase64([]byte(v))
if err != nil {
return nil, err
}
p.D.SetBytes(v1)
case "created", "publish", "activate":
/* not used in Go (yet) */
}
}
return p, nil
}
func (pk *PrivateKey) parseECDSAPrivateKey(data []byte) (err error) {
ecdsaPub := pk.PublicKey.PublicKey.(*ecdsa.PublicKey)
ecdsaPriv := new(ecdsa.PrivateKey)
ecdsaPriv.PublicKey = *ecdsaPub
buf := bytes.NewBuffer(data)
d, _, err := readMPI(buf)
if err != nil {
return
}
ecdsaPriv.D = new(big.Int).SetBytes(d)
pk.PrivateKey = ecdsaPriv
pk.Encrypted = false
pk.encryptedData = nil
return nil
}
func (k *RR_DNSKEY) readPrivateKeyECDSA(kv map[string]string) (PrivateKey, os.Error) {
p := new(ecdsa.PrivateKey)
p.D = big.NewInt(0)
// Need to check if we have everything
for k, v := range kv {
switch k {
case "privatekey:":
v1, err := packBase64([]byte(v))
if err != nil {
return nil, err
}
p.D.SetBytes(v1)
case "created:", "publish:", "activate:":
/* not used in Go (yet) */
}
}
return p, nil
}
// GenerateCertificate generates an X509 Certificate from a template, given a GUN
func (ucs *UnlockedCryptoService) GenerateCertificate(gun string) (*x509.Certificate, error) {
algorithm := ucs.PrivKey.Algorithm()
var publicKey crypto.PublicKey
var privateKey crypto.PrivateKey
var err error
switch algorithm {
case data.RSAKey:
var rsaPrivateKey *rsa.PrivateKey
rsaPrivateKey, err = x509.ParsePKCS1PrivateKey(ucs.PrivKey.Private())
privateKey = rsaPrivateKey
publicKey = rsaPrivateKey.Public()
case data.ECDSAKey:
var ecdsaPrivateKey *ecdsa.PrivateKey
ecdsaPrivateKey, err = x509.ParseECPrivateKey(ucs.PrivKey.Private())
privateKey = ecdsaPrivateKey
publicKey = ecdsaPrivateKey.Public()
default:
return nil, fmt.Errorf("only RSA or ECDSA keys are currently supported. Found: %s", algorithm)
}
if err != nil {
return nil, fmt.Errorf("failed to parse root key: %s (%v)", gun, err)
}
template, err := trustmanager.NewCertificate(gun)
if err != nil {
return nil, fmt.Errorf("failed to create the certificate template for: %s (%v)", gun, err)
}
derBytes, err := x509.CreateCertificate(rand.Reader, template, template, publicKey, privateKey)
if err != nil {
return nil, fmt.Errorf("failed to create the certificate for: %s (%v)", gun, err)
}
// Encode the new certificate into PEM
cert, err := x509.ParseCertificate(derBytes)
if err != nil {
return nil, fmt.Errorf("failed to parse the certificate for key: %s (%v)", gun, err)
}
return cert, nil
}
// GenSignature - Debugging function to sign a message
func GenSignature(w http.ResponseWriter, r *http.Request) {
// Returns a Public / Private Key Pair
// Uses eliptic curve cryptography
// Generate a public / private key pair
privatekey := new(ecdsa.PrivateKey)
// Generate an elliptic curve using NIST P-224
ecurve := elliptic.P224()
privatekey, err := ecdsa.GenerateKey(ecurve, rand.Reader)
if err != nil {
panic(err)
}
// Marshal the JSON
privkey, _ := json.Marshal(privatekey)
publikey, _ := json.Marshal(privatekey.Public())
// Get the public key
var pubkey ecdsa.PublicKey
pubkey = privatekey.PublicKey
// Try signing a message
message := []byte("This is a test")
sig1, sig2, err := ecdsa.Sign(rand.Reader, privatekey, message)
// Try verifying the signature
result := ecdsa.Verify(&pubkey, message, sig1, sig2)
if result != true {
panic("Unable to verify signature")
}
fmt.Fprintln(w, "Marshaled Private Key:", string(privkey))
fmt.Fprintln(w, "Marshaled Public Key:", string(publikey))
fmt.Fprintln(w, "Curve: ", pubkey.Curve)
fmt.Fprintf(w, "Curve: Private: %#v\nPublic: %#v\n\nSignature:\n%v\n%v\n\nVerified: %v", privatekey, pubkey, sig1, sig2, result)
}
// Verify the secret key's range and al if a test message signed with it verifies OK
func verify_key(priv []byte, publ []byte) bool {
const TestMessage = "Just some test message..."
hash := btc.Sha2Sum([]byte(TestMessage))
pub_key, e := btc.NewPublicKey(publ)
if e != nil {
println("NewPublicKey:", e.Error(), "\007")
os.Exit(1)
}
var key ecdsa.PrivateKey
key.D = new(big.Int).SetBytes(priv)
key.PublicKey = pub_key.PublicKey
if key.D.Cmp(big.NewInt(0)) == 0 {
println("pubkey value is zero")
return false
}
if key.D.Cmp(maxKeyVal) != -1 {
println("pubkey value is too big", hex.EncodeToString(publ))
return false
}
r, s, err := ecdsa.Sign(rand.Reader, &key, hash[:])
if err != nil {
println("ecdsa.Sign:", err.Error())
return false
}
ok := ecdsa.Verify(&key.PublicKey, hash[:], r, s)
if !ok {
println("The key pair does not verify!")
return false
}
return true
}
// NewEcdsaPrivateKey creates a new JWK from a EC-DSA private key
func NewEcdsaPrivateKey(pk *ecdsa.PrivateKey) *EcdsaPrivateKey {
pubkey := NewEcdsaPublicKey(&pk.PublicKey)
privkey := &EcdsaPrivateKey{EcdsaPublicKey: pubkey}
privkey.D.SetBytes(i2osp(pk.D, pk.Params().BitSize/8))
return privkey
}
func main() {
id1 := "99375318-11c4-4a77-ba42-f7c08ca7b9d0"
id2 := "ff375318-11c4-4a77-ba42-f7c08ca7b9d0"
privkeyHex, err := ioutil.ReadFile(".gn_ecdsa")
if err != nil {
panic(err)
}
privkey, err := hex.DecodeString(string(privkeyHex[:len(privkeyHex)-1]))
if err != nil {
panic(err)
}
key := new(ecdsa.PrivateKey)
key.D = big.NewInt(0)
key.D.SetBytes(privkey)
key.PublicKey.Curve = elliptic.P256()
xb, _ := hex.DecodeString("212d26c6744803803e2f81fa117630a72eaf8a7c12f16e4e1b0188785a57c783256")
x := big.NewInt(0)
x.SetBytes(xb)
key.PublicKey.X = x
yb, _ := hex.DecodeString("b0802aac16e521569f549092c41c1b295e9ff627534d1b28fe050a37f5280ac9255")
y := big.NewInt(0)
y.SetBytes(yb)
key.PublicKey.Y = y
ids := map[string]*ecdsa.PublicKey{
id1: &key.PublicKey,
id2: &key.PublicKey,
}
node1 := gophernet.NewNode(id1, key, 100, ids)
node2 := gophernet.NewNode(id2, key, 100, ids)
errChan := make(chan error)
stopChan := make(chan struct{})
msgChan1 := make(chan *gophernet.Message, 1)
msgChan2 := make(chan *gophernet.Message, 1)
go gophernet.Listen(node1, ":7890", errChan, stopChan, msgChan1)
go gophernet.Listen(node2, ":7891", errChan, stopChan, msgChan2)
{
log.Printf("MAIN: Giving listeners a couple seconds to start.")
var err error
select {
case err = <-errChan:
log.Printf("MAIN: Error: %v", err)
case <-time.After(2 * time.Second):
}
if err != nil {
log.Printf("MAIN: At least one error, stopping")
close(stopChan)
for err := range errChan {
log.Print("MAIN: Error: %v", err)
}
}
}
c, err := net.Dial("tcp", "0.0.0.0:7891")
if err != nil {
panic(err)
}
p := node2.AddPeer(c)
go gophernet.Handle(node2.ID, p, node2.DropPeer, node2.GetKey, stopChan, msgChan2)
node2.Broadcast(&gophernet.Message{})
select {
case err = <-errChan:
log.Printf("MAIN: Error: %v", err)
case msg := <-msgChan1:
log.Printf("MAIN: msgChan1: %#v", msg)
case msg := <-msgChan2:
log.Printf("MAIN: msgChan2: %#v", msg)
}
}
// this function signs either a message or a raw transaction hash
func sign_message() {
var hash []byte
if *signhash != "" {
var er error
hash, er = hex.DecodeString(*signhash)
if er != nil {
println("Incorrect content of -hash parameter")
println(er.Error())
return
}
}
ad2s, e := btc.NewAddrFromString(*signaddr)
if e != nil {
println(e.Error())
if *signhash != "" {
println("Always use -sign <addr> along with -hash <msghash>")
}
return
}
var privkey *ecdsa.PrivateKey
var compr bool
for i := range publ_addrs {
if publ_addrs[i].Hash160 == ad2s.Hash160 {
privkey = new(ecdsa.PrivateKey)
pub, e := btc.NewPublicKey(publ_addrs[i].Pubkey)
if e != nil {
println(e.Error())
return
}
privkey.PublicKey = pub.PublicKey
privkey.D = new(big.Int).SetBytes(priv_keys[i][:])
compr = compressed_key[i]
// Sign raw hash?
if hash != nil {
txsig := new(btc.Signature)
txsig.HashType = 0x01
txsig.R, txsig.S, e = btc.EcdsaSign(privkey, hash)
if e != nil {
println(e.Error())
return
}
fmt.Println("PublicKey:", hex.EncodeToString(publ_addrs[i].Pubkey))
fmt.Println(hex.EncodeToString(txsig.Bytes()))
return
}
break
}
}
if privkey == nil {
println("You do not have a private key for", ad2s.String())
return
}
var msg []byte
if *message == "" {
msg, _ = ioutil.ReadAll(os.Stdin)
} else {
msg = []byte(*message)
}
hash = make([]byte, 32)
btc.HashFromMessage(msg, hash)
btcsig := new(btc.Signature)
var sb [65]byte
sb[0] = 27
if compr {
sb[0] += 4
}
btcsig.R, btcsig.S, e = btc.EcdsaSign(privkey, hash)
if e != nil {
println(e.Error())
return
}
rd := btcsig.R.Bytes()
sd := btcsig.S.Bytes()
copy(sb[1+32-len(rd):], rd)
copy(sb[1+64-len(sd):], sd)
rpk := btcsig.RecoverPublicKey(hash[:], 0)
sa := btc.NewAddrFromPubkey(rpk.Bytes(compr), ad2s.Version)
if sa.Hash160 == ad2s.Hash160 {
fmt.Println(base64.StdEncoding.EncodeToString(sb[:]))
return
}
rpk = btcsig.RecoverPublicKey(hash[:], 1)
sa = btc.NewAddrFromPubkey(rpk.Bytes(compr), ad2s.Version)
if sa.Hash160 == ad2s.Hash160 {
sb[0]++
fmt.Println(base64.StdEncoding.EncodeToString(sb[:]))
return
}
println("Something went wrong. The message has not been signed.")
}
func sign_message() {
ad2s, e := btc.NewAddrFromString(*signaddr)
if e != nil {
println(e.Error())
return
}
var privkey *ecdsa.PrivateKey
for i := range publ_addrs {
if publ_addrs[i].Hash160 == ad2s.Hash160 {
privkey = new(ecdsa.PrivateKey)
pub, e := btc.NewPublicKey(publ_addrs[i].Pubkey)
if e != nil {
println(e.Error())
return
}
privkey.PublicKey = pub.PublicKey
privkey.D = new(big.Int).SetBytes(priv_keys[i][:])
break
}
}
if privkey == nil {
println("You do not have a private key for", ad2s.String())
return
}
var msg []byte
if *message == "" {
msg, _ = ioutil.ReadAll(os.Stdin)
} else {
msg = []byte(*message)
}
hash := make([]byte, 32)
btc.HashFromMessage(msg, hash)
btcsig := new(btc.Signature)
var sb [65]byte
sb[0] = 27
if !*uncompressed {
sb[0] += 4
}
btcsig.R, btcsig.S, e = ecdsa_Sign(privkey, hash)
if e != nil {
println(e.Error())
return
}
rd := btcsig.R.Bytes()
sd := btcsig.S.Bytes()
copy(sb[1+32-len(rd):], rd)
copy(sb[1+64-len(sd):], sd)
rpk := btcsig.RecoverPublicKey(hash[:], 0)
sa := btc.NewAddrFromPubkey(rpk.Bytes(!*uncompressed), ad2s.Version)
if sa.Hash160 == ad2s.Hash160 {
fmt.Println(base64.StdEncoding.EncodeToString(sb[:]))
return
}
rpk = btcsig.RecoverPublicKey(hash[:], 1)
sa = btc.NewAddrFromPubkey(rpk.Bytes(!*uncompressed), ad2s.Version)
if sa.Hash160 == ad2s.Hash160 {
sb[0]++
fmt.Println(base64.StdEncoding.EncodeToString(sb[:]))
return
}
println("Something went wrong. The message has not been signed.")
}
// prepare a signed transaction
func make_signed_tx() {
// Make an empty transaction
tx := new(btc.Tx)
tx.Version = 1
tx.Lock_time = 0
// Select as many inputs as we need to pay the full amount (with the fee)
var btcsofar uint64
var inpcnt uint
for inpcnt = 0; inpcnt < uint(len(unspentOuts)); inpcnt++ {
uo := UO(unspentOuts[inpcnt])
// add the input to our transaction:
tin := new(btc.TxIn)
tin.Input = *unspentOuts[inpcnt]
tin.Sequence = 0xffffffff
tx.TxIn = append(tx.TxIn, tin)
btcsofar += uo.Value
if btcsofar >= spendBtc+feeBtc {
break
}
}
changeBtc = btcsofar - (spendBtc + feeBtc)
fmt.Printf("Spending %d out of %d outputs...\n", inpcnt+1, len(unspentOuts))
// Build transaction outputs:
tx.TxOut = make([]*btc.TxOut, len(sendTo))
for o := range sendTo {
tx.TxOut[o] = &btc.TxOut{Value: sendTo[o].amount, Pk_script: sendTo[o].addr.OutScript()}
}
if changeBtc > 0 {
// Add one more output (with the change)
tx.TxOut = append(tx.TxOut, &btc.TxOut{Value: changeBtc, Pk_script: get_change_addr().OutScript()})
}
//fmt.Println("Unsigned:", hex.EncodeToString(tx.Serialize()))
for in := range tx.TxIn {
uo := UO(unspentOuts[in])
var found bool
for j := range publ_addrs {
if publ_addrs[j].Owns(uo.Pk_script) {
pub_key, e := btc.NewPublicKey(publ_addrs[j].Pubkey)
if e != nil {
println("NewPublicKey:", e.Error(), "\007")
os.Exit(1)
}
// Load the key (private and public)
var key ecdsa.PrivateKey
key.D = new(big.Int).SetBytes(priv_keys[j][:])
key.PublicKey = pub_key.PublicKey
//Calculate proper transaction hash
h := tx.SignatureHash(uo.Pk_script, in, btc.SIGHASH_ALL)
//fmt.Println("SignatureHash:", btc.NewUint256(h).String())
// Sign
r, s, err := ecdsa.Sign(rand.Reader, &key, h)
if err != nil {
println("Sign:", err.Error(), "\007")
os.Exit(1)
}
rb := r.Bytes()
sb := s.Bytes()
if rb[0] >= 0x80 { // I thinnk this is needed, thought I am not quite sure... :P
rb = append([]byte{0x00}, rb...)
}
if sb[0] >= 0x80 { // I thinnk this is needed, thought I am not quite sure... :P
sb = append([]byte{0x00}, sb...)
}
// Output the signing result into a buffer, in format expected by bitcoin protocol
busig := new(bytes.Buffer)
busig.WriteByte(0x30)
busig.WriteByte(byte(4 + len(rb) + len(sb)))
busig.WriteByte(0x02)
busig.WriteByte(byte(len(rb)))
busig.Write(rb)
busig.WriteByte(0x02)
busig.WriteByte(byte(len(sb)))
busig.Write(sb)
busig.WriteByte(0x01) // hash type
// Output the signature and the public key into tx.ScriptSig
buscr := new(bytes.Buffer)
buscr.WriteByte(byte(busig.Len()))
buscr.Write(busig.Bytes())
buscr.WriteByte(byte(len(publ_addrs[j].Pubkey)))
buscr.Write(publ_addrs[j].Pubkey)
// assign:
tx.TxIn[in].ScriptSig = buscr.Bytes()
found = true
break
}
}
if !found {
fmt.Println("You do not have private key for input number", hex.EncodeToString(uo.Pk_script), "\007")
os.Exit(1)
}
}
rawtx := tx.Serialize()
tx.Hash = btc.NewSha2Hash(rawtx)
hs := tx.Hash.String()
fmt.Println(hs)
f, _ := os.Create(hs[:8] + ".txt")
if f != nil {
f.Write([]byte(hex.EncodeToString(rawtx)))
f.Close()
fmt.Println("Transaction data stored in", hs[:8]+".txt")
}
f, _ = os.Create("balance/unspent.txt")
if f != nil {
for j := uint(0); j < uint(len(unspentOuts)); j++ {
if j > inpcnt {
fmt.Fprintln(f, unspentOuts[j], unspentOutsLabel[j])
}
}
fmt.Println(inpcnt, "spent output(s) removed from 'balance/unspent.txt'")
var addback int
for out := range tx.TxOut {
for j := range publ_addrs {
if publ_addrs[j].Owns(tx.TxOut[out].Pk_script) {
fmt.Fprintf(f, "%s-%03d # %.8f / %s\n", tx.Hash.String(), out,
float64(tx.TxOut[out].Value)/1e8, publ_addrs[j].String())
addback++
}
}
}
f.Close()
if addback > 0 {
f, _ = os.Create("balance/" + hs + ".tx")
if f != nil {
f.Write(rawtx)
f.Close()
}
fmt.Println(addback, "new output(s) appended to 'balance/unspent.txt'")
}
}
}
func multisig_sign() {
tx := raw_tx_from_file(*rawtx)
if tx == nil {
println("ERROR: Cannot decode the raw multisig transaction")
println("Always use -msign <addr> along with -raw multi2sign.txt")
return
}
ad2s, e := btc.NewAddrFromString(*multisign)
if e != nil {
println("BTC addr:", e.Error())
return
}
var privkey *ecdsa.PrivateKey
//var compr bool
for i := range publ_addrs {
if publ_addrs[i].Hash160 == ad2s.Hash160 {
privkey = new(ecdsa.PrivateKey)
pub, e := btc.NewPublicKey(publ_addrs[i].Pubkey)
if e != nil {
println("PubKey:", e.Error())
return
}
privkey.PublicKey = pub.PublicKey
privkey.D = new(big.Int).SetBytes(priv_keys[i][:])
//compr = compressed_key[i]
break
}
}
if privkey == nil {
println("You do not know a key for address", ad2s.String())
return
}
for i := range tx.TxIn {
ms, er := btc.NewMultiSigFromScript(tx.TxIn[i].ScriptSig)
if er != nil {
println("WARNING: Input", i, "- not multisig:", er.Error())
continue
}
hash := tx.SignatureHash(ms.P2SH(), i, btc.SIGHASH_ALL)
//fmt.Println("Input number", i, len(ms.Signatures), " - hash to sign:", hex.EncodeToString(hash))
btcsig := &btc.Signature{HashType: 0x01}
btcsig.R, btcsig.S, e = btc.EcdsaSign(privkey, hash)
if e != nil {
println(e.Error())
return
}
ms.Signatures = append(ms.Signatures, btcsig)
tx.TxIn[i].ScriptSig = ms.Bytes()
}
// Now re-order the signatures as they shall be:
for i := range tx.TxIn {
ms, er := btc.NewMultiSigFromScript(tx.TxIn[i].ScriptSig)
if er != nil {
//println(er.Error())
continue
}
hash := tx.SignatureHash(ms.P2SH(), i, btc.SIGHASH_ALL)
//fmt.Println("Input number", i, " - hash to sign:", hex.EncodeToString(hash))
//fmt.Println(" ... number of signatures:", len(ms.Signatures))
var sigs []*btc.Signature
for ki := range ms.PublicKeys {
//pk := btc.NewPublicKey(ms.PublicKeys[ki])
//fmt.Println(ki, hex.EncodeToString(ms.PublicKeys[ki]))
var sig *btc.Signature
for si := range ms.Signatures {
if btc.EcdsaVerify(ms.PublicKeys[ki], ms.Signatures[si].Bytes(), hash) {
//fmt.Println("Key number", ki, "has signature number", si)
sig = ms.Signatures[si]
break
}
}
if sig != nil {
sigs = append(sigs, sig)
} else if *verbose {
fmt.Println("WARNING: Key number", ki, "has no matching signature")
}
if !*allowextramsigns && uint(len(sigs)) >= ms.SigsNeeded {
break
}
}
if len(ms.Signatures) > len(sigs) {
fmt.Println("WARNING: Some signatures are obsolete and will be removed", len(ms.Signatures), "=>", len(sigs))
} else if len(ms.Signatures) < len(sigs) {
fmt.Println("It appears that same key is re-used.", len(sigs)-len(ms.Signatures), "more signatures were added")
}
ms.Signatures = sigs
tx.TxIn[i].ScriptSig = ms.Bytes()
}
write_tx_file(tx)
}
func (service *EMPService) PublishMessage(r *http.Request, args *SendMsg, reply *SendResponse) error {
if !basicAuth(service.Config, r) {
service.Config.Log <- fmt.Sprintf("Unauthorized RPC Request from: %s", r.RemoteAddr)
return errors.New("Unauthorized")
}
// Nil Check
if len(args.Sender) == 0 || len(args.Plaintext) == 0 {
return errors.New("All fields required.")
}
var err error
// Get Addresses
sendAddr := encryption.StringToAddress(args.Sender)
if len(sendAddr) == 0 {
return errors.New("Invalid sender address!")
}
sender, err := localdb.GetAddressDetail(objects.MakeHash(sendAddr))
if err != nil {
return errors.New(fmt.Sprintf("Error pulling send address from Database: %s", err))
}
if sender.Privkey == nil {
return errors.New("Private Key Required to Publish Message")
}
// Create New Message
msg := new(objects.FullMessage)
msg.Decrypted = new(objects.DecryptedMessage)
msg.Encrypted = nil
txid := make([]byte, len(msg.Decrypted.Txid), cap(msg.Decrypted.Txid))
// Fill out decrypted message
n, err := rand.Read(txid)
if n < len(msg.Decrypted.Txid[:]) || err != nil {
return errors.New(fmt.Sprintf("Problem with random reader: %s", err))
}
copy(msg.Decrypted.Pubkey[:], sender.Pubkey)
msg.Decrypted.Subject = args.Subject
msg.Decrypted.MimeType = "text/plain"
msg.Decrypted.Content = args.Plaintext
msg.Decrypted.Length = uint32(len(msg.Decrypted.Content))
// Fill Out Meta Message (save timestamp)
msg.MetaMessage.Purged = false
msg.MetaMessage.TxidHash = objects.MakeHash(txid)
msg.MetaMessage.Sender = sender.String
msg.MetaMessage.Recipient = "<Subscription Message>"
// Get Signature
priv := new(ecdsa.PrivateKey)
priv.PublicKey.Curve = encryption.GetCurve()
priv.D = new(big.Int)
priv.D.SetBytes(sender.Privkey)
sign := msg.Decrypted.GetBytes()
sign = sign[:len(sign)-65]
signHash := objects.MakeHash(sign)
x, y, err := ecdsa.Sign(rand.Reader, priv, signHash.GetBytes())
if err != nil {
return err
}
copy(msg.Decrypted.Signature[:], encryption.MarshalPubkey(x, y))
// Send message and add to sendbox...
msg.Encrypted = encryption.EncryptPub(service.Config.Log, sender.Privkey, string(msg.Decrypted.GetBytes()))
msg.MetaMessage.Timestamp = time.Now().Round(time.Second)
// Now Add Txid
copy(msg.Decrypted.Txid[:], txid)
err = localdb.AddUpdateMessage(msg, localdb.SENDBOX)
if err != nil {
return err
}
sendMsg := new(objects.Message)
sendMsg.TxidHash = msg.MetaMessage.TxidHash
sendMsg.AddrHash = objects.MakeHash(sender.Address)
sendMsg.Timestamp = msg.MetaMessage.Timestamp
sendMsg.Content = *msg.Encrypted
service.Config.RecvQueue <- *objects.MakeFrame(objects.PUB, objects.BROADCAST, sendMsg)
reply.IsSent = true
// Finish by setting msg's txid
reply.TxidHash = msg.MetaMessage.TxidHash.GetBytes()
return nil
}