// makeAuthMsg creates the initiator handshake message. func (h *encHandshake) makeAuthMsg(prv *ecdsa.PrivateKey, token []byte) (*authMsgV4, error) { rpub, err := h.remoteID.Pubkey() if err != nil { return nil, fmt.Errorf("bad remoteID: %v", err) } h.remotePub = ecies.ImportECDSAPublic(rpub) // Generate random initiator nonce. h.initNonce = make([]byte, shaLen) if _, err := rand.Read(h.initNonce); err != nil { return nil, err } // Generate random keypair to for ECDH. h.randomPrivKey, err = ecies.GenerateKey(rand.Reader, crypto.S256(), nil) if err != nil { return nil, err } // Sign known message: static-shared-secret ^ nonce token, err = h.staticSharedSecret(prv) if err != nil { return nil, err } signed := xor(token, h.initNonce) signature, err := crypto.Sign(signed, h.randomPrivKey.ExportECDSA()) if err != nil { return nil, err } msg := new(authMsgV4) copy(msg.Signature[:], signature) copy(msg.InitiatorPubkey[:], crypto.FromECDSAPub(&prv.PublicKey)[1:]) copy(msg.Nonce[:], h.initNonce) msg.Version = 4 return msg, nil }
func TestNodeID_recover(t *testing.T) { prv := newkey() hash := make([]byte, 32) sig, err := crypto.Sign(hash, prv) if err != nil { t.Fatalf("signing error: %v", err) } pub := PubkeyID(&prv.PublicKey) recpub, err := recoverNodeID(hash, sig) if err != nil { t.Fatalf("recovery error: %v", err) } if pub != recpub { t.Errorf("recovered wrong pubkey:\ngot: %v\nwant: %v", recpub, pub) } ecdsa, err := pub.Pubkey() if err != nil { t.Errorf("Pubkey error: %v", err) } if !reflect.DeepEqual(ecdsa, &prv.PublicKey) { t.Errorf("Pubkey mismatch:\n got: %#v\n want: %#v", ecdsa, &prv.PublicKey) } }
func (tx *Transaction) SignECDSA(prv *ecdsa.PrivateKey) (*Transaction, error) { h := tx.SigHash() sig, err := crypto.Sign(h[:], prv) if err != nil { return nil, err } return tx.WithSignature(sig) }
// SignWithPassphrase signs hash if the private key matching the given address can be // decrypted with the given passphrase. func (am *Manager) SignWithPassphrase(addr common.Address, passphrase string, hash []byte) (signature []byte, err error) { _, key, err := am.getDecryptedKey(Account{Address: addr}, passphrase) if err != nil { return nil, err } defer zeroKey(key.PrivateKey) return crypto.Sign(hash, key.PrivateKey) }
// Sign signs hash with an unlocked private key matching the given address. func (am *Manager) Sign(addr common.Address, hash []byte) (signature []byte, err error) { am.mu.RLock() defer am.mu.RUnlock() unlockedKey, found := am.unlocked[addr] if !found { return nil, ErrLocked } return crypto.Sign(hash, unlockedKey.PrivateKey) }
func (am *Manager) Sign(a Account, toSign []byte) (signature []byte, err error) { am.mutex.RLock() defer am.mutex.RUnlock() unlockedKey, found := am.unlocked[a.Address] if !found { return nil, ErrLocked } signature, err = crypto.Sign(toSign, unlockedKey.PrivateKey) return signature, err }
// NewKeyedTransactor is a utility method to easily create a transaction signer // from a single private key. func NewKeyedTransactor(key *ecdsa.PrivateKey) *TransactOpts { keyAddr := crypto.PubkeyToAddress(key.PublicKey) return &TransactOpts{ From: keyAddr, Signer: func(address common.Address, tx *types.Transaction) (*types.Transaction, error) { if address != keyAddr { return nil, errors.New("not authorized to sign this account") } signature, err := crypto.Sign(tx.SigHash().Bytes(), key) if err != nil { return nil, err } return tx.WithSignature(signature) }, } }
func encodePacket(priv *ecdsa.PrivateKey, ptype byte, req interface{}) ([]byte, error) { b := new(bytes.Buffer) b.Write(headSpace) b.WriteByte(ptype) if err := rlp.Encode(b, req); err != nil { glog.V(logger.Error).Infoln("error encoding packet:", err) return nil, err } packet := b.Bytes() sig, err := crypto.Sign(crypto.Sha3(packet[headSize:]), priv) if err != nil { glog.V(logger.Error).Infoln("could not sign packet:", err) return nil, err } copy(packet[macSize:], sig) // add the hash to the front. Note: this doesn't protect the // packet in any way. Our public key will be part of this hash in // The future. copy(packet, crypto.Sha3(packet[macSize:])) return packet, nil }
// sign calculates and sets the cryptographic signature for the message , also // setting the sign flag. func (self *Message) sign(key *ecdsa.PrivateKey) (err error) { self.Flags |= signatureFlag self.Signature, err = crypto.Sign(self.hash(), key) return }