rippled
Loading...
Searching...
No Matches
SecretKey.cpp
1#include <xrpl/basics/Buffer.h>
2#include <xrpl/basics/Slice.h>
3#include <xrpl/basics/base_uint.h>
4#include <xrpl/basics/contract.h>
5#include <xrpl/basics/strHex.h>
6#include <xrpl/beast/utility/rngfill.h>
7#include <xrpl/crypto/csprng.h>
8#include <xrpl/crypto/secure_erase.h>
9#include <xrpl/protocol/KeyType.h>
10#include <xrpl/protocol/PublicKey.h>
11#include <xrpl/protocol/SecretKey.h>
12#include <xrpl/protocol/Seed.h>
13#include <xrpl/protocol/detail/secp256k1.h>
14#include <xrpl/protocol/digest.h>
15#include <xrpl/protocol/tokens.h>
16
17#include <boost/utility/string_view.hpp>
18
19#include <ed25519.h>
20#include <secp256k1.h>
21
22#include <algorithm>
23#include <array>
24#include <cstdint>
25#include <cstring>
26#include <optional>
27#include <stdexcept>
28#include <utility>
29
30namespace ripple {
31
36
41
42SecretKey::SecretKey(Slice const& slice)
43{
44 if (slice.size() != sizeof(buf_))
45 LogicError("SecretKey::SecretKey: invalid size");
46 std::memcpy(buf_, slice.data(), sizeof(buf_));
47}
48
49std::string
50SecretKey::to_string() const
51{
52 return strHex(*this);
53}
54
55namespace detail {
56
57void
58copy_uint32(std::uint8_t* out, std::uint32_t v)
59{
60 *out++ = v >> 24;
61 *out++ = (v >> 16) & 0xff;
62 *out++ = (v >> 8) & 0xff;
63 *out = v & 0xff;
64}
65
66uint256
67deriveDeterministicRootKey(Seed const& seed)
68{
69 // We fill this buffer with the seed and append a 32-bit "counter"
70 // that counts how many attempts we've had to make to generate a
71 // non-zero key that's less than the curve's order:
72 //
73 // 1 2
74 // 0 6 0
75 // buf |----------------|----|
76 // | seed | seq|
77
78 std::array<std::uint8_t, 20> buf;
79 std::copy(seed.begin(), seed.end(), buf.begin());
80
81 // The odds that this loop executes more than once are neglible
82 // but *just* in case someone managed to generate a key that required
83 // more iterations loop a few times.
84 for (std::uint32_t seq = 0; seq != 128; ++seq)
85 {
86 copy_uint32(buf.data() + 16, seq);
87
88 auto const ret = sha512Half(buf);
89
90 if (secp256k1_ec_seckey_verify(secp256k1Context(), ret.data()) == 1)
91 {
92 secure_erase(buf.data(), buf.size());
93 return ret;
94 }
95 }
96
97 Throw<std::runtime_error>("Unable to derive generator from seed");
98}
99
100//------------------------------------------------------------------------------
119class Generator
120{
121private:
122 uint256 root_;
123 std::array<std::uint8_t, 33> generator_;
124
125 uint256
126 calculateTweak(std::uint32_t seq) const
127 {
128 // We fill the buffer with the generator, the provided sequence
129 // and a 32-bit counter tracking the number of attempts we have
130 // already made looking for a non-zero key that's less than the
131 // curve's order:
132 // 3 3 4
133 // 0 pubGen 3 7 1
134 // buf |---------------------------------|----|----|
135 // | generator | seq| cnt|
136
137 std::array<std::uint8_t, 41> buf;
138 std::copy(generator_.begin(), generator_.end(), buf.begin());
139 copy_uint32(buf.data() + 33, seq);
140
141 // The odds that this loop executes more than once are neglible
142 // but we impose a maximum limit just in case.
143 for (std::uint32_t subseq = 0; subseq != 128; ++subseq)
144 {
145 copy_uint32(buf.data() + 37, subseq);
146
147 auto const ret = sha512Half_s(buf);
148
149 if (secp256k1_ec_seckey_verify(secp256k1Context(), ret.data()) == 1)
150 {
151 secure_erase(buf.data(), buf.size());
152 return ret;
153 }
154 }
155
156 Throw<std::runtime_error>("Unable to derive generator from seed");
157 }
158
159public:
160 explicit Generator(Seed const& seed)
161 : root_(deriveDeterministicRootKey(seed))
162 {
163 secp256k1_pubkey pubkey;
164 if (secp256k1_ec_pubkey_create(
165 secp256k1Context(), &pubkey, root_.data()) != 1)
166 LogicError("derivePublicKey: secp256k1_ec_pubkey_create failed");
167
168 auto len = generator_.size();
169
170 if (secp256k1_ec_pubkey_serialize(
171 secp256k1Context(),
172 generator_.data(),
173 &len,
174 &pubkey,
175 SECP256K1_EC_COMPRESSED) != 1)
176 LogicError("derivePublicKey: secp256k1_ec_pubkey_serialize failed");
177 }
178
184
186 std::pair<PublicKey, SecretKey>
187 operator()(std::size_t ordinal) const
188 {
189 // Generates Nth secret key:
190 auto gsk = [this, tweak = calculateTweak(ordinal)]() {
191 auto rpk = root_;
192
193 if (secp256k1_ec_seckey_tweak_add(
194 secp256k1Context(), rpk.data(), tweak.data()) == 1)
195 {
196 SecretKey sk{Slice{rpk.data(), rpk.size()}};
197 secure_erase(rpk.data(), rpk.size());
198 return sk;
199 }
200
201 LogicError("Unable to add a tweak!");
202 }();
203
204 return {derivePublicKey(KeyType::secp256k1, gsk), gsk};
205 }
206};
207
208} // namespace detail
209
210Buffer
211signDigest(PublicKey const& pk, SecretKey const& sk, uint256 const& digest)
212{
213 if (publicKeyType(pk.slice()) != KeyType::secp256k1)
214 LogicError("sign: secp256k1 required for digest signing");
215
216 BOOST_ASSERT(sk.size() == 32);
217 secp256k1_ecdsa_signature sig_imp;
218 if (secp256k1_ecdsa_sign(
219 secp256k1Context(),
220 &sig_imp,
221 reinterpret_cast<unsigned char const*>(digest.data()),
222 reinterpret_cast<unsigned char const*>(sk.data()),
223 secp256k1_nonce_function_rfc6979,
224 nullptr) != 1)
225 LogicError("sign: secp256k1_ecdsa_sign failed");
226
227 unsigned char sig[72];
228 size_t len = sizeof(sig);
229 if (secp256k1_ecdsa_signature_serialize_der(
230 secp256k1Context(), sig, &len, &sig_imp) != 1)
231 LogicError("sign: secp256k1_ecdsa_signature_serialize_der failed");
232
233 return Buffer{sig, len};
234}
235
236Buffer
237sign(PublicKey const& pk, SecretKey const& sk, Slice const& m)
238{
239 auto const type = publicKeyType(pk.slice());
240 if (!type)
241 LogicError("sign: invalid type");
242 switch (*type)
243 {
244 case KeyType::ed25519: {
245 Buffer b(64);
246 ed25519_sign(
247 m.data(), m.size(), sk.data(), pk.data() + 1, b.data());
248 return b;
249 }
250 case KeyType::secp256k1: {
251 sha512_half_hasher h;
252 h(m.data(), m.size());
253 auto const digest = sha512_half_hasher::result_type(h);
254
255 secp256k1_ecdsa_signature sig_imp;
256 if (secp256k1_ecdsa_sign(
257 secp256k1Context(),
258 &sig_imp,
259 reinterpret_cast<unsigned char const*>(digest.data()),
260 reinterpret_cast<unsigned char const*>(sk.data()),
261 secp256k1_nonce_function_rfc6979,
262 nullptr) != 1)
263 LogicError("sign: secp256k1_ecdsa_sign failed");
264
265 unsigned char sig[72];
266 size_t len = sizeof(sig);
267 if (secp256k1_ecdsa_signature_serialize_der(
268 secp256k1Context(), sig, &len, &sig_imp) != 1)
269 LogicError(
270 "sign: secp256k1_ecdsa_signature_serialize_der failed");
271
272 return Buffer{sig, len};
273 }
274 default:
275 LogicError("sign: invalid type");
276 }
277}
278
279SecretKey
280randomSecretKey()
281{
282 std::uint8_t buf[32];
283 beast::rngfill(buf, sizeof(buf), crypto_prng());
284 SecretKey sk(Slice{buf, sizeof(buf)});
285 secure_erase(buf, sizeof(buf));
286 return sk;
287}
288
289SecretKey
290generateSecretKey(KeyType type, Seed const& seed)
291{
292 if (type == KeyType::ed25519)
293 {
294 auto key = sha512Half_s(Slice(seed.data(), seed.size()));
295 SecretKey sk{Slice{key.data(), key.size()}};
296 secure_erase(key.data(), key.size());
297 return sk;
298 }
299
300 if (type == KeyType::secp256k1)
301 {
302 auto key = detail::deriveDeterministicRootKey(seed);
303 SecretKey sk{Slice{key.data(), key.size()}};
304 secure_erase(key.data(), key.size());
305 return sk;
306 }
307
308 LogicError("generateSecretKey: unknown key type");
309}
310
311PublicKey
312derivePublicKey(KeyType type, SecretKey const& sk)
313{
314 switch (type)
315 {
316 case KeyType::secp256k1: {
317 secp256k1_pubkey pubkey_imp;
318 if (secp256k1_ec_pubkey_create(
319 secp256k1Context(),
320 &pubkey_imp,
321 reinterpret_cast<unsigned char const*>(sk.data())) != 1)
322 LogicError(
323 "derivePublicKey: secp256k1_ec_pubkey_create failed");
324
325 unsigned char pubkey[33];
326 std::size_t len = sizeof(pubkey);
327 if (secp256k1_ec_pubkey_serialize(
328 secp256k1Context(),
329 pubkey,
330 &len,
331 &pubkey_imp,
332 SECP256K1_EC_COMPRESSED) != 1)
333 LogicError(
334 "derivePublicKey: secp256k1_ec_pubkey_serialize failed");
335
336 return PublicKey{Slice{pubkey, len}};
337 }
338 case KeyType::ed25519: {
339 unsigned char buf[33];
340 buf[0] = 0xED;
341 ed25519_publickey(sk.data(), &buf[1]);
342 return PublicKey(Slice{buf, sizeof(buf)});
343 }
344 default:
345 LogicError("derivePublicKey: bad key type");
346 };
347}
348
349std::pair<PublicKey, SecretKey>
350generateKeyPair(KeyType type, Seed const& seed)
351{
352 switch (type)
353 {
354 case KeyType::secp256k1: {
355 detail::Generator g(seed);
356 return g(0);
357 }
358 default:
359 case KeyType::ed25519: {
360 auto const sk = generateSecretKey(type, seed);
361 return {derivePublicKey(type, sk), sk};
362 }
363 }
364}
365
366std::pair<PublicKey, SecretKey>
367randomKeyPair(KeyType type)
368{
369 auto const sk = randomSecretKey();
370 return {derivePublicKey(type, sk), sk};
371}
372
373template <>
374std::optional<SecretKey>
375parseBase58(TokenType type, std::string const& s)
376{
377 auto const result = decodeBase58Token(s, type);
378 if (result.empty())
379 return std::nullopt;
380 if (result.size() != 32)
381 return std::nullopt;
382 return SecretKey(makeSlice(result));
383}
384
385} // namespace ripple
std::array::begin
T begin(T... args)
ripple::Buffer
Like std::vector<char> but better.
Definition Buffer.h:17
ripple::Buffer::data
std::uint8_t const * data() const noexcept
Return a pointer to beginning of the storage.
Definition Buffer.h:132
ripple::PublicKey
A public key.
Definition PublicKey.h:43
ripple::PublicKey::data
std::uint8_t const * data() const noexcept
Definition PublicKey.h:68
ripple::PublicKey::slice
Slice slice() const noexcept
Definition PublicKey.h:104
ripple::SecretKey
A secret key.
Definition SecretKey.h:19
ripple::SecretKey::data
std::uint8_t const * data() const
Definition SecretKey.h:37
ripple::SecretKey::size
std::size_t size() const
Definition SecretKey.h:43
ripple::SecretKey::buf_
std::uint8_t buf_[32]
Definition SecretKey.h:21
ripple::SecretKey::to_string
std::string to_string() const
Convert the secret key to a hexadecimal string.
Definition SecretKey.cpp:50
ripple::Seed
Seeds are used to generate deterministic secret keys.
Definition Seed.h:15
ripple::Seed::size
std::size_t size() const
Definition Seed.h:46
ripple::Seed::end
const_iterator end() const noexcept
Definition Seed.h:64
ripple::Seed::begin
const_iterator begin() const noexcept
Definition Seed.h:52
ripple::Seed::data
std::uint8_t const * data() const
Definition Seed.h:40
ripple::Slice
An immutable linear range of bytes.
Definition Slice.h:27
ripple::Slice::data
std::uint8_t const * data() const noexcept
Return a pointer to beginning of the storage.
Definition Slice.h:79
ripple::Slice::size
std::size_t size() const noexcept
Returns the number of bytes in the storage.
Definition Slice.h:62
ripple::base_uint< 256 >
ripple::base_uint::data
pointer data()
Definition base_uint.h:106
ripple::base_uint::size
static constexpr std::size_t size()
Definition base_uint.h:507
ripple::detail::Generator
Produces a sequence of secp256k1 key pairs.
Definition SecretKey.cpp:120
ripple::detail::Generator::calculateTweak
uint256 calculateTweak(std::uint32_t seq) const
Definition SecretKey.cpp:126
ripple::detail::Generator::generator_
std::array< std::uint8_t, 33 > generator_
Definition SecretKey.cpp:123
ripple::detail::Generator::operator()
std::pair< PublicKey, SecretKey > operator()(std::size_t ordinal) const
Generate the nth key pair.
Definition SecretKey.cpp:187
ripple::detail::Generator::Generator
Generator(Seed const &seed)
Definition SecretKey.cpp:160
std::copy
T copy(T... args)
std::array::data
T data(T... args)
std::array::end
T end(T... args)
std::is_same_v
T is_same_v
std::memcpy
T memcpy(T... args)
beast::rngfill
void rngfill(void *const buffer, std::size_t const bytes, Generator &g)
Definition rngfill.h:15
ripple::detail::copy_uint32
void copy_uint32(std::uint8_t *out, std::uint32_t v)
Definition SecretKey.cpp:58
ripple::detail::deriveDeterministicRootKey
uint256 deriveDeterministicRootKey(Seed const &seed)
Definition SecretKey.cpp:67
ripple
Use hash_* containers for keys that do not need a cryptographically secure hashing algorithm.
Definition algorithm.h:6
ripple::secp256k1Context
secp256k1_context const * secp256k1Context()
Definition secp256k1.h:10
ripple::sha512Half_s
sha512_half_hasher_s::result_type sha512Half_s(Args const &... args)
Returns the SHA512-Half of a series of objects.
Definition digest.h:221
ripple::TokenType
TokenType
Definition tokens.h:19
ripple::parseBase58
std::optional< AccountID > parseBase58(std::string const &s)
Parse AccountID from checked, base58 string.
Definition AccountID.cpp:105
ripple::generateKeyPair
std::pair< PublicKey, SecretKey > generateKeyPair(KeyType type, Seed const &seed)
Generate a key pair deterministically.
Definition SecretKey.cpp:350
ripple::crypto_prng
csprng_engine & crypto_prng()
The default cryptographically secure PRNG.
Definition libxrpl/crypto/csprng.cpp:84
ripple::derivePublicKey
PublicKey derivePublicKey(KeyType type, SecretKey const &sk)
Derive the public key from a secret key.
Definition SecretKey.cpp:312
ripple::generateSecretKey
SecretKey generateSecretKey(KeyType type, Seed const &seed)
Generate a new secret key deterministically.
Definition SecretKey.cpp:290
ripple::sign
Buffer sign(PublicKey const &pk, SecretKey const &sk, Slice const &message)
Generate a signature for a message.
Definition SecretKey.cpp:237
ripple::decodeBase58Token
std::string decodeBase58Token(std::string const &s, TokenType type)
Definition tokens.cpp:191
ripple::publicKeyType
std::optional< KeyType > publicKeyType(Slice const &slice)
Returns the type of public key.
Definition PublicKey.cpp:205
ripple::strHex
std::string strHex(FwdIt begin, FwdIt end)
Definition strHex.h:11
ripple::digest
static Hasher::result_type digest(void const *data, std::size_t size) noexcept
Definition tokens.cpp:138
ripple::makeSlice
std::enable_if_t< std::is_same< T, char >::value||std::is_same< T, unsigned char >::value, Slice > makeSlice(std::array< T, N > const &a)
Definition Slice.h:225
ripple::randomSecretKey
SecretKey randomSecretKey()
Create a secret key using secure random numbers.
Definition SecretKey.cpp:280
ripple::KeyType
KeyType
Definition KeyType.h:9
ripple::signDigest
Buffer signDigest(PublicKey const &pk, SecretKey const &sk, uint256 const &digest)
Generate a signature for a message digest.
Definition SecretKey.cpp:211
ripple::randomKeyPair
std::pair< PublicKey, SecretKey > randomKeyPair(KeyType type)
Create a key pair using secure random numbers.
Definition SecretKey.cpp:367
ripple::sha512Half
sha512_half_hasher::result_type sha512Half(Args const &... args)
Returns the SHA512-Half of a series of objects.
Definition digest.h:205
ripple::LogicError
void LogicError(std::string const &how) noexcept
Called when faulty logic causes a broken invariant.
Definition libxrpl/basics/contract.cpp:18
ripple::secure_erase
void secure_erase(void *dest, std::size_t bytes)
Attempts to clear the given blob of memory.
Definition secure_erase.cpp:10
std::array::size
T size(T... args)
ripple::detail::basic_sha512_half_hasher
Returns the SHA512-Half digest of a message.
Definition digest.h:153
ripple::detail::basic_sha512_half_hasher::result_type
uint256 result_type
Definition digest.h:160
Generated by doxygen 1.9.8