BIP32: HD key derivation, corresponding bindings and test vectors added
This commit is contained in:
parent
22796fe8a7
commit
e403fec849
101 changed files with 15287 additions and 267 deletions
4
.gitignore
vendored
4
.gitignore
vendored
|
@ -36,3 +36,7 @@ profile.cov
|
|||
|
||||
# tests
|
||||
src/.ethereumtest/
|
||||
#
|
||||
# golang
|
||||
cover.out
|
||||
cover.html
|
||||
|
|
|
@ -3,19 +3,17 @@ package extkeys
|
|||
import (
|
||||
"bytes"
|
||||
"crypto/ecdsa"
|
||||
"crypto/hmac"
|
||||
"crypto/rand"
|
||||
"crypto/sha256"
|
||||
"crypto/sha512"
|
||||
"encoding/binary"
|
||||
"encoding/hex"
|
||||
"errors"
|
||||
"github.com/ethereum/go-ethereum/accounts"
|
||||
"github.com/ethereum/go-ethereum/crypto"
|
||||
"github.com/ethereum/go-ethereum/crypto/secp256k1"
|
||||
"github.com/pborman/uuid"
|
||||
"golang.org/x/crypto/ripemd160"
|
||||
"io"
|
||||
"fmt"
|
||||
"math/big"
|
||||
|
||||
"github.com/btcsuite/btcd/btcec"
|
||||
"github.com/btcsuite/btcd/chaincfg"
|
||||
"github.com/btcsuite/btcd/chaincfg/chainhash"
|
||||
"github.com/btcsuite/btcutil"
|
||||
"github.com/btcsuite/btcutil/base58"
|
||||
)
|
||||
|
||||
// Implementation of BIP32 https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki
|
||||
|
@ -40,220 +38,290 @@ import (
|
|||
// TODO make sure we're doing this ^^^^ !!!!!!
|
||||
|
||||
const (
|
||||
HardenedKeyIndex = 0x80000000 // 2^31
|
||||
PublicKeyCompressedLength = 33
|
||||
// Each extended key has 2^31 normal child keys and 2^31 hardened child keys.
|
||||
// Thus the range for normal child keys is [0, 2^31 - 1] and the range for hardened child keys is [2^31, 2^32 - 1].
|
||||
HardenedKeyStart = 0x80000000 // 2^31
|
||||
|
||||
// MinSeedBytes is the minimum number of bytes allowed for a seed to a master node.
|
||||
MinSeedBytes = 16 // 128 bits
|
||||
|
||||
// MaxSeedBytes is the maximum number of bytes allowed for a seed to a master node.
|
||||
MaxSeedBytes = 64 // 512 bits
|
||||
|
||||
// serializedKeyLen is the length of a serialized public or private
|
||||
// extended key. It consists of 4 bytes version, 1 byte depth, 4 bytes
|
||||
// fingerprint, 4 bytes child number, 32 bytes chain code, and 33 bytes
|
||||
// public/private key data.
|
||||
serializedKeyLen = 4 + 1 + 4 + 4 + 32 + 33 // 78 bytes
|
||||
)
|
||||
|
||||
var (
|
||||
InvalidKeyErr = errors.New("Key is invalid")
|
||||
ErrInvalidKey = errors.New("key is invalid")
|
||||
ErrInvalidSeed = errors.New("seed is invalid")
|
||||
ErrInvalidSeedLen = fmt.Errorf("the recommended size of seed is %d-%d bits", MinSeedBytes, MaxSeedBytes)
|
||||
ErrDerivingPrivateFromPublic = errors.New("cannot derive private key from public key")
|
||||
ErrDerivingHardenedFromPublic = errors.New("cannot derive a hardened key from public key")
|
||||
ErrBadChecksum = errors.New("bad extended key checksum")
|
||||
ErrInvalidKeyLen = errors.New("serialized extended key length is invalid")
|
||||
|
||||
PrivateKeyVersion, _ = hex.DecodeString("0488ADE4")
|
||||
PublicKeyVersion, _ = hex.DecodeString("0488B21E")
|
||||
)
|
||||
|
||||
type HDKey struct {
|
||||
Key []byte // 33 bytes, the public key or private key data (serP(K) for public keys, 0x00 || ser256(k) for private keys)
|
||||
Chain []byte // 32 bytes, the chain code
|
||||
Depth byte // 1 byte, depth: 0x00 for master nodes, 0x01 for level-1 derived keys, ....
|
||||
ChildNumber []byte // 4 bytes, This is ser32(i) for i in xi = xpar/i, with xi the key being serialized. (0x00000000 if master key)
|
||||
FingerPrint []byte // 4 bytes, fingerprint of the parent's key (0x00000000 if master key)
|
||||
IsPrivate bool // unserialized
|
||||
type ExtendedKey struct {
|
||||
Version []byte // 4 bytes, mainnet: 0x0488B21E public, 0x0488ADE4 private; testnet: 0x043587CF public, 0x04358394 private
|
||||
Depth uint16 // 1 byte, depth: 0x00 for master nodes, 0x01 for level-1 derived keys, ....
|
||||
FingerPrint []byte // 4 bytes, fingerprint of the parent's key (0x00000000 if master key)
|
||||
ChildNumber uint32 // 4 bytes, This is ser32(i) for i in xi = xpar/i, with xi the key being serialized. (0x00000000 if master key)
|
||||
KeyData []byte // 33 bytes, the public key or private key data (serP(K) for public keys, 0x00 || ser256(k) for private keys)
|
||||
ChainCode []byte // 32 bytes, the chain code
|
||||
IsPrivate bool // (non-serialized) if false, this chain will only contain a public key and can only create a public key chain.
|
||||
CachedPubKeyData []byte // (non-serialized) used for memoization of public key (calculated from a private key)
|
||||
}
|
||||
|
||||
|
||||
|
||||
func hash160(data []byte) []byte {
|
||||
hasher := sha256.New()
|
||||
hasher.Write(data)
|
||||
// hash := sha256.Sum256(data)
|
||||
hasher = ripemd160.New()
|
||||
io.WriteString(hasher, string(hasher.Sum(nil)))
|
||||
return hasher.Sum(nil)
|
||||
}
|
||||
|
||||
func compressPublicKey(x *big.Int, y *big.Int) []byte {
|
||||
var key bytes.Buffer
|
||||
|
||||
// Write header; 0x2 for even y value; 0x3 for odd
|
||||
key.WriteByte(byte(0x2) + byte(y.Bit(0)))
|
||||
|
||||
// Write X coord; Pad the key so x is aligned with the LSB. Pad size is key length - header size (1) - xBytes size
|
||||
xBytes := x.Bytes()
|
||||
for i := 0; i < (PublicKeyCompressedLength - 1 - len(xBytes)); i++ {
|
||||
key.WriteByte(0x0)
|
||||
}
|
||||
key.Write(xBytes)
|
||||
|
||||
return key.Bytes()
|
||||
}
|
||||
|
||||
// As described at https://bitcointa.lk/threads/compressed-keys-y-from-x.95735/
|
||||
func expandPublicKey(key []byte) (*big.Int, *big.Int) {
|
||||
Y := big.NewInt(0)
|
||||
X := big.NewInt(0)
|
||||
qPlus1Div4 := big.NewInt(0)
|
||||
X.SetBytes(key[1:])
|
||||
|
||||
// y^2 = x^3 + ax^2 + b
|
||||
// a = 0
|
||||
// => y^2 = x^3 + b
|
||||
ySquared := X.Exp(X, big.NewInt(3), nil)
|
||||
ySquared.Add(ySquared, curveParams.B)
|
||||
|
||||
qPlus1Div4.Add(curveParams.P, big.NewInt(1))
|
||||
qPlus1Div4.Div(qPlus1Div4, big.NewInt(4))
|
||||
|
||||
// sqrt(n) = n^((q+1)/4) if q = 3 mod 4
|
||||
Y.Exp(ySquared, qPlus1Div4, curveParams.P)
|
||||
|
||||
if uint32(key[0])%2 == 0 {
|
||||
Y.Sub(curveParams.P, Y)
|
||||
}
|
||||
|
||||
return X, Y
|
||||
}
|
||||
|
||||
func addPublicKeys(key1 []byte, key2 []byte) []byte {
|
||||
x1, y1 := expandPublicKey(key1)
|
||||
x2, y2 := expandPublicKey(key2)
|
||||
return compressPublicKey(curve.Add(x1, y1, x2, y2))
|
||||
}
|
||||
|
||||
// use MnemonicSeed instead
|
||||
// Generate a seed byte sequence S of a chosen length
|
||||
// (between 128 and 512 bits; 256 bits is advised) from a (P)RNG.
|
||||
func RandSeed() ([]byte, error) {
|
||||
s := make([]byte, 32) // 256 bits
|
||||
_, err := rand.Read([]byte(s))
|
||||
return s, err
|
||||
}
|
||||
|
||||
// Derive MasterKey
|
||||
func MasterKey(seed []byte) (*HDKey, error) {
|
||||
|
||||
// Ensure seed is bigger than 128 bits and smaller than 512 bits
|
||||
// NewMaster creates new master node, root of HD chain/tree.
|
||||
// Both master and child nodes are of ExtendedKey type, and all the children derive from the root node.
|
||||
func NewMaster(seed, salt []byte) (*ExtendedKey, error) {
|
||||
// Ensure seed is within expected limits
|
||||
lseed := len(seed)
|
||||
if lseed < 16 || lseed > 64 {
|
||||
return nil, errors.New("The recommended size of seed is 128-512 bits")
|
||||
if lseed < MinSeedBytes || lseed > MaxSeedBytes {
|
||||
return nil, ErrInvalidSeedLen
|
||||
}
|
||||
|
||||
// Calculate I = HMAC-SHA512(Key = "Bitcoin seed", Data = S)
|
||||
hmac := hmac.New(sha512.New, []byte(Salt)) // Salt defined in mnemonic.go
|
||||
hmac.Write([]byte(seed))
|
||||
I := hmac.Sum(nil)
|
||||
|
||||
// Split I into two 32-byte sequences, IL and IR.
|
||||
// IL = master secret key
|
||||
// IR = master chain code
|
||||
key := I[:32]
|
||||
chain := I[32:]
|
||||
|
||||
// In case IL is 0 or ≥n, the master key is invalid.
|
||||
keyBigInt := new(big.Int).SetBytes(key)
|
||||
if keyBigInt.Cmp(secp256k1.S256().N) >= 0 || keyBigInt.Sign() == 0 {
|
||||
return nil, InvalidKeyErr
|
||||
secretKey, chainCode, err := splitHMAC(seed, salt)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
master := &HDKey{
|
||||
Key: key,
|
||||
Chain: chain,
|
||||
Depth: 0x0,
|
||||
ChildNumber: []byte{0x00, 0x00, 0x00, 0x00},
|
||||
master := &ExtendedKey{
|
||||
Version: PrivateKeyVersion,
|
||||
Depth: 0,
|
||||
FingerPrint: []byte{0x00, 0x00, 0x00, 0x00},
|
||||
ChildNumber: 0,
|
||||
KeyData: secretKey,
|
||||
ChainCode: chainCode,
|
||||
IsPrivate: true,
|
||||
}
|
||||
|
||||
return master, nil
|
||||
}
|
||||
|
||||
// TODO review
|
||||
func (parent *HDKey) ChildKey(i uint32) (*HDKey, error) {
|
||||
// There are four scenarios that could happen here:
|
||||
// 1) Private extended key -> Hardened child private extended key
|
||||
// 2) Private extended key -> Non-hardened child private extended key
|
||||
// 3) Public extended key -> Non-hardened child public extended key
|
||||
// 4) Public extended key -> Hardened child public extended key (INVALID!)
|
||||
|
||||
isChildHardened := i >= HardenedKeyIndex
|
||||
// Child derives extended key at a given index i.
|
||||
// If parent is private, then derived key is also private. If parent is public, then derived is public.
|
||||
//
|
||||
// If i >= HardenedKeyStart, then hardened key is generated.
|
||||
// You can only generate hardened keys from private parent keys.
|
||||
// If you try generating hardened key form public parent key, ErrDerivingHardenedFromPublic is returned.
|
||||
//
|
||||
// There are four CKD (child key derivation) scenarios:
|
||||
// 1) Private extended key -> Hardened child private extended key
|
||||
// 2) Private extended key -> Non-hardened child private extended key
|
||||
// 3) Public extended key -> Non-hardened child public extended key
|
||||
// 4) Public extended key -> Hardened child public extended key (INVALID!)
|
||||
func (parent *ExtendedKey) Child(i uint32) (*ExtendedKey, error) {
|
||||
// A hardened child may not be created from a public extended key (Case #4).
|
||||
isChildHardened := i >= HardenedKeyStart
|
||||
if !parent.IsPrivate && isChildHardened {
|
||||
return nil, errors.New("Cannot create hardened key from public key")
|
||||
return nil, ErrDerivingHardenedFromPublic
|
||||
}
|
||||
|
||||
childNumber := make([]byte, 4)
|
||||
binary.BigEndian.PutUint32(childNumber, i)
|
||||
|
||||
var data []byte
|
||||
keyLen := 33
|
||||
seed := make([]byte, keyLen+4)
|
||||
if isChildHardened {
|
||||
data = append([]byte{0x0}, parent.Key...)
|
||||
// Case #1: 0x00 || ser256(parentKey) || ser32(i)
|
||||
copy(seed[1:], parent.KeyData) // 0x00 || ser256(parentKey)
|
||||
} else {
|
||||
// TODO verify
|
||||
data = compressPublicKey(secp256k1.S256().ScalarBaseMult(parent.Key))
|
||||
// Case #2 and #3: serP(parentPubKey) || ser32(i)
|
||||
copy(seed, parent.pubKeyBytes())
|
||||
}
|
||||
data = append(data, childNumber...)
|
||||
binary.BigEndian.PutUint32(seed[keyLen:], i)
|
||||
|
||||
hmac := hmac.New(sha512.New, parent.Chain)
|
||||
hmac.Write(data)
|
||||
I := hmac.Sum(nil)
|
||||
|
||||
// Split I into two 32-byte sequences, IL and IR.
|
||||
// IL = master secret key
|
||||
// IR = master chain code
|
||||
key := I[:32]
|
||||
chain := I[32:]
|
||||
|
||||
// In case IL is 0 or ≥n, the master key is invalid.
|
||||
keyBigInt := new(big.Int).SetBytes(key)
|
||||
if keyBigInt.Cmp(secp256k1.S256().N) >= 0 || keyBigInt.Sign() == 0 {
|
||||
return nil, InvalidKeyErr
|
||||
secretKey, chainCode, err := splitHMAC(seed, parent.ChainCode)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
child := &HDKey{
|
||||
// Key:
|
||||
Chain: chain,
|
||||
child := &ExtendedKey{
|
||||
ChainCode: chainCode,
|
||||
Depth: parent.Depth + 1,
|
||||
ChildNumber: childNumber,
|
||||
// FingerPrint:
|
||||
IsPrivate: parent.IsPrivate,
|
||||
ChildNumber: i,
|
||||
IsPrivate: parent.IsPrivate,
|
||||
// The fingerprint for the derived child is the first 4 bytes of parent's
|
||||
FingerPrint: btcutil.Hash160(parent.pubKeyBytes())[:4],
|
||||
}
|
||||
|
||||
if parent.IsPrivate {
|
||||
// Case #1 or #2.
|
||||
// Add the parent private key to the intermediate private key to
|
||||
// derive the final child key.
|
||||
|
||||
parentKeyBigInt := new(big.Int).SetBytes(parent.Key)
|
||||
// Case #1 or #2: childKey = parse256(IL) + parentKey
|
||||
parentKeyBigInt := new(big.Int).SetBytes(parent.KeyData)
|
||||
keyBigInt := new(big.Int).SetBytes(secretKey)
|
||||
keyBigInt.Add(keyBigInt, parentKeyBigInt)
|
||||
keyBigInt.Mod(keyBigInt, secp256k1.S256().N)
|
||||
child.Key = keyBigInt.Bytes()
|
||||
child.FingerPrint = hash160(compressPublicKey(secp256k1.S256().ScalarBaseMult(parent.Key)))[:4]
|
||||
} else {
|
||||
// Case #3.
|
||||
// Calculate the corresponding intermediate public key for
|
||||
// intermediate private key.
|
||||
keyBigInt.Mod(keyBigInt, btcec.S256().N)
|
||||
|
||||
keyx, keyy := secp256k1.S256().ScalarBaseMult(key)
|
||||
child.KeyData = keyBigInt.Bytes()
|
||||
child.Version = PrivateKeyVersion
|
||||
} else {
|
||||
// Case #3: childKey = serP(point(parse256(IL)) + parentKey)
|
||||
|
||||
// Calculate the corresponding intermediate public key for intermediate private key.
|
||||
keyx, keyy := btcec.S256().ScalarBaseMult(secretKey)
|
||||
if keyx.Sign() == 0 || keyy.Sign() == 0 {
|
||||
return nil, InvalidKeyErr
|
||||
return nil, ErrInvalidKey
|
||||
}
|
||||
|
||||
publicKey := compressPublicKey(keyx, keyy)
|
||||
|
||||
// TODO verify
|
||||
|
||||
child.Key = addPublicKeys(publicKey, parent.Key)
|
||||
child.FingerPrint = hash160(parent.Key)[:4] // Not Private key so Key is public
|
||||
// Convert the serialized compressed parent public key into X and Y coordinates
|
||||
// so it can be added to the intermediate public key.
|
||||
pubKey, err := btcec.ParsePubKey(parent.KeyData, btcec.S256())
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// childKey = serP(point(parse256(IL)) + parentKey)
|
||||
childX, childY := btcec.S256().Add(keyx, keyy, pubKey.X, pubKey.Y)
|
||||
pk := btcec.PublicKey{Curve: btcec.S256(), X: childX, Y: childY}
|
||||
child.KeyData = pk.SerializeCompressed()
|
||||
child.Version = PublicKeyVersion
|
||||
}
|
||||
return child, nil
|
||||
}
|
||||
|
||||
func (hdkey *HDKey) ECKey() (*accounts.Key, error) {
|
||||
reader := bytes.NewReader(hdkey.Key)
|
||||
privateKeyECDSA, err := ecdsa.GenerateKey(secp256k1.S256(), reader)
|
||||
func (k *ExtendedKey) Neuter() (*ExtendedKey, error) {
|
||||
// Already an extended public key.
|
||||
if !k.IsPrivate {
|
||||
return k, nil
|
||||
}
|
||||
|
||||
// Get the associated public extended key version bytes.
|
||||
version, err := chaincfg.HDPrivateKeyToPublicKeyID(k.Version)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
key := &accounts.Key{
|
||||
Id: uuid.NewRandom(),
|
||||
Address: crypto.PubkeyToAddress(privateKeyECDSA.PublicKey),
|
||||
PrivateKey: privateKeyECDSA,
|
||||
}
|
||||
return key, nil
|
||||
|
||||
// Convert it to an extended public key. The key for the new extended
|
||||
// key will simply be the pubkey of the current extended private key.
|
||||
return &ExtendedKey{
|
||||
Version: version,
|
||||
KeyData: k.pubKeyBytes(),
|
||||
ChainCode: k.ChainCode,
|
||||
FingerPrint: k.FingerPrint,
|
||||
Depth: k.Depth,
|
||||
ChildNumber: k.ChildNumber,
|
||||
IsPrivate: false,
|
||||
}, nil
|
||||
}
|
||||
|
||||
// String returns the extended key as a human-readable base58-encoded string.
|
||||
func (k *ExtendedKey) String() string {
|
||||
if len(k.KeyData) == 0 {
|
||||
return "zeroed extended key"
|
||||
}
|
||||
|
||||
var childNumBytes [4]byte
|
||||
depthByte := byte(k.Depth % 256)
|
||||
binary.BigEndian.PutUint32(childNumBytes[:], k.ChildNumber)
|
||||
|
||||
// The serialized format is:
|
||||
// version (4) || depth (1) || parent fingerprint (4)) ||
|
||||
// child num (4) || chain code (32) || key data (33) || checksum (4)
|
||||
serializedBytes := make([]byte, 0, serializedKeyLen+4)
|
||||
serializedBytes = append(serializedBytes, k.Version...)
|
||||
serializedBytes = append(serializedBytes, depthByte)
|
||||
serializedBytes = append(serializedBytes, k.FingerPrint...)
|
||||
serializedBytes = append(serializedBytes, childNumBytes[:]...)
|
||||
serializedBytes = append(serializedBytes, k.ChainCode...)
|
||||
if k.IsPrivate {
|
||||
serializedBytes = append(serializedBytes, 0x00)
|
||||
serializedBytes = paddedAppend(32, serializedBytes, k.KeyData)
|
||||
} else {
|
||||
serializedBytes = append(serializedBytes, k.pubKeyBytes()...)
|
||||
}
|
||||
|
||||
checkSum := chainhash.DoubleHashB(serializedBytes)[:4]
|
||||
serializedBytes = append(serializedBytes, checkSum...)
|
||||
return base58.Encode(serializedBytes)
|
||||
}
|
||||
|
||||
// pubKeyBytes returns bytes for the serialized compressed public key associated
|
||||
// with this extended key in an efficient manner including memoization as
|
||||
// necessary.
|
||||
//
|
||||
// When the extended key is already a public key, the key is simply returned as
|
||||
// is since it's already in the correct form. However, when the extended key is
|
||||
// a private key, the public key will be calculated and memoized so future
|
||||
// accesses can simply return the cached result.
|
||||
func (k *ExtendedKey) pubKeyBytes() []byte {
|
||||
// Just return the key if it's already an extended public key.
|
||||
if !k.IsPrivate {
|
||||
return k.KeyData
|
||||
}
|
||||
|
||||
pkx, pky := btcec.S256().ScalarBaseMult(k.KeyData)
|
||||
pubKey := btcec.PublicKey{Curve: btcec.S256(), X: pkx, Y: pky}
|
||||
return pubKey.SerializeCompressed()
|
||||
}
|
||||
|
||||
// ToECDSA returns the key data as ecdsa.PrivateKey
|
||||
func (k *ExtendedKey) ToECDSA() *ecdsa.PrivateKey {
|
||||
privKey, _ := btcec.PrivKeyFromBytes(btcec.S256(), k.KeyData)
|
||||
return privKey.ToECDSA()
|
||||
}
|
||||
|
||||
// NewKeyFromString returns a new extended key instance from a base58-encoded
|
||||
// extended key.
|
||||
func NewKeyFromString(key string) (*ExtendedKey, error) {
|
||||
// The base58-decoded extended key must consist of a serialized payload
|
||||
// plus an additional 4 bytes for the checksum.
|
||||
decoded := base58.Decode(key)
|
||||
if len(decoded) != serializedKeyLen+4 {
|
||||
return nil, ErrInvalidKeyLen
|
||||
}
|
||||
|
||||
// The serialized format is:
|
||||
// version (4) || depth (1) || parent fingerprint (4)) ||
|
||||
// child num (4) || chain code (32) || key data (33) || checksum (4)
|
||||
|
||||
// Split the payload and checksum up and ensure the checksum matches.
|
||||
payload := decoded[:len(decoded)-4]
|
||||
checkSum := decoded[len(decoded)-4:]
|
||||
expectedCheckSum := chainhash.DoubleHashB(payload)[:4]
|
||||
if !bytes.Equal(checkSum, expectedCheckSum) {
|
||||
return nil, ErrBadChecksum
|
||||
}
|
||||
|
||||
// Deserialize each of the payload fields.
|
||||
version := payload[:4]
|
||||
depth := uint16(payload[4:5][0])
|
||||
fingerPrint := payload[5:9]
|
||||
childNumber := binary.BigEndian.Uint32(payload[9:13])
|
||||
chainCode := payload[13:45]
|
||||
keyData := payload[45:78]
|
||||
|
||||
// The key data is a private key if it starts with 0x00. Serialized
|
||||
// compressed pubkeys either start with 0x02 or 0x03.
|
||||
isPrivate := keyData[0] == 0x00
|
||||
if isPrivate {
|
||||
// Ensure the private key is valid. It must be within the range
|
||||
// of the order of the secp256k1 curve and not be 0.
|
||||
keyData = keyData[1:]
|
||||
keyNum := new(big.Int).SetBytes(keyData)
|
||||
if keyNum.Cmp(btcec.S256().N) >= 0 || keyNum.Sign() == 0 {
|
||||
return nil, ErrInvalidSeed
|
||||
}
|
||||
} else {
|
||||
// Ensure the public key parses correctly and is actually on the
|
||||
// secp256k1 curve.
|
||||
_, err := btcec.ParsePubKey(keyData, btcec.S256())
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
return &ExtendedKey{
|
||||
Version: version,
|
||||
KeyData: keyData,
|
||||
ChainCode: chainCode,
|
||||
FingerPrint: fingerPrint,
|
||||
Depth: depth,
|
||||
ChildNumber: childNumber,
|
||||
IsPrivate: isPrivate,
|
||||
}, nil
|
||||
}
|
||||
|
|
|
@ -1,21 +1,515 @@
|
|||
package extkeys
|
||||
package extkeys_test
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"encoding/hex"
|
||||
"errors"
|
||||
"reflect"
|
||||
"testing"
|
||||
|
||||
"github.com/btcsuite/btcd/chaincfg"
|
||||
"github.com/status-im/status-go/src/extkeys"
|
||||
)
|
||||
|
||||
// TODO implement test vectors
|
||||
|
||||
func TestNewKey(t *testing.T) {
|
||||
seed, err := RandSeed()
|
||||
t.Log(len(seed))
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
func TestBIP32Vectors(t *testing.T) {
|
||||
hkStart := uint32(0x80000000)
|
||||
tests := []struct {
|
||||
name string
|
||||
seed string
|
||||
path []uint32
|
||||
pubKey string
|
||||
privKey string
|
||||
}{
|
||||
// Test vector 1
|
||||
{
|
||||
"test vector 1 chain m",
|
||||
"000102030405060708090a0b0c0d0e0f",
|
||||
[]uint32{},
|
||||
"xpub661MyMwAqRbcFtXgS5sYJABqqG9YLmC4Q1Rdap9gSE8NqtwybGhePY2gZ29ESFjqJoCu1Rupje8YtGqsefD265TMg7usUDFdp6W1EGMcet8",
|
||||
"xprv9s21ZrQH143K3QTDL4LXw2F7HEK3wJUD2nW2nRk4stbPy6cq3jPPqjiChkVvvNKmPGJxWUtg6LnF5kejMRNNU3TGtRBeJgk33yuGBxrMPHi",
|
||||
},
|
||||
{
|
||||
"test vector 1 chain m/0H",
|
||||
"000102030405060708090a0b0c0d0e0f",
|
||||
[]uint32{hkStart},
|
||||
"xpub68Gmy5EdvgibQVfPdqkBBCHxA5htiqg55crXYuXoQRKfDBFA1WEjWgP6LHhwBZeNK1VTsfTFUHCdrfp1bgwQ9xv5ski8PX9rL2dZXvgGDnw",
|
||||
"xprv9uHRZZhk6KAJC1avXpDAp4MDc3sQKNxDiPvvkX8Br5ngLNv1TxvUxt4cV1rGL5hj6KCesnDYUhd7oWgT11eZG7XnxHrnYeSvkzY7d2bhkJ7",
|
||||
},
|
||||
{
|
||||
"test vector 1 chain m/0H/1",
|
||||
"000102030405060708090a0b0c0d0e0f",
|
||||
[]uint32{hkStart, 1},
|
||||
"xpub6ASuArnXKPbfEwhqN6e3mwBcDTgzisQN1wXN9BJcM47sSikHjJf3UFHKkNAWbWMiGj7Wf5uMash7SyYq527Hqck2AxYysAA7xmALppuCkwQ",
|
||||
"xprv9wTYmMFdV23N2TdNG573QoEsfRrWKQgWeibmLntzniatZvR9BmLnvSxqu53Kw1UmYPxLgboyZQaXwTCg8MSY3H2EU4pWcQDnRnrVA1xe8fs",
|
||||
},
|
||||
{
|
||||
"test vector 1 chain m/0H/1/2H",
|
||||
"000102030405060708090a0b0c0d0e0f",
|
||||
[]uint32{hkStart, 1, hkStart + 2},
|
||||
"xpub6D4BDPcP2GT577Vvch3R8wDkScZWzQzMMUm3PWbmWvVJrZwQY4VUNgqFJPMM3No2dFDFGTsxxpG5uJh7n7epu4trkrX7x7DogT5Uv6fcLW5",
|
||||
"xprv9z4pot5VBttmtdRTWfWQmoH1taj2axGVzFqSb8C9xaxKymcFzXBDptWmT7FwuEzG3ryjH4ktypQSAewRiNMjANTtpgP4mLTj34bhnZX7UiM",
|
||||
},
|
||||
{
|
||||
"test vector 1 chain m/0H/1/2H/2",
|
||||
"000102030405060708090a0b0c0d0e0f",
|
||||
[]uint32{hkStart, 1, hkStart + 2, 2},
|
||||
"xpub6FHa3pjLCk84BayeJxFW2SP4XRrFd1JYnxeLeU8EqN3vDfZmbqBqaGJAyiLjTAwm6ZLRQUMv1ZACTj37sR62cfN7fe5JnJ7dh8zL4fiyLHV",
|
||||
"xprvA2JDeKCSNNZky6uBCviVfJSKyQ1mDYahRjijr5idH2WwLsEd4Hsb2Tyh8RfQMuPh7f7RtyzTtdrbdqqsunu5Mm3wDvUAKRHSC34sJ7in334",
|
||||
},
|
||||
{
|
||||
"test vector 1 chain m/0H/1/2H/2/1000000000",
|
||||
"000102030405060708090a0b0c0d0e0f",
|
||||
[]uint32{hkStart, 1, hkStart + 2, 2, 1000000000},
|
||||
"xpub6H1LXWLaKsWFhvm6RVpEL9P4KfRZSW7abD2ttkWP3SSQvnyA8FSVqNTEcYFgJS2UaFcxupHiYkro49S8yGasTvXEYBVPamhGW6cFJodrTHy",
|
||||
"xprvA41z7zogVVwxVSgdKUHDy1SKmdb533PjDz7J6N6mV6uS3ze1ai8FHa8kmHScGpWmj4WggLyQjgPie1rFSruoUihUZREPSL39UNdE3BBDu76",
|
||||
},
|
||||
// Test vector 2
|
||||
{
|
||||
"test vector 2 chain m",
|
||||
"fffcf9f6f3f0edeae7e4e1dedbd8d5d2cfccc9c6c3c0bdbab7b4b1aeaba8a5a29f9c999693908d8a8784817e7b7875726f6c696663605d5a5754514e4b484542",
|
||||
[]uint32{},
|
||||
"xpub661MyMwAqRbcFW31YEwpkMuc5THy2PSt5bDMsktWQcFF8syAmRUapSCGu8ED9W6oDMSgv6Zz8idoc4a6mr8BDzTJY47LJhkJ8UB7WEGuduB",
|
||||
"xprv9s21ZrQH143K31xYSDQpPDxsXRTUcvj2iNHm5NUtrGiGG5e2DtALGdso3pGz6ssrdK4PFmM8NSpSBHNqPqm55Qn3LqFtT2emdEXVYsCzC2U",
|
||||
},
|
||||
{
|
||||
"test vector 2 chain m/0",
|
||||
"fffcf9f6f3f0edeae7e4e1dedbd8d5d2cfccc9c6c3c0bdbab7b4b1aeaba8a5a29f9c999693908d8a8784817e7b7875726f6c696663605d5a5754514e4b484542",
|
||||
[]uint32{0},
|
||||
"xpub69H7F5d8KSRgmmdJg2KhpAK8SR3DjMwAdkxj3ZuxV27CprR9LgpeyGmXUbC6wb7ERfvrnKZjXoUmmDznezpbZb7ap6r1D3tgFxHmwMkQTPH",
|
||||
"xprv9vHkqa6EV4sPZHYqZznhT2NPtPCjKuDKGY38FBWLvgaDx45zo9WQRUT3dKYnjwih2yJD9mkrocEZXo1ex8G81dwSM1fwqWpWkeS3v86pgKt",
|
||||
},
|
||||
{
|
||||
"test vector 2 chain m/0/2147483647H",
|
||||
"fffcf9f6f3f0edeae7e4e1dedbd8d5d2cfccc9c6c3c0bdbab7b4b1aeaba8a5a29f9c999693908d8a8784817e7b7875726f6c696663605d5a5754514e4b484542",
|
||||
[]uint32{0, hkStart + 2147483647},
|
||||
"xpub6ASAVgeehLbnwdqV6UKMHVzgqAG8Gr6riv3Fxxpj8ksbH9ebxaEyBLZ85ySDhKiLDBrQSARLq1uNRts8RuJiHjaDMBU4Zn9h8LZNnBC5y4a",
|
||||
"xprv9wSp6B7kry3Vj9m1zSnLvN3xH8RdsPP1Mh7fAaR7aRLcQMKTR2vidYEeEg2mUCTAwCd6vnxVrcjfy2kRgVsFawNzmjuHc2YmYRmagcEPdU9",
|
||||
},
|
||||
{
|
||||
"test vector 2 chain m/0/2147483647H/1",
|
||||
"fffcf9f6f3f0edeae7e4e1dedbd8d5d2cfccc9c6c3c0bdbab7b4b1aeaba8a5a29f9c999693908d8a8784817e7b7875726f6c696663605d5a5754514e4b484542",
|
||||
[]uint32{0, hkStart + 2147483647, 1},
|
||||
"xpub6DF8uhdarytz3FWdA8TvFSvvAh8dP3283MY7p2V4SeE2wyWmG5mg5EwVvmdMVCQcoNJxGoWaU9DCWh89LojfZ537wTfunKau47EL2dhHKon",
|
||||
"xprv9zFnWC6h2cLgpmSA46vutJzBcfJ8yaJGg8cX1e5StJh45BBciYTRXSd25UEPVuesF9yog62tGAQtHjXajPPdbRCHuWS6T8XA2ECKADdw4Ef",
|
||||
},
|
||||
{
|
||||
"test vector 2 chain m/0/2147483647H/1/2147483646H",
|
||||
"fffcf9f6f3f0edeae7e4e1dedbd8d5d2cfccc9c6c3c0bdbab7b4b1aeaba8a5a29f9c999693908d8a8784817e7b7875726f6c696663605d5a5754514e4b484542",
|
||||
[]uint32{0, hkStart + 2147483647, 1, hkStart + 2147483646},
|
||||
"xpub6ERApfZwUNrhLCkDtcHTcxd75RbzS1ed54G1LkBUHQVHQKqhMkhgbmJbZRkrgZw4koxb5JaHWkY4ALHY2grBGRjaDMzQLcgJvLJuZZvRcEL",
|
||||
"xprvA1RpRA33e1JQ7ifknakTFpgNXPmW2YvmhqLQYMmrj4xJXXWYpDPS3xz7iAxn8L39njGVyuoseXzU6rcxFLJ8HFsTjSyQbLYnMpCqE2VbFWc",
|
||||
},
|
||||
{
|
||||
"test vector 2 chain m/0/2147483647H/1/2147483646H/2",
|
||||
"fffcf9f6f3f0edeae7e4e1dedbd8d5d2cfccc9c6c3c0bdbab7b4b1aeaba8a5a29f9c999693908d8a8784817e7b7875726f6c696663605d5a5754514e4b484542",
|
||||
[]uint32{0, hkStart + 2147483647, 1, hkStart + 2147483646, 2},
|
||||
"xpub6FnCn6nSzZAw5Tw7cgR9bi15UV96gLZhjDstkXXxvCLsUXBGXPdSnLFbdpq8p9HmGsApME5hQTZ3emM2rnY5agb9rXpVGyy3bdW6EEgAtqt",
|
||||
"xprvA2nrNbFZABcdryreWet9Ea4LvTJcGsqrMzxHx98MMrotbir7yrKCEXw7nadnHM8Dq38EGfSh6dqA9QWTyefMLEcBYJUuekgW4BYPJcr9E7j",
|
||||
},
|
||||
}
|
||||
|
||||
key, err := MasterKey(seed)
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
tests:
|
||||
for i, test := range tests {
|
||||
seed, err := hex.DecodeString(test.seed)
|
||||
if err != nil {
|
||||
t.Errorf("DecodeString #%d (%s): %v", i, test.name, err)
|
||||
continue
|
||||
}
|
||||
|
||||
extKey, err := extkeys.NewMaster(seed, []byte("Bitcoin seed"))
|
||||
if err != nil {
|
||||
t.Errorf("NewMasterKey #%d (%s): %v", i, test.name, err)
|
||||
continue
|
||||
}
|
||||
|
||||
if !extKey.IsPrivate {
|
||||
t.Errorf("Master node must feature private key")
|
||||
continue
|
||||
}
|
||||
|
||||
for _, ind := range test.path {
|
||||
extKey, err = extKey.Child(ind)
|
||||
if err != nil {
|
||||
t.Errorf("cannot derive child: %v", err)
|
||||
continue tests
|
||||
}
|
||||
}
|
||||
|
||||
privKeyStr := extKey.String()
|
||||
if privKeyStr != test.privKey {
|
||||
t.Errorf("%d (%s): private key mismatch (expects: %s, got: %s)", i, test.name, test.privKey, privKeyStr)
|
||||
continue
|
||||
} else {
|
||||
t.Logf("test %d (%s): %s", i, test.name, extKey.String())
|
||||
}
|
||||
|
||||
pubKey, err := extKey.Neuter()
|
||||
if err != nil {
|
||||
t.Errorf("failed to Neuter key #%d (%s): %v", i, test.name, err)
|
||||
return
|
||||
}
|
||||
|
||||
// neutering twice should have no effect
|
||||
pubKey, err = pubKey.Neuter()
|
||||
if err != nil {
|
||||
t.Errorf("failed to Neuter key #%d (%s): %v", i, test.name, err)
|
||||
return
|
||||
}
|
||||
|
||||
pubKeyStr := pubKey.String()
|
||||
if pubKeyStr != test.pubKey {
|
||||
t.Errorf("%d (%s): public key mismatch (expects: %s, got: %s)", i, test.name, test.pubKey, pubKeyStr)
|
||||
continue
|
||||
} else {
|
||||
t.Logf("test %d (%s, public): %s", i, test.name, extKey.String())
|
||||
}
|
||||
|
||||
}
|
||||
t.Log(key)
|
||||
}
|
||||
|
||||
func TestPrivateChildDerivation(t *testing.T) {
|
||||
// The private extended keys for test vectors in [BIP32].
|
||||
testVec1MasterPrivKey := "xprv9s21ZrQH143K3QTDL4LXw2F7HEK3wJUD2nW2nRk4stbPy6cq3jPPqjiChkVvvNKmPGJxWUtg6LnF5kejMRNNU3TGtRBeJgk33yuGBxrMPHi"
|
||||
testVec2MasterPrivKey := "xprv9s21ZrQH143K31xYSDQpPDxsXRTUcvj2iNHm5NUtrGiGG5e2DtALGdso3pGz6ssrdK4PFmM8NSpSBHNqPqm55Qn3LqFtT2emdEXVYsCzC2U"
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
master string
|
||||
path []uint32
|
||||
wantPriv string
|
||||
}{
|
||||
// Test vector 1
|
||||
{
|
||||
name: "test vector 1 chain m",
|
||||
master: testVec1MasterPrivKey,
|
||||
path: []uint32{},
|
||||
wantPriv: "xprv9s21ZrQH143K3QTDL4LXw2F7HEK3wJUD2nW2nRk4stbPy6cq3jPPqjiChkVvvNKmPGJxWUtg6LnF5kejMRNNU3TGtRBeJgk33yuGBxrMPHi",
|
||||
},
|
||||
{
|
||||
name: "test vector 1 chain m/0",
|
||||
master: testVec1MasterPrivKey,
|
||||
path: []uint32{0},
|
||||
wantPriv: "xprv9uHRZZhbkedL37eZEnyrNsQPFZYRAvjy5rt6M1nbEkLSo378x1CQQLo2xxBvREwiK6kqf7GRNvsNEchwibzXaV6i5GcsgyjBeRguXhKsi4R",
|
||||
},
|
||||
{
|
||||
name: "test vector 1 chain m/0/1",
|
||||
master: testVec1MasterPrivKey,
|
||||
path: []uint32{0, 1},
|
||||
wantPriv: "xprv9ww7sMFLzJMzy7bV1qs7nGBxgKYrgcm3HcJvGb4yvNhT9vxXC7eX7WVULzCfxucFEn2TsVvJw25hH9d4mchywguGQCZvRgsiRaTY1HCqN8G",
|
||||
},
|
||||
{
|
||||
name: "test vector 1 chain m/0/1/2",
|
||||
master: testVec1MasterPrivKey,
|
||||
path: []uint32{0, 1, 2},
|
||||
wantPriv: "xprv9xrdP7iD2L1YZCgR9AecDgpDMZSTzP5KCfUykGXgjBxLgp1VFHsEeL3conzGAkbc1MigG1o8YqmfEA2jtkPdf4vwMaGJC2YSDbBTPAjfRUi",
|
||||
},
|
||||
{
|
||||
name: "test vector 1 chain m/0/1/2/2",
|
||||
master: testVec1MasterPrivKey,
|
||||
path: []uint32{0, 1, 2, 2},
|
||||
wantPriv: "xprvA2J8Hq4eiP7xCEBP7gzRJGJnd9CHTkEU6eTNMrZ6YR7H5boik8daFtDZxmJDfdMSKHwroCfAfsBKWWidRfBQjpegy6kzXSkQGGoMdWKz5Xh",
|
||||
},
|
||||
{
|
||||
name: "test vector 1 chain m/0/1/2/2/1000000000",
|
||||
master: testVec1MasterPrivKey,
|
||||
path: []uint32{0, 1, 2, 2, 1000000000},
|
||||
wantPriv: "xprvA3XhazxncJqJsQcG85Gg61qwPQKiobAnWjuPpjKhExprZjfse6nErRwTMwGe6uGWXPSykZSTiYb2TXAm7Qhwj8KgRd2XaD21Styu6h6AwFz",
|
||||
},
|
||||
|
||||
// Test vector 2
|
||||
{
|
||||
name: "test vector 2 chain m",
|
||||
master: testVec2MasterPrivKey,
|
||||
path: []uint32{},
|
||||
wantPriv: "xprv9s21ZrQH143K31xYSDQpPDxsXRTUcvj2iNHm5NUtrGiGG5e2DtALGdso3pGz6ssrdK4PFmM8NSpSBHNqPqm55Qn3LqFtT2emdEXVYsCzC2U",
|
||||
},
|
||||
{
|
||||
name: "test vector 2 chain m/0",
|
||||
master: testVec2MasterPrivKey,
|
||||
path: []uint32{0},
|
||||
wantPriv: "xprv9vHkqa6EV4sPZHYqZznhT2NPtPCjKuDKGY38FBWLvgaDx45zo9WQRUT3dKYnjwih2yJD9mkrocEZXo1ex8G81dwSM1fwqWpWkeS3v86pgKt",
|
||||
},
|
||||
{
|
||||
name: "test vector 2 chain m/0/2147483647",
|
||||
master: testVec2MasterPrivKey,
|
||||
path: []uint32{0, 2147483647},
|
||||
wantPriv: "xprv9wSp6B7cXJWXZRpDbxkFg3ry2fuSyUfvboJ5Yi6YNw7i1bXmq9QwQ7EwMpeG4cK2pnMqEx1cLYD7cSGSCtruGSXC6ZSVDHugMsZgbuY62m6",
|
||||
},
|
||||
{
|
||||
name: "test vector 2 chain m/0/2147483647/1",
|
||||
master: testVec2MasterPrivKey,
|
||||
path: []uint32{0, 2147483647, 1},
|
||||
wantPriv: "xprv9ysS5br6UbWCRCJcggvpUNMyhVWgD7NypY9gsVTMYmuRtZg8izyYC5Ey4T931WgWbfJwRDwfVFqV3b29gqHDbuEpGcbzf16pdomk54NXkSm",
|
||||
},
|
||||
{
|
||||
name: "test vector 2 chain m/0/2147483647/1/2147483646",
|
||||
master: testVec2MasterPrivKey,
|
||||
path: []uint32{0, 2147483647, 1, 2147483646},
|
||||
wantPriv: "xprvA2LfeWWwRCxh4iqigcDMnUf2E3nVUFkntc93nmUYBtb9rpSPYWa8MY3x9ZHSLZkg4G84UefrDruVK3FhMLSJsGtBx883iddHNuH1LNpRrEp",
|
||||
},
|
||||
{
|
||||
name: "test vector 2 chain m/0/2147483647/1/2147483646/2",
|
||||
master: testVec2MasterPrivKey,
|
||||
path: []uint32{0, 2147483647, 1, 2147483646, 2},
|
||||
wantPriv: "xprvA48ALo8BDjcRET68R5RsPzF3H7WeyYYtHcyUeLRGBPHXu6CJSGjwW7dWoeUWTEzT7LG3qk6Eg6x2ZoqD8gtyEFZecpAyvchksfLyg3Zbqam",
|
||||
},
|
||||
|
||||
// Custom tests to trigger specific conditions.
|
||||
{
|
||||
// Seed 000000000000000000000000000000da.
|
||||
name: "Derived privkey with zero high byte m/0",
|
||||
master: "xprv9s21ZrQH143K4FR6rNeqEK4EBhRgLjWLWhA3pw8iqgAKk82ypz58PXbrzU19opYcxw8JDJQF4id55PwTsN1Zv8Xt6SKvbr2KNU5y8jN8djz",
|
||||
path: []uint32{0},
|
||||
wantPriv: "xprv9uC5JqtViMmgcAMUxcsBCBFA7oYCNs4bozPbyvLfddjHou4rMiGEHipz94xNaPb1e4f18TRoPXfiXx4C3cDAcADqxCSRSSWLvMBRWPctSN9",
|
||||
},
|
||||
}
|
||||
|
||||
tests:
|
||||
for i, test := range tests {
|
||||
extKey, err := extkeys.NewKeyFromString(test.master)
|
||||
if err != nil {
|
||||
t.Errorf("NewKeyFromString #%d (%s): unexpected error creating extended key: %v", i, test.name, err)
|
||||
continue
|
||||
}
|
||||
|
||||
for _, childNum := range test.path {
|
||||
var err error
|
||||
extKey, err = extKey.Child(childNum)
|
||||
if err != nil {
|
||||
t.Errorf("err: %v", err)
|
||||
continue tests
|
||||
}
|
||||
|
||||
t.Logf("test %d (%s): %s", i, test.name, extKey.String())
|
||||
}
|
||||
|
||||
privStr := extKey.String()
|
||||
if privStr != test.wantPriv {
|
||||
t.Errorf("Child #%d (%s): mismatched serialized private extended key -- got: %s, want: %s",
|
||||
i, test.name, privStr, test.wantPriv)
|
||||
continue
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// TestPublicDerivation tests several vectors which derive public keys from
|
||||
// other public keys works as intended.
|
||||
func TestPublicDerivation(t *testing.T) {
|
||||
// The public extended keys for test vectors in [BIP32].
|
||||
testVec1MasterPubKey := "xpub661MyMwAqRbcFtXgS5sYJABqqG9YLmC4Q1Rdap9gSE8NqtwybGhePY2gZ29ESFjqJoCu1Rupje8YtGqsefD265TMg7usUDFdp6W1EGMcet8"
|
||||
testVec2MasterPubKey := "xpub661MyMwAqRbcFW31YEwpkMuc5THy2PSt5bDMsktWQcFF8syAmRUapSCGu8ED9W6oDMSgv6Zz8idoc4a6mr8BDzTJY47LJhkJ8UB7WEGuduB"
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
master string
|
||||
path []uint32
|
||||
wantPub string
|
||||
}{
|
||||
// Test vector 1
|
||||
{
|
||||
name: "test vector 1 chain m",
|
||||
master: testVec1MasterPubKey,
|
||||
path: []uint32{},
|
||||
wantPub: "xpub661MyMwAqRbcFtXgS5sYJABqqG9YLmC4Q1Rdap9gSE8NqtwybGhePY2gZ29ESFjqJoCu1Rupje8YtGqsefD265TMg7usUDFdp6W1EGMcet8",
|
||||
},
|
||||
{
|
||||
name: "test vector 1 chain m/0",
|
||||
master: testVec1MasterPubKey,
|
||||
path: []uint32{0},
|
||||
wantPub: "xpub68Gmy5EVb2BdFbj2LpWrk1M7obNuaPTpT5oh9QCCo5sRfqSHVYWex97WpDZzszdzHzxXDAzPLVSwybe4uPYkSk4G3gnrPqqkV9RyNzAcNJ1",
|
||||
},
|
||||
{
|
||||
name: "test vector 1 chain m/0/1",
|
||||
master: testVec1MasterPubKey,
|
||||
path: []uint32{0, 1},
|
||||
wantPub: "xpub6AvUGrnEpfvJBbfx7sQ89Q8hEMPM65UteqEX4yUbUiES2jHfjexmfJoxCGSwFMZiPBaKQT1RiKWrKfuDV4vpgVs4Xn8PpPTR2i79rwHd4Zr",
|
||||
},
|
||||
{
|
||||
name: "test vector 1 chain m/0/1/2",
|
||||
master: testVec1MasterPubKey,
|
||||
path: []uint32{0, 1, 2},
|
||||
wantPub: "xpub6BqyndF6rhZqmgktFCBcapkwubGxPqoAZtQaYewJHXVKZcLdnqBVC8N6f6FSHWUghjuTLeubWyQWfJdk2G3tGgvgj3qngo4vLTnnSjAZckv",
|
||||
},
|
||||
{
|
||||
name: "test vector 1 chain m/0/1/2/2",
|
||||
master: testVec1MasterPubKey,
|
||||
path: []uint32{0, 1, 2, 2},
|
||||
wantPub: "xpub6FHUhLbYYkgFQiFrDiXRfQFXBB2msCxKTsNyAExi6keFxQ8sHfwpogY3p3s1ePSpUqLNYks5T6a3JqpCGszt4kxbyq7tUoFP5c8KWyiDtPp",
|
||||
},
|
||||
{
|
||||
name: "test vector 1 chain m/0/1/2/2/1000000000",
|
||||
master: testVec1MasterPubKey,
|
||||
path: []uint32{0, 1, 2, 2, 1000000000},
|
||||
wantPub: "xpub6GX3zWVgSgPc5tgjE6ogT9nfwSADD3tdsxpzd7jJoJMqSY12Be6VQEFwDCp6wAQoZsH2iq5nNocHEaVDxBcobPrkZCjYW3QUmoDYzMFBDu9",
|
||||
},
|
||||
|
||||
// Test vector 2
|
||||
{
|
||||
name: "test vector 2 chain m",
|
||||
master: testVec2MasterPubKey,
|
||||
path: []uint32{},
|
||||
wantPub: "xpub661MyMwAqRbcFW31YEwpkMuc5THy2PSt5bDMsktWQcFF8syAmRUapSCGu8ED9W6oDMSgv6Zz8idoc4a6mr8BDzTJY47LJhkJ8UB7WEGuduB",
|
||||
},
|
||||
{
|
||||
name: "test vector 2 chain m/0",
|
||||
master: testVec2MasterPubKey,
|
||||
path: []uint32{0},
|
||||
wantPub: "xpub69H7F5d8KSRgmmdJg2KhpAK8SR3DjMwAdkxj3ZuxV27CprR9LgpeyGmXUbC6wb7ERfvrnKZjXoUmmDznezpbZb7ap6r1D3tgFxHmwMkQTPH",
|
||||
},
|
||||
{
|
||||
name: "test vector 2 chain m/0/2147483647",
|
||||
master: testVec2MasterPubKey,
|
||||
path: []uint32{0, 2147483647},
|
||||
wantPub: "xpub6ASAVgeWMg4pmutghzHG3BohahjwNwPmy2DgM6W9wGegtPrvNgjBwuZRD7hSDFhYfunq8vDgwG4ah1gVzZysgp3UsKz7VNjCnSUJJ5T4fdD",
|
||||
},
|
||||
{
|
||||
name: "test vector 2 chain m/0/2147483647/1",
|
||||
master: testVec2MasterPubKey,
|
||||
path: []uint32{0, 2147483647, 1},
|
||||
wantPub: "xpub6CrnV7NzJy4VdgP5niTpqWJiFXMAca6qBm5Hfsry77SQmN1HGYHnjsZSujoHzdxf7ZNK5UVrmDXFPiEW2ecwHGWMFGUxPC9ARipss9rXd4b",
|
||||
},
|
||||
{
|
||||
name: "test vector 2 chain m/0/2147483647/1/2147483646",
|
||||
master: testVec2MasterPubKey,
|
||||
path: []uint32{0, 2147483647, 1, 2147483646},
|
||||
wantPub: "xpub6FL2423qFaWzHCvBndkN9cbkn5cysiUeFq4eb9t9kE88jcmY63tNuLNRzpHPdAM4dUpLhZ7aUm2cJ5zF7KYonf4jAPfRqTMTRBNkQL3Tfta",
|
||||
},
|
||||
{
|
||||
name: "test vector 2 chain m/0/2147483647/1/2147483646/2",
|
||||
master: testVec2MasterPubKey,
|
||||
path: []uint32{0, 2147483647, 1, 2147483646, 2},
|
||||
wantPub: "xpub6H7WkJf547AiSwAbX6xsm8Bmq9M9P1Gjequ5SipsjipWmtXSyp4C3uwzewedGEgAMsDy4jEvNTWtxLyqqHY9C12gaBmgUdk2CGmwachwnWK",
|
||||
},
|
||||
}
|
||||
|
||||
tests:
|
||||
for i, test := range tests {
|
||||
extKey, err := extkeys.NewKeyFromString(test.master)
|
||||
if err != nil {
|
||||
t.Errorf("NewKeyFromString #%d (%s): unexpected error creating extended key: %v", i, test.name, err)
|
||||
continue
|
||||
}
|
||||
|
||||
for _, childNum := range test.path {
|
||||
var err error
|
||||
extKey, err = extKey.Child(childNum)
|
||||
if err != nil {
|
||||
t.Errorf("err: %v", err)
|
||||
continue tests
|
||||
}
|
||||
|
||||
t.Logf("test %d (%s): %s", i, test.name, extKey.String())
|
||||
}
|
||||
|
||||
pubStr := extKey.String()
|
||||
if pubStr != test.wantPub {
|
||||
t.Errorf("Child #%d (%s): mismatched serialized public extended key -- got: %s, want: %s", i, test.name, pubStr, test.wantPub)
|
||||
continue
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestErrors(t *testing.T) {
|
||||
// Should get an error when seed has too few bytes.
|
||||
_, err := extkeys.NewMaster(bytes.Repeat([]byte{0x00}, 15), []byte{0x00})
|
||||
if err != extkeys.ErrInvalidSeedLen {
|
||||
t.Errorf("NewMaster: mismatched error -- got: %v, want: %v",
|
||||
err, extkeys.ErrInvalidSeedLen)
|
||||
}
|
||||
|
||||
// Should get an error when seed has too many bytes.
|
||||
_, err = extkeys.NewMaster(bytes.Repeat([]byte{0x00}, 65), []byte{0x00})
|
||||
if err != extkeys.ErrInvalidSeedLen {
|
||||
t.Errorf("NewMaster: mismatched error -- got: %v, want: %v",
|
||||
err, extkeys.ErrInvalidSeedLen)
|
||||
}
|
||||
|
||||
// Generate a new key and neuter it to a public extended key.
|
||||
mnemonic := extkeys.NewMnemonic()
|
||||
|
||||
phrase, err := mnemonic.MnemonicPhrase(128, extkeys.EnglishLanguage)
|
||||
if err != nil {
|
||||
t.Errorf("Test failed: could not create seed: %s", err)
|
||||
}
|
||||
|
||||
password := "badpassword"
|
||||
extKey, err := extkeys.NewMaster(mnemonic.MnemonicSeed(phrase, password), []byte(extkeys.Salt))
|
||||
|
||||
pubKey, err := extKey.Neuter()
|
||||
if err != nil {
|
||||
t.Errorf("Neuter: unexpected error: %v", err)
|
||||
return
|
||||
}
|
||||
|
||||
// Deriving a hardened child extended key should fail from a public key.
|
||||
_, err = pubKey.Child(extkeys.HardenedKeyStart)
|
||||
if err != extkeys.ErrDerivingHardenedFromPublic {
|
||||
t.Errorf("Child: mismatched error -- got: %v, want: %v", err, extkeys.ErrDerivingHardenedFromPublic)
|
||||
}
|
||||
|
||||
// NewKeyFromString failure tests.
|
||||
tests := []struct {
|
||||
name string
|
||||
key string
|
||||
err error
|
||||
neuter bool
|
||||
neuterErr error
|
||||
}{
|
||||
{
|
||||
name: "invalid key length",
|
||||
key: "xpub1234",
|
||||
err: extkeys.ErrInvalidKeyLen,
|
||||
},
|
||||
{
|
||||
name: "bad checksum",
|
||||
key: "xpub661MyMwAqRbcFtXgS5sYJABqqG9YLmC4Q1Rdap9gSE8NqtwybGhePY2gZ29ESFjqJoCu1Rupje8YtGqsefD265TMg7usUDFdp6W1EBygr15",
|
||||
err: extkeys.ErrBadChecksum,
|
||||
},
|
||||
{
|
||||
name: "pubkey not on curve",
|
||||
key: "xpub661MyMwAqRbcFtXgS5sYJABqqG9YLmC4Q1Rdap9gSE8NqtwybGhePY2gZ1hr9Rwbk95YadvBkQXxzHBSngB8ndpW6QH7zhhsXZ2jHyZqPjk",
|
||||
err: errors.New("pubkey isn't on secp256k1 curve"),
|
||||
},
|
||||
{
|
||||
name: "unsupported version",
|
||||
key: "xbad4LfUL9eKmA66w2GJdVMqhvDmYGJpTGjWRAtjHqoUY17sGaymoMV9Cm3ocn9Ud6Hh2vLFVC7KSKCRVVrqc6dsEdsTjRV1WUmkK85YEUujAPX",
|
||||
err: nil,
|
||||
neuter: true,
|
||||
neuterErr: chaincfg.ErrUnknownHDKeyID,
|
||||
},
|
||||
}
|
||||
|
||||
for i, test := range tests {
|
||||
extKey, err := extkeys.NewKeyFromString(test.key)
|
||||
if !reflect.DeepEqual(err, test.err) {
|
||||
t.Errorf("NewKeyFromString #%d (%s): mismatched error -- got: %v, want: %v", i, test.name, err, test.err)
|
||||
continue
|
||||
}
|
||||
|
||||
if test.neuter {
|
||||
_, err := extKey.Neuter()
|
||||
if !reflect.DeepEqual(err, test.neuterErr) {
|
||||
t.Errorf("Neuter #%d (%s): mismatched error -- got: %v, want: %v", i, test.name, err, test.neuterErr)
|
||||
continue
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
//func TestNewKey(t *testing.T) {
|
||||
// mnemonic := NewMnemonic()
|
||||
//
|
||||
// phrase, err := mnemonic.MnemonicPhrase(128, EnglishLanguage)
|
||||
// if err != nil {
|
||||
// t.Errorf("Test failed: could not create seed: %s", err)
|
||||
// }
|
||||
//
|
||||
// password := "badpassword"
|
||||
// mnemonic.salt = "Bitcoin seed"
|
||||
// key, err := NewMaster(mnemonic.MnemonicSeed(phrase, password), []byte(mnemonic.salt))
|
||||
// if err != nil {
|
||||
// t.Error(err)
|
||||
// }
|
||||
// t.Logf("%x", key.KeyData)
|
||||
//}
|
||||
|
|
File diff suppressed because one or more lines are too long
48
src/extkeys/utils.go
Normal file
48
src/extkeys/utils.go
Normal file
|
@ -0,0 +1,48 @@
|
|||
package extkeys
|
||||
|
||||
import (
|
||||
"crypto/hmac"
|
||||
"crypto/sha512"
|
||||
"errors"
|
||||
"math/big"
|
||||
|
||||
"github.com/btcsuite/btcd/btcec"
|
||||
)
|
||||
|
||||
var (
|
||||
ErrInvalidSecretKey = errors.New("generated secret key cannot be used")
|
||||
)
|
||||
|
||||
func splitHMAC(seed, salt []byte) (secretKey, chainCode []byte, err error) {
|
||||
hmac := hmac.New(sha512.New, salt)
|
||||
hmac.Write(seed)
|
||||
I := hmac.Sum(nil)
|
||||
|
||||
// Split I into two 32-byte sequences, IL and IR.
|
||||
// IL = master secret key
|
||||
// IR = master chain code
|
||||
secretKey = I[:32]
|
||||
chainCode = I[32:]
|
||||
|
||||
// IL (secretKey) is expected to be a 256-bit integer (it is used as parse256(IL)),
|
||||
// and consequently that integer must be within range for SECP256k1 private key.
|
||||
//
|
||||
// There's tiny possibility (<1 in 2^127) this invariant is violated:
|
||||
// error is returned in that case, and simple resolution is to request another child with i incremented.
|
||||
keyBigInt := new(big.Int).SetBytes(secretKey)
|
||||
if keyBigInt.Cmp(btcec.S256().N) >= 0 || keyBigInt.Sign() == 0 {
|
||||
err = ErrInvalidSecretKey
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// paddedAppend appends the src byte slice to dst, returning the new slice.
|
||||
// If the length of the source is smaller than the passed size, leading zero
|
||||
// bytes are appended to the dst slice before appending src.
|
||||
func paddedAppend(size uint, dst, src []byte) []byte {
|
||||
for i := 0; i < int(size)-len(src); i++ {
|
||||
dst = append(dst, 0)
|
||||
}
|
||||
return append(dst, src...)
|
||||
}
|
|
@ -22,6 +22,7 @@ import (
|
|||
"github.com/ethereum/go-ethereum/les"
|
||||
"github.com/ethereum/go-ethereum/p2p/discover"
|
||||
errextra "github.com/pkg/errors"
|
||||
"github.com/status-im/status-go/src/extkeys"
|
||||
)
|
||||
|
||||
var (
|
||||
|
@ -30,39 +31,78 @@ var (
|
|||
)
|
||||
|
||||
// createAccount creates an internal geth account
|
||||
func createAccount(password string) (string, string, error) {
|
||||
func createAccount(password string) (string, string, string, error) {
|
||||
|
||||
if currentNode != nil {
|
||||
|
||||
w := true
|
||||
|
||||
if accountManager != nil {
|
||||
// generate the account
|
||||
account, err := accountManager.NewAccount(password, w)
|
||||
// generate mnemonic phrase
|
||||
m := extkeys.NewMnemonic()
|
||||
mnemonic, err := m.MnemonicPhrase(128, extkeys.EnglishLanguage)
|
||||
if err != nil {
|
||||
return "", "", errextra.Wrap(err, "Account manager could not create the account")
|
||||
return "", "", "", errextra.Wrap(err, "Can not create mnemonic seed")
|
||||
}
|
||||
|
||||
// generate extended key (see BIP32)
|
||||
extKey, err := extkeys.NewMaster(m.MnemonicSeed(mnemonic, password), []byte(extkeys.Salt))
|
||||
if err != nil {
|
||||
return "", "", "", errextra.Wrap(err, "Can not create master extended key")
|
||||
}
|
||||
|
||||
// generate the account
|
||||
account, err := accountManager.NewAccountUsingExtendedKey(extKey, password, w)
|
||||
if err != nil {
|
||||
return "", "", "", errextra.Wrap(err, "Account manager could not create the account")
|
||||
}
|
||||
address := fmt.Sprintf("%x", account.Address)
|
||||
|
||||
// recover the public key to return
|
||||
keyContents, err := ioutil.ReadFile(account.File)
|
||||
if err != nil {
|
||||
return address, "", errextra.Wrap(err, "Could not load the key contents")
|
||||
return address, "", "", errextra.Wrap(err, "Could not load the key contents")
|
||||
}
|
||||
key, err := accounts.DecryptKey(keyContents, password)
|
||||
if err != nil {
|
||||
return address, "", errextra.Wrap(err, "Could not recover the key")
|
||||
return address, "", "", errextra.Wrap(err, "Could not recover the key")
|
||||
}
|
||||
pubKey := common.ToHex(crypto.FromECDSAPub(&key.PrivateKey.PublicKey))
|
||||
|
||||
return address, pubKey, nil
|
||||
return address, pubKey, mnemonic, nil
|
||||
}
|
||||
return "", "", errors.New("Could not retrieve account manager")
|
||||
|
||||
return "", "", "", errors.New("Could not retrieve account manager")
|
||||
}
|
||||
|
||||
return "", "", errors.New("No running node detected for account creation")
|
||||
return "", "", "", errors.New("No running node detected for account creation")
|
||||
}
|
||||
|
||||
func remindAccountDetails(password, mnemonic string) (string, string, error) {
|
||||
|
||||
if currentNode != nil {
|
||||
|
||||
if accountManager != nil {
|
||||
m := extkeys.NewMnemonic()
|
||||
// re-create extended key (see BIP32)
|
||||
extKey, err := extkeys.NewMaster(m.MnemonicSeed(mnemonic, password), []byte(extkeys.Salt))
|
||||
if err != nil {
|
||||
return "", "", errextra.Wrap(err, "Can not create master extended key")
|
||||
}
|
||||
|
||||
privateKeyECDSA := extKey.ToECDSA()
|
||||
address := fmt.Sprintf("%x", crypto.PubkeyToAddress(privateKeyECDSA.PublicKey))
|
||||
pubKey := common.ToHex(crypto.FromECDSAPub(&privateKeyECDSA.PublicKey))
|
||||
|
||||
accountManager.ImportECDSA(privateKeyECDSA, password) // try caching key, ignore errors
|
||||
|
||||
return address, pubKey, nil
|
||||
}
|
||||
|
||||
return "", "", errors.New("Could not retrieve account manager")
|
||||
}
|
||||
|
||||
return "", "", errors.New("No running node detected for account unlock")
|
||||
}
|
||||
|
||||
// unlockAccount unlocks an existing account for a certain duration and
|
||||
|
|
|
@ -3,6 +3,9 @@ package main
|
|||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
"errors"
|
||||
"math/big"
|
||||
"path/filepath"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
|
@ -14,38 +17,41 @@ import (
|
|||
"github.com/ethereum/go-ethereum/logger/glog"
|
||||
"github.com/ethereum/go-ethereum/rpc"
|
||||
"github.com/ethereum/go-ethereum/whisper"
|
||||
"math/big"
|
||||
"path/filepath"
|
||||
)
|
||||
|
||||
const (
|
||||
testDataDir = ".ethereumtest"
|
||||
testAddress = "0x89b50b2b26947ccad43accaef76c21d175ad85f4"
|
||||
testAddressPassword = "asdf"
|
||||
testNodeSyncSeconds = 180
|
||||
testAccountPassword = "badpassword"
|
||||
)
|
||||
|
||||
// TestAccountBindings makes sure we can create an account and subsequently
|
||||
// unlock that account
|
||||
// TestAccountBindings makes sure we can create an account and subsequently unlock that account
|
||||
func TestAccountBindings(t *testing.T) {
|
||||
rpcport = 8546 // in order to avoid conflicts with running react-native app
|
||||
|
||||
dataDir, err := preprocessDataDir(testDataDir)
|
||||
err := prepareTestNode()
|
||||
if err != nil {
|
||||
glog.V(logger.Warn).Infoln("make node failed:", err)
|
||||
}
|
||||
|
||||
// start geth node and wait for it to initialize
|
||||
go createAndStartNode(dataDir)
|
||||
time.Sleep(120 * time.Second) // LES syncs headers, so that we are up do date when it is done
|
||||
if currentNode == nil {
|
||||
t.Error("Test failed: could not start geth node")
|
||||
t.Error(err)
|
||||
return
|
||||
}
|
||||
|
||||
// create an account
|
||||
address, pubkey, err := createAccount("badpassword")
|
||||
address, pubKey, mnemonic, err := createAccount(testAccountPassword)
|
||||
if err != nil {
|
||||
fmt.Println(err.Error())
|
||||
t.Error("Test failed: could not create account")
|
||||
return
|
||||
}
|
||||
glog.V(logger.Info).Infof("Account created: {address: %s, key: %s, mnemonic:%s}", address, pubKey, mnemonic)
|
||||
|
||||
// try reminding using password + mnemonic
|
||||
addressCheck, pubKeyCheck, err := remindAccountDetails(testAccountPassword, mnemonic)
|
||||
if err != nil {
|
||||
t.Errorf("remind details failed: %v", err)
|
||||
return
|
||||
}
|
||||
if address != addressCheck || pubKey != pubKeyCheck {
|
||||
t.Error("Test failed: remind account details failed to pull the correct details")
|
||||
}
|
||||
|
||||
// unlock the created account
|
||||
|
@ -61,15 +67,15 @@ func TestAccountBindings(t *testing.T) {
|
|||
if err := currentNode.Service(&whisperInstance); err != nil {
|
||||
t.Errorf("whisper service not running: %v", err)
|
||||
}
|
||||
identitySucsess := whisperInstance.HasIdentity(crypto.ToECDSAPub(common.FromHex(pubkey)))
|
||||
identitySucsess := whisperInstance.HasIdentity(crypto.ToECDSAPub(common.FromHex(pubKey)))
|
||||
if !identitySucsess || err != nil {
|
||||
t.Errorf("Test failed: identity not injected into whisper: %v", err)
|
||||
}
|
||||
|
||||
// test to see if we can post with the injected whisper identity
|
||||
postArgs := whisper.PostArgs{
|
||||
From: pubkey,
|
||||
To: pubkey,
|
||||
From: pubKey,
|
||||
To: pubKey,
|
||||
TTL: 100,
|
||||
Topics: [][]byte{[]byte("test topic")},
|
||||
Payload: "test message",
|
||||
|
@ -141,14 +147,43 @@ func TestAccountBindings(t *testing.T) {
|
|||
t.Errorf("Test failed: cannot send transaction: %v", err)
|
||||
}
|
||||
|
||||
time.Sleep(10 * time.Second)
|
||||
time.Sleep(15 * time.Second)
|
||||
if sentinel != 1 {
|
||||
t.Error("Test failed: transaction was never queued or completed")
|
||||
}
|
||||
|
||||
// clean up
|
||||
err = os.RemoveAll(".ethereumtest")
|
||||
if err != nil {
|
||||
t.Error("Test failed: could not clean up temporary datadir")
|
||||
}
|
||||
//// clean up
|
||||
//err = os.RemoveAll(".ethereumtest")
|
||||
//if err != nil {
|
||||
// t.Error("Test failed: could not clean up temporary datadir")
|
||||
//}
|
||||
}
|
||||
|
||||
func prepareTestNode() error {
|
||||
rpcport = 8546 // in order to avoid conflicts with running react-native app
|
||||
|
||||
syncRequired := false
|
||||
if _, err := os.Stat(testDataDir); os.IsNotExist(err) {
|
||||
syncRequired = true
|
||||
}
|
||||
|
||||
dataDir, err := preprocessDataDir(testDataDir)
|
||||
if err != nil {
|
||||
glog.V(logger.Warn).Infoln("make node failed:", err)
|
||||
return err
|
||||
}
|
||||
|
||||
// start geth node and wait for it to initialize
|
||||
go createAndStartNode(dataDir)
|
||||
time.Sleep(5 * time.Second)
|
||||
if currentNode == nil {
|
||||
return errors.New("Test failed: could not start geth node")
|
||||
}
|
||||
|
||||
if syncRequired {
|
||||
glog.V(logger.Warn).Infof("Sync is required, it will take %d seconds", testNodeSyncSeconds)
|
||||
time.Sleep(testNodeSyncSeconds * time.Second) // LES syncs headers, so that we are up do date when it is done
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
|
|
@ -15,7 +15,7 @@ func CreateAccount(password *C.char) *C.char {
|
|||
|
||||
// This is equivalent to creating an account from the command line,
|
||||
// just modified to handle the function arg passing
|
||||
address, pubKey, err := createAccount(C.GoString(password))
|
||||
address, pubKey, mnemonic, err := createAccount(C.GoString(password))
|
||||
|
||||
errString := emptyError
|
||||
if err != nil {
|
||||
|
@ -24,9 +24,32 @@ func CreateAccount(password *C.char) *C.char {
|
|||
}
|
||||
|
||||
out := AccountInfo{
|
||||
Address: address,
|
||||
PubKey: pubKey,
|
||||
Error: errString,
|
||||
Address: address,
|
||||
PubKey: pubKey,
|
||||
Mnemonic: mnemonic,
|
||||
Error: errString,
|
||||
}
|
||||
outBytes, _ := json.Marshal(&out)
|
||||
|
||||
return C.CString(string(outBytes))
|
||||
}
|
||||
|
||||
//export RemindAccountDetails
|
||||
func RemindAccountDetails(password, mnemonic *C.char) *C.char {
|
||||
|
||||
address, pubKey, err := remindAccountDetails(C.GoString(password), C.GoString(mnemonic))
|
||||
|
||||
errString := emptyError
|
||||
if err != nil {
|
||||
fmt.Fprintln(os.Stderr, err)
|
||||
errString = err.Error()
|
||||
}
|
||||
|
||||
out := AccountInfo{
|
||||
Address: address,
|
||||
PubKey: pubKey,
|
||||
Mnemonic: C.GoString(mnemonic),
|
||||
Error: errString,
|
||||
}
|
||||
outBytes, _ := json.Marshal(&out)
|
||||
|
||||
|
|
|
@ -5,9 +5,10 @@ import (
|
|||
)
|
||||
|
||||
type AccountInfo struct {
|
||||
Address string `json:"address"`
|
||||
PubKey string `json:"pubkey"`
|
||||
Error string `json:"error"`
|
||||
Address string `json:"address"`
|
||||
PubKey string `json:"pubkey"`
|
||||
Mnemonic string `json:"mnemonic"`
|
||||
Error string `json:"error"`
|
||||
}
|
||||
|
||||
type JSONError struct {
|
||||
|
|
15
src/vendor/github.com/btcsuite/btcd/LICENSE
generated
vendored
Normal file
15
src/vendor/github.com/btcsuite/btcd/LICENSE
generated
vendored
Normal file
|
@ -0,0 +1,15 @@
|
|||
ISC License
|
||||
|
||||
Copyright (c) 2013-2016 The btcsuite developers
|
||||
|
||||
Permission to use, copy, modify, and distribute this software for any
|
||||
purpose with or without fee is hereby granted, provided that the above
|
||||
copyright notice and this permission notice appear in all copies.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
74
src/vendor/github.com/btcsuite/btcd/btcec/README.md
generated
vendored
Normal file
74
src/vendor/github.com/btcsuite/btcd/btcec/README.md
generated
vendored
Normal file
|
@ -0,0 +1,74 @@
|
|||
btcec
|
||||
=====
|
||||
|
||||
[![Build Status](https://travis-ci.org/btcsuite/btcd.png?branch=master)]
|
||||
(https://travis-ci.org/btcsuite/btcec) [![ISC License]
|
||||
(http://img.shields.io/badge/license-ISC-blue.svg)](http://copyfree.org)
|
||||
[![GoDoc](https://godoc.org/github.com/btcsuite/btcd/btcec?status.png)]
|
||||
(http://godoc.org/github.com/btcsuite/btcd/btcec)
|
||||
|
||||
Package btcec implements elliptic curve cryptography needed for working with
|
||||
Bitcoin (secp256k1 only for now). It is designed so that it may be used with the
|
||||
standard crypto/ecdsa packages provided with go. A comprehensive suite of test
|
||||
is provided to ensure proper functionality. Package btcec was originally based
|
||||
on work from ThePiachu which is licensed under the same terms as Go, but it has
|
||||
signficantly diverged since then. The btcsuite developers original is licensed
|
||||
under the liberal ISC license.
|
||||
|
||||
Although this package was primarily written for btcd, it has intentionally been
|
||||
designed so it can be used as a standalone package for any projects needing to
|
||||
use secp256k1 elliptic curve cryptography.
|
||||
|
||||
## Installation and Updating
|
||||
|
||||
```bash
|
||||
$ go get -u github.com/btcsuite/btcd/btcec
|
||||
```
|
||||
|
||||
## Examples
|
||||
|
||||
* [Sign Message]
|
||||
(http://godoc.org/github.com/btcsuite/btcd/btcec#example-package--SignMessage)
|
||||
Demonstrates signing a message with a secp256k1 private key that is first
|
||||
parsed form raw bytes and serializing the generated signature.
|
||||
|
||||
* [Verify Signature]
|
||||
(http://godoc.org/github.com/btcsuite/btcd/btcec#example-package--VerifySignature)
|
||||
Demonstrates verifying a secp256k1 signature against a public key that is
|
||||
first parsed from raw bytes. The signature is also parsed from raw bytes.
|
||||
|
||||
* [Encryption]
|
||||
(http://godoc.org/github.com/btcsuite/btcd/btcec#example-package--EncryptMessage)
|
||||
Demonstrates encrypting a message for a public key that is first parsed from
|
||||
raw bytes, then decrypting it using the corresponding private key.
|
||||
|
||||
* [Decryption]
|
||||
(http://godoc.org/github.com/btcsuite/btcd/btcec#example-package--DecryptMessage)
|
||||
Demonstrates decrypting a message using a private key that is first parsed
|
||||
from raw bytes.
|
||||
|
||||
## GPG Verification Key
|
||||
|
||||
All official release tags are signed by Conformal so users can ensure the code
|
||||
has not been tampered with and is coming from the btcsuite developers. To
|
||||
verify the signature perform the following:
|
||||
|
||||
- Download the public key from the Conformal website at
|
||||
https://opensource.conformal.com/GIT-GPG-KEY-conformal.txt
|
||||
|
||||
- Import the public key into your GPG keyring:
|
||||
```bash
|
||||
gpg --import GIT-GPG-KEY-conformal.txt
|
||||
```
|
||||
|
||||
- Verify the release tag with the following command where `TAG_NAME` is a
|
||||
placeholder for the specific tag:
|
||||
```bash
|
||||
git tag -v TAG_NAME
|
||||
```
|
||||
|
||||
## License
|
||||
|
||||
Package btcec is licensed under the [copyfree](http://copyfree.org) ISC License
|
||||
except for btcec.go and btcec_test.go which is under the same license as Go.
|
||||
|
956
src/vendor/github.com/btcsuite/btcd/btcec/btcec.go
generated
vendored
Normal file
956
src/vendor/github.com/btcsuite/btcd/btcec/btcec.go
generated
vendored
Normal file
|
@ -0,0 +1,956 @@
|
|||
// Copyright 2010 The Go Authors. All rights reserved.
|
||||
// Copyright 2011 ThePiachu. All rights reserved.
|
||||
// Copyright 2013-2014 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package btcec
|
||||
|
||||
// References:
|
||||
// [SECG]: Recommended Elliptic Curve Domain Parameters
|
||||
// http://www.secg.org/sec2-v2.pdf
|
||||
//
|
||||
// [GECC]: Guide to Elliptic Curve Cryptography (Hankerson, Menezes, Vanstone)
|
||||
|
||||
// This package operates, internally, on Jacobian coordinates. For a given
|
||||
// (x, y) position on the curve, the Jacobian coordinates are (x1, y1, z1)
|
||||
// where x = x1/z1² and y = y1/z1³. The greatest speedups come when the whole
|
||||
// calculation can be performed within the transform (as in ScalarMult and
|
||||
// ScalarBaseMult). But even for Add and Double, it's faster to apply and
|
||||
// reverse the transform than to operate in affine coordinates.
|
||||
|
||||
import (
|
||||
"crypto/elliptic"
|
||||
"math/big"
|
||||
"sync"
|
||||
)
|
||||
|
||||
var (
|
||||
// fieldOne is simply the integer 1 in field representation. It is
|
||||
// used to avoid needing to create it multiple times during the internal
|
||||
// arithmetic.
|
||||
fieldOne = new(fieldVal).SetInt(1)
|
||||
)
|
||||
|
||||
// KoblitzCurve supports a koblitz curve implementation that fits the ECC Curve
|
||||
// interface from crypto/elliptic.
|
||||
type KoblitzCurve struct {
|
||||
*elliptic.CurveParams
|
||||
q *big.Int
|
||||
H int // cofactor of the curve.
|
||||
|
||||
// byteSize is simply the bit size / 8 and is provided for convenience
|
||||
// since it is calculated repeatedly.
|
||||
byteSize int
|
||||
|
||||
// bytePoints
|
||||
bytePoints *[32][256][3]fieldVal
|
||||
|
||||
// The next 6 values are used specifically for endomorphism
|
||||
// optimizations in ScalarMult.
|
||||
|
||||
// lambda must fulfill lambda^3 = 1 mod N where N is the order of G.
|
||||
lambda *big.Int
|
||||
|
||||
// beta must fulfill beta^3 = 1 mod P where P is the prime field of the
|
||||
// curve.
|
||||
beta *fieldVal
|
||||
|
||||
// See the EndomorphismVectors in gensecp256k1.go to see how these are
|
||||
// derived.
|
||||
a1 *big.Int
|
||||
b1 *big.Int
|
||||
a2 *big.Int
|
||||
b2 *big.Int
|
||||
}
|
||||
|
||||
// Params returns the parameters for the curve.
|
||||
func (curve *KoblitzCurve) Params() *elliptic.CurveParams {
|
||||
return curve.CurveParams
|
||||
}
|
||||
|
||||
// bigAffineToField takes an affine point (x, y) as big integers and converts
|
||||
// it to an affine point as field values.
|
||||
func (curve *KoblitzCurve) bigAffineToField(x, y *big.Int) (*fieldVal, *fieldVal) {
|
||||
x3, y3 := new(fieldVal), new(fieldVal)
|
||||
x3.SetByteSlice(x.Bytes())
|
||||
y3.SetByteSlice(y.Bytes())
|
||||
|
||||
return x3, y3
|
||||
}
|
||||
|
||||
// fieldJacobianToBigAffine takes a Jacobian point (x, y, z) as field values and
|
||||
// converts it to an affine point as big integers.
|
||||
func (curve *KoblitzCurve) fieldJacobianToBigAffine(x, y, z *fieldVal) (*big.Int, *big.Int) {
|
||||
// Inversions are expensive and both point addition and point doubling
|
||||
// are faster when working with points that have a z value of one. So,
|
||||
// if the point needs to be converted to affine, go ahead and normalize
|
||||
// the point itself at the same time as the calculation is the same.
|
||||
var zInv, tempZ fieldVal
|
||||
zInv.Set(z).Inverse() // zInv = Z^-1
|
||||
tempZ.SquareVal(&zInv) // tempZ = Z^-2
|
||||
x.Mul(&tempZ) // X = X/Z^2 (mag: 1)
|
||||
y.Mul(tempZ.Mul(&zInv)) // Y = Y/Z^3 (mag: 1)
|
||||
z.SetInt(1) // Z = 1 (mag: 1)
|
||||
|
||||
// Normalize the x and y values.
|
||||
x.Normalize()
|
||||
y.Normalize()
|
||||
|
||||
// Convert the field values for the now affine point to big.Ints.
|
||||
x3, y3 := new(big.Int), new(big.Int)
|
||||
x3.SetBytes(x.Bytes()[:])
|
||||
y3.SetBytes(y.Bytes()[:])
|
||||
return x3, y3
|
||||
}
|
||||
|
||||
// IsOnCurve returns boolean if the point (x,y) is on the curve.
|
||||
// Part of the elliptic.Curve interface. This function differs from the
|
||||
// crypto/elliptic algorithm since a = 0 not -3.
|
||||
func (curve *KoblitzCurve) IsOnCurve(x, y *big.Int) bool {
|
||||
// Convert big ints to field values for faster arithmetic.
|
||||
fx, fy := curve.bigAffineToField(x, y)
|
||||
|
||||
// Elliptic curve equation for secp256k1 is: y^2 = x^3 + 7
|
||||
y2 := new(fieldVal).SquareVal(fy).Normalize()
|
||||
result := new(fieldVal).SquareVal(fx).Mul(fx).AddInt(7).Normalize()
|
||||
return y2.Equals(result)
|
||||
}
|
||||
|
||||
// addZ1AndZ2EqualsOne adds two Jacobian points that are already known to have
|
||||
// z values of 1 and stores the result in (x3, y3, z3). That is to say
|
||||
// (x1, y1, 1) + (x2, y2, 1) = (x3, y3, z3). It performs faster addition than
|
||||
// the generic add routine since less arithmetic is needed due to the ability to
|
||||
// avoid the z value multiplications.
|
||||
func (curve *KoblitzCurve) addZ1AndZ2EqualsOne(x1, y1, z1, x2, y2, x3, y3, z3 *fieldVal) {
|
||||
// To compute the point addition efficiently, this implementation splits
|
||||
// the equation into intermediate elements which are used to minimize
|
||||
// the number of field multiplications using the method shown at:
|
||||
// http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#addition-mmadd-2007-bl
|
||||
//
|
||||
// In particular it performs the calculations using the following:
|
||||
// H = X2-X1, HH = H^2, I = 4*HH, J = H*I, r = 2*(Y2-Y1), V = X1*I
|
||||
// X3 = r^2-J-2*V, Y3 = r*(V-X3)-2*Y1*J, Z3 = 2*H
|
||||
//
|
||||
// This results in a cost of 4 field multiplications, 2 field squarings,
|
||||
// 6 field additions, and 5 integer multiplications.
|
||||
|
||||
// When the x coordinates are the same for two points on the curve, the
|
||||
// y coordinates either must be the same, in which case it is point
|
||||
// doubling, or they are opposite and the result is the point at
|
||||
// infinity per the group law for elliptic curve cryptography.
|
||||
x1.Normalize()
|
||||
y1.Normalize()
|
||||
x2.Normalize()
|
||||
y2.Normalize()
|
||||
if x1.Equals(x2) {
|
||||
if y1.Equals(y2) {
|
||||
// Since x1 == x2 and y1 == y2, point doubling must be
|
||||
// done, otherwise the addition would end up dividing
|
||||
// by zero.
|
||||
curve.doubleJacobian(x1, y1, z1, x3, y3, z3)
|
||||
return
|
||||
}
|
||||
|
||||
// Since x1 == x2 and y1 == -y2, the sum is the point at
|
||||
// infinity per the group law.
|
||||
x3.SetInt(0)
|
||||
y3.SetInt(0)
|
||||
z3.SetInt(0)
|
||||
return
|
||||
}
|
||||
|
||||
// Calculate X3, Y3, and Z3 according to the intermediate elements
|
||||
// breakdown above.
|
||||
var h, i, j, r, v fieldVal
|
||||
var negJ, neg2V, negX3 fieldVal
|
||||
h.Set(x1).Negate(1).Add(x2) // H = X2-X1 (mag: 3)
|
||||
i.SquareVal(&h).MulInt(4) // I = 4*H^2 (mag: 4)
|
||||
j.Mul2(&h, &i) // J = H*I (mag: 1)
|
||||
r.Set(y1).Negate(1).Add(y2).MulInt(2) // r = 2*(Y2-Y1) (mag: 6)
|
||||
v.Mul2(x1, &i) // V = X1*I (mag: 1)
|
||||
negJ.Set(&j).Negate(1) // negJ = -J (mag: 2)
|
||||
neg2V.Set(&v).MulInt(2).Negate(2) // neg2V = -(2*V) (mag: 3)
|
||||
x3.Set(&r).Square().Add(&negJ).Add(&neg2V) // X3 = r^2-J-2*V (mag: 6)
|
||||
negX3.Set(x3).Negate(6) // negX3 = -X3 (mag: 7)
|
||||
j.Mul(y1).MulInt(2).Negate(2) // J = -(2*Y1*J) (mag: 3)
|
||||
y3.Set(&v).Add(&negX3).Mul(&r).Add(&j) // Y3 = r*(V-X3)-2*Y1*J (mag: 4)
|
||||
z3.Set(&h).MulInt(2) // Z3 = 2*H (mag: 6)
|
||||
|
||||
// Normalize the resulting field values to a magnitude of 1 as needed.
|
||||
x3.Normalize()
|
||||
y3.Normalize()
|
||||
z3.Normalize()
|
||||
}
|
||||
|
||||
// addZ1EqualsZ2 adds two Jacobian points that are already known to have the
|
||||
// same z value and stores the result in (x3, y3, z3). That is to say
|
||||
// (x1, y1, z1) + (x2, y2, z1) = (x3, y3, z3). It performs faster addition than
|
||||
// the generic add routine since less arithmetic is needed due to the known
|
||||
// equivalence.
|
||||
func (curve *KoblitzCurve) addZ1EqualsZ2(x1, y1, z1, x2, y2, x3, y3, z3 *fieldVal) {
|
||||
// To compute the point addition efficiently, this implementation splits
|
||||
// the equation into intermediate elements which are used to minimize
|
||||
// the number of field multiplications using a slightly modified version
|
||||
// of the method shown at:
|
||||
// http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#addition-mmadd-2007-bl
|
||||
//
|
||||
// In particular it performs the calculations using the following:
|
||||
// A = X2-X1, B = A^2, C=Y2-Y1, D = C^2, E = X1*B, F = X2*B
|
||||
// X3 = D-E-F, Y3 = C*(E-X3)-Y1*(F-E), Z3 = Z1*A
|
||||
//
|
||||
// This results in a cost of 5 field multiplications, 2 field squarings,
|
||||
// 9 field additions, and 0 integer multiplications.
|
||||
|
||||
// When the x coordinates are the same for two points on the curve, the
|
||||
// y coordinates either must be the same, in which case it is point
|
||||
// doubling, or they are opposite and the result is the point at
|
||||
// infinity per the group law for elliptic curve cryptography.
|
||||
x1.Normalize()
|
||||
y1.Normalize()
|
||||
x2.Normalize()
|
||||
y2.Normalize()
|
||||
if x1.Equals(x2) {
|
||||
if y1.Equals(y2) {
|
||||
// Since x1 == x2 and y1 == y2, point doubling must be
|
||||
// done, otherwise the addition would end up dividing
|
||||
// by zero.
|
||||
curve.doubleJacobian(x1, y1, z1, x3, y3, z3)
|
||||
return
|
||||
}
|
||||
|
||||
// Since x1 == x2 and y1 == -y2, the sum is the point at
|
||||
// infinity per the group law.
|
||||
x3.SetInt(0)
|
||||
y3.SetInt(0)
|
||||
z3.SetInt(0)
|
||||
return
|
||||
}
|
||||
|
||||
// Calculate X3, Y3, and Z3 according to the intermediate elements
|
||||
// breakdown above.
|
||||
var a, b, c, d, e, f fieldVal
|
||||
var negX1, negY1, negE, negX3 fieldVal
|
||||
negX1.Set(x1).Negate(1) // negX1 = -X1 (mag: 2)
|
||||
negY1.Set(y1).Negate(1) // negY1 = -Y1 (mag: 2)
|
||||
a.Set(&negX1).Add(x2) // A = X2-X1 (mag: 3)
|
||||
b.SquareVal(&a) // B = A^2 (mag: 1)
|
||||
c.Set(&negY1).Add(y2) // C = Y2-Y1 (mag: 3)
|
||||
d.SquareVal(&c) // D = C^2 (mag: 1)
|
||||
e.Mul2(x1, &b) // E = X1*B (mag: 1)
|
||||
negE.Set(&e).Negate(1) // negE = -E (mag: 2)
|
||||
f.Mul2(x2, &b) // F = X2*B (mag: 1)
|
||||
x3.Add2(&e, &f).Negate(3).Add(&d) // X3 = D-E-F (mag: 5)
|
||||
negX3.Set(x3).Negate(5).Normalize() // negX3 = -X3 (mag: 1)
|
||||
y3.Set(y1).Mul(f.Add(&negE)).Negate(3) // Y3 = -(Y1*(F-E)) (mag: 4)
|
||||
y3.Add(e.Add(&negX3).Mul(&c)) // Y3 = C*(E-X3)+Y3 (mag: 5)
|
||||
z3.Mul2(z1, &a) // Z3 = Z1*A (mag: 1)
|
||||
|
||||
// Normalize the resulting field values to a magnitude of 1 as needed.
|
||||
x3.Normalize()
|
||||
y3.Normalize()
|
||||
}
|
||||
|
||||
// addZ2EqualsOne adds two Jacobian points when the second point is already
|
||||
// known to have a z value of 1 (and the z value for the first point is not 1)
|
||||
// and stores the result in (x3, y3, z3). That is to say (x1, y1, z1) +
|
||||
// (x2, y2, 1) = (x3, y3, z3). It performs faster addition than the generic
|
||||
// add routine since less arithmetic is needed due to the ability to avoid
|
||||
// multiplications by the second point's z value.
|
||||
func (curve *KoblitzCurve) addZ2EqualsOne(x1, y1, z1, x2, y2, x3, y3, z3 *fieldVal) {
|
||||
// To compute the point addition efficiently, this implementation splits
|
||||
// the equation into intermediate elements which are used to minimize
|
||||
// the number of field multiplications using the method shown at:
|
||||
// http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#addition-madd-2007-bl
|
||||
//
|
||||
// In particular it performs the calculations using the following:
|
||||
// Z1Z1 = Z1^2, U2 = X2*Z1Z1, S2 = Y2*Z1*Z1Z1, H = U2-X1, HH = H^2,
|
||||
// I = 4*HH, J = H*I, r = 2*(S2-Y1), V = X1*I
|
||||
// X3 = r^2-J-2*V, Y3 = r*(V-X3)-2*Y1*J, Z3 = (Z1+H)^2-Z1Z1-HH
|
||||
//
|
||||
// This results in a cost of 7 field multiplications, 4 field squarings,
|
||||
// 9 field additions, and 4 integer multiplications.
|
||||
|
||||
// When the x coordinates are the same for two points on the curve, the
|
||||
// y coordinates either must be the same, in which case it is point
|
||||
// doubling, or they are opposite and the result is the point at
|
||||
// infinity per the group law for elliptic curve cryptography. Since
|
||||
// any number of Jacobian coordinates can represent the same affine
|
||||
// point, the x and y values need to be converted to like terms. Due to
|
||||
// the assumption made for this function that the second point has a z
|
||||
// value of 1 (z2=1), the first point is already "converted".
|
||||
var z1z1, u2, s2 fieldVal
|
||||
x1.Normalize()
|
||||
y1.Normalize()
|
||||
z1z1.SquareVal(z1) // Z1Z1 = Z1^2 (mag: 1)
|
||||
u2.Set(x2).Mul(&z1z1).Normalize() // U2 = X2*Z1Z1 (mag: 1)
|
||||
s2.Set(y2).Mul(&z1z1).Mul(z1).Normalize() // S2 = Y2*Z1*Z1Z1 (mag: 1)
|
||||
if x1.Equals(&u2) {
|
||||
if y1.Equals(&s2) {
|
||||
// Since x1 == x2 and y1 == y2, point doubling must be
|
||||
// done, otherwise the addition would end up dividing
|
||||
// by zero.
|
||||
curve.doubleJacobian(x1, y1, z1, x3, y3, z3)
|
||||
return
|
||||
}
|
||||
|
||||
// Since x1 == x2 and y1 == -y2, the sum is the point at
|
||||
// infinity per the group law.
|
||||
x3.SetInt(0)
|
||||
y3.SetInt(0)
|
||||
z3.SetInt(0)
|
||||
return
|
||||
}
|
||||
|
||||
// Calculate X3, Y3, and Z3 according to the intermediate elements
|
||||
// breakdown above.
|
||||
var h, hh, i, j, r, rr, v fieldVal
|
||||
var negX1, negY1, negX3 fieldVal
|
||||
negX1.Set(x1).Negate(1) // negX1 = -X1 (mag: 2)
|
||||
h.Add2(&u2, &negX1) // H = U2-X1 (mag: 3)
|
||||
hh.SquareVal(&h) // HH = H^2 (mag: 1)
|
||||
i.Set(&hh).MulInt(4) // I = 4 * HH (mag: 4)
|
||||
j.Mul2(&h, &i) // J = H*I (mag: 1)
|
||||
negY1.Set(y1).Negate(1) // negY1 = -Y1 (mag: 2)
|
||||
r.Set(&s2).Add(&negY1).MulInt(2) // r = 2*(S2-Y1) (mag: 6)
|
||||
rr.SquareVal(&r) // rr = r^2 (mag: 1)
|
||||
v.Mul2(x1, &i) // V = X1*I (mag: 1)
|
||||
x3.Set(&v).MulInt(2).Add(&j).Negate(3) // X3 = -(J+2*V) (mag: 4)
|
||||
x3.Add(&rr) // X3 = r^2+X3 (mag: 5)
|
||||
negX3.Set(x3).Negate(5) // negX3 = -X3 (mag: 6)
|
||||
y3.Set(y1).Mul(&j).MulInt(2).Negate(2) // Y3 = -(2*Y1*J) (mag: 3)
|
||||
y3.Add(v.Add(&negX3).Mul(&r)) // Y3 = r*(V-X3)+Y3 (mag: 4)
|
||||
z3.Add2(z1, &h).Square() // Z3 = (Z1+H)^2 (mag: 1)
|
||||
z3.Add(z1z1.Add(&hh).Negate(2)) // Z3 = Z3-(Z1Z1+HH) (mag: 4)
|
||||
|
||||
// Normalize the resulting field values to a magnitude of 1 as needed.
|
||||
x3.Normalize()
|
||||
y3.Normalize()
|
||||
z3.Normalize()
|
||||
}
|
||||
|
||||
// addGeneric adds two Jacobian points (x1, y1, z1) and (x2, y2, z2) without any
|
||||
// assumptions about the z values of the two points and stores the result in
|
||||
// (x3, y3, z3). That is to say (x1, y1, z1) + (x2, y2, z2) = (x3, y3, z3). It
|
||||
// is the slowest of the add routines due to requiring the most arithmetic.
|
||||
func (curve *KoblitzCurve) addGeneric(x1, y1, z1, x2, y2, z2, x3, y3, z3 *fieldVal) {
|
||||
// To compute the point addition efficiently, this implementation splits
|
||||
// the equation into intermediate elements which are used to minimize
|
||||
// the number of field multiplications using the method shown at:
|
||||
// http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#addition-add-2007-bl
|
||||
//
|
||||
// In particular it performs the calculations using the following:
|
||||
// Z1Z1 = Z1^2, Z2Z2 = Z2^2, U1 = X1*Z2Z2, U2 = X2*Z1Z1, S1 = Y1*Z2*Z2Z2
|
||||
// S2 = Y2*Z1*Z1Z1, H = U2-U1, I = (2*H)^2, J = H*I, r = 2*(S2-S1)
|
||||
// V = U1*I
|
||||
// X3 = r^2-J-2*V, Y3 = r*(V-X3)-2*S1*J, Z3 = ((Z1+Z2)^2-Z1Z1-Z2Z2)*H
|
||||
//
|
||||
// This results in a cost of 11 field multiplications, 5 field squarings,
|
||||
// 9 field additions, and 4 integer multiplications.
|
||||
|
||||
// When the x coordinates are the same for two points on the curve, the
|
||||
// y coordinates either must be the same, in which case it is point
|
||||
// doubling, or they are opposite and the result is the point at
|
||||
// infinity. Since any number of Jacobian coordinates can represent the
|
||||
// same affine point, the x and y values need to be converted to like
|
||||
// terms.
|
||||
var z1z1, z2z2, u1, u2, s1, s2 fieldVal
|
||||
z1z1.SquareVal(z1) // Z1Z1 = Z1^2 (mag: 1)
|
||||
z2z2.SquareVal(z2) // Z2Z2 = Z2^2 (mag: 1)
|
||||
u1.Set(x1).Mul(&z2z2).Normalize() // U1 = X1*Z2Z2 (mag: 1)
|
||||
u2.Set(x2).Mul(&z1z1).Normalize() // U2 = X2*Z1Z1 (mag: 1)
|
||||
s1.Set(y1).Mul(&z2z2).Mul(z2).Normalize() // S1 = Y1*Z2*Z2Z2 (mag: 1)
|
||||
s2.Set(y2).Mul(&z1z1).Mul(z1).Normalize() // S2 = Y2*Z1*Z1Z1 (mag: 1)
|
||||
if u1.Equals(&u2) {
|
||||
if s1.Equals(&s2) {
|
||||
// Since x1 == x2 and y1 == y2, point doubling must be
|
||||
// done, otherwise the addition would end up dividing
|
||||
// by zero.
|
||||
curve.doubleJacobian(x1, y1, z1, x3, y3, z3)
|
||||
return
|
||||
}
|
||||
|
||||
// Since x1 == x2 and y1 == -y2, the sum is the point at
|
||||
// infinity per the group law.
|
||||
x3.SetInt(0)
|
||||
y3.SetInt(0)
|
||||
z3.SetInt(0)
|
||||
return
|
||||
}
|
||||
|
||||
// Calculate X3, Y3, and Z3 according to the intermediate elements
|
||||
// breakdown above.
|
||||
var h, i, j, r, rr, v fieldVal
|
||||
var negU1, negS1, negX3 fieldVal
|
||||
negU1.Set(&u1).Negate(1) // negU1 = -U1 (mag: 2)
|
||||
h.Add2(&u2, &negU1) // H = U2-U1 (mag: 3)
|
||||
i.Set(&h).MulInt(2).Square() // I = (2*H)^2 (mag: 2)
|
||||
j.Mul2(&h, &i) // J = H*I (mag: 1)
|
||||
negS1.Set(&s1).Negate(1) // negS1 = -S1 (mag: 2)
|
||||
r.Set(&s2).Add(&negS1).MulInt(2) // r = 2*(S2-S1) (mag: 6)
|
||||
rr.SquareVal(&r) // rr = r^2 (mag: 1)
|
||||
v.Mul2(&u1, &i) // V = U1*I (mag: 1)
|
||||
x3.Set(&v).MulInt(2).Add(&j).Negate(3) // X3 = -(J+2*V) (mag: 4)
|
||||
x3.Add(&rr) // X3 = r^2+X3 (mag: 5)
|
||||
negX3.Set(x3).Negate(5) // negX3 = -X3 (mag: 6)
|
||||
y3.Mul2(&s1, &j).MulInt(2).Negate(2) // Y3 = -(2*S1*J) (mag: 3)
|
||||
y3.Add(v.Add(&negX3).Mul(&r)) // Y3 = r*(V-X3)+Y3 (mag: 4)
|
||||
z3.Add2(z1, z2).Square() // Z3 = (Z1+Z2)^2 (mag: 1)
|
||||
z3.Add(z1z1.Add(&z2z2).Negate(2)) // Z3 = Z3-(Z1Z1+Z2Z2) (mag: 4)
|
||||
z3.Mul(&h) // Z3 = Z3*H (mag: 1)
|
||||
|
||||
// Normalize the resulting field values to a magnitude of 1 as needed.
|
||||
x3.Normalize()
|
||||
y3.Normalize()
|
||||
}
|
||||
|
||||
// addJacobian adds the passed Jacobian points (x1, y1, z1) and (x2, y2, z2)
|
||||
// together and stores the result in (x3, y3, z3).
|
||||
func (curve *KoblitzCurve) addJacobian(x1, y1, z1, x2, y2, z2, x3, y3, z3 *fieldVal) {
|
||||
// A point at infinity is the identity according to the group law for
|
||||
// elliptic curve cryptography. Thus, ∞ + P = P and P + ∞ = P.
|
||||
if (x1.IsZero() && y1.IsZero()) || z1.IsZero() {
|
||||
x3.Set(x2)
|
||||
y3.Set(y2)
|
||||
z3.Set(z2)
|
||||
return
|
||||
}
|
||||
if (x2.IsZero() && y2.IsZero()) || z2.IsZero() {
|
||||
x3.Set(x1)
|
||||
y3.Set(y1)
|
||||
z3.Set(z1)
|
||||
return
|
||||
}
|
||||
|
||||
// Faster point addition can be achieved when certain assumptions are
|
||||
// met. For example, when both points have the same z value, arithmetic
|
||||
// on the z values can be avoided. This section thus checks for these
|
||||
// conditions and calls an appropriate add function which is accelerated
|
||||
// by using those assumptions.
|
||||
z1.Normalize()
|
||||
z2.Normalize()
|
||||
isZ1One := z1.Equals(fieldOne)
|
||||
isZ2One := z2.Equals(fieldOne)
|
||||
switch {
|
||||
case isZ1One && isZ2One:
|
||||
curve.addZ1AndZ2EqualsOne(x1, y1, z1, x2, y2, x3, y3, z3)
|
||||
return
|
||||
case z1.Equals(z2):
|
||||
curve.addZ1EqualsZ2(x1, y1, z1, x2, y2, x3, y3, z3)
|
||||
return
|
||||
case isZ2One:
|
||||
curve.addZ2EqualsOne(x1, y1, z1, x2, y2, x3, y3, z3)
|
||||
return
|
||||
}
|
||||
|
||||
// None of the above assumptions are true, so fall back to generic
|
||||
// point addition.
|
||||
curve.addGeneric(x1, y1, z1, x2, y2, z2, x3, y3, z3)
|
||||
}
|
||||
|
||||
// Add returns the sum of (x1,y1) and (x2,y2). Part of the elliptic.Curve
|
||||
// interface.
|
||||
func (curve *KoblitzCurve) Add(x1, y1, x2, y2 *big.Int) (*big.Int, *big.Int) {
|
||||
// A point at infinity is the identity according to the group law for
|
||||
// elliptic curve cryptography. Thus, ∞ + P = P and P + ∞ = P.
|
||||
if x1.Sign() == 0 && y1.Sign() == 0 {
|
||||
return x2, y2
|
||||
}
|
||||
if x2.Sign() == 0 && y2.Sign() == 0 {
|
||||
return x1, y1
|
||||
}
|
||||
|
||||
// Convert the affine coordinates from big integers to field values
|
||||
// and do the point addition in Jacobian projective space.
|
||||
fx1, fy1 := curve.bigAffineToField(x1, y1)
|
||||
fx2, fy2 := curve.bigAffineToField(x2, y2)
|
||||
fx3, fy3, fz3 := new(fieldVal), new(fieldVal), new(fieldVal)
|
||||
fOne := new(fieldVal).SetInt(1)
|
||||
curve.addJacobian(fx1, fy1, fOne, fx2, fy2, fOne, fx3, fy3, fz3)
|
||||
|
||||
// Convert the Jacobian coordinate field values back to affine big
|
||||
// integers.
|
||||
return curve.fieldJacobianToBigAffine(fx3, fy3, fz3)
|
||||
}
|
||||
|
||||
// doubleZ1EqualsOne performs point doubling on the passed Jacobian point
|
||||
// when the point is already known to have a z value of 1 and stores
|
||||
// the result in (x3, y3, z3). That is to say (x3, y3, z3) = 2*(x1, y1, 1). It
|
||||
// performs faster point doubling than the generic routine since less arithmetic
|
||||
// is needed due to the ability to avoid multiplication by the z value.
|
||||
func (curve *KoblitzCurve) doubleZ1EqualsOne(x1, y1, x3, y3, z3 *fieldVal) {
|
||||
// This function uses the assumptions that z1 is 1, thus the point
|
||||
// doubling formulas reduce to:
|
||||
//
|
||||
// X3 = (3*X1^2)^2 - 8*X1*Y1^2
|
||||
// Y3 = (3*X1^2)*(4*X1*Y1^2 - X3) - 8*Y1^4
|
||||
// Z3 = 2*Y1
|
||||
//
|
||||
// To compute the above efficiently, this implementation splits the
|
||||
// equation into intermediate elements which are used to minimize the
|
||||
// number of field multiplications in favor of field squarings which
|
||||
// are roughly 35% faster than field multiplications with the current
|
||||
// implementation at the time this was written.
|
||||
//
|
||||
// This uses a slightly modified version of the method shown at:
|
||||
// http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#doubling-mdbl-2007-bl
|
||||
//
|
||||
// In particular it performs the calculations using the following:
|
||||
// A = X1^2, B = Y1^2, C = B^2, D = 2*((X1+B)^2-A-C)
|
||||
// E = 3*A, F = E^2, X3 = F-2*D, Y3 = E*(D-X3)-8*C
|
||||
// Z3 = 2*Y1
|
||||
//
|
||||
// This results in a cost of 1 field multiplication, 5 field squarings,
|
||||
// 6 field additions, and 5 integer multiplications.
|
||||
var a, b, c, d, e, f fieldVal
|
||||
z3.Set(y1).MulInt(2) // Z3 = 2*Y1 (mag: 2)
|
||||
a.SquareVal(x1) // A = X1^2 (mag: 1)
|
||||
b.SquareVal(y1) // B = Y1^2 (mag: 1)
|
||||
c.SquareVal(&b) // C = B^2 (mag: 1)
|
||||
b.Add(x1).Square() // B = (X1+B)^2 (mag: 1)
|
||||
d.Set(&a).Add(&c).Negate(2) // D = -(A+C) (mag: 3)
|
||||
d.Add(&b).MulInt(2) // D = 2*(B+D)(mag: 8)
|
||||
e.Set(&a).MulInt(3) // E = 3*A (mag: 3)
|
||||
f.SquareVal(&e) // F = E^2 (mag: 1)
|
||||
x3.Set(&d).MulInt(2).Negate(16) // X3 = -(2*D) (mag: 17)
|
||||
x3.Add(&f) // X3 = F+X3 (mag: 18)
|
||||
f.Set(x3).Negate(18).Add(&d).Normalize() // F = D-X3 (mag: 1)
|
||||
y3.Set(&c).MulInt(8).Negate(8) // Y3 = -(8*C) (mag: 9)
|
||||
y3.Add(f.Mul(&e)) // Y3 = E*F+Y3 (mag: 10)
|
||||
|
||||
// Normalize the field values back to a magnitude of 1.
|
||||
x3.Normalize()
|
||||
y3.Normalize()
|
||||
z3.Normalize()
|
||||
}
|
||||
|
||||
// doubleGeneric performs point doubling on the passed Jacobian point without
|
||||
// any assumptions about the z value and stores the result in (x3, y3, z3).
|
||||
// That is to say (x3, y3, z3) = 2*(x1, y1, z1). It is the slowest of the point
|
||||
// doubling routines due to requiring the most arithmetic.
|
||||
func (curve *KoblitzCurve) doubleGeneric(x1, y1, z1, x3, y3, z3 *fieldVal) {
|
||||
// Point doubling formula for Jacobian coordinates for the secp256k1
|
||||
// curve:
|
||||
// X3 = (3*X1^2)^2 - 8*X1*Y1^2
|
||||
// Y3 = (3*X1^2)*(4*X1*Y1^2 - X3) - 8*Y1^4
|
||||
// Z3 = 2*Y1*Z1
|
||||
//
|
||||
// To compute the above efficiently, this implementation splits the
|
||||
// equation into intermediate elements which are used to minimize the
|
||||
// number of field multiplications in favor of field squarings which
|
||||
// are roughly 35% faster than field multiplications with the current
|
||||
// implementation at the time this was written.
|
||||
//
|
||||
// This uses a slightly modified version of the method shown at:
|
||||
// http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#doubling-dbl-2009-l
|
||||
//
|
||||
// In particular it performs the calculations using the following:
|
||||
// A = X1^2, B = Y1^2, C = B^2, D = 2*((X1+B)^2-A-C)
|
||||
// E = 3*A, F = E^2, X3 = F-2*D, Y3 = E*(D-X3)-8*C
|
||||
// Z3 = 2*Y1*Z1
|
||||
//
|
||||
// This results in a cost of 1 field multiplication, 5 field squarings,
|
||||
// 6 field additions, and 5 integer multiplications.
|
||||
var a, b, c, d, e, f fieldVal
|
||||
z3.Mul2(y1, z1).MulInt(2) // Z3 = 2*Y1*Z1 (mag: 2)
|
||||
a.SquareVal(x1) // A = X1^2 (mag: 1)
|
||||
b.SquareVal(y1) // B = Y1^2 (mag: 1)
|
||||
c.SquareVal(&b) // C = B^2 (mag: 1)
|
||||
b.Add(x1).Square() // B = (X1+B)^2 (mag: 1)
|
||||
d.Set(&a).Add(&c).Negate(2) // D = -(A+C) (mag: 3)
|
||||
d.Add(&b).MulInt(2) // D = 2*(B+D)(mag: 8)
|
||||
e.Set(&a).MulInt(3) // E = 3*A (mag: 3)
|
||||
f.SquareVal(&e) // F = E^2 (mag: 1)
|
||||
x3.Set(&d).MulInt(2).Negate(16) // X3 = -(2*D) (mag: 17)
|
||||
x3.Add(&f) // X3 = F+X3 (mag: 18)
|
||||
f.Set(x3).Negate(18).Add(&d).Normalize() // F = D-X3 (mag: 1)
|
||||
y3.Set(&c).MulInt(8).Negate(8) // Y3 = -(8*C) (mag: 9)
|
||||
y3.Add(f.Mul(&e)) // Y3 = E*F+Y3 (mag: 10)
|
||||
|
||||
// Normalize the field values back to a magnitude of 1.
|
||||
x3.Normalize()
|
||||
y3.Normalize()
|
||||
z3.Normalize()
|
||||
}
|
||||
|
||||
// doubleJacobian doubles the passed Jacobian point (x1, y1, z1) and stores the
|
||||
// result in (x3, y3, z3).
|
||||
func (curve *KoblitzCurve) doubleJacobian(x1, y1, z1, x3, y3, z3 *fieldVal) {
|
||||
// Doubling a point at infinity is still infinity.
|
||||
if y1.IsZero() || z1.IsZero() {
|
||||
x3.SetInt(0)
|
||||
y3.SetInt(0)
|
||||
z3.SetInt(0)
|
||||
return
|
||||
}
|
||||
|
||||
// Slightly faster point doubling can be achieved when the z value is 1
|
||||
// by avoiding the multiplication on the z value. This section calls
|
||||
// a point doubling function which is accelerated by using that
|
||||
// assumption when possible.
|
||||
if z1.Normalize().Equals(fieldOne) {
|
||||
curve.doubleZ1EqualsOne(x1, y1, x3, y3, z3)
|
||||
return
|
||||
}
|
||||
|
||||
// Fall back to generic point doubling which works with arbitrary z
|
||||
// values.
|
||||
curve.doubleGeneric(x1, y1, z1, x3, y3, z3)
|
||||
}
|
||||
|
||||
// Double returns 2*(x1,y1). Part of the elliptic.Curve interface.
|
||||
func (curve *KoblitzCurve) Double(x1, y1 *big.Int) (*big.Int, *big.Int) {
|
||||
if y1.Sign() == 0 {
|
||||
return new(big.Int), new(big.Int)
|
||||
}
|
||||
|
||||
// Convert the affine coordinates from big integers to field values
|
||||
// and do the point doubling in Jacobian projective space.
|
||||
fx1, fy1 := curve.bigAffineToField(x1, y1)
|
||||
fx3, fy3, fz3 := new(fieldVal), new(fieldVal), new(fieldVal)
|
||||
fOne := new(fieldVal).SetInt(1)
|
||||
curve.doubleJacobian(fx1, fy1, fOne, fx3, fy3, fz3)
|
||||
|
||||
// Convert the Jacobian coordinate field values back to affine big
|
||||
// integers.
|
||||
return curve.fieldJacobianToBigAffine(fx3, fy3, fz3)
|
||||
}
|
||||
|
||||
// splitK returns a balanced length-two representation of k and their signs.
|
||||
// This is algorithm 3.74 from [GECC].
|
||||
//
|
||||
// One thing of note about this algorithm is that no matter what c1 and c2 are,
|
||||
// the final equation of k = k1 + k2 * lambda (mod n) will hold. This is
|
||||
// provable mathematically due to how a1/b1/a2/b2 are computed.
|
||||
//
|
||||
// c1 and c2 are chosen to minimize the max(k1,k2).
|
||||
func (curve *KoblitzCurve) splitK(k []byte) ([]byte, []byte, int, int) {
|
||||
// All math here is done with big.Int, which is slow.
|
||||
// At some point, it might be useful to write something similar to
|
||||
// fieldVal but for N instead of P as the prime field if this ends up
|
||||
// being a bottleneck.
|
||||
bigIntK := new(big.Int)
|
||||
c1, c2 := new(big.Int), new(big.Int)
|
||||
tmp1, tmp2 := new(big.Int), new(big.Int)
|
||||
k1, k2 := new(big.Int), new(big.Int)
|
||||
|
||||
bigIntK.SetBytes(k)
|
||||
// c1 = round(b2 * k / n) from step 4.
|
||||
// Rounding isn't really necessary and costs too much, hence skipped
|
||||
c1.Mul(curve.b2, bigIntK)
|
||||
c1.Div(c1, curve.N)
|
||||
// c2 = round(b1 * k / n) from step 4 (sign reversed to optimize one step)
|
||||
// Rounding isn't really necessary and costs too much, hence skipped
|
||||
c2.Mul(curve.b1, bigIntK)
|
||||
c2.Div(c2, curve.N)
|
||||
// k1 = k - c1 * a1 - c2 * a2 from step 5 (note c2's sign is reversed)
|
||||
tmp1.Mul(c1, curve.a1)
|
||||
tmp2.Mul(c2, curve.a2)
|
||||
k1.Sub(bigIntK, tmp1)
|
||||
k1.Add(k1, tmp2)
|
||||
// k2 = - c1 * b1 - c2 * b2 from step 5 (note c2's sign is reversed)
|
||||
tmp1.Mul(c1, curve.b1)
|
||||
tmp2.Mul(c2, curve.b2)
|
||||
k2.Sub(tmp2, tmp1)
|
||||
|
||||
// Note Bytes() throws out the sign of k1 and k2. This matters
|
||||
// since k1 and/or k2 can be negative. Hence, we pass that
|
||||
// back separately.
|
||||
return k1.Bytes(), k2.Bytes(), k1.Sign(), k2.Sign()
|
||||
}
|
||||
|
||||
// moduloReduce reduces k from more than 32 bytes to 32 bytes and under. This
|
||||
// is done by doing a simple modulo curve.N. We can do this since G^N = 1 and
|
||||
// thus any other valid point on the elliptic curve has the same order.
|
||||
func (curve *KoblitzCurve) moduloReduce(k []byte) []byte {
|
||||
// Since the order of G is curve.N, we can use a much smaller number
|
||||
// by doing modulo curve.N
|
||||
if len(k) > curve.byteSize {
|
||||
// Reduce k by performing modulo curve.N.
|
||||
tmpK := new(big.Int).SetBytes(k)
|
||||
tmpK.Mod(tmpK, curve.N)
|
||||
return tmpK.Bytes()
|
||||
}
|
||||
|
||||
return k
|
||||
}
|
||||
|
||||
// NAF takes a positive integer k and returns the Non-Adjacent Form (NAF) as two
|
||||
// byte slices. The first is where 1s will be. The second is where -1s will
|
||||
// be. NAF is convenient in that on average, only 1/3rd of its values are
|
||||
// non-zero. This is algorithm 3.30 from [GECC].
|
||||
//
|
||||
// Essentially, this makes it possible to minimize the number of operations
|
||||
// since the resulting ints returned will be at least 50% 0s.
|
||||
func NAF(k []byte) ([]byte, []byte) {
|
||||
// The essence of this algorithm is that whenever we have consecutive 1s
|
||||
// in the binary, we want to put a -1 in the lowest bit and get a bunch
|
||||
// of 0s up to the highest bit of consecutive 1s. This is due to this
|
||||
// identity:
|
||||
// 2^n + 2^(n-1) + 2^(n-2) + ... + 2^(n-k) = 2^(n+1) - 2^(n-k)
|
||||
//
|
||||
// The algorithm thus may need to go 1 more bit than the length of the
|
||||
// bits we actually have, hence bits being 1 bit longer than was
|
||||
// necessary. Since we need to know whether adding will cause a carry,
|
||||
// we go from right-to-left in this addition.
|
||||
var carry, curIsOne, nextIsOne bool
|
||||
// these default to zero
|
||||
retPos := make([]byte, len(k)+1)
|
||||
retNeg := make([]byte, len(k)+1)
|
||||
for i := len(k) - 1; i >= 0; i-- {
|
||||
curByte := k[i]
|
||||
for j := uint(0); j < 8; j++ {
|
||||
curIsOne = curByte&1 == 1
|
||||
if j == 7 {
|
||||
if i == 0 {
|
||||
nextIsOne = false
|
||||
} else {
|
||||
nextIsOne = k[i-1]&1 == 1
|
||||
}
|
||||
} else {
|
||||
nextIsOne = curByte&2 == 2
|
||||
}
|
||||
if carry {
|
||||
if curIsOne {
|
||||
// This bit is 1, so continue to carry
|
||||
// and don't need to do anything.
|
||||
} else {
|
||||
// We've hit a 0 after some number of
|
||||
// 1s.
|
||||
if nextIsOne {
|
||||
// Start carrying again since
|
||||
// a new sequence of 1s is
|
||||
// starting.
|
||||
retNeg[i+1] += 1 << j
|
||||
} else {
|
||||
// Stop carrying since 1s have
|
||||
// stopped.
|
||||
carry = false
|
||||
retPos[i+1] += 1 << j
|
||||
}
|
||||
}
|
||||
} else if curIsOne {
|
||||
if nextIsOne {
|
||||
// If this is the start of at least 2
|
||||
// consecutive 1s, set the current one
|
||||
// to -1 and start carrying.
|
||||
retNeg[i+1] += 1 << j
|
||||
carry = true
|
||||
} else {
|
||||
// This is a singleton, not consecutive
|
||||
// 1s.
|
||||
retPos[i+1] += 1 << j
|
||||
}
|
||||
}
|
||||
curByte >>= 1
|
||||
}
|
||||
}
|
||||
if carry {
|
||||
retPos[0] = 1
|
||||
}
|
||||
|
||||
return retPos, retNeg
|
||||
}
|
||||
|
||||
// ScalarMult returns k*(Bx, By) where k is a big endian integer.
|
||||
// Part of the elliptic.Curve interface.
|
||||
func (curve *KoblitzCurve) ScalarMult(Bx, By *big.Int, k []byte) (*big.Int, *big.Int) {
|
||||
// Point Q = ∞ (point at infinity).
|
||||
qx, qy, qz := new(fieldVal), new(fieldVal), new(fieldVal)
|
||||
|
||||
// Decompose K into k1 and k2 in order to halve the number of EC ops.
|
||||
// See Algorithm 3.74 in [GECC].
|
||||
k1, k2, signK1, signK2 := curve.splitK(curve.moduloReduce(k))
|
||||
|
||||
// The main equation here to remember is:
|
||||
// k * P = k1 * P + k2 * ϕ(P)
|
||||
//
|
||||
// P1 below is P in the equation, P2 below is ϕ(P) in the equation
|
||||
p1x, p1y := curve.bigAffineToField(Bx, By)
|
||||
p1yNeg := new(fieldVal).NegateVal(p1y, 1)
|
||||
p1z := new(fieldVal).SetInt(1)
|
||||
|
||||
// NOTE: ϕ(x,y) = (βx,y). The Jacobian z coordinate is 1, so this math
|
||||
// goes through.
|
||||
p2x := new(fieldVal).Mul2(p1x, curve.beta)
|
||||
p2y := new(fieldVal).Set(p1y)
|
||||
p2yNeg := new(fieldVal).NegateVal(p2y, 1)
|
||||
p2z := new(fieldVal).SetInt(1)
|
||||
|
||||
// Flip the positive and negative values of the points as needed
|
||||
// depending on the signs of k1 and k2. As mentioned in the equation
|
||||
// above, each of k1 and k2 are multiplied by the respective point.
|
||||
// Since -k * P is the same thing as k * -P, and the group law for
|
||||
// elliptic curves states that P(x, y) = -P(x, -y), it's faster and
|
||||
// simplifies the code to just make the point negative.
|
||||
if signK1 == -1 {
|
||||
p1y, p1yNeg = p1yNeg, p1y
|
||||
}
|
||||
if signK2 == -1 {
|
||||
p2y, p2yNeg = p2yNeg, p2y
|
||||
}
|
||||
|
||||
// NAF versions of k1 and k2 should have a lot more zeros.
|
||||
//
|
||||
// The Pos version of the bytes contain the +1s and the Neg versions
|
||||
// contain the -1s.
|
||||
k1PosNAF, k1NegNAF := NAF(k1)
|
||||
k2PosNAF, k2NegNAF := NAF(k2)
|
||||
k1Len := len(k1PosNAF)
|
||||
k2Len := len(k2PosNAF)
|
||||
|
||||
m := k1Len
|
||||
if m < k2Len {
|
||||
m = k2Len
|
||||
}
|
||||
|
||||
// Add left-to-right using the NAF optimization. See algorithm 3.77
|
||||
// from [GECC]. This should be faster overall since there will be a lot
|
||||
// more instances of 0, hence reducing the number of Jacobian additions
|
||||
// at the cost of 1 possible extra doubling.
|
||||
var k1BytePos, k1ByteNeg, k2BytePos, k2ByteNeg byte
|
||||
for i := 0; i < m; i++ {
|
||||
// Since we're going left-to-right, pad the front with 0s.
|
||||
if i < m-k1Len {
|
||||
k1BytePos = 0
|
||||
k1ByteNeg = 0
|
||||
} else {
|
||||
k1BytePos = k1PosNAF[i-(m-k1Len)]
|
||||
k1ByteNeg = k1NegNAF[i-(m-k1Len)]
|
||||
}
|
||||
if i < m-k2Len {
|
||||
k2BytePos = 0
|
||||
k2ByteNeg = 0
|
||||
} else {
|
||||
k2BytePos = k2PosNAF[i-(m-k2Len)]
|
||||
k2ByteNeg = k2NegNAF[i-(m-k2Len)]
|
||||
}
|
||||
|
||||
for j := 7; j >= 0; j-- {
|
||||
// Q = 2 * Q
|
||||
curve.doubleJacobian(qx, qy, qz, qx, qy, qz)
|
||||
|
||||
if k1BytePos&0x80 == 0x80 {
|
||||
curve.addJacobian(qx, qy, qz, p1x, p1y, p1z,
|
||||
qx, qy, qz)
|
||||
} else if k1ByteNeg&0x80 == 0x80 {
|
||||
curve.addJacobian(qx, qy, qz, p1x, p1yNeg, p1z,
|
||||
qx, qy, qz)
|
||||
}
|
||||
|
||||
if k2BytePos&0x80 == 0x80 {
|
||||
curve.addJacobian(qx, qy, qz, p2x, p2y, p2z,
|
||||
qx, qy, qz)
|
||||
} else if k2ByteNeg&0x80 == 0x80 {
|
||||
curve.addJacobian(qx, qy, qz, p2x, p2yNeg, p2z,
|
||||
qx, qy, qz)
|
||||
}
|
||||
k1BytePos <<= 1
|
||||
k1ByteNeg <<= 1
|
||||
k2BytePos <<= 1
|
||||
k2ByteNeg <<= 1
|
||||
}
|
||||
}
|
||||
|
||||
// Convert the Jacobian coordinate field values back to affine big.Ints.
|
||||
return curve.fieldJacobianToBigAffine(qx, qy, qz)
|
||||
}
|
||||
|
||||
// ScalarBaseMult returns k*G where G is the base point of the group and k is a
|
||||
// big endian integer.
|
||||
// Part of the elliptic.Curve interface.
|
||||
func (curve *KoblitzCurve) ScalarBaseMult(k []byte) (*big.Int, *big.Int) {
|
||||
newK := curve.moduloReduce(k)
|
||||
diff := len(curve.bytePoints) - len(newK)
|
||||
|
||||
// Point Q = ∞ (point at infinity).
|
||||
qx, qy, qz := new(fieldVal), new(fieldVal), new(fieldVal)
|
||||
|
||||
// curve.bytePoints has all 256 byte points for each 8-bit window. The
|
||||
// strategy is to add up the byte points. This is best understood by
|
||||
// expressing k in base-256 which it already sort of is.
|
||||
// Each "digit" in the 8-bit window can be looked up using bytePoints
|
||||
// and added together.
|
||||
for i, byteVal := range newK {
|
||||
p := curve.bytePoints[diff+i][byteVal]
|
||||
curve.addJacobian(qx, qy, qz, &p[0], &p[1], &p[2], qx, qy, qz)
|
||||
}
|
||||
return curve.fieldJacobianToBigAffine(qx, qy, qz)
|
||||
}
|
||||
|
||||
// QPlus1Div4 returns the Q+1/4 constant for the curve for use in calculating
|
||||
// square roots via exponention.
|
||||
func (curve *KoblitzCurve) QPlus1Div4() *big.Int {
|
||||
return curve.q
|
||||
}
|
||||
|
||||
var initonce sync.Once
|
||||
var secp256k1 KoblitzCurve
|
||||
|
||||
func initAll() {
|
||||
initS256()
|
||||
}
|
||||
|
||||
// fromHex converts the passed hex string into a big integer pointer and will
|
||||
// panic is there is an error. This is only provided for the hard-coded
|
||||
// constants so errors in the source code can bet detected. It will only (and
|
||||
// must only) be called for initialization purposes.
|
||||
func fromHex(s string) *big.Int {
|
||||
r, ok := new(big.Int).SetString(s, 16)
|
||||
if !ok {
|
||||
panic("invalid hex in source file: " + s)
|
||||
}
|
||||
return r
|
||||
}
|
||||
|
||||
func initS256() {
|
||||
// Curve parameters taken from [SECG] section 2.4.1.
|
||||
secp256k1.CurveParams = new(elliptic.CurveParams)
|
||||
secp256k1.P = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F")
|
||||
secp256k1.N = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141")
|
||||
secp256k1.B = fromHex("0000000000000000000000000000000000000000000000000000000000000007")
|
||||
secp256k1.Gx = fromHex("79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798")
|
||||
secp256k1.Gy = fromHex("483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8")
|
||||
secp256k1.BitSize = 256
|
||||
secp256k1.H = 1
|
||||
secp256k1.q = new(big.Int).Div(new(big.Int).Add(secp256k1.P,
|
||||
big.NewInt(1)), big.NewInt(4))
|
||||
|
||||
// Provided for convenience since this gets computed repeatedly.
|
||||
secp256k1.byteSize = secp256k1.BitSize / 8
|
||||
|
||||
// Deserialize and set the pre-computed table used to accelerate scalar
|
||||
// base multiplication. This is hard-coded data, so any errors are
|
||||
// panics because it means something is wrong in the source code.
|
||||
if err := loadS256BytePoints(); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
// Next 6 constants are from Hal Finney's bitcointalk.org post:
|
||||
// https://bitcointalk.org/index.php?topic=3238.msg45565#msg45565
|
||||
// May he rest in peace.
|
||||
//
|
||||
// They have also been independently derived from the code in the
|
||||
// EndomorphismVectors function in gensecp256k1.go.
|
||||
secp256k1.lambda = fromHex("5363AD4CC05C30E0A5261C028812645A122E22EA20816678DF02967C1B23BD72")
|
||||
secp256k1.beta = new(fieldVal).SetHex("7AE96A2B657C07106E64479EAC3434E99CF0497512F58995C1396C28719501EE")
|
||||
secp256k1.a1 = fromHex("3086D221A7D46BCDE86C90E49284EB15")
|
||||
secp256k1.b1 = fromHex("-E4437ED6010E88286F547FA90ABFE4C3")
|
||||
secp256k1.a2 = fromHex("114CA50F7A8E2F3F657C1108D9D44CFD8")
|
||||
secp256k1.b2 = fromHex("3086D221A7D46BCDE86C90E49284EB15")
|
||||
|
||||
// Alternatively, we can use the parameters below, however, they seem
|
||||
// to be about 8% slower.
|
||||
// secp256k1.lambda = fromHex("AC9C52B33FA3CF1F5AD9E3FD77ED9BA4A880B9FC8EC739C2E0CFC810B51283CE")
|
||||
// secp256k1.beta = new(fieldVal).SetHex("851695D49A83F8EF919BB86153CBCB16630FB68AED0A766A3EC693D68E6AFA40")
|
||||
// secp256k1.a1 = fromHex("E4437ED6010E88286F547FA90ABFE4C3")
|
||||
// secp256k1.b1 = fromHex("-3086D221A7D46BCDE86C90E49284EB15")
|
||||
// secp256k1.a2 = fromHex("3086D221A7D46BCDE86C90E49284EB15")
|
||||
// secp256k1.b2 = fromHex("114CA50F7A8E2F3F657C1108D9D44CFD8")
|
||||
}
|
||||
|
||||
// S256 returns a Curve which implements secp256k1.
|
||||
func S256() *KoblitzCurve {
|
||||
initonce.Do(initAll)
|
||||
return &secp256k1
|
||||
}
|
216
src/vendor/github.com/btcsuite/btcd/btcec/ciphering.go
generated
vendored
Normal file
216
src/vendor/github.com/btcsuite/btcd/btcec/ciphering.go
generated
vendored
Normal file
|
@ -0,0 +1,216 @@
|
|||
// Copyright (c) 2015-2016 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package btcec
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto/aes"
|
||||
"crypto/cipher"
|
||||
"crypto/hmac"
|
||||
"crypto/rand"
|
||||
"crypto/sha256"
|
||||
"crypto/sha512"
|
||||
"errors"
|
||||
"io"
|
||||
)
|
||||
|
||||
var (
|
||||
// ErrInvalidMAC occurs when Message Authentication Check (MAC) fails
|
||||
// during decryption. This happens because of either invalid private key or
|
||||
// corrupt ciphertext.
|
||||
ErrInvalidMAC = errors.New("invalid mac hash")
|
||||
|
||||
// errInputTooShort occurs when the input ciphertext to the Decrypt
|
||||
// function is less than 134 bytes long.
|
||||
errInputTooShort = errors.New("ciphertext too short")
|
||||
|
||||
// errUnsupportedCurve occurs when the first two bytes of the encrypted
|
||||
// text aren't 0x02CA (= 712 = secp256k1, from OpenSSL).
|
||||
errUnsupportedCurve = errors.New("unsupported curve")
|
||||
|
||||
errInvalidXLength = errors.New("invalid X length, must be 32")
|
||||
errInvalidYLength = errors.New("invalid Y length, must be 32")
|
||||
errInvalidPadding = errors.New("invalid PKCS#7 padding")
|
||||
|
||||
// 0x02CA = 714
|
||||
ciphCurveBytes = [2]byte{0x02, 0xCA}
|
||||
// 0x20 = 32
|
||||
ciphCoordLength = [2]byte{0x00, 0x20}
|
||||
)
|
||||
|
||||
// GenerateSharedSecret generates a shared secret based on a private key and a
|
||||
// public key using Diffie-Hellman key exchange (ECDH) (RFC 4753).
|
||||
// RFC5903 Section 9 states we should only return x.
|
||||
func GenerateSharedSecret(privkey *PrivateKey, pubkey *PublicKey) []byte {
|
||||
x, _ := pubkey.Curve.ScalarMult(pubkey.X, pubkey.Y, privkey.D.Bytes())
|
||||
return x.Bytes()
|
||||
}
|
||||
|
||||
// Encrypt encrypts data for the target public key using AES-256-CBC. It also
|
||||
// generates a private key (the pubkey of which is also in the output). The only
|
||||
// supported curve is secp256k1. The `structure' that it encodes everything into
|
||||
// is:
|
||||
//
|
||||
// struct {
|
||||
// // Initialization Vector used for AES-256-CBC
|
||||
// IV [16]byte
|
||||
// // Public Key: curve(2) + len_of_pubkeyX(2) + pubkeyX +
|
||||
// // len_of_pubkeyY(2) + pubkeyY (curve = 714)
|
||||
// PublicKey [70]byte
|
||||
// // Cipher text
|
||||
// Data []byte
|
||||
// // HMAC-SHA-256 Message Authentication Code
|
||||
// HMAC [32]byte
|
||||
// }
|
||||
//
|
||||
// The primary aim is to ensure byte compatibility with Pyelliptic. Also, refer
|
||||
// to section 5.8.1 of ANSI X9.63 for rationale on this format.
|
||||
func Encrypt(pubkey *PublicKey, in []byte) ([]byte, error) {
|
||||
ephemeral, err := NewPrivateKey(S256())
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
ecdhKey := GenerateSharedSecret(ephemeral, pubkey)
|
||||
derivedKey := sha512.Sum512(ecdhKey)
|
||||
keyE := derivedKey[:32]
|
||||
keyM := derivedKey[32:]
|
||||
|
||||
paddedIn := addPKCSPadding(in)
|
||||
// IV + Curve params/X/Y + padded plaintext/ciphertext + HMAC-256
|
||||
out := make([]byte, aes.BlockSize+70+len(paddedIn)+sha256.Size)
|
||||
iv := out[:aes.BlockSize]
|
||||
if _, err = io.ReadFull(rand.Reader, iv); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
// start writing public key
|
||||
pb := ephemeral.PubKey().SerializeUncompressed()
|
||||
offset := aes.BlockSize
|
||||
|
||||
// curve and X length
|
||||
copy(out[offset:offset+4], append(ciphCurveBytes[:], ciphCoordLength[:]...))
|
||||
offset += 4
|
||||
// X
|
||||
copy(out[offset:offset+32], pb[1:33])
|
||||
offset += 32
|
||||
// Y length
|
||||
copy(out[offset:offset+2], ciphCoordLength[:])
|
||||
offset += 2
|
||||
// Y
|
||||
copy(out[offset:offset+32], pb[33:])
|
||||
offset += 32
|
||||
|
||||
// start encryption
|
||||
block, err := aes.NewCipher(keyE)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
mode := cipher.NewCBCEncrypter(block, iv)
|
||||
mode.CryptBlocks(out[offset:len(out)-sha256.Size], paddedIn)
|
||||
|
||||
// start HMAC-SHA-256
|
||||
hm := hmac.New(sha256.New, keyM)
|
||||
hm.Write(out[:len(out)-sha256.Size]) // everything is hashed
|
||||
copy(out[len(out)-sha256.Size:], hm.Sum(nil)) // write checksum
|
||||
|
||||
return out, nil
|
||||
}
|
||||
|
||||
// Decrypt decrypts data that was encrypted using the Encrypt function.
|
||||
func Decrypt(priv *PrivateKey, in []byte) ([]byte, error) {
|
||||
// IV + Curve params/X/Y + 1 block + HMAC-256
|
||||
if len(in) < aes.BlockSize+70+aes.BlockSize+sha256.Size {
|
||||
return nil, errInputTooShort
|
||||
}
|
||||
|
||||
// read iv
|
||||
iv := in[:aes.BlockSize]
|
||||
offset := aes.BlockSize
|
||||
|
||||
// start reading pubkey
|
||||
if !bytes.Equal(in[offset:offset+2], ciphCurveBytes[:]) {
|
||||
return nil, errUnsupportedCurve
|
||||
}
|
||||
offset += 2
|
||||
|
||||
if !bytes.Equal(in[offset:offset+2], ciphCoordLength[:]) {
|
||||
return nil, errInvalidXLength
|
||||
}
|
||||
offset += 2
|
||||
|
||||
xBytes := in[offset : offset+32]
|
||||
offset += 32
|
||||
|
||||
if !bytes.Equal(in[offset:offset+2], ciphCoordLength[:]) {
|
||||
return nil, errInvalidYLength
|
||||
}
|
||||
offset += 2
|
||||
|
||||
yBytes := in[offset : offset+32]
|
||||
offset += 32
|
||||
|
||||
pb := make([]byte, 65)
|
||||
pb[0] = byte(0x04) // uncompressed
|
||||
copy(pb[1:33], xBytes)
|
||||
copy(pb[33:], yBytes)
|
||||
// check if (X, Y) lies on the curve and create a Pubkey if it does
|
||||
pubkey, err := ParsePubKey(pb, S256())
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// check for cipher text length
|
||||
if (len(in)-aes.BlockSize-offset-sha256.Size)%aes.BlockSize != 0 {
|
||||
return nil, errInvalidPadding // not padded to 16 bytes
|
||||
}
|
||||
|
||||
// read hmac
|
||||
messageMAC := in[len(in)-sha256.Size:]
|
||||
|
||||
// generate shared secret
|
||||
ecdhKey := GenerateSharedSecret(priv, pubkey)
|
||||
derivedKey := sha512.Sum512(ecdhKey)
|
||||
keyE := derivedKey[:32]
|
||||
keyM := derivedKey[32:]
|
||||
|
||||
// verify mac
|
||||
hm := hmac.New(sha256.New, keyM)
|
||||
hm.Write(in[:len(in)-sha256.Size]) // everything is hashed
|
||||
expectedMAC := hm.Sum(nil)
|
||||
if !hmac.Equal(messageMAC, expectedMAC) {
|
||||
return nil, ErrInvalidMAC
|
||||
}
|
||||
|
||||
// start decryption
|
||||
block, err := aes.NewCipher(keyE)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
mode := cipher.NewCBCDecrypter(block, iv)
|
||||
// same length as ciphertext
|
||||
plaintext := make([]byte, len(in)-offset-sha256.Size)
|
||||
mode.CryptBlocks(plaintext, in[offset:len(in)-sha256.Size])
|
||||
|
||||
return removePKCSPadding(plaintext)
|
||||
}
|
||||
|
||||
// Implement PKCS#7 padding with block size of 16 (AES block size).
|
||||
|
||||
// addPKCSPadding adds padding to a block of data
|
||||
func addPKCSPadding(src []byte) []byte {
|
||||
padding := aes.BlockSize - len(src)%aes.BlockSize
|
||||
padtext := bytes.Repeat([]byte{byte(padding)}, padding)
|
||||
return append(src, padtext...)
|
||||
}
|
||||
|
||||
// removePKCSPadding removes padding from data that was added with addPKCSPadding
|
||||
func removePKCSPadding(src []byte) ([]byte, error) {
|
||||
length := len(src)
|
||||
padLength := int(src[length-1])
|
||||
if padLength > aes.BlockSize || length < aes.BlockSize {
|
||||
return nil, errInvalidPadding
|
||||
}
|
||||
|
||||
return src[:length-padLength], nil
|
||||
}
|
21
src/vendor/github.com/btcsuite/btcd/btcec/doc.go
generated
vendored
Normal file
21
src/vendor/github.com/btcsuite/btcd/btcec/doc.go
generated
vendored
Normal file
|
@ -0,0 +1,21 @@
|
|||
// Copyright (c) 2013-2014 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
/*
|
||||
Package btcec implements support for the elliptic curves needed for bitcoin.
|
||||
|
||||
Bitcoin uses elliptic curve cryptography using koblitz curves
|
||||
(specifically secp256k1) for cryptographic functions. See
|
||||
http://www.secg.org/collateral/sec2_final.pdf for details on the
|
||||
standard.
|
||||
|
||||
This package provides the data structures and functions implementing the
|
||||
crypto/elliptic Curve interface in order to permit using these curves
|
||||
with the standard crypto/ecdsa package provided with go. Helper
|
||||
functionality is provided to parse signatures and public keys from
|
||||
standard formats. It was designed for use with btcd, but should be
|
||||
general enough for other uses of elliptic curve crypto. It was originally based
|
||||
on some initial work by ThePiachu, but has significantly diverged since then.
|
||||
*/
|
||||
package btcec
|
1263
src/vendor/github.com/btcsuite/btcd/btcec/field.go
generated
vendored
Normal file
1263
src/vendor/github.com/btcsuite/btcd/btcec/field.go
generated
vendored
Normal file
File diff suppressed because it is too large
Load diff
63
src/vendor/github.com/btcsuite/btcd/btcec/genprecomps.go
generated
vendored
Normal file
63
src/vendor/github.com/btcsuite/btcd/btcec/genprecomps.go
generated
vendored
Normal file
|
@ -0,0 +1,63 @@
|
|||
// Copyright 2015 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// This file is ignored during the regular build due to the following build tag.
|
||||
// It is called by go generate and used to automatically generate pre-computed
|
||||
// tables used to accelerate operations.
|
||||
// +build ignore
|
||||
|
||||
package main
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"compress/zlib"
|
||||
"encoding/base64"
|
||||
"fmt"
|
||||
"log"
|
||||
"os"
|
||||
|
||||
"github.com/btcsuite/btcd/btcec"
|
||||
)
|
||||
|
||||
func main() {
|
||||
fi, err := os.Create("secp256k1.go")
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
defer fi.Close()
|
||||
|
||||
// Compress the serialized byte points.
|
||||
serialized := btcec.S256().SerializedBytePoints()
|
||||
var compressed bytes.Buffer
|
||||
w := zlib.NewWriter(&compressed)
|
||||
if _, err := w.Write(serialized); err != nil {
|
||||
fmt.Println(err)
|
||||
os.Exit(1)
|
||||
}
|
||||
w.Close()
|
||||
|
||||
// Encode the compressed byte points with base64.
|
||||
encoded := make([]byte, base64.StdEncoding.EncodedLen(compressed.Len()))
|
||||
base64.StdEncoding.Encode(encoded, compressed.Bytes())
|
||||
|
||||
fmt.Fprintln(fi, "// Copyright (c) 2015 The btcsuite developers")
|
||||
fmt.Fprintln(fi, "// Use of this source code is governed by an ISC")
|
||||
fmt.Fprintln(fi, "// license that can be found in the LICENSE file.")
|
||||
fmt.Fprintln(fi)
|
||||
fmt.Fprintln(fi, "package btcec")
|
||||
fmt.Fprintln(fi)
|
||||
fmt.Fprintln(fi, "// Auto-generated file (see genprecomps.go)")
|
||||
fmt.Fprintln(fi, "// DO NOT EDIT")
|
||||
fmt.Fprintln(fi)
|
||||
fmt.Fprintf(fi, "var secp256k1BytePoints = %q\n", string(encoded))
|
||||
|
||||
a1, b1, a2, b2 := btcec.S256().EndomorphismVectors()
|
||||
fmt.Println("The following values are the computed linearly " +
|
||||
"independent vectors needed to make use of the secp256k1 " +
|
||||
"endomorphism:")
|
||||
fmt.Printf("a1: %x\n", a1)
|
||||
fmt.Printf("b1: %x\n", b1)
|
||||
fmt.Printf("a2: %x\n", a2)
|
||||
fmt.Printf("b2: %x\n", b2)
|
||||
}
|
203
src/vendor/github.com/btcsuite/btcd/btcec/gensecp256k1.go
generated
vendored
Normal file
203
src/vendor/github.com/btcsuite/btcd/btcec/gensecp256k1.go
generated
vendored
Normal file
|
@ -0,0 +1,203 @@
|
|||
// Copyright (c) 2014-2015 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// This file is ignored during the regular build due to the following build tag.
|
||||
// This build tag is set during go generate.
|
||||
// +build gensecp256k1
|
||||
|
||||
package btcec
|
||||
|
||||
// References:
|
||||
// [GECC]: Guide to Elliptic Curve Cryptography (Hankerson, Menezes, Vanstone)
|
||||
|
||||
import (
|
||||
"encoding/binary"
|
||||
"math/big"
|
||||
)
|
||||
|
||||
// secp256k1BytePoints are dummy points used so the code which generates the
|
||||
// real values can compile.
|
||||
var secp256k1BytePoints = ""
|
||||
|
||||
// getDoublingPoints returns all the possible G^(2^i) for i in
|
||||
// 0..n-1 where n is the curve's bit size (256 in the case of secp256k1)
|
||||
// the coordinates are recorded as Jacobian coordinates.
|
||||
func (curve *KoblitzCurve) getDoublingPoints() [][3]fieldVal {
|
||||
doublingPoints := make([][3]fieldVal, curve.BitSize)
|
||||
|
||||
// initialize px, py, pz to the Jacobian coordinates for the base point
|
||||
px, py := curve.bigAffineToField(curve.Gx, curve.Gy)
|
||||
pz := new(fieldVal).SetInt(1)
|
||||
for i := 0; i < curve.BitSize; i++ {
|
||||
doublingPoints[i] = [3]fieldVal{*px, *py, *pz}
|
||||
// P = 2*P
|
||||
curve.doubleJacobian(px, py, pz, px, py, pz)
|
||||
}
|
||||
return doublingPoints
|
||||
}
|
||||
|
||||
// SerializedBytePoints returns a serialized byte slice which contains all of
|
||||
// the possible points per 8-bit window. This is used to when generating
|
||||
// secp256k1.go.
|
||||
func (curve *KoblitzCurve) SerializedBytePoints() []byte {
|
||||
doublingPoints := curve.getDoublingPoints()
|
||||
|
||||
// Segregate the bits into byte-sized windows
|
||||
serialized := make([]byte, curve.byteSize*256*3*10*4)
|
||||
offset := 0
|
||||
for byteNum := 0; byteNum < curve.byteSize; byteNum++ {
|
||||
// Grab the 8 bits that make up this byte from doublingPoints.
|
||||
startingBit := 8 * (curve.byteSize - byteNum - 1)
|
||||
computingPoints := doublingPoints[startingBit : startingBit+8]
|
||||
|
||||
// Compute all points in this window and serialize them.
|
||||
for i := 0; i < 256; i++ {
|
||||
px, py, pz := new(fieldVal), new(fieldVal), new(fieldVal)
|
||||
for j := 0; j < 8; j++ {
|
||||
if i>>uint(j)&1 == 1 {
|
||||
curve.addJacobian(px, py, pz, &computingPoints[j][0],
|
||||
&computingPoints[j][1], &computingPoints[j][2], px, py, pz)
|
||||
}
|
||||
}
|
||||
for i := 0; i < 10; i++ {
|
||||
binary.LittleEndian.PutUint32(serialized[offset:], px.n[i])
|
||||
offset += 4
|
||||
}
|
||||
for i := 0; i < 10; i++ {
|
||||
binary.LittleEndian.PutUint32(serialized[offset:], py.n[i])
|
||||
offset += 4
|
||||
}
|
||||
for i := 0; i < 10; i++ {
|
||||
binary.LittleEndian.PutUint32(serialized[offset:], pz.n[i])
|
||||
offset += 4
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return serialized
|
||||
}
|
||||
|
||||
// sqrt returns the square root of the provided big integer using Newton's
|
||||
// method. It's only compiled and used during generation of pre-computed
|
||||
// values, so speed is not a huge concern.
|
||||
func sqrt(n *big.Int) *big.Int {
|
||||
// Initial guess = 2^(log_2(n)/2)
|
||||
guess := big.NewInt(2)
|
||||
guess.Exp(guess, big.NewInt(int64(n.BitLen()/2)), nil)
|
||||
|
||||
// Now refine using Newton's method.
|
||||
big2 := big.NewInt(2)
|
||||
prevGuess := big.NewInt(0)
|
||||
for {
|
||||
prevGuess.Set(guess)
|
||||
guess.Add(guess, new(big.Int).Div(n, guess))
|
||||
guess.Div(guess, big2)
|
||||
if guess.Cmp(prevGuess) == 0 {
|
||||
break
|
||||
}
|
||||
}
|
||||
return guess
|
||||
}
|
||||
|
||||
// EndomorphismVectors runs the first 3 steps of algorithm 3.74 from [GECC] to
|
||||
// generate the linearly independent vectors needed to generate a balanced
|
||||
// length-two representation of a multiplier such that k = k1 + k2λ (mod N) and
|
||||
// returns them. Since the values will always be the same given the fact that N
|
||||
// and λ are fixed, the final results can be accelerated by storing the
|
||||
// precomputed values with the curve.
|
||||
func (curve *KoblitzCurve) EndomorphismVectors() (a1, b1, a2, b2 *big.Int) {
|
||||
bigMinus1 := big.NewInt(-1)
|
||||
|
||||
// This section uses an extended Euclidean algorithm to generate a
|
||||
// sequence of equations:
|
||||
// s[i] * N + t[i] * λ = r[i]
|
||||
|
||||
nSqrt := sqrt(curve.N)
|
||||
u, v := new(big.Int).Set(curve.N), new(big.Int).Set(curve.lambda)
|
||||
x1, y1 := big.NewInt(1), big.NewInt(0)
|
||||
x2, y2 := big.NewInt(0), big.NewInt(1)
|
||||
q, r := new(big.Int), new(big.Int)
|
||||
qu, qx1, qy1 := new(big.Int), new(big.Int), new(big.Int)
|
||||
s, t := new(big.Int), new(big.Int)
|
||||
ri, ti := new(big.Int), new(big.Int)
|
||||
a1, b1, a2, b2 = new(big.Int), new(big.Int), new(big.Int), new(big.Int)
|
||||
found, oneMore := false, false
|
||||
for u.Sign() != 0 {
|
||||
// q = v/u
|
||||
q.Div(v, u)
|
||||
|
||||
// r = v - q*u
|
||||
qu.Mul(q, u)
|
||||
r.Sub(v, qu)
|
||||
|
||||
// s = x2 - q*x1
|
||||
qx1.Mul(q, x1)
|
||||
s.Sub(x2, qx1)
|
||||
|
||||
// t = y2 - q*y1
|
||||
qy1.Mul(q, y1)
|
||||
t.Sub(y2, qy1)
|
||||
|
||||
// v = u, u = r, x2 = x1, x1 = s, y2 = y1, y1 = t
|
||||
v.Set(u)
|
||||
u.Set(r)
|
||||
x2.Set(x1)
|
||||
x1.Set(s)
|
||||
y2.Set(y1)
|
||||
y1.Set(t)
|
||||
|
||||
// As soon as the remainder is less than the sqrt of n, the
|
||||
// values of a1 and b1 are known.
|
||||
if !found && r.Cmp(nSqrt) < 0 {
|
||||
// When this condition executes ri and ti represent the
|
||||
// r[i] and t[i] values such that i is the greatest
|
||||
// index for which r >= sqrt(n). Meanwhile, the current
|
||||
// r and t values are r[i+1] and t[i+1], respectively.
|
||||
|
||||
// a1 = r[i+1], b1 = -t[i+1]
|
||||
a1.Set(r)
|
||||
b1.Mul(t, bigMinus1)
|
||||
found = true
|
||||
oneMore = true
|
||||
|
||||
// Skip to the next iteration so ri and ti are not
|
||||
// modified.
|
||||
continue
|
||||
|
||||
} else if oneMore {
|
||||
// When this condition executes ri and ti still
|
||||
// represent the r[i] and t[i] values while the current
|
||||
// r and t are r[i+2] and t[i+2], respectively.
|
||||
|
||||
// sum1 = r[i]^2 + t[i]^2
|
||||
rSquared := new(big.Int).Mul(ri, ri)
|
||||
tSquared := new(big.Int).Mul(ti, ti)
|
||||
sum1 := new(big.Int).Add(rSquared, tSquared)
|
||||
|
||||
// sum2 = r[i+2]^2 + t[i+2]^2
|
||||
r2Squared := new(big.Int).Mul(r, r)
|
||||
t2Squared := new(big.Int).Mul(t, t)
|
||||
sum2 := new(big.Int).Add(r2Squared, t2Squared)
|
||||
|
||||
// if (r[i]^2 + t[i]^2) <= (r[i+2]^2 + t[i+2]^2)
|
||||
if sum1.Cmp(sum2) <= 0 {
|
||||
// a2 = r[i], b2 = -t[i]
|
||||
a2.Set(ri)
|
||||
b2.Mul(ti, bigMinus1)
|
||||
} else {
|
||||
// a2 = r[i+2], b2 = -t[i+2]
|
||||
a2.Set(r)
|
||||
b2.Mul(t, bigMinus1)
|
||||
}
|
||||
|
||||
// All done.
|
||||
break
|
||||
}
|
||||
|
||||
ri.Set(r)
|
||||
ti.Set(t)
|
||||
}
|
||||
|
||||
return a1, b1, a2, b2
|
||||
}
|
67
src/vendor/github.com/btcsuite/btcd/btcec/precompute.go
generated
vendored
Normal file
67
src/vendor/github.com/btcsuite/btcd/btcec/precompute.go
generated
vendored
Normal file
|
@ -0,0 +1,67 @@
|
|||
// Copyright 2015 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package btcec
|
||||
|
||||
import (
|
||||
"compress/zlib"
|
||||
"encoding/base64"
|
||||
"encoding/binary"
|
||||
"io/ioutil"
|
||||
"strings"
|
||||
)
|
||||
|
||||
//go:generate go run -tags gensecp256k1 genprecomps.go
|
||||
|
||||
// loadS256BytePoints decompresses and deserializes the pre-computed byte points
|
||||
// used to accelerate scalar base multiplication for the secp256k1 curve. This
|
||||
// approach is used since it allows the compile to use significantly less ram
|
||||
// and be performed much faster than it is with hard-coding the final in-memory
|
||||
// data structure. At the same time, it is quite fast to generate the in-memory
|
||||
// data structure at init time with this approach versus computing the table.
|
||||
func loadS256BytePoints() error {
|
||||
// There will be no byte points to load when generating them.
|
||||
bp := secp256k1BytePoints
|
||||
if len(bp) == 0 {
|
||||
return nil
|
||||
}
|
||||
|
||||
// Decompress the pre-computed table used to accelerate scalar base
|
||||
// multiplication.
|
||||
decoder := base64.NewDecoder(base64.StdEncoding, strings.NewReader(bp))
|
||||
r, err := zlib.NewReader(decoder)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
serialized, err := ioutil.ReadAll(r)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Deserialize the precomputed byte points and set the curve to them.
|
||||
offset := 0
|
||||
var bytePoints [32][256][3]fieldVal
|
||||
for byteNum := 0; byteNum < 32; byteNum++ {
|
||||
// All points in this window.
|
||||
for i := 0; i < 256; i++ {
|
||||
px := &bytePoints[byteNum][i][0]
|
||||
py := &bytePoints[byteNum][i][1]
|
||||
pz := &bytePoints[byteNum][i][2]
|
||||
for i := 0; i < 10; i++ {
|
||||
px.n[i] = binary.LittleEndian.Uint32(serialized[offset:])
|
||||
offset += 4
|
||||
}
|
||||
for i := 0; i < 10; i++ {
|
||||
py.n[i] = binary.LittleEndian.Uint32(serialized[offset:])
|
||||
offset += 4
|
||||
}
|
||||
for i := 0; i < 10; i++ {
|
||||
pz.n[i] = binary.LittleEndian.Uint32(serialized[offset:])
|
||||
offset += 4
|
||||
}
|
||||
}
|
||||
}
|
||||
secp256k1.bytePoints = &bytePoints
|
||||
return nil
|
||||
}
|
73
src/vendor/github.com/btcsuite/btcd/btcec/privkey.go
generated
vendored
Normal file
73
src/vendor/github.com/btcsuite/btcd/btcec/privkey.go
generated
vendored
Normal file
|
@ -0,0 +1,73 @@
|
|||
// Copyright (c) 2013-2016 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package btcec
|
||||
|
||||
import (
|
||||
"crypto/ecdsa"
|
||||
"crypto/elliptic"
|
||||
"crypto/rand"
|
||||
"math/big"
|
||||
)
|
||||
|
||||
// PrivateKey wraps an ecdsa.PrivateKey as a convenience mainly for signing
|
||||
// things with the the private key without having to directly import the ecdsa
|
||||
// package.
|
||||
type PrivateKey ecdsa.PrivateKey
|
||||
|
||||
// PrivKeyFromBytes returns a private and public key for `curve' based on the
|
||||
// private key passed as an argument as a byte slice.
|
||||
func PrivKeyFromBytes(curve elliptic.Curve, pk []byte) (*PrivateKey,
|
||||
*PublicKey) {
|
||||
x, y := curve.ScalarBaseMult(pk)
|
||||
|
||||
priv := &ecdsa.PrivateKey{
|
||||
PublicKey: ecdsa.PublicKey{
|
||||
Curve: curve,
|
||||
X: x,
|
||||
Y: y,
|
||||
},
|
||||
D: new(big.Int).SetBytes(pk),
|
||||
}
|
||||
|
||||
return (*PrivateKey)(priv), (*PublicKey)(&priv.PublicKey)
|
||||
}
|
||||
|
||||
// NewPrivateKey is a wrapper for ecdsa.GenerateKey that returns a PrivateKey
|
||||
// instead of the normal ecdsa.PrivateKey.
|
||||
func NewPrivateKey(curve elliptic.Curve) (*PrivateKey, error) {
|
||||
key, err := ecdsa.GenerateKey(curve, rand.Reader)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return (*PrivateKey)(key), nil
|
||||
}
|
||||
|
||||
// PubKey returns the PublicKey corresponding to this private key.
|
||||
func (p *PrivateKey) PubKey() *PublicKey {
|
||||
return (*PublicKey)(&p.PublicKey)
|
||||
}
|
||||
|
||||
// ToECDSA returns the private key as a *ecdsa.PrivateKey.
|
||||
func (p *PrivateKey) ToECDSA() *ecdsa.PrivateKey {
|
||||
return (*ecdsa.PrivateKey)(p)
|
||||
}
|
||||
|
||||
// Sign generates an ECDSA signature for the provided hash (which should be the result
|
||||
// of hashing a larger message) using the private key. Produced signature
|
||||
// is deterministic (same message and same key yield the same signature) and canonical
|
||||
// in accordance with RFC6979 and BIP0062.
|
||||
func (p *PrivateKey) Sign(hash []byte) (*Signature, error) {
|
||||
return signRFC6979(p, hash)
|
||||
}
|
||||
|
||||
// PrivKeyBytesLen defines the length in bytes of a serialized private key.
|
||||
const PrivKeyBytesLen = 32
|
||||
|
||||
// Serialize returns the private key number d as a big-endian binary-encoded
|
||||
// number, padded to a length of 32 bytes.
|
||||
func (p *PrivateKey) Serialize() []byte {
|
||||
b := make([]byte, 0, PrivKeyBytesLen)
|
||||
return paddedAppend(PrivKeyBytesLen, b, p.ToECDSA().D.Bytes())
|
||||
}
|
172
src/vendor/github.com/btcsuite/btcd/btcec/pubkey.go
generated
vendored
Normal file
172
src/vendor/github.com/btcsuite/btcd/btcec/pubkey.go
generated
vendored
Normal file
|
@ -0,0 +1,172 @@
|
|||
// Copyright (c) 2013-2014 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package btcec
|
||||
|
||||
import (
|
||||
"crypto/ecdsa"
|
||||
"errors"
|
||||
"fmt"
|
||||
"math/big"
|
||||
)
|
||||
|
||||
// These constants define the lengths of serialized public keys.
|
||||
const (
|
||||
PubKeyBytesLenCompressed = 33
|
||||
PubKeyBytesLenUncompressed = 65
|
||||
PubKeyBytesLenHybrid = 65
|
||||
)
|
||||
|
||||
func isOdd(a *big.Int) bool {
|
||||
return a.Bit(0) == 1
|
||||
}
|
||||
|
||||
// decompressPoint decompresses a point on the given curve given the X point and
|
||||
// the solution to use.
|
||||
func decompressPoint(curve *KoblitzCurve, x *big.Int, ybit bool) (*big.Int, error) {
|
||||
// TODO(oga) This will probably only work for secp256k1 due to
|
||||
// optimizations.
|
||||
|
||||
// Y = +-sqrt(x^3 + B)
|
||||
x3 := new(big.Int).Mul(x, x)
|
||||
x3.Mul(x3, x)
|
||||
x3.Add(x3, curve.Params().B)
|
||||
|
||||
// now calculate sqrt mod p of x2 + B
|
||||
// This code used to do a full sqrt based on tonelli/shanks,
|
||||
// but this was replaced by the algorithms referenced in
|
||||
// https://bitcointalk.org/index.php?topic=162805.msg1712294#msg1712294
|
||||
y := new(big.Int).Exp(x3, curve.QPlus1Div4(), curve.Params().P)
|
||||
|
||||
if ybit != isOdd(y) {
|
||||
y.Sub(curve.Params().P, y)
|
||||
}
|
||||
if ybit != isOdd(y) {
|
||||
return nil, fmt.Errorf("ybit doesn't match oddness")
|
||||
}
|
||||
return y, nil
|
||||
}
|
||||
|
||||
const (
|
||||
pubkeyCompressed byte = 0x2 // y_bit + x coord
|
||||
pubkeyUncompressed byte = 0x4 // x coord + y coord
|
||||
pubkeyHybrid byte = 0x6 // y_bit + x coord + y coord
|
||||
)
|
||||
|
||||
// ParsePubKey parses a public key for a koblitz curve from a bytestring into a
|
||||
// ecdsa.Publickey, verifying that it is valid. It supports compressed,
|
||||
// uncompressed and hybrid signature formats.
|
||||
func ParsePubKey(pubKeyStr []byte, curve *KoblitzCurve) (key *PublicKey, err error) {
|
||||
pubkey := PublicKey{}
|
||||
pubkey.Curve = curve
|
||||
|
||||
if len(pubKeyStr) == 0 {
|
||||
return nil, errors.New("pubkey string is empty")
|
||||
}
|
||||
|
||||
format := pubKeyStr[0]
|
||||
ybit := (format & 0x1) == 0x1
|
||||
format &= ^byte(0x1)
|
||||
|
||||
switch len(pubKeyStr) {
|
||||
case PubKeyBytesLenUncompressed:
|
||||
if format != pubkeyUncompressed && format != pubkeyHybrid {
|
||||
return nil, fmt.Errorf("invalid magic in pubkey str: "+
|
||||
"%d", pubKeyStr[0])
|
||||
}
|
||||
|
||||
pubkey.X = new(big.Int).SetBytes(pubKeyStr[1:33])
|
||||
pubkey.Y = new(big.Int).SetBytes(pubKeyStr[33:])
|
||||
// hybrid keys have extra information, make use of it.
|
||||
if format == pubkeyHybrid && ybit != isOdd(pubkey.Y) {
|
||||
return nil, fmt.Errorf("ybit doesn't match oddness")
|
||||
}
|
||||
case PubKeyBytesLenCompressed:
|
||||
// format is 0x2 | solution, <X coordinate>
|
||||
// solution determines which solution of the curve we use.
|
||||
/// y^2 = x^3 + Curve.B
|
||||
if format != pubkeyCompressed {
|
||||
return nil, fmt.Errorf("invalid magic in compressed "+
|
||||
"pubkey string: %d", pubKeyStr[0])
|
||||
}
|
||||
pubkey.X = new(big.Int).SetBytes(pubKeyStr[1:33])
|
||||
pubkey.Y, err = decompressPoint(curve, pubkey.X, ybit)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
default: // wrong!
|
||||
return nil, fmt.Errorf("invalid pub key length %d",
|
||||
len(pubKeyStr))
|
||||
}
|
||||
|
||||
if pubkey.X.Cmp(pubkey.Curve.Params().P) >= 0 {
|
||||
return nil, fmt.Errorf("pubkey X parameter is >= to P")
|
||||
}
|
||||
if pubkey.Y.Cmp(pubkey.Curve.Params().P) >= 0 {
|
||||
return nil, fmt.Errorf("pubkey Y parameter is >= to P")
|
||||
}
|
||||
if !pubkey.Curve.IsOnCurve(pubkey.X, pubkey.Y) {
|
||||
return nil, fmt.Errorf("pubkey isn't on secp256k1 curve")
|
||||
}
|
||||
return &pubkey, nil
|
||||
}
|
||||
|
||||
// PublicKey is an ecdsa.PublicKey with additional functions to
|
||||
// serialize in uncompressed, compressed, and hybrid formats.
|
||||
type PublicKey ecdsa.PublicKey
|
||||
|
||||
// ToECDSA returns the public key as a *ecdsa.PublicKey.
|
||||
func (p *PublicKey) ToECDSA() *ecdsa.PublicKey {
|
||||
return (*ecdsa.PublicKey)(p)
|
||||
}
|
||||
|
||||
// SerializeUncompressed serializes a public key in a 65-byte uncompressed
|
||||
// format.
|
||||
func (p *PublicKey) SerializeUncompressed() []byte {
|
||||
b := make([]byte, 0, PubKeyBytesLenUncompressed)
|
||||
b = append(b, pubkeyUncompressed)
|
||||
b = paddedAppend(32, b, p.X.Bytes())
|
||||
return paddedAppend(32, b, p.Y.Bytes())
|
||||
}
|
||||
|
||||
// SerializeCompressed serializes a public key in a 33-byte compressed format.
|
||||
func (p *PublicKey) SerializeCompressed() []byte {
|
||||
b := make([]byte, 0, PubKeyBytesLenCompressed)
|
||||
format := pubkeyCompressed
|
||||
if isOdd(p.Y) {
|
||||
format |= 0x1
|
||||
}
|
||||
b = append(b, format)
|
||||
return paddedAppend(32, b, p.X.Bytes())
|
||||
}
|
||||
|
||||
// SerializeHybrid serializes a public key in a 65-byte hybrid format.
|
||||
func (p *PublicKey) SerializeHybrid() []byte {
|
||||
b := make([]byte, 0, PubKeyBytesLenHybrid)
|
||||
format := pubkeyHybrid
|
||||
if isOdd(p.Y) {
|
||||
format |= 0x1
|
||||
}
|
||||
b = append(b, format)
|
||||
b = paddedAppend(32, b, p.X.Bytes())
|
||||
return paddedAppend(32, b, p.Y.Bytes())
|
||||
}
|
||||
|
||||
// IsEqual compares this PublicKey instance to the one passed, returning true if
|
||||
// both PublicKeys are equivalent. A PublicKey is equivalent to another, if they
|
||||
// both have the same X and Y coordinate.
|
||||
func (p *PublicKey) IsEqual(otherPubKey *PublicKey) bool {
|
||||
return p.X.Cmp(otherPubKey.X) == 0 &&
|
||||
p.Y.Cmp(otherPubKey.Y) == 0
|
||||
}
|
||||
|
||||
// paddedAppend appends the src byte slice to dst, returning the new slice.
|
||||
// If the length of the source is smaller than the passed size, leading zero
|
||||
// bytes are appended to the dst slice before appending src.
|
||||
func paddedAppend(size uint, dst, src []byte) []byte {
|
||||
for i := 0; i < int(size)-len(src); i++ {
|
||||
dst = append(dst, 0)
|
||||
}
|
||||
return append(dst, src...)
|
||||
}
|
10
src/vendor/github.com/btcsuite/btcd/btcec/secp256k1.go
generated
vendored
Normal file
10
src/vendor/github.com/btcsuite/btcd/btcec/secp256k1.go
generated
vendored
Normal file
File diff suppressed because one or more lines are too long
540
src/vendor/github.com/btcsuite/btcd/btcec/signature.go
generated
vendored
Normal file
540
src/vendor/github.com/btcsuite/btcd/btcec/signature.go
generated
vendored
Normal file
|
@ -0,0 +1,540 @@
|
|||
// Copyright (c) 2013-2014 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package btcec
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto/ecdsa"
|
||||
"crypto/elliptic"
|
||||
"crypto/hmac"
|
||||
"errors"
|
||||
"fmt"
|
||||
"hash"
|
||||
"math/big"
|
||||
|
||||
"github.com/btcsuite/fastsha256"
|
||||
)
|
||||
|
||||
// Errors returned by canonicalPadding.
|
||||
var (
|
||||
errNegativeValue = errors.New("value may be interpreted as negative")
|
||||
errExcessivelyPaddedValue = errors.New("value is excessively padded")
|
||||
)
|
||||
|
||||
// Signature is a type representing an ecdsa signature.
|
||||
type Signature struct {
|
||||
R *big.Int
|
||||
S *big.Int
|
||||
}
|
||||
|
||||
var (
|
||||
// Curve order and halforder, used to tame ECDSA malleability (see BIP-0062)
|
||||
order = new(big.Int).Set(S256().N)
|
||||
halforder = new(big.Int).Rsh(order, 1)
|
||||
|
||||
// Used in RFC6979 implementation when testing the nonce for correctness
|
||||
one = big.NewInt(1)
|
||||
|
||||
// oneInitializer is used to fill a byte slice with byte 0x01. It is provided
|
||||
// here to avoid the need to create it multiple times.
|
||||
oneInitializer = []byte{0x01}
|
||||
)
|
||||
|
||||
// Serialize returns the ECDSA signature in the more strict DER format. Note
|
||||
// that the serialized bytes returned do not include the appended hash type
|
||||
// used in Bitcoin signature scripts.
|
||||
//
|
||||
// encoding/asn1 is broken so we hand roll this output:
|
||||
//
|
||||
// 0x30 <length> 0x02 <length r> r 0x02 <length s> s
|
||||
func (sig *Signature) Serialize() []byte {
|
||||
// low 'S' malleability breaker
|
||||
sigS := sig.S
|
||||
if sigS.Cmp(halforder) == 1 {
|
||||
sigS = new(big.Int).Sub(order, sigS)
|
||||
}
|
||||
// Ensure the encoded bytes for the r and s values are canonical and
|
||||
// thus suitable for DER encoding.
|
||||
rb := canonicalizeInt(sig.R)
|
||||
sb := canonicalizeInt(sigS)
|
||||
|
||||
// total length of returned signature is 1 byte for each magic and
|
||||
// length (6 total), plus lengths of r and s
|
||||
length := 6 + len(rb) + len(sb)
|
||||
b := make([]byte, length, length)
|
||||
|
||||
b[0] = 0x30
|
||||
b[1] = byte(length - 2)
|
||||
b[2] = 0x02
|
||||
b[3] = byte(len(rb))
|
||||
offset := copy(b[4:], rb) + 4
|
||||
b[offset] = 0x02
|
||||
b[offset+1] = byte(len(sb))
|
||||
copy(b[offset+2:], sb)
|
||||
return b
|
||||
}
|
||||
|
||||
// Verify calls ecdsa.Verify to verify the signature of hash using the public
|
||||
// key. It returns true if the signature is valid, false otherwise.
|
||||
func (sig *Signature) Verify(hash []byte, pubKey *PublicKey) bool {
|
||||
return ecdsa.Verify(pubKey.ToECDSA(), hash, sig.R, sig.S)
|
||||
}
|
||||
|
||||
// IsEqual compares this Signature instance to the one passed, returning true
|
||||
// if both Signatures are equivalent. A signature is equivalent to another, if
|
||||
// they both have the same scalar value for R and S.
|
||||
func (sig *Signature) IsEqual(otherSig *Signature) bool {
|
||||
return sig.R.Cmp(otherSig.R) == 0 &&
|
||||
sig.S.Cmp(otherSig.S) == 0
|
||||
}
|
||||
|
||||
func parseSig(sigStr []byte, curve elliptic.Curve, der bool) (*Signature, error) {
|
||||
// Originally this code used encoding/asn1 in order to parse the
|
||||
// signature, but a number of problems were found with this approach.
|
||||
// Despite the fact that signatures are stored as DER, the difference
|
||||
// between go's idea of a bignum (and that they have sign) doesn't agree
|
||||
// with the openssl one (where they do not). The above is true as of
|
||||
// Go 1.1. In the end it was simpler to rewrite the code to explicitly
|
||||
// understand the format which is this:
|
||||
// 0x30 <length of whole message> <0x02> <length of R> <R> 0x2
|
||||
// <length of S> <S>.
|
||||
|
||||
signature := &Signature{}
|
||||
|
||||
// minimal message is when both numbers are 1 bytes. adding up to:
|
||||
// 0x30 + len + 0x02 + 0x01 + <byte> + 0x2 + 0x01 + <byte>
|
||||
if len(sigStr) < 8 {
|
||||
return nil, errors.New("malformed signature: too short")
|
||||
}
|
||||
// 0x30
|
||||
index := 0
|
||||
if sigStr[index] != 0x30 {
|
||||
return nil, errors.New("malformed signature: no header magic")
|
||||
}
|
||||
index++
|
||||
// length of remaining message
|
||||
siglen := sigStr[index]
|
||||
index++
|
||||
if int(siglen+2) > len(sigStr) {
|
||||
return nil, errors.New("malformed signature: bad length")
|
||||
}
|
||||
// trim the slice we're working on so we only look at what matters.
|
||||
sigStr = sigStr[:siglen+2]
|
||||
|
||||
// 0x02
|
||||
if sigStr[index] != 0x02 {
|
||||
return nil,
|
||||
errors.New("malformed signature: no 1st int marker")
|
||||
}
|
||||
index++
|
||||
|
||||
// Length of signature R.
|
||||
rLen := int(sigStr[index])
|
||||
// must be positive, must be able to fit in another 0x2, <len> <s>
|
||||
// hence the -3. We assume that the length must be at least one byte.
|
||||
index++
|
||||
if rLen <= 0 || rLen > len(sigStr)-index-3 {
|
||||
return nil, errors.New("malformed signature: bogus R length")
|
||||
}
|
||||
|
||||
// Then R itself.
|
||||
rBytes := sigStr[index : index+rLen]
|
||||
if der {
|
||||
switch err := canonicalPadding(rBytes); err {
|
||||
case errNegativeValue:
|
||||
return nil, errors.New("signature R is negative")
|
||||
case errExcessivelyPaddedValue:
|
||||
return nil, errors.New("signature R is excessively padded")
|
||||
}
|
||||
}
|
||||
signature.R = new(big.Int).SetBytes(rBytes)
|
||||
index += rLen
|
||||
// 0x02. length already checked in previous if.
|
||||
if sigStr[index] != 0x02 {
|
||||
return nil, errors.New("malformed signature: no 2nd int marker")
|
||||
}
|
||||
index++
|
||||
|
||||
// Length of signature S.
|
||||
sLen := int(sigStr[index])
|
||||
index++
|
||||
// S should be the rest of the string.
|
||||
if sLen <= 0 || sLen > len(sigStr)-index {
|
||||
return nil, errors.New("malformed signature: bogus S length")
|
||||
}
|
||||
|
||||
// Then S itself.
|
||||
sBytes := sigStr[index : index+sLen]
|
||||
if der {
|
||||
switch err := canonicalPadding(sBytes); err {
|
||||
case errNegativeValue:
|
||||
return nil, errors.New("signature S is negative")
|
||||
case errExcessivelyPaddedValue:
|
||||
return nil, errors.New("signature S is excessively padded")
|
||||
}
|
||||
}
|
||||
signature.S = new(big.Int).SetBytes(sBytes)
|
||||
index += sLen
|
||||
|
||||
// sanity check length parsing
|
||||
if index != len(sigStr) {
|
||||
return nil, fmt.Errorf("malformed signature: bad final length %v != %v",
|
||||
index, len(sigStr))
|
||||
}
|
||||
|
||||
// Verify also checks this, but we can be more sure that we parsed
|
||||
// correctly if we verify here too.
|
||||
// FWIW the ecdsa spec states that R and S must be | 1, N - 1 |
|
||||
// but crypto/ecdsa only checks for Sign != 0. Mirror that.
|
||||
if signature.R.Sign() != 1 {
|
||||
return nil, errors.New("signature R isn't 1 or more")
|
||||
}
|
||||
if signature.S.Sign() != 1 {
|
||||
return nil, errors.New("signature S isn't 1 or more")
|
||||
}
|
||||
if signature.R.Cmp(curve.Params().N) >= 0 {
|
||||
return nil, errors.New("signature R is >= curve.N")
|
||||
}
|
||||
if signature.S.Cmp(curve.Params().N) >= 0 {
|
||||
return nil, errors.New("signature S is >= curve.N")
|
||||
}
|
||||
|
||||
return signature, nil
|
||||
}
|
||||
|
||||
// ParseSignature parses a signature in BER format for the curve type `curve'
|
||||
// into a Signature type, perfoming some basic sanity checks. If parsing
|
||||
// according to the more strict DER format is needed, use ParseDERSignature.
|
||||
func ParseSignature(sigStr []byte, curve elliptic.Curve) (*Signature, error) {
|
||||
return parseSig(sigStr, curve, false)
|
||||
}
|
||||
|
||||
// ParseDERSignature parses a signature in DER format for the curve type
|
||||
// `curve` into a Signature type. If parsing according to the less strict
|
||||
// BER format is needed, use ParseSignature.
|
||||
func ParseDERSignature(sigStr []byte, curve elliptic.Curve) (*Signature, error) {
|
||||
return parseSig(sigStr, curve, true)
|
||||
}
|
||||
|
||||
// canonicalizeInt returns the bytes for the passed big integer adjusted as
|
||||
// necessary to ensure that a big-endian encoded integer can't possibly be
|
||||
// misinterpreted as a negative number. This can happen when the most
|
||||
// significant bit is set, so it is padded by a leading zero byte in this case.
|
||||
// Also, the returned bytes will have at least a single byte when the passed
|
||||
// value is 0. This is required for DER encoding.
|
||||
func canonicalizeInt(val *big.Int) []byte {
|
||||
b := val.Bytes()
|
||||
if len(b) == 0 {
|
||||
b = []byte{0x00}
|
||||
}
|
||||
if b[0]&0x80 != 0 {
|
||||
paddedBytes := make([]byte, len(b)+1)
|
||||
copy(paddedBytes[1:], b)
|
||||
b = paddedBytes
|
||||
}
|
||||
return b
|
||||
}
|
||||
|
||||
// canonicalPadding checks whether a big-endian encoded integer could
|
||||
// possibly be misinterpreted as a negative number (even though OpenSSL
|
||||
// treats all numbers as unsigned), or if there is any unnecessary
|
||||
// leading zero padding.
|
||||
func canonicalPadding(b []byte) error {
|
||||
switch {
|
||||
case b[0]&0x80 == 0x80:
|
||||
return errNegativeValue
|
||||
case len(b) > 1 && b[0] == 0x00 && b[1]&0x80 != 0x80:
|
||||
return errExcessivelyPaddedValue
|
||||
default:
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
// hashToInt converts a hash value to an integer. There is some disagreement
|
||||
// about how this is done. [NSA] suggests that this is done in the obvious
|
||||
// manner, but [SECG] truncates the hash to the bit-length of the curve order
|
||||
// first. We follow [SECG] because that's what OpenSSL does. Additionally,
|
||||
// OpenSSL right shifts excess bits from the number if the hash is too large
|
||||
// and we mirror that too.
|
||||
// This is borrowed from crypto/ecdsa.
|
||||
func hashToInt(hash []byte, c elliptic.Curve) *big.Int {
|
||||
orderBits := c.Params().N.BitLen()
|
||||
orderBytes := (orderBits + 7) / 8
|
||||
if len(hash) > orderBytes {
|
||||
hash = hash[:orderBytes]
|
||||
}
|
||||
|
||||
ret := new(big.Int).SetBytes(hash)
|
||||
excess := len(hash)*8 - orderBits
|
||||
if excess > 0 {
|
||||
ret.Rsh(ret, uint(excess))
|
||||
}
|
||||
return ret
|
||||
}
|
||||
|
||||
// recoverKeyFromSignature recoves a public key from the signature "sig" on the
|
||||
// given message hash "msg". Based on the algorithm found in section 5.1.5 of
|
||||
// SEC 1 Ver 2.0, page 47-48 (53 and 54 in the pdf). This performs the details
|
||||
// in the inner loop in Step 1. The counter provided is actually the j parameter
|
||||
// of the loop * 2 - on the first iteration of j we do the R case, else the -R
|
||||
// case in step 1.6. This counter is used in the bitcoin compressed signature
|
||||
// format and thus we match bitcoind's behaviour here.
|
||||
func recoverKeyFromSignature(curve *KoblitzCurve, sig *Signature, msg []byte,
|
||||
iter int, doChecks bool) (*PublicKey, error) {
|
||||
// 1.1 x = (n * i) + r
|
||||
Rx := new(big.Int).Mul(curve.Params().N,
|
||||
new(big.Int).SetInt64(int64(iter/2)))
|
||||
Rx.Add(Rx, sig.R)
|
||||
if Rx.Cmp(curve.Params().P) != -1 {
|
||||
return nil, errors.New("calculated Rx is larger than curve P")
|
||||
}
|
||||
|
||||
// convert 02<Rx> to point R. (step 1.2 and 1.3). If we are on an odd
|
||||
// iteration then 1.6 will be done with -R, so we calculate the other
|
||||
// term when uncompressing the point.
|
||||
Ry, err := decompressPoint(curve, Rx, iter%2 == 1)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// 1.4 Check n*R is point at infinity
|
||||
if doChecks {
|
||||
nRx, nRy := curve.ScalarMult(Rx, Ry, curve.Params().N.Bytes())
|
||||
if nRx.Sign() != 0 || nRy.Sign() != 0 {
|
||||
return nil, errors.New("n*R does not equal the point at infinity")
|
||||
}
|
||||
}
|
||||
|
||||
// 1.5 calculate e from message using the same algorithm as ecdsa
|
||||
// signature calculation.
|
||||
e := hashToInt(msg, curve)
|
||||
|
||||
// Step 1.6.1:
|
||||
// We calculate the two terms sR and eG separately multiplied by the
|
||||
// inverse of r (from the signature). We then add them to calculate
|
||||
// Q = r^-1(sR-eG)
|
||||
invr := new(big.Int).ModInverse(sig.R, curve.Params().N)
|
||||
|
||||
// first term.
|
||||
invrS := new(big.Int).Mul(invr, sig.S)
|
||||
invrS.Mod(invrS, curve.Params().N)
|
||||
sRx, sRy := curve.ScalarMult(Rx, Ry, invrS.Bytes())
|
||||
|
||||
// second term.
|
||||
e.Neg(e)
|
||||
e.Mod(e, curve.Params().N)
|
||||
e.Mul(e, invr)
|
||||
e.Mod(e, curve.Params().N)
|
||||
minuseGx, minuseGy := curve.ScalarBaseMult(e.Bytes())
|
||||
|
||||
// TODO(oga) this would be faster if we did a mult and add in one
|
||||
// step to prevent the jacobian conversion back and forth.
|
||||
Qx, Qy := curve.Add(sRx, sRy, minuseGx, minuseGy)
|
||||
|
||||
return &PublicKey{
|
||||
Curve: curve,
|
||||
X: Qx,
|
||||
Y: Qy,
|
||||
}, nil
|
||||
}
|
||||
|
||||
// SignCompact produces a compact signature of the data in hash with the given
|
||||
// private key on the given koblitz curve. The isCompressed parameter should
|
||||
// be used to detail if the given signature should reference a compressed
|
||||
// public key or not. If successful the bytes of the compact signature will be
|
||||
// returned in the format:
|
||||
// <(byte of 27+public key solution)+4 if compressed >< padded bytes for signature R><padded bytes for signature S>
|
||||
// where the R and S parameters are padde up to the bitlengh of the curve.
|
||||
func SignCompact(curve *KoblitzCurve, key *PrivateKey,
|
||||
hash []byte, isCompressedKey bool) ([]byte, error) {
|
||||
sig, err := key.Sign(hash)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// bitcoind checks the bit length of R and S here. The ecdsa signature
|
||||
// algorithm returns R and S mod N therefore they will be the bitsize of
|
||||
// the curve, and thus correctly sized.
|
||||
for i := 0; i < (curve.H+1)*2; i++ {
|
||||
pk, err := recoverKeyFromSignature(curve, sig, hash, i, true)
|
||||
if err == nil && pk.X.Cmp(key.X) == 0 && pk.Y.Cmp(key.Y) == 0 {
|
||||
result := make([]byte, 1, 2*curve.byteSize+1)
|
||||
result[0] = 27 + byte(i)
|
||||
if isCompressedKey {
|
||||
result[0] += 4
|
||||
}
|
||||
// Not sure this needs rounding but safer to do so.
|
||||
curvelen := (curve.BitSize + 7) / 8
|
||||
|
||||
// Pad R and S to curvelen if needed.
|
||||
bytelen := (sig.R.BitLen() + 7) / 8
|
||||
if bytelen < curvelen {
|
||||
result = append(result,
|
||||
make([]byte, curvelen-bytelen)...)
|
||||
}
|
||||
result = append(result, sig.R.Bytes()...)
|
||||
|
||||
bytelen = (sig.S.BitLen() + 7) / 8
|
||||
if bytelen < curvelen {
|
||||
result = append(result,
|
||||
make([]byte, curvelen-bytelen)...)
|
||||
}
|
||||
result = append(result, sig.S.Bytes()...)
|
||||
|
||||
return result, nil
|
||||
}
|
||||
}
|
||||
|
||||
return nil, errors.New("no valid solution for pubkey found")
|
||||
}
|
||||
|
||||
// RecoverCompact verifies the compact signature "signature" of "hash" for the
|
||||
// Koblitz curve in "curve". If the signature matches then the recovered public
|
||||
// key will be returned as well as a boolen if the original key was compressed
|
||||
// or not, else an error will be returned.
|
||||
func RecoverCompact(curve *KoblitzCurve, signature,
|
||||
hash []byte) (*PublicKey, bool, error) {
|
||||
bitlen := (curve.BitSize + 7) / 8
|
||||
if len(signature) != 1+bitlen*2 {
|
||||
return nil, false, errors.New("invalid compact signature size")
|
||||
}
|
||||
|
||||
iteration := int((signature[0] - 27) & ^byte(4))
|
||||
|
||||
// format is <header byte><bitlen R><bitlen S>
|
||||
sig := &Signature{
|
||||
R: new(big.Int).SetBytes(signature[1 : bitlen+1]),
|
||||
S: new(big.Int).SetBytes(signature[bitlen+1:]),
|
||||
}
|
||||
// The iteration used here was encoded
|
||||
key, err := recoverKeyFromSignature(curve, sig, hash, iteration, false)
|
||||
if err != nil {
|
||||
return nil, false, err
|
||||
}
|
||||
|
||||
return key, ((signature[0] - 27) & 4) == 4, nil
|
||||
}
|
||||
|
||||
// signRFC6979 generates a deterministic ECDSA signature according to RFC 6979 and BIP 62.
|
||||
func signRFC6979(privateKey *PrivateKey, hash []byte) (*Signature, error) {
|
||||
|
||||
privkey := privateKey.ToECDSA()
|
||||
N := order
|
||||
k := nonceRFC6979(privkey.D, hash)
|
||||
inv := new(big.Int).ModInverse(k, N)
|
||||
r, _ := privkey.Curve.ScalarBaseMult(k.Bytes())
|
||||
if r.Cmp(N) == 1 {
|
||||
r.Sub(r, N)
|
||||
}
|
||||
|
||||
if r.Sign() == 0 {
|
||||
return nil, errors.New("calculated R is zero")
|
||||
}
|
||||
|
||||
e := hashToInt(hash, privkey.Curve)
|
||||
s := new(big.Int).Mul(privkey.D, r)
|
||||
s.Add(s, e)
|
||||
s.Mul(s, inv)
|
||||
s.Mod(s, N)
|
||||
|
||||
if s.Cmp(halforder) == 1 {
|
||||
s.Sub(N, s)
|
||||
}
|
||||
if s.Sign() == 0 {
|
||||
return nil, errors.New("calculated S is zero")
|
||||
}
|
||||
return &Signature{R: r, S: s}, nil
|
||||
}
|
||||
|
||||
// nonceRFC6979 generates an ECDSA nonce (`k`) deterministically according to RFC 6979.
|
||||
// It takes a 32-byte hash as an input and returns 32-byte nonce to be used in ECDSA algorithm.
|
||||
func nonceRFC6979(privkey *big.Int, hash []byte) *big.Int {
|
||||
|
||||
curve := S256()
|
||||
q := curve.Params().N
|
||||
x := privkey
|
||||
alg := fastsha256.New
|
||||
|
||||
qlen := q.BitLen()
|
||||
holen := alg().Size()
|
||||
rolen := (qlen + 7) >> 3
|
||||
bx := append(int2octets(x, rolen), bits2octets(hash, curve, rolen)...)
|
||||
|
||||
// Step B
|
||||
v := bytes.Repeat(oneInitializer, holen)
|
||||
|
||||
// Step C (Go zeroes the all allocated memory)
|
||||
k := make([]byte, holen)
|
||||
|
||||
// Step D
|
||||
k = mac(alg, k, append(append(v, 0x00), bx...))
|
||||
|
||||
// Step E
|
||||
v = mac(alg, k, v)
|
||||
|
||||
// Step F
|
||||
k = mac(alg, k, append(append(v, 0x01), bx...))
|
||||
|
||||
// Step G
|
||||
v = mac(alg, k, v)
|
||||
|
||||
// Step H
|
||||
for {
|
||||
// Step H1
|
||||
var t []byte
|
||||
|
||||
// Step H2
|
||||
for len(t)*8 < qlen {
|
||||
v = mac(alg, k, v)
|
||||
t = append(t, v...)
|
||||
}
|
||||
|
||||
// Step H3
|
||||
secret := hashToInt(t, curve)
|
||||
if secret.Cmp(one) >= 0 && secret.Cmp(q) < 0 {
|
||||
return secret
|
||||
}
|
||||
k = mac(alg, k, append(v, 0x00))
|
||||
v = mac(alg, k, v)
|
||||
}
|
||||
}
|
||||
|
||||
// mac returns an HMAC of the given key and message.
|
||||
func mac(alg func() hash.Hash, k, m []byte) []byte {
|
||||
h := hmac.New(alg, k)
|
||||
h.Write(m)
|
||||
return h.Sum(nil)
|
||||
}
|
||||
|
||||
// https://tools.ietf.org/html/rfc6979#section-2.3.3
|
||||
func int2octets(v *big.Int, rolen int) []byte {
|
||||
out := v.Bytes()
|
||||
|
||||
// left pad with zeros if it's too short
|
||||
if len(out) < rolen {
|
||||
out2 := make([]byte, rolen)
|
||||
copy(out2[rolen-len(out):], out)
|
||||
return out2
|
||||
}
|
||||
|
||||
// drop most significant bytes if it's too long
|
||||
if len(out) > rolen {
|
||||
out2 := make([]byte, rolen)
|
||||
copy(out2, out[len(out)-rolen:])
|
||||
return out2
|
||||
}
|
||||
|
||||
return out
|
||||
}
|
||||
|
||||
// https://tools.ietf.org/html/rfc6979#section-2.3.4
|
||||
func bits2octets(in []byte, curve elliptic.Curve, rolen int) []byte {
|
||||
z1 := hashToInt(in, curve)
|
||||
z2 := new(big.Int).Sub(z1, curve.Params().N)
|
||||
if z2.Sign() < 0 {
|
||||
return int2octets(z1, rolen)
|
||||
}
|
||||
return int2octets(z2, rolen)
|
||||
}
|
87
src/vendor/github.com/btcsuite/btcd/chaincfg/README.md
generated
vendored
Normal file
87
src/vendor/github.com/btcsuite/btcd/chaincfg/README.md
generated
vendored
Normal file
|
@ -0,0 +1,87 @@
|
|||
chaincfg
|
||||
========
|
||||
|
||||
[![Build Status](http://img.shields.io/travis/btcsuite/btcd.svg)]
|
||||
(https://travis-ci.org/btcsuite/btcd) [![ISC License]
|
||||
(http://img.shields.io/badge/license-ISC-blue.svg)](http://copyfree.org)
|
||||
[![GoDoc](https://img.shields.io/badge/godoc-reference-blue.svg)]
|
||||
(http://godoc.org/github.com/btcsuite/btcd/chaincfg)
|
||||
|
||||
Package chaincfg defines chain configuration parameters for the three standard
|
||||
Bitcoin networks and provides the ability for callers to define their own custom
|
||||
Bitcoin networks.
|
||||
|
||||
Although this package was primarily written for btcd, it has intentionally been
|
||||
designed so it can be used as a standalone package for any projects needing to
|
||||
use parameters for the standard Bitcoin networks or for projects needing to
|
||||
define their own network.
|
||||
|
||||
## Sample Use
|
||||
|
||||
```Go
|
||||
package main
|
||||
|
||||
import (
|
||||
"flag"
|
||||
"fmt"
|
||||
"log"
|
||||
|
||||
"github.com/btcsuite/btcutil"
|
||||
"github.com/btcsuite/btcd/chaincfg"
|
||||
)
|
||||
|
||||
var testnet = flag.Bool("testnet", false, "operate on the testnet Bitcoin network")
|
||||
|
||||
// By default (without -testnet), use mainnet.
|
||||
var chainParams = &chaincfg.MainNetParams
|
||||
|
||||
func main() {
|
||||
flag.Parse()
|
||||
|
||||
// Modify active network parameters if operating on testnet.
|
||||
if *testnet {
|
||||
chainParams = &chaincfg.TestNet3Params
|
||||
}
|
||||
|
||||
// later...
|
||||
|
||||
// Create and print new payment address, specific to the active network.
|
||||
pubKeyHash := make([]byte, 20)
|
||||
addr, err := btcutil.NewAddressPubKeyHash(pubKeyHash, chainParams)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
fmt.Println(addr)
|
||||
}
|
||||
```
|
||||
|
||||
## Installation and Updating
|
||||
|
||||
```bash
|
||||
$ go get -u github.com/btcsuite/btcd/chaincfg
|
||||
```
|
||||
|
||||
## GPG Verification Key
|
||||
|
||||
All official release tags are signed by Conformal so users can ensure the code
|
||||
has not been tampered with and is coming from the btcsuite developers. To
|
||||
verify the signature perform the following:
|
||||
|
||||
- Download the public key from the Conformal website at
|
||||
https://opensource.conformal.com/GIT-GPG-KEY-conformal.txt
|
||||
|
||||
- Import the public key into your GPG keyring:
|
||||
```bash
|
||||
gpg --import GIT-GPG-KEY-conformal.txt
|
||||
```
|
||||
|
||||
- Verify the release tag with the following command where `TAG_NAME` is a
|
||||
placeholder for the specific tag:
|
||||
```bash
|
||||
git tag -v TAG_NAME
|
||||
```
|
||||
|
||||
## License
|
||||
|
||||
Package chaincfg is licensed under the [copyfree](http://copyfree.org) ISC
|
||||
License.
|
42
src/vendor/github.com/btcsuite/btcd/chaincfg/chainhash/README.md
generated
vendored
Normal file
42
src/vendor/github.com/btcsuite/btcd/chaincfg/chainhash/README.md
generated
vendored
Normal file
|
@ -0,0 +1,42 @@
|
|||
chainhash
|
||||
=========
|
||||
|
||||
[![Build Status](http://img.shields.io/travis/btcsuite/btcd.svg)]
|
||||
(https://travis-ci.org/btcsuite/btcd) [![ISC License]
|
||||
(http://img.shields.io/badge/license-ISC-blue.svg)](http://copyfree.org)
|
||||
[![GoDoc](https://img.shields.io/badge/godoc-reference-blue.svg)]
|
||||
(http://godoc.org/github.com/btcsuite/btcd/chaincfg/chainhash)
|
||||
|
||||
chainhash provides a generic hash type and associated functions that allows the
|
||||
specific hash algorithm to be abstracted.
|
||||
|
||||
## Installation and Updating
|
||||
|
||||
```bash
|
||||
$ go get -u github.com/btcsuite/btcd/chaincfg/chainhash
|
||||
```
|
||||
|
||||
## GPG Verification Key
|
||||
|
||||
All official release tags are signed by Conformal so users can ensure the code
|
||||
has not been tampered with and is coming from the btcsuite developers. To
|
||||
verify the signature perform the following:
|
||||
|
||||
- Download the public key from the Conformal website at
|
||||
https://opensource.conformal.com/GIT-GPG-KEY-conformal.txt
|
||||
|
||||
- Import the public key into your GPG keyring:
|
||||
```bash
|
||||
gpg --import GIT-GPG-KEY-conformal.txt
|
||||
```
|
||||
|
||||
- Verify the release tag with the following command where `TAG_NAME` is a
|
||||
placeholder for the specific tag:
|
||||
```bash
|
||||
git tag -v TAG_NAME
|
||||
```
|
||||
|
||||
## License
|
||||
|
||||
Package chainhash is licensed under the [copyfree](http://copyfree.org) ISC
|
||||
License.
|
5
src/vendor/github.com/btcsuite/btcd/chaincfg/chainhash/doc.go
generated
vendored
Normal file
5
src/vendor/github.com/btcsuite/btcd/chaincfg/chainhash/doc.go
generated
vendored
Normal file
|
@ -0,0 +1,5 @@
|
|||
// Package chainhash provides abstracted hash functionality.
|
||||
//
|
||||
// This package provides a generic hash type and associated functions that
|
||||
// allows the specific hash algorithm to be abstracted.
|
||||
package chainhash
|
118
src/vendor/github.com/btcsuite/btcd/chaincfg/chainhash/hash.go
generated
vendored
Normal file
118
src/vendor/github.com/btcsuite/btcd/chaincfg/chainhash/hash.go
generated
vendored
Normal file
|
@ -0,0 +1,118 @@
|
|||
// Copyright (c) 2013-2016 The btcsuite developers
|
||||
// Copyright (c) 2015 The Decred developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package chainhash
|
||||
|
||||
import (
|
||||
"encoding/hex"
|
||||
"fmt"
|
||||
)
|
||||
|
||||
// HashSize of array used to store hashes. See Hash.
|
||||
const HashSize = 32
|
||||
|
||||
// MaxHashStringSize is the maximum length of a Hash hash string.
|
||||
const MaxHashStringSize = HashSize * 2
|
||||
|
||||
// ErrHashStrSize describes an error that indicates the caller specified a hash
|
||||
// string that has too many characters.
|
||||
var ErrHashStrSize = fmt.Errorf("max hash string length is %v bytes", MaxHashStringSize)
|
||||
|
||||
// Hash is used in several of the bitcoin messages and common structures. It
|
||||
// typically represents the double sha256 of data.
|
||||
type Hash [HashSize]byte
|
||||
|
||||
// String returns the Hash as the hexadecimal string of the byte-reversed
|
||||
// hash.
|
||||
func (hash Hash) String() string {
|
||||
for i := 0; i < HashSize/2; i++ {
|
||||
hash[i], hash[HashSize-1-i] = hash[HashSize-1-i], hash[i]
|
||||
}
|
||||
return hex.EncodeToString(hash[:])
|
||||
}
|
||||
|
||||
// CloneBytes returns a copy of the bytes which represent the hash as a byte
|
||||
// slice.
|
||||
//
|
||||
// NOTE: It is generally cheaper to just slice the hash directly thereby reusing
|
||||
// the same bytes rather than calling this method.
|
||||
func (hash *Hash) CloneBytes() []byte {
|
||||
newHash := make([]byte, HashSize)
|
||||
copy(newHash, hash[:])
|
||||
|
||||
return newHash
|
||||
}
|
||||
|
||||
// SetBytes sets the bytes which represent the hash. An error is returned if
|
||||
// the number of bytes passed in is not HashSize.
|
||||
func (hash *Hash) SetBytes(newHash []byte) error {
|
||||
nhlen := len(newHash)
|
||||
if nhlen != HashSize {
|
||||
return fmt.Errorf("invalid hash length of %v, want %v", nhlen,
|
||||
HashSize)
|
||||
}
|
||||
copy(hash[:], newHash)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// IsEqual returns true if target is the same as hash.
|
||||
func (hash *Hash) IsEqual(target *Hash) bool {
|
||||
if hash == nil && target == nil {
|
||||
return true
|
||||
}
|
||||
if hash == nil || target == nil {
|
||||
return false
|
||||
}
|
||||
return *hash == *target
|
||||
}
|
||||
|
||||
// NewHash returns a new Hash from a byte slice. An error is returned if
|
||||
// the number of bytes passed in is not HashSize.
|
||||
func NewHash(newHash []byte) (*Hash, error) {
|
||||
var sh Hash
|
||||
err := sh.SetBytes(newHash)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &sh, err
|
||||
}
|
||||
|
||||
// NewHashFromStr creates a Hash from a hash string. The string should be
|
||||
// the hexadecimal string of a byte-reversed hash, but any missing characters
|
||||
// result in zero padding at the end of the Hash.
|
||||
func NewHashFromStr(hash string) (*Hash, error) {
|
||||
// Return error if hash string is too long.
|
||||
if len(hash) > MaxHashStringSize {
|
||||
return nil, ErrHashStrSize
|
||||
}
|
||||
|
||||
// Hex decoder expects the hash to be a multiple of two.
|
||||
if len(hash)%2 != 0 {
|
||||
hash = "0" + hash
|
||||
}
|
||||
|
||||
// Convert string hash to bytes.
|
||||
buf, err := hex.DecodeString(hash)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Un-reverse the decoded bytes, copying into in leading bytes of a
|
||||
// Hash. There is no need to explicitly pad the result as any
|
||||
// missing (when len(buf) < HashSize) bytes from the decoded hex string
|
||||
// will remain zeros at the end of the Hash.
|
||||
var ret Hash
|
||||
blen := len(buf)
|
||||
mid := blen / 2
|
||||
if blen%2 != 0 {
|
||||
mid++
|
||||
}
|
||||
blen--
|
||||
for i, b := range buf[:mid] {
|
||||
ret[i], ret[blen-i] = buf[blen-i], b
|
||||
}
|
||||
return &ret, nil
|
||||
}
|
33
src/vendor/github.com/btcsuite/btcd/chaincfg/chainhash/hashfuncs.go
generated
vendored
Normal file
33
src/vendor/github.com/btcsuite/btcd/chaincfg/chainhash/hashfuncs.go
generated
vendored
Normal file
|
@ -0,0 +1,33 @@
|
|||
// Copyright (c) 2015 The Decred developers
|
||||
// Copyright (c) 2016 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package chainhash
|
||||
|
||||
import "github.com/btcsuite/fastsha256"
|
||||
|
||||
// HashB calculates hash(b) and returns the resulting bytes.
|
||||
func HashB(b []byte) []byte {
|
||||
hash := fastsha256.Sum256(b)
|
||||
return hash[:]
|
||||
}
|
||||
|
||||
// HashH calculates hash(b) and returns the resulting bytes as a Hash.
|
||||
func HashH(b []byte) Hash {
|
||||
return Hash(fastsha256.Sum256(b))
|
||||
}
|
||||
|
||||
// DoubleHashB calculates hash(hash(b)) and returns the resulting bytes.
|
||||
func DoubleHashB(b []byte) []byte {
|
||||
first := fastsha256.Sum256(b)
|
||||
second := fastsha256.Sum256(first[:])
|
||||
return second[:]
|
||||
}
|
||||
|
||||
// DoubleHashH calculates hash(hash(b)) and returns the resulting bytes as a
|
||||
// Hash.
|
||||
func DoubleHashH(b []byte) Hash {
|
||||
first := fastsha256.Sum256(b)
|
||||
return Hash(fastsha256.Sum256(first[:]))
|
||||
}
|
61
src/vendor/github.com/btcsuite/btcd/chaincfg/doc.go
generated
vendored
Normal file
61
src/vendor/github.com/btcsuite/btcd/chaincfg/doc.go
generated
vendored
Normal file
|
@ -0,0 +1,61 @@
|
|||
// Package chaincfg defines chain configuration parameters.
|
||||
//
|
||||
// In addition to the main Bitcoin network, which is intended for the transfer
|
||||
// of monetary value, there also exists two currently active standard networks:
|
||||
// regression test and testnet (version 3). These networks are incompatible
|
||||
// with each other (each sharing a different genesis block) and software should
|
||||
// handle errors where input intended for one network is used on an application
|
||||
// instance running on a different network.
|
||||
//
|
||||
// For library packages, chaincfg provides the ability to lookup chain
|
||||
// parameters and encoding magics when passed a *Params. Older APIs not updated
|
||||
// to the new convention of passing a *Params may lookup the parameters for a
|
||||
// wire.BitcoinNet using ParamsForNet, but be aware that this usage is
|
||||
// deprecated and will be removed from chaincfg in the future.
|
||||
//
|
||||
// For main packages, a (typically global) var may be assigned the address of
|
||||
// one of the standard Param vars for use as the application's "active" network.
|
||||
// When a network parameter is needed, it may then be looked up through this
|
||||
// variable (either directly, or hidden in a library call).
|
||||
//
|
||||
// package main
|
||||
//
|
||||
// import (
|
||||
// "flag"
|
||||
// "fmt"
|
||||
// "log"
|
||||
//
|
||||
// "github.com/btcsuite/btcutil"
|
||||
// "github.com/btcsuite/btcd/chaincfg"
|
||||
// )
|
||||
//
|
||||
// var testnet = flag.Bool("testnet", false, "operate on the testnet Bitcoin network")
|
||||
//
|
||||
// // By default (without -testnet), use mainnet.
|
||||
// var chainParams = &chaincfg.MainNetParams
|
||||
//
|
||||
// func main() {
|
||||
// flag.Parse()
|
||||
//
|
||||
// // Modify active network parameters if operating on testnet.
|
||||
// if *testnet {
|
||||
// chainParams = &chaincfg.TestNet3Params
|
||||
// }
|
||||
//
|
||||
// // later...
|
||||
//
|
||||
// // Create and print new payment address, specific to the active network.
|
||||
// pubKeyHash := make([]byte, 20)
|
||||
// addr, err := btcutil.NewAddressPubKeyHash(pubKeyHash, chainParams)
|
||||
// if err != nil {
|
||||
// log.Fatal(err)
|
||||
// }
|
||||
// fmt.Println(addr)
|
||||
// }
|
||||
//
|
||||
// If an application does not use one of the three standard Bitcoin networks,
|
||||
// a new Params struct may be created which defines the parameters for the
|
||||
// non-standard network. As a general rule of thumb, all network parameters
|
||||
// should be unique to the network, but parameter collisions can still occur
|
||||
// (unfortunately, this is the case with regtest and testnet3 sharing magics).
|
||||
package chaincfg
|
172
src/vendor/github.com/btcsuite/btcd/chaincfg/genesis.go
generated
vendored
Normal file
172
src/vendor/github.com/btcsuite/btcd/chaincfg/genesis.go
generated
vendored
Normal file
|
@ -0,0 +1,172 @@
|
|||
// Copyright (c) 2014-2016 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package chaincfg
|
||||
|
||||
import (
|
||||
"time"
|
||||
|
||||
"github.com/btcsuite/btcd/chaincfg/chainhash"
|
||||
"github.com/btcsuite/btcd/wire"
|
||||
)
|
||||
|
||||
// genesisCoinbaseTx is the coinbase transaction for the genesis blocks for
|
||||
// the main network, regression test network, and test network (version 3).
|
||||
var genesisCoinbaseTx = wire.MsgTx{
|
||||
Version: 1,
|
||||
TxIn: []*wire.TxIn{
|
||||
{
|
||||
PreviousOutPoint: wire.OutPoint{
|
||||
Hash: chainhash.Hash{},
|
||||
Index: 0xffffffff,
|
||||
},
|
||||
SignatureScript: []byte{
|
||||
0x04, 0xff, 0xff, 0x00, 0x1d, 0x01, 0x04, 0x45, /* |.......E| */
|
||||
0x54, 0x68, 0x65, 0x20, 0x54, 0x69, 0x6d, 0x65, /* |The Time| */
|
||||
0x73, 0x20, 0x30, 0x33, 0x2f, 0x4a, 0x61, 0x6e, /* |s 03/Jan| */
|
||||
0x2f, 0x32, 0x30, 0x30, 0x39, 0x20, 0x43, 0x68, /* |/2009 Ch| */
|
||||
0x61, 0x6e, 0x63, 0x65, 0x6c, 0x6c, 0x6f, 0x72, /* |ancellor| */
|
||||
0x20, 0x6f, 0x6e, 0x20, 0x62, 0x72, 0x69, 0x6e, /* | on brin| */
|
||||
0x6b, 0x20, 0x6f, 0x66, 0x20, 0x73, 0x65, 0x63, /* |k of sec|*/
|
||||
0x6f, 0x6e, 0x64, 0x20, 0x62, 0x61, 0x69, 0x6c, /* |ond bail| */
|
||||
0x6f, 0x75, 0x74, 0x20, 0x66, 0x6f, 0x72, 0x20, /* |out for |*/
|
||||
0x62, 0x61, 0x6e, 0x6b, 0x73, /* |banks| */
|
||||
},
|
||||
Sequence: 0xffffffff,
|
||||
},
|
||||
},
|
||||
TxOut: []*wire.TxOut{
|
||||
{
|
||||
Value: 0x12a05f200,
|
||||
PkScript: []byte{
|
||||
0x41, 0x04, 0x67, 0x8a, 0xfd, 0xb0, 0xfe, 0x55, /* |A.g....U| */
|
||||
0x48, 0x27, 0x19, 0x67, 0xf1, 0xa6, 0x71, 0x30, /* |H'.g..q0| */
|
||||
0xb7, 0x10, 0x5c, 0xd6, 0xa8, 0x28, 0xe0, 0x39, /* |..\..(.9| */
|
||||
0x09, 0xa6, 0x79, 0x62, 0xe0, 0xea, 0x1f, 0x61, /* |..yb...a| */
|
||||
0xde, 0xb6, 0x49, 0xf6, 0xbc, 0x3f, 0x4c, 0xef, /* |..I..?L.| */
|
||||
0x38, 0xc4, 0xf3, 0x55, 0x04, 0xe5, 0x1e, 0xc1, /* |8..U....| */
|
||||
0x12, 0xde, 0x5c, 0x38, 0x4d, 0xf7, 0xba, 0x0b, /* |..\8M...| */
|
||||
0x8d, 0x57, 0x8a, 0x4c, 0x70, 0x2b, 0x6b, 0xf1, /* |.W.Lp+k.| */
|
||||
0x1d, 0x5f, 0xac, /* |._.| */
|
||||
},
|
||||
},
|
||||
},
|
||||
LockTime: 0,
|
||||
}
|
||||
|
||||
// genesisHash is the hash of the first block in the block chain for the main
|
||||
// network (genesis block).
|
||||
var genesisHash = chainhash.Hash([chainhash.HashSize]byte{ // Make go vet happy.
|
||||
0x6f, 0xe2, 0x8c, 0x0a, 0xb6, 0xf1, 0xb3, 0x72,
|
||||
0xc1, 0xa6, 0xa2, 0x46, 0xae, 0x63, 0xf7, 0x4f,
|
||||
0x93, 0x1e, 0x83, 0x65, 0xe1, 0x5a, 0x08, 0x9c,
|
||||
0x68, 0xd6, 0x19, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
})
|
||||
|
||||
// genesisMerkleRoot is the hash of the first transaction in the genesis block
|
||||
// for the main network.
|
||||
var genesisMerkleRoot = chainhash.Hash([chainhash.HashSize]byte{ // Make go vet happy.
|
||||
0x3b, 0xa3, 0xed, 0xfd, 0x7a, 0x7b, 0x12, 0xb2,
|
||||
0x7a, 0xc7, 0x2c, 0x3e, 0x67, 0x76, 0x8f, 0x61,
|
||||
0x7f, 0xc8, 0x1b, 0xc3, 0x88, 0x8a, 0x51, 0x32,
|
||||
0x3a, 0x9f, 0xb8, 0xaa, 0x4b, 0x1e, 0x5e, 0x4a,
|
||||
})
|
||||
|
||||
// genesisBlock defines the genesis block of the block chain which serves as the
|
||||
// public transaction ledger for the main network.
|
||||
var genesisBlock = wire.MsgBlock{
|
||||
Header: wire.BlockHeader{
|
||||
Version: 1,
|
||||
PrevBlock: chainhash.Hash{}, // 0000000000000000000000000000000000000000000000000000000000000000
|
||||
MerkleRoot: genesisMerkleRoot, // 4a5e1e4baab89f3a32518a88c31bc87f618f76673e2cc77ab2127b7afdeda33b
|
||||
Timestamp: time.Unix(0x495fab29, 0), // 2009-01-03 18:15:05 +0000 UTC
|
||||
Bits: 0x1d00ffff, // 486604799 [00000000ffff0000000000000000000000000000000000000000000000000000]
|
||||
Nonce: 0x7c2bac1d, // 2083236893
|
||||
},
|
||||
Transactions: []*wire.MsgTx{&genesisCoinbaseTx},
|
||||
}
|
||||
|
||||
// regTestGenesisHash is the hash of the first block in the block chain for the
|
||||
// regression test network (genesis block).
|
||||
var regTestGenesisHash = chainhash.Hash([chainhash.HashSize]byte{ // Make go vet happy.
|
||||
0x06, 0x22, 0x6e, 0x46, 0x11, 0x1a, 0x0b, 0x59,
|
||||
0xca, 0xaf, 0x12, 0x60, 0x43, 0xeb, 0x5b, 0xbf,
|
||||
0x28, 0xc3, 0x4f, 0x3a, 0x5e, 0x33, 0x2a, 0x1f,
|
||||
0xc7, 0xb2, 0xb7, 0x3c, 0xf1, 0x88, 0x91, 0x0f,
|
||||
})
|
||||
|
||||
// regTestGenesisMerkleRoot is the hash of the first transaction in the genesis
|
||||
// block for the regression test network. It is the same as the merkle root for
|
||||
// the main network.
|
||||
var regTestGenesisMerkleRoot = genesisMerkleRoot
|
||||
|
||||
// regTestGenesisBlock defines the genesis block of the block chain which serves
|
||||
// as the public transaction ledger for the regression test network.
|
||||
var regTestGenesisBlock = wire.MsgBlock{
|
||||
Header: wire.BlockHeader{
|
||||
Version: 1,
|
||||
PrevBlock: chainhash.Hash{}, // 0000000000000000000000000000000000000000000000000000000000000000
|
||||
MerkleRoot: regTestGenesisMerkleRoot, // 4a5e1e4baab89f3a32518a88c31bc87f618f76673e2cc77ab2127b7afdeda33b
|
||||
Timestamp: time.Unix(1296688602, 0), // 2011-02-02 23:16:42 +0000 UTC
|
||||
Bits: 0x207fffff, // 545259519 [7fffff0000000000000000000000000000000000000000000000000000000000]
|
||||
Nonce: 2,
|
||||
},
|
||||
Transactions: []*wire.MsgTx{&genesisCoinbaseTx},
|
||||
}
|
||||
|
||||
// testNet3GenesisHash is the hash of the first block in the block chain for the
|
||||
// test network (version 3).
|
||||
var testNet3GenesisHash = chainhash.Hash([chainhash.HashSize]byte{ // Make go vet happy.
|
||||
0x43, 0x49, 0x7f, 0xd7, 0xf8, 0x26, 0x95, 0x71,
|
||||
0x08, 0xf4, 0xa3, 0x0f, 0xd9, 0xce, 0xc3, 0xae,
|
||||
0xba, 0x79, 0x97, 0x20, 0x84, 0xe9, 0x0e, 0xad,
|
||||
0x01, 0xea, 0x33, 0x09, 0x00, 0x00, 0x00, 0x00,
|
||||
})
|
||||
|
||||
// testNet3GenesisMerkleRoot is the hash of the first transaction in the genesis
|
||||
// block for the test network (version 3). It is the same as the merkle root
|
||||
// for the main network.
|
||||
var testNet3GenesisMerkleRoot = genesisMerkleRoot
|
||||
|
||||
// testNet3GenesisBlock defines the genesis block of the block chain which
|
||||
// serves as the public transaction ledger for the test network (version 3).
|
||||
var testNet3GenesisBlock = wire.MsgBlock{
|
||||
Header: wire.BlockHeader{
|
||||
Version: 1,
|
||||
PrevBlock: chainhash.Hash{}, // 0000000000000000000000000000000000000000000000000000000000000000
|
||||
MerkleRoot: testNet3GenesisMerkleRoot, // 4a5e1e4baab89f3a32518a88c31bc87f618f76673e2cc77ab2127b7afdeda33b
|
||||
Timestamp: time.Unix(1296688602, 0), // 2011-02-02 23:16:42 +0000 UTC
|
||||
Bits: 0x1d00ffff, // 486604799 [00000000ffff0000000000000000000000000000000000000000000000000000]
|
||||
Nonce: 0x18aea41a, // 414098458
|
||||
},
|
||||
Transactions: []*wire.MsgTx{&genesisCoinbaseTx},
|
||||
}
|
||||
|
||||
// simNetGenesisHash is the hash of the first block in the block chain for the
|
||||
// simulation test network.
|
||||
var simNetGenesisHash = chainhash.Hash([chainhash.HashSize]byte{ // Make go vet happy.
|
||||
0xf6, 0x7a, 0xd7, 0x69, 0x5d, 0x9b, 0x66, 0x2a,
|
||||
0x72, 0xff, 0x3d, 0x8e, 0xdb, 0xbb, 0x2d, 0xe0,
|
||||
0xbf, 0xa6, 0x7b, 0x13, 0x97, 0x4b, 0xb9, 0x91,
|
||||
0x0d, 0x11, 0x6d, 0x5c, 0xbd, 0x86, 0x3e, 0x68,
|
||||
})
|
||||
|
||||
// simNetGenesisMerkleRoot is the hash of the first transaction in the genesis
|
||||
// block for the simulation test network. It is the same as the merkle root for
|
||||
// the main network.
|
||||
var simNetGenesisMerkleRoot = genesisMerkleRoot
|
||||
|
||||
// simNetGenesisBlock defines the genesis block of the block chain which serves
|
||||
// as the public transaction ledger for the simulation test network.
|
||||
var simNetGenesisBlock = wire.MsgBlock{
|
||||
Header: wire.BlockHeader{
|
||||
Version: 1,
|
||||
PrevBlock: chainhash.Hash{}, // 0000000000000000000000000000000000000000000000000000000000000000
|
||||
MerkleRoot: simNetGenesisMerkleRoot, // 4a5e1e4baab89f3a32518a88c31bc87f618f76673e2cc77ab2127b7afdeda33b
|
||||
Timestamp: time.Unix(1401292357, 0), // 2014-05-28 15:52:37 +0000 UTC
|
||||
Bits: 0x207fffff, // 545259519 [7fffff0000000000000000000000000000000000000000000000000000000000]
|
||||
Nonce: 2,
|
||||
},
|
||||
Transactions: []*wire.MsgTx{&genesisCoinbaseTx},
|
||||
}
|
512
src/vendor/github.com/btcsuite/btcd/chaincfg/params.go
generated
vendored
Normal file
512
src/vendor/github.com/btcsuite/btcd/chaincfg/params.go
generated
vendored
Normal file
|
@ -0,0 +1,512 @@
|
|||
// Copyright (c) 2014-2016 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package chaincfg
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"math/big"
|
||||
"time"
|
||||
|
||||
"github.com/btcsuite/btcd/chaincfg/chainhash"
|
||||
"github.com/btcsuite/btcd/wire"
|
||||
)
|
||||
|
||||
// These variables are the chain proof-of-work limit parameters for each default
|
||||
// network.
|
||||
var (
|
||||
// bigOne is 1 represented as a big.Int. It is defined here to avoid
|
||||
// the overhead of creating it multiple times.
|
||||
bigOne = big.NewInt(1)
|
||||
|
||||
// mainPowLimit is the highest proof of work value a Bitcoin block can
|
||||
// have for the main network. It is the value 2^224 - 1.
|
||||
mainPowLimit = new(big.Int).Sub(new(big.Int).Lsh(bigOne, 224), bigOne)
|
||||
|
||||
// regressionPowLimit is the highest proof of work value a Bitcoin block
|
||||
// can have for the regression test network. It is the value 2^255 - 1.
|
||||
regressionPowLimit = new(big.Int).Sub(new(big.Int).Lsh(bigOne, 255), bigOne)
|
||||
|
||||
// testNet3PowLimit is the highest proof of work value a Bitcoin block
|
||||
// can have for the test network (version 3). It is the value
|
||||
// 2^224 - 1.
|
||||
testNet3PowLimit = new(big.Int).Sub(new(big.Int).Lsh(bigOne, 224), bigOne)
|
||||
|
||||
// simNetPowLimit is the highest proof of work value a Bitcoin block
|
||||
// can have for the simulation test network. It is the value 2^255 - 1.
|
||||
simNetPowLimit = new(big.Int).Sub(new(big.Int).Lsh(bigOne, 255), bigOne)
|
||||
)
|
||||
|
||||
// Checkpoint identifies a known good point in the block chain. Using
|
||||
// checkpoints allows a few optimizations for old blocks during initial download
|
||||
// and also prevents forks from old blocks.
|
||||
//
|
||||
// Each checkpoint is selected based upon several factors. See the
|
||||
// documentation for blockchain.IsCheckpointCandidate for details on the
|
||||
// selection criteria.
|
||||
type Checkpoint struct {
|
||||
Height int32
|
||||
Hash *chainhash.Hash
|
||||
}
|
||||
|
||||
// Params defines a Bitcoin network by its parameters. These parameters may be
|
||||
// used by Bitcoin applications to differentiate networks as well as addresses
|
||||
// and keys for one network from those intended for use on another network.
|
||||
type Params struct {
|
||||
// Name defines a human-readable identifier for the network.
|
||||
Name string
|
||||
|
||||
// Net defines the magic bytes used to identify the network.
|
||||
Net wire.BitcoinNet
|
||||
|
||||
// DefaultPort defines the default peer-to-peer port for the network.
|
||||
DefaultPort string
|
||||
|
||||
// DNSSeeds defines a list of DNS seeds for the network that are used
|
||||
// as one method to discover peers.
|
||||
DNSSeeds []string
|
||||
|
||||
// GenesisBlock defines the first block of the chain.
|
||||
GenesisBlock *wire.MsgBlock
|
||||
|
||||
// GenesisHash is the starting block hash.
|
||||
GenesisHash *chainhash.Hash
|
||||
|
||||
// PowLimit defines the highest allowed proof of work value for a block
|
||||
// as a uint256.
|
||||
PowLimit *big.Int
|
||||
|
||||
// PowLimitBits defines the highest allowed proof of work value for a
|
||||
// block in compact form.
|
||||
PowLimitBits uint32
|
||||
|
||||
// CoinbaseMaturity is the number of blocks required before newly mined
|
||||
// coins (coinbase transactions) can be spent.
|
||||
CoinbaseMaturity uint16
|
||||
|
||||
// SubsidyReductionInterval is the interval of blocks before the subsidy
|
||||
// is reduced.
|
||||
SubsidyReductionInterval int32
|
||||
|
||||
// TargetTimespan is the desired amount of time that should elapse
|
||||
// before the block difficulty requirement is examined to determine how
|
||||
// it should be changed in order to maintain the desired block
|
||||
// generation rate.
|
||||
TargetTimespan time.Duration
|
||||
|
||||
// TargetTimePerBlock is the desired amount of time to generate each
|
||||
// block.
|
||||
TargetTimePerBlock time.Duration
|
||||
|
||||
// RetargetAdjustmentFactor is the adjustment factor used to limit
|
||||
// the minimum and maximum amount of adjustment that can occur between
|
||||
// difficulty retargets.
|
||||
RetargetAdjustmentFactor int64
|
||||
|
||||
// ReduceMinDifficulty defines whether the network should reduce the
|
||||
// minimum required difficulty after a long enough period of time has
|
||||
// passed without finding a block. This is really only useful for test
|
||||
// networks and should not be set on a main network.
|
||||
ReduceMinDifficulty bool
|
||||
|
||||
// MinDiffReductionTime is the amount of time after which the minimum
|
||||
// required difficulty should be reduced when a block hasn't been found.
|
||||
//
|
||||
// NOTE: This only applies if ReduceMinDifficulty is true.
|
||||
MinDiffReductionTime time.Duration
|
||||
|
||||
// GenerateSupported specifies whether or not CPU mining is allowed.
|
||||
GenerateSupported bool
|
||||
|
||||
// Checkpoints ordered from oldest to newest.
|
||||
Checkpoints []Checkpoint
|
||||
|
||||
// Enforce current block version once network has
|
||||
// upgraded. This is part of BIP0034.
|
||||
BlockEnforceNumRequired uint64
|
||||
|
||||
// Reject previous block versions once network has
|
||||
// upgraded. This is part of BIP0034.
|
||||
BlockRejectNumRequired uint64
|
||||
|
||||
// The number of nodes to check. This is part of BIP0034.
|
||||
BlockUpgradeNumToCheck uint64
|
||||
|
||||
// Mempool parameters
|
||||
RelayNonStdTxs bool
|
||||
|
||||
// Address encoding magics
|
||||
PubKeyHashAddrID byte // First byte of a P2PKH address
|
||||
ScriptHashAddrID byte // First byte of a P2SH address
|
||||
PrivateKeyID byte // First byte of a WIF private key
|
||||
|
||||
// BIP32 hierarchical deterministic extended key magics
|
||||
HDPrivateKeyID [4]byte
|
||||
HDPublicKeyID [4]byte
|
||||
|
||||
// BIP44 coin type used in the hierarchical deterministic path for
|
||||
// address generation.
|
||||
HDCoinType uint32
|
||||
}
|
||||
|
||||
// MainNetParams defines the network parameters for the main Bitcoin network.
|
||||
var MainNetParams = Params{
|
||||
Name: "mainnet",
|
||||
Net: wire.MainNet,
|
||||
DefaultPort: "8333",
|
||||
DNSSeeds: []string{
|
||||
"seed.bitcoin.sipa.be",
|
||||
"dnsseed.bluematt.me",
|
||||
"dnsseed.bitcoin.dashjr.org",
|
||||
"seed.bitcoinstats.com",
|
||||
"seed.bitnodes.io",
|
||||
"bitseed.xf2.org",
|
||||
"seed.bitcoin.jonasschnelli.ch",
|
||||
},
|
||||
|
||||
// Chain parameters
|
||||
GenesisBlock: &genesisBlock,
|
||||
GenesisHash: &genesisHash,
|
||||
PowLimit: mainPowLimit,
|
||||
PowLimitBits: 0x1d00ffff,
|
||||
CoinbaseMaturity: 100,
|
||||
SubsidyReductionInterval: 210000,
|
||||
TargetTimespan: time.Hour * 24 * 14, // 14 days
|
||||
TargetTimePerBlock: time.Minute * 10, // 10 minutes
|
||||
RetargetAdjustmentFactor: 4, // 25% less, 400% more
|
||||
ReduceMinDifficulty: false,
|
||||
MinDiffReductionTime: 0,
|
||||
GenerateSupported: false,
|
||||
|
||||
// Checkpoints ordered from oldest to newest.
|
||||
Checkpoints: []Checkpoint{
|
||||
{11111, newHashFromStr("0000000069e244f73d78e8fd29ba2fd2ed618bd6fa2ee92559f542fdb26e7c1d")},
|
||||
{33333, newHashFromStr("000000002dd5588a74784eaa7ab0507a18ad16a236e7b1ce69f00d7ddfb5d0a6")},
|
||||
{74000, newHashFromStr("0000000000573993a3c9e41ce34471c079dcf5f52a0e824a81e7f953b8661a20")},
|
||||
{105000, newHashFromStr("00000000000291ce28027faea320c8d2b054b2e0fe44a773f3eefb151d6bdc97")},
|
||||
{134444, newHashFromStr("00000000000005b12ffd4cd315cd34ffd4a594f430ac814c91184a0d42d2b0fe")},
|
||||
{168000, newHashFromStr("000000000000099e61ea72015e79632f216fe6cb33d7899acb35b75c8303b763")},
|
||||
{193000, newHashFromStr("000000000000059f452a5f7340de6682a977387c17010ff6e6c3bd83ca8b1317")},
|
||||
{210000, newHashFromStr("000000000000048b95347e83192f69cf0366076336c639f9b7228e9ba171342e")},
|
||||
{216116, newHashFromStr("00000000000001b4f4b433e81ee46494af945cf96014816a4e2370f11b23df4e")},
|
||||
{225430, newHashFromStr("00000000000001c108384350f74090433e7fcf79a606b8e797f065b130575932")},
|
||||
{250000, newHashFromStr("000000000000003887df1f29024b06fc2200b55f8af8f35453d7be294df2d214")},
|
||||
{267300, newHashFromStr("000000000000000a83fbd660e918f218bf37edd92b748ad940483c7c116179ac")},
|
||||
{279000, newHashFromStr("0000000000000001ae8c72a0b0c301f67e3afca10e819efa9041e458e9bd7e40")},
|
||||
{300255, newHashFromStr("0000000000000000162804527c6e9b9f0563a280525f9d08c12041def0a0f3b2")},
|
||||
{319400, newHashFromStr("000000000000000021c6052e9becade189495d1c539aa37c58917305fd15f13b")},
|
||||
{343185, newHashFromStr("0000000000000000072b8bf361d01a6ba7d445dd024203fafc78768ed4368554")},
|
||||
{352940, newHashFromStr("000000000000000010755df42dba556bb72be6a32f3ce0b6941ce4430152c9ff")},
|
||||
{382320, newHashFromStr("00000000000000000a8dc6ed5b133d0eb2fd6af56203e4159789b092defd8ab2")},
|
||||
},
|
||||
|
||||
// Enforce current block version once majority of the network has
|
||||
// upgraded.
|
||||
// 75% (750 / 1000)
|
||||
// Reject previous block versions once a majority of the network has
|
||||
// upgraded.
|
||||
// 95% (950 / 1000)
|
||||
BlockEnforceNumRequired: 750,
|
||||
BlockRejectNumRequired: 950,
|
||||
BlockUpgradeNumToCheck: 1000,
|
||||
|
||||
// Mempool parameters
|
||||
RelayNonStdTxs: false,
|
||||
|
||||
// Address encoding magics
|
||||
PubKeyHashAddrID: 0x00, // starts with 1
|
||||
ScriptHashAddrID: 0x05, // starts with 3
|
||||
PrivateKeyID: 0x80, // starts with 5 (uncompressed) or K (compressed)
|
||||
|
||||
// BIP32 hierarchical deterministic extended key magics
|
||||
HDPrivateKeyID: [4]byte{0x04, 0x88, 0xad, 0xe4}, // starts with xprv
|
||||
HDPublicKeyID: [4]byte{0x04, 0x88, 0xb2, 0x1e}, // starts with xpub
|
||||
|
||||
// BIP44 coin type used in the hierarchical deterministic path for
|
||||
// address generation.
|
||||
HDCoinType: 0,
|
||||
}
|
||||
|
||||
// RegressionNetParams defines the network parameters for the regression test
|
||||
// Bitcoin network. Not to be confused with the test Bitcoin network (version
|
||||
// 3), this network is sometimes simply called "testnet".
|
||||
var RegressionNetParams = Params{
|
||||
Name: "regtest",
|
||||
Net: wire.TestNet,
|
||||
DefaultPort: "18444",
|
||||
DNSSeeds: []string{},
|
||||
|
||||
// Chain parameters
|
||||
GenesisBlock: ®TestGenesisBlock,
|
||||
GenesisHash: ®TestGenesisHash,
|
||||
PowLimit: regressionPowLimit,
|
||||
PowLimitBits: 0x207fffff,
|
||||
CoinbaseMaturity: 100,
|
||||
SubsidyReductionInterval: 150,
|
||||
TargetTimespan: time.Hour * 24 * 14, // 14 days
|
||||
TargetTimePerBlock: time.Minute * 10, // 10 minutes
|
||||
RetargetAdjustmentFactor: 4, // 25% less, 400% more
|
||||
ReduceMinDifficulty: true,
|
||||
MinDiffReductionTime: time.Minute * 20, // TargetTimePerBlock * 2
|
||||
GenerateSupported: true,
|
||||
|
||||
// Checkpoints ordered from oldest to newest.
|
||||
Checkpoints: nil,
|
||||
|
||||
// Enforce current block version once majority of the network has
|
||||
// upgraded.
|
||||
// 75% (750 / 1000)
|
||||
// Reject previous block versions once a majority of the network has
|
||||
// upgraded.
|
||||
// 95% (950 / 1000)
|
||||
BlockEnforceNumRequired: 750,
|
||||
BlockRejectNumRequired: 950,
|
||||
BlockUpgradeNumToCheck: 1000,
|
||||
|
||||
// Mempool parameters
|
||||
RelayNonStdTxs: true,
|
||||
|
||||
// Address encoding magics
|
||||
PubKeyHashAddrID: 0x6f, // starts with m or n
|
||||
ScriptHashAddrID: 0xc4, // starts with 2
|
||||
PrivateKeyID: 0xef, // starts with 9 (uncompressed) or c (compressed)
|
||||
|
||||
// BIP32 hierarchical deterministic extended key magics
|
||||
HDPrivateKeyID: [4]byte{0x04, 0x35, 0x83, 0x94}, // starts with tprv
|
||||
HDPublicKeyID: [4]byte{0x04, 0x35, 0x87, 0xcf}, // starts with tpub
|
||||
|
||||
// BIP44 coin type used in the hierarchical deterministic path for
|
||||
// address generation.
|
||||
HDCoinType: 1,
|
||||
}
|
||||
|
||||
// TestNet3Params defines the network parameters for the test Bitcoin network
|
||||
// (version 3). Not to be confused with the regression test network, this
|
||||
// network is sometimes simply called "testnet".
|
||||
var TestNet3Params = Params{
|
||||
Name: "testnet3",
|
||||
Net: wire.TestNet3,
|
||||
DefaultPort: "18333",
|
||||
DNSSeeds: []string{
|
||||
"testnet-seed.bitcoin.schildbach.de",
|
||||
"testnet-seed.bitcoin.petertodd.org",
|
||||
"testnet-seed.bluematt.me",
|
||||
},
|
||||
|
||||
// Chain parameters
|
||||
GenesisBlock: &testNet3GenesisBlock,
|
||||
GenesisHash: &testNet3GenesisHash,
|
||||
PowLimit: testNet3PowLimit,
|
||||
PowLimitBits: 0x1d00ffff,
|
||||
CoinbaseMaturity: 100,
|
||||
SubsidyReductionInterval: 210000,
|
||||
TargetTimespan: time.Hour * 24 * 14, // 14 days
|
||||
TargetTimePerBlock: time.Minute * 10, // 10 minutes
|
||||
RetargetAdjustmentFactor: 4, // 25% less, 400% more
|
||||
ReduceMinDifficulty: true,
|
||||
MinDiffReductionTime: time.Minute * 20, // TargetTimePerBlock * 2
|
||||
GenerateSupported: false,
|
||||
|
||||
// Checkpoints ordered from oldest to newest.
|
||||
Checkpoints: []Checkpoint{
|
||||
{546, newHashFromStr("000000002a936ca763904c3c35fce2f3556c559c0214345d31b1bcebf76acb70")},
|
||||
},
|
||||
|
||||
// Enforce current block version once majority of the network has
|
||||
// upgraded.
|
||||
// 51% (51 / 100)
|
||||
// Reject previous block versions once a majority of the network has
|
||||
// upgraded.
|
||||
// 75% (75 / 100)
|
||||
BlockEnforceNumRequired: 51,
|
||||
BlockRejectNumRequired: 75,
|
||||
BlockUpgradeNumToCheck: 100,
|
||||
|
||||
// Mempool parameters
|
||||
RelayNonStdTxs: true,
|
||||
|
||||
// Address encoding magics
|
||||
PubKeyHashAddrID: 0x6f, // starts with m or n
|
||||
ScriptHashAddrID: 0xc4, // starts with 2
|
||||
PrivateKeyID: 0xef, // starts with 9 (uncompressed) or c (compressed)
|
||||
|
||||
// BIP32 hierarchical deterministic extended key magics
|
||||
HDPrivateKeyID: [4]byte{0x04, 0x35, 0x83, 0x94}, // starts with tprv
|
||||
HDPublicKeyID: [4]byte{0x04, 0x35, 0x87, 0xcf}, // starts with tpub
|
||||
|
||||
// BIP44 coin type used in the hierarchical deterministic path for
|
||||
// address generation.
|
||||
HDCoinType: 1,
|
||||
}
|
||||
|
||||
// SimNetParams defines the network parameters for the simulation test Bitcoin
|
||||
// network. This network is similar to the normal test network except it is
|
||||
// intended for private use within a group of individuals doing simulation
|
||||
// testing. The functionality is intended to differ in that the only nodes
|
||||
// which are specifically specified are used to create the network rather than
|
||||
// following normal discovery rules. This is important as otherwise it would
|
||||
// just turn into another public testnet.
|
||||
var SimNetParams = Params{
|
||||
Name: "simnet",
|
||||
Net: wire.SimNet,
|
||||
DefaultPort: "18555",
|
||||
DNSSeeds: []string{}, // NOTE: There must NOT be any seeds.
|
||||
|
||||
// Chain parameters
|
||||
GenesisBlock: &simNetGenesisBlock,
|
||||
GenesisHash: &simNetGenesisHash,
|
||||
PowLimit: simNetPowLimit,
|
||||
PowLimitBits: 0x207fffff,
|
||||
CoinbaseMaturity: 100,
|
||||
SubsidyReductionInterval: 210000,
|
||||
TargetTimespan: time.Hour * 24 * 14, // 14 days
|
||||
TargetTimePerBlock: time.Minute * 10, // 10 minutes
|
||||
RetargetAdjustmentFactor: 4, // 25% less, 400% more
|
||||
ReduceMinDifficulty: true,
|
||||
MinDiffReductionTime: time.Minute * 20, // TargetTimePerBlock * 2
|
||||
GenerateSupported: true,
|
||||
|
||||
// Checkpoints ordered from oldest to newest.
|
||||
Checkpoints: nil,
|
||||
|
||||
// Enforce current block version once majority of the network has
|
||||
// upgraded.
|
||||
// 51% (51 / 100)
|
||||
// Reject previous block versions once a majority of the network has
|
||||
// upgraded.
|
||||
// 75% (75 / 100)
|
||||
BlockEnforceNumRequired: 51,
|
||||
BlockRejectNumRequired: 75,
|
||||
BlockUpgradeNumToCheck: 100,
|
||||
|
||||
// Mempool parameters
|
||||
RelayNonStdTxs: true,
|
||||
|
||||
// Address encoding magics
|
||||
PubKeyHashAddrID: 0x3f, // starts with S
|
||||
ScriptHashAddrID: 0x7b, // starts with s
|
||||
PrivateKeyID: 0x64, // starts with 4 (uncompressed) or F (compressed)
|
||||
|
||||
// BIP32 hierarchical deterministic extended key magics
|
||||
HDPrivateKeyID: [4]byte{0x04, 0x20, 0xb9, 0x00}, // starts with sprv
|
||||
HDPublicKeyID: [4]byte{0x04, 0x20, 0xbd, 0x3a}, // starts with spub
|
||||
|
||||
// BIP44 coin type used in the hierarchical deterministic path for
|
||||
// address generation.
|
||||
HDCoinType: 115, // ASCII for s
|
||||
}
|
||||
|
||||
var (
|
||||
// ErrDuplicateNet describes an error where the parameters for a Bitcoin
|
||||
// network could not be set due to the network already being a standard
|
||||
// network or previously-registered into this package.
|
||||
ErrDuplicateNet = errors.New("duplicate Bitcoin network")
|
||||
|
||||
// ErrUnknownHDKeyID describes an error where the provided id which
|
||||
// is intended to identify the network for a hierarchical deterministic
|
||||
// private extended key is not registered.
|
||||
ErrUnknownHDKeyID = errors.New("unknown hd private extended key bytes")
|
||||
)
|
||||
|
||||
var (
|
||||
registeredNets = make(map[wire.BitcoinNet]struct{})
|
||||
pubKeyHashAddrIDs = make(map[byte]struct{})
|
||||
scriptHashAddrIDs = make(map[byte]struct{})
|
||||
hdPrivToPubKeyIDs = make(map[[4]byte][]byte)
|
||||
)
|
||||
|
||||
// Register registers the network parameters for a Bitcoin network. This may
|
||||
// error with ErrDuplicateNet if the network is already registered (either
|
||||
// due to a previous Register call, or the network being one of the default
|
||||
// networks).
|
||||
//
|
||||
// Network parameters should be registered into this package by a main package
|
||||
// as early as possible. Then, library packages may lookup networks or network
|
||||
// parameters based on inputs and work regardless of the network being standard
|
||||
// or not.
|
||||
func Register(params *Params) error {
|
||||
if _, ok := registeredNets[params.Net]; ok {
|
||||
return ErrDuplicateNet
|
||||
}
|
||||
registeredNets[params.Net] = struct{}{}
|
||||
pubKeyHashAddrIDs[params.PubKeyHashAddrID] = struct{}{}
|
||||
scriptHashAddrIDs[params.ScriptHashAddrID] = struct{}{}
|
||||
hdPrivToPubKeyIDs[params.HDPrivateKeyID] = params.HDPublicKeyID[:]
|
||||
return nil
|
||||
}
|
||||
|
||||
// mustRegister performs the same function as Register except it panics if there
|
||||
// is an error. This should only be called from package init functions.
|
||||
func mustRegister(params *Params) {
|
||||
if err := Register(params); err != nil {
|
||||
panic("failed to register network: " + err.Error())
|
||||
}
|
||||
}
|
||||
|
||||
// IsPubKeyHashAddrID returns whether the id is an identifier known to prefix a
|
||||
// pay-to-pubkey-hash address on any default or registered network. This is
|
||||
// used when decoding an address string into a specific address type. It is up
|
||||
// to the caller to check both this and IsScriptHashAddrID and decide whether an
|
||||
// address is a pubkey hash address, script hash address, neither, or
|
||||
// undeterminable (if both return true).
|
||||
func IsPubKeyHashAddrID(id byte) bool {
|
||||
_, ok := pubKeyHashAddrIDs[id]
|
||||
return ok
|
||||
}
|
||||
|
||||
// IsScriptHashAddrID returns whether the id is an identifier known to prefix a
|
||||
// pay-to-script-hash address on any default or registered network. This is
|
||||
// used when decoding an address string into a specific address type. It is up
|
||||
// to the caller to check both this and IsPubKeyHashAddrID and decide whether an
|
||||
// address is a pubkey hash address, script hash address, neither, or
|
||||
// undeterminable (if both return true).
|
||||
func IsScriptHashAddrID(id byte) bool {
|
||||
_, ok := scriptHashAddrIDs[id]
|
||||
return ok
|
||||
}
|
||||
|
||||
// HDPrivateKeyToPublicKeyID accepts a private hierarchical deterministic
|
||||
// extended key id and returns the associated public key id. When the provided
|
||||
// id is not registered, the ErrUnknownHDKeyID error will be returned.
|
||||
func HDPrivateKeyToPublicKeyID(id []byte) ([]byte, error) {
|
||||
if len(id) != 4 {
|
||||
return nil, ErrUnknownHDKeyID
|
||||
}
|
||||
|
||||
var key [4]byte
|
||||
copy(key[:], id)
|
||||
pubBytes, ok := hdPrivToPubKeyIDs[key]
|
||||
if !ok {
|
||||
return nil, ErrUnknownHDKeyID
|
||||
}
|
||||
|
||||
return pubBytes, nil
|
||||
}
|
||||
|
||||
// newHashFromStr converts the passed big-endian hex string into a
|
||||
// chainhash.Hash. It only differs from the one available in chainhash in that
|
||||
// it panics on an error since it will only (and must only) be called with
|
||||
// hard-coded, and therefore known good, hashes.
|
||||
func newHashFromStr(hexStr string) *chainhash.Hash {
|
||||
hash, err := chainhash.NewHashFromStr(hexStr)
|
||||
if err != nil {
|
||||
// Ordinarily I don't like panics in library code since it
|
||||
// can take applications down without them having a chance to
|
||||
// recover which is extremely annoying, however an exception is
|
||||
// being made in this case because the only way this can panic
|
||||
// is if there is an error in the hard-coded hashes. Thus it
|
||||
// will only ever potentially panic on init and therefore is
|
||||
// 100% predictable.
|
||||
panic(err)
|
||||
}
|
||||
return hash
|
||||
}
|
||||
|
||||
func init() {
|
||||
// Register all default networks when the package is initialized.
|
||||
mustRegister(&MainNetParams)
|
||||
mustRegister(&TestNet3Params)
|
||||
mustRegister(&RegressionNetParams)
|
||||
mustRegister(&SimNetParams)
|
||||
}
|
114
src/vendor/github.com/btcsuite/btcd/wire/README.md
generated
vendored
Normal file
114
src/vendor/github.com/btcsuite/btcd/wire/README.md
generated
vendored
Normal file
|
@ -0,0 +1,114 @@
|
|||
wire
|
||||
====
|
||||
|
||||
[![Build Status](http://img.shields.io/travis/btcsuite/btcd.svg)]
|
||||
(https://travis-ci.org/btcsuite/btcd) [![ISC License]
|
||||
(http://img.shields.io/badge/license-ISC-blue.svg)](http://copyfree.org)
|
||||
[![GoDoc](https://img.shields.io/badge/godoc-reference-blue.svg)]
|
||||
(http://godoc.org/github.com/btcsuite/btcd/wire)
|
||||
|
||||
Package wire implements the bitcoin wire protocol. A comprehensive suite of
|
||||
tests with 100% test coverage is provided to ensure proper functionality.
|
||||
|
||||
There is an associated blog post about the release of this package
|
||||
[here](https://blog.conformal.com/btcwire-the-bitcoin-wire-protocol-package-from-btcd/).
|
||||
|
||||
This package has intentionally been designed so it can be used as a standalone
|
||||
package for any projects needing to interface with bitcoin peers at the wire
|
||||
protocol level.
|
||||
|
||||
## Installation and Updating
|
||||
|
||||
```bash
|
||||
$ go get -u github.com/btcsuite/btcd/wire
|
||||
```
|
||||
|
||||
## Bitcoin Message Overview
|
||||
|
||||
The bitcoin protocol consists of exchanging messages between peers. Each message
|
||||
is preceded by a header which identifies information about it such as which
|
||||
bitcoin network it is a part of, its type, how big it is, and a checksum to
|
||||
verify validity. All encoding and decoding of message headers is handled by this
|
||||
package.
|
||||
|
||||
To accomplish this, there is a generic interface for bitcoin messages named
|
||||
`Message` which allows messages of any type to be read, written, or passed
|
||||
around through channels, functions, etc. In addition, concrete implementations
|
||||
of most of the currently supported bitcoin messages are provided. For these
|
||||
supported messages, all of the details of marshalling and unmarshalling to and
|
||||
from the wire using bitcoin encoding are handled so the caller doesn't have to
|
||||
concern themselves with the specifics.
|
||||
|
||||
## Reading Messages Example
|
||||
|
||||
In order to unmarshal bitcoin messages from the wire, use the `ReadMessage`
|
||||
function. It accepts any `io.Reader`, but typically this will be a `net.Conn`
|
||||
to a remote node running a bitcoin peer. Example syntax is:
|
||||
|
||||
```Go
|
||||
// Use the most recent protocol version supported by the package and the
|
||||
// main bitcoin network.
|
||||
pver := wire.ProtocolVersion
|
||||
btcnet := wire.MainNet
|
||||
|
||||
// Reads and validates the next bitcoin message from conn using the
|
||||
// protocol version pver and the bitcoin network btcnet. The returns
|
||||
// are a wire.Message, a []byte which contains the unmarshalled
|
||||
// raw payload, and a possible error.
|
||||
msg, rawPayload, err := wire.ReadMessage(conn, pver, btcnet)
|
||||
if err != nil {
|
||||
// Log and handle the error
|
||||
}
|
||||
```
|
||||
|
||||
See the package documentation for details on determining the message type.
|
||||
|
||||
## Writing Messages Example
|
||||
|
||||
In order to marshal bitcoin messages to the wire, use the `WriteMessage`
|
||||
function. It accepts any `io.Writer`, but typically this will be a `net.Conn`
|
||||
to a remote node running a bitcoin peer. Example syntax to request addresses
|
||||
from a remote peer is:
|
||||
|
||||
```Go
|
||||
// Use the most recent protocol version supported by the package and the
|
||||
// main bitcoin network.
|
||||
pver := wire.ProtocolVersion
|
||||
btcnet := wire.MainNet
|
||||
|
||||
// Create a new getaddr bitcoin message.
|
||||
msg := wire.NewMsgGetAddr()
|
||||
|
||||
// Writes a bitcoin message msg to conn using the protocol version
|
||||
// pver, and the bitcoin network btcnet. The return is a possible
|
||||
// error.
|
||||
err := wire.WriteMessage(conn, msg, pver, btcnet)
|
||||
if err != nil {
|
||||
// Log and handle the error
|
||||
}
|
||||
```
|
||||
|
||||
## GPG Verification Key
|
||||
|
||||
All official release tags are signed by Conformal so users can ensure the code
|
||||
has not been tampered with and is coming from the btcsuite developers. To
|
||||
verify the signature perform the following:
|
||||
|
||||
- Download the public key from the Conformal website at
|
||||
https://opensource.conformal.com/GIT-GPG-KEY-conformal.txt
|
||||
|
||||
- Import the public key into your GPG keyring:
|
||||
```bash
|
||||
gpg --import GIT-GPG-KEY-conformal.txt
|
||||
```
|
||||
|
||||
- Verify the release tag with the following command where `TAG_NAME` is a
|
||||
placeholder for the specific tag:
|
||||
```bash
|
||||
git tag -v TAG_NAME
|
||||
```
|
||||
|
||||
## License
|
||||
|
||||
Package wire is licensed under the [copyfree](http://copyfree.org) ISC
|
||||
License.
|
141
src/vendor/github.com/btcsuite/btcd/wire/blockheader.go
generated
vendored
Normal file
141
src/vendor/github.com/btcsuite/btcd/wire/blockheader.go
generated
vendored
Normal file
|
@ -0,0 +1,141 @@
|
|||
// Copyright (c) 2013-2016 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package wire
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"io"
|
||||
"time"
|
||||
|
||||
"github.com/btcsuite/btcd/chaincfg/chainhash"
|
||||
)
|
||||
|
||||
// BlockVersion is the current latest supported block version.
|
||||
const BlockVersion = 4
|
||||
|
||||
// MaxBlockHeaderPayload is the maximum number of bytes a block header can be.
|
||||
// Version 4 bytes + Timestamp 4 bytes + Bits 4 bytes + Nonce 4 bytes +
|
||||
// PrevBlock and MerkleRoot hashes.
|
||||
const MaxBlockHeaderPayload = 16 + (chainhash.HashSize * 2)
|
||||
|
||||
// BlockHeader defines information about a block and is used in the bitcoin
|
||||
// block (MsgBlock) and headers (MsgHeaders) messages.
|
||||
type BlockHeader struct {
|
||||
// Version of the block. This is not the same as the protocol version.
|
||||
Version int32
|
||||
|
||||
// Hash of the previous block in the block chain.
|
||||
PrevBlock chainhash.Hash
|
||||
|
||||
// Merkle tree reference to hash of all transactions for the block.
|
||||
MerkleRoot chainhash.Hash
|
||||
|
||||
// Time the block was created. This is, unfortunately, encoded as a
|
||||
// uint32 on the wire and therefore is limited to 2106.
|
||||
Timestamp time.Time
|
||||
|
||||
// Difficulty target for the block.
|
||||
Bits uint32
|
||||
|
||||
// Nonce used to generate the block.
|
||||
Nonce uint32
|
||||
}
|
||||
|
||||
// blockHeaderLen is a constant that represents the number of bytes for a block
|
||||
// header.
|
||||
const blockHeaderLen = 80
|
||||
|
||||
// BlockHash computes the block identifier hash for the given block header.
|
||||
func (h *BlockHeader) BlockHash() chainhash.Hash {
|
||||
// Encode the header and double sha256 everything prior to the number of
|
||||
// transactions. Ignore the error returns since there is no way the
|
||||
// encode could fail except being out of memory which would cause a
|
||||
// run-time panic.
|
||||
var buf bytes.Buffer
|
||||
_ = writeBlockHeader(&buf, 0, h)
|
||||
|
||||
return chainhash.DoubleHashH(buf.Bytes())
|
||||
}
|
||||
|
||||
// BtcDecode decodes r using the bitcoin protocol encoding into the receiver.
|
||||
// This is part of the Message interface implementation.
|
||||
// See Deserialize for decoding block headers stored to disk, such as in a
|
||||
// database, as opposed to decoding block headers from the wire.
|
||||
func (h *BlockHeader) BtcDecode(r io.Reader, pver uint32) error {
|
||||
return readBlockHeader(r, pver, h)
|
||||
}
|
||||
|
||||
// BtcEncode encodes the receiver to w using the bitcoin protocol encoding.
|
||||
// This is part of the Message interface implementation.
|
||||
// See Serialize for encoding block headers to be stored to disk, such as in a
|
||||
// database, as opposed to encoding block headers for the wire.
|
||||
func (h *BlockHeader) BtcEncode(w io.Writer, pver uint32) error {
|
||||
return writeBlockHeader(w, pver, h)
|
||||
}
|
||||
|
||||
// Deserialize decodes a block header from r into the receiver using a format
|
||||
// that is suitable for long-term storage such as a database while respecting
|
||||
// the Version field.
|
||||
func (h *BlockHeader) Deserialize(r io.Reader) error {
|
||||
// At the current time, there is no difference between the wire encoding
|
||||
// at protocol version 0 and the stable long-term storage format. As
|
||||
// a result, make use of readBlockHeader.
|
||||
return readBlockHeader(r, 0, h)
|
||||
}
|
||||
|
||||
// Serialize encodes a block header from r into the receiver using a format
|
||||
// that is suitable for long-term storage such as a database while respecting
|
||||
// the Version field.
|
||||
func (h *BlockHeader) Serialize(w io.Writer) error {
|
||||
// At the current time, there is no difference between the wire encoding
|
||||
// at protocol version 0 and the stable long-term storage format. As
|
||||
// a result, make use of writeBlockHeader.
|
||||
return writeBlockHeader(w, 0, h)
|
||||
}
|
||||
|
||||
// NewBlockHeader returns a new BlockHeader using the provided previous block
|
||||
// hash, merkle root hash, difficulty bits, and nonce used to generate the
|
||||
// block with defaults for the remaining fields.
|
||||
func NewBlockHeader(prevHash *chainhash.Hash, merkleRootHash *chainhash.Hash,
|
||||
bits uint32, nonce uint32) *BlockHeader {
|
||||
|
||||
// Limit the timestamp to one second precision since the protocol
|
||||
// doesn't support better.
|
||||
return &BlockHeader{
|
||||
Version: BlockVersion,
|
||||
PrevBlock: *prevHash,
|
||||
MerkleRoot: *merkleRootHash,
|
||||
Timestamp: time.Unix(time.Now().Unix(), 0),
|
||||
Bits: bits,
|
||||
Nonce: nonce,
|
||||
}
|
||||
}
|
||||
|
||||
// readBlockHeader reads a bitcoin block header from r. See Deserialize for
|
||||
// decoding block headers stored to disk, such as in a database, as opposed to
|
||||
// decoding from the wire.
|
||||
func readBlockHeader(r io.Reader, pver uint32, bh *BlockHeader) error {
|
||||
err := readElements(r, &bh.Version, &bh.PrevBlock, &bh.MerkleRoot,
|
||||
(*uint32Time)(&bh.Timestamp), &bh.Bits, &bh.Nonce)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// writeBlockHeader writes a bitcoin block header to w. See Serialize for
|
||||
// encoding block headers to be stored to disk, such as in a database, as
|
||||
// opposed to encoding for the wire.
|
||||
func writeBlockHeader(w io.Writer, pver uint32, bh *BlockHeader) error {
|
||||
sec := uint32(bh.Timestamp.Unix())
|
||||
err := writeElements(w, bh.Version, &bh.PrevBlock, &bh.MerkleRoot,
|
||||
sec, bh.Bits, bh.Nonce)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
695
src/vendor/github.com/btcsuite/btcd/wire/common.go
generated
vendored
Normal file
695
src/vendor/github.com/btcsuite/btcd/wire/common.go
generated
vendored
Normal file
|
@ -0,0 +1,695 @@
|
|||
// Copyright (c) 2013-2016 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package wire
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"encoding/binary"
|
||||
"fmt"
|
||||
"io"
|
||||
"math"
|
||||
"time"
|
||||
|
||||
"github.com/btcsuite/btcd/chaincfg/chainhash"
|
||||
)
|
||||
|
||||
const (
|
||||
// MaxVarIntPayload is the maximum payload size for a variable length integer.
|
||||
MaxVarIntPayload = 9
|
||||
|
||||
// binaryFreeListMaxItems is the number of buffers to keep in the free
|
||||
// list to use for binary serialization and deserialization.
|
||||
binaryFreeListMaxItems = 1024
|
||||
)
|
||||
|
||||
var (
|
||||
// littleEndian is a convenience variable since binary.LittleEndian is
|
||||
// quite long.
|
||||
littleEndian = binary.LittleEndian
|
||||
|
||||
// bigEndian is a convenience variable since binary.BigEndian is quite
|
||||
// long.
|
||||
bigEndian = binary.BigEndian
|
||||
)
|
||||
|
||||
// binaryFreeList defines a concurrent safe free list of byte slices (up to the
|
||||
// maximum number defined by the binaryFreeListMaxItems constant) that have a
|
||||
// cap of 8 (thus it supports up to a uint64). It is used to provide temporary
|
||||
// buffers for serializing and deserializing primitive numbers to and from their
|
||||
// binary encoding in order to greatly reduce the number of allocations
|
||||
// required.
|
||||
//
|
||||
// For convenience, functions are provided for each of the primitive unsigned
|
||||
// integers that automatically obtain a buffer from the free list, perform the
|
||||
// necessary binary conversion, read from or write to the given io.Reader or
|
||||
// io.Writer, and return the buffer to the free list.
|
||||
type binaryFreeList chan []byte
|
||||
|
||||
// Borrow returns a byte slice from the free list with a length of 8. A new
|
||||
// buffer is allocated if there are not any available on the free list.
|
||||
func (l binaryFreeList) Borrow() []byte {
|
||||
var buf []byte
|
||||
select {
|
||||
case buf = <-l:
|
||||
default:
|
||||
buf = make([]byte, 8)
|
||||
}
|
||||
return buf[:8]
|
||||
}
|
||||
|
||||
// Return puts the provided byte slice back on the free list. The buffer MUST
|
||||
// have been obtained via the Borrow function and therefore have a cap of 8.
|
||||
func (l binaryFreeList) Return(buf []byte) {
|
||||
select {
|
||||
case l <- buf:
|
||||
default:
|
||||
// Let it go to the garbage collector.
|
||||
}
|
||||
}
|
||||
|
||||
// Uint8 reads a single byte from the provided reader using a buffer from the
|
||||
// free list and returns it as a uint8.
|
||||
func (l binaryFreeList) Uint8(r io.Reader) (uint8, error) {
|
||||
buf := l.Borrow()[:1]
|
||||
if _, err := io.ReadFull(r, buf); err != nil {
|
||||
l.Return(buf)
|
||||
return 0, err
|
||||
}
|
||||
rv := buf[0]
|
||||
l.Return(buf)
|
||||
return rv, nil
|
||||
}
|
||||
|
||||
// Uint16 reads two bytes from the provided reader using a buffer from the
|
||||
// free list, converts it to a number using the provided byte order, and returns
|
||||
// the resulting uint16.
|
||||
func (l binaryFreeList) Uint16(r io.Reader, byteOrder binary.ByteOrder) (uint16, error) {
|
||||
buf := l.Borrow()[:2]
|
||||
if _, err := io.ReadFull(r, buf); err != nil {
|
||||
l.Return(buf)
|
||||
return 0, err
|
||||
}
|
||||
rv := byteOrder.Uint16(buf)
|
||||
l.Return(buf)
|
||||
return rv, nil
|
||||
}
|
||||
|
||||
// Uint32 reads four bytes from the provided reader using a buffer from the
|
||||
// free list, converts it to a number using the provided byte order, and returns
|
||||
// the resulting uint32.
|
||||
func (l binaryFreeList) Uint32(r io.Reader, byteOrder binary.ByteOrder) (uint32, error) {
|
||||
buf := l.Borrow()[:4]
|
||||
if _, err := io.ReadFull(r, buf); err != nil {
|
||||
l.Return(buf)
|
||||
return 0, err
|
||||
}
|
||||
rv := byteOrder.Uint32(buf)
|
||||
l.Return(buf)
|
||||
return rv, nil
|
||||
}
|
||||
|
||||
// Uint64 reads eight bytes from the provided reader using a buffer from the
|
||||
// free list, converts it to a number using the provided byte order, and returns
|
||||
// the resulting uint64.
|
||||
func (l binaryFreeList) Uint64(r io.Reader, byteOrder binary.ByteOrder) (uint64, error) {
|
||||
buf := l.Borrow()[:8]
|
||||
if _, err := io.ReadFull(r, buf); err != nil {
|
||||
l.Return(buf)
|
||||
return 0, err
|
||||
}
|
||||
rv := byteOrder.Uint64(buf)
|
||||
l.Return(buf)
|
||||
return rv, nil
|
||||
}
|
||||
|
||||
// PutUint8 copies the provided uint8 into a buffer from the free list and
|
||||
// writes the resulting byte to the given writer.
|
||||
func (l binaryFreeList) PutUint8(w io.Writer, val uint8) error {
|
||||
buf := l.Borrow()[:1]
|
||||
buf[0] = val
|
||||
_, err := w.Write(buf)
|
||||
l.Return(buf)
|
||||
return err
|
||||
}
|
||||
|
||||
// PutUint16 serializes the provided uint16 using the given byte order into a
|
||||
// buffer from the free list and writes the resulting two bytes to the given
|
||||
// writer.
|
||||
func (l binaryFreeList) PutUint16(w io.Writer, byteOrder binary.ByteOrder, val uint16) error {
|
||||
buf := l.Borrow()[:2]
|
||||
byteOrder.PutUint16(buf, val)
|
||||
_, err := w.Write(buf)
|
||||
l.Return(buf)
|
||||
return err
|
||||
}
|
||||
|
||||
// PutUint32 serializes the provided uint32 using the given byte order into a
|
||||
// buffer from the free list and writes the resulting four bytes to the given
|
||||
// writer.
|
||||
func (l binaryFreeList) PutUint32(w io.Writer, byteOrder binary.ByteOrder, val uint32) error {
|
||||
buf := l.Borrow()[:4]
|
||||
byteOrder.PutUint32(buf, val)
|
||||
_, err := w.Write(buf)
|
||||
l.Return(buf)
|
||||
return err
|
||||
}
|
||||
|
||||
// PutUint64 serializes the provided uint64 using the given byte order into a
|
||||
// buffer from the free list and writes the resulting eight bytes to the given
|
||||
// writer.
|
||||
func (l binaryFreeList) PutUint64(w io.Writer, byteOrder binary.ByteOrder, val uint64) error {
|
||||
buf := l.Borrow()[:8]
|
||||
byteOrder.PutUint64(buf, val)
|
||||
_, err := w.Write(buf)
|
||||
l.Return(buf)
|
||||
return err
|
||||
}
|
||||
|
||||
// binarySerializer provides a free list of buffers to use for serializing and
|
||||
// deserializing primitive integer values to and from io.Readers and io.Writers.
|
||||
var binarySerializer binaryFreeList = make(chan []byte, binaryFreeListMaxItems)
|
||||
|
||||
// errNonCanonicalVarInt is the common format string used for non-canonically
|
||||
// encoded variable length integer errors.
|
||||
var errNonCanonicalVarInt = "non-canonical varint %x - discriminant %x must " +
|
||||
"encode a value greater than %x"
|
||||
|
||||
// uint32Time represents a unix timestamp encoded with a uint32. It is used as
|
||||
// a way to signal the readElement function how to decode a timestamp into a Go
|
||||
// time.Time since it is otherwise ambiguous.
|
||||
type uint32Time time.Time
|
||||
|
||||
// int64Time represents a unix timestamp encoded with an int64. It is used as
|
||||
// a way to signal the readElement function how to decode a timestamp into a Go
|
||||
// time.Time since it is otherwise ambiguous.
|
||||
type int64Time time.Time
|
||||
|
||||
// readElement reads the next sequence of bytes from r using little endian
|
||||
// depending on the concrete type of element pointed to.
|
||||
func readElement(r io.Reader, element interface{}) error {
|
||||
// Attempt to read the element based on the concrete type via fast
|
||||
// type assertions first.
|
||||
switch e := element.(type) {
|
||||
case *int32:
|
||||
rv, err := binarySerializer.Uint32(r, littleEndian)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
*e = int32(rv)
|
||||
return nil
|
||||
|
||||
case *uint32:
|
||||
rv, err := binarySerializer.Uint32(r, littleEndian)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
*e = rv
|
||||
return nil
|
||||
|
||||
case *int64:
|
||||
rv, err := binarySerializer.Uint64(r, littleEndian)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
*e = int64(rv)
|
||||
return nil
|
||||
|
||||
case *uint64:
|
||||
rv, err := binarySerializer.Uint64(r, littleEndian)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
*e = rv
|
||||
return nil
|
||||
|
||||
case *bool:
|
||||
rv, err := binarySerializer.Uint8(r)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if rv == 0x00 {
|
||||
*e = false
|
||||
} else {
|
||||
*e = true
|
||||
}
|
||||
return nil
|
||||
|
||||
// Unix timestamp encoded as a uint32.
|
||||
case *uint32Time:
|
||||
rv, err := binarySerializer.Uint32(r, binary.LittleEndian)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
*e = uint32Time(time.Unix(int64(rv), 0))
|
||||
return nil
|
||||
|
||||
// Unix timestamp encoded as an int64.
|
||||
case *int64Time:
|
||||
rv, err := binarySerializer.Uint64(r, binary.LittleEndian)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
*e = int64Time(time.Unix(int64(rv), 0))
|
||||
return nil
|
||||
|
||||
// Message header checksum.
|
||||
case *[4]byte:
|
||||
_, err := io.ReadFull(r, e[:])
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
|
||||
// Message header command.
|
||||
case *[CommandSize]uint8:
|
||||
_, err := io.ReadFull(r, e[:])
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
|
||||
// IP address.
|
||||
case *[16]byte:
|
||||
_, err := io.ReadFull(r, e[:])
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
|
||||
case *chainhash.Hash:
|
||||
_, err := io.ReadFull(r, e[:])
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
|
||||
case *ServiceFlag:
|
||||
rv, err := binarySerializer.Uint64(r, littleEndian)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
*e = ServiceFlag(rv)
|
||||
return nil
|
||||
|
||||
case *InvType:
|
||||
rv, err := binarySerializer.Uint32(r, littleEndian)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
*e = InvType(rv)
|
||||
return nil
|
||||
|
||||
case *BitcoinNet:
|
||||
rv, err := binarySerializer.Uint32(r, littleEndian)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
*e = BitcoinNet(rv)
|
||||
return nil
|
||||
|
||||
case *BloomUpdateType:
|
||||
rv, err := binarySerializer.Uint8(r)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
*e = BloomUpdateType(rv)
|
||||
return nil
|
||||
|
||||
case *RejectCode:
|
||||
rv, err := binarySerializer.Uint8(r)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
*e = RejectCode(rv)
|
||||
return nil
|
||||
}
|
||||
|
||||
// Fall back to the slower binary.Read if a fast path was not available
|
||||
// above.
|
||||
return binary.Read(r, littleEndian, element)
|
||||
}
|
||||
|
||||
// readElements reads multiple items from r. It is equivalent to multiple
|
||||
// calls to readElement.
|
||||
func readElements(r io.Reader, elements ...interface{}) error {
|
||||
for _, element := range elements {
|
||||
err := readElement(r, element)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// writeElement writes the little endian representation of element to w.
|
||||
func writeElement(w io.Writer, element interface{}) error {
|
||||
// Attempt to write the element based on the concrete type via fast
|
||||
// type assertions first.
|
||||
switch e := element.(type) {
|
||||
case int32:
|
||||
err := binarySerializer.PutUint32(w, littleEndian, uint32(e))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
|
||||
case uint32:
|
||||
err := binarySerializer.PutUint32(w, littleEndian, e)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
|
||||
case int64:
|
||||
err := binarySerializer.PutUint64(w, littleEndian, uint64(e))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
|
||||
case uint64:
|
||||
err := binarySerializer.PutUint64(w, littleEndian, e)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
|
||||
case bool:
|
||||
var err error
|
||||
if e == true {
|
||||
err = binarySerializer.PutUint8(w, 0x01)
|
||||
} else {
|
||||
err = binarySerializer.PutUint8(w, 0x00)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
|
||||
// Message header checksum.
|
||||
case [4]byte:
|
||||
_, err := w.Write(e[:])
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
|
||||
// Message header command.
|
||||
case [CommandSize]uint8:
|
||||
_, err := w.Write(e[:])
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
|
||||
// IP address.
|
||||
case [16]byte:
|
||||
_, err := w.Write(e[:])
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
|
||||
case *chainhash.Hash:
|
||||
_, err := w.Write(e[:])
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
|
||||
case ServiceFlag:
|
||||
err := binarySerializer.PutUint64(w, littleEndian, uint64(e))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
|
||||
case InvType:
|
||||
err := binarySerializer.PutUint32(w, littleEndian, uint32(e))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
|
||||
case BitcoinNet:
|
||||
err := binarySerializer.PutUint32(w, littleEndian, uint32(e))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
|
||||
case BloomUpdateType:
|
||||
err := binarySerializer.PutUint8(w, uint8(e))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
|
||||
case RejectCode:
|
||||
err := binarySerializer.PutUint8(w, uint8(e))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// Fall back to the slower binary.Write if a fast path was not available
|
||||
// above.
|
||||
return binary.Write(w, littleEndian, element)
|
||||
}
|
||||
|
||||
// writeElements writes multiple items to w. It is equivalent to multiple
|
||||
// calls to writeElement.
|
||||
func writeElements(w io.Writer, elements ...interface{}) error {
|
||||
for _, element := range elements {
|
||||
err := writeElement(w, element)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// ReadVarInt reads a variable length integer from r and returns it as a uint64.
|
||||
func ReadVarInt(r io.Reader, pver uint32) (uint64, error) {
|
||||
discriminant, err := binarySerializer.Uint8(r)
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
|
||||
var rv uint64
|
||||
switch discriminant {
|
||||
case 0xff:
|
||||
sv, err := binarySerializer.Uint64(r, littleEndian)
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
rv = sv
|
||||
|
||||
// The encoding is not canonical if the value could have been
|
||||
// encoded using fewer bytes.
|
||||
min := uint64(0x100000000)
|
||||
if rv < min {
|
||||
return 0, messageError("ReadVarInt", fmt.Sprintf(
|
||||
errNonCanonicalVarInt, rv, discriminant, min))
|
||||
}
|
||||
|
||||
case 0xfe:
|
||||
sv, err := binarySerializer.Uint32(r, littleEndian)
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
rv = uint64(sv)
|
||||
|
||||
// The encoding is not canonical if the value could have been
|
||||
// encoded using fewer bytes.
|
||||
min := uint64(0x10000)
|
||||
if rv < min {
|
||||
return 0, messageError("ReadVarInt", fmt.Sprintf(
|
||||
errNonCanonicalVarInt, rv, discriminant, min))
|
||||
}
|
||||
|
||||
case 0xfd:
|
||||
sv, err := binarySerializer.Uint16(r, littleEndian)
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
rv = uint64(sv)
|
||||
|
||||
// The encoding is not canonical if the value could have been
|
||||
// encoded using fewer bytes.
|
||||
min := uint64(0xfd)
|
||||
if rv < min {
|
||||
return 0, messageError("ReadVarInt", fmt.Sprintf(
|
||||
errNonCanonicalVarInt, rv, discriminant, min))
|
||||
}
|
||||
|
||||
default:
|
||||
rv = uint64(discriminant)
|
||||
}
|
||||
|
||||
return rv, nil
|
||||
}
|
||||
|
||||
// WriteVarInt serializes val to w using a variable number of bytes depending
|
||||
// on its value.
|
||||
func WriteVarInt(w io.Writer, pver uint32, val uint64) error {
|
||||
if val < 0xfd {
|
||||
return binarySerializer.PutUint8(w, uint8(val))
|
||||
}
|
||||
|
||||
if val <= math.MaxUint16 {
|
||||
err := binarySerializer.PutUint8(w, 0xfd)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return binarySerializer.PutUint16(w, littleEndian, uint16(val))
|
||||
}
|
||||
|
||||
if val <= math.MaxUint32 {
|
||||
err := binarySerializer.PutUint8(w, 0xfe)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return binarySerializer.PutUint32(w, littleEndian, uint32(val))
|
||||
}
|
||||
|
||||
err := binarySerializer.PutUint8(w, 0xff)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return binarySerializer.PutUint64(w, littleEndian, val)
|
||||
}
|
||||
|
||||
// VarIntSerializeSize returns the number of bytes it would take to serialize
|
||||
// val as a variable length integer.
|
||||
func VarIntSerializeSize(val uint64) int {
|
||||
// The value is small enough to be represented by itself, so it's
|
||||
// just 1 byte.
|
||||
if val < 0xfd {
|
||||
return 1
|
||||
}
|
||||
|
||||
// Discriminant 1 byte plus 2 bytes for the uint16.
|
||||
if val <= math.MaxUint16 {
|
||||
return 3
|
||||
}
|
||||
|
||||
// Discriminant 1 byte plus 4 bytes for the uint32.
|
||||
if val <= math.MaxUint32 {
|
||||
return 5
|
||||
}
|
||||
|
||||
// Discriminant 1 byte plus 8 bytes for the uint64.
|
||||
return 9
|
||||
}
|
||||
|
||||
// ReadVarString reads a variable length string from r and returns it as a Go
|
||||
// string. A variable length string is encoded as a variable length integer
|
||||
// containing the length of the string followed by the bytes that represent the
|
||||
// string itself. An error is returned if the length is greater than the
|
||||
// maximum block payload size since it helps protect against memory exhaustion
|
||||
// attacks and forced panics through malformed messages.
|
||||
func ReadVarString(r io.Reader, pver uint32) (string, error) {
|
||||
count, err := ReadVarInt(r, pver)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
// Prevent variable length strings that are larger than the maximum
|
||||
// message size. It would be possible to cause memory exhaustion and
|
||||
// panics without a sane upper bound on this count.
|
||||
if count > MaxMessagePayload {
|
||||
str := fmt.Sprintf("variable length string is too long "+
|
||||
"[count %d, max %d]", count, MaxMessagePayload)
|
||||
return "", messageError("ReadVarString", str)
|
||||
}
|
||||
|
||||
buf := make([]byte, count)
|
||||
_, err = io.ReadFull(r, buf)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
return string(buf), nil
|
||||
}
|
||||
|
||||
// WriteVarString serializes str to w as a variable length integer containing
|
||||
// the length of the string followed by the bytes that represent the string
|
||||
// itself.
|
||||
func WriteVarString(w io.Writer, pver uint32, str string) error {
|
||||
err := WriteVarInt(w, pver, uint64(len(str)))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
_, err = w.Write([]byte(str))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// ReadVarBytes reads a variable length byte array. A byte array is encoded
|
||||
// as a varInt containing the length of the array followed by the bytes
|
||||
// themselves. An error is returned if the length is greater than the
|
||||
// passed maxAllowed parameter which helps protect against memory exhuastion
|
||||
// attacks and forced panics thorugh malformed messages. The fieldName
|
||||
// parameter is only used for the error message so it provides more context in
|
||||
// the error.
|
||||
func ReadVarBytes(r io.Reader, pver uint32, maxAllowed uint32,
|
||||
fieldName string) ([]byte, error) {
|
||||
|
||||
count, err := ReadVarInt(r, pver)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Prevent byte array larger than the max message size. It would
|
||||
// be possible to cause memory exhaustion and panics without a sane
|
||||
// upper bound on this count.
|
||||
if count > uint64(maxAllowed) {
|
||||
str := fmt.Sprintf("%s is larger than the max allowed size "+
|
||||
"[count %d, max %d]", fieldName, count, maxAllowed)
|
||||
return nil, messageError("ReadVarBytes", str)
|
||||
}
|
||||
|
||||
b := make([]byte, count)
|
||||
_, err = io.ReadFull(r, b)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return b, nil
|
||||
}
|
||||
|
||||
// WriteVarBytes serializes a variable length byte array to w as a varInt
|
||||
// containing the number of bytes, followed by the bytes themselves.
|
||||
func WriteVarBytes(w io.Writer, pver uint32, bytes []byte) error {
|
||||
slen := uint64(len(bytes))
|
||||
err := WriteVarInt(w, pver, slen)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
_, err = w.Write(bytes)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// randomUint64 returns a cryptographically random uint64 value. This
|
||||
// unexported version takes a reader primarily to ensure the error paths
|
||||
// can be properly tested by passing a fake reader in the tests.
|
||||
func randomUint64(r io.Reader) (uint64, error) {
|
||||
rv, err := binarySerializer.Uint64(r, bigEndian)
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
return rv, nil
|
||||
}
|
||||
|
||||
// RandomUint64 returns a cryptographically random uint64 value.
|
||||
func RandomUint64() (uint64, error) {
|
||||
return randomUint64(rand.Reader)
|
||||
}
|
161
src/vendor/github.com/btcsuite/btcd/wire/doc.go
generated
vendored
Normal file
161
src/vendor/github.com/btcsuite/btcd/wire/doc.go
generated
vendored
Normal file
|
@ -0,0 +1,161 @@
|
|||
// Copyright (c) 2013-2016 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
/*
|
||||
Package wire implements the bitcoin wire protocol.
|
||||
|
||||
For the complete details of the bitcoin protocol, see the official wiki entry
|
||||
at https://en.bitcoin.it/wiki/Protocol_specification. The following only serves
|
||||
as a quick overview to provide information on how to use the package.
|
||||
|
||||
At a high level, this package provides support for marshalling and unmarshalling
|
||||
supported bitcoin messages to and from the wire. This package does not deal
|
||||
with the specifics of message handling such as what to do when a message is
|
||||
received. This provides the caller with a high level of flexibility.
|
||||
|
||||
Bitcoin Message Overview
|
||||
|
||||
The bitcoin protocol consists of exchanging messages between peers. Each
|
||||
message is preceded by a header which identifies information about it such as
|
||||
which bitcoin network it is a part of, its type, how big it is, and a checksum
|
||||
to verify validity. All encoding and decoding of message headers is handled by
|
||||
this package.
|
||||
|
||||
To accomplish this, there is a generic interface for bitcoin messages named
|
||||
Message which allows messages of any type to be read, written, or passed around
|
||||
through channels, functions, etc. In addition, concrete implementations of most
|
||||
of the currently supported bitcoin messages are provided. For these supported
|
||||
messages, all of the details of marshalling and unmarshalling to and from the
|
||||
wire using bitcoin encoding are handled so the caller doesn't have to concern
|
||||
themselves with the specifics.
|
||||
|
||||
Message Interaction
|
||||
|
||||
The following provides a quick summary of how the bitcoin messages are intended
|
||||
to interact with one another. As stated above, these interactions are not
|
||||
directly handled by this package. For more in-depth details about the
|
||||
appropriate interactions, see the official bitcoin protocol wiki entry at
|
||||
https://en.bitcoin.it/wiki/Protocol_specification.
|
||||
|
||||
The initial handshake consists of two peers sending each other a version message
|
||||
(MsgVersion) followed by responding with a verack message (MsgVerAck). Both
|
||||
peers use the information in the version message (MsgVersion) to negotiate
|
||||
things such as protocol version and supported services with each other. Once
|
||||
the initial handshake is complete, the following chart indicates message
|
||||
interactions in no particular order.
|
||||
|
||||
Peer A Sends Peer B Responds
|
||||
----------------------------------------------------------------------------
|
||||
getaddr message (MsgGetAddr) addr message (MsgAddr)
|
||||
getblocks message (MsgGetBlocks) inv message (MsgInv)
|
||||
inv message (MsgInv) getdata message (MsgGetData)
|
||||
getdata message (MsgGetData) block message (MsgBlock) -or-
|
||||
tx message (MsgTx) -or-
|
||||
notfound message (MsgNotFound)
|
||||
getheaders message (MsgGetHeaders) headers message (MsgHeaders)
|
||||
ping message (MsgPing) pong message (MsgHeaders)* -or-
|
||||
(none -- Ability to send message is enough)
|
||||
|
||||
NOTES:
|
||||
* The pong message was not added until later protocol versions as defined
|
||||
in BIP0031. The BIP0031Version constant can be used to detect a recent
|
||||
enough protocol version for this purpose (version > BIP0031Version).
|
||||
|
||||
Common Parameters
|
||||
|
||||
There are several common parameters that arise when using this package to read
|
||||
and write bitcoin messages. The following sections provide a quick overview of
|
||||
these parameters so the next sections can build on them.
|
||||
|
||||
Protocol Version
|
||||
|
||||
The protocol version should be negotiated with the remote peer at a higher
|
||||
level than this package via the version (MsgVersion) message exchange, however,
|
||||
this package provides the wire.ProtocolVersion constant which indicates the
|
||||
latest protocol version this package supports and is typically the value to use
|
||||
for all outbound connections before a potentially lower protocol version is
|
||||
negotiated.
|
||||
|
||||
Bitcoin Network
|
||||
|
||||
The bitcoin network is a magic number which is used to identify the start of a
|
||||
message and which bitcoin network the message applies to. This package provides
|
||||
the following constants:
|
||||
|
||||
wire.MainNet
|
||||
wire.TestNet (Regression test network)
|
||||
wire.TestNet3 (Test network version 3)
|
||||
wire.SimNet (Simulation test network)
|
||||
|
||||
Determining Message Type
|
||||
|
||||
As discussed in the bitcoin message overview section, this package reads
|
||||
and writes bitcoin messages using a generic interface named Message. In
|
||||
order to determine the actual concrete type of the message, use a type
|
||||
switch or type assertion. An example of a type switch follows:
|
||||
|
||||
// Assumes msg is already a valid concrete message such as one created
|
||||
// via NewMsgVersion or read via ReadMessage.
|
||||
switch msg := msg.(type) {
|
||||
case *wire.MsgVersion:
|
||||
// The message is a pointer to a MsgVersion struct.
|
||||
fmt.Printf("Protocol version: %v", msg.ProtocolVersion)
|
||||
case *wire.MsgBlock:
|
||||
// The message is a pointer to a MsgBlock struct.
|
||||
fmt.Printf("Number of tx in block: %v", msg.Header.TxnCount)
|
||||
}
|
||||
|
||||
Reading Messages
|
||||
|
||||
In order to unmarshall bitcoin messages from the wire, use the ReadMessage
|
||||
function. It accepts any io.Reader, but typically this will be a net.Conn to
|
||||
a remote node running a bitcoin peer. Example syntax is:
|
||||
|
||||
// Reads and validates the next bitcoin message from conn using the
|
||||
// protocol version pver and the bitcoin network btcnet. The returns
|
||||
// are a wire.Message, a []byte which contains the unmarshalled
|
||||
// raw payload, and a possible error.
|
||||
msg, rawPayload, err := wire.ReadMessage(conn, pver, btcnet)
|
||||
if err != nil {
|
||||
// Log and handle the error
|
||||
}
|
||||
|
||||
Writing Messages
|
||||
|
||||
In order to marshall bitcoin messages to the wire, use the WriteMessage
|
||||
function. It accepts any io.Writer, but typically this will be a net.Conn to
|
||||
a remote node running a bitcoin peer. Example syntax to request addresses
|
||||
from a remote peer is:
|
||||
|
||||
// Create a new getaddr bitcoin message.
|
||||
msg := wire.NewMsgGetAddr()
|
||||
|
||||
// Writes a bitcoin message msg to conn using the protocol version
|
||||
// pver, and the bitcoin network btcnet. The return is a possible
|
||||
// error.
|
||||
err := wire.WriteMessage(conn, msg, pver, btcnet)
|
||||
if err != nil {
|
||||
// Log and handle the error
|
||||
}
|
||||
|
||||
Errors
|
||||
|
||||
Errors returned by this package are either the raw errors provided by underlying
|
||||
calls to read/write from streams such as io.EOF, io.ErrUnexpectedEOF, and
|
||||
io.ErrShortWrite, or of type wire.MessageError. This allows the caller to
|
||||
differentiate between general IO errors and malformed messages through type
|
||||
assertions.
|
||||
|
||||
Bitcoin Improvement Proposals
|
||||
|
||||
This package includes spec changes outlined by the following BIPs:
|
||||
|
||||
BIP0014 (https://github.com/bitcoin/bips/blob/master/bip-0014.mediawiki)
|
||||
BIP0031 (https://github.com/bitcoin/bips/blob/master/bip-0031.mediawiki)
|
||||
BIP0035 (https://github.com/bitcoin/bips/blob/master/bip-0035.mediawiki)
|
||||
BIP0037 (https://github.com/bitcoin/bips/blob/master/bip-0037.mediawiki)
|
||||
BIP0111 (https://github.com/bitcoin/bips/blob/master/bip-0111.mediawiki)
|
||||
BIP0130 (https://github.com/bitcoin/bips/blob/master/bip-0130.mediawiki)
|
||||
*/
|
||||
package wire
|
34
src/vendor/github.com/btcsuite/btcd/wire/error.go
generated
vendored
Normal file
34
src/vendor/github.com/btcsuite/btcd/wire/error.go
generated
vendored
Normal file
|
@ -0,0 +1,34 @@
|
|||
// Copyright (c) 2013-2015 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package wire
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
)
|
||||
|
||||
// MessageError describes an issue with a message.
|
||||
// An example of some potential issues are messages from the wrong bitcoin
|
||||
// network, invalid commands, mismatched checksums, and exceeding max payloads.
|
||||
//
|
||||
// This provides a mechanism for the caller to type assert the error to
|
||||
// differentiate between general io errors such as io.EOF and issues that
|
||||
// resulted from malformed messages.
|
||||
type MessageError struct {
|
||||
Func string // Function name
|
||||
Description string // Human readable description of the issue
|
||||
}
|
||||
|
||||
// Error satisfies the error interface and prints human-readable errors.
|
||||
func (e *MessageError) Error() string {
|
||||
if e.Func != "" {
|
||||
return fmt.Sprintf("%v: %v", e.Func, e.Description)
|
||||
}
|
||||
return e.Description
|
||||
}
|
||||
|
||||
// messageError creates an error for the given function and description.
|
||||
func messageError(f string, desc string) *MessageError {
|
||||
return &MessageError{Func: f, Description: desc}
|
||||
}
|
84
src/vendor/github.com/btcsuite/btcd/wire/invvect.go
generated
vendored
Normal file
84
src/vendor/github.com/btcsuite/btcd/wire/invvect.go
generated
vendored
Normal file
|
@ -0,0 +1,84 @@
|
|||
// Copyright (c) 2013-2016 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package wire
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io"
|
||||
|
||||
"github.com/btcsuite/btcd/chaincfg/chainhash"
|
||||
)
|
||||
|
||||
const (
|
||||
// MaxInvPerMsg is the maximum number of inventory vectors that can be in a
|
||||
// single bitcoin inv message.
|
||||
MaxInvPerMsg = 50000
|
||||
|
||||
// Maximum payload size for an inventory vector.
|
||||
maxInvVectPayload = 4 + chainhash.HashSize
|
||||
)
|
||||
|
||||
// InvType represents the allowed types of inventory vectors. See InvVect.
|
||||
type InvType uint32
|
||||
|
||||
// These constants define the various supported inventory vector types.
|
||||
const (
|
||||
InvTypeError InvType = 0
|
||||
InvTypeTx InvType = 1
|
||||
InvTypeBlock InvType = 2
|
||||
InvTypeFilteredBlock InvType = 3
|
||||
)
|
||||
|
||||
// Map of service flags back to their constant names for pretty printing.
|
||||
var ivStrings = map[InvType]string{
|
||||
InvTypeError: "ERROR",
|
||||
InvTypeTx: "MSG_TX",
|
||||
InvTypeBlock: "MSG_BLOCK",
|
||||
InvTypeFilteredBlock: "MSG_FILTERED_BLOCK",
|
||||
}
|
||||
|
||||
// String returns the InvType in human-readable form.
|
||||
func (invtype InvType) String() string {
|
||||
if s, ok := ivStrings[invtype]; ok {
|
||||
return s
|
||||
}
|
||||
|
||||
return fmt.Sprintf("Unknown InvType (%d)", uint32(invtype))
|
||||
}
|
||||
|
||||
// InvVect defines a bitcoin inventory vector which is used to describe data,
|
||||
// as specified by the Type field, that a peer wants, has, or does not have to
|
||||
// another peer.
|
||||
type InvVect struct {
|
||||
Type InvType // Type of data
|
||||
Hash chainhash.Hash // Hash of the data
|
||||
}
|
||||
|
||||
// NewInvVect returns a new InvVect using the provided type and hash.
|
||||
func NewInvVect(typ InvType, hash *chainhash.Hash) *InvVect {
|
||||
return &InvVect{
|
||||
Type: typ,
|
||||
Hash: *hash,
|
||||
}
|
||||
}
|
||||
|
||||
// readInvVect reads an encoded InvVect from r depending on the protocol
|
||||
// version.
|
||||
func readInvVect(r io.Reader, pver uint32, iv *InvVect) error {
|
||||
err := readElements(r, &iv.Type, &iv.Hash)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// writeInvVect serializes an InvVect to w depending on the protocol version.
|
||||
func writeInvVect(w io.Writer, pver uint32, iv *InvVect) error {
|
||||
err := writeElements(w, iv.Type, &iv.Hash)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
371
src/vendor/github.com/btcsuite/btcd/wire/message.go
generated
vendored
Normal file
371
src/vendor/github.com/btcsuite/btcd/wire/message.go
generated
vendored
Normal file
|
@ -0,0 +1,371 @@
|
|||
// Copyright (c) 2013-2016 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package wire
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"fmt"
|
||||
"io"
|
||||
"unicode/utf8"
|
||||
|
||||
"github.com/btcsuite/btcd/chaincfg/chainhash"
|
||||
)
|
||||
|
||||
// MessageHeaderSize is the number of bytes in a bitcoin message header.
|
||||
// Bitcoin network (magic) 4 bytes + command 12 bytes + payload length 4 bytes +
|
||||
// checksum 4 bytes.
|
||||
const MessageHeaderSize = 24
|
||||
|
||||
// CommandSize is the fixed size of all commands in the common bitcoin message
|
||||
// header. Shorter commands must be zero padded.
|
||||
const CommandSize = 12
|
||||
|
||||
// MaxMessagePayload is the maximum bytes a message can be regardless of other
|
||||
// individual limits imposed by messages themselves.
|
||||
const MaxMessagePayload = (1024 * 1024 * 32) // 32MB
|
||||
|
||||
// Commands used in bitcoin message headers which describe the type of message.
|
||||
const (
|
||||
CmdVersion = "version"
|
||||
CmdVerAck = "verack"
|
||||
CmdGetAddr = "getaddr"
|
||||
CmdAddr = "addr"
|
||||
CmdGetBlocks = "getblocks"
|
||||
CmdInv = "inv"
|
||||
CmdGetData = "getdata"
|
||||
CmdNotFound = "notfound"
|
||||
CmdBlock = "block"
|
||||
CmdTx = "tx"
|
||||
CmdGetHeaders = "getheaders"
|
||||
CmdHeaders = "headers"
|
||||
CmdPing = "ping"
|
||||
CmdPong = "pong"
|
||||
CmdAlert = "alert"
|
||||
CmdMemPool = "mempool"
|
||||
CmdFilterAdd = "filteradd"
|
||||
CmdFilterClear = "filterclear"
|
||||
CmdFilterLoad = "filterload"
|
||||
CmdMerkleBlock = "merkleblock"
|
||||
CmdReject = "reject"
|
||||
CmdSendHeaders = "sendheaders"
|
||||
)
|
||||
|
||||
// Message is an interface that describes a bitcoin message. A type that
|
||||
// implements Message has complete control over the representation of its data
|
||||
// and may therefore contain additional or fewer fields than those which
|
||||
// are used directly in the protocol encoded message.
|
||||
type Message interface {
|
||||
BtcDecode(io.Reader, uint32) error
|
||||
BtcEncode(io.Writer, uint32) error
|
||||
Command() string
|
||||
MaxPayloadLength(uint32) uint32
|
||||
}
|
||||
|
||||
// makeEmptyMessage creates a message of the appropriate concrete type based
|
||||
// on the command.
|
||||
func makeEmptyMessage(command string) (Message, error) {
|
||||
var msg Message
|
||||
switch command {
|
||||
case CmdVersion:
|
||||
msg = &MsgVersion{}
|
||||
|
||||
case CmdVerAck:
|
||||
msg = &MsgVerAck{}
|
||||
|
||||
case CmdGetAddr:
|
||||
msg = &MsgGetAddr{}
|
||||
|
||||
case CmdAddr:
|
||||
msg = &MsgAddr{}
|
||||
|
||||
case CmdGetBlocks:
|
||||
msg = &MsgGetBlocks{}
|
||||
|
||||
case CmdBlock:
|
||||
msg = &MsgBlock{}
|
||||
|
||||
case CmdInv:
|
||||
msg = &MsgInv{}
|
||||
|
||||
case CmdGetData:
|
||||
msg = &MsgGetData{}
|
||||
|
||||
case CmdNotFound:
|
||||
msg = &MsgNotFound{}
|
||||
|
||||
case CmdTx:
|
||||
msg = &MsgTx{}
|
||||
|
||||
case CmdPing:
|
||||
msg = &MsgPing{}
|
||||
|
||||
case CmdPong:
|
||||
msg = &MsgPong{}
|
||||
|
||||
case CmdGetHeaders:
|
||||
msg = &MsgGetHeaders{}
|
||||
|
||||
case CmdHeaders:
|
||||
msg = &MsgHeaders{}
|
||||
|
||||
case CmdAlert:
|
||||
msg = &MsgAlert{}
|
||||
|
||||
case CmdMemPool:
|
||||
msg = &MsgMemPool{}
|
||||
|
||||
case CmdFilterAdd:
|
||||
msg = &MsgFilterAdd{}
|
||||
|
||||
case CmdFilterClear:
|
||||
msg = &MsgFilterClear{}
|
||||
|
||||
case CmdFilterLoad:
|
||||
msg = &MsgFilterLoad{}
|
||||
|
||||
case CmdMerkleBlock:
|
||||
msg = &MsgMerkleBlock{}
|
||||
|
||||
case CmdReject:
|
||||
msg = &MsgReject{}
|
||||
|
||||
case CmdSendHeaders:
|
||||
msg = &MsgSendHeaders{}
|
||||
|
||||
default:
|
||||
return nil, fmt.Errorf("unhandled command [%s]", command)
|
||||
}
|
||||
return msg, nil
|
||||
}
|
||||
|
||||
// messageHeader defines the header structure for all bitcoin protocol messages.
|
||||
type messageHeader struct {
|
||||
magic BitcoinNet // 4 bytes
|
||||
command string // 12 bytes
|
||||
length uint32 // 4 bytes
|
||||
checksum [4]byte // 4 bytes
|
||||
}
|
||||
|
||||
// readMessageHeader reads a bitcoin message header from r.
|
||||
func readMessageHeader(r io.Reader) (int, *messageHeader, error) {
|
||||
// Since readElements doesn't return the amount of bytes read, attempt
|
||||
// to read the entire header into a buffer first in case there is a
|
||||
// short read so the proper amount of read bytes are known. This works
|
||||
// since the header is a fixed size.
|
||||
var headerBytes [MessageHeaderSize]byte
|
||||
n, err := io.ReadFull(r, headerBytes[:])
|
||||
if err != nil {
|
||||
return n, nil, err
|
||||
}
|
||||
hr := bytes.NewReader(headerBytes[:])
|
||||
|
||||
// Create and populate a messageHeader struct from the raw header bytes.
|
||||
hdr := messageHeader{}
|
||||
var command [CommandSize]byte
|
||||
readElements(hr, &hdr.magic, &command, &hdr.length, &hdr.checksum)
|
||||
|
||||
// Strip trailing zeros from command string.
|
||||
hdr.command = string(bytes.TrimRight(command[:], string(0)))
|
||||
|
||||
return n, &hdr, nil
|
||||
}
|
||||
|
||||
// discardInput reads n bytes from reader r in chunks and discards the read
|
||||
// bytes. This is used to skip payloads when various errors occur and helps
|
||||
// prevent rogue nodes from causing massive memory allocation through forging
|
||||
// header length.
|
||||
func discardInput(r io.Reader, n uint32) {
|
||||
maxSize := uint32(10 * 1024) // 10k at a time
|
||||
numReads := n / maxSize
|
||||
bytesRemaining := n % maxSize
|
||||
if n > 0 {
|
||||
buf := make([]byte, maxSize)
|
||||
for i := uint32(0); i < numReads; i++ {
|
||||
io.ReadFull(r, buf)
|
||||
}
|
||||
}
|
||||
if bytesRemaining > 0 {
|
||||
buf := make([]byte, bytesRemaining)
|
||||
io.ReadFull(r, buf)
|
||||
}
|
||||
}
|
||||
|
||||
// WriteMessageN writes a bitcoin Message to w including the necessary header
|
||||
// information and returns the number of bytes written. This function is the
|
||||
// same as WriteMessage except it also returns the number of bytes written.
|
||||
func WriteMessageN(w io.Writer, msg Message, pver uint32, btcnet BitcoinNet) (int, error) {
|
||||
totalBytes := 0
|
||||
|
||||
// Enforce max command size.
|
||||
var command [CommandSize]byte
|
||||
cmd := msg.Command()
|
||||
if len(cmd) > CommandSize {
|
||||
str := fmt.Sprintf("command [%s] is too long [max %v]",
|
||||
cmd, CommandSize)
|
||||
return totalBytes, messageError("WriteMessage", str)
|
||||
}
|
||||
copy(command[:], []byte(cmd))
|
||||
|
||||
// Encode the message payload.
|
||||
var bw bytes.Buffer
|
||||
err := msg.BtcEncode(&bw, pver)
|
||||
if err != nil {
|
||||
return totalBytes, err
|
||||
}
|
||||
payload := bw.Bytes()
|
||||
lenp := len(payload)
|
||||
|
||||
// Enforce maximum overall message payload.
|
||||
if lenp > MaxMessagePayload {
|
||||
str := fmt.Sprintf("message payload is too large - encoded "+
|
||||
"%d bytes, but maximum message payload is %d bytes",
|
||||
lenp, MaxMessagePayload)
|
||||
return totalBytes, messageError("WriteMessage", str)
|
||||
}
|
||||
|
||||
// Enforce maximum message payload based on the message type.
|
||||
mpl := msg.MaxPayloadLength(pver)
|
||||
if uint32(lenp) > mpl {
|
||||
str := fmt.Sprintf("message payload is too large - encoded "+
|
||||
"%d bytes, but maximum message payload size for "+
|
||||
"messages of type [%s] is %d.", lenp, cmd, mpl)
|
||||
return totalBytes, messageError("WriteMessage", str)
|
||||
}
|
||||
|
||||
// Create header for the message.
|
||||
hdr := messageHeader{}
|
||||
hdr.magic = btcnet
|
||||
hdr.command = cmd
|
||||
hdr.length = uint32(lenp)
|
||||
copy(hdr.checksum[:], chainhash.DoubleHashB(payload)[0:4])
|
||||
|
||||
// Encode the header for the message. This is done to a buffer
|
||||
// rather than directly to the writer since writeElements doesn't
|
||||
// return the number of bytes written.
|
||||
hw := bytes.NewBuffer(make([]byte, 0, MessageHeaderSize))
|
||||
writeElements(hw, hdr.magic, command, hdr.length, hdr.checksum)
|
||||
|
||||
// Write header.
|
||||
n, err := w.Write(hw.Bytes())
|
||||
totalBytes += n
|
||||
if err != nil {
|
||||
return totalBytes, err
|
||||
}
|
||||
|
||||
// Write payload.
|
||||
n, err = w.Write(payload)
|
||||
totalBytes += n
|
||||
if err != nil {
|
||||
return totalBytes, err
|
||||
}
|
||||
|
||||
return totalBytes, nil
|
||||
}
|
||||
|
||||
// WriteMessage writes a bitcoin Message to w including the necessary header
|
||||
// information. This function is the same as WriteMessageN except it doesn't
|
||||
// doesn't return the number of bytes written. This function is mainly provided
|
||||
// for backwards compatibility with the original API, but it's also useful for
|
||||
// callers that don't care about byte counts.
|
||||
func WriteMessage(w io.Writer, msg Message, pver uint32, btcnet BitcoinNet) error {
|
||||
_, err := WriteMessageN(w, msg, pver, btcnet)
|
||||
return err
|
||||
}
|
||||
|
||||
// ReadMessageN reads, validates, and parses the next bitcoin Message from r for
|
||||
// the provided protocol version and bitcoin network. It returns the number of
|
||||
// bytes read in addition to the parsed Message and raw bytes which comprise the
|
||||
// message. This function is the same as ReadMessage except it also returns the
|
||||
// number of bytes read.
|
||||
func ReadMessageN(r io.Reader, pver uint32, btcnet BitcoinNet) (int, Message, []byte, error) {
|
||||
totalBytes := 0
|
||||
n, hdr, err := readMessageHeader(r)
|
||||
totalBytes += n
|
||||
if err != nil {
|
||||
return totalBytes, nil, nil, err
|
||||
}
|
||||
|
||||
// Enforce maximum message payload.
|
||||
if hdr.length > MaxMessagePayload {
|
||||
str := fmt.Sprintf("message payload is too large - header "+
|
||||
"indicates %d bytes, but max message payload is %d "+
|
||||
"bytes.", hdr.length, MaxMessagePayload)
|
||||
return totalBytes, nil, nil, messageError("ReadMessage", str)
|
||||
|
||||
}
|
||||
|
||||
// Check for messages from the wrong bitcoin network.
|
||||
if hdr.magic != btcnet {
|
||||
discardInput(r, hdr.length)
|
||||
str := fmt.Sprintf("message from other network [%v]", hdr.magic)
|
||||
return totalBytes, nil, nil, messageError("ReadMessage", str)
|
||||
}
|
||||
|
||||
// Check for malformed commands.
|
||||
command := hdr.command
|
||||
if !utf8.ValidString(command) {
|
||||
discardInput(r, hdr.length)
|
||||
str := fmt.Sprintf("invalid command %v", []byte(command))
|
||||
return totalBytes, nil, nil, messageError("ReadMessage", str)
|
||||
}
|
||||
|
||||
// Create struct of appropriate message type based on the command.
|
||||
msg, err := makeEmptyMessage(command)
|
||||
if err != nil {
|
||||
discardInput(r, hdr.length)
|
||||
return totalBytes, nil, nil, messageError("ReadMessage",
|
||||
err.Error())
|
||||
}
|
||||
|
||||
// Check for maximum length based on the message type as a malicious client
|
||||
// could otherwise create a well-formed header and set the length to max
|
||||
// numbers in order to exhaust the machine's memory.
|
||||
mpl := msg.MaxPayloadLength(pver)
|
||||
if hdr.length > mpl {
|
||||
discardInput(r, hdr.length)
|
||||
str := fmt.Sprintf("payload exceeds max length - header "+
|
||||
"indicates %v bytes, but max payload size for "+
|
||||
"messages of type [%v] is %v.", hdr.length, command, mpl)
|
||||
return totalBytes, nil, nil, messageError("ReadMessage", str)
|
||||
}
|
||||
|
||||
// Read payload.
|
||||
payload := make([]byte, hdr.length)
|
||||
n, err = io.ReadFull(r, payload)
|
||||
totalBytes += n
|
||||
if err != nil {
|
||||
return totalBytes, nil, nil, err
|
||||
}
|
||||
|
||||
// Test checksum.
|
||||
checksum := chainhash.DoubleHashB(payload)[0:4]
|
||||
if !bytes.Equal(checksum[:], hdr.checksum[:]) {
|
||||
str := fmt.Sprintf("payload checksum failed - header "+
|
||||
"indicates %v, but actual checksum is %v.",
|
||||
hdr.checksum, checksum)
|
||||
return totalBytes, nil, nil, messageError("ReadMessage", str)
|
||||
}
|
||||
|
||||
// Unmarshal message. NOTE: This must be a *bytes.Buffer since the
|
||||
// MsgVersion BtcDecode function requires it.
|
||||
pr := bytes.NewBuffer(payload)
|
||||
err = msg.BtcDecode(pr, pver)
|
||||
if err != nil {
|
||||
return totalBytes, nil, nil, err
|
||||
}
|
||||
|
||||
return totalBytes, msg, payload, nil
|
||||
}
|
||||
|
||||
// ReadMessage reads, validates, and parses the next bitcoin Message from r for
|
||||
// the provided protocol version and bitcoin network. It returns the parsed
|
||||
// Message and raw bytes which comprise the message. This function only differs
|
||||
// from ReadMessageN in that it doesn't return the number of bytes read. This
|
||||
// function is mainly provided for backwards compatibility with the original
|
||||
// API, but it's also useful for callers that don't care about byte counts.
|
||||
func ReadMessage(r io.Reader, pver uint32, btcnet BitcoinNet) (Message, []byte, error) {
|
||||
_, msg, buf, err := ReadMessageN(r, pver, btcnet)
|
||||
return msg, buf, err
|
||||
}
|
143
src/vendor/github.com/btcsuite/btcd/wire/msgaddr.go
generated
vendored
Normal file
143
src/vendor/github.com/btcsuite/btcd/wire/msgaddr.go
generated
vendored
Normal file
|
@ -0,0 +1,143 @@
|
|||
// Copyright (c) 2013-2015 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package wire
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io"
|
||||
)
|
||||
|
||||
// MaxAddrPerMsg is the maximum number of addresses that can be in a single
|
||||
// bitcoin addr message (MsgAddr).
|
||||
const MaxAddrPerMsg = 1000
|
||||
|
||||
// MsgAddr implements the Message interface and represents a bitcoin
|
||||
// addr message. It is used to provide a list of known active peers on the
|
||||
// network. An active peer is considered one that has transmitted a message
|
||||
// within the last 3 hours. Nodes which have not transmitted in that time
|
||||
// frame should be forgotten. Each message is limited to a maximum number of
|
||||
// addresses, which is currently 1000. As a result, multiple messages must
|
||||
// be used to relay the full list.
|
||||
//
|
||||
// Use the AddAddress function to build up the list of known addresses when
|
||||
// sending an addr message to another peer.
|
||||
type MsgAddr struct {
|
||||
AddrList []*NetAddress
|
||||
}
|
||||
|
||||
// AddAddress adds a known active peer to the message.
|
||||
func (msg *MsgAddr) AddAddress(na *NetAddress) error {
|
||||
if len(msg.AddrList)+1 > MaxAddrPerMsg {
|
||||
str := fmt.Sprintf("too many addresses in message [max %v]",
|
||||
MaxAddrPerMsg)
|
||||
return messageError("MsgAddr.AddAddress", str)
|
||||
}
|
||||
|
||||
msg.AddrList = append(msg.AddrList, na)
|
||||
return nil
|
||||
}
|
||||
|
||||
// AddAddresses adds multiple known active peers to the message.
|
||||
func (msg *MsgAddr) AddAddresses(netAddrs ...*NetAddress) error {
|
||||
for _, na := range netAddrs {
|
||||
err := msg.AddAddress(na)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// ClearAddresses removes all addresses from the message.
|
||||
func (msg *MsgAddr) ClearAddresses() {
|
||||
msg.AddrList = []*NetAddress{}
|
||||
}
|
||||
|
||||
// BtcDecode decodes r using the bitcoin protocol encoding into the receiver.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgAddr) BtcDecode(r io.Reader, pver uint32) error {
|
||||
count, err := ReadVarInt(r, pver)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Limit to max addresses per message.
|
||||
if count > MaxAddrPerMsg {
|
||||
str := fmt.Sprintf("too many addresses for message "+
|
||||
"[count %v, max %v]", count, MaxAddrPerMsg)
|
||||
return messageError("MsgAddr.BtcDecode", str)
|
||||
}
|
||||
|
||||
addrList := make([]NetAddress, count)
|
||||
msg.AddrList = make([]*NetAddress, 0, count)
|
||||
for i := uint64(0); i < count; i++ {
|
||||
na := &addrList[i]
|
||||
err := readNetAddress(r, pver, na, true)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
msg.AddAddress(na)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// BtcEncode encodes the receiver to w using the bitcoin protocol encoding.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgAddr) BtcEncode(w io.Writer, pver uint32) error {
|
||||
// Protocol versions before MultipleAddressVersion only allowed 1 address
|
||||
// per message.
|
||||
count := len(msg.AddrList)
|
||||
if pver < MultipleAddressVersion && count > 1 {
|
||||
str := fmt.Sprintf("too many addresses for message of "+
|
||||
"protocol version %v [count %v, max 1]", pver, count)
|
||||
return messageError("MsgAddr.BtcEncode", str)
|
||||
|
||||
}
|
||||
if count > MaxAddrPerMsg {
|
||||
str := fmt.Sprintf("too many addresses for message "+
|
||||
"[count %v, max %v]", count, MaxAddrPerMsg)
|
||||
return messageError("MsgAddr.BtcEncode", str)
|
||||
}
|
||||
|
||||
err := WriteVarInt(w, pver, uint64(count))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
for _, na := range msg.AddrList {
|
||||
err = writeNetAddress(w, pver, na, true)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// Command returns the protocol command string for the message. This is part
|
||||
// of the Message interface implementation.
|
||||
func (msg *MsgAddr) Command() string {
|
||||
return CmdAddr
|
||||
}
|
||||
|
||||
// MaxPayloadLength returns the maximum length the payload can be for the
|
||||
// receiver. This is part of the Message interface implementation.
|
||||
func (msg *MsgAddr) MaxPayloadLength(pver uint32) uint32 {
|
||||
if pver < MultipleAddressVersion {
|
||||
// Num addresses (varInt) + a single net addresses.
|
||||
return MaxVarIntPayload + maxNetAddressPayload(pver)
|
||||
}
|
||||
|
||||
// Num addresses (varInt) + max allowed addresses.
|
||||
return MaxVarIntPayload + (MaxAddrPerMsg * maxNetAddressPayload(pver))
|
||||
}
|
||||
|
||||
// NewMsgAddr returns a new bitcoin addr message that conforms to the
|
||||
// Message interface. See MsgAddr for details.
|
||||
func NewMsgAddr() *MsgAddr {
|
||||
return &MsgAddr{
|
||||
AddrList: make([]*NetAddress, 0, MaxAddrPerMsg),
|
||||
}
|
||||
}
|
422
src/vendor/github.com/btcsuite/btcd/wire/msgalert.go
generated
vendored
Normal file
422
src/vendor/github.com/btcsuite/btcd/wire/msgalert.go
generated
vendored
Normal file
|
@ -0,0 +1,422 @@
|
|||
// Copyright (c) 2013-2015 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package wire
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"fmt"
|
||||
"io"
|
||||
)
|
||||
|
||||
// MsgAlert contains a payload and a signature:
|
||||
//
|
||||
// ===============================================
|
||||
// | Field | Data Type | Size |
|
||||
// ===============================================
|
||||
// | payload | []uchar | ? |
|
||||
// -----------------------------------------------
|
||||
// | signature | []uchar | ? |
|
||||
// -----------------------------------------------
|
||||
//
|
||||
// Here payload is an Alert serialized into a byte array to ensure that
|
||||
// versions using incompatible alert formats can still relay
|
||||
// alerts among one another.
|
||||
//
|
||||
// An Alert is the payload deserialized as follows:
|
||||
//
|
||||
// ===============================================
|
||||
// | Field | Data Type | Size |
|
||||
// ===============================================
|
||||
// | Version | int32 | 4 |
|
||||
// -----------------------------------------------
|
||||
// | RelayUntil | int64 | 8 |
|
||||
// -----------------------------------------------
|
||||
// | Expiration | int64 | 8 |
|
||||
// -----------------------------------------------
|
||||
// | ID | int32 | 4 |
|
||||
// -----------------------------------------------
|
||||
// | Cancel | int32 | 4 |
|
||||
// -----------------------------------------------
|
||||
// | SetCancel | set<int32> | ? |
|
||||
// -----------------------------------------------
|
||||
// | MinVer | int32 | 4 |
|
||||
// -----------------------------------------------
|
||||
// | MaxVer | int32 | 4 |
|
||||
// -----------------------------------------------
|
||||
// | SetSubVer | set<string> | ? |
|
||||
// -----------------------------------------------
|
||||
// | Priority | int32 | 4 |
|
||||
// -----------------------------------------------
|
||||
// | Comment | string | ? |
|
||||
// -----------------------------------------------
|
||||
// | StatusBar | string | ? |
|
||||
// -----------------------------------------------
|
||||
// | Reserved | string | ? |
|
||||
// -----------------------------------------------
|
||||
// | Total (Fixed) | 45 |
|
||||
// -----------------------------------------------
|
||||
//
|
||||
// NOTE:
|
||||
// * string is a VarString i.e VarInt length followed by the string itself
|
||||
// * set<string> is a VarInt followed by as many number of strings
|
||||
// * set<int32> is a VarInt followed by as many number of ints
|
||||
// * fixedAlertSize = 40 + 5*min(VarInt) = 40 + 5*1 = 45
|
||||
//
|
||||
// Now we can define bounds on Alert size, SetCancel and SetSubVer
|
||||
|
||||
// Fixed size of the alert payload
|
||||
const fixedAlertSize = 45
|
||||
|
||||
// maxSignatureSize is the max size of an ECDSA signature.
|
||||
// NOTE: Since this size is fixed and < 255, the size of VarInt required = 1.
|
||||
const maxSignatureSize = 72
|
||||
|
||||
// maxAlertSize is the maximum size an alert.
|
||||
//
|
||||
// MessagePayload = VarInt(Alert) + Alert + VarInt(Signature) + Signature
|
||||
// MaxMessagePayload = maxAlertSize + max(VarInt) + maxSignatureSize + 1
|
||||
const maxAlertSize = MaxMessagePayload - maxSignatureSize - MaxVarIntPayload - 1
|
||||
|
||||
// maxCountSetCancel is the maximum number of cancel IDs that could possibly
|
||||
// fit into a maximum size alert.
|
||||
//
|
||||
// maxAlertSize = fixedAlertSize + max(SetCancel) + max(SetSubVer) + 3*(string)
|
||||
// for caculating maximum number of cancel IDs, set all other var sizes to 0
|
||||
// maxAlertSize = fixedAlertSize + (MaxVarIntPayload-1) + x*sizeOf(int32)
|
||||
// x = (maxAlertSize - fixedAlertSize - MaxVarIntPayload + 1) / 4
|
||||
const maxCountSetCancel = (maxAlertSize - fixedAlertSize - MaxVarIntPayload + 1) / 4
|
||||
|
||||
// maxCountSetSubVer is the maximum number of subversions that could possibly
|
||||
// fit into a maximum size alert.
|
||||
//
|
||||
// maxAlertSize = fixedAlertSize + max(SetCancel) + max(SetSubVer) + 3*(string)
|
||||
// for caculating maximum number of subversions, set all other var sizes to 0
|
||||
// maxAlertSize = fixedAlertSize + (MaxVarIntPayload-1) + x*sizeOf(string)
|
||||
// x = (maxAlertSize - fixedAlertSize - MaxVarIntPayload + 1) / sizeOf(string)
|
||||
// subversion would typically be something like "/Satoshi:0.7.2/" (15 bytes)
|
||||
// so assuming < 255 bytes, sizeOf(string) = sizeOf(uint8) + 255 = 256
|
||||
const maxCountSetSubVer = (maxAlertSize - fixedAlertSize - MaxVarIntPayload + 1) / 256
|
||||
|
||||
// Alert contains the data deserialized from the MsgAlert payload.
|
||||
type Alert struct {
|
||||
// Alert format version
|
||||
Version int32
|
||||
|
||||
// Timestamp beyond which nodes should stop relaying this alert
|
||||
RelayUntil int64
|
||||
|
||||
// Timestamp beyond which this alert is no longer in effect and
|
||||
// should be ignored
|
||||
Expiration int64
|
||||
|
||||
// A unique ID number for this alert
|
||||
ID int32
|
||||
|
||||
// All alerts with an ID less than or equal to this number should
|
||||
// cancelled, deleted and not accepted in the future
|
||||
Cancel int32
|
||||
|
||||
// All alert IDs contained in this set should be cancelled as above
|
||||
SetCancel []int32
|
||||
|
||||
// This alert only applies to versions greater than or equal to this
|
||||
// version. Other versions should still relay it.
|
||||
MinVer int32
|
||||
|
||||
// This alert only applies to versions less than or equal to this version.
|
||||
// Other versions should still relay it.
|
||||
MaxVer int32
|
||||
|
||||
// If this set contains any elements, then only nodes that have their
|
||||
// subVer contained in this set are affected by the alert. Other versions
|
||||
// should still relay it.
|
||||
SetSubVer []string
|
||||
|
||||
// Relative priority compared to other alerts
|
||||
Priority int32
|
||||
|
||||
// A comment on the alert that is not displayed
|
||||
Comment string
|
||||
|
||||
// The alert message that is displayed to the user
|
||||
StatusBar string
|
||||
|
||||
// Reserved
|
||||
Reserved string
|
||||
}
|
||||
|
||||
// Serialize encodes the alert to w using the alert protocol encoding format.
|
||||
func (alert *Alert) Serialize(w io.Writer, pver uint32) error {
|
||||
err := writeElements(w, alert.Version, alert.RelayUntil,
|
||||
alert.Expiration, alert.ID, alert.Cancel)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
count := len(alert.SetCancel)
|
||||
if count > maxCountSetCancel {
|
||||
str := fmt.Sprintf("too many cancel alert IDs for alert "+
|
||||
"[count %v, max %v]", count, maxCountSetCancel)
|
||||
return messageError("Alert.Serialize", str)
|
||||
}
|
||||
err = WriteVarInt(w, pver, uint64(count))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for i := 0; i < int(count); i++ {
|
||||
err = writeElement(w, alert.SetCancel[i])
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
err = writeElements(w, alert.MinVer, alert.MaxVer)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
count = len(alert.SetSubVer)
|
||||
if count > maxCountSetSubVer {
|
||||
str := fmt.Sprintf("too many sub versions for alert "+
|
||||
"[count %v, max %v]", count, maxCountSetSubVer)
|
||||
return messageError("Alert.Serialize", str)
|
||||
}
|
||||
err = WriteVarInt(w, pver, uint64(count))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for i := 0; i < int(count); i++ {
|
||||
err = WriteVarString(w, pver, alert.SetSubVer[i])
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
err = writeElement(w, alert.Priority)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = WriteVarString(w, pver, alert.Comment)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = WriteVarString(w, pver, alert.StatusBar)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = WriteVarString(w, pver, alert.Reserved)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// Deserialize decodes from r into the receiver using the alert protocol
|
||||
// encoding format.
|
||||
func (alert *Alert) Deserialize(r io.Reader, pver uint32) error {
|
||||
err := readElements(r, &alert.Version, &alert.RelayUntil,
|
||||
&alert.Expiration, &alert.ID, &alert.Cancel)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// SetCancel: first read a VarInt that contains
|
||||
// count - the number of Cancel IDs, then
|
||||
// iterate count times and read them
|
||||
count, err := ReadVarInt(r, pver)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if count > maxCountSetCancel {
|
||||
str := fmt.Sprintf("too many cancel alert IDs for alert "+
|
||||
"[count %v, max %v]", count, maxCountSetCancel)
|
||||
return messageError("Alert.Deserialize", str)
|
||||
}
|
||||
alert.SetCancel = make([]int32, count)
|
||||
for i := 0; i < int(count); i++ {
|
||||
err := readElement(r, &alert.SetCancel[i])
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
err = readElements(r, &alert.MinVer, &alert.MaxVer)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// SetSubVer: similar to SetCancel
|
||||
// but read count number of sub-version strings
|
||||
count, err = ReadVarInt(r, pver)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if count > maxCountSetSubVer {
|
||||
str := fmt.Sprintf("too many sub versions for alert "+
|
||||
"[count %v, max %v]", count, maxCountSetSubVer)
|
||||
return messageError("Alert.Deserialize", str)
|
||||
}
|
||||
alert.SetSubVer = make([]string, count)
|
||||
for i := 0; i < int(count); i++ {
|
||||
alert.SetSubVer[i], err = ReadVarString(r, pver)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
err = readElement(r, &alert.Priority)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
alert.Comment, err = ReadVarString(r, pver)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
alert.StatusBar, err = ReadVarString(r, pver)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
alert.Reserved, err = ReadVarString(r, pver)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// NewAlert returns an new Alert with values provided.
|
||||
func NewAlert(version int32, relayUntil int64, expiration int64,
|
||||
id int32, cancel int32, setCancel []int32, minVer int32,
|
||||
maxVer int32, setSubVer []string, priority int32, comment string,
|
||||
statusBar string) *Alert {
|
||||
return &Alert{
|
||||
Version: version,
|
||||
RelayUntil: relayUntil,
|
||||
Expiration: expiration,
|
||||
ID: id,
|
||||
Cancel: cancel,
|
||||
SetCancel: setCancel,
|
||||
MinVer: minVer,
|
||||
MaxVer: maxVer,
|
||||
SetSubVer: setSubVer,
|
||||
Priority: priority,
|
||||
Comment: comment,
|
||||
StatusBar: statusBar,
|
||||
Reserved: "",
|
||||
}
|
||||
}
|
||||
|
||||
// NewAlertFromPayload returns an Alert with values deserialized from the
|
||||
// serialized payload.
|
||||
func NewAlertFromPayload(serializedPayload []byte, pver uint32) (*Alert, error) {
|
||||
var alert Alert
|
||||
r := bytes.NewReader(serializedPayload)
|
||||
err := alert.Deserialize(r, pver)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &alert, nil
|
||||
}
|
||||
|
||||
// MsgAlert implements the Message interface and defines a bitcoin alert
|
||||
// message.
|
||||
//
|
||||
// This is a signed message that provides notifications that the client should
|
||||
// display if the signature matches the key. bitcoind/bitcoin-qt only checks
|
||||
// against a signature from the core developers.
|
||||
type MsgAlert struct {
|
||||
// SerializedPayload is the alert payload serialized as a string so that the
|
||||
// version can change but the Alert can still be passed on by older
|
||||
// clients.
|
||||
SerializedPayload []byte
|
||||
|
||||
// Signature is the ECDSA signature of the message.
|
||||
Signature []byte
|
||||
|
||||
// Deserialized Payload
|
||||
Payload *Alert
|
||||
}
|
||||
|
||||
// BtcDecode decodes r using the bitcoin protocol encoding into the receiver.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgAlert) BtcDecode(r io.Reader, pver uint32) error {
|
||||
var err error
|
||||
|
||||
msg.SerializedPayload, err = ReadVarBytes(r, pver, MaxMessagePayload,
|
||||
"alert serialized payload")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
msg.Payload, err = NewAlertFromPayload(msg.SerializedPayload, pver)
|
||||
if err != nil {
|
||||
msg.Payload = nil
|
||||
}
|
||||
|
||||
msg.Signature, err = ReadVarBytes(r, pver, MaxMessagePayload,
|
||||
"alert signature")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// BtcEncode encodes the receiver to w using the bitcoin protocol encoding.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgAlert) BtcEncode(w io.Writer, pver uint32) error {
|
||||
var err error
|
||||
var serializedpayload []byte
|
||||
if msg.Payload != nil {
|
||||
// try to Serialize Payload if possible
|
||||
r := new(bytes.Buffer)
|
||||
err = msg.Payload.Serialize(r, pver)
|
||||
if err != nil {
|
||||
// Serialize failed - ignore & fallback
|
||||
// to SerializedPayload
|
||||
serializedpayload = msg.SerializedPayload
|
||||
} else {
|
||||
serializedpayload = r.Bytes()
|
||||
}
|
||||
} else {
|
||||
serializedpayload = msg.SerializedPayload
|
||||
}
|
||||
slen := uint64(len(serializedpayload))
|
||||
if slen == 0 {
|
||||
return messageError("MsgAlert.BtcEncode", "empty serialized payload")
|
||||
}
|
||||
err = WriteVarBytes(w, pver, serializedpayload)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = WriteVarBytes(w, pver, msg.Signature)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// Command returns the protocol command string for the message. This is part
|
||||
// of the Message interface implementation.
|
||||
func (msg *MsgAlert) Command() string {
|
||||
return CmdAlert
|
||||
}
|
||||
|
||||
// MaxPayloadLength returns the maximum length the payload can be for the
|
||||
// receiver. This is part of the Message interface implementation.
|
||||
func (msg *MsgAlert) MaxPayloadLength(pver uint32) uint32 {
|
||||
// Since this can vary depending on the message, make it the max
|
||||
// size allowed.
|
||||
return MaxMessagePayload
|
||||
}
|
||||
|
||||
// NewMsgAlert returns a new bitcoin alert message that conforms to the Message
|
||||
// interface. See MsgAlert for details.
|
||||
func NewMsgAlert(serializedPayload []byte, signature []byte) *MsgAlert {
|
||||
return &MsgAlert{
|
||||
SerializedPayload: serializedPayload,
|
||||
Signature: signature,
|
||||
Payload: nil,
|
||||
}
|
||||
}
|
250
src/vendor/github.com/btcsuite/btcd/wire/msgblock.go
generated
vendored
Normal file
250
src/vendor/github.com/btcsuite/btcd/wire/msgblock.go
generated
vendored
Normal file
|
@ -0,0 +1,250 @@
|
|||
// Copyright (c) 2013-2016 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package wire
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"fmt"
|
||||
"io"
|
||||
|
||||
"github.com/btcsuite/btcd/chaincfg/chainhash"
|
||||
)
|
||||
|
||||
// defaultTransactionAlloc is the default size used for the backing array
|
||||
// for transactions. The transaction array will dynamically grow as needed, but
|
||||
// this figure is intended to provide enough space for the number of
|
||||
// transactions in the vast majority of blocks without needing to grow the
|
||||
// backing array multiple times.
|
||||
const defaultTransactionAlloc = 2048
|
||||
|
||||
// MaxBlocksPerMsg is the maximum number of blocks allowed per message.
|
||||
const MaxBlocksPerMsg = 500
|
||||
|
||||
// MaxBlockPayload is the maximum bytes a block message can be in bytes.
|
||||
const MaxBlockPayload = 1000000 // Not actually 1MB which would be 1024 * 1024
|
||||
|
||||
// maxTxPerBlock is the maximum number of transactions that could
|
||||
// possibly fit into a block.
|
||||
const maxTxPerBlock = (MaxBlockPayload / minTxPayload) + 1
|
||||
|
||||
// TxLoc holds locator data for the offset and length of where a transaction is
|
||||
// located within a MsgBlock data buffer.
|
||||
type TxLoc struct {
|
||||
TxStart int
|
||||
TxLen int
|
||||
}
|
||||
|
||||
// MsgBlock implements the Message interface and represents a bitcoin
|
||||
// block message. It is used to deliver block and transaction information in
|
||||
// response to a getdata message (MsgGetData) for a given block hash.
|
||||
type MsgBlock struct {
|
||||
Header BlockHeader
|
||||
Transactions []*MsgTx
|
||||
}
|
||||
|
||||
// AddTransaction adds a transaction to the message.
|
||||
func (msg *MsgBlock) AddTransaction(tx *MsgTx) error {
|
||||
msg.Transactions = append(msg.Transactions, tx)
|
||||
return nil
|
||||
|
||||
}
|
||||
|
||||
// ClearTransactions removes all transactions from the message.
|
||||
func (msg *MsgBlock) ClearTransactions() {
|
||||
msg.Transactions = make([]*MsgTx, 0, defaultTransactionAlloc)
|
||||
}
|
||||
|
||||
// BtcDecode decodes r using the bitcoin protocol encoding into the receiver.
|
||||
// This is part of the Message interface implementation.
|
||||
// See Deserialize for decoding blocks stored to disk, such as in a database, as
|
||||
// opposed to decoding blocks from the wire.
|
||||
func (msg *MsgBlock) BtcDecode(r io.Reader, pver uint32) error {
|
||||
err := readBlockHeader(r, pver, &msg.Header)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
txCount, err := ReadVarInt(r, pver)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Prevent more transactions than could possibly fit into a block.
|
||||
// It would be possible to cause memory exhaustion and panics without
|
||||
// a sane upper bound on this count.
|
||||
if txCount > maxTxPerBlock {
|
||||
str := fmt.Sprintf("too many transactions to fit into a block "+
|
||||
"[count %d, max %d]", txCount, maxTxPerBlock)
|
||||
return messageError("MsgBlock.BtcDecode", str)
|
||||
}
|
||||
|
||||
msg.Transactions = make([]*MsgTx, 0, txCount)
|
||||
for i := uint64(0); i < txCount; i++ {
|
||||
tx := MsgTx{}
|
||||
err := tx.BtcDecode(r, pver)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
msg.Transactions = append(msg.Transactions, &tx)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// Deserialize decodes a block from r into the receiver using a format that is
|
||||
// suitable for long-term storage such as a database while respecting the
|
||||
// Version field in the block. This function differs from BtcDecode in that
|
||||
// BtcDecode decodes from the bitcoin wire protocol as it was sent across the
|
||||
// network. The wire encoding can technically differ depending on the protocol
|
||||
// version and doesn't even really need to match the format of a stored block at
|
||||
// all. As of the time this comment was written, the encoded block is the same
|
||||
// in both instances, but there is a distinct difference and separating the two
|
||||
// allows the API to be flexible enough to deal with changes.
|
||||
func (msg *MsgBlock) Deserialize(r io.Reader) error {
|
||||
// At the current time, there is no difference between the wire encoding
|
||||
// at protocol version 0 and the stable long-term storage format. As
|
||||
// a result, make use of BtcDecode.
|
||||
return msg.BtcDecode(r, 0)
|
||||
}
|
||||
|
||||
// DeserializeTxLoc decodes r in the same manner Deserialize does, but it takes
|
||||
// a byte buffer instead of a generic reader and returns a slice containing the
|
||||
// start and length of each transaction within the raw data that is being
|
||||
// deserialized.
|
||||
func (msg *MsgBlock) DeserializeTxLoc(r *bytes.Buffer) ([]TxLoc, error) {
|
||||
fullLen := r.Len()
|
||||
|
||||
// At the current time, there is no difference between the wire encoding
|
||||
// at protocol version 0 and the stable long-term storage format. As
|
||||
// a result, make use of existing wire protocol functions.
|
||||
err := readBlockHeader(r, 0, &msg.Header)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
txCount, err := ReadVarInt(r, 0)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Prevent more transactions than could possibly fit into a block.
|
||||
// It would be possible to cause memory exhaustion and panics without
|
||||
// a sane upper bound on this count.
|
||||
if txCount > maxTxPerBlock {
|
||||
str := fmt.Sprintf("too many transactions to fit into a block "+
|
||||
"[count %d, max %d]", txCount, maxTxPerBlock)
|
||||
return nil, messageError("MsgBlock.DeserializeTxLoc", str)
|
||||
}
|
||||
|
||||
// Deserialize each transaction while keeping track of its location
|
||||
// within the byte stream.
|
||||
msg.Transactions = make([]*MsgTx, 0, txCount)
|
||||
txLocs := make([]TxLoc, txCount)
|
||||
for i := uint64(0); i < txCount; i++ {
|
||||
txLocs[i].TxStart = fullLen - r.Len()
|
||||
tx := MsgTx{}
|
||||
err := tx.Deserialize(r)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
msg.Transactions = append(msg.Transactions, &tx)
|
||||
txLocs[i].TxLen = (fullLen - r.Len()) - txLocs[i].TxStart
|
||||
}
|
||||
|
||||
return txLocs, nil
|
||||
}
|
||||
|
||||
// BtcEncode encodes the receiver to w using the bitcoin protocol encoding.
|
||||
// This is part of the Message interface implementation.
|
||||
// See Serialize for encoding blocks to be stored to disk, such as in a
|
||||
// database, as opposed to encoding blocks for the wire.
|
||||
func (msg *MsgBlock) BtcEncode(w io.Writer, pver uint32) error {
|
||||
err := writeBlockHeader(w, pver, &msg.Header)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
err = WriteVarInt(w, pver, uint64(len(msg.Transactions)))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
for _, tx := range msg.Transactions {
|
||||
err = tx.BtcEncode(w, pver)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// Serialize encodes the block to w using a format that suitable for long-term
|
||||
// storage such as a database while respecting the Version field in the block.
|
||||
// This function differs from BtcEncode in that BtcEncode encodes the block to
|
||||
// the bitcoin wire protocol in order to be sent across the network. The wire
|
||||
// encoding can technically differ depending on the protocol version and doesn't
|
||||
// even really need to match the format of a stored block at all. As of the
|
||||
// time this comment was written, the encoded block is the same in both
|
||||
// instances, but there is a distinct difference and separating the two allows
|
||||
// the API to be flexible enough to deal with changes.
|
||||
func (msg *MsgBlock) Serialize(w io.Writer) error {
|
||||
// At the current time, there is no difference between the wire encoding
|
||||
// at protocol version 0 and the stable long-term storage format. As
|
||||
// a result, make use of BtcEncode.
|
||||
return msg.BtcEncode(w, 0)
|
||||
}
|
||||
|
||||
// SerializeSize returns the number of bytes it would take to serialize the
|
||||
// the block.
|
||||
func (msg *MsgBlock) SerializeSize() int {
|
||||
// Block header bytes + Serialized varint size for the number of
|
||||
// transactions.
|
||||
n := blockHeaderLen + VarIntSerializeSize(uint64(len(msg.Transactions)))
|
||||
|
||||
for _, tx := range msg.Transactions {
|
||||
n += tx.SerializeSize()
|
||||
}
|
||||
|
||||
return n
|
||||
}
|
||||
|
||||
// Command returns the protocol command string for the message. This is part
|
||||
// of the Message interface implementation.
|
||||
func (msg *MsgBlock) Command() string {
|
||||
return CmdBlock
|
||||
}
|
||||
|
||||
// MaxPayloadLength returns the maximum length the payload can be for the
|
||||
// receiver. This is part of the Message interface implementation.
|
||||
func (msg *MsgBlock) MaxPayloadLength(pver uint32) uint32 {
|
||||
// Block header at 80 bytes + transaction count + max transactions
|
||||
// which can vary up to the MaxBlockPayload (including the block header
|
||||
// and transaction count).
|
||||
return MaxBlockPayload
|
||||
}
|
||||
|
||||
// BlockHash computes the block identifier hash for this block.
|
||||
func (msg *MsgBlock) BlockHash() chainhash.Hash {
|
||||
return msg.Header.BlockHash()
|
||||
}
|
||||
|
||||
// TxHashes returns a slice of hashes of all of transactions in this block.
|
||||
func (msg *MsgBlock) TxHashes() ([]chainhash.Hash, error) {
|
||||
hashList := make([]chainhash.Hash, 0, len(msg.Transactions))
|
||||
for _, tx := range msg.Transactions {
|
||||
hashList = append(hashList, tx.TxHash())
|
||||
}
|
||||
return hashList, nil
|
||||
}
|
||||
|
||||
// NewMsgBlock returns a new bitcoin block message that conforms to the
|
||||
// Message interface. See MsgBlock for details.
|
||||
func NewMsgBlock(blockHeader *BlockHeader) *MsgBlock {
|
||||
return &MsgBlock{
|
||||
Header: *blockHeader,
|
||||
Transactions: make([]*MsgTx, 0, defaultTransactionAlloc),
|
||||
}
|
||||
}
|
90
src/vendor/github.com/btcsuite/btcd/wire/msgfilteradd.go
generated
vendored
Normal file
90
src/vendor/github.com/btcsuite/btcd/wire/msgfilteradd.go
generated
vendored
Normal file
|
@ -0,0 +1,90 @@
|
|||
// Copyright (c) 2014-2015 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package wire
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io"
|
||||
)
|
||||
|
||||
const (
|
||||
// MaxFilterAddDataSize is the maximum byte size of a data
|
||||
// element to add to the Bloom filter. It is equal to the
|
||||
// maximum element size of a script.
|
||||
MaxFilterAddDataSize = 520
|
||||
)
|
||||
|
||||
// MsgFilterAdd implements the Message interface and represents a bitcoin
|
||||
// filteradd message. It is used to add a data element to an existing Bloom
|
||||
// filter.
|
||||
//
|
||||
// This message was not added until protocol version BIP0037Version.
|
||||
type MsgFilterAdd struct {
|
||||
Data []byte
|
||||
}
|
||||
|
||||
// BtcDecode decodes r using the bitcoin protocol encoding into the receiver.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgFilterAdd) BtcDecode(r io.Reader, pver uint32) error {
|
||||
if pver < BIP0037Version {
|
||||
str := fmt.Sprintf("filteradd message invalid for protocol "+
|
||||
"version %d", pver)
|
||||
return messageError("MsgFilterAdd.BtcDecode", str)
|
||||
}
|
||||
|
||||
var err error
|
||||
msg.Data, err = ReadVarBytes(r, pver, MaxFilterAddDataSize,
|
||||
"filteradd data")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// BtcEncode encodes the receiver to w using the bitcoin protocol encoding.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgFilterAdd) BtcEncode(w io.Writer, pver uint32) error {
|
||||
if pver < BIP0037Version {
|
||||
str := fmt.Sprintf("filteradd message invalid for protocol "+
|
||||
"version %d", pver)
|
||||
return messageError("MsgFilterAdd.BtcEncode", str)
|
||||
}
|
||||
|
||||
size := len(msg.Data)
|
||||
if size > MaxFilterAddDataSize {
|
||||
str := fmt.Sprintf("filteradd size too large for message "+
|
||||
"[size %v, max %v]", size, MaxFilterAddDataSize)
|
||||
return messageError("MsgFilterAdd.BtcEncode", str)
|
||||
}
|
||||
|
||||
err := WriteVarBytes(w, pver, msg.Data)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// Command returns the protocol command string for the message. This is part
|
||||
// of the Message interface implementation.
|
||||
func (msg *MsgFilterAdd) Command() string {
|
||||
return CmdFilterAdd
|
||||
}
|
||||
|
||||
// MaxPayloadLength returns the maximum length the payload can be for the
|
||||
// receiver. This is part of the Message interface implementation.
|
||||
func (msg *MsgFilterAdd) MaxPayloadLength(pver uint32) uint32 {
|
||||
return uint32(VarIntSerializeSize(MaxFilterAddDataSize)) +
|
||||
MaxFilterAddDataSize
|
||||
}
|
||||
|
||||
// NewMsgFilterAdd returns a new bitcoin filteradd message that conforms to the
|
||||
// Message interface. See MsgFilterAdd for details.
|
||||
func NewMsgFilterAdd(data []byte) *MsgFilterAdd {
|
||||
return &MsgFilterAdd{
|
||||
Data: data,
|
||||
}
|
||||
}
|
59
src/vendor/github.com/btcsuite/btcd/wire/msgfilterclear.go
generated
vendored
Normal file
59
src/vendor/github.com/btcsuite/btcd/wire/msgfilterclear.go
generated
vendored
Normal file
|
@ -0,0 +1,59 @@
|
|||
// Copyright (c) 2014-2015 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package wire
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io"
|
||||
)
|
||||
|
||||
// MsgFilterClear implements the Message interface and represents a bitcoin
|
||||
// filterclear message which is used to reset a Bloom filter.
|
||||
//
|
||||
// This message was not added until protocol version BIP0037Version and has
|
||||
// no payload.
|
||||
type MsgFilterClear struct{}
|
||||
|
||||
// BtcDecode decodes r using the bitcoin protocol encoding into the receiver.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgFilterClear) BtcDecode(r io.Reader, pver uint32) error {
|
||||
if pver < BIP0037Version {
|
||||
str := fmt.Sprintf("filterclear message invalid for protocol "+
|
||||
"version %d", pver)
|
||||
return messageError("MsgFilterClear.BtcDecode", str)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// BtcEncode encodes the receiver to w using the bitcoin protocol encoding.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgFilterClear) BtcEncode(w io.Writer, pver uint32) error {
|
||||
if pver < BIP0037Version {
|
||||
str := fmt.Sprintf("filterclear message invalid for protocol "+
|
||||
"version %d", pver)
|
||||
return messageError("MsgFilterClear.BtcEncode", str)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// Command returns the protocol command string for the message. This is part
|
||||
// of the Message interface implementation.
|
||||
func (msg *MsgFilterClear) Command() string {
|
||||
return CmdFilterClear
|
||||
}
|
||||
|
||||
// MaxPayloadLength returns the maximum length the payload can be for the
|
||||
// receiver. This is part of the Message interface implementation.
|
||||
func (msg *MsgFilterClear) MaxPayloadLength(pver uint32) uint32 {
|
||||
return 0
|
||||
}
|
||||
|
||||
// NewMsgFilterClear returns a new bitcoin filterclear message that conforms to the Message
|
||||
// interface. See MsgFilterClear for details.
|
||||
func NewMsgFilterClear() *MsgFilterClear {
|
||||
return &MsgFilterClear{}
|
||||
}
|
141
src/vendor/github.com/btcsuite/btcd/wire/msgfilterload.go
generated
vendored
Normal file
141
src/vendor/github.com/btcsuite/btcd/wire/msgfilterload.go
generated
vendored
Normal file
|
@ -0,0 +1,141 @@
|
|||
// Copyright (c) 2014-2015 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package wire
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io"
|
||||
)
|
||||
|
||||
// BloomUpdateType specifies how the filter is updated when a match is found
|
||||
type BloomUpdateType uint8
|
||||
|
||||
const (
|
||||
// BloomUpdateNone indicates the filter is not adjusted when a match is
|
||||
// found.
|
||||
BloomUpdateNone BloomUpdateType = 0
|
||||
|
||||
// BloomUpdateAll indicates if the filter matches any data element in a
|
||||
// public key script, the outpoint is serialized and inserted into the
|
||||
// filter.
|
||||
BloomUpdateAll BloomUpdateType = 1
|
||||
|
||||
// BloomUpdateP2PubkeyOnly indicates if the filter matches a data
|
||||
// element in a public key script and the script is of the standard
|
||||
// pay-to-pubkey or multisig, the outpoint is serialized and inserted
|
||||
// into the filter.
|
||||
BloomUpdateP2PubkeyOnly BloomUpdateType = 2
|
||||
)
|
||||
|
||||
const (
|
||||
// MaxFilterLoadHashFuncs is the maximum number of hash functions to
|
||||
// load into the Bloom filter.
|
||||
MaxFilterLoadHashFuncs = 50
|
||||
|
||||
// MaxFilterLoadFilterSize is the maximum size in bytes a filter may be.
|
||||
MaxFilterLoadFilterSize = 36000
|
||||
)
|
||||
|
||||
// MsgFilterLoad implements the Message interface and represents a bitcoin
|
||||
// filterload message which is used to reset a Bloom filter.
|
||||
//
|
||||
// This message was not added until protocol version BIP0037Version.
|
||||
type MsgFilterLoad struct {
|
||||
Filter []byte
|
||||
HashFuncs uint32
|
||||
Tweak uint32
|
||||
Flags BloomUpdateType
|
||||
}
|
||||
|
||||
// BtcDecode decodes r using the bitcoin protocol encoding into the receiver.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgFilterLoad) BtcDecode(r io.Reader, pver uint32) error {
|
||||
if pver < BIP0037Version {
|
||||
str := fmt.Sprintf("filterload message invalid for protocol "+
|
||||
"version %d", pver)
|
||||
return messageError("MsgFilterLoad.BtcDecode", str)
|
||||
}
|
||||
|
||||
var err error
|
||||
msg.Filter, err = ReadVarBytes(r, pver, MaxFilterLoadFilterSize,
|
||||
"filterload filter size")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
err = readElements(r, &msg.HashFuncs, &msg.Tweak, &msg.Flags)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if msg.HashFuncs > MaxFilterLoadHashFuncs {
|
||||
str := fmt.Sprintf("too many filter hash functions for message "+
|
||||
"[count %v, max %v]", msg.HashFuncs, MaxFilterLoadHashFuncs)
|
||||
return messageError("MsgFilterLoad.BtcDecode", str)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// BtcEncode encodes the receiver to w using the bitcoin protocol encoding.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgFilterLoad) BtcEncode(w io.Writer, pver uint32) error {
|
||||
if pver < BIP0037Version {
|
||||
str := fmt.Sprintf("filterload message invalid for protocol "+
|
||||
"version %d", pver)
|
||||
return messageError("MsgFilterLoad.BtcEncode", str)
|
||||
}
|
||||
|
||||
size := len(msg.Filter)
|
||||
if size > MaxFilterLoadFilterSize {
|
||||
str := fmt.Sprintf("filterload filter size too large for message "+
|
||||
"[size %v, max %v]", size, MaxFilterLoadFilterSize)
|
||||
return messageError("MsgFilterLoad.BtcEncode", str)
|
||||
}
|
||||
|
||||
if msg.HashFuncs > MaxFilterLoadHashFuncs {
|
||||
str := fmt.Sprintf("too many filter hash functions for message "+
|
||||
"[count %v, max %v]", msg.HashFuncs, MaxFilterLoadHashFuncs)
|
||||
return messageError("MsgFilterLoad.BtcEncode", str)
|
||||
}
|
||||
|
||||
err := WriteVarBytes(w, pver, msg.Filter)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
err = writeElements(w, msg.HashFuncs, msg.Tweak, msg.Flags)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// Command returns the protocol command string for the message. This is part
|
||||
// of the Message interface implementation.
|
||||
func (msg *MsgFilterLoad) Command() string {
|
||||
return CmdFilterLoad
|
||||
}
|
||||
|
||||
// MaxPayloadLength returns the maximum length the payload can be for the
|
||||
// receiver. This is part of the Message interface implementation.
|
||||
func (msg *MsgFilterLoad) MaxPayloadLength(pver uint32) uint32 {
|
||||
// Num filter bytes (varInt) + filter + 4 bytes hash funcs +
|
||||
// 4 bytes tweak + 1 byte flags.
|
||||
return uint32(VarIntSerializeSize(MaxFilterLoadFilterSize)) +
|
||||
MaxFilterLoadFilterSize + 9
|
||||
}
|
||||
|
||||
// NewMsgFilterLoad returns a new bitcoin filterload message that conforms to
|
||||
// the Message interface. See MsgFilterLoad for details.
|
||||
func NewMsgFilterLoad(filter []byte, hashFuncs uint32, tweak uint32, flags BloomUpdateType) *MsgFilterLoad {
|
||||
return &MsgFilterLoad{
|
||||
Filter: filter,
|
||||
HashFuncs: hashFuncs,
|
||||
Tweak: tweak,
|
||||
Flags: flags,
|
||||
}
|
||||
}
|
47
src/vendor/github.com/btcsuite/btcd/wire/msggetaddr.go
generated
vendored
Normal file
47
src/vendor/github.com/btcsuite/btcd/wire/msggetaddr.go
generated
vendored
Normal file
|
@ -0,0 +1,47 @@
|
|||
// Copyright (c) 2013-2015 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package wire
|
||||
|
||||
import (
|
||||
"io"
|
||||
)
|
||||
|
||||
// MsgGetAddr implements the Message interface and represents a bitcoin
|
||||
// getaddr message. It is used to request a list of known active peers on the
|
||||
// network from a peer to help identify potential nodes. The list is returned
|
||||
// via one or more addr messages (MsgAddr).
|
||||
//
|
||||
// This message has no payload.
|
||||
type MsgGetAddr struct{}
|
||||
|
||||
// BtcDecode decodes r using the bitcoin protocol encoding into the receiver.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgGetAddr) BtcDecode(r io.Reader, pver uint32) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// BtcEncode encodes the receiver to w using the bitcoin protocol encoding.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgGetAddr) BtcEncode(w io.Writer, pver uint32) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// Command returns the protocol command string for the message. This is part
|
||||
// of the Message interface implementation.
|
||||
func (msg *MsgGetAddr) Command() string {
|
||||
return CmdGetAddr
|
||||
}
|
||||
|
||||
// MaxPayloadLength returns the maximum length the payload can be for the
|
||||
// receiver. This is part of the Message interface implementation.
|
||||
func (msg *MsgGetAddr) MaxPayloadLength(pver uint32) uint32 {
|
||||
return 0
|
||||
}
|
||||
|
||||
// NewMsgGetAddr returns a new bitcoin getaddr message that conforms to the
|
||||
// Message interface. See MsgGetAddr for details.
|
||||
func NewMsgGetAddr() *MsgGetAddr {
|
||||
return &MsgGetAddr{}
|
||||
}
|
149
src/vendor/github.com/btcsuite/btcd/wire/msggetblocks.go
generated
vendored
Normal file
149
src/vendor/github.com/btcsuite/btcd/wire/msggetblocks.go
generated
vendored
Normal file
|
@ -0,0 +1,149 @@
|
|||
// Copyright (c) 2013-2016 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package wire
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io"
|
||||
|
||||
"github.com/btcsuite/btcd/chaincfg/chainhash"
|
||||
)
|
||||
|
||||
// MaxBlockLocatorsPerMsg is the maximum number of block locator hashes allowed
|
||||
// per message.
|
||||
const MaxBlockLocatorsPerMsg = 500
|
||||
|
||||
// MsgGetBlocks implements the Message interface and represents a bitcoin
|
||||
// getblocks message. It is used to request a list of blocks starting after the
|
||||
// last known hash in the slice of block locator hashes. The list is returned
|
||||
// via an inv message (MsgInv) and is limited by a specific hash to stop at or
|
||||
// the maximum number of blocks per message, which is currently 500.
|
||||
//
|
||||
// Set the HashStop field to the hash at which to stop and use
|
||||
// AddBlockLocatorHash to build up the list of block locator hashes.
|
||||
//
|
||||
// The algorithm for building the block locator hashes should be to add the
|
||||
// hashes in reverse order until you reach the genesis block. In order to keep
|
||||
// the list of locator hashes to a reasonable number of entries, first add the
|
||||
// most recent 10 block hashes, then double the step each loop iteration to
|
||||
// exponentially decrease the number of hashes the further away from head and
|
||||
// closer to the genesis block you get.
|
||||
type MsgGetBlocks struct {
|
||||
ProtocolVersion uint32
|
||||
BlockLocatorHashes []*chainhash.Hash
|
||||
HashStop chainhash.Hash
|
||||
}
|
||||
|
||||
// AddBlockLocatorHash adds a new block locator hash to the message.
|
||||
func (msg *MsgGetBlocks) AddBlockLocatorHash(hash *chainhash.Hash) error {
|
||||
if len(msg.BlockLocatorHashes)+1 > MaxBlockLocatorsPerMsg {
|
||||
str := fmt.Sprintf("too many block locator hashes for message [max %v]",
|
||||
MaxBlockLocatorsPerMsg)
|
||||
return messageError("MsgGetBlocks.AddBlockLocatorHash", str)
|
||||
}
|
||||
|
||||
msg.BlockLocatorHashes = append(msg.BlockLocatorHashes, hash)
|
||||
return nil
|
||||
}
|
||||
|
||||
// BtcDecode decodes r using the bitcoin protocol encoding into the receiver.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgGetBlocks) BtcDecode(r io.Reader, pver uint32) error {
|
||||
err := readElement(r, &msg.ProtocolVersion)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Read num block locator hashes and limit to max.
|
||||
count, err := ReadVarInt(r, pver)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if count > MaxBlockLocatorsPerMsg {
|
||||
str := fmt.Sprintf("too many block locator hashes for message "+
|
||||
"[count %v, max %v]", count, MaxBlockLocatorsPerMsg)
|
||||
return messageError("MsgGetBlocks.BtcDecode", str)
|
||||
}
|
||||
|
||||
// Create a contiguous slice of hashes to deserialize into in order to
|
||||
// reduce the number of allocations.
|
||||
locatorHashes := make([]chainhash.Hash, count)
|
||||
msg.BlockLocatorHashes = make([]*chainhash.Hash, 0, count)
|
||||
for i := uint64(0); i < count; i++ {
|
||||
hash := &locatorHashes[i]
|
||||
err := readElement(r, hash)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
msg.AddBlockLocatorHash(hash)
|
||||
}
|
||||
|
||||
err = readElement(r, &msg.HashStop)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// BtcEncode encodes the receiver to w using the bitcoin protocol encoding.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgGetBlocks) BtcEncode(w io.Writer, pver uint32) error {
|
||||
count := len(msg.BlockLocatorHashes)
|
||||
if count > MaxBlockLocatorsPerMsg {
|
||||
str := fmt.Sprintf("too many block locator hashes for message "+
|
||||
"[count %v, max %v]", count, MaxBlockLocatorsPerMsg)
|
||||
return messageError("MsgGetBlocks.BtcEncode", str)
|
||||
}
|
||||
|
||||
err := writeElement(w, msg.ProtocolVersion)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
err = WriteVarInt(w, pver, uint64(count))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
for _, hash := range msg.BlockLocatorHashes {
|
||||
err = writeElement(w, hash)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
err = writeElement(w, &msg.HashStop)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// Command returns the protocol command string for the message. This is part
|
||||
// of the Message interface implementation.
|
||||
func (msg *MsgGetBlocks) Command() string {
|
||||
return CmdGetBlocks
|
||||
}
|
||||
|
||||
// MaxPayloadLength returns the maximum length the payload can be for the
|
||||
// receiver. This is part of the Message interface implementation.
|
||||
func (msg *MsgGetBlocks) MaxPayloadLength(pver uint32) uint32 {
|
||||
// Protocol version 4 bytes + num hashes (varInt) + max block locator
|
||||
// hashes + hash stop.
|
||||
return 4 + MaxVarIntPayload + (MaxBlockLocatorsPerMsg * chainhash.HashSize) + chainhash.HashSize
|
||||
}
|
||||
|
||||
// NewMsgGetBlocks returns a new bitcoin getblocks message that conforms to the
|
||||
// Message interface using the passed parameters and defaults for the remaining
|
||||
// fields.
|
||||
func NewMsgGetBlocks(hashStop *chainhash.Hash) *MsgGetBlocks {
|
||||
return &MsgGetBlocks{
|
||||
ProtocolVersion: ProtocolVersion,
|
||||
BlockLocatorHashes: make([]*chainhash.Hash, 0, MaxBlockLocatorsPerMsg),
|
||||
HashStop: *hashStop,
|
||||
}
|
||||
}
|
133
src/vendor/github.com/btcsuite/btcd/wire/msggetdata.go
generated
vendored
Normal file
133
src/vendor/github.com/btcsuite/btcd/wire/msggetdata.go
generated
vendored
Normal file
|
@ -0,0 +1,133 @@
|
|||
// Copyright (c) 2013-2015 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package wire
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io"
|
||||
)
|
||||
|
||||
// MsgGetData implements the Message interface and represents a bitcoin
|
||||
// getdata message. It is used to request data such as blocks and transactions
|
||||
// from another peer. It should be used in response to the inv (MsgInv) message
|
||||
// to request the actual data referenced by each inventory vector the receiving
|
||||
// peer doesn't already have. Each message is limited to a maximum number of
|
||||
// inventory vectors, which is currently 50,000. As a result, multiple messages
|
||||
// must be used to request larger amounts of data.
|
||||
//
|
||||
// Use the AddInvVect function to build up the list of inventory vectors when
|
||||
// sending a getdata message to another peer.
|
||||
type MsgGetData struct {
|
||||
InvList []*InvVect
|
||||
}
|
||||
|
||||
// AddInvVect adds an inventory vector to the message.
|
||||
func (msg *MsgGetData) AddInvVect(iv *InvVect) error {
|
||||
if len(msg.InvList)+1 > MaxInvPerMsg {
|
||||
str := fmt.Sprintf("too many invvect in message [max %v]",
|
||||
MaxInvPerMsg)
|
||||
return messageError("MsgGetData.AddInvVect", str)
|
||||
}
|
||||
|
||||
msg.InvList = append(msg.InvList, iv)
|
||||
return nil
|
||||
}
|
||||
|
||||
// BtcDecode decodes r using the bitcoin protocol encoding into the receiver.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgGetData) BtcDecode(r io.Reader, pver uint32) error {
|
||||
count, err := ReadVarInt(r, pver)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Limit to max inventory vectors per message.
|
||||
if count > MaxInvPerMsg {
|
||||
str := fmt.Sprintf("too many invvect in message [%v]", count)
|
||||
return messageError("MsgGetData.BtcDecode", str)
|
||||
}
|
||||
|
||||
// Create a contiguous slice of inventory vectors to deserialize into in
|
||||
// order to reduce the number of allocations.
|
||||
invList := make([]InvVect, count)
|
||||
msg.InvList = make([]*InvVect, 0, count)
|
||||
for i := uint64(0); i < count; i++ {
|
||||
iv := &invList[i]
|
||||
err := readInvVect(r, pver, iv)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
msg.AddInvVect(iv)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// BtcEncode encodes the receiver to w using the bitcoin protocol encoding.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgGetData) BtcEncode(w io.Writer, pver uint32) error {
|
||||
// Limit to max inventory vectors per message.
|
||||
count := len(msg.InvList)
|
||||
if count > MaxInvPerMsg {
|
||||
str := fmt.Sprintf("too many invvect in message [%v]", count)
|
||||
return messageError("MsgGetData.BtcEncode", str)
|
||||
}
|
||||
|
||||
err := WriteVarInt(w, pver, uint64(count))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
for _, iv := range msg.InvList {
|
||||
err := writeInvVect(w, pver, iv)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// Command returns the protocol command string for the message. This is part
|
||||
// of the Message interface implementation.
|
||||
func (msg *MsgGetData) Command() string {
|
||||
return CmdGetData
|
||||
}
|
||||
|
||||
// MaxPayloadLength returns the maximum length the payload can be for the
|
||||
// receiver. This is part of the Message interface implementation.
|
||||
func (msg *MsgGetData) MaxPayloadLength(pver uint32) uint32 {
|
||||
// Num inventory vectors (varInt) + max allowed inventory vectors.
|
||||
return MaxVarIntPayload + (MaxInvPerMsg * maxInvVectPayload)
|
||||
}
|
||||
|
||||
// NewMsgGetData returns a new bitcoin getdata message that conforms to the
|
||||
// Message interface. See MsgGetData for details.
|
||||
func NewMsgGetData() *MsgGetData {
|
||||
return &MsgGetData{
|
||||
InvList: make([]*InvVect, 0, defaultInvListAlloc),
|
||||
}
|
||||
}
|
||||
|
||||
// NewMsgGetDataSizeHint returns a new bitcoin getdata message that conforms to
|
||||
// the Message interface. See MsgGetData for details. This function differs
|
||||
// from NewMsgGetData in that it allows a default allocation size for the
|
||||
// backing array which houses the inventory vector list. This allows callers
|
||||
// who know in advance how large the inventory list will grow to avoid the
|
||||
// overhead of growing the internal backing array several times when appending
|
||||
// large amounts of inventory vectors with AddInvVect. Note that the specified
|
||||
// hint is just that - a hint that is used for the default allocation size.
|
||||
// Adding more (or less) inventory vectors will still work properly. The size
|
||||
// hint is limited to MaxInvPerMsg.
|
||||
func NewMsgGetDataSizeHint(sizeHint uint) *MsgGetData {
|
||||
// Limit the specified hint to the maximum allow per message.
|
||||
if sizeHint > MaxInvPerMsg {
|
||||
sizeHint = MaxInvPerMsg
|
||||
}
|
||||
|
||||
return &MsgGetData{
|
||||
InvList: make([]*InvVect, 0, sizeHint),
|
||||
}
|
||||
}
|
146
src/vendor/github.com/btcsuite/btcd/wire/msggetheaders.go
generated
vendored
Normal file
146
src/vendor/github.com/btcsuite/btcd/wire/msggetheaders.go
generated
vendored
Normal file
|
@ -0,0 +1,146 @@
|
|||
// Copyright (c) 2013-2016 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package wire
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io"
|
||||
|
||||
"github.com/btcsuite/btcd/chaincfg/chainhash"
|
||||
)
|
||||
|
||||
// MsgGetHeaders implements the Message interface and represents a bitcoin
|
||||
// getheaders message. It is used to request a list of block headers for
|
||||
// blocks starting after the last known hash in the slice of block locator
|
||||
// hashes. The list is returned via a headers message (MsgHeaders) and is
|
||||
// limited by a specific hash to stop at or the maximum number of block headers
|
||||
// per message, which is currently 2000.
|
||||
//
|
||||
// Set the HashStop field to the hash at which to stop and use
|
||||
// AddBlockLocatorHash to build up the list of block locator hashes.
|
||||
//
|
||||
// The algorithm for building the block locator hashes should be to add the
|
||||
// hashes in reverse order until you reach the genesis block. In order to keep
|
||||
// the list of locator hashes to a resonable number of entries, first add the
|
||||
// most recent 10 block hashes, then double the step each loop iteration to
|
||||
// exponentially decrease the number of hashes the further away from head and
|
||||
// closer to the genesis block you get.
|
||||
type MsgGetHeaders struct {
|
||||
ProtocolVersion uint32
|
||||
BlockLocatorHashes []*chainhash.Hash
|
||||
HashStop chainhash.Hash
|
||||
}
|
||||
|
||||
// AddBlockLocatorHash adds a new block locator hash to the message.
|
||||
func (msg *MsgGetHeaders) AddBlockLocatorHash(hash *chainhash.Hash) error {
|
||||
if len(msg.BlockLocatorHashes)+1 > MaxBlockLocatorsPerMsg {
|
||||
str := fmt.Sprintf("too many block locator hashes for message [max %v]",
|
||||
MaxBlockLocatorsPerMsg)
|
||||
return messageError("MsgGetHeaders.AddBlockLocatorHash", str)
|
||||
}
|
||||
|
||||
msg.BlockLocatorHashes = append(msg.BlockLocatorHashes, hash)
|
||||
return nil
|
||||
}
|
||||
|
||||
// BtcDecode decodes r using the bitcoin protocol encoding into the receiver.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgGetHeaders) BtcDecode(r io.Reader, pver uint32) error {
|
||||
err := readElement(r, &msg.ProtocolVersion)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Read num block locator hashes and limit to max.
|
||||
count, err := ReadVarInt(r, pver)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if count > MaxBlockLocatorsPerMsg {
|
||||
str := fmt.Sprintf("too many block locator hashes for message "+
|
||||
"[count %v, max %v]", count, MaxBlockLocatorsPerMsg)
|
||||
return messageError("MsgGetHeaders.BtcDecode", str)
|
||||
}
|
||||
|
||||
// Create a contiguous slice of hashes to deserialize into in order to
|
||||
// reduce the number of allocations.
|
||||
locatorHashes := make([]chainhash.Hash, count)
|
||||
msg.BlockLocatorHashes = make([]*chainhash.Hash, 0, count)
|
||||
for i := uint64(0); i < count; i++ {
|
||||
hash := &locatorHashes[i]
|
||||
err := readElement(r, hash)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
msg.AddBlockLocatorHash(hash)
|
||||
}
|
||||
|
||||
err = readElement(r, &msg.HashStop)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// BtcEncode encodes the receiver to w using the bitcoin protocol encoding.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgGetHeaders) BtcEncode(w io.Writer, pver uint32) error {
|
||||
// Limit to max block locator hashes per message.
|
||||
count := len(msg.BlockLocatorHashes)
|
||||
if count > MaxBlockLocatorsPerMsg {
|
||||
str := fmt.Sprintf("too many block locator hashes for message "+
|
||||
"[count %v, max %v]", count, MaxBlockLocatorsPerMsg)
|
||||
return messageError("MsgGetHeaders.BtcEncode", str)
|
||||
}
|
||||
|
||||
err := writeElement(w, msg.ProtocolVersion)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
err = WriteVarInt(w, pver, uint64(count))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
for _, hash := range msg.BlockLocatorHashes {
|
||||
err := writeElement(w, hash)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
err = writeElement(w, &msg.HashStop)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// Command returns the protocol command string for the message. This is part
|
||||
// of the Message interface implementation.
|
||||
func (msg *MsgGetHeaders) Command() string {
|
||||
return CmdGetHeaders
|
||||
}
|
||||
|
||||
// MaxPayloadLength returns the maximum length the payload can be for the
|
||||
// receiver. This is part of the Message interface implementation.
|
||||
func (msg *MsgGetHeaders) MaxPayloadLength(pver uint32) uint32 {
|
||||
// Version 4 bytes + num block locator hashes (varInt) + max allowed block
|
||||
// locators + hash stop.
|
||||
return 4 + MaxVarIntPayload + (MaxBlockLocatorsPerMsg *
|
||||
chainhash.HashSize) + chainhash.HashSize
|
||||
}
|
||||
|
||||
// NewMsgGetHeaders returns a new bitcoin getheaders message that conforms to
|
||||
// the Message interface. See MsgGetHeaders for details.
|
||||
func NewMsgGetHeaders() *MsgGetHeaders {
|
||||
return &MsgGetHeaders{
|
||||
BlockLocatorHashes: make([]*chainhash.Hash, 0,
|
||||
MaxBlockLocatorsPerMsg),
|
||||
}
|
||||
}
|
136
src/vendor/github.com/btcsuite/btcd/wire/msgheaders.go
generated
vendored
Normal file
136
src/vendor/github.com/btcsuite/btcd/wire/msgheaders.go
generated
vendored
Normal file
|
@ -0,0 +1,136 @@
|
|||
// Copyright (c) 2013-2016 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package wire
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io"
|
||||
)
|
||||
|
||||
// MaxBlockHeadersPerMsg is the maximum number of block headers that can be in
|
||||
// a single bitcoin headers message.
|
||||
const MaxBlockHeadersPerMsg = 2000
|
||||
|
||||
// MsgHeaders implements the Message interface and represents a bitcoin headers
|
||||
// message. It is used to deliver block header information in response
|
||||
// to a getheaders message (MsgGetHeaders). The maximum number of block headers
|
||||
// per message is currently 2000. See MsgGetHeaders for details on requesting
|
||||
// the headers.
|
||||
type MsgHeaders struct {
|
||||
Headers []*BlockHeader
|
||||
}
|
||||
|
||||
// AddBlockHeader adds a new block header to the message.
|
||||
func (msg *MsgHeaders) AddBlockHeader(bh *BlockHeader) error {
|
||||
if len(msg.Headers)+1 > MaxBlockHeadersPerMsg {
|
||||
str := fmt.Sprintf("too many block headers in message [max %v]",
|
||||
MaxBlockHeadersPerMsg)
|
||||
return messageError("MsgHeaders.AddBlockHeader", str)
|
||||
}
|
||||
|
||||
msg.Headers = append(msg.Headers, bh)
|
||||
return nil
|
||||
}
|
||||
|
||||
// BtcDecode decodes r using the bitcoin protocol encoding into the receiver.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgHeaders) BtcDecode(r io.Reader, pver uint32) error {
|
||||
count, err := ReadVarInt(r, pver)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Limit to max block headers per message.
|
||||
if count > MaxBlockHeadersPerMsg {
|
||||
str := fmt.Sprintf("too many block headers for message "+
|
||||
"[count %v, max %v]", count, MaxBlockHeadersPerMsg)
|
||||
return messageError("MsgHeaders.BtcDecode", str)
|
||||
}
|
||||
|
||||
// Create a contiguous slice of headers to deserialize into in order to
|
||||
// reduce the number of allocations.
|
||||
headers := make([]BlockHeader, count)
|
||||
msg.Headers = make([]*BlockHeader, 0, count)
|
||||
for i := uint64(0); i < count; i++ {
|
||||
bh := &headers[i]
|
||||
err := readBlockHeader(r, pver, bh)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
txCount, err := ReadVarInt(r, pver)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Ensure the transaction count is zero for headers.
|
||||
if txCount > 0 {
|
||||
str := fmt.Sprintf("block headers may not contain "+
|
||||
"transactions [count %v]", txCount)
|
||||
return messageError("MsgHeaders.BtcDecode", str)
|
||||
}
|
||||
msg.AddBlockHeader(bh)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// BtcEncode encodes the receiver to w using the bitcoin protocol encoding.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgHeaders) BtcEncode(w io.Writer, pver uint32) error {
|
||||
// Limit to max block headers per message.
|
||||
count := len(msg.Headers)
|
||||
if count > MaxBlockHeadersPerMsg {
|
||||
str := fmt.Sprintf("too many block headers for message "+
|
||||
"[count %v, max %v]", count, MaxBlockHeadersPerMsg)
|
||||
return messageError("MsgHeaders.BtcEncode", str)
|
||||
}
|
||||
|
||||
err := WriteVarInt(w, pver, uint64(count))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
for _, bh := range msg.Headers {
|
||||
err := writeBlockHeader(w, pver, bh)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// The wire protocol encoding always includes a 0 for the number
|
||||
// of transactions on header messages. This is really just an
|
||||
// artifact of the way the original implementation serializes
|
||||
// block headers, but it is required.
|
||||
err = WriteVarInt(w, pver, 0)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// Command returns the protocol command string for the message. This is part
|
||||
// of the Message interface implementation.
|
||||
func (msg *MsgHeaders) Command() string {
|
||||
return CmdHeaders
|
||||
}
|
||||
|
||||
// MaxPayloadLength returns the maximum length the payload can be for the
|
||||
// receiver. This is part of the Message interface implementation.
|
||||
func (msg *MsgHeaders) MaxPayloadLength(pver uint32) uint32 {
|
||||
// Num headers (varInt) + max allowed headers (header length + 1 byte
|
||||
// for the number of transactions which is always 0).
|
||||
return MaxVarIntPayload + ((MaxBlockHeaderPayload + 1) *
|
||||
MaxBlockHeadersPerMsg)
|
||||
}
|
||||
|
||||
// NewMsgHeaders returns a new bitcoin headers message that conforms to the
|
||||
// Message interface. See MsgHeaders for details.
|
||||
func NewMsgHeaders() *MsgHeaders {
|
||||
return &MsgHeaders{
|
||||
Headers: make([]*BlockHeader, 0, MaxBlockHeadersPerMsg),
|
||||
}
|
||||
}
|
141
src/vendor/github.com/btcsuite/btcd/wire/msginv.go
generated
vendored
Normal file
141
src/vendor/github.com/btcsuite/btcd/wire/msginv.go
generated
vendored
Normal file
|
@ -0,0 +1,141 @@
|
|||
// Copyright (c) 2013-2015 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package wire
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io"
|
||||
)
|
||||
|
||||
// defaultInvListAlloc is the default size used for the backing array for an
|
||||
// inventory list. The array will dynamically grow as needed, but this
|
||||
// figure is intended to provide enough space for the max number of inventory
|
||||
// vectors in a *typical* inventory message without needing to grow the backing
|
||||
// array multiple times. Technically, the list can grow to MaxInvPerMsg, but
|
||||
// rather than using that large figure, this figure more accurately reflects the
|
||||
// typical case.
|
||||
const defaultInvListAlloc = 1000
|
||||
|
||||
// MsgInv implements the Message interface and represents a bitcoin inv message.
|
||||
// It is used to advertise a peer's known data such as blocks and transactions
|
||||
// through inventory vectors. It may be sent unsolicited to inform other peers
|
||||
// of the data or in response to a getblocks message (MsgGetBlocks). Each
|
||||
// message is limited to a maximum number of inventory vectors, which is
|
||||
// currently 50,000.
|
||||
//
|
||||
// Use the AddInvVect function to build up the list of inventory vectors when
|
||||
// sending an inv message to another peer.
|
||||
type MsgInv struct {
|
||||
InvList []*InvVect
|
||||
}
|
||||
|
||||
// AddInvVect adds an inventory vector to the message.
|
||||
func (msg *MsgInv) AddInvVect(iv *InvVect) error {
|
||||
if len(msg.InvList)+1 > MaxInvPerMsg {
|
||||
str := fmt.Sprintf("too many invvect in message [max %v]",
|
||||
MaxInvPerMsg)
|
||||
return messageError("MsgInv.AddInvVect", str)
|
||||
}
|
||||
|
||||
msg.InvList = append(msg.InvList, iv)
|
||||
return nil
|
||||
}
|
||||
|
||||
// BtcDecode decodes r using the bitcoin protocol encoding into the receiver.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgInv) BtcDecode(r io.Reader, pver uint32) error {
|
||||
count, err := ReadVarInt(r, pver)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Limit to max inventory vectors per message.
|
||||
if count > MaxInvPerMsg {
|
||||
str := fmt.Sprintf("too many invvect in message [%v]", count)
|
||||
return messageError("MsgInv.BtcDecode", str)
|
||||
}
|
||||
|
||||
// Create a contiguous slice of inventory vectors to deserialize into in
|
||||
// order to reduce the number of allocations.
|
||||
invList := make([]InvVect, count)
|
||||
msg.InvList = make([]*InvVect, 0, count)
|
||||
for i := uint64(0); i < count; i++ {
|
||||
iv := &invList[i]
|
||||
err := readInvVect(r, pver, iv)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
msg.AddInvVect(iv)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// BtcEncode encodes the receiver to w using the bitcoin protocol encoding.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgInv) BtcEncode(w io.Writer, pver uint32) error {
|
||||
// Limit to max inventory vectors per message.
|
||||
count := len(msg.InvList)
|
||||
if count > MaxInvPerMsg {
|
||||
str := fmt.Sprintf("too many invvect in message [%v]", count)
|
||||
return messageError("MsgInv.BtcEncode", str)
|
||||
}
|
||||
|
||||
err := WriteVarInt(w, pver, uint64(count))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
for _, iv := range msg.InvList {
|
||||
err := writeInvVect(w, pver, iv)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// Command returns the protocol command string for the message. This is part
|
||||
// of the Message interface implementation.
|
||||
func (msg *MsgInv) Command() string {
|
||||
return CmdInv
|
||||
}
|
||||
|
||||
// MaxPayloadLength returns the maximum length the payload can be for the
|
||||
// receiver. This is part of the Message interface implementation.
|
||||
func (msg *MsgInv) MaxPayloadLength(pver uint32) uint32 {
|
||||
// Num inventory vectors (varInt) + max allowed inventory vectors.
|
||||
return MaxVarIntPayload + (MaxInvPerMsg * maxInvVectPayload)
|
||||
}
|
||||
|
||||
// NewMsgInv returns a new bitcoin inv message that conforms to the Message
|
||||
// interface. See MsgInv for details.
|
||||
func NewMsgInv() *MsgInv {
|
||||
return &MsgInv{
|
||||
InvList: make([]*InvVect, 0, defaultInvListAlloc),
|
||||
}
|
||||
}
|
||||
|
||||
// NewMsgInvSizeHint returns a new bitcoin inv message that conforms to the
|
||||
// Message interface. See MsgInv for details. This function differs from
|
||||
// NewMsgInv in that it allows a default allocation size for the backing array
|
||||
// which houses the inventory vector list. This allows callers who know in
|
||||
// advance how large the inventory list will grow to avoid the overhead of
|
||||
// growing the internal backing array several times when appending large amounts
|
||||
// of inventory vectors with AddInvVect. Note that the specified hint is just
|
||||
// that - a hint that is used for the default allocation size. Adding more
|
||||
// (or less) inventory vectors will still work properly. The size hint is
|
||||
// limited to MaxInvPerMsg.
|
||||
func NewMsgInvSizeHint(sizeHint uint) *MsgInv {
|
||||
// Limit the specified hint to the maximum allow per message.
|
||||
if sizeHint > MaxInvPerMsg {
|
||||
sizeHint = MaxInvPerMsg
|
||||
}
|
||||
|
||||
return &MsgInv{
|
||||
InvList: make([]*InvVect, 0, sizeHint),
|
||||
}
|
||||
}
|
60
src/vendor/github.com/btcsuite/btcd/wire/msgmempool.go
generated
vendored
Normal file
60
src/vendor/github.com/btcsuite/btcd/wire/msgmempool.go
generated
vendored
Normal file
|
@ -0,0 +1,60 @@
|
|||
// Copyright (c) 2013-2015 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package wire
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io"
|
||||
)
|
||||
|
||||
// MsgMemPool implements the Message interface and represents a bitcoin mempool
|
||||
// message. It is used to request a list of transactions still in the active
|
||||
// memory pool of a relay.
|
||||
//
|
||||
// This message has no payload and was not added until protocol versions
|
||||
// starting with BIP0035Version.
|
||||
type MsgMemPool struct{}
|
||||
|
||||
// BtcDecode decodes r using the bitcoin protocol encoding into the receiver.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgMemPool) BtcDecode(r io.Reader, pver uint32) error {
|
||||
if pver < BIP0035Version {
|
||||
str := fmt.Sprintf("mempool message invalid for protocol "+
|
||||
"version %d", pver)
|
||||
return messageError("MsgMemPool.BtcDecode", str)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// BtcEncode encodes the receiver to w using the bitcoin protocol encoding.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgMemPool) BtcEncode(w io.Writer, pver uint32) error {
|
||||
if pver < BIP0035Version {
|
||||
str := fmt.Sprintf("mempool message invalid for protocol "+
|
||||
"version %d", pver)
|
||||
return messageError("MsgMemPool.BtcEncode", str)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// Command returns the protocol command string for the message. This is part
|
||||
// of the Message interface implementation.
|
||||
func (msg *MsgMemPool) Command() string {
|
||||
return CmdMemPool
|
||||
}
|
||||
|
||||
// MaxPayloadLength returns the maximum length the payload can be for the
|
||||
// receiver. This is part of the Message interface implementation.
|
||||
func (msg *MsgMemPool) MaxPayloadLength(pver uint32) uint32 {
|
||||
return 0
|
||||
}
|
||||
|
||||
// NewMsgMemPool returns a new bitcoin pong message that conforms to the Message
|
||||
// interface. See MsgPong for details.
|
||||
func NewMsgMemPool() *MsgMemPool {
|
||||
return &MsgMemPool{}
|
||||
}
|
168
src/vendor/github.com/btcsuite/btcd/wire/msgmerkleblock.go
generated
vendored
Normal file
168
src/vendor/github.com/btcsuite/btcd/wire/msgmerkleblock.go
generated
vendored
Normal file
|
@ -0,0 +1,168 @@
|
|||
// Copyright (c) 2014-2016 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package wire
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io"
|
||||
|
||||
"github.com/btcsuite/btcd/chaincfg/chainhash"
|
||||
)
|
||||
|
||||
// maxFlagsPerMerkleBlock is the maximum number of flag bytes that could
|
||||
// possibly fit into a merkle block. Since each transaction is represented by
|
||||
// a single bit, this is the max number of transactions per block divided by
|
||||
// 8 bits per byte. Then an extra one to cover partials.
|
||||
const maxFlagsPerMerkleBlock = maxTxPerBlock / 8
|
||||
|
||||
// MsgMerkleBlock implements the Message interface and represents a bitcoin
|
||||
// merkleblock message which is used to reset a Bloom filter.
|
||||
//
|
||||
// This message was not added until protocol version BIP0037Version.
|
||||
type MsgMerkleBlock struct {
|
||||
Header BlockHeader
|
||||
Transactions uint32
|
||||
Hashes []*chainhash.Hash
|
||||
Flags []byte
|
||||
}
|
||||
|
||||
// AddTxHash adds a new transaction hash to the message.
|
||||
func (msg *MsgMerkleBlock) AddTxHash(hash *chainhash.Hash) error {
|
||||
if len(msg.Hashes)+1 > maxTxPerBlock {
|
||||
str := fmt.Sprintf("too many tx hashes for message [max %v]",
|
||||
maxTxPerBlock)
|
||||
return messageError("MsgMerkleBlock.AddTxHash", str)
|
||||
}
|
||||
|
||||
msg.Hashes = append(msg.Hashes, hash)
|
||||
return nil
|
||||
}
|
||||
|
||||
// BtcDecode decodes r using the bitcoin protocol encoding into the receiver.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgMerkleBlock) BtcDecode(r io.Reader, pver uint32) error {
|
||||
if pver < BIP0037Version {
|
||||
str := fmt.Sprintf("merkleblock message invalid for protocol "+
|
||||
"version %d", pver)
|
||||
return messageError("MsgMerkleBlock.BtcDecode", str)
|
||||
}
|
||||
|
||||
err := readBlockHeader(r, pver, &msg.Header)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
err = readElement(r, &msg.Transactions)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Read num block locator hashes and limit to max.
|
||||
count, err := ReadVarInt(r, pver)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if count > maxTxPerBlock {
|
||||
str := fmt.Sprintf("too many transaction hashes for message "+
|
||||
"[count %v, max %v]", count, maxTxPerBlock)
|
||||
return messageError("MsgMerkleBlock.BtcDecode", str)
|
||||
}
|
||||
|
||||
// Create a contiguous slice of hashes to deserialize into in order to
|
||||
// reduce the number of allocations.
|
||||
hashes := make([]chainhash.Hash, count)
|
||||
msg.Hashes = make([]*chainhash.Hash, 0, count)
|
||||
for i := uint64(0); i < count; i++ {
|
||||
hash := &hashes[i]
|
||||
err := readElement(r, hash)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
msg.AddTxHash(hash)
|
||||
}
|
||||
|
||||
msg.Flags, err = ReadVarBytes(r, pver, maxFlagsPerMerkleBlock,
|
||||
"merkle block flags size")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// BtcEncode encodes the receiver to w using the bitcoin protocol encoding.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgMerkleBlock) BtcEncode(w io.Writer, pver uint32) error {
|
||||
if pver < BIP0037Version {
|
||||
str := fmt.Sprintf("merkleblock message invalid for protocol "+
|
||||
"version %d", pver)
|
||||
return messageError("MsgMerkleBlock.BtcEncode", str)
|
||||
}
|
||||
|
||||
// Read num transaction hashes and limit to max.
|
||||
numHashes := len(msg.Hashes)
|
||||
if numHashes > maxTxPerBlock {
|
||||
str := fmt.Sprintf("too many transaction hashes for message "+
|
||||
"[count %v, max %v]", numHashes, maxTxPerBlock)
|
||||
return messageError("MsgMerkleBlock.BtcDecode", str)
|
||||
}
|
||||
numFlagBytes := len(msg.Flags)
|
||||
if numFlagBytes > maxFlagsPerMerkleBlock {
|
||||
str := fmt.Sprintf("too many flag bytes for message [count %v, "+
|
||||
"max %v]", numFlagBytes, maxFlagsPerMerkleBlock)
|
||||
return messageError("MsgMerkleBlock.BtcDecode", str)
|
||||
}
|
||||
|
||||
err := writeBlockHeader(w, pver, &msg.Header)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
err = writeElement(w, msg.Transactions)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
err = WriteVarInt(w, pver, uint64(numHashes))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for _, hash := range msg.Hashes {
|
||||
err = writeElement(w, hash)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
err = WriteVarBytes(w, pver, msg.Flags)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// Command returns the protocol command string for the message. This is part
|
||||
// of the Message interface implementation.
|
||||
func (msg *MsgMerkleBlock) Command() string {
|
||||
return CmdMerkleBlock
|
||||
}
|
||||
|
||||
// MaxPayloadLength returns the maximum length the payload can be for the
|
||||
// receiver. This is part of the Message interface implementation.
|
||||
func (msg *MsgMerkleBlock) MaxPayloadLength(pver uint32) uint32 {
|
||||
return MaxBlockPayload
|
||||
}
|
||||
|
||||
// NewMsgMerkleBlock returns a new bitcoin merkleblock message that conforms to
|
||||
// the Message interface. See MsgMerkleBlock for details.
|
||||
func NewMsgMerkleBlock(bh *BlockHeader) *MsgMerkleBlock {
|
||||
return &MsgMerkleBlock{
|
||||
Header: *bh,
|
||||
Transactions: 0,
|
||||
Hashes: make([]*chainhash.Hash, 0),
|
||||
Flags: make([]byte, 0),
|
||||
}
|
||||
}
|
110
src/vendor/github.com/btcsuite/btcd/wire/msgnotfound.go
generated
vendored
Normal file
110
src/vendor/github.com/btcsuite/btcd/wire/msgnotfound.go
generated
vendored
Normal file
|
@ -0,0 +1,110 @@
|
|||
// Copyright (c) 2013-2015 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package wire
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io"
|
||||
)
|
||||
|
||||
// MsgNotFound defines a bitcoin notfound message which is sent in response to
|
||||
// a getdata message if any of the requested data in not available on the peer.
|
||||
// Each message is limited to a maximum number of inventory vectors, which is
|
||||
// currently 50,000.
|
||||
//
|
||||
// Use the AddInvVect function to build up the list of inventory vectors when
|
||||
// sending a notfound message to another peer.
|
||||
type MsgNotFound struct {
|
||||
InvList []*InvVect
|
||||
}
|
||||
|
||||
// AddInvVect adds an inventory vector to the message.
|
||||
func (msg *MsgNotFound) AddInvVect(iv *InvVect) error {
|
||||
if len(msg.InvList)+1 > MaxInvPerMsg {
|
||||
str := fmt.Sprintf("too many invvect in message [max %v]",
|
||||
MaxInvPerMsg)
|
||||
return messageError("MsgNotFound.AddInvVect", str)
|
||||
}
|
||||
|
||||
msg.InvList = append(msg.InvList, iv)
|
||||
return nil
|
||||
}
|
||||
|
||||
// BtcDecode decodes r using the bitcoin protocol encoding into the receiver.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgNotFound) BtcDecode(r io.Reader, pver uint32) error {
|
||||
count, err := ReadVarInt(r, pver)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Limit to max inventory vectors per message.
|
||||
if count > MaxInvPerMsg {
|
||||
str := fmt.Sprintf("too many invvect in message [%v]", count)
|
||||
return messageError("MsgNotFound.BtcDecode", str)
|
||||
}
|
||||
|
||||
// Create a contiguous slice of inventory vectors to deserialize into in
|
||||
// order to reduce the number of allocations.
|
||||
invList := make([]InvVect, count)
|
||||
msg.InvList = make([]*InvVect, 0, count)
|
||||
for i := uint64(0); i < count; i++ {
|
||||
iv := &invList[i]
|
||||
err := readInvVect(r, pver, iv)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
msg.AddInvVect(iv)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// BtcEncode encodes the receiver to w using the bitcoin protocol encoding.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgNotFound) BtcEncode(w io.Writer, pver uint32) error {
|
||||
// Limit to max inventory vectors per message.
|
||||
count := len(msg.InvList)
|
||||
if count > MaxInvPerMsg {
|
||||
str := fmt.Sprintf("too many invvect in message [%v]", count)
|
||||
return messageError("MsgNotFound.BtcEncode", str)
|
||||
}
|
||||
|
||||
err := WriteVarInt(w, pver, uint64(count))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
for _, iv := range msg.InvList {
|
||||
err := writeInvVect(w, pver, iv)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// Command returns the protocol command string for the message. This is part
|
||||
// of the Message interface implementation.
|
||||
func (msg *MsgNotFound) Command() string {
|
||||
return CmdNotFound
|
||||
}
|
||||
|
||||
// MaxPayloadLength returns the maximum length the payload can be for the
|
||||
// receiver. This is part of the Message interface implementation.
|
||||
func (msg *MsgNotFound) MaxPayloadLength(pver uint32) uint32 {
|
||||
// Max var int 9 bytes + max InvVects at 36 bytes each.
|
||||
// Num inventory vectors (varInt) + max allowed inventory vectors.
|
||||
return MaxVarIntPayload + (MaxInvPerMsg * maxInvVectPayload)
|
||||
}
|
||||
|
||||
// NewMsgNotFound returns a new bitcoin notfound message that conforms to the
|
||||
// Message interface. See MsgNotFound for details.
|
||||
func NewMsgNotFound() *MsgNotFound {
|
||||
return &MsgNotFound{
|
||||
InvList: make([]*InvVect, 0, defaultInvListAlloc),
|
||||
}
|
||||
}
|
87
src/vendor/github.com/btcsuite/btcd/wire/msgping.go
generated
vendored
Normal file
87
src/vendor/github.com/btcsuite/btcd/wire/msgping.go
generated
vendored
Normal file
|
@ -0,0 +1,87 @@
|
|||
// Copyright (c) 2013-2015 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package wire
|
||||
|
||||
import (
|
||||
"io"
|
||||
)
|
||||
|
||||
// MsgPing implements the Message interface and represents a bitcoin ping
|
||||
// message.
|
||||
//
|
||||
// For versions BIP0031Version and earlier, it is used primarily to confirm
|
||||
// that a connection is still valid. A transmission error is typically
|
||||
// interpreted as a closed connection and that the peer should be removed.
|
||||
// For versions AFTER BIP0031Version it contains an identifier which can be
|
||||
// returned in the pong message to determine network timing.
|
||||
//
|
||||
// The payload for this message just consists of a nonce used for identifying
|
||||
// it later.
|
||||
type MsgPing struct {
|
||||
// Unique value associated with message that is used to identify
|
||||
// specific ping message.
|
||||
Nonce uint64
|
||||
}
|
||||
|
||||
// BtcDecode decodes r using the bitcoin protocol encoding into the receiver.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgPing) BtcDecode(r io.Reader, pver uint32) error {
|
||||
// There was no nonce for BIP0031Version and earlier.
|
||||
// NOTE: > is not a mistake here. The BIP0031 was defined as AFTER
|
||||
// the version unlike most others.
|
||||
if pver > BIP0031Version {
|
||||
err := readElement(r, &msg.Nonce)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// BtcEncode encodes the receiver to w using the bitcoin protocol encoding.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgPing) BtcEncode(w io.Writer, pver uint32) error {
|
||||
// There was no nonce for BIP0031Version and earlier.
|
||||
// NOTE: > is not a mistake here. The BIP0031 was defined as AFTER
|
||||
// the version unlike most others.
|
||||
if pver > BIP0031Version {
|
||||
err := writeElement(w, msg.Nonce)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// Command returns the protocol command string for the message. This is part
|
||||
// of the Message interface implementation.
|
||||
func (msg *MsgPing) Command() string {
|
||||
return CmdPing
|
||||
}
|
||||
|
||||
// MaxPayloadLength returns the maximum length the payload can be for the
|
||||
// receiver. This is part of the Message interface implementation.
|
||||
func (msg *MsgPing) MaxPayloadLength(pver uint32) uint32 {
|
||||
plen := uint32(0)
|
||||
// There was no nonce for BIP0031Version and earlier.
|
||||
// NOTE: > is not a mistake here. The BIP0031 was defined as AFTER
|
||||
// the version unlike most others.
|
||||
if pver > BIP0031Version {
|
||||
// Nonce 8 bytes.
|
||||
plen += 8
|
||||
}
|
||||
|
||||
return plen
|
||||
}
|
||||
|
||||
// NewMsgPing returns a new bitcoin ping message that conforms to the Message
|
||||
// interface. See MsgPing for details.
|
||||
func NewMsgPing(nonce uint64) *MsgPing {
|
||||
return &MsgPing{
|
||||
Nonce: nonce,
|
||||
}
|
||||
}
|
88
src/vendor/github.com/btcsuite/btcd/wire/msgpong.go
generated
vendored
Normal file
88
src/vendor/github.com/btcsuite/btcd/wire/msgpong.go
generated
vendored
Normal file
|
@ -0,0 +1,88 @@
|
|||
// Copyright (c) 2013-2015 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package wire
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io"
|
||||
)
|
||||
|
||||
// MsgPong implements the Message interface and represents a bitcoin pong
|
||||
// message which is used primarily to confirm that a connection is still valid
|
||||
// in response to a bitcoin ping message (MsgPing).
|
||||
//
|
||||
// This message was not added until protocol versions AFTER BIP0031Version.
|
||||
type MsgPong struct {
|
||||
// Unique value associated with message that is used to identify
|
||||
// specific ping message.
|
||||
Nonce uint64
|
||||
}
|
||||
|
||||
// BtcDecode decodes r using the bitcoin protocol encoding into the receiver.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgPong) BtcDecode(r io.Reader, pver uint32) error {
|
||||
// NOTE: <= is not a mistake here. The BIP0031 was defined as AFTER
|
||||
// the version unlike most others.
|
||||
if pver <= BIP0031Version {
|
||||
str := fmt.Sprintf("pong message invalid for protocol "+
|
||||
"version %d", pver)
|
||||
return messageError("MsgPong.BtcDecode", str)
|
||||
}
|
||||
|
||||
err := readElement(r, &msg.Nonce)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// BtcEncode encodes the receiver to w using the bitcoin protocol encoding.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgPong) BtcEncode(w io.Writer, pver uint32) error {
|
||||
// NOTE: <= is not a mistake here. The BIP0031 was defined as AFTER
|
||||
// the version unlike most others.
|
||||
if pver <= BIP0031Version {
|
||||
str := fmt.Sprintf("pong message invalid for protocol "+
|
||||
"version %d", pver)
|
||||
return messageError("MsgPong.BtcEncode", str)
|
||||
}
|
||||
|
||||
err := writeElement(w, msg.Nonce)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// Command returns the protocol command string for the message. This is part
|
||||
// of the Message interface implementation.
|
||||
func (msg *MsgPong) Command() string {
|
||||
return CmdPong
|
||||
}
|
||||
|
||||
// MaxPayloadLength returns the maximum length the payload can be for the
|
||||
// receiver. This is part of the Message interface implementation.
|
||||
func (msg *MsgPong) MaxPayloadLength(pver uint32) uint32 {
|
||||
plen := uint32(0)
|
||||
// The pong message did not exist for BIP0031Version and earlier.
|
||||
// NOTE: > is not a mistake here. The BIP0031 was defined as AFTER
|
||||
// the version unlike most others.
|
||||
if pver > BIP0031Version {
|
||||
// Nonce 8 bytes.
|
||||
plen += 8
|
||||
}
|
||||
|
||||
return plen
|
||||
}
|
||||
|
||||
// NewMsgPong returns a new bitcoin pong message that conforms to the Message
|
||||
// interface. See MsgPong for details.
|
||||
func NewMsgPong(nonce uint64) *MsgPong {
|
||||
return &MsgPong{
|
||||
Nonce: nonce,
|
||||
}
|
||||
}
|
186
src/vendor/github.com/btcsuite/btcd/wire/msgreject.go
generated
vendored
Normal file
186
src/vendor/github.com/btcsuite/btcd/wire/msgreject.go
generated
vendored
Normal file
|
@ -0,0 +1,186 @@
|
|||
// Copyright (c) 2014-2016 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package wire
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io"
|
||||
|
||||
"github.com/btcsuite/btcd/chaincfg/chainhash"
|
||||
)
|
||||
|
||||
// RejectCode represents a numeric value by which a remote peer indicates
|
||||
// why a message was rejected.
|
||||
type RejectCode uint8
|
||||
|
||||
// These constants define the various supported reject codes.
|
||||
const (
|
||||
RejectMalformed RejectCode = 0x01
|
||||
RejectInvalid RejectCode = 0x10
|
||||
RejectObsolete RejectCode = 0x11
|
||||
RejectDuplicate RejectCode = 0x12
|
||||
RejectNonstandard RejectCode = 0x40
|
||||
RejectDust RejectCode = 0x41
|
||||
RejectInsufficientFee RejectCode = 0x42
|
||||
RejectCheckpoint RejectCode = 0x43
|
||||
)
|
||||
|
||||
// Map of reject codes back strings for pretty printing.
|
||||
var rejectCodeStrings = map[RejectCode]string{
|
||||
RejectMalformed: "REJECT_MALFORMED",
|
||||
RejectInvalid: "REJECT_INVALID",
|
||||
RejectObsolete: "REJECT_OBSOLETE",
|
||||
RejectDuplicate: "REJECT_DUPLICATE",
|
||||
RejectNonstandard: "REJECT_NONSTANDARD",
|
||||
RejectDust: "REJECT_DUST",
|
||||
RejectInsufficientFee: "REJECT_INSUFFICIENTFEE",
|
||||
RejectCheckpoint: "REJECT_CHECKPOINT",
|
||||
}
|
||||
|
||||
// String returns the RejectCode in human-readable form.
|
||||
func (code RejectCode) String() string {
|
||||
if s, ok := rejectCodeStrings[code]; ok {
|
||||
return s
|
||||
}
|
||||
|
||||
return fmt.Sprintf("Unknown RejectCode (%d)", uint8(code))
|
||||
}
|
||||
|
||||
// MsgReject implements the Message interface and represents a bitcoin reject
|
||||
// message.
|
||||
//
|
||||
// This message was not added until protocol version RejectVersion.
|
||||
type MsgReject struct {
|
||||
// Cmd is the command for the message which was rejected such as
|
||||
// as CmdBlock or CmdTx. This can be obtained from the Command function
|
||||
// of a Message.
|
||||
Cmd string
|
||||
|
||||
// RejectCode is a code indicating why the command was rejected. It
|
||||
// is encoded as a uint8 on the wire.
|
||||
Code RejectCode
|
||||
|
||||
// Reason is a human-readable string with specific details (over and
|
||||
// above the reject code) about why the command was rejected.
|
||||
Reason string
|
||||
|
||||
// Hash identifies a specific block or transaction that was rejected
|
||||
// and therefore only applies the MsgBlock and MsgTx messages.
|
||||
Hash chainhash.Hash
|
||||
}
|
||||
|
||||
// BtcDecode decodes r using the bitcoin protocol encoding into the receiver.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgReject) BtcDecode(r io.Reader, pver uint32) error {
|
||||
if pver < RejectVersion {
|
||||
str := fmt.Sprintf("reject message invalid for protocol "+
|
||||
"version %d", pver)
|
||||
return messageError("MsgReject.BtcDecode", str)
|
||||
}
|
||||
|
||||
// Command that was rejected.
|
||||
cmd, err := ReadVarString(r, pver)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
msg.Cmd = cmd
|
||||
|
||||
// Code indicating why the command was rejected.
|
||||
err = readElement(r, &msg.Code)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Human readable string with specific details (over and above the
|
||||
// reject code above) about why the command was rejected.
|
||||
reason, err := ReadVarString(r, pver)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
msg.Reason = reason
|
||||
|
||||
// CmdBlock and CmdTx messages have an additional hash field that
|
||||
// identifies the specific block or transaction.
|
||||
if msg.Cmd == CmdBlock || msg.Cmd == CmdTx {
|
||||
err := readElement(r, &msg.Hash)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// BtcEncode encodes the receiver to w using the bitcoin protocol encoding.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgReject) BtcEncode(w io.Writer, pver uint32) error {
|
||||
if pver < RejectVersion {
|
||||
str := fmt.Sprintf("reject message invalid for protocol "+
|
||||
"version %d", pver)
|
||||
return messageError("MsgReject.BtcEncode", str)
|
||||
}
|
||||
|
||||
// Command that was rejected.
|
||||
err := WriteVarString(w, pver, msg.Cmd)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Code indicating why the command was rejected.
|
||||
err = writeElement(w, msg.Code)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Human readable string with specific details (over and above the
|
||||
// reject code above) about why the command was rejected.
|
||||
err = WriteVarString(w, pver, msg.Reason)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// CmdBlock and CmdTx messages have an additional hash field that
|
||||
// identifies the specific block or transaction.
|
||||
if msg.Cmd == CmdBlock || msg.Cmd == CmdTx {
|
||||
err := writeElement(w, &msg.Hash)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// Command returns the protocol command string for the message. This is part
|
||||
// of the Message interface implementation.
|
||||
func (msg *MsgReject) Command() string {
|
||||
return CmdReject
|
||||
}
|
||||
|
||||
// MaxPayloadLength returns the maximum length the payload can be for the
|
||||
// receiver. This is part of the Message interface implementation.
|
||||
func (msg *MsgReject) MaxPayloadLength(pver uint32) uint32 {
|
||||
plen := uint32(0)
|
||||
// The reject message did not exist before protocol version
|
||||
// RejectVersion.
|
||||
if pver >= RejectVersion {
|
||||
// Unfortunately the bitcoin protocol does not enforce a sane
|
||||
// limit on the length of the reason, so the max payload is the
|
||||
// overall maximum message payload.
|
||||
plen = MaxMessagePayload
|
||||
}
|
||||
|
||||
return plen
|
||||
}
|
||||
|
||||
// NewMsgReject returns a new bitcoin reject message that conforms to the
|
||||
// Message interface. See MsgReject for details.
|
||||
func NewMsgReject(command string, code RejectCode, reason string) *MsgReject {
|
||||
return &MsgReject{
|
||||
Cmd: command,
|
||||
Code: code,
|
||||
Reason: reason,
|
||||
}
|
||||
}
|
60
src/vendor/github.com/btcsuite/btcd/wire/msgsendheaders.go
generated
vendored
Normal file
60
src/vendor/github.com/btcsuite/btcd/wire/msgsendheaders.go
generated
vendored
Normal file
|
@ -0,0 +1,60 @@
|
|||
// Copyright (c) 2016 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package wire
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io"
|
||||
)
|
||||
|
||||
// MsgSendHeaders implements the Message interface and represents a bitcoin
|
||||
// sendheaders message. It is used to request the peer send block headers
|
||||
// rather than inventory vectors.
|
||||
//
|
||||
// This message has no payload and was not added until protocol versions
|
||||
// starting with SendHeadersVersion.
|
||||
type MsgSendHeaders struct{}
|
||||
|
||||
// BtcDecode decodes r using the bitcoin protocol encoding into the receiver.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgSendHeaders) BtcDecode(r io.Reader, pver uint32) error {
|
||||
if pver < SendHeadersVersion {
|
||||
str := fmt.Sprintf("sendheaders message invalid for protocol "+
|
||||
"version %d", pver)
|
||||
return messageError("MsgSendHeaders.BtcDecode", str)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// BtcEncode encodes the receiver to w using the bitcoin protocol encoding.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgSendHeaders) BtcEncode(w io.Writer, pver uint32) error {
|
||||
if pver < SendHeadersVersion {
|
||||
str := fmt.Sprintf("sendheaders message invalid for protocol "+
|
||||
"version %d", pver)
|
||||
return messageError("MsgSendHeaders.BtcEncode", str)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// Command returns the protocol command string for the message. This is part
|
||||
// of the Message interface implementation.
|
||||
func (msg *MsgSendHeaders) Command() string {
|
||||
return CmdSendHeaders
|
||||
}
|
||||
|
||||
// MaxPayloadLength returns the maximum length the payload can be for the
|
||||
// receiver. This is part of the Message interface implementation.
|
||||
func (msg *MsgSendHeaders) MaxPayloadLength(pver uint32) uint32 {
|
||||
return 0
|
||||
}
|
||||
|
||||
// NewMsgSendHeaders returns a new bitcoin sendheaders message that conforms to
|
||||
// the Message interface. See MsgSendHeaders for details.
|
||||
func NewMsgSendHeaders() *MsgSendHeaders {
|
||||
return &MsgSendHeaders{}
|
||||
}
|
762
src/vendor/github.com/btcsuite/btcd/wire/msgtx.go
generated
vendored
Normal file
762
src/vendor/github.com/btcsuite/btcd/wire/msgtx.go
generated
vendored
Normal file
|
@ -0,0 +1,762 @@
|
|||
// Copyright (c) 2013-2016 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package wire
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"fmt"
|
||||
"io"
|
||||
"strconv"
|
||||
|
||||
"github.com/btcsuite/btcd/chaincfg/chainhash"
|
||||
)
|
||||
|
||||
const (
|
||||
// TxVersion is the current latest supported transaction version.
|
||||
TxVersion = 1
|
||||
|
||||
// MaxTxInSequenceNum is the maximum sequence number the sequence field
|
||||
// of a transaction input can be.
|
||||
MaxTxInSequenceNum uint32 = 0xffffffff
|
||||
|
||||
// MaxPrevOutIndex is the maximum index the index field of a previous
|
||||
// outpoint can be.
|
||||
MaxPrevOutIndex uint32 = 0xffffffff
|
||||
)
|
||||
|
||||
const (
|
||||
// defaultTxInOutAlloc is the default size used for the backing array
|
||||
// for transaction inputs and outputs. The array will dynamically grow
|
||||
// as needed, but this figure is intended to provide enough space for
|
||||
// the number of inputs and outputs in a typical transaction without
|
||||
// needing to grow the backing array multiple times.
|
||||
defaultTxInOutAlloc = 15
|
||||
|
||||
// minTxInPayload is the minimum payload size for a transaction input.
|
||||
// PreviousOutPoint.Hash + PreviousOutPoint.Index 4 bytes + Varint for
|
||||
// SignatureScript length 1 byte + Sequence 4 bytes.
|
||||
minTxInPayload = 9 + chainhash.HashSize
|
||||
|
||||
// maxTxInPerMessage is the maximum number of transactions inputs that
|
||||
// a transaction which fits into a message could possibly have.
|
||||
maxTxInPerMessage = (MaxMessagePayload / minTxInPayload) + 1
|
||||
|
||||
// minTxOutPayload is the minimum payload size for a transaction output.
|
||||
// Value 8 bytes + Varint for PkScript length 1 byte.
|
||||
minTxOutPayload = 9
|
||||
|
||||
// maxTxOutPerMessage is the maximum number of transactions outputs that
|
||||
// a transaction which fits into a message could possibly have.
|
||||
maxTxOutPerMessage = (MaxMessagePayload / minTxOutPayload) + 1
|
||||
|
||||
// minTxPayload is the minimum payload size for a transaction. Note
|
||||
// that any realistically usable transaction must have at least one
|
||||
// input or output, but that is a rule enforced at a higher layer, so
|
||||
// it is intentionally not included here.
|
||||
// Version 4 bytes + Varint number of transaction inputs 1 byte + Varint
|
||||
// number of transaction outputs 1 byte + LockTime 4 bytes + min input
|
||||
// payload + min output payload.
|
||||
minTxPayload = 10
|
||||
|
||||
// freeListMaxScriptSize is the size of each buffer in the free list
|
||||
// that is used for deserializing scripts from the wire before they are
|
||||
// concatenated into a single contiguous buffers. This value was chosen
|
||||
// because it is slightly more than twice the size of the vast majority
|
||||
// of all "standard" scripts. Larger scripts are still deserialized
|
||||
// properly as the free list will simply be bypassed for them.
|
||||
freeListMaxScriptSize = 512
|
||||
|
||||
// freeListMaxItems is the number of buffers to keep in the free list
|
||||
// to use for script deserialization. This value allows up to 100
|
||||
// scripts per transaction being simultaneously deserialized by 125
|
||||
// peers. Thus, the peak usage of the free list is 12,500 * 512 =
|
||||
// 6,400,000 bytes.
|
||||
freeListMaxItems = 12500
|
||||
)
|
||||
|
||||
// scriptFreeList defines a free list of byte slices (up to the maximum number
|
||||
// defined by the freeListMaxItems constant) that have a cap according to the
|
||||
// freeListMaxScriptSize constant. It is used to provide temporary buffers for
|
||||
// deserializing scripts in order to greatly reduce the number of allocations
|
||||
// required.
|
||||
//
|
||||
// The caller can obtain a buffer from the free list by calling the Borrow
|
||||
// function and should return it via the Return function when done using it.
|
||||
type scriptFreeList chan []byte
|
||||
|
||||
// Borrow returns a byte slice from the free list with a length according the
|
||||
// provided size. A new buffer is allocated if there are any items available.
|
||||
//
|
||||
// When the size is larger than the max size allowed for items on the free list
|
||||
// a new buffer of the appropriate size is allocated and returned. It is safe
|
||||
// to attempt to return said buffer via the Return function as it will be
|
||||
// ignored and allowed to go the garbage collector.
|
||||
func (c scriptFreeList) Borrow(size uint64) []byte {
|
||||
if size > freeListMaxScriptSize {
|
||||
return make([]byte, size, size)
|
||||
}
|
||||
|
||||
var buf []byte
|
||||
select {
|
||||
case buf = <-c:
|
||||
default:
|
||||
buf = make([]byte, freeListMaxScriptSize)
|
||||
}
|
||||
return buf[:size]
|
||||
}
|
||||
|
||||
// Return puts the provided byte slice back on the free list when it has a cap
|
||||
// of the expected length. The buffer is expected to have been obtained via
|
||||
// the Borrow function. Any slices that are not of the appropriate size, such
|
||||
// as those whose size is greater than the largest allowed free list item size
|
||||
// are simply ignored so they can go to the garbage collector.
|
||||
func (c scriptFreeList) Return(buf []byte) {
|
||||
// Ignore any buffers returned that aren't the expected size for the
|
||||
// free list.
|
||||
if cap(buf) != freeListMaxScriptSize {
|
||||
return
|
||||
}
|
||||
|
||||
// Return the buffer to the free list when it's not full. Otherwise let
|
||||
// it be garbage collected.
|
||||
select {
|
||||
case c <- buf:
|
||||
default:
|
||||
// Let it go to the garbage collector.
|
||||
}
|
||||
}
|
||||
|
||||
// Create the concurrent safe free list to use for script deserialization. As
|
||||
// previously described, this free list is maintained to significantly reduce
|
||||
// the number of allocations.
|
||||
var scriptPool scriptFreeList = make(chan []byte, freeListMaxItems)
|
||||
|
||||
// OutPoint defines a bitcoin data type that is used to track previous
|
||||
// transaction outputs.
|
||||
type OutPoint struct {
|
||||
Hash chainhash.Hash
|
||||
Index uint32
|
||||
}
|
||||
|
||||
// NewOutPoint returns a new bitcoin transaction outpoint point with the
|
||||
// provided hash and index.
|
||||
func NewOutPoint(hash *chainhash.Hash, index uint32) *OutPoint {
|
||||
return &OutPoint{
|
||||
Hash: *hash,
|
||||
Index: index,
|
||||
}
|
||||
}
|
||||
|
||||
// String returns the OutPoint in the human-readable form "hash:index".
|
||||
func (o OutPoint) String() string {
|
||||
// Allocate enough for hash string, colon, and 10 digits. Although
|
||||
// at the time of writing, the number of digits can be no greater than
|
||||
// the length of the decimal representation of maxTxOutPerMessage, the
|
||||
// maximum message payload may increase in the future and this
|
||||
// optimization may go unnoticed, so allocate space for 10 decimal
|
||||
// digits, which will fit any uint32.
|
||||
buf := make([]byte, 2*chainhash.HashSize+1, 2*chainhash.HashSize+1+10)
|
||||
copy(buf, o.Hash.String())
|
||||
buf[2*chainhash.HashSize] = ':'
|
||||
buf = strconv.AppendUint(buf, uint64(o.Index), 10)
|
||||
return string(buf)
|
||||
}
|
||||
|
||||
// TxIn defines a bitcoin transaction input.
|
||||
type TxIn struct {
|
||||
PreviousOutPoint OutPoint
|
||||
SignatureScript []byte
|
||||
Sequence uint32
|
||||
}
|
||||
|
||||
// SerializeSize returns the number of bytes it would take to serialize the
|
||||
// the transaction input.
|
||||
func (t *TxIn) SerializeSize() int {
|
||||
// Outpoint Hash 32 bytes + Outpoint Index 4 bytes + Sequence 4 bytes +
|
||||
// serialized varint size for the length of SignatureScript +
|
||||
// SignatureScript bytes.
|
||||
return 40 + VarIntSerializeSize(uint64(len(t.SignatureScript))) +
|
||||
len(t.SignatureScript)
|
||||
}
|
||||
|
||||
// NewTxIn returns a new bitcoin transaction input with the provided
|
||||
// previous outpoint point and signature script with a default sequence of
|
||||
// MaxTxInSequenceNum.
|
||||
func NewTxIn(prevOut *OutPoint, signatureScript []byte) *TxIn {
|
||||
return &TxIn{
|
||||
PreviousOutPoint: *prevOut,
|
||||
SignatureScript: signatureScript,
|
||||
Sequence: MaxTxInSequenceNum,
|
||||
}
|
||||
}
|
||||
|
||||
// TxOut defines a bitcoin transaction output.
|
||||
type TxOut struct {
|
||||
Value int64
|
||||
PkScript []byte
|
||||
}
|
||||
|
||||
// SerializeSize returns the number of bytes it would take to serialize the
|
||||
// the transaction output.
|
||||
func (t *TxOut) SerializeSize() int {
|
||||
// Value 8 bytes + serialized varint size for the length of PkScript +
|
||||
// PkScript bytes.
|
||||
return 8 + VarIntSerializeSize(uint64(len(t.PkScript))) + len(t.PkScript)
|
||||
}
|
||||
|
||||
// NewTxOut returns a new bitcoin transaction output with the provided
|
||||
// transaction value and public key script.
|
||||
func NewTxOut(value int64, pkScript []byte) *TxOut {
|
||||
return &TxOut{
|
||||
Value: value,
|
||||
PkScript: pkScript,
|
||||
}
|
||||
}
|
||||
|
||||
// MsgTx implements the Message interface and represents a bitcoin tx message.
|
||||
// It is used to deliver transaction information in response to a getdata
|
||||
// message (MsgGetData) for a given transaction.
|
||||
//
|
||||
// Use the AddTxIn and AddTxOut functions to build up the list of transaction
|
||||
// inputs and outputs.
|
||||
type MsgTx struct {
|
||||
Version int32
|
||||
TxIn []*TxIn
|
||||
TxOut []*TxOut
|
||||
LockTime uint32
|
||||
}
|
||||
|
||||
// AddTxIn adds a transaction input to the message.
|
||||
func (msg *MsgTx) AddTxIn(ti *TxIn) {
|
||||
msg.TxIn = append(msg.TxIn, ti)
|
||||
}
|
||||
|
||||
// AddTxOut adds a transaction output to the message.
|
||||
func (msg *MsgTx) AddTxOut(to *TxOut) {
|
||||
msg.TxOut = append(msg.TxOut, to)
|
||||
}
|
||||
|
||||
// TxHash generates the Hash for the transaction.
|
||||
func (msg *MsgTx) TxHash() chainhash.Hash {
|
||||
// Encode the transaction and calculate double sha256 on the result.
|
||||
// Ignore the error returns since the only way the encode could fail
|
||||
// is being out of memory or due to nil pointers, both of which would
|
||||
// cause a run-time panic.
|
||||
buf := bytes.NewBuffer(make([]byte, 0, msg.SerializeSize()))
|
||||
_ = msg.Serialize(buf)
|
||||
return chainhash.DoubleHashH(buf.Bytes())
|
||||
}
|
||||
|
||||
// Copy creates a deep copy of a transaction so that the original does not get
|
||||
// modified when the copy is manipulated.
|
||||
func (msg *MsgTx) Copy() *MsgTx {
|
||||
// Create new tx and start by copying primitive values and making space
|
||||
// for the transaction inputs and outputs.
|
||||
newTx := MsgTx{
|
||||
Version: msg.Version,
|
||||
TxIn: make([]*TxIn, 0, len(msg.TxIn)),
|
||||
TxOut: make([]*TxOut, 0, len(msg.TxOut)),
|
||||
LockTime: msg.LockTime,
|
||||
}
|
||||
|
||||
// Deep copy the old TxIn data.
|
||||
for _, oldTxIn := range msg.TxIn {
|
||||
// Deep copy the old previous outpoint.
|
||||
oldOutPoint := oldTxIn.PreviousOutPoint
|
||||
newOutPoint := OutPoint{}
|
||||
newOutPoint.Hash.SetBytes(oldOutPoint.Hash[:])
|
||||
newOutPoint.Index = oldOutPoint.Index
|
||||
|
||||
// Deep copy the old signature script.
|
||||
var newScript []byte
|
||||
oldScript := oldTxIn.SignatureScript
|
||||
oldScriptLen := len(oldScript)
|
||||
if oldScriptLen > 0 {
|
||||
newScript = make([]byte, oldScriptLen, oldScriptLen)
|
||||
copy(newScript, oldScript[:oldScriptLen])
|
||||
}
|
||||
|
||||
// Create new txIn with the deep copied data and append it to
|
||||
// new Tx.
|
||||
newTxIn := TxIn{
|
||||
PreviousOutPoint: newOutPoint,
|
||||
SignatureScript: newScript,
|
||||
Sequence: oldTxIn.Sequence,
|
||||
}
|
||||
newTx.TxIn = append(newTx.TxIn, &newTxIn)
|
||||
}
|
||||
|
||||
// Deep copy the old TxOut data.
|
||||
for _, oldTxOut := range msg.TxOut {
|
||||
// Deep copy the old PkScript
|
||||
var newScript []byte
|
||||
oldScript := oldTxOut.PkScript
|
||||
oldScriptLen := len(oldScript)
|
||||
if oldScriptLen > 0 {
|
||||
newScript = make([]byte, oldScriptLen, oldScriptLen)
|
||||
copy(newScript, oldScript[:oldScriptLen])
|
||||
}
|
||||
|
||||
// Create new txOut with the deep copied data and append it to
|
||||
// new Tx.
|
||||
newTxOut := TxOut{
|
||||
Value: oldTxOut.Value,
|
||||
PkScript: newScript,
|
||||
}
|
||||
newTx.TxOut = append(newTx.TxOut, &newTxOut)
|
||||
}
|
||||
|
||||
return &newTx
|
||||
}
|
||||
|
||||
// BtcDecode decodes r using the bitcoin protocol encoding into the receiver.
|
||||
// This is part of the Message interface implementation.
|
||||
// See Deserialize for decoding transactions stored to disk, such as in a
|
||||
// database, as opposed to decoding transactions from the wire.
|
||||
func (msg *MsgTx) BtcDecode(r io.Reader, pver uint32) error {
|
||||
version, err := binarySerializer.Uint32(r, littleEndian)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
msg.Version = int32(version)
|
||||
|
||||
count, err := ReadVarInt(r, pver)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Prevent more input transactions than could possibly fit into a
|
||||
// message. It would be possible to cause memory exhaustion and panics
|
||||
// without a sane upper bound on this count.
|
||||
if count > uint64(maxTxInPerMessage) {
|
||||
str := fmt.Sprintf("too many input transactions to fit into "+
|
||||
"max message size [count %d, max %d]", count,
|
||||
maxTxInPerMessage)
|
||||
return messageError("MsgTx.BtcDecode", str)
|
||||
}
|
||||
|
||||
// returnScriptBuffers is a closure that returns any script buffers that
|
||||
// were borrowed from the pool when there are any deserialization
|
||||
// errors. This is only valid to call before the final step which
|
||||
// replaces the scripts with the location in a contiguous buffer and
|
||||
// returns them.
|
||||
returnScriptBuffers := func() {
|
||||
for _, txIn := range msg.TxIn {
|
||||
if txIn == nil || txIn.SignatureScript == nil {
|
||||
continue
|
||||
}
|
||||
scriptPool.Return(txIn.SignatureScript)
|
||||
}
|
||||
for _, txOut := range msg.TxOut {
|
||||
if txOut == nil || txOut.PkScript == nil {
|
||||
continue
|
||||
}
|
||||
scriptPool.Return(txOut.PkScript)
|
||||
}
|
||||
}
|
||||
|
||||
// Deserialize the inputs.
|
||||
var totalScriptSize uint64
|
||||
txIns := make([]TxIn, count)
|
||||
msg.TxIn = make([]*TxIn, count)
|
||||
for i := uint64(0); i < count; i++ {
|
||||
// The pointer is set now in case a script buffer is borrowed
|
||||
// and needs to be returned to the pool on error.
|
||||
ti := &txIns[i]
|
||||
msg.TxIn[i] = ti
|
||||
err = readTxIn(r, pver, msg.Version, ti)
|
||||
if err != nil {
|
||||
returnScriptBuffers()
|
||||
return err
|
||||
}
|
||||
totalScriptSize += uint64(len(ti.SignatureScript))
|
||||
}
|
||||
|
||||
count, err = ReadVarInt(r, pver)
|
||||
if err != nil {
|
||||
returnScriptBuffers()
|
||||
return err
|
||||
}
|
||||
|
||||
// Prevent more output transactions than could possibly fit into a
|
||||
// message. It would be possible to cause memory exhaustion and panics
|
||||
// without a sane upper bound on this count.
|
||||
if count > uint64(maxTxOutPerMessage) {
|
||||
returnScriptBuffers()
|
||||
str := fmt.Sprintf("too many output transactions to fit into "+
|
||||
"max message size [count %d, max %d]", count,
|
||||
maxTxOutPerMessage)
|
||||
return messageError("MsgTx.BtcDecode", str)
|
||||
}
|
||||
|
||||
// Deserialize the outputs.
|
||||
txOuts := make([]TxOut, count)
|
||||
msg.TxOut = make([]*TxOut, count)
|
||||
for i := uint64(0); i < count; i++ {
|
||||
// The pointer is set now in case a script buffer is borrowed
|
||||
// and needs to be returned to the pool on error.
|
||||
to := &txOuts[i]
|
||||
msg.TxOut[i] = to
|
||||
err = readTxOut(r, pver, msg.Version, to)
|
||||
if err != nil {
|
||||
returnScriptBuffers()
|
||||
return err
|
||||
}
|
||||
totalScriptSize += uint64(len(to.PkScript))
|
||||
}
|
||||
|
||||
msg.LockTime, err = binarySerializer.Uint32(r, littleEndian)
|
||||
if err != nil {
|
||||
returnScriptBuffers()
|
||||
return err
|
||||
}
|
||||
|
||||
// Create a single allocation to house all of the scripts and set each
|
||||
// input signature script and output public key script to the
|
||||
// appropriate subslice of the overall contiguous buffer. Then, return
|
||||
// each individual script buffer back to the pool so they can be reused
|
||||
// for future deserializations. This is done because it significantly
|
||||
// reduces the number of allocations the garbage collector needs to
|
||||
// track, which in turn improves performance and drastically reduces the
|
||||
// amount of runtime overhead that would otherwise be needed to keep
|
||||
// track of millions of small allocations.
|
||||
//
|
||||
// NOTE: It is no longer valid to call the returnScriptBuffers closure
|
||||
// after these blocks of code run because it is already done and the
|
||||
// scripts in the transaction inputs and outputs no longer point to the
|
||||
// buffers.
|
||||
var offset uint64
|
||||
scripts := make([]byte, totalScriptSize)
|
||||
for i := 0; i < len(msg.TxIn); i++ {
|
||||
// Copy the signature script into the contiguous buffer at the
|
||||
// appropriate offset.
|
||||
signatureScript := msg.TxIn[i].SignatureScript
|
||||
copy(scripts[offset:], signatureScript)
|
||||
|
||||
// Reset the signature script of the transaction input to the
|
||||
// slice of the contiguous buffer where the script lives.
|
||||
scriptSize := uint64(len(signatureScript))
|
||||
end := offset + scriptSize
|
||||
msg.TxIn[i].SignatureScript = scripts[offset:end:end]
|
||||
offset += scriptSize
|
||||
|
||||
// Return the temporary script buffer to the pool.
|
||||
scriptPool.Return(signatureScript)
|
||||
}
|
||||
for i := 0; i < len(msg.TxOut); i++ {
|
||||
// Copy the public key script into the contiguous buffer at the
|
||||
// appropriate offset.
|
||||
pkScript := msg.TxOut[i].PkScript
|
||||
copy(scripts[offset:], pkScript)
|
||||
|
||||
// Reset the public key script of the transaction output to the
|
||||
// slice of the contiguous buffer where the script lives.
|
||||
scriptSize := uint64(len(pkScript))
|
||||
end := offset + scriptSize
|
||||
msg.TxOut[i].PkScript = scripts[offset:end:end]
|
||||
offset += scriptSize
|
||||
|
||||
// Return the temporary script buffer to the pool.
|
||||
scriptPool.Return(pkScript)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// Deserialize decodes a transaction from r into the receiver using a format
|
||||
// that is suitable for long-term storage such as a database while respecting
|
||||
// the Version field in the transaction. This function differs from BtcDecode
|
||||
// in that BtcDecode decodes from the bitcoin wire protocol as it was sent
|
||||
// across the network. The wire encoding can technically differ depending on
|
||||
// the protocol version and doesn't even really need to match the format of a
|
||||
// stored transaction at all. As of the time this comment was written, the
|
||||
// encoded transaction is the same in both instances, but there is a distinct
|
||||
// difference and separating the two allows the API to be flexible enough to
|
||||
// deal with changes.
|
||||
func (msg *MsgTx) Deserialize(r io.Reader) error {
|
||||
// At the current time, there is no difference between the wire encoding
|
||||
// at protocol version 0 and the stable long-term storage format. As
|
||||
// a result, make use of BtcDecode.
|
||||
return msg.BtcDecode(r, 0)
|
||||
}
|
||||
|
||||
// BtcEncode encodes the receiver to w using the bitcoin protocol encoding.
|
||||
// This is part of the Message interface implementation.
|
||||
// See Serialize for encoding transactions to be stored to disk, such as in a
|
||||
// database, as opposed to encoding transactions for the wire.
|
||||
func (msg *MsgTx) BtcEncode(w io.Writer, pver uint32) error {
|
||||
err := binarySerializer.PutUint32(w, littleEndian, uint32(msg.Version))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
count := uint64(len(msg.TxIn))
|
||||
err = WriteVarInt(w, pver, count)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
for _, ti := range msg.TxIn {
|
||||
err = writeTxIn(w, pver, msg.Version, ti)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
count = uint64(len(msg.TxOut))
|
||||
err = WriteVarInt(w, pver, count)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
for _, to := range msg.TxOut {
|
||||
err = writeTxOut(w, pver, msg.Version, to)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
err = binarySerializer.PutUint32(w, littleEndian, msg.LockTime)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// Serialize encodes the transaction to w using a format that suitable for
|
||||
// long-term storage such as a database while respecting the Version field in
|
||||
// the transaction. This function differs from BtcEncode in that BtcEncode
|
||||
// encodes the transaction to the bitcoin wire protocol in order to be sent
|
||||
// across the network. The wire encoding can technically differ depending on
|
||||
// the protocol version and doesn't even really need to match the format of a
|
||||
// stored transaction at all. As of the time this comment was written, the
|
||||
// encoded transaction is the same in both instances, but there is a distinct
|
||||
// difference and separating the two allows the API to be flexible enough to
|
||||
// deal with changes.
|
||||
func (msg *MsgTx) Serialize(w io.Writer) error {
|
||||
// At the current time, there is no difference between the wire encoding
|
||||
// at protocol version 0 and the stable long-term storage format. As
|
||||
// a result, make use of BtcEncode.
|
||||
return msg.BtcEncode(w, 0)
|
||||
|
||||
}
|
||||
|
||||
// SerializeSize returns the number of bytes it would take to serialize the
|
||||
// the transaction.
|
||||
func (msg *MsgTx) SerializeSize() int {
|
||||
// Version 4 bytes + LockTime 4 bytes + Serialized varint size for the
|
||||
// number of transaction inputs and outputs.
|
||||
n := 8 + VarIntSerializeSize(uint64(len(msg.TxIn))) +
|
||||
VarIntSerializeSize(uint64(len(msg.TxOut)))
|
||||
|
||||
for _, txIn := range msg.TxIn {
|
||||
n += txIn.SerializeSize()
|
||||
}
|
||||
|
||||
for _, txOut := range msg.TxOut {
|
||||
n += txOut.SerializeSize()
|
||||
}
|
||||
|
||||
return n
|
||||
}
|
||||
|
||||
// Command returns the protocol command string for the message. This is part
|
||||
// of the Message interface implementation.
|
||||
func (msg *MsgTx) Command() string {
|
||||
return CmdTx
|
||||
}
|
||||
|
||||
// MaxPayloadLength returns the maximum length the payload can be for the
|
||||
// receiver. This is part of the Message interface implementation.
|
||||
func (msg *MsgTx) MaxPayloadLength(pver uint32) uint32 {
|
||||
return MaxBlockPayload
|
||||
}
|
||||
|
||||
// PkScriptLocs returns a slice containing the start of each public key script
|
||||
// within the raw serialized transaction. The caller can easily obtain the
|
||||
// length of each script by using len on the script available via the
|
||||
// appropriate transaction output entry.
|
||||
func (msg *MsgTx) PkScriptLocs() []int {
|
||||
numTxOut := len(msg.TxOut)
|
||||
if numTxOut == 0 {
|
||||
return nil
|
||||
}
|
||||
|
||||
// The starting offset in the serialized transaction of the first
|
||||
// transaction output is:
|
||||
//
|
||||
// Version 4 bytes + serialized varint size for the number of
|
||||
// transaction inputs and outputs + serialized size of each transaction
|
||||
// input.
|
||||
n := 4 + VarIntSerializeSize(uint64(len(msg.TxIn))) +
|
||||
VarIntSerializeSize(uint64(numTxOut))
|
||||
for _, txIn := range msg.TxIn {
|
||||
n += txIn.SerializeSize()
|
||||
}
|
||||
|
||||
// Calculate and set the appropriate offset for each public key script.
|
||||
pkScriptLocs := make([]int, numTxOut)
|
||||
for i, txOut := range msg.TxOut {
|
||||
// The offset of the script in the transaction output is:
|
||||
//
|
||||
// Value 8 bytes + serialized varint size for the length of
|
||||
// PkScript.
|
||||
n += 8 + VarIntSerializeSize(uint64(len(txOut.PkScript)))
|
||||
pkScriptLocs[i] = n
|
||||
n += len(txOut.PkScript)
|
||||
}
|
||||
|
||||
return pkScriptLocs
|
||||
}
|
||||
|
||||
// NewMsgTx returns a new bitcoin tx message that conforms to the Message
|
||||
// interface. The return instance has a default version of TxVersion and there
|
||||
// are no transaction inputs or outputs. Also, the lock time is set to zero
|
||||
// to indicate the transaction is valid immediately as opposed to some time in
|
||||
// future.
|
||||
func NewMsgTx() *MsgTx {
|
||||
return &MsgTx{
|
||||
Version: TxVersion,
|
||||
TxIn: make([]*TxIn, 0, defaultTxInOutAlloc),
|
||||
TxOut: make([]*TxOut, 0, defaultTxInOutAlloc),
|
||||
}
|
||||
}
|
||||
|
||||
// readOutPoint reads the next sequence of bytes from r as an OutPoint.
|
||||
func readOutPoint(r io.Reader, pver uint32, version int32, op *OutPoint) error {
|
||||
_, err := io.ReadFull(r, op.Hash[:])
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
op.Index, err = binarySerializer.Uint32(r, littleEndian)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// writeOutPoint encodes op to the bitcoin protocol encoding for an OutPoint
|
||||
// to w.
|
||||
func writeOutPoint(w io.Writer, pver uint32, version int32, op *OutPoint) error {
|
||||
_, err := w.Write(op.Hash[:])
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
err = binarySerializer.PutUint32(w, littleEndian, op.Index)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// readScript reads a variable length byte array that represents a transaction
|
||||
// script. It is encoded as a varInt containing the length of the array
|
||||
// followed by the bytes themselves. An error is returned if the length is
|
||||
// greater than the passed maxAllowed parameter which helps protect against
|
||||
// memory exhuastion attacks and forced panics thorugh malformed messages. The
|
||||
// fieldName parameter is only used for the error message so it provides more
|
||||
// context in the error.
|
||||
func readScript(r io.Reader, pver uint32, maxAllowed uint32, fieldName string) ([]byte, error) {
|
||||
count, err := ReadVarInt(r, pver)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Prevent byte array larger than the max message size. It would
|
||||
// be possible to cause memory exhaustion and panics without a sane
|
||||
// upper bound on this count.
|
||||
if count > uint64(maxAllowed) {
|
||||
str := fmt.Sprintf("%s is larger than the max allowed size "+
|
||||
"[count %d, max %d]", fieldName, count, maxAllowed)
|
||||
return nil, messageError("readScript", str)
|
||||
}
|
||||
|
||||
b := scriptPool.Borrow(count)
|
||||
_, err = io.ReadFull(r, b)
|
||||
if err != nil {
|
||||
scriptPool.Return(b)
|
||||
return nil, err
|
||||
}
|
||||
return b, nil
|
||||
}
|
||||
|
||||
// readTxIn reads the next sequence of bytes from r as a transaction input
|
||||
// (TxIn).
|
||||
func readTxIn(r io.Reader, pver uint32, version int32, ti *TxIn) error {
|
||||
err := readOutPoint(r, pver, version, &ti.PreviousOutPoint)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
ti.SignatureScript, err = readScript(r, pver, MaxMessagePayload,
|
||||
"transaction input signature script")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
err = readElement(r, &ti.Sequence)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// writeTxIn encodes ti to the bitcoin protocol encoding for a transaction
|
||||
// input (TxIn) to w.
|
||||
func writeTxIn(w io.Writer, pver uint32, version int32, ti *TxIn) error {
|
||||
err := writeOutPoint(w, pver, version, &ti.PreviousOutPoint)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
err = WriteVarBytes(w, pver, ti.SignatureScript)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
err = binarySerializer.PutUint32(w, littleEndian, ti.Sequence)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// readTxOut reads the next sequence of bytes from r as a transaction output
|
||||
// (TxOut).
|
||||
func readTxOut(r io.Reader, pver uint32, version int32, to *TxOut) error {
|
||||
err := readElement(r, &to.Value)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
to.PkScript, err = readScript(r, pver, MaxMessagePayload,
|
||||
"transaction output public key script")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// writeTxOut encodes to into the bitcoin protocol encoding for a transaction
|
||||
// output (TxOut) to w.
|
||||
func writeTxOut(w io.Writer, pver uint32, version int32, to *TxOut) error {
|
||||
err := binarySerializer.PutUint64(w, littleEndian, uint64(to.Value))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
err = WriteVarBytes(w, pver, to.PkScript)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
46
src/vendor/github.com/btcsuite/btcd/wire/msgverack.go
generated
vendored
Normal file
46
src/vendor/github.com/btcsuite/btcd/wire/msgverack.go
generated
vendored
Normal file
|
@ -0,0 +1,46 @@
|
|||
// Copyright (c) 2013-2015 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package wire
|
||||
|
||||
import (
|
||||
"io"
|
||||
)
|
||||
|
||||
// MsgVerAck defines a bitcoin verack message which is used for a peer to
|
||||
// acknowledge a version message (MsgVersion) after it has used the information
|
||||
// to negotiate parameters. It implements the Message interface.
|
||||
//
|
||||
// This message has no payload.
|
||||
type MsgVerAck struct{}
|
||||
|
||||
// BtcDecode decodes r using the bitcoin protocol encoding into the receiver.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgVerAck) BtcDecode(r io.Reader, pver uint32) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// BtcEncode encodes the receiver to w using the bitcoin protocol encoding.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgVerAck) BtcEncode(w io.Writer, pver uint32) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// Command returns the protocol command string for the message. This is part
|
||||
// of the Message interface implementation.
|
||||
func (msg *MsgVerAck) Command() string {
|
||||
return CmdVerAck
|
||||
}
|
||||
|
||||
// MaxPayloadLength returns the maximum length the payload can be for the
|
||||
// receiver. This is part of the Message interface implementation.
|
||||
func (msg *MsgVerAck) MaxPayloadLength(pver uint32) uint32 {
|
||||
return 0
|
||||
}
|
||||
|
||||
// NewMsgVerAck returns a new bitcoin verack message that conforms to the
|
||||
// Message interface.
|
||||
func NewMsgVerAck() *MsgVerAck {
|
||||
return &MsgVerAck{}
|
||||
}
|
291
src/vendor/github.com/btcsuite/btcd/wire/msgversion.go
generated
vendored
Normal file
291
src/vendor/github.com/btcsuite/btcd/wire/msgversion.go
generated
vendored
Normal file
|
@ -0,0 +1,291 @@
|
|||
// Copyright (c) 2013-2016 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package wire
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"fmt"
|
||||
"io"
|
||||
"net"
|
||||
"strings"
|
||||
"time"
|
||||
)
|
||||
|
||||
// MaxUserAgentLen is the maximum allowed length for the user agent field in a
|
||||
// version message (MsgVersion).
|
||||
const MaxUserAgentLen = 2000
|
||||
|
||||
// DefaultUserAgent for wire in the stack
|
||||
const DefaultUserAgent = "/btcwire:0.4.0/"
|
||||
|
||||
// MsgVersion implements the Message interface and represents a bitcoin version
|
||||
// message. It is used for a peer to advertise itself as soon as an outbound
|
||||
// connection is made. The remote peer then uses this information along with
|
||||
// its own to negotiate. The remote peer must then respond with a version
|
||||
// message of its own containing the negotiated values followed by a verack
|
||||
// message (MsgVerAck). This exchange must take place before any further
|
||||
// communication is allowed to proceed.
|
||||
type MsgVersion struct {
|
||||
// Version of the protocol the node is using.
|
||||
ProtocolVersion int32
|
||||
|
||||
// Bitfield which identifies the enabled services.
|
||||
Services ServiceFlag
|
||||
|
||||
// Time the message was generated. This is encoded as an int64 on the wire.
|
||||
Timestamp time.Time
|
||||
|
||||
// Address of the remote peer.
|
||||
AddrYou NetAddress
|
||||
|
||||
// Address of the local peer.
|
||||
AddrMe NetAddress
|
||||
|
||||
// Unique value associated with message that is used to detect self
|
||||
// connections.
|
||||
Nonce uint64
|
||||
|
||||
// The user agent that generated messsage. This is a encoded as a varString
|
||||
// on the wire. This has a max length of MaxUserAgentLen.
|
||||
UserAgent string
|
||||
|
||||
// Last block seen by the generator of the version message.
|
||||
LastBlock int32
|
||||
|
||||
// Don't announce transactions to peer.
|
||||
DisableRelayTx bool
|
||||
}
|
||||
|
||||
// HasService returns whether the specified service is supported by the peer
|
||||
// that generated the message.
|
||||
func (msg *MsgVersion) HasService(service ServiceFlag) bool {
|
||||
return msg.Services&service == service
|
||||
}
|
||||
|
||||
// AddService adds service as a supported service by the peer generating the
|
||||
// message.
|
||||
func (msg *MsgVersion) AddService(service ServiceFlag) {
|
||||
msg.Services |= service
|
||||
}
|
||||
|
||||
// BtcDecode decodes r using the bitcoin protocol encoding into the receiver.
|
||||
// The version message is special in that the protocol version hasn't been
|
||||
// negotiated yet. As a result, the pver field is ignored and any fields which
|
||||
// are added in new versions are optional. This also mean that r must be a
|
||||
// *bytes.Buffer so the number of remaining bytes can be ascertained.
|
||||
//
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgVersion) BtcDecode(r io.Reader, pver uint32) error {
|
||||
buf, ok := r.(*bytes.Buffer)
|
||||
if !ok {
|
||||
return fmt.Errorf("MsgVersion.BtcDecode reader is not a " +
|
||||
"*bytes.Buffer")
|
||||
}
|
||||
|
||||
err := readElements(buf, &msg.ProtocolVersion, &msg.Services,
|
||||
(*int64Time)(&msg.Timestamp))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
err = readNetAddress(buf, pver, &msg.AddrYou, false)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Protocol versions >= 106 added a from address, nonce, and user agent
|
||||
// field and they are only considered present if there are bytes
|
||||
// remaining in the message.
|
||||
if buf.Len() > 0 {
|
||||
err = readNetAddress(buf, pver, &msg.AddrMe, false)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
if buf.Len() > 0 {
|
||||
err = readElement(buf, &msg.Nonce)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
if buf.Len() > 0 {
|
||||
userAgent, err := ReadVarString(buf, pver)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = validateUserAgent(userAgent)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
msg.UserAgent = userAgent
|
||||
}
|
||||
|
||||
// Protocol versions >= 209 added a last known block field. It is only
|
||||
// considered present if there are bytes remaining in the message.
|
||||
if buf.Len() > 0 {
|
||||
err = readElement(buf, &msg.LastBlock)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
// There was no relay transactions field before BIP0037Version, but
|
||||
// the default behavior prior to the addition of the field was to always
|
||||
// relay transactions.
|
||||
if buf.Len() > 0 {
|
||||
// It's safe to ignore the error here since the buffer has at
|
||||
// least one byte and that byte will result in a boolean value
|
||||
// regardless of its value. Also, the wire encoding for the
|
||||
// field is true when transactions should be relayed, so reverse
|
||||
// it for the DisableRelayTx field.
|
||||
var relayTx bool
|
||||
readElement(r, &relayTx)
|
||||
msg.DisableRelayTx = !relayTx
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// BtcEncode encodes the receiver to w using the bitcoin protocol encoding.
|
||||
// This is part of the Message interface implementation.
|
||||
func (msg *MsgVersion) BtcEncode(w io.Writer, pver uint32) error {
|
||||
err := validateUserAgent(msg.UserAgent)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
err = writeElements(w, msg.ProtocolVersion, msg.Services,
|
||||
msg.Timestamp.Unix())
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
err = writeNetAddress(w, pver, &msg.AddrYou, false)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
err = writeNetAddress(w, pver, &msg.AddrMe, false)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
err = writeElement(w, msg.Nonce)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
err = WriteVarString(w, pver, msg.UserAgent)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
err = writeElement(w, msg.LastBlock)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// There was no relay transactions field before BIP0037Version. Also,
|
||||
// the wire encoding for the field is true when transactions should be
|
||||
// relayed, so reverse it from the DisableRelayTx field.
|
||||
if pver >= BIP0037Version {
|
||||
err = writeElement(w, !msg.DisableRelayTx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// Command returns the protocol command string for the message. This is part
|
||||
// of the Message interface implementation.
|
||||
func (msg *MsgVersion) Command() string {
|
||||
return CmdVersion
|
||||
}
|
||||
|
||||
// MaxPayloadLength returns the maximum length the payload can be for the
|
||||
// receiver. This is part of the Message interface implementation.
|
||||
func (msg *MsgVersion) MaxPayloadLength(pver uint32) uint32 {
|
||||
// XXX: <= 106 different
|
||||
|
||||
// Protocol version 4 bytes + services 8 bytes + timestamp 8 bytes +
|
||||
// remote and local net addresses + nonce 8 bytes + length of user
|
||||
// agent (varInt) + max allowed useragent length + last block 4 bytes +
|
||||
// relay transactions flag 1 byte.
|
||||
return 33 + (maxNetAddressPayload(pver) * 2) + MaxVarIntPayload +
|
||||
MaxUserAgentLen
|
||||
}
|
||||
|
||||
// NewMsgVersion returns a new bitcoin version message that conforms to the
|
||||
// Message interface using the passed parameters and defaults for the remaining
|
||||
// fields.
|
||||
func NewMsgVersion(me *NetAddress, you *NetAddress, nonce uint64,
|
||||
lastBlock int32) *MsgVersion {
|
||||
|
||||
// Limit the timestamp to one second precision since the protocol
|
||||
// doesn't support better.
|
||||
return &MsgVersion{
|
||||
ProtocolVersion: int32(ProtocolVersion),
|
||||
Services: 0,
|
||||
Timestamp: time.Unix(time.Now().Unix(), 0),
|
||||
AddrYou: *you,
|
||||
AddrMe: *me,
|
||||
Nonce: nonce,
|
||||
UserAgent: DefaultUserAgent,
|
||||
LastBlock: lastBlock,
|
||||
DisableRelayTx: false,
|
||||
}
|
||||
}
|
||||
|
||||
// NewMsgVersionFromConn is a convenience function that extracts the remote
|
||||
// and local address from conn and returns a new bitcoin version message that
|
||||
// conforms to the Message interface. See NewMsgVersion.
|
||||
func NewMsgVersionFromConn(conn net.Conn, nonce uint64,
|
||||
lastBlock int32) (*MsgVersion, error) {
|
||||
|
||||
// Don't assume any services until we know otherwise.
|
||||
lna, err := NewNetAddress(conn.LocalAddr(), 0)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Don't assume any services until we know otherwise.
|
||||
rna, err := NewNetAddress(conn.RemoteAddr(), 0)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return NewMsgVersion(lna, rna, nonce, lastBlock), nil
|
||||
}
|
||||
|
||||
// validateUserAgent checks userAgent length against MaxUserAgentLen
|
||||
func validateUserAgent(userAgent string) error {
|
||||
if len(userAgent) > MaxUserAgentLen {
|
||||
str := fmt.Sprintf("user agent too long [len %v, max %v]",
|
||||
len(userAgent), MaxUserAgentLen)
|
||||
return messageError("MsgVersion", str)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// AddUserAgent adds a user agent to the user agent string for the version
|
||||
// message. The version string is not defined to any strict format, although
|
||||
// it is recommended to use the form "major.minor.revision" e.g. "2.6.41".
|
||||
func (msg *MsgVersion) AddUserAgent(name string, version string,
|
||||
comments ...string) error {
|
||||
|
||||
newUserAgent := fmt.Sprintf("%s:%s", name, version)
|
||||
if len(comments) != 0 {
|
||||
newUserAgent = fmt.Sprintf("%s(%s)", newUserAgent,
|
||||
strings.Join(comments, "; "))
|
||||
}
|
||||
newUserAgent = fmt.Sprintf("%s%s/", msg.UserAgent, newUserAgent)
|
||||
err := validateUserAgent(newUserAgent)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
msg.UserAgent = newUserAgent
|
||||
return nil
|
||||
}
|
167
src/vendor/github.com/btcsuite/btcd/wire/netaddress.go
generated
vendored
Normal file
167
src/vendor/github.com/btcsuite/btcd/wire/netaddress.go
generated
vendored
Normal file
|
@ -0,0 +1,167 @@
|
|||
// Copyright (c) 2013-2015 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package wire
|
||||
|
||||
import (
|
||||
"encoding/binary"
|
||||
"errors"
|
||||
"io"
|
||||
"net"
|
||||
"time"
|
||||
)
|
||||
|
||||
// ErrInvalidNetAddr describes an error that indicates the caller didn't specify
|
||||
// a TCP address as required.
|
||||
var ErrInvalidNetAddr = errors.New("provided net.Addr is not a net.TCPAddr")
|
||||
|
||||
// maxNetAddressPayload returns the max payload size for a bitcoin NetAddress
|
||||
// based on the protocol version.
|
||||
func maxNetAddressPayload(pver uint32) uint32 {
|
||||
// Services 8 bytes + ip 16 bytes + port 2 bytes.
|
||||
plen := uint32(26)
|
||||
|
||||
// NetAddressTimeVersion added a timestamp field.
|
||||
if pver >= NetAddressTimeVersion {
|
||||
// Timestamp 4 bytes.
|
||||
plen += 4
|
||||
}
|
||||
|
||||
return plen
|
||||
}
|
||||
|
||||
// NetAddress defines information about a peer on the network including the time
|
||||
// it was last seen, the services it supports, its IP address, and port.
|
||||
type NetAddress struct {
|
||||
// Last time the address was seen. This is, unfortunately, encoded as a
|
||||
// uint32 on the wire and therefore is limited to 2106. This field is
|
||||
// not present in the bitcoin version message (MsgVersion) nor was it
|
||||
// added until protocol version >= NetAddressTimeVersion.
|
||||
Timestamp time.Time
|
||||
|
||||
// Bitfield which identifies the services supported by the address.
|
||||
Services ServiceFlag
|
||||
|
||||
// IP address of the peer.
|
||||
IP net.IP
|
||||
|
||||
// Port the peer is using. This is encoded in big endian on the wire
|
||||
// which differs from most everything else.
|
||||
Port uint16
|
||||
}
|
||||
|
||||
// HasService returns whether the specified service is supported by the address.
|
||||
func (na *NetAddress) HasService(service ServiceFlag) bool {
|
||||
if na.Services&service == service {
|
||||
return true
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
// AddService adds service as a supported service by the peer generating the
|
||||
// message.
|
||||
func (na *NetAddress) AddService(service ServiceFlag) {
|
||||
na.Services |= service
|
||||
}
|
||||
|
||||
// SetAddress is a convenience function to set the IP address and port in one
|
||||
// call.
|
||||
func (na *NetAddress) SetAddress(ip net.IP, port uint16) {
|
||||
na.IP = ip
|
||||
na.Port = port
|
||||
}
|
||||
|
||||
// NewNetAddressIPPort returns a new NetAddress using the provided IP, port, and
|
||||
// supported services with defaults for the remaining fields.
|
||||
func NewNetAddressIPPort(ip net.IP, port uint16, services ServiceFlag) *NetAddress {
|
||||
// Limit the timestamp to one second precision since the protocol
|
||||
// doesn't support better.
|
||||
na := NetAddress{
|
||||
Timestamp: time.Unix(time.Now().Unix(), 0),
|
||||
Services: services,
|
||||
IP: ip,
|
||||
Port: port,
|
||||
}
|
||||
return &na
|
||||
}
|
||||
|
||||
// NewNetAddress returns a new NetAddress using the provided TCP address and
|
||||
// supported services with defaults for the remaining fields.
|
||||
//
|
||||
// Note that addr must be a net.TCPAddr. An ErrInvalidNetAddr is returned
|
||||
// if it is not.
|
||||
func NewNetAddress(addr net.Addr, services ServiceFlag) (*NetAddress, error) {
|
||||
tcpAddr, ok := addr.(*net.TCPAddr)
|
||||
if !ok {
|
||||
return nil, ErrInvalidNetAddr
|
||||
}
|
||||
|
||||
na := NewNetAddressIPPort(tcpAddr.IP, uint16(tcpAddr.Port), services)
|
||||
return na, nil
|
||||
}
|
||||
|
||||
// readNetAddress reads an encoded NetAddress from r depending on the protocol
|
||||
// version and whether or not the timestamp is included per ts. Some messages
|
||||
// like version do not include the timestamp.
|
||||
func readNetAddress(r io.Reader, pver uint32, na *NetAddress, ts bool) error {
|
||||
var services ServiceFlag
|
||||
var ip [16]byte
|
||||
|
||||
// NOTE: The bitcoin protocol uses a uint32 for the timestamp so it will
|
||||
// stop working somewhere around 2106. Also timestamp wasn't added until
|
||||
// protocol version >= NetAddressTimeVersion
|
||||
if ts && pver >= NetAddressTimeVersion {
|
||||
err := readElement(r, (*uint32Time)(&na.Timestamp))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
err := readElements(r, &services, &ip)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
// Sigh. Bitcoin protocol mixes little and big endian.
|
||||
port, err := binarySerializer.Uint16(r, bigEndian)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
na.Services = services
|
||||
na.SetAddress(net.IP(ip[:]), port)
|
||||
return nil
|
||||
}
|
||||
|
||||
// writeNetAddress serializes a NetAddress to w depending on the protocol
|
||||
// version and whether or not the timestamp is included per ts. Some messages
|
||||
// like version do not include the timestamp.
|
||||
func writeNetAddress(w io.Writer, pver uint32, na *NetAddress, ts bool) error {
|
||||
// NOTE: The bitcoin protocol uses a uint32 for the timestamp so it will
|
||||
// stop working somewhere around 2106. Also timestamp wasn't added until
|
||||
// until protocol version >= NetAddressTimeVersion.
|
||||
if ts && pver >= NetAddressTimeVersion {
|
||||
err := writeElement(w, uint32(na.Timestamp.Unix()))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
// Ensure to always write 16 bytes even if the ip is nil.
|
||||
var ip [16]byte
|
||||
if na.IP != nil {
|
||||
copy(ip[:], na.IP.To16())
|
||||
}
|
||||
err := writeElements(w, na.Services, ip)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Sigh. Bitcoin protocol mixes little and big endian.
|
||||
err = binary.Write(w, bigEndian, na.Port)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
144
src/vendor/github.com/btcsuite/btcd/wire/protocol.go
generated
vendored
Normal file
144
src/vendor/github.com/btcsuite/btcd/wire/protocol.go
generated
vendored
Normal file
|
@ -0,0 +1,144 @@
|
|||
// Copyright (c) 2013-2016 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package wire
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"strconv"
|
||||
"strings"
|
||||
)
|
||||
|
||||
const (
|
||||
// ProtocolVersion is the latest protocol version this package supports.
|
||||
ProtocolVersion uint32 = 70012
|
||||
|
||||
// MultipleAddressVersion is the protocol version which added multiple
|
||||
// addresses per message (pver >= MultipleAddressVersion).
|
||||
MultipleAddressVersion uint32 = 209
|
||||
|
||||
// NetAddressTimeVersion is the protocol version which added the
|
||||
// timestamp field (pver >= NetAddressTimeVersion).
|
||||
NetAddressTimeVersion uint32 = 31402
|
||||
|
||||
// BIP0031Version is the protocol version AFTER which a pong message
|
||||
// and nonce field in ping were added (pver > BIP0031Version).
|
||||
BIP0031Version uint32 = 60000
|
||||
|
||||
// BIP0035Version is the protocol version which added the mempool
|
||||
// message (pver >= BIP0035Version).
|
||||
BIP0035Version uint32 = 60002
|
||||
|
||||
// BIP0037Version is the protocol version which added new connection
|
||||
// bloom filtering related messages and extended the version message
|
||||
// with a relay flag (pver >= BIP0037Version).
|
||||
BIP0037Version uint32 = 70001
|
||||
|
||||
// BIP0111Version is the protocol version which added the SFNodeBloom
|
||||
// service flag.
|
||||
BIP0111Version uint32 = 70011
|
||||
|
||||
// SendHeadersVersion is the protocol version which added a new
|
||||
// sendheaders message.
|
||||
SendHeadersVersion uint32 = 70012
|
||||
|
||||
// RejectVersion is the protocol version which added a new reject
|
||||
// message.
|
||||
RejectVersion uint32 = 70002
|
||||
)
|
||||
|
||||
// ServiceFlag identifies services supported by a bitcoin peer.
|
||||
type ServiceFlag uint64
|
||||
|
||||
const (
|
||||
// SFNodeNetwork is a flag used to indicate a peer is a full node.
|
||||
SFNodeNetwork ServiceFlag = 1 << iota
|
||||
|
||||
// SFNodeGetUTXO is a flag used to indicate a peer supports the
|
||||
// getutxos and utxos commands (BIP0064).
|
||||
SFNodeGetUTXO
|
||||
|
||||
// SFNodeBloom is a flag used to indiciate a peer supports bloom
|
||||
// filtering.
|
||||
SFNodeBloom
|
||||
)
|
||||
|
||||
// Map of service flags back to their constant names for pretty printing.
|
||||
var sfStrings = map[ServiceFlag]string{
|
||||
SFNodeNetwork: "SFNodeNetwork",
|
||||
SFNodeGetUTXO: "SFNodeGetUTXO",
|
||||
SFNodeBloom: "SFNodeBloom",
|
||||
}
|
||||
|
||||
// orderedSFStrings is an ordered list of service flags from highest to
|
||||
// lowest.
|
||||
var orderedSFStrings = []ServiceFlag{
|
||||
SFNodeNetwork,
|
||||
SFNodeGetUTXO,
|
||||
SFNodeBloom,
|
||||
}
|
||||
|
||||
// String returns the ServiceFlag in human-readable form.
|
||||
func (f ServiceFlag) String() string {
|
||||
// No flags are set.
|
||||
if f == 0 {
|
||||
return "0x0"
|
||||
}
|
||||
|
||||
// Add individual bit flags.
|
||||
s := ""
|
||||
for _, flag := range orderedSFStrings {
|
||||
if f&flag == flag {
|
||||
s += sfStrings[flag] + "|"
|
||||
f -= flag
|
||||
}
|
||||
}
|
||||
|
||||
// Add any remaining flags which aren't accounted for as hex.
|
||||
s = strings.TrimRight(s, "|")
|
||||
if f != 0 {
|
||||
s += "|0x" + strconv.FormatUint(uint64(f), 16)
|
||||
}
|
||||
s = strings.TrimLeft(s, "|")
|
||||
return s
|
||||
}
|
||||
|
||||
// BitcoinNet represents which bitcoin network a message belongs to.
|
||||
type BitcoinNet uint32
|
||||
|
||||
// Constants used to indicate the message bitcoin network. They can also be
|
||||
// used to seek to the next message when a stream's state is unknown, but
|
||||
// this package does not provide that functionality since it's generally a
|
||||
// better idea to simply disconnect clients that are misbehaving over TCP.
|
||||
const (
|
||||
// MainNet represents the main bitcoin network.
|
||||
MainNet BitcoinNet = 0xd9b4bef9
|
||||
|
||||
// TestNet represents the regression test network.
|
||||
TestNet BitcoinNet = 0xdab5bffa
|
||||
|
||||
// TestNet3 represents the test network (version 3).
|
||||
TestNet3 BitcoinNet = 0x0709110b
|
||||
|
||||
// SimNet represents the simulation test network.
|
||||
SimNet BitcoinNet = 0x12141c16
|
||||
)
|
||||
|
||||
// bnStrings is a map of bitcoin networks back to their constant names for
|
||||
// pretty printing.
|
||||
var bnStrings = map[BitcoinNet]string{
|
||||
MainNet: "MainNet",
|
||||
TestNet: "TestNet",
|
||||
TestNet3: "TestNet3",
|
||||
SimNet: "SimNet",
|
||||
}
|
||||
|
||||
// String returns the BitcoinNet in human-readable form.
|
||||
func (n BitcoinNet) String() string {
|
||||
if s, ok := bnStrings[n]; ok {
|
||||
return s
|
||||
}
|
||||
|
||||
return fmt.Sprintf("Unknown BitcoinNet (%d)", uint32(n))
|
||||
}
|
15
src/vendor/github.com/btcsuite/btcutil/LICENSE
generated
vendored
Normal file
15
src/vendor/github.com/btcsuite/btcutil/LICENSE
generated
vendored
Normal file
|
@ -0,0 +1,15 @@
|
|||
ISC License
|
||||
|
||||
Copyright (c) 2013 Conformal Systems LLC.
|
||||
|
||||
Permission to use, copy, modify, and distribute this software for any
|
||||
purpose with or without fee is hereby granted, provided that the above
|
||||
copyright notice and this permission notice appear in all copies.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
53
src/vendor/github.com/btcsuite/btcutil/README.md
generated
vendored
Normal file
53
src/vendor/github.com/btcsuite/btcutil/README.md
generated
vendored
Normal file
|
@ -0,0 +1,53 @@
|
|||
btcutil
|
||||
=======
|
||||
|
||||
[![Build Status](http://img.shields.io/travis/btcsuite/btcutil.svg)]
|
||||
(https://travis-ci.org/btcsuite/btcutil) [![Coverage Status]
|
||||
(http://img.shields.io/coveralls/btcsuite/btcutil.svg)]
|
||||
(https://coveralls.io/r/btcsuite/btcutil?branch=master) [![ISC License]
|
||||
(http://img.shields.io/badge/license-ISC-blue.svg)](http://copyfree.org)
|
||||
[![GoDoc](http://img.shields.io/badge/godoc-reference-blue.svg)]
|
||||
(http://godoc.org/github.com/btcsuite/btcutil)
|
||||
|
||||
Package btcutil provides bitcoin-specific convenience functions and types.
|
||||
A comprehensive suite of tests is provided to ensure proper functionality. See
|
||||
`test_coverage.txt` for the gocov coverage report. Alternatively, if you are
|
||||
running a POSIX OS, you can run the `cov_report.sh` script for a real-time
|
||||
report.
|
||||
|
||||
This package was developed for btcd, an alternative full-node implementation of
|
||||
bitcoin which is under active development by Conformal. Although it was
|
||||
primarily written for btcd, this package has intentionally been designed so it
|
||||
can be used as a standalone package for any projects needing the functionality
|
||||
provided.
|
||||
|
||||
## Installation and Updating
|
||||
|
||||
```bash
|
||||
$ go get -u github.com/btcsuite/btcutil
|
||||
```
|
||||
|
||||
## GPG Verification Key
|
||||
|
||||
All official release tags are signed by Conformal so users can ensure the code
|
||||
has not been tampered with and is coming from the btcsuite developers. To
|
||||
verify the signature perform the following:
|
||||
|
||||
- Download the public key from the Conformal website at
|
||||
https://opensource.conformal.com/GIT-GPG-KEY-conformal.txt
|
||||
|
||||
- Import the public key into your GPG keyring:
|
||||
```bash
|
||||
gpg --import GIT-GPG-KEY-conformal.txt
|
||||
```
|
||||
|
||||
- Verify the release tag with the following command where `TAG_NAME` is a
|
||||
placeholder for the specific tag:
|
||||
```bash
|
||||
git tag -v TAG_NAME
|
||||
```
|
||||
|
||||
## License
|
||||
|
||||
Package btcutil is licensed under the [copyfree](http://copyfree.org) ISC
|
||||
License.
|
377
src/vendor/github.com/btcsuite/btcutil/address.go
generated
vendored
Normal file
377
src/vendor/github.com/btcsuite/btcutil/address.go
generated
vendored
Normal file
|
@ -0,0 +1,377 @@
|
|||
// Copyright (c) 2013, 2014 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package btcutil
|
||||
|
||||
import (
|
||||
"encoding/hex"
|
||||
"errors"
|
||||
|
||||
"github.com/btcsuite/btcd/btcec"
|
||||
"github.com/btcsuite/btcd/chaincfg"
|
||||
"github.com/btcsuite/btcutil/base58"
|
||||
"github.com/btcsuite/golangcrypto/ripemd160"
|
||||
)
|
||||
|
||||
var (
|
||||
// ErrChecksumMismatch describes an error where decoding failed due
|
||||
// to a bad checksum.
|
||||
ErrChecksumMismatch = errors.New("checksum mismatch")
|
||||
|
||||
// ErrUnknownAddressType describes an error where an address can not
|
||||
// decoded as a specific address type due to the string encoding
|
||||
// begining with an identifier byte unknown to any standard or
|
||||
// registered (via chaincfg.Register) network.
|
||||
ErrUnknownAddressType = errors.New("unknown address type")
|
||||
|
||||
// ErrAddressCollision describes an error where an address can not
|
||||
// be uniquely determined as either a pay-to-pubkey-hash or
|
||||
// pay-to-script-hash address since the leading identifier is used for
|
||||
// describing both address kinds, but for different networks. Rather
|
||||
// than assuming or defaulting to one or the other, this error is
|
||||
// returned and the caller must decide how to decode the address.
|
||||
ErrAddressCollision = errors.New("address collision")
|
||||
)
|
||||
|
||||
// encodeAddress returns a human-readable payment address given a ripemd160 hash
|
||||
// and netID which encodes the bitcoin network and address type. It is used
|
||||
// in both pay-to-pubkey-hash (P2PKH) and pay-to-script-hash (P2SH) address
|
||||
// encoding.
|
||||
func encodeAddress(hash160 []byte, netID byte) string {
|
||||
// Format is 1 byte for a network and address class (i.e. P2PKH vs
|
||||
// P2SH), 20 bytes for a RIPEMD160 hash, and 4 bytes of checksum.
|
||||
return base58.CheckEncode(hash160[:ripemd160.Size], netID)
|
||||
}
|
||||
|
||||
// Address is an interface type for any type of destination a transaction
|
||||
// output may spend to. This includes pay-to-pubkey (P2PK), pay-to-pubkey-hash
|
||||
// (P2PKH), and pay-to-script-hash (P2SH). Address is designed to be generic
|
||||
// enough that other kinds of addresses may be added in the future without
|
||||
// changing the decoding and encoding API.
|
||||
type Address interface {
|
||||
// String returns the string encoding of the transaction output
|
||||
// destination.
|
||||
//
|
||||
// Please note that String differs subtly from EncodeAddress: String
|
||||
// will return the value as a string without any conversion, while
|
||||
// EncodeAddress may convert destination types (for example,
|
||||
// converting pubkeys to P2PKH addresses) before encoding as a
|
||||
// payment address string.
|
||||
String() string
|
||||
|
||||
// EncodeAddress returns the string encoding of the payment address
|
||||
// associated with the Address value. See the comment on String
|
||||
// for how this method differs from String.
|
||||
EncodeAddress() string
|
||||
|
||||
// ScriptAddress returns the raw bytes of the address to be used
|
||||
// when inserting the address into a txout's script.
|
||||
ScriptAddress() []byte
|
||||
|
||||
// IsForNet returns whether or not the address is associated with the
|
||||
// passed bitcoin network.
|
||||
IsForNet(*chaincfg.Params) bool
|
||||
}
|
||||
|
||||
// DecodeAddress decodes the string encoding of an address and returns
|
||||
// the Address if addr is a valid encoding for a known address type.
|
||||
//
|
||||
// The bitcoin network the address is associated with is extracted if possible.
|
||||
// When the address does not encode the network, such as in the case of a raw
|
||||
// public key, the address will be associated with the passed defaultNet.
|
||||
func DecodeAddress(addr string, defaultNet *chaincfg.Params) (Address, error) {
|
||||
// Serialized public keys are either 65 bytes (130 hex chars) if
|
||||
// uncompressed/hybrid or 33 bytes (66 hex chars) if compressed.
|
||||
if len(addr) == 130 || len(addr) == 66 {
|
||||
serializedPubKey, err := hex.DecodeString(addr)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return NewAddressPubKey(serializedPubKey, defaultNet)
|
||||
}
|
||||
|
||||
// Switch on decoded length to determine the type.
|
||||
decoded, netID, err := base58.CheckDecode(addr)
|
||||
if err != nil {
|
||||
if err == base58.ErrChecksum {
|
||||
return nil, ErrChecksumMismatch
|
||||
}
|
||||
return nil, errors.New("decoded address is of unknown format")
|
||||
}
|
||||
switch len(decoded) {
|
||||
case ripemd160.Size: // P2PKH or P2SH
|
||||
isP2PKH := chaincfg.IsPubKeyHashAddrID(netID)
|
||||
isP2SH := chaincfg.IsScriptHashAddrID(netID)
|
||||
switch hash160 := decoded; {
|
||||
case isP2PKH && isP2SH:
|
||||
return nil, ErrAddressCollision
|
||||
case isP2PKH:
|
||||
return newAddressPubKeyHash(hash160, netID)
|
||||
case isP2SH:
|
||||
return newAddressScriptHashFromHash(hash160, netID)
|
||||
default:
|
||||
return nil, ErrUnknownAddressType
|
||||
}
|
||||
|
||||
default:
|
||||
return nil, errors.New("decoded address is of unknown size")
|
||||
}
|
||||
}
|
||||
|
||||
// AddressPubKeyHash is an Address for a pay-to-pubkey-hash (P2PKH)
|
||||
// transaction.
|
||||
type AddressPubKeyHash struct {
|
||||
hash [ripemd160.Size]byte
|
||||
netID byte
|
||||
}
|
||||
|
||||
// NewAddressPubKeyHash returns a new AddressPubKeyHash. pkHash mustbe 20
|
||||
// bytes.
|
||||
func NewAddressPubKeyHash(pkHash []byte, net *chaincfg.Params) (*AddressPubKeyHash, error) {
|
||||
return newAddressPubKeyHash(pkHash, net.PubKeyHashAddrID)
|
||||
}
|
||||
|
||||
// newAddressPubKeyHash is the internal API to create a pubkey hash address
|
||||
// with a known leading identifier byte for a network, rather than looking
|
||||
// it up through its parameters. This is useful when creating a new address
|
||||
// structure from a string encoding where the identifer byte is already
|
||||
// known.
|
||||
func newAddressPubKeyHash(pkHash []byte, netID byte) (*AddressPubKeyHash, error) {
|
||||
// Check for a valid pubkey hash length.
|
||||
if len(pkHash) != ripemd160.Size {
|
||||
return nil, errors.New("pkHash must be 20 bytes")
|
||||
}
|
||||
|
||||
addr := &AddressPubKeyHash{netID: netID}
|
||||
copy(addr.hash[:], pkHash)
|
||||
return addr, nil
|
||||
}
|
||||
|
||||
// EncodeAddress returns the string encoding of a pay-to-pubkey-hash
|
||||
// address. Part of the Address interface.
|
||||
func (a *AddressPubKeyHash) EncodeAddress() string {
|
||||
return encodeAddress(a.hash[:], a.netID)
|
||||
}
|
||||
|
||||
// ScriptAddress returns the bytes to be included in a txout script to pay
|
||||
// to a pubkey hash. Part of the Address interface.
|
||||
func (a *AddressPubKeyHash) ScriptAddress() []byte {
|
||||
return a.hash[:]
|
||||
}
|
||||
|
||||
// IsForNet returns whether or not the pay-to-pubkey-hash address is associated
|
||||
// with the passed bitcoin network.
|
||||
func (a *AddressPubKeyHash) IsForNet(net *chaincfg.Params) bool {
|
||||
return a.netID == net.PubKeyHashAddrID
|
||||
}
|
||||
|
||||
// String returns a human-readable string for the pay-to-pubkey-hash address.
|
||||
// This is equivalent to calling EncodeAddress, but is provided so the type can
|
||||
// be used as a fmt.Stringer.
|
||||
func (a *AddressPubKeyHash) String() string {
|
||||
return a.EncodeAddress()
|
||||
}
|
||||
|
||||
// Hash160 returns the underlying array of the pubkey hash. This can be useful
|
||||
// when an array is more appropiate than a slice (for example, when used as map
|
||||
// keys).
|
||||
func (a *AddressPubKeyHash) Hash160() *[ripemd160.Size]byte {
|
||||
return &a.hash
|
||||
}
|
||||
|
||||
// AddressScriptHash is an Address for a pay-to-script-hash (P2SH)
|
||||
// transaction.
|
||||
type AddressScriptHash struct {
|
||||
hash [ripemd160.Size]byte
|
||||
netID byte
|
||||
}
|
||||
|
||||
// NewAddressScriptHash returns a new AddressScriptHash.
|
||||
func NewAddressScriptHash(serializedScript []byte, net *chaincfg.Params) (*AddressScriptHash, error) {
|
||||
scriptHash := Hash160(serializedScript)
|
||||
return newAddressScriptHashFromHash(scriptHash, net.ScriptHashAddrID)
|
||||
}
|
||||
|
||||
// NewAddressScriptHashFromHash returns a new AddressScriptHash. scriptHash
|
||||
// must be 20 bytes.
|
||||
func NewAddressScriptHashFromHash(scriptHash []byte, net *chaincfg.Params) (*AddressScriptHash, error) {
|
||||
return newAddressScriptHashFromHash(scriptHash, net.ScriptHashAddrID)
|
||||
}
|
||||
|
||||
// newAddressScriptHashFromHash is the internal API to create a script hash
|
||||
// address with a known leading identifier byte for a network, rather than
|
||||
// looking it up through its parameters. This is useful when creating a new
|
||||
// address structure from a string encoding where the identifer byte is already
|
||||
// known.
|
||||
func newAddressScriptHashFromHash(scriptHash []byte, netID byte) (*AddressScriptHash, error) {
|
||||
// Check for a valid script hash length.
|
||||
if len(scriptHash) != ripemd160.Size {
|
||||
return nil, errors.New("scriptHash must be 20 bytes")
|
||||
}
|
||||
|
||||
addr := &AddressScriptHash{netID: netID}
|
||||
copy(addr.hash[:], scriptHash)
|
||||
return addr, nil
|
||||
}
|
||||
|
||||
// EncodeAddress returns the string encoding of a pay-to-script-hash
|
||||
// address. Part of the Address interface.
|
||||
func (a *AddressScriptHash) EncodeAddress() string {
|
||||
return encodeAddress(a.hash[:], a.netID)
|
||||
}
|
||||
|
||||
// ScriptAddress returns the bytes to be included in a txout script to pay
|
||||
// to a script hash. Part of the Address interface.
|
||||
func (a *AddressScriptHash) ScriptAddress() []byte {
|
||||
return a.hash[:]
|
||||
}
|
||||
|
||||
// IsForNet returns whether or not the pay-to-script-hash address is associated
|
||||
// with the passed bitcoin network.
|
||||
func (a *AddressScriptHash) IsForNet(net *chaincfg.Params) bool {
|
||||
return a.netID == net.ScriptHashAddrID
|
||||
}
|
||||
|
||||
// String returns a human-readable string for the pay-to-script-hash address.
|
||||
// This is equivalent to calling EncodeAddress, but is provided so the type can
|
||||
// be used as a fmt.Stringer.
|
||||
func (a *AddressScriptHash) String() string {
|
||||
return a.EncodeAddress()
|
||||
}
|
||||
|
||||
// Hash160 returns the underlying array of the script hash. This can be useful
|
||||
// when an array is more appropiate than a slice (for example, when used as map
|
||||
// keys).
|
||||
func (a *AddressScriptHash) Hash160() *[ripemd160.Size]byte {
|
||||
return &a.hash
|
||||
}
|
||||
|
||||
// PubKeyFormat describes what format to use for a pay-to-pubkey address.
|
||||
type PubKeyFormat int
|
||||
|
||||
const (
|
||||
// PKFUncompressed indicates the pay-to-pubkey address format is an
|
||||
// uncompressed public key.
|
||||
PKFUncompressed PubKeyFormat = iota
|
||||
|
||||
// PKFCompressed indicates the pay-to-pubkey address format is a
|
||||
// compressed public key.
|
||||
PKFCompressed
|
||||
|
||||
// PKFHybrid indicates the pay-to-pubkey address format is a hybrid
|
||||
// public key.
|
||||
PKFHybrid
|
||||
)
|
||||
|
||||
// AddressPubKey is an Address for a pay-to-pubkey transaction.
|
||||
type AddressPubKey struct {
|
||||
pubKeyFormat PubKeyFormat
|
||||
pubKey *btcec.PublicKey
|
||||
pubKeyHashID byte
|
||||
}
|
||||
|
||||
// NewAddressPubKey returns a new AddressPubKey which represents a pay-to-pubkey
|
||||
// address. The serializedPubKey parameter must be a valid pubkey and can be
|
||||
// uncompressed, compressed, or hybrid.
|
||||
func NewAddressPubKey(serializedPubKey []byte, net *chaincfg.Params) (*AddressPubKey, error) {
|
||||
pubKey, err := btcec.ParsePubKey(serializedPubKey, btcec.S256())
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Set the format of the pubkey. This probably should be returned
|
||||
// from btcec, but do it here to avoid API churn. We already know the
|
||||
// pubkey is valid since it parsed above, so it's safe to simply examine
|
||||
// the leading byte to get the format.
|
||||
pkFormat := PKFUncompressed
|
||||
switch serializedPubKey[0] {
|
||||
case 0x02, 0x03:
|
||||
pkFormat = PKFCompressed
|
||||
case 0x06, 0x07:
|
||||
pkFormat = PKFHybrid
|
||||
}
|
||||
|
||||
return &AddressPubKey{
|
||||
pubKeyFormat: pkFormat,
|
||||
pubKey: pubKey,
|
||||
pubKeyHashID: net.PubKeyHashAddrID,
|
||||
}, nil
|
||||
}
|
||||
|
||||
// serialize returns the serialization of the public key according to the
|
||||
// format associated with the address.
|
||||
func (a *AddressPubKey) serialize() []byte {
|
||||
switch a.pubKeyFormat {
|
||||
default:
|
||||
fallthrough
|
||||
case PKFUncompressed:
|
||||
return a.pubKey.SerializeUncompressed()
|
||||
|
||||
case PKFCompressed:
|
||||
return a.pubKey.SerializeCompressed()
|
||||
|
||||
case PKFHybrid:
|
||||
return a.pubKey.SerializeHybrid()
|
||||
}
|
||||
}
|
||||
|
||||
// EncodeAddress returns the string encoding of the public key as a
|
||||
// pay-to-pubkey-hash. Note that the public key format (uncompressed,
|
||||
// compressed, etc) will change the resulting address. This is expected since
|
||||
// pay-to-pubkey-hash is a hash of the serialized public key which obviously
|
||||
// differs with the format. At the time of this writing, most Bitcoin addresses
|
||||
// are pay-to-pubkey-hash constructed from the uncompressed public key.
|
||||
//
|
||||
// Part of the Address interface.
|
||||
func (a *AddressPubKey) EncodeAddress() string {
|
||||
return encodeAddress(Hash160(a.serialize()), a.pubKeyHashID)
|
||||
}
|
||||
|
||||
// ScriptAddress returns the bytes to be included in a txout script to pay
|
||||
// to a public key. Setting the public key format will affect the output of
|
||||
// this function accordingly. Part of the Address interface.
|
||||
func (a *AddressPubKey) ScriptAddress() []byte {
|
||||
return a.serialize()
|
||||
}
|
||||
|
||||
// IsForNet returns whether or not the pay-to-pubkey address is associated
|
||||
// with the passed bitcoin network.
|
||||
func (a *AddressPubKey) IsForNet(net *chaincfg.Params) bool {
|
||||
return a.pubKeyHashID == net.PubKeyHashAddrID
|
||||
}
|
||||
|
||||
// String returns the hex-encoded human-readable string for the pay-to-pubkey
|
||||
// address. This is not the same as calling EncodeAddress.
|
||||
func (a *AddressPubKey) String() string {
|
||||
return hex.EncodeToString(a.serialize())
|
||||
}
|
||||
|
||||
// Format returns the format (uncompressed, compressed, etc) of the
|
||||
// pay-to-pubkey address.
|
||||
func (a *AddressPubKey) Format() PubKeyFormat {
|
||||
return a.pubKeyFormat
|
||||
}
|
||||
|
||||
// SetFormat sets the format (uncompressed, compressed, etc) of the
|
||||
// pay-to-pubkey address.
|
||||
func (a *AddressPubKey) SetFormat(pkFormat PubKeyFormat) {
|
||||
a.pubKeyFormat = pkFormat
|
||||
}
|
||||
|
||||
// AddressPubKeyHash returns the pay-to-pubkey address converted to a
|
||||
// pay-to-pubkey-hash address. Note that the public key format (uncompressed,
|
||||
// compressed, etc) will change the resulting address. This is expected since
|
||||
// pay-to-pubkey-hash is a hash of the serialized public key which obviously
|
||||
// differs with the format. At the time of this writing, most Bitcoin addresses
|
||||
// are pay-to-pubkey-hash constructed from the uncompressed public key.
|
||||
func (a *AddressPubKey) AddressPubKeyHash() *AddressPubKeyHash {
|
||||
addr := &AddressPubKeyHash{netID: a.pubKeyHashID}
|
||||
copy(addr.hash[:], Hash160(a.serialize()))
|
||||
return addr
|
||||
}
|
||||
|
||||
// PubKey returns the underlying public key for the address.
|
||||
func (a *AddressPubKey) PubKey() *btcec.PublicKey {
|
||||
return a.pubKey
|
||||
}
|
122
src/vendor/github.com/btcsuite/btcutil/amount.go
generated
vendored
Normal file
122
src/vendor/github.com/btcsuite/btcutil/amount.go
generated
vendored
Normal file
|
@ -0,0 +1,122 @@
|
|||
// Copyright (c) 2013, 2014 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package btcutil
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"math"
|
||||
"strconv"
|
||||
)
|
||||
|
||||
// AmountUnit describes a method of converting an Amount to something
|
||||
// other than the base unit of a bitcoin. The value of the AmountUnit
|
||||
// is the exponent component of the decadic multiple to convert from
|
||||
// an amount in bitcoin to an amount counted in units.
|
||||
type AmountUnit int
|
||||
|
||||
// These constants define various units used when describing a bitcoin
|
||||
// monetary amount.
|
||||
const (
|
||||
AmountMegaBTC AmountUnit = 6
|
||||
AmountKiloBTC AmountUnit = 3
|
||||
AmountBTC AmountUnit = 0
|
||||
AmountMilliBTC AmountUnit = -3
|
||||
AmountMicroBTC AmountUnit = -6
|
||||
AmountSatoshi AmountUnit = -8
|
||||
)
|
||||
|
||||
// String returns the unit as a string. For recognized units, the SI
|
||||
// prefix is used, or "Satoshi" for the base unit. For all unrecognized
|
||||
// units, "1eN BTC" is returned, where N is the AmountUnit.
|
||||
func (u AmountUnit) String() string {
|
||||
switch u {
|
||||
case AmountMegaBTC:
|
||||
return "MBTC"
|
||||
case AmountKiloBTC:
|
||||
return "kBTC"
|
||||
case AmountBTC:
|
||||
return "BTC"
|
||||
case AmountMilliBTC:
|
||||
return "mBTC"
|
||||
case AmountMicroBTC:
|
||||
return "μBTC"
|
||||
case AmountSatoshi:
|
||||
return "Satoshi"
|
||||
default:
|
||||
return "1e" + strconv.FormatInt(int64(u), 10) + " BTC"
|
||||
}
|
||||
}
|
||||
|
||||
// Amount represents the base bitcoin monetary unit (colloquially referred
|
||||
// to as a `Satoshi'). A single Amount is equal to 1e-8 of a bitcoin.
|
||||
type Amount int64
|
||||
|
||||
// round converts a floating point number, which may or may not be representable
|
||||
// as an integer, to the Amount integer type by rounding to the nearest integer.
|
||||
// This is performed by adding or subtracting 0.5 depending on the sign, and
|
||||
// relying on integer truncation to round the value to the nearest Amount.
|
||||
func round(f float64) Amount {
|
||||
if f < 0 {
|
||||
return Amount(f - 0.5)
|
||||
}
|
||||
return Amount(f + 0.5)
|
||||
}
|
||||
|
||||
// NewAmount creates an Amount from a floating point value representing
|
||||
// some value in bitcoin. NewAmount errors if f is NaN or +-Infinity, but
|
||||
// does not check that the amount is within the total amount of bitcoin
|
||||
// producible as f may not refer to an amount at a single moment in time.
|
||||
//
|
||||
// NewAmount is for specifically for converting BTC to Satoshi.
|
||||
// For creating a new Amount with an int64 value which denotes a quantity of Satoshi,
|
||||
// do a simple type conversion from type int64 to Amount.
|
||||
// See GoDoc for example: http://godoc.org/github.com/btcsuite/btcutil#example-Amount
|
||||
func NewAmount(f float64) (Amount, error) {
|
||||
// The amount is only considered invalid if it cannot be represented
|
||||
// as an integer type. This may happen if f is NaN or +-Infinity.
|
||||
switch {
|
||||
case math.IsNaN(f):
|
||||
fallthrough
|
||||
case math.IsInf(f, 1):
|
||||
fallthrough
|
||||
case math.IsInf(f, -1):
|
||||
return 0, errors.New("invalid bitcoin amount")
|
||||
}
|
||||
|
||||
return round(f * SatoshiPerBitcoin), nil
|
||||
}
|
||||
|
||||
// ToUnit converts a monetary amount counted in bitcoin base units to a
|
||||
// floating point value representing an amount of bitcoin.
|
||||
func (a Amount) ToUnit(u AmountUnit) float64 {
|
||||
return float64(a) / math.Pow10(int(u+8))
|
||||
}
|
||||
|
||||
// ToBTC is the equivalent of calling ToUnit with AmountBTC.
|
||||
func (a Amount) ToBTC() float64 {
|
||||
return a.ToUnit(AmountBTC)
|
||||
}
|
||||
|
||||
// Format formats a monetary amount counted in bitcoin base units as a
|
||||
// string for a given unit. The conversion will succeed for any unit,
|
||||
// however, known units will be formated with an appended label describing
|
||||
// the units with SI notation, or "Satoshi" for the base unit.
|
||||
func (a Amount) Format(u AmountUnit) string {
|
||||
units := " " + u.String()
|
||||
return strconv.FormatFloat(a.ToUnit(u), 'f', -int(u+8), 64) + units
|
||||
}
|
||||
|
||||
// String is the equivalent of calling Format with AmountBTC.
|
||||
func (a Amount) String() string {
|
||||
return a.Format(AmountBTC)
|
||||
}
|
||||
|
||||
// MulF64 multiplies an Amount by a floating point value. While this is not
|
||||
// an operation that must typically be done by a full node or wallet, it is
|
||||
// useful for services that build on top of bitcoin (for example, calculating
|
||||
// a fee by multiplying by a percentage).
|
||||
func (a Amount) MulF64(f float64) Amount {
|
||||
return round(float64(a) * f)
|
||||
}
|
107
src/vendor/github.com/btcsuite/btcutil/appdata.go
generated
vendored
Normal file
107
src/vendor/github.com/btcsuite/btcutil/appdata.go
generated
vendored
Normal file
|
@ -0,0 +1,107 @@
|
|||
// Copyright (c) 2013-2014 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package btcutil
|
||||
|
||||
import (
|
||||
"os"
|
||||
"os/user"
|
||||
"path/filepath"
|
||||
"runtime"
|
||||
"strings"
|
||||
"unicode"
|
||||
)
|
||||
|
||||
// appDataDir returns an operating system specific directory to be used for
|
||||
// storing application data for an application. See AppDataDir for more
|
||||
// details. This unexported version takes an operating system argument
|
||||
// primarily to enable the testing package to properly test the function by
|
||||
// forcing an operating system that is not the currently one.
|
||||
func appDataDir(goos, appName string, roaming bool) string {
|
||||
if appName == "" || appName == "." {
|
||||
return "."
|
||||
}
|
||||
|
||||
// The caller really shouldn't prepend the appName with a period, but
|
||||
// if they do, handle it gracefully by stripping it.
|
||||
if strings.HasPrefix(appName, ".") {
|
||||
appName = appName[1:]
|
||||
}
|
||||
appNameUpper := string(unicode.ToUpper(rune(appName[0]))) + appName[1:]
|
||||
appNameLower := string(unicode.ToLower(rune(appName[0]))) + appName[1:]
|
||||
|
||||
// Get the OS specific home directory via the Go standard lib.
|
||||
var homeDir string
|
||||
usr, err := user.Current()
|
||||
if err == nil {
|
||||
homeDir = usr.HomeDir
|
||||
}
|
||||
|
||||
// Fall back to standard HOME environment variable that works
|
||||
// for most POSIX OSes if the directory from the Go standard
|
||||
// lib failed.
|
||||
if err != nil || homeDir == "" {
|
||||
homeDir = os.Getenv("HOME")
|
||||
}
|
||||
|
||||
switch goos {
|
||||
// Attempt to use the LOCALAPPDATA or APPDATA environment variable on
|
||||
// Windows.
|
||||
case "windows":
|
||||
// Windows XP and before didn't have a LOCALAPPDATA, so fallback
|
||||
// to regular APPDATA when LOCALAPPDATA is not set.
|
||||
appData := os.Getenv("LOCALAPPDATA")
|
||||
if roaming || appData == "" {
|
||||
appData = os.Getenv("APPDATA")
|
||||
}
|
||||
|
||||
if appData != "" {
|
||||
return filepath.Join(appData, appNameUpper)
|
||||
}
|
||||
|
||||
case "darwin":
|
||||
if homeDir != "" {
|
||||
return filepath.Join(homeDir, "Library",
|
||||
"Application Support", appNameUpper)
|
||||
}
|
||||
|
||||
case "plan9":
|
||||
if homeDir != "" {
|
||||
return filepath.Join(homeDir, appNameLower)
|
||||
}
|
||||
|
||||
default:
|
||||
if homeDir != "" {
|
||||
return filepath.Join(homeDir, "."+appNameLower)
|
||||
}
|
||||
}
|
||||
|
||||
// Fall back to the current directory if all else fails.
|
||||
return "."
|
||||
}
|
||||
|
||||
// AppDataDir returns an operating system specific directory to be used for
|
||||
// storing application data for an application.
|
||||
//
|
||||
// The appName parameter is the name of the application the data directory is
|
||||
// being requested for. This function will prepend a period to the appName for
|
||||
// POSIX style operating systems since that is standard practice. An empty
|
||||
// appName or one with a single dot is treated as requesting the current
|
||||
// directory so only "." will be returned. Further, the first character
|
||||
// of appName will be made lowercase for POSIX style operating systems and
|
||||
// uppercase for Mac and Windows since that is standard practice.
|
||||
//
|
||||
// The roaming parameter only applies to Windows where it specifies the roaming
|
||||
// application data profile (%APPDATA%) should be used instead of the local one
|
||||
// (%LOCALAPPDATA%) that is used by default.
|
||||
//
|
||||
// Example results:
|
||||
// dir := AppDataDir("myapp", false)
|
||||
// POSIX (Linux/BSD): ~/.myapp
|
||||
// Mac OS: $HOME/Library/Application Support/Myapp
|
||||
// Windows: %LOCALAPPDATA%\Myapp
|
||||
// Plan 9: $home/myapp
|
||||
func AppDataDir(appName string, roaming bool) string {
|
||||
return appDataDir(runtime.GOOS, appName, roaming)
|
||||
}
|
40
src/vendor/github.com/btcsuite/btcutil/base58/README.md
generated
vendored
Normal file
40
src/vendor/github.com/btcsuite/btcutil/base58/README.md
generated
vendored
Normal file
|
@ -0,0 +1,40 @@
|
|||
base58
|
||||
==========
|
||||
|
||||
[![Build Status](http://img.shields.io/travis/btcsuite/btcutil.svg)]
|
||||
(https://travis-ci.org/btcsuite/btcutil) [![ISC License]
|
||||
(http://img.shields.io/badge/license-ISC-blue.svg)](http://copyfree.org)
|
||||
[![GoDoc](https://godoc.org/github.com/btcsuite/btcutil/base58?status.png)]
|
||||
(http://godoc.org/github.com/btcsuite/btcutil/base58)
|
||||
|
||||
Package base58 provides an API for encoding and decoding to and from the
|
||||
modified base58 encoding. It also provides an API to do Base58Check encoding,
|
||||
as described [here](https://en.bitcoin.it/wiki/Base58Check_encoding).
|
||||
|
||||
A comprehensive suite of tests is provided to ensure proper functionality.
|
||||
|
||||
## Installation and Updating
|
||||
|
||||
```bash
|
||||
$ go get -u github.com/btcsuite/btcutil/base58
|
||||
```
|
||||
|
||||
## Examples
|
||||
|
||||
* [Decode Example]
|
||||
(http://godoc.org/github.com/btcsuite/btcutil/base58#example-Decode)
|
||||
Demonstrates how to decode modified base58 encoded data.
|
||||
* [Encode Example]
|
||||
(http://godoc.org/github.com/btcsuite/btcutil/base58#example-Encode)
|
||||
Demonstrates how to encode data using the modified base58 encoding scheme.
|
||||
* [CheckDecode Example]
|
||||
(http://godoc.org/github.com/btcsuite/btcutil/base58#example-CheckDecode)
|
||||
Demonstrates how to decode Base58Check encoded data.
|
||||
* [CheckEncode Example]
|
||||
(http://godoc.org/github.com/btcsuite/btcutil/base58#example-CheckEncode)
|
||||
Demonstrates how to encode data using the Base58Check encoding scheme.
|
||||
|
||||
## License
|
||||
|
||||
Package base58 is licensed under the [copyfree](http://copyfree.org) ISC
|
||||
License.
|
49
src/vendor/github.com/btcsuite/btcutil/base58/alphabet.go
generated
vendored
Normal file
49
src/vendor/github.com/btcsuite/btcutil/base58/alphabet.go
generated
vendored
Normal file
|
@ -0,0 +1,49 @@
|
|||
// Copyright (c) 2015 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// AUTOGENERATED by genalphabet.go; do not edit.
|
||||
|
||||
package base58
|
||||
|
||||
const (
|
||||
// alphabet is the modified base58 alphabet used by Bitcoin.
|
||||
alphabet = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"
|
||||
|
||||
alphabetIdx0 = '1'
|
||||
)
|
||||
|
||||
var b58 = [256]byte{
|
||||
255, 255, 255, 255, 255, 255, 255, 255,
|
||||
255, 255, 255, 255, 255, 255, 255, 255,
|
||||
255, 255, 255, 255, 255, 255, 255, 255,
|
||||
255, 255, 255, 255, 255, 255, 255, 255,
|
||||
255, 255, 255, 255, 255, 255, 255, 255,
|
||||
255, 255, 255, 255, 255, 255, 255, 255,
|
||||
255, 0, 1, 2, 3, 4, 5, 6,
|
||||
7, 8, 255, 255, 255, 255, 255, 255,
|
||||
255, 9, 10, 11, 12, 13, 14, 15,
|
||||
16, 255, 17, 18, 19, 20, 21, 255,
|
||||
22, 23, 24, 25, 26, 27, 28, 29,
|
||||
30, 31, 32, 255, 255, 255, 255, 255,
|
||||
255, 33, 34, 35, 36, 37, 38, 39,
|
||||
40, 41, 42, 43, 255, 44, 45, 46,
|
||||
47, 48, 49, 50, 51, 52, 53, 54,
|
||||
55, 56, 57, 255, 255, 255, 255, 255,
|
||||
255, 255, 255, 255, 255, 255, 255, 255,
|
||||
255, 255, 255, 255, 255, 255, 255, 255,
|
||||
255, 255, 255, 255, 255, 255, 255, 255,
|
||||
255, 255, 255, 255, 255, 255, 255, 255,
|
||||
255, 255, 255, 255, 255, 255, 255, 255,
|
||||
255, 255, 255, 255, 255, 255, 255, 255,
|
||||
255, 255, 255, 255, 255, 255, 255, 255,
|
||||
255, 255, 255, 255, 255, 255, 255, 255,
|
||||
255, 255, 255, 255, 255, 255, 255, 255,
|
||||
255, 255, 255, 255, 255, 255, 255, 255,
|
||||
255, 255, 255, 255, 255, 255, 255, 255,
|
||||
255, 255, 255, 255, 255, 255, 255, 255,
|
||||
255, 255, 255, 255, 255, 255, 255, 255,
|
||||
255, 255, 255, 255, 255, 255, 255, 255,
|
||||
255, 255, 255, 255, 255, 255, 255, 255,
|
||||
255, 255, 255, 255, 255, 255, 255, 255,
|
||||
}
|
75
src/vendor/github.com/btcsuite/btcutil/base58/base58.go
generated
vendored
Normal file
75
src/vendor/github.com/btcsuite/btcutil/base58/base58.go
generated
vendored
Normal file
|
@ -0,0 +1,75 @@
|
|||
// Copyright (c) 2013-2015 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package base58
|
||||
|
||||
import (
|
||||
"math/big"
|
||||
)
|
||||
|
||||
//go:generate go run genalphabet.go
|
||||
|
||||
var bigRadix = big.NewInt(58)
|
||||
var bigZero = big.NewInt(0)
|
||||
|
||||
// Decode decodes a modified base58 string to a byte slice.
|
||||
func Decode(b string) []byte {
|
||||
answer := big.NewInt(0)
|
||||
j := big.NewInt(1)
|
||||
|
||||
scratch := new(big.Int)
|
||||
for i := len(b) - 1; i >= 0; i-- {
|
||||
tmp := b58[b[i]]
|
||||
if tmp == 255 {
|
||||
return []byte("")
|
||||
}
|
||||
scratch.SetInt64(int64(tmp))
|
||||
scratch.Mul(j, scratch)
|
||||
answer.Add(answer, scratch)
|
||||
j.Mul(j, bigRadix)
|
||||
}
|
||||
|
||||
tmpval := answer.Bytes()
|
||||
|
||||
var numZeros int
|
||||
for numZeros = 0; numZeros < len(b); numZeros++ {
|
||||
if b[numZeros] != alphabetIdx0 {
|
||||
break
|
||||
}
|
||||
}
|
||||
flen := numZeros + len(tmpval)
|
||||
val := make([]byte, flen, flen)
|
||||
copy(val[numZeros:], tmpval)
|
||||
|
||||
return val
|
||||
}
|
||||
|
||||
// Encode encodes a byte slice to a modified base58 string.
|
||||
func Encode(b []byte) string {
|
||||
x := new(big.Int)
|
||||
x.SetBytes(b)
|
||||
|
||||
answer := make([]byte, 0, len(b)*136/100)
|
||||
for x.Cmp(bigZero) > 0 {
|
||||
mod := new(big.Int)
|
||||
x.DivMod(x, bigRadix, mod)
|
||||
answer = append(answer, alphabet[mod.Int64()])
|
||||
}
|
||||
|
||||
// leading zero bytes
|
||||
for _, i := range b {
|
||||
if i != 0 {
|
||||
break
|
||||
}
|
||||
answer = append(answer, alphabetIdx0)
|
||||
}
|
||||
|
||||
// reverse
|
||||
alen := len(answer)
|
||||
for i := 0; i < alen/2; i++ {
|
||||
answer[i], answer[alen-1-i] = answer[alen-1-i], answer[i]
|
||||
}
|
||||
|
||||
return string(answer)
|
||||
}
|
52
src/vendor/github.com/btcsuite/btcutil/base58/base58check.go
generated
vendored
Normal file
52
src/vendor/github.com/btcsuite/btcutil/base58/base58check.go
generated
vendored
Normal file
|
@ -0,0 +1,52 @@
|
|||
// Copyright (c) 2013-2014 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package base58
|
||||
|
||||
import (
|
||||
"crypto/sha256"
|
||||
"errors"
|
||||
)
|
||||
|
||||
// ErrChecksum indicates that the checksum of a check-encoded string does not verify against
|
||||
// the checksum.
|
||||
var ErrChecksum = errors.New("checksum error")
|
||||
|
||||
// ErrInvalidFormat indicates that the check-encoded string has an invalid format.
|
||||
var ErrInvalidFormat = errors.New("invalid format: version and/or checksum bytes missing")
|
||||
|
||||
// checksum: first four bytes of sha256^2
|
||||
func checksum(input []byte) (cksum [4]byte) {
|
||||
h := sha256.Sum256(input)
|
||||
h2 := sha256.Sum256(h[:])
|
||||
copy(cksum[:], h2[:4])
|
||||
return
|
||||
}
|
||||
|
||||
// CheckEncode prepends a version byte and appends a four byte checksum.
|
||||
func CheckEncode(input []byte, version byte) string {
|
||||
b := make([]byte, 0, 1+len(input)+4)
|
||||
b = append(b, version)
|
||||
b = append(b, input[:]...)
|
||||
cksum := checksum(b)
|
||||
b = append(b, cksum[:]...)
|
||||
return Encode(b)
|
||||
}
|
||||
|
||||
// CheckDecode decodes a string that was encoded with CheckEncode and verifies the checksum.
|
||||
func CheckDecode(input string) (result []byte, version byte, err error) {
|
||||
decoded := Decode(input)
|
||||
if len(decoded) < 5 {
|
||||
return nil, 0, ErrInvalidFormat
|
||||
}
|
||||
version = decoded[0]
|
||||
var cksum [4]byte
|
||||
copy(cksum[:], decoded[len(decoded)-4:])
|
||||
if checksum(decoded[:len(decoded)-4]) != cksum {
|
||||
return nil, 0, ErrChecksum
|
||||
}
|
||||
payload := decoded[1 : len(decoded)-4]
|
||||
result = append(result, payload...)
|
||||
return
|
||||
}
|
17
src/vendor/github.com/btcsuite/btcutil/base58/cov_report.sh
generated
vendored
Normal file
17
src/vendor/github.com/btcsuite/btcutil/base58/cov_report.sh
generated
vendored
Normal file
|
@ -0,0 +1,17 @@
|
|||
#!/bin/sh
|
||||
|
||||
# This script uses gocov to generate a test coverage report.
|
||||
# The gocov tool my be obtained with the following command:
|
||||
# go get github.com/axw/gocov/gocov
|
||||
#
|
||||
# It will be installed to $GOPATH/bin, so ensure that location is in your $PATH.
|
||||
|
||||
# Check for gocov.
|
||||
type gocov >/dev/null 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
echo >&2 "This script requires the gocov tool."
|
||||
echo >&2 "You may obtain it with the following command:"
|
||||
echo >&2 "go get github.com/axw/gocov/gocov"
|
||||
exit 1
|
||||
fi
|
||||
gocov test | gocov report
|
29
src/vendor/github.com/btcsuite/btcutil/base58/doc.go
generated
vendored
Normal file
29
src/vendor/github.com/btcsuite/btcutil/base58/doc.go
generated
vendored
Normal file
|
@ -0,0 +1,29 @@
|
|||
// Copyright (c) 2014 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
/*
|
||||
Package base58 provides an API for working with modified base58 and Base58Check
|
||||
encodings.
|
||||
|
||||
Modified Base58 Encoding
|
||||
|
||||
Standard base58 encoding is similar to standard base64 encoding except, as the
|
||||
name implies, it uses a 58 character alphabet which results in an alphanumeric
|
||||
string and allows some characters which are problematic for humans to be
|
||||
excluded. Due to this, there can be various base58 alphabets.
|
||||
|
||||
The modified base58 alphabet used by Bitcoin, and hence this package, omits the
|
||||
0, O, I, and l characters that look the same in many fonts and are therefore
|
||||
hard to humans to distinguish.
|
||||
|
||||
Base58Check Encoding Scheme
|
||||
|
||||
The Base58Check encoding scheme is primarily used for Bitcoin addresses at the
|
||||
time of this writing, however it can be used to generically encode arbitrary
|
||||
byte arrays into human-readable strings along with a version byte that can be
|
||||
used to differentiate the same payload. For Bitcoin addresses, the extra
|
||||
version is used to differentiate the network of otherwise identical public keys
|
||||
which helps prevent using an address intended for one network on another.
|
||||
*/
|
||||
package base58
|
79
src/vendor/github.com/btcsuite/btcutil/base58/genalphabet.go
generated
vendored
Normal file
79
src/vendor/github.com/btcsuite/btcutil/base58/genalphabet.go
generated
vendored
Normal file
|
@ -0,0 +1,79 @@
|
|||
// Copyright (c) 2015 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
//+build ignore
|
||||
|
||||
package main
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"io"
|
||||
"log"
|
||||
"os"
|
||||
"strconv"
|
||||
)
|
||||
|
||||
var (
|
||||
start = []byte(`// Copyright (c) 2015 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// AUTOGENERATED by genalphabet.go; do not edit.
|
||||
|
||||
package base58
|
||||
|
||||
const (
|
||||
// alphabet is the modified base58 alphabet used by Bitcoin.
|
||||
alphabet = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"
|
||||
|
||||
alphabetIdx0 = '1'
|
||||
)
|
||||
|
||||
var b58 = [256]byte{`)
|
||||
|
||||
end = []byte(`}`)
|
||||
|
||||
alphabet = []byte("123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz")
|
||||
tab = []byte("\t")
|
||||
invalid = []byte("255")
|
||||
comma = []byte(",")
|
||||
space = []byte(" ")
|
||||
nl = []byte("\n")
|
||||
)
|
||||
|
||||
func write(w io.Writer, b []byte) {
|
||||
_, err := w.Write(b)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
}
|
||||
|
||||
func main() {
|
||||
fi, err := os.Create("alphabet.go")
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
defer fi.Close()
|
||||
|
||||
write(fi, start)
|
||||
write(fi, nl)
|
||||
for i := byte(0); i < 32; i++ {
|
||||
write(fi, tab)
|
||||
for j := byte(0); j < 8; j++ {
|
||||
idx := bytes.IndexByte(alphabet, i*8+j)
|
||||
if idx == -1 {
|
||||
write(fi, invalid)
|
||||
} else {
|
||||
write(fi, strconv.AppendInt(nil, int64(idx), 10))
|
||||
}
|
||||
write(fi, comma)
|
||||
if j != 7 {
|
||||
write(fi, space)
|
||||
}
|
||||
}
|
||||
write(fi, nl)
|
||||
}
|
||||
write(fi, end)
|
||||
write(fi, nl)
|
||||
}
|
243
src/vendor/github.com/btcsuite/btcutil/block.go
generated
vendored
Normal file
243
src/vendor/github.com/btcsuite/btcutil/block.go
generated
vendored
Normal file
|
@ -0,0 +1,243 @@
|
|||
// Copyright (c) 2013-2016 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package btcutil
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"fmt"
|
||||
"io"
|
||||
|
||||
"github.com/btcsuite/btcd/chaincfg/chainhash"
|
||||
"github.com/btcsuite/btcd/wire"
|
||||
)
|
||||
|
||||
// OutOfRangeError describes an error due to accessing an element that is out
|
||||
// of range.
|
||||
type OutOfRangeError string
|
||||
|
||||
// BlockHeightUnknown is the value returned for a block height that is unknown.
|
||||
// This is typically because the block has not been inserted into the main chain
|
||||
// yet.
|
||||
const BlockHeightUnknown = int32(-1)
|
||||
|
||||
// Error satisfies the error interface and prints human-readable errors.
|
||||
func (e OutOfRangeError) Error() string {
|
||||
return string(e)
|
||||
}
|
||||
|
||||
// Block defines a bitcoin block that provides easier and more efficient
|
||||
// manipulation of raw blocks. It also memoizes hashes for the block and its
|
||||
// transactions on their first access so subsequent accesses don't have to
|
||||
// repeat the relatively expensive hashing operations.
|
||||
type Block struct {
|
||||
msgBlock *wire.MsgBlock // Underlying MsgBlock
|
||||
serializedBlock []byte // Serialized bytes for the block
|
||||
blockHash *chainhash.Hash // Cached block hash
|
||||
blockHeight int32 // Height in the main block chain
|
||||
transactions []*Tx // Transactions
|
||||
txnsGenerated bool // ALL wrapped transactions generated
|
||||
}
|
||||
|
||||
// MsgBlock returns the underlying wire.MsgBlock for the Block.
|
||||
func (b *Block) MsgBlock() *wire.MsgBlock {
|
||||
// Return the cached block.
|
||||
return b.msgBlock
|
||||
}
|
||||
|
||||
// Bytes returns the serialized bytes for the Block. This is equivalent to
|
||||
// calling Serialize on the underlying wire.MsgBlock, however it caches the
|
||||
// result so subsequent calls are more efficient.
|
||||
func (b *Block) Bytes() ([]byte, error) {
|
||||
// Return the cached serialized bytes if it has already been generated.
|
||||
if len(b.serializedBlock) != 0 {
|
||||
return b.serializedBlock, nil
|
||||
}
|
||||
|
||||
// Serialize the MsgBlock.
|
||||
var w bytes.Buffer
|
||||
err := b.msgBlock.Serialize(&w)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
serializedBlock := w.Bytes()
|
||||
|
||||
// Cache the serialized bytes and return them.
|
||||
b.serializedBlock = serializedBlock
|
||||
return serializedBlock, nil
|
||||
}
|
||||
|
||||
// Hash returns the block identifier hash for the Block. This is equivalent to
|
||||
// calling BlockHash on the underlying wire.MsgBlock, however it caches the
|
||||
// result so subsequent calls are more efficient.
|
||||
func (b *Block) Hash() *chainhash.Hash {
|
||||
// Return the cached block hash if it has already been generated.
|
||||
if b.blockHash != nil {
|
||||
return b.blockHash
|
||||
}
|
||||
|
||||
// Cache the block hash and return it.
|
||||
hash := b.msgBlock.BlockHash()
|
||||
b.blockHash = &hash
|
||||
return &hash
|
||||
}
|
||||
|
||||
// Tx returns a wrapped transaction (btcutil.Tx) for the transaction at the
|
||||
// specified index in the Block. The supplied index is 0 based. That is to
|
||||
// say, the first transaction in the block is txNum 0. This is nearly
|
||||
// equivalent to accessing the raw transaction (wire.MsgTx) from the
|
||||
// underlying wire.MsgBlock, however the wrapped transaction has some helpful
|
||||
// properties such as caching the hash so subsequent calls are more efficient.
|
||||
func (b *Block) Tx(txNum int) (*Tx, error) {
|
||||
// Ensure the requested transaction is in range.
|
||||
numTx := uint64(len(b.msgBlock.Transactions))
|
||||
if txNum < 0 || uint64(txNum) > numTx {
|
||||
str := fmt.Sprintf("transaction index %d is out of range - max %d",
|
||||
txNum, numTx-1)
|
||||
return nil, OutOfRangeError(str)
|
||||
}
|
||||
|
||||
// Generate slice to hold all of the wrapped transactions if needed.
|
||||
if len(b.transactions) == 0 {
|
||||
b.transactions = make([]*Tx, numTx)
|
||||
}
|
||||
|
||||
// Return the wrapped transaction if it has already been generated.
|
||||
if b.transactions[txNum] != nil {
|
||||
return b.transactions[txNum], nil
|
||||
}
|
||||
|
||||
// Generate and cache the wrapped transaction and return it.
|
||||
newTx := NewTx(b.msgBlock.Transactions[txNum])
|
||||
newTx.SetIndex(txNum)
|
||||
b.transactions[txNum] = newTx
|
||||
return newTx, nil
|
||||
}
|
||||
|
||||
// Transactions returns a slice of wrapped transactions (btcutil.Tx) for all
|
||||
// transactions in the Block. This is nearly equivalent to accessing the raw
|
||||
// transactions (wire.MsgTx) in the underlying wire.MsgBlock, however it
|
||||
// instead provides easy access to wrapped versions (btcutil.Tx) of them.
|
||||
func (b *Block) Transactions() []*Tx {
|
||||
// Return transactions if they have ALL already been generated. This
|
||||
// flag is necessary because the wrapped transactions are lazily
|
||||
// generated in a sparse fashion.
|
||||
if b.txnsGenerated {
|
||||
return b.transactions
|
||||
}
|
||||
|
||||
// Generate slice to hold all of the wrapped transactions if needed.
|
||||
if len(b.transactions) == 0 {
|
||||
b.transactions = make([]*Tx, len(b.msgBlock.Transactions))
|
||||
}
|
||||
|
||||
// Generate and cache the wrapped transactions for all that haven't
|
||||
// already been done.
|
||||
for i, tx := range b.transactions {
|
||||
if tx == nil {
|
||||
newTx := NewTx(b.msgBlock.Transactions[i])
|
||||
newTx.SetIndex(i)
|
||||
b.transactions[i] = newTx
|
||||
}
|
||||
}
|
||||
|
||||
b.txnsGenerated = true
|
||||
return b.transactions
|
||||
}
|
||||
|
||||
// TxHash returns the hash for the requested transaction number in the Block.
|
||||
// The supplied index is 0 based. That is to say, the first transaction in the
|
||||
// block is txNum 0. This is equivalent to calling TxHash on the underlying
|
||||
// wire.MsgTx, however it caches the result so subsequent calls are more
|
||||
// efficient.
|
||||
func (b *Block) TxHash(txNum int) (*chainhash.Hash, error) {
|
||||
// Attempt to get a wrapped transaction for the specified index. It
|
||||
// will be created lazily if needed or simply return the cached version
|
||||
// if it has already been generated.
|
||||
tx, err := b.Tx(txNum)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Defer to the wrapped transaction which will return the cached hash if
|
||||
// it has already been generated.
|
||||
return tx.Hash(), nil
|
||||
}
|
||||
|
||||
// TxLoc returns the offsets and lengths of each transaction in a raw block.
|
||||
// It is used to allow fast indexing into transactions within the raw byte
|
||||
// stream.
|
||||
func (b *Block) TxLoc() ([]wire.TxLoc, error) {
|
||||
rawMsg, err := b.Bytes()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
rbuf := bytes.NewBuffer(rawMsg)
|
||||
|
||||
var mblock wire.MsgBlock
|
||||
txLocs, err := mblock.DeserializeTxLoc(rbuf)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return txLocs, err
|
||||
}
|
||||
|
||||
// Height returns the saved height of the block in the block chain. This value
|
||||
// will be BlockHeightUnknown if it hasn't already explicitly been set.
|
||||
func (b *Block) Height() int32 {
|
||||
return b.blockHeight
|
||||
}
|
||||
|
||||
// SetHeight sets the height of the block in the block chain.
|
||||
func (b *Block) SetHeight(height int32) {
|
||||
b.blockHeight = height
|
||||
}
|
||||
|
||||
// NewBlock returns a new instance of a bitcoin block given an underlying
|
||||
// wire.MsgBlock. See Block.
|
||||
func NewBlock(msgBlock *wire.MsgBlock) *Block {
|
||||
return &Block{
|
||||
msgBlock: msgBlock,
|
||||
blockHeight: BlockHeightUnknown,
|
||||
}
|
||||
}
|
||||
|
||||
// NewBlockFromBytes returns a new instance of a bitcoin block given the
|
||||
// serialized bytes. See Block.
|
||||
func NewBlockFromBytes(serializedBlock []byte) (*Block, error) {
|
||||
br := bytes.NewReader(serializedBlock)
|
||||
b, err := NewBlockFromReader(br)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
b.serializedBlock = serializedBlock
|
||||
return b, nil
|
||||
}
|
||||
|
||||
// NewBlockFromReader returns a new instance of a bitcoin block given a
|
||||
// Reader to deserialize the block. See Block.
|
||||
func NewBlockFromReader(r io.Reader) (*Block, error) {
|
||||
// Deserialize the bytes into a MsgBlock.
|
||||
var msgBlock wire.MsgBlock
|
||||
err := msgBlock.Deserialize(r)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
b := Block{
|
||||
msgBlock: &msgBlock,
|
||||
blockHeight: BlockHeightUnknown,
|
||||
}
|
||||
return &b, nil
|
||||
}
|
||||
|
||||
// NewBlockFromBlockAndBytes returns a new instance of a bitcoin block given
|
||||
// an underlying wire.MsgBlock and the serialized bytes for it. See Block.
|
||||
func NewBlockFromBlockAndBytes(msgBlock *wire.MsgBlock, serializedBlock []byte) *Block {
|
||||
return &Block{
|
||||
msgBlock: msgBlock,
|
||||
serializedBlock: serializedBlock,
|
||||
blockHeight: BlockHeightUnknown,
|
||||
}
|
||||
}
|
144
src/vendor/github.com/btcsuite/btcutil/certgen.go
generated
vendored
Normal file
144
src/vendor/github.com/btcsuite/btcutil/certgen.go
generated
vendored
Normal file
|
@ -0,0 +1,144 @@
|
|||
// Copyright (c) 2013-2015 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package btcutil
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto/ecdsa"
|
||||
"crypto/elliptic"
|
||||
"crypto/rand"
|
||||
_ "crypto/sha512" // Needed for RegisterHash in init
|
||||
"crypto/x509"
|
||||
"crypto/x509/pkix"
|
||||
"encoding/pem"
|
||||
"errors"
|
||||
"fmt"
|
||||
"math/big"
|
||||
"net"
|
||||
"os"
|
||||
"time"
|
||||
)
|
||||
|
||||
// NewTLSCertPair returns a new PEM-encoded x.509 certificate pair
|
||||
// based on a 521-bit ECDSA private key. The machine's local interface
|
||||
// addresses and all variants of IPv4 and IPv6 localhost are included as
|
||||
// valid IP addresses.
|
||||
func NewTLSCertPair(organization string, validUntil time.Time, extraHosts []string) (cert, key []byte, err error) {
|
||||
now := time.Now()
|
||||
if validUntil.Before(now) {
|
||||
return nil, nil, errors.New("validUntil would create an already-expired certificate")
|
||||
}
|
||||
|
||||
priv, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
// end of ASN.1 time
|
||||
endOfTime := time.Date(2049, 12, 31, 23, 59, 59, 0, time.UTC)
|
||||
if validUntil.After(endOfTime) {
|
||||
validUntil = endOfTime
|
||||
}
|
||||
|
||||
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
|
||||
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
|
||||
if err != nil {
|
||||
return nil, nil, fmt.Errorf("failed to generate serial number: %s", err)
|
||||
}
|
||||
|
||||
host, err := os.Hostname()
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
ipAddresses := []net.IP{net.ParseIP("127.0.0.1"), net.ParseIP("::1")}
|
||||
dnsNames := []string{host}
|
||||
if host != "localhost" {
|
||||
dnsNames = append(dnsNames, "localhost")
|
||||
}
|
||||
|
||||
addIP := func(ipAddr net.IP) {
|
||||
for _, ip := range ipAddresses {
|
||||
if bytes.Equal(ip, ipAddr) {
|
||||
return
|
||||
}
|
||||
}
|
||||
ipAddresses = append(ipAddresses, ipAddr)
|
||||
}
|
||||
addHost := func(host string) {
|
||||
for _, dnsName := range dnsNames {
|
||||
if host == dnsName {
|
||||
return
|
||||
}
|
||||
}
|
||||
dnsNames = append(dnsNames, host)
|
||||
}
|
||||
|
||||
addrs, err := interfaceAddrs()
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
for _, a := range addrs {
|
||||
ipAddr, _, err := net.ParseCIDR(a.String())
|
||||
if err == nil {
|
||||
addIP(ipAddr)
|
||||
}
|
||||
}
|
||||
|
||||
for _, hostStr := range extraHosts {
|
||||
host, _, err := net.SplitHostPort(hostStr)
|
||||
if err != nil {
|
||||
host = hostStr
|
||||
}
|
||||
if ip := net.ParseIP(host); ip != nil {
|
||||
addIP(ip)
|
||||
} else {
|
||||
addHost(host)
|
||||
}
|
||||
}
|
||||
|
||||
template := x509.Certificate{
|
||||
SerialNumber: serialNumber,
|
||||
Subject: pkix.Name{
|
||||
Organization: []string{organization},
|
||||
CommonName: host,
|
||||
},
|
||||
NotBefore: now.Add(-time.Hour * 24),
|
||||
NotAfter: validUntil,
|
||||
|
||||
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature |
|
||||
x509.KeyUsageCertSign,
|
||||
IsCA: true, // so can sign self.
|
||||
BasicConstraintsValid: true,
|
||||
|
||||
DNSNames: dnsNames,
|
||||
IPAddresses: ipAddresses,
|
||||
}
|
||||
|
||||
derBytes, err := x509.CreateCertificate(rand.Reader, &template,
|
||||
&template, &priv.PublicKey, priv)
|
||||
if err != nil {
|
||||
return nil, nil, fmt.Errorf("failed to create certificate: %v", err)
|
||||
}
|
||||
|
||||
certBuf := &bytes.Buffer{}
|
||||
err = pem.Encode(certBuf, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
|
||||
if err != nil {
|
||||
return nil, nil, fmt.Errorf("failed to encode certificate: %v", err)
|
||||
}
|
||||
|
||||
keybytes, err := x509.MarshalECPrivateKey(priv)
|
||||
if err != nil {
|
||||
return nil, nil, fmt.Errorf("failed to marshal private key: %v", err)
|
||||
}
|
||||
|
||||
keyBuf := &bytes.Buffer{}
|
||||
err = pem.Encode(keyBuf, &pem.Block{Type: "EC PRIVATE KEY", Bytes: keybytes})
|
||||
if err != nil {
|
||||
return nil, nil, fmt.Errorf("failed to encode private key: %v", err)
|
||||
}
|
||||
|
||||
return certBuf.Bytes(), keyBuf.Bytes(), nil
|
||||
}
|
16
src/vendor/github.com/btcsuite/btcutil/const.go
generated
vendored
Normal file
16
src/vendor/github.com/btcsuite/btcutil/const.go
generated
vendored
Normal file
|
@ -0,0 +1,16 @@
|
|||
// Copyright (c) 2013-2014 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package btcutil
|
||||
|
||||
const (
|
||||
// SatoshiPerBitcent is the number of satoshi in one bitcoin cent.
|
||||
SatoshiPerBitcent = 1e6
|
||||
|
||||
// SatoshiPerBitcoin is the number of satoshi in one bitcoin (1 BTC).
|
||||
SatoshiPerBitcoin = 1e8
|
||||
|
||||
// MaxSatoshi is the maximum transaction amount allowed in satoshi.
|
||||
MaxSatoshi = 21e6 * SatoshiPerBitcoin
|
||||
)
|
17
src/vendor/github.com/btcsuite/btcutil/cov_report.sh
generated
vendored
Normal file
17
src/vendor/github.com/btcsuite/btcutil/cov_report.sh
generated
vendored
Normal file
|
@ -0,0 +1,17 @@
|
|||
#!/bin/sh
|
||||
|
||||
# This script uses gocov to generate a test coverage report.
|
||||
# The gocov tool my be obtained with the following command:
|
||||
# go get github.com/axw/gocov/gocov
|
||||
#
|
||||
# It will be installed to $GOPATH/bin, so ensure that location is in your $PATH.
|
||||
|
||||
# Check for gocov.
|
||||
type gocov >/dev/null 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
echo >&2 "This script requires the gocov tool."
|
||||
echo >&2 "You may obtain it with the following command:"
|
||||
echo >&2 "go get github.com/axw/gocov/gocov"
|
||||
exit 1
|
||||
fi
|
||||
gocov test | gocov report
|
46
src/vendor/github.com/btcsuite/btcutil/doc.go
generated
vendored
Normal file
46
src/vendor/github.com/btcsuite/btcutil/doc.go
generated
vendored
Normal file
|
@ -0,0 +1,46 @@
|
|||
// Copyright (c) 2013-2014 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
/*
|
||||
Package btcutil provides bitcoin-specific convenience functions and types.
|
||||
|
||||
Block Overview
|
||||
|
||||
A Block defines a bitcoin block that provides easier and more efficient
|
||||
manipulation of raw wire protocol blocks. It also memoizes hashes for the
|
||||
block and its transactions on their first access so subsequent accesses don't
|
||||
have to repeat the relatively expensive hashing operations.
|
||||
|
||||
Tx Overview
|
||||
|
||||
A Tx defines a bitcoin transaction that provides more efficient manipulation of
|
||||
raw wire protocol transactions. It memoizes the hash for the transaction on its
|
||||
first access so subsequent accesses don't have to repeat the relatively
|
||||
expensive hashing operations.
|
||||
|
||||
Address Overview
|
||||
|
||||
The Address interface provides an abstraction for a Bitcoin address. While the
|
||||
most common type is a pay-to-pubkey-hash, Bitcoin already supports others and
|
||||
may well support more in the future. This package currently provides
|
||||
implementations for the pay-to-pubkey, pay-to-pubkey-hash, and
|
||||
pay-to-script-hash address types.
|
||||
|
||||
To decode/encode an address:
|
||||
|
||||
// NOTE: The default network is only used for address types which do not
|
||||
// already contain that information. At this time, that is only
|
||||
// pay-to-pubkey addresses.
|
||||
addrString := "04678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962" +
|
||||
"e0ea1f61deb649f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d57" +
|
||||
"8a4c702b6bf11d5f"
|
||||
defaultNet := &chaincfg.MainNetParams
|
||||
addr, err := btcutil.DecodeAddress(addrString, defaultNet)
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
return
|
||||
}
|
||||
fmt.Println(addr.EncodeAddress())
|
||||
*/
|
||||
package btcutil
|
38
src/vendor/github.com/btcsuite/btcutil/goclean.sh
generated
vendored
Executable file
38
src/vendor/github.com/btcsuite/btcutil/goclean.sh
generated
vendored
Executable file
|
@ -0,0 +1,38 @@
|
|||
#!/bin/bash
|
||||
# The script does automatic checking on a Go package and its sub-packages, including:
|
||||
# 1. gofmt (http://golang.org/cmd/gofmt/)
|
||||
# 2. goimports (https://github.com/bradfitz/goimports)
|
||||
# 3. golint (https://github.com/golang/lint)
|
||||
# 4. go vet (http://golang.org/cmd/vet)
|
||||
# 5. test coverage (http://blog.golang.org/cover)
|
||||
|
||||
set -e
|
||||
|
||||
# Automatic checks
|
||||
test -z "$(gofmt -l -w . | tee /dev/stderr)"
|
||||
test -z "$(goimports -l -w . | tee /dev/stderr)"
|
||||
test -z "$(golint . | tee /dev/stderr)"
|
||||
go vet ./...
|
||||
env GORACE="halt_on_error=1" go test -v -race ./...
|
||||
|
||||
# Run test coverage on each subdirectories and merge the coverage profile.
|
||||
|
||||
echo "mode: count" > profile.cov
|
||||
|
||||
# Standard go tooling behavior is to ignore dirs with leading underscores.
|
||||
for dir in $(find . -maxdepth 10 -not -path './.git*' -not -path '*/_*' -type d);
|
||||
do
|
||||
if ls $dir/*.go &> /dev/null; then
|
||||
go test -covermode=count -coverprofile=$dir/profile.tmp $dir
|
||||
if [ -f $dir/profile.tmp ]; then
|
||||
cat $dir/profile.tmp | tail -n +2 >> profile.cov
|
||||
rm $dir/profile.tmp
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
go tool cover -func profile.cov
|
||||
|
||||
# To submit the test coverage result to coveralls.io,
|
||||
# use goveralls (https://github.com/mattn/goveralls)
|
||||
# goveralls -coverprofile=profile.cov -service=travis-ci
|
23
src/vendor/github.com/btcsuite/btcutil/hash160.go
generated
vendored
Normal file
23
src/vendor/github.com/btcsuite/btcutil/hash160.go
generated
vendored
Normal file
|
@ -0,0 +1,23 @@
|
|||
// Copyright (c) 2013-2014 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package btcutil
|
||||
|
||||
import (
|
||||
"hash"
|
||||
|
||||
"github.com/btcsuite/fastsha256"
|
||||
"github.com/btcsuite/golangcrypto/ripemd160"
|
||||
)
|
||||
|
||||
// Calculate the hash of hasher over buf.
|
||||
func calcHash(buf []byte, hasher hash.Hash) []byte {
|
||||
hasher.Write(buf)
|
||||
return hasher.Sum(nil)
|
||||
}
|
||||
|
||||
// Hash160 calculates the hash ripemd160(sha256(b)).
|
||||
func Hash160(buf []byte) []byte {
|
||||
return calcHash(calcHash(buf, fastsha256.New()), ripemd160.New())
|
||||
}
|
64
src/vendor/github.com/btcsuite/btcutil/hdkeychain/README.md
generated
vendored
Normal file
64
src/vendor/github.com/btcsuite/btcutil/hdkeychain/README.md
generated
vendored
Normal file
|
@ -0,0 +1,64 @@
|
|||
hdkeychain
|
||||
==========
|
||||
|
||||
[![Build Status](http://img.shields.io/travis/btcsuite/btcutil.svg)]
|
||||
(https://travis-ci.org/btcsuite/btcutil) [![ISC License]
|
||||
(http://img.shields.io/badge/license-ISC-blue.svg)](http://copyfree.org)
|
||||
[![GoDoc](http://img.shields.io/badge/godoc-reference-blue.svg)]
|
||||
(http://godoc.org/github.com/btcsuite/btcutil/hdkeychain)
|
||||
|
||||
Package hdkeychain provides an API for bitcoin hierarchical deterministic
|
||||
extended keys (BIP0032).
|
||||
|
||||
A comprehensive suite of tests is provided to ensure proper functionality. See
|
||||
`test_coverage.txt` for the gocov coverage report. Alternatively, if you are
|
||||
running a POSIX OS, you can run the `cov_report.sh` script for a real-time
|
||||
report.
|
||||
|
||||
## Feature Overview
|
||||
|
||||
- Full BIP0032 implementation
|
||||
- Single type for private and public extended keys
|
||||
- Convenient cryptograpically secure seed generation
|
||||
- Simple creation of master nodes
|
||||
- Support for multi-layer derivation
|
||||
- Easy serialization and deserialization for both private and public extended
|
||||
keys
|
||||
- Support for custom networks by registering them with chaincfg
|
||||
- Obtaining the underlying EC pubkeys, EC privkeys, and associated bitcoin
|
||||
addresses ties in seamlessly with existing btcec and btcutil types which
|
||||
provide powerful tools for working with them to do things like sign
|
||||
transations and generate payment scripts
|
||||
- Uses the btcec package which is highly optimized for secp256k1
|
||||
- Code examples including:
|
||||
- Generating a cryptographically secure random seed and deriving a
|
||||
master node from it
|
||||
- Default HD wallet layout as described by BIP0032
|
||||
- Audits use case as described by BIP0032
|
||||
- Comprehensive test coverage including the BIP0032 test vectors
|
||||
- Benchmarks
|
||||
|
||||
## Installation and Updating
|
||||
|
||||
```bash
|
||||
$ go get -u github.com/btcsuite/btcutil/hdkeychain
|
||||
```
|
||||
|
||||
## Examples
|
||||
|
||||
* [NewMaster Example]
|
||||
(http://godoc.org/github.com/btcsuite/btcutil/hdkeychain#example-NewMaster)
|
||||
Demonstrates how to generate a cryptographically random seed then use it to
|
||||
create a new master node (extended key).
|
||||
* [Default Wallet Layout Example]
|
||||
(http://godoc.org/github.com/btcsuite/btcutil/hdkeychain#example-package--DefaultWalletLayout)
|
||||
Demonstrates the default hierarchical deterministic wallet layout as described
|
||||
in BIP0032.
|
||||
* [Audits Use Case Example]
|
||||
(http://godoc.org/github.com/btcsuite/btcutil/hdkeychain#example-package--Audits)
|
||||
Demonstrates the audits use case in BIP0032.
|
||||
|
||||
## License
|
||||
|
||||
Package hdkeychain is licensed under the [copyfree](http://copyfree.org) ISC
|
||||
License.
|
17
src/vendor/github.com/btcsuite/btcutil/hdkeychain/cov_report.sh
generated
vendored
Normal file
17
src/vendor/github.com/btcsuite/btcutil/hdkeychain/cov_report.sh
generated
vendored
Normal file
|
@ -0,0 +1,17 @@
|
|||
#!/bin/sh
|
||||
|
||||
# This script uses gocov to generate a test coverage report.
|
||||
# The gocov tool my be obtained with the following command:
|
||||
# go get github.com/axw/gocov/gocov
|
||||
#
|
||||
# It will be installed to $GOPATH/bin, so ensure that location is in your $PATH.
|
||||
|
||||
# Check for gocov.
|
||||
type gocov >/dev/null 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
echo >&2 "This script requires the gocov tool."
|
||||
echo >&2 "You may obtain it with the following command:"
|
||||
echo >&2 "go get github.com/axw/gocov/gocov"
|
||||
exit 1
|
||||
fi
|
||||
gocov test | gocov report
|
84
src/vendor/github.com/btcsuite/btcutil/hdkeychain/doc.go
generated
vendored
Normal file
84
src/vendor/github.com/btcsuite/btcutil/hdkeychain/doc.go
generated
vendored
Normal file
|
@ -0,0 +1,84 @@
|
|||
// Copyright (c) 2014 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
/*
|
||||
Package hdkeychain provides an API for bitcoin hierarchical deterministic
|
||||
extended keys (BIP0032).
|
||||
|
||||
Overview
|
||||
|
||||
The ability to implement hierarchical deterministic wallets depends on the
|
||||
ability to create and derive hierarchical deterministic extended keys.
|
||||
|
||||
At a high level, this package provides support for those hierarchical
|
||||
deterministic extended keys by providing an ExtendedKey type and supporting
|
||||
functions. Each extended key can either be a private or public extended key
|
||||
which itself is capable of deriving a child extended key.
|
||||
|
||||
Determining the Extended Key Type
|
||||
|
||||
Whether an extended key is a private or public extended key can be determined
|
||||
with the IsPrivate function.
|
||||
|
||||
Transaction Signing Keys and Payment Addresses
|
||||
|
||||
In order to create and sign transactions, or provide others with addresses to
|
||||
send funds to, the underlying key and address material must be accessible. This
|
||||
package provides the ECPubKey, ECPrivKey, and Address functions for this
|
||||
purpose.
|
||||
|
||||
The Master Node
|
||||
|
||||
As previously mentioned, the extended keys are hierarchical meaning they are
|
||||
used to form a tree. The root of that tree is called the master node and this
|
||||
package provides the NewMaster function to create it from a cryptographically
|
||||
random seed. The GenerateSeed function is provided as a convenient way to
|
||||
create a random seed for use with the NewMaster function.
|
||||
|
||||
Deriving Children
|
||||
|
||||
Once you have created a tree root (or have deserialized an extended key as
|
||||
discussed later), the child extended keys can be derived by using the Child
|
||||
function. The Child function supports deriving both normal (non-hardened) and
|
||||
hardened child extended keys. In order to derive a hardened extended key, use
|
||||
the HardenedKeyStart constant + the hardened key number as the index to the
|
||||
Child function. This provides the ability to cascade the keys into a tree and
|
||||
hence generate the hierarchical deterministic key chains.
|
||||
|
||||
Normal vs Hardened Child Extended Keys
|
||||
|
||||
A private extended key can be used to derive both hardened and non-hardened
|
||||
(normal) child private and public extended keys. A public extended key can only
|
||||
be used to derive non-hardened child public extended keys. As enumerated in
|
||||
BIP0032 "knowledge of the extended public key plus any non-hardened private key
|
||||
descending from it is equivalent to knowing the extended private key (and thus
|
||||
every private and public key descending from it). This means that extended
|
||||
public keys must be treated more carefully than regular public keys. It is also
|
||||
the reason for the existence of hardened keys, and why they are used for the
|
||||
account level in the tree. This way, a leak of an account-specific (or below)
|
||||
private key never risks compromising the master or other accounts."
|
||||
|
||||
Neutering a Private Extended Key
|
||||
|
||||
A private extended key can be converted to a new instance of the corresponding
|
||||
public extended key with the Neuter function. The original extended key is not
|
||||
modified. A public extended key is still capable of deriving non-hardened child
|
||||
public extended keys.
|
||||
|
||||
Serializing and Deserializing Extended Keys
|
||||
|
||||
Extended keys are serialized and deserialized with the String and
|
||||
NewKeyFromString functions. The serialized key is a Base58-encoded string which
|
||||
looks like the following:
|
||||
public key: xpub68Gmy5EdvgibQVfPdqkBBCHxA5htiqg55crXYuXoQRKfDBFA1WEjWgP6LHhwBZeNK1VTsfTFUHCdrfp1bgwQ9xv5ski8PX9rL2dZXvgGDnw
|
||||
private key: xprv9uHRZZhk6KAJC1avXpDAp4MDc3sQKNxDiPvvkX8Br5ngLNv1TxvUxt4cV1rGL5hj6KCesnDYUhd7oWgT11eZG7XnxHrnYeSvkzY7d2bhkJ7
|
||||
|
||||
Network
|
||||
|
||||
Extended keys are much like normal Bitcoin addresses in that they have version
|
||||
bytes which tie them to a specific network. The SetNet and IsForNet functions
|
||||
are provided to set and determinine which network an extended key is associated
|
||||
with.
|
||||
*/
|
||||
package hdkeychain
|
555
src/vendor/github.com/btcsuite/btcutil/hdkeychain/extendedkey.go
generated
vendored
Normal file
555
src/vendor/github.com/btcsuite/btcutil/hdkeychain/extendedkey.go
generated
vendored
Normal file
|
@ -0,0 +1,555 @@
|
|||
// Copyright (c) 2014-2016 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package hdkeychain
|
||||
|
||||
// References:
|
||||
// [BIP32]: BIP0032 - Hierarchical Deterministic Wallets
|
||||
// https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto/hmac"
|
||||
"crypto/rand"
|
||||
"crypto/sha512"
|
||||
"encoding/binary"
|
||||
"errors"
|
||||
"fmt"
|
||||
"math/big"
|
||||
|
||||
"github.com/btcsuite/btcd/btcec"
|
||||
"github.com/btcsuite/btcd/chaincfg"
|
||||
"github.com/btcsuite/btcd/chaincfg/chainhash"
|
||||
"github.com/btcsuite/btcutil"
|
||||
"github.com/btcsuite/btcutil/base58"
|
||||
)
|
||||
|
||||
const (
|
||||
// RecommendedSeedLen is the recommended length in bytes for a seed
|
||||
// to a master node.
|
||||
RecommendedSeedLen = 32 // 256 bits
|
||||
|
||||
// HardenedKeyStart is the index at which a hardended key starts. Each
|
||||
// extended key has 2^31 normal child keys and 2^31 hardned child keys.
|
||||
// Thus the range for normal child keys is [0, 2^31 - 1] and the range
|
||||
// for hardened child keys is [2^31, 2^32 - 1].
|
||||
HardenedKeyStart = 0x80000000 // 2^31
|
||||
|
||||
// MinSeedBytes is the minimum number of bytes allowed for a seed to
|
||||
// a master node.
|
||||
MinSeedBytes = 16 // 128 bits
|
||||
|
||||
// MaxSeedBytes is the maximum number of bytes allowed for a seed to
|
||||
// a master node.
|
||||
MaxSeedBytes = 64 // 512 bits
|
||||
|
||||
// serializedKeyLen is the length of a serialized public or private
|
||||
// extended key. It consists of 4 bytes version, 1 byte depth, 4 bytes
|
||||
// fingerprint, 4 bytes child number, 32 bytes chain code, and 33 bytes
|
||||
// public/private key data.
|
||||
serializedKeyLen = 4 + 1 + 4 + 4 + 32 + 33 // 78 bytes
|
||||
)
|
||||
|
||||
var (
|
||||
// ErrDeriveHardFromPublic describes an error in which the caller
|
||||
// attempted to derive a hardened extended key from a public key.
|
||||
ErrDeriveHardFromPublic = errors.New("cannot derive a hardened key " +
|
||||
"from a public key")
|
||||
|
||||
// ErrNotPrivExtKey describes an error in which the caller attempted
|
||||
// to extract a private key from a public extended key.
|
||||
ErrNotPrivExtKey = errors.New("unable to create private keys from a " +
|
||||
"public extended key")
|
||||
|
||||
// ErrInvalidChild describes an error in which the child at a specific
|
||||
// index is invalid due to the derived key falling outside of the valid
|
||||
// range for secp256k1 private keys. This error indicates the caller
|
||||
// should simply ignore the invalid child extended key at this index and
|
||||
// increment to the next index.
|
||||
ErrInvalidChild = errors.New("the extended key at this index is invalid")
|
||||
|
||||
// ErrUnusableSeed describes an error in which the provided seed is not
|
||||
// usable due to the derived key falling outside of the valid range for
|
||||
// secp256k1 private keys. This error indicates the caller must choose
|
||||
// another seed.
|
||||
ErrUnusableSeed = errors.New("unusable seed")
|
||||
|
||||
// ErrInvalidSeedLen describes an error in which the provided seed or
|
||||
// seed length is not in the allowed range.
|
||||
ErrInvalidSeedLen = fmt.Errorf("seed length must be between %d and %d "+
|
||||
"bits", MinSeedBytes*8, MaxSeedBytes*8)
|
||||
|
||||
// ErrBadChecksum describes an error in which the checksum encoded with
|
||||
// a serialized extended key does not match the calculated value.
|
||||
ErrBadChecksum = errors.New("bad extended key checksum")
|
||||
|
||||
// ErrInvalidKeyLen describes an error in which the provided serialized
|
||||
// key is not the expected length.
|
||||
ErrInvalidKeyLen = errors.New("the provided serialized extended key " +
|
||||
"length is invalid")
|
||||
)
|
||||
|
||||
// masterKey is the master key used along with a random seed used to generate
|
||||
// the master node in the hierarchical tree.
|
||||
var masterKey = []byte("Bitcoin seed")
|
||||
|
||||
// ExtendedKey houses all the information needed to support a hierarchical
|
||||
// deterministic extended key. See the package overview documentation for
|
||||
// more details on how to use extended keys.
|
||||
type ExtendedKey struct {
|
||||
key []byte // This will be the pubkey for extended pub keys
|
||||
pubKey []byte // This will only be set for extended priv keys
|
||||
chainCode []byte
|
||||
depth uint16
|
||||
parentFP []byte
|
||||
childNum uint32
|
||||
version []byte
|
||||
isPrivate bool
|
||||
}
|
||||
|
||||
// newExtendedKey returns a new instance of an extended key with the given
|
||||
// fields. No error checking is performed here as it's only intended to be a
|
||||
// convenience method used to create a populated struct.
|
||||
func newExtendedKey(version, key, chainCode, parentFP []byte, depth uint16,
|
||||
childNum uint32, isPrivate bool) *ExtendedKey {
|
||||
|
||||
// NOTE: The pubKey field is intentionally left nil so it is only
|
||||
// computed and memoized as required.
|
||||
return &ExtendedKey{
|
||||
key: key,
|
||||
chainCode: chainCode,
|
||||
depth: depth,
|
||||
parentFP: parentFP,
|
||||
childNum: childNum,
|
||||
version: version,
|
||||
isPrivate: isPrivate,
|
||||
}
|
||||
}
|
||||
|
||||
// pubKeyBytes returns bytes for the serialized compressed public key associated
|
||||
// with this extended key in an efficient manner including memoization as
|
||||
// necessary.
|
||||
//
|
||||
// When the extended key is already a public key, the key is simply returned as
|
||||
// is since it's already in the correct form. However, when the extended key is
|
||||
// a private key, the public key will be calculated and memoized so future
|
||||
// accesses can simply return the cached result.
|
||||
func (k *ExtendedKey) pubKeyBytes() []byte {
|
||||
// Just return the key if it's already an extended public key.
|
||||
if !k.isPrivate {
|
||||
return k.key
|
||||
}
|
||||
|
||||
// This is a private extended key, so calculate and memoize the public
|
||||
// key if needed.
|
||||
if len(k.pubKey) == 0 {
|
||||
pkx, pky := btcec.S256().ScalarBaseMult(k.key)
|
||||
pubKey := btcec.PublicKey{Curve: btcec.S256(), X: pkx, Y: pky}
|
||||
k.pubKey = pubKey.SerializeCompressed()
|
||||
}
|
||||
|
||||
return k.pubKey
|
||||
}
|
||||
|
||||
// IsPrivate returns whether or not the extended key is a private extended key.
|
||||
//
|
||||
// A private extended key can be used to derive both hardened and non-hardened
|
||||
// child private and public extended keys. A public extended key can only be
|
||||
// used to derive non-hardened child public extended keys.
|
||||
func (k *ExtendedKey) IsPrivate() bool {
|
||||
return k.isPrivate
|
||||
}
|
||||
|
||||
// ParentFingerprint returns a fingerprint of the parent extended key from which
|
||||
// this one was derived.
|
||||
func (k *ExtendedKey) ParentFingerprint() uint32 {
|
||||
return binary.BigEndian.Uint32(k.parentFP)
|
||||
}
|
||||
|
||||
// Child returns a derived child extended key at the given index. When this
|
||||
// extended key is a private extended key (as determined by the IsPrivate
|
||||
// function), a private extended key will be derived. Otherwise, the derived
|
||||
// extended key will be also be a public extended key.
|
||||
//
|
||||
// When the index is greater to or equal than the HardenedKeyStart constant, the
|
||||
// derived extended key will be a hardened extended key. It is only possible to
|
||||
// derive a hardended extended key from a private extended key. Consequently,
|
||||
// this function will return ErrDeriveHardFromPublic if a hardened child
|
||||
// extended key is requested from a public extended key.
|
||||
//
|
||||
// A hardened extended key is useful since, as previously mentioned, it requires
|
||||
// a parent private extended key to derive. In other words, normal child
|
||||
// extended public keys can be derived from a parent public extended key (no
|
||||
// knowledge of the parent private key) whereas hardened extended keys may not
|
||||
// be.
|
||||
//
|
||||
// NOTE: There is an extremely small chance (< 1 in 2^127) the specific child
|
||||
// index does not derive to a usable child. The ErrInvalidChild error will be
|
||||
// returned if this should occur, and the caller is expected to ignore the
|
||||
// invalid child and simply increment to the next index.
|
||||
func (k *ExtendedKey) Child(i uint32) (*ExtendedKey, error) {
|
||||
// There are four scenarios that could happen here:
|
||||
// 1) Private extended key -> Hardened child private extended key
|
||||
// 2) Private extended key -> Non-hardened child private extended key
|
||||
// 3) Public extended key -> Non-hardened child public extended key
|
||||
// 4) Public extended key -> Hardened child public extended key (INVALID!)
|
||||
|
||||
// Case #4 is invalid, so error out early.
|
||||
// A hardened child extended key may not be created from a public
|
||||
// extended key.
|
||||
isChildHardened := i >= HardenedKeyStart
|
||||
if !k.isPrivate && isChildHardened {
|
||||
return nil, ErrDeriveHardFromPublic
|
||||
}
|
||||
|
||||
// The data used to derive the child key depends on whether or not the
|
||||
// child is hardened per [BIP32].
|
||||
//
|
||||
// For hardened children:
|
||||
// 0x00 || ser256(parentKey) || ser32(i)
|
||||
//
|
||||
// For normal children:
|
||||
// serP(parentPubKey) || ser32(i)
|
||||
keyLen := 33
|
||||
data := make([]byte, keyLen+4)
|
||||
if isChildHardened {
|
||||
// Case #1.
|
||||
// When the child is a hardened child, the key is known to be a
|
||||
// private key due to the above early return. Pad it with a
|
||||
// leading zero as required by [BIP32] for deriving the child.
|
||||
copy(data[1:], k.key)
|
||||
} else {
|
||||
// Case #2 or #3.
|
||||
// This is either a public or private extended key, but in
|
||||
// either case, the data which is used to derive the child key
|
||||
// starts with the secp256k1 compressed public key bytes.
|
||||
copy(data, k.pubKeyBytes())
|
||||
}
|
||||
binary.BigEndian.PutUint32(data[keyLen:], i)
|
||||
|
||||
// Take the HMAC-SHA512 of the current key's chain code and the derived
|
||||
// data:
|
||||
// I = HMAC-SHA512(Key = chainCode, Data = data)
|
||||
hmac512 := hmac.New(sha512.New, k.chainCode)
|
||||
hmac512.Write(data)
|
||||
ilr := hmac512.Sum(nil)
|
||||
|
||||
// Split "I" into two 32-byte sequences Il and Ir where:
|
||||
// Il = intermediate key used to derive the child
|
||||
// Ir = child chain code
|
||||
il := ilr[:len(ilr)/2]
|
||||
childChainCode := ilr[len(ilr)/2:]
|
||||
|
||||
// Both derived public or private keys rely on treating the left 32-byte
|
||||
// sequence calculated above (Il) as a 256-bit integer that must be
|
||||
// within the valid range for a secp256k1 private key. There is a small
|
||||
// chance (< 1 in 2^127) this condition will not hold, and in that case,
|
||||
// a child extended key can't be created for this index and the caller
|
||||
// should simply increment to the next index.
|
||||
ilNum := new(big.Int).SetBytes(il)
|
||||
if ilNum.Cmp(btcec.S256().N) >= 0 || ilNum.Sign() == 0 {
|
||||
return nil, ErrInvalidChild
|
||||
}
|
||||
|
||||
// The algorithm used to derive the child key depends on whether or not
|
||||
// a private or public child is being derived.
|
||||
//
|
||||
// For private children:
|
||||
// childKey = parse256(Il) + parentKey
|
||||
//
|
||||
// For public children:
|
||||
// childKey = serP(point(parse256(Il)) + parentKey)
|
||||
var isPrivate bool
|
||||
var childKey []byte
|
||||
if k.isPrivate {
|
||||
// Case #1 or #2.
|
||||
// Add the parent private key to the intermediate private key to
|
||||
// derive the final child key.
|
||||
//
|
||||
// childKey = parse256(Il) + parenKey
|
||||
keyNum := new(big.Int).SetBytes(k.key)
|
||||
ilNum.Add(ilNum, keyNum)
|
||||
ilNum.Mod(ilNum, btcec.S256().N)
|
||||
childKey = ilNum.Bytes()
|
||||
isPrivate = true
|
||||
} else {
|
||||
// Case #3.
|
||||
// Calculate the corresponding intermediate public key for
|
||||
// intermediate private key.
|
||||
ilx, ily := btcec.S256().ScalarBaseMult(il)
|
||||
if ilx.Sign() == 0 || ily.Sign() == 0 {
|
||||
return nil, ErrInvalidChild
|
||||
}
|
||||
|
||||
// Convert the serialized compressed parent public key into X
|
||||
// and Y coordinates so it can be added to the intermediate
|
||||
// public key.
|
||||
pubKey, err := btcec.ParsePubKey(k.key, btcec.S256())
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Add the intermediate public key to the parent public key to
|
||||
// derive the final child key.
|
||||
//
|
||||
// childKey = serP(point(parse256(Il)) + parentKey)
|
||||
childX, childY := btcec.S256().Add(ilx, ily, pubKey.X, pubKey.Y)
|
||||
pk := btcec.PublicKey{Curve: btcec.S256(), X: childX, Y: childY}
|
||||
childKey = pk.SerializeCompressed()
|
||||
}
|
||||
|
||||
// The fingerprint of the parent for the derived child is the first 4
|
||||
// bytes of the RIPEMD160(SHA256(parentPubKey)).
|
||||
parentFP := btcutil.Hash160(k.pubKeyBytes())[:4]
|
||||
return newExtendedKey(k.version, childKey, childChainCode, parentFP,
|
||||
k.depth+1, i, isPrivate), nil
|
||||
}
|
||||
|
||||
// Neuter returns a new extended public key from this extended private key. The
|
||||
// same extended key will be returned unaltered if it is already an extended
|
||||
// public key.
|
||||
//
|
||||
// As the name implies, an extended public key does not have access to the
|
||||
// private key, so it is not capable of signing transactions or deriving
|
||||
// child extended private keys. However, it is capable of deriving further
|
||||
// child extended public keys.
|
||||
func (k *ExtendedKey) Neuter() (*ExtendedKey, error) {
|
||||
// Already an extended public key.
|
||||
if !k.isPrivate {
|
||||
return k, nil
|
||||
}
|
||||
|
||||
// Get the associated public extended key version bytes.
|
||||
version, err := chaincfg.HDPrivateKeyToPublicKeyID(k.version)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Convert it to an extended public key. The key for the new extended
|
||||
// key will simply be the pubkey of the current extended private key.
|
||||
//
|
||||
// This is the function N((k,c)) -> (K, c) from [BIP32].
|
||||
return newExtendedKey(version, k.pubKeyBytes(), k.chainCode, k.parentFP,
|
||||
k.depth, k.childNum, false), nil
|
||||
}
|
||||
|
||||
// ECPubKey converts the extended key to a btcec public key and returns it.
|
||||
func (k *ExtendedKey) ECPubKey() (*btcec.PublicKey, error) {
|
||||
return btcec.ParsePubKey(k.pubKeyBytes(), btcec.S256())
|
||||
}
|
||||
|
||||
// ECPrivKey converts the extended key to a btcec private key and returns it.
|
||||
// As you might imagine this is only possible if the extended key is a private
|
||||
// extended key (as determined by the IsPrivate function). The ErrNotPrivExtKey
|
||||
// error will be returned if this function is called on a public extended key.
|
||||
func (k *ExtendedKey) ECPrivKey() (*btcec.PrivateKey, error) {
|
||||
if !k.isPrivate {
|
||||
return nil, ErrNotPrivExtKey
|
||||
}
|
||||
|
||||
privKey, _ := btcec.PrivKeyFromBytes(btcec.S256(), k.key)
|
||||
return privKey, nil
|
||||
}
|
||||
|
||||
// Address converts the extended key to a standard bitcoin pay-to-pubkey-hash
|
||||
// address for the passed network.
|
||||
func (k *ExtendedKey) Address(net *chaincfg.Params) (*btcutil.AddressPubKeyHash, error) {
|
||||
pkHash := btcutil.Hash160(k.pubKeyBytes())
|
||||
return btcutil.NewAddressPubKeyHash(pkHash, net)
|
||||
}
|
||||
|
||||
// paddedAppend appends the src byte slice to dst, returning the new slice.
|
||||
// If the length of the source is smaller than the passed size, leading zero
|
||||
// bytes are appended to the dst slice before appending src.
|
||||
func paddedAppend(size uint, dst, src []byte) []byte {
|
||||
for i := 0; i < int(size)-len(src); i++ {
|
||||
dst = append(dst, 0)
|
||||
}
|
||||
return append(dst, src...)
|
||||
}
|
||||
|
||||
// String returns the extended key as a human-readable base58-encoded string.
|
||||
func (k *ExtendedKey) String() string {
|
||||
if len(k.key) == 0 {
|
||||
return "zeroed extended key"
|
||||
}
|
||||
|
||||
var childNumBytes [4]byte
|
||||
depthByte := byte(k.depth % 256)
|
||||
binary.BigEndian.PutUint32(childNumBytes[:], k.childNum)
|
||||
|
||||
// The serialized format is:
|
||||
// version (4) || depth (1) || parent fingerprint (4)) ||
|
||||
// child num (4) || chain code (32) || key data (33) || checksum (4)
|
||||
serializedBytes := make([]byte, 0, serializedKeyLen+4)
|
||||
serializedBytes = append(serializedBytes, k.version...)
|
||||
serializedBytes = append(serializedBytes, depthByte)
|
||||
serializedBytes = append(serializedBytes, k.parentFP...)
|
||||
serializedBytes = append(serializedBytes, childNumBytes[:]...)
|
||||
serializedBytes = append(serializedBytes, k.chainCode...)
|
||||
if k.isPrivate {
|
||||
serializedBytes = append(serializedBytes, 0x00)
|
||||
serializedBytes = paddedAppend(32, serializedBytes, k.key)
|
||||
} else {
|
||||
serializedBytes = append(serializedBytes, k.pubKeyBytes()...)
|
||||
}
|
||||
|
||||
checkSum := chainhash.DoubleHashB(serializedBytes)[:4]
|
||||
serializedBytes = append(serializedBytes, checkSum...)
|
||||
return base58.Encode(serializedBytes)
|
||||
}
|
||||
|
||||
// IsForNet returns whether or not the extended key is associated with the
|
||||
// passed bitcoin network.
|
||||
func (k *ExtendedKey) IsForNet(net *chaincfg.Params) bool {
|
||||
return bytes.Equal(k.version, net.HDPrivateKeyID[:]) ||
|
||||
bytes.Equal(k.version, net.HDPublicKeyID[:])
|
||||
}
|
||||
|
||||
// SetNet associates the extended key, and any child keys yet to be derived from
|
||||
// it, with the passed network.
|
||||
func (k *ExtendedKey) SetNet(net *chaincfg.Params) {
|
||||
if k.isPrivate {
|
||||
k.version = net.HDPrivateKeyID[:]
|
||||
} else {
|
||||
k.version = net.HDPublicKeyID[:]
|
||||
}
|
||||
}
|
||||
|
||||
// zero sets all bytes in the passed slice to zero. This is used to
|
||||
// explicitly clear private key material from memory.
|
||||
func zero(b []byte) {
|
||||
lenb := len(b)
|
||||
for i := 0; i < lenb; i++ {
|
||||
b[i] = 0
|
||||
}
|
||||
}
|
||||
|
||||
// Zero manually clears all fields and bytes in the extended key. This can be
|
||||
// used to explicitly clear key material from memory for enhanced security
|
||||
// against memory scraping. This function only clears this particular key and
|
||||
// not any children that have already been derived.
|
||||
func (k *ExtendedKey) Zero() {
|
||||
zero(k.key)
|
||||
zero(k.pubKey)
|
||||
zero(k.chainCode)
|
||||
zero(k.parentFP)
|
||||
k.version = nil
|
||||
k.key = nil
|
||||
k.depth = 0
|
||||
k.childNum = 0
|
||||
k.isPrivate = false
|
||||
}
|
||||
|
||||
// NewMaster creates a new master node for use in creating a hierarchical
|
||||
// deterministic key chain. The seed must be between 128 and 512 bits and
|
||||
// should be generated by a cryptographically secure random generation source.
|
||||
//
|
||||
// NOTE: There is an extremely small chance (< 1 in 2^127) the provided seed
|
||||
// will derive to an unusable secret key. The ErrUnusable error will be
|
||||
// returned if this should occur, so the caller must check for it and generate a
|
||||
// new seed accordingly.
|
||||
func NewMaster(seed []byte, net *chaincfg.Params) (*ExtendedKey, error) {
|
||||
// Per [BIP32], the seed must be in range [MinSeedBytes, MaxSeedBytes].
|
||||
if len(seed) < MinSeedBytes || len(seed) > MaxSeedBytes {
|
||||
return nil, ErrInvalidSeedLen
|
||||
}
|
||||
|
||||
// First take the HMAC-SHA512 of the master key and the seed data:
|
||||
// I = HMAC-SHA512(Key = "Bitcoin seed", Data = S)
|
||||
hmac512 := hmac.New(sha512.New, masterKey)
|
||||
hmac512.Write(seed)
|
||||
lr := hmac512.Sum(nil)
|
||||
|
||||
// Split "I" into two 32-byte sequences Il and Ir where:
|
||||
// Il = master secret key
|
||||
// Ir = master chain code
|
||||
secretKey := lr[:len(lr)/2]
|
||||
chainCode := lr[len(lr)/2:]
|
||||
|
||||
// Ensure the key in usable.
|
||||
secretKeyNum := new(big.Int).SetBytes(secretKey)
|
||||
if secretKeyNum.Cmp(btcec.S256().N) >= 0 || secretKeyNum.Sign() == 0 {
|
||||
return nil, ErrUnusableSeed
|
||||
}
|
||||
|
||||
parentFP := []byte{0x00, 0x00, 0x00, 0x00}
|
||||
return newExtendedKey(net.HDPrivateKeyID[:], secretKey, chainCode,
|
||||
parentFP, 0, 0, true), nil
|
||||
}
|
||||
|
||||
// NewKeyFromString returns a new extended key instance from a base58-encoded
|
||||
// extended key.
|
||||
func NewKeyFromString(key string) (*ExtendedKey, error) {
|
||||
// The base58-decoded extended key must consist of a serialized payload
|
||||
// plus an additional 4 bytes for the checksum.
|
||||
decoded := base58.Decode(key)
|
||||
if len(decoded) != serializedKeyLen+4 {
|
||||
return nil, ErrInvalidKeyLen
|
||||
}
|
||||
|
||||
// The serialized format is:
|
||||
// version (4) || depth (1) || parent fingerprint (4)) ||
|
||||
// child num (4) || chain code (32) || key data (33) || checksum (4)
|
||||
|
||||
// Split the payload and checksum up and ensure the checksum matches.
|
||||
payload := decoded[:len(decoded)-4]
|
||||
checkSum := decoded[len(decoded)-4:]
|
||||
expectedCheckSum := chainhash.DoubleHashB(payload)[:4]
|
||||
if !bytes.Equal(checkSum, expectedCheckSum) {
|
||||
return nil, ErrBadChecksum
|
||||
}
|
||||
|
||||
// Deserialize each of the payload fields.
|
||||
version := payload[:4]
|
||||
depth := uint16(payload[4:5][0])
|
||||
parentFP := payload[5:9]
|
||||
childNum := binary.BigEndian.Uint32(payload[9:13])
|
||||
chainCode := payload[13:45]
|
||||
keyData := payload[45:78]
|
||||
|
||||
// The key data is a private key if it starts with 0x00. Serialized
|
||||
// compressed pubkeys either start with 0x02 or 0x03.
|
||||
isPrivate := keyData[0] == 0x00
|
||||
if isPrivate {
|
||||
// Ensure the private key is valid. It must be within the range
|
||||
// of the order of the secp256k1 curve and not be 0.
|
||||
keyData = keyData[1:]
|
||||
keyNum := new(big.Int).SetBytes(keyData)
|
||||
if keyNum.Cmp(btcec.S256().N) >= 0 || keyNum.Sign() == 0 {
|
||||
return nil, ErrUnusableSeed
|
||||
}
|
||||
} else {
|
||||
// Ensure the public key parses correctly and is actually on the
|
||||
// secp256k1 curve.
|
||||
_, err := btcec.ParsePubKey(keyData, btcec.S256())
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
return newExtendedKey(version, keyData, chainCode, parentFP, depth,
|
||||
childNum, isPrivate), nil
|
||||
}
|
||||
|
||||
// GenerateSeed returns a cryptographically secure random seed that can be used
|
||||
// as the input for the NewMaster function to generate a new master node.
|
||||
//
|
||||
// The length is in bytes and it must be between 16 and 64 (128 to 512 bits).
|
||||
// The recommended length is 32 (256 bits) as defined by the RecommendedSeedLen
|
||||
// constant.
|
||||
func GenerateSeed(length uint8) ([]byte, error) {
|
||||
// Per [BIP32], the seed must be in range [MinSeedBytes, MaxSeedBytes].
|
||||
if length < MinSeedBytes || length > MaxSeedBytes {
|
||||
return nil, ErrInvalidSeedLen
|
||||
}
|
||||
|
||||
buf := make([]byte, length)
|
||||
_, err := rand.Read(buf)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return buf, nil
|
||||
}
|
20
src/vendor/github.com/btcsuite/btcutil/hdkeychain/test_coverage.txt
generated
vendored
Normal file
20
src/vendor/github.com/btcsuite/btcutil/hdkeychain/test_coverage.txt
generated
vendored
Normal file
|
@ -0,0 +1,20 @@
|
|||
|
||||
github.com/conformal/btcutil/hdkeychain/extendedkey.go ExtendedKey.String 100.00% (18/18)
|
||||
github.com/conformal/btcutil/hdkeychain/extendedkey.go ExtendedKey.Zero 100.00% (9/9)
|
||||
github.com/conformal/btcutil/hdkeychain/extendedkey.go ExtendedKey.pubKeyBytes 100.00% (7/7)
|
||||
github.com/conformal/btcutil/hdkeychain/extendedkey.go ExtendedKey.Neuter 100.00% (6/6)
|
||||
github.com/conformal/btcutil/hdkeychain/extendedkey.go ExtendedKey.ECPrivKey 100.00% (4/4)
|
||||
github.com/conformal/btcutil/hdkeychain/extendedkey.go zero 100.00% (3/3)
|
||||
github.com/conformal/btcutil/hdkeychain/extendedkey.go ExtendedKey.SetNet 100.00% (3/3)
|
||||
github.com/conformal/btcutil/hdkeychain/extendedkey.go ExtendedKey.Address 100.00% (2/2)
|
||||
github.com/conformal/btcutil/hdkeychain/extendedkey.go newExtendedKey 100.00% (1/1)
|
||||
github.com/conformal/btcutil/hdkeychain/extendedkey.go ExtendedKey.IsPrivate 100.00% (1/1)
|
||||
github.com/conformal/btcutil/hdkeychain/extendedkey.go ExtendedKey.ParentFingerprint 100.00% (1/1)
|
||||
github.com/conformal/btcutil/hdkeychain/extendedkey.go ExtendedKey.ECPubKey 100.00% (1/1)
|
||||
github.com/conformal/btcutil/hdkeychain/extendedkey.go ExtendedKey.IsForNet 100.00% (1/1)
|
||||
github.com/conformal/btcutil/hdkeychain/extendedkey.go NewKeyFromString 95.83% (23/24)
|
||||
github.com/conformal/btcutil/hdkeychain/extendedkey.go ExtendedKey.Child 91.67% (33/36)
|
||||
github.com/conformal/btcutil/hdkeychain/extendedkey.go NewMaster 91.67% (11/12)
|
||||
github.com/conformal/btcutil/hdkeychain/extendedkey.go GenerateSeed 85.71% (6/7)
|
||||
github.com/conformal/btcutil/hdkeychain ----------------------------- 95.59% (130/136)
|
||||
|
18
src/vendor/github.com/btcsuite/btcutil/net.go
generated
vendored
Normal file
18
src/vendor/github.com/btcsuite/btcutil/net.go
generated
vendored
Normal file
|
@ -0,0 +1,18 @@
|
|||
// Copyright (c) 2013-2014 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// +build !appengine
|
||||
|
||||
package btcutil
|
||||
|
||||
import (
|
||||
"net"
|
||||
)
|
||||
|
||||
// interfaceAddrs returns a list of the system's network interface addresses.
|
||||
// It is wrapped here so that we can substitute it for other functions when
|
||||
// building for systems that do not allow access to net.InterfaceAddrs().
|
||||
func interfaceAddrs() ([]net.Addr, error) {
|
||||
return net.InterfaceAddrs()
|
||||
}
|
19
src/vendor/github.com/btcsuite/btcutil/net_noop.go
generated
vendored
Normal file
19
src/vendor/github.com/btcsuite/btcutil/net_noop.go
generated
vendored
Normal file
|
@ -0,0 +1,19 @@
|
|||
// Copyright (c) 2013-2014 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// +build appengine
|
||||
|
||||
package btcutil
|
||||
|
||||
import (
|
||||
"net"
|
||||
)
|
||||
|
||||
// interfaceAddrs returns a list of the system's network interface addresses.
|
||||
// It is wrapped here so that we can substitute it for a no-op function that
|
||||
// returns an empty slice of net.Addr when building for systems that do not
|
||||
// allow access to net.InterfaceAddrs().
|
||||
func interfaceAddrs() ([]net.Addr, error) {
|
||||
return []net.Addr{}, nil
|
||||
}
|
72
src/vendor/github.com/btcsuite/btcutil/test_coverage.txt
generated
vendored
Normal file
72
src/vendor/github.com/btcsuite/btcutil/test_coverage.txt
generated
vendored
Normal file
|
@ -0,0 +1,72 @@
|
|||
|
||||
github.com/conformal/btcutil/base58.go Base58Decode 100.00% (20/20)
|
||||
github.com/conformal/btcutil/base58.go Base58Encode 100.00% (15/15)
|
||||
github.com/conformal/btcutil/block.go Block.Tx 100.00% (12/12)
|
||||
github.com/conformal/btcutil/wif.go WIF.String 100.00% (11/11)
|
||||
github.com/conformal/btcutil/block.go Block.Transactions 100.00% (11/11)
|
||||
github.com/conformal/btcutil/amount.go AmountUnit.String 100.00% (8/8)
|
||||
github.com/conformal/btcutil/tx.go NewTxFromReader 100.00% (6/6)
|
||||
github.com/conformal/btcutil/block.go NewBlockFromBytes 100.00% (6/6)
|
||||
github.com/conformal/btcutil/block.go NewBlockFromReader 100.00% (6/6)
|
||||
github.com/conformal/btcutil/address.go encodeAddress 100.00% (6/6)
|
||||
github.com/conformal/btcutil/address.go newAddressPubKeyHash 100.00% (5/5)
|
||||
github.com/conformal/btcutil/address.go newAddressScriptHashFromHash 100.00% (5/5)
|
||||
github.com/conformal/btcutil/tx.go Tx.Sha 100.00% (5/5)
|
||||
github.com/conformal/btcutil/block.go Block.Sha 100.00% (5/5)
|
||||
github.com/conformal/btcutil/amount.go NewAmount 100.00% (5/5)
|
||||
github.com/conformal/btcutil/amount.go round 100.00% (3/3)
|
||||
github.com/conformal/btcutil/address.go NewAddressScriptHash 100.00% (2/2)
|
||||
github.com/conformal/btcutil/amount.go Amount.Format 100.00% (2/2)
|
||||
github.com/conformal/btcutil/tx.go NewTxFromBytes 100.00% (2/2)
|
||||
github.com/conformal/btcutil/hash160.go calcHash 100.00% (2/2)
|
||||
github.com/conformal/btcutil/address.go AddressPubKeyHash.Hash160 100.00% (1/1)
|
||||
github.com/conformal/btcutil/block.go OutOfRangeError.Error 100.00% (1/1)
|
||||
github.com/conformal/btcutil/block.go Block.MsgBlock 100.00% (1/1)
|
||||
github.com/conformal/btcutil/tx.go Tx.MsgTx 100.00% (1/1)
|
||||
github.com/conformal/btcutil/hash160.go Hash160 100.00% (1/1)
|
||||
github.com/conformal/btcutil/block.go NewBlockFromBlockAndBytes 100.00% (1/1)
|
||||
github.com/conformal/btcutil/block.go Block.Height 100.00% (1/1)
|
||||
github.com/conformal/btcutil/block.go Block.SetHeight 100.00% (1/1)
|
||||
github.com/conformal/btcutil/block.go NewBlock 100.00% (1/1)
|
||||
github.com/conformal/btcutil/address.go AddressPubKeyHash.IsForNet 100.00% (1/1)
|
||||
github.com/conformal/btcutil/address.go AddressPubKey.EncodeAddress 100.00% (1/1)
|
||||
github.com/conformal/btcutil/address.go NewAddressPubKeyHash 100.00% (1/1)
|
||||
github.com/conformal/btcutil/address.go AddressPubKeyHash.EncodeAddress 100.00% (1/1)
|
||||
github.com/conformal/btcutil/address.go AddressPubKeyHash.ScriptAddress 100.00% (1/1)
|
||||
github.com/conformal/btcutil/address.go AddressPubKeyHash.String 100.00% (1/1)
|
||||
github.com/conformal/btcutil/address.go NewAddressScriptHashFromHash 100.00% (1/1)
|
||||
github.com/conformal/btcutil/address.go AddressScriptHash.EncodeAddress 100.00% (1/1)
|
||||
github.com/conformal/btcutil/address.go AddressScriptHash.ScriptAddress 100.00% (1/1)
|
||||
github.com/conformal/btcutil/address.go AddressScriptHash.IsForNet 100.00% (1/1)
|
||||
github.com/conformal/btcutil/address.go AddressScriptHash.String 100.00% (1/1)
|
||||
github.com/conformal/btcutil/address.go AddressScriptHash.Hash160 100.00% (1/1)
|
||||
github.com/conformal/btcutil/address.go AddressPubKey.ScriptAddress 100.00% (1/1)
|
||||
github.com/conformal/btcutil/address.go AddressPubKey.IsForNet 100.00% (1/1)
|
||||
github.com/conformal/btcutil/address.go AddressPubKey.String 100.00% (1/1)
|
||||
github.com/conformal/btcutil/tx.go NewTx 100.00% (1/1)
|
||||
github.com/conformal/btcutil/tx.go Tx.SetIndex 100.00% (1/1)
|
||||
github.com/conformal/btcutil/amount.go Amount.ToUnit 100.00% (1/1)
|
||||
github.com/conformal/btcutil/tx.go Tx.Index 100.00% (1/1)
|
||||
github.com/conformal/btcutil/amount.go Amount.String 100.00% (1/1)
|
||||
github.com/conformal/btcutil/amount.go Amount.MulF64 100.00% (1/1)
|
||||
github.com/conformal/btcutil/appdata.go appDataDir 92.00% (23/25)
|
||||
github.com/conformal/btcutil/block.go Block.TxLoc 88.89% (8/9)
|
||||
github.com/conformal/btcutil/block.go Block.Bytes 88.89% (8/9)
|
||||
github.com/conformal/btcutil/address.go NewAddressPubKey 87.50% (7/8)
|
||||
github.com/conformal/btcutil/address.go DecodeAddress 85.00% (17/20)
|
||||
github.com/conformal/btcutil/wif.go DecodeWIF 85.00% (17/20)
|
||||
github.com/conformal/btcutil/address.go AddressPubKey.serialize 80.00% (4/5)
|
||||
github.com/conformal/btcutil/block.go Block.TxSha 75.00% (3/4)
|
||||
github.com/conformal/btcutil/wif.go paddedAppend 66.67% (2/3)
|
||||
github.com/conformal/btcutil/wif.go NewWIF 66.67% (2/3)
|
||||
github.com/conformal/btcutil/certgen.go NewTLSCertPair 0.00% (0/54)
|
||||
github.com/conformal/btcutil/wif.go WIF.SerializePubKey 0.00% (0/4)
|
||||
github.com/conformal/btcutil/address.go AddressPubKey.AddressPubKeyHash 0.00% (0/3)
|
||||
github.com/conformal/btcutil/address.go AddressPubKey.Format 0.00% (0/1)
|
||||
github.com/conformal/btcutil/address.go AddressPubKey.PubKey 0.00% (0/1)
|
||||
github.com/conformal/btcutil/address.go AddressPubKey.SetFormat 0.00% (0/1)
|
||||
github.com/conformal/btcutil/wif.go WIF.IsForNet 0.00% (0/1)
|
||||
github.com/conformal/btcutil/appdata.go AppDataDir 0.00% (0/1)
|
||||
github.com/conformal/btcutil/net.go interfaceAddrs 0.00% (0/1)
|
||||
github.com/conformal/btcutil ------------------------------- 75.88% (258/340)
|
||||
|
93
src/vendor/github.com/btcsuite/btcutil/tx.go
generated
vendored
Normal file
93
src/vendor/github.com/btcsuite/btcutil/tx.go
generated
vendored
Normal file
|
@ -0,0 +1,93 @@
|
|||
// Copyright (c) 2013-2016 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package btcutil
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"io"
|
||||
|
||||
"github.com/btcsuite/btcd/chaincfg/chainhash"
|
||||
"github.com/btcsuite/btcd/wire"
|
||||
)
|
||||
|
||||
// TxIndexUnknown is the value returned for a transaction index that is unknown.
|
||||
// This is typically because the transaction has not been inserted into a block
|
||||
// yet.
|
||||
const TxIndexUnknown = -1
|
||||
|
||||
// Tx defines a bitcoin transaction that provides easier and more efficient
|
||||
// manipulation of raw transactions. It also memoizes the hash for the
|
||||
// transaction on its first access so subsequent accesses don't have to repeat
|
||||
// the relatively expensive hashing operations.
|
||||
type Tx struct {
|
||||
msgTx *wire.MsgTx // Underlying MsgTx
|
||||
txHash *chainhash.Hash // Cached transaction hash
|
||||
txIndex int // Position within a block or TxIndexUnknown
|
||||
}
|
||||
|
||||
// MsgTx returns the underlying wire.MsgTx for the transaction.
|
||||
func (t *Tx) MsgTx() *wire.MsgTx {
|
||||
// Return the cached transaction.
|
||||
return t.msgTx
|
||||
}
|
||||
|
||||
// Hash returns the hash of the transaction. This is equivalent to
|
||||
// calling TxHash on the underlying wire.MsgTx, however it caches the
|
||||
// result so subsequent calls are more efficient.
|
||||
func (t *Tx) Hash() *chainhash.Hash {
|
||||
// Return the cached hash if it has already been generated.
|
||||
if t.txHash != nil {
|
||||
return t.txHash
|
||||
}
|
||||
|
||||
// Cache the hash and return it.
|
||||
hash := t.msgTx.TxHash()
|
||||
t.txHash = &hash
|
||||
return &hash
|
||||
}
|
||||
|
||||
// Index returns the saved index of the transaction within a block. This value
|
||||
// will be TxIndexUnknown if it hasn't already explicitly been set.
|
||||
func (t *Tx) Index() int {
|
||||
return t.txIndex
|
||||
}
|
||||
|
||||
// SetIndex sets the index of the transaction in within a block.
|
||||
func (t *Tx) SetIndex(index int) {
|
||||
t.txIndex = index
|
||||
}
|
||||
|
||||
// NewTx returns a new instance of a bitcoin transaction given an underlying
|
||||
// wire.MsgTx. See Tx.
|
||||
func NewTx(msgTx *wire.MsgTx) *Tx {
|
||||
return &Tx{
|
||||
msgTx: msgTx,
|
||||
txIndex: TxIndexUnknown,
|
||||
}
|
||||
}
|
||||
|
||||
// NewTxFromBytes returns a new instance of a bitcoin transaction given the
|
||||
// serialized bytes. See Tx.
|
||||
func NewTxFromBytes(serializedTx []byte) (*Tx, error) {
|
||||
br := bytes.NewReader(serializedTx)
|
||||
return NewTxFromReader(br)
|
||||
}
|
||||
|
||||
// NewTxFromReader returns a new instance of a bitcoin transaction given a
|
||||
// Reader to deserialize the transaction. See Tx.
|
||||
func NewTxFromReader(r io.Reader) (*Tx, error) {
|
||||
// Deserialize the bytes into a MsgTx.
|
||||
var msgTx wire.MsgTx
|
||||
err := msgTx.Deserialize(r)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
t := Tx{
|
||||
msgTx: &msgTx,
|
||||
txIndex: TxIndexUnknown,
|
||||
}
|
||||
return &t, nil
|
||||
}
|
169
src/vendor/github.com/btcsuite/btcutil/wif.go
generated
vendored
Normal file
169
src/vendor/github.com/btcsuite/btcutil/wif.go
generated
vendored
Normal file
|
@ -0,0 +1,169 @@
|
|||
// Copyright (c) 2013-2016 The btcsuite developers
|
||||
// Use of this source code is governed by an ISC
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package btcutil
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"errors"
|
||||
|
||||
"github.com/btcsuite/btcd/btcec"
|
||||
"github.com/btcsuite/btcd/chaincfg"
|
||||
"github.com/btcsuite/btcd/chaincfg/chainhash"
|
||||
"github.com/btcsuite/btcutil/base58"
|
||||
)
|
||||
|
||||
// ErrMalformedPrivateKey describes an error where a WIF-encoded private
|
||||
// key cannot be decoded due to being improperly formatted. This may occur
|
||||
// if the byte length is incorrect or an unexpected magic number was
|
||||
// encountered.
|
||||
var ErrMalformedPrivateKey = errors.New("malformed private key")
|
||||
|
||||
// compressMagic is the magic byte used to identify a WIF encoding for
|
||||
// an address created from a compressed serialized public key.
|
||||
const compressMagic byte = 0x01
|
||||
|
||||
// WIF contains the individual components described by the Wallet Import Format
|
||||
// (WIF). A WIF string is typically used to represent a private key and its
|
||||
// associated address in a way that may be easily copied and imported into or
|
||||
// exported from wallet software. WIF strings may be decoded into this
|
||||
// structure by calling DecodeWIF or created with a user-provided private key
|
||||
// by calling NewWIF.
|
||||
type WIF struct {
|
||||
// PrivKey is the private key being imported or exported.
|
||||
PrivKey *btcec.PrivateKey
|
||||
|
||||
// CompressPubKey specifies whether the address controlled by the
|
||||
// imported or exported private key was created by hashing a
|
||||
// compressed (33-byte) serialized public key, rather than an
|
||||
// uncompressed (65-byte) one.
|
||||
CompressPubKey bool
|
||||
|
||||
// netID is the bitcoin network identifier byte used when
|
||||
// WIF encoding the private key.
|
||||
netID byte
|
||||
}
|
||||
|
||||
// NewWIF creates a new WIF structure to export an address and its private key
|
||||
// as a string encoded in the Wallet Import Format. The compress argument
|
||||
// specifies whether the address intended to be imported or exported was created
|
||||
// by serializing the public key compressed rather than uncompressed.
|
||||
func NewWIF(privKey *btcec.PrivateKey, net *chaincfg.Params, compress bool) (*WIF, error) {
|
||||
if net == nil {
|
||||
return nil, errors.New("no network")
|
||||
}
|
||||
return &WIF{privKey, compress, net.PrivateKeyID}, nil
|
||||
}
|
||||
|
||||
// IsForNet returns whether or not the decoded WIF structure is associated
|
||||
// with the passed bitcoin network.
|
||||
func (w *WIF) IsForNet(net *chaincfg.Params) bool {
|
||||
return w.netID == net.PrivateKeyID
|
||||
}
|
||||
|
||||
// DecodeWIF creates a new WIF structure by decoding the string encoding of
|
||||
// the import format.
|
||||
//
|
||||
// The WIF string must be a base58-encoded string of the following byte
|
||||
// sequence:
|
||||
//
|
||||
// * 1 byte to identify the network, must be 0x80 for mainnet or 0xef for
|
||||
// either testnet3 or the regression test network
|
||||
// * 32 bytes of a binary-encoded, big-endian, zero-padded private key
|
||||
// * Optional 1 byte (equal to 0x01) if the address being imported or exported
|
||||
// was created by taking the RIPEMD160 after SHA256 hash of a serialized
|
||||
// compressed (33-byte) public key
|
||||
// * 4 bytes of checksum, must equal the first four bytes of the double SHA256
|
||||
// of every byte before the checksum in this sequence
|
||||
//
|
||||
// If the base58-decoded byte sequence does not match this, DecodeWIF will
|
||||
// return a non-nil error. ErrMalformedPrivateKey is returned when the WIF
|
||||
// is of an impossible length or the expected compressed pubkey magic number
|
||||
// does not equal the expected value of 0x01. ErrChecksumMismatch is returned
|
||||
// if the expected WIF checksum does not match the calculated checksum.
|
||||
func DecodeWIF(wif string) (*WIF, error) {
|
||||
decoded := base58.Decode(wif)
|
||||
decodedLen := len(decoded)
|
||||
var compress bool
|
||||
|
||||
// Length of base58 decoded WIF must be 32 bytes + an optional 1 byte
|
||||
// (0x01) if compressed, plus 1 byte for netID + 4 bytes of checksum.
|
||||
switch decodedLen {
|
||||
case 1 + btcec.PrivKeyBytesLen + 1 + 4:
|
||||
if decoded[33] != compressMagic {
|
||||
return nil, ErrMalformedPrivateKey
|
||||
}
|
||||
compress = true
|
||||
case 1 + btcec.PrivKeyBytesLen + 4:
|
||||
compress = false
|
||||
default:
|
||||
return nil, ErrMalformedPrivateKey
|
||||
}
|
||||
|
||||
// Checksum is first four bytes of double SHA256 of the identifier byte
|
||||
// and privKey. Verify this matches the final 4 bytes of the decoded
|
||||
// private key.
|
||||
var tosum []byte
|
||||
if compress {
|
||||
tosum = decoded[:1+btcec.PrivKeyBytesLen+1]
|
||||
} else {
|
||||
tosum = decoded[:1+btcec.PrivKeyBytesLen]
|
||||
}
|
||||
cksum := chainhash.DoubleHashB(tosum)[:4]
|
||||
if !bytes.Equal(cksum, decoded[decodedLen-4:]) {
|
||||
return nil, ErrChecksumMismatch
|
||||
}
|
||||
|
||||
netID := decoded[0]
|
||||
privKeyBytes := decoded[1 : 1+btcec.PrivKeyBytesLen]
|
||||
privKey, _ := btcec.PrivKeyFromBytes(btcec.S256(), privKeyBytes)
|
||||
return &WIF{privKey, compress, netID}, nil
|
||||
}
|
||||
|
||||
// String creates the Wallet Import Format string encoding of a WIF structure.
|
||||
// See DecodeWIF for a detailed breakdown of the format and requirements of
|
||||
// a valid WIF string.
|
||||
func (w *WIF) String() string {
|
||||
// Precalculate size. Maximum number of bytes before base58 encoding
|
||||
// is one byte for the network, 32 bytes of private key, possibly one
|
||||
// extra byte if the pubkey is to be compressed, and finally four
|
||||
// bytes of checksum.
|
||||
encodeLen := 1 + btcec.PrivKeyBytesLen + 4
|
||||
if w.CompressPubKey {
|
||||
encodeLen++
|
||||
}
|
||||
|
||||
a := make([]byte, 0, encodeLen)
|
||||
a = append(a, w.netID)
|
||||
// Pad and append bytes manually, instead of using Serialize, to
|
||||
// avoid another call to make.
|
||||
a = paddedAppend(btcec.PrivKeyBytesLen, a, w.PrivKey.D.Bytes())
|
||||
if w.CompressPubKey {
|
||||
a = append(a, compressMagic)
|
||||
}
|
||||
cksum := chainhash.DoubleHashB(a)[:4]
|
||||
a = append(a, cksum...)
|
||||
return base58.Encode(a)
|
||||
}
|
||||
|
||||
// SerializePubKey serializes the associated public key of the imported or
|
||||
// exported private key in either a compressed or uncompressed format. The
|
||||
// serialization format chosen depends on the value of w.CompressPubKey.
|
||||
func (w *WIF) SerializePubKey() []byte {
|
||||
pk := (*btcec.PublicKey)(&w.PrivKey.PublicKey)
|
||||
if w.CompressPubKey {
|
||||
return pk.SerializeCompressed()
|
||||
}
|
||||
return pk.SerializeUncompressed()
|
||||
}
|
||||
|
||||
// paddedAppend appends the src byte slice to dst, returning the new slice.
|
||||
// If the length of the source is smaller than the passed size, leading zero
|
||||
// bytes are appended to the dst slice before appending src.
|
||||
func paddedAppend(size uint, dst, src []byte) []byte {
|
||||
for i := 0; i < int(size)-len(src); i++ {
|
||||
dst = append(dst, 0)
|
||||
}
|
||||
return append(dst, src...)
|
||||
}
|
52
src/vendor/github.com/btcsuite/fastsha256/LICENSE.md
generated
vendored
Normal file
52
src/vendor/github.com/btcsuite/fastsha256/LICENSE.md
generated
vendored
Normal file
|
@ -0,0 +1,52 @@
|
|||
The original code for the fastsha256 project
|
||||
came from the Go crypto/sha256 package,
|
||||
which is released under the BSD-3-Clause license:
|
||||
|
||||
Copyright (c) 2009 The Go Authors. All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions are
|
||||
met:
|
||||
|
||||
* Redistributions of source code must retain the above copyright
|
||||
notice, this list of conditions and the following disclaimer.
|
||||
* Redistributions in binary form must reproduce the above
|
||||
copyright notice, this list of conditions and the following disclaimer
|
||||
in the documentation and/or other materials provided with the
|
||||
distribution.
|
||||
* Neither the name of Google Inc. nor the names of its
|
||||
contributors may be used to endorse or promote products derived from
|
||||
this software without specific prior written permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
-----------------------------------------------------------------------------
|
||||
|
||||
The code that was added in the fastsha256 project for midstate calculations
|
||||
is released under the ISC license:
|
||||
|
||||
ISC License
|
||||
|
||||
Copyright (c) 2013 Conformal Systems LLC.
|
||||
|
||||
Permission to use, copy, modify, and distribute this software for any
|
||||
purpose with or without fee is hereby granted, provided that the above
|
||||
copyright notice and this permission notice appear in all copies.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
218
src/vendor/github.com/btcsuite/fastsha256/sha256.go
generated
vendored
Normal file
218
src/vendor/github.com/btcsuite/fastsha256/sha256.go
generated
vendored
Normal file
|
@ -0,0 +1,218 @@
|
|||
// Copyright 2009 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// Package fastsha256 implements the SHA224 and SHA256 hash algorithms as defined
|
||||
// in FIPS 180-4.
|
||||
package fastsha256
|
||||
|
||||
import (
|
||||
"crypto"
|
||||
"hash"
|
||||
)
|
||||
|
||||
func init() {
|
||||
crypto.RegisterHash(crypto.SHA224, New224)
|
||||
crypto.RegisterHash(crypto.SHA256, New)
|
||||
}
|
||||
|
||||
// The size of a SHA256 checksum in bytes.
|
||||
const Size = 32
|
||||
|
||||
// The size of a SHA224 checksum in bytes.
|
||||
const Size224 = 28
|
||||
|
||||
// The blocksize of SHA256 and SHA224 in bytes.
|
||||
const BlockSize = 64
|
||||
|
||||
const (
|
||||
chunk = 64
|
||||
init0 = 0x6A09E667
|
||||
init1 = 0xBB67AE85
|
||||
init2 = 0x3C6EF372
|
||||
init3 = 0xA54FF53A
|
||||
init4 = 0x510E527F
|
||||
init5 = 0x9B05688C
|
||||
init6 = 0x1F83D9AB
|
||||
init7 = 0x5BE0CD19
|
||||
init0_224 = 0xC1059ED8
|
||||
init1_224 = 0x367CD507
|
||||
init2_224 = 0x3070DD17
|
||||
init3_224 = 0xF70E5939
|
||||
init4_224 = 0xFFC00B31
|
||||
init5_224 = 0x68581511
|
||||
init6_224 = 0x64F98FA7
|
||||
init7_224 = 0xBEFA4FA4
|
||||
)
|
||||
|
||||
// digest represents the partial evaluation of a checksum.
|
||||
type digest struct {
|
||||
h [8]uint32
|
||||
x [chunk]byte
|
||||
nx int
|
||||
len uint64
|
||||
is224 bool // mark if this digest is SHA-224
|
||||
}
|
||||
|
||||
func (d *digest) Reset() {
|
||||
if !d.is224 {
|
||||
d.h[0] = init0
|
||||
d.h[1] = init1
|
||||
d.h[2] = init2
|
||||
d.h[3] = init3
|
||||
d.h[4] = init4
|
||||
d.h[5] = init5
|
||||
d.h[6] = init6
|
||||
d.h[7] = init7
|
||||
} else {
|
||||
d.h[0] = init0_224
|
||||
d.h[1] = init1_224
|
||||
d.h[2] = init2_224
|
||||
d.h[3] = init3_224
|
||||
d.h[4] = init4_224
|
||||
d.h[5] = init5_224
|
||||
d.h[6] = init6_224
|
||||
d.h[7] = init7_224
|
||||
}
|
||||
d.nx = 0
|
||||
d.len = 0
|
||||
}
|
||||
|
||||
// New returns a new hash.Hash computing the SHA256 checksum.
|
||||
func New() hash.Hash {
|
||||
d := new(digest)
|
||||
d.Reset()
|
||||
return d
|
||||
}
|
||||
|
||||
// New224 returns a new hash.Hash computing the SHA224 checksum.
|
||||
func New224() hash.Hash {
|
||||
d := new(digest)
|
||||
d.is224 = true
|
||||
d.Reset()
|
||||
return d
|
||||
}
|
||||
|
||||
func (d *digest) Size() int {
|
||||
if !d.is224 {
|
||||
return Size
|
||||
}
|
||||
return Size224
|
||||
}
|
||||
|
||||
func (d *digest) BlockSize() int { return BlockSize }
|
||||
|
||||
func (d *digest) Write(p []byte) (nn int, err error) {
|
||||
nn = len(p)
|
||||
d.len += uint64(nn)
|
||||
if d.nx > 0 {
|
||||
n := copy(d.x[d.nx:], p)
|
||||
d.nx += n
|
||||
if d.nx == chunk {
|
||||
block(d, d.x[:])
|
||||
d.nx = 0
|
||||
}
|
||||
p = p[n:]
|
||||
}
|
||||
if len(p) >= chunk {
|
||||
n := len(p) &^ (chunk - 1)
|
||||
block(d, p[:n])
|
||||
p = p[n:]
|
||||
}
|
||||
if len(p) > 0 {
|
||||
d.nx = copy(d.x[:], p)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
func (d *digest) Sum(in []byte) []byte {
|
||||
// Make a copy of d so that caller can keep writing and summing.
|
||||
d0 := *d
|
||||
hash := d0.checkSum()
|
||||
if d0.is224 {
|
||||
return append(in, hash[:Size224]...)
|
||||
}
|
||||
return append(in, hash[:]...)
|
||||
}
|
||||
|
||||
func (d *digest) checkSum() [Size]byte {
|
||||
len := d.len
|
||||
// Padding. Add a 1 bit and 0 bits until 56 bytes mod 64.
|
||||
var tmp [64]byte
|
||||
tmp[0] = 0x80
|
||||
if len%64 < 56 {
|
||||
d.Write(tmp[0 : 56-len%64])
|
||||
} else {
|
||||
d.Write(tmp[0 : 64+56-len%64])
|
||||
}
|
||||
|
||||
// Length in bits.
|
||||
len <<= 3
|
||||
for i := uint(0); i < 8; i++ {
|
||||
tmp[i] = byte(len >> (56 - 8*i))
|
||||
}
|
||||
d.Write(tmp[0:8])
|
||||
|
||||
if d.nx != 0 {
|
||||
panic("d.nx != 0")
|
||||
}
|
||||
|
||||
h := d.h[:]
|
||||
if d.is224 {
|
||||
h = d.h[:7]
|
||||
}
|
||||
|
||||
var digest [Size]byte
|
||||
for i, s := range h {
|
||||
digest[i*4] = byte(s >> 24)
|
||||
digest[i*4+1] = byte(s >> 16)
|
||||
digest[i*4+2] = byte(s >> 8)
|
||||
digest[i*4+3] = byte(s)
|
||||
}
|
||||
|
||||
return digest
|
||||
}
|
||||
|
||||
// Sum256 returns the SHA256 checksum of the data.
|
||||
func Sum256(data []byte) [Size]byte {
|
||||
var d digest
|
||||
d.Reset()
|
||||
d.Write(data)
|
||||
return d.checkSum()
|
||||
}
|
||||
|
||||
// Sum224 returns the SHA224 checksum of the data.
|
||||
func Sum224(data []byte) (sum224 [Size224]byte) {
|
||||
var d digest
|
||||
d.is224 = true
|
||||
d.Reset()
|
||||
d.Write(data)
|
||||
sum := d.checkSum()
|
||||
copy(sum224[:], sum[:Size224])
|
||||
return
|
||||
}
|
||||
|
||||
// MidState256 returns the internal hashing state after hashing the first chunk
|
||||
// (BlockSize) of the data. This implemenation does not provide any mechanism
|
||||
// to initialize the internal hashing state, so this information can't be used
|
||||
// to skip hashing the first chunk on subsequent calls, but it is exposed so
|
||||
// sophisticated callers can make use of it.
|
||||
func MidState256(data []byte) [Size]byte {
|
||||
if len(data) > BlockSize {
|
||||
data = data[:BlockSize]
|
||||
}
|
||||
|
||||
var d digest
|
||||
d.Reset()
|
||||
d.Write(data)
|
||||
|
||||
var midState [Size]byte
|
||||
for i, s := range d.h {
|
||||
midState[i*4] = byte(s >> 24)
|
||||
midState[i*4+1] = byte(s >> 16)
|
||||
midState[i*4+2] = byte(s >> 8)
|
||||
midState[i*4+3] = byte(s)
|
||||
}
|
||||
|
||||
return midState
|
||||
}
|
128
src/vendor/github.com/btcsuite/fastsha256/sha256block.go
generated
vendored
Normal file
128
src/vendor/github.com/btcsuite/fastsha256/sha256block.go
generated
vendored
Normal file
|
@ -0,0 +1,128 @@
|
|||
// Copyright 2009 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// +build appengine !386,!amd64
|
||||
|
||||
// SHA256 block step.
|
||||
// In its own file so that a faster assembly or C version
|
||||
// can be substituted easily.
|
||||
|
||||
package fastsha256
|
||||
|
||||
var _K = []uint32{
|
||||
0x428a2f98,
|
||||
0x71374491,
|
||||
0xb5c0fbcf,
|
||||
0xe9b5dba5,
|
||||
0x3956c25b,
|
||||
0x59f111f1,
|
||||
0x923f82a4,
|
||||
0xab1c5ed5,
|
||||
0xd807aa98,
|
||||
0x12835b01,
|
||||
0x243185be,
|
||||
0x550c7dc3,
|
||||
0x72be5d74,
|
||||
0x80deb1fe,
|
||||
0x9bdc06a7,
|
||||
0xc19bf174,
|
||||
0xe49b69c1,
|
||||
0xefbe4786,
|
||||
0x0fc19dc6,
|
||||
0x240ca1cc,
|
||||
0x2de92c6f,
|
||||
0x4a7484aa,
|
||||
0x5cb0a9dc,
|
||||
0x76f988da,
|
||||
0x983e5152,
|
||||
0xa831c66d,
|
||||
0xb00327c8,
|
||||
0xbf597fc7,
|
||||
0xc6e00bf3,
|
||||
0xd5a79147,
|
||||
0x06ca6351,
|
||||
0x14292967,
|
||||
0x27b70a85,
|
||||
0x2e1b2138,
|
||||
0x4d2c6dfc,
|
||||
0x53380d13,
|
||||
0x650a7354,
|
||||
0x766a0abb,
|
||||
0x81c2c92e,
|
||||
0x92722c85,
|
||||
0xa2bfe8a1,
|
||||
0xa81a664b,
|
||||
0xc24b8b70,
|
||||
0xc76c51a3,
|
||||
0xd192e819,
|
||||
0xd6990624,
|
||||
0xf40e3585,
|
||||
0x106aa070,
|
||||
0x19a4c116,
|
||||
0x1e376c08,
|
||||
0x2748774c,
|
||||
0x34b0bcb5,
|
||||
0x391c0cb3,
|
||||
0x4ed8aa4a,
|
||||
0x5b9cca4f,
|
||||
0x682e6ff3,
|
||||
0x748f82ee,
|
||||
0x78a5636f,
|
||||
0x84c87814,
|
||||
0x8cc70208,
|
||||
0x90befffa,
|
||||
0xa4506ceb,
|
||||
0xbef9a3f7,
|
||||
0xc67178f2,
|
||||
}
|
||||
|
||||
func block(dig *digest, p []byte) {
|
||||
var w [64]uint32
|
||||
h0, h1, h2, h3, h4, h5, h6, h7 := dig.h[0], dig.h[1], dig.h[2], dig.h[3], dig.h[4], dig.h[5], dig.h[6], dig.h[7]
|
||||
for len(p) >= chunk {
|
||||
// Can interlace the computation of w with the
|
||||
// rounds below if needed for speed.
|
||||
for i := 0; i < 16; i++ {
|
||||
j := i * 4
|
||||
w[i] = uint32(p[j])<<24 | uint32(p[j+1])<<16 | uint32(p[j+2])<<8 | uint32(p[j+3])
|
||||
}
|
||||
for i := 16; i < 64; i++ {
|
||||
v1 := w[i-2]
|
||||
t1 := (v1>>17 | v1<<(32-17)) ^ (v1>>19 | v1<<(32-19)) ^ (v1 >> 10)
|
||||
v2 := w[i-15]
|
||||
t2 := (v2>>7 | v2<<(32-7)) ^ (v2>>18 | v2<<(32-18)) ^ (v2 >> 3)
|
||||
w[i] = t1 + w[i-7] + t2 + w[i-16]
|
||||
}
|
||||
|
||||
a, b, c, d, e, f, g, h := h0, h1, h2, h3, h4, h5, h6, h7
|
||||
|
||||
for i := 0; i < 64; i++ {
|
||||
t1 := h + ((e>>6 | e<<(32-6)) ^ (e>>11 | e<<(32-11)) ^ (e>>25 | e<<(32-25))) + ((e & f) ^ (^e & g)) + _K[i] + w[i]
|
||||
|
||||
t2 := ((a>>2 | a<<(32-2)) ^ (a>>13 | a<<(32-13)) ^ (a>>22 | a<<(32-22))) + ((a & b) ^ (a & c) ^ (b & c))
|
||||
|
||||
h = g
|
||||
g = f
|
||||
f = e
|
||||
e = d + t1
|
||||
d = c
|
||||
c = b
|
||||
b = a
|
||||
a = t1 + t2
|
||||
}
|
||||
|
||||
h0 += a
|
||||
h1 += b
|
||||
h2 += c
|
||||
h3 += d
|
||||
h4 += e
|
||||
h5 += f
|
||||
h6 += g
|
||||
h7 += h
|
||||
|
||||
p = p[chunk:]
|
||||
}
|
||||
|
||||
dig.h[0], dig.h[1], dig.h[2], dig.h[3], dig.h[4], dig.h[5], dig.h[6], dig.h[7] = h0, h1, h2, h3, h4, h5, h6, h7
|
||||
}
|
285
src/vendor/github.com/btcsuite/fastsha256/sha256block_386.s
generated
vendored
Normal file
285
src/vendor/github.com/btcsuite/fastsha256/sha256block_386.s
generated
vendored
Normal file
|
@ -0,0 +1,285 @@
|
|||
// Copyright 2013 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// +build !appengine
|
||||
|
||||
// SHA256 block routine. See sha256block.go for Go equivalent.
|
||||
//
|
||||
// The algorithm is detailed in FIPS 180-4:
|
||||
//
|
||||
// http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf
|
||||
//
|
||||
// Wt = Mt; for 0 <= t <= 15
|
||||
// Wt = SIGMA1(Wt-2) + SIGMA0(Wt-15) + Wt-16; for 16 <= t <= 63
|
||||
//
|
||||
// a = H0
|
||||
// b = H1
|
||||
// c = H2
|
||||
// d = H3
|
||||
// e = H4
|
||||
// f = H5
|
||||
// g = H6
|
||||
// h = H7
|
||||
//
|
||||
// for t = 0 to 63 {
|
||||
// T1 = h + BIGSIGMA1(e) + Ch(e,f,g) + Kt + Wt
|
||||
// T2 = BIGSIGMA0(a) + Maj(a,b,c)
|
||||
// h = g
|
||||
// g = f
|
||||
// f = e
|
||||
// e = d + T1
|
||||
// d = c
|
||||
// c = b
|
||||
// b = a
|
||||
// a = T1 + T2
|
||||
// }
|
||||
//
|
||||
// H0 = a + H0
|
||||
// H1 = b + H1
|
||||
// H2 = c + H2
|
||||
// H3 = d + H3
|
||||
// H4 = e + H4
|
||||
// H5 = f + H5
|
||||
// H6 = g + H6
|
||||
// H7 = h + H7
|
||||
|
||||
// Wt = Mt; for 0 <= t <= 15
|
||||
#define MSGSCHEDULE0(index) \
|
||||
MOVL (index*4)(SI), AX; \
|
||||
BSWAPL AX; \
|
||||
MOVL AX, (index*4)(BP)
|
||||
|
||||
// Wt = SIGMA1(Wt-2) + Wt-7 + SIGMA0(Wt-15) + Wt-16; for 16 <= t <= 63
|
||||
// SIGMA0(x) = ROTR(7,x) XOR ROTR(18,x) XOR SHR(3,x)
|
||||
// SIGMA1(x) = ROTR(17,x) XOR ROTR(19,x) XOR SHR(10,x)
|
||||
#define MSGSCHEDULE1(index) \
|
||||
MOVL ((index-2)*4)(BP), AX; \
|
||||
MOVL AX, CX; \
|
||||
RORL $17, AX; \
|
||||
MOVL CX, DX; \
|
||||
RORL $19, CX; \
|
||||
SHRL $10, DX; \
|
||||
MOVL ((index-15)*4)(BP), BX; \
|
||||
XORL CX, AX; \
|
||||
MOVL BX, CX; \
|
||||
XORL DX, AX; \
|
||||
RORL $7, BX; \
|
||||
MOVL CX, DX; \
|
||||
SHRL $3, DX; \
|
||||
RORL $18, CX; \
|
||||
ADDL ((index-7)*4)(BP), AX; \
|
||||
XORL CX, BX; \
|
||||
XORL DX, BX; \
|
||||
ADDL ((index-16)*4)(BP), BX; \
|
||||
ADDL BX, AX; \
|
||||
MOVL AX, ((index)*4)(BP)
|
||||
|
||||
// Calculate T1 in AX - uses AX, BX, CX and DX registers.
|
||||
// Wt is passed in AX.
|
||||
// T1 = h + BIGSIGMA1(e) + Ch(e, f, g) + Kt + Wt
|
||||
// BIGSIGMA1(x) = ROTR(6,x) XOR ROTR(11,x) XOR ROTR(25,x)
|
||||
// Ch(x, y, z) = (x AND y) XOR (NOT x AND z)
|
||||
#define SHA256T1(const, e, f, g, h) \
|
||||
MOVL (h*4)(DI), BX; \
|
||||
ADDL AX, BX; \
|
||||
MOVL (e*4)(DI), AX; \
|
||||
ADDL $const, BX; \
|
||||
MOVL (e*4)(DI), CX; \
|
||||
RORL $6, AX; \
|
||||
MOVL (e*4)(DI), DX; \
|
||||
RORL $11, CX; \
|
||||
XORL CX, AX; \
|
||||
MOVL (e*4)(DI), CX; \
|
||||
RORL $25, DX; \
|
||||
ANDL (f*4)(DI), CX; \
|
||||
XORL AX, DX; \
|
||||
MOVL (e*4)(DI), AX; \
|
||||
NOTL AX; \
|
||||
ADDL DX, BX; \
|
||||
ANDL (g*4)(DI), AX; \
|
||||
XORL CX, AX; \
|
||||
ADDL BX, AX
|
||||
|
||||
// Calculate T2 in BX - uses AX, BX, CX and DX registers.
|
||||
// T2 = BIGSIGMA0(a) + Maj(a, b, c)
|
||||
// BIGSIGMA0(x) = ROTR(2,x) XOR ROTR(13,x) XOR ROTR(22,x)
|
||||
// Maj(x, y, z) = (x AND y) XOR (x AND z) XOR (y AND z)
|
||||
#define SHA256T2(a, b, c) \
|
||||
MOVL (a*4)(DI), AX; \
|
||||
MOVL (c*4)(DI), BX; \
|
||||
RORL $2, AX; \
|
||||
MOVL (a*4)(DI), DX; \
|
||||
ANDL (b*4)(DI), BX; \
|
||||
RORL $13, DX; \
|
||||
MOVL (a*4)(DI), CX; \
|
||||
ANDL (c*4)(DI), CX; \
|
||||
XORL DX, AX; \
|
||||
XORL CX, BX; \
|
||||
MOVL (a*4)(DI), DX; \
|
||||
MOVL (b*4)(DI), CX; \
|
||||
RORL $22, DX; \
|
||||
ANDL (a*4)(DI), CX; \
|
||||
XORL CX, BX; \
|
||||
XORL DX, AX; \
|
||||
ADDL AX, BX
|
||||
|
||||
// Calculate T1 and T2, then e = d + T1 and a = T1 + T2.
|
||||
// The values for e and a are stored in d and h, ready for rotation.
|
||||
#define SHA256ROUND(index, const, a, b, c, d, e, f, g, h) \
|
||||
SHA256T1(const, e, f, g, h); \
|
||||
MOVL AX, 292(SP); \
|
||||
SHA256T2(a, b, c); \
|
||||
MOVL 292(SP), AX; \
|
||||
ADDL AX, BX; \
|
||||
ADDL AX, (d*4)(DI); \
|
||||
MOVL BX, (h*4)(DI)
|
||||
|
||||
#define SHA256ROUND0(index, const, a, b, c, d, e, f, g, h) \
|
||||
MSGSCHEDULE0(index); \
|
||||
SHA256ROUND(index, const, a, b, c, d, e, f, g, h)
|
||||
|
||||
#define SHA256ROUND1(index, const, a, b, c, d, e, f, g, h) \
|
||||
MSGSCHEDULE1(index); \
|
||||
SHA256ROUND(index, const, a, b, c, d, e, f, g, h)
|
||||
|
||||
TEXT ·block(SB),0,$296-12
|
||||
MOVL p_base+4(FP), SI
|
||||
MOVL p_len+8(FP), DX
|
||||
SHRL $6, DX
|
||||
SHLL $6, DX
|
||||
|
||||
LEAL (SI)(DX*1), DI
|
||||
MOVL DI, 288(SP)
|
||||
CMPL SI, DI
|
||||
JEQ end
|
||||
|
||||
LEAL 256(SP), DI // variables
|
||||
|
||||
MOVL dig+0(FP), BP
|
||||
MOVL (0*4)(BP), AX // a = H0
|
||||
MOVL AX, (0*4)(DI)
|
||||
MOVL (1*4)(BP), BX // b = H1
|
||||
MOVL BX, (1*4)(DI)
|
||||
MOVL (2*4)(BP), CX // c = H2
|
||||
MOVL CX, (2*4)(DI)
|
||||
MOVL (3*4)(BP), DX // d = H3
|
||||
MOVL DX, (3*4)(DI)
|
||||
MOVL (4*4)(BP), AX // e = H4
|
||||
MOVL AX, (4*4)(DI)
|
||||
MOVL (5*4)(BP), BX // f = H5
|
||||
MOVL BX, (5*4)(DI)
|
||||
MOVL (6*4)(BP), CX // g = H6
|
||||
MOVL CX, (6*4)(DI)
|
||||
MOVL (7*4)(BP), DX // h = H7
|
||||
MOVL DX, (7*4)(DI)
|
||||
|
||||
loop:
|
||||
MOVL SP, BP // message schedule
|
||||
|
||||
SHA256ROUND0(0, 0x428a2f98, 0, 1, 2, 3, 4, 5, 6, 7)
|
||||
SHA256ROUND0(1, 0x71374491, 7, 0, 1, 2, 3, 4, 5, 6)
|
||||
SHA256ROUND0(2, 0xb5c0fbcf, 6, 7, 0, 1, 2, 3, 4, 5)
|
||||
SHA256ROUND0(3, 0xe9b5dba5, 5, 6, 7, 0, 1, 2, 3, 4)
|
||||
SHA256ROUND0(4, 0x3956c25b, 4, 5, 6, 7, 0, 1, 2, 3)
|
||||
SHA256ROUND0(5, 0x59f111f1, 3, 4, 5, 6, 7, 0, 1, 2)
|
||||
SHA256ROUND0(6, 0x923f82a4, 2, 3, 4, 5, 6, 7, 0, 1)
|
||||
SHA256ROUND0(7, 0xab1c5ed5, 1, 2, 3, 4, 5, 6, 7, 0)
|
||||
SHA256ROUND0(8, 0xd807aa98, 0, 1, 2, 3, 4, 5, 6, 7)
|
||||
SHA256ROUND0(9, 0x12835b01, 7, 0, 1, 2, 3, 4, 5, 6)
|
||||
SHA256ROUND0(10, 0x243185be, 6, 7, 0, 1, 2, 3, 4, 5)
|
||||
SHA256ROUND0(11, 0x550c7dc3, 5, 6, 7, 0, 1, 2, 3, 4)
|
||||
SHA256ROUND0(12, 0x72be5d74, 4, 5, 6, 7, 0, 1, 2, 3)
|
||||
SHA256ROUND0(13, 0x80deb1fe, 3, 4, 5, 6, 7, 0, 1, 2)
|
||||
SHA256ROUND0(14, 0x9bdc06a7, 2, 3, 4, 5, 6, 7, 0, 1)
|
||||
SHA256ROUND0(15, 0xc19bf174, 1, 2, 3, 4, 5, 6, 7, 0)
|
||||
|
||||
SHA256ROUND1(16, 0xe49b69c1, 0, 1, 2, 3, 4, 5, 6, 7)
|
||||
SHA256ROUND1(17, 0xefbe4786, 7, 0, 1, 2, 3, 4, 5, 6)
|
||||
SHA256ROUND1(18, 0x0fc19dc6, 6, 7, 0, 1, 2, 3, 4, 5)
|
||||
SHA256ROUND1(19, 0x240ca1cc, 5, 6, 7, 0, 1, 2, 3, 4)
|
||||
SHA256ROUND1(20, 0x2de92c6f, 4, 5, 6, 7, 0, 1, 2, 3)
|
||||
SHA256ROUND1(21, 0x4a7484aa, 3, 4, 5, 6, 7, 0, 1, 2)
|
||||
SHA256ROUND1(22, 0x5cb0a9dc, 2, 3, 4, 5, 6, 7, 0, 1)
|
||||
SHA256ROUND1(23, 0x76f988da, 1, 2, 3, 4, 5, 6, 7, 0)
|
||||
SHA256ROUND1(24, 0x983e5152, 0, 1, 2, 3, 4, 5, 6, 7)
|
||||
SHA256ROUND1(25, 0xa831c66d, 7, 0, 1, 2, 3, 4, 5, 6)
|
||||
SHA256ROUND1(26, 0xb00327c8, 6, 7, 0, 1, 2, 3, 4, 5)
|
||||
SHA256ROUND1(27, 0xbf597fc7, 5, 6, 7, 0, 1, 2, 3, 4)
|
||||
SHA256ROUND1(28, 0xc6e00bf3, 4, 5, 6, 7, 0, 1, 2, 3)
|
||||
SHA256ROUND1(29, 0xd5a79147, 3, 4, 5, 6, 7, 0, 1, 2)
|
||||
SHA256ROUND1(30, 0x06ca6351, 2, 3, 4, 5, 6, 7, 0, 1)
|
||||
SHA256ROUND1(31, 0x14292967, 1, 2, 3, 4, 5, 6, 7, 0)
|
||||
SHA256ROUND1(32, 0x27b70a85, 0, 1, 2, 3, 4, 5, 6, 7)
|
||||
SHA256ROUND1(33, 0x2e1b2138, 7, 0, 1, 2, 3, 4, 5, 6)
|
||||
SHA256ROUND1(34, 0x4d2c6dfc, 6, 7, 0, 1, 2, 3, 4, 5)
|
||||
SHA256ROUND1(35, 0x53380d13, 5, 6, 7, 0, 1, 2, 3, 4)
|
||||
SHA256ROUND1(36, 0x650a7354, 4, 5, 6, 7, 0, 1, 2, 3)
|
||||
SHA256ROUND1(37, 0x766a0abb, 3, 4, 5, 6, 7, 0, 1, 2)
|
||||
SHA256ROUND1(38, 0x81c2c92e, 2, 3, 4, 5, 6, 7, 0, 1)
|
||||
SHA256ROUND1(39, 0x92722c85, 1, 2, 3, 4, 5, 6, 7, 0)
|
||||
SHA256ROUND1(40, 0xa2bfe8a1, 0, 1, 2, 3, 4, 5, 6, 7)
|
||||
SHA256ROUND1(41, 0xa81a664b, 7, 0, 1, 2, 3, 4, 5, 6)
|
||||
SHA256ROUND1(42, 0xc24b8b70, 6, 7, 0, 1, 2, 3, 4, 5)
|
||||
SHA256ROUND1(43, 0xc76c51a3, 5, 6, 7, 0, 1, 2, 3, 4)
|
||||
SHA256ROUND1(44, 0xd192e819, 4, 5, 6, 7, 0, 1, 2, 3)
|
||||
SHA256ROUND1(45, 0xd6990624, 3, 4, 5, 6, 7, 0, 1, 2)
|
||||
SHA256ROUND1(46, 0xf40e3585, 2, 3, 4, 5, 6, 7, 0, 1)
|
||||
SHA256ROUND1(47, 0x106aa070, 1, 2, 3, 4, 5, 6, 7, 0)
|
||||
SHA256ROUND1(48, 0x19a4c116, 0, 1, 2, 3, 4, 5, 6, 7)
|
||||
SHA256ROUND1(49, 0x1e376c08, 7, 0, 1, 2, 3, 4, 5, 6)
|
||||
SHA256ROUND1(50, 0x2748774c, 6, 7, 0, 1, 2, 3, 4, 5)
|
||||
SHA256ROUND1(51, 0x34b0bcb5, 5, 6, 7, 0, 1, 2, 3, 4)
|
||||
SHA256ROUND1(52, 0x391c0cb3, 4, 5, 6, 7, 0, 1, 2, 3)
|
||||
SHA256ROUND1(53, 0x4ed8aa4a, 3, 4, 5, 6, 7, 0, 1, 2)
|
||||
SHA256ROUND1(54, 0x5b9cca4f, 2, 3, 4, 5, 6, 7, 0, 1)
|
||||
SHA256ROUND1(55, 0x682e6ff3, 1, 2, 3, 4, 5, 6, 7, 0)
|
||||
SHA256ROUND1(56, 0x748f82ee, 0, 1, 2, 3, 4, 5, 6, 7)
|
||||
SHA256ROUND1(57, 0x78a5636f, 7, 0, 1, 2, 3, 4, 5, 6)
|
||||
SHA256ROUND1(58, 0x84c87814, 6, 7, 0, 1, 2, 3, 4, 5)
|
||||
SHA256ROUND1(59, 0x8cc70208, 5, 6, 7, 0, 1, 2, 3, 4)
|
||||
SHA256ROUND1(60, 0x90befffa, 4, 5, 6, 7, 0, 1, 2, 3)
|
||||
SHA256ROUND1(61, 0xa4506ceb, 3, 4, 5, 6, 7, 0, 1, 2)
|
||||
SHA256ROUND1(62, 0xbef9a3f7, 2, 3, 4, 5, 6, 7, 0, 1)
|
||||
SHA256ROUND1(63, 0xc67178f2, 1, 2, 3, 4, 5, 6, 7, 0)
|
||||
|
||||
MOVL dig+0(FP), BP
|
||||
MOVL (0*4)(BP), AX // H0 = a + H0
|
||||
ADDL (0*4)(DI), AX
|
||||
MOVL AX, (0*4)(DI)
|
||||
MOVL AX, (0*4)(BP)
|
||||
MOVL (1*4)(BP), BX // H1 = b + H1
|
||||
ADDL (1*4)(DI), BX
|
||||
MOVL BX, (1*4)(DI)
|
||||
MOVL BX, (1*4)(BP)
|
||||
MOVL (2*4)(BP), CX // H2 = c + H2
|
||||
ADDL (2*4)(DI), CX
|
||||
MOVL CX, (2*4)(DI)
|
||||
MOVL CX, (2*4)(BP)
|
||||
MOVL (3*4)(BP), DX // H3 = d + H3
|
||||
ADDL (3*4)(DI), DX
|
||||
MOVL DX, (3*4)(DI)
|
||||
MOVL DX, (3*4)(BP)
|
||||
MOVL (4*4)(BP), AX // H4 = e + H4
|
||||
ADDL (4*4)(DI), AX
|
||||
MOVL AX, (4*4)(DI)
|
||||
MOVL AX, (4*4)(BP)
|
||||
MOVL (5*4)(BP), BX // H5 = f + H5
|
||||
ADDL (5*4)(DI), BX
|
||||
MOVL BX, (5*4)(DI)
|
||||
MOVL BX, (5*4)(BP)
|
||||
MOVL (6*4)(BP), CX // H6 = g + H6
|
||||
ADDL (6*4)(DI), CX
|
||||
MOVL CX, (6*4)(DI)
|
||||
MOVL CX, (6*4)(BP)
|
||||
MOVL (7*4)(BP), DX // H7 = h + H7
|
||||
ADDL (7*4)(DI), DX
|
||||
MOVL DX, (7*4)(DI)
|
||||
MOVL DX, (7*4)(BP)
|
||||
|
||||
ADDL $64, SI
|
||||
CMPL SI, 288(SP)
|
||||
JB loop
|
||||
|
||||
end:
|
||||
RET
|
260
src/vendor/github.com/btcsuite/fastsha256/sha256block_amd64.s
generated
vendored
Normal file
260
src/vendor/github.com/btcsuite/fastsha256/sha256block_amd64.s
generated
vendored
Normal file
|
@ -0,0 +1,260 @@
|
|||
// Copyright 2013 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// +build !appengine
|
||||
|
||||
//#include "../../../cmd/ld/textflag.h"
|
||||
// just use the #define for now since this isn't in the main repo yet.
|
||||
#define NOSPLIT 4
|
||||
|
||||
// SHA256 block routine. See sha256block.go for Go equivalent.
|
||||
//
|
||||
// The algorithm is detailed in FIPS 180-4:
|
||||
//
|
||||
// http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf
|
||||
//
|
||||
// Wt = Mt; for 0 <= t <= 15
|
||||
// Wt = SIGMA1(Wt-2) + SIGMA0(Wt-15) + Wt-16; for 16 <= t <= 63
|
||||
//
|
||||
// a = H0
|
||||
// b = H1
|
||||
// c = H2
|
||||
// d = H3
|
||||
// e = H4
|
||||
// f = H5
|
||||
// g = H6
|
||||
// h = H7
|
||||
//
|
||||
// for t = 0 to 63 {
|
||||
// T1 = h + BIGSIGMA1(e) + Ch(e,f,g) + Kt + Wt
|
||||
// T2 = BIGSIGMA0(a) + Maj(a,b,c)
|
||||
// h = g
|
||||
// g = f
|
||||
// f = e
|
||||
// e = d + T1
|
||||
// d = c
|
||||
// c = b
|
||||
// b = a
|
||||
// a = T1 + T2
|
||||
// }
|
||||
//
|
||||
// H0 = a + H0
|
||||
// H1 = b + H1
|
||||
// H2 = c + H2
|
||||
// H3 = d + H3
|
||||
// H4 = e + H4
|
||||
// H5 = f + H5
|
||||
// H6 = g + H6
|
||||
// H7 = h + H7
|
||||
|
||||
// Wt = Mt; for 0 <= t <= 15
|
||||
#define MSGSCHEDULE0(index) \
|
||||
MOVL (index*4)(SI), AX; \
|
||||
BSWAPL AX; \
|
||||
MOVL AX, (index*4)(BP)
|
||||
|
||||
// Wt = SIGMA1(Wt-2) + Wt-7 + SIGMA0(Wt-15) + Wt-16; for 16 <= t <= 63
|
||||
// SIGMA0(x) = ROTR(7,x) XOR ROTR(18,x) XOR SHR(3,x)
|
||||
// SIGMA1(x) = ROTR(17,x) XOR ROTR(19,x) XOR SHR(10,x)
|
||||
#define MSGSCHEDULE1(index) \
|
||||
MOVL ((index-2)*4)(BP), AX; \
|
||||
MOVL AX, CX; \
|
||||
RORL $17, AX; \
|
||||
MOVL CX, DX; \
|
||||
RORL $19, CX; \
|
||||
SHRL $10, DX; \
|
||||
MOVL ((index-15)*4)(BP), BX; \
|
||||
XORL CX, AX; \
|
||||
MOVL BX, CX; \
|
||||
XORL DX, AX; \
|
||||
RORL $7, BX; \
|
||||
MOVL CX, DX; \
|
||||
SHRL $3, DX; \
|
||||
RORL $18, CX; \
|
||||
ADDL ((index-7)*4)(BP), AX; \
|
||||
XORL CX, BX; \
|
||||
XORL DX, BX; \
|
||||
ADDL ((index-16)*4)(BP), BX; \
|
||||
ADDL BX, AX; \
|
||||
MOVL AX, ((index)*4)(BP)
|
||||
|
||||
// Calculate T1 in AX - uses AX, CX and DX registers.
|
||||
// h is also used as an accumulator. Wt is passed in AX.
|
||||
// T1 = h + BIGSIGMA1(e) + Ch(e, f, g) + Kt + Wt
|
||||
// BIGSIGMA1(x) = ROTR(6,x) XOR ROTR(11,x) XOR ROTR(25,x)
|
||||
// Ch(x, y, z) = (x AND y) XOR (NOT x AND z)
|
||||
#define SHA256T1(const, e, f, g, h) \
|
||||
ADDL AX, h; \
|
||||
MOVL e, AX; \
|
||||
ADDL $const, h; \
|
||||
MOVL e, CX; \
|
||||
RORL $6, AX; \
|
||||
MOVL e, DX; \
|
||||
RORL $11, CX; \
|
||||
XORL CX, AX; \
|
||||
MOVL e, CX; \
|
||||
RORL $25, DX; \
|
||||
ANDL f, CX; \
|
||||
XORL AX, DX; \
|
||||
MOVL e, AX; \
|
||||
NOTL AX; \
|
||||
ADDL DX, h; \
|
||||
ANDL g, AX; \
|
||||
XORL CX, AX; \
|
||||
ADDL h, AX
|
||||
|
||||
// Calculate T2 in BX - uses BX, CX, DX and DI registers.
|
||||
// T2 = BIGSIGMA0(a) + Maj(a, b, c)
|
||||
// BIGSIGMA0(x) = ROTR(2,x) XOR ROTR(13,x) XOR ROTR(22,x)
|
||||
// Maj(x, y, z) = (x AND y) XOR (x AND z) XOR (y AND z)
|
||||
#define SHA256T2(a, b, c) \
|
||||
MOVL a, DI; \
|
||||
MOVL c, BX; \
|
||||
RORL $2, DI; \
|
||||
MOVL a, DX; \
|
||||
ANDL b, BX; \
|
||||
RORL $13, DX; \
|
||||
MOVL a, CX; \
|
||||
ANDL c, CX; \
|
||||
XORL DX, DI; \
|
||||
XORL CX, BX; \
|
||||
MOVL a, DX; \
|
||||
MOVL b, CX; \
|
||||
RORL $22, DX; \
|
||||
ANDL a, CX; \
|
||||
XORL CX, BX; \
|
||||
XORL DX, DI; \
|
||||
ADDL DI, BX
|
||||
|
||||
// Calculate T1 and T2, then e = d + T1 and a = T1 + T2.
|
||||
// The values for e and a are stored in d and h, ready for rotation.
|
||||
#define SHA256ROUND(index, const, a, b, c, d, e, f, g, h) \
|
||||
SHA256T1(const, e, f, g, h); \
|
||||
SHA256T2(a, b, c); \
|
||||
MOVL BX, h; \
|
||||
ADDL AX, d; \
|
||||
ADDL AX, h
|
||||
|
||||
#define SHA256ROUND0(index, const, a, b, c, d, e, f, g, h) \
|
||||
MSGSCHEDULE0(index); \
|
||||
SHA256ROUND(index, const, a, b, c, d, e, f, g, h)
|
||||
|
||||
#define SHA256ROUND1(index, const, a, b, c, d, e, f, g, h) \
|
||||
MSGSCHEDULE1(index); \
|
||||
SHA256ROUND(index, const, a, b, c, d, e, f, g, h)
|
||||
|
||||
TEXT ·block(SB),0,$264-32
|
||||
MOVQ p_base+8(FP), SI
|
||||
MOVQ p_len+16(FP), DX
|
||||
SHRQ $6, DX
|
||||
SHLQ $6, DX
|
||||
|
||||
LEAQ (SI)(DX*1), DI
|
||||
MOVQ DI, 256(SP)
|
||||
CMPQ SI, DI
|
||||
JEQ end
|
||||
|
||||
MOVQ dig+0(FP), BP
|
||||
MOVL (0*4)(BP), R8 // a = H0
|
||||
MOVL (1*4)(BP), R9 // b = H1
|
||||
MOVL (2*4)(BP), R10 // c = H2
|
||||
MOVL (3*4)(BP), R11 // d = H3
|
||||
MOVL (4*4)(BP), R12 // e = H4
|
||||
MOVL (5*4)(BP), R13 // f = H5
|
||||
MOVL (6*4)(BP), R14 // g = H6
|
||||
MOVL (7*4)(BP), R15 // h = H7
|
||||
|
||||
loop:
|
||||
MOVQ SP, BP // message schedule
|
||||
|
||||
SHA256ROUND0(0, 0x428a2f98, R8, R9, R10, R11, R12, R13, R14, R15)
|
||||
SHA256ROUND0(1, 0x71374491, R15, R8, R9, R10, R11, R12, R13, R14)
|
||||
SHA256ROUND0(2, 0xb5c0fbcf, R14, R15, R8, R9, R10, R11, R12, R13)
|
||||
SHA256ROUND0(3, 0xe9b5dba5, R13, R14, R15, R8, R9, R10, R11, R12)
|
||||
SHA256ROUND0(4, 0x3956c25b, R12, R13, R14, R15, R8, R9, R10, R11)
|
||||
SHA256ROUND0(5, 0x59f111f1, R11, R12, R13, R14, R15, R8, R9, R10)
|
||||
SHA256ROUND0(6, 0x923f82a4, R10, R11, R12, R13, R14, R15, R8, R9)
|
||||
SHA256ROUND0(7, 0xab1c5ed5, R9, R10, R11, R12, R13, R14, R15, R8)
|
||||
SHA256ROUND0(8, 0xd807aa98, R8, R9, R10, R11, R12, R13, R14, R15)
|
||||
SHA256ROUND0(9, 0x12835b01, R15, R8, R9, R10, R11, R12, R13, R14)
|
||||
SHA256ROUND0(10, 0x243185be, R14, R15, R8, R9, R10, R11, R12, R13)
|
||||
SHA256ROUND0(11, 0x550c7dc3, R13, R14, R15, R8, R9, R10, R11, R12)
|
||||
SHA256ROUND0(12, 0x72be5d74, R12, R13, R14, R15, R8, R9, R10, R11)
|
||||
SHA256ROUND0(13, 0x80deb1fe, R11, R12, R13, R14, R15, R8, R9, R10)
|
||||
SHA256ROUND0(14, 0x9bdc06a7, R10, R11, R12, R13, R14, R15, R8, R9)
|
||||
SHA256ROUND0(15, 0xc19bf174, R9, R10, R11, R12, R13, R14, R15, R8)
|
||||
|
||||
SHA256ROUND1(16, 0xe49b69c1, R8, R9, R10, R11, R12, R13, R14, R15)
|
||||
SHA256ROUND1(17, 0xefbe4786, R15, R8, R9, R10, R11, R12, R13, R14)
|
||||
SHA256ROUND1(18, 0x0fc19dc6, R14, R15, R8, R9, R10, R11, R12, R13)
|
||||
SHA256ROUND1(19, 0x240ca1cc, R13, R14, R15, R8, R9, R10, R11, R12)
|
||||
SHA256ROUND1(20, 0x2de92c6f, R12, R13, R14, R15, R8, R9, R10, R11)
|
||||
SHA256ROUND1(21, 0x4a7484aa, R11, R12, R13, R14, R15, R8, R9, R10)
|
||||
SHA256ROUND1(22, 0x5cb0a9dc, R10, R11, R12, R13, R14, R15, R8, R9)
|
||||
SHA256ROUND1(23, 0x76f988da, R9, R10, R11, R12, R13, R14, R15, R8)
|
||||
SHA256ROUND1(24, 0x983e5152, R8, R9, R10, R11, R12, R13, R14, R15)
|
||||
SHA256ROUND1(25, 0xa831c66d, R15, R8, R9, R10, R11, R12, R13, R14)
|
||||
SHA256ROUND1(26, 0xb00327c8, R14, R15, R8, R9, R10, R11, R12, R13)
|
||||
SHA256ROUND1(27, 0xbf597fc7, R13, R14, R15, R8, R9, R10, R11, R12)
|
||||
SHA256ROUND1(28, 0xc6e00bf3, R12, R13, R14, R15, R8, R9, R10, R11)
|
||||
SHA256ROUND1(29, 0xd5a79147, R11, R12, R13, R14, R15, R8, R9, R10)
|
||||
SHA256ROUND1(30, 0x06ca6351, R10, R11, R12, R13, R14, R15, R8, R9)
|
||||
SHA256ROUND1(31, 0x14292967, R9, R10, R11, R12, R13, R14, R15, R8)
|
||||
SHA256ROUND1(32, 0x27b70a85, R8, R9, R10, R11, R12, R13, R14, R15)
|
||||
SHA256ROUND1(33, 0x2e1b2138, R15, R8, R9, R10, R11, R12, R13, R14)
|
||||
SHA256ROUND1(34, 0x4d2c6dfc, R14, R15, R8, R9, R10, R11, R12, R13)
|
||||
SHA256ROUND1(35, 0x53380d13, R13, R14, R15, R8, R9, R10, R11, R12)
|
||||
SHA256ROUND1(36, 0x650a7354, R12, R13, R14, R15, R8, R9, R10, R11)
|
||||
SHA256ROUND1(37, 0x766a0abb, R11, R12, R13, R14, R15, R8, R9, R10)
|
||||
SHA256ROUND1(38, 0x81c2c92e, R10, R11, R12, R13, R14, R15, R8, R9)
|
||||
SHA256ROUND1(39, 0x92722c85, R9, R10, R11, R12, R13, R14, R15, R8)
|
||||
SHA256ROUND1(40, 0xa2bfe8a1, R8, R9, R10, R11, R12, R13, R14, R15)
|
||||
SHA256ROUND1(41, 0xa81a664b, R15, R8, R9, R10, R11, R12, R13, R14)
|
||||
SHA256ROUND1(42, 0xc24b8b70, R14, R15, R8, R9, R10, R11, R12, R13)
|
||||
SHA256ROUND1(43, 0xc76c51a3, R13, R14, R15, R8, R9, R10, R11, R12)
|
||||
SHA256ROUND1(44, 0xd192e819, R12, R13, R14, R15, R8, R9, R10, R11)
|
||||
SHA256ROUND1(45, 0xd6990624, R11, R12, R13, R14, R15, R8, R9, R10)
|
||||
SHA256ROUND1(46, 0xf40e3585, R10, R11, R12, R13, R14, R15, R8, R9)
|
||||
SHA256ROUND1(47, 0x106aa070, R9, R10, R11, R12, R13, R14, R15, R8)
|
||||
SHA256ROUND1(48, 0x19a4c116, R8, R9, R10, R11, R12, R13, R14, R15)
|
||||
SHA256ROUND1(49, 0x1e376c08, R15, R8, R9, R10, R11, R12, R13, R14)
|
||||
SHA256ROUND1(50, 0x2748774c, R14, R15, R8, R9, R10, R11, R12, R13)
|
||||
SHA256ROUND1(51, 0x34b0bcb5, R13, R14, R15, R8, R9, R10, R11, R12)
|
||||
SHA256ROUND1(52, 0x391c0cb3, R12, R13, R14, R15, R8, R9, R10, R11)
|
||||
SHA256ROUND1(53, 0x4ed8aa4a, R11, R12, R13, R14, R15, R8, R9, R10)
|
||||
SHA256ROUND1(54, 0x5b9cca4f, R10, R11, R12, R13, R14, R15, R8, R9)
|
||||
SHA256ROUND1(55, 0x682e6ff3, R9, R10, R11, R12, R13, R14, R15, R8)
|
||||
SHA256ROUND1(56, 0x748f82ee, R8, R9, R10, R11, R12, R13, R14, R15)
|
||||
SHA256ROUND1(57, 0x78a5636f, R15, R8, R9, R10, R11, R12, R13, R14)
|
||||
SHA256ROUND1(58, 0x84c87814, R14, R15, R8, R9, R10, R11, R12, R13)
|
||||
SHA256ROUND1(59, 0x8cc70208, R13, R14, R15, R8, R9, R10, R11, R12)
|
||||
SHA256ROUND1(60, 0x90befffa, R12, R13, R14, R15, R8, R9, R10, R11)
|
||||
SHA256ROUND1(61, 0xa4506ceb, R11, R12, R13, R14, R15, R8, R9, R10)
|
||||
SHA256ROUND1(62, 0xbef9a3f7, R10, R11, R12, R13, R14, R15, R8, R9)
|
||||
SHA256ROUND1(63, 0xc67178f2, R9, R10, R11, R12, R13, R14, R15, R8)
|
||||
|
||||
MOVQ dig+0(FP), BP
|
||||
ADDL (0*4)(BP), R8 // H0 = a + H0
|
||||
MOVL R8, (0*4)(BP)
|
||||
ADDL (1*4)(BP), R9 // H1 = b + H1
|
||||
MOVL R9, (1*4)(BP)
|
||||
ADDL (2*4)(BP), R10 // H2 = c + H2
|
||||
MOVL R10, (2*4)(BP)
|
||||
ADDL (3*4)(BP), R11 // H3 = d + H3
|
||||
MOVL R11, (3*4)(BP)
|
||||
ADDL (4*4)(BP), R12 // H4 = e + H4
|
||||
MOVL R12, (4*4)(BP)
|
||||
ADDL (5*4)(BP), R13 // H5 = f + H5
|
||||
MOVL R13, (5*4)(BP)
|
||||
ADDL (6*4)(BP), R14 // H6 = g + H6
|
||||
MOVL R14, (6*4)(BP)
|
||||
ADDL (7*4)(BP), R15 // H7 = h + H7
|
||||
MOVL R15, (7*4)(BP)
|
||||
|
||||
ADDQ $64, SI
|
||||
CMPQ SI, 256(SP)
|
||||
JB loop
|
||||
|
||||
end:
|
||||
RET
|
11
src/vendor/github.com/btcsuite/fastsha256/sha256block_decl.go
generated
vendored
Normal file
11
src/vendor/github.com/btcsuite/fastsha256/sha256block_decl.go
generated
vendored
Normal file
|
@ -0,0 +1,11 @@
|
|||
// Copyright 2013 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// +build 386,!appengine amd64,!appengine
|
||||
|
||||
package fastsha256
|
||||
|
||||
//go:noescape
|
||||
|
||||
func block(dig *digest, p []byte)
|
27
src/vendor/github.com/btcsuite/golangcrypto/LICENSE
generated
vendored
Normal file
27
src/vendor/github.com/btcsuite/golangcrypto/LICENSE
generated
vendored
Normal file
|
@ -0,0 +1,27 @@
|
|||
Copyright (c) 2009 The Go Authors. All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions are
|
||||
met:
|
||||
|
||||
* Redistributions of source code must retain the above copyright
|
||||
notice, this list of conditions and the following disclaimer.
|
||||
* Redistributions in binary form must reproduce the above
|
||||
copyright notice, this list of conditions and the following disclaimer
|
||||
in the documentation and/or other materials provided with the
|
||||
distribution.
|
||||
* Neither the name of Google Inc. nor the names of its
|
||||
contributors may be used to endorse or promote products derived from
|
||||
this software without specific prior written permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
22
src/vendor/github.com/btcsuite/golangcrypto/PATENTS
generated
vendored
Normal file
22
src/vendor/github.com/btcsuite/golangcrypto/PATENTS
generated
vendored
Normal file
|
@ -0,0 +1,22 @@
|
|||
Additional IP Rights Grant (Patents)
|
||||
|
||||
"This implementation" means the copyrightable works distributed by
|
||||
Google as part of the Go project.
|
||||
|
||||
Google hereby grants to You a perpetual, worldwide, non-exclusive,
|
||||
no-charge, royalty-free, irrevocable (except as stated in this section)
|
||||
patent license to make, have made, use, offer to sell, sell, import,
|
||||
transfer and otherwise run, modify and propagate the contents of this
|
||||
implementation of Go, where such license applies only to those patent
|
||||
claims, both currently owned or controlled by Google and acquired in
|
||||
the future, licensable by Google that are necessarily infringed by this
|
||||
implementation of Go. This grant does not include claims that would be
|
||||
infringed only as a consequence of further modification of this
|
||||
implementation. If you or your agent or exclusive licensee institute or
|
||||
order or agree to the institution of patent litigation against any
|
||||
entity (including a cross-claim or counterclaim in a lawsuit) alleging
|
||||
that this implementation of Go or any code incorporated within this
|
||||
implementation of Go constitutes direct or contributory patent
|
||||
infringement, or inducement of patent infringement, then any patent
|
||||
rights granted to you under this License for this implementation of Go
|
||||
shall terminate as of the date such litigation is filed.
|
120
src/vendor/github.com/btcsuite/golangcrypto/ripemd160/ripemd160.go
generated
vendored
Normal file
120
src/vendor/github.com/btcsuite/golangcrypto/ripemd160/ripemd160.go
generated
vendored
Normal file
|
@ -0,0 +1,120 @@
|
|||
// Copyright 2010 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// Package ripemd160 implements the RIPEMD-160 hash algorithm.
|
||||
package ripemd160 // import "github.com/btcsuite/golangcrypto/ripemd160"
|
||||
|
||||
// RIPEMD-160 is designed by by Hans Dobbertin, Antoon Bosselaers, and Bart
|
||||
// Preneel with specifications available at:
|
||||
// http://homes.esat.kuleuven.be/~cosicart/pdf/AB-9601/AB-9601.pdf.
|
||||
|
||||
import (
|
||||
"crypto"
|
||||
"hash"
|
||||
)
|
||||
|
||||
func init() {
|
||||
crypto.RegisterHash(crypto.RIPEMD160, New)
|
||||
}
|
||||
|
||||
// The size of the checksum in bytes.
|
||||
const Size = 20
|
||||
|
||||
// The block size of the hash algorithm in bytes.
|
||||
const BlockSize = 64
|
||||
|
||||
const (
|
||||
_s0 = 0x67452301
|
||||
_s1 = 0xefcdab89
|
||||
_s2 = 0x98badcfe
|
||||
_s3 = 0x10325476
|
||||
_s4 = 0xc3d2e1f0
|
||||
)
|
||||
|
||||
// digest represents the partial evaluation of a checksum.
|
||||
type digest struct {
|
||||
s [5]uint32 // running context
|
||||
x [BlockSize]byte // temporary buffer
|
||||
nx int // index into x
|
||||
tc uint64 // total count of bytes processed
|
||||
}
|
||||
|
||||
func (d *digest) Reset() {
|
||||
d.s[0], d.s[1], d.s[2], d.s[3], d.s[4] = _s0, _s1, _s2, _s3, _s4
|
||||
d.nx = 0
|
||||
d.tc = 0
|
||||
}
|
||||
|
||||
// New returns a new hash.Hash computing the checksum.
|
||||
func New() hash.Hash {
|
||||
result := new(digest)
|
||||
result.Reset()
|
||||
return result
|
||||
}
|
||||
|
||||
func (d *digest) Size() int { return Size }
|
||||
|
||||
func (d *digest) BlockSize() int { return BlockSize }
|
||||
|
||||
func (d *digest) Write(p []byte) (nn int, err error) {
|
||||
nn = len(p)
|
||||
d.tc += uint64(nn)
|
||||
if d.nx > 0 {
|
||||
n := len(p)
|
||||
if n > BlockSize-d.nx {
|
||||
n = BlockSize - d.nx
|
||||
}
|
||||
for i := 0; i < n; i++ {
|
||||
d.x[d.nx+i] = p[i]
|
||||
}
|
||||
d.nx += n
|
||||
if d.nx == BlockSize {
|
||||
_Block(d, d.x[0:])
|
||||
d.nx = 0
|
||||
}
|
||||
p = p[n:]
|
||||
}
|
||||
n := _Block(d, p)
|
||||
p = p[n:]
|
||||
if len(p) > 0 {
|
||||
d.nx = copy(d.x[:], p)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
func (d0 *digest) Sum(in []byte) []byte {
|
||||
// Make a copy of d0 so that caller can keep writing and summing.
|
||||
d := *d0
|
||||
|
||||
// Padding. Add a 1 bit and 0 bits until 56 bytes mod 64.
|
||||
tc := d.tc
|
||||
var tmp [64]byte
|
||||
tmp[0] = 0x80
|
||||
if tc%64 < 56 {
|
||||
d.Write(tmp[0 : 56-tc%64])
|
||||
} else {
|
||||
d.Write(tmp[0 : 64+56-tc%64])
|
||||
}
|
||||
|
||||
// Length in bits.
|
||||
tc <<= 3
|
||||
for i := uint(0); i < 8; i++ {
|
||||
tmp[i] = byte(tc >> (8 * i))
|
||||
}
|
||||
d.Write(tmp[0:8])
|
||||
|
||||
if d.nx != 0 {
|
||||
panic("d.nx != 0")
|
||||
}
|
||||
|
||||
var digest [Size]byte
|
||||
for i, s := range d.s {
|
||||
digest[i*4] = byte(s)
|
||||
digest[i*4+1] = byte(s >> 8)
|
||||
digest[i*4+2] = byte(s >> 16)
|
||||
digest[i*4+3] = byte(s >> 24)
|
||||
}
|
||||
|
||||
return append(in, digest[:]...)
|
||||
}
|
161
src/vendor/github.com/btcsuite/golangcrypto/ripemd160/ripemd160block.go
generated
vendored
Normal file
161
src/vendor/github.com/btcsuite/golangcrypto/ripemd160/ripemd160block.go
generated
vendored
Normal file
|
@ -0,0 +1,161 @@
|
|||
// Copyright 2010 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// RIPEMD-160 block step.
|
||||
// In its own file so that a faster assembly or C version
|
||||
// can be substituted easily.
|
||||
|
||||
package ripemd160
|
||||
|
||||
// work buffer indices and roll amounts for one line
|
||||
var _n = [80]uint{
|
||||
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
|
||||
7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8,
|
||||
3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12,
|
||||
1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2,
|
||||
4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13,
|
||||
}
|
||||
|
||||
var _r = [80]uint{
|
||||
11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8,
|
||||
7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12,
|
||||
11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5,
|
||||
11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12,
|
||||
9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6,
|
||||
}
|
||||
|
||||
// same for the other parallel one
|
||||
var n_ = [80]uint{
|
||||
5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12,
|
||||
6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2,
|
||||
15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13,
|
||||
8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14,
|
||||
12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11,
|
||||
}
|
||||
|
||||
var r_ = [80]uint{
|
||||
8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6,
|
||||
9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11,
|
||||
9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5,
|
||||
15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8,
|
||||
8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11,
|
||||
}
|
||||
|
||||
func _Block(md *digest, p []byte) int {
|
||||
n := 0
|
||||
var x [16]uint32
|
||||
var alpha, beta uint32
|
||||
for len(p) >= BlockSize {
|
||||
a, b, c, d, e := md.s[0], md.s[1], md.s[2], md.s[3], md.s[4]
|
||||
aa, bb, cc, dd, ee := a, b, c, d, e
|
||||
j := 0
|
||||
for i := 0; i < 16; i++ {
|
||||
x[i] = uint32(p[j]) | uint32(p[j+1])<<8 | uint32(p[j+2])<<16 | uint32(p[j+3])<<24
|
||||
j += 4
|
||||
}
|
||||
|
||||
// round 1
|
||||
i := 0
|
||||
for i < 16 {
|
||||
alpha = a + (b ^ c ^ d) + x[_n[i]]
|
||||
s := _r[i]
|
||||
alpha = (alpha<<s | alpha>>(32-s)) + e
|
||||
beta = c<<10 | c>>22
|
||||
a, b, c, d, e = e, alpha, b, beta, d
|
||||
|
||||
// parallel line
|
||||
alpha = aa + (bb ^ (cc | ^dd)) + x[n_[i]] + 0x50a28be6
|
||||
s = r_[i]
|
||||
alpha = (alpha<<s | alpha>>(32-s)) + ee
|
||||
beta = cc<<10 | cc>>22
|
||||
aa, bb, cc, dd, ee = ee, alpha, bb, beta, dd
|
||||
|
||||
i++
|
||||
}
|
||||
|
||||
// round 2
|
||||
for i < 32 {
|
||||
alpha = a + (b&c | ^b&d) + x[_n[i]] + 0x5a827999
|
||||
s := _r[i]
|
||||
alpha = (alpha<<s | alpha>>(32-s)) + e
|
||||
beta = c<<10 | c>>22
|
||||
a, b, c, d, e = e, alpha, b, beta, d
|
||||
|
||||
// parallel line
|
||||
alpha = aa + (bb&dd | cc&^dd) + x[n_[i]] + 0x5c4dd124
|
||||
s = r_[i]
|
||||
alpha = (alpha<<s | alpha>>(32-s)) + ee
|
||||
beta = cc<<10 | cc>>22
|
||||
aa, bb, cc, dd, ee = ee, alpha, bb, beta, dd
|
||||
|
||||
i++
|
||||
}
|
||||
|
||||
// round 3
|
||||
for i < 48 {
|
||||
alpha = a + (b | ^c ^ d) + x[_n[i]] + 0x6ed9eba1
|
||||
s := _r[i]
|
||||
alpha = (alpha<<s | alpha>>(32-s)) + e
|
||||
beta = c<<10 | c>>22
|
||||
a, b, c, d, e = e, alpha, b, beta, d
|
||||
|
||||
// parallel line
|
||||
alpha = aa + (bb | ^cc ^ dd) + x[n_[i]] + 0x6d703ef3
|
||||
s = r_[i]
|
||||
alpha = (alpha<<s | alpha>>(32-s)) + ee
|
||||
beta = cc<<10 | cc>>22
|
||||
aa, bb, cc, dd, ee = ee, alpha, bb, beta, dd
|
||||
|
||||
i++
|
||||
}
|
||||
|
||||
// round 4
|
||||
for i < 64 {
|
||||
alpha = a + (b&d | c&^d) + x[_n[i]] + 0x8f1bbcdc
|
||||
s := _r[i]
|
||||
alpha = (alpha<<s | alpha>>(32-s)) + e
|
||||
beta = c<<10 | c>>22
|
||||
a, b, c, d, e = e, alpha, b, beta, d
|
||||
|
||||
// parallel line
|
||||
alpha = aa + (bb&cc | ^bb&dd) + x[n_[i]] + 0x7a6d76e9
|
||||
s = r_[i]
|
||||
alpha = (alpha<<s | alpha>>(32-s)) + ee
|
||||
beta = cc<<10 | cc>>22
|
||||
aa, bb, cc, dd, ee = ee, alpha, bb, beta, dd
|
||||
|
||||
i++
|
||||
}
|
||||
|
||||
// round 5
|
||||
for i < 80 {
|
||||
alpha = a + (b ^ (c | ^d)) + x[_n[i]] + 0xa953fd4e
|
||||
s := _r[i]
|
||||
alpha = (alpha<<s | alpha>>(32-s)) + e
|
||||
beta = c<<10 | c>>22
|
||||
a, b, c, d, e = e, alpha, b, beta, d
|
||||
|
||||
// parallel line
|
||||
alpha = aa + (bb ^ cc ^ dd) + x[n_[i]]
|
||||
s = r_[i]
|
||||
alpha = (alpha<<s | alpha>>(32-s)) + ee
|
||||
beta = cc<<10 | cc>>22
|
||||
aa, bb, cc, dd, ee = ee, alpha, bb, beta, dd
|
||||
|
||||
i++
|
||||
}
|
||||
|
||||
// combine results
|
||||
dd += c + md.s[1]
|
||||
md.s[1] = md.s[2] + d + ee
|
||||
md.s[2] = md.s[3] + e + aa
|
||||
md.s[3] = md.s[4] + a + bb
|
||||
md.s[4] = md.s[0] + b + cc
|
||||
md.s[0] = dd
|
||||
|
||||
p = p[BlockSize:]
|
||||
n += BlockSize
|
||||
}
|
||||
return n
|
||||
}
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue