cryptopp recover public key

10 years ago · 98f3011aab
2 changed files with 28 additions and 19 deletions
--- a/libdevcrypto/EC.cpp
+++ b/libdevcrypto/EC.cpp
@ -153,24 +153,33 @@ bool crypto::verify(Public const& _p, Signature const& _sig, bytesConstRef _mess

 Public crypto::recover(Signature _signature, bytesConstRef _message)
 {
-	secp256k1_start();
+	Integer heInt(_message.data(), 32);
 	
-	int pubkeylen = 65;
-	byte pubkey[pubkeylen];
-	if (!secp256k1_ecdsa_recover_compact(_message.data(), 32, _signature.data(), pubkey, &pubkeylen, 0, (int)_signature[64]))
-		return Public();
-	
-#if ETH_CRYPTO_TRACE
-	h256* sig = (h256 const*)_signature.data();
-	cout << "---- RECOVER -------------------------------" << endl;
-	cout << "MSG: " << _message << endl;
-	cout << "R S V: " << sig[0] << " " << sig[1] << " " << (int)(_signature[64] - 27) << "+27" << endl;
-	cout << "PUB: " << toHex(bytesConstRef(&(pubkey[1]), 64)) << endl;
-#endif
-	
-	Public ret;
-	memcpy(&ret, &(pubkey[1]), sizeof(Public));
-	return ret;
+	// a different curve would require additional check for v (aka, recid)
+	Integer r(_signature.data(), 32);
+	Integer s(_signature.data()+32, 32);
+	unsigned recid = _signature[64];
+	
+	byte encodedpoint[33];
+	encodedpoint[0] = recid|2;
+	memcpy(&encodedpoint[1], _signature.data(), 32);
+
+	ECP::Element x;
+	secp256k1Params.GetCurve().DecodePoint(x, encodedpoint, 33);
+
+	if (!secp256k1Params.GetCurve().VerifyPoint(x))
+		BOOST_THROW_EXCEPTION(InvalidState());
+	
+	Integer rn = r.InverseMod(secp256k1Params.GetGroupOrder());
+	Integer u1 = secp256k1Params.GetGroupOrder() - (rn.Times(heInt)).Modulo(secp256k1Params.GetGroupOrder());
+	Integer u2 = (rn.Times(s)).Modulo(secp256k1Params.GetGroupOrder());
+
+	ECP::Point p = secp256k1Params.GetCurve().CascadeMultiply(u2, x, u1, secp256k1Params.GetSubgroupGenerator());
+	byte recoveredbytes[65];
+	secp256k1Params.GetCurve().EncodePoint(recoveredbytes, p, false);
+	Public recovered;
+	memcpy(recovered.data(), &recoveredbytes[1], 64);
+	return recovered;
 }

 bool crypto::verifySecret(Secret const& _s, Public const& _p)
--- a/test/crypto.cpp
+++ b/test/crypto.cpp
@ -172,12 +172,12 @@ BOOST_AUTO_TEST_CASE(cryptopp_ecdsa_sipaseckp256k1)
 	Integer nB(fromHex("f2ee15ea639b73fa3db9b34a245bdfa015c260c598b211bf05a1ecc4b3e3b4f2").data(), 32);
 	BOOST_REQUIRE(nHex == nB);
 	
-	bytes sbytes(fromHex("0x01"));
+	bytes sbytes(fromHex("0xFFFF"));
 	Secret secret(sha3(sbytes)); // 5fe7f977e71dba2ea1a68e21057beebb9be2ac30c6410aa38d4f3fbe41dcffd2
 	KeyPair key(secret);
 	
-	bytes m(fromHex("0x01"));
-	int tests = 2;
+	bytes m(fromHex("0xFF"));
+	int tests = 3;
 	while (m[0]++, tests--)
 	{
 		h256 hm(sha3(m));