Merge pull request #2 from jpeng-go/master

add signtype ed25519

Merge pull request #2 from jpeng-go/master
ad5f4281 · andyYuanFZM · GitHub · 5eeccd60 · da5d4bcf · ad5f4281
Unverified Commit ad5f4281 authored Jun 19, 2020 by andyYuanFZM Committed by GitHub Jun 19, 2020
21 changed files
--- a/account.go
+++ b/account.go
@@ -3,6 +3,7 @@ package sdk
 import (
 	"errors"
 	"github.com/33cn/chain33-sdk-go/crypto"
+	"github.com/33cn/chain33-sdk-go/crypto/ed25519"
 	"github.com/33cn/chain33-sdk-go/crypto/gm"
 )
@@ -37,7 +38,18 @@ func NewAccount(signType string) (*Account, error) {
 		}
 		account.Address = addr
 	} else if signType == crypto.ED25519 {
-		// TODO
+		priv, pub, err := ed25519.GenerateKey()
+		if err != nil {
+			return nil, err
+		}
+		copy(account.PrivateKey, priv)
+		copy(account.PublicKey, pub)
+		addr, err := crypto.PubKeyToAddress(account.PublicKey)
+		if err != nil {
+			return nil, err
+		}
+		account.Address = addr
 	} else {
 		return nil, errors.New("sign type not support")
 	}

--- a/crypto/crypto_test.go
+++ b/crypto/crypto_test.go
@@ -2,6 +2,7 @@ package  crypto
 import (
 	"fmt"
+	"github.com/33cn/chain33-sdk-go/crypto/ed25519"
 	"github.com/33cn/chain33-sdk-go/crypto/gm"
 	"github.com/33cn/chain33-sdk-go/types"
 	"github.com/stretchr/testify/assert"
@@ -47,7 +48,7 @@ func TestSM2(t *testing.T) {
 	fmt.Printf("sig = %x\n", sig)
 	result := gm.SM2Verify(msg, pub, sig, nil)
-	fmt.Println(result)
+	assert.Equal(t, true, result)
 }
 func TestSM4(t *testing.T) {
@@ -84,3 +85,19 @@ func TestKDF(t *testing.T) {
 	fmt.Println(keyf)
 	fmt.Println(len(keyf))
 }
+func TestED25519(t *testing.T) {
+	priv, pub, err := ed25519.GenerateKey()
+	if err != nil {
+		assert.Fail(t, err.Error())
+	}
+	fmt.Println(types.ToHex(pub))
+	msg := []byte("sign test")
+	sig := ed25519.Sign(priv, msg)
+	fmt.Printf("sig = %x\n", sig)
+	result := ed25519.Verify(pub, msg, sig)
+	assert.Equal(t, true, result)
+}
--- a/crypto/ed25519/ed25519.go
+++ b/crypto/ed25519/ed25519.go
+// Copyright Fuzamei Corp. 2018 All Rights Reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+// Copyright 2013 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+// Package ed25519 implements the Ed25519 signature algorithm. See
+// http://ed25519.cr.yp.to/.
+package ed25519
+// This code is a port of the public domain, "ref10" implementation of ed25519
+// from SUPERCOP.
+import (
+	"crypto/rand"
+	"crypto/sha512"
+	"crypto/subtle"
+	"github.com/33cn/chain33-sdk-go/crypto/ed25519/edwards25519"
+)
+//const
+const (
+	PublicKeySize  = 32
+	PrivateKeySize = 64
+	SignatureSize  = 64
+)
+// GenerateKey generates a public/private key pair using randomness from rand.
+func GenerateKey() ([]byte, []byte, error) {
+	privateKey := make([]byte, PrivateKeySize)
+	_, err := rand.Read(privateKey[:32])
+	if err != nil {
+		return nil, nil, err
+	}
+	publicKey := MakePublicKey(privateKey)
+	return privateKey, publicKey, nil
+}
+// MakePublicKey makes a publicKey from the first half of privateKey.
+func MakePublicKey(privateKey []byte) []byte {
+	publicKey := new([PublicKeySize]byte)
+	h := sha512.New()
+	h.Write(privateKey[:32])
+	digest := h.Sum(nil)
+	digest[0] &= 248
+	digest[31] &= 127
+	digest[31] |= 64
+	var A edwards25519.ExtendedGroupElement
+	var hBytes [32]byte
+	copy(hBytes[:], digest)
+	edwards25519.GeScalarMultBase(&A, &hBytes)
+	A.ToBytes(publicKey)
+	pub := make([]byte, PublicKeySize)
+	copy(privateKey[32:], publicKey[:])
+	copy(pub[:], publicKey[:])
+	return pub
+}
+// Sign signs the message with privateKey and returns a signature.
+func Sign(privateKey []byte, message []byte) []byte {
+	h := sha512.New()
+	h.Write(privateKey[:32])
+	var digest1, messageDigest, hramDigest [64]byte
+	var expandedSecretKey [32]byte
+	h.Sum(digest1[:0])
+	copy(expandedSecretKey[:], digest1[:])
+	expandedSecretKey[0] &= 248
+	expandedSecretKey[31] &= 63
+	expandedSecretKey[31] |= 64
+	h.Reset()
+	h.Write(digest1[32:])
+	h.Write(message)
+	h.Sum(messageDigest[:0])
+	var messageDigestReduced [32]byte
+	edwards25519.ScReduce(&messageDigestReduced, &messageDigest)
+	var R edwards25519.ExtendedGroupElement
+	edwards25519.GeScalarMultBase(&R, &messageDigestReduced)
+	var encodedR [32]byte
+	R.ToBytes(&encodedR)
+	h.Reset()
+	h.Write(encodedR[:])
+	h.Write(privateKey[32:])
+	h.Write(message)
+	h.Sum(hramDigest[:0])
+	var hramDigestReduced [32]byte
+	edwards25519.ScReduce(&hramDigestReduced, &hramDigest)
+	var s [32]byte
+	edwards25519.ScMulAdd(&s, &hramDigestReduced, &expandedSecretKey, &messageDigestReduced)
+	signature := make([]byte, SignatureSize)
+	copy(signature[:], encodedR[:])
+	copy(signature[32:], s[:])
+	return signature
+}
+// Verify returns true iff sig is a valid signature of message by publicKey.
+func Verify(publicKey []byte, message []byte, sig []byte) bool {
+	if sig[63]&224 != 0 {
+		return false
+	}
+	pub := new([PublicKeySize]byte)
+	copy(pub[:], publicKey[:])
+	var A edwards25519.ExtendedGroupElement
+	if !A.FromBytes(pub) {
+		return false
+	}
+	edwards25519.FeNeg(&A.X, &A.X)
+	edwards25519.FeNeg(&A.T, &A.T)
+	h := sha512.New()
+	h.Write(sig[:32])
+	h.Write(publicKey[:])
+	h.Write(message)
+	var digest [64]byte
+	h.Sum(digest[:0])
+	var hReduced [32]byte
+	edwards25519.ScReduce(&hReduced, &digest)
+	var R edwards25519.ProjectiveGroupElement
+	var b [32]byte
+	copy(b[:], sig[32:])
+	edwards25519.GeDoubleScalarMultVartime(&R, &hReduced, &A, &b)
+	var checkR [32]byte
+	R.ToBytes(&checkR)
+	return subtle.ConstantTimeCompare(sig[:32], checkR[:]) == 1
+}
--- a/crypto/ed25519/edwards25519/const.go
+++ b/crypto/ed25519/edwards25519/const.go
--- a/crypto/ed25519/edwards25519/edwards25519.go
+++ b/crypto/ed25519/edwards25519/edwards25519.go
--- a/crypto/ed25519/edwards25519/edwards25519_addtion.go
+++ b/crypto/ed25519/edwards25519/edwards25519_addtion.go
--- a/crypto/gm/sm2.go
+++ b/crypto/gm/sm2.go
@@ -45,17 +45,17 @@ func parsePubKey(pubKeyStr []byte) (key *sm2.PublicKey) {
 	return sm2.Decompress(pubKeyStr)
 }
+//SerializePublicKey 公钥序列化
+func serializePublicKey(p *sm2.PublicKey) []byte {
+	return sm2.Compress(p)
+}
 //SerializePrivateKey 私钥序列化
 func serializePrivateKey(p *sm2.PrivateKey) []byte {
 	b := make([]byte, 0, SM2PrivateKeyLength)
 	return paddedAppend(SM2PrivateKeyLength, b, p.D.Bytes())
 }
-//SerializePublicKey 公钥序列化
-func serializePublicKey(p *sm2.PublicKey) []byte {
-	return sm2.Compress(p)
-}
 func paddedAppend(size uint, dst, src []byte) []byte {
 	for i := 0; i < int(size)-len(src); i++ {
 		dst = append(dst, 0)

--- a/crypto/sha3/doc.go
+++ b/crypto/sha3/doc.go
+// Copyright Fuzamei Corp. 2018 All Rights Reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+// Package sha3 implements the SHA-3 fixed-output-length hash functions and
+// the SHAKE variable-output-length hash functions defined by FIPS-202.
+//
+// Both types of hash function use the "sponge" construction and the Keccak
+// permutation. For a detailed specification see http://keccak.noekeon.org/
+//
+//
+// Guidance
+//
+// If you aren't sure what function you need, use SHAKE256 with at least 64
+// bytes of output. The SHAKE instances are faster than the SHA3 instances;
+// the latter have to allocate memory to conform to the hash.Hash interface.
+//
+// If you need a secret-key MAC (message authentication code), prepend the
+// secret key to the input, hash with SHAKE256 and read at least 32 bytes of
+// output.
+//
+//
+// Security strengths
+//
+// The SHA3-x (x equals 224, 256, 384, or 512) functions have a security
+// strength against preimage attacks of x bits. Since they only produce "x"
+// bits of output, their collision-resistance is only "x/2" bits.
+//
+// The SHAKE-256 and -128 functions have a generic security strength of 256 and
+// 128 bits against all attacks, provided that at least 2x bits of their output
+// is used.  Requesting more than 64 or 32 bytes of output, respectively, does
+// not increase the collision-resistance of the SHAKE functions.
+//
+//
+// The sponge construction
+//
+// A sponge builds a pseudo-random function from a public pseudo-random
+// permutation, by applying the permutation to a state of "rate + capacity"
+// bytes, but hiding "capacity" of the bytes.
+//
+// A sponge starts out with a zero state. To hash an input using a sponge, up
+// to "rate" bytes of the input are XORed into the sponge's state. The sponge
+// is then "full" and the permutation is applied to "empty" it. This process is
+// repeated until all the input has been "absorbed". The input is then padded.
+// The digest is "squeezed" from the sponge in the same way, except that output
+// output is copied out instead of input being XORed in.
+//
+// A sponge is parameterized by its generic security strength, which is equal
+// to half its capacity; capacity + rate is equal to the permutation's width.
+// Since the KeccakF-1600 permutation is 1600 bits (200 bytes) wide, this means
+// that the security strength of a sponge instance is equal to (1600 - bitrate) / 2.
+//
+//
+// Recommendations
+//
+// The SHAKE functions are recommended for most new uses. They can produce
+// output of arbitrary length. SHAKE256, with an output length of at least
+// 64 bytes, provides 256-bit security against all attacks.  The Keccak team
+// recommends it for most applications upgrading from SHA2-512. (NIST chose a
+// much stronger, but much slower, sponge instance for SHA3-512.)
+//
+// The SHA-3 functions are "drop-in" replacements for the SHA-2 functions.
+// They produce output of the same length, with the same security strengths
+// against all attacks. This means, in particular, that SHA3-256 only has
+// 128-bit collision resistance, because its output length is 32 bytes.
+package sha3
--- a/crypto/sha3/hashes.go
+++ b/crypto/sha3/hashes.go
+// Copyright Fuzamei Corp. 2018 All Rights Reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+package sha3
+// This file provides functions for creating instances of the SHA-3
+// and SHAKE hash functions, as well as utility functions for hashing
+// bytes.
+import (
+	"hash"
+)
+// NewKeccak256 creates a new Keccak-256 hash.
+func NewKeccak256() hash.Hash { return &state{rate: 136, outputLen: 32, dsbyte: 0x01} }
+// NewKeccak512 creates a new Keccak-512 hash.
+func NewKeccak512() hash.Hash { return &state{rate: 72, outputLen: 64, dsbyte: 0x01} }
+// New224 creates a new SHA3-224 hash.
+// Its generic security strength is 224 bits against preimage attacks,
+// and 112 bits against collision attacks.
+func New224() hash.Hash { return &state{rate: 144, outputLen: 28, dsbyte: 0x06} }
+// New256 creates a new SHA3-256 hash.
+// Its generic security strength is 256 bits against preimage attacks,
+// and 128 bits against collision attacks.
+func New256() hash.Hash { return &state{rate: 136, outputLen: 32, dsbyte: 0x06} }
+// New384 creates a new SHA3-384 hash.
+// Its generic security strength is 384 bits against preimage attacks,
+// and 192 bits against collision attacks.
+func New384() hash.Hash { return &state{rate: 104, outputLen: 48, dsbyte: 0x06} }
+// New512 creates a new SHA3-512 hash.
+// Its generic security strength is 512 bits against preimage attacks,
+// and 256 bits against collision attacks.
+func New512() hash.Hash { return &state{rate: 72, outputLen: 64, dsbyte: 0x06} }
+// NewLegacyKeccak256 creates a new Keccak-256 hash.
+//
+// Only use this function if you require compatibility with an existing cryptosystem
+// that uses non-standard padding. All other users should use New256 instead.
+func NewLegacyKeccak256() hash.Hash { return &state{rate: 136, outputLen: 32, dsbyte: 0x01} }
+// Sum224 returns the SHA3-224 digest of the data.
+func Sum224(data []byte) (digest [28]byte) {
+	h := New224()
+	h.Write(data)
+	h.Sum(digest[:0])
+	return
+}
+// Sum256 returns the SHA3-256 digest of the data.
+func Sum256(data []byte) (digest [32]byte) {
+	h := New256()
+	h.Write(data)
+	h.Sum(digest[:0])
+	return
+}
+// Sum384 returns the SHA3-384 digest of the data.
+func Sum384(data []byte) (digest [48]byte) {
+	h := New384()
+	h.Write(data)
+	h.Sum(digest[:0])
+	return
+}
+// Sum512 returns the SHA3-512 digest of the data.
+func Sum512(data []byte) (digest [64]byte) {
+	h := New512()
+	h.Write(data)
+	h.Sum(digest[:0])
+	return
+}
+// KeccakSum256 returns the Keccak-256 digest of the data.
+func KeccakSum256(data []byte) (digest [32]byte) {
+	h := NewKeccak256()
+	h.Write(data)
+	h.Sum(digest[:0])
+	return
+}
+// KeccakSum512 returns the Keccak-512 digest of the data.
+func KeccakSum512(data []byte) (digest [32]byte) {
+	h := NewKeccak512()
+	h.Write(data)
+	h.Sum(digest[:0])
+	return
+}
--- a/crypto/sha3/keccakf.go
+++ b/crypto/sha3/keccakf.go
--- a/crypto/sha3/keccakf_amd64.go
+++ b/crypto/sha3/keccakf_amd64.go
+// Copyright Fuzamei Corp. 2018 All Rights Reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+// +build amd64,!appengine,!gccgo
+package sha3
+// This function is implemented in keccakf_amd64.s.
+//go:noescape
+func keccakF1600(a *[25]uint64)
--- a/crypto/sha3/keccakf_amd64.s
+++ b/crypto/sha3/keccakf_amd64.s
--- a/crypto/sha3/register.go
+++ b/crypto/sha3/register.go
+// Copyright Fuzamei Corp. 2018 All Rights Reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+// +build go1.4
+package sha3
+import (
+	"crypto"
+)
+func init() {
+	crypto.RegisterHash(crypto.SHA3_224, New224)
+	crypto.RegisterHash(crypto.SHA3_256, New256)
+	crypto.RegisterHash(crypto.SHA3_384, New384)
+	crypto.RegisterHash(crypto.SHA3_512, New512)
+}
--- a/crypto/sha3/sha3.go
+++ b/crypto/sha3/sha3.go
+// Copyright Fuzamei Corp. 2018 All Rights Reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+package sha3
+// spongeDirection indicates the direction bytes are flowing through the sponge.
+type spongeDirection int
+const (
+	// spongeAbsorbing indicates that the sponge is absorbing input.
+	spongeAbsorbing spongeDirection = iota
+	// spongeSqueezing indicates that the sponge is being squeezed.
+	spongeSqueezing
+)
+const (
+	// maxRate is the maximum size of the internal buffer. SHAKE-256
+	// currently needs the largest buffer.
+	maxRate = 168
+)
+type state struct {
+	// Generic sponge components.
+	a    [25]uint64 // main state of the hash
+	buf  []byte     // points into storage
+	rate int        // the number of bytes of state to use
+	// dsbyte contains the "domain separation" bits and the first bit of
+	// the padding. Sections 6.1 and 6.2 of [1] separate the outputs of the
+	// SHA-3 and SHAKE functions by appending bitstrings to the message.
+	// Using a little-endian bit-ordering convention, these are "01" for SHA-3
+	// and "1111" for SHAKE, or 00000010b and 00001111b, respectively. Then the
+	// padding rule from section 5.1 is applied to pad the message to a multiple
+	// of the rate, which involves adding a "1" bit, zero or more "0" bits, and
+	// a final "1" bit. We merge the first "1" bit from the padding into dsbyte,
+	// giving 00000110b (0x06) and 00011111b (0x1f).
+	// [1] http://csrc.nist.gov/publications/drafts/fips-202/fips_202_draft.pdf
+	//     "Draft FIPS 202: SHA-3 Standard: Permutation-Based Hash and
+	//      Extendable-Output Functions (May 2014)"
+	dsbyte  byte
+	storage [maxRate]byte
+	// Specific to SHA-3 and SHAKE.
+	outputLen int             // the default output size in bytes
+	state     spongeDirection // whether the sponge is absorbing or squeezing
+}
+// BlockSize returns the rate of sponge underlying this hash function.
+func (d *state) BlockSize() int { return d.rate }
+// Size returns the output size of the hash function in bytes.
+func (d *state) Size() int { return d.outputLen }
+// Reset clears the internal state by zeroing the sponge state and
+// the byte buffer, and setting Sponge.state to absorbing.
+func (d *state) Reset() {
+	// Zero the permutation's state.
+	for i := range d.a {
+		d.a[i] = 0
+	}
+	d.state = spongeAbsorbing
+	d.buf = d.storage[:0]
+}
+func (d *state) clone() *state {
+	ret := *d
+	if ret.state == spongeAbsorbing {
+		ret.buf = ret.storage[:len(ret.buf)]
+	} else {
+		ret.buf = ret.storage[d.rate-cap(d.buf) : d.rate]
+	}
+	return &ret
+}
+// permute applies the KeccakF-1600 permutation. It handles
+// any input-output buffering.
+func (d *state) permute() {
+	switch d.state {
+	case spongeAbsorbing:
+		// If we're absorbing, we need to xor the input into the state
+		// before applying the permutation.
+		xorIn(d, d.buf)
+		d.buf = d.storage[:0]
+		keccakF1600(&d.a)
+	case spongeSqueezing:
+		// If we're squeezing, we need to apply the permutatin before
+		// copying more output.
+		keccakF1600(&d.a)
+		d.buf = d.storage[:d.rate]
+		copyOut(d, d.buf)
+	}
+}
+// pads appends the domain separation bits in dsbyte, applies
+// the multi-bitrate 10..1 padding rule, and permutes the state.
+func (d *state) padAndPermute(dsbyte byte) {
+	if d.buf == nil {
+		d.buf = d.storage[:0]
+	}
+	// Pad with this instance's domain-separator bits. We know that there's
+	// at least one byte of space in d.buf because, if it were full,
+	// permute would have been called to empty it. dsbyte also contains the
+	// first one bit for the padding. See the comment in the state struct.
+	d.buf = append(d.buf, dsbyte)
+	zerosStart := len(d.buf)
+	d.buf = d.storage[:d.rate]
+	for i := zerosStart; i < d.rate; i++ {
+		d.buf[i] = 0
+	}
+	// This adds the final one bit for the padding. Because of the way that
+	// bits are numbered from the LSB upwards, the final bit is the MSB of
+	// the last byte.
+	d.buf[d.rate-1] ^= 0x80
+	// Apply the permutation
+	d.permute()
+	d.state = spongeSqueezing
+	d.buf = d.storage[:d.rate]
+	copyOut(d, d.buf)
+}
+// Write absorbs more data into the hash's state. It produces an error
+// if more data is written to the ShakeHash after writing
+func (d *state) Write(p []byte) (written int, err error) {
+	if d.state != spongeAbsorbing {
+		panic("sha3: write to sponge after read")
+	}
+	if d.buf == nil {
+		d.buf = d.storage[:0]
+	}
+	written = len(p)
+	for len(p) > 0 {
+		if len(d.buf) == 0 && len(p) >= d.rate {
+			// The fast path; absorb a full "rate" bytes of input and apply the permutation.
+			xorIn(d, p[:d.rate])
+			p = p[d.rate:]
+			keccakF1600(&d.a)
+		} else {
+			// The slow path; buffer the input until we can fill the sponge, and then xor it in.
+			todo := d.rate - len(d.buf)
+			if todo > len(p) {
+				todo = len(p)
+			}
+			d.buf = append(d.buf, p[:todo]...)
+			p = p[todo:]
+			// If the sponge is full, apply the permutation.
+			if len(d.buf) == d.rate {
+				d.permute()
+			}
+		}
+	}
+	return
+}
+// Read squeezes an arbitrary number of bytes from the sponge.
+func (d *state) Read(out []byte) (n int, err error) {
+	// If we're still absorbing, pad and apply the permutation.
+	if d.state == spongeAbsorbing {
+		d.padAndPermute(d.dsbyte)
+	}
+	n = len(out)
+	// Now, do the squeezing.
+	for len(out) > 0 {
+		n := copy(out, d.buf)
+		d.buf = d.buf[n:]
+		out = out[n:]
+		// Apply the permutation if we've squeezed the sponge dry.
+		if len(d.buf) == 0 {
+			d.permute()
+		}
+	}
+	return
+}
+// Sum applies padding to the hash state and then squeezes out the desired
+// number of output bytes.
+func (d *state) Sum(in []byte) []byte {
+	// Make a copy of the original hash so that caller can keep writing
+	// and summing.
+	dup := d.clone()
+	hash := make([]byte, dup.outputLen)
+	dup.Read(hash)
+	return append(in, hash...)
+}
--- a/crypto/sha3/sha3_test.go
+++ b/crypto/sha3/sha3_test.go
--- a/crypto/sha3/shake.go
+++ b/crypto/sha3/shake.go
+// Copyright Fuzamei Corp. 2018 All Rights Reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+package sha3
+// This file defines the ShakeHash interface, and provides
+// functions for creating SHAKE instances, as well as utility
+// functions for hashing bytes to arbitrary-length output.
+import (
+	"io"
+)
+// ShakeHash defines the interface to hash functions that
+// support arbitrary-length output.
+type ShakeHash interface {
+	// Write absorbs more data into the hash's state. It panics if input is
+	// written to it after output has been read from it.
+	io.Writer
+	// Read reads more output from the hash; reading affects the hash's
+	// state. (ShakeHash.Read is thus very different from Hash.Sum)
+	// It never returns an error.
+	io.Reader
+	// Clone returns a copy of the ShakeHash in its current state.
+	Clone() ShakeHash
+	// Reset resets the ShakeHash to its initial state.
+	Reset()
+}
+func (d *state) Clone() ShakeHash {
+	return d.clone()
+}
+// NewShake128 creates a new SHAKE128 variable-output-length ShakeHash.
+// Its generic security strength is 128 bits against all attacks if at
+// least 32 bytes of its output are used.
+func NewShake128() ShakeHash { return &state{rate: 168, dsbyte: 0x1f} }
+// NewShake256 creates a new SHAKE128 variable-output-length ShakeHash.
+// Its generic security strength is 256 bits against all attacks if
+// at least 64 bytes of its output are used.
+func NewShake256() ShakeHash { return &state{rate: 136, dsbyte: 0x1f} }
+// ShakeSum128 writes an arbitrary-length digest of data into hash.
+func ShakeSum128(hash, data []byte) {
+	h := NewShake128()
+	h.Write(data)
+	h.Read(hash)
+}
+// ShakeSum256 writes an arbitrary-length digest of data into hash.
+func ShakeSum256(hash, data []byte) {
+	h := NewShake256()
+	h.Write(data)
+	h.Read(hash)
+}
--- a/crypto/sha3/testdata/keccakKats.json.deflate
+++ b/crypto/sha3/testdata/keccakKats.json.deflate
--- a/crypto/sha3/xor.go
+++ b/crypto/sha3/xor.go
+// Copyright Fuzamei Corp. 2018 All Rights Reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+// +build !amd64,!386,!ppc64le appengine
+package sha3
+var (
+	xorIn            = xorInGeneric
+	copyOut          = copyOutGeneric
+	xorInUnaligned   = xorInGeneric
+	copyOutUnaligned = copyOutGeneric
+)
+//const xorImplementationUnaligned = "generic"
--- a/crypto/sha3/xor_generic.go
+++ b/crypto/sha3/xor_generic.go
+// Copyright Fuzamei Corp. 2018 All Rights Reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+package sha3
+import "encoding/binary"
+// xorInGeneric xors the bytes in buf into the state; it
+// makes no non-portable assumptions about memory layout
+// or alignment.
+func xorInGeneric(d *state, buf []byte) {
+	n := len(buf) / 8
+	for i := 0; i < n; i++ {
+		a := binary.LittleEndian.Uint64(buf)
+		d.a[i] ^= a
+		buf = buf[8:]
+	}
+}
+// copyOutGeneric copies ulint64s to a byte buffer.
+func copyOutGeneric(d *state, b []byte) {
+	for i := 0; len(b) >= 8; i++ {
+		binary.LittleEndian.PutUint64(b, d.a[i])
+		b = b[8:]
+	}
+}
--- a/crypto/sha3/xor_unaligned.go
+++ b/crypto/sha3/xor_unaligned.go
+// Copyright Fuzamei Corp. 2018 All Rights Reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+// +build amd64 386 ppc64le
+// +build !appengine
+package sha3
+import "unsafe"
+func xorInUnaligned(d *state, buf []byte) {
+	bw := (*[maxRate / 8]uint64)(unsafe.Pointer(&buf[0]))
+	n := len(buf)
+	if n >= 72 {
+		d.a[0] ^= bw[0]
+		d.a[1] ^= bw[1]
+		d.a[2] ^= bw[2]
+		d.a[3] ^= bw[3]
+		d.a[4] ^= bw[4]
+		d.a[5] ^= bw[5]
+		d.a[6] ^= bw[6]
+		d.a[7] ^= bw[7]
+		d.a[8] ^= bw[8]
+	}
+	if n >= 104 {
+		d.a[9] ^= bw[9]
+		d.a[10] ^= bw[10]
+		d.a[11] ^= bw[11]
+		d.a[12] ^= bw[12]
+	}
+	if n >= 136 {
+		d.a[13] ^= bw[13]
+		d.a[14] ^= bw[14]
+		d.a[15] ^= bw[15]
+		d.a[16] ^= bw[16]
+	}
+	if n >= 144 {
+		d.a[17] ^= bw[17]
+	}
+	if n >= 168 {
+		d.a[18] ^= bw[18]
+		d.a[19] ^= bw[19]
+		d.a[20] ^= bw[20]
+	}
+}
+func copyOutUnaligned(d *state, buf []byte) {
+	ab := (*[maxRate]uint8)(unsafe.Pointer(&d.a[0]))
+	copy(buf, ab[:])
+}
+var (
+	xorIn   = xorInUnaligned
+	copyOut = copyOutUnaligned
+)
+//const xorImplementationUnaligned = "unaligned"
--- a/transaction.go
+++ b/transaction.go
@@ -3,6 +3,7 @@ package sdk
 import (
 	"errors"
 	"github.com/33cn/chain33-sdk-go/crypto"
+	"github.com/33cn/chain33-sdk-go/crypto/ed25519"
 	"github.com/33cn/chain33-sdk-go/crypto/gm"
 	. "github.com/33cn/chain33-sdk-go/types"
 )
@@ -29,12 +30,19 @@ func Sign(tx *Transaction, privateKey []byte, signType string) (*Transaction, er
 		data := Encode(tx)
 		signature := gm.SM2Sign(data, privateKey, nil)
 		tx.Signature = &Signature{
-			Ty:        1,
+			Ty:        3,
 			Pubkey:    pub,
 			Signature: signature,
 		}
 	} else if signType == crypto.ED25519 {
-		// TODO
+		pub := ed25519.MakePublicKey(privateKey)
+		data := Encode(tx)
+		signature := ed25519.Sign(data, privateKey)
+		tx.Signature = &Signature{
+			Ty:                   2,
+			Pubkey:               pub,
+			Signature:            signature,
+		}
 	} else {
 		return nil, errors.New("sign type not support")
 	}