123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261 |
- // Copyright 2016 The go-ethereum Authors
- // This file is part of the go-ethereum library.
- //
- // The go-ethereum library is free software: you can redistribute it and/or modify
- // it under the terms of the GNU Lesser General Public License as published by
- // the Free Software Foundation, either version 3 of the License, or
- // (at your option) any later version.
- //
- // The go-ethereum library is distributed in the hope that it will be useful,
- // but WITHOUT ANY WARRANTY; without even the implied warranty of
- // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- // GNU Lesser General Public License for more details.
- //
- // You should have received a copy of the GNU Lesser General Public License
- // along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
- package types
- import (
- "crypto/ecdsa"
- "errors"
- "fmt"
- "math/big"
- "github.com/ethereum/go-ethereum/common"
- "github.com/ethereum/go-ethereum/crypto"
- "github.com/ethereum/go-ethereum/params"
- )
- var (
- ErrInvalidChainId = errors.New("invalid chain id for signer")
- )
- // sigCache is used to cache the derived sender and contains
- // the signer used to derive it.
- type sigCache struct {
- signer Signer
- from common.Address
- }
- // MakeSigner returns a Signer based on the given chain config and block number.
- func MakeSigner(config *params.ChainConfig, blockNumber *big.Int) Signer {
- var signer Signer
- switch {
- case config.IsEIP155(blockNumber):
- signer = NewEIP155Signer(config.ChainId)
- case config.IsHomestead(blockNumber):
- signer = HomesteadSigner{}
- default:
- signer = FrontierSigner{}
- }
- return signer
- }
- // SignTx signs the transaction using the given signer and private key
- func SignTx(tx *Transaction, s Signer, prv *ecdsa.PrivateKey) (*Transaction, error) {
- h := s.Hash(tx)
- sig, err := crypto.Sign(h[:], prv)
- if err != nil {
- return nil, err
- }
- return tx.WithSignature(s, sig)
- }
- // Sender returns the address derived from the signature (V, R, S) using secp256k1
- // elliptic curve and an error if it failed deriving or upon an incorrect
- // signature.
- //
- // Sender may cache the address, allowing it to be used regardless of
- // signing method. The cache is invalidated if the cached signer does
- // not match the signer used in the current call.
- func Sender(signer Signer, tx *Transaction) (common.Address, error) {
- if sc := tx.from.Load(); sc != nil {
- sigCache := sc.(sigCache)
- // If the signer used to derive from in a previous
- // call is not the same as used current, invalidate
- // the cache.
- if sigCache.signer.Equal(signer) {
- return sigCache.from, nil
- }
- }
- addr, err := signer.Sender(tx)
- if err != nil {
- return common.Address{}, err
- }
- tx.from.Store(sigCache{signer: signer, from: addr})
- return addr, nil
- }
- // Signer encapsulates transaction signature handling. Note that this interface is not a
- // stable API and may change at any time to accommodate new protocol rules.
- type Signer interface {
- // Sender returns the sender address of the transaction.
- Sender(tx *Transaction) (common.Address, error)
- // SignatureValues returns the raw R, S, V values corresponding to the
- // given signature.
- SignatureValues(tx *Transaction, sig []byte) (r, s, v *big.Int, err error)
- // Hash returns the hash to be signed.
- Hash(tx *Transaction) common.Hash
- // Equal returns true if the given signer is the same as the receiver.
- Equal(Signer) bool
- }
- // EIP155Transaction implements Signer using the EIP155 rules.
- type EIP155Signer struct {
- chainId, chainIdMul *big.Int
- }
- func NewEIP155Signer(chainId *big.Int) EIP155Signer {
- if chainId == nil {
- chainId = new(big.Int)
- }
- return EIP155Signer{
- chainId: chainId,
- chainIdMul: new(big.Int).Mul(chainId, big.NewInt(2)),
- }
- }
- func (s EIP155Signer) Equal(s2 Signer) bool {
- eip155, ok := s2.(EIP155Signer)
- return ok && eip155.chainId.Cmp(s.chainId) == 0
- }
- var big8 = big.NewInt(8)
- func (s EIP155Signer) Sender(tx *Transaction) (common.Address, error) {
- if !tx.Protected() {
- return HomesteadSigner{}.Sender(tx)
- }
- if tx.ChainId().Cmp(s.chainId) != 0 {
- return common.Address{}, ErrInvalidChainId
- }
- V := new(big.Int).Sub(tx.data.V, s.chainIdMul)
- V.Sub(V, big8)
- return recoverPlain(s.Hash(tx), tx.data.R, tx.data.S, V, true)
- }
- // WithSignature returns a new transaction with the given signature. This signature
- // needs to be in the [R || S || V] format where V is 0 or 1.
- func (s EIP155Signer) SignatureValues(tx *Transaction, sig []byte) (R, S, V *big.Int, err error) {
- R, S, V, err = HomesteadSigner{}.SignatureValues(tx, sig)
- if err != nil {
- return nil, nil, nil, err
- }
- if s.chainId.Sign() != 0 {
- V = big.NewInt(int64(sig[64] + 35))
- V.Add(V, s.chainIdMul)
- }
- return R, S, V, nil
- }
- // Hash returns the hash to be signed by the sender.
- // It does not uniquely identify the transaction.
- func (s EIP155Signer) Hash(tx *Transaction) common.Hash {
- return rlpHash([]interface{}{
- tx.data.AccountNonce,
- tx.data.Price,
- tx.data.GasLimit,
- tx.data.Recipient,
- tx.data.Amount,
- tx.data.Payload,
- s.chainId, uint(0), uint(0),
- })
- }
- // HomesteadTransaction implements TransactionInterface using the
- // homestead rules.
- type HomesteadSigner struct{ FrontierSigner }
- func (s HomesteadSigner) Equal(s2 Signer) bool {
- _, ok := s2.(HomesteadSigner)
- return ok
- }
- // SignatureValues returns signature values. This signature
- // needs to be in the [R || S || V] format where V is 0 or 1.
- func (hs HomesteadSigner) SignatureValues(tx *Transaction, sig []byte) (r, s, v *big.Int, err error) {
- return hs.FrontierSigner.SignatureValues(tx, sig)
- }
- func (hs HomesteadSigner) Sender(tx *Transaction) (common.Address, error) {
- return recoverPlain(hs.Hash(tx), tx.data.R, tx.data.S, tx.data.V, true)
- }
- type FrontierSigner struct{}
- func (s FrontierSigner) Equal(s2 Signer) bool {
- _, ok := s2.(FrontierSigner)
- return ok
- }
- // SignatureValues returns signature values. This signature
- // needs to be in the [R || S || V] format where V is 0 or 1.
- func (fs FrontierSigner) SignatureValues(tx *Transaction, sig []byte) (r, s, v *big.Int, err error) {
- if len(sig) != 65 {
- panic(fmt.Sprintf("wrong size for signature: got %d, want 65", len(sig)))
- }
- r = new(big.Int).SetBytes(sig[:32])
- s = new(big.Int).SetBytes(sig[32:64])
- v = new(big.Int).SetBytes([]byte{sig[64] + 27})
- return r, s, v, nil
- }
- // Hash returns the hash to be signed by the sender.
- // It does not uniquely identify the transaction.
- func (fs FrontierSigner) Hash(tx *Transaction) common.Hash {
- return rlpHash([]interface{}{
- tx.data.AccountNonce,
- tx.data.Price,
- tx.data.GasLimit,
- tx.data.Recipient,
- tx.data.Amount,
- tx.data.Payload,
- })
- }
- func (fs FrontierSigner) Sender(tx *Transaction) (common.Address, error) {
- return recoverPlain(fs.Hash(tx), tx.data.R, tx.data.S, tx.data.V, false)
- }
- func recoverPlain(sighash common.Hash, R, S, Vb *big.Int, homestead bool) (common.Address, error) {
- if Vb.BitLen() > 8 {
- return common.Address{}, ErrInvalidSig
- }
- V := byte(Vb.Uint64() - 27)
- if !crypto.ValidateSignatureValues(V, R, S, homestead) {
- return common.Address{}, ErrInvalidSig
- }
- // encode the snature in uncompressed format
- r, s := R.Bytes(), S.Bytes()
- sig := make([]byte, 65)
- copy(sig[32-len(r):32], r)
- copy(sig[64-len(s):64], s)
- sig[64] = V
- // recover the public key from the snature
- pub, err := crypto.Ecrecover(sighash[:], sig)
- if err != nil {
- return common.Address{}, err
- }
- if len(pub) == 0 || pub[0] != 4 {
- return common.Address{}, errors.New("invalid public key")
- }
- var addr common.Address
- copy(addr[:], crypto.Keccak256(pub[1:])[12:])
- return addr, nil
- }
- // deriveChainId derives the chain id from the given v parameter
- func deriveChainId(v *big.Int) *big.Int {
- if v.BitLen() <= 64 {
- v := v.Uint64()
- if v == 27 || v == 28 {
- return new(big.Int)
- }
- return new(big.Int).SetUint64((v - 35) / 2)
- }
- v = new(big.Int).Sub(v, big.NewInt(35))
- return v.Div(v, big.NewInt(2))
- }
|