2016-11-02 12:44:13 +00:00
|
|
|
// Copyright 2016 The go-ethereum Authors
|
|
|
|
// This file is part of the go-ethereum library.
|
|
|
|
//
|
|
|
|
// The go-ethereum library is free software: you can redistribute it and/or modify
|
|
|
|
// it under the terms of the GNU Lesser General Public License as published by
|
|
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
|
|
// (at your option) any later version.
|
|
|
|
//
|
|
|
|
// The go-ethereum library is distributed in the hope that it will be useful,
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
// GNU Lesser General Public License for more details.
|
|
|
|
//
|
|
|
|
// You should have received a copy of the GNU Lesser General Public License
|
|
|
|
// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
|
|
|
package types
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/ecdsa"
|
|
|
|
"errors"
|
|
|
|
"fmt"
|
|
|
|
"math/big"
|
|
|
|
|
|
|
|
"github.com/ethereum/go-ethereum/common"
|
|
|
|
"github.com/ethereum/go-ethereum/crypto"
|
|
|
|
"github.com/ethereum/go-ethereum/params"
|
|
|
|
)
|
|
|
|
|
2021-02-25 14:26:57 +00:00
|
|
|
var ErrInvalidChainId = errors.New("invalid chain id for signer")
|
2016-11-14 14:59:31 +00:00
|
|
|
|
2016-11-02 12:44:13 +00:00
|
|
|
// sigCache is used to cache the derived sender and contains
|
|
|
|
// the signer used to derive it.
|
|
|
|
type sigCache struct {
|
|
|
|
signer Signer
|
|
|
|
from common.Address
|
|
|
|
}
|
|
|
|
|
|
|
|
// MakeSigner returns a Signer based on the given chain config and block number.
|
2023-04-21 09:52:02 +00:00
|
|
|
func MakeSigner(config *params.ChainConfig, blockNumber *big.Int, blockTime uint64) Signer {
|
2016-11-02 12:44:13 +00:00
|
|
|
var signer Signer
|
|
|
|
switch {
|
2023-05-19 08:27:19 +00:00
|
|
|
case config.IsCancun(blockNumber, blockTime):
|
2023-04-21 09:52:02 +00:00
|
|
|
signer = NewCancunSigner(config.ChainID)
|
2021-05-17 13:13:22 +00:00
|
|
|
case config.IsLondon(blockNumber):
|
|
|
|
signer = NewLondonSigner(config.ChainID)
|
2021-02-25 07:10:30 +00:00
|
|
|
case config.IsBerlin(blockNumber):
|
2021-02-25 14:26:57 +00:00
|
|
|
signer = NewEIP2930Signer(config.ChainID)
|
2016-11-02 12:44:13 +00:00
|
|
|
case config.IsEIP155(blockNumber):
|
2018-06-05 10:31:34 +00:00
|
|
|
signer = NewEIP155Signer(config.ChainID)
|
2016-11-02 12:44:13 +00:00
|
|
|
case config.IsHomestead(blockNumber):
|
|
|
|
signer = HomesteadSigner{}
|
|
|
|
default:
|
|
|
|
signer = FrontierSigner{}
|
|
|
|
}
|
|
|
|
return signer
|
|
|
|
}
|
|
|
|
|
2021-02-25 14:26:57 +00:00
|
|
|
// LatestSigner returns the 'most permissive' Signer available for the given chain
|
2023-10-03 11:44:01 +00:00
|
|
|
// configuration. Specifically, this enables support of all types of transactions
|
2023-06-16 12:29:40 +00:00
|
|
|
// when their respective forks are scheduled to occur at any block number (or time)
|
|
|
|
// in the chain config.
|
2021-02-25 14:26:57 +00:00
|
|
|
//
|
|
|
|
// Use this in transaction-handling code where the current block number is unknown. If you
|
|
|
|
// have the current block number available, use MakeSigner instead.
|
|
|
|
func LatestSigner(config *params.ChainConfig) Signer {
|
|
|
|
if config.ChainID != nil {
|
2023-04-21 09:52:02 +00:00
|
|
|
if config.CancunTime != nil {
|
|
|
|
return NewCancunSigner(config.ChainID)
|
|
|
|
}
|
2021-05-17 13:13:22 +00:00
|
|
|
if config.LondonBlock != nil {
|
|
|
|
return NewLondonSigner(config.ChainID)
|
|
|
|
}
|
2021-05-06 09:07:42 +00:00
|
|
|
if config.BerlinBlock != nil {
|
2021-02-25 14:26:57 +00:00
|
|
|
return NewEIP2930Signer(config.ChainID)
|
|
|
|
}
|
|
|
|
if config.EIP155Block != nil {
|
|
|
|
return NewEIP155Signer(config.ChainID)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return HomesteadSigner{}
|
|
|
|
}
|
|
|
|
|
|
|
|
// LatestSignerForChainID returns the 'most permissive' Signer available. Specifically,
|
|
|
|
// this enables support for EIP-155 replay protection and all implemented EIP-2718
|
|
|
|
// transaction types if chainID is non-nil.
|
|
|
|
//
|
|
|
|
// Use this in transaction-handling code where the current block number and fork
|
|
|
|
// configuration are unknown. If you have a ChainConfig, use LatestSigner instead.
|
|
|
|
// If you have a ChainConfig and know the current block number, use MakeSigner instead.
|
|
|
|
func LatestSignerForChainID(chainID *big.Int) Signer {
|
|
|
|
if chainID == nil {
|
|
|
|
return HomesteadSigner{}
|
|
|
|
}
|
2023-04-21 09:52:02 +00:00
|
|
|
return NewCancunSigner(chainID)
|
2021-02-25 14:26:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// SignTx signs the transaction using the given signer and private key.
|
2017-01-05 11:59:17 +00:00
|
|
|
func SignTx(tx *Transaction, s Signer, prv *ecdsa.PrivateKey) (*Transaction, error) {
|
2016-11-02 12:44:13 +00:00
|
|
|
h := s.Hash(tx)
|
2017-01-05 10:35:23 +00:00
|
|
|
sig, err := crypto.Sign(h[:], prv)
|
2016-11-02 12:44:13 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2017-10-01 09:03:28 +00:00
|
|
|
return tx.WithSignature(s, sig)
|
2016-11-02 12:44:13 +00:00
|
|
|
}
|
|
|
|
|
2021-02-25 14:26:57 +00:00
|
|
|
// SignNewTx creates a transaction and signs it.
|
|
|
|
func SignNewTx(prv *ecdsa.PrivateKey, s Signer, txdata TxData) (*Transaction, error) {
|
|
|
|
tx := NewTx(txdata)
|
|
|
|
h := s.Hash(tx)
|
|
|
|
sig, err := crypto.Sign(h[:], prv)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return tx.WithSignature(s, sig)
|
|
|
|
}
|
|
|
|
|
|
|
|
// MustSignNewTx creates a transaction and signs it.
|
|
|
|
// This panics if the transaction cannot be signed.
|
|
|
|
func MustSignNewTx(prv *ecdsa.PrivateKey, s Signer, txdata TxData) *Transaction {
|
|
|
|
tx, err := SignNewTx(prv, s, txdata)
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
return tx
|
|
|
|
}
|
|
|
|
|
2016-11-02 12:44:13 +00:00
|
|
|
// Sender returns the address derived from the signature (V, R, S) using secp256k1
|
|
|
|
// elliptic curve and an error if it failed deriving or upon an incorrect
|
|
|
|
// signature.
|
|
|
|
//
|
|
|
|
// Sender may cache the address, allowing it to be used regardless of
|
|
|
|
// signing method. The cache is invalidated if the cached signer does
|
|
|
|
// not match the signer used in the current call.
|
|
|
|
func Sender(signer Signer, tx *Transaction) (common.Address, error) {
|
|
|
|
if sc := tx.from.Load(); sc != nil {
|
|
|
|
sigCache := sc.(sigCache)
|
|
|
|
// If the signer used to derive from in a previous
|
|
|
|
// call is not the same as used current, invalidate
|
|
|
|
// the cache.
|
2016-11-14 14:59:31 +00:00
|
|
|
if sigCache.signer.Equal(signer) {
|
2016-11-02 12:44:13 +00:00
|
|
|
return sigCache.from, nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-10-01 09:03:28 +00:00
|
|
|
addr, err := signer.Sender(tx)
|
2016-11-02 12:44:13 +00:00
|
|
|
if err != nil {
|
|
|
|
return common.Address{}, err
|
|
|
|
}
|
|
|
|
tx.from.Store(sigCache{signer: signer, from: addr})
|
|
|
|
return addr, nil
|
|
|
|
}
|
|
|
|
|
2021-02-25 14:26:57 +00:00
|
|
|
// Signer encapsulates transaction signature handling. The name of this type is slightly
|
|
|
|
// misleading because Signers don't actually sign, they're just for validating and
|
|
|
|
// processing of signatures.
|
|
|
|
//
|
|
|
|
// Note that this interface is not a stable API and may change at any time to accommodate
|
|
|
|
// new protocol rules.
|
2016-11-02 12:44:13 +00:00
|
|
|
type Signer interface {
|
2017-10-01 09:03:28 +00:00
|
|
|
// Sender returns the sender address of the transaction.
|
|
|
|
Sender(tx *Transaction) (common.Address, error)
|
2021-02-25 14:26:57 +00:00
|
|
|
|
2017-10-01 09:03:28 +00:00
|
|
|
// SignatureValues returns the raw R, S, V values corresponding to the
|
|
|
|
// given signature.
|
|
|
|
SignatureValues(tx *Transaction, sig []byte) (r, s, v *big.Int, err error)
|
2021-02-25 14:26:57 +00:00
|
|
|
ChainID() *big.Int
|
|
|
|
|
|
|
|
// Hash returns 'signature hash', i.e. the transaction hash that is signed by the
|
|
|
|
// private key. This hash does not uniquely identify the transaction.
|
2016-11-02 12:44:13 +00:00
|
|
|
Hash(tx *Transaction) common.Hash
|
2021-02-25 14:26:57 +00:00
|
|
|
|
2017-10-01 09:03:28 +00:00
|
|
|
// Equal returns true if the given signer is the same as the receiver.
|
2016-11-14 14:59:31 +00:00
|
|
|
Equal(Signer) bool
|
2016-11-02 12:44:13 +00:00
|
|
|
}
|
|
|
|
|
2023-04-21 09:52:02 +00:00
|
|
|
type cancunSigner struct{ londonSigner }
|
|
|
|
|
|
|
|
// NewCancunSigner returns a signer that accepts
|
|
|
|
// - EIP-4844 blob transactions
|
|
|
|
// - EIP-1559 dynamic fee transactions
|
|
|
|
// - EIP-2930 access list transactions,
|
|
|
|
// - EIP-155 replay protected transactions, and
|
|
|
|
// - legacy Homestead transactions.
|
|
|
|
func NewCancunSigner(chainId *big.Int) Signer {
|
|
|
|
return cancunSigner{londonSigner{eip2930Signer{NewEIP155Signer(chainId)}}}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s cancunSigner) Sender(tx *Transaction) (common.Address, error) {
|
|
|
|
if tx.Type() != BlobTxType {
|
|
|
|
return s.londonSigner.Sender(tx)
|
|
|
|
}
|
|
|
|
V, R, S := tx.RawSignatureValues()
|
|
|
|
// Blob txs are defined to use 0 and 1 as their recovery
|
|
|
|
// id, add 27 to become equivalent to unprotected Homestead signatures.
|
|
|
|
V = new(big.Int).Add(V, big.NewInt(27))
|
|
|
|
if tx.ChainId().Cmp(s.chainId) != 0 {
|
|
|
|
return common.Address{}, fmt.Errorf("%w: have %d want %d", ErrInvalidChainId, tx.ChainId(), s.chainId)
|
|
|
|
}
|
|
|
|
return recoverPlain(s.Hash(tx), R, S, V, true)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s cancunSigner) Equal(s2 Signer) bool {
|
|
|
|
x, ok := s2.(cancunSigner)
|
|
|
|
return ok && x.chainId.Cmp(s.chainId) == 0
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s cancunSigner) SignatureValues(tx *Transaction, sig []byte) (R, S, V *big.Int, err error) {
|
|
|
|
txdata, ok := tx.inner.(*BlobTx)
|
|
|
|
if !ok {
|
|
|
|
return s.londonSigner.SignatureValues(tx, sig)
|
|
|
|
}
|
|
|
|
// Check that chain ID of tx matches the signer. We also accept ID zero here,
|
|
|
|
// because it indicates that the chain ID was not specified in the tx.
|
|
|
|
if txdata.ChainID.Sign() != 0 && txdata.ChainID.ToBig().Cmp(s.chainId) != 0 {
|
|
|
|
return nil, nil, nil, fmt.Errorf("%w: have %d want %d", ErrInvalidChainId, txdata.ChainID, s.chainId)
|
|
|
|
}
|
|
|
|
R, S, _ = decodeSignature(sig)
|
|
|
|
V = big.NewInt(int64(sig[64]))
|
|
|
|
return R, S, V, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Hash returns the hash to be signed by the sender.
|
|
|
|
// It does not uniquely identify the transaction.
|
|
|
|
func (s cancunSigner) Hash(tx *Transaction) common.Hash {
|
|
|
|
if tx.Type() != BlobTxType {
|
|
|
|
return s.londonSigner.Hash(tx)
|
|
|
|
}
|
|
|
|
return prefixedRlpHash(
|
|
|
|
tx.Type(),
|
|
|
|
[]interface{}{
|
|
|
|
s.chainId,
|
|
|
|
tx.Nonce(),
|
|
|
|
tx.GasTipCap(),
|
|
|
|
tx.GasFeeCap(),
|
|
|
|
tx.Gas(),
|
|
|
|
tx.To(),
|
|
|
|
tx.Value(),
|
|
|
|
tx.Data(),
|
|
|
|
tx.AccessList(),
|
|
|
|
tx.BlobGasFeeCap(),
|
|
|
|
tx.BlobHashes(),
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2021-05-17 13:13:22 +00:00
|
|
|
type londonSigner struct{ eip2930Signer }
|
|
|
|
|
|
|
|
// NewLondonSigner returns a signer that accepts
|
|
|
|
// - EIP-1559 dynamic fee transactions
|
|
|
|
// - EIP-2930 access list transactions,
|
|
|
|
// - EIP-155 replay protected transactions, and
|
|
|
|
// - legacy Homestead transactions.
|
|
|
|
func NewLondonSigner(chainId *big.Int) Signer {
|
|
|
|
return londonSigner{eip2930Signer{NewEIP155Signer(chainId)}}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s londonSigner) Sender(tx *Transaction) (common.Address, error) {
|
|
|
|
if tx.Type() != DynamicFeeTxType {
|
|
|
|
return s.eip2930Signer.Sender(tx)
|
|
|
|
}
|
|
|
|
V, R, S := tx.RawSignatureValues()
|
|
|
|
// DynamicFee txs are defined to use 0 and 1 as their recovery
|
|
|
|
// id, add 27 to become equivalent to unprotected Homestead signatures.
|
|
|
|
V = new(big.Int).Add(V, big.NewInt(27))
|
|
|
|
if tx.ChainId().Cmp(s.chainId) != 0 {
|
2022-10-12 08:27:39 +00:00
|
|
|
return common.Address{}, fmt.Errorf("%w: have %d want %d", ErrInvalidChainId, tx.ChainId(), s.chainId)
|
2021-05-17 13:13:22 +00:00
|
|
|
}
|
|
|
|
return recoverPlain(s.Hash(tx), R, S, V, true)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s londonSigner) Equal(s2 Signer) bool {
|
|
|
|
x, ok := s2.(londonSigner)
|
|
|
|
return ok && x.chainId.Cmp(s.chainId) == 0
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s londonSigner) SignatureValues(tx *Transaction, sig []byte) (R, S, V *big.Int, err error) {
|
|
|
|
txdata, ok := tx.inner.(*DynamicFeeTx)
|
|
|
|
if !ok {
|
|
|
|
return s.eip2930Signer.SignatureValues(tx, sig)
|
|
|
|
}
|
|
|
|
// Check that chain ID of tx matches the signer. We also accept ID zero here,
|
|
|
|
// because it indicates that the chain ID was not specified in the tx.
|
|
|
|
if txdata.ChainID.Sign() != 0 && txdata.ChainID.Cmp(s.chainId) != 0 {
|
2022-10-12 08:27:39 +00:00
|
|
|
return nil, nil, nil, fmt.Errorf("%w: have %d want %d", ErrInvalidChainId, txdata.ChainID, s.chainId)
|
2021-05-17 13:13:22 +00:00
|
|
|
}
|
|
|
|
R, S, _ = decodeSignature(sig)
|
|
|
|
V = big.NewInt(int64(sig[64]))
|
|
|
|
return R, S, V, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Hash returns the hash to be signed by the sender.
|
|
|
|
// It does not uniquely identify the transaction.
|
|
|
|
func (s londonSigner) Hash(tx *Transaction) common.Hash {
|
|
|
|
if tx.Type() != DynamicFeeTxType {
|
|
|
|
return s.eip2930Signer.Hash(tx)
|
|
|
|
}
|
|
|
|
return prefixedRlpHash(
|
|
|
|
tx.Type(),
|
|
|
|
[]interface{}{
|
|
|
|
s.chainId,
|
|
|
|
tx.Nonce(),
|
2021-06-08 10:05:41 +00:00
|
|
|
tx.GasTipCap(),
|
|
|
|
tx.GasFeeCap(),
|
2021-05-17 13:13:22 +00:00
|
|
|
tx.Gas(),
|
|
|
|
tx.To(),
|
|
|
|
tx.Value(),
|
|
|
|
tx.Data(),
|
|
|
|
tx.AccessList(),
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2021-02-25 14:26:57 +00:00
|
|
|
type eip2930Signer struct{ EIP155Signer }
|
|
|
|
|
|
|
|
// NewEIP2930Signer returns a signer that accepts EIP-2930 access list transactions,
|
|
|
|
// EIP-155 replay protected transactions, and legacy Homestead transactions.
|
|
|
|
func NewEIP2930Signer(chainId *big.Int) Signer {
|
|
|
|
return eip2930Signer{NewEIP155Signer(chainId)}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s eip2930Signer) ChainID() *big.Int {
|
|
|
|
return s.chainId
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s eip2930Signer) Equal(s2 Signer) bool {
|
|
|
|
x, ok := s2.(eip2930Signer)
|
|
|
|
return ok && x.chainId.Cmp(s.chainId) == 0
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s eip2930Signer) Sender(tx *Transaction) (common.Address, error) {
|
|
|
|
V, R, S := tx.RawSignatureValues()
|
|
|
|
switch tx.Type() {
|
|
|
|
case LegacyTxType:
|
2023-08-11 13:50:57 +00:00
|
|
|
return s.EIP155Signer.Sender(tx)
|
2021-02-25 14:26:57 +00:00
|
|
|
case AccessListTxType:
|
2021-05-17 13:13:22 +00:00
|
|
|
// AL txs are defined to use 0 and 1 as their recovery
|
|
|
|
// id, add 27 to become equivalent to unprotected Homestead signatures.
|
2021-02-25 14:26:57 +00:00
|
|
|
V = new(big.Int).Add(V, big.NewInt(27))
|
|
|
|
default:
|
|
|
|
return common.Address{}, ErrTxTypeNotSupported
|
|
|
|
}
|
|
|
|
if tx.ChainId().Cmp(s.chainId) != 0 {
|
2022-10-12 08:27:39 +00:00
|
|
|
return common.Address{}, fmt.Errorf("%w: have %d want %d", ErrInvalidChainId, tx.ChainId(), s.chainId)
|
2021-02-25 14:26:57 +00:00
|
|
|
}
|
|
|
|
return recoverPlain(s.Hash(tx), R, S, V, true)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s eip2930Signer) SignatureValues(tx *Transaction, sig []byte) (R, S, V *big.Int, err error) {
|
|
|
|
switch txdata := tx.inner.(type) {
|
|
|
|
case *LegacyTx:
|
2021-03-16 08:48:54 +00:00
|
|
|
return s.EIP155Signer.SignatureValues(tx, sig)
|
2021-02-25 14:26:57 +00:00
|
|
|
case *AccessListTx:
|
|
|
|
// Check that chain ID of tx matches the signer. We also accept ID zero here,
|
|
|
|
// because it indicates that the chain ID was not specified in the tx.
|
|
|
|
if txdata.ChainID.Sign() != 0 && txdata.ChainID.Cmp(s.chainId) != 0 {
|
2022-10-12 08:27:39 +00:00
|
|
|
return nil, nil, nil, fmt.Errorf("%w: have %d want %d", ErrInvalidChainId, txdata.ChainID, s.chainId)
|
2021-02-25 14:26:57 +00:00
|
|
|
}
|
|
|
|
R, S, _ = decodeSignature(sig)
|
|
|
|
V = big.NewInt(int64(sig[64]))
|
|
|
|
default:
|
|
|
|
return nil, nil, nil, ErrTxTypeNotSupported
|
|
|
|
}
|
|
|
|
return R, S, V, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Hash returns the hash to be signed by the sender.
|
|
|
|
// It does not uniquely identify the transaction.
|
|
|
|
func (s eip2930Signer) Hash(tx *Transaction) common.Hash {
|
|
|
|
switch tx.Type() {
|
|
|
|
case LegacyTxType:
|
2023-08-11 13:50:57 +00:00
|
|
|
return s.EIP155Signer.Hash(tx)
|
2021-02-25 14:26:57 +00:00
|
|
|
case AccessListTxType:
|
|
|
|
return prefixedRlpHash(
|
|
|
|
tx.Type(),
|
|
|
|
[]interface{}{
|
|
|
|
s.chainId,
|
|
|
|
tx.Nonce(),
|
|
|
|
tx.GasPrice(),
|
|
|
|
tx.Gas(),
|
|
|
|
tx.To(),
|
|
|
|
tx.Value(),
|
|
|
|
tx.Data(),
|
|
|
|
tx.AccessList(),
|
|
|
|
})
|
|
|
|
default:
|
|
|
|
// This _should_ not happen, but in case someone sends in a bad
|
|
|
|
// json struct via RPC, it's probably more prudent to return an
|
|
|
|
// empty hash instead of killing the node with a panic
|
|
|
|
//panic("Unsupported transaction type: %d", tx.typ)
|
|
|
|
return common.Hash{}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// EIP155Signer implements Signer using the EIP-155 rules. This accepts transactions which
|
|
|
|
// are replay-protected as well as unprotected homestead transactions.
|
2016-11-02 12:44:13 +00:00
|
|
|
type EIP155Signer struct {
|
|
|
|
chainId, chainIdMul *big.Int
|
|
|
|
}
|
|
|
|
|
|
|
|
func NewEIP155Signer(chainId *big.Int) EIP155Signer {
|
2017-03-18 13:05:32 +00:00
|
|
|
if chainId == nil {
|
|
|
|
chainId = new(big.Int)
|
|
|
|
}
|
2016-11-02 12:44:13 +00:00
|
|
|
return EIP155Signer{
|
|
|
|
chainId: chainId,
|
|
|
|
chainIdMul: new(big.Int).Mul(chainId, big.NewInt(2)),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-02-25 14:26:57 +00:00
|
|
|
func (s EIP155Signer) ChainID() *big.Int {
|
|
|
|
return s.chainId
|
|
|
|
}
|
|
|
|
|
2016-11-14 14:59:31 +00:00
|
|
|
func (s EIP155Signer) Equal(s2 Signer) bool {
|
|
|
|
eip155, ok := s2.(EIP155Signer)
|
|
|
|
return ok && eip155.chainId.Cmp(s.chainId) == 0
|
|
|
|
}
|
|
|
|
|
2017-10-01 09:03:28 +00:00
|
|
|
var big8 = big.NewInt(8)
|
|
|
|
|
|
|
|
func (s EIP155Signer) Sender(tx *Transaction) (common.Address, error) {
|
2021-02-25 14:26:57 +00:00
|
|
|
if tx.Type() != LegacyTxType {
|
|
|
|
return common.Address{}, ErrTxTypeNotSupported
|
|
|
|
}
|
2016-11-02 12:44:13 +00:00
|
|
|
if !tx.Protected() {
|
2017-10-01 09:03:28 +00:00
|
|
|
return HomesteadSigner{}.Sender(tx)
|
2016-11-02 12:44:13 +00:00
|
|
|
}
|
2016-11-14 14:59:31 +00:00
|
|
|
if tx.ChainId().Cmp(s.chainId) != 0 {
|
2022-10-12 08:27:39 +00:00
|
|
|
return common.Address{}, fmt.Errorf("%w: have %d want %d", ErrInvalidChainId, tx.ChainId(), s.chainId)
|
2016-11-02 12:44:13 +00:00
|
|
|
}
|
2021-02-25 14:26:57 +00:00
|
|
|
V, R, S := tx.RawSignatureValues()
|
|
|
|
V = new(big.Int).Sub(V, s.chainIdMul)
|
2017-10-01 09:03:28 +00:00
|
|
|
V.Sub(V, big8)
|
2021-02-25 14:26:57 +00:00
|
|
|
return recoverPlain(s.Hash(tx), R, S, V, true)
|
2016-11-02 12:44:13 +00:00
|
|
|
}
|
|
|
|
|
2018-10-16 10:45:28 +00:00
|
|
|
// SignatureValues returns signature values. This signature
|
2017-01-05 10:35:23 +00:00
|
|
|
// needs to be in the [R || S || V] format where V is 0 or 1.
|
2017-10-01 09:03:28 +00:00
|
|
|
func (s EIP155Signer) SignatureValues(tx *Transaction, sig []byte) (R, S, V *big.Int, err error) {
|
2021-02-25 14:26:57 +00:00
|
|
|
if tx.Type() != LegacyTxType {
|
|
|
|
return nil, nil, nil, ErrTxTypeNotSupported
|
2016-11-02 12:44:13 +00:00
|
|
|
}
|
2021-02-25 14:26:57 +00:00
|
|
|
R, S, V = decodeSignature(sig)
|
2017-02-28 14:09:11 +00:00
|
|
|
if s.chainId.Sign() != 0 {
|
2017-10-01 09:03:28 +00:00
|
|
|
V = big.NewInt(int64(sig[64] + 35))
|
|
|
|
V.Add(V, s.chainIdMul)
|
2016-11-02 12:44:13 +00:00
|
|
|
}
|
2017-10-01 09:03:28 +00:00
|
|
|
return R, S, V, nil
|
2016-11-02 12:44:13 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Hash returns the hash to be signed by the sender.
|
|
|
|
// It does not uniquely identify the transaction.
|
|
|
|
func (s EIP155Signer) Hash(tx *Transaction) common.Hash {
|
|
|
|
return rlpHash([]interface{}{
|
2021-02-25 14:26:57 +00:00
|
|
|
tx.Nonce(),
|
|
|
|
tx.GasPrice(),
|
|
|
|
tx.Gas(),
|
|
|
|
tx.To(),
|
|
|
|
tx.Value(),
|
|
|
|
tx.Data(),
|
2016-11-02 12:44:13 +00:00
|
|
|
s.chainId, uint(0), uint(0),
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2022-10-04 06:44:05 +00:00
|
|
|
// HomesteadSigner implements Signer interface using the
|
2016-11-02 12:44:13 +00:00
|
|
|
// homestead rules.
|
|
|
|
type HomesteadSigner struct{ FrontierSigner }
|
|
|
|
|
2021-02-25 14:26:57 +00:00
|
|
|
func (s HomesteadSigner) ChainID() *big.Int {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2016-11-14 14:59:31 +00:00
|
|
|
func (s HomesteadSigner) Equal(s2 Signer) bool {
|
|
|
|
_, ok := s2.(HomesteadSigner)
|
|
|
|
return ok
|
|
|
|
}
|
|
|
|
|
2017-10-01 09:03:28 +00:00
|
|
|
// SignatureValues returns signature values. This signature
|
2017-01-05 10:35:23 +00:00
|
|
|
// needs to be in the [R || S || V] format where V is 0 or 1.
|
2017-10-01 09:03:28 +00:00
|
|
|
func (hs HomesteadSigner) SignatureValues(tx *Transaction, sig []byte) (r, s, v *big.Int, err error) {
|
|
|
|
return hs.FrontierSigner.SignatureValues(tx, sig)
|
2016-11-02 12:44:13 +00:00
|
|
|
}
|
|
|
|
|
2017-10-01 09:03:28 +00:00
|
|
|
func (hs HomesteadSigner) Sender(tx *Transaction) (common.Address, error) {
|
2021-02-25 14:26:57 +00:00
|
|
|
if tx.Type() != LegacyTxType {
|
|
|
|
return common.Address{}, ErrTxTypeNotSupported
|
|
|
|
}
|
|
|
|
v, r, s := tx.RawSignatureValues()
|
|
|
|
return recoverPlain(hs.Hash(tx), r, s, v, true)
|
2016-11-02 12:44:13 +00:00
|
|
|
}
|
|
|
|
|
2022-10-04 06:44:05 +00:00
|
|
|
// FrontierSigner implements Signer interface using the
|
|
|
|
// frontier rules.
|
2016-11-02 12:44:13 +00:00
|
|
|
type FrontierSigner struct{}
|
|
|
|
|
2021-02-25 14:26:57 +00:00
|
|
|
func (s FrontierSigner) ChainID() *big.Int {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2016-11-14 14:59:31 +00:00
|
|
|
func (s FrontierSigner) Equal(s2 Signer) bool {
|
|
|
|
_, ok := s2.(FrontierSigner)
|
|
|
|
return ok
|
|
|
|
}
|
|
|
|
|
2021-02-25 14:26:57 +00:00
|
|
|
func (fs FrontierSigner) Sender(tx *Transaction) (common.Address, error) {
|
|
|
|
if tx.Type() != LegacyTxType {
|
|
|
|
return common.Address{}, ErrTxTypeNotSupported
|
|
|
|
}
|
|
|
|
v, r, s := tx.RawSignatureValues()
|
|
|
|
return recoverPlain(fs.Hash(tx), r, s, v, false)
|
|
|
|
}
|
|
|
|
|
2017-10-01 09:03:28 +00:00
|
|
|
// SignatureValues returns signature values. This signature
|
2017-01-05 10:35:23 +00:00
|
|
|
// needs to be in the [R || S || V] format where V is 0 or 1.
|
2017-10-01 09:03:28 +00:00
|
|
|
func (fs FrontierSigner) SignatureValues(tx *Transaction, sig []byte) (r, s, v *big.Int, err error) {
|
2021-02-25 14:26:57 +00:00
|
|
|
if tx.Type() != LegacyTxType {
|
|
|
|
return nil, nil, nil, ErrTxTypeNotSupported
|
2016-11-02 12:44:13 +00:00
|
|
|
}
|
2021-02-25 14:26:57 +00:00
|
|
|
r, s, v = decodeSignature(sig)
|
2017-10-01 09:03:28 +00:00
|
|
|
return r, s, v, nil
|
2016-11-02 12:44:13 +00:00
|
|
|
}
|
|
|
|
|
2017-10-01 09:03:28 +00:00
|
|
|
// Hash returns the hash to be signed by the sender.
|
2016-11-02 12:44:13 +00:00
|
|
|
// It does not uniquely identify the transaction.
|
|
|
|
func (fs FrontierSigner) Hash(tx *Transaction) common.Hash {
|
|
|
|
return rlpHash([]interface{}{
|
2021-02-25 14:26:57 +00:00
|
|
|
tx.Nonce(),
|
|
|
|
tx.GasPrice(),
|
|
|
|
tx.Gas(),
|
|
|
|
tx.To(),
|
|
|
|
tx.Value(),
|
|
|
|
tx.Data(),
|
2016-11-02 12:44:13 +00:00
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2021-02-25 14:26:57 +00:00
|
|
|
func decodeSignature(sig []byte) (r, s, v *big.Int) {
|
|
|
|
if len(sig) != crypto.SignatureLength {
|
|
|
|
panic(fmt.Sprintf("wrong size for signature: got %d, want %d", len(sig), crypto.SignatureLength))
|
|
|
|
}
|
|
|
|
r = new(big.Int).SetBytes(sig[:32])
|
|
|
|
s = new(big.Int).SetBytes(sig[32:64])
|
|
|
|
v = new(big.Int).SetBytes([]byte{sig[64] + 27})
|
|
|
|
return r, s, v
|
2017-10-01 09:03:28 +00:00
|
|
|
}
|
2016-11-02 12:44:13 +00:00
|
|
|
|
2017-10-01 09:03:28 +00:00
|
|
|
func recoverPlain(sighash common.Hash, R, S, Vb *big.Int, homestead bool) (common.Address, error) {
|
|
|
|
if Vb.BitLen() > 8 {
|
|
|
|
return common.Address{}, ErrInvalidSig
|
|
|
|
}
|
|
|
|
V := byte(Vb.Uint64() - 27)
|
|
|
|
if !crypto.ValidateSignatureValues(V, R, S, homestead) {
|
|
|
|
return common.Address{}, ErrInvalidSig
|
2016-11-02 12:44:13 +00:00
|
|
|
}
|
2018-09-29 20:11:56 +00:00
|
|
|
// encode the signature in uncompressed format
|
2017-10-01 09:03:28 +00:00
|
|
|
r, s := R.Bytes(), S.Bytes()
|
2019-08-22 13:14:06 +00:00
|
|
|
sig := make([]byte, crypto.SignatureLength)
|
2016-11-02 12:44:13 +00:00
|
|
|
copy(sig[32-len(r):32], r)
|
|
|
|
copy(sig[64-len(s):64], s)
|
2017-01-05 10:35:23 +00:00
|
|
|
sig[64] = V
|
2018-09-29 20:11:56 +00:00
|
|
|
// recover the public key from the signature
|
2017-10-01 09:03:28 +00:00
|
|
|
pub, err := crypto.Ecrecover(sighash[:], sig)
|
2016-11-02 12:44:13 +00:00
|
|
|
if err != nil {
|
2017-10-01 09:03:28 +00:00
|
|
|
return common.Address{}, err
|
2016-11-02 12:44:13 +00:00
|
|
|
}
|
|
|
|
if len(pub) == 0 || pub[0] != 4 {
|
2017-10-01 09:03:28 +00:00
|
|
|
return common.Address{}, errors.New("invalid public key")
|
2016-11-02 12:44:13 +00:00
|
|
|
}
|
2017-10-01 09:03:28 +00:00
|
|
|
var addr common.Address
|
|
|
|
copy(addr[:], crypto.Keccak256(pub[1:])[12:])
|
|
|
|
return addr, nil
|
2016-11-02 12:44:13 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// deriveChainId derives the chain id from the given v parameter
|
|
|
|
func deriveChainId(v *big.Int) *big.Int {
|
|
|
|
if v.BitLen() <= 64 {
|
|
|
|
v := v.Uint64()
|
|
|
|
if v == 27 || v == 28 {
|
|
|
|
return new(big.Int)
|
|
|
|
}
|
|
|
|
return new(big.Int).SetUint64((v - 35) / 2)
|
|
|
|
}
|
|
|
|
v = new(big.Int).Sub(v, big.NewInt(35))
|
|
|
|
return v.Div(v, big.NewInt(2))
|
|
|
|
}
|