crypto: add SignatureLength constant and use it everywhere (#19996)

This commit is contained in:
Daniel Liu 2024-11-29 16:08:31 +08:00
parent 8dcea8ddf8
commit ad5e7d6db3
15 changed files with 38 additions and 32 deletions

View file

@ -42,6 +42,7 @@ import (
"github.com/XinFinOrg/XDPoSChain/core/state" "github.com/XinFinOrg/XDPoSChain/core/state"
"github.com/XinFinOrg/XDPoSChain/core/types" "github.com/XinFinOrg/XDPoSChain/core/types"
"github.com/XinFinOrg/XDPoSChain/core/vm" "github.com/XinFinOrg/XDPoSChain/core/vm"
"github.com/XinFinOrg/XDPoSChain/crypto"
"github.com/XinFinOrg/XDPoSChain/eth/filters" "github.com/XinFinOrg/XDPoSChain/eth/filters"
"github.com/XinFinOrg/XDPoSChain/ethdb" "github.com/XinFinOrg/XDPoSChain/ethdb"
"github.com/XinFinOrg/XDPoSChain/event" "github.com/XinFinOrg/XDPoSChain/event"
@ -101,7 +102,7 @@ func NewXDCSimulatedBackend(alloc core.GenesisAlloc, gasLimit uint64, chainConfi
GasLimit: gasLimit, // need this big, support initial smart contract GasLimit: gasLimit, // need this big, support initial smart contract
Config: chainConfig, Config: chainConfig,
Alloc: alloc, Alloc: alloc,
ExtraData: append(make([]byte, 32), make([]byte, 65)...), ExtraData: append(make([]byte, 32), make([]byte, crypto.SignatureLength)...),
} }
genesis.MustCommit(database) genesis.MustCommit(database)
consensus := XDPoS.NewFaker(database, chainConfig) consensus := XDPoS.NewFaker(database, chainConfig)

View file

@ -32,6 +32,7 @@ import (
"github.com/XinFinOrg/XDPoSChain/common" "github.com/XinFinOrg/XDPoSChain/common"
"github.com/XinFinOrg/XDPoSChain/common/hexutil" "github.com/XinFinOrg/XDPoSChain/common/hexutil"
"github.com/XinFinOrg/XDPoSChain/core/types" "github.com/XinFinOrg/XDPoSChain/core/types"
"github.com/XinFinOrg/XDPoSChain/crypto"
"github.com/XinFinOrg/XDPoSChain/log" "github.com/XinFinOrg/XDPoSChain/log"
"github.com/XinFinOrg/XDPoSChain/rlp" "github.com/XinFinOrg/XDPoSChain/rlp"
) )
@ -341,7 +342,7 @@ func (w *ledgerDriver) ledgerSign(derivationPath []uint32, tx *types.Transaction
op = ledgerP1ContTransactionData op = ledgerP1ContTransactionData
} }
// Extract the Ethereum signature and do a sanity validation // Extract the Ethereum signature and do a sanity validation
if len(reply) != 65 { if len(reply) != crypto.SignatureLength {
return common.Address{}, nil, errors.New("reply lacks signature") return common.Address{}, nil, errors.New("reply lacks signature")
} }
signature := append(reply[1:], reply[0]) signature := append(reply[1:], reply[0])
@ -352,7 +353,7 @@ func (w *ledgerDriver) ledgerSign(derivationPath []uint32, tx *types.Transaction
signer = new(types.HomesteadSigner) signer = new(types.HomesteadSigner)
} else { } else {
signer = types.NewEIP155Signer(chainID) signer = types.NewEIP155Signer(chainID)
signature[64] = signature[64] - byte(chainID.Uint64()*2+35) signature[crypto.RecoveryIDOffset] = signature[crypto.RecoveryIDOffset] - byte(chainID.Uint64()*2+35)
} }
signed, err := tx.WithSignature(signer, signature) signed, err := tx.WithSignature(signer, signature)
if err != nil { if err != nil {

View file

@ -32,6 +32,7 @@ import (
"github.com/XinFinOrg/XDPoSChain/common" "github.com/XinFinOrg/XDPoSChain/common"
"github.com/XinFinOrg/XDPoSChain/common/hexutil" "github.com/XinFinOrg/XDPoSChain/common/hexutil"
"github.com/XinFinOrg/XDPoSChain/core/types" "github.com/XinFinOrg/XDPoSChain/core/types"
"github.com/XinFinOrg/XDPoSChain/crypto"
"github.com/XinFinOrg/XDPoSChain/log" "github.com/XinFinOrg/XDPoSChain/log"
"github.com/golang/protobuf/proto" "github.com/golang/protobuf/proto"
) )
@ -222,7 +223,7 @@ func (w *trezorDriver) trezorSign(derivationPath []uint32, tx *types.Transaction
} else { } else {
// Trezor backend does not support typed transactions yet. // Trezor backend does not support typed transactions yet.
signer = types.NewEIP155Signer(chainID) signer = types.NewEIP155Signer(chainID)
signature[64] = signature[64] - byte(chainID.Uint64()*2+35) signature[crypto.RecoveryIDOffset] = signature[crypto.RecoveryIDOffset] - byte(chainID.Uint64()*2+35)
} }
// Inject the final signature into the transaction and sanity check the sender // Inject the final signature into the transaction and sanity check the sender

View file

@ -105,7 +105,7 @@ func (w *wizard) makeGenesis() {
} }
} }
} }
genesis.ExtraData = make([]byte, 32+len(signers)*common.AddressLength+65) genesis.ExtraData = make([]byte, 32+len(signers)*common.AddressLength+crypto.SignatureLength)
for i, signer := range signers { for i, signer := range signers {
copy(genesis.ExtraData[32+i*common.AddressLength:], signer[:]) copy(genesis.ExtraData[32+i*common.AddressLength:], signer[:])
} }
@ -179,7 +179,7 @@ func (w *wizard) makeGenesis() {
validatorCap := new(big.Int) validatorCap := new(big.Int)
validatorCap.SetString("50000000000000000000000", 10) validatorCap.SetString("50000000000000000000000", 10)
var validatorCaps []*big.Int var validatorCaps []*big.Int
genesis.ExtraData = make([]byte, 32+len(signers)*common.AddressLength+65) genesis.ExtraData = make([]byte, 32+len(signers)*common.AddressLength+crypto.SignatureLength)
for i, signer := range signers { for i, signer := range signers {
validatorCaps = append(validatorCaps, validatorCap) validatorCaps = append(validatorCaps, validatorCap)
copy(genesis.ExtraData[32+i*common.AddressLength:], signer[:]) copy(genesis.ExtraData[32+i*common.AddressLength:], signer[:])

View file

@ -74,7 +74,7 @@ func sigHash(header *types.Header) (hash common.Hash) {
header.GasLimit, header.GasLimit,
header.GasUsed, header.GasUsed,
header.Time, header.Time,
header.Extra[:len(header.Extra)-65], // Yes, this will panic if extra is too short header.Extra[:len(header.Extra)-crypto.SignatureLength], // Yes, this will panic if extra is too short
header.MixDigest, header.MixDigest,
header.Nonce, header.Nonce,
} }

View file

@ -56,8 +56,8 @@ var (
epochLength = uint64(30000) // Default number of blocks after which to checkpoint and reset the pending votes epochLength = uint64(30000) // Default number of blocks after which to checkpoint and reset the pending votes
blockPeriod = uint64(15) // Default minimum difference between two consecutive block's timestamps blockPeriod = uint64(15) // Default minimum difference between two consecutive block's timestamps
extraVanity = 32 // Fixed number of extra-data prefix bytes reserved for signer vanity extraVanity = 32 // Fixed number of extra-data prefix bytes reserved for signer vanity
extraSeal = 65 // Fixed number of extra-data suffix bytes reserved for signer seal extraSeal = crypto.SignatureLength // Fixed number of extra-data suffix bytes reserved for signer seal
nonceAuthVote = hexutil.MustDecode("0xffffffffffffffff") // Magic nonce number to vote on adding a new signer nonceAuthVote = hexutil.MustDecode("0xffffffffffffffff") // Magic nonce number to vote on adding a new signer
nonceDropVote = hexutil.MustDecode("0x0000000000000000") // Magic nonce number to vote on removing a signer. nonceDropVote = hexutil.MustDecode("0x0000000000000000") // Magic nonce number to vote on removing a signer.
@ -160,7 +160,7 @@ func sigHash(header *types.Header) (hash common.Hash) {
header.GasLimit, header.GasLimit,
header.GasUsed, header.GasUsed,
header.Time, header.Time,
header.Extra[:len(header.Extra)-65], // Yes, this will panic if extra is too short header.Extra[:len(header.Extra)-crypto.SignatureLength], // Yes, this will panic if extra is too short
header.MixDigest, header.MixDigest,
header.Nonce, header.Nonce,
} }

View file

@ -26,6 +26,7 @@ import (
"strings" "strings"
"github.com/XinFinOrg/XDPoSChain/core/rawdb" "github.com/XinFinOrg/XDPoSChain/core/rawdb"
"github.com/XinFinOrg/XDPoSChain/crypto"
"github.com/XinFinOrg/XDPoSChain/common" "github.com/XinFinOrg/XDPoSChain/common"
"github.com/XinFinOrg/XDPoSChain/common/hexutil" "github.com/XinFinOrg/XDPoSChain/common/hexutil"
@ -376,7 +377,7 @@ func DeveloperGenesisBlock(period uint64, faucet common.Address) *Genesis {
// Assemble and return the genesis with the precompiles and faucet pre-funded // Assemble and return the genesis with the precompiles and faucet pre-funded
return &Genesis{ return &Genesis{
Config: &config, Config: &config,
ExtraData: append(append(make([]byte, 32), faucet[:]...), make([]byte, 65)...), ExtraData: append(append(make([]byte, 32), faucet[:]...), make([]byte, crypto.SignatureLength)...),
GasLimit: 6283185, GasLimit: 6283185,
BaseFee: big.NewInt(params.InitialBaseFee), BaseFee: big.NewInt(params.InitialBaseFee),
Difficulty: big.NewInt(1), Difficulty: big.NewInt(1),

View file

@ -97,7 +97,7 @@ func (lendingsign LendingTxSigner) Equal(s2 LendingSigner) bool {
// SignatureValues returns signature values. This signature needs to be in the [R || S || V] format where V is 0 or 1. // SignatureValues returns signature values. This signature needs to be in the [R || S || V] format where V is 0 or 1.
func (lendingsign LendingTxSigner) SignatureValues(tx *LendingTransaction, sig []byte) (r, s, v *big.Int, err error) { func (lendingsign LendingTxSigner) SignatureValues(tx *LendingTransaction, sig []byte) (r, s, v *big.Int, err error) {
if len(sig) != 65 { if len(sig) != crypto.SignatureLength {
panic(fmt.Sprintf("wrong size for signature: got %d, want 65", len(sig))) panic(fmt.Sprintf("wrong size for signature: got %d, want 65", len(sig)))
} }
r = new(big.Int).SetBytes(sig[:32]) r = new(big.Int).SetBytes(sig[:32])

View file

@ -97,7 +97,7 @@ func (ordersign OrderTxSigner) Equal(s2 OrderSigner) bool {
// SignatureValues returns signature values. This signature needs to be in the [R || S || V] format where V is 0 or 1. // SignatureValues returns signature values. This signature needs to be in the [R || S || V] format where V is 0 or 1.
func (ordersign OrderTxSigner) SignatureValues(tx *OrderTransaction, sig []byte) (r, s, v *big.Int, err error) { func (ordersign OrderTxSigner) SignatureValues(tx *OrderTransaction, sig []byte) (r, s, v *big.Int, err error) {
if len(sig) != 65 { if len(sig) != crypto.SignatureLength {
panic(fmt.Sprintf("wrong size for signature: got %d, want 65", len(sig))) panic(fmt.Sprintf("wrong size for signature: got %d, want 65", len(sig)))
} }
r = new(big.Int).SetBytes(sig[:32]) r = new(big.Int).SetBytes(sig[:32])

View file

@ -477,7 +477,7 @@ func recoverPlain(sighash common.Hash, R, S, Vb *big.Int, homestead bool) (commo
} }
// encode the snature in uncompressed format // encode the snature in uncompressed format
r, s := R.Bytes(), S.Bytes() r, s := R.Bytes(), S.Bytes()
sig := make([]byte, 65) sig := make([]byte, crypto.SignatureLength)
copy(sig[32-len(r):32], r) copy(sig[32-len(r):32], r)
copy(sig[64-len(s):64], s) copy(sig[64-len(s):64], s)
sig[64] = V sig[64] = V

View file

@ -200,7 +200,7 @@ func (c *ecrecover) Run(input []byte) ([]byte, error) {
} }
// We must make sure not to modify the 'input', so placing the 'v' along with // We must make sure not to modify the 'input', so placing the 'v' along with
// the signature needs to be done on a new allocation // the signature needs to be done on a new allocation
sig := make([]byte, 65) sig := make([]byte, crypto.SignatureLength)
copy(sig, input[64:128]) copy(sig, input[64:128])
sig[64] = v sig[64] = v
// v needs to be at the end for libsecp256k1 // v needs to be at the end for libsecp256k1

View file

@ -14,6 +14,7 @@
// You should have received a copy of the GNU Lesser General Public License // You should have received a copy of the GNU Lesser General Public License
// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>. // along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
//go:build !nacl && !js && cgo
// +build !nacl,!js,cgo // +build !nacl,!js,cgo
package crypto package crypto
@ -47,24 +48,24 @@ func SigToPub(hash, sig []byte) (*ecdsa.PublicKey, error) {
// //
// This function is susceptible to chosen plaintext attacks that can leak // This function is susceptible to chosen plaintext attacks that can leak
// information about the private key that is used for signing. Callers must // information about the private key that is used for signing. Callers must
// be aware that the given hash cannot be chosen by an adversery. Common // be aware that the given digest cannot be chosen by an adversery. Common
// solution is to hash any input before calculating the signature. // solution is to hash any input before calculating the signature.
// //
// The produced signature is in the [R || S || V] format where V is 0 or 1. // The produced signature is in the [R || S || V] format where V is 0 or 1.
func Sign(hash []byte, prv *ecdsa.PrivateKey) (sig []byte, err error) { func Sign(digestHash []byte, prv *ecdsa.PrivateKey) (sig []byte, err error) {
if len(hash) != 32 { if len(digestHash) != DigestLength {
return nil, fmt.Errorf("hash is required to be exactly 32 bytes (%d)", len(hash)) return nil, fmt.Errorf("hash is required to be exactly %d bytes (%d)", DigestLength, len(digestHash))
} }
seckey := math.PaddedBigBytes(prv.D, prv.Params().BitSize/8) seckey := math.PaddedBigBytes(prv.D, prv.Params().BitSize/8)
defer zeroBytes(seckey) defer zeroBytes(seckey)
return secp256k1.Sign(hash, seckey) return secp256k1.Sign(digestHash, seckey)
} }
// VerifySignature checks that the given public key created signature over hash. // VerifySignature checks that the given public key created signature over digest.
// The public key should be in compressed (33 bytes) or uncompressed (65 bytes) format. // The public key should be in compressed (33 bytes) or uncompressed (65 bytes) format.
// The signature should have the 64 byte [R || S] format. // The signature should have the 64 byte [R || S] format.
func VerifySignature(pubkey, hash, signature []byte) bool { func VerifySignature(pubkey, digestHash, signature []byte) bool {
return secp256k1.VerifySignature(pubkey, hash, signature) return secp256k1.VerifySignature(pubkey, digestHash, signature)
} }
// DecompressPubkey parses a public key in the 33-byte compressed format. // DecompressPubkey parses a public key in the 33-byte compressed format.

View file

@ -14,6 +14,7 @@
// You should have received a copy of the GNU Lesser General Public License // You should have received a copy of the GNU Lesser General Public License
// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>. // along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
//go:build nacl || js || !cgo
// +build nacl js !cgo // +build nacl js !cgo
package crypto package crypto
@ -41,7 +42,7 @@ func Ecrecover(hash, sig []byte) ([]byte, error) {
// SigToPub returns the public key that created the given signature. // SigToPub returns the public key that created the given signature.
func SigToPub(hash, sig []byte) (*ecdsa.PublicKey, error) { func SigToPub(hash, sig []byte) (*ecdsa.PublicKey, error) {
// Convert to btcec input format with 'recovery id' v at the beginning. // Convert to btcec input format with 'recovery id' v at the beginning.
btcsig := make([]byte, 65) btcsig := make([]byte, SignatureLength)
btcsig[0] = sig[64] + 27 btcsig[0] = sig[64] + 27
copy(btcsig[1:], sig) copy(btcsig[1:], sig)
@ -58,7 +59,7 @@ func SigToPub(hash, sig []byte) (*ecdsa.PublicKey, error) {
// //
// The produced signature is in the [R || S || V] format where V is 0 or 1. // The produced signature is in the [R || S || V] format where V is 0 or 1.
func Sign(hash []byte, prv *ecdsa.PrivateKey) ([]byte, error) { func Sign(hash []byte, prv *ecdsa.PrivateKey) ([]byte, error) {
if len(hash) != 32 { if len(hash) != DigestLength {
return nil, fmt.Errorf("hash is required to be exactly 32 bytes (%d)", len(hash)) return nil, fmt.Errorf("hash is required to be exactly 32 bytes (%d)", len(hash))
} }
if prv.Curve != btcec.S256() { if prv.Curve != btcec.S256() {

View file

@ -542,7 +542,7 @@ func (s *PrivateAccountAPI) Sign(ctx context.Context, data hexutil.Bytes, addr c
if err != nil { if err != nil {
return nil, err return nil, err
} }
signature[64] += 27 // Transform V from 0/1 to 27/28 according to the yellow paper signature[crypto.RecoveryIDOffset] += 27 // Transform V from 0/1 to 27/28 according to the yellow paper
return signature, nil return signature, nil
} }
@ -3264,7 +3264,7 @@ func (s *PublicTransactionPoolAPI) Sign(addr common.Address, data hexutil.Bytes)
// Sign the requested hash with the wallet // Sign the requested hash with the wallet
signature, err := wallet.SignHash(account, signHash(data)) signature, err := wallet.SignHash(account, signHash(data))
if err == nil { if err == nil {
signature[64] += 27 // Transform V from 0/1 to 27/28 according to the yellow paper signature[crypto.RecoveryIDOffset] += 27 // Transform V from 0/1 to 27/28 according to the yellow paper
} }
return signature, err return signature, err
} }

View file

@ -37,19 +37,19 @@ import (
"github.com/XinFinOrg/XDPoSChain/crypto" "github.com/XinFinOrg/XDPoSChain/crypto"
"github.com/XinFinOrg/XDPoSChain/crypto/ecies" "github.com/XinFinOrg/XDPoSChain/crypto/ecies"
"github.com/XinFinOrg/XDPoSChain/crypto/secp256k1" "github.com/XinFinOrg/XDPoSChain/crypto/secp256k1"
"golang.org/x/crypto/sha3"
"github.com/XinFinOrg/XDPoSChain/p2p/discover" "github.com/XinFinOrg/XDPoSChain/p2p/discover"
"github.com/XinFinOrg/XDPoSChain/rlp" "github.com/XinFinOrg/XDPoSChain/rlp"
"github.com/golang/snappy" "github.com/golang/snappy"
"golang.org/x/crypto/sha3"
) )
const ( const (
maxUint24 = ^uint32(0) >> 8 maxUint24 = ^uint32(0) >> 8
sskLen = 16 // ecies.MaxSharedKeyLength(pubKey) / 2 sskLen = 16 // ecies.MaxSharedKeyLength(pubKey) / 2
sigLen = 65 // elliptic S256 sigLen = crypto.SignatureLength // elliptic S256
pubLen = 64 // 512 bit pubkey in uncompressed representation without format byte pubLen = 64 // 512 bit pubkey in uncompressed representation without format byte
shaLen = 32 // hash length (for nonce etc) shaLen = 32 // hash length (for nonce etc)
authMsgLen = sigLen + shaLen + pubLen + shaLen + 1 authMsgLen = sigLen + shaLen + pubLen + shaLen + 1
authRespLen = pubLen + shaLen + 1 authRespLen = pubLen + shaLen + 1