158 lines
6.4 KiB
JavaScript
158 lines
6.4 KiB
JavaScript
"use strict";
|
|
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
};
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
exports.hashPersonalMessage = exports.isValidSignature = exports.fromRpcSig = exports.toCompactSig = exports.toRpcSig = exports.ecrecover = exports.ecsign = void 0;
|
|
const secp256k1_1 = require("ethereum-cryptography/secp256k1");
|
|
const bn_js_1 = __importDefault(require("bn.js"));
|
|
const bytes_1 = require("./bytes");
|
|
const hash_1 = require("./hash");
|
|
const helpers_1 = require("./helpers");
|
|
const types_1 = require("./types");
|
|
function ecsign(msgHash, privateKey, chainId) {
|
|
const { signature, recid: recovery } = (0, secp256k1_1.ecdsaSign)(msgHash, privateKey);
|
|
const r = Buffer.from(signature.slice(0, 32));
|
|
const s = Buffer.from(signature.slice(32, 64));
|
|
if (!chainId || typeof chainId === 'number') {
|
|
// return legacy type ECDSASignature (deprecated in favor of ECDSASignatureBuffer to handle large chainIds)
|
|
if (chainId && !Number.isSafeInteger(chainId)) {
|
|
throw new Error('The provided number is greater than MAX_SAFE_INTEGER (please use an alternative input type)');
|
|
}
|
|
const v = chainId ? recovery + (chainId * 2 + 35) : recovery + 27;
|
|
return { r, s, v };
|
|
}
|
|
const chainIdBN = (0, types_1.toType)(chainId, types_1.TypeOutput.BN);
|
|
const v = chainIdBN.muln(2).addn(35).addn(recovery).toArrayLike(Buffer);
|
|
return { r, s, v };
|
|
}
|
|
exports.ecsign = ecsign;
|
|
function calculateSigRecovery(v, chainId) {
|
|
const vBN = (0, types_1.toType)(v, types_1.TypeOutput.BN);
|
|
if (!chainId) {
|
|
return vBN.subn(27);
|
|
}
|
|
const chainIdBN = (0, types_1.toType)(chainId, types_1.TypeOutput.BN);
|
|
return vBN.sub(chainIdBN.muln(2).addn(35));
|
|
}
|
|
function isValidSigRecovery(recovery) {
|
|
const rec = new bn_js_1.default(recovery);
|
|
return rec.eqn(0) || rec.eqn(1);
|
|
}
|
|
/**
|
|
* ECDSA public key recovery from signature.
|
|
* @returns Recovered public key
|
|
*/
|
|
const ecrecover = function (msgHash, v, r, s, chainId) {
|
|
const signature = Buffer.concat([(0, bytes_1.setLengthLeft)(r, 32), (0, bytes_1.setLengthLeft)(s, 32)], 64);
|
|
const recovery = calculateSigRecovery(v, chainId);
|
|
if (!isValidSigRecovery(recovery)) {
|
|
throw new Error('Invalid signature v value');
|
|
}
|
|
const senderPubKey = (0, secp256k1_1.ecdsaRecover)(signature, recovery.toNumber(), msgHash);
|
|
return Buffer.from((0, secp256k1_1.publicKeyConvert)(senderPubKey, false).slice(1));
|
|
};
|
|
exports.ecrecover = ecrecover;
|
|
/**
|
|
* Convert signature parameters into the format of `eth_sign` RPC method.
|
|
* @returns Signature
|
|
*/
|
|
const toRpcSig = function (v, r, s, chainId) {
|
|
const recovery = calculateSigRecovery(v, chainId);
|
|
if (!isValidSigRecovery(recovery)) {
|
|
throw new Error('Invalid signature v value');
|
|
}
|
|
// geth (and the RPC eth_sign method) uses the 65 byte format used by Bitcoin
|
|
return (0, bytes_1.bufferToHex)(Buffer.concat([(0, bytes_1.setLengthLeft)(r, 32), (0, bytes_1.setLengthLeft)(s, 32), (0, bytes_1.toBuffer)(v)]));
|
|
};
|
|
exports.toRpcSig = toRpcSig;
|
|
/**
|
|
* Convert signature parameters into the format of Compact Signature Representation (EIP-2098).
|
|
* @returns Signature
|
|
*/
|
|
const toCompactSig = function (v, r, s, chainId) {
|
|
const recovery = calculateSigRecovery(v, chainId);
|
|
if (!isValidSigRecovery(recovery)) {
|
|
throw new Error('Invalid signature v value');
|
|
}
|
|
const vn = (0, types_1.toType)(v, types_1.TypeOutput.Number);
|
|
let ss = s;
|
|
if ((vn > 28 && vn % 2 === 1) || vn === 1 || vn === 28) {
|
|
ss = Buffer.from(s);
|
|
ss[0] |= 0x80;
|
|
}
|
|
return (0, bytes_1.bufferToHex)(Buffer.concat([(0, bytes_1.setLengthLeft)(r, 32), (0, bytes_1.setLengthLeft)(ss, 32)]));
|
|
};
|
|
exports.toCompactSig = toCompactSig;
|
|
/**
|
|
* Convert signature format of the `eth_sign` RPC method to signature parameters
|
|
* NOTE: all because of a bug in geth: https://github.com/ethereum/go-ethereum/issues/2053
|
|
*/
|
|
const fromRpcSig = function (sig) {
|
|
const buf = (0, bytes_1.toBuffer)(sig);
|
|
let r;
|
|
let s;
|
|
let v;
|
|
if (buf.length >= 65) {
|
|
r = buf.slice(0, 32);
|
|
s = buf.slice(32, 64);
|
|
v = (0, bytes_1.bufferToInt)(buf.slice(64));
|
|
}
|
|
else if (buf.length === 64) {
|
|
// Compact Signature Representation (https://eips.ethereum.org/EIPS/eip-2098)
|
|
r = buf.slice(0, 32);
|
|
s = buf.slice(32, 64);
|
|
v = (0, bytes_1.bufferToInt)(buf.slice(32, 33)) >> 7;
|
|
s[0] &= 0x7f;
|
|
}
|
|
else {
|
|
throw new Error('Invalid signature length');
|
|
}
|
|
// support both versions of `eth_sign` responses
|
|
if (v < 27) {
|
|
v += 27;
|
|
}
|
|
return {
|
|
v,
|
|
r,
|
|
s,
|
|
};
|
|
};
|
|
exports.fromRpcSig = fromRpcSig;
|
|
/**
|
|
* Validate a ECDSA signature.
|
|
* @param homesteadOrLater Indicates whether this is being used on either the homestead hardfork or a later one
|
|
*/
|
|
const isValidSignature = function (v, r, s, homesteadOrLater = true, chainId) {
|
|
const SECP256K1_N_DIV_2 = new bn_js_1.default('7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a0', 16);
|
|
const SECP256K1_N = new bn_js_1.default('fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141', 16);
|
|
if (r.length !== 32 || s.length !== 32) {
|
|
return false;
|
|
}
|
|
if (!isValidSigRecovery(calculateSigRecovery(v, chainId))) {
|
|
return false;
|
|
}
|
|
const rBN = new bn_js_1.default(r);
|
|
const sBN = new bn_js_1.default(s);
|
|
if (rBN.isZero() || rBN.gt(SECP256K1_N) || sBN.isZero() || sBN.gt(SECP256K1_N)) {
|
|
return false;
|
|
}
|
|
if (homesteadOrLater && sBN.cmp(SECP256K1_N_DIV_2) === 1) {
|
|
return false;
|
|
}
|
|
return true;
|
|
};
|
|
exports.isValidSignature = isValidSignature;
|
|
/**
|
|
* Returns the keccak-256 hash of `message`, prefixed with the header used by the `eth_sign` RPC call.
|
|
* The output of this function can be fed into `ecsign` to produce the same signature as the `eth_sign`
|
|
* call for a given `message`, or fed to `ecrecover` along with a signature to recover the public key
|
|
* used to produce the signature.
|
|
*/
|
|
const hashPersonalMessage = function (message) {
|
|
(0, helpers_1.assertIsBuffer)(message);
|
|
const prefix = Buffer.from(`\u0019Ethereum Signed Message:\n${message.length}`, 'utf-8');
|
|
return (0, hash_1.keccak)(Buffer.concat([prefix, message]));
|
|
};
|
|
exports.hashPersonalMessage = hashPersonalMessage;
|
|
//# sourceMappingURL=signature.js.map
|