More crypto additions.

11 years ago · 00da157812
4 changed files with 215 additions and 35 deletions
--- a/libethereum/Common.h
+++ b/libethereum/Common.h
@ -96,6 +96,15 @@ inline void toBigEndian(_T _val, _Out& o_out)
 		o_out[s - 1 - i] = (typename _Out::value_type)(uint8_t)_val;
 }

+template <class _T, class _In>
+inline _T fromBigEndian(_In const& _bytes)
+{
+	_T ret = 0;
+	for (auto i: _bytes)
+		ret = (ret << 8) | (byte)(typename std::make_unsigned<typename _In::value_type>::type)i;
+	return ret;
+}
+
 inline std::string toBigEndianString(u256 _val) { std::string ret(32, '\0'); toBigEndian(_val, ret); return ret; }
 inline std::string toBigEndianString(u160 _val) { std::string ret(20, '\0'); toBigEndian(_val, ret); return ret; }

--- a/libethereum/VirtualMachine.cpp
+++ b/libethereum/VirtualMachine.cpp
@ -1,7 +1,7 @@
 #include <secp256k1.h>
 #include <random>
 #include "sha256.h"
-#include "VirtualMachine.h"
+#include "State.h"
 using namespace std;
 using namespace eth;

@ -11,22 +11,56 @@ u256 const State::c_memoryFee = 0;
 u256 const State::c_extroFee = 0;
 u256 const State::c_cryptoFee = 0;
 u256 const State::c_newContractFee = 0;
+u256 const State::c_txFee = 0;

-u160 Transaction::sender() const
+std::mt19937_64* State::s_engine = nullptr;
+
+u256 kFromMessage(u256 _msg, u256 _priv)
+{
+	/*
+	v = '\x01' * 32
+	k = '\x00' * 32
+	priv = encode_privkey(priv,'bin')
+	msghash = encode(hash_to_int(msghash),256,32)
+	k = hmac.new(k, v+'\x00'+priv+msghash, hashlib.sha256).digest()
+	v = hmac.new(k, v, hashlib.sha256).digest()
+	k = hmac.new(k, v+'\x01'+priv+msghash, hashlib.sha256).digest()
+	v = hmac.new(k, v, hashlib.sha256).digest()
+	return decode(hmac.new(k, v, hashlib.sha256).digest(),256)
+	*/
+	return 0;
+}
+
+Address Transaction::sender() const
 {
 	State::ensureCrypto();

 	bytes sig = toBigEndian(vrs.r) + toBigEndian(vrs.s);
 	assert(sig.size() == 64);
-	RLPStream rlp;
-	fillStream(rlp, false);
-	bytes msg = eth::sha256Bytes(rlp.out());
+	bytes msg = sha256Bytes(false);

-	bytes pubkey(65);
+	byte pubkey[65];
 	int pubkeylen = 65;
-	if (!secp256k1_ecdsa_recover_compact(msg.data(), msg.size(), sig.data(), pubkey.data(), &pubkeylen, 0, (int)vrs.v - 27))
+	if (!secp256k1_ecdsa_recover_compact(msg.data(), msg.size(), sig.data(), pubkey, &pubkeylen, 0, (int)vrs.v - 27))
 		throw InvalidSignature();
-	return low160(eth::sha256(bytesConstRef(&pubkey).cropped(1)));
+	return low160(eth::sha256(bytesConstRef(&pubkey[1], 64)));
+}
+
+void Transaction::sign(PrivateKey _priv)
+{
+	bytes sig(64);
+	bytes nonce(32);
+	for (auto& i: nonce)
+		i = std::uniform_int_distribution<byte>(0, 255)(State::engine());
+	int v = 0;
+
+	bytes msg = sha256Bytes(false);
+	if (!secp256k1_ecdsa_sign_compact(msg.data(), msg.size(), sig.data(), toBigEndian(_priv).data(), nonce.data(), &v))
+		throw InvalidSignature();
+
+	vrs.v = v + 27;
+	vrs.r = fromBigEndian<u256>(bytesConstRef(&sig).cropped(0, 32));
+	vrs.s = fromBigEndian<u256>(bytesConstRef(&sig).cropped(32));
 }

 Transaction::Transaction(bytes const& _rlpData)
@ -39,7 +73,7 @@ Transaction::Transaction(bytes const& _rlpData)
 	data.reserve(rlp[4].itemCountStrict());
 	for (auto const& i: rlp[4])
 		data.push_back(i.toFatIntStrict());
-	vrs = Signature{ rlp[5].toFatIntStrict(), rlp[6].toFatIntStrict(), rlp[7].toFatIntStrict() };
+	vrs = Signature{ (byte)rlp[5].toSlimIntStrict(), rlp[6].toFatIntStrict(), rlp[7].toFatIntStrict() };
 }

 void Transaction::fillStream(RLPStream& _s, bool _sig) const
@ -49,12 +83,24 @@ void Transaction::fillStream(RLPStream& _s, bool _sig) const
 		_s << toCompactBigEndianString(vrs.v) << toCompactBigEndianString(vrs.r) << toCompactBigEndianString(vrs.s);
 }

+State::State(Address _minerAddress): m_minerAddress(_minerAddress)
+{
+	ensureCrypto();
+}
+
 void State::ensureCrypto()
 {
 	secp256k1_start();
 }

-bool State::execute(Transaction const& _t, u160 _sender)
+mt19937_64& State::engine()
+{
+	if (!s_engine)
+		s_engine = new mt19937_64(random_device()());
+	return *s_engine;
+}
+
+bool State::execute(Transaction const& _t, Address _sender)
 {
 	// Entry point for a contract-originated transaction.

@ -107,7 +153,7 @@ bool State::execute(Transaction const& _t, u160 _sender)
 			return false;
 		}

-		u160 newAddress = low160(_t.sha256());
+		Address newAddress = low160(_t.sha256());

 		if (isContractAddress(newAddress))
 		{
@ -126,7 +172,7 @@ bool State::execute(Transaction const& _t, u160 _sender)
 	}
 }

-void State::execute(u160 _myAddress, u160 _txSender, u256 _txValue, u256 _txFee, u256s const& _txData, u256* _totalFee)
+void State::execute(Address _myAddress, Address _txSender, u256 _txValue, u256 _txFee, u256s const& _txData, u256* _totalFee)
 {
 	std::vector<u256> stack;
 	auto m = m_current.find(_myAddress);
@ -152,6 +198,12 @@ void State::execute(u160 _myAddress, u160 _txSender, u256 _txValue, u256 _txFee,
 			myMemory.erase(_n);
 	};

+	if (balance(_myAddress) < _txFee)
+		throw NotEnoughCash();
+
+	subBalance(_myAddress, _txFee);
+	*_totalFee += _txFee;
+
 	u256 curPC = 0;
 	u256 nextPC = 1;
 	u256 stepCount = 0;
@ -185,6 +237,10 @@ void State::execute(u160 _myAddress, u160 _txSender, u256 _txValue, u256 _txFee,
 			minerFee += c_extroFee;
 			break;

+		case Instruction::MKTX:
+			minerFee += c_txFee;
+			break;
+
 		case Instruction::SHA256:
 		case Instruction::RIPEMD160:
 		case Instruction::ECMUL:
@ -199,7 +255,7 @@ void State::execute(u160 _myAddress, u160 _txSender, u256 _txValue, u256 _txFee,
 		}

 		if (minerFee + voidFee > balance(_myAddress))
-			return;
+			throw NotEnoughCash();
 		subBalance(_myAddress, minerFee + voidFee);
 		*_totalFee += (u256)minerFee;

@ -346,13 +402,122 @@ void State::execute(u160 _myAddress, u160 _txSender, u256 _txValue, u256 _txFee,
 			break;
 		}
 		case Instruction::ECMUL:
+		{
+			// ECMUL - pops three items.
+			// If (S[-2],S[-1]) are a valid point in secp256k1, including both coordinates being less than P, pushes (S[-1],S[-2]) * S[-3], using (0,0) as the point at infinity.
+			// Otherwise, pushes (0,0).
+			require(3);
+
+			bytes pub(1, 4);
+			pub += toBigEndian(stack[stack.size() - 2]);
+			pub += toBigEndian(stack.back());
+			stack.pop_back();
+			stack.pop_back();

+			bytes x = toBigEndian(stack.back());
+			stack.pop_back();
+
+			if (secp256k1_ecdsa_pubkey_verify(pub.data(), pub.size()))	// TODO: Check both are less than P.
+			{
+				secp256k1_ecdsa_pubkey_tweak_mul(pub.data(), pub.size(), x.data());
+				stack.push_back(fromBigEndian<u256>(bytesConstRef(&pub).cropped(1, 32)));
+				stack.push_back(fromBigEndian<u256>(bytesConstRef(&pub).cropped(33, 32)));
+			}
+			else
+			{
+				stack.push_back(0);
+				stack.push_back(0);
+			}
+			break;
+		}
 		case Instruction::ECADD:
+		{
+			// ECADD - pops four items and pushes (S[-4],S[-3]) + (S[-2],S[-1]) if both points are valid, otherwise (0,0).
+			require(4);
+
+			bytes pub(1, 4);
+			pub += toBigEndian(stack[stack.size() - 2]);
+			pub += toBigEndian(stack.back());
+			stack.pop_back();
+			stack.pop_back();
+
+			bytes tweak(1, 4);
+			tweak += toBigEndian(stack[stack.size() - 2]);
+			tweak += toBigEndian(stack.back());
+			stack.pop_back();
+			stack.pop_back();
+
+			if (secp256k1_ecdsa_pubkey_verify(pub.data(), pub.size()) && secp256k1_ecdsa_pubkey_verify(tweak.data(), tweak.size()))
+			{
+				secp256k1_ecdsa_pubkey_tweak_add(pub.data(), pub.size(), tweak.data());
+				stack.push_back(fromBigEndian<u256>(bytesConstRef(&pub).cropped(1, 32)));
+				stack.push_back(fromBigEndian<u256>(bytesConstRef(&pub).cropped(33, 32)));
+			}
+			else
+			{
+				stack.push_back(0);
+				stack.push_back(0);
+			}
+			break;
+		}
 		case Instruction::ECSIGN:
+		{
+			require(2);
+			bytes sig(64);
+			int v = 0;
+
+			u256 msg = stack.back();
+			stack.pop_back();
+			u256 priv = stack.back();
+			stack.pop_back();
+			bytes nonce = toBigEndian(kFromMessage(msg, priv));
+
+			if (!secp256k1_ecdsa_sign_compact(toBigEndian(msg).data(), 64, sig.data(), toBigEndian(priv).data(), nonce.data(), &v))
+				throw InvalidSignature();
+
+			stack.push_back(v + 27);
+			stack.push_back(fromBigEndian<u256>(bytesConstRef(&sig).cropped(0, 32)));
+			stack.push_back(fromBigEndian<u256>(bytesConstRef(&sig).cropped(32)));
+			break;
+		}
 		case Instruction::ECRECOVER:
+		{
+			require(4);
+
+			bytes sig = toBigEndian(stack[stack.size() - 2]) + toBigEndian(stack.back());
+			stack.pop_back();
+			stack.pop_back();
+			int v = (int)stack.back();
+			stack.pop_back();
+			bytes msg = toBigEndian(stack.back());
+			stack.pop_back();
+
+			byte pubkey[65];
+			int pubkeylen = 65;
+			if (secp256k1_ecdsa_recover_compact(msg.data(), msg.size(), sig.data(), pubkey, &pubkeylen, 0, v - 27))
+			{
+				stack.push_back(0);
+				stack.push_back(0);
+			}
+			else
+			{
+				stack.push_back(fromBigEndian<u256>(bytesConstRef(&pubkey[1], 32)));
+				stack.push_back(fromBigEndian<u256>(bytesConstRef(&pubkey[33], 32)));
+			}
+			break;
+		}
 		case Instruction::ECVALID:
-			// TODO
+		{
+			require(2);
+			bytes pub(1, 4);
+			pub += toBigEndian(stack[stack.size() - 2]);
+			pub += toBigEndian(stack.back());
+			stack.pop_back();
+			stack.pop_back();
+
+			stack.back() = secp256k1_ecdsa_pubkey_verify(pub.data(), pub.size()) ? 1 : 0;
 			break;
+		}
 		case Instruction::PUSH:
 		{
 			stack.push_back(mem(curPC + 1));
@ -426,7 +591,7 @@ void State::execute(u160 _myAddress, u160 _txSender, u256 _txValue, u256 _txFee,
 			require(2);
 			auto memoryAddress = stack.back();
 			stack.pop_back();
-			u160 contractAddress = as160(stack.back());
+			Address contractAddress = as160(stack.back());
 			stack.back() = contractMemory(contractAddress, memoryAddress);
 			break;
 		}
@ -467,10 +632,9 @@ void State::execute(u160 _myAddress, u160 _txSender, u256 _txValue, u256 _txFee,
 		case Instruction::SUICIDE:
 		{
 			require(1);
-			u160 dest = as160(stack.back());
+			Address dest = as160(stack.back());
 			u256 minusVoidFee = m_current[_myAddress].memory().size() * c_memoryFee;
 			addBalance(dest, balance(_myAddress) + minusVoidFee);
-			subBalance(dest, _txFee);
 			m_current.erase(_myAddress);
 			// ...follow through to...
 		}
--- a/libethereum/VirtualMachine.h
+++ b/libethereum/VirtualMachine.h
@ -65,6 +65,7 @@ enum class Instruction: uint8_t
 	SUICIDE = 0xff		///< Rx - destroys the contract and clears all memory, sending the entire balance plus the negative fee from clearing memory minus TXFEE to the address
 };

+class NotEnoughCash: public std::exception {};
 class BadInstruction: public std::exception {};
 class StackTooSmall: public std::exception { public: StackTooSmall(u256 _req, u256 _got): req(_req), got(_got) {} u256 req; u256 got; };
 class OperandOutOfRange: public std::exception { public: OperandOutOfRange(u256 _min, u256 _max, u256 _got): mn(_min), mx(_max), got(_got) {} u256 mn; u256 mx; u256 got; };
@ -184,11 +185,13 @@ inline u160 as160(_T const& _t)

 struct Signature
 {
-	u256 v;
+	byte v;
 	u256 r;
 	u256 s;
 };

+using PrivateKey = u256;
+using Address = u160;

 // [ nonce, receiving_address, value, fee, [ data item 0, data item 1 ... data item n ], v, r, s ]
 struct Transaction
@ -197,42 +200,45 @@ struct Transaction
 	Transaction(bytes const& _rlp);

 	u256 nonce;
-	u160 receiveAddress;
+	Address receiveAddress;
 	u256 value;
 	u256 fee;
 	u256s data;
 	Signature vrs;

-	u160 sender() const;
+	Address sender() const;
+	void sign(PrivateKey _priv);

 	void fillStream(RLPStream& _s, bool _sig = true) const;
 	bytes rlp(bool _sig = true) const { RLPStream s; fillStream(s, _sig); return s.out(); }
 	std::string rlpString(bool _sig = true) const { RLPStream s; fillStream(s, _sig); return s.str(); }
 	u256 sha256(bool _sig = true) const { RLPStream s; fillStream(s, _sig); return eth::sha256(s.out()); }
+	bytes sha256Bytes(bool _sig = true) const { RLPStream s; fillStream(s, _sig); return eth::sha256Bytes(s.out()); }
 };

 class State
 {
 public:
-	explicit State(u256 _minerAddress): m_minerAddress(_minerAddress) {}
+	explicit State(Address _minerAddress);

 	static void ensureCrypto();
+	static std::mt19937_64& engine();

 	bool verify(bytes const& _block);
 	bool execute(bytes const& _rlp) { try { Transaction t(_rlp); return execute(t, t.sender()); } catch (...) { return false; } }	// remove const_cast once vector_ref can handle const vector* properly.

 private:
-	bool execute(Transaction const& _t, u160 _sender);
+	bool execute(Transaction const& _t, Address _sender);

-	bool isNormalAddress(u160 _address) const { auto it = m_current.find(_address); return it != m_current.end() && it->second.type() == AddressType::Normal; }
-	bool isContractAddress(u160 _address) const { auto it = m_current.find(_address); return it != m_current.end() && it->second.type() == AddressType::Contract; }
+	bool isNormalAddress(Address _address) const { auto it = m_current.find(_address); return it != m_current.end() && it->second.type() == AddressType::Normal; }
+	bool isContractAddress(Address _address) const { auto it = m_current.find(_address); return it != m_current.end() && it->second.type() == AddressType::Contract; }

-	u256 balance(u160 _id) const { auto it = m_current.find(_id); return it == m_current.end() ? 0 : it->second.balance(); }
-	void addBalance(u160 _id, u256 _amount) { auto it = m_current.find(_id); if (it == m_current.end()) it->second.balance() = _amount; else it->second.balance() += _amount; }
+	u256 balance(Address _id) const { auto it = m_current.find(_id); return it == m_current.end() ? 0 : it->second.balance(); }
+	void addBalance(Address _id, u256 _amount) { auto it = m_current.find(_id); if (it == m_current.end()) it->second.balance() = _amount; else it->second.balance() += _amount; }
 	// bigint as we don't want any accidental problems with -ve numbers.
-	bool subBalance(u160 _id, bigint _amount) { auto it = m_current.find(_id); if (it == m_current.end() || (bigint)it->second.balance() < _amount) return false; it->second.balance() = (u256)((bigint)it->second.balance() - _amount); return true; }
+	bool subBalance(Address _id, bigint _amount) { auto it = m_current.find(_id); if (it == m_current.end() || (bigint)it->second.balance() < _amount) return false; it->second.balance() = (u256)((bigint)it->second.balance() - _amount); return true; }

-	u256 contractMemory(u160 _contract, u256 _memory) const
+	u256 contractMemory(Address _contract, u256 _memory) const
 	{
 		auto m = m_current.find(_contract);
 		if (m == m_current.end())
@ -241,17 +247,15 @@ private:
 		return i == m->second.memory().end() ? 0 : i->second;
 	}

-	u256 transactionsFrom(u160 _address) { auto it = m_current.find(_address); return it == m_current.end() ? 0 : it->second.nonce(); }
-
-	void execute(u160 _myAddress, u160 _txSender, u256 _txValue, u256 _txFee, u256s const& _txData, u256* o_totalFee);
-
-	std::map<u160, AddressState> m_current;
+	u256 transactionsFrom(Address _address) { auto it = m_current.find(_address); return it == m_current.end() ? 0 : it->second.nonce(); }

+	void execute(Address _myAddress, Address _txSender, u256 _txValue, u256 _txFee, u256s const& _txData, u256* o_totalFee);

+	std::map<Address, AddressState> m_current;
 	BlockInfo m_previousBlock;
 	BlockInfo m_currentBlock;

-	u160 m_minerAddress;
+	Address m_minerAddress;

 	static const u256 c_stepFee;
 	static const u256 c_dataFee;
@ -259,6 +263,9 @@ private:
 	static const u256 c_extroFee;
 	static const u256 c_cryptoFee;
 	static const u256 c_newContractFee;
+	static const u256 c_txFee;
+
+	static std::mt19937_64* s_engine;
 };

 }
--- a/test/main.cpp
+++ b/test/main.cpp
@ -3,7 +3,7 @@
 #include <secp256k1.h>
 #include "RLP.h"
 #include "Trie.h"
-#include "VirtualMachine.h"
+#include "State.h"
 using namespace std;
 using namespace eth;