/* This file is part of cpp-ethereum. cpp-ethereum is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cpp-ethereum is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with cpp-ethereum. If not, see . */ /** @file Transaction.cpp * @author Gav Wood * @date 2014 */ #include #include #include #include #include "Transaction.h" using namespace std; using namespace eth; #define ETH_ADDRESS_DEBUG 1 Transaction::Transaction(bytesConstRef _rlpData, bool _checkSender) { int field = 0; RLP rlp(_rlpData); try { nonce = rlp[field = 0].toInt(); gasPrice = rlp[field = 1].toInt(); gas = rlp[field = 2].toInt(); receiveAddress = rlp[field = 3].toHash
(); value = rlp[field = 4].toInt(); data = rlp[field = 5].toBytes(); vrs = Signature{ rlp[field = 6].toInt(), rlp[field = 7].toInt(), rlp[field = 8].toInt() }; if (_checkSender) m_sender = sender(); } catch (RLPException const&) { throw InvalidTransactionFormat(field, rlp[field].data()); } } Address Transaction::safeSender() const noexcept { try { return sender(); } catch (...) { return Address(); } } Address Transaction::sender() const { if (!m_sender) { secp256k1_start(); h256 sig[2] = { vrs.r, vrs.s }; h256 msg = sha3(false); byte pubkey[65]; int pubkeylen = 65; if (!secp256k1_ecdsa_recover_compact(msg.data(), 32, sig[0].data(), pubkey, &pubkeylen, 0, (int)vrs.v - 27)) throw InvalidSignature(); // TODO: check right160 is correct and shouldn't be left160. m_sender = right160(eth::sha3(bytesConstRef(&(pubkey[1]), 64))); #if ETH_ADDRESS_DEBUG cout << "---- RECOVER -------------------------------" << endl; cout << "MSG: " << msg << endl; cout << "R S V: " << sig[0] << " " << sig[1] << " " << (int)(vrs.v - 27) << "+27" << endl; cout << "PUB: " << toHex(bytesConstRef(&(pubkey[1]), 64)) << endl; cout << "ADR: " << m_sender << endl; #endif } return m_sender; } void Transaction::sign(Secret _priv) { int v = 0; secp256k1_start(); h256 msg = sha3(false); h256 sig[2]; h256 nonce = kFromMessage(msg, _priv); if (!secp256k1_ecdsa_sign_compact(msg.data(), 32, sig[0].data(), _priv.data(), nonce.data(), &v)) throw InvalidSignature(); #if ETH_ADDRESS_DEBUG cout << "---- SIGN -------------------------------" << endl; cout << "MSG: " << msg << endl; cout << "SEC: " << _priv << endl; cout << "NON: " << nonce << endl; cout << "R S V: " << sig[0] << " " << sig[1] << " " << v << "+27" << endl; #endif vrs.v = (byte)(v + 27); vrs.r = (u256)sig[0]; vrs.s = (u256)sig[1]; } void Transaction::fillStream(RLPStream& _s, bool _sig) const { _s.appendList((_sig ? 3 : 0) + 6); _s << nonce << gasPrice << gas; if (receiveAddress) _s << receiveAddress; else _s << ""; _s << value << data; if (_sig) _s << vrs.v << vrs.r << vrs.s; } // If the h256 return is an integer, store it in bigendian (i.e. u256 ret; ... return (h256)ret; ) h256 Transaction::kFromMessage(h256 _msg, h256 _priv) { // TODO! // bytes v(32, 1); // bytes k(32, 0); /* v = '\x01' * 32 k = '\x00' * 32 priv = encode_privkey(priv,'bin') msghash = encode(hash_to_int(msghash),256,32) k = hmac.new(k, v+'\x00'+priv+msghash, hashlib.sha256).digest() v = hmac.new(k, v, hashlib.sha256).digest() k = hmac.new(k, v+'\x01'+priv+msghash, hashlib.sha256).digest() v = hmac.new(k, v, hashlib.sha256).digest() return decode(hmac.new(k, v, hashlib.sha256).digest(),256) */ return _msg ^ _priv; }