151 lines
5.7 KiB
JavaScript
151 lines
5.7 KiB
JavaScript
import { keccak256 } from 'ethereum-cryptography/keccak.js';
|
|
import { secp256k1 } from 'ethereum-cryptography/secp256k1.js';
|
|
import { bytesToBigInt, bytesToHex, bytesToInt, concatBytes, setLengthLeft, toBytes, utf8ToBytes, } from './bytes.js';
|
|
import { BIGINT_0, BIGINT_1, BIGINT_2, BIGINT_27, SECP256K1_ORDER, SECP256K1_ORDER_DIV_2, } from './constants.js';
|
|
import { assertIsBytes } from './helpers.js';
|
|
/**
|
|
* Returns the ECDSA signature of a message hash.
|
|
*
|
|
* If `chainId` is provided assume an EIP-155-style signature and calculate the `v` value
|
|
* accordingly, otherwise return a "static" `v` just derived from the `recovery` bit
|
|
*/
|
|
export function ecsign(msgHash, privateKey, chainId) {
|
|
const sig = secp256k1.sign(msgHash, privateKey);
|
|
const buf = sig.toCompactRawBytes();
|
|
const r = buf.slice(0, 32);
|
|
const s = buf.slice(32, 64);
|
|
const v = chainId === undefined
|
|
? BigInt(sig.recovery + 27)
|
|
: BigInt(sig.recovery + 35) + BigInt(chainId) * BIGINT_2;
|
|
return { r, s, v };
|
|
}
|
|
export function calculateSigRecovery(v, chainId) {
|
|
if (v === BIGINT_0 || v === BIGINT_1)
|
|
return v;
|
|
if (chainId === undefined) {
|
|
return v - BIGINT_27;
|
|
}
|
|
return v - (chainId * BIGINT_2 + BigInt(35));
|
|
}
|
|
function isValidSigRecovery(recovery) {
|
|
return recovery === BIGINT_0 || recovery === BIGINT_1;
|
|
}
|
|
/**
|
|
* ECDSA public key recovery from signature.
|
|
* NOTE: Accepts `v === 0 | v === 1` for EIP1559 transactions
|
|
* @returns Recovered public key
|
|
*/
|
|
export const ecrecover = function (msgHash, v, r, s, chainId) {
|
|
const signature = concatBytes(setLengthLeft(r, 32), setLengthLeft(s, 32));
|
|
const recovery = calculateSigRecovery(v, chainId);
|
|
if (!isValidSigRecovery(recovery)) {
|
|
throw new Error('Invalid signature v value');
|
|
}
|
|
const sig = secp256k1.Signature.fromCompact(signature).addRecoveryBit(Number(recovery));
|
|
const senderPubKey = sig.recoverPublicKey(msgHash);
|
|
return senderPubKey.toRawBytes(false).slice(1);
|
|
};
|
|
/**
|
|
* Convert signature parameters into the format of `eth_sign` RPC method.
|
|
* NOTE: Accepts `v === 0 | v === 1` for EIP1559 transactions
|
|
* @returns Signature
|
|
*/
|
|
export const toRpcSig = function (v, r, s, chainId) {
|
|
const recovery = calculateSigRecovery(v, chainId);
|
|
if (!isValidSigRecovery(recovery)) {
|
|
throw new Error('Invalid signature v value');
|
|
}
|
|
// geth (and the RPC eth_sign method) uses the 65 byte format used by Bitcoin
|
|
return bytesToHex(concatBytes(setLengthLeft(r, 32), setLengthLeft(s, 32), toBytes(v)));
|
|
};
|
|
/**
|
|
* Convert signature parameters into the format of Compact Signature Representation (EIP-2098).
|
|
* NOTE: Accepts `v === 0 | v === 1` for EIP1559 transactions
|
|
* @returns Signature
|
|
*/
|
|
export const toCompactSig = function (v, r, s, chainId) {
|
|
const recovery = calculateSigRecovery(v, chainId);
|
|
if (!isValidSigRecovery(recovery)) {
|
|
throw new Error('Invalid signature v value');
|
|
}
|
|
const ss = Uint8Array.from([...s]);
|
|
if ((v > BigInt(28) && v % BIGINT_2 === BIGINT_1) || v === BIGINT_1 || v === BigInt(28)) {
|
|
ss[0] |= 0x80;
|
|
}
|
|
return bytesToHex(concatBytes(setLengthLeft(r, 32), setLengthLeft(ss, 32)));
|
|
};
|
|
/**
|
|
* Convert signature format of the `eth_sign` RPC method to signature parameters
|
|
*
|
|
* NOTE: For an extracted `v` value < 27 (see Geth bug https://github.com/ethereum/go-ethereum/issues/2053)
|
|
* `v + 27` is returned for the `v` value
|
|
* NOTE: After EIP1559, `v` could be `0` or `1` but this function assumes
|
|
* it's a signed message (EIP-191 or EIP-712) adding `27` at the end. Remove if needed.
|
|
*/
|
|
export const fromRpcSig = function (sig) {
|
|
const bytes = toBytes(sig);
|
|
let r;
|
|
let s;
|
|
let v;
|
|
if (bytes.length >= 65) {
|
|
r = bytes.subarray(0, 32);
|
|
s = bytes.subarray(32, 64);
|
|
v = bytesToBigInt(bytes.subarray(64));
|
|
}
|
|
else if (bytes.length === 64) {
|
|
// Compact Signature Representation (https://eips.ethereum.org/EIPS/eip-2098)
|
|
r = bytes.subarray(0, 32);
|
|
s = bytes.subarray(32, 64);
|
|
v = BigInt(bytesToInt(bytes.subarray(32, 33)) >> 7);
|
|
s[0] &= 0x7f;
|
|
}
|
|
else {
|
|
throw new Error('Invalid signature length');
|
|
}
|
|
// support both versions of `eth_sign` responses
|
|
if (v < 27) {
|
|
v = v + BIGINT_27;
|
|
}
|
|
return {
|
|
v,
|
|
r,
|
|
s,
|
|
};
|
|
};
|
|
/**
|
|
* Validate a ECDSA signature.
|
|
* NOTE: Accepts `v === 0 | v === 1` for EIP1559 transactions
|
|
* @param homesteadOrLater Indicates whether this is being used on either the homestead hardfork or a later one
|
|
*/
|
|
export const isValidSignature = function (v, r, s, homesteadOrLater = true, chainId) {
|
|
if (r.length !== 32 || s.length !== 32) {
|
|
return false;
|
|
}
|
|
if (!isValidSigRecovery(calculateSigRecovery(v, chainId))) {
|
|
return false;
|
|
}
|
|
const rBigInt = bytesToBigInt(r);
|
|
const sBigInt = bytesToBigInt(s);
|
|
if (rBigInt === BIGINT_0 ||
|
|
rBigInt >= SECP256K1_ORDER ||
|
|
sBigInt === BIGINT_0 ||
|
|
sBigInt >= SECP256K1_ORDER) {
|
|
return false;
|
|
}
|
|
if (homesteadOrLater && sBigInt >= SECP256K1_ORDER_DIV_2) {
|
|
return false;
|
|
}
|
|
return true;
|
|
};
|
|
/**
|
|
* Returns the keccak-256 hash of `message`, prefixed with the header used by the `eth_sign` RPC call.
|
|
* The output of this function can be fed into `ecsign` to produce the same signature as the `eth_sign`
|
|
* call for a given `message`, or fed to `ecrecover` along with a signature to recover the public key
|
|
* used to produce the signature.
|
|
*/
|
|
export const hashPersonalMessage = function (message) {
|
|
assertIsBytes(message);
|
|
const prefix = utf8ToBytes(`\u0019Ethereum Signed Message:\n${message.length}`);
|
|
return keccak256(concatBytes(prefix, message));
|
|
};
|
|
//# sourceMappingURL=signature.js.map
|