diff options
author | Gustav Simonsson <gustav.simonsson@gmail.com> | 2015-11-27 22:40:29 +0800 |
---|---|---|
committer | Jeffrey Wilcke <geffobscura@gmail.com> | 2016-02-18 17:08:11 +0800 |
commit | 371871d685d54b916aef28de689d6f0af7822083 (patch) | |
tree | e704b02ba2ffd2d1164001885fba15106b0f7d94 /crypto | |
parent | aa36a6ae4f24f07e2c470a21c93ff37ad5861982 (diff) | |
download | dexon-371871d685d54b916aef28de689d6f0af7822083.tar dexon-371871d685d54b916aef28de689d6f0af7822083.tar.gz dexon-371871d685d54b916aef28de689d6f0af7822083.tar.bz2 dexon-371871d685d54b916aef28de689d6f0af7822083.tar.lz dexon-371871d685d54b916aef28de689d6f0af7822083.tar.xz dexon-371871d685d54b916aef28de689d6f0af7822083.tar.zst dexon-371871d685d54b916aef28de689d6f0af7822083.zip |
parmas, crypto, core, core/vm: homestead consensus protocol changes
* change gas cost for contract creating txs
* invalidate signature with s value greater than secp256k1 N / 2
* OOG contract creation if not enough gas to store code
* new difficulty adjustment algorithm
* new DELEGATECALL op code
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/crypto.go | 13 | ||||
-rw-r--r-- | crypto/crypto_test.go | 2 | ||||
-rw-r--r-- | crypto/secp256k1/secp256.go | 4 |
3 files changed, 16 insertions, 3 deletions
diff --git a/crypto/crypto.go b/crypto/crypto.go index 7d7623753..850be4da6 100644 --- a/crypto/crypto.go +++ b/crypto/crypto.go @@ -163,12 +163,21 @@ func GenerateKey() (*ecdsa.PrivateKey, error) { return ecdsa.GenerateKey(secp256k1.S256(), rand.Reader) } -func ValidateSignatureValues(v byte, r, s *big.Int) bool { +func ValidateSignatureValues(v byte, r, s *big.Int, homestead bool) bool { if r.Cmp(common.Big1) < 0 || s.Cmp(common.Big1) < 0 { return false } vint := uint32(v) - if r.Cmp(secp256k1.N) < 0 && s.Cmp(secp256k1.N) < 0 && (vint == 27 || vint == 28) { + // reject upper range of s values (ECDSA malleability) + // see discussion in secp256k1/libsecp256k1/include/secp256k1.h + if homestead && s.Cmp(secp256k1.HalfN) > 0 { + return false + } + // Frontier: allow s to be in full N range + if s.Cmp(secp256k1.N) >= 0 { + return false + } + if r.Cmp(secp256k1.N) < 0 && (vint == 27 || vint == 28) { return true } else { return false diff --git a/crypto/crypto_test.go b/crypto/crypto_test.go index d5e19a4bb..1681c7fef 100644 --- a/crypto/crypto_test.go +++ b/crypto/crypto_test.go @@ -174,7 +174,7 @@ func TestLoadECDSAFile(t *testing.T) { func TestValidateSignatureValues(t *testing.T) { check := func(expected bool, v byte, r, s *big.Int) { - if ValidateSignatureValues(v, r, s) != expected { + if ValidateSignatureValues(v, r, s, false) != expected { t.Errorf("mismatch for v: %d r: %d s: %d want: %v", v, r, s, expected) } } diff --git a/crypto/secp256k1/secp256.go b/crypto/secp256k1/secp256.go index 97b4bd8da..4999c5c95 100644 --- a/crypto/secp256k1/secp256.go +++ b/crypto/secp256k1/secp256.go @@ -58,10 +58,14 @@ import ( var ( context *C.secp256k1_context N *big.Int + HalfN *big.Int ) func init() { N, _ = new(big.Int).SetString("fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141", 16) + // N / 2 == 57896044618658097711785492504343953926418782139537452191302581570759080747168 + HalfN, _ = new(big.Int).SetString("7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a0", 16) + // around 20 ms on a modern CPU. context = C.secp256k1_context_create(3) // SECP256K1_START_SIGN | SECP256K1_START_VERIFY C.secp256k1_context_set_illegal_callback(context, C.callbackFunc(C.secp256k1GoPanicIllegal), nil) |