| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
| |
Fixes #15744
|
|
|
|
|
|
|
|
|
|
|
| |
* crypto: ensure that VerifySignature rejects malleable signatures
It already rejected them when using libsecp256k1, make sure the nocgo
version does the same thing.
* crypto: simplify check
* crypto: fix build
|
|
|
|
| |
This adds the inverse to DecompressPubkey and improves a few minor
details in crypto/secp256k1.
|
| |
|
|
|
|
|
|
|
|
| |
With this change,
key, err := crypto.HexToECDSA("000000...")
returns nil key and an error instead of a non-nil key with nil X
and Y inside. Issue found by @guidovranken.
|
|
|
|
|
|
|
| |
We need those operations for p2p/enr.
Also upgrade github.com/btcsuite/btcd/btcec to the latest version
and improve BenchmarkSha3. The benchmark printed extra output
that confused tools like benchstat and ignored N.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Generator in the current lib uses -2 as the y point when doing
ScalarBaseMult, this makes it so that points/signatures generated
from libs like py_ecc don't match/validate as pretty much all
other libs (including libsnark) have (1, 2) as the standard
generator.
This does not affect consensus as the generator is never used in
the VM, points are always explicitly defined and there is not
ScalarBaseMult op - it only makes it so that doing "import
github.com/ethereum/go-ethereum/crypto/bn256" doesn't generate
bad points in userland tools.
|
| |
|
|
|
|
|
|
| |
* crypto: fix megacheck warnings
* crypto/ecies: remove ASN.1 support
|
| |
|
|\
| |
| | |
Enforce 256 bit keys on raw import, support raw mobile imports
|
| | |
|
| |
| |
| |
| | |
Also add the package to the license tool ignore list.
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit is a preparation for the upcoming metropolis hardfork. It
prepares the state, core and vm packages such that integration with
metropolis becomes less of a hassle.
* Difficulty calculation requires header instead of individual
parameters
* statedb.StartRecord renamed to statedb.Prepare and added Finalise
method required by metropolis, which removes unwanted accounts from
the state (i.e. selfdestruct)
* State keeps record of destructed objects (in addition to dirty
objects)
* core/vm pre-compiles may now return errors
* core/vm pre-compiles gas check now take the full byte slice as argument
instead of just the size
* core/vm now keeps several hard-fork instruction tables instead of a
single instruction table and removes the need for hard-fork checks in
the instructions
* core/vm contains a empty restruction function which is added in
preparation of metropolis write-only mode operations
* Adds the bn256 curve
* Adds and sets the metropolis chain config block parameters (2^64-1)
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/math: optimize PaddedBigBytes, use it more
name old time/op new time/op delta
PaddedBigBytes-8 71.1ns ± 5% 46.1ns ± 1% -35.15% (p=0.000 n=20+19)
name old alloc/op new alloc/op delta
PaddedBigBytes-8 48.0B ± 0% 32.0B ± 0% -33.33% (p=0.000 n=20+20)
* all: unify big.Int zero checks
Various checks were in use. This commit replaces them all with Int.Sign,
which is cheaper and less code.
eg templates:
func before(x *big.Int) bool { return x.BitLen() == 0 }
func after(x *big.Int) bool { return x.Sign() == 0 }
func before(x *big.Int) bool { return x.BitLen() > 0 }
func after(x *big.Int) bool { return x.Sign() != 0 }
func before(x *big.Int) int { return x.Cmp(common.Big0) }
func after(x *big.Int) int { return x.Sign() }
* common/math, crypto/secp256k1: make ReadBits public in package math
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common: remove CurrencyToString
Move denomination values to params instead.
* common: delete dead code
* common: move big integer operations to common/math
This commit consolidates all big integer operations into common/math and
adds tests and documentation.
There should be no change in semantics for BigPow, BigMin, BigMax, S256,
U256, Exp and their behaviour is now locked in by tests.
The BigD, BytesToBig and Bytes2Big functions don't provide additional
value, all uses are replaced by new(big.Int).SetBytes().
BigToBytes is now called PaddedBigBytes, its minimum output size
parameter is now specified as the number of bytes instead of bits. The
single use of this function is in the EVM's MSTORE instruction.
Big and String2Big are replaced by ParseBig, which is slightly stricter.
It previously accepted leading zeros for hexadecimal inputs but treated
decimal inputs as octal if a leading zero digit was present.
ParseUint64 is used in places where String2Big was used to decode a
uint64.
The new functions MustParseBig and MustParseUint64 are now used in many
places where parsing errors were previously ignored.
* common: delete unused big integer variables
* accounts/abi: replace uses of BytesToBig with use of encoding/binary
* common: remove BytesToBig
* common: remove Bytes2Big
* common: remove BigTrue
* cmd/utils: add BigFlag and use it for error-checked integer flags
While here, remove environment variable processing for DirectoryFlag
because we don't use it.
* core: add missing error checks in genesis block parser
* common: remove String2Big
* cmd/evm: use utils.BigFlag
* common/math: check for 256 bit overflow in ParseBig
This is supposed to prevent silent overflow/truncation of values in the
genesis block JSON. Without this check, a genesis block that set a
balance larger than 256 bits would lead to weird behaviour in the VM.
* cmd/utils: fixup import
|
|
|
|
|
|
|
|
|
|
|
| |
* vendor: add github.com/btcsuite/btcd/btcec
* crypto: add btcec fallback for sign/recover without cgo
This commit adds a non-cgo fallback implementation of secp256k1
operations.
* crypto, core/vm: remove wrappers for sha256, ripemd160
|
| |
|
|
|
|
|
| |
- Use defined constants instead of hard-coding their integer value.
- Allocate secp256k1 structs on the C stack instead of converting []byte
- Remove dead code
|
|
|
|
|
| |
go get github.com/gordonklaus/ineffassign
ineffassign .
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
(#3455)
To address increasing complexity in code that handles signatures, this PR
discards all notion of "different" signature types at the library level. Both
the crypto and accounts package is reduced to only be able to produce plain
canonical secp256k1 signatures. This makes the crpyto APIs much cleaner,
simpler and harder to abuse.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit includes several API changes:
- The behavior of eth_sign is changed. It now accepts an arbitrary
message, prepends the well-known string
\x19Ethereum Signed Message:\n<length of message>
hashes the result using keccak256 and calculates the signature of
the hash. This breaks backwards compatability!
- personal_sign(hash, address [, password]) is added. It has the same
semantics as eth_sign but also accepts a password. The private key
used to sign the hash is temporarily unlocked in the scope of the
request.
- personal_recover(message, signature) is added and returns the
address for the account that created a signature.
|
|
|
|
| |
This pulls in the assembly implementation of keccakf1600 for amd64.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The account management API was originally implemented as a thin layer
around crypto.KeyStore, on the grounds that several kinds of key stores
would be implemented later on. It turns out that this won't happen so
KeyStore is a superflous abstraction.
In this commit crypto.KeyStore and everything related to it moves to
package accounts and is unexported.
|
|
|
|
| |
Unlocking the accounts in the test doesn't help with anything.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
As we aren't really using the standarized SHA-3
|
|
|
|
|
| |
This hash function is slightly different from the standarized NIST SHA-3
as both of them use different domain separation bits.
|
| |
|
|
|
|
| |
Revision: 1f22c0103821b9390939b6776727195525381532
|
| |
|
|\
| |
| | |
core, core/vm: consensus changes necessary for the homestead release
|
| |
| |
| |
| |
| |
| |
| |
| | |
* change gas cost for contract creating txs
* invalidate signature with s value greater than secp256k1 N / 2
* OOG contract creation if not enough gas to store code
* new difficulty adjustment algorithm
* new DELEGATECALL op code
|
|/
|
|
| |
The s2 parameter was not actually written to the MAC.
|
|\
| |
| | |
crypto: "Crypto" -> "crypto" in web3 key format
|
| | |
|
|/
|
|
|
| |
Turns out we actually don't need it, USE_NUM_NONE works
because we also set USE_FIELD_INV_BUILTIN.
|
|
|
|
| |
thanks to Felix Lange (fjl) for help with design & impl
|
| |
|
|
|
|
|
|
| |
They cause compiler warnings for people who don't have these
directories. People with pkgsrc can add the directory through CGO_CFLAGS
instead.
|
| |
|
|
|
|
|
|
|
|
| |
The C library treats the recovery ID as trusted input and crashes
the process for invalid values, so it needs to be verified before
calling into C. This will inhibit the crash in #1983.
Also remove VerifySignature because we don't use it.
|
|
|
|
|
| |
pkgsrc is a cross-platform package manager that also
supports OS X.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* lines with leading space are ommitted from history
* exit processed even with whitespace around
* all whitespace lines (not only empty ones) are ignored
add 7 missing commands to admin api autocomplete
registrar: methods now return proper error if reg addresses are not set. fixes #1457
rpc/console: fix personal.newAccount() regression. Now all comms accept interactive password
registrar: add registrar tests for errors
crypto: catch AES decryption error on presale wallet import + fix error msg format. fixes #1580
CLI: improve error message when starting a second instance of geth. fixes #1564
cli/accounts: unlock multiple accounts. fixes #1785
* make unlocking multiple accounts work with inline <() fd
* passwdfile now correctly read only once
* improve logs
* fix CLI help text for unlocking
fix regression with docRoot / admin API
* docRoot/jspath passed to rpc/api ParseApis, which passes onto adminApi
* docRoot field for JS console in order to pass when RPC is (re)started
* improve flag desc for jspath
common/docserver: catch http errors from response
fix rpc/api tests
common/natspec: fix end to end test (skipped because takes 8s)
registrar: fix major regression:
* deploy registrars on frontier
* register HashsReg and UrlHint in GlobalRegistrar.
* set all 3 contract addresses in code
* zero out addresses first in tests
|
|\
| |
| | |
Update libsecp256k1, Go wrapper and tests
|
| | |
|
| | |
|
|\ \
| | |
| | | |
common, crypto: add ICAP functions
|
| |/ |
|
|/ |
|
| |
|
| |
|
|
|
|
|
|
|
| |
Fedora/RedHat distros comply with US patent law and remove this curve,
which makes it impossible to run ethereum with distro provided Golang.
File crypto/ecies/README claims it is unsupported anyway.
|
| |
|
|\
| |
| | |
all: fix license headers one more time
|
| | |
|
| |
| |
| |
| | |
I forgot to update one instance of "go-ethereum" in commit 3f047be5a.
|
|/ |
|
|
|
|
|
| |
All code outside of cmd/ is licensed as LGPL. The headers
now reflect this by calling the whole work "the go-ethereum library".
|
|
|
|
|
| |
crypto/curve.go is not our code and has its own license. This commit
excludes it in update-license.go and removes our GPL header.
|
| |
|
|
|
|
| |
FS compatibility
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
* account.Update
* KeyStore.Cleanup
* fix dir rm for old format deleteKey
|
|
|
|
|
|
|
|
| |
* chronological order of creation
* new naming scheme keystore/UTC--<created_at UTC ISO8601>-<address hex>
* KeyStore2 -> KeyStore
* backward compatibility
* refactor keyStore methods
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Change password protection crypto in keystore to version 3
* Update KeyStoreTests/basic_tests.json
* Add support for PBKDF2 with HMAC-SHA256
* Change MAC and encryption key to avoid unnecessary hashing
* Add tests for test vectors in new wiki page defining version 3
* Add tests for new keystore tests in ethereum/tests repo
* Move JSON loading util to common for use in both tests and
crypto packages
* Add backwards compatibility with key store version 1
|
| |
|
|\
| |
| | |
Add EC signature validations before call to libsecp256k1
|
| | |
|
| | |
|
|/ |
|
| |
|
| |
|
|
|
|
| |
* Also fix address types post-rebase
|
|
|
|
|
|
| |
* Remove key header from unencrypted key file format and replace
it with a version field
* Change encoding of bytes in key files from base64 to hex
|
|
|
|
| |
This reverts commit a94d4ba0b53c4558ab838aaed635a2ff66ddfa53.
|
| |
|
|
|
|
|
|
|
| |
* Add key header containing key version, kdf and kdf params
* Store key header as JSON in the key file
* Read in KDF params from key header
* Include key header in MAC calculation and MAC verification
|
| |
|
|
|
|
|
|
|
| |
* Change MAC-then-Encrypt to Encrypt-then-MAC
* Change AES256 to AES128
* Use first 16 bytes of KDF derived key for AES and
remaining 16 for MAC
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Linux build documentation is mostly geared towards Ubuntu 14.04 (LTS).
Appropriate package is called `libgmp-dev` there.
Note that on pristine installations building `geth` with godep will
fail because this header is missing. This is not documented in the
top-level README, but is on the wiki:
https://github.com/ethereum/go-ethereum/wiki/Installation-Instructions-for-Ubuntu#building-geth-command-line-client
That page recommends `libgmp3-dev`, which ATM provides same version
as `libgmp-dev`.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|\
| |
| |
| |
| | |
Gustav-Simonsson/forward_ecrecover_err_and_remove_dup_checks
Forward and log EC recover err and remove dup pubkey len check
|
| | |
|
| | |
|
| | |
|
| | |
|
|/ |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- cli: add passwordfile flag
- cli: change unlock flag only takes account
- cli: with unlock you are prompted for password or use passfile with password flag
- cli: unlockAccount used in normal client start (run) and accountExport
- cli: getPassword used in accountCreate and accountImport
- accounts: Manager.Import, Manager.Export
- crypto: SaveECDSA (to complement LoadECDSA) to save to file
- crypto: NewKeyFromECDSA added (used in accountImport and New = generated constructor)
|
|
|
|
| |
This seems to be the last remaining use of it.
|
|\ |
|
| | |
|
|/ |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Thanks to https://github.com/jaekwon for original fix!
|
| |
|
|
|
|
|
| |
code.google.com/p/go.crypto is deprecated and will cause
problems in future versions of Go.
|
| |
|
| |
|
|
|
|
|
| |
* ECIES moved from obscuren to ethereum
* Added html META[name=badge] to reflect menuItem.secondaryTitle
|
|
|
|
|
|
| |
git-subtree-dir: crypto/ecies
git-subtree-mainline: 49a739c8d647739b3d815966f8854a4e9978df56
git-subtree-split: 7c0f4a9b18d992166452d8cd32caaefd92b26386
|
|\
| |
| |
| | |
https://github.com/Gustav-Simonsson/go-ethereum into Gustav-Simonsson-align_key_and_ecdsa_nonce_entropy
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| | |
* Move random entropy functions to new package randentropy
* Add function to get n bytes entropy where up to first 32
bytes are mixed with OS entropy sources
|
| | |
|
|/
|
|
|
| |
crypto.Sha3(append(foo, bar)) --> crypto.Sha3(foo, bar)
crypto.Sha3([]byte{}) --> crypto.Sha3()
|
|\ |
|
| | |
|
|\| |
|
| | |
|
| |
| |
| |
| |
| | |
* Unrecoverable messages would cause segfault when recovering invalid
pub key
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Use crypto.Sign instead of directly calling secp256k1 lib
* Rename UserAccount to Account and Addr to Address (for consistency)
* Change AccountManager.Sign to take ptr to Account instead of
address byte array
* Simplify copying of Accounts in Accounts()
* PubkeyToAddress and GetEntropyCSPRNG now exported
|
| |
| |
| |
| |
| |
| |
| |
| | |
* Add initial UserAccount and AccountManager structs
* Add NewAccount, Sign and Accounts functions
* Refactor key stores to use key address as main identifier
while keeping the UUID.
* Use key address as file/dir names instead of UUID
|
|\ \
| |/
|/|
| |
| |
| |
| | |
https://github.com/Gustav-Simonsson/go-ethereum into Gustav-Simonsson-import_presale_keys
Conflicts:
crypto/crypto.go
|
| | |
|
| |
| |
| |
| |
| |
| | |
* ImportPreSaleKey takes a KeyStore, a presale key JSON (e.g. file content)
and a password string. It stores the key in the given key store.
* Refactored common AES decryption and moved some functions to crypto.go
|
| | |
|
|/ |
|
| |
|
| |
|
|\ |
|
| |
| |
| |
| |
| | |
* Further simplify "constructor" function's allocation of structs
* Fix formatting
|
| |
| |
| |
| |
| | |
* Allocate with composite literal instead of new
* Remove check of number of bytes read from rand
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
* Remove flags field from key struct
* Change JSON struct fields from string to []byte
* Change GenerateNewKey API to take io.Reader for random source
* Remove mixing entropy source function
* Use testing Fatal in tests
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Simplify scrypt constants with const block
* Add key store constructors and make their types private
* Simplify key store and file namings to be less Java Enterprise™
* Change test error logging to use t.Error(err)
* Reduce number of naked returns (just like my ex-gf)
* Simplify file reading path code
|
| |
| |
| |
| |
| |
| |
| | |
* Add new generic key_store interface
* Add new plaintext key store storing unprotected keys on disk
* Add new encrypted key store storing encrypted keys on disk
* Add new entropy mixing function using OS and go runtime sources
|
|/
|
|
|
| |
Private key \x00\x00...\x00 returns the _exact_ same public key as \x11
\x11...\x11. Currently investigating.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|