implement EIP 155

Author: Jan Xie

lib/ethereum/env.rb

@@ -64,7 +64,7 @@ class Env
       dao_withdrawer: Utils.normalize_address('0xbf4ed7b27f1d666546e30d74d50d173d20bca754'),
 
       anti_dos_fork_blknum: 2457000,
-      spurious_dragon_fork_blknum: 2**100
+      spurious_dragon_fork_blknum: 3500000
     }.freeze
 
     attr :db, :config, :global_config

lib/ethereum/secp256k1.rb

@@ -29,7 +29,7 @@ def recoverable_sign(msg, privkey)
         pk = ::Secp256k1::PrivateKey.new privkey: privkey, raw: true
         signature = pk.ecdsa_recoverable_serialize pk.ecdsa_sign_recoverable(msg, raw: true)
 
-        v = signature[1] + 27
+        v = signature[1]
         r = Utils.big_endian_to_int signature[0][0,32]
         s = Utils.big_endian_to_int signature[0][32,32]
 
@@ -49,7 +49,7 @@ def signature_verify(msg, vrs, pubkey)
       def recover_pubkey(msg, vrs, compressed: false)
         pk = ::Secp256k1::PublicKey.new(flags: ::Secp256k1::ALL_FLAGS)
         sig = Utils.zpad_int(vrs[1]) + Utils.zpad_int(vrs[2])
-        recsig = pk.ecdsa_recoverable_deserialize(sig, vrs[0]-27)
+        recsig = pk.ecdsa_recoverable_deserialize(sig, vrs[0])
         pk.public_key = pk.ecdsa_recover msg, recsig, raw: true
         pk.serialize compressed: compressed
       end

lib/ethereum/special_contract.rb

@@ -16,7 +16,7 @@ def call(ext, msg)
         r = msg.data.extract32(64)
         s = msg.data.extract32(96)
 
-        if r >= Secp256k1::N || s >= Secp256k1::N || v < 27 || v > 28
+        if r >= Secp256k1::N || s >= Secp256k1::N || v < Transaction::V_MIN || v > Transaction::V_MAX
           return 1, msg.gas - gas_cost, []
         end
 
@@ -27,7 +27,7 @@ def call(ext, msg)
 
         pub = nil
         begin
-          pub = Secp256k1.recover_pubkey(message_hash, [v,r,s])
+          pub = Secp256k1.recover_pubkey(message_hash, [Transaction.decode_v(v),r,s])
         rescue
           return 1, msg.gas - gas_cost, []
         end

lib/ethereum/transaction.rb

@@ -40,13 +40,41 @@ class Transaction
       s: big_endian_int
     )
 
+    V_MIN = 27
+    V_MAX = 28
+
+    EIP155_V_OFFSET = 35
+    EIP155_CHAIN_ID = 1
+    EIP155_V_MIN = EIP155_V_OFFSET + 2 * EIP155_CHAIN_ID
+    EIP155_V_MAX = EIP155_V_MIN + 1
+
     class <<self
       ##
       # A contract is a special transaction without the `to` argument.
       #
       def contract(nonce, gasprice, startgas, endowment, code, v=0, r=0, s=0)
         new nonce, gasprice, startgas, '', endowment, code, v, r, s
       end
+
+      def encode_v(v, eip155=false)
+        eip155 ? (v + EIP155_V_MIN) : (v + V_MIN)
+      end
+
+      def decode_v(v)
+        return unless v
+        if v == V_MIN || v == V_MAX
+          v - V_MIN
+        elsif v == EIP155_V_MIN || v == EIP155_V_MAX
+          v - EIP155_V_MIN
+        else
+          raise InvalidTransaction, "invalid signature"
+        end
+      end
+
+      def decode_chain_id(v)
+        raise InvalidTransaction, "invalid chain id" if v < EIP155_V_OFFSET+2
+        (v - EIP155_V_OFFSET) / 2
+      end
     end
 
     def initialize(*args)
@@ -66,12 +94,12 @@ def initialize(*args)
 
     def sender
       unless @sender
-        if v && v > 0
-          raise InvalidTransaction, "Invalid signature values!" if r >= Secp256k1::N || s >= Secp256k1::N || v < 27 || v > 28 || r == 0 || s == 0
+        v = Transaction.decode_v(self.v)
+        if v
+          raise InvalidTransaction, "Invalid signature values!" if r >= Secp256k1::N || s >= Secp256k1::N || v > 1 || r == 0 || s == 0
 
           logger.debug "recovering sender"
-          rlpdata = RLP.encode(self, sedes: UnsignedTransaction)
-          rawhash = Utils.keccak256 rlpdata
+          rawhash = Utils.keccak256 signing_data(:verify)
 
           pub = nil
           begin
@@ -98,14 +126,14 @@ def sender=(v)
     #
     # A potentially already existing signature would be override.
     #
-    def sign(key)
+    def sign(key, eip155=false)
       raise InvalidTransaction, "Zero privkey cannot sign" if [0, '', Constant::PRIVKEY_ZERO, Constant::PRIVKEY_ZERO_HEX].include?(key)
 
-      rawhash = Utils.keccak256 RLP.encode(self, sedes: UnsignedTransaction)
+      rawhash = Utils.keccak256 signing_data(:sign)
       key = PrivateKey.new(key).encode(:bin)
 
       vrs = Secp256k1.recoverable_sign rawhash, key
-      self.v = vrs[0]
+      self.v = Transaction.encode_v(vrs[0], eip155)
       self.r = vrs[1]
       self.s = vrs[2]
 
@@ -124,6 +152,29 @@ def check_low_s
       raise InvalidTransaction, "Invalid signature S value!" if s > Secp256k1::N/2 || s == 0
     end
 
+    def signing_data(mode)
+      case mode
+      when :sign
+        if v == 0 # use encoding rules before EIP155
+          RLP.encode(self, sedes: UnsignedTransaction)
+        elsif v == EIP155_CHAIN_ID && r == 0 && s == 0 # after EIP155, v is chain_id >= 1
+          RLP.encode(self, sedes: Transaction)
+        else
+          raise InvalidTransaction, "invalid signature"
+        end
+      when :verify
+        if v == V_MIN || v == V_MAX # encoded v before EIP155
+          RLP.encode(self, sedes: UnsignedTransaction)
+        elsif v == EIP155_V_MIN || v == EIP155_V_MAX # after EIP155, v with chain_id encoded in it
+          values = UnsignedTransaction.serializable_fields.keys.map {|k| send k }
+          values += [EIP155_CHAIN_ID, 0, 0]
+          RLP.encode(values, sedes: Transaction.serializable_sedes)
+        end
+      else
+        raise InvalidTransaction, "invalid signature"
+      end
+    end
+
     def full_hash
       Utils.keccak256_rlp self
     end

test/contracts_test.rb

@@ -1104,7 +1104,7 @@ def test_ecrecover
     addr = Utils.keccak256(PublicKey.new(pub).encode(:bin)[1..-1])[12..-1]
     assert_equal PrivateKey.new(priv).to_address, addr
 
-    assert_equal Utils.big_endian_to_int(addr), c.test_ecrecover(Utils.big_endian_to_int(msghash), v, r, s)
+    assert_equal Utils.big_endian_to_int(addr), c.test_ecrecover(Utils.big_endian_to_int(msghash), Transaction.encode_v(v), r, s)
   end
 
   SHA256_CODE = <<-EOF

test/special_contract_test.rb

@@ -48,7 +48,7 @@ def test_ecrecover
     msg = Utils.zpad("ethereum", 32)
     v, r, s = Secp256k1.recoverable_sign(msg, priv.encode(:bin))
 
-    sig = Utils.zpad_int(v) + Utils.zpad_int(r) + Utils.zpad_int(s)
+    sig = Utils.zpad_int(Transaction.encode_v(v)) + Utils.zpad_int(r) + Utils.zpad_int(s)
     cd = VM::CallData.new Utils.bytes_to_int_array(msg + sig)
 
     msg = Msg.new 0, cd