Exemple #1
0
def test_ecrecover(rounds=100):
    st = time.time()
    for i in range(rounds):
        p = ecdsa_raw_recover(msg, vrs)
    elapsed = time.time() - st
    print 'py took: %.2fsecs / %dμs per op / %d recoveries per sec' % \
        (elapsed, elapsed / rounds * 10**6, rounds / elapsed)
Exemple #2
0
def sign_btc(msghash, priv, pub):
    V, R, S = bitcoin.ecdsa_raw_sign(msghash, priv)
    assert bitcoin.ecdsa_raw_verify(msghash, (V, R, S), pub)
    Q = bitcoin.ecdsa_raw_recover(msghash, (V, R, S))
    assert addr == bitcoin.encode_pubkey(
        Q, 'hex_compressed') if V >= 31 else bitcoin.encode_pubkey(Q, 'hex')
    return (V, R, S)
Exemple #3
0
def verify_signature(addr, h, xxx_todo_changeme):
    (V, R, S) = xxx_todo_changeme
    pub = bitcoin.ecdsa_raw_recover(h, (V, R, S))
    pub = bitcoin.encode_pubkey(pub, 'bin')
    addr_ = utils.sha3(pub[1:])[12:]
    assert addr_ == addr
    return True
Exemple #4
0
    def __init__(self,
                 nonce,
                 gasprice,
                 startgas,
                 to,
                 value,
                 data,
                 v=0,
                 r=0,
                 s=0):
        self.nonce = nonce
        self.gasprice = gasprice
        self.startgas = startgas
        self.to = to
        self.value = value
        self.data = data
        self.v, self.r, self.s = v, r, s

        # Determine sender
        if self.r and self.s:
            rawhash = utils.sha3(self.serialize(False))
            pub = encode_pubkey(
                ecdsa_raw_recover(rawhash, (self.v, self.r, self.s)), 'bin')
            self.sender = utils.sha3(pub[1:])[-20:].encode('hex')
        # does not include signature
        else:
            self.sender = 0
Exemple #5
0
def verify_signature(addr, h, V_R_S):
    V, R, S = V_R_S
    pub = bitcoin.ecdsa_raw_recover(h, (V, R, S))
    pub = bitcoin.encode_pubkey(pub, 'bin')
    addr_ = utils.sha3(pub[1:])[12:]
    assert addr_ == addr
    return True
Exemple #6
0
def ecdsa_recover(message, signature):
    assert len(signature) == 65
    pub = bitcoin.ecdsa_raw_recover(message, _decode_sig(signature))
    assert pub, 'pubkey could not be recovered'
    pub = bitcoin.encode_pubkey(pub, 'bin_electrum')
    assert len(pub) == 64
    return pub
Exemple #7
0
def ecdsa_recover(message, signature):
    assert len(signature) == 65
    pub = bitcoin.ecdsa_raw_recover(message, _decode_sig(signature))
    assert pub, "pubkey could not be recovered"
    pub = bitcoin.encode_pubkey(pub, "bin_electrum")
    assert len(pub) == 64
    return pub
Exemple #8
0
def recoverPub(msg, signature):
    hashedmessage = sha3.keccak_256(msg.encode('utf-8')).hexdigest()
    x, y = bitcoin.ecdsa_raw_recover(hashedmessage.decode('hex'),
                                     _decode_sig(signature.decode('hex')))
    pub = str(hex(x))[2:-1].zfill(64) + str(hex(y))[2:-1].zfill(64)
    print pub
    return pub
Exemple #9
0
 def verify_dc_sig(self, sig, msghash, msgsize, from_addr, data):
     # data comes in as array of byte array (bytes as ints, from js)
     tohash = byte_arrays_to_string(data)
     assert (msghash == utils.sha3(tohash))
     X, Y = ecdsa_raw_recover(msghash, sig)
     pX = utils.int_to_big_endian(X).encode('hex')
     pY = utils.int_to_big_endian(Y).encode('hex')
     pub = '04' + pX + pY
     return ecdsa_raw_verify(msghash, sig, pub.decode('hex'))
Exemple #10
0
 def verify_dc_sig(self, sig, msghash, msgsize, from_addr, data):
     # data comes in as array of byte array (bytes as ints, from js)
     tohash = byte_arrays_to_string(data)
     assert (msghash == utils.sha3(tohash))
     X, Y = ecdsa_raw_recover(msghash, sig)
     pX = utils.int_to_big_endian(X).encode('hex')
     pY = utils.int_to_big_endian(Y).encode('hex')
     pub = '04'+pX+pY
     return ecdsa_raw_verify(msghash, sig, pub.decode('hex'))
Exemple #11
0
def ecdsa_verify_addr(msg, sig, addr):
    isTestnet = addr[0] not in P2PKH_PREFIXES
    if not checkPivxAddr(addr, isTestnet):
        return False
    v, r, s = decode_sig(sig)
    Q = ecdsa_raw_recover(electrum_sig_hash(msg), (v, r, s))
    Qenc = encode_pubkey(Q, 'hex_compressed') if v >= 31 else encode_pubkey(
        Q, 'hex')

    return pubkey_to_address(Qenc, isTestnet) == addr
Exemple #12
0
def test_recover():
    msg = 'test'
    mhash = hashlib.sha256(msg.encode()).digest()
    priv = ecdsa.random_privkey()
    pub = ecdsa.pubkey(priv)
    sig = ecdsa.sign(priv, msg)
    assert ecdsa.verify(pub, sig, msg)
    res = ecdsa.recover_via_msg(sig, msg)
    vrs = sig[0].value, sig[1].value, sig[2].value
    ans = bitcoin.ecdsa_raw_recover(mhash, vrs)
    assert (pub.value[0].value, pub.value[1].value) == ans
    assert pub == res
Exemple #13
0
def validate(token):
    """
    Validate a given token. Returns an object if valid or None
    """
    try:
        parts = token.split('.')
        sig = json.loads(decode64(parts[1]))
        vrs = (sig['v'], from_hex(sig['r']), from_hex(sig['s']))
        q = ecdsa_raw_recover(sha256(parts[0]), vrs)
        return {
            'id': pubToEtherAddress(q),
            'payload': json.loads(decode64(parts[0]))
        }
    except Exception as e:
        return None
Exemple #14
0
    def recover(cls, message, vrs):
        """
        Args:
            message (string): message
            vrs (tuple): tuple of v, r, s (r, s in hex)
        """

        # Convert r, s from hex to int.
        rd = int(vrs[1], 16)
        sd = int(vrs[2], 16)

        # Get raw recover of public key.
        pub_key_raw = bitcoin.ecdsa_raw_recover(message, (vrs[0], rd, sd))

        return bitcoin.encode_pubkey(pub_key_raw, 'hex_electrum')
Exemple #15
0
    def check_sign(cls, message, signature):
        prefix = '\x19Ethereum Signed Message:\n32'
        message_hash = cls.sha3(text=message)
        full_message = cls.bytes_to_hex(prefix) + message_hash
        full_hash = cls.sha3(hexstr=full_message)

        r = int(signature[0:66], 16)
        s = int('0x' + signature[66:130], 16)
        v = int('0x' + signature[130:132], 16)
        if not v == 27 and not v == 28:
            v += 27

        recovered = bitcoin.ecdsa_raw_recover(full_hash, (v, r, s))
        pub = bitcoin.encode_pubkey(recovered, 'bin')
        address = cls.sha3(hexstr=pub[1:].hex())[24:64]
        return '0x' + address
Exemple #16
0
    def spend(self, owner):
        assert isinstance(owner, (str, bytes))
        assert len(owner) == 20
        # Sign it, so it can be accepted by an address
        messageHash = utils.sha3(owner + self._pubkey)
        V, R, S = b.ecdsa_raw_sign(messageHash, self._seckey)
        recoveredPublicKey = b.ecdsa_raw_recover(messageHash, (V, R, S))
        assert b.pubtoaddr(recoveredPublicKey) == b.privtoaddr(self._seckey)

        # Correctly encoded
        return ", ".join([
            "\"0x%s\"" % (hexlify(self._pubkey), ),
            "%d" % (V, ),
            "\"0x%064X\"" % (R, ),
            "\"0x%064X\"" % (S, ),
        ])
Exemple #17
0
def proc_ecrecover(ext, msg):
    print 'ecrecover proc', msg.gas
    OP_GAS = 500
    gas_cost = OP_GAS
    if msg.gas < gas_cost:
        return 0, 0, []
    b = [0] * 32
    msg.data.extract_copy(b, 0, 0, 32)
    h = ''.join([chr(x) for x in b])
    v = msg.data.extract32(32)
    r = msg.data.extract32(64)
    s = msg.data.extract32(96)
    if r >= bitcoin.N or s >= bitcoin.P or v < 27 or v > 28:
        return 1, msg.gas - 500, [0] * 32
    pub = bitcoin.encode_pubkey(bitcoin.ecdsa_raw_recover(h, (v, r, s)), 'bin')
    o = [0] * 12 + [ord(x) for x in utils.sha3(pub[1:])[-20:]]
    return 1, msg.gas - gas_cost, o
Exemple #18
0
    def check_sign(self, message, signature):
        prefix = '\x19Ethereum Signed Message:\n32'
        msghash = self.sha3(text=message)
        full_message = self.bytes_to_hex(prefix) + msghash
        full_hash = self.sha3(hexstr=full_message)

        r = int(signature[0:66], 16)
        s = int('0x' + signature[66:130], 16)
        v = int('0x' + signature[130:132], 16)
        if not v == 27 and not v == 28:
            v += 27

        recovered_addr = b.ecdsa_raw_recover(full_hash, (v, r, s))
        pub = b.encode_pubkey(recovered_addr, 'bin')
        # address = binascii.hexlify(utils.sha3(pub[1:]))[24:64]
        address = self.sha3(hexstr=pub[1:].hex())[24:64]
        return '0x' + address
Exemple #19
0
def proc_ecrecover(ext, msg):
    print 'ecrecover proc', msg.gas
    OP_GAS = 500
    gas_cost = OP_GAS
    if msg.gas < gas_cost:
        return 0, 0, []
    b = [0] * 32
    msg.data.extract_copy(b, 0, 0, 32)
    h = ''.join([chr(x) for x in b])
    v = msg.data.extract32(32)
    r = msg.data.extract32(64)
    s = msg.data.extract32(96)
    if r >= bitcoin.N or s >= bitcoin.P or v < 27 or v > 28:
        return 1, msg.gas - 500, [0] * 32
    pub = bitcoin.encode_pubkey(bitcoin.ecdsa_raw_recover(h, (v, r, s)), 'bin')
    o = [0] * 12 + [ord(x) for x in utils.sha3(pub[1:])[-20:]]
    return 1, msg.gas - gas_cost, o
Exemple #20
0
    def recover(cls, message, vrs):
        """
        Args:
            message (string): message
            vrs (tuple): tuple of v, r, s (r, s in hex)
        """

        # Convert r, s from hex to int.
        rd = int(vrs[1], 16)
        sd = int(vrs[2], 16)

        # Get raw recover of public key.
        pub_key_raw = bitcoin.ecdsa_raw_recover(message, (vrs[0], rd, sd))
        # Get x, y of public key and remove 0x from beginning.
        x = hex(pub_key_raw[0]).replace('0x', '')
        y = hex(pub_key_raw[1]).replace('0x', '')

        return x + y
Exemple #21
0
 def parse(cls, data):
     if re.match('^[0-9a-fA-F]*$', data):
         data = data.decode('hex')
     o = rlp.decode(data)
     tx = cls(decode_int(o[0]),
              decode_int(o[1]),
              decode_int(o[2]),
              decode_int(o[3]),
              o[4].encode('hex'),
              o[5],
              decode_int(o[6]),
              decode_int(o[7]),
              decode_int(o[8]))
     rawhash = sha3(rlp.encode(tx.serialize(False)))
     pub = encode_pubkey(
         ecdsa_raw_recover(rawhash, (tx.v, tx.r, tx.s)), 'bin')
     tx.sender = sha3(pub[1:])[-20:].encode('hex')
     return tx
Exemple #22
0
def check_signature(req):
    signature = "0x" + req.sign
    contract = "0x" + req.contract
    client = req.client
    dest = req.dest
    t = req.t.secs
    end = req.end.secs
    if client in dictc:
        if not (dictc[client] < t.req.secs):
            return False
    dictc[client] = t.req.secs
    msg = contract + client + dest + str(t) + str(end)

    web3 = Web3(RPCProvider(host="127.0.0.1", port="8545"))
    web3.config.defaultAccount = '0xa28779d29c49fd57d0fc4130e5ebec07c2c79ef5'
    abi = '[{"constant":false,"inputs":[],"name":"kill","outputs":[],"type":"function"},{"constant":true,"inputs":[],"name":"owns","outputs":[{"name":"","type":"address"}],"type":"function"},{"constant":true,"inputs":[],"name":"greet","outputs":[{"name":"","type":"string"}],"type":"function"},{"inputs":[{"name":"_greeting","type":"string"}],"type":"constructor"}]'
    contracto = web3.eth.contract(abi)
    inst = contracto.at('0xbc8c629cd7477fd580b8f9e8da49e5aad364b769')

    if (int(t) > int(rospy.get_rostime().secs)):
        diff = t - int(rospy.get_rostime().secs)
    else:
        diff = int(rospy.get_rostime().secs) - t
    if (diff > 600):
        return False

    print "msg: " + msg + " sign: " + signature + " contract: " + contract

    hash_msg = utils.sha3(msg).encode('hex')
    r = long(signature[0:66], 16)
    s = long('0x' + signature[66:130], 16)
    v = long('0x' + signature[130:132], 16)
    if not (v == 27 and v == 28):
        v += 27
    address_from_hash = bitcoin.ecdsa_raw_recover(hash_msg.decode('hex'),
                                                  (v, r, s))
    public_key = bitcoin.encode_pubkey(address_from_hash, 'bin')

    if ('0x' + utils.sha3(public_key[1:]).encode('hex')[24:64] == inst.owns()):
        return True
    else:
        return False
Exemple #23
0
def check_signature(req):
    signature = "0x" + req.sign
    contract = "0x" + req.contract
    client = req.client
    dest = req.dest
    t = req.t.secs
    end = req.end.secs
    if client in dictc:
        if not (dictc[client] < t.req.secs):
            return False
    dictc[client] = t.req.secs
    msg = contract + client + dest + str(t) + str(end)

    web3 = Web3(RPCProvider(host="127.0.0.1", port="8545"))
    web3.config.defaultAccount = '0xa28779d29c49fd57d0fc4130e5ebec07c2c79ef5'
    abi = '[{"constant":false,"inputs":[],"name":"kill","outputs":[],"type":"function"},{"constant":true,"inputs":[],"name":"owns","outputs":[{"name":"","type":"address"}],"type":"function"},{"constant":true,"inputs":[],"name":"greet","outputs":[{"name":"","type":"string"}],"type":"function"},{"inputs":[{"name":"_greeting","type":"string"}],"type":"constructor"}]'
    contracto = web3.eth.contract(abi)
    inst = contracto.at('0xbc8c629cd7477fd580b8f9e8da49e5aad364b769')

    if (int(t) > int(rospy.get_rostime().secs)):
        diff = t - int(rospy.get_rostime().secs)
    else:
        diff = int(rospy.get_rostime().secs) - t
    if (diff > 600):
        return False

    print "msg: " + msg + " sign: " + signature + " contract: " + contract

    hash_msg = utils.sha3(msg).encode('hex')
    r = long(signature[0:66], 16)
    s = long('0x' + signature[66:130], 16)
    v = long('0x' + signature[130:132], 16)
    if not (v == 27 and v == 28):
        v += 27
    address_from_hash = bitcoin.ecdsa_raw_recover(
        hash_msg.decode('hex'), (v, r, s))
    public_key = bitcoin.encode_pubkey(address_from_hash, 'bin')

    if ('0x' + utils.sha3(public_key[1:]).encode('hex')[24:64] == inst.owns()):
        return True
    else:
        return False
Exemple #24
0
def proc_ecrecover(ext, msg):
    # print('ecrecover proc', msg.gas)
    OP_GAS = opcodes.GECRECOVER
    gas_cost = OP_GAS
    if msg.gas < gas_cost:
        return 0, 0, []
    b = [0] * 32
    msg.data.extract_copy(b, 0, 0, 32)
    h = b''.join([ascii_chr(x) for x in b])
    v = msg.data.extract32(32)
    r = msg.data.extract32(64)
    s = msg.data.extract32(96)
    if r >= bitcoin.N or s >= bitcoin.P or v < 27 or v > 28:
        return 1, msg.gas - opcodes.GECRECOVER, [0] * 32
    recovered_addr = bitcoin.ecdsa_raw_recover(h, (v, r, s))
    if recovered_addr in (False, (0, 0)):
        return 1, msg.gas - gas_cost, []
    pub = bitcoin.encode_pubkey(recovered_addr, 'bin')
    o = [0] * 12 + [safe_ord(x) for x in utils.sha3(pub[1:])[-20:]]
    return 1, msg.gas - gas_cost, o
Exemple #25
0
def proc_ecrecover(ext, msg):
    # print('ecrecover proc', msg.gas)
    OP_GAS = opcodes.GECRECOVER
    gas_cost = OP_GAS
    if msg.gas < gas_cost:
        return 0, 0, []
    b = [0] * 32
    msg.data.extract_copy(b, 0, 0, 32)
    h = b''.join([ascii_chr(x) for x in b])
    v = msg.data.extract32(32)
    r = msg.data.extract32(64)
    s = msg.data.extract32(96)
    if r >= bitcoin.N or s >= bitcoin.P or v < 27 or v > 28:
        return 1, msg.gas - opcodes.GECRECOVER, [0] * 32
    recovered_addr = bitcoin.ecdsa_raw_recover(h, (v, r, s))
    if recovered_addr in (False, (0, 0)):
        return 1, msg.gas - gas_cost, []
    pub = bitcoin.encode_pubkey(recovered_addr, 'bin')
    o = [0] * 12 + [safe_ord(x) for x in utils.sha3(pub[1:])[-20:]]
    return 1, msg.gas - gas_cost, o
Exemple #26
0
    def __init__(self, nonce, gasprice, startgas, to, value, data, v=0, r=0,
                 s=0):
        self.nonce = nonce
        self.gasprice = gasprice
        self.startgas = startgas
        self.to = to
        self.value = value
        self.data = data
        self.v, self.r, self.s = v, r, s

        # Determine sender
        if self.r and self.s:
            rawhash = utils.sha3(self.serialize(False))
            pub = encode_pubkey(
                ecdsa_raw_recover(rawhash, (self.v, self.r, self.s)),
                'bin')
            self.sender = utils.sha3(pub[1:])[-20:].encode('hex')
        # does not include signature
        else:
            self.sender = 0
Exemple #27
0
 def __init__(*args):
     self = args[0]
     if len(args) == 2:
         self.parse(args[1])
     else:
         self.nonce = args[1]
         self.value = args[2]
         self.gasprice = args[3]
         self.startgas = args[4]
         self.to = utils.coerce_addr_to_bin(args[5])
         self.data = args[6]
         # includes signature
         if len(args) > 7:
             self.v, self.r, self.s = args[7:10]
             if self.r > 0 and self.s > 0:
                 rawhash = sha3(rlp.encode(self.serialize(False)))
                 pub = encode_pubkey(
                     ecdsa_raw_recover(rawhash, (self.v, self.r, self.s)), 'bin')
                 self.sender = sha3(pub[1:])[-20:].encode('hex')
         # does not include signature
         else:
             self.v, self.r, self.s = 0,0,0
             self.sender = 0
Exemple #28
0
 def __init__(*args):
     self = args[0]
     if len(args) == 2:
         self.parse(args[1])
     else:
         self.nonce = args[1]
         self.value = args[2]
         self.gasprice = args[3]
         self.startgas = args[4]
         self.to = utils.coerce_addr_to_bin(args[5])
         self.data = args[6]
         # includes signature
         if len(args) > 7:
             self.v, self.r, self.s = args[7:10]
             if self.r > 0 and self.s > 0:
                 rawhash = sha3(rlp.encode(self.serialize(False)))
                 pub = encode_pubkey(
                     ecdsa_raw_recover(rawhash, (self.v, self.r, self.s)),
                     'bin')
                 self.sender = sha3(pub[1:])[-20:].encode('hex')
         # does not include signature
         else:
             self.v, self.r, self.s = 0, 0, 0
             self.sender = 0
Exemple #29
0
def ecrecover_to_pub(rawhash, v, r, s):
    if secp256k1:
        # Legendre symbol check; the secp256k1 library does not seem to do this
        pk = secp256k1.PublicKey(flags=secp256k1.ALL_FLAGS)
        xc = r * r * r + 7
        assert pow(xc, (SECP256K1P - 1) // 2, SECP256K1P) == 1
        try:
            pk.public_key = pk.ecdsa_recover(
                rawhash,
                pk.ecdsa_recoverable_deserialize(
                    zpad(bytearray_to_bytestr(int_to_32bytearray(r)), 32) +
                    zpad(bytearray_to_bytestr(int_to_32bytearray(s)), 32),
                    v - 27
                ),
                raw=True
            )
            pub = pk.serialize(compressed=False)[1:]
        except:
            pub = b"\x00" * 64
    else:
        recovered_addr = ecdsa_raw_recover(rawhash, (v, r, s))
        pub = encode_pubkey(recovered_addr, 'bin_electrum')
    assert len(pub) == 64
    return pub
Exemple #30
0
def test_ecrecover(rounds = 100):
    st = time.time()
    rounds = 100
    for i in range(rounds):
        p = ecdsa_raw_recover(msg, vrs)
    print 'py took', (time.time() - st)
Exemple #31
0
def int_to_bytes(x):
    # pyethereum int to bytes does not handle negative numbers
    assert -(1<<255) <= x < (1<<255)
    return utils.int_to_bytes((1<<256) + x if x < 0 else x)

def broadcast(p, r, h, sig):
    print 'player[%d]'%p.i, 'broadcasts', r, h.encode('hex'), sig

def sign(h, priv):
    assert len(h) == 32
    V, R, S = bitcoin.ecdsa_raw_sign(h, priv)
    return V,R,S

def verify_signature(addr, h, (V,R,S)):
    pub = bitcoin.ecdsa_raw_recover(h, (V,R,S))
    pub = bitcoin.encode_pubkey(pub, 'bin')
    addr_ = utils.sha3(pub[1:])[12:]
    assert addr_ == addr
    return True

def getstatus():
    depositsL = contract.deposits(0)
    depositsR = contract.deposits(1)
    creditsL = contract.credits(0)
    creditsR = contract.credits(1)
    wdrawL = contract.withdrawals(0)
    wdrawR = contract.withdrawals(1)
    print 'Status:', ['OK','PENDING'][contract.status()]
    print '[L] deposits:', depositsL, 'credits:', creditsL, 'withdrawals:', wdrawL
    print '[R] deposits:', depositsR, 'credits:', creditsR, 'withdrawals:', wdrawR
Exemple #32
0
def verify_signature(addr, h, sig):
    pub = bitcoin.ecdsa_raw_recover(h, sig)  # sig=V,R,S
    pub = bitcoin.encode_pubkey(pub, 'bin')
    addr_ = utils.sha3(pub[1:])[12:]
    assert addr_ == addr
    return True
Exemple #33
0
def recover(messageHash, r, sv):
    return pubkey_to_ethaddr(
        b.ecdsa_raw_recover(messageHash, unpack_signature(r, sv)))
Exemple #34
0
def test_ecrecover(rounds=100):
    st = time.time()
    rounds = 100
    for i in range(rounds):
        p = ecdsa_raw_recover(msg, vrs)
    print 'py took', (time.time() - st)
Exemple #35
0
random.seed(12312421412)
from bitcoin import privtopub, encode_pubkey, ecdsa_raw_sign, ecdsa_raw_recover
import time
# import pyximport
# pyximport.install()
#from ecrecover import ecdsa_sign, ecdsa_verify, ecdsa_recover, test_big
from ecdsa_recover import ecdsa_raw_recover as c_ecdsa_raw_recover
from ecdsa_recover import ecdsa_raw_sign as c_ecdsa_raw_sign

priv = ''.join(chr(random.randint(0, 255)) for i in range(32))
pub = privtopub(priv)
msg = ''.join(chr(random.randint(0, 255)) for i in range(32))
vrs = ecdsa_raw_sign(msg, priv)
assert vrs == c_ecdsa_raw_sign(msg, priv)
p = ecdsa_raw_recover(msg, vrs)
p2 = c_ecdsa_raw_recover(msg, vrs)
assert p == p2
assert encode_pubkey(p, 'bin') == pub


def test_ecrecover(rounds=100):
    st = time.time()
    rounds = 100
    for i in range(rounds):
        p = ecdsa_raw_recover(msg, vrs)
    print 'py took', (time.time() - st)


def test_cecrecover(rounds=100):
    st = time.time()
Exemple #36
0
def verify_signature(addr, h, v_r_s):
    pub = bitcoin.ecdsa_raw_recover(h, v_r_s)
    pub = bitcoin.encode_pubkey(pub, 'bin')
    addr_ = keccak(pub[1:])[12:]
    return addr_.lower() == addr.lower()
Exemple #37
0
def apply_op(block, tx, msg, code, compustate):
    op, in_args, out_args = get_op_data(code, compustate.pc)
    # empty stack error
    if in_args > len(compustate.stack):
        return []
    # out of gas error
    fee = calcfee(block, tx, msg, compustate, op)
    if fee > compustate.gas:
        if debug:
            print("Out of gas", compustate.gas, "need", fee)
            print(op, list(reversed(compustate.stack)))
        return OUT_OF_GAS
    stackargs = []
    for i in range(in_args):
        stackargs.append(compustate.stack.pop())
    if debug:
        import serpent
        if op[:4] == 'PUSH':
            start, n = compustate.pc + 1, int(op[4:])
            print(op, utils.big_endian_to_int(code[start:start + n]))
        else:
            print(op, ' '.join(map(str, stackargs)),
                  serpent.decode_datalist(compustate.memory))
    # Apply operation
    oldgas = compustate.gas
    oldpc = compustate.pc
    compustate.gas -= fee
    compustate.pc += 1
    stk = compustate.stack
    mem = compustate.memory
    if op == 'STOP':
        return []
    elif op == 'ADD':
        stk.append((stackargs[0] + stackargs[1]) % 2 ** 256)
    elif op == 'SUB':
        stk.append((stackargs[0] - stackargs[1]) % 2 ** 256)
    elif op == 'MUL':
        stk.append((stackargs[0] * stackargs[1]) % 2 ** 256)
    elif op == 'DIV':
        if stackargs[1] == 0:
            return []
        stk.append(stackargs[0] / stackargs[1])
    elif op == 'MOD':
        if stackargs[1] == 0:
            return []
        stk.append(stackargs[0] % stackargs[1])
    elif op == 'SDIV':
        if stackargs[1] == 0:
            return []
        if stackargs[0] >= 2 ** 255:
            stackargs[0] -= 2 ** 256
        if stackargs[1] >= 2 ** 255:
            stackargs[1] -= 2 ** 256
        stk.append((stackargs[0] / stackargs[1]) % 2 ** 256)
    elif op == 'SMOD':
        if stackargs[1] == 0:
            return []
        if stackargs[0] >= 2 ** 255:
            stackargs[0] -= 2 ** 256
        if stackargs[1] >= 2 ** 255:
            stackargs[1] -= 2 ** 256
        stk.append((stackargs[0] % stackargs[1]) % 2 ** 256)
    elif op == 'EXP':
        stk.append(pow(stackargs[0], stackargs[1], 2 ** 256))
    elif op == 'NEG':
        stk.append(2 ** 256 - stackargs[0])
    elif op == 'LT':
        stk.append(1 if stackargs[0] < stackargs[1] else 0)
    elif op == 'GT':
        stk.append(1 if stackargs[0] > stackargs[1] else 0)
    elif op == 'SLT':
        if stackargs[0] >= 2 ** 255:
            stackargs[0] -= 2 ** 256
        if stackargs[1] >= 2 ** 255:
            stackargs[1] -= 2 ** 256
        stk.append(1 if stackargs[0] < stackargs[1] else 0)
    elif op == 'SGT':
        if stackargs[0] >= 2 ** 255:
            stackargs[0] -= 2 ** 256
        if stackargs[1] >= 2 ** 255:
            stackargs[1] -= 2 ** 256
        stk.append(1 if stackargs[0] > stackargs[1] else 0)
    elif op == 'EQ':
        stk.append(1 if stackargs[0] == stackargs[1] else 0)
    elif op == 'NOT':
        stk.append(0 if stackargs[0] else 1)
    elif op == 'AND':
        stk.append(stackargs[0] & stackargs[1])
    elif op == 'OR':
        stk.append(stackargs[0] | stackargs[1])
    elif op == 'XOR':
        stk.append(stackargs[0] ^ stackargs[1])
    elif op == 'BYTE':
        if stackargs[0] >= 32:
            stk.append(0)
        else:
            stk.append((stackargs[1] / 256 ** stackargs[0]) % 256)
    elif op == 'SHA3':
        if len(mem) < ceil32(stackargs[0] + stackargs[1]):
            mem.extend([0] * (ceil32(stackargs[0] + stackargs[1]) - len(mem)))
        data = ''.join(map(chr, mem[stackargs[0]:stackargs[0] + stackargs[1]]))
        print 'data time!'
        print data
        print data.encode('hex')
        stk.append(int(utils.sha3(data).encode('hex'), 16))
    elif op == 'ECVERIFY':
        # parameters: msg_hash (32), v (32), r (32), s (32), pubX (32), pubY (32)
        # stack should have all args
        msg_hash, v, r, s, pubX, pubY = stackargs
        pubX = utils.int_to_big_endian(pubX).encode('hex')
        pubY = utils.int_to_big_endian(pubY).encode('hex')
        msg_hash = utils.int_to_big_endian(msg_hash)
        pub = ('04' + pubX + pubY).decode('hex')
        verified = ecdsa_raw_verify(msg_hash, (v, r, s), pub)
        print 'verified: ', verified
        stk.append(verified)
    elif op == 'ECRECOVER':
        # parameters: msg_hash (32), v (32), r (32), s (32), p (64 - empty array to hold pubkey)
        # stack should have all args
        msg_hash, v, r, s = stackargs
        msg_hash = utils.int_to_big_endian(msg_hash)
        pubX, pubY = ecdsa_raw_recover(msg_hash, (v, r, s))
        stk.append(pubX)
        stk.append(pubY)
    elif op == 'PUB2ADDR':
        pubX, pubY = stackargs
        pubX = utils.int_to_big_endian(pubX).encode('hex')
        pubY = utils.int_to_big_endian(pubY).encode('hex')
        pub = pubX + pubY
        pub = pub.decode('hex')
        addr = utils.sha3(pub)[12:]
        stk.append(addr)
    elif op == 'ADDRESS':
        stk.append(msg.to)
    elif op == 'BALANCE':
        stk.append(block.get_balance(msg.to))
    elif op == 'ORIGIN':
        stk.append(tx.sender)
    elif op == 'CALLER':
        stk.append(utils.coerce_to_int(msg.sender))
    elif op == 'CALLVALUE':
        stk.append(msg.value)
    elif op == 'CALLDATALOAD':
        if stackargs[0] >= len(msg.data):
            stk.append(0)
        else:
            dat = msg.data[stackargs[0]:stackargs[0] + 32]
            stk.append(utils.big_endian_to_int(dat + '\x00' * (32 - len(dat))))
    elif op == 'CALLDATASIZE':
        stk.append(len(msg.data))
    elif op == 'CALLDATACOPY':
        if len(mem) < ceil32(stackargs[1] + stackargs[2]):
            mem.extend([0] * (ceil32(stackargs[1] + stackargs[2]) - len(mem)))
        for i in range(stackargs[2]):
            if stackargs[0] + i < len(msg.data):
                mem[stackargs[1] + i] = ord(msg.data[stackargs[0] + i])
            else:
                mem[stackargs[1] + i] = 0
    elif op == 'GASPRICE':
        stk.append(tx.gasprice)
    elif op == 'CODECOPY':
        if len(mem) < ceil32(stackargs[1] + stackargs[2]):
            mem.extend([0] * (ceil32(stackargs[1] + stackargs[2]) - len(mem)))
        for i in range(stackargs[2]):
            if stackargs[0] + i < len(code):
                mem[stackargs[1] + i] = ord(code[stackargs[0] + i])
            else:
                mem[stackargs[1] + i] = 0
    elif op == 'PREVHASH':
        stk.append(utils.big_endian_to_int(block.prevhash))
    elif op == 'COINBASE':
        stk.append(utils.big_endian_to_int(block.coinbase.decode('hex')))
    elif op == 'TIMESTAMP':
        stk.append(block.timestamp)
    elif op == 'NUMBER':
        stk.append(block.number)
    elif op == 'DIFFICULTY':
        stk.append(block.difficulty)
    elif op == 'GASLIMIT':
        stk.append(block.gaslimit)
    elif op == 'POP':
        pass
    elif op == 'DUP':
        stk.append(stackargs[0])
        stk.append(stackargs[0])
    elif op == 'SWAP':
        stk.append(stackargs[0])
        stk.append(stackargs[1])
    elif op == 'MLOAD':
        if len(mem) < ceil32(stackargs[0] + 32):
            mem.extend([0] * (ceil32(stackargs[0] + 32) - len(mem)))
        data = ''.join(map(chr, mem[stackargs[0]:stackargs[0] + 32]))
        stk.append(utils.big_endian_to_int(data))
    elif op == 'MSTORE':
        if len(mem) < ceil32(stackargs[0] + 32):
            mem.extend([0] * (ceil32(stackargs[0] + 32) - len(mem)))
        v = stackargs[1]
        #if isinstance(v, str):
        #    v = int(v.encode('hex'), 16)
        for i in range(31, -1, -1):
            mem[stackargs[0] + i] = v % 256
            v /= 256
    elif op == 'MSTORE8':
        if len(mem) < ceil32(stackargs[0] + 1):
            mem.extend([0] * (ceil32(stackargs[0] + 1) - len(mem)))
        mem[stackargs[0]] = stackargs[1] % 256
    elif op == 'SLOAD':
        stk.append(block.get_storage_data(msg.to, stackargs[0]))
    elif op == 'SSTORE':
        block.set_storage_data(msg.to, stackargs[0], stackargs[1])
    elif op == 'JUMP':
        compustate.pc = stackargs[0]
    elif op == 'JUMPI':
        if stackargs[1]:
            compustate.pc = stackargs[0]
    elif op == 'PC':
        stk.append(compustate.pc)
    elif op == 'MSIZE':
        stk.append(len(mem))
    elif op == 'GAS':
        stk.append(oldgas)
    elif op[:4] == 'PUSH':
        pushnum = int(op[4:])
        compustate.pc = oldpc + 1 + pushnum
        dat = code[oldpc + 1: oldpc + 1 + pushnum]
        stk.append(utils.big_endian_to_int(dat))
    elif op == 'CREATE':
        if len(mem) < ceil32(stackargs[2] + stackargs[3]):
            mem.extend([0] * (ceil32(stackargs[2] + stackargs[3]) - len(mem)))
        gas = stackargs[0]
        value = stackargs[1]
        data = ''.join(map(chr, mem[stackargs[2]:stackargs[2] + stackargs[3]]))
        if debug:
            print("Sub-contract:", msg.to, value, gas, data)
        addr, gas, code = create_contract(
            block, tx, Message(msg.to, '', value, gas, data))
        if debug:
            print("Output of contract creation:", addr, code)
        if addr:
            stk.append(utils.coerce_to_int(addr))
        else:
            stk.append(0)
    elif op == 'CALL':
        if len(mem) < ceil32(stackargs[3] + stackargs[4]):
            mem.extend([0] * (ceil32(stackargs[3] + stackargs[4]) - len(mem)))
        if len(mem) < ceil32(stackargs[5] + stackargs[6]):
            mem.extend([0] * (ceil32(stackargs[5] + stackargs[6]) - len(mem)))
        gas = stackargs[0]
        to = utils.encode_int(stackargs[1])
        to = (('\x00' * (32 - len(to))) + to)[12:]
        value = stackargs[2]
        data = ''.join(map(chr, mem[stackargs[3]:stackargs[3] + stackargs[4]]))
        if debug:
            print("Sub-call:", utils.coerce_addr_to_hex(msg.to),
                  utils.coerce_addr_to_hex(to), value, gas, data)
        result, gas, data = apply_msg(
            block, tx, Message(msg.to, to, value, gas, data))
        if debug:
            print("Output of sub-call:", result, data, "length", len(data),
                  "expected", stackargs[6])
        for i in range(stackargs[6]):
            mem[stackargs[5] + i] = 0
        if result == 0:
            stk.append(0)
        else:
            stk.append(1)
            compustate.gas += gas
            for i in range(len(data)):
                mem[stackargs[5] + i] = data[i]
    elif op == 'RETURN':
        if len(mem) < ceil32(stackargs[0] + stackargs[1]):
            mem.extend([0] * (ceil32(stackargs[0] + stackargs[1]) - len(mem)))
        return mem[stackargs[0]:stackargs[0] + stackargs[1]]
    elif op == 'SUICIDE':
        to = utils.encode_int(stackargs[0])
        to = (('\x00' * (32 - len(to))) + to)[12:]
        block.delta_balance(to, block.get_balance(msg.to))
        block.state.update(msg.to, '')
        return []
Exemple #38
0
import random
random.seed(12312421412)
from bitcoin import privtopub, encode_pubkey, ecdsa_raw_sign, ecdsa_raw_recover
import time
# import pyximport
# pyximport.install()
#from ecrecover import ecdsa_sign, ecdsa_verify, ecdsa_recover, test_big
from ecdsa_recover import ecdsa_raw_recover as c_ecdsa_raw_recover
from ecdsa_recover import ecdsa_raw_sign as c_ecdsa_raw_sign

priv = ''.join(chr(random.randint(0, 255)) for i in range(32))
pub = privtopub(priv)
msg = ''.join(chr(random.randint(0, 255)) for i in range(32))
vrs = ecdsa_raw_sign(msg, priv)
assert vrs == c_ecdsa_raw_sign(msg, priv)
p = ecdsa_raw_recover(msg, vrs)
p2 = c_ecdsa_raw_recover(msg, vrs)
assert p == p2
assert encode_pubkey(p, 'bin') == pub

def test_ecrecover(rounds = 100):
    st = time.time()
    rounds = 100
    for i in range(rounds):
        p = ecdsa_raw_recover(msg, vrs)
    print 'py took', (time.time() - st)

def test_cecrecover(rounds = 100):
    st = time.time()
    for i in range(rounds):
        p = c_ecdsa_raw_recover(msg, vrs)