ToECDSAPub was unsafe because it returned a non-nil key with nil X, Y in
case of invalid input. This change replaces ToECDSAPub with
UnmarshalPubkey across the codebase.
With this change,
key, err := crypto.HexToECDSA("000000...")
returns nil key and an error instead of a non-nil key with nil X
and Y inside. Issue found by @guidovranken.
We need those operations for p2p/enr.
Also upgrade github.com/btcsuite/btcd/btcec to the latest version
and improve BenchmarkSha3. The benchmark printed extra output
that confused tools like benchstat and ignored N.
- Use defined constants instead of hard-coding their integer value.
- Allocate secp256k1 structs on the C stack instead of converting []byte
- Remove dead code
To address increasing complexity in code that handles signatures, this PR
discards all notion of "different" signature types at the library level. Both
the crypto and accounts package is reduced to only be able to produce plain
canonical secp256k1 signatures. This makes the crpyto APIs much cleaner,
simpler and harder to abuse.
This commit includes several API changes:
- The behavior of eth_sign is changed. It now accepts an arbitrary
message, prepends the well-known string
\x19Ethereum Signed Message:\n<length of message>
hashes the result using keccak256 and calculates the signature of
the hash. This breaks backwards compatability!
- personal_sign(hash, address [, password]) is added. It has the same
semantics as eth_sign but also accepts a password. The private key
used to sign the hash is temporarily unlocked in the scope of the
request.
- personal_recover(message, signature) is added and returns the
address for the account that created a signature.
* change gas cost for contract creating txs
* invalidate signature with s value greater than secp256k1 N / 2
* OOG contract creation if not enough gas to store code
* new difficulty adjustment algorithm
* new DELEGATECALL op code
The Sha3 test contained the wrong expected result. Note that the
implementation hasn't changed, the test simply contained an outdated
expected value that was valid for the previous implementation.