openzeppelin-contracts/contracts/cryptography/ECDSA.sol

pragma solidity ^0.5.0;

/**
 * @title Elliptic curve signature operations
 * @dev Based on https://gist.github.com/axic/5b33912c6f61ae6fd96d6c4a47afde6d
 * TODO Remove this library once solidity supports passing a signature to ecrecover.
 * See https://github.com/ethereum/solidity/issues/864
 */

library ECDSA {
    /**
     * @dev Recover signer address from a message by using their signature.
     * @param hash bytes32 message, the hash is the signed message. What is recovered is the signer address.
     * @param signature bytes signature, the signature is generated using web3.eth.sign()
     */
    function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {
        // Check the signature length
        if (signature.length != 65) {
            return (address(0));
        }

        // Divide the signature in r, s and v variables
        bytes32 r;
        bytes32 s;
        uint8 v;

        // ecrecover takes the signature parameters, and the only way to get them
        // currently is to use assembly.
        // solhint-disable-next-line no-inline-assembly
        assembly {
            r := mload(add(signature, 0x20))
            s := mload(add(signature, 0x40))
            v := byte(0, mload(add(signature, 0x60)))
        }

        // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature
        // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines
        // the valid range for s in (281): 0 < s < secp256k1n ÷ 2 + 1, and for v in (282): v ∈ {27, 28}. Most
        // signatures from current libraries generate a unique signature with an s-value in the lower half order.
        //
        // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value
        // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or
        // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept
        // these malleable signatures as well.
        if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {
            return address(0);
        }

        if (v != 27 && v != 28) {
            return address(0);
        }

        // If the signature is valid (and not malleable), return the signer address
        return ecrecover(hash, v, r, s);
    }

    /**
     * toEthSignedMessageHash
     * @dev Prefix a bytes32 value with "\x19Ethereum Signed Message:"
     * and hash the result.
     */
    function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32) {
        // 32 is the length in bytes of hash,
        // enforced by the type signature above
        return keccak256(abi.encodePacked("\x19Ethereum Signed Message:\n32", hash));
    }
}
Revert Solidity version bump. (#1729) 6 years ago			`pragma solidity ^0.5.0;`
ECRecovery library added with test and docs 8 years ago
			`/**`
Fix typos (#1082) 7 years ago			`* @title Elliptic curve signature operations`
Added NatSpec documentation on ECRecovery contract 8 years ago			`* @dev Based on https://gist.github.com/axic/5b33912c6f61ae6fd96d6c4a47afde6d`
tests: fix most of the static warnings (#844) 7 years ago			`* TODO Remove this library once solidity supports passing a signature to ecrecover.`
			`* See https://github.com/ethereum/solidity/issues/864`
Added NatSpec documentation on ECRecovery contract 8 years ago			`*/`

Move contracts to subdirectories (#1253) * Move contracts to subdirectories Fixes #1177. This Change also removes the LimitBalance contract. * fix import * move MerkleProof to cryptography * Fix import 7 years ago			`library ECDSA {`
Updated code style to 4 space indentation and 120 characters per line. (#1508) * Updated code style to 4 spaces and 120 max characters per line. * Update contracts/token/ERC721/ERC721Pausable.sol Co-Authored-By: nventuro <nicolas.venturo@gmail.com> * Update contracts/token/ERC721/IERC721.sol Co-Authored-By: nventuro <nicolas.venturo@gmail.com> 6 years ago			`/**`
Added basic punctuation to @dev docs (#1697) (#1700) * Added basic punctuation to @dev docs (#1697) * add missing uppercase 6 years ago			`* @dev Recover signer address from a message by using their signature.`
Updated code style to 4 space indentation and 120 characters per line. (#1508) * Updated code style to 4 spaces and 120 max characters per line. * Update contracts/token/ERC721/ERC721Pausable.sol Co-Authored-By: nventuro <nicolas.venturo@gmail.com> * Update contracts/token/ERC721/IERC721.sol Co-Authored-By: nventuro <nicolas.venturo@gmail.com> 6 years ago			`* @param hash bytes32 message, the hash is the signed message. What is recovered is the signer address.`
			`* @param signature bytes signature, the signature is generated using web3.eth.sign()`
			`*/`
Release v2.1.0 solc 0.5.x (#1568) * Now compiling in a separate directory using truffle 5. * Ported to 0.5.1, now compiling using 0.5.1. * test now also compiles using the truffle 5 hack. * Downgraded to 0.5.0. * Sorted scripts. * Cleaned up the compile script a bit. 6 years ago			`function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {`
Updated code style to 4 space indentation and 120 characters per line. (#1508) * Updated code style to 4 spaces and 120 max characters per line. * Update contracts/token/ERC721/ERC721Pausable.sol Co-Authored-By: nventuro <nicolas.venturo@gmail.com> * Update contracts/token/ERC721/IERC721.sol Co-Authored-By: nventuro <nicolas.venturo@gmail.com> 6 years ago			`// Check the signature length`
			`if (signature.length != 65) {`
			`return (address(0));`
			`}`

			`// Divide the signature in r, s and v variables`
Signature Malleability: (#1622) * Transaction Malleability: If you allow for both values 0/1 and 27/28, you allow two different signatures both resulting in a same valid recovery. (r,s,0/1) and (r,s,27/28) would both be valid, recover the same public key and sign the same data. Furthermore, given (r,s,0/1), (r,s,27/28) can be constructed by anyone. * Transaction Malleability: EIP-2 still allows signature malleabality for ecrecover(), remove this possibility and force the signature to be unique. * Added a reference to appendix F to the yellow paper and improved comment. * better test description for testing the version 0, which returns a zero address * Check that the conversion from 0/1 to 27/28 only happens if its 0/1 * improved formatting * Refactor ECDSA code a bit. * Refactor ECDSA tests a bit. * Add changelog entry. * Add high-s check test. 6 years ago			`bytes32 r;`
			`bytes32 s;`
			`uint8 v;`

Updated code style to 4 space indentation and 120 characters per line. (#1508) * Updated code style to 4 spaces and 120 max characters per line. * Update contracts/token/ERC721/ERC721Pausable.sol Co-Authored-By: nventuro <nicolas.venturo@gmail.com> * Update contracts/token/ERC721/IERC721.sol Co-Authored-By: nventuro <nicolas.venturo@gmail.com> 6 years ago			`// ecrecover takes the signature parameters, and the only way to get them`
			`// currently is to use assembly.`
Replaced Solium in favor of Solhint (#1575) * Adding solhint, working on style fixes. * Upgraded to solhint 1.5.0. * Removed all references to Solium * Updated mocks to make the pass the new linter rules. * Reformatted the .solhint.json file a bit. * Removed Solium configuration files. * Remove Solium dependency. * Add comment explaing disabled time rule in TokenVesting. * Revert to the old (ugly?) style. * Revert SignatureBouncerMock style. * Fix ERC165InterfacesSupported interface. 6 years ago			`// solhint-disable-next-line no-inline-assembly`
Updated code style to 4 space indentation and 120 characters per line. (#1508) * Updated code style to 4 spaces and 120 max characters per line. * Update contracts/token/ERC721/ERC721Pausable.sol Co-Authored-By: nventuro <nicolas.venturo@gmail.com> * Update contracts/token/ERC721/IERC721.sol Co-Authored-By: nventuro <nicolas.venturo@gmail.com> 6 years ago			`assembly {`
			`r := mload(add(signature, 0x20))`
			`s := mload(add(signature, 0x40))`
			`v := byte(0, mload(add(signature, 0x60)))`
			`}`

Signature Malleability: (#1622) * Transaction Malleability: If you allow for both values 0/1 and 27/28, you allow two different signatures both resulting in a same valid recovery. (r,s,0/1) and (r,s,27/28) would both be valid, recover the same public key and sign the same data. Furthermore, given (r,s,0/1), (r,s,27/28) can be constructed by anyone. * Transaction Malleability: EIP-2 still allows signature malleabality for ecrecover(), remove this possibility and force the signature to be unique. * Added a reference to appendix F to the yellow paper and improved comment. * better test description for testing the version 0, which returns a zero address * Check that the conversion from 0/1 to 27/28 only happens if its 0/1 * improved formatting * Refactor ECDSA code a bit. * Refactor ECDSA tests a bit. * Add changelog entry. * Add high-s check test. 6 years ago			`// EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature`
			`// unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines`
			`// the valid range for s in (281): 0 < s < secp256k1n ÷ 2 + 1, and for v in (282): v ∈ {27, 28}. Most`
			`// signatures from current libraries generate a unique signature with an s-value in the lower half order.`
			`//`
			`// If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value`
			`// with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or`
			`// vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept`
			`// these malleable signatures as well.`
			`if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {`
			`return address(0);`
Updated code style to 4 space indentation and 120 characters per line. (#1508) * Updated code style to 4 spaces and 120 max characters per line. * Update contracts/token/ERC721/ERC721Pausable.sol Co-Authored-By: nventuro <nicolas.venturo@gmail.com> * Update contracts/token/ERC721/IERC721.sol Co-Authored-By: nventuro <nicolas.venturo@gmail.com> 6 years ago			`}`

			`if (v != 27 && v != 28) {`
Signature Malleability: (#1622) * Transaction Malleability: If you allow for both values 0/1 and 27/28, you allow two different signatures both resulting in a same valid recovery. (r,s,0/1) and (r,s,27/28) would both be valid, recover the same public key and sign the same data. Furthermore, given (r,s,0/1), (r,s,27/28) can be constructed by anyone. * Transaction Malleability: EIP-2 still allows signature malleabality for ecrecover(), remove this possibility and force the signature to be unique. * Added a reference to appendix F to the yellow paper and improved comment. * better test description for testing the version 0, which returns a zero address * Check that the conversion from 0/1 to 27/28 only happens if its 0/1 * improved formatting * Refactor ECDSA code a bit. * Refactor ECDSA tests a bit. * Add changelog entry. * Add high-s check test. 6 years ago			`return address(0);`
Updated code style to 4 space indentation and 120 characters per line. (#1508) * Updated code style to 4 spaces and 120 max characters per line. * Update contracts/token/ERC721/ERC721Pausable.sol Co-Authored-By: nventuro <nicolas.venturo@gmail.com> * Update contracts/token/ERC721/IERC721.sol Co-Authored-By: nventuro <nicolas.venturo@gmail.com> 6 years ago			`}`
Signature Malleability: (#1622) * Transaction Malleability: If you allow for both values 0/1 and 27/28, you allow two different signatures both resulting in a same valid recovery. (r,s,0/1) and (r,s,27/28) would both be valid, recover the same public key and sign the same data. Furthermore, given (r,s,0/1), (r,s,27/28) can be constructed by anyone. * Transaction Malleability: EIP-2 still allows signature malleabality for ecrecover(), remove this possibility and force the signature to be unique. * Added a reference to appendix F to the yellow paper and improved comment. * better test description for testing the version 0, which returns a zero address * Check that the conversion from 0/1 to 27/28 only happens if its 0/1 * improved formatting * Refactor ECDSA code a bit. * Refactor ECDSA tests a bit. * Add changelog entry. * Add high-s check test. 6 years ago
			`// If the signature is valid (and not malleable), return the signer address`
			`return ecrecover(hash, v, r, s);`
Fix ECRecovery contract indentation Fix ident on github Fix ident github Fix ident on github 8 years ago			`}`
ECRecovery library added with test and docs 8 years ago
Updated code style to 4 space indentation and 120 characters per line. (#1508) * Updated code style to 4 spaces and 120 max characters per line. * Update contracts/token/ERC721/ERC721Pausable.sol Co-Authored-By: nventuro <nicolas.venturo@gmail.com> * Update contracts/token/ERC721/IERC721.sol Co-Authored-By: nventuro <nicolas.venturo@gmail.com> 6 years ago			`/**`
			`* toEthSignedMessageHash`
Added basic punctuation to @dev docs (#1697) (#1700) * Added basic punctuation to @dev docs (#1697) * add missing uppercase 6 years ago			`* @dev Prefix a bytes32 value with "\x19Ethereum Signed Message:"`
			`* and hash the result.`
Updated code style to 4 space indentation and 120 characters per line. (#1508) * Updated code style to 4 spaces and 120 max characters per line. * Update contracts/token/ERC721/ERC721Pausable.sol Co-Authored-By: nventuro <nicolas.venturo@gmail.com> * Update contracts/token/ERC721/IERC721.sol Co-Authored-By: nventuro <nicolas.venturo@gmail.com> 6 years ago			`*/`
			`function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32) {`
			`// 32 is the length in bytes of hash,`
			`// enforced by the type signature above`
			`return keccak256(abi.encodePacked("\x19Ethereum Signed Message:\n32", hash));`
Added function helper, few changes on ECRecover lib 8 years ago			`}`
ECRecovery library added with test and docs 8 years ago			`}`