From 040428f60734489ddb163ac3bac8c968b92010f8 Mon Sep 17 00:00:00 2001 From: David Murdoch <187813+davidmurdoch@users.noreply.github.com> Date: Fri, 15 Sep 2023 19:44:48 -0400 Subject: [PATCH] fix: regression in `eth_sign` signature `v` values (#4527) --- package.json | 3 +- packages/ethereum/ethereum/src/api.ts | 2 +- .../ethereum/tests/api/eth/sign.test.ts | 17 +++- scripts/update-ethereum-js.ts | 95 +++++++++++++++++++ 4 files changed, 114 insertions(+), 3 deletions(-) create mode 100644 scripts/update-ethereum-js.ts diff --git a/package.json b/package.json index b957ee65fc..c5cd9451f0 100644 --- a/package.json +++ b/package.json @@ -19,7 +19,8 @@ "start": "lerna exec --loglevel=silent --scope ganache -- npm run start --silent -- ", "test": "lerna exec --concurrency 1 -- npm run test", "tsc": "tsc --build", - "tsc.clean": "npx lerna exec -- npx shx rm -rf lib dist typings" + "tsc.clean": "npx lerna exec -- npx shx rm -rf lib dist typings", + "update-ethereumjs": "cd scripts && ts-node update-ethereumjs" }, "devDependencies": { "@istanbuljs/nyc-config-typescript": "1.0.2", diff --git a/packages/ethereum/ethereum/src/api.ts b/packages/ethereum/ethereum/src/api.ts index 93d5674e8a..c4289b6825 100644 --- a/packages/ethereum/ethereum/src/api.ts +++ b/packages/ethereum/ethereum/src/api.ts @@ -2079,7 +2079,7 @@ export default class EthereumApi implements Api { const messageHash = hashPersonalMessage(Data.toBuffer(message)); const { v, r, s } = ecsign(messageHash, privateKey.toBuffer()); - return toRpcSig(v, r, s); + return toRpcSig(v + 27n, r, s); } /** diff --git a/packages/ethereum/ethereum/tests/api/eth/sign.test.ts b/packages/ethereum/ethereum/tests/api/eth/sign.test.ts index ecfab32d06..f57726ba4e 100644 --- a/packages/ethereum/ethereum/tests/api/eth/sign.test.ts +++ b/packages/ethereum/ethereum/tests/api/eth/sign.test.ts @@ -8,6 +8,7 @@ import { } from "@ethereumjs/util"; import getProvider from "../../helpers/getProvider"; import { Data, Quantity } from "@ganache/utils"; +import { sign } from "crypto"; describe("api", () => { describe("eth", () => { @@ -37,10 +38,17 @@ describe("api", () => { const msgHash = hashPersonalMessage(msg); const address = accounts[0]; - let sgn = await provider.send("eth_sign", [ + let sgn: string = await provider.send("eth_sign", [ address, Data.toString(msg) ]); + + assert.strictEqual( + sgn.substring(sgn.length - 2), + "1c", // 28 in hex + "eth_sign should produce a v value of 27 or 28" + ); + const { v, r, s } = fromRpcSig(sgn); const pub = ecrecover(msgHash, v, r, s); @@ -59,7 +67,14 @@ describe("api", () => { let sgn = await provider.send("eth_sign", [accounts[0], msgHex]); + assert.strictEqual( + sgn.substring(sgn.length - 2), + "1c", // 28 in hex + "eth_sign should produce a v value of 27 or 28" + ); + const { v, r, s } = fromRpcSig(sgn); + const pub = ecrecover(msgHash, v, r, s); const addr = fromSigned(pubToAddress(pub)); const strAddr = Data.toString(Quantity.toBuffer(addr), 20); diff --git a/scripts/update-ethereum-js.ts b/scripts/update-ethereum-js.ts new file mode 100644 index 0000000000..8cc014d9a9 --- /dev/null +++ b/scripts/update-ethereum-js.ts @@ -0,0 +1,95 @@ +// search through all folders in the parent directory to find all package.json +// files. Then read each file looking for ethereumjs dependencies, +// devDependencies, or optionalDependencies. If found, update the version +// number to the latest version on npm (by querying the npm registry). + +import * as fs from "fs"; +import * as path from "path"; +import * as util from "util"; +import * as child_process from "child_process"; +import * as https from "https"; + +const readdir = util.promisify(fs.readdir); +const readFile = util.promisify(fs.readFile); +const writeFile = util.promisify(fs.writeFile); +const exec = util.promisify(child_process.exec); + +const parentDir = path.resolve(__dirname, "../"); + +async function findPackageFiles(dir: string): Promise { + const files: string[] = []; + const dirents = await readdir(dir, { withFileTypes: true }); + + for (const dirent of dirents) { + const res = path.resolve(dir, dirent.name); + if (dirent.isDirectory() && dirent.name !== "node_modules") { + const subFiles = await findPackageFiles(res); + files.push(...subFiles); + } else if (dirent.isFile() && dirent.name === "package.json") { + files.push(res); + } + } + + return files; +} + +const cache = new Map(); + +async function updateDependencies(packagePath: string) { + const packageData = await readFile(packagePath, { encoding: "utf-8" }); + const packageJson = JSON.parse(packageData); + + const dependencies = [ + [[...Object.entries(packageJson.dependencies ?? {})], "dependencies"], + [[...Object.entries(packageJson.devDependencies ?? {})], "devDependencies"], + [ + [...Object.entries(packageJson.optionalDependencies ?? {})], + "optionalDependencies" + ] + ] as [[string, string][], string][]; + + let changed = false; + + for (const [matches, group] of dependencies) { + for (const [name, version] of matches) { + if (name.startsWith("@ethereumjs/")) { + const response = cache.has(name) + ? cache.get(name)! + : await new Promise((resolve, reject) => { + https + .get(`https://registry.npmjs.org/${name}`, res => { + const chunks: Uint8Array[] = []; + res.on("data", chunk => chunks.push(chunk)); + res.on("end", () => resolve(Buffer.concat(chunks))); + }) + .on("error", reject); + }); + if (cache.has(name)) { + cache.set(name, response); + } + const registryData = JSON.parse(response.toString()); + const latestVersion = registryData["dist-tags"].latest; + if (version !== latestVersion) { + packageJson[group][name] = latestVersion; + changed = true; + } + } + } + } + + if (changed) { + await writeFile(packagePath, JSON.stringify(packageJson, null, 2)); + } +} + +async function main() { + const packagePaths = await findPackageFiles(parentDir); + + for (const packagePath of packagePaths) { + await updateDependencies(packagePath); + } + + await exec("npm run reinstall", { cwd: parentDir }); +} + +main().catch(console.error);