ECDSA: add parse and tryParse #5814
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| --- | ||
| 'openzeppelin-solidity': minor | ||
| --- | ||
|
|
||
| `ECDSA`: Add `parse` and `parseCalldata` to parse bytes signatures of length 65 or 64 (eip-2098) into its v,r,s components. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -43,6 +43,13 @@ library ECDSA { | |
| * this function rejects them by requiring the `s` value to be in the lower | ||
| * half order, and the `v` value to be either 27 or 28. | ||
| * | ||
| * NOTE: This function also prevents signature malleability by only supporting 65 bytes long signatures, and | ||
| * rejecting eip-2098 short signatures. While this guarantee is still present, it is DEPRECATED and will be | ||
| * removed in the next major release (v6.0). Developers SHOULD NOT use signatures as unique identifiers. If an | ||
| * operation must me marked as consumed to prevent replayability, either the `hash` (or the `hash`/`recovered` | ||
| * pair if multiple accounts are to sign the same hash) should be invalidated. Nonces are also a viable solution. | ||
| * Marking the signatures as consumed is very strongly discouraged. | ||
| * | ||
| * IMPORTANT: `hash` _must_ be the result of a hash operation for the | ||
| * verification to be secure: it is possible to craft signatures that | ||
| * recover to arbitrary addresses for non-hashed data. A safe way to ensure | ||
|
|
@@ -106,6 +113,13 @@ library ECDSA { | |
| * this function rejects them by requiring the `s` value to be in the lower | ||
| * half order, and the `v` value to be either 27 or 28. | ||
| * | ||
| * NOTE: This function also prevents signature malleability by only supporting 65 bytes long signatures, and | ||
| * rejecting eip-2098 short signatures. While this guarantee is still present, it is DEPRECATED and will be | ||
| * removed in the next major release (v6.0). Developers SHOULD NOT use signatures as unique identifiers. If an | ||
| * operation must me marked as consumed to prevent replayability, either the `hash` (or the `hash`/`recovered` | ||
| * pair if multiple accounts are to sign the same hash) should be invalidated. Nonces are also a viable solution. | ||
| * Marking the signatures as consumed is very strongly discouraged. | ||
| * | ||
| * IMPORTANT: `hash` _must_ be the result of a hash operation for the | ||
| * verification to be secure: it is possible to craft signatures that | ||
| * recover to arbitrary addresses for non-hashed data. A safe way to ensure | ||
|
|
@@ -196,6 +210,63 @@ library ECDSA { | |
| return recovered; | ||
| } | ||
|
|
||
| /** | ||
| * @dev Parse a signature into its `v`, `r` and `s` components. Supports both 65 bytes and 64 bytes (eip-2098) | ||
Amxx marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| * signature formats. Returns 0, 0, 0 is the signature is not in a proper format. | ||
ernestognw marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| */ | ||
Amxx marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| function parse(bytes memory signature) internal pure returns (int8 v, bytes32 r, bytes32 s) { | ||
|
||
| assembly ("memory-safe") { | ||
| // Check the signature length | ||
| switch mload(signature) | ||
| // - case 65: r,s,v signature (standard) | ||
| case 65 { | ||
| r := mload(add(signature, 0x20)) | ||
| s := mload(add(signature, 0x40)) | ||
| v := byte(0, mload(add(signature, 0x60))) | ||
| } | ||
| // - case 64: r,vs signature (cf https://eips.ethereum.org/EIPS/eip-2098) | ||
| case 64 { | ||
| let vs := mload(add(signature, 0x40)) | ||
| r := mload(add(signature, 0x20)) | ||
| s := and(vs, shr(1, not(0))) | ||
| v := add(shr(255, vs), 27) | ||
| } | ||
| default { | ||
| r := 0 | ||
| s := 0 | ||
| v := 0 | ||
| } | ||
| } | ||
| } | ||
|
|
||
| /** | ||
| * @dev Variant of {parse} that takes a signature in calldata | ||
| */ | ||
| function parseCalldata(bytes calldata signature) internal pure returns (int8 v, bytes32 r, bytes32 s) { | ||
| assembly ("memory-safe") { | ||
| // Check the signature length | ||
| switch signature.length | ||
| // - case 65: r,s,v signature (standard) | ||
| case 65 { | ||
| r := calldataload(signature.offset) | ||
| s := calldataload(add(signature.offset, 0x20)) | ||
| v := byte(0, calldataload(add(signature.offset, 0x40))) | ||
| } | ||
| // - case 64: r,vs signature (cf https://eips.ethereum.org/EIPS/eip-2098) | ||
| case 64 { | ||
| let vs := calldataload(add(signature.offset, 0x20)) | ||
| r := calldataload(signature.offset) | ||
| s := and(vs, shr(1, not(0))) | ||
| v := add(shr(255, vs), 27) | ||
| } | ||
| default { | ||
| r := 0 | ||
| s := 0 | ||
| v := 0 | ||
| } | ||
| } | ||
| } | ||
|
|
||
| /** | ||
| * @dev Optionally reverts with the corresponding custom error according to the `error` argument provided. | ||
| */ | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.