Merge pull request #43 from okx/trx_verifyV2

support: Trx verifyV2, Ton highload v3 address

common/coin.go

@@ -21,8 +21,9 @@ const (
 	RvnMessageSignatureHeader  = "Raven Signed Message:\n"
 	ZecMessageSignatureHeader  = "Zcash Signed Message:\n"
 
-	EthMessageSignatureHeader  = "\x19Ethereum Signed Message:\n32"
-	TronMessageSignatureHeader = "\x19TRON Signed Message:\n32"
+	EthMessageSignatureHeader    = "\x19Ethereum Signed Message:\n32"
+	TronMessageSignatureHeader   = "\x19TRON Signed Message:\n32"
+	TronMessageV2SignatureHeader = "\x19TRON Signed Message:\n"
 
 	OKXMessageSignatureHeader = "OKX Signed Message:\n"
 )

common/crypto_test.go

@@ -20,6 +20,11 @@ func TestTRXVerifySignature(t *testing.T) {
 	if err := VerifyTRX(addr, msg, sign); err != nil {
 		t.Errorf(err.Error())
 	}
+
+	sign = "0xaddfb6bc248de8de0051d3ea225496091af596a5fffed3ee19a93c827687974d3305f869a86208e03886ec9d1423bb264405b6ef0813b3751080f82bd7a906451c"
+	if err := VerifyTRX(addr, msg, sign); err != nil {
+		t.Errorf(err.Error())
+	}
 }
 
 func TestVerifyUtxoCoinSignature(t *testing.T) {

common/hash.go

@@ -2,6 +2,7 @@ package common
 
 import (
 	"bytes"
+	"fmt"
 	"github.com/btcsuite/btcd/chaincfg/chainhash"
 	"github.com/btcsuite/btcd/wire"
 )
@@ -49,3 +50,15 @@ func HashTrxMsg(msg string) []byte {
 	expectedMessageHash := Keccak256(buf.Bytes())
 	return expectedMessageHash
 }
+
+func HashTrxMsgV2(msg string) []byte {
+	length := fmt.Sprintf("%d", len(msg))
+
+	var buf bytes.Buffer
+	buf.WriteString(TronMessageV2SignatureHeader)
+	buf.WriteString(length)
+	buf.WriteString(msg)
+
+	expectedMessageHash := Keccak256(buf.Bytes())
+	return expectedMessageHash
+}

common/verify.go

@@ -56,7 +56,19 @@ func VerifyBETH(addr, msg, sign string) error {
 }
 
 func VerifyTRX(addr, msg, sign string) error {
-	hash := HashTrxMsg(msg)
+	hashFuncs := []func(string) []byte{HashTrxMsg, HashTrxMsgV2}
+
+	for _, hashFunc := range hashFuncs {
+		if verifyTRX(addr, msg, sign, hashFunc) == nil {
+			return nil
+		}
+	}
+
+	return ErrInvalidSign
+}
+
+func verifyTRX(addr, msg, sign string, hashFunc func(string) []byte) error {
+	hash := hashFunc(msg)
 	s := MustDecode(sign)
 	pub, err := sigToPub(hash, s)
 	if err != nil {
@@ -291,7 +303,7 @@ func VerifyEd25519Coin(coin, addr, msg, sign, pubkey string) error {
 	if !exist {
 		return fmt.Errorf("invalid coin type %s, addr:%s", coin, addr)
 	}
-	var recoverAddr string
+	var recoverAddrs []string
 	switch addrType {
 	case "SOL":
 		out := [32]byte{}
@@ -304,31 +316,40 @@ func VerifyEd25519Coin(coin, addr, msg, sign, pubkey string) error {
 			max = byteCount
 		}
 		copy(out[:], pubkeyBytes[0:max])
-		recoverAddr = base58.Encode(out[:])
+		recoverAddrs = append(recoverAddrs, base58.Encode(out[:]))
 	case "APTOS":
 		publicKey := append(pubkeyBytes, 0x0)
-		recoverAddr = "0x" + hex.EncodeToString(Sha256Hash(publicKey))
+		rAddr := "0x" + hex.EncodeToString(Sha256Hash(publicKey))
 		// Short address type: if address starts with 0x0, replace.
 		re, _ := regexp.Compile("^0x0*")
-		recoverAddr = re.ReplaceAllString(recoverAddr, "0x")
-
+		recoverAddrs = append(recoverAddrs, re.ReplaceAllString(rAddr, "0x"))
 	case "TON":
-		a, err := tonWallet.AddressFromPubKey(pubkeyBytes, tonWallet.V3, tonWallet.DefaultSubwallet)
+		walletV3, err := tonWallet.AddressFromPubKey(pubkeyBytes, tonWallet.V3, tonWallet.DefaultSubwallet)
+		if err != nil {
+			return fmt.Errorf("%s, coin: %s, addr: %s, error: %v", ErrInvalidSign, coin, addr, err)
+		}
+		recoverAddrs = append(recoverAddrs, walletV3.String())
+
+		walletHighload, err := tonWallet.AddressFromPubKey(pubkeyBytes, tonWallet.ConfigHighloadV3{MessageTTL: 60 * 60 * 12}, 4269)
 		if err != nil {
 			return fmt.Errorf("%s, coin: %s, addr: %s, error: %v", ErrInvalidSign, coin, addr, err)
 		}
-		recoverAddr = a.String()
+		recoverAddrs = append(recoverAddrs, walletHighload.String())
 	case "DOT":
 		rAddr, err := GetDotAddressFromPublicKey(pubkey)
 		if err != nil {
 			return fmt.Errorf("%s, coin: %s, addr: %s, error: %v", ErrInvalidSign, coin, addr, err)
 		}
-		recoverAddr = rAddr
+		recoverAddrs = append(recoverAddrs, rAddr)
 	}
-	if strings.ToLower(recoverAddr) != strings.ToLower(addr) {
-		return fmt.Errorf("recovery address not match, coin:%s, recoverAddr:%s, addr:%s", coin, recoverAddr, addr)
+
+	for _, recoverAddr := range recoverAddrs {
+		if strings.ToLower(recoverAddr) == strings.ToLower(addr) {
+			return nil
+		}
 	}
-	return nil
+
+	return fmt.Errorf("recovery address not match, coin:%s, recoverAddrs:%v, addr:%s", coin, recoverAddrs, addr)
 }
 
 func VerifyEcdsaCoin(coin, addr, msg, sign string) error {

go.mod

@@ -20,8 +20,8 @@ require (
 	github.com/shopspring/decimal v1.3.1
 	github.com/sirupsen/logrus v1.9.0
 	github.com/spf13/cobra v1.6.1
-	github.com/xssnick/tonutils-go v1.6.2
-	golang.org/x/crypto v0.7.0
+	github.com/xssnick/tonutils-go v1.9.8
+	golang.org/x/crypto v0.17.0
 )
 
 require (
@@ -39,13 +39,14 @@ require (
 	github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db // indirect
 	github.com/mr-tron/base58 v1.2.0 // indirect
 	github.com/multiformats/go-multihash v0.2.1 // indirect
+	github.com/oasisprotocol/curve25519-voi v0.0.0-20220328075252-7dd334e3daae // indirect
 	github.com/openweb3/go-rpc-provider v0.3.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/rivo/uniseg v0.2.0 // indirect
 	github.com/sigurn/crc16 v0.0.0-20211026045750-20ab5afb07e3 // indirect
 	github.com/spaolacci/murmur3 v1.1.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	golang.org/x/term v0.6.0 // indirect
+	golang.org/x/term v0.15.0 // indirect
 )
 
 require (
@@ -65,7 +66,7 @@ require (
 	github.com/polydawn/refmt v0.89.0 // indirect
 	github.com/smartystreets/assertions v1.13.0 // indirect
 	github.com/whyrusleeping/cbor-gen v0.0.0-20230126041949-52956bd4c9aa // indirect
-	golang.org/x/sys v0.7.0 // indirect
+	golang.org/x/sys v0.15.0 // indirect
 	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
 	lukechampine.com/blake3 v1.1.7 // indirect
 )