diff --git a/common/coin.go b/common/coin.go index 2648556..ec83a65 100644 --- a/common/coin.go +++ b/common/coin.go @@ -21,8 +21,9 @@ const ( RvnMessageSignatureHeader = "Raven Signed Message:\n" ZecMessageSignatureHeader = "Zcash Signed Message:\n" - EthMessageSignatureHeader = "\x19Ethereum Signed Message:\n32" - TronMessageSignatureHeader = "\x19TRON Signed Message:\n32" + EthMessageSignatureHeader = "\x19Ethereum Signed Message:\n32" + TronMessageSignatureHeader = "\x19TRON Signed Message:\n32" + TronMessageV2SignatureHeader = "\x19TRON Signed Message:\n" OKXMessageSignatureHeader = "OKX Signed Message:\n" ) diff --git a/common/crypto_test.go b/common/crypto_test.go index 37fd319..528b2ae 100644 --- a/common/crypto_test.go +++ b/common/crypto_test.go @@ -20,6 +20,11 @@ func TestTRXVerifySignature(t *testing.T) { if err := VerifyTRX(addr, msg, sign); err != nil { t.Errorf(err.Error()) } + + sign = "0xaddfb6bc248de8de0051d3ea225496091af596a5fffed3ee19a93c827687974d3305f869a86208e03886ec9d1423bb264405b6ef0813b3751080f82bd7a906451c" + if err := VerifyTRX(addr, msg, sign); err != nil { + t.Errorf(err.Error()) + } } func TestVerifyUtxoCoinSignature(t *testing.T) { diff --git a/common/hash.go b/common/hash.go index 2e7319a..98f7bde 100644 --- a/common/hash.go +++ b/common/hash.go @@ -2,6 +2,7 @@ package common import ( "bytes" + "fmt" "github.com/btcsuite/btcd/chaincfg/chainhash" "github.com/btcsuite/btcd/wire" ) @@ -49,3 +50,15 @@ func HashTrxMsg(msg string) []byte { expectedMessageHash := Keccak256(buf.Bytes()) return expectedMessageHash } + +func HashTrxMsgV2(msg string) []byte { + length := fmt.Sprintf("%d", len(msg)) + + var buf bytes.Buffer + buf.WriteString(TronMessageV2SignatureHeader) + buf.WriteString(length) + buf.WriteString(msg) + + expectedMessageHash := Keccak256(buf.Bytes()) + return expectedMessageHash +} diff --git a/common/verify.go b/common/verify.go index b6abaf3..2fef02b 100644 --- a/common/verify.go +++ b/common/verify.go @@ -56,7 +56,19 @@ func VerifyBETH(addr, msg, sign string) error { } func VerifyTRX(addr, msg, sign string) error { - hash := HashTrxMsg(msg) + hashFuncs := []func(string) []byte{HashTrxMsg, HashTrxMsgV2} + + for _, hashFunc := range hashFuncs { + if verifyTRX(addr, msg, sign, hashFunc) == nil { + return nil + } + } + + return ErrInvalidSign +} + +func verifyTRX(addr, msg, sign string, hashFunc func(string) []byte) error { + hash := hashFunc(msg) s := MustDecode(sign) pub, err := sigToPub(hash, s) if err != nil { @@ -291,7 +303,7 @@ func VerifyEd25519Coin(coin, addr, msg, sign, pubkey string) error { if !exist { return fmt.Errorf("invalid coin type %s, addr:%s", coin, addr) } - var recoverAddr string + var recoverAddrs []string switch addrType { case "SOL": out := [32]byte{} @@ -304,31 +316,40 @@ func VerifyEd25519Coin(coin, addr, msg, sign, pubkey string) error { max = byteCount } copy(out[:], pubkeyBytes[0:max]) - recoverAddr = base58.Encode(out[:]) + recoverAddrs = append(recoverAddrs, base58.Encode(out[:])) case "APTOS": publicKey := append(pubkeyBytes, 0x0) - recoverAddr = "0x" + hex.EncodeToString(Sha256Hash(publicKey)) + rAddr := "0x" + hex.EncodeToString(Sha256Hash(publicKey)) // Short address type: if address starts with 0x0, replace. re, _ := regexp.Compile("^0x0*") - recoverAddr = re.ReplaceAllString(recoverAddr, "0x") - + recoverAddrs = append(recoverAddrs, re.ReplaceAllString(rAddr, "0x")) case "TON": - a, err := tonWallet.AddressFromPubKey(pubkeyBytes, tonWallet.V3, tonWallet.DefaultSubwallet) + walletV3, err := tonWallet.AddressFromPubKey(pubkeyBytes, tonWallet.V3, tonWallet.DefaultSubwallet) + if err != nil { + return fmt.Errorf("%s, coin: %s, addr: %s, error: %v", ErrInvalidSign, coin, addr, err) + } + recoverAddrs = append(recoverAddrs, walletV3.String()) + + walletHighload, err := tonWallet.AddressFromPubKey(pubkeyBytes, tonWallet.ConfigHighloadV3{MessageTTL: 60 * 60 * 12}, 4269) if err != nil { return fmt.Errorf("%s, coin: %s, addr: %s, error: %v", ErrInvalidSign, coin, addr, err) } - recoverAddr = a.String() + recoverAddrs = append(recoverAddrs, walletHighload.String()) case "DOT": rAddr, err := GetDotAddressFromPublicKey(pubkey) if err != nil { return fmt.Errorf("%s, coin: %s, addr: %s, error: %v", ErrInvalidSign, coin, addr, err) } - recoverAddr = rAddr + recoverAddrs = append(recoverAddrs, rAddr) } - if strings.ToLower(recoverAddr) != strings.ToLower(addr) { - return fmt.Errorf("recovery address not match, coin:%s, recoverAddr:%s, addr:%s", coin, recoverAddr, addr) + + for _, recoverAddr := range recoverAddrs { + if strings.ToLower(recoverAddr) == strings.ToLower(addr) { + return nil + } } - return nil + + return fmt.Errorf("recovery address not match, coin:%s, recoverAddrs:%v, addr:%s", coin, recoverAddrs, addr) } func VerifyEcdsaCoin(coin, addr, msg, sign string) error { diff --git a/go.mod b/go.mod index 3ea47d3..2f05871 100644 --- a/go.mod +++ b/go.mod @@ -20,8 +20,8 @@ require ( github.com/shopspring/decimal v1.3.1 github.com/sirupsen/logrus v1.9.0 github.com/spf13/cobra v1.6.1 - github.com/xssnick/tonutils-go v1.6.2 - golang.org/x/crypto v0.7.0 + github.com/xssnick/tonutils-go v1.9.8 + golang.org/x/crypto v0.17.0 ) require ( @@ -39,13 +39,14 @@ require ( github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db // indirect github.com/mr-tron/base58 v1.2.0 // indirect github.com/multiformats/go-multihash v0.2.1 // indirect + github.com/oasisprotocol/curve25519-voi v0.0.0-20220328075252-7dd334e3daae // indirect github.com/openweb3/go-rpc-provider v0.3.0 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/rivo/uniseg v0.2.0 // indirect github.com/sigurn/crc16 v0.0.0-20211026045750-20ab5afb07e3 // indirect github.com/spaolacci/murmur3 v1.1.0 // indirect github.com/spf13/pflag v1.0.5 // indirect - golang.org/x/term v0.6.0 // indirect + golang.org/x/term v0.15.0 // indirect ) require ( @@ -65,7 +66,7 @@ require ( github.com/polydawn/refmt v0.89.0 // indirect github.com/smartystreets/assertions v1.13.0 // indirect github.com/whyrusleeping/cbor-gen v0.0.0-20230126041949-52956bd4c9aa // indirect - golang.org/x/sys v0.7.0 // indirect + golang.org/x/sys v0.15.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect lukechampine.com/blake3 v1.1.7 // indirect )