[release/1.3.4] parmas, crypto, core, core/vm: homestead consensus protocol changes

* change gas cost for contract creating txs * invalidate signature with s value greater than secp256k1 N / 2 * OOG contract creation if not enough gas to store code * new difficulty adjustment algorithm * new DELEGATECALL op code Conflicts: core/vm/environment.go crypto/crypto.go crypto/secp256k1/secp256.go eth/api.go
2015-11-27 15:40:29 +01:00
parent 300f1e2abf
commit 61404979ed
54 changed files with 25877 additions and 11223 deletions
--- a/crypto/crypto.go
+++ b/crypto/crypto.go
@ -171,12 +171,21 @@ func GenerateKey() (*ecdsa.PrivateKey, error) {
 	return ecdsa.GenerateKey(S256(), rand.Reader)
 }

-func ValidateSignatureValues(v byte, r, s *big.Int) bool {
+func ValidateSignatureValues(v byte, r, s *big.Int, homestead bool) bool {
 	if r.Cmp(common.Big1) < 0 || s.Cmp(common.Big1) < 0 {
 		return false
 	}
 	vint := uint32(v)
-	if r.Cmp(secp256k1n) < 0 && s.Cmp(secp256k1n) < 0 && (vint == 27 || vint == 28) {
+	// reject upper range of s values (ECDSA malleability)
+	// see discussion in secp256k1/libsecp256k1/include/secp256k1.h
+	if homestead && s.Cmp(secp256k1.HalfN) > 0 {
+		return false
+	}
+	// Frontier: allow s to be in full N range
+	if s.Cmp(secp256k1.N) >= 0 {
+		return false
+	}
+	if r.Cmp(secp256k1.N) < 0 && (vint == 27 || vint == 28) {
 		return true
 	} else {
 		return false