Author: Lin Guanhong/The Ghost at my Fingertips
The Denver nuggets: juejin. Cn/user / 178526…
Blog: www.cnblogs.com/linguanh/
Making: github.com/af913337456…
Tencent cloud column: cloud.tencent.com/developer/u…
directory
- Before the order
- The data signature
- The whole process
- Asymmetric encryption
- RLP serialization
- Data validation
- Data tampering
Before the order
Recent work has been based on the Ethereum public chain to do DApp development, although I have a good understanding of its API calls, but the source part has not been deeply read. If you want to do a good job, you must first sharpen your tools. Therefore, I plan to finish reading the source code of the Ethereum GO version and update the series of articles later. This article will briefly discuss how sendRawTransaction keeps our transactions secure.
PS: My technical book: “Blockchain Ethereum DApp Development Combat” has been published and can be online shopping
1. Data signature
Methods:sendRawTransaction
Overall process:
- Pass in the parameters —->
- use
from
The correspondingprivateKey
与secp256k1
Algorithm toEach parameter
The signature yields three quantities:V
.R
.S
—->
RLP
(Recursive length prefix
) mode sequence ratio signed data with original incoming parameter data —->
- The IP address is sent to the ETH node
The sendRawTransaction function inputs:
- From Sender’s wallet address
- Value Indicates the product of decimal
- Gas: indicates the gasUsed value, which is not the final value
- GasPrice Unit price of oil
- Data Indicates the attached data that can be used as an input parameter to the smart contract function
- Nonce transaction series, similar to ID
They will all be signed by the key corresponding to the from to produce three quantities :V,R,S. At the same time, each input parameter enters the serialization step in its original visible form.
Note:
There is also another method called sendTransaction. By analyzing the source code, we can see that sendTransaction internally actually helps us get the key from the node’s accountManager based on the FROM field that we pass in. SendTransaction is generally not used for remote calls, but for local calls, because the wallet we unlocked can only be configured when the node is started locally.
The signature encryption method used is secP256K1 elliptic curve algorithm in asymmetric encryption
Asymmetric encryption:
It is a general term for a class of encryption methods. Specific to a certain algorithm to achieve it are the following:
- RSA
- Secp256k1 (elliptic curve)
- ElGamal
- .
Secp256k1 is used for sendRawTransaction
RLP serialization
RLP (Recursive length prefix) provides an encoding for any binary data array, and RLP has become the primary encoding for serializing objects in Ethereum. The only goal of RLP is to solve the coding problem of the structure; Encoding atomic data types (e.g., strings, integers, floating points) is handed over to a higher protocol; Ethereum requires numbers to be a big-endian, zero-space storage format.
After the signature is signed, the data is sent to the ETH node.
2. Verify data
Corresponds to ethereum’s sendRawTransaction RPC interface.
- After receiving RLP serialized data, RLP deserialization is performed first
func (s *PublicTransactionPoolAPI) SendRawTransaction(... , encodedTx hexutil.Bytes) (common.Hash, error) {
tx := new(types.Transaction)
iferr := rlp.DecodeBytes(encodedTx, tx); err ! =nil { // deserialize
return common.Hash{}, err
}
return submitTransaction(ctx, s.b, tx)
}
Copy the code
- The basic verification of data, mainly some scope limits and format limits verification
- tx.Size() > 32*102
- tx.Value().Sign() < 0
- pool.currentMaxGas < tx.Gas()
- .
Check the signature
, is usedsecp256k1.RecoverPubkey
Secp256k1 itself supports based on signature informationPushes the public key
Deduce the other party’s public key from the message and signature. Then through the public key, signature, message hash value to calculate a value called R, this R is a part of the signature, the verification signature is calculated r and the r carried in the signature line comparison, if the consistency is verified
if C.secp256k1_ext_ecdsa_recover(
context,
(*C.uchar)(unsafe.Pointer(&pubkey[0])),
sigdata, / / signature
msgdata) == 0 { // msgData tx hash content
return nil, ErrRecoverFailed
}
Copy the code
3. Data tampering
Because the V R S generated by the signature is signed by the private key, if the modifiers only change the external value, for example, value, the original value is 10 ETH, but is changed to 100 ETH, when the data is transmitted to Ethereum, when checking the signature, the mismatch will be found, and an error will be thrown.