2ce00adb55
* focus on performance improvement in many aspects. 1. Do BlockBody verification concurrently; 2. Do calculation of intermediate root concurrently; 3. Preload accounts before processing blocks; 4. Make the snapshot layers configurable. 5. Reuse some object to reduce GC. add * rlp: improve decoder stream implementation (#22858) This commit makes various cleanup changes to rlp.Stream. * rlp: shrink Stream struct This removes a lot of unused padding space in Stream by reordering the fields. The size of Stream changes from 120 bytes to 88 bytes. Stream instances are internally cached and reused using sync.Pool, so this does not improve performance. * rlp: simplify list stack The list stack kept track of the size of the current list context as well as the current offset into it. The size had to be stored in the stack in order to subtract it from the remaining bytes of any enclosing list in ListEnd. It seems that this can be implemented in a simpler way: just subtract the size from the enclosing list context in List instead. * rlp: use atomic.Value for type cache (#22902) All encoding/decoding operations read the type cache to find the writer/decoder function responsible for a type. When analyzing CPU profiles of geth during sync, I found that the use of sync.RWMutex in cache lookups appears in the profiles. It seems we are running into CPU cache contention problems when package rlp is heavily used on all CPU cores during sync. This change makes it use atomic.Value + a writer lock instead of sync.RWMutex. In the common case where the typeinfo entry is present in the cache, we simply fetch the map and lookup the type. * rlp: optimize byte array handling (#22924) This change improves the performance of encoding/decoding [N]byte. name old time/op new time/op delta DecodeByteArrayStruct-8 336ns ± 0% 246ns ± 0% -26.98% (p=0.000 n=9+10) EncodeByteArrayStruct-8 225ns ± 1% 148ns ± 1% -34.12% (p=0.000 n=10+10) name old alloc/op new alloc/op delta DecodeByteArrayStruct-8 120B ± 0% 48B ± 0% -60.00% (p=0.000 n=10+10) EncodeByteArrayStruct-8 0.00B 0.00B ~ (all equal) * rlp: optimize big.Int decoding for size <= 32 bytes (#22927) This change grows the static integer buffer in Stream to 32 bytes, making it possible to decode 256bit integers without allocating a temporary buffer. In the recent commit 088da24, Stream struct size decreased from 120 bytes down to 88 bytes. This commit grows the struct to 112 bytes again, but the size change will not degrade performance because Stream instances are internally cached in sync.Pool. name old time/op new time/op delta DecodeBigInts-8 12.2µs ± 0% 8.6µs ± 4% -29.58% (p=0.000 n=9+10) name old speed new speed delta DecodeBigInts-8 230MB/s ± 0% 326MB/s ± 4% +42.04% (p=0.000 n=9+10) * eth/protocols/eth, les: avoid Raw() when decoding HashOrNumber (#22841) Getting the raw value is not necessary to decode this type, and decoding it directly from the stream is faster. * fix testcase * debug no lazy * fix can not repair * address comments Co-authored-by: Felix Lange <fjl@twurst.com>
320 lines
9.3 KiB
Go
320 lines
9.3 KiB
Go
// Copyright 2014 The go-ethereum Authors
|
|
// This file is part of the go-ethereum library.
|
|
//
|
|
// The go-ethereum library is free software: you can redistribute it and/or modify
|
|
// it under the terms of the GNU Lesser General Public License as published by
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
// (at your option) any later version.
|
|
//
|
|
// The go-ethereum library is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU Lesser General Public License for more details.
|
|
//
|
|
// You should have received a copy of the GNU Lesser General Public License
|
|
// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
package crypto
|
|
|
|
import (
|
|
"bufio"
|
|
"crypto/ecdsa"
|
|
"crypto/elliptic"
|
|
"crypto/rand"
|
|
"encoding/hex"
|
|
"errors"
|
|
"fmt"
|
|
"hash"
|
|
"io"
|
|
"io/ioutil"
|
|
"math/big"
|
|
"os"
|
|
"sync"
|
|
|
|
"github.com/VictoriaMetrics/fastcache"
|
|
|
|
"github.com/ethereum/go-ethereum/common"
|
|
"github.com/ethereum/go-ethereum/common/math"
|
|
"github.com/ethereum/go-ethereum/rlp"
|
|
"golang.org/x/crypto/sha3"
|
|
)
|
|
|
|
//SignatureLength indicates the byte length required to carry a signature with recovery id.
|
|
const SignatureLength = 64 + 1 // 64 bytes ECDSA signature + 1 byte recovery id
|
|
|
|
// RecoveryIDOffset points to the byte offset within the signature that contains the recovery id.
|
|
const RecoveryIDOffset = 64
|
|
|
|
// DigestLength sets the signature digest exact length
|
|
const DigestLength = 32
|
|
|
|
var (
|
|
secp256k1N, _ = new(big.Int).SetString("fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141", 16)
|
|
secp256k1halfN = new(big.Int).Div(secp256k1N, big.NewInt(2))
|
|
|
|
keccakState256Cache = fastcache.New(100 * 1024 * 1024)
|
|
)
|
|
|
|
var errInvalidPubkey = errors.New("invalid secp256k1 public key")
|
|
|
|
var keccakState256Pool = sync.Pool{
|
|
New: func() interface{} {
|
|
return sha3.NewLegacyKeccak256().(KeccakState)
|
|
}}
|
|
|
|
// KeccakState wraps sha3.state. In addition to the usual hash methods, it also supports
|
|
// Read to get a variable amount of data from the hash state. Read is faster than Sum
|
|
// because it doesn't copy the internal state, but also modifies the internal state.
|
|
type KeccakState interface {
|
|
hash.Hash
|
|
Read([]byte) (int, error)
|
|
}
|
|
|
|
// NewKeccakState creates a new KeccakState
|
|
func NewKeccakState() KeccakState {
|
|
return sha3.NewLegacyKeccak256().(KeccakState)
|
|
}
|
|
|
|
// HashData hashes the provided data using the KeccakState and returns a 32 byte hash
|
|
func HashData(kh KeccakState, data []byte) (h common.Hash) {
|
|
if hash, ok := keccakState256Cache.HasGet(nil, data); ok {
|
|
return common.BytesToHash(hash)
|
|
}
|
|
kh.Reset()
|
|
kh.Write(data)
|
|
kh.Read(h[:])
|
|
keccakState256Cache.Set(data, h.Bytes())
|
|
return h
|
|
}
|
|
|
|
// Keccak256 calculates and returns the Keccak256 hash of the input data.
|
|
func Keccak256(data ...[]byte) []byte {
|
|
if len(data) == 1 {
|
|
if hash, ok := keccakState256Cache.HasGet(nil, data[0]); ok {
|
|
return hash
|
|
}
|
|
}
|
|
b := make([]byte, 32)
|
|
d := keccakState256Pool.Get().(KeccakState)
|
|
defer keccakState256Pool.Put(d)
|
|
d.Reset()
|
|
for _, b := range data {
|
|
d.Write(b)
|
|
}
|
|
d.Read(b)
|
|
if len(data) == 1 {
|
|
keccakState256Cache.Set(data[0], b)
|
|
}
|
|
return b
|
|
}
|
|
|
|
// Keccak256Hash calculates and returns the Keccak256 hash of the input data,
|
|
// converting it to an internal Hash data structure.
|
|
func Keccak256Hash(data ...[]byte) (h common.Hash) {
|
|
if len(data) == 1 {
|
|
if hash, ok := keccakState256Cache.HasGet(nil, data[0]); ok {
|
|
return common.BytesToHash(hash)
|
|
}
|
|
}
|
|
d := keccakState256Pool.Get().(KeccakState)
|
|
defer keccakState256Pool.Put(d)
|
|
d.Reset()
|
|
for _, b := range data {
|
|
d.Write(b)
|
|
}
|
|
d.Read(h[:])
|
|
if len(data) == 1 {
|
|
keccakState256Cache.Set(data[0], h.Bytes())
|
|
}
|
|
return h
|
|
}
|
|
|
|
// Keccak512 calculates and returns the Keccak512 hash of the input data.
|
|
func Keccak512(data ...[]byte) []byte {
|
|
d := sha3.NewLegacyKeccak512()
|
|
for _, b := range data {
|
|
d.Write(b)
|
|
}
|
|
return d.Sum(nil)
|
|
}
|
|
|
|
// CreateAddress creates an ethereum address given the bytes and the nonce
|
|
func CreateAddress(b common.Address, nonce uint64) common.Address {
|
|
data, _ := rlp.EncodeToBytes([]interface{}{b, nonce})
|
|
return common.BytesToAddress(Keccak256(data)[12:])
|
|
}
|
|
|
|
// CreateAddress2 creates an ethereum address given the address bytes, initial
|
|
// contract code hash and a salt.
|
|
func CreateAddress2(b common.Address, salt [32]byte, inithash []byte) common.Address {
|
|
return common.BytesToAddress(Keccak256([]byte{0xff}, b.Bytes(), salt[:], inithash)[12:])
|
|
}
|
|
|
|
// ToECDSA creates a private key with the given D value.
|
|
func ToECDSA(d []byte) (*ecdsa.PrivateKey, error) {
|
|
return toECDSA(d, true)
|
|
}
|
|
|
|
// ToECDSAUnsafe blindly converts a binary blob to a private key. It should almost
|
|
// never be used unless you are sure the input is valid and want to avoid hitting
|
|
// errors due to bad origin encoding (0 prefixes cut off).
|
|
func ToECDSAUnsafe(d []byte) *ecdsa.PrivateKey {
|
|
priv, _ := toECDSA(d, false)
|
|
return priv
|
|
}
|
|
|
|
// toECDSA creates a private key with the given D value. The strict parameter
|
|
// controls whether the key's length should be enforced at the curve size or
|
|
// it can also accept legacy encodings (0 prefixes).
|
|
func toECDSA(d []byte, strict bool) (*ecdsa.PrivateKey, error) {
|
|
priv := new(ecdsa.PrivateKey)
|
|
priv.PublicKey.Curve = S256()
|
|
if strict && 8*len(d) != priv.Params().BitSize {
|
|
return nil, fmt.Errorf("invalid length, need %d bits", priv.Params().BitSize)
|
|
}
|
|
priv.D = new(big.Int).SetBytes(d)
|
|
|
|
// The priv.D must < N
|
|
if priv.D.Cmp(secp256k1N) >= 0 {
|
|
return nil, fmt.Errorf("invalid private key, >=N")
|
|
}
|
|
// The priv.D must not be zero or negative.
|
|
if priv.D.Sign() <= 0 {
|
|
return nil, fmt.Errorf("invalid private key, zero or negative")
|
|
}
|
|
|
|
priv.PublicKey.X, priv.PublicKey.Y = priv.PublicKey.Curve.ScalarBaseMult(d)
|
|
if priv.PublicKey.X == nil {
|
|
return nil, errors.New("invalid private key")
|
|
}
|
|
return priv, nil
|
|
}
|
|
|
|
// FromECDSA exports a private key into a binary dump.
|
|
func FromECDSA(priv *ecdsa.PrivateKey) []byte {
|
|
if priv == nil {
|
|
return nil
|
|
}
|
|
return math.PaddedBigBytes(priv.D, priv.Params().BitSize/8)
|
|
}
|
|
|
|
// UnmarshalPubkey converts bytes to a secp256k1 public key.
|
|
func UnmarshalPubkey(pub []byte) (*ecdsa.PublicKey, error) {
|
|
x, y := elliptic.Unmarshal(S256(), pub)
|
|
if x == nil {
|
|
return nil, errInvalidPubkey
|
|
}
|
|
return &ecdsa.PublicKey{Curve: S256(), X: x, Y: y}, nil
|
|
}
|
|
|
|
func FromECDSAPub(pub *ecdsa.PublicKey) []byte {
|
|
if pub == nil || pub.X == nil || pub.Y == nil {
|
|
return nil
|
|
}
|
|
return elliptic.Marshal(S256(), pub.X, pub.Y)
|
|
}
|
|
|
|
// HexToECDSA parses a secp256k1 private key.
|
|
func HexToECDSA(hexkey string) (*ecdsa.PrivateKey, error) {
|
|
b, err := hex.DecodeString(hexkey)
|
|
if byteErr, ok := err.(hex.InvalidByteError); ok {
|
|
return nil, fmt.Errorf("invalid hex character %q in private key", byte(byteErr))
|
|
} else if err != nil {
|
|
return nil, errors.New("invalid hex data for private key")
|
|
}
|
|
return ToECDSA(b)
|
|
}
|
|
|
|
// LoadECDSA loads a secp256k1 private key from the given file.
|
|
func LoadECDSA(file string) (*ecdsa.PrivateKey, error) {
|
|
fd, err := os.Open(file)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer fd.Close()
|
|
|
|
r := bufio.NewReader(fd)
|
|
buf := make([]byte, 64)
|
|
n, err := readASCII(buf, r)
|
|
if err != nil {
|
|
return nil, err
|
|
} else if n != len(buf) {
|
|
return nil, fmt.Errorf("key file too short, want 64 hex characters")
|
|
}
|
|
if err := checkKeyFileEnd(r); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return HexToECDSA(string(buf))
|
|
}
|
|
|
|
// readASCII reads into 'buf', stopping when the buffer is full or
|
|
// when a non-printable control character is encountered.
|
|
func readASCII(buf []byte, r *bufio.Reader) (n int, err error) {
|
|
for ; n < len(buf); n++ {
|
|
buf[n], err = r.ReadByte()
|
|
switch {
|
|
case err == io.EOF || buf[n] < '!':
|
|
return n, nil
|
|
case err != nil:
|
|
return n, err
|
|
}
|
|
}
|
|
return n, nil
|
|
}
|
|
|
|
// checkKeyFileEnd skips over additional newlines at the end of a key file.
|
|
func checkKeyFileEnd(r *bufio.Reader) error {
|
|
for i := 0; ; i++ {
|
|
b, err := r.ReadByte()
|
|
switch {
|
|
case err == io.EOF:
|
|
return nil
|
|
case err != nil:
|
|
return err
|
|
case b != '\n' && b != '\r':
|
|
return fmt.Errorf("invalid character %q at end of key file", b)
|
|
case i >= 2:
|
|
return errors.New("key file too long, want 64 hex characters")
|
|
}
|
|
}
|
|
}
|
|
|
|
// SaveECDSA saves a secp256k1 private key to the given file with
|
|
// restrictive permissions. The key data is saved hex-encoded.
|
|
func SaveECDSA(file string, key *ecdsa.PrivateKey) error {
|
|
k := hex.EncodeToString(FromECDSA(key))
|
|
return ioutil.WriteFile(file, []byte(k), 0600)
|
|
}
|
|
|
|
// GenerateKey generates a new private key.
|
|
func GenerateKey() (*ecdsa.PrivateKey, error) {
|
|
return ecdsa.GenerateKey(S256(), rand.Reader)
|
|
}
|
|
|
|
// ValidateSignatureValues verifies whether the signature values are valid with
|
|
// the given chain rules. The v value is assumed to be either 0 or 1.
|
|
func ValidateSignatureValues(v byte, r, s *big.Int, homestead bool) bool {
|
|
if r.Cmp(common.Big1) < 0 || s.Cmp(common.Big1) < 0 {
|
|
return false
|
|
}
|
|
// reject upper range of s values (ECDSA malleability)
|
|
// see discussion in secp256k1/libsecp256k1/include/secp256k1.h
|
|
if homestead && s.Cmp(secp256k1halfN) > 0 {
|
|
return false
|
|
}
|
|
// Frontier: allow s to be in full N range
|
|
return r.Cmp(secp256k1N) < 0 && s.Cmp(secp256k1N) < 0 && (v == 0 || v == 1)
|
|
}
|
|
|
|
func PubkeyToAddress(p ecdsa.PublicKey) common.Address {
|
|
pubBytes := FromECDSAPub(&p)
|
|
return common.BytesToAddress(Keccak256(pubBytes[1:])[12:])
|
|
}
|
|
|
|
func zeroBytes(bytes []byte) {
|
|
for i := range bytes {
|
|
bytes[i] = 0
|
|
}
|
|
}
|