Always maintain the invariant for TransactionSignature (#67)

* Always use TransactionSignature wrap

* Always maintain the invariant for TransactionSignature

* use -> pub use

* Make authorization list item signature malleable

When the signature is invalid, the specification still asks that only
the item is ignored, but not that decoding fails.

Author: sorpaas

src/block.rs

@@ -126,10 +126,16 @@ impl From<BlockV1> for BlockV3 {
 mod tests {
 	use super::*;
 	use crate::transaction::{
-		AuthorizationListItem, EIP7702Transaction, TransactionAction, TransactionV3,
+		eip2930, eip7702::AuthorizationListItem, legacy::TransactionAction, EIP7702Transaction,
+		TransactionV3,
 	};
 	use ethereum_types::{H160, H256, U256};
 
+	const ONE: H256 = H256([
+		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+		0, 1,
+	]);
+
 	#[test]
 	fn block_v3_with_eip7702_transaction() {
 		// Create an EIP-7702 transaction
@@ -147,13 +153,13 @@ mod tests {
 				chain_id: 1,
 				address: H160::zero(),
 				nonce: U256::zero(),
-				y_parity: false,
-				r: H256::zero(),
-				s: H256::zero(),
+				signature: eip2930::MalleableTransactionSignature {
+					odd_y_parity: false,
+					r: ONE,
+					s: ONE,
+				},
 			}],
-			odd_y_parity: false,
-			r: H256::zero(),
-			s: H256::zero(),
+			signature: eip2930::TransactionSignature::new(false, ONE, ONE).unwrap(),
 		});
 
 		// Create a block with the EIP-7702 transaction
@@ -207,9 +213,7 @@ mod tests {
 			value: U256::zero(),
 			input: vec![],
 			access_list: vec![],
-			odd_y_parity: false,
-			r: H256::zero(),
-			s: H256::zero(),
+			signature: eip2930::TransactionSignature::new(false, ONE, ONE).unwrap(),
 		});
 
 		let partial_header = PartialHeader {

src/transaction/eip1559.rs

@@ -2,10 +2,9 @@ use ethereum_types::{H256, U256};
 use rlp::{DecoderError, Rlp, RlpStream};
 use sha3::{Digest, Keccak256};
 
-use crate::{
-	transaction::{AccessList, TransactionAction},
-	Bytes,
-};
+use crate::Bytes;
+
+pub use super::eip2930::{AccessList, TransactionAction, TransactionSignature};
 
 #[derive(Clone, Debug, PartialEq, Eq)]
 #[cfg_attr(
@@ -28,9 +27,7 @@ pub struct EIP1559Transaction {
 	pub value: U256,
 	pub input: Bytes,
 	pub access_list: AccessList,
-	pub odd_y_parity: bool,
-	pub r: H256,
-	pub s: H256,
+	pub signature: TransactionSignature,
 }
 
 impl EIP1559Transaction {
@@ -69,9 +66,9 @@ impl rlp::Encodable for EIP1559Transaction {
 		s.append(&self.value);
 		s.append(&self.input);
 		s.append_list(&self.access_list);
-		s.append(&self.odd_y_parity);
-		s.append(&U256::from_big_endian(&self.r[..]));
-		s.append(&U256::from_big_endian(&self.s[..]));
+		s.append(&self.signature.odd_y_parity());
+		s.append(&U256::from_big_endian(&self.signature.r()[..]));
+		s.append(&U256::from_big_endian(&self.signature.s()[..]));
 	}
 }
 
@@ -91,9 +88,13 @@ impl rlp::Decodable for EIP1559Transaction {
 			value: rlp.val_at(6)?,
 			input: rlp.val_at(7)?,
 			access_list: rlp.list_at(8)?,
-			odd_y_parity: rlp.val_at(9)?,
-			r: H256::from(rlp.val_at::<U256>(10)?.to_big_endian()),
-			s: H256::from(rlp.val_at::<U256>(11)?.to_big_endian()),
+			signature: {
+				let odd_y_parity = rlp.val_at(9)?;
+				let r = H256::from(rlp.val_at::<U256>(10)?.to_big_endian());
+				let s = H256::from(rlp.val_at::<U256>(11)?.to_big_endian());
+				TransactionSignature::new(odd_y_parity, r, s)
+					.ok_or(DecoderError::Custom("Invalid transaction signature format"))?
+			},
 		})
 	}
 }

src/transaction/eip2930.rs

@@ -4,7 +4,117 @@ use ethereum_types::{Address, H256, U256};
 use rlp::{DecoderError, Rlp, RlpStream};
 use sha3::{Digest, Keccak256};
 
-use crate::{transaction::TransactionAction, Bytes};
+use crate::Bytes;
+
+pub use super::legacy::TransactionAction;
+
+#[derive(Clone, Debug, PartialEq, Eq)]
+#[cfg_attr(
+	feature = "with-scale",
+	derive(
+		scale_info::TypeInfo,
+		scale_codec::Encode,
+		scale_codec::Decode,
+		scale_codec::DecodeWithMemTracking
+	)
+)]
+#[cfg_attr(feature = "with-serde", derive(serde::Serialize, serde::Deserialize))]
+pub struct MalleableTransactionSignature {
+	pub odd_y_parity: bool,
+	pub r: H256,
+	pub s: H256,
+}
+
+#[derive(Clone, Debug, PartialEq, Eq)]
+#[cfg_attr(
+	feature = "with-scale",
+	derive(
+		scale_info::TypeInfo,
+		scale_codec::Encode,
+		scale_codec::DecodeWithMemTracking
+	)
+)]
+#[cfg_attr(feature = "with-serde", derive(serde::Serialize))]
+pub struct TransactionSignature {
+	odd_y_parity: bool,
+	r: H256,
+	s: H256,
+}
+
+impl TransactionSignature {
+	#[must_use]
+	pub fn new(odd_y_parity: bool, r: H256, s: H256) -> Option<Self> {
+		const LOWER: H256 = H256([
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x00, 0x01,
+		]);
+		const UPPER: H256 = H256([
+			0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+			0xff, 0xfe, 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b, 0xbf, 0xd2, 0x5e, 0x8c,
+			0xd0, 0x36, 0x41, 0x41,
+		]);
+
+		let is_valid = r < UPPER && r >= LOWER && s < UPPER && s >= LOWER;
+
+		if is_valid {
+			Some(Self { odd_y_parity, r, s })
+		} else {
+			None
+		}
+	}
+
+	#[must_use]
+	pub fn odd_y_parity(&self) -> bool {
+		self.odd_y_parity
+	}
+
+	#[must_use]
+	pub fn r(&self) -> &H256 {
+		&self.r
+	}
+
+	#[must_use]
+	pub fn s(&self) -> &H256 {
+		&self.s
+	}
+
+	#[must_use]
+	pub fn is_low_s(&self) -> bool {
+		const LOWER: H256 = H256([
+			0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+			0xff, 0xff, 0x5d, 0x57, 0x6e, 0x73, 0x57, 0xa4, 0x50, 0x1d, 0xdf, 0xe9, 0x2f, 0x46,
+			0x68, 0x1b, 0x20, 0xa0,
+		]);
+
+		self.s <= LOWER
+	}
+}
+
+#[cfg(feature = "with-scale")]
+impl scale_codec::Decode for TransactionSignature {
+	fn decode<I: scale_codec::Input>(value: &mut I) -> Result<Self, scale_codec::Error> {
+		let unchecked = MalleableTransactionSignature::decode(value)?;
+		match Self::new(unchecked.odd_y_parity, unchecked.r, unchecked.s) {
+			Some(signature) => Ok(signature),
+			None => Err(scale_codec::Error::from("Invalid signature")),
+		}
+	}
+}
+
+#[cfg(feature = "with-serde")]
+impl<'de> serde::Deserialize<'de> for TransactionSignature {
+	fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
+	where
+		D: serde::de::Deserializer<'de>,
+	{
+		let unchecked = MalleableTransactionSignature::deserialize(deserializer)?;
+		Ok(
+			TransactionSignature::new(unchecked.odd_y_parity, unchecked.r, unchecked.s)
+				.ok_or(serde::de::Error::custom("invalid signature"))?,
+		)
+	}
+}
 
 #[derive(Clone, Debug, PartialEq, Eq)]
 #[cfg_attr(
@@ -61,9 +171,7 @@ pub struct EIP2930Transaction {
 	pub value: U256,
 	pub input: Bytes,
 	pub access_list: AccessList,
-	pub odd_y_parity: bool,
-	pub r: H256,
-	pub s: H256,
+	pub signature: TransactionSignature,
 }
 
 impl EIP2930Transaction {
@@ -100,9 +208,9 @@ impl rlp::Encodable for EIP2930Transaction {
 		s.append(&self.value);
 		s.append(&self.input);
 		s.append_list(&self.access_list);
-		s.append(&self.odd_y_parity);
-		s.append(&U256::from_big_endian(&self.r[..]));
-		s.append(&U256::from_big_endian(&self.s[..]));
+		s.append(&self.signature.odd_y_parity());
+		s.append(&U256::from_big_endian(&self.signature.r()[..]));
+		s.append(&U256::from_big_endian(&self.signature.s()[..]));
 	}
 }
 
@@ -121,9 +229,13 @@ impl rlp::Decodable for EIP2930Transaction {
 			value: rlp.val_at(5)?,
 			input: rlp.val_at(6)?,
 			access_list: rlp.list_at(7)?,
-			odd_y_parity: rlp.val_at(8)?,
-			r: H256::from(rlp.val_at::<U256>(9)?.to_big_endian()),
-			s: H256::from(rlp.val_at::<U256>(10)?.to_big_endian()),
+			signature: {
+				let odd_y_parity = rlp.val_at(8)?;
+				let r = H256::from(rlp.val_at::<U256>(9)?.to_big_endian());
+				let s = H256::from(rlp.val_at::<U256>(10)?.to_big_endian());
+				TransactionSignature::new(odd_y_parity, r, s)
+					.ok_or(DecoderError::Custom("Invalid transaction signature format"))?
+			},
 		})
 	}
 }