以太坊ETH原始碼分析(1):地址生成過程
一、生成一個以太坊錢包地址
通過以太坊命令列客戶端geth可以很簡單的獲得一個以太坊地址,如下:
~/go/src/github.com/ethereum/go-ethereum/build/bin$geth account new
INFO [11-03|20:09:33.219] Maximum peer count ETH=25 LES=0 total=25
keydir=/Users/wujinquan/Library/Ethereum/keystore
Your new account is locked with a password. Please give a password. Do not forget this password.
Passphrase:
Repeat passphrase:
Address: { 8011cf2892985cdc58f447063bc6a089ba89f514}
~/go/src/github.com/ethereum/go-ethereum/build/bin$
地址0x8011cf2892985cdc58f447063bc6a089ba89f514 (20位元組16進位制)就是新生成的以太坊地址。
二、根據原始碼解析地址生成過程
從以太坊原始碼 https://github.com/ethereum/go-ethereum 出發,分析地址生成過程
執行命令 :geth account new
程式入口在 https://github.com/ethereum/go-ethereum/blob/master/cmd/geth/main.go
func init() {
// Initialize the CLI app and start Geth
app.Action = geth
app.HideVersion = true // we have a command to print the version
app.Copyright = "Copyright 2013-2018 The go-ethereum Authors"
app.Commands = []cli.Command{
// See chaincmd.go:
initCommand,
...
// See monitorcmd.go:
monitorCommand,
// See accountcmd.go:賬戶相關
accountCommand,
// See consolecmd.go:
}
...
}
賬戶相關的命令在 https://github.com/ethereum/go-ethereum/blob/master/cmd/geth/accountcmd.go 裡,
新建賬戶命令為new:
var (
...
accountCommand = cli.Command{
Name: "account",
Usage: "Manage accounts",
Category: "ACCOUNT COMMANDS",
Description: ``
Subcommands: []cli.Command{
{
Name: "list",
Usage: "Print summary of existing accounts",
Action: utils.MigrateFlags(accountList),
Flags: []cli.Flag{
utils.DataDirFlag,
utils.KeyStoreDirFlag,
},
Description: `
Print a short summary of all accounts`,
},
{
Name: "new",
Usage: "Create a new account",
Action: utils.MigrateFlags(accountCreate),
Flags: []cli.Flag{
utils.DataDirFlag,
utils.KeyStoreDirFlag,
utils.PasswordFileFlag,
utils.LightKDFFlag,
},
Description: ``
},
},
關鍵:new一個新賬戶的時候,會呼叫accountCreate:
// accountCreate creates a new account into the keystore defined by the CLI flags.
func accountCreate(ctx *cli.Context) error {
// (1)獲取配置
cfg := gethConfig{Node: defaultNodeConfig()}
// Load config file.
if file := ctx.GlobalString(configFileFlag.Name); file != "" {
if err := loadConfig(file, &cfg); err != nil {
utils.Fatalf("%v", err)
}
}
utils.SetNodeConfig(ctx, &cfg.Node)
// (1.1) 從節點配置中取出相關配置資訊
scryptN, scryptP, keydir, err := cfg.Node.AccountConfig()
if err != nil {
utils.Fatalf("Failed to read configuration: %v", err)
}
// (2)解析使用者密碼
password := getPassPhrase("Your new account is locked with a password. Please give a password. Do not forget this password.", true, 0, utils.MakePasswordList(ctx))
// (3)生成地址
address, err := keystore.StoreKey(keydir, password, scryptN, scryptP) //建立地址的外層函式
if err != nil {
utils.Fatalf("Failed to create account: %v", err)
}
fmt.Printf("Address: {%x}\n", address)
return nil
}
由此可見,accountCreate分為三個步驟,其中最關鍵的為第三步
(1)獲取配置
(2)解析使用者密碼
(3)生成地址
第三步生成地址呼叫的keystore.StoreKey:
程式位置在 https://github.com/ethereum/go-ethereum/blob/master/accounts/keystore/keystore_passphrase.go
// StoreKey generates a key, encrypts with 'auth' and stores in the given directory
func StoreKey(dir, auth string, scryptN, scryptP int) (common.Address, error) {
//返回Key{Id uuid.UUID ,Address common.Address,PrivateKey *ecdsa.PrivateKey}
_, a, err := storeNewKey(&keyStorePassphrase{dir, scryptN, scryptP, false}, rand.Reader, auth)
return a.Address, err
}
直接呼叫了storeNewKey 建立新賬戶
程式位置:https://github.com/ethereum/go-ethereum/blob/master/accounts/keystore/key.go
func storeNewKey(ks keyStore, rand io.Reader, auth string) (*Key, accounts.Account, error) {
// 建立一個新的賬戶
key, err := newKey(rand)
fmt.Printf("key.Id=%v,key.Address=%x,key.PrivateKey=%v\n",key.Id,key.Address,key.PrivateKey)
if err != nil {
return nil, accounts.Account{}, err
}
a := accounts.Account{Address: key.Address, URL: accounts.URL{Scheme: KeyStoreScheme, Path: ks.JoinPath(keyFileName(key.Address))}}
if err := ks.StoreKey(a.URL.Path, key, auth); err != nil {
zeroKey(key.PrivateKey)
return nil, a, err
}
return key, a, err
}
func newKey(rand io.Reader) (*Key, error) {
// (1) 選擇secp256k1曲線、採用橢圓曲線數字簽名演算法(ECDSA)生成公私鑰對
privateKeyECDSA, err := ecdsa.GenerateKey(crypto.S256(), rand)
if err != nil {
return nil, err
}
// (2)由公鑰算出地址並構建一個自定義的Key
return newKeyFromECDSA(privateKeyECDSA), nil
}
可以看到,newKey建立新賬戶時,
1、由secp256k1曲線生成私鑰,是由32位元組隨機陣列成
2、採用橢圓曲線數字簽名演算法(ECDSA)將私鑰對映成公鑰,一個私鑰只能映射出一個公鑰。
3、然後由公鑰算出地址並構建一個自定義的Key
繼續看公鑰是怎樣算出地址並構建一個自定義的Key
func newKeyFromECDSA(privateKeyECDSA *ecdsa.PrivateKey) *Key {
id := uuid.NewRandom()
key := &Key{
Id: id,
//由公鑰推出地址
Address: crypto.PubkeyToAddress(privateKeyECDSA.PublicKey),
PrivateKey: privateKeyECDSA,
}
return key
}
由公鑰算出地址是由crypto.PubkeyToAddress完成的:
程式碼位置:https://github.com/ethereum/go-ethereum/blob/master/crypto/crypto.go
func PubkeyToAddress(p ecdsa.PublicKey) common.Address {
// (1) 將pubkey轉換為位元組序列
pubBytes := FromECDSAPub(&p)
// (2) pubBytes為04 開頭的65位元組公鑰,去掉04後剩下64位元組進行Keccak256運算
// (3) 經過Keccak256運算後變成32位元組,最終取這32位元組的後20位元組作為真正的地址
return common.BytesToAddress(Keccak256(pubBytes[1:])[12:])
}
// Keccak256 calculates and returns the Keccak256 hash of the input data.
func Keccak256(data ...[]byte) []byte {
d := sha3.NewKeccak256()
for _, b := range data {
d.Write(b)
}
return d.Sum(nil)
}
可以看到公鑰(64位元組)經過Keccak-256單向雜湊函式變成了32位元組,然後取後20位元組作為地址。本質上是從32位元組的私鑰對映到20位元組的公共地址。這意味著一個賬戶可以有不止一個私鑰。
三、總結
以太坊地址的生成過程如下:
- 由secp256k1曲線生成私鑰,是由32位元組的隨機數生成
- 採用橢圓曲線數字簽名演算法(ECDSA)將私鑰(32位元組)對映成公鑰(65位元組)。
- 公鑰(去掉04後剩下64位元組)經過Keccak-256單向雜湊函式變成了32位元組,然後取後20位元組作為地址