PHP验证TronWeb签名
Ethereum的验证有很多开源的代码,但是Tron的资料有用的很少,最后参考tronWeb库的代码爬出了深坑
https://github.com/tronprotocol/tronweb/blob/master/src/lib/trx.js#L630
Message Header Ethereum: \x19Ethereum Signed Message:\n Tron: \x19TRON Signed Message:\n32
Sign 结构 Ethereum: r,s Tron: recoveryParam, r ,s
public function verify2(string $nonce, string $signature, string $address) : bool
{
$message = 'Welcome!\n\nThis request will not trigger a blockchain transaction or cost any gas fees.\n\nYour authentication status will reset after 24 hours.\n\nWallet address:'.$address.'\n\nNonce:' . $nonce;
if(substr($address,2) == '0x'){
$hash = Keccak::hash(sprintf("\x19Ethereum Signed Message:\n%s%s", strlen($message), $message), 256);
$sign = ['r' => substr($signature, 2, 64), 's' => substr($signature, 66, 64)];
} else {
$hash = Keccak::hash("\x19TRON Signed Message:\n32{$message}", 256);
$sign = [
'recoveryParam' => substr($signature, 130, 2) == '1c' ? 1 : 0,
'r' => substr($signature, 2, 64),
's' => substr($signature, 66, 64)
];
}
$recid = ord(hex2bin(substr($signature, 130, 2))) - 27;
if ($recid != ($recid & 1)) {
return false;
}
$publicKey = (new EC('secp256k1'))->recoverPubKey($hash, $sign, $recid);
if(substr($address,0,2) == '0x'){
$recover_address = '0x' . substr(Keccak::hash(substr(hex2bin($publicKey->encode('hex')), 1), 256), 24);
} else {
$recover_address = '41' . substr(Keccak::hash(substr(hex2bin($publicKey->encode('hex')), 1), 256), 24);
$address = (new Tron())->address2HexString($address);
}
return hash_equals($recover_address, $address);
}
如果觉得我的文章对您有用,请随意打赏。你的支持将鼓励我继续创作!