internal/ethapi: add personal_sign and fix eth_sign to hash message (#2940)

This commit includes several API changes:

- The behavior of eth_sign is changed. It now accepts an arbitrary
  message, prepends the well-known string

        \x19Ethereum Signed Message:\n<length of message>

  hashes the result using keccak256 and calculates the signature of
  the hash. This breaks backwards compatability!
  
- personal_sign(hash, address [, password]) is added. It has the same
  semantics as eth_sign but also accepts a password. The private key
  used to sign the hash is temporarily unlocked in the scope of the
  request.
  
- personal_recover(message, signature) is added and returns the
  address for the account that created a signature.

2 files changed, 45 insertions, 4 deletions

diff --git a/console/bridge.go b/console/bridge.go
index 22ed7192b..24a777d78 100644
--- a/console/bridge.go
+++ b/console/bridge.go
@@ -126,6 +126,44 @@ func (b *bridge) UnlockAccount(call otto.FunctionCall) (response otto.Value) {
 	return val
 }
 
+// Sign is a wrapper around the personal.sign RPC method that uses a non-echoing password
+// prompt to aquire the passphrase and executes the original RPC method (saved in
+// jeth.sign) with it to actually execute the RPC call.
+func (b *bridge) Sign(call otto.FunctionCall) (response otto.Value) {
+	var (
+		message = call.Argument(0)
+		account = call.Argument(1)
+		passwd  = call.Argument(2)
+	)
+
+	if !message.IsString() {
+		throwJSException("first argument must be the message to sign")
+	}
+	if !account.IsString() {
+		throwJSException("second argument must be the account to sign with")
+	}
+
+	// if the password is not given or null ask the user and ensure password is a string
+	if passwd.IsUndefined() || passwd.IsNull() {
+		fmt.Fprintf(b.printer, "Give password for account %s\n", account)
+		if input, err := b.prompter.PromptPassword("Passphrase: "); err != nil {
+			throwJSException(err.Error())
+		} else {
+			passwd, _ = otto.ToValue(input)
+		}
+	}
+	if !passwd.IsString() {
+		throwJSException("third argument must be the password to unlock the account")
+	}
+
+	// Send the request to the backend and return
+	val, err := call.Otto.Call("jeth.sign", nil, message, account, passwd)
+	if err != nil {
+		throwJSException(err.Error())
+	}
+	return val
+}
+
 // Sleep will block the console for the specified number of seconds.
 func (b *bridge) Sleep(call otto.FunctionCall) (response otto.Value) {
 	if call.Argument(0).IsNumber() {
diff --git a/console/console.go b/console/console.go
index f224f0c2e..3cde9b8f5 100644
--- a/console/console.go
+++ b/console/console.go
@@ -156,10 +156,9 @@ func (c *Console) init(preload []string) error {
 		if err != nil {
 			return err
 		}
-		// Override the unlockAccount and newAccount methods since these require user interaction.
-		// Assign the jeth.unlockAccount and jeth.newAccount in the Console the original web3 callbacks.
-		// These will be called by the jeth.* methods after they got the password from the user and send
-		// the original web3 request to the backend.
+		// Override the unlockAccount, newAccount and sign methods since these require user interaction.
+		// Assign these method in the Console the original web3 callbacks. These will be called by the jeth.*
+		// methods after they got the password from the user and send the original web3 request to the backend.
 		if obj := personal.Object(); obj != nil { // make sure the personal api is enabled over the interface
 			if _, err = c.jsre.Run(`jeth.unlockAccount = personal.unlockAccount;`); err != nil {
 				return fmt.Errorf("personal.unlockAccount: %v", err)
@@ -167,8 +166,12 @@ func (c *Console) init(preload []string) error {
 			if _, err = c.jsre.Run(`jeth.newAccount = personal.newAccount;`); err != nil {
 				return fmt.Errorf("personal.newAccount: %v", err)
 			}
+			if _, err = c.jsre.Run(`jeth.sign = personal.sign;`); err != nil {
+				return fmt.Errorf("personal.sign: %v", err)
+			}
 			obj.Set("unlockAccount", bridge.UnlockAccount)
 			obj.Set("newAccount", bridge.NewAccount)
+			obj.Set("sign", bridge.Sign)
 		}
 	}
 	// The admin.sleep and admin.sleepBlocks are offered by the console and not by the RPC layer.