diff options
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/crypto.go | 13 | ||||
| -rw-r--r-- | crypto/crypto_test.go | 2 | ||||
| -rw-r--r-- | crypto/secp256k1/secp256.go | 4 |
3 files changed, 16 insertions, 3 deletions
diff --git a/crypto/crypto.go b/crypto/crypto.go index 7d7623753..850be4da6 100644 --- a/crypto/crypto.go +++ b/crypto/crypto.go @@ -163,12 +163,21 @@ func GenerateKey() (*ecdsa.PrivateKey, error) { return ecdsa.GenerateKey(secp256k1.S256(), rand.Reader) } -func ValidateSignatureValues(v byte, r, s *big.Int) bool { +func ValidateSignatureValues(v byte, r, s *big.Int, homestead bool) bool { if r.Cmp(common.Big1) < 0 || s.Cmp(common.Big1) < 0 { return false } vint := uint32(v) - if r.Cmp(secp256k1.N) < 0 && s.Cmp(secp256k1.N) < 0 && (vint == 27 || vint == 28) { + // reject upper range of s values (ECDSA malleability) + // see discussion in secp256k1/libsecp256k1/include/secp256k1.h + if homestead && s.Cmp(secp256k1.HalfN) > 0 { + return false + } + // Frontier: allow s to be in full N range + if s.Cmp(secp256k1.N) >= 0 { + return false + } + if r.Cmp(secp256k1.N) < 0 && (vint == 27 || vint == 28) { return true } else { return false diff --git a/crypto/crypto_test.go b/crypto/crypto_test.go index d5e19a4bb..1681c7fef 100644 --- a/crypto/crypto_test.go +++ b/crypto/crypto_test.go @@ -174,7 +174,7 @@ func TestLoadECDSAFile(t *testing.T) { func TestValidateSignatureValues(t *testing.T) { check := func(expected bool, v byte, r, s *big.Int) { - if ValidateSignatureValues(v, r, s) != expected { + if ValidateSignatureValues(v, r, s, false) != expected { t.Errorf("mismatch for v: %d r: %d s: %d want: %v", v, r, s, expected) } } diff --git a/crypto/secp256k1/secp256.go b/crypto/secp256k1/secp256.go index 97b4bd8da..4999c5c95 100644 --- a/crypto/secp256k1/secp256.go +++ b/crypto/secp256k1/secp256.go @@ -58,10 +58,14 @@ import ( var ( context *C.secp256k1_context N *big.Int + HalfN *big.Int ) func init() { N, _ = new(big.Int).SetString("fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141", 16) + // N / 2 == 57896044618658097711785492504343953926418782139537452191302581570759080747168 + HalfN, _ = new(big.Int).SetString("7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a0", 16) + // around 20 ms on a modern CPU. context = C.secp256k1_context_create(3) // SECP256K1_START_SIGN | SECP256K1_START_VERIFY C.secp256k1_context_set_illegal_callback(context, C.callbackFunc(C.secp256k1GoPanicIllegal), nil) |