aboutsummaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
Diffstat (limited to 'crypto')
-rw-r--r--crypto/crypto.go13
-rw-r--r--crypto/crypto_test.go2
-rw-r--r--crypto/secp256k1/secp256.go4
3 files changed, 16 insertions, 3 deletions
diff --git a/crypto/crypto.go b/crypto/crypto.go
index 7d7623753..850be4da6 100644
--- a/crypto/crypto.go
+++ b/crypto/crypto.go
@@ -163,12 +163,21 @@ func GenerateKey() (*ecdsa.PrivateKey, error) {
return ecdsa.GenerateKey(secp256k1.S256(), rand.Reader)
}
-func ValidateSignatureValues(v byte, r, s *big.Int) bool {
+func ValidateSignatureValues(v byte, r, s *big.Int, homestead bool) bool {
if r.Cmp(common.Big1) < 0 || s.Cmp(common.Big1) < 0 {
return false
}
vint := uint32(v)
- if r.Cmp(secp256k1.N) < 0 && s.Cmp(secp256k1.N) < 0 && (vint == 27 || vint == 28) {
+ // reject upper range of s values (ECDSA malleability)
+ // see discussion in secp256k1/libsecp256k1/include/secp256k1.h
+ if homestead && s.Cmp(secp256k1.HalfN) > 0 {
+ return false
+ }
+ // Frontier: allow s to be in full N range
+ if s.Cmp(secp256k1.N) >= 0 {
+ return false
+ }
+ if r.Cmp(secp256k1.N) < 0 && (vint == 27 || vint == 28) {
return true
} else {
return false
diff --git a/crypto/crypto_test.go b/crypto/crypto_test.go
index d5e19a4bb..1681c7fef 100644
--- a/crypto/crypto_test.go
+++ b/crypto/crypto_test.go
@@ -174,7 +174,7 @@ func TestLoadECDSAFile(t *testing.T) {
func TestValidateSignatureValues(t *testing.T) {
check := func(expected bool, v byte, r, s *big.Int) {
- if ValidateSignatureValues(v, r, s) != expected {
+ if ValidateSignatureValues(v, r, s, false) != expected {
t.Errorf("mismatch for v: %d r: %d s: %d want: %v", v, r, s, expected)
}
}
diff --git a/crypto/secp256k1/secp256.go b/crypto/secp256k1/secp256.go
index 97b4bd8da..4999c5c95 100644
--- a/crypto/secp256k1/secp256.go
+++ b/crypto/secp256k1/secp256.go
@@ -58,10 +58,14 @@ import (
var (
context *C.secp256k1_context
N *big.Int
+ HalfN *big.Int
)
func init() {
N, _ = new(big.Int).SetString("fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141", 16)
+ // N / 2 == 57896044618658097711785492504343953926418782139537452191302581570759080747168
+ HalfN, _ = new(big.Int).SetString("7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a0", 16)
+
// around 20 ms on a modern CPU.
context = C.secp256k1_context_create(3) // SECP256K1_START_SIGN | SECP256K1_START_VERIFY
C.secp256k1_context_set_illegal_callback(context, C.callbackFunc(C.secp256k1GoPanicIllegal), nil)