RanchiMall/fcoin
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix ec verification for high s values on non-historical data.

Browse Source
This commit is contained in:
Christopher Jeffrey 2016-04-19 20:10:22 -07:00
parent 4456e468af
commit 64813d3de1
No known key found for this signature in database
GPG Key ID: 8962AB9DE6666BBD
3 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/bcoin/chain.js
View File

@ -863,10 +863,11 @@ Chain.prototype._checkInputs = function _checkInputs(block, prev, flags, callbac
tx.rhash); tx.rhash);
bcoin.debug('TX:'); bcoin.debug('TX:');
bcoin.debug(tx); bcoin.debug(tx);
bcoin.debug('Input:'); bcoin.debug('Input (%d):', j);
bcoin.debug(tx.inputs[j]); bcoin.debug(tx.inputs[j]);
bcoin.debug('TX with coins:'); bcoin.debug('TX with coins:');
bcoin.debug(tx.toExtended('hex', true)); bcoin.debug(tx.toExtended('hex', true));
bcoin.debug('Flags: %d', flags);
assert(!historical, 'BUG: Invalid inputs in historical data!'); assert(!historical, 'BUG: Invalid inputs in historical data!');
return callback(new VerifyError(block, return callback(new VerifyError(block,
'invalid', 'invalid',

11
lib/bcoin/ec.js
View File

@ -102,11 +102,12 @@ ec.random = function random(size) {
* @param {Buffer} key * @param {Buffer} key
* @param {Boolean?} - Whether this should be treated as a * @param {Boolean?} - Whether this should be treated as a
* "historical" signature. This allows signatures to be of * "historical" signature. This allows signatures to be of
* odd lengths and high S values. * odd lengths.
* @param {Boolean?} high - Allow high S value.
* @returns {Boolean} * @returns {Boolean}
*/ */
ec.verify = function verify(msg, sig, key, historical) { ec.verify = function verify(msg, sig, key, historical, high) {
if (!Buffer.isBuffer(sig)) if (!Buffer.isBuffer(sig))
return false; return false;
@ -130,7 +131,7 @@ ec.verify = function verify(msg, sig, key, historical) {
if (secp256k1) { if (secp256k1) {
// secp256k1 fails on high s values. This is // secp256k1 fails on high s values. This is
// bad for verifying historical data. // bad for verifying historical data.
if (historical) if (high)
sig = ec.toLowS(sig); sig = ec.toLowS(sig);
// Import from DER. // Import from DER.
@ -138,6 +139,10 @@ ec.verify = function verify(msg, sig, key, historical) {
return secp256k1.verify(msg, sig, key); return secp256k1.verify(msg, sig, key);
} }
// Make elliptic mimic secp256k1's
// failure with high S values.
if (!high && !ec.isLowS(sig))
return false;
return ec.elliptic.verify(msg, sig, key); return ec.elliptic.verify(msg, sig, key);
} catch (e) { } catch (e) {
// if (!ec.publicKeyVerify(key)) // if (!ec.publicKeyVerify(key))

9
lib/bcoin/script.js
View File

@ -4017,6 +4017,7 @@ Script.concat = function concat(scripts) {
Script.checksig = function checksig(msg, sig, key, flags) { Script.checksig = function checksig(msg, sig, key, flags) {
var historical = false; var historical = false;
var high = false;
if (flags == null) if (flags == null)
flags = constants.flags.STANDARD_VERIFY_FLAGS; flags = constants.flags.STANDARD_VERIFY_FLAGS;
@ -4024,9 +4025,6 @@ Script.checksig = function checksig(msg, sig, key, flags) {
if (!Buffer.isBuffer(sig)) if (!Buffer.isBuffer(sig))
return false; return false;
if (sig.length === 0)
return false;
// Attempt to normalize the signature // Attempt to normalize the signature
// length before passing to elliptic. // length before passing to elliptic.
// Note: We only do this for historical data! // Note: We only do this for historical data!
@ -4037,7 +4035,10 @@ Script.checksig = function checksig(msg, sig, key, flags) {
historical = true; historical = true;
} }
return bcoin.ec.verify(msg, sig.slice(0, -1), key, historical); if (!(flags & constants.flags.VERIFY_LOW_S))
high = true;
return bcoin.ec.verify(msg, sig.slice(0, -1), key, historical, high);
}; };
/** /**