LaconicNetwork/cosmos-sdk
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
41f0ab15e6
cosmos-sdk/crypto/keys
History
Facundo Medica 644f906966
refactor: (secp256k1) cleaner way to check for lower S form signatures (#13884) 
## Description

TLDR; check for `s.IsOverHalfOrder()` with less steps

Before this PR:

```go
        // parse the signature:
	signature := signatureFromBytes(sigStr)
	// Reject malleable signatures. libsecp256k1 does this check but btcec doesn't.
	// see: f9401ae011/crypto/signature_nocgo.go (L90-L93)
	// Serialize() would negate S value if it is over half order.
	// Hence, if the signature is different after Serialize() if should be rejected.
	modifiedSignature, parseErr := ecdsa.ParseDERSignature(signature.Serialize())
	if parseErr != nil {
		return false
	}
	if !signature.IsEqual(modifiedSignature) {
		return false
	}
	
```

It's serializing the signature into a new variable and then comparing if both are equal. Inside `Serialize()` we have:

5d537320a0/dcrec/secp256k1/ecdsa/signature.go (L88-L95)

```go
	// Ensure the S component of the signature is less than or equal to the half
	// order of the group because both S and its negation are valid signatures
	// modulo the order, so this forces a consistent choice to reduce signature
	// malleability.
	sigS := new(secp256k1.ModNScalar).Set(&sig.s)
	if sigS.IsOverHalfOrder() {
		sigS.Negate()
	}
```

Before btcec update to v2:

Until btcec update this was simpler because S was exported in the signature: ed9cd41396 (diff-30a6b594e157a12a28bf8a26f65ab4de1dc3c65c8419e5756f0b9c25d9ce1a93L46)

```go
if signature.S.Cmp(secp256k1halfN) > 0 {
    return false
}
```


Closes: #XXXX



---

### Author Checklist

*All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.*

I have...

- [ ] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title
- [ ] added `!` to the type prefix if API or client breaking change
- [ ] targeted the correct branch (see [PR Targeting](https://github.com/cosmos/cosmos-sdk/blob/main/CONTRIBUTING.md#pr-targeting))
- [ ] provided a link to the relevant issue or specification
- [ ] followed the guidelines for [building modules](https://github.com/cosmos/cosmos-sdk/blob/main/docs/building-modules)
- [ ] included the necessary unit and integration [tests](https://github.com/cosmos/cosmos-sdk/blob/main/CONTRIBUTING.md#testing)
- [ ] added a changelog entry to `CHANGELOG.md`
- [ ] included comments for [documenting Go code](https://blog.golang.org/godoc)
- [ ] updated the relevant documentation or specification
- [ ] reviewed "Files changed" and left comments if necessary
- [ ] confirmed all CI checks have passed

### Reviewers Checklist

*All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.*

I have...

- [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title
- [ ] confirmed `!` in the type prefix if API or client breaking change
- [ ] confirmed all author checklist items have been addressed 
- [ ] reviewed state machine logic
- [ ] reviewed API design and naming
- [ ] reviewed documentation is accurate
- [ ] reviewed tests and test coverage
- [ ] manually tested (if applicable)
2022-11-23 17:16:00 +00:00
..
ed25519 feat: Add proto annotations for Amino JSON (#13501) 2022-11-07 22:51:51 +00:00
internal chore: gofumpt (#11839) 2022-05-19 10:55:27 +02:00
multisig fix: .String() panics when pubkey is set on a BaseAccount (#13838) 2022-11-14 14:56:18 +00:00
secp256k1 refactor: (secp256k1) cleaner way to check for lower S form signatures (#13884) 2022-11-23 17:16:00 +00:00
secp256r1 refactor: migrate to cosmos/gogoproto (#13070) 2022-09-08 17:27:48 +00:00