From 9fb765e1e4037afe1ae9374437665d41bf6bd598 Mon Sep 17 00:00:00 2001 From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com> Date: Tue, 27 Jul 2021 18:52:31 -0400 Subject: [PATCH] feat: Low-s normalization for ecdsa secp256r1 signing (#9738) (#9793) * added low-s normalization to ecdsa secp256r1 signing * go fmt fixes * removed else block as golint required * implement raw signature encoding for secp256r1 * move the creation of signature to after the check for sig string length * fake commit to re-run checks? (move the creation of signature to after the check for sig string length) * added a signature test for high s signature that requires sig validation to fail after the valid signature was mutated by extracting and scalar negating its s value * reordered code to prevent mutated message from being used in sig verify * added test for successful high_s signature with the ecdsa portion of the publicKey * Remove comment for self-explanatory code. Co-authored-by: Robert Zaremba * Missing quote Co-authored-by: Robert Zaremba * Apply minor suggestions from code review Co-authored-by: Robert Zaremba * normalize comments for godoc * refactored p256Order functions as private vars * Div -> Rsh optimizing time for division * resolve two code coverage issues; fix some small review issues * test using private signatureRaw function instead of copying code. Added tests to improve code coverage Co-authored-by: Aaron Craelius Co-authored-by: Robert Zaremba Co-authored-by: Aleksandr Bezobchuk (cherry picked from commit aa37ae9e748f69646b1ee2ad8b006361a4f99f95) Co-authored-by: John Kemp --- crypto/keys/internal/ecdsa/privkey.go | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/crypto/keys/internal/ecdsa/privkey.go b/crypto/keys/internal/ecdsa/privkey.go index 690c07670d64..088d85bf2f53 100644 --- a/crypto/keys/internal/ecdsa/privkey.go +++ b/crypto/keys/internal/ecdsa/privkey.go @@ -12,7 +12,13 @@ import ( // p256Order returns the curve order for the secp256r1 curve // NOTE: this is specific to the secp256r1/P256 curve, // and not taken from the domain params for the key itself -// (which would be a more generic approach for all EC). +// (which would be a more generic approach for all EC) +// In *here* we don't need to do it as a method on the key +// since this code is only called for secp256r1 +// if called on a key: +// func (sk PrivKey) pCurveOrder() *.big.Int { +// return sk.Curve.Params().N +// } var p256Order = elliptic.P256().Params().N // p256HalfOrder returns half the curve order