-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Low-s normalization for ecdsa secp256r1 signing #9738
Conversation
Codecov Report
@@ Coverage Diff @@
## master #9738 +/- ##
========================================
Coverage 63.47% 63.48%
========================================
Files 566 566
Lines 52797 53065 +268
========================================
+ Hits 33515 33687 +172
- Misses 17379 17471 +92
- Partials 1903 1907 +4
|
@tarcieri are you able to take a look at this? |
@alexanderbez @robert-zaremba any comments? |
…r the check for sig string length)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it might still be good to either make functions like p256Order
and p256OrderDiv2
parameterized over curves or just use var
s for them instead, but otherwise this looks good to me.
I agree with you, but I think I'm going to create a new (bigger) issue which will focus on refactoring all of the ECDSA signature code so we don't have essentially 3 different code paths all using roughly the same code but in 3 different places, and all slightly differently. Then I'd want to get the Curve.Params() from the key passed in, and work with that. |
…ion to fail after the valid signature was mutated by extracting and scalar negating its s value
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I only checked the test in crypto/keys/internal/ecdsa/privkey_internal_test.go
, and it lgtm. Not super familiar with the rest of the changes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approving, however I prefer to reuse and test a private function rather than copying it and have a test coverage miss.
Added backport to 0.42 |
I think @robert-zaremba left some good comments. I'll approve once addressed 🚀 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approving. Had a chat with John to advance on this. Let's add a missing tests and go through comments to resolve them before merging.
…ed tests to improve code coverage
Thanks @robert-zaremba. @frumioj feel free to merge when you're ready. |
Visit https://dashboard.github.orijtech.com?pr=9738&repo=cosmos%2Fcosmos-sdk to see benchmark details. |
* added low-s normalization to ecdsa secp256r1 signing * go fmt fixes * removed else block as golint required * implement raw signature encoding for secp256r1 * move the creation of signature to after the check for sig string length * fake commit to re-run checks? (move the creation of signature to after the check for sig string length) * added a signature test for high s signature that requires sig validation to fail after the valid signature was mutated by extracting and scalar negating its s value * reordered code to prevent mutated message from being used in sig verify * added test for successful high_s signature with the ecdsa portion of the publicKey * Remove comment for self-explanatory code. Co-authored-by: Robert Zaremba <robert@zaremba.ch> * Missing quote Co-authored-by: Robert Zaremba <robert@zaremba.ch> * Apply minor suggestions from code review Co-authored-by: Robert Zaremba <robert@zaremba.ch> * normalize comments for godoc * refactored p256Order functions as private vars * Div -> Rsh optimizing time for division * resolve two code coverage issues; fix some small review issues * test using private signatureRaw function instead of copying code. Added tests to improve code coverage Co-authored-by: Aaron Craelius <aaron@regen.network> Co-authored-by: Robert Zaremba <robert@zaremba.ch> Co-authored-by: Aleksandr Bezobchuk <alexanderbez@users.noreply.github.com> (cherry picked from commit aa37ae9)
* added low-s normalization to ecdsa secp256r1 signing * go fmt fixes * removed else block as golint required * implement raw signature encoding for secp256r1 * move the creation of signature to after the check for sig string length * fake commit to re-run checks? (move the creation of signature to after the check for sig string length) * added a signature test for high s signature that requires sig validation to fail after the valid signature was mutated by extracting and scalar negating its s value * reordered code to prevent mutated message from being used in sig verify * added test for successful high_s signature with the ecdsa portion of the publicKey * Remove comment for self-explanatory code. Co-authored-by: Robert Zaremba <robert@zaremba.ch> * Missing quote Co-authored-by: Robert Zaremba <robert@zaremba.ch> * Apply minor suggestions from code review Co-authored-by: Robert Zaremba <robert@zaremba.ch> * normalize comments for godoc * refactored p256Order functions as private vars * Div -> Rsh optimizing time for division * resolve two code coverage issues; fix some small review issues * test using private signatureRaw function instead of copying code. Added tests to improve code coverage Co-authored-by: Aaron Craelius <aaron@regen.network> Co-authored-by: Robert Zaremba <robert@zaremba.ch> Co-authored-by: Aleksandr Bezobchuk <alexanderbez@users.noreply.github.com> (cherry picked from commit aa37ae9) # Conflicts: # crypto/keys/internal/ecdsa/privkey.go # crypto/keys/internal/ecdsa/privkey_internal_test.go # crypto/keys/internal/ecdsa/pubkey.go
* added low-s normalization to ecdsa secp256r1 signing * go fmt fixes * removed else block as golint required * implement raw signature encoding for secp256r1 * move the creation of signature to after the check for sig string length * fake commit to re-run checks? (move the creation of signature to after the check for sig string length) * added a signature test for high s signature that requires sig validation to fail after the valid signature was mutated by extracting and scalar negating its s value * reordered code to prevent mutated message from being used in sig verify * added test for successful high_s signature with the ecdsa portion of the publicKey * Remove comment for self-explanatory code. Co-authored-by: Robert Zaremba <robert@zaremba.ch> * Missing quote Co-authored-by: Robert Zaremba <robert@zaremba.ch> * Apply minor suggestions from code review Co-authored-by: Robert Zaremba <robert@zaremba.ch> * normalize comments for godoc * refactored p256Order functions as private vars * Div -> Rsh optimizing time for division * resolve two code coverage issues; fix some small review issues * test using private signatureRaw function instead of copying code. Added tests to improve code coverage Co-authored-by: Aaron Craelius <aaron@regen.network> Co-authored-by: Robert Zaremba <robert@zaremba.ch> Co-authored-by: Aleksandr Bezobchuk <alexanderbez@users.noreply.github.com> (cherry picked from commit aa37ae9) Co-authored-by: John Kemp <frumioj@users.noreply.github.com>
…osmos#9793) * added low-s normalization to ecdsa secp256r1 signing * go fmt fixes * removed else block as golint required * implement raw signature encoding for secp256r1 * move the creation of signature to after the check for sig string length * fake commit to re-run checks? (move the creation of signature to after the check for sig string length) * added a signature test for high s signature that requires sig validation to fail after the valid signature was mutated by extracting and scalar negating its s value * reordered code to prevent mutated message from being used in sig verify * added test for successful high_s signature with the ecdsa portion of the publicKey * Remove comment for self-explanatory code. Co-authored-by: Robert Zaremba <robert@zaremba.ch> * Missing quote Co-authored-by: Robert Zaremba <robert@zaremba.ch> * Apply minor suggestions from code review Co-authored-by: Robert Zaremba <robert@zaremba.ch> * normalize comments for godoc * refactored p256Order functions as private vars * Div -> Rsh optimizing time for division * resolve two code coverage issues; fix some small review issues * test using private signatureRaw function instead of copying code. Added tests to improve code coverage Co-authored-by: Aaron Craelius <aaron@regen.network> Co-authored-by: Robert Zaremba <robert@zaremba.ch> Co-authored-by: Aleksandr Bezobchuk <alexanderbez@users.noreply.github.com> (cherry picked from commit aa37ae9) Co-authored-by: John Kemp <frumioj@users.noreply.github.com>
…osmos#9793) * added low-s normalization to ecdsa secp256r1 signing * go fmt fixes * removed else block as golint required * implement raw signature encoding for secp256r1 * move the creation of signature to after the check for sig string length * fake commit to re-run checks? (move the creation of signature to after the check for sig string length) * added a signature test for high s signature that requires sig validation to fail after the valid signature was mutated by extracting and scalar negating its s value * reordered code to prevent mutated message from being used in sig verify * added test for successful high_s signature with the ecdsa portion of the publicKey * Remove comment for self-explanatory code. Co-authored-by: Robert Zaremba <robert@zaremba.ch> * Missing quote Co-authored-by: Robert Zaremba <robert@zaremba.ch> * Apply minor suggestions from code review Co-authored-by: Robert Zaremba <robert@zaremba.ch> * normalize comments for godoc * refactored p256Order functions as private vars * Div -> Rsh optimizing time for division * resolve two code coverage issues; fix some small review issues * test using private signatureRaw function instead of copying code. Added tests to improve code coverage Co-authored-by: Aaron Craelius <aaron@regen.network> Co-authored-by: Robert Zaremba <robert@zaremba.ch> Co-authored-by: Aleksandr Bezobchuk <alexanderbez@users.noreply.github.com> (cherry picked from commit aa37ae9) Co-authored-by: John Kemp <frumioj@users.noreply.github.com>
…osmos#9793) * added low-s normalization to ecdsa secp256r1 signing * go fmt fixes * removed else block as golint required * implement raw signature encoding for secp256r1 * move the creation of signature to after the check for sig string length * fake commit to re-run checks? (move the creation of signature to after the check for sig string length) * added a signature test for high s signature that requires sig validation to fail after the valid signature was mutated by extracting and scalar negating its s value * reordered code to prevent mutated message from being used in sig verify * added test for successful high_s signature with the ecdsa portion of the publicKey * Remove comment for self-explanatory code. Co-authored-by: Robert Zaremba <robert@zaremba.ch> * Missing quote Co-authored-by: Robert Zaremba <robert@zaremba.ch> * Apply minor suggestions from code review Co-authored-by: Robert Zaremba <robert@zaremba.ch> * normalize comments for godoc * refactored p256Order functions as private vars * Div -> Rsh optimizing time for division * resolve two code coverage issues; fix some small review issues * test using private signatureRaw function instead of copying code. Added tests to improve code coverage Co-authored-by: Aaron Craelius <aaron@regen.network> Co-authored-by: Robert Zaremba <robert@zaremba.ch> Co-authored-by: Aleksandr Bezobchuk <alexanderbez@users.noreply.github.com> (cherry picked from commit aa37ae9) Co-authored-by: John Kemp <frumioj@users.noreply.github.com>
Description
Closes: #9723
Author Checklist
All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.
I have...
!
to the type prefix if API or client breaking changeCHANGELOG.md
Reviewers Checklist
All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.
I have...
!
in the type prefix if API or client breaking change