fix signing issue if the messsage is leading with 0x00

ecdsa/resharing/local_party_test.go

@@ -8,6 +8,7 @@ package resharing_test
 
 import (
 	"crypto/ecdsa"
+	"encoding/hex"
 	"fmt"
 	"math/big"
 	"runtime"
@@ -174,10 +175,10 @@ signing:
 	signErrCh := make(chan *tss.Error, len(signPIDs))
 	signOutCh := make(chan tss.Message, len(signPIDs))
 	signEndCh := make(chan *common.SignatureData, len(signPIDs))
-
+	data, _ := hex.DecodeString("00f163ee51bcaeff9cdff5e0e3c1a646abd19885fffbab0b3b4236e0cf95c9f5")
 	for j, signPID := range signPIDs {
 		params := tss.NewParameters(tss.S256(), signP2pCtx, signPID, len(signPIDs), newThreshold)
-		P := signing.NewLocalParty(big.NewInt(42), params, signKeys[j], signOutCh, signEndCh).(*signing.LocalParty)
+		P := signing.NewLocalParty(data, params, signKeys[j], signOutCh, signEndCh).(*signing.LocalParty)
 		signParties = append(signParties, P)
 		go func(P *signing.LocalParty) {
 			if err := P.Start(); err != nil {
@@ -223,7 +224,7 @@ signing:
 					X:     pkX,
 					Y:     pkY,
 				}
-				ok := ecdsa.Verify(&pk, big.NewInt(42).Bytes(),
+				ok := ecdsa.Verify(&pk, data,
 					new(big.Int).SetBytes(signData.R),
 					new(big.Int).SetBytes(signData.S))
 

ecdsa/signing/finalize.go

@@ -61,14 +61,14 @@ func (round *finalization) Start() *tss.Error {
 	round.data.S = padToLengthBytesInPlace(sumS.Bytes(), bitSizeInBytes)
 	round.data.Signature = append(round.data.R, round.data.S...)
 	round.data.SignatureRecovery = []byte{byte(recid)}
-	round.data.M = round.temp.m.Bytes()
+	round.data.M = round.temp.m
 
 	pk := ecdsa.PublicKey{
 		Curve: round.Params().EC(),
 		X:     round.key.ECDSAPub.X(),
 		Y:     round.key.ECDSAPub.Y(),
 	}
-	ok := ecdsa.Verify(&pk, round.temp.m.Bytes(), round.temp.rx, sumS)
+	ok := ecdsa.Verify(&pk, round.temp.m, round.temp.rx, sumS)
 	if !ok {
 		return round.WrapError(fmt.Errorf("signature verification failed"))
 	}

ecdsa/signing/local_party.go

@@ -55,8 +55,8 @@ type (
 		localMessageStore
 
 		// temp data (thrown away after sign) / round 1
-		w,
-		m,
+		w *big.Int
+		m []byte
 		k,
 		theta,
 		thetaInverse,
@@ -98,7 +98,7 @@ type (
 )
 
 func NewLocalParty(
-	msg *big.Int,
+	msg []byte,
 	params *tss.Parameters,
 	key keygen.LocalPartySaveData,
 	out chan<- tss.Message,
@@ -108,7 +108,7 @@ func NewLocalParty(
 
 // NewLocalPartyWithKDD returns a party with key derivation delta for HD support
 func NewLocalPartyWithKDD(
-	msg *big.Int,
+	msg []byte,
 	params *tss.Parameters,
 	key keygen.LocalPartySaveData,
 	keyDerivationDelta *big.Int,

ecdsa/signing/local_party_test.go

@@ -8,6 +8,7 @@ package signing
 
 import (
 	"crypto/ecdsa"
+	"encoding/hex"
 	"fmt"
 	"math/big"
 	"runtime"
@@ -56,11 +57,13 @@ func TestE2EConcurrent(t *testing.T) {
 
 	updater := test.SharedPartyUpdater
 
+	msg, _ := hex.DecodeString("00f163ee51bcaeff9cdff5e0e3c1a646abd19885fffbab0b3b4236e0cf95c9f5")
+
 	// init the parties
 	for i := 0; i < len(signPIDs); i++ {
 		params := tss.NewParameters(tss.S256(), p2pCtx, signPIDs[i], len(signPIDs), threshold)
 
-		P := NewLocalParty(big.NewInt(42), params, keys[i], outCh, endCh).(*LocalParty)
+		P := NewLocalParty(msg, params, keys[i], outCh, endCh).(*LocalParty)
 		parties = append(parties, P)
 		go func(P *LocalParty) {
 			if err := P.Start(); err != nil {
@@ -120,7 +123,7 @@ signing:
 					X:     pkX,
 					Y:     pkY,
 				}
-				ok := ecdsa.Verify(&pk, big.NewInt(42).Bytes(), R.X(), sumS)
+				ok := ecdsa.Verify(&pk, msg, R.X(), sumS)
 				assert.True(t, ok, "ecdsa verify must pass")
 				t.Log("ECDSA signing test done.")
 				// END ECDSA verify
@@ -164,12 +167,12 @@ func TestE2EWithHDKeyDerivation(t *testing.T) {
 	endCh := make(chan *common.SignatureData, len(signPIDs))
 
 	updater := test.SharedPartyUpdater
-
+	msg, _ := hex.DecodeString("00f163ee51bcaeff9cdff5e0e3c1a646abd19885fffbab0b3b4236e0cf95c9f5")
 	// init the parties
 	for i := 0; i < len(signPIDs); i++ {
 		params := tss.NewParameters(tss.S256(), p2pCtx, signPIDs[i], len(signPIDs), threshold)
 
-		P := NewLocalPartyWithKDD(big.NewInt(42), params, keys[i], keyDerivationDelta, outCh, endCh).(*LocalParty)
+		P := NewLocalPartyWithKDD(msg, params, keys[i], keyDerivationDelta, outCh, endCh).(*LocalParty)
 		parties = append(parties, P)
 		go func(P *LocalParty) {
 			if err := P.Start(); err != nil {
@@ -228,7 +231,7 @@ signing:
 					X:     pkX,
 					Y:     pkY,
 				}
-				ok := ecdsa.Verify(&pk, big.NewInt(42).Bytes(), R.X(), sumS)
+				ok := ecdsa.Verify(&pk, msg, R.X(), sumS)
 				assert.True(t, ok, "ecdsa verify must pass")
 				t.Log("ECDSA signing test done.")
 				// END ECDSA verify

ecdsa/signing/round_1.go

@@ -38,7 +38,7 @@ func (round *round1) Start() *tss.Error {
 	// but considered different blockchain use different hash function we accept the converted big.Int
 	// if this big.Int is not belongs to Zq, the client might not comply with common rule (for ECDSA):
 	// https://github.com/btcsuite/btcd/blob/c26ffa870fd817666a857af1bf6498fabba1ffe3/btcec/signature.go#L263
-	if round.temp.m.Cmp(round.Params().EC().Params().N) >= 0 {
+	if new(big.Int).SetBytes(round.temp.m).Cmp(round.Params().EC().Params().N) >= 0 {
 		return round.WrapError(errors.New("hashed message is not valid"))
 	}
 

ecdsa/signing/round_5.go

@@ -63,7 +63,7 @@ func (round *round5) Start() *tss.Error {
 	modN := common.ModInt(N)
 	rx := R.X()
 	ry := R.Y()
-	si := modN.Add(modN.Mul(round.temp.m, round.temp.k), modN.Mul(rx, round.temp.sigma))
+	si := modN.Add(modN.Mul(new(big.Int).SetBytes(round.temp.m), round.temp.k), modN.Mul(rx, round.temp.sigma))
 
 	// clear temp.w and temp.k from memory, lint ignore
 	round.temp.w = zero

ecdsa/signing/round_7.go

@@ -64,7 +64,7 @@ func (round *round7) Start() *tss.Error {
 
 	modN := common.ModInt(round.Params().EC().Params().N)
 	AX, AY := round.temp.bigAi.X(), round.temp.bigAi.Y()
-	minusM := modN.Sub(big.NewInt(0), round.temp.m)
+	minusM := modN.Sub(big.NewInt(0), new(big.Int).SetBytes(round.temp.m))
 	gToMInvX, gToMInvY := round.Params().EC().ScalarBaseMult(minusM.Bytes())
 	minusR := modN.Sub(big.NewInt(0), round.temp.rx)
 	yToRInvX, yToRInvY := round.Params().EC().ScalarMult(round.key.ECDSAPub.X(), round.key.ECDSAPub.Y(), minusR.Bytes())

eddsa/resharing/local_party_test.go

@@ -7,7 +7,7 @@
 package resharing_test
 
 import (
-	"math/big"
+	"encoding/hex"
 	"sync/atomic"
 	"testing"
 
@@ -162,10 +162,10 @@ signing:
 	signErrCh := make(chan *tss.Error, len(signPIDs))
 	signOutCh := make(chan tss.Message, len(signPIDs))
 	signEndCh := make(chan *common.SignatureData, len(signPIDs))
-
+	data, _ := hex.DecodeString("00f163ee51bcaeff9cdff5e0e3c1a646abd19885fffbab0b3b4236e0cf95c9f5")
 	for j, signPID := range signPIDs {
 		params := tss.NewParameters(tss.Edwards(), signP2pCtx, signPID, len(signPIDs), newThreshold)
-		P := signing.NewLocalParty(big.NewInt(42), params, signKeys[j], signOutCh, signEndCh).(*signing.LocalParty)
+		P := signing.NewLocalParty(data, params, signKeys[j], signOutCh, signEndCh).(*signing.LocalParty)
 		signParties = append(signParties, P)
 		go func(P *signing.LocalParty) {
 			if err := P.Start(); err != nil {
@@ -216,7 +216,7 @@ signing:
 					println("new sig error, ", err.Error())
 				}
 
-				ok := edwards.Verify(&pk, big.NewInt(42).Bytes(),
+				ok := edwards.Verify(&pk, data,
 					newSig.R, newSig.S)
 
 				assert.True(t, ok, "eddsa verify must pass")

eddsa/signing/finalize.go

@@ -12,9 +12,8 @@ import (
 	"math/big"
 
 	"github.com/agl/ed25519/edwards25519"
-	"github.com/decred/dcrd/dcrec/edwards/v2"
-
 	"github.com/bnb-chain/tss-lib/v2/tss"
+	"github.com/decred/dcrd/dcrec/edwards/v2"
 )
 
 func (round *finalization) Start() *tss.Error {
@@ -43,15 +42,15 @@ func (round *finalization) Start() *tss.Error {
 	round.data.Signature = append(bigIntToEncodedBytes(round.temp.r)[:], sumS[:]...)
 	round.data.R = round.temp.r.Bytes()
 	round.data.S = s.Bytes()
-	round.data.M = round.temp.m.Bytes()
+	round.data.M = round.temp.m
 
 	pk := edwards.PublicKey{
 		Curve: round.Params().EC(),
 		X:     round.key.EDDSAPub.X(),
 		Y:     round.key.EDDSAPub.Y(),
 	}
 
-	ok := edwards.Verify(&pk, round.temp.m.Bytes(), round.temp.r, s)
+	ok := edwards.Verify(&pk, round.temp.m, round.temp.r, s)
 	if !ok {
 		return round.WrapError(fmt.Errorf("signature verification failed"))
 	}

eddsa/signing/local_party.go

@@ -47,9 +47,9 @@ type (
 		localMessageStore
 
 		// temp data (thrown away after sign) / round 1
-		wi,
-		m,
-		ri *big.Int
+		wi       *big.Int
+		m        []byte
+		ri       *big.Int
 		pointRi  *crypto.ECPoint
 		deCommit cmt.HashDeCommitment
 
@@ -66,7 +66,7 @@ type (
 )
 
 func NewLocalParty(
-	msg *big.Int,
+	msg []byte,
 	params *tss.Parameters,
 	key keygen.LocalPartySaveData,
 	out chan<- tss.Message,

eddsa/signing/local_party_test.go

@@ -7,6 +7,7 @@
 package signing
 
 import (
+	"encoding/hex"
 	"fmt"
 	"math/big"
 	"sync/atomic"
@@ -59,7 +60,7 @@ func TestE2EConcurrent(t *testing.T) {
 
 	updater := test.SharedPartyUpdater
 
-	msg := big.NewInt(200)
+	msg, _ := hex.DecodeString("00f163ee51bcaeff9cdff5e0e3c1a646abd19885fffbab0b3b4236e0cf95c9f5")
 	// init the parties
 	for i := 0; i < len(signPIDs); i++ {
 		params := tss.NewParameters(tss.Edwards(), p2pCtx, signPIDs[i], len(signPIDs), threshold)
@@ -132,7 +133,7 @@ signing:
 					println("new sig error, ", err.Error())
 				}
 
-				ok := edwards.Verify(&pk, msg.Bytes(), newSig.R, newSig.S)
+				ok := edwards.Verify(&pk, msg, newSig.R, newSig.S)
 				assert.True(t, ok, "eddsa verify must pass")
 				t.Log("EDDSA signing test done.")
 				// END EDDSA verify

eddsa/signing/round_3.go

@@ -80,7 +80,7 @@ func (round *round3) Start() *tss.Error {
 	h.Reset()
 	h.Write(encodedR[:])
 	h.Write(encodedPubKey[:])
-	h.Write(round.temp.m.Bytes())
+	h.Write(round.temp.m)
 
 	var lambda [64]byte
 	h.Sum(lambda[:0])