From 81ba10534e97228272044ffb696ab9dfa171bc25 Mon Sep 17 00:00:00 2001 From: Moein zargarzadeh Date: Wed, 3 Jan 2024 14:35:29 +0330 Subject: [PATCH] fix signing issue if the messsage is leading with 0x00 --- ecdsa/resharing/local_party_test.go | 7 ++++--- ecdsa/signing/finalize.go | 4 ++-- ecdsa/signing/local_party.go | 8 ++++---- ecdsa/signing/local_party_test.go | 13 ++++++++----- ecdsa/signing/round_1.go | 2 +- ecdsa/signing/round_5.go | 2 +- ecdsa/signing/round_7.go | 2 +- eddsa/resharing/local_party_test.go | 8 ++++---- eddsa/signing/finalize.go | 7 +++---- eddsa/signing/local_party.go | 8 ++++---- eddsa/signing/local_party_test.go | 5 +++-- eddsa/signing/round_3.go | 2 +- 12 files changed, 36 insertions(+), 32 deletions(-) diff --git a/ecdsa/resharing/local_party_test.go b/ecdsa/resharing/local_party_test.go index e205c5e1..9ce53a2b 100644 --- a/ecdsa/resharing/local_party_test.go +++ b/ecdsa/resharing/local_party_test.go @@ -8,6 +8,7 @@ package resharing_test import ( "crypto/ecdsa" + "encoding/hex" "fmt" "math/big" "runtime" @@ -174,10 +175,10 @@ signing: signErrCh := make(chan *tss.Error, len(signPIDs)) signOutCh := make(chan tss.Message, len(signPIDs)) signEndCh := make(chan *common.SignatureData, len(signPIDs)) - + data, _ := hex.DecodeString("00f163ee51bcaeff9cdff5e0e3c1a646abd19885fffbab0b3b4236e0cf95c9f5") for j, signPID := range signPIDs { params := tss.NewParameters(tss.S256(), signP2pCtx, signPID, len(signPIDs), newThreshold) - P := signing.NewLocalParty(big.NewInt(42), params, signKeys[j], signOutCh, signEndCh).(*signing.LocalParty) + P := signing.NewLocalParty(data, params, signKeys[j], signOutCh, signEndCh).(*signing.LocalParty) signParties = append(signParties, P) go func(P *signing.LocalParty) { if err := P.Start(); err != nil { @@ -223,7 +224,7 @@ signing: X: pkX, Y: pkY, } - ok := ecdsa.Verify(&pk, big.NewInt(42).Bytes(), + ok := ecdsa.Verify(&pk, data, new(big.Int).SetBytes(signData.R), new(big.Int).SetBytes(signData.S)) diff --git a/ecdsa/signing/finalize.go b/ecdsa/signing/finalize.go index 995702fe..4d9efadd 100644 --- a/ecdsa/signing/finalize.go +++ b/ecdsa/signing/finalize.go @@ -61,14 +61,14 @@ func (round *finalization) Start() *tss.Error { round.data.S = padToLengthBytesInPlace(sumS.Bytes(), bitSizeInBytes) round.data.Signature = append(round.data.R, round.data.S...) round.data.SignatureRecovery = []byte{byte(recid)} - round.data.M = round.temp.m.Bytes() + round.data.M = round.temp.m pk := ecdsa.PublicKey{ Curve: round.Params().EC(), X: round.key.ECDSAPub.X(), Y: round.key.ECDSAPub.Y(), } - ok := ecdsa.Verify(&pk, round.temp.m.Bytes(), round.temp.rx, sumS) + ok := ecdsa.Verify(&pk, round.temp.m, round.temp.rx, sumS) if !ok { return round.WrapError(fmt.Errorf("signature verification failed")) } diff --git a/ecdsa/signing/local_party.go b/ecdsa/signing/local_party.go index ae34ad00..5e85a80c 100644 --- a/ecdsa/signing/local_party.go +++ b/ecdsa/signing/local_party.go @@ -55,8 +55,8 @@ type ( localMessageStore // temp data (thrown away after sign) / round 1 - w, - m, + w *big.Int + m []byte k, theta, thetaInverse, @@ -98,7 +98,7 @@ type ( ) func NewLocalParty( - msg *big.Int, + msg []byte, params *tss.Parameters, key keygen.LocalPartySaveData, out chan<- tss.Message, @@ -108,7 +108,7 @@ func NewLocalParty( // NewLocalPartyWithKDD returns a party with key derivation delta for HD support func NewLocalPartyWithKDD( - msg *big.Int, + msg []byte, params *tss.Parameters, key keygen.LocalPartySaveData, keyDerivationDelta *big.Int, diff --git a/ecdsa/signing/local_party_test.go b/ecdsa/signing/local_party_test.go index a1680b5f..e2177d00 100644 --- a/ecdsa/signing/local_party_test.go +++ b/ecdsa/signing/local_party_test.go @@ -8,6 +8,7 @@ package signing import ( "crypto/ecdsa" + "encoding/hex" "fmt" "math/big" "runtime" @@ -56,11 +57,13 @@ func TestE2EConcurrent(t *testing.T) { updater := test.SharedPartyUpdater + msg, _ := hex.DecodeString("00f163ee51bcaeff9cdff5e0e3c1a646abd19885fffbab0b3b4236e0cf95c9f5") + // init the parties for i := 0; i < len(signPIDs); i++ { params := tss.NewParameters(tss.S256(), p2pCtx, signPIDs[i], len(signPIDs), threshold) - P := NewLocalParty(big.NewInt(42), params, keys[i], outCh, endCh).(*LocalParty) + P := NewLocalParty(msg, params, keys[i], outCh, endCh).(*LocalParty) parties = append(parties, P) go func(P *LocalParty) { if err := P.Start(); err != nil { @@ -120,7 +123,7 @@ signing: X: pkX, Y: pkY, } - ok := ecdsa.Verify(&pk, big.NewInt(42).Bytes(), R.X(), sumS) + ok := ecdsa.Verify(&pk, msg, R.X(), sumS) assert.True(t, ok, "ecdsa verify must pass") t.Log("ECDSA signing test done.") // END ECDSA verify @@ -164,12 +167,12 @@ func TestE2EWithHDKeyDerivation(t *testing.T) { endCh := make(chan *common.SignatureData, len(signPIDs)) updater := test.SharedPartyUpdater - + msg, _ := hex.DecodeString("00f163ee51bcaeff9cdff5e0e3c1a646abd19885fffbab0b3b4236e0cf95c9f5") // init the parties for i := 0; i < len(signPIDs); i++ { params := tss.NewParameters(tss.S256(), p2pCtx, signPIDs[i], len(signPIDs), threshold) - P := NewLocalPartyWithKDD(big.NewInt(42), params, keys[i], keyDerivationDelta, outCh, endCh).(*LocalParty) + P := NewLocalPartyWithKDD(msg, params, keys[i], keyDerivationDelta, outCh, endCh).(*LocalParty) parties = append(parties, P) go func(P *LocalParty) { if err := P.Start(); err != nil { @@ -228,7 +231,7 @@ signing: X: pkX, Y: pkY, } - ok := ecdsa.Verify(&pk, big.NewInt(42).Bytes(), R.X(), sumS) + ok := ecdsa.Verify(&pk, msg, R.X(), sumS) assert.True(t, ok, "ecdsa verify must pass") t.Log("ECDSA signing test done.") // END ECDSA verify diff --git a/ecdsa/signing/round_1.go b/ecdsa/signing/round_1.go index 924b080f..be3364bd 100644 --- a/ecdsa/signing/round_1.go +++ b/ecdsa/signing/round_1.go @@ -38,7 +38,7 @@ func (round *round1) Start() *tss.Error { // but considered different blockchain use different hash function we accept the converted big.Int // if this big.Int is not belongs to Zq, the client might not comply with common rule (for ECDSA): // https://github.com/btcsuite/btcd/blob/c26ffa870fd817666a857af1bf6498fabba1ffe3/btcec/signature.go#L263 - if round.temp.m.Cmp(round.Params().EC().Params().N) >= 0 { + if new(big.Int).SetBytes(round.temp.m).Cmp(round.Params().EC().Params().N) >= 0 { return round.WrapError(errors.New("hashed message is not valid")) } diff --git a/ecdsa/signing/round_5.go b/ecdsa/signing/round_5.go index f6ecf308..7c6a57e9 100644 --- a/ecdsa/signing/round_5.go +++ b/ecdsa/signing/round_5.go @@ -63,7 +63,7 @@ func (round *round5) Start() *tss.Error { modN := common.ModInt(N) rx := R.X() ry := R.Y() - si := modN.Add(modN.Mul(round.temp.m, round.temp.k), modN.Mul(rx, round.temp.sigma)) + si := modN.Add(modN.Mul(new(big.Int).SetBytes(round.temp.m), round.temp.k), modN.Mul(rx, round.temp.sigma)) // clear temp.w and temp.k from memory, lint ignore round.temp.w = zero diff --git a/ecdsa/signing/round_7.go b/ecdsa/signing/round_7.go index e89e0fcd..b961a704 100644 --- a/ecdsa/signing/round_7.go +++ b/ecdsa/signing/round_7.go @@ -64,7 +64,7 @@ func (round *round7) Start() *tss.Error { modN := common.ModInt(round.Params().EC().Params().N) AX, AY := round.temp.bigAi.X(), round.temp.bigAi.Y() - minusM := modN.Sub(big.NewInt(0), round.temp.m) + minusM := modN.Sub(big.NewInt(0), new(big.Int).SetBytes(round.temp.m)) gToMInvX, gToMInvY := round.Params().EC().ScalarBaseMult(minusM.Bytes()) minusR := modN.Sub(big.NewInt(0), round.temp.rx) yToRInvX, yToRInvY := round.Params().EC().ScalarMult(round.key.ECDSAPub.X(), round.key.ECDSAPub.Y(), minusR.Bytes()) diff --git a/eddsa/resharing/local_party_test.go b/eddsa/resharing/local_party_test.go index 72411c0c..c1ff12c7 100644 --- a/eddsa/resharing/local_party_test.go +++ b/eddsa/resharing/local_party_test.go @@ -7,7 +7,7 @@ package resharing_test import ( - "math/big" + "encoding/hex" "sync/atomic" "testing" @@ -162,10 +162,10 @@ signing: signErrCh := make(chan *tss.Error, len(signPIDs)) signOutCh := make(chan tss.Message, len(signPIDs)) signEndCh := make(chan *common.SignatureData, len(signPIDs)) - + data, _ := hex.DecodeString("00f163ee51bcaeff9cdff5e0e3c1a646abd19885fffbab0b3b4236e0cf95c9f5") for j, signPID := range signPIDs { params := tss.NewParameters(tss.Edwards(), signP2pCtx, signPID, len(signPIDs), newThreshold) - P := signing.NewLocalParty(big.NewInt(42), params, signKeys[j], signOutCh, signEndCh).(*signing.LocalParty) + P := signing.NewLocalParty(data, params, signKeys[j], signOutCh, signEndCh).(*signing.LocalParty) signParties = append(signParties, P) go func(P *signing.LocalParty) { if err := P.Start(); err != nil { @@ -216,7 +216,7 @@ signing: println("new sig error, ", err.Error()) } - ok := edwards.Verify(&pk, big.NewInt(42).Bytes(), + ok := edwards.Verify(&pk, data, newSig.R, newSig.S) assert.True(t, ok, "eddsa verify must pass") diff --git a/eddsa/signing/finalize.go b/eddsa/signing/finalize.go index aaafd255..6ad09837 100644 --- a/eddsa/signing/finalize.go +++ b/eddsa/signing/finalize.go @@ -12,9 +12,8 @@ import ( "math/big" "github.com/agl/ed25519/edwards25519" - "github.com/decred/dcrd/dcrec/edwards/v2" - "github.com/bnb-chain/tss-lib/v2/tss" + "github.com/decred/dcrd/dcrec/edwards/v2" ) func (round *finalization) Start() *tss.Error { @@ -43,7 +42,7 @@ func (round *finalization) Start() *tss.Error { round.data.Signature = append(bigIntToEncodedBytes(round.temp.r)[:], sumS[:]...) round.data.R = round.temp.r.Bytes() round.data.S = s.Bytes() - round.data.M = round.temp.m.Bytes() + round.data.M = round.temp.m pk := edwards.PublicKey{ Curve: round.Params().EC(), @@ -51,7 +50,7 @@ func (round *finalization) Start() *tss.Error { Y: round.key.EDDSAPub.Y(), } - ok := edwards.Verify(&pk, round.temp.m.Bytes(), round.temp.r, s) + ok := edwards.Verify(&pk, round.temp.m, round.temp.r, s) if !ok { return round.WrapError(fmt.Errorf("signature verification failed")) } diff --git a/eddsa/signing/local_party.go b/eddsa/signing/local_party.go index d11a29c4..57e086f5 100644 --- a/eddsa/signing/local_party.go +++ b/eddsa/signing/local_party.go @@ -47,9 +47,9 @@ type ( localMessageStore // temp data (thrown away after sign) / round 1 - wi, - m, - ri *big.Int + wi *big.Int + m []byte + ri *big.Int pointRi *crypto.ECPoint deCommit cmt.HashDeCommitment @@ -66,7 +66,7 @@ type ( ) func NewLocalParty( - msg *big.Int, + msg []byte, params *tss.Parameters, key keygen.LocalPartySaveData, out chan<- tss.Message, diff --git a/eddsa/signing/local_party_test.go b/eddsa/signing/local_party_test.go index 33f6fa4e..e0545435 100644 --- a/eddsa/signing/local_party_test.go +++ b/eddsa/signing/local_party_test.go @@ -7,6 +7,7 @@ package signing import ( + "encoding/hex" "fmt" "math/big" "sync/atomic" @@ -59,7 +60,7 @@ func TestE2EConcurrent(t *testing.T) { updater := test.SharedPartyUpdater - msg := big.NewInt(200) + msg, _ := hex.DecodeString("00f163ee51bcaeff9cdff5e0e3c1a646abd19885fffbab0b3b4236e0cf95c9f5") // init the parties for i := 0; i < len(signPIDs); i++ { params := tss.NewParameters(tss.Edwards(), p2pCtx, signPIDs[i], len(signPIDs), threshold) @@ -132,7 +133,7 @@ signing: println("new sig error, ", err.Error()) } - ok := edwards.Verify(&pk, msg.Bytes(), newSig.R, newSig.S) + ok := edwards.Verify(&pk, msg, newSig.R, newSig.S) assert.True(t, ok, "eddsa verify must pass") t.Log("EDDSA signing test done.") // END EDDSA verify diff --git a/eddsa/signing/round_3.go b/eddsa/signing/round_3.go index b2567f54..05fe4fe6 100644 --- a/eddsa/signing/round_3.go +++ b/eddsa/signing/round_3.go @@ -80,7 +80,7 @@ func (round *round3) Start() *tss.Error { h.Reset() h.Write(encodedR[:]) h.Write(encodedPubKey[:]) - h.Write(round.temp.m.Bytes()) + h.Write(round.temp.m) var lambda [64]byte h.Sum(lambda[:0])