default to low s-values on signing (BIP62)

Deus-Absconditus · Oct 15, 2015 · 7dfb0ad · 7dfb0ad
1 parent 643d612
commit 7dfb0ad
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 5 deletions.
diff --git a/armoryengine/ArmoryUtils.py b/armoryengine/ArmoryUtils.py
@@ -2969,11 +2969,15 @@ def createBitcoinURI(addr, amt=None, msg=None):
 
 ################################################################################
 def createDERSigFromRS(rBin, sBin):
-   # Remove all leading zero-bytes (why didn't we use lstrip() here?)
-   while rBin[0]=='\x00':
-      rBin = rBin[1:]
-   while sBin[0]=='\x00':
-      sBin = sBin[1:]
+   # Remove all leading zero-bytes
+   rBin = rBin.lstrip('\x00')
+   sBin = sBin.lstrip('\x00')
+
+   # assure that s is the low value so that tx is not malleable (BIP62)
+   sInt = binary_to_int(sBin, BIGENDIAN)
+   if sInt >  SECP256K1_ORDER / 2:
+      sInt = SECP256K1_ORDER - sInt
+      sBin = int_to_binary(sInt, widthBytes=32, endOut=BIGENDIAN)
 
    if binary_to_int(rBin[0])&128>0:  rBin = '\x00'+rBin
    if binary_to_int(sBin[0])&128>0:  sBin = '\x00'+sBin

diff --git a/pytest/testSigning.py b/pytest/testSigning.py
@@ -0,0 +1,23 @@
+import sys
+sys.path.append('..')
+import unittest
+import random
+
+from armoryengine.ALL import *
+
+
+class SigningTester(unittest.TestCase):
+
+   def testLowSig(self):
+      sbdPrivKey = SecureBinaryData(b'\x01'*32)
+      pub = CryptoECDSA().ComputePublicKey(sbdPrivKey).toBinStr()
+
+      for i in range(100):
+         msg = "some random msg %s" % random.random()
+         sbdSig = CryptoECDSA().SignData(SecureBinaryData(msg), sbdPrivKey, False)
+         binSig = sbdSig.toBinStr()
+         derSig = createDERSigFromRS(binSig[:32], binSig[32:])
+         r, s = getRSFromDERSig(derSig)
+         j = binary_to_int(s, BIGENDIAN)
+         self.assertTrue( j <= SECP256K1_ORDER / 2)
+