Merge pull request #3 from starkbank/fix/signature-range

cdottori-stark · web-flow · commit a5168f6d9cfb · 2021-11-04T20:48:29.000-03:00
Add signature.r and signature.s range check
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,21 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
+and this project adheres to the following versioning pattern:
+
+Given a version number MAJOR.MINOR.PATCH, increment:
+
+- MAJOR version when **breaking changes** are introduced;
+- MINOR version when **backwards compatible changes** are introduced;
+- PATCH version when backwards compatible bug **fixes** are implemented.
+
+
+## [Unreleased]
+### Fixed
+- signature r and s range check
+
+## [1.0.0] - 2020-04-14
+### Added
+- first official version
diff --git a/lib/ecdsa.ex b/lib/ecdsa.ex
@@ -85,7 +85,7 @@ defmodule EllipticCurve.Ecdsa do
 
     inv = Math.inv(signature.s, curveData."N")
 
-    signature.r ==
+    result = signature.r ==
       Math.add(
         Math.multiply(
           curveData."G",
@@ -104,5 +104,11 @@ defmodule EllipticCurve.Ecdsa do
         curveData."A",
         curveData."P"
       ).x
+
+    cond do
+      signature.r < 1 || signature.r >= curveData."N" -> false
+      signature.s < 1 || signature.s >= curveData."N" -> false
+      true -> result
+    end
   end
 end
