From d136170666e9510eb63c2572551805807bd4c17f Mon Sep 17 00:00:00 2001
From: Caio Dottori <caio.dottori@starkbank.com>
Date: Thu, 4 Nov 2021 18:07:55 -0300
Subject: [PATCH] Add signature.r and signature.s range check

---
 CHANGELOG.md              |  2 ++
 ellipticcurve/__init__.py | 12 ++++++------
 ellipticcurve/ecdsa.py    |  4 ++++
 3 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b8e43d9..22b85ec 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,8 @@ Given a version number MAJOR.MINOR.PATCH, increment:
 
 
 ## [Unreleased]
+### Fixed
+- Signature r and s range check
 
 ## [2.0.0] - 2021-10-08
 ### Added
diff --git a/ellipticcurve/__init__.py b/ellipticcurve/__init__.py
index 9757fdf..5f4727f 100644
--- a/ellipticcurve/__init__.py
+++ b/ellipticcurve/__init__.py
@@ -1,6 +1,6 @@
-from ellipticcurve.utils.compatibility import *
-from ellipticcurve.privateKey import PrivateKey
-from ellipticcurve.publicKey import PublicKey
-from ellipticcurve.signature import Signature
-from ellipticcurve.utils.file import File
-from ellipticcurve.ecdsa import Ecdsa
+from .utils.compatibility import *
+from .privateKey import PrivateKey
+from .publicKey import PublicKey
+from .signature import Signature
+from .utils.file import File
+from .ecdsa import Ecdsa
diff --git a/ellipticcurve/ecdsa.py b/ellipticcurve/ecdsa.py
index 24e44f7..16c3d9c 100644
--- a/ellipticcurve/ecdsa.py
+++ b/ellipticcurve/ecdsa.py
@@ -33,6 +33,10 @@ def verify(cls, message, signature, publicKey, hashfunc=sha256):
         curve = publicKey.curve
         r = signature.r
         s = signature.s
+        if not 1 <= r <= curve.N - 1:
+            return False
+        if not 1 <= s <= curve.N - 1:
+            return False
         inv = Math.inv(s, curve.N)
         u1 = Math.multiply(curve.G, n=(numberMessage * inv) % curve.N, N=curve.N, A=curve.A, P=curve.P)
         u2 = Math.multiply(publicKey.point, n=(r * inv) % curve.N, N=curve.N, A=curve.A, P=curve.P)