From d61c6037eaf39c1d91ec6a4a344ba6f8418f67e0 Mon Sep 17 00:00:00 2001 From: SomberNight Date: Mon, 27 May 2024 17:09:45 +0000 Subject: [PATCH] ecc: add test that verify_usermessage does not enforce low-S rule --- electrum/ecc.py | 2 ++ tests/test_bitcoin.py | 9 +++++++++ 2 files changed, 11 insertions(+) diff --git a/electrum/ecc.py b/electrum/ecc.py index a57075aae..882a31f9a 100644 --- a/electrum/ecc.py +++ b/electrum/ecc.py @@ -566,6 +566,8 @@ class ECPrivkey(ECPubkey): return sig64 def ecdsa_sign_recoverable(self, msg32: bytes, *, is_compressed: bool) -> bytes: + assert len(msg32) == 32, len(msg32) + def bruteforce_recid(sig64: bytes): for recid in range(4): sig65 = construct_ecdsa_sig65(sig64, recid, is_compressed=is_compressed) diff --git a/tests/test_bitcoin.py b/tests/test_bitcoin.py index be0b05330..df86cac95 100644 --- a/tests/test_bitcoin.py +++ b/tests/test_bitcoin.py @@ -246,6 +246,15 @@ class Test_bitcoin(ElectrumTestCase): self.assertFalse(ecc.verify_usermessage_with_address(addr1, b'wrong', msg1)) self.assertFalse(ecc.verify_usermessage_with_address(addr1, sig2, msg1)) + def test_signmessage_low_s(self): + """`$ bitcoin-cli verifymessage` does NOT enforce the low-S rule for ecdsa sigs. This tests we do the same.""" + addr = "15hETetDmcXm1mM4sEf7U2KXC9hDHFMSzz" + sig_low_s = b'Hzsu0U/THAsPz/MSuXGBKSULz2dTfmrg1NsAhFp+wH5aKfmX4Db7ExLGa7FGn0m6Mf43KsbEOWpvUUUBTM3Uusw=' + sig_high_s = b'IDsu0U/THAsPz/MSuXGBKSULz2dTfmrg1NsAhFp+wH5a1gZoH8kE7O05lE65YLZFzLx3sh/rDzXMbo1dQAJhhnU=' + msg = b'Chancellor on brink of second bailout for banks' + self.assertTrue(ecc.verify_usermessage_with_address(address=addr, sig65=base64.b64decode(sig_low_s), message=msg)) + self.assertTrue(ecc.verify_usermessage_with_address(address=addr, sig65=base64.b64decode(sig_high_s), message=msg)) + def test_signmessage_segwit_witness_v0_address(self): msg = b'Electrum' # p2wpkh-p2sh