Add signature.r and signature.s range check

cdottori-stark · cdottori-stark · commit d136170666e9 · 2021-11-04T18:07:55.000-03:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -13,6 +13,8 @@ Given a version number MAJOR.MINOR.PATCH, increment:
 
 
 ## [Unreleased]
+### Fixed
+- Signature r and s range check
 
 ## [2.0.0] - 2021-10-08
 ### Added
diff --git a/ellipticcurve/__init__.py b/ellipticcurve/__init__.py
@@ -1,6 +1,6 @@
-from ellipticcurve.utils.compatibility import *
-from ellipticcurve.privateKey import PrivateKey
-from ellipticcurve.publicKey import PublicKey
-from ellipticcurve.signature import Signature
-from ellipticcurve.utils.file import File
-from ellipticcurve.ecdsa import Ecdsa
+from .utils.compatibility import *
+from .privateKey import PrivateKey
+from .publicKey import PublicKey
+from .signature import Signature
+from .utils.file import File
+from .ecdsa import Ecdsa
diff --git a/ellipticcurve/ecdsa.py b/ellipticcurve/ecdsa.py
@@ -33,6 +33,10 @@ def verify(cls, message, signature, publicKey, hashfunc=sha256):
         curve = publicKey.curve
         r = signature.r
         s = signature.s
+        if not 1 <= r <= curve.N - 1:
+            return False
+        if not 1 <= s <= curve.N - 1:
+            return False
         inv = Math.inv(s, curve.N)
         u1 = Math.multiply(curve.G, n=(numberMessage * inv) % curve.N, N=curve.N, A=curve.A, P=curve.P)
         u2 = Math.multiply(publicKey.point, n=(r * inv) % curve.N, N=curve.N, A=curve.A, P=curve.P)
