Merge pull request #2116 from obscuren/homestead

core, core/vm: consensus changes necessary for the homestead release

crypto/crypto.go

@@ -163,12 +163,21 @@ func GenerateKey() (*ecdsa.PrivateKey, error) {
 	return ecdsa.GenerateKey(secp256k1.S256(), rand.Reader)
 }
 
-func ValidateSignatureValues(v byte, r, s *big.Int) bool {
+func ValidateSignatureValues(v byte, r, s *big.Int, homestead bool) bool {
 	if r.Cmp(common.Big1) < 0 || s.Cmp(common.Big1) < 0 {
 		return false
 	}
 	vint := uint32(v)
-	if r.Cmp(secp256k1.N) < 0 && s.Cmp(secp256k1.N) < 0 && (vint == 27 || vint == 28) {
+	// reject upper range of s values (ECDSA malleability)
+	// see discussion in secp256k1/libsecp256k1/include/secp256k1.h
+	if homestead && s.Cmp(secp256k1.HalfN) > 0 {
+		return false
+	}
+	// Frontier: allow s to be in full N range
+	if s.Cmp(secp256k1.N) >= 0 {
+		return false
+	}
+	if r.Cmp(secp256k1.N) < 0 && (vint == 27 || vint == 28) {
 		return true
 	} else {
 		return false

crypto/crypto_test.go

@@ -174,7 +174,7 @@ func TestLoadECDSAFile(t *testing.T) {
 
 func TestValidateSignatureValues(t *testing.T) {
 	check := func(expected bool, v byte, r, s *big.Int) {
-		if ValidateSignatureValues(v, r, s) != expected {
+		if ValidateSignatureValues(v, r, s, false) != expected {
 			t.Errorf("mismatch for v: %d r: %d s: %d want: %v", v, r, s, expected)
 		}
 	}

crypto/secp256k1/secp256.go

@@ -58,10 +58,14 @@ import (
 var (
 	context *C.secp256k1_context
 	N       *big.Int
+	HalfN   *big.Int
 )
 
 func init() {
 	N, _ = new(big.Int).SetString("fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141", 16)
+	// N / 2 == 57896044618658097711785492504343953926418782139537452191302581570759080747168
+	HalfN, _ = new(big.Int).SetString("7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a0", 16)
+
 	// around 20 ms on a modern CPU.
 	context = C.secp256k1_context_create(3) // SECP256K1_START_SIGN | SECP256K1_START_VERIFY
 	C.secp256k1_context_set_illegal_callback(context, C.callbackFunc(C.secp256k1GoPanicIllegal), nil)