NoBey/openzeppelin-contracts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Make ECDSA.recover revert on error. (#2114)

Browse Source 
* Make ECDSA.recover revert on error

* Removed unused test

* Remove duplicate line

* Add tests for invalid signatures

* Fix linter errors

* Add changelog entry
This commit is contained in:
Nicolás Venturo
2020-03-10 20:13:32 -03:00
committed by GitHub
parent e2813df879
commit 65e4ffde58
3 changed files with 38 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGELOG.md
View File

@ -1,5 +1,10 @@
# Changelog # Changelog
## 3.0.0 (unreleased)
### Breaking Changes
* `ECDSA`: when receiving an invalid signature, `recover` now reverts instead of returning the zero address. ([#2114](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2114))
## 2.5.0 (2020-02-04) ## 2.5.0 (2020-02-04)
### New features ### New features

15
contracts/cryptography/ECDSA.sol
View File

@ -15,10 +15,6 @@ library ECDSA {
* this function rejects them by requiring the `s` value to be in the lower * this function rejects them by requiring the `s` value to be in the lower
* half order, and the `v` value to be either 27 or 28. * half order, and the `v` value to be either 27 or 28.
* *
* NOTE: This call _does not revert_ if the signature is invalid, or
* if the signer is otherwise unable to be retrieved. In those scenarios,
* the zero address is returned.
*
* IMPORTANT: `hash` _must_ be the result of a hash operation for the * IMPORTANT: `hash` _must_ be the result of a hash operation for the
* verification to be secure: it is possible to craft signatures that * verification to be secure: it is possible to craft signatures that
* recover to arbitrary addresses for non-hashed data. A safe way to ensure * recover to arbitrary addresses for non-hashed data. A safe way to ensure
@ -28,7 +24,7 @@ library ECDSA {
function recover(bytes32 hash, bytes memory signature) internal pure returns (address) { function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {
// Check the signature length // Check the signature length
if (signature.length != 65) { if (signature.length != 65) {
return (address(0)); revert("ECDSA: invalid signature length");
} }
// Divide the signature in r, s and v variables // Divide the signature in r, s and v variables
@ -55,15 +51,18 @@ library ECDSA {
// vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept
// these malleable signatures as well. // these malleable signatures as well.
if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) { if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {
return address(0); revert("ECDSA: invalid signature 's' value");
} }
if (v != 27 && v != 28) { if (v != 27 && v != 28) {
return address(0); revert("ECDSA: invalid signature 'v' value");
} }
// If the signature is valid (and not malleable), return the signer address // If the signature is valid (and not malleable), return the signer address
return ecrecover(hash, v, r, s); address signer = ecrecover(hash, v, r, s);
require(signer != address(0), "ECDSA: invalid signature");
return signer;
} }
/** /**

59
test/cryptography/ECDSA.test.js
View File

@ -1,7 +1,6 @@
const { accounts, contract, web3 } = require('@openzeppelin/test-environment'); const { accounts, contract, web3 } = require('@openzeppelin/test-environment');
const { constants, expectRevert } = require('@openzeppelin/test-helpers'); const { expectRevert } = require('@openzeppelin/test-helpers');
const { ZERO_ADDRESS } = constants;
const { toEthSignedMessageHash, fixSignature } = require('../helpers/sign'); const { toEthSignedMessageHash, fixSignature } = require('../helpers/sign');
const { expect } = require('chai'); const { expect } = require('chai');
@ -20,13 +19,15 @@ describe('ECDSA', function () {
context('recover with invalid signature', function () { context('recover with invalid signature', function () {
it('with short signature', async function () { it('with short signature', async function () {
expect(await this.ecdsa.recover(TEST_MESSAGE, '0x1234')).to.equal(ZERO_ADDRESS); await expectRevert(this.ecdsa.recover(TEST_MESSAGE, '0x1234'), 'ECDSA: invalid signature length');
}); });
it('with long signature', async function () { it('with long signature', async function () {
// eslint-disable-next-line max-len await expectRevert(
expect(await this.ecdsa.recover(TEST_MESSAGE, '0x01234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789')) // eslint-disable-next-line max-len
.to.equal(ZERO_ADDRESS); this.ecdsa.recover(TEST_MESSAGE, '0x01234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789'),
'ECDSA: invalid signature length'
);
}); });
}); });
@ -38,10 +39,10 @@ describe('ECDSA', function () {
const signatureWithoutVersion = '0x5d99b6f7f6d1f73d1a26497f2b1c89b24c0993913f86e9a2d02cd69887d9c94f3c880358579d811b21dd1b7fd9bb01c1d81d10e69f0384e675c32b39643be892'; const signatureWithoutVersion = '0x5d99b6f7f6d1f73d1a26497f2b1c89b24c0993913f86e9a2d02cd69887d9c94f3c880358579d811b21dd1b7fd9bb01c1d81d10e69f0384e675c32b39643be892';
context('with 00 as version value', function () { context('with 00 as version value', function () {
it('returns 0', async function () { it('reverts', async function () {
const version = '00'; const version = '00';
const signature = signatureWithoutVersion + version; const signature = signatureWithoutVersion + version;
expect(await this.ecdsa.recover(TEST_MESSAGE, signature)).to.equal(ZERO_ADDRESS); await expectRevert(this.ecdsa.recover(TEST_MESSAGE, signature), 'ECDSA: invalid signature \'v\' value');
}); });
}); });
@ -54,12 +55,12 @@ describe('ECDSA', function () {
}); });
context('with wrong version', function () { context('with wrong version', function () {
it('returns 0', async function () { it('reverts', async function () {
// The last two hex digits are the signature version. // The last two hex digits are the signature version.
// The only valid values are 0, 1, 27 and 28. // The only valid values are 0, 1, 27 and 28.
const version = '02'; const version = '02';
const signature = signatureWithoutVersion + version; const signature = signatureWithoutVersion + version;
expect(await this.ecdsa.recover(TEST_MESSAGE, signature)).to.equal(ZERO_ADDRESS); await expectRevert(this.ecdsa.recover(TEST_MESSAGE, signature), 'ECDSA: invalid signature \'v\' value');
}); });
}); });
}); });
@ -70,10 +71,10 @@ describe('ECDSA', function () {
const signatureWithoutVersion = '0x331fe75a821c982f9127538858900d87d3ec1f9f737338ad67cad133fa48feff48e6fa0c18abc62e42820f05943e47af3e9fbe306ce74d64094bdf1691ee53e0'; const signatureWithoutVersion = '0x331fe75a821c982f9127538858900d87d3ec1f9f737338ad67cad133fa48feff48e6fa0c18abc62e42820f05943e47af3e9fbe306ce74d64094bdf1691ee53e0';
context('with 01 as version value', function () { context('with 01 as version value', function () {
it('returns 0', async function () { it('reverts', async function () {
const version = '01'; const version = '01';
const signature = signatureWithoutVersion + version; const signature = signatureWithoutVersion + version;
expect(await this.ecdsa.recover(TEST_MESSAGE, signature)).to.equal(ZERO_ADDRESS); await expectRevert(this.ecdsa.recover(TEST_MESSAGE, signature), 'ECDSA: invalid signature \'v\' value');
}); });
}); });
@ -86,23 +87,23 @@ describe('ECDSA', function () {
}); });
context('with wrong version', function () { context('with wrong version', function () {
it('returns 0', async function () { it('reverts', async function () {
// The last two hex digits are the signature version. // The last two hex digits are the signature version.
// The only valid values are 0, 1, 27 and 28. // The only valid values are 0, 1, 27 and 28.
const version = '02'; const version = '02';
const signature = signatureWithoutVersion + version; const signature = signatureWithoutVersion + version;
expect(await this.ecdsa.recover(TEST_MESSAGE, signature)).to.equal(ZERO_ADDRESS); await expectRevert(this.ecdsa.recover(TEST_MESSAGE, signature), 'ECDSA: invalid signature \'v\' value');
}); });
}); });
}); });
context('with high-s value signature', function () { context('with high-s value signature', function () {
it('returns 0', async function () { it('reverts', async function () {
const message = '0xb94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9'; const message = '0xb94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9';
// eslint-disable-next-line max-len // eslint-disable-next-line max-len
const highSSignature = '0xe742ff452d41413616a5bf43fe15dd88294e983d3d36206c2712f39083d638bde0a0fc89be718fbc1033e1d30d78be1c68081562ed2e97af876f286f3453231d1b'; const highSSignature = '0xe742ff452d41413616a5bf43fe15dd88294e983d3d36206c2712f39083d638bde0a0fc89be718fbc1033e1d30d78be1c68081562ed2e97af876f286f3453231d1b';
expect(await this.ecdsa.recover(message, highSSignature)).to.equal(ZERO_ADDRESS); await expectRevert(this.ecdsa.recover(message, highSSignature), 'ECDSA: invalid signature \'s\' value');
}); });
}); });
@ -120,26 +121,19 @@ describe('ECDSA', function () {
}); });
}); });
context('with wrong signature', function () { context('with wrong message', function () {
it('does not return signer address', async function () { it('returns a different address', async function () {
// Create the signature const signature = fixSignature(await web3.eth.sign(TEST_MESSAGE, other));
const signature = await web3.eth.sign(TEST_MESSAGE, other);
// Recover the signer address from the generated message and wrong signature.
expect(await this.ecdsa.recover(WRONG_MESSAGE, signature)).to.not.equal(other); expect(await this.ecdsa.recover(WRONG_MESSAGE, signature)).to.not.equal(other);
}); });
}); });
});
context('with small hash', function () { context('with invalid signature', function () {
// @TODO - remove `skip` once we upgrade to solc^0.5 it('reverts', async function () {
it.skip('reverts', async function () { // eslint-disable-next-line max-len
// Create the signature const signature = '0x332ce75a821c982f9127538858900d87d3ec1f9f737338ad67cad133fa48feff48e6fa0c18abc62e42820f05943e47af3e9fbe306ce74d64094bdf1691ee53e01c';
const signature = await web3.eth.sign(TEST_MESSAGE, other); await expectRevert(this.ecdsa.recover(TEST_MESSAGE, signature), 'ECDSA: invalid signature');
await expectRevert( });
this.ecdsa.recover(TEST_MESSAGE.substring(2), signature),
'Failure message'
);
}); });
}); });
}); });
@ -147,7 +141,6 @@ describe('ECDSA', function () {
context('toEthSignedMessage', function () { context('toEthSignedMessage', function () {
it('should prefix hashes correctly', async function () { it('should prefix hashes correctly', async function () {
expect(await this.ecdsa.toEthSignedMessageHash(TEST_MESSAGE)).to.equal(toEthSignedMessageHash(TEST_MESSAGE)); expect(await this.ecdsa.toEthSignedMessageHash(TEST_MESSAGE)).to.equal(toEthSignedMessageHash(TEST_MESSAGE));
expect(await this.ecdsa.toEthSignedMessageHash(TEST_MESSAGE)).to.equal(toEthSignedMessageHash(TEST_MESSAGE));
}); });
}); });
}); });