search

chaintope / bitcoinrb

The implementation of the bitcoin protocol for ruby.
MIT License
61 stars 19 forks source link

Verifying signature with sighash_type fails when using secp256k1 library. #14

Closed Yamaguchi closed 6 years ago

Yamaguchi commented 6 years ago
  1. Verifying the signature without sighash_type returns TRUE (using libsecp256k1 )
$ SECP256K1_LIB_PATH=./spec/lib/libsecp256k1.dylib ./bin/console 
irb(main):001:0> Bitcoin::Key.new(pubkey:"0251f5f22b4656f5991ec8c6928901d6f5f466286059f9108409d6f3e8b85c04f2").verify("304402201862554e825a38d3de70e31dd18315868dc217cb2c1131deafef3b4623bb82eb022055850038f75e9248f9290532df3c7fb0f3a965f03539e684b18ce690e13f1b92".htb,"7fa142ede3c5c87f3dcd61a9d4dd2e6d0f018c837d4ded05f5a22300b921b719".htb)
=> true
  1. Verifying the signature with sighash_type(01) returns FALSE (using libsecp256k1 )
irb(main):002:0> Bitcoin::Key.new(pubkey:"0251f5f22b4656f5991ec8c6928901d6f5f466286059f9108409d6f3e8b85c04f2").verify("304402201862554e825a38d3de70e31dd18315868dc217cb2c1131deafef3b4623bb82eb022055850038f75e9248f9290532df3c7fb0f3a965f03539e684b18ce690e13f1b9201".htb,"7fa142ede3c5c87f3dcd61a9d4dd2e6d0f018c837d4ded05f5a22300b921b719".htb)
=> false
  1. Verifying the signature without sighash_type returns TRUE (using ruby_ecdsa)
$ ./bin/console 
irb(main):001:0> Bitcoin::Key.new(pubkey:"0251f5f22b4656f5991ec8c6928901d6f5f466286059f9108409d6f3e8b85c04f2").verify("304402201862554e825a38d3de70e31dd18315868dc217cb2c1131deafef3b4623bb82eb022055850038f75e9248f9290532df3c7fb0f3a965f03539e684b18ce690e13f1b92".htb,"7fa142ede3c5c87f3dcd61a9d4dd2e6d0f018c837d4ded05f5a22300b921b719".htb)
=> true
  1. Verifying the signature with sighash_type(01) returns TRUE (using ruby_ecdsa)
irb(main):002:0> Bitcoin::Key.new(pubkey:"0251f5f22b4656f5991ec8c6928901d6f5f466286059f9108409d6f3e8b85c04f2").verify("304402201862554e825a38d3de70e31dd18315868dc217cb2c1131deafef3b4623bb82eb022055850038f75e9248f9290532df3c7fb0f3a965f03539e684b18ce690e13f1b9201".htb,"7fa142ede3c5c87f3dcd61a9d4dd2e6d0f018c837d4ded05f5a22300b921b719".htb)
=> true
irb(main):003:0>
Yamaguchi commented 6 years ago

Should Key#verify return true for case 2?

azuchi commented 6 years ago

case 2 is correct. case 4 should return false. The SIGHASH TYPE is not included in pure ECDSA signature.

azuchi commented 6 years ago

take back my words.

If do not force BIP-66, case 4 is correct and case 2 should return true. I think, its' ok to allow lax signature format above case 2, because the flag on whether to apply BIP-66 is outside the scope of Bitcoin::Key.