Closed eukreign closed 2 years ago
Investigate why old signatures created using ecdsa do not validate with coincurve:
ecdsa
coincurve
Old signing code (private_key in this case is instance of ecdsa.SigningKey): https://github.com/lbryio/lbry-sdk/blob/26d0e87f463cdede9a31468ddcf397351a1aa397/lbry/wallet/transaction.py#L459
private_key
ecdsa.SigningKey
New signing code (calls the libsecp256k1 code wrapped by coincurve): https://github.com/lbryio/lbry-sdk/blob/8076000c2761d7ca077049f1e9e1de177553d6f0/lbry/wallet/bip32.py#L238-L258
libsecp256k1
New validation code includes the old validation as fallback for old signatures: https://github.com/lbryio/lbry-sdk/blob/8076000c2761d7ca077049f1e9e1de177553d6f0/lbry/wallet/transaction.py#L428-L440
The following tests illustrate the problem, if you step through debugger you will see that it does not validate with coincurve and instead falls back to using the old validation with cryptography:
cryptography
Example 1 (older): https://github.com/lbryio/lbry-sdk/blob/8076000c2761d7ca077049f1e9e1de177553d6f0/tests/unit/wallet/test_schema_signing.py#L74
Example 2 (much more recent): https://github.com/lbryio/lbry-sdk/blob/8076000c2761d7ca077049f1e9e1de177553d6f0/tests/unit/wallet/test_schema_signing.py#L123
Why can't coincurve validate those signatures? Is there anything we can do to get it to validate?
One interesting thing to note is that the new signatures do validate with the old validation scheme using cryptography library.
posted to stackoverflow
https://stackoverflow.com/questions/70477905/why-are-signatures-created-with-ecdsa-python-library-not-valid-with-coincurve
Investigate why old signatures created using
ecdsa
do not validate withcoincurve
:Old signing code (
private_key
in this case is instance ofecdsa.SigningKey
): https://github.com/lbryio/lbry-sdk/blob/26d0e87f463cdede9a31468ddcf397351a1aa397/lbry/wallet/transaction.py#L459New signing code (calls the
libsecp256k1
code wrapped bycoincurve
): https://github.com/lbryio/lbry-sdk/blob/8076000c2761d7ca077049f1e9e1de177553d6f0/lbry/wallet/bip32.py#L238-L258New validation code includes the old validation as fallback for old signatures: https://github.com/lbryio/lbry-sdk/blob/8076000c2761d7ca077049f1e9e1de177553d6f0/lbry/wallet/transaction.py#L428-L440
The following tests illustrate the problem, if you step through debugger you will see that it does not validate with
coincurve
and instead falls back to using the old validation withcryptography
:Example 1 (older): https://github.com/lbryio/lbry-sdk/blob/8076000c2761d7ca077049f1e9e1de177553d6f0/tests/unit/wallet/test_schema_signing.py#L74
Example 2 (much more recent): https://github.com/lbryio/lbry-sdk/blob/8076000c2761d7ca077049f1e9e1de177553d6f0/tests/unit/wallet/test_schema_signing.py#L123
Why can't
coincurve
validate those signatures? Is there anything we can do to get it to validate?One interesting thing to note is that the new signatures do validate with the old validation scheme using
cryptography
library.