absolutebi/serai
1
0
Fork 0
mirror of https://github.com/serai-dex/serai.git synced 2025-12-09 20:59:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix incorrect sig_hash generation

Browse Source 
sig_hash was used as a challenge. challenges should be of the form H(R, A, m).
These sig hashes were solely H(A, m), allowing trivial forgeries.
This commit is contained in:
Luke Parker
2023-06-08 06:38:25 -04:00
parent c6982b5dfc
commit dfa3106a38
3 changed files with 20 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
coordinator/tributary/src/tests/transaction/mod.rs
View File

@@ -1,3 +1,4 @@
use core::ops::Deref;
use std::{io, collections::HashMap};
use zeroize::Zeroizing;
@@ -114,11 +115,9 @@ pub fn signed_transaction<R: RngCore + CryptoRng>(
let mut tx =
SignedTransaction(data, Signed { signer, nonce, signature: random_signed(rng).signature });
tx.1.signature = SchnorrSignature::sign(
key,
Zeroizing::new(<Ristretto as Ciphersuite>::F::random(rng)),
tx.sig_hash(genesis),
);
let sig_nonce = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(rng));
tx.1.signature.R = Ristretto::generator() * sig_nonce.deref();
tx.1.signature = SchnorrSignature::sign(key, sig_nonce, tx.sig_hash(genesis));
let mut nonces = HashMap::from([(signer, nonce)]);
verify_transaction(&tx, genesis, &mut nonces).unwrap();