From 168b676d902f39f1101efcc26514e171cba727dc Mon Sep 17 00:00:00 2001 From: Jon Griffiths Date: Fri, 17 Nov 2023 09:02:45 +1300 Subject: [PATCH] crypto: lower the EC_SIGNATURE_DER_MAX_LOW_R_LEN constant to 70 This constant is the size of signatures produced by wally when grinding. As wally (and libsecp256k1[-zkp]) always produce low-S signatures, the maximum size is 70 bytes plus the sighash byte for low-R signatures. This affects the dummy witness stack function, making transaction fee estimation more accurate. --- include/wally_crypto.h | 6 +++--- src/transaction.c | 6 +++--- src/wasm_package/src/const.js | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/include/wally_crypto.h b/include/wally_crypto.h index ccf03bcce..93f83a9ec 100644 --- a/include/wally_crypto.h +++ b/include/wally_crypto.h @@ -359,10 +359,10 @@ WALLY_CORE_API int wally_pbkdf2_hmac_sha512( #define EC_SIGNATURE_LEN 64 /** The length of a compact recoverable signature produced by EC signing */ #define EC_SIGNATURE_RECOVERABLE_LEN 65 -/** The maximum encoded length of a DER encoded signature */ +/** The maximum encoded length of a DER signature (High-R, High-S), excluding sighash byte */ #define EC_SIGNATURE_DER_MAX_LEN 72 -/** The maximum encoded length of a DER encoded signature created with `EC_FLAG_GRIND_R` */ -#define EC_SIGNATURE_DER_MAX_LOW_R_LEN 71 +/** The maximum encoded length of a DER signature created with `EC_FLAG_GRIND_R` (Low-R, Low-S), excluding sighash byte */ +#define EC_SIGNATURE_DER_MAX_LOW_R_LEN 70 /** The length of a secp256k1 scalar value */ #define EC_SCALAR_LEN 32 diff --git a/src/transaction.c b/src/transaction.c index 87489eccd..51cbb3a68 100644 --- a/src/transaction.c +++ b/src/transaction.c @@ -72,7 +72,7 @@ static void assert_tx_assumptions(void) { BUILD_ASSERT(WALLY_TXHASH_LEN == SHA256_LEN); BUILD_ASSERT(sizeof(DUMMY_SIG) == EC_SIGNATURE_DER_MAX_LEN + 1); - BUILD_ASSERT(sizeof(DUMMY_SIG) - 1 == EC_SIGNATURE_DER_MAX_LOW_R_LEN + 1); + BUILD_ASSERT(sizeof(DUMMY_SIG) > EC_SIGNATURE_DER_MAX_LOW_R_LEN + 1); } /* LCOV_EXCL_STOP */ @@ -348,10 +348,10 @@ int wally_tx_witness_stack_set_dummy(struct wally_tx_witness_stack *stack, if (flags == WALLY_TX_DUMMY_SIG) { p = DUMMY_SIG; - len = sizeof(DUMMY_SIG); + len = sizeof(DUMMY_SIG); /* High-R, High-S plus sighash byte */ } else if (flags == WALLY_TX_DUMMY_SIG_LOW_R) { p = DUMMY_SIG; - len = sizeof(DUMMY_SIG) - 1; /* Low-R signatures are always at least 1 byte shorter */ + len = EC_SIGNATURE_DER_MAX_LOW_R_LEN + 1; /* Low-R, Low-S plus sighash byte */ } else if (flags != WALLY_TX_DUMMY_NULL) return WALLY_EINVAL; return wally_tx_witness_stack_set(stack, index, p, len); diff --git a/src/wasm_package/src/const.js b/src/wasm_package/src/const.js index b28bd9e23..563e731ee 100755 --- a/src/wasm_package/src/const.js +++ b/src/wasm_package/src/const.js @@ -77,7 +77,7 @@ export const EC_PUBLIC_KEY_LEN = 33; export const EC_PUBLIC_KEY_UNCOMPRESSED_LEN = 65; export const EC_SCALAR_LEN = 32; export const EC_SIGNATURE_DER_MAX_LEN = 72; -export const EC_SIGNATURE_DER_MAX_LOW_R_LEN = 71; +export const EC_SIGNATURE_DER_MAX_LOW_R_LEN = 70; export const EC_SIGNATURE_LEN = 64; export const EC_SIGNATURE_RECOVERABLE_LEN = 65; export const EC_XONLY_PUBLIC_KEY_LEN = 32;