From 799844d19cf8a66028f3f74e0896ad79ae8d07fb Mon Sep 17 00:00:00 2001 From: Ian Tan Date: Thu, 30 May 2019 17:22:54 +0800 Subject: [PATCH] Ensure that R and S are not gte curve order --- LaksaCsharp/Crypto/Schnorr.cs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/LaksaCsharp/Crypto/Schnorr.cs b/LaksaCsharp/Crypto/Schnorr.cs index 7eb555f..d288521 100644 --- a/LaksaCsharp/Crypto/Schnorr.cs +++ b/LaksaCsharp/Crypto/Schnorr.cs @@ -135,6 +135,10 @@ public static bool Verify(byte[] msg, Signature sig, ECPoint publicKey) throw new Exception("Invalid R or S value: cannot be negative."); } + if (sig.R.CompareTo(secp256k1.Curve.Order) >= 0 || sig.S.CompareTo(secp256k1.Curve.Order) >= 0) { + throw new Exception("Invalid R or S value: must be smaller than curve order"); + } + if (publicKey.Curve != (secp256k1.Curve)) { throw new Exception("The public key must be a point on secp256k1.");