Skip to content

Commit 7ccdb7e

Browse files
cyjseagullcyjseagull
authored
check the input before sign/verify (#228)
1 parent eed1a3c commit 7ccdb7e

File tree

2 files changed

+37
-4
lines changed

2 files changed

+37
-4
lines changed

sdk-crypto/src/main/java/org/fisco/bcos/sdk/crypto/signature/ECDSASignature.java

Lines changed: 15 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,8 @@
2121
import org.fisco.bcos.sdk.utils.Numeric;
2222

2323
public class ECDSASignature implements Signature {
24+
private static int INPUT_MESSAGE_SIZE_IN_HEX = 64;
25+
2426
@Override
2527
public SignatureResult sign(final String message, final CryptoKeyPair keyPair) {
2628
// convert signature string to SignatureResult struct
@@ -32,11 +34,19 @@ public SignatureResult sign(final byte[] message, final CryptoKeyPair keyPair) {
3234
return sign(Hex.toHexString(message), keyPair);
3335
}
3436

37+
private void checkInputMessage(final String message) {
38+
if (message.length() != INPUT_MESSAGE_SIZE_IN_HEX) {
39+
throw new SignatureException(
40+
"Invalid input message " + message + ", must be a hex string of length 64");
41+
}
42+
}
43+
3544
@Override
3645
public String signWithStringSignature(final String message, final CryptoKeyPair keyPair) {
46+
String inputMessage = Numeric.cleanHexPrefix(message);
47+
checkInputMessage(inputMessage);
3748
CryptoResult signatureResult =
38-
NativeInterface.secp256k1Sign(
39-
keyPair.getHexPrivateKey(), Numeric.cleanHexPrefix(message));
49+
NativeInterface.secp256k1Sign(keyPair.getHexPrivateKey(), inputMessage);
4050
// call secp256k1Sign failed
4151
if (signatureResult.wedprErrorMessage != null
4252
&& !signatureResult.wedprErrorMessage.isEmpty()) {
@@ -49,14 +59,15 @@ public String signWithStringSignature(final String message, final CryptoKeyPair
4959

5060
@Override
5161
public boolean verify(final String publicKey, final String message, final String signature) {
62+
String inputMessage = Numeric.cleanHexPrefix(message);
63+
checkInputMessage(inputMessage);
5264
String hexPubKeyWithPrefix =
5365
Numeric.getHexKeyWithPrefix(
5466
publicKey,
5567
CryptoKeyPair.UNCOMPRESSED_PUBLICKEY_FLAG_STR,
5668
CryptoKeyPair.PUBLIC_KEY_LENGTH_IN_HEX);
5769
CryptoResult verifyResult =
58-
NativeInterface.secp256k1verify(
59-
hexPubKeyWithPrefix, Numeric.cleanHexPrefix(message), signature);
70+
NativeInterface.secp256k1verify(hexPubKeyWithPrefix, inputMessage, signature);
6071
// call secp256k1verify failed
6172
if (verifyResult.wedprErrorMessage != null && !verifyResult.wedprErrorMessage.isEmpty()) {
6273
throw new SignatureException(

sdk-crypto/src/test/java/org/fisco/bcos/sdk/crypto/SignatureTest.java

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@
2121
import org.fisco.bcos.sdk.config.ConfigOption;
2222
import org.fisco.bcos.sdk.config.exceptions.ConfigException;
2323
import org.fisco.bcos.sdk.crypto.exceptions.KeyPairException;
24+
import org.fisco.bcos.sdk.crypto.exceptions.SignatureException;
2425
import org.fisco.bcos.sdk.crypto.hash.Hash;
2526
import org.fisco.bcos.sdk.crypto.hash.Keccak256;
2627
import org.fisco.bcos.sdk.crypto.hash.SM3Hash;
@@ -321,6 +322,27 @@ public void testSignature(Hash hasher, Signature signature, CryptoKeyPair keyPai
321322
invalidMessage,
322323
signResult.convertToString()));
323324
}
325+
326+
// invalid input
327+
try {
328+
String invalidMessage = "0xb3b9ce5a0725c1457b8c7872d05accb3887ecc09a50dc7619b53837e4d9f";
329+
SignatureResult signResult = signature.sign(invalidMessage, keyPair);
330+
}catch(SignatureException e)
331+
{
332+
System.out.println("Sign failed for " + e.getMessage());
333+
}
334+
335+
try {
336+
String invalidMessage = "";
337+
for(int i = 0; i < 64; i++)
338+
{
339+
invalidMessage += "r";
340+
}
341+
SignatureResult signResult = signature.sign(invalidMessage, keyPair);
342+
}catch(SignatureException e)
343+
{
344+
System.out.println("Sign failed for " + e.getMessage());
345+
}
324346
}
325347

326348
public void testSignature(CryptoSuite signature, CryptoKeyPair keyPair) {

0 commit comments

Comments
 (0)