Skip to content

ECDSA: add parse and tryParse #5814

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Amxx merged 11 commits into from
Jul 31, 2025
Merged

ECDSA: add parse and tryParse #5814

Amxx merged 11 commits into from
Jul 31, 2025

Conversation

@Amxx
Copy link
Collaborator

@Amxx Amxx commented Jul 23, 2025

Following discussion with @frangio, we believe that this could be usefull for someone that wants to re-implement isValidSignatureNow in a way taht supports both 65 and 64 bytes signatures.

We should add this support nativelly in v6.0, but for the same reason as the one mentioned in this GHSA this is not a change that should happen in a minor release.

function isValidSignatureNow64or65(address signer, bytes32 hash, bytes memory signature) internal view returns (bool) {
        if (signer.code.length == 0) {
            (uint8 v, bytes32 r, bytes32 s) = ECDSA.parse(signature);
            (address recovered, ECDSA.RecoverError err, ) = ECDSA.tryRecover(hash, v, r, s);
            return err == ECDSA.RecoverError.NoError && recovered == signer;
        } else {
            return isValidERC1271SignatureNow(signer, hash, signature);
        }
    }

PR Checklist

  • Tests
  • Documentation
  • Changeset entry (run npx changeset add)

@Amxx Amxx requested a review from a team as a code owner July 23, 2025 21:34
@changeset-bot
Copy link

changeset-bot bot commented Jul 23, 2025
edited
Loading

🦋 Changeset detected

Latest commit: 23c393f

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
openzeppelin-solidity Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@Amxx Amxx added this to the 5.5 milestone Jul 23, 2025
frangio
frangio reviewed Jul 24, 2025
View reviewed changes
contracts/utils/cryptography/ECDSA.sol Outdated
* @dev Parse a signature into its `v`, `r` and `s` components. Supports both 65 bytes and 64 bytes (eip-2098)
* signature formats. Returns 0, 0, 0 is the signature is not in a proper format.
*/
function parse(bytes memory signature) internal pure returns (int8 v, bytes32 r, bytes32 s) {
Copy link
Contributor

@frangio frangio Jul 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For discussion (I'm undecided): should this have a special name given that, unlike the rest of this library, it allows 64-65 byte malleability? E.g., parseMalleable.

Copy link
Collaborator Author

@Amxx Amxx Jul 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would that note be good enough ?

IMO not using signatures as unique identifier is basic good practices, and I'm not sure we should complexify the name of the functions (creating possible confusion?) as a way to "help enforce" these basic good practices.

Copy link
Contributor

@frangio frangio Jul 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not using signatures as unique identifier is basic good practices

Yeah I agree and we should move towards this assumption. My point is only about how this breaks from the existing library design.

How about deprecating malleability protection in all of the ECDSA library?

Copy link
Collaborator Author

@Amxx Amxx Jul 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about deprecating malleability protection in all of the ECDSA library?

YES !

Copy link
Collaborator Author

@Amxx Amxx Jul 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@frangio how does that look ?
144b0e2

Copy link
Contributor

@arr00 arr00 Jul 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is v a signed integer?

Copy link
Collaborator Author

@Amxx Amxx Jul 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is v a signed integer?

Because I made a mistake. Thanks for spotting it !

frangio
frangio reviewed Jul 24, 2025
View reviewed changes
Amxx
Amxx commented Jul 25, 2025
View reviewed changes
Amxx
Amxx commented Jul 25, 2025
View reviewed changes
Amxx
Amxx commented Jul 25, 2025
View reviewed changes
Amxx
Amxx commented Jul 25, 2025
View reviewed changes
Amxx
Amxx commented Jul 25, 2025
View reviewed changes
frangio
frangio reviewed Jul 25, 2025
View reviewed changes
ernestognw
ernestognw reviewed Jul 28, 2025
View reviewed changes
luiz-lvj
luiz-lvj previously approved these changes Jul 28, 2025
View reviewed changes
@Amxx Amxx merged commit 1412f92 into OpenZeppelin:master Jul 31, 2025
20 checks passed
@Amxx Amxx deleted the feature/ecdsa-parse branch July 31, 2025 14:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@frangio frangio frangio left review comments

@ernestognw ernestognw ernestognw approved these changes

@luiz-lvj luiz-lvj luiz-lvj left review comments

@arr00 arr00 Awaiting requested review from arr00

@james-toussaint james-toussaint Awaiting requested review from james-toussaint

@gonzaotc gonzaotc Awaiting requested review from gonzaotc

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

5.5

Development

Successfully merging this pull request may close these issues.

5 participants

@Amxx @frangio @arr00 @ernestognw @luiz-lvj