From 0bec4824bfd1195f7b7c4a7f6d09b6ed62b95324 Mon Sep 17 00:00:00 2001 From: Steven Barclay Date: Fri, 13 Sep 2024 08:59:49 +0800 Subject: [PATCH] Fix broken low-R signing with a password encrypted wallet Prevent 'KeyIsEncryptedException' from being thrown when signing with a 'LowRSigningKey'-wrapped, encrypted HD key, due to breakage of the apparent invariant that the 'keyCrypter' field of 'ECKey' should be null whenever the key isn't encrypted. When signing with a wrapped, encrypted HD key, the original key is decrypted and then re-wrapped as a 'LowRSigningKey' instance. This was blindly copying the 'keyCrypter' property of the decrypted key. But 'DeterministicKey::getKeyCrypter' returns non-null if its parent does, even if the actual field is null, and the decrypted HD key has the same parent as the encrypted original. Thus, blindly copying the property (rather than the field) breaks the above invariant. Fixes issue #7241 with blind voting, caused by the earlier PR #7238 which introduced low-R nonce grinding. --- core/src/main/java/bisq/core/crypto/LowRSigningKey.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/core/src/main/java/bisq/core/crypto/LowRSigningKey.java b/core/src/main/java/bisq/core/crypto/LowRSigningKey.java index 498c93241c..751815e4f9 100644 --- a/core/src/main/java/bisq/core/crypto/LowRSigningKey.java +++ b/core/src/main/java/bisq/core/crypto/LowRSigningKey.java @@ -34,8 +34,10 @@ public class LowRSigningKey extends ECKey { protected LowRSigningKey(ECKey key) { super(key.hasPrivKey() ? key.getPrivKey() : null, new LazyECPoint(CURVE.getCurve(), key.getPubKey())); - this.keyCrypter = key.getKeyCrypter(); - this.encryptedPrivateKey = key.getEncryptedPrivateKey(); + if (this.priv == null) { + this.keyCrypter = key.getKeyCrypter(); + this.encryptedPrivateKey = key.getEncryptedPrivateKey(); + } originalKey = key; }