From 4b960e26768bb698f449eb7686b5664936b70b61 Mon Sep 17 00:00:00 2001
From: Felipe Sueto <felipe.sueto@starkbank.com>
Date: Thu, 4 Nov 2021 20:38:28 -0300
Subject: [PATCH] Add signature.r and signature.s range check

---
 CHANGELOG.md | 21 +++++++++++++++++++++
 lib/ecdsa.ex |  8 +++++++-
 2 files changed, 28 insertions(+), 1 deletion(-)
 create mode 100644 CHANGELOG.md

diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 0000000..8796038
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,21 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
+and this project adheres to the following versioning pattern:
+
+Given a version number MAJOR.MINOR.PATCH, increment:
+
+- MAJOR version when **breaking changes** are introduced;
+- MINOR version when **backwards compatible changes** are introduced;
+- PATCH version when backwards compatible bug **fixes** are implemented.
+
+
+## [Unreleased]
+### Fixed
+- signature r and s range check
+
+## [1.0.0] - 2020-04-14
+### Added
+- first official version
\ No newline at end of file
diff --git a/lib/ecdsa.ex b/lib/ecdsa.ex
index 9a29800..1367c74 100644
--- a/lib/ecdsa.ex
+++ b/lib/ecdsa.ex
@@ -85,7 +85,7 @@ defmodule EllipticCurve.Ecdsa do
 
     inv = Math.inv(signature.s, curveData."N")
 
-    signature.r ==
+    result = signature.r ==
       Math.add(
         Math.multiply(
           curveData."G",
@@ -104,5 +104,11 @@ defmodule EllipticCurve.Ecdsa do
         curveData."A",
         curveData."P"
       ).x
+
+    cond do
+      signature.r < 1 || signature.r >= curveData."N" -> false
+      signature.s < 1 || signature.s >= curveData."N" -> false
+      true -> result
+    end
   end
 end