From 7bd5e4fa8def915ac9310f8da040c85876eefd43 Mon Sep 17 00:00:00 2001 From: marco Date: Tue, 9 Aug 2022 20:39:33 -0600 Subject: [PATCH] add Aaron's fix for verifying a signature --- funding/routes.py | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/funding/routes.py b/funding/routes.py index 435f24f..8ddf467 100644 --- a/funding/routes.py +++ b/funding/routes.py @@ -57,19 +57,20 @@ def postSlate(receivingAddress, slate): ) def getSlates(receivingAddress, signature): try: - if receivingAddress is None: + if receivingAddress is None or signature is None: return make_response(jsonify({'status': 'failure', 'error': str("missing correct arguments")})) - - # Deserialize the base-58 address to hex, and then to an internal public key format + + # Deserialize the base-58 address to an internal public key format # NOTE: This assumes that the network version (which is not part of the key) is exactly 2 bytes - public_key = secp256k1.PublicKey(base58.b58decode_check(receivingAddress)[2:]) - + public_key = secp256k1.PublicKey(base58.b58decode_check(receivingAddress)[2:], raw=True) + # Prepare the message bound to the signature: a domain separator and the encoded address # For some reason, the original client code calls this the "challenge" message = 'SubscribeRequest_' + receivingAddress # Deserialize and verify the provided signature against the message and address public key - if not public_key.ecdsa_verify(message, public_key.ecdsa_deserialize(signature)): + if not public_key.ecdsa_verify(message.encode(), + public_key.ecdsa_deserialize(bytes(bytearray.fromhex(signature)))): return make_response(jsonify({'status': 'failure', 'error': str("bad signature")})) slates = Slate.find_slates(address=receivingAddress)