Allow non-canonical S values in Signatures moving errors to access-time (#5013).

ricmoo · ricmoo · commit 9944ec94b154 · 2025-06-30T11:26:28.000+02:00
diff --git a/src.ts/crypto/signature.ts b/src.ts/crypto/signature.ts
@@ -80,12 +80,30 @@ export class Signature {
     /**
      *  The ``s`` value for a signature.
      */
-    get s(): string { return this.#s; }
+    get s(): string {
+        assertArgument(parseInt(this.#s.substring(0, 3)) < 8, "non-canonical s; use ._s", "s", this.#s);
+        return this.#s;
+    }
     set s(_value: BytesLike) {
         assertArgument(dataLength(_value) === 32, "invalid s", "value", _value);
-        const value = hexlify(_value);
-        assertArgument(parseInt(value.substring(0, 3)) < 8, "non-canonical s", "value", value);
-        this.#s = value;
+        this.#s = hexlify(_value);
+    }
+
+    /**
+     *  Return the s value, unchecked for EIP-2 compliance.
+     *
+     *  This should generally not be used and is for situations where
+     *  a non-canonical S value might be relevant, such as Frontier blocks
+     *  that were mined prior to EIP-2 or invalid Authorization List
+     *  signatures.
+     */
+    get _s(): string { return this.#s; }
+
+    /**
+     *  Returns true if the Signature is valid for [[link-eip-2]] signatures.
+     */
+    isValid(): boolean {
+        return (parseInt(this.#s.substring(0, 3)) < 8);
     }
 
     /**
@@ -167,14 +185,14 @@ export class Signature {
     }
 
     [Symbol.for('nodejs.util.inspect.custom')](): string {
-        return `Signature { r: "${ this.r }", s: "${ this.s }", yParity: ${ this.yParity }, networkV: ${ this.networkV } }`;
+        return `Signature { r: "${ this.r }", s: "${ this._s }"${ this.isValid() ? "": ', valid: "false"'}, yParity: ${ this.yParity }, networkV: ${ this.networkV } }`;
     }
 
     /**
      *  Returns a new identical [[Signature]].
      */
     clone(): Signature {
-        const clone = new Signature(_guard, this.r, this.s, this.v);
+        const clone = new Signature(_guard, this.r, this._s, this.v);
         if (this.networkV) { clone.#networkV = this.networkV; }
         return clone;
     }
@@ -187,7 +205,7 @@ export class Signature {
         return {
             _type: "signature",
             networkV: ((networkV != null) ? networkV.toString(): null),
-            r: this.r, s: this.s, v: this.v,
+            r: this.r, s: this._s, v: this.v,
         };
     }
 
@@ -293,10 +311,9 @@ export class Signature {
 
             if (bytes.length === 65) {
                 const r = hexlify(bytes.slice(0, 32));
-                const s = bytes.slice(32, 64);
-                assertError((s[0] & 0x80) === 0, "non-canonical s");
+                const s = hexlify(bytes.slice(32, 64));
                 const v = Signature.getNormalizedV(bytes[64]);
-                return new Signature(_guard, r, hexlify(s), v);
+                return new Signature(_guard, r, s, v);
             }
 
             assertError(false, "invalid raw signature length");
@@ -322,7 +339,6 @@ export class Signature {
 
             assertError(false, "missing s");
         })(sig.s, sig.yParityAndS);
-        assertError((getBytes(s)[0] & 0x80) == 0, "non-canonical s");
 
         // Get v; by any means necessary (we check consistency below)
         const { networkV, v } = (function(_v?: BigNumberish, yParityAndS?: string, yParity?: Numeric): { networkV?: bigint, v: 27 | 28 } {
@@ -360,4 +376,3 @@ export class Signature {
         return result;
     }
 }
-
