Signature.sign() returns wrong signature

[fabian-emilius]

Version of EOSJS
21.0.2

Describe the bug
sign() function in eosjs-ecc-migration returns wrong signature (basically Signature.sign()) in the browser. The signature can be verified by eosjs correctly but verification fails in the old eosjs-ecc module or in a smart contract, so it seems wrong.

To Reproduce
Steps to reproduce the behavior:
Private Key: PVT_K1_z6FmcRrEYH5MMK4Htfvo1y6cDf3MpnBkvTSmcBsr6KfaAoSXB
Signing value: pink
Expected and verifiable signature by eosjs-ecc: SIG_K1_KWejfkk6FefopiaSsfBJnjn2XK2L1zVBF5ZWaq3YkVpbmK2voCXDPcnKfm79RU12bepm7yDqit8xxZnFm3ydfTr5PReRsW
Actual signature: SIG_K1_KA1PzVjXmwaQApnrdaV7cZqoakGunT7jyNde3f9Fs759EtXCWGcWtLeSCmu5Dpzm4tTMy4gLZiavsY1DbbyGemx2M2k12u

1. Create signature with eosjs 21 (actual signature)
2. Verify / Recover signature in eosjs-ecc or a smart contract will fail

const {ecc} = require('eosjs/dist/eosjs-ecc-migration')
const eccLegacy = require('eosjs-ecc')
const {PrivateKey} = require('eosjs/dist/eosjs-jssig');

const privateKey = PrivateKey.fromString('PVT_K1_z6FmcRrEYH5MMK4Htfvo1y6cDf3MpnBkvTSmcBsr6KfaAoSXB');
const publicKey = privateKey.getPublicKey();

const signingValue = 'pink';

const actualSignature = ecc.sign(signingValue, privateKey, 'utf8');
const expectedSignature = eccLegacy.sign(signingValue, privateKey.toLegacyString(), 'utf8');

const actualRecoveredKey = eccLegacy.recover(actualSignature, signingValue, 'utf8');
const expectedRecoveredKey = eccLegacy.recover(expectedSignature, signingValue, 'utf8');

// different keys
console.log('Public Key', publicKey.toLegacyString());
console.log('')
console.log('Actual Recovered Key', actualRecoveredKey);
console.log('Expected Recovered Key', expectedRecoveredKey);
console.log('')
// different signatures (not a problem in general but actual signature cant be verified)
console.log('Actual Signature', actualSignature);
console.log('Expected Signature', expectedSignature);

Environment

• Browser: Chrome 84
• OS: OSX 10.15

[bradlhart]

I believe the issue is simply just that eosjs-ecc cannot recover a key from a signature constructed with the elliptic library as they construct/recover keys differently but it's important to note that within the same ecurve library, recovery/signing/verification still works correctly. Interestingly enough, eosjs-ecc can verify the signature constructed from elliptic. Smart contracts can work with either eosjs-ecc or with the new library elliptic that eosjs is utilizing but not interchangeably.

There are three different methods to sign/recover/verify and otherwise utilize keys. We recommend using the eosjs methods instead of the eosjs-ecc-migration methods since the eosjs-ecc-migration methods are simply there for short-term migration of your code and will be removed at a later version. As you can see from the below test, if you sign/recover/verify from with the same method, there are no issues. But if you interchangeably use the methods and those methods use different underlying ecurve code as you had in your example, you get different recovered keys, yet eosjs-ecc can still verify that signature (last two examples).

const eccLegacy = require('eosjs-ecc');
const { ecc } = require('../eosjs-ecc-migration');
const { Signature, PrivateKey, PublicKey } = require('../eosjs-key-conversions');

const KPriv = 'PVT_K1_z6FmcRrEYH5MMK4Htfvo1y6cDf3MpnBkvTSmcBsr6KfaAoSXB';

const privateKey = PrivateKey.fromString(KPriv);
const KPub = privateKey.getPublicKey();
const legacyPublicKey = KPub.toLegacyString();

const dataAsString = 'some string';

const migrationSignature = ecc.sign(dataAsString, privateKey, 'utf8');
const eosjsSignature = privateKey.sign(dataAsString, true, 'utf8');
const eccSignature = eccLegacy.sign(dataAsString, privateKey.toLegacyString(), 'utf8');

const migrationRecoveredKey = ecc.recover(migrationSignature, dataAsString, 'utf8');
const eosjsRecoveredKey = eosjsSignature.recover(dataAsString, true, 'utf8');
const eccRecoveredKey = eccLegacy.recover(eccSignature, dataAsString, 'utf8');

expect(migrationRecoveredKey).toEqual(legacyPublicKey);
expect(eosjsRecoveredKey.toLegacyString()).toEqual(legacyPublicKey);
expect(eccRecoveredKey).toEqual(legacyPublicKey);

const migrationVerify = ecc.verify(migrationSignature, dataAsString, migrationRecoveredKey, 'utf8');
const eosjsVerify = eosjsSignature.verify(dataAsString, eosjsRecoveredKey, true, 'utf8');
const eccVerify = eccLegacy.verify(eccSignature, dataAsString, eccRecoveredKey, 'utf8');

expect(migrationVerify).toBeTruthy();
expect(eosjsVerify).toBeTruthy();
expect(eccVerify).toBeTruthy();

const eccMigrationRecoveredKPub = eccLegacy.recover(migrationSignature, dataAsString, 'utf8');
const eccMigrationValid = eccLegacy.verify(migrationSignature, dataAsString, eccMigrationRecoveredKPub, 'utf8');
expect(eccMigrationValid).toBeTruthy();

const eccEosjsRecoveredKPub = eccLegacy.recover(eosjsSignature.toString(), dataAsString, 'utf8');
const eccEosjsValid = eccLegacy.verify(eosjsSignature.toString(), dataAsString, eccEosjsRecoveredKPub, 'utf8');
expect(eccEosjsValid).toBeTruthy();

[fabian-emilius]

Ok so let me clarify it again. A contract is NOT able to recover a signature signed with eosjs 21.
Also the ecc-migration just uses the eosjs methods. I used the migration functions to visualize that there is a bug.
Both libraries should be able to recover the signatures from each other. Let me show you the problem again because actualy the eosjs signature does not change if you change the input. It is always returns the signature for an empty string.

const {ecc} = require('eosjs/dist/eosjs-ecc-migration')
const eccLegacy = require('eosjs-ecc')
const {PrivateKey} = require('eosjs/dist/eosjs-jssig');

const privateKey = PrivateKey.fromString('PVT_K1_z6FmcRrEYH5MMK4Htfvo1y6cDf3MpnBkvTSmcBsr6KfaAoSXB');
const publicKey = privateKey.getPublicKey();

console.log('Public Key', publicKey.toLegacyString());
console.log("")
console.log('eosjs signature for ""', ecc.sign("", privateKey, 'utf8'));
console.log('legacy signature for ""', eccLegacy.sign("", privateKey.toLegacyString(), 'utf8'));
console.log("")
console.log('eosjs signature for "a"', ecc.sign("a", privateKey, 'utf8'));
console.log('legacy signature for "a"', eccLegacy.sign("a", privateKey.toLegacyString(), 'utf8'));
console.log("")
console.log('eosjs signature for "b"', ecc.sign("b", privateKey, 'utf8'));
console.log('legacy signature for "b"', eccLegacy.sign("b", privateKey.toLegacyString(), 'utf8'));

As you can see it always returns the same signature for different signing values and only the empty string is recoverable

[bradlhart]

As you can see it always returns the same signature for different signing values and only the empty string is recoverable

This narrowed the issue down. There's an issue with the hashing of data within the sign/recover/verify methods in eosjs currently. I'll open a PR to fix the issue soon, but in the meantime, hash your data before using these functions and set shouldHash as false. Alternatively, in the eosjs-ecc-migration methods, hash your data and use the signHash/recoverHash methods or if you are using the verify method, set hashData argument to true

[bradlhart]

@fabian-emilius This issue should be resolved in the new patch release v21.0.3.