Fix broken low-R signing with a password encrypted wallet

Prevent 'KeyIsEncryptedException' from being thrown when signing with a 'LowRSigningKey'-wrapped, encrypted HD key, due to breakage of the apparent invariant that the 'keyCrypter' field of 'ECKey' should be null whenever the key isn't encrypted. When signing with a wrapped, encrypted HD key, the original key is decrypted and then re-wrapped as a 'LowRSigningKey' instance. This was blindly copying the 'keyCrypter' property of the decrypted key. But 'DeterministicKey::getKeyCrypter' returns non-null if its parent does, even if the actual field is null, and the decrypted HD key has the same parent as the encrypted original. Thus, blindly copying the property (rather than the field) breaks the above invariant. Fixes issue bisq-network#7241 with blind voting, caused by the earlier PR bisq-network#7238 which introduced low-R nonce grinding.
stejbac · Sep 13, 2024 · 0bec482 · 0bec482
1 parent c116022
commit 0bec482
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/core/src/main/java/bisq/core/crypto/LowRSigningKey.java b/core/src/main/java/bisq/core/crypto/LowRSigningKey.java
@@ -34,8 +34,10 @@ public class LowRSigningKey extends ECKey {
 
     protected LowRSigningKey(ECKey key) {
         super(key.hasPrivKey() ? key.getPrivKey() : null, new LazyECPoint(CURVE.getCurve(), key.getPubKey()));
-        this.keyCrypter = key.getKeyCrypter();
-        this.encryptedPrivateKey = key.getEncryptedPrivateKey();
+        if (this.priv == null) {
+            this.keyCrypter = key.getKeyCrypter();
+            this.encryptedPrivateKey = key.getEncryptedPrivateKey();
+        }
         originalKey = key;
     }