From 9a9a43cce3709c990f24d2ecc7a5d71b8eda17df Mon Sep 17 00:00:00 2001 From: Ivo Kubjas Date: Tue, 11 Jul 2023 12:51:34 +0200 Subject: [PATCH] fix: ECDSA HashToInt bytes-bits mismatch (#428) * fix: bytes-bits mismatch when masking excess bits in ecdsa * chore: go generate --- ecc/bls12-377/ecdsa/ecdsa.go | 3 ++- ecc/bls12-378/ecdsa/ecdsa.go | 3 ++- ecc/bls12-381/ecdsa/ecdsa.go | 3 ++- ecc/bls24-315/ecdsa/ecdsa.go | 3 ++- ecc/bls24-317/ecdsa/ecdsa.go | 3 ++- ecc/bn254/ecdsa/ecdsa.go | 3 ++- ecc/bw6-633/ecdsa/ecdsa.go | 3 ++- ecc/bw6-756/ecdsa/ecdsa.go | 3 ++- ecc/bw6-761/ecdsa/ecdsa.go | 3 ++- ecc/secp256k1/ecdsa/ecdsa.go | 3 ++- ecc/stark-curve/ecdsa/ecdsa.go | 3 ++- internal/generator/ecdsa/template/ecdsa.go.tmpl | 3 ++- 12 files changed, 24 insertions(+), 12 deletions(-) diff --git a/ecc/bls12-377/ecdsa/ecdsa.go b/ecc/bls12-377/ecdsa/ecdsa.go index cc13e8ac6..452e7df2a 100644 --- a/ecc/bls12-377/ecdsa/ecdsa.go +++ b/ecc/bls12-377/ecdsa/ecdsa.go @@ -37,6 +37,7 @@ var errInvalidSig = errors.New("invalid signature") const ( sizeFr = fr.Bytes + sizeFrBits = fr.Bits sizeFp = fp.Bytes sizePublicKey = sizeFp sizePrivateKey = sizeFr + sizePublicKey @@ -103,7 +104,7 @@ func HashToInt(hash []byte) *big.Int { hash = hash[:sizeFr] } ret := new(big.Int).SetBytes(hash) - excess := len(hash)*8 - sizeFr + excess := ret.BitLen() - sizeFrBits if excess > 0 { ret.Rsh(ret, uint(excess)) } diff --git a/ecc/bls12-378/ecdsa/ecdsa.go b/ecc/bls12-378/ecdsa/ecdsa.go index 44c297cc8..f6a5d04f9 100644 --- a/ecc/bls12-378/ecdsa/ecdsa.go +++ b/ecc/bls12-378/ecdsa/ecdsa.go @@ -37,6 +37,7 @@ var errInvalidSig = errors.New("invalid signature") const ( sizeFr = fr.Bytes + sizeFrBits = fr.Bits sizeFp = fp.Bytes sizePublicKey = sizeFp sizePrivateKey = sizeFr + sizePublicKey @@ -103,7 +104,7 @@ func HashToInt(hash []byte) *big.Int { hash = hash[:sizeFr] } ret := new(big.Int).SetBytes(hash) - excess := len(hash)*8 - sizeFr + excess := ret.BitLen() - sizeFrBits if excess > 0 { ret.Rsh(ret, uint(excess)) } diff --git a/ecc/bls12-381/ecdsa/ecdsa.go b/ecc/bls12-381/ecdsa/ecdsa.go index 9039ee388..3374cabdd 100644 --- a/ecc/bls12-381/ecdsa/ecdsa.go +++ b/ecc/bls12-381/ecdsa/ecdsa.go @@ -37,6 +37,7 @@ var errInvalidSig = errors.New("invalid signature") const ( sizeFr = fr.Bytes + sizeFrBits = fr.Bits sizeFp = fp.Bytes sizePublicKey = sizeFp sizePrivateKey = sizeFr + sizePublicKey @@ -103,7 +104,7 @@ func HashToInt(hash []byte) *big.Int { hash = hash[:sizeFr] } ret := new(big.Int).SetBytes(hash) - excess := len(hash)*8 - sizeFr + excess := ret.BitLen() - sizeFrBits if excess > 0 { ret.Rsh(ret, uint(excess)) } diff --git a/ecc/bls24-315/ecdsa/ecdsa.go b/ecc/bls24-315/ecdsa/ecdsa.go index e1309b2f3..deb4712a5 100644 --- a/ecc/bls24-315/ecdsa/ecdsa.go +++ b/ecc/bls24-315/ecdsa/ecdsa.go @@ -37,6 +37,7 @@ var errInvalidSig = errors.New("invalid signature") const ( sizeFr = fr.Bytes + sizeFrBits = fr.Bits sizeFp = fp.Bytes sizePublicKey = sizeFp sizePrivateKey = sizeFr + sizePublicKey @@ -103,7 +104,7 @@ func HashToInt(hash []byte) *big.Int { hash = hash[:sizeFr] } ret := new(big.Int).SetBytes(hash) - excess := len(hash)*8 - sizeFr + excess := ret.BitLen() - sizeFrBits if excess > 0 { ret.Rsh(ret, uint(excess)) } diff --git a/ecc/bls24-317/ecdsa/ecdsa.go b/ecc/bls24-317/ecdsa/ecdsa.go index dfcbab66c..eda1c8806 100644 --- a/ecc/bls24-317/ecdsa/ecdsa.go +++ b/ecc/bls24-317/ecdsa/ecdsa.go @@ -37,6 +37,7 @@ var errInvalidSig = errors.New("invalid signature") const ( sizeFr = fr.Bytes + sizeFrBits = fr.Bits sizeFp = fp.Bytes sizePublicKey = sizeFp sizePrivateKey = sizeFr + sizePublicKey @@ -103,7 +104,7 @@ func HashToInt(hash []byte) *big.Int { hash = hash[:sizeFr] } ret := new(big.Int).SetBytes(hash) - excess := len(hash)*8 - sizeFr + excess := ret.BitLen() - sizeFrBits if excess > 0 { ret.Rsh(ret, uint(excess)) } diff --git a/ecc/bn254/ecdsa/ecdsa.go b/ecc/bn254/ecdsa/ecdsa.go index 8593d6a72..b25cb4d9e 100644 --- a/ecc/bn254/ecdsa/ecdsa.go +++ b/ecc/bn254/ecdsa/ecdsa.go @@ -37,6 +37,7 @@ var errInvalidSig = errors.New("invalid signature") const ( sizeFr = fr.Bytes + sizeFrBits = fr.Bits sizeFp = fp.Bytes sizePublicKey = sizeFp sizePrivateKey = sizeFr + sizePublicKey @@ -103,7 +104,7 @@ func HashToInt(hash []byte) *big.Int { hash = hash[:sizeFr] } ret := new(big.Int).SetBytes(hash) - excess := len(hash)*8 - sizeFr + excess := ret.BitLen() - sizeFrBits if excess > 0 { ret.Rsh(ret, uint(excess)) } diff --git a/ecc/bw6-633/ecdsa/ecdsa.go b/ecc/bw6-633/ecdsa/ecdsa.go index f264a1e47..7bfa57467 100644 --- a/ecc/bw6-633/ecdsa/ecdsa.go +++ b/ecc/bw6-633/ecdsa/ecdsa.go @@ -37,6 +37,7 @@ var errInvalidSig = errors.New("invalid signature") const ( sizeFr = fr.Bytes + sizeFrBits = fr.Bits sizeFp = fp.Bytes sizePublicKey = sizeFp sizePrivateKey = sizeFr + sizePublicKey @@ -103,7 +104,7 @@ func HashToInt(hash []byte) *big.Int { hash = hash[:sizeFr] } ret := new(big.Int).SetBytes(hash) - excess := len(hash)*8 - sizeFr + excess := ret.BitLen() - sizeFrBits if excess > 0 { ret.Rsh(ret, uint(excess)) } diff --git a/ecc/bw6-756/ecdsa/ecdsa.go b/ecc/bw6-756/ecdsa/ecdsa.go index 11c7725b5..092e08e79 100644 --- a/ecc/bw6-756/ecdsa/ecdsa.go +++ b/ecc/bw6-756/ecdsa/ecdsa.go @@ -37,6 +37,7 @@ var errInvalidSig = errors.New("invalid signature") const ( sizeFr = fr.Bytes + sizeFrBits = fr.Bits sizeFp = fp.Bytes sizePublicKey = sizeFp sizePrivateKey = sizeFr + sizePublicKey @@ -103,7 +104,7 @@ func HashToInt(hash []byte) *big.Int { hash = hash[:sizeFr] } ret := new(big.Int).SetBytes(hash) - excess := len(hash)*8 - sizeFr + excess := ret.BitLen() - sizeFrBits if excess > 0 { ret.Rsh(ret, uint(excess)) } diff --git a/ecc/bw6-761/ecdsa/ecdsa.go b/ecc/bw6-761/ecdsa/ecdsa.go index 7a6669fca..b556cca82 100644 --- a/ecc/bw6-761/ecdsa/ecdsa.go +++ b/ecc/bw6-761/ecdsa/ecdsa.go @@ -37,6 +37,7 @@ var errInvalidSig = errors.New("invalid signature") const ( sizeFr = fr.Bytes + sizeFrBits = fr.Bits sizeFp = fp.Bytes sizePublicKey = sizeFp sizePrivateKey = sizeFr + sizePublicKey @@ -103,7 +104,7 @@ func HashToInt(hash []byte) *big.Int { hash = hash[:sizeFr] } ret := new(big.Int).SetBytes(hash) - excess := len(hash)*8 - sizeFr + excess := ret.BitLen() - sizeFrBits if excess > 0 { ret.Rsh(ret, uint(excess)) } diff --git a/ecc/secp256k1/ecdsa/ecdsa.go b/ecc/secp256k1/ecdsa/ecdsa.go index de7c735da..929592a46 100644 --- a/ecc/secp256k1/ecdsa/ecdsa.go +++ b/ecc/secp256k1/ecdsa/ecdsa.go @@ -37,6 +37,7 @@ var errInvalidSig = errors.New("invalid signature") const ( sizeFr = fr.Bytes + sizeFrBits = fr.Bits sizeFp = fp.Bytes sizePublicKey = 2 * sizeFp sizePrivateKey = sizeFr + sizePublicKey @@ -103,7 +104,7 @@ func HashToInt(hash []byte) *big.Int { hash = hash[:sizeFr] } ret := new(big.Int).SetBytes(hash) - excess := len(hash)*8 - sizeFr + excess := ret.BitLen() - sizeFrBits if excess > 0 { ret.Rsh(ret, uint(excess)) } diff --git a/ecc/stark-curve/ecdsa/ecdsa.go b/ecc/stark-curve/ecdsa/ecdsa.go index 4707f3219..55b0e0905 100644 --- a/ecc/stark-curve/ecdsa/ecdsa.go +++ b/ecc/stark-curve/ecdsa/ecdsa.go @@ -37,6 +37,7 @@ var errInvalidSig = errors.New("invalid signature") const ( sizeFr = fr.Bytes + sizeFrBits = fr.Bits sizeFp = fp.Bytes sizePublicKey = sizeFp sizePrivateKey = sizeFr + sizePublicKey @@ -103,7 +104,7 @@ func HashToInt(hash []byte) *big.Int { hash = hash[:sizeFr] } ret := new(big.Int).SetBytes(hash) - excess := len(hash)*8 - sizeFr + excess := ret.BitLen() - sizeFrBits if excess > 0 { ret.Rsh(ret, uint(excess)) } diff --git a/internal/generator/ecdsa/template/ecdsa.go.tmpl b/internal/generator/ecdsa/template/ecdsa.go.tmpl index fd953cdf4..17234c557 100644 --- a/internal/generator/ecdsa/template/ecdsa.go.tmpl +++ b/internal/generator/ecdsa/template/ecdsa.go.tmpl @@ -19,6 +19,7 @@ var errInvalidSig = errors.New("invalid signature") const ( sizeFr = fr.Bytes + sizeFrBits = fr.Bits sizeFp = fp.Bytes {{- if eq .Name "secp256k1"}} sizePublicKey = 2 * sizeFp @@ -94,7 +95,7 @@ func HashToInt(hash []byte) *big.Int { hash = hash[:sizeFr] } ret := new(big.Int).SetBytes(hash) - excess := len(hash)*8 - sizeFr + excess := ret.BitLen() - sizeFrBits if excess > 0 { ret.Rsh(ret, uint(excess)) }