Inadequate scalar reduction in p384 leads to panic #312

guidovranken · 2022-01-24T04:13:03Z

Line 55 in 15f3904

// reduceScalar shorten a scalar modulo the order of the curve.

reduceScalar is supposed to "shorten a scalar modulo the order of the curve" but it doesn't do that for all inputs and this can lead to a panic in wnaf.go.

PoC:

package main

import (
    "github.com/cloudflare/circl/ecc/p384"
    "math/big"
)

func main() {
    a_x, _ := new(big.Int).SetString("2197194086093689212280862101867524553402030273258457080984175289262818302155461584526794911762464589043284585654550", 10)
    a_y, _ := new(big.Int).SetString("27340319491623798325691320370638865713982009585794110374349453846146179674941474386159930807215381526124834607054138", 10)
    b, _ := new(big.Int).SetString("39402006196394479212279040100143613805079739270465446667946905279627659399113263569398956308152294913554433653942684", 10)

    curve := p384.P384()
    curve.ScalarMult(a_x, a_y, b.Bytes())
}

The text was updated successfully, but these errors were encountered:

armfazh · 2022-01-24T20:51:17Z

Thanks for reporting @guidovranken , we will investigate the fix.

armfazh self-assigned this Jan 24, 2022

armfazh added the bug Something isn't working label Jan 24, 2022

armfazh mentioned this issue Feb 1, 2022

Performs modular reduction for all scalars. #315

Merged

guidovranken mentioned this issue Feb 2, 2022

go-fuzz for CIRCL #4

Closed

armfazh closed this as completed in #315 Feb 2, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Inadequate scalar reduction in p384 leads to panic #312

Inadequate scalar reduction in p384 leads to panic #312

guidovranken commented Jan 24, 2022

armfazh commented Jan 24, 2022

Inadequate scalar reduction in p384 leads to panic #312

Inadequate scalar reduction in p384 leads to panic #312

Comments

guidovranken commented Jan 24, 2022

armfazh commented Jan 24, 2022