From e78725a3002c65dfaa7696b3e34a829b5060a9de Mon Sep 17 00:00:00 2001 From: Ivo Kubjas Date: Tue, 11 Jul 2023 12:51:34 +0200 Subject: [PATCH] fix: ECDSA HashToInt bytes-bits mismatch (#428) * fix: bytes-bits mismatch when masking excess bits in ecdsa * chore: go generate --- ecc/bls12-377/ecdsa/ecdsa.go | 3 ++- ecc/bls12-378/ecdsa/ecdsa.go | 3 ++- ecc/bls12-381/ecdsa/ecdsa.go | 3 ++- ecc/bls24-315/ecdsa/ecdsa.go | 3 ++- ecc/bls24-317/ecdsa/ecdsa.go | 3 ++- ecc/bn254/ecdsa/ecdsa.go | 3 ++- ecc/bw6-633/ecdsa/ecdsa.go | 3 ++- ecc/bw6-756/ecdsa/ecdsa.go | 3 ++- ecc/bw6-761/ecdsa/ecdsa.go | 3 ++- ecc/secp256k1/ecdsa/ecdsa.go | 3 ++- ecc/stark-curve/ecdsa/ecdsa.go | 3 ++- internal/generator/ecdsa/template/ecdsa.go.tmpl | 3 ++- 12 files changed, 24 insertions(+), 12 deletions(-) diff --git a/ecc/bls12-377/ecdsa/ecdsa.go b/ecc/bls12-377/ecdsa/ecdsa.go index 288a9735fd..d0ca345014 100644 --- a/ecc/bls12-377/ecdsa/ecdsa.go +++ b/ecc/bls12-377/ecdsa/ecdsa.go @@ -34,6 +34,7 @@ import ( const ( sizeFr = fr.Bytes + sizeFrBits = fr.Bits sizeFp = fp.Bytes sizePublicKey = sizeFp sizePrivateKey = sizeFr + sizePublicKey @@ -100,7 +101,7 @@ func HashToInt(hash []byte) *big.Int { hash = hash[:sizeFr] } ret := new(big.Int).SetBytes(hash) - excess := len(hash)*8 - sizeFr + excess := ret.BitLen() - sizeFrBits if excess > 0 { ret.Rsh(ret, uint(excess)) } diff --git a/ecc/bls12-378/ecdsa/ecdsa.go b/ecc/bls12-378/ecdsa/ecdsa.go index 22ce08e796..74f52145a1 100644 --- a/ecc/bls12-378/ecdsa/ecdsa.go +++ b/ecc/bls12-378/ecdsa/ecdsa.go @@ -34,6 +34,7 @@ import ( const ( sizeFr = fr.Bytes + sizeFrBits = fr.Bits sizeFp = fp.Bytes sizePublicKey = sizeFp sizePrivateKey = sizeFr + sizePublicKey @@ -100,7 +101,7 @@ func HashToInt(hash []byte) *big.Int { hash = hash[:sizeFr] } ret := new(big.Int).SetBytes(hash) - excess := len(hash)*8 - sizeFr + excess := ret.BitLen() - sizeFrBits if excess > 0 { ret.Rsh(ret, uint(excess)) } diff --git a/ecc/bls12-381/ecdsa/ecdsa.go b/ecc/bls12-381/ecdsa/ecdsa.go index 4aea1575c6..9944b89543 100644 --- a/ecc/bls12-381/ecdsa/ecdsa.go +++ b/ecc/bls12-381/ecdsa/ecdsa.go @@ -34,6 +34,7 @@ import ( const ( sizeFr = fr.Bytes + sizeFrBits = fr.Bits sizeFp = fp.Bytes sizePublicKey = sizeFp sizePrivateKey = sizeFr + sizePublicKey @@ -100,7 +101,7 @@ func HashToInt(hash []byte) *big.Int { hash = hash[:sizeFr] } ret := new(big.Int).SetBytes(hash) - excess := len(hash)*8 - sizeFr + excess := ret.BitLen() - sizeFrBits if excess > 0 { ret.Rsh(ret, uint(excess)) } diff --git a/ecc/bls24-315/ecdsa/ecdsa.go b/ecc/bls24-315/ecdsa/ecdsa.go index d9b7362d03..747f3fca42 100644 --- a/ecc/bls24-315/ecdsa/ecdsa.go +++ b/ecc/bls24-315/ecdsa/ecdsa.go @@ -34,6 +34,7 @@ import ( const ( sizeFr = fr.Bytes + sizeFrBits = fr.Bits sizeFp = fp.Bytes sizePublicKey = sizeFp sizePrivateKey = sizeFr + sizePublicKey @@ -100,7 +101,7 @@ func HashToInt(hash []byte) *big.Int { hash = hash[:sizeFr] } ret := new(big.Int).SetBytes(hash) - excess := len(hash)*8 - sizeFr + excess := ret.BitLen() - sizeFrBits if excess > 0 { ret.Rsh(ret, uint(excess)) } diff --git a/ecc/bls24-317/ecdsa/ecdsa.go b/ecc/bls24-317/ecdsa/ecdsa.go index add547cb26..4fb8355e85 100644 --- a/ecc/bls24-317/ecdsa/ecdsa.go +++ b/ecc/bls24-317/ecdsa/ecdsa.go @@ -34,6 +34,7 @@ import ( const ( sizeFr = fr.Bytes + sizeFrBits = fr.Bits sizeFp = fp.Bytes sizePublicKey = sizeFp sizePrivateKey = sizeFr + sizePublicKey @@ -100,7 +101,7 @@ func HashToInt(hash []byte) *big.Int { hash = hash[:sizeFr] } ret := new(big.Int).SetBytes(hash) - excess := len(hash)*8 - sizeFr + excess := ret.BitLen() - sizeFrBits if excess > 0 { ret.Rsh(ret, uint(excess)) } diff --git a/ecc/bn254/ecdsa/ecdsa.go b/ecc/bn254/ecdsa/ecdsa.go index c860e7b942..dcde60137e 100644 --- a/ecc/bn254/ecdsa/ecdsa.go +++ b/ecc/bn254/ecdsa/ecdsa.go @@ -35,6 +35,7 @@ import ( const ( sizeFr = fr.Bytes + sizeFrBits = fr.Bits sizeFp = fp.Bytes sizePublicKey = sizeFp sizePrivateKey = sizeFr + sizePublicKey @@ -101,7 +102,7 @@ func HashToInt(hash []byte) *big.Int { hash = hash[:sizeFr] } ret := new(big.Int).SetBytes(hash) - excess := len(hash)*8 - sizeFr + excess := ret.BitLen() - sizeFrBits if excess > 0 { ret.Rsh(ret, uint(excess)) } diff --git a/ecc/bw6-633/ecdsa/ecdsa.go b/ecc/bw6-633/ecdsa/ecdsa.go index e744f91d42..649a8efe0e 100644 --- a/ecc/bw6-633/ecdsa/ecdsa.go +++ b/ecc/bw6-633/ecdsa/ecdsa.go @@ -34,6 +34,7 @@ import ( const ( sizeFr = fr.Bytes + sizeFrBits = fr.Bits sizeFp = fp.Bytes sizePublicKey = sizeFp sizePrivateKey = sizeFr + sizePublicKey @@ -100,7 +101,7 @@ func HashToInt(hash []byte) *big.Int { hash = hash[:sizeFr] } ret := new(big.Int).SetBytes(hash) - excess := len(hash)*8 - sizeFr + excess := ret.BitLen() - sizeFrBits if excess > 0 { ret.Rsh(ret, uint(excess)) } diff --git a/ecc/bw6-756/ecdsa/ecdsa.go b/ecc/bw6-756/ecdsa/ecdsa.go index e3914a732b..bf32e9cacc 100644 --- a/ecc/bw6-756/ecdsa/ecdsa.go +++ b/ecc/bw6-756/ecdsa/ecdsa.go @@ -34,6 +34,7 @@ import ( const ( sizeFr = fr.Bytes + sizeFrBits = fr.Bits sizeFp = fp.Bytes sizePublicKey = sizeFp sizePrivateKey = sizeFr + sizePublicKey @@ -100,7 +101,7 @@ func HashToInt(hash []byte) *big.Int { hash = hash[:sizeFr] } ret := new(big.Int).SetBytes(hash) - excess := len(hash)*8 - sizeFr + excess := ret.BitLen() - sizeFrBits if excess > 0 { ret.Rsh(ret, uint(excess)) } diff --git a/ecc/bw6-761/ecdsa/ecdsa.go b/ecc/bw6-761/ecdsa/ecdsa.go index 4665a1f174..0c77b0b0b8 100644 --- a/ecc/bw6-761/ecdsa/ecdsa.go +++ b/ecc/bw6-761/ecdsa/ecdsa.go @@ -34,6 +34,7 @@ import ( const ( sizeFr = fr.Bytes + sizeFrBits = fr.Bits sizeFp = fp.Bytes sizePublicKey = sizeFp sizePrivateKey = sizeFr + sizePublicKey @@ -100,7 +101,7 @@ func HashToInt(hash []byte) *big.Int { hash = hash[:sizeFr] } ret := new(big.Int).SetBytes(hash) - excess := len(hash)*8 - sizeFr + excess := ret.BitLen() - sizeFrBits if excess > 0 { ret.Rsh(ret, uint(excess)) } diff --git a/ecc/secp256k1/ecdsa/ecdsa.go b/ecc/secp256k1/ecdsa/ecdsa.go index f1489bd655..6c633fc991 100644 --- a/ecc/secp256k1/ecdsa/ecdsa.go +++ b/ecc/secp256k1/ecdsa/ecdsa.go @@ -35,6 +35,7 @@ import ( const ( sizeFr = fr.Bytes + sizeFrBits = fr.Bits sizeFp = fp.Bytes sizePublicKey = 2 * sizeFp sizePrivateKey = sizeFr + sizePublicKey @@ -101,7 +102,7 @@ func HashToInt(hash []byte) *big.Int { hash = hash[:sizeFr] } ret := new(big.Int).SetBytes(hash) - excess := len(hash)*8 - sizeFr + excess := ret.BitLen() - sizeFrBits if excess > 0 { ret.Rsh(ret, uint(excess)) } diff --git a/ecc/stark-curve/ecdsa/ecdsa.go b/ecc/stark-curve/ecdsa/ecdsa.go index 0523fa1e28..5d94cd7915 100644 --- a/ecc/stark-curve/ecdsa/ecdsa.go +++ b/ecc/stark-curve/ecdsa/ecdsa.go @@ -35,6 +35,7 @@ import ( const ( sizeFr = fr.Bytes + sizeFrBits = fr.Bits sizeFp = fp.Bytes sizePublicKey = sizeFp sizePrivateKey = sizeFr + sizePublicKey @@ -101,7 +102,7 @@ func HashToInt(hash []byte) *big.Int { hash = hash[:sizeFr] } ret := new(big.Int).SetBytes(hash) - excess := len(hash)*8 - sizeFr + excess := ret.BitLen() - sizeFrBits if excess > 0 { ret.Rsh(ret, uint(excess)) } diff --git a/internal/generator/ecdsa/template/ecdsa.go.tmpl b/internal/generator/ecdsa/template/ecdsa.go.tmpl index ff966d73ac..1dda1ed34b 100644 --- a/internal/generator/ecdsa/template/ecdsa.go.tmpl +++ b/internal/generator/ecdsa/template/ecdsa.go.tmpl @@ -19,6 +19,7 @@ import ( const ( sizeFr = fr.Bytes + sizeFrBits = fr.Bits sizeFp = fp.Bytes {{- if eq .Name "secp256k1"}} sizePublicKey = 2 * sizeFp @@ -94,7 +95,7 @@ func HashToInt(hash []byte) *big.Int { hash = hash[:sizeFr] } ret := new(big.Int).SetBytes(hash) - excess := len(hash)*8 - sizeFr + excess := ret.BitLen() - sizeFrBits if excess > 0 { ret.Rsh(ret, uint(excess)) }