From 915e62d556932e3cccf30c3d4ebe6e25d875722b Mon Sep 17 00:00:00 2001 From: Ivo Kubjas Date: Tue, 11 Jul 2023 12:51:34 +0200 Subject: [PATCH] fix: ECDSA HashToInt bytes-bits mismatch (#428) * fix: bytes-bits mismatch when masking excess bits in ecdsa * chore: go generate --- ecc/bls12-377/ecdsa/ecdsa.go | 3 ++- ecc/bls12-378/ecdsa/ecdsa.go | 3 ++- ecc/bls12-381/ecdsa/ecdsa.go | 3 ++- ecc/bls24-315/ecdsa/ecdsa.go | 3 ++- ecc/bls24-317/ecdsa/ecdsa.go | 3 ++- ecc/bn254/ecdsa/ecdsa.go | 3 ++- ecc/bw6-633/ecdsa/ecdsa.go | 3 ++- ecc/bw6-756/ecdsa/ecdsa.go | 3 ++- ecc/bw6-761/ecdsa/ecdsa.go | 3 ++- ecc/secp256k1/ecdsa/ecdsa.go | 3 ++- ecc/stark-curve/ecdsa/ecdsa.go | 3 ++- internal/generator/ecdsa/template/ecdsa.go.tmpl | 3 ++- 12 files changed, 24 insertions(+), 12 deletions(-) diff --git a/ecc/bls12-377/ecdsa/ecdsa.go b/ecc/bls12-377/ecdsa/ecdsa.go index 89445e211..b9c591ccb 100644 --- a/ecc/bls12-377/ecdsa/ecdsa.go +++ b/ecc/bls12-377/ecdsa/ecdsa.go @@ -34,6 +34,7 @@ import ( const ( sizeFr = fr.Bytes + sizeFrBits = fr.Bits sizeFp = fp.Bytes sizePublicKey = sizeFp sizePrivateKey = sizeFr + sizePublicKey @@ -100,7 +101,7 @@ func HashToInt(hash []byte) *big.Int { hash = hash[:sizeFr] } ret := new(big.Int).SetBytes(hash) - excess := len(hash)*8 - sizeFr + excess := ret.BitLen() - sizeFrBits if excess > 0 { ret.Rsh(ret, uint(excess)) } diff --git a/ecc/bls12-378/ecdsa/ecdsa.go b/ecc/bls12-378/ecdsa/ecdsa.go index f1766e159..1861b59c6 100644 --- a/ecc/bls12-378/ecdsa/ecdsa.go +++ b/ecc/bls12-378/ecdsa/ecdsa.go @@ -34,6 +34,7 @@ import ( const ( sizeFr = fr.Bytes + sizeFrBits = fr.Bits sizeFp = fp.Bytes sizePublicKey = sizeFp sizePrivateKey = sizeFr + sizePublicKey @@ -100,7 +101,7 @@ func HashToInt(hash []byte) *big.Int { hash = hash[:sizeFr] } ret := new(big.Int).SetBytes(hash) - excess := len(hash)*8 - sizeFr + excess := ret.BitLen() - sizeFrBits if excess > 0 { ret.Rsh(ret, uint(excess)) } diff --git a/ecc/bls12-381/ecdsa/ecdsa.go b/ecc/bls12-381/ecdsa/ecdsa.go index db5626789..20367a119 100644 --- a/ecc/bls12-381/ecdsa/ecdsa.go +++ b/ecc/bls12-381/ecdsa/ecdsa.go @@ -34,6 +34,7 @@ import ( const ( sizeFr = fr.Bytes + sizeFrBits = fr.Bits sizeFp = fp.Bytes sizePublicKey = sizeFp sizePrivateKey = sizeFr + sizePublicKey @@ -100,7 +101,7 @@ func HashToInt(hash []byte) *big.Int { hash = hash[:sizeFr] } ret := new(big.Int).SetBytes(hash) - excess := len(hash)*8 - sizeFr + excess := ret.BitLen() - sizeFrBits if excess > 0 { ret.Rsh(ret, uint(excess)) } diff --git a/ecc/bls24-315/ecdsa/ecdsa.go b/ecc/bls24-315/ecdsa/ecdsa.go index ce29aaaef..bf5550d2c 100644 --- a/ecc/bls24-315/ecdsa/ecdsa.go +++ b/ecc/bls24-315/ecdsa/ecdsa.go @@ -34,6 +34,7 @@ import ( const ( sizeFr = fr.Bytes + sizeFrBits = fr.Bits sizeFp = fp.Bytes sizePublicKey = sizeFp sizePrivateKey = sizeFr + sizePublicKey @@ -100,7 +101,7 @@ func HashToInt(hash []byte) *big.Int { hash = hash[:sizeFr] } ret := new(big.Int).SetBytes(hash) - excess := len(hash)*8 - sizeFr + excess := ret.BitLen() - sizeFrBits if excess > 0 { ret.Rsh(ret, uint(excess)) } diff --git a/ecc/bls24-317/ecdsa/ecdsa.go b/ecc/bls24-317/ecdsa/ecdsa.go index 19560eec4..5422c2110 100644 --- a/ecc/bls24-317/ecdsa/ecdsa.go +++ b/ecc/bls24-317/ecdsa/ecdsa.go @@ -34,6 +34,7 @@ import ( const ( sizeFr = fr.Bytes + sizeFrBits = fr.Bits sizeFp = fp.Bytes sizePublicKey = sizeFp sizePrivateKey = sizeFr + sizePublicKey @@ -100,7 +101,7 @@ func HashToInt(hash []byte) *big.Int { hash = hash[:sizeFr] } ret := new(big.Int).SetBytes(hash) - excess := len(hash)*8 - sizeFr + excess := ret.BitLen() - sizeFrBits if excess > 0 { ret.Rsh(ret, uint(excess)) } diff --git a/ecc/bn254/ecdsa/ecdsa.go b/ecc/bn254/ecdsa/ecdsa.go index 9ea97fe71..c0cdeba89 100644 --- a/ecc/bn254/ecdsa/ecdsa.go +++ b/ecc/bn254/ecdsa/ecdsa.go @@ -35,6 +35,7 @@ import ( const ( sizeFr = fr.Bytes + sizeFrBits = fr.Bits sizeFp = fp.Bytes sizePublicKey = sizeFp sizePrivateKey = sizeFr + sizePublicKey @@ -101,7 +102,7 @@ func HashToInt(hash []byte) *big.Int { hash = hash[:sizeFr] } ret := new(big.Int).SetBytes(hash) - excess := len(hash)*8 - sizeFr + excess := ret.BitLen() - sizeFrBits if excess > 0 { ret.Rsh(ret, uint(excess)) } diff --git a/ecc/bw6-633/ecdsa/ecdsa.go b/ecc/bw6-633/ecdsa/ecdsa.go index c629b66fa..ebbbad869 100644 --- a/ecc/bw6-633/ecdsa/ecdsa.go +++ b/ecc/bw6-633/ecdsa/ecdsa.go @@ -34,6 +34,7 @@ import ( const ( sizeFr = fr.Bytes + sizeFrBits = fr.Bits sizeFp = fp.Bytes sizePublicKey = sizeFp sizePrivateKey = sizeFr + sizePublicKey @@ -100,7 +101,7 @@ func HashToInt(hash []byte) *big.Int { hash = hash[:sizeFr] } ret := new(big.Int).SetBytes(hash) - excess := len(hash)*8 - sizeFr + excess := ret.BitLen() - sizeFrBits if excess > 0 { ret.Rsh(ret, uint(excess)) } diff --git a/ecc/bw6-756/ecdsa/ecdsa.go b/ecc/bw6-756/ecdsa/ecdsa.go index 07b997a40..6742822a1 100644 --- a/ecc/bw6-756/ecdsa/ecdsa.go +++ b/ecc/bw6-756/ecdsa/ecdsa.go @@ -34,6 +34,7 @@ import ( const ( sizeFr = fr.Bytes + sizeFrBits = fr.Bits sizeFp = fp.Bytes sizePublicKey = sizeFp sizePrivateKey = sizeFr + sizePublicKey @@ -100,7 +101,7 @@ func HashToInt(hash []byte) *big.Int { hash = hash[:sizeFr] } ret := new(big.Int).SetBytes(hash) - excess := len(hash)*8 - sizeFr + excess := ret.BitLen() - sizeFrBits if excess > 0 { ret.Rsh(ret, uint(excess)) } diff --git a/ecc/bw6-761/ecdsa/ecdsa.go b/ecc/bw6-761/ecdsa/ecdsa.go index 033cd8f9d..3a8717060 100644 --- a/ecc/bw6-761/ecdsa/ecdsa.go +++ b/ecc/bw6-761/ecdsa/ecdsa.go @@ -34,6 +34,7 @@ import ( const ( sizeFr = fr.Bytes + sizeFrBits = fr.Bits sizeFp = fp.Bytes sizePublicKey = sizeFp sizePrivateKey = sizeFr + sizePublicKey @@ -100,7 +101,7 @@ func HashToInt(hash []byte) *big.Int { hash = hash[:sizeFr] } ret := new(big.Int).SetBytes(hash) - excess := len(hash)*8 - sizeFr + excess := ret.BitLen() - sizeFrBits if excess > 0 { ret.Rsh(ret, uint(excess)) } diff --git a/ecc/secp256k1/ecdsa/ecdsa.go b/ecc/secp256k1/ecdsa/ecdsa.go index 742add4b9..7e4b5ffff 100644 --- a/ecc/secp256k1/ecdsa/ecdsa.go +++ b/ecc/secp256k1/ecdsa/ecdsa.go @@ -35,6 +35,7 @@ import ( const ( sizeFr = fr.Bytes + sizeFrBits = fr.Bits sizeFp = fp.Bytes sizePublicKey = 2 * sizeFp sizePrivateKey = sizeFr + sizePublicKey @@ -101,7 +102,7 @@ func HashToInt(hash []byte) *big.Int { hash = hash[:sizeFr] } ret := new(big.Int).SetBytes(hash) - excess := len(hash)*8 - sizeFr + excess := ret.BitLen() - sizeFrBits if excess > 0 { ret.Rsh(ret, uint(excess)) } diff --git a/ecc/stark-curve/ecdsa/ecdsa.go b/ecc/stark-curve/ecdsa/ecdsa.go index 9746d29ad..ef9c0d946 100644 --- a/ecc/stark-curve/ecdsa/ecdsa.go +++ b/ecc/stark-curve/ecdsa/ecdsa.go @@ -35,6 +35,7 @@ import ( const ( sizeFr = fr.Bytes + sizeFrBits = fr.Bits sizeFp = fp.Bytes sizePublicKey = sizeFp sizePrivateKey = sizeFr + sizePublicKey @@ -101,7 +102,7 @@ func HashToInt(hash []byte) *big.Int { hash = hash[:sizeFr] } ret := new(big.Int).SetBytes(hash) - excess := len(hash)*8 - sizeFr + excess := ret.BitLen() - sizeFrBits if excess > 0 { ret.Rsh(ret, uint(excess)) } diff --git a/internal/generator/ecdsa/template/ecdsa.go.tmpl b/internal/generator/ecdsa/template/ecdsa.go.tmpl index ff966d73a..1dda1ed34 100644 --- a/internal/generator/ecdsa/template/ecdsa.go.tmpl +++ b/internal/generator/ecdsa/template/ecdsa.go.tmpl @@ -19,6 +19,7 @@ import ( const ( sizeFr = fr.Bytes + sizeFrBits = fr.Bits sizeFp = fp.Bytes {{- if eq .Name "secp256k1"}} sizePublicKey = 2 * sizeFp @@ -94,7 +95,7 @@ func HashToInt(hash []byte) *big.Int { hash = hash[:sizeFr] } ret := new(big.Int).SetBytes(hash) - excess := len(hash)*8 - sizeFr + excess := ret.BitLen() - sizeFrBits if excess > 0 { ret.Rsh(ret, uint(excess)) }