From 5c44ddebd7d8b9589a8ba0e3b27215ac34553b93 Mon Sep 17 00:00:00 2001 From: armfazh Date: Mon, 10 Jun 2024 01:00:58 -0700 Subject: [PATCH] Detects invalid encodings of bls12381 elements. --- ecc/bls12381/doc.go | 56 ++++++++++++++++++++++++++++++--------------- ecc/bls12381/g1.go | 6 +++++ ecc/bls12381/g2.go | 6 +++++ 3 files changed, 49 insertions(+), 19 deletions(-) diff --git a/ecc/bls12381/doc.go b/ecc/bls12381/doc.go index d7e07e54b..bf4df68db 100644 --- a/ecc/bls12381/doc.go +++ b/ecc/bls12381/doc.go @@ -32,23 +32,41 @@ // is the lexicographically largest of the two associated with the encoded // x-coordinate. // -// |----------------------------------------------------| -// | Serialization Format | -// |-----|-------|-------|---------------|--------------| -// | MSB | MSB-1 | MSB-2 | Description | Encoding | -// |-----|-------|-------|---------------|--------------| -// | 0 | X | X | Uncompressed | e || x || y | -// | 1 | X | X | Compressed | e || x | -// |-----|-------|-------|---------------|--------------| -// | X | 0 | X | Non-Infinity | e || x || y | -// | X | 1 | X | Infinity | e || 0 || 0 | -// |-----|-------|-------|---------------|--------------| -// | | | | Compressed, | | -// | 1 | 0 | 1 | Non-Infinity, | e || x | -// | | | | Big y-coord | | -// |-----|-------|-------|---------------|--------------| -// | | | | Compressed, | | -// | 1 | 0 | 0 | Non-Infinity, | e || x | -// | | | | Small y-coord | | -// |----------------------------------------------------| +// |------------------------------------------------------| +// | Serialization Format | +// |-----|-------|-------|-----------------|--------------| +// | MSB | MSB-1 | MSB-2 | Description | Encoding | +// |-----|-------|-------|-----------------|--------------| +// | | | | Non-compressed, | | +// | 0 | 0 | 0 | Non-Infinity, | e || x || y | +// | | | | Zero. | | +// |-----|-------|-------|-----------------|--------------| +// | | | | Non-compressed, | | +// | 0 | 0 | 1 | Non-Infinity, | Invalid | +// | | | | One. | | +// |-----|-------|-------|-----------------|--------------| +// | | | | Non-compressed, | | +// | 0 | 1 | 0 | Infinity, | e || 0 || 0 | +// | | | | Zero. | | +// |-----|-------|-------|-----------------|--------------| +// | | | | Non-compressed, | | +// | 0 | 1 | 1 | Infinity, | Invalid | +// | | | | One. | | +// |-----|-------|-------|-----------------|--------------| +// | | | | Compressed, | | +// | 1 | 0 | 0 | Non-Infinity, | e || x | +// | | | | Small y-coord | | +// |-----|-------|-------|-----------------|--------------| +// | | | | Compressed, | | +// | 1 | 0 | 1 | Non-Infinity, | e || x | +// | | | | Big y-coord | | +// |-----|-------|-------|-----------------|--------------| +// | | | | Compressed, | | +// | 1 | 1 | 0 | Infinity, | e || 0 | +// | | | | Zero. | | +// |-----|-------|-------|-----------------|--------------| +// | | | | Compressed, | | +// | 1 | 1 | 1 | Infinity, | Invalid | +// | | | | One. | | +// |------------------------------------------------------| package bls12381 diff --git a/ecc/bls12381/g1.go b/ecc/bls12381/g1.go index 3ad4a66c8..08e2ef96e 100644 --- a/ecc/bls12381/g1.go +++ b/ecc/bls12381/g1.go @@ -34,6 +34,12 @@ func (g *G1) SetBytes(b []byte) error { return errInputLength } + // Check for invalid prefixes + switch b[0] & 0xE0 { + case 0x20, 0x60, 0xE0: + return errEncoding + } + isCompressed := int((b[0] >> 7) & 0x1) isInfinity := int((b[0] >> 6) & 0x1) isBigYCoord := int((b[0] >> 5) & 0x1) diff --git a/ecc/bls12381/g2.go b/ecc/bls12381/g2.go index 22ef5deb2..740148938 100644 --- a/ecc/bls12381/g2.go +++ b/ecc/bls12381/g2.go @@ -32,6 +32,12 @@ func (g *G2) SetBytes(b []byte) error { return errInputLength } + // Check for invalid prefixes + switch b[0] & 0xE0 { + case 0x20, 0x60, 0xE0: + return errEncoding + } + isCompressed := int((b[0] >> 7) & 0x1) isInfinity := int((b[0] >> 6) & 0x1) isBigYCoord := int((b[0] >> 5) & 0x1)