Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/ecdsa: Verify methods panic on infinite key #673

Open
cthulhu-rider opened this issue Dec 18, 2024 · 0 comments
Open

crypto/ecdsa: Verify methods panic on infinite key #673

cthulhu-rider opened this issue Dec 18, 2024 · 0 comments
Labels
bug Something isn't working I4 No visible changes S4 Routine U4 Nothing urgent
Milestone
v1.0.0

Comments

@cthulhu-rider
Copy link
Contributor

Current Behavior

following methods panic when public key is decoded from 0x00 byte (infinite):

Expected Behavior

no panic

Possible Solution

exclude infinite case

Steps to Reproduce

func TestPubVerify(t *testing.T) {
	t.Run("ECDSA_SHA512", func(t *testing.T) {
		var pub neofsecdsa.PublicKey
		require.NoError(t, pub.Decode([]byte{0x00}))
		anyValidSig := []byte{4, 54, 181, 48, 83, 197, 23, 131, 0, 233, 48, 96, 155, 28, 68, 0, 189, 120, 251, 60, 163, 5, 136, 106, 63,
			126, 99, 34, 198, 66, 247, 207, 135, 12, 130, 49, 130, 155, 236, 204, 71, 23, 33, 178, 163, 27, 28, 101, 33, 33,
			91, 229, 217, 170, 250, 226, 62, 93, 22, 3, 181, 81, 69, 9, 97}
		require.NotPanics(t, func() { pub.Verify(nil, anyValidSig) })
	})
	t.Run("WalletConnect", func(t *testing.T) {
		var pub neofsecdsa.PublicKeyWalletConnect
		require.NoError(t, pub.Decode([]byte{0x00}))
		anyValidSig := []byte{232, 128, 107, 75, 64, 63, 81, 149, 215, 6, 170, 132, 68, 181, 142, 100, 169, 242, 40, 227, 12, 103,
			202, 72, 190, 66, 240, 251, 115, 112, 36, 115, 169, 186, 16, 121, 153, 101, 206, 38, 156, 154, 69, 80, 198, 172, 125,
			115, 114, 54, 224, 44, 198, 137, 131, 236, 163, 209, 208, 136, 146, 184, 70, 136, 60, 200, 208, 106, 154, 206, 83,
			44, 222, 202, 169, 116, 157, 3, 5, 181}
		require.NotPanics(t, func() { pub.Verify(nil, anyValidSig) })
	})
}

Context

test coverage

Regression

nol

Your Environment

  • Version of the product used: 0b9bb74
@cthulhu-rider cthulhu-rider added the bug Something isn't working label Dec 18, 2024
@roman-khimov roman-khimov added U4 Nothing urgent S4 Routine I4 No visible changes labels Dec 18, 2024
@roman-khimov roman-khimov added this to the v1.0.0-rc13 milestone Dec 18, 2024
@cthulhu-rider cthulhu-rider modified the milestones: v1.0.0-rc13, v1.0.0 Mar 3, 2025
cthulhu-rider added a commit to nspcc-dev/neofs-node that referenced this issue Apr 2, 2025
@cthulhu-rider
node/object: Refactor verification of tokens' signatures
d1d1dc2 
Prolongs approach from 8d3054d to
objects. The code is shared as much as possible. The panic described in
nspcc-dev/neofs-sdk-go#673 is prevented in the
reused code.

Refs #3194. Refs #2795.

Signed-off-by: Leonard Lyubich <[email protected]>
cthulhu-rider added a commit to nspcc-dev/neofs-node that referenced this issue Apr 2, 2025
@cthulhu-rider
node/object: Refactor verification of tokens' signatures
29c20f8 
Prolongs approach from 8d3054d to
objects. The code is shared as much as possible. The panic described in
nspcc-dev/neofs-sdk-go#673 is prevented in the
reused code.

Refs #3194. Refs #2795.

Signed-off-by: Leonard Lyubich <[email protected]>
cthulhu-rider added a commit to nspcc-dev/neofs-node that referenced this issue Apr 2, 2025
@cthulhu-rider
node/object: Refactor verification of objects' signatures
f797bfa 
Prolongs approach from 8d3054d to
objects. The code is shared as much as possible. The panic described in
nspcc-dev/neofs-sdk-go#673 is prevented in the
reused code.

Refs #3194. Refs #2795.

Signed-off-by: Leonard Lyubich <[email protected]>
cthulhu-rider added a commit to nspcc-dev/neofs-node that referenced this issue Apr 2, 2025
@cthulhu-rider
node/object: Refactor verification of objects' signatures
4000324 
Prolongs approach from 8d3054d to
objects. The code is shared as much as possible. The panic described in
nspcc-dev/neofs-sdk-go#673 is prevented in the
reused code.

Refs #3194. Refs #2795.

Signed-off-by: Leonard Lyubich <[email protected]>
cthulhu-rider added a commit to nspcc-dev/neofs-node that referenced this issue Apr 3, 2025
@cthulhu-rider
node/object: Refactor verification of objects' signatures
bc2bd25 
Prolongs approach from 8d3054d to
objects. The code is shared as much as possible. The panic described in
nspcc-dev/neofs-sdk-go#673 is prevented in the
reused code.

Refs #3194. Refs #2795.

Signed-off-by: Leonard Lyubich <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working I4 No visible changes S4 Routine U4 Nothing urgent
Projects
None yet
Milestone
v1.0.0
Development

No branches or pull requests
2 participants
@roman-khimov @cthulhu-rider