Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restrict P256EncryptPublic::from_bytes and P256SignPublic::from_bytes to uncompressed format only #499

Merged
merged 3 commits into from
Jan 2, 2025
Merged

Restrict P256EncryptPublic::from_bytes and P256SignPublic::from_bytes to uncompressed format only #499

merged 3 commits into from
Jan 2, 2025

Conversation

r-n-o
Copy link
Contributor

@r-n-o r-n-o commented Dec 23, 2024
edited
Loading

Summary & Motivation (Problem vs. Solution)

This was found by @cr-tk during fuzz testing: the documentation of P256EncryptPublic::from_bytes and P256SignPublic::from_bytes do not match their actual behavior. For consistency's sake I'm making these methods accept only uncompressed SEC1 bytes.

How I Tested These Changes

Existing + new unit tests

@r-n-o r-n-o requested a review from cr-tk December 23, 2024 21:17
@r-n-o r-n-o requested a review from a team as a code owner December 23, 2024 21:17
@r-n-o r-n-o changed the title Restrict P256EncryptPublic::from_bytes to uncompressed format only Restrict P256EncryptPublic::from_bytes and P256SignPublic::from_bytes to uncompressed format only Dec 23, 2024
cr-tk
cr-tk approved these changes Dec 23, 2024
View reviewed changes
Copy link
Collaborator

@cr-tk cr-tk left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The code changes look good to me 👍

As discussed out-of-band, the length checks rely on specific behavior in the elliptic-curve and sec1 crates behind from_sec1_bytes() to not accept a 65 byte long "uncompressed"-pubkey-sized input that claims to be a an "compressed" input via the tag, and bypass our external check that way. This validation appears to be in place upstream in sec1 v0.3.0 (see from_bytes() in src/point.rs), so I think this assumption is valid 🙂

@r-n-o
Copy link
Contributor Author

r-n-o commented Dec 31, 2024

I've bumped QOS in mono to the tip of this branch and ran tests to verify that we're not relying on from_bytes accepting compressed format. We're not, tests are all green ✅

@r-n-o r-n-o merged commit 0ae2f77 into main Jan 2, 2025
6 checks passed
@r-n-o r-n-o deleted the rno/make-from-bytes-more-restrictive branch January 2, 2025 16:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cr-tk cr-tk cr-tk approved these changes

@moe-dev moe-dev moe-dev approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@r-n-o @moe-dev @cr-tk