From 6a9535b00a07b1d1cf789a4d5abc947a644a30e3 Mon Sep 17 00:00:00 2001 From: Hannah Redler Date: Thu, 24 Oct 2024 21:28:27 +0200 Subject: [PATCH 1/3] fix(eddsa-poseidon): adds a check on the message parameter to ensure it doesnt exceed 32 bytes. re #190 --- packages/eddsa-poseidon/src/utils.ts | 13 ++++++++----- .../tests/eddsa-poseidon-blake1.test.ts | 16 ++++++++++++++++ 2 files changed, 24 insertions(+), 5 deletions(-) diff --git a/packages/eddsa-poseidon/src/utils.ts b/packages/eddsa-poseidon/src/utils.ts index 7ffc3dea..3b1f078d 100644 --- a/packages/eddsa-poseidon/src/utils.ts +++ b/packages/eddsa-poseidon/src/utils.ts @@ -59,18 +59,21 @@ export function checkPrivateKey(privateKey: Buffer | Uint8Array | string): Buffe } /** - * Validates and converts a BigNumberish message to a bigint. + * Validates and converts a BigNumberish message to a bigint. Ensures the message size does not exceed 32 bytes. * @param message The message to check and convert. * @returns The message as a bigint. */ export function checkMessage(message: BigNumberish): bigint { requireTypes(message, "message", ["bignumberish", "string"]) - if (isBigNumberish(message)) { - return bigNumberishToBigInt(message) - } + const bigIntMessage = + isBigNumberish(message) && message + ? bigNumberishToBigInt(message) + : bufferToBigInt(Buffer.from(message as string)) - return bufferToBigInt(Buffer.from(message as string)) + const maxLength = 2n ** 256n / 2n - 1n + if (bigIntMessage > maxLength) throw new Error(`Message length is larger than 32 bytes`) + return bigIntMessage } /** diff --git a/packages/eddsa-poseidon/tests/eddsa-poseidon-blake1.test.ts b/packages/eddsa-poseidon/tests/eddsa-poseidon-blake1.test.ts index f0f13c81..0ce5eecf 100644 --- a/packages/eddsa-poseidon/tests/eddsa-poseidon-blake1.test.ts +++ b/packages/eddsa-poseidon/tests/eddsa-poseidon-blake1.test.ts @@ -138,6 +138,22 @@ describe("EdDSAPoseidon", () => { expect(fun).toThrow(`Parameter 'message' is none of the following types: bignumberish, string`) }) + it("Should throw an error if the message is larger than 32 Bytes [string]", async () => { + const message = "abcdefghijklmnopqrstuvwxyz1234567" + + const fun = () => signMessage(privateKey, message) + + expect(fun).toThrow(`Message length is larger than 32 bytes`) + }) + + it("Should throw an error if the message is larger than 32 Bytes [number]", async () => { + const message = 2 ** 256 / 2 + + const fun = () => signMessage(privateKey, message) + + expect(fun).toThrow(`Message length is larger than 32 bytes`) + }) + it("Should verify a signature (numeric)", async () => { const publicKey = derivePublicKey(privateKey) const signature = signMessage(privateKey, message) From 8e673483221776033b875340a2308a4c289e1330 Mon Sep 17 00:00:00 2001 From: Hannah Redler Date: Thu, 24 Oct 2024 21:43:26 +0200 Subject: [PATCH 2/3] refactor(eddsa-poseidon): removes unnecessary check --- packages/eddsa-poseidon/src/utils.ts | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/packages/eddsa-poseidon/src/utils.ts b/packages/eddsa-poseidon/src/utils.ts index 3b1f078d..c1a019b2 100644 --- a/packages/eddsa-poseidon/src/utils.ts +++ b/packages/eddsa-poseidon/src/utils.ts @@ -66,10 +66,9 @@ export function checkPrivateKey(privateKey: Buffer | Uint8Array | string): Buffe export function checkMessage(message: BigNumberish): bigint { requireTypes(message, "message", ["bignumberish", "string"]) - const bigIntMessage = - isBigNumberish(message) && message - ? bigNumberishToBigInt(message) - : bufferToBigInt(Buffer.from(message as string)) + const bigIntMessage = isBigNumberish(message) + ? bigNumberishToBigInt(message) + : bufferToBigInt(Buffer.from(message as string)) const maxLength = 2n ** 256n / 2n - 1n if (bigIntMessage > maxLength) throw new Error(`Message length is larger than 32 bytes`) From 5ea90de44fd21c09778d470c2becb66b80e403d6 Mon Sep 17 00:00:00 2001 From: Hannah Redler Date: Fri, 25 Oct 2024 12:47:06 +0200 Subject: [PATCH 3/3] fix(eddsa-poseidon): handles the negative case --- packages/eddsa-poseidon/src/utils.ts | 5 +++-- .../eddsa-poseidon/tests/eddsa-poseidon-blake1.test.ts | 10 +++++++++- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/packages/eddsa-poseidon/src/utils.ts b/packages/eddsa-poseidon/src/utils.ts index c1a019b2..b20df6bc 100644 --- a/packages/eddsa-poseidon/src/utils.ts +++ b/packages/eddsa-poseidon/src/utils.ts @@ -70,8 +70,9 @@ export function checkMessage(message: BigNumberish): bigint { ? bigNumberishToBigInt(message) : bufferToBigInt(Buffer.from(message as string)) - const maxLength = 2n ** 256n / 2n - 1n - if (bigIntMessage > maxLength) throw new Error(`Message length is larger than 32 bytes`) + const maxLength = 2n ** 256n / 2n + if (bigIntMessage < maxLength * -1n || bigIntMessage >= maxLength) + throw new Error(`Message length is larger than 32 bytes`) return bigIntMessage } diff --git a/packages/eddsa-poseidon/tests/eddsa-poseidon-blake1.test.ts b/packages/eddsa-poseidon/tests/eddsa-poseidon-blake1.test.ts index 0ce5eecf..b42d87cf 100644 --- a/packages/eddsa-poseidon/tests/eddsa-poseidon-blake1.test.ts +++ b/packages/eddsa-poseidon/tests/eddsa-poseidon-blake1.test.ts @@ -147,7 +147,15 @@ describe("EdDSAPoseidon", () => { }) it("Should throw an error if the message is larger than 32 Bytes [number]", async () => { - const message = 2 ** 256 / 2 + const message = 2 ** 255 + + const fun = () => signMessage(privateKey, message) + + expect(fun).toThrow(`Message length is larger than 32 bytes`) + }) + + it("Should throw an error if the message is larger than 32 Bytes [-number]", async () => { + const message = -(2n ** 255n + 1n) const fun = () => signMessage(privateKey, message)