Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto.Sign panics for some inputs #269

Closed
fjl opened this issue Jan 22, 2015 · 2 comments
Closed

crypto.Sign panics for some inputs #269

fjl opened this issue Jan 22, 2015 · 2 comments

Comments

@fjl
Copy link
Contributor

fjl commented Jan 22, 2015

There are two problems, both of which are related to this change. Note that the change is not mentioned in the commit message.

One problem is that package crypto uses privateKey.D.Bytes() to marshal the private key. The value returned by Bytes will not have length 32 in all cases because math/big returns the minimum number of bytes required to hold the number.

I think we should pad the key with zeroes.

The other problem is that the data being signed cannot be larger than 32 bytes, because
nonce would be accessed with an index > 31.
If it is smaller than 32 bytes, the remaining bytes of the nonce will be the rest of the private key.

The parameter for the data is called hash in package crypto. I think we should document that the value
for this parameter must have length 32 and check that it does in the Sign function.

Crash:

Panic at i=534.
Key: (len=31) [139 238 11 176 202 152 178 4 145 65 239 166 32 93 76 229 172 233 51 179 54 143 168 210 31 183 235 209 38 188 56]
runtime error: index out of range
goroutine 1 [running]:
main.func·001()
    /Users/fjl/develop/eth/src/github.com/ethereum/go-ethereum/ktest.go:31 +0x3d2
github.com/obscuren/secp256k1-go.Sign(0xc20809deb8, 0x20, 0x20, 0xc20801fc01, 0x1f, 0x1f, 0x0, 0x0, 0x0, 0x0, ...)
    /Users/fjl/develop/eth/src/github.com/obscuren/secp256k1-go/secp256.go:130 +0x492
github.com/ethereum/go-ethereum/crypto.Sign(0xc20809deb8, 0x20, 0x20, 0xc208097770, 0x0, 0x0, 0x0, 0x0, 0x0)
    /Users/fjl/develop/eth/src/github.com/ethereum/go-ethereum/crypto/crypto.go:108 +0xc0
main.main()
    /Users/fjl/develop/eth/src/github.com/ethereum/go-ethereum/ktest.go:42 +0x306
exit status 1

Repro tool:

import (
    "crypto/ecdsa"
    "crypto/rand"
    "fmt"
    "os"
    "runtime"

    "github.com/ethereum/go-ethereum/crypto"
)

func main() {
    var (
        hash = make([]byte, 32)
        k    *ecdsa.PrivateKey
        i    int
        err  error
    )
    defer func() {
        if err := recover(); err != nil {
            fmt.Printf("Panic at i=%d.\n", i)
            if k != nil {
                enc := k.D.Bytes() // this is what package crypto does to marshal the key
                fmt.Printf("Key: (len=%d) %v\n", len(enc), enc)
            }
            fmt.Println(err)
            sb := make([]byte, 1000)
            fmt.Print(string(sb[:runtime.Stack(sb, false)]))
            os.Exit(1)
        }
    }()

    for ; i < 10000; i++ {
        k, err = ecdsa.GenerateKey(crypto.S256(), rand.Reader)
        if err != nil {
            fmt.Println("cannot generate key:", err)
            os.Exit(1)
        }
        crypto.Sign(hash, k)
    }
}
@fjl fjl added type:bug vuln and removed vuln labels Jan 22, 2015
@obscuren
Copy link
Contributor

Input hashes for secp256k1 are always 32 bytes. No more no less. It's required by secp it self. To be more specific, the input is expected to be the 32 l hash of more complex data (in our case, for transactions, the hash of the tx). The reason why it remained unspecified is because signing is pretty specific by itself for transactions. A transaction's Hash is computed using sha3 which is always 32 bytes.

I'll put a length check in sign.

@obscuren
Copy link
Contributor

0dfe511
d4cc2d3

ngtuna pushed a commit to ngtuna/tomochain that referenced this issue Dec 19, 2018
Downgrade some errors to warn
Replace a fmt by info
close ethereum#269
close ethereum#349
Zergity added a commit to Zergity/go-ethereum that referenced this issue Apr 28, 2020
…dashboard/assets/mixin-deep-1.3.2

build(deps): bump mixin-deep from 1.3.1 to 1.3.2 in /dashboard/assets
maoueh pushed a commit to streamingfast/go-ethereum that referenced this issue Aug 13, 2021
* dev: Fix console cmd tests

* Undo start.sh change
maoueh pushed a commit to streamingfast/go-ethereum that referenced this issue Dec 15, 2021
* jaipur fork

* add check

* review comments

* test case

* fix few changes

* Change condition

* review comments

* type conversion

* Update mumbai.go

* Update config.go

* Update config.go

Co-authored-by: Ferran Borreguero <ferranbt@protonmail.com>
maoueh pushed a commit to streamingfast/go-ethereum that referenced this issue May 3, 2022
* jaipur fork

* add check

* review comments

* test case

* fix few changes

* Change condition

* review comments

* type conversion

* Update mumbai.go

* Update config.go

* Update config.go

Co-authored-by: Ferran Borreguero <ferranbt@protonmail.com>
tanishqjasoria pushed a commit to tanishqjasoria/go-ethereum that referenced this issue Oct 31, 2023
* add l1 config in genesis config (ethereum#249)

* add l1 config in genesis config

* fix lint

* Update params/config.go

Co-authored-by: Péter Garamvölgyi <th307q@gmail.com>

---------

Co-authored-by: Péter Garamvölgyi <th307q@gmail.com>

* extend node configuration (ethereum#251)

* extend node configuration

* use block number instead of hash

* accept safe, finalized and numbers for L1Confirmations

* fix typos

---------

Co-authored-by: Péter Garamvölgyi <th307q@gmail.com>
Co-authored-by: Péter Garamvölgyi <peter@scroll.io>

* Fix/improve node config parsing (ethereum#260)

* raise error on failed parsing

* default value

* add l1-message-type, transaction methods (ethereum#252)

* add l1-message-type, transaction methods

* goimports

* Update core/types/transaction.go

Co-authored-by: Péter Garamvölgyi <th307q@gmail.com>

* txpool l1 check, pointer change, marhsal test

* draft: start implementing l1message gas behavior

* draft: start implementing l1message gas behavior

* change to gas usage

* error comment typo

Co-authored-by: Haichen Shen <shenhaichen@gmail.com>

* goimports

* update nonce, add hash test (fails), marshal test

* goimports

* target addr cant be nil

* change call msg

* comment out test

* lint

---------

Co-authored-by: Péter Garamvölgyi <th307q@gmail.com>
Co-authored-by: Haichen Shen <shenhaichen@gmail.com>

* Add L1 message database (ethereum#255)

* add l1-message-type, transaction methods

* goimports

* Update core/types/transaction.go

Co-authored-by: Péter Garamvölgyi <th307q@gmail.com>

* add L1 message store to rawdb

* remove comments

* rename to l1_message

* rename variables and add comments

* write l1 msgs in a batch

* add more comments

* update tests

* allow batched and non-batched writes

* rename to accessors_l1_message

* handle error

* add range check

* fix tests

* update comments

* nit

* support blocks with 0 l1 messages

---------

Co-authored-by: Max Wolff <maxcwolff@gmail.com>
Co-authored-by: Max Wolff <max@scroll.io>

* Fix L1Message Deep Copy, Complete Bridge Tx Hash test (ethereum#269)

* deep copy value field, add tx hash test

comment

* typo

* Rename nonce to queueindex, increment sender nonce on L1 message execution (ethereum#271)

* change nonce to queueindex, increment nonce on L1 message

* fix db acccessors

* Update core/types/transaction_marshalling.go

Co-authored-by: Péter Garamvölgyi <th307q@gmail.com>

---------

Co-authored-by: Péter Garamvölgyi <th307q@gmail.com>

* Fix db inspect command (ethereum#276)

fix db inspect command

* Add l1 sync service (ethereum#256)

* extend node configuration

* add l1-message-type, transaction methods

* goimports

* Update core/types/transaction.go

Co-authored-by: Péter Garamvölgyi <th307q@gmail.com>

* use block number instead of hash

* accept safe, finalized and numbers for L1Confirmations

* add L1 message store to rawdb

* remove comments

* fix typos

* add L1 message sync service

* use l1 contract address and chain ID

* use L1DeploymentBlock

* add confirmation config

* move bridge client to separate file

* use uint64 block number

* fix bigint comparison

* rename constants

* add more logs

* rename to l1_message

* rename variables and add comments

* write l1 msgs in a batch

* add more comments

* update tests

* allow batched and non-batched writes

* rename to accessors_l1_message

* handle error

* check if config is provided

* improve sync service DB batched writes

* add range check

* fix tests

* update comments

* nit

* fix flush range and improve comments

* solve circular dependency

* update stress tests

* initialize l1 client for geth

* start sync service

* add more comments

* check nil correctly

* address comments

* fix merge

* fix genesis l1config deserialization

* add sync progress logs

* initial sync

* handle leveldb not found error

* use errors.Is

* address comments

* update DefaultPollInterval

---------

Co-authored-by: Nazarii Denha <dengaaa2002@gmail.com>
Co-authored-by: Max Wolff <maxcwolff@gmail.com>
Co-authored-by: Max Wolff <max@scroll.io>

* Add L1 message validation (ethereum#272)

* add L1 message validation

* add comments and better error handling

* handle leveldb not found error

* update incorrect condition for genesis block

* typo

* change inclusion index logic

* disable L1 message check for legacy tests

* set NumL1MessagesPerBlock to 0 in tests

* update default genesis config

* Add L1 msg validation tests (ethereum#303)

add L1 msg validation tests

* Update miner include l1 messages (ethereum#265)

* add l1-message-type, transaction methods

* goimports

* Update core/types/transaction.go

Co-authored-by: Péter Garamvölgyi <th307q@gmail.com>

* add L1 message store to rawdb

* add L1 message sync service

* remove comments

* use l1 contract address and chain ID

* extend node configuration

* use block number instead of hash

* accept safe, finalized and numbers for L1Confirmations

* fix typos

* use L1DeploymentBlock

* add confirmation config

* move bridge client to separate file

* use uint64 block number

* fix bigint comparison

* rename constants

* add more logs

* Fix/improve node config parsing (ethereum#260)

* raise error on failed parsing

* default value

* rename to l1_message

* rename variables and add comments

* write l1 msgs in a batch

* add more comments

* update tests

* allow batched and non-batched writes

* rename to accessors_l1_message

* handle error

* check if config is provided

* improve sync service DB batched writes

* include l1 messages in blocks: part 1

* add l1-message-type, transaction methods (ethereum#252)

* add l1-message-type, transaction methods

* goimports

* Update core/types/transaction.go

Co-authored-by: Péter Garamvölgyi <th307q@gmail.com>

* txpool l1 check, pointer change, marhsal test

* draft: start implementing l1message gas behavior

* draft: start implementing l1message gas behavior

* change to gas usage

* error comment typo

Co-authored-by: Haichen Shen <shenhaichen@gmail.com>

* goimports

* update nonce, add hash test (fails), marshal test

* goimports

* target addr cant be nil

* change call msg

* comment out test

* lint

---------

Co-authored-by: Péter Garamvölgyi <th307q@gmail.com>
Co-authored-by: Haichen Shen <shenhaichen@gmail.com>

* Add L1 message database (ethereum#255)

* add l1-message-type, transaction methods

* goimports

* Update core/types/transaction.go

Co-authored-by: Péter Garamvölgyi <th307q@gmail.com>

* add L1 message store to rawdb

* remove comments

* rename to l1_message

* rename variables and add comments

* write l1 msgs in a batch

* add more comments

* update tests

* allow batched and non-batched writes

* rename to accessors_l1_message

* handle error

* add range check

* fix tests

* update comments

* nit

* support blocks with 0 l1 messages

---------

Co-authored-by: Max Wolff <maxcwolff@gmail.com>
Co-authored-by: Max Wolff <max@scroll.io>

* build(docker): auto docker push when pushing git tags (ethereum#258)

* build(docker): update docker trigger tag prefix (ethereum#259)

* Fix L1Message Deep Copy, Complete Bridge Tx Hash test (ethereum#269)

* deep copy value field, add tx hash test

comment

* typo

* commitl1messages

* lint

* Revert "add L1 message sync service"

This reverts commit 5305e8a.

* Revert "move bridge client to separate file"

This reverts commit 0b220be.

* update branch

* use commitMessages for l1Txs

* little fix

* fix config

* fix test

* comment fixes

* fix

* fix config check

---------

Co-authored-by: Max Wolff <maxcwolff@gmail.com>
Co-authored-by: Max Wolff <max@scroll.io>
Co-authored-by: Péter Garamvölgyi <th307q@gmail.com>
Co-authored-by: Péter Garamvölgyi <peter@scroll.io>
Co-authored-by: Haichen Shen <shenhaichen@gmail.com>
Co-authored-by: HAOYUatHZ <37070449+HAOYUatHZ@users.noreply.github.com>

* Add ErrUnknownAncestor tests (ethereum#305)

add ErrUnknownAncestor tests

* worker test include l1 msgs (ethereum#306)

* worker test include l1 msgs

* move L1 message index update next to block insertion

---------

Co-authored-by: Péter Garamvölgyi <peter@scroll.io>

* exclude l1 messages from transaction count limit in block (ethereum#307)

* exclude l1 messages from transaction count limit in block

* fix comments

* trigger ci

* nit

---------

Co-authored-by: Péter Garamvölgyi <th307q@gmail.com>
Co-authored-by: Péter Garamvölgyi <peter@scroll.io>

* Expose queueIndex on Transaction (ethereum#316)

expose queueIndex on Transaction

* test that l1msg doesn't count in maxTxPerBlock limit (ethereum#312)

* test that l1msg doesn't count in maxTxPerBlock limit

* fix, comment

* retrigger ci

* change order inside test

---------

Co-authored-by: HAOYUatHZ <37070449+HAOYUatHZ@users.noreply.github.com>
Co-authored-by: Péter Garamvölgyi <th307q@gmail.com>

* reuse trace nonce field for queueIndex

* expose scroll APIs on the geth console

* add L1 message query APIs

* Trigger new block on new l1 messages (ethereum#343)

* trigger new block on new l1 messages

* typo

* initialize l1MsgCh

* fix worker l1msg tests (ethereum#345)

---------

Co-authored-by: Nazarii Denha <dengaaa2002@gmail.com>

* test(worker): ensure that l1 messages are included in the correct order (ethereum#346)

test that l1msgs added in correct order

* rename enqueueIndex --> queueIndex

* move QueueIndex into transaction

* improve l1 db interface

* formatting

* bump version

* print l1config

* add API to query latest included message queue index

* clean up tx limit logic

* add clarifying comments and todos to ValidateL1Messages

* improve db comments and logs

* clean up L1MessageTx type handling

* format

* format

* improve L1 message block check

* fix missing L1 event handling

* fix TestL1MessageValidationFailure

* simplify sync height resume logic

* make l1Config.l1MessageQueueAddress non-pointer

* improve command line flags

* remove todo

* use abigen tools for log filtering

* cache block L1 message count

* nit: fix variable name case

* improve logs

* flush pending writes to DB before shutdown

---------

Co-authored-by: Nazarii Denha <dengaaa2002@gmail.com>
Co-authored-by: Max Wolff <max@scroll.io>
Co-authored-by: Haichen Shen <shenhaichen@gmail.com>
Co-authored-by: Max Wolff <maxcwolff@gmail.com>
Co-authored-by: HAOYUatHZ <37070449+HAOYUatHZ@users.noreply.github.com>
Co-authored-by: HAOYUatHZ <haoyu@protonmail.com>
weiihann pushed a commit to weiihann/go-ethereum that referenced this issue Nov 30, 2023
activate proof generation on fork  + remove code dups

use go-verkle's post-state API to verify proofs (ethereum#262)

use prague as the verkle activation fork (ethereum#263)

upgrade to latest go-ipa

activate verkle transition in "miner" (ethereum#265)

fix: do not force cancunTime upon verkle activation

workaround: do not use root translation in replay

workaround: deactivate overlay transition for now

fixes from trying to get the devnet to work (ethereum#267)

this line was left out from the previous commit

upgrade to go-verkle with fixed newvalue serialization

fix: ensure point cache isn't nil in copy (ethereum#268)

fix: dependency cycle in tests (ethereum#269)

upgrade to latest go-verkle

fix: write trie preimage data to db (ethereum#274)

fix: zero-root in produced block + sync (ethereum#275)

upgrade go-ipa

fix build

fix typo

include review feedback

add switch to add proofs to blocks (ethereum#278)

add fee recipient to witness (ethereum#279)

touch all fields in withdrawal account header (ethereum#277)
luanxu-mxc pushed a commit to MXCzkEVM/mxc-geth that referenced this issue Sep 2, 2024
… is executable (ethereum#269)

* feat(miner): introduce `bytesLimitCheckStep`

* feat: compress

* Update miner/taiko_worker.go

Co-authored-by: Roger <50648015+RogerLamTd@users.noreply.github.com>

---------

Co-authored-by: Roger <50648015+RogerLamTd@users.noreply.github.com>
s1na pushed a commit to s1na/go-ethereum that referenced this issue Dec 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants