Fix another even modulus pow uninitialized mem (#280)

2025-01-26 02:28:48 +00:00 · 2023-10-10 05:57:03 +00:00 · 2023-10-10 05:57:03 +00:00 · 6489053da9
commit 6489053da9
parent 977b6eef42
3 changed files with 47 additions and 11 deletions
--- a/constantine/math_arbitrary_precision/arithmetic/bigints_views.nim
+++ b/constantine/math_arbitrary_precision/arithmetic/bigints_views.nim
@ -170,28 +170,28 @@ func powMod_vartime*(
  #   https://cetinkayakoc.net/docs/j34.pdf

  let qBits = mBits-ctz
-  let pBits = 1+ctz
+  let kBits = 1+ctz
  let qWords = qBits.wordsRequired()
-  let pWords = pBits.wordsRequired()
+  let kWords = kBits.wordsRequired()

  var qBuf  = allocStackArray(SecretWord, qWords)
  var a1Buf = allocStackArray(SecretWord, qWords)
-  var a2Buf = allocStackArray(SecretWord, pWords)
-  var yBuf =  allocStackArray(SecretWord, pWords)
-  var qInv2kBuf = allocStackArray(SecretWord, pWords)
+  var a2Buf = allocStackArray(SecretWord, kWords)
+  var yBuf =  allocStackArray(SecretWord, kWords)
+  var qInv2kBuf = allocStackArray(SecretWord, kWords)

  template q: untyped = qBuf.toOpenArray(0, qWords-1)
  template a1: untyped = a1Buf.toOpenArray(0, qWords-1)
-  template a2: untyped = a2Buf.toOpenArray(0, pWords-1)
-  template y: untyped = yBuf.toOpenArray(0, pWords-1)
-  template qInv2k: untyped = qInv2kBuf.toOpenArray(0, pWords-1)
+  template a2: untyped = a2Buf.toOpenArray(0, kWords-1)
+  template y: untyped = yBuf.toOpenArray(0, kWords-1)
+  template qInv2k: untyped = qInv2kBuf.toOpenArray(0, kWords-1)

  q.shiftRight_vartime(M, ctz)

  a1.powOddMod_vartime(a, exponent, q, window)
  a2.powMod2k_vartime(a, exponent, k = uint ctz)

-  qInv2k.invMod2k_vartime(qBuf.toOpenArray(0, qWords-1), uint ctz)
+  qInv2k.invMod2k_vartime(q, uint ctz)
  y.submod2k_vartime(a2, a1, uint ctz)
  y.mulmod2k_vartime(y, qInv2k, uint ctz)

--- a/constantine/math_arbitrary_precision/arithmetic/limbs_mod2k.nim
+++ b/constantine/math_arbitrary_precision/arithmetic/limbs_mod2k.nim
@ -145,9 +145,12 @@ func powMod2k_vartime*(
  var sBuf = allocStackArray(SecretWord, r.len)
  template s: untyped = sBuf.toOpenArray(0, r.len-1)

-  for i in 0 ..< min(r.len, a.len):
+  let truncLen = min(r.len, a.len)
+  for i in 0 ..< truncLen:
    # range [r.len, a.len) will be truncated (mod 2ᵏ)
    sBuf[i] = a[i]
+  for i in truncLen ..< r.len:
+    sBuf[i] = Zero

  # TODO: sliding/fixed window exponentiation
  for i in countdown(exponent.len-1, 0):
--- a/tests/t_ethereum_evm_modexp.nim
+++ b/tests/t_ethereum_evm_modexp.nim
@ -73,7 +73,7 @@ suite "EVM ModExp precompile (EIP-198)":
    doAssert status == cttEVM_Success
    doAssert r[0] == 0, ". Result was " & $r[0]

-  test "Audit #5-3 - temp buffer extra unintialized word":
+  test "Audit #5-3 - temp buffer extra uninitialized word":
    let input = [

        # Length of base (1)
@ -104,6 +104,39 @@ suite "EVM ModExp precompile (EIP-198)":
    doAssert status == cttEVM_Success
    doAssert r == @[byte 0, 0, 1, 45, 106, 227, 225, 162, 136], ". Result was " & $r

+  test "Audit #5-4 - temp buffer extra uninitialized word (2)":
+    var input = [
+        # Length of base
+        uint8 0x00,
+              0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0c,
+
+        # Length of exponent
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08,
+
+        # Length of modulus
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2b,
+
+        # Base
+        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+
+
+        # Exponent
+        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe0,
+
+        # Modulus
+        0x17, 0xc6, 0xab, 0xaa, 0x3f, 0x00, 0xe5, 0xc0, 0x5b, 0x75, 0x74, 0xcb,
+        0xcf, 0x2a, 0x44, 0xd4, 0x3a, 0xca, 0x4a, 0xc0, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    ]
+    var r = newSeq[byte](0x2b)
+    let status = eth_evm_modexp(r, input)
+    doAssert status == cttEVM_Success
+    doAssert r == @[byte 10, 141, 74, 46, 2, 18, 2, 37, 247, 220, 246, 65, 109, 246, 7, 144, 85, 202, 194, 191, 255, 255, 255, 0, 0, 0, 0, 0, 0, 0, 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1], ". Result was " & $r
+
  test "Audit #8 - off-by-1 buffer overflow - ptr + length exclusive vs openArray(lo, hi) inclusive":
    let input = [
        # Length of base (24)