codex-storage/constantine
1
0
Fork 0
mirror of https://github.com/codex-storage/constantine.git synced 2025-01-26 18:48:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix another even modulus pow uninitialized mem (#280)

Browse Source
This commit is contained in:
Mamy Ratsimbazafy 2023-10-10 05:57:03 +00:00 committed by GitHub
parent 977b6eef42
commit 6489053da9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 47 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
constantine/math_arbitrary_precision/arithmetic/bigints_views.nim
View File

@ -170,28 +170,28 @@ func powMod_vartime*(
# https://cetinkayakoc.net/docs/j34.pdf # https://cetinkayakoc.net/docs/j34.pdf
let qBits = mBits-ctz let qBits = mBits-ctz
let pBits = 1+ctz let kBits = 1+ctz
let qWords = qBits.wordsRequired() let qWords = qBits.wordsRequired()
let pWords = pBits.wordsRequired() let kWords = kBits.wordsRequired()
var qBuf = allocStackArray(SecretWord, qWords) var qBuf = allocStackArray(SecretWord, qWords)
var a1Buf = allocStackArray(SecretWord, qWords) var a1Buf = allocStackArray(SecretWord, qWords)
var a2Buf = allocStackArray(SecretWord, pWords) var a2Buf = allocStackArray(SecretWord, kWords)
var yBuf = allocStackArray(SecretWord, pWords) var yBuf = allocStackArray(SecretWord, kWords)
var qInv2kBuf = allocStackArray(SecretWord, pWords) var qInv2kBuf = allocStackArray(SecretWord, kWords)
template q: untyped = qBuf.toOpenArray(0, qWords-1) template q: untyped = qBuf.toOpenArray(0, qWords-1)
template a1: untyped = a1Buf.toOpenArray(0, qWords-1) template a1: untyped = a1Buf.toOpenArray(0, qWords-1)
template a2: untyped = a2Buf.toOpenArray(0, pWords-1) template a2: untyped = a2Buf.toOpenArray(0, kWords-1)
template y: untyped = yBuf.toOpenArray(0, pWords-1) template y: untyped = yBuf.toOpenArray(0, kWords-1)
template qInv2k: untyped = qInv2kBuf.toOpenArray(0, pWords-1) template qInv2k: untyped = qInv2kBuf.toOpenArray(0, kWords-1)
q.shiftRight_vartime(M, ctz) q.shiftRight_vartime(M, ctz)
a1.powOddMod_vartime(a, exponent, q, window) a1.powOddMod_vartime(a, exponent, q, window)
a2.powMod2k_vartime(a, exponent, k = uint ctz) a2.powMod2k_vartime(a, exponent, k = uint ctz)
qInv2k.invMod2k_vartime(qBuf.toOpenArray(0, qWords-1), uint ctz) qInv2k.invMod2k_vartime(q, uint ctz)
y.submod2k_vartime(a2, a1, uint ctz) y.submod2k_vartime(a2, a1, uint ctz)
y.mulmod2k_vartime(y, qInv2k, uint ctz) y.mulmod2k_vartime(y, qInv2k, uint ctz)

5
constantine/math_arbitrary_precision/arithmetic/limbs_mod2k.nim
View File

@ -145,9 +145,12 @@ func powMod2k_vartime*(
var sBuf = allocStackArray(SecretWord, r.len) var sBuf = allocStackArray(SecretWord, r.len)
template s: untyped = sBuf.toOpenArray(0, r.len-1) template s: untyped = sBuf.toOpenArray(0, r.len-1)
for i in 0 ..< min(r.len, a.len): let truncLen = min(r.len, a.len)
for i in 0 ..< truncLen:
# range [r.len, a.len) will be truncated (mod 2ᵏ) # range [r.len, a.len) will be truncated (mod 2ᵏ)
sBuf[i] = a[i] sBuf[i] = a[i]
for i in truncLen ..< r.len:
sBuf[i] = Zero
# TODO: sliding/fixed window exponentiation # TODO: sliding/fixed window exponentiation
for i in countdown(exponent.len-1, 0): for i in countdown(exponent.len-1, 0):

35
tests/t_ethereum_evm_modexp.nim
View File

@ -73,7 +73,7 @@ suite "EVM ModExp precompile (EIP-198)":
doAssert status == cttEVM_Success doAssert status == cttEVM_Success
doAssert r[0] == 0, ". Result was " & $r[0] doAssert r[0] == 0, ". Result was " & $r[0]
test "Audit #5-3 - temp buffer extra unintialized word": test "Audit #5-3 - temp buffer extra uninitialized word":
let input = [ let input = [
# Length of base (1) # Length of base (1)
@ -104,6 +104,39 @@ suite "EVM ModExp precompile (EIP-198)":
doAssert status == cttEVM_Success doAssert status == cttEVM_Success
doAssert r == @[byte 0, 0, 1, 45, 106, 227, 225, 162, 136], ". Result was " & $r doAssert r == @[byte 0, 0, 1, 45, 106, 227, 225, 162, 136], ". Result was " & $r
test "Audit #5-4 - temp buffer extra uninitialized word (2)":
var input = [
# Length of base
uint8 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0c,
# Length of exponent
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08,
# Length of modulus
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2b,
# Base
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
# Exponent
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe0,
# Modulus
0x17, 0xc6, 0xab, 0xaa, 0x3f, 0x00, 0xe5, 0xc0, 0x5b, 0x75, 0x74, 0xcb,
0xcf, 0x2a, 0x44, 0xd4, 0x3a, 0xca, 0x4a, 0xc0, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
]
var r = newSeq[byte](0x2b)
let status = eth_evm_modexp(r, input)
doAssert status == cttEVM_Success
doAssert r == @[byte 10, 141, 74, 46, 2, 18, 2, 37, 247, 220, 246, 65, 109, 246, 7, 144, 85, 202, 194, 191, 255, 255, 255, 0, 0, 0, 0, 0, 0, 0, 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1], ". Result was " & $r
test "Audit #8 - off-by-1 buffer overflow - ptr + length exclusive vs openArray(lo, hi) inclusive": test "Audit #8 - off-by-1 buffer overflow - ptr + length exclusive vs openArray(lo, hi) inclusive":
let input = [ let input = [
# Length of base (24) # Length of base (24)