Giters

cloudflare / circl

CIRCL: Cloudflare Interoperable Reusable Cryptographic Library

Home Page:http://blog.cloudflare.com/introducing-circl

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Inadequate scalar reduction in p384 leads to panic

guidovranken opened this issue · comments

commented

circl/ecc/p384/p384opt.go

Line 55 in 15f3904

// reduceScalar shorten a scalar modulo the order of the curve.

reduceScalar is supposed to "shorten a scalar modulo the order of the curve" but it doesn't do that for all inputs and this can lead to a panic in wnaf.go.

PoC:

package main

import (
    "github.com/cloudflare/circl/ecc/p384"
    "math/big"
)

func main() {
    a_x, _ := new(big.Int).SetString("2197194086093689212280862101867524553402030273258457080984175289262818302155461584526794911762464589043284585654550", 10)
    a_y, _ := new(big.Int).SetString("27340319491623798325691320370638865713982009585794110374349453846146179674941474386159930807215381526124834607054138", 10)
    b, _ := new(big.Int).SetString("39402006196394479212279040100143613805079739270465446667946905279627659399113263569398956308152294913554433653942684", 10)

    curve := p384.P384()
    curve.ScalarMult(a_x, a_y, b.Bytes())
}
commented

Thanks for reporting @guidovranken , we will investigate the fix.