Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: add ec pub key validation checks #112

Merged
merged 1 commit into from
Nov 21, 2023
Merged

fix: add ec pub key validation checks #112

merged 1 commit into from
Nov 21, 2023

Conversation

hamada147
Copy link
Contributor

  • Adding additional validation to public key compress method

@hamada147 hamada147 self-assigned this Nov 15, 2023
@hamada147 hamada147 marked this pull request as draft November 15, 2023 16:48
@atala-dev
Copy link
Contributor

atala-dev commented Nov 15, 2023
edited
Loading

Code Coverage

File Coverage [73.91%]
cryptography/src/androidMain/kotlin/io/iohk/atala/prism/apollo/secp256k1/Secp256k1Lib.kt 86.67%
cryptography/src/commonMain/kotlin/io/iohk/atala/prism/apollo/secp256k1/Secp256k1Helper.kt 62.50%
cryptography/src/iosMain/kotlin/io/iohk/atala/prism/apollo/secp256k1/Secp256k1Lib.kt 86.67%
cryptography/src/jvmMain/kotlin/io/iohk/atala/prism/apollo/secp256k1/Secp256k1Lib.kt 86.67%
secp256k1-kmp/src/commonMain/kotlin/fr/acinq/secp256k1/Secp256k1.kt 43.75%
Total Project Coverage 91.15%

@elribonazo elribonazo changed the title chore: add additional checks chore: add additional checks for secp256k1 Nov 16, 2023
@elribonazo elribonazo marked this pull request as ready for review November 20, 2023 11:52
goncalo-frade-iohk
goncalo-frade-iohk reviewed Nov 20, 2023
View reviewed changes
Copy link
Contributor

@goncalo-frade-iohk goncalo-frade-iohk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jesusdiazvico @alexandroszacharakis8 you guys can probably help us on this, can we have a unit test from you guys that checks this validation? (https://www.secg.org/sec1-v2.pdf - section 3.2.2.1)

It can be as simple as providing a valid public key and multiple invalid public key cases so we can test this.

cryptography/src/androidMain/kotlin/io/iohk/atala/prism/apollo/secp256k1/Secp256k1Lib.kt Outdated
Comment on lines 13 to 12
val x = BigInteger.fromByteArray(pubKey.sliceArray(1..32), Sign.POSITIVE)
val y = BigInteger.fromByteArray(pubKey.sliceArray(33..64), Sign.POSITIVE)
val b = BigInteger(7)
val p = BigInteger.parseString("115792089237316195423570985008687907853269984665640564039457584007908834671663", 10)
return if (((y * y - x * x * x - b) mod p) == BigInteger.ZERO) {
Secp256k1.pubKeyCompress(pubKey)
} else {
throw Secp256k1Exception("invalid public key")
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems to be logic that is sharable through the platforms, so probably lets put it into a function and use the same logic everywhere and not repeat it multiple times ;) It will be easier for Helen to review as well.

@goncalo-frade-iohk goncalo-frade-iohk changed the title chore: add additional checks for secp256k1 fix: add ec pub key validation checks Nov 20, 2023
@elribonazo elribonazo merged commit 023beb7 into main Nov 21, 2023
2 checks passed
@elribonazo elribonazo deleted the ATL-6166 branch November 21, 2023 10:00
atala-dev added a commit that referenced this pull request Nov 21, 2023
@atala-dev
chore(release): cut apollo version 1.1.1
12c3416 
## [1.1.1](v1.1.0...v1.1.1) (2023-11-21)

### Bug Fixes

* add ec pub key validation checks ([#112](#112)) ([023beb7](023beb7))
* Base32 re-implemented as per RFC-4648 ([#111](#111)) ([4170ac1](4170ac1))
* Update npm configuration for npmjs repository ([#114](#114)) ([c8a0ca4](c8a0ca4))
@atala-dev
Copy link
Contributor

🎉 This PR is included in version 1.1.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

hamada147 added a commit that referenced this pull request May 20, 2024
@hamada147
fix: add ec pub key validation checks (#112)
f8e906f 
Signed-off-by: Ahmed Moussa <[email protected]>
hamada147 pushed a commit that referenced this pull request May 20, 2024
@atala-dev @hamada147
chore(release): cut apollo version 1.1.1
f31928d 
## [1.1.1](v1.1.0...v1.1.1) (2023-11-21)

### Bug Fixes

* add ec pub key validation checks ([#112](#112)) ([023beb7](023beb7))
* Base32 re-implemented as per RFC-4648 ([#111](#111)) ([4170ac1](4170ac1))
* Update npm configuration for npmjs repository ([#114](#114)) ([c8a0ca4](c8a0ca4))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Hbire21 Hbire21 Hbire21 approved these changes

@goncalo-frade-iohk goncalo-frade-iohk goncalo-frade-iohk approved these changes

@elribonazo elribonazo Awaiting requested review from elribonazo

@curtis-h curtis-h Awaiting requested review from curtis-h

@cristianIOHK cristianIOHK Awaiting requested review from cristianIOHK

Assignees

@hamada147 hamada147

Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@hamada147 @atala-dev @goncalo-frade-iohk @Hbire21 @elribonazo