crypto/ecdsa: `Verify` methods panic on infinite key #266

New issue

Open

opened 2025-12-28 18:07:37 +00:00 by sami · 0 comments

sami commented

2025-12-28 18:07:37 +00:00

Owner

Originally created by @cthulhu-rider on GitHub (Dec 18, 2024).

Current Behavior

following methods panic when public key is decoded from 0x00 byte (infinite):

Expected Behavior

no panic

Possible Solution

exclude infinite case

Steps to Reproduce

func TestPubVerify(t *testing.T) {
	t.Run("ECDSA_SHA512", func(t *testing.T) {
		var pub neofsecdsa.PublicKey
		require.NoError(t, pub.Decode([]byte{0x00}))
		anyValidSig := []byte{4, 54, 181, 48, 83, 197, 23, 131, 0, 233, 48, 96, 155, 28, 68, 0, 189, 120, 251, 60, 163, 5, 136, 106, 63,
			126, 99, 34, 198, 66, 247, 207, 135, 12, 130, 49, 130, 155, 236, 204, 71, 23, 33, 178, 163, 27, 28, 101, 33, 33,
			91, 229, 217, 170, 250, 226, 62, 93, 22, 3, 181, 81, 69, 9, 97}
		require.NotPanics(t, func() { pub.Verify(nil, anyValidSig) })
	})
	t.Run("WalletConnect", func(t *testing.T) {
		var pub neofsecdsa.PublicKeyWalletConnect
		require.NoError(t, pub.Decode([]byte{0x00}))
		anyValidSig := []byte{232, 128, 107, 75, 64, 63, 81, 149, 215, 6, 170, 132, 68, 181, 142, 100, 169, 242, 40, 227, 12, 103,
			202, 72, 190, 66, 240, 251, 115, 112, 36, 115, 169, 186, 16, 121, 153, 101, 206, 38, 156, 154, 69, 80, 198, 172, 125,
			115, 114, 54, 224, 44, 198, 137, 131, 236, 163, 209, 208, 136, 146, 184, 70, 136, 60, 200, 208, 106, 154, 206, 83,
			44, 222, 202, 169, 116, 157, 3, 5, 181}
		require.NotPanics(t, func() { pub.Verify(nil, anyValidSig) })
	})
}

Context

test coverage

Regression

nol

Your Environment

Version of the product used: 0b9bb748ea

Originally created by @cthulhu-rider on GitHub (Dec 18, 2024). ## Current Behavior following methods panic when public key is decoded from `0x00` byte (infinite): * https://pkg.go.dev/github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa#PublicKey.Verify * https://pkg.go.dev/github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa#PublicKeyWalletConnect.Verify ## Expected Behavior no panic ## Possible Solution exclude infinite case ## Steps to Reproduce ```go func TestPubVerify(t *testing.T) { t.Run("ECDSA_SHA512", func(t *testing.T) { var pub neofsecdsa.PublicKey require.NoError(t, pub.Decode([]byte{0x00})) anyValidSig := []byte{4, 54, 181, 48, 83, 197, 23, 131, 0, 233, 48, 96, 155, 28, 68, 0, 189, 120, 251, 60, 163, 5, 136, 106, 63, 126, 99, 34, 198, 66, 247, 207, 135, 12, 130, 49, 130, 155, 236, 204, 71, 23, 33, 178, 163, 27, 28, 101, 33, 33, 91, 229, 217, 170, 250, 226, 62, 93, 22, 3, 181, 81, 69, 9, 97} require.NotPanics(t, func() { pub.Verify(nil, anyValidSig) }) }) t.Run("WalletConnect", func(t *testing.T) { var pub neofsecdsa.PublicKeyWalletConnect require.NoError(t, pub.Decode([]byte{0x00})) anyValidSig := []byte{232, 128, 107, 75, 64, 63, 81, 149, 215, 6, 170, 132, 68, 181, 142, 100, 169, 242, 40, 227, 12, 103, 202, 72, 190, 66, 240, 251, 115, 112, 36, 115, 169, 186, 16, 121, 153, 101, 206, 38, 156, 154, 69, 80, 198, 172, 125, 115, 114, 54, 224, 44, 198, 137, 131, 236, 163, 209, 208, 136, 146, 184, 70, 136, 60, 200, 208, 106, 154, 206, 83, 44, 222, 202, 169, 116, 157, 3, 5, 181} require.NotPanics(t, func() { pub.Verify(nil, anyValidSig) }) }) } ``` ## Context test coverage ## Regression nol ## Your Environment * Version of the product used: 0b9bb748ea16370c9b88090a902413324e86bcf1