From 6854661b29b8fbdc8a0404d5ed38beb0fdd56c5e Mon Sep 17 00:00:00 2001 From: g11tech Date: Wed, 22 Sep 2021 11:05:53 +0530 Subject: [PATCH 1/3] bls-eth-wasm package update for invalidating signature not in g2, validation on by default --- .eslintrc.js | 3 ++- package.json | 2 +- src/blst/signature.ts | 2 +- src/herumi/signature.ts | 5 +++-- test/unit/index.test.ts | 17 +++++++++++++++++ yarn.lock | 10 +++++----- 6 files changed, 29 insertions(+), 10 deletions(-) diff --git a/.eslintrc.js b/.eslintrc.js index 924ad0a..75d8d20 100644 --- a/.eslintrc.js +++ b/.eslintrc.js @@ -44,7 +44,8 @@ module.exports = { "@typescript-eslint/no-explicit-any": "error", "@typescript-eslint/no-require-imports": "error", "@typescript-eslint/no-unused-vars": ["error", { - "varsIgnorePattern": "^_" + "varsIgnorePattern": "^_", + "argsIgnorePattern": "^_", }], "@typescript-eslint/ban-ts-ignore": "warn", "@typescript-eslint/no-use-before-define": "off", diff --git a/package.json b/package.json index f6978ff..5311f5c 100644 --- a/package.json +++ b/package.json @@ -40,7 +40,7 @@ }, "dependencies": { "@chainsafe/bls-keygen": "^0.3.0", - "bls-eth-wasm": "^0.4.4", + "bls-eth-wasm": "^0.4.8", "randombytes": "^2.1.0" }, "devDependencies": { diff --git a/src/blst/signature.ts b/src/blst/signature.ts index fd11b7b..567064b 100644 --- a/src/blst/signature.ts +++ b/src/blst/signature.ts @@ -10,7 +10,7 @@ export class Signature extends blst.Signature implements ISignature { } /** @param type Defaults to `CoordType.affine` */ - static fromBytes(bytes: Uint8Array, type?: blst.CoordType, validate?: boolean): Signature { + static fromBytes(bytes: Uint8Array, type?: blst.CoordType, validate = true): Signature { const sig = blst.Signature.fromBytes(bytes, type); if (validate) sig.sigValidate(); return new Signature(sig.value); diff --git a/src/herumi/signature.ts b/src/herumi/signature.ts index a07e253..7318a74 100644 --- a/src/herumi/signature.ts +++ b/src/herumi/signature.ts @@ -2,7 +2,7 @@ import {SignatureType, multiVerify} from "bls-eth-wasm"; import {getContext} from "./context"; import {PublicKey} from "./publicKey"; import {bytesToHex, concatUint8Arrays, hexToBytes, isZeroUint8Array} from "../helpers"; -import {PointFormat, Signature as ISignature} from "../interface"; +import {PointFormat, Signature as ISignature, CoordType} from "../interface"; import {EmptyAggregateError, InvalidLengthError, InvalidOrderError} from "../errors"; import {SIGNATURE_LENGTH_COMPRESSED, SIGNATURE_LENGTH_UNCOMPRESSED} from "../constants"; @@ -17,7 +17,8 @@ export class Signature implements ISignature { this.value = value; } - static fromBytes(bytes: Uint8Array): Signature { + static fromBytes(bytes: Uint8Array, _type?: CoordType, validate = true): Signature { + if (validate === false) throw new Error("ValidationSkipNotSupported"); const context = getContext(); const signature = new context.Signature(); if (!isZeroUint8Array(bytes)) { diff --git a/test/unit/index.test.ts b/test/unit/index.test.ts index 223eee7..5d6fa64 100644 --- a/test/unit/index.test.ts +++ b/test/unit/index.test.ts @@ -14,6 +14,23 @@ export function runIndexTests(bls: IBls): void { return {sk, pk, msg, sig}; } + describe("signature", () => { + it("should fail loading an invalid signature point (not in G2)", () => { + /* eslint-disable max-len */ + const POINT_NOT_IN_G2 = Buffer.from( + "8123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", + "hex" + ); + let sig; + try { + sig = bls.Signature.fromBytes(POINT_NOT_IN_G2, undefined, true); + } catch { + /* eslint-disable no-empty */ + } + expect(sig === undefined).to.be.true; + }); + }); + describe("verify", () => { it("should verify signature", () => { const {pk, msg, sig} = getRandomData(); diff --git a/yarn.lock b/yarn.lock index 0bf8838..413b905 100644 --- a/yarn.lock +++ b/yarn.lock @@ -158,7 +158,7 @@ integrity sha512-WrKcQiFD1GG04OBnWeeb51Gr0ETx9v4n13S+GI24HQx+NeG1A0LfS44zeu3Tp4PGLbU2cziZudlC0WjF3y/HLQ== dependencies: "@chainsafe/bls-keygen" "^0.3.0" - bls-eth-wasm "^0.4.4" + bls-eth-wasm "^0.4.8" randombytes "^2.1.0" "@chainsafe/blst@^0.2.0": @@ -933,10 +933,10 @@ blob@0.0.5: resolved "https://registry.yarnpkg.com/blob/-/blob-0.0.5.tgz#d680eeef25f8cd91ad533f5b01eed48e64caf683" integrity sha512-gaqbzQPqOoamawKg0LGVd7SzLgXS+JH61oWprSLH+P+abTczqJbhTR8CmJ2u9/bUYNmHTGJx/UEmn6doAvvuig== -bls-eth-wasm@^0.4.4: - version "0.4.4" - resolved "https://registry.yarnpkg.com/bls-eth-wasm/-/bls-eth-wasm-0.4.4.tgz#3d4c99f8ddee6df23e188dc756125268a0f4d525" - integrity sha512-S6XwscKuxxYTANHZX8tZQxZKvj9IhG3aOCEuy1EnNdsAOfuH2pdRIgWrORwpKd4SLdvmPWap9I+TbJRnFx1Yng== +bls-eth-wasm@^0.4.8: + version "0.4.8" + resolved "https://registry.yarnpkg.com/bls-eth-wasm/-/bls-eth-wasm-0.4.8.tgz#ad1818fbd1bfb64d8f3e6cd104bd28b96ebaa5f1" + integrity sha512-ye7+G6KFLb3i9xSrLASAoYqOUK5WLB6XA5DD8Sh0UQpZ3T999ylsYbFdoOJpmvTDuBuMi23Vy8Jm0pn/GF01CA== bluebird@^3.3.0, bluebird@^3.5.5: version "3.7.2" From 5731f49454502bc86479fb3e89019db1775424cd Mon Sep 17 00:00:00 2001 From: g11tech Date: Wed, 22 Sep 2021 15:19:58 +0530 Subject: [PATCH 2/3] ignoring the validate flag on herumi signature impl --- src/herumi/signature.ts | 5 ++--- src/interface.ts | 3 ++- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/herumi/signature.ts b/src/herumi/signature.ts index 7318a74..a07e253 100644 --- a/src/herumi/signature.ts +++ b/src/herumi/signature.ts @@ -2,7 +2,7 @@ import {SignatureType, multiVerify} from "bls-eth-wasm"; import {getContext} from "./context"; import {PublicKey} from "./publicKey"; import {bytesToHex, concatUint8Arrays, hexToBytes, isZeroUint8Array} from "../helpers"; -import {PointFormat, Signature as ISignature, CoordType} from "../interface"; +import {PointFormat, Signature as ISignature} from "../interface"; import {EmptyAggregateError, InvalidLengthError, InvalidOrderError} from "../errors"; import {SIGNATURE_LENGTH_COMPRESSED, SIGNATURE_LENGTH_UNCOMPRESSED} from "../constants"; @@ -17,8 +17,7 @@ export class Signature implements ISignature { this.value = value; } - static fromBytes(bytes: Uint8Array, _type?: CoordType, validate = true): Signature { - if (validate === false) throw new Error("ValidationSkipNotSupported"); + static fromBytes(bytes: Uint8Array): Signature { const context = getContext(); const signature = new context.Signature(); if (!isZeroUint8Array(bytes)) { diff --git a/src/interface.ts b/src/interface.ts index 1a47144..23105bb 100644 --- a/src/interface.ts +++ b/src/interface.ts @@ -38,7 +38,8 @@ export declare class PublicKey { } export declare class Signature { - /** @param type Only for impl `blst-native`. Defaults to `CoordType.affine` */ + /** @param type Only for impl `blst-native`. Defaults to `CoordType.affine` + * @param validate When using `herumi` implementation, signature validation is always on regardless of this flag. */ static fromBytes(bytes: Uint8Array, type?: CoordType, validate?: boolean): Signature; static fromHex(hex: string): Signature; static aggregate(signatures: Signature[]): Signature; From 40fc4b33a2c076fdc185b4f6f8cc8f1e1fe652f2 Mon Sep 17 00:00:00 2001 From: g11tech Date: Wed, 22 Sep 2021 20:51:31 +0530 Subject: [PATCH 3/3] herumi fromBytes explicit signature --- src/herumi/signature.ts | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/herumi/signature.ts b/src/herumi/signature.ts index a07e253..aadf193 100644 --- a/src/herumi/signature.ts +++ b/src/herumi/signature.ts @@ -2,7 +2,7 @@ import {SignatureType, multiVerify} from "bls-eth-wasm"; import {getContext} from "./context"; import {PublicKey} from "./publicKey"; import {bytesToHex, concatUint8Arrays, hexToBytes, isZeroUint8Array} from "../helpers"; -import {PointFormat, Signature as ISignature} from "../interface"; +import {PointFormat, Signature as ISignature, CoordType} from "../interface"; import {EmptyAggregateError, InvalidLengthError, InvalidOrderError} from "../errors"; import {SIGNATURE_LENGTH_COMPRESSED, SIGNATURE_LENGTH_UNCOMPRESSED} from "../constants"; @@ -17,7 +17,11 @@ export class Signature implements ISignature { this.value = value; } - static fromBytes(bytes: Uint8Array): Signature { + /** + * @param type Does not affect `herumi` implementation, always de-serializes to `jacobian` + * @param validate With `herumi` implementation signature validation is always on regardless of this flag. + */ + static fromBytes(bytes: Uint8Array, _type?: CoordType, _validate = true): Signature { const context = getContext(); const signature = new context.Signature(); if (!isZeroUint8Array(bytes)) {