return error when creating a zero SigningKey

ZcashFoundation · Aug 22, 2023 · f8a9197 · f8a9197
1 parent 60d9942
commit f8a9197
Show file tree

Hide file tree

Showing 7 changed files with 40 additions and 4 deletions.
diff --git a/frost-core/src/signing_key.rs b/frost-core/src/signing_key.rs
@@ -28,9 +28,12 @@ where
     pub fn deserialize(
         bytes: <<C::Group as Group>::Field as Field>::Serialization,
     ) -> Result<SigningKey<C>, Error<C>> {
-        <<C::Group as Group>::Field as Field>::deserialize(&bytes)
-            .map(|scalar| SigningKey { scalar })
-            .map_err(|e| e.into())
+        let scalar =
+            <<C::Group as Group>::Field as Field>::deserialize(&bytes).map_err(Error::from)?;
+        if scalar == <<C::Group as Group>::Field as Field>::zero() {
+            return Err(Error::MalformedSigningKey);
+        }
+        Ok(Self { scalar })
     }
 
     /// Serialize `SigningKey` to bytes

diff --git a/frost-core/src/tests/ciphersuite_generic.rs b/frost-core/src/tests/ciphersuite_generic.rs
@@ -6,12 +6,20 @@ use std::{
 
 use crate::{
     frost::{self, Identifier},
-    Error, Field, Group, Signature, VerifyingKey,
+    Error, Field, Group, Signature, SigningKey, VerifyingKey,
 };
 use rand_core::{CryptoRng, RngCore};
 
 use crate::Ciphersuite;
 
+/// Test if creating a zero SigningKey fails
+pub fn check_zero_key_fails<C: Ciphersuite>() {
+    let zero = <<<C as Ciphersuite>::Group as Group>::Field>::zero();
+    let encoded_zero = <<<C as Ciphersuite>::Group as Group>::Field>::serialize(&zero);
+    let r = SigningKey::<C>::deserialize(encoded_zero);
+    assert_eq!(r, Err(Error::MalformedSigningKey));
+}
+
 /// Test share generation with a Ciphersuite
 pub fn check_share_generation<C: Ciphersuite, R: RngCore + CryptoRng>(mut rng: R) {
     let secret = crate::SigningKey::<C>::new(&mut rng);

diff --git a/frost-ed25519/tests/integration_tests.rs b/frost-ed25519/tests/integration_tests.rs
@@ -3,6 +3,11 @@ use lazy_static::lazy_static;
 use rand::thread_rng;
 use serde_json::Value;
 
+#[test]
+fn check_zero_key_fails() {
+    frost_core::tests::ciphersuite_generic::check_zero_key_fails::<Ed25519Sha512>();
+}
+
 #[test]
 fn check_sign_with_dkg() {
     let rng = thread_rng();

diff --git a/frost-ed448/tests/integration_tests.rs b/frost-ed448/tests/integration_tests.rs
@@ -3,6 +3,11 @@ use lazy_static::lazy_static;
 use rand::thread_rng;
 use serde_json::Value;
 
+#[test]
+fn check_zero_key_fails() {
+    frost_core::tests::ciphersuite_generic::check_zero_key_fails::<Ed448Shake256>();
+}
+
 #[test]
 fn check_sign_with_dkg() {
     let rng = thread_rng();

diff --git a/frost-p256/tests/integration_tests.rs b/frost-p256/tests/integration_tests.rs
@@ -3,6 +3,11 @@ use lazy_static::lazy_static;
 use rand::thread_rng;
 use serde_json::Value;
 
+#[test]
+fn check_zero_key_fails() {
+    frost_core::tests::ciphersuite_generic::check_zero_key_fails::<P256Sha256>();
+}
+
 #[test]
 fn check_sign_with_dkg() {
     let rng = thread_rng();

diff --git a/frost-ristretto255/tests/integration_tests.rs b/frost-ristretto255/tests/integration_tests.rs
@@ -3,6 +3,11 @@ use lazy_static::lazy_static;
 use rand::thread_rng;
 use serde_json::Value;
 
+#[test]
+fn check_zero_key_fails() {
+    frost_core::tests::ciphersuite_generic::check_zero_key_fails::<Ristretto255Sha512>();
+}
+
 #[test]
 fn check_sign_with_dkg() {
     let rng = thread_rng();

diff --git a/frost-secp256k1/tests/integration_tests.rs b/frost-secp256k1/tests/integration_tests.rs
@@ -3,6 +3,11 @@ use lazy_static::lazy_static;
 use rand::thread_rng;
 use serde_json::Value;
 
+#[test]
+fn check_zero_key_fails() {
+    frost_core::tests::ciphersuite_generic::check_zero_key_fails::<Secp256K1Sha256>();
+}
+
 #[test]
 fn check_sign_with_dkg() {
     let rng = thread_rng();