From f8a9197ed5ac1837221f05e521c78a0ff881e969 Mon Sep 17 00:00:00 2001
From: Conrado Gouvea <conradoplg@gmail.com>
Date: Tue, 22 Aug 2023 11:55:42 -0300
Subject: [PATCH] return error when creating a zero SigningKey

---
 frost-core/src/signing_key.rs                 |  9 ++++++---
 frost-core/src/tests/ciphersuite_generic.rs   | 10 +++++++++-
 frost-ed25519/tests/integration_tests.rs      |  5 +++++
 frost-ed448/tests/integration_tests.rs        |  5 +++++
 frost-p256/tests/integration_tests.rs         |  5 +++++
 frost-ristretto255/tests/integration_tests.rs |  5 +++++
 frost-secp256k1/tests/integration_tests.rs    |  5 +++++
 7 files changed, 40 insertions(+), 4 deletions(-)

diff --git a/frost-core/src/signing_key.rs b/frost-core/src/signing_key.rs
index 04323e1f..6f398239 100644
--- a/frost-core/src/signing_key.rs
+++ b/frost-core/src/signing_key.rs
@@ -28,9 +28,12 @@ where
     pub fn deserialize(
         bytes: <<C::Group as Group>::Field as Field>::Serialization,
     ) -> Result<SigningKey<C>, Error<C>> {
-        <<C::Group as Group>::Field as Field>::deserialize(&bytes)
-            .map(|scalar| SigningKey { scalar })
-            .map_err(|e| e.into())
+        let scalar =
+            <<C::Group as Group>::Field as Field>::deserialize(&bytes).map_err(Error::from)?;
+        if scalar == <<C::Group as Group>::Field as Field>::zero() {
+            return Err(Error::MalformedSigningKey);
+        }
+        Ok(Self { scalar })
     }
 
     /// Serialize `SigningKey` to bytes
diff --git a/frost-core/src/tests/ciphersuite_generic.rs b/frost-core/src/tests/ciphersuite_generic.rs
index 523777a4..08a7e9ef 100644
--- a/frost-core/src/tests/ciphersuite_generic.rs
+++ b/frost-core/src/tests/ciphersuite_generic.rs
@@ -6,12 +6,20 @@ use std::{
 
 use crate::{
     frost::{self, Identifier},
-    Error, Field, Group, Signature, VerifyingKey,
+    Error, Field, Group, Signature, SigningKey, VerifyingKey,
 };
 use rand_core::{CryptoRng, RngCore};
 
 use crate::Ciphersuite;
 
+/// Test if creating a zero SigningKey fails
+pub fn check_zero_key_fails<C: Ciphersuite>() {
+    let zero = <<<C as Ciphersuite>::Group as Group>::Field>::zero();
+    let encoded_zero = <<<C as Ciphersuite>::Group as Group>::Field>::serialize(&zero);
+    let r = SigningKey::<C>::deserialize(encoded_zero);
+    assert_eq!(r, Err(Error::MalformedSigningKey));
+}
+
 /// Test share generation with a Ciphersuite
 pub fn check_share_generation<C: Ciphersuite, R: RngCore + CryptoRng>(mut rng: R) {
     let secret = crate::SigningKey::<C>::new(&mut rng);
diff --git a/frost-ed25519/tests/integration_tests.rs b/frost-ed25519/tests/integration_tests.rs
index c729c75e..3dd8a2eb 100644
--- a/frost-ed25519/tests/integration_tests.rs
+++ b/frost-ed25519/tests/integration_tests.rs
@@ -3,6 +3,11 @@ use lazy_static::lazy_static;
 use rand::thread_rng;
 use serde_json::Value;
 
+#[test]
+fn check_zero_key_fails() {
+    frost_core::tests::ciphersuite_generic::check_zero_key_fails::<Ed25519Sha512>();
+}
+
 #[test]
 fn check_sign_with_dkg() {
     let rng = thread_rng();
diff --git a/frost-ed448/tests/integration_tests.rs b/frost-ed448/tests/integration_tests.rs
index 90956ccb..323048ec 100644
--- a/frost-ed448/tests/integration_tests.rs
+++ b/frost-ed448/tests/integration_tests.rs
@@ -3,6 +3,11 @@ use lazy_static::lazy_static;
 use rand::thread_rng;
 use serde_json::Value;
 
+#[test]
+fn check_zero_key_fails() {
+    frost_core::tests::ciphersuite_generic::check_zero_key_fails::<Ed448Shake256>();
+}
+
 #[test]
 fn check_sign_with_dkg() {
     let rng = thread_rng();
diff --git a/frost-p256/tests/integration_tests.rs b/frost-p256/tests/integration_tests.rs
index 406181b5..317f5746 100644
--- a/frost-p256/tests/integration_tests.rs
+++ b/frost-p256/tests/integration_tests.rs
@@ -3,6 +3,11 @@ use lazy_static::lazy_static;
 use rand::thread_rng;
 use serde_json::Value;
 
+#[test]
+fn check_zero_key_fails() {
+    frost_core::tests::ciphersuite_generic::check_zero_key_fails::<P256Sha256>();
+}
+
 #[test]
 fn check_sign_with_dkg() {
     let rng = thread_rng();
diff --git a/frost-ristretto255/tests/integration_tests.rs b/frost-ristretto255/tests/integration_tests.rs
index 9d479a7d..3150ba7c 100644
--- a/frost-ristretto255/tests/integration_tests.rs
+++ b/frost-ristretto255/tests/integration_tests.rs
@@ -3,6 +3,11 @@ use lazy_static::lazy_static;
 use rand::thread_rng;
 use serde_json::Value;
 
+#[test]
+fn check_zero_key_fails() {
+    frost_core::tests::ciphersuite_generic::check_zero_key_fails::<Ristretto255Sha512>();
+}
+
 #[test]
 fn check_sign_with_dkg() {
     let rng = thread_rng();
diff --git a/frost-secp256k1/tests/integration_tests.rs b/frost-secp256k1/tests/integration_tests.rs
index f6cb05da..7607e351 100644
--- a/frost-secp256k1/tests/integration_tests.rs
+++ b/frost-secp256k1/tests/integration_tests.rs
@@ -3,6 +3,11 @@ use lazy_static::lazy_static;
 use rand::thread_rng;
 use serde_json::Value;
 
+#[test]
+fn check_zero_key_fails() {
+    frost_core::tests::ciphersuite_generic::check_zero_key_fails::<Secp256K1Sha256>();
+}
+
 #[test]
 fn check_sign_with_dkg() {
     let rng = thread_rng();