fix: check EdDSA signature values not zero

Consensys · Sep 27, 2023 · 44c64cd · 44c64cd
1 parent 2a0b47d
commit 44c64cd
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/internal/generator/edwards/eddsa/template/marshal.go.tmpl b/internal/generator/edwards/eddsa/template/marshal.go.tmpl
@@ -118,20 +118,27 @@ func (sig *Signature) SetBytes(buf []byte) (int, error) {
 	// R < P_mod (to avoid malleability)
 	// P_mod = field of def of the twisted Edwards = Fr snark field
 	fpMod := fr.Modulus()
+	zero := big.NewInt(0)
 	var bufBigInt big.Int
 	bufCopy := make([]byte, fr.Bytes)
 	for i := 0; i < sizeFr; i++ {
 		bufCopy[sizeFr-1-i] = buf[i]
 	}
 	bufCopy[0] &= mUnmask
 	bufBigInt.SetBytes(bufCopy)
+	if bufBigInt.Cmp(zero) == 0 {
+		return 0, ErrZero
+	}
 	if bufBigInt.Cmp(fpMod) != -1 {
 		return 0, ErrRBiggerThanPMod
 	}
 
 	// S < R_mod (to avoid malleability)
 	// R_mod is the relevant group size of the twisted Edwards NOT the fr snark field so it's supposedly smaller
 	bufBigInt.SetBytes(buf[sizeFr : 2*sizeFr])
+	if bufBigInt.Cmp(zero) == 0 {
+		return 0, ErrZero
+	}
 	cp := twistededwards.GetEdwardsCurve()
 	if bufBigInt.Cmp(&cp.Order) != -1 {
 		return 0, ErrSBiggerThanRMod