[tss][cs-6.19]: KeySign Message Hash Is Silently Truncated to Curve Order Major

Question

[tss][cs-6.19]: KeySign Message Hash Is Silently Truncated to Curve Order Major

byteflyfunny opened this issue a year ago · 1 comments

The function MsgToHashInt checks for an error condition that cannot occur due to the hardcoded nil error value in the called function. Additionally, the function hashToInt silently truncates the msg[] array (essentially a byte[] hash) to the curve order without any checks to ensure that msg[] is well-formed and within the operational bounds of the function, e.g., a minimum or maximum length. This can lead to undesirable behavior.

Answer 1 · 2023-07-03T09:00:13.000Z

No matter the length of the msg[] is too large, it will always be truncated to a fixed length in the end.
orderBits := c.Params().N.BitLen() orderBytes := (orderBits + 7) / 8 if len(hash) > orderBytes { hash = hash[:orderBytes] }