wip: attempts fixing serialization error in covercrypt

Author: tbrezot

crates/openssl_provider/src/p256/scalar.rs

@@ -12,10 +12,13 @@ use openssl::{
     error::ErrorStack,
 };
 use std::ops::Div;
-use zeroize::ZeroizeOnDrop;
+use zeroize::{Zeroize, ZeroizeOnDrop};
 
 fn clone_big_num(n: &BigNum) -> Result<BigNum, ErrorStack> {
-    BigNum::from_slice(&n.to_vec())
+    let mut bytes = n.to_vec();
+    let clone = BigNum::from_slice(&bytes);
+    bytes.zeroize();
+    clone
 }
 
 fn get_group_order(ctxt: &mut BigNumContext) -> Result<BigNum, ErrorStack> {
@@ -67,12 +70,20 @@ impl PartialEq for P256Scalar {
 impl Eq for P256Scalar {}
 
 impl P256Scalar {
-    pub const SCALAR_LENGTH: usize = 32;
+    pub const LENGTH: usize = 32;
 }
 
-impl Seedable<{ Self::SCALAR_LENGTH }> for P256Scalar {
-    fn from_seed(seed: &Secret<{ Self::SCALAR_LENGTH }>) -> Self {
-        Self(BigNum::from_slice(&**seed))
+impl Seedable<{ Self::LENGTH }> for P256Scalar {
+    fn from_seed(seed: &Secret<{ Self::LENGTH }>) -> Self {
+        let from_seed = |seed: &Secret<{ Self::LENGTH }>| {
+            let n = BigNum::from_slice(&**seed)?;
+            let mut ctxt = BigNumContext::new()?;
+            let mut res = BigNum::new()?;
+            let order = get_group_order(&mut ctxt)?;
+            res.nnmod(&n, &order, &mut ctxt)?;
+            Ok(res)
+        };
+        Self(from_seed(seed))
     }
 }
 
@@ -219,20 +230,32 @@ impl Serializable for P256Scalar {
     type Error = CryptoCoreError;
 
     fn length(&self) -> usize {
-        Self::SCALAR_LENGTH
+        Self::LENGTH
     }
 
     fn write(&self, ser: &mut Serializer) -> Result<usize, Self::Error> {
         match &self.0 {
-            Ok(n) => ser.write_array(&n.to_vec()),
+            Ok(n) => {
+                let mut bytes = n.to_vec();
+                if Self::LENGTH < bytes.len() {
+                    return Err(CryptoCoreError::GenericSerializationError(format!(
+                        "scalar bytes is to big: {}",
+                        bytes.len()
+                    )));
+                }
+                let mut fixed_length_bytes = Secret::<{ Self::LENGTH }>::new();
+                fixed_length_bytes[..bytes.len()].copy_from_slice(&bytes);
+                bytes.zeroize();
+                ser.write_array(&*fixed_length_bytes)
+            }
             Err(e) => Err(CryptoCoreError::GenericSerializationError(format!(
                 "cannot serialize a scalar in error state: {e}"
             ))),
         }
     }
 
     fn read(de: &mut Deserializer) -> Result<Self, Self::Error> {
-        let bytes = de.read_array::<32>()?;
+        let bytes = de.read_array::<{ Self::LENGTH }>()?;
         BigNum::from_slice(&bytes).map(Ok).map(Self).map_err(|e| {
             CryptoCoreError::GenericDeserializationError(format!("cannot deserialize scalar: {e}"))
         })
@@ -255,5 +278,11 @@ mod tests {
         let mut rng = CsRng::from_entropy();
         let s = P256Scalar::random(&mut rng);
         test_serialization(&s).unwrap();
+
+        // Test serialization from seed.
+        let mut rng = CsRng::from_entropy();
+        let seed = Secret::<{ P256Scalar::LENGTH }>::random(&mut rng);
+        let s = P256Scalar::from_seed(&seed);
+        test_serialization(&s).unwrap();
     }
 }