search

str4d / ed25519-java

Pure Java implementation of EdDSA
Creative Commons Zero v1.0 Universal
220 stars 74 forks source link

NullPointerException in Ed25519FieldElement.invert #57

Open mckpm opened 6 years ago

mckpm commented 6 years ago

We occasionally see this crash in the field (haven't managed to reproduce):

#0. Crashed: main
       at net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable.getByName(EdDSANamedCurveTable.java:67)
       at org.stellar.sdk.KeyPair.(KeyPair.java:29)
       at org.stellar.sdk.KeyPair.fromAccountId(KeyPair.java:104)
[...]

Fatal Exception: java.lang.ExceptionInInitializerError
       at net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable.getByName(EdDSANamedCurveTable.java:67)
       at org.stellar.sdk.KeyPair.(KeyPair.java:29)
       at org.stellar.sdk.KeyPair.fromAccountId(KeyPair.java:104)
[...]

Caused by java.lang.NullPointerException: Attempt to invoke virtual method 'b.a.a.a.a.e b.a.a.a.a.e.g()' on a null object reference
       at net.i2p.crypto.eddsa.math.ed25519.Ed25519FieldElement.invert(Ed25519FieldElement.java:811)
       at net.i2p.crypto.eddsa.math.GroupElement.precompute(GroupElement.java:472)
       at net.i2p.crypto.eddsa.math.Curve.createPoint(Curve.java:78)
       at net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable.(EdDSANamedCurveTable.java:43)
       at net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable.getByName(EdDSANamedCurveTable.java:67)
       at org.stellar.sdk.KeyPair.(KeyPair.java:29)
       at org.stellar.sdk.KeyPair.fromAccountId(KeyPair.java:104)
[...]
str4d commented 5 years ago

invert() is being called here:

https://github.com/str4d/ed25519-java/blob/581c6a969a54180632d6991ef7a5a0b7a3e95524/src/net/i2p/crypto/eddsa/math/GroupElement.java#L467-L472

At the crash point, invert() is doing this:

https://github.com/str4d/ed25519-java/blob/581c6a969a54180632d6991ef7a5a0b7a3e95524/src/net/i2p/crypto/eddsa/math/ed25519/Ed25519FieldElement.java#L806-L812

So my initial guess would be that t2.square() returns null at some point either before or during that loop, and the subsequent iteration then has t2 set to null, causing the NPE. However, Ed25519FieldElement.square() never returns null (it does deterministic maths and then calls a constructor, which can never return null but does potentially throw an IAE). So... I'm going to leave this open until someone else can reproduce this.