From c07a48d32b49095af8fb01882d68ca68df0df251 Mon Sep 17 00:00:00 2001 From: FilippoTrotter Date: Mon, 14 Oct 2024 09:46:56 +0200 Subject: [PATCH 1/3] fix: add some checks on disclosed indexes array --- src/lua/crypto_bbs.lua | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/src/lua/crypto_bbs.lua b/src/lua/crypto_bbs.lua index 804dc4855..2def13691 100755 --- a/src/lua/crypto_bbs.lua +++ b/src/lua/crypto_bbs.lua @@ -644,16 +644,19 @@ local function core_proof_gen(ciphersuite, pk, signature, generators, header, ph local signature_result = octets_to_signature(signature) local AA, e = table.unpack(signature_result) local undisclosed_indexes = {} + local disclosed_messages = {} + local undisclosed_messages = {} + for i, v in ipairs(disclosed_indexes) do + if i > 1 and disclosed_indexes[i] == disclosed_indexes[i - 1] then + error('disclosed indexes contains duplicates', 3) + end + table.insert(disclosed_messages, messages[v]) + end for i = 1, L do if not array_contains(disclosed_indexes, i) then table.insert(undisclosed_indexes, i) end end - local disclosed_messages = {} - local undisclosed_messages = {} - for _,v in ipairs(disclosed_indexes) do - table.insert(disclosed_messages, messages[v]) - end for _,v in ipairs(undisclosed_indexes) do table.insert(undisclosed_messages, messages[v]) end @@ -679,6 +682,7 @@ function bbs.proof_gen(ciphersuite, pk, signature, header, ph, messages, disclos header = header or O.empty() ph = ph or O.empty() table.sort(disclosed_indexes) -- make sure indexes are sorted + if (disclosed_indexes[1] <= 0 or disclosed_indexes[#disclosed_indexes] > #messages) then error('disclosed indexes contains not valid integers', 2) end local messages = bbs.messages_to_scalars(ciphersuite,messages) local generators = bbs.create_generators(ciphersuite, table_size(messages) + 1) local proof = core_proof_gen(ciphersuite, pk, signature, generators, header, ph, messages, disclosed_indexes) @@ -830,7 +834,14 @@ function bbs.proof_verify(ciphersuite, pk, proof, header, ph, disclosed_messages disclosed_indexes = disclosed_indexes or {} local len_U = math.floor((#proof-proof_len_floor)/OCTET_SCALAR_LENGTH) local len_R = table_size(disclosed_indexes) - + if (disclosed_indexes[1] <= 0 or disclosed_indexes[#disclosed_indexes] > len_U + len_R) then + error('disclosed indexes contains not valid integers', 2) + end + for i = 2, len_R, 1 do + if disclosed_indexes[i] == disclosed_indexes[i - 1] then + error('disclosed indexes contains duplicates', 2) + end + end local message_scalars = bbs.messages_to_scalars(ciphersuite, disclosed_messages_octets) local generators = bbs.create_generators(ciphersuite, len_U+len_R+1) From 027df2a59ee5ef5715eb2823518315a0a603d73b Mon Sep 17 00:00:00 2001 From: FilippoTrotter Date: Tue, 15 Oct 2024 09:19:27 +0200 Subject: [PATCH 2/3] fix(bbs): better error handling for disclosed indexes array --- src/lua/crypto_bbs.lua | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/src/lua/crypto_bbs.lua b/src/lua/crypto_bbs.lua index 2def13691..976f18664 100755 --- a/src/lua/crypto_bbs.lua +++ b/src/lua/crypto_bbs.lua @@ -682,7 +682,12 @@ function bbs.proof_gen(ciphersuite, pk, signature, header, ph, messages, disclos header = header or O.empty() ph = ph or O.empty() table.sort(disclosed_indexes) -- make sure indexes are sorted - if (disclosed_indexes[1] <= 0 or disclosed_indexes[#disclosed_indexes] > #messages) then error('disclosed indexes contains not valid integers', 2) end + if disclosed_indexes[1] <= 0 then + error('Disclosed indexes contains an integer less than or equal to 0', 2) + end + if disclosed_indexes[#disclosed_indexes] > #messages then + error('Disclosed index contains an integer which exceeds the total number of messages', 2) + end local messages = bbs.messages_to_scalars(ciphersuite,messages) local generators = bbs.create_generators(ciphersuite, table_size(messages) + 1) local proof = core_proof_gen(ciphersuite, pk, signature, generators, header, ph, messages, disclosed_indexes) @@ -834,8 +839,11 @@ function bbs.proof_verify(ciphersuite, pk, proof, header, ph, disclosed_messages disclosed_indexes = disclosed_indexes or {} local len_U = math.floor((#proof-proof_len_floor)/OCTET_SCALAR_LENGTH) local len_R = table_size(disclosed_indexes) - if (disclosed_indexes[1] <= 0 or disclosed_indexes[#disclosed_indexes] > len_U + len_R) then - error('disclosed indexes contains not valid integers', 2) + if disclosed_indexes[1] <= 0 then + error('Disclosed indexes contains an integer less than or equal to 0', 2) + end + if disclosed_indexes[#disclosed_indexes] > len_R+len_U then + error('Disclosed index contains an integer which exceeds the total number of messages', 2) end for i = 2, len_R, 1 do if disclosed_indexes[i] == disclosed_indexes[i - 1] then From 3e9a95276d9623dd4f0e9a9f0db28884b69589e9 Mon Sep 17 00:00:00 2001 From: FilippoTrotter Date: Mon, 21 Oct 2024 09:19:10 +0200 Subject: [PATCH 3/3] add explanatory comment on BBS+ indexes error handling --- src/lua/crypto_bbs.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lua/crypto_bbs.lua b/src/lua/crypto_bbs.lua index 976f18664..65e856417 100755 --- a/src/lua/crypto_bbs.lua +++ b/src/lua/crypto_bbs.lua @@ -647,7 +647,7 @@ local function core_proof_gen(ciphersuite, pk, signature, generators, header, ph local disclosed_messages = {} local undisclosed_messages = {} for i, v in ipairs(disclosed_indexes) do - if i > 1 and disclosed_indexes[i] == disclosed_indexes[i - 1] then + if i > 1 and disclosed_indexes[i] == disclosed_indexes[i - 1] then --Arrays are always sorted in proof_gen (line 684) before being passed as input to core_proof_gen error('disclosed indexes contains duplicates', 3) end table.insert(disclosed_messages, messages[v])