Add additional checks to key_gen/sign

There is the ability to cause state bloat by flooding Tributary. KeyGen/Sign specifically shouldn't allow bloat since we check the commitments/preprocesses/shares for validity. Accordingly, any invalid data (such as bloat) should be detected. It was posssible to place bloat after the valid data. Doing so would be considered a valid KeyGen/Sign message, yet could add up to 50k kB per sign.
2025-12-08 20:29:23 +00:00 · 2023-04-20 05:22:59 -04:00
parent 8041a0d845
commit 8b5eaa8092
2 changed files with 26 additions and 4 deletions
--- a/processor/src/signer.rs
+++ b/processor/src/signer.rs
@@ -374,9 +374,14 @@ impl<C: Coin, D: Db> Signer<C, D> {
        let preprocesses = match preprocesses
          .drain()
          .map(|(l, preprocess)| {
-            machine
-              .read_preprocess::<&[u8]>(&mut preprocess.as_ref())
-              .map(|preprocess| (l, preprocess))
+            let mut preprocess_ref = preprocess.as_ref();
+            let res = machine
+              .read_preprocess::<&[u8]>(&mut preprocess_ref)
+              .map(|preprocess| (l, preprocess));
+            if !preprocess_ref.is_empty() {
+              todo!("malicious signer: extra bytes");
+            }
+            res
          })
          .collect::<Result<_, _>>()
        {
@@ -424,7 +429,12 @@ impl<C: Coin, D: Db> Signer<C, D> {
        let shares = match shares
          .drain()
          .map(|(l, share)| {
-            machine.read_share::<&[u8]>(&mut share.as_ref()).map(|share| (l, share))
+            let mut share_ref = share.as_ref();
+            let res = machine.read_share::<&[u8]>(&mut share_ref).map(|share| (l, share));
+            if !share_ref.is_empty() {
+              todo!("malicious signer: extra bytes");
+            }
+            res
          })
          .collect::<Result<_, _>>()
        {