absolutebi/serai
1
0
Fork 0
mirror of https://github.com/serai-dex/serai.git synced 2025-12-08 04:09:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add additional checks to key_gen/sign

Browse Source 
There is the ability to cause state bloat by flooding Tributary.
KeyGen/Sign specifically shouldn't allow bloat since we check the
commitments/preprocesses/shares for validity. Accordingly, any invalid data
(such as bloat) should be detected.

It was posssible to place bloat after the valid data. Doing so would be
considered a valid KeyGen/Sign message, yet could add up to 50k kB per sign.
This commit is contained in:
Luke Parker
2023-04-20 05:22:59 -04:00
parent 8041a0d845
commit 8b5eaa8092
2 changed files with 26 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
processor/src/key_gen.rs
View File

@@ -267,6 +267,12 @@ impl<C: Coin, D: Db> KeyGen<C, D> {
let (coin_machine, coin_shares) = let (coin_machine, coin_shares) =
handle_machine(&mut rng, params, machines.1, &mut commitments_ref); handle_machine(&mut rng, params, machines.1, &mut commitments_ref);
for (_, commitments) in commitments_ref {
if !commitments.is_empty() {
todo!("malicious signer: extra bytes");
}
}
self.active_share.insert(id.set, (substrate_machine, coin_machine)); self.active_share.insert(id.set, (substrate_machine, coin_machine));
let mut shares: HashMap<_, _> = let mut shares: HashMap<_, _> =
@@ -354,6 +360,12 @@ impl<C: Coin, D: Db> KeyGen<C, D> {
let substrate_keys = handle_machine(&mut rng, params, machines.0, &mut shares_ref); let substrate_keys = handle_machine(&mut rng, params, machines.0, &mut shares_ref);
let coin_keys = handle_machine(&mut rng, params, machines.1, &mut shares_ref); let coin_keys = handle_machine(&mut rng, params, machines.1, &mut shares_ref);
for (_, shares) in shares_ref {
if !shares.is_empty() {
todo!("malicious signer: extra bytes");
}
}
let mut coin_keys = ThresholdKeys::new(coin_keys); let mut coin_keys = ThresholdKeys::new(coin_keys);
C::tweak_keys(&mut coin_keys); C::tweak_keys(&mut coin_keys);

18
processor/src/signer.rs
View File

@@ -374,9 +374,14 @@ impl<C: Coin, D: Db> Signer<C, D> {
let preprocesses = match preprocesses let preprocesses = match preprocesses
.drain() .drain()
.map(|(l, preprocess)| { .map(|(l, preprocess)| {
machine let mut preprocess_ref = preprocess.as_ref();
.read_preprocess::<&[u8]>(&mut preprocess.as_ref()) let res = machine
.map(|preprocess| (l, preprocess)) .read_preprocess::<&[u8]>(&mut preprocess_ref)
.map(|preprocess| (l, preprocess));
if !preprocess_ref.is_empty() {
todo!("malicious signer: extra bytes");
}
res
}) })
.collect::<Result<_, _>>() .collect::<Result<_, _>>()
{ {
@@ -424,7 +429,12 @@ impl<C: Coin, D: Db> Signer<C, D> {
let shares = match shares let shares = match shares
.drain() .drain()
.map(|(l, share)| { .map(|(l, share)| {
machine.read_share::<&[u8]>(&mut share.as_ref()).map(|share| (l, share)) let mut share_ref = share.as_ref();
let res = machine.read_share::<&[u8]>(&mut share_ref).map(|share| (l, share));
if !share_ref.is_empty() {
todo!("malicious signer: extra bytes");
}
res
}) })
.collect::<Result<_, _>>() .collect::<Result<_, _>>()
{ {