return error when validating an empty batch (#487)

* return error when validating an empty batch * reuse n
2023-09-02 02:13:51 -03:00 · 2023-09-02 02:13:51 -03:00 · fcd0e31e6b
parent ab4af9bff4
commit fcd0e31e6b
7 changed files with 49 additions and 3 deletions
--- a/frost-core/src/batch.rs
+++ b/frost-core/src/batch.rs
@ -75,7 +75,7 @@ where
    }

    /// Performs batch verification, returning `Ok(())` if all signatures were
-    /// valid and `Err` otherwise.
+    /// valid and `Err` otherwise, or if the batch is empty.
    ///
    /// The batch verification equation is:
    ///
@ -106,10 +106,14 @@ where
    pub fn verify<R: RngCore + CryptoRng>(self, mut rng: R) -> Result<(), Error<C>> {
        let n = self.signatures.len();

+        if n == 0 {
+            return Err(Error::InvalidSignature);
+        }
+
        let mut VK_coeffs = Vec::with_capacity(n);
        let mut VKs = Vec::with_capacity(n);
-        let mut R_coeffs = Vec::with_capacity(self.signatures.len());
-        let mut Rs = Vec::with_capacity(self.signatures.len());
+        let mut R_coeffs = Vec::with_capacity(n);
+        let mut Rs = Vec::with_capacity(n);
        let mut P_coeff_acc = <<C::Group as Group>::Field>::zero();

        for item in self.signatures.iter() {
--- a/frost-core/src/tests/batch.rs
+++ b/frost-core/src/tests/batch.rs
@ -54,3 +54,10 @@ pub fn bad_batch_verify<C: Ciphersuite, R: RngCore + CryptoRng>(mut rng: R) {
        }
    }
 }
+
+/// Test if the empty batch fails to validate.
+/// Test case from NCC audit.
+pub fn empty_batch_verify<C: Ciphersuite, R: RngCore + CryptoRng>(rng: R) {
+    let batch = batch::Verifier::<C>::new();
+    assert!(batch.verify(rng).is_err());
+}
--- a/frost-ed25519/src/tests/batch.rs
+++ b/frost-ed25519/src/tests/batch.rs
@ -15,3 +15,10 @@ fn check_bad_batch_verify() {

    frost_core::tests::batch::bad_batch_verify::<Ed25519Sha512, _>(rng);
 }
+
+#[test]
+fn empty_batch_verify() {
+    let rng = thread_rng();
+
+    frost_core::tests::batch::empty_batch_verify::<Ed25519Sha512, _>(rng);
+}
--- a/frost-ed448/src/tests/batch.rs
+++ b/frost-ed448/src/tests/batch.rs
@ -15,3 +15,10 @@ fn check_bad_batch_verify() {

    frost_core::tests::batch::bad_batch_verify::<Ed448Shake256, _>(rng);
 }
+
+#[test]
+fn empty_batch_verify() {
+    let rng = thread_rng();
+
+    frost_core::tests::batch::empty_batch_verify::<Ed448Shake256, _>(rng);
+}
--- a/frost-p256/src/tests/batch.rs
+++ b/frost-p256/src/tests/batch.rs
@ -15,3 +15,10 @@ fn check_bad_batch_verify() {

    frost_core::tests::batch::bad_batch_verify::<P256Sha256, _>(rng);
 }
+
+#[test]
+fn empty_batch_verify() {
+    let rng = thread_rng();
+
+    frost_core::tests::batch::empty_batch_verify::<P256Sha256, _>(rng);
+}
--- a/frost-ristretto255/src/tests/batch.rs
+++ b/frost-ristretto255/src/tests/batch.rs
@ -15,3 +15,10 @@ fn check_bad_batch_verify() {

    frost_core::tests::batch::bad_batch_verify::<Ristretto255Sha512, _>(rng);
 }
+
+#[test]
+fn empty_batch_verify() {
+    let rng = thread_rng();
+
+    frost_core::tests::batch::empty_batch_verify::<Ristretto255Sha512, _>(rng);
+}
--- a/frost-secp256k1/src/tests/batch.rs
+++ b/frost-secp256k1/src/tests/batch.rs
@ -15,3 +15,10 @@ fn check_bad_batch_verify() {

    frost_core::tests::batch::bad_batch_verify::<Secp256K1Sha256, _>(rng);
 }
+
+#[test]
+fn empty_batch_verify() {
+    let rng = thread_rng();
+
+    frost_core::tests::batch::empty_batch_verify::<Secp256K1Sha256, _>(rng);
+}