From 2cc4438ca1971186821c35db7e8bfcc3934cae60 Mon Sep 17 00:00:00 2001 From: Fritz Schmid Date: Sun, 28 Jan 2024 22:57:43 +0100 Subject: [PATCH] Fixed some Insecure Rngs. --- src/core.rs | 59 ++++++++++++++++++++++++++++++++++++++++++++------- src/proofs.rs | 9 +++----- 2 files changed, 54 insertions(+), 14 deletions(-) diff --git a/src/core.rs b/src/core.rs index 138d424..50b2ebc 100644 --- a/src/core.rs +++ b/src/core.rs @@ -348,12 +348,7 @@ fn test_core(){ //test_core_k(32,8); } -#[test] -fn t1est_core_test() -{ - rayon::ThreadPoolBuilder::new().num_threads(1).build_global().unwrap(); - test_core_t(10,10); -} + @@ -434,6 +429,13 @@ fn test_speed_operations() { println!(" {:.2?} gt exp ",start.elapsed()/1000); } +#[test] +fn t1est_core_test() +{ + rayon::ThreadPoolBuilder::new().num_threads(1).build_global().unwrap(); + test_core_t(10,10); +} + fn test_core_t(n:i64,t:i64){ let msg = (0..64).map(|x|(x) as u8).collect::>(); let generator = pairing(&G1Affine::generator(),&G2Affine::generator()); @@ -475,10 +477,51 @@ fn test_core_t(n:i64,t:i64){ }).collect::>(); let start = Instant::now(); - let res = phe_dec_finish_t(&res,&pps,&responses,&ss,n); + let resdec = phe_dec_finish_t(&res,&pps,&responses,&ss,n); println!("{:.2?} phe_dec_finish_t",start.elapsed()); - assert_eq!(res.unwrap(),msg); + assert_eq!(resdec.unwrap(),msg); + + // test invalid password + let (ss,request) = phe_init(&"test".to_string(),&"test2".to_string(),&pk); + let responses = (0..t as usize).into_par_iter().map(|i|{ + let response = phe_ratelimiter(&rlkeys[i],&request,&pps[i],&pvk).unwrap(); + response + }).collect::>(); + + let err_res = phe_dec_finish_t(&res,&pps,&responses,&ss,n); + assert!(err_res.is_err()); + + // test corrupted ciphertext + let mut res2 = res.clone(); + res2.c1[0] = res2.c1[0] ^ 1; + let err_res = phe_dec_finish_t(&res2,&pps,&responses,&ss,n); + assert!(err_res.is_err()); + + // test changed real key + let real_key2 = utils::random_scalar(); + let rlkeys2 = shamir::gen_shares_scalar(real_key2,n,t); + let pps2 = rlkeys2.iter().map(|x|PublicParameters{ + gt_gen: generator, + ratelimiter_public_key: generator*x + }).collect::>(); + + let pp_keys2 = pps2.iter().map(|x|{x.ratelimiter_public_key}).collect::>(); + + let pp_key2 = shamir::recover_shares(&pp_keys2, n as i64); + + assert_eq!(pp_key2,generator*real_key2,"Public keys do not match"); + + let (ss,request) = phe_init(&"test".to_string(),&"test".to_string(),&pk); + let responses = (0..t as usize).into_par_iter().map(|i|{ + let response = phe_ratelimiter(&rlkeys2[i],&request,&pps2[i],&pvk).unwrap(); + response + }).collect::>(); + + let err_res = phe_dec_finish_t(&res,&pps2,&responses,&ss,n); + assert!(err_res.is_err()); + + } diff --git a/src/proofs.rs b/src/proofs.rs index a51e287..689472a 100644 --- a/src/proofs.rs +++ b/src/proofs.rs @@ -195,6 +195,7 @@ pub fn generate_hash_proof( random: &Scalar, pk: &ProvingKey, ) -> (Scalar, Vec) { + let mut rng = OsRng::default(); // hash the password and nonce to Fr let n_fr = Fr::from_le_bytes_mod_order(&nonce.to_bytes()); //use sha256 @@ -228,7 +229,7 @@ pub fn generate_hash_proof( nonce_point: Some(n_fr), random_r: Some(random_fr), }; - let proof = Groth16::::prove(&pk, proof, &mut ark_std::test_rng()).unwrap(); + let proof = Groth16::::prove(&pk, proof, &mut rng).unwrap(); let mut proof_serialized = Vec::::new(); proof.serialize(&mut proof_serialized).unwrap(); @@ -322,11 +323,7 @@ fn test_type_conversion() { #[test] fn test_groth16() { - rayon::ThreadPoolBuilder::new() - .num_threads(1) - .build_global() - .unwrap(); - let mut rng = &mut ark_std::test_rng(); + let mut rng = &mut OsRng::default(); let mimc = MiMC::::new( 1, Fr::zero(),