Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bellman: add VerificationError #254

Merged
merged 4 commits into from
Aug 5, 2020
Merged

bellman: add VerificationError #254

merged 4 commits into from
Aug 5, 2020

Conversation

hdevalence
Copy link
Contributor

This adds a distinct VerificationError type to the crate and changes
verify_proof to return Result<(), VerificationError> rather than
Result<bool, SynthesisError>. This is significantly safer, because it avoids
the need to mix pattern-matching logic with boolean logic (the cause of
RUSTSEC-2019-0004).

@hdevalence
bellman: add VerificationError
1bc2bac 
This adds a distinct VerificationError type to the crate and changes
`verify_proof` to return `Result<(), VerificationError>` rather than
`Result<bool, SynthesisError>`.  This is significantly safer, because it avoids
the need to mix pattern-matching logic with boolean logic (the cause of
RUSTSEC-2019-0004).
@codecov
Copy link

codecov bot commented Jul 16, 2020
edited
Loading

Codecov Report

Merging #254 into master will decrease coverage by 0.32%.
The diff coverage is 0.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #254      +/-   ##
==========================================
- Coverage   33.94%   33.61%   -0.33%     
==========================================
  Files          97       97              
  Lines       11462    11461       -1     
==========================================
- Hits         3891     3853      -38     
- Misses       7571     7608      +37
Impacted Files Coverage Δ
bellman/src/groth16/mod.rs 0.00% <ø> (ø)
bellman/src/groth16/tests/mod.rs 0.00% <ø> (ø)
bellman/src/lib.rs 31.52% <0.00%> (-1.82%) ⬇️
bellman/tests/mimc.rs 0.00% <ø> (ø)
zcash_proofs/src/sapling/prover.rs 0.00% <0.00%> (ø)
zcash_proofs/src/sapling/verifier.rs 0.00% <0.00%> (ø)
zcash_primitives/src/util.rs 83.33% <0.00%> (-16.67%) ⬇️
zcash_primitives/src/note_encryption.rs 78.14% <0.00%> (-8.33%) ⬇️
zcash_primitives/src/keys.rs 59.77% <0.00%> (-5.75%) ⬇️
zcash_primitives/src/sapling.rs 83.87% <0.00%> (-3.23%) ⬇️
... and 33 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f55f094...9373eec. Read the comment docs.

@hdevalence hdevalence mentioned this pull request Jul 17, 2020
Closed
hdevalence
hdevalence commented Jul 17, 2020
View reviewed changes
nuttycom
nuttycom approved these changes Jul 22, 2020
View reviewed changes
Copy link
Contributor

@nuttycom nuttycom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good; just some very minor nonblocking suggestions.

zcash_proofs/src/sapling/prover.rs
return Err(());
}
}
verify_proof(verifying_key, &proof, &public_input[..]).map_err(|_| ())?;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It'd be nice if the whole spend_proof function returned a meaningful error type rather than just throwing away all the information it could be providing to the caller. Just a note for future work.

str4d
str4d requested changes Jul 23, 2020
View reviewed changes
Copy link
Contributor

@str4d str4d left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CI is failing due to bellman doctests that need to be updated.

@hdevalence
Copy link
Contributor Author

@str4d Fixed the doctests in a fixup commit so it's nicely squashable.

@hdevalence hdevalence mentioned this pull request Aug 5, 2020
Merged
@str4d str4d merged commit 139fc09 into zcash:master Aug 5, 2020
daira
daira reviewed Aug 5, 2020
View reviewed changes
bellman/src/groth16/verifier.rs
if (public_inputs.len() + 1) != pvk.ic.len() {
return Err(SynthesisError::MalformedVerifyingKey);
return Err(VerificationError::InvalidVerifyingKey);
Copy link
Contributor

@daira daira Aug 5, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will in practice cause InvalidVerifyingKey to be treated identically to an invalid proof by the calling code, when actually it indicates an error in how that code is using the API (e.g. using the wrong key for the given input). This seems like a (minor) regression, although I can't see how it could cause a security failure in tested code.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know it doesn't affect callers in zcashd who were already collapsing those two cases.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is only true in practice if the calling code discards error information and propagates boolean values. I think the zcash_proofs does this. Otherwise the error is propagated upward until it is handled (by matching on the error type) or reported (which report will include the information indicating a programming error). So I don't think there is any conflation here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@daira daira daira left review comments

@nuttycom nuttycom nuttycom approved these changes

@str4d str4d str4d approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@hdevalence @nuttycom @daira @str4d