Invalid Serialization Test

2021-02-08 08:30:16 -08:00 · 2021-02-08 08:30:16 -08:00 · 570a48f9c2
parent 49134d643d
commit 570a48f9c2
3 changed files with 22 additions and 2 deletions
--- a/Cargo.toml
+++ b/Cargo.toml
@ -31,3 +31,5 @@ harness = false
 [features]
 entangled = ["brute-force"]

+
+
--- a/README.md
+++ b/README.md
@ -172,4 +172,5 @@ For more guidance on integrating fuzzytags into a privacy preserving application

 - Based on [Fuzzy Message Detection](https://eprint.iacr.org/2021/089) by Gabrielle Beck and Julia Len and Ian Miers and Matthew Green
 - Performance & API improvements contributed by Henry de Valence
- Universal Tag Bug found by [Lee Bousfield](https://github.com/PlasmaPower/)
+- Universal Tag Bug found by [Lee Bousfield](https://github.com/PlasmaPower/)
+- Thanks to Henry de Valence, George Tankersly, Lee Bousfield and others for helpful discussions.
--- a/src/lib.rs
+++ b/src/lib.rs
@ -342,7 +342,7 @@ impl<const GAMMA: u8> DetectionKey<{ GAMMA }> {
                Some(true) => 0x01,
                Some(false) => 0x00,
                _ => 0x00,
-                // we've run our of ciphertext, it doesn't really matter what we put here, the rest of the test will fail
+                // we've run out of ciphertext, it doesn't really matter what we put here, the rest of the test will fail
                // since the security of k_i is modelled as a random oracle, (k_i ^ 0) should also be random
            };

@ -512,6 +512,7 @@ mod tests {
        let tag = secret.tagging_key().generate_tag();
        let detection_key = secret.extract_detection_key(10);
        let serialized_tag = serde_json::to_string(&tag).unwrap();
+        println!("{}", serialized_tag);
        let deserialized_tag: Tag<15> = serde_json::from_str(&serialized_tag).unwrap();
        assert_eq!(tag.compress(), deserialized_tag.compress());
        assert_eq!(true, detection_key.test_tag(&deserialized_tag));
@ -534,6 +535,22 @@ mod tests {
        assert_eq!(true, detection_key.test_tag(&deserialized_tag));
    }

+    #[test]
+    fn test_invalid_serializations() {
+        let deserialized_tag: Option<Tag<24>> = serde_json::from_str("[0,1,2]").unwrap_or(None);
+        assert_eq!(deserialized_tag, None);
+
+        // too short (ciphertext)
+        let deserialized_tag: Result<Tag<15>, serde_json::Error> = serde_json::from_str("[140,198,182,161,124,132,111,222,62,235,59,249,152,203,170,89,150,27,251,252,41,159,134,34,112,61,117,249,35,126,29,1,100,157,229,106,42,68,167,89,109,137,234,37,124,139,59,116,221,74,24,229,97,154,7,34,236,248,90,130,150,116,182,11]
+");
+        assert_eq!(deserialized_tag.is_ok(), false);
+
+        // much too short
+        let deserialized_tag: Option<Tag<15>> = serde_json::from_str("[140,198,182,161,124,132,111,222,62,235,59,249,152,203,170,89,150,27,251,252,41,159,134,34,112,61,117,249,35,126,29,1,100,157,229,106,42,68,167,89,109,137,234,37,124,139,59,116,221,74,24,229,97,154,7,34,236]
+").unwrap_or(None);
+        assert_eq!(deserialized_tag, None);
+    }
+
    #[test]
    #[cfg(feature = "entangled")]
    fn test_multiple() {