zkas: Enforce MAX_K and MAX_NS_LEN.

src/zkas/constants.rs

@@ -0,0 +1,23 @@
+/* This file is part of DarkFi (https://dark.fi)
+ *
+ * Copyright (C) 2020-2023 Dyne.org foundation
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+/// Maximum allowed k param (circuit rows = 2^k)
+pub const MAX_K: u32 = 16;
+
+/// Maximum allowed namespace length in bytes
+pub const MAX_NS_LEN: usize = 32;

src/zkas/decoder.rs

@@ -18,7 +18,12 @@
 
 use darkfi_serial::{deserialize_partial, VarInt};
 
-use super::{compiler::MAGIC_BYTES, types::HeapType, LitType, Opcode, VarType};
+use super::{
+    compiler::MAGIC_BYTES,
+    constants::{MAX_K, MAX_NS_LEN},
+    types::HeapType,
+    LitType, Opcode, VarType,
+};
 use crate::{Error::ZkasDecoderError as ZkasErr, Result};
 
 /// A ZkBinary decoded from compiled zkas code.
@@ -50,11 +55,16 @@ impl ZkBinary {
         // Deserialize the k param
         let (k, _): (u32, _) = deserialize_partial(&bytes[5..9])?;
 
+        // For now, we'll limit k.
+        if k > MAX_K {
+            return Err(ZkasErr("k param is too high, max allowed is 16".to_string()))
+        }
+
         // After the binary version and k, we're supposed to have the witness namespace
         let (namespace, _): (String, _) = deserialize_partial(&bytes[9..])?;
 
         // Enforce a limit on the namespace string length
-        if namespace.len() > 32 {
+        if namespace.as_bytes().len() > MAX_NS_LEN {
             return Err(ZkasErr("Namespace too long".to_string()))
         }
 

src/zkas/mod.rs

@@ -23,6 +23,9 @@
 /// Error emitter
 mod error;
 
+/// Constants
+pub mod constants;
+
 /// Language opcodes
 pub mod opcode;
 pub use opcode::Opcode;

src/zkas/parser.rs

@@ -22,6 +22,7 @@ use itertools::Itertools;
 
 use super::{
     ast::{Arg, Constant, Literal, Statement, StatementType, Variable, Witness},
+    constants::{MAX_K, MAX_NS_LEN},
     error::ErrorEmitter,
     lexer::{Token, TokenType},
     LitType, Opcode, VarType,
@@ -152,6 +153,9 @@ impl Parser {
         }
 
         let declared_k = number.token.parse().unwrap();
+        if declared_k > MAX_K {
+            self.error.abort(&format!("k param is too high, max allowed is {}", MAX_K), 0, 0);
+        }
 
         while let Some(t) = iter.next() {
             // Sections "constant", "witness", and "circuit" are
@@ -229,7 +233,15 @@ impl Parser {
                                 $t[0].column,
                             );
                         }
+
                         namespace = Some($t[0].token.clone());
+                        if namespace.as_ref().unwrap().as_bytes().len() > MAX_NS_LEN {
+                            self.error.abort(
+                                &format!("Namespace too long, max {} bytes", MAX_NS_LEN),
+                                $t[0].line,
+                                $t[0].column,
+                            );
+                        }
                     }
                 };
             }