diff --git a/src/voting-tools-rs/src/data/mod.rs b/src/voting-tools-rs/src/data/mod.rs index 0dd1555bdc..8115187bfa 100644 --- a/src/voting-tools-rs/src/data/mod.rs +++ b/src/voting-tools-rs/src/data/mod.rs @@ -225,6 +225,7 @@ impl RawRegistration { &self, cddl_config: &CddlConfig, network_id: NetworkId, + slot_no: SlotNo, ) -> Result> { // validate cddl: 61284 validate_reg_cddl(&self.bin_reg, cddl_config)?; @@ -232,7 +233,7 @@ impl RawRegistration { // validate cddl: 61285 validate_sig_cddl(&self.bin_sig, cddl_config)?; - let registration = self.raw_reg_conversion(network_id)?; + let registration = self.raw_reg_conversion(network_id, slot_no)?; let signature = self.raw_sig_conversion()?; @@ -245,7 +246,11 @@ impl RawRegistration { }) } - fn raw_reg_conversion(&self, network_id: NetworkId) -> Result> { + fn raw_reg_conversion( + &self, + network_id: NetworkId, + slot_no: SlotNo, + ) -> Result> { let decoded: ciborium::value::Value = ciborium::de::from_reader(Cursor::new(&self.bin_reg))?; @@ -283,7 +288,14 @@ impl RawRegistration { // A nonce that identifies that most recent delegation let nonce = match inspect_nonce(metamap) { - Ok(value) => value, + Ok(value) => { + if value.0 < slot_no.0 { + // Don't allow nonce > slot number + value + } else { + Nonce(slot_no.0) + } + } Err(value) => return value, }; diff --git a/src/voting-tools-rs/src/verification/verify.rs b/src/voting-tools-rs/src/verification/verify.rs index 3f88a894b7..d2cfa8feb9 100644 --- a/src/voting-tools-rs/src/verification/verify.rs +++ b/src/voting-tools-rs/src/verification/verify.rs @@ -100,7 +100,7 @@ pub fn filter_registrations( }; // deserialize the raw Binary CBOR. - let reg = match rawreg.to_signed(&cddl, network_id) { + let reg = match rawreg.to_signed(&cddl, network_id, SlotNo(slot as u64)) { Err(err) => { invalids.push(InvalidRegistration { spec_61284: Some(prefix_hex(&rawreg.bin_reg)),