From 547dd87d0478417099455546dcb51d728e543276 Mon Sep 17 00:00:00 2001
From: Tom Thorogood <me+github@tomthorogood.co.uk>
Date: Mon, 6 Mar 2023 18:38:38 +1030
Subject: [PATCH] tkn20: prevent panics on key gen errors

Both SystemSecretKey.KeyGen and Setup try to dereference the return
values from abe/cpabe/tkn20/internal/tkn without checking for an error.
On error, these values are nil and the functions panic.

This is easy to reproduce by passing an io.Reader that returns an error.
---
 abe/cpabe/tkn20/tkn20.go | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/abe/cpabe/tkn20/tkn20.go b/abe/cpabe/tkn20/tkn20.go
index 67c78260..56d4e201 100644
--- a/abe/cpabe/tkn20/tkn20.go
+++ b/abe/cpabe/tkn20/tkn20.go
@@ -62,7 +62,10 @@ func (msk *SystemSecretKey) KeyGen(rand io.Reader, attrs Attributes) (AttributeK
 		rand = cryptoRand.Reader
 	}
 	sk, err := tkn.DeriveAttributeKeysCCA(rand, &msk.sp, &attrs.attrs)
-	return AttributeKey{*sk}, err
+	if err != nil {
+		return AttributeKey{}, err
+	}
+	return AttributeKey{*sk}, nil
 }
 
 type AttributeKey struct {
@@ -150,5 +153,8 @@ func Setup(rand io.Reader) (PublicKey, SystemSecretKey, error) {
 		rand = cryptoRand.Reader
 	}
 	pp, sp, err := tkn.GenerateParams(rand)
-	return PublicKey{*pp}, SystemSecretKey{*sp}, err
+	if err != nil {
+		return PublicKey{}, SystemSecretKey{}, err
+	}
+	return PublicKey{*pp}, SystemSecretKey{*sp}, nil
 }