fix fuzz bug

src/credential/bbs.rs

@@ -235,6 +235,7 @@ impl Presentation {
 }
 
 /// Server-side: verify a presentation against a public key, expected role_id and epoch.
+/// zkryptium may panic on malformed proofs; that is turned into [`Error::InvalidPresentation`].
 pub fn verify_presentation(
     pk: &IssuerPublicKey,
     presentation: &Presentation,
@@ -246,6 +247,21 @@ pub fn verify_presentation(
         return Err(Error::InvalidPresentation);
     }
 
+    match std::panic::catch_unwind(std::panic::AssertUnwindSafe(|| {
+        verify_presentation_inner(pk, presentation, role_id, epoch, nonce)
+    })) {
+        Ok(r) => r,
+        Err(_) => Err(Error::InvalidPresentation),
+    }
+}
+
+fn verify_presentation_inner(
+    pk: &IssuerPublicKey,
+    presentation: &Presentation,
+    role_id: &[u8; 32],
+    epoch: u64,
+    nonce: &[u8],
+) -> Result<()> {
     let proof = PoKSignature::<CS>::from_bytes(&presentation.proof_bytes)
         .map_err(|e| Error::CredentialError(format!("invalid proof: {e}")))?;
 
@@ -258,7 +274,7 @@ pub fn verify_presentation(
             Some(nonce),
             Some(2), // L = number of issuer messages
             Some(&disclosed_msgs),
-            None, // no disclosed committed messages
+            None,
             Some(&[0, 1]),
             None,
         )