Skip to content

Commit 4da6868

Browse files
peterdettmantheStack
peterdettman
authored and
theStack
committed
Tighten group magnitude limits
- adjust test methods that randomize magnitudes
1 parent 00c5442 commit 4da6868

File tree

2 files changed

+43
-19
lines changed

2 files changed

+43
-19
lines changed

src/group_impl.h

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -77,8 +77,8 @@ static void secp256k1_ge_verify(const secp256k1_ge *a) {
7777
#ifdef VERIFY
7878
secp256k1_fe_verify(&a->x);
7979
secp256k1_fe_verify(&a->y);
80-
secp256k1_fe_verify_magnitude(&a->x, 8);
81-
secp256k1_fe_verify_magnitude(&a->y, 8);
80+
secp256k1_fe_verify_magnitude(&a->x, 6);
81+
secp256k1_fe_verify_magnitude(&a->y, 4);
8282
VERIFY_CHECK(a->infinity == 0 || a->infinity == 1);
8383
#endif
8484
(void)a;
@@ -89,9 +89,9 @@ static void secp256k1_gej_verify(const secp256k1_gej *a) {
8989
secp256k1_fe_verify(&a->x);
9090
secp256k1_fe_verify(&a->y);
9191
secp256k1_fe_verify(&a->z);
92-
secp256k1_fe_verify_magnitude(&a->x, 8);
93-
secp256k1_fe_verify_magnitude(&a->y, 8);
94-
secp256k1_fe_verify_magnitude(&a->z, 8);
92+
secp256k1_fe_verify_magnitude(&a->x, 6);
93+
secp256k1_fe_verify_magnitude(&a->y, 4);
94+
secp256k1_fe_verify_magnitude(&a->z, 2);
9595
VERIFY_CHECK(a->infinity == 0 || a->infinity == 1);
9696
#endif
9797
(void)a;

src/tests.c

Lines changed: 38 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -89,9 +89,9 @@ static void uncounting_illegal_callback_fn(const char* str, void* data) {
8989
(*p)--;
9090
}
9191

92-
static void random_field_element_magnitude(secp256k1_fe *fe) {
92+
static void random_field_element_magnitude(secp256k1_fe *fe, int m) {
9393
secp256k1_fe zero;
94-
int n = secp256k1_testrand_int(9);
94+
int n = secp256k1_testrand_int(m + 1);
9595
secp256k1_fe_normalize(fe);
9696
if (n == 0) {
9797
return;
@@ -121,6 +121,30 @@ static void random_fe_non_zero_test(secp256k1_fe *fe) {
121121
} while(secp256k1_fe_is_zero(fe));
122122
}
123123

124+
static void random_fe_magnitude(secp256k1_fe *fe) {
125+
random_field_element_magnitude(fe, 8);
126+
}
127+
128+
static void random_ge_x_magnitude(secp256k1_ge *ge) {
129+
random_field_element_magnitude(&ge->x, 6);
130+
}
131+
132+
static void random_ge_y_magnitude(secp256k1_ge *ge) {
133+
random_field_element_magnitude(&ge->y, 4);
134+
}
135+
136+
static void random_gej_x_magnitude(secp256k1_gej *gej) {
137+
random_field_element_magnitude(&gej->x, 6);
138+
}
139+
140+
static void random_gej_y_magnitude(secp256k1_gej *gej) {
141+
random_field_element_magnitude(&gej->y, 4);
142+
}
143+
144+
static void random_gej_z_magnitude(secp256k1_gej *gej) {
145+
random_field_element_magnitude(&gej->z, 2);
146+
}
147+
124148
static void random_group_element_test(secp256k1_ge *ge) {
125149
secp256k1_fe fe;
126150
do {
@@ -3322,13 +3346,13 @@ static void run_fe_mul(void) {
33223346
for (i = 0; i < 100 * COUNT; ++i) {
33233347
secp256k1_fe a, b, c, d;
33243348
random_fe(&a);
3325-
random_field_element_magnitude(&a);
3349+
random_fe_magnitude(&a);
33263350
random_fe(&b);
3327-
random_field_element_magnitude(&b);
3351+
random_fe_magnitude(&b);
33283352
random_fe_test(&c);
3329-
random_field_element_magnitude(&c);
3353+
random_fe_magnitude(&c);
33303354
random_fe_test(&d);
3331-
random_field_element_magnitude(&d);
3355+
random_fe_magnitude(&d);
33323356
test_fe_mul(&a, &a, 1);
33333357
test_fe_mul(&c, &c, 1);
33343358
test_fe_mul(&a, &b, 0);
@@ -3802,17 +3826,17 @@ static void test_ge(void) {
38023826
secp256k1_gej_set_ge(&gej[3 + 4 * i], &ge[3 + 4 * i]);
38033827
random_group_element_jacobian_test(&gej[4 + 4 * i], &ge[4 + 4 * i]);
38043828
for (j = 0; j < 4; j++) {
3805-
random_field_element_magnitude(&ge[1 + j + 4 * i].x);
3806-
random_field_element_magnitude(&ge[1 + j + 4 * i].y);
3807-
random_field_element_magnitude(&gej[1 + j + 4 * i].x);
3808-
random_field_element_magnitude(&gej[1 + j + 4 * i].y);
3809-
random_field_element_magnitude(&gej[1 + j + 4 * i].z);
3829+
random_ge_x_magnitude(&ge[1 + j + 4 * i]);
3830+
random_ge_y_magnitude(&ge[1 + j + 4 * i]);
3831+
random_gej_x_magnitude(&gej[1 + j + 4 * i]);
3832+
random_gej_y_magnitude(&gej[1 + j + 4 * i]);
3833+
random_gej_z_magnitude(&gej[1 + j + 4 * i]);
38103834
}
38113835
}
38123836

38133837
/* Generate random zf, and zfi2 = 1/zf^2, zfi3 = 1/zf^3 */
38143838
random_fe_non_zero_test(&zf);
3815-
random_field_element_magnitude(&zf);
3839+
random_fe_magnitude(&zf);
38163840
secp256k1_fe_inv_var(&zfi3, &zf);
38173841
secp256k1_fe_sqr(&zfi2, &zfi3);
38183842
secp256k1_fe_mul(&zfi3, &zfi3, &zfi2);
@@ -3848,8 +3872,8 @@ static void test_ge(void) {
38483872
secp256k1_ge ge2_zfi = ge[i2]; /* the second term with x and y rescaled for z = 1/zf */
38493873
secp256k1_fe_mul(&ge2_zfi.x, &ge2_zfi.x, &zfi2);
38503874
secp256k1_fe_mul(&ge2_zfi.y, &ge2_zfi.y, &zfi3);
3851-
random_field_element_magnitude(&ge2_zfi.x);
3852-
random_field_element_magnitude(&ge2_zfi.y);
3875+
random_ge_x_magnitude(&ge2_zfi);
3876+
random_ge_y_magnitude(&ge2_zfi);
38533877
secp256k1_gej_add_zinv_var(&resj, &gej[i1], &ge2_zfi, &zf);
38543878
ge_equals_gej(&ref, &resj);
38553879
}

0 commit comments

Comments
 (0)