Implement current magnitude assumptions

peterdettman · theStack · theStack · commit 173e8d061a8d · 2023-07-22T01:52:06.000+02:00
Remove also the explicit magnitude restriction `a->x.magnitude <= 31` in `secp256k1_gej_eq_x_var` (introduced in commit 07c0e8b), as this is implied by the new limits. Co-authored-by: Sebastian Falbesoner <sebastian.falbesoner@gmail.com>
diff --git a/src/group.h b/src/group.h
@@ -44,6 +44,14 @@ typedef struct {
 
 #define SECP256K1_GE_STORAGE_CONST_GET(t) SECP256K1_FE_STORAGE_CONST_GET(t.x), SECP256K1_FE_STORAGE_CONST_GET(t.y)
 
+/** Maximum allowed magnitudes for group element coordinates
+ *  in affine (x, y) and jacobian (x, y, z) representation. */
+#define SECP256K1_GE_X_MAGNITUDE_MAX  8
+#define SECP256K1_GE_Y_MAGNITUDE_MAX  8
+#define SECP256K1_GEJ_X_MAGNITUDE_MAX 8
+#define SECP256K1_GEJ_Y_MAGNITUDE_MAX 8
+#define SECP256K1_GEJ_Z_MAGNITUDE_MAX 8
+
 /** Set a group element equal to the point with given X and Y coordinates */
 static void secp256k1_ge_set_xy(secp256k1_ge *r, const secp256k1_fe *x, const secp256k1_fe *y);
 
diff --git a/src/group_impl.h b/src/group_impl.h
@@ -77,6 +77,8 @@ static void secp256k1_ge_verify(const secp256k1_ge *a) {
 #ifdef VERIFY
     secp256k1_fe_verify(&a->x);
     secp256k1_fe_verify(&a->y);
+    secp256k1_fe_verify_magnitude(&a->x, SECP256K1_GE_X_MAGNITUDE_MAX);
+    secp256k1_fe_verify_magnitude(&a->y, SECP256K1_GE_Y_MAGNITUDE_MAX);
     VERIFY_CHECK(a->infinity == 0 || a->infinity == 1);
 #endif
     (void)a;
@@ -87,6 +89,9 @@ static void secp256k1_gej_verify(const secp256k1_gej *a) {
     secp256k1_fe_verify(&a->x);
     secp256k1_fe_verify(&a->y);
     secp256k1_fe_verify(&a->z);
+    secp256k1_fe_verify_magnitude(&a->x, SECP256K1_GEJ_X_MAGNITUDE_MAX);
+    secp256k1_fe_verify_magnitude(&a->y, SECP256K1_GEJ_Y_MAGNITUDE_MAX);
+    secp256k1_fe_verify_magnitude(&a->z, SECP256K1_GEJ_Z_MAGNITUDE_MAX);
     VERIFY_CHECK(a->infinity == 0 || a->infinity == 1);
 #endif
     (void)a;
@@ -358,7 +363,6 @@ static int secp256k1_gej_eq_x_var(const secp256k1_fe *x, const secp256k1_gej *a)
     secp256k1_fe_verify(x);
     secp256k1_gej_verify(a);
 #ifdef VERIFY
-    VERIFY_CHECK(a->x.magnitude <= 31);
     VERIFY_CHECK(!a->infinity);
 #endif
 
