Skip to content

Commit c83afa6

Browse files
peterdettmantheStackjonasnick
committed
Tighten group magnitude limits
- adjust test methods that randomize magnitudes Co-authored-by: Sebastian Falbesoner <sebastian.falbesoner@gmail.com> Co-authored-by: Jonas Nick <jonasd.nick@gmail.com>
1 parent 173e8d0 commit c83afa6

File tree

2 files changed

+43
-19
lines changed

2 files changed

+43
-19
lines changed

src/group.h

+5-5
Original file line numberDiff line numberDiff line change
@@ -46,11 +46,11 @@ typedef struct {
4646

4747
/** Maximum allowed magnitudes for group element coordinates
4848
* in affine (x, y) and jacobian (x, y, z) representation. */
49-
#define SECP256K1_GE_X_MAGNITUDE_MAX 8
50-
#define SECP256K1_GE_Y_MAGNITUDE_MAX 8
51-
#define SECP256K1_GEJ_X_MAGNITUDE_MAX 8
52-
#define SECP256K1_GEJ_Y_MAGNITUDE_MAX 8
53-
#define SECP256K1_GEJ_Z_MAGNITUDE_MAX 8
49+
#define SECP256K1_GE_X_MAGNITUDE_MAX 4
50+
#define SECP256K1_GE_Y_MAGNITUDE_MAX 3
51+
#define SECP256K1_GEJ_X_MAGNITUDE_MAX 4
52+
#define SECP256K1_GEJ_Y_MAGNITUDE_MAX 4
53+
#define SECP256K1_GEJ_Z_MAGNITUDE_MAX 1
5454

5555
/** Set a group element equal to the point with given X and Y coordinates */
5656
static void secp256k1_ge_set_xy(secp256k1_ge *r, const secp256k1_fe *x, const secp256k1_fe *y);

src/tests.c

+38-14
Original file line numberDiff line numberDiff line change
@@ -89,9 +89,9 @@ static void uncounting_illegal_callback_fn(const char* str, void* data) {
8989
(*p)--;
9090
}
9191

92-
static void random_field_element_magnitude(secp256k1_fe *fe) {
92+
static void random_field_element_magnitude(secp256k1_fe *fe, int m) {
9393
secp256k1_fe zero;
94-
int n = secp256k1_testrand_int(9);
94+
int n = secp256k1_testrand_int(m + 1);
9595
secp256k1_fe_normalize(fe);
9696
if (n == 0) {
9797
return;
@@ -121,6 +121,30 @@ static void random_fe_non_zero_test(secp256k1_fe *fe) {
121121
} while(secp256k1_fe_is_zero(fe));
122122
}
123123

124+
static void random_fe_magnitude(secp256k1_fe *fe) {
125+
random_field_element_magnitude(fe, 8);
126+
}
127+
128+
static void random_ge_x_magnitude(secp256k1_ge *ge) {
129+
random_field_element_magnitude(&ge->x, SECP256K1_GE_X_MAGNITUDE_MAX);
130+
}
131+
132+
static void random_ge_y_magnitude(secp256k1_ge *ge) {
133+
random_field_element_magnitude(&ge->y, SECP256K1_GE_Y_MAGNITUDE_MAX);
134+
}
135+
136+
static void random_gej_x_magnitude(secp256k1_gej *gej) {
137+
random_field_element_magnitude(&gej->x, SECP256K1_GEJ_X_MAGNITUDE_MAX);
138+
}
139+
140+
static void random_gej_y_magnitude(secp256k1_gej *gej) {
141+
random_field_element_magnitude(&gej->y, SECP256K1_GEJ_Y_MAGNITUDE_MAX);
142+
}
143+
144+
static void random_gej_z_magnitude(secp256k1_gej *gej) {
145+
random_field_element_magnitude(&gej->z, SECP256K1_GEJ_Z_MAGNITUDE_MAX);
146+
}
147+
124148
static void random_group_element_test(secp256k1_ge *ge) {
125149
secp256k1_fe fe;
126150
do {
@@ -3279,13 +3303,13 @@ static void run_fe_mul(void) {
32793303
for (i = 0; i < 100 * COUNT; ++i) {
32803304
secp256k1_fe a, b, c, d;
32813305
random_fe(&a);
3282-
random_field_element_magnitude(&a);
3306+
random_fe_magnitude(&a);
32833307
random_fe(&b);
3284-
random_field_element_magnitude(&b);
3308+
random_fe_magnitude(&b);
32853309
random_fe_test(&c);
3286-
random_field_element_magnitude(&c);
3310+
random_fe_magnitude(&c);
32873311
random_fe_test(&d);
3288-
random_field_element_magnitude(&d);
3312+
random_fe_magnitude(&d);
32893313
test_fe_mul(&a, &a, 1);
32903314
test_fe_mul(&c, &c, 1);
32913315
test_fe_mul(&a, &b, 0);
@@ -3759,17 +3783,17 @@ static void test_ge(void) {
37593783
secp256k1_gej_set_ge(&gej[3 + 4 * i], &ge[3 + 4 * i]);
37603784
random_group_element_jacobian_test(&gej[4 + 4 * i], &ge[4 + 4 * i]);
37613785
for (j = 0; j < 4; j++) {
3762-
random_field_element_magnitude(&ge[1 + j + 4 * i].x);
3763-
random_field_element_magnitude(&ge[1 + j + 4 * i].y);
3764-
random_field_element_magnitude(&gej[1 + j + 4 * i].x);
3765-
random_field_element_magnitude(&gej[1 + j + 4 * i].y);
3766-
random_field_element_magnitude(&gej[1 + j + 4 * i].z);
3786+
random_ge_x_magnitude(&ge[1 + j + 4 * i]);
3787+
random_ge_y_magnitude(&ge[1 + j + 4 * i]);
3788+
random_gej_x_magnitude(&gej[1 + j + 4 * i]);
3789+
random_gej_y_magnitude(&gej[1 + j + 4 * i]);
3790+
random_gej_z_magnitude(&gej[1 + j + 4 * i]);
37673791
}
37683792
}
37693793

37703794
/* Generate random zf, and zfi2 = 1/zf^2, zfi3 = 1/zf^3 */
37713795
random_fe_non_zero_test(&zf);
3772-
random_field_element_magnitude(&zf);
3796+
random_fe_magnitude(&zf);
37733797
secp256k1_fe_inv_var(&zfi3, &zf);
37743798
secp256k1_fe_sqr(&zfi2, &zfi3);
37753799
secp256k1_fe_mul(&zfi3, &zfi3, &zfi2);
@@ -3805,8 +3829,8 @@ static void test_ge(void) {
38053829
secp256k1_ge ge2_zfi = ge[i2]; /* the second term with x and y rescaled for z = 1/zf */
38063830
secp256k1_fe_mul(&ge2_zfi.x, &ge2_zfi.x, &zfi2);
38073831
secp256k1_fe_mul(&ge2_zfi.y, &ge2_zfi.y, &zfi3);
3808-
random_field_element_magnitude(&ge2_zfi.x);
3809-
random_field_element_magnitude(&ge2_zfi.y);
3832+
random_ge_x_magnitude(&ge2_zfi);
3833+
random_ge_y_magnitude(&ge2_zfi);
38103834
secp256k1_gej_add_zinv_var(&resj, &gej[i1], &ge2_zfi, &zf);
38113835
ge_equals_gej(&ref, &resj);
38123836
}

0 commit comments

Comments
 (0)