Skip to content

Commit 6f22ae0

Browse files
dfaranhadfaranha
committed
Add error handling to EP hash function.
1 parent eef556a commit 6f22ae0

File tree

3 files changed

+40
-13
lines changed

3 files changed

+40
-13
lines changed

include/relic_ep.h

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1286,6 +1286,13 @@ void ep_map_sswum(ep_t p, const uint8_t *msg, size_t len);
12861286
*/
12871287
void ep_map_swift(ep_t p, const uint8_t *msg, size_t len);
12881288

1289+
/**
1290+
* Returns number of bytes required as input for secure hashing.
1291+
*
1292+
@return the number of uniform bytes required for hashing.
1293+
*/
1294+
size_t ep_map_rnd_size(void);
1295+
12891296
/**
12901297
* Maps a random byte array to a point in a prime elliptic curve.
12911298
*

src/ep/relic_ep_map.c

Lines changed: 22 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -490,7 +490,7 @@ void ep_map_sswum(ep_t p, const uint8_t *msg, size_t len) {
490490
void (*const map_fn)(ep_t, const fp_t) =
491491
(ep_curve_is_ctmap() || abNeq0 ? ep_map_sswu : ep_map_svdw);
492492

493-
ep_map_sswum_impl(p, r, len, map_fn);
493+
ep_map_sswum_impl(p, r, 2 * elm, map_fn);
494494
}
495495
RLC_CATCH_ANY {
496496
RLC_THROW(ERR_CAUGHT);
@@ -538,9 +538,30 @@ void ep_map_swift(ep_t p, const uint8_t *msg, size_t len) {
538538

539539
#endif
540540

541+
size_t ep_map_rnd_size(void) {
542+
const size_t elm = (FP_PRIME + ep_param_level() + 7) / 8;
543+
544+
#if EP_MAP == BASIC || !defined(STRIP)
545+
return elm;
546+
#elif EP_MAP == SSWUM || !defined(STRIP)
547+
return 2 * elm;
548+
#elif EP_MAP == SWIFT || !defined(STRIP)
549+
return 2 * elm + 1;
550+
#endif
551+
}
552+
541553
void ep_map_rnd(ep_t p, const uint8_t *uniform_bytes, size_t len) {
554+
/* Make sure that input is long enough for any of the hash functons. */
555+
if (len < ep_map_rnd_size()) {
556+
RLC_THROW(ERR_NO_BUFFER);
557+
ep_set_infty(p);
558+
return;
559+
}
560+
542561
#if EP_MAP == BASIC || !defined(STRIP)
543562
ep_map_basic_impl(p, uniform_bytes, len);
563+
#elif EP_MAP == SSWUM || !defined(STRIP)
564+
ep_map_swift_impl(p, uniform_bytes, len);
544565
#elif EP_MAP == SWIFT || !defined(STRIP)
545566
/* figure out which hash function to use */
546567
const int abNeq0 = (ep_curve_opt_a() != RLC_ZERO) &&
@@ -549,7 +570,5 @@ void ep_map_rnd(ep_t p, const uint8_t *uniform_bytes, size_t len) {
549570
(ep_curve_is_ctmap() || abNeq0 ? ep_map_sswu : ep_map_svdw);
550571

551572
ep_map_sswum_impl(p, uniform_bytes, len, map_fn);
552-
#elif EP_MAP == SSWUM || !defined(STRIP)
553-
ep_map_swift_impl(p, uniform_bytes, len);
554573
#endif
555574
}

test/test_ep.c

Lines changed: 11 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1353,7 +1353,8 @@ static int hashing(void) {
13531353
int code = RLC_ERR;
13541354
ep_t a;
13551355
bn_t n;
1356-
uint8_t msg[5];
1356+
/* Allocate buffer with plenty of room. */
1357+
uint8_t msg[4 * RLC_FP_BYTES];
13571358

13581359
ep_null(a);
13591360
bn_null(n);
@@ -1365,12 +1366,12 @@ static int hashing(void) {
13651366
ep_curve_get_ord(n);
13661367

13671368
TEST_CASE("point hashing is correct") {
1368-
rand_bytes(msg, sizeof(msg));
1369-
ep_map(a, msg, sizeof(msg));
1369+
rand_bytes(msg, ep_map_rnd_size());
1370+
ep_map(a, msg, ep_map_rnd_size());
13701371
TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 0, end);
13711372
ep_mul(a, a, n);
13721373
TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 1, end);
1373-
ep_map_rnd(a, msg, sizeof(msg));
1374+
ep_map_rnd(a, msg, ep_map_rnd_size());
13741375
TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 0, end);
13751376
ep_mul(a, a, n);
13761377
TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 1, end);
@@ -1379,8 +1380,8 @@ static int hashing(void) {
13791380

13801381
#if EP_MAP == BASIC || !defined(STRIP)
13811382
TEST_CASE("basic point hashing is correct") {
1382-
rand_bytes(msg, sizeof(msg));
1383-
ep_map_basic(a, msg, sizeof(msg));
1383+
rand_bytes(msg, ep_map_rnd_size());
1384+
ep_map_basic(a, msg, ep_map_rnd_size());
13841385
TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 0, end);
13851386
ep_mul(a, a, n);
13861387
TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 1, end);
@@ -1390,8 +1391,8 @@ static int hashing(void) {
13901391

13911392
#if EP_MAP == SSWUM || !defined(STRIP)
13921393
TEST_CASE("simplified SWU point hashing is correct") {
1393-
rand_bytes(msg, sizeof(msg));
1394-
ep_map_sswum(a, msg, sizeof(msg));
1394+
rand_bytes(msg, ep_map_rnd_size());
1395+
ep_map_sswum(a, msg, ep_map_rnd_size());
13951396
TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 0, end);
13961397
ep_mul(a, a, n);
13971398
TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 1, end);
@@ -1403,8 +1404,8 @@ static int hashing(void) {
14031404
if (!ep_curve_is_super()) {
14041405
if (ep_curve_opt_a() == RLC_ZERO || ep_curve_opt_b() == RLC_ZERO) {
14051406
TEST_CASE("swift point hashing is correct") {
1406-
rand_bytes(msg, sizeof(msg));
1407-
ep_map_swift(a, msg, sizeof(msg));
1407+
rand_bytes(msg, ep_map_rnd_size());
1408+
ep_map_swift(a, msg, ep_map_rnd_size());
14081409
TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 0, end);
14091410
ep_mul(a, a, n);
14101411
TEST_ASSERT(ep_on_curve(a) && ep_is_infty(a) == 1, end);

0 commit comments

Comments
 (0)